Also known as: substitution box, S-box
An S-box (substitution box) is a fixed lookup table that replaces an input bit pattern with an output bit pattern.1 It is the nonlinear heart of most modern ciphers: where the surrounding XOR and permutation steps are linear, the S-box deliberately is not, supplying the confusion that makes the key-to-ciphertext relationship hard to unravel.
How it works
An S-box takes m input bits and produces n output bits by table lookup — for example,
AES uses a single 8-bit-to-8-bit S-box, a 256-entry table applied to every byte. The table
is a fixed part of the cipher, the same for every key; secrecy lives in the key, not in the
table (Kerckhoffs’s principle).
A good S-box is carefully designed, not arbitrary. It should be strongly nonlinear so that no simple linear or affine relation approximates it, and well-balanced so that flipping one input bit changes many output bits unpredictably. These properties are what blunt differential and linear cryptanalysis. S-boxes appear in both Feistel networks (inside the round function) and substitution-permutation networks (as the substitution layer).
Relevance to SDR
S-boxes sit inside the ciphers that protect digital radio traffic — AES (P25 AES-256, DMR) and DES (P25) both rely on S-box substitution — so the construction is part of what makes encrypted voice GopherTrunk monitors infeasible to recover without the key.
The term is also relevant to weaker, non-encryption schemes. The clean-room analysis of the Motorola P25 talker-alias obfuscation in issue #773 recovered a 256-entry substitution table purely from public on-air data, with no third-party source: a fixed lookup like this is exactly an S-box in form, even though, used alone for reversible hiding rather than keyed encryption, it provides obfuscation and not secrecy.