diff --git a/ChangeLog b/ChangeLog
index b99e6d0..220c21e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2014-06-19  Niibe Yutaka  <gniibe@fsij.org>
+
+	* src/ecc-mont.c (compute_nQ): Add comment.
+
+	* src/mod.c (mod_inv): Fix comment. X^-1 = 0 when X=0
+	is important for Montgomery curve computation.
+
 2014-06-05  Niibe Yutaka  <gniibe@fsij.org>
 
 	* tool/add_openpgp_authkey_from_gpgssh.py: New.
diff --git a/src/ecc-mont.c b/src/ecc-mont.c
index 41eb9ea..804419d 100644
--- a/src/ecc-mont.c
+++ b/src/ecc-mont.c
@@ -185,6 +185,11 @@ compute_nQ (bn256 *res, const bn256 *n, const bn256 *q_x)
     }
 
   /* We know the LSB of N is always 0.  Thus, result is always in P0.  */
+  /*
+   * p0->z may be zero here, but our mod_inv doesn't raise error for 0,
+   * but returns 0 (like the implementation of z^(p-2)), thus, RES will
+   * be 0 in that case, which is correct value.
+   */
   mod_inv (res, p0->z, p25519);
   mod25638_mul (res, res, p0->x);
   mod25519_reduce (res);
diff --git a/src/mod.c b/src/mod.c
index 7d405e8..98b003e 100644
--- a/src/mod.c
+++ b/src/mod.c
@@ -147,7 +147,7 @@ mod_reduce (bn256 *X, const bn512 *A, const bn256 *B, const bn256 *MU_lower)
  * @brief C = X^(-1) mod N
  * 
  * Assume X and N are co-prime (or N is prime).
- * If N==0, return 0.
+ * NOTE: If X==0, it return 0.
  *
  */
 void