Caesar Cipher and ROT13 — How Shift Ciphers Work

Julius Caesar encrypted military communications by shifting each letter three positions forward in the alphabet. A → D, B → E, Z → C. To decode, the recipient shifted back by three. This is the Caesar cipher — the oldest documented substitution cipher and the ancestor of every symmetric encryption algorithm in use today.

Use the ROT13 Cipher tool on this site to encode and decode text instantly.

How the Caesar cipher works

The Caesar cipher replaces each letter with the letter n positions ahead in the alphabet, wrapping around from Z back to A. With a shift of 3:

Plaintext	A	B	C	D	E	F	…	X	Y	Z
Ciphertext	D	E	F	G	H	I	…	A	B	C

“HELLO” with a shift of 3:

• H (7) + 3 = K (10)
• E (4) + 3 = H (7)
• L (11) + 3 = O (14)
• L (11) + 3 = O (14)
• O (14) + 3 = R (17)

Result: KHOOR

The mathematical formula (0-indexed, where A=0, B=1, …, Z=25):

Encrypt: C = (P + shift) mod 26
Decrypt: P = (C - shift + 26) mod 26

For “H” (7) with shift 3: (7 + 3) mod 26 = 10 → K ✓ Decrypting “K” (10) with shift 3: (10 - 3 + 26) mod 26 = 7 → H ✓

The + 26 in decryption prevents negative modulo results. In Python, (-1) % 26 = 25 (correct), but in C, JavaScript, and Java, (-1) % 26 = -1 (wrong). Adding 26 before the modulo ensures the result is always positive.

ROT13: a specific Caesar cipher

ROT13 is the Caesar cipher with a shift of exactly 13. Since the English alphabet has 26 letters, ROT13 is its own inverse — applying ROT13 twice returns the original text:

ROT13(ROT13("HELLO")) = "HELLO"

This self-inverse property makes ROT13 special: the same operation encodes and decodes. No need to specify “encrypt” vs. “decrypt” — it’s the same function.

ROT13 substitution table:

Plain:  A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
ROT13:  N O P Q R S T U V W X Y Z A B C D E F G H I J K L M

“HELLO” in ROT13:

• H → U
• E → R
• L → Y
• L → Y
• O → B

Result: URYYB

Where ROT13 is actually used

ROT13 is deliberately not secure. Its use cases are all about obscuring text from casual reading, not protecting it from a determined reader:

Usenet spoilers (the original use)

ROT13 originated on Usenet newsgroups in the 1980s for spoiler warnings. Before sophisticated forum software, users would encode plot reveals:

ROT13: Qnegu Inqre vf Yhxr'f sngure.
Plain: Darth Vader is Luke's father.

A reader could choose whether to see the spoiler. Anyone who hadn’t mentally memorized the substitution table needed a tool to decode it — providing a mild friction barrier without genuine security.

Puzzle and CTF obfuscation

ROT13 appears in Capture The Flag (CTF) competitions as a basic encoding layer. It’s considered a starting-point transformation — if you see garbled English text, ROT13 is one of the first things to try.

Avoiding content filters

Some platforms historically blocked specific words. ROT13 encoding would allow discussion of a term without triggering keyword filters. This use is cat-and-mouse — content filters now check common obfuscations.

Email and forum text encoding

Some email clients and CMS systems historically used ROT13 to obfuscate email addresses in page source to reduce harvesting by spam bots. This is weak protection — automated tools check ROT13 — but it’s still used in some legacy systems.

Why the Caesar cipher is insecure

26-key brute force

The Caesar cipher has only 26 possible keys (shifts of 0–25). An attacker can try all 26 in seconds — or even mentally if they recognize a pattern:

Ciphertext: KHOOR ZRUOG
Shift 3: HELLO WORLD ← immediate recognition

Frequency analysis

Even without brute-forcing all 26 shifts, an attacker can crack Caesar cipher using frequency analysis. In English text, certain letters appear far more frequently than others:

Rank	Letter	Frequency
1	E	12.7%
2	T	9.1%
3	A	8.2%
4	O	7.5%
5	I	7.0%

In a Caesar-encrypted text, the most frequent ciphertext letter is most likely the encryption of E. If the most common letter in the ciphertext is H, the shift is likely H - E = 3. One frequency observation often narrows the key space to 2–3 candidates, which trivially brute-force.

