ANALYSIS OF CRC-POLYNOMIALS FOR SAFETY-CRITICAL

COMMUNICATION BY DETERMINISTIC AND STOCHASTIC AUTOMATA

Frank Schiller and Tina Mattes

Munich University of Technology

Institute of Information Technology in Mechanical Engineering
Automation Group
Boltzmannstr. 15, D-85748 Garching near Munich
{Schiller, Mattes}@itm.tum.de

Abstract: The Cyclic Redundancy Check (CRC) is an efficient method to ensure a low
probability of undetected errors in data transmission using a checksum as a result of poly-
nomial division. However, this probability depends extremely on the polynomial used.
Although CRC is well established in communication, it is still a challenge to identify
suitable polynomials. The determination of their characteristics becomes very complex in
safety-critical applications, where many data have to be exchanged with minimal residual
error probability. This complexity is handled by means of deterministic and stochastic
automata in the presented solution. Copyright 2006 IFAC

Keywords: data transmission, error-detecting codes, checksum, modeling errors,

deterministic automaton, stochastic automaton, safety analysis.

1. INTRODUCTION zero voltage). These kinds of states are usually faster

Transmission of data is an essential functionality in
automation systems. Sensors send data to processing
units like Programmable Logic Controllers (PLC)
and these PLCs send data to actuators affecting the
machine under control. In decentralized structures,
data are more and more processed by intelligent sen-
sors and actuators. In all cases, the integrity of
transmitted data is one of the most important features
of industrial communication and determines the
quality of the overall automation system.
Several techniques have been developed in commu-
nication in order to detect and to correct errors, cf.
e.g. (Blahut, 2003; MacWilliams and Sloane, 1991;
Merchant, 2003; Sweeney, 1991). The goal of safety-
critical communication is to detect errors and to initi-
ate the transition of the overall process into a safe
state, see e.g. (IEC 61508, 2005). That state is not
necessarily the normal one but may also be a state of
reduced functionality (like e.g. state of low speed or
and easier to achieve than the state of normal opera-
tion.
In the paper, the established and well known algo-
rithm for error detection CRC is modeled by specific
deterministic and stochastic automata in order to
enable the calculation of residual error probability
and additional characteristics for telegrams of length
up to kilobytes.
The paper is structured as follows. After the presen-
tation of the principle of CRC with some remarks
about realization in Section 2 the problem of deter-
mination of residual error probability is stated in
Section 3 and some essential assumptions are for-
mulated. Current solutions to that problem are men-
tioned in Section 4. The new solution based on
automata is explained in Section 5. Since there are
assumptions necessary to solve the problem in Sec-
tions 4 and 5, additional characteristics are to be
determined (Section 6). A few examples are given in
Section 7. Section 8 contains some conclusions.

