How Decoy Phrase Works

Decoy Phrase is an offline-first method for protecting and backing up seed phrases and sensitive text — without ever storing the original data.

It transforms secrets into harmless, ordinary-looking text, with recovery possible only by combining the private mapping file and the transformed text.

For long-term durability, decoy files and mapping files can be stored permanently via Decoy Phrase Permanent Storage, directly connected to the Arweave blockchain—ensuring they cannot be lost, altered, or deleted.

Core Idea: Two-Part Security Model

Decoy Phrase uses the Decoy Phrase Generator to split a secret into two separate parts:

1. Decoy Text

A transformed output that appears normal or random, but is not a seed phrase and cannot be used to access assets.

2. Mapping File

A technical file that serves as a recovery guide. It does not contain the seed phrase and remains meaningless without the correct corresponding Decoy Text.

The core security comes from this separation: no single file acts as a complete key to reconstruct the original secret.

Main Components (System Modules)

A. Decoy Phrase Generator

The core component that runs entirely on the user’s device and is responsible for:

Transform: seed phrase → Decoy Text + Mapping File
Recover: Decoy Text + Mapping File → original seed phrase

No server ever receives the seed phrase. All sensitive processing is performed exclusively on the client side.

B. Permanent Storage Layer

The storage layer used to persist artifacts permanently on the permaweb. Its functions include:

Storing the Decoy Text and Mapping File as two separate objects
Enabling cross-device access, as long as the user retains the required credentials or keys

Only the transformed and separated artifacts (and, if applied, encrypted data) are stored in permanent storage — never the original seed phrase.

C. Multi-Password Management in Permanent Storage

An access management model that allows Decoy Text and Mapping File to:

Be stored in different “areas” (separate vaults)
Use different passwords for each storage area

Data Flow

The system-level data flow is as follows:

Input (Offline)

The user enters a seed phrase or other sensitive text into the Generator.

Transform (Offline)

The Generator produces two outputs: Decoy Text and Mapping File.

Separate Storage (Permanent Storage)

The user stores the Decoy Text and Mapping File in different locations or vaults on permanent storage using Multi-Password Management.

Recover (Offline)

When needed, the user retrieves both artifacts and runs the recovery process in the Decoy Phrase Generator to restore the original seed phrase.

Decoy Phrase operates as an offline-first, zero-knowledge system, where all sensitive operations happen on the user’s device, without any server, cloud, or backend involvement. Security is achieved through separation: neither the Decoy Text nor the Mapping File is sufficient on its own, and there is no central vault or single point of failure. Decoy Phrase never stores seed phrases in their original form, does not act as a custodian,

PreviousWhy Separation Matters NextProducts & Features

Last updated 16 days ago

Good morning

hashtagCore Idea: Two-Part Security Model

hashtag1. Decoy Text

hashtag2. Mapping File

hashtagMain Components (System Modules)

hashtagA. Decoy Phrase Generator

hashtagB. Permanent Storage Layer

hashtagC. Multi-Password Management in Permanent Storage

hashtagData Flow

hashtagInput (Offline)

hashtagTransform (Offline)

hashtagSeparate Storage (Permanent Storage)

hashtagRecover (Offline)