Why this matters for cryptography history

The Caesar cipher illustrates two fundamental vulnerabilities that all substitution ciphers share:

1. Small key space — few possible keys makes exhaustive search feasible
2. Preserved statistical structure — each plaintext letter always maps to the same ciphertext letter, so language frequency patterns survive encryption

These vulnerabilities were what drove cryptographers toward polyalphabetic ciphers (Vigenère, 1553), then to rotor machines (Enigma, 1918), then to modern symmetric ciphers (AES, 2001). Each generation addressed the weaknesses of the previous approach.

Implementing Caesar cipher in code

Python

def caesar_encrypt(text, shift):
    result = []
    for char in text:
        if char.isalpha():
            base = ord('A') if char.isupper() else ord('a')
            encrypted = chr((ord(char) - base + shift) % 26 + base)
            result.append(encrypted)
        else:
            result.append(char)  # Keep spaces, punctuation unchanged
    return ''.join(result)

def caesar_decrypt(text, shift):
    return caesar_encrypt(text, -shift)

# ROT13 is Caesar with shift=13
def rot13(text):
    return caesar_encrypt(text, 13)

print(caesar_encrypt("Hello, World!", 3))  # "Khoor, Zruog!"
print(caesar_decrypt("Khoor, Zruog!", 3))  # "Hello, World!"
print(rot13("Hello"))                       # "Uryyb"
print(rot13("Uryyb"))                       # "Hello" (self-inverse)

JavaScript

function caesarCipher(text, shift) {
  return text.split('').map(char => {
    if (/[a-zA-Z]/.test(char)) {
      const base = char <= 'Z' ? 65 : 97; // uppercase or lowercase
      return String.fromCharCode(
        ((char.charCodeAt(0) - base + shift % 26 + 26) % 26) + base
      );
    }
    return char; // non-alphabetic unchanged
  }).join('');
}

const rot13 = text => caesarCipher(text, 13);

console.log(caesarCipher('Hello, World!', 3));  // 'Khoor, Zruog!'
console.log(rot13('Hello'));                     // 'Uryyb'
console.log(rot13(rot13('Hello')));              // 'Hello'

ROT13 in Unix/Linux

ROT13 is available as a one-liner in most Unix systems:

echo "Hello World" | tr 'A-Za-z' 'N-ZA-Mn-za-m'
# Output: Uryyb Jbeyq

# Decode (same command, since ROT13 is self-inverse):
echo "Uryyb Jbeyq" | tr 'A-Za-z' 'N-ZA-Mn-za-m'
# Output: Hello World

The tr command translates characters: A-Z → N-ZA-M maps A→N, B→O, …, M→Z, N→A, …, Z→M.

Cracking a Caesar cipher: frequency analysis in practice

Given the ciphertext: WKH TXLFN EURZQ IRA MXPSV RYHU WKH ODCB GRJ

Step 1: Count letter frequencies in ciphertext. Most frequent: W (2), K (2), H (2), R (2), J (1)

Step 2: English E is most common. If W = E, shift = W - E = 22 - 4 = 18.

Step 3: Try shift 18 (decrypt with 18): WKH → each letter shifted back 18: W(22)-18=4=E, K(10)-18=-8+26=18=S, H(7)-18=-11+26=15=P → “ESP” — not English.

Step 4: Try the most common English letters. T is second most common. If W = T, shift = 22 - 19 = 3.

Step 5: Try shift 3 (decrypt by 3): WKH → W(22)-3=19=T, K(10)-3=7=H, H(7)-3=4=E → “THE” ✓

Answer: shift is 3, decrypted text is “THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG”

ROT13 variants

ROT5: shifts digits 0–9 by 5 (0→5, 1→6, …, 9→4). Often combined with ROT13 to encode alphanumeric text.

ROT18: ROT13 for letters + ROT5 for digits simultaneously. A common extension of ROT13 that handles alphanumeric strings.

ROT47: shifts all printable ASCII characters (! through ~, codes 33–126) by 47 positions. Encodes letters, digits, and punctuation.

def rot47(text):
    result = []
    for char in text:
        code = ord(char)
        if 33 <= code <= 126:
            result.append(chr(33 + (code - 33 + 47) % 94))
        else:
            result.append(char)
    return ''.join(result)

The ROT13 tool

The ROT13 Cipher tool handles encoding and decoding for ROT13, ROT47, and Caesar cipher with any shift value. It processes text client-side (your text is never sent to a server), which matters when encoding draft content or internal notes you’d rather not transmit in plaintext.

Related tools

• ROT13 Cipher — encode and decode ROT13, ROT47, and Caesar cipher
• Hash Generator — one-way hashing with MD5, SHA-256, SHA-512
• Base64 Encoder/Decoder — encode binary data as ASCII-safe text