This is the first article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption.
The best way to begin learning about encryption is by example. And thankfully, there exist many examples of encryption throughout history that we can draw from. One of the earliest well-known examples of encryption is the Caesar Cipher, and we will begin there.
The Caesar cipher is one of the oldest and simplest forms of encryption. It works by shifting each letter in your message a fixed number of positions down the alphabet. For example, with a shift of 3:
- The letter
A
becomesD
- The letter
B
becomesE
- The letter
C
becomesF
… and so on.
If you reach the end of the alphabet, you wrap around to the beginning. So with our shift of 3:
X
becomesA
Y
becomesB
Z
becomesC
To decrypt the message, you simply shift back in the opposite direction by the same number of positions. This simple cipher is named after Julius Caesar, who allegedly used it for secret communication and relied upon the fact that he perceived any potential attacker as being illiterate and uneducated — unable to decipher even such a simple code.
Although the Caesar cipher works, it is not very secure. If someone discovers or intuits the value of the shift, they are able to decode the ciphertext into plaintext fairly easily.
One way an attacker may discover the shift value is through frequency analysis. Knowing, for example, that the word
THE
occurs frequently in the English language, an attacker could search for frequently placed three-letter words to reverse engineer the shift value and retrieve the plaintext.
The Vigenère Cipher
The Vigenère cipher is like an advanced version of the Caesar cipher that uses multiple shifts instead of just one. Here’s how it works:
- First, you need a keyword. Let’s use
KEY
as an example. - To encrypt your message, you repeat the keyword over and over to match
the length of your message:
- Message:
HELLO WORLD
- Keyword:
KEYKEYKEYK
- Message:
- Instead of using the same shift for every letter (like the
Caesar cipher), each letter of the keyword determines the amount to shift:
K
means shift by 10 (becauseK
is at position 10 in the alphabet)E
means shift by 4Y
means shift by 24
So for our example, encrypting the plaintext HELLO
with they keyword
KEY
results in the ciphertext RIJVS
.
H
shifted byK
(10) =R
E
shifted byE
(4) =I
L
shifted byY
(24) =J
L
shifted byK
(10) =V
O
shifted byE
(4) =S
The main advantage over the Caesar cipher is that it’s much harder to
break because different letters in the message use different shifts. This
means common letter frequency analysis (a technique used to crack Caesar
ciphers) is less effective. This cipher also demonstrates the value of
a secret key that is used to encrypt and decrypt the text (rather that
a static value of 3
).
Encryption Basics
These simple ciphers highlight a feature common in secure cryptographic
operations: a secret key. In general, an encryption function will take
some plaintext (P
) and a secret key (K
) to produce a ciphertext (C
)
satisfying the equation C = encrypt(P, K)
. Similarly,
a decryption function will take ciphertext (C
) and return plaintext
(P
) satisfying the equation: P = decrypt(C, K)
.
In general if you don’t know the secret key, you cannot decrypt the message to get the plaintext. And ideally, you would not be able to gain any piece of information at all. With these simple ciphers, a dedicated attacker may be able to gain some information about the plaintext without the secret key through techniques like frequency analysis, allowing them to learn about or derive the key — which makes these ciphers insecure.
Kerckhoff’s Principle
Kerckhoff’s Principle is a fundamental concept in cryptography that states: “A cryptographic system should be secure even if everything about the system, except the key, is public knowledge.” To break this down with a simple example: Imagine you lock your house with a key. The lock’s design isn’t a secret — anyone can buy the same model or study how it works. What keeps your house secure is the specific key you use, not the lock’s mechanism.
Similarly, in cryptography the encryption algorithm (like our Caesar or Vigenère) can be completely public knowledge, and the way messages are encrypted and decrypted can be known by everyone. Only the specific key used needs to be kept secret.
This principle is important because it is easier to keep a single key secret than an entire system, and, if security depends on keeping the method secret, once the method is discovered, all systems that have used the same method become vulnerable to attack. However, this also shows a weakness - once someone discovers the specific key, all messages encrypted with that key become vulnerable.
Modern encryption still follows this principle - algorithms like AES are publicly documented, but they remain secure because the keys are kept private. We also often use different keys for different messages, even when using the same algorithm to avoid the drawback of a key becoming known and exposing all encrypted messages.
Conclusion
This discussion of classical ciphers illustrates some of the fundamental principles that remain relevant in modern cryptography. While these classical methods are no longer secure, they introduce core concepts like the importance of key management and that key secrecy is more important than algorithm obscurity.