···11+## v0.8.1 (2020-07-02)
22+33+* Add Chacha20 implementation (based on abeaumont/ocaml-chacha), supporting
44+ both DJB's original specification (nonce 64 bit, counter 64 bit) and IETF
55+ (RFC 8439: nonce 96 bit, counter 32 bit)
66+ (#72 @hannesm)
77+* Add Poly1305 implementation based on floodyberry/poly1305-donna (#72 @hannesm)
88+* Unified AEAD module type, implemented by CCM, GCM, and Chacha20/Poly1305
99+ The functions "authenticate_encrypt" and "authenticate_decrypt" are defined,
1010+ which append (encrypt) and check equality (decrypt, using Eqaf for
1111+ constant-time comparison) the authentication tag directly.
1212+ Breaking changes:
1313+ - GCM "~iv" is now "~nonce"
1414+ - GCM encrypt returns the encrypted data and authentication tag appended
1515+ - GCM decrypt returns the plaintext as option (None on authentication failure)
1616+ (#73 @hannesm)
1717+118## v0.8.0 (2020-06-18)
219320* New package mirage-crypto-rng-mirage which contains the entropy collection