Skip to main content
Logo image

Section 8.3 Caesar Ciphers

One of the earliest known approaches to symmetric key cryptography was applied by Julius Caesar (100 BC to 44 BC) and is now called the Caesar cipher. In a Caesar cipher we cyclically shift the alphabet by \(n\) letters, where \(n\) is a natural number. For encryption we shift \(n\) characters backwards and wrap around to \(\mathtt{z}\) after \(\cspace\text{.}\) To undo this we shift \(n\) characters forward and wrap around to \(\cspace\) after \(\mathtt{z}\text{.}\)
Caesar did not encrypt the character space and most other authors also follow that convention. Our representation of Caesar ciphers differs from that convention Instead of just shifting the letters of the alphabet, we will shift our set of characters that contains the 26 letters as well as the character space which we represent by \(\cspace\text{.}\)
In our first examples we consider the case \(n=3\text{.}\)

Example 8.14. Encrypting Caesar cipher shifting by \(3\) characters.

Alice and Bob use the Caesar cipher shifts by \(3\) characters for their communication.
Suppose Alice wants to encrypt \(\mathtt{hat}\) and send the resulting encrypted message to Bob. She proceeds as follows.
To encrypt \(\mathtt{h}\) Alice counts three characters backwards from \(\mathtt{h}\text{.}\) One character before \(\mathtt{h}\) is \(\mathtt{g}\text{.}\) Two characters before \(\mathtt{h}\) is \(\mathtt{f}\text{.}\) Three characters before \(\mathtt{h}\) is \(\mathtt{e}\text{.}\) So \(\mathtt{h}\) is encrypted as \(\mathtt{e}\text{.}\)
To encrypt \(\mathtt{a}\) Alice counts three characters backwards from \(\mathtt{a}\text{.}\) One character before \(\mathtt{a}\) is \(\mathtt{-}\text{.}\) Now we wrap around to \(\mathtt{z}\) which means that two characters before \(\mathtt{a}\) we have \(\mathtt{z}\text{.}\) So three characters before \(\mathtt{a}\) is \(\mathtt{y}\text{.}\) So \(\mathtt{a}\) is encrypted as \(\mathtt{y}\text{.}\)
To encrypt \(\mathtt{t}\) Alice counts three characters backwards from \(\mathtt{t}\text{.}\) One character before \(\mathtt{t}\) is \(\mathtt{s}\text{.}\) Two characters before \(\mathtt{t}\) is \(\mathtt{r}\text{.}\) Three characters before \(\mathtt{t}\) is \(\mathtt{q}\text{.}\) So \(\mathtt{t}\) is encrypted as \(\mathtt{q}\text{.}\)
Thus Alice encrypts \(\mathtt{hat}\) as \(\mathtt{eyq}\) and thus sends \(\mathtt{eyq}\) to Bob.

Example 8.15. Decrypting Caesar cipher shifting by \(3\) characters.

Alice and Bob use the Caesar cipher shifts by \(3\) characters for their communication.
Bob receives the message \(\mathtt{eyq}\) from Alice. To decrypt the message he proceeds as follows.
To decrypt \(\mathtt{e}\) Bob counts three characters forward from \(\mathtt{h}\text{.}\) One character after \(\mathtt{e}\) we have \(\mathtt{f}\text{.}\) Two characters after \(\mathtt{e}\) is \(\mathtt{g}\text{.}\) Three characters after \(\mathtt{e}\) is \(\mathtt{h}\text{.}\) So \(\mathtt{e}\) is decrypted to \(\mathtt{h}\text{.}\)
To decrypt \(\mathtt{y}\) Bob counts three characters forward from \(\mathtt{y}\text{.}\) One character after \(\mathtt{y}\) we have \(\mathtt{z}\text{.}\) Now we wrap around to \(\cspace\) which means that two characters after \(\mathtt{y}\) we have \(\cspace\text{.}\) Three characters after \(\mathtt{y}\) is \(\mathtt{a}\text{.}\) So \(\mathtt{y}\) is decrypted to \(\mathtt{a}\text{.}\)
To decrypt \(\mathtt{q}\) Bob counts three characters forward from \(\mathtt{q}\text{.}\) One character after \(\mathtt{q}\) we have \(\mathtt{r}\text{.}\) Two characters after \(\mathtt{q}\) is \(\mathtt{s}\text{.}\) Three characters after \(\mathtt{q}\) is \(\mathtt{t}\text{.}\) So \(\mathtt{q}\) is decrypted to \(\mathtt{t}\text{.}\)
Thus Bob find that the decrypted message is \(\mathtt{hat}\text{.}\)
We notice that decrypting text that was encrypted with a Caesar cipher is easier than encryption, since when decrypting we count forward in the alphabet and most of us are better at going forward in the alphabet than backwards.
We give another example for decrypting a message that was encrypted with a Caesar cipher.

