diff --git a/src/secp256k1.c b/src/secp256k1.c
index a9e5a6d0..42b8df73 100644
--- a/src/secp256k1.c
+++ b/src/secp256k1.c
@@ -300,8 +300,10 @@ static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *m
    /* We feed a byte array to the PRNG as input, consisting of:
     * - the private key (32 bytes) and message (32 bytes), see RFC 6979 3.2d.
     * - optionally 32 extra bytes of data, see RFC 6979 3.6 Additional Data.
-    * - optionally 16 extra bytes with the algorithm name (the extra data bytes
-    *   are set to zeroes when not present, while the algorithm name is).
+    * - optionally 16 extra bytes with the algorithm name.
+    * Because the arguments have distinct fixed lengths it is not possible for
+    *  different argument mixtures to emulate each other and result in the same
+    *  nonces.
     */
    memcpy(keydata, key32, 32);
    memcpy(keydata + 32, msg32, 32);
@@ -310,9 +312,8 @@ static int nonce_function_rfc6979(unsigned char *nonce32, const unsigned char *m
        keylen = 96;
    }
    if (algo16 != NULL) {
-       memset(keydata + keylen, 0, 96 - keylen);
-       memcpy(keydata + 96, algo16, 16);
-       keylen = 112;
+       memcpy(keydata + keylen, algo16, 16);
+       keylen += 16;
    }
    secp256k1_rfc6979_hmac_sha256_initialize(&rng, keydata, keylen);
    memset(keydata, 0, sizeof(keydata));
diff --git a/src/tests.c b/src/tests.c
index 0e047173..2d8de12d 100644
--- a/src/tests.c
+++ b/src/tests.c
@@ -2960,6 +2960,34 @@ void test_ecdsa_edge_cases(void) {
         key[0] = 0;
     }
 
+    {
+        /* Check that optional nonce arguments do not have equivilent effect. */
+        const unsigned char zeros[32] = {0};
+        unsigned char nonce[32];
+        unsigned char nonce2[32];
+        unsigned char nonce3[32];
+        unsigned char nonce4[32];
+        VG_UNDEF(nonce,32);
+        VG_UNDEF(nonce2,32);
+        VG_UNDEF(nonce3,32);
+        VG_UNDEF(nonce4,32);
+        CHECK(nonce_function_rfc6979(nonce, zeros, zeros, NULL, NULL, 0) == 1);
+        VG_CHECK(nonce,32);
+        CHECK(nonce_function_rfc6979(nonce2, zeros, zeros, zeros, NULL, 0) == 1);
+        VG_CHECK(nonce2,32);
+        CHECK(nonce_function_rfc6979(nonce3, zeros, zeros, NULL, (void *)zeros, 0) == 1);
+        VG_CHECK(nonce3,32);
+        CHECK(nonce_function_rfc6979(nonce4, zeros, zeros, zeros, (void *)zeros, 0) == 1);
+        VG_CHECK(nonce4,32);
+        CHECK(memcmp(nonce, nonce2, 32) != 0);
+        CHECK(memcmp(nonce, nonce3, 32) != 0);
+        CHECK(memcmp(nonce, nonce4, 32) != 0);
+        CHECK(memcmp(nonce2, nonce3, 32) != 0);
+        CHECK(memcmp(nonce2, nonce4, 32) != 0);
+        CHECK(memcmp(nonce3, nonce4, 32) != 0);
+    }
+
+
     /* Privkey export where pubkey is the point at infinity. */
     {
         unsigned char privkey[300];