It’s kind of frustrating that this is still open. I posed the cause and solution over a year ago and it was deleted.
I posted it here, and on the WordPress Plugin area, both removed.
It is fixed by adjusting the max_input_vars.
What I had originally suggested was moving the Nonce to the beginning of the JSON payload and then to throw an invalid JSON error which is probably a more useful and accurate error that an invalid nonce.
Because the payload is too large the nonce isn’t captured by the server.
