Skip to main content

Section 8.3 Caesar Ciphers

One of the earliest known approaches to symmetric key cryptography was applied by Julius Caesar (100 BC to 44 BC) and is now called the Caesar cipher. In a Caesar cipher we cyclically shift the alphabet by \(n\) letters, where \(n\) is a natural number. For encryption we shift \(n\) characters backwards and wrap around to \(\mathtt{z}\) after \(\cspace\text{.}\) To undo this we shift \(n\) characters forward and wrap around to \(\cspace\) after \(\mathtt{z}\text{.}\)

Caesar did not encrypt the character space and most other authors also follow that convention. Our representation of Caesar ciphers differs from that convention Instead of just shifting the letters of the alphabet, we will shift our set of characters that contains the 26 letters as well as the character space which we represent by \(\cspace\text{.}\)

In our first examples we consider the case \(n=3\text{.}\)

Alice and Bob use the Caesar cipher shifts by \(3\) characters for their communication.

Suppose Alice wants to encrypt \(\mathtt{hat}\) and send the resulting encrypted message to Bob. She proceeds as follows.

To encrypt \(\mathtt{h}\) Alice counts three characters backwards from \(\mathtt{h}\text{.}\) One character before \(\mathtt{h}\) is \(\mathtt{g}\text{.}\) Two characters before \(\mathtt{h}\) is \(\mathtt{f}\text{.}\) Three characters before \(\mathtt{h}\) is \(\mathtt{e}\text{.}\) So \(\mathtt{h}\) is encrypted as \(\mathtt{e}\text{.}\)

To encrypt \(\mathtt{a}\) Alice counts three characters backwards from \(\mathtt{a}\text{.}\) One character before \(\mathtt{a}\) is \(\mathtt{-}\text{.}\) Now we wrap around to \(\mathtt{z}\) which means that two characters before \(\mathtt{a}\) we have \(\mathtt{z}\text{.}\) So three characters before \(\mathtt{a}\) is \(\mathtt{y}\text{.}\) So \(\mathtt{a}\) is encrypted as \(\mathtt{y}\text{.}\)

To encrypt \(\mathtt{t}\) Alice counts three characters backwards from \(\mathtt{t}\text{.}\) One character before \(\mathtt{t}\) is \(\mathtt{s}\text{.}\) Two characters before \(\mathtt{t}\) is \(\mathtt{r}\text{.}\) Three characters before \(\mathtt{t}\) is \(\mathtt{q}\text{.}\) So \(\mathtt{t}\) is encrypted as \(\mathtt{q}\text{.}\)

Thus Alice encrypts \(\mathtt{hat}\) as \(\mathtt{eyq}\) and thus sends \(\mathtt{eyq}\) to Bob.

Alice and Bob use the Caesar cipher shifts by \(3\) characters for their communication.

Bob receives the message \(\mathtt{eyq}\) from Alice. To decrypt the message he proceeds as follows.

To decrypt \(\mathtt{e}\) Bob counts three characters forward from \(\mathtt{h}\text{.}\) One character after \(\mathtt{e}\) we have \(\mathtt{f}\text{.}\) Two characters after \(\mathtt{e}\) is \(\mathtt{g}\text{.}\) Three characters after \(\mathtt{e}\) is \(\mathtt{h}\text{.}\) So \(\mathtt{e}\) is decrypted to \(\mathtt{h}\text{.}\)

To decrypt \(\mathtt{y}\) Bob counts three characters forward from \(\mathtt{y}\text{.}\) One character after \(\mathtt{y}\) we have \(\mathtt{z}\text{.}\) Now we wrap around to \(\cspace\) which means that two characters after \(\mathtt{y}\) we have \(\cspace\text{.}\) Three characters after \(\mathtt{y}\) is \(\mathtt{a}\text{.}\) So \(\mathtt{y}\) is decrypted to \(\mathtt{a}\text{.}\)

