diff --git a/NTCPSession.cpp b/NTCPSession.cpp
index 7d53c541..712e8232 100644
--- a/NTCPSession.cpp
+++ b/NTCPSession.cpp
@@ -483,7 +483,7 @@ namespace ntcp
 			*((uint16_t *)sendBuffer) = 0;
 			*((uint32_t *)(sendBuffer + 2)) = htobe32 (time (0));
 		}	
-		int rem = (len + 6) % 16;
+		int rem = (len + 6) & 0x0F; // %16
 		int padding = 0;
 		if (rem > 0) padding = 16 - rem;
 		// TODO: fill padding 
diff --git a/SSU.cpp b/SSU.cpp
index b32bfddb..761d0e6b 100644
--- a/SSU.cpp
+++ b/SSU.cpp
@@ -506,6 +506,7 @@ namespace ssu
 		uint8_t * encrypted = &header->flag;
 		uint16_t encryptedLen = len - (encrypted - buf);
 		m_Encryption.SetKeyWithIV (aesKey, 32, iv);
+		encryptedLen = (encryptedLen>>4)<<4; // make sure 16 bytes boundary 
 		m_Encryption.ProcessData (encrypted, encrypted, encryptedLen);
 		// assume actual buffer size is 18 (16 + 2) bytes more
 		memcpy (buf + len, iv, 16);
@@ -524,7 +525,7 @@ namespace ssu
 		uint8_t * encrypted = &header->flag;
 		uint16_t encryptedLen = len - (encrypted - buf);	
 		m_Decryption.SetKeyWithIV (aesKey, 32, header->iv);
-		encryptedLen = (encryptedLen/16)*16; // make sure 16 bytes boundary
+		encryptedLen = (encryptedLen>>4)<<4; // make sure 16 bytes boundary 
 		m_Decryption.ProcessData (encrypted, encrypted, encryptedLen);
 	}
 
@@ -953,8 +954,8 @@ namespace ssu
 			memcpy (payload, msgBuf, size);
 			
 			size += payload - buf;
-			if (size % 16) // make sure 16 bytes boundary
-				size = (size/16 + 1)*16;
+			if (size & 0x0F) // make sure 16 bytes boundary
+				size = ((size >> 4) + 1) << 4; // (/16 + 1)*16
 			
 			CryptoPP::RandomNumberGenerator& rnd = i2p::context.GetRandomNumberGenerator ();
 			rnd.GenerateBlock (iv, 16); // random iv