944
 2. PRINCIPLE OF CRC
The CRC is an efficient method to create and evalu-
ate checksums for error detection. There the original
message (called information bits or net data ND)
consisting of m bits is handled as a binary polyno-
mial nd(x) of degree m-1 that is multiplied by xr and
divided by the generator polynomial g(x) of degree r.
The resulting remaining polynomial fcs(x) of degree
r-1 is called Frame Check Sequence (FCS) of length
r, cf. (Castagnoli, 1989; Merchant, 2003; Wagner,
1993; Wagner, 1986):
( nd ( x ) x r ) mod g ( x ) = fcs( x ) .
For instance, the bit pattern ND=[1010111] leads to
nd ( x ) = 1 x 6 + 0 x 5 + 1 x 4 + 0 x 3 + 1 x 2 + 1 x1 + 1 x 0
= x 6 + x 4 + x 2 + x + 1.
Assuming the generator polynomial g(x)=x3+1, the
FCS is obtained by applying equation (1):
(( x 6 + x 4 + x 2 + x + 1) x 3 ) mod( x 3 + 1) = x 2 .
That means, the bit pattern FCS=[100] has to be
added to the original data ND. The resulting bit pat-
tern of length n=m+r is called telegram TEL. In the
example, the telegram consists of ten bits, i.e.
TEL=[1010111100]. It can be proved, see e.g.
(Wagner, 1993), that the following equation holds:
tel ( x ) mod g ( x )
= ( nd ( x ) x r + fcs( x )) mod g ( x ) = 0.
The polynomial arithmetic is well described in e.g.
(Merchant, 2003) and (Wagner, 1993) and is not
needed in the following.
Realizations of CRC are developed for hardware and
software, cf. e.g. (Castagnoli, 1989; Wagner, 1993).
A standard way to implement the polynomial opera-
tion (1) is the application of a linear feedback shift
register (see Fig. 1). The number of bits of the regis-
ter is equal to the degree r of g(x). The gi denote the
coefficients of g(x), and the bits of the register are
denoted by zi. The overall bit pattern of z=[zr-1 z0]
represents the state of the register. The input is sym-
bolized by u. For u(x)=nd(x)xr, the final state corre-
sponds to the solution of (1), for u(x)=tel(x) to the
solution of (2).
zr-1 zr-2 zr-3 ... z1
logical XOR
logical AND
gr=1 gr-1 gr-2 g1
...
Fig. 1. Implementation of CRC by linear feedback
shift register.
A rough estimation of the residual error probability
Pre of CRC examines only the ratio of the number of
non-detectable erroneous bit patterns of TEL to all
possible erroneous bit patterns of TEL. The ratio can
be calculated as follows, cf. e.g. (Merchant, 2003):
~ 2 1 2 1
m m
Pre = n = m+r < 2 r.
2 1 2 1
The estimation (3) is sufficient for many applications
like transmission of voice, but not for safety-critical
communication where the residual error probability
is closely related to hazards and accidents.
3. PROBLEM DESCRIPTION
The actual residual error probability depends on the
length of the telegram n, the generator polynomial
g(x), and the bit error probability p.
The bit error probability is the probability of corrup-
tion of one bit. Usually a Binary Symmetric Channel
(BSC) is assumed, cf. (Peterson and Weldon, 1996):
Each bit is corrupted independently of other bits, and
a corruption from value 0 to value 1 occurs with
same probability like a corruption from value 1 to
value 0. Additionally, values of p between 0 and 0.5
(1) are considered only. Some additional characteristics
without these assumptions are analyzed in Section 6.
The problem of determination of the residual error
probability is stated as follows:
Given: length of telegram n,
generator polynomial g(x) of degree r,
bit error probability 0<p0.5,
Find: residual error probability Pre.
The estimation (3) holds exactly for uniform distri-
bution at p=0.5 independently of the generator poly-
nomial. Therefore, the maximum value of Pre cannot
be less than 2-r.
4. CURRENT SOLUTIONS
(2)
Three main methods are distinguished in the litera-
ture, cf. Fig. 2.
Given: generator polynomial / telegram length
Monte Carlo Direct code Transformed code
method analysis analysis
(weights) Ai
MacWilliams Identity
Bi (dual weights)
Pre Pre= f(Ai) Pre= f(Bi)
Fig. 2. Survey of current solutions (Mattes, 2004).
Direct code analysis. All 2m undetectable error pat-
terns have to be generated explicitly because there
exist 2m multiples of g(x) satisfying (2). The number
of those of i erroneous bits (weights Ai) have to be
counted. Using these weights, Pre is calculated by
n
Pre = Ai p i (1 p ) n i .
i =1
Obviously, the generation of all these error patterns
z0 u
leads to a complexity of 2m and the computation be-
comes feasible only for short telegrams.
g0 = 1
Transformed code analysis. Instead of generating all
undetectable error patterns of the original code, a
much smaller set of error patterns of the corre-
sponding dual code is generated (with complexity of
2r). The weights Bi of this code have to be deter-
mined. Based on these dual weights it is either possi-
ble to calculate Pre directly or to calculate the weights
Ai of the original code by means of the MacWilliams
Identity (MacWilliams and Sloane, 1991; Wolf, et
(3) al., 1982). Both alternatives lead often to numerical
problems and inaccurate results (Mattes 2004).
Monte-Carlo-Simulation. Random samples are used
to estimate Pre by the ratio of the number of unde-
tectable error patterns to the number of samples. This
945
method is an incomplete determination of estimation z(k) z(k+1)
(3) and therefore not reasonably applicable in safety- u(k)=0
0 0
critical applications. u(k)=1 u(k)=1

