Device-Independent Oblivious Transfer from the Bounded-Quantum-Storage-Model and Computational Assumptions

We present a device-independent protocol for oblivious transfer (DIOT) and analyze its security under the assumption that the receiver's quantum storage is bounded during protocol execution and that the device behaves independently and identically in each round. We additionally require that, for each device component, the input corresponding to the choice of measurement basis, and the resulting output, is communicated only with the party holding that component. Our protocol is everlastingly secure and, compared to previous DIOT protocols, it is less strict about the non-communication assumptions that are typical from protocols that use Bell inequality violations; instead, the device-independence comes from a protocol for self-testing of a single (quantum) device which makes use of a post-quantum computational assumption.


Introduction
Oblivious transfer (OT), described in terms of its well-known variant one-out-of-two oblivious transfer (1-2 OT), involves a sender inputting two bits, and a receiver who is then able to select and receive only one of these bits. For this two-party primitive to be secure, the sender must be unable to learn which of the two bits the receiver chose, and the receiver must be unable to learn both of the bits that were sent. OT is both intriguing and important for the fact it is universal: a secure implementation of OT enables the implementation of any cryptographic functionality between two parties [Kil88].
However, the search for an unconditionally-secure implementation of oblivious transfer has, unfortunately, been put to rest. In [May97,LC97], it was shown that, even with the power of quantum communication, it is impossible to realize an unconditionally secure implementation of bit commitment-another two-party primitive-thereby also showing the impossibility of unconditionally secure OT.
Thus, any secure OT must necessarily be realized with the aid of additional assumptions. For instance, some classical OT protocols that are secure by a post-quantum computational assumption are presented in [LH19,PVW08], though these classical protocols are not everlastingly secure, as shown in [Unr13]. A different approach can be found in [DFR + 07], where it is shown that the bounded-quantum-storage-model (BQSM) is sufficient for realizing secure OT. In this setting, it is assumed that the receiver's quantum storage is bounded during the execution of the protocol. Intuitively, what this enables is the following: a dishonest receiver is limited in its capacity to store qubits during the execution of the protocol, thereby forcing a measurement; this disables a large family of attacks and is formally shown to limit the probability of the adversary determining both of the sender's bits to be negligible. We say that using BQSM to realize OT in this way gives everlasting security because a dishonest receiver who has unlimited quantum storage and processing power after the execution of the protocol does not gain any advantage. In [DFR + 07], a protocol for Rand 1-2 OT ℓ (a randomized variant of OT that uses ℓ-bit strings, described in Section 3.1.1) is shown to have perfect receiver-security and ε-sender-security. Informally, ε-receiver-security says that the real state of the dishonest sender is ε-close, in terms of trace distance, to a state that is independent of the choice bit. Similarly, ε-sender-security says that the real state of the dishonest receiver is ε-close to a state that is independent of information not indexed by the receiver's choice bit, and that information is generated randomly. When ε = 0, the security is said to be perfect.
The protocol for Rand 1-2 OT ℓ in [DFR + 07] assumes that the device is behaving as intended. In reality, a device may be faulty or may have been manufactured by a party with malicious intent, and the resulting behaviour can lead to a security breach in a protocol whose security proof assumes that the device behaves as intended. The assumption that a device is behaving as intended can be relaxed by lifting to the device-independent (DI) setting, where no assumptions on the inner workings of the device are made. That is, the device is treated as a black box with which the parties classically interact, and through this classical interaction alone, they can test the device to determine if it is behaving as intended.
Device-independent two-party cryptography was explored in [SCA + 11, AMPS16] in the form of bit commitment and coin flipping, though it should be noted that these works necessarily focus on protocols with weak security, since they make no additional assumptions, and thus the impossibility of bit commitment applies. For the device-independent bounded/noisy quantum storage setting, security of the two-party primitive known as Weak String Erasure (from which OT can be constructed) has been proved in the works [KW16, RTK + 18], though they do not achieve true device-independence, as it is assumed that the devices behave independently and identically in each round (this is the IID assumption). The authors in [KW16] do prove security for the non-IID setting, though they assume that, in this case, the dishonest party only makes sequential attacks. Full device-independence (i.e., without the IID assumption) in two-party cryptography is, in general, quite difficult to prove. Despite this, there does exist a fully device-independent protocol for a variant of oblivious transfer, called XOR oblivious transfer, in [KST22]. Soundness of the protocol in [KST22] is quantified through the cheating probabilities of the dishonest parties; that is, the authors show that the cheating probability of each party can be bounded away from 1. As a result of the general difficulty with full device-independence, there exist weaker notions of device-independence such as measurement-device-independence (MDI) where only the measurement devices are treated as black boxes. Security of a protocol for MDI OT has been proved in [RW20].
To prove security of device-independent protocols, one often relies on Bell inequalities. For instance, the Bell inequality known as the CHSH inequality was used in [KW16, RTK + 18] to enable device-independence, while the Mermin-Peres magic square game was used in [KST22]. Simply put, the parties are able to point to the presence of an entangled quantum 2. The device is computationally bounded in the sense that it cannot solve the Learning with Errors (LWE) problem during the execution of the protocol.
3. The device behaves in an IID manner, i.e., it behaves independently and identically in each round of the protocol.

4.
For each device component, the input corresponding to the choice of measurement basis, and the resulting output, is communicated only with the party holding that component.
The first assumption is for the sake of achieving everlastingly secure OT. The second assumption is for achieving a form of device-independence that is more tolerant of communication between the device components. We believe that these first two assumptions are reasonable, as the ability to store qubits is very difficult with current technology, and it is standard to assume that the LWE problem is quantum-computationally hard. The third assumption is made for the sake of the security analysis. In our context, the fourth assumption, discussed in greater detail in Section 4, is required for retaining everlasting security. That is, because the sender and receiver do not trust each other, allowing arbitrary communication between the two components of the device makes it possible to honestly execute the protocol but use leaked information to break security at a later time. Assumption 4 remedies this problem while being less strict than the usual non-communication assumption. 1 To realize this assumption, the device components could initially be given to the sender so that they can verify the validity of the assumption; note that initially giving the components to the sender will already be required so that they can estimate the device's winning probability (see the end of Section 3.2.2). When the receiver's component is returned to them, the protocol can proceed with the requirement that the receiver shields their component (as opposed to requiring that both components be shielded).
Methods. We show how to modify the Rand 1-2 OT ℓ protocol from [DFR + 07] that was proved to be secure in the BQSM and the single-device self-testing protocol for a computationally bounded device in [MDCA21] to ensure their compatibility with each other. Then, in our main technical contribution, we show how the two modified protocols can be combined to create a device-independent protocol for Rand 1-2 OT ℓ . It should be noted that the reason the single-device self-testing protocol must be modified is that, in its form in [MDCA21], it assumes that the two parties (Alice and Bob) trust each other, and thus they can work together to test and verify the untrusted device. While this is suitable for the application to device-independent quantum key distribution (DIQKD) in [MDCA21] where the two parties trust each other, it is not suitable for the setting of OT, where the sender and receiver distrust each other and the device.
Future directions. Proving security in the non-IID setting is an important next step. Making the IID assumption, as done in this paper, significantly simplifies the analysis, though at the cost of weakening the meaning of device-independence; for true device-independence, we must prove security in the non-IID setting. The technique of reducing the analysis of the non-IID setting to the IID setting via the entropy accumulation theorem seems like a promising approach for achieving such a task. For more on this technique, the reader is referred to [DFR20, ADF + 18, Arn18, ARV19].
Organization. This paper is organized in the following manner. In Section 2, definitions and technical results are given. In Section 3, we introduce the two building blocks that will later be used to construct our DI Rand 1-2 OT ℓ protocol. In Section 4, we present Protocol 4, our DI Rand 1-2 OT ℓ protocol, and analyze its security.

