T

Text Machine

Powerful text tools, in your browser

Affine Cipher

Encode and decode the affine cipher using the formula E(x) = (a·x + b) mod 26. Step the multiplier a and shift b, watch the substitution alphabet and the live formula update, and copy, download, or share the result. Everything runs privately in your browser.

Cipher keys

Multiplier a

5

Shift b

8

E(x) = (5x + 8) mod 26

The multiplier a must be coprime with 26, so only twelve values are allowed: 1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, and 25. The shift b can be any number from 0 to 25.

Plain text
Ciphertext

Enter text above to see the result here.

Substitution alphabet

Plain

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z

Cipher

I
N
S
X
C
H
M
R
W
B
G
L
Q
V
A
F
K
P
U
Z
E
J
O
T
Y
D

How to use Affine Cipher

  1. 1

    Choose encode or decode

    Pick Encode to turn plain text into affine ciphertext, or Decode to turn ciphertext back into readable text using the same two keys.

  2. 2

    Set the multiplier a

    Step the multiplier a through its twelve valid values. Only numbers coprime with 26 are offered, so the cipher can always be reversed.

  3. 3

    Set the shift b

    Step the shift b to any value from 0 to 25. The live formula and the substitution alphabet table update the moment you change it.

  4. 4

    Type or paste your text

    Enter your message and the cipher runs as you type. Letters are enciphered while spaces, digits, and punctuation pass through unchanged, and capitalisation is preserved.

  5. 5

    Copy, download, or share

    Copy the result, download it as a text file, or share a link that reopens the tool with your exact keys, text, and direction ready to go.

Understanding the Affine Cipher

What is the affine cipher?

The affine cipher is a monoalphabetic substitution cipher built from simple modular arithmetic. Each letter is turned into a number, with A = 0 up to Z = 25, passed through the linear function E(x) = (a·x + b) mod 26, and turned back into a letter. The two numbers a and b are the key: a is the multiplier and b is the shift. Because the same letter always maps to the same cipher letter, the affine cipher belongs to the same family as the Caesar and Atbash ciphers, but its multiply-then-shift step makes it more general than either.

The name comes from the affine function a·x + b, the combination of a multiplication and an addition that gives the cipher its structure. It is one of the most popular ciphers for teaching the mathematics behind cryptography, because it shows how modular arithmetic, coprime numbers, and modular inverses come together in a working code. It is also a regular guest in puzzles, escape rooms, and capture-the-flag challenges, where its small key space makes it satisfying to crack by hand.

The affine encryption formula

To encrypt, every letter is converted to its position in the alphabet, with A = 0, B = 1, and so on to Z = 25. That number x is fed into the formula E(x) = (a·x + b) mod 26: multiply by a, add b, and take the remainder after dividing by 26 so the result wraps back into the range 0 to 25. Converting that number back to a letter gives the ciphertext. Multiplying by a stretches and scrambles the alphabet, while adding b slides it along, and the mod 26 keeps everything inside the 26-letter ring.

The tool above shows the whole mapping at a glance. The substitution alphabet table lists every plain letter A–Z with the cipher letter it becomes under your current a and b, and it updates the instant you change either key. Letter case is preserved, and anything that is not a letter — spaces, digits, punctuation, emoji — passes straight through untouched, so the shape of your message stays readable even after it is enciphered.

Choosing the keys a and b

The shift b is easy: it can be any whole number from 0 to 25. The multiplier a is the interesting one, because not every value works. For the cipher to be reversible, a must be coprime with 26, meaning it shares no common factor with 26 other than 1. Since 26 = 2 × 13, any even number and any multiple of 13 is ruled out, which leaves exactly twelve usable values: 1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, and 25.

If a shares a factor with 26 — say a = 2 — then several different plain letters collide on the same cipher letter, and the message can no longer be decoded uniquely. That is why the multiplier control above only steps through the twelve valid values: it is impossible to choose a key that cannot be undone. With twelve choices for a and twenty-six for b, there are 312 possible key combinations in total, one of which, a = 1 and b = 0, leaves the text unchanged.

