Polyalphabetic cipher

From Wikipedia, the free encyclopedia
Jump to: navigation, search

A polyalphabetic cipher is any cipher based on substitution, using multiple substitution alphabets. The Vigenère cipher is probably the best-known example of a polyalphabetic cipher, though it is a simplified special case. The Enigma machine is more complex but still fundamentally a polyalphabetic substitution cipher.


The Alberti cipher by Leon Battista Alberti around 1467 is believed to be the first polyalphabetic cipher. Alberti used a mixed alphabet to encrypt a message, but whenever he wanted to, he would switch to a different alphabet, indicating that he had done so by including an uppercase letter or a number in the cryptogram. For this encipherment Alberti used a decoder device, his cipher disk, which implemented a polyalphabetic substitution with mixed alphabets.

Although Alberti is usually considered the father of polyalphabetic cipher, it has been claimed that polyalphabetic ciphers may have been developed by the Arab cryptologist Al Kindi 600 years before Alberti.[1] Johannes Trithemius—in his book Polygraphiae libri sex (Six books of polygraphia), which was published in 1518 after his death—invented a progressive key polyalphabetic cipher called the Trithemius cipher.[2] Unlike Alberti's cipher, which switched alphabets at random intervals, Trithemius switched alphabets for each letter of the message. He started with a tabula recta, a square with 26 letters in it (although Trithemius, writing in Latin, used 24 letters ). Each alphabet was shifted one letter to the left from the one above it, and started again with A after reaching Z (see table).

Tabula recta

Trithemius's idea was to encipher the first letter of the message using the first shifted alphabet, so A became B, B became C, etc. The second letter of the message was enciphered using the second shifted alphabet, etc. Alberti's cipher disk implemented the same scheme. It had two alphabets, one on a fixed outer ring, and the other on the rotating disk. A letter is enciphered by looking for that letter on the outer ring, and encoding it as the letter underneath it on the disk. The disk started with A underneath B, and the user rotated the disk by one letter after encrypting each letter.

The cipher was trivial to break, and Alberti's machine implementation not much more difficult. Key progression in both cases was poorly concealed from attackers. Even Alberti's implementation of his polyalphabetic cipher was rather easy to break (the capitalized letter is a major clue to the cryptanalyst). For most of the next several hundred years, the significance of using multiple substitution alphabets was missed by almost everyone. Polyalphabetic substitution cipher designers seem to have concentrated on obscuring the choice of a few such alphabets (repeating as needed), not on the increased security possible by using many and never repeating any.

The principle (particularly Alberti's unlimited additional substitution alphabets) was a major advance—the most significant in the several hundred years since frequency analysis had been developed. A reasonable implementation would have been (and, when finally achieved, was) vastly harder to break. It was not until the mid-19th century (in Babbage's secret work during the Crimean War and Friedrich Kasiski's generally equivalent public disclosure some years later), that cryptanalysis of well-implemented polyalphabetic ciphers got anywhere at all.


  1. ^ Maclean, Donald, Al-Kindi, retrieved 13 April 2012 
  2. ^ Johann Tritheim, Polygraphiae libri sex … (Basel, Switzerland: Michael Furter and Adam Petri, 1518), Liber quintus (fifth book), pages 461-462; the Recta transpositionis tabula (square table of transpositions, or "Vigenère table") appears on page 463.


See also[edit]