GeoVault: Leveraging Human Spatial Memory for Secure Cryptographic Key Management

Abstract

Practical failures of cryptographic key management rarely stem from weak algorithms: they arise from the difficulty users face in memorizing and reliably recalling high-entropy secrets. Password-based and brainwallet approaches collapse under selection bias, while machine-generated mnemonics such as BIP-39 impose a significant memory burden. This paper introduces GeoVault, a key derivation framework that uses remembered geographic locations as the cryptographic input. Keys are derived from a small set of user-selected map points, encoded deterministically using a geospatial scheme and hardened with the Argon2id memory-hard function. We develop a formal entropy model that distinguishes nominal from effective spatial entropy under attacker-prioritized geographic dictionaries and quantifies the additional reduction caused by demographic selection bias. Through information-theoretic analysis and CPU-GPU benchmarking, we show that spatial secrets carry a substantially higher effective entropy floor than human-chosen passwords, and that Argon2id creates a strong asymmetry between legitimate users and offline adversaries: at a memory cost of 1 GiB, an attacker using a high-end GPU can test approximately 66 candidate secrets per one defender key derivation. This residual throughput advantage is, however, overwhelmed by the exponential growth of the search space when multiple locations are selected. Selecting $n\ge 3$ geographic points is necessary and sufficient to achieve cryptographic-strength brute-force resistance under the global attacker prior across all evaluated Argon2id configurations. Against a demographically targeted attacker with city-level knowledge of the user, $n=3$ maintains Human-Scale Secure resistance; $n=4$ with a chaining depth of $k=6$ restores the Super Secure zone at an ≈8 s user-side wait. Single-point configurations remain insecure regardless of memory cost hardening.

1. Introduction

Cryptographic algorithms rarely fail in isolation; real-world security breaches are far more often caused by the difficulty humans face in generating, storing, and reliably recalling high-entropy secrets [1]. This constraint has driven two decades of research into mnemonic key storage: password managers, brainwallets, and standardized phrase lists such as BIP-39 each represent a different point in the trade-off space between entropy and memorability.

Brainwallets and passphrase-derived keys attempt to eliminate the need for external storage by relying entirely on human memory. However, extensive empirical research has shown that such approaches fail under realistic offline attacker models due to severe entropy collapse caused by predictable human choice [2,3]. Large-scale studies of real-world password datasets demonstrate that users consistently select secrets with strong linguistic and cultural bias, resulting in effective entropy levels far below theoretical estimates [2,4]. Analyses of funded brainwallets further confirm that passphrase-derived keys are often compromised shortly after use, sometimes within minutes [3,5]. Even mnemonic-friendly strategies fail to provide durable protection once human selection bias is taken into account.

In contrast, machine-generated mnemonic schemes such as BIP-39 offer strong cryptographic guarantees by selecting words uniformly from a fixed dictionary, yielding well-defined entropy budgets. A standard 12-word BIP-39 mnemonic provides 128 bits of nominal entropy, making exhaustive brute-force attacks computationally infeasible under conventional assumptions. However, these schemes impose a significant cognitive burden on users, who must reliably store or back up the mnemonic phrase. In practice, this often leads to insecure storage practices or irreversible loss of access, effectively shifting the problem from entropy generation to key retention and recovery.

Despite their differences, password-based and brainwallet approaches share a common dependency: linguistic or abstract symbolic memory, a form of recall that degrades measurably over months and years [6,7]. Spatial memory follows a strikingly different retention profile. Layouts of familiar places, routes, and personal landmarks are encoded through hippocampal circuits that govern long-term spatial navigation and are retained with high fidelity even after long intervals without rehearsal [8,9,10,11]. The difference is not incidental: it reflects distinct cognitive mechanisms, with verbal recall rapidly susceptible to interference and spatial recall comparatively stable.

Prior authentication research has drawn on related intuitions, exploring graphical and map-based schemes [12,13,14,15]. User studies confirm improved recall, but the security question has been handled qualitatively: none of these systems couples spatial selection to a formal entropy model, quantifies the reduction caused by demographic selection bias, or evaluates the resulting work factor against a GPU-class offline adversary with access to attacker-prioritized spatial dictionaries.

In parallel, advances in cryptographic key derivation functions have made it possible to impose strong, hardware-enforced asymmetries between legitimate users and offline adversaries. Memory-hard functions such as Argon2 were explicitly designed to resist massively parallel GPU and ASIC attacks by binding performance to memory bandwidth and capacity rather than raw compute throughput [16,17]. Empirical studies have shown that such functions significantly reduce attacker advantage and allow defenders to trade modest increases in computation time for large increases in brute-force resistance [18].

This paper introduces GeoVault, a key management framework that combines these insights. GeoVault derives cryptographic keys from one or more user-selected spatial locations, encoded deterministically using geospatial encoding schemes and hardened through memory-hard key derivation. By anchoring secrets in spatial memory and amplifying their security through computational hardness, GeoVault aims to mitigate the security–usability limitations inherent in brainwallet-style systems under offline attack models.

The main contributions of this work are as follows:

• We introduce a formal entropy model for spatially anchored secrets that distinguishes nominal spatial entropy from effective entropy under attacker-prioritized spatial dictionaries, capturing realistic semantic and clustering biases in human location choice.
• We analyze and quantify the security limits of spatial memory under realistic human selection behavior, showing how clustering and semantic constraints reduce effective entropy and how multi-point spatial selection mitigates this effect.
• We empirically evaluate the defender–attacker asymmetry induced by memory-hard key derivation using Argon2id, demonstrating that modest multi-point spatial selection combined with memory-hard derivation can achieve attacker-adjusted work factors that approach or, under certain configurations, exceed those of 12-word BIP-39 mnemonics, while single-point configurations provide meaningful offline resistance with reduced cognitive burden. We further characterize the effect of KDF chaining depth k as an independent security axis, provide projected latency estimates across server, consumer laptop and smartphone hardware classes, and analyze GeoVault’s security margins under quantum (Grover) and ASIC adversary models.

The paper is structured as follows. Section 2 reviews related work on brainwallets, mnemonic-based key storage, spatial cognition, and geospatial encoding. Section 3 develops the theoretical foundations, including formal entropy models, attacker-prioritized spatial dictionaries, and computational hardening. Section 4 presents the GeoVault protocol design. Section 5 reports the empirical benchmarks. Section 6 discusses implications and limitations. Section 7 concludes.

2. Related Work

2.1. Brainwallets and Their Weaknesses

Brainwallets represent a class of deterministic cryptocurrency wallets in which private keys are derived directly from user-chosen passwords or passphrases. The underlying assumption is that users can reliably memorize sufficiently complex secrets, thereby eliminating the need for physical or digital storage of private keys [3,19]. In practice, however, extensive empirical research has demonstrated that this assumption is rarely satisfied, leading to severe security and usability limitations.

The core vulnerability of brainwallets stems from the predictable nature of human-chosen passwords and passphrases. Vasek et al. [3] conducted a large-scale empirical analysis of funded brainwallets and showed that users overwhelmingly select easily guessable phrases, resulting in a dramatic reduction in effective entropy. Their findings revealed that the majority of brainwallets were compromised shortly after being funded, often within minutes, underscoring the practicality of offline dictionary attacks against passphrase-derived keys.

Earlier work by Kuo et al. [4] identified similar weaknesses in mnemonic phrase-based passwords, demonstrating that users frequently rely on common phrases sourced from online material. Yang et al. [5] further confirmed that mnemonic-based password strategies, despite their perceived memorability benefits, produce secrets that remain highly vulnerable to statistical guessing attacks.

These vulnerabilities are compounded by fundamental cognitive limitations in human memory. Bonneau [2] demonstrated that, despite repeated efforts to promote stronger password practices, most users fail to achieve sufficient entropy in practice. Adams and Sasse [1,20] explained this phenomenon from a usability perspective, arguing that increasing password complexity requirements directly conflicts with human memory constraints and predictably leads users toward insecure coping strategies.

Attempts to mitigate these weaknesses through user education have shown limited effectiveness. Kävrestad and Nohlberg [21] found that context-based security training failed to produce meaningful improvements in real-world passphrase strength, highlighting the persistent tension between security requirements and human cognitive limitations.

Alternative authentication schemes that seek to exploit human visual memory have similarly encountered structural weaknesses. Tari et al. [12] and Golla et al. [13] investigated graphical and emoji-based password systems, identifying vulnerabilities such as susceptibility to shoulder-surfing and strong user bias toward predictable choices. While such approaches can improve memorability, they do not eliminate the fundamental problem of low effective entropy under targeted attack models.

To address the inherent weaknesses of brainwallets, alternative key management approaches have been proposed, including hierarchical deterministic (HD) wallets [22,23] and hardware-based wallets, commonly referred to as cold wallets [19,24]. HD wallets, standardized in BIP32, derive large key hierarchies from a single master seed, simplifying backup and recovery. However, Di Luzio et al. [22] identified privilege escalation vulnerabilities in multi-user settings, while Gutoski and Stebila [23] demonstrated that partial key leakage can enable recovery of the master secret, exposing the entire wallet hierarchy.

Cold wallets mitigate network-based attacks by storing private keys offline, but they introduce distinct attack surfaces. Das et al. [19] analyzed the hot/cold wallet paradigm and formalized conditions under which such systems remain secure. Nevertheless, Guri [24] experimentally demonstrated that air-gapped wallets can be compromised through physical side channels, including electromagnetic, acoustic, optical, and thermal leakage, challenging the assumption that hardware isolation alone provides absolute security.

In summary, brainwallets and mnemonic-based password schemes consistently suffer from two fundamental weaknesses: low effective entropy caused by predictable human-chosen secrets, and usability constraints rooted in cognitive limitations [3,4,5]. While HD wallets and cold wallets mitigate certain risks, they introduce additional complexity and new failure modes, such as master-key leakage [22,23] or physical side-channel exfiltration [19,24]. These limitations motivate the exploration of alternative approaches that align more closely with human cognitive strengths. In particular, leveraging spatial memory—an ability known for its robustness and long-term retention—offers a promising foundation for secure and user-friendly key management.

2.2. Human Spatial Memory as a Cryptographic Asset

Human memory is notoriously unreliable when it comes to memorizing abstract information such as complex alphanumeric strings or passphrases [6,7]. However, decades of cognitive psychology research have shown that humans exhibit a disproportionately strong ability to encode, recall, and retain spatial information [8,9]. This observation underpins the “method of loci,” an ancient memory technique that leverages imagined spatial environments to recall information by placing memories at physical locations within a mental map [25].

Neurological evidence also supports the unique role of spatial memory in human cognition. The hippocampus, a brain structure critical for memory formation, is also central to spatial navigation [11]. The dual-use of this brain region suggests a strong evolutionary and functional link between spatial awareness and memory encoding. Studies in cognitive neuroscience confirm that people can recall spatial configurations with high accuracy even after long periods, particularly when these memories are grounded in visual or map-based stimuli [26,27].

Map-based authentication has been explored since at least PassMap [14] and GeoPass [15], which showed that geographic secrets are retained for 3–5 weeks with fewer errors than alphanumeric passphrases. GeoPassNotes [28] further showed that personally meaningful landmarks improve recall by activating episodic memory cues.

Despite these advantages, prior work in map-based authentication has identified severe entropy collapse caused by predictable human selection. Users consistently exhibit strong semantic bias toward residential locations (home/work), major urban centers, and famous global landmarks [14,15,29]. A comprehensive usability and security evaluation by Al-Ameen and Wright [29] further quantified the degree to which user selection distributions concentrate around personally and culturally salient locations, confirming that an adversary with even limited contextual knowledge of the user can substantially reduce the effective search space below the nominal geographic entropy. These selection patterns reduce the effective search space in ways that purely geographic dictionaries do not capture. While these studies establish the memorability of spatial secrets, they have not yet been integrated into a cryptographic key derivation framework that explicitly mitigates selection bias through memory-hardening and hardware-aware offline threat modeling.

These findings suggest that spatial memory may provide a superior foundation for cryptographic key storage and retrieval mechanisms. Unlike traditional brainwallets that rely on memorized strings, a system that anchors a seed derivation process to a spatial coordinate or map location naturally exploits this cognitive strength. By combining the robustness of spatial recall with computational functions that bind access to the correct location and effort, it is possible to achieve both higher security and improved usability.

2.3. Geospatial Encoding Systems

Geospatial encoding systems provide a structured way to represent geographic locations using codes or identifiers, facilitating applications such as navigation, logistics, and, in the context of this research, secure mnemonic storage based on spatial memory. These systems translate physical locations into a format that can be easily shared and processed, making them a critical component of the proposed GeoVault protocol.

A widely recognized example is What3Words (w3w), which partitions the globe into 3 m × 3 m squares, each assigned a unique three-word identifier. This system excels in usability due to its intuitive word-based format, reducing errors compared to traditional coordinates, and supports multiple languages [30]. However, its fixed resolution limits its flexibility for applications requiring finer granularity or three-dimensional encoding, such as indoor environments [31]. Moreover, recent critiques highlight potential confusion between similar word triplets, posing risks in critical applications like emergency response or secure storage [32]. These limitations are particularly relevant to GeoVault, where precise and unambiguous location encoding directly impacts mnemonic security.

