diff --git a/GSoCIdeas2010.md b/GSoCIdeas2010.md
index 6435699..1d41380 100644
--- a/GSoCIdeas2010.md
+++ b/GSoCIdeas2010.md
@@ -21,7 +21,8 @@
      * HTTP proxy approach
      * Special scheme handling in browser add-ons
    * [CAJA](http://code.google.com/p/google-caja) approach: Require all Javascript to pass the CAJA verifier in the Tahoe web frontend, then create an interface to the tahoe webapi which matches the intended capability semantics.
- * Tahoe Cryptography Fu (Zooko: add specific projects here)
+ * Tahoe Cryptography:
+   * Write a paper proving the security of the "Semi-Private Keys" construction from <http://allmydata.org/~zooko/lafs.pdf> .  Implement small, secure Tahoe capabilities based on Semi-Private Keys.
 
 ## Building Things On Top Of Tahoe
  * an interactive tree browser web frontend in JavaScript (Nathan has written most of one -- what can it grow into?)