Caesar cipher: Difference between revisions

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
← Previous edit
VisualWikitext
imported>Andpend
m add reference example
imported>JingleJim
Example: diction
 
(One intermediate revision by one other user not shown)
Line 25: Line 25:
-->
-->


In [[cryptography]], a '''Caesar cipher''', also known as '''Caesar's cipher''', the '''shift cipher''', '''Caesar's code''', or '''Caesar shift''', is one of the simplest and most widely known [[encryption]] techniques. It is a type of [[substitution cipher]] in which each letter in the [[plaintext]] is replaced by a letter some fixed number of positions down the [[alphabet]]. For example, with a left shift of 3, {{mono|D}} would be replaced by {{mono|A}}, {{mono|E}} would become {{mono|B}}, and so on.<ref>{{cite web|first = James|last = Smith|work = Golang Project Structure|title = Writing Secret Messages With a Caesar Cipher|url = https://golangprojectstructure.com/caesar-cipher-secret-messages/|date = 2021-11-30|access-date = 2024-10-20}}</ref> The method is named after [[Julius Caesar]], who used it in his private correspondence.
A '''Caesar cipher'''{{efn|also known as Caesar's cipher, the shift cipher, Caesar's code, or Caesar shift}} is one of the simplest and most widely known [[encryption]] techniques used in [[cryptography]]. It is a type of [[substitution cipher]] in which each letter in the [[plaintext]] is replaced by a letter some fixed number of positions along the [[alphabet]]. For example, with a left shift of 3, {{mono|D}} would be replaced by {{mono|A}}, {{mono|E}} would become {{mono|B}}, and so on.<ref>{{cite web|first = James|last = Smith|work = Golang Project Structure|title = Writing Secret Messages With a Caesar Cipher|url = https://golangprojectstructure.com/caesar-cipher-secret-messages/|date = 2021-11-30|url-status = live|archive-url = https://web.archive.org/web/20241105025547/https://golangprojectstructure.com/caesar-cipher-secret-messages/|archive-date = 2024-11-05|access-date = 2024-10-20}}</ref> The method is named after [[Julius Caesar]], who used it in his private correspondence.


The encryption step performed by a Caesar cipher is often incorporated as part of more complex schemes, such as the [[Vigenère cipher]], and still has modern application in the [[ROT13]] system. As with all single-alphabet substitution ciphers, the Caesar cipher is easily broken and in modern practice offers essentially no [[communications security]].
The encryption step performed by a Caesar cipher is often incorporated as part of more complex schemes, such as the [[Vigenère cipher]], and still has modern application in the [[ROT13]] system. As with all single-alphabet substitution ciphers, the Caesar cipher is easily broken and in modern practice offers essentially no [[communications security]].
Line 31: Line 31:
==Example==
==Example==
{{Wikifunctions|Z12812|Latin alphabet Caesar cipher}}
{{Wikifunctions|Z12812|Latin alphabet Caesar cipher}}
The transformation can be represented by aligning two alphabets; the cipher is the plain alphabet rotated left or right by some number of positions. For instance, here is a Caesar cipher using a left rotation of three places, equivalent to a right shift of 23 (the shift parameter is used as the [[key (cryptography)|key]]):
The transformation can be represented by aligning two alphabets; the cipher is the plain alphabet shifted left or right by a certain number of positions. For instance, here is a Caesar cipher using a left shift of three places, equivalent to a right shift of 23 (the shift parameter is used as the [[key (cryptography)|key]]):


{{Aligned table|cols=27|class=wikitable|col1header=on
{{Aligned table|cols=27|class=wikitable|col1header=on
Line 43: Line 43:
  Ciphertext: QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD
  Ciphertext: QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD


Deciphering is done in reverse, with a right shift of 3.
Deciphering is done in reverse, with a left shift of 3.


The encryption can also be represented using [[modular arithmetic]] by first transforming the letters into numbers, according to the scheme, A → 0, B → 1, ..., Z → 25.<ref>{{cite journal |last=Luciano |first=Dennis |author2=Gordon Prichett |date=January 1987 |title=Cryptology: From Caesar Ciphers to Public-Key Cryptosystems |journal=The College Mathematics Journal |volume=18 |issue=1 |pages=2–17 |doi=10.2307/2686311 |jstor=2686311 |citeseerx=10.1.1.110.6123 }}</ref> Encryption of a letter ''x'' by a shift ''n'' can be described mathematically as,<ref>{{cite book |title=Cryptology Unlocked |url=https://archive.org/details/Cryptology_Unlocked |last=Wobst |first=Reinhard |year=2001 |publisher=Wiley |isbn=978-0-470-06064-3 |page=19 }}</ref><ref>{{cite web |title=Caesar Cipher |url=https://solidify.software/posts/caesar-cipher |website=Solidify Software |publisher=Solidify Software |access-date=2025-06-21}}</ref>
The encryption can also be represented using [[modular arithmetic]] by first transforming the letters into numbers, according to the scheme, A → 0, B → 1, ..., Z → 25.<ref>{{cite journal |last=Luciano |first=Dennis |author2=Gordon Prichett |date=January 1987 |title=Cryptology: From Caesar Ciphers to Public-Key Cryptosystems |journal=The College Mathematics Journal |volume=18 |issue=1 |pages=2–17 |doi=10.2307/2686311 |jstor=2686311 |citeseerx=10.1.1.110.6123 }}</ref> Encryption of a letter ''x'' by a shift ''n'' can be described mathematically as:<ref>{{cite book |title=Cryptology Unlocked |url=https://archive.org/details/Cryptology_Unlocked |last=Wobst |first=Reinhard |year=2001 |publisher=Wiley |isbn=978-0-470-06064-3 |page=19 }}</ref><ref>{{cite web |title=Caesar Cipher |url=https://solidify.software/posts/caesar-cipher |website=Solidify Software |url-status=live |archive-url=https://web.archive.org/web/20250621223017/https://solidify.software/posts/caesar-cipher |archive-date=2025-06-21 |access-date=2025-06-21}}</ref>


