> (1) polyalphabetic, but with a non-obvious state
> switching mechanism.
The low entropy is a pointer against poly-alphabetic
substitution. Such a cipher would increase it.
This is normally true for randomly chosen keys, but what interests me is
that that the precise opposite can also be constructed, mirroring Claude
Shannon's 1951 paper.
For example: build a set of tables for English that, given the last
character, predicts what the next character is (including space). Sort each
table by generally observed frequency count. For your plaintext, use the
index into these tables as the output stream (ie, emit the "rank" of the
symbol).
This is polyalphabetic (we have 27 substitutions), state driven (we have 27
states), yet the output has a low entropy. No contradiction!
For the VMS, this would give more states than would have been comfortable:
but much the same low-entropy effect can be achieved by careful choice of
states (say 8-12). This is what I'm examining.