diff --git a/Cargo.lock b/Cargo.lock
index 154c6ea6..fce1df09 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -674,9 +674,9 @@ checksum = "4858a9d740c5007a9069007c3b4e91152d0506f13c1b31dd49051fd537656156"
 
 [[package]]
 name = "astral-tokio-tar"
-version = "0.6.1"
+version = "0.6.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4ce73b17c62717c4b6a9af10b43e87c578b0cac27e00666d48304d3b7d2c0693"
+checksum = "cb50a7aae84a03bf55b067832bc376f4961b790c97e64d3eacee97d389b90277"
 dependencies = [
  "filetime",
  "futures-core",
@@ -1972,7 +1972,6 @@ dependencies = [
  "anyhow",
  "key_protocol",
  "nssa_core",
- "rand 0.8.5",
  "serde",
  "serde_json",
 ]
@@ -2134,7 +2133,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7ab67060fc6b8ef687992d439ca0fa36e7ed17e9a0b16b25b601e8757df720de"
 dependencies = [
  "data-encoding",
- "syn 2.0.117",
+ "syn 1.0.109",
 ]
 
 [[package]]
@@ -2318,7 +2317,7 @@ dependencies = [
  "libc",
  "option-ext",
  "redox_users",
- "windows-sys 0.61.2",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -2649,7 +2648,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
 dependencies = [
  "libc",
- "windows-sys 0.61.2",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -3629,7 +3628,7 @@ dependencies = [
  "libc",
  "percent-encoding",
  "pin-project-lite",
- "socket2 0.6.3",
+ "socket2 0.5.10",
  "tokio",
  "tower-service",
  "tracing",
@@ -6479,7 +6478,6 @@ dependencies = [
  "bytemuck",
  "bytesize",
  "chacha20",
- "k256",
  "ml-kem",
  "risc0-zkvm",
  "serde",
@@ -6494,7 +6492,7 @@ version = "0.50.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5"
 dependencies = [
- "windows-sys 0.61.2",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -7358,7 +7356,7 @@ dependencies = [
  "quinn-udp",
  "rustc-hash",
  "rustls",
- "socket2 0.6.3",
+ "socket2 0.5.10",
  "thiserror 2.0.18",
  "tokio",
  "tracing",
@@ -7395,7 +7393,7 @@ dependencies = [
  "cfg_aliases",
  "libc",
  "once_cell",
- "socket2 0.6.3",
+ "socket2 0.5.10",
  "tracing",
  "windows-sys 0.59.0",
 ]
@@ -8292,7 +8290,7 @@ dependencies = [
  "errno",
  "libc",
  "linux-raw-sys",
- "windows-sys 0.61.2",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -9283,7 +9281,7 @@ dependencies = [
  "getrandom 0.4.2",
  "once_cell",
  "rustix",
- "windows-sys 0.61.2",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
@@ -10586,7 +10584,7 @@ version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
 dependencies = [
- "windows-sys 0.61.2",
+ "windows-sys 0.52.0",
 ]
 