: <math>E_n(x) = (x + n) \mod {26}.</math>
: <math>E_n(x) = (x + n) \mod {26}.</math>


Decryption is performed similarly,
Decryption is performed similarly:


: <math>D_n(x) = (x - n) \mod {26}.</math>
: <math>D_n(x) = (x - n) \mod {26}.</math>
Line 59: Line 59:
==History and usage==
==History and usage==
{{See also|History of cryptography}}
{{See also|History of cryptography}}
[[File:Bust of Julius Caesar from History of the World (1902).png|thumbnail|The Caesar cipher is named for [[Julius Caesar]], who used an alphabet where decrypting would shift three letters to the left.]]
[[File:Bust of Julius Caesar from History of the World (1902).png|thumb|upright=0.7|The Caesar cipher is named for [[Julius Caesar]], who used an alphabet where decrypting would shift three letters to the right.]]
The Caesar cipher is named after [[Julius Caesar]], who, according to [[Lives of the Twelve Caesars|Suetonius]], used it with a shift of three (A becoming D when encrypting, and D becoming A when decrypting) to protect messages of military significance.<ref>{{cite book|author=[[Suetonius]]|url=http://thelatinlibrary.com/suetonius/suet.caesar.html#56|title= Vita Divi Julii |chapter=56.6|lang=la}}</ref> While Caesar's was the first recorded use of this scheme, other substitution ciphers are known to have been used earlier.<ref>{{cite web|title=Cracking the Code|url=https://www.cia.gov/news-information/featured-story-archive/2007-featured-story-archive/cracking-the-code.html|website=Central Intelligence Agency|access-date=21 February 2017|archive-url=https://web.archive.org/web/20201226065538/https://www.cia.gov/news-information/featured-story-archive/2007-featured-story-archive/cracking-the-code.html|archive-date=26 December 2020}}</ref><ref>{{cite book |title=[[The Code Book]] |last=Singh |first=Simon |author-link=Simon Singh |year=2000 |publisher=Anchor |isbn=0-385-49532-3 |pages=[https://archive.org/details/codebook00simo/page/289 289-290] }}</ref>
The Caesar cipher is named for [[Julius Caesar]], who, according to the Roman historian [[Suetonius]], used it with a shift of three ({{mono|A}} becoming {{mono|D}} when encrypting, and vice versa when decrypting) to protect messages of military significance.<ref name=":0" /><ref>{{cite book |author=Suetonius |author-link= |url=https://www.perseus.tufts.edu/hopper/text?doc=Perseus%3Atext%3A1999.02.0132%3Alife%3Djul.%3Achapter%3D56 |title=The Lives of the Twelve Caesars |chapter=Jul. 56}}</ref> While Caesar's was the first recorded use of this scheme, other substitution ciphers are known to have existed earlier.<ref>{{cite web|title=Cracking the Code|url=https://www.cia.gov/news-information/featured-story-archive/2007-featured-story-archive/cracking-the-code.html|website=Central Intelligence Agency|access-date=21 February 2017|url-status=dead|archive-url=https://web.archive.org/web/20201226065538/https://www.cia.gov/news-information/featured-story-archive/2007-featured-story-archive/cracking-the-code.html|archive-date=26 December 2020}}</ref><ref>{{cite book |title=[[The Code Book]] |last=Singh |first=Simon |author-link=Simon Singh |year=2000 |publisher=Anchor |isbn=0-385-49532-3 |pages=[https://archive.org/details/codebook00simo/page/289 289–290] }}</ref> Suetonius writes that his nephew, [[Augustus]], used the cipher with a right shift of one, but it did not wrap around to the beginning of the [[Latin alphabet]], instead replacing {{mono|Z}} with {{mono|AA}}.<ref name=":0" /><ref>{{Cite book |last=Suetonius |url=http://www.perseus.tufts.edu/hopper/text?doc=Perseus%3Atext%3A1999.02.0132%3Alife%3Daug.%3Achapter%3D86 |title=The Lives of the Twelve Caesars |chapter=Aug. 86}}</ref> Evidence exists that Caesar also used more complicated systems.<ref name=":0">{{cite journal |last=Reinke |first=Edgar C. |date=December 1962 |title=Classical Cryptography |journal=The Classical Journal |volume=58 |issue=3 |page=114 }}</ref> The grammarian [[Aulus Gellius]] refers to a (now lost) treatise on his ciphers:{{Blockquote|"There is even a rather ingeniously written treatise by the grammarian [[Marcus Valerius Probus|Probus]] concerning the secret meaning of letters in the composition of Caesar's epistles."|[[Aulus Gellius]]|''Attic Nights 17.9.1–5''}}
{{Blockquote|"If he had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he must substitute the fourth letter of the alphabet, namely D, for A, and so with the others."|[[Suetonius]]|''[[Life of Julius Caesar]]'' 56}}
His nephew, [[Augustus Caesar|Augustus]], also used the cipher, but with a right shift of one, and it did not wrap around to the beginning of the alphabet:
{{Blockquote|"Whenever he wrote in cipher, he wrote B for A, C for B, and the rest of the letters on the same principle, using AA for Z."|[[Suetonius]]|''[[Life of Augustus]]'' 88}}
Evidence exists that Julius Caesar also used more complicated systems,<ref>{{cite journal |last=Reinke |first=Edgar C. |date=December 1962 |title=Classical Cryptography |journal=The Classical Journal |volume=58 |issue=3 |page=114 }}</ref> and one writer, [[Aulus Gellius]], refers to a (now lost) treatise on his ciphers:
{{Blockquote|"There is even a rather ingeniously written treatise by the grammarian Probus concerning the secret meaning of letters in the composition of Caesar's epistles."|[[Aulus Gellius]]|''Attic Nights 17.9.1–5''}}


