Skip to content
logo

How it works

Three PINs, one device. Different realities.

The three-PIN system, the maths behind a vault that is provably invisible, and the hardware DeniableOS runs on. Read once, it's the entire mechanism.

The three PINs

Three PINs. One device. No visible hint a second exists.

Public PIN
1234

Unlocks the visible, lived-in profile, real contacts, real photos, social apps, browsing history. This is the phone you hand to a customs officer or unlock under coercion. It passes forensic inspection precisely because it is a real, functional phone.

Hidden PIN
9999

Unlocks the hidden vault, crypto wallets, seed phrases, encrypted communications, anything you would not want a forced unlock to surface. Only you know this PIN exists. There is no visible signal, no icon, no app drawer entry, no second profile button.

Duress PIN
0000

Entered under coercion, it silently wipes the vault while still opening the public environment. The attacker sees a working phone either way; you destroy the real data without their knowledge.

Wrong PINs are invisible: the phone gives no signal that more than one PIN exists. The Pixel's secure element rate limits guessing attempts at the hardware level.

swipe up

09
43
AT&T
Tue, Jun 2
5Gbattery icon
Swipe Up to Open Phone

The math

Indistinguishable from random noise.

The hidden vault is encrypted and occupies storage that, to a forensic tool, appears as random noise, the default state of unused encrypted storage. Statistical analysis cannot distinguish the two.

This is the core of deniable encryption theory. The construction follows the Canetti / Dwork / Naor / Ostrovsky framework on plausibly deniable encryption, a cooperating user genuinely cannot prove they have surrendered the last key, because there is no last key visible to surrender.

A standard forced-unlock returns the public environment. Whether a second PIN exists is, in the cryptographic sense, undecidable.

Technical specs

Encryption

Layered encryption

At the disk level, a layered AES and Adiantum design. The hidden volume occupies storage that, to a forensic tool, looks like unused encrypted noise. Statistical analysis cannot distinguish the two.

Base OS

Built on GrapheneOS

Hardened Android with verified boot, exploit mitigations, and the GrapheneOS security update train. We add the deniable encryption layer; you keep the upstream patches.

Hardware

Pixel only

The Pixel Tensor secure element rate limits PIN guessing attempts at the hardware level. Pixel 6, 7, and 9 series are fully supported (Tensor G1, G2, and G4). See /install for the live device matrix.

Now you know how.

15 minutes to install. Normal life still works. Nothing to disclose.

Get started  →