Notation and basics
A function n : N → R + is said to be negligible if lim α→∞ n(α)p(α) = 0 for any polynomial p. We denote an arbitrary negligible function by negl(α).
An arbitrary finite-dimensional Hilbert space is denoted as H. A Hilbert space with complex dimension d is denoted as H d . A density operator ρ on H is a positive semidefinite operator on H with trace one, Tr(ρ) = 1. The set of all density operators on H is denoted as D(H).
A quantum state in a register E is fully described by its density matrix ρ E . In some cases, a quantum state may depend on some classical random variable X in the sense that it is described by the density matrix ρ x E if and only if X = x. If an observer only has access to E, but not X, then the state is determined by the density matrix The joint state, consisting of both the classical X and quantum register E, is called a cq-state and is described by the density matrix The following notation is then used: The quantum representation of a classical random variable X is ρ X = Σ x P X (x) |x x|. The above notation extends to quantum states that depend on more than one classical random variable, leading to ccq-states, cccq-states, and so on. Note that ρ XE = ρ X ⊗ ρ E holds if and only if the quantum part is independent of X. Additionally, if ρ XE and ρ X ⊗ρ E are ε-close in terms of trace distance, then the real system ρ XE behaves as the ideal system ρ X ⊗ ρ E except with probability ε.

Smooth Rényi entropy
Definition 2.1 (Rényi entropy [Rén61]). Let P be a probability distribution over a finite set X and α ∈ [0, ∞]. Then the Rényi entropy of order α is defined as In the limit α → ∞, we get the min-entropy H ∞ (P ) = − log(max x∈X P (x)) and in the limit α → 0, we get the max-entropy H 0 (P ) = log |{x ∈ X : P (x) > 0}|. Now, for the case where we have a random variable X with probability distribution P X , we introduce a slight abuse of notation by writing H α (X) instead of H α (P X ). Keeping this in mind, the conditional min-entropy and max-entropy is, respectively, defined as Related to Rényi entropy is the notion of smooth Rényi entropy, which was introduced in [RW04]. In [Ren05] and [RW05], smooth Rényi entropy is used to generalize the notion of conditional min-and max-entropy to conditional smooth min-and max-entropy which are, respectively, defined as where the maximum/minimum ranges over all events E with probability Pr[E] ≥ 1 − ε, and P XY E (x, y) is the probability that E occurs and X, Y take values x, y, respectively. We now list some results which we shall need to use in later sections.
The following lemma is a special case of a more general entropic uncertainty relation introduced in [DFR + 07].
Lemma 2.3 ([DFR + 07]). Let ρ ∈ D(H ⊗n 2 ) be an arbitrary n-qubit quantum state. Let Θ = (Θ 1 , . . . , Θ n ) be uniformly distributed over {Computational, Hadamard} n , and let X = (X 1 , . . . X n ) be the outcome when measuring ρ in basis Θ. Then for any 0 < λ < 1/2, where ε = exp(− λ 2 n 32(2−log(λ)) 2 ). The following lemma is presented as a corollary in [DFR + 07] to the Min-Entropy-Splitting lemma-which essentially states that if the joint entropy of two random variables is large, then at least one of the random variables must have at least half of the original entropy in a randomized sense.
Let F be a class of hash functions from {0, 1} n to {0, 1} ℓ . The class F is said to be twouniversal [CW79] if, for any distinct x, x ′ ∈ {0, 1} n and for F uniformly distributed over F , it holds that Pr[F (x) = F (x ′ )] ≤ 1/2 ℓ .
Theorem 2.5 (Privacy amplification [DFR + 07]). Let ε ≥ 0. Let ρ XU E be a ccq-state, where X takes values in {0, 1} n , U in the finite domain U and register E contains q qubits. Let F be the random and independent choice of a member of a two-universal class of hash functions F from {0, 1} n into {0, 1} ℓ . Then

Extended noisy trapdoor claw-free function family
In Section 3.2, we shall introduce the single-device self-testing protocol that we will be utilizing. The underlying cryptographic primitive of this protocol is an extended noisy trapdoor claw-free function family (ENTCF family) [BCM + 18, Mah18]. The Learning with Errors problem [Reg05] can be used to construct ENTCF families; to see this, the reader is referred to section 4 of [BCM + 18] and section 9 of [Mah18]. We now present an informal description, taken from [MV21,Mah18], of the properties of ENTCF families. The formal description of these properties can be found in [Mah18].
An ENTCF family consists of two families of function pairs: F and G. It is assumed that both the common domain of all function pairs and the codomain are sets of all bit strings of a fixed length. A function pair (f k,0 , f k,1 ) is indexed by a public key k. If (f k,0 , f k,1 ) ∈ F , then it is called a claw-free pair; and if (f k,0 , f k,1 ) ∈ G, then it is called an injective pair.
(i) For a fixed k ∈ K F , f k,0 and f k,1 are bijections with the same image; so, for every y in their image, there exists a unique pair of pre-images (x 0 , x 1 ), called a claw, such that f k,0 (x 0 ) = f k,1 (x 1 ) = y.
(ii) Given a key k ∈ K F for a claw-free pair, it is quantum-computationally hard to find a claw for the corresponding function pair; but with access to a y in the image and a trapdoor, finding the claw is computationally easy; this is the claw-free property. A stronger version of this property is the adaptive hardcore bit property: without access to a trapdoor, it is quantum-computationally hard to simultaneously compute a preimage x i and a bit of the form d · (x 0 ⊕ x 1 ) for any non-trivial bit string d, where · here is the inner product between bit strings, and where (x 0 , x 1 ) forms a valid claw.
(iii) For a fixed k ∈ K G , f k,0 and f k,1 are injective functions with disjoint images. With a trapdoor and y = f k,b (x b,y ), where b ∈ {0, 1}, one can efficiently recover (b, x b,y ).
(iv) Given a key k ∈ K F ∪ K G , it is quantum-computationally hard (without access to trapdoor information) to determine whether k is a key for a claw-free or an injective pair (i.e. it is computationally indistinguishable from a key from K F ). This is known as injective invariance.
(v) For every k ∈ K F ∪ K G , there exists a trapdoor t k which can be sampled together with k and with which (ii) and (iv) are computationally easy.

