diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index 0432635a..32c0f7f8 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -4993,15 +4993,17 @@ if this happens, discard the key and repeat with a different $\SpendingKey$.
 \introsection
 \lsubsubsection{\OrchardText{} Key Components}{orchardkeycomponents}
 
+\vspace{-1ex}
 Let $\PRFOutputLengthExpand$, $\SpendingKeyLength$, $\OutViewingKeyLength$, $\DiversifierLength$,
 and $\DiversifierKeyLength$ be as defined in \crossref{constants}.
 
 Let $\GroupP$, $\reprP$, $\ellP$, $\ParamP{q}$, and $\ParamP{r}$ be as defined in
 \crossref{pallasandvesta}.
 
+\vspace{-0.25ex}
 Let $\ExtractP$ be as defined in \crossref{concreteextractorpallas}.
 
-\vspace{-0.25ex}
+\vspace{-0.35ex}
 Let $\GroupPHash$ be as defined in \crossref{concretegrouphashpallasandvesta}.
 
 \vspace{-0.25ex}
@@ -5014,11 +5016,11 @@ Let $\DeriveInternalFVKOrchard$ be as defined in \cite[Orchard internal key deri
 Let $\PRPd{} \typecolon \DiversifierKeyType \times \DiversifierType \rightarrow \DiversifierType$
 be as defined in \crossref{concreteprps}.
 
-\vspace{-0.25ex}
+\vspace{-0.35ex}
 Let $\KA{Orchard}$, instantiated in \crossref{concreteorchardkeyagreement},
 be a \keyAgreementScheme.
 
-\vspace{-0.25ex}
+\vspace{-0.35ex}
 Let $\CommitIvk{}$, instantiated in \crossref{concretesinsemillacommit},
 be a \commitmentScheme.
 
@@ -5029,13 +5031,13 @@ Let $\DiversifyHash{Orchard}$ be as defined in \crossref{concretediversifyhash}.
 Let $\SpendAuthSig{Orchard}$ instantiated in \crossref{concretespendauthsig}
 be a \rerandomizableSignatureScheme.
 
+\vspace{-0.25ex}
 Let $\ItoLEBSP{}$, $\ItoLEOSP{}$, and $\LEOStoIP{}$ be as defined in \crossref{endian}.
 
 \vspace{0.5ex}
-\introlist
 Define $\ToBase{Orchard}(x \typecolon \PRFOutputExpand) := \LEOStoIPOf{\PRFOutputLengthExpand}{x} \pmod{\ParamP{q}}$.
 
-\vspace{-0.25ex}
+\vspace{-1.5ex}
 Define $\ToScalar{Orchard}(x \typecolon \PRFOutputExpand) := \LEOStoIPOf{\PRFOutputLengthExpand}{x} \pmod{\ParamP{r}}$.
 
 \introlist
@@ -5053,27 +5055,27 @@ the \outgoingViewingKey $\OutViewingKey \typecolon \OutViewingKeyType$, and corr
 
 \begin{algorithm}
   \item let mutable $\AuthSignPrivate \leftarrow \ToScalar{Orchard}\big(\PRFexpand{\SpendingKey}([6])\kern-0.1em\big)$
-        \vspace{-0.2ex}
+        \vspace{-0.4ex}
   \item let $\NullifierKey = \ToBase{Orchard}\big(\PRFexpand{\SpendingKey}([7])\kern-0.1em\big)$
-        \vspace{-0.2ex}
+        \vspace{-0.4ex}
   \item let $\CommitIvkRand = \ToScalar{Orchard}\big(\PRFexpand{\SpendingKey}([8])\kern-0.1em\big)$
-        \vspace{-0.2ex}
+        \vspace{-0.3ex}
   \item if $\AuthSignPrivate = 0$, discard this key and repeat with a new $\SpendingKey$.
-        \vspace{-0.2ex}
+        \vspace{-0.3ex}
   \item let $\AuthSignPublicPoint = \SpendAuthSigDerivePublic{Orchard}(\AuthSignPrivate)$
-        \vspace{-0.2ex}
+        \vspace{-0.3ex}
   \item if the last bit (that is, the $\tilde{y}$ bit) of $\reprP(\AuthSignPublicPoint)$ is $1$:
-        \vspace{-0.2ex}
+        \vspace{-0.4ex}
   \item \tab set $\AuthSignPrivate \leftarrow -\AuthSignPrivate$
-  \item \blank
+        \vspace{0.2ex}
   \item let $\AuthSignPublic = \ExtractP(\AuthSignPublicPoint)$
-        \vspace{-0.2ex}
+        \vspace{-0.4ex}
   \item let $\InViewingKey = \CommitIvk{\CommitIvkRand}\big(\AuthSignPublic, \NullifierKey\big)$
-        \vspace{-0.2ex}
+        \vspace{-0.3ex}
   \item if $\InViewingKey \in \setof{0, \bot}$, discard this key and repeat with a new $\SpendingKey$.
         \vspace{-0.2ex}
   \item let $K = \ItoLEBSPOf{\SpendingKeyLength}{\CommitIvkRand}$
-        \vspace{-0.2ex}
+        \vspace{-0.5ex}
   \item let $R = \PRFexpand{K}\big([\hexint{82}] \bconcat \ItoLEOSPOf{256}{\AuthSignPublic} \bconcat \ItoLEOSPOf{256}{\NullifierKey}\kern-0.25em\big)$
         \vspace{-0.2ex}
   \item let $\DiversifierKey$ be the first $\DiversifierKeyLength/8$ bytes of $R$ and
@@ -12036,9 +12038,10 @@ instead use a \unifiedPaymentAddress as defined in \cite{ZIP-316}.
 \vspace{-1ex}
 \lsubsubsubsection{\OrchardText{} Raw Incoming Viewing Keys}{orchardinviewingkeyencoding}
 