Alternative systems include Geohash, Google’s Open Location Code (OLC), and Google S2. Geohash employs a hierarchical grid with alphanumeric codes, offering variable precision but suffering from complexity and potential user confusion due to its base32 encoding [33]. Open Location Code, designed for offline use, provides a more accessible alphanumeric approach, balancing usability and scalability [33]. Google S2, optimized for spatial indexing, uses a cell-based structure that supports efficient querying and could enhance the protocol’s computational efficiency [33]. Each system presents distinct characteristics: Geohash and OLC prioritize flexibility, while S2 emphasizes performance in large-scale applications.

The choice of a geospatial encoding system for GeoVault involves several trade-offs. Usability is critical for enabling users to recall and input locations accurately, favoring systems like What3Words [30]. Granularity, or the size of the encoded area, affects the entropy of the system—a finer grid increases the number of possible locations, strengthening security against brute-force attacks. Encoding precision also influences the integration with computation-hard derivation functions like Argon2, as higher precision demands greater computational effort to protect the mnemonic seed. Additionally, reliability and accuracy are paramount, as geocoding errors can compromise the protocol’s integrity. Studies reveal significant variability in geocoding accuracy across services and regions, necessitating robust validation frameworks [34,35].

In this research, geospatial encoding systems underpin the spatial anchoring of mnemonic seeds. While What3Words offers a compelling balance of usability and precision, its proprietary nature and potential for confusion [32] necessitate the exploration of open-source alternatives like Open Location Code for fully offline-resolvable implementations. Alternatives like Google S2 could improve scalability and precision, while custom schemes might better align with the protocol’s security requirements [33]. Furthermore, address extraction and matching techniques from web data, as explored in [36], could enhance location selection, ensuring users choose memorable yet secure spatial anchors.

Ultimately, the selected system must integrate seamlessly with the protocol’s threat model, resisting attacks such as map scanning or brute-forcing while maintaining user-friendliness. Future work will explore hybrid approaches, potentially combining What3Words’ simplicity with S2’s flexibility, and evaluate their performance in real-world mnemonic recovery scenarios.

2.4. Encryption Techniques for Hardening Secrets

VDFs [37,38], time-lock puzzles [39], and proofs of sequential work (PoSW) [40] each provide forms of sequentially enforced delay; GeoVault instead uses memory-hard KDFs, which enforce a hardware-bound asymmetry between defenders and offline adversaries without requiring interaction or trusted setup.

Memory-hard KDFs, such as Argon2, transform inputs like spatial coordinates into cryptographic keys through processes that require substantial memory resources, thereby resisting optimization by hardware accelerators such as ASICs or GPUs [16,17]. Unlike compute-bound hashes, Argon2d binds attacker performance to memory bandwidth and capacity. This ensures that even high-end GPU clusters face a non-linear reduction in throughput once the memory requirements of the KDF approach the physical VRAM limits of the device. Although emerging compute-capable memory technologies may eventually reduce access costs for older functions like scrypt [18], Argon2id remains the current standard for mitigating both side-channel and time–memory trade-off attacks in human-centered key management.

Together, Argon2id converts modest user-side latency into a disproportionately large attacker work factor. Hybrid combinations with PoSW remain an open direction for further hardening against parallelized map-scanning attacks.

3. Theoretical Background

3.1. Entropy in Mnemonic and Password-Based Secure Storage

Cryptographic key management systems frequently derive secret keys from human-memorable inputs, including machine-generated mnemonics, user-chosen passwords, and passphrases, collectively referred to as brainwallet-based constructions. The security of such systems is commonly expressed in terms of entropy, which characterizes the size of the underlying search space available to an offline attacker. Shannon entropy [41] provides a fundamental measure of uncertainty in this context and is defined in Equation (1).

$$H\left(\mathcal{A}\right)=-\sum _{a_i\in \mathcal{A}}P\left(a_i\right){log}_{2}P\left(a_i\right),$$

(1)

where $\mathcal{A}$ denotes the alphabet of possible secrets and $P\left(a_i\right)$ is the probability of selecting element $a_i$.

While Shannon entropy provides a useful conceptual measure, resistance to offline guessing attacks is ultimately governed by the effective size of the attacker’s prioritized search space. In practice, this corresponds to the entropy remaining once human selection bias and attacker-adaptive guessing strategies are taken into account.

In the BIP-39 standard, mnemonic phrases are generated algorithmically by selecting words uniformly and independently from a fixed dictionary. A standard 12-word BIP-39 mnemonic uses a dictionary of 2048 entries and yields exactly 128 bits of nominal entropy, corresponding to $2^{128}$ possible mnemonic combinations. Under the assumption of uniform random generation, this construction provides strong cryptographic resistance against exhaustive brute-force attacks.

To illustrate the scale implied by 128 bits of nominal entropy, consider an offline attacker equipped with modern GPU hardware optimized for hashing operations. A high-end consumer GPU can evaluate on the order of ${10}^9$ candidate keys per second under lightweight hashing assumptions [42,43,44]. Under this assumption, the expected time required to exhaustively search the full mnemonic space is given by Equation (2).

$$T={\displaystyle \frac{2^{128}}{{10}^9}}\mathrm{s}\approx 3.4\times {10}^{29}\mathrm{s},$$

(2)

This corresponds to approximately $1.08\times {10}^{22}$ years, vastly exceeding the age of the universe. Consequently, uniformly generated BIP-39 mnemonics are effectively immune to brute-force attacks under realistic computational assumptions.

In contrast, password- and passphrase-based brainwallets derive cryptographic keys directly from user-chosen secrets. From a theoretical perspective, if a password or passphrase was selected uniformly at random from a dictionary of size N, each symbol would contribute ${log}_{2}N$ bits of nominal entropy. The minimum length L required to reach a target of 128 bits of nominal entropy is given by Equation (3).

$$L=⌈{\displaystyle \frac{128}{{log}_{2}N}}⌉.$$

(3)

Table 1. Required length to achieve at least 128 bits of nominal entropy under uniform random selection.

Selection Set (N)	Entropy per Unit	Length Required (L)
Alphanumeric (62 chars)	5.95 bits/char	22 characters
Standard ASCII (94 chars)	6.55 bits/char	20 characters
BIP-39 Wordlist (2048 words)	11.0 bits/word	12 words
Diceware (7776 words)	12.9 bits/word	10 words

summarizes this relationship for several representative selection sets.

While Table 1 describes the entropy achievable under idealized uniform selection, extensive empirical evidence shows that human-generated passwords and passphrases violate these assumptions in practice. Large-scale analyses of real-world password datasets reveal that user choice introduces significant linguistic, cultural, and structural biases, resulting in a dramatic reduction in effective entropy under realistic attacker models.

Bonneau [2], analyzing an anonymized corpus of nearly 70 million passwords, showed that typical user-chosen passwords provide fewer than 10 bits of resistance against online guessing attacks and on the order of 20 bits against optimized offline dictionary attacks. Vasek et al. [3] similarly observed that brainwallet passphrases are highly predictable and frequently compromised shortly after funding. Earlier studies by Kuo et al. [4] and subsequent work by Yang et al. [5] further corroborate that mnemonic and passphrase-based strategies, despite increased length or apparent complexity, remain vulnerable to statistical guessing due to human selection bias. Collectively, these results establish entropy collapse as a fundamental limitation of password- and passphrase-based brainwallets and motivate security models that explicitly distinguish nominal entropy from effective entropy under attacker-adaptive guessing strategies.

3.2. Entropy in Spatial Memory-Based Systems

The cryptographic strength of spatially anchored mnemonic systems, such as GeoVault, derives from the discretization of a continuous spatial domain into a finite set of selectable cells. Each cell constitutes a mnemonic element analogous to a word in a linguistic dictionary. The entropy provided by such systems is therefore determined by the resolution of the spatial discretization and by the effective size of the attacker’s prioritized spatial search space.

3.2.1. Nominal Spatial Entropy

Let $\mathcal{M}$ denote a spatial domain with total surface area $A_{\mathcal{M}}$, discretized into cells of area $A_{\mathrm{cell}}$. Under uniform random selection, the nominal entropy of a single spatial choice is defined in Equation (4).

$$H_{\mathrm{nominal}}={log}_2\left({\displaystyle \frac{A_{\mathcal{M}}}{A_{\mathrm{cell}}}}\right).$$

(4)

For the Earth’s surface ($A_{\mathcal{M}}\approx 510.1\times {10}^{12}{\mathrm{m}}^2$) and a discretization with $A_{\mathrm{cell}}=9{\mathrm{m}}^2$, the nominal entropy of a single spatial cell is given by Equation (5).

$$H_{\mathrm{global}}={log}_2\left({\displaystyle \frac{510.1\times {10}^{12}}{9}}\right)\approx 45.7\mathrm{bits}.$$

(5)

Achieving a target of 128 bits of entropy via a single spatial cell would require an unrealistically small cell area, as shown in Equation (6).

$$A_{\mathrm{cell}}={\displaystyle \frac{A_{\mathcal{M}}}{2^{128}}}\approx 1.5\times {10}^{-24}{\mathrm{m}}^2,$$

(6)

which is infeasible in practice. Consequently, spatial systems must rely on either multiple spatial selections or computational entropy-boosting mechanisms.

3.2.2. Effective Entropy and Spatial Dictionaries

Nominal spatial entropy assumes uniform random selection across the spatial domain $\mathcal{M}$. However, extensive research in spatial cognition shows that human spatial memory is hierarchically structured around landmarks, reference frames, and semantically meaningful regions, rather than represented as a uniform metric space [8,10]. As a result, realistic offline attackers can prioritize large portions of the search space by exploiting predictable human spatial behavior.

To model such attacks, we introduce the concept of spatial dictionaries, defined as attacker-prioritized subsets $\mathcal{D}\subseteq \mathcal{M}$ that reflect semantic, geographic, or contextual constraints on likely user choices. This abstraction captures coarse-grained attacker strategies, such as restricting guesses to landmasses, urban areas, coastlines, or other salient regions, without assuming knowledge of user-specific preferences or fine-grained popularity rankings.

Let $A_{\mathrm{eff}}\left(\mathcal{D}\right)$ denote the total area covered by a spatial dictionary $\mathcal{D}$. The effective entropy of a single spatial selection under this attacker prior is given by Equation (7).

$$H_{\mathrm{eff}}\left(\mathcal{D}\right)={log}_2\left({\displaystyle \frac{A_{\mathrm{eff}}\left(\mathcal{D}\right)}{A_{\mathrm{cell}}}}\right).$$

(7)

The corresponding entropy collapse relative to the global nominal case is defined in Equation (8).

$$\Delta H\left(\mathcal{D}\right)=H_{\mathrm{global}}-H_{\mathrm{eff}}\left(\mathcal{D}\right).$$

(8)

Equation (7) models the attacker’s geographic prior—which dictionary stratum is targeted—but treats selection within the targeted stratum as uniform. Empirical studies of geographic authentication systems demonstrate that this uniformity assumption overstates effective entropy: users disproportionately choose home addresses, workplaces, frequently visited venues, and culturally salient landmarks, concentrating realistic choices over a sub-fraction of the dictionary’s nominal coverage area [14,15,29]. To incorporate this within-dictionary behavioral bias, we introduce a selection fraction $f_s\in (0, 1]$, representing the proportion of cells in $\mathcal{D}$ that attract non-negligible probability mass under a demographically informed prior. The corrected effective entropy is

$$H_{\mathrm{eff},\mathrm{biased}}(\mathcal{D},f_s)={log}_2\left({\displaystyle \frac{f_s·A_{\mathrm{eff}}\left(\mathcal{D}\right)}{A_{\mathrm{cell}}}}\right)=H_{\mathrm{eff}}\left(\mathcal{D}\right)+{log}_2{f}_s\le H_{\mathrm{eff}}\left(\mathcal{D}\right).$$

(9)

Setting $f_s=1$ recovers the uniform selection model. Because the empirical literature does not yet provide a universal estimate of $f_s$ applicable across all geographies and user populations, all security evaluations in subsequent sections treat $H_{\mathrm{eff}}\left(\mathcal{D}\right)$ as an upper bound on true effective entropy: actual effective entropy is lower whenever $f_s<1$, i.e., whenever user selection within the targeted stratum is non-uniform. All security zone classifications in Section 5 are therefore optimistic for the defender and should be interpreted as best-case estimates pending empirical calibration of $f_s$. The targeted attacker scenario is addressed by selecting the appropriate fine-grained dictionary (e.g., the urban-scale stratum with $H_{\mathrm{eff}}\approx 27.4$ bits), which already encodes significant behavioral prior knowledge; $H_{\mathrm{eff},\mathrm{biased}}$ provides the formal mechanism for analysts to apply further within-stratum corrections as empirical data become available.

