LABYRINTH — Geo-Bound Zero-Knowledge Vault

① Select File to Encrypt

🗂

Drop any file here or click to browse

Your file never leaves this browser tab — zero server contact

② Secret Password

Passphrase

—

Key = PBKDF2(pw,salt,300k) ⊕ HKDF(SHA256(geo+geoSalt+fp))

③ Lock Radius

Decryption only succeeds within this radius of your lock point

④ Device Binding how tightly locked?

factor selection override

✓

User Agent navigator.userAgent STABLE

✓

Language navigator.language STABLE

✓

Platform navigator.platform MODERATE

✓

CPU Cores hardwareConcurrency STABLE

✓

Screen Resolution screen.width/height UNSTABLE

⚠ Changing individual factors overrides the mode buttons above. Unstable factors may cause permanent decryption failure after monitor changes or display scaling.

⑤ Capture Lock Location

GPS Status No location captured

⚠ GPS accuracy is low. Move near a window or step outside and re-capture. Encrypting now may produce a file that cannot be decrypted even at this location.

🔒 Files sealed here can only be opened at this location. Coordinates are hashed with a random geo-salt — not stored anywhere in the bundle.

① Load Encrypted File

🔐

Drop a .labyrinth file here

Only files sealed by Labyrinth are accepted

② Decryption Password

Original password used during encryption

Device binding factors are read from the sealed bundle — same factors applied automatically.

③ Your Current Location

GPS Status No location captured

⚠ GPS accuracy is low — decryption may fail even at the correct location. Try again outdoors.

🛡 Lock location is cryptographically hidden. This map shows only your current position.

Cryptographic Architecture — v2

Ⅰ

Password → PBKDF2-SHA256 (300,000 iterations)

Passphrase stretched with a random 256-bit PBKDF2 salt. 300k iterations resists GPU brute-force for years. Iteration count stored explicitly in the bundle for future migration.

password + pbkdf2_salt → PBKDF2(SHA-256, 300 000) → 32-byte pw_key

Ⅱ

Location + Geo-Salt → Geo Key (offline brute-force impossible)

GPS coordinates rounded to chosen precision, combined with a random 16-byte geo-salt (stored in bundle), the user-selected device fingerprint factors, and timezone. The geo-salt is the critical addition — even perfect knowledge of the coordinates yields zero information without the salt. This blocks any offline coordinate enumeration attack regardless of precision setting.

"{lat_r}::{lon_r}::{geo_salt_hex}::{tz}::{fp_factors}" → SHA-256 → 32-byte geo_key

Ⅲ

Combine → HKDF (domain-separated key derivation)

Password key and geo key concatenated and run through HKDF-SHA256. Neither factor alone can decrypt. Domain label prevents key material reuse.

[pw_key ‖ geo_key] → HKDF(SHA-256, "labyrinth-geo-vault-v1.0") → 32-byte final_key

Ⅳ

AAD — Metadata Cryptographically Authenticated

Filename, filesize, and precision are hashed and passed as AES-GCM Additional Authenticated Data. Any modification to bundle metadata fields is detected at decryption — even if the key is correct, tampered metadata causes rejection.

SHA-256({filename, filesize, precision, version:1}) → aad → AES-GCM additionalData

Ⅴ

AES-256-GCM + Memory Wipe

File encrypted with AES-256-GCM, random 96-bit IV, 128-bit GCM authentication tag. Raw file buffer is immediately zeroed with fill(0) after encryption. Wrong password and wrong location both produce the same generic rejection — the error never reveals which factor failed.

file_data → AES-256-GCM(final_key, iv, aad) → ciphertext + auth_tag → rawData.fill(0)

Protected Against

Scenario	Status
Stolen ciphertext alone	✓ Protected
Stolen password alone	✓ Protected
File + password, wrong location	✓ Protected
Offline coordinate brute-force	✓ Geo-salt blocks it
Bundle metadata tampering	✓ Detected via AAD
Cloud storage breach	✓ Protected
Lock location read from file	✓ Not stored

Known Limitations (Honest)

Attack Vector	Status
GPS spoof + geo-salt + coord knowledge	⚠ Requires bundle + location
Full device compromise (root)	✗ Not covered
Browser memory forensics	⚠ Mitigated (buffer wipe)
Adversary physically at same location	⚠ Partial

GPS spoofing now requires the random geo-salt from the bundle, matching timezone, AND matching device fingerprint factors. Coordinates alone are cryptographically useless.

What the Bundle Contains

Zero location data. The .labyrinth bundle contains: encrypted ciphertext · PBKDF2 salt · AES IV · random geo-salt · filename · filesize · timestamp · precision setting · device binding factor IDs (not their values) · versioned crypto parameter block. No coordinates, no timezone, no raw fingerprint values of any kind. Opening the file in a text editor reveals nothing about where it was sealed.

AES-256-GCM PBKDF2-SHA256 HKDF AAD Metadata Auth Zero Server Contact Geo-Salt (BF resistant) Lock Coords Not Stored Configurable Device Binding Memory Wiped After Use Versioned Crypto Params

Device Binding Stability Guide

Factor	Stability	What Changes It	Recommendation
User Agent	High	Major browser version update	Always include
Language	Very High	Manual language change in browser	Always include
Platform	Medium	OS reinstall, dual-boot	Optional
CPU Cores	High	Hardware change only	Optional (low entropy)
Screen Resolution	Low	External monitor, scaling, fullscreen toggle	Avoid for critical files