NM-CPA secure encryption with proofs of plaintext knowledge

NM-CPA secure asymmetric encryption schemes which prove plaintext knowledge are sufficient for secrecy and verifiability in some domains, for example, ballot secrecy and end-to-end verifiability in electronic voting. In these domains, some applications derive encryption schemes by coupling malleable IND-CPA secure ciphertexts with proofs of plaintext knowledge, without evidence that the sufficient condition is satisfied nor an independent security proof. Consequently, it is unknown whether these applications satisfy the desired secrecy and verifiability properties. In this paper, we propose a generic construction for such a coupling and prove that our construction produces NM-CPA secure encryption schemes which prove plaintext knowledge. Accordingly, we facilitate the development of applications satisfying their secrecy and verifiability objectives and, moreover, we make progress towards security proofs for existing applications.