Each packet is encrypted with ChaCha20-Poly1305. Key is generated during
handshake procedure with the server and is shared among other participants.
-Packet counter is used as a nonce. Stream identifier is additional
-authenticated data.
+Stream identifier with packet counter are used as a nonce. Only 64-bits
+of Poly1305 are used.
It is tuned for 32Kbps bandwidth. 24Kbps should be enough, but 40B of
-IPv6 header, +16B of Poly1305 authentication tag, +4B of stream
-identifier with the counter, +8B of UDP header for 50pps means ~28Kbps
-of bandwidth only for overhead transmission.
+IPv6 header, +8B of Poly1305 authentication tag, +4B of stream
+identifier with the counter, +8B of UDP header for 50pps means also
+24Kbps of bandwidth only for overhead transmission.
Each client handshakes with the server over TCP protocol using TLS 1.3
with curve25519 key-agreement protocol. @command{vors-keygen} generates