Pay attention how to get @ref{Sources, development source code}.
@table @asis
-@item Nonce and identity encryption
- @url{http://www.cix.co.uk/~klockstone/xtea.pdf, XTEA}.
@item Data encryption
- @url{http://cr.yp.to/snuffle.html, Salsa20}.
+ @url{https://cr.yp.to/chacha.html, ChaCha20}.
@item Message authentication
- @url{http://cr.yp.to/mac.html, Poly1305}.
+ @url{https://cr.yp.to/mac.html, Poly1305}.
+@item Nonce and identity obfuscation
+ @url{https://blake2.net/, BLAKE2b-MAC}.
@item Password authenticated key agreement
- DH-A-EKE powered by @url{http://cr.yp.to/ecdh.html, Curve25519}
- and @url{http://ed25519.cr.yp.to/, Ed25519}.
+ DH-A-EKE powered by @url{https://cr.yp.to/ecdh.html, Curve25519}
+ and @url{https://ed25519.cr.yp.to/, Ed25519}.
@item DH elliptic-curve point encoding for public keys
- @url{http://elligator.cr.yp.to/, Elligator}.
+ @url{https://elligator.cr.yp.to/, Elligator}.
@item Verifier password hashing algorithm
- @url{https://password-hashing.net/#argon2, Argon2d}.
+ @url{https://crypto.stanford.edu/balloon/, Balloon hashing} based
+ on BLAKE2b-256.
@item Encryptionless confidentiality preserving encoding
@url{http://people.csail.mit.edu/rivest/chaffing-980701.txt,
Chaffing-and-Winnowing} (two Poly1305 MACs for each bit of message)
@url{http://theory.lcs.mit.edu/~cis/pubs/rivest/fusion.ps,
All-Or-Nothing-Transformed} (based on
@url{http://cseweb.ucsd.edu/~mihir/papers/oaep.html, OAEP} using
- Salsa20 with @url{https://blake2.net/, BLAKE2b-256} based
+ ChaCha20 with BLAKE2b-256 based
@url{http://crypto.stanford.edu/~dabo/abstracts/saep.html, SAEP+}
checksums) data with 128-bits of feeded random.
@item Packet overhead