Cryptographic algorithm detection method and device, electronic equipment and storage medium

By combining static code analysis and backward slicing techniques with a large language model, the problem of the difficulty in identifying self-implementing cryptographic algorithms is solved, achieving efficient and accurate cryptographic algorithm detection.

CN122241696APending Publication Date: 2026-06-19INSTITUTE OF INFORMATION ENGINEERING CHINESE ACADEMY OF SCIENCES

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
INSTITUTE OF INFORMATION ENGINEERING CHINESE ACADEMY OF SCIENCES
Filing Date
2026-01-30
Publication Date
2026-06-19

Smart Images

  • Figure CN122241696A_ABST
    Figure CN122241696A_ABST
Patent Text Reader

Abstract

This invention provides a method, apparatus, electronic device, and storage medium for detecting cryptographic algorithms. The method includes: acquiring the source code to be detected; performing static code analysis on the source code to obtain multiple candidate regions involving cryptography and static analysis data for each candidate region; based on the static analysis data, performing backward slice analysis on each candidate region to obtain multiple target slices; wherein each target parameter in the target slice has a corresponding source chain; and inputting each target slice into an algorithm detection model to obtain detection results; wherein the algorithm detection model is trained based on a large language model. This invention improves the accuracy of cryptographic algorithm detection by narrowing the analysis scope through static code analysis of the source code, extracting target slices through backward slice analysis, and then utilizing the powerful semantic understanding capabilities of a large language model to perform detection within the target slices.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of cryptography, and in particular to a method, apparatus, electronic device, and storage medium for detecting cryptographic algorithms. Background Technology

[0002] In practical software platforms, cryptographic functions do not always appear as explicit Application Programming Interfaces (APIs) through standard cryptographic libraries. Due to performance optimization, historical legacy, compliance requirements, or developer habits, some systems implement their own encryption, signature, hash, or random number generation logic. This code often bypasses the unified encapsulation layer and standard library calls. From a code structure perspective, they are typically just combinations of large integer operations, modular exponentiation, Boolean logic, round functions, and lookup table operations, making them difficult to distinguish from ordinary business calculations at the syntactic level. Furthermore, key information such as algorithm names and key lengths may not appear as explicit constants but are implicit in round numbers, modulus sizes, lookup table constants, or control structures. For this type of self-implemented cryptographic code, relying solely on static analysis methods based on rules and API pattern matching often fails to identify its cryptographic semantics in a timely and accurate manner, leading to reduced accuracy in cryptographic algorithm detection. Summary of the Invention

[0003] This invention provides a method, apparatus, electronic device, and storage medium for detecting cryptographic algorithms, in order to overcome the deficiencies in the prior art.

[0004] This invention provides a method for detecting cryptographic algorithms, comprising: Obtain the source code to be tested, perform static code analysis on the source code, and obtain multiple candidate regions involving cryptography and static analysis data of each candidate region; Based on the static analysis data, backward slicing analysis is performed on each of the candidate regions to obtain multiple target slices; wherein, each target parameter in the target slice has a corresponding source chain; Each of the target slices is input into the algorithm detection model to obtain the detection results; wherein, the algorithm detection model is trained based on a large language model.

[0005] According to a cryptographic algorithm detection method provided by the present invention, the step of performing backward slice analysis on each of the candidate regions based on the static analysis data to obtain multiple target slices includes: Based on the static analysis data, determine the set of cryptographic statements for each of the candidate regions; Extract the corresponding variable set from each of the aforementioned sets of cryptographic statements; Based on the set of variables and the constrained strategy, backward slicing analysis is performed on each of the candidate regions to obtain the target slice.

[0006] According to a cryptographic algorithm detection method provided by the present invention, the restricted strategy includes at least one of the following: scope restriction strategy, budget restriction strategy, call digest strategy, and pointer alias restriction strategy: The scope restriction strategy is used to constrain the scope of cross-function backtracking during backward slice analysis; The budget constraint strategy is used to limit resource consumption during backward slice analysis; The call summary strategy is used to constrain function calls during backward slice analysis; The pointer aliasing restriction strategy is used to constrain the handling of explicit alias relationships within functions during backward slice analysis.

[0007] According to a cryptographic algorithm detection method provided by the present invention, the algorithm detection model includes a code snippet construction module, a prompt word template module, an inference module, a structured parsing module, and a consistency verification module, wherein the inference module is trained based on a large language model; The step of inputting each of the target slices into the algorithm detection model to obtain detection results includes: Based on the code snippet construction module, the data to be inferred is constructed using the code corresponding to the target slice and static factual data; Based on the reasoning module, the data to be reasoned is subjected to multiple inferences to determine the reasoning result; Based on the prompt word template module, the reasoning result is constrained into structured data; Based on the structured parsing module, pattern verification is performed on the structured data to obtain the pattern verification result; Based on the consistency verification module, the inference result is verified for consistency, and a consistency verification result is obtained. The detection result is obtained based on the structured data, the pattern verification result, and the consistency verification result.

[0008] According to a cryptographic algorithm detection method provided by the present invention, the step of performing consistency verification on the inference result based on the consistency verification module to obtain a consistency verification result includes: Based on the consistency verification module, the inference result is verified for consistency, and the data to be inferred is verified for consistency based on the algorithm type in the inference result, so as to obtain the consistency verification result.

[0009] According to a cryptographic algorithm detection method provided by the present invention, the step of performing static code analysis on the source code to obtain multiple candidate regions involving cryptography and static analysis data of each candidate region includes: Static code analysis was performed on the source code to obtain constant patterns associated with encryption operations and operational patterns associated with cryptographic implementation. The source code is parsed to construct an abstract syntax tree, control flow graph, and data dependencies; Based on the abstract syntax tree, the control flow graph, and the data dependencies, multiple candidate regions involving cryptography are identified. Based on the constant mode and the operation mode, the static analysis data of each candidate region is determined.

