2

I understand that, as stated here, CRC is not linear (with respect to XOR operator) in general, because it could be initialized with a non-zero value.

I was wondering how to prove linearity, when zero is used as the initial value for CRC. Basically, I'm trying to prove the following equation: (with ⊕ being the XOR operator) $$ \mathrm{CRC}(a) \oplus \mathrm{CRC}(b) = \mathrm{CRC}(a \oplus b) \qquad \mathrm{(1)} $$

Moreover, the accepted answer of this question states that even when a non-zero value is used for CRC initialization, the following equation still holds for any three bit-strings of equal length: $$ \mathrm{CRC}(a) \oplus \mathrm{CRC}(b) \oplus \mathrm{CRC}(c) = \mathrm{CRC}(a \oplus b \oplus c) \qquad\mathrm{(2)} $$

I'm looking for a proof for each of the above equations.

P.S.

  1. In each of the mentioned links, there is some sort of explanation for linearity of CRC, but I didn't quite understand some of them, and with all due respect, I didn't find any of them to be a solid proof.

  2. Actually, the proofs are meant for an assignment for a Network Security course, with the subject of assignment being weaknesses of WEP protocol. So if some assumptions are needed to prove the equations, that wouldn't be a problem.

Ali Bababeig
  • 21
  • 3
  • 2
    In order to make a proof, you'll have to use a definition of $\operatorname{CRC}$. If the course is giving one, you want to write it in the question. A simple one for CRC with initialization at zero is $\operatorname{CRC}(a)=A(x)x^k\bmod P(x)$ where all polynomials have coefficients in $\mathbb F_2$; $k$ is the degree of the fixed reduction polynomial $P(x)$; $A(x)$ is the polynomial with the coefficients the bits of $a$, most significant bit first; and the transmitted CRC is the coefficients of the result, from $k-1$ down to $0$. Eq. (1) follows from rules of polynomial arithmetic. – fgrieu Jun 05 '22 at 19:21
  • @fgrieu That's an answer, not a comment! – Dilip Sarwate Jun 08 '22 at 18:38

0 Answers0