Polyalphabetic cipher

A polyalphabetic cipher is a substitution, using multiple substitution alphabets. The Vigenère cipher is probably the best-known example of a polyalphabetic cipher, though it is a simplified special case. The Enigma machine is more complex but is still fundamentally a polyalphabetic substitution cipher.

History
The work of Al-Qalqashandi (1355–1418), based on the earlier work of Ibn al-Durayhim (1312–1359), contained the first published discussion of the substitution and transposition of ciphers, as well as the first description of a polyalphabetic cipher, in which each plaintext letter is assigned more than one substitute. However, it has been claimed that polyalphabetic ciphers may have been developed by the Arab cryptologist Al Kindi (801–873) centuries earlier.

The Alberti cipher by Leon Battista Alberti around 1467 was an early polyalphabetic cipher. Alberti used a mixed alphabet to encrypt a message, but whenever he wanted to, he would switch to a different alphabet, indicating that he had done so by including an uppercase letter or a number in the cryptogram. For this encipherment Alberti used a decoder device, his cipher disk, which implemented a polyalphabetic substitution with mixed alphabets.

Johannes Trithemius—in his book Polygraphiae libri sex (Six books of polygraphia), which was published in 1518 after his death—invented a progressive key polyalphabetic cipher called the Trithemius cipher. Unlike Alberti's cipher, which switched alphabets at random intervals, Trithemius switched alphabets for each letter of the message. He started with a tabula recta, a square with 26 letters in it (although Trithemius, writing in Latin, used 24 letters). Each alphabet was shifted one letter to the left from the one above it, and started again with A after reaching Z (see table). Trithemius's idea was to encipher the first letter of the message using the first shifted alphabet, so A became B, B became C, etc. The second letter of the message was enciphered using the second shifted alphabet, etc. Alberti's cipher disk implemented the same scheme. It had two alphabets, one on a fixed outer ring, and the other on the rotating disk. A letter is enciphered by looking for that letter on the outer ring, and encoding it as the letter underneath it on the disk. The disk started with A underneath B, and the user rotated the disk by one letter after encrypting each letter.

The cipher was trivial to break, and Alberti's machine implementation not much more difficult. Key progression in both cases was poorly concealed from attackers. Even Alberti's implementation of his polyalphabetic cipher was rather easy to break (the capitalized letter is a major clue to the cryptanalyst). For most of the next several hundred years, the significance of using multiple substitution alphabets was missed by almost everyone. Polyalphabetic substitution cipher designers seem to have concentrated on obscuring the choice of a few such alphabets (repeating as needed), not on the increased security possible by using many and never repeating any.

The principle (particularly Alberti's unlimited additional substitution alphabets) was a major advance—the most significant in the several hundred years since frequency analysis had been developed. A reasonable implementation would have been (and, when finally achieved, was) vastly harder to break. It was not until the mid-19th century (in Babbage's secret work during the Crimean War and Friedrich Kasiski's generally equivalent public disclosure some years later), that cryptanalysis of well-implemented polyalphabetic ciphers got anywhere at all. See Kasiski examination.