diff --git a/Cargo.toml b/Cargo.toml
index 5b0c8ed..d19fa7e 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -31,3 +31,5 @@ harness = false
 [features]
 entangled = ["brute-force"]
 
+
+
diff --git a/README.md b/README.md
index d6cb1d5..2c74c6e 100644
--- a/README.md
+++ b/README.md
@@ -172,4 +172,5 @@ For more guidance on integrating fuzzytags into a privacy preserving application
 
 - Based on [Fuzzy Message Detection](https://eprint.iacr.org/2021/089) by Gabrielle Beck and Julia Len and Ian Miers and Matthew Green
 - Performance & API improvements contributed by Henry de Valence
-- Universal Tag Bug found by [Lee Bousfield](https://github.com/PlasmaPower/)
\ No newline at end of file
+- Universal Tag Bug found by [Lee Bousfield](https://github.com/PlasmaPower/)
+- Thanks to Henry de Valence, George Tankersly, Lee Bousfield and others for helpful discussions.
\ No newline at end of file
diff --git a/src/lib.rs b/src/lib.rs
index 9438dcd..29687e4 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -342,7 +342,7 @@ impl<const GAMMA: u8> DetectionKey<{ GAMMA }> {
                 Some(true) => 0x01,
                 Some(false) => 0x00,
                 _ => 0x00,
-                // we've run our of ciphertext, it doesn't really matter what we put here, the rest of the test will fail
+                // we've run out of ciphertext, it doesn't really matter what we put here, the rest of the test will fail
                 // since the security of k_i is modelled as a random oracle, (k_i ^ 0) should also be random
             };
 
@@ -512,6 +512,7 @@ mod tests {
         let tag = secret.tagging_key().generate_tag();
         let detection_key = secret.extract_detection_key(10);
         let serialized_tag = serde_json::to_string(&tag).unwrap();
+        println!("{}", serialized_tag);
         let deserialized_tag: Tag<15> = serde_json::from_str(&serialized_tag).unwrap();
         assert_eq!(tag.compress(), deserialized_tag.compress());
         assert_eq!(true, detection_key.test_tag(&deserialized_tag));
@@ -534,6 +535,22 @@ mod tests {
         assert_eq!(true, detection_key.test_tag(&deserialized_tag));
     }
 
+    #[test]
+    fn test_invalid_serializations() {
+        let deserialized_tag: Option<Tag<24>> = serde_json::from_str("[0,1,2]").unwrap_or(None);
+        assert_eq!(deserialized_tag, None);
+
+        // too short (ciphertext)
+        let deserialized_tag: Result<Tag<15>, serde_json::Error> = serde_json::from_str("[140,198,182,161,124,132,111,222,62,235,59,249,152,203,170,89,150,27,251,252,41,159,134,34,112,61,117,249,35,126,29,1,100,157,229,106,42,68,167,89,109,137,234,37,124,139,59,116,221,74,24,229,97,154,7,34,236,248,90,130,150,116,182,11]
+");
+        assert_eq!(deserialized_tag.is_ok(), false);
+
+        // much too short
+        let deserialized_tag: Option<Tag<15>> = serde_json::from_str("[140,198,182,161,124,132,111,222,62,235,59,249,152,203,170,89,150,27,251,252,41,159,134,34,112,61,117,249,35,126,29,1,100,157,229,106,42,68,167,89,109,137,234,37,124,139,59,116,221,74,24,229,97,154,7,34,236]
+").unwrap_or(None);
+        assert_eq!(deserialized_tag, None);
+    }
+
     #[test]
     #[cfg(feature = "entangled")]
     fn test_multiple() {