diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index 40055da0..d5227fd8 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -1113,7 +1113,7 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\TransmitCiphertext}[1]{\Ctext^\enc_{#1}}
 \newcommand{\TransmitKey}[1]{\Key^\enc_{#1}}
 \newcommand{\OutCiphertext}{\Ctext^\mathsf{out}}
-\newcommand{\Extractor}[1]{\mathcal{E}_{#1}}
+\newcommand{\Extractor}[1]{\mathcal{E}_{\kern-0.05em{#1}}}
 \newcommand{\Adversary}{\mathcal{A}}
 \newcommand{\Oracle}{\mathsf{O}}
 \newcommand{\CryptoBoxSeal}{\mathsf{crypto\_box\_seal}}
@@ -6724,7 +6724,7 @@ Define $\RedDSAVerify{} \typecolon (\vk \typecolon \RedDSAPublic) \times (M \typ
         let $\RedDSAReprS{}$ be the remaining $\ceiling{\bitlength(\ParamG{r})/8}$ bytes.
   \item Let $\RedDSASigR{} = \abstG{}\big(\LEOStoBSP{\ellG{}}(\RedDSAReprR{})\kern-0.15em\big)$, and
         let $\RedDSASigS{} = \LEOStoIP{8 \mult \length(\RedDSAReprS{})}(\RedDSAReprS{})$.
-  \item Let $\vkBytes{} = \LEBStoOSPOf{\ellG{}}{\reprG{}\Of{\vk}}$.
+  \item Let $\vkBytes{} = \LEBStoOSPOf{\ellG{}}{\reprG{}\Of{\vk}\kern 0.03em}$.
         \vspace{-0.5ex}
   \item Let $\RedDSASigc{} = \RedDSAHashToScalar(\RedDSAReprR{} \bconcat \vkBytes{} \bconcat M)$.
         \vspace{0.5ex}
@@ -9779,9 +9779,9 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
     \item Correct some uses of $\ParamJ{r}$ that should have been $\ParamS{r}$ or $q$.
     \item Correct uses of $\LEOStoIP{\ell}$ in $\RedDSAVerify{}$ and $\RedDSABatchVerify{}$
           to ensure that $\ell$ is a multiple of $8$ as required.
-    \item Minor changes to avoid clashing notation, affecting extractors
-          $\Extractor{\Adversary}$, Edwards curves $\Edwards{a,d}$, and Montgomery curves
-          $\Montgomery{A,B}$.
+    \item Minor changes to avoid clashing notation for
+          Edwards curves $\Edwards{a,d}$, Montgomery curves $\Montgomery{A,B}$, and
+          extractors $\Extractor{\Adversary}$.
 } %sapling
 \end{itemize}
 
@@ -9793,7 +9793,7 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
     \item No changes to \Sprout.
 \sapling{
     \item Give an informal security argument for Unlinkability of \diversifiedPaymentAddresses
-          based on to reduction to \keyPrivacy of ElGamal encryption, for which a security proof
+          based on reduction to \keyPrivacy of ElGamal encryption, for which a security proof
           is given in \cite{BBDP2001}. (This argument has gaps which will be addressed in a future
           version.)
     \item Add a reference to \cite{BGM2018} for the \Sapling \zkSNARK parameters.
@@ -11316,7 +11316,7 @@ implement the affine-Montgomery addition $P_1 + P_2 = (x_3, y_3)$ for all such $
 
 \begin{proof}
 The given constraints are equivalent to the Montgomery addition formulae
-under the side condition $x_1 \neq x_2$. (Note that neither $P_i$ can be
+under the side condition that $x_1 \neq x_2$. (Note that neither $P_i$ can be
 the zero point since $k_\barerange{1}{2} \neq 0 \pmod s$.)
 Assume for a contradiction that $x_1 = x_2$. For any
 $P_1 = \scalarmult{k_1}{Q}$, there can be only one other point $-P_1$ with
@@ -11993,7 +11993,7 @@ Check & Implements & \heading{Cost} & Reference \\
       & \textbf{Diversified address integrity}                       & 392   & \shortcrossref{ccteddecompressvalidate} \\ \hline
   $\AuthProvePublicRepr = \reprJ(\AuthProvePublic)$
       & \textbf{Nullifier integrity}                                 & 392   & \shortcrossref{ccteddecompressvalidate} \\ \hline
-  $\InViewingKeyRepr = \ItoLEBSP{251}\big(\CRHivk(\AuthSignPublic, \AuthProvePublic)\big)\;\dagger$
+  $\InViewingKeyRepr = \ItoLEBSP{251}\big(\CRHivk(\AuthSignPublic, \AuthProvePublic)\kern-0.08em\big)\;\dagger$
       & \textbf{Diversified address integrity}                       & 21262 & \shortcrossref{cctblake2s} \\ \hline
   $\DiversifiedTransmitBase$ is on the curve
       & $\DiversifiedTransmitBase \typecolon \GroupJ$                & 4     & \shortcrossref{cctedvalidate} \\ \hline
@@ -12014,7 +12014,7 @@ Check & Implements & \heading{Cost} & Reference \\
       & \textbf{Note commitment integrity}                           & ?     & \shortcrossref{cctwindowedcommit} ($\ell = 576$) \\ \hline
   $\cmURepr = \ExtractJ(\cm)$
       & \textbf{Merkle path validity}                                & 0     & \\ \cline{1-1}\cline{3-4}
-  $\rt'$ is the root of a Merkle tree with leaf $\cmU$ and authentication path $(\TreePath{}, \NotePositionRepr)$
+  \raggedright $\rt'$ is the root of a Merkle tree with leaf $\cmU$, and authentication path $(\TreePath{}, \NotePositionRepr)$
       &                                                              & 32 \mult 1369 & \shortcrossref{cctmerklepath} \\ \cline{1-1}\cline{3-4}
   $\NotePositionRepr = \ItoLEBSPOf{\MerkleDepthSapling}{\NotePosition}$
       &                                                              & 1     & \shortcrossref{cctmodpack} \\ \cline{1-1}\cline{3-4}