From 7cde004f8322ba2acb3b889db629d409eac98d37 Mon Sep 17 00:00:00 2001
From: Daira Hopwood <daira@jacaranda.org>
Date: Sun, 11 Mar 2018 14:00:00 +0000
Subject: [PATCH] Cosmetics.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
---
 protocol/protocol.tex | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index f4a290e3..1a7709e5 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -1149,9 +1149,9 @@ electronic commerce and payment, financial privacy, proof of work, zero knowledg
 \newcommand{\Curve}{E}
 \newcommand{\Zero}{\mathcal{O}}
 \newcommand{\Generator}{\mathcal{P}}
-\newcommand{\Selectu}{\scalebox{1.52}{$u$}}
+\newcommand{\Selectu}{\scalebox{1.53}{$u$}}
 \newcommand{\SelectuOf}[1]{\Selectu\!\left({#1}\right)\!}
-\newcommand{\Selectv}{\scalebox{1.52}{$\varv$}}
+\newcommand{\Selectv}{\scalebox{1.53}{$\varv$}}
 \newcommand{\SelectvOf}[1]{\Selectv\!\left({#1}\right)\!}
 
 \newcommand{\ParamP}[1]{{{#1}_\mathbb{P}}}
@@ -2406,8 +2406,8 @@ $\SigVerify{\vk}(m, s) = 1$.
   \item one called $\JoinSplitSig$ (instantiated in \crossref{concretejssig}),
         which is used to sign \transactions that contain at least one
         \joinSplitDescription\sprout{.}\notsprout{;}
-  \saplingonwarditem{one called $\SpendAuthSig$ (instantiated
-        in \crossref{concretespendauthsig}), which is used to sign authorizations of
+  \saplingonwarditem{one called $\SpendAuthSig$ (instantiated in
+        \crossref{concretespendauthsig}), which is used to sign authorizations of
         \spendDescriptions.}
 \end{itemize}
 
@@ -3124,7 +3124,7 @@ $(\Diversifier, \DiversifiedTransmitPublic)$, and then performs the following st
 
 \begin{enumerate}
   \item Check that $\DiversifiedTransmitPublic$ is a valid compressed representation of
-        an Edwards point on the $\JubjubCurve$ curve and this point is not of small order
+        an Edwards point on the \jubjubCurve and this point is not of small order
         (i.e. $\abstJOf{\DiversifiedTransmitPublic} \neq \bot$ and
         $\scalarmult{8}{\abstJOf{\DiversifiedTransmitPublic}} \neq \ZeroJ$).
 
@@ -4021,7 +4021,7 @@ the same effect as using that feature.
 
 $\PedersenHash$ is an algebraic hash function with collision resistance
 (for fixed input length) derived from assumed hardness of the
-Discrete Logarithm Problem on the $\JubjubCurve$ curve.
+Discrete Logarithm Problem on the \jubjubCurve.
 It is based on the work of David Chaum, Ivan Damgård, Jeroen van de Graaf,
 Jurjen Bos, George Purdy, Eugène van Heijst and Birgit Pfitzmann in
 \cite{CDG1987}, \cite{BCP1988} and \cite{CvHP1991},
@@ -4202,7 +4202,7 @@ Let $\powcount(g) := \Justthebox{\powcountbox}$.
 
 \vspace{2ex}
 \introlist
-% Blech. Dijkstra was right \cite{EWD831}.
+% Blech. Dijkstra was right \cite{EWD-831}.
 Let $\EquihashGen{n, k}(S, i) := T_\barerange{h+1}{h+n}$, where
 \begin{formulae}
   \item $m := \floor{\frac{512}{n}}$;
@@ -4619,7 +4619,7 @@ The encoding of a public key is as defined in \cite{BDLSY2012}.
 $\SpendAuthSig$ is specified in \crossref{abstractsig}.
 
 It is instantiated as EdJubjub, which is defined as $\EdDSA$ \cite{BJLSY2015} over the
-$\JubjubCurve$ curve which these additional constraints: \todo{...}
+\jubjubCurve which these additional constraints: \todo{...}
 
 \cite{FKMSSS2016}
 } %sapling
@@ -4673,7 +4673,7 @@ The leading byte of the $\SHAFull$ input is $\hexint{B0}$.
 
