The decentralized ledger technology sector has witnessed a dramatic acceleration in the development and deployment of Zero-Knowledge Ethereum Virtual Machines (zkEVMs) over the past year. What began as ambitious research and development goals has now culminated in a significant breakthrough: the achievement of real-time proving capabilities. This pivotal accomplishment, lauded by industry leaders and cryptographic experts, marks a new era for zkEVMs, shifting the focus from raw speed to the paramount importance of robust, mainnet-grade security.
This monumental stride forward is the result of sustained effort and collaborative innovation. The EF cryptography team, with significant contributions from Arantxa Zapico, Benedikt Wagner, and Dmitry Khovratovich, alongside critical reviews and feedback from Ladislaus, Kev, Alex, and Marius, has been instrumental in this advancement. Their dedication has paved the way for zkEVMs to transition from experimental technologies to viable solutions for securing the burgeoning blockchain ecosystem.
From Sprint to Solidification: The Evolution of zkEVM Performance
The past twelve months have been characterized by an intense "sprint" within the zkEVM ecosystem, a period marked by aggressive development cycles and a singular focus on performance optimization. This concerted effort has yielded remarkable results, fundamentally altering the landscape of zero-knowledge proofs for blockchain scaling.
A significant milestone was the publication of a "north-star definition" for real-time proving in July of the previous year. This provided a clear objective and benchmark for the entire ecosystem. Nine months later, this target was not only met but demonstrably surpassed. Data compiled by the ethproofs.org community reveals a dramatic reduction in proving latency, plummeting from an average of 16 minutes to a mere 16 seconds. Concurrently, the cost associated with generating these proofs has seen a substantial decline of 45%, making zkEVM technology significantly more accessible and economically viable. The culmination of these efforts means that zkVMs are now capable of proving approximately 99% of all Ethereum blocks in under 10 seconds on optimized hardware configurations.
While these performance enhancements are undeniably transformative, the rapid progress has brought a critical challenge into sharper focus: security. With the major performance bottlenecks effectively addressed, the industry’s attention is now squarely fixed on ensuring that zkEVMs can meet the stringent security demands required for mainnet deployment, especially for Layer 1 solutions that will handle vast sums of digital assets.
The Imperative of 128-Bit Provable Security in a Shifting Landscape
The current generation of STARK-based zkEVMs often relies on unproven mathematical conjectures to establish their security parameters. However, the foundational underpinnings of STARK security have recently come under intense scrutiny. Over the past several months, foundational conjectures within this cryptographic domain have been mathematically disproven by independent researchers. Each invalidated conjecture represents a potential erosion of the security guarantees previously assumed. What was once confidently advertised as 100 bits of security might, in reality, be significantly less, perhaps closer to 80 bits.
This erosion of confidence necessitates a definitive shift towards "provable security." The overwhelming consensus within the cryptographic community points to 128 bits as the benchmark for robust, long-term security. This standard is not an arbitrary figure but is actively recommended by leading standardization bodies, such as the National Institute of Standards and Technology (NIST) in its Special Publication 800-57, and is validated by significant computational milestones achieved in real-world cryptographic analysis.
For zkEVMs, especially those intended for use as Layer 1 solutions capable of securing hundreds of billions of dollars, the implications of insufficient security are profound and potentially catastrophic. A soundness issue in a zkEVM is not a minor bug; it is an existential threat. The ability for an attacker to forge a valid proof could enable malicious actors to mint tokens from thin air, rewrite the blockchain’s state, or outright steal user funds. In this context, the security margin is non-negotiable. The transition from theoretical security to rigorously proven security is therefore not merely an academic exercise but a critical requirement for the integrity and trustworthiness of the entire blockchain ecosystem.
Charting the Course: Three Critical Milestones for zkEVM Security
Recognizing the delicate balance between advanced security and the practical necessity of manageable proof sizes, the Ethereum Foundation has outlined a clear roadmap for achieving mainnet-grade security in zkEVMs. Security and proof size are intrinsically linked; enhanced security measures often lead to larger proofs, which can, in turn, strain the Ethereum peer-to-peer network’s capacity to propagate them reliably and within acceptable timeframes. To navigate this challenge, three key milestones have been established:
Milestone 1: Soundcalc Integration (Deadline: End of February 2026)
To foster a consistent and standardized approach to security measurement, the soundcalc tool has been developed. This innovative utility is designed to estimate the security of zkVMs by leveraging the latest cryptographic security bounds and proof system parameters. soundcalc is envisioned as a dynamic instrument, continuously updated to incorporate cutting-edge research and known attack vectors.
