faqs.org - Internet FAQ Archives

RFC 3385 - Internet Protocol Small Computer System Interface (iS


Or Display the document by number




Network Working Group                                       D. Sheinwald
Request for Comments: 3385                                     J. Satran
Category: Informational                                              IBM
                                                               P. Thaler
                                                              V. Cavanna
                                                                 Agilent
                                                          September 2002

       Internet Protocol Small Computer System Interface (iSCSI)
         Cyclic Redundancy Check (CRC)/Checksum Considerations

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   In this memo, we attempt to give some estimates for the probability
   of undetected errors to facilitate the selection of an error
   detection code for the Internet Protocol Small Computer System
   Interface (iSCSI).

   We will also attempt to compare Cyclic Redundancy Checks (CRCs) with
   other checksum forms (e.g., Fletcher, Adler, weighted checksums), as
   permitted by available data.

1. Introduction

   Cyclic Redundancy Check (CRC) codes [Peterson] are shortened cyclic
   codes used for error detection.  A number of CRC codes have been
   adopted in standards: ATM, IEC, IEEE, CCITT, IBM-SDLC, and more
   [Baicheva].  The most important expectation from this kind of code is
   a very low probability for undetected errors.  The probability of
   undetected errors in such codes has been, and still is, subject to
   extensive studies that have included both analytical models and
   simulations.  Those codes have been used extensively in
   communications and magnetic recording as they demonstrate good "burst
   error" detection capabilities, but are also good at detecting several
   independent bit errors.  Hardware implementations are very simple and
   well known; their simplicity has made them popular with hardware

   developers for many years.  However, algorithms and software for
   effective implementations of CRC are now also widely available
   [Williams].

   The probability of undetected errors depends on the polynomial
   selected to generate the code, the error distribution (error model),
   and the data length.

2. Error Models and Goals

   We will analyze the code behavior under two conditions:

      - noisy channel - burst errors with an average length of n bits
      - low noise channel - independent single bit errors

   Burst errors are the prevalent natural phenomenon on communication
   lines and recording media.  The numbers quoted for them revolve
   around the BER (bit error rate).  However, those numbers are
   frequently nothing more than a reflection of the Burst Error Rate
   multiplied by the average burst length.  In field engineering tests,
   three numbers are usually quoted together -- BER, error-free-seconds
   and severely-error-seconds; this illustrates our point.

   Even beyond communication and recording media, the effects of errors
   will be bursty.  An example of this is a memory error that will
   affect more than a single bit and the total effect will not be very
   different from the communication error, or software errors that occur
   while manipulating packets will have a burst effect.  Software errors
   also result in burst errors.  In addition, serial internal
   interconnects will make this type of error the most common within
   machines as well.

   We also analyze the effects of single independent bit errors, since
   these may be caused by certain defects.

   On burst, we assume an average burst error duration of bd, which at a
   given transmission rate s, will result in an average burst of a =
   bd*s bits.  (E.g., an average burst duration of 3 ns at 1Gbs gives an
   average burst of 3 bits.)

   For the burst error rate, we will take 10^-10.  The numbers quoted
   for BER on wired communication channels are between 10^-10 to 10^-12
   and we consider the BER as burst-error-rate*average-burst-length.
   Nevertheless, please keep in mind that if the channel includes
   wireless links, the error rates may be substantially higher.

   For independent single bit errors, we assume a 10^-11 error rate.

   Because the error detection mechanisms will have to transport large
   amounts of data (petabytes=10^16 bits) without errors, we will target
   very low probabilities for undetected errors for all block lengths
   (at 10Gb/s that much data can be sent in less than 2 weeks on a
   single link).

   Alternatively, as iSCSI has to perform efficiently, we will require
   that the error detection capability of a selected protection
   mechanism be very good, at least up to block lengths of 8k bytes
   (64kbits).

   The error detection capability should keep the probability of
   undetected errors at values that would be "next-to-impossible".  We
   recognize, however, that such attributes are hard to quantify and we
   resorted to physics.  The value 10^23 is the Avogadro number while
   10^45 is the number of atoms in the known Universe (or it was many
   years ago when we read about it) and those are the bounds of
   incertitude we could live with.  (10^-23 at worst and 10^-45 if we
   can afford it.)  For 8k blocks, the per/bit equivalent would be
   (10^-28 to 10^-50).

3. Background and Literature Survey

   Each codeword of a binary (n,k) CRC code C consists of n = k+r bits.
   The block of r parity bits is computed from the block of k
   information bits.  The code has a degree r generator polynomial g(x).

   The code is linear in the sense that the bitwise addition of any two
   codewords yields a codeword.

   For the minimal m such that g(x) divides (x^m)-1, either n=m, and the
   code C comprises the set D of all the multiplications of g(x) modulo
   (x^m)-1, or n<m, and C is obtained from D by shortening each word in
   the latter in m-n specific positions.  (This also reduces the number
   of words since all zero words are then discarded and duplicates are
   not maintained.)

   Error detection at the receiving end is made by computing the parity
   bits from the received information block, and comparing them with the
   received parity bits.

   An undetected error occurs when the received word c' is a codeword,
   but is different from the c that is transmitted.

   This is only possible when the error pattern e=c'-c is a codeword by
   itself (because of the linearity of the code).  The performance of a
   CRC code is measured by the probability Pud of undetected channel
   errors.

   Let Ai denote the number of codewords of weight i, (i.e., with i 1-
   bits).  For a binary symmetric channel (BSC), with sporadic,
   independent bit error ratio of probability 0<=epsilon<=0.5, the
   probability of undetected errors for the code C is thus given by:

Pud(C,epsilon) = Sigma[for i=d to n] (Ai*(epsilon^i)*(1-epsilon)^(n-i))

   where d is the distance of the code:  the minimal weight difference
   between two codewords in C which, by the linearity of the code, is
   also the minimal weight of any codeword in the code.  Pud can also be
   expressed by the weight distribution of the dual code:  the set of
   words each of which is orthogonal (bitwise AND yields an even number
   of 1-bits) to every word of C.  The fact that Pud can be computed
   using the dual code is extremely important; while the number of
   codewords in the code is 2^k, the number of codewords in the dual
   code is 2^r.  k is in the orders of thousands, and r in the order of
   16 or 24 or 32.  If we use Bi to denote the number of codewords in
   the dual code which are of weight i, then ([LinCostello]):

Pud (C,epsilon) = 2^-r Sigma [for i=0 to n] Bi*(1-2*epsilon)^i -
(1-epsilon)^n

   Wolf [Wolf94o] introduced an efficient algorithm for enumerating all
   the codewords of a code and finding their weight distribution.

   Wolf [Wolf82] found that, counter to what was assumed, (1) there
   exist codes for which Pud(C,epsilon)>Pud(C,0.5) for some epsilon
   not=0.5 and (2) Pud is not always increasing for 0<=epsilon<=0.5.
   The value of what was assumed to be the worst Pud is Pud(C,0.5)=(2^-
   r) - (2^-n).  This stems from the fact that with epsilon=0.5, all 2^n
   received words are equally likely and out of them 2^(n-r)-1 will be
   accepted as codewords of no errors, although they are different from
   the codeword transmitted.  Previously Pud had been assumed to equal
   [2^(n-r)-1]/(2^n-1) or the ratio of the number of non-zero multiples
   of the polynomial of degree less than n (each such multiple is
   undetected) and the number of possible error polynomials.  With
   either formula Pud approaches 1/2^r as n approaches infinity, but
   Wolf's formula is more accurate.

