Add paper, more minor doc updates

Signed-off-by: Kamal Tufekcic <kamal@lo.sh>

Abstract.md

@@ -73,16 +73,16 @@ HybridSig combines Ed25519 (classical) and ML-DSA-65 (post-quantum). Key pairs
 satisfy pk = (pk_E, pk_P), sk = (sk_E, sk_P).
 
 **Sign(sk, m)** → σ = (σ_E ‖ σ_P): both components computed independently and
-concatenated. ML-DSA-65 uses hedged signing via `sign_internal` (FIPS 204 §5.2 /
-Algorithm 2); fresh randomness is mixed per signing operation for
+concatenated. ML-DSA-65 uses hedged signing via `sign_internal` (FIPS 204 §6.2 /
+Algorithm 7); fresh randomness is mixed per signing operation for
 fault-injection resistance. **FIPS 204 compatibility note**: The implementation
 calls `sign_internal` directly — the raw internal signing function with no
 context string or domain prefix. This is structurally incompatible with FIPS 204
-§6.2 (`ML-DSA.Sign`, which prepends a context-dependent domain separator before
-calling `sign_internal`). A FIPS 204 §6.2 verifier expecting the domain-prefixed
-message format will reject Soliton ML-DSA-65 signatures. A formal model or test
-vector suite must use the `sign_internal` / `verify_internal` interface, not the
-§6.2 external interface. For adversary models that include fault injection,
+§5.2 (`ML-DSA.Sign` / Algorithm 2, which prepends a context-dependent domain
+separator before calling `sign_internal`). A FIPS 204 §5.2 verifier expecting
+the domain-prefixed message format will reject Soliton ML-DSA-65 signatures. A
+formal model or test vector suite must use the `sign_internal` /
+`verify_internal` interface, not the §5.2 external interface. For adversary models that include fault injection,
 hedged signing provides resistance to differential fault analysis that
 deterministic signing does not. **RNG implication**: Every HybridSig.Sign
 invocation consumes randomness (from ML-DSA-65's hedged component). In the §8.2

Cargo.toml

@@ -19,7 +19,7 @@ edition = "2024"
 rust-version = "1.85"
 license = "AGPL-3.0-only"
 repository = "https://git.lo.sh/lo/libsoliton"
-homepage = "https://lo.sh"
+homepage = "https://git.lo.sh/lo/libsoliton/wiki"
 authors = ["LO Contributors"]
 description = "Cryptographic library for the LO protocol"
 categories = ["cryptography"]

README.md

@@ -8,6 +8,7 @@ Pure-Rust post-quantum cryptographic library. Provides composite identity keys (
 
 | Document | Description |
 |----------|-------------|
+| [paper.tex](paper.tex) | Protocol paper — design, security analysis, formal verification, implementation |
 | [Abstract.md](Abstract.md) | Security analysis specification — adversary model, theorems, and verification targets for formal modeling |
 | [Specification.md](Specification.md) | Full cryptographic specification (v1) |
 | [CHEATSHEET.md](CHEATSHEET.md) | API quick reference with types, sizes, and signatures |

fuzz_overnight.sh

@@ -16,6 +16,7 @@ fi
 
 HOURS="${1:-8}"
 WORKERS="${2:-1}"
+# Change to 3600 for overnight runs, 1 is used for quick local runs
 SECONDS_TOTAL=$((HOURS * 1))
 
 CORE_DIR="soliton"

soliton/fuzz/Cargo.lock

@@ -435,7 +435,7 @@ dependencies = [
 
 [[package]]
 name = "libsoliton"
-version = "0.1.0"
+version = "0.1.1"
 dependencies = [
  "argon2",
  "chacha20poly1305",

soliton/fuzz/corpus/fuzz_decrypt_first_message/valid_first_msg

@@ -1 +1 @@
-d怹°–¹@©Âº@eæTRV’§‡	|ç¿ZA
ÙI/˜j‘A\ñ –;­ð Ÿ
+x<EFBFBD>e)S<13><><EFBFBD><EFBFBD> <EFBFBD>^<14>ب8ٍ<38>v­/ع<>7+ق<><D982>N<EFBFBD><4E><EFBFBD>الحEf<45><66>OJx<4A>}ث6G9G

soliton/fuzz/corpus/fuzz_dm_queue_decrypt_blob/0792446e9e4e302ef86828be9e266fc1b4de4407

@@ -0,0 +1 @@
+A<EFBFBD> 

soliton/fuzz/corpus/fuzz_dm_queue_decrypt_blob/8ce24fc0ea8e685eb23bf6346713ad9fef920425

@@ -0,0 +1 @@
+<EFBFBD>

soliton/fuzz/corpus/fuzz_dm_queue_decrypt_blob/d081c37090c6c163e1ed6b7f27c34d61f5437606

@@ -0,0 +1 @@
+ﾇA

soliton/fuzz/corpus/fuzz_dm_queue_decrypt_blob/truncated

@@ -1 +1 @@
-

ﾌ　q<>vU<76>|J<P
+

n[¦t'ÚÞ·>T…

soliton/fuzz/corpus/fuzz_dm_queue_decrypt_blob/valid_compressed

@@ -1 +1 @@
-

虂@q<>vU暾|J<P遲脮薼濨鷈H眛<04>1<EFBFBD>:┝诘佘-=<3D>輈B测镟=賞袗熉 胒願>2<>枤
+

n[¦t'Ϊή·>T…<1E>ΌR297l8HIΐ)ϋUZG–nάB±νΑ*¶Σhι¬ ®K<C2AE>b(Δ	δt<11>=P_$4:γ‘g²u

soliton/fuzz/corpus/fuzz_ed25519_verify/bad_sig_bit

@@ -1,2 +1,2 @@
-ánDÆky	=ø¢ƒí
“K/Ë8l8Žâ<C5BD>™ÃÌNýNówû‡ìo…’Ÿôa"e!?_Ö
-^&Mï„]Uâ7÷c~<V'ìhNà6i:¤‚¹-,t¢Wá¹	fuzz corpus msg
+Ä<EFBFBD>½ëùÖ8þíÎDûÔ.º¨ø Dtê›üº«%Á,«mºZÖÔA¬
+X';{H‰Ï
EeðÞ?3ëZa*m»°Êf;ºä®]%±ÈdESž‡•htHR³¯Å <C385>VËfuzz corpus msg

soliton/fuzz/corpus/fuzz_ed25519_verify/valid_verify

@@ -1,2 +1,2 @@
-ánDÆky	=ø¢ƒí
“K/Ë8l8Žâ<C5BD>™ÂÌNýNówû‡ìo…’Ÿôa"e!?_Ö
-^&Mï„]Uâ7÷c~<V'ìhNà6i:¤‚¹-,t¢Wá¹	fuzz corpus msg
+Ä<EFBFBD>½ëùÖ8þíÎDûÔ.º¨ø Dtê›üº«%À,«mºZÖÔA¬
+X';{H‰Ï
EeðÞ?3ëZa*m»°Êf;ºä®]%±ÈdESž‡•htHR³¯Å <C385>VËfuzz corpus msg

soliton/fuzz/corpus/fuzz_identity_sign_verify/933c356b95dd3aec979dbca14628d76b7f03aabc

@@ -0,0 +1 @@
+e<EFBFBD>]<5D><>&<26><>e<EFBFBD>]}<7D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>&molo

soliton/fuzz/corpus/fuzz_ratchet_state_machine/411d140f8bf8f4a8b5e5821b185c5c7bcc12faed

@@ -0,0 +1 @@
+躴览罒

soliton/fuzz/corpus/fuzz_storage_decrypt_blob/393ab93a18db07a5e69641cb1ac1243268529609

@@ -0,0 +1 @@
+

utĄAAĽąRP‡z˙˙*.˙˙˙=˙˙˙˙˙˙+˙–Čż˙~(—u¨ň0

soliton/fuzz/corpus/fuzz_storage_decrypt_blob/72be2fd2ffce48d92d93241a2ee51e35a75bb580

@@ -0,0 +1 @@
+

#AAј№Rzј†P‡яяяяяяяяяяяя+я–И@’щ~c—uЁт1

soliton/fuzz/corpus/fuzz_storage_decrypt_blob/8c1e6ab4270792c51304ea06f47dc20ce51ba57b

@@ -0,0 +1 @@
+<EFBFBD>

soliton/fuzz/corpus/fuzz_storage_decrypt_blob/bad_flags

@@ -1 +1 @@
-
ţ+·śš%g<”şŃLWnH{0;­‡×Ęţ4hďÜ—HΦ‰W­ĄčŮń°°Ú%şĐs‘‚^n
+
þ»Æææ8ÃÉ·ê<C2B7>EƒÎ5ñüž9Ö¹Š´<ú4…<15>ÎŒ¸bË°)óü–2O"
Ëä

soliton_capi/fuzz/Cargo.lock

@@ -435,7 +435,7 @@ dependencies = [
 
 [[package]]
 name = "libsoliton"
-version = "0.1.0"
+version = "0.1.1"
 dependencies = [
  "argon2",
  "chacha20poly1305",
@@ -473,7 +473,7 @@ dependencies = [
 
 [[package]]
 name = "libsoliton_capi"
-version = "0.1.0"
+version = "0.1.1"
 dependencies = [
  "libsoliton",
  "zeroize",

soliton_capi/fuzz/corpus/fuzz_capi_dm_queue_decrypt/valid_compressed

@@ -1 +1 @@
- 

гУ^”Б7x[N`НЏйж<.EУЅ:‡‰КyЖсRП]
kр<gJ‘И\Ѓnу(@гуФp—ЭЛЊГZЄWЖ!QаЮ
+ 

<EFBFBD>¿…Q׃ז;ֻ׀³R›Yj<08>"יא5£<35>זֲK!ז?ֺ[¢{*ֵ<>ֹiAֵׁׁ,Gקֶ׀^של~&ט7›<37>@¦״j"¿Eל

soliton_capi/fuzz/corpus/fuzz_capi_storage_decrypt/bad_flags

@@ -1 +1 @@
-
þUëŠ]teôYº§Ø˜E¾£ö”$<24>ÃSëÀá}ÉȉüÀ>Ú†VK%¸¹ôD‘†jqÄ|Dö
+
þ‚aj¹<¢/“q˜ò:êÌÑDå6.	äJD4̈<>K×ïù·Óܾ~§A<C2A7>*Ú@wC’e<E28099>ë