In this lesson, students are introduced to the need for encryption and simple techniques for breaking (or cracking) secret messages. They will try their own hand at cracking a message encoded with the classic Caesar cipher and also a Random Substitution Cipher. Students should become well-acquainted with the idea that in an age of powerful computational tools, techniques of encryption will need to be more sophisticated. The most important aspect of this lesson is to understand how and why encryption plays a role in all of our lives every day on the Internet, and that making good encryption is not trivial. Students will get their feet wet with understanding the considerations that must go into making strong encryption in the face of powerful computational tools that can be used to crack it. The need for secrecy when sending bits over the Internet is important for anyone using the Internet.

Encryption is a process - an algorithm - for transforming a message so that the original text is hidden from anyone who is not the intended recipient. This is often called a "secret code." Reversing the encryption process to reveal the original message is called decryption. History is full of examples of people encrypting messages and attempting to crack secret codes.



Students will be able to:


This lesson is the first in a series of lessons about cryptography and encryption. "Encryption" is a process for transforming a message so that the original is "hidden" from anyone who is not the intended recipient. Encryption is not just for the military and spies anymore. We use encryption everyday on the Internet, primarily to conduct commercial transactions, and without it our economy might grind to a halt. This lesson gives students a first taste of the kind of thinking that goes into encrypting messages in the face of computational tools. Computational tools dramatically increase the strength and complexity of the algorithms we use to encrypt information, but these same tools also increase our ability to crack an encryption. Developing strong encryption relies on knowledge of problems that are "hard" for computers to solve, and using that knowledge to encrypt messages.


Getting Started

Ask the students to think about what things do they or other people rely on keeping a secret in their daily life? Who are these secrets being kept from? How are these things kept secret?

Make sure to:

Some ideas that the class can discuss include:

Discussion Goals

Secrecy is a critical part of our lives, in ways big and small. As our lives increasingly are conducted on the Internet, we want to be sure we can maintain the privacy of our information and control who has access to privileged information. Digital commerce, business, government operations, and even social networks all rely on our ability to keep information from falling into the wrong hands.

For example, in Roman times, Julius Caesar is reported to have encrypted messages to his soldiers and generals by using a simple alphabetic shift - every character was encrypted by substituting it with a character that was some fixed number of letters away in the alphabet. As a result an alphabetic shift is often referred to as the Caesar Cipher.

Spark the student's interest by asking them to decode the following:

serr cvmmn va gur pnsrgrevn

Give the students about 3-5 minutes on this. The correct answer is "free pizza in the cafeteria" with the A-Z alphabet shifted 13 characters.


Cracking the Caesar Cipher

In this set of activities the students will "crack" some encrypted messages with the use of tools. First, let's begin with messages encrypted with Caesar ciphers. Use the "Caesar Cipher Widget in the Resources Section.

Using the cipher, select a sample and crack the encryption.

Crack a Random Substitution Cipher

What if, instead of shifting the whole alphabet, we mapped every letter of the alphabet to a random different letter of the alphabet? This is called a random substitution cipher. Use the "Random Substitution Cipher Widget" in the Resources section to crack a randomly substituted message.

Let the students know that the best technique for cracking a random substitution cipher is known as frequency analysis. Hint: Did you know that "e" is the most common letter in the English language?

Paraphrased from Wikipedia:

Frequency analysis is a technique that is based on how frequently certain letters appear in English versus others. For instance, given a section of English text, E, T, A and O are the most common, while Z, Q and X are rare. Likewise, TH, ER, ON, and AN are the most common pairs of letters that occur next to each other. In fact, the distribution of letters is roughly the same for almost all samples of English text.

By analyzing the frequency of the letters in the encrypted message compared to the frequency of letters in a typical piece of English prose, you can start to narrow in on what some of the letter mappings might be.

Wrap Up

As part of wrap up the major points we want to draw out are:

Discussion Topics

Please use the following topics to bring closure to the lesson and as an avenue to draw out the points above.


Q1: What is a Caesar cipher? As part of your answer demonstrate encrypting the plaintext messages: CS IS COOL with a caesar cipher.

Q2: What is the "key" to a Caesar Cipher that someone needs to know (or discover) to decrypt the message?

Q3: The Caesar Cipher has 25 different shifts to try. How many possibilities are there to try in a random substitution cipher?

Q4: List 3 characteristics of the ideal encryption scheme.

Q5: Knowing what you know now about frequency analysis, would you feel comfortable sending your password over the Internet using a substitution cipher? Why or why not?

Extended Learning

Optional Reading

The earlier sections of Chapter 5 of "Blown to Bits" make reference to the significance of and controversies surrounding encryption in the aftermath of September 11th. This reading may be a useful tool for further introducing the impact of cryptography on many aspects of modern life.

Ask students to review the history of their Internet browsing and calculate roughly what percentage they conduct with the assumption that it is "private." Do they have any way of being sure this is the case? Are there any websites they visit where they feel more confident in the secrecy of their traffic than others? Are they justified in this conclusion?

Standards Alignment