Encryption

Imagine you pass a note across a classroom: "Meet me by the gate at 4." Between your hand and your friend's, half a dozen people could unfold it and read every word. The internet is exactly like that crowded classroom — your messages, passwords and bank details are handed from computer to computer, and along the way anyone who is snooping can copy what goes past. So how does your card number get to a shop safely when it travels through machines you don't control?

The answer is encryption: before the message leaves, it is deliberately scrambled into gibberish. An eavesdropper still sees something — but it is meaningless. Only the person you meant to reach can turn it back into the real message.

The three words that matter: plaintext, key, ciphertext

Encryption always uses the same cast of characters. The readable message you start with is the plaintext. You scramble it using a secret value called the key. The scrambled, unreadable result is the ciphertext — that's what actually travels across the network. To read it, the receiver runs the process in reverse using the key; turning ciphertext back into plaintext is called decryption.

\text{plaintext} \;\xrightarrow{\;\text{encrypt with key}\;}\; \text{ciphertext} \;\xrightarrow{\;\text{decrypt with key}\;}\; \text{plaintext}

The whole point is this: the key is the secret, not the method. An attacker can know exactly how your encryption works and still be stuck, because without the right key the ciphertext is just noise. That is why intercepting the data is not enough — a thief who copies your encrypted card number gets a string of nonsense, useless without the key.

A worked example: the Caesar shift cipher

The oldest encryption trick in the book is named after Julius Caesar, who used it to protect military orders. The idea could not be simpler: pick a number (that's your key) and shift every letter that many places along the alphabet. With a key of 3, A becomes D, B becomes E, C becomes F, and so on. Watch what happens to the word HELLO:

When you reach the end of the alphabet you wrap around to the start again — so with a shift of 3, Y loops past Z back round to B. To decrypt, the receiver simply shifts the same number of places backwards. Same key, opposite direction — and the plaintext reappears.

Try it yourself — encrypt and decrypt with Run

This program has one function, caesar, that shifts every letter by a key. Encrypting shifts forwards; decrypting shifts by the negative key, undoing it exactly. Change the message and the key, then press Run and read the Output tab:

function caesar(text: string, shift: number): string { let result: string = ""; for (const ch of text.toUpperCase()) { const code: number = ch.charCodeAt(0); if (code >= 65 && code <= 90) { // only shift the letters A–Z // + 26 before the % keeps it positive even when shift is negative const shifted: number = ((code - 65 + shift) % 26 + 26) % 26 + 65; result = result + String.fromCharCode(shifted); } else { result = result + ch; // leave spaces and punctuation alone } } return result; } const message: string = "MEET AT DAWN"; const key: number = 3; const cipher: string = caesar(message, key); // encrypt: shift forwards const back: string = caesar(cipher, -key); // decrypt: shift backwards console.log("Plaintext: " + message); console.log("Ciphertext: " + cipher); console.log("Decrypted: " + back);

Notice that decrypting is just encrypting with the opposite shift — the same key drives both directions. That is the defining feature of the next idea.

Symmetric encryption — one shared key

The Caesar cipher uses one key for both jobs: the same number that scrambles the message also unscrambles it. Encryption that works this way is called symmetric, because the two ends are mirror images — whoever can lock the box can also unlock it.

That is powerful, but it creates a puzzle: the sender and receiver must both already know the secret key. How do you agree on a key with a shop you have never spoken to, over the very network you don't trust? Solving that "how do we share the key safely?" problem is what pushed cryptographers to invent much cleverer, vastly stronger modern methods — including systems that use a pair of keys so a secret can be agreed even over an open line. That is a story for another page, but the takeaway now is that the Caesar cipher is only the first rung on a very tall ladder.

When a website's address starts with https:// and your browser shows a padlock, everything between your device and that site is encrypted — using modern methods far stronger than any shift cipher. Anyone tapping the wire (say, on public café Wi‑Fi) sees only ciphertext, so they can't read your password or card number as it travels. Plain http:// with no padlock sends everything as readable plaintext. The padlock doesn't promise the site is honest — it promises the connection is private, which is why you should never type a password on a page without it.

A Caesar cipher is a teaching toy, not real security. Two traps to remember:

Why bother, if it can be intercepted anyway?

Encryption doesn't try to stop your data being copied — on a shared network, it will be. Instead it makes the copy useless. An attacker who grabs the ciphertext faces a choice: give up, or try to guess the key. With a good modern cipher and a large key, "try to guess the key" means checking more possibilities than there are atoms in the observable universe. So encryption turns a secret you can't physically hide into one that is practically impossible to read — which, for keeping your messages and money safe, is just as good.