diff --git a/src/algorithms/rsa.rs b/src/algorithms/rsa.rs
index 81e1b83e..d758ca22 100644
--- a/src/algorithms/rsa.rs
+++ b/src/algorithms/rsa.rs
@@ -89,8 +89,12 @@ pub fn rsa_decrypt<R: CryptoRngCore + ?Sized>(
         // reduce c first
         // TODO: constant time
         // TODO: store NonZero?
-        let c = c.rem_vartime(&NonZero::new(p.clone()).unwrap());
+        let c = c
+            .rem_vartime(&NonZero::new(p.clone()).unwrap())
+            .widen(p_params.bits_precision());
+        std::dbg!(c.bits_precision(), p_params.bits_precision());
         let cp = BoxedResidue::new(c.clone(), p_params.clone());
+        std::dbg!(cp.bits_precision(), dp.bits_precision());
         let mut m1 = cp.pow(&dp);
         // m2 = c^dQ mod q
         let cq = BoxedResidue::new(c, q_params.clone());
@@ -114,7 +118,7 @@ pub fn rsa_decrypt<R: CryptoRngCore + ?Sized>(
     match ir {
         Some(ref ir) => {
             // unblind
-            let res = unblind(&m, ir, n_params);
+            let res = unblind(&m.widen(n.bits_precision()), ir, n_params);
             Ok(res)
         }
         None => Ok(m),
diff --git a/src/key.rs b/src/key.rs
index 046e9c9c..f4d28140 100644
--- a/src/key.rs
+++ b/src/key.rs
@@ -442,9 +442,9 @@ impl RsaPrivateKey {
         let q_params = BoxedResidueParams::new_vartime(q.clone()).unwrap();
 
         let x = NonZero::new(p.wrapping_sub(&BoxedUint::one())).unwrap();
-        let dp = d.rem_vartime(&x);
+        let dp = d.rem_vartime(&x).widen(p_params.bits_precision());
         let x = NonZero::new(q.wrapping_sub(&BoxedUint::one())).unwrap();
-        let dq = d.rem_vartime(&x);
+        let dq = d.rem_vartime(&x).widen(q_params.bits_precision());
         let qinv = BoxedResidue::new(q.clone(), p_params.clone());
         let qinv = qinv.invert();
         if qinv.is_none().into() {