Affine Cipher: The Mathematics Behind the Encryption

The Affine cipher encrypts each letter using a simple mathematical formula: multiply by one number, add another, then take the remainder when dividing by 26. It's the point where classical ciphers meet algebra, producing a substitution that's stronger than a basic Caesar shift but still crackable with pen and paper.

If you've used a Caesar cipher, you've already used a special case of the Affine cipher. The Caesar shift only adds a number. The Affine cipher multiplies and adds, which scrambles the alphabet more thoroughly and creates a much larger set of possible keys.

The Encoding Formula

The Affine cipher encrypts a letter using this formula:

E(x) = (ax + b) mod 26

Where:

• x is the numerical value of the plaintext letter (A=0, B=1, C=2 ... Z=25)
• a is the multiplicative key
• b is the additive key (the shift)
• mod 26 means "take the remainder after dividing by 26"

The pair (a, b) is the encryption key. Changing either value produces a completely different ciphertext alphabet.

The Decoding Formula

To decrypt, you reverse the process:

D(y) = a⁻¹(y - b) mod 26

Where a⁻¹ is the modular multiplicative inverse of a — the number that, when multiplied by a, gives a remainder of 1 when divided by 26. More on that in a moment.

Choosing Valid Keys

Not every value of a works. The multiplicative key must be coprime to 26 — meaning a and 26 share no common factors other than 1. If they share a factor, multiple letters would encrypt to the same ciphertext letter, making decryption impossible.

Since 26 = 2 × 13, any value of a that's divisible by 2 or 13 is invalid. The valid values for a are:

| a | Modular Inverse (a⁻¹) | |---|------------------------| | 1 | 1 | | 3 | 9 | | 5 | 21 | | 7 | 15 | | 9 | 3 | | 11 | 19 | | 15 | 7 | | 17 | 23 | | 19 | 11 | | 21 | 5 | | 23 | 17 | | 25 | 25 |

That gives 12 valid values for a. The additive key b can be any number from 0 to 25 (26 options). So the total number of possible Affine cipher keys is 12 × 26 = 312 possible keys (or 676 if you count invalid a values in a brute-force attempt, but only 312 produce valid encryptions).

Modular Inverse Explained Simply

The modular inverse of a (mod 26) is the number a⁻¹ such that:

a × a⁻¹ mod 26 = 1

For example, the inverse of 5 is 21 because 5 × 21 = 105, and 105 mod 26 = 1 (since 105 = 4 × 26 + 1).

You can find the inverse by testing values or using the Extended Euclidean Algorithm. For the Affine cipher's 12 valid keys, the table above has all the inverses you need.

Worked Encoding Example

Let's encrypt HELLO with key (a=5, b=8):

H = 7  → (5 × 7 + 8) mod 26 = 43 mod 26 = 17 → R
E = 4  → (5 × 4 + 8) mod 26 = 28 mod 26 = 2  → C
L = 11 → (5 × 11 + 8) mod 26 = 63 mod 26 = 11 → L
L = 11 → (5 × 11 + 8) mod 26 = 63 mod 26 = 11 → L
O = 14 → (5 × 14 + 8) mod 26 = 78 mod 26 = 0  → A

HELLO → RCLLA

Notice that L encrypts to L in this case — a coincidence of this particular key, not a pattern you'd see with every key.

Worked Decoding Example

Now let's decrypt RCLLA using key (a=5, b=8). From the table, the inverse of 5 is 21:

D(y) = 21 × (y - 8) mod 26

R = 17 → 21 × (17 - 8) mod 26 = 21 × 9 mod 26 = 189 mod 26 = 7  → H
C = 2  → 21 × (2 - 8) mod 26 = 21 × (-6) mod 26 = -126 mod 26 = 4 → E
L = 11 → 21 × (11 - 8) mod 26 = 21 × 3 mod 26 = 63 mod 26 = 11 → L
L = 11 → 21 × (11 - 8) mod 26 = 21 × 3 mod 26 = 63 mod 26 = 11 → L
A = 0  → 21 × (0 - 8) mod 26 = 21 × (-8) mod 26 = -168 mod 26 = 14 → O

RCLLA → HELLO

When dealing with negative numbers in modular arithmetic, add 26 until the result is positive. For example, -126 mod 26: add 26 repeatedly (or compute -126 + 130 = 4).

Caesar Cipher as a Special Case

When a = 1, the Affine formula simplifies to:

E(x) = (1 × x + b) mod 26 = (x + b) mod 26

That's exactly the Caesar cipher formula — just a shift by b positions. So every Caesar cipher is technically an Affine cipher with a=1. ROT13, for instance, is the Affine cipher with key (1, 13).

This also means the Affine cipher with a=1 inherits all of the Caesar cipher's weaknesses. The multiplication by a is what gives the Affine cipher its extra strength.

Security Analysis

With only 312 valid keys, the Affine cipher is breakable by brute force in seconds — a computer can try every key almost instantly, and even by hand you could work through them in under an hour.

It's also vulnerable to frequency analysis. Since each plaintext letter always maps to the same ciphertext letter (it's a monoalphabetic substitution cipher), letter frequency patterns survive encryption. The most common ciphertext letter is probably E, the second most common is probably T, and from there the cipher unravels.

The real value of the Affine cipher is educational. It introduces modular arithmetic, multiplicative inverses, and the concept of key validity — ideas that recur throughout modern cryptography.

Try the Affine Cipher Online

Our free Affine cipher tool lets you encrypt and decrypt messages with any valid key pair. Just enter your text, choose values for a and b, and the tool handles the math. You can also use our cipher identifier to detect whether a message was encrypted with an Affine cipher.

Frequently Asked Questions

What makes the Affine cipher different from the Caesar cipher?

The Caesar cipher only shifts letters by a fixed amount (addition). The Affine cipher multiplies and then shifts (multiplication + addition), which produces a more thoroughly scrambled alphabet. Caesar is a special case of Affine where the multiplier equals 1.

Why must a be coprime to 26?

If a shares a factor with 26, the encryption function becomes many-to-one — multiple plaintext letters map to the same ciphertext letter. That makes decryption impossible because you can't determine which original letter was intended.

How many possible keys does the Affine cipher have?

There are 12 valid values for a and 26 possible values for b, giving 312 total valid keys. That's far more than the Caesar cipher's 25 keys, but still trivially small by modern standards.

Can I chain two Affine ciphers together for more security?

You can, but the result is just another Affine cipher with different a and b values. If the first key is (a₁, b₁) and the second is (a₂, b₂), the combined key is (a₁×a₂ mod 26, a₂×b₁+b₂ mod 26). Chaining doesn't increase the key space beyond 312.

Where is the Affine cipher used in practice?

It's primarily used as a teaching tool in cryptography courses and occasionally in puzzle competitions like CTF challenges. No modern system relies on it for actual security.