[0010] According to a cryptographic algorithm detection method provided by the present invention, after inputting each of the target slices into the algorithm detection model to obtain the detection result, the method further includes: Each of the target slices is then minimized. Based on the target slice after minimization, the quantum vulnerability of the cryptographic algorithm in the detection result is evaluated using a quantum attack model to obtain the evaluation result.

[0011] The present invention also provides a cryptographic algorithm detection device, comprising: The first analysis module is configured to acquire the source code to be detected, perform static code analysis on the source code, and obtain multiple candidate regions involving cryptography and static analysis data of each candidate region; The second analysis module is configured to perform backward slicing analysis on each of the candidate regions based on the static analysis data to obtain multiple target slices; wherein each target parameter in the target slice has a corresponding source chain; The detection module is configured to input each of the target slices into the algorithm detection model to obtain the detection results; wherein the algorithm detection model is trained based on a large language model.

[0012] The present invention also provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the cryptographic algorithm detection method described above.

[0013] The present invention also provides a non-transitory computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the cryptographic algorithm detection method as described above.

[0014] The present invention also provides a computer program product, including a computer program that, when executed by a processor, implements the cryptographic algorithm detection method as described above.

[0015] The cryptographic algorithm detection method, apparatus, electronic device, and storage medium provided by this invention firstly perform static analysis on the source code to efficiently narrow down the analysis scope. Then, through precise backward slicing analysis, the target slice containing the core logic is extracted. Finally, the powerful semantic understanding capability of the large language model is used to accurately detect cryptographic algorithms in the target slice. This achieves an efficient, accurate, and interpretable detection method for cryptographic algorithms in source code. In addition to standard cryptographic library APIs, it can also identify self-implemented cryptographic algorithms, thereby improving the accuracy of cryptographic algorithm detection. Attached Figure Description

[0016] To more clearly illustrate the technical solutions in this invention or the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are some embodiments of this invention. For those skilled in the art, other drawings can be obtained from these drawings without creative effort.

[0017] Figure 1 This is a flowchart illustrating the cryptographic algorithm detection method provided by the present invention.

[0018] Figure 2 This is a schematic diagram of the cryptographic algorithm detection device provided by the present invention.

[0019] Figure 3 This is a schematic diagram of the structure of the electronic device provided by the present invention. Detailed Implementation

[0020] To make the objectives, technical solutions, and advantages of this invention clearer, the technical solutions of this invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some, not all, of the embodiments of this invention. All other embodiments obtained by those skilled in the art based on the embodiments of this invention without creative effort are within the scope of protection of this invention.

[0021] Figure 1 This is a flowchart illustrating a cryptographic algorithm detection method according to an exemplary embodiment. For example... Figure 1 As shown in an exemplary embodiment, the cryptographic algorithm detection method includes steps 110 to 130, which are described in detail below.

[0022] Step 110: Obtain the source code to be tested, perform static code analysis on the source code to obtain multiple candidate regions involving cryptography and static analysis data of each candidate region; In this embodiment of the invention, the source code may be a complete code library of one or more software projects, or a part of it, such as a module, a file or a function, and its programming language may be any one or more programming languages ​​such as C, C++, Java, Python, etc.

[0023] Static code analysis is performed on the acquired source code, which involves analyzing its lexical, syntactic, control flow, and data flow aspects. This analysis allows for the rapid identification of suspicious code snippets related to cryptographic implementations. Specifically, existing static code analysis tools or a self-developed analysis engine can be used to parse the source code. For example, an Abstract Syntax Tree (AST) can be constructed to represent the syntactic structure of the code; a Control Flow Graph (CFG) can be built to represent possible execution paths; and data dependencies (Use-Def / Def-Use) can be analyzed to track variable definitions and usage.

[0024] Candidate regions are code blocks in the source code that, based on preliminary static code analysis, may contain self-implementing cryptographic algorithms. The granularity of a candidate region can be flexible, such as a function, a method, a basic block range, or a continuous sequence of lines of code. During static code analysis, structured information associated with the cryptographic algorithm is extracted from each candidate region and used as static analysis data. This data provides context and basis for subsequent analysis. For example, static analysis data may include code structure information within the candidate region, the location and values ​​of specific constants, and data dependencies of key variables.

[0025] Step 120: Based on the static analysis data, perform backward slicing analysis on each of the candidate regions to obtain multiple target slices; wherein, each target parameter in the target slice has a corresponding source chain; In this embodiment of the invention, backward slice analysis is a program analysis technique that starts from one or more points of interest (also known as slice criteria) in a program, traces back all program statements and variables that may computationally affect these points of interest, and combines them into a subset of the program, i.e., a slice. In this embodiment of the invention, backward slice analysis is based on static analysis data.

[0026] Each candidate region is subjected to backward slicing analysis to obtain the target slice, also known as the evidence slice. It is essentially a subset of code containing the core cryptographic statements identified from the candidate regions, as well as the necessary dependency closures that affect these statements. These necessary dependency closures include the data corresponding to data dependencies and control dependencies. Therefore, the target slice is logically relatively complete and sufficient to represent a core cryptographic computational logic.

[0027] Backslicing analysis also involves analyzing and determining the source chain of target parameters within the target slice. The source chain is the tracing path of how the values ​​of target parameters were generated. Target parameters characterize cryptographic algorithm features, including one or more of the following: key length, number of rounds, modulus bit width, curve parameters, etc. For example, the source chain of a key used for encryption can be traced back to a function input parameter, a constant read from a configuration file, or a fixed macro definition. By annotating the source chain, the origin and context of the target parameters can be clearly understood, providing crucial information for subsequent algorithm identification and auditing.

[0028] Step 130: Input each of the target slices into the algorithm detection model to obtain the detection results; wherein the algorithm detection model is trained based on a large language model.

[0029] In this embodiment of the invention, an algorithm detection model is pre-trained based on a Large Language Model (LLM). The LLM possesses powerful code understanding and semantic reasoning capabilities. By training or fine-tuning the LLM with a large corpus of code and cryptographic knowledge, an algorithm detection model is obtained. The trained algorithm detection model can identify the code logic in a target slice and recognize the cryptographic algorithm it implements.

