diff --git a/src/CertManager.sol b/src/CertManager.sol
index 3dc2929..bc925ac 100644
--- a/src/CertManager.sol
+++ b/src/CertManager.sol
@@ -28,17 +28,17 @@ contract CertManager is ICertManager {
     // which essentially means the signature algorithm is Elliptic curve Digital Signature Algorithm (DSA) coupled with the Secure Hash Algorithm 384 (SHA384) algorithm
     // @dev Sig algo is hardcoded here because the root cerificate's sig algorithm is known beforehand
     // @dev reference article for encoding https://learn.microsoft.com/en-in/windows/win32/seccertenroll/about-object-identifier
-    bytes32 public constant CERT_ALGO_OID = keccak256(hex"06082a8648ce3d040303");
+    bytes32 public constant CERT_ALGO_OID = 0x53ce037f0dfaa43ef13b095f04e68a6b5e3f1519a01a3203a1e6440ba915b87e; // keccak256(hex"06082a8648ce3d040303")
     // https://oid-rep.orange-labs.fr/get/1.2.840.10045.2.1
     // 1.2.840.10045.2.1 {iso(1) member-body(2) us(840) ansi-x962(10045) keyType(2) ecPublicKey(1)} represents Elliptic curve public key cryptography
-    bytes32 public constant EC_PUB_KEY_OID = keccak256(hex"2a8648ce3d0201");
+    bytes32 public constant EC_PUB_KEY_OID = 0xb60fee1fd85f867dd7c8d16884a49a20287ebe4c0fb49294e9825988aa8e42b4; // keccak256(hex"2a8648ce3d0201")
     // https://oid-rep.orange-labs.fr/get/1.3.132.0.34
     // 1.3.132.0.34 {iso(1) identified-organization(3) certicom(132) curve(0) ansip384r1(34)} represents NIST 384-bit elliptic curve
-    bytes32 public constant SECP_384_R1_OID = keccak256(hex"2b81040022");
+    bytes32 public constant SECP_384_R1_OID = 0xbd74344bb507daeb9ed315bc535f24a236ccab72c5cd6945fb0efe5c037e2097; // keccak256(hex"2b81040022")
 
     // extension OID certificate constants
-    bytes32 public constant BASIC_CONSTRAINTS_OID = keccak256(hex"551d13");
-    bytes32 public constant KEY_USAGE_OID = keccak256(hex"551d0f");
+    bytes32 public constant BASIC_CONSTRAINTS_OID = 0x6351d72a43cb42fb9a2531a28608c278c89629f8f025b5f5dc705f3fe45e950a; // keccak256(hex"551d13")
+    bytes32 public constant KEY_USAGE_OID = 0x45529d8772b07ebd6d507a1680da791f4a2192882bf89d518801579f7a5167d2; // keccak256(hex"551d0f")
 
     // certHash -> VerifiedCert
     mapping(bytes32 => bytes) public verified;
diff --git a/src/NitroValidator.sol b/src/NitroValidator.sol
index 07f2a52..c48c013 100644
--- a/src/NitroValidator.sol
+++ b/src/NitroValidator.sol
@@ -18,18 +18,18 @@ contract NitroValidator {
     using CborDecode for bytes;
     using LibCborElement for CborElement;
 
-    bytes32 public constant ATTESTATION_TBS_PREFIX = keccak256(hex"846a5369676e61747572653144a101382240");
-    bytes32 public constant ATTESTATION_DIGEST = keccak256("SHA384");
-
-    bytes32 public constant CERTIFICATE_KEY = keccak256(bytes("certificate"));
-    bytes32 public constant PUBLIC_KEY_KEY = keccak256(bytes("public_key"));
-    bytes32 public constant MODULE_ID_KEY = keccak256(bytes("module_id"));
-    bytes32 public constant TIMESTAMP_KEY = keccak256(bytes("timestamp"));
-    bytes32 public constant USER_DATA_KEY = keccak256(bytes("user_data"));
-    bytes32 public constant CABUNDLE_KEY = keccak256(bytes("cabundle"));
-    bytes32 public constant DIGEST_KEY = keccak256(bytes("digest"));
-    bytes32 public constant NONCE_KEY = keccak256(bytes("nonce"));
-    bytes32 public constant PCRS_KEY = keccak256(bytes("pcrs"));
+    bytes32 public constant ATTESTATION_TBS_PREFIX = 0x63ce814bd924c1ef12c43686e4cbf48ed1639a78387b0570c23ca921e8ce071c; // keccak256(hex"846a5369676e61747572653144a101382240")
+    bytes32 public constant ATTESTATION_DIGEST = 0x501a3a7a4e0cf54b03f2488098bdd59bc1c2e8d741a300d6b25926d531733fef; // keccak256("SHA384")
+
+    bytes32 public constant CERTIFICATE_KEY = 0x925cec779426f44d8d555e01d2683a3a765ce2fa7562ca7352aeb09dfc57ea6a; // keccak256(bytes("certificate"))
+    bytes32 public constant PUBLIC_KEY_KEY = 0xc7b28019ccfdbd30ffc65951d94bb85c9e2b8434111a000b5afd533ce65f57a4; // keccak256(bytes("public_key"))
+    bytes32 public constant MODULE_ID_KEY = 0x8ce577cf664c36ba5130242bf5790c2675e9f4e6986a842b607821bee25372ee; // keccak256(bytes("module_id"))
+    bytes32 public constant TIMESTAMP_KEY = 0x4ebf727c48eac2c66272456b06a885c5cc03e54d140f63b63b6fd10c1227958e; // keccak256(bytes("timestamp"))
+    bytes32 public constant USER_DATA_KEY = 0x5e4ea5393e4327b3014bc32f2264336b0d1ee84a4cfd197c8ad7e1e16829a16a; // keccak256(bytes("user_data"))
+    bytes32 public constant CABUNDLE_KEY = 0x8a8cb7aa1da17ada103546ae6b4e13ccc2fafa17adf5f93925e0a0a4e5681a6a; // keccak256(bytes("cabundle"))
+    bytes32 public constant DIGEST_KEY = 0x682a7e258d80bd2421d3103cbe71e3e3b82138116756b97b8256f061dc2f11fb; // keccak256(bytes("digest"))
+    bytes32 public constant NONCE_KEY = 0x7ab1577440dd7bedf920cb6de2f9fc6bf7ba98c78c85a3fa1f8311aac95e1759; // keccak256(bytes("nonce"))
+    bytes32 public constant PCRS_KEY = 0x61585f8bc67a4b6d5891a4639a074964ac66fc2241dc0b36c157dc101325367a; // keccak256(bytes("pcrs"))
 
     struct Ptrs {
         CborElement moduleID;