diff --git a/changelog.md b/changelog.md
--- a/changelog.md
+++ b/changelog.md
@@ -1,3 +1,10 @@
+### 0.9.0.0
+
+* [#182](https://github.com/tweag/webauthn/pull/182) Migrate to the crypton library ecosystem.
+  crypton is a hard fork of cryptonite, which was no longer maintained.
+  Minimum version bounds have been bumped accordingly.
+* Restore GHC 8.8 compatibility.
+
 ### 0.8.0.0
 
 * [#178](https://github.com/tweag/webauthn/pull/178) Remove orphan instance for ToJSON ByteString.
diff --git a/src/Crypto/WebAuthn/AttestationStatementFormat/AndroidSafetyNet.hs b/src/Crypto/WebAuthn/AttestationStatementFormat/AndroidSafetyNet.hs
--- a/src/Crypto/WebAuthn/AttestationStatementFormat/AndroidSafetyNet.hs
+++ b/src/Crypto/WebAuthn/AttestationStatementFormat/AndroidSafetyNet.hs
@@ -149,7 +149,7 @@
   deriving newtype (IsString)
 
 -- | This instance doesn't actually perform any validation
-instance MonadError JOSE.Error m => JOSE.VerificationKeyStore m (JOSE.JWSHeader ()) p VerificationHostName where
+instance (MonadError JOSE.Error m) => JOSE.VerificationKeyStore m (JOSE.JWSHeader ()) p VerificationHostName where
   getVerificationKeys header _ hostName = do
     chain <- case header ^? JOSE.x5c . _Just . JOSE.param of
       Nothing -> throwError JOSE.JWSInvalidSignature
diff --git a/src/Crypto/WebAuthn/AttestationStatementFormat/TPM.hs b/src/Crypto/WebAuthn/AttestationStatementFormat/TPM.hs
--- a/src/Crypto/WebAuthn/AttestationStatementFormat/TPM.hs
+++ b/src/Crypto/WebAuthn/AttestationStatementFormat/TPM.hs
@@ -90,7 +90,7 @@
   deriving (Show, Eq, Generic, ToJSON)
 
 -- | [(spec)](https://trustedcomputinggroup.org/wp-content/uploads/TCG-_Algorithm_Registry_r1p32_pub.pdf)
-toTPMAlgId :: MonadFail m => Word16 -> m TPMAlgId
+toTPMAlgId :: (MonadFail m) => Word16 -> m TPMAlgId
 toTPMAlgId 0x0001 = pure TPMAlgRSA
 toTPMAlgId 0x0004 = pure TPMAlgSHA1
 toTPMAlgId 0x000B = pure TPMAlgSHA256
@@ -98,7 +98,7 @@
 toTPMAlgId _ = fail "Unsupported or invalid TPM_ALD_IG"
 
 -- | [(spec)](https://trustedcomputinggroup.org/wp-content/uploads/TCG-_Algorithm_Registry_r1p32_pub.pdf)
-toCurveId :: MonadFail m => Word16 -> m Cose.CoseCurveECDSA
+toCurveId :: (MonadFail m) => Word16 -> m Cose.CoseCurveECDSA
 toCurveId 0x0003 = pure Cose.CoseCurveP256
 toCurveId 0x0004 = pure Cose.CoseCurveP384
 toCurveId 0x0005 = pure Cose.CoseCurveP521
diff --git a/src/Crypto/WebAuthn/Cose/Internal/Verify.hs b/src/Crypto/WebAuthn/Cose/Internal/Verify.hs
--- a/src/Crypto/WebAuthn/Cose/Internal/Verify.hs
+++ b/src/Crypto/WebAuthn/Cose/Internal/Verify.hs
@@ -29,7 +29,7 @@
     Cose.Signature (..),
     verify,
 
-    -- * Hash Conversions to cryptonite types
+    -- * Hash Conversions to crypton types
     SomeHashAlgorithm (..),
     toCryptHashECDSA,
     SomeHashAlgorithmASN1 (..),
@@ -160,19 +160,19 @@
       else Left "RSA Signature invalid"
 verify key _ _ = error $ "PublicKeyWithSignAlg invariant violated for public key " <> show key <> ". This should not occur unless the PublicKeyWithSignAlg module has a bug"
 
