After achieving remarkable performance gains over the past year, the Foundation has set three critical security milestones that zkEVM teams must meet by the end of 2026.
Performance Goals Achieved, Security Concerns Emerge
Over the past year, zkEVM development teams accomplished impressive speed improvements. Proving time for Ethereum blocks dropped from 16 minutes to just 16 seconds—a 60-fold improvement. Costs fell by 45 times, and 99% of Ethereum blocks can now be proven in under 10 seconds on target hardware.
However, these performance wins masked a serious problem. Many STARK-based zkEVMs rely on mathematical assumptions that have not been proven. Recent research revealed that some of these foundational conjectures were actually incorrect. Systems claiming 100-bit security might actually provide only 80 bits of protection after these mathematical failures.
Source: @asn_d6
The Ethereum Foundation made clear why this matters: “If an attacker can forge a proof, they can forge anything: mint tokens from nothing, rewrite state, steal funds.” For a system that could secure hundreds of billions of dollars, security cannot be negotiable.
Three Critical Milestones for 2026
The Foundation established a clear roadmap with three deadlines throughout 2026.
Milestone One arrives at the end of February 2026. All zkEVM teams must integrate their proof systems with soundcalc, a new Ethereum Foundation tool that measures security based on current cryptographic research. Instead of each team using different security assumptions, soundcalc provides a common standard that updates as new attacks are discovered.
Milestone Two, called “Glamsterdam,” has a deadline of May 2026. Teams must achieve 100-bit provable security through soundcalc testing. Final proofs must stay under 600 kilobytes in size. Teams also need to provide clear documentation explaining how their recursion architecture works and why it should be secure.
Milestone Three, named “H-star,” represents the final goal by the end of 2026. This requires full 128-bit provable security, proof sizes under 300 kilobytes, and formal mathematical arguments proving the recursion architecture is sound. This 128-bit standard aligns with recommendations from cryptographic standardization bodies and represents industry-standard security for systems handling large amounts of value.
What Went Wrong With Current Security
The security problems stem from reliance on unproven mathematical conjectures. Many zkEVM systems used assumptions called “proximity gap” conjectures in their hash-based SNARK and STARK systems. These conjectures essentially said certain mathematical properties would hold true under specific conditions.
Recent academic research disproved these conjectures, showing they don’t actually work in all the parameter ranges where zkEVM teams were using them. This knocked down the effective security level of systems depending on these assumptions.
George Kadianakis from the Ethereum Foundation’s cryptography team explained the shift: “A year ago, the question was whether zkEVMs could prove fast enough. That question is answered. The new question is whether they can prove soundly enough.”
Technical Solutions Making Progress Possible
The Foundation identified several cryptographic advances that make these ambitious security targets achievable.
WHIR represents a new Reed-Solomon proximity test and polynomial commitment scheme. At 128-bit security, WHIR produces proofs about 1.95 times smaller than older methods, with verification running several times faster. It offers transparent, post-quantum security without requiring trusted setup ceremonies.
JaggedPCS provides techniques for avoiding wasted computational work when encoding data as polynomials. This lets provers create smaller commitments more efficiently.
Well-structured recursion topologies allow many smaller proofs to be aggregated into a single final proof. However, each zkEVM team implements recursion differently with custom code connecting various circuits. Documenting these architectures and proving they work correctly is essential but challenging.
Strategic Timing and Formal Verification
The Foundation chose to focus on security now for a specific reason. Once zkEVM architectures stabilize and teams meet these security targets, formal verification work can reach its full potential. The Ethereum Foundation has been investing in formal verification through projects like Verified-zkEVM.
“By H-star, we hope the proof system layer will have mostly settled,” Kadianakis wrote. “Not frozen forever, but stable enough to formally verify critical components, finalize security proofs, and write specifications that match deployed code.”
This stability is necessary before zkEVMs can be trusted as Layer 1 infrastructure. If these systems achieve both fast proving and provable 128-bit security with small proof sizes, Layer 2 rollups could reuse the same technology. Ethereum could potentially increase gas limits without forcing validators to re-execute every transaction—they would just verify small proofs instead.
Institutional Adoption and Broader Context
While tightening security requirements, Ethereum has simultaneously accelerated institutional outreach. In October 2025, the Foundation launched an “Ethereum for Institutions” portal highlighting the network’s 1.1 million validators and decade of continuous uptime.
Ethereum currently hosts over 66% of all tokenized real-world assets, with major financial institutions like BlackRock, Securitize, and Ondo Finance deploying tokenized instruments on the network. JPMorgan Chase recently launched its first tokenized money-market fund on Ethereum with $100 million in initial capital.
The Foundation emphasized that privacy-preserving technologies including zero-knowledge proofs, fully homomorphic encryption, and trusted execution environments are now operating at production scale through projects like Chainlink, RAILGUN, and Aztec Network.
However, co-founder Vitalik Buterin also identified protocol complexity as a fundamental challenge. On December 18, he stated: “An important and underrated form of trustlessness is increasing the number of people who can actually understand the whole protocol from top to bottom.”
The Road Ahead
Whether all major zkEVM teams—including Polygon, Scroll, zkSync, and others—will successfully meet these milestones remains uncertain. Achieving 128-bit provable security while maintaining proof sizes under 300 kilobytes and keeping costs reasonable represents a significant challenge.
The security landscape continues evolving. Soundcalc exists because STARK and hash-based SNARK security parameters keep changing as researchers discover new attacks and disprove old assumptions. Today’s “100-bit” settings may require revision as cryptographic research progresses.
In January 2026, the Ethereum Foundation plans to publish additional posts formalizing these milestones and detailing specific proof system techniques for reaching the targets. The Ethproofs website will also update to highlight security alongside performance metrics.
The EF cryptography team will support zkEVM teams throughout this process, integrating the latest security research into soundcalc as it develops.
From Sprint to Marathon
The performance sprint is over, and the security race has begun. After a year focused on speed, Ethereum’s zkEVM ecosystem now faces the harder challenge of building systems secure enough to handle hundreds of billions of dollars in value. The three 2026 milestones provide a clear roadmap, but achieving provable security at this scale represents uncharted territory for the blockchain industry.