diff --git a/src/spec.rs b/src/spec.rs
index 2881ee28..e2f14213 100644
--- a/src/spec.rs
+++ b/src/spec.rs
@@ -3,7 +3,6 @@
 use std::iter;
 use std::ops::Deref;
 
-use blake2b_simd::Params;
 use ff::{Field, PrimeField};
 use group::{Curve, Group};
 use halo2::arithmetic::{CurveAffine, CurveExt, FieldExt};
@@ -15,7 +14,8 @@ use crate::{
     primitives::{poseidon, sinsemilla},
 };
 
-const PRF_EXPAND_PERSONALIZATION: &[u8; 16] = b"Zcash_ExpandSeed";
+mod prf_expand;
+pub(crate) use prf_expand::{prf_expand, prf_expand_vec};
 
 /// A Pallas point that is guaranteed to not be the identity.
 #[derive(Clone, Copy, Debug)]
@@ -138,27 +138,6 @@ pub(crate) fn diversify_hash(d: &[u8; 11]) -> NonIdentityPallasPoint {
     NonIdentityPallasPoint(CtOption::new(pk_d, !pk_d.is_identity()).unwrap_or_else(|| hasher(&[])))
 }
 
-/// $PRF^\mathsf{expand}(sk, t) := BLAKE2b-512("Zcash_ExpandSeed", sk || t)$
-///
-/// Defined in [Zcash Protocol Spec § 5.4.2: Pseudo Random Functions][concreteprfs].
-///
-/// [concreteprfs]: https://zips.z.cash/protocol/nu5.pdf#concreteprfs
-pub(crate) fn prf_expand(sk: &[u8], t: &[u8]) -> [u8; 64] {
-    prf_expand_vec(sk, &[t])
-}
-
-pub(crate) fn prf_expand_vec(sk: &[u8], ts: &[&[u8]]) -> [u8; 64] {
-    let mut h = Params::new()
-        .hash_length(64)
-        .personal(PRF_EXPAND_PERSONALIZATION)
-        .to_state();
-    h.update(sk);
-    for t in ts {
-        h.update(t);
-    }
-    *h.finalize().as_array()
-}
-
 /// $PRF^\mathsf{nfOrchard}(nk, \rho) := Poseidon(nk, \rho)$
 ///
 /// Defined in [Zcash Protocol Spec § 5.4.2: Pseudo Random Functions][concreteprfs].
diff --git a/src/spec/prf_expand.rs b/src/spec/prf_expand.rs
new file mode 100644
index 00000000..78dfbcba
--- /dev/null
+++ b/src/spec/prf_expand.rs
@@ -0,0 +1,24 @@
+use blake2b_simd::Params;
+
+const PRF_EXPAND_PERSONALIZATION: &[u8; 16] = b"Zcash_ExpandSeed";
+
+/// $PRF^\mathsf{expand}(sk, t) := BLAKE2b-512("Zcash_ExpandSeed", sk || t)$
+///
+/// Defined in [Zcash Protocol Spec § 5.4.2: Pseudo Random Functions][concreteprfs].
+///
+/// [concreteprfs]: https://zips.z.cash/protocol/nu5.pdf#concreteprfs
+pub(crate) fn prf_expand(sk: &[u8], t: &[u8]) -> [u8; 64] {
+    prf_expand_vec(sk, &[t])
+}
+
+pub(crate) fn prf_expand_vec(sk: &[u8], ts: &[&[u8]]) -> [u8; 64] {
+    let mut h = Params::new()
+        .hash_length(64)
+        .personal(PRF_EXPAND_PERSONALIZATION)
+        .to_state();
+    h.update(sk);
+    for t in ts {
+        h.update(t);
+    }
+    *h.finalize().as_array()
+}