--- | Some cryptonite 'Hash.HashAlgorithm' type, used as a return value of 'toCryptHashECDSA'
-data SomeHashAlgorithm = forall a. Hash.HashAlgorithm a => SomeHashAlgorithm a
+-- | Some crypton 'Hash.HashAlgorithm' type, used as a return value of 'toCryptHashECDSA'
+data SomeHashAlgorithm = forall a. (Hash.HashAlgorithm a) => SomeHashAlgorithm a
 
--- | Returns the cryptonite 'SomeHashAlgorithm' corresponding to this hash algorithm
+-- | Returns the crypton 'SomeHashAlgorithm' corresponding to this hash algorithm
 toCryptHashECDSA :: Cose.CoseHashAlgECDSA -> SomeHashAlgorithm
 toCryptHashECDSA Cose.CoseHashAlgECDSASHA256 = SomeHashAlgorithm Hash.SHA256
 toCryptHashECDSA Cose.CoseHashAlgECDSASHA384 = SomeHashAlgorithm Hash.SHA384
 toCryptHashECDSA Cose.CoseHashAlgECDSASHA512 = SomeHashAlgorithm Hash.SHA512
 
--- | Some cryptonite 'RSA.HashAlgorithmASN1' type, used as a return value of 'toCryptHashRSA'
-data SomeHashAlgorithmASN1 = forall a. RSA.HashAlgorithmASN1 a => SomeHashAlgorithmASN1 a
+-- | Some crypton 'RSA.HashAlgorithmASN1' type, used as a return value of 'toCryptHashRSA'
+data SomeHashAlgorithmASN1 = forall a. (RSA.HashAlgorithmASN1 a) => SomeHashAlgorithmASN1 a
 
--- | Returns the cryptonite 'SomeHashAlgorithmASN1' corresponding to this hash algorithm
+-- | Returns the crypton 'SomeHashAlgorithmASN1' corresponding to this hash algorithm
 toCryptHashRSA :: Cose.CoseHashAlgRSA -> SomeHashAlgorithmASN1
 toCryptHashRSA Cose.CoseHashAlgRSASHA1 = SomeHashAlgorithmASN1 Hash.SHA1
 toCryptHashRSA Cose.CoseHashAlgRSASHA256 = SomeHashAlgorithmASN1 Hash.SHA256
diff --git a/src/Crypto/WebAuthn/Cose/PublicKeyWithSignAlg.hs b/src/Crypto/WebAuthn/Cose/PublicKeyWithSignAlg.hs
--- a/src/Crypto/WebAuthn/Cose/PublicKeyWithSignAlg.hs
+++ b/src/Crypto/WebAuthn/Cose/PublicKeyWithSignAlg.hs
@@ -255,7 +255,7 @@
             pure P.PublicKeyRSA {..}
 
 -- | Same as 'os2ip', but throws an error if there are not exactly as many bytes as expected. Thus any successful result of this function will give the same 'BS.ByteString' back if encoded with @'i2ospOf_' size@.
-os2ipWithSize :: MonadFail m => Int -> BS.ByteString -> m Integer
+os2ipWithSize :: (MonadFail m) => Int -> BS.ByteString -> m Integer
 os2ipWithSize size bytes
   | BS.length bytes == size = pure $ os2ip bytes
   | otherwise =
@@ -267,7 +267,7 @@
           <> " was expected"
 
 -- | Same as 'os2ip', but throws an error if there are leading zero bytes. Thus any successful result of this function will give the same 'BS.ByteString' back if encoded with 'i2osp'.
-os2ipNoLeading :: MonadFail m => BS.ByteString -> m Integer
+os2ipNoLeading :: (MonadFail m) => BS.ByteString -> m Integer
 os2ipNoLeading bytes
   | leadingZeroCount == 0 = pure $ os2ip bytes
   | otherwise =
diff --git a/src/Crypto/WebAuthn/Cose/SignAlg.hs b/src/Crypto/WebAuthn/Cose/SignAlg.hs
--- a/src/Crypto/WebAuthn/Cose/SignAlg.hs
+++ b/src/Crypto/WebAuthn/Cose/SignAlg.hs
@@ -230,7 +230,7 @@
 -- | Converts a 'CoseSignAlg' to the corresponding integer value from the
 -- [COSE Algorithms registry](https://www.iana.org/assignments/cose/cose.xhtml#algorithms).
 -- The inverse operation is 'toCoseSignAlg'
-fromCoseSignAlg :: Num p => CoseSignAlg -> p
+fromCoseSignAlg :: (Num p) => CoseSignAlg -> p
 fromCoseSignAlg (CoseSignAlgRSA CoseHashAlgRSASHA1) = -65535
 fromCoseSignAlg (CoseSignAlgRSA CoseHashAlgRSASHA512) = -259
 fromCoseSignAlg (CoseSignAlgRSA CoseHashAlgRSASHA384) = -258
diff --git a/src/Crypto/WebAuthn/Encoding/Binary.hs b/src/Crypto/WebAuthn/Encoding/Binary.hs
--- a/src/Crypto/WebAuthn/Encoding/Binary.hs
+++ b/src/Crypto/WebAuthn/Encoding/Binary.hs
@@ -211,7 +211,7 @@
 -- This function is useful for testing.
 encodeRawCollectedClientData ::
   forall (c :: K.CeremonyKind) raw.
-  SingI c =>
+  (SingI c) =>
   M.CollectedClientData c raw ->
   M.CollectedClientData c 'True
 encodeRawCollectedClientData M.CollectedClientData {..} =
@@ -248,7 +248,7 @@
     -- > Append 0x66616c7365 (false) to result.
     crossOriginValue = fromMaybe False ccdCrossOrigin
 
