How does LastPass' grid multi-factor authentication work behind the scenes?

I don't know exactly what you mean by "decrypt any secret defined ahead of time" but it seems that it is a second challenge response system, and the 2nd factor (something you have) is your printed grid. Technically it works exactly as other similar systems work. On their part of the system, your grid is stored somewhere and is associated with your user identity. When logging in, the system chooses 4 random characters of the grid, you look them up and provide them. If there's a match there and a match on the password part, you are get logged in.

On further implementation details, the grid is nothing more that a 260 character string which is stored along your other details and 4 different characters are chosen each time to be asked.