It is unknown how effective the Caesar cipher was at the time; there is no record at that time of any techniques for the solution of simple substitution ciphers. The earliest surviving records date to the 9th-century works of [[Al-Kindi]] in the [[Arab]] world with the discovery of [[frequency analysis]].<ref>{{cite book |title=[[The Code Book]] |last=Singh |first=Simon |author-link=Simon Singh |year=2000 |publisher=Anchor |isbn=0-385-49532-3 |pages=[https://archive.org/details/codebook00simo/page/14 14–20] }}</ref>
It is unknown how effective the Caesar cipher was at the time: there is no record of contemporary techniques for the solution of simple substitution ciphers. The earliest surviving records date to the 9th-century works of [[Al-Kindi]] in the [[Arab world#Early history|Arab world]] with the discovery of [[frequency analysis]].<ref>{{cite book |title=[[The Code Book]] |last=Singh |first=Simon |author-link=Simon Singh |year=2000 |publisher=Anchor |isbn=0-385-49532-3 |pages=[https://archive.org/details/codebook00simo/page/14 14–20] }}</ref>


A piece of text encrypted in a [[Hebrew language|Hebrew]] version of the Caesar cipher not to be confused with [[Atbash]], is sometimes found on the back of Jewish [[mezuzah]] scrolls. When each letter is replaced with the letter before it in the [[Hebrew alphabet]] the text translates as "[[YHWH]], our God, YHWH", a quotation from the main part of the scroll.<ref>{{cite book |last1=Eisenberg |first1=Ronald L. |title=Jewish Traditions |date=2004 |publisher=Jewish Publication Society |location=Philadelphia |isbn=9780827610392 |pages=582 |edition=1st}}</ref><ref>{{cite book |last1=Sameth |first1=Mark |title=The Name : a history of the dual-gendered Hebrew name for God |date=2020 |publisher=Wipf & Stock |location=Eugene, Oregon |isbn=9781532693830 |pages=5–6}}</ref>
A piece of text encrypted in a [[Hebrew language|Hebrew]] version of the Caesar cipher (not to be confused with [[Atbash]]) is sometimes found on the back of Jewish [[mezuzah]] scrolls. When each letter is replaced with the letter before it in the [[Hebrew alphabet]], the text reads "[[YHWH]], our God, YHWH", a quotation from the scroll.<ref>{{cite book |last1=Eisenberg |first1=Ronald L. |title=Jewish Traditions |date=2004 |publisher=Jewish Publication Society |location=Philadelphia |isbn=9780827610392 |pages=582 |edition=1st}}</ref><ref>{{cite book |last1=Sameth |first1=Mark |title=The Name : a history of the dual-gendered Hebrew name for God |date=2020 |publisher=Wipf & Stock |location=Eugene, Oregon |isbn=9781532693830 |pages=5–6}}</ref>


In the 19th century, the personal advertisements section in newspapers would sometimes be used to exchange messages encrypted using simple cipher schemes. [[David Kahn (writer)|David Kahn]] (1967) describes instances of lovers engaging in secret communications enciphered using the Caesar cipher in ''[[The Times]]''.<ref>{{cite book |title=The Codebreakers |last=Kahn |first=David |author-link=David Kahn (writer) |year=1967 |isbn=978-0-684-83130-5 |pages=775–6 }}</ref> Even as late as 1915, the Caesar cipher was in use: the Russian army employed it as a replacement for more complicated ciphers which had proved to be too difficult for their troops to master; German and Austrian [[Cryptanalysis|cryptanalysts]] had little difficulty in decrypting their messages.<ref>{{cite book |title=The Codebreakers |last=Kahn |first=David |author-link=David Kahn (writer) |year=1967 |isbn=978-0-684-83130-5 |pages=631–2 }}</ref>
The [[Vigenère cipher]] uses a Caesar cipher with a different shift at each position in the text; the value of the shift is defined using a repeating keyword.<ref>{{cite book |last=Kahn |first=David |author-link=David Kahn (writer) |title=The Codebreakers |year=1967 |isbn=978-0-684-83130-5 |pages=148–149}}</ref> Repeating keywords (e.g., "[[Vigenère cipher#History|Complete Victory]]" used by the [[Confederate States of America|Confederacy]] during the [[American Civil War]]) introduce a cyclic pattern that might be detected with statistically advanced frequency analysis.<ref>{{cite book |last=Kahn |first=David |author-link=David Kahn (writer) |title=The Codebreakers |year=1967 |isbn=978-0-684-83130-5 |pages=398–400}}</ref> (''See e.g. [[Coincidence counting]].'') If the keyword is as long as the message, is chosen at [[randomly|random]], never becomes known to anyone else, and is never reused, it is a [[one-time pad]] cipher, impossible to break cryptographically. However, the problems involved in [[Key distribution|distributing]] such a key make the one-time pad difficult to use in practice.
[[File:Confederate cipher disk.jpg|alt=Caesar cipher can be constructed into a disk with outer rotating wheel as plain text and the inner fixed wheel as cipher text. Both outer and inner plates should have alphabets in the same direction. |thumb|Caesar cipher translated to a disk has both outer and inner plates having alphabets in the same direction and not the reverse as seen in CipherDisk2000.]]
Caesar ciphers can be found today in children's toys such as [[secret decoder ring]]s. A Caesar shift of thirteen is also performed in the [[ROT13]] [[algorithm]], a simple method of obfuscating text widely found on [[Usenet]] and used to obscure text (such as joke punchlines and story [[Spoiler (media)|spoilers]]), but not seriously used as a method of encryption.<ref>{{cite book |title=Cryptology Unlocked |url=https://archive.org/details/Cryptology_Unlocked |last=Wobst |first=Reinhard |year=2001 |publisher=Wiley |isbn=978-0-470-06064-3 |page=20 }}</ref>


