London, UK – [Date of Publication] – After a year of intense innovation that successfully delivered real-time proving capabilities, the Ethereum zkEVM ecosystem is embarking on its next critical phase: establishing mainnet-grade security. The focus has decisively shifted from raw speed to ensuring unassailable cryptographic robustness, targeting the industry-standard 128-bit provable security level. This strategic pivot underscores a profound commitment to safeguarding the multi-billion dollar assets that future Layer 1 (L1) zkEVMs are poised to secure.
The Ethereum Foundation’s cryptography team, acknowledging the invaluable contributions of Arantxa Zapico, Benedikt Wagner, Dmitry Khovratovich, and reviewers Ladislaus, Kev, Alex, and Marius, has outlined a clear roadmap for this crucial transition. The goal is to move beyond unproven mathematical conjectures that currently underpin some STARK-based zkEVMs, aiming instead for security guarantees that are mathematically verifiable and resilient against evolving threats.
The Velocity Vault: A Year of Unprecedented Speed
Just a year ago, the primary challenge facing the zkEVM ecosystem was proving speed. The vision was encapsulated in a "north-star definition" for real-time proving, published in July of the previous year. The subsequent nine months witnessed an extraordinary "sprint," a period of rapid development and optimization that yielded remarkable results across the ecosystem.
"We crossed the finish line for real-time proving!" exclaimed the Ethereum Foundation’s statement, reflecting the collective achievement. The numbers speak volumes: proving latency, once a daunting 16 minutes, has plummeted to an astonishing 16 seconds. Concurrently, operational costs for proving have collapsed by a staggering 45-fold, making the technology significantly more accessible and economically viable. Furthermore, zkVMs are now capable of proving an impressive 99% of all Ethereum blocks in under 10 seconds on target hardware. This monumental leap in performance has effectively cleared the major bottlenecks that once hindered the widespread adoption and utility of zkEVMs.
This achievement represents a significant validation of the zkEVM paradigm, which promises to revolutionize Ethereum’s scalability by enabling off-chain computation with on-chain verifiability. Zero-Knowledge Ethereum Virtual Machines (zkEVMs) are designed to replicate the Ethereum environment, allowing developers to deploy existing smart contracts with minimal changes, while benefiting from the immense throughput potential of ZKP technology. The success in achieving real-time proving signals that the technical prowess exists to make these systems practical and responsive.
However, as the dust settles from this performance sprint, a more formidable challenge looms: security. The article starkly states, "While the major performance bottlenecks have been cleared by the zkEVM teams, security still remains the elephant in the room." This candid assessment sets the stage for the ecosystem’s next, even more critical, endeavor.
From Sprint to Fortification: The Imperative of 128-Bit Provable Security
The transition from optimizing speed to fortifying security is not merely an incremental step; it represents a fundamental shift in priorities. The very nature of zero-knowledge proofs (ZKPs) demands an exceptionally high bar for security, as their integrity underpins the validity of off-chain computations.
The Fragility of Conjectures
A significant concern highlighted by the Ethereum Foundation is the current reliance of many STARK-based zkEVMs on "unproven mathematical conjectures" to meet their security targets. STARKs (Scalable Transparent ARguments of Knowledge) are a type of zero-knowledge proof known for their scalability and transparency, offering significant advantages over other ZKP constructions in certain contexts. However, their security often hinges on assumptions about the hardness of certain mathematical problems or the properties of specific cryptographic primitives.
Over the past months, the security landscape for STARKs has been dynamic, with "foundational conjectures getting mathematically disproven by researchers." This unsettling development has direct and serious implications for the perceived security levels of existing systems. Each time a conjecture falls, "it takes bits of security with it: what was advertised as 100 bits might actually be 80." This erosion of security bits is not a minor inconvenience; it can dramatically reduce the computational effort required for an attacker to compromise the system, moving it from theoretically impossible to practically feasible. The referenced disproof of the "proximity conjecture" is a stark reminder of this vulnerability, underscoring the academic rigor and constant re-evaluation required in the field of cryptography.
Defining Provable Security: The Gold Standard
The only "reasonable path forward," as articulated by the Ethereum Foundation, is provable security. This concept is central to modern cryptography, demanding that the security of a cryptographic scheme be formally proven based on well-established mathematical problems (e.g., factoring large numbers, discrete logarithm problems) or universally accepted cryptographic primitives. Unlike security based on conjectures, which can shift or collapse with new mathematical discoveries, provable security offers a higher degree of assurance.
The target for this provable security is 128 bits. This specific security level is not arbitrary; it is the widely accepted standard recommended by leading standardization bodies, such as the National Institute of Standards and Technology (NIST), as detailed in their Special Publication 800-57 Part 1 Revision 5. The 128-bit security level implies that an attacker would need to perform approximately 2^128 operations to break the system through brute force. To put this into perspective, even with the most powerful supercomputers available today and hypothetical future quantum computers (which pose a different set of cryptographic challenges), 2^128 operations is an astronomically large number, making such attacks computationally infeasible. This level has also been "validated by real-world computational milestones," further cementing its status as the benchmark for robust cryptographic protection.
