对于置换piS 有如下计算:
The matrix used in AES is a rotational matrix based on the value 0x1F, which is 00011111 in binary. The multiplication is performed in the field GF(2), as is the addition of the final vector 0x63. Addition in GF(2) is the same as xor.
The bit indexes for the matrix are 76543210, with 0 being the least significant bit and 7 being the most significant. Each column is the previous column rotated to the left by a single bit, as shown here:
0 7 6 5 4 3 2 1
1 0 7 6 5 4 3 2
2 1 0 7 6 5 4 3
3 2 1 0 7 6 5 4
4 3 2 1 0 7 6 5
5 4 3 2 1 0 7 6
6 5 4 3 2 1 0 7
7 6 5 4 3 2 1 0
For the AES 0x1F affine matrix, the bits are arranged in the following way:
1 0 0 0 1 1 1 1
1 1 0 0 0 1 1 1
1 1 1 0 0 0 1 1
1 1 1 1 0 0 0 1
1 1 1 1 1 0 0 0
0 1 1 1 1 1 0 0
0 0 1 1 1 1 1 0
0 0 0 1 1 1 1 1
For an input of 0x53 in AES, we first find its inverse, which is 0xCA, represented in binary as 11001010
The affine transformation is as follows. The input bits are multiplied against the bits of a given row, with the first bit the LSB of the input. Input bit 0 is only multiplied by row bit 0, and so on. Only when both values are one (logical AND) is the result one. Finally, all bits are XORd against eachother within that row to generate the transformed bit for that row.
Input = 0 1 0 1 0 0 1 1 (LSB First)
Row 0 = 1 0 0 0 1 1 1 1
Bit 0 = 0 0 0 0 0 0 1 1 = 0
Row 1 = 1 1 0 0 0 1 1 1
Bit 1 = 0 1 0 0 0 0 1 1 = 1
Row 2 = 1 1 1 0 0 0 1 1
Bit 2 = 0 1 0 0 0 0 1 1 = 1
Row 3 = 1 1 1 1 0 0 0 1
Bit 3 = 0 1 0 1 0 0 0 1 = 1
Row 4 = 1 1 1 1 1 0 0 0
Bit 4 = 0 1 0 1 0 0 0 0 = 0
Row 5 = 0 1 1 1 1 1 0 0
Bit 5 = 0 1 0 1 0 0 0 0 = 0
Row 6 = 0 0 1 1 1 1 1 0
Bit 6 = 0 0 0 1 0 0 1 0 = 0
Row 7 = 0 0 0 1 1 1 1 1
Bit 7 = 0 0 0 1 0 0 1 1 = 1
The final result LSB first is 01110001 or MSB first is 10001110 = 0x8E. This value is then added (XOR) to the final vector 0x63, giving an output of 0xED
From:https://crypto.stackexchange.com/questions/10996/how-are-the-aes-s-boxes-calculated