Ethereum Shifts Focus From Speed to Security With 2026 Roadmap
The Ethereum Foundation has unveiled a new technical roadmap that puts security ahead of speed for its zero-knowledge Ethereum Virtual Machines (zkEVMs), setting three key milestones stretching through the end of 2026.
The shift comes after zkEVM teams made huge performance gains—reducing proving times from 16 minutes to 16 seconds and cutting costs 45-fold—with 99% of Ethereum blocks now provable in under 10 seconds on target hardware.
But despite these achievements, the foundation warns that security remains the “elephant in the room.” Many STARK-based zkEVMs rely on mathematical assumptions that recent research suggests may not always hold. As the foundation explained, “If an attacker can forge a proof, they can forge anything: mint tokens from nothing, rewrite state, steal funds.”
Provable Security Becomes Non-Negotiable
The foundation is now requiring 128-bit provable security as a minimum standard for mainnet-ready zkEVMs. The roadmap lays out three milestones:
By February 2026: zkEVM teams must integrate proof system components with soundcalc, a new security estimation tool.
By May 2026: Achieve 100-bit provable security, with final proof sizes under 600 KB and compact recursion architecture descriptions.
By December 2026: Reach full 128-bit provable security, reduce proof sizes to 300 KB, and provide formal security arguments for recursion soundness.
George Kadianakis from the EF cryptography team emphasized the importance of locking in secure architectures early. “Once teams hit these targets and zkVM architectures stabilize, the formal verification work we’ve been investing in can reach its full potential,” he wrote.
Advances like compact polynomial commitment schemes (WHIR), JaggedPCS, and well-structured recursion topologies make these ambitious goals achievable, according to the foundation. Detailed technical posts on how to meet these requirements are expected in January.
Institutional Adoption and Privacy Focus
While tightening technical standards, Ethereum is also pushing institutional adoption through its new “Ethereum for Institutions” portal, launched in October. The platform helps enterprises and financial firms navigate Ethereum infrastructure, highlighting over 1.1 million validators and a decade of continuous uptime.
The foundation is emphasizing privacy-preserving technologies—zero-knowledge proofs, homomorphic encryption, and trusted execution environments—as critical for compliant institutional applications. Projects like Chainlink, RAILGUN, and Aztec Network are already scaling these solutions in production.
Ethereum now hosts over 66% of tokenized real-world assets. Major players, including BlackRock, Securitize, and Ondo Finance, are actively deploying tokenized instruments. For example, JPMorgan Chase recently launched a $100 million tokenized money-market fund on Ethereum, open to qualified investors via its Kinexys platform.
Simplicity and Accessibility Remain Critical
Amid these advances, Ethereum co-founder Vitalik Buterin has highlighted protocol complexity as a key risk to trustlessness. In a December 18 statement, he stressed that if too few people can fully understand the protocol, it undermines the network’s decentralized nature.
“An important and underrated form of trustlessness is increasing the number of people who can actually understand the whole protocol from top to bottom,” Buterin said.
Layer-2 privacy network INTMAX echoed the concern: “If only five people understand your privacy protocol, you haven’t achieved trustlessness, you’ve just changed who you trust.”
The foundation acknowledged this in its roadmap, noting Ethereum’s complexity and promising smart contract wallets that simplify gas fees and key management. It has also temporarily paused open grant applications for its Ecosystem Support Program, shifting toward more targeted infrastructure funding after distributing nearly $3 million to 105 projects in 2024.
