diff --git a/src/PaymentServer/Issuer.hs b/src/PaymentServer/Issuer.hs
index 8ed7eb4cf01ef77c261740e23287af40615b8e11..dfc048d6e27c10655b85a421040f7d7c71361060 100644
--- a/src/PaymentServer/Issuer.hs
+++ b/src/PaymentServer/Issuer.hs
@@ -65,7 +65,7 @@ ristrettoIssue
   :: SigningKey    -- ^ The key to provide to the PrivacyPass signer.
   -> Issuer        -- ^ An issuer using the given key.
 ristrettoIssue signingKey tokens = do
-  issuance <- ristretto signingKey tokens
+  let issuance = ristretto signingKey tokens
   case issuance of
     Right (publicKey, tokens, proof) -> return . Just $ ChallengeBypass publicKey tokens proof
     Left err -> do
diff --git a/src/PaymentServer/Ristretto.hs b/src/PaymentServer/Ristretto.hs
index 0a9dcfd605e656d42a82e187dc3b95a3abb70527..65a4a73475b64fd9997c3ff55e8c318294139477 100644
--- a/src/PaymentServer/Ristretto.hs
+++ b/src/PaymentServer/Ristretto.hs
@@ -11,6 +11,9 @@ import Control.Exception
   ( bracket
   , assert
   )
+import System.IO.Unsafe
+  ( unsafePerformIO
+  )
 import Data.Text
   ( Text
   , unpack
@@ -85,7 +88,7 @@ data RistrettoFailure
 ristretto
   :: Text                                  -- ^ The base64 encoded signing key.
   -> [Text]                                -- ^ A list of the base64 blinded tokens.
-  -> IO (Either RistrettoFailure Issuance) -- ^ Left for an error, otherwise
+  -> (Either RistrettoFailure Issuance)    -- ^ Left for an error, otherwise
                                            -- Right with the ristretto results
 ristretto textSigningKey textTokens =
   let
@@ -116,7 +119,7 @@ ristretto textSigningKey textTokens =
                 True -> return $ Left PublicKeyLookup
                 False -> return $ Right (signingKey, publicKey)
   in
-    do
+    unsafePerformIO $ do
       keys <- extractKeyMaterial stringSigningKey
       case keys of
         Left err -> return $ Left err