The Caesar Cipher — Encryption | IGCSE Computer Science

Exam Frequency Analysis

Past paper frequency (2018 to 2024)

This topic accounts for approximately 4% of your exam marks.

increasing

Rare

Increasing4%

Symmetric vs asymmetric encryption questions are growing as cybersecurity becomes more prominent.

The Caesar cipher is one of the oldest encryption methods, named after Julius Caesar who reportedly used it for military messages. It is far too weak to use today, but the syllabus uses it as a teaching example of how a symmetric cipher works.

The rule

Each letter in the plaintext is replaced by the letter N positions further along the alphabet, where N is the agreed shift (the key). When the shift goes past Z, it wraps around back to A.

The shift N is the key. Both sender and receiver must agree on it before any messages are sent. Because the same key is used to encrypt and decrypt, the Caesar cipher is a symmetric cipher.

Example — Encrypt the plaintext PASS using a Caesar cipher with a shift of +3.

Walking through each letter:

P → 3 letters along → S
A → 3 letters along → D
S → 3 letters along → V
S → 3 letters along → V

Ciphertext: SDVV.

Example — Encrypt the plaintext EXAM using a Caesar cipher with a shift of +5.

E → 5 letters along → J
X → 5 letters along → C (X → Y → Z → A → B → C, wrapping past Z)
A → 5 letters along → F
M → 5 letters along → R

Ciphertext: JCFR.

The wrap-around step is where most slips happen. A useful trick: write out the alphabet as a strip of paper that loops at the ends, so Z is followed by A again.

Decryption: shift in the opposite direction

To decrypt a Caesar cipher with shift +N, shift each letter backwards by N positions, wrapping from A back to Z when needed.

Example — Decrypt the ciphertext SDVV with the agreed shift of +3.

S → 3 letters backward → P
D → 3 letters backward → A
V → 3 letters backward → S
V → 3 letters backward → S

Plaintext: PASS. ✓

A handy equivalent: shifting backwards by N is the same as shifting forwards by (26 − N). So decrypting a +3 cipher is the same as encrypting with +23.

Why the Caesar cipher is broken

The Caesar cipher is hopelessly insecure by modern standards:

Only 25 distinct keys. A shift of 0 leaves the message unchanged; shifts 1 through 25 are the only meaningful encryptions. An attacker can try every shift by hand in a couple of minutes (a "brute-force" attack).
Letter frequencies leak the shift. In English, E is by far the most common letter, followed by T, A, O, I, N. If you take a piece of Caesar-encrypted text and find that one letter appears far more often than others, that letter is almost certainly the shifted version of E. Two minutes of frequency analysis cracks any Caesar cipher.
No protection against pattern recognition. Repeated letters in the plaintext (like the "SS" in PASS) become repeated letters in the ciphertext, which gives away word structure.

The Caesar cipher is only used as a teaching example, not for real-world security. Modern symmetric ciphers like AES use 128-bit or 256-bit keys, giving roughly 10³⁸ to 10⁷⁷ possible combinations, far beyond what any attacker can search.