This is the first article in a series on Cryptography for the Everyday Developer. Follow along to learn the basics of modern cryptography and encryption.


The best way to begin learning about encryption is by example. And thankfully, there exist many examples of encryption throughout history that we can draw from. One of the earliest well-known examples of encryption is the Caesar Cipher, and we will begin there.

The Caesar cipher is one of the oldest and simplest forms of encryption. It works by shifting each letter in your message a fixed number of positions down the alphabet. For example, with a shift of 3:

  • The letter A becomes D
  • The letter B becomes E
  • The letter C becomes F

… and so on.

If you reach the end of the alphabet, you wrap around to the beginning. So with our shift of 3:

  • X becomes A
  • Y becomes B
  • Z becomes C

To decrypt the message, you simply shift back in the opposite direction by the same number of positions. This simple cipher is named after Julius Caesar, who allegedly used it for secret communication and relied upon the fact that he perceived any potential attacker as being illiterate and uneducated — unable to decipher even such a simple code.

Although the Caesar cipher works, it is not very secure. If someone discovers or intuits the value of the shift, they are able to decode the ciphertext into plaintext fairly easily.

One way an attacker may discover the shift value is through frequency analysis. Knowing, for example, that the word THE occurs frequently in the English language, an attacker could search for frequently placed three-letter words to reverse engineer the shift value and retrieve the plaintext.

The Vigenère Cipher

The Vigenère cipher is like an advanced version of the Caesar cipher that uses multiple shifts instead of just one. Here’s how it works:

  1. First, you need a keyword. Let’s use KEY as an example.
  2. To encrypt your message, you repeat the keyword over and over to match the length of your message:
    • Message: HELLO WORLD
    • Keyword: KEYKEYKEYK
  3. Instead of using the same shift for every letter (like the Caesar cipher), each letter of the keyword determines the amount to shift:
    • K means shift by 10 (because K is at position 10 in the alphabet)
    • E means shift by 4
    • Y means shift by 24

So for our example, encrypting the plaintext HELLO with they keyword KEY results in the ciphertext RIJVS.

  • H shifted by K (10) = R
  • E shifted by E (4) = I
  • L shifted by Y (24) = J
  • L shifted by K (10) = V
  • O shifted by E (4) = S

The main advantage over the Caesar cipher is that it’s much harder to break because different letters in the message use different shifts. This means common letter frequency analysis (a technique used to crack Caesar ciphers) is less effective. This cipher also demonstrates the value of a secret key that is used to encrypt and decrypt the text (rather that a static value of 3).

Encryption Basics

These simple ciphers highlight a feature common in secure cryptographic operations: a secret key. In general, an encryption function will take some plaintext (P) and a secret key (K) to produce a ciphertext (C) satisfying the equation C = encrypt(P, K). Similarly, a decryption function will take ciphertext (C) and return plaintext (P) satisfying the equation: P = decrypt(C, K).

In general if you don’t know the secret key, you cannot decrypt the message to get the plaintext. And ideally, you would not be able to gain any piece of information at all. With these simple ciphers, a dedicated attacker may be able to gain some information about the plaintext without the secret key through techniques like frequency analysis, allowing them to learn about or derive the key — which makes these ciphers insecure.

Kerckhoff’s Principle

Kerckhoff’s Principle is a fundamental concept in cryptography that states: “A cryptographic system should be secure even if everything about the system, except the key, is public knowledge.” To break this down with a simple example: Imagine you lock your house with a key. The lock’s design isn’t a secret — anyone can buy the same model or study how it works. What keeps your house secure is the specific key you use, not the lock’s mechanism.

Similarly, in cryptography the encryption algorithm (like our Caesar or Vigenère) can be completely public knowledge, and the way messages are encrypted and decrypted can be known by everyone. Only the specific key used needs to be kept secret.

This principle is important because it is easier to keep a single key secret than an entire system, and, if security depends on keeping the method secret, once the method is discovered, all systems that have used the same method become vulnerable to attack. However, this also shows a weakness - once someone discovers the specific key, all messages encrypted with that key become vulnerable.

Modern encryption still follows this principle - algorithms like AES are publicly documented, but they remain secure because the keys are kept private. We also often use different keys for different messages, even when using the same algorithm to avoid the drawback of a key becoming known and exposing all encrypted messages.

Conclusion

This discussion of classical ciphers illustrates some of the fundamental principles that remain relevant in modern cryptography. While these classical methods are no longer secure, they introduce core concepts like the importance of key management and that key secrecy is more important than algorithm obscurity.