diff --git a/tpke/src/ciphertext.rs b/tpke/src/ciphertext.rs
index 6e8afc91..7249cdcc 100644
--- a/tpke/src/ciphertext.rs
+++ b/tpke/src/ciphertext.rs
@@ -81,6 +81,9 @@ pub fn decrypt<E: PairingEngine>(
     ciphertext: &Ciphertext<E>,
     privkey: E::G2Affine,
 ) -> Vec<u8> {
+    if !check_ciphertext_validity(ciphertext) {
+        panic!("Ciphertext is invalid");
+    }
     let s = E::product_of_pairings(&[(
         E::G1Prepared::from(ciphertext.nonce),
         E::G2Prepared::from(privkey),
diff --git a/tpke/src/lib.rs b/tpke/src/lib.rs
index c448b3ed..13c3efd0 100644
--- a/tpke/src/lib.rs
+++ b/tpke/src/lib.rs
@@ -217,4 +217,24 @@ mod tests {
         let plaintext = decrypt_with_shared_secret(&ciphertext, &s);
         assert!(plaintext == msg)
     }
+
+    #[test]
+    fn ciphertext_validity_check() {
+        let mut rng = test_rng();
+        let threshold = 3;
+        let shares_num = 5;
+        let num_entities = 5;
+        let msg: &[u8] = "abc".as_bytes();
+
+        let (pubkey, _privkey, _) =
+            setup::<E>(threshold, shares_num, num_entities);
+        let mut ciphertext = encrypt::<_, E>(msg, pubkey, &mut rng);
+
+        // So far, the ciphertext is valid
+        assert!(check_ciphertext_validity(&ciphertext));
+
+        // Malformed the ciphertext
+        ciphertext.ciphertext[0] += 1;
+        assert!(!check_ciphertext_validity(&ciphertext));
+    }
 }