diff --git a/Cargo.lock b/Cargo.lock
index fc383767..ae498348 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1619,9 +1619,15 @@ dependencies = [
 
 [[package]]
 name = "cmov"
+<<<<<<< HEAD
 version = "0.5.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "3f88a43d011fc4a6876cb7344703e297c71dda42494fee094d5f7c76bf13f746"
+=======
+version = "0.5.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0c9ea0ac24bc397ab3c98583a3c9ba74fa56b09a4449bbe172b9b1ddb016027a"
+>>>>>>> ee3cfb6e (fix clippy errors from main merge)
 
 [[package]]
 name = "cobs"
@@ -2039,6 +2045,7 @@ dependencies = [
 name = "crypto_primitives_bench"
 version = "0.1.0"
 dependencies = [
+ "anyhow",
  "criterion",
  "key_protocol",
 <<<<<<< HEAD
@@ -2046,9 +2053,15 @@ dependencies = [
  "rand 0.8.6",
 =======
  "nssa_core",
+<<<<<<< HEAD
  "serde",
  "serde_json",
 >>>>>>> 8492f995 (ci fixes)
+=======
+ "rand 0.8.5",
+ "serde",
+ "serde_json",
+>>>>>>> ee3cfb6e (fix clippy errors from main merge)
 ]
 
 [[package]]
@@ -2209,7 +2222,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ccc2776f0c61eca1ca32528f85548abd1a4be8fb53d1b21c013e4f18da1e7090"
 dependencies = [
  "data-encoding",
- "syn 1.0.109",
+ "syn 2.0.117",
 ]
 
 [[package]]
@@ -2363,7 +2376,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f1dd6dbb5841937940781866fa1281a1ff7bd3bf827091440879f9994983d5c2"
 dependencies = [
  "block-buffer 0.12.0",
+<<<<<<< HEAD
  "crypto-common 0.2.2",
+=======
+ "crypto-common 0.2.1",
+>>>>>>> ee3cfb6e (fix clippy errors from main merge)
 ]
 
 [[package]]
@@ -2713,7 +2730,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
 dependencies = [
  "libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -4580,7 +4597,11 @@ version = "0.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "01737161ba802849cfd486b5bd209d38ba4943494c249a8126005170c7621edd"
 dependencies = [
+<<<<<<< HEAD
  "crypto-common 0.2.2",
+=======
+ "crypto-common 0.2.1",
+>>>>>>> ee3cfb6e (fix clippy errors from main merge)
  "rand_core 0.10.1",
 ]
 
@@ -4598,10 +4619,17 @@ dependencies = [
  "hmac-sha512",
  "itertools 0.14.0",
  "k256",
+<<<<<<< HEAD
  "lee",
  "lee_core",
  "ml-kem",
  "rand 0.8.6",
+=======
+ "ml-kem",
+ "nssa",
+ "nssa_core",
+ "rand 0.8.5",
+>>>>>>> ee3cfb6e (fix clippy errors from main merge)
  "serde",
  "sha2",
  "thiserror 2.0.18",
@@ -7796,11 +7824,15 @@ dependencies = [
  "quinn-udp",
  "rustc-hash",
  "rustls",
+<<<<<<< HEAD
 <<<<<<< HEAD
  "socket2 0.6.4",
 =======
  "socket2 0.5.10",
 >>>>>>> 8492f995 (ci fixes)
+=======
+ "socket2 0.6.3",
+>>>>>>> ee3cfb6e (fix clippy errors from main merge)
  "thiserror 2.0.18",
  "tokio",
  "tracing",
@@ -7837,6 +7869,7 @@ dependencies = [
  "cfg_aliases",
  "libc",
  "once_cell",
+<<<<<<< HEAD
 <<<<<<< HEAD
  "socket2 0.6.4",
 =======
@@ -7844,6 +7877,11 @@ dependencies = [
 >>>>>>> 8492f995 (ci fixes)
  "tracing",
  "windows-sys 0.60.2",
+=======
+ "socket2 0.6.3",
+ "tracing",
+ "windows-sys 0.59.0",
+>>>>>>> ee3cfb6e (fix clippy errors from main merge)
 ]
 
