London, UK – [Current Date] – The Ethereum ecosystem is heralding a significant strategic pivot for its burgeoning zero-knowledge Ethereum Virtual Machine (zkEVM) technology. After a year of relentless innovation that saw the community successfully cross the "finish line" for real-time proving, the focus is now squarely on establishing a mainnet-grade security foundation, targeting an uncompromising 128-bit provable security level. This crucial transition underscores a commitment to safeguarding the billions of dollars at stake within the decentralized finance landscape and solidifying Ethereum’s future scalability infrastructure.
The journey to real-time proving has been nothing short of a sprint, marked by extraordinary advancements. However, as the technology matures and its potential impact on Layer 1 (L1) security becomes clearer, the Ethereum Foundation’s cryptography team is issuing a clarion call: speed is no longer the primary bottleneck; unassailable security is the next, non-negotiable frontier.
The Dawn of Real-Time Proving: A Retrospective of Rapid Advancement
Just a year ago, the concept of real-time proving for zkEVMs seemed an ambitious "north-star" goal. Defined in July of the previous year, this benchmark aimed to dramatically reduce the time it takes for zero-knowledge proofs to be generated, a critical factor for network responsiveness and user experience. The challenge was immense: optimizing complex cryptographic proofs to execute within tight temporal constraints, making zkEVMs truly viable for high-throughput blockchain operations.
Fast forward nine months, and the collective efforts of the zkEVM ecosystem have not just met, but demonstrably "crushed" these targets. The transformation has been staggering:
- Proving Latency: Plummeted from an unwieldy 16 minutes to a mere 16 seconds. This exponential reduction signifies a breakthrough in the practical utility of zkEVMs, bringing near-instant transaction finality within reach.
- Cost Efficiency: Proof generation costs have collapsed by an astonishing 45 times, making the technology significantly more economical and accessible for widespread adoption.
- Block Coverage: An impressive 99% of all Ethereum blocks are now proven by zkVMs in under 10 seconds on target hardware. This metric showcases the robustness and efficiency of the current proving infrastructure, demonstrating its capacity to handle the vast majority of network activity swiftly.
These achievements, a testament to the collaborative spirit and ingenuity within the Ethereum community, have effectively cleared the major performance bottlenecks that once hindered zkEVM development. The collective efforts of various zkEVM teams, researchers, and engineers have successfully brought the vision of scalable, efficient computation closer to reality.
From Speed to Security: The Elephant in the Room
With the performance hurdles largely overcome, the spotlight now intenses on an even more fundamental concern: security. While the speed gains are celebrated, the underlying cryptographic guarantees must be absolutely ironclad, especially as zkEVMs are increasingly eyed as a foundational layer for future Ethereum scaling. "While the major performance bottlenecks have been cleared by the zkEVM teams, security still remains the elephant in the room," the official statement noted, highlighting a shift in strategic priority.
The implications of any security vulnerability in a zkEVM are catastrophic. Unlike other software bugs, a flaw in the soundness of a zero-knowledge proof system could allow an attacker to forge proofs, effectively creating arbitrary valid state transitions without actually performing the underlying computations. This could manifest as:
- Unauthorized Token Minting: An attacker could generate new tokens out of thin air.
- State Manipulation: The entire state of the blockchain could be rewritten, leading to a loss of integrity.
- Fund Theft: Billions of dollars locked in smart contracts could be at risk of being stolen.
For an L1 zkEVM, which would secure potentially hundreds of billions of dollars in digital assets, such a "soundness issue" is not merely a bug; it is an existential threat. The security margin, therefore, becomes non-negotiable.
The Imperative of 128-Bit Provable Security
The core of this new directive is the commitment to 128-bit provable security. This standard is not arbitrary; it represents a globally recognized benchmark for cryptographic strength, recommended by leading standardization bodies such as the National Institute of Standards and Technology (NIST). It has been validated by real-world computational milestones, demonstrating its resilience against even the most sophisticated attacks.
The Challenges with Current STARK-based zkEVMs
Many of today’s STARK (Scalable Transparent ARguments of Knowledge)-based zkEVMs, while innovative, currently rely on mathematical conjectures that have, in some instances, proven to be less robust than initially assumed. STARKs are a type of zero-knowledge proof that offers scalability and transparency, making them highly attractive for blockchain applications. However, their security often depends on the unproven assumption that certain mathematical properties hold true.
