From f94b9a4c67c9b192e98606722704552813d04875 Mon Sep 17 00:00:00 2001
From: Daira Hopwood <daira@jacaranda.org>
Date: Wed, 4 Jul 2018 08:10:58 +0100
Subject: [PATCH] Define r_J.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
---
 zip-0032.rst | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/zip-0032.rst b/zip-0032.rst
index 4f037630..8aef6aec 100644
--- a/zip-0032.rst
+++ b/zip-0032.rst
@@ -73,7 +73,8 @@ Most of the notation and functions used in this ZIP are defined in the Sapling p
 
 - PRF\ :sup:`expand`\ (*sk*, *t*) := BLAKE2b-512("Zcash_ExpandSeed", *sk* || *t*)
 
-- ToScalar(*x*) := LEOS2IP\ :sub:`512`\ (*x*) (mod *r*\ :sub:`J`\ )
+- ToScalar(*x*) := LEOS2IP\ :sub:`512`\ (*x*) (mod *r*\ :sub:`J`\ ), where *r*\ :sub:`J`\ is the order
+  of the Jubjub large prime subgroup.
 
 The following algorithm standardized in [#NIST-SP-800-38G]_ is used: