try explaining better the computation of n'

paper/2.2-X25519.tex

@@ -11,13 +11,14 @@ The core of the X25519 key-exchange protocol is a scalar\hyp{}multiplication
 function, which we will also refer to as X25519.
 This function receives as input two arrays of $32$ bytes each.
 One of them is interpreted as the little-endian encoding of a
-non-negative integer $n$ (see \ref{subsec:integer-bytes}).
+non-negative 256-bit integer $n$ (see \ref{subsec:integer-bytes}).
 The other is interpreted as the little-endian encoding of
 the \xcoord $x_P \in \F{p}$ of a point in $E(\F{p^2})$,
 using the standard mapping of integers modulo $p$ to elements in $\F{p}$.
 
-The X25519 function first computes a scalar $n'$ by setting bit 255 of $n$
-to \texttt{0}, setting bit 254 to \texttt{1}, and setting the lower 3 bits to \texttt{0}.
+The X25519 function first computes a scalar $n'$ from $n$ by setting
+bits at position 0, 1, 2 and 255 to \texttt{0}; and to \texttt{1} bit at
+position 254.
 This operation is often called ``clamping'' of the scalar $n$.
 Note that $n' \in 2^{254} + 8\{0,1,\ldots,2^{251}-1\}$.
 X25519 then computes the \xcoord of $n'\cdot P$.