Over the past months, the security landscape for STARKs has seen significant upheaval. Foundational conjectures, once widely accepted, have been mathematically disproven by diligent researchers. Each time a conjecture falls, the effective security bits of the system diminish. A system advertised as offering 100 bits of security might, in reality, only provide 80 bits, or even less. This erosion of security margins is unacceptable for a system designed to secure immense value.
The Ethereum Foundation emphasizes that the "only reasonable path forward is provable security." This means moving beyond reliance on unproven assumptions to cryptographic constructs whose security can be rigorously demonstrated and mathematically guaranteed. For zkEVMs, this is not an academic exercise but a critical necessity for mainstream adoption and trust.
Three Milestones: Charting the Course to Mainnet-Grade Security
Achieving 128-bit provable security presents a complex engineering challenge, particularly due to the inherent tension between security and proof size. Higher security levels typically demand larger proofs, yet proofs must remain small enough to propagate efficiently across Ethereum’s peer-to-peer network within acceptable timeframes. To navigate this intricate balance, the Ethereum Foundation has laid out three distinct milestones for the zkEVM ecosystem:
Milestone 1: soundcalc Integration
- Deadline: End of February 2026
The first step towards standardized and verifiable security is the universal adoption of soundcalc, an open-source tool developed by the Ethereum Foundation. soundcalc is designed to estimate the security level of zkVMs by analyzing their underlying cryptographic security bounds and proof system parameters. It functions as a dynamic, living tool, continuously integrating the latest cryptographic research and known attack vectors to provide accurate, up-to-date security assessments.
By the February 2026 deadline, all participating zkEVM teams are mandated to integrate their proof system components and all their circuits with soundcalc. This ensures a common framework for security evaluation, fostering transparency and enabling consistent assessments across the diverse zkEVM landscape. This integration will provide the foundational data necessary for the subsequent security assessments and optimizations.
Milestone 2: Glamsterdam
- Deadline: End of May 2026
Following the soundcalc integration, the ecosystem will move into a critical phase dubbed "Glamsterdam." This milestone is envisioned as a comprehensive, public evaluation and optimization initiative, designed to validate and refine the path to 128-bit provable security. Glamsterdam will likely involve:
- Public Security Audits and Bug Bounties: Engaging the global cryptographic and security research community to rigorously test integrated zkEVM components for any potential soundness issues or vulnerabilities at the target 128-bit security level. Significant incentives will be offered for identifying critical flaws.
- Parameter Standardization Workshop: A collaborative effort to standardize key cryptographic parameters across different zkEVM implementations, ensuring interoperability and a consistent security posture. This would involve a focused symposium where leading cryptographers and engineers refine and agree upon optimal parameters for 128-bit security without compromising on proof size.
- Reference Implementation & Benchmarking: The release of a reference zkEVM component or a full-stack prototype that demonstrably achieves 128-bit provable security while adhering to strict proof size and performance targets. This will serve as a benchmark for other teams and provide a concrete example of the desired security profile.
- Proof Size Optimization Challenge: A concentrated effort to develop and integrate advanced techniques for minimizing proof size under the 128-bit security constraint, ensuring that the enhanced security does not render proofs too large for efficient propagation on the Ethereum P2P network.
Glamsterdam represents a crucial convergence point where theoretical security targets are tested against practical implementation, leading to robust, community-vetted solutions.
Milestone 3: H-star
- Deadline: End of 2026
The final milestone, "H-star," marks the culmination of the security sprint. By the end of 2026, the goal is to achieve a state of readiness where zkEVM proof systems are not only provably secure at 128 bits but also stable enough for formal verification and mainnet deployment consideration. H-star encompasses:
- Formal Verification of Core Components: Critical components of zkEVM proof systems will undergo rigorous formal verification, a process that uses mathematical methods to prove the correctness of algorithms and implementations. This provides the highest level of assurance against logical flaws and ensures that the deployed code precisely matches its security specifications.
- Finalization of Security Proofs: All underlying cryptographic constructions and their composition will have thoroughly reviewed and finalized security proofs, leaving no room for reliance on unproven conjectures. These proofs will be publicly available and peer-reviewed.
