[czbond]

You KNOW they first had to do this in the normal way (large scale, distributed servers)..... and cracked it in like a second. Then for grins, the engineer HAD to say "I wonder if I could do this on my old Mac mini". And it worked.

And for embarrassment of the original design, the story, and clickbait... they did it on that old machine

[undersuit]

Why would you know that?

They used an Intel Xeon CPU E5-2630v2, it's in the paper. What if in the process of crafting the attack on their old workstation PC they found that it was seemingly possible to do low key sizes very quickly and scaled up from there to a practical attack. Or maybe they have quite the competency in Mathematics and realized their attack was not that computationally expensive.

>Ran on a single core, the appended Magma code breaks the Microsoft SIKE challenges $IKEp182 and $IKEp217 in about 4 minutes and 6 minutes, respectively. A run on the SIKEp434 parameters, previously believed to meet NIST’s quantum security level 1, took about 62 minutes, again on a single core. We also ran the code on random instances of SIKEp503 (level 2), SIKEp610 (level 3) and SIKEp751 (level 5), which took about 2h19m, 8h15m and 20h37m, respectively.

[tashbarg]

Mathematicians do not have funding for „large scale“. A 10-year old mid-range server is exactly the kind of system I would expect Magma to run on in the average case. Perhaps even just a desktop pc.

Source: worked with algebra researchers using Magma.

[czbond]

I was being a bit facetious, but not by much. Maybe because they're mathematicians and had found a theorem - but a pen tester wouldn't have.

It costs less than a few hundred bucks to do numerous, multi compute AWS server spot instances for cracks on large dictionaries with large hash rates, on random seed password lists (where each password has it's own seed).

If it was trying to crack a quantum-safe where by design the classical computer shouldn't be able to even solve it (except for potentially with a theorem hole) - you'd think they'd start higher.

[Retr0id]

Almost certainly not. They'd have started prototyping the attack with small numbers, and once it started working, slowly scaling it up.

[Ar-Curunir]

The authors of the the attack are primarily theoreticians. The only implementation they provided was a Sagemath one. I don’t think there was ever any distributed impl for this algorithm.

[er4hn]

if anyone would have a sense of the number of operations required, you'd hope it was a mathematician.