Problem 8.16. Caesar cipher shifting by two characters.

Decrypt the cipher text
\begin{equation*} \mathtt{zlbywmsy{\cspace}psrsq} \end{equation*}
that was encrypted with the Caesar cipher that shifts by 2 characters.
Solution.
To decrypt we count forward \(2\) characters, that is, \(\mathtt{a}\) is decrypted to \(\mathtt{c}\text{,}\) \(\mathtt{b}\) is decrypted to \(\mathtt{d}\text{,}\) and so on. When we get to \(\mathtt{z}\) we wrap around to \(\cspace\) which is followed by \(\mathtt{a}\text{.}\) Thus \(\mathtt{z}\) is decrypted to \(\mathtt{a}\text{.}\) For the characters in the cipher test we get:
\(\mathtt{z}\) is decrypted to \(\mathtt{a}\)
\(\mathtt{l}\) is decrypted to \(\mathtt{n}\)
\(\mathtt{b}\) is decrypted to \(\mathtt{d}\)
\(\mathtt{y}\) is decrypted to \(\cspace\)
\(\mathtt{w}\) is decrypted to \(\mathtt{y}\)
\(\mathtt{m}\) is decrypted to \(\mathtt{o}\)
\(\mathtt{s}\) is decrypted to \(\mathtt{u}\)
\(\cspace\) is decrypted to \(\mathtt{b}\)
\(\mathtt{p}\) is decrypted to \(\mathtt{r}\)
\(\mathtt{r}\) is decrypted to \(\mathtt{t}\)
\(\mathtt{q}\) is decrypted to \(\mathtt{s}\)
So the cipher text \(\mathtt{zlbywmsy}{\cspace}\mathtt{psrsq}\) is decrypted to \(\mathtt{and}{\cspace}\mathtt{you}{\cspace}\mathtt{brutus}\text{.}\)
There are several ways of representing and evaluating the decryption and encryption functions of a Caesar cipher. In the following examples we use encryption and decryption functions given by table and a decoder disc. The decoder disc is more compact and illustrates better how the characters wrap around.
\(x\) \(J(x)\)
\(\cspace\) \(\mathtt{x}\)
\(\mathtt{a}\) \(\mathtt{y}\)
\(\mathtt{b}\) \(\mathtt{z}\)
\(\mathtt{c}\) \(\cspace\)
\(\mathtt{d}\) \(\mathtt{a}\)
\(\mathtt{e}\) \(\mathtt{b}\)
\(\mathtt{f}\) \(\mathtt{c}\)
\(\mathtt{g}\) \(\mathtt{d}\)
\(\mathtt{h}\) \(\mathtt{e}\)
\(\mathtt{i}\) \(\mathtt{f}\)
\(\mathtt{j}\) \(\mathtt{g}\)
\(\mathtt{k}\) \(\mathtt{h}\)
\(\mathtt{l}\) \(\mathtt{i}\)
\(\mathtt{m}\) \(\mathtt{j}\)
\(\mathtt{n}\) \(\mathtt{k}\)
\(\mathtt{o}\) \(\mathtt{l}\)
\(\mathtt{p}\) \(\mathtt{m}\)
\(\mathtt{q}\) \(\mathtt{n}\)
\(\mathtt{r}\) \(\mathtt{o}\)
\(\mathtt{s}\) \(\mathtt{p}\)
\(\mathtt{t}\) \(\mathtt{q}\)
\(\mathtt{u}\) \(\mathtt{r}\)
\(\mathtt{v}\) \(\mathtt{s}\)
\(\mathtt{w}\) \(\mathtt{t}\)
\(\mathtt{x}\) \(\mathtt{u}\)
\(\mathtt{y}\) \(\mathtt{v}\)
\(\mathtt{z}\) \(\mathtt{w}\)
(a) Encryption function \(J:\A\to\A\)
\(y\) \(J^{-1}(y)\)
\(\cspace\) \(\mathtt{c}\)
\(\mathtt{a}\) \(\mathtt{d}\)
\(\mathtt{b}\) \(\mathtt{e}\)
\(\mathtt{c}\) \(\mathtt{f}\)
\(\mathtt{d}\) \(\mathtt{g}\)
\(\mathtt{e}\) \(\mathtt{h}\)
\(\mathtt{f}\) \(\mathtt{i}\)
\(\mathtt{g}\) \(\mathtt{j}\)
\(\mathtt{h}\) \(\mathtt{k}\)
\(\mathtt{i}\) \(\mathtt{l}\)
\(\mathtt{j}\) \(\mathtt{m}\)
\(\mathtt{k}\) \(\mathtt{n}\)
\(\mathtt{l}\) \(\mathtt{o}\)
\(\mathtt{m}\) \(\mathtt{p}\)
\(\mathtt{n}\) \(\mathtt{q}\)
\(\mathtt{o}\) \(\mathtt{r}\)
\(\mathtt{p}\) \(\mathtt{s}\)
\(\mathtt{q}\) \(\mathtt{t}\)
\(\mathtt{r}\) \(\mathtt{u}\)
\(\mathtt{s}\) \(\mathtt{v}\)
\(\mathtt{t}\) \(\mathtt{w}\)
\(\mathtt{u}\) \(\mathtt{x}\)
\(\mathtt{v}\) \(\mathtt{y}\)
\(\mathtt{w}\) \(\mathtt{z}\)
\(\mathtt{x}\) \(\cspace\)
\(\mathtt{y}\) \(\mathtt{a}\)
\(\mathtt{z}\) \(\mathtt{b}\)
(b) Decryption function \(J^{-1}:\A\to\A\)
Figure 8.17. Encryption \(J\) and decryption functions \(J^{-1}\) for the Caesar cipher that shifts by \(3\) characters. The table for the functions \(J^{-1}\) is obtained by reading the table for \(J\) from right to left.
When working with Caesar ciphers, especially when encrypting and decrypting longer texts, it often is convenient to consider encryption as the application of a function and decryption as the application of the decryption

