Fall 2003

Chris Christensen
Class notes

Caesar Ciphers
Cryptography
Suetonius, the gossip columnist of ancient Rome, says that [Julius] Caesar
[100? 44 B.C.] wrote to Cicero and other friends in a cipher in which the
plaintext letters were replaced by letters standing three place further down
the alphabet
Plaintext letters
Ciphertext letters

abcdefghijklmnopqrstuvwxyz
DEFGHIJKLMNOPQRSTUVWXYZABC

All such translation ciphers are now called Caesar ciphers.

Try enciphering the following message with the (original) Caesar cipher key
given above:
PoliticalcryptographyseemstohavefirstcometoRussia
undertheWesternizinginfluenceofPetertheGreat.
(Peter the Great, 1682 1725)

Translations
The mathematical transformation that shifts the alphabet is called a
translation. The shift to the right of three spaces can be symbolized as
C p b where C is ciphertext, p is plaintext, and b is the shift.

We think of assigning numbers to the letters of the alphabet. A usual

numbering is
0102030405060708091011121314151617181920212223242526
abcdefghIjklmnopqrstuvwxyz

Using this numbering, a, which is represented by 01, is mapped to 01 + 3 =

04, which represents D. a D, b E,c F, etc. When we come
to the end of the plaintext alphabet, the ciphertext alphabet returns to the
beginning: w Z, x A, y B, and z C.
The key for this Caesar cipher is 3 the number added to the plaintext letter
to arrive at the corresponding ciphertext letter. Here is a key that need not
be written it can be remembered. Because we are adding the key to the
numbers corresponding to the letters of the alphabet, we call this an additive
key. In the case above, we say we are using an additive key of 3.

Here is an example of a Caesar cipher with additive key 5.

Caesar cipher
Additive key = 5

Plaintext
a
b
c
d
e
f
g
h
i
j
k
l
m
n
o
p
q
r
s
t
u
v
w
x
y
z

Ciphertext
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
1
2
3
4
5

F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
A
B
C
D
E

Cryptanalysis
Frequency Analysis
Unfortunately, messages enciphered with Caesar ciphers can be easily
broken. Caesar ciphers usually fall to frequency analysis, and it is easy to
see why that happens.
First, notice that it is only necessary to determine one correspondence
between a plaintext and ciphertext letter to determine the key. So, a
reasonable first attempt would be to assume that the most frequent ciphertext
letter corresponds to plaintext e.

In addition, a Caesar cipher translates the other patterns we noticed in our

plaintext frequency chart. Here is an example.
Let us consider the Caesar cipher with additive key 5 which was given
above. If we encipher using that key, here is what happens to the
frequencies:
Frequencies Additive key = 5
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

1
11
11
1111111
1
111
1111
1111111111111
111
11
1111
1111111

1111
111
11111111
1111111
111
11111111
111111
111111111
111

They have just shifted 5 places further in the alphabet.

1. Instead of having a, e, and i be all high frequency letters spaced four
letters apart with e the most frequent, we now have that F, J, and N
have that property with J being the most frequent letter.

2. Instead of n and o forming a high frequency pair (near the middle of

the plaintext alphabet), we have that S and T form such a pair.
3. Instead of r, s, and t forming a high frequency triple (about 2/3 of the
way through the plaintext alphabet), we have that W, X, and Y form
such a triple.
4. Instead of j and k forming a low frequency pair (just before the
middle of the plaintext alphabet), we now have that O and P form such
a pair.
5. Instead of u, v, w, x, y, and z forming a low frequency six-letter string
(at the end of the plaintext alphabet), we now have that Z, A, B, C, D,
and E form such a string.
Frequency patterns have just shifted 5 places. This should be easy to spot.

Example
Here is a message enciphered with a Caesar cipher:
VRRQSHRSOHEHJDQVOLGLQJWKHDOSKDEHWEBDPRXQ
WVGLIIHUHQWWKDQWKUHHWRGHWHUPLQHFLSKHUHTX
LYDOHQWV

Here is a frequency analysis of the ciphertext:

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

1
111111
111
1
111
111111111111111
11
11
11111
111111

1111
11
11111111
11111
1111
1
1111
1111
111111111
11
1

Try to determine from the frequency analysis what shift was made. Then,
recover the plaintext.

