41 const auto& sym = m_public_key->mode().symmetric_primitives();
43 const auto& h = m_public_key->H_public_key_bits_raw();
44 const auto& z = m_private_key->z();
46 const auto m_prime = m_private_key->indcpa_decrypt(
Ciphertext::from_bytes(encapsulated_key, m_private_key->mode()));
47 const auto [K_bar_prime, r_prime] = sym.G(m_prime, h);
49 const auto c_prime = m_public_key->indcpa_encrypt(m_prime, r_prime).to_bytes();
54 const auto reencrypt_success =
CT::is_equal(encapsulated_key.
data(), c_prime.data(), encapsulated_key.
size());
57 sym.KDF(out_shared_key, K, sym.H(encapsulated_key));
static Ciphertext from_bytes(StrongSpan< const KyberCompressedCiphertext > buffer, const KyberConstants &mode)