fix clippy errors from main merge

Cargo.lock

@@ -273,7 +273,7 @@ dependencies = [
  "ark-std 0.4.0",
  "blake2",
  "derivative",
- "digest",
+ "digest 0.10.7",
  "sha2",
 ]
 
@@ -293,7 +293,7 @@ dependencies = [
  "ark-std 0.5.0",
  "blake2",
  "derivative",
- "digest",
+ "digest 0.10.7",
  "fnv",
  "merlin",
  "sha2",
@@ -359,7 +359,7 @@ dependencies = [
  "ark-serialize 0.4.2",
  "ark-std 0.4.0",
  "derivative",
- "digest",
+ "digest 0.10.7",
  "itertools 0.10.5",
  "num-bigint 0.4.6",
  "num-traits",
@@ -379,7 +379,7 @@ dependencies = [
  "ark-serialize 0.5.0",
  "ark-std 0.5.0",
  "arrayvec",
- "digest",
+ "digest 0.10.7",
  "educe",
  "itertools 0.13.0",
  "num-bigint 0.4.6",
@@ -541,7 +541,7 @@ checksum = "adb7b85a02b83d2f22f89bd5cac66c9c89474240cb6207cb1efc16d098e822a5"
 dependencies = [
  "ark-serialize-derive 0.4.2",
  "ark-std 0.4.0",
- "digest",
+ "digest 0.10.7",
  "num-bigint 0.4.6",
 ]
 
@@ -554,7 +554,7 @@ dependencies = [
  "ark-serialize-derive 0.5.0",
  "ark-std 0.5.0",
  "arrayvec",
- "digest",
+ "digest 0.10.7",
  "num-bigint 0.4.6",
 ]
 
@@ -1192,7 +1192,7 @@ version = "0.10.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe"
 dependencies = [
- "digest",
+ "digest 0.10.7",
 ]
 
 [[package]]
@@ -1622,6 +1622,12 @@ dependencies = [
  "nssa_core",
 ]
 
+[[package]]
+name = "cmov"
+version = "0.5.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0c9ea0ac24bc397ab3c98583a3c9ba74fa56b09a4449bbe172b9b1ddb016027a"
+
 [[package]]
 name = "cobs"
 version = "0.3.0"
@@ -1757,6 +1763,12 @@ version = "0.9.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
 
+[[package]]
+name = "const-oid"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c"
+
 [[package]]
 name = "const-str"
 version = "0.4.3"
@@ -2023,17 +2035,22 @@ version = "0.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "77727bb15fa921304124b128af125e7e3b968275d1b108b379190264f4423710"
 dependencies = [
+ "getrandom 0.4.2",
  "hybrid-array",
+ "rand_core 0.10.1",
 ]
 
 [[package]]
 name = "crypto_primitives_bench"
 version = "0.1.0"
 dependencies = [
+ "anyhow",
  "criterion",
  "key_protocol",
  "nssa_core",
  "rand 0.8.5",
+ "serde",
+ "serde_json",
 ]
 
 [[package]]
@@ -2045,6 +2062,15 @@ dependencies = [
  "cipher 0.4.4",
 ]
 
+[[package]]
+name = "ctutils"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7d5515a3834141de9eafb9717ad39eea8247b5674e6066c404e8c4b365d2a29e"
+dependencies = [
+ "cmov",
+]
+
 [[package]]
 name = "curve25519-dalek"
 version = "4.1.3"
@@ -2054,7 +2080,7 @@ dependencies = [
  "cfg-if",
  "cpufeatures 0.2.17",
  "curve25519-dalek-derive",
- "digest",
+ "digest 0.10.7",
  "fiat-crypto",
  "rustc_version",
  "serde",
@@ -2186,7 +2212,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7ab67060fc6b8ef687992d439ca0fa36e7ed17e9a0b16b25b601e8757df720de"
 dependencies = [
  "data-encoding",
- "syn 1.0.109",
+ "syn 2.0.117",
 ]
 
 [[package]]
@@ -2195,11 +2221,21 @@ version = "0.7.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb"
 dependencies = [
- "const-oid",
+ "const-oid 0.9.6",
  "pem-rfc7468",
  "zeroize",
 ]
 
