International Association
for Cryptologic Research

A recent preprint [ePrint 2021/469] suggests the use of exponentiation in a non-associative algebraic structure called "entropoid" to construct post-quantum analogues of DLP-based cryptosystems. In this note, we show a polynomial-time reduction from the entropoid version of DLP to the conventional DLP in the underlying finite field. The resulting attack takes less than 10 minutes on a laptop against parameters suggested in [ePrint 2021/469] for 128-bit post-quantum secure key exchange and runs in polynomial time on a quantum computer. We briefly discuss how to generalize the attack to the generic setting.