CYCLIC REDUNDANCY CHECK

A 'cyclic redundancy check' (CRC) is a type of function that takes as input a data stream of any length and produces as output a value of a certain fixed size. The term CRC is often used to denote either the function or the function's output. A CRC can be used in the same way as a
checksum to detect accidental alteration of data during transmission or storage. CRCs are popular because they are simple to implement in binary hardware, are easy to analyze mathematically, and are particularly good at detecting common errors caused by noise in transmission channels. The CRC was invented by W. Wesley Peterson, and published in his 1961 paper.

Contents

Introduction

CRCs and data integrity

The mathematics of CRCs

Specifying a CRC

Commonly used and standardized CRCs

Designing CRC polynomials

See also

External links

Introduction

A CRC is an error-detecting code whose
computation resembles a long division computation in which the
quotient is discarded and the remainder becomes the result, with the
important distinction that the arithmetic used is the carry-less
arithmetic of a finite field. The length of the remainder is
always less than the length of the divisor, which therefore determines
how long the result can be. The definition of a particular CRC
specifies the divisor to be used, among other things.
Although CRCs can be constructed using any finite field,
all commonly used CRCs employ the finite field GF(2), the
field of two elements, usually called 0 and 1, comfortably
matching computer architecture. The rest of this article will
discuss only these binary CRCs, but the principles are more general.
An important reason for the popularity of CRCs for detecting
the accidental alteration of data is their efficiency
guarantee. Typically, an n-bit CRC, applied to a data block of
arbitrary length, will detect any single error burst not
longer than n bits (in other words, any single alteration
that spans no more than n bits of the data), and will detect
a fraction 1-2^-n of all longer error bursts.
Errors in both data transmission channels and magnetic storage media
tend to distributed non-randomly (i.e. are "bursty"), making CRCs' properties more useful than alternative schemes such as multiple parity checks.
The simplest error-detection system, the parity bit, is
in fact a trivial CRC: it uses the two-bit-long divisor 11.
CRCs are not, by themselves, suitable for protecting against
intentional alteration of data (for example, in
authentication applications for data security), because
their convenient mathematical properties make it easy to
compute the CRC adjustment required to match any given
change to the data.

CRCs and data integrity

While useful for error detection, CRCs cannot be safely relied upon to fully verify data integrity in the face of intelligent (rather than random) changes.
Novices sometimes assume that if a message and its CRC are
encrypted, then transmitted over an insecure channel, then
decrypted, and the decrypted CRC matches the decrypted
message, then the message cannot have been altered in
transit. This assumption is false. In fact, if the message
is encrypted by exclusive-ORing with a random one-time pad
(the gold standard of ciphers, which guarantees
secrecy even against an adversary with unlimited computing
resources), an adversary who can modify the data in transit
is able to toggle any chosen pattern of message bits,
and to toggle exactly the right subset of CRC bits to
compensate. This is because the CRC is a linear code,
with the result that the set of bits that change
in the CRC depends only on the set of bits that changed
in the message, not on the values of those (or any other)
bits.
In contrast, an effective way to protect messages against
intentional tampering is by the use of a message authentication code such as HMAC.

The mathematics of CRCs

Main articles: Mathematics of CRCs

The mechanics of computing an n-bit binary CRC are
simple. The bits representing the input are lined up in a
row, and the (n+1)-bit pattern representing the CRC's
divisor (called a "polynomial" because of the tools used in
the mathematical analysis of CRCs) is positioned underneath
the left-hand end of the row. Here is the first calculation
for computing a 3-bit CRC:

11010011101100 <--- input

1011           <--- divisor (4 bits)

--------------

01100011101100 <--- result

If the input bit above the
leftmost divisor bit is 1, the divisor is exclusive-ORed
into the input (in other words, the input bit above each
1-bit in the divisor is toggled). The divisor is then
shifted one bit to the right, and the process is repeated
until the divisor reaches the right-hand end of the input
row. Here is the last calculation:

00000000001110 <--- result of penultimate calculation

          1011 <--- divisor

--------------

00000000000101 <--- remainder (3 bits)

Since the leftmost divisor bit zeroed every input bit
it touched, when this process ends the only bits in the
input row that can be nonzero are the n bits at the
right-hand end of the row. These n bits are the remainder of
the division step, and will also be the value of the CRC
function (unless the CRC specification calls for some
postprocessing).
Mathematical analysis of this division-like process reveals
how to pick a divisor that guarantees good error-detection
properties. In this analysis, the digits of the bit strings
are thought of as the coefficients of a polynomial in some
variable x -- coefficients that are elements of the finite
field GF(2) instead of more familiar numbers. This
"polynomial trick" allows bit strings to be viewed as
elements of a ring (mathematics). A ring is, loosely
speaking, a set of elements somewhat like numbers, that can
be operated on by an operation that somewhat resembles
addition and another operation that somewhat resembles
multiplication, these operations possessing many of the
familiar arithmetic properties of commutativity,
associativity, and distributivity. Many analytical tools
commonly used with numbers also work on rings, and this is
why the "polynomial" view helps the analysis.

