diff --git a/crates/derive/keyfork-derive-util/src/extended_key/private_key.rs b/crates/derive/keyfork-derive-util/src/extended_key/private_key.rs
index bfd8ca1..f13969d 100644
--- a/crates/derive/keyfork-derive-util/src/extended_key/private_key.rs
+++ b/crates/derive/keyfork-derive-util/src/extended_key/private_key.rs
@@ -179,6 +179,10 @@ where
             .into_bytes();
         let (private_key, chain_code) = hash.split_at(KEY_SIZE / 8);
 
+        // NOTE: Could potentially cause side-channel attacks, but Rust will likely optimize any
+        // possible comparison I could make anyways. This is kept as-is for clarity's sake, but can
+        // potentially leak information about the first few bytes of a key, such as if they all
+        // happen to be zero.
         assert!(
             !private_key.iter().all(|byte| *byte == 0),
             bug!("hmac function returned all-zero master key")