A polyalphabetic cipher is any cipher based on substitution, using multiple substitution alphabets. The Vigenère cipher is probably the best-known example of a polyalphabetic cipher, though it is a simplified special case.

The first published polyalphabetic cipher was invented by Leon Battista Alberti around 1467. Alberti used a Caesar cipher to encrypt a message, but whenever he wanted to he would switch to a different alphabet, indicating that he had done so by capitalizing the first letter encrypted with the new alphabet. Alberti also invented a decoder device, his encryption disk, which implemented a cipher equivalent to the one published later by Johannes Trithemius.

Johannes Trithemius, in a book published after his death, invented a progressive key polyalphabetic cipher. Unlike Alberti's cipher, which switched alphabets at random intervals, Trithemius switched alphabets for each letter of the message. He started with a tabula recta, a square with 26 alphabets in it (Trithemius, writing in Latin, used 24 alphabets). Each alphabet was shifted one letter to the left from the one above it, and started again with A after reaching Z, like this:

 |ABCDEFGHIJKLMNOPQRSTUVWXYZ| --+--------------------------+--- A |ABCDEFGHIJKLMNOPQRSTUVWXYZ| 0 B |BCDEFGHIJKLMNOPQRSTUVWXYZA| 1 C |CDEFGHIJKLMNOPQRSTUVWXYZAB| 2 D |DEFGHIJKLMNOPQRSTUVWXYZABC| 3 E |EFGHIJKLMNOPQRSTUVWXYZABCD| 4 F |FGHIJKLMNOPQRSTUVWXYZABCDE| 5 G |GHIJKLMNOPQRSTUVWXYZABCDEF| 6 H |HIJKLMNOPQRSTUVWXYZABCDEFG| 7 I |IJKLMNOPQRSTUVWXYZABCDEFGH| 8 J |JKLMNOPQRSTUVWXYZABCDEFGHI| 9 K |KLMNOPQRSTUVWXYZABCDEFGHIJ| 10 L |LMNOPQRSTUVWXYZABCDEFGHIJK| 11 M |MNOPQRSTUVWXYZABCDEFGHIJKL| 12 N |NOPQRSTUVWXYZABCDEFGHIJKLM| 13 O |OPQRSTUVWXYZABCDEFGHIJKLMN| 14 P |PQRSTUVWXYZABCDEFGHIJKLMNO| 15 Q |QRSTUVWXYZABCDEFGHIJKLMNOP| 16 R |RSTUVWXYZABCDEFGHIJKLMNOPQ| 17 S |STUVWXYZABCDEFGHIJKLMNOPQR| 18 T |TUVWXYZABCDEFGHIJKLMNOPQRS| 19 U |UVWXYZABCDEFGHIJKLMNOPQRST| 20 V |VWXYZABCDEFGHIJKLMNOPQRSTU| 21 W |WXYZABCDEFGHIJKLMNOPQRSTUV| 22 X |XYZABCDEFGHIJKLMNOPQRSTUVW| 23 Y |YZABCDEFGHIJKLMNOPQRSTUVWX| 24 Z |ZABCDEFGHIJKLMNOPQRSTUVWXY| 25 

Trithemius's idea was to encipher the first letter of the message using the first shifted alphabet, so A became B, B became C, etc. The second letter of the message was enciphered using the second shifted alphabet, etc. Alberti's cipher disk implemented the same scheme. It had two alphabets, one on a fixed outer ring, and the other on the rotating disk. A letter is enciphered by looking for that letter on the outer ring, and encoding it as the letter underneath it on the disk. The disk started with A underneath B, and the user rotated the disk by one letter after encrypting each letter.

Trithemius' cypher was trivial to break, and Alberti's machine implementation not much more difficult. Key progression in both cases was poorly concealed from attackers. Even Alberti's implementation of his polyalphabetic cypher was rather easy to break (the capitalized letter is a major clue to the cryptanalyst). For most of the next several hundred years, the significance of using multiple substitution alphabets was missed by almost everyone. Polyalphabetic substitution cypher designers seem to have concentrated on obscuring the choice of a few such alphabets (repeating as needed), not on the increased security possible by using many and never repeating any.

The principle (particularly Alberti's unlimited additional substitution alphabets) was a major advance -- the most significant in the several hundred years since frequency analysis had been developed. A reasonable implementation would have been (and, when finally achieved, was) vastly harder to break. It was not until the mid-1800s (in Babbage's secret work during the Crimean War) and Friedrich Kasiski's generally equivalent public disclosure some years later, that cryptanalysis of well-implemented polyalphabetic cyphers got anywhere at all.

See also: Topics in cryptography.