 [[package]]
@@ -8754,7 +8792,7 @@ dependencies = [
  "errno",
  "libc",
  "linux-raw-sys",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -9754,7 +9792,7 @@ dependencies = [
  "getrandom 0.4.2",
  "once_cell",
  "rustix",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -11176,7 +11214,7 @@ version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
 dependencies = [
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
diff --git a/artifacts/program_methods/authenticated_transfer.bin b/artifacts/program_methods/authenticated_transfer.bin
index c3058063..5266b5c3 100644
Binary files a/artifacts/program_methods/authenticated_transfer.bin and b/artifacts/program_methods/authenticated_transfer.bin differ
diff --git a/artifacts/program_methods/bridge.bin b/artifacts/program_methods/bridge.bin
index bd30da09..6cd3bfeb 100644
Binary files a/artifacts/program_methods/bridge.bin and b/artifacts/program_methods/bridge.bin differ
diff --git a/artifacts/program_methods/faucet.bin b/artifacts/program_methods/faucet.bin
index 1d0dfbad..7f715d6d 100644
Binary files a/artifacts/program_methods/faucet.bin and b/artifacts/program_methods/faucet.bin differ
diff --git a/artifacts/program_methods/pinata.bin b/artifacts/program_methods/pinata.bin
index 4882202c..647894bd 100644
Binary files a/artifacts/program_methods/pinata.bin and b/artifacts/program_methods/pinata.bin differ
diff --git a/artifacts/program_methods/pinata_token.bin b/artifacts/program_methods/pinata_token.bin
index 4069d51c..31c2cf18 100644
Binary files a/artifacts/program_methods/pinata_token.bin and b/artifacts/program_methods/pinata_token.bin differ
diff --git a/artifacts/program_methods/privacy_preserving_circuit.bin b/artifacts/program_methods/privacy_preserving_circuit.bin
index 83a79a8b..664a3e46 100644
Binary files a/artifacts/program_methods/privacy_preserving_circuit.bin and b/artifacts/program_methods/privacy_preserving_circuit.bin differ
diff --git a/artifacts/program_methods/vault.bin b/artifacts/program_methods/vault.bin
index c8e00e8c..9606f90f 100644
Binary files a/artifacts/program_methods/vault.bin and b/artifacts/program_methods/vault.bin differ
diff --git a/artifacts/test_program_methods/auth_asserting_noop.bin b/artifacts/test_program_methods/auth_asserting_noop.bin
index 682c04b2..4dbe0f19 100644
Binary files a/artifacts/test_program_methods/auth_asserting_noop.bin and b/artifacts/test_program_methods/auth_asserting_noop.bin differ
diff --git a/artifacts/test_program_methods/auth_transfer_proxy.bin b/artifacts/test_program_methods/auth_transfer_proxy.bin
index f60baf48..8c75514e 100644
Binary files a/artifacts/test_program_methods/auth_transfer_proxy.bin and b/artifacts/test_program_methods/auth_transfer_proxy.bin differ
diff --git a/artifacts/test_program_methods/changer_claimer.bin b/artifacts/test_program_methods/changer_claimer.bin
index 3d04cff5..81b1b106 100644
Binary files a/artifacts/test_program_methods/changer_claimer.bin and b/artifacts/test_program_methods/changer_claimer.bin differ
diff --git a/artifacts/test_program_methods/clock_chain_caller.bin b/artifacts/test_program_methods/clock_chain_caller.bin
index 81e4397c..bf010572 100644
Binary files a/artifacts/test_program_methods/clock_chain_caller.bin and b/artifacts/test_program_methods/clock_chain_caller.bin differ
diff --git a/artifacts/test_program_methods/data_changer.bin b/artifacts/test_program_methods/data_changer.bin
index 1f3a49f4..6b9a225e 100644
Binary files a/artifacts/test_program_methods/data_changer.bin and b/artifacts/test_program_methods/data_changer.bin differ
diff --git a/artifacts/test_program_methods/extra_output.bin b/artifacts/test_program_methods/extra_output.bin
index 27872c2b..83946aa4 100644
Binary files a/artifacts/test_program_methods/extra_output.bin and b/artifacts/test_program_methods/extra_output.bin differ
diff --git a/artifacts/test_program_methods/faucet_chain_caller.bin b/artifacts/test_program_methods/faucet_chain_caller.bin
index 515b7cf7..aea4c502 100644
Binary files a/artifacts/test_program_methods/faucet_chain_caller.bin and b/artifacts/test_program_methods/faucet_chain_caller.bin differ
diff --git a/artifacts/test_program_methods/malicious_caller_program_id.bin b/artifacts/test_program_methods/malicious_caller_program_id.bin
index 2e8b3a11..706b851a 100644
Binary files a/artifacts/test_program_methods/malicious_caller_program_id.bin and b/artifacts/test_program_methods/malicious_caller_program_id.bin differ
diff --git a/artifacts/test_program_methods/malicious_injector.bin b/artifacts/test_program_methods/malicious_injector.bin
index 1bf42bf1..99c26c1a 100644
Binary files a/artifacts/test_program_methods/malicious_injector.bin and b/artifacts/test_program_methods/malicious_injector.bin differ
