diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index 3ee16b3b..9a061fbf 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -4784,6 +4784,47 @@ Once detected, the \outgoingViewingKey holder will attempt to decrypt the \noteC
 } %sapling
 
 
+\subsection{\Blockchain{} Scanning\pSproutOrNothing} \label{sproutscan}
+
+The following algorithm can be used, given the \blockchain and a
+\SproutOrNothing{} \spendingKey $\AuthPrivate$, to obtain each \note sent
+to the corresponding \paymentAddress, its \memo field, and its final status
+(spent or unspent).
+
+Let $\InViewingKey = (\AuthPublic, \TransmitPrivate)$ be the \incomingViewingKey
+corresponding to $\AuthPrivate$, and let $\TransmitPublic$ be the associated
+\transmissionKey, as specified in \crossref{sproutkeycomponents}.
+
+\begin{formulae}
+  \item Initialize $\ReceivedSet \typecolon \powerset{\NoteTypeSprout \times \Memo} = \setof{}$.
+  \item Initialize $\SpentSet \typecolon \powerset{\NoteTypeSprout} = \setof{}$.
+  \item Initialize $\NullifierMap \typecolon \PRFOutputSprout \rightarrow \NoteTypeSprout$ to the empty mapping.
+  \item For each \transaction $\tx$,
+  \item \tab For each \joinSplitDescription in $\tx$,
+  \item \tab \tab Let $(\EphemeralPublic, \TransmitCiphertext{\allNew})$ be the \notesCiphertext
+                  of the \joinSplitDescription.
+  \item \tab \tab For $i$ in $\allNew$,
+  \item \tab \tab \tab Attempt to decrypt the \noteCiphertext component
+                       $(\EphemeralPublic, \TransmitCiphertext{i})$
+                       using the algorithm in
+  \item \tab \tab \tab \crossref{sproutdecrypt}. If this succeeds giving $\NotePlaintext{}$:
+  \item \tab \tab \tab \tab Extract $\NoteTuple{}$ and $\Memo$ from $\NotePlaintext{}$ (taking the
+                            $\AuthPublic$ field of the \note to be $\AuthPublic$ from
+                            $\InViewingKey$).
+  \item \tab \tab \tab \tab Add $(\NoteTuple{}, \Memo)$ to $\ReceivedSet$.
+  \item \tab \tab \tab \tab Calculate the nullifier $\nf$ of $\NoteTuple{}$ using $\AuthPrivate$
+                            as described in \crossref{notes}.
+  \item \tab \tab \tab \tab Add the mapping $\nf \rightarrow \NoteTuple{}$ to $\NullifierMap$.
+  \item
+  \item \tab \tab Let $\nf_{\allOld}$ be the \nullifiers of the \joinSplitDescription.
+  \item \tab \tab For $i$ in $\allOld$,
+  \item \tab \tab \tab If $\nf_i$ is present in $\NullifierMap$, add $\NullifierMap(\nf_i)$
+                       to $\SpentSet$.
+  \item
+  \item Return $(\ReceivedSet, \SpentSet)$.
+\end{formulae}
+
+
 \sapling{
 \subsection{\Blockchain{} Scanning (\Sapling)} \label{saplingscan}