A cyclic redundancy check (CRC) or polynomial code checksum is a nonsecure hash function designed to detect accidental changes to raw computer data, and is commonly used in digital networks and storage devices such as hard disk drives. A CRCenabled device calculates a short, fixedlength binary sequence, known as the CRC code or just CRC, for each block of data and sends or stores them both together. When a block is read or received the device repeats the calculation; if the new CRC does not match the one calculated earlier, then the block contains a data error and the device may take corrective action such as rereading or requesting the block be sent again, otherwise the data is assumed to be error free.^{[1]}
CRCs are so called because the check (data verification) code is a redundancy (it adds zero information) and the algorithm is based on cyclic codes. The term CRC may refer to the check code or to the function that calculates it, which accepts data streams of any length as input but always outputs a fixedlength code. CRCs are popular because they are simple to implement in binary hardware, are easy to analyse mathematically, and are particularly good at detecting common errors caused by noise in transmission channels. The CRC was invented by W. Wesley Peterson, and published in his 1961 paper.^{[2]} The IEEErecommended 32bit CRC, used in Ethernet and elsewhere, appeared at a telecommunications conference in 1975.^{[3]}
Contents 
A CRC is an errordetecting code. Its computation resembles a polynomial long division operation in which the quotient is discarded and the remainder becomes the result, with the important distinction that the polynomial coefficients are calculated according to the carryless arithmetic of a finite field. The length of the remainder is always less than the length of the divisor (called the generator polynomial), which therefore determines how long the result can be. The definition of a particular CRC specifies the divisor to be used, among other things.
Although CRCs can be constructed using any finite field, all commonly used CRCs employ the finite field GF(2). This is the field of two elements, usually called 0 and 1, comfortably matching computer architecture. The rest of this article will discuss only these binary CRCs, but the principles are more general.
An important reason for the popularity of CRCs for detecting the accidental alteration of data is their efficiency guarantee. Typically, an nbit CRC, applied to a data block of arbitrary length, will detect any single error burst not longer than n bits (in other words, any single alteration that spans no more than n bits of the data), and will detect a fraction 1 − 2 ^{− n} of all longer error bursts. Errors in both data transmission channels and magnetic storage media tend to be distributed nonrandomly (i.e. are "bursty"), making CRCs' properties more useful than alternative schemes such as multiple parity checks.
The simplest errordetection system, the parity bit, is in fact a trivial CRC: it uses the two bit long divisor "11".
CRCs are specifically designed to protect against common types of errors on communication channels, where they can provide quick and reasonable assurance of the integrity of messages delivered. However, they are not suitable for protecting against intentional alteration of data. Firstly, as there is no authentication, an attacker can edit a message and recalculate the CRC without the substitution being detected. This is even the case when the CRC is encrypted—this was one of the design flaws of the WEP protocol.^{[4]} Secondly, the linear properties of CRC codes allow an attacker to even keep the CRC unchanged while modifying parts of the message^{[5]}^{[6]}—this also makes calculating the CRC adjustment for small changes more efficient. Nonetheless, it is still often falsely assumed that when a message and its CRC are received from an open channel and the CRC matches the message's calculated CRC then the message cannot have been altered in transit.^{[7]}
Cryptographic hash functions can provide stronger integrity guarantees in that they do not rely on specific error pattern assumptions. However, they are much slower than CRCs, and are therefore commonly used to protect offline data, such as files on servers or databases.
Both CRCs and cryptographic hash functions by themselves do not protect against intentional modification of data. Any application that requires protection against such attacks must use cryptographic authentication mechanisms, such as message authentication codes.
To compute an nbit binary CRC, line the bits representing the input in a row, and position the (n+1)bit pattern representing the CRC's divisor (called a "polynomial") underneath the lefthand end of the row. Here is the first calculation for computing a 3bit CRC:
11010011101100 < input 1011 < divisor (4 bits)  01100011101100 < result
If the input bit above the leftmost divisor bit is 0, do nothing and move the divisor to the right by one bit. If the input bit above the leftmost divisor bit is 1, the divisor is exclusiveORed into the input (in other words, the input bit above each 1bit in the divisor is toggled). The divisor is then shifted one bit to the right, and the process is repeated until the divisor reaches the righthand end of the input row. Here is the last calculation:
00000000001110 < result of previous step 1011 < divisor  00000000000101 < remainder (3 bits)
Since the leftmost divisor bit zeroed every input bit it touched, when this process ends the only bits in the input row that can be nonzero are the n bits at the righthand end of the row. These n bits are the remainder of the division step, and will also be the value of the CRC function (unless the chosen CRC specification calls for some postprocessing).
