The Ethereum Foundation (EF) has officially pivoted its Layer 1 zkEVM strategy from speed to strict cryptographic soundness. In a technical roadmap released December 19, the Foundation declared 128-bit provable security a non-negotiable requirement for 2026, citing critical vulnerabilities in existing STARK-based assumptions. Ethereum (ETH) reacted positively, climbing 5% to trade near $2,980.
The End of Bespoke Security Claims
After a year focused on latency, reducing proving times from 16 minutes to just 16 seconds, the EF is slamming the brakes on optimization to address a fundamental risk: the mathematics underpinning some zero-knowledge proofs is cracking.
Recent research has disproven key "proximity gap" conjectures used in STARK-based systems. The result? Systems advertised as having 100-bit security may effectively offer only 80 bits. This degradation forces a hard reset on security standards.
"If an attacker can forge a proof, they can forge anything: mint tokens from nothing, rewrite state, steal funds. For an L1 zkEVM securing hundreds of billions of dollars, the security margin is not negotiable."
The ‘Soundcalc’ Mandate
To eliminate ambiguity, the EF is introducing "soundcalc," an internal tool designed to standardize security estimates based on the latest cryptanalytic bounds. By February 2026, all zkEVM teams must integrate their circuits with this tool. Subjective security claims are out; standardized mathematical verification is in.
The roadmap sets three rigid milestones:
- Feb 2026: Full integration with soundcalc.
- May 2026: Achieve 100-bit provable security with proof sizes under 600 KiB.
- Dec 2026: Reach the 128-bit gold standard with proofs compressed to 300 KiB.
This timeline signals a difficult transition for teams relying on aggressive cryptographic assumptions to chase lower fees. They must now re-engineer their stacks to meet the EF’s benchmarks or risk incompatibility with the future L1 architecture.
