The Atbash cipher replaces each letter with its opposite in the alphabet: A → Z, B → Y, C → X, and so on. It is one of the oldest and simplest classical encryption methods — and the only one where encrypting and decrypting are identical.
What is the Atbash Cipher?
The Atbash cipher is a simple substitution cipher in which the entire alphabet is reversed. The letter “A” is replaced by “Z”, “B” by “Y”, “C” by “X”, and so on until the alphabet becomes a perfect mirror of itself. There is no additional variable and no mathematical key required: the mirror alphabet is the key. This makes the Atbash cipher decoder and encoder identical — you use the same process in both directions.
Because the alphabet is strictly symmetric, the operations of encrypting and decrypting are virtually identical. This makes it the only classical cipher with the property of being involutory: applying it twice in a row returns the original message without any modification.
Mirror Alphabet
Normal: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Atbash: Z Y X W V U T S R Q P O N M L K J I H G F E D C B A
How to use the Atbash cipher step by step
- Write the alphabet from A to Z — the standard 26-letter sequence.
- Write it again in reverse (Z to A) — place it directly below the first, letter by letter.
- Replace each letter with its opposite — find the plaintext letter in the top row and substitute it with the letter directly below.
- To decode — repeat exactly the same steps. The Atbash cipher decoder is identical to the encoder.
You can verify any Atbash cipher example by applying this process manually and then checking your result with the interactive tool above.
Atbash cipher rules summary
- ●The alphabet is reversed — A maps to Z, B to Y, and so on symmetrically.
- ●No key is used — the reversed alphabet is fixed and universal. There is nothing to memorize or share.
- ●Encryption and decryption are identical — apply Atbash once to encrypt, apply it again to decrypt. Same operation, same result.
- ●Only letters are transformed — numbers, spaces, and symbols can be passed through unchanged.
- ●Formula: C = 25 − P — where P is the 0-based index of the plaintext letter and C is the encrypted letter index.
Free Atbash Cipher Tool (Encode & Decode)
HELLO and you will get
SVOOL — apply it again and you recover
HELLO
Used by students and educators to instantly test the Atbash cipher encoder and decoder.
The Atbash superpower: it is involutory
What does involutory mean?
A function f is involutory if f(f(x)) = x. In Atbash:
encrypting any message twice returns exactly the same original text.
There is no separate decryption step — encrypting and decrypting are the same
operation.
Concrete demonstration
HELLO → (Atbash) → SVOOL
SVOOL → (Atbash) → HELLO
H↔S, E↔V, L↔O, L↔O, O↔L — the mirror cancels itself out.
Mathematical equivalent
In terms of the Affine cipher, Atbash corresponds to a=25, b=25. Since
25 ≡ −1 (mod 26), the inverse of a=25 is 25 itself.
That is why encryption and decryption are identical operations.
How it works step by step
- No parameters: There is no key to choose. The mirror alphabet is always the same.
- Numeric conversion: Internally, each letter A–Z maps to 0–25; Atbash applies
C = 25 − P. - Substitution: Each letter of the plaintext is replaced by its counterpart in the reversed alphabet.
- Decryption: Apply exactly the same process to the ciphertext — you recover the original.
Tip: Non-alphabetic characters (spaces, numbers, punctuation) are kept unchanged if you prefer.
Atbash cipher example step by step
Text: HELLO
| Original letter | Position (P) | Calculation (25 − P) | Encrypted letter |
|---|---|---|---|
| H | 7 | 25 − 7 = 18 | S |
| E | 4 | 25 − 4 = 21 | V |
| L | 11 | 25 − 11 = 14 | O |
| L | 11 | 25 − 11 = 14 | O |
| O | 14 | 25 − 14 = 11 | L |
Encrypted result: SVOOL
Notice: H and S, E and V, L and O are mirror pairs. Apply Atbash to SVOOL and you get HELLO again.
Challenge: can you decode this Atbash message?
Intercepted text: XIBKGLTIZKSB
Hint: it is a single English word that every cryptographer knows.
Show solution →
Apply Atbash letter by letter:
X(23) → 25−23=2 → C
R(17) → 25−17=8 → I
B(1) → 25−1=24 → Y
K(10) → 25−10=15 → P
G(6) → 25−6=19 → T
L(11) → 25−11=14 → O
T(19) → 25−19=6 → G
I(8) → 25−8=17 → R
Z(25) → 25−25=0 → A
K(10) → 25−10=15 → P
S(18) → 25−18=7 → H
B(1) → 25−1=24 → Y
→ The word was CRYPTOGRAPHY. Did you get it?
Remember: with Atbash, decrypting = encrypting. The same table works in both directions.
