S-Boxes

The AES algorithm uses the concept of substitution tables or S-boxes. One of the steps of the algorithm is to apply an invertible transformation to a byte. The S-box is the pre-computed results of this transformation for all possible byte values. The transformation consists of two steps: (1) A multiplicative inverse as described in Multiplicative Inverses, and (2) a linear transformation according to the following equation, where a~i~ are the bits of the result and b~i~ are the bits of the result from step 1.

Linear transformation used in the S-box:

A closer look at the matrix reveals that the operation can be implemented as the sum (using XOR addition) of the original byte, the right-hand vector, and the original byte rotated left one, two, three and four times. This method is well suited for an 8-bit microcontroller.

The inverse S-box, used for decryption, has a similar structure and is also implemented using XOR additions and rotations. Refer to the AES specification for the corresponding matrix and to the source code for implementation details.