Function encaps 

pub fn encaps<P: Params>(
    ek: &[u8],
    rng: &mut impl CryptoRng,
) -> Result<([u8; 32], Vec<u8>), MlKemError>

Encapsulate a shared secret (Algorithm 20) with input validation.

Validates the encapsulation key (length check and constant-time modulus check per FIPS 203 Section 7.2), then draws a random 32-byte message and delegates to encaps_internal.

The modulus check ensures each 12-bit coefficient in ek is less than q = 3329 by round-tripping through encode/decode.

Arguments

• ek - The encapsulation (public) key, exactly Params::EK_LEN bytes.
• rng - A cryptographic random number generator implementing CryptoRng.

Returns

A tuple (shared_secret, ciphertext).

Errors

• MlKemError::InvalidEncapsulationKey if the key has wrong length or fails the modulus check.
• MlKemError::RngFailure if the RNG fails.