   Wolf [Wolf94j] investigated the CCITT code of r=16 parity bits.  This
   code is a member of the family of (shortened codes of) BCH codes of
   length 2^(r-1) -1 (r=16 in the CCITT 16-bit case) generated by a
   polynomial of the form g(x) =(x+1)p(x) with p(x) being a primitive
   polynomial of degree r-1 (=15 in this case).  These codes have a BCH
   design distance of 4.  That is, the minimal distance between any two
   codewords in the code is at least 4 bits (which is earned by the fact

   that the sequence of powers of alpha, the root of p(x), which are
   roots of g(x), includes three consecutive powers -- alpha^0, alpha^1,
   alpha^2).  Hence, every 3 single bit errors are detectable.

   Wolf found that different shortened versions of a given code, of the
   same codeword length, perform the same (independent of which specific
   indexes are omitted from the original code).  He also found that for
   the unshortened codes, all primitive polynomials yield codes of the
   same performance.  But for the shortened versions, the choice of the
   primitive polynomial does make a difference.  Wolf [Wolf94j] found a
   primitive polynomial which (when multiplied by x+1) yields a
   generating polynomial that outperforms the CCITT one by an order of
   magnitude.  For 32-bit redundancy bits, he found an example of two
   polynomials that differ in their probability of undetected burst of
   length 33 by 4 orders of magnitude.

   It so happens, that for some shortened codes, the minimum distance,
   or the distribution of the weights, is better than for others derived
   from different unshortened codes.

   Baicheva, et. al. [Baicheva] made a comprehensive comparison of
   different generating polynomials of degree 16 of the form g(x) =
   (x+1)p(x), and of other forms.  They computed their Pud for code
   lengths up to 1024 bits.  They measured their "goodness"  -- if
   Pud(C,epsilon)  <= Pud(C,0.5) and being "well-behaved" -- if
   Pud(C,epsilon) increases with epsilon in the range (0,0.5).  The
   paper gives a comprehensive table that lists which of the polynomials
   is good and which is well-behaved for different length ranges.

   For a single burst error, Wolf [Wolf94J] suggested the model of (b:p)
   burst -- the errors only occur within a span of b bits, and within
   that span, the errors occur randomly, with a bit error probability 0
   <= p <= 1.

   For p=0.5, which used to be considered the worst case, it is well
   known [Wolf94J] that the probability of undetected one burst error of
   length b <= r is 0, of length b=r+1 is 2^-(r-1), and of b > r+1, is
   2^-r, independently of the choice of the primitive polynomial.

   With Wolf's definition, where p can be different from 0.5, indeed it
   was found that for a given b there are values of p, different from
   0.5 which maximize the probability of undetected (b:p) burst error.

   Wolf proved that for a given code, for all b in the range r < b < n,
   the conditional probability of undetected error for the (n, n-r)
   code, given that a (b:p) burst occurred, is equal to the probability
   of undetected errors for the same code (the same generating
   polynomial), shortened to block length b, when this shortened code is
   used with a binary symmetric channel with channel (sporadic,
   independent) bit error probability p.

   For the IEEE-802.3 used CRC32, Fujiwara et al. [Fujiwara89] measured
   the weights of all words of all shortened versions of the IEEE 802.3
   code of 32 check bits.  This code is generated by a primitive
   polynomial of degree 32:

   g(x) = x^32 + x^26 + x^23 + x^22 + x^16 + x^12 + x^11 + x^10 + x^8 +
   x^7 + x^5 + x^4 + x^2 + x + 1 and hence the designed distance of it
   is only 3.  This distance holds for codes as long as 2^32-1.
   However, the frame format of the MAC (Media Access Control) of the
   data link layer in IEEE 802.3, as well as that of the data link layer
   for the Ethernet (1980) forbid lengths exceeding 12,144 bits.  Thus,
   only such bounded lengths are investigated in [Fujiwara89].  For
   shortened versions, the minimum distance was found to be 4 for
   lengths 4096 to 12,144; 5 for lengths 512 to 2048; and even 15 for
   lengths 33 through 42.  A chart of results of calculations of Pud is
   presented in [Fujiwara89] from which we can see that for codes of
   length 12,144 and BSC of epsilon = 10^-5 - 10^-4,
   Pud(12,144,epsilon)= 10^-14 - 10^-13 and for epsilon = 10^-4 - 10^-3,
   Pud(512,epsilon) = 10^-15, Pud(1024,epsilon) = 10^-14,
   Pud(2048,epsilon) = 10^-13, Pud(4096,epsilon) = 10^-12 - 10^-11, and
   Pud(8192,epsilon) = 10^-10 which is rather close to 2^-32.

   Castagnoli, et. al. [Castagnoli93] extended Fujiwara's technique for
   efficiently calculating the minimum distance through the weight
   distribution of the dual code and explored a large number of CRC
   codes with 24 and 32 redundancy bit.  They explored several codes
   built as a multiplication of several lower degree irreducible
   polynomials.

   In the popular class of (x+1)*deg31-irreducible-polynomial they
   explored 47000 polynomials (not all the possible ones).  The best
   they found has d=6 up to block lengths of 5275 and d=4 up to 2^31-1
   (bits).

   The investigation was done in 1993 with a special purpose processor.

   By comparison, the IEEE-802 code has d=4 up to at least 64,000 bits
   (Fujikura stopped looking at 12,144) and d=3 up to 2^32-1 bits.

   CRC32/4 (we will refer to it as CRC32C for the remainder of this
   memo) is 11EDC6F41;  IEEE-802 CRC is 104C11DB7, denoting the
   coefficients as a bit vector.

   [Stone98] evaluated the performance of CRC (the AAL5 CRC that is the
   same as IEEE802) and the TCP and Fletcher checksums on large amounts
   of data.  The results of this experiment indicate a serious weakness
   of the checksums on real-data that stems from the fact that checksums
   do not spread the "hot spots" in input data.  However, the results
   show that Fletcher behaves by a factor of 2 better than the regular
   TCP checksum.

4. Probability of Undetected Errors - Burst Error

4.1 CRC32C (Derivations from [Wolf94j])

   Wolf [Wolf94j] found a 32-bit polynomial of the form g(x) = (1+x)p(x)
   for which the conditional probability of undetected error, given that
   a burst of length 33 occurred, is at most (i.e., maximized over all
   possible channel bit error probabilities within the burst) 4 * 10^-
   10.

   We will now figure the probability of undetected error, given that a
   burst of length 34 occurred, using the result derived in this paper,
   namely that for a given code, for all b in the range 32 < b < n, the
   conditional probability of undetected error for the (n, n-32) code,
   given that a (b:p) burst occurred, is equal to the probability of
   undetected errors for the same code (the same generating polynomial),
   shortened to block length b, when this shortened code is used with a
   binary symmetric channel with channel (sporadic, independent) bit
   error probability p.