The Number of Possible Keys

How many distinct Caesar ciphers are possible? Well, a shift of 0 would not
make any sense; we would still have plaintext. Shifts of 1, 2, 3, 25 make
sense. But, a shift of 26 would (because the alphabet returns to the
beginning) be the same as a shift of 0. Similarly, a shift of 27 is the same as
a shift of 1, and a shift of 28 is the same as a shift of 2. So, there are 26
possible Caesar ciphers, but one of those is a shift of 0 which would provide
no encryption at all.
Brute Force Attacks
Because of the small number of possible keys, a brute force attack is
reasonable. By a brute force attack, we mean trying all possible keys. In
this case, there are only 26 (really 25) keys to try. Throughout the history of
cryptology, many ciphers have been designed in such a way that their
security depended on having a large numbers of possible keys. They were
designed to prevent a brute force attack, but they were vulnerable to attack
by being just a little bit clever.
Here is an easy brute force attack that can be made against a Caesar cipher.

Begin with VRRQS,the first five-letter block of the ciphertext in our

example above. Now beneath it write the five letters that would result by
shifting each of these letters to the right by one. On the next line, write the
shift to the right by two. Do this for each of the 26 possible shifts. This
attack is sometimes called running the alphabet.
VRRQS
WSSRT
XTTSU
YUUTV
ZVVUW
AWWVX
BXXWY
CYYXZ
DZZYA
EAAZB
FBBAC
GCCBD
HDDCE
IEEDF
JFFEG
KGGFH
LHHGI
MIIHJ
NJJIK
OKKJL
PLLKM
QMMLN
RNNMO
SOONP
TPPOQ
UQQPR

Now scan the column for something that makes sense. Notice near the
bottom SOONP. This line corresponds to shifting the ciphertext alphabet to
the right 23 places. Recall that we determined above that the key to this
cipher is 3 ciphertext was obtained by shifting plaintext correspondence to
the right by 3 spaces. By shifting the ciphertext letters 23 more spaces to the
right, we have, in total, shifted the alphabet 26 spaces to the right we are
back to plaintext. So, the shift from plaintext to ciphertext plus the shift
from ciphertext back to plaintext must equal 26.

Another Approach to Cryptanalysis

Another approach to cryptanalysis of a Caesar cipher is to search through the
ciphertext for all 26 enciphered forms of a common word for example, for
the word the, the most common three-letter word in English.
Trigraph
THE
UIF
VJG
WKH
XLI
YMJ
ZNK
AOL
BPM
CQN
DRO
ESP
FTQ
GUR
HVS
IWT
JXU
KYV
LZW
MAX
NBY
OCZ
PDA
QEB
RFC
SGD

Shift
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

10

Here is a ciphertext enciphered with a Caesar cipher:

FGWFMFRXNSPTAKNWXYBTWPJIFXFHWDUYTQTLNXYB
NYMYMJBFWIJUFWYRJSY

Now, to determine the key, search through the ciphertext for an enciphered
version of the. Because the beginning and ending of words and word length
is hidden by the five-letter blocks, when searching for an encrypted the, we
must check every three consecutive letters: FGWGWFWFMFMFMFRFRX
RXNXNSNSPSPTPTATAKAKNKNWNWXWXYXYBYBTBTWTWPWPJ
PJIJIFIFXFXFXFHFHWHWDWDUDUYUYTYTQTQTQTLTLNLNX
NXYXYBYBNBNYNYMMYMYMJ. The last of these is the encrypted with

