Following the same definition in this question for perfect secrecy for two messages $m,m' \in \mathcal{M}$. I don't understand how the accepted answer produces a secure system? I mean The adversary would always be able to xor the two ciphertexts to obtain the xor of the original message s thus changing the distribution of $\mathcal{M}$ and violating the definition.
I tried to come up with another scheme where $\mathcal{M}=\{0,1\}^l,\mathcal{K}=\{0,1\}^{l2^l}$, where each key $k$ would the concatenation of smaller keys $k_0,...,k_{2^l-1}$ of size $l$ and to encrypt a message $m \in \mathcal{M}$ we xor it with $k_{m}$. This way different message will be encrypted using different small keys thus maintaining perfect secrecy.
However, this will not allow decryption by xoring back with $k_{c}$ because it might be that $k_{c}\neq k_{m}$. After thinking for a while I start to suspect if one-time pad can be extended to satisfy the above definition or am I doing something wrong?
Thanks
I know a comment on the original question would be more relevent, but couldn't do that due to reputation restrictions.
