diff --git a/python/chilldkg_ref/encpedpop.py b/python/chilldkg_ref/encpedpop.py
index acb923e..338c299 100644
--- a/python/chilldkg_ref/encpedpop.py
+++ b/python/chilldkg_ref/encpedpop.py
@@ -94,7 +94,7 @@ def decrypt_sum(
     if idx >= len(pubnonces):
         raise IndexError
     context_ = idx.to_bytes(4, byteorder="big") + context
-    secshare = sum_ciphertexts
+    sum_plaintexts = sum_ciphertexts
     for i, pubnonce in enumerate(pubnonces):
         if i == idx:
             pad = self_pad(deckey, context_)
@@ -106,8 +106,8 @@ def decrypt_sum(
                 context=context_,
                 sending=False,
             )
-        secshare = secshare - pad
-    return secshare
+        sum_plaintexts = sum_plaintexts - pad
+    return sum_plaintexts
 
 
 ###
@@ -243,5 +243,10 @@ def coordinator_step(
     # in encpedpop.CoordinatorMsg, but only return it as a side output, so that
     # chilldkg.coordinator_step can pick it up. Implementations of pure
     # EncPedPop will need to decide how to transmit enc_secshares[i] to
-    # participant i; we leave this unspecified.
-    return CoordinatorMsg(simpl_cmsg, pubnonces), dkg_output, eq_input, enc_secshares
+    # participant i for participant_step2(); we leave this unspecified.
+    return (
+        CoordinatorMsg(simpl_cmsg, pubnonces),
+        dkg_output,
+        eq_input,
+        enc_secshares,
+    )
diff --git a/python/chilldkg_ref/simplpedpop.py b/python/chilldkg_ref/simplpedpop.py
index fbaad92..23069a8 100644
--- a/python/chilldkg_ref/simplpedpop.py
+++ b/python/chilldkg_ref/simplpedpop.py
@@ -171,17 +171,15 @@ def coordinator_step(
 ) -> Tuple[CoordinatorMsg, DKGOutput, bytes]:
     # Sum the commitments to the i-th coefficients for i > 0
     #
-    # This procedure is introduced by Pedersen in Section 5.1 of
-    # 'Non-Interactive and Information-Theoretic Secure Verifiable Secret
-    # Sharing'.
-    #
-    # We cannot sum the commitments to the secrets (i == 0) because they'll be
-    # necessary to check the pops.
+    # This procedure corresponds to the one described by Pedersen in Section 5.1
+    # of "Non-Interactive and Information-Theoretic Secure Verifiable Secret
+    # Sharing". However, we don't sum the commitments to the secrets (i == 0)
+    # because they'll be necessary to check the pops.
     coms_to_secrets = [pmsg.com.commitment_to_secret() for pmsg in pmsgs]
     # But we can sum the commitments to the non-constant terms.
     sum_coms_to_nonconst_terms = [
         GE.sum(*(pmsg.com.commitment_to_nonconst_terms()[j] for pmsg in pmsgs))
-        for j in range(0, t - 1)
+        for j in range(t - 1)
     ]
     pops = [pmsg.pop for pmsg in pmsgs]
     cmsg = CoordinatorMsg(coms_to_secrets, sum_coms_to_nonconst_terms, pops)
diff --git a/python/chilldkg_ref/vss.py b/python/chilldkg_ref/vss.py
index b6676b0..424bcd2 100644
--- a/python/chilldkg_ref/vss.py
+++ b/python/chilldkg_ref/vss.py
@@ -93,7 +93,8 @@ def secshare_for(self, i: int) -> Scalar:
         # Return the secret share for the participant with index i.
         #
         # This computes f(i+1).
-
+        if i < 0:
+            raise ValueError(f"Invalid participant index: {i}")
         x = Scalar(i + 1)
         # Ensure we don't compute f(0), which is the secret.
         assert x != Scalar(0)