diff --git a/dnscrypt-proxy/crypto.go b/dnscrypt-proxy/crypto.go
index c2c30d85..08c23a88 100644
--- a/dnscrypt-proxy/crypto.go
+++ b/dnscrypt-proxy/crypto.go
@@ -88,7 +88,7 @@ func (proxy *Proxy) Decrypt(serverInfo *ServerInfo, encrypted []byte, nonce []by
 	}
 	var packet []byte
 	var err error
-	if serverInfo.CryptoConstruction == XChacha20Poly1305 {
+	if serverInfo.CryptoConstruction == XChacha20Poly1305 || serverInfo.CryptoConstruction == SIDHXChacha20Poly1305 {
 		packet, err = xsecretbox.Open(nil, serverNonce, encrypted[responseHeaderLen:], serverInfo.SharedKey[:])
 	} else {
 		var xsalsaServerNonce [24]byte
diff --git a/dnscrypt-proxy/dnscrypt_certs.go b/dnscrypt-proxy/dnscrypt_certs.go
index 49f67ef1..30c7e26b 100644
--- a/dnscrypt-proxy/dnscrypt_certs.go
+++ b/dnscrypt-proxy/dnscrypt_certs.go
@@ -151,7 +151,11 @@ func FetchCurrentDNSCryptCert(proxy *Proxy, serverName *string, proto string, pk
 		certInfo.SharedKey = sharedKey
 		highestSerial = serial
 		certInfo.CryptoConstruction = cryptoConstruction
-		copy(certInfo.MagicQuery[:], binCert[104:112])
+		if cryptoConstruction == SIDHXChacha20Poly1305 {
+			copy(certInfo.MagicQuery[:], binCert[636:644])
+		} else {
+			copy(certInfo.MagicQuery[:], binCert[104:112])
+		}
 		if isNew {
 			dlog.Noticef("[%s] OK (crypto v%d) - rtt: %dms", *serverName, cryptoConstruction, rtt.Nanoseconds()/1000000)
 		} else {