Look at the construction (and the proof in appendix) of public key encryption scheme out of witness encryption in https://eprint.iacr.org/2013/258.pdf

It uses witness encryption, where the only confidentiality guarantee is that "if you encrypt the plaintext in a way that does not admit decryption at all, there will be no way to recover the plaintext from ciphertext", to construct something that actually has standardish confidentiality guarantees by exploiting that this property must extend to cases that are computationally indistinguishable from ones where the assumption really holds.

#cryptography