-\vspace{-2ex}
+\vspace{-2.5ex}
 Let $\KA{Orchard}$ be as defined in \crossref{concreteorchardkeyagreement}.
 
+\vspace{-0.5ex}
 An \Orchard{} \defining{\incomingViewingKey} consists of a \diversifierKey $\DiversifierKey$,
 and a $\KAPrivate{Orchard}$ key $\InViewingKey$ restricted to the range $\InViewingKeyTypeOrchard$.
 It is derived as described in \crossref{orchardkeycomponents}, and is used with the
@@ -12049,7 +12052,6 @@ Let $\ItoLEOSP{}$ be as defined in \crossref{endian}.
 \introlist
 \vspace{0.5ex}
 The \rawEncoding of an \Orchard \incomingViewingKey consists of:
-\vspace{0.5ex}
 \begin{equation*}
 \begin{bytefield}[bitwidth=0.07em]{256}
     \sbitbox{256}{$\DiversifierKey$}
@@ -12057,12 +12059,13 @@ The \rawEncoding of an \Orchard \incomingViewingKey consists of:
 \end{bytefield}
 \end{equation*}
 
-\vspace{-1.5ex}
+\vspace{-2.5ex}
 \begin{itemize}
   \item $32$ bytes specifying $\DiversifierKey$.
   \item $32$ bytes (little-endian) specifying $\InViewingKey$.
 \end{itemize}
 
+\vspace{-1.5ex}
 $\InViewingKey$ \MUST be in the range $\InViewingKeyTypeOrchard$ as specified
 in \crossref{orchardkeycomponents}. That is, a decoded \incomingViewingKey \MUST be
 considered invalid if $\InViewingKey$ is not in this range.
@@ -12076,9 +12079,10 @@ instead use a \unifiedIncomingViewingKey as defined in \cite{ZIP-316}.
 \vspace{-1ex}
 \lsubsubsubsection{\OrchardText{} Raw Full Viewing Keys}{orchardfullviewingkeyencoding}
 
-\vspace{-2ex}
+\vspace{-2.5ex}
 Let $\KA{Orchard}$ be as defined in \crossref{concreteorchardkeyagreement}.
 
+\vspace{-0.5ex}
 Let $\ExtractP$ be as defined in \crossref{concreteextractorpallas}.
 
 An \Orchard{} \defining{\fullViewingKey} consists of $\AuthSignPublic \typecolon \AuthSignPublicTypeOrchard$,
@@ -12095,7 +12099,6 @@ Let $\ItoLEOSP{}$ be as defined in \crossref{endian}.
 \introlist
 \vspace{0.5ex}
 The \rawEncoding of an \Orchard \fullViewingKey consists of:
-\vspace{0.5ex}
 \begin{equation*}
 \begin{bytefield}[bitwidth=0.05em]{512}
     \sbitbox{256}{$\ItoLEOSPOf{256}{\AuthSignPublic}$}
@@ -12104,7 +12107,7 @@ The \rawEncoding of an \Orchard \fullViewingKey consists of:
 \end{bytefield}
 \end{equation*}
 
-\vspace{-1.5ex}
+\vspace{-2.5ex}
 \begin{itemize}
   \item $32$ bytes (little-endian) specifying $\AuthSignPublic$.
   \item $32$ bytes (little-endian) specifying $\NullifierKey$.
@@ -12112,7 +12115,7 @@ The \rawEncoding of an \Orchard \fullViewingKey consists of:
 \end{itemize}
 
 \introlist
-\vspace{-1ex}
+\vspace{-1.5ex}
 When decoding this representation, the key \MUST be considered invalid if $\AuthSignPublic$,
 $\NullifierKey$, or $\CommitIvkRand$ are not canonically encoded elements of their respective
 fields, or if $\AuthSignPublic$ is not a valid \Pallas $x$-coordinate, or if either the
@@ -18561,6 +18564,7 @@ The performance benefits of this approach are the same as for \crossref{reddsaba
 \phantompart{Index}{index}
 
 \begin{flushleft}
+\vfuzz=14pt
 \printindex
 \end{flushleft}