The zkEVM (Zero-Knowledge Ethereum Virtual Machine) ecosystem has successfully achieved a critical milestone: real-time proving. After a year of intensive development and collaboration, the community has overcome significant performance hurdles, marking a new era for scaling Ethereum. This achievement, however, is only the prelude to the next, arguably more challenging phase: building zkEVMs that meet the stringent security demands of mainnet deployment.
The journey began with a clear objective outlined in July of the previous year: to define and achieve "real-time proving." This ambitious goal aimed to drastically reduce the time it takes for zero-knowledge proofs to be generated and verified, a fundamental bottleneck in the scalability of blockchain networks. The results have exceeded expectations. According to recent reports from the zkEVM development community, proving latency has plummeted from an average of 16 minutes to a mere 16 seconds. This represents a staggering improvement in efficiency. Furthermore, the cost associated with generating these proofs has seen a substantial reduction of 45%, making zkEVM solutions significantly more economical. Crucially, zkVMs are now capable of processing and proving approximately 99% of all Ethereum blocks in under 10 seconds on target hardware configurations. This performance leap is a testament to the concerted efforts of developers and researchers within the EF cryptography team, including Arantxa Zapico, Benedikt Wagner, and Dmitry Khovratovich, and the invaluable feedback provided by reviewers like Ladislaus, Kev, Alex, and Marius.
While the dramatic improvements in speed and cost are cause for celebration, the focus is now shifting decisively towards the paramount concern of security. The initial sprint to optimize performance has largely addressed the most significant bottlenecks, but the underlying security guarantees of these complex systems remain a subject of intense scrutiny and ongoing research.
The Imperative of 128-Bit Provable Security
A significant challenge confronting many STARK-based zkEVMs currently lies in their reliance on unproven mathematical conjectures to establish their security targets. In recent months, the cryptographic foundations of STARKs have faced considerable pressure. Foundational conjectures, once considered robust, have been mathematically disproven by researchers. Each disproven conjecture can erode the advertised security level of a zkEVM system. For instance, a system that was initially claimed to offer 100 bits of security might, after such a disproof, actually provide closer to 80 bits.
This erosion of theoretical security necessitates a rigorous shift towards "provable security." The consensus within the cryptographic community and among leading blockchain developers is that 128 bits of security represents the current gold standard. This level is not an arbitrary figure; it is the security benchmark recommended by major standardization bodies, including NIST, and is validated by the computational milestones achieved in real-world cryptographic attacks. For example, brute-forcing a 128-bit symmetric encryption key is considered computationally infeasible with current and foreseeable technology.
The implications of a security failure in a zkEVM, particularly one operating as a Layer 1 solution or a critical Layer 2 with substantial value at stake, are catastrophic. Unlike many other types of security vulnerabilities, a successful soundness exploit in a zkEVM could allow an attacker to forge proofs. This would grant them the ability to perform actions that should be impossible, such as minting tokens out of thin air, arbitrarily altering blockchain state, or directly stealing user funds. For a system designed to secure hundreds of billions of dollars, the security margin is non-negotiable, and any compromise in this area is unacceptable.
Charting a Course: Three Key Milestones for Security and Efficiency
The development of secure and efficient zkEVMs involves a delicate balancing act between security guarantees and proof size. Enhanced security often leads to larger proof sizes, which can, in turn, strain the capacity of the Ethereum peer-to-peer network to propagate these proofs reliably and within the required timeframes. To navigate this tension, the zkEVM community is establishing three critical milestones designed to foster a systematic approach to security assessment and development.
Milestone 1: soundcalc Integration
- Deadline: End of February 2026
To ensure a consistent and objective measurement of security across different zkEVM implementations, a new tool named soundcalc has been developed. This tool is designed to estimate the security of zkVMs by leveraging the latest cryptographic security bounds and the specific parameters of their proof systems. soundcalc is envisioned as a living project, continuously updated to incorporate the most recent research findings and known cryptographic attacks.
By the end of February 2026, participating zkEVM teams are expected to integrate their proof system components and all associated circuits with soundcalc. This integration will establish a common, verifiable baseline for security assessments. Examples of previous integrations, such as issues #1 and pull request #2 on the soundcalc GitHub repository, illustrate the process and the level of detail required. This foundational step is crucial for creating a shared understanding and a standardized methodology for evaluating the security posture of diverse zkEVM architectures.
