Eblob is an @url{https://tools.ietf.org/html/rfc4506, XDR}-encoded structure:
@verbatim
-+-------+------------------+------------+
-| MAGIC | S | T | P | SALT | BLOB | MAC |
-+-------+------------------+------------+
++-------+------------------+------+
+| MAGIC | S | T | P | SALT | BLOB |
++-------+------------------+------+
@end verbatim
@multitable @columnfractions 0.2 0.3 0.5
@headitem @tab XDR type @tab Value
@item Magic number @tab
8-byte, fixed length opaque data @tab
- @verb{|N N C P B 0x00 0x00 0x02|}
+ @verb{|N N C P B 0x00 0x00 0x03|}
@item S, T, P @tab
unsigned integer @tab
Space cost, time cost and parallel jobs number
Randomly generated salt
@item Blob @tab
variable length opaque data @tab
- Encrypted data itself
-@item MAC @tab
- 32 bytes, fixed length opaque data @tab
- BLAKE2b-256 MAC of encrypted blob
+ Authenticated and Encrypted data itself
@end multitable
@enumerate
@item generate the main key using @code{balloon(BLAKE2b-256, S, T, P,
salt, password)}
@item initialize @url{https://blake2.net/, BLAKE2Xb} XOF with generated
-main key and 96-byte output length
-@item feed @verb{|N N C P B 0x00 0x00 0x02|} magic number to XOF
-@item read 32-bytes of blob encryption key
-@item read 64-bytes of blob authentication key
-@item encrypt the blob using @url{https://cr.yp.to/chacha.html,
-ChaCha20}. Blob is splitted on 128 KiB blocks. Each block is encrypted
-with increasing nonce counter
-@item authenticate ciphertext with MAC
+main key and 32-byte output length
+@item feed @verb{|N N C P B 0x00 0x00 0x03|} magic number to XOF
+@item read 32-bytes of blob AEAD encryption key
+@item encrypt and authenticate blob using
+ @url{https://cr.yp.to/chacha.html, ChaCha20}-@url{https://en.wikipedia.org/wiki/Poly1305, Poly1305}.
+ Blob is splitted on 128 KiB blocks. Each block is encrypted with
+ increasing nonce counter. Eblob packet itself, with empty blob
+ field, is fed as an additional authenticated data
@end enumerate