   The approximation formula for Pud of sporadic errors, if the weights
   Ai are distributed binomially, is:

   Pud(C, epsilon) =~= Sigma[for i=d to n] ((n choose i) / 2^r )*(1-
   epsilon)^(n-i) * epsilon^i .

   Assuming a very small epsilon, this expression is dominated by i=d.
   From [Fujiwara89] we know that for 32-bit CRC, for such small n,
   d=15.  Thus, when n grows from 33 to 34, we find that the
   approximation of Pud grows by (34 choose 15) / (33 choose 15) =
   34/19; when n grows further to 35, Pud grows by another 35/20.

   Taking, from Wolf [Wolf94j], the most generous conditional
   probability, computed with the bit error probability p* that
   maximizes Pub(p|b), we derive: Pud(p*|33) = 4 x 10^{-10}, yielding
   Pud(p*|34) = 7.15 x 10^{-10} and Pud(p*|35) = 1.25 x 10^{-9}.

   For the density function of the burst length, we assume the Rayleigh
   density function (the discretization thereof to integers), which is
   the density of the absolute values of complex numbers of Gauss
   distribution:

      f(x) = x / a^2  exp {-x^2 / 2a^2 }     , x>0 .

   This density function has a peak at the parameter a and it decreases
   smoothly as x increases.

   We take three consecutive bits as the most common burst event once an
   error does occur, and thus a=3.

   Now, the probability that a burst of length b occurs in a specific
   position is the burst error rate, which we estimate as 10^{-10},
   times f(b).  Calculating for b=33 we find f(33) = 1.94 x 10^{-26}.
   Together, we found that the probability that a burst of length 33
   occurred, starting at a specific position, is 1.94 x 10^{-36}.

   Multiplying this by the generous upper bound on the probability that
   this burst error is not detected, Pud(p*|33), we get that the
   probability that a burst occurred at a specific position, and is not
   detected, is 7.79 x 10 ^{-46}.

   Going again along this path of calculations, this time for b=34 we
   find that f(34) = 4.85*10^{-28}.  Multiplying by 10^{-10} and by
   Pud(p*|34) = 7.15*10^{-10} we find that the probability that a burst
   of length 34 occurred at a specific position, and is not detected, is
   3.46*10^{-47}.

   Last, computing for b=35, we get 1*10^{-29} * 10^{-10} * 1.25*10^{-9}
   = 1.25*10^{-48}.

   It looks like the total can be approximated at 10^-45 which is within
   the bounds of what we are looking for.

   When we multiply this by the length of the code (because thus far we
   calculated for a specific position) we have 10^-45 * 6.5*10^4 =
   6.5*10^-41 as an upper bound on the probability of undetected burst
   error for a code of length 8K Bytes.

   We can also apply this overestimation for IEEE 802.3.

   Comment: 2^{-32} = 2.33*10^{-10}.

5. Probability of Undetected Errors - Independent Errors

5.1 CRC (Derivations from [Castagnoli93])

   It is reported in [Castagnoli93] that for BER = epsilon=10^-6, Pud
   for a single bit error, for a code of length 8KB, for both cases,
   IEEE-802.3 and CRC32C is 10^{-20}.  They also report that CRC32C has
   distance 4, and IEEE either 3 or 4 for this code length.  From this,
   and the minimum distance of the code of this length, we conclude that
   with our estimation of epsilon, namely 10^{-11}, we should multiply
   the reported result by {10^{-5}}^4 = 10^{-20} for CRC32C, and either
   10^{-15} or 10^{-20} for IEEE802.3.

5.2 Checksums

   For independent bit errors, Pud of CRC is approximately 12,000 better
   than Fletcher, and 22,000 better than Adler.  For burst errors, by
   the simple examples that exist for three consecutive values that can
   produce an undetected burst, we take the factor to be at least the
   same.

   If in three consecutive bytes, the error values are x, -2x, x then
   the error is undetected.  Even for this error pattern alone, the
   conditional probability of undetected error, assuming a uniform
   distribution of data, is 2^-16 = 1.5 * 10^-5.  The probability that a
   burst of length 3 bytes occurs, is f(24) = 3*10^-14.  Together:
   4.5*10^-19.  Multiplying this by the length of the code, we get close
   to 4.5*10^-16, way worse than the vicinity of 10^-40.

   The numbers in the table in Section 7 below reflect a more "tolerant"
   difference (10*4).

6. Incremental CRC Updates

   In some protocols the packet header changes frequently.  If the CRC
   includes the changing part, the CRC will have to be recomputed.  This
   raises two issues:

      - the complete computation is expensive
      - the packet is not protected against unwanted changes
        between the last check and the recomputation

   Fortunately, changes in the header do not imply a need for completed
   CRC computation.  The reason is the linearity of the CRC function.
   Namely, with I1 and I2 denoting two equal-length blocks of
   information bits, CRC(I) denoting the CRC check bits calculated for
   I, and + denoting bitwise modulo-2 addition, we have CRC(I1+I2) =
   CRC(I1)+CRC(I2).

   Hence, for an IP packet, made of a header h followed by data d
   followed by CRC bits c = CRC(h d), arriving at a node, which updates
   header h to become h', the implied update of c is an addition of
   CRC(h'-h 0), where 0 is an all 0 block of the length of the data
   block d, and addition and subtraction are bitwise modulo 2.

   We know that a predetermined permutation of bits does not change
   distance and weight statistics of the codewords.  It follows that
   such a transformation does not change the probability of undetected
   errors.

   We can then conceive the packet as if it was built from data d
   followed by header h, compute the CRC accordingly, c=CRC(d h), and
   update at the node with an addition of CRC(0 h'-h)=CRC(h'-h), but on
   transmission, send the header part before the data and the CRC bits.
   This will allow a faster computation of the CRC, while still letting
   the header part lead (no change to the protocol).

   Error detection, i.e., computing the CRC bits by the data and header
   parts that arrive, and comparing them with the CRC part that arrives
   together with them, can be done at the final, end-target node only,
   and the detected errors will include unwanted changes introduced by
   the intermediate nodes.

   The analysis of the undetected error probability remains valid
   according to the following rationale:

   The packet started its way as a codeword.  On its way, several
   codewords were added to it (any information followed by the
   corresponding CRC is a codeword).  Let e denote the totality of
   errors added to the packet, on its long, multi-hop journey.  Because
   the code is linear (i.e., the sum of two codewords is also a
   codeword) the packet arriving to the end-target node is some codeword
   + e, and hence, as in our preceding analysis, e is undetected if and
   only if it is a codeword by itself.  This fact is the basis of our
   above analysis, and hence that analysis applies here too.  (See a
   detailed discussion at [braun01].)

7. Complexity of Hardware Implementation

   Comparing the cost of various CRC polynomials, we used a tool
   available at http://www.easics.com/webtools/crctool to implement CRC
   generators/checkers for various CRC polynomials.  The program gives
   either Verilog or VHDL code after specifying a polynomial, as well as
   the number of data bits, k, to be handled in one clock cycle.  For a
   serial implementation, k would be one.

