Protocol spec: cosmetics.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

protocol/protocol.tex

@@ -2246,9 +2246,9 @@ $\vproduct{i=1}{\rmN} a_i$ means the product of $a_{\allN{}}$.\;
 $\vxor{i=1}{\rmN} a_i$ means the bitwise exclusive-or of $a_{\allN{}}$.
 
 When $N = 0$ these yield the appropriate neutral element, i.e.
-\smash{$\vsum{i=1}{0} a_i = 0$, $\vproduct{i=1}{0} a_i = 1$, and
-$\vxor{i=1}{0} a_i = 0$} or the all-zero bit sequence of the
-appropriate length given by the type of $a$.
+$\ssum{i=1}{0} a_i = 0$, $\sproduct{i=1}{0} a_i = 1$, and
+$\sxor{i=1}{0} a_i = 0$ or the all-zero bit sequence of length given
+by the type of $a$.
 
 \notsprout{
 $\ssqrt{a}$, where $a \typecolon \GF{q}$, means the positive
@@ -5015,7 +5015,7 @@ For details of the form and encoding of \spendStatement proofs, see \crossref{gr
 
 \begin{pnotes}
   \item Public and \auxiliaryInputs{} \MUST be constrained to have the types specified. In particular,
-        see \crossref{ccteddecompressvalidate} for implementation of validity checks on compressed
+        see \crossref{ccteddecompressvalidate}, for required validity checks on compressed
         representations of \jubjubCurve points.
 
         The $\ValueCommitOutput$ and $\SpendAuthSigPublic$ types also represent points, i.e. $\GroupJ$.
@@ -5094,7 +5094,7 @@ For details of the form and encoding of \outputStatement proofs, see \crossref{g
 
 \begin{pnotes}
   \item Public and \auxiliaryInputs{} \MUST be constrained to have the types specified. In particular,
-        see \crossref{ccteddecompressvalidate} for implementation of validity checks on compressed
+        see \crossref{ccteddecompressvalidate}, for required validity checks on compressed
         representations of \jubjubCurve points.
 
         The $\ValueCommitOutput$ type also represents points, i.e. $\GroupJ$.
@@ -6222,10 +6222,10 @@ $\UncommittedSapling = \ItoLEBSPOf{\MerkleHashLengthSapling}{1}$ is not in the r
 \end{theorem}
 
 \begin{proof}
-By injectivity of $\ItoLEBSP{\MerkleHashLengthSapling}$ and the definitions of
+By injectivity of $\ItoLEBSP{\MerkleHashLengthSapling}$ and definitions of
 $\PedersenHash$ and $\ExtractJ$, $\ItoLEBSPOf{\smash{\MerkleHashLengthSapling}}{1}$
 can be in the range of $\PedersenHash$ only if there exist
-$(D \typecolon \byteseq{8}$, $M \typecolon \bitseq{\PosInt})$ such that $\Selectu\Of{\PedersenHashToPoint(D, M)} = 1$.
+$(D \typecolon \smash{\byteseq{8}}$, $M \typecolon \smash{\bitseq{\PosInt}})$ such that $\Selectu\Of{\PedersenHashToPoint(D, M)} = 1$.
 The latter can only be the affine-ctEdwards $u$-coordinate of a point in $\strut\GroupJ$.
 We show that there are no points in $\GroupJ$ with affine-ctEdwards $u$-coordinate $1$.
 Suppose for a contradiction that $(u, \varv) \in \GroupJ$ for $u = 1$ and some
@@ -6640,8 +6640,8 @@ Define $\KASaplingAgree(\sk, P) := \scalarmult{\ParamJ{h} \mult \sk}{P}$.
 \begin{lrbox}{\kdfsaplinginputbox}
 \setsapling
 \begin{bytefield}[bitwidth=0.07em]{544}
-    \sbitbox{256}{$\LEBStoOSPOf{256}{\reprJ\Of{\DHSecret{}}\hairspace}$} &
-    \sbitbox{256}{$\LEBStoOSPOf{256}{\reprJ\Of{\EphemeralPublic}\hairspace}$}
+    \sbitbox{256}{$\LEBStoOSPOf{256}{\reprJ\Of{\DHSecret{}}\kern 0.02em}$} &
+    \sbitbox{256}{$\LEBStoOSPOf{256}{\reprJ\Of{\EphemeralPublic}\kern 0.02em}$}
 \end{bytefield}
 \end{lrbox}
 
@@ -7266,7 +7266,7 @@ The \representedPairing $\BLSCurve$ is defined in this section. Parameters are t
 \cite{Bowe2017}.
 
