topic_data_batch1.md.resolved

# Topic JSON Data — Batch 1, 2, 3

Paste the JSON below into `/admin/topics/editor` for each topic in order.

---

## 1. Number Theory Basics
**Slug:** `number-theory-basics` | **Category:** `classical` | **Difficulty:** 1 | **XP:** 15 | **Prerequisites:** none

```json
{
  "summary": "Number theory is the branch of mathematics dealing with integers and their properties. In cryptography, concepts like modular arithmetic, prime numbers, and divisibility form the mathematical backbone of nearly every modern encryption system. Understanding these fundamentals is essential before studying any cipher.",
  "math_explanation": "Modular arithmetic: a ≡ b (mod n) means n divides (a - b). Key operations: (a + b) mod n, (a × b) mod n. Prime: p is prime if divisible only by 1 and p. GCD(a,b) via Euclidean Algorithm: GCD(a,b) = GCD(b, a mod b).",
  "visual_type": "none",
  "security_notes": "Number theory alone provides no security — it is the mathematical language used to construct secure systems. Weak prime selection or small moduli in real systems are catastrophic vulnerabilities.",
  "use_cases": ["Foundation for RSA and Diffie-Hellman", "Modular arithmetic in AES S-box design", "Prime generation in all PKI systems"],
  "historical_context": "Carl Friedrich Gauss formalized modular arithmetic in Disquisitiones Arithmeticae (1801). Fermat's Little Theorem (1640) and Euler's Totient Theorem are cornerstones used in RSA key generation.",
  "steps": [
    { "order": 1, "name": "Modular Arithmetic", "description": "The clock analogy: numbers wrap around after reaching n. 17 mod 5 = 2 (same as 2 o'clock after 17 hours).", "formula": "a \\mod n = r \\text{ where } 0 \\le r < n", "state_representation": "17 mod 5 = 2" },
    { "order": 2, "name": "Prime Numbers", "description": "A prime p has exactly two divisors: 1 and itself. Every integer factors uniquely into primes (Fundamental Theorem of Arithmetic).", "state_representation": "Primes: 2, 3, 5, 7, 11, 13, 17..." },
    { "order": 3, "name": "GCD via Euclidean Algorithm", "description": "Repeatedly replace (a, b) with (b, a mod b) until b = 0. The last non-zero remainder is GCD(a, b).", "formula": "\\gcd(a, b) = \\gcd(b,\\, a \\mod b)", "state_representation": "GCD(48,18): (48,18)→(18,12)→(12,6)→(6,0) → GCD=6" },
    { "order": 4, "name": "Euler's Totient φ(n)", "description": "φ(n) counts integers from 1 to n coprime to n. For prime p: φ(p) = p-1. For n=pq: φ(n)=(p-1)(q-1).", "formula": "\\varphi(p) = p - 1", "state_representation": "φ(7)=6, φ(15)=φ(3)×φ(5)=2×4=8" },
    { "order": 5, "name": "Modular Inverse", "description": "The inverse of a mod n is x such that a×x ≡ 1 (mod n). Exists only when GCD(a,n)=1. Found via Extended Euclidean Algorithm.", "formula": "a \\cdot a^{-1} \\equiv 1 \\pmod{n}", "state_representation": "3⁻¹ mod 7 = 5 (since 3×5=15≡1 mod 7)" }
  ],
  "example": {
    "input": "a=17, n=5",
    "output": "17 mod 5 = 2",
    "step_outputs": [
      { "step": 1, "value": "17 = 3×5 + 2 → remainder = 2" },
      { "step": 2, "value": "GCD(48,18) = 6" },
      { "step": 3, "value": "φ(15) = 8" },
      { "step": 4, "value": "3⁻¹ mod 7 = 5" },
      { "step": 5, "value": "All results via modular arithmetic" }
    ]
  }
}
```