   The cost for either one generator or checker is shown in the
   following table.

   The number of 2-input XOR gates, for an un-optimized implementation,
   required for various values of k:

   +----------------------------------------------+
   | Polynomial  | k=32     | k=64     | k=128    |
   +----------------------------------------------+
   | CCITT-CRC32 | 488      | 740      | 1430     |
   +----------------------------------------------+
   | IEEE-802    | 872      | 1390     | 2518     |
   +----------------------------------------------+
   | CRC32Q(Wolf)| 944      | 1444     | 2534     |
   +----------------------------------------------+
   | CRC32C      | 1036     | 1470     | 2490     |
   +----------------------------------------------+

   After optimizing (sharing terms) and in terms of Cells (4 cells per 2
   input AND, 7 cells per 2 input XOR, 3 cells per inverter) the cost
   for two candidate polynomials is shown in the following table.

   +-----------------------------------+
   | Polynomial  | k=32     | k=64     |
   +-----------------------------------+
   | CCITT-CRC32 | 1855     | 3572     |
   +-----------------------------------+
   | CRC32C      | 4784     | 7111     |
   +-----------------------------------+

   For 32-bit datapath, CCITT-CRC32 requires 40% of the number of cells
   required by the CRC32C.  For a 64-bit datapath, CCITT-CRC32 requires
   50% of the number of cells.

   The total size of one of our smaller chips is roughly 1 million
   cells.  The fraction represented by the CRC circuit is less than 1%.

8. Implementation of CRC32C

8.1 A Serial Implementation in Hardware

   A serial implementation that processes one data bit at a time and
   performs simultaneous multiplication of the data polynomial by x^32
   and division by the CRC32C polynomial is described in the following
   Verilog [ieee1364] code.

   /////////////////////////////////////////////////////////////////////
   //File: CRC32_D1.v
   //Date: Tue Feb 26 02:47:05 2002
   //
   //Copyright (C) 1999 Easics NV.
   //This source file may be used and distributed without restriction
   //provided that this copyright statement is not removed from the file
   //and that any derivative work contains the original copyright notice
   //and the associated disclaimer.
   //
   //THIS SOURCE FILE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS
   //OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
   //WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
   //
   //Purpose: Verilog module containing a synthesizable CRC function
   //* polynomial: (0 1 2 4 5 7 8 10 11 12 16 22 23 26 32)
   //* data width: 1
   //
   //Info: jand@easics.be (Jan Decaluwe)
   //http://www.easics.com
   /////////////////////////////////////////////////////////////////////
   module CRC32_D1;
   // polynomial: (0 1 2 4 5 7 8 10 11 12 16 22 23 26 32)
   // data width: 1
   function [31:0] nextCRC32_D1;
   input Data;
   input [31:0] CRC;
   reg [0:0] D;
   reg [31:0] C;
   reg [31:0] NewCRC;
   begin
   D[0] = Data;
   C = CRC;
   NewCRC[0] = D[0] ^ C[31];
   NewCRC[1] = D[0] ^ C[0] ^ C[31];
   NewCRC[2] = D[0] ^ C[1] ^ C[31];
   NewCRC[3] = C[2];
   NewCRC[4] = D[0] ^ C[3] ^ C[31];
   NewCRC[5] = D[0] ^ C[4] ^ C[31];
   NewCRC[6] = C[5];
   NewCRC[7] = D[0] ^ C[6] ^ C[31];
   NewCRC[8] = D[0] ^ C[7] ^ C[31];
   NewCRC[9] = C[8];
   NewCRC[10] = D[0] ^ C[9] ^ C[31];
   NewCRC[11] = D[0] ^ C[10] ^ C[31];
   NewCRC[12] = D[0] ^ C[11] ^ C[31];
   NewCRC[13] = C[12];
   NewCRC[14] = C[13];

   NewCRC[15] = C[14];
   NewCRC[16] = D[0] ^ C[15] ^ C[31];
   NewCRC[17] = C[16];
   NewCRC[18] = C[17];
   NewCRC[19] = C[18];
   NewCRC[20] = C[19];
   NewCRC[21] = C[20];
   NewCRC[22] = D[0] ^ C[21] ^ C[31];
   NewCRC[23] = D[0] ^ C[22] ^ C[31];
   NewCRC[24] = C[23];
   NewCRC[25] = C[24];
   NewCRC[26] = D[0] ^ C[25] ^ C[31];
   NewCRC[27] = C[26];
   NewCRC[28] = C[27];
   NewCRC[29] = C[28];
   NewCRC[30] = C[29];
   NewCRC[31] = C[30];
   nextCRC32_D1 = NewCRC;
   end
   endfunction
   endmodule

8.2 A Parallel Implementation in Hardware

   A parallel implementation that processes 32 data bits at a time is
   described in the following Verilog [ieee1364] code.  In software
   implementations, the next state logic is typically implemented by
   means of tables indexed by the input and the current state.

   /////////////////////////////////////////////////////////////////////
   //File: CRC32_D32.v
   //Date: Tue Feb 26 02:50:08 2002
   //
   //Copyright (C) 1999 Easics NV.
   //This source file may be used and distributed without restriction
   //provided that this copyright statement is not removed from the file
   //and that any derivative work contains the original copyright notice
   //and the associated disclaimer.
   //
   //THIS SOURCE FILE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS
   //OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
   //WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
   //
   //Purpose: Verilog module containing a synthesizable CRC function
   //* polynomial: p(0 to 32) := "100000101111011000111011011110001"
   //* data width: 32
   //
   //Info: jand@easics.be (Jan Decaluwe)

