diff --git a/syndicate/protocols/schemas/sturdy.prs b/syndicate/protocols/schemas/sturdy.prs
index 6d36735..36c2295 100644
--- a/syndicate/protocols/schemas/sturdy.prs
+++ b/syndicate/protocols/schemas/sturdy.prs
@@ -4,16 +4,17 @@ embeddedType EntityRef.Cap .
 ; The sequence of Caveats is run RIGHT-TO-LEFT.
 ; That is, the newest Caveats are at the right.
 ;
-; Let f = HMAC-BLAKE2s, e = canonical machine-oriented serialization of some preserves value,
-; and k = the original secret key for the ref.
+; Let f(k,d) = HMAC-BLAKE2s-256(k,d)[0..16),
+;     e = canonical machine-oriented serialization of some preserves value, and
+;     k = the original secret key for the ref.
 ;
-; The `sig` is then f(f(f(f(k, e(oid)), ...), Caveat), ...).
+; The `sig` is then f(f(f(f(k, e(oid)), ...), e(Caveat)), ...).
 ;
 SturdyRef = <ref @oid any @caveatChain [Caveat ...] @sig bytes>.
 
 ; embodies 1st-party caveats over assertion structure, but nothing else
 ; can add 3rd-party caveats and richer predicates later
-Caveat = Rewrite / Alts / Reject /@unknown any .
+Caveat = Rewrite / Alts / Reject / @unknown any .
 Rewrite = <rewrite @pattern Pattern @template Template> .
 Reject = <reject @pattern Pattern> .
 Alts = <or @alternatives [Rewrite ...]>.