---

## 2. Information Theory
**Slug:** `information-theory` | **Category:** `classical` | **Difficulty:** 1 | **XP:** 15 | **Prerequisites:** none

```json
{
  "summary": "Information theory, founded by Claude Shannon in 1948, provides mathematical tools to measure, store, and transmit information. In cryptography, Shannon's concepts of entropy, perfect secrecy, and confusion/diffusion are the theoretical standards against which all ciphers are measured.",
  "math_explanation": "Shannon entropy: H(X) = -Σ p(x) log₂ p(x). Perfect secrecy: P(M|C) = P(M) — the ciphertext reveals nothing about the plaintext. Redundancy = 1 - H(language)/log₂(alphabet size). English redundancy ≈ 75%.",
  "visual_type": "none",
  "security_notes": "High entropy sources are mandatory for cryptographic keys. Low-entropy keys (e.g., dictionary words) are trivially brute-forced. Pseudo-random number generators must be cryptographically secure (CSPRNG) to avoid entropy collapse.",
  "use_cases": ["Key entropy measurement", "Password strength estimation", "Side-channel attack analysis", "Data compression foundations"],
  "historical_context": "Claude Shannon's 'A Mathematical Theory of Communication' (1948) and 'Communication Theory of Secrecy Systems' (1949) unified information theory and cryptography. His proof that the One-Time Pad achieves perfect secrecy was a landmark result.",
  "steps": [
    { "order": 1, "name": "Define Information", "description": "The information content of an event x is how surprising it is. Rare events carry more information.", "formula": "I(x) = -\\log_2 p(x)", "state_representation": "P(heads)=0.5 → I = 1 bit; P(1/256)=8 bits" },
    { "order": 2, "name": "Shannon Entropy", "description": "Entropy H(X) is the average information content — the expected surprise across all outcomes.", "formula": "H(X) = -\\sum_x p(x) \\log_2 p(x)", "state_representation": "Fair coin: H = -(0.5 log 0.5 + 0.5 log 0.5) = 1 bit" },
    { "order": 3, "name": "Perfect Secrecy", "description": "A cipher has perfect secrecy if the ciphertext gives zero information about the plaintext. Knowing C gives no advantage.", "formula": "P(M \\mid C) = P(M) \\text{ for all } M, C", "state_representation": "One-Time Pad achieves perfect secrecy" },
    { "order": 4, "name": "Confusion and Diffusion", "description": "Confusion: hide relationship between key and ciphertext (substitution). Diffusion: spread plaintext influence over many ciphertext bits (permutation).", "state_representation": "AES uses both: S-box (confusion) + ShiftRows/MixColumns (diffusion)" }
  ],
  "example": {
    "input": "Fair coin flip",
    "output": "Entropy = 1 bit",
    "step_outputs": [
      { "step": 1, "value": "P(H)=0.5 → I(H) = 1 bit" },
      { "step": 2, "value": "H = -(0.5 log 0.5 × 2) = 1 bit" },
      { "step": 3, "value": "Message and key equally likely → perfect secrecy possible" },
      { "step": 4, "value": "256-bit random key → H = 256 bits entropy" }
    ]
  }
}
```

---

## 3. Caesar Cipher
**Slug:** `caesar-cipher` | **Category:** `classical` | **Difficulty:** 1 | **XP:** 20 | **Prerequisites:** Number Theory Basics

```json
{
  "summary": "The Caesar Cipher is one of the oldest encryption techniques, used by Julius Caesar around 50 BCE. Each letter is shifted a fixed number of positions down the alphabet. Despite its historical importance, it provides zero modern security — only 25 possible keys exist, making brute force instantaneous.",
  "math_explanation": "Encryption: E(x) = (x + k) mod 26. Decryption: D(x) = (x - k + 26) mod 26. Where x is the letter position (A=0, Z=25) and k is the secret shift.",
  "visual_type": "substitution_table",
  "security_notes": "Only 25 possible keys — brute force takes milliseconds. Also trivially broken by frequency analysis since 'E' is the most common English letter. Never use in any real application.",
  "use_cases": ["Historical military communication (Julius Caesar)", "ROT13 (Caesar with k=13) used in online forums", "Teaching foundational substitution concepts"],
  "historical_context": "Julius Caesar used a shift of 3 to communicate with his generals, documented by Suetonius around 121 AD. Augustus Caesar used a shift of 1, and didn't wrap around — he would just write nothing for letters near the end of the alphabet.",
  "steps": [
    { "order": 1, "name": "Choose shift key k", "description": "Select k between 1-25. This is the only secret.", "formula": "k \\in \\{1, ..., 25\\}", "state_representation": "k = 3" },
    { "order": 2, "name": "Convert letters to numbers", "description": "Map each letter: A=0, B=1, ..., Z=25.", "state_representation": "H=7, E=4, L=11, L=11, O=14" },
    { "order": 3, "name": "Apply shift mod 26", "description": "Add k to each value, wrap around using mod 26.", "formula": "E(x) = (x + k) \\mod 26", "state_representation": "(7+3)%26=10=K, (4+3)%26=7=H, (11+3)%26=14=O..." },
    { "order": 4, "name": "Convert back to letters", "description": "Map resulting numbers back to letters to get ciphertext.", "state_representation": "KHOOR" }
  ],
  "example": {
    "input": "HELLO", "key": "3", "output": "KHOOR",
    "step_outputs": [
      { "step": 1, "value": "k = 3" },
      { "step": 2, "value": "H=7, E=4, L=11, L=11, O=14" },
      { "step": 3, "value": "10, 7, 14, 14, 17" },
      { "step": 4, "value": "KHOOR" }
    ]
  }
}
```

