




21 Page 21-24 © MAT Journals 2019. All Rights Reserved 
 
Journal of Electronics and Communication Systems  
Volume 4 Issue 3  
















Department of Electronics and Communication Engineering, Adi Shankara Institute of Engineering 





The basic principle of encryption is to transform plain data into unintelligible data via a 
series of steps referred to as an encryption algorithm. The input to this algorithm is called 
plaintext, and its output encoded version is called as cipher text. Even though there are 
various algorithms, Advanced Encryption Standard (AES) is adopted due to the availability 
of optimized hardware components for efficient implementation. The S-Box is one of the 
critical operations in AES algorithm and it consists of two sub-modules, namely the 
multiplicative inversion sub-module in GF(2^8) and the Affine transformation sub-module 
Each input to the S-Box is a 1-byte of intermediate data, x, and the S-Box will generate 1-byte 
of output S(x). There are variety of methods can used to implement AES S box. Through this 
project our aim is to optimize the S box for minimal access time. We are planning to 
implement an optimized implementation of the S-box in the Verilog HDL. By developing the 
Verilog code for substitution box by using different methods, compare them and implement 
the same in hardware using FPGA. 
 
Keywords: Advanced Encryption Standard, S-Box 
 
INTRODUCTION  
With an increase in the usage of embedded 
devices that are capable of storing and 
transmitting data, information security has 
become a major concern. At present 
embedded devices are widely used for 
applications such as banking, aerospace 
communications, networking etc. which 
demands information security. In most 
cases, cryptography is used to secure the 
data. There are several cryptographic 
algorithms, which can be classified into 
Symmetric key, Asymmetric key and Hash 
functions. Symmetric key algorithms have 
higher speed and are highly secured. One 
of the most widely accepted symmetric 
key cryptographic algorithms is Advanced 
Encryption Standard (AES). Data 
Encryption Standard (DES) etc. are some 
of the other symmetric key algorithms. All 
these algorithms can be implemented in 
hardware as well as in software. Even 
though software implementation is 
cheaper, it cannot be used in high-speed 
applications. But hardware implementation 
can be used for this purpose. In hardware 
implementation of AES, one of the most 
expensive sections, in terms of area, is 
Substitution Box (S-Box). It is used to 
create a non-linear relationship between 
plain text (raw input data) and cipher text 
(encrypted output data). 
 
SUBSTITUTION BOX 
S-Boxes are of different types. The 
architecture of S-Box changes with respect 
to the algorithm in which it is used. AES 
algorithm uses fixed S-Box which takes 8-
bit input and produces 8-bit output. A 
variety of methods can be used to 
implement AES S-Box. It can be 
implemented using a 256×8 bits look-up 
table, equivalent to 2048 bits or 2Kilobits. 
 
Galois field based S-Box and 
Combinational logic based S-Box are the 
two basic non-memory based S-Box 
architectures. Combining these two 
2380-6923/16 







22 Page 21-24 © MAT Journals 2019. All Rights Reserved 
 
Journal of Electronics and Communication Systems  
Volume 4 Issue 3  
architectures another S- Box design was 
proposed in this paper. To compare the 
performance, we have implemented all the 
specified S-Box architectures based on the 




Look Up Table Based S-Box  
The first approach concentrates on 
mapping the plaintext to the cipher text 
directly [1]. This is also known as ROM 
based approach. The latter meanwhile 
dwells on the concept of computing the 
cipher text on the go rather than storing it 
in memory, which leads to a comparatively 
compact and an efficient design. 
 
LUT method is very simple in construction 
compared to the standard approaches 
available in the literature. Also the timing 
status of this method are very good 
proving the fact that direct mapping of the 
cipher text to the input plain text is one of 
the fastest methods of substitution 
available. But the disadvantages due to the 
poor memory utilization of LUT approach 
far out weigh the speed advantages offered 
by its design. The area consumed is too 
high for compact implementation of the 
design. 
 
The S-Box operation can be implemented 
in the form of the LUT, in which all the 
possible output (2^8 = 256) are pre-stored 
in the LUT memory. 
 
