For block ciphers, a chosen ciphertext attack is no better than a chosen plaintext attack and harder to mount in practice. For a self-synchronizing stream cipher, a chosen ciphertext attack can be useful as the key used to encipher each byte depends on the previous ciphertext. It is possible to use a chosen ciphertext attack to get an arbitrary message signed with RSA, if messages are signed without hashing.
wikipedia.org dumped 2003-03-17 with terodump