[0030] The obtained target slices are input into the algorithm detection model to determine the cryptographic algorithms involved in each target slice, and then the corresponding detection results are obtained. The detection results can be structured, for example, clearly indicating the type of cryptographic algorithm detected, such as Advanced Encryption Standard (AES), RSA (Rivest, Shamir, Adleman), Secure Hash Algorithm (SHA), self-implementing cryptographic algorithms, etc., as well as the identified key parameters, such as key length, number of rounds, modulus length, etc.

[0031] In this embodiment of the invention, the analysis scope is first efficiently narrowed by static analysis of the source code. Then, the target slice containing the core logic is extracted by precise backward slice analysis. Finally, the powerful semantic understanding capability of the large language model is used to accurately detect cryptographic algorithms in the target slice. This realizes an efficient, accurate and interpretable detection method for cryptographic algorithms in source code. In addition to standard cryptographic library APIs, it can also identify self-implemented encryption / signature / hash logic, reduce missed detections caused by relying solely on API matching, and improve the accuracy of cryptographic algorithm detection.

[0032] In an exemplary embodiment of the present invention, the step of performing backward slicing analysis on each of the candidate regions based on the static analysis data to obtain multiple target slices includes: Based on the static analysis data, determine the set of cryptographic statements for each of the candidate regions; Extract the corresponding variable set from each of the aforementioned sets of cryptographic statements; Based on the set of variables and the constrained strategy, backward slicing analysis is performed on each of the candidate regions to obtain the target slice.

[0033] In this embodiment of the invention, a set of cryptographic statements C for each candidate region is determined based on static analysis data. The set of cryptographic statements refers to the set of statements identified as performing core cryptographic computations within a candidate region. The set of cryptographic statements can be seen as the starting point for the slicing criteria in backward slicing analysis. Specifically, based on the operation patterns and constant patterns identified during the static code analysis phase, statements conforming to these patterns are searched and marked within the candidate region. For example, these statements may include: modular exponentiation statements, modular multiplication statements, large integer operation statements, dense bitwise operation statements (such as XOR, AND, shift, and circular shift), statements within the loop body of round functions, and table lookup or S-box access statements, etc. These statements represent the most representative parts of the cryptographic algorithm implementation. The identified statements are then combined into a set of cryptographic statements.

[0034] The process involves extracting corresponding variable sets from each set of cryptographic statements. A variable set refers to the key variables directly related to the cryptographic semantics within the set of cryptographic statements; these variables serve as the initial targets for backward slicing analysis. For example, variables directly related to key materials, round function inputs / outputs, modulus, or curve parameter sizes can be extracted from the set of cryptographic statements and combined into a variable set Vcrit. The backward slicing criterion is then used: "<statement position, Vcrit>" ensures that slicing revolves only around variables and statements relevant to the cryptographic semantics.

[0035] Create a Use-Def index within the function / method scope, which is the set of variables that the most recently defined statement and the rvalue expression depend on. Also, create control dependencies when needed, i.e. whether the statement is affected by if / for / while conditions, to support simultaneous backtracking of data dependencies and key condition constraints.

[0036] Based on the variable set and the constrained strategy, backward slicing analysis is performed on each candidate region to obtain the target slice. Specifically, the variable set Vcrit is used as the initial queue for backward slicing analysis, that is, tracing back from the definition points of these variables. The constrained strategy is a set of rules used to control the scope and complexity of the slicing process, aiming to ensure the efficiency of the slicing analysis process and the usability of the results, and to avoid path explosion and performance problems caused by an excessively large analysis scope.

[0037] During the backward slice analysis process, the queue W=Vcrit is initialized, and the slice result set S= The loop retrieves variable v from W, finds its most recent definition statement def(v) in the candidate region, adds def(v) to S; then adds variables appearing in the rvalue expression of def(v) to W. If control dependencies are enabled, the conditional statements affecting the reachability of def(v) are added to S, and the variables in the conditional expressions are added to W, until W is empty or a stopping condition is triggered.

[0038] In this embodiment of the invention, during the backward slicing analysis, starting with the variable set of each candidate region, the statements defining these variables are continuously searched and added to the target slice. Simultaneously, newly appearing dependent variables within these statements are added to a queue to be traced, until the queue is empty or the stopping condition in the restricted policy is triggered. This embodiment, by first accurately identifying the core cryptographic statements and variables as the starting point for slicing, makes the target of backward slicing analysis more explicit and focused. Combined with the restricted policy, it ensures that the generated target slices closely revolve around the core cryptographic logic, effectively excluding a large amount of irrelevant code, thereby improving the quality of the slices and the accuracy of subsequent algorithm detection model analysis.

[0039] In an exemplary embodiment of the present invention, the restricted strategy includes at least one of the following: scope restriction strategy, budget restriction strategy, call digest strategy, and pointer alias restriction strategy: The scope restriction strategy is used to constrain the scope of cross-function backtracking during backward slice analysis; The budget constraint strategy is used to limit resource consumption during backward slice analysis; The call summary strategy is used to constrain function calls during backward slice analysis; The pointer aliasing restriction strategy is used to constrain the handling of explicit alias relationships within functions during backward slice analysis.

[0040] In this embodiment of the invention, the scope restriction strategy is used to constrain the scope of cross-function backtracking during backward slice analysis. That is, during backward slice analysis, slicing is preferentially completed within functions. If the definition of a variable traces back to a call to another function, the backtracking level is restricted. For example, a maximum cross-function backtracking level K can be set. When the cross-function backtracking depth exceeds K, the analysis will no longer enter deeper called functions for inline expansion. Instead, the return value or output parameters of the called function will be used as an external input point for summary recording, recording the function name, call point, actual parameters, and return value positions. In a preferred embodiment, K can be configured as 2. The scope restriction strategy effectively avoids a sharp increase in analysis complexity caused by deep function call chains.

