diff --git a/modules/decrypt-node/src/verify_stream.ts b/modules/decrypt-node/src/verify_stream.ts
index a52777493..33701bc29 100644
--- a/modules/decrypt-node/src/verify_stream.ts
+++ b/modules/decrypt-node/src/verify_stream.ts
@@ -129,7 +129,11 @@ export class VerifyStream extends PortableTransformWithType {
     const { currentFrame } = state
     if (!currentFrame) {
       const { buffer } = state
-      const frameBuffer = Buffer.concat([buffer, chunk])
+
+      // Buffer.concat can be expensive. If buffer is empty, just use the chunk.
+      const frameBuffer =
+        buffer.length > 0 ? Buffer.concat([buffer, chunk]) : chunk
+
       const frameHeader = decodeBodyHeader(frameBuffer, this._headerInfo, 0)
       if (!frameHeader) {
         // Need more data
@@ -192,13 +196,18 @@ export class VerifyStream extends PortableTransformWithType {
     if (chunk.length && tagLengthBytes > authTagBuffer.length) {
       const left = tagLengthBytes - authTagBuffer.length
       if (left > chunk.length) {
-        state.authTagBuffer = Buffer.concat([authTagBuffer, chunk])
+        // Buffer.concat can be expensive. If buffer is empty, just use the chunk.
+        state.authTagBuffer =
+          authTagBuffer.length > 0
+            ? Buffer.concat([authTagBuffer, chunk])
+            : chunk
         return callback()
       } else {
-        const finalAuthTagBuffer = Buffer.concat(
-          [authTagBuffer, chunk],
-          tagLengthBytes
-        )
+        // Buffer.concat can be expensive. If buffer is empty, just use the chunk.
+        const finalAuthTagBuffer =
+          authTagBuffer.length > 0
+            ? Buffer.concat([authTagBuffer, chunk], tagLengthBytes)
+            : chunk.slice(0, tagLengthBytes)
         if (this._verify) {
           this._verify.update(finalAuthTagBuffer)
         }