More clarifications to \theoremref{thmsinsemillacr}.

Co-authored-by: Taylor Hornby <taylor@electriccoin.co>
Signed-off-by: Daira Hopwood <daira@jacaranda.org>

protocol/protocol.tex

@@ -8651,7 +8651,7 @@ on this, given that $n$ is fixed. The restriction that scalars are nonzero appea
 been motivated by wanting to support variable-length messages and incremental hashing, which
 we do not.
 
-Now we consider $\SinsemillaHash$. We want to prove that, for a given $D$, if we can find two
+Now we consider $\SinsemillaHash$. We want to prove that, for a given $D$, if we can find two distinct
 messages $M$ and $M'$ such that $\ExtractPbot\big(\SinsemillaHashToPoint(D, M)\kern-0.1em\big) =
 \ExtractPbot\big(\SinsemillaHashToPoint(D, M')\kern-0.1em\big)$ then we can efficiently extract a discrete logarithm.
 So either $\SinsemillaHashToPoint(D, M) = \SinsemillaHashToPoint(D, M')$ (in which case use the original Pedersen
@@ -8664,8 +8664,8 @@ $\scalarmult{2^{n+1}}{\SinsemillaGenInit(D)} + \ssum{j=0}{{2^k}-1} \scalarmult{\
 \end{tabular}
 
 \vspace{0.5ex}
-Because the coefficients $\!\!\pmod{\ParamP{r}}$ are not all zero, this is a nontrivial discrete logarithm
-relation between independent bases.
+Because $2^{n+1} \leq \ParamP{r}-1$, the coefficients $\!\!\pmod{\ParamP{r}}$ are not all zero, and therefore
+this is a nontrivial discrete logarithm relation between independent bases.
 \end{proof}
 
 \vspace{-1.5ex}
@@ -14212,6 +14212,9 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
 
 \historyentry{2021.1.22}{2021-04-05}
 \begin{itemize}
+\nufive{
+    \item Further clarifications to \theoremref{thmsinsemillacr}.
+}
     \item Make sure that Change History entries are URL destinations.
 \end{itemize}