To decrypt \(\mathtt{q}\) Bob counts three characters forward from \(\mathtt{q}\text{.}\) One character after \(\mathtt{q}\) we have \(\mathtt{r}\text{.}\) Two characters after \(\mathtt{q}\) is \(\mathtt{s}\text{.}\) Three characters after \(\mathtt{q}\) is \(\mathtt{t}\text{.}\) So \(\mathtt{q}\) is decrypted to \(\mathtt{t}\text{.}\)

Thus Bob find that the decrypted message is \(\mathtt{hat}\text{.}\)

We notice that decrypting text that was encrypted with a Caesar cipher is easier than encryption, since when decrypting we count forward in the alphabet and most of us are better at going forward in the alphabet than backwards.

We give another example for decrypting a message that was encrypted with a Caesar cipher.

Decrypt the cipher text

\begin{equation*} \mathtt{zlbywmsy{\cspace}psrsq} \end{equation*}

that was encrypted with the Caesar cipher that shifts by 2 characters.

Solution.

To decrypt we count forward \(2\) characters, that is, \(\mathtt{a}\) is decrypted to \(\mathtt{c}\text{,}\) \(\mathtt{b}\) is decrypted to \(\mathtt{d}\text{,}\) and so on. When we get to \(\mathtt{z}\) we wrap around to \(\cspace\) which is followed by \(\mathtt{a}\text{.}\) Thus \(\mathtt{z}\) is decrypted to \(\mathtt{a}\text{.}\) For the characters in the cipher test we get:

\(\mathtt{z}\) is decrypted to \(\mathtt{a}\)
\(\mathtt{l}\) is decrypted to \(\mathtt{n}\)
\(\mathtt{b}\) is decrypted to \(\mathtt{d}\)
\(\mathtt{y}\) is decrypted to \(\cspace\)
\(\mathtt{w}\) is decrypted to \(\mathtt{y}\)
\(\mathtt{m}\) is decrypted to \(\mathtt{o}\)
\(\mathtt{s}\) is decrypted to \(\mathtt{u}\)
\(\cspace\) is decrypted to \(\mathtt{b}\)
\(\mathtt{p}\) is decrypted to \(\mathtt{r}\)
\(\mathtt{r}\) is decrypted to \(\mathtt{t}\)
\(\mathtt{q}\) is decrypted to \(\mathtt{s}\)

So the cipher text \(\mathtt{zlbywmsy}{\cspace}\mathtt{psrsq}\) is decrypted to \(\mathtt{and}{\cspace}\mathtt{you}{\cspace}\mathtt{brutus}\text{.}\)

There are several ways of representing and evaluating the decryption and encryption functions of a Caesar cipher. In the following examples we use encryption and decryption functions given by table and a decoder disc. The decoder disc is more compact and illustrates better how the characters wrap around.

