The vulnerability stems from fundamental mathematical weaknesses in the SIDH protocol and SIKE implementation identified by Castryck and Decru. The advisory explicitly states these schemes were removed in the patched version. While specific function names aren't shown in diffs, the oqs crate's KEM module structure and RustSec advisory directly reference these Algorithm enum variants as the vulnerable components. The confidence is high because: 1) The schemes were completely removed rather than patched 2) The attack fundamentally breaks the cryptographic security guarantees 3) The advisory specifically calls out these algorithm variants as affected components.