I still don't fully understand — if a low-bit privkey public key is exposed, how could someone potentially derive the private key from it? Could someone please explain how that's possible?
Brute-forcing using the public key is much cheaper than brute-forcing using an address only.