diff --git a/src/hash.rs b/src/hash.rs
new file mode 100644
index 0000000..2492322
--- /dev/null
+++ b/src/hash.rs
@@ -0,0 +1,30 @@
+use blake2b_simd::{Params, State};
+
+use crate::Scalar;
+
+/// Provides H^star, the hash-to-scalar function used by RedJubjub.
+pub struct HStar {
+    state: State,
+}
+
+impl Default for HStar {
+    fn default() -> Self {
+        let state = Params::new()
+            .hash_length(64)
+            .personal(b"Zcash_RedJubjubH")
+            .to_state();
+        Self { state }
+    }
+}
+
+impl HStar {
+    /// Add `data` to the hash.
+    pub fn update(&mut self, data: &[u8]) {
+        self.state.update(data);
+    }
+
+    /// Consume `self` to compute the hash output.
+    pub fn finalize(mut self) -> Scalar {
+        Scalar::from_bytes_wide(self.state.finalize().as_array())
+    }
+}
diff --git a/src/lib.rs b/src/lib.rs
index a2d2e0b..ec359c4 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -6,6 +6,7 @@
 
 mod constants;
 mod error;
+mod hash;
 mod public_key;
 mod secret_key;
 mod signature;
@@ -14,8 +15,11 @@ mod signature;
 pub type Randomizer = jubjub::Fr;
 
 /// A better name than Fr.
+// XXX-jubjub: upstream this name
 type Scalar = jubjub::Fr;
 
+use hash::HStar;
+
 pub use error::Error;
 pub use public_key::{PublicKey, PublicKeyBytes};
 pub use secret_key::SecretKey;