an additive key of 5.
This technique of searching for an enciphered version of a word or phrase
that is expected in the message is called Einsing. It was commonly used
during World War II by the British codebreakers at Bletchley Park who
broke the German Enigma messages to the U-boats. The Enigma machine
had letters but no numbers on its keyboard; so, numbers were written out in
messages. It was common that the word Eins (one) would appear in a
message. The 3-rotor Enigma had 17,576 possible different settings. With a
lot of patience and knowing the 17,576 enciphered versions of Eins,
messages could be searched to find an enciphered version of Eins and
determine the key.
The word the when used as we have in this process is called a crib. Gordon
Welchman, one of the cryptologists at Bletchely Park writes:
Cryptologically speaking, however, one has a "crib" to a cipher text if
one can guess the clear text from which some specific portion of the
cipher text was obtained. As my analysis of the Enigma traffic began
to reveal certain routine characteristics in the preambles of individual
messages, I realized that, if we could somehow determine to whom
they were addressed, or by whom they were sent, we might be able to
guess a portion of the clear text either at the beginning of the end of
each of the messages, and so have cribs. [Welchman, Gordon, The Hut Six Story,
Baldwin, Cleobury Mortimer, 1997.]

11

Cribs
Cribs were described by Giovanni Battista Porta (1535 1615) in De
furtivis, 1563. Using a crib involves searching for a pattern of a probable
word. Consider the following ciphertext:
BTHUNRBONOKHYYNXHORHSBANOXWUJDHOIBEBOHPH
OBABYRJMHUHBMBTHPPBXHKSBKLBTBTJKJVJFYMYH
BAHUBWBFYOHVWUNKBNOCJUBONOPEHRKNJOJCKUJJ
EPPKBKNJOHMJCCWJFXBNOANYYHNOKSHPJYJTJONP
YBOMP

Assume that we have reason to suspect that the message includes the name
of the Japanese admiral Yamamoto. We search through the ciphertext for a
pattern of letters of the form _12123_3 (Y)amamo(t)o. Notice in the second
line BTBTJKJ. This is likely amamoto. So, a = B, m = T, o = J, t = K,
and y = L. (This has not been enciphered with a Caesar cipher.)

12

Exercises
1. Construct a plaintext-ciphertext correspondence for a Caesar cipher
having additive key 9.
2. Encipher the following message using a Caesar cipher with additive
key 9:
Formanyyears,NSAsecurityofficialsrated
homosexualitynearthetopofitslistofsecurity
problemstowatchfor.

3. Use frequency analysis to cryptanalyze the following ciphertext:

MAXGXQMWTRVKXPFXFUXKLHGMAXFTWWHQLBZ
AMXWYBOXGHKMAOBXMGTFXLXGTORTMMTVDUH
TML

4. Use brute force to cryptanalyze the following ciphertext:

CQNQRBCXAHXOVXMNAWLXMNKANJTRWPJWMCQ
NQRBCXAHXOLXVYDCNABJANLXCNAVRWXDB

5. Search through the following ciphertext and find a Caesar ciphered

version of the word the. Then determine the shift and recover the
plaintext.
IBYBCKBSJSBHCROMWGHVSGDMKOFHVOHFOUS
ROHHVSHCDCTHVSKCFZR

6. Find a word (of more than one letter) and a Caesar cipher that
translates that word into another word.

13

7. The following is ciphertext of a message in German. We have reason

to expect that the title Generalleutnant der WaffenSS appears in the
message. Try to use the pattern of letters in the crib to locate the
ciphertext for this phrase in the message. Based upon your finding,
what plaintext-ciphertext letter correspondences do you suspect?
Cryptanalyze as much of the message as you can remember, it is
written in German. (This has not been enciphered with a Caesar
cipher; so, unless you know German and can figure out the remaining
letter correspondences from context, you will only be able to get the
letter correspondences that occur from the crib.)
ERKKGBCJJORXCPBOBGOROBEZZOCTRERTFOBUEXXO
RKKNOBGOBNOBZYRKKPECJTEITIYTFOBNYTTOCIEN
KJBEWPOGOIEKKOUOYTOBGENO

8. A message is known to be enciphered with a Caesar cipher. A shift of

22 letters changes ciphertext to plaintext. What is the additive key?
9. A message is known to be enciphered with a Caesar cipher. We
suspect that plaintext e corresponds to ciphertext R. What is the additive
key? Repeat the exercise with plaintext e corresponding to ciphertext B.

14