diff --git a/sec-lattices.tex b/sec-lattices.tex
index 731eb7d..3100e2a 100644
--- a/sec-lattices.tex
+++ b/sec-lattices.tex
@@ -5,8 +5,8 @@
 During the last decade, lattice-based cryptography has emerged as a promising candidate for post-quantum cryptography. 
 For example, on the first round of the NIST post-quantum competition, there are 28 out of 82 submissions from lattice-based cryptography~\cite{NIS17}. Lattice-based cryptography takes advantage of a simple mathematical structure (the lattices) in order to provide beyond encryption and signature cryptography. For instance, fully homomorphic encryption~\cite{Gen09,GSW13} are only possible in the lattice-based world for now.
 
-In the context of provable security, lattice assumptions benefits from a worst-case to average-case reduction~\cite{Reg05,GPV08,MP12}
-have been extensively studied~\cite{ADRS15,HK17}
+In the context of provable security, lattice assumptions benefits from a worst-case to average-case reduction~\cite{Reg05,GPV08,MP12}.
+Worst-case lattice problems have been extensively studied in the last past years~\cite{ADRS15,HK17}.
 
 \subsection{Lattices and Hard Lattice Problems}
 \label{sse:lattice-problems}
@@ -107,7 +107,7 @@ given a sufficiently short basis of the lattice.
 \begin{lemma}[{\cite[Le.~2.3]{BLP+13}}]
 \label{le:GPV}
 There exists a $\PPT$ (probabilistic polynomial-time) algorithm $\GPVSample$ that takes as inputs a
-basis~$\mathbf{B}$ of a lattice~$L \subseteq \ZZ^n$ and a
+basis~$\mathbf{B}$ of a lattice~$\Lambda \subseteq \ZZ^n$ and a
 rational~$\sigma \geq  \|\widetilde{\mathbf{B}}\| \cdot \Omega(\sqrt{\log n})$,
 and outputs vectors~$\mathbf{b} \in L$ with distribution~$D_{L,\sigma}$.
 \end{lemma}
@@ -128,7 +128,7 @@ to~$U(\ZZ_q^{n \times m})$, and~$\|\widetilde{\mathbf{T}_{\mathbf{A}}}\| \leq
 \end{lemma}
 
 \noindent Lemma~\ref{le:TrapGen} is often combined with the sampler from Lemma~\ref{le:GPV}. Micciancio and Peikert~\cite{MP12} proposed a more efficient
-approach for this combined task, which should be preferred in practice but, for the sake of simplicity,
+approach for this combined task, which is to be be preferred in practice but, for the sake of simplicity,
 schemes are presented using~$\TrapGen$ in this thesis.
 
 We also make use of an algorithm that extends a trapdoor for~$\mathbf{A} \in \ZZ_q^{n \times m}$ to a trapdoor of any~$\mathbf{B} \in \ZZ_q^{n \times m'}$ whose left~$n \times m$