 We construct \quotedterm{windowed} \xPedersenCommitments by reusing the \xPedersenHash
 construction from \crossref{concretepedersenhash}, and adding a randomized point
-on the $\JubjubCurve$ curve (see \crossref{jubjub}):
+on the \jubjubCurve (see \crossref{jubjub}):
 
 \begin{formulae}
   \item $\WindowedPedersenCommit{r}(D, s) :=
@@ -5100,7 +5100,7 @@ Therefore, $-\varv \neq \varv$.
 Now suppose $(u, -\varv) = Q$ is a point in $G$. Then by applying the
 doubling formula we have $\scalarmult{2}{Q} = -\scalarmult{2}{P}$.
 But also $\scalarmult{2}{(-P)} = -\scalarmult{2}{P}$. Therefore either
-$Q = -P$ (then $\SelectvOf{Q} = \SelectvOf{-P}$; contradiction since
+$Q = -P$ (then $\SelectvOf{Q} = \SelectvOf{-P}$\,; contradiction since
 $-\varv \neq \varv$), or doubling is not injective on $G$ (contradiction
 since $G$ is of odd order \cite{KvE2013}).
 \end{proof}
@@ -5665,7 +5665,7 @@ For \incomingViewingKeys on the test network, the \humanReadablePart is \ascii{z
 A \Sapling \fullViewingKey consists of $\AuthSignPublic \typecolon \GroupJ$
 and $\AuthProvePublic \typecolon \GroupJ$.
 
-$\AuthSignPublic$ and $\AuthProvePublic$ are points on the $\JubjubCurve$ curve
+$\AuthSignPublic$ and $\AuthProvePublic$ are points on the \jubjubCurve
 (see \crossref{jubjub}). They are derived as described in \crossref{saplingkeycomponents}.
 
 \introlist
@@ -6017,12 +6017,12 @@ A value $\vpubOld$ that the \joinSplitTransfer removes from the \transparentValu
 $8$ & $\vpubNewField$ & \type{uint64\_t} & A value $\vpubNew$ that the \joinSplitTransfer inserts
 into the \transparentValuePool. \\ \hline
 
-$32$ & $\anchorField$ & \type{char[32]} & A merkle root $\rt$ of the \SproutOrNothing
-\noteCommitmentTree at some \blockHeight in the past, or the merkle root produced by a previous
+$32$ & $\anchorField$ & \type{char[32]} & A \merkleRoot $\rt$ of the \SproutOrNothing
+\noteCommitmentTree at some \blockHeight in the past, or the \merkleRoot produced by a previous
 \joinSplitTransfer in this \transaction. \\ \hline
 
 $64$ & $\nullifiersField$ & \type{char[32][$\NOld$]} & A sequence of \nullifiers of the input
-\notes $\nfOld{\allOld}$. \\ \hline
+\notes $\nfOld{\allOld}$. \\[0.4ex] \hline
 
 $64$ & $\commitments$ & \type{char[32][$\NNew$]} & A sequence of \noteCommitments for the
 output \notes $\cmNew{\allNew}$. \\ \hline
@@ -7067,7 +7067,7 @@ The motivations for this change were as follows:
         We believe that Curve25519 has significant side-channel resistance,
         performance, implementation complexity, and robustness advantages
         over most other available curve choices, as explained in \cite{Bern2006}.
-        \sapling{For \Sapling, the $\JubjubCurve$ curve was designed according to a
+        \sapling{For \Sapling, the \jubjubCurve was designed according to a
         similar design process following the ``Safe curves'' criteria
         \cite{BL-SafeCurves} \cite{GitHub-jubjub}.
         This retains Curve25519's advantages while keeping \paymentAddress sizes
@@ -7414,7 +7414,7 @@ Daira Hopwood, Sean Bowe, and Jack Grigg.
           ``roadblock'' attack.
 \sapling{
     \item Update some explanations of changes from \Zerocash for \Sapling.
-    \item Add a description of the $\JubjubCurve$ curve.
+    \item Add a description of the \jubjubCurve.
     \item Add an acknowledgement to George Tankersley.
     \item Add an appendix on the design of the \Sapling circuits at the
           \quadraticArithmeticProgram level.
@@ -8132,7 +8132,7 @@ has no solutions for $y$, hence $x + 1 \neq 0$.
 \end{proof}
 
 (The complete twisted Edwards curve referred to in the proof is an
-isomorphic $y$-coordinate rescaling of the $\JubjubCurve$ curve.)
+isomorphic $y$-coordinate rescaling of the \jubjubCurve.)
 
 
 \introsection