The oldest story in cryptography
Imagine Jerusalem, 7th century BC. A scribe working for the prophet Jeremiah faces a problem: he needs to write the name of Babylon — the enemy — in a sacred text, without the Babylonians being able to read it if they intercept the scroll. He has no time to invent a complex system. He only has the Hebrew alphabet in front of him.
His solution is as elegant as it is obvious in hindsight: reverse the alphabet. The first letter (Aleph) becomes the last (Tav), the second (Bet) becomes the second-to-last (Shin). Babel in Hebrew becomes Sheshach — a meaningless word to any outside reader.
That wordplay appears literally in the Book of Jeremiah, chapter 25, verse 26. What that anonymous scribe did not know is that he had just created the first documented cryptographic system in Western history — and that 2,700 years later, millions of people would still use it to learn the fundamentals of cryptography.
The name “Atbash” (ℵ&tav;ℶ&shin;) is a Hebrew acronym: Aleph-Tav (first and last letter) and Bet-Shin (second and second-to-last). A perfect four-letter description of the system. Source: David Kahn, The Codebreakers, Ch. 1 (1967).
In the Hebrew Bible
Beyond Jeremiah 25:26, Atbash appears in Jeremiah 51:1 (Leb-Kamai = Chaldeans) and in texts of the Dead Sea Scrolls (2nd century BC).
Special case of Affine
Mathematically, Atbash is the Affine cipher with parameters
a=25, b=25. This makes it a
perfect example for teaching modular algebra — without needing to explain modular
inverses.
Used in education
Atbash is the first cipher taught in virtually every cryptography course worldwide, due to its conceptual simplicity and historical richness. It is the ideal starting point before moving on to the Caesar cipher.
Classical attacks
Brute force
There is only one possible key: the reversed alphabet. There is nothing to try — the moment you know it is Atbash, the message is decrypted. The key space has exactly one element.
Frequency analysis
Being monoalphabetic, Atbash preserves the frequency distribution of the source language. If in English the letter “E” is common in plaintext, then “V” (its mirror) will be common in the ciphertext. This is enough to break it without even knowing it is Atbash.
Pros and cons
Pros
- No key to remember — impossible to forget.
- Encrypting and decrypting are the same operation (involutory).
- Ideal for teaching the fundamentals of monoalphabetic substitution.
- Unmatched historical richness: 2,700 years of documented use.
Cons
- Zero real security: only 1 possible key.
- Trivially vulnerable to frequency analysis.
- Useless for any modern data-protection context.
Is Atbash secure today?
Definitely not. A single key means there is no cryptographic barrier whatsoever. Anyone who intercepts a message and suspects it is Atbash can decrypt it instantly — with no tools, just pencil and paper. It is used exclusively in educational contexts, puzzles, or games.
Current uses
Although obsolete as a real cipher, Atbash remains useful as a pedagogical entry point for understanding substitution, frequency analysis, and invertibility. It also appears frequently in puzzles, escape rooms, and popular culture (including references in TV series and cryptography novels).
Frequently asked questions
What does the name “Atbash” mean?
It is a Hebrew acronym that describes the cipher itself: Aleph-Tav (first and last letter of the Hebrew alphabet) and Bet-Shin (second and second-to-last). The name perfectly summarises the operation: crossing the alphabet from end to end.
What does it mean that Atbash is involutory?
It means that if you apply Atbash to the encrypted result,
you get the original text back. The mathematical function is its own inverse:
f(f(x)) = x. This is unique among commonly used classical ciphers.
Is Atbash secure today?
No. There is only one possible key and no search space to attack. Any Atbash-encrypted text can be decrypted instantly. It is a teaching system, not a security system.
What is the relationship between Atbash and the Affine cipher?
Atbash is a special case of the Affine cipher with parameters
a=25 and b=25. Since −1 ≡ 25 (mod 26), the Affine cipher with these
values reverses the alphabet — which is exactly what Atbash does.
Keep learning: related resources
Atbash is the perfect starting point for understanding classical cryptography. These resources take you from here all the way to understanding how real digital security works:
Caesar Cipher (next step)
After Atbash, Caesar introduces the concept of a variable numeric key. 25 possibilities instead of one.
Affine Cipher (generalisation)
Affine unifies Caesar and Atbash in an algebraic model. Atbash is Affine with a=25, b=25. The next mathematical level.
Vigenère Cipher (polyalphabetic)
When monoalphabetic falls short, Vigenère introduces a text keyword that eliminates frequency patterns.
Playfair Cipher (digraph)
Playfair encrypts pairs of letters using a 5×5 grid. A big leap from single-letter substitution.
Rail Fence (transposition)
Rail Fence scrambles letter order in a zig-zag pattern rather than substituting them. A completely different class of cipher.
View all ciphers
Columnar, Beaufort, Autokey, Rail Fence, Affine, Caesar, Playfair, Vigenère and more.