diff --git a/libdevcrypto/Common.cpp b/libdevcrypto/Common.cpp
index bd1c80268..14dad127e 100644
--- a/libdevcrypto/Common.cpp
+++ b/libdevcrypto/Common.cpp
@@ -127,9 +127,12 @@ h256 Nonce::get(bool _commit)
 			for (unsigned i = 0; i < 32; ++i)
 				seed[i] = (byte)d(s_eng);
 		}
+		if (!seed)
+			throw InvalidState();
+		
+		// prevent seed reuse if process terminates abnormally
 		writeFile(seedFile, bytes());
 	}
-	assert(seed);
 	h256 prev(seed);
 	sha3(prev.ref(), seed.ref());
 	if (_commit)
diff --git a/libdevcrypto/Common.h b/libdevcrypto/Common.h
index 167621ec0..7e74c754d 100644
--- a/libdevcrypto/Common.h
+++ b/libdevcrypto/Common.h
@@ -26,6 +26,7 @@
 
 #include <libdevcore/Common.h>
 #include <libdevcore/FixedHash.h>
+#include <libdevcore/Exceptions.h>
 
 namespace dev
 {
@@ -113,6 +114,8 @@ private:
 
 namespace crypto
 {
+struct InvalidState: virtual Exception {};
+	
 /**
  * @brief Generator for nonce material
  */
diff --git a/libdevcrypto/EC.cpp b/libdevcrypto/EC.cpp
index 890b7e2f4..fd64f60d0 100644
--- a/libdevcrypto/EC.cpp
+++ b/libdevcrypto/EC.cpp
@@ -44,10 +44,15 @@ void crypto::toPublic(Secret const& _s, Public& o_public)
 
 h256 crypto::kdf(Secret const& _priv, h256 const& _hash)
 {
+	// H(H(r||k)^h)
 	h256 s;
 	sha3mac(Nonce::get().ref(), _priv.ref(), s.ref());
-	assert(s);
-	return sha3((_hash ^ s).asBytes());
+	s ^= _hash;
+	sha3(s.ref(), s.ref());
+	
+	if (!s || !_hash || !_priv)
+		throw InvalidState();
+	return std::move(s);
 }
 
 void crypto::encrypt(Public const& _k, bytes& io_cipher)
@@ -96,7 +101,8 @@ Signature crypto::sign(Secret const& _key, h256 const& _hash)
 	Integer e(_hash.asBytes().data(), 32);
 
 	Integer k(kdf(_key, _hash).data(), 32);
-	assert(k);
+	if (k == 0)
+		throw InvalidState();
 	k = 1 + (k % (qs - 1));
 	
 	ECP::Point rp = secp256k1Params.ExponentiateBase(k);