---

## 4. Vigenere Cipher
**Slug:** `vigenere-cipher` | **Category:** `classical` | **Difficulty:** 2 | **XP:** 25 | **Prerequisites:** Caesar Cipher

```json
{
  "summary": "The Vigenere Cipher extends the Caesar Cipher using a repeating keyword instead of a fixed shift. For 300 years it was called 'le chiffre indéchiffrable'. It was finally broken by Charles Babbage using the Kasiski test, which exploits the repeated keyword to determine key length and reduce the problem to multiple Caesar ciphers.",
  "math_explanation": "Encryption: E(Pi) = (Pi + K[i mod m]) mod 26. Decryption: D(Ci) = (Ci - K[i mod m] + 26) mod 26. Where m is keyword length, Pi is plaintext character i, K[j] is the j-th keyword character.",
  "visual_type": "substitution_table",
  "security_notes": "Broken by Kasiski test (find repeated ciphertext patterns → determine key length) and Index of Coincidence analysis. With a key equal in length to the message used only once, it becomes an unbreakable One-Time Pad.",
  "use_cases": ["Historical diplomatic communications", "Teaching polyalphabetic ciphers", "Conceptual bridge to stream ciphers"],
  "historical_context": "Described by Giovan Bellaso in 1553, misattributed to Blaise de Vigenere. Called unbreakable for 300 years. Broken by Charles Babbage around 1854 (unpublished) and Friedrich Kasiski in 1863.",
  "steps": [
    { "order": 1, "name": "Choose keyword", "description": "Select a secret keyword to use as the repeating key.", "state_representation": "keyword = KEY" },
    { "order": 2, "name": "Expand keyword", "description": "Repeat keyword cyclically to match plaintext length.", "state_representation": "HELLO → key = KEYKE" },
    { "order": 3, "name": "Convert to numbers", "description": "Map both plaintext and key to numeric values 0-25.", "state_representation": "P=[7,4,11,11,14], K=[10,4,24,10,4]" },
    { "order": 4, "name": "Modular addition", "description": "Add plaintext and key values, take mod 26.", "formula": "C_i = (P_i + K_{i \\mod m}) \\mod 26", "state_representation": "[17,8,9,21,18]" },
    { "order": 5, "name": "Output ciphertext", "description": "Convert numeric results back to letters.", "state_representation": "RIJVS" }
  ],
  "example": {
    "input": "HELLO", "key": "KEY", "output": "RIJVS",
    "step_outputs": [
      { "step": 1, "value": "keyword = KEY" },
      { "step": 2, "value": "expanded = KEYKE" },
      { "step": 3, "value": "P=[7,4,11,11,14] K=[10,4,24,10,4]" },
      { "step": 4, "value": "[17,8,9,21,18]" },
      { "step": 5, "value": "RIJVS" }
    ]
  }
}
```