The [[Vigenère cipher]] uses a Caesar cipher with a different shift at each position in the text; the value of the shift is defined using a repeating keyword.<ref>{{cite book |title=The Codebreakers |last=Kahn |first=David |author-link=David Kahn (writer) |year=1967 |pages=148–149 |isbn=978-0-684-83130-5 }}</ref> If the keyword is as long as the message, is chosen at [[randomly|random]], never becomes known to anyone else, and is never reused, this is the [[one-time pad]] cipher, proven unbreakable. However the problems involved in using a random key as long as the message make the one-time pad difficult to use in practice. Keywords shorter than the message (e.g., "[[Vigenère cipher#History|Complete Victory]]" used by the [[Confederate States of America|Confederacy]] during the [[American Civil War]]), introduce a cyclic pattern that might be detected with a statistically advanced version of frequency analysis.<ref>{{cite book |title=The Codebreakers |last=Kahn |first=David |author-link=David Kahn (writer) |year=1967 |pages=398–400 |isbn=978-0-684-83130-5 }}</ref>
In the 19th century, the [[personal advertisement]]s section in newspapers would sometimes be used to exchange messages encrypted using simple cipher schemes. [[David Kahn (writer)|David Kahn]] (1967) describes instances of lovers engaging in secret communications enciphered using the Caesar cipher in ''[[The Times]]''.<ref>{{cite book |title=The Codebreakers |last=Kahn |first=David |author-link=David Kahn (writer) |year=1967 |isbn=978-0-684-83130-5 |pages=775–6 }}</ref> As late as 1915 during [[World War I]], the Caesar cipher was used by the Russian army as a replacement for more complicated ciphers which had proven difficult for their troops to master; German and Austrian [[Cryptanalysis|cryptanalysts]] had little difficulty in decrypting their messages.<ref>{{cite book |title=The Codebreakers |last=Kahn |first=David |author-link=David Kahn (writer) |year=1967 |isbn=978-0-684-83130-5 |pages=631–2 }}</ref>


In April 2006, fugitive [[Sicilian Mafia|Mafia]] boss [[Bernardo Provenzano]] was captured in [[Sicily]] partly because some of his messages, clumsily written in a variation of the Caesar cipher, were broken. Provenzano's cipher used numbers, so that "A" would be written as "4", "B" as "5", and so on.<ref>{{cite news |first=John |last=Leyden |title=Mafia boss undone by clumsy crypto |url=https://www.theregister.co.uk/2006/04/19/mafia_don_clueless_crypto/ |work=[[The Register]] |date=2006-04-19 |access-date=2008-06-13 }}</ref>
[[File:Confederate cipher disk.jpg|alt=Caesar cipher can be constructed into a disk with outer rotating wheel as plain text and the inner fixed wheel as cipher text. Both outer and inner plates should have alphabets in the same direction.|thumb|upright=0.7|Caesar cipher translated to a disk has both outer and inner plates having alphabets in the same direction and not the reverse as seen in CipherDisk2000.]]
In April 2006, fugitive [[Sicilian Mafia|Mafia]] boss [[Bernardo Provenzano]] was captured in [[Sicily]] partly because some of his messages, clumsily written in a variation of the Caesar cipher, were broken. Provenzano's cipher used numbers, so that "A" would be written as "4", "B" as "5", and so on.<ref>{{cite news |last=Leyden |first=John |date=2006-04-19 |title=Mafia boss undone by clumsy crypto |url=https://www.theregister.co.uk/2006/04/19/mafia_don_clueless_crypto/ |access-date=2008-06-13 |work=[[The Register]]}}</ref>


In 2011, Rajib Karim was convicted in the United Kingdom of "terrorism offences" after using the Caesar cipher to communicate with Bangladeshi Islamic activists discussing plots to blow up [[British Airways]] planes or disrupt their IT networks. Although the parties had access to far better encryption techniques (Karim himself used [[Pretty Good Privacy|PGP]] for data storage on computer disks), they chose to use their own scheme (implemented in [[Microsoft Excel]]), rejecting a more sophisticated code program called [[Mujahedeen Secrets]] "because 'kaffirs', or non-believers, know about it, so it must be less secure".<ref>{{cite news |title=BA jihadist relied on Jesus-era encryption |url=https://www.theregister.co.uk/2011/03/22/ba_jihadist_trial_sentencing/ |work=[[The Register]] |date=2011-03-22 |access-date=2011-04-01 }}</ref>
In 2011, [[British Airways]] employee Rajib Karim was convicted of "terrorism offences" after using a Caesar cipher to discuss with Bangladeshi [[Jihadism|jihadi]] activists plots to bomb the airline's planes or disrupt its IT systems. Although the parties had access to far better encryption techniques (Karim himself used [[Pretty Good Privacy|PGP]] for data storage), they chose to use their own scheme implemented in [[Microsoft Excel]], rejecting a more sophisticated code program called [[Mujahedeen Secrets]] "because '[[Kafir|kaffirs]]', or non-believers, know about it, so it must be less secure".<ref>{{cite news |date=2011-03-22 |title=BA jihadist relied on Jesus-era encryption |url=https://www.theregister.co.uk/2011/03/22/ba_jihadist_trial_sentencing/ |access-date=2011-04-01 |work=[[The Register]]}}</ref>
 
Caesar ciphers can be found today in children's toys such as [[secret decoder ring]]s. A Caesar shift of thirteen is also performed in the [[ROT13]] cipher, a simple method of obfuscating text widely found on [[Usenet]] and used to obscure text (such as joke punchlines and story [[Spoiler (media)|spoilers]]), but not seriously used as a method of encryption.<ref>{{cite book |title=Cryptology Unlocked |url=https://archive.org/details/Cryptology_Unlocked |last=Wobst |first=Reinhard |year=2001 |publisher=Wiley |isbn=978-0-470-06064-3 |page=20 }}</ref>