3.2.3. Clustering Bias and Localized Collapse

A particularly severe form of entropy collapse arises when users select multiple locations within a familiar local context. If an initial anchor point $p_1$ is selected freely, but subsequent points $p_i$ are constrained to lie within a radius r of $p_1$, the entropy contribution of each additional point is bounded by the area of the surrounding neighborhood. Under this proximity constraint, the entropy contribution per additional point is given by Equation (10).

$$H_{\mathrm{local}}\left(r\right)={log}_2\left({\displaystyle \frac{\pi r^2}{A_{\mathrm{cell}}}}\right).$$

(10)

The total effective entropy for n spatial selections under this proximity-constrained model can then be approximated as shown in Equation (11).

$$H_{\mathrm{spatial}}(n,r)\approx H_{\mathrm{anchor}}+(n-1)H_{\mathrm{local}}\left(r\right).$$

(11)

The term $H_{\mathrm{anchor}}$ denotes the effective entropy of the first (anchor) point and is bounded above by the entropy of the spatial dictionary $\mathcal{D}$ from which the user selects, i.e., $H_{\mathrm{anchor}}\le H_{\mathrm{eff}}\left(\mathcal{D}\right)$. Under a geographically uninformed attacker prior, $H_{\mathrm{anchor}}=H_{\mathrm{global}}\approx 45.7$ bits. However, as documented in geographic password research [14,15,29], a demographically informed attacker who knows the user’s city of residence may restrict the search to an urban-scale dictionary, reducing $H_{\mathrm{anchor}}$ to ≈27.4 bits. This anchor entropy collapse propagates into all subsequent n-point entropy estimates: the total loss relative to the uninformed model is $H_{\mathrm{global}}-H_{\mathrm{anchor}}$ regardless of n, making the anchor the dominant security-relevant factor against a targeted adversary.

For clustering at the city scale (e.g., $r=20\mathrm{km}$), this model shows that even multiple spatial selections fail to approach a 128-bit entropy target under realistic attacker assumptions. This observation demonstrates that spatial entropy alone is insufficient to guarantee cryptographic-strength security in the presence of predictable clustering behavior and motivates the integration of computational entropy-boosting mechanisms.

3.3. Entropy Boosting Techniques

Given the practical limits of spatial entropy, spatially anchored mnemonic systems such as GeoVault rely on entropy-boosting techniques to increase resistance against offline brute-force attacks. Rather than increasing the number or resolution of spatial elements, these techniques amplify security by increasing the computational cost of each guess.

Key derivation functions (KDFs) transform low-entropy or biased inputs into cryptographically strong keys by imposing configurable time and memory costs per evaluation. Memory-hard KDFs such as Argon2 are particularly effective in this role, as they bind attacker performance to memory bandwidth and capacity rather than raw parallel compute throughput, thereby reducing the advantage of GPUs and ASICs. When combined with spatial mnemonics, memory-hard KDFs allow systems to achieve high attacker-adjusted work factors despite predictable human selection behavior.

4. Materials and Methods

4.1. Protocol Design

The GeoVault protocol derives cryptographic keys from one or more user-chosen spatial locations by combining deterministic geospatial encoding with memory-hard key derivation. The design goal is to anchor secrets in human spatial memory while ensuring that key derivation remains fully reproducible and verifiable in an offline setting.

At a high level, the protocol consists of four conceptual stages: spatial selection, geospatial encoding, entropy boosting, and key extraction. First, the user selects a finite set of spatial points within a predefined spatial domain. These selections are made deliberately and are assumed to be recallable by the user without external storage. Second, each selected point is deterministically mapped to a discrete spatial cell using a geospatial encoding scheme, transforming continuous coordinates into a finite and reproducible representation that can be evaluated offline.

Third, the encoded spatial identifiers are combined and processed using a memory-hard key derivation function. This entropy-boosting stage is implemented as a single invocation of a memory-hard KDF with configurable time and memory parameters. It does not introduce additional information, but instead increases the computational and memory cost associated with evaluating each candidate secret, thereby reducing the feasibility of large-scale offline brute-force attacks, particularly on GPU-class hardware.

Finally, the output of the key derivation function is used directly as a cryptographic key or as input to a higher-level key management mechanism, depending on the application context.

The protocol makes no assumptions about secrecy of the geospatial encoding scheme or obscurity of the spatial discretization. All security derives from the unpredictability of the user’s spatial choices and the computational hardness imposed by the key derivation function. By separating human-memorable input selection from computational hardening, GeoVault allows the security–usability trade-off to be adjusted through two independent parameters: the number of spatial selections and the cost parameters of the key derivation function.

4.2. Spatial Selection

GeoVault assumes that a user selects a finite set of geographic points. Selection is performed by clicking or tapping a location on a digital map interface; no GPS or device location service is involved. The geospatial encoding scheme (Section 4.3) immediately snaps any selected coordinate to the nearest discrete cell, so sub-cell coordinate imprecision is absorbed by design. GPS-induced drift is therefore not a concern in the GeoVault threat model. Formally, the set of selected locations is defined in Equation (12).

$$\mathcal{P}=\{p_1,p_2,\dots ,p_n\},p_i=({\phi }_i,{\lambda }_i)\in \mathcal{M},$$

(12)

Here, $\mathcal{M}\subset {\mathbb{R}}^2$ denotes the spatial domain of the application, and each point $p_i$ is represented by its coordinates within that domain.

In the baseline instantiation, $\mathcal{M}$ corresponds to the WGS-84 model of the Earth’s surface. However, the definition is deliberately abstract: $\mathcal{M}$ may also represent a fictional continent, a virtual environment, or any other two-dimensional world equipped with a well-defined coordinate system. No randomness, salting, or grid quantization is imposed at this stage; each point $p_i$ is treated as an exact element of $\mathcal{M}$ prior to encoding.

The cardinality n of $\mathcal{P}$ is user-defined and represents a primary degree of freedom in the security–usability trade-off. Selecting more points increases the available spatial entropy but also increases the cognitive burden during recall. This trade-off is analyzed quantitatively in later sections through entropy modeling and attacker-adjusted work factor evaluation.

GeoVault exposes two primary security axes and one fine-tuning lever. The two primary axes are qualitatively different in kind: one grows the search space exponentially, the other collapses attacker throughput non-linearly via a hardware bottleneck. The fine-tuning lever scales costs linearly on both sides and belongs to a fundamentally different class.

(1) Number of spatial points n—exponential axis. The attacker’s search space grows exponentially in n (as ${\left|\mathcal{D}\right|}^n$), while the legitimate user’s key derivation cost remains constant—a single Argon2id invocation regardless of how many points are selected. Each additional memorable location multiplies the attacker’s workload by $\left|\mathcal{D}\right|\approx 2^{45.7}$ under a uniform prior, at zero additional computational cost to the user. This is the dominant security axis: it is the only mechanism capable of reaching the Super Secure zone and the only one that provides a strictly improving defender–attacker ratio as the parameter increases.

(2) Memory parameter m—non-linear hardware axis. Increasing the Argon2id memory cost raises the per-candidate evaluation cost for both parties, but the attacker’s throughput collapses non-linearly once m exceeds available GPU VRAM, enforcing a hardware-bound bottleneck that compute parallelism cannot bypass. This axis is analyzed empirically in Section 5. It cannot reach the Super Secure zone for $n=1$ under any evaluated m, but it determines the security zone for borderline configurations and sets the absolute work factor floor.

(3) KDF chaining depth k—linear fine-tuning lever. A user may chain k Argon2id invocations in series, where each call’s output becomes the password input of the next (Equation (13)). Unlike axes (1) and (2), chaining scales both defender and attacker costs by exactly the same factor k: the defender waits $k\times$ longer, but the attacker’s throughput drops to $R_{\mathrm{GPU}}/k$. Because the scaling is symmetric and linear, k does not change the defender–attacker ratio $\eta$, cannot rescue a configuration that is already in the wrong security zone, and cannot substitute for n or m. Its role is narrow but practical: it allows a user whose $(n,m)$ configuration lands just below a zone boundary to cross that threshold by accepting a proportionally longer wait, without memorizing additional locations or changing system parameters. The three parameters are orthogonal and can be combined freely, but should be sized in priority order: first fix n, then m, then optionally tune k.

$$K_0=X,K_i=\mathsf{Argon}\mathsf{2}\mathsf{id}(K_{i-1},\mathrm{salt},t,m,p),i=1,\dots ,k.$$

(13)

4.3. Geospatial Encoding

After the user selects a set of spatial points $\mathcal{P}=\{p_1,p_2,\dots ,p_n\}\subset \mathcal{M}$, GeoVault deterministically maps each point to a discrete spatial cell and produces a corresponding identifier. The purpose of geospatial encoding is to transform continuous spatial coordinates into a finite, reproducible representation that can be evaluated offline by both legitimate users and adversaries.

We formalize a geospatial encoding scheme as the composition defined in Equation (14).

$$E=\mathsf{code}\circ \mathsf{snap},$$

(14)

Here, $\mathsf{snap}:\mathcal{M}\to \mathcal{C}$ partitions the spatial domain into equal-area cells and returns the cell containing a point $p_i$, while $\mathsf{code}:\mathcal{C}\to {\Sigma }^{*}$ assigns each cell a deterministic identifier over a finite alphabet. The mapping E is applied independently to each $p_i\in \mathcal{P}$, yielding a multiset of identifiers

$$\mathcal{I}=\{E\left(p_1\right),E\left(p_2\right),\dots ,E\left(p_n\right)\}.$$

(15)

The identifier strings themselves are not assumed to contribute cryptographic entropy; GeoVault relies exclusively on the unpredictability of the underlying spatial selections. Consequently, the encoding scheme must satisfy three core properties. First, injectivity: distinct spatial cells must map to distinct identifiers. Second, determinism: the same spatial point must always yield the same identifier. Third, offline resolvability: the encoding must be computable without access to a trusted online service. Beyond these requirements, the encoding need not be cryptographically random or secret and may be designed primarily for human usability.

4.3.1. Baseline Encoder (What3Words)

In the reference implementation, both $\mathsf{snap}$ and $\mathsf{code}$ are instantiated using the What3Words grid and lexicon. The spatial domain is partitioned into 3 m × 3 m cells, each mapped to a unique three-word phrase. For a single unconstrained cell, substituting the Earth’s surface area $A_{\mathcal{M}}\approx 5.1\times {10}^{14}{\mathrm{m}}^2$ and cell area $A_{\mathrm{cell}}=9{\mathrm{m}}^2$ yields a nominal entropy of approximately $45.7$ bits, as derived previously in Equation (5). This value reflects the size of the global cell index and is independent of the linguistic structure of the identifier.

Because a single encoded cell does not provide sufficient entropy for high-security applications, GeoVault supports aggregation of multiple encoded spatial points and introduces additional computational hardening in subsequent stages. Importantly, the cryptographic core of GeoVault remains encoder-agnostic: any geospatial encoding scheme that satisfies the above properties may replace the What3Words system without altering the security model or attacker assumptions.

4.3.2. Offline Resolvability and Open Alternatives

The word-to-coordinate resolution of What3Words depends on a proprietary algorithm and, in standard deployments, requires the What3Words API or a bundled SDK—a tension with the offline resolvability requirement above. For strictly offline deployments, Open Location Code (OLC/Plus Codes) [33] is the recommended alternative: fully open, requiring no external service, and satisfying all three encoder properties. At precision level 11 (cell footprint $\approx 9{\mathrm{m}}^2$), OLC achieves a nominal single-point entropy comparable to the What3Words baseline. The What3Words instantiation is retained here as a usability reference; the security model and all quantitative results are independent of encoder choice.

4.4. Entropy Boosting

The entropy provided by spatial selection alone is insufficient to guarantee cryptographic-strength security under realistic offline attacker models, particularly in the presence of semantic bias and spatial clustering (Section 3.2). GeoVault therefore incorporates an explicit entropy-boosting stage based on a memory-hard key derivation function (KDF), which increases the computational cost of each candidate evaluation without introducing additional information entropy.

This mechanism does not increase Shannon entropy, but instead amplifies the computational hardness faced by an attacker by enforcing substantial time and memory costs per guess. As a result, brute-force resistance depends jointly on the effective spatial entropy and the hardware-bound cost of key derivation.

4.4.1. Key Derivation Function

GeoVault employs Argon2id, the hybrid variant of the Argon2 memory-hard KDF [16]. Argon2id was selected for its resistance to GPU- and ASIC-accelerated attacks, combining data-independent memory access (Argon2i) with data-dependent access (Argon2d) to mitigate both side-channel and time–memory trade-off attacks.

Unlike legacy KDFs such as PBKDF2, Argon2id binds attacker performance to memory bandwidth and capacity rather than raw compute throughput, enabling strong defender–attacker asymmetry through tunable time, memory, and parallelism parameters.

Parameter Selection Rationale

The reference protocol uses $(t=1, m=1024\mathrm{MiB}, p=1)$, derived from two constraints. Usability constraint: The defender latency must remain below a practical interactive threshold. The empirical benchmarks of Section 5.2 confirm that a single Argon2id invocation at $m=1024$ MiB completes in $T_{\mathrm{CPU}}\approx 1.26$ s on a commodity server CPU within the sub-two-second budget widely cited as acceptable for authentication operations [45]. Security constraint: The memory cost must exhaust the GPU’s high-bandwidth memory per instance to eliminate parallelism gains. At $m=1024$ MiB the GPU can sustain at most $\lfloor \mathrm{48,539}\mathrm{MiB}/1024\mathrm{MiB}\rfloor =47$ parallel instances, yielding an attacker throughput of $R_{\mathrm{GPU}}\approx 53.7$ H/s (Section 5.2). Setting $t=1$ follows the Argon2 specification’s recommendation that a single pass with high m provides stronger memory hardness guarantees than multiple passes with reduced m [16]. Setting $p=1$ is appropriate for a single-thread defender on commodity hardware; increasing p beyond the available CPU cores would not reduce defender latency and would only benefit attackers with wide SIMD parallelism. The parameter range $m\in [64\mathrm{MiB}, 32\mathrm{GiB}]$ is evaluated empirically in Section 5.2 to characterize the full defender–attacker trade-off space.

