X-Git-Url: http://www.git.cypherpunks.ru/?p=gohpenc.git;a=blobdiff_plain;f=README;fp=README;h=bacd9b6410333a02275c840af7e912add9d1b626;hp=d16ccebf98188a061c0e3da10448e99085ab5648;hb=009e6a235129f367b3534fa2346af8020b619e09;hpb=be7b7c2004f656ef42981527f850f8f7836384c8

diff --git a/README b/README
index d16cceb..bacd9b6 100644
--- a/README
+++ b/README
@@ -17,11 +17,11 @@ language, widening supported platforms.
 
 gohpenc is incompatible with hpenc and much simpler:
 
-* it uses only ChaCha20-Poly1305 algorithm
+* it uses only XChaCha20-Poly1305 algorithm
 * no random data generation mode
 * no metadata in output stream and no structure validation. Only blocks
   authentication
-* simpler key derivation -- new key for each block
+* no key derivation -- new key for each block
 
 But it still satisfies most of hpenc aims:
 
@@ -42,13 +42,10 @@ Usage is very simple:
 
 How encryption/authentication is performed:
 
-* First 32 bytes of the stream contain random data -- salt
-* BLAKE2X is initialized: unknown length, PSK key as a MAC key. It
-  creates XOF that will be used as a KDF
-* Salt is fed into that XOF
-* All data is processed block by block
-* New key is derived for each block by reading it from the XOF
-* ChaCha20-Poly1305 algorithm is initialized with that key
+* First 16 bytes of the stream contain random data -- nonce salt
+* XChaCha20-Poly1305 algorithm is initialized with the key and 24-byte
+  nonce, where 16 bytes is the salt, and 8 bytes is 64-bit unsigned
+  big-endian block number
 * 32-bit big-endian value with the length of the block is outputted,
   then an encrypted and authenticated block goes further, with
   authenticated data containing that 32-bit length value