In 1976, Diffie and Hellman introduced the revolutionary concept of public-key cryptography,
also known as asymmetric cryptography. Today, asymmetric cryptography is routinely used to secure the Internet.
The most famous and most widely used asymmetric cryptosystem is RSA, invented by Rivest, Shamir and Adleman.
Surprisingly, there are very few alternatives known, and most of them are also based on number theory.
How secure are those asymmetric cryptosystems? Can we attack them in certain settings?
Should we implement RSA the way it was originally described thirty years ago?
Those are typical questions that cryptanalysts have tried to answer since the appearance of public-key cryptography.
In these notes, we present the main techniques and principles used in public-key cryptanalysis,
with a special emphasis on attacks based on lattice basis reduction, and more generally,
on algorithmic geometry of numbers.
To simplify our exposition, we focus on the two most famous asymmetric cryptosystems: RSA and Elgamal.
Cryptanalysis has played a crucial role in the way cryptosystems are now implemented,
and in the development of modern security notions.
Interestingly, it also introduced in cryptology several mathematical objects
which have since proved very useful in cryptographic design.
This is for instance the case of Euclidean lattices, elliptic curves and pairings.