   //http://www.easics.com
   /////////////////////////////////////////////////////////////////////
   module CRC32_D32;
   // polynomial: p(0 to 32) := "100000101111011000111011011110001"
   // data width: 32
   // convention: the first serial data bit is D[31]
   function [31:0] nextCRC32_D32;
   input [31:0] Data;
   input [31:0] CRC;
   reg [31:0] D;
   reg [31:0] C;
   reg [31:0] NewCRC;
   begin
   D = Data;
   C = CRC;
   NewCRC[0] = D[31] ^ D[30] ^ D[28] ^ D[27] ^ D[26] ^ D[25] ^ D[23]
   ^
   D[21] ^ D[18] ^ D[17] ^ D[16] ^ D[12] ^ D[9] ^ D[8] ^
   D[7] ^ D[6] ^ D[5] ^ D[4] ^ D[0] ^ C[0] ^ C[4] ^ C[5] ^
   C[6] ^ C[7] ^ C[8] ^ C[9] ^ C[12] ^ C[16] ^ C[17] ^
   C[18] ^ C[21] ^ C[23] ^ C[25] ^ C[26] ^ C[27] ^ C[28] ^
   C[30] ^ C[31];
   NewCRC[1] = D[31] ^ D[29] ^ D[28] ^ D[27] ^ D[26] ^ D[24] ^ D[22]
   ^
   D[19] ^ D[18] ^ D[17] ^ D[13] ^ D[10] ^ D[9] ^ D[8] ^
   D[7] ^ D[6] ^ D[5] ^ D[1] ^ C[1] ^ C[5] ^ C[6] ^ C[7] ^
   C[8] ^ C[9] ^ C[10] ^ C[13] ^ C[17] ^ C[18] ^ C[19] ^
   C[22] ^ C[24] ^ C[26] ^ C[27] ^ C[28] ^ C[29] ^ C[31];
   NewCRC[2] = D[30] ^ D[29] ^ D[28] ^ D[27] ^ D[25] ^ D[23] ^ D[20]
   ^
   D[19] ^ D[18] ^ D[14] ^ D[11] ^ D[10] ^ D[9] ^ D[8] ^
   D[7] ^ D[6] ^ D[2] ^ C[2] ^ C[6] ^ C[7] ^ C[8] ^ C[9] ^
   C[10] ^ C[11] ^ C[14] ^ C[18] ^ C[19] ^ C[20] ^ C[23] ^
   C[25] ^ C[27] ^ C[28] ^ C[29] ^ C[30];
   NewCRC[3] = D[31] ^ D[30] ^ D[29] ^ D[28] ^ D[26] ^ D[24] ^ D[21]
   ^
   D[20] ^ D[19] ^ D[15] ^ D[12] ^ D[11] ^ D[10] ^ D[9] ^
   D[8] ^ D[7] ^ D[3] ^ C[3] ^ C[7] ^ C[8] ^ C[9] ^ C[10] ^
   C[11] ^ C[12] ^ C[15] ^ C[19] ^ C[20] ^ C[21] ^ C[24] ^
   C[26] ^ C[28] ^ C[29] ^ C[30] ^ C[31];
   NewCRC[4] = D[31] ^ D[30] ^ D[29] ^ D[27] ^ D[25] ^ D[22] ^ D[21]
   ^
   D[20] ^ D[16] ^ D[13] ^ D[12] ^ D[11] ^ D[10] ^ D[9] ^
   D[8] ^ D[4] ^ C[4] ^ C[8] ^ C[9] ^ C[10] ^ C[11] ^
   C[12] ^ C[13] ^ C[16] ^ C[20] ^ C[21] ^ C[22] ^ C[25] ^
   C[27] ^ C[29] ^ C[30] ^ C[31];
   NewCRC[5] = D[31] ^ D[30] ^ D[28] ^ D[26] ^ D[23] ^ D[22] ^ D[21]
   ^

   D[17] ^ D[14] ^ D[13] ^ D[12] ^ D[11] ^ D[10] ^ D[9] ^
   D[5] ^ C[5] ^ C[9] ^ C[10] ^ C[11] ^ C[12] ^ C[13] ^
   C[14] ^ C[17] ^ C[21] ^ C[22] ^ C[23] ^ C[26] ^ C[28] ^
   C[30] ^ C[31];
   NewCRC[6] = D[30] ^ D[29] ^ D[28] ^ D[26] ^ D[25] ^ D[24] ^ D[22]
   ^
   D[21] ^ D[17] ^ D[16] ^ D[15] ^ D[14] ^ D[13] ^ D[11] ^
   D[10] ^ D[9] ^ D[8] ^ D[7] ^ D[5] ^ D[4] ^ D[0] ^ C[0] ^
   C[4] ^ C[5] ^ C[7] ^ C[8] ^ C[9] ^ C[10] ^ C[11] ^
   C[13] ^ C[14] ^ C[15] ^ C[16] ^ C[17] ^ C[21] ^ C[22] ^
   C[24] ^ C[25] ^ C[26] ^ C[28] ^ C[29] ^ C[30];
   NewCRC[7] = D[31] ^ D[30] ^ D[29] ^ D[27] ^ D[26] ^ D[25] ^ D[23]
   ^
   D[22] ^ D[18] ^ D[17] ^ D[16] ^ D[15] ^ D[14] ^ D[12] ^
   D[11] ^ D[10] ^ D[9] ^ D[8] ^ D[6] ^ D[5] ^ D[1] ^
   C[1] ^ C[5] ^ C[6] ^ C[8] ^ C[9] ^ C[10] ^ C[11] ^
   C[12] ^ C[14] ^ C[15] ^ C[16] ^ C[17] ^ C[18] ^ C[22] ^
   C[23] ^ C[25] ^ C[26] ^ C[27] ^ C[29] ^ C[30] ^ C[31];
   NewCRC[8] = D[25] ^ D[24] ^ D[21] ^ D[19] ^ D[15] ^ D[13] ^ D[11]
   ^
   D[10] ^ D[8] ^ D[5] ^ D[4] ^ D[2] ^ D[0] ^ C[0] ^ C[2] ^
   C[4] ^ C[5] ^ C[8] ^ C[10] ^ C[11] ^ C[13] ^ C[15] ^
   C[19] ^ C[21] ^ C[24] ^ C[25];
   NewCRC[9] = D[31] ^ D[30] ^ D[28] ^ D[27] ^ D[23] ^ D[22] ^ D[21]
   ^
   D[20] ^ D[18] ^ D[17] ^ D[14] ^ D[11] ^ D[8] ^ D[7] ^
   D[4] ^ D[3] ^ D[1] ^ D[0] ^ C[0] ^ C[1] ^ C[3] ^ C[4] ^
   C[7] ^ C[8] ^ C[11] ^ C[14] ^ C[17] ^ C[18] ^ C[20] ^
   C[21] ^ C[22] ^ C[23] ^ C[27] ^ C[28] ^ C[30] ^ C[31];
   NewCRC[10] = D[30] ^ D[29] ^ D[27] ^ D[26] ^ D[25] ^ D[24] ^
   D[22] ^
   D[19] ^ D[17] ^ D[16] ^ D[15] ^ D[7] ^ D[6] ^ D[2] ^
   D[1] ^ D[0] ^ C[0] ^ C[1] ^ C[2] ^ C[6] ^ C[7] ^ C[15] ^
   C[16] ^ C[17] ^ C[19] ^ C[22] ^ C[24] ^ C[25] ^ C[26] ^
   C[27] ^ C[29] ^ C[30];
   NewCRC[11] = D[21] ^ D[20] ^ D[12] ^ D[9] ^ D[6] ^ D[5] ^ D[4] ^
   D[3] ^ D[2] ^ D[1] ^ D[0] ^ C[0] ^ C[1] ^ C[2] ^ C[3] ^
   C[4] ^ C[5] ^ C[6] ^ C[9] ^ C[12] ^ C[20] ^ C[21];
   NewCRC[12] = D[22] ^ D[21] ^ D[13] ^ D[10] ^ D[7] ^ D[6] ^ D[5] ^
   D[4] ^ D[3] ^ D[2] ^ D[1] ^ C[1] ^ C[2] ^ C[3] ^ C[4] ^
   C[5] ^ C[6] ^ C[7] ^ C[10] ^ C[13] ^ C[21] ^ C[22];
   NewCRC[13] = D[31] ^ D[30] ^ D[28] ^ D[27] ^ D[26] ^ D[25] ^
   D[22] ^
   D[21] ^ D[18] ^ D[17] ^ D[16] ^ D[14] ^ D[12] ^ D[11] ^
   D[9] ^ D[3] ^ D[2] ^ D[0] ^ C[0] ^ C[2] ^ C[3] ^ C[9] ^
   C[11] ^ C[12] ^ C[14] ^ C[16] ^ C[17] ^ C[18] ^ C[21] ^
   C[22] ^ C[25] ^ C[26] ^ C[27] ^ C[28] ^ C[30] ^ C[31];
   NewCRC[14] = D[30] ^ D[29] ^ D[25] ^ D[22] ^ D[21] ^ D[19] ^

