Nonce

A nonce (number used once) is a unique, single-use value incorporated into cryptographic protocols to prevent replay attacks, ensure message freshness, and guarantee that identical inputs produce different outputs across separate operations.

Definition

A nonce (a contraction of “number used once”) is a value that is used exactly one time within a cryptographic protocol to introduce uniqueness, freshness, and non-repeatability. Nonces appear in authentication systems (challenge-response protocols), encryption algorithms (as initialization vectors for block ciphers), blockchain transactions (as sequential counters ensuring transaction ordering), and digital signature schemes (to prevent signature reuse).

The critical property of a nonce is that it must never be reused within the same context. In AES-256-GCM encryption, reusing a nonce with the same key completely breaks the authentication guarantee and can leak plaintext. In challenge-response authentication, reusing a nonce enables replay attacks. The security of numerous cryptographic constructions depends entirely on nonce uniqueness.

Why It Matters

Replay attacks—in which an attacker intercepts a valid authentication message and retransmits it to impersonate the original sender—are among the oldest and most persistent attack vectors in network security. The OWASP Foundation ranks them as a top-10 API security risk. Without nonces, every signed authentication message would be valid indefinitely and reusable by anyone who captures it.

In blockchain systems, nonces serve a different but equally critical function. Each Ethereum transaction includes a sequential nonce tied to the sender’s account. This prevents double-spending (the same transaction cannot be submitted twice) and enforces ordering (transactions from the same account are processed in nonce order). As of 2024, Ethereum processes approximately 1.1 million transactions per day, each with a unique per-account nonce.

The consequences of nonce mismanagement are well-documented. In 2010, Sony’s PlayStation 3 signing key was compromised because their ECDSA implementation used a static nonce instead of a random one—a mathematical error that allowed researchers to compute the private key from two signatures. The Samsung Galaxy S4’s TrustZone implementation had a similar flaw. Both cases resulted in complete key compromise from a single implementation mistake.

How It Works

Nonces operate differently depending on their context:

Authentication nonces (challenge-response): The server generates a random nonce and sends it to the client. The client signs the nonce (along with other data) using their private key. The server verifies the signature and checks that the nonce matches the one it issued. Because the nonce is single-use and expires quickly, a captured signed message cannot be replayed.
Encryption nonces (IVs): In AES-GCM, the nonce (typically 96 bits) is combined with the encryption key to produce a unique keystream for each message. The nonce does not need to be secret—it is transmitted alongside the ciphertext—but it must never be reused with the same key. Common generation strategies include random nonces (96-bit random value, with collision probability below 2^-32 for up to 2^32 messages) and counter-based nonces (sequential integer, guaranteeing uniqueness as long as the counter is not reset).
Blockchain nonces (transaction ordering): Each Ethereum account maintains a transaction count. The next transaction must use nonce = current count. This ensures transactions are processed in order and prevents the same transaction from being executed multiple times.
Proof-of-work nonces: In Bitcoin mining (and Ethereum’s former proof-of-work), miners iterate through nonce values until they find one that, when hashed with the block data, produces a hash below the target difficulty. This nonce is purely computational—a brute-force search variable.

Stealth Cloud Relevance

Nonces are fundamental to Stealth Cloud’s authentication flow. When a user initiates Sign-In with Ethereum, the Cloudflare Worker generates a cryptographically random nonce (via the Web Crypto API’s crypto.getRandomValues()) and includes it in the SIWE message. The user’s wallet signs this message, and the server verifies that the nonce matches the one it issued and has not been used before.

The nonce is stored in Cloudflare KV with a short TTL (typically 5 minutes). After verification—or after the TTL expires—the nonce is automatically evicted. This prevents replay attacks (a captured signed SIWE message cannot be resubmitted) while maintaining zero-persistence principles (the nonce does not survive beyond its utility window).

In Ghost Chat’s message encryption, each message uses a unique nonce for AES-256-GCM encryption, ensuring that even identical plaintext messages produce different ciphertext—preventing pattern analysis by any party observing the encrypted traffic.

The Stealth Cloud Perspective

A nonce is the cryptographic enforcement of impermanence—a value that exists to be used once and then discarded. This principle resonates throughout Stealth Cloud’s architecture: sessions exist once and are burned, keys exist once and are shredded, and nonces exist once and expire. In a system built on ephemerality, the nonce is the smallest and most fundamental unit of single-use design.