{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T16:24:24Z","timestamp":1771259064478,"version":"3.50.1"},"reference-count":18,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T00:00:00Z","timestamp":1771200000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T00:00:00Z","timestamp":1771200000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/501100012166","name":"National Key R&D Program of China","doi-asserted-by":"crossref","award":["2024YFA1013000"],"award-info":[{"award-number":["2024YFA1013000"]}],"id":[{"id":"10.13039\/501100012166","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["12231015"],"award-info":[{"award-number":["12231015"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62122085"],"award-info":[{"award-number":["62122085"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004739","name":"Youth Innovation Promotion Association of the Chinese Academy of Sciences","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100004739","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Strategic Priority Research Program of the Chinese Academy of Sciences","award":["XDB0690000"],"award-info":[{"award-number":["XDB0690000"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>The security analysis of symmetric ciphers is a time-consuming and labor-intensive process that traditionally relies on manual derivation and mathematical modeling for specific algorithms. This paper introduces a fully automated analysis software framework designed to evaluate the security of any round-based symmetric cipher constructed from common primitives like S-boxes, bit permutations, and XOR operations. Our approach leverages the LLVM compiler infrastructure and the KLEE symbolic execution engine to automatically convert C implementations of cryptographic algorithms into a structured representation of state bits and update functions. By employing a frontend that uses custom annotations to identify round functions, it translates the algorithm into a series of Bit Expressions, and we introduce multiple modular backends that process those Expressions to applicable form of performing various types of analyzing methods. We demonstrate the tool\u2019s effectiveness by implementing a differential and linear cryptanalysis backend with help of SAT solver, Division Property integral cryptanalysis backend with help of MILP solver, and a degree estimation backend based on Numeric Mapping method. As an experimental result, we apply these automated analysis techniques to several finalists from the NIST Lightweight Cryptography (LWC) competition, successfully reproducing and improving some existing cryptanalytic results. This work significantly lowers the barrier for cryptographic research by providing a powerful and adaptable platform for automatically assessing the security of both existing and newly designed symmetric ciphers.<\/jats:p>","DOI":"10.1186\/s42400-026-00556-9","type":"journal-article","created":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T15:52:29Z","timestamp":1771257149000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["BONC: a framework for automatic cryptanalysis using the implementation code"],"prefix":"10.1186","volume":"9","author":[{"given":"Yu","family":"Gu","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5259-1848","authenticated-orcid":false,"given":"Meicheng","family":"Liu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,2,16]]},"reference":[{"issue":"1\u20132","key":"556_CR18","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1016\/j.scico.2007.08.001","volume":"72","author":"R Bagnara","year":"2008","unstructured":"Bagnara R, Hill PM, Zaffanella E (2008) The Parma Polyhedra Library: Toward a complete set of numerical abstractions for the analysis and verification of hardware and software systems. Sci Comput Program 72(1\u20132):3\u201321. https:\/\/doi.org\/10.1016\/j.scico.2007.08.001","journal-title":"Sci Comput Program"},{"key":"556_CR1","doi-asserted-by":"publisher","unstructured":"Bellini E, G\u00e9rault D, Grados J, Huang YJ, Makarim RH, Rachidi M, Tiwari SK (2023) CLAASP: a