Caesar cipher

Spoiler: The Caesar cipher is a classic in the field of cryptography. Pretty easy to use but also to crack, it have been reviewed so many times.

The Caesar cipher is the most ancient known cryptographic algorithm. It was made famous by Julius Caesar as he used this cipher in its private correspondences (and through his self-promotion books, which shows that personnal branding is not that new).

wajari @ pixabay

But I digress … This algorithm replaces each letter of the plaintext message with the letter that follows it exactly $ n $ places in the alphabet; and if it overflows, we continue from the beginning.

!!!! The reference shift, which is often wrongly called Caesar cipher, consists of shifting three letters. For example, the cipher for hello iserqmrxu. You can think of it as a 4.7 bits block cipher in ECB mode, which means that it breaks faster than a trinket.


This algorithm is an automorphism for the cyclic group (Z26,+)(Z_{26}, +). You must admit it impresses. By associating each letter (from aa to zz) with a number (from 00 to 2525), we describe “very simply” the encryption operation Ek(c)E_k (c) of a character cc after a shift kk by the following equation:

Ek(c)=c+kmodn=c+k \begin{align} E_k(c) & = c + k \mod n \\ & = c + k \end{align}

clear    : a b c d e f g h i j k l m n o p q r s t u v w x y z
ciphered : d e f g h i j k l m n o p q r s t u v w x y z a b c

!!! Since we are in a cyclic group, and it is obvious that all the operations will be modulo n, we will systematically omit it in the following to simplify the notations.

The decryption Dk(c)D_k (c) is the reverse operation, in the mathematical sense, it is, knowing the cipher and the shift, to find the clear text.

Dk(c)=ck=c+k1=Ek1(c) \begin{align} D_k(c) & = c - k \\ & = c + k^{-1} \\ & = E_{k^{-1}}(c) \end{align}

And this is where the Caesar cipher takes on its modern meaning as the first asymmetric encryption in history… For any encryption key kk, there is a reverse key k1k^{-1} , within the meaning of the group $ (Z_ {26}, +)$, which cancels its effects.

The encryption is then considered as a 4.7-bit block cipher (one alphabetic character) in ECB mode (each block is encrypted independently of the others).


The implementation of the Caesar cipher does not involve any particular difficulty. The arithmetic on characters avoids us the use of correspondence table and makes the code shorter.

The following implementation, in C, encrypts a single character or a complete string.

char code_char(int k, char c)
    if (c >= 'a' && c <= 'z') {
        return 'a' + (c - 'a' + k) % 26 ;
    } else if (c >= 'A' && c <= 'Z') {
        return 'A' + (c - 'A' + k) % 26 ;
    } else{
        return c ;

void code_string(int k, char * message)
    for (char * ptr = message; *ptr != '\0'; ++ptr) {
        *ptr = code_char(k, *ptr) ;


Security of the algorithm

As you can imagine, this algorithm is not secure (at all). The first traces of attacks date back to the 9th century by Frequency analysis. We will now see why and to what extent.

Asymetric Version

The asymmetric version of the algorithm, using a public key and a private key, is not secure for two reasons: the chosen operation and the size of the group.

To make this algorithm more secure, it would then be necessary to increase the size of the group and at the same time use an operation that is more difficult to reverse. You will then naturally get modern algorithms like RSA or El Gamal.

Symetric Version

Given the ease in finding the reverse of the key, we can understand why this algorithm was used symmetrically, the correspondents agreeing a priori on a pair of keys that they keep secret.

The problem this time is due to the size of the key and the ECB operating mode which always encrypts the blocks in the same way.

It is on this point that the Caesar cipher was and remains attacked. It is possible to find the key by comparing the frequency of appearance of letters in the cipher text and in a reference corpus.

Regal point of view

Regarding cryptography, France offers two complementary and all in all consistent points of view. At one side, the law n°2004-575 of june 21th 2004 and its Décret n°2007-663 of may 2nd 2007 that tells us maximum key length allowed, and at the other side, the ANSSI’s security general norms, appendix B1 that tells us minimum key length to be considered secure.

The Caesar cipher is thus fully legal to be used (since it respect the maximum key lengths). And for the same reason, ANSSI does not consider this cipher as secure.


Compared to modern cryptographic standards, Caesar cipher, is not only obsolete, but downright picky. The keys are ridiculously weak by standards but the operations are not even worthy of appearing in the texts.

And this is precisely where its interest lies. Its simplicity makes it the ideal candidate for starting out in cryptography, discovering the basics before continuing with more complex algorithms.