diff --git a/ChangeLog b/ChangeLog
index 1954db1..9b8e3c6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2014-02-21  Niibe Yutaka  <gniibe@fsij.org>
+
+	* src/modp256k1.c (modp256k1_shift): Bug fix.
+
 2014-02-20  Niibe Yutaka  <gniibe@fsij.org>
 
 	* src/Makefile.in (CSRC): Add files of p256k1.
diff --git a/src/modp256k1.c b/src/modp256k1.c
index ad74cca..56c4c01 100644
--- a/src/modp256k1.c
+++ b/src/modp256k1.c
@@ -463,7 +463,6 @@ void
 modp256k1_shift (bn256 *X, const bn256 *A, int shift)
 {
   uint32_t carry;
-#define borrow carry
   bn256 tmp[1];
 
   carry = bn256_shift (X, A, shift);
@@ -471,20 +470,16 @@ modp256k1_shift (bn256 *X, const bn256 *A, int shift)
     return;
 
   memset (tmp, 0, sizeof (bn256));
-  tmp->word[7] = carry;
-  tmp->word[0] = carry;
+  tmp->word[0] = carry + (carry << 9);
+  tmp->word[1] = carry + (tmp->word[0] < (carry << 9)) + (carry >> 23);
+  tmp->word[0] = tmp->word[0] + (carry << 8);
+  tmp->word[1] = tmp->word[1] + (tmp->word[0] < (carry << 8)) + (carry >> 24);
+  tmp->word[0] = tmp->word[0] + (carry << 7);
+  tmp->word[1] = tmp->word[1] + (tmp->word[0] < (carry << 7)) + (carry >> 25);
+  tmp->word[0] = tmp->word[0] + (carry << 6);
+  tmp->word[1] = tmp->word[1] + (tmp->word[0] < (carry << 6)) + (carry >> 26);
+  tmp->word[0] = tmp->word[0] + (carry << 4);
+  tmp->word[1] = tmp->word[1] + (tmp->word[0] < (carry << 4)) + (carry >> 28);
+
   modp256k1_add (X, X, tmp);
-
-  tmp->word[7] = 0;
-  tmp->word[0] = 0;
-  tmp->word[6] = carry;
-  tmp->word[3] = carry;
-  modp256k1_sub (X, X, tmp);
-
-  borrow = bn256_sub (tmp, X, P256K1);
-  if (borrow)
-    memcpy (tmp, X, sizeof (bn256));
-  else
-    memcpy (X, tmp, sizeof (bn256));
-#undef borrow
 }