ZIP 316: fix a typo in the description of the attack against a 3-round Feistel.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

zip-0316.html

@@ -370,7 +370,7 @@ c^{n+m}}{q}\)</span>
                     <p>Suppose that an adversary has a target input/output pair
                         <span class="math">\((a \,||\, b, c \,||\, d)\)</span>
                     , and that the input to
-                        <span class="math">\(G_0\)</span>
+                        <span class="math">\(H_0\)</span>
                      is
                         <span class="math">\(x\)</span>
                     . By fixing

zip-0316.rst

@@ -517,7 +517,7 @@ A 3-round unkeyed Feistel, as shown, is not sufficient:
     Diagram of 3-round unkeyed Feistel construction
 
 Suppose that an adversary has a target input/output pair
-:math:`(a \,||\, b, c \,||\, d)`, and that the input to :math:`G_0` is
+:math:`(a \,||\, b, c \,||\, d)`, and that the input to :math:`H_0` is
 :math:`x`. By fixing :math:`x`, we can obtain another pair
 :math:`((a \oplus t) \,||\, b', (c \oplus t) \,||\, d')` such that
 :math:`a \oplus t` is close to :math:`a` and :math:`c \oplus t` is close