60     Cha pte r  T w o


                      theoretically foreseen. In fact, it is well known that, within
                      FPGA devices the carry-ripple adders use optimized carry
                      chains, so that the improvement in performance using carry-
                      save adders is not so great. Regarding the fact that the Barrett
                      reducer is the fastest, and not the precomputation-based re-
                      ducer as stated in Tables 2.1 and 2.2, remember that for the
                      former a worst-case estimation was done, while for the latter
                      a kind of better-case estimation was considered.
                  3.  For  fixed  m, specific reducers should be synthesized. For
                                                   64
                      example, in the case of m = 2 192  − 2 − 1, a specific circuit has
                      been designed, with approximately the same number of
                      resources as a nonrestoring reducer, and about two orders of
                      magnitude faster.



          2.9 References
               [DBS06] J.-P. Deschamps, G. Bioul, and G. Sutter. Synthesis of Arithmetic Circuits.
                  Wiley, Hoboken, New Jersey, 2006.
               [EL04] M. D. Ercegovac and T. Lang. Digital Arithmetic. Morgan Kaufmann, San
                  Francisco, 2004.
               [HMV04] D. Hankerson, A. Menezes, and S. Vanstone.  Guide to Elliptic Curve
                  Cryptography. Springer, New York, 2004.
               [MOV96] A. J. Menezes, P. C. van Oorschot, and S. Vanstone. Handbook of Applied
                  Cryptography. CRC Press, Boca Raton, Florida, 1996.
               [Par00] B. Parhami.  Computer Arithmetic. Oxford University Press, New York,
                  2000.