diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index 7e6f278a..2fa320fd 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -3833,7 +3833,7 @@ $n = 200$).
 \nsubsubsection{\PseudoRandomFunctions} \label{concreteprfs}
 
 The \changed{four} independent PRFs described in \crossref{abstractprfs} are
-all instantiated using the $\shaCompress$ function:
+all instantiated using the \shaCompressFunction defined in \crossref{concretesha256}:
 
 \newcommand{\iminusone}{\hspace{0.3pt}\scriptsize{$i$\hspace{0.6pt}-1}}
 
@@ -4144,8 +4144,8 @@ The leading byte of the $\SHAFull$ input is $\hexint{B0}$.
 }
 
 \begin{securityrequirements}
-  \item The $\shaCompress$ function must be collision-resistant.
-  \item The $\shaCompress$ function must be a PRF when keyed by the bits corresponding
+  \item The \shaCompressFunction must be collision-resistant.
+  \item The \shaCompressFunction must be a PRF when keyed by the bits corresponding
         to the position of $\NoteCommitRand$ in the second block of $\SHAFull$
         input, with input to the PRF in the remaining bits of the block and
         the chaining variable.