Brian Love
Angular + TypeScript Developer in Denver, CO

TweetNaCl.js Changelog


  • Fixed undefined variable bug in fast version of Poly1305. No worries, this bug was never triggered.

  • Specified CC0 public domain dedication.

  • Updated development dependencies.


  • Exclude crypto and buffer modules from browserify builds.


  • Made nacl-fast the default version in NPM package. Now require("tweetnacl") will use fast version; to get the original version, use require("tweetnacl/nacl.js").

  • Cleanup temporary array after generating random bytes.


  • Improved performance of curve operations, making nacl.scalarMult,, nacl.sign and related functions up to 3x faster in nacl-fast version.


  • Significantly improved performance of Salsa20 (~1.5x faster) and Poly1305 (~3.5x faster) in nacl-fast version.


  • Instead of using the given secret key directly, TweetNaCl.js now copies it to a new array in and nacl.sign.keyPair.fromSecretKey.


  • Added new constant: nacl.sign.seedLength.


  • Even faster hash for both short and long inputs (in nacl-fast).


  • Implement nacl.sign.keyPair.fromSeed to enable creation of sign key pairs deterministically from a 32-byte seed. (It behaves like libsodium’s crypto_sign_seed_keypair: the seed becomes a secret part of the secret key.)

  • Fast version now has an improved hash implementation that is 2x-5x faster.

  • Fixed benchmarks, which may have produced incorrect measurements.


  • Exported undocumented nacl.lowlevel.crypto_core_hsalsa20.


  • Signature API breaking change! nacl.sign and now deal with signed messages, and new nacl.sign.detached and nacl.sign.detached.verify are available.

Previously, nacl.sign returned a signature, and accepted a message and “detached” signature. This was unlike NaCl’s API, which dealt with signed messages (concatenation of signature and message).

The new API is:

  nacl.sign(message, secretKey) -> signedMessage, publicKey) -> message | null

Since detached signatures are common, two new API functions were introduced:

  nacl.sign.detached(message, secretKey) -> signature
  nacl.sign.detached.verify(message, signature, publicKey) -> true | false

(Note that it’s verify, not open, and it returns a boolean value, unlike open, which returns an “unsigned” message.)

  • NPM package now comes without test directory to keep it small.


  • Improved documentation.
  • Fast version: increased theoretical message size limit from 2^32-1 to 2^52 bytes in Poly1305 (and thus, secretbox and box). However this has no impact in practice since JavaScript arrays or ArrayBuffers are limited to 32-bit indexes, and most implementations won’t allocate more than a gigabyte or so. (Obviously, there are no tests for the correctness of implementation.) Also, it’s not recommended to use messages that large without splitting them into smaller packets anyway.


  • Initial release