-    jsonBuilder :: Aeson.ToJSON a => a -> Builder
+    jsonBuilder :: (Aeson.ToJSON a) => a -> Builder
     jsonBuilder = Aeson.fromEncoding . Aeson.toEncoding
 
 -- | Removes all raw fields of a 'M.CollectedClientData'.
@@ -267,7 +267,7 @@
 -- structure, which is used for both attestation and assertion.
 decodeCollectedClientData ::
   forall (c :: K.CeremonyKind).
-  SingI c =>
+  (SingI c) =>
   BS.ByteString ->
   Either Text (M.CollectedClientData c 'True)
 decodeCollectedClientData bytes = do
@@ -392,7 +392,7 @@
 -- 'M.adRawData'. This function is needed for an authenticator implementation.
 encodeRawAuthenticatorData ::
   forall (c :: K.CeremonyKind) raw.
-  SingI c =>
+  (SingI c) =>
   M.AuthenticatorData c raw ->
   M.AuthenticatorData c 'True
 encodeRawAuthenticatorData M.AuthenticatorData {..} =
@@ -460,7 +460,7 @@
 -- structure.
 decodeAuthenticatorData ::
   forall (c :: K.CeremonyKind).
-  SingI c =>
+  (SingI c) =>
   BS.ByteString ->
   Either Text (M.AuthenticatorData c 'True)
 decodeAuthenticatorData strictBytes = runPartialBinaryDecoder strictBytes $ do
diff --git a/src/Crypto/WebAuthn/Encoding/Internal/WebAuthnJson.hs b/src/Crypto/WebAuthn/Encoding/Internal/WebAuthnJson.hs
--- a/src/Crypto/WebAuthn/Encoding/Internal/WebAuthnJson.hs
+++ b/src/Crypto/WebAuthn/Encoding/Internal/WebAuthnJson.hs
@@ -65,7 +65,7 @@
 
   -- | Encodes a value to its webauthn-json equivalent
   encode :: a -> JSON a
-  default encode :: Coercible a (JSON a) => a -> JSON a
+  default encode :: (Coercible a (JSON a)) => a -> JSON a
   encode = coerce
 
 -- | An extension of 'Encode' to decoding. This typeclass is parametrized by a
@@ -73,9 +73,9 @@
 -- information to succeed, specifically
 -- 'M.SupportedAttestationStatementFormats', which can be provided with a
 -- 'MonadReader' constraint
-class Encode a => Decode m a where
+class (Encode a) => Decode m a where
   -- | Decodes a webauthn-json type, potentially throwing a 'Text' error
-  decode :: MonadError Text m => JSON a -> m a
+  decode :: (MonadError Text m) => JSON a -> m a
   default decode :: (MonadError Text m, Coercible (JSON a) a) => JSON a -> m a
   decode = pure . coerce
 
@@ -306,11 +306,11 @@
     aecoCredProps <- decode credProps
     pure $ T.AuthenticationExtensionsClientOutputs {..}
 
-instance SingI c => Encode (T.CollectedClientData (c :: K.CeremonyKind) 'True) where
+instance (SingI c) => Encode (T.CollectedClientData (c :: K.CeremonyKind) 'True) where
   type JSON (T.CollectedClientData c 'True) = Base64UrlString
   encode = Base64UrlString . T.unRaw . T.ccdRawData
 