1 u(k)=0 1
5. SOLUTION BY MEANS OF AUTOMATA u(k)=0
u(k)=1
In the following, errors are modeled by superim- u(k)=1
2 u(k)=0 2
posed bit patterns (Section 5.1), and the correspond-
u(k)=1 u(k)=0
ing CRC process is modeled by a deterministic . .
automaton (Section 5.2). Its state relates to the state . .
. .
of the register in Fig. 1. The state transitions are ex-
tended by probabilities resulting from the bit error u(k)=1
2r-1 u(k)=0 2r-1
probability in the stochastic automaton (Section 5.3).
u(k)=1 u(k)=0
5.1 Modeling errors Fig. 3. Signal flow graph of the deterministic auto-
mata (5) of CRC.
Errors can be described by superimposed bit patterns
f(x). In this way, the CRC in the receiver checks the The state z(n)=(100)T in the receiver means that
following (cf. (2)): either an error-free or a non-detectable erroneous
transmission occurred, cf. (2).
(tel ( x ) + f ( x )) mod g ( x ) = 0 ?
Besides the application of the automaton (5) to the
That is (in the binary polynomial space) equivalent to calculation of fcs(x) in the sender (1) or to the check
tel ( x ) mod g ( x ) + f ( x ) mod g ( x ) = 0 ? of a telegram in the receiver (2), the automaton can
be applied to (4) as well. There each input bit at
Since equation (2) holds, the CRC in the receiver is
identical to the check value 1 means an erroneous bit (u(k)=f(k)). Since no
error could have occurred in the beginning, the
f ( x ) mod g ( x ) = 0 ? (4) process starts with state number 0.
Therefore, the analysis can be reduced to the specific z (k + 1)
case TEL=[00], where erroneous bits are modeled = M u =0 z ( k ) (1 f ( k )) + M u =1 z (k ) f ( k ), (6)
by bits at value 1 without any loss of validity, see z (0) = (1 0 K 0)T .
e.g. (Mattes, 2004; Wagner, 1993). In the next step, an extension of model (6) is made by
distinction of error-free state (0ok) and non detectable
5.2 Deterministic model of the CRC-process
erroneous state (0f). The modified signal flow graph
The implementation in Fig. 1 can be modeled by a is shown in Fig. 4.
deterministic automaton (Schiller and Mattes, 2005). z*(k) z*(k+1)
The input u is the telegram that is bitwise shifted into f(k)=0
0ok 0ok
the register. The present bit pattern z(k) in the regis- f(k)=1
ter and the present input bit u(k) determine the next
bit pattern z(k+1) in the register. The register content 0f f(k)=0 0f
f(k)=1
is therefore considered to be the state z of the f(k)=1
automaton in the following. The polynomial notation f(k)=0
1 f(k)=0 1
of the final state at k=n, z(n), is equivalent to the
f(k)=1
result of the CRC, see Section 2. Table 1 contains f(k)=1
f(k)=0
some examples of notations of the state. 2 2
f(k)=1 f(k)=0
Table 1. Notations of the state of the CRC .
.
.
.
. .
bit pattern state no. z(k)
[0 0 0 0] 0 (1 0 0 0 0 0 0)T f(k)=1
f(k)=0
[0 0 0 1] 1 (0 1 0 0 0 0 0)T 2r-1 2r-1
[0 0 1 0] 2 (0 0 1 0 0 0 0)T f(k)=1 f(k)=0
[0 0 1 1] 3 (0 0 0 1 0 0 0)T Fig. 4. Signal flow graph of the extended determinis-

tic automata (7) of CRC.
[1 1 1 1] 2r-1 (0 0 0 0 0 0 1)T
There the relation
The deterministic automaton can be formulated by z * ( k + 1)
z ( k + 1) = M *u =0 z * (k ) (1 f (k )) + M *u =1 z * ( k ) f (k ), (7)
= M u =0 z (k ) (1 u(k )) + M u =1 z (k ) u( k ), (5) z * (0) = (1 0 K 0)T
z (0) = (1 0 K 0) T . holds. The asterisk denotes the modified state space
Matrices M denote the transition matrices given u=0 compared to (6). The process starts here with the
or u=1, respectively. Each row and each column error-free state number 0ok.
contain exactly one 1 and remaining zeros. The In contrast to model (6), model (7) describes explic-
corresponding signal flow graph is depicted in Fig. 3. itly whether the register state at number 0 is a result
There the state values of z are symbolized by their of an error (state number 0f) or not (state number 0ok),
numbers according to Table 1. cf. Fig. 4.