---

## 5. One-Time Pad
**Slug:** `one-time-pad` | **Category:** `classical` | **Difficulty:** 2 | **XP:** 25 | **Prerequisites:** Information Theory

```json
{
  "summary": "The One-Time Pad (OTP) is the only provably unbreakable encryption system in existence. Each bit of plaintext is XORed with a truly random key bit that is never reused. Shannon proved in 1949 that OTP achieves perfect secrecy — the ciphertext is statistically independent of the plaintext. Its impracticality (key must be as long as the message, truly random, and never reused) led to the development of modern stream ciphers.",
  "math_explanation": "Encryption: C = P XOR K. Decryption: P = C XOR K. Perfect secrecy holds because for any ciphertext C and any plaintext M, there exists exactly one key K such that E(M, K) = C. All plaintexts are equally likely given C.",
  "visual_type": "none",
  "security_notes": "Absolute security breaks immediately if: (1) the key is reused (two-time pad attack), (2) the key is not truly random (PRNG is not sufficient), or (3) the key is compromised. Soviet intelligence used a two-time pad in the VENONA project and were broken by the NSA.",
  "use_cases": ["Diplomatic hot-line communications", "Theoretical security proofs", "Foundation concept for stream ciphers", "Perfect secrecy demonstrations"],
  "historical_context": "Invented by Frank Miller (1882) and independently by Gilbert Vernam (1917). Claude Shannon proved its perfect secrecy in 1949. The Moscow–Washington hotline established in 1963 used OTP encryption.",
  "steps": [
    { "order": 1, "name": "Generate random key", "description": "Generate a truly random key K that is exactly as long as the message. Must be from a true random source, not a PRNG.", "formula": "K \\text{ truly random}, |K| = |P|", "state_representation": "P=01001000, K=11010011 (random)" },
    { "order": 2, "name": "XOR encrypt", "description": "XOR each bit of plaintext with the corresponding key bit.", "formula": "C_i = P_i \\oplus K_i", "state_representation": "01001000 XOR 11010011 = 10011011" },
    { "order": 3, "name": "Transmit ciphertext", "description": "Send the ciphertext over any channel. Even with unlimited computing power, the ciphertext is indistinguishable from random noise.", "state_representation": "C = 10011011 (appears random)" },
    { "order": 4, "name": "XOR decrypt", "description": "The recipient XORs the ciphertext with the same key to recover the plaintext.", "formula": "P_i = C_i \\oplus K_i", "state_representation": "10011011 XOR 11010011 = 01001000 = 'H'" }
  ],
  "example": {
    "input": "01001000 (H)", "key": "11010011 (random)", "output": "10011011",
    "step_outputs": [
      { "step": 1, "value": "K = 11010011 (true random)" },
      { "step": 2, "value": "01001000 XOR 11010011 = 10011011" },
      { "step": 3, "value": "C = 10011011 transmitted" },
      { "step": 4, "value": "10011011 XOR 11010011 = 01001000 = H ✓" }
    ]
  }
}
```

---

## 6. Stream Ciphers
**Slug:** `stream-ciphers` | **Category:** `symmetric` | **Difficulty:** 2 | **XP:** 30 | **Prerequisites:** One-Time Pad

```json
{
  "summary": "Stream ciphers are the practical answer to the One-Time Pad's key management problem. Instead of a truly random key, they use a short secret key to generate a pseudo-random keystream of any length, then XOR it with the plaintext. RC4 was the most widely deployed stream cipher; ChaCha20 is the modern standard used in TLS 1.3.",
  "math_explanation": "C = P XOR KS, where KS = PRNG(key, nonce). The PRNG must be cryptographically secure — its output must be indistinguishable from true random. Security reduces to: an attacker cannot distinguish KS from random given observed ciphertexts.",
  "visual_type": "none",
  "security_notes": "Never reuse a (key, nonce) pair — this collapses into a two-time pad and destroys security. RC4 is now broken and deprecated. Use ChaCha20-Poly1305 (with authentication) in all modern systems.",
  "use_cases": ["TLS 1.3 (ChaCha20-Poly1305)", "WireGuard VPN", "Disk encryption (where low latency matters)", "Real-time video/audio encryption"],
  "historical_context": "RC4 was designed by Ron Rivest in 1987 and kept trade secret until leaked in 1994. It was widely used in WEP (WiFi), SSL, and BitTorrent. RC4 biases were exploited in 2015 (RC4NOMORE attack), leading to RFC 7465 prohibiting its use in TLS.",
  "steps": [
    { "order": 1, "name": "Initialize with key + nonce", "description": "Feed the secret key and a unique nonce (number used once) into the PRNG to set its initial state.", "state_representation": "key=0xABCD..., nonce=0x0001 → PRNG state initialized" },
    { "order": 2, "name": "Generate keystream", "description": "The PRNG produces an arbitrarily long pseudo-random byte sequence — the keystream.", "state_representation": "KS = [0x3F, 0xA2, 0x11, 0xC7, ...]" },
    { "order": 3, "name": "XOR with plaintext", "description": "XOR each byte of plaintext with the corresponding keystream byte to produce ciphertext.", "formula": "C_i = P_i \\oplus KS_i", "state_representation": "P=0x48('H'), KS=0x3F → C=0x77" },
    { "order": 4, "name": "Decrypt identically", "description": "The receiver regenerates the same keystream (same key + nonce) and XORs again to recover plaintext.", "state_representation": "0x77 XOR 0x3F = 0x48 = 'H' ✓" }
  ],
  "example": {
    "input": "H (0x48)", "key": "key + nonce", "output": "0x77",
    "step_outputs": [
      { "step": 1, "value": "PRNG initialized with key+nonce" },
      { "step": 2, "value": "KS[0] = 0x3F" },
      { "step": 3, "value": "0x48 XOR 0x3F = 0x77" },
      { "step": 4, "value": "0x77 XOR 0x3F = 0x48 = H ✓" }
    ]
  }
}
```