-instance SingI c => Decode m (T.CollectedClientData (c :: K.CeremonyKind) 'True) where
+instance (SingI c) => Decode m (T.CollectedClientData (c :: K.CeremonyKind) 'True) where
   decode = liftEither . B.decodeCollectedClientData . unBase64UrlString
 
 instance Encode (T.AttestationObject 'True) where
@@ -318,7 +318,7 @@
   encode = Base64UrlString . B.encodeAttestationObject
 
 instance
-  MonadReader T.SupportedAttestationStatementFormats m =>
+  (MonadReader T.SupportedAttestationStatementFormats m) =>
   Decode m (T.AttestationObject 'True)
   where
   decode (Base64UrlString bytes) = do
@@ -610,10 +610,10 @@
   }
   deriving (Eq, Show, Generic)
 
-instance Aeson.FromJSON response => Aeson.FromJSON (PublicKeyCredential response) where
+instance (Aeson.FromJSON response) => Aeson.FromJSON (PublicKeyCredential response) where
   parseJSON = Aeson.genericParseJSON jsonEncodingOptions
 
-instance Aeson.ToJSON response => Aeson.ToJSON (PublicKeyCredential response) where
+instance (Aeson.ToJSON response) => Aeson.ToJSON (PublicKeyCredential response) where
   toJSON = Aeson.genericToJSON jsonEncodingOptions
 
 instance Encode (T.Credential 'K.Registration 'True) where
@@ -626,7 +626,7 @@
       }
 
 instance
-  MonadReader T.SupportedAttestationStatementFormats m =>
+  (MonadReader T.SupportedAttestationStatementFormats m) =>
   Decode m (T.Credential 'K.Registration 'True)
   where
   decode PublicKeyCredential {..} = do
@@ -680,7 +680,7 @@
       }
 
 instance
-  MonadReader T.SupportedAttestationStatementFormats m =>
+  (MonadReader T.SupportedAttestationStatementFormats m) =>
   Decode m (T.AuthenticatorResponse 'K.Registration 'True)
   where
   decode AuthenticatorAttestationResponse {..} = do
diff --git a/src/Crypto/WebAuthn/Internal/DateOrphans.hs b/src/Crypto/WebAuthn/Internal/DateOrphans.hs
--- a/src/Crypto/WebAuthn/Internal/DateOrphans.hs
+++ b/src/Crypto/WebAuthn/Internal/DateOrphans.hs
@@ -34,7 +34,7 @@
 instance Time UTCTime where
   timeFromElapsedP = posixSecondsToUTCTime . secondsToNominalDiffTime . realToFrac
 
-instance HasResolution a => Timeable (Fixed a) where
+instance (HasResolution a) => Timeable (Fixed a) where
   timeGetElapsedP value = ElapsedP seconds nanos
     where
       ns :: Nano
diff --git a/src/Crypto/WebAuthn/Metadata.hs b/src/Crypto/WebAuthn/Metadata.hs
--- a/src/Crypto/WebAuthn/Metadata.hs
+++ b/src/Crypto/WebAuthn/Metadata.hs
@@ -1,6 +1,6 @@
 -- | Stability: experimental
--- A function for decoding a [FIDO Alliance Metadata Service](https://fidoalliance.org/metadata/)
--- BLOB in order to be able to enforce a set of requirements on the authenticator
+-- A function for decoding a [FIDO Alliance Metadata Service](https://fidoalliance.org/metadata/).
+-- BLOB in order to be able to enforce a set of requirements on he uthenticator
 -- used, e.g. to only allow authenticators that have been
 -- [FIDO certified](https://fidoalliance.org/certification/functional-certification/).
 module Crypto.WebAuthn.Metadata
diff --git a/src/Crypto/WebAuthn/Metadata/Service/Decode.hs b/src/Crypto/WebAuthn/Metadata/Service/Decode.hs
--- a/src/Crypto/WebAuthn/Metadata/Service/Decode.hs
+++ b/src/Crypto/WebAuthn/Metadata/Service/Decode.hs
@@ -32,7 +32,7 @@
 decodeMetadataPayload ServiceIDL.MetadataBLOBPayload {..} = do
   let mpLegalHeader = legalHeader
       mpNo = no
-  mpNextUpdate <- either (This . NE.singleton) That $ decodeDate nextUpdate
+  mpNextUpdate <- either (This . (NE.:| [])) That $ decodeDate nextUpdate
   let errorOrEntries = mapMaybe decodeMetadataEntry entries
   let errors = lefts errorOrEntries
   let decodedEntries = rights errorOrEntries
diff --git a/src/Crypto/WebAuthn/Metadata/Service/Processing.hs b/src/Crypto/WebAuthn/Metadata/Service/Processing.hs
--- a/src/Crypto/WebAuthn/Metadata/Service/Processing.hs
+++ b/src/Crypto/WebAuthn/Metadata/Service/Processing.hs
@@ -60,7 +60,7 @@
 import Data.HashMap.Strict (HashMap, (!?))
 import qualified Data.HashMap.Strict as HashMap
 import Data.Hourglass (DateTime)
-import Data.List.NonEmpty (NonEmpty, singleton)
+import Data.List.NonEmpty (NonEmpty)
 import qualified Data.List.NonEmpty as NE
 import Data.Text (Text)
 import qualified Data.Text as Text
@@ -186,7 +186,7 @@
 -- important.
 jsonToPayload :: HashMap Text Value -> These (NonEmpty Text) Service.MetadataPayload
 jsonToPayload value = case Aeson.parseEither metadataPayloadParser value of
-  Left err -> This (singleton $ Text.pack err)
+  Left err -> This (Text.pack err NE.:| [])
   Right payload -> decodeMetadataPayload payload
 