\(x\) \(J(x)\)
\(\cspace\) \(\mathtt{x}\)
\(\mathtt{a}\) \(\mathtt{y}\)
\(\mathtt{b}\) \(\mathtt{z}\)
\(\mathtt{c}\) \(\cspace\)
\(\mathtt{d}\) \(\mathtt{a}\)
\(\mathtt{e}\) \(\mathtt{b}\)
\(\mathtt{f}\) \(\mathtt{c}\)
\(\mathtt{g}\) \(\mathtt{d}\)
\(\mathtt{h}\) \(\mathtt{e}\)
\(\mathtt{i}\) \(\mathtt{f}\)
\(\mathtt{j}\) \(\mathtt{g}\)
\(\mathtt{k}\) \(\mathtt{h}\)
\(\mathtt{l}\) \(\mathtt{i}\)
\(\mathtt{m}\) \(\mathtt{j}\)
\(\mathtt{n}\) \(\mathtt{k}\)
\(\mathtt{o}\) \(\mathtt{l}\)
\(\mathtt{p}\) \(\mathtt{m}\)
\(\mathtt{q}\) \(\mathtt{n}\)
\(\mathtt{r}\) \(\mathtt{o}\)
\(\mathtt{s}\) \(\mathtt{p}\)
\(\mathtt{t}\) \(\mathtt{q}\)
\(\mathtt{u}\) \(\mathtt{r}\)
\(\mathtt{v}\) \(\mathtt{s}\)
\(\mathtt{w}\) \(\mathtt{t}\)
\(\mathtt{x}\) \(\mathtt{u}\)
\(\mathtt{y}\) \(\mathtt{v}\)
\(\mathtt{z}\) \(\mathtt{w}\)
(a) Encryption function \(J:\A\to\A\)
\(y\) \(J^{-1}(y)\)
\(\cspace\) \(\mathtt{c}\)
\(\mathtt{a}\) \(\mathtt{d}\)
\(\mathtt{b}\) \(\mathtt{e}\)
\(\mathtt{c}\) \(\mathtt{f}\)
\(\mathtt{d}\) \(\mathtt{g}\)
\(\mathtt{e}\) \(\mathtt{h}\)
\(\mathtt{f}\) \(\mathtt{i}\)
\(\mathtt{g}\) \(\mathtt{j}\)
\(\mathtt{h}\) \(\mathtt{k}\)
\(\mathtt{i}\) \(\mathtt{l}\)
\(\mathtt{j}\) \(\mathtt{m}\)
\(\mathtt{k}\) \(\mathtt{n}\)
\(\mathtt{l}\) \(\mathtt{o}\)
\(\mathtt{m}\) \(\mathtt{p}\)
\(\mathtt{n}\) \(\mathtt{q}\)
\(\mathtt{o}\) \(\mathtt{r}\)
\(\mathtt{p}\) \(\mathtt{s}\)
\(\mathtt{q}\) \(\mathtt{t}\)
\(\mathtt{r}\) \(\mathtt{u}\)
\(\mathtt{s}\) \(\mathtt{v}\)
\(\mathtt{t}\) \(\mathtt{w}\)
\(\mathtt{u}\) \(\mathtt{x}\)
\(\mathtt{v}\) \(\mathtt{y}\)
\(\mathtt{w}\) \(\mathtt{z}\)
\(\mathtt{x}\) \(\cspace\)
\(\mathtt{y}\) \(\mathtt{a}\)
\(\mathtt{z}\) \(\mathtt{b}\)
(b) Decryption function \(J^{-1}:\A\to\A\)
Figure 8.3.4. Encryption \(J\) and decryption functions \(J^{-1}\) for the Caesar cipher that shifts by \(3\) characters. The table for the functions \(J^{-1}\) is obtained by reading the table for \(J\) from right to left.

When working with Caesar ciphers, especially when encrypting and decrypting longer texts, it often is convenient to consider encryption as the application of a function and decryption as the application of the decryption

Alice and Bob use the Caesar cipher shifts by \(3\) characters for their communication.

Instead of counting characters backwards as in Example 8.3.1 we can use the encryption function \(J:\A\to\A\) given in Figure 8.3.4.(a). To encrypt a character we find it in the left column; the encrypted character is given in the right column. For the characters in \(\mathtt{hat}\) we get

\begin{equation*} J(\mathtt{h})=\mathtt{e},\quad J(\mathtt{a})=\mathtt{y},\quad J(\mathtt{h})=\mathtt{q} \end{equation*}

So \(\mathtt{hat}\) is encrypted as \(\mathtt{eyq}\)

Alice and Bob use the Caesar cipher shifts by \(3\) characters for their communication.

Similarly, instead of counting characters backwards as in Example 8.3.2 we can use the decryption function \(J^{-1}:\A\to\A\) given in Figure 8.3.4.(b). For the characters in \(\mathtt{eyq}\) we get

\begin{equation*} J(\mathtt{e})=\mathtt{h},\quad J(\mathtt{y})=\mathtt{a},\quad J(\mathtt{q})=\mathtt{t} \end{equation*}

So \(\mathtt{hat}\) is decrypted to \(\mathtt{hat}\text{.}\)

We once more use Figure 8.3.4.(a) to encrypt a message.

