Notes on a claim that a mceliece348864 distinguisher uses only 2^529 operations [pdf]

&gt;- The costs claimed in [16] are 2529 for the smallest proposed Classic McEliece param- eters. This is much more expensive than a brute-force search through 256-bit seeds, and much more expensive than ISD.<p>&gt;- The costs are for an algorithm that is merely distinguishing public keys from random, not attacking OW-CPA. The indistinguishability assumption targeted in [16] is not used in the Classic McEliece security analysis; it is even explicitly disclaimed by the Classic McEliece security analysis.<p>&gt; [16] incorrectly suggests that it (1) attacks a problem that Classic McEliece relies upon and (2) is faster than the best previous attacks against Classic McEliece. We promptly responded when [16] appeared, but no errata were issued. Some third parties are now citing [16] as supposedly significant attack progress.<p>[16] Hugues Randriambololona. The syzygy distinguisher, 2024. URL: <a href="https:&#x2F;&#x2F;eprint" rel="nofollow">https:&#x2F;&#x2F;eprint</a>. iacr.org&#x2F;archive&#x2F;2024&#x2F;1193&#x2F;1722424045.p