From these pieces of information the adversary can attempt to recover the secret key used for decryption.
Designers of tamper-resistant cryptographic smart cards must be particularly cognizant of these attacks, as these devices may be completely under the control of an adversary, who can issue a large number of chosen-ciphertexts in an attempt to recover the hidden secret key.
It was not clear at all whether public key cryptosystems could withstand the chosen ciphertext attack until the initial breakthrough work of Moni Naor and Moti Yung in 1990, which suggested a mode of dual encryption with integrity proof (now known as the "Naor-Yung" encryption paradigm).
This can be more difficult than it appears, as even partially chosen ciphertexts can permit subtle attacks.
Additionally, other issues exist and some cryptosystems (such as RSA) use the same mechanism to sign messages and to decrypt them.
For example, the Cramer-Shoup system[5] is secure based on number theoretic assumptions and no idealization, and after a number of subtle investigations it was also established that the practical scheme RSA-OAEP is secure under the RSA assumption in the idealized random oracle model.