The rapid development of quantum technology and the continuous improvement of quantum computing efficiency， especially the emergence of Shor algorithm and Grover algorithm， greatly threaten the security of traditional public key cipher and symmetric cipher. The block cipher PFP algorithm designed based on Feistel structure was analyzed. First， the linear transformation P of the round function was fused into the periodic functions in the Feistel structure， then four 5-round periodic functions of PFP were obtained， two rounds more than periodic functions in general Feistel structure， which was verified through experiments. Furthermore， by using quantum Grover and Simon algorithms， with a 5-round periodic function as the distinguisher， the security of 9， 10-round PFP was evaluated by analyzing the characteristics of PFP key arrangement algorithm. The time complexity required for key recovery is 2²⁶， 2^38.5， the quantum resource required is 193， 212 qubits， and the 58， 77 bits key can be restored， which are superior to the existing impossible differential analysis results.

As Radio Frequency IDentification （RFID） technology and wireless sensors become increasingly common， the need of secure data transmitted and processed by such devices with limited resources leads to the emergence and growth of lightweight ciphers. Characterized by their small key sizes and limited number of encryption rounds， precise security evaluation of lightweight ciphers is needed before putting into service. The differential and linear characteristics of full-round Shadow algorithm were analyzed for lightweight ciphers’ security requirements. Firstly， a concept of second difference was proposed to describe the differential characteristic more clearly， the existence of a full-round differential characteristic with probability 1 in the algorithm was proved， and the correctness of differential characteristic was verified through experiments. Secondly， a full-round linear characteristic was provided. It was proved that with giving a set of Shadow-32 （or Shadow-64） plain ciphertexts， it is possible to obtain 8 （or 16） bits of key information， and its correctness was experimentally verified. Thirdly， based on the linear equation relationship between plaintexts， ciphertexts and round keys， the number of equations and independent variables of the quadratic Boolean function were estimated. After that， the computational complexity of solving the initial key was calculated to be {\mathrm{2}}^{\mathrm{63.4}} . Finally， the structural features of Shadow algorithm were summarized， and the focus of future research was provided. Besides， differential and linear characteristic analysis of full-round Shadow algorithm provides preference for the differential and linear analysis of other lightweight ciphers.