Written by: StarkWare
Compiled by: Ultraman
TL;DR Validity Rollups are the most promising way to increase Ethereum throughput in a secure and decentralized manner; zkEVM and Cairo VM (CVM) are two types of VMs used in Validity Rollups. zkEVM focuses on Ethereum compatibility but sacrifices performance and scalability. Cairo VM used in Starknet prioritizes performance and scalability over compatibility.
Rollups are a hot topic this year when talking about scaling Ethereum. Among the various types of rollups, we believe that Validity Rollups (VRs), also known as zk-rollups, are the most promising way to increase Ethereum throughput in a secure and decentralized manner. The core of this scaling solution is verifiable computation using validity proofs. Here’s how they work:
Instead of processing every transaction on the Ethereum mainnet, the operator offloads transaction execution to an off-chain environment. This off-chain environment serves as Layer 2, meaning a layer that runs on top of Ethereum.
After processing a batch of transactions, the layer 2 operator returns the results to be applied to Ethereum's state, along with a validity proof that verifies the integrity of the off-chain execution. This proof guarantees that all transactions in the batch are valid and is autonomously verified by the on-chain validator contract. This allows Ethereum to apply the results to its state.
Validity Rollups
Note: Validity Rollups are often incorrectly referred to as zero-knowledge rollups, but this is not accurate. Most Validity Rollups do not use ZKPs and are not used for privacy purposes. Therefore, the term "Validity Rollup" is more accurate.
Off-chain virtual machine
Before we proceed, the first question we need to answer is: What is a Virtual Machine (VM)? Simply put, it is an environment that can run programs, just like a Mac running the Windows operating system. It transitions between states after performing computations on certain inputs. The Ethereum Virtual Machine (EVM) is the VM that runs Ethereum smart contracts.
A zero-knowledge virtual machine (zkVM) is a program execution environment that, along with the program output, allows for the generation of easily verifiable validity proofs. This validity proof proves that the program was executed correctly. When the term "zkEVM" is used, it usually refers to rollups that leverage the Ethereum Virtual Machine (EVM) and are able to prove EVM executions. This term can be misleading because the EVM itself does not generate these proofs; instead, the proofs are generated by a separate proof mechanism that uses the results of the EVM execution as a starting point. Furthermore, these proofs are about validity rather than privacy, so they are not exactly zero-knowledge proofs. Nonetheless, for consistency, we will stick with the traditional term "zkEVM" in this article.
While all Validity Rollups aim to scale Ethereum using validity proofs, they differ in their choice of VM to execute off-chain transactions. Many Validity Rollups choose to copy the design of the EVM (hence the name “zkEVM rollups”), attempting to replicate Ethereum on an L2 rollup. Starknet uses a new VM — the Cairo VM (CVM) — specifically designed to optimize validity proof efficiency.
Both approaches have their pros and cons, but zkEVM trades performance for Ethereum compatibility, while Cairo VM prioritizes performance over compatibility and scalability.
The zkEVM approach
zkEVM is a Validity Rollup whose goal is to fully bring the Ethereum experience to Layer-2 blockchains. It aims to replicate the Ethereum developer environment as a rollup. With zkEVM, developers do not need to change their code or abandon their EVM tools (and smart contracts) when writing smart contracts or porting smart contracts to more scalable solutions.
A major drawback of this approach is that it reduces the scaling potential of validity proofs. Since zkEVM is designed to be compatible with Ethereum, it is slower and more resource-intensive. Unlike CVM, EVM was not designed with proof efficiency in mind. This limits the use of optimizations that could improve efficiency and scalability, ultimately affecting the overall performance of the system.
Provability of the EVM
The core challenge of the zkEVM approach is rooted in the original blueprint of the EVM - it was not designed to operate in the context of validity proofs. As a result, efforts to mirror its functionality fail to unlock the full potential of validity proofs, resulting in suboptimal efficiency. This inefficiency ultimately drags down the overall performance of the system. EVM compatibility with validity proofs is hampered by the following factors:
The EVM adopts a stack-based model, while validity proofs are more effectively used for register-based models. The stack-based nature of the EVM makes it more difficult to prove the correctness of its execution and provide direct support for its native toolchain.
