Trying to implementation AES Sbox and InSbox in combination circuit. Here for Sbox two operation is done i.e. Multiplicative Inverse and Affine Transform. For Affine Transform finite field is converted into a composite field using isomorphic transform, of which I have no idea how is that done. Need help in getting matrix delta shown in the image(attached with the question) from the irreducible polynomial mentioned p(x).
The matrices in the question are used for inversion (1/x) step. Affine transformation is a separate step and normally involves a matrix multiply followed by a column xor as specified by AES algorithm. Link to wiki article, note that the wiki article has least significant bits at the top, while the article you reference and other articles have the most significant bit at the top.
https://en.wikipedia.org/wiki/Rijndael_S-box
Getting back to how those matrices are created, I found a few articles, but they not only don't explain how those matrices are created, they were also missing key information, such as the primitive element chosen for GF(2^8) based on polynomial x^8 + x^4 + x^3 + x + 1 (0x11b) with 1 bit coefficients, which is irreducible, but not primitive, since its primitive element is not x (0x02).
GF(2^8) is mapped to GF(((2^2)^2)^2). From the questions information, GF(2^2) uses x^2 + x + 1 (hex 7) with 1 bit coefficients to produce a 2 bit field with primitive element x = 0x2. GF((2^2)^2) uses x^2 + x + 2 (hex 16) with 2 bit coefficients from GF(2^2) to produce a 4 bit field with primitive element x = 0x4. GF(((2^2)^2)^2) uses x^2 + x + c (hex 11c) with 4 bit coefficients from GF((2^2)^2) to produce an 8 bit field with primitive x = 0x10.
For GF(2^8) there are 128 possible primitive elements: {0x03, 0x05, 0x06, ... , 0xff}. The matrix δ can be used to identify which primitive element was chosen for GF(2^8), in this case x^4 + x^3 + x^2 + x + 1 (hex 1f).
The columns of the matrix δ correspond to the mapping from GF(2^8) to GF(((2^2)^2)^2) by bit: 1st column maps 0x80, 2nd column maps 0x40, ..., 7th column maps 0x02, 8th column maps 0x01. The columns are powers of 0x10 in GF(((2^2)^2)^2). For example the 7th column is 0x5f, which is 0x10^0xa0 in GF(((2^2)^2)^2). Since the 7th column is used to map 0x02 in GF(2^8), this means GF(2^8)log??(0x02) = 0xa0, and that the chosen primitive element is 0x1f, since GF(2^8)log1f(0x02) = 0xa0. The 6th column is 0x7c, which is 0x10^0x41 in GF(((2^2)^2)^2), and GF(2^8)log1f(0x04) = 0x41.
The table below shows the data for all 8 colums.
GF(2^8) log1f(0x80) = 0x64, GF(((2^2)^2)^2) 0x10^0x64 = 0xfc (1st column of matrix)
GF(2^8) log1f(0x40) = 0xc3, GF(((2^2)^2)^2) 0x10^0xc3 = 0x4b (2nd column of matrix)
GF(2^8) log1f(0x20) = 0x23, GF(((2^2)^2)^2) 0x10^0x23 = 0xb0 (3rd column of matrix)
GF(2^8) log1f(0x10) = 0x82, GF(((2^2)^2)^2) 0x10^0x82 = 0x46 (4th column of matrix)
GF(2^8) log1f(0x08) = 0xe1, GF(((2^2)^2)^2) 0x10^0xe1 = 0x74 (5th column of matrix)
GF(2^8) log1f(0x04) = 0x41, GF(((2^2)^2)^2) 0x10^0x41 = 0x7c (6th column of matrix)
GF(2^8) log1f(0x02) = 0xa0, GF(((2^2)^2)^2) 0x10^0xa0 = 0x5f (7th column of matrix)
GF(2^8) log1f(0x01) = 0x00, GF(((2^2)^2)^2) 0x10^0x00 = 0x01 (8th column of matrix)
The inverse mapping matrix can use the same logic:
GF(((2^2)^2)^2) log10(0x80) = 0x67, GF(2^8) 0x1f^0x67 = 0x84 (1st column of matrix)
GF(((2^2)^2)^2) log10(0x40) = 0xbc, GF(2^8) 0x1f^0xbc = 0xf1 (2nd column of matrix)
GF(((2^2)^2)^2) log10(0x20) = 0xab, GF(2^8) 0x1f^0xab = 0xbb (3rd column of matrix)
GF(((2^2)^2)^2) log10(0x10) = 0x01, GF(2^8) 0x1f^0x01 = 0x1f (4th column of matrix)
GF(((2^2)^2)^2) log10(0x08) = 0x66, GF(2^8) 0x1f^0x66 = 0x0c (5th column of matrix)
GF(((2^2)^2)^2) log10(0x04) = 0xbb, GF(2^8) 0x1f^0xbb = 0x5d (6th column of matrix)
GF(((2^2)^2)^2) log10(0x02) = 0xaa, GF(2^8) 0x1f^0xaa = 0xbc (7th column of matrix)
GF(((2^2)^2)^2) log10(0x01) = 0x00, GF(2^8) 0x1f^0x00 = 0x01 (8th column of matrix)
Note that in the questions image, the inverse matrix 1st and 6th columns have the least significant bit flipped. The pdf file linked to below has the proper matrices.
https://github.com/bpdegnan/aes/blob/master/aes-sbox/documentation/aessbox.pdf
I created a small pdf file that explains how the mapping matrices seen on page 4, matrix (8) and page 5, matrix (10) are generated and the logic behind them.
https://github.com/jeffareid/finite-field/blob/master/Composite%20Field%20Mapping%20Example.pdf
In order for sub-field aka composite field math to work, there are two main requirements. Using map() to represent the mapping from GF(2^8) to GF(((2^2)^2)^2), then while operating in GF(((2^2)^2)^2)
map(a + b) = map(a) + map(b) // addition (xor) is isomorphic
map(a · b) = map(a) · map(b) // multiplication is isomorphic
This can also be restated as: using α to represent the primitive element for GF(2^8) and β to represent the primitive element for GF(((2^2)^2)^2).
if α^i + α^j = α^k, then β^i + β^j = β^k // addition (xor) is isomporhic
if α^i · α^j = α^k, then β^i · β^j = β^k // multiplication is isomorphic
Normally β = 100002, and a brute force search is done for 3 constants α, φ, δ, that result in compatible mapping and minimizing gate count, where α is the primitive element for GF(2^8), φ is the constant term for GF((2^2)^2) = x^2 + x + φ, and δ is the constant term for GF(((2^2)^2)^2) = x^2 + x + δ. In this case, α = 111112, φ = 102, δ = 11002.