946
5.3 Stochastic model of the CRC-process
Since error patterns occur with specific probabilities
according to the bit error probability p, i.e. the input
f(k) is at value 1 with probability p, the probability
distribution P(z*) of the values of the state z* has to
be involved in the model:
P ( z * ( k + 1)) = M *u =0 P( z * ( k )) (1 p )
+ M *u =1 P ( z * ( k )) p,
P ( z (0)) = (1 0 0 ... 0)T .
*
Note, that the transition matrices M* are identical to
the matrices in model (7).
The final result of application of model (8) at k=n is
the probability distribution P(z*(n)), where its second
element (probability of state number 0f) is equal to
the probability the CRC in the receiver would not
detect the error since the register state z(n) is at state
number 0.
Fundamental principles of stochastic automata are
described in e.g. (Lunze and Schrder, 2001). Their
application here enables an efficient analysis of
polynomials for telegrams of length up to kilobytes.
That is impossible by application of other approaches
because of complexity or accuracy reasons (cf. Sec-
tion 4). Additionally, the residual error probabilities
of all telegrams of length k smaller than n are calcu-
lated as a side effect.
6. DETERMINATION OF OTHER PROPERTIES
In addition to the residual error probability, other so
called deterministic properties are to be analyzed in
order to decide about the use of a polynomial for
CRC in safety-critical applications:
1. Hamming distance.
2. detection of bitwise inverted telegrams,
3. detection of erroneous telegrams containing only
zeros or only ones,
4. detection of all odd numbers of erroneous bits,
5. detection of burst errors,
Properties 1, 2, and 3 can be determined based on the
automata presented above.
Determination of Hamming distance. The Hamming
distance HD of a code is defined to be the minimal
number of positions two words of the code differ
(Hamming, 1950).
For example, a HD of 6 means in communication
that at least 6 bits of a telegram have to be erroneous
before the error is not detectable, i.e. another valid
code word is received. All telegrams with less than 6
erroneous bits will be detected.
This property is determined based on the determinis-
tic model (6). There the allocation of the state is
changed to the meaning minimal number of errone-
ous bits necessary to achieve that state number. In
each step, this minimal number is transmitted to the
corresponding next state according to Mu=0 without a
change (present bit is correct) and increased by 1 and
transmitted to the corresponding next state according
to Mu=1 (present bit is erroneous). The minimum
operation is applied to the number of erroneous bits
of both alternative paths, cf. Fig. 3.
The minimal telegram length is r+1 (ND of length
one, FCS of length r). Therefore, the initial state can
be given at k=r, since the values at r are easy to
calculate:
The values of all states different to state number 0 at
(8) k=r correspond to the number of ones in the bit pat-
tern (see Table 1), e.g. state number 1 at value 1,
state number 2 at value 1, state number 3 at value 2,
state number 4 at value 1, and state number 2r-1 at
value r. Since the feedback of the register in Fig. 1
has not been active yet for k=1 to k=r, these values
are equal to the exact number of erroneous bits
necessary to achieve these state numbers.
The value of state number 0 at k=r is set to any value
greater than r, e.g. r+1. This value will be overwrit-
ten in step k=r+1 because of application of the mini-
mum operation described above. From k=r+1 on, the
value of the first element of z (state number 0) repre-
sents the minimum number of erroneous bits neces-
sary to reach state number 0, i.e. the state of a non-
detectable error.
Therefore, the determination of HD is formalized as
follows:
z ( k + 1) = min( M u =0 z (k ), M u =1 z ( k ) + (1L1)T ),
z ( r ) = ( r + 1 1 1 2 1 K r 1 r )T
The value of the first element of z(n) stating mini-
mum number of erroneous bits necessary to achieve
state number 0 (the non-detectable error) after in-
volving n bits is equal to the HD of a telegram of n
bits using a CRC with the generator polynomial
