Version 1.17.0

• Fixes several bugs with sodium_crypto_scalarmult_ristretto255() that was producing incorrect results in PHP 8.1
  • Off-by-one error in ge_scalarmult()
  • Multiplication optimizations led to incorrect results for some inputs
• CI now runs against PHP 8.1

Version 1.16.1

• Fixes #122 (undefined constant errors caused by autoloader race conditions)

Version 1.16.0

• New: Implements Ristretto255.

  Ristretto is a technique for constructing prime order elliptic curve groups with non-malleable encodings. It extends Mike Hamburg's Decaf approach to cofactor elimination to support cofactor-8 curves such as Curve25519.

  This is a new feature landing in PHP 8.1 for advanced users. Among other things, Ristretto allows you to easily build modern password-authenticated key exchanges, e.g. CPace.

  • You can learn more about Ristretto255 from the project's website.

Special thanks to Tony Arcieri, Frank Denis, Isis Lovecruft, Mike Hamburg, and Henry de Valence for making this release possible.

Version 1.15.4

• Prevent infinite loop with crypto_kx()
• We're migrated from Github Actions to Travis CI now!

v1.15.3

• Complete fix for #125.

Version 1.15.2

• Always define the new polyfill functions even if PHP >= 7.2 and [an old version of] ext/sodium is used.

Version 1.15.1

• Correct polyfill sodium_crypto_stream_xchacha20_xor

Version 1.15.0

• Fixes #125
• Adds sodium_crypto_stream_xchacha20
  • This exposes XChaCha20 with 64-bit ChaCha20 nonces and 64-bit ChaCha20 internal counters. This is in stark contrast to the IETF's 96-bit nonces (with leading NUL bytes) and 32-bit counters, as exposed in the AEAD interface. This is a subtle but important property.

Version 1.14.0

• #119 - Side-step mbstring issues on newer PHP
• #120 - Support PHPUnit 9
• #121 - Use more inclusive language
• Improved PHP 8 support

Version 1.13.0

• Fix #113 and #116 via #117 - Should fix preloading issues with PHP 7.4+