diff --git a/zk-token-sdk/src/encryption/auth_encryption.rs b/zk-token-sdk/src/encryption/auth_encryption.rs
index 02c1478a4c..86fa737690 100644
--- a/zk-token-sdk/src/encryption/auth_encryption.rs
+++ b/zk-token-sdk/src/encryption/auth_encryption.rs
@@ -16,6 +16,7 @@ use {
         signer::{Signer, SignerError},
     },
     std::{convert::TryInto, fmt},
+    subtle::ConstantTimeEq,
     zeroize::Zeroize,
 };
 
@@ -71,7 +72,7 @@ impl AeKey {
 
         // Some `Signer` implementations return the default signature, which is not suitable for
         // use as key material
-        if signature == Signature::default() {
+        if bool::from(signature.as_ref().ct_eq(Signature::default().as_ref())) {
             Err(SignerError::Custom("Rejecting default signature".into()))
         } else {
             Ok(AeKey(signature.as_ref()[..16].try_into().unwrap()))
diff --git a/zk-token-sdk/src/encryption/elgamal.rs b/zk-token-sdk/src/encryption/elgamal.rs
index e49454c2a9..c205bb4824 100644
--- a/zk-token-sdk/src/encryption/elgamal.rs
+++ b/zk-token-sdk/src/encryption/elgamal.rs
@@ -166,7 +166,7 @@ impl ElGamalKeypair {
 
         // Some `Signer` implementations return the default signature, which is not suitable for
         // use as key material
-        if signature == Signature::default() {
+        if bool::from(signature.as_ref().ct_eq(Signature::default().as_ref())) {
             return Err(SignerError::Custom("Rejecting default signature".into()));
         }