[0041] Budget constraints are used to limit resource consumption during backward slicing analysis. Specifically, to prevent the slicing process from running for excessively long periods or consuming too much memory due to complex code logic (such as deep loops or recursion), budget constraints set explicit resource limits. For example, a maximum backtracking depth Dmax and a maximum number of statements Nmax can be set. The maximum backtracking depth Dmax represents the maximum number of steps to trace along the dependency chain from the slicing criteria, and the maximum number of statements Nmax represents the maximum number of statements contained in the target slice. Once the analysis process reaches the maximum backtracking depth Dmax or the maximum number of statements Nmax, the slicing will stop expanding, and the currently collected partial slices will be output. In a preferred embodiment, Dmax can be configured to 60, and Nmax can be configured to 400. Budget constraints ensure that the analysis process always terminates within predictable resource overhead, avoiding path explosion that leads to slow operation.

[0042] The call summary strategy constrains the handling of function calls during backward slice analysis. Specifically, for traced function calls, especially those not identified as candidate regions, the call summary strategy dictates that they should not be inlined. Instead, their return values ​​or output parameters modified via pointers / references are treated as symbolic data sources, and the information of the call point is recorded as evidence. This information can then be further expanded in Deep Pass or incremental analysis. The call summary strategy simplifies the processing of external or non-core functions, allowing the analysis to focus on candidate regions.

[0043] Pointer aliasing restriction strategies are used to constrain the handling of pointer aliases during backward slice analysis. In languages ​​like C / C++, complex pointer operations and alias relationships are a challenge for static analysis. To avoid the unpredictable propagation of aliases leading to a drastic expansion of the analysis scope and false positives, pointer aliasing restriction strategies limit the processing to explicit, easily analyzable alias relationships within functions, such as those using the address-of operator (&) and dereference operators. Direct aliases established by member access operators -> or . fields. For complex pointer escapes (such as function return pointers, pointers stored in global structures, etc.) and cross-procedure alias relationships, they are preserved in the form of a summary to avoid false alarms and performance degradation caused by the spread of uncertain aliases.

[0044] By employing one or more of the aforementioned restrictive strategies, this invention can significantly improve the efficiency and controllability of backward slicing analysis while ensuring the extraction of core cryptographic logic. It effectively solves the performance bottleneck and path explosion problems faced by traditional slicing techniques when applied to large-scale, complex real-world projects, making the method of this invention highly practical for engineering applications.

[0045] In this embodiment of the invention, backward slicing analysis is performed using candidate regions R (function / method / basic block range), target parameter set P (e.g., key_bits, rounds, modulus_bits, curve, etc.), and the parsed AST, CFG, and Use-Def dependencies to obtain target slice S (core encryption statements and their necessary dependency closures). The source chain of target parameter P is marked in target slice S, for example, from constants, configuration fields, function input parameters, or external call return values. Through the above-mentioned restricted backward slicing analysis, this invention can obtain an auditable target slice S and form the source chain of target parameters from it, providing an interpretable basis for subsequent semantic reasoning and quantum vulnerability assessment.

[0046] In an exemplary embodiment of the present invention, the algorithm detection model includes a code snippet construction module, a prompt word template module, an inference module, a structured parsing module, and a consistency verification module, wherein the inference module is trained based on a large language model; The step of inputting each of the target slices into the algorithm detection model to obtain detection results includes: Based on the code snippet construction module, the data to be inferred is constructed using the code corresponding to the target slice and static factual data; Based on the reasoning module, the data to be reasoned is subjected to multiple inferences to determine the reasoning result; Based on the prompt word template module, the reasoning result is constrained into structured data; Based on the structured parsing module, pattern verification is performed on the structured data to obtain the pattern verification result; Based on the consistency verification module, the inference result is verified for consistency, and a consistency verification result is obtained. The detection result is obtained based on the structured data, the pattern verification result, and the consistency verification result.

[0047] In this embodiment of the invention, the algorithm detection model may include: a code snippet construction module, a prompt word template module, an inference module, a structured parsing module, and a consistency verification module.

[0048] First, based on the code snippet construction module, the data to be inferred is constructed using the code corresponding to the target slice and static fact data. The code corresponding to the target slice consists of core cryptographic statements and their dependent closures, ensuring semantic integrity and auditability. Static fact data refers to structured information related to the current candidate region extracted from static code analysis, such as: identified round constants, the structure and size of the constant table, possible modulus bits or key lengths, and role guesses and source chain digests for target variables, such as key_candidate / state / round_const. The code snippet construction module combines the code text contained in the target slice with this static fact data to form the data to be inferred. For example, the static fact data can be formatted as comments or specific tags and inserted at the beginning of the code snippet.

[0049] By jointly inputting factual data and code text into the inference module, the module can utilize factual clues provided by static analysis to make more stable algorithmic judgments. Based on the inference module, multiple inferences are performed on the data to be inferred to determine the inference result. The inference module receives the data to be inferred and uses its built-in large language model to perform deep understanding and analysis of the semantics and structure of the code to determine the cryptographic algorithm it implements. To improve the stability of the results and reduce the randomness of the model, multiple independent inferences can be performed on the same data to be inferred.

[0050] Based on the prompt word template module, the inference results are constrained to structured data. When submitting data to the inference module, the prompt word template module attaches instructions requiring the model to output the results in a predefined format (such as JSON). The prompt word template module ensures that the model's output is not free natural language text, but rather structured data containing specific fields. For example, this structured data may include the following fields: algorithm_family: Cryptographic algorithm type, such as AES / RSA / SHA / custom symmetric / custom public key / unknown, etc.; Subtype: Optional sub-types, such as SPN-like, Feistel-like, RSA-like, etc.

[0051] Params: The parsed target parameters, such as key_bits, rounds, modulus_bits, etc.

[0052] Evidence: Corresponds to the line number or statement range in the source code, as well as a description of key features.