Mathematical analysis of this divisionlike process reveals how to pick a divisor that guarantees good errordetection properties. In this analysis, the digits of the bit strings are thought of as the coefficients of a polynomial in some variable x—coefficients that are elements of the finite field GF(2) instead of more familiar numbers. This binary polynomial is treated as a ring. A ring is, loosely speaking, a set of elements somewhat like numbers, that can be operated on by an operation that somewhat resembles addition and another operation that somewhat resembles multiplication, these operations possessing many of the familiar arithmetic properties of commutativity, associativity, and distributivity. Ring theory is part of Abstract Algebra.
The concept of the CRC as an errordetecting code gets complicated when an implementer or standards committee turns it into a practical system. Here are some of the complications:
While cyclic redundancy checks form part of several standards, they are not themselves standardized to the point of adopting one algorithm of each degree worldwide: there are three polynomials reported for CRC12^{[8]}, thirteen conflicting definitions of CRC16, and six of CRC32^{[9]}. The polynomials usually seen are not the most efficient ones possible. Between 1993 and 2004, Koopman, Castagnoli and others surveyed the space of polynomials up to 16 bits^{[8]}, and of 24 and 32 bits,^{[10]}^{[11]} finding examples that have much better performance (in terms of Hamming distance for a given message size) than the polynomials of earlier protocols, and publishing the best of these with the aim of improving the error detection capacity of future standards^{[11]}. In particular, iSCSI and SCTP have adopted one of the findings of this research.
The popular and IEEErecommended CRC32 polynomial, used by Ethernet, FDDI and others, is the generating polynomial of a Hamming code and, far from being arbitrarily chosen, was selected for its error detection performance^{[3]}. Even so, the Castagnoli CRC32C polynomial used in iSCSI or SCTP matches its performance on messages from 58 bits–131 kbits, and outperforms it in several size ranges including the two most common sizes of Internet packet^{[11]}. The ITUT G.hn standard also uses CRC32C to detect errors in the payload (although it uses CRC16CCITT for PHY headers).
The table below lists only the polynomials of the various algorithms in use. Any particular protocol can impose preinversion, postinversion and reversed bit ordering as described above. CRCs in proprietary protocols might use a complicated initial value and final XOR for obfuscation but this does not add cryptographic strength to the algorithm.
Note: in this table the highorder bit is omitted; see Specification of CRC above.
Name  Polynomial  Representations: normal / reversed / reverse of reciprocal 

CRC1  x + 1 (most hardware; also known as parity bit)  0x1 / 0x1 / 0x1 
CRC4ITU  x^{4} + x + 1 (ITUT G.704, p. 12)  0x3 / 0xC / 0x9 
CRC5EPC  x^{5} + x^{3} + 1 (Gen 2 RFID^{[12]})  0x09 / 0x12 / 0x14 
CRC5ITU  x^{5} + x^{4} + x^{2} + 1 (ITUT G.704, p. 9)  0x15 / 0x15 / 0x1A 
CRC5USB  x^{5} + x^{2} + 1 (USB token packets)  0x05 / 0x14 / 0x12 
