primefield: canonical form field element types (for e.g. Scalar types) #1192
Description
Currently we only support Montgomery form for field elements. #1191 would further solidify that.
p256 contains a handwritten Scalar implementation which uses canonical form w\ Barrett reduction as opposed to Montgomery form w\ Montgomery reduction. Using this form for scalars has potential performance benefits for common scalar usage patterns, where the overhead of converting into/out of Montgomery form outweighs the performance advantages the form provides.
It would be potentially useful to provide macros which can write field elements in canonical form, generating a Barrett reduction implementation. Anyone attempting to generalize the implementation in p256::Scalar should be aware of the performance optimization introduced in #1155, however, which relies on particular properties of the P-256 scalar modulus.
Some other important questions here: how do we share code between canonical and Montgomery field element types, and should macros be prefixed based on the internal representation?