diff --git a/artifacts/test_program_methods/malicious_self_program_id.bin b/artifacts/test_program_methods/malicious_self_program_id.bin
index 98859823..eff04ed0 100644
Binary files a/artifacts/test_program_methods/malicious_self_program_id.bin and b/artifacts/test_program_methods/malicious_self_program_id.bin differ
diff --git a/artifacts/test_program_methods/noop.bin b/artifacts/test_program_methods/noop.bin
index 4fb3cc6c..757e8cd9 100644
Binary files a/artifacts/test_program_methods/noop.bin and b/artifacts/test_program_methods/noop.bin differ
diff --git a/artifacts/test_program_methods/pda_claimer.bin b/artifacts/test_program_methods/pda_claimer.bin
index f7677402..82a59bd2 100644
Binary files a/artifacts/test_program_methods/pda_claimer.bin and b/artifacts/test_program_methods/pda_claimer.bin differ
diff --git a/artifacts/test_program_methods/pda_fund_spend_proxy.bin b/artifacts/test_program_methods/pda_fund_spend_proxy.bin
index d27f52fd..9a04a29c 100644
Binary files a/artifacts/test_program_methods/pda_fund_spend_proxy.bin and b/artifacts/test_program_methods/pda_fund_spend_proxy.bin differ
diff --git a/artifacts/test_program_methods/pda_spend_proxy.bin b/artifacts/test_program_methods/pda_spend_proxy.bin
index 8f5641e6..2f253bcb 100644
Binary files a/artifacts/test_program_methods/pda_spend_proxy.bin and b/artifacts/test_program_methods/pda_spend_proxy.bin differ
diff --git a/artifacts/test_program_methods/private_pda_delegator.bin b/artifacts/test_program_methods/private_pda_delegator.bin
index c7bd4042..754709b4 100644
Binary files a/artifacts/test_program_methods/private_pda_delegator.bin and b/artifacts/test_program_methods/private_pda_delegator.bin differ
diff --git a/artifacts/test_program_methods/time_locked_transfer.bin b/artifacts/test_program_methods/time_locked_transfer.bin
index 4873774f..ccedd4e5 100644
Binary files a/artifacts/test_program_methods/time_locked_transfer.bin and b/artifacts/test_program_methods/time_locked_transfer.bin differ
diff --git a/artifacts/test_program_methods/two_pda_claimer.bin b/artifacts/test_program_methods/two_pda_claimer.bin
index a11c00b6..88de3b95 100644
Binary files a/artifacts/test_program_methods/two_pda_claimer.bin and b/artifacts/test_program_methods/two_pda_claimer.bin differ
diff --git a/artifacts/test_program_methods/validity_window.bin b/artifacts/test_program_methods/validity_window.bin
index 39da5c79..514155d2 100644
Binary files a/artifacts/test_program_methods/validity_window.bin and b/artifacts/test_program_methods/validity_window.bin differ
diff --git a/artifacts/test_program_methods/validity_window_chain_caller.bin b/artifacts/test_program_methods/validity_window_chain_caller.bin
index b1b2ee80..213ae0ea 100644
Binary files a/artifacts/test_program_methods/validity_window_chain_caller.bin and b/artifacts/test_program_methods/validity_window_chain_caller.bin differ
diff --git a/integration_tests/tests/auth_transfer/private.rs b/integration_tests/tests/auth_transfer/private.rs
index 98e641a5..17a2376b 100644
--- a/integration_tests/tests/auth_transfer/private.rs
+++ b/integration_tests/tests/auth_transfer/private.rs
@@ -15,14 +15,6 @@ use lee_core::{
     encryption::{EphemeralPublicKey, ViewingPublicKey},
 };
 use log::info;
-<<<<<<< HEAD
-=======
-use nssa::{AccountId, program::Program};
-use nssa_core::{
-    NullifierPublicKey,
-    encryption::{MlKem768EncapsulationKey, ViewingPublicKey},
-};
->>>>>>> f4315d18 (addressed comments)
 use sequencer_service_rpc::RpcClient as _;
 use tokio::test;
 use wallet::{
@@ -672,9 +664,9 @@ async fn ppt_cant_chain_call_faucet() -> Result<()> {
     let auth_transfer_program_id = Program::authenticated_transfer_program().id();
     let nsk: lee_core::NullifierSecretKey = [3; 32];
     let npk = NullifierPublicKey::from(&nsk);
-    let vpk = MlKem768EncapsulationKey::from_bytes(vec![4_u8; 1184]).unwrap();
+    let _vpk = MlKem768EncapsulationKey::from_bytes(vec![4_u8; 1184]).unwrap();
     let ssk = SharedSecretKey([55_u8; 32]);
-    let epk = EphemeralPublicKey(vec![55_u8; 1088]);
+    let _epk = EphemeralPublicKey(vec![55_u8; 1088]);
     let attacker_vault_id = {
         let seed = vault_core::compute_vault_seed(attacker_id);
         AccountId::for_private_pda(&vault_program_id, &seed, &npk, 1337)
diff --git a/integration_tests/tests/private_pda.rs b/integration_tests/tests/private_pda.rs
index 2579eb80..ea7cafab 100644
--- a/integration_tests/tests/private_pda.rs
+++ b/integration_tests/tests/private_pda.rs
@@ -64,9 +64,9 @@ async fn fund_private_pda(
     let sender_pre = AccountWithMetadata::new(sender_account.clone(), true, sender);
     let pda_pre = AccountWithMetadata::new(Account::default(), false, pda_account_id);
 
