Aiming at the problems of limited attack rounds and high attack complexity of Blow-CAST-Fish (Blow-C.Adams S.Tavares-Fish) algorithm, a key recovery attack of Blow-CAST-Fish algorithm based on differential table was proposed. Firstly, after analyzing the collision of S-box, based on the collision of two S-boxes and a single S-box respectively, the 6-round and 12-round differential characteristics were constructed. Secondly, the differential tables of f3 were calculated, and three rounds were expanded based on the specific differential characteristic, thereby determining the relationship between ciphertext difference and the input and output differences of f3. Finally, the plaintexts meeting the conditions were selected to encrypt, the input and output differences of f3 were calculated according to the ciphertext difference, and the corresponding input and output pairs were found by querying the differential table, as a result, the subkeys were obtained. At the situation of two S-boxes collision, the proposed attack completed a differential attack of 9-round Blow-CAST-Fish algorithm, compared with the comparison attack, the number of attack rounds was increased by one, and the time complexity was reduced from 2107.9 to 274. At the situation of single S-box collision, the proposed attack completed a differential attack of 15-round Blow-CAST-Fish algorithm, compared with the comparison attack, although the number of attack rounds was reduced by one, the proportion of weak keys was increased from
to
and the data complexity was reduced from 254 to 247. The test results show that the attack based on differential table can increase the efficiency of attack based on the same differential characteristics.