Nonce: Number Used Once

Definition

Preventing Replay Attacks in Credential Presentations

The primary security role of nonces in the EUDI Wallet ecosystem is preventing replay attacks during credential presentations. Consider this attack scenario without nonces: a user presents their identity credential to a verifier at a bar for age verification. An attacker with a hidden device records the entire credential presentation data. Without nonces, the attacker could later replay this recorded presentation to a different verifier, impersonating the original user.

Nonces defeat this attack. When the verifier initiates a credential request via OpenID4VP, it generates a fresh random nonce and includes it in the request. The user's wallet creates a presentation response that includes this nonce in the signed payload. The wallet's device key signs over the entire response including the nonce. The verifier checks that the returned nonce matches the one it sent and that the signature is valid.

If an attacker tries to replay a captured presentation, the nonce in the replayed message will not match the fresh nonce the new verifier generated, causing the verification to fail. Even if the attacker intercepts the new verifier's nonce, they cannot create a valid signature over it because they do not possess the wallet's device private key (which is stored in hardware-backed secure storage).

In ISO 18013-5 proximity presentations, session-specific nonces serve the additional purpose of preventing relay attacks, where an attacker tries to forward NFC communication to a remote device. The session transcript, bound to the nonces and the physical proximity exchange, makes relay attacks detectable.

Nonces in the Credential Issuance Flow

The OpenID4VCI protocol uses a specific nonce mechanism called "c_nonce" (credential nonce) during the credential issuance flow. After the wallet authenticates and obtains an access token, the issuer responds with a c_nonce value. The wallet must include a proof of possession signed over this c_nonce in its subsequent credential request.

This c_nonce mechanism prevents a category of attack where a compromised client intercepts an access token and tries to obtain a credential bound to a different device key. Because the credential request must include a valid proof of possession signed with the device key over the issuer-provided c_nonce, an attacker with only the access token cannot complete the issuance flow.

The issuer may update the c_nonce with each response, requiring fresh proof of possession for every credential request. This continuous nonce rotation ensures that each step of a multi-credential issuance session is independently verifiable and non-replayable.

Nonces in OAuth 2.0 and OpenID Connect

In the OAuth 2.0 authorization flows used within the EUDI Wallet ecosystem, the "state" parameter functions as a nonce to prevent Cross-Site Request Forgery (CSRF) attacks. The wallet generates a random state value before initiating the authorization request and verifies it in the callback response. This ensures that the authorization response corresponds to a request the wallet actually initiated.

In OpenID Connect, the "nonce" parameter serves a similar but distinct purpose. It is included in the authentication request and embedded in the resulting ID Token. The client verifies that the ID Token's nonce matches the one sent, preventing token injection attacks where an attacker substitutes a legitimately obtained ID Token from a different session.

JWT tokens used in the EUDI Wallet protocol stack include the "jti" (JWT ID) claim, which functions as a nonce for the token itself. Token consumers can track seen jti values and reject duplicates, providing replay protection at the token level. For access tokens with short lifetimes, the jti combined with the expiration time provides complete replay protection.

Related Terms