Entropoid-based cryptography is group exponentiation in disguise

A recent preprint [3] suggests the use of exponentiation in a non-associative algebraic structure called entropoid to construct postquantum analogues of DLP-based cryptosystems. In this note, we show a polynomial-time reduction from the entropoid version of DLP to the conventional DLP in the underlying finite field. The resulting attack takes less than 10 minutes on a laptop against parameters suggested in [3] for 128-bit post-quantum secure key exchange and runs in polynomial time on a quantum computer. We briefly discuss how to generalize the attack to the generic setting.