docs: use Unicode superscripts in DH notation, add paper refs for concrete instantiations

- DH notation: g^a → gᵃ, (g^a)^b = g^{ab} → (gᵃ)ᵇ = gᵃᵇ, etc.
  in both DocDH.lean and DH.lean source header
- Add §2.5 page references (Bhargavan et al.) to all concrete
  instantiation claims: HKDF-SHA-256 (p. 473), AES-256-CBC+HMAC
  (p. 472), Kyber-1024 (p. 472), HKDF-SHA-256 in passive secrecy
  (p. 473)

Author: ChristianoBraga

PQXDHLean/X3DH/DH.lean

@@ -8,9 +8,9 @@ Diffie-Hellman as scalar multiplication over `[Field F] [Module F G]`.
 
 | Textbook (multiplicative) | This file (additive)             |
 |---------------------------|----------------------------------|
-| `g^a`                     | `a • G₀`                         |
-| `(g^a)^b = g^{ab}`        | `b • (a • G₀) = (b * a) • G₀`    |
-| `g^a · g^b = g^{a+b}`     | `a • G₀ + b • G₀ = (a+b) • G₀`   |
+| `gᵃ`                     | `a • G₀`                         |
+| `(gᵃ)ᵇ = gᵃᵇ`            | `b • (a • G₀) = (b * a) • G₀`    |
+| `gᵃ · gᵇ = gᵃ⁺ᵇ`         | `a • G₀ + b • G₀ = (a+b) • G₀`   |
 -/
 import Mathlib.Algebra.Module.Basic
 

docs/PQXDHDocs/DocAEAD.lean

@@ -25,8 +25,9 @@ associated data (AD). In X3DH/PQXDH:
   to both parties' identities, preventing key-mismatch attacks.
 
 The concrete instantiation is AES-256 in CBC mode with HMAC
-(Encrypt-Then-MAC). The paper assumes IND-CPA and INT-CTXT,
-which together imply IND-CCA2 for AEAD schemes (section 2.5, assumption 3).
+(Encrypt-Then-MAC) (§2.5, p. 472, Bhargavan et al.). The paper
+assumes IND-CPA and INT-CTXT, which together imply IND-CCA2
+for AEAD schemes (section 2.5, assumption 3).
 
 # Structure
 

docs/PQXDHDocs/DocDH.lean

@@ -36,9 +36,9 @@ apply directly without unfolding.
 The formalization uses additive group notation following the Mathlib
 convention, instead of the multiplicative notation from textbooks:
 
-- `g^a` becomes `a • G₀` (scalar multiplication)
-- `(g^a)^b = g^{ab}` becomes `b • (a • G₀) = (b * a) • G₀`
-- `g^a * g^b = g^{a+b}` becomes `a • G₀ + b • G₀ = (a + b) • G₀`
+- `gᵃ` becomes `a • G₀` (scalar multiplication)
+- `(gᵃ)ᵇ = gᵃᵇ` becomes `b • (a • G₀) = (b * a) • G₀`
+- `gᵃ · gᵇ = gᵃ⁺ᵇ` becomes `a • G₀ + b • G₀ = (a + b) • G₀`
 
 # Algebraic properties
 

docs/PQXDHDocs/DocKDF.lean

@@ -19,7 +19,8 @@ A KDF deterministically derives a fixed-size key from variable-length
 input material. In X3DH, the input is the concatenation of the
 DH outputs and the result is the session key (SK).
 
-The concrete instantiation is HKDF (RFC 5869) with SHA-256.
+The concrete instantiation is HKDF (RFC 5869) with SHA-256
+(§2.5, p. 473, Bhargavan et al.).
 
 Two formalizations coexist, modeling different aspects of the KDF.
 

docs/PQXDHDocs/DocKEM.lean

@@ -26,8 +26,9 @@ encapsulates to get (ct, ss), appends ss to her KDF input, and
 sends ct to Bob. Bob decapsulates to recover ss.
 
 The concrete instantiation is Kyber-1024 (ML-KEM), a lattice-based
-KEM secure under the Module-LWE assumption. The paper assumes the
-KEM is IND-CCA (section 2.5, assumption 1.B).
+KEM secure under the Module-LWE assumption (§2.5, p. 472, Bhargavan
+et al.). The paper assumes the KEM is IND-CCA (section 2.5,
+assumption 1.B).
 
 # Structure
 

docs/PQXDHDocs/DocX3DHPassiveSecrecy.lean

@@ -22,8 +22,8 @@ using VCV-io for security game definitions.
 
 # Random Oracle Model
 
-In the real protocol, the KDF (HKDF-SHA-256) is a deterministic
-function. In the security proof, we replace it with a *random
+In the real protocol, the KDF (HKDF-SHA-256, §2.5, p. 473) is a
+deterministic function. In the security proof, we replace it with a *random
 oracle*: a function that, on each new input, returns a uniformly
 random output and caches it for consistency (same input always
 gives the same output).

docs/README.md

@@ -1,124 +1,75 @@
-# Setting Up Verso-Blueprint 
+# PQXDH Documentation Project
 
-This guide explains how to set up Verso-Blueprint documentation for a Lean 4 project.
+Verso-Blueprint documentation for the PQXDH Lean 4 formalization.
 
-## Prerequisites
+Built with [verso-blueprint](https://github.com/ejgallego/verso-blueprint) (v4.28.0),
+which extends [Verso](https://github.com/leanprover/verso) with blueprint-style
+rendering for mathematical formalizations.
 
