diff --git a/.circleci/config.yml b/.circleci/config.yml
index 0599e1cf616e37344b00bef1b510f474b684fc99..ae41e437846f1768ae0e9f04c294831b9c78ebe0 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -42,6 +42,23 @@ jobs:
           command: |
             echo "export NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs/archive/$NIXPKGS_REV.tar.gz" >> $BASH_ENV
 
+      # Get *our* source code.
+      - "checkout"
+
+      - "run":
+          # CircleCI won't let us interpolate NIXPKGS_REV into a cache key.
+          # Only CircleCI's own environment variables or variables set via the
+          # web interface in a "context" can be interpolated into cache keys.
+          # However, we can interpolate the checksum of a file...  Since we
+          # don't care about the exact revision, we just care that a new
+          # revision gives us a new string, we can write the revision to a
+          # file and then put the checksum of that file into the cache key.
+          # This way, we don't have to maintain the nixpkgs revision in two
+          # places and risk having them desynchronize.
+          name: "Prepare For Cache Key"
+          command: |
+            echo "${NIXPKGS_REV}" > nixpkgs.rev
+
       - restore_cache:
           # Get all of Nix's state relating to the particular revision of
           # nixpkgs we're using.  It will always be the same.  CircleCI
@@ -54,16 +71,21 @@ jobs:
           # Read about caching dependencies: https://circleci.com/docs/2.0/caching/
           name: "Restore Nix Store Paths"
           keys:
-            # This doesn't work right.  "<no value>" is interpolated in,
-            # instead of the value for NIXPKGS_REV set above.
+            # Construct cache keys that allow sharing as long as nixpkgs and
+            # the Ristretto library are the same.
             #
-            # https://github.com/PrivateStorageio/PaymentServer/issues/15
-            - paymentserver-nix-store-v1-{{ .Environment.NIXPKGS_REV }}
+            # If the Ristretto library changes, we have to rebuild it so we
+            # may as well throw away the part of the cache with the old build
+            # and make a new one with the new build so we don't have to
+            # rebuild it *again* next time.
+            #
+            # If nixpkgs changes then potentially a lot of cached packages for
+            # the base system will be invalidated so we may as well drop them
+            # and make a new cache with the new packages.
+            - paymentserver-nix-store-v1-{{ checksum "nixpkgs.rev" }}-{{ checksum "ristretto.nix" }}
+            - paymentserver-nix-store-v1-{{ checksum "nixpkgs.rev" }}-
             - paymentserver-nix-store-v1-
 
-      # Get *our* source code.
-      - "checkout"
-
       - restore_cache:
           # Restore the cache of Stack's state.  This will have all of the
           # compiled Haskell libraries we depend on and even the compiled
@@ -136,7 +158,7 @@ jobs:
 
       - save_cache:
           name: "Cache Nix Store Paths"
-          key: paymentserver-nix-store-v1-{{ .Environment.NIXPKGS_REV }}
+          key: paymentserver-nix-store-v1-{{ checksum "nixpkgs.rev" }}-{{ checksum "ristretto.nix" }}
           paths:
             - "/nix"