Specifying a CRC

The concept of the CRC as an error-detecting code gets
complicated when an implementer or standards committee turns
it into a practical system. Here are some of the
complications:

★ Sometimes an implementation 'prefixes a fixed bit pattern' to the bitstream to be checked. This is useful when clocking errors might insert 0-bits in front of a message, an alteration that would otherwise leave the CRC unchanged.

★ Sometimes an implementation 'appends n 0-bits' (n being the size of the CRC) to the bitstream to be checked before the polynomial division occurs. This has the convenience that the CRC of the original bitstream with the CRC appended is exactly zero, so the CRC can be checked simply by performing the polynomial division on the expanded bitstream and comparing the remainder with zero.

★ Sometimes an implementation 'exclusive-ORs a fixed bit pattern' into the remainder of the polynomial division.

★ 'Bit order:' Some schemes view the low-order bit of each byte as "first", which then during polynomial division means "leftmost", which is contrary to our customary understanding of "low-order". This seemingly silly convention makes sense when serial-port transmissions are CRC-checked in hardware, because some widespread serial-port transmission conventions transmit bytes least-significant bit first.

★ 'Byte order': With multi-byte CRCs, there can be confusion over whether the byte transmitted first (or stored in the lowest-addressed byte of memory) is the least-significant byte or the most-significant byte. For example, some 16-bit CRC schemes swap the bytes of the CRC.

★ 'Omission of the high-order bit' of the divisor polynomial: Some writers assume that, since the high-order bit is always 1, and since an n-bit CRC must be defined by an (n+1)-bit divisor, it is unnecessary to mention the divisor's high-order bit.

Commonly used and standardized CRCs

CRCs as used in globally standardized telecommunications systems have not been fully standardized. Most CRCs in current use have some weakness with respect to strength or construction. Standardization of CRCs would allow for better designed CRCs to come into common use.

★ The definition of CRC-12 is disputed, as there are 3 forms of CRC-12 in common use.

★ Both forms of CRC-8 in use have notable weaknesses mathematically.

★ It is assumed that at least other 10 forms of CRC-16 and CRC-32 exist, but no form of CRC-16 or CRC-32 in use is mathematically optimal.

★ CCITT CRCs differ from ITU CRCs (of the same size), as the same entity has standardized checksums more than once but in different eras.

★ The ITU and IEEE have been historically helpful in standardizing checksums used in telecommunications equipment and protocols -- but have provided little to no support in standardization since the end of the Cold War.

★ These hex values of "Initial value" and "Reflected value" are important for some more complicated checksums (like most forms of CRC-32 and CRC-64).

★ CRCs less than CRC-16 do not tend to use Initial or Reflected values.