Building Blocks
In this section, we introduce the two building blocks that will be used to create our DI Rand 1-2 OT ℓ protocol in Section 4. Section 3.1 comprises the first building block. In Section 3.1.1, we describe Rand 1-2 OT ℓ and present a security definition that comes almost directly from [DFR + 07], though it is modified to account for protocol aborts. Then in Section 3.1.2, we present Protocol 1, which is our modified version of the protocol in [DFR + 07] for Rand 1-2 OT ℓ .
Section 3.2 comprises the second building block. In Section 3.2.1, we present the singledevice self-testing protocol from [MDCA21] and outline how it works. Then in Section 3.2.2, we present Protocol 3, which is merely a minor modification of the single-device self-testing protocol.

Background of Rand 1-2 OT ℓ
We follow [DFR + 07] in discussing oblivious transfer in the bounded-quantum-storage model. First, consider 1-out-of-2 oblivious transfer (1-2 OT ℓ ) which is described in the context of two parties: the sender and the receiver. The sender sends two ℓ-bit strings S 0 and S 1 to the receiver such that the receiver can choose which of the two strings they want to receive, but they do not get to learn anything about the other string, and the sender does not get to learn which string the receiver has chosen.
We will be concerned with Rand 1-2 OT ℓ which operates in the same manner as 1-2 OT ℓ except that the two strings S 0 and S 1 are generated uniformly at random during the protocol and output to the sender, as opposed to the sender inputting the strings. From Rand 1-2 OT ℓ , one can then construct 1-2 OT ℓ [DFSS06].
Let us now formally define what a Rand 1-2 OT ℓ protocol is and what security for such a protocol means. This definition (Definition 3.1) comes almost directly from [DFR + 07]; the only change we have made is the inclusion of a way to account for protocol aborts. 2 Regarding notation in this definition, an honest sender is denoted as S and a dishonest sender as S. Similarly, R for an honest receiver and R for a dishonest receiver. Additionally, C denotes the binary random variable which describes R's choice bit; S 0 , S 1 denote the ℓbit long random variables describing S's output strings; Y denotes the ℓ-bit long random variable describing R's output string (which should be S C when both are honest); and Z denotes the binary random variable which describes whether the protocol aborts (Z = 1 corresponds to the protocol not aborting). Given a protocol for Rand 1-2 OT ℓ , the overall quantum state in the case of a dishonest sender S is given by the ccq-state ρ CY S , and in the case of a dishonest receiver R, the overall quantum state is given by the ccq-state ρ S 0 S 1 R .
Definition 3.1 (Rand 1-2 OT ℓ ). An ε-secure Rand 1-2 OT ℓ is a quantum protocol between a sender S and a receiver R. The sender has no input but the receiver has input C ∈ {0, 1} such that for any distribution of C, if S and R follow the protocol, then S gets output S 0 , S 1 ∈ {0, 1} ℓ and R gets Y = S C , except with probability ε, and, with Z ∈ {0, 1} describing whether the protocol aborts (Z = 0) or does not abort (Z = 1), the following two properties hold: ε-Receiver-security: If R is honest, then for any S, there exist random variables S being the state when the protocol does not abort, ε-Sender-security: If S is honest, then for any R, there exists a random variable C ′ such that, with ρ Z=1 S 1−C ′ S C ′ C ′ R being the state when the protocol does not abort, Completeness: When both parties and the device are honest, the probability of aborting is small, Additionally, if any of the above holds for ε = 0, then the corresponding property is said to hold perfectly. If one of the properties only holds with respect to a restricted class S of S's (respectively R of R's), then this property is said to hold and the protocol is said to be secure against S (respectively R).
Receiver-security says that whatever the actions of a dishonest sender, they are just as good as the following actions: cause the protocol to abort or generate the ccq-state ρ S ′ 0 S ′ 1 S independently of C, inform R of S ′ C , and output ρ S . Sender-security says that whatever the actions of a dishonest receiver, they are just as good as causing the protocol to abort or having a ccq-state ρ S C ′ C ′ R , informing S of S C ′ and an independent uniformly distributed S 1−C ′ , and outputting ρ R .
A protocol satisfying Definition 3.1 is then a secure implementation of Rand 1-2 OT ℓ with the exception that a dishonest sender may influence the distribution of S 0 and S 1 , and a dishonest receiver may influence the distribution of the string of their choice, though as pointed out in [DFR + 07], this is acceptable for a straightforward construction of the standard 1-2 OT ℓ . For an explanation of why the existence of S ′ 0 and S ′ 1 in the statement of receiver-security is necessary, the reader is referred to the discussion after Definition 3 in [DFR + 07].

Modified Rand 1-2 OT ℓ protocol
Let us now present a slightly modified version of a quantum protocol for Rand 1-2 OT ℓ from [DFR + 07]. This modified protocol, given as Protocol 1 below, differs from the Rand 1-2 OT ℓ protocol in [DFR + 07] in that their protocol has the sender use conjugate coding to send quantum states to the receiver; they then show that to prove sender security, it suffices to prove sender security for an EPR-based version of their protocol, and thus do so for receivers with bounded quantum storage. Our protocol, however, explicitly uses Bell pairs; furthermore, our protocol allows for the use any of the four possible Bell pairs while the EPR-based version of the protocol in [DFR + 07] only needed to use the |φ (0,0) Bell pair.
These modifications are minor and so the proofs in [DFR + 07] for perfect receiver-security and ε-sender-security against quantum-memory-bounded receivers largely carries over to our protocol. Nevertheless, for the sake of being explicit, we shall give the proofs here and note how our modifications affect them.
In Protocol 1, we let F be a fixed two-universal class of hash functions from {0, 1} n to {0, 1} ℓ , where ℓ is to be determined later. Note that we can apply a function f ∈ F to a n ′ -bit string with n ′ < n by padding it with zeros; so, for instance, if x| I is an n ′ -bit string and we write f (x| I ), then it will be assumed that x| I has been padded with zeros to form an n-bit long string.
Protocol 1 Rand 1-2 OT ℓ with Bell pairs where the first qubit of each pair goes to S along with the string v α , and the second qubit of each pair goes to R along with the string v β .

