Julius Caesar is said to have sent code messages to his generals by the simple device of shifting letters a certain number of places to the right in the alphabet. Thus, if message is ATTACK and the shift is one, then the encrypted message is BUUBDL. If this shift is two, the encrypted message is CVVCEM, etc. You can try this out for yourself using the app Encode pictured below:

Image for post

If you put ATTACK in the first box and B in the second one, you will see BUUBDL in the third (reddish) box. The letter B is the key — it tells the app “I am A shifted by one letter, so shift the letters in the message by one letter.” If the key is C then we shift by two letters to get CVVCEM. Etc. Notice the repeated letters, UU in the first case, and VV in the second. These kind clues can potentially give an adversary enough information to crack the code.

In the app, we use the ASCII system, which lays out a sequence of letters like this:

That way, even if the key is Z and we shift by 26 letters, we still have enough room to do our shifting (to the right).

What is described in the image of the app above is a bit different, however. We shift H by R to get Y, E by O to get S, A by S to get S, etc. If we run out of letters in the key, we just start over again. The longer the key, the better the security. And if the key is as long as the message, and if the letters of the key occur “at random”, then the letters of encrypted text will appear to be random as well. This is an excellent security system, called a “one-time-pad.” It is much harder to break than the naive Caesar code, but for security it relies on having a pad of keywords that are never re-used.

Why is the one-time pad so much better? Well, the Caesar code has only 26 keys, so we can break the code by trying all 26 — no big deal, especially with a computer to do the work. This is called a “brute-force” solution to the decoding problem.

How many keys are there for a 10-letter message? Well there are 26 choices for the first letter of the key, 26, for the second, etc. So the number of 10-letter keys is 26 x 26 x … x 26 — a total of 26 times. This works out to be roughly a six followed by thirty-six zeros. By comparison, the number of stars in our galaxy is only a two followed by ten zeros! The brute force search for the key is unlikely to work.

This, by the way, is (just one) example of how numbers much greater than any physical quantity have practical consequences.


A method of encryption is no good if you can’t decrypt (decode) the message. For the Caesar cipher, that is easy. If we shifted forward by k letters to encrypt, we shift back by k letter to decrypt. For the “generalized Caesar code,” we do the same, but with the shifts back depending on the relevant letter in the key.

Learning more

Here are two good references on one-time pads: Khan Academy and Wikipedia. Apps for encrypting and decrypting messages using this method, as well as the code for them can be found at jxxcarlson.github.io. The apps are written in the Elm programming language.

Written by

jxxcarlson on elm slack, http://jxxcarlson.github.io

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store