pub fn decaps_internal<P: Params>(dk: &[u8], c: &[u8]) -> [u8; 32]Expand description
Deterministic ML-KEM decapsulation (Algorithm 18).
Implements the Fujisaki-Okamoto transform: decrypts the ciphertext to
recover m', re-encrypts to get c', then uses a constant-time
comparison to select either the real shared key K' (if c == c')
or an implicit rejection key J(z || c) (otherwise).
All operations are constant-time with no secret-dependent branches.
Intermediates (m', g_input, j_input) are zeroized after use.
§Arguments
dk- The full decapsulation key (layout:dk_pke || ek || H(ek) || z).c- The ciphertext.
§Returns
The 32-byte shared secret.