diff --git a/ACNS/keyexchange.tex b/ACNS/keyexchange.tex
index 06d70f72170525fa9e885d65e69fc0c82d12541f..bfa3322cf6ea854462c8b3681b4a4ef5792c705a 100644
--- a/ACNS/keyexchange.tex
+++ b/ACNS/keyexchange.tex
@@ -236,7 +236,7 @@ We arrive at our decapsulation protocol, executed by a superauthorised set \(S^\
 	\item Otherwise, \(P_i\) outputs \(E^k\) and finalises its turn.% turn is finalised and the next shareholder continues with \(E^k\) as input from \(P_i\).
 	\item The protocol terminates  with the last shareholder's \(E^{\# S^\ast}\) as output.
 \end{enumerate}
-The combination of the PVP and the zero-knowledge proof in steps \ref{step.pvp} and \ref{step.zk} ensure, that \(P_i\) not only has knowledge of the sharing polynomial \(L_{i,S^\ast} f_i\) but also inputs \(L_{i,S^\ast} f_i\paren* 0\) to compute \(E^k\). The precise protocol can be found in \hyperref[fig.decaps]{Algorithm \ref{fig.decaps}}.
+The combination of the PVP and the zero-knowledge proof in steps \ref{step.pvp} and \ref{step.zk} ensure, that \(P_i\) has knowledge of the sharing polynomial \(L_{i,S^\ast} f_i\) and also inputs \(L_{i,S^\ast} f_i\paren* 0\) to compute \(E^k\). We give the precise protocol in \hyperref[fig.decaps]{Algorithm \ref{fig.decaps}}.
 
 % \begin{figure}
 % %\begin{tiny}