 metadataPayloadParser :: HashMap Text Aeson.Value -> Aeson.Parser ServiceIDL.MetadataBLOBPayload
diff --git a/src/Crypto/WebAuthn/Metadata/Service/Types.hs b/src/Crypto/WebAuthn/Metadata/Service/Types.hs
--- a/src/Crypto/WebAuthn/Metadata/Service/Types.hs
+++ b/src/Crypto/WebAuthn/Metadata/Service/Types.hs
@@ -96,7 +96,7 @@
 deriving instance ToJSON (MetadataEntry p)
 
 -- | Same as 'MetadataEntry', but with its type parameter erased
-data SomeMetadataEntry = forall p. SingI p => SomeMetadataEntry (MetadataEntry p)
+data SomeMetadataEntry = forall p. (SingI p) => SomeMetadataEntry (MetadataEntry p)
 
 -- | [(spec)](https://fidoalliance.org/specs/mds/fido-metadata-service-v3.0-ps-20210518.html#statusreport-dictionary)
 -- Same as 'StatementIDL.StatusReport', but fully decoded.
diff --git a/src/Crypto/WebAuthn/Model/Types.hs b/src/Crypto/WebAuthn/Model/Types.hs
--- a/src/Crypto/WebAuthn/Model/Types.hs
+++ b/src/Crypto/WebAuthn/Model/Types.hs
@@ -586,7 +586,7 @@
 -- | [(spec)](https://www.w3.org/TR/webauthn-2/#user-handle)
 -- A user handle is an opaque [byte sequence](https://infra.spec.whatwg.org/#byte-sequence)
 -- with a maximum size of 64 bytes, and is not meant to be displayed to the user.
-generateUserHandle :: MonadRandom m => m UserHandle
+generateUserHandle :: (MonadRandom m) => m UserHandle
 generateUserHandle = UserHandle <$> getRandomBytes 16
 
 -- | [(spec)](https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialuserentity-displayname)
@@ -650,7 +650,7 @@
 -- Generates a random 'CredentialId' using 16 random bytes.
 -- This is only useful for authenticators, not for relying parties.
 -- This function is only included for completeness and testing purposes.
-generateCredentialId :: MonadRandom m => m CredentialId
+generateCredentialId :: (MonadRandom m) => m CredentialId
 generateCredentialId = CredentialId <$> getRandomBytes 16
 
 -- | [(spec)](https://www.w3.org/TR/webauthn-2/#sctn-cryptographic-challenges)
@@ -668,7 +668,7 @@
 -- | [(spec)](https://www.w3.org/TR/webauthn-2/#sctn-cryptographic-challenges)
 -- In order to prevent replay attacks, the challenges MUST contain enough entropy
 -- to make guessing them infeasible. Challenges SHOULD therefore be at least 16 bytes long.
-generateChallenge :: MonadRandom m => m Challenge
+generateChallenge :: (MonadRandom m) => m Challenge
 generateChallenge = Challenge <$> getRandomBytes 16
 