2: R measures all qubits in the basis
3: S picks uniformly random x ∈ {Computational, Hadamard} n , and measures the i-th qubit in basis x i . Let a ∈ {0, 1} n be the outcome. S then computes a ⊕ w α , where the i-th entry of w α is defined by 4: S picks two uniformly random hash functions f 0 , f 1 ∈ F , announces x and f 0 , f 1 to R, and outputs s 0 := f 0 (a ⊕ w α | I 0 ) and s 1 : Observe that without the bounded quantum storage assumption, the receiver can easily break the security of Protocol 1 by choosing to not measure their qubits in step 2 and instead store them until step 4, where the sender publishes their measurement bases. At this point, the receiver can copy the sender's measurement bases, thus allowing the receiver to learn both s 0 and s 1 .
Note that there is no step in Protocol 1 where an abort can occur, and so the probability of not aborting is one, Pr(Z = 1) = 1. Hence, in the case that both parties are honest, we easily get Pr(Z = 0) = 0 which satisfies the completeness condition of Definition 3.1.
Although we use Bell pairs in our protocol, and conjugate coding is used in the protocol in [DFR + 07], the intuition behind perfect receiver-security in both protocols is the same, as is the strategy for proving it: the non-interactivity of both protocols means that a dishonest sender is unable to learn the receiver's choice bit; to prove perfect receiver-security, we consider the scenario where a dishonest sender executes the protocol with a receiver that has unbounded quantum memory and thus can compute S ′ 0 , S ′ 1 . Consequently, the only modification that must be made to the proof of Proposition 4.5 (perfect receiver-security) in [DFR + 07] is that we must take relation (2) into account.
Proof. Since the probability of not aborting is one in Protocol 1, we can drop the superscript Z = 1 on our overall quantum state (since the superscript Z = 1 denotes the state when the protocol does not abort; see Definition 3.1).
The ccq-state ρ CY S is defined by the experiment where S interacts with an honest memory-bounded R. Now, in a new Hilbert space, we define the ccccq-stateρĈŶŜ′ 0Ŝ ′ 1 S according to a different experiment.
In this different experiment, we let S interact with a receiver that has unbounded quantum memory. Let V α , V β be the strings that describe the random and independent choices of v α , v β which, together, describe which of the four Bell states are used in each round (see equation (1)). Let A be the string the sender gets after measuring the i-th qubit in the basis x i for i = 1, . . . , n. Define the string W α in terms of V α in the same way w α is defined in terms of v α in Step 3. Now, the receiver waits to receive x and then also measures the i-th qubit in the basis x i for i = 1, . . . , n. Let B be resulting string, and define the string W β in terms of V β in the same way w β is defined in terms of v β in Step 2. DefineŜ SampleĈ according to P C and setŶ =Ŝ ′ C . It follows by construction that Pr[Ŷ =Ŝ ′Ĉ ] = 0 andρĈ is independent ofρŜ′ 0Ŝ ′ 1 S . It now remains to argue thatρĈŶ S = ρ CY S so that the corresponding S ′ 0 and S ′ 1 also exist in the original experiment. But, this is satisfied since the only difference between the two experiments is when and in what basis the qubits at position i ∈ I 1−C are measured, which does not affect ρ CY S respectivelyρĈŶ S . Now, for security against dishonest receivers, we restrict ourselves to receivers whose quantum storage is bounded during the execution of the protocol. The proof of ε-sender-security against R γ , given below, is nearly identical to the proof of Theorem 4.6 (ε-sender-security) in [DFR + 07]. However, because we allow for the use of all four Bell states, we will need to show that where A is the random variable describing the outcome of the sender measuring their part of the quantum state in random basis X, and K := A ⊕ W α . Observe that if we only used Bell pairs of the form |φ (0,0) , then W α = 0, and so our proof would fully reduce to the proof of Theorem 4.6 in [DFR + 07], as expected.
Proof. Since the probability of not aborting is one in Protocol 1, we can drop the superscript Z = 1 on our overall quantum state (since the superscript Z = 1 denotes the state when the protocol does not abort; see Definition 3.1). Now consider the quantum state in Protocol 1 after R has measured all but γn of their qubits. Let V α , V β be the random variables that describe the random and independent choices of v α , v β which, together, describe which of the four Bell states are used in each round (see equation (1)). Define W α in terms of V α in the same way w α is defined in terms of v α in Step 3. Let A be the random variable that describes the outcome of the sender measuring their part of the state in random basis X, and let E be the random state that describes R's part of the state. Let F 0 and F 1 be the random variables that describe the random and independent choices of f 0 , f 1 ∈ F .
Choose λ, λ ′ , κ all positive, but small enough such that From the uncertainty relation Lemma 2.3, we know that H ε ∞ (A|X) ≥ (1/2 − 2λ)n for ε exponentially small in n. Let A r = A| Ir and W α r = W α | Ir where Define K = A ⊕ W α and let K r be K| Ir padded with zeros so that it will make sense to apply F r . Now, to see that H ε ∞ (K|X) = H ε ∞ (A|X), it suffices to observe that, for a single round, P AXE (a, x) = P AE|X (a|x = 0) · P X (x = 0) + P AE|X (a|x = 1) · P X (x = 1), and, As result of this, we have H ε Therefore, by Lemma 2.4, there exists a binary random variable C ′ such that for ε ′ = 2 −λ ′ n , it holds that It is clear that we can condition on the independent F C ′ and use the chain rule Lemma 2.2 to obtain by the choice of λ, λ ′ , κ.
We write S 0 = F 0 (K 0 ) and S 1 = F 1 (K 1 ). Now, by setting U = XS C ′ F C ′ C ′ and then applying Theorem 2.5, we get which is negligible, and thus we have ε-sender security.

Device-independence from computational assumptions
We now discuss our second building block: a self-testing protocol for a single (quantum) device that relies on a computational assumption. We start in Section 3.2.1 with a discussion of the single-device self-testing protocol from [MDCA21], Protocol 2, to outline how it works and to present the self-testing guarantee of the protocol, Theorem 3.5. Then, in Section 3.2.2, we present our single-device self-testing protocol, Protocol 3, which is a slightly modified version of Protocol 2 that is appropriate for the setting where there are two parties that distrust each other, as in the case of OT.

