This work conducts a third-party cryptanalysis of Gleeok-128, a low-latency multi-branch pseudorandom function (PRF), focusing on deficiencies in linear security evaluation under its multi-branch structure and the feasibility of key recovery. We propose a two-stage Mixed-Integer Linear Programming (MILP) modeling framework that unifies differential-linear and integral distinguisher construction while tightening algebraic degree bounds. Our analysis reveals, for the first time, a full linear distinguishability vulnerability in Branch 3; leveraging this, we optimize the linear layer parameters to enhance resistance. Experimentally, we achieve a 7-round integral distinguisher for the full PRF and an 8-round key-recovery attack, improving distinguisher rounds for individual branches by 3 and 2, respectively, with a data complexity of only $2^{48}$. These results significantly surpass prior security bounds and advance automated analysis frameworks for multi-branch primitives.

Gleeok is a family of low latency keyed pseudorandom functions (PRFs) consisting of three parallel SPN based permutations whose outputs are XORed to form the final value. Both Gleeok-128 and Gleeok-256 use a 256 bit key, with block sizes of 128 and 256 bits, respectively. Owing to its multi branch structure, evaluating security margins and mounting effective key recovery attacks present nontrivial challenges. This paper provides the first comprehensive third party cryptanalysis of Gleeok-128. We introduce a two stage MILP based framework for constructing branch wise and full cipher differential linear (DL) distinguishers, together with an integral based key recovery framework tailored to multi branch designs. Our DL analysis yields 7, 7, 8, and 4 round distinguishers for Branch 1, Branch 2, Branch 3, and Gleeok-128, respectively, with squared correlations approximately 2 to the power minus 88.12, 2 to the power minus 88.12, 2 to the power minus 38.73, and 2 to the power minus 49.04, outperforming those in the design document except for the full PRF case. By tightening algebraic degree bounds, we further derive 9, 9, and 7 round integral distinguishers for the three branches and a 7 round distinguisher for the full PRF, extending the designers results by 3, 3, and 2 rounds and by 2 rounds, respectively. These integral properties enable 7 round and 8 round key recovery attacks in the non full codebook and full codebook settings. In addition, we identify a flaw in the original linear security evaluation of Branch 3, showing that it can be distinguished over all 12 rounds with data complexity about 2 to the power 48. We also propose optimized linear layer parameters that significantly improve linear resistance without sacrificing diffusion. Our results advance the understanding of Gleeok-128 and provide general methods for analyzing multi branch symmetric designs.