diff --git a/zip-0032.rst b/zip-0032.rst
index fd21b807..1cb601a1 100644
--- a/zip-0032.rst
+++ b/zip-0032.rst
@@ -177,6 +177,18 @@ CDKfvk((*ak*\ :sub:`par`\ , *nk*\ :sub:`par`\ , *ovk*\ :sub:`par`\ , *dk*\ :sub:
   - *dk*\ :sub:`i` = truncate\ :sub:`32`\ (PRF\ :sup:`expand`\ (*I*\ :sub:`L`\ , [0x16] || *dk*\ :sub:`par`\ ))
   - *c*\ :sub:`i` = *I*\ :sub:`R`
 
+Diversifier derivation
+----------------------
+
+The 88-bit diversifiers for a Sapling extended key are derived from its diversifier key *dk*\ :sub:`i`\ . In
+order to reach the maximum possible diversifier range without running into the birthday bound, we use the PRP
+defined in [#diversifier-prp]_ as follows:
+
+- Let *j* be the index of the desired diversifier.
+- *d*\ :sub:`i,j` = PRP(*dk*\ :sub:`i`\ , I2LEOSP\ :sub:`88`\ (*j*))
+
+The default diversifier for a Sapling extended key is defined to be *d*\ :sub:`i,0`\ .
+
 
 Specification: Sprout key derivation
 ====================================
@@ -301,5 +313,6 @@ References
 .. [#bip-0043] `BIP 43: Purpose Field for Deterministic Wallets <https://github.com/bitcoin/bips/blob/master/bip-0043.mediawiki>`_
 .. [#bip-0044] `BIP 44: Multi-Account Hierarchy for Deterministic Wallets <https://github.com/bitcoin/bips/blob/master/bip-0044.mediawiki>`_
 .. [#slip-0044] `SLIP 44: Registered coin types for BIP-0044 <https://github.com/satoshilabs/slips/blob/master/slip-0044.md>`_
+.. [#diversifier-prp] `TODO`_
 .. [#sapling-spec] `Zcash Protocol Specification, Version 2018.0-beta-20 [Overwinter+Sapling] <https://github.com/zcash/zips/blob/master/protocol/sapling.pdf>`_
 .. [#sapling-key-components] `Section 4.2.2: Sapling Key Components. Zcash Protocol Specification, Version 2018.0-beta-20 [Overwinter+Sapling] <https://github.com/zcash/zips/blob/master/protocol/sapling.pdf>`_