mutable gameState = ({
currentLevel: 1,
currentChallenge: 0,
score: 0,
totalCorrect: 0,
totalAttempts: 0,
showHint: false,
showAnswer: false,
userAnswer: ""
})
// Level 1: Classical Ciphers
level1Challenges = [
{
title: "Caesar Cipher Encoding",
instruction: "Encrypt 'HELLO' using a Caesar cipher with shift of 3",
answer: "KHOOR",
hint: "H shifts to K, E shifts to H, L shifts to O...",
explanation: "Caesar cipher shifts each letter by the key value. H->K (+3), E->H (+3), L->O (+3), L->O (+3), O->R (+3).",
points: 100
},
{
title: "Caesar Cipher Decoding",
instruction: "Decrypt 'VHFXUH' using a Caesar cipher with shift of 3",
answer: "SECURE",
hint: "V shifts back to S, H shifts back to E...",
explanation: "To decrypt, shift each letter backward. V->S (-3), H->E (-3), F->C (-3), X->U (-3), U->R (-3), H->E (-3).",
points: 100
},
{
title: "Crack the Cipher",
instruction: "The message 'LRW' was encrypted with an unknown shift. What IoT word is it?",
answer: "IOT",
hint: "Try common IoT words. The shift is between 1-5.",
explanation: "LRW decrypts to IOT with shift of 3. L->I (-3), R->O (-3), W->T (-3).",
points: 150
},
{
title: "XOR Basics",
instruction: "If 'A' (ASCII 65) is XORed with key 42, what decimal value results?",
answer: "107",
hint: "65 XOR 42 = ? (01000001 XOR 00101010)",
explanation: "65 XOR 42 = 107. XOR is reversible: 107 XOR 42 = 65. This is the foundation of AES!",
points: 150
},
{
title: "Pattern Analysis",
instruction: "In ciphertext 'WKLV LV VHFUHW', what does repeated 'LV' likely represent?",
answer: "IS",
hint: "LV appears twice. What 2-letter word commonly repeats?",
explanation: "Pattern: 'IS' is common. Full decode: 'THIS IS SECRET'. This is why substitution ciphers are weak.",
points: 100
}
]
// Level 2: Symmetric Encryption
level2Challenges = [
{
title: "ECB Mode Vulnerability",
instruction: "An ECB-encrypted image shows penguin outlines. Which option explains why?",
options: ["Key too short", "Identical blocks produce identical ciphertext", "Image corrupted", "Weak encryption"],
answer: 1,
hint: "What happens when many pixels have the same color values?",
explanation: "ECB encrypts each block independently. Identical plaintext blocks create identical ciphertext, revealing patterns.",
points: 200
},
{
title: "CBC Mode Security",
instruction: "In CBC mode, what must be random and unique for each message?",
options: ["Encryption key", "Block size", "Initialization Vector (IV)", "Padding scheme"],
answer: 2,
hint: "The first block has no previous ciphertext to XOR with...",
explanation: "The IV provides randomness for the first block. Same plaintext + same key + different IV = different ciphertext.",
points: 200
},
{
title: "AES Key Strength",
instruction: "How many possible keys exist for AES-128?",
options: ["128 keys", "256 keys", "2^128 keys (about 3.4 x 10^38)", "2^256 keys"],
answer: 2,
hint: "The '128' in AES-128 refers to the key length in bits...",
explanation: "2^128 possible keys = 340,282,366,920,938,463,463,374,607,431,768,211,456. Would take trillions of years to brute-force.",
points: 150
},
{
title: "Authenticated Encryption",
instruction: "What does AES-GCM provide that AES-CBC doesn't?",
options: ["Faster speed", "Smaller ciphertext", "Built-in integrity verification", "Quantum resistance"],
answer: 2,
hint: "GCM produces an authentication tag that verifies...",
explanation: "AES-GCM detects ANY tampering via its authentication tag. CBC only provides confidentiality.",
points: 200
},
{
title: "Key Derivation",
instruction: "Why use PBKDF2 instead of directly using a password as an AES key?",
options: ["Passwords are always 128 bits", "KDFs slow down brute-force attacks", "AES needs numeric keys", "Passwords have illegal chars"],
answer: 1,
hint: "Attackers can guess millions of passwords per second...",
explanation: "KDFs apply thousands of iterations, making each password guess expensive. Buys time against brute-force.",
points: 200
}
]
// Level 3: Asymmetric Encryption
level3Challenges = [
{
title: "Public Key Usage",
instruction: "Which key should an IoT sensor use to encrypt data for a cloud server?",
options: ["Sensor's private key", "Sensor's public key", "Server's public key", "Server's private key"],
answer: 2,
hint: "Anyone can encrypt with a public key, but only private key holder can decrypt...",
explanation: "Encrypt with SERVER'S PUBLIC key. Only the server (with private key) can decrypt.",
points: 250
},
{
title: "Digital Signatures",
instruction: "To sign a firmware update, the manufacturer should use:",
options: ["Device's public key", "Manufacturer's public key", "Manufacturer's private key", "Shared symmetric key"],
answer: 2,
hint: "Only one entity should be able to create valid signatures...",
explanation: "Sign with PRIVATE key, verify with PUBLIC key. Only manufacturer can sign; everyone can verify.",
points: 250
},
{
title: "Signature Verification",
instruction: "After computing firmware hash and decrypting signature, what should the device compare?",
options: ["Original firmware and signature", "Computed hash and decrypted signature hash", "Public and private keys", "Firmware size"],
answer: 1,
hint: "Signatures are created by encrypting a HASH...",
explanation: "Compare computed hash with decrypted hash from signature. If they match, firmware is authentic.",
points: 300
},
{
title: "Diffie-Hellman Security",
instruction: "An eavesdropper sees the public values A and B. Can they compute the shared secret?",
options: ["Yes, by multiplying values", "Yes, by solving equation", "No, discrete log is hard", "No, values are encrypted"],
answer: 2,
hint: "Computing 'a' from g^a mod p is the discrete logarithm problem...",
explanation: "Discrete logarithm is computationally infeasible for large primes. Eavesdropper cannot compute shared secret.",
points: 300
},
{
title: "Hybrid Encryption",
instruction: "Why does TLS use RSA for key exchange, then switch to AES for data?",
options: ["RSA is more secure", "AES can't encrypt large data", "RSA is slow; AES needs secure key exchange", "AES keys expire"],
answer: 2,
hint: "RSA is 100-1000x slower than AES...",
explanation: "RSA solves key distribution. AES is fast for bulk data. TLS uses both: asymmetric for handshake, symmetric for data.",
points: 300
},
{
title: "Hash Properties",
instruction: "If you change ONE bit of a 1GB file, what happens to the SHA-256 hash?",
options: ["Only 1 bit changes", "About half bits change (avalanche)", "Hash stays same", "Hash becomes invalid"],
answer: 1,
hint: "Good hash functions have the 'avalanche effect'...",
explanation: "Avalanche effect: tiny input change causes ~50% of bits to flip. Any modification is detectable.",
points: 250
}
]
allChallenges = ({1: level1Challenges, 2: level2Challenges, 3: level3Challenges})
levelNames = ({1: "Classical Ciphers", 2: "Symmetric Encryption", 3: "Asymmetric Encryption"})