Secure implementation of digital signature using semi-trusted computational core

We consider the problem of developing a protocol of interaction between software and hardware used by digital signature mechanisms and hardware tokens containing keys in case when such tokens may have backdoors of particular kind. We propose a relevant adversary model and develop a scheme of the protocol for which we prove required security properties.