Motivation

A carry-save adder is a type of digital adder, used in computer microarchitecture to compute the sum of three or more "n"-bit numbers in binary. It differs from other digital adders in that it outputs two numbers of the same dimensions as the inputs, one which is a sequence of partial sum bits and another which is a sequence of carry bits.

Consider the sum:
` 12345678+ 87654322=100000000`.

Using the arithmetic we learned as children, we go from right to left, "8+2=0, carry 1", "7+2+1=0, carry 1", "6+3+1=0, carry 1", and so on to the end of the sum. Although we know the last digit of the result at once, we cannot know the first digit until we have gone through every digit in the calculation, passing the carry from each digit to the one on its left. Thus adding two "n"-digit numbers has to take a time proportional to "n", even if the machinery we are using would otherwise be capable of performing many calculations simultaneously.

In electronic terms, using binary bits, this means that even if we have "n" one-bit adders at our disposal, we still have to allow a time proportional to "n" to allow a possible carry to propagate from one end of the number to the other. Until we have done this,

1. We do not know the result of the addition.
2. We do not know whether the result of the addition is larger or smaller than a given number (for instance, we do not know whether it is positive or negative).

A carry look-ahead adder can reduce the delay. In principle the delay can be reduced so that it is proportional to log"n", but for large numbers this is no longer the case, because even when carry look-ahead is implemented, the distances that signals have to travel on the chip increase in proportion to "n", and propagation delays increase at the same rate. Once we get to the 512-bit to 2048-bit number sizes that are required in public-key cryptography, carry look-ahead is not of much help.

The basic concept

Here is an example of a binary sum:
` 10111010101011011111000000001101+ 11011110101011011011111011101111`.

Carry-save arithmetic works by abandoning the binary notation while still working to base 2. It computes the sum digit by digit, as
` 10111010101011011111000000001101+ 11011110101011011011111011101111= 21122120202022022122111011102212`.

The notation is unconventional but the result is still unambiguous. Moreover, given "n" adders (here, "n"=32), the result can be calculated in a single tick of the clock, since each digit result does not depend on any of the others.

If the adder is required to add two numbers and produce a result, carry-save addition is useless, since the result still has to be converted back into binary and this still means that carries have to propagate from right to left. But in large-integer arithmetic, addition is a very rare operation, and adders are mostly used to accumulate partial sums in a multiplication.

Carry-save accumulators

Supposing that we have two bits of storage per digit, we can store the values 0, 1, 2, or 3 in each digit position. It is therefore obvious that one more binary number can be added to our carry-save result without overflowing our storage capacity: but then what?

The key to success is that at the moment of each partial addition we add three bits:

• 0 or 1, from the number we are adding.
• 0 if the digit in our store is 0 or 2, or 1 if it is 1 or 3.
• 0 if the digit to its right is 0 or 1, or 1 if it is 2 or 3.
To put it another way, we are taking a carry digit from the position on our right, and passing a carry digit to the left, just as in conventional addition; but the carry digit we pass to the left is the result of the previous calculation and not the current one. In each clock cycle, carries only have to move one step along, and not "n" steps as in conventional addition.

Because signals have to move less far, the clock can tick much faster.

There is still a need to convert the result to binary at the end of a calculation, which effectively just means letting the carries travel all the way through the number just as in a conventional adder. But if we have done 512 additions in the process of performing a 512-bit multiplication, the cost of that final conversion is effectively split across those 512 additions, so each addition bears 1/512 of the cost of that final "conventional" addition.

Drawbacks

At each stage of a carry-save addition,

1. We know the result of the addition at once.
2. We still do not know whether the result of the addition is larger or smaller than a given number (for instance, we do not know whether it is positive or negative).

This latter point is a drawback when using carry-save adders to implement modular multiplication (multiplication followed by division, keeping the remainder only). If we cannot know whether the intermediate result is greater or less than the modulus, how can we know whether to subtract the modulus or not?

Montgomery multiplication, which depends on the rightmost digit of the result, is one solution; though rather like carry-save addition itself, it carries a fixed overhead, so that a sequence of Montgomery multiplications saves time but a single one does not. Fortunately exponentiation, which is effectively a sequence of multiplications, is the most common operation in public-key cryptography.

Technical details

The carry-save unit consists of "n" full adders, each of which computes a single sum and carry bit based solely on the corresponding bits of the three input numbers. Given the three "n" - bit numbers a, b, and c, it produces a partial sum ps and a shift-carry sc:

:$ps_i = a_i oplus b_i oplus c_i$
:$sc_i = \left(a_i wedge b_i\right) vee \left(a_i wedge c_i\right) vee \left(b_i wedge c_i\right)$

The entire sum can then be computed by:

# Shifting the carry sequence sc left by one place.
# Appending a 0 to the front (most significant bit) of the partial sum sequence ps.
# Using a ripple carry adder to add these two together and produce the resulting "n" + 1-bit value.

Wikimedia Foundation. 2010.

### Look at other dictionaries:

• Carry-lookahead adder — 4 bit adder with carry lookahead A carry lookahead adder (CLA) is a type of adder used in digital logic. A carry lookahead adder improves speed by reducing the amount of time required to determine carry bits. It can be contrasted with the simpler …   Wikipedia

• Carry — or carrying may refer to: *Carry (arithmetic), when a digit becomes bigger than limit and the extra is moved to the left **Carry flag, the equivalent in calculation in a computer *Carrying (basketball), a rule breach in basketball *Carry… …   Wikipedia

• Carry look-ahead adder — A carry look ahead adder is a type of adder used in digital logic. It can be contrasted with the simpler, but usually slower, ripple carry adder ( see adder for detail on ripple carry adders ). A ripple carry adder works in the same way as pencil …   Wikipedia

• Adder (electronics) — In electronics, an adder or summer is a digital circuit that performs addition of numbers.In modern computers adders reside in the arithmetic logic unit (ALU) where other operations are performed.Although adders can be constructed for many… …   Wikipedia

• Adder-subtracter — In digital circuits, an adder subtracter is a circuit that is capable of adding or subtracting numbers (in particular, binary).Below is a circuit that does adding or subtracting depending on a control signal.However, it is possible to construct a …   Wikipedia

• Subtractor — In electronics, a subtractor can be designed using the same approach as that of an adder.The binary subtraction process is summarized below.As with an adder, in the general case of calculations on multi bit numbers, three bits are involved in… …   Wikipedia

• Вычитатель — В электронике вычитатель может быть выполнен, используя такой же подход, как и в сумматоре. Возможны как минимум два вида вычитателей: Вычитатель в прямых кодах. Вычитатель в дополнительных кодах, на обычном сумматоре с аппаратным получением кода …   Википедия

• Wallace-Tree-Multiplizierer — Der Wallace Tree Multiplizierer ist in der Digitaltechnik eine Schaltung zur effizienten Multiplikation zweier Binärzahlen. Im Wallace Tree erfolgt die Multiplikation über mehrere Stufen. In der ersten werden alle Bits der beiden Faktoren… …   Deutsch Wikipedia

• CSA — NOTOC CSA may refer to:* Canadian Space Agency * Canadian Standards Association * Casting Society of America * Central des Syndicats Autonomes du Bénin (Autonomous Trade Unions Centre) a trade union centre in Benin * Central Statistical Agency of …   Wikipedia

• Karatsuba algorithm — The Karatsuba multiplication algorithm, a technique for quickly multiplying large numbers, was discovered by Anatolii Alexeevich Karatsuba in 1960 and published in the joint paper with Yu. Ofman in 1962. It reduces the multiplication of two n… …   Wikipedia