 [[package]]
diff --git a/artifacts/program_methods/authenticated_transfer.bin b/artifacts/program_methods/authenticated_transfer.bin
index d050cd62..29f68451 100644
Binary files a/artifacts/program_methods/authenticated_transfer.bin and b/artifacts/program_methods/authenticated_transfer.bin differ
diff --git a/artifacts/program_methods/faucet.bin b/artifacts/program_methods/faucet.bin
index 00a81dc9..95c53175 100644
Binary files a/artifacts/program_methods/faucet.bin and b/artifacts/program_methods/faucet.bin differ
diff --git a/artifacts/program_methods/pinata.bin b/artifacts/program_methods/pinata.bin
index 5c9233bd..af6c9d67 100644
Binary files a/artifacts/program_methods/pinata.bin and b/artifacts/program_methods/pinata.bin differ
diff --git a/artifacts/program_methods/pinata_token.bin b/artifacts/program_methods/pinata_token.bin
index fd3adddb..e7b27854 100644
Binary files a/artifacts/program_methods/pinata_token.bin and b/artifacts/program_methods/pinata_token.bin differ
diff --git a/artifacts/program_methods/privacy_preserving_circuit.bin b/artifacts/program_methods/privacy_preserving_circuit.bin
index 2d8e902c..4e643391 100644
Binary files a/artifacts/program_methods/privacy_preserving_circuit.bin and b/artifacts/program_methods/privacy_preserving_circuit.bin differ
diff --git a/artifacts/program_methods/vault.bin b/artifacts/program_methods/vault.bin
index 7f7ce6d6..c7fa230c 100644
Binary files a/artifacts/program_methods/vault.bin and b/artifacts/program_methods/vault.bin differ
diff --git a/artifacts/test_program_methods/auth_asserting_noop.bin b/artifacts/test_program_methods/auth_asserting_noop.bin
index 80835971..fdd38449 100644
Binary files a/artifacts/test_program_methods/auth_asserting_noop.bin and b/artifacts/test_program_methods/auth_asserting_noop.bin differ
diff --git a/artifacts/test_program_methods/auth_transfer_proxy.bin b/artifacts/test_program_methods/auth_transfer_proxy.bin
index 490223a5..c21da0d8 100644
Binary files a/artifacts/test_program_methods/auth_transfer_proxy.bin and b/artifacts/test_program_methods/auth_transfer_proxy.bin differ
diff --git a/artifacts/test_program_methods/changer_claimer.bin b/artifacts/test_program_methods/changer_claimer.bin
index a1c94250..9f84db84 100644
Binary files a/artifacts/test_program_methods/changer_claimer.bin and b/artifacts/test_program_methods/changer_claimer.bin differ
diff --git a/artifacts/test_program_methods/clock_chain_caller.bin b/artifacts/test_program_methods/clock_chain_caller.bin
index ee237e70..cf9afefc 100644
Binary files a/artifacts/test_program_methods/clock_chain_caller.bin and b/artifacts/test_program_methods/clock_chain_caller.bin differ
diff --git a/artifacts/test_program_methods/data_changer.bin b/artifacts/test_program_methods/data_changer.bin
index f559654c..086d01d6 100644
Binary files a/artifacts/test_program_methods/data_changer.bin and b/artifacts/test_program_methods/data_changer.bin differ
diff --git a/artifacts/test_program_methods/extra_output.bin b/artifacts/test_program_methods/extra_output.bin
index 30d44aae..16651f55 100644
Binary files a/artifacts/test_program_methods/extra_output.bin and b/artifacts/test_program_methods/extra_output.bin differ
diff --git a/artifacts/test_program_methods/faucet_chain_caller.bin b/artifacts/test_program_methods/faucet_chain_caller.bin
index 6311ad4b..82516111 100644
Binary files a/artifacts/test_program_methods/faucet_chain_caller.bin and b/artifacts/test_program_methods/faucet_chain_caller.bin differ
diff --git a/artifacts/test_program_methods/malicious_caller_program_id.bin b/artifacts/test_program_methods/malicious_caller_program_id.bin
index 4c402914..08bf3c36 100644
Binary files a/artifacts/test_program_methods/malicious_caller_program_id.bin and b/artifacts/test_program_methods/malicious_caller_program_id.bin differ
diff --git a/artifacts/test_program_methods/malicious_self_program_id.bin b/artifacts/test_program_methods/malicious_self_program_id.bin
index 2ca1fe2d..5521c1d1 100644
Binary files a/artifacts/test_program_methods/malicious_self_program_id.bin and b/artifacts/test_program_methods/malicious_self_program_id.bin differ
diff --git a/artifacts/test_program_methods/noop.bin b/artifacts/test_program_methods/noop.bin
index e4024958..91cc98f6 100644
Binary files a/artifacts/test_program_methods/noop.bin and b/artifacts/test_program_methods/noop.bin differ
diff --git a/artifacts/test_program_methods/pda_claimer.bin b/artifacts/test_program_methods/pda_claimer.bin
index 7bf306ea..26e4ffd0 100644
Binary files a/artifacts/test_program_methods/pda_claimer.bin and b/artifacts/test_program_methods/pda_claimer.bin differ
diff --git a/artifacts/test_program_methods/pda_fund_spend_proxy.bin b/artifacts/test_program_methods/pda_fund_spend_proxy.bin
index e167ecc6..43cf7c5b 100644
Binary files a/artifacts/test_program_methods/pda_fund_spend_proxy.bin and b/artifacts/test_program_methods/pda_fund_spend_proxy.bin differ
diff --git a/artifacts/test_program_methods/private_pda_delegator.bin b/artifacts/test_program_methods/private_pda_delegator.bin
index 1c4dd672..677ac659 100644
Binary files a/artifacts/test_program_methods/private_pda_delegator.bin and b/artifacts/test_program_methods/private_pda_delegator.bin differ
diff --git a/artifacts/test_program_methods/time_locked_transfer.bin b/artifacts/test_program_methods/time_locked_transfer.bin
index bfa226fb..202e4271 100644
Binary files a/artifacts/test_program_methods/time_locked_transfer.bin and b/artifacts/test_program_methods/time_locked_transfer.bin differ
diff --git a/artifacts/test_program_methods/two_pda_claimer.bin b/artifacts/test_program_methods/two_pda_claimer.bin
index 8833afb0..ad02644d 100644
Binary files a/artifacts/test_program_methods/two_pda_claimer.bin and b/artifacts/test_program_methods/two_pda_claimer.bin differ
diff --git a/artifacts/test_program_methods/validity_window.bin b/artifacts/test_program_methods/validity_window.bin
index 37afac43..fd810c11 100644
Binary files a/artifacts/test_program_methods/validity_window.bin and b/artifacts/test_program_methods/validity_window.bin differ
diff --git a/artifacts/test_program_methods/validity_window_chain_caller.bin b/artifacts/test_program_methods/validity_window_chain_caller.bin
index 42ef3906..63bff3fe 100644
Binary files a/artifacts/test_program_methods/validity_window_chain_caller.bin and b/artifacts/test_program_methods/validity_window_chain_caller.bin differ
diff --git a/integration_tests/tests/shared_accounts.rs b/integration_tests/tests/shared_accounts.rs
index 6dd9f1fd..5db6e7a9 100644
--- a/integration_tests/tests/shared_accounts.rs
+++ b/integration_tests/tests/shared_accounts.rs
@@ -107,10 +107,9 @@ async fn group_invite_join_key_agreement() -> Result<()> {
         .key_chain()
         .sealing_secret_key()
         .context("Sealing key not found")?;
-    let sealing_pk =
-        key_protocol::key_management::group_key_holder::SealingPublicKey::from_bytes(
-            nssa_core::encryption::ViewingPublicKey::from_seed(&sealing_sk.d, &sealing_sk.r).0,
-        );
+    let sealing_pk = key_protocol::key_management::group_key_holder::SealingPublicKey::from_bytes(
+        nssa_core::encryption::ViewingPublicKey::from_seed(&sealing_sk.d, &sealing_sk.r).0,
+    );
 
