This paper constructs public-key cryptosystems based on the worst-case hardness of approximating the length of a shortest nonzero vector in an $n$-dimensional lattice to within a small poly($n$) factor. The main technical innovation is a classical reduction from certain variants of the shortest vector problem to corresponding versions of the "learning with errors" (LWE) problem. The authors also construct new cryptosystems based on the search version of LWE, including a chosen ciphertext-secure system with a simpler description and a tighter underlying worst-case approximation factor compared to previous constructions. The paper provides a detailed analysis of the security of these cryptosystems, including a proof that the injective trapdoor functions used in the construction are one-way under classical worst-case assumptions. The results demonstrate the potential of using LWE as a foundation for public-key cryptography, providing a classical and robust approach to lattice-based cryptography.This paper constructs public-key cryptosystems based on the worst-case hardness of approximating the length of a shortest nonzero vector in an $n$-dimensional lattice to within a small poly($n$) factor. The main technical innovation is a classical reduction from certain variants of the shortest vector problem to corresponding versions of the "learning with errors" (LWE) problem. The authors also construct new cryptosystems based on the search version of LWE, including a chosen ciphertext-secure system with a simpler description and a tighter underlying worst-case approximation factor compared to previous constructions. The paper provides a detailed analysis of the security of these cryptosystems, including a proof that the injective trapdoor functions used in the construction are one-way under classical worst-case assumptions. The results demonstrate the potential of using LWE as a foundation for public-key cryptography, providing a classical and robust approach to lattice-based cryptography.