diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index e8e8d6f7..1374e106 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -1862,9 +1862,16 @@ $\JoinSplitSigVerify{\text{\small\joinSplitPubKey}}(\dataToBeSigned, \joinSplitS
 % FIXME: distinguish pubkey and signature from their encodings.
 }
 
-The condition enforced by the \joinSplitStatement specified in \crossref{nonmalleablepour}
-ensures that a holder of all of $\AuthPrivateOld{\allOld}$ for each
-\joinSplitDescription has authorized the use of the private signing key corresponding
+Let $\hSig$ be computed as specified in \crossref{joinsplitdesc}, and let
+$\PRFpk{}$ be as defined in \crossref{abstractprfs}.
+
+For each $i \in \setofOld$, the creator of a \joinSplitDescription calculates
+$\h{i} = \PRFpk{\AuthPrivateOld{i}}(i, \hSig)$.
+
+The correctness of $\h{\allOld}$ is enforced by the \joinSplitStatement
+specified in \crossref{nonmalleablejs}. This ensures that a holder of all of
+the $\AuthPrivateOld{\allOld}$ for every \joinSplitDescription in the
+\transaction has authorized the use of the private signing key corresponding
 to $\joinSplitPubKey$ to sign this \transaction.
 
 
@@ -1971,7 +1978,7 @@ $\nfOld{i} = \PRFnf{\AuthPrivateOld{i}}(\NoteAddressRandOld{i})$.
 for each $i \in \setofOld$:
 $\AuthPublicOld{i} = \changed{\PRFaddr{\AuthPrivateOld{i}}(0)}$.
 
-\subparagraph{Non-malleability} \label{nonmalleablepour}
+\subparagraph{Non-malleability} \label{nonmalleablejs}
 
 for each $i \in \setofOld$:
 $\h{i} = \PRFpk{\AuthPrivateOld{i}}(i, \hSig)$.
@@ -3148,7 +3155,11 @@ components for the encrypted output \notes, $\TransmitCiphertext{\allNew}$. \\ \
 \end{tabularx}
 \end{center}
 
-The $\ephemeralKey$ and $\encCiphertexts$ fields together form the \notesCiphertext.
+The $\vmacs$ field encodes $\h{\allOld}$ which are computed as described in
+\crossref{nonmalleability}.
+
+The $\ephemeralKey$ and $\encCiphertexts$ fields together form the \notesCiphertext,
+which is computed as described in \crossref{inband}.
 
 Consensus rules applying to a \joinSplitDescription are given in \crossref{joinsplitdesc}.
 
@@ -4143,6 +4154,13 @@ The errors in the proof of Ledger Indistinguishability mentioned in
 \introlist
 \nsection{Change history}
 
+\subparagraph{2017.0-beta-2.7}
+
+\begin{itemize}
+    \item Clarify the computation of $\h{i}$ in a \joinSplitStatement.
+\end{itemize}
+
+\introlist
 \subparagraph{2017.0-beta-2.6}
 
 \begin{itemize}