I will describe some recent progress on lattice-based cryptosystems, focusing on a recent public-key cryptosystem presented in STOC 2005. The security of this cryptosystem is based on the worst-case *quantum* hardness of SVP and SIVP. Previous lattice-based public-key cryptosystems such as the one by Ajtai and Dwork are based on unique-SVP, a special case of SVP. The new cryptosystem is much more efficient than previous cryptosystems: the public key is of size O˜(n) and encrypting a message increases its size by O˜(n) (in previous cryptosystems these values are O˜(n4) and O˜(n2), respectively).