Function decaps_single

Source

pub fn decaps_single<P: Params>(
    dk: &[u8],
    c: &[u8],
) -> Result<[u8; 32], MlKemError>

Expand description

Decapsulate without double computation (single-pass variant).

Performs length validation and the H(ek) integrity check on the decapsulation key, then runs decaps_internal once. This is faster than decaps but does not detect single-fault injection attacks.

Suitable for software-only environments where physical fault attacks are not in the threat model.

§Arguments

dk - The decapsulation (private) key, exactly Params::DK_LEN bytes.
c - The ciphertext, exactly Params::CT_LEN bytes.

§Returns

The 32-byte shared secret.

§Errors

MlKemError::InvalidDecapsulationKey if dk has wrong length or fails the integrity check.
MlKemError::InvalidCiphertext if c has wrong length.

decaps_single

Function decaps_single Copy item path

§Arguments

§Returns

§Errors

Function decaps_single