cryptographic library for the automated analysis of symmetric primitives. In: Carlet C, Mandal K, Rijmen V (eds) Selected areas in cryptography: SAC 2023\u201430th International conference, Fredericton, Canada, August 14\u201318, 2023, Revised selected papers. Lecture notes in computer science, 14201:387\u2013408. Springer, Berlin. https:\/\/doi.org\/10.1007\/978-3-031-53368-6_19","DOI":"10.1007\/978-3-031-53368-6_19"},{"key":"556_CR2","doi-asserted-by":"publisher","unstructured":"Bellini E, Piccoli AD, Formenti M, G\u00e9rault D, Huynh P, Pelizzola S, Polese S, Visconti A (2023) Differential cryptanalysis with sat, smt, milp, and CP: a detailed comparison for bit-oriented primitives. In: Deng J, Kolesnikov V, Schwarzmann AA (eds) Cryptology and network security: 22nd International conference, CANS 2023, Augusta, GA, USA, October 31\u2013November 2, 2023, Proceedings. Lecture notes in computer science, 14342:268\u2013292. Springer, Berlin. https:\/\/doi.org\/10.1007\/978-981-99-7563-1_13","DOI":"10.1007\/978-981-99-7563-1_13"},{"key":"556_CR3","unstructured":"Bryan O, John G, Don S (2008) Real world haskell. O\u2019Reilly media. Chap 14. https:\/\/book.realworldhaskell.org\/read\/monads.html"},{"key":"556_CR4","unstructured":"Cadar C, Dunbar D, Engler DR (2008) KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: Draves R, Renesse R (eds) 8th USENIX symposium on operating systems design and implementation, OSDI 2008, December 8\u201310, 2008, San Diego, California, USA, Proceedings, pp 209\u2013224. USENIX Association. http:\/\/www.usenix.org\/events\/osdi08\/tech\/full_papers\/cadar\/cadar.pdf"},{"key":"556_CR5","doi-asserted-by":"publisher","unstructured":"Dinur I, Shamir A (2009) Cube attacks on tweakable black box polynomials. In: Joux A (ed) Advances in cryptology: EUROCRYPT 2009, 28th Annual international conference on the theory and applications of cryptographic techniques, Cologne, Germany, April 26\u201330, 2009. Proceedings. Lecture notes in computer science, 5479:278\u2013299. Springer, Berlin. https:\/\/doi.org\/10.1007\/978-3-642-01001-9_16","DOI":"10.1007\/978-3-642-01001-9_16"},{"key":"556_CR6","unstructured":"Gurobi Optimization, LLC (2024) Gurobi optimizer reference manual. https:\/\/www.gurobi.com"},{"key":"556_CR7","doi-asserted-by":"publisher","unstructured":"Lattner C, Adve VS (2004) LLVM: a compilation framework for lifelong program analysis & transformation. In: 2nd IEEE \/ ACM International symposium on code generation and optimization (CGO 2004), 20\u201324 March 2004, San Jose, CA, USA, 75\u201388. IEEE Computer society. https:\/\/doi.org\/10.1109\/CGO.2004.1281665","DOI":"10.1109\/CGO.2004.1281665"},{"key":"556_CR8","doi-asserted-by":"publisher","unstructured":"Liu M (2017) Degree evaluation of nfsr-based cryptosystems. In: Katz J, Shacham H. (eds) Advances in cryptology: CRYPTO 2017\u201437th Annual international cryptology conference, Santa Barbara, CA, USA, August 20\u201324, 2017, Proceedings, Part III. Lecture notes in computer science, 10403:227\u2013249. Springer, Berlin. https:\/\/doi.org\/10.1007\/978-3-319-63697-9_8","DOI":"10.1007\/978-3-319-63697-9_8"},{"key":"556_CR9","doi-asserted-by":"publisher","unstructured":"Matsui M (1994) On correlation between the order of s-boxes and the strength of DES. In: Santis AD (ed) Advances in cryptology: EUROCRYPT \u201994, Workshop on the theory and application of cryptographic techniques, Perugia, Italy, May 9\u201312, 1994, Proceedings. Lecture notes in computer science, 950:366\u2013375. Springer, Berlin. https:\/\/doi.org\/10.1007\/BFb0053451","DOI":"10.1007\/BFb0053451"},{"key":"556_CR10","doi-asserted-by":"publisher","unstructured":"Mouha N, Wang Q, Gu D, Preneel B (2011) Differential and linear cryptanalysis using mixed-integer linear programming. In: Wu C, Yung M, Lin D (eds) Information security and cryptology: 7th International conference, inscrypt 2011, Beijing, China, November 30\u2013December 3, 2011. Revised selected papers. Lecture notes in computer science, 