If you want to encrypt data sent with AJAX, the easiest thing to do is just host the AJAX URL on HTTPS. Then everything you send and receive is encrypted by TLS, using modern and secure algorithms. However that does not stop users posting fake scores.
It is ultimately impossible to identify fake score submissions from real ones. Even if you have some kind of password and protection mechanism using a hash, an "attacker" only need to figure out how to activate the event that posts a score with a fake value, and it will still send a value that is accepted. So you can make it harder, but not rule it out.