diff --git a/cmd/rekor-server/app/watch.go b/cmd/rekor-server/app/watch.go
index f73afb941a7c565470277762206886c7dae15245..0f2952707b086156ef402592204b8d12ae0e15c3 100644
--- a/cmd/rekor-server/app/watch.go
+++ b/cmd/rekor-server/app/watch.go
@@ -31,7 +31,6 @@ import (
 
 	"github.com/google/trillian"
 	tclient "github.com/google/trillian/client"
-	tcrypto "github.com/google/trillian/crypto"
 	"github.com/google/trillian/merkle/rfc6962/hasher"
 	"github.com/google/trillian/types"
 
@@ -158,8 +157,9 @@ func doCheck(c *client.Rekor, v *tclient.LogVerifier) (*SignedAndUnsignedLogRoot
 		LogRoot:          logRoot,
 		LogRootSignature: signature,
 	}
-	lr, err := tcrypto.VerifySignedLogRoot(v.PubKey, v.SigHash, &sth)
-	if err != nil {
+
+	lr := &types.LogRootV1{}
+	if err := lr.UnmarshalBinary(sth.LogRoot); err != nil {
 		return nil, err
 	}
 	return &SignedAndUnsignedLogRoot{
diff --git a/pkg/api/entries.go b/pkg/api/entries.go
index 9aac73649a2a770482736075165de68d6da1f7a1..cb371d0616e941bdfdf3e6b3231ae7a59a1aa310 100644
--- a/pkg/api/entries.go
+++ b/pkg/api/entries.go
@@ -23,6 +23,8 @@ import (
 	"net/http"
 	"net/url"
 
+	ttypes "github.com/google/trillian/types"
+
 	"github.com/google/trillian"
 	"github.com/spf13/viper"
 	"golang.org/x/sync/errgroup"
@@ -39,18 +41,17 @@ import (
 
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/go-openapi/strfmt"
-	tcrypto "github.com/google/trillian/crypto"
 	rfc6962 "github.com/google/trillian/merkle/rfc6962/hasher"
 	"github.com/sigstore/rekor/pkg/generated/restapi/operations/entries"
 )
 
 //logEntryFromLeaf creates LogEntry struct from trillian structs
 func logEntryFromLeaf(tc TrillianClient, leaf *trillian.LogLeaf, signedLogRoot *trillian.SignedLogRoot, proof *trillian.Proof) (models.LogEntry, error) {
-	root, err := tcrypto.VerifySignedLogRoot(tc.verifier.PubKey, tc.verifier.SigHash, signedLogRoot)
-	if err != nil {
+
+	root := &ttypes.LogRootV1{}
+	if err := root.UnmarshalBinary(signedLogRoot.LogRoot); err != nil {
 		return nil, err
 	}
-
 	hashes := []string{}
 	for _, hash := range proof.Hashes {
 		hashes = append(hashes, hex.EncodeToString(hash))
diff --git a/pkg/api/tlog.go b/pkg/api/tlog.go
index b3bbb37dcce20cba6669ad3c7280dc963e290695..edaf77a4a624b0aea33bb7344540810e44d03a09 100644
--- a/pkg/api/tlog.go
+++ b/pkg/api/tlog.go
@@ -27,7 +27,7 @@ import (
 
 	"github.com/go-openapi/runtime/middleware"
 	"github.com/go-openapi/strfmt"
-	tcrypto "github.com/google/trillian/crypto"
+	"github.com/google/trillian/types"
 	"github.com/sigstore/rekor/pkg/generated/restapi/operations/tlog"
 )
 
@@ -41,9 +41,8 @@ func GetLogInfoHandler(params tlog.GetLogInfoParams) middleware.Responder {
 	}
 	result := resp.getLatestResult
 
-	// validate result is signed with the key we're aware of
-	root, err := tcrypto.VerifySignedLogRoot(tc.verifier.PubKey, tc.verifier.SigHash, result.SignedLogRoot)
-	if err != nil {
+	root := &types.LogRootV1{}
+	if err := root.UnmarshalBinary(result.SignedLogRoot.LogRoot); err != nil {
 		return handleRekorAPIError(params, http.StatusInternalServerError, err, trillianUnexpectedResult)
 	}
 
@@ -80,9 +79,8 @@ func GetLogProofHandler(params tlog.GetLogProofParams) middleware.Responder {
 	}
 	result := resp.getConsistencyProofResult
 
-	// validate result is signed with the key we're aware of
-	root, err := tcrypto.VerifySignedLogRoot(tc.verifier.PubKey, tc.verifier.SigHash, result.SignedLogRoot)
-	if err != nil {
+	var root types.LogRootV1
+	if err := root.UnmarshalBinary(result.SignedLogRoot.LogRoot); err != nil {
 		return handleRekorAPIError(params, http.StatusInternalServerError, err, trillianUnexpectedResult)
 	}