Jump to content

Tabula recta

From Wikipedia, the free encyclopedia
Tabula recta

In cryptography, the tabula recta (from Latin tabula rēcta) is a square table of alphabets, each row of which is made by shifting the previous one to the left. The term was invented by the German author and monk Johannes Trithemius[1] in 1508, and used in his Trithemius cipher.

Trithemius cipher[edit]

The Trithemius cipher was published by Johannes Trithemius in his book Polygraphia, which is credited with being the first published printed work on cryptology.[2]

Trithemius used the tabula recta to define a polyalphabetic cipher, which was equivalent to Leon Battista Alberti's cipher disk except that the order of the letters in the target alphabet is not mixed. The tabula recta is often referred to in discussing pre-computer ciphers, including the Vigenère cipher and Blaise de Vigenère's less well-known autokey cipher. All polyalphabetic ciphers based on the Caesar cipher can be described in terms of the tabula recta.

The tabula recta uses a letter square with the 26 letters of the alphabet followed by 26 rows of additional letters, each shifted once to the left from the one above it. This, in essence, creates 26 different Caesar ciphers.[1]

The resulting ciphertext appears as a random string or block of data. Due to the variable shifting, natural letter frequencies are hidden. However, if a codebreaker is aware that this method has been used, it becomes easy to break. The cipher is vulnerable to attack because it lacks a key, thus violating Kerckhoffs's principle of cryptology.[1]


In 1553, an important extension to Trithemius's method was developed by Giovan Battista Bellaso, now called the Vigenère cipher.[3] Bellaso added a key, which is used to dictate the switching of cipher alphabets with each letter. This method was misattributed to Blaise de Vigenère, who published a similar autokey cipher in 1586.

The classic Trithemius cipher (using a shift of one) is equivalent to a Vigenère cipher with ABCDEFGHIJKLMNOPQRSTUVWXYZ as the key. It is also equivalent to a Caesar cipher in which the shift is increased by 1 with each letter, starting at 0.


Within the body of the tabula recta, each alphabet is shifted one letter to the left from the one above it. This forms 26 rows of shifted alphabets, ending with an alphabet starting with Z (as shown in image). Separate from these 26 alphabets are a header row at the top and a header column on the left, each containing the letters of the alphabet in A-Z order.

The tabula recta can be used in several equivalent ways to encrypt and decrypt text. Most commonly, the left-side header column is used for the plaintext letters, both with encryption and decryption. That usage will be described herein. In order to decrypt a Trithemius cipher, one first locates in the tabula recta the letters to decrypt: first letter in the first interior column, second letter in the second column, etc.; the letter directly to the far left, in the header column, is the corresponding decrypted plaintext letter. Assuming a standard shift of 1 with no key used, the encrypted text HFNOS would be decrypted to HELLO (H->H, F->E, N->L, O->L, S->O ). So, for example, to decrypt the second letter of this text, first find the F within the second interior column, then move directly to the left, all the way to the leftmost header column, to find the corresponding plaintext letter: E.

Data is encrypted in the opposite fashion, by first locating each plaintext letter of the message in the leftmost header column of the tabula recta, and mapping it to the appropriate corresponding letter in the interior columns. For example, the first letter of the message is found within the left header column, and then mapped to the letter directly across in the column headed by "A". The next letter is then mapped to the corresponding letter in the column headed by "B", and this continues until the entire message is encrypted.[4] If the Trithemius cipher is thought of as having the key ABCDEFGHIJKLMNOPQRSTUVWXYZ, the encryption process can also be conceptualized as finding, for each letter, the intersection of the row containing the letter to be encrypted with the column corresponding to the current letter of the key. The letter where this row and column cross is the ciphertext letter.

Programmatically, the cipher is computable, assigning , then the encryption process is . Decryption follows the same process, exchanging ciphertext and plaintext. key may be defined as the value of a letter from a companion ciphertext in a running key cipher, a constant for a Caesar cipher, or a zero-based counter with some period in Trithemius's usage.[5]



  1. ^ a b c Salomon, Data Privacy, page 63
  2. ^ Kahn, David (1996). The Codebreakers (2nd ed.). Scribner. p. 133. ISBN 978-0-684-83130-5.
  3. ^ Salomon, Coding for Data, page 249
  4. ^ Rodriguez-Clark, Dan, Polyalphabetic Substitution Ciphers, Crypto Corner
  5. ^ Kahn, page 136


External links[edit]