The zkEVM ecosystem has seen rapid improvements in latency over the past year. The time required to generate a proof for an Ethereum block has decreased dramatically, from 16 minutes to just 16 seconds. Costs have also fallen, by a factor of 45. Participating zkVMs can now generate proofs for 99% of mainnet blocks in under 10 seconds when running on suitable hardware.
On December 18th, the Ethereum Foundation (EF) declared that real-time proving is now achievable, signifying a potential milestone. The fundamental performance bottlenecks have seemingly been resolved. However, a more challenging phase is beginning, as speed without mathematical robustness can become a liability. There are concerns as the mathematical foundations of many STARK-based zkEVMs have shown vulnerabilities in recent months.
From Real-Time Proving to Prioritizing Ethereum Security
In July, the EF established an official goal for "real-time proving," encompassing not only latency but also hardware, energy consumption, openness, and security. Specifically, the system should be able to prove at least 99% of mainnet blocks within 10 seconds using hardware costing approximately $100,000, consuming no more than 10 kW of power, using fully open-, achieving a 128-bit security level, and producing proofs no larger than 300 kilobytes.
The December 18th announcement asserts that the ecosystem has met this performance goal, based on data from the EthProofs benchmark site. The concept of "real-time" is defined relative to Ethereum's 12-second slot cycle, with approximately 1.5 seconds allocated for block propagation. Essentially, proofs must be ready fast enough for validators to verify them without disrupting the network's liveness.
The Pivot to Soundness and Blockchain Security
The EF is now shifting its focus from throughput to soundness, a move that emphasizes rigor. Many STARK-based zkEVMs have claimed high levels of security by relying on unproven mathematical assumptions. Recently, some of these assumptions, particularly "proximity gap" assumptions in low-degree tests of hash-based SNARKs and STARKs, have been mathematically invalidated. This significantly reduces the actual security level of parameter sets that depended on them.
The EF emphasizes that for Layer 1 (L1), the only acceptable target is "provable security," rather than "security if assumption X is true." The 128-bit level has been selected as the standard, aligning with mainstream cryptographic standards organizations and academic literature on long-term systems. Real-world computing records also indicate that 128-bit security is beyond practical attack capabilities.
This prioritization of soundness over speed reflects a fundamental difference in risk assessment. If an attacker can forge a zkEVM proof, they could not only drain a contract but also mint tokens, rewrite the L1 state, and cause the entire system to "lie." Thus, the EF considers a high security margin non-negotiable for any zkEVM used on L1.
The Ethereum Foundation's Three-Milestone Roadmap for 128-bit Standard
The EF has outlined a clear roadmap with three mandatory milestones for achieving robust blockchain security.
- First Milestone: By the end of February 2026, all participating zkEVM teams must integrate their proof systems and circuits into "soundcalc," a tool maintained by the EF to calculate the security level based on current cryptanalytic bounds and the parameters of each scheme. The goal is to establish a "common yardstick." Instead of each team self-reporting bit-security levels based on their own assumptions, soundcalc will become the standard, updated as new attack methods emerge.
- Second Milestone ("Glamsterdam"): By the end of May 2026, teams must achieve a minimum of 100-bit provable security via soundcalc, a proof size not exceeding 600 kilobytes, and a concise, public explanation of the recursive architecture and the underlying argument for its soundness. This implicitly adjusts the initial 128-bit target for the early deployment phase, considering 100-bit as an intermediate level.
- Third Milestone ("H-star"): By the end of 2026, the full standard requires 128-bit security provable via soundcalc, a maximum proof size of 300 kilobytes, and a formal security argument for the entire recursive structure. At this stage, the challenge shifts from purely technical to focusing on formal methods and cryptographic proofs.
Technical Levers for Blockchain Scalability
The EF highlights several tools to achieve the 128-bit target with proofs under 300 kilobytes. Prominent among these is WHIR, a new Reed–Solomon proximity test that also functions as a multilinear polynomial commitment scheme. WHIR offers transparent, post-quantum security, producing smaller proofs and faster verification compared to traditional FRI schemes at the same security level. Benchmarks at 128-bit show proof sizes are reduced by approximately 1.95 times, while verification is significantly faster than the baseline construction.
The EF also mentions JaggedPCS, a collection of techniques to avoid excessive padding when encoding traces into polynomials, allowing provers to reduce computational waste while maintaining concise commitments. Other techniques include "grinding," which involves brute-force searching the protocol's random space to achieve cheaper or smaller proofs within the security margin, and carefully designed recursive architectures where many small proofs are aggregated into a single final proof with a robust argument.
These increasingly complex polynomial and recursive mathematical techniques are being used to shrink proofs after raising the security level to 128-bit. Independent research like Whirlaway leverages WHIR to build more efficient multilinear STARKs, while other experimental polynomial commitment structures are being developed from data availability schemes. Mathematics is progressing rapidly, but also moving away from assumptions that were considered safe just months ago.
FAQs
Why is the Ethereum Foundation now prioritizing Ethereum security over speed in zkEVM development?
The Ethereum Foundation is shifting focus because while zkEVMs have achieved real-time proving speeds, vulnerabilities have been found in the mathematical foundations of some STARK-based zkEVMs. This pivot emphasizes soundness and aims to prevent potential exploits like token minting or rewriting the Layer 1 state.
What is the 128-bit standard the Ethereum Foundation is targeting, and why is it important for blockchain security?
The 128-bit standard is a security level the Ethereum Foundation aims to achieve for zkEVMs by 2026, aligning with mainstream cryptographic standards. It's important for blockchain security because it represents a level of mathematical robustness considered beyond practical attack capabilities, ensuring long-term system integrity.
How does the Ethereum Foundation's focus on security impact blockchain scalability solutions like zkEVMs?
While speed is still important for blockchain scalability, the Ethereum Foundation's new focus ensures that zkEVMs are built on solid mathematical foundations. This means that achieving high throughput won't come at the expense of Ethereum security, leading to more robust and trustworthy scaling solutions.
You've got the context, now make it count. Act on your knowledge and explore the potential gains at Whales Market, the pre market crypto trading hub.