Whole-value substitution attacks can be thwarted by adding contextual information to the plaintext before encrypting it.