[0053] Subsequently, based on the structured parsing module, schema validation is performed on the structured data to obtain the schema validation result. The structured parsing module is responsible for checking whether the structured data output by the inference module strictly conforms to the predefined schema. For example, it checks whether all required fields exist and whether the field value types are correct. If the validation fails, the schema validation result is a failure, and the inference result is marked as uncertain to avoid false alarms caused by unstable model output.

[0054] Next, based on the consistency verification module, the inference results are verified for consistency, yielding a consistency verification result. The consistency verification module determines the most reliable and consistent final inference result from multiple inference attempts using voting or consistency clustering. Then, based on the algorithm type determined in the inference result, it checks whether the input data to be inferred contains the typical algorithm characteristics expected of that algorithm type. For example, if the algorithm type in the inference result is RSA, it checks whether the code snippet contains features such as modular exponentiation / large integers / modular multiplication, thus obtaining the consistency verification result.

[0055] Finally, the final detection result is obtained by combining the results from structured data, pattern validation, and consistency checks. A complete detection result not only includes the algorithm information determined from the structured data but also the results from pattern validation and consistency checks, giving the final output rich confidence information and auditability. For example, a high-confidence result would be: the algorithm type is AES, pattern validation passed, and consistency check passed.

[0056] Through the modular design described in this embodiment, the present invention constructs a robust algorithm detection framework around a large language model. By combining static facts to construct inputs, constraining structured outputs, and performing multiple verifications such as pattern validation and consistency checks, the accuracy, stability, and interpretability of the large language model on specific tasks are greatly improved.

[0057] Meanwhile, since self-implementing cryptographic algorithms typically do not use standard library functions, their syntax differs significantly from traditional library calls, making it difficult to accurately determine the algorithm type relying solely on static rules. Therefore, this invention introduces a large language model for semantic reasoning based on static analysis and slice evidence to improve the accuracy and interpretability of identifying self-implementing algorithms.

[0058] In an exemplary embodiment of the present invention, the step of performing consistency verification on the inference result based on the consistency verification module to obtain a consistency verification result includes: Based on the consistency verification module, the inference result is verified for consistency, and the data to be inferred is verified for consistency based on the algorithm type in the inference result, so as to obtain the consistency verification result.

[0059] In this embodiment of the invention, after verifying the consistency of the inference results, a consistency check is also performed on the data to be inferred based on the algorithm type in the inference results. The check on the data to be inferred depends on the algorithm type given by the inference module. The consistency check module internally maintains a set of algorithm feature rule bases, which stores the algorithm features of different algorithm types for this cross-validation.

[0060] Specifically, if the inference result output by the inference module indicates that the algorithm type is RSA, the consistency verification module, upon receiving this result, will trigger the verification rules for the RSA algorithm. It will scan the code snippets (i.e., target slices) in the data to be inferred, checking for algorithmic features strongly related to public-key cryptography (especially RSA), such as modular exponentiation, large integer multiplication, or modular multiplication. If these algorithmic features are indeed present in the code, the consistency verification result is either passed or consistent. Conversely, if the code only contains bitwise operations and table lookups, with no trace of large number operations, it is judged as inconsistent, and the final detection result is downgraded to possible / uncertain, even if the inference module provides a definite RSA label.

[0061] If the inference module outputs an AES-type symmetric algorithm, the consistency verification module will trigger another set of verification rules. This involves checking for round function structures (such as loops), table lookup operations (suspected S-box access), dense bitwise operations (such as XOR), and spreading structures (such as byte obfuscation) in the code snippet. If these features are present, the consistency verification result is passed. Conversely, if the code primarily involves large integer operations, it is considered inconsistent, and the final detection result is downgraded to possible / uncertain.

[0062] By introducing a dynamic feature reverse verification mechanism based on reasoning results, the semantic-level reasoning results of the large language model are associated with the structural-level features of static code analysis to achieve consistency verification, which greatly suppresses false alarms of the model and enhances the credibility and auditability of the final detection results.

[0063] In an exemplary embodiment of the present invention, the step of performing static code analysis on the source code to obtain multiple candidate regions involving cryptography and static analysis data of each candidate region includes: Static code analysis was performed on the source code to obtain constant patterns associated with encryption operations and operational patterns associated with cryptographic implementation. The source code is parsed to construct an abstract syntax tree, control flow graph, and data dependencies; Based on the abstract syntax tree, the control flow graph, and the data dependencies, multiple candidate regions involving cryptography are identified. Based on the constant mode and the operation mode, the static analysis data of each candidate region is determined.

[0064] In this embodiment of the invention, static code analysis is performed on the source code to obtain constant patterns associated with encryption operations and operational patterns associated with cryptographic implementation.

[0065] Constant patterns refer to constants with specific values ​​or structures that are common in cryptographic algorithm implementations. Constant patterns and their organizational forms include, but are not limited to, large integer modulo, round constant table, S-box (replacement box), fixed threshold, protocol parameters, etc. Their corresponding organizational forms include arrays, lookup tables, structure fields, macro definitions or literals.

[0066] Operational patterns refer to operational structures with specific computational logic commonly found in cryptographic algorithm implementations. Operational patterns include, but are not limited to: modular exponentiation, bitwise operations (such as XOR, AND, shift, and circular shift), round function structures, table lookup access, obfuscation diffusion structures, and addition, subtraction, multiplication, and modular operations on large integers.

[0067] The source code is parsed to construct an Abstract Syntax Tree (AST), a Control Flow Graph (CFG), and data dependencies. Based on the constructed AST, CFG, and data dependencies, multiple candidate regions involving cryptography are identified. Specifically, the AST, CFG, and data dependencies are combined to identify code blocks that may involve key operations, round function iterations, cryptographic computations, and critical data flow transmission. Specifically, the CFG is traversed (e.g., by function), and for each function or code block, the density or frequency of the aforementioned constant patterns and operation patterns is calculated. When the density of these cryptographic features within a code region (such as a function) exceeds a preset threshold, that region is identified as a potential candidate region for a cryptographic algorithm. Data dependencies here help identify whether related computations constitute a meaningful computational cluster.

