diff --git a/ed25519-dalek/src/batch.rs b/ed25519-dalek/src/batch.rs
index dc8a5d1f1..670dfe71b 100644
--- a/ed25519-dalek/src/batch.rs
+++ b/ed25519-dalek/src/batch.rs
@@ -113,7 +113,7 @@ fn gen_u128<R: RngCore>(rng: &mut R) -> u128 {
 ///
 /// The latter prevents a malleability attack wherein an adversary, without access
 /// to the signing key(s), can take any valid signature, `(s,R)`, and swap
-/// `s` with `s' = -z1`.  This doesn't constitute a signature forgery, merely
+/// `s` with `s' = -s`.  This doesn't constitute a signature forgery, merely
 /// a vulnerability, as the resulting signature will not pass single
 /// signature verification.  (Thanks to Github users @real_or_random and
 /// @jonasnick for pointing out this malleability issue.)