Apply suggestions from code review

Co-authored-by: David Cook <[email protected]>

draft-irtf-cfrg-vdaf.md

@@ -2374,7 +2374,7 @@ structure:
 Clients protect the privacy of their measurements by secret sharing them and
 distributing the shares among the Aggregators. To ensure each measurement is
 valid, the Aggregators run a multi-party computation on their shares, the
-result of which is the output of the arithmetic circuit. This involve
+result of which is the output of the arithmetic circuit. This involves
 verification of a "Fully Linear Proof (FLP)" ({{flp}}) generated by the Client.
 FLPs are the core component of Prio3, as they specify the types of
 measurements, how the are encoded, and how they are aggregated. In fact Prio3
@@ -2546,7 +2546,7 @@ For some FLPs, the encoded measurement also includes redundant field elements
 that are useful for checking the proof, but which are not needed after the
 proof has been checked. An example is the `Sum` type defined in {{prio3sum}}
 for which each measurement is an integer in range `[0, max_measurement]`. The
-range check requires encoding the measurement with a several field elements,
+range check requires encoding the measurement with several field elements,
 though just one is needed for aggregation. Thus the FLP defines an algorithm
 for truncating the encoded measurement to the length of the aggregated output:
 
@@ -2584,9 +2584,9 @@ generating and verifying more proofs requires more time.) Given these benefits,
 this feature is implemented by Prio3 ({{prio3}}).
 
 To generate these proofs for a specific measurement, the prover calls
-`flp.prove()` multiple times, each time using an fresh prover and joint
+`flp.prove()` multiple times, each time using fresh prover and joint
 randomness. The verifier checks each proof independently, each time with fresh
-query randomness. It accepts the measurement only if all the decision algorithm
+query randomness. It accepts the measurement only if the decision algorithm
 accepts on each proof.
 
 See {{security-multiproof}} for guidance on choosing the field size and number
@@ -2702,8 +2702,8 @@ The following method is used for FLPs that do not require joint randomness,
 i.e., when `flp.JOINT_RAND_LEN == 0`. It consists of the following steps:
 
 1. Shard the encoded measurement into shares
-1. Generate and shard each proof into shares
-1. Encode each measurement and shares of each proof into an input share
+1. Generate proofs and and shard each into shares
+1. Encode each measurement share and shares of each proof into an input share
 
 Only one pair of measurement and proof(s) share (called the "Leader" shares
 above) are vectors of field elements. The other shares (called the "Helper"
@@ -3487,7 +3487,7 @@ has the following interface:
   gadget `Mul(x,y) = x*y` has arity of 2.
 
 * `DEGREE: int` is the arithmetic degree of the gadget circuit. This is defined
-  to be the degree of the polynomial that computes it. This circuit exists
+  to be the degree of the polynomial that computes it. This exists
   because the circuit is arithmetic. For example, `Mul` has degree 2.
 
 * `gadget.eval(field: type[F], inp: list[F]) -> F` evaluates the gadget over