Location-Dependent Cryptosystem
Kunal Mukherjee
TL;DR
The work targets the fundamental limitation of conventional cryptography where decryption is location-agnostic. It introduces a location-dependent cryptosystem that encodes a 32-byte key derived as $K = SHA-256(P)$ into a sequence of 33 UWB transmissions governed by timing parameters $T_{startOffset}$, $T_{net}$, $T_{betweenOffset}$, and $T_{slot}$, such that only receivers in the authorized region can reconstruct $K$ from packet time-of-arrival differences. A complete prototype encrypts audio with AES-256 using the key and transmits the key implicitly through the timing pattern; authorized-region receivers decrypt and play the audio automatically, while eavesdroppers observe incorrect timing and cannot recover the correct key. This approach effectively removes the need to electronically or physically share decryption passwords and demonstrates a nontrivial spatial tolerance for legitimate users, illustrating how physical location can serve as an active dimension of cryptographic access control.
Abstract
Digital content distribution and proprietary research-driven industries face persistent risks from intellectual property theft and unauthorized redistribution. Conventional encryption schemes such as AES, TDES, ECC, and ElGamal provide strong cryptographic guarantees, but they remain fundamentally agnostic to where decryption takes place.In practice, this means that once a decryption key is leaked or intercepted, any adversary can misuse the key to decrypt the protected content from any location. We present a location-dependent cryptosystem in which the decryption key is not transmitted as human- or machine-readable data, but implicitly encoded in precise time-of-flight differences of ultra-wideband (UWB) data transmission packets. The system leverages precise timing hardware and a custom JMTK protocol to map a SHA-256 hashed AES key onto scheduled transmission timestamps. Only receivers located within a predefined spatial region can observe the packet timings that align with the intended "time slot" pattern, enabling them to reconstruct the key and decrypt the secret. Receivers outside the authorized region observe incorrect keys. We implement a complete prototype that encrypts and transmits audio data using our cryptosystem, and only when the receiver is within the authorized data, they are able to decrypt the data. Our evaluation demonstrates that the system (i) removes the need to share decryption passwords electronically or physically, (ii) ensures the decryption key cannot be recovered by the eavesdropper, and (iii) provides a non-trivial spatial tolerance for legitimate users.