Examples of SSH key exchange algorithms requiring encryption-capable host keys

In the SSH spec, Section 7.1, key exchange algorithms are distinguished based on whether they require an "encryption-capable" or a "signature-capable" host key algorithm.

If I understood their details correctly, the well-known DH-based key exchanges algorithms such as curve25519-sha256, diffie-hellman-group14-sha256 and ecdh-sha2-nistp256 all require a signature-capable host key algorithm. What are examples of SSH key exchange algorithms that instead require an encryption-capable host key algorithm?