[cbetti]

Imagine blasting this sequence down to huge numbers of consumers, and letting independent nodes coordinate on intervals in the sequence in order to establish secure one time communications.

The bit rate is so high it would be impossible to reproduce the pad despite having access to the full random bit stream, because you couldn't possibly store the historic stream for future analysis even if you could eventually determine the past communication's interval.

[mleonhard]

This is an interesting idea. I see two limitations and I'm curious how they could be overcome:

1. The peers must communicate to decide in advance which intervals to use. If those communications are encrypted with the shared stream using previously exchanged intervals, then the security of each session depends on the previous session. Breaking one session also breaks all future sessions.

2. Attackers can capture and save samples of the random bit stream and test intercepted communications against those samples. They won't get all of the victim communications, but they will get some. Combined with the chaining problem above, this could let them eventually crack all established streams.

[eru]

About 1: the peers don't have to communicate in advance.

They can just both do random sampling, and later on only use the overlap. That wastes a lot of bits, but requires no up-front communication.

About 2: obviously you wouldn't just use straight one-time pad, but use the random bits to arrive at a shared key.

With made up numbers: both parties sample randomly until they have eg 10k bits in common, then hash that down to eg 256 bits they need for a shared key.

If they use a decent hashing scheme, the only requirement for its security is that they share at least about 256 bits that the attacker has not seen. (It doesn't matter how many common bits the attacker has seen, only how many Eve hasn't seen.)