Authors:
Abhishek S. Poojary, Sreeja Rajesh
Addresses:
Department of Information Science and Engineering, Mangalore Institute of Technology and Engineering, Moodbidri, Mangaluru, Karnataka, India.
Knowing how an algorithm works does not tell you when it will fail. This mismatch between theoretical correctness and practical security judgment is a persistent problem in cryptography instruction, and existing tools address it inconsistently. CipherX is a web-based platform that aims to help students learn these concepts more effectively by working through real attacks rather than just reading about them. Students run equivalent-key, related-key, and avalanche-effect experiments on TEA and AES implementations, observe the outputs, and answer structured questions connecting what they see to the underlying mathematics. TEA and AES were chosen because their security properties differ sharply: TEA's equivalent-key weakness is real and reproducible in an undergraduate lab setting, while AES provides a direct contrast that shows what a carefully designed key schedule achieves. A controlled classroom study with 59 undergraduate students found normalized learning gains of g = 0.62 for CipherX, g = 0.31 for traditional lectures, and g = 0.40 for CrypTool (p < 0.001, d = 1.15). The gains held on transfer questions covering unfamiliar scenarios; students appear to have developed a genuine understanding rather than session-specific recall. Platform code, test instruments, scoring rubrics, and raw data are openly available.
Keywords: Cryptography Education; Advanced Encryption Standard; Cryptographic Attacks; Web-Based Learning; Tiny Encryption Algorithm; Cryptographic Failures.
Received on: 15/05/2025, Revised on: 22/07/2025, Accepted on: 25/09/2025, Published on: 07/03/2026
DOI: 10.69888/FTSIS.2026.000665
FMDB Transactions on Sustainable Intelligence and Security, 2026 Vol. 1 No. 1, Pages: 12-28