The objective for this initial milestone is for all participating zkEVM teams to integrate their proof system components and all associated circuits into soundcalc. This integration will establish a common, verifiable baseline for security assessments, enabling objective comparisons and transparent evaluation across different zkEVM implementations. Examples of previous integrations, such as issue #18 and pull request #21 on the soundcalc GitHub repository, demonstrate the practical application of this initiative. This foundational step ensures that security discussions are grounded in shared metrics and methodologies, moving away from subjective claims toward quantifiable assurance.
Milestone 2: Glamsterdam (Deadline: End of May 2026)
While the specifics of the "Glamsterdam" milestone are yet to be fully detailed, its positioning in the timeline suggests a focus on further refinement and potential integration of advanced cryptographic techniques or architectural optimizations. This phase will likely build upon the standardized security measurements established in Milestone 1, pushing for demonstrable improvements in both security margins and proof efficiency. Industry observers anticipate that this milestone may involve the adoption of novel proof aggregation techniques or enhancements to circuit design that further bolster security while mitigating proof size inflation. The success of this phase will be crucial in demonstrating the practical applicability of the security advancements made in the preceding months.
Milestone 3: H-star (Deadline: End of 2026)
The "H-star" milestone represents the culmination of the current security roadmap, aiming for a significant degree of maturity and stability in zkEVM architectures. By the end of 2026, the expectation is that the proof system layer will have largely "settled." This does not imply a cessation of innovation but rather a stabilization of core architectures, allowing for rigorous formal verification.
The achievement of H-star will pave the way for the full realization of formal verification efforts, such as those being invested in by projects like verified-zkevm.org. With stable architectures, critical components can be formally verified, security proofs finalized, and specifications precisely aligned with deployed code. This level of assurance is considered the bedrock upon which secure Layer 1 zkEVMs can be confidently built and operated.
Technological Underpinnings for Enhanced Security and Efficiency
The ambitious timelines set for these milestones are made achievable by recent advancements in both cryptography and engineering. Several key innovations are expected to play a crucial role:
- Compact Polynomial Commitment Schemes: Technologies like WHIR (Witness Hiding Interactive Recursion) offer more efficient ways to commit to polynomials, a fundamental operation in many zero-knowledge proof systems. These schemes aim to reduce the size of proofs while maintaining strong security guarantees.
- Advanced Proving Techniques: Innovations such as JaggedPCS (Polynomial Commitment Scheme) are exploring novel methods for constructing and verifying proofs, potentially offering breakthroughs in both speed and security.
- Strategic "Grinding": In cryptographic contexts, "grinding" can refer to computationally intensive processes that increase the difficulty for an attacker to forge proofs or find collisions. Judicious application of such techniques, as referenced in academic papers, can bolster security.
- Well-Structured Recursion Topologies: Modern zkEVMs often employ complex recursive structures, composing multiple circuits to handle the vast computations required for smart contract execution. The way these circuits are interconnected and managed (the "topology") is critical for both performance and security. A well-structured recursion topology, as highlighted in the
pico.tomlconfiguration file withinsoundcalc, is essential for maintaining the integrity of the entire system. Documenting and formally verifying these intricate architectures is paramount.
The emphasis on recursion is particularly significant. Each zkEVM team has developed unique approaches to composing circuits recursively, often with bespoke "glue" logic connecting them. This heterogeneity presents a challenge for standardized security analysis. Therefore, documenting these architectures comprehensively and rigorously verifying their soundness is indispensable for the overall security of the zkEVM ecosystem.
Building the Foundation for a Secure Decentralized Future
A year ago, the primary question surrounding zkEVMs was their ability to achieve sufficient proof generation speeds. That question has now been definitively answered with the advent of real-time proving. The new, and arguably more critical, question is whether these systems can provide the necessary level of soundness for mainnet deployment. The current trajectory and the outlined milestones suggest a strong affirmative.
The Ethereum Foundation’s commitment to this endeavor is multifaceted. Beyond the development of tools like soundcalc and the establishment of security benchmarks, there is an ongoing investment in formal verification tools and methodologies. As zkEVM architectures stabilize following the H-star milestone, the full potential of these verification efforts can be realized. This will enable the creation of rigorous specifications that accurately reflect deployed code, leading to a more secure and trustworthy decentralized future.
The performance sprint has concluded, yielding remarkable achievements. Now, the focus shifts to a more deliberate and critical phase: strengthening the foundational security of zkEVM technology. This strategic pivot is essential for building the robust infrastructure required for the next generation of decentralized applications and for securing the vast economic value that will increasingly reside on blockchain networks. The commitment to 128-bit provable security signifies a mature and responsible approach to scaling blockchain technology, ensuring that innovation does not come at the expense of fundamental safety and integrity.
