How to decrypt a shift cipher without the key

Before we start discussing how to decode a shift cipher, let us recall that, mathematically, the Caesar cipher is just addition modulo N: it encodes a given letter x with the encrypted letter y such that y = x + key (mod N).

Once you know the key, decoding is very easy. The real challenge arises when you do not know the key, and if you are trying to intercept a secret message, this is most likely your case!

To help you, in what follows, we discuss several ideas of how a shift cipher decoder​ can work without the key:

• Decode shift cipher with brute force;
• Beat it with smart guess; or
• Crack it with frequency analysis.

For an alphabet of N characters, there exist N - 1 Caesar ciphers (we exclude here the shift cipher with shift zero, as it does not really encode anything...). This fact means that it is extremely easy to break a Caesar-style cipher since there are only 25 different keys if the English alphabet with 26 letters is at the foundation of the message. (From the point of view of Caesar himself, it was even worse: the classical Latin alphabet uses only 19 letters.)

Because there are only 25 possible ciphers, one does not even need to develop any fancy software to break the code: even a pencil is a valid Caesar shift cipher solver​.

Let us summarize how to decrypt a shift cipher without the key but with a pencil:

1. Write down the encrypted message, leaving some (a lot?) space beneath it.
2. Beneath each letter, write out the alphabet, starting at that letter. That is, if the letter is E, you put F under it, and then G, and so on.
3. Once you reach the end of the alphabet, jump to A and go on until you are about to get the letter you started with. In our example, you stop at D.
4. Repeat this procedure for each letter in the encrypted message.
5. Now go row by row and find the row that makes sense in English — there is exactly one row that already contains a decoded message in plain English (or your target language).
6. Done? Congrats! It feels good to break a Caesar-style cipher, huh?

Smart guess, also known as the crib dragging technique, allows us to quickly decrypt a shift cipher without a key, provided we have a bit of luck and some knowledge about the language in which the message is written.

The idea is to use the knowledge about the most frequent words in this language. For example, if English is concerned, we suspect that the word "the" will almost surely appear in the message. So we can look for a block of three letters and try decoding them as "the". If it works, we try applying the newly found key to the rest of the message and watch the truth being revealed before your eyes.

What if the message contains no blanks that show you word separation? It's harder, but we can still manage. For instance, if you suspect the message includes an order for the Roman legion to start preparing an attack, you can try decoding blocks of 6 letters as the guessed word "attack". (Or, rather, for "impetum". We do not know of any legion that communicated in English.)

Hey Squire, let's check if you really understand how to decrypt a shift cipher without a key but with smart guesses. Here's the message, and it's not the easiest one to understand! To make your life a tiny bit easier, we can reveal the message is in English and, fortunately, there are blanks!

Ck corr yurbk kbkxe sgzn vxuhrks osgmotghrk — lux kbkxeutk ut znk vrgtkz.

Let's start by testing the good old "the" and hope it'd suffice. The portion of the encrypted message that we test reads if the three-letter long word lux (it's a proper Latin word, but I digress).

If lux stands for the, it means L stands for T. That is, we shift backwards by 8 places. But decoding U using this key yields M instead of H! So our method failed... hey, not yet.

There is another three-letter long word in the secret message: znk. Let's try again:

• Z to T means shifting backwards by 6 places.
• N to H means shifting backwards by 6 places. Hey, looking good!
• K to E means shifting backwards by 6 places. YAY

We now have a strong reason to suspect that the entire text was encrypted with the key 6. We can now work manually or use Omni's Caesar cipher decoder to read the whole message:

We will solve every math problem imaginable — for everyone on the planet.

That's Omni Calculator's mission, one encrypted message at a time!

Frequency distribution analysis is the ultimate Caesar shift cipher decoder. Here we need some extra knowledge about the language in which the message was written and, in particular, about the letter frequency in this language.

For instance, in English, the letters E, T, A are most frequent, while Q, Z are least frequent. How does this help in decrypting a shift cipher without a key?

• Compute the frequency of each letter in the ciphertext.
• Find the one that is most frequent
• We guess it should correspond to E.
  • Compute the shift between your letter and E.
  • Try to decode the whole ciphertext using this key.
• If it works, we're done. If not, continue by checking if your most frequent letter corresponds to T or A. Then check your second-most frequent letter.

Sooner or later you will break the cipher, and even if it is later rather than sooner, it is still faster than brute force (and definitely more elegant).

An extra tool that can help is to draw the histogram of frequencies of letters in the ciphertext and compare this graph to the expected distribution of the English language. Some very sophisticated statistical tools can help here, for instance, tests that compare two probability distributions, but there's also a very handy rule-of-thumb:

Three very frequent letters, R, S, and T, are followed by letters with very weak frequency: U, V, W, X, Y, and Z.

This means you should see three bars sticking out, followed by a long series of very short bars. Look for this pattern in your histogram, and you'll find the key and break the cipher in no time — this is how to decrypt a shift cipher without a key like a pro!