Obfuscating Answer Key

This may be more of a design question, but after comparing the general discourse on both forums, the technicality of it strikes me as having it be more suitable here.

To avoid laboring the point, I am working on a game in which players will be able to construct jigsaw puzzles. These puzzles are generated and monitored by the server and displayed via the client. The problem I’m facing though focuses on client security.

In order for the client to generate the actual puzzle pieces, the client needs to know what shape and what part of the puzzle each piece represents. The shape is fairly innocent data, but I can’t figure out a good way to tell the client where in the puzzle each piece is without sending the client enough information to solve the puzzle outright. While this information will always technically be present in the form of the textures applied to the parts, it would be harder to make use of the information in this format, and so I am unconcerned.

Initial considerations involved mostly sending the data over and having the client destroy it once it had generated the pieces. While I don’t fully understand the mechanisms by which nefarious users monitor network data, I would assume this would be a poor method of data transfer, yes?

I’m thinking that some sort of rudimentary encryption could suffice, as even simple algorithms would likely prove inconvenient enough to decipher without decompiling the client code. Ultimately, the goal is to make cheating more inconvenient than simply playing the game, and I’m not even entirely sure this is the place to worry about security, but it does strike me as the weakest link.

1 Like

Answer, don’t tell the client where each piece is, have the client send over their copy of the puzzle and verify it on the server via remote function which should be doable for a jigsaw puzzle. Normally you are supposed to give the pieces first scattered around in the first place for a jigsaw puzzle to be a puzzle.

Don’t overcomplicate things, and remember do it for the players and not for the exploiters, and the verification on the server should suffice.

I suppose you are correct. One thing I routinely forget about is that there are (hacky) methods of single-client replication of parts from the server. This would mean that I can create, scatter, and “paint” the pieces on the server and send it all over once that’s done without affecting other clients, which accomplishes what I set out to do.