Trithemius Cipher

Encode and decode the Trithemius cipher, the first polyalphabetic cipher, published by the German abbot Johannes Trithemius in 1508. It shifts the first letter by 0, the second by 1, the third by 2, and so on — a steadily climbing shift with no key. Switch between encode and decode and watch the working build live. Everything runs in your browser.

The Trithemius cipher is keyless: the shift schedule is always 0, 1, 2, 3, … so there is nothing to enter but your text. Anyone who knows the method can decode it — just switch to Decode and paste the ciphertext.

Plaintext

Ciphertext

Enter text above to see the Trithemius result here.

How to use Trithemius Cipher

1
Choose encode or decode
Pick Encode to turn plaintext into Trithemius ciphertext, or Decode to recover the plaintext from ciphertext. Because the cipher is keyless, the direction is the only setting you need to choose.
2
Type or paste your text
Enter the message you want to convert. The cipher runs automatically as you type, applying the climbing shift 0, 1, 2, 3, … to each letter in turn.
3
Watch the working
Open the letter-by-letter working to see the shift applied at every position and the letter it produces. The shift grows by one at each letter and resets after 26 letters.

4
Read, copy, and share
Read the result, then copy it, download it as a text file, or share a link that reopens the tool with your exact direction and text. Everything stays in your browser.

Understanding the Trithemius Cipher

What is the Trithemius cipher?

The Trithemius cipher is widely regarded as the first polyalphabetic substitution cipher. It was published by the German Benedictine abbot Johannes Trithemius in his Polygraphiae libri sex of 1508, the earliest printed book on cryptography. Instead of shifting every letter by the same amount, as a Caesar cipher does, the Trithemius cipher shifts each letter by a steadily increasing amount: the first letter moves by 0, the second by 1, the third by 2, and so on through the message. Because the shift changes at every position, a single plaintext letter can become many different ciphertext letters, which hides the letter-frequency pattern that breaks a simple shift cipher.

What makes the Trithemius cipher unusual among polyalphabetic ciphers is that it has no key. The schedule of shifts 0, 1, 2, 3, … is fixed and public, so there is no secret word or number to agree on — anyone who knows the method can read the message. That is also its weakness, but historically the idea was revolutionary: it introduced the tabula recta, the square of shifted alphabets that the Vigenère cipher would later borrow and combine with a secret keyword.

How the Trithemius cipher works

Number the alphabet from A as 0 to Z as 25. Walk along the message and keep a counter that starts at 0 and goes up by one at every letter. To encrypt, add the counter to the letter and wrap around the alphabet with a remainder by 26, so the ciphertext letter is C = (P + i) mod 26, where i is the letter's position. To decrypt you subtract the same counter instead, P = (C − i) mod 26, which undoes the shift and returns the original letter.

Only the 26 letters are shifted. Spaces, punctuation, digits, and other characters pass straight through and do not advance the counter, so the climbing shift stays lined up with the letters that matter. Letter case is preserved. Because the shift is taken with a remainder by 26, the schedule repeats every 26 letters: the twenty-seventh letter is shifted by 0 again, the twenty-eighth by 1, and so on. That makes the Trithemius cipher identical to a Vigenère cipher whose keyword is the whole alphabet, ABCDEFGHIJKLMNOPQRSTUVWXYZ.

Worked example

Encrypt the message HELLO. The five letters sit at positions 0, 1, 2, 3, and 4, so the shifts are 0, 1, 2, 3, and 4. Adding each shift gives H plus 0 is H, E plus 1 is F, L plus 2 is N, L plus 3 is O, and O plus 4 is S. The ciphertext is HFNOS. Notice that the two L's became different letters, N and O, because they sit at different positions — exactly what a fixed Caesar shift could never do.

To decrypt HFNOS, subtract the same climbing shifts. H minus 0 is H, F minus 1 is E, N minus 2 is L, O minus 3 is L, and S minus 4 is O, which spells HELLO again. The encode and decode steps are mirror images of each other, and because the schedule of shifts is fixed, the receiver needs nothing but the knowledge that it is a Trithemius cipher.

The tabula recta

Trithemius presented his cipher with a tabula recta, Latin for straight table: a 26 by 26 grid in which the first row is the plain alphabet, the second row is the alphabet shifted by one, the third row shifted by two, and so on down to a shift of twenty-five. To encipher the first letter you read it from the first row, the second letter from the second row, the third from the third row, stepping down one row for each successive letter of the message.

This table is the lasting contribution of the Trithemius cipher. A few decades later Giovan Battista Bellaso, and then the Vigenère cipher that took his name, kept the same tabula recta but chose the row with a secret keyword instead of stepping through the rows in fixed order. The Trithemius cipher is therefore the direct ancestor of the whole family of keyword tableau ciphers, including Vigenère, Beaufort, and Gronsfeld.

Trithemius, Vigenère, and the progressive key

It helps to line up the Trithemius cipher with its descendants. The Vigenère cipher adds a repeating keyword to the message, C = (P + K) mod 26, where each key letter supplies a shift from 0 to 25. The Trithemius cipher is the special case where that keyword is the entire alphabet in order, so the shifts are simply 0, 1, 2, 3, …, 25 and then repeat. In other words, Trithemius is Vigenère keyed by ABCDEFGHIJKLMNOPQRSTUVWXYZ.

This is why the Trithemius cipher is sometimes called a progressive-key cipher: the shift advances by one at every step instead of being chosen by a secret. The price of having no key is that there is no secret at all, so the cipher protects a message only against someone who does not recognise the method. Adding a secret keyword, as Bellaso and Vigenère did, is exactly the step that turned this teaching idea into a cipher that resisted analysis for three centuries.

