Correct the argument that the sum of value commitments is in range.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>

protocol/protocol.tex

@@ -4503,9 +4503,13 @@ $\vSum = 0$, we also need to demonstrate that it does not overflow $\ValueCommit
 
 The $\spendStatements$ prove that all of $\vOld{\alln}$ are in $\ValueType$.
 Similarly the $\outputStatements$ prove that all of $\vNew{\allm}$ are in $\ValueType$.
-Also, $n \mult (2^{\ValueLength}-1)$ and $(m+1) \mult (2^{\ValueLength}-1)$ do not exceed $\SignedScalarLimitJ$.
-This is sufficient to conclude that $\ssum{i=1}{n} \vOld{i} - \ssum{j=1}{m} \vNew{j} - \vBalance$
-does not overflow $\ValueCommitType$.
+$\vBalance$ is encoded in the \transaction as a signed two's complement $64$-bit integer
+in the range $\range{-2^{63}}{2^{63}-1}$. $\ValueLength$ is defined as 64, so $\vSum$
+is in the range $\range{-m \mult (2^{64}-1) - 2^{63} + 1}{n \mult (2^{64}-1) + 2^{63}}$.
+The maximum \transaction size of $2$ MB limits $n$ to at most $\floor{\frac{2000000}{384}} = 5208$
+and $m$ to at most $\floor{\frac{2000000}{948}} = 2109$, ensuring
+$\vSum \in \range{-38913406623490299131842}{96079866507916199586728}$
+which is a subrange of $\ValueCommitType$.
 
 Thus checking the \bindingSignature ensures that the \transaction balances, without
 the individual values of the \spendDescriptions and \outputDescriptions being revealed.
@@ -9545,6 +9549,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
     \item Add a consensus rule that $\valueBalance$ is in the range $\range{-\MAXMONEY}{\MAXMONEY}$.
     \item Enforce stronger constraints on the types of key components $\DiversifiedTransmitPublic$,
           $\AuthSignPublic$, and $\AuthProvePublic$.
+    \item Correct the argument that $\vSum$ is in range in \crossref{saplingbalance}.
     \item Correct or improve the types of $\GroupJHash{}$, $\FindGroupJHash$, $\ExtractJ$, $\PRFexpand{}$,
           $\PRFock{}$, and $\CRHivk$.
     \item Instantiate $\PRFock{}$ using $\BlakeTwob{256}$.