Their explanation of the process
LastPass uses public-private key cryptography with RSA-2048 to allow users to share the key to their vault with trusted parties, without ever passing that information in an unencrypted format to LastPass. When Emergency Access is activated, each user has a pair of cryptographic keys - a public key to allow others to encrypt data for the user, and a private key that allows the user to decrypt the data that others have encrypted for them.
The key used to encrypt and decrypt your vault data is encrypted with the Emergency Access contact’s public key, and can be decrypted only with their corresponding private key. When setting up Emergency Access, you are using the recipient’s public key, encrypting your vault key with that public key, and then LastPass stores that RSA-2048 encrypted data until it’s released after the waiting period you specify. Only the recipient can decrypt the data, so no one else can decrypt it without access to the private key of the recipient you’re sharing it with, which is encrypted with their master password key. This process is completely automated, with no action required by the end user, and ensures that the data is inaccessible by LastPass or outside parties.