Affine Cipher: Formula, Example & Calculator (Step-by-Step)

Use the affine cipher calculator instantly, learn the affine cipher formula step by step, and see real affine cipher examples for encryption and decryption.

Use the affine cipher calculator instantly

  • Affine cipher encryption and decryption — type your text and get results in one click
  • Affine cipher formula C = (a·P + b) mod 26 — applied automatically
  • Affine cipher example — try HELLO with a=5, b=8 → RCLLA
  • Free, no registration needed
Encrypt now (instant tool) ↓
Reviewed by the Let's Cipher editorial team Reading: ~8 min Level: Intermediate

Direct definition

The Affine cipher is a classical encryption method that uses the affine cipher formula C = (a·P + b) mod 26 to transform letters. It generalizes the Caesar ciphera must be coprime to 26 and b is a shift value.

  • Choose a coprime to 26 (e.g. 5) and b 0–25 (e.g. 8).
  • Affine cipher encryption: apply (a·P + b) mod 26 to each letter.
  • Affine cipher decryption: find a⁻¹ (mod 26) → apply a⁻¹·(C − b) mod 26.

What do a Spartan message encoded with modular arithmetic and modern RSA banking keys have in common? The Affine cipher formula — except Caesar never dared to multiply.

Affine cipher — quick reference

  • Affine cipher formula: C = (a·P + b) mod 26
  • Type: Monoalphabetic substitution
  • Use: Encryption and decryption of text using modular arithmetic
  • Tool: Free affine cipher calculatoruse it now
  • Decryption formula: P = a⁻¹·(C − b) mod 26
  • Valid keys: 312 (12 × 26)

Quick Comparison — Affine vs other ciphers

Affine vs Caesar

  • ✔ Caesar = Affine with a=1 (particular case)
  • ✔ Affine adds multiplication: more variability
  • ✔ Caesar: 25 keys / Affine: 312 possible keys
  • ✔ Both monoalphabetic: same weakness in frequencies

Affine vs Vigenère

  • ✔ Vigenère: polyalphabetic, variable text key
  • ✔ Affine: monoalphabetic, same letter always equal ciphertext
  • ✔ Vigenère hides frequencies; Affine does not
  • ✔ Vigenère: much more resistant than Affine

Affine vs RSA (conceptual)

  • ✔ Affine: C = (a·P + b) mod 26
  • ✔ RSA: C = Mᵉ mod n (modular exp.)
  • ✔ Both use modular algebra as core
  • ✔ RSA: 2048+ bits vs 26 values of Affine

Free Affine Cipher Calculator — Encrypt & Decrypt Online

The fastest affine cipher calculator online. Choose your a (coprime to 26) and b, paste any text, and perform affine cipher encryption and decryption instantly.

Affine cipher example: type HELLO with a=5, b=8RCLLA
Options

Allowed values for a: 1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25.

b accepts negatives; it normalizes modulo 26.

Affine cipher explained in simple terms

The Affine cipher works by taking each letter, turning it into a number, applying the affine cipher formula, and converting it back into a letter.

Think of it like this: every letter has a position in the alphabet (A=0, B=1 … Z=25). You pick two numbers — a (a multiplier) and b (a shift). You multiply the letter's position by a, add b, and wrap back around the alphabet. The result is your affine cipher encrypted letter.

To decrypt, you reverse the math: subtract b, then multiply by the modular inverse of a. This is affine cipher decryption in one line.

Try this now: → use the affine cipher calculator above and type any word.

What is the Affine cipher? Formula & Keys explained

The Affine cipher is a monoalphabetic substitution that generalizes the Caesar Cipher. Each letter of the alphabet (mapped to an index 0..25) is transformed using a linear function modulo 26 dependent on two parameters: a (the multiplication factor) and b (the shift).

The core affine cipher formula is: convert letters → numbers, apply C = (a·P + b) mod 26, convert back to letters. If a and 26 are not coprime, decryption is impossible.