 -- | [(spec)](https://www.w3.org/TR/webauthn-2/#dom-publickeycredentialcreationoptions-timeout)
@@ -1170,7 +1170,7 @@
 -- | An arbitrary and potentially unstable JSON encoding, only intended for
 -- logging purposes. To actually encode and decode structures, use the
 -- "Crypto.WebAuthn.Encoding" modules
-instance SingI c => ToJSON (CollectedClientData (c :: CeremonyKind) raw) where
+instance (SingI c) => ToJSON (CollectedClientData (c :: CeremonyKind) raw) where
   toJSON CollectedClientData {..} =
     object
       [ "webauthnKind" .= sing @c,
@@ -1379,7 +1379,7 @@
 -- This is used for 'singletonAttestationStatementFormat'
 data SomeAttestationStatementFormat
   = forall a.
-    AttestationStatementFormat a =>
+    (AttestationStatementFormat a) =>
     SomeAttestationStatementFormat a
 
 -- | A type representing the set of supported attestation statement formats.
@@ -1432,7 +1432,7 @@
 -- 'Crypto.WebAuthn.Encoding.Binary.encodeAttestationObject' can be used to get
 -- the binary encoding of this type when @raw ~ 'True'@.
 data AttestationObject raw = forall a.
-  AttestationStatementFormat a =>
+  (AttestationStatementFormat a) =>
   AttestationObject
   { -- | [(spec)](https://www.w3.org/TR/webauthn-2/#authenticator-data)
     -- The authenticator data structure encodes contextual bindings made by the
diff --git a/src/Crypto/WebAuthn/Operation/Registration.hs b/src/Crypto/WebAuthn/Operation/Registration.hs
--- a/src/Crypto/WebAuthn/Operation/Registration.hs
+++ b/src/Crypto/WebAuthn/Operation/Registration.hs
@@ -99,7 +99,7 @@
         reReceivedSigningAlgorithm :: Cose.CoseSignAlg
       }
   | -- | There was some exception in the statement format specific section
-    forall a. M.AttestationStatementFormat a => RegistrationAttestationFormatError a (NonEmpty (M.AttStmtVerificationError a))
+    forall a. (M.AttestationStatementFormat a) => RegistrationAttestationFormatError a (NonEmpty (M.AttStmtVerificationError a))
 
 deriving instance Show RegistrationError
 
@@ -455,7 +455,7 @@
 -- Results in the type of attestation and the model.
 validateAttestationChain ::
   forall raw p a.
-  M.AttestationStatementFormat a =>
+  (M.AttestationStatementFormat a) =>
   M.Credential 'M.Registration raw ->
   a ->
   M.AttestationType ('M.Verifiable p) ->
diff --git a/tests/Emulation/Client.hs b/tests/Emulation/Client.hs
--- a/tests/Emulation/Client.hs
+++ b/tests/Emulation/Client.hs
@@ -100,7 +100,7 @@
 -- authenticator. MonadRandom is required for signing using Ed25519 which
 -- requires a random number to be generated during signing. There exists
 -- methods to not rely on a random number, but these have not been implemented
--- in the cryptonite library we rely on.
+-- in the crypton library we rely on.
 clientAssertion ::
   (MonadFail m, Random.MonadRandom m) =>
   M.CredentialOptions 'M.Authentication ->
diff --git a/tests/Spec/Key.hs b/tests/Spec/Key.hs
--- a/tests/Spec/Key.hs
+++ b/tests/Spec/Key.hs
@@ -54,7 +54,7 @@
   }
   deriving (Eq, Show)
 
-newKeyPair :: MonadRandom m => Cose.CoseSignAlg -> m KeyPair
+newKeyPair :: (MonadRandom m) => Cose.CoseSignAlg -> m KeyPair
 newKeyPair Cose.CoseSignAlgEdDSA = do
   privKey' <- Ed25519.generateSecretKey
   let privKey =
@@ -118,7 +118,7 @@
       cosePubKey = fromRight (error "unreachable") $ Cose.makePublicKeyWithSignAlg pubKey (Cose.CoseSignAlgRSA hash)
   pure KeyPair {..}
 