Original single-device self-testing protocol
In short, the single-device self-testing protocol from [MDCA21,MV21] uses computational assumptions to certify that a device, consisting of two components but connected by a quantum channel, has correctly prepared a quantum state and measured it according to the bases specified by the verifier(s). This protocol was first presented in [MV21] as a protocol for a single verifier. Then, in [MDCA21], the protocol was stated in a form that involves two verifiers so that it could be used to formulate a device-independent quantum key distribution protocol that generates an information-theoretically secure key; this latter form of the protocol, presented as Protocol 2 below, will be our starting point. The computational assumption made in this protocol is that the device cannot solve the Learning with Errors problem during the execution of the protocol; specifically, the underlying cryptographic primitive is an ENTCF family (see Section 2.3). This computational assumption replaces the non-communication assumption that is necessary for typical selftesting protocols which rely on the violation of a Bell inequality. While non-local operations are then possible, there is an honest implementation which only requires local operations and EPR pairs that are distributed on-the-fly.
A brief description of this honest implementation is outlined throughout Protocol 2, and is further described in the discussion of Protocol 2's winning condition. For a detailed description of the device's honest behaviour, the reader is referred to the appendix of [MDCA21]; for further details, the reader is referred to [MV21]. Protocol 2 Single-device self-testing with two verifiers 1: Alice chooses a basis, called the state basis, θ A ∈ {Computational, Hadamard} uniformly at random and generates a key k A together with a trapdoor t A , where the generation procedure for k A and t A depends on θ A and a security parameter η. Likewise, Bob generates θ B , k B , and t B . The keys are such that the device cannot efficiently compute the state bases θ A , θ B from the keys k A , k B . Alice and Bob send the keys k A , k B to the device. ii) Alice (Bob) chooses a uniformly random measurement basis x ∈ {Computational, Hadamard} (y ∈ {Computational, Hadamard}) and sends it to the device.
iii) Alice (Bob) receives an answer bit a (b) from the device. Alice (Bob) also receives the bit h A (h B ) from the device.
Honest behaviour: when CT = b for Alice and Bob, the remaining state has two qubits. In place of a controlled-Z operation, apply the circuit in Figure 1 by using a single EPR pair that has been distributed on-the-fly, and return the bits h A and h B to Alice and Bob, respectively. Then apply a Hadamard gate on the second qubit. Then measure the first qubit in the basis x and the second qubit in the basis y, obtaining outcomes a, b ∈ {0, 1}, respectively. Send a to Alice and b to Bob.
Before discussing the winning condition of Protocol 2, we make a few remarks. First, we note that Alice's state basis θ A determines which family her key k A will belong to: We also note that the purpose of using the circuit in Figure 1 at Step 5(iii) instead of a controlled-Z gate is to replace the need for non-local operations. By using the circuit in Figure 1, an honest device can succeed in Protocol 2 with only local operations and EPR pairs that are distributed-on-the-fly. Note that if |ψ AB is the state just before the circuit is applied, then after the circuit we have can be undone by having the device's components communicate the bits h A and h B with each other and then applying the appropriate local operations, though this is undesirable as the purpose in using the circuit in Figure 1 is to allow an honest device to succeed without communication between its components. So, rather than having the device undo the operator σ h A X σ h B Z ⊗ σ h B X σ h A Z , the checks that Alice and Bob need to perform are modified to account for the presence of the operator. It is also worth noting that by using the circuit in Figure 1, the actions of the component held by Alice and the component held by Bob are independent of each other. This means that the honest implementation described above can be extended to the case where Alice and Bob choose different challenge types CT , that is, each component acts according to the challenge type it received. We now describe the winning condition of Protocol 2. In doing this, we will briefly discuss the honest behaviour of the device that was outlined in Protocol 2. We remind the reader that for a detailed description of the device's honest behaviour, and thus why the winning condition is as it is, the reader is referred to the appendix of [MDCA21] and, for further details, to [MV21].
For the device to win a given round of Protocol 2, several checks must be passed. If these checks pass, then Alice and Bob set a variable W to pass; otherwise, W = fail.
If CT = a: For Alice, let z A 1 be the first bit of z A , and z A r be the remainder of the string. Regardless of whether k A ∈ K F or k A ∈ K G , Alice checks if f k A ,z A 1 (z A r ) = c A . Likewise for Bob. If this check passes for both Alice and Bob, set W = pass.
If CT = b: For Alice, the honest behaviour of the device after Step 5(i) leaves the state |ψ A in one of two possible states. If k A ∈ K F , then we have where (x A 0 , x A 1 ) is precisely the unique claw for the function pair (f k A ,0 , f k A ,1 ) indexed by the key k A , and the string c A satisfies In Step 5(iii), just before measurement, the state held by the device is, up to a global phase,

where the Hadamard gate has been commuted past the operator σ h
Unless k A ∈ K F and k B ∈ K F , the state |ψ 2 is a product state. Together, Alice and Bob can determine precisely what product state the honest device has prepared. Indeed, with the trapdoor t A , Alice can easily compute (x A 0 , x A 1 ) orx A from c A (by property (v) of the ENTCF family), and likewise for Bob. Then, with h A , h B , d A , and d B , Alice and Bob have everything they need to determine |ψ 2 . Knowing |ψ 2 , Alice and Bob now determine what answers an honest device would have returned to their measurement basis questions x and y, and then check if the answers a and b returned by the device are the same; if they are, they set W = pass. Now if k A ∈ K F and k B ∈ K F (i.e., θ A = θ B = Hadamard), then the state held by the device in Step 5(iii), just before measurement, turns out to be one of the four Bell states, up to a global phase, . Recall that, with the trapdoor t A , Alice can easily compute (x A 0 , x A 1 ), and likewise for Bob, and thus they can compute v α and v β . Recalling relation (2), Alice and Bob perform the following checks: If one of the above checks pass, or if x = y, then set W = pass.
Now that the winning condition of Protocol 2 has been described, let us give the self-testing guarantee, stated as Theorem 3.5 below. Note that the guarantee is essentially stating that any computationally bounded device that wins in Protocol 2 must have performed single qubit measurements on a Bell state to obtain the results returned to the verifier. Recall that {Q a x } a∈{0,1} denotes the single-qubit measurement in the basis x (see Section 2.1), and note that for questions x, y, we denote the 4-outcome measurement used by the device to obtain answers a, b by {P   (a,b) x,y } a,b∈{0,1} . We denote the state held by the device by σ (v α ,v β ) , where v α , v β are the bits that label which of the Bell states the device should have prepared, as in equation (1).
. Consider a device that wins Protocol 2 with probability 1 − δ and make the LWE assumption. Let η be the security parameter used in the protocol, v α , v β ∈ {0, 1} be the bits that label the Bell state as in equation (1), H be the device's physical Hilbert space, and H ′ be some ancillary Hilbert space. Then there exists an isometry V : H → C 4 ⊗ H ′ and some state ζ such that, in the case θ A = θ B = Hadamard, the following holds: where r is some small constant arising in the proof.
It is worth mentioning why Theorem 3.5 only makes a statement about the case when θ A = θ B = Hadamard and CT = b. In accordance with the honest implementation described in the discussion of the winning condition, rounds where θ A = θ B = Hadamard and CT = b are referred to as Bell rounds, while all other rounds are referred to as Product rounds.
The crucial point is that Alice and Bob will always know whether it is a Bell round or a Product round, but the computationally bounded device, which does not have access to θ A and θ B , cannot determine what round it is in. This stems from the fact that the device is never given the trapdoor information t A , t B and thus, by injective invariance of the ENTCF family (property (iv)), it is quantum-computationally hard for the device to determine which families the keys k A , k B come from, and hence the type of round cannot be determined by the device.
Furthermore, Alice and Bob will always know precisely what Bell state or what product state the honest device should have prepared and, consequently, what answers should be returned in response to their measurement questions. So, to succeed and pass the checks of Alice and Bob, the device is forced to behave honestly. Thus, the self-testing guarantee only mentions Bell rounds.
Since Bell rounds are the ones where an honest device will prepare a Bell state, they are of primary interest. Recall that, in such a round, the state held by the device in Step 5(iii), just before measurement, is As noted earlier, Alice and Bob can determine precisely which of the four Bell states have been prepared in a given Bell round. But, by the adaptive hardcore bit property of the ENTCF family (property (ii)), the device cannot efficiently compute v α , v β and hence cannot determine precisely what Bell state it has prepared.