 \introlist
-Let $\ParamS{q} :=\;$\scalebox{0.81}[1]{$4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787$.}
+Let $\ParamS{q} :=\;$\scalebox{0.805}[1]{$4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559787$.}
 
 Let $\ParamS{r} := 52435875175126190479447740508185965837690552500527637822603658699938581184513$.
 
@@ -7303,18 +7303,18 @@ Let $\GenS{1} \typecolon \SubgroupSstar{1} :=$
 \vspace{-1ex}
 
 \begin{tabular}{@{\tab}r@{}l@{}}
-$($\scalebox{0.81}[1]{$ 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507$} & $,             $ \\
-   \scalebox{0.81}[1]{$13395065449444764730204713799419212215849338759383496204265437364165114239563335064727246553533665349923917564415691$} & $)$.
+$($\scalebox{0.805}[1]{$ 3685416753713387016781088315183077757961620795782546409894578378688607592378376318836054947676345821548104185464507$} & $,             $ \\
+   \scalebox{0.805}[1]{$13395065449444764730204713799419212215849338759383496204265437364165114239563335064727246553533665349923917564415691$} & $)$.
 \end{tabular}
 
 Let $\GenS{2} \typecolon \SubgroupSstar{2} :=$
 \vspace{-1ex}
 
 \begin{tabular}{@{\tab}r@{}l@{}}
-$($\scalebox{0.81}[1]{$ 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758$} & $\,\mult\, t\;+$ \\
-   \scalebox{0.81}[1]{$  352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160$} & $,             $ \\
-   \scalebox{0.81}[1]{$  927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582$} & $\,\mult\, t\;+$ \\
-   \scalebox{0.81}[1]{$ 1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905$} & $).            $
+$($\scalebox{0.805}[1]{$ 3059144344244213709971259814753781636986470325476647558659373206291635324768958432433509563104347017837885763365758$} & $\,\mult\, t\;+$ \\
+   \scalebox{0.805}[1]{$  352701069587466618187139116011060144890029952792775240219908644239793785735715026873347600343865175952761926303160$} & $,             $ \\
+   \scalebox{0.805}[1]{$  927553665492332455747201965776037880757740193453592970025027978793976877002675564980949289727957565575433344219582$} & $\,\mult\, t\;+$ \\
+   \scalebox{0.805}[1]{$ 1985150602287291935568054521177171638300868978215655730859378665066344726373823718423869104263333984641494340347905$} & $).            $
 \end{tabular}
 
 $\GenS{1}$ and $\GenS{2}$ are generators of $\SubgroupS{1}$ and $\SubgroupS{2}$ respectively.
@@ -9069,9 +9069,9 @@ Define:
         \vspace{-0.5ex}
   \item \tab $\AveragingWindowTimespan\blossom{(\BlockHeight \typecolon \Nat)} + \trunc{\scalebox{0.98}{\hfrac{\ActualTimespan(\BlockHeight) - \AveragingWindowTimespan\blossom{(\BlockHeight)}}{\PoWDampingFactor}}}$
   \item $\ActualTimespanBounded(\BlockHeight \typecolon \Nat) := \bound{\MinActualTimespan\blossom{(\BlockHeight)}}{\MaxActualTimespan\blossom{(\BlockHeight)}}(\ActualTimespanDamped(\BlockHeight))$
-  \item $\MeanTarget(\BlockHeight \typecolon \Nat) := \begin{cases}
+  \item $\MeanTarget(\BlockHeight \typecolon \Nat) := \!\begin{cases}
           \PoWLimit, \hspace{16em}\text{if } \BlockHeight \leq \PoWAveragingWindow \\
-          \mean(\listcomp{\!\ToTarget(\nBits(i)) \for i \from \BlockHeight\!-\!\PoWAveragingWindow \upto \BlockHeight\!-\!1\!}),\\
+          \mean(\listcomp{\!\ToTarget(\nBits(i)\kern-0.1em) \for i \from \BlockHeight\!-\!\PoWAveragingWindow \upto \BlockHeight\!-\!1\!}),\\
                      \hspace{20.7em}\text{otherwise.}
         \end{cases}$
 \end{formulae}
@@ -9080,7 +9080,7 @@ Define:
 The \targetThreshold for a given \blockHeight $\BlockHeight$ is then calculated as:
 
 \begin{formulae}
-  \item $\Threshold(\BlockHeight \typecolon \Nat) \hspace{0.43em} := \begin{cases}
+  \item $\Threshold(\BlockHeight \typecolon \Nat) \hspace{0.43em} := \hspace{0.3em} \begin{cases}
                \PoWLimit, \hspace{16em}\text{if } \BlockHeight = 0 \\
                \minimum(\PoWLimit, \floor{\hfrac{\MeanTarget(\BlockHeight)}{\AveragingWindowTimespan}}
                                    \mult \ActualTimespanBounded(\BlockHeight)),\\