4.4.2. Input Construction

Let $\mathcal{I}=\{I_1,I_2,\dots ,I_n\}$ denote the set of deterministic identifiers produced by geospatial encoding (Section 4.3). These identifiers are concatenated in a fixed canonical order:

$$S=I_1 \Vert | | \Vert I_2 \Vert | | \Vert \dots \Vert | | \Vert I_n,$$

(16)

and hashed to obtain a fixed-length KDF input

$$X=H\left(S\right),$$

(17)

where H denotes SHA-256 in the reference implementation.

Canonical Ordering and Usability

The concatenation is order-sensitive: swapping two identifiers produces a different S and therefore a different key. This preserves the $n!$ permutation space as part of the secret, at the cost of requiring the user to recall both the locations and their entry order. Entering the same locations out of order silently yields the wrong key. Lexicographic sorting would remove this requirement at a cost of ${log}_{2}n!$ bits of entropy (e.g., ≈1.6 bits for $n=3$); the ordered construction is the reference throughout this paper.

4.4.3. Argon2id Hardening

The spatial hash X is processed using Argon2id as defined in Equation (18):

$$K=\mathsf{Argon}\mathsf{2}\mathsf{id}(X,\mathrm{salt},t,m,p),$$

(18)

where t is the iteration count, m the memory cost, and p the degree of parallelism. The salt is fixed and public and does not contribute entropy.

All parameters $(t,m,p)$ are assumed to be known to the attacker, consistent with Kerckhoffs’ principle. Security arises from the enforced memory footprint of Equation (18), which bounds attacker parallelism by available high-bandwidth memory. The resulting defender–attacker asymmetry and its impact on offline brute-force resistance are quantified empirically in Section 5.

Fixed Salt and Rainbow Table Resistance

A fixed, public salt follows established practice: BIP-39 does the same, deriving keys via $\mathsf{PBKDF}\mathsf{2} (mnemonic,\mathtt{“mnemonic”},2048)$. Rainbow tables are infeasible for two reasons. First, each $\mathsf{Argon}\mathsf{2}\mathsf{id}$ evaluation at $m=4\mathrm{GiB}$ occupies $4\mathrm{GiB}$ of high-bandwidth memory, making a table over even $2^{40}$ entries physically unrealizable. Second, the KDF input space reaches $45.7n$ bits for n points, far beyond any feasible precomputation budget. The fixed salt introduces no exploitable weakness beyond what the entropy model and KDF cost parameters already account for.

Protocol-Fixed Parameters and User Cognitive Load

$(t,m,p)$ are protocol-level constants—analogous to BIP-39’s fixed 2048-iteration count—and are never recalled by the user. The only user-facing parameter is the chaining depth k, which defaults to $k=1$ and is expressed as a single integer. The complete derivation state the user must retain is therefore (1) their spatial point(s), and (2) k if non-default. Section 5 surveys the full $(t,m,p)$ spectrum to characterize attacker throughput; the reference parameters are chosen from this spectrum to target a ≈1 s defender latency on commodity hardware.

4.5. Security Evaluation Methodology

The goal of our evaluation is to quantify how much practical protection a user gains from a given key derivation cost when the defender derives keys on a CPU while the attacker mounts an offline brute-force attack using GPU-class hardware. In particular, we seek to answer questions of the form: “if a user is willing to spend $T_{\mathrm{CPU}}$ seconds on a memory-hard key derivation function, what level of brute-force resistance does this provide against a realistic GPU-equipped attacker?”

Our methodology decomposes the problem into three components: a defender (user) cost model, an attacker cost model, and a derived security metric that combines both into a single, comparable quantity.

4.5.1. Defender (User) Cost Model

On the defender side, we assume that the user derives keys using Argon2 on a commodity CPU. For a given choice of Argon2 parameters $(t,m,p)$, where t denotes the number of iterations, m the memory cost, and p the degree of parallelism, and a chaining depth $k\ge 1$ (Section 4.1), the total wall-clock time required for key derivation is defined in Equation (19).

$$T_{\mathrm{CPU}}(t,m,p,k)=k·T_{\mathrm{CPU}}^{\left(1\right)}(t,m,p),$$

(19)

where $T_{\mathrm{CPU}}^{\left(1\right)}(t,m,p)$ denotes the runtime of a single Argon2id invocation. The factor k scales the defender latency linearly; the empirical evaluation in Section 5 benchmarks the $k=1$ case and all $k>1$ results follow by multiplication. This quantity directly captures the usability cost: larger values increase resistance to brute-force attacks but also increase the delay experienced by legitimate users. In our evaluation, we restrict attention to parameter sets and chaining depths for which $T_{\mathrm{CPU}}$ remains within an acceptable latency budget for interactive use.

4.5.2. Attacker (GPU) Cost Model

On the attacker side, we assume access to parallel computing resources typical of modern GPUs and distinguish between two fundamentally different classes of operations.

• Fast hash evaluations (e.g., SHA-256) are compute-bound and highly parallelizable, and are relevant for attacking mnemonic schemes without additional computational hardening, such as raw BIP-39 verification.
• Memory-hard KDF evaluations (Argon2id) are constrained by memory bandwidth and capacity rather than raw compute throughput, and are relevant for attacking spatial mnemonics protected by a memory-hard key derivation function. In this case, the attacker is assumed to evaluate the same Argon2 parameter set $(t,m,p)$ as the defender.

For each class of operations, we characterize the attacker by an effective guess rate, defined in Equations (20) and (21).

$$\begin{array}{cc}\hfill R_{\mathrm{GPU},\mathrm{hash}}& =\mathrm{hash}\mathrm{evaluations}\mathrm{per}\sec \mathrm{ond}\mathrm{for}\mathrm{a}\mathrm{fast}\mathrm{hash}\mathrm{function}(\mathrm{e}.\mathrm{g}.,\mathrm{SHA}-256),\hfill \end{array}$$

(20)

$$\begin{array}{cc}\hfill R_{\mathrm{GPU},\mathrm{Argon}2}(t,m,p)& =\mathrm{Argon}2\mathrm{evaluations}\mathrm{per}\mathrm{second}\mathrm{with}\mathrm{parameters}(t,m,p).\hfill \end{array}$$

(21)

A key distinction between the two cases lies in their scalability under parallelism. Fast hash functions scale primarily with available compute resources and can exploit massive parallelism efficiently. In contrast, parallelism for memory-hard KDFs is intrinsically bounded by available high-bandwidth memory. For an attacker with total memory capacity M, the maximum number of fully independent parallel KDF instances is upper-bounded by

$$P_{max}=⌊{\displaystyle \frac{M}{m}}⌋,$$

where m denotes the per-instance memory cost. Once this bound is reached, additional compute units cannot be exploited to increase throughput, and attacker performance becomes memory-bound rather than compute-bound.

4.5.3. Derived Security Metric: Attacker-Adjusted Work Factor

To compare the brute-force resistance of mnemonic- and spatial-based schemes under realistic adversarial capabilities, we employ a unified security metric termed the attacker-adjusted work factor, denoted ${\mathcal{W}}_{\mathrm{attacker}}$. This metric captures the expected time required for an offline adversary to exhaust the effective search space of candidate secrets under the assumed attacker model.

Let H denote the effective entropy of the scheme, so that the total number of candidates is $N=2^H$. Let C represent the computational cost required to evaluate a single guess, expressed in hash-equivalent operations, and let R denote the attacker’s sustained guess rate in evaluations per second. The expected attacker work factor is given by Equation (22).

$${\mathcal{W}}_{\mathrm{attacker}}={\displaystyle \frac{N·C}{R}}={\displaystyle \frac{2^H·C}{R}}.$$

(22)

Empirical Instantiation

In practice, the attacker’s guess rate R is instantiated using measured GPU throughput, while C is determined by the cost of the key derivation function (KDF) or hash evaluation used by the scheme. For constructions employing a memory-hard KDF such as Argon2 with parameters $(t,m,p)$ and chaining depth k, the attacker must perform k sequential Argon2id invocations per candidate (Section 4.1, Equation (13)), yielding the attacker-adjusted work factor in Equation (23).

$${\mathcal{W}}_{\mathrm{attacker}}(H,t,m,p,k)\approx {\displaystyle \frac{k·2^H}{R_{\mathrm{GPU},\mathrm{Argon}2}(t,m,p)}}.$$

(23)

Since the serial data dependency in Equation (13) prevents the attacker from parallelizing across the k rounds for a single candidate, the effective GPU throughput for a chained evaluation is $R_{\mathrm{GPU},\mathrm{Argon}2}(t,m,p)/k$, and the work factor scales linearly with k. All results reported in Section 5 correspond to $k=1$; the work factor for any $k>1$ is obtained by multiplying the reported values by k.

For baseline schemes without computational hardening—such as BIP-39 mnemonics or single-point spatial secrets verified using a single cryptographic hash—the work factor reduces to Equation (24).

$${\mathcal{W}}_{\mathrm{attacker}}^{\mathrm{baseline}}\left(H\right)\approx {\displaystyle \frac{2^H}{R_{\mathrm{GPU},\mathrm{hash}}}}.$$

(24)

Interpretation via Security Zones

To aid interpretation of attacker-adjusted work factors, we categorize security outcomes into three qualitative zones based on the expected offline attack time. These zones are not intended as strict security guarantees, but as interpretive reference points commonly used in password security and cryptographic practice [46].

• Insecure (${\mathcal{W}}_{\mathrm{attacker}}<{10}^{10}$ s). Configurations for which ${\mathcal{W}}_{\mathrm{attacker}}$ corresponds to attack times on the order of hours, days, or weeks on commodity GPU hardware.
• Human-Scale Secure (${10}^{10}$ s $\le {\mathcal{W}}_{\mathrm{attacker}}<{10}^{32}$ s). Configurations for which ${\mathcal{W}}_{\mathrm{attacker}}$ corresponds to attack times on the order of years to centuries under the assumed attacker model, reflecting security levels commonly considered sufficient for systems relying on human-memorable secrets.
• Super Secure (${\mathcal{W}}_{\mathrm{attacker}}\ge {10}^{32}$ s). Configurations for which ${\mathcal{W}}_{\mathrm{attacker}}$ approaches or exceeds the effective brute-force resistance of uniformly generated 128-bit secrets, such as standard BIP-39 mnemonics, and are widely regarded as computationally infeasible even for highly resourced adversaries.

The two threshold values are derived as follows. The lower boundary of ${10}^{10}$ s (≈317 years) represents a conservative upper bound on the sustained effort a highly resourced adversary—including a nation-state actor—could plausibly dedicate to a single targeted brute-force campaign [46]. A secret with ${\mathcal{W}}_{\mathrm{attacker}}<{10}^{10}$ s is considered practically breakable, since even a prolonged but finite multi-year investment by such an adversary would exhaust the search space within a realistic operational horizon. The upper boundary of ${10}^{32}$ s is anchored to the standard 128-bit security level. Using the empirically measured SHA-256 attacker throughput $R_{\mathrm{GPU},\mathrm{hash}}\approx 1.3\times {10}^7$ H/s (reported in Section 5.2), exhausting a $2^{128}$-candidate search space requires

$${\mathcal{W}}^{128}={\displaystyle \frac{2^{128}}{1.3\times {10}^7}}\approx 3.3\times {10}^{31}\mathrm{s}\approx {10}^{32}\mathrm{s}.$$

(25)

This matches the brute-force resistance implied by the BIP-39 standard’s 128-bit entropy target and is consistent with widely adopted guidelines for symmetric cryptographic security [46]. Secrets above this threshold are considered cryptographically equivalent to uniformly random 128-bit keys under the evaluated attacker model.

The Results Section uses this attacker-adjusted work factor and the associated security zones to interpret empirical measurements across different spatial entropy levels and key derivation parameter choices.

4.6. Construction of Spatial Dictionaries

All spatial dictionaries use a fixed cell resolution of $3\times 3\mathrm{m}$, corresponding to a cell area of $A_{\mathrm{cell}}=9\times {10}^{-6}{\mathrm{km}}^2$.

For areal regions, including the global surface, terrestrial land, habitable land, and urban boundaries, the effective area $A_{\mathrm{eff}}$ is set directly to the reported surface area of the corresponding region, as obtained from established geographic datasets [47,48]. These dictionaries represent attacker strategies that restrict guesses to broad but semantically meaningful regions.

For linear features such as coastlines and rivers, the effective area is approximated by buffering the feature along its total length. For a feature of total length L (in km), the effective area is given by Equation (26).

$$A_{\mathrm{eff}}^{\mathrm{linear}}\approx L·w_{\mathrm{km}},$$

(26)

where $w_{\mathrm{km}}=0.1\mathrm{km}$ denotes the buffer width expressed in kilometers. For rivers, buffers are applied symmetrically to both banks, yielding the effective area defined in Equation (27).

$$A_{\mathrm{eff}}^{\mathrm{rivers}}\approx L_{\mathrm{rivers}}·2w_{\mathrm{km}}.$$

(27)

For point-like semantic anchors such as UNESCO World Heritage sites or major mountain peaks, each anchor is modeled as a disk of radius w. For a dictionary containing $N_{\mathrm{anc}}$ such anchors, the effective area is approximated by Equation (28).

$$A_{\mathrm{eff}}^{\mathrm{points}}\approx N_{\mathrm{anc}}·\pi w_{\mathrm{km}}^2.$$

(28)

Overlaps between buffered regions are ignored in all cases, yielding conservative, attacker-favoring estimates of effective area and corresponding entropy.

