Cairo

Cairo is a Turing-complete, high-level programming language designed for writing provable programs, where the correctness of execution can be cryptographically verified. It is the native language for StarkNet, a permissionless decentralized Validity-Rollup (ZK-Rollup), and StarkEx, a scaling engine, both of which use STARK proofs to scale Ethereum. Unlike general-purpose languages, Cairo's syntax and architecture are built from the ground up to generate computational integrity proofs, enabling complex dApp logic to be executed off-chain and verified on-chain with minimal gas cost.

The language employs a unique AIR (Algebraic Intermediate Representation) to describe computations. When a Cairo program runs, it produces an execution trace. This trace is used to generate a STARK proof, a succinct cryptographic certificate that attests to the correct execution of the program without revealing its inputs. This core mechanism allows for massive scalability—proving the validity of thousands of transactions in a single proof—while maintaining Ethereum's security guarantees through cryptographic assurance rather than re-execution.

Cairo 1.0, a major revision, introduced a Rust-inspired syntax and a powerful borrow checker, significantly improving developer experience and safety. It compiles down to Sierra, a safe intermediate representation, which then compiles to Cairo Assembly (CASM), the bytecode executed by the Cairo VM. This layered compilation ensures that programs are always provable. Key use cases include building high-throughput DeFi protocols, gaming engines, and privacy-preserving applications on StarkNet, where computational integrity and low costs are paramount.

Cairo is a Turing-complete programming language and virtual machine designed by StarkWare for creating STARK-provable programs, primarily for blockchain scaling. The name is a direct reference to the Cairo Geniza, a collection of medieval Jewish manuscript fragments discovered in the Ben Ezra Synagogue in Old Cairo, Egypt. This historical repository was significant for preserving a vast, fragmented record of a community's life and law. Similarly, the Cairo language is built to generate concise cryptographic proofs—succinct, verifiable records—of computational integrity, preserving the essential truth of complex computations without storing their entire execution trace.

The choice of name extends beyond mere historical allusion to a core technical analogy. Just as the Geniza fragments provided verifiable evidence of historical events and transactions, a Cairo program produces a STARK proof that serves as irrefutable, compact evidence that a computation was executed correctly. This proof can be verified by anyone far more efficiently than re-running the original program, enabling the validity rollup scaling paradigm. The language's architecture, including its AIR (Algebraic Intermediate Representation) and built-in proof system, is engineered from the ground up to make this proof generation as efficient as possible.

The development of Cairo is intrinsically linked to the evolution of StarkNet, a decentralized Layer 2 validity rollup on Ethereum. Cairo serves as StarkNet's native smart contract language, with contracts compiled to Cairo assembly and executed within the Cairo VM. Its design emphasizes safety and provability, featuring a memory model that prevents undefined behavior and built-in primitives for cryptographic operations. This makes it distinct from general-purpose languages like Solidity, as every Cairo program is, by construction, a blueprint for a zero-knowledge proof.

Understanding Cairo's origin clarifies its role in the broader blockchain ecosystem. It is not merely another smart contract language but a foundational tool for verifiable computation. Its etymology underscores a fundamental shift in blockchain design: moving from trusting a network of re-executing nodes to trusting cryptographic truth. As such, Cairo is central to realizing the vision of StarkWare and similar projects, where scalable blockchains can maintain security by publishing and verifying these compact proofs of validity, much like scholars verifying history through fragmented but conclusive evidence.

Cairo enables developers to write STARK-provable programs, where the correctness of a computation is verified cryptographically without re-executing it. This is achieved by generating a computational integrity proof, known as a STARK proof, which attests that a program was executed correctly given specific inputs. The language's syntax is designed to be expressive for general-purpose computing while being constrained enough for efficient proof generation. A Cairo program is compiled into Cairo Assembly (CASM), a lower-level representation that the Cairo VM executes to produce an execution trace for the prover.

The core of Cairo's architecture is the Cairo Virtual Machine (CVM), a specialized VM that processes Cairo bytecode. Unlike traditional VMs, the CVM's execution is structured to produce a trace that is amenable to efficient cryptographic proving. The prover uses this trace to generate a STARK proof, a small cryptographic certificate that can be verified in milliseconds, even for complex computations. This decouples execution from verification, allowing a single proof to convince countless verifiers of the result's validity, which is the foundation of Starknet's scalability.

Cairo operates on a shared prover model, where many transactions are batched together into a single proof. This aggregation dramatically reduces the cost per transaction. The language is memory-safe and includes native support for felt (field element) data types, which are the fundamental units of computation within the STARK-proof-friendly prime field. Developers interact with Cairo through tools like the Cairo compiler (cairo-compile), the Cairo test runner, and integrated development environments, which handle the translation from high-level code to a provable execution trace.

A key innovation in Cairo 1.0 and later versions is the Sierra intermediate representation layer. Sierra sits between the high-level Cairo code and the low-level CASM, providing a safety layer that guarantees that every valid Sierra program can be compiled to provable CASM. This eliminates the possibility of compile-time errors in the final proving stage and enhances developer experience. Sierra is also the interface through which Cairo smart contracts on Starknet are executed and proven.

In practice, writing a Cairo program involves defining functions, structs, and using built-in or library functions for operations like hashing and signature verification. When deployed on Starknet, a Cairo contract's state transitions are proven off-chain, and only the proof and the new state root are posted on the Ethereum L1. This mechanism, powered by Cairo's provable execution, enables Starknet to offer high throughput and low transaction fees while maintaining Ethereum-level security through cryptographic verification.

Cairo is a Turing-complete programming language and framework designed for writing provable programs (often called STARK-provable programs) for general computation, most notably as the native language for StarkNet's Layer 2 validity rollup. In contrast, Solidity is an object-oriented, high-level language created specifically for implementing smart contracts that execute deterministically on the Ethereum Virtual Machine (EVM). This represents a paradigm shift from a virtual machine-centric model (EVM) to a proof-centric model (STARKs), where the primary output is a cryptographic proof of correct execution rather than just a state change.

The core divergence lies in their computational models and trust assumptions. A Solidity contract's logic is executed and validated by every node in the Ethereum network, requiring consensus on the process. Cairo, however, separates execution from verification: a single entity (the prover) executes the program and generates a STARK proof, while any verifier can check this proof's validity in constant time, trusting only the cryptographic soundness of the proof system. This enables Cairo to be more computationally expressive, supporting complex logic like recursive proofs, while Solidity is constrained by the EVM's gas costs and opcode limitations.

This architectural shift manifests in their application domains. Solidity is optimized for the specific domain of on-chain, state-modifying contract logic—managing token balances, decentralized exchange pools, and governance votes. Cairo, through its hierarchical proof system, excels at scaling this logic by batching thousands of transactions into a single proof, and is inherently suited for applications requiring verifiable off-chain computation, such as privacy-preserving proofs or verifiable machine learning models, which are impractical in the EVM environment.