diff --git a/specification/modules/end_to_end_encryption.rst b/specification/modules/end_to_end_encryption.rst
index 1a58ee31..e2cb54e5 100644
--- a/specification/modules/end_to_end_encryption.rst
+++ b/specification/modules/end_to_end_encryption.rst
@@ -321,6 +321,17 @@ be able to change the room a message was sent in.
 Clients must confirm that the ``sender_key`` belongs to the user that sent the
 message. TODO: how?
 
+``m.megolm.v1.aes-sha2``
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+The name ``m.megolm.v1.aes-sha2`` corresponds to version 1 of the Megolm
+ratchet, as defined by the `Megolm specification`_. This uses:
+
+* HMAC-SHA-256 for the hash ratchet.
+* HKDF-SHA-256, AES-256 in CBC mode, and 8 byte truncated HMAC-SHA-256 for authenticated encryption.
+* Ed25519 for message authenticity.
+
+
 Protocol definitions
 --------------------
 
@@ -381,6 +392,7 @@ Example response:
 .. _ed25519: http://ed25519.cr.yp.to/
 .. _curve25519: https://cr.yp.to/ecdh.html
 .. _`Olm specification`: http://matrix.org/docs/spec/olm.html
+.. _`Megolm specification`: http://matrix.org/docs/spec/megolm.html
 
 .. _`Signing JSON`: ../appendices.html#signing-json