message.
If @ref{Noise} is enabled, then junk data is inserted before
-@code{IDtag} to full up packet to MTU's size.
+@code{IDtag} to fill up packet to MTU's size.
@strong{Preparation stage}:
@item
Client generates DH keypair: @code{CDHPub} and @code{CDHPriv}.
Also it generates random 64-bit @code{R} that is used as a nonce for
-symmetric encryption. @code{El()} is Elligator point encoding algorithm.
+symmetric encryption. @code{El()} is Elligator point encoding (and vice
+versa) algorithm.
@end enumerate
@strong{Interaction stage}:
@verb{|R + enc(H(DSAPub), R, El(CDHPub)) + IDtag -> Server|} [48 bytes]
@item
-@itemize @bullet
+@itemize
@item Server remembers client address.
@item Decrypts @code{El(CDHPub)}.
@item Inverts @code{El()} encoding and gets @code{CDHPub}.
@verb{|enc(H(DSAPub), R+1, El(SDHPub)) + enc(K, R, RS + SS) + IDtag -> Client|} [80 bytes]
@item
-@itemize @bullet
+@itemize
@item Client decrypts @code{El(SDHPub)}.
@item Inverts @code{El()} encoding and gets @code{SDHPub}.
@item Computes @code{K}.
@verb{|enc(K, R+1, RS + RC + SC + Sign(DSAPriv, K)) + IDtag -> Server|} [120 bytes]
@item
-@itemize @bullet
+@itemize
@item Server decrypts @code{RS}, @code{RC}, @code{SC},
@code{Sign(DSAPriv, K)}.
@verb{|ENC(K, R+2, RC) + IDtag -> Client|} [16 bytes]
@item
-@itemize @bullet
+@itemize
@item Client decrypts @code{RC}
@item Compares with its own one sent before.
@item Computes final session encryption key as server did.
has 128-bit security margin and that is why are not in use except in
handshake process. @code{R*} are required for handshake randomization
and two-way authentication.
+
+In @ref{Encless, encryptionless mode} each @code{enc()} is replaced with
+AONT and chaffing function over the noised data.