5. One round

The steps of a round, to be applied repeatedly to each 128-bit block, are as follows.

Step 1: ``byte substitution'': The 128 bits are broken into 16 bytes, which in this step are treated individually.

1(a) Each byte is treated as an element of $\mathbb{F}_ {2^8}$ and is mapped to its inverse in that field (with 0 going to 0).

1(b) Each byte is treated as a vector of length 8 over $\mathbb{F}_ 2$ and is multiplied by a matrix:

$$\left[\begin{array}{c}a _ 0 a _ 1 a _ 2 a _ 3 a _ 4\\... ... a _ 1 a _ 2 a _ 3 a _ 4 a _ 5\\ a _ 6 a _ 7\end{array}\right]$$

1(c) Each byte is treated as a vector of length 8 over $\mathbb{F}_ 2$ and 11000110 is added to it (mod 2). This flips four of the bits.

Step 2: ``row and column mixing'': The the sixteen bytes (not bits!) are put into a $4 \times 4$ table. (Here the original sixteen bytes will be labeled as $0, 1,\dots, 15$.)

2(a) Each row is rotated by a different amount:

0	4	8	12
1	5	9	13
2	6	10	14
3	7	11	15

$\mapsto$

0	4	8	12
5	9	13	1
10	14	2	6
15	3	7	11

2(b) The table resulting from 2(a) is treated as a $4 \times 4$ matrix with entries in $\mathbb{F}_ {2^8}$ and is multiplied on the left by the following matrix to get a new $4 \times 4$ table:

$$\left[\begin{array}{cccc}02&03&01&01 01&02&03&01 01&01&02&03 03&01&01&02\end{array}\right],$$

where the entries are shown in hexadecimal for short. This procedure affects each column independently.

Step 3: ``round key'': The round key is added in. (As already mentioned, the round key is derived from the original 256-bit key.)