A nonce is a "number used once." The whole security of several widely deployed encryption and signature schemes rests on that single word — once. Break the rule, even by accident, even one time, and you can hand an attacker your message contents, your forgery key, or in the worst case your private signing key. This is the bug that has sunk WEP, a game console, and more than one TLS library. Most cryptographic failures are gradual: a cipher weakens, a key gets a little too short for comfort, an attack drops from impractical to merely expensive. Nonce reuse is not like that. It's a cliff. With many modern constructions, a single repeated nonce under the same key doesn't degrade security — it eliminates it, often completely, often instantly. Understanding why turns an abstract rule ("don't reuse nonces") into something you can reason about — and it explains a string of famous breaches that all share the same root cause.…