diff --git a/BTP.markdown b/BTP.markdown
index cce841f..f358b71 100644
--- a/BTP.markdown
+++ b/BTP.markdown
@@ -12,12 +12,12 @@ We use || to denote concatenation, double quotes to denote an ASCII string, int(
 
 BTP uses the following cryptographic primitives:
 
-* A pseudo-random function, MAC(k, m)
+* A message authentication code, MAC(k, m)
 * An authenticated cipher, ENC(k, n, m) and DEC(k, n, m), where n is a nonce
 
 All keys are key_len bytes and all nonces are nonce_len bytes. The output of MAC(k, m) is mac_len bytes, and the output of ENC(k, n, m) is auth_len bytes longer than m. For simplicity we require that mac_len == key_len.
 
-> Implementation note: The current version of BTP uses HMAC-SHA-256 as the pseudo-random function and AES-256-GCM as the authenticated cipher. The next version will use BLAKE2s as the pseudo-random function and XSalsa20-Poly1305 as the authenticated cipher. In both cases, key_len == 32, mac_len == 32, nonce_len == 24, and auth_len == 16.
+> Implementation note: The current version of BTP uses HMAC-SHA-256 as the message authentication code and AES-256-GCM as the authenticated cipher. The next version will use BLAKE2s as the message authentication code and XSalsa20-Poly1305 as the authenticated cipher. In both cases, key_len == 32, mac_len == 32, nonce_len == 24, and auth_len == 16.
 
 ### Initial state
 
@@ -36,7 +36,7 @@ The devices must also agree which of them will play the role of Alice and which
 
 ### Key derivation
 
-BTP's key derivation function is based on a pseudo-random function:
+BTP's key derivation function is based on a message authentication code:
 
 KDF(k, x_1, ..., x_n) == MAC(k, pack(x_1) || ... || pack(x_n))