Caesar Cipher: Complete Guide to History, Encoding, and Breaking

The Caesar cipher shifts every letter in a message by a fixed number of positions in the alphabet. It's the oldest known substitution cipher, used by Julius Caesar himself to protect military communications over 2,000 years ago. With a shift of 3, A becomes D, B becomes E, and Z wraps around to C.

The Caesar cipher is trivially easy to break — there are only 25 possible shifts — but its simplicity is exactly why it endures. It's the perfect introduction to cryptography, a staple of escape rooms and puzzle books, and the foundation on which more complex ciphers like Vigenere are built.

The History of the Caesar Cipher

According to the Roman historian Suetonius, Julius Caesar used a shift of 3 to encrypt his military messages during the Gallic Wars (58–50 BC). When Caesar wrote to Cicero and other allies, he substituted each letter with the one three places further in the alphabet.

Caesar's nephew Augustus also used a cipher, though his was a shift of 1 — even simpler. For the Romans, the cipher wasn't about being theoretically unbreakable. Most of their enemies were illiterate, and even literate interceptors might not think to look for a letter-shifting pattern. The cipher just needed to buy time.

The Caesar cipher remained in use in various forms for centuries. As late as the 13th century, the monk Roger Bacon described the technique, and basic shift ciphers appear throughout medieval European cryptography.

How the Caesar Cipher Works

Pick a shift value (the key), typically between 1 and 25. Then shift every letter in your message forward by that many positions, wrapping from Z back to A.

With a shift of 3 (Caesar's original):

Plain:  A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Cipher: D E F G H I J K L M N O P Q R S T U V W X Y Z A B C

Only letters are shifted. Numbers, spaces, and punctuation stay unchanged.

Encoding Example

Let's encode ATTACK AT DAWN with shift 3:

A → D
T → W
T → W
A → D
C → F
K → N

A → D
T → W

D → G
A → D
W → Z
N → Q

Plaintext:  ATTACK AT DAWN
Ciphertext: DWWDFN DW GDZQ

Decoding Example

To decode, shift each letter backward by the key. Decrypt KHOOR with shift 3:

K → H  (K is 3 after H)
H → E
O → L
O → L
R → O

Decoded: HELLO

All 25 Shifts of the Caesar Cipher

Here's what the word "HELLO" looks like under every possible shift:

| Shift | Result | Shift | Result | Shift | Result | |-------|--------|-------|--------|-------|--------| | 1 | IFMMP | 10 | ROVVY | 18 | ZWDDG | | 2 | JGNNQ | 11 | SPWWZ | 19 | AXEEH | | 3 | KHOOR | 12 | TQXXA | 20 | BYFFI | | 4 | LIPPS | 13 | URYYB | 21 | CZGGJ | | 5 | MJQQT | 14 | VSZZC | 22 | DAHHK | | 6 | NKRRU | 15 | WTAAD | 23 | EBIIL | | 7 | OLSSV | 16 | XUBBE | 24 | FCJJM | | 8 | PMTTW | 17 | YVCCF | 25 | GDKKN | | 9 | QNUUX | | | | |

Shift 13 is special — it's ROT13, the internet's favorite spoiler-hiding cipher. Because the alphabet has 26 letters and 13 is exactly half, applying ROT13 twice returns the original text.

Breaking the Caesar Cipher: Brute Force

Since there are only 25 possible shifts (a shift of 0 or 26 does nothing), you can try all of them and see which one produces readable text. This is a brute force attack, and it takes less than a minute by hand.

Given the ciphertext WKLQN, just try every shift:

Shift 1:  VJHPM
Shift 2:  UIGOL
Shift 3:  THINK  ← readable English!

No computer required — you'll hit the right answer within 25 attempts. This is why the Caesar cipher offers essentially no security against anyone who knows what a Caesar cipher is.

Breaking the Caesar Cipher: Frequency Analysis

For longer messages, frequency analysis is even faster than brute force. In English, the most common letter is E (about 12.7% of all text), followed by T (9.1%), A (8.2%), O (7.5%), and I (7.0%).

Count the letters in the ciphertext. If the most frequent letter is H, then E was probably shifted to H — a shift of 3. Check by decoding with shift 3, and the message should be readable.

Frequency analysis becomes reliable with about 25+ characters of ciphertext. For shorter messages, brute force is more practical.

Why the Caesar Cipher Is Weak

The Caesar cipher has three fundamental weaknesses:

Tiny key space. Only 25 possible keys means brute force is trivial. Modern ciphers use keys with billions of billions of possibilities.

Monoalphabetic. Each letter always maps to the same ciphertext letter. This preserves letter frequency patterns, making the cipher vulnerable to statistical analysis. The Vigenere cipher addresses this weakness by using multiple shifts.

No diffusion. Changing one letter of plaintext changes exactly one letter of ciphertext. Modern ciphers spread the effect of each plaintext letter across the entire ciphertext, so a single change transforms the whole output.

ROT13: The Caesar Cipher's Most Famous Variant

ROT13 (Rotate by 13) is a Caesar cipher with shift 13. Its special property: encoding and decoding use the same operation. Apply ROT13 once to encrypt, apply it again to get the original back.

This made ROT13 popular on early internet forums (Usenet) for hiding spoilers and punchlines. It's not meant to be secure — it's meant to prevent accidental reading. If you see "URYYB" on a forum, applying ROT13 gives you "HELLO."

Caesar Cipher vs. Other Classical Ciphers

The Caesar cipher is a starting point. Here's how it relates to other classical ciphers:

Caesar vs. Atbash: Atbash reverses the alphabet (A↔Z, B↔Y). It's a specific substitution, not a shift. Caesar shifts; Atbash mirrors.

Caesar vs. Affine: The Affine cipher uses multiplication and addition (E(x) = ax + b mod 26). Caesar is the special case where a=1 — just addition.

Caesar vs. Vigenere: Vigenere applies a different Caesar shift to each letter based on a keyword. It's essentially multiple Caesar ciphers layered together, making it far harder to break.

Caesar vs. Substitution: A general substitution cipher can map each letter to any other letter. Caesar constrains the mapping to be a uniform shift, which is far more restrictive (25 keys vs. 26! keys for full substitution).

Use Our Free Caesar Cipher Tool

Our Caesar cipher tool lets you encrypt and decode with any shift, or automatically try all 25 shifts to crack an unknown message. Paste in any ciphertext and see every possible decoding instantly. You can also use our homepage decoder to automatically identify and break Caesar-encrypted text.

Frequently Asked Questions

What shift did Julius Caesar use?

Caesar used a shift of 3, according to the historian Suetonius. His nephew Augustus reportedly used a shift of 1.

How many possible keys does the Caesar cipher have?

There are 25 meaningful shifts (1 through 25). A shift of 0 or 26 leaves the text unchanged. Some sources count 26 possible keys if they include the identity shift.

Is the Caesar cipher the same as ROT13?

ROT13 is a specific instance of the Caesar cipher — the one with a shift of exactly 13. All ROT13 is Caesar cipher, but not all Caesar cipher is ROT13.

Can you crack a Caesar cipher without a computer?

Absolutely. With only 25 possible shifts, you can try each one by hand in minutes. For longer texts, frequency analysis (finding the most common letter and guessing it's E) makes it even faster.

Why is the Caesar cipher still taught if it's so easy to break?

Because it perfectly illustrates the core concepts of encryption — keys, shifting, substitution, brute force attacks, and frequency analysis — in a form simple enough to understand on first encounter. Every concept in the Caesar cipher scales up to modern cryptography.