Wagner's Attack on a Secure CRT-RSA Algorithm Reconsidered.

At CCS 2003, a new CRT-RSA algorithm was presented in [BOS03], which was claimed to be secure against fault attacks for various fault models. At CCS 2004, David Wagner presented an attack on the proposed scheme, claiming that the so-called BOS scheme was insecure for all presented fault models [Wag04]. However, the attack itself contains a flaw which shows that although the BOS scheme is broken in some fault models, it is not broken in the most realistic "random fault model". This paper points out the flaw in the attack on the BOS scheme, aiming to clarify this issue. Keywords: CRT-RSA, fault attacks, smartcards, BOS-Scheme, Wagner's attack. [ABSTRACT FROM AUTHOR]