==Breaking the cipher==
==Breaking the cipher==
Line 118: Line 114:
| {{mono|fyyfhpfytshj}}
| {{mono|fyyfhpfytshj}}
|}
|}
The Caesar cipher can be easily broken even in a [[ciphertext-only attack|ciphertext-only scenario]]. Since there are only a limited number of possible shifts (25 in English), an attacker can mount a [[brute force attack]] by deciphering the message, or part of it, using each possible shift. The correct description will be the one which makes sense as English text.<ref>{{cite book |title=Cryptology |last=Beutelspacher |first=Albrecht |author-link=Albrecht Beutelspacher |year=1994 |publisher=[[Mathematical Association of America]] |isbn=0-88385-504-6 |pages=8–9 }}</ref> An example is shown on the right for the ciphertext "{{mono|exxegoexsrgi}}"; the candidate plaintext for shift four "{{mono|attackatonce}}" is the only one which makes sense as English text. Another type of brute force attack is to write out the alphabet beneath each letter of the ciphertext, starting at that letter. Again the correct decryption is the one which makes sense as English text. This technique is sometimes known as "completing the plain component".<ref>{{cite journal |last=Leighton |first=Albert C. |date=April 1969 |title=Secret Communication among the Greeks and Romans |journal=Technology and Culture |volume=10 |issue=2 |pages=139–154 |doi=10.2307/3101474 |jstor=3101474 }}</ref><ref>{{cite book |title=Elementary Cryptanalysis: A Mathematical Approach |last=Sinkov |first=Abraham |author-link=Abraham Sinkov |author2=Paul L. Irwin |year=1966 |publisher=Mathematical Association of America |isbn=0-88385-622-0 |pages=13–15 }}</ref>
The Caesar cipher can be easily broken even in a [[ciphertext-only attack|ciphertext-only scenario]]. Since there are only a limited number of possible shifts (25 in English), an attacker can mount a [[brute force attack]] by deciphering the message, or part of it, using each possible shift. The correct decryption will be the one which makes sense in the language of the plaintext.<ref>{{cite book |title=Cryptology |last=Beutelspacher |first=Albrecht |author-link=Albrecht Beutelspacher |year=1994 |publisher=[[Mathematical Association of America]] |isbn=0-88385-504-6 |pages=8–9 }}</ref> An example is shown on the right for the ciphertext "{{mono|exxegoexsrgi}}"; the candidate plaintext for shift four, "{{mono|attackatonce}}", is the only one which makes sense as English text. Another type of brute force attack is to write out the alphabet beneath each letter of the ciphertext, starting at that letter. Again the correct decryption is the one which makes sense as English text. This technique is sometimes known as "completing the plain component".<ref>{{cite journal |last=Leighton |first=Albert C. |date=April 1969 |title=Secret Communication among the Greeks and Romans |journal=Technology and Culture |volume=10 |issue=2 |pages=139–154 |doi=10.2307/3101474 |jstor=3101474 }}</ref><ref>{{cite book |title=Elementary Cryptanalysis: A Mathematical Approach |last=Sinkov |first=Abraham |author-link=Abraham Sinkov |author2=Paul L. Irwin |year=1966 |publisher=Mathematical Association of America |isbn=0-88385-622-0 |pages=13–15 }}</ref>


[[File:English letter frequency percentages.png|alt=|left|thumb|The distribution of letters in a typical sample of English language text has a distinctive and predictable shape. A Caesar shift "rotates" this distribution, and it is possible to determine the shift by examining the resultant frequency graph.]]
[[File:English letter frequency percentages.png|alt=|left|thumb|The distribution of letters in a typical sample of English language text has a distinctive and predictable shape. A Caesar shift "rotates" this distribution, and it is possible to determine the shift by examining the resultant frequency graph.]]
Another approach is to match up the frequency distribution of the letters. By graphing the frequencies of letters in the ciphertext, and by knowing the expected distribution of those letters in the original language of the plaintext, a human can easily spot the value of the shift by looking at the displacement of particular features of the graph. This is known as [[frequency analysis]]. For example, in the English language the plaintext frequencies of the letters {{mono|E}}, {{mono|T}}, (usually most frequent), and {{mono|Q}}, {{mono|Z}} (typically least frequent) are particularly distinctive.<ref>{{cite book |title=The Code Book |last=Singh |first=Simon |author-link=Simon Singh |year=2000 |publisher=Anchor |isbn=0-385-49532-3 |pages=[https://archive.org/details/codebook00simo/page/72 72–77] |url=https://archive.org/details/codebook00simo/page/72 }}</ref> Computers can automate this process by assessing the similarity between the observed frequency distribution and the expected distribution. This can be achieved, for instance, through the utilization of the [[chi-squared statistic]]<ref>{{cite web |url=http://www.cs.trincoll.edu/~crypto/historical/caesar.html |title=The Caesar Cipher |access-date=2008-07-16 |last=Savarese |first=Chris |author2=Brian Hart |date=2002-07-15 |publisher=[[Trinity College (Connecticut)|Trinity College]] }}</ref> or by minimizing the sum of squared errors between the observed and known language distributions.<ref>{{cite web |url=https://raw.org/tool/caesar-cipher/ |title=Caesar Cipher Decryption |access-date=2024-04-02 |last=Eisele |first=Robert |date=2007-05-18 }}</ref>
Another approach is to match up the frequency distribution of the letters. By graphing the frequencies of letters in the ciphertext, and by knowing the expected distribution of those letters in the original language of the plaintext, a human can easily spot the value of the shift by looking at the displacement of particular features of the graph. This is known as [[frequency analysis]]. For example, in the English language the plaintext frequencies of the letters {{mono|E}}, {{mono|T}}, (usually most frequent), and {{mono|Q}}, {{mono|Z}} (typically least frequent) are particularly distinctive.<ref>{{cite book |title=The Code Book |last=Singh |first=Simon |author-link=Simon Singh |year=2000 |publisher=Anchor |isbn=0-385-49532-3 |pages=[https://archive.org/details/codebook00simo/page/72 72–77] |url=https://archive.org/details/codebook00simo/page/72 }}</ref> Computers can automate this process by assessing the similarity between the observed frequency distribution and the expected distribution. This can be achieved, for instance, through the utilization of the [[chi-squared statistic]]<ref>{{cite web |url=http://www.cs.trincoll.edu/~crypto/historical/caesar.html |title=The Caesar Cipher |access-date=2008-07-16 |last=Savarese |first=Chris |author2=Brian Hart |date=2002-07-15 |publisher=[[Trinity College (Connecticut)|Trinity College]]|url-status=live|archive-url=https://web.archive.org/web/20110813232738/http://www.cs.trincoll.edu/~crypto/historical/caesar.html|archive-date=2011-08-13 }}</ref> or by minimizing the sum of squared errors between the observed and known language distributions.<ref>{{cite web |url=https://raw.org/tool/caesar-cipher/ |title=Caesar Cipher Decryption |access-date=2024-04-02 |last=Eisele |first=Robert |date=2007-05-18 |url-status=live |archive-url=https://web.archive.org/web/20240324224211/https://raw.org/tool/caesar-cipher/ |archive-date=2024-03-24 }}</ref>