★ Very often custom versions of checksums are created by changing these values, as it does not alter the overall mechanics (or math) of the checksum algorithm -- and may provide some nominal security features.
{|class="wikitable"
! Name || Polynomial || Representations: Normal or Reverse (Normal of Reciprocal)
|-
|CRC-1 || $x\; +\; 1$ (use: hardware; also known as parity bit) || 0x1 or 0x1 (0x1)
|-
|CRC-4-ITU || $x^4\; +\; x\; +\; 1$ (ITU G.704, p. 12) || 0x3 or 0xC (0x9)
|-
|CRC-5-ITU || $x^5\; +\; x^4\; +\; x^2\; +\; 1$ (ITU G.704, p. 9) || 0x15 or 0x15 (0x0B)
|-
|CRC-5-USB || $x^5\; +\; x^2\; +\; 1$ (use: USB token packets) || 0x05 or 0x14 (0x9)
|-
|CRC-6-ITU || $x^6\; +\; x\; +\; 1$ (ITU G.704, p. 3) || 0x03 or 0x30 (0x21)
|-
|CRC-7 || $x^7\; +\; x^3\; +\; 1$ (use: telecom systems, MMC) || 0x09 or 0x48 (0x11)
|-
|CRC-8-ATM || $x^8\; +\; x^2\; +\; x\; +\; 1$ (use: ATM HEC) || 0x07 or 0xE0 (0xC1)
|-
|CRC-8-CCITT || $x^8\; +\; x^7\; +\; x^3\; +\; x^2\; +\; 1$ (use: 1-Wire bus) || 0x8D or 0xB1 (0x63)
|-
|CRC-8-Dallas/Maxim || $x^8\; +\; x^5\; +\; x^4\; +\; 1$ (use: 1-Wire bus) || 0x31 or 0x8C (0x19)
|-
|CRC-8 || $x^8\; +\; x^7\; +\; x^6\; +\; x^4\; +\; x^2\; +\; 1$ || 0xD5 or 0xAB (0x57)
|-
|CRC-8-SAE J1850 || $x^8\; +\; x^4\; +\; x^3\; +\; x^2\; +\; 1$ || 0x1D or 0xB8
|-
|CRC-10 || $x^\{10\}\; +\; x^9\; +\; x^5\; +\; x^4\; +\; x\; +\; 1$ || 0x233 or 0x331 (0x263)
|-
|CRC-12 || $x^\{12\}\; +\; x^\{11\}\; +\; x^3\; +\; x^2\; +\; x\; +\; 1$ (use: telecom systems) || 0x80F or 0xF01 (0xE03)
|-
|CRC-15-CAN|| $x^\{15\}\; +\; x^\{14\}\; +\; x^\{10\}\; +\; x^8\; +\; x^7\; +\; x^4\; +\; x^3\; +\; 1$ || 0x4599 or 0x4CD1 (0x19A3)
|-
|CRC-16-Fletcher || Not a CRC; see Fletcher's checksum || Used in Adler-32 A & B CRCs
|-
|CRC-16-CCITT || $x^\{16\}\; +\; x^\{12\}\; +\; x^5\; +\; 1$ (X.25, V.41, Bluetooth, PPP, IrDA, BACnet; known as "CRC-CCITT") || 0x1021 or 0x8408 (0x0811)
|-
|CRC-16-IBM || $x^\{16\}\; +\; x^\{15\}\; +\; x^2\; +\; 1$ (XMODEM, USB, many others; also known as "CRC-16") || 0x8005 or 0xA001 (0x4003)
|-
|CRC-24-Radix-64 || $x^\{24\}\; +\; x^\{23\}\; +\; x^\{18\}\; +\; x^\{17\}\; +\; x^\{14\}\; +\; x^\{11\}\; +\; x^\{10\}\; +\; x^7\; +\; x^6\; +\; x^5\; +\; x^4\; +\; x^3\; +\; x\; +\; 1$ || 0x864CFB or 0xDF3261 (0xBE64C3)
|-
|CRC-32-Adler || Not a CRC; see Adler-32 || See Adler-32
|-
|CRC-32-MPEG2 || $x^\{32\}\; +\; x^\{26\}\; +\; x^\{23\}\; +\; x^\{22\}\; +\; x^\{16\}\; +\; x^\{12\}\; +\; x^\{11\}\; +\; x^\{10\}\; +\; x^8\; +\; x^7\; +\; x^5\; +\; x^4\; +\; x^2\; +\; x\; +\; 1$ || 0x04C11DB7 or 0xEDB88320 (0xDB710641) Also used in IEEE 802.3
|-
|CRC-32-IEEE 802.3 || $x^\{32\}\; +\; x^\{26\}\; +\; x^\{23\}\; +\; x^\{22\}\; +\; x^\{16\}\; +\; x^\{12\}\; +\; x^\{11\}\; +\; x^\{10\}\; +\; x^8\; +\; x^7\; +\; x^5\; +\; x^4\; +\; x^2\; +\; x\; +\; 1$ (V.42)|| 0x04C11DB7 or 0xEDB88320 (0xDB710641)
|-
|CRC-32C (Castagnoli) || $x^\{32\}\; +\; x^\{28\}\; +\; x^\{27\}\; +\; x^\{26\}\; +\; x^\{25\}\; +\; x^\{23\}\; +\; x^\{22\}\; +\; x^\{20\}\; +\; x^\{19\}\; +\; x^\{18\}\; +\; x^\{14\}\; +\; x^\{13\}\; +\; x^\{11\}\; +\; x^\{10\}\; +\; x^9\; +\; x^8\; +\; x^6\; +\; 1$ || 0x1EDC6F41 or 0x82F63B78 (0x05EC76F1)
|-
|CRC-32K (Koopman) || $x^\{32\}\; +\; x^\{30\}\; +\; x^\{29\}\; +\; x^\{28\}\; +\; x^\{26\}\; +\; x^\{20\}\; +\; x^\{19\}\; +\; x^\{17\}\; +\; x^\{16\}\; +\; x^\{15\}\; +\; x^\{11\}\; +\; x^\{10\}\; +\; x^\{7\}\; +\; x^\{6\}\; +\; x^\{4\}\; +\; x^\{2\}\; +\; x\; +\; 1$ || 0x741B8CD7 or 0xEB31D82E
|-
|CRC-64-ISO || $x^\{64\}\; +\; x^4\; +\; x^3\; +\; x\; +\; 1$ (use: ISO 3309) || 0x000000000000001B or 0xD800000000000000 (0xB000000000000001)
|-
|CRC-64-ECMA-182 || $x^\{64\}\; +\; x^\{62\}\; +\; x^\{57\}\; +\; x^\{55\}\; +\; x^\{54\}\; +\; x^\{53\}\; +\; x^\{52\}\; +\; x^\{47\}\; +\; x^\{46\}\; +\; x^\{45\}\; +\; x^\{40\}\; +\; x^\{39\}\; +\; x^\{38\}\; +\; x^\{37\}\; +\; x^\{35\}\; +\; x^\{33\}\; +$ $x^\{32\}\; +\; x^\{31\}\; +\; x^\{29\}\; +\; x^\{27\}\; +\; x^\{24\}\; +\; x^\{23\}\; +\; x^\{22\}\; +\; x^\{21\}\; +\; x^\{19\}\; +\; x^\{17\}\; +\; x^\{13\}\; +\; x^\{12\}\; +\; x^\{10\}\; +\; x^9\; +\; x^7\; +\; x^4\; +\; x\; +\; 1$ (as described in ECMA-182 p.63) || 0x42F0E1EBA9EA3693 or 0xC96C5795D7870F42 (0x92D8AF2BAF0E1E85)
|-
|}
Known to exist, but technologically defunct -- mainly replaced by cryptographic hash functions