Affine cipher formula — encryption & decryption

Encryption:  C = (a·P + b) mod 26
Decryption:  P = a⁻¹·(C - b) mod 26

Condition:   a must be coprime to 26 (gcd(a,26)=1) for a⁻¹ to exist.
Valid ones:  a ∈ {1,3,5,7,9,11,15,17,19,21,23,25},  b ∈ {0..25}

Here a⁻¹ is the modular inverse of a in ℤ26: the number such that a·a⁻¹ ≡ 1 (mod 26).

How it works

  • Initial parameters: Choose a value a (coprime to 26) and a b (between 0 and 25).
  • Text preparation: Normalize the text by removing accents if applicable and defining what to do with local characters.
  • Numeric conversion: Convert each letter from A to Z into its mathematical equivalent (A=0, B=1... Z=25).
  • Mathematical application: Multiply and add the numeric value using C = (a·P + b) mod 26, and finally transform that number back into a letter.

How to decrypt? First calculate the modular inverse a⁻¹ using the Extended Euclidean Algorithm and then reverse everything with P = a⁻¹·(C - b) mod 26.

Affine Cipher Example — Step by Step

In this affine cipher example we use parameters a=5, b=8 and plaintext HELLO to show how affine cipher encryption works letter by letter.

Quick example: HELLO → RCLLA using the affine cipher formula C = (5·P + 8) mod 26

Affine cipher example table

Parameters: a=5, b=8 ⇒ Affine cipher formula: (5·x + 8) mod 26
Plain text: HELLO

Letter Number (x) Calculation (5x + 8) mod 26 Result
H 7 (5·7 + 8) = 43 ≡ 17 R
E 4 (5·4 + 8) = 28 ≡ 2 C
L 11 (5·11 + 8) = 63 ≡ 11 L
L 11 (5·11 + 8) = 63 ≡ 11 L
O 14 (5·14 + 8) = 78 ≡ 0 A

Ciphertext result: RCLLA

Note: To decrypt this example, the modular inverse is a⁻¹=21.

Challenge: can you break this Affine cipher?

Intercepted ciphertext: RCLLA
You only know that a standard Affine cipher was used with unknown parameters. But there is a clue: the most frequent letter in English is E (position 4)

Show solution →

There are only 312 possible keys. Testing a=5, b=8:

R → 17: a⁻¹·(17−8) mod 26 = 21·9 mod 26 = 189 mod 26 = 7H

C → 2: 21·(2−8) mod 26 = 21·(-6) mod 26 ≡ 21·20 mod 26 = 4E

→ With (a=5, b=8): RCLLA decrypts to HELLO

The message was HELLO. Did you use frequency analysis or brute force?

Affine Cipher — Solved Examples

The best way to understand affine cipher encryption and decryption is to work through concrete examples step by step. Below are three affine cipher solved examples with different keys.

Example 1 — Encrypt "HELLO" with a=5, b=8

Apply the affine cipher formula C = (5·P + 8) mod 26 to each letter:

Letter P Calculation C
H 7 (5·7+8)=43 ≡17 mod 26 R
E 4 (5·4+8)=28 ≡2 mod 26 C
L 11 (5·11+8)=63 ≡11 mod 26 L
L 11 (5·11+8)=63 ≡11 mod 26 L
O 14 (5·14+8)=78 ≡0 mod 26 A

Result: RCLLA

Example 2 — Decrypt "RCLLA" with a=5, b=8

First, find the modular inverse of a=5 mod 26. Since 5·21 = 105 = 4·26+1, we get a⁻¹ = 21. Then apply: P = 21·(C − 8) mod 26

Letter C Calculation P
R 17 21·(17−8)=21·9=189≡7 mod 26 H
C 2 21·(2−8)=21·(−6)≡21·20=420≡4 mod 26 E
L 11 21·(11−8)=21·3=63≡11 mod 26 L
L 11 21·(11−8)=21·3=63≡11 mod 26 L
A 0 21·(0−8)=21·(−8)≡21·18=378≡14 mod 26 O

Result: HELLO ✔️

Example 3 — Decrypt with an unknown key (frequency attack)

Ciphertext: XPALASXYFGFUKPXUSOGEUTKSGUCXUUGT
No key is given. But we know the most frequent letter in English is E. Count the ciphertext — U appears most often.

