[aruss]

That's true that it's theoretically impossible, but you can get close by using verifiable computation protocols like Pinocchio to restrict the computations that the adversary can do. That is to say that before blindly accepting the result from the adversary and decrypting it, you first ensure that they performed a computation you specified beforehand.

[salawat]

...so if you're going to redo the computation you just sent off to the adversary to do in order to check that the adversary did the computation you wanted them to, why mess with outsourcing the outsourcing of the computation at all?

[ssmiler]

The idea behind verifiable computation is that the verification phase should be less expensive than the computation phase itself.