NCC audit: Document that the choice of nonsquare for λ_G in \crossref{concretegrouphashpallasandvesta} makes no difference

to the output of map_to_curve_simple_swu.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

protocol/protocol.tex

@@ -10677,6 +10677,8 @@ Define $\sqrtratioG(\num, \xdiv) \typecolon \GF{\ParamG{q}} \times \GFstar{\Para
 \vspace{-1ex}
 \begin{nnotes}
   \item An arbitrary square root may be chosen in either case of the definition. The result is never $\bot$.
+  \item The choice of the nonsquare $\ParamG{\lambda}$ is also arbitrary and will not affect the output
+        of $\maptocurvesimpleswuIsoG$ defined below.
   \item The computation of $\sqrtratioG$ can be optimized as described in \todo{}.
 \end{nnotes}
 
@@ -13970,6 +13972,9 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
                   in $\hashtofield$ is intentional, despite the \pallasCurve only having
                   $126$-bit conjectured security against generic attacks.
             \item Correct the output type of $\sqrtratioG$.
+            \item Document that the choice of nonsquare for $\ParamG{\lambda}$ in
+                  \crossref{concretegrouphashpallasandvesta} makes no difference to the
+                  output of $\maptocurvesimpleswuIsoG$.
             \item Make the naming of $\enableSpends$ and $\enableOutputs$ consistent.
           \end{itemize}
     \item Correct the description of $\lengthField$ in \crossref{unifiedpaymentaddrencoding}.