diff --git a/examples/kyber768_encapsulate.rs b/examples/kyber768_encapsulate.rs
new file mode 100644
index 000000000..1ad3aad99
--- /dev/null
+++ b/examples/kyber768_encapsulate.rs
@@ -0,0 +1,13 @@
+use libcrux::digest;
+use libcrux::drbg::Drbg;
+use libcrux::kem;
+
+fn main() {
+    let mut drbg = Drbg::new(digest::Algorithm::Sha256).unwrap();
+    let (_secret_key, public_key) = kem::key_gen(kem::Algorithm::Kyber768, &mut drbg).unwrap();
+
+    for _i in 0..100000 {
+        let (_shared_secret, _ciphertext) =
+            kem::encapsulate(kem::Algorithm::Kyber768, &public_key, &mut drbg).unwrap();
+    }
+}
diff --git a/src/kem.rs b/src/kem.rs
index 97c8afe4c..795f82215 100644
--- a/src/kem.rs
+++ b/src/kem.rs
@@ -117,9 +117,9 @@ pub fn encapsulate(
     pk: &[u8],
     rng: &mut (impl CryptoRng + Rng),
 ) -> Result<(Vec<u8>, Vec<u8>), Error> {
-    let (new_sk, new_pk) = key_gen(alg, rng)?;
     match alg {
         Algorithm::X25519 | Algorithm::Secp256r1 => {
+            let (new_sk, new_pk) = key_gen(alg, rng)?;
             let gxy = ecdh::derive(alg.try_into().unwrap(), pk, &new_sk)?;
             Ok((gxy, new_pk))
         }
diff --git a/src/kem/kyber768/ind_cpa.rs b/src/kem/kyber768/ind_cpa.rs
index 556ddfd19..690d70316 100644
--- a/src/kem/kyber768/ind_cpa.rs
+++ b/src/kem/kyber768/ind_cpa.rs
@@ -248,9 +248,9 @@ pub(crate) fn encrypt(
     let error_2 = sample_from_binomial_distribution_2(prf_output);
 
     // u := NTT^{-1}(AˆT ◦ rˆ) + e_1
-    let mut u = multiply_matrix_by_column(&A_transpose, &r_as_ntt).map(invert_ntt);
+    let mut u = multiply_matrix_by_column(&A_transpose, &r_as_ntt);
     for i in 0..RANK {
-        u[i] = u[i] + error_1[i];
+        u[i] = invert_ntt(u[i]) + error_1[i];
     }
 
     // v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1)