---

## 7. Block Ciphers & Modes
**Slug:** `block-ciphers` | **Category:** `symmetric` | **Difficulty:** 3 | **XP:** 35 | **Prerequisites:** Stream Ciphers

```json
{
  "summary": "Block ciphers encrypt fixed-size blocks of data (e.g., 128 bits) using a secret key. Unlike stream ciphers, they apply a complex mathematical transformation to the entire block at once. The same block cipher can be used in different modes of operation (ECB, CBC, CTR, GCM) that determine how multiple blocks are chained together — the choice of mode critically affects security.",
  "math_explanation": "Block cipher: C = E(K, P) where |P| = |C| = block_size. For n message blocks: ECB: Ci = E(K, Pi). CBC: Ci = E(K, Pi XOR C[i-1]), C0=IV. CTR: Ci = Pi XOR E(K, nonce||counter). GCM = CTR + GHASH authentication.",
  "visual_type": "block_diagram",
  "security_notes": "ECB mode is NEVER secure — identical plaintext blocks produce identical ciphertext blocks (penguin attack). Always use CBC with random IV, CTR with unique nonce, or GCM for authenticated encryption. Padding oracle attacks (POODLE, BEAST) target CBC without proper MAC.",
  "use_cases": ["AES-GCM in TLS 1.3", "AES-CBC in older TLS/disk encryption", "AES-CTR in database field encryption", "DES (now deprecated)"],
  "historical_context": "DES (1977, 56-bit key) was the first standardized block cipher. Broken by EFF's Deep Crack in 22 hours (1998). Triple-DES extended its life but was deprecated in 2023. AES replaced DES as the standard in 2001 after a public 5-year competition.",
  "steps": [
    { "order": 1, "name": "Divide plaintext into blocks", "description": "Split the message into fixed-size blocks. Pad the last block if needed.", "state_representation": "128-bit AES: 16-byte blocks. 'Hello World!!!!!' → 1 block" },
    { "order": 2, "name": "Choose a mode of operation", "description": "ECB: each block encrypted independently (insecure). CBC: XOR with previous ciphertext block. CTR: encrypt counter values.", "state_representation": "Use GCM for authenticated encryption" },
    { "order": 3, "name": "Apply block cipher per block", "description": "Each block is transformed through multiple rounds of substitution, permutation, and key mixing.", "formula": "C_i = E(K,\\, P_i \\oplus C_{i-1}) \\quad \\text{(CBC mode)}", "state_representation": "C0=IV, C1=E(K, P1 XOR IV)" },
    { "order": 4, "name": "Output ciphertext blocks", "description": "Concatenate all ciphertext blocks. In GCM mode, also append the authentication tag.", "state_representation": "C = C1 || C2 || ... || Cn || AuthTag" }
  ],
  "example": {
    "input": "Two identical blocks: 'AAAAAAAAAAAAAAAA' x2",
    "key": "128-bit AES key",
    "output": "ECB: same ciphertext twice (insecure). CBC: different ciphertext.",
    "step_outputs": [
      { "step": 1, "value": "Block1 = Block2 = 0x41...41" },
      { "step": 2, "value": "ECB: C1=C2 (reveals pattern)" },
      { "step": 3, "value": "CBC: C1=E(K,B1 XOR IV), C2=E(K,B2 XOR C1)" },
      { "step": 4, "value": "CBC: C1≠C2 even though B1=B2 ✓" }
    ]
  }
}
```