4.7. Experimental Setup

All measurements in this paper, including BIP-39 and Argon2id, were obtained on a single controlled workstation and software environment to ensure methodological consistency. The purpose of this setup is to empirically characterize both defender-side computation costs and attacker-side throughput under realistic CPU and GPU execution models. No parameter tuning beyond vendor- or implementation-recommended defaults was applied unless explicitly stated.

Table 2. Hardware and software configuration used for all KDF benchmarks (PBKDF2-HMAC-SHA512 and Argon2id).

Category	Specification
Hardware
CPU	Intel Xeon Gold 6338 (Ice Lake), 32 cores @ 2.0 GHz
GPU	NVIDIA RTX A6000 (GA102GL), 48 GB GDDR6
System Memory	128 GB DDR4 ECC
Storage	NVMe SSD
Operating System & Drivers
OS	Ubuntu 24.04 LTS
Kernel	Linux 6.x (distribution default)
NVIDIA Driver	CUDA 12.4/driver 550.xx
OpenCL (CPU)	PoCL 5.0 (LLVM 16)
Software Tools
Hashcat	v6.2.6 (benchmark mode)
Benchmark mode (PBKDF2)	-b -m 12100
Benchmark mode (Argon2id)	-b -m 8200
OpenSSL	v3.x (reference PBKDF2 implementation)
Shell environment	GNU bash 5.x
Benchmark Configuration
PBKDF2 algorithm	PBKDF2-HMAC-SHA512 (BIP-39 standard)
PBKDF2 iteration baseline	999 (hashcat default)
PBKDF2 target scaling	2048 iterations (BIP-39 specification)
Argon2 algorithm	Argon2id
Argon2 parameters	$(t,m,p)$ selected as described in Section 4.4.1
Salt (PBKDF2)	“mnemonic” (BIP-39 standard)
Password input	Fixed test vectors for reproducibility
Backend selection	CPU-only: -D 1; GPU: default CUDA device

summarizes the hardware platform, operating system, GPU driver stack, and cryptographic benchmarking tools used throughout the study. Hashcat was used for both PBKDF2 (mode 12100) and Argon2id (mode 8200) benchmarks to ensure comparability across key derivation functions.

Attacker-side benchmarks used configurations maximizing effective guess throughput under the memory-bound parallelism constraint of Section 4.5.

Benchmark configurations were selected to reflect canonical settings of the evaluated schemes while ensuring reproducibility and a clear separation between defender and attacker constraints. For PBKDF2-HMAC-SHA512, the BIP-39 specification was followed using 2048 iterations and the fixed salt string “mnemonic”. Benchmark tools that internally employ reduced iteration counts were used only to measure raw throughput, and reported attacker rates were scaled linearly to correspond to the full BIP-39 iteration count.

For Argon2-based spatial mnemonics, the Argon2id variant was evaluated using parameter triples $(t,m,p)$, where t denotes the number of passes, m the memory cost per instance, and p the degree of parallelism. Defender-side measurements were obtained using fixed parameter sets to characterize user-perceived latency under interactive constraints. Attacker-side measurements, in contrast, were obtained under maximal-throughput configurations in which available GPU parallelism and memory allocation were selected to saturate device resources and maximize the measured guess rate $R_{\mathrm{GPU},\mathrm{Argon}2}(t,m,p)$. All benchmarks were executed under sustained load and repeated across multiple runs to mitigate transient system effects, yielding optimistic attacker throughput estimates that are used in subsequent sections to compute attacker-adjusted work factors.

5. Results

In this section, we instantiate the analytical framework of Section 4.5 for concrete mnemonic schemes. We quantify resistance against offline brute-force attacks by separating (i) the effective search space size, expressed via input entropy H (so $N=2^H$), from (ii) empirically measured attacker throughput R on representative GPU hardware.

5.1. Effective Spatial Entropy Under Attacker Priors

We first establish the effective search space (N) for spatial inputs under attacker-prioritized priors. Using the spatial dictionary construction defined in Section 4.3, we evaluate the effective entropy $H_{\mathrm{eff}}$ for increasingly pessimistic spatial dictionaries.

Table 3. Effective entropy of a single spatial cell under attacker-prioritized spatial dictionaries.

Dictionary	Area (${\mathbf{km}}^2$)	Entropy (bits)	Collapse (bits)
Global Nominal	$5.10 \times {10}^8$	45.69	0.00
Habitable HPZ	$2.50 \times {10}^7$	41.34	4.35
Global Coastline	$1.16 \times {10}^5$	33.59	12.10
Global Rivers	$7.00 \times {10}^5$	36.18	9.51
UNESCO Sites	$3.77 \times {10}^1$	22.00	23.69
Major Peaks	$3.14 \times {10}^3$	28.38	17.31
Omnibus HPZ	$2.58 \times {10}^7$	41.38	4.30
Urban (London)	$1.57 \times {10}^3$	27.38	18.31
Targeted (home city known)	≤$1.57 \times {10}^3$	≤$27.38$	≥$18.31$

summarizes the results. The “Omnibus HPZ” dictionary represents a pessimistic upper bound on attacker knowledge, assuming the user selects a semantically salient region within a broad human-preferred zone (HPZ), operationalized as the union of habitable land, coastlines, rivers, and dense urban regions.

Crucially, even under the pessimistic Omnibus prior, the effective entropy remains ≈ 41.4 bits, substantially higher than typical human-chosen passwords, which empirical studies frequently place below ≈20 effective bits under adaptive guessing models [2]. The 41.38-bit Omnibus value refers to spatial entropy alone and does not determine security zone membership. Zone classification in GeoVault is based on the attacker-adjusted work factor $\mathcal{W}$, which incorporates the Argon2id cost. As shown in Section 5.6, an $n=1$ secret with Omnibus spatial entropy reaches the Human-Scale Secure zone at $m\ge 1024$ MiB, and at $m=4096$ MiB, $\mathcal{W}>{10}^{16}$ s—more than six orders of magnitude above the Insecure threshold.

Across all spatial dictionaries evaluated in Table 3, the effective per-point entropy spans the range $[27.38,41.38]$ bits, bounded below by the Urban (city-scale) prior and above by the Omnibus HPZ prior. For an n-point secret under independent-point selection, the total effective entropy therefore satisfies

$$H_{\mathrm{eff}}\left(n\right)\in [27.4n,41.38n]\mathrm{bits},$$

(29)

where the lower bound corresponds to a demographically informed attacker with city-level knowledge of the user’s location, and the upper bound corresponds to a geographically uninformed attacker restricted to the broadest realistic human-preferred zone. No attacker prior evaluated in this work contracts the per-point entropy below 27.4 bits without sub-neighborhood-scale knowledge of the user’s location, confirming that this bracket spans the full range of evaluated threat models.

Radius Constraints on Multi-Point Selection

For scenarios involving multiple spatial points, the total spatial entropy is constrained by geographic clustering. Figure 1 visualizes the total effective entropy $H_{\mathrm{spatial}}(n,r)$ as a function of the clustering radius r under the proximity model defined in Section 3.2.3. For small radii, additional points contribute limited independent entropy due to spatial correlation, whereas increasing dispersion increases the effective search space.

The figure further illustrates that for $n=2$, the achievable entropy saturates below the 128-bit target even under maximal geographic dispersion, as the second point contributes at most the global single-cell entropy.

Table 4. Raw radius and entropy calculations for multi-point spatial selection under the proximity model.

Points (n)	Radius for 128-bit (r) (km)	Max Entropy (bits)
1	∞	45.70
2	$4.13 \times {10}^9$	92.69
3	$2643.86$	139.68
4	$22.79$	186.67
5	$2.12$	233.65

reports the raw entropy limits and the dispersion radius required to reach the 128-bit spatial entropy target defined in Section 4.5 for increasing numbers of selected points under the proximity model of Section 3.2.3.

The entropy values in Table 4 are bounded by a maximum feasible dispersion radius corresponding to the Earth’s circumference (approximately $\mathrm{20,000}$ km). For configurations in which the required radius exceeds this bound, the 128-bit entropy target defined in Section 4.5 cannot be achieved through geographic dispersion alone. This Earth-scale constraint defines a hard upper limit on the entropy contribution of additional spatial points under the proximity model of Section 3.2.3 and explains the saturation behavior observed for small n in Figure 1.

5.2. Key Derivation Cost: Defender Latency vs. Attacker Throughput

To instantiate attacker-adjusted work factors (Section 4.5), we measured defender-side latency on CPU and attacker-side throughput on GPU. These measurements instantiate the attacker rates $R_{\mathrm{GPU},\mathrm{hash}}$ and $R_{\mathrm{GPU},\mathrm{Argon}2}(t,m,p)$ in Equations (24) and (23).

5.2.1. Defender-Side Key Derivation Latency

A legitimate user (defender) performs a single key derivation event during vault decryption. To quantify the user-visible cost, we measured key derivation latency on the CPU platform specified in Section 4.7.

For the unhardened baseline (SHA-256), computational overhead was negligible (<0.01 ms). The BIP-39 baseline, which uses PBKDF2-HMAC-SHA512 with 2048 iterations, exhibited a median latency of 3.57 ms, a delay that is effectively imperceptible to users. The full latency distribution is reported in

Table 5. Empirical defender benchmark for BIP-39 PBKDF2-HMAC-SHA512 (CPU).

Iterations	Median (ms)	P90 (ms)	P95 (ms)	P99 (ms)
2048	3.57	3.68	3.74	4.18

.

In contrast, GeoVault applies Argon2id to deliberately impose a hardware-bound delay on key derivation.

Table 6. Empirical Argon2id CPU latency for single invocation ($k=1$, $t=1$, $p=1$, $n=50$ reps).

Memory Setting	Mean (ms)	$\mathit{\sigma }$ (ms)	P50 (ms)	P95 (ms)
64 MiB	74.0	5.2	72.4	87.1
256 MiB	303.2	3.3	303.4	308.5
1024 MiB	1234.9	47.1	1219.8	1391.5
8192 MiB	10,534.3	620.9	10,269.6	12,063.0

CV = 3.0–7.0% (memory bandwidth jitter under OS scheduling; see text).

reports defender-side latency as a function of the Argon2id memory parameter m (with $t=1$ and $p=1$). Configurations up to 1024 MiB remain within a few seconds and are suitable for interactive use, whereas extreme configurations at 16–32 GiB incur minute-scale delays consistent with archival or cold-storage usage.

Consumer Hardware Extrapolation

The latencies in Table 6 were measured on a server-class platform (Intel Xeon Gold 6338, quad-channel DDR4, ≈204 GB/s peak memory bandwidth). Since Argon2id throughput is dominated by memory bandwidth rather than compute, defender latency scales approximately inversely with available bandwidth [16]. A typical consumer laptop CPU (e.g., Intel Core i7 12th-generation with dual-channel DDR5 [49]) delivers approximately 50% of the Xeon Gold 6338 peak bandwidth, yielding an estimated scaling factor of ≈$2\times$. Mobile devices (e.g., ARM Cortex-X class SoC with LPDDR5x, ≈65 GB/s peak bandwidth [50]) deliver approximately 32% of the server platform bandwidth, yielding a scaling factor of ≈$4\times$ and an estimated latency of ≈$4.9$ s at $m=1024$ MiB—within a tolerable range for infrequent cold-storage key derivation. Memory tiers above $m=1024$ MiB may exceed the available RAM on many smartphones (typically 8–12 GiB) and should not be used on mobile devices without verifying available system memory.

Table 7. Projected Argon2id defender latency on consumer and mobile hardware ($t=1$, $p=1$, $k=1$). Laptop estimate uses a ≈$2\times$ bandwidth scaling factor; smartphone estimate uses a ≈$4\times$ scaling factor relative to the Intel Xeon Gold 6338 server platform. Entry marked with—exceeds typical smartphone RAM.

Memory m	Tserver (s)	Tlaptop (s)	Tphone (s)
64 MiB	0.07	0.15	0.28
256 MiB	0.30	0.63	1.20
1024 MiB	1.23	2.6	4.9
8192 MiB	10.5	22.1	—

Reference configuration ($m=1024$ MiB, bold) is within tolerable range on both laptop and phone for cold-storage use.

reports the projected latency for all evaluated memory tiers across defender hardware classes.

Table 6 reports single-invocation latency ($k=1$). When the user applies KDF chaining at depth k (Equation (13)), the total key derivation time scales linearly as $T_{\mathrm{CPU}}\left(k\right)=k·T_{\mathrm{CPU}}^{\left(1\right)}$.

Table 8. KDF chain latency by depth ($m=1024$ MiB, $t=1$, $p=1$, $n=50$ reps each). All rows empirically measured; ratio $=T\left(k\right)/(k·T(1\left)\right)$ confirms linearity to within 2%.

Depth k	Mean (s)	$\mathit{\sigma }$ (s)	Ratio
1	1.255	0.006	1.000
2	2.526	0.046	1.006
4	5.051	0.053	1.006
8	10.099	0.098	1.007
16	20.281	0.221	1.011
32	41.200	0.651	1.027
64	82.499	1.213	1.029

$n=50$ reps each; ratio $=T\left(k\right)/(k·T(1\left)\right)$; $T\left(1\right)=1.255$ s.

reports empirically measured chain latency for all powers-of-two depths at the $m=1024$ MiB reference configuration ($n=50$ reps each). The measured ratios $T\left(k\right)/(k·T(1\left)\right)$ lie within 2% of unity across all $k\in \{1, 2, 4, 8, 16, 32, 64\}$, confirming linearity.

