diff --git a/lightningd/channel/channel.c b/lightningd/channel/channel.c
index 9467b95b5..58a85b812 100644
--- a/lightningd/channel/channel.c
+++ b/lightningd/channel/channel.c
@@ -655,7 +655,7 @@ static void handle_peer_revoke_and_ack(struct peer *peer, const u8 *msg)
 	 * generated by the protocol in [BOLT #3]
 	 */
 	if (!shachain_add_hash(&peer->their_shachain,
-			       281474976710655ULL - peer->commit_index[REMOTE],
+			       shachain_index(peer->commit_index[REMOTE]),
 			       &old_commit_secret)) {
 		peer_failed(io_conn_fd(peer->peer_conn),
 			    &peer->pcs.cs,
diff --git a/lightningd/derive_basepoints.c b/lightningd/derive_basepoints.c
index 003d56f13..ba3f85c71 100644
--- a/lightningd/derive_basepoints.c
+++ b/lightningd/derive_basepoints.c
@@ -40,11 +40,7 @@ bool derive_basepoints(const struct privkey *seed,
 	 */
 	*shaseed = keys.shaseed;
 
-	/* BOLT #3:
-	 *
-	 * the first secret used MUST be index 281474976710655, and then the
-	 * index decremented. */
-	shachain_from_seed(shaseed, 281474976710655ULL - per_commit_index,
+	shachain_from_seed(shaseed, shachain_index(per_commit_index),
 			   &per_commit_secret);
 
 	/* BOLT #3:
@@ -71,14 +67,13 @@ bool next_per_commit_point(const struct sha256 *shaseed,
 
 	/* Get old secret. */
 	if (per_commit_index > 0)
-		shachain_from_seed(shaseed, 281474976710655ULL
-				   - (per_commit_index - 1),
+		shachain_from_seed(shaseed, shachain_index(per_commit_index - 1),
 				   old_commit_secret);
 	else
 		assert(old_commit_secret == NULL);
 
 	/* Derive new per-commitment-point. */
-	shachain_from_seed(shaseed, 281474976710655ULL - (per_commit_index + 1),
+	shachain_from_seed(shaseed, shachain_index(per_commit_index + 1),
 			   &per_commit_secret);
 
 	/* BOLT #3:
diff --git a/lightningd/derive_basepoints.h b/lightningd/derive_basepoints.h
index 89d7c1ed5..c92e4e423 100644
--- a/lightningd/derive_basepoints.h
+++ b/lightningd/derive_basepoints.h
@@ -33,4 +33,14 @@ bool next_per_commit_point(const struct sha256 *shaseed,
 			   struct pubkey *per_commit_point,
 			   u64 per_commit_index);
 
+/* BOLT #3:
+ *
+ * the first secret used MUST be index 281474976710655, and then the index
+ * decremented.
+ */
+static inline u64 shachain_index(u64 per_commit_index)
+{
+	assert(per_commit_index < (1ULL << 48));
+	return 281474976710655ULL - per_commit_index;
+}
 #endif /* LIGHTNING_LIGHTNINGD_DERIVE_BASEPOINTS_H */