A worked affine example

Take the keys a = 5 and b = 8 and encrypt the word AFFINECIPHER. The first letter A is 0, so E(0) = (5·0 + 8) mod 26 = 8, which is I. The next letter F is 5, so E(5) = (5·5 + 8) mod 26 = 33 mod 26 = 7, which is H. Continuing letter by letter through the whole word gives the ciphertext IHHWVCSWFRCP.

You can follow every step on the substitution alphabet table above: set a to 5 and b to 8, and the cipher row shows A becoming I, B becoming N, C becoming S, and so on across the alphabet. Because the mapping is fixed, enciphering the same letter always gives the same result — both F letters in AFFINE become H — which is exactly the property that lets an attacker use frequency analysis against it.

Decrypting an affine cipher

Decryption runs the formula backwards with D(y) = a⁻¹·(y − b) mod 26. The new ingredient is a⁻¹, the modular inverse of a: the number that, multiplied by a, gives 1 mod 26. For a = 5 the inverse is 21, because 5 × 21 = 105 = 4 × 26 + 1. To decode you subtract the shift b, multiply by that inverse, and take the result mod 26. Carrying the example back, the cipher letter I is 8, and D(8) = 21·(8 − 8) mod 26 = 0, which is A again.

You never have to work the inverse out yourself. Choose Decode above, enter the same a and b that were used to encrypt, and paste the ciphertext — the tool finds the modular inverse and recovers the message instantly. Because the affine cipher is a clean one-to-one mapping, decoding returns your original text exactly, with its spaces, capitalisation, and punctuation all intact.

Caesar and Atbash as special cases

The affine cipher quietly contains two of the most famous classical ciphers. Set the multiplier a to 1 and the formula collapses to E(x) = (x + b) mod 26, which is precisely the Caesar cipher — a pure shift of every letter by b places. With a = 1 and b = 3 you get the classic shift Julius Caesar is said to have used, turning A into D and HELLO into KHOOR.

Set a = 25 and b = 25 and something just as familiar appears. Since 25 is the same as −1 mod 26, the formula becomes E(x) = (25 − x) mod 26, which reverses the alphabet so A becomes Z, B becomes Y, and so on. That is the Atbash cipher, used by Hebrew scribes thousands of years ago. Seeing both ciphers fall out of one formula is the clearest way to understand how the affine cipher generalises them — try each setting above and watch the substitution table confirm it.

How secure is the affine cipher?

By any modern measure the affine cipher offers no real security. With only 312 possible keys — and fewer still that actually scramble the text — a computer can try every one in a fraction of a second, and even a patient person can brute-force it by hand. There is simply not enough secret information in two small numbers to resist attack.

It is also vulnerable to frequency analysis, because it is monoalphabetic: each letter always maps to the same cipher letter, so the most common ciphertext letter is very likely to stand for E, the most common letter in English. An attacker who can guess or learn just two plaintext-to-ciphertext letter pairs can even solve for a and b directly with a little algebra. None of this is a flaw to fix — it is what makes the affine cipher such a good teaching tool — but for protecting real information you should always use a modern, peer-reviewed algorithm such as AES.

