diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index 4b0c90af..13796c40 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -1987,10 +1987,11 @@ where
 }
 
 $\Blake{256}(p, x)$ refers to unkeyed $\Blake{256}$
-\cite{ANWW2013}\cite{RFC-7693} in sequential mode, with an output
+\cite{ANWW2013} in sequential mode, with an output
 digest length of $32$ bytes, 16-byte personalization string $p$,
 and input $x$. This is not the same as $\Blake{512}$ truncated to
-$256$ bits.
+$256$ bits, because the digest length is encoded in the parameter
+block.
 
 \securityrequirement{
 $\Blake{256}(\ascii{ZcashComputehSig}, x)$ must be collision-resistant.
@@ -2033,10 +2034,11 @@ Let $\EquihashGen{n, k}(S, i) := T_{h+1\hairspace..\hairspace h+n}$, where
 Indices of bits in $T$ are 1-based.
 
 $\Blake{\ell}(p, x)$ refers to unkeyed $\Blake{\ell}$
-\cite{ANWW2013}\cite{RFC-7693} in sequential mode, with an output
+\cite{ANWW2013} in sequential mode, with an output
 digest length of $\ell/8$ bytes, 16-byte personalization string $p$,
 and input $x$. This is not the same as $\Blake{512}$ truncated to
-$\ell$ bits.
+$\ell$ bits, because the digest length is encoded in the parameter
+block.
 
 \securityrequirement{
 $\Blake{\ell}(\powtag, x)$ must generate output that is sufficiently
@@ -2231,6 +2233,13 @@ where:
 \hskip 1.5em $\kdfinput := \Justthebox{\kdfinputbox}$.
 }
 
+$\Blake{256}(p, x)$ refers to unkeyed $\Blake{256}$
+\cite{ANWW2013} in sequential mode, with an output
+digest length of $32$ bytes, 16-byte personalization string $p$,
+and input $x$. This is not the same as $\Blake{512}$ truncated to
+$256$ bits, because the digest length is encoded in the parameter
+block.
+
 \nsubsubsection{Signatures} \label{concretesig}
 
 $\JoinSplitSig$ is specified in \crossref{abstractsig}.
@@ -3547,6 +3556,7 @@ The errors in the proof of Ledger Indistinguishability mentioned in
     \item Correct the number of bytes in the encoding of $\solutionSize$.
     \item Update the section on encoding of \transparent addresses.
           (The precise prefixes are not decided yet.)
+    \item Clarify why $\Blake{\ell}$ is different from truncated $\Blake{512}$.
     \item Add a paragraph about key length in \crossref{inbandrationale}.
 \end{itemize}