-Blob's encryption is done using @url{https://cr.yp.to/chacha.html,
-ChaCha20} algorithm. Data is splitted on 128 KiB blocks. Each block is
-encrypted with increasing nonce counter. @code{balloon(BLAKE2b-256, S,
-T, P, salt, password)} gives the main key, that is fed to
-@url{https://blake2.net/, BLAKE2Xb} XOF Actual encryption key for
-ChaCha20 and authentication key for MAC are derived from that XOF.
+@enumerate
+@item generate the main key using @code{balloon(BLAKE2b-256, S, T, P,
+salt, password)}
+@item initialize @url{https://blake2.net/, BLAKE2Xb} XOF with generated
+main key and 32-byte output length
+@item feed @verb{|N N C P B 0x00 0x00 0x03|} magic number to XOF
+@item read 32-bytes of blob AEAD encryption key
+@item encrypt and authenticate blob using
+ @url{https://cr.yp.to/chacha.html, ChaCha20}-@url{https://en.wikipedia.org/wiki/Poly1305, Poly1305}.
+ Blob is divided on 128 KiB blocks. Each block is encrypted with
+ increasing nonce counter. Eblob packet itself, with empty blob
+ field, is fed as an additional authenticated data
+@end enumerate