This is a two party ($P$, the preparer and $C$ the chooser) protocol with $4$ steps (and three rounds of communication, if the ZKP are non interactive).
The two parties have as common information the public key $pk$ and the pairs $(a_i, b_i)$.
The preparer knows also the secret key $sk$.
During the first step, the preparer $P$ apply a random permutation of the pairs, and encrypt (according to $pk$) each pair coordinate and send the result to the chooser, and make a ZKP that this result has been honestly computed.
During the second step, the chooser chooses an index $\ell$, and blind the ciphertext $c_\ell$ (which is an encryption of one of the $a$). They send this blind ciphertext $e$, and makes a ZKP it has been honestly generated.
During the third step the preparer computes the decryption $a$ of $e$ and output (it means, it is the result for him). Then he send the chain of $b$ with the randomness in the order of the permutation he previously chosen.
And finally at the last step, the chooser retrieve the plain element of the same index of the $c$ he previously blind (he can, because he knows the index he has chosen), checks it's the good one by reencrypting it (because he also receive the randomness), and then output the corresponding $b$.
At the end of the protocol $P$ knows an $a$, and $C$ a $b$ which are correlated (they correspond to a pair $(a_i, b_i)$), And neither $P$, nor $V$ can force a particular pair to be chosen (if only one is honest, the pair will be chosen uniformly at random).