The present article describes achievements of Giovanni Battista Porta (1535?-1615) in cryptology, occasionally using David Kahn, The Codebreakers (1967) as a guide.
In 1563, Porta published a classic work on cryptology De furtivis literarum notis, vulgo de ziferis.
In 1591, a pirated edition made "almost to perfection" (Kahn p.142) was published in London (Google, Europeana).
A legitimate 1593 edition titled De occultis literarum notis (Google) added an appendix. (The term occultis (secret, occluded, hidden) and furtivis (secret, furtive) are more or less synonymous and furtivis in the title of some chapters was replaced with occultis seu furtivis in the 1593 edition.)
An enlarged and reorganized 1602 edition (Google) is reorganized into five books.
An English translation On secret notations for letters commonly called ciphers in typescript by Mrs. Keith Preston (Etta Shield Preston), used by Kahn, is in Fabian Collection of the Library of Congress (catalog entry).
Pierre François Duchesne, Notice Historique sur la vie et les ouvrages de J.-B. Porta, gentilhomme napolitain, [1801], pp.174-209 gives an extensive résumé (Kahn p.1000).
Book 1 deals with ancient ciphers.
1-III (meaning Book 1, Chapter III herein) gives abbreviations in the Roman era: CR for "cive romanum", OP for "opportere", ABVC for "ab uribe condita", and even PPPPESSSEVVVVVVVFFFF for "primus pater patriae profectus est, secum salus sublata est, venit victor validus, vicit vires vrbis vestrae, ferro fame flamma frigore."
1-V gives simple manipulation of Latin words of the plaintext "Hostis Adest Cave Tibi" into "Stisho Estad Veca Biti" (reversing the first and second half of each word) or "Horat Stissis, Adrat Estrat Casis Verat Tisis Bisis" (inserting meaningless suffices -rat and -sis).
Well-known Polybius' checkerboard signalling (1-X) and scytale (1-XII) are also covered. Note that the illustration of the scytale below (taken from the appendix of the 1593 edition) is different from transposition cipher as commonly understood today (see another article).
1-XIIII points out such ancient modes of secret writing were no longer useful.
Book 2 deals with modern ciphers.
2-I presents three kinds of ciphering: change of letters' order (transposition), shape (substitution by symbols other than Latin letters), or value (substitution by letters of another alphabet).
2-II and 2-III deal with transposition, the latter seeming to describe a way not to arouse suspicion.
2-IIII appears to describe ways to create cipher symbols (inverting letters etc.).
2-V gives an example of monoalphabetic substitution, while 2-VI explains ways to make it more secure by suppressing word breaks, providing false word breaks, or including intentional misspellings. "For it is better for a scribe to be thought ignorant than to pay the penalty for the detection of plans." (Kahn p.139)
2-VII, 2-VIII, 2-IX, and 2-X describe the famous Porta's cipher disk, with illustrations. The drawing of the cipher disk below shows the inner movable disk pasted at the initial position. Referring to the enciphering example further below, the first letter "H" is enciphered with this initial position. Then, the inner disk is rotated clockwise by one place for enciphering "O", and so on. Although a cipher disk had been described by Alberti before, Porta incorporated the idea of letter-by-letter encipherment (which per se had been anticipated by Trithemius).
Porta provides several measures to enhance secrecy. The second example below suppresses word breaks and the symbol disk includes more symbols than the letters of the alphabet, which makes the cycle of the disk positions unequal to the number of letters in the alphabet. (With the first cipher disk, every twentieth letter is enciphered with the same disk position. See "m" in "Iam" and "Milite".)
When this second cipher disk is used, the first example text is enciphered as follows.
In the following, letters I, S, H, R, Λ V, C are used as nulls.
The following third variation of Porta's cipher disk has a mixed alphabet, though its value may have been limited as long as there is no inherent ordering for the cipher symbols.
In 2-XI, Porta points out that the cipher disk is equivalent to the following table.
The 1602 edition has a new chapter (4-III) discussing use of a key phrase rather than progressive rotation after enciphering each letter. Porta wisely uses a long key: ORA PRO NOBIS SANCTA DEI GENITRIS.
2-XII describes a way to express the 21 letters of the alphabet with only five letters A, B, C, D, E with a table as follows (corrected). Since the letter P is found at the intersection of column D and row B, it is represented by DB.
