TweetNaCl
What is NaCl?
NaCl (Networking and Cryptography Library) is a high-speed software library for network communication, encryption, decryption, signatures, and more. It was designed to make cryptographic operations both secure and easy to use.
Created by: Daniel J. Bernstein, Tanja Lange, and Peter Schwabe.
First released: 2008.
Language: C, with bindings available in many languages.
Philosophy: NaCl avoids "easy to misuse" cryptography. It provides a minimal set of cryptographic primitives with high-level APIs that reduce the risk of developer errors.
What is TweetNaCl?
TweetNaCl is a compact, self-contained reimplementation of NaCl in around 100 tweets worth of code (just under 100 tweets of 140 characters each, hence the name). It was written for portability, readability, and security.
Created by: The same core team as NaCl.
Language: C (pure ANSI C).
Size: 100 tweets (about 4,000 lines of code total).
Goal: Provide a small, auditable cryptographic library with no dependencies.
Design Goals
Security-first: All cryptographic operations are constant-time where required, reducing the risk of timing attacks.
High assurance: Avoids insecure APIs like raw RSA or ad hoc encryption modes.
Simplicity: Clear interfaces and minimal options reduce room for error.
Performance: Uses highly optimized implementations, especially for core math like elliptic curves.
Portability: Especially TweetNaCl is extremely portable and can run on embedded devices, browsers (via WebAssembly), and more.
Differences Between NaCl and TweetNaCl
Security Notes
Both NaCl and TweetNaCl are considered cryptographically sound.
TweetNaCl intentionally avoids optional padding, nonces, or IVs that can cause misuse.
All primitives are designed to be misuse-resistant, but developers must still handle:
Nonce uniqueness.
Secret key protection.
Signature verification failure cases.
Further Reading
TweetNaCl GitHub (JS version)
Last updated