After Arab scholars discovered that the individual letters in the plaintexts of natural languages occur with quite characteristic relative frequencies, Abu-Yusuf Ya’qub ibn Ishaq al-Kindi (800 – 873) succeeded in deciphering cryptograms encoded with simple monoalphabetic substitutions.
Therefore, when this cryptanalytic method became widely known, attempts were made to use ciphers that blurred these relative frequencies in the ciphertext. One means for this were the homophones (Greek: homos = equal, phone = sound).
This means different characters in the ciphertext alphabet, which all represent the same character (the same “sound”) in the plaintext alphabet. Since however naturally still for the uniqueness of the decoding, to each ciphertext character at most one plaintext character may be assigned, then the ciphertext alphabet must be inevitably more extensive than the plaintext alphabet.
The earliest use of homophones has been handed down by Simeone de Crema in Mantua in 1401.
A more modern variant assigns one or more two-digit numbers from 00 to 99 to each plaintext letter A – Z of the Latin alphabet according to the frequency distribution.
The following example of such an encryption table with homophones can be found in Singh, Geheime Botschaften, p. 74, using the frequencies of plaintext letters in German.