1 day ago
Thanks to Arantxa Zapico, Benedikt Wagner, and Dmitry Khovratovich from the EF cryptography squad for their contributions, and to Ladislaus, Kev, Alex, and Marius for the cautious reappraisal and feedback.
The zkEVM ecosystem has been sprinting for a year. And it worked! We crossed the decorativeness enactment for real-time proving!
Now comes the adjacent phase: gathering thing mainnet-grade.
From velocity to security
In July, we published a north-star definition for realtime proving. Nine months later, the ecosystem crushed it: proving latency dropped from 16 minutes to 16 seconds, costs collapsed 45×, and zkVMs present beryllium 99% of each Ethereum blocks successful nether 10 seconds connected people hardware.
While the large show bottlenecks person been cleared by the zkEVM teams, information inactive remains the elephant successful the room.
The lawsuit for 128-bit provable security
Many STARK-based zkEVMs contiguous trust connected unproven mathematical conjectures to deed their information targets. Over the past months, STARK information has been going done a lot, with foundational conjectures getting mathematically disproven by researchers. Each conjecture that falls takes bits of information with it: what was advertised arsenic 100 bits mightiness really beryllium 80.
The lone tenable path forward is provable security, and 128 bits remains the target. It's the information level recommended by standardization bodies and validated by real-world computational milestones.
For zkEVMs, this isn't academic. A soundness contented is not similar different information issues. If an attacker tin forge a proof, they tin forge anything: mint tokens from nothing, rewrite state, bargain funds. For an L1 zkEVM securing hundreds of billions of dollars, the information borderline is not negotiable.
Three Milestones
For us, information and impervious size are some critical—but they're besides successful tension. More information typically means larger proofs, and proofs indispensable enactment tiny capable to propagate crossed Ethereum's P2P web reliably and successful time.
We are mounting 3 milestones:
Milestone 1: soundcalc integration Deadline: End of February 2026
To measurement information consistently, we created soundcalc: a instrumentality that estimates zkVM information based connected the latest cryptographic information bounds and impervious strategy parameters. It's a surviving instrumentality and we program to support integrating the latest probe and known attacks.
By this deadline, participating zkEVM teams should person their impervious strategy components and each of their circuits integrated with soundcalc. This gives america a communal crushed for the information assessments that follow. (For reference, spot examples of erstwhile integrations: #1, #2)
Milestone 2: Glamsterdam Deadline: End of May 2026
- 100-bit provable information (as estimated by soundcalc)
- Final impervious size ≤ 600 KiB
- Compact statement of recursion architecture and sketch of its soundness
Milestone 3: H-star Deadline: End of 2026
- 128-bit provable information (as estimated by soundcalc)
- Final impervious size ≤ 300 KiB
- Formal information statement for the soundness of the recursion architecture
Recent cryptographic and engineering advances marque hitting the supra milestones tractable: compact polynomial committedness schemes similar WHIR, techniques similar JaggedPCS, a spot of grinding, and a well-structured recursion topology tin each lend to a viable way forward.
Recursion is peculiarly worthy highlighting. Modern zkEVMs impact galore circuits composed with recursion successful customized ways, with tons of glue successful between. Each squad does it differently. Documenting this architecture and its soundness is indispensable for the information of the full system.
The way forward
There's a strategical crushed to fastener successful connected zkEVM information now.
Securing a moving people is hard. Once teams person deed these targets and zkVM architectures stabilize, the ceremonial verification enactment we've been investing in tin scope its afloat potential. By H-star, we anticipation the impervious strategy furniture volition person mostly settled. Not frozen forever, but unchangeable capable to formally verify captious components, finalize information proofs, and constitute specifications that lucifer deployed code.
This is the instauration that is required to get to unafraid L1 zkEVMs.
Building foundations
A twelvemonth ago, the question was whether zkEVMs could beryllium accelerated enough. That question is answered. The caller question is whether they tin beryllium soundly enough. We are assured they can.
On our end:
- In January, we'll people a station clarifying and formalizing the milestones above.
- We volition travel up with a method station outlining impervious strategy techniques for reaching the information and impervious size targets.
- At the aforesaid time, we volition beryllium updating Ethproofs to bespeak this shift: highlighting information alongside performance.
- We are present to assistance passim this process. Reach retired to the EF cryptography team.
The show sprint is over. Now let's fortify the foundations.
English (US) 