diff --git a/BTP.markdown b/BTP.markdown
index 7403778..a8d1929 100644
--- a/BTP.markdown
+++ b/BTP.markdown
@@ -21,7 +21,7 @@ We use MAC(k, m) to define a key derivation function:
 
 All keys are KEY_LEN bytes and all nonces are NONCE_LEN bytes. The output of MAC(k, m) is MAC_LEN bytes, and the output of ENC(k, n, m) is AUTH_LEN bytes longer than m. For simplicity we require that MAC_LEN == KEY_LEN.
 
-> Implementation note: The current implementation uses HMAC-SHA-256 as the message authentication code and AES-256-GCM as the authenticated cipher. In the next release we propose to use keyed BLAKE2s as the message authentication code and XSalsa20/Poly1305 as the authenticated cipher. This gives KEY_LEN = 32, MAC_LEN = 32, NONCE_LEN = 24, and AUTH_LEN = 16.
+> Implementation note: The current implementation uses HMAC-SHA-256 as the message authentication code and AES-256-GCM as the authenticated cipher. In the next release we propose to use keyed BLAKE2s as the message authentication code and XSalsa20/Poly1305 as the authenticated cipher. This gives KEY_LEN = MAC_LEN = 32, NONCE_LEN = 24, and AUTH_LEN = 16.
 
 ### Initial state