p = 28 35 - 1 = 62207. Number of supersingular j-invariants: 5185, only showing 907 of them.
Color legend: 2-isogenies, 3-isogenies, E0: y2 = x3 + x, Alice, Intermediate curves, E1.
If we wanted to brute-force attack an SIDH public key, we could try every possible private key (m, n). In our example, there are 28 + 27 possible private keys for Alice. The claw attack is an improvement on this.
What we can do is explore all curves connected to E0 via isogenies of degree 24 and store them in a hash table. After that, we may start a DFS exploration from EA bounded to depth 24 until we find a collision with the stored values, E1.
This way, we will recover the secret isogeny that Alice has as secret.