+[[package]]
+name = "der"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "71fd89660b2dc699704064e59e9dba0147b903e85319429e131620d022be411b"
+dependencies = [
+ "const-oid 0.10.2",
+ "zeroize",
+]
+
 [[package]]
 name = "der-parser"
 version = "10.0.0"
@@ -2318,11 +2354,21 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
 dependencies = [
  "block-buffer 0.10.4",
- "const-oid",
+ "const-oid 0.9.6",
  "crypto-common 0.1.7",
  "subtle",
 ]
 
+[[package]]
+name = "digest"
+version = "0.11.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f1dd6dbb5841937940781866fa1281a1ff7bd3bf827091440879f9994983d5c2"
+dependencies = [
+ "block-buffer 0.12.0",
+ "crypto-common 0.2.1",
+]
+
 [[package]]
 name = "directories"
 version = "6.0.0"
@@ -2416,7 +2462,7 @@ version = "0.2.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9ac1e888d6830712d565b2f3a974be3200be9296bc1b03db8251a4cbf18a4a34"
 dependencies = [
- "digest",
+ "digest 0.10.7",
  "futures",
  "rand 0.8.5",
  "reqwest",
@@ -2448,13 +2494,13 @@ version = "0.16.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ee27f32b5c5292967d2d4a9d7f1e0b0aed2c15daded5a60300e4abb9d8020bca"
 dependencies = [
- "der",
+ "der 0.7.10",
- "digest",
+ "digest 0.10.7",
  "elliptic-curve",
  "rfc6979",
  "serdect",
  "signature",
- "spki",
+ "spki 0.7.3",
 ]
 
 [[package]]
@@ -2463,7 +2509,7 @@ version = "2.2.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53"
 dependencies = [
- "pkcs8",
+ "pkcs8 0.10.2",
  "serde",
  "signature",
 ]
@@ -2525,12 +2571,12 @@ checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47"
 dependencies = [
  "base16ct",
  "crypto-bigint",
- "digest",
+ "digest 0.10.7",
  "ff",
  "generic-array 0.14.7",
  "group",
  "pem-rfc7468",
- "pkcs8",
+ "pkcs8 0.10.2",
  "rand_core 0.6.4",
  "sec1",
  "serdect",
@@ -2670,7 +2716,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
 dependencies = [
  "libc",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -3436,7 +3482,7 @@ version = "0.12.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
 dependencies = [
- "digest",
+ "digest 0.10.7",
 ]
 
 [[package]]
@@ -3558,6 +3604,7 @@ version = "0.4.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "8655f91cd07f2b9d0c24137bd650fe69617773435ee5ec83022377777ce65ef1"
 dependencies = [
+ "ctutils",
  "typenum",
 ]
 
@@ -4504,6 +4551,26 @@ dependencies = [
  "cpufeatures 0.2.17",
 ]
 
+[[package]]
+name = "keccak"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9e24a010dd405bd7ed803e5253182815b41bf2e6a80cc3bfc066658e03a198aa"
+dependencies = [
+ "cfg-if",
+ "cpufeatures 0.3.0",
+]
+
+[[package]]
+name = "kem"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "01737161ba802849cfd486b5bd209d38ba4943494c249a8126005170c7621edd"
+dependencies = [
+ "crypto-common 0.2.1",
+ "rand_core 0.10.1",
+]
+
 [[package]]
 name = "key_protocol"
 version = "0.1.0"
@@ -4518,6 +4585,7 @@ dependencies = [
  "hmac-sha512",
  "itertools 0.14.0",
  "k256",
+ "ml-kem",
  "nssa",
  "nssa_core",
  "rand 0.8.5",
@@ -6182,7 +6250,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "58c38e2799fc0978b65dfff8023ec7843e2330bb462f19198840b34b6582397d"
 dependencies = [
  "byteorder",
- "keccak",
+ "keccak 0.1.6",
  "rand_core 0.6.4",
  "zeroize",
 ]
@@ -6245,6 +6313,31 @@ dependencies = [
  "windows-sys 0.61.2",
 ]
 