-    let eph_holder = EphemeralKeyHolder::new(&npk);
-    let ssk = eph_holder.calculate_shared_secret_sender(&vpk);
-    let epk = eph_holder.generate_ephemeral_public_key();
+    let eph_holder = EphemeralKeyHolder::new(&vpk);
+    let ssk = eph_holder.calculate_shared_secret_sender();
+    let epk = eph_holder.ephemeral_public_key().clone();
 
     let instruction = Program::serialize_instruction(AuthTransferInstruction::Transfer { amount })
         .context("failed to serialize auth_transfer instruction")?;
diff --git a/lee/state_machine/src/state.rs b/lee/state_machine/src/state.rs
index d30b1523..4b74cf55 100644
--- a/lee/state_machine/src/state.rs
+++ b/lee/state_machine/src/state.rs
@@ -421,7 +421,7 @@ pub mod tests {
         BlockId, Commitment, InputAccountIdentity, Nullifier, NullifierPublicKey,
         NullifierSecretKey, SharedSecretKey, Timestamp,
         account::{Account, AccountId, AccountWithMetadata, Nonce, data::Data},
-        encryption::ViewingPublicKey,
+        encryption::{EphemeralPublicKey, ViewingPublicKey},
         program::{
             BlockValidityWindow, ExecutionValidationError, PdaSeed, ProgramId,
             TimestampValidityWindow, WrappedBalanceSum,
@@ -4672,7 +4672,7 @@ pub mod tests {
         };
         let commitment_pda_1_after_spend =
             Commitment::new(&alice_pda_1_id, &alice_pda_1_account_after_spend);
-        let alice_shared_1_refund = SharedSecretKey::new([12; 32], &alice_keys.vpk());
+        let alice_shared_1_refund = SharedSecretKey([12; 32]);
         {
             let recipient_account = state.get_account_by_id(recipient_id);
             let recipient_nonce = recipient_account.nonce;
@@ -4708,7 +4708,7 @@ pub mod tests {
                 vec![(
                     alice_npk,
                     alice_keys.vpk(),
-                    EphemeralPublicKey::from_scalar([12; 32]),
+                    EphemeralPublicKey(vec![12_u8; 1088]),
                 )],
                 output,
             )
diff --git a/tools/crypto_primitives_bench/benches/primitives.rs b/tools/crypto_primitives_bench/benches/primitives.rs
index c7584caa..11c11d9b 100644
--- a/tools/crypto_primitives_bench/benches/primitives.rs
+++ b/tools/crypto_primitives_bench/benches/primitives.rs
@@ -3,7 +3,7 @@
 //! Measures:
 //! - `KeyChain::new_os_random` (mnemonic → SSK → NSK/VSK + public keys)
 //! - `KeyChain::new_mnemonic` (same, but mnemonic exposed)
-//! - `SharedSecretKey::new` (Diffie-Hellman shared key derivation, the per-recipient cost)
+//! - `SharedSecretKey::encapsulate` (ML-KEM-768 encapsulation, the per-recipient cost)
 //! - `EncryptionScheme::encrypt` / `decrypt` (Account note encryption)
 
