Nonce
What is Nonce?
NonceA "number used once" supplied to a cryptographic algorithm to guarantee freshness and prevent replay or key/IV reuse.
A nonce is an input that must not repeat within the lifetime of a key, used by symmetric ciphers, AEAD modes, signature schemes, and authentication protocols to ensure each operation is unique. In AEAD modes like AES-GCM or ChaCha20-Poly1305, nonces are typically 96 bits and may be generated as random values or as a deterministic counter; reusing an AES-GCM nonce under the same key catastrophically breaks confidentiality and authentication. Nonces also appear in TLS handshakes, OAuth/OIDC challenges, Bitcoin block headers, and signature schemes such as ECDSA, where nonce reuse leaks the private key. Best practice is to use either random nonces of sufficient length or a strictly monotonic counter, and to switch to misuse-resistant modes (AES-GCM-SIV, XChaCha20-Poly1305) when collisions cannot be ruled out.
● Examples
- 01
TLS 1.3 derives per-record AEAD nonces by XOR-ing a sequence number with the per-direction IV.
- 02
The 2010 PlayStation 3 ECDSA private-key recovery happened because Sony reused the signature nonce.
● Frequently asked questions
What is Nonce?
A "number used once" supplied to a cryptographic algorithm to guarantee freshness and prevent replay or key/IV reuse. It belongs to the Cryptography category of cybersecurity.
What does Nonce mean?
A "number used once" supplied to a cryptographic algorithm to guarantee freshness and prevent replay or key/IV reuse.
How do you defend against Nonce?
Defences for Nonce typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Nonce?
Common alternative names include: Number used once, Cryptographic nonce.