+[[package]]
+name = "ml-kem"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5e15f3e5b957493873e396a66914e83e616b6afe335cdef7efe5c6e1216aba66"
+dependencies = [
+ "hybrid-array",
+ "kem",
+ "module-lattice",
+ "pkcs8 0.11.0",
+ "rand_core 0.10.1",
+ "sha3",
+]
+
+[[package]]
+name = "module-lattice"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0c61b87c9683ab7cb1c6871d261ad5479b6b10ceb52c4352aaca3b5d35a8febe"
+dependencies = [
+ "ctutils",
+ "hybrid-array",
+ "num-traits",
+]
+
 [[package]]
 name = "moka"
 version = "0.12.15"
@@ -6497,10 +6590,10 @@ dependencies = [
  "ark-ec 0.4.2",
  "ark-ff 0.4.2",
  "ark-serialize 0.4.2",
- "digest",
+ "digest 0.10.7",
  "generic-array 0.14.7",
  "hex",
- "keccak",
+ "keccak 0.1.6",
  "log",
  "rand 0.8.5",
  "zeroize",
@@ -6590,7 +6683,7 @@ dependencies = [
  "bytemuck",
  "bytesize",
  "chacha20",
- "k256",
+ "ml-kem",
  "risc0-zkvm",
  "serde",
  "serde_json",
@@ -7142,9 +7235,9 @@ version = "0.7.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
 dependencies = [
- "der",
+ "der 0.7.10",
- "pkcs8",
+ "pkcs8 0.10.2",
- "spki",
+ "spki 0.7.3",
 ]
 
 [[package]]
@@ -7153,8 +7246,18 @@ version = "0.10.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
 dependencies = [
- "der",
+ "der 0.7.10",
- "spki",
+ "spki 0.7.3",
+]
+
+[[package]]
+name = "pkcs8"
+version = "0.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "451913da69c775a56034ea8d9003d27ee8948e12443eae7c038ba100a4f21cb7"
+dependencies = [
+ "der 0.8.0",
+ "spki 0.8.0",
 ]
 
 [[package]]
@@ -7627,7 +7730,7 @@ dependencies = [
  "quinn-udp",
  "rustc-hash",
  "rustls",
- "socket2 0.5.10",
+ "socket2 0.6.3",
  "thiserror 2.0.18",
  "tokio",
  "tracing",
@@ -7664,9 +7767,9 @@ dependencies = [
  "cfg_aliases",
  "libc",
  "once_cell",
- "socket2 0.5.10",
+ "socket2 0.6.3",
  "tracing",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -8126,7 +8229,7 @@ dependencies = [
  "anyhow",
  "bytemuck",
  "cfg-if",
- "keccak",
+ "keccak 0.1.6",
  "liblzma",
  "paste",
  "rayon",
@@ -8309,7 +8412,7 @@ dependencies = [
  "borsh",
  "bytemuck",
  "cfg-if",
- "digest",
+ "digest 0.10.7",
  "ff",
  "hex",
  "hex-literal 0.4.1",
@@ -8348,7 +8451,7 @@ dependencies = [
  "gdbstub_arch",
  "gimli",
  "hex",
- "keccak",
+ "keccak 0.1.6",
  "lazy-regex",
  "num-bigint 0.4.6",
  "num-traits",
@@ -8466,16 +8569,16 @@ version = "0.9.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b8573f03f5883dcaebdfcf4725caa1ecb9c15b2ef50c43a07b816e06799bb12d"
 dependencies = [
- "const-oid",
+ "const-oid 0.9.6",
- "digest",
+ "digest 0.10.7",
  "num-bigint-dig",
  "num-integer",
  "num-traits",
  "pkcs1",
- "pkcs8",
+ "pkcs8 0.10.2",
  "rand_core 0.6.4",
  "signature",
- "spki",
+ "spki 0.7.3",
  "subtle",
  "zeroize",
 ]
@@ -8585,7 +8688,7 @@ dependencies = [
  "errno",
  "libc",
  "linux-raw-sys",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -8643,7 +8746,7 @@ dependencies = [
  "security-framework",
  "security-framework-sys",
  "webpki-root-certs 0.26.11",
- "windows-sys 0.52.0",
+ "windows-sys 0.59.0",
 ]
 
 [[package]]
@@ -8791,9 +8894,9 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc"
 dependencies = [
  "base16ct",
- "der",
+ "der 0.7.10",
  "generic-array 0.14.7",
- "pkcs8",
+ "pkcs8 0.10.2",
  "serdect",
  "subtle",
  "zeroize",
@@ -9181,7 +9284,7 @@ checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
 dependencies = [
  "cfg-if",
  "cpufeatures 0.2.17",
- "digest",
+ "digest 0.10.7",
 ]
 
