What is the Caesar Cipher?
The Caesar cipher shifts every letter forward by a fixed number of positions. If the shift goes past Z, it wraps around to the beginning of the alphabet.
For example, with a shift of 3: A→D, B→E, Z→C.
It works on the standard 26-letter alphabet (A–Z). Numbers, spaces, and symbols are left unchanged.
It's not used to protect real data today, but it's the perfect starting point
for understanding how substitution ciphers work.
How it works
The Caesar cipher shifts every letter forward by a fixed number of positions (the key, from 0 to 25). If the shift goes past Z, it wraps around — this is called modulo 26.
To encrypt: add the shift to each letter's position.
To decrypt: subtract it.
The cipher provides no integrity or authentication — it just scrambles letters,
and can be broken in seconds by trying all 25 possible keys.
Formulas
Encryption: Cᵢ = (Pᵢ + s) mod 26
Decryption: Pᵢ = (Cᵢ - s + 26) mod 26
where:
Pᵢ = index (0–25) of the plaintext character
s = fixed shift value (0–25)
Cᵢ = index (0–25) of the ciphertext character
Example
Quick example
Plaintext: HELLO WORLD • Shift: 3
Result: KHOOR ZRUOG
Note: If you input numbers or punctuation marks while toggling "preserve non-letters", they undergo zero modifications remaining raw.
Why the Caesar cipher continues to matter
54 BC. Julius Caesar is campaigning in Gaul and needs to send orders back to Rome
without enemies intercepting them. His solution: shift every letter three positions forward.
A→D, B→E, C→F...
His generals knew the shift. His enemies didn't.
That concept — a shared secret key — is still the foundation
of every secure system you use today: HTTPS, WhatsApp, your bank.
Historical source: Suetonius, Lives of the Twelve Caesars, Book I, Chapter 56 (~121 AD). Additionally documented by Aulus Gellius in Attic Nights, Book XVII, chapter 9. Modern reference: David Kahn, The Codebreakers, Chapter 2 (1967).
Invented the key concept
Before Caesar, codes used fixed word substitutions — no variable key. Caesar introduced the idea of a numeric shift you could change. That separation between algorithm and key is the basis of Kerckhoffs's Principle — still applied in every modern cipher.
Kickstarted frequency analysis
Arab scholar Al-Kindi (~850 AD) broke the Caesar cipher by studying how often letters appeared in the ciphertext. That work became the first known cryptanalysis document in history — born from Caesar's weakness.
Its DNA is inside AES
AES's SubBytes step is a substitution — the same core idea as Caesar, but non-linear and applied over 10–14 rounds with 128–256-bit keys. Two thousand years of evolution from a 3-letter shift.
Caesar vs AES: parallel concepts spanning 2,000 years
| Concept | Caesar (~54 BC) | AES (2001) |
|---|---|---|
| Key Space | Integer range 1–25 | 128/192/256 bits (up to 2²⁵⁶ possibilities) |
| Substitution logic | Linear (+s mod 26) | Non-linear (S-box over GF(2⁸)) |
| Permutation layer | ❌ None | ✔ ShiftRows + MixColumns |
| Rounds | 1 simple pass | 10–14 intensive rounds |
| Genuine security | Zero | Global dominant standard |
Classic attacks
Breaking the Caesar cipher is trivial. There are only 25 possible keys. A person can do it with pencil and paper in under a minute.
Brute force
Try all 25 shifts one by one. One of them will produce readable text — and that's the key. A script can do this in microseconds. A human can do it in a few minutes.
Frequency analysis
In English, E is the most common letter. If you find the most frequent letter in the ciphertext, it's almost certainly an E. That one clue often reveals the shift immediately.
Known-plaintext attack
If you already know one word in the message (e.g. "ATTACK"), comparing it to the ciphertext reveals the shift instantly. The whole message is then decrypted.
Challenge: decrypt this message without the key
Intercepted message: KHOOR ZRUOG
You only know it's a Caesar cipher. How many attempts do you need?
Show solution →
Try each shift starting from 1. The first readable result is the answer:
s=1: JGNNO YQTNF ✗
s=2: IFMMN XPSME ✗
s=3: HELLO WORLD
Shift s=3 decrypts to HELLO WORLD. Only 3 attempts needed.
Pros and cons
Pros
- Extremely simple — easy to understand and implement by hand.
- Great for teaching the basics of substitution ciphers and modular arithmetic.
- Works without any technology — just paper and a pencil.
Cons
- Only 25 possible keys — brute force takes seconds.
- Preserves letter frequencies, making frequency analysis trivial.
- Provides no integrity or authentication — anyone can tamper with the message undetected.
Keep learning: from Caesar to modern cryptography
Caesar is the starting point. These pages take you further:
↡ Affine Cipher (next step)
Caesar is a special case of Affine (where a=1). Affine adds multiplication, giving 312 possible keys instead of 25.
↡ Vigenère Cipher (polyalphabetic)
Uses a keyword instead of a single shift. Hides letter frequencies and resisted cryptanalysis for 300 years.
↡ Atbash Cipher (mirror alphabet)
Maps A→Z, B→Y and so on. One of the oldest substitution ciphers ever recorded — predates Caesar by centuries.
What is cryptography?
The full picture — symmetric vs asymmetric, classical vs modern. Where Caesar fits in the bigger story.
What is hashing?
Unlike Caesar, hashing is one-way — you can't reverse it. Understand why SHA-256 can't be decrypted.
See all ciphers
Autokey, Beaufort, Columnar Transposition, Playfair, Rail Fence and more — all with interactive tools.
Interactive Caesar Cipher Tool
Accepts negative inputs and huge values; it normalizes between 0–25 correctly (e.g. 52→0, −1→25).