Skip to main content
CipherChronicle

Cryptography glossary

Polyalphabetic

Also known as : Multiple substitution

A polyalphabetic cipher uses several substitution tables alternating along the message. The same plaintext letter can therefore be enciphered differently depending on its position — which flattens the frequency signature and makes direct frequency analysis useless. It’s the major conceptual leap between ancient cryptography (monoalphabetic, broken by Al-Kindi in the 9th century) and modern cryptography (polyalphabetic with long key, eventually absorbed by AES).

The birth of the idea: Alberti, 1467

The polyalphabetic idea traces back to Leon Battista Alberti, Florentine architect and humanist, who in 1467 invented the cipher disk — two concentric disks each carrying the alphabet, with their alignment changing during the message at agreed-upon markers. It’s the first time a cipher explicitly switches substitution along the way. Alberti called it in his writings “the queen of ciphers”, and he was nearly right.

Trithemius (1499) systematized the idea with a Tabula Recta: a table of 26 shifted alphabets. Belaso (1553) introduced the notion of a textual key — a word that dictates which alphabets to use. And it’s Blaise de Vigenère (1586) who synthesized everything in his Traité des chiffres, lending his name to a cipher he didn’t invent. Posthumous, but persistent: today we say “Vigenère cipher”, not “Alberti-Trithemius-Belaso-Vigenère”.

The Vigenère cipher in example

The Vigenère cipher expresses the principle as 26 Caesar alphabets indexed by the letters of a repeated key:

Plain  : ATTACKATDAWN
Key    : SECRETSECRET
Cipher : SXVRGDSXFRAR

When you reach the end of the key, you wrap around. The plaintext E is sometimes encrypted to I, sometimes to J, sometimes to V… depending on the key letter that lands on it. This variability is exactly what flattens the frequency signature: a letter count on the ciphertext no longer shows E peaking at 12.7 %, but a much flatter distribution.

Why Vigenère held for three centuries

For 277 years, Vigenère was nicknamed “the indecipherable cipher”. The reason is simple: frequency analysis no longer works, and nobody before 1854 knew another angle of attack. It’s the index of coincidence of a well-keyed Vigenère that gives it away: it drops to ~0.04, close to random — a signature very different from monoalphabetic (~0.067).

Charles Babbage (1854) then Friedrich Kasiski (1863) independently showed that you can guess the key length by looking for repeated sequences in the ciphertext, then apply a frequency analysis to each sub-message corresponding to the same position in the key. At that point, Vigenère no longer holds.

Notable variants

The polyalphabetic family has many variants:

  • Beaufort (Sir Francis Beaufort, ~1857): subtractive variant. Special property: self-inverse, so the same process encrypts and decrypts. Convenient for military operators without an inverse table.
  • Beaufort variant: a symmetric but distinct flavor.
  • Autokey (Vigenère himself, 1586): the key extends by concatenating the plaintext after the initial keyword. No more key repetitions → Kasiski becomes ineffective. But other attacks remain (probable words).
  • Porta (Giovanni Battista della Porta, 1563): only 13 alphabets, organized in pairs. More resistant to short-text attacks than Vigenère.
  • Gronsfeld: Vigenère where the key is numeric (a digit string) instead of textual.
  • Enigma (1923): mechanical polyalphabetic with rotors stepping on every keypress. Massive key space (10²² combinations), but predictable operator usage allowed Bletchley Park to crack it.

The endpoint: the one-time pad

If a polyalphabetic key is:

  1. Truly random (not a dictionary word),
  2. As long as the message (no repetition),
  3. Used only once (never reused),

then you get the one-time pad (OTP), mathematically proven unbreakable by Claude Shannon in 1949 (“perfect secrecy”). No statistical attack works, because every possible key produces a plausible decryption. Impractical for the general public (how do you share a 1 GB key?), but used by intelligence services for the most sensitive communications, and on the Washington-Moscow hotline during the Cold War.

Today

Today, classical polyalphabetic ciphers (Vigenère, Beaufort) are pedagogical objects. Modern ciphers (AES, ChaCha20) aren’t really polyalphabetic in the classical sense — they operate on 128-bit blocks and apply confusion + diffusion in parallel. But the spirit of Vigenère, “change the transformation at every chunk of plaintext”, remains the central idea. AES in CTR mode, for instance, generates a pseudo-random stream that’s XORed with the plaintext — conceptually it’s a Vigenère with an infinite key generated by a deterministic algorithm.

Key takeaways:

  • Polyalphabetic = several substitution tables alternating by a key. Flattens frequency.
  • Born with Alberti (1467), formalized by Vigenère (1586). Held for 277 years.
  • Variants: Beaufort, Autokey, Porta, Gronsfeld, Enigma.
  • Fell in 1854/1863 to Babbage/Kasiski → key-length analysis + frequency analysis by sub-message.
  • The only mathematically unbreakable polyalphabetic is the one-time pad (random key as long as the message, used once).

← Whole glossary