diff --git a/abe/cpabe/tkn20/example_test.go b/abe/cpabe/tkn20/example_test.go
index 6e2c378af..f3c5f2e27 100644
--- a/abe/cpabe/tkn20/example_test.go
+++ b/abe/cpabe/tkn20/example_test.go
@@ -132,6 +132,6 @@ func Example() {
 	// Output:
 	// (occupation:doctor and country:US)
 	// plaintext size: 27 bytes
-	// ciphertext size: 2735 bytes
+	// ciphertext size: 2741 bytes
 	// Successfully recovered plaintext
 }
diff --git a/abe/cpabe/tkn20/internal/tkn/bk.go b/abe/cpabe/tkn20/internal/tkn/bk.go
index 1d3fc3657..9afa9556a 100644
--- a/abe/cpabe/tkn20/internal/tkn/bk.go
+++ b/abe/cpabe/tkn20/internal/tkn/bk.go
@@ -117,8 +117,8 @@ func EncryptCCA(rand io.Reader, public *PublicParams, policy *Policy, msg []byte
 	if err != nil {
 		return nil, err
 	}
-	macData := appendLenPrefixed(nil, C1)
-	macData = appendLenPrefixed(macData, env)
+	macData := appendLen32Prefixed(nil, C1)
+	macData = appendLen32Prefixed(macData, env)
 
 	tag, err := blakeMac(macKey, macData)
 	if err != nil {
@@ -126,7 +126,7 @@ func EncryptCCA(rand io.Reader, public *PublicParams, policy *Policy, msg []byte
 	}
 
 	ret := appendLenPrefixed(nil, id)
-	ret = appendLenPrefixed(ret, macData)
+	ret = appendLen32Prefixed(ret, macData)
 	ret = appendLenPrefixed(ret, tag)
 
 	return ret, nil
@@ -137,7 +137,7 @@ func DecryptCCA(ciphertext []byte, key *AttributesKey) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	macData, rest, err := removeLenPrefixed(rest)
+	macData, rest, err := removeLen32Prefixed(rest)
 	if err != nil {
 		return nil, err
 	}
@@ -145,11 +145,11 @@ func DecryptCCA(ciphertext []byte, key *AttributesKey) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	C1, envRaw, err := removeLenPrefixed(macData)
+	C1, envRaw, err := removeLen32Prefixed(macData)
 	if err != nil {
 		return nil, err
 	}
-	env, _, err := removeLenPrefixed(envRaw)
+	env, _, err := removeLen32Prefixed(envRaw)
 	if err != nil {
 		return nil, err
 	}
@@ -212,11 +212,11 @@ func CouldDecrypt(ciphertext []byte, a *Attributes) bool {
 	if err != nil {
 		return false
 	}
-	macData, _, err := removeLenPrefixed(rest)
+	macData, _, err := removeLen32Prefixed(rest)
 	if err != nil {
 		return false
 	}
-	C1, _, err := removeLenPrefixed(macData)
+	C1, _, err := removeLen32Prefixed(macData)
 	if err != nil {
 		return false
 	}
@@ -241,11 +241,11 @@ func (p *Policy) ExtractFromCiphertext(ct []byte) error {
 	if err != nil {
 		return fmt.Errorf("invalid ciphertext")
 	}
-	macData, _, err := removeLenPrefixed(rest)
+	macData, _, err := removeLen32Prefixed(rest)
 	if err != nil {
 		return fmt.Errorf("invalid ciphertext")
 	}
-	C1, _, err := removeLenPrefixed(macData)
+	C1, _, err := removeLen32Prefixed(macData)
 	if err != nil {
 		return fmt.Errorf("invalid ciphertext")
 	}
diff --git a/abe/cpabe/tkn20/internal/tkn/util.go b/abe/cpabe/tkn20/internal/tkn/util.go
index 9afbe88a7..0c0f94f1c 100644
--- a/abe/cpabe/tkn20/internal/tkn/util.go
+++ b/abe/cpabe/tkn20/internal/tkn/util.go
@@ -42,14 +42,14 @@ func HashStringToScalar(key []byte, value string) *pairing.Scalar {
 	return s
 }
 
-func appendLenPrefixed(a []byte, b []byte) []byte {
+func appendLen16Prefixed(a []byte, b []byte) []byte {
 	a = append(a, 0, 0)
 	binary.LittleEndian.PutUint16(a[len(a)-2:], uint16(len(b)))
 	a = append(a, b...)
 	return a
 }
 
-func removeLenPrefixed(data []byte) (next []byte, remainder []byte, err error) {
+func removeLen16Prefixed(data []byte) (next []byte, remainder []byte, err error) {
 	if len(data) < 2 {
 		return nil, nil, fmt.Errorf("data too short")
 	}
@@ -60,6 +60,29 @@ func removeLenPrefixed(data []byte) (next []byte, remainder []byte, err error) {
 	return data[2 : 2+itemLen], data[2+itemLen:], nil
 }
 
+var (
+	appendLenPrefixed = appendLen16Prefixed
+	removeLenPrefixed = removeLen16Prefixed
+)
+
+func appendLen32Prefixed(a []byte, b []byte) []byte {
+	a = append(a, 0, 0, 0, 0)
+	binary.LittleEndian.PutUint32(a[len(a)-4:], uint32(len(b)))
+	a = append(a, b...)
+	return a
+}
+
+func removeLen32Prefixed(data []byte) (next []byte, remainder []byte, err error) {
+	if len(data) < 4 {
+		return nil, nil, fmt.Errorf("data too short")
+	}
+	itemLen := int(binary.LittleEndian.Uint32(data))
+	if (4 + itemLen) > len(data) {
+		return nil, nil, fmt.Errorf("data too short")
+	}
+	return data[4 : 4+itemLen], data[4+itemLen:], nil
+}
+
 func marshalBinarySortedMapMatrixG1(m map[string]*matrixG1) ([]byte, error) {
 	sortedKeys := make([]string, 0, len(m))
 	for key := range m {
diff --git a/abe/cpabe/tkn20/testdata/ciphertext b/abe/cpabe/tkn20/testdata/ciphertext
index d96e2cb75..b13e39363 100644
Binary files a/abe/cpabe/tkn20/testdata/ciphertext and b/abe/cpabe/tkn20/testdata/ciphertext differ