The [[unicity distance]] for the Caesar cipher is about 2, meaning that on average at least two characters of ciphertext are required to determine the key.<ref>{{cite book |last1=Lubbe |first1=Jan C. A. |title=Basic Methods of Cryptography |date=12 March 1998 |publisher=Cambridge University Press |isbn=9780521555593 |pages=47–8}}</ref> In rare cases more text may be needed. For example, the words "{{mono|river}}" and "{{mono|arena}}" can be converted to each other with a Caesar shift, which means they can produce the same ciphertext with different shifts. However, in practice the key can almost certainly be found with at least 6 characters of ciphertext.<ref>{{cite book |last1=Pardo |first1=José Luis Gómez |title=Introduction to Cryptography with Maple |date=19 December 2012 |publisher=Springer Berlin Heidelberg |isbn=9783642321665 |page=5}}</ref>
The [[unicity distance]] for the Caesar cipher is about 2, meaning that on average at least two characters of ciphertext are required to determine the key.<ref>{{cite book |last1=Lubbe |first1=Jan C. A. |title=Basic Methods of Cryptography |date=12 March 1998 |publisher=Cambridge University Press |isbn=9780521555593 |pages=47–8}}</ref> In rare cases more text may be needed. For example, the words "{{mono|river}}" and "{{mono|arena}}" can be converted to each other with a Caesar shift, which means they can produce the same ciphertext with different shifts. However, in practice the key can almost certainly be found with at least 6 characters of ciphertext.<ref>{{cite book |last1=Pardo |first1=José Luis Gómez |title=Introduction to Cryptography with Maple |date=19 December 2012 |publisher=Springer Berlin Heidelberg |isbn=9783642321665 |page=5}}</ref>


With the Caesar cipher, encrypting a text multiple times provides no additional security. This is because two encryptions of, say, shift ''A'' and shift ''B'', will be equivalent to a single encryption with shift {{nowrap|''A'' + ''B''}}. In mathematical terms, the set of encryption operations under each possible key forms a [[group (mathematics)|group]] under [[Function composition|composition]].<ref>{{cite book |title=Cryptology Unlocked |url=https://archive.org/details/Cryptology_Unlocked |last=Wobst |first=Reinhard |year=2001 |publisher=Wiley |isbn=978-0-470-06064-3 |page=31}}</ref>
With the Caesar cipher, encrypting a text multiple times provides no additional security. This is because two encryptions of, say, shift ''A'' and shift ''B'' will be equivalent to a single encryption with shift {{nowrap|''A'' + ''B''}}. In mathematical terms, the set of encryption operations under each possible key forms a [[group (mathematics)|group]] under [[Function composition|composition]].<ref>{{cite book |title=Cryptology Unlocked |url=https://archive.org/details/Cryptology_Unlocked |last=Wobst |first=Reinhard |year=2001 |publisher=Wiley |isbn=978-0-470-06064-3 |page=31}}</ref>
{{clear left}}
{{clear left}}


==See also==
==See also==
* [[Scytale]]
* {{Annotated link|Scytale}}
{{clear}}
{{clear}}


==Notes==
== Notes ==
{{notelist}}
 
==References==
{{reflist}}
{{reflist}}


Line 140: Line 139:


==Further reading==
==Further reading==
* {{Cite book |last=Bauer |first=Friedrich Ludwig |url=https://www.worldcat.org/oclc/43063275 |title=Decrypted Secrets: Methods and Maxims of Cryptology |date=2000 |publisher=Springer |isbn=3-540-66871-3 |edition=2nd and extended |location=Berlin |oclc=43063275|ref=none}}
* {{Cite book |last=Bauer |first=Friedrich Ludwig |title=Decrypted Secrets: Methods and Maxims of Cryptology |date=2000 |publisher=Springer |isbn=3-540-66871-3 |edition=2nd and extended |location=Berlin |oclc=43063275|ref=none}}


==External links==
==External links==
{{commons category|Caesar ciphers}}
{{commons category|Caesar ciphers}}
* {{MathWorld | urlname=CaesarsMethod | title=Caesar's Method |ref=none}}
* {{MathWorld | urlname=CaesarsMethod | title=Caesar's Method |ref=none}}
* [https://ciphersonline.com/es/cifrado-cesar Use this decoder, Agent 2S.]
* [https://cryptii.com/pipes/caesar-cipher Caesar cipher encoder] on Cryptii


{{Cryptography navbox | classical|state=collapsed}}
{{Cryptography navbox | classical|state=collapsed}}

Latest revision as of 12:21, 20 December 2025

Template:Short description Template:Top icon

File:Caesar cipher left shift of 3.svg
The action of a Caesar cipher is to replace each plaintext letter with a different one a fixed number of places down the alphabet. The cipher illustrated here uses a left shift of 3, so that (for example) each occurrence of <templatestyles src="Mono/styles.css" />E in the plaintext becomes <templatestyles src="Mono/styles.css" />B in the ciphertext.

