pub fn encapsulate_deterministic(
partner_ek_bytes: &[u8],
m: &[u8; 32],
) -> Result<(Vec<u8>, Zeroizing<[u8; 32]>)>Expand description
Encapsulate to a peer’s ML-KEM-768 encapsulation key using a caller-supplied
deterministic 32-byte message m. Returns (ciphertext, shared_secret).
m MUST be uniformly-distributed and secret. In huddle it is an HKDF output
keyed by the initiator’s long-term Ed25519 seed (crypto::dm). The
determinism is intentional — it lets the initiator reproduce the exact DM
key with no per-DM secret state — and safe, because m’s secrecy rests on
the initiator’s stored seed, not on the (quantum-breakable) X25519 secret.