We address the problem of using untrusted (potentially malicious) cryptographic helpers. We provide a formal security definition for securely outsourcing computations from a computationally limited device to an untrusted helper. In our model, the adversarial environment writes the software for the helper, but then does not have direct communication with it once the device starts relying on it. In addition to security, we also provide a framework for quantifying the efficiency and checkability of an outsourcing implementation. We present two practical outsourcesecure schemes. Specifically, we show how to securely outsource modular exponentiation, which presents the computational bottleneck in most public-key cryptography on computationally limited devices. Without outsourcing, a device would need O(n) modular multiplications to carry out modular exponentiation for n-bit exponents. The load reduces to O(log2 n) for any exponentiation-based scheme where the honest device may use two un...