Function decrypt_sca 

pub fn decrypt_sca<P: Params>(
    dk_pke: &[u8],
    c: &[u8],
    rng: &mut impl CryptoRng,
) -> Result<[u8; 32], MlKemError>

SCA-protected K-PKE decryption with masked secret key and shuffled NTT.

Functionally identical to decrypt but applies two side-channel countermeasures on the critical ŝ^T · NTT(u) inner product:

1. Shuffled NTT: the forward NTT on each ciphertext polynomial u[i] uses randomized butterfly ordering to defeat Simple Power Analysis.
2. Masked multiplication: the secret key ŝ is split into two additive shares (s0, s1) and the inner product is computed as s0·NTT(u) + s1·NTT(u), so no single intermediate reveals the secret (Differential Power Analysis protection).

The RNG is needed for both generating mask shares and shuffle permutations.

Arguments

• dk_pke - The K-PKE decapsulation key (ByteEncode_12(s_hat)).
• c - The ciphertext.
• rng - A cryptographic RNG for masking and shuffle randomness.

Errors

Returns MlKemError::RngFailure if the RNG fails.