   D[16] ^
   D[15] ^ D[13] ^ D[10] ^ D[9] ^ D[8] ^ D[7] ^ D[6] ^
   D[5] ^ D[3] ^ D[1] ^ D[0] ^ C[0] ^ C[1] ^ C[3] ^ C[5] ^
   C[6] ^ C[7] ^ C[8] ^ C[9] ^ C[10] ^ C[13] ^ C[15] ^
   C[16] ^ C[19] ^ C[21] ^ C[22] ^ C[25] ^ C[29] ^ C[30];
   NewCRC[15] = D[31] ^ D[30] ^ D[26] ^ D[23] ^ D[22] ^ D[20] ^
   D[17] ^
   D[16] ^ D[14] ^ D[11] ^ D[10] ^ D[9] ^ D[8] ^ D[7] ^
   D[6] ^ D[4] ^ D[2] ^ D[1] ^ C[1] ^ C[2] ^ C[4] ^ C[6] ^
   C[7] ^ C[8] ^ C[9] ^ C[10] ^ C[11] ^ C[14] ^ C[16] ^
   C[17] ^ C[20] ^ C[22] ^ C[23] ^ C[26] ^ C[30] ^ C[31];
   NewCRC[16] = D[31] ^ D[27] ^ D[24] ^ D[23] ^ D[21] ^ D[18] ^
   D[17] ^
   D[15] ^ D[12] ^ D[11] ^ D[10] ^ D[9] ^ D[8] ^ D[7] ^
   D[5] ^ D[3] ^ D[2] ^ C[2] ^ C[3] ^ C[5] ^ C[7] ^ C[8] ^
   C[9] ^ C[10] ^ C[11] ^ C[12] ^ C[15] ^ C[17] ^ C[18] ^
   C[21] ^ C[23] ^ C[24] ^ C[27] ^ C[31];
   NewCRC[17] = D[28] ^ D[25] ^ D[24] ^ D[22] ^ D[19] ^ D[18] ^
   D[16] ^
   D[13] ^ D[12] ^ D[11] ^ D[10] ^ D[9] ^ D[8] ^ D[6] ^
   D[4] ^ D[3] ^ C[3] ^ C[4] ^ C[6] ^ C[8] ^ C[9] ^ C[10] ^
   C[11] ^ C[12] ^ C[13] ^ C[16] ^ C[18] ^ C[19] ^ C[22] ^
   C[24] ^ C[25] ^ C[28];
   NewCRC[18] = D[31] ^ D[30] ^ D[29] ^ D[28] ^ D[27] ^ D[21] ^
   D[20] ^
   D[19] ^ D[18] ^ D[16] ^ D[14] ^ D[13] ^ D[11] ^ D[10] ^
   D[8] ^ D[6] ^ D[0] ^ C[0] ^ C[6] ^ C[8] ^ C[10] ^ C[11] ^
   C[13] ^ C[14] ^ C[16] ^ C[18] ^ C[19] ^ C[20] ^ C[21] ^
   C[27] ^ C[28] ^ C[29] ^ C[30] ^ C[31];
   NewCRC[19] = D[29] ^ D[27] ^ D[26] ^ D[25] ^ D[23] ^ D[22] ^
   D[20] ^
   D[19] ^ D[18] ^ D[16] ^ D[15] ^ D[14] ^ D[11] ^ D[8] ^
   D[6] ^ D[5] ^ D[4] ^ D[1] ^ D[0] ^ C[0] ^ C[1] ^ C[4] ^
   C[5] ^ C[6] ^ C[8] ^ C[11] ^ C[14] ^ C[15] ^ C[16] ^
   C[18] ^ C[19] ^ C[20] ^ C[22] ^ C[23] ^ C[25] ^ C[26] ^
   C[27] ^ C[29];
   NewCRC[20] = D[31] ^ D[25] ^ D[24] ^ D[20] ^ D[19] ^ D[18] ^
   D[15] ^
   D[8] ^ D[4] ^ D[2] ^ D[1] ^ D[0] ^ C[0] ^ C[1] ^ C[2] ^
   C[4] ^ C[8] ^ C[15] ^ C[18] ^ C[19] ^ C[20] ^ C[24] ^
   C[25] ^ C[31];
   NewCRC[21] = D[26] ^ D[25] ^ D[21] ^ D[20] ^ D[19] ^ D[16] ^ D[9]
   ^
   D[5] ^ D[3] ^ D[2] ^ D[1] ^ C[1] ^ C[2] ^ C[3] ^ C[5] ^
   C[9] ^ C[16] ^ C[19] ^ C[20] ^ C[21] ^ C[25] ^ C[26];
   NewCRC[22] = D[31] ^ D[30] ^ D[28] ^ D[25] ^ D[23] ^ D[22] ^
   D[20] ^
   D[18] ^ D[16] ^ D[12] ^ D[10] ^ D[9] ^ D[8] ^ D[7] ^