[0068] Finally, based on constant patterns and operational patterns, static analysis data for each candidate region is determined. For each identified candidate region, the specific constant pattern instances and operational pattern instances identified within it are recorded to form the static analysis data for that candidate region. For example, for a function determined to be a candidate region, its static analysis data can be recorded as follows: a 256-bit hexadecimal array (suspected S-box) is found in line X, and dense XOR and circular left shift operations are found within the loop body in lines YZ (suspected round function).

[0069] By defining a rich set of multi-dimensional cryptographic code features (constant patterns and operation patterns) and filtering candidate regions based on the density of these features in the code, this invention can achieve an efficient and accurate preliminary filtering, ensuring that subsequent backward slice analysis and LLM inference can focus on the most valuable code segments, greatly improving the efficiency and scalability of the entire detection process.

[0070] In an exemplary embodiment of the present invention, after inputting each of the target slices into the algorithm detection model to obtain the detection results, the method further includes: Each of the target slices is then minimized. Based on the target slice after minimization, the quantum vulnerability of the cryptographic algorithm in the detection result is evaluated using a quantum attack model to obtain the evaluation result.

[0071] In this embodiment of the invention, after the model inference is completed, a minimum evidence window is further constructed and a quantum vulnerability assessment is completed to support migration decision-making and audit review.

[0072] Specifically, each target slice is minimized to generate a minimal and self-consistent code sample for auditing and review. The minimization process is performed based on the target slice S obtained from backward slice analysis, and includes the following operations: Remove irrelevant statements, that is, remove all statements that do not have data dependency or control dependency closures with the variable set Vcrit, such as debugging information, logs, exception handling code, etc. that are not related to cryptographic computation; To ensure that the minimized code snippet remains syntactically and semantically readable and consistent, it is necessary to retain essential contextual information, such as relevant type definitions, constant table definitions, and field definitions of key structures.

[0073] Then, based on the minimized target slice, the quantum vulnerability of the cryptographic algorithms in the detection results is evaluated using a quantum attack model, yielding the evaluation results. The quantum attack model can break the detected cryptographic algorithms using quantum attack algorithms (such as Shor's algorithm and Grover's algorithm). Under the ideal fault-tolerant quantum computing model, Shor's algorithm can solve integer factorization and elliptic curve discrete logarithm problems in polynomial time, making it difficult for public-key cryptosystems based on these mathematically difficult problems (such as RSA, DH, ECDH, DSA, ECDSA, etc.) to continue providing their original security guarantees under the quantum attack model; quantum search algorithms such as Grover can reduce the effective security strength of some symmetric algorithms and hash functions.

[0074] Specifically, the quantum vulnerability of identified cryptographic algorithms is assessed based on a quantum security knowledge base and known quantum attack models. The quantum security knowledge base is a built-in repository indexed by families of cryptographic algorithms (such as RSA, ECC, AES, SHA, etc.), storing quantum security information related to each algorithm. This knowledge base contains at least the following: attack_model, the main quantum attack algorithms, such as Shor's algorithm, Grover's algorithm, quantum collision attack, etc.; effective_security_bits refers to the calculation rules for the actual effective security bits under the quantum attack algorithm; Recommended parameter thresholds, i.e., parameter suggestions that are considered safe in the post-quantum era, such as key length, hash output length, etc. The risk level mapping rule maps the current parameters to high, medium, or low risk levels based on a comparison between the current parameters and the recommended parameters.

[0075] The evaluation process, based on the algorithm type identified in the detection results, queries the quantum attack model and executes the corresponding evaluation logic: Specifically, for RSA, ECC (Ellipse Curve Cryptography), and discrete logarithm-based asymmetric algorithms, based on Shor's algorithm's efficient solution of related mathematical problems under a fault-tolerant quantum computing model, they are classified as quantum-resistant (high-risk). The evaluation results will clearly indicate that the algorithm needs to be migrated to a quantum-resistant alternative, such as lattice-based, encoded, multivariate, or hash-based KEM (key encapsulation mechanism) or digital signature schemes. For symmetric-key algorithms (such as AES), the main quantum threat comes from Grover's search algorithm. Based on the reduction in effective security strength caused by Grover's search algorithm, a conservative estimate of effective_bits = key_bits / 2 is used to determine the risk level. For example, if a 128-bit self-implemented AES is detected, its effective security strength is only 64 bits in a quantum computer, which is considered insufficient. The evaluation result will classify it as medium risk and provide actionable migration suggestions, such as increasing the key bit length to a higher level (e.g., 256 bits) to meet the equivalent security requirements in a quantum environment. For hash algorithms (such as the SHA series), conservative estimation rules corresponding to quantum attacks can be applied to the preimage and collision risk respectively (e.g., the preimage is approximately n / 2), and migration suggestions can be given in combination with the application scenario (signature, integrity verification, key derivation function KDF, etc.), such as adjusting the hash output length or replacing it with the recommended quantum-resistant hash algorithm.

[0076] The final assessment is a comprehensive report that includes the risk level, evidence (algorithm labels and parametric facts used as the basis for judgment), and actionable migration recommendations.

[0077] Through the technical solution of this embodiment, the present invention elevates the application of technology from simple cryptographic algorithm identification to the level of security risk insight and decision support. By combining a quantum security knowledge base and a quantum attack model, it achieves a quantum vulnerability level assessment of the identified cryptographic algorithms and outputs executable migration suggestions to support preliminary preparations for quantum-resistant migration.

[0078] The cryptographic algorithm detection device provided by this invention is described below. The cryptographic algorithm detection device described below can be referred to in correspondence with the cryptographic algorithm detection method described above. It should be noted that the device provided in the following embodiments and the method provided in the above embodiments belong to the same concept, and the specific way in which each module and unit performs operations has been described in detail in the method embodiments, and will not be repeated here.