A Caesar cipherTemplate:Efn is one of the simplest and most widely known encryption techniques used in cryptography. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions along the alphabet. For example, with a left shift of 3, <templatestyles src="Mono/styles.css" />D would be replaced by <templatestyles src="Mono/styles.css" />A, <templatestyles src="Mono/styles.css" />E would become <templatestyles src="Mono/styles.css" />B, and so on.[1] The method is named after Julius Caesar, who used it in his private correspondence.

The encryption step performed by a Caesar cipher is often incorporated as part of more complex schemes, such as the Vigenère cipher, and still has modern application in the ROT13 system. As with all single-alphabet substitution ciphers, the Caesar cipher is easily broken and in modern practice offers essentially no communications security.

Example

Template:Wikifunctions The transformation can be represented by aligning two alphabets; the cipher is the plain alphabet shifted left or right by a certain number of positions. For instance, here is a Caesar cipher using a left shift of three places, equivalent to a right shift of 23 (the shift parameter is used as the key):

Template:Aligned table

When encrypting, a person looks up each letter of the message in the "plain" line and writes down the corresponding letter in the "cipher" line. 

Plaintext:  THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG
Ciphertext: QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD

Deciphering is done in reverse, with a left shift of 3.

The encryption can also be represented using modular arithmetic by first transforming the letters into numbers, according to the scheme, A → 0, B → 1, ..., Z → 25.[2] Encryption of a letter x by a shift n can be described mathematically as:[3][4]

En(x)=(x+n)mod26.

Decryption is performed similarly:

Dn(x)=(xn)mod26.

(Here, "mod" refers to the modulo operation. The value x is in the range 0 to 25, but if x + n or xn are not in this range then 26 should be added or subtracted.)

The replacement remains the same throughout the message, so the cipher is classed as a type of monoalphabetic substitution, as opposed to polyalphabetic substitution.

History and usage

Script error: No such module "Labelled list hatnote".

File:Bust of Julius Caesar from History of the World (1902).png
The Caesar cipher is named for Julius Caesar, who used an alphabet where decrypting would shift three letters to the right.

The Caesar cipher is named for Julius Caesar, who, according to the Roman historian Suetonius, used it with a shift of three (<templatestyles src="Mono/styles.css" />A becoming <templatestyles src="Mono/styles.css" />D when encrypting, and vice versa when decrypting) to protect messages of military significance.[5][6] While Caesar's was the first recorded use of this scheme, other substitution ciphers are known to have existed earlier.[7][8] Suetonius writes that his nephew, Augustus, used the cipher with a right shift of one, but it did not wrap around to the beginning of the Latin alphabet, instead replacing <templatestyles src="Mono/styles.css" />Z with <templatestyles src="Mono/styles.css" />AA.[5][9] Evidence exists that Caesar also used more complicated systems.[5] The grammarian Aulus Gellius refers to a (now lost) treatise on his ciphers:<templatestyles src="Template:Blockquote/styles.css" />

"There is even a rather ingeniously written treatise by the grammarian Probus concerning the secret meaning of letters in the composition of Caesar's epistles."

— Template:Comma separated entries

Script error: No such module "Check for unknown parameters".

It is unknown how effective the Caesar cipher was at the time: there is no record of contemporary techniques for the solution of simple substitution ciphers. The earliest surviving records date to the 9th-century works of Al-Kindi in the Arab world with the discovery of frequency analysis.[10]

A piece of text encrypted in a Hebrew version of the Caesar cipher (not to be confused with Atbash) is sometimes found on the back of Jewish mezuzah scrolls. When each letter is replaced with the letter before it in the Hebrew alphabet, the text reads "YHWH, our God, YHWH", a quotation from the scroll.[11][12]

The Vigenère cipher uses a Caesar cipher with a different shift at each position in the text; the value of the shift is defined using a repeating keyword.[13] Repeating keywords (e.g., "Complete Victory" used by the Confederacy during the American Civil War) introduce a cyclic pattern that might be detected with statistically advanced frequency analysis.[14] (See e.g. Coincidence counting.) If the keyword is as long as the message, is chosen at random, never becomes known to anyone else, and is never reused, it is a one-time pad cipher, impossible to break cryptographically. However, the problems involved in distributing such a key make the one-time pad difficult to use in practice.

In the 19th century, the personal advertisements section in newspapers would sometimes be used to exchange messages encrypted using simple cipher schemes. David Kahn (1967) describes instances of lovers engaging in secret communications enciphered using the Caesar cipher in The Times.[15] As late as 1915 during World War I, the Caesar cipher was used by the Russian army as a replacement for more complicated ciphers which had proven difficult for their troops to master; German and Austrian cryptanalysts had little difficulty in decrypting their messages.[16]

Caesar cipher can be constructed into a disk with outer rotating wheel as plain text and the inner fixed wheel as cipher text. Both outer and inner plates should have alphabets in the same direction.
Caesar cipher translated to a disk has both outer and inner plates having alphabets in the same direction and not the reverse as seen in CipherDisk2000.

