Computational integrity is hard. The naive approach to verify the integrity of a program’s execution is to re-execute it. However, this is both inefficient as well as requires access to all inputs, making it unsuitable for scalable or privacy-preserving applications.
STARKs introduce a new, asymmetric paradigm that includes the roles of a prover and a verifier. While proving a program’s execution is a bit harder than just executing it (i.e., quasilinear), verification is essentially negligible (i.e., polylogarithmic). In this setup, “a single reliable PC can monitor the operation of a herd of supercomputers working with possibly extremely powerful but unreliable software and untested hardware” (Babai et al, 1991).
But what does it mean to prove a program’s execution? Intuitively, it involves proving the statement “a specific virtual machine (VM) successfully ran a specific program with specific inputs and produced specific outputs”. To achieve this, the VM architecture needs to be arithmetized. The VM architecture, alongside its zk-friendly arithmetization, forms what is known as a zkVM. To avoid writing programs in the VM’s assembly code (which is widely believed to be a major bummer), a high-level language, along with an associated compiler, is also required.
Blockchain contexts, however, require various notions not present in typical VMs, such as safety, shared state, and resource metering. For all of these, a safe intermediate blockchain instruction set, lying between the high-level language and the zkVM assembly, is necessary. With it, high-level code can be compiled down to its intermediate representation and deployed onchain. When its execution needs to be validated, this intermediate representation can then be compiled down to zkVM assembly and proven.
Cairo is a complete tech stack that encompasses all of the above. It includes:
- Cairo, a Rust-based high-level language
- Sierra, a safe intermediate representation for smart contract execution
- CairoVM, a STARK-friendly zkVM
Cairo was specially designed to be efficiently provable and integrate with the world’s fastest prover, making it the best tech stack for succinctly verifiable computation. Onchain or offchain, public or private – Cairo is tailor-made to power the new era of provable computation.
Want to learn more? Check out the Cairo book, the go-to source for all things Cairo.
Ready to build? Take the first step in your Cairo journey in the Getting Started with Cairo tutorial.
CASM (Cairo assembly) is the CairoVM’s instruction set. When proving the execution of a Cairo program, the prover actually knows nothing about high-level Cairo and can only prove the execution of the CASM it’s compiled down to (either directly or by first compiling down to Sierra). CairoZero was the first iteration of the Cairo language and is no longer maintained. The latest version of Cairo is more ergonomic, has a Rust-like syntax, and overall offers a much better developer experience. zkEVM refers to a group of projects and solutions whose goal is to prove EVM execution. The CairoVM is a completely different VM (with a different instruction set and memory model) that emphasizes optimizing proving efficiency. While zkEVM focuses on Ethereum compatibility, it sacrifices performance and scalability. On the other hand, the Cairo VM, used in Starknet, prioritizes performance and scalability over compatibility.FAQs
What is CASM?
What is the difference between Cairo and CairoZero?
What is the difference between zkEVM and the CairoVM?