Assume U (20) = E (4). The second most common letter in English is T (19). Try the second most frequent ciphertext letter, say X (23), as T. Now solve the 2×2 system:

(a·4 + b) ≡ 20 mod 26

(a·19 + b) ≡ 23 mod 26

→ Subtract: 15a ≡ 3 (mod 26) → a ≡ 3·15⁻¹ mod 26 = 3·7 = 21 mod 26 → a=21

→ b = 20 − 21·4 mod 26 = 20−84 mod 26 = 20−6 = 14 mod 26 → b=14

→ Key: a=21, b=14

Verify decryption →

Apply P = 21⁻¹·(C − 14) mod 26 where 21⁻¹ = 5 (since 5·21=105≡1 mod 26).

First letters: X(23) → 5·(23−14)=5·9=45≡19=T, P(15) → 5·1=5=F... confirm by running it in the calculator above.

Why is the Affine cipher important?

Imagine you are an Arab mathematician in the 9th century. You have studied Euclid, you master modular arithmetic, and you know one thing the Greeks and Romans never understood: that the number 26 is not a limit — it is a modulus. You don't shift letters by 3 like Caesar did. You multiply them. Each letter in the message is now a point on an algebraic circle that can only be closed if your factor is coprime to the modulus. You've just invented the Affine cipher — without knowing it, you've also laid the conceptual groundwork for what 1,000 years later would be RSA.

Modular algebra was formalized by Al-Kindi (9th century, Basra) in his work "Manuscript on Deciphering Cryptographic Messages" (~850 AD) — the first cryptanalytic text in history. Source: David Kahn, The Codebreakers, Chapter 3 (1967).

Pure generalization of Caesar

Caesar uses a=1: applies a shift addition, nothing else. Atbash uses a=25, b=25: metric reflection. The Affine unifies all linear substitution ciphers in a single algebraic model. It is the first step towards modern cryptography.

Conceptual DNA of RSA

RSA encrypts with C = Mᵉ mod n. The Affine decipher uses C = (a·P + b) mod 26. Both are based on operations in modular algebra, the condition of invertibility (coprimality / prime factors), and the concept of the mathematical inverse as a key.

Used in university teaching

The Affine cipher is the first example taught in applied abstract algebra, number theory, and cryptography courses at universities worldwide. It is the bridge between elementary algebra and modern computer security.

The affine formula in the real world

Although the Affine as a cipher is practically obsolete, the affine function f(x) = ax + b mod m permeates modern computing:

Context Use of the affine function
Pseudorandom Numbers (LCG) Xₙ₊₁ = (a·Xₙ + c) mod m — identical mathematical pattern
Hash tables (linear probing) h(k) = (a·k + b) mod p — mapping and collision resolution
Memory addressing Linear page mappings inside operating systems
Modern computing core foundations RSA, elliptic curves — all extend from modular arithmetic

The Affine cipher does not protect real-world databases — but the math it uses actually does. Commanding its formula equals mastering the language of modern cryptography.

⚡ Real-world use: these same attack methods (frequency analysis + brute force) are used in CTF competitions and cryptanalysis courses — always with the affine cipher as the first exercise.

Classic attacks on the Affine cipher

  • Frequency + plaintext/ciphertext pairs: With two character pairs (P₁,C₁), (P₂,C₂) you solve the system algebraically retrieving a and b.
  • Brute force: The keyspace is very small (12 valid values of a × 26 values of b = 312 combinations).
  • Language checks: Testing probable mappings (e.g. mapping the ciphertext's most frequent letter to E) speeds up the breakthrough.

It remains a monoalphabetic substitution scheme: it rigorously keeps global frequency curves and identical matching structures, bringing forth vulnerabilities.

Pros and cons

Pros

  • Successfully generalizes Caesar while being ideal to introduce modular arithmetic and inverses.
  • Flexible parameters (a, b) featuring relatively simple deployment.
  • Excellent for educational interactive tools crossing math concepts.

Cons

  • Monoalphabetic nature: severely prone to frequency tracking and low overhead computational brute force.
  • If a isn't coprime to 26, it forces irreversible math blocks rendering proper decoding impossible.
  • Offers zero resilience mapping and doesn't handle integrity/authenticity aspects.

