Complete Phase 9f: Cryptographic subspecs — KoalaBear, Poseidon2, XMSS

Implement three leanSpec cryptographic subspecifications:

- KoalaBear Fp field arithmetic (modular add/sub/mul/div/pow/inverse)
- Poseidon2 hash function (pure-Python permutation, compression, sponge)
- XMSS core components (PRF, tweak encoding, hypercube mapping, hash
  chains, Merkle tree construction and path verification)

Interpreter features added:
- math.comb(n, k) for binomial coefficients
- os.urandom(n) for random byte generation
- List slice assignment (e.g. state[rate:] = values)
- __bytes__ dunder dispatch in bytes() builtin

13 new tests in LeanPythonTest/Crypto.lean covering all components,
including Poseidon2 width-16 permutation verified against reference
test vectors from leanSpec.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: pirapira

LeanPython/Interpreter/Eval.lean

@@ -759,6 +759,20 @@ partial def callValueDispatch (callee : Value) (args : List Value)
     match name with
     | "map" => builtinMap args
     | "filter" => builtinFilter args
+    | "bytes" => do
+      -- Try __bytes__ dunder on instance arguments before falling back to callBuiltin
+      match args with
+      | [.instance iref] => do
+        let id_ ← heapGetInstanceData iref
+        match id_.wrappedValue with
+        | some (.bytes _) => callBuiltin name args kwargs  -- already handled
+        | some (.int _) => callBuiltin name args kwargs    -- bytes(n) pattern
+        | _ =>
+          match ← callDunder (.instance iref) "__bytes__" [] with
+          | some (.bytes b) => return .bytes b
+          | some _ => throwTypeError "__bytes__ returned non-bytes type"
+          | none => callBuiltin name args kwargs
+      | _ => callBuiltin name args kwargs
     | "min" => do
       let keyKw := kwargs.find? (fun (k, _) => k == "key")
       match keyKw with
@@ -2836,7 +2850,32 @@ partial def assignSubscriptValue (obj idx value : Value) : InterpM Unit := do
       let ni := normalizeIndex i arr.size
       if ni < 0 || ni >= arr.size then throwIndexError "list assignment index out of range"
       heapSetList ref (arr.set! ni.toNat value)
-    | _ => throwTypeError "list indices must be integers"
+    | .tuple #[startV, stopV, stepV] => do
+      -- Slice assignment: list[start:stop:step] = iterable
+      let arr ← heapGetList ref
+      let len := arr.size
+      let toOpt : Value → Option Value
+        | .none => none
+        | v => some v
+      let (start, stop, step) ← computeSliceIndices len (toOpt startV) (toOpt stopV) (toOpt stepV)
+      let newItems ← iterValuesExt value
+      if step == 1 then
+        -- Contiguous slice: can change length
+        let startN := start.toNat
+        let stopN := stop.toNat
+        let before := (arr.toList.take startN).toArray
+        let after := (arr.toList.drop stopN).toArray
+        heapSetList ref (before ++ newItems ++ after)
+      else
+        -- Extended slice: must match length
+        let indices := sliceIndices start stop step
+        if newItems.size != indices.length then
+          throwValueError s!"attempt to assign sequence of size {newItems.size} to extended slice of size {indices.length}"
+        let mut result := arr
+        for i in [:indices.length] do
+          result := result.set! indices[i]! newItems[i]!
+        heapSetList ref result
+    | _ => throwTypeError "list indices must be integers or slices"
   | .dict ref => do
     let pairs ← heapGetDict ref
     let mut newPairs := pairs
@@ -2966,6 +3005,7 @@ partial def getBuiltinModule (name : String) : InterpM (Option Value) := do
     ns := ns.insert "isnan" (.builtin "math.isnan")
     ns := ns.insert "isinf" (.builtin "math.isinf")
     ns := ns.insert "isqrt" (.builtin "math.isqrt")
+    ns := ns.insert "comb"  (.builtin "math.comb")
     ns := ns.insert "inf"   (.float (1.0 / 0.0))
     ns := ns.insert "nan"   (.float (0.0 / 0.0))
     ns := ns.insert "pi"    (.float 3.141592653589793)
@@ -3117,6 +3157,7 @@ partial def getBuiltinModule (name : String) : InterpM (Option Value) := do
     ns := ns.insert "getcwd"  (.builtin "os.getcwd")
     ns := ns.insert "getenv"  (.builtin "os.getenv")
     ns := ns.insert "listdir" (.builtin "os.listdir")
+    ns := ns.insert "urandom" (.builtin "os.urandom")
     ns := ns.insert "sep"     (.str "/")
     ns := ns.insert "linesep" (.str "\n")
     ns := ns.insert "name"    (.str "posix")