Modified single-device self-testing protocol
It is important to note that Protocol 2 relies upon the verifiers, Alice and Bob, both behaving honestly. Specifically, after Protocol 2 has been executed, one of the two parties must publish their stored data so that the other can use it, along with their own stored data, to determine whether the device is behaving honestly or not. If, for instance, Bob is the one publishing his data for Alice to test the device, and he is dishonest, he could publish data that is different from what he received from the device, thereby giving Alice a false impression of the device's behavior. This reliance on the honesty of Alice and Bob is a point of concern in the setting of OT. Given this, we now present a variation of Protocol 2 where Alice is the sole verifier; Bob is still present in the protocol except that he is now being modelled as part of the device. The checks that must be performed are the same as the checks for Protocol 2, except that they are all done by Alice now. The behaviour of an honest device in Protocol 3 is the same as the honest behaviour in Protocol 2. Protocol 3 Single-device self-testing with a single verifier 1: Alice chooses the state bases θ A , θ B ∈ {Computational, Hadamard} uniformly at random and generates key-trapdoor pairs (k A , t A ), (k B , t B ), where the generation procedure for k A and t A depends on θ A and a security parameter η, and likewise for k B and t B . Alice supplies Bob with k B . Alice and Bob, respectively, then send the keys k A , k B to the device. ii) Alice chooses uniformly random measurement bases x, y ∈ {Computational, Hadamard} and sends y to Bob. Alice and Bob then, respectively, send x and y to the device.
iii) Alice and Bob receive answer bits a and b, respectively, from the device. Alice and Bob also receive bits h A and h B , respectively, from the device.
The only role Bob has in Protocol 3 is to act as a relay between Alice and the component of the device held by Bob. It is clear that since Bob is not supplied with the state bases θ A , θ B or the trapdoors t A , t B , any malicious behaviour from Bob can be folded into the device, and so without loss of generality, we can assume that Bob acts honestly in Protocol 3. Then in order for Alice's checks to pass, the device must act honestly in Protocol 3 for the same reason that it must act honestly in Protocol 2. Thus, Theorem 3.5 applies to Protocol 3 as well.
It should also be noted that to call Theorem 3.5, we must know the probability 1 − δ with which the device wins Protocol 3. Similar to the IID case in [KW16], the IID assumption enables Alice to estimate δ ahead of time; in our case, this can be done by having Bob temporarily give Alice his component of the device (so that Bob cannot influence the sample that Alice uses to estimate δ). Now suppose Alice uses N rounds to estimate δ. Let F i be a binary random variable for whether or not the device fails the i-th round. Then F 1 , . . . , F N are independent random variables, each of which is equal to 1 with probability δ. If F = F 1 + · · · + F N , then the expected value is E(F ) = Nδ. Alice's estimate of δ is then δ ′ := F/N. If she wants her estimate to be within τ of δ, then from the Chernoff bound, we have that, . That is, Alice can improve her estimate δ ′ by choosing τ to be small and taking a large sample N.

Device-Independent Oblivious Transfer
The goal of this section is to use the single-device self-testing protocol (Protocol 3) to make the protocol for Rand 1-2 OT ℓ (Protocol 1) device-independent. The result of this is Protocol 4. It should be noted that Protocol 4 only considers the case where the sender is the verifier. Although it seems natural to require another protocol to allow the receiver to be the verifier, we find that such a protocol is entirely unnecessary due to the fact that we already have perfect-receiver-security for Protocol 4 (see Proposition 4.1).
Let us now describe Protocol 4. The first five steps of Protocol 4 can be summarized as executing n rounds of Protocol 3 (with the sender playing the role of Alice and the receiver playing the role of Bob), processing the data, and then checking if the device has behaved honestly for a subset of the rounds. In fact, these first five steps look very similar to the first six steps of the DIQKD protocol in [MDCA21]. However, there are some key differences which we now discuss.
Firstly, the DIQKD protocol uses Protocol 2 for single-device self-testing while we use Protocol 3. As noted earlier, the setting of OT is such that the sender and receiver do not necessarily trust each other. It is natural, then, that in making a device-independent version of Protocol 1, we should not utilize Protocol 2 to verify the device, as this protocol relies on two cooperating parties. Instead, we should use Protocol 3, which only requires one verifier.
Furthermore, it is assumed that the probability with which the device wins Protocol 3, 1 − δ, has been estimated by the sender prior to Protocol 4, as discussed at the end of Section 3.2.2. The result of this is that with probability at least 1 − 2e − τ 2 N 3 , we have δ − τ < δ ′ < δ + τ and thus δ ′ − τ < δ. We then use δ ′ − τ as the threshold to check against in Step 5.
Secondly, we require that, with some probability, the receiver ignore the measurement basis question supplied by the sender and instead ask the device to measure in the basis specified by the choice bit. The purpose of this modification is to remedy the following problem. Since the sender is testing the device, they are supplying the receiver with all inputs for their component of the device. This gives the sender precise knowledge of what measurement basis the receiver is using for every round. Receiver-security is then compromised when the receiver tells the sender the indices of all rounds where they have retained, amongst the useable rounds, those where the measurement basis coincided with their choice bit; because the sender can immediately learn the choice bit from this. But, with our modification, we end up with a set of rounds I where the sender is ignorant to the receiver's measurement basis questions, and thus ignorant to the choice bit. The sender remains ignorant to the choice bit even after the step where the sender tests the device's honesty; this is because when the receiver is required to send their stored data to the sender for the sake of testing, the receiver excludes data for rounds from I. Now, we return to our description of Protocol 4. In Step 6, the sender identifies a subset I ⊆ I, which is the set of indices of all rounds in I where the device has prepared a Bell pair and measured the sender's and receiver's half of the pair in the basis specified by each of them. Then for each round in I, the sender publishes the trapdoor that corresponds to the receiver's key (the trapdoors are needed for the next step). Then, in Step 7, the sender and receiver correct their output in accordance with relation (2). At this point, we will have completed the first three steps of Protocol 1 in a device-independent manner.
The last two steps of Protocol 4, Step 8 and Step 9, are then identical to the last two steps of Protocol 1, with slightly different notation.
Protocol 4 DI Rand 1-2 OT ℓ Data generation: 1: The sender and receiver execute n rounds of Protocol 3 with the sender as Alice and the receiver as Bob, and with the following modification: If CT i = b, the receiver makes a uniformly random choice on whether to use the measurement basis question supplied by the sender or where c is the receiver's choice bit. 3 Let I be the set of indices marking the rounds where this has been done.
For each round i ∈ {1, . . . , n}, the receiver stores: 2: For every i ∈ {1, . . . , n}, the sender stores the variable RT i (round type), defined as follows: For every i ∈ {1, . . . , n}, the sender chooses T i , indicating a test round or generation round, as follows: Generate} uniformly at random • else, set T i = Test. The sender sends (T 1 , . . . , T n ) to the receiver.

