diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index 82ddafc0..9dfc5651 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -851,6 +851,8 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\paramdot}{\bigcdot}
 \newcommand{\lincomb}[1]{\left(\strut\kern-.025em{#1}\kern-0.04em\right)}
 \newcommand{\constraint}[3]{\lincomb{#1}\hairspace \times\hairspace \lincomb{#2}\hairspace =\hairspace \lincomb{#3}}
+\newcommand{\maybe}[1]{{#1} \union \setof{\bot}}
+
 
 % Hashes
 
@@ -2726,7 +2728,7 @@ $\SymEncrypt{} \typecolon \Keyspace \times \Plaintext \rightarrow \Ciphertext$
 is the encryption algorithm.
 
 $\SymDecrypt{} \typecolon \Keyspace \times \Ciphertext \rightarrow
-\Plaintext \union \setof{\bot}$ is the decryption algorithm, such that
+\maybe{\Plaintext}$ is the decryption algorithm, such that
 for any $\Key \in \Keyspace$ and $\Ptext \in \Plaintext$,
 $\SymDecrypt{\Key}(\SymEncrypt{\Key}(\Ptext)) = \Ptext$.
 $\bot$ is used to represent the decryption of an invalid ciphertext.
@@ -3214,7 +3216,7 @@ A \representedGroup $\GroupG{}$ consists of:
         and additive identity $\ZeroG{}$;
   \item a bit-length parameter $\ellG{} \typecolon \Nat$;
   \item a representation function \smash{$\reprG{} \typecolon \GroupG{} \rightarrow \bitseq{\ellG{}}$}
-        and an abstraction function \smash{$\abstG{} \typecolon \bitseq{\ellG{}} \rightarrow \GroupG{} \union \setof{\bot}$},
+        and an abstraction function \smash{$\abstG{} \typecolon \bitseq{\ellG{}} \rightarrow \maybe{\GroupG{}}$},
         such that $\abstG{}$ is the left inverse of $\reprG{}$, i.e. for all $P \in \GroupG{}$,
         $\abstG{}(\reprG{}(P)) = P$, and for all $S$ not in the image of $\reprG{}$, $\abstG{}(S) = \bot$.
 \end{itemize}
@@ -3552,7 +3554,8 @@ diversified addresses as a user-visible feature, to nevertheless use a default a
 cannot be distinguished (just from the address) from one generated with a random \diversifier
 as above.
 
-Let $\first \typecolon (\byte \rightarrow T \union \setof{\bot}) \rightarrow T \union \setof{\bot}$
+\introlist
+Let $\first \typecolon (\byte \rightarrow \maybe{T}) \rightarrow \maybe{T}$
 be as defined in \crossref{concretegrouphashjubjub}.
 
 Define $\DefaultDiversifier(\sk) :=
@@ -6572,7 +6575,7 @@ Define $\reprJ \typecolon \GroupJ \rightarrow \ReprJ$ such
 that $\reprJOf{u, \varv} = \ItoLEBSPOf{256}{\varv + 2^{255} \smult \tilde{u}}$, where
 $\tilde{u} = u \bmod 2$.
 
-Let $\abstJ \typecolon \ReprJ \rightarrow \GroupJ \union \setof{\bot}$
+Let $\abstJ \typecolon \ReprJ \rightarrow \maybe{\GroupJ}$
 be the left inverse of $\reprJ$ such that if $S$ is not in the range of
 $\reprJ$, then $\abstJOf{S} = \bot$.
 
@@ -6675,7 +6678,7 @@ The hash $\GroupJHash{\CRS}(D, M)$ is calculated as follows:
   \item If $Q = \ZeroJ$ then return $\bot$, else return $Q$.
 \end{formulae}
 
-Define $\first \typecolon (\byte \rightarrow T \union \setof{\bot}) \rightarrow T \union \setof{\bot}$
+Define $\first \typecolon (\byte \rightarrow \maybe{T}) \rightarrow \maybe{T}$
 so that $\first(f) = f(i)$ where $i$ is the least integer in $\byte$
 such that $f(i) \neq \bot$, or $\bot$ if no such $i$ exists.