Cryptographic Nonce

Cryptographic Nonce (Number used ONCE) is a value that must never be repeated with the same key in cryptographic operations. Unlike IVs which often require randomness, nonces only require uniqueness—though combining both properties is common.

Nonce Generation Strategies

// 1. Counter-based (deterministic, requires state)
nonce = counter++
// Pro: Guaranteed unique if counter persisted
// Con: Requires reliable state management

// 2. Random (stateless)
nonce = random_bytes(12)
// Pro: No state needed
// Con: Birthday collision risk at scale

// 3. Hybrid (best of both)
nonce = random_prefix(4) + counter(8)
// Pro: Collision-resistant + unique per session

Nonce Reuse Consequences

• Stream ciphers: XOR of plaintexts revealed
• AES-GCM: Complete loss of confidentiality and authenticity
• Authentication: Replay attacks possible

Common Uses

• AES-GCM encryption
• CSRF tokens
• OAuth state parameter
• Challenge-response authentication
• Preventing request replay

Nonce Size Considerations

// 96-bit (12-byte) nonce - common for GCM
// With random generation:
// ~2^48 messages before 50% collision probability

// For high-volume systems:
// Use counter or rotate keys frequently

See Also

• Initialization Vector (IV)
• GCM Nonce Reuse
• CSRF Token