Mental Poker on atproto

I noodle about my pet atproto project for playing board & card games without a trusted 3rd party, and the foundations I'd need to make it a smooth and fun experience for people!

April 07, 2026

There's been lots of talk recently in the Atmosphere about permissioned spaces, PDSes that might do more (eg. run WASM), and local-first PDS replicas that sync (eg. having a PDS on your phone and in the cloud somewhere). These all intersect perfectly with a pet project of mine; so I'm going to lay out my daydreaming so anyone who's building in these spaces has a "solid" use-case to consider/support/ignore as needed!

Trust for games at a distance

I've been fascinated by Mental Poker for a long time—this is the set of ways you can run games remotely without a trusted 3rd party.

I think this started for me with playing Chess by postcard. I'm not good at it, but I loved that you & I can play over huge distances just by declaring our moves one after the other. Chess is the easy case because there's nothing to trust other than that we are each declaring the move we want to make—why would we do anything else?

But I've also wanted to play games that involve chance (eg. the dice-rolls in Snakes and Ladders) or secrets (eg. the order of the deck in Snap, or your hand in Poker), these need extra trust.

In the real world you'd be watching your opponents to form that trust: spot a dodgy dice roll, hide your hand from your neighbour, and don't leave the table and expect the deck to still be fair when you return!

When you're not physically present your trust has to come from elsewhere. Typically online games platforms act as a trusted 3rd party; "we're a games platform, no-one would use us if we made games unfair!" — which works incredibly well! (Talk to me about the beauty of aligning incentives some time 🤩)

But this isn't resilient; you have to trust that third party to remain available, you (and your opponents) are locked into that platform, and you don't own your game data.

So instead we turn to Mental Poker, removing the need for a 3rd party with cryptography, and I know the perfect platform for it that has these same resilient properties…

Superman, from the cartoon, pulling his shirt off but instead of "S" his super-suit says "at://"

Making an intuitive experience

So I want my pet project to be able to play any turn-based game with players on diverse clients, for the experience to feel similar to in-person, but without trusting a 3rd party. If I get to have all my wishes granted, I also want this to work without the internet.

Building a natural experience is the only critical technical challenge there, and building an intuitive experience is an excellent case for WASM on the PDS and permissioned data.

I'm going to need a quick example of a Mental Poker set up to illustrate the challenges. In a 4-way game of Scrabble the protocol might start off like this:

The game makes an array of all the letter tiles
- T0 = "A", T1 = "A",… T9 = "B",… T100 = "Z"
Alice shuffles the array then encrypts each item with a single private key (A)
- A(T59), A(T0), A(T92),…
Bob, Charlie, and Dimi each do the same in turn
- D(C(B(A(T35)))), D(C(B(A(T4)))),…
Alice decrypts with (A) and encrypts each tile with it's own private key (A0,A1,…) keeping the order the same
- A0(D(C(B(T35)), A1(D(C(B(T4)),…
By the magic of commutative encryption (that A(B(T0)) and B(A(T0)) are identical), Bob, Charlie and Dimi can do the same, but no-one knows what order the tiles are in.
- D0(C0(B0(A0(T35)))), D1(C1(B1(A1(T4)),…

Now, when Alice wants to draw her first 7 tiles, Bob, Charlie and Dimi each reveal the relevant keys (B0-B6, C0-C6, D0-D6) so that Alice can know what her tiles are but, because only Alice knows A0-A6, no-one else does.

This astoundingly awesome to me. Mindbogglingly brilliant. But as it stands, it makes for a shitty player experience; this process represents eight consecutive shuffle steps, and twelve (parallelisable) "permission to draw some tiles" steps; all of which needs to happen before you get to see your tiles.

Either everyone is online and in-app at the same time, or everyone needs to visit the app at least three times, at the right time, before the game can begin. We can do better.

WASM on the PDS & permissioned data

I have a mostly-functioning prototype for executing the steps above on atproto (it's way simpler for two players): at its core, a lexicon for transferring game state including the mental poker overhead. This opens up the potential of WASM on the PDS.

I'm imagining an If This Then AT:// style 'processing node' which my app would ask your PDS to store & run, as part of choosing to play a game of Scrabble.

If a games.atplay.game.turn record is posted in reply to a Scrabble game I've agreed to
Then run it through mental_poker_scrabble.wasm and
- let it perform anything expected of me that requires no decisions (eg. the steps above) on my behalf, and
- post a response games.atplay.game.turn record to my repo if needed

This approach also needs permissioned data, as today the private keys (A, B0, C1,…) would all be stored in the AppView and completely inaccessible to WASM running in your PDS. A permissioned space scoped to just me (and anyone I'm playing on the same team as) solves this and also let's us totally remove the AppView!

Snakes (and Ladders) on a plane

If this doesn't seem wild enough to you, imagine being on a long flight without internet. Your neighbour is also in the mood for chatting to strangers, and not only has an atproto account and the atplay.games webapp saved, but has that new "Multi PDS" app people have been so excited about too.

Leeloo from the movie The Fifth Element, holding up her "Multi Pass", but I've changed "MULTI PASS" to "MULTI PDS". Badly.

❤️ I had to steal your photo idea

Having a writable instance of our atproto repo with us is super useful right now:

Because the atplay.games site stores its games as records & blobs, and my PDS holds the "Snakes and Ladders" game, you can get the game direct from me without an internet connection
Because we each have our atproto repo with us we can write our game turns to our PDS in a local-first fashion
Because atplay.games doesn't need an AppView it can subscribe to the other's PDS and we can play our game directly between each other
If we get chatting and don't finish our game before we land, everything syncs with our cloud-PDSes, and we can continue on our laptops, or even on a browser in an internet cafe (including notifications for when its our turn)

It's a busy dream, and I'm sure there's a hundred other hurdles to something like this being really smooth, but what's the point in being a maker unless you try to make weird things real!

Let me know if you're working in any similar spaces — its an exciting time for atproto ☺️