diff --git a/protocol/protocol.pdf b/protocol/protocol.pdf
index fc32c55f..845fd8b6 100644
Binary files a/protocol/protocol.pdf and b/protocol/protocol.pdf differ
diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index 27adbdfe..3e70e710 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -38,6 +38,7 @@
 \newcommand{\PRFpk}[2]{\PRF{#1}{pk_{#2}}}
 \newcommand{\SHA}{\mathtt{SHA256Compress}}
 \newcommand{\SHAName}{\emph{SHA-256 compression}}
+\newcommand{\SHAOrig}{\emph{SHA-256}}
 \newcommand{\bm}{\mathbf{\mathtt{bm}}}
 \newcommand{\InternalHashK}{\mathsf{k}}
 \newcommand{\InternalHash}{\mathsf{InternalH}}
@@ -95,15 +96,21 @@
 
 \section{Concepts}
 
-\subsection{Endianness}
+\subsection{Integers and Endianness}
 
-All numerical objects in Zcash are big endian.
+Abstractly, integers have a signedness (signed or unsigned), and a bit length.
+The limits are the same as for the usual two's compliment system. All integers
+in the publicly-visible \Zcash protocol are encoded in big endian two's
+compliment.
+
+If unspecified, curve points, field elements, etc., are encoded according to the
+crypto libraries the \Zcash implementation uses.
 
 \subsection{Cryptographic Functions}
 
 \subparagraph{}
 
-$\CRH$ is a collision-resistant hash function. In \Zcash, the $\SHAName$ function is used which takes a 512-bit block and produces a 256-bit hash.
+$\CRH$ is a collision-resistant hash function. In \Zcash, the $\SHAName$ function is used which takes a 512-bit block and produces a 256-bit hash. This is different from the $\SHAOrig$ function, which hashes arbitrary-length strings.
 
 \subparagraph{}
 
@@ -209,7 +216,7 @@ The underlying $\Value$ and $\SpendAuthorityPublic$ are blinded with $\BucketRan
 
 \end{flushright}
 
-We say that the bucket commitment of a bucket $\Bucket$ = $\BucketCommitment{\Bucket}$.
+We say that the bucket commitment of a bucket $\Bucket$ is $\bm = \BucketCommitment{\Bucket}$.
 
 \subparagraph{Serials}
 
@@ -360,16 +367,16 @@ TBD. Identical to Bitcoin?
 
 TBD. Identical to Bitcoin?
 
-\subsection{\Zcash Public Addresses}
+\subsection{Protected Public Addresses}
 
-A public address consists of $\SpendAuthorityPublic$ and $\TransmitPublic$.
+A protected address consists of $\SpendAuthorityPublic$ and $\TransmitPublic$.
 $\SpendAuthorityPublic$ is a SHA-256 compression function output.
 $\TransmitPublic$ is an encryption public key (currently ECIES, but this may
 change to Curve25519/crypto\_box), which is an elliptic curve point.
 
 \subsubsection{Raw Encoding}
 
-The raw encoding of a \Zcash public address consists of:
+The raw encoding of a protected address consists of:
 
 \begin{equation*}
 \begin{bytefield}[bitwidth=0.07em]{520}
@@ -397,16 +404,16 @@ produces the correct Base58 leading character}
 
 \textbf{TODO: what about the network version byte?}
 
-\subsection{\Zcash Private Keys}
+\subsection{Protected Address Secrets}
 
-A \Zcash private key consists of $\SpendAuthorityPrivate$ and
+A protected address secret consists of $\SpendAuthorityPrivate$ and
 $\TransmitPrivate$. $\SpendAuthorityPrivate$ is a SHA-256 compression function
 output. $\TransmitPrivate$ is an encryption private key (currently ECIES), which
 is an integer.
 
 \subsubsection{Raw Encoding}
 
-The raw encoding of a \Zcash private key consists of, in order:
+The raw encoding of a protected address secret consists of, in order:
 
 \begin{equation*}
 \begin{bytefield}[bitwidth=0.07em]{520}