Technical Report TR-98-12, LCIS, Tamkang University, Taiwan, R.O.C., July 12, 1998.

Abstract. Hardware fault-based cryptanalysis has been frequently discussed and reported since the past two years. Almost all research results conclude and suggest that the computed values should be checked before to be sent to the receiver in order to prevent possible attacks. In this paper, we wish to show that, quite surprisingly, checking before output is not always enough to be immune to fault-based cryptanalysis.