Frequently asked questions

What is the affine cipher?
The affine cipher is a monoalphabetic substitution cipher that encrypts each letter with the formula E(x) = (a·x + b) mod 26. Every letter is converted to a number from 0 to 25, multiplied by a, shifted by b, reduced mod 26, and converted back to a letter. The pair of numbers a and b is the key. It generalises the Caesar and Atbash ciphers and is widely used to teach the mathematics behind cryptography.
How does the affine cipher work?
Each plain letter is turned into a number (A = 0 to Z = 25) and run through E(x) = (a·x + b) mod 26: multiply by the key a, add the key b, take the remainder on division by 26, and turn the result back into a letter. The multiplication scrambles the alphabet and the addition shifts it along. Decryption reverses the steps using the modular inverse of a.
What values can the multiplier a take?
The multiplier a must be coprime with 26 — sharing no factor with it but 1 — so the cipher can be decoded uniquely. Because 26 = 2 × 13, that rules out every even number and every multiple of 13 and leaves exactly twelve values: 1, 3, 5, 7, 9, 11, 15, 17, 19, 21, 23, and 25. The tool only lets you choose from these, so your key is always reversible.
What are the keys a and b in the affine cipher?
They are the two numbers that define the cipher. The multiplier a, one of the twelve values coprime with 26, controls how the alphabet is scrambled by multiplication, and the shift b, any number from 0 to 25, slides the result along the alphabet. Both are needed to encrypt and to decrypt; change either one and the entire substitution alphabet changes.
How do you decrypt an affine cipher?
Decryption uses D(y) = a⁻¹·(y − b) mod 26, where a⁻¹ is the modular inverse of a — the number that gives 1 when multiplied by a mod 26. You subtract the shift, multiply by the inverse, and reduce mod 26. The tool does this automatically: choose Decode, enter the same a and b used to encrypt, and paste the ciphertext to recover the original message.
Can you show a worked affine cipher example?
With a = 5 and b = 8, the word AFFINECIPHER encrypts to IHHWVCSWFRCP. For the first letter, A is 0, so E(0) = (5·0 + 8) mod 26 = 8 = I; for F, which is 5, E(5) = (5·5 + 8) mod 26 = 7 = H. To decode, the modular inverse of 5 is 21, and D(8) = 21·(8 − 8) mod 26 = 0 = A, returning the original text.
How is the affine cipher related to the Caesar cipher?
The Caesar cipher is the special case of the affine cipher where the multiplier a is 1. With a = 1 the formula becomes E(x) = (x + b) mod 26, a pure shift of every letter by b places. Setting a = 1 and b = 3 in the tool reproduces the classic Caesar shift that turns A into D, so you can think of Caesar as an affine cipher with no multiplication step.
How is the affine cipher related to the Atbash cipher?
Atbash is the affine cipher with a = 25 and b = 25. Because 25 is equal to −1 mod 26, the formula becomes E(x) = (25 − x) mod 26, which reverses the alphabet so A becomes Z and Z becomes A. Choose those keys in the tool and the substitution alphabet shows the full reversal, demonstrating how Atbash is just one point in the affine cipher's key space.
How many possible affine cipher keys are there?
There are twelve valid choices for the multiplier a and twenty-six for the shift b, giving 312 possible key combinations. One of them, a = 1 and b = 0, maps every letter to itself and leaves the text unchanged. This small key space is why the affine cipher can be broken by trying every key — a so-called brute-force attack — almost instantly.
How do you crack the affine cipher?
Two methods work easily. Brute force tries all 312 keys and keeps the one that yields readable text. Frequency analysis exploits the fact that the cipher is monoalphabetic: the most common ciphertext letters likely stand for common letters such as E and T. If you can guess just two plaintext-to-ciphertext letter mappings, you can even solve two equations for a and b directly. This makes the affine cipher satisfying to break as a puzzle.
Does the affine cipher keep spaces, numbers, and punctuation?
Yes. Only the 26 letters A–Z are enciphered; spaces, digits, punctuation, and characters from other alphabets pass through unchanged, and the tool preserves your original capitalisation. This means the layout of your message survives encryption, which is convenient for puzzles but also gives an attacker extra clues, since word lengths and structure stay visible.
Is my text uploaded to a server?
No. All encoding and decoding happens entirely in your browser, so your text and keys are never uploaded, logged, or stored. Even a share link keeps your text and settings in the part of the URL after the hash, which browsers never send to a server, so your message stays private until you choose to share the link.

Related tools

Keep going with these handy tools

Caesar Cipher

Vigenère Cipher

Atbash Cipher

Rail Fence Cipher

Playfair Cipher

Baconian Cipher