Balloon-BLAKE2b+HKDF KEM.
[schemas/kem-balloon-blake2b-hkdf.tcl]
Balloon memory-hardened password hasher must be used with BLAKE2b hash.
=> Balloon

    H = BLAKE2b
    KEK = HKDF-Expand(H,
        prk=balloon(H, passphrase, /kem/salt, s, t, p),
        info="cm/encrypted/balloon-blake2b-hkdf" || /id)

"/kem/*/cek" is wrapped with [cm/keywrap/xchapoly] mechanism.

=> RFC 5869, HKDF
=> BLAKE2b is hashing algorithm
=> RFC 7693, same