diff --git a/NewMutableEncodingDesign.md b/NewMutableEncodingDesign.md
index 3752359..bfa8496 100644
--- a/NewMutableEncodingDesign.md
+++ b/NewMutableEncodingDesign.md
@@ -160,7 +160,7 @@ The dirnode encoding would use H(writecap) to protect the child writecaps,
 H(readcap) to protect the child readcaps, and H(traversapcap) to protect the
 child verifycap/traversalcaps.
 
-## Any public key algorithm, no semi-private keys, no traversalcap
+## Any signature algorithm, no semi-private keys, no traversalcap
 
 Without semi-private keys, we need something more complicated to protect the
 readkey: the only thing that can be mathematically derived from the writecap
@@ -199,7 +199,7 @@ with keys shorter than 2*K for a K-bit security level. Since we can use shorter
 hashes than public keys, the H(pubkey) design above gives us shorter read caps,
 although they are not shorter than using semi-private keys.
 
-### Any public key algorithm, no semi-private keys, with traversalcap
+### Any signature algorithm, no semi-private keys, with traversalcap
 
 Since a secure pubkey identifier (either H(pubkey)[:K+T] or the original privkey)
 is present in all caps, it's easy to insert arbitrary intermediate levels. It