Chosenciphertext

Chosen-ciphertext refers to a cryptographic attack model in which an adversary can obtain the decryption of ciphertexts of their choosing. In a chosen-ciphertext attack, the attacker interacts with a decryption oracle and submits ciphertexts for which they receive the corresponding plaintexts. The goal is to defeat the confidentiality guarantees of a cryptosystem, even when the attacker can use decryption as an oracle on many ciphertexts.

There are two main variants: non-adaptive (CCA1) where the attacker’s queries are fixed before receiving any

Examples and defenses: schemes such as RSA-OAEP and Cramer-Shoup achieve IND-CCA security in the standard model.

In formal terms, an IND-CCA security game gives the adversary two messages, provides an encryption of one