Galois field based s-box 
LUT based S-Box consumes large area 
which will increase the hardware cost [2]. 
To reduce the hardware cost, Rijmen 
proposed the use of composite field 
arithmetic. Factors such as field of 
mapping, use of irreducible polynomial 
and choice of isomorphic mapping decides 
the complexity of arithmetic in a field. 
Therefore, the use of composite field 
arithmetic is the effective way to reduce 
the overall computation cost in the AES S-
Box. In this work we have implemented 
the design in Fig. 2. 
 
Multiplicative inverse module for S-Box is 
created using composite field arithmetic. 
The author claims that this work is better 
in terms of area compared to others units.
 
 





23 Page 21-24 © MAT Journals 2019. All Rights Reserved 
 
Journal of Electronics and Communication Systems  
Volume 4 Issue 3  
Proposed s-box 
 
Figure 2: Proposed s box. 
 
The proposed S-BOX has been suggested 
after 3 modifications in conventional S-
BOX. 
1. Introduced an operator (op) after 
merging of some Blocks. 
2. Implementation of multiplicative 
inverse in GF(2^4) Using multiplexor. 
3. Reduced the critical path of 
multiplication in GF(2^2). 
4. One major operation is finding the 
multiplicative inverse in Galois Field 
(2^8). 
 
This is done by breaking the GF (2^8) 
elements in GF (2^4). I.e., Any arbitrary 
polynomial in GF (2^8) can be represented 
as bx+c using an irreducible polynomial 
x2+Ax+B. Here, b is the most significant 
nibble and c is the least significant nibble. 
The multiplicative inverse can be found by 


















Here, λ = (1100)2 and φ = (10)2. 
Performing operations in GF ((22)2), the 
following value can be obtained in terms 
of upper (b) lower nibble (c) bits of inputs. 
We can reduce the blocks in the proposed 
architecture from its conventional 














RESULTS AND CONCLUSION 
Table 1: Comparison between Lut Based S Box, Rejindal Based S Box and New Proposed S Box 
Method Name Area In Number Of Lut Delay 
Multiplier Name Lut Gate Count Slices Delay 
Gate Or Logic 
Delay 
Path Or Route 
Delay 
Lut Based S Box 128 1128 64 11.945ns 8.402ns 3.543ns 
Rejindal Based S Box 71 488 37 30.865ns 14.179ns 16.686ns 







24 Page 21-24 © MAT Journals 2019. All Rights Reserved 
 
Journal of Electronics and Communication Systems  
Volume 4 Issue 3  
The table shows the comparison between 
look up table based substitution box, 
combinational logic based substitution box 
and the proposed substitution box. The 
hardware implementation can be done in 
Xilinx zynq 7000 FPGA. From the table, 
we could observe that the delay and gate 
count is less for proposed substitution box.
 
 
Figure 3: Gate count. 
 
 
Figure 4: Delay comparison. 
 
REFERENCES 
1. Anuroop KB, Anu James, Neema M 
(2017), “Hardware Software Code sign 
For A Hybrid Substitution Box”, 30th 
International Conference on VLSI 
Design and 2017 16th International 
Conference on Embedded Systems. 
2. Ahmad, Nabihah, Rezaul Hasan, 
Warsuzarina Mat Jubadi (2010), 
“Design of AES S-Box using 
combinational logic optimization”, 
IEEE Symposium on Industrial 
Electronics & Applications (ISIEA). 
3. Shreenivas Pai N, Raghuram S, 
Chennakrishna M, AS Varun Karthik 
(2016), “Logic Optimization Of AES 
S- Box”, International Conference on 
Automatic Control and Dynamic 
Optimization Techniques (ICACDOT) 
International Institute of Information 
Technology (I²IT), Pune. 
 
Cite this article as: 
Aaruni P M, Aleena Baby, Angel 
Antony, Binsha Benny, & Anjaly 
Gopinath. (2019). Substitution Box 
Optimization. Journal of Electronics 
and Communication Systems, 4(3), 
21–24. 
http://doi.org/10.5281/zenodo.3531510 
 
