diff --git a/src/circuit/mod.rs b/src/circuit/mod.rs
index 34fadfd..f057a83 100644
--- a/src/circuit/mod.rs
+++ b/src/circuit/mod.rs
@@ -515,7 +515,7 @@ fn test_input_circuit_with_bls12_381() {
 
         assert!(cs.is_satisfied());
         assert_eq!(cs.num_constraints(), 97395);
-        assert_eq!(cs.hash(), "29aee738a11546a94c3dde68cede66eebcf2b447104a199aab22bf571735092a");
+        assert_eq!(cs.hash(), "cdd3cde0a4e076b46a59ef85fb70369eb14e3ee921a06d88bad6be4f78b5f261");
     }
 }
 
@@ -553,6 +553,6 @@ fn test_output_circuit_with_bls12_381() {
 
         assert!(cs.is_satisfied());
         assert_eq!(cs.num_constraints(), 7827);
-        assert_eq!(cs.hash(), "155b1aaf4ed4abb1af67481c7e099adafd6a7edd097926b1f9f6b68b1cbe2742");
+        assert_eq!(cs.hash(), "67518baade37a3cf76453fa474cb8c9b2ee4223ed5502151e3b83dd1ec98a261");
     }
 }
diff --git a/src/group_hash.rs b/src/group_hash.rs
index 04faecb..7d04e36 100644
--- a/src/group_hash.rs
+++ b/src/group_hash.rs
@@ -2,6 +2,10 @@ use jubjub::*;
 use pairing::*;
 use blake2_rfc::blake2s::Blake2s;
 
+/// This is chosen to be some random string that we couldn't have anticipated when we designed
+/// the algorithm, for rigidity purposes.
+pub const FIRST_BLOCK: &'static [u8; 64] = b"0000000000000000002ffe76b973aabaff1d1557d79acf2c3795809c83caf580";
+
 /// Produces an (x, y) pair (Montgomery) for a
 /// random point in the Jubjub curve. The point
 /// is guaranteed to be prime order and not the
@@ -15,6 +19,7 @@ pub fn group_hash<E: JubjubEngine>(
     assert!(E::Fr::NUM_BITS == 255);
 
     let mut h = Blake2s::new(32);
+    h.update(FIRST_BLOCK);
     h.update(tag);
     let mut h = h.finalize().as_ref().to_vec();
     assert!(h.len() == 32);