The Catastrophic Risk of Soundness Issues
For zkEVMs, the pursuit of 128-bit provable security is far from an academic exercise. It is a matter of existential importance. A "soundness issue" in a zero-knowledge proof system refers to a flaw that allows a malicious prover to generate a valid-looking proof for a false statement. In simpler terms, an attacker could convince a verifier that a certain computation was performed correctly, even if it wasn’t.
The implications of such a flaw for an L1 zkEVM are catastrophic and absolute. "If an attacker can forge a proof, they can forge anything: mint tokens from nothing, rewrite state, steal funds." This means the very foundation of the blockchain’s integrity could be undermined. An attacker could bypass all economic and consensus mechanisms, fabricating transactions, creating infinite currency, or seizing control of any assets on the chain. Given that L1 zkEVMs are envisioned to secure "hundreds of billions of dollars," the security margin is not merely important; it is "not negotiable." The potential for financial devastation necessitates an unwavering commitment to the highest possible security standards.
Charting the Course: Three Critical Milestones for Security Hardening
Achieving 128-bit provable security for zkEVMs presents a complex challenge, primarily due to the inherent tension between security and proof size. Generally, more robust security guarantees often translate into larger cryptographic proofs. However, for a blockchain system like Ethereum, proofs must remain "small enough to propagate across Ethereum’s P2P network reliably and in time." This dual constraint necessitates innovative solutions that can deliver uncompromising security without sacrificing the practical utility of the proofs.
To navigate this intricate balance, the Ethereum Foundation has laid out three distinct milestones, each with a clear deadline, designed to systematically elevate the security posture of the zkEVM ecosystem.
Milestone 1: Soundcalc Integration (Deadline: End of February 2026)
The first and foundational step is the integration of soundcalc, a novel tool developed by the Ethereum cryptography team. soundcalc is described as a "tool that estimates zkVM security based on the latest cryptographic security bounds and proof system parameters." Its purpose is to provide a consistent and objective method for measuring the security level of various zkEVM implementations.
soundcalc is designed to be a "living tool," constantly evolving to incorporate the latest cryptographic research and insights into known attacks. This adaptive nature ensures that security assessments remain relevant and responsive to the dynamic landscape of cryptographic vulnerabilities. By the deadline, all participating zkEVM teams are required to integrate their proof system components and all their circuits with soundcalc. This mandate is crucial for establishing "a common ground for the security assessments that follow," enabling standardized evaluations and fostering transparency across the ecosystem. Past integrations, such as those referenced in GitHub issues #1 and #2, serve as precedents for this collaborative effort.
Milestone 2: Glamsterdam (Deadline: End of May 2026)
While specific details for "Glamsterdam" are not extensively elaborated upon in the initial announcement, its placement within the roadmap suggests it represents a critical phase of advanced security validation and hardening. Building upon the standardized measurements provided by soundcalc, Glamsterdam is expected to involve rigorous testing, perhaps through comprehensive security audits, bug bounties, or dedicated adversarial challenges designed to stress-test the integrated zkEVM systems. This milestone will likely focus on identifying and rectifying any remaining security weaknesses, ensuring that the theoretical security bounds identified by soundcalc are practically realized under diverse operational conditions. It signifies a move from theoretical assessment to practical robustness.
Milestone 3: H-star (Deadline: End of 2026)
"H-star," the final milestone for 2026, is anticipated to be the culminating point for this initial phase of security fortification. Similar to Glamsterdam, while specific activities are not fully detailed, H-star likely represents a state of mature, stable, and highly secure zkEVM architectures. This milestone is expected to confirm that the systems have achieved the target 128-bit provable security, with their proof sizes optimized for Ethereum’s network constraints. H-star will signify a readiness for widespread, high-value deployment on the mainnet, having undergone extensive scrutiny and refinement throughout the preceding phases. It is the checkpoint where the ecosystem collectively declares its foundational security solid.
The Toolkit for Fortification: Engineering and Cryptographic Advances
The ambitious milestones set forth are made tractable by a confluence of recent cryptographic and engineering advances. These innovations provide the tools and techniques necessary to achieve both high security and efficient proof sizes.
Compact Polynomial Commitment Schemes
One key area of progress lies in "compact polynomial commitment schemes" like WHIR (as detailed in eprint.iacr.org/2024/1586.pdf). Polynomial commitment schemes are fundamental components of many ZKP systems, allowing a prover to commit to a polynomial in a concise way, and later open specific evaluations of that polynomial without revealing the entire polynomial. Compact schemes like WHIR are crucial because they significantly reduce the size of the resulting proof, directly addressing the tension between security and proof size. Smaller proofs are faster to transmit and verify on-chain, which is vital for maintaining Ethereum’s P2P network efficiency.
