Add paper, more minor doc updates

Signed-off-by: Kamal Tufekcic <kamal@lo.sh>

Abstract.md

@@ -73,16 +73,16 @@ HybridSig combines Ed25519 (classical) and ML-DSA-65 (post-quantum). Key pairs
 satisfy pk = (pk_E, pk_P), sk = (sk_E, sk_P).
 
 **Sign(sk, m)** → σ = (σ_E ‖ σ_P): both components computed independently and
-concatenated. ML-DSA-65 uses hedged signing via `sign_internal` (FIPS 204 §5.2 /
-Algorithm 2); fresh randomness is mixed per signing operation for
+concatenated. ML-DSA-65 uses hedged signing via `sign_internal` (FIPS 204 §6.2 /
+Algorithm 7); fresh randomness is mixed per signing operation for
 fault-injection resistance. **FIPS 204 compatibility note**: The implementation
 calls `sign_internal` directly — the raw internal signing function with no
 context string or domain prefix. This is structurally incompatible with FIPS 204
-§6.2 (`ML-DSA.Sign`, which prepends a context-dependent domain separator before
-calling `sign_internal`). A FIPS 204 §6.2 verifier expecting the domain-prefixed
-message format will reject Soliton ML-DSA-65 signatures. A formal model or test
-vector suite must use the `sign_internal` / `verify_internal` interface, not the
-§6.2 external interface. For adversary models that include fault injection,
+§5.2 (`ML-DSA.Sign` / Algorithm 2, which prepends a context-dependent domain
+separator before calling `sign_internal`). A FIPS 204 §5.2 verifier expecting
+the domain-prefixed message format will reject Soliton ML-DSA-65 signatures. A
+formal model or test vector suite must use the `sign_internal` /
+`verify_internal` interface, not the §5.2 external interface. For adversary models that include fault injection,
 hedged signing provides resistance to differential fault analysis that
 deterministic signing does not. **RNG implication**: Every HybridSig.Sign
 invocation consumes randomness (from ML-DSA-65's hedged component). In the §8.2