 [[package]]
@@ -9192,7 +9295,17 @@ checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
 dependencies = [
  "cfg-if",
  "cpufeatures 0.2.17",
- "digest",
+ "digest 0.10.7",
+]
+
+[[package]]
+name = "sha3"
+version = "0.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "be176f1a57ce4e3d31c1a166222d9768de5954f811601fb7ca06fc8203905ce1"
+dependencies = [
+ "digest 0.11.3",
+ "keccak 0.2.0",
 ]
 
 [[package]]
@@ -9226,7 +9339,7 @@ version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
 dependencies = [
- "digest",
+ "digest 0.10.7",
  "rand_core 0.6.4",
 ]
 
@@ -9325,7 +9438,17 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
 dependencies = [
  "base64ct",
- "der",
+ "der 0.7.10",
+]
+
+[[package]]
+name = "spki"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1d9efca8738c78ee9484207732f728b1ef517bbb1833d6fc0879ca898a522f6f"
+dependencies = [
+ "base64ct",
+ "der 0.8.0",
 ]
 
 [[package]]
@@ -9570,7 +9693,7 @@ dependencies = [
  "getrandom 0.4.2",
  "once_cell",
  "rustix",
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]
@@ -10986,7 +11109,7 @@ version = "0.1.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c2a7b1c03c876122aa43f3020e6c3c3ee5c05081c9a00739faf7503aeba10d22"
 dependencies = [
- "windows-sys 0.52.0",
+ "windows-sys 0.61.2",
 ]
 
 [[package]]

integration_tests/tests/auth_transfer/private.rs

@@ -12,7 +12,8 @@ use nssa::{
     privacy_preserving_transaction::circuit::ProgramWithDependencies, program::Program,
 };
 use nssa_core::{
-    InputAccountIdentity, NullifierPublicKey, account::AccountWithMetadata,
+    InputAccountIdentity, NullifierPublicKey,
+    account::AccountWithMetadata,
     encryption::{EphemeralPublicKey, MlKem768EncapsulationKey, ViewingPublicKey},
 };
 use sequencer_service_rpc::RpcClient as _;
@@ -664,9 +665,9 @@ async fn ppt_cant_chain_call_faucet() -> Result<()> {
     let auth_transfer_program_id = Program::authenticated_transfer_program().id();
     let nsk: nssa_core::NullifierSecretKey = [3; 32];
     let npk = NullifierPublicKey::from(&nsk);
-    let vpk = MlKem768EncapsulationKey::from_bytes(vec![4_u8; 1184]).unwrap();
+    let _vpk = MlKem768EncapsulationKey::from_bytes(vec![4_u8; 1184]).unwrap();
     let ssk = SharedSecretKey([55_u8; 32]);
-    let epk = EphemeralPublicKey(vec![55_u8; 1088]);
+    let _epk = EphemeralPublicKey(vec![55_u8; 1088]);
     let attacker_vault_id = {
         let seed = vault_core::compute_vault_seed(attacker_id);
         AccountId::for_private_pda(&vault_program_id, &seed, &npk, 1337)

integration_tests/tests/private_pda.rs

@@ -64,9 +64,9 @@ async fn fund_private_pda(
     let sender_pre = AccountWithMetadata::new(sender_account.clone(), true, sender);
     let pda_pre = AccountWithMetadata::new(Account::default(), false, pda_account_id);
 
-    let eph_holder = EphemeralKeyHolder::new(&npk);
+    let eph_holder = EphemeralKeyHolder::new(&vpk);
-    let ssk = eph_holder.calculate_shared_secret_sender(&vpk);
+    let ssk = eph_holder.calculate_shared_secret_sender();
-    let epk = eph_holder.generate_ephemeral_public_key();
+    let epk = eph_holder.ephemeral_public_key().clone();
 
     let instruction = Program::serialize_instruction(AuthTransferInstruction::Transfer { amount })
         .context("failed to serialize auth_transfer instruction")?;