[0079] In one exemplary embodiment of the present invention, please refer to Figure 2 , Figure 2 This is a cryptographic algorithm detection device according to an exemplary embodiment, comprising the following modules.

[0080] The first analysis module 210 is configured to acquire the source code to be detected, perform static code analysis on the source code, and obtain multiple candidate regions involving cryptography and static analysis data of each candidate region; The second analysis module 220 is configured to perform backward slicing analysis on each of the candidate regions based on the static analysis data to obtain multiple target slices; wherein each target parameter in the target slice has a corresponding source chain; The detection module 230 is configured to input each of the target slices into the algorithm detection model to obtain the detection result; wherein the algorithm detection model is trained based on a large language model.

[0081] In an exemplary embodiment of the present invention, the second analysis module 220 includes: The first determining submodule is configured to determine the set of cryptographic statements for each candidate region based on the static analysis data; The extraction submodule is configured to extract the corresponding variable set from each of the cryptographic statement sets; The backward slicing analysis submodule is configured to perform backward slicing analysis on each of the candidate regions based on the set of variables and the constraint strategy to obtain the target slice.

[0082] In an exemplary embodiment of the present invention, the restricted strategy includes at least one of the following: scope restriction strategy, budget restriction strategy, call digest strategy, and pointer alias restriction strategy: The scope restriction strategy is used to constrain the scope of cross-function backtracking during backward slice analysis; The budget constraint strategy is used to limit resource consumption during backward slice analysis; The call summary strategy is used to constrain function calls during backward slice analysis; The pointer aliasing restriction strategy is used to constrain the handling of explicit alias relationships within functions during backward slice analysis.

[0083] In an exemplary embodiment of the present invention, the algorithm detection model includes a code snippet construction module, a prompt word template module, an inference module, a structured parsing module, and a consistency verification module, wherein the inference module is trained based on a large language model; The detection module 230 includes: A submodule is constructed, configured to construct a module based on the code fragment, and construct the data to be reasoned through the code corresponding to the target slice and static fact data; The reasoning submodule is configured to perform multiple inferences on the data to be reasoned based on the reasoning module to determine the reasoning result; The constraint submodule is configured to constrain the reasoning result into structured data based on the prompt word template module; The pattern verification submodule is configured to perform pattern verification on the structured data based on the structured parsing module, and obtain the pattern verification result; The consistency verification submodule is configured to perform consistency verification on the inference result based on the consistency verification module, and obtain the consistency verification result; The detection result submodule is configured to obtain the detection result based on the structured data, the pattern verification result, and the consistency verification result.

[0084] In an exemplary embodiment of the present invention, the consistency verification submodule includes: The consistency verification unit is configured to perform consistency verification on the inference result based on the consistency verification module, and to perform consistency verification on the data to be inferred based on the algorithm type in the inference result, so as to obtain the consistency verification result.

[0085] In an exemplary embodiment of the present invention, the first analysis module 210 includes: The static code analysis submodule is configured to perform static code analysis on the source code to obtain constant patterns associated with encryption operations and operation patterns associated with cryptographic implementation. A submodule is built and configured to parse the source code and construct an abstract syntax tree, control flow graph, and data dependencies. The second determining submodule is configured to determine multiple candidate regions involving cryptography based on the abstract syntax tree, the control flow graph, and the data dependencies. The third determining submodule is configured to determine the static analysis data of each candidate region based on the constant mode and the operation mode.

[0086] In an exemplary embodiment of the present invention, the cryptographic algorithm detection device further includes: The minimization processing module is configured to perform minimization processing on each of the target slices. The evaluation module is configured to evaluate the quantum vulnerability of the cryptographic algorithm in the detection result based on the minimized target slice using a quantum attack model, and obtain the evaluation result.

[0087] Figure 3 An example is a schematic diagram of the physical structure of an electronic device, such as... Figure 3 As shown, the electronic device may include: a processor 310, a communications interface 320, a memory 330, and a communication bus 340, wherein the processor 310, the communications interface 320, and the memory 330 communicate with each other via the communication bus 340. The processor 310 can call logical instructions in the memory 330 to execute a cryptographic algorithm detection method, which includes: Obtain the source code to be tested, perform static code analysis on the source code, and obtain multiple candidate regions involving cryptography and static analysis data of each candidate region; Based on the static analysis data, backward slicing analysis is performed on each of the candidate regions to obtain multiple target slices; wherein, each target parameter in the target slice has a corresponding source chain; Each of the target slices is input into the algorithm detection model to obtain the detection results; wherein, the algorithm detection model is trained based on a large language model.

[0088] Furthermore, the logical instructions in the aforementioned memory 330 can be implemented as software functional units and, when sold or used as independent products, can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention, essentially, or the part that contributes to the prior art, or a part of the technical solution, can be embodied in the form of a software product. This computer software product is stored in a storage medium and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present invention. The aforementioned storage medium includes various media capable of storing program code, such as USB flash drives, portable hard drives, read-only memory (ROM), random access memory (RAM), magnetic disks, or optical disks.

[0089] On the other hand, the present invention also provides a computer program product, the computer program product comprising a computer program that can be stored on a non-transitory computer-readable storage medium, wherein when the computer program is executed by a processor, the computer is capable of executing the cryptographic algorithm detection method provided by the above methods, the method comprising: Obtain the source code to be tested, perform static code analysis on the source code, and obtain multiple candidate regions involving cryptography and static analysis data of each candidate region; Based on the static analysis data, backward slicing analysis is performed on each of the candidate regions to obtain multiple target slices; wherein, each target parameter in the target slice has a corresponding source chain; Each of the target slices is input into the algorithm detection model to obtain the detection results; wherein, the algorithm detection model is trained based on a large language model.

