Why not see if the scheme could handle its own decryption function, even while keeping the data secret, to remove enough noise to let the whole process continue?
In fact, I would go so far as to say that the authorization scheme is not complete until there is nothing that you can remove or simplify without breaking it.