21st December 2025 – (New York) The Ethereum Foundation has unveiled a new roadmap for zero-knowledge Ethereum Virtual Machines (zkEVMs) that puts cryptographic security ahead of further speed gains, defining three major milestones to be met by the end of 2026.
The shift in emphasis comes after a period of rapid performance improvements. zkEVM teams have cut proving times from around 16 minutes to just 16 seconds, while reducing costs by a factor of 45. On target hardware, around 99% of Ethereum blocks can now be proven in under 10 seconds, effectively achieving the industry’s long-held goal of near real-time proving.
Despite this progress, the foundation has warned that security remains the unresolved issue. Many STARK-based zkEVM designs still depend on mathematical assumptions that have not been fully established and that recent research has begun to challenge. The foundation stressed the potential consequences of a fundamental flaw, noting that if an attacker were able to forge a proof, they could mint tokens from nothing, rewrite the state of the chain and steal funds.
To address this, the Ethereum Foundation has mandated 128-bit provable security as the minimum acceptable standard for any zkEVM intended for Ethereum mainnet, in line with recommendations from leading cryptographic standardisation bodies. It has set three staged objectives to reach that benchmark. By the end of February 2026, zkEVM teams must integrate their proof system components with soundcalc, a new tool for estimating concrete security levels, ensuring that claims about security are grounded in measurable parameters. By May 2026, implementations are expected to achieve at least 100-bit provable security with final proof sizes below 600 kilobytes, and teams must provide clear descriptions of their recursion architectures so that reviewers can assess how proofs are constructed and aggregated. The final milestone, set for the end of 2026, requires full 128-bit provable security, proof sizes capped at 300 kilobytes, and formal arguments for the soundness of recursive proof compositions.
George Kadianakis of the foundation’s cryptography team emphasised the importance of securing zkEVM architectures before they become “moving targets”, arguing that once designs stabilise and meet the new thresholds, the formal verification efforts the foundation has been funding will be able to deliver their full value. According to the foundation, recent advances in proof systems have made these targets realistic. New compact polynomial commitment schemes such as WHIR, techniques like JaggedPCS, and improved recursion topologies have significantly enhanced the trade-offs between security, proof size and efficiency. The foundation plans to publish detailed technical articles in January explaining the proof-system strategies needed to meet the new requirements on security levels and proof sizes.
While tightening the technical bar for zkEVMs, Ethereum is also accelerating outreach to institutional users. In October, the foundation launched an “Ethereum for Institutions” portal aimed at enterprises and financial firms seeking to build on Ethereum’s base layer and rollup infrastructure. The portal highlights the network’s operational record, including more than 1.1 million validators and continuous uptime over the past decade, and underscores the importance of privacy-preserving technologies such as zero-knowledge proofs, fully homomorphic encryption and trusted execution environments for regulatory-compliant financial applications. The foundation noted that privacy tools are now operating at scale in production environments, pointing to projects like Chainlink, RAILGUN and Aztec Network as examples.
Ethereum currently hosts over 66% of all tokenised real-world assets, according to data from RWA.xyz, and has become a primary platform for major financial institutions experimenting with tokenisation. Firms such as BlackRock, Securitize and Ondo Finance have deployed tokenised instruments on the network. JPMorgan Chase recently launched its first tokenised money-market fund on Ethereum, seeding the MONY fund with 100 million US dollars and offering it to qualified investors with a minimum investment of 1 million US dollars via its Kinexys Digital Assets platform. John Donohue, head of asset management at JPMorgan, told the Wall Street Journal that there is “a massive amount of interest from clients around tokenization” and said the bank aims to lead the market with on-chain products that mirror traditional money-market funds.
At the same time, core Ethereum figures are increasingly focused on the risks posed by protocol complexity. In a statement on 18 December, co-founder Vitalik Buterin warned that Ethereum’s trustlessness depends not only on decentralisation but also on how many people can genuinely understand the protocol “from top to bottom”. He argued that the ecosystem may need to accept fewer features if doing so materially improves conceptual clarity and accessibility, describing the expansion of technical abstractions as a potential threat to the network’s core guarantees. His concerns reflect a growing tension between ever more sophisticated functionality—especially around Layer 2 systems, advanced proof mechanisms and privacy layers—and the ability of developers and users to grasp how the pieces fit together. Privacy-focused Layer 2 project INTMAX captured the issue by noting that if only a handful of people can understand how a privacy protocol works, trustlessness has not been achieved; trust has simply been redirected to a smaller group of experts.
The Ethereum Foundation has echoed these concerns in its own roadmap materials, acknowledging that the protocol has become too complex for most users. It has outlined plans to make smart contract wallets and account abstraction a central part of the user experience, aiming to simplify gas payments, key management and everyday interactions, and to mask much of the underlying complexity without reducing security.
Alongside its technical and strategic adjustments, the foundation is also rethinking how it funds ecosystem development. In August, it temporarily paused open grant applications under its Ecosystem Support Program, signalling a pivot towards more targeted infrastructure-focused funding after having disbursed nearly 3 million US dollars to 105 projects in 2024. Future grants are expected to concentrate more heavily on core infrastructure, security tooling and other foundational components that directly reinforce Ethereum’s long-term resilience.
Taken together, the new zkEVM security milestones, the renewed emphasis on simplicity and the push for institutional adoption point to a deliberate recalibration of Ethereum’s priorities. The network is aiming to combine high performance with rigorously quantified security, while ensuring that both protocol engineers and large-scale users can navigate an increasingly powerful but inherently complex technological stack.
The post Ethereum Foundation sets strict security roadmap for zkEVMs through 2026 appeared first on Dimsum Daily.
No comments yet.