If you're seeing this message, it means we're having trouble loading external resources on our website.

If you're behind a web filter, please make sure that the domains *.kastatic.org and *.kasandbox.org are unblocked.

Ciphers

# Shift cipher

## Modular Math and the Shift Cipher

The Caesar Cipher is a type of shift cipher. Shift Ciphers work by using the modulo operator to encrypt and decrypt messages. The Shift Cipher has a key K, which is an integer from 0 to 25. We will only share this key with people that we want to see our message.

## How to Encrypt:

For every letter in the message M :
1. Convert the letter into the number that matches its order in the alphabet starting from 0, and call this number X.
( A=0, B=1, C=2, ...,Y=24, Z=25)
2. Calculate: Y = (X + K) mod 26
3. Convert the number Y into a letter that matches its order in the alphabet starting from 0.
(A=0, B=1, C=2, ...,Y=24, Z=25)
For Example: We agree with our friend to use the Shift Cipher with key K=19 for our message.
We encrypt the message "KHAN", as follows:​
So, after applying the Shift Cipher with key K=19 our message text "KHAN" gave us cipher text "DATG".
We give the message "DATG" to our friend.

## How to decrypt:

For every letter in the cipher text C :
1. Convert the letter into the number that matches its order in the alphabet starting from 0, and call this number Y.
(A=0, B=1, C=2, ..., Y=24, Z=25)
2. Calculate: X= (Y - K) mod 26
3. Convert the number X into a letter that matches its order in the alphabet starting from 0.
(A=0, B=1, C=2, ..., Y=24, Z=25)
Our friend now decodes the message using our agreed upon key K=19. As follows:
So, after decrypting the Shift Cipher with key K=19 our friend deciphers the cipher text "DATG" into the message text "KHAN".

## Why is the Shift Cipher insecure?

A cipher should prevent an attacker, who has a copy of the cipher text but does not know the key, from discovering the contents of the message. Since we only have 26 choices for the key, someone can easily try all of the 26 keys, one by one, until they recover the message. This type of attack is called a brute force attack.

## Want to join the conversation?

• I wrote a small vbscript program to perform the modulo shift, and for most cases it worked.
However, if the input minus the shift value results in a negative number, vbscript's mod function outputs a negative remainder. The work around I had to implement was ultimately found from a quote from news:borland.public.delphi.objectpascal which stated: "Henrick Hellström wrote: I would strongly prefer that (X mod Y) > 0 if Y > 0. The expression (((X mod Y) + Y) mod Y) one has to write from time to time just looks awful!"

This really seems like a hack to get the mod function to work, however, I noticed in several google searches, that not every programming language treats modulo the same. SO if you try to code up a encrypt/decrypt routine based on the mod function, you've been warned. • Here's an alternate approach.

Since A mod B is the remainder R when we divide A by B and all integers can be written as A=B*Q+R (where Q is the quotient which is floor(A/B) )

A mod B is:
A-floor(A/B)*B

Without getting too deep into it, the quirky behavior behind mod in many programming languages has its roots in how computers represent negative numbers and how integer division is done on computers (truncating integer division).

Hope this makes sense
• since there are 26 letters in the alphabet
Why isn't A= 1, B = 2, C = 3 ... Y = 25, Z = 26? • In cryptography, we use A=0 ... Z=25. This makes sense, because if a shift is 0 you can assume that the letters were shifted by 0, which means they were shifted by nothing. Any letter shifted by 0 is that letter. Think of it like addition: you are adding a number. Any number + 0 is that number, therefore A+0 is A, right?
Also, if we used A=1, it would get very confusing because some people would think that A shifted by 1 is A and others would disagree. This would make it very hard to decrypt an encrypted message because you would have to decrypt the message twice, once for each possibility!
• I may be missing something. Under 'decryption', using k=19, 19 is subtracted from the cryptic message (3, 0, 19, 6) to give the result of -16, -19, 0, -13. Under that result, a new result of 10, 7, 0 13 is provided to give us the message 'khan'. Specifically, I'm unclear how -16 & -19 converted to 10 and 7 to give us the letters k & h in the message. Please explain and clarify this result. • Decryption. How does dividing -16 by 26 give us a remainder of 10?
26 goes into -16 how many times?

I understand the logic in the encryption when the numerator is positive, but I'm lost in the decryption. • Correct me if i'm wrong. But with mod=26, and A=0; you end up with 27 alphabetical characters... • I understand that the caesar cipher can be broken in just 26 or less tries but here, in this shift cipher we're taking the letter positions in the alphabet and then adding it to a shift number. next we use modulus 26. How is the Cryptographer going to know it was mod 26 and not mod 24 or 22? Or, how is he even going to know we did something like Modulus? And, can't we use mod 22 or any other number closer to 26? • Here are some issues to think about. What symbols will you use to send the text? The reason we use modulus 26 is we are limited to only 26 recognizable symbols to use. We could expand that list, however, the difficulty to guess it only increases linearly...and we have introduced more symbols which may make it more difficult to decrypt at the other end for the intended person. A similar problem arises when we use a smaller modulus. If we have only 22 symbols to use then we can really only encrypt 22 letters. What about the other 4? Also this makes it easier to check. In theory an interceptor would probably be already trying 26 shift keys. So 22 does not make the message more secure. With regards to the knowing we are using a modulus. You are right, he might not know that, but it would not be very hard to guess that we are using a shift key and see if the message decrypts. In the age of computers, he could write a simple program to try all 26 shift possibilities (or 110 if you want to add more symbols) and see if any make intelligible print.
• If I were to decrypt B using k=3:
B=2, so 2- 3 = -1, mod(-1); wouldn't the answer still be -1? not 25 which is Z, the correct answer?
I'm sorry for this noob question. • Why we cannot comment also under the exercises or games? It would be more convenient to discuss possible setbacks right there, won´t it? • Do you have to add 26 for mod 26 after ever decryption? For example:

H e l l o K=1
7 4 16 16 19
6 3 15 15 18
+26 26 26 26 26?
-----------------------------
32 29 41 41 44
(1 vote) • In the encryption process, mod 26 is mentioned. How does that apply to encrypt the message. For example, in 29 mod 26, how is the 3 obtained? Also, how is 19 mod 26, 19?
(1 vote) • The mod operator gives the remainder of the top number divided by the bottom. For example, if we want 10 mod 3, we will start by dividing and getting `10 / 3 = 3 R 1` (read: 3 remainder 1) because the 10 is 1 over being divisible by 3 (9 is divisible by 3 and 1 less than 10). The remainder that we get, in this case, 1, is mod, so 10 mod 3 = 1.
For the examples you gave:
``29 mod 2629 / 26 = 1 R 3 because 29 = 1*26 + 3              ^    This is the mod29 mod 26 = 3``

And
``19 mod 2619 / 26 = 0 R 19 because 19 = 0*26 + 19              ^    This is the mod19 mod 26 = 19``

Hope this helps!
Neil