diff --git a/docs/internals/data-structures.rst b/docs/internals/data-structures.rst
index 3a4833109..d15858de6 100644
--- a/docs/internals/data-structures.rst
+++ b/docs/internals/data-structures.rst
@@ -451,9 +451,10 @@ Encryption
 
 AES_-256 is used in CTR mode (so no need for padding). A 64 bit initialization
 vector is used, a MAC is computed on the encrypted chunk
-and both are stored in the chunk.
-The header of each chunk is: ``TYPE(1)`` + ``MAC(32)`` + ``NONCE(8)`` + ``CIPHERTEXT``.
-Encryption and MAC use two different keys.
+and both are stored in the chunk. Encryption and MAC use two different keys.
+Each chunk consists of ``TYPE(1)`` + ``MAC(32)`` + ``NONCE(8)`` + ``CIPHERTEXT``:
+
+.. figure:: encryption.png
 
 In AES-CTR mode you can think of the IV as the start value for the counter.
 The counter itself is incremented by one after each 16 byte block.
diff --git a/docs/internals/encryption.png b/docs/internals/encryption.png
new file mode 100644
index 000000000..e35120748
Binary files /dev/null and b/docs/internals/encryption.png differ
diff --git a/docs/internals/encryption.vsd b/docs/internals/encryption.vsd
new file mode 100644
index 000000000..22507a179
Binary files /dev/null and b/docs/internals/encryption.vsd differ