People also search for

affine cipher calculator — free online tool affine cipher example — step-by-step table affine cipher solved problems — 3 worked examples affine cipher encryption and decryption — how to break it

Keep learning: related resources

The Affine cipher is a bridge going across traditional cryptography and its modern counterparts. These guides will move you from an "I comprehend Affine cipher basics" perspective directly straight into "I master how genuine digital architectures accomplish security goals":

What is cryptography?

The full picture — substitution, transposition, symmetric and asymmetric. Where Affine fits in the bigger story.

What is hashing?

Affine is reversible. Hashing is not. Understand why SHA-256 can't be decrypted.

What is a cipher?

The difference between a cipher, a code, and a hash. The theory behind Affine and all classical ciphers.

Caesar cipher (the foundation)

Caesar is Affine with a=1. If the modular math is new to you, start here.

Vigenère cipher (next level)

Affine is monoalphabetic and breakable by frequency analysis. Vigenère hides frequencies — much harder to crack.

Atbash cipher (mirror rule)

Atbash is Affine with a=25, b=25. A real-world use of the Affine formula, from ancient Hebrew scriptures.

Affine vs Caesar Cipher

The Affine cipher looks more complex than the Caesar cipher, but the core idea is the same. The difference is that instead of just adding a shift, you also multiply by a factor. Caesar is simply the special case where a=1. If you want something harder to crack, see the Vigenère cipher, which uses a text key to avoid the frequency analysis weakness that breaks both Caesar and Affine.

  • Caesar (addition only): Special case of the affine cipher with a = 1. Formula: C = (P + b) mod 26. Only 25 keys.
  • Atbash (mirror): Affine with a = 25, b = 25. Maps A↔Z, B↔Y, etc. Formula: C = (-P - 1) mod 26.
  • Affine (multiplication + shift): Generalizes both above with 312 possible keys. Still monoalphabetic — broken by frequency analysis, just like Caesar. The Vigenère cipher solves this by using a variable key.

But is it considered safe currently?

No. Like Caesar, it's monoalphabetic — the same letter always produces the same output. That means letter frequency patterns are preserved, making it breakable with frequency analysis or simple brute force (only 312 possible keys).

Where the math is still used today

The affine function f(x) = ax + b mod m appears in real software: Linear Congruential Generators (LCG) use the exact same formula to generate pseudo-random numbers, and hash table probing uses it to resolve collisions.

How to decrypt without the key

With only 312 possible key combinations (12 valid values of a × 26 values of b), the affine cipher can be broken in three ways:

Frequency analysis

The most common letter in the ciphertext is almost certainly E (position 4). The second most common is likely T (position 19). Use those two known plaintext-ciphertext pairs to solve for a and b algebraically — as shown in Example 3 above.

Brute force

A simple script can try all 312 key combinations in milliseconds. Each output is checked against an English word list. See how the Caesar cipher is broken the same way — just with fewer keys.

How to decrypt step-by-step

  1. Get the key: You need both a and b (e.g. a=5, b=8).
  2. Find the modular inverse: Calculate a⁻¹ mod 26. For a=5, the inverse is 21 (because 5·21 = 105 ≡ 1 mod 26).
  3. Convert each ciphertext letter to a number: A=0, B=1 … Z=25.
  4. Apply the decryption formula: P = a⁻¹ · (C − b) mod 26. For a=5, b=8: P = 21·(C−8) mod 26.
  5. Convert the result back to a letter: 0=A, 1=B … 25=Z. You have your plaintext.

Common mistakes when using the affine cipher

These are the most frequent errors students and programmers make when implementing the affine cipher formula. Avoiding them will save you hours of debugging.

  • Choosing a not coprime to 26

    If a shares a factor with 26 (e.g. a=2, a=13), the modular inverse doesn't exist and decryption is impossible. Always pick from: 1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25.

  • Forgetting the modular inverse in decryption

    You cannot simply divide by a in modular arithmetic. You must calculate a⁻¹ mod 26 using the Extended Euclidean Algorithm. For example, if a=5, then a⁻¹=21 because 5·21 ≡ 1 (mod 26).

