diff --git a/src/scheme/aes.rs b/src/scheme/aes.rs
index f3d90bf..ee7fc9c 100644
--- a/src/scheme/aes.rs
+++ b/src/scheme/aes.rs
@@ -4,6 +4,10 @@ use aes_gcm::aead::{Aead, KeyInit, Payload};
 use aes_gcm::{Aes128Gcm, Key, Nonce};
 
 // 96 bits (12 bytes)
+// Reason: NIST Special Publication 800-38D
+// https://csrc.nist.gov/pubs/sp/800/38/d/final
+// Section 5.2.1.1 recommends that implementations restrict support to 96 bit.
+// Section 8.2 states that nonces of 96 bits and higher may be randomly generated.
 const NONCE_SIZE: usize = 12;
 
 pub(crate) fn aes128gcm_gen_nonce() -> Result<Vec<u8>> {