关键词: 旁路攻击，故障分析，中国剩余定理，RSA密码算法

Abstract: hhe former fault analysis can not attack on RSA-CRh with corresponding countermeasure. In order to find the new vulnerability to fault analysis,this paper took Shamir countermeasure as the analyzed object. An attack model based on fault in CRT combination operation was advanced, and gave a differential fault analysis algorithm that can completely recover the RSA key. The fact that the previous countermeasures can not effectively resist the differential fault analysis was demonstrated,and the complexity of our attack was estimated both by a theoretical analysis and software simulations. Experiment results show that the new fault analysis algorithm has well feasibility; it only requires two fault injections for permanent fault, and an improved scheme of key searching for random fault is advanced. Finally, a corresponding advice on countermeasure to differential fault analysis was given by analyzing the problem of previous countermeasures.

Key words: Side channel attack, Fault model, Differential fault analysis, Error checking, Chinese remainder theorem RSA