diff --git a/common/crypto/auth.go b/common/crypto/auth.go
index 0e38e58f1..b0a735168 100644
--- a/common/crypto/auth.go
+++ b/common/crypto/auth.go
@@ -102,7 +102,7 @@ func (v *AuthenticationReader) NextChunk() error {
 		return errors.New("AuthenticationReader: invalid packet size.")
 	}
 	cipherChunk := v.buffer.BytesRange(2, size+2)
-	plainChunk, err := v.auth.Open(cipherChunk, cipherChunk)
+	plainChunk, err := v.auth.Open(cipherChunk[:0], cipherChunk)
 	if err != nil {
 		return err
 	}
@@ -131,7 +131,9 @@ func (v *AuthenticationReader) EnsureChunk() error {
 			return nil
 		}
 		if err == errInsufficientBuffer {
-			if !v.buffer.IsEmpty() {
+			if v.buffer.IsEmpty() {
+				v.buffer.Clear()
+			} else {
 				leftover := v.buffer.Bytes()
 				v.buffer.SetBytesFunc(func(b []byte) int {
 					return copy(b, leftover)
@@ -175,10 +177,11 @@ func NewAuthenticationWriter(auth Authenticator, writer io.Writer) *Authenticati
 }
 
 func (v *AuthenticationWriter) Write(b []byte) (int, error) {
-	cipherChunk, err := v.auth.Seal(v.buffer[2:], b)
+	cipherChunk, err := v.auth.Seal(v.buffer[2:2], b)
 	if err != nil {
 		return 0, err
 	}
+
 	serial.Uint16ToBytes(uint16(len(cipherChunk)), v.buffer[:0])
 	_, err = v.writer.Write(v.buffer[:2+len(cipherChunk)])
 	return len(b), err
diff --git a/proxy/vmess/encoding/auth.go b/proxy/vmess/encoding/auth.go
index ffc7762dd..95a88beb5 100644
--- a/proxy/vmess/encoding/auth.go
+++ b/proxy/vmess/encoding/auth.go
@@ -26,7 +26,7 @@ func (v *FnvAuthenticator) Overhead() int {
 }
 
 func (v *FnvAuthenticator) Seal(dst, nonce, plaintext, additionalData []byte) []byte {
-	dst = serial.Uint32ToBytes(Authenticate(plaintext), dst[:0])
+	dst = serial.Uint32ToBytes(Authenticate(plaintext), dst)
 	return append(dst, plaintext...)
 }
 
@@ -34,7 +34,7 @@ func (v *FnvAuthenticator) Open(dst, nonce, ciphertext, additionalData []byte) (
 	if serial.BytesToUint32(ciphertext[:4]) != Authenticate(ciphertext[4:]) {
 		return dst, crypto.ErrAuthenticationFailed
 	}
-	return append(dst[:0], ciphertext[4:]...), nil
+	return append(dst, ciphertext[4:]...), nil
 }
 
 func GenerateChacha20Poly1305Key(b []byte) []byte {
diff --git a/proxy/vmess/encoding/client.go b/proxy/vmess/encoding/client.go
index 71d9a361d..287988e88 100644
--- a/proxy/vmess/encoding/client.go
+++ b/proxy/vmess/encoding/client.go
@@ -136,25 +136,25 @@ func (v *ClientSession) EncodeRequestBody(request *protocol.RequestHeader, write
 			authWriter = cryptionWriter
 		}
 	} else if request.Security.Is(protocol.SecurityType_AES128_GCM) {
-		block, _ := aes.NewCipher(v.responseBodyKey)
+		block, _ := aes.NewCipher(v.requestBodyKey)
 		aead, _ := cipher.NewGCM(block)
 
 		auth := &crypto.AEADAuthenticator{
 			AEAD: aead,
 			NonceGenerator: &ChunkNonceGenerator{
-				Nonce: append([]byte(nil), v.responseBodyIV...),
+				Nonce: append([]byte(nil), v.requestBodyIV...),
 				Size:  aead.NonceSize(),
 			},
 			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 		}
 		authWriter = crypto.NewAuthenticationWriter(auth, writer)
 	} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
-		aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.responseBodyKey))
+		aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.requestBodyKey))
 
 		auth := &crypto.AEADAuthenticator{
 			AEAD: aead,
 			NonceGenerator: &ChunkNonceGenerator{
-				Nonce: append([]byte(nil), v.responseBodyIV...),
+				Nonce: append([]byte(nil), v.requestBodyIV...),
 				Size:  aead.NonceSize(),
 			},
 			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
@@ -266,7 +266,7 @@ type ChunkNonceGenerator struct {
 }
 
 func (v *ChunkNonceGenerator) Next() []byte {
-	serial.Uint16ToBytes(v.count, v.Nonce[:2])
+	serial.Uint16ToBytes(v.count, v.Nonce[:0])
 	v.count++
 	return v.Nonce[:v.Size]
 }
diff --git a/proxy/vmess/encoding/server.go b/proxy/vmess/encoding/server.go
index 6cd12fb49..082a89a2e 100644
--- a/proxy/vmess/encoding/server.go
+++ b/proxy/vmess/encoding/server.go
@@ -183,25 +183,25 @@ func (v *ServerSession) DecodeRequestBody(request *protocol.RequestHeader, reade
 			authReader = cryptionReader
 		}
 	} else if request.Security.Is(protocol.SecurityType_AES128_GCM) {
-		block, _ := aes.NewCipher(v.responseBodyKey)
+		block, _ := aes.NewCipher(v.requestBodyKey)
 		aead, _ := cipher.NewGCM(block)
 
 		auth := &crypto.AEADAuthenticator{
 			AEAD: aead,
 			NonceGenerator: &ChunkNonceGenerator{
-				Nonce: append([]byte(nil), v.responseBodyIV...),
+				Nonce: append([]byte(nil), v.requestBodyIV...),
 				Size:  aead.NonceSize(),
 			},
 			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},
 		}
 		authReader = crypto.NewAuthenticationReader(auth, reader, aggressive)
 	} else if request.Security.Is(protocol.SecurityType_CHACHA20_POLY1305) {
-		aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.responseBodyKey))
+		aead, _ := chacha20poly1305.New(GenerateChacha20Poly1305Key(v.requestBodyKey))
 
 		auth := &crypto.AEADAuthenticator{
 			AEAD: aead,
 			NonceGenerator: &ChunkNonceGenerator{
-				Nonce: append([]byte(nil), v.responseBodyIV...),
+				Nonce: append([]byte(nil), v.requestBodyIV...),
 				Size:  aead.NonceSize(),
 			},
 			AdditionalDataGenerator: crypto.NoOpBytesGenerator{},