The Evolution of the zkEVM Ecosystem: A Year of Performance Optimization and Security Challenges
The zkEVM ecosystem has undergone a transformative year marked by significant advancements in latency reduction, where the proving time for an Ethereum block has dramatically decreased from 16 minutes to a mere 16 seconds. This enhancement has been accompanied by a staggering 45-fold reduction in costs, with participating zkVMs achieving the capability to prove 99% of mainnet blocks in under 10 seconds, utilizing targeted hardware specifications.
On December 18, the Ethereum Foundation (EF) publicly declared a milestone achievement: the operational viability of real-time proving. With performance bottlenecks effectively mitigated, attention must now shift to the critical domain of soundness—where speed devoid of robust mathematical foundations becomes a precarious liability rather than an asset. Alarmingly, the mathematical underpinnings of several STARK-based zkEVMs have exhibited signs of deterioration over recent months.
Setting Performance Benchmarks: The July Announcement
In July, the EF established a formal benchmark for “real-time proving” that encompassed various parameters: latency, hardware capabilities, energy consumption, system openness, and security. The objective was to ensure that at least 99% of mainnet blocks could be proven within a timeframe of 10 seconds on hardware with an approximate cost of $100,000 operating under a power constraint of 10 kilowatts. Furthermore, these systems were required to adhere to fully open-source principles and maintain 128-bit security standards, with proof sizes capped at or below 300 kilobytes.
The December 18 announcement claims that these performance targets have been successfully met, as validated by measurements obtained from the EthProofs benchmarking site.
Defining Real-Time Proving Standards
The term “real-time” is contextualized within the framework of Ethereum’s 12-second slot time, which allows for approximately 1.5 seconds allocated for block propagation. The established standard asserts that proofs must be generated expeditiously enough for validators to verify them without compromising network liveness.
As the EF transitions its focus from throughput to soundness, this pivot carries substantial implications. Numerous STARK-based zkEVMs have relied on unverified mathematical conjectures to uphold their claimed security levels. Recent developments have revealed vulnerabilities in some of these conjectures—most notably the “proximity gap” assumptions leveraged in hash-based SNARK and STARK low-degree tests—thereby diminishing the effective bit-security associated with parameter sets contingent upon them.
The EF has made it unequivocal that the only acceptable endpoint for Layer 1 (L1) applications is “provable security,” rather than security predicated on unverified conjectures.
Strategic Roadmap: Three Milestones Toward Enhanced Security
The EF has delineated a clear roadmap comprising three definitive milestones that must be achieved in succession:
Milestone One: Integration with SoundCalc by February 2026
By the end of February 2026, every zkEVM development team is mandated to integrate their proof systems and circuits into “SoundCalc,” a tool curated by the EF designed to calculate security estimates based on contemporary cryptanalytic boundaries and specific parameters of each scheme. This strategy promotes uniformity in evaluating bit security across different teams, eliminating idiosyncratic assumptions and establishing SoundCalc as an authoritative metric that can evolve as new cryptographic attacks are identified.
Milestone Two: Achieving Minimum Provable Security by May 2026
The second milestone, referred to as “Glamsterdam,” requires that by the end of May 2026, all zkEVM teams achieve a minimum threshold of provable security at no less than 100 bits as assessed by SoundCalc. Additionally, final proofs must not exceed 600 kilobytes in size and each team must submit a concise public explanation detailing their recursion architecture alongside justifications for its soundness. It is worth noting that this milestone represents a strategic recalibration from the initially stipulated requirement of 128-bit security for early deployments.
Milestone Three: Full Compliance with Security Standards by December 2026
The final milestone, termed “H-star,” is targeted for completion by December 2026 and aims for full compliance with a standard of provable security at 128 bits via SoundCalc. This goal necessitates proof sizes at or below 300 kilobytes and demands formal arguments substantiating the soundness of recursion architectures. At this juncture, the emphasis shifts from engineering execution to rigorous formal methods and comprehensive cryptographic proofs.
Technical Mechanisms Facilitating Security Objectives
To realize the ambitious targets associated with achieving 128-bit security while maintaining proof sizes below 300 kilobytes, the EF has identified several technical tools designed to enhance feasibility:
WHIR: A Novel Proximity Test
The introduction of WHIR—a Reed-Solomon proximity test that concurrently functions as a multilinear polynomial commitment scheme—is noteworthy. WHIR provides transparent post-quantum security while generating proofs that are significantly smaller and enable faster verification compared to traditional FRI-style schemes operating at equivalent security levels. Preliminary benchmarks indicate that proofs produced under WHIR are approximately 1.95 times smaller than baseline constructions while verification times are markedly reduced.
JaggedPCS and Other Techniques
The EF also highlights “JaggedPCS,” which aims to mitigate excessive padding during trace encoding as polynomials. This technique allows provers to optimize their computational efforts while still producing succinct commitments. Other methodologies referenced include:
– **Grinding:** A process involving brute-force searches over protocol randomness to discover more efficient proofs without compromising soundness.
– **Well-Structured Recursion Topology:** A layered approach wherein multiple smaller proofs are aggregated into a single final proof while maintaining rigorously argued soundness.
Implications and Open Questions Moving Forward
If zkEVM proofs can consistently be generated within the stipulated timeframe of ten seconds while adhering to size constraints under 300 kilobytes, Ethereum could feasibly increase its gas limit without necessitating validators to re-execute each transaction sequentially. Instead, validators would only need to verify compact proofs, thereby allowing block capacity expansion while sustaining realistic home-staking operations.
– This synergy between substantial security margins and compact proofs enhances the credibility of an “L1 zkEVM” as a viable settlement layer.
– Should these proofs achieve both rapid generation and demonstrable security at the level of 128 bits, Layer 2 (L2) solutions and zk-rollups would be empowered to leverage identical infrastructure through precompiles.
However, it is imperative to acknowledge that real-time proving remains an off-chain benchmark rather than an established on-chain reality. The captivating latency and cost metrics currently stem from curated hardware configurations and workloads provided by EthProofs.
– A significant gap persists between this benchmark and practical deployment across thousands of independent validators operating these provers in localized environments.
The evolving narrative surrounding security parameters presents additional complexities; recent revelations have prompted reevaluations of what constitutes “definitely safe,” “conjecturally safe,” and “definitely unsafe” parameter regimes. Consequently, it remains uncertain whether all principal zkEVM teams can achieve the requisite standards for provable security by May 2026 or December 2026 while concurrently adhering to specified proof size constraints.
The most formidable challenges may not solely reside in mathematical complexities or computational resources but also in formalizing and auditing comprehensive recursion architectures. The EF acknowledges that various zkEVM implementations often involve extensive collections of circuits interspersed with significant “glue code,” necessitating meticulous documentation and soundness verification across bespoke stacks.
This scenario creates an expansive opportunity for projects such as Verified-zkEVM and formal verification frameworks—although these initiatives remain nascent and exhibit variability across ecosystems.
A year ago, the prevailing inquiry focused on whether zkEVMs could achieve sufficient speed; this question has now been satisfactorily resolved. The emergent concern pivots towards whether these systems can consistently provide soundness at security levels impervious to conjectural vulnerabilities while ensuring proofs remain sufficiently compact for effective dissemination across Ethereum’s peer-to-peer network.
As we conclude this performance sprint, it becomes increasingly evident that we are only at the commencement of a critical race toward establishing robust security frameworks capable of underpinning substantial financial ecosystems.
