BTC price recovers to 3-day highs as new whale support forms at $19.2K

I am trying to understand the small subgroup confinement attack on the Diffie-Hellman algorithm. I will present the attack and try to explain why it works.

Small subgroup confinement attack on the Diffie-Hellman algorithm

Let $mathbb{Z}_p^*$ be a group, where $p$ is a large prime and let $alpha$ be a primitive root modulo $p$. Let’s consider that Alice and Bob want to do a key agreement on the whole cyclic group $mathbb{Z}^*_p$ using the Diffie-Hellman algorithm. The following sequence diagram illustrates how Eve can perform a small subgroup confinement attack:

By doing this, if $k$ is well-chosen, the secret $S$ can be found by exhaustive search.

How to choose the $k$-value

As $p$ is a prime number, the order of $mathbb{Z}^*_p$ is a composite, so there exist subgroups. Say $mathbb{G}_w$ is one small subgroup of prime order $w$. So by picking $k = frac{p-1}{w}$, the secret value $S in mathbb{G}_w$ can be found by exhaustive search, efficiently, in the small subgroup $mathbb{G}_w$.

Why does it work?

In this section I will try to prove that $S in mathbb{G}_w$.

We know that $wtext{ | } (p-1)$, so $exists k$ such that $p-1 = w times k$. Plus, we know that $mathsf{ord}(alpha) = p – 1$ because $alpha$ is a primitive root modulo $p$ and a consequence of Cauchy’s theorem is that, given an element $x$, $mathsf{ord}(x^k) = frac{mathsf{ord}(x)}{(mathsf{ord}(x) wedge k)}$.
(Here, $wedge$ denotes the greatest common divisor between two numbers.) So, in our case, we have:

$$mathsf{ord}(alpha^{ab(p-1)/w}) = mathsf{ord}(alpha^{abk}) = frac{mathsf{ord}(alpha)}{(mathsf{ord}(alpha) wedge abk)} = frac{(p-1)}{((p-1) wedge abk)} = frac{wk}{ (wk wedge abk)}$$

And, we know that $(wk wedge abk) = k$, because $w$ is a prime number. Therefore,

$$mathsf{ord}(alpha^{ab(p-1)/w}) = frac{wk}{k} = w$$

As a result, we can conclude that $S in mathbb{G}_w$.

Could someone approve or disapprove my demo?