diff --git a/Network/CommSec/Package.hs b/Network/CommSec/Package.hs
--- a/Network/CommSec/Package.hs
+++ b/Network/CommSec/Package.hs
@@ -235,7 +235,7 @@
   | aesCtr == maxBound = throw OldContext
   | otherwise =
     let !iv_ct_tag = encryptGCM outKey aesCtr saltOut (pad pt)
-    in (iv_ct_tag, ctx { aesCtr = ((fromIntegral $ B.length pt + 31) `rem` 16) + 1 + aesCtr })
+    in (iv_ct_tag, ctx { aesCtr = 1 + aesCtr })
 
 -- |Given a message length, returns the number of bytes an encoded message
 -- will consume.
@@ -270,7 +270,7 @@
       copyBytes ptPaddedPtr ptPtr ptLen
       memset (ptPaddedPtr `plusPtr` ptLen) padding (fromIntegral padding)
       encryptGCMPtr outKey aesCtr saltOut ptPaddedPtr totalLen pkgPtr
-      return (ctx { aesCtr = (fromIntegral totalLen `rem` 16) + 1 + aesCtr })
+      return (ctx { aesCtr = 1 + aesCtr })
   where
     memset :: Ptr Word8 -> Int -> Word8 -> IO ()
     memset ptr1 len val = mapM_ (\o -> pokeElemOff ptr1 o val) [0..len-1]
diff --git a/commsec.cabal b/commsec.cabal
--- a/commsec.cabal
+++ b/commsec.cabal
@@ -2,7 +2,7 @@
 -- documentation, see http://haskell.org/cabal/users-guide/
 
 name:                commsec
-version:             0.2.1
+version:             0.2.2
 synopsis:            Provide communications security using symmetric ephemeral keys
  description:        This package provides confidentiallity,
                      integrity and replay detection. Users must
