I would be interested to see performance stats - I would expect an optimized attack (batch point inversion, large precomputed table to speed up multiplication, not bothering to try to be constant time) to run well over an order of magnitude faster than that.
Not that it's particularly worth bothering if you have an 80 core machine and only 13 billion keys to check.
