Add paper, more minor doc updates

Signed-off-by: Kamal Tufekcic <kamal@lo.sh>

Abstract.md

@@ -73,16 +73,16 @@ HybridSig combines Ed25519 (classical) and ML-DSA-65 (post-quantum). Key pairs
 satisfy pk = (pk_E, pk_P), sk = (sk_E, sk_P).
 
 **Sign(sk, m)** → σ = (σ_E ‖ σ_P): both components computed independently and
-concatenated. ML-DSA-65 uses hedged signing via `sign_internal` (FIPS 204 §5.2 /
-Algorithm 2); fresh randomness is mixed per signing operation for
+concatenated. ML-DSA-65 uses hedged signing via `sign_internal` (FIPS 204 §6.2 /
+Algorithm 7); fresh randomness is mixed per signing operation for
 fault-injection resistance. **FIPS 204 compatibility note**: The implementation
 calls `sign_internal` directly — the raw internal signing function with no
 context string or domain prefix. This is structurally incompatible with FIPS 204
-§6.2 (`ML-DSA.Sign`, which prepends a context-dependent domain separator before
-calling `sign_internal`). A FIPS 204 §6.2 verifier expecting the domain-prefixed
-message format will reject Soliton ML-DSA-65 signatures. A formal model or test
-vector suite must use the `sign_internal` / `verify_internal` interface, not the
-§6.2 external interface. For adversary models that include fault injection,
+§5.2 (`ML-DSA.Sign` / Algorithm 2, which prepends a context-dependent domain
+separator before calling `sign_internal`). A FIPS 204 §5.2 verifier expecting
+the domain-prefixed message format will reject Soliton ML-DSA-65 signatures. A
+formal model or test vector suite must use the `sign_internal` /
+`verify_internal` interface, not the §5.2 external interface. For adversary models that include fault injection,
 hedged signing provides resistance to differential fault analysis that
 deterministic signing does not. **RNG implication**: Every HybridSig.Sign
 invocation consumes randomness (from ML-DSA-65's hedged component). In the §8.2

Cargo.toml

@@ -19,7 +19,7 @@ edition = "2024"
 rust-version = "1.85"
 license = "AGPL-3.0-only"
 repository = "https://git.lo.sh/lo/libsoliton"
-homepage = "https://lo.sh"
+homepage = "https://git.lo.sh/lo/libsoliton/wiki"
 authors = ["LO Contributors"]
 description = "Cryptographic library for the LO protocol"
 categories = ["cryptography"]

README.md

@@ -8,6 +8,7 @@ Pure-Rust post-quantum cryptographic library. Provides composite identity keys (
 
 | Document | Description |
 |----------|-------------|
+| [paper.tex](paper.tex) | Protocol paper — design, security analysis, formal verification, implementation |
 | [Abstract.md](Abstract.md) | Security analysis specification — adversary model, theorems, and verification targets for formal modeling |
 | [Specification.md](Specification.md) | Full cryptographic specification (v1) |
 | [CHEATSHEET.md](CHEATSHEET.md) | API quick reference with types, sizes, and signatures |

fuzz_overnight.sh

@@ -16,6 +16,7 @@ fi
 
 HOURS="${1:-8}"
 WORKERS="${2:-1}"
+# Change to 3600 for overnight runs, 1 is used for quick local runs
 SECONDS_TOTAL=$((HOURS * 1))
 
 CORE_DIR="soliton"

soliton/fuzz/Cargo.lock

@@ -435,7 +435,7 @@ dependencies = [
 
 [[package]]
 name = "libsoliton"
-version = "0.1.0"
+version = "0.1.1"
 dependencies = [
  "argon2",
  "chacha20poly1305",

soliton_capi/fuzz/Cargo.lock

@@ -435,7 +435,7 @@ dependencies = [
 
 [[package]]
 name = "libsoliton"
-version = "0.1.0"
+version = "0.1.1"
 dependencies = [
  "argon2",
  "chacha20poly1305",
@@ -473,7 +473,7 @@ dependencies = [
 
 [[package]]
 name = "libsoliton_capi"
-version = "0.1.0"
+version = "0.1.1"
 dependencies = [
  "libsoliton",
  "zeroize",