From the attacker’s perspective, the serial data dependency of the chaining construction (Equation (13)) prevents evaluating multiple rounds in parallel for a single candidate: call $i+1$ cannot begin until the output of call i is known. Direct GPU measurement of k-chained throughput is not possible with standard benchmarking tools, as Hashcat (mode 34000) supports only single, independent Argon2id invocations and has no mechanism to chain outputs as inputs within a single pass. The attacker throughput under k-chaining is therefore derived analytically as $R_{\mathrm{GPU}}^{\left(k\right)}=R_{\mathrm{GPU}}^{\left(1\right)}/k$. This derivation is validated by the CPU linearity measurements in Table 8: the empirical ratios $T\left(k\right)/(k·T(1\left)\right)$ lie in the range $[1.000, 1.029]$ for all $k\in \{1, 2, 4, 8, 16, 32, 64\}$, confirming that each additional chain call adds at least as much latency as the first. Because the true per-chain overhead on the GPU is at least as large as on the CPU (both are dominated by memory-bound Argon2id computation), using $R_{\mathrm{GPU}}^{\left(1\right)}/k$ as the attacker rate overestimates the attacker by at most 3% at $k=64$. All time-to-compromise values derived from this formula are therefore conservative lower bounds.

5.2.2. Attacker-Side Guess Throughput

Attacker-side capabilities were benchmarked using Hashcat under the attacker model defined in Section 4.5. We distinguish between compute-bound primitives, which scale efficiently with GPU parallelism (SHA-256, PBKDF2), and memory-bound primitives, for which throughput is fundamentally constrained by available high-bandwidth memory (Argon2id).

BIP-39 Throughput (PBKDF2)

For linguistic mnemonics, an offline attacker evaluates candidate phrases using PBKDF2-HMAC-SHA512 as specified by the BIP-39 standard. Hashcat benchmarks were scaled to the full 2048-iteration configuration. The measured sustained throughput is reported in

Table 9. Empirical attacker benchmark for BIP-39 PBKDF2-HMAC-SHA512 (GPU).

Runs (${\mathit{n}}_{\mathbf{rep}}$)	Mean Time per Guess	Throughput ${\mathit{R}}_{2048}$ (H/s)
30	$1.56\mathsf{\mu }\mathrm{s}$	$6.40 \times {10}^5$

:

$$R_{2048}\approx 6.40\times {10}^5\mathrm{H}/\mathrm{s}.$$

Fast Hash Throughput (SHA-256)

For unhardened secrets verified using a single cryptographic hash, the attacker employs raw SHA-256. Benchmarks indicate a sustained throughput of approximately

$$R_{\mathrm{GPU},\mathrm{hash}}\approx 1.3\times {10}^7\mathrm{H}/\mathrm{s},$$

with only minor degradation as input length increases. This rate serves as the baseline attacker capability for raw spatial and password-based secrets without computational hardening.

Argon2id Throughput (Memory-Hard Regime)

To characterize attacker performance against GeoVault-style hardened secrets, we measured Argon2id throughput across a wide range of memory costs m with fixed parameters $(t=1, p=1)$.

Table 10. Empirical attacker Argon2id throughput as a function of memory cost m ($t=1$).

Memory (MiB)	Median (H/s)	P95 (H/s)	P99 (H/s)
64	4985.50	4988.50	4988.50
128	2339.00	2341.00	2341.00
256	802.00	803.00	803.00
512	212.00	212.00	212.00
1024	53.66	53.80	53.80
2048	13.56	13.56	13.56
4096	2.70	2.70	2.70
8192	0.54	0.54	0.54
16,384	0.11	0.11	0.11
32,768	0.03	0.03	0.03

GPU throughput is highly deterministic: P95 = median for all tiers at or above 2048 MiB; CV < 0.1% for all rows. No explicit $\sigma$ column is needed for attacker-side measurements.

reports the resulting attacker throughput as a function of m.

The results show a sharp, non-linear collapse in attacker throughput as the memory cost approaches and exceeds the GPU’s available VRAM. At $m=1024$ MiB, throughput is already reduced by more than five orders of magnitude relative to SHA-256. At 16–32 GiB, attacker throughput falls below one guess per second, indicating entry into a hardware-capacity regime in which GPU parallelism is no longer exploitable and brute-force attacks become effectively serialized.

Defender–Attacker Throughput Asymmetry

To separate the two primary security axes of GeoVault—memory cost m and spatial dimensionality n—and isolate the KDF’s standalone contribution, we define the GPU throughput advantage:

$$\eta \left(m\right)=R_{\mathrm{GPU}}\left(m\right)·T_{\mathrm{CPU}}\left(m\right)$$

(30)

where $R_{\mathrm{GPU}}\left(m\right)$ is the attacker GPU guess rate (H/s) and $T_{\mathrm{CPU}}\left(m\right)$ is the defender CPU key derivation latency (s). The quantity $\eta \left(m\right)$ is the number of attacker guesses that can be tested in the time it takes the legitimate user to perform one key derivation. Its value as a design metric lies in decomposing the security problem: $\eta$ characterizes the residual attacker advantage after m is fixed, independently of the search space size set by n.

Table 11. GPU throughput advantage $\eta \left(m\right)=R_{\mathrm{GPU}}\left(m\right)·T_{\mathrm{CPU}}\left(m\right)$: attacker guesses per one defender authentication event. KDF chaining depth k does not change $\eta$; only m drives it downward. Defender latencies from Table 6; attacker rates from Table 10.

Memory m	${\mathit{R}}_{\mathbf{GPU}}$ (H/s)	${\mathit{T}}_{\mathbf{CPU}}$ (s)	$\mathit{\eta }$
64 MiB	4985	0.074	369
256 MiB	802	0.303	243
1024 MiB	53.7	1.235	66
8192 MiB	0.54	10.53	5.7
32,768 MiB	0.03	≈82	≈2.5

k-chaining leaves $\eta$ unchanged; spatial points n add entropy without affecting $\eta$.

reports $\eta$ for the measured Argon2id tiers.

Two structural properties follow directly from this decomposition. First, KDF chaining depth k leaves $\eta$ unchanged. Since $R_{\mathrm{GPU}}^{\left(k\right)}=R_{\mathrm{GPU}}^{\left(1\right)}/k$ and $T_{\mathrm{CPU}}^{\left(k\right)}=k·T_{\mathrm{CPU}}^{\left(1\right)}$, the product $\eta (m,k)=R_{\mathrm{GPU}}^{\left(1\right)}·T_{\mathrm{CPU}}^{\left(1\right)}=\eta (m,1)$. Chaining raises the absolute cost of each guess symmetrically but cannot change the ratio; it belongs to the m-axis, not to a third independent axis. Second, spatial dimensionality n is orthogonal to $\eta$. Adding a spatial point multiplies the search space by $\approx 2^{26.8}$ per point (Table 4) without affecting either $R_{\mathrm{GPU}}$ or $T_{\mathrm{CPU}}$. Consequently, $\eta$ can be read directly as the fraction of the security budget that must be covered by the search space rather than by the KDF: at $\eta =66$, the search space must be at least 66 imes larger than the KDF work factor to clear any given security threshold, a condition met with wide margin at $n\ge 3$.

Argon2id Throughput Under KDF Chaining

Table 12. Derived attacker Argon2id throughput under KDF chaining ($m=1024$ MiB, $t=1$, $p=1$). Values computed as $R^{\left(k\right)}=R^{\left(1\right)}/k$ with $R^{\left(1\right)}=53.7$ H/s; conservative upper bound on true attacker rate (CPU linearity ratios $\le 1.029$, Table 8).

Depth k	${\mathit{R}}^{\left(\mathit{k}\right)}$ (H/s)	Basis
1	53.70	measured
2	26.85	derived ($R^{\left(1\right)}/k$)
4	13.43	derived
8	6.71	derived
16	3.36	derived
32	1.68	derived
64	0.84	derived

CPU ratios confirm true $R^{\left(k\right)}\le R^{\left(1\right)}/k$; time-to-compromise values are lower bounds.

reports derived attacker throughput under KDF chaining at the $m=1024$ MiB reference tier, computed as $R_{\mathrm{GPU}}^{\left(k\right)}=R_{\mathrm{GPU}}^{\left(1\right)}/k$ with $R_{\mathrm{GPU}}^{\left(1\right)}=53.7$ H/s (Section 5.2.1; CPU linearity validates the formula, Table 8; all time-to-compromise values are conservative lower bounds).

ASIC Attack Resistance

A natural concern is whether purpose-built application-specific integrated circuits (ASICs) could exceed the measured GPU attacker throughput and invalidate the work factor estimates. For Argon2id, this is fundamentally limited by the memory bandwidth bottleneck rather than compute throughput. The Argon2 specification formally establishes that any implementation allocating less than the nominal memory m incurs an exponential time penalty through mandatory data-dependent recomputation, precluding any space–time trade-off [16]. A hypothetical Argon2id ASIC must therefore provision high-bandwidth memory comparable to the target GPU; savings come only from eliminating general-purpose execution overhead in the compute fabric, which the Argon2 designers estimate yields a practical speedup of approximately 2–$4\times$ over GPU-class hardware for realistic ASIC implementations [16,17]. Applying a conservative $10\times$ ASIC advantage to the reference attacker rate ($R_{\mathrm{GPU}}=53.7$ H/s at $m=1024$ MiB) yields $R_{\mathrm{ASIC}}\le 537$ H/s. This reduces all reported Argon2id attacker-adjusted work factors by at most ${log}_2\left(10\right)\approx 3.3$ bits. At $n=3$ spatial points, the baseline work factor exceeds ${10}^{39}$ s (Super Secure zone, Section 5.6); a 3.3-bit reduction leaves it at >${10}^{38}$ s, well within the same zone. For the $n=1$ case at $m=1024$ MiB, the work factor remains in the Human-Scale Secure zone even under this pessimistic ASIC bound. The GPU benchmark therefore provides a conservative upper bound on adversarial throughput under memory-hard protection, and ASIC-specific threats do not materially alter the security conclusions of Section 5.4, Section 5.5 and Section 5.6.

5.3. Baseline Brute-Force Resistance Under Fast Hashing

We analyze the security of linguistic and spatial mnemonics in their raw state, assuming an attacker utilizes a standard fast hash primitive (SHA-256) without memory-hard protection. In this setting, entropy is treated as a fixed input parameter, and security is evaluated exclusively via the attacker-adjusted work factor $\mathcal{W}$ defined in Equation (22). Following Section 4.5, we categorize security into three qualitative zones based on $\mathcal{W}$: Insecure (<${10}^{10}$ s), Human-Scale Secure (${10}^{10}$–${10}^{32}$ s), and Super Secure (≥${10}^{32}$ s).

5.3.1. Brute-Force Resistance of Linguistic Secrets

For typical human passwords, brute-force resistance under fast hashing is determined by the effective entropy implied by alphabet size and length. As established in Section 2.1, human-chosen passwords frequently collapse to approximately 20 bits of effective entropy under adaptive guessing models. Using the baseline attacker work factor formulation for fast hashing given in Equation (24), the expected time to compromise such a secret is

$${\mathcal{W}}_{\mathrm{password}}\approx {\displaystyle \frac{2^{20}}{1.32\times {10}^7}}\approx 0.08\mathrm{s}.$$

(31)

To transition from the Insecure zone into the Super Secure (BIP-39) regime without computational hardening, a user would need to memorize a truly random ASCII-94 string. The required string length L follows directly from the entropy target:

$$L=⌈{\displaystyle \frac{128}{{log}_2\left(94\right)}}⌉=⌈{\displaystyle \frac{128}{6.55}}⌉=20\mathrm{characters}.$$

(32)

Such strings (e.g., 7&y#B9@q!x2$LpZ*5mW1) substantially exceed typical human cognitive limits for reliable recall, illustrating the well-known usability barrier of high-entropy linguistic secrets.

5.3.2. Brute-Force Resistance of Spatial Secrets

In contrast, spatial mnemonics exhibit substantially higher baseline brute-force resistance due to their higher effective entropy. Applying the same baseline work factor model of Equation (24) to a single unhardened What3Words location ($n=1$) yields an expected attack time of approximately $4.34\times {10}^6$ s (about 50 days). While this remains within the Insecure zone, it represents roughly a seven-order-of-magnitude improvement over typical human-chosen passwords.

Figure 2 visualizes this equivalence in brute-force resistance between spatial and linguistic secrets across the three defined security zones under fast hashing.

As the number of spatial points increases, the total search space expands sufficiently for spatial mnemonics to exceed the 128-bit security threshold even without computational hardening.

Table 13. Breakeven analysis required spatial dispersion to achieve 128-bit brute-force resistance using SHA-256.

Points (n)	Radius (r)	Feasibility	Security Zone
1	Impossible	Exceeds Earth’s area	Insecure
2	Impossible	Exceeds Earth’s area	Insecure
3	5396 km	Continental scale	Human-Scale
4	36.4 km	City scale	Super Secure
5	3.0 km	Neighborhood scale	Super Secure

reports the geographic dispersion required for the baseline work factor of Equation (24) to enter the Super Secure regime under SHA-256.

