Consider this example: one uses your program, creates a backup of the data, keeps using the program. If they restore the backup, then they will restart from an earlier counter, and reuse the same nonces.
To mitigate this we could keep the nonce_seq in keyring also and use max(keyring, app_data).
To mitigate this we could keep the
nonce_seqinkeyringalso and usemax(keyring, app_data).