A trusted co-server, and a method of using a trusted co-server, for a service provider. The co-server executes a program such that: for multiple parties P.sub.0 P.sub.n (where P.sub.o is said co-server), each party P.sub.i may (optionally) provide input I.sub.i, and then said co-server carries out N functions: F.sub.i (i.sub.o . . . I.sub.n) describes what the co-server returns to party P.sub.i. The preferred embodiment of the invention raises the trust level of the computation and data storage at the server. For instance, this invention may be witness to authenticity of certain data coming back to the client. This data can include assertions from the trusted co-server about the server content and configuration. The invention, also, can provide privacy of data going back to the server, by keeping it encrypted between the client and the co-server, and then re-encrypting it before inserting it into the server. With this invention, the user can trust the integrity of the computation occurring at the co-server--even if the server operator might be motivated to subvert it. The co-server also provides a trusted haven for computation relevant to third parties who may also have an interest in the client-server interaction.