Testing:
4: The receiver sends the set of indices I to the sender. The receiver publishes their output for all T i = Test rounds where i / ∈ I. Using this published data, the sender sets a variable W i to pass if the checks for Protocol 3 are passed; otherwise, W i = fail.

5:
The sender computes the fraction of test rounds (for which the receiver has published data for) for which W i = fail. If this exceeds the threshold δ ′ − τ estimated by the sender prior to the protocol, then the protocol aborts. Preparing data: 6: Let I := {i : i ∈ I and T i = Generate} and n ′ = | I|. The sender publishes I and, for each i ∈ I, the trapdoor t B i that corresponds to the key k B i that was given by the sender in the execution of Protocol 3, Step 1. 7: For each i ∈ I, the sender calculates v α i and defines w α i by and the receiver calculates v β i and defines w β i by Obtaining output: 8: The sender picks two uniformly random hash functions f 0 , f 1 ∈ F , announces f 0 , f 1 and x i for each i ∈ I, and outputs s 0 = f 0 (a ⊕ w α | I 0 ) and s 1 = f 1 (a ⊕ w α | I 1 ), where I r := {i ∈ I : Note that if Step 5 is passed, then the fraction of failed test rounds does not exceed δ ′ −τ . Additionally, with probability at least 1 − 2e − τ 2 N 3 , we have that the sender's estimate 1 − δ ′ of the device's winning probability 1 − δ satisfies δ ′ − τ < δ. With the occurrence of these two events, the sender can use Theorem 3.5 and the IID assumption to say that for each Generate round, one of the four Bell states has been prepared. This results in our statement of sender-security being conditioned on the high probability event that δ ′ − τ < δ.
The rest of the protocol, which operates only on the rounds i ∈ I, is then practically identical to Protocol 1. The main difference here is that, for the relevant rounds, the sender is supplying the receiver with the trapdoor t B in Step 6 to allow the receiver to compute w β . Intuitively, this action does not give a dishonest receiver any advantage at this point, as the device has already been verified and the key-trapdoor pair only allows the receiver to learn one of the two bits that, collectively, indicates which of the four Bell states has been used in a given round.
Additionally, a dishonest sender also has no advantage in this device-independent setting when compared to Protocol 1. Although the receiver must interact with the sender in Protocol 4, while there was previously no need to in Protocol 1, this interaction does not give the sender any information on the receiver's choice bit. To see this, observe that this interaction occurs in Step 4 where the receiver publishes the set of indices I and all outputs for Test rounds so long as i / ∈ I. Thus, the output that the sender gets for Test rounds says nothing about the receiver's actions since the input for these rounds was completely specified by the sender. It is only in the rounds where i ∈ I that the receiver measures according to their choice bit, and for these rounds, only the set of indices I is published, which says nothing of the actual choice bit.
It should also be noted why assumption 4 is necessary. The use of Protocol 3 means that we can certify that the device has prepared a quantum state and measured it according to the prescribed measurement bases, while allowing arbitrary communication. Arbitrary communication poses a problem, though, to everlasting security in this setting where the sender and receiver do not trust each other. For instance, if the component held by the receiver leaked their measurement basis questions y, then the sender can immediately learn the receiver's choice bit by looking at what y was in the rounds i ∈ I. Conversely, if the component held by the sender leaked their inputs and outputs, then a dishonest receiver could execute Protocol 4 honestly and still compromise sender-security. Indeed, suppose that, in executing the protocol honestly, the receiver obtained the string s 0 but stored the leaked inputs and outputs from the sender's component. To then learn s 1 = f 1 (a ⊕ w α | I 1 ) after the protocol is over, the receiver must learn the sender's measurement outcomes a and the bits v α for the I 1 rounds. The measurement outcomes a would be amongst the leaked data, and so the task reduces to determining v α from the following leaked data: • the key k A which indexes the function pair (f k A ,0 , f k A ,1 ) If the receiver can find the claw (x A 0 , x A 1 ), then they can compute v α . Finding the claw (x A 0 , x A 1 ) is quantum-computationally hard without access to the trapdoor t A (which was never given to the device), but with enough time and computational power, this could be done, and thus everlasting security for the sender is compromised. Consequently, assumption 4 is necessary in this context for everlasting security.
The proof of Proposition 3.2 largely carries over to the proof of perfect receiver-security for Protocol 4. As for sender-security for Protocol 4, the proof is similar to the proof of Proposition 3.4, though we will now have to use Theorem 3.5 and analyze the probability of not aborting. Note that the case where the sender, receiver, and the device behave honestly is analyzed in the proof of sender-security (see Case 1 of Proposition 4.2).
Proof. The ccq-state ρ Z=1 CY S is defined by the experiment where S interacts with an honest memory-bounded R and the protocol does not abort. Now, in a new Hilbert space, we define the ccccq-stateρ Z=1 CŶŜ ′ 0Ŝ ′ 1 S according to a different experiment. In this different experiment, we let S interact with a receiver that has unbounded quantum memory. Suppose the receiver has not actually input any measurement questions y i into their component of the device for rounds where i ∈ I. Let A be the string the sender gets after inputting x i for i ∈ I, and let W α be the string where the i-th entry is defined as Now, the receiver waits for Step 8 to receive x for the i ∈ I rounds. Let B be the string the receiver gets after inputting x for the i ∈ I rounds. By assumption 4, the sender is oblivious to the measurement basis questions the receiver has given to their component of the device, along with the answer bits returned to the receiver. Note that at this point the receiver will also have, from Step 6, t B i for each i ∈ I. The receiver uses t B i to calculate v β i for each i ∈ I and defines W β to be the string where the i-th entry is so that the corresponding S ′ 0 and S ′ 1 also exist in the original experiment. But, this is satisfied since the only difference between the two experiments is when and what x i the receiver inputs for i ∈ I 1−C rounds, which does not affect ρ Z=1 CY S respectivelyρ Z=1 CŶ S . For the following proposition, recall Definition 3.3 which defines R γ as the set of all possible quantum dishonest receivers in Protocol 4 which have quantum memory of size at most γn ′ when Step 8 of Protocol 4 is reached.