If only four letters should be used, "DD" may be used instead of "E." If only three letters should be used, seven columns labelled AA, BB, CC, AB, AC, BC, CB with three columns A, B, C may be used.
Use of three symbols without such combinations is also described. According to the example given in the 1602 edition (4-XVIII), it appears to distinguish the seven positions in each row by the amount of space before the letter (A, B, C), which must be filled with insignificant letters (those other than A, B, C).
Porta was aware that the fewer symbols used, the longer the ciphertext would be. Such an idea is common with the later Francis Bacon's biliteral cipher (see another article).
In a new chapter 5-VI of the 1602 edition, a biliteral cipher with only A, B is presented but it requires representing the plaintext with only eight letters of the alphabet: a, e, r, u, o, i, f, t by replacing the other less frequent letters with these. As with Bacon, Porta was also concerned about avoiding suspicion, for which he proposes writing a word having a number of syllables corresponding to the number of A or B occurring without interruption. For example, if there is a succession of four Bs, some four-syllable word (e.g., "Antonius") is written; if there are three, e.g., "dominus" is written, etc. Subsequent chapters (5-VII to 5-XV) deal with many variants.
2-XIII gives a table for the earliest known digraphic cipher (Kahn p.139), whereby every combination of two letters among A-Z are given its own symbol.
2-XIIII deals with some simple ciphers.
The following forms a symbol with four substitution elements. (4-XX of the 1602 edition gives a further imaginative enciphering.)
Porta sneers pigpen cipher as used by "rustics, women and children" (Kahn p.138)
Porta also mentions what is known as ATBASH (writing Z for A, X for B, V for C, ... P for O.)
He also describes inserting low-frequency letters (HKQXYZ) as nulls.
2-XV discusses an intricate transposition cipher. Porta chose a key phrase "CASTUM FODERAT LUCRETIA PECTUS", to which a barbarous name "ALGAZEL" is appended to make it more difficult to discern. The enciphering with this key proceeds as follows.
First, one letter after another from the key phrase is written under the letters of the plaintext to be enciphered (Post Bello ...) as shown in (1) below. Each key letter indicates a number corresponding to its position in the alphabet (3 for "c", 1 for "a", etc.), as (conceptually) illustrated in (2). The number specifies a place (counting from the letter after the current position) at which the corresponding plaintext letter is to be written. For example, the first number "3" for the key letter "c" indicates the corresponding first plaintext letter "p" should be written at the third place. The second number "1" indicates the next "o" should be written at the first place after it. The third number "17" indicates the third letter "s" should be written at the 17th place after that.
2-XVI describes Porta's famous pairing-based polyalphabetic cipher table. (Such a reciprocal table had been described by Bellaso in 1553 (Wikipedia).)
The top row headed "AB" indicates a pairwise reciprocal transposition. That is, "A" in plaintext is enciphered as "N" and "N" in plaintext is enciphered as "A", and so on. The row to be used is switched according to a key. Porta again uses the key phrase "CASTUM FODERAT LUCRETIA PECTUS ALGAZEL" so the row headed "CD" is used for enciphering the first letter, the row "AB" for the second letter, the row "ST" for the third letter, an so on.
Although the above table is illustrated with the regular alphabet, Porta points out that "The order [of the letters in the tableau] ... may be arranged arbitrarily, provided no letter is omitted." ("ordo ex arbitrio disponatur, modo nullem elementum praeterium sit"; Kahn p.141)
The elements used in Porta's polyalphabetic system were not new. Letter-by-letter progression of the key had been anticipated by Trithemius. A cipher disk with a mixed alphabet had been described by Alberti. An easy-to-remember key had been proposed by Bellaso. Still, David Kahn appreciates that Porta was the first to enunciate "the modern concept of polyalphabeticity" (p.142).
2-XVII appears to describe replacing words with other words.
2-XVIII describes a so-called Cardan grille, a board with openings, which allows a reader to pick up significant letters of the true plaintext among a superficial text.
2-XIX describes Trithemius' Ave Maria cipher, whereby each letter is enciphered as one of many Latin words (and other symbols) specified in a table.
2-XX demonstrates application of five different enciphering schemes successively (to a politically incorrect plaintext "Puellam Hodie Amatam Defloravi", which was replaced in the 1602 edition (5-XXII) by "Civitatem Hodie Desideratam Depopulatas Sum").
Book 3 deals with cryptanalysis.
