Verifier is a derivative of the password. It is resistant to dictionary attacks and can not be used for authentication (only its verifying).
SOURCE = Balloon(PASSWORD, SALT=PeerId, sCost, tCost, pJobs) PUB, PRIV = Ed25519.Generate(SOURCE)
Balloon hashing uses BLAKE2b-256 hash. Space cost (sCost), time cost (tCost) and number of parallel jobs (pJobs) are specific to Balloon implementation.
Verifier is serialized representation of public data above:
$balloon$s=s,t=t,p=p$Base64(SALT)$Base64(PUB)
Server stores and knows only verifier. Client can compute the whole keypair every time he makes handshake.