Add a paragraph to \crossref{truncation} covering Orchard.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

protocol/protocol.tex

@@ -13970,6 +13970,16 @@ no need for truncation in the inputs to any of these hashes. Note however that t
 $\BlakeTwosGeneric$ truncated to $251$ bits (see \crossref{concretecrhivk}).
 }
 
+\nufive{
+\Orchard replaces \xPedersenHashes by \xSinsemillaHashes which can also be efficiently
+instantiated for arbitrary input lengths. It replaces uses of $\BlakeTwosGeneric$ in the
+circuit by the \commitmentScheme $\CommitIvk{}$, and by a construction for \nullifier
+derivation that uses the $\Poseidon$-based $\PRFnf{Orchard}{}$ (along with scalar
+multiplication on the \pallasCurve). Again, there is no need for truncation in the
+inputs to any of these functions, and the need for truncation in the derivation of
+$\InViewingKey$ is removed.
+} %nufive
+
 \lsubsection{In-band secret distribution}{inbandrationale}
 
 \Zerocash specified ECIES (referencing Certicom's SEC 1 standard) as the
@@ -14259,6 +14269,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
     \item Vanity \diversifiers are not an issue for \Orchard given that it does not have its own
           \paymentAddress format, and given the use of ``jumbling'' (\cite{ZIP-316}) in
           \unifiedPaymentAddresses. Remove the corresponding note from \crossref{orchardkeycomponents}.
+    \item Add a paragraph to \crossref{truncation} covering \Orchard.
     \item Clarify the definition of $\pad$ in \crossref{concretesinsemillahash} by
           disambiguating $\Mpieces$ from $\Mpadded$.
 } %nufive