1

I have a configuration table which stores all device of a system and the corresponding serial numbers :

|------------------------|---------------------------|--------------------------|
|            #           |   Device type (1 byte)    |  Serial number (4 bytes) |
|------------------------|---------------------------|--------------------------|
|            1           |           0x11            |        0x????????        |
|------------------------|---------------------------|--------------------------|
|            2           |           0x00            |        0x00000000        |
|------------------------|---------------------------|--------------------------|
|            3           |           0x33            |        0x????????        |
|------------------------|---------------------------|--------------------------|
|            4           |           0x22            |        0x????????        |
|------------------------|---------------------------|--------------------------|
|            5           |           0x44            |        0x????????        |
|------------------------|---------------------------|--------------------------|
|            6           |           0x00            |        0x00000000        |
|------------------------|---------------------------|--------------------------|
|           ...          |            ...            |            ...           |
|------------------------|---------------------------|--------------------------|
|           30           |           0x11            |        0x????????        |
|------------------------|---------------------------|--------------------------|
|           31           |           0x00            |        0x00000000        |
|------------------------|---------------------------|--------------------------|

In the configuration table there are only four different device types possible. This means when I replace the device, then only the serial number changes. Some of the rows can be empty and will maybe be latter filled with a device type and serial number due to the inseration of a new device to the system. The storing row of the single devices in not predictable.

I want to calculate the CRC32 over the configuration table (only device type and serial number), which means $n = 2^{1240} + 1$ and $k << n$ for a CRC32 ($b = 32$ bits and $k = 2^b$). The purpose of the checksum is to detect a change of the configuration (e.g. change of serial number by constant device type). In the case of the serial number only single bits can change. My concerns are the collision probabillity of the CRC32 is to high that I don't detect a change in the configuration.

After some google searching I found the birthday problem:

which form my understanding would tell me that the CRC32 is sufficient for my use case.

Despite that I still have some questions:

  1. Can I apply the birthday problem/attack to this input values by using the CRC32 (CRC is unequal to Hash)?

  2. Is the birthday problem/attack independent of the fixed length input?

  3. What is the best value for the empty rows to increase collision resistance of the checksum?

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
ge45mue
  • 113
  • 3

1 Answers1

3

The purpose of the checksum is to detect a change of the configuration (e.g. change of serial number by constant device type). In the case of the serial number only single bits can change.

Actually, the birthday problem does not really apply to CRC; CRC doesn't act like a random function.

For your purposes, it acts better than a random function. CRC-32 has the property that, if a change you make is limited to 4 consecutive bytes, the resulting CRC will always change.

Hence, if the only change in the configuration is a change to a single 4 byte serial number (and everything else is the same), then CRC-32 will always detect the change (and this remains true even if you change more than one bit of the serial number).

Of course, if additional things change within the configuration (e.g. if two serial numbers are changed), then this need not be true.

poncho
  • 154,064
  • 12
  • 239
  • 382