I thought I might mention one important law in cryptography before moving on to polyalphabetic encryption.

Kerckhoffs' principal states that a cryptosystem should be secure even if the algorithm for encryption/decryption and everything about the system except the key is made public.

This means that if I tell you that the message below was encrypted using a Caesar cipher, you would not be able to decrypt it because you do not know the key.

"QKXIQNULLY VXOTIOVRK YGEY ZNGZ ZNK IGKYGX IOVNKX OY TUZ YKIAXK."

This is obviously false because even without knowing the key, by trying all possible keys we can reveal that the message is:

"KERCKHOFFS PRINCIPLE SAYS THAT THE CAESAR CIPHER IS NOT SECURE."

Because we are also able to decrypt a message encrypted with a substitution cipher without knowing the key, Kerckhoff says that the monoalphabetic substitution cipher is not secure.

Kerckhoff also had five other rules regarding cryptosystems:

1. The system must be practically, if not mathematically, indecipherable;
2. It must not be required to be secret, and it must be able to fall into the hands of the enemy without inconvenience;
3. Its key must be communicable and retainable without the help of written notes, and changeable or modifiable at the will of the correspondents;
4. It must be applicable to telegraphic correspondence;
5. It must be portable, and its usage and function must not require the concourse of several people;
6. Finally, it is necessary, given the circumstances that command its application, that the system be easy to use, requiring neither mental strain nor the knowledge of a long series of rules to observe.

The last rule does not really apply in the modern age of computers and programming, but Kerckhoff wrote these for military ciphers, and during a war-time setting there is the possibility of not having access to computers.