Also known as: key stream
A keystream is the sequence of pseudo-random bits or bytes a stream cipher derives from its key, which is then combined with the plaintext — almost always by XOR — to produce ciphertext.1 Recovering the data requires regenerating the identical keystream, which needs the key.
How it works
A stream cipher uses the key (often together with a per-message nonce or initialisation vector) to seed a generator that emits a long, statistically random keystream. Encryption combines this stream with the plaintext bit by bit or byte by byte, typically with XOR; decryption regenerates the identical stream and XORs again, because XOR is its own inverse. RC4 is a well-known example.
The cardinal rule is that a keystream must never be reused under the same key/nonce. If two messages are XORed with the same keystream, an attacker who XORs the two ciphertexts cancels the keystream entirely and is left with the XOR of the two plaintexts — a “two-time pad” that often unravels with simple analysis. This is also why the one-time pad is unbreakable only when its keystream is truly random and used exactly once. As always, the secrecy lives in the key, not in the generator, in line with Kerckhoffs’s principle.
Relevance to SDR
DMR “Enhanced Privacy” protects voice with the RC4 keystream, and other trunked systems use keystream-based or keystream-like modes. For GopherTrunk this draws a sharp line: a keystream produced from a secret key cannot be reproduced without that key, so the voice is unrecoverable — whereas a publicly defined scrambling or whitening sequence carries no secret and can simply be undone. Knowing which one a system uses tells you immediately whether decoding is even possible.