Follow

Look at the construction (and the proof in appendix) of public key encryption scheme out of witness encryption in eprint.iacr.org/2013/258.pdf

It uses witness encryption, where the only confidentiality guarantee is that "if you encrypt the plaintext in a way that does not admit decryption at all, there will be no way to recover the plaintext from ciphertext", to construct something that actually has standardish confidentiality guarantees by exploiting that this property must extend to cases that are computationally indistinguishable from ones where the assumption really holds.

Sign in to participate in the conversation
Qoto Mastodon

QOTO: Question Others to Teach Ourselves
An inclusive, Academic Freedom, instance
All cultures welcome.
Hate speech and harassment strictly forbidden.