# 2.1 Shift Ciphers

One of the earliest cryptosystems is often attributed to Julius Caesar. Suppose he wanted to send a plaintext such as



but he didn’t want Brutus to read it. He shifted each letter backwards by three places, so  became  became  became  etc. The beginning of the alphabet wrapped around to the end, so  became  became  and  became  The ciphertext was then



Decryption was accomplished by shifting FORWARD by three spaces (and trying to figure out how to put the spaces back in).

We now give the general situation. If you are not familiar with modular arithmetic, read the first few pages of Chapter 3 before continuing.

Label the letters as integers from 0 to 25. The key is an integer  with . The encryption process is



Decryption is . For example, Caesar used .

Let’s see how the four types of attack work.

1. Ciphertext only: Eve has only the ciphertext. Her best strategy is an exhaustive search, since there are only 26 possible keys. See Example 1 in the Computer Appendices. If the message is longer than a few letters (we will make this more precise later when we discuss entropy), it is unlikely that there is more than one meaningful message that could be the plaintext. If you don’t believe this, try to find some words of four or more letters that are shifts of each other. Three such words are given in Exercises 1 and 2. Another possible attack, if the message is sufficiently long, is to do a frequency count for the various letters. The letter  occurs most frequently in most English texts. Suppose the letter  appears most frequently in the ciphertext. Since  and , a reasonable guess is that . However, for shift ciphers this method takes much longer than an exhaustive search, plus it requires many more letters in the message in order for it to work (anything short, such as this, might not contain a common symbol, thus changing statistical counts).

2. Known plaintext: If you know just one letter of the plaintext along with the corresponding letter of ciphertext, you can deduce the key. For example, if you know  encrypts to , then the key is .

3. Chosen plaintext: Choose the letter  as the plaintext. The ciphertext gives the key. For example, if the ciphertext is , then the key is 7.

4. Chosen ciphertext: Choose the letter  as ciphertext. The plaintext is the negative of the key. For example, if the plaintext is , the key is .