We decided to see whether we could reconstruct the attack from this limited information, rather than waiting for the paper to be released. We figured out the main ideas within a day. Within a week we sent the authors our own attack software, running even faster than theirs. We certainly weren’t working full time on this during the week.
We emphasize that this work was not independent of what the paper authors did, and the fact that we were able to reconstruct the attack so quickly should not be viewed as criticism of the merits of the paper. We were starting from some information released by the authors. What we are saying is that, from a security perspective, this information was in fact the critical information in the paper. Here are some questions to think about: