Skip to Main Content
At CCS 2003, Blomer, Otto, and Seifert proposed a new CRT-RSA signature algorithm, which was claimed to be secure against hardware fault attack. Unfortunately, one year later, Wagner presented a simple and practical fault attack on the so-called BOS algorithm. In this paper, we give a further cryptanalysis of the BOS algorithm and can completely break the security of it with a probability at least 25%. Compared to Wagner's attack, the new attack is much simpler and requires fewer faulty signatures. We further conclude that the BOS algorithm is not safe for use in its present form.