A reconciliation approach to key generation based on Module-LWE

We consider a key encapsulation mechanism (KEM) based on Module-LWE where reconciliation is performed on the 8-dimensional lattice $E_8$, which admits a fast CVP algorithm. Our scheme generates 256 bits of key and requires 3 or 4 bits of reconciliation per dimension. We show that it can outperform Kyber in terms of the modulus q with comparable error probability. We prove that our protocol is IND-CPA secure and improves the security level of Kyber by 7.3%.