   D[5] ^ D[3] ^ D[2] ^ D[0] ^ C[0] ^ C[2] ^ C[3] ^ C[5] ^
   C[7] ^ C[8] ^ C[9] ^ C[10] ^ C[12] ^ C[16] ^ C[18] ^
   C[20] ^ C[22] ^ C[23] ^ C[25] ^ C[28] ^ C[30] ^ C[31];
   NewCRC[23] = D[30] ^ D[29] ^ D[28] ^ D[27] ^ D[25] ^ D[24] ^
   D[19] ^
   D[18] ^ D[16] ^ D[13] ^ D[12] ^ D[11] ^ D[10] ^ D[7] ^
   D[5] ^ D[3] ^ D[1] ^ D[0] ^ C[0] ^ C[1] ^ C[3] ^ C[5] ^
   C[7] ^ C[10] ^ C[11] ^ C[12] ^ C[13] ^ C[16] ^ C[18] ^
   C[19] ^ C[24] ^ C[25] ^ C[27] ^ C[28] ^ C[29] ^ C[30];
   NewCRC[24] = D[31] ^ D[30] ^ D[29] ^ D[28] ^ D[26] ^ D[25] ^
   D[20] ^
   D[19] ^ D[17] ^ D[14] ^ D[13] ^ D[12] ^ D[11] ^ D[8] ^
   D[6] ^ D[4] ^ D[2] ^ D[1] ^ C[1] ^ C[2] ^ C[4] ^ C[6] ^
   C[8] ^ C[11] ^ C[12] ^ C[13] ^ C[14] ^ C[17] ^ C[19] ^
   C[20] ^ C[25] ^ C[26] ^ C[28] ^ C[29] ^ C[30] ^ C[31];
   NewCRC[25] = D[29] ^ D[28] ^ D[25] ^ D[23] ^ D[20] ^ D[17] ^
   D[16] ^
   D[15] ^ D[14] ^ D[13] ^ D[8] ^ D[6] ^ D[4] ^ D[3] ^
   D[2] ^ D[0] ^ C[0] ^ C[2] ^ C[3] ^ C[4] ^ C[6] ^ C[8] ^
   C[13] ^ C[14] ^ C[15] ^ C[16] ^ C[17] ^ C[20] ^ C[23] ^
   C[25] ^ C[28] ^ C[29];
   NewCRC[26] = D[31] ^ D[29] ^ D[28] ^ D[27] ^ D[25] ^ D[24] ^
   D[23] ^
   D[15] ^ D[14] ^ D[12] ^ D[8] ^ D[6] ^ D[3] ^ D[1] ^
   D[0] ^ C[0] ^ C[1] ^ C[3] ^ C[6] ^ C[8] ^ C[12] ^ C[14] ^
   C[15] ^ C[23] ^ C[24] ^ C[25] ^ C[27] ^ C[28] ^ C[29] ^
   C[31];
   NewCRC[27] = D[31] ^ D[29] ^ D[27] ^ D[24] ^ D[23] ^ D[21] ^
   D[18] ^
   D[17] ^ D[15] ^ D[13] ^ D[12] ^ D[8] ^ D[6] ^ D[5] ^
   D[2] ^ D[1] ^ D[0] ^ C[0] ^ C[1] ^ C[2] ^ C[5] ^ C[6] ^
   C[8] ^ C[12] ^ C[13] ^ C[15] ^ C[17] ^ C[18] ^ C[21] ^
   C[23] ^ C[24] ^ C[27] ^ C[29] ^ C[31];
   NewCRC[28] = D[31] ^ D[27] ^ D[26] ^ D[24] ^ D[23] ^ D[22] ^
   D[21] ^
   D[19] ^ D[17] ^ D[14] ^ D[13] ^ D[12] ^ D[8] ^ D[5] ^
   D[4] ^ D[3] ^ D[2] ^ D[1] ^ D[0] ^ C[0] ^ C[1] ^ C[2] ^
   C[3] ^ C[4] ^ C[5] ^ C[8] ^ C[12] ^ C[13] ^ C[14] ^
   C[17] ^ C[19] ^ C[21] ^ C[22] ^ C[23] ^ C[24] ^ C[26] ^
   C[27] ^ C[31];
   NewCRC[29] = D[28] ^ D[27] ^ D[25] ^ D[24] ^ D[23] ^ D[22] ^
   D[20] ^
   D[18] ^ D[15] ^ D[14] ^ D[13] ^ D[9] ^ D[6] ^ D[5] ^
   D[4] ^ D[3] ^ D[2] ^ D[1] ^ C[1] ^ C[2] ^ C[3] ^ C[4] ^
   C[5] ^ C[6] ^ C[9] ^ C[13] ^ C[14] ^ C[15] ^ C[18] ^
   C[20] ^ C[22] ^ C[23] ^ C[24] ^ C[25] ^ C[27] ^ C[28];
   NewCRC[30] = D[29] ^ D[28] ^ D[26] ^ D[25] ^ D[24] ^ D[23] ^
   D[21] ^

   D[19] ^ D[16] ^ D[15] ^ D[14] ^ D[10] ^ D[7] ^ D[6] ^
   D[5] ^ D[4] ^ D[3] ^ D[2] ^ C[2] ^ C[3] ^ C[4] ^ C[5] ^
   C[6] ^ C[7] ^ C[10] ^ C[14] ^ C[15] ^ C[16] ^ C[19] ^
   C[21] ^ C[23] ^ C[24] ^ C[25] ^ C[26] ^ C[28] ^ C[29];
   NewCRC[31] = D[30] ^ D[29] ^ D[27] ^ D[26] ^ D[25] ^ D[24] ^
   D[22] ^
   D[20] ^ D[17] ^ D[16] ^ D[15] ^ D[11] ^ D[8] ^ D[7] ^
   D[6] ^ D[5] ^ D[4] ^ D[3] ^ C[3] ^ C[4] ^ C[5] ^ C[6] ^
   C[7] ^ C[8] ^ C[11] ^ C[15] ^ C[16] ^ C[17] ^ C[20] ^
   C[22] ^ C[24] ^ C[25] ^ C[26] ^ C[27] ^ C[29] ^ C[30];
   nextCRC32_D32 = NewCRC;
   end
   endfunction

8.3 Some Hardware Implementation Comments

   The iSCSI spec specifies that the most significant 32 bits of the
   data be complemented prior to performing the CRC computation.  For
   most implementations of the CRC algorithm, such as the ones described
   here, which perform simultaneous multiplication by x^32 and division
   by the CRC polynomial, this is equivalent to initializing the CRC
   register to ones regardless of the CRC polynomial.  For other
   implementations, in particular one that only performs division by the
   CRC polynomial (and for which the prescribed multiplication by x^32
   is performed externally) initializing the CRC register to ones does
   not have the same effect as complementing the most significant 32
   bits of the message.  With such implementations, for the CRC32c
   polynomial, initializing the CRC register to 0x2a26f826 has the same
   effect as complementing the most significant 32 bits of the data.
   See reference [Tuikov&Cavanna] for more details.

8.4 Fast Hardware Implementation References

   Fast hardware implementations start from a canonic scheme (as the one
   presented in 7.2) and optimize it based on different criteria.  Two
   classic papers on this subject are [Albertengo1990] and [Glaise1997].
   A more modern (and systematic) approach can be found in [Shie2001]
   and [Sprachman2001].

9. Summary and Conclusions

   The following table is a summary of the error detection capabilities
   of the different codes analyzed.  In the table, d is the minimal
   distance at block length block (in bits), i/byte - software
   instructions/byte, Table size (if table lookup needed), T-look number
   of lookups/byte, Pudb - Pud burst and Puds - Pud sporadic:

   +-----------------------------------------------------------+
   | Code      |d| Block |i/Byte|Tsize|T-look| Pudb   | Puds   |
   +-----------------------------------------------------------+
   | Fletcher32|3| 2^19  | 2    |  -  | -    | 10^-37 | 10^-36 |
   +-----------------------------------------------------------+
   | Adler32   |3| 2^19  | 3    |  -  | -    | 10^-36 | 10^-35 |
   +-----------------------------------------------------------+
   | IEEE-802  |3| 2^16  | 2.75 | 2^18| 0.5/b| 10^-41 | 10^-40 |
   +-----------------------------------------------------------+
   | CRC32C    |3| 2^31-1| 2.75 | 2^18| 0.5/b| 10^-41 | 10^-40 |
   +-----------------------------------------------------------+

   The probabilities for undetected errors in the above table are
   computed assuming uniformly distributed data.  For real data - that
   can be biased - [Stone98], checksums behave substantially worse than
   CRCs.