In April 2006, fugitive Mafia boss Bernardo Provenzano was captured in Sicily partly because some of his messages, clumsily written in a variation of the Caesar cipher, were broken. Provenzano's cipher used numbers, so that "A" would be written as "4", "B" as "5", and so on.[17]

In 2011, British Airways employee Rajib Karim was convicted of "terrorism offences" after using a Caesar cipher to discuss with Bangladeshi jihadi activists plots to bomb the airline's planes or disrupt its IT systems. Although the parties had access to far better encryption techniques (Karim himself used PGP for data storage), they chose to use their own scheme implemented in Microsoft Excel, rejecting a more sophisticated code program called Mujahedeen Secrets "because 'kaffirs', or non-believers, know about it, so it must be less secure".[18]

Caesar ciphers can be found today in children's toys such as secret decoder rings. A Caesar shift of thirteen is also performed in the ROT13 cipher, a simple method of obfuscating text widely found on Usenet and used to obscure text (such as joke punchlines and story spoilers), but not seriously used as a method of encryption.[19]

Breaking the cipher

Decryption
shift 		Candidate plaintext
0 <templatestyles src="Mono/styles.css" />exxegoexsrgi
1 <templatestyles src="Mono/styles.css" />dwwdfndwrqfh
2 <templatestyles src="Mono/styles.css" />cvvcemcvqpeg
3 <templatestyles src="Mono/styles.css" />buubdlbupodf
4 <templatestyles src="Mono/styles.css" />attackatonce
5 <templatestyles src="Mono/styles.css" />zsszbjzsnmbd
6 <templatestyles src="Mono/styles.css" />yrryaiyrmlac
...
23 <templatestyles src="Mono/styles.css" />haahjrhavujl
24 <templatestyles src="Mono/styles.css" />gzzgiqgzutik
25 <templatestyles src="Mono/styles.css" />fyyfhpfytshj

The Caesar cipher can be easily broken even in a ciphertext-only scenario. Since there are only a limited number of possible shifts (25 in English), an attacker can mount a brute force attack by deciphering the message, or part of it, using each possible shift. The correct decryption will be the one which makes sense in the language of the plaintext.[20] An example is shown on the right for the ciphertext "<templatestyles src="Mono/styles.css" />exxegoexsrgi"; the candidate plaintext for shift four, "<templatestyles src="Mono/styles.css" />attackatonce", is the only one which makes sense as English text. Another type of brute force attack is to write out the alphabet beneath each letter of the ciphertext, starting at that letter. Again the correct decryption is the one which makes sense as English text. This technique is sometimes known as "completing the plain component".[21][22]

File:English letter frequency percentages.png
The distribution of letters in a typical sample of English language text has a distinctive and predictable shape. A Caesar shift "rotates" this distribution, and it is possible to determine the shift by examining the resultant frequency graph.

Another approach is to match up the frequency distribution of the letters. By graphing the frequencies of letters in the ciphertext, and by knowing the expected distribution of those letters in the original language of the plaintext, a human can easily spot the value of the shift by looking at the displacement of particular features of the graph. This is known as frequency analysis. For example, in the English language the plaintext frequencies of the letters <templatestyles src="Mono/styles.css" />E, <templatestyles src="Mono/styles.css" />T, (usually most frequent), and <templatestyles src="Mono/styles.css" />Q, <templatestyles src="Mono/styles.css" />Z (typically least frequent) are particularly distinctive.[23] Computers can automate this process by assessing the similarity between the observed frequency distribution and the expected distribution. This can be achieved, for instance, through the utilization of the chi-squared statistic[24] or by minimizing the sum of squared errors between the observed and known language distributions.[25]

The unicity distance for the Caesar cipher is about 2, meaning that on average at least two characters of ciphertext are required to determine the key.[26] In rare cases more text may be needed. For example, the words "<templatestyles src="Mono/styles.css" />river" and "<templatestyles src="Mono/styles.css" />arena" can be converted to each other with a Caesar shift, which means they can produce the same ciphertext with different shifts. However, in practice the key can almost certainly be found with at least 6 characters of ciphertext.[27]

With the Caesar cipher, encrypting a text multiple times provides no additional security. This is because two encryptions of, say, shift A and shift B will be equivalent to a single encryption with shift A + B. In mathematical terms, the set of encryption operations under each possible key forms a group under composition.[28]

See also

Notes

Template:Notelist

References

<templatestyles src="Reflist/styles.css" />

  1. Script error: No such module "citation/CS1".
  2. Script error: No such module "Citation/CS1".
  3. Script error: No such module "citation/CS1".
  4. Script error: No such module "citation/CS1".
  5. a b c Script error: No such module "Citation/CS1".
  6. Script error: No such module "citation/CS1".
  7. Script error: No such module "citation/CS1".
  8. Script error: No such module "citation/CS1".
  9. Script error: No such module "citation/CS1".
  10. Script error: No such module "citation/CS1".
  11. Script error: No such module "citation/CS1".
  12. Script error: No such module "citation/CS1".
  13. Script error: No such module "citation/CS1".
  14. Script error: No such module "citation/CS1".
  15. Script error: No such module "citation/CS1".
  16. Script error: No such module "citation/CS1".
  17. Script error: No such module "citation/CS1".
  18. Script error: No such module "citation/CS1".
  19. Script error: No such module "citation/CS1".
  20. Script error: No such module "citation/CS1".
  21. Script error: No such module "Citation/CS1".
  22. Script error: No such module "citation/CS1".
  23. Script error: No such module "citation/CS1".
  24. Script error: No such module "citation/CS1".
  25. Script error: No such module "citation/CS1".
  26. Script error: No such module "citation/CS1".
  27. Script error: No such module "citation/CS1".
  28. Script error: No such module "citation/CS1".

Script error: No such module "Check for unknown parameters".

Bibliography

Further reading

  • Script error: No such module "citation/CS1".

External links

Template:Sister project

Script error: No such module "Navbox".

Retrieved from "http://debianws.lexgopc.com/wiki143/index.php?title=Caesar_cipher&oldid=4333530"