  • Misinterpreting letter positions (A=0, not A=1)

    Letters must be mapped as A=0, B=1 … Z=25. Using A=1 shifts all results by one and produces an incorrect ciphertext. The affine cipher calculator above handles this automatically.

  • Negative results not reduced mod 26

    In decryption, (C − b) can be negative. Always add 26 before applying mod to ensure a positive result: ((C − b) % 26 + 26) % 26.

Frequently asked questions

What values of a are valid in the affine cipher formula?

The affine cipher formula requires a to be coprime to 26 so that a modular inverse a⁻¹ exists and decryption is possible. The 12 valid values are: 1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25. b can be any integer 0–25.

How do I use the affine cipher encryption and decryption?

Encryption: convert each letter to a number (A=0…Z=25), apply C = (a·P + b) mod 26, convert back to a letter.
Decryption: find the modular inverse a⁻¹ using the Extended Euclidean Algorithm, then apply P = a⁻¹·(C − b) mod 26.
Or simply use the affine cipher calculator above — it does all the math for you.

Is the affine cipher secure?

No — never use it for real data. It is monoalphabetic (same letter always encrypts to the same output), so it is trivially broken by frequency analysis or brute force over only 312 key combinations. It is recommended for learning affine cipher encryption and decryption mechanics and modular arithmetic.

Affine cipher vs Caesar cipher — what's the difference?

The Caesar cipher is a special case of the affine cipher where a=1. The key difference: Caesar only shifts letters, while the affine cipher multiplies and shifts, producing 312 possible keys vs Caesar's 25. Both are monoalphabetic and equally breakable by frequency analysis.

Affine cipher vs Vigenère — which is harder to break?

The Vigenère cipher is significantly harder to break. The affine cipher is monoalphabetic — the same plaintext letter always maps to the same ciphertext letter, so frequency analysis works perfectly. Vigenère uses a repeating text key that makes each letter's mapping variable, hiding frequency patterns.

Ready to master the Affine cipher?

You now know the affine cipher formula C = (a·P + b) mod 26, how to do affine cipher encryption and decryption step by step, and where the math appears in real software (LCGs, RSA). The next step: explore Vigenère to see how polyalphabetic ciphers defeat frequency analysis, or go back to the basics with the Caesar cipher.

Use the affine cipher calculator ↑ Next: Vigenère cipher → What is cryptography? →

Affine Cipher FAQ

What is the affine cipher formula?

The affine cipher formula for encryption is C = (a·P + b) mod 26, where P is the numeric position of the plaintext letter (A=0…Z=25), a is the multiplier (must be coprime to 26), and b is the shift. For decryption: P = a⁻¹·(C − b) mod 26, where a⁻¹ is the modular inverse of a mod 26.

How many keys does the affine cipher have?

There are 312 possible keys in the affine cipher: 12 valid values of a (those coprime to 26: 1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, 25) multiplied by 26 possible values of b (0–25). This is far fewer than modern ciphers, making brute force trivial.

Is the affine cipher secure?

No. The affine cipher is not secure for real-world use. It is a monoalphabetic substitution cipher — the same plaintext letter always maps to the same ciphertext letter — making it vulnerable to frequency analysis with just a few hundred characters of ciphertext. It can also be broken by brute force in milliseconds (only 312 key combinations). It is valuable only as an educational tool for understanding modular arithmetic and classical cryptography.

What is the difference between the affine cipher and the Caesar cipher?

The Caesar cipher is a special case of the affine cipher with a=1. Caesar only shifts letters by a fixed amount (25 possible keys), while the affine cipher adds a multiplication step (312 possible keys). Both are equally insecure against frequency analysis.

Conclusion

The affine cipher is a fundamental step in understanding modern cryptography. While it is not secure today — a single frequency analysis attack can break it — mastering its affine cipher formula C = (a·P + b) mod 26 gives you the intuition behind how real encryption systems work: modular arithmetic, invertible functions, and key-space analysis.

The same math that powers the affine cipher appears in Linear Congruential Generators, hash table probing, and underpins the group theory used in elliptic-curve cryptography. Starting here is the right move.

Next: understand why polyalphabetic ciphers like Vigenère are harder to break, or start from scratch with what is cryptography?