I'm looking at the following idea for using a symmetric key to encrypt multiple messages (back & forth communication between Alice & Bob). It can be summarized as follows:
- Both sides agree upon a key
- Both sides generate $2^n$ bits using a PRG (which I believe is seeded with the key). Since PRGs are deterministic, both sides have the same $2^n$ bits.
- When one side wants to encrypt the message, they choose k random indices, where k is the length of the message, & xor the message with the bits at those k indices. They transmit the message & the indices.
- The attacker doesn't know the underlying bits, so having the indices are useless
- The other side receives the indices / message & performs the reverse process as above
What I'm confused about is the need for the PRG at all.
For example: Why don't both sides just agree to repeat the key (which is secret from the attacker) for $\frac{2^n}{k}$ times where k is the length of the key.
Given that the attacker doesn't know the key, this should still be secure, no?
Theoretically: Both sides could just agree to make {1, 2, 3, 4 ... $2^n$} the "random" bits since if they have the ability to negotiate on a shared secret key, they should also have the ability to negotiate on a way to generate the buffer, right?