Also note that if we were not dealing with finite statistics, then the sender's initial estimate 1−δ ′ of the device's winning probability 1−δ could be done with arbitrary precision and so the following proposition would no longer be conditional on δ ′ − τ < δ.
Proof. We consider the different cases regarding the probability of not aborting. Let δ F denote the fraction of failed test rounds in Protocol 4. If δ F exceeds the threshold δ ′ − τ , Protocol 4 aborts. Given this, let Z be the binary random variable which describes whether Protocol 4 aborts or not. That is, Case 1, honest behaviour: When both parties and the device behave honestly, the fraction of failed test rounds δ F is small; by this, we mean that Since E(Z) = Pr(δ F ≤ δ ′ − τ ), we then have 1 − E(Z) ≤ (ε + (δ ′ − τ ) r ). We can now use the Chernoff bound to show that the probability of aborting is small.
Case 2, dishonest behaviour and large δ F : We now show that when the behaviour is dishonest and the fraction of failed test rounds δ F is large, in the sense that the probability of not aborting is small. For this, we again use the Chernoff bound, Then taking the limit t → ∞ in equation (13), the probability of not aborting is small, Thus, the overall expression in equation (4) is satisfied.
Case 3, dishonest behaviour and small δ F : In this case, we bound the overall expression in equation (4). To do this, we first consider a single round i ∈ I. For this single round, we make a slight abuse of notation by letting v α , v β be, respectively, the bits computed by the sender and the receiver in Step 7, and letting X, Y and A, B be the classical random variables describing the sender's and receiver's questions and answers, respectively. Let σ (v α ,v β ) be the joint state of the device in Step 1 right before the device performs the measurements P (a,b) x,y . Then the state after Step 1 is x,y,a,b P X (x)P Y (y) Tr[P (a,b) x,y σ (v α ,v β ) P (a,b) x,y ] ⊗ |x, y, a, b x, y, a, b| XY AB .
Now we consider the event δ ′ − τ < δ, which, from the end of Section 3.2.2, occurs with probability at least 1 − 2e − τ 2 N 3 . Observe that if the protocol did not abort at Step 5, then δ F ≤ δ ′ − τ , and hence, 1 − δ < 1 − (δ ′ − τ ) ≤ 1 − δ F , meaning that the winning condition of Protocol 3 is satisfied with probability at least 1 − (δ ′ − τ ) in the Test rounds; but after Step 1, it has not yet been decided whether a round will be a Test round or a Generate round, and so, we can use the IID assumption to apply Theorem 3.5 to Generate rounds. Using Theorem 3.5 in our i ∈ I round, the continuous and cyclical properties of the trace, and that V † V = 1, we find that the state for this round ρ Z=1 XY AB must be within trace distance O((δ ′ − τ ) r ) + negl(η) of the ideal state y, a, b x, y, a, b| XY AB .
This confirms that in each round i ∈ I, the device has prepared a Bell state and measured it according to the measurement basis choices of the sender and the receiver. Now, let us consider the state ρ Z=1 XAOE in the scenario where the protocol has not aborted and R has measured all but γn ′ of their qubits from the I rounds, where n ′ = | I|. For the rest of the proof, we make a slight abuse of notation by dropping the Z = 1 superscript on the state for the sake of readability. Now, since we are making the IID assumption, this state is an n ′ -fold tensor product and the following are n ′ -tuples with each entry representing one of the i ∈ I rounds: • X is the classical random variable describing the random choice of bases of the sender.
• A is the classical random variable describing the sender's results after measuring their part of the state in the random bases X.
• O is the classical random variable which contains the random choices of the keytrapdoor pairs (k B , t B ) and the measurement basis questions y supplied by the sender. It will also contain any other information that the sender's component of the device may have leaked to the receiver; this may include k A , c A , d A , but by assumption 4, it cannot include the sender's measurement basis questions x or their answer bits a.
• E is the random state that describes R's part of the state.
The state ρ XAOE then satisfies where ξ XAOE is the ideal state.
Analyzing the ideal state, the proof is now similar to the proof of Proposition 3.4. We start by lower bounding the smooth min-entropy for the state that is not conditioned on the event that the protocol does not abort.
At equation (6), we choose λ, λ ′ , κ such that Then at equation (7), we have where ε is exponentially small in n ′ and comes from Lemma 2.3, and ε ′ = 2 −λ ′ n ′ . Then at equation (8), in addition to conditioning on F C ′ , we also condition on the random variable O because it too is independent. It is easy to see this for the measurement questions y supplied by the sender since they are generated uniformly randomly. Regarding the keytrapdoor pairs, observe that knowledge of (k B , t B ) makes properties (ii) and (iv) of the ENTCF family computationally easy (because of property (v)). That is, • With (k B , t B ), the receiver can overcome the injective invariance property of the ENTCF family (property (iv)) and determine what θ B is. However, the sender only publishes (k B , t B ) for Bell rounds, as these are the only types of rounds that are useable for accomplishing Rand 1-2 OT ℓ , and so the ability to overcome the injective invariance property and learn θ B is redundant at this point.
• With (k B , t B ), property (ii) of the ENTCF family becomes computationally easy. That is, the unique claw (x B 0 , x B 1 ) can be calculated with the function pair indexed by the key k B , the trapdoor t B , and the string c B . This means the receiver can determine the precise form of the state |ψ B 1 (this is the analogous state of |ψ A 1 in equation (10)), but |ψ B 1 is independent of |ψ A 1 until the entangling operation. After the entangling operation, knowledge of |ψ B 1 is equivalent to learning v β , but this is necessary and accounted for with the random variable K in the proof of Proposition 3.4.
As for information leaked from the sender's component of the device, knowledge of k A , c A , d A makes it possible for the receiver to compute the bit v α (see the discussion immediately before Proposition 4.1), though they cannot do this efficiently since they do not have access to the sender's trapdoor t A . Given that the receiver will also know v β , the receiver could eventually learn precisely what Bell state was used in each of the I rounds. To then learn the other string s 1−c , the receiver needs a| I 1−c which appears uniformly random to the receiver since the sender and receiver chose different measurement bases for the I 1−c rounds. Thus, the receiver can do no better than guess, correctly, the other string s 1−c with probability 1/2 ℓ .