-- A working Lean 4 project with `lakefile.toml`
-- `elan` installed
+## Dependencies
 
-## Directory Structure
+The docs project (`docs/lakefile.toml`) depends on:
 
-```
-your-project/
-├── lakefile.toml          # Main project lakefile
-├── lean-toolchain
-├── YourLib/               # Your Lean source files
-│   └── *.lean
-└── docs/
-    ├── lakefile.toml      # Docs project lakefile
-    ├── lean-toolchain
-    ├── Main.lean
-    └── YourDocs/          # Documentation source files
-        └── *.lean
-```
-
-## Step 1: Set Up the Docs Project
+- **versoBlueprint** — documentation framework (fetched from git)
+- **PQXDH-lean** — the parent Lean library (via `path = ".."`)
 
-Create `docs/lakefile.toml`:
+Transitive dependencies (`subverso`, Verso core) are resolved automatically
+by Lake from the verso-blueprint manifest. The main project lakefile does
+**not** need to list them.
 
-```toml
-name = "YourDocs"
-defaultTargets = ["YourDocs", "docs"]
+## Building
 
-[[require]]
-name = "verso"
-git = "https://github.com/leanprover/verso"
-rev = "main"  # or a specific commit
-
-[[lean_lib]]
-name = "YourDocs"
-
-[[lean_exe]]
-name = "docs"
-root = "Main"
-```
-
-Create `docs/lean-toolchain` with the same Lean version as your main project.
-
-## Step 2: Build the Docs Project
+From the repository root (not from `docs/`):
 
 ```bash
-cd docs
+# Build the Lean library first
 lake build
-```
-
-This will fetch Verso and its dependencies, including `subverso`.
-
-## Step 3: Add Subverso to the Main Project
-
-Look up the `subverso` commit from `docs/lake-manifest.json`:
-
-```bash
-grep -A2 '"name": "subverso"' docs/lake-manifest.json
-```
-
-Add `subverso` (not `verso`) to your main project's `lakefile.toml`:
-
-```toml
-[[require]]
-name = "subverso"
-git = "https://github.com/leanprover/subverso"
-rev = "<commit-from-lake-manifest>"
-```
 
-## Step 4: Build the Main Project
+# Build the documentation executable
+lake -d docs build
 
-Build with `--keep-toolchain` to prevent the lean-toolchain from updating to subverso's version:
-
-```bash
-lake build --keep-toolchain
+# Generate HTML and serve locally
+./scripts/build-blueprint.sh
+python3 -m http.server 8080 -d _out/blueprint
 ```
 
-## Step 5: Configure Example Project Path
+Then open http://localhost:8080.
 
-In your documentation Lean files, set the `verso.exampleProject` option to point to your main project:
+## Project structure
 
-```lean
-set_option verso.exampleProject "."
 ```
-
-The path is relative to the workspace root when running `lake -d docs build` from the main project directory.
-
-## Building Documentation
-
-From the main project root:
-
-```bash
-lake -d docs build docs
+docs/
+├── lakefile.toml              # Depends on versoBlueprint + parent project
+├── lean-toolchain             # Must match parent (v4.28.0)
+├── lake-manifest.json         # Pinned dependency versions
+├── Main.lean                  # Entry point: CSS, JS, blueprint config
+├── PQXDHDocs.lean             # Top-level document definition
+└── PQXDHDocs/
+    ├── Contents.lean          # Imports all chapters, opens Verso namespaces
+    ├── SourceBlock.lean       # Custom code block: extracts proof bodies from source
+    ├── DocDH.lean             # Diffie-Hellman
+    ├── DocKDF.lean            # Key Derivation Function
+    ├── DocAEAD.lean           # Authenticated Encryption
+    ├── DocKEM.lean            # Key Encapsulation Mechanism
+    ├── DocX3DH.lean           # X3DH Protocol (includes PermDraws + PassiveSecrecy)
+    ├── DocPermDraws.lean      # perm_draws Tactic (subsection of X3DH)
+    ├── DocX3DHPassiveSecrecy.lean  # Passive Message Secrecy (subsection of X3DH)
+    ├── DocPQXDH.lean          # PQXDH Protocol
+    └── DocSecurityDefs.lean   # Security Definitions and Assumptions
 ```
 
-Or create a build script (e.g., `scripts/build-blueprint.sh`):
-
-```bash
-#!/usr/bin/env bash
-set -euo pipefail
-
-cd "$(dirname "$0")/.."
-
-out_root="${1:-_out/blueprint}"
-mkdir -p "$out_root"
+## How it works
 
-lake -d docs build docs
-"docs/.lake/build/bin/docs" --output "$out_root"
-
-echo "Output: $(readlink -f "$out_root")"
-```
+- Each `Doc*.lean` file is a Verso document chapter using `#doc (Manual)` blocks.
+- Definitions and theorems use `(lean := "DeclarationName")` to link prose
+  to Lean declarations, which Verso resolves at elaboration time.
+- Proof bodies are extracted via `` ```source DeclarationName `` blocks
+  (implemented in `SourceBlock.lean`), which read the actual source file
+  and display the proof text.
+- Cross-references between chapters use `{uses "tag"}[]` where tags are
+  defined by `:::definition` and `:::theorem` blocks.
 
-## Serving the Documentation
-
-```bash
-python3 -m http.server 8080 -d _out/blueprint
-```
+## Lean version
 
-Then open http://localhost:8080 in your browser.
+Both the library and docs must use the same Lean toolchain. Currently
+`leanprover/lean4:v4.28.0`, matching Mathlib and verso-blueprint.