Report NRG Milestone 3

### Intro Hi. This report marks the third milestone of a Noir Research Grant proposal, exploring the intersection between Noir, gaming, private shared state, and multiparty computation. (Previous entries: [2](https://hackmd.io/@FATSOLUTIONS/rkva89njkl), [1](https://hackmd.io/@FATSOLUTIONS/rJvWjq0uJx), [0](https://github.com/orgs/noir-lang/discussions/6359)) ### Artifacts Web frontend and backend for multiplayer game with shared board but private pieces and client side proof generation. The source can be found [here](https://github.com/fatlabsxyz/terry-escape). (There's a container to spin it up.) ![image](https://hackmd.io/_uploads/HkhuylhUex.png) ### Roadbumps The most relevant obstacles during development were: - **Dependency on libraries in early development stages** Developing core circuit logic while depending on libraries with low test coverage, proved to be a significant and recurrent slowdown. In particular, assuming core arithmetic operations (gt, add, shr, div, mod, etc.) of [noir-bignum](https://github.com/noir-lang/noir-bignum) work as expected, while in reality behaved erratically in certain scenarios, sometimes silently, due to multiple disjoint bugs. Some bugs where isolated and reported, others got fixed as part of bigger library refactors. Trying to keep up with breaking changes added to the mix. (Not a complaint, just as an informative comment. It is nice that these libraries even exists :) - **Ultrahonk recursive verification** Learning about the lack of a web implementation for recursive verification, while late on the development process, led to the rewriting of all circuits and some additional inputs cross-checking between the proofs, in order to preserve soundness. - **Silent oracles as private output** To avoid duplication of circuit logic in another language (and attracting fresh bugs), the CLI's standard output was originally used to extract private values from a circuit execution. This output became unavailable when porting to web context, so oracles with no return value were used instead. Such type of solution were [discussed](https://github.com/noir-lang/noir/issues/688) [before](https://github.com/noir-lang/noir/issues/4532). ### Learnings - Better to fail fast and reconsider tooling (from protocol, to circuits, to user interface) than to compromise to specifics features that might not yet be actually available. - Trying to force a proving framework into MPC primitives might have been a wrong move. Tooling selection derived from the problem requirements would most likely lead to better results. - Although feasible - general, verifiable and secure private shared state may require more research before becoming practical. ### Questions - Honestly, why all they hype around MPC tooling that requires to trust that no malicious party will attempt to learn private data? - Is there any accessible tooling to "[boolify](https://github.com/privacy-scaling-explorations/boolify)" Noir's ACIR down? (It would be *hella* useful for integrating with existing **maliciously secure** MPC implementations.)