diff --git a/lib/kadm5/keys.c b/lib/kadm5/keys.c
index 4da157231..ed7cc8346 100644
--- a/lib/kadm5/keys.c
+++ b/lib/kadm5/keys.c
@@ -63,6 +63,56 @@ _kadm5_init_keys (Key *keys, int len)
     }
 }
 
+
+/*
+ * return 1 if any key in `keys1, len1' exists in `keys2, len2'
+ */
+static int
+_kadm5_exists_keys(Key *keys1, int len1, Key *keys2, int len2)
+{
+    size_t i, j;
+    size_t optimize;
+
+    for (i = 0; i < len1; ++i) {
+	optimize = 0;
+	for (j = 0; j < len2; j++) {
+	    if ((keys1[i].salt != NULL && keys2[j].salt == NULL)
+		|| (keys1[i].salt == NULL && keys2[j].salt != NULL))
+		continue;
+
+	    if (keys1[i].salt != NULL) {
+		if (keys1[i].salt->type != keys2[j].salt->type)
+		    continue;
+		if (keys1[i].salt->salt.length != keys2[j].salt->salt.length)
+		    continue;
+		if (memcmp (keys1[i].salt->salt.data, keys2[j].salt->salt.data,
+			    keys1[i].salt->salt.length) != 0)
+		    continue;
+	    }
+	    if (keys1[i].key.keytype != keys2[j].key.keytype)
+		continue;
+	    optimize = 1;
+	    if (keys1[i].key.keyvalue.length != keys2[j].key.keyvalue.length)
+		continue;
+	    if (memcmp (keys1[i].key.keyvalue.data, keys2[j].key.keyvalue.data,
+			keys1[i].key.keyvalue.length) != 0)
+		continue;
+
+	    return 1;
+	}
+
+	/*
+	 * Optimization: no need to check all of keys1[] if one there
+	 * was one key in keys2[] with matching enctype and salt but not
+	 * matching key.  Assumption: all keys in keys1[] and keys2[]
+	 * are output by string2key.
+	 */
+	if (optimize)
+	    return 0;
+    }
+    return 0;
+}
+
 /*
  * return 1 if any key in `keys1, len1' exists in hist_keys
  */
@@ -80,49 +130,3 @@ _kadm5_exists_keys_hist(Key *keys1, int len1, HDB_Ext_KeySet *hist_keys)
 
     return 0;
 }
-
-
-/*
- * return 1 if any key in `keys1, len1' exists in `keys2, len2'
- */
-int
-_kadm5_exists_keys(Key *keys1, int len1, Key *keys2, int len2)
-{
-    size_t i, j;
-    size_t checked_all_this_enctype;
-
-    for (i = 0; i < len1; ++i) {
-	checked_all_this_enctype = 1;
-	for (j = 0; j < len2; j++) {
-	    if ((keys1[i].salt != NULL && keys2[j].salt == NULL)
-		|| (keys1[i].salt == NULL && keys2[j].salt != NULL))
-		continue;
-
-	    if (keys1[i].salt != NULL) {
-		if (keys1[i].salt->type != keys2[j].salt->type)
-		    continue;
-		if (keys1[i].salt->salt.length != keys2[j].salt->salt.length)
-		    continue;
-		if (memcmp (keys1[i].salt->salt.data, keys2[j].salt->salt.data,
-			    keys1[i].salt->salt.length) != 0)
-		    continue;
-	    }
-	    if (keys1[i].key.keytype != keys2[j].key.keytype) {
-		checked_all_this_enctype = 0;
-		continue;
-	    }
-	    if (keys1[i].key.keyvalue.length != keys2[j].key.keyvalue.length)
-		continue;
-	    if (memcmp (keys1[i].key.keyvalue.data, keys2[j].key.keyvalue.data,
-			keys1[i].key.keyvalue.length) != 0)
-		continue;
-
-	    return 1;
-	}
-
-	/* Optimization */
-	if (checked_all_this_enctype)
-	    return 0;
-    }
-    return 0;
-}