[0090] In another aspect, the present invention also provides a non-transitory computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, is implemented to perform the cryptographic algorithm detection method provided by the methods described above, the method comprising: Obtain the source code to be tested, perform static code analysis on the source code, and obtain multiple candidate regions involving cryptography and static analysis data of each candidate region; Based on the static analysis data, backward slicing analysis is performed on each of the candidate regions to obtain multiple target slices; wherein, each target parameter in the target slice has a corresponding source chain; Each of the target slices is input into the algorithm detection model to obtain the detection results; wherein, the algorithm detection model is trained based on a large language model.

[0091] The device embodiments described above are merely illustrative. The units described as separate components may or may not be physically separate. The components shown as units may or may not be physical units; that is, they may be located in one place or distributed across multiple network units. Some or all of the modules can be selected to achieve the purpose of this embodiment according to actual needs. Those skilled in the art can understand and implement this without any creative effort.

[0092] Through the above description of the embodiments, those skilled in the art can clearly understand that each embodiment can be implemented by means of software plus necessary general-purpose hardware platforms, and of course, it can also be implemented by hardware. Based on this understanding, the above technical solutions, in essence or the part that contributes to the prior art, can be embodied in the form of a software product. This computer software product can be stored in a computer-readable storage medium, such as ROM / RAM, magnetic disk, optical disk, etc., and includes several instructions to cause a computer device (which may be a personal computer, server, or network device, etc.) to execute the methods described in the various embodiments or some parts of the embodiments.

[0093] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention, and not to limit them; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that modifications can still be made to the technical solutions described in the foregoing embodiments, or equivalent substitutions can be made to some of the technical features; and these modifications or substitutions do not cause the essence of the corresponding technical solutions to deviate from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims

1. A method for detecting cryptographic algorithms, characterized in that, include: Obtain the source code to be tested, perform static code analysis on the source code, and obtain multiple candidate regions involving cryptography and static analysis data of each candidate region; Based on the static analysis data, backward slicing analysis is performed on each of the candidate regions to obtain multiple target slices; wherein, each target parameter in the target slice has a corresponding source chain; Each of the target slices is input into the algorithm detection model to obtain the detection results; wherein, the algorithm detection model is trained based on a large language model.

2. The cryptographic algorithm detection method according to claim 1, characterized in that, Based on the static analysis data, backward slicing analysis is performed on each of the candidate regions to obtain multiple target slices, including: Based on the static analysis data, determine the set of cryptographic statements for each of the candidate regions; Extract the corresponding variable set from each of the aforementioned sets of cryptographic statements; Based on the set of variables and the constrained strategy, backward slicing analysis is performed on each of the candidate regions to obtain the target slice.

3. The cryptographic algorithm detection method according to claim 2, characterized in that, The restricted policies include at least one of the following: scope restriction policy, budget restriction policy, call digest policy, and pointer alias restriction policy: The scope restriction strategy is used to constrain the scope of cross-function backtracking during backward slice analysis; The budget constraint strategy is used to limit resource consumption during backward slice analysis; The call summary strategy is used to constrain function calls during backward slice analysis; The pointer aliasing restriction strategy is used to constrain the handling of explicit alias relationships within functions during backward slice analysis.

4. The cryptographic algorithm detection method according to claim 1, characterized in that, The algorithm detection model includes a code snippet construction module, a prompt word template module, an inference module, a structured parsing module, and a consistency verification module. The inference module is trained based on a large language model. The step of inputting each of the target slices into the algorithm detection model to obtain detection results includes: Based on the code snippet construction module, the data to be inferred is constructed using the code corresponding to the target slice and static factual data; Based on the reasoning module, the data to be reasoned is subjected to multiple inferences to determine the reasoning result; Based on the prompt word template module, the reasoning result is constrained into structured data; Based on the structured parsing module, pattern verification is performed on the structured data to obtain the pattern verification result; Based on the consistency verification module, the inference result is verified for consistency, and a consistency verification result is obtained. The detection result is obtained based on the structured data, the pattern verification result, and the consistency verification result.

5. The cryptographic algorithm detection method according to claim 4, characterized in that, The process of performing consistency verification on the inference result based on the consistency verification module to obtain the consistency verification result includes: Based on the consistency verification module, the inference result is verified for consistency, and the data to be inferred is verified for consistency based on the algorithm type in the inference result, so as to obtain the consistency verification result.

6. The cryptographic algorithm detection method according to claim 1, characterized in that, The static code analysis of the source code yields multiple candidate regions related to cryptography and static analysis data for each candidate region, including: Static code analysis was performed on the source code to obtain constant patterns associated with encryption operations and operational patterns associated with cryptographic implementation. The source code is parsed to construct an abstract syntax tree, control flow graph, and data dependencies; Based on the abstract syntax tree, the control flow graph, and the data dependencies, multiple candidate regions involving cryptography are identified. Based on the constant mode and the operation mode, the static analysis data of each candidate region is determined.

7. The cryptographic algorithm detection method according to any one of claims 1 to 6, characterized in that, After inputting each of the target slices into the algorithm detection model to obtain the detection results, the method further includes: Each of the target slices is then minimized. Based on the target slice after minimization, the quantum vulnerability of the cryptographic algorithm in the detection result is evaluated using a quantum attack model to obtain the evaluation result.

8. A cryptographic algorithm detection device, characterized in that, include: The first analysis module is configured to acquire the source code to be detected, perform static code analysis on the source code, and obtain multiple candidate regions involving cryptography and static analysis data of each candidate region; The second analysis module is configured to perform backward slicing analysis on each of the candidate regions based on the static analysis data to obtain multiple target slices; wherein each target parameter in the target slice has a corresponding source chain; The detection module is configured to input each of the target slices into the algorithm detection model to obtain the detection results; wherein the algorithm detection model is trained based on a large language model.

9. An electronic device comprising a memory, a processor, and a computer program stored in the memory and running on the processor, characterized in that, When the processor executes the computer program, it implements the cryptographic algorithm detection method as described in any one of claims 1 to 7.

10. A non-transitory computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by the processor, it implements the cryptographic algorithm detection method as described in any one of claims 1 to 7.