7537:57\u201376. Springer, Berlin. https:\/\/doi.org\/10.1007\/978-3-642-34704-7_5","DOI":"10.1007\/978-3-642-34704-7_5"},{"key":"556_CR11","doi-asserted-by":"publisher","unstructured":"Rudell RL, Sangiovanni-Vincentelli A (1989) Logic synthesis for vlsi design. PhD thesis. AAI9006491. https:\/\/doi.org\/10.5555\/915903","DOI":"10.5555\/915903"},{"key":"556_CR12","doi-asserted-by":"publisher","unstructured":"Sinz C (2005) Towards an optimal CNF encoding of boolean cardinality constraints. In: Beek P (ed) Principles and practice of constraint programming: CP 2005, 11th International conference, CP 2005, Sitges, Spain, October 1\u20135, 2005, Proceedings. Lecture notes in computer science, 3709:827\u2013831. Springer, Berlin. https:\/\/doi.org\/10.1007\/11564751_73","DOI":"10.1007\/11564751_73"},{"key":"556_CR13","doi-asserted-by":"publisher","unstructured":"Soos M, Nohl K, Castelluccia C (2009) Extending SAT solvers to cryptographic problems. In: Kullmann O (ed) Theory and applications of satisfiability testing: SAT 2009, 12th International conference, SAT 2009, Swansea, UK, June 30\u2013July 3, 2009. Proceedings. Lecture notes in computer science, 5584:244\u2013257. Springer, Berlin. https:\/\/doi.org\/10.1007\/978-3-642-02777-2_24","DOI":"10.1007\/978-3-642-02777-2_24"},{"key":"556_CR14","doi-asserted-by":"publisher","unstructured":"Spectorsky I, Galganov O (2020) Triangle method for constructing zhegalkin polynomial: connection with pascal\u2019s triangle. Syst Res Inf Technol 129\u2013145. https:\/\/doi.org\/10.20535\/SRIT.2308-8893.2020.1.12","DOI":"10.20535\/SRIT.2308-8893.2020.1.12"},{"issue":"POPL","key":"556_CR15","doi-asserted-by":"publisher","first-page":"848","DOI":"10.1145\/3632871","volume":"8","author":"P Sun","year":"2024","unstructured":"Sun P, Song F, Chen Y, Chen T (2024) Easybc: a cryptography-specific language for security analysis of block ciphers against differential cryptanalysis. Proc ACM Progr Lang 8(POPL):848\u2013881. https:\/\/doi.org\/10.1145\/3632871","journal-title":"Proc ACM Progr Lang"},{"key":"556_CR16","doi-asserted-by":"publisher","unstructured":"Todo Y (2015) Structural evaluation by generalized integral property. In: Oswald E, Fischlin M (eds) Advances in cryptology: EUROCRYPT 2015\u201434th Annual international conference on the theory and applications of cryptographic techniques, Sofia, Bulgaria, April 26\u201330, 2015, Proceedings, Part I. Lecture notes in computer science, 9056:287\u2013314. Springer, Berlin. https:\/\/doi.org\/10.1007\/978-3-662-46800-5_12","DOI":"10.1007\/978-3-662-46800-5_12"},{"key":"556_CR17","doi-asserted-by":"publisher","unstructured":"Xiang Z, Zhang W, Bao Z, Lin D (2016) Applying MILP method to searching integral distinguishers based on division property for 6 lightweight block ciphers. In: Cheon JH, Takagi T. (eds) Advances in cryptology: ASIACRYPT 2016\u201422nd International conference on the theory and application of cryptology and information security, Hanoi, Vietnam, December 4\u20138, 2016, Proceedings, Part I. Lecture notes in computer science, 10031:648\u2013678. https:\/\/doi.org\/10.1007\/978-3-662-53887-6_24","DOI":"10.1007\/978-3-662-53887-6_24"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-026-00556-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-026-00556-9","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-026-00556-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,16]],"date-time":"2026-02-16T15:52:31Z","timestamp":1771257151000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-026-00556-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,16]]},"references-count":18,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,12]]}},"alternative-id":["556"],"URL":"https:\/\/doi.org\/10.1186\/s42400-026-00556-9","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,16]]},"assertion":[{"value":"22 November 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"27 January 2026","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"16 February 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare that they have no competing interest.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interest"}}],"article-number":"121"}}