The Caesar cipher

A bit of history

The Caesar cipher, despite its name, was apparently already used by the Spartans, so well before Julius Caesar.

It’s a variation of shift cipher, which is a substitution cipher. Complicated words for simple concepts, you’ll see.

Augustus used another variant of the Caesar cipher.

It’s very possible that it inspired the Vigenère cipher.

Note: This post was translated from french with the help of AI. The original post was written with the knowledge of a younger me.

The big picture: substitution

Let’s start with the broadest concept. Substitution ciphering consists of replacing one letter with another. Plain and simple.

This technique is the most widespread in history and it is different from permutation, which consists of changing the order of the letters in a text.

Modern algorithms use both methods at once because substitution alone is not very secure cryptographically (except in the very specific case of a one-time pad).

The medium picture: the shift

Among substitution cipher methods, the simplest is the shift method.

It’s a monoalphabetic ciphering method (another complicated term for a simple concept). That means that one letter is associated (during encryption/decryption) with exactly one other letter. Two different letters cannot result in the same letter after encryption/decryption, and likewise, one letter cannot produce two different letters after encryption/decryption.

For mathematicians, this is a bijective relation.

The shift method therefore consists in shifting a letter within the alphabet.

The small picture: the Caesar cipher

Nowadays, the term “Caesar cipher” refers to all these shift cipher methods, but more precisely to a shift by 3.

Let’s take the Latin alphabet, the one used by Caesar (even though it seems he preferred the Greek alphabet for his secret messages), and assign values to the letters:

A=0, B=1, C=2, D=3, E=4, F=5, G=6, H=7, I=8, J=9, K=10, L=11, M=12, N=13, O=14, P=15, Q=16, R=17, S=18, T=19, U=20, V=21, W=22, X=23, Y=24, Z=25

We apply a shift of 3:

A=0+3=3=D

B=1+3=4=E

…

However, you can see that if we do:

X=23+3=26

we don’t know what letter 26 is, unless we use congruence. If this word is unfamiliar, read this article.

We’ll consider the Latin alphabet in modulo 26. So, if we redo the calculation:

X=23+3=26 ≡ 26-26 *mod*(26) ≡ 0 *mod*(26) ≡ A

So, in the Caesar cipher, A becomes D, B becomes E, X becomes A, Y becomes B, Z becomes C…

We’ve shifted the letters by 3 positions.

An example:

Consider the message: “CAVE CANEM” (“Beware of the dog”, in Latin)

We apply the Caesar cipher:

“C A V E C A N E M”

=

2 0 21 4 2 0 13 4 12

+3

=

5 3 24 7 5 3 16 7 15

=

“F D Y H F D Q H P”

Here’s your encrypted message. And to decrypt it, we do the opposite: subtract 3 from the letters of the encrypted message.

It’s simple, isn’t it? And you can see we’re at cryptography level 0.

But at the time, it seemed good enough.

Variants

Of course, variants of this cipher have been developed throughout history.

ROT13

This variant consists of shifting by 13 letters instead of 3. “ROT” is short for rotation, because a shift with a modulo can be seen as a rotation.

This shift is special because it’s symmetric for a 26-letter alphabet (13 being half of 26). That means that if you encrypt a message twice with this shift, you get the original message back.

Example:

First encryption:

“C A V E C A N E M”

=

2 0 21 4 2 0 13 4 12

+13

=

15 13 34-26 17 15 13 26-26 17 25

=

15 13 8 17 15 13 0 17 25

=

“P N I R P N A R Z”

Second encryption:

“P N I R P N A R Z”

=

15 13 8 17 15 13 0 17 25

+13

=

28-26 26-26 21 30-26 28-26 26-26 13 30-26 38-26

=

2 0 21 4 2 0 13 4 12

=

“C A V E C A N E M”

Tadaa, we recover “Cave Canem”.

Augustus

I said earlier that the Caesar cipher was useless. Wait until you see this one. Forget about modulo, that’s too complicated, and counting to 3 is also too complicated—just count to 1, that’s fine.

Augustus (Caesar’s nephew) used a shift cipher of 1. Yes, you read that right—1. Oh, and what about “z”? Remember, no congruence. So “z” becomes “aa”—yes, two “a”s.

Do I really need to give you an example?

7up, K9

Of course, there are also ciphers based on wordplay, invented for children’s games.

“7up” is a shift of 7.

“K9” is a reference to the robot dog from Dr Who (and also a very good mail app for Android…). It’s a pun on the word “canine” of course. It’s a shift of 1 backward (25 forward).

Extending the alphabet

You can, of course, use an alphabet other than the Latin alphabet, or even take an arbitrary order of symbols. All that’s required is that the symbols be ordered.

Example:

Let’s take this fictional alphabet:

“: ; ! , t 2 5”

If we apply an increment of 3, we get:

“, t 2 5 : ; !”

How bad this is

By now you understand just how bad this system is. Let’s look at two methods to break a cipher made with this technique.

Frequency analysis

Every language has letters that appear more frequently than others. For example, in French “e” is (by far) the most frequent letter. So, an attacker just needs to analyze the frequency of symbols in the message. If the encrypted message contains a lot of “g”s and the parties are French, the attacker can hypothesize a shift of 2 and easily recover the original text.

Brute-force attack

For a 26-letter alphabet, there are 26 possible combinations. It’s really not hard to test them all.

Testing all combinations is called a brute-force attack. It’s the dumbest (the most brute) approach: you test every possibility. But it’s also the attack that requires the most resources, since you’re testing everything.