These results highlight the fundamental advantage of spatial mnemonics under fast hashing: achieving super-secure brute-force resistance requires either memorizing approximately 20 random characters (cognitively impractical) or recalling a small number of geographically meaningful locations (cognitively feasible).

5.4. Brute-Force Resistance Under Memory-Hard KDFs

We analyze the impact of memory-hard key derivation on brute-force resistance by applying Argon2id across a wide range of memory costs, including extreme configurations (16 GiB and 32 GiB) that approach or exceed the physical VRAM limits of professional-grade GPU hardware. As in the previous subsection, entropy is treated as a fixed input parameter, and security is evaluated via the attacker-adjusted work factor $\mathcal{W}$ defined in Equation (22). Throughout this analysis, BIP-39–equivalent security is defined as a time-to-compromise exceeding ${10}^{32}$ s, consistent with Section 4.5.

Table 14. Time-to-compromise under Argon2id hardening for linguistic (≈20 bits) and single-point spatial secrets ($n=1$, ≈45.7 bits).

Memory (MiB)	Attacker Rate ($\mathit{R}$)	Password Time (≈20 bits)	Spatial Time ($\mathit{n}=1$) (≈45.7 bits)
64	4986 H/s	3.5 min	360 years
128	2339 H/s	7.5 min	768 years
256	802 H/s	22.0 min	2240 years
512	212 H/s	1.4 h	8480 years
1024	53.7 H/s	5.4 h	33,400 years
2048	13.6 H/s	21.5 h	132,000 years
4096	2.7 H/s	4.5 days	665,000 years
8192	0.54 H/s	22.5 days	3.3 million years
16,384 (16 G)	0.115 H/s	105 days	15.5 million years
32,768 (32 G)	0.026 H/s	1.2 years	68.6 million years

reports the corresponding time-to-compromise values for a representative linguistic secret (approximately 20 bits of effective entropy) and a single spatial point ($n=1$, approximately $45.7$ bits), derived from the attacker throughput measurements reported in Section 5.2. All values are computed using the Argon2id work factor model of Equation (23).

The results demonstrate a pronounced hardware-enforced non-linearity in attacker cost as the Argon2id memory parameter approaches the GPU’s available VRAM. In particular, at 16–32 GiB, attacker throughput collapses due to the inability to parallelize memory-bound computations, effectively serializing brute-force attempts.

For linguistic secrets, even extreme 32 GiB hardening—while imposing substantial defender-side latency—remains vulnerable to compromise on the order of one year under the attacker model considered. In contrast, a single spatial point ($n=1$) under the same hardening parameters achieves an expected time-to-compromise of approximately $6.9\times {10}^7$ years. Although this remains below the ${10}^{32}$ second BIP-39 threshold, it comfortably exceeds human and geological timescales, corresponding to the Human-Scale+ regime.

These results confirm that combining spatial entropy with high-memory KDF hardening fundamentally alters the brute-force landscape by enforcing hardware-level constraints on the attacker, thereby breaking the traditional security–usability trade-off observed for linguistic secrets.

5.5. Effect of KDF Chaining Depth on Brute-Force Resistance

KDF chaining (Equation (13)) provides a user-controlled work factor multiplier that scales both sides of the security equation linearly. Because each invocation reuses the full m-byte memory footprint and the serial data dependency prevents per-candidate parallelism, attacker throughput drops to $R_{\mathrm{GPU}}^{\left(k\right)}=R_{\mathrm{GPU}}^{\left(1\right)}/k$ (Table 12; conservative upper bound-CPU linearity ratios $\le 1.029$ confirm that the true attacker rate satisfies $R^{\left(k\right)}\le R^{\left(1\right)}/k$) while defender latency grows to $T_{\mathrm{CPU}}\left(k\right)=k·T_{\mathrm{CPU}}^{\left(1\right)}$ (Table 8).

Table 15. Effect of KDF chaining depth k on attacker time-to-compromise and defender wait time, at $m=1024$ MiB ($R^{\left(1\right)}\approx 53.7$ H/s, $T_{\mathrm{CPU}}^{\left(1\right)}\approx 1.3$ s) and $m=4096$ MiB ($R^{\left(1\right)}\approx 2.70$ H/s, $T_{\mathrm{CPU}}^{\left(1\right)}\approx 10$ s). Defender wait = $k\times T_{\mathrm{CPU}}^{\left(1\right)}$; attacker columns derived from $R\left(k\right)=R\left(1\right)/k$. Cell shading indicates security zone.

Chaining Depth $\mathit{k}$	Defender Wait		Password	Spatial, $\mathit{n}=1$ (≈45.7 bits)
	1 GiB	4 GiB	(≈20 bits)	1 GiB	4 GiB
1	1.3 s	10 s	5.4 h	$3.3 \times {10}^4$ yr	$6.7 \times {10}^5$ yr
2	2.5 s	20 s	10.8 h	$6.6 \times {10}^4$ yr	$1.3 \times {10}^6$ yr
4	5.1 s	40 s	21.7 h	$1.3 \times {10}^5$ yr	$2.7 \times {10}^6$ yr
8	10.1 s	1.3 min	1.8 days	$2.6 \times {10}^5$ yr	$5.4 \times {10}^6$ yr
16	20.3 s	2.7 min	3.6 days	$5.3 \times {10}^5$ yr	$1.1 \times {10}^7$ yr
32	41.2 s	5.3 min	7.2 days	$1.1 \times {10}^6$ yr	$2.1 \times {10}^7$ yr
64	82.5 s	10.7 min	14.5 days	$2.1 \times {10}^6$ yr	$4.3 \times {10}^7$ yr

Password column uses 1 GiB attacker rate; 4 GiB values are $20\times$ larger but remain in the Insecure zone.

quantifies this trade-off at two memory tiers ($m=1024$ MiB and $m=4096$ MiB); all attacker time-to-compromise values are lower bounds on actual security.

Three conclusions follow. First, for low-entropy linguistic secrets (≈20 bits), chaining provides no practical rescue at either memory tier: even at $k=64$, the expected time-to-compromise remains below ${10}^{10}$ s (Insecure zone) because the entropy deficit is too large for a linear multiplier to overcome. Second, for single-point spatial secrets, increasing m from 1 GiB to 4 GiB multiplies the work factor by $\approx 20\times$ at every k level-a direct consequence of the $20\times$ reduction in attacker throughput—yet all entries remain in the Human-Scale Secure zone. No combination of k and m evaluated here lifts an $n=1$ configuration to the Super Secure zone; that threshold requires additional spatial points (Section 5.6). Third, the 4 GiB column makes the defender cost explicit: the 10 s per-invocation wait is acceptable for cold-storage or archive scenarios, but is above the interactive 2 s budget at $k>1$. Users with a strict latency constraint should prefer $m=1024$ MiB with higher k, or add a second spatial point, over increasing m to 4 GiB.

5.6. Brute-Force Resistance via Combined Spatial and Computational Hardening

We analyze the joint effect of KDF chaining depth k, multi-point spatial selection, and memory-hard key derivation on brute-force resistance. Since each factor independently multiplies the attacker work factor, their combination yields compounding security gains without additional memorization burden. As in the preceding subsections, spatial entropy is treated as a fixed input parameter (Section 3.2.3), and security is evaluated exclusively via the attacker-adjusted work factor $\mathcal{W}$ defined in Equation (22).

Figure 3 visualizes the combined effect: the Y-axis encodes the number of spatial points n (top panel) or password length in characters (bottom panel), the X-axis is the attacker work factor on a log scale, and each colored line corresponds to a different Argon2id memory tier. The figure instantiates Equation (23) using the empirically measured throughput values of Section 5.2.

Table 16. Combined brute-force resistance for multi-point spatial secrets under Argon2id hardening. Cell shading indicates security zone (Section 4.5).

Memory (MiB)	Defender Latency (s)	Time-to-Compromise (s)
		$\mathit{n}=\mathbf{1}$	$\mathit{n}=\mathbf{2}$	$\mathit{n}=\mathbf{3}$	$\mathit{n}=\mathbf{4}$
64	0.14	$1.1 \times {10}^{10}$	$2.3 \times {10}^{24}$	$4.1 \times {10}^{37}$	$7.5 \times {10}^{50}$
128	0.29	$2.3 \times {10}^{10}$	$4.9 \times {10}^{24}$	$8.6 \times {10}^{37}$	$1.6 \times {10}^{51}$
256	0.62	$6.7 \times {10}^{10}$	$1.4 \times {10}^{25}$	$2.5 \times {10}^{38}$	$4.6 \times {10}^{51}$
512	1.22	$2.5 \times {10}^{11}$	$5.3 \times {10}^{25}$	$9.6 \times {10}^{38}$	$1.8 \times {10}^{52}$
1024	2.43	$9.9 \times {10}^{11}$	$2.1 \times {10}^{26}$	$3.8 \times {10}^{39}$	$7.1 \times {10}^{52}$
2048	4.92	$3.9 \times {10}^{12}$	$8.3 \times {10}^{26}$	$1.5 \times {10}^{40}$	$2.8 \times {10}^{53}$
4096	10.0	$1.6 \times {10}^{13}$	$3.4 \times {10}^{27}$	$6.0 \times {10}^{40}$	$1.1 \times {10}^{54}$
8192	20.5	$6.5 \times {10}^{13}$	$1.4 \times {10}^{28}$	$2.4 \times {10}^{41}$	$4.4 \times {10}^{54}$
16,384	46.9	$2.6 \times {10}^{14}$	$5.6 \times {10}^{28}$	$9.5 \times {10}^{41}$	$1.8 \times {10}^{55}$
32,768	104.0	$1.0 \times {10}^{15}$	$2.2 \times {10}^{29}$	$3.8 \times {10}^{42}$	$7.2 \times {10}^{55}$

Shading legend: Insecure (<${10}^{10}$ s), Human-Scale (${10}^{10}$–${10}^{32}$ s), Super-Secure/BIP-39 (≥${10}^{32}$ s).

reports defender-side latency and attacker time-to-compromise for spatial secrets with increasing numbers of points n, evaluated across Argon2id memory settings ranging from 64 MiB to 8 GiB. Spatial entropy values for each point count are taken from Table 4. Defender latency corresponds to CPU-side Argon2id execution, while attacker time-to-compromise reflects single-GPU brute-force attempts under the assumed attacker model.

The reported values show that increasing the number of spatial points rapidly dominates brute-force resistance, such that modest Argon2id memory settings already yield extremely large attacker work factors for $n\ge 3$. At the same time, defender-side latency increases only linearly with the Argon2id memory parameter, remaining below one second for memory settings up to 256 MiB and below five seconds at 2 GiB.

Relative to the BIP-39 equivalence criterion defined in Section 4.5 (time-to-compromise exceeding ${10}^{32}$ s), the table demonstrates that combined spatial and computational hardening achieves cryptographic-strength brute-force resistance without requiring extreme KDF parameters. This illustrates how spatial expansion of the search space reduces reliance on aggressive computational hardening, enabling strong security guarantees while preserving practical usability.

Targeted Attacker Scenario

The values in Table 16 assume the global nominal spatial entropy ($H_{\mathrm{anchor}}\approx 45.7$ bits). For a demographically informed attacker who knows the user’s city of residence—a scenario supported by findings in [14,15,29]—the anchor entropy collapses to ≈$27.4$ bits (Urban dictionary, Table 3), a reduction of ≈$18.3$ bits. For $n=1$, this brings the unaided spatial entropy below any practically secure threshold. However, the Argon2id hardening layer compensates: at $m=256$ MiB, the attacker time-to-compromise for a single-point secret under the targeted prior is ≈$6.7\times {10}^{10}/2^{18.3}\approx 1.7\times {10}^5$ s (≈2 days), which falls in the Insecure zone. Increasing to $n=3$ points restores the combined entropy to ≈108 bits even under the urban anchor, placing the work factor firmly in the Human-Scale Secure zone at all memory settings ≥64 MiB. This confirms that multi-point selection is essential for security against targeted adversaries.

6. Discussion

GeoVault rests on a concrete premise: instead of forcing users to memorize abstract symbol sequences, derive keys from places they already know. The results confirm that this shift is quantitatively meaningful. Spatially anchored secrets carry a substantially higher effective entropy floor than human-chosen passwords under the same attacker priors, and Argon2id hardening amplifies this margin non-linearly as memory costs approach GPU VRAM capacity.

6.1. Effective Entropy of Spatial Mnemonics

Spatial mnemonics provide a measurably higher baseline of effective entropy than linguistic secrets selected by humans. As shown in Section 5.1, even pessimistic attacker models that restrict guesses to semantically meaningful spatial dictionaries, such as habitable land, coastlines, or urban regions, retain effective entropy levels on the order of 40–42 bits for a single spatial cell. This stands in contrast to human-chosen passwords and passphrases, which empirical studies consistently place well below 20 effective bits under realistic offline guessing strategies.