CRC6ITU  x^{6} + x + 1 (ITUT G.704, p. 3)  0x03 / 0x30 / 0x21 
CRC7  x^{7} + x^{3} + 1 (telecom systems, ITUT G.707, ITUT G.832, MMC,SD)  0x09 / 0x48 / 0x44 
CRC8CCITT  x^{8} + x^{2} + x + 1 (ATM HEC), ISDN Header Error Control and Cell Delineation ITUT I.432.1 (02/99)  0x07 / 0xE0 / 0x83 
CRC8Dallas/Maxim  x^{8} + x^{5} + x^{4} + 1 (1Wire bus)  0x31 / 0x8C / 0x98 
CRC8  x^{8} + x^{7} + x^{6} + x^{4} + x^{2} + 1  0xD5 / 0xAB / 0xEA^{[8]} 
CRC8SAE J1850  x^{8} + x^{4} + x^{3} + x^{2} + 1  0x1D / 0xB8 / 0x8E 
CRC8WCDMA  x^{8} + x^{7} + x^{4} + x^{3} + x + 1^{[13]}  0x9B / 0xD9 / 0xCD^{[8]} 
CRC10  x^{10} + x^{9} + x^{5} + x^{4} + x + 1 (ATM; ITUT I.610)  0x233 / 0x331 / 0x319 
CRC11  x^{11} + x^{9} + x^{8} + x^{7} + x^{2} + 1 (FlexRay^{[14]})  0x385 / 0x50E / 0x5C2 
CRC12  x^{12} + x^{11} + x^{3} + x^{2} + x + 1 (telecom systems,^{[15]}^{[16]} )  0x80F / 0xF01 / 0xC07 
CRC15CAN  x^{15} + x^{14} + x^{10} + x^{8} + x^{7} + x^{4} + x^{3} + 1  0x4599 / 0x4CD1 / 0x62CC 
CRC16IBM  x^{16} + x^{15} + x^{2} + 1 (Bisync, Modbus, USB, ANSI X3.28, many others; also known as CRC16 and CRC16ANSI)  0x8005 / 0xA001 / 0xC002 
CRC16CCITT  x^{16} + x^{12} + x^{5} + 1 (X.25, HDLC, XMODEM, Bluetooth, SD, many others; known as CRCCCITT)  0x1021 / 0x8408 / 0x8810^{[8]} 
CRC16T10DIF  x^{16} + x^{15} + x^{11} + x^{9} + x^{8} + x^{7} + x^{5} + x^{4} + x^{2} + x + 1 (SCSI DIF)  0x8BB7^{[17]} / 0xEDD1 / 0xC5DB 
CRC16DNP  x^{16} + x^{13} + x^{12} + x^{11} + x^{10} + x^{8} + x^{6} + x^{5} + x^{2} + 1 (DNP, IEC 870, MBus)  0x3D65 / 0xA6BC / 0x9EB2 
CRC16DECT  x^{16} + x^{10} + x^{8} + x^{7} + x^{3} + 1 (cordless telephones)^{[18]}  0x0589 / 0x91A0 / 0x82C4 
CRC16Fletcher  Not a CRC; see Fletcher's checksum  Used in Adler32 A & B CRCs 
CRC24  x^{24} + x^{22} + x^{20} + x^{19} + x^{18} + x^{16} + x^{14} + x^{13} + x^{11} + x^{10} + x^{8} + x^{7} + x^{6} + x^{3} + x + 1 (FlexRay^{[14]})  0x5D6DCB / 0xD3B6BA / 0xAEB6E5 
CRC24Radix64  x^{24} + x^{23} + x^{18} + x^{17} + x^{14} + x^{11} + x^{10} + x^{7} + x^{6} + x^{5} + x^{4} + x^{3} + x + 1 (OpenPGP)  0x864CFB / 0xDF3261 / 0xC3267D 
CRC30  x^{30} + x^{29} + x^{21} + x^{20} + x^{15} + x^{13} + x^{12} + x^{11} + x^{8} + x^{7} + x^{6} + x^{2} + x + 1 (CDMA)  0x2030B9C7 / 0x38E74301 / 0x30185CE3 
CRC32Adler  Not a CRC; see Adler32  See Adler32 
CRC32IEEE 802.3  x^{32} + x^{26} + x^{23} + x^{22} + x^{16} + x^{12} + x^{11} + x^{10} + x^{8} + x^{7} + x^{5} + x^{4} + x^{2} + x + 1 (V.42, MPEG2, PNG^{[19]}, POSIX cksum)  0x04C11DB7 / 0xEDB88320 / 0x82608EDB^{[11]} 
CRC32C (Castagnoli)  x^{32} + x^{28} + x^{27} + x^{26} + x^{25} + x^{23} + x^{22} + x^{20} + x^{19} + x^{18} + x^{14} + x^{13} + x^{11} + x^{10} + x^{9} + x^{8} + x^{6} + 1 (iSCSI & SCTP, G.hn payload)  0x1EDC6F41 / 0x82F63B78 / 0x8F6E37A0^{[11]} 
CRC32K (Koopman)  x^{32} + x^{30} + x^{29} + x^{28} + x^{26} + x^{20} + x^{19} + x^{17} + x^{16} + x^{15} + x^{11} + x^{10} + x^{7} + x^{6} + x^{4} + x^{2} + x + 1  0x741B8CD7 / 0xEB31D82E / 0xBA0DC66B^{[11]} 
CRC32Q  x^{32} + x^{31} + x^{24} + x^{22} + x^{16} + x^{14} + x^{8} + x^{7} + x^{5} + x^{3} + x + 1 (aviation; AIXM^{[20]})  0x814141AB / 0xD5828281 / 0xC0A0A0D5 
CRC64ISO  x^{64} + x^{4} + x^{3} + x + 1 (HDLC — ISO 3309, SwissProt/TrEMBL; considered weak for hashing^{[21]})  0x000000000000001B / 0xD800000000000000 / 0x800000000000000D 
