[mixedmath]

NTRU is another quantum-secure (i.e. thought to be quantum-secure) cryptosystem. It can do most things we demand from public-key cryptosystems. More generally, there is no known quantum attack that significantly breaks lattice-based cryptosystems.

[eximius]

While true, LLL basis reduction is quite effective against it. To counter it, your key must be much larger. Further, it multiplies the length of the ciphertext, IIRC (or something gets bigger...).

[williamjennings]

I want to specify that and say there is no known quantum device which can successfully break lattice-based cryptosystems.

Even if there was such a machine, the number of people who could write code for it is less than or equal to ten.