diff --git a/src/modules/frost/keygen_impl.h b/src/modules/frost/keygen_impl.h
index 40606a21b..5411598e1 100644
--- a/src/modules/frost/keygen_impl.h
+++ b/src/modules/frost/keygen_impl.h
@@ -63,6 +63,8 @@ static void secp256k1_frost_share_save(secp256k1_frost_share* share, secp256k1_s
 static int secp256k1_frost_share_load(const secp256k1_context* ctx, secp256k1_scalar *s, const secp256k1_frost_share* share) {
     int overflow;
 
+    /* The magic is non-secret so it can be declassified to allow branching. */
+    secp256k1_declassify(ctx, &share->data[0], 4);
     ARG_CHECK(secp256k1_memcmp_var(&share->data[0], secp256k1_frost_share_magic, 4) == 0);
     secp256k1_scalar_set_b32(s, &share->data[4], &overflow);
     /* Parsed shares cannot overflow */
@@ -152,6 +154,9 @@ int secp256k1_frost_shares_trusted_gen(const secp256k1_context *ctx, secp256k1_f
                 /* Compute commitment to constant term */
                 secp256k1_ecmult_gen(&ctx->ecmult_gen_ctx, &rj, &coeff_i);
                 secp256k1_ge_set_gej(&rp, &rj);
+                /* The commitment is non-secret so it can be declassified to
+                 * allow branching. */
+                secp256k1_declassify(ctx, &rp, sizeof(rp));
                 secp256k1_fe_normalize_var(&rp.y);
                 pk_parity = secp256k1_extrakeys_ge_even_y(&rp);
                 secp256k1_xonly_pubkey_save(pk, &rp);