diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index 6ef73e5f..3a827f53 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -2795,10 +2795,11 @@ The pairing is of type $\GroupG{1} \times \GroupG{2} \rightarrow \GroupG{T}$, wh
 \begin{itemize}
   \item $\GroupG{1}$ is a Barreto--Naehrig curve over $\GF{q}$ with equation
 $y^2 = x^3 + b$. This curve has embedding degree 12 with respect to $r$.
-  \item $\GroupG{2}$ is the subgroup of order $r$ in the twisted Barreto-Naehrig curve
-over $\GF{q^2}$ with equation $y^2 = x^3 + \frac{b}{x \mult i}$. We represent elements
+  \item $\GroupG{2}$ is the subgroup of order $r$ in the sextic twist of $\GroupG{1}$
+over $\GF{q^2}$ with equation $y^2 = x^3 + \frac{b}{\xi}$, where
+$\xi \typecolon \GF{q^2}$. We represent elements
 of $\GF{q^2}$ as polynomials $a_1 \mult t + a_0 \typecolon \GF{q}[t]$, modulo the
-irreducible polynomial $t^2 + 1$.
+irreducible polynomial $t^2 + 1$; in this representation, $\xi$ is given by $t + 9$.
   \item $\GroupG{T}$ is $\mu_r$, the subgroup of $r^\mathrm{th}$ roots of unity in
 $\GFstar{q^{12}}$.
 \end{itemize}
@@ -4089,6 +4090,7 @@ The errors in the proof of Ledger Indistinguishability mentioned in
 \begin{itemize}
     \item Specify the security requirements on the $\SHAName$ function in order
           for the scheme in \crossref{concretecomm} to be a secure commitment.
+    \item Specify $\GroupG{2}$ more precisely.
 \end{itemize}
 
 \introlist