     let holder = ctx
         .wallet()
diff --git a/nssa/core/Cargo.toml b/nssa/core/Cargo.toml
index 3a26e99d..a1508686 100644
--- a/nssa/core/Cargo.toml
+++ b/nssa/core/Cargo.toml
@@ -16,7 +16,6 @@ thiserror.workspace = true
 bytemuck.workspace = true
 bytesize.workspace = true
 base58.workspace = true
-k256 = { workspace = true, optional = true }
 ml-kem = { workspace = true, optional = true, features = ["getrandom"] }
 chacha20 = { version = "0.10" }
 
@@ -25,4 +24,4 @@ serde_json.workspace = true
 
 [features]
 default = []
-host = ["dep:k256", "dep:ml-kem"]
+host = ["dep:ml-kem"]
diff --git a/nssa/core/src/encryption/mod.rs b/nssa/core/src/encryption/mod.rs
index bfef74a0..9e22f0ae 100644
--- a/nssa/core/src/encryption/mod.rs
+++ b/nssa/core/src/encryption/mod.rs
@@ -156,7 +156,7 @@ mod tests {
     }
 
     /// Verifies the full account-note pipeline: ML-KEM-768 encapsulation/decapsulation
-    /// feeds the correct shared secret into the SHA-256 KDF and ChaCha20 round-trip.
+    /// feeds the correct shared secret into the SHA-256 KDF and `ChaCha20` round-trip.
     #[cfg(feature = "host")]
     #[test]
     fn kem_to_chacha20_round_trip() {
diff --git a/nssa/core/src/encryption/shared_key_derivation.rs b/nssa/core/src/encryption/shared_key_derivation.rs
index 72b5d950..c75c7f6f 100644
--- a/nssa/core/src/encryption/shared_key_derivation.rs
+++ b/nssa/core/src/encryption/shared_key_derivation.rs
@@ -10,7 +10,18 @@ use crate::SharedSecretKey;
 pub struct EphemeralPublicKey(pub Vec<u8>);
 
