The Ethereum Foundation has set a new technical roadmap prioritizing security over speed for zero-knowledge Ethereum Virtual Machines (zkEVMs), establishing three critical milestones stretching through the end of 2026.
The shift comes after zkEVM teams successfully reduced proving times from 16 minutes to 16 seconds while cutting costs by 45 times, with 99% of Ethereum blocks now provable in under 10 seconds on target hardware.
Despite these performance achievements, the foundation warned that security remains “the elephant in the room,” with many STARK-based zkEVMs relying on unproven mathematical conjectures that recent research has begun to disprove.
“If an attacker can forge a proof, they can forge anything: mint tokens from nothing, rewrite state, steal funds,” the foundation stated in a December 18 post.
Provable Security Becomes Non-Negotiable Standard
The foundation established 128-bit provable security as the mandatory target for mainnet-grade zkEVMs, aligning with standards recommended by cryptographic standardization bodies.
The first milestone requires zkEVM teams to integrate their proof system components with soundcalc, a newly created security estimation tool, by the end of February 2026.
By May 2026, teams must achieve 100-bit provable security with final proof sizes under 600 kilobytes while providing compact descriptions of their recursion architecture.
The final milestone requires 128-bit provable security, with proof sizes limited to 300 kilobytes, and formal security arguments for recursion soundness by year-end 2026.
George Kadianakis from the EF cryptography team emphasized the strategic timing of securing zkEVM architectures before they become moving targets.
“Once teams have hit these targets and zkVM architectures stabilize, the formal verification work we’ve been investing in can reach its full potential,” he wrote.
Recent cryptographic advances, including compact polynomial commitment schemes like WHIR, techniques such as JaggedPCS, and well-structured recursion topologies, now make these ambitious security targets achievable.
The foundation plans to publish detailed technical posts in January outlining proof system techniques for reaching the security and proof size requirements.
Foundation Expands Institutional Adoption Push
While tightening technical standards, Ethereum has simultaneously accelerated institutional outreach through its new “Ethereum for Institutions” portal launched in October.
The platform guides enterprises and financial institutions building on Ethereum’s infrastructure, highlighting the network’s decade-long reliability with over 1.1 million validators and continuous uptime.
The foundation emphasized privacy-preserving technologies, including zero-knowledge proofs, fully homomorphic encryption, and trusted execution environments, as essential for compliant institutional applications.
“Privacy solutions are no longer theoretical — they’re live and scaling in production,” the foundation noted, pointing to projects like Chainlink, RAILGUN, and Aztec Network.
Ethereum currently hosts over 66% of all tokenized real-world assets according to RWA.xyz, with major financial firms including BlackRock, Securitize, and Ondo Finance deploying tokenized instruments.
Source: RWA.xyzJPMorgan Chase recently launched its first tokenized money-market fund on Ethereum, seeding the MONY fund with $100 million and opening it to qualified investors with minimum investments of $1 million through its Kinexys Digital Assets platform.
The bank’s asset management head, John Donohue, told the Wall Street Journal there is “a massive amount of interest from clients around tokenization,” adding that JPMorgan expects to lead the space with product offerings that match traditional money-market funds on the blockchain.
Simplicity Challenge Emerges as Critical Priority
A few days ago, Co-founder Vitalik Buterin identified protocol complexity as a fundamental threat to Ethereum’s trustlessness in a December 18 statement.
“An important and underrated form of trustlessness is increasing the number of people who can actually understand the whole protocol from top to bottom,” Buterin wrote, arguing the ecosystem should accept fewer features if necessary to improve understanding.
The concern resulted from the growing tension between advanced functionality and accessibility as Ethereum’s technical abstractions multiply.
“If only five people can understand how your privacy protocol works, you haven’t achieved trustlessness, you’ve just changed who you trust,” privacy-focused layer-2 network INTMAX stated.
The foundation acknowledged these challenges in its roadmap, describing Ethereum as “too complex” for most users while outlining plans for smart contract wallets that simplify gas fees and key management.
Meanwhile, the foundation temporarily paused open grant applications for its Ecosystem Support Program in August, citing plans to shift toward more targeted infrastructure funding after awarding nearly $3 million to 105 projects in 2024 alone.
The post Ethereum Shifts Focus From Speed to Security With New 2026 Deadline appeared first on Cryptonews.
