The Ethereum Foundation has established a new technical roadmap that prioritizes security over speed for zero-knowledge Ethereum virtual machines (zkEVM), establishing three critical milestones that will extend until the end of 2026.
The change comes after zkEVM teams successfully reduced proofing times from 16 minutes to 16 seconds while reducing costs 45x, with 99% of Ethereum blocks now provable in less than 10 seconds on target hardware.
Despite these performance gains, the foundation warned that security remains “the elephant in the room”, and many STARK-based zkEVMs are based on unproven mathematical guesses that recent research has begun to disprove.
“If an attacker can fake a proof, they can fake anything: mint tokens out of thin air, rewrite state, steal funds,”the foundation stated in a December 18 publication.
zkEVMs crushed the 2025 boss: real-time test
Boss 2026: 128-bit provable security
New blog post on the next level for Ethereum zkEVMs: three milestones paving the way to mainnet-level zkEVMs L1. https://t.co/mueR1JWW6c
Game on.—George Kadianakis (@asn_d6) December 19, 2025
Demonstrable security becomes a non-negotiable standard
The foundation established 128-bit provable security as a mandatory target for corenet-level zkEVMs, aligning with standards recommended by cryptographic standardization bodies.
The first milestone requires zkEVM teams to integrate their test system components with soundcalc, a newly created security estimation tool, by the end of February 2026.
By May 2026, teams must achieve provable 100-bit security with final test sizes less than 600 kilobytes while providing compact descriptions of their recursive architecture.
The final milestone requires provable 128-bit security, with test sizes limited to 300 kilobytes and formal security arguments for robustness of recursion by the end of 2026.
George Kadianakis of the EF crypto team emphasized the strategic timing of securing zkEVM architectures before they become moving targets.
“Once the teams have achieved these goals and the zkVM architectures stabilize, the formal verification work we have been investing in can reach its full potential.“, wrote.
Recent cryptographic advances, including compact polynomial commitment schemes like WHIR, techniques like JaggedPCS, and well-structured recursion topologies, now make these ambitious security goals achievable.
The foundation plans to publish detailed technical publications in January that describe test system techniques to achieve test size and security requirements.
Foundation Expands Institutional Adoption Drive
While tightening technical standards, Ethereum has simultaneously accelerated institutional outreach through its new “Ethereum for institutions”portal launched in October.
The platform guides businesses and financial institutions building on Ethereum infrastructure, highlighting the network’s decade-long reliability with over 1.1 million validators and continuous uptime.
The foundation emphasized that privacy-preserving technologies, including zero-knowledge proofs, fully homomorphic encryption, and trusted execution environments, are essential for institutional applications to remain compliant.
“Privacy solutions are no longer theoretical: they are live and scaling into production.”the foundation noted, pointing to projects such as Chainlink, RAILGUN and Aztec Network.
Ethereum currently hosts over 66% of all real-world tokenized assets according to RWA.xyz, and major financial firms including BlackRock, Securitize, and Ondo Finance deploy tokenized instruments.
JPMorgan Chase recently launched its first tokenized money market fund on Ethereum, endowing the MONY fund with $100 million and opening it to qualified investors with minimum investments of $1 million through its Kinexys Digital Assets platform.
The bank’s head of asset management, John Donohue, told the Wall Street Journal that there are “A lot of customer interest around tokenization.”, adding that JPMorgan hopes to lead the space with product offerings that match traditional money market funds on blockchain.
The challenge of simplicity emerges as a critical priority
A few days ago, co-founder Vitalik Buterin identified the protocol’s complexity as a fundamental threat to Ethereum’s lack of trust in a December 18 statement.
“An important and underrated form of lack of trust is the increase in the number of people who can actually understand the entire protocol from top to bottom.”Buterin wrote, arguing that the ecosystem should accept fewer features if necessary to improve understanding.
@VitalikButerin He says that Ethereum’s lack of trust depends not only on decentralization, but on how many people can understand the protocol.#Ethereum #Buterinhttps://t.co/mIcGdixX8Z
– Criptonoticias.com (@cryptonews) December 18, 2025
The concern arose from the growing tension between advanced functionality and accessibility as Ethereum’s technical abstractions multiply.
“If only five people can understand how your privacy protocol works, you haven’t achieved trustlessness, you’ve simply changed who you trust.” stated INTMAX, privacy-focused Layer 2 network.
The foundation acknowledged these challenges in its roadmap and described Ethereum as “too complex”for most users, while outlining plans for smart contract wallets that simplify gas fees and key management.
Meanwhile, the foundation temporarily suspended open grant applications for its Ecosystem Support Program in August, citing plans to shift toward more targeted infrastructure funding after awarding nearly $3 million to 105 projects in 2024 alone.
The post Ethereum shifts focus from speed to security with new 2026 deadline appeared first on Criptonoticias.
