pub fn decapsulate_kem(
secret_key: &[u8],
ciphertext: &[u8],
) -> Result<Bytes, CryptoError>Expand description
Decapsulate a shared secret using secret_key (the 64-byte seed) and
ciphertext.
ML-KEM uses implicit rejection — an invalid ciphertext yields a pseudo-random (but different) shared secret rather than an error.
§Errors
Returns CryptoError::InvalidKeyLength if secret_key is not 64
bytes. Returns CryptoError::DecapsulationFailed if ciphertext
has the wrong length.