However, spatial entropy is not immune to demographic reduction. Research on geographic password systems [14,15,29] documents that a targeted attacker who knows the user’s city of residence can restrict the search to an urban-scale dictionary, collapsing the anchor-point entropy from $\approx 45.7$ bits to $\approx 27.4$ bits—a reduction of $18.3$ bits. This finding applies to the anchor point (the first selected location) and propagates into every subsequent point’s contribution: the total n-point entropy shifts downward by the same fixed offset regardless of n. Critically, this does not eliminate the utility of multi-point selection. As demonstrated in the targeted attacker analysis of Section 5.6, $n=3$ points under the urban prior still reach approximately 108 bits of combined spatial entropy, placing the work factor firmly in the Human-Scale Secure zone at all evaluated Argon2id settings. The 27.4-bit figure therefore reinforces rather than undermines the paper’s core recommendation: a minimum of $n\ge 3$ spatial points is required to maintain adequate security margins against a demographically informed adversary, regardless of the computational hardening applied.

This higher entropy floor directly shifts what is practically achievable with human-memorable secrets. Verbal recall collapses under selection bias; spatial recall preserves a larger and more evenly distributed search space. A small number of spatial selections—even under conservative attacker prior assumptions—provides substantially greater offline attack resistance than password-based constructions, with no requirement to memorize abstract symbol strings.

6.2. Impact of Memory-Hard Key Derivation

Spatial entropy alone does not reach the 128-bit security baseline for single-point configurations under a demographically informed attacker; Argon2id hardening is required to close this gap. The benchmarks in Section 5.2 reveal a pronounced defender–attacker asymmetry as memory costs increase. Attacker throughput decreases non-linearly once per-instance memory requirements approach available GPU memory, while remaining feasible, though intentionally costly, for legitimate users operating on commodity CPUs.

This asymmetry arises because Argon2id binds performance to memory bandwidth and capacity rather than raw compute throughput. Under the evaluated attacker model, increasing parallelism does not efficiently compensate for memory exhaustion, resulting in sharp reductions in effective guess rates. Combined, spatial entropy and Argon2id hardening allow GeoVault to reach attacker-adjusted work factors at or above established cryptographic baselines with user-side latencies under 3 s on commodity hardware.

Hardware generalizability is quantified in Section 5.2 (Table 7): consumer laptops incur a $1.7\times$–$2.5\times$ latency penalty, placing $m=1024$ MiB at 2–3 s. On the attacker side, a four-GPU RTX 4090 cluster raises $\eta$ to ≈264 at $m=1024$ MiB—a ${log}_{2}4=2$ bit reduction in work factor that does not alter the security zone classification for any $n\ge 2$ configuration.

6.3. Security Gains from Multi-Point Spatial Selection

The combination of multiple spatial selections and computational hardening produces rapid growth in attacker-adjusted work factors. As shown in Section 5.6, a small number of spatial points within a realistic dispersion radius, combined with modest Argon2id memory settings, yields work factors that approach or exceed the 128-bit security baseline. These gains come at sub-second to second-scale user-side latency, making the approach practical for interactive use.

Users can trade spatial complexity against computational hardness according to their threat model: more points reduce reliance on extreme KDF parameters, while higher m compensates for fewer points in low-n configurations.

A useful way to see this flexibility is to ask the following: For each value of n, what KDF chaining depth k is needed to reach the Super Secure zone ($\mathcal{W}\ge {10}^{32}$ s), and is the corresponding user-side wait time ($k\times 1.3$ s) practical? Under the global attacker prior (45.7 bits per point), the answer for $n=1$ is $k\approx {10}^{20}$, and for $n=2$, it is $k\approx 5\times {10}^5$ (a wait of roughly 7.5 days)—both completely infeasible. At $n=3$, the search space already exceeds the Super Secure threshold at $k=1$ with a 1.3 s wait, so no chaining is needed. Under the worst-case urban prior (27.4 bits per point, full demographic leakage of all selected locations), the $n=3$ work factor drops to $\approx {10}^{23}$ s, which is solidly Human-Scale Secure but below Super Secure; bringing it above the ${10}^{32}$ s threshold via chaining alone would require $k\approx {10}^9$, again infeasible. However, adding a fourth location keeps the defender burden identical (a single Argon2id invocation over four cell identifiers) and raises the base work factor to $2^{109.6}/53.7\approx 1.83\times {10}^{31}$ s. At this point, a chaining depth of only $k=6$ (user-side wait: $6\times 1.3\approx 7.8$ s) crosses the Super Secure threshold: $\mathcal{W}(4,k=6)\approx 1.1\times {10}^{32}$ s. The practical implication is that users who face the worst-case demographic prior—where a targeted attacker can infer even the secondary and tertiary locations from public data—can compensate with one extra spatial point and a single-digit chaining depth, incurring less than 8 s of additional wait, without changing any other system parameter.

6.4. Threat Model and Limitations

The security properties of GeoVault are evaluated under a strong offline attacker model in which the adversary has unrestricted access to high-end GPU hardware but no auxiliary side-channel information beyond attacker-prioritized spatial dictionaries. The system does not rely on secrecy of the geospatial encoding scheme or obscurity of the spatial domain. Security derives solely from the effective entropy of user-selected locations and the enforced computational cost of key derivation.

The analysis does not account for targeted social engineering, coercion, or leakage of user-specific spatial preferences. As with all mnemonic-based systems, knowledge of a user’s habits, routines, or personal history—inferred from social networks, tagged photographs, or application location data—could reduce the effective search space if spatial choices are overly predictable. To quantify this risk, consider a worst-case public-information scenario where the attacker recovers the user’s home city from a social-media profile, reducing the anchor’s effective entropy from the global value of $45.7$ bits to the urban-scale floor of $H_{\mathrm{anchor}}\approx 27.4$ bits (Section 3.2.3). If the attacker further infers—from tagged photographs and check-in history—that all n selected locations lie within the same city, every spatial point collapses to the same urban prior, giving a total entropy of $H_{\mathrm{spatial}}=n\times 27.4$ bits. For $n=3$, this yields $82.2$ bits, which—combined with the Argon2id work factor at $m=1024$ MiB—maintains an attacker-adjusted work factor above the Human-Scale Secure threshold. Complete demographic leakage across all n points therefore represents the tight lower bound on effective entropy; in practice, secondary and tertiary points are rarely as publicly documented as the anchor, so the true exposure lies between this floor and the uninformed model. The core recommendation of $n\ge 3$ points with $m\ge 1$ GiB therefore remains sufficient even under full urban leakage of the anchor. Additionally, this work assumes accurate user recall within the resolution of the spatial encoding scheme. The current protocol provides no error tolerance for recall precision: a single-cell recall error (selecting a geographically adjacent 3 m × 3 m tile rather than the originally selected cell) produces a completely different KDF input string, causing 100% key derivation failure regardless of n or m. This is a fundamental usability limitation. Future work should explore error-tolerant extensions—such as a nearest-cell retry window or a spatially defined equivalence class—provided any such relaxation does not increase the attacker’s effective dictionary size beyond the security margins established in Section 5.6.

A significant limitation of the present work is the absence of an empirical user study. All claims regarding the usability of spatial memory as a cryptographic input—including long-term retention of location-based secrets, recall accuracy under realistic conditions, reduced cognitive load relative to alphanumeric passphrases, and the practical tolerability of the Argon2id computation latency—are inferred from the cognitive psychology and geographic password literature rather than validated through direct experimentation with human participants. While the cited studies [8,9,15,26,27,28] provide strong indirect evidence that spatial memory is more robust and durable than linguistic recall, they were not designed to evaluate the specific GeoVault workflow, and their findings may not transfer directly to the key derivation context. The central claim of the paper—that spatially anchored secrets offer a practical security and usability advantage over linguistic passwords—cannot be fully verified without a controlled user study. Future work should conduct such a study, measuring at minimum (1) long-term recall accuracy of encoded locations over periods of four or more weeks; (2) user error rates and the resulting key derivation failure rate; (3) user-perceived cognitive load compared to BIP-39 mnemonic phrases; and (4) empirical selection distributions within each spatial dictionary stratum, to calibrate the within-stratum fraction $f_s$ (Equation (9)) and validate the area-based entropy upper bounds that underlie Section 5’s security zone classifications. A dedicated study should further examine accessibility for populations with reduced spatial cognitive ability, including elderly users and individuals with navigation-related impairments, for whom spatial recall may be a less reliable secret substrate.

Quantum Adversary Model

The threat model evaluated in this paper assumes a classical GPU-based attacker. Under a quantum adversary, Grover’s algorithm [51] provides an asymptotic $\sqrt{\left|\mathcal{D}\right|}$ speedup on unstructured search, which in bit terms, halves the effective entropy of any search space-based secret. Applied to GeoVault, this reduces the per-point spatial entropy from $45.7$ bits to ≈$22.9$ bits under a quantum attacker with no demographic knowledge, and from $27.4$ bits to ≈$13.7$ bits under the worst-case urban prior. For $n=3$ points under the uninformed quantum attacker, the total effective entropy is $3\times 22.9=68.7$ bits; under the urban prior, it is $3\times 13.7=41.1$ bits. Both values remain above the Human-Scale Secure threshold before any Argon2id hardening is applied. Shor’s algorithm [52] is irrelevant to this construction: it attacks integer factoring and discrete logarithm problems that underlie asymmetric cryptography, not the symmetric hashing and memory-hard computation performed by Argon2id. Argon2id itself has no known quantum speedup beyond Grover; its memory-hardness argument is independent of the computational model. The practical implication is that GeoVault’s $n\ge 3$ recommendation provides a meaningful security margin against a quantum attacker under the uninformed prior, but is insufficient under full urban leakage: an $n=4$ configuration ($4\times 13.7=54.8$ bits) restores a comfortable margin. A full post-quantum security analysis of memory-hard functions under more refined quantum random-access memory (QRAM) models is an open research problem and is beyond the scope of this work.

Physical side-channel attacks—such as timing analysis, power consumption profiling, or memory-access pattern leakage during Argon2id evaluation—are implementation-dependent and fall outside the scope of the protocol-level security model evaluated here. Their relevance and severity depend on the execution environment (browser, mobile app, hardware token) and are left for implementation-level security analysis in future work.

6.5. Implications for Human-Centered Key Management

Spatial memory is a viable and largely untapped resource for cryptographic key management. Unlike traditional brainwallets, where abstract linguistic recall collapses under selection bias, spatially anchored secrets maintain a substantially higher effective entropy floor under realistic offline attacker models. GeoVault shows that strong offline resistance does not require abstract symbol memorization: three freely selected map points suffice under the evaluated attacker priors.

The broader implication is that cognitive ergonomics deserves the same analytical rigor as computational hardness in the design of key management systems. This is especially pertinent where physical key storage is undesirable and long-term memorability is the overriding design constraint.

7. Conclusions

GeoVault demonstrates that replacing abstract symbol sequences with remembered geographic locations changes the security–usability trade-off in a quantitatively significant way. Users who struggle to reliably store a 12-word BIP-39 phrase can instead anchor a cryptographic key to a small set of familiar places—a spatial recall task that cognitive psychology consistently associates with strong, durable memory retention.

The entropy model quantifies this advantage directly: a single geographically typical location carries 45.7 bits of effective entropy under the global attacker prior—more than twice the effective entropy of a typical human-chosen password. When $n\ge 2$ locations are combined with Argon2id hardening, brute-force cost grows non-linearly with memory cost by exploiting the VRAM bottleneck of GPU hardware, converting a user-side latency of 1.3 s at $m=1024$ MiB into an attacker workload orders of magnitude larger; $n\ge 3$ points are required to reach the Super Secure zone.

The key driver is spatial dimensionality. Selecting $n\ge 3$ geographic points places GeoVault firmly in the Super Secure zone ($\mathcal{W}\ge {10}^{32}$ s) across all evaluated Argon2id memory tiers under the global attacker prior. Against a demographically targeted attacker with city-level knowledge ($H_{\mathrm{anchor}}\approx 27.4$ bits per point), $n=3$ achieves Human-Scale Secure resistance ($\mathcal{W}\approx {10}^{23}$ s); $n=4$ with a chaining depth of $k=6$ restores the Super Secure zone at an ≈8 s user-side wait. Argon2id amplifies these margins but cannot compensate for insufficient spatial coverage: single-point configurations remain Insecure regardless of memory cost or chaining depth.

Open directions include empirical user validation of long-term recall accuracy, error-tolerant matching for approximate location recall, extension to indoor and three-dimensional environments, and shared-vault multi-user protocols. On the formal side, tighter characterization of information leaked by public location traces—social-media check-ins, geotagged photographs—would sharpen the targeted attacker model and clarify the conditions under which urban clustering fully eliminates the security margins computed here.

The GPU throughput advantage $\eta \left(m\right)=R_{\mathrm{GPU}}\left(m\right)·T_{\mathrm{CPU}}\left(m\right)$ (Equation (30)) serves as a design decomposition: it isolates the KDF’s standalone contribution (m-axis) from the search space contribution (n-axis), allowing each to be sized independently. At the reference tier, $m=1024$ MiB, $\eta =66$—meaning the search space must contribute at least a factor of 66 in work beyond the KDF cost alone to reach any given threshold, a condition the n-axis satisfies exponentially. KDF chaining depth k raises absolute cost symmetrically but leaves $\eta$ unchanged, confirming it acts on the same m-axis as memory cost. Only raising m beyond GPU VRAM capacity drives $\eta$ toward unity. The architectural implication is that $\eta$ does not need to reach 1: once spatial dimensionality is sufficient to absorb the residual throughput gap by orders of magnitude, further reductions in $\eta$ via extreme memory cost impose usability penalties without meaningful security gains—a principle applicable to human-centered key management schemes beyond geographic location encoding.