   Considering the protection level it offers, the lack of sensitivity
   for biased data and the large block it can protect, we think that
   CRC32C is a good choice as a basic error detection mechanism for
   iSCSI.

   Please observe also that burst errors characterized by a fixed
   average time will have a higher impact on error detection capability
   as the speed of the channels (machines and networks) increases.  The
   only way to keep the Pud within bounds for the long-term is to reduce
   the BER by using better coding of lower levels of the channel.

10. Security Considerations

   These codes detect unintentional changes to data such as those caused
   by noise. In an environment where an attacker can change the data, it
   can also change the error-detection code to match the new data.
   Therefore, the error-detection codes overviewed here do not provide
   protection against attacks.  Indeed, these codes are not intended for
   security purposes; they are meant to be used within some application,
   and the application's threat model and security design control the
   security considerations for the use of the CRC.

11. References and Bibliography

   [Albertengo1990] G. Albertengo, R. Sisto, "Parallel CRC Generation
                    IEEE Micro", Vol. 10, No. 5, October 1990, pp. 63-
                    71.

   [Arazi]          B Arazi, "A commonsense Approach to the Theory of
                    Error Correcting codes".

   [Baicheva]       T Baicheva, S Dodunekov and P Kazakov, "Undetected
                    error probability performance of cyclic redundancy-
                    check codes of 16-bit redundancy", IEEE Proceedings
                    on Communications, 147:253-256, October 2000.

   [Black]          "Fast CRC32 in Software"  by Richard Black, 1994, at
                    www.cl.cam.ac.uk/Research/SRG/bluebook/21/crc/crc.
                    html.

   [Castagnoli93]   Guy Castagnoli, Stefan Braeuer and Martin Herrman
                    "Optimization of Cyclic Redundancy-Check Codes with
                    24 and 32 Parity Bits", IEEE Transact. on
                    Communications, Vol. 41, No. 6, June 1993.

   [braun01]        Florian Braun and Marcel Waldvogel, "Fast
                    Incremental CRC Updates for IP over ATM Networks",
                    IEEE, High Performance Switching and Routing, 2001,
                    pp. 48-52.

   [FITS]           "NASA FITS documents" at http://heasarc.gsfc.nasa.
                    gov/docs/heasarc/ofwg/docs/general/checksum/node26.
                    html.

   [Fujiwara89]     Toru Fujiwara, Tadao Kasami, and Shu Lin, "Error
                    detecting capabilities of the shortened hamming
                    codes adopted forerror detection in IEEE standard
                    802.3", IEEE Transactions on Communications, COM-
                    37:986989, September 1989.

   [Glaise1997]     Glaise, R. J., "A two-step computation of cyclic
                    redundancy code CRC-32 for ATM networks", IBM
                    Journal of Research and Development, Volume 41,
                    Number 6, 1997.

   [ieee1364]       IEEE Standard Hardware Description Language Based on
                    the Verilog Hardware Description Language, IEEE
                    Standard 1364-1995, December 1995.

   [LinCostello]    S. Lin and D.J. Costello, Jr., "Error Control
                    Coding: Fundamentals and Applications", Englewood
                    Cliffs, NJ: Prentice Hall, 1983.

   [Peterson]       W Wesley Peterson & E J Weldon - Error Correcting
                    Codes - First Edition 1961/Second Edition 1972.

   [RFC2026]        Bradner, S., "The Internet Standards Process --
                    Revision 3", BCP 9, RFC 2026, October 1996.

   [Ritter]         Ritter, T. 1986. The Great CRC Mystery. Dr. Dobb's
                    Journal of Software Tools. February. 11(2): 26-34,
                    76-83.

   [Polynomials]    "Information on Primitive and Irreducible
                    Polynomials" at http://www.theory.csc.uvic.ca/~cos/
                    inf/neck/PolyInfo.html.

   [RFC1146]        Zweig, J. and C. Partridge, "TCP Alternate Checksum
                    Options", RFC 1146, March 1990.

   [RFC1950]        Deutsch, P. and J. Gailly, "ZLIB Compressed Data
                    Format Specification version 3.3", RFC 1950, May
                    1996.

   [Shie2001]       Ming-Der Shieh, et. al, "A Systematic Approach for
                    Parallel CRC Computations", Journal of Information
                    Science and Engineering, Vol.17 No.3, pp.445-461.

   [Sprachman2001]  Michael Sprachman, "Automatic Generation of Parallel
                    CRC Circuits", IEEE Design & Test May-June 2001.

   [Stone98]        J. Stone et. al., "Performance of Checksums and
                    CRC's over Real Data", IEEE/ACM Transactions on
                    Networking, Vol. 6, No. 5, October 1998.

   [Williams]       Ross Williams - A PAINLESS GUIDE TO CRC ERROR
                    DETECTION ALGORITHMS widely available on the net -
                    (e.g., ftp.adelaide.edu.au/pub/rocksoft/crc_v3.txt)

   [Wolf82]         J.K. Wolf, Arnold Michelson and Allen Levesque, "On
                    the probability of undetected error for linear block
                    codes", IEEE Transactions on Communications, COM-30:
                    317-324, 1982.

   [Wolf88]         J.K. Wolf, R.D. Blackeney, "An Exact Evaluation of
                    the Probability of Undetected Error for Certain
                    Shortened Binary CRC Codes", Proc. MILCOM - IEEE
                    1988.

   [Wolf94J]        J.K. Wolf and Dexter Chun, "The single burst error
                    detection performance of binary cyclic codes", IEEE
                    Transactions on Communications COM-42:11-13, January
                    1994.

   [Wolf94O]        Dexter Chun and J.K. Wolf, "Special Hardware for
                    computing the probability of undetected error for
                    certain binary crc codes and test results", IEEE
                    Transactions on Communications, COM-42:2769-2772.

   [Tuikov&Cavanna] Luben Tuikov and Vicente Cavanna, "The iSCSI CRC32C
                    Digest and the Simultaneous Multiply and Divide
                    Algorithm", January 30, 2002. White paper
                    distributed to the IETF ips iSCSI reflector.

12. Acknowledgements

   We would like to thank Matt Wakeley for providing us with the
   motivation to co-author this paper and for helpful discussions on the
   subject matter, during his employment with Agilent.

13. Authors' Addresses

   Julian Satran
   IBM, Haifa Research Lab
   MATAM - Advanced Technology Center
   Haifa 31905, Israel
   EMail: julian_satran@il.ibm.com

   Dafna Sheinwald
   IBM, Haifa Research Lab
   MATAM - Advanced Technology Center
   Haifa 31905, Israel
   EMail: Dafna_Sheinwald@il.ibm.com

   Pat Thaler
   Agilent Technologies
   1101 Creekside Ridge Drive
   Suite 100, M/S RH21
   Roseville, CA 95661
   EMail: pat_thaler@agilent.com

   Vicente Cavanna
   Agilent Technologies
   1101 Creekside Ridge Drive
   Suite 100, M/S RH21
   Roseville, CA 95661
   EMail: vince_cavanna@agilent.com

14.  Full Copyright Statement

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assigns.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.

 

User Contributions:

Comment about this RFC, ask questions, or add new information about this topic: