From 95193a22dff923600f8181a4a4129819d5f44163 Mon Sep 17 00:00:00 2001
From: Daira Hopwood <daira@jacaranda.org>
Date: Fri, 20 Apr 2018 04:09:15 +0100
Subject: [PATCH] Cosmetics.

Signed-off-by: Daira Hopwood <daira@jacaranda.org>
---
 protocol/protocol.tex | 20 +++++++++-----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index 7df1385d..68461259 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -87,7 +87,7 @@
 \renewcommand{\@pnumwidth}{2em}
 \makeatother
 
-\newcommand{\pagenumfont}{\fontfamily{pnc}\selectfont\rule[-.2\baselineskip]{0pt}{1.3\baselineskip}}
+\newcommand{\pagenumfont}{\fontfamily{pnc}\selectfont\rule[-.2\baselineskip]{0pt}{1.34\baselineskip}}
 \renewcommand{\cftsecpagefont}{\pagenumfont}
 \renewcommand{\cftsubsecpagefont}{\pagenumfont}
 \renewcommand{\cftsubsubsecpagefont}{\pagenumfont}
@@ -7563,8 +7563,8 @@ A $\KASproutCurve$ public key $\EphemeralPublic$. \\ \hline
 A $256$-bit seed that must be chosen independently at random for each \joinSplitDescription. \\ \hline
 
 $64$ & $\vmacs$ & \type{char[32][$\NOld$]} & A sequence of message authentication tags
-$\h{\allOld}$ that bind $\hSig$ to each $\AuthPrivate$ of the
-$\joinSplitDescription$. \\ \hline
+$\h{\allOld}$ binding $\hSig$ to each $\AuthPrivate$ of the $\joinSplitDescription$,
+computed as described in \crossref{sproutnonmalleability}. \\ \hline
 
 $296\notsprout{\;\dagger}$ & $\zkproof$ & \type{char[296]} & An encoding of the \zeroKnowledgeProof
 $\ProofJoinSplit$ (see \crossref{phgr}). \\ \hline
@@ -7580,8 +7580,6 @@ components for the encrypted output \notes, $\TransmitCiphertext{\allNew}$. \\ \
 \end{tabularx}
 \end{center}
 
-The $\vmacs$ field encodes $\h{\allOld}$ which are computed as described in
-\crossref{nonmalleability}.
 \notsprout{
 $\dagger$ PHGR13 proofs are used when the \transaction version is $2$ or $3$, i.e.\ before
 \Sapling activation.
@@ -7829,10 +7827,10 @@ such that $n$ is a multiple of $k+1$. We assume $k \geq 3$.
 The Equihash parameters for the production and test networks are $n = 200, k = 9$.
 
 The Generalized Birthday Problem is defined as follows: given a sequence
-$X_\barerange{1}{\mathrm{N}}$ of $n$-bit strings, find $2^k$ distinct $X_{i_j}$ such that
+$X_\barerange{1}{\rmN}$ of $n$-bit strings, find $2^k$ distinct $X_{i_j}$ such that
 $\sxor{j=1}{2^k} X_{i_j} = 0$.
 
-In Equihash, $\mathrm{N} = 2^{\frac{n}{k+1}+1}$, and the sequence $X_\barerange{1}{\mathrm{N}}$ is
+In Equihash, $\rmN = 2^{\frac{n}{k+1}+1}$, and the sequence $X_\barerange{1}{\rmN}$ is
 derived from the \blockHeader and a nonce.
 
 \newsavebox{\powheaderbox}
@@ -8393,7 +8391,7 @@ obtain \emph{more} funds than they have minted or received via
 payments. It does not prevent an adversary from causing others'
 funds to decrease. In a Faerie Gold attack, an adversary can cause
 spending of a \note to reduce (to zero) the effective value of another
-\note for which the attacker does not know the \spendingKey, which
+\note for which the adversary does not know the \spendingKey, which
 violates an intuitive conception of global balance.
 \end{itemize}
 
@@ -8460,12 +8458,12 @@ perform the attack by creating a zero-valued \note with a repeated
 
 \sproutspecific{
 \xNullifier{} integrity also prevents a ``roadblock attack'' in which the
-attacker sees a victim's \transaction, and is able to publish another
+adversary sees a victim's \transaction, and is able to publish another
 \transaction that is mined first and blocks the victim's \transaction.
 This attack would be possible if the public value(s) used to
 enforce uniqueness of $\NoteAddressRand$ could be chosen arbitrarily
 by the \transaction creator: the victim's \transaction, rather than
-the attacker's, would be considered to be repeating these values.
+the adversary's, would be considered to be repeating these values.
 In the chosen solution that uses \nullifiers for these public values,
 they are enforced to be dependent on \spendingKeys controlled by the
 original \transaction creator (whether or not each input note is a
@@ -8858,9 +8856,9 @@ Daira Hopwood, Sean Bowe, and Jack Grigg.
     \item Specify $\RedDSA$ and $\RedJubjub$.
     \item Specify \bindingSignatures and \spendAuthSignatures.
     \item Specify the randomness beacon.
+    \item Add output ciphertexts and $\OutCipherKey$.
     \item Correct an error in the $y$-coordinate formula for addition
           in \crossref{cctmontarithmetic} (the constraints were correct).
-    \item Add output ciphertexts and $\OutCipherKey$.
 } %sapling
     \item \texttt{Makefile} improvements.
 \end{itemize}