My two cents:
Decryption is slowed down by the wrong use of RSA in encryption. RSA should only de/encrypt an AES (or any other block cipher) key, then AES decryption should be much more faster. It implies the need for a new version of encrypted forms.
This is a re-post of a comment on