diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index 17186e9f..9b90faf2 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -5978,6 +5978,7 @@ $\MerkleNode{\MerkleDepth{}}{i}$ is in a tree with a given \merkleRoot $\rt{} =
 } %sapling
 
 
+\introsection
 \lsubsection{SIGHASH Transaction Hashing}{sighash}
 
 \Bitcoin and \Zcash use signatures and/or non-interactive proofs associated
@@ -6063,6 +6064,7 @@ undefined bits of a \sighashType encoding were ignored.)}
 } %nufive
 
 
+\introsection
 \lsubsection{Non-malleability (\SproutText)}{sproutnonmalleability}
 
 Let $\dataToBeSigned$ be the hash of the \transaction{}, not associated with an input,
@@ -14108,6 +14110,7 @@ A side benefit is that this reduces the cost of computing the
 evaluations needed to compute each \noteCommitment from three to two,
 saving a total of four \shaCompress evaluations in the \joinSplitStatement.
 
+\vspace{-1ex}
 \sproutspecificpnote{
 The full \shaHash algorithm is used for $\NoteCommitAlg{Sprout}$, with randomness
 appended after the commitment input. The commitment input can be split into two
@@ -14128,6 +14131,7 @@ about the Merkle--Damgård structure \cite{Damgard1989} of \shaHash causing any
 security problem for $\NoteCommitAlg{Sprout}$.
 } %sproutspecificpnote
 
+\vspace{-1ex}
 \sproutspecificpnote{
 \Sprout \noteCommitments are not statistically \hiding, so for \Sprout notes,
 \Zcash does not support the ``everlasting anonymity'' property described in
@@ -14136,8 +14140,9 @@ While it is possible to define a statistically \hiding, computationally \binding
 \commitmentScheme for this use at a 128-bit security level, the overhead of
 doing so within the \joinSplitStatement was not considered to justify the
 benefits.
-}
+} %sproutspecificpnote
 
+\vspace{1ex}
 \saplingonward{
 In \Sapling, \xPedersenOrSinsemillaCommitments are used instead of \shaCompress.
 These commitments are statistically \hiding, and so ``everlasting anonymity''
@@ -14145,7 +14150,7 @@ is supported for \SaplingAndOrchard notes under the same conditions as in \Zeroc
 (by the protocol, not necessarily by \zcashd). Note that
 \diversifiedPaymentAddresses can be linked if the \xDecisionalDiffieHellmanProblem
 on the \jubjubCurve\nufive{ or the \pallasCurve} can be broken.
-}
+} %saplingonward
 
 \lsubsection{Changes to PRF inputs and truncation}{truncation}