-sign :: MonadRandom m => Cose.CoseSignAlg -> PrivateKey -> BS.ByteString -> m BS.ByteString
+sign :: (MonadRandom m) => Cose.CoseSignAlg -> PrivateKey -> BS.ByteString -> m BS.ByteString
 sign Cose.CoseSignAlgEdDSA PrivateKeyEdDSA {eddsaCurve = Cose.CoseCurveEd25519, ..} msg = do
   let privKey = case Ed25519.secretKey eddsaBytes of
         CryptoFailed err -> error $ show err
@@ -158,7 +158,7 @@
 toX509 :: Cose.UncheckedPublicKey -> X509.PubKey
 toX509 Cose.PublicKeyEdDSA {eddsaCurve = Cose.CoseCurveEd25519, ..} =
   let key = case Ed25519.publicKey $ Cose.unEdDSAKeyBytes eddsaX of
-        CryptoFailed err -> error $ "Failed to create a cryptonite Ed25519 public key of a bytestring with size " <> show (BS.length $ Cose.unEdDSAKeyBytes eddsaX) <> ": " <> show err
+        CryptoFailed err -> error $ "Failed to create a crypton Ed25519 public key of a bytestring with size " <> show (BS.length $ Cose.unEdDSAKeyBytes eddsaX) <> ": " <> show err
         CryptoPassed res -> res
    in X509.PubKeyEd25519 key
 toX509 Cose.PublicKeyECDSA {..} =
diff --git a/tests/Spec/Types.hs b/tests/Spec/Types.hs
--- a/tests/Spec/Types.hs
+++ b/tests/Spec/Types.hs
@@ -140,17 +140,16 @@
 
 instance Arbitrary ArbitraryAttestationStatementFormat where
   arbitrary =
-    elements
-      [ ArbitraryAttestationStatementFormat None.Format
-      -- ArbitraryAttestationStatementFormat Packed.Format,
-      -- ArbitraryAttestationStatementFormat FidoU2F.Format,
-      -- ArbitraryAttestationStatementFormat AndroidKey.Format
-      ]
+    return (ArbitraryAttestationStatementFormat None.Format)
 
+-- ArbitraryAttestationStatementFormat Packed.Format,
+-- ArbitraryAttestationStatementFormat FidoU2F.Format,
+-- ArbitraryAttestationStatementFormat AndroidKey.Format
+
 instance Arbitrary M.SignatureCounter where
   arbitrary = M.SignatureCounter <$> arbitrary
 
-instance SingI c => Arbitrary (M.AuthenticatorData c 'False) where
+instance (SingI c) => Arbitrary (M.AuthenticatorData c 'False) where
   arbitrary = M.AuthenticatorData <$> arbitrary <*> arbitrary <*> arbitrary <*> arbitrary <*> arbitrary <*> arbitrary
 
 instance Arbitrary M.Challenge where
@@ -167,7 +166,7 @@
 instance Arbitrary M.AuthenticatorDataFlags where
   arbitrary = M.AuthenticatorDataFlags <$> arbitrary <*> arbitrary
 
-instance SingI c => Arbitrary (M.AttestedCredentialData c 'False) where
+instance (SingI c) => Arbitrary (M.AttestedCredentialData c 'False) where
   arbitrary = case sing @c of
     M.SRegistration -> M.AttestedCredentialData <$> arbitrary <*> arbitrary <*> arbitrary <*> arbitrary
     M.SAuthentication -> pure M.NoAttestedCredentialData
@@ -282,10 +281,10 @@
       <*> arbitrary
       <*> arbitrary
 
-shuffledSubsetWith :: Ord a => Set a -> Gen [a]
+shuffledSubsetWith :: (Ord a) => Set a -> Gen [a]
 shuffledSubsetWith set = subsetWith set >>= shuffle . Set.toList
 
-subsetWith :: Ord a => Set a -> Gen (Set a)
+subsetWith :: (Ord a) => Set a -> Gen (Set a)
 subsetWith set = Set.fromList <$> sublistOf (Set.toList set)
 
