Ethereum Foundation Mandates 128-Bit Security for zkEVMs; ‘Speed Era’ Ends
The Ethereum Foundation declares the ‘speed race’ over, mandating a strict 128-bit security standard for all zkEVMs by late 2026 to combat deteriorating cryptographic assumptions.
The Pivot to Soundness
The race for faster zero-knowledge proofs is officially over; the race for mathematical certainty has begun. In a blog post released Thursday, the Ethereum Foundation (EF) declared the industry’s “speed run” complete, citing 16-second block proving times, and pivoted to a non-negotiable security baseline. The new directive? All Layer 1-aligned zkEVMs must demonstrate 128-bit provable security by the end of 2026 or risk exclusion from Ethereum’s long-term scaling roadmap.
Ethereum (ETH) held steady at $2,976 (-0.1%) following the announcement, reflecting a market that has already priced in the roadmap’s technical rigor.
“The Math Has Been Breaking”
The EF’s ultimatum stems from a quiet crisis in cryptography: standard STARK parameters are deteriorating. As teams optimized for speed, they relied on “proximity gap” assumptions in hash-based SNARKs that recent research has proven mathematically unsound. The result is a theoretical security margin far thinner than the advertised 100 bits.
“Speed without soundness is a liability,” wrote EF Research Engineer Sophia Gold. “If an attacker can forge a proof, they can forge anything: mint tokens from nothing, rewrite state, steal funds.”
The 2026 Compliance Schedule
The EF laid out a rigid three-phase timeline for rollups and zkEVMs to standardize their cryptographic assumptions via a new tool called soundcalc:
- Feb 2026: All teams must integrate with soundcalc, the EF’s new “common ruler” for standardized bit-security estimates.
- May 2026 (The “Glamsterdam” Milestone): Projects must prove 100-bit security with proof sizes under 600kB.
- Dec 2026 (Milestone “H-star”): The hard ceiling. 128-bit security, <300kB proofs, and a formal security argument for recursion architectures.
Tooling Up: WHIR and JaggedPCS
To meet these constraints without bloating proof sizes, the EF pointed developers toward WHIR, a new polynomial commitment scheme. WHIR offers transparent, post-quantum security with proofs roughly 2x smaller than current FRI-based standards. The roadmap also highlights JaggedPCS, a technique to eliminate padding overhead in trace encoding, and “grinding”—controlled brute-forcing of randomness to shrink proof footprints.
For major L2s, the subtext is clear: the era of proprietary, opaque security claims is ending. Protocols unable to meet the “H-star” standard by late 2026 effectively forfeit their seat at the table for Ethereum’s native settlement layer.