 /// ML-KEM-768 encapsulation key bytes (1184 bytes, opaque to this crate).
-#[derive(Serialize, Deserialize, Clone, Debug, PartialEq, Eq, PartialOrd, Ord, BorshSerialize, BorshDeserialize)]
+#[derive(
+    Serialize,
+    Deserialize,
+    Clone,
+    Debug,
+    PartialEq,
+    Eq,
+    PartialOrd,
+    Ord,
+    BorshSerialize,
+    BorshDeserialize,
+)]
 pub struct ViewingPublicKey(pub Vec<u8>);
 
 impl ViewingPublicKey {
@@ -73,8 +84,8 @@ impl SharedSecretKey {
         input.extend_from_slice(message_hash);
         input.extend_from_slice(&output_index.to_le_bytes());
         let hash = Impl::hash_bytes(&input);
-        let m: ml_kem::B32 = ml_kem::array::Array::try_from(hash.as_bytes())
-            .expect("SHA-256 output is 32 bytes");
+        let m: ml_kem::B32 =
+            ml_kem::array::Array::try_from(hash.as_bytes()).expect("SHA-256 output is 32 bytes");
 
         let ek_bytes: ml_kem::kem::Key<ml_kem::EncapsulationKey768> = vpk
             .0
diff --git a/testnet_initial_state/src/lib.rs b/testnet_initial_state/src/lib.rs
index e7000d5a..385ea5ea 100644
--- a/testnet_initial_state/src/lib.rs
+++ b/testnet_initial_state/src/lib.rs
@@ -2,11 +2,10 @@ use common::PINATA_BASE58;
 use key_protocol::key_management::{
     KeyChain,
     key_tree::chain_index::ChainIndex,
-    secret_holders::{PrivateKeyHolder, SecretSpendingKey},
+    secret_holders::{PrivateKeyHolder, SecretSpendingKey, ViewingSecretKey},
 };
 use nssa::{Account, AccountId, Data, PrivateKey, PublicKey, V03State};
 use nssa_core::{NullifierPublicKey, encryption::ViewingPublicKey};
-use key_protocol::key_management::secret_holders::ViewingSecretKey;
 use serde::{Deserialize, Serialize};
 
 const PRIVATE_KEY_PUB_ACC_A: [u8; 32] = [
@@ -49,8 +48,6 @@ const VSK_PRIV_ACC_B: [u8; 32] = [
     154, 161, 34, 208, 74, 27, 1, 119, 13, 88, 128,
 ];
 
