Public key encryption (secure against passive attacks) was the first application and main motivation to investigate the LWE problem.

**On lattices, learning with errors, random linear codes, and cryptography**

(*Regev*- J.ACM 2009 / STOC 2005)**Public-Key Cryptosystems from the Worst-Case Shortest Vector Problem**

(*Peikert*, STOC 2009)**On Ideal Lattices and Learning with Errors over Rings**

(*Lyubashevsky, Peikert & Regev*- J.ACM 2013 / Eurocrypt 2010)**Better Key Sizes (and Attacks) for LWE-Based Encryption**

(*Lindner & Peikert*- CT-RSA 2011)**Efficient Public Key Encryption Based on Ideal Lattices**

(*Stehle, Steinfeld, Tanaka & Xagawa*- Asiacrypt 2009)**Multi-bit Cryptosystems Based on Lattice Problems]**

(*Kawachi, Tanaka & Xagawa*- PKC 2007)

**Bi-Deniable Public-Key Encryption**

(*O’Neill, Peikert & Waters*- Crypto 2011)**Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems**

(*Applebaum, Cash, Peikert & Sahai*- Crypto 2009)**Lattice-based completely non-malleable public-key encryption in the standard model**

(*Sepahi, Steinfeld & Pieprzyk*- DCC 2014)**Lattice-based certificateless public-key encryption in the standard model**

(*Sepahi, Steinfeld & Pieprzyk*- IJIS 2014)**A Simple BGN-Type Cryptosystem from LWE**

(*Gentry, Halevi & Vaikuntanathan*- Eurocrypt 2010)**One-Shot Verifiable Encryption from Lattices**

(*Lyubashevsky & Neven*- EuroCrypt 2017)