 use std::time::Duration;
@@ -13,10 +13,8 @@ use key_protocol::key_management::KeyChain;
 use lee_core::{
     Commitment, EncryptionScheme, SharedSecretKey,
     account::{Account, AccountId},
-    encryption::{EphemeralPublicKey, EphemeralSecretKey},
     program::PrivateAccountKind,
 };
-use rand::{RngCore as _, rngs::OsRng};
 
 fn bench_keychain(c: &mut Criterion) {
     let mut g = c.benchmark_group("keychain");
@@ -37,34 +35,22 @@ fn bench_shared_secret_key(c: &mut Criterion) {
 
     let mut g = c.benchmark_group("shared_secret_key");
     g.sample_size(50).noise_threshold(0.05);
-    g.bench_function("sender_dh", |b| {
-        b.iter(|| {
-            let mut bytes = [0_u8; 32];
-            OsRng.fill_bytes(&mut bytes);
-            let esk: EphemeralSecretKey = bytes;
-            let _epk = EphemeralPublicKey::from(&esk);
-            SharedSecretKey::new(esk, &vpk)
-        });
+    g.bench_function("sender_encapsulate", |b| {
+        b.iter(|| SharedSecretKey::encapsulate(&vpk));
     });
     g.finish();
 }
 
 fn bench_encryption(c: &mut Criterion) {
     // One-time setup: a fixed Account/Commitment and a SharedSecretKey to bench
-    // encrypt/decrypt over a representative note. ESK gen is excluded from the
-    // measured loop (covered by the SharedSecretKey bench above).
+    // encrypt/decrypt over a representative note. Encapsulation cost is covered
+    // by the SharedSecretKey bench above.
     let recipient_kc = KeyChain::new_os_random();
-    let vpk = recipient_kc.viewing_public_key;
     let npk = recipient_kc.nullifier_public_key;
     let account = Account::default();
     let account_id = AccountId::for_regular_private_account(&npk, 0);
     let commitment = Commitment::new(&account_id, &account);
-    let shared = {
-        let mut bytes = [0_u8; 32];
-        OsRng.fill_bytes(&mut bytes);
-        let esk: EphemeralSecretKey = bytes;
-        SharedSecretKey::new(esk, &vpk)
-    };
+    let (shared, _epk) = SharedSecretKey::encapsulate(&recipient_kc.viewing_public_key);
     let kind = PrivateAccountKind::Regular(0_u128);
     let output_index: u32 = 0;
 
@@ -73,7 +59,6 @@ fn bench_encryption(c: &mut Criterion) {
     g.bench_function("encrypt", |b| {
         b.iter(|| EncryptionScheme::encrypt(&account, &kind, &shared, &commitment, output_index));
     });
-    // One ciphertext for the decrypt bench (encrypt is deterministic given inputs).
     let ct = EncryptionScheme::encrypt(&account, &kind, &shared, &commitment, output_index);
     g.bench_function("decrypt", |b| {
         b.iter(|| EncryptionScheme::decrypt(&ct, &shared, &commitment, output_index));