Re: An adhoc stream encryption scheme

I assume, permpoly is key-dependent but otherwise fixed, and R is generated by a PRNG. Obviously, the permpoly either negates the LSb of P, or it leaves it as is. So in order not to leak the LSb, you need a strong PRNG. Having a strong PRNG, you'd better use the identity as permpoly.