diff --git a/crypto.c b/crypto.c
index 63017a5..4b9faa0 100644
--- a/crypto.c
+++ b/crypto.c
@@ -93,22 +93,6 @@ brandt_crypto_init (struct GNUNET_CRYPTO_EccDlogContext *dlogctx)
 }
 
 
-/* --- HASHING --- */
-
-/**
- * Hash block of given size.
- *
- * @param block the data to #brandt_hash, length is given as a second argument
- * @param size the length of the data to #brandt_hash in @a block
- * @param ret pointer to where to write the hashcode
- */
-void
-brandt_hash (const void *block, size_t size, struct brandt_hash_code *ret)
-{
-	gcry_md_hash_buffer (GCRY_MD_SHA512, ret, block, size);
-}
-
-
 /* --- EC --- */
 
 /**
@@ -1512,10 +1496,9 @@ smc_zkp_dl (gcry_mpi_point_t v,
             struct proof_dl  *proof)
 {
 	struct zkp_challenge_dl challenge;
-	struct brandt_hash_code challhash;
 	gcry_mpi_point_t        a = gcry_mpi_point_new (0);
 	gcry_mpi_t              r = gcry_mpi_new (256);
-	gcry_mpi_t              c = gcry_mpi_new (256);
+	gcry_mpi_t              c;
 	gcry_mpi_t              z = gcry_mpi_new (256);
 
 	/* v = xg */
@@ -1528,9 +1511,7 @@ smc_zkp_dl (gcry_mpi_point_t v,
 	ec_point_serialize (&challenge.g, ec_gen);
 	ec_point_serialize (&challenge.v, v);
 	ec_point_serialize (&challenge.a, a);
-	brandt_hash (&challenge, sizeof (struct zkp_challenge_dl), &challhash);
-	mpi_parse (c, (struct ec_mpi *)&challhash);
-	gcry_mpi_mod (c, c, ec_n);
+	GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp dl");
 
 	/* r = z + cx */
 	gcry_mpi_mulm (r, c, x, ec_n);
@@ -1560,10 +1541,9 @@ smc_zkp_dl_check (const gcry_mpi_point_t v,
 {
 	int                     ret;
 	struct zkp_challenge_dl challenge;
-	struct brandt_hash_code challhash;
 	gcry_mpi_point_t        a = gcry_mpi_point_new (0);
 	gcry_mpi_t              r = gcry_mpi_new (256);
-	gcry_mpi_t              c = gcry_mpi_new (256);
+	gcry_mpi_t              c;
 	gcry_mpi_point_t        left = gcry_mpi_point_new (0);
 	gcry_mpi_point_t        right = gcry_mpi_point_new (0);
 
@@ -1574,9 +1554,7 @@ smc_zkp_dl_check (const gcry_mpi_point_t v,
 	ec_point_serialize (&challenge.g, ec_gen);
 	ec_point_serialize (&challenge.v, v);
 	ec_point_serialize (&challenge.a, a);
-	brandt_hash (&challenge, sizeof (struct zkp_challenge_dl), &challhash);
-	mpi_parse (c, (struct ec_mpi *)&challhash);
-	gcry_mpi_mod (c, c, ec_n);
+	GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp dl");
 
 	/* rg =? a + cv */
 	gcry_mpi_ec_mul (left, r, ec_gen, ec_ctx);
@@ -1619,14 +1597,13 @@ smc_zkp_2dle (gcry_mpi_point_t       v,
               struct proof_2dle      *proof)
 {
 	struct zkp_challenge_2dle challenge;
-	struct brandt_hash_code   challhash;
 	gcry_mpi_point_t          rv;
 	gcry_mpi_point_t          rw;
 	gcry_mpi_t                rx;
 	gcry_mpi_point_t          a = gcry_mpi_point_new (0);
 	gcry_mpi_point_t          b = gcry_mpi_point_new (0);
 	gcry_mpi_t                r = gcry_mpi_new (256);
-	gcry_mpi_t                c = gcry_mpi_new (256);
+	gcry_mpi_t                c;
 	gcry_mpi_t                z = gcry_mpi_new (256);
 
 	rv = (NULL == v) ? gcry_mpi_point_new (0) : v;
@@ -1655,9 +1632,7 @@ smc_zkp_2dle (gcry_mpi_point_t       v,
 	ec_point_serialize (&challenge.w, rw);
 	ec_point_serialize (&challenge.a, a);
 	ec_point_serialize (&challenge.b, b);
-	brandt_hash (&challenge, sizeof (struct zkp_challenge_dl), &challhash);
-	mpi_parse (c, (struct ec_mpi *)&challhash);
-	gcry_mpi_mod (c, c, ec_n);
+	GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp 2dle");
 
 	/* r = z + cx */
 	gcry_mpi_mulm (r, c, rx, ec_n);
@@ -1701,11 +1676,10 @@ smc_zkp_2dle_check (const gcry_mpi_point_t  v,
 {
 	int                       ret;
 	struct zkp_challenge_2dle challenge;
-	struct brandt_hash_code   challhash;
 	gcry_mpi_point_t          a = gcry_mpi_point_new (0);
 	gcry_mpi_point_t          b = gcry_mpi_point_new (0);
 	gcry_mpi_t                r = gcry_mpi_new (256);
-	gcry_mpi_t                c = gcry_mpi_new (256);
+	gcry_mpi_t                c;
 	gcry_mpi_point_t          left = gcry_mpi_point_new (0);
 	gcry_mpi_point_t          right = gcry_mpi_point_new (0);
 
