What Is the Caesar Cipher?
The Caesar cipher is a monoalphabetic substitution cipher that encrypts a message by shifting every letter in the plaintext a fixed number of positions down the alphabet. With a shift of 3, A becomes D, B becomes E, and Z wraps around to C. Also known as the shift cipher, additive cipher, rotation cipher, or Caesar shift, it is named after the Roman general Julius Caesar, who — according to the historian Suetonius — used a shift of 3 to protect sensitive military correspondence during the Gallic Wars (58–50 BCE).
Despite its simplicity, the Caesar cipher is historically significant: it is one of the earliest documented encryption techniques in Western civilization and forms the conceptual foundation for all modern substitution ciphers. Today it is widely used as a teaching tool in introductory cryptography courses and in recreational puzzles such as geocaching and escape rooms.
How the Caesar Cipher Works
The cipher operates on a single rule: replace each letter with the letter a fixed number of positions later in the alphabet. This fixed number is called the shift value (also referred to as the key or rotation). The alphabet is treated as circular, so after Z comes A.
Encryption Formula
Mathematically, the encryption of a single letter is expressed as:
E(x) = (x + n) mod 26
Where x is the numerical position of the plaintext letter (A = 0, B = 1, … Z = 25) and n is the shift value. The mod 26 operation ensures the result wraps around the 26-letter alphabet.
Decryption Formula
Decryption reverses the process by subtracting the shift:
D(x) = (x − n + 26) mod 26
Adding 26 before the modulo prevents negative values when the subtraction underflows past A.
Step-by-Step Encryption Example
Let's encrypt the word ATTACK with a shift of 4:
| Step | Plaintext | Position (x) | x + 4 | mod 26 | Ciphertext |
|---|---|---|---|---|---|
| 1 | A | 0 | 4 | 4 | E |
| 2 | T | 19 | 23 | 23 | X |
| 3 | T | 19 | 23 | 23 | X |
| 4 | A | 0 | 4 | 4 | E |
| 5 | C | 2 | 6 | 6 | G |
| 6 | K | 10 | 14 | 14 | O |
Result: ATTACK → EXXEGO (shift 4)
Notice that the same plaintext letter always maps to the same ciphertext letter — the two T's both become X. This predictable one-to-one mapping is precisely what makes monoalphabetic ciphers vulnerable to frequency analysis.
Step-by-Step Decryption Example
Decryption is the exact reverse. Given the ciphertext EXXEGO and the key shift 4, subtract 4 from each letter's position:
| Step | Ciphertext | Position (x) | x − 4 + 26 | mod 26 | Plaintext |
|---|---|---|---|---|---|
| 1 | E | 4 | 26 | 0 | A |
| 2 | X | 23 | 45 | 19 | T |
| 3 | X | 23 | 45 | 19 | T |
| 4 | E | 4 | 26 | 0 | A |
| 5 | G | 6 | 28 | 2 | C |
| 6 | O | 14 | 36 | 10 | K |
Result: EXXEGO → ATTACK (shift 4)
The + 26 in the formula prevents negative numbers when the ciphertext letter comes before the shift position in the alphabet.
How to Recognize Caesar Ciphertext
Before attempting to break a cipher, it helps to recognize whether you are dealing with a Caesar cipher in the first place. Several telltale characteristics can help identify Caesar-encrypted text:
- Letters only. Classical Caesar cipher preserves spaces and punctuation but only transforms alphabetic characters. If the ciphertext contains only standard letters with normal word spacing, it may be Caesar-encrypted.
- Preserved word lengths. Because the cipher operates on individual letters without regrouping, word boundaries and lengths remain identical to the plaintext. A 5-letter word encrypts as a 5-letter word.
- Skewed but uniform letter frequencies. The ciphertext will have a letter frequency distribution that looks like English, but shifted. If you plot the frequencies, the familiar "ETAOIN SHRDLU" pattern will appear offset by the shift value.
