关键词: 旁路攻击，故障模型，差分故障分析，错误检验，中国剩余定理，RSA密码算法

Abstract: The former fault analysis can't attack on RSA-CRT with corresponding countermeasure. In order to find the new vulnerability to fault analysis,this paper took BOS countermeasure as the analyzed object An attack model based on fault in error checking operation was advanced, and a differential fault analysis algorithm was given that can completely recover the RSA key. The fact that the previous countermeasures can't effectively resist the differential fault analysis was demonstrated,and the complexity of our attack was estimated both by a theoretical analysis and software simulations. Experiment results show that the new fault analysis algorithm has well feasibility, it requires less faulty signature samples than Wagner's attack algorithm, almost need 256 samples for single byte fault Finally, a corresponding advice on countermen sure to differential fault analysis was given by analyzing the problem of previous countermeasures.

Key words: Side channel attack, Fault model, Differential fault analysis, Error checking, Chinese remainder theorem,RSA