diff --git a/src/attack/polynonce.rs b/src/attack/polynonce.rs
index cd0caba..69d24fc 100644
--- a/src/attack/polynonce.rs
+++ b/src/attack/polynonce.rs
@@ -15,6 +15,10 @@ pub struct PolynonceAttack {
 
 impl PolynonceAttack {
     pub fn new(degree: usize) -> Self {
+        assert!(
+            degree == 1,
+            "only linear polynonce (degree=1) is implemented, got degree={degree}"
+        );
         Self { degree }
     }
 
@@ -385,6 +389,12 @@ mod tests {
             .collect()
     }
 
+    #[test]
+    #[should_panic(expected = "only linear polynonce")]
+    fn test_degree_above_1_panics() {
+        PolynonceAttack::new(2);
+    }
+
     #[test]
     fn test_modular_sqrt() {
         // Test sqrt of a perfect square
diff --git a/src/main.rs b/src/main.rs
index ade0a58..979c8e2 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -124,6 +124,12 @@ fn run(cli: Cli) -> Result<bool> {
                 }
                 #[cfg(feature = "polynonce")]
                 "polynonce" => {
+                    if _polynonce_degree != 1 {
+                        anyhow::bail!(
+                            "Only degree=1 (linear) is supported for polynonce attack, got {}",
+                            _polynonce_degree
+                        );
+                    }
                     let attack = PolynonceAttack::new(_polynonce_degree);
                     let vulns = attack.detect(&signatures);
                     (vulns, Box::new(attack))