Apply suggestions from code review

Co-authored-by: David Cook <dcook@divviup.org>

draft-irtf-cfrg-vdaf.md

@@ -3190,8 +3190,8 @@ For example, the simplest circuit specified in this document is the following
 C(x) = x * (x-1)
 ~~~
 
-This circuit contains one subtraction gate (`x -1`) and one multiplication
-gate (`x * (x -1)`). Observe that `C(x) = 0` if and only if `x in range(2)`.
+This circuit contains one subtraction gate (`x - 1`) and one multiplication
+gate (`x * (x - 1)`). Observe that `C(x) = 0` if and only if `x in range(2)`.
 
 Our goal is to allow each Aggregator, who holds a secret share of `x`, to
 correctly compute a secret share of `C(x)`. This allows the Aggregators to
@@ -3200,7 +3200,7 @@ determine validity by combining their shares of the output.
 Suppose for a moment that the validity circuit `C` is affine, meaning its only
 operations are addition, subtraction, and multiplication-by-constant. (The
 circuit above is non-affine because it contains a multiplication gate with
-non-constant inputs.) Then each Aggregator can compute its share locally, since
+two non-constant inputs.) Then each Aggregator can compute its share locally, since
 
 ~~~
 C(x_shares[0] + ... + x_shares[SHARES-1]) =
@@ -3209,7 +3209,7 @@ C(x_shares[0] + ... + x_shares[SHARES-1]) =
 
 (Note that, for this equality to hold, it is necessary to scale any addition of
 a constant in the circuit by `1/SHARES`.) However, this is not the case if `C`
-contains multiplication gates with non-constant inputs. Thus our goal is to
+contains multiplication gates with two non-constant inputs. Thus our goal is to
 transform these multiplication gates into computations on secret shared data
 that each Aggregator can perform locally.