The cipher is a modification to AES and is described on this website:
The only difference between Jipsam1 and AES-256 is the S-box. Whereas in AES the S-box is public and constant, namely
$$
\begin{pmatrix}
1&0&0&0&1&1&1&1\\
1&1&0&0&0&1&1&1\\
1&1&1&0&0&0&1&1\\
1&1&1&1&0&0&0&1\\
1&1&1&1&1&0&0&0\\
0&1&1&1&1&1&0&0\\
0&0&1&1&1&1&1&0\\
0&0&0&1&1&1&1&1
\end{pmatrix}
\begin{pmatrix}
v_0\\v_1\\v_2\\v_3\\v_4\\v_5\\v_6\\v_7
\end{pmatrix}
+
\begin{pmatrix}
1\\1\\0\\0\\0\\1\\1\\0
\end{pmatrix}\,
$$
where the vector $v = [v_0, \dots, v_7] = u^{254} \bmod (x^8 + x^4 + x^3 + x + 1)$ is the multiplicative inverse of the input byte $u$. In Jipsam1, the constant component of the affine transformation changes from 0x63 = $[1,1,0,0,0,1,1,0]$ to
$$c_r = ((k_{r} \oplus k_{r+3}) \land (k_{r+17} \oplus k_{r+15})) \oplus (k_{r+7} \land 15) \oplus (k_{r+11} \land 240)$$
at round $r$. This means that each round has its own custom S-box, and this also impacts the key schedule for each round key.
This does not improve security compared to the AES. Since only the affine component of the AES is affected, the nonlinearity and differential characteristics of the cipher are unchanged. It might be slightly stronger against integral attacks, but not by much. On the other hand, the scheme is now key-dependent and harder to analyze; there may be related-key attacks made possible by this tweak now.
Emphasis mine. Why is this cryptographic property (resistance to integral attacks) assumed? What are some other expected cryptographic properties of this tweak to AES?
