Smart cards have opened up possibilities for many exciting applications. However, one problem with conventional smart cards is that they only have very limited computational power. As a result, it takes too long for a smart card to perform a single RSA signature operation in real time applications. Server-aided RSA signature computation protocols offer feasible solutions for this problem. The basic idea is to distribute most of the computation to an auxiliary processor which is capable of performing fast multi-precision modular exponentiation. However, the smart card has to guard against the auxiliary processor since it may attempt to obtain information about the secret exponent or to obtain the smart card’s signature on a message of its own choosing by supplying the smart card with incorrect values. The only way to defeat these attacks is for the smart card to have some means of verifying the data provided by the auxiliary processor. In this paper, we propose such a secure protocol.