My question maybe will be stupid, but my problem is that I do not understand why stream ciphers need a key and also a nonce. As far as I understand, the keystream is generated with the nonce. The same key can be reused with a different nonce.
Wouldn't be simpler just to use a new key each time? If I understand good, to decrypt the message the recipient needs the nonce. Is communicating the nonce simpler than communicating the key?
By the modern definition of a cipher, it must be possible to encipher several messages with the same secret key. That's also a practical necessity, due to the difficulty of securely establishing a shared secret key. That issue is solved with the nonce, which is not secret, and can be transferred as part of the ciphertext (typically: at the beginning).
Without nonce, or if the nonce repeats, the keystream would repeat, and that would allow breaking the cipher, e.g. with a single known plaintext.
Because the nonce is not secret, communicating the nonce is simpler than securely communicating the key. Altering the nonce would alter the deciphered message, but a generic stream cipher is not supposed to allow detection of alterations anyway.
