diff --git a/CHANGELOG b/CHANGELOG
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,8 @@
 # Changelog
 
+- 0.5.3 (2026-01-10)
+  * Bumps the ppad-sha256 and ppad-hmac-drbg dependencies.
+
 - 0.5.2 (2025-12-28)
   * Adds an explicit 64-bit architecture constraint.
   * Tests on GHC.10.3.
diff --git a/lib/Crypto/Curve/Secp256k1.hs b/lib/Crypto/Curve/Secp256k1.hs
--- a/lib/Crypto/Curve/Secp256k1.hs
+++ b/lib/Crypto/Curve/Secp256k1.hs
@@ -30,10 +30,14 @@
 --  on the elliptic curve secp256k1.
 
 module Crypto.Curve.Secp256k1 (
-  -- * Field and group parameters
-    _CURVE_Q
-  , _CURVE_P
+  -- * Parsing
+    parse_int256
+  , parse_point
+  , parse_sig
 
+  -- * Serializing
+  , serialize_point
+
   -- * secp256k1 points
   , Pub
   , derive_pub
@@ -43,14 +47,6 @@
   , ge
   , fe
 
-  -- * Parsing
-  , parse_int256
-  , parse_point
-  , parse_sig
-
-  -- * Serializing
-  , serialize_point
-
   -- * ECDH
   , ecdh
 
@@ -86,6 +82,10 @@
   , mul_vartime
   , mul_wnaf
 
+  -- * Field and group parameters
+  , _CURVE_Q
+  , _CURVE_P
+
   -- Coordinate systems and transformations
   , Affine(..)
   , Projective(..)
@@ -301,10 +301,16 @@
 -- constants ------------------------------------------------------------------
 
 -- | secp256k1 field prime.
+--
+--   >>> _CURVE_P
+--   0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
 _CURVE_P :: Wider
 _CURVE_P = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F
 
 -- | secp256k1 group order.
+--
+--   >>> _CURVE_Q
+--   0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
 _CURVE_Q :: Wider
 _CURVE_Q = 0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141
 
@@ -372,7 +378,7 @@
         !y2z1 = by * az
     in  CT.decide (CT.and (C.eq x1z2 x2z1) (C.eq y1z2 y2z1))
 
--- | An ECC-flavoured alias for a secp256k1 point.
+-- | A public key, i.e. secp256k1 point.
 type Pub = Projective
 
 -- Convert to affine coordinates.
@@ -1255,10 +1261,13 @@
     -- RFC6979 sec 3.3a
     let entropy = int2octets _SECRET
         nonce   = bits2octets h
-    drbg <- DRBG.new SHA256.hmac entropy nonce mempty
+    drbg <- DRBG.new hmac entropy nonce mempty
     -- RFC6979 sec 2.4
     sign_loop drbg
   where
+    hmac k b = case SHA256.hmac k b of
+      SHA256.MAC mac -> mac
+
     d  = S.to _SECRET
     hm = S.to (bits2int h)
     h  = case hf of
@@ -1289,10 +1298,13 @@
 gen_k g = loop g where
   loop drbg = do
     bytes <- DRBG.gen mempty (fi _CURVE_Q_BYTES) drbg
-    let can = bits2int bytes
-    case W.cmp_vartime can _CURVE_Q of
-      LT -> pure can
-      _  -> loop drbg -- 2 ^ -128 probability
+    case bytes of
+      Left {}  -> error "ppad-secp256k1: internal error (please report a bug!)"
+      Right bs -> do
+        let can = bits2int bs
+        case W.cmp_vartime can _CURVE_Q of
+          LT -> pure can
+          _  -> loop drbg -- 2 ^ -128 probability
 {-# INLINE gen_k #-}
 
 -- | Verify a "low-s" ECDSA signature for the provided message and
diff --git a/ppad-secp256k1.cabal b/ppad-secp256k1.cabal
--- a/ppad-secp256k1.cabal
+++ b/ppad-secp256k1.cabal
@@ -1,6 +1,6 @@
 cabal-version:      3.0
 name:               ppad-secp256k1
-version:            0.5.2
+version:            0.5.3
 synopsis:           Schnorr signatures, ECDSA, and ECDH on the elliptic curve
                     secp256k1
 license:            MIT
@@ -36,8 +36,8 @@
   build-depends:
       base >= 4.9 && < 5
     , bytestring >= 0.9 && < 0.13
-    , ppad-hmac-drbg >= 0.1.3 && < 0.2
-    , ppad-sha256 >= 0.2.4 && < 0.3
+    , ppad-hmac-drbg >= 0.2.1 && < 0.3
+    , ppad-sha256 >= 0.3 && < 0.4
     , ppad-fixed >= 0.1.3 && < 0.2
     , primitive >= 0.8 && < 0.10
 
