login
The Rijndael S-box used in the Advanced Encryption Standard (AES).
2

%I #17 Aug 15 2022 23:32:43

%S 99,124,119,123,242,107,111,197,48,1,103,43,254,215,171,118,202,130,

%T 201,125,250,89,71,240,173,212,162,175,156,164,114,192,183,253,147,38,

%U 54,63,247,204,52,165,229,241,113,216,49,21,4,199,35,195,24,150,5,154,7,18,128,226

%N The Rijndael S-box used in the Advanced Encryption Standard (AES).

%C A permutation of {0, 1, ..., 255}.

%C The permutation can be decomposed into 5 cycles: 4, 242, 137, 167, ..., 48 (length 87); 1, 124, 16, 202, ..., 9 (length 81); 0, 99, 251, 15, ..., 82 (length 59); 11, 43, 241, 161, ..., 158 (length 27); 115, 143 (length 2).

%H Jianing Song, <a href="/A354500/b354500.txt">Table of n, a(n) for n = 0..255</a>

%H Institute of Telematics, <a href="http://www.tm.uka.de/software/pktanon/documentation/sourcedoc/html/rijndael_8cpp.html">Rijndael.cpp File Reference</a> (contains the table of the Rijndael S-box written in decimal)

%H Wikipedia, <a href="https://en.wikipedia.org/wiki/Rijndael_S-box">Rijndael S-box</a>

%F a(n) = ivgenpoly(((x^4+x^3+x^2+x+1)*(genpoly(n)^254 mod (x^8+x^4+x^3+x+1)) + x^6 + x^5 + x + 1) mod (x^8+1)), where ivgenpoly and genpoly are the notations introduced in A355891. Beware that all the operations are done in GF(2)[x].

%F To be more concretely, to obtain a(n):

%F - Write the binary expansion of n and view it as a polynomial p(x) in GF(2)[x]; (E.g., 10 = 1010_2 => x^3 + x)

%F - Compute q(x) = p(x)^254 mod (x^8+x^4+x^3+x+1) in GF(2)[x]; (E.g., x^3 + x => x^5 + x^3 + 1)

%F - Compute r(x) = ((x^4+x^3+x^2+x+1)*q(x) + x^6 + x^5 + x + 1) mod (x^8+1) in GF(2)[x]; (E.g., x^5 + x^3 + 1 => x^6 + x^5 + x^2 + x + 1)

%F - To get a(n), view r(x) as a number. (E.g., x^6 + x^5 + x^2 + x + 1 => 2^6 + 2^5 + 2^2 + 2 + 1 = 103)

%e The Rijndael S-box written in hexadecimal:

%e +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +A +B +C +D +E +F

%e 00 63 7C 77 7B F2 6B 6F C5 30 01 67 2B FE D7 AB 76

%e 10 CA 82 C9 7D FA 59 47 F0 AD D4 A2 AF 9C A4 72 C0

%e 20 B7 FD 93 26 36 3F F7 CC 34 A5 E5 F1 71 D8 31 15

%e 30 04 C7 23 C3 18 96 05 9A 07 12 80 E2 EB 27 B2 75

%e 40 09 83 2C 1A 1B 6E 5A A0 52 3B D6 B3 29 E3 2F 84

%e 50 53 D1 00 ED 20 FC B1 5B 6A CB BE 39 4A 4C 58 CF

%e 60 D0 EF AA FB 43 4D 33 85 45 F9 02 7F 50 3C 9F A8

%e 70 51 A3 40 8F 92 9D 38 F5 BC B6 DA 21 10 FF F3 D2

%e 80 CD 0C 13 EC 5F 97 44 17 C4 A7 7E 3D 64 5D 19 73

%e 90 60 81 4F DC 22 2A 90 88 46 EE B8 14 DE 5E 0B DB

%e A0 E0 32 3A 0A 49 06 24 5C C2 D3 AC 62 91 95 E4 79

%e B0 E7 C8 37 6D 8D D5 4E A9 6C 56 F4 EA 65 7A AE 08

%e C0 BA 78 25 2E 1C A6 B4 C6 E8 DD 74 1F 4B BD 8B 8A

%e D0 70 3E B5 66 48 03 F6 0E 61 35 57 B9 86 C1 1D 9E

%e E0 E1 F8 98 11 69 D9 8E 94 9B 1E 87 E9 CE 55 28 DF

%e F0 8C A1 89 0D BF E6 42 68 41 99 2D 0F B0 54 BB 16

%e The Rijndael S-box written in decimal:

%e +0 +1 +2 +3 +4 +5 +6 +7 +8 +9 +10 +11 +12 +13 +14 +15

%e 0 99 124 119 123 242 107 111 197 48 1 103 43 254 215 171 118

%e 16 202 130 201 125 250 89 71 240 173 212 162 175 156 164 114 192

%e 32 183 253 147 38 54 63 247 204 52 165 229 241 113 216 49 21

%e 48 4 199 35 195 24 150 5 154 7 18 128 226 235 39 178 117

%e 64 9 131 44 26 27 110 90 160 82 59 214 179 41 227 47 132

%e 80 83 209 0 237 32 252 177 91 106 203 190 57 74 76 88 207

%e 96 208 239 170 251 67 77 51 133 69 249 2 127 80 60 159 168

%e 112 81 163 64 143 146 157 56 245 188 182 218 33 16 255 243 210

%e 128 205 12 19 236 95 151 68 23 196 167 126 61 100 93 25 115

%e 144 96 129 79 220 34 42 144 136 70 238 184 20 222 94 11 219

%e 160 224 50 58 10 73 6 36 92 194 211 172 98 145 149 228 121

%e 176 231 200 55 109 141 213 78 169 108 86 244 234 101 122 174 8

%e 192 186 120 37 46 28 166 180 198 232 221 116 31 75 189 139 138

%e 208 112 62 181 102 72 3 246 14 97 53 87 185 134 193 29 158

%e 224 225 248 152 17 105 217 142 148 155 30 135 233 206 85 40 223

%e 240 140 161 137 13 191 230 66 104 65 153 45 15 176 84 187 22

%o (PARI) m(P) = Mod(P, 2);

%o A354500(n) = subst(lift(lift(Mod(m(x^4+x^3+x^2+x+1)*lift(Mod(m(Pol(binary(n))), m(x^8+x^4+x^3+x+1))^254)+m(x^6+x^5+x+1), m(x^8+1)))), x, 2)

%Y Cf. A354501 (the inverse permutation), A355891.

%K nonn,easy,fini,full

%O 0,1

%A _Jianing Song_, Aug 15 2022