diff --git a/无进位乘法和GHASH.md b/无进位乘法和GHASH.md
index 70be01b..434c393 100644
--- a/无进位乘法和GHASH.md
+++ b/无进位乘法和GHASH.md
@@ -56,8 +56,8 @@ vpxor      T1, T1, T4            ; result in T1
   * 4-way expanded Horner form (aggregate results to defer the reduction)
     * $MM[X_i , Hx] \oplus MM[X_{i-1} , {(Hx)}^2] \oplus MM[X_{i-2} , {(Hx)}^3] \oplus MM[(X_{i-3} \oplus Y_{i-4}, {(Hx)}^4] $
     * Can be expanded to N > 4 blocks, we use 8 blocks now.
-    * Overhead: pre-calculate the powers of Hx (amortized for reasonably long buffer) 
-    * The gain: reduction deffered to once per "N" blocks
+    * Overhead: pre-calculate the powers of $H \cdot x$ (amortized for reasonably long buffer) 
+    * The gain: reduction deferred to once per "N" blocks
 
 # 参考
 * [Cryptographic Hardware and Software and useful architectures](https://www.esat.kuleuven.be/cosic/events/ecrypt-net-school-2018/wp-content/uploads/sites/23/2018/10/kos-school-gueron-2.pdf)