We describe the technique of physical-layer cryptography based on using a massiveMIMOchannel as a key between the sender and desired receiver, which need not be secret. The goal is for low-complexity encoding and decoding by the desired transmitter-receiver pair, whereas decoding by an eavesdropper is hard in terms of prohibitive complexity.The decoding complexity is analyzed by mapping themassive MIMO system to a lattice. We show that the eavesdropper’s decoder for the MIMO system with M-PAM modulation is equivalent to solving standard lattice problems that are conjectured to be of exponential complexity for both classical and quantum computers. Hence, under the widely-held conjecture that standard lattice problems are hard to solve, the proposed encryption scheme has amore robust notion of security than that of the most common encryption methods used today such as RSA and Diffie-Hellman. Additionally, we show that this scheme could be used to construct a cryptosystem that achieves security under Chosen-Ciphertext Attack, without the use of a pre-shared secret and little computational overhead. Thus, by exploiting the physical layer properties of the radio channel, the massive MIMO system provides for low-complexity encryption commensurate with the most sophisticated forms of application-layer encryption that are currently known.