CRC64ECMA182  x^{64} + x^{62} + x^{57} + x^{55} + x^{54} + x^{53} + x^{52} + x^{47} + x^{46} + x^{45} + x^{40} + x^{39} + x^{38} + x^{37} + x^{35} + x^{33} + x^{32} + x^{31} + x^{29} + x^{27} + x^{24} + x^{23} + x^{22} + x^{21} + x^{19} + x^{17} + x^{13} + x^{12} + x^{10} + x^{9} + x^{7} + x^{4} + x + 1 (as described in ECMA182 p. 51)  0x42F0E1EBA9EA3693 / 0xC96C5795D7870F42 / 0xA17870F5D4F51B49 
Known to exist, but technologically defunct—mainly replaced by cryptographic hash functions:
The selection of generator polynomial is the most important part of implementing the CRC algorithm. The polynomial must be chosen to maximise the error detecting capabilities while minimising overall collision probabilities.
The most important attribute of the polynomial is its length (the number of the highest nonzero coefficient), because of its direct influence of the length of the computed checksum.
The most commonly used polynomial lengths are:
The design of the CRC polynomial depends on what is the maximum total length of the block to be protected (data + CRC bits), the desired error protection features, and the type resources for implementing the CRC as well as the desired performance. A common misconception is that the "best" CRC polynomials are derived from either an irreducible polynomial or an irreducible polynomial times the factor (1 + x),^{[citation needed]} which adds to the code the ability to detect all errors affecting an odd number of bits. In reality, all the factors described above should enter in the selection of the polynomial.
The advantage of choosing say a primitive polynomial as the generator for a CRC code is that the resulting code has maximal total block length; in here if r is the degree of the primitive generator polynomial then the maximal total blocklength is equal to 2^{r} − 1, and the associated code is able to detect any single bit or double errors. If instead, we used as generator polynomial g(x) = p(x)(1 + x), where p(x) is a primitive polynomial of degree r − 1, then the maximal total blocklength would be equal to 2^{r − 1} − 1 but the code would be able to detect single, double, and triple errors.
A polynomial g(x) that admits other factorizations may be chosen then so as to balance the maximal total blocklength with a desired error detection power. A powerful class of such polynomials, which subsumes the two examples described above, is that of BCH codes. Regardless of the reducibility properties of a generator polynomial of degree r, assuming that it includes the "+1" term, such error detection code will be able to detect all error patterns that are confined to a window of r contiguous bits. These patterns are called "error bursts".
e Error correction 

Decade of method introduction 
1850s1900s: check digit 
1940s1960s: checksum 
1950s: Hamming codes 
1960s: ReedSolomon 
1960s: LDPC codes 
1990s: Turbo codes 
1990s: Spacetime code 
Related topics 
Information theory Shannon limit 

A Cyclic redundancy check (often shortened to CRC) is a way to calculate a checksum, based on a polynomial. In computer science, CRCs are used to check that no errors occurred transmitting the data.
