Abstract: One key problem in the cryptanalysis of GSM authentication algorithm COMP128 is identified and analyzed. After proving the NP-hardness of this problem, an approximate but practical solution is presented, which can improve the attack efficiency of the best attack software ever known.

Key words: COMP128, Cryptanalysis, NP-hardness, Greedy algorithm

摘要： COMP128算法是GSM协议采用的认证算法。该文分析了该算法攻击过程中的一个关键问题，在证明该问题为NP难题后，用贪婪算法给出了实用的较优解，这个结果比已知最好的攻击软件采用的值有所优化。

关键词: COMP128, 密码分析, NP难题, 贪婪算法