How to break the Trithemius cipher

Breaking the Trithemius cipher is trivial, because there is nothing secret to recover. The shift schedule 0, 1, 2, 3, … is public, so anyone who suspects a Trithemius cipher can simply subtract the climbing shift and read the message immediately. There is no key length to find and no key to guess; recognising the cipher is the same as breaking it.

Even an analyst who does not know the method has an easy time. The fixed schedule means the first letter is unshifted, so it often gives the cipher away, and trying a small handful of starting offsets quickly reveals readable text. This is very different from Vigenère, where the secret keyword forces an attacker through the Kasiski examination and the index of coincidence. The Trithemius cipher is best thought of as the educational skeleton on which those stronger, keyed ciphers were later built.

Is the Trithemius cipher secure?

No. The Trithemius cipher offers no security whatsoever, because it has no key — its whole method is public, so anyone who recognises it can read the message at once. Even by the standards of other historical hand ciphers it is purely a teaching device, valuable for showing how a polyalphabetic shift works rather than for hiding anything.

Today the Trithemius cipher is enjoyed for learning and for fun. It is the clearest possible introduction to the tabula recta and to the progressive-shift idea behind Vigenère, and it appears in puzzles, escape rooms, and capture-the-flag challenges as a gentle first polyalphabetic cipher. For protecting real information you should rely on modern, well-tested algorithms such as AES instead.

Frequently asked questions

What is the Trithemius cipher?

The Trithemius cipher is the first polyalphabetic substitution cipher, published by the German abbot Johannes Trithemius in 1508. It shifts each letter by a steadily increasing amount — the first by 0, the second by 1, the third by 2, and so on — using the tabula recta he introduced. It has no key, which makes it the keyless ancestor of the Vigenère cipher.

How does the Trithemius cipher work?

Number the alphabet from A as 0 to Z as 25 and keep a counter that starts at 0 and rises by one at every letter. To encrypt, add the counter to the letter modulo 26: C = (P + i) mod 26. To decrypt, subtract instead: P = (C − i) mod 26. Only letters are shifted; spaces, digits, and punctuation pass through and do not advance the counter.

Does the Trithemius cipher need a key?

No. The Trithemius cipher is keyless: the schedule of shifts 0, 1, 2, 3, … is fixed and public, so there is nothing to enter but your text. This is the cipher's defining feature and also its weakness, because anyone who recognises the method can decode the message without any secret.

Can you show a Trithemius cipher example?

Encrypting HELLO gives HFNOS. The letters sit at positions 0 to 4, so the shifts are 0, 1, 2, 3, 4: H plus 0 is H, E plus 1 is F, L plus 2 is N, L plus 3 is O, and O plus 4 is S. The two L's become different letters because they sit at different positions. Decrypting HFNOS with the same climbing shifts returns HELLO.

How is Trithemius different from the Vigenère cipher?

The Trithemius cipher is the special case of Vigenère whose keyword is the whole alphabet in order, so the shifts are simply 0, 1, 2, 3, … and then repeat. Vigenère replaces that fixed schedule with a secret keyword, which is what gives it real strength. In short, Trithemius is Vigenère keyed by ABCDEFGHIJKLMNOPQRSTUVWXYZ.

How is Trithemius different from the Caesar cipher?

A Caesar cipher shifts every letter by the same fixed amount, so it is monoalphabetic and the same plaintext letter always maps to the same ciphertext letter. The Trithemius cipher increases the shift by one at every position, so it is polyalphabetic: the same plaintext letter usually becomes a different ciphertext letter depending on where it appears.

What is the tabula recta?

The tabula recta is a 26 by 26 grid of alphabets that Trithemius introduced, where each row is the alphabet shifted one place further than the row above. To encipher, you read the first letter from the first row, the second from the second row, and so on. The Vigenère cipher later kept the same table but picked rows with a secret keyword.

How do I decode a Trithemius cipher?

Switch the tool to Decode and paste the ciphertext. Because the cipher is keyless, no key is needed — the tool subtracts the climbing shift 0, 1, 2, 3, … to recover the plaintext. Recognising that a message is a Trithemius cipher is all anyone needs to read it.

Does the cipher change spaces and punctuation?

No. Only the 26 letters are shifted. Spaces, punctuation, and digits pass through unchanged, and they do not advance the position counter, so the climbing shift stays aligned with the letters. Letter case is preserved, so the output keeps the shape of your original text.

What happens to the shift after 26 letters?

Because the shift is taken with a remainder by 26, it wraps around. The twenty-seventh letter is shifted by 0 again, the twenty-eighth by 1, and so on, repeating the schedule. This is exactly why the Trithemius cipher equals a Vigenère cipher keyed by the full 26-letter alphabet.

Is the Trithemius cipher secure?

No. The Trithemius cipher offers no security at all, because it has no key and its method is public. Anyone who recognises it can read the message immediately. It is best treated as an educational and puzzle cipher and a piece of cryptographic history. For genuine protection, use a modern algorithm such as AES instead.

Is my text uploaded to a server?

No. All encoding and decoding happen entirely in your browser, so your text is never uploaded, logged, or stored. Even a share link keeps your data in the part of the URL after the hash, which browsers never send to a server, so it stays private until you choose to share it.

Related tools

Keep going with these handy tools

Beaufort Cipher

Gronsfeld Cipher

Porta Cipher

Vigenère Cipher

Autokey Cipher

Running Key Cipher