Abstract: Security against the chosen ciphertext attack of PKC is discussed(simply denoted by chosen ciphertext security of IND-CCA2). Some schemes which make general PKCs IND-CCA2 are compared and analyzed, on the basis of which we classify all the present methods which can obtain IND-CCA2 and find a common idea among them, which is the contruction of a test of ciphertext validity. Finally a problem in the IND-CCA2 security proof of OAEP+ is pointed out together with its two solutions.

Key words: chosen ciphertext attack, random oracle, provable security, IND-CCA2