@bananas Right, but I'm looking to understand the actual cryptographic implications, rather than just following a rule of thumb, which may or may not apply here.

My understanding, for example, is that the *reason* for nonces being single-use, is that if you reuse them across plaintexts/ciphertexts, you can end up divulging information about the key used. But in this case, there is still a guarantee that they are not reused between *different* plaintexts, only identical ones (since it is derived from the plaintext with a cryptographic hash).

So does that mean that the actual necessary property of a nonce is still upheld here? Or is there some *other* reason why nonces need to be unique, that this is not accounting for?