Ethereum storage layout relies heavily on Keccak and large Merkle Patricia Trees, both of which are bad for validity proofs and impose a large proof burden. For example, Keccak is very fast for x86 architectures (on which we usually run the EVM), but requires 90k steps to prove (with a special build built in). And Pedersen (a zk-friendly hash function) requires 32 steps. Even with recursive compression, using Keccak in zkEVM means a lot of prover resources that are ultimately paid for by users.
As a result, various zkEVMs are designed to provide different levels of support for Ethereum tooling — the more compatible a zkEVM is with Ethereum, the worse its performance. (For more on the different types of zkEVMs, jump to the end of the article.)
Cairo-VM approach
zkEVM solutions invested a lot of development time into “making the EVM work for Validity Rollups,” prioritizing compatibility over long-term performance and scalability. There is another option: use an entirely new, dedicated virtual machine and add support for Ethereum tooling as an additional layer on top. This is the approach taken by Starknet, a permissionless Validity Rollup launched in November 2021. Starknet is the first Validity Rollup to provide a general-purpose smart contract platform on a fully composable network.
Starknet uses Cairo-VM (CVM), a high-level language of the same name. Cairo-VM is a VM designed for efficiently generating validity proofs of program executions.
Using Cairo (the VM and the language), we have:
1. Proof of effectiveness of optimization - every instruction has an effective algebraic representation
2. Rust-like language for writing provable programs
3. An intermediate representation (Sierra) between high-level Cairo and Cairo assembly (VM instructions), allowing efficient execution of Cairo code
Developing a new language allows people to tailor it to the specific needs it is intended to meet and equip it with features that can meet previously unmet needs.
Cairo and encoding pluralism
In order to create a proof of validity about some computation, that computation must first be expressed as a series of mathematical constraints that describe it. This process can be tricky due to the challenges of optimizing computations for efficiency and the need for specialized tools.
The Cairo language was originally designed to simplify this task and make it easier to add functionality and complex business logic to StarkEx. Cairo programs are compiled into algebraic machine code - a sequence of numbers - which is executed by a fixed VM. With Cairo, the entire complexity of generating mathematical constraints that describe computations - a tricky problem of validity proofs - is abstracted away and captured by a fixed set of constraints (less than 50 constraints in total). As a result, developers can leverage validity proofs to extend their applications without having to understand the underlying math and infrastructure, just writing code using a syntax they are familiar with.
https://twitter.com/EliBenSasson/status/1638270015009968134
Starknet is about innovation, which is reflected in its diverse approach to code. Cairo’s ability to achieve optimal scaling using STARKs is not limited to those who write contracts natively in Cairo. Developers can choose the approach that works best for them:
Write code natively in Cairo: With the release of Cairo 1.0, developers can now use the ergonomic and safe Rust language, which makes writing program logic easier and less error-prone.
Solidity compatibility: Solidity developers can write code that can be used by the Cairo VM. This approach provides a similar developer experience to Ethereum and makes Solidity smart contracts portable to Starknet. There are two ways to achieve this:
Transpiling: Transpiling is the process of converting source code written in one programming language into another. The Nethermind team created the Warp transpiler for translating Solidity code to Cairo. Warp makes Solidity smart contracts portable to Starknet, effectively making it a Type 4 zkEVM. It has already been used to transpile and deploy Uniswap contracts with minimal changes.
zkEVM on Starknet: The Cairo VM can be used to prove the execution of another VM. Kakarot is a zkEVM written in Cairo that can be used to run Ethereum smart contracts on Starknet. Cairo VM and zkEVM are not competing approaches, instead of choosing between Cairo VM and zkEVM, we can have both!
Despite its short existence, Cairo is the fourth most popular smart contract language by TVL and has received over $350 million in funding.
Summarize
The zkEVM aims to replicate the Ethereum environment as a rollup and allow developers to use familiar Ethereum tools. However, this approach suppresses the full potential of validity proofs and can be resource intensive.
The Cairo VM is designed for validity proof systems, free from the limitations of the EVM. It is supported by a new, safe and ergonomic Rust-inspired programming language called Cairo 1.0, forming a powerful tool designed to gain maximum efficiency by scaling Ethereum using STARK proofs.
It’s exciting to see the gains Cairo makes each week, and the growth of different options for developers, like Kakarot zkEVM and Warp. With the Starknet dApp moving into production, showcasing the power of Cairo, we believe it will be used for more ambitious projects in the future.
Thanks to the three avenues of STARK scaling outlined above, and others that will no doubt become available in the coming months, developers now have unprecedented control over scaling blockchains.