(En/De plain text entry screen.)

I’ll start out with the easiest and most well-known one – the Caesar Cipher; AKA, the Captain Midnight Decoder Ring code.

The Caesar cipher is a simple substitution algorithm where each letter is shifted a fixed number of positions along the alphabet. It gets its name from Julius Caesar, who is said to have used it for protecting military messages. Below, the upper line is for the plain text letters, and the lower line is what we read to get the cipher text.

Say we use a shift of 5:

ABCDEFGHIJKLMNOPQRSTUVWXYZ: Plain

FGHIJKLMNOPQRSTUVWXYZABCDE: Cipher

In other words, A=F, B=G, C=H, etc.

If our plain text message reads “THIS IS A SUBSTITUTION CIPHER”, the cipher result will be:

YMNX NX F XZGXYNYZYNTS HNUMJW

To reverse the process, we can either use the lower line for the cipher letters, and read the plain text off the upper line, or we can flip the lines and start from “A” for the cipher line, as follows:

ABCDEFGHIJKLMNOPQRSTUVWXYZ: Cipher

VWXYZABCDEFGHIJKLMNOPQRSTU: Plain

This gives us:

THIS IS A SUBSTITUTION CIPHER

again.

(En/De option selection screen.)

One thing this flipping demonstrates is that the Caesar cipher has a big weakness – flipping the key and reapplying the cipher causes your plain text to come back out. “A=F” relates to “A=V”.

You can pick a shift of 3, and apply the cipher to the plain text more than once:

WKLV LV D VXEVWLWXWLRQ FLSKHU: Once

ZNOY OY G YAHYZOZAZOUT IOVNKX: Twice

CQRB RB J BDKBCRCDCRXW LRYQNA: Three times

But this is really the same as applying a shift of 9 one time.

We can “harden” the Caesar cipher a little several different ways. First would be to “flip” the coder ring (i.e. – the lower cipher alphabet line) to go from Z to A.

ABCDEFGHIJKLMNOPQRSTUVWXYZ: Plain

ZYXWVUTSRQPONMLKJIHGFEDCBA: Cipher (w/ no shift)

The second step would be to reverse the plain text before enciphering (or reverse the cipher text afterward).

REHPIC NOITUTITSBUS A SI SIHT

LYVNUA POUJIJUJKBIK C KU KUVJ (reversed text, flipped ring, shift of 3)

By combining the two methods, we go from 25 possible encryption outputs (not counting A=A), to 4*26-1, or 103 possible outputs (normal unflipped, normal flipped, reversed normal, and reversed flipped).

(The cipher text after applying the options to the algorithm.)

Now, as we look at the various ciphers used throughout history, there are going to be a couple obvious factors for why they were considered adequate at the time, but not any more. In the case of the Caesar cipher, most of Rome’s enemies couldn’t read Latin. Shifting the letters a bit made the resulting message look like it was in a completely different language. The Romans themselves would figure things out very quickly, and in the case of Caesar sending messages to his generals, he WANTED them to read the cipher texts. But, if there were trained spies in the Roman ranks, or if one of Caesar’s Roman enemies wanted to spoil his plans, then this cipher isn’t all that secure.

But, still, if you’re trying to crack a cipher with pencil and paper, having to go through 25 different shifts is going to take time. And, by applying reversed text and a flipped cipher alphabet, that bumps you up to a maximum of 103 trials to see which algorithm and shift value is needed to read the message again. Doing this by hand, on paper, is going to be very time consuming.

(En/De brute force approach to cracking the Caesar cipher.)

However, with modern PCs we can easily apply the cipher algorithm to the cipher text to test every possible combination one at a time and still retrieve the original plain text message in less than a second. Two additional steps can make things even easier. First is to only apply the algorithm to the first 10-30 letters of the message, then when you know which key to apply by visually checking the output, run the algorithm on the entire message with that key (i.e. – normal, flipped ring, shift 6 places).

The other step is to create an array of common 3- and 4- letter words (e.g. – “the”, “this”, “and”, “will”, “for”, “she”, “her”, “was”), and count how often they show up in each combination of letter shifts. While it is possible that a random-looking permutation of letters might include “the” or “to”, only the correctly deciphered text will have the maximum number of hits on the words in the array. Using this array can allow the program to automagically identify a “best-fit” key, or even predict whether the Caesar cipher was used at all to encrypt the plain text. En-De already allows for testing shortened strings for speed, and I’ve just added the short word array test as I write this entry.

A couple other minor points to cover: The simplest form of the algorithm consists of only upper case letters (A-Z), no spaces and no punctuation or digits. And, any attempt to make the letter substitutions look really random just means that there’s more reason to attack the cipher via letter frequencies, which I’ll get into next time, instead of using the brute-force approach.

I also want to mention ROT-13 while I’m at this. I expect that most computer users are at least aware of ROT-13 as a name, while a lot of people have actually used it to hide, or reveal, video game, TV show and movie spoilers. ROT-13 is just another name for the Caesar cipher with a shift of 13 (A=N, B=O, C=P, etc.)

As mentioned above, there are other things we can do to further harden the Caesar cipher, but I’ll get into them later.

__The main points to remember now are:__

Caesar is a substitution cipher.

It consists of shifting each letter a fixed amount along the alphabet.

It’s used only on upper case letters.

It can be hardened in different ways.

It’s easy to crack as-is via bruteforce.

Almost everyone knows how to use, and break, it.