Example 8.18. Encryption with a function given by a table.

Alice and Bob use the Caesar cipher shifts by \(3\) characters for their communication.
Instead of counting characters backwards as in Example 8.14 we can use the encryption function \(J:\A\to\A\) given in Figure 8.17.(a). To encrypt a character we find it in the left column; the encrypted character is given in the right column. For the characters in \(\mathtt{hat}\) we get
\begin{equation*} J(\mathtt{h})=\mathtt{e},\quad J(\mathtt{a})=\mathtt{y},\quad J(\mathtt{h})=\mathtt{q} \end{equation*}
So \(\mathtt{hat}\) is encrypted as \(\mathtt{eyq}\)

Example 8.19. Decrypting with a function given by a table.

Alice and Bob use the Caesar cipher shifts by \(3\) characters for their communication.
Similarly, instead of counting characters backwards as in Example 8.15 we can use the decryption function \(J^{-1}:\A\to\A\) given in Figure 8.17.(b). For the characters in \(\mathtt{eyq}\) we get
\begin{equation*} J(\mathtt{e})=\mathtt{h},\quad J(\mathtt{y})=\mathtt{a},\quad J(\mathtt{q})=\mathtt{t} \end{equation*}
So \(\mathtt{hat}\) is decrypted to \(\mathtt{hat}\text{.}\)
We once more use Figure 8.17.(a) to encrypt a message.