Encrypt \(\mathtt{gaius-julius}\) using the Caesar cipher shifting by 3 characters.

Solution.

We apply the function \(J\) from Figure 8.3.4 which is also given by the decoder disc in Figure 8.3.9 (a). Avoiding duplication we get:

\begin{align*} J(\mathtt{g})\amp=\mathtt{d}\\ J(\mathtt{a})\amp=\mathtt{y}\\ J(\mathtt{i})\amp=\mathtt{f}\\ J(\mathtt{u})\amp=\mathtt{r}\\ J(\mathtt{s})\amp=\mathtt{p}\\ J(\cspace)\amp=\mathtt{x}\\ J(\mathtt{j})\amp=\mathtt{g}\\ J(\mathtt{l})\amp=\mathtt{i} \end{align*}

Thus \(\mathtt{gaius{\cspace}julius}\) is encrypted as \(\mathtt{dyfrpxgrifrp}\text{.}\)

In Checkpoint 8.3.8 you are first asked to produce the encryption function by giving the value of the function for every element in the domain, and then encrypt the message.

We represent the character space by \(\mathtt{-}\text{.}\)

For their secure communication Alice and Bob use a Caesar Cipher shifting by 7 characters. Alice sends an encrypted message to Bob:

\begin{equation*} \mathtt{auoy} \end{equation*}

To decrypt the message Bob uses the decryption function \(D:\mathbb{A}\to\mathbb{A}\) given by

\(D(\mathtt{-})=\),

\(D(\mathtt{a})=\),

\(D(\mathtt{b})=\),

\(D(\mathtt{c})=\),

\(D(\mathtt{d})=\),

\(D(\mathtt{e})=\),

\(D(\mathtt{f})=\),

\(D(\mathtt{g})=\),

\(D(\mathtt{h})=\),

\(D(\mathtt{i})=\),

\(D(\mathtt{j})=\),

\(D(\mathtt{k})=\),

\(D(\mathtt{l})=\),

\(D(\mathtt{m})=\),

\(D(\mathtt{n})=\),

\(D(\mathtt{o})=\),

\(D(\mathtt{p})=\),

\(D(\mathtt{q})=\),

\(D(\mathtt{r})=\),

\(D(\mathtt{s})=\),

\(D(\mathtt{t})=\),

\(D(\mathtt{u})=\),

\(D(\mathtt{v})=\),

\(D(\mathtt{w})=\),

\(D(\mathtt{x})=\),

\(D(\mathtt{y})=\),

\(D(\mathtt{z})=\),

Using the function \(D\) Bob decrypts the message and obtains:

The encryption and decryption functions \(J\) and \(J^{-1}\) can also be represented by decoder discs as pictured in Figure 8.3.9 for the Caesar ciphers shifting by \(3\) and by \(11\) characters. To evaluate the encryption function \(J\) we read from the outer ring to the inner ring. To evaluate the decryption function we read from the inner ring to the outer ring.

(a) Shifting by 3 characters
(b) Shifting by 11 characters
Figure 8.3.9. Decoder discs for Caesar ciphers. In the outer (black) ring are the characters in plain text and in the inner (red) ring the characters in cipher text. The number on the inner disc is aligned with the line between \(\mathtt{z}\) and \(\cspace\) is 3 and 11 respectively.

We present the process of using decoder discs in the video in Figure 8.3.10. It is followed by a more detailed discussion.dd

Figure 8.3.10. Caesar Cipher with Decoder Disc by Matt Farmer and Stephen Steward

You can easily build a decoder disc that can be adjusted for decrypting and encrypting any Caesar cipher from the discs in Figure 8.3.11.

Figure 8.3.11. Build your own decoder disc. Cut out the plain text disc on the left and the cipher text disc right. Punch a hole into the center of each disc. Put a split pin trough the center of both discs. To set the decoder disc up for the Caesar cipher that shifts by a natural number \(n\) align the number \(n\) on the inner disc with the line between \(\mathtt{z}\) and \(\cspace\text{.}\)