---

## 8. AES (Advanced Encryption Standard)
**Slug:** `aes` | **Category:** `symmetric` | **Difficulty:** 3 | **XP:** 40 | **Prerequisites:** Block Ciphers & Modes

```json
{
  "summary": "AES (Advanced Encryption Standard) is the world's most widely deployed symmetric encryption algorithm. Adopted by NIST in 2001 after a 5-year public competition, it replaced DES. AES operates on 128-bit blocks with keys of 128, 192, or 256 bits. Its security is based on the SP-network design: repeated application of substitution and permutation rounds creates strong diffusion and confusion.",
  "math_explanation": "AES operates on a 4×4 byte state matrix. Each of 10/12/14 rounds (for 128/192/256-bit keys) applies: SubBytes (S-box substitution in GF(2^8)), ShiftRows (cyclic shifting of rows), MixColumns (matrix mult in GF(2^8)), AddRoundKey (XOR with round key). Final round omits MixColumns.",
  "visual_type": "block_diagram",
  "security_notes": "No practical attack on AES-128 exists — best known attack (biclique) reduces complexity to 2^126.1. AES-256 is required for post-quantum security margin. Side-channel attacks (timing, cache) on AES implementations are a real threat — use hardware AES-NI instructions.",
  "use_cases": ["TLS/HTTPS — AES-128-GCM", "Wi-Fi — WPA2/WPA3 (AES-CCMP)", "Full disk encryption — BitLocker, FileVault", "End-to-end encryption — Signal, WhatsApp"],
  "historical_context": "NIST launched the AES competition in 1997. Joan Daemen and Vincent Rijmen submitted Rijndael, which won in 2001. The name 'Rijndael' comes from combining the designers' names. AES became FIPS 197. It is the first publicly accessible cipher approved by the NSA for TOP SECRET data.",
  "steps": [
    { "order": 1, "name": "Key Expansion", "description": "The 128/192/256-bit key is expanded into 11/13/15 round keys (each 128 bits) using the AES key schedule.", "state_representation": "16-byte key → 176 bytes of round keys" },
    { "order": 2, "name": "Initial AddRoundKey", "description": "XOR the plaintext block (16 bytes, arranged as 4×4 state matrix) with the first round key.", "formula": "\\text{State} = \\text{Plaintext} \\oplus \\text{RoundKey}_0", "state_representation": "State[i][j] = P[i][j] XOR K0[i][j]" },
    { "order": 3, "name": "SubBytes", "description": "Each byte is independently replaced by its S-box value — a non-linear substitution over GF(2^8) providing confusion.", "state_representation": "0x53 → 0xED (S-box lookup)" },
    { "order": 4, "name": "ShiftRows", "description": "Row 0: no shift. Row 1: left-shifted 1. Row 2: left-shifted 2. Row 3: left-shifted 3. Spreads bytes across columns.", "state_representation": "Row bytes redistribute across columns" },
    { "order": 5, "name": "MixColumns", "description": "Each column is treated as a polynomial over GF(2^8) and multiplied by a fixed matrix. Provides diffusion across rows.", "formula": "\\text{col'} = A \\times \\text{col in GF}(2^8)", "state_representation": "4 bytes → 4 completely different bytes" },
    { "order": 6, "name": "AddRoundKey + Repeat", "description": "XOR current state with the round key. Repeat SubBytes→ShiftRows→MixColumns→AddRoundKey for 9 more rounds (AES-128).", "state_representation": "After 10 rounds: 16-byte ciphertext block" }
  ],
  "example": {
    "input": "2b7e151628aed2a6abf7158809cf4f3c",
    "key": "3c4fcf098815f7aba6d2ae2816157e2b",
    "output": "1acac8809b6f66e6b59573cecc5b8ecb",
    "step_outputs": [
      { "step": 1, "value": "Key expanded to 11 round keys" },
      { "step": 2, "value": "AddRoundKey0 applied" },
      { "step": 3, "value": "SubBytes: non-linear S-box applied to each byte" },
      { "step": 4, "value": "ShiftRows: row bytes cyclically shifted" },
      { "step": 5, "value": "MixColumns: column diffusion applied" },
      { "step": 6, "value": "9 more rounds → final ciphertext" }
    ]
  }
}
```