Skip to content.

Scott Arciszewski

Software, Privacy, Security, Innovation

Caesar Ciphers and Substitution Ciphers

August 1, 2014 11:57 PM • Cryptography, Migrated, Tutorial

This was originally posted on a website I was developing over a year ago called Keenotes.

Ever since the invention of writing, there has been a need for cryptography ("hidden writing" or "secret writing"). Although there are many varieties and flavors of cryptography (especially with the advent of modern computers), the oldest cryptography systems were concerned chiefly with taking a message, called the "plaintext", and rendering it unreadable in such a fashion that only the intended recipients of the message could interpret the meaning. This unreadable version of the message is called the "ciphertext."

To achieve this, you generally start with your plaintext message and a "key" that only you and the recipient of your message possess. You use the key and the plaintext to create the ciphertext, then your recipient will use your ciphertext and the key to recover the plaintext. We generally refer to these encryption/decryption algorithms as "ciphers." (In later articles, we will explore some issues surrounding key management and key exchange to ensure only you and your recipient share the key.)

The simplest cipher to imagine is called a "substitution cipher": Each letter of plaintext corresponds to a different letter in the ciphertext.

To illustrate this better, let's look at the Caesar Cipher. If you were a field general in a ancient Roman army, the Caesar Cipher might have been used to encrypt the orders from your commanders. The reason for this is simple: If a literate person obtained the battle plans, they could undermine your efforts. Furthermore, if a messenger was killed in combat, they didn't want the plans to end up in the hands of the enemy. So they encrypted their messages as follows (plaintext on top, ciphertext on the bottom): Image

If you received a message that said "CXII YXZH QLQK BEFI IPXK AXTX FQLR OXOZ EBOP," you would use the bottom row to find that C becomes F, X becomes A, and so on. Before too long, the message becomes clear: "FALL BACK TOTH EHIL LSAN DAWA ITOU RARC HERS," or "Fall back to the hills and await our archers." If you wanted to respond with "Order received, we await reinforcements," you would look up each letter in the top row, then write down its corresponding letter in the bottom row. (The response would be, "LOAB OOBZ BFSB ATBX TXFQ OBFK CLOZ BJBK QP".)

After a while, Caesar's Cipher fell out of favor and more complicated substitution ciphers were used instead. For example, instead of shifting the alphabet three spaces to the right, why not completely scramble them? Doing so increases the difficulty of cracking the code, but only to a point: If your message is longer than your key, it's more susceptible to being broken. As more people became aware of substitution ciphers, more advanced ciphers were needed to ensure the confidentiality of private communications.

But that isn't to say that the substitution cipher is gone forever. They made an unexpected return in the Playstation 2 video game, Final Fantasy X. In this fantasy role-playing game, there is a race of technology-loving people called the Al Bhed, whose language is actually a clever substitution cipher of English (clever in that the ciphertext is more-or-less easily pronounceable). Image

So if one of the characters were to say, "This language is overrated," in Al Bhed, they would say, "Dren myhkiyka ec ujannydat."

Substitution ciphers also survive through art: Two of the three blocks of code in the Kryptos sculpture at CIA headquarters that have been cracked employed substitution ciphers (8 and 6, respectively). The other two were a transposition cipher and one that is currently unsolved, respectively.

Blog Archives Categories Latest Comments

Want to hire Scott Arciszewski as a technology consultant? Need help securing your applications? Need help with secure data encryption in PHP?

Contact Paragon Initiative Enterprises and request Scott be assigned to your project.