diff --git a/src/constants.rs b/src/constants.rs
index 4b1e1ac..71b96e1 100644
--- a/src/constants.rs
+++ b/src/constants.rs
@@ -1,3 +1,9 @@
+/// First 64 bytes of the BLAKE2s input during group hash.
+/// This is chosen to be some random string that we couldn't have anticipated when we designed
+/// the algorithm, for rigidity purposes.
+/// We deliberately use an ASCII hex string of 32 bytes here.
+pub const GH_FIRST_BLOCK: &'static [u8; 64] = b"0000000000000000002ffe76b973aabaff1d1557d79acf2c3795809c83caf580";
+
 // BLAKE2s invocation personalizations
 /// BLAKE2s Personalization for CRH^ivk = BLAKE2s(ak | rk)
 pub const CRH_IVK_PERSONALIZATION: &'static [u8; 8] = b"Zcashivk";
diff --git a/src/group_hash.rs b/src/group_hash.rs
index 8dd0df5..a545d5f 100644
--- a/src/group_hash.rs
+++ b/src/group_hash.rs
@@ -1,10 +1,7 @@
 use jubjub::*;
 use pairing::*;
 use blake2_rfc::blake2s::Blake2s;
-
-/// This is chosen to be some random string that we couldn't have anticipated when we designed
-/// the algorithm, for rigidity purposes.
-pub const FIRST_BLOCK: &'static [u8; 64] = b"0000000000000000002ffe76b973aabaff1d1557d79acf2c3795809c83caf580";
+use constants;
 
 /// Produces a random point in the Jubjub curve.
 /// The point is guaranteed to be prime order
@@ -21,7 +18,7 @@ pub fn group_hash<E: JubjubEngine>(
     assert!(E::Fr::NUM_BITS == 255);
 
     let mut h = Blake2s::with_params(32, &[], &[], personalization);
-    h.update(FIRST_BLOCK);
+    h.update(constants::GH_FIRST_BLOCK);
     h.update(tag);
     let mut h = h.finalize().as_ref().to_vec();
     assert!(h.len() == 32);