## Caesar Shift Cipher

The Shift (or Caesar) Cipher is another monoalphabetic substitution cipher. Although more secure than the Atbash Cipher, it is still an easy cipher to break, especially by today's standards. Originally, it was used by Julius Caesar for sending encrypted messages to his troops, as recorded by Suetonius:

If he had anything confidential to say, he wrote it in cipher, that is, by so changing the order of the letters of the alphabet, that not a word could be made out. If anyone wishes to decipher these, and get at their meaning, he must substitute the fourth letter of the alphabet, namely D, for A, and so with the others. |

This describes what we would now call a shift of 3, and describes the cipher that Caesar used quite well. That is, "a" was encrypted as "D", "b" as "E", etc. The table below gives the plaintext alphabet and the ciphertext alphabet to show how a shift of 3 could be depicted.

For a Caesar shift we have a

*key*, which makes the cipher stronger than the Atbash Cipher. The key is the number by which we shift the alphabet, since this provides a unique way to describe the ciphertext alphabet easily.The example on the Monoalphabetic Substitution Ciphers page where each letter is replaced by the letter after it in the alphabet is a Shift of 1.

**Encryption**Encryption using the Shift Cipher is very easy. First we must create the ciphertext alphabet, which as discussed above is simply found by 'shifting' the alphabet to the left by the number of places given by the key. Thus a shift of 1 moves "A" to the end of the ciphertext alphabet, and "B" to the left one place into the first position. As the key gets bigger, the letters shift further along, until we get to a shift of 26, when "A" has found it's way back to the front. We have already seen a shift of 3 in the table above, and below we have a shift of 15.

Once we have created the table, the encryption process is easy, as we just replace each occurence within the plaintext of a letter with the corresponding ciphertext letter as given by the ciphertext alphabet. Hence, if we wanted to encrypt the plaintext "julius caesar" with the key he himself used, namely 3, we look along the plaintext alphabet row in the first table to find "j", and note that this encrypts to "M". We then look for "u", and take the ciphertext letter "X". Continuing in this way, we finally encrypt to "MXOLXV FDHVDU".

**Decryption**Decryption by the intended recipient of a ciphertext received that has been encrypted using the Shift Cipher is also very simple. One can either use the table already created above, and find each letter of the ciphertext in the bottom row, and replace with the corresponding plaintext letter directly above it, or the recipient could create the inverse table, with the ciphertext alphabet on top, and using a shift of -3 on it, which gives the table below.

Clearly, the encryption table and its inverse are the same as each other, only reordered. If we have received the ciphertext "PDUFXV EUXWXV", and we know that it has been enciphered using the key 3, then we can use the table to decipher the message. We see that "P" represents the plaintext letter "m", "D" represents "a" and so on. Continuing in this way we retrieve the plaintext "marcus brutus", the name of the famous conspiritor in the assassination of Julius Caesar.

**Discussion**An important thing to remember with the Shift Cipher is that it works

*modulo*26 (which is the length of the standard alphabet). That is, a right shift of 1 is the same as a left shift of -1, which is just a shift of 25. Hence the key is unique modulo 26, and so a shift of 33 is actually the same as a shift of 33 mod 26 = 7.

Another interesting fact worth noting here is that composing multiple shifts (doing one shift followed by another shift) does not make the cipher any more secure. This is because a shift of

*a*followed by a shift of*b*is the same as a shift of*a*+*b*(or in more concrete terms, a shift of 2 followed by a shift of 5 is identical to if we had just shifted the alphabet by 7 in the first place). If you can not see this readily, then have a go to check this result.If it is known that a Shift Cipher has been used, but the key is unknown, then it is fairly simple to break the code by a simple

*brute force attack*. This simply means using a trial and error approach to attack the cipher. The main weakness of the Shift cipher is the fact that there are only 26 keys, and hence ciphertext alphabets, one of which is the identity mapping that leaves the plaintext unaltered. For this reason, the Brute Force method of attack is very effective on the Shift cipher. In it's most bare form, this entails going through each key, and working out what the plaintext would be if that key had been used.That is, given the intercepted ciphertext "RFWHZX HWFXXZX", where we do not know what key has been used, but we do know that a Shift Cipher has been implemented, we must first try a key of 1, then a key of 2, then a key of 3 and so on, until a plaintext that makes sense is returned. For this ciphertext we would get:

- a key of 1 gives the plaintext "qevgyw gvewwyw"
- a key of 2 gives the plaintext "pdufxv fudvvxv"
- a key of 3 gives the plaintext "octewu etcuuwu"
- a key of 4 gives the plaintext "nbsdvt dsbttvt"
**a key of 5 gives the plaintext "marcus crassus"**

Using a key of 5 we have recovered the plaintext "marcus crassus", another high powered contempory of Julius Caesar. It is very unlikely that another key will produce a second plaintext that makes sense, so we can assume that this is the correct plaintext (although, with a computer it would not take long to check the remaining 20 possibilities).

There are two dificulties with this method. The first is that we were lucky in our example above, that we only had to do the decryption 5 times, but it is equally likely that a key of 24 could have been used, and then the time to perform the breaking of the code would be substantial. This is a problem that has been largely overcome by the invention of computers, which can perform all 26 possible calculations in a matter of seconds.

The second problem with the above method is that the message intercepted could be longer than two words, and hence performing each decryption could take a significant amount of time. The way around this is fairly simple, and that is to just look at the first two or three words of the intercept, and perform the calculations on these. You will still find the key, by finding the key that deciphers those words into a meaningful phrase, and can then use the key to decrypt the rest of the message as you would if you had known the key to start with.

This method of breaking the Shift Cipher is rather cumbersome, but can be useful if you know that it has been used. However, in reality it is unlikely that as an interceptor you would know which cipher has been used. There is a general method for attacking all monoalphabetic ciphers called frequency analysis, which is discussed later.