applied for generation of matrices Mu=0 and Mu=1.
Detection of bitwise inverted telegrams. A bitwise
inverted telegram will usually be detected by wrong
sequence numbers, addresses, etc. However, CRC
may detect such errors, too. This property can be
easily proved by the application of automaton (6)
such that all bits are erroneous (f(k)=1). Only if the
final state z(n) is equal to state number 0 (all register
bits are at zero) then this error cannot be detected.
Detection of erroneous telegrams containing only
zeros or only ones. These errors are usually a result
of stuck-at-errors in communication devices. By set-
ting the initial state of the register in Fig. 4 or model
(5), respectively, it can be guaranteed, that a
FCS=[00] will never fit to the information bits
ND=[00]. The same holds for FCS=[11] and
ND=[11]. The appropriate inversion of model (5)
allows determining that initial state that has to be
excluded. Since another register circuit is often used
where an explicit multiplication by xr proceeds in-
stead of adding r zero-bits to the input, two forbidden
initial states are given for the examples in Section 7.
Detection of all odd numbers of erroneous bits. It is
known that a CRC with a polynomial containing
(x+1) as a factor will detect all odd numbers of erro-
neous bits, e.g. (Tanenbaum, 1996; Koopman and
Chakravarty, 2004). This can be shown by generali-
947
zation of a polynomial division by (x+1) (note: +
means exclusive or for binary polynomials):
(an x n + an 1 x n 1 + an 2 x n 2 + L) : ( x + 1) = an x n 1 +
an x n + an x n 1 ( an 1 + an ) x n 2
n 1 n 2
( an 1 + an ) x + an 2 x + L +L
( an 1 + an ) x n 1 + (an 1 + an ) x n 2
( an 2 + an 1 + an ) x n 2 + L
M
( a0 + L + an 1 + an )
The remainder (a0++an) is equal to the exclusive
or operation of all erroneous bits and therefore not
zero for an odd number of such bits.
Detection of burst errors. Adjacent erroneous bits are
called burst errors. Each polynomial of degree r al-
lows the detection of burst errors up to the length of
r-1, see e.g. (Wagner 1993). Consider a burst error
fburst at position q in a telegram: Fig. 6. Residual error probability of polynomial
( f burst ( x ) x q ) mod g ( x ) = 0 13613h for 160 information bits.
(( f burst ( x ) mod g ( x )) x q ) mod g ( x ) = 0
The lowest coefficient g0 of g(x) is always at 1, see
Fig. 1. Therefore, xq is not divisible by g(x). If the
length of a burst is smaller than r, than the result of
the modulo-operation cannot be 0. Therefore, any
single burst of length smaller than r at any position
will be detected.
7. EXAMPLES
In the following, some examples of polynomials are
analyzed by the methods described above. As usual,
they are denoted by their hexadecimal value.
Polynomial 13613h. The residual error probability of
a telegram of 128 bits, i.e. 112 information bits, is
depicted in Fig. 5, that one of 160 information bits in
Fig. 6. Since the residual error probability depends Fig. 7. Maximum residual error probability of poly-
on the length of the telegram, it is useful to identify nomial 13613h for 1 to 300 information bits.
the maximum residual error probability for 0<p0.5
of each considered telegram length. The result for the Polynomial 14EABh. That polynomial is used for
polynomial 13613h is given in Fig. 7. Note, the re- safety-critical communication by the PROFIsafe
sidual error probability increases by factor 100. The protocol. The residual error probability of a telegram
polynomial has a HD of 8 from 1 to 5 and of 6 from of 112 information bits is depicted in Fig. 8. The
6 to 135 information bits before it sinks to 2. A maximum residual error probability for 1 to 300 in-
bitwise inverted telegram is not detectable using that formation bits is shown in Fig. 9. The polynomial has
polynomial for 286 information bits. That is usually a HD of 10 from 1 to 2, of 8 from 3 to 9, and of 6
not a problem because the length of 286 information from 10 to 112 information bits before it sinks to 2.
bits does not fit into a byte structure. A bitwise inverted telegram is not detectable using
that polynomial for 492 information bits.

