Information Systems and Network Security

Stefano Leucci
Academic Year 2025/2026

Schedule

• Thursday 16:30 - 18:30. Room C1.16
• Friday 16:30 - 18:30. Room A1.2.

Office hours: Thursday 14:30 - 16:30. Please send me an email or ask before/after the lectures.

Lectures and Material

Lecture 1: Introduction

Basic information about the course: schedule, prerequisites, course program, textbooks, and exams.

Modelling communication through an insecure channel. The Confidentiality, Authentication, and Integrity properties.

An overview of some advanced applications of cryptography (informal): Secret Sharing (t-out-of-n threshold secret-sharing schemes), secure multiparty computation, zero knowledge protocols.

Types of cryptography, the private-key (symmetric) and the public-key (asymmetric) settings. Formal definition of a private-key encryption scheme. Security through obscurity and Kerckhoffs’ principle.

Material

• Sections 1.1 and 1.2 of [KL].
• Slides of the lecture.

Lectures 2: Historic Ciphers

Caesar cipher and shift ciphers: encrypting and decrypting messages, formal definition and correctness of the encryption scheme. Breaking shift ciphers: bruteforce attacks. The sufficient key-space principle.

Monoalphabetic substitution ciphers: encrypting and decrypting messages. Security: the sufficient key-space principle not a sufficient condition for security, breaking the cipher once a small part of the plaintext is known, guessing the initial part of the plaintext with frequency analysis.

The Vigenère cipher: encrypting and decrypting messages, the tabula recta. Security: splitting the ciphertext into multiple ciphertext with the same shift, recovering the key length (bruteforce, Kasiski’s method, the index of coincidence method), recovering the plaintext by breaking the shift ciphers.

The scytale cipher: encrypting, decrypting, and breaking the cypher using a tapering cone. The scytale cipher as a special type of transposition cipher.
Regular and irregular columnar transposition ciphers, double (irregular) transposition ciphers. Weaknesses of transposition ciphers.

Material

• A discussion of the Ceasar cipher, the shift cipher, and the Vigenère cipher can be found in Section 1.3 of [KL].
• Slides of the lecture.

Additional Material

• Can you break this interactive substitution cipher and recover the encrypted quote? (click to open)

  A symbol can be replaced with your guessed character (a-z, 0-9, and space) by clicking on it and typing.
  All letters will turn green upon successful decryption.
• What about this (harder) one? (click to open)

  A symbol can be replaced with your guessed character (a-z, 0-9, and space) by clicking on it and typing.
  All letters will turn green upon successful decryption.
• A paper discussing how Zodiac's Z340 cipher has been broken and a Youtube video recounting the story.

Lecture 3: Defining Security, Perfect Secrecy

Ingredients of a security definition: security guarantee and threat model. Common threat models (Ciphertext-only attacks, Known-plaintext attacks, Chosen-plaintext attacks, Chosen-ciphertext attacks) and real-word scenarios in which these attacks can be carried out.

Security Guarantees: several informal attempts at a good definition and counterexamples, Shannon's treatment and his definition of Perfect secrecy, an alternative definition of perfect secrecy (with proof of equivalence). Proving that shift ciphers are not perfectly secret (using both definitions). A third definition based on a perfect indistinguishability experiment. Equivalence of the three definitions (with proof). Proving that the Vigenère cipher is not perfectly indistinguishable.

Material

• Sections 1.4.1 and 2.1 of [KL].
• Slides of the lecture.

Lecture 4: Breaking Historic Ciphers (Demo)

A practical demonstration of how the shift and Vigenère ciphers can be broken using brute force and the index of coincidence method.

Material

• Two challenge ciphertexts. Can you decrypt them and recover the corresponding key? first ciphertext, second ciphertext.
• A Jupyter notebook demonstrating how to break shift and Vigenère ciphers.

References

• [KL]: Jonathan Katz, Yehuda Lindell. Introduction to Modern Cryptography, 3rd edition. CRC Press. ISBN: 978-0815354369.
• [S]: Nigel P. Smart. Cryptography Made Simple. Springer. ISBN: 978-3319219356.
• [G]: Oded Goldreich. Foundations of Cryptography: Volume 1, Basic Tools. Cambridge University Press. ISBN: 978-0521035361.
• [PS]: Rafael Pass and Abhi Shelat. A Course in Cryptography (3rd ed.)