Porta was the first to mention using "probable words" (words likely to be present in the plaintext) for cryptanalysis (Kahn p.140). For example, if the topic is love, words such as AMOR, COR, IGNIS, etc. might be expected to occur (3-II).
For simple substitution (of Latin plaintext), Porta appears to point out vowels can be easily recognized from their position and consonants can be identified by their frequency.
According to Kahn (p.140), it was the first in Europe to describe solving a monoalphabetic cipher with no word divisions or with false word divisions (3-IX, 3-X). At the time, codebreakers often depended on such word divisions.
It is remarkable that Porta even discussed solution of polyalphabetic ciphers (3-XVI to 3-XXII), which were reputed to be undecipherable until the 19th century. Although his examples were contrived and his methodology is not generally applicable, Kahn highly appreciates his bold attitude (p.142).
Porta's solution assumes clockwise rotation by one place of the movable disk after enciphering each letter, which results in succession of the same symbol in the ciphertext if the plaintext has a sequence of letters in the regular alphabetical order (such as def in deficio or stu in studium). A shrewd reader would have noticed sequences of three identical symbols in the example ciphertexts given in Book 2 above.
The 1602 edition has a new chapter 4-XVII dealing with solution of a polyalphabetic cipher with a standard alphabet but with a literal key (rather than progressive switching) (Kahn p.142, citing Charles J. Mendelsohn, "The Earliest Solution of a Multiple Alphabet Cipher Written with the Use of a Key"). In this variant, succession of the same letter in the ciphertext indicates that the corresponding letters in the key are consecutive in alphabetical order and those in the plaintext are consecutive in reverse alphabetical order. At one point, Porta went very close to a general solution: "Since there are ... 51 letters between the first three MMM and the same three letters repeated in the thirteenth word, I conclude that the key has been given three times and decide correctly that it consists of 17 letters." With hindsight, Porta needed only to notice that repetition of any particular pattern rather than the succession of identical symbols could be used to determine the length of the key to arrive at what is known today as Kasiski's method.
Specifically, the ciphertext (contrived by Porta to be decipherable) is as follows.
The distance between the first "MMM" and the second "MMM" is 51(=17*3) and that between the second "MMM" and "LLL" is 17, which suggests the key has 17 letters. If so, the occurrence of "CCCC" suggests the corresponding key letters might also be consecutive in alphabetical order. Porta then tries key phrases satisfying these conditions, "STUDENS SIC DEFICIO", "STUDIUM SIC DEFICIO", "STUDIUM HIC DEFICIT", the last of which reveals the plaintext as follows.
Book 4 provides characteristics of Latin that may be helpful in codebreaking.
For example, Table 3 is a list of three-letter words (including inflected forms and possibly word elements) in VVV, VVC, CCV, VCC, CVV, VCV, CVC (V: vowel, C: consonant). Table 4 is a similar list of four-letter words.
The following table appears to help identifying word divisions by providing examples of consecutive vowels etc.: "tibi ijsdem", "Tiberij ij", "eoo oone", "tu vuula."
There follows tables of words with characteristic letter arrangement patterns: abbassarsi, accurro, ..., followed by division of consecutive consonants: "urbs phtisis", ....
There are also tables of words including consecutive two letters in alphabetical order, etc., presumably to help Porta's technique of polyalphabetic solution.
The 1593 edition includes an appendix including additional information. As one example, Porta quotes other writers' description of scytale and reproduces a drawing from one of them (see above).
There is further a table showing classification of various modes of secret writing/communication over 10 pages, occasionally with references to the chapters in the book. This table was not included in the 1602 edition.
The 1602 edition underwent a major revision of the content. In particular, the original division of Book 2 (enciphering) and Book 3 (cryptanalysis) was abandoned and codebreaking techniques are described right after the relevant enciphering method. It was substantially enlarged with additional techniques and examples. Among others, a solution to a polyalphabetic cipher with a literal key (see above) is described (albeit for rather an artificial example).
Book 1 of the 1602 edition largely corresponds to chapters I to XI of the original Book 1, except for a new chapter (1-XI) dedicated to Polybius' system.
Scytale etc. are moved into new Book 2.
Book 3 is dedicated to transposition and simple substitution ciphers with their solution.
Book 4 deals with cipher disks with their solutions and various other enciphering methods.
Book 5 deals with secret writing without arousing suspicion (steganography).