Porta Cipher

Giovanbattista della Porta's 6-alphabet reciprocal cipher

Encrypt and decrypt with the Porta cipher, a polyalphabetic scheme from 1563 using reciprocal alphabets keyed by a repeating keyword. Because each alphabet is its own inverse, the same key both encrypts and decrypts. Runs in your browser. It runs free in your browser on Gera Tools, with nothing uploaded.

Last updated Source: Gera Tools

Why is the Porta cipher reciprocal?

Each of its 13 alphabets swaps letters in pairs, so applying the same substitution twice returns the original letter. That means encryption and decryption are the identical operation: feed the ciphertext back in with the same keyword and you get the plaintext.

Giovanbattista della Porta described this cipher in 1563 in his work De Furtivis Literarum Notis, and it was one of the first practical polyalphabetic systems. Its defining trait is that it is reciprocal: there is no separate decrypt mode, because running ciphertext back through with the same keyword restores the plaintext.

Historical context

Porta designed this system as a practical improvement on the simple Caesar cipher. The Vigenere cipher — often credited as the first strong polyalphabetic system — was described around the same period, and the two approaches represent different solutions to the same problem: how to prevent a single-alphabet frequency analysis from breaking your cipher. Porta’s reciprocal alphabets made the system easier to use without tables beyond the single printed square, since there is no distinction between the encryption and decryption operation.

How it works

Porta uses 13 alphabets, one for each pair of key letters (A/B, C/D, … Y/Z). Within every alphabet the first half of the letters (A–M) always maps into the second half (N–Z) and vice versa, with a shift determined by the key-letter pair:

row r = floor((keyLetter - 'A') / 2)        (0..12)
if plaintext index i < 13:  cipher = ((i + r) mod 13) + 13
else:                       cipher = (i - 13 - r) mod 13

Because A–M and N–Z are always exchanged, the function is its own inverse — the same key encrypts and decrypts.

The 13 tableau rows

Each row in the Porta tableau swaps a shifted pair of half-alphabets. Row 0 (for key letters A or B) swaps A↔N, B↔O, C↔P, and so on with no shift. Row 1 (C or D) shifts by one, so A↔O, B↔P, etc. Row 12 (Y or Z) applies the maximum shift. This structure means the ciphertext is always drawn from the second half of the alphabet (N–Z) when the plaintext letter is from the first half (A–M), and vice versa — a property visible to frequency analysis.

Worked example

With the keyword LEMON:

  • L → key pair 5 (K/L), row 5
  • E → key pair 2 (E/F), row 2
  • M → key pair 6 (M/N), row 6
  • O → key pair 7 (O/P), row 7
  • N → key pair 6 (M/N), row 6

The message ATTACK AT DAWN enciphers to SEAUVP PA XTEL (spaces and punctuation pass through). Running SEAUVP PA XTEL back through with keyword LEMON returns ATTACK AT DAWN. No mode switch needed — this is the reciprocal property.

Security notes for modern use

The Porta cipher is a historical cipher and is not secure. Two well-known weaknesses make it straightforward to break:

  1. Repeating key: once an attacker determines the key length (via Kasiski examination or index-of-coincidence analysis), they can treat each key-position independently — each is then a simple 13-alphabet substitution.
  2. Known structure: all ciphertext letters from a plaintext A–M letter are drawn from N–Z, which halves the frequency analysis problem compared to a full 26-letter substitution.

Use this tool for historical study, puzzles, escape rooms, and cipher education. For real confidentiality, use a modern authenticated encryption standard.