From semantic security to chosen ciphertext security
A chosen ciphertext attack against the RSA encryption standard PKCS#1 v1.5 was introduced by Daniel Bleichenbacher at Crypto '98. This attack was the first example where an adaptive chosen ciphertext attack is not just a theoretical concept but a practical method to crack a semantically secure encryption scheme.
This paper reviews the notion of the semantic security which was believed to be secure enough in reality and the reason for which this belief was denied. The paper also presents a demonstration of the Bleichenbacher's attack by using a simplified version of PKCS#1 v1.5 format.