Caesar Cipher

Q: How many possible keys does the Caesar cipher have?

Only 26 (shifts 0–25). That’s why brute forcing is instant.

Q: How do I know if my Caesar implementation is correct?

Test known examples: ATTACKATDAWN with shift 3 → DWWDFNDWGDZQ, and wrap-around like XYZ with shift 4 → BCD.

Q: Does Caesar preserve spaces and punctuation?

Most tools do (they only shift letters). Some puzzle variants remove spaces/punctuation first.

Q: Can frequency analysis always break Caesar?

For long enough text, usually yes. For very short text, brute force is safer.

Q: Is Caesar used in real security?

No. It’s educational and recreational only.

A classic substitution cipher that shifts letters by a fixed amount.

Family: Substitution Era: Ancient Rome Strength: Very weak

Try in Encoder / Decoder → Try in Breaker → Open Tools →

History & context

The Caesar cipher is one of the oldest and most famous encryption methods. It’s traditionally attributed to Julius Caesar, who reportedly used a shift of three for military correspondence. Historically, its value was practical: it prevented a casual reader from instantly understanding a message. Today, it is mainly used for learning, puzzle hunts, escape rooms, and as a building block for understanding stronger substitution systems. Modern cryptography considers Caesar completely insecure because the keyspace is tiny (26 possibilities) and because statistical fingerprints of the language survive encryption. Still, Caesar is *the* perfect cipher to learn first because it teaches: modular arithmetic, alphabet indexing, and how cryptanalysis (breaking ciphers) often starts with patterns and frequency.

How Caesar Cipher works

Pick an integer shift k from 0 to 25. Convert each letter into an index A=0, B=1, …, Z=25. To encode: add k (mod 26). To decode: subtract k (mod 26). Wrap-around happens automatically via mod 26: if shifting past Z, you continue from A. Most implementations leave punctuation, spaces, and digits unchanged, and only transform alphabetic characters. Some variants also shift lowercase separately (preserving case), while others normalize everything to uppercase.

Core rules

Only alphabetic letters are shifted; punctuation/spaces are usually unchanged.
Wrap-around: Z shifted by +1 becomes A.
Shift 0 is the identity (no change).
If preserving case, lowercase stays lowercase and uppercase stays uppercase.
If removing spaces/punctuation, ciphertext becomes a continuous block (common in puzzle variants).

Worked example

Example 1 (classic): Plaintext: ATTACK AT DAWN Shift: 3 Ciphertext: DWWDFN DW GDZQ Example 2 (wrap-around): Plaintext: XYZ Shift: 4 Ciphertext: BCD

How to encode / decode

Step-by-step

Decide whether you’re preserving punctuation/spaces and case.
Choose a shift k (0–25).
For each letter: map A=0..Z=25, compute (index + k) mod 26, map back to a letter.
Leave non-letters unchanged (typical behavior).
Double-check wrap-around: near Z you should cycle back to A.

💡 Tip: If you’re debugging an implementation: test simple cases first like A→D at shift 3, and wrap-around cases like Z→C at shift 3. Most Caesar bugs are off-by-one indexing or wrap-around mistakes.

How to break a Caesar Cipher

Caesar is one of the easiest ciphers to break because the keyspace is tiny: only 26 shifts exist. A brute-force attack tries all shifts and picks the result that looks most like natural language. Even faster, frequency analysis often reveals the shift immediately by comparing the most common ciphertext letter to the most common English letters (E, T, A, O, I, N). Practical note: for short ciphertexts (like < 20 letters), brute force is more reliable than frequency guesses, because short samples can have misleading statistics.

Practical checklist

Method A — brute force (guaranteed): try all 26 shifts and inspect outputs.
Method B — frequency shortcut: identify the most frequent ciphertext letter and assume it maps to E (or T).
Method C — scoring: rank each brute-force output by English-likeness (dictionary hits, common bigrams, vowel ratio).
Method D — crib-based: if you suspect a word (e.g., THE), try shifts that produce it and verify surrounding text.

What frequency looks like

Caesar preserves letter frequency exactly—only shifted. This means a Caesar ciphertext has nearly the same profile as English, just rotated. A bar chart of letters still has a few dominant peaks; it does *not* look flat/random. Key signals: • Index of Coincidence (IoC) stays close to English (~0.066). • Common digrams (TH, HE, IN) remain common, just shifted. • The most frequent ciphertext letter often corresponds to E (but not always for short text).

Signals to look for:

IoC is close to English; not close to random.
One or two letters dominate frequency (shifted versions of E/T/A/O).
Bigram frequency still has strong peaks (shifted TH/HE/IN patterns).
Brute force outputs will ‘snap’ into readable English for the correct shift.

Mini example

Suppose ciphertext letter frequency shows 'K' as most common. If plaintext most common letter is assumed 'E': Shift = (K - E) = (10 - 4) = 6. Try decoding with shift 6 and verify if common words appear.

Common mistakes

Assuming Caesar always uses shift 3 (puzzles often vary).
Forgetting wrap-around for letters near Z.
Shifting punctuation/digits when you didn’t intend to (or not shifting them when a variant expects it).
Not preserving case consistently (encode preserves case, decode doesn’t, etc.).
Using frequency analysis on very short ciphertexts (statistics can lie).

Variants

ROT13: shift fixed at 13 (self-inverse, encode=decode).
Shift with a custom alphabet: e.g., keyword alphabet or shuffled alphabet (becomes general substitution).
Caesar on ASCII / printable characters (shifts beyond letters).
Two-track Caesar: different shifts for vowels vs consonants (rare puzzle variant).

Practice

Best way to internalize Caesar: do a few by hand, then practice breaking unknown shifts using brute force. Try short messages (harder) and longer paragraphs (easier).

Try these prompts

Encode: MEET ME AT MIDNIGHT with shift 5.
Decode: YMJ VZNHP GWTBS KTC OZRUJI TAJW YMJ QFED ITL (hint: classic pangram).
You find ciphertext: QEB NRFZH YOLTK CLU GRJMP LSBO QEB IXWV ALD. Identify the shift.
Write a script that tries all shifts and ranks by dictionary hits.

FAQ

How many possible keys does the Caesar cipher have?

Only 26 (shifts 0–25). That’s why brute forcing is instant.

How do I know if my Caesar implementation is correct?

Test known examples: ATTACKATDAWN with shift 3 → DWWDFNDWGDZQ, and wrap-around like XYZ with shift 4 → BCD.

Does Caesar preserve spaces and punctuation?

Most tools do (they only shift letters). Some puzzle variants remove spaces/punctuation first.

Can frequency analysis always break Caesar?

For long enough text, usually yes. For very short text, brute force is safer.

Is Caesar used in real security?

No. It’s educational and recreational only.