In EUROCRYPT 2009, Hofheinz and Kiltz introduced a new practical chosen ciphertext secure public-key encryption scheme under the assumption that factoring is intractable. They also proposed a variant that features a slightly more efficient decryption but unfortunately leads to large public key, of size about O(k), where k is a security parameter. In this paper, we propose a novel method to balance the efficiency and the key size of those previous two schemes. Although the public key in our scheme only consists of one RSA modulus and three group elements, it is still more efficient at decrypting than Hofheinz and Kiltz's scheme. By remarking that under certain assumptions factoring the modulus is still hard over much smaller subgroups of signed quadratic residues (i.e., semismooth subgroup), we were able to construct a new scheme that performs extremely efficient decryption. In fact, to date, this is the most efficient scheme for decryption among all public-key encryption schemes (mainly including Hofheinz and Kiltz's schemes and their follow-up works) whose security against chosen ciphertext attacks is based on the intractability of factoring in the standard model. Copyright © 2012 John Wiley & Sons, Ltd.