- No unusual characters. Unlike Morse code (dots and dashes), Base64 (alphanumeric + /=), or Polybius square (digit pairs), Caesar output looks like normal text — just unreadable.
The Cipher Identifier tool on this site can automatically detect whether a given ciphertext is likely Caesar-encrypted and suggest the probable shift value.
All 25 Possible Shift Values
Because the English alphabet has 26 letters, there are exactly 25 meaningful shift values (shifts 1 through 25). A shift of 0 or 26 leaves the text unchanged. This extremely small keyspace is the primary reason the Caesar cipher is trivial to break.
The shift reference table above this section shows the complete ciphertext alphabet for each shift value. Some frequently encountered shifts include:
- Shift 1 — The Augustus cipher; minimal transformation, sometimes used in simple puzzles.
- Shift 3 — Caesar's original shift, the most historically significant value.
- Shift 10 — Often used in educational examples because the offset is easy to compute mentally.
- Shift 13 (ROT13) — The most famous variant. Because 13 is exactly half of 26, applying ROT13 twice restores the original text, making it self-inverse. This property makes ROT13 uniquely convenient for obscuring spoilers, puzzle answers, and joke punchlines on internet forums and Usenet groups.
- Shift 25 — Equivalent to shifting backward by 1; produces a reverse-neighbor mapping (A↔Z in combination with shift 1).
Handling Numbers, Punctuation, and Extended Characters
The classical Caesar cipher only transforms the 26 letters of the Latin alphabet. Spaces, digits, and punctuation are traditionally left unchanged. However, several extended variants exist for handling non-alphabetic characters:
- ROT5 for digits. Applies a shift of 5 to the digits 0–9 (with wraparound), so 0→5, 1→6, …, 5→0. This is often combined with ROT13 to create ROT18, which shifts letters by 13 and digits by 5 simultaneously.
- ROT47 for ASCII. Extends the rotation to the 94 printable ASCII characters (codes 33–126), shifting each by 47 positions. This transforms digits, punctuation, and letters alike, producing more thoroughly obfuscated output. Like ROT13, ROT47 is self-inverse.
- Custom alphabet extensions. Some implementations expand the alphabet to include digits and common symbols, creating a larger character set (e.g., 36 or 62 characters) and using modular arithmetic on the expanded set.
For most educational and puzzle contexts, the standard 26-letter version is assumed unless explicitly stated otherwise.
Related Classical Ciphers
The Caesar cipher belongs to a family of substitution ciphers that evolved in complexity over centuries:
- Atbash Cipher — A Hebrew mirror cipher that reverses the alphabet (A↔Z, B↔Y). Predates Caesar by several centuries and was used to encode names in the Hebrew Bible.
- ROT13 — Caesar cipher with shift 13. Its self-inverse property makes it uniquely practical for casual obfuscation on the internet.
- Affine Cipher — Generalizes Caesar by using the formula E(x) = (ax + b) mod 26, where a and b are the key. Caesar is the special case where a = 1.
- Vigenère Cipher — Applies a different Caesar shift to each letter position using a keyword, creating a polyalphabetic cipher that resisted cryptanalysis for 300 years.
- Keyword Cipher — Rearranges the cipher alphabet based on a secret keyword rather than simply shifting it, increasing the keyspace from 25 to approximately 26! (factorial) possibilities.
- Beaufort Cipher — A reciprocal variant of Vigenère where the key letter is subtracted from the plaintext position rather than added.
Further Reading
Want to dive deeper into Caesar cipher cryptanalysis, history, and code implementations? Check out our detailed guides:
- Breaking the Caesar Cipher: Brute Force, Frequency Analysis & Chi-Squared Methods — Learn three proven techniques for cracking Caesar-encrypted messages
- Caesar Cipher History: From Julius Caesar to Modern Times — Explore the 2000-year journey of this foundational encryption method
- Python Caesar Cipher: Complete Programming Tutorial — Full implementation guide with source code