中文摘要：

SAFER＋＋是欧洲信息工程的参选算法，并且是进入第2轮的7个候选算法之一。算法的设计者称5轮SAFER＋＋算法可以抵抗差分分析。本文利用异或差分与模减差分串连得到3．75轮的高概率特征，对4轮SAFER＋＋进行选择明文攻击。攻击过程的计算复杂度约为2^98.2。次加密运算，数据复杂度是2^96，可以恢复出12字节的密钥。而且如果存在4轮特征（设计者称已经通过搜索的方法找到），可以利用本文提出的方法得到更高轮数的特征，用于攻击5轮以上的SAFER＋＋算法。

英文摘要：

SAFER＋＋ is submitted to the European pre-standardization project NESSIE and is one of the seven primitives-selected for the second phase of this project.The designers claim that 5-round SAFER＋＋ is secure against differential cryptanalysis.ln this paper we obtain a high probability characteristic of 3.75-round based on the concatenation of XOR-differential and minus-modulo-256-differential.It can be used in the chosen plaintext attack of 4-round SAFER＋＋ and recover 12 bytes keys.The computation complexity is 2^98.2 and the data complexity is 2^96.Furthermore,if there is a suitable 4-round characteristic（the designer had found）,the method we proposed can obtain good characteristics to attack SAFER＋＋ with at least 5-round.