★ CRC-128 (IEEE)

★ CRC-256 (IEEE)

Designing CRC polynomials

The selection of generator polynomial is the most important part of implementing the CRC algorithm. The polynomial must be chosen to maximize the error detecting capabilities while minimizing overall collision probabilities.
The most important attribute of the polynomial is its length (the number of the highest nonzero coefficient), because of its direct influence of the length of the computed checksum.
The most commonly used polynomial lengths are

★ 9 bits (CRC-8)

★ 17 bits (CRC-16)

★ 33 bits (CRC-32)

★ 65 bits (CRC-64)
When creating a new CRC polynomial or improving an existing CRC the general mathematical advice is to use an irreducible polynomial that satisfies all polynomical irreducibility constraints from modular arithmetics.

★ Irreducibility in this case means that the polynomial cannot be divided by any polynomial except itself and 1 with zero remainder.

★ Reducible polynomials can still be used, but their error correcting and detecting capabilities will be less effective. Some applications may choose to use reducible polynomials under certain conditions.
The properties of the generator polynomial can be derived from the algorithm definition

★ CRCs with more than one nonzero coefficients are able to detect all single bit errors in the input message.

★ CRCs can be used to detect all double bit errors in the input message shorter than 2k, where k is the length of the longest irreducible part of the polynomial.

★ If the CRC polynomial is divided by x + 1 then no polynomial with odd number of nonzero coefficients can be divided by it. Hence, it can be used to detect odd number of errors in the input message (like single bit parity function).

★ CRC polynomials detect (single) burst errors shorter than the number of the position of the highest polynomial coefficient.

See also

★ SFV
General category

★ Error correcting code

★ List of checksum algorithms

★ Parity
Specific Technological References

★ Adler-32

★ Fletcher's checksum

External links

★ A simple explanation of CRC and its meaning for home users

★ CRC Theory in Brief

★ CRC Implementation in Brief

★ Free CRC Source Code in C

★ Free CRC Source Code from the Boost C++ Libraries

★ Tutorial and C++ implementation of CRC

★ ''The CRC Pitstop''

★ Williams, R. (1993-09) ''A Painless Guide to CRC Error Detection Algorithms''

★ ''Understanding Cyclic Redundancy Check''

★ Black, R. (1994-02) ''Fast CRC32 in Software'' — Algorithm 4 is used in Linux and info-zip's zip and unzip.

★ Kounavis, M. and Berry, F. (2005). ''A Systematic Approach to Building High Performance, Software-based, CRC generators'' — Slicing-by-4 and slicing-by-8 algorithms

★ CRC32: Generating a checksum for a file, C++ implementation by Brian Friesen

★ Online Tool to compute common CRCs (8/16/32/64) from strings

★ Online CRC calculator

★ Another online CRC calculator

★ Online CRC Tool: Generator of synthesizable CRC functions

★ Online Char (ASCII), HEX, Binary, Base64, etc... Encoder/Decoder with MD2, MD4, MD5, SHA1+2, CRC, etc. hashing algorithms

★ CRC16 to CRC64 collision research

★ Reversing CRC – Theory and Practice.

★ 'CRC-Analysis with Bitfilters'.

★ Another Bad CRC Reading Tool, but free

★ Javascript CRC32 implementation

★ A CRC calculation utility and C source code generator written in Python. (MIT licence)

★ CRC Encoding - C# Implementation by Marcel de Wijs

★ Bad CRC Reading Tool