- Stabilized Architecture Specifications: The overall architecture of zkEVM proof systems will be documented and stabilized, providing clear, unambiguous specifications that developers can build upon with confidence. This stability is crucial for long-term maintenance, auditing, and future upgrades.
- Mainnet Deployment Candidacy: zkEVMs that successfully achieve H-star will be considered ready for L1 integration, having demonstrated the necessary security, stability, and efficiency for safeguarding the Ethereum network.
Technical Enablers: Innovation Fueling the Path Forward
The ambitious goals set for these milestones are made tractable by recent breakthroughs in cryptographic research and engineering. The Ethereum Foundation points to several key advancements:
- WHIR (Weak Hash Interactive Oracle Proof): A compact polynomial commitment scheme, WHIR (as detailed in eprint.iacr.org/2024/1586.pdf) offers significantly smaller proof sizes compared to previous methods, directly addressing the tension between security and proof size.
- JaggedPCS: Techniques like JaggedPCS (eprint.iacr.org/2025/917) further enhance the efficiency and compactness of polynomial commitment schemes, contributing to more optimized proof generation.
- Grinding: A method described in academic papers (e.g., eprint.iacr.org/2021/582.pdf#page=47), grinding refers to techniques that can optimize certain cryptographic parameters to achieve higher security with minimal overhead or improve efficiency.
- Well-structured Recursion Topology: Modern zkEVMs involve intricate compositions of many circuits using recursion, often with custom "glue logic" between them. A well-structured recursion topology (as exemplified in soundcalc’s internal documentation) is vital for ensuring the soundness of the entire system. Documenting and formally verifying this complex architecture is paramount for overall security. Recursion allows for the aggregation of multiple proofs into a single, compact proof, a critical feature for scalability.
The complexity of recursion, where each team currently implements it differently, necessitates clear documentation and rigorous soundness analysis to ensure the integrity of the entire system.
The Path Forward: Stabilizing for Formal Verification
There is a strategic imperative behind locking in on zkEVM security now. As the article emphasizes, "Securing a moving target is hard." The rapid pace of innovation, while beneficial for performance, can make comprehensive security analysis and formal verification an uphill battle. By defining and hitting these security targets, zkVM architectures are expected to stabilize.
Once these architectures are "settled"—not frozen indefinitely, but stable enough in their core design—the extensive formal verification work that the Ethereum Foundation has been investing in through initiatives like verified-zkevm.org can reach its full potential. By the H-star milestone, the proof system layer should have achieved a degree of stability that allows for:
- Formal Verification of Critical Components: Proving the mathematical correctness of the most sensitive parts of the system.
- Finalization of Security Proofs: Rigorously demonstrating the security guarantees of the entire system.
- Writing Specifications that Match Deployed Code: Bridging the gap between theoretical design and practical implementation, ensuring that what is built truly aligns with what is intended to be secure.
This foundational work is not merely an incremental improvement; it is the essential prerequisite for realizing truly secure L1 zkEVMs, systems robust enough to underpin the future of the Ethereum network.
Building Foundations: A Confident Outlook
A year ago, the prevailing question in the zkEVM community was whether these advanced scaling solutions could prove fast enough. That question has been unequivocally answered with resounding success. The new, more profound question now is whether they can prove soundly enough. The Ethereum Foundation expresses strong confidence in the ecosystem’s ability to meet this challenge.
The shift in focus from raw performance to unyielding security marks a natural and necessary evolution for a technology destined to play a pivotal role in the future of decentralized finance and blockchain scalability. The Ethereum Foundation, along with its dedicated cryptography team—including contributors like Arantxa Zapico, Benedikt Wagner, and Dmitry Khovratovich, and reviewers Ladislaus, Kev, Alex, and Marius—is committed to supporting this transition. This support will manifest through continued research, development of open-source tools like soundcalc, facilitation of community collaboration, and strategic funding initiatives aimed at fostering the necessary advancements.
The performance sprint is over. Now, the collective might of the Ethereum community is rallied to strengthen the very foundations upon which the future of a secure, scalable, and decentralized web will be built. The pursuit of 128-bit provable security is not just a technical goal; it is a testament to Ethereum’s unwavering commitment to integrity and trust.