-
-
 const NPK_PRIV_ACC_A: [u8; 32] = [
     167, 108, 50, 153, 74, 47, 151, 188, 140, 79, 195, 31, 181, 9, 40, 167, 201, 32, 175, 129, 45,
     245, 223, 193, 210, 170, 247, 128, 167, 140, 155, 129,
@@ -129,7 +126,10 @@ pub fn initial_priv_accounts_private_keys() -> Vec<PrivateAccountPrivateInitialD
         secret_spending_key: SecretSpendingKey(SSK_PRIV_ACC_A),
         private_key_holder: PrivateKeyHolder {
             nullifier_secret_key: NSK_PRIV_ACC_A,
-            viewing_secret_key: ViewingSecretKey { d: VSK_PRIV_ACC_A, r: [0_u8; 32] },
+            viewing_secret_key: ViewingSecretKey {
+                d: VSK_PRIV_ACC_A,
+                r: [0_u8; 32],
+            },
         },
         nullifier_public_key: NullifierPublicKey(NPK_PRIV_ACC_A),
         viewing_public_key: ViewingPublicKey::from_seed(&VSK_PRIV_ACC_A, &[0_u8; 32]),
@@ -139,7 +139,10 @@ pub fn initial_priv_accounts_private_keys() -> Vec<PrivateAccountPrivateInitialD
         secret_spending_key: SecretSpendingKey(SSK_PRIV_ACC_B),
         private_key_holder: PrivateKeyHolder {
             nullifier_secret_key: NSK_PRIV_ACC_B,
-            viewing_secret_key: ViewingSecretKey { d: VSK_PRIV_ACC_B, r: [0_u8; 32] },
+            viewing_secret_key: ViewingSecretKey {
+                d: VSK_PRIV_ACC_B,
+                r: [0_u8; 32],
+            },
         },
         nullifier_public_key: NullifierPublicKey(NPK_PRIV_ACC_B),
         viewing_public_key: ViewingPublicKey::from_seed(&VSK_PRIV_ACC_B, &[0_u8; 32]),
diff --git a/tools/crypto_primitives_bench/Cargo.toml b/tools/crypto_primitives_bench/Cargo.toml
index e6d1240c..326a1c94 100644
--- a/tools/crypto_primitives_bench/Cargo.toml
+++ b/tools/crypto_primitives_bench/Cargo.toml
@@ -15,4 +15,3 @@ nssa_core = { workspace = true, features = ["host"] }
 anyhow.workspace = true
 serde.workspace = true
 serde_json.workspace = true
-rand = { workspace = true }
diff --git a/tools/crypto_primitives_bench/src/main.rs b/tools/crypto_primitives_bench/src/main.rs
index c2e5a3a1..8bb0e3d2 100644
--- a/tools/crypto_primitives_bench/src/main.rs
+++ b/tools/crypto_primitives_bench/src/main.rs
@@ -86,9 +86,13 @@ fn main() -> Result<()> {
     // ML-KEM-768 encapsulation (replaces the old ECDH scalar multiplication).
     let recipient_kc = KeyChain::new_os_random();
     let vpk = recipient_kc.viewing_public_key;
-    results.push(time("SharedSecretKey::encapsulate (sender KEM)", ITERS, || {
-        let (_ssk, _epk) = SharedSecretKey::encapsulate(&vpk);
-    }));
+    results.push(time(
+        "SharedSecretKey::encapsulate (sender KEM)",
+        ITERS,
+        || {
+            let (_ssk, _epk) = SharedSecretKey::encapsulate(&vpk);
+        },
+    ));
 
     // EncryptionScheme::encrypt / decrypt over a small Account note.
     let account = Account::default();
diff --git a/wallet/src/cli/group.rs b/wallet/src/cli/group.rs
index 6ea53e7f..b4ce9031 100644
--- a/wallet/src/cli/group.rs
+++ b/wallet/src/cli/group.rs
@@ -1,6 +1,9 @@
 use anyhow::{Context as _, Result};
 use clap::Subcommand;
-use key_protocol::key_management::{group_key_holder::{GroupKeyHolder, SealingPublicKey}, secret_holders::ViewingSecretKey};
+use key_protocol::key_management::{
+    group_key_holder::{GroupKeyHolder, SealingPublicKey},
+    secret_holders::ViewingSecretKey,
+};
 
 use crate::{
     WalletCore,
diff --git a/wallet/src/lib.rs b/wallet/src/lib.rs
index dcf2b6eb..bc618834 100644
--- a/wallet/src/lib.rs
+++ b/wallet/src/lib.rs
@@ -266,7 +266,10 @@ impl WalletCore {
     }
 
     /// Set the wallet's dedicated sealing secret key.
-    pub const fn set_sealing_secret_key(&mut self, key: key_protocol::key_management::secret_holders::ViewingSecretKey) {
+    pub const fn set_sealing_secret_key(
+        &mut self,
+        key: key_protocol::key_management::secret_holders::ViewingSecretKey,
+    ) {
         self.storage.key_chain_mut().set_sealing_secret_key(key);
     }
 
@@ -766,7 +769,8 @@ impl WalletCore {
                     continue;
                 }
 
-                let shared_secret = SharedSecretKey::decapsulate(&encrypted_data.epk, &vsk.d, &vsk.r);
+                let shared_secret =
+                    SharedSecretKey::decapsulate(&encrypted_data.epk, &vsk.d, &vsk.r);
                 let commitment = &tx.message.new_commitments[ciph_id];
 
                 if let Some((_kind, new_acc)) = nssa_core::EncryptionScheme::decrypt(