| Cyclic Redundancy Check |
Article Index for Cyclic |
Website Links For Cyclic |
Information AboutCyclic Redundancy Check |
| CATEGORIES ABOUT CYCLIC REDUNDANCY CHECK | |
| checksum algorithms | |
| finite fields | |
|
Checksum to detect accidental alteration of data during transmission or storage. CRCs are popular because they are simple to implement in binary Hardware , are easy to analyze mathematically, and are particularly good at detecting common errors caused by noise in transmission channels. The CRC was invented by W. Wesley Peterson , and published in his 1961 paper. INTRODUCTION A CRC is an Error-detecting Code whose computation resembles a Long Division computation in which the quotient is discarded and the remainder becomes the result, with the important distinction that the arithmetic used is the carry-less arithmetic of a Finite Field . The length of the remainder is always less than the length of the divisor, which therefore determines how long the result can be. The definition of a particular CRC specifies the divisor to be used, among other things. Although CRCs can be constructed using any finite field, all commonly used CRCs employ the finite field GF(2) , the field of two elements, usually called 0 and 1, comfortably matching computer architecture. The rest of this article will discuss only these binary CRCs, but the principles are more general. An important reason for the popularity of CRCs for detecting the accidental alteration of data is their efficiency guarantee. Typically, an n-bit CRC, applied to a data block of arbitrary length, will detect any single Error Burst not longer than n bits (in other words, any single alteration that spans no more than n bits of the data), and will detect a fraction 1-2-n of all longer error bursts. Errors in both data transmission channels and magnetic storage media tend to distributed non-randomly (i.e. are "bursty"), making CRCs' properties more useful than alternative schemes such as multiple parity checks. The simplest error-detection system, the Parity Bit , is in fact a trivial CRC: it uses the two-bit-long divisor 11. CRCs are not, by themselves, suitable for protecting against intentional alteration of data (for example, in authentication applications for data security), because their convenient mathematical properties make it easy to compute the CRC adjustment required to match any given change to the data. CRCS AND DATA INTEGRITY While useful for Error Detection , CRCs cannot be safely relied upon to fully verify Data Integrity in the face of intelligent (rather than random) changes. Novices sometimes assume that if a message and its CRC are encrypted, then transmitted over an insecure channel, then decrypted, and the decrypted CRC matches the decrypted message, then the message cannot have been altered in transit. This assumption is false. In fact, if the message is encrypted by exclusive-ORing with a random One-time Pad (the gold standard of ciphers, which guarantees secrecy even against an adversary with unlimited computing resources), an adversary who can modify the data in transit is able to toggle any chosen pattern of message bits, and to toggle exactly the right subset of CRC bits to compensate. This is because the CRC is a Linear Code , with the result that the set of bits that change in the CRC depends only on the set of bits that changed in the message, not on the values of those (or any other) bits. In contrast, an effective way to protect messages against intentional tampering is by the use of a Message Authentication Code such as HMAC . THE MATHEMATICS OF CRCS See Also: Mathematics of CRCs The mechanics of computing an n-bit binary CRC are simple. The bits representing the input are lined up in a row, and the (n+1)-bit pattern representing the CRC's divisor (called a "polynomial" because of the tools used in the mathematical analysis of CRCs) is positioned underneath the left-hand end of the row. Here is the first calculation for computing a 3-bit CRC:
If the input bit above the leftmost divisor bit is 1, the divisor is Exclusive-ORed into the input (in other words, the input bit above each 1-bit in the divisor is toggled). The divisor is then shifted one bit to the right, and the process is repeated until the divisor reaches the right-hand end of the input row. Here is the last calculation:
Since the leftmost divisor bit zeroed every input bit it touched, when this process ends the only bits in the input row that can be nonzero are the n bits at the right-hand end of the row. These n bits are the remainder of the division step, and will also be the value of the CRC function (unless the CRC specification calls for some postprocessing). Mathematical analysis of this division-like process reveals how to pick a divisor that guarantees good error-detection properties. In this analysis, the digits of the bit strings are thought of as the coefficients of a polynomial in some variable x -- coefficients that are elements of the finite field GF(2) instead of more familiar numbers. This "polynomial trick" allows bit strings to be viewed as elements of a Ring (mathematics) . A ring is, loosely speaking, a set of elements somewhat like numbers, that can be operated on by an operation that somewhat resembles addition and another operation that somewhat resembles multiplication, these operations possessing many of the familiar arithmetic properties of commutativity, associativity, and distributivity. Many analytical tools commonly used with numbers also work on rings, and this is why the "polynomial" view helps the analysis. SPECIFYING A CRC The concept of the CRC as an error-detecting code gets complicated when an implementer or standards committee turns it into a practical system. Here are some of the complications:
COMMONLY USED AND STANDARDIZED CRCS CRCs as used in globally standardized telecommunications systems have not been fully standardized. Most CRCs in current use have some weakness with respect to strength or construction. Standardization of CRCs would allow for better designed CRCs to come into common use.
Known to exist, but technologically defunct -- mainly replaced by Cryptographic Hash Functions
DESIGNING CRC POLYNOMIALS The selection of generator polynomial is the most important part of implementing the CRC algorithm. The polynomial must be chosen to maximize the error detecting capabilities while minimizing overall collision probabilities. The most important attribute of the polynomial is its length (the number of the highest nonzero coefficient), because of its direct influence of the length of the computed checksum. The most commonly used polynomial lengths are
When creating a new CRC polynomial or improving an existing CRC the general mathematical advice is to use an Irreducible Polynomial that satisfies all polynomical irreducibility constraints from modular arithmetics.
The properties of the generator polynomial can be derived from the algorithm definition
SEE ALSO General category Specific Technological References EXTERNAL LINKS
|
|
|