nssa/src/state.rs

@@ -423,7 +423,7 @@ pub mod tests {
         BlockId, Commitment, InputAccountIdentity, Nullifier, NullifierPublicKey,
         NullifierSecretKey, SharedSecretKey, Timestamp,
         account::{Account, AccountId, AccountWithMetadata, Nonce, data::Data},
-        encryption::ViewingPublicKey,
+        encryption::{EphemeralPublicKey, ViewingPublicKey},
         program::{
             BlockValidityWindow, ExecutionValidationError, PdaSeed, ProgramId,
             TimestampValidityWindow, WrappedBalanceSum,
@@ -4674,7 +4674,7 @@ pub mod tests {
         };
         let commitment_pda_1_after_spend =
             Commitment::new(&alice_pda_1_id, &alice_pda_1_account_after_spend);
-        let alice_shared_1_refund = SharedSecretKey::new([12; 32], &alice_keys.vpk());
+        let alice_shared_1_refund = SharedSecretKey([12; 32]);
         {
             let recipient_account = state.get_account_by_id(recipient_id);
             let recipient_nonce = recipient_account.nonce;
@@ -4710,7 +4710,7 @@ pub mod tests {
                 vec![(
                     alice_npk,
                     alice_keys.vpk(),
-                    EphemeralPublicKey::from_scalar([12; 32]),
+                    EphemeralPublicKey(vec![12_u8; 1088]),
                 )],
                 output,
             )

tools/crypto_primitives_bench/benches/primitives.rs

@@ -3,7 +3,7 @@
 //! Measures:
 //! - `KeyChain::new_os_random` (mnemonic → SSK → NSK/VSK + public keys)
 //! - `KeyChain::new_mnemonic` (same, but mnemonic exposed)
-//! - `SharedSecretKey::new` (Diffie-Hellman shared key derivation, the per-recipient cost)
+//! - `SharedSecretKey::encapsulate` (ML-KEM-768 encapsulation, the per-recipient cost)
 //! - `EncryptionScheme::encrypt` / `decrypt` (Account note encryption)
 
 use std::time::Duration;
@@ -13,10 +13,8 @@ use key_protocol::key_management::KeyChain;
 use nssa_core::{
     Commitment, EncryptionScheme, SharedSecretKey,
     account::{Account, AccountId},
-    encryption::{EphemeralPublicKey, EphemeralSecretKey},
     program::PrivateAccountKind,
 };
-use rand::{RngCore as _, rngs::OsRng};
 
 fn bench_keychain(c: &mut Criterion) {
     let mut g = c.benchmark_group("keychain");
@@ -37,34 +35,22 @@ fn bench_shared_secret_key(c: &mut Criterion) {
 
     let mut g = c.benchmark_group("shared_secret_key");
     g.sample_size(50).noise_threshold(0.05);
-    g.bench_function("sender_dh", |b| {
+    g.bench_function("sender_encapsulate", |b| {
-        b.iter(|| {
+        b.iter(|| SharedSecretKey::encapsulate(&vpk));
-            let mut bytes = [0_u8; 32];
-            OsRng.fill_bytes(&mut bytes);
-            let esk: EphemeralSecretKey = bytes;
-            let _epk = EphemeralPublicKey::from(&esk);
-            SharedSecretKey::new(esk, &vpk)
-        });
     });
     g.finish();
 }
 
 fn bench_encryption(c: &mut Criterion) {
     // One-time setup: a fixed Account/Commitment and a SharedSecretKey to bench
-    // encrypt/decrypt over a representative note. ESK gen is excluded from the
+    // encrypt/decrypt over a representative note. Encapsulation cost is covered
-    // measured loop (covered by the SharedSecretKey bench above).
+    // by the SharedSecretKey bench above.
     let recipient_kc = KeyChain::new_os_random();
-    let vpk = recipient_kc.viewing_public_key;
     let npk = recipient_kc.nullifier_public_key;
     let account = Account::default();
     let account_id = AccountId::for_regular_private_account(&npk, 0);
     let commitment = Commitment::new(&account_id, &account);
-    let shared = {
+    let (shared, _epk) = SharedSecretKey::encapsulate(&recipient_kc.viewing_public_key);
-        let mut bytes = [0_u8; 32];
-        OsRng.fill_bytes(&mut bytes);
-        let esk: EphemeralSecretKey = bytes;
-        SharedSecretKey::new(esk, &vpk)
-    };
     let kind = PrivateAccountKind::Regular(0_u128);
     let output_index: u32 = 0;
 
@@ -73,7 +59,6 @@ fn bench_encryption(c: &mut Criterion) {
     g.bench_function("encrypt", |b| {
         b.iter(|| EncryptionScheme::encrypt(&account, &kind, &shared, &commitment, output_index));
     });
-    // One ciphertext for the decrypt bench (encrypt is deterministic given inputs).
     let ct = EncryptionScheme::encrypt(&account, &kind, &shared, &commitment, output_index);
     g.bench_function("decrypt", |b| {
         b.iter(|| EncryptionScheme::decrypt(&ct, &shared, &commitment, output_index));