 parameters :: Gen [M.CredentialParameters]
diff --git a/webauthn.cabal b/webauthn.cabal
--- a/webauthn.cabal
+++ b/webauthn.cabal
@@ -1,6 +1,6 @@
 cabal-version: 2.4
 name: webauthn
-version: 0.8.0.0
+version: 0.9.0.0
 license: Apache-2.0
 license-file: LICENSE
 copyright:
@@ -35,7 +35,7 @@
   however follow the [PVP](https://pvp.haskell.org/) and properly label changes
   with the appropriate version increase.
 category: Web, Authentication
-tested-with: GHC == 9.2.4
+tested-with: GHC == 9.4.7
 extra-source-files:
   README.md,
   changelog.md,
@@ -69,37 +69,37 @@
   import: sanity
   hs-source-dirs: src
   build-depends:
-    base                  >= 4.13.0 && < 4.20,
-    aeson                 >= 1.4.7 && < 2.3,
-    asn1-encoding         >= 0.9.6 && < 0.10,
-    asn1-parse            >= 0.9.5 && < 0.10,
-    asn1-types            >= 0.3.4 && < 0.4,
-    base16-bytestring     >= 1.0.0 && < 1.1,
-    base64-bytestring     >= 1.2.1 && < 1.3,
-    binary                >= 0.8.7 && < 0.9,
-    bytestring            >= 0.10.10 && < 0.13,
-    cborg                 >= 0.2.4 && < 0.3,
-    containers            >= 0.6.2 && < 0.7,
-    cryptonite            >= 0.27 && < 0.31,
-    file-embed            >= 0.0.11 && < 0.1,
-    hashable              >= 1.3.0 && < 1.5,
-    hourglass             >= 0.2.12 && < 0.3,
-    jose                  >= 0.8.5 && < 0.11,
-    lens                  >= 4.18.1 && < 5.3,
-    memory                >= 0.15.0 && < 0.19,
-    monad-time            >= 0.3.1 && < 0.5,
-    mtl                   >= 2.2.2 && < 2.4,
-    serialise             >= 0.2.3 && < 0.3,
-    singletons            >= 2.6 && < 3.2,
-    text                  >= 1.2.4 && < 2.2,
-    these                 >= 1.1 && < 1.3,
-    time                  >= 1.9.3 && < 1.14,
-    unordered-containers  >= 0.2.11 && < 0.3,
-    uuid                  >= 1.3.13 && < 1.4,
-    validation            >= 1.1 && < 1.3,
-    x509                  >= 1.7.5 && < 1.8,
-    x509-store            >= 1.6.7 && < 1.7,
-    x509-validation       >= 1.6.12 && < 1.7
+    base                    >= 4.13.0 && < 4.20,
+    aeson                   >= 2.0.1 && < 2.3,
+    asn1-encoding           >= 0.9.6 && < 0.10,
+    asn1-parse              >= 0.9.5 && < 0.10,
+    asn1-types              >= 0.3.4 && < 0.4,
+    base16-bytestring       >= 1.0.0 && < 1.1,
+    base64-bytestring       >= 1.2.1 && < 1.3,
+    binary                  >= 0.8.7 && < 0.9,
+    bytestring              >= 0.10.10 && < 0.13,
+    cborg                   >= 0.2.4 && < 0.3,
+    containers              >= 0.6.2.1 && < 0.7,
+    crypton                 >= 0.32 && < 0.35,
+    crypton-x509            >= 1.7.6 && < 1.8,
+    crypton-x509-store      >= 1.6.9 && < 1.7,
+    crypton-x509-validation >= 1.6.12 && < 1.7,
+    file-embed              >= 0.0.11 && < 0.1,
+    hashable                >= 1.3.2 && < 1.5,
+    hourglass               >= 0.2.12 && < 0.3,
+    jose                    >= 0.11 && < 0.12,
+    lens                    >= 4.18.1 && < 5.3,
+    memory                  >= 0.15.0 && < 0.19,
+    monad-time              >= 0.3.1 && < 0.5,
+    mtl                     >= 2.2.2 && < 2.4,
+    serialise               >= 0.2.3 && < 0.3,
+    singletons              >= 2.6 && < 3.2,
+    text                    >= 1.2.4 && < 2.2,
+    these                   >= 1.1.1.1 && < 1.3,
+    time                    >= 1.9.3 && < 1.14,
+    unordered-containers    >= 0.2.12 && < 0.3,
+    uuid                    >= 1.3.13 && < 1.4,
+    validation              >= 1.1 && < 1.3,
   exposed-modules:
     Crypto.WebAuthn,
     Crypto.WebAuthn.AttestationStatementFormat,
@@ -170,7 +170,9 @@
     asn1-encoding,
     bytestring,
     containers,
-    cryptonite,
+    crypton,
+    crypton-x509,
+    crypton-x509-store,
     directory,
     filepath,
     hourglass,
@@ -188,5 +190,3 @@
     uuid,
     validation,
     webauthn,
-    x509,
-    x509-store