LeanPython/Runtime/Builtins.lean

@@ -844,6 +844,7 @@ partial def callBuiltin (name : String) (args : List Value)
   | "math.floor" => mathFloor args
   | "math.sqrt"  => mathSqrt args
   | "math.isqrt" => mathIsqrt args
+  | "math.comb"  => mathComb args
   | "math.log"   => mathLog args
   | "math.log2"  => mathLog2 args
   | "math.fabs"  => mathFabs args
@@ -1064,9 +1065,10 @@ partial def callBuiltin (name : String) (args : List Value)
   -- ============================================================
   -- os module functions
   -- ============================================================
-  | "os.getcwd" => osGetcwd args
-  | "os.getenv" => osGetenv args
+  | "os.getcwd"  => osGetcwd args
+  | "os.getenv"  => osGetenv args
   | "os.listdir" => osListdir args
+  | "os.urandom" => osUrandom args
   -- ============================================================
   -- os.path module functions
   -- ============================================================

LeanPython/Stdlib/Math.lean

@@ -114,4 +114,25 @@ partial def mathIsqrt (args : List Value) : InterpM Value := do
   | [.bool b] => return .int (if b then 1 else 0)
   | _ => throwTypeError "math.isqrt() requires an integer argument"
 
+/-- Compute binomial coefficient C(n, k) = n! / (k! * (n-k)!) -/
+private def natComb (n k : Nat) : Nat :=
+  if k > n then 0
+  else
+    -- Use the multiplicative formula: C(n,k) = n*(n-1)*...*(n-k+1) / k!
+    -- Use the smaller of k and n-k for efficiency
+    let k' := min k (n - k)
+    let rec loop (i : Nat) (num denom : Nat) : Nat :=
+      if i >= k' then num / denom
+      else loop (i + 1) (num * (n - i)) (denom * (i + 1))
+    loop 0 1 1
+
+/-- Python math.comb(n, k): return number of ways to choose k items from n -/
+partial def mathComb (args : List Value) : InterpM Value := do
+  match args with
+  | [.int n, .int k] =>
+    if n < 0 then throwValueError "n must be a non-negative integer"
+    else if k < 0 then throwValueError "k must be a non-negative integer"
+    else return .int (Int.ofNat (natComb n.toNat k.toNat))
+  | _ => throwTypeError "comb expected 2 arguments"
+
 end LeanPython.Stdlib.Math

LeanPython/Stdlib/Os.lean

@@ -43,6 +43,19 @@ private def pathIsDir (path : System.FilePath) : IO Bool := do
 -- os module functions
 -- ============================================================
 
+/-- Python os.urandom(n): return n random bytes. -/
+partial def osUrandom (args : List Value) : InterpM Value := do
+  match args with
+  | [.int n] =>
+    if n < 0 then throwValueError "negative argument not allowed"
+    else do
+      let mut ba := ByteArray.empty
+      for _ in [:n.toNat] do
+        let b ← (IO.rand 0 255 : IO Nat)
+        ba := ba.push b.toUInt8
+      return .bytes ba
+  | _ => throwTypeError "urandom() takes exactly 1 argument"
+
 /-- Python os.getcwd(): return current working directory. -/
 partial def osGetcwd (args : List Value) : InterpM Value := do
   match args with

LeanPythonTest.lean

@@ -3,3 +3,4 @@ import LeanPythonTest.Parser
 import LeanPythonTest.Interpreter
 import LeanPythonTest.Module
 import LeanPythonTest.Stdlib
+import LeanPythonTest.Crypto