Problem 8.20.

Encrypt \(\mathtt{gaius-julius}\) using the Caesar cipher shifting by 3 characters.
Solution.
We apply the function \(J\) from Figure 8.17. This function can also be represented by the decoder disc in Example 8.22 with a shift by \(3\) characters. Avoiding duplication we get:
\begin{align*} J(\mathtt{g})\amp=\mathtt{d}\\ J(\mathtt{a})\amp=\mathtt{y}\\ J(\mathtt{i})\amp=\mathtt{f}\\ J(\mathtt{u})\amp=\mathtt{r}\\ J(\mathtt{s})\amp=\mathtt{p}\\ J(\cspace)\amp=\mathtt{x}\\ J(\mathtt{j})\amp=\mathtt{g}\\ J(\mathtt{l})\amp=\mathtt{i} \end{align*}
Thus \(\mathtt{gaius{\cspace}julius}\) is encrypted as \(\mathtt{dyfrpxgrifrp}\text{.}\)
In Checkpoint 8.21 you are first asked to produce the encryption function by giving the value of the function for every element in the domain, and then encrypt the message.

Checkpoint 8.21. Decryption with a Caesar cipher.

We represent the character space by \(\mathtt{-}\text{.}\)
For their secure communication Alice and Bob use a Caesar Cipher shifting by 7 characters. Alice sends an encrypted message to Bob:
\begin{equation*} \mathtt{auky} \end{equation*}
To decrypt the message Bob uses the decryption function \(D:\mathbb{A}\to\mathbb{A}\) given by
\(D(\mathtt{-})=\),
\(D(\mathtt{a})=\),
\(D(\mathtt{b})=\),
\(D(\mathtt{c})=\),
\(D(\mathtt{d})=\),
\(D(\mathtt{e})=\),
\(D(\mathtt{f})=\),
\(D(\mathtt{g})=\),
\(D(\mathtt{h})=\),
\(D(\mathtt{i})=\),
\(D(\mathtt{j})=\),
\(D(\mathtt{k})=\),
\(D(\mathtt{l})=\),
\(D(\mathtt{m})=\),
\(D(\mathtt{n})=\),
\(D(\mathtt{o})=\),
\(D(\mathtt{p})=\),
\(D(\mathtt{q})=\),
\(D(\mathtt{r})=\),
\(D(\mathtt{s})=\),
\(D(\mathtt{t})=\),
\(D(\mathtt{u})=\),
\(D(\mathtt{v})=\),
\(D(\mathtt{w})=\),
\(D(\mathtt{x})=\),
\(D(\mathtt{y})=\),
\(D(\mathtt{z})=\),
Using the function \(D\) Bob decrypts the message and obtains:
The encryption and decryption functions \(J\) and \(J^{-1}\) can also be represented by decoder discs as applied in Example 8.22 and Example 8.23 respectively. To evaluate the encryption function \(J\) we read from the outer ring to the inner ring. To evaluate the decryption function we read from the inner ring to the outer ring.

Example 8.22. Encoding with a decoder disc interactive.

Example 8.23. Decryption with a decoder disc interactive.

We present the process of using decoder discs in the video in Figure 8.24.
Figure 8.24. Caesar Cipher with Decoder Disc by Matt Farmer and Stephen Steward
You can easily build a decoder disc that can be adjusted for decrypting and encrypting any Caesar cipher from the discs in Figure 8.25.
Figure 8.25. Build your own decoder disc. Cut out the plain text disc on the left and the cipher text disc right. Punch a hole into the center of each disc. Put a split pin trough the center of both discs. To set the decoder disc up for the Caesar cipher that shifts by a natural number \(n\) align the number \(n\) on the inner disc with the line between \(\mathtt{z}\) and \(\cspace\text{.}\)