Semi related to your post but back in the day there was an attack on Bluetooth (in LE Legacy JW Mode) that had big problems with reusing nonces. It wasn't in signatures like here but I think in key derivation they did something like AES(ox00|𝑎|𝑏) with 0x00 being a constant nonce. Quite a hilarious saga.