Fig. 5. Residual error probability of polynomial Fig. 8. Residual error probability of polynomial
13613h for 112 information bits. 14EABh for 112 information bits.

948

Fig. 9. Max. residual error probability of polynomial
14EABh for 1 to 300 information bits.
Polynomial C599h. That polynomial is used by the
CAN protocol. It has a HD of 8 from 1 to 7 and a HD
of 6 from 8 to 112 information bits before it sinks to
2. A bitwise inverted telegram is not detectable using
that polynomial for 239 information bits. The maxi-
mum residual error probability for 1 to 300 informa-
tion bits is shown in Fig. 10.
Fig. 10. Max. residual error probability of polyno-
mial C599h from 1 to 300 information bits.
Polynomial 1FFEDh. Fig. 11 shows the maximum
residual error probability from 1 to 50 information
bits. There the residual error probability increases up
to 6 and decreases up to 16 information bits.
Fig. 11. Max. residual error probability of polyno-
mial 1FFEDh for 1 to 50 information bits.
8. CONCLUSIONS
It has been shown that CRC-polynomials can be
analyzed by means of deterministic and stochastic
automata. These automaton-based approaches have
some advantages compared to conventional analyz-
ing techniques. For instance, they enable the appli-
cation of CRC to telegrams of lengths the quality
could not be proved to before. A stochastic automa-
ton has been used to determine the residual error
probability, cf. Section 5.3, a deterministic one to
949
find the Hamming distance and other so called
deterministic criteria, cf. Sections 5.2 and 6. Further
research work will be done in order to make use of
these advantages and to extend the approach to a
constructive and efficient way to identify suitable
polynomials for CRC.
REFERENCES
Blahut, R. E. (2003). Algebraic codes for data
transmission, Cambridge University Press.
Castagnoli, G., (1989). On the Minimum Distance of
Long Cyclic Codes and Cyclic Redundancy-
Check Codes, ETH Zurich, Diss. No. 8979.
Hamming, R. W. (1950). Error Detecting and Error
Correcting Codes. In: Bell System Tech. J., No.
29, pp. 147-160.
International Electrotechnical Commission (2005).
Functional safety of electrical/electronic/
programmable electronic safety-related systems,
(IEC 61508).
Koopman, P. and T. Chakravarty (2004). Cyclic
Redundancy Code (CRC) Polynomial Selection
for Embedded Networks. In: International Con-
ference on Dependable Systems and Networks,
DSN 2004, pp. 145-154. Florence, Italy.
Lunze, J. and J. Schrder (2001). State observation
and diagnosis of discrete-event systems described
by stochastic automata. In: Discrete Event Dy-
namic Systems: Theory and Applications, No. 11,
pp. 319-369.
MacWilliams, F.J. and N.J.A. Sloane (1991). The
Theory of Error-Correcting Codes, North-
Holland Mathematical Library.
Mattes, T. (2004). Untersuchungen zur effizienten
Bestimmung der Gte von Polynomen fr CRC-
Codes, Univ. of Trier, Siemens AG, Nuremberg.
Merchant, K. (2003). CRC-Test einmal ganz anders
betrachtet. In: Elektronik, 23/2003, pp. 86-92.
Peterson, W.W. and E.J. Weldon (1996). Error
Correcting Codes, MIT Press.
Schiller, F. and T. Mattes (2005). An efficient
method to evaluate CRC polynomials for safety-
critical industrial communication. In: 11th Int.
Symposium on System-Modelling-Control, SMC
2005, pp. 269-274. Zakopane, Poland.
Sweeney, P. (1991). Error Control Coding, Prentice
Hall, London.
Tanenbaum, A. (1996). Computer Networks, Prentice
Hall, London.
Wagner, M. (1993). CRC-Verfahren in der Theorie
und Praxis, Grundlagen der Implementierung
und Prfung von CRC-Tests, Siemens AG,
Nuremberg.
Wagner, M. (1986). On the Error Detecting
Capability of CRC Polynomials. In:
Informationstechnik it, 28. Jahrgang, No. 4/1986,
pp. 236-241.
Wolf, J. K., A. Michaelson and A. Levesque (1982).
On the probability of undetected errors for linear
block codes. In: IEEE Transactions on communi-
cations, Vol. 30, No. 2, pp. 317-324.