Advanced Techniques: JaggedPCS and Grinding
Further advancements include techniques such as "JaggedPCS" (eprint.iacr.org/2025/917) and a "bit of grinding" (eprint.iacr.org/2021/582.pdf#page=47). JaggedPCS likely refers to novel methods for constructing or optimizing polynomial commitment schemes, potentially offering improved efficiency or security properties. "Grinding," in a cryptographic context, often refers to iterative computational processes used to find a value that meets certain criteria, typically involving a "proof-of-work" aspect. While not explicitly detailed in the context of this article, it suggests fine-tuning and optimization strategies at a low level to enhance the cryptographic strength or efficiency of the proof system. These techniques collectively contribute to the ability to achieve higher security levels without prohibitive overheads.
Structured Recursion Topology
Recursion is a powerful paradigm in modern zkEVMs, enabling the composition of multiple zero-knowledge proofs into a single, succinct proof. This is essential for proving complex computations, such as entire Ethereum blocks, by breaking them down into smaller, verifiable sub-components. However, "modern zkEVMs involve many circuits composed with recursion in custom ways, with lots of glue in between. Each team does it differently." This bespoke nature, while allowing for innovation, also introduces complexity and potential security vulnerabilities if not meticulously managed.
The Ethereum Foundation emphasizes that "documenting this architecture and its soundness is essential for the security of the entire system." A "well-structured recursion topology" (as exemplified in a soundcalc configuration file) is therefore paramount. It means clearly defining how different circuits interact, how proofs are aggregated, and how cryptographic assumptions propagate through the recursive structure. Standardizing or at least thoroughly documenting these recursion patterns will be crucial for comprehensive security audits and for ensuring the overall integrity of the zkEVM.
Strategic Consolidation: Paving the Path for Secure L1 zkEVMs
The current drive towards locking in zkEVM security is underpinned by a profound strategic rationale. "Securing a moving target is hard." When cryptographic architectures are in constant flux, continuously being optimized for performance or features, it becomes exceedingly difficult to perform exhaustive security analyses, conduct formal verifications, or establish lasting standards.
The Promise of Formal Verification
The milestones outlined are specifically designed to lead to a period where "zkVM architectures stabilize." This stability is the crucial prerequisite for "the formal verification work we’ve been investing in to reach its full potential." Formal verification is a rigorous process of mathematically proving the correctness and security properties of a system, often using automated theorem provers or model checkers. Unlike traditional testing, which can only show the presence of bugs, formal verification aims to prove their absence.
Initiatives like verified-zkevm.org represent a significant commitment to this highly demanding but ultimately rewarding approach. By H-star, the aspiration is for the "proof system layer will have mostly settled." This doesn’t imply a complete freeze on innovation but rather a state of sufficient stability where critical components can be formally verified, security proofs finalized, and precise specifications written that accurately "match deployed code." This synchronization between theoretical proofs, specifications, and actual implementation is the bedrock of truly secure systems.
This strategic consolidation is not merely about incremental improvements; it is about building the "foundation that is required to get to secure L1 zkEVMs." Without this bedrock of provable security and architectural stability, the promise of scalable, trustless Ethereum layers cannot be fully realized or safely deployed for mainstream use. The stakes are simply too high to compromise on the security of the underlying cryptographic machinery.
Conclusion: A New Era of Robustness for zkEVMs
A year ago, the prevailing question in the blockchain space was whether zkEVMs could achieve sufficient speed to be viable. That question has been unequivocally answered with a resounding "yes," thanks to the relentless efforts of the ecosystem. The new, more profound question now takes center stage: "whether they can prove soundly enough." The Ethereum Foundation expresses confidence in this endeavor, stating, "We are confident they can."
This confidence is rooted in a clear vision, a collaborative approach, and the ongoing advancements in cryptographic research and engineering. The transition from a performance-driven sprint to a security-focused fortification represents a natural and necessary evolution for a technology destined to underpin significant portions of the decentralized economy.
The Ethereum Foundation reaffirms its commitment to this new phase. While the specific details of their internal contributions were not fully listed in the provided text, their role in leading soundcalc development, coordinating ecosystem efforts, and fostering cryptographic research is evident.
The message is clear and resolute: "The performance sprint is over. Now let’s strengthen the foundations." This marks the beginning of an era where the zkEVM ecosystem aims not just for speed, but for an unprecedented level of cryptographic integrity, ensuring that the future of scalable Ethereum is built on an unshakeable bedrock of provable security. The collective effort of researchers, developers, and the broader community will be essential in achieving this ambitious yet vital goal.