@@ -1720,9 +1694,7 @@ smc_zkp_2dle_check (const gcry_mpi_point_t  v,
 	ec_point_serialize (&challenge.w, w);
 	ec_point_serialize (&challenge.a, a);
 	ec_point_serialize (&challenge.b, b);
-	brandt_hash (&challenge, sizeof (struct zkp_challenge_dl), &challhash);
-	mpi_parse (c, (struct ec_mpi *)&challhash);
-	gcry_mpi_mod (c, c, ec_n);
+	GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp 2dle");
 
 	/* r*g1 =? a + cv */
 	gcry_mpi_ec_mul (left, r, g1, ec_ctx);
@@ -1775,7 +1747,6 @@ smc_zkp_0og (int                    m_is_gen,
              struct proof_0og       *proof)
 {
 	struct zkp_challenge_0og challenge;
-	struct brandt_hash_code  challhash;
 	gcry_mpi_point_t         a1 = gcry_mpi_point_new (0);
 	gcry_mpi_point_t         a2 = gcry_mpi_point_new (0);
 	gcry_mpi_point_t         b1 = gcry_mpi_point_new (0);
@@ -1784,7 +1755,7 @@ smc_zkp_0og (int                    m_is_gen,
 	gcry_mpi_t               d2 = gcry_mpi_new (256);
 	gcry_mpi_t               r1 = gcry_mpi_new (256);
 	gcry_mpi_t               r2 = gcry_mpi_new (256);
-	gcry_mpi_t               c = gcry_mpi_new (256);
+	gcry_mpi_t               c;
 	gcry_mpi_t               rr;
 	gcry_mpi_t               w = gcry_mpi_new (256);
 
@@ -1854,9 +1825,7 @@ smc_zkp_0og (int                    m_is_gen,
 	ec_point_serialize (&challenge.a2, a2);
 	ec_point_serialize (&challenge.b1, b1);
 	ec_point_serialize (&challenge.b2, b2);
-	brandt_hash (&challenge, sizeof (struct zkp_challenge_dl), &challhash);
-	mpi_parse (c, (struct ec_mpi *)&challhash);
-	gcry_mpi_mod (c, c, ec_n);
+	GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp 0og");
 
 	if (!m_is_gen)
 	{   /* m == 0 */
@@ -1919,7 +1888,6 @@ smc_zkp_0og_check (const gcry_mpi_point_t y,
 {
 	int                      ret;
 	struct zkp_challenge_0og challenge;
-	struct brandt_hash_code  challhash;
 	gcry_mpi_point_t         a1 = gcry_mpi_point_new (0);
 	gcry_mpi_point_t         a2 = gcry_mpi_point_new (0);
 	gcry_mpi_point_t         b1 = gcry_mpi_point_new (0);
@@ -1928,7 +1896,7 @@ smc_zkp_0og_check (const gcry_mpi_point_t y,
 	gcry_mpi_t               d2 = gcry_mpi_new (256);
 	gcry_mpi_t               r1 = gcry_mpi_new (256);
 	gcry_mpi_t               r2 = gcry_mpi_new (256);
-	gcry_mpi_t               c = gcry_mpi_new (256);
+	gcry_mpi_t               c;
 	gcry_mpi_t               sum = gcry_mpi_new (256);
 	gcry_mpi_point_t         right = gcry_mpi_point_new (0);
 	gcry_mpi_point_t         tmp = gcry_mpi_point_new (0);
@@ -1950,9 +1918,7 @@ smc_zkp_0og_check (const gcry_mpi_point_t y,
 	ec_point_serialize (&challenge.a2, a2);
 	ec_point_serialize (&challenge.b1, b1);
 	ec_point_serialize (&challenge.b2, b2);
-	brandt_hash (&challenge, sizeof (struct zkp_challenge_dl), &challhash);
-	mpi_parse (c, (struct ec_mpi *)&challhash);
-	gcry_mpi_mod (c, c, ec_n);
+	GNUNET_CRYPTO_kdf_mod_mpi (&c, ec_n, NULL, 0, &challenge, sizeof (challenge), "libbrandt zkp 0og");
 
 	/* c == d1 + d2 */
 	gcry_mpi_addm (sum, d1, d2, ec_n);
diff --git a/crypto.h b/crypto.h
index af4b374..ebdcd61 100644
--- a/crypto.h
+++ b/crypto.h
@@ -34,15 +34,6 @@
 void brandt_crypto_init (struct GNUNET_CRYPTO_EccDlogContext *dlogctx);
 
 
-/* --- HASHING --- */
-
-struct brandt_hash_code {
-	uint32_t bits[512 / 8 / sizeof (uint32_t)];   /* = 16 */
-};
-
-void brandt_hash (const void *block, size_t size, struct brandt_hash_code *ret);
-
-
 /* --- EC --- */
 
 /* used for serialized mpis and serialized curve points (they are the same size