Milestone 2: Glamsterdam
- Deadline: End of May 2026
This milestone, while its specific technical details are still being elaborated, is understood to represent a significant step in the practical implementation and testing of zkEVM security features. It likely involves advanced cryptographic techniques and architectural considerations aimed at enhancing both the security and the efficiency of proof generation and verification. The name "Glamsterdam" suggests a project or framework that aims to bring together advanced cryptographic concepts with practical, robust implementation. Further details are anticipated as the deadline approaches.
Milestone 3: H-star
- Deadline: End of 2026
The "H-star" milestone signifies the culmination of the current development phase, aiming for a stable and formally verifiable zkEVM architecture. By the end of 2026, the ambition is for the proof system layer of zkEVMs to have largely "settled." This does not imply a complete cessation of innovation but rather a stabilization of core architectures and cryptographic primitives. This stability is essential for enabling formal verification efforts, finalizing rigorous security proofs, and developing precise specifications that accurately reflect the deployed code. This milestone is critical for building the robust foundation necessary for secure L1 zkEVMs.
Several recent cryptographic and engineering advancements are making these ambitious milestones achievable. These include the development of compact polynomial commitment schemes, such as WHIR (Weakly-Interleaved Homomorphic Recursion), and techniques like JaggedPCS (Piecewise Polynomial Commitment Scheme). The judicious application of "grinding" – a technique used in cryptography to make certain attacks computationally infeasible – and a well-structured recursion topology, as exemplified in the pico.toml configuration within soundcalc, are all contributing to a viable path forward.
Recursion, in particular, warrants special attention. Modern zkEVMs are characterized by complex architectures where numerous circuits are composed recursively, often with custom arrangements and substantial "glue code" connecting them. Each development team employs a unique approach to this recursive composition. Therefore, comprehensively documenting these architectures and rigorously proving their soundness is paramount to ensuring the overall security of the entire zkEVM system.
The Path Forward: From Performance to Formal Verification
There is a strategic rationale for prioritizing and solidifying zkEVM security at this juncture. The challenge of securing a rapidly evolving technology is inherently difficult. However, once development teams achieve the outlined security targets and zkEVM architectures begin to stabilize, the extensive formal verification work that has been underway can reach its full potential. Projects like verified-zkevm.org are investing heavily in this area, aiming to mathematically prove the correctness and security of zkEVM implementations.
The stabilization expected by the "H-star" milestone will create an environment conducive to formal verification. This will allow for the rigorous examination of critical components, the finalization of complex security proofs, and the creation of precise specifications that align with deployed code. This comprehensive approach to verification is the bedrock upon which secure L1 zkEVMs can be built, ensuring the integrity and trustworthiness of these vital scaling solutions for the Ethereum network.
Building Enduring Foundations
A year ago, the prevailing question in the zkEVM space was whether these solutions could achieve sufficient proof generation speeds. That question has been definitively answered with the advent of real-time proving. The focus has now evolved to a more profound inquiry: can zkEVMs provide sufficiently robust and provable security guarantees? The community is increasingly confident that the answer will be a resounding yes.
On the part of the Ethereum Foundation and its collaborators, ongoing efforts include:
- Continued Investment in Cryptographic Research: Funding and supporting fundamental research into zero-knowledge proofs, cryptographic primitives, and advanced security techniques to push the boundaries of what is computationally feasible and mathematically sound.
- Development of Security Tools and Frameworks: Building and maintaining tools like
soundcalcto provide standardized methodologies for security assessment and to foster collaboration within the ecosystem. - Formal Verification Initiatives: Investing in projects dedicated to the formal verification of zkEVM circuits and protocols, aiming to provide mathematical guarantees of their correctness and security.
- Community Collaboration and Education: Facilitating knowledge sharing, organizing workshops, and promoting best practices to ensure that security remains a top priority for all zkEVM developers.
The era of the performance sprint for zkEVMs has concluded. The focus has decisively shifted towards strengthening the underlying foundations, ensuring that these powerful scaling technologies are not only fast and efficient but also inherently secure and trustworthy for widespread mainnet deployment. This transition marks a critical phase in the maturation of Ethereum’s scaling roadmap, paving the way for a more decentralized and accessible future for the blockchain.
