Classical Substitution
The arms race between letter-mappers and frequency counters
For a thousand years after Caesar, cryptographers mapped letters to other symbols and believed their ciphers were unbreakable. Then in 850 AD, Al-Kindi of Baghdad wrote a nine-page treatise that shattered every substitution cipher ever made — and every one that would be made for the next four centuries. This hall shows the battle that followed.
Al-Kindi's insight (850 AD): Count how often each letter appears in ciphertext. The most frequent symbol probably represents E (12.7% of English). The second most frequent is probably T (9.1%). Map frequencies to expected values — the key reveals itself. This technique alone broke every cipher in this hall.
Each letter maps permanently to another. A→Q, B→M, C→L… The key is a full 26-letter permutation, giving 26! possible keys — more than 4×10²⁶. Vast keyspace, zero protection.
Cipher: QWERTYUIOPASDFGHJKLZXCVBNM
The Renaissance answer to frequency analysis: give common letters multiple symbols. E encrypts as 12, 37, or 44. T as 21 or 90. Frequency peaks flatten. Used in European diplomatic ciphers for 400 years.
A → 05, 63 Z → 99
Charles Wheatstone's breakthrough: encrypt letter pairs, not single letters. A 5×5 key square defines rules for each pair. Defeats single-letter frequency analysis completely. Used by Britain in WWI and WWII.
Félix Delastelle's two-keyword refinement of Playfair: four 5×5 squares laid in a 2×2 grid, two of them keyed. Encrypts digraphs without Playfair's awkward double-letter rule, and can produce a different ciphertext digraph for the same plaintext digraph appearing in different positions.
Delastelle's pared-back digraph cipher — only two keyed squares, arranged horizontally or vertically. Faster to set up than Four-Square but leaks more digraph structure: plaintext pairs that share a row simply pass through unchanged in the horizontal variant.
The 400-year diplomatic standard. A small substitution alphabet plus a 1,000-2,000 entry codebook of words and names — with nulls sprinkled in. The Babington Plot, the Spanish Armada traffic, Marie Antoinette's correspondence, and Louis XIV's Great Cipher are all nomenclators. Black Chambers in Vienna, Paris, and London built their reputation slowly reconstructing them.
Lester Hill applied linear algebra to cryptography. Letters become vectors; the key is a matrix; encryption is matrix multiplication. Strong diffusion — every output letter depends on multiple input letters. Broken by known plaintext.
The Rossignols' nomenclator for Louis XIV. ~587 numbered codewords stand for syllables, single letters, decoy nulls — and one number means "delete the previous letter." Unread for 200 years; broken by Bazeries in 1893.
DELETE PREV → 891
The 64-glyph nomenclator Mary, Queen of Scots used to plot Elizabeth I's assassination — broken in days by Thomas Phelippes, who then forged a postscript that named the conspirators. The first cipher whose breaking is documented to have caused an execution.
QUEEN → ⟨w28⟩ DOUBLETH → ⟨x2⟩
The Substitution Arms Race
Al-Kindi's 850 AD technique. Every monoalphabetic cipher is broken by counting symbol frequencies and matching them to known language distributions. The Caesar cipher is a trivial special case.
Assign multiple ciphertexts to common letters to flatten frequency peaks. A sophisticated attacker can still detect the homophonic system through structural patterns and solve it with enough ciphertext.
Playfair encrypts letter pairs; AES encrypts 128-bit blocks. The principle is the same: operate on multiple characters simultaneously to defeat single-character statistical attacks.
Hill's matrix multiplication concept — mixing multiple input letters to produce each output letter — became the MixColumns step in AES, one of the four core operations providing diffusion.