The most famous proposed COVID-19 application is DP3T. In this app a user constantly broadcasts EphIDs generated from a secret key as follows:
$$EphID 1 || ... || EphID n = PRG( PRF(SK_t , “broadcast key”) )$$
where PRF is a pseudo-random function (e.g., HMAC-SHA256), “broadcast key” is a fixed and public string, and PRG is a stream cipher (e.g. AES in counter mode) producing $16 \cdot n$ bytes, which we split into 16-byte chunks to obtain the $n$ ephemeral Bluetooth identifiers EphID of the day.
The secret key is composed of 32 random generated bytes, and changes everyday in following manner: $ SK_t = H( SK_t-_1 ) $
As I understand, $PRF(SK_t , “broadcast key”)$ is used as keystream to AES in counter mode. But what is the purpose of this? Why isn't the secret key $SK_t$ used as keystream?
