Hybrid Sequence:
We start with $\L_h$,
then isolate the case of $count == h+1$ into its own conditional branch.
We can write the body of the new branch in terms of $\lib{pk-1cpa-*}$. Since this branch is executed at most once during the library's execution, this compound library calls $\cpaoneenc$ at most once. Importantly, the library can still encrypt ciphertexts in the else-branch, because it knows the public key! This is the step in the proof that would fail with a symmetric-key scheme.
The if and else-if branches can now be unified, and the result is $\L_{h+1}$, as desired.
$\L_h$
$(\pk,\sk) := \Sigma.\KeyGen()$
$\cpapk$( ):
return $\pk$
$\cpaenc$($\ptxt$):
$count := count + 1$
if $count \le {}$
$h$:
$h+1$:
$\ctxt \gets \Sigma.\C(|\ptxt|)$
else:
$\ctxt := \Sigma.\Enc(\pk, \ptxt)$
return $\ctxt$
$\link$
$\lib{pk-1cpa-real}$
$(\pk,\sk) := \Sigma.\KeyGen()$
$\cpaonepk$( ):
return $\pk$
$\cpaoneenc$($\ptxt$):
if $\ctxt^*$ undefined:
$\ctxt^* := \Sigma.\Enc(\pk, \ptxt)$
return $\ctxt^*$
$\lib{pk-1cpa-rand}$
$(\pk,\sk) := \Sigma.\KeyGen()$
$\cpaonepk$( ):
return $\pk$
$\cpaoneenc$($\ptxt$):
if $\ctxt^*$ undefined:
$\ctxt^* \gets \Sigma.\C(|\ptxt|)$
return $\ctxt^*$