diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index 9df77a3d..e597fb64 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -944,8 +944,8 @@ to $\AuthPublic$, as described in the previous section.
         defined in \crossref{abstractcomm}.
 \end{itemize}
 
-Let $\NoteType$ be the type of a \note, i.e.
-$\PRFOutput \times \range{0}{\MAXMONEY} \times \PRFOutput \times \bitseq{\NoteCommitRandLength}$.
+Let $\NoteType$ be the type of a \note, i.e. \changed{
+$\PRFOutput \times \range{0}{\MAXMONEY} \times \PRFOutput \times \bitseq{\NoteCommitRandLength}$}.
 
 Creation of new \notes is described in \crossref{send}. When \notes are sent,
 only a commitment (see \crossref{abstractcomm}) to the above values is disclosed
@@ -1453,11 +1453,11 @@ where
 
 The $\ephemeralKey$ and $\encCiphertexts$ fields together form the \notesCiphertext.
 
-The value $\hSig$ is also computed from $\RandomSeed$, $\nfOld{\allOld}$, and the
+The value $\hSig$ is also computed from \changed{$\RandomSeed$, $\nfOld{\allOld}$, and} the
 $\joinSplitPubKey$ of the containing \transaction:
 
 \begin{itemize}
-  \item[] $\hSig := \hSigCRH(\RandomSeed, \nfOld{\allOld}, \joinSplitPubKey)$.
+  \item[] $\hSig := \hSigCRH(\changed{\RandomSeed, \nfOld{\allOld},\,} \joinSplitPubKey)$.
 \end{itemize}
 
 $\hSigCRH$ is instantiated in \crossref{hsigcrh}.
@@ -1483,12 +1483,14 @@ a new $\JoinSplitSig$ key pair:
 For each \joinSplitDescription, the sender chooses $\RandomSeed$ uniformly at
 random on $\bitseq{\RandomSeedLength}$, and selects
 the input \notes. At this point there is sufficient information to compute $\hSig$,
-as described in the previous section. The sender also chooses $\NoteAddressPreRand$
-uniformly at random on $\bitseq{\NoteAddressPreRandLength}$.
+as described in the previous section. \changed{The sender also chooses $\NoteAddressPreRand$
+uniformly at random on $\bitseq{\NoteAddressPreRandLength}$.}
 Then it creates each output \note with index $i \typecolon \setofNew$ as follows:
 \begin{itemize}
   \item Choose $\NoteCommitRandNew{i}$ uniformly at random on $\bitseq{\NoteCommitRandLength}$.
+\changed{
   \item Compute $\NoteAddressRandNew{i} := \PRFrho{\NoteAddressPreRand}(i, \hSig)$.
+}
   \item Encrypt the \note to the recipient \transmissionKey $\TransmitPublicNew{i}$,
         as described in \crossref{inband}, giving the ciphertext component
         $\TransmitCiphertext{i}$.
@@ -1514,6 +1516,7 @@ The fields in a \joinSplitDescription allow for $\NOld$ input \notes, and
 $\NNew$ output \notes. In practice, we may wish to encode a \joinSplitTransfer
 with fewer input or output \notes. This is achieved using \dummyNotes.
 
+\changed{
 A \dummy input \note, with index $i$ in the \joinSplitDescription, is constructed
 as follows:
 \begin{itemize}
@@ -1527,6 +1530,7 @@ as follows:
         \auxiliaryInput to the \joinSplitStatement (this will not be checked).
   \item When generating the \joinSplitProof\!\!, set $\EnforceCommit{i}$ to 0.
 \end{itemize}
+}
 
 A \dummy output \note is constructed as normal but with zero value, and
 sent to a random \paymentAddress.
@@ -1692,9 +1696,11 @@ $\treepath{i}$ must be a valid \merklePath of depth $\MerkleDepth$, as defined i
 \textbf{Note:} Merkle path validity covers both conditions 1. (a) and 1. (d) of the NP statement
 given in \cite[section 4.2]{BCG+2014}.
 
+\changed{
 \subparagraph{Commitment Enforcement}
 
 for each $i \in \setofOld$, if $\vOld{i} \neq 0$ then $\EnforceCommit{i} = 1$.
+}
 
 \subparagraph{Balance}