The Security Standard: ETH Foundation Mandates 128-Bit Pivot by 2026

In a significant shift in technical strategy, the ETH Foundation (EF) officially announced on December 18, 2025, that it is pivoting its primary focus from “pursuing speed” to “ensuring security.” This strategic recalibration, articulated by EF cryptography researcher George Kadianakis, establishes a rigorous new roadmap for zero-knowledge ETH Virtual Machines (zkEVMs). The Foundation is now mandating a 128-bit provable security standard—the recognized global benchmark for cryptographic strength—to be fully implemented across the ecosystem by the end of 2026. This move acknowledges that while the “speed race” of 2025 successfully reduced proving times from 16 minutes to 16 seconds, it also introduced systemic risks by relying on unproven mathematical conjectures that recent research has begun to challenge.

The Three Milestones of the “Security Sprint”

The Foundation has outlined a three-phase execution plan designed to harden the network against potential state forgery and sophisticated cryptographic attacks. The first milestone, set for February 2026, requires all zkEVM teams to integrate their proof systems with Soundcalc, a newly released EF tool that provides a unified, objective measure of cryptographic strength. This replaces the current fragmented landscape where diverse teams use varying, often opaque, security assumptions.

The second phase, coinciding with the “Glamsterdam” network upgrade in May 2026, mandates that teams achieve at least 100-bit provable security while maintaining final proof sizes under 600 kilobytes. The final objective, titled “H-star,” requires the full 128-bit standard by the end of 2026. This stage also demands formal mathematical arguments proving the soundness of “recursion” architectures—the complex process where proofs are stacked on top of one another to save space. By reaching this level, ETH aims to ensure that an attacker would need  operations to forge a proof, effectively making the network a “digital fortress” for the trillions in real-world assets it is expected to host.

Institutional Trust and the Simplicity Challenge

This pivot is explicitly designed to satisfy the rigorous compliance and risk-management demands of global financial institutions. The Foundation warned that if an attacker can forge a single proof, they could theoretically mint tokens from nothing or rewrite the chain’s state—a risk that becomes unacceptable as ETH matures into a global settlement layer. Co-founder Vitalik Buterin added a philosophical dimension to this shift, identifying “protocol complexity” as a fundamental threat to decentralization.

In a statement on December 18, Buterin emphasized that true trustlessness requires a protocol simple enough for a wide range of individuals to understand and verify. He argued that the ecosystem should be willing to sacrifice certain features if it means the core system can be end-to-end understood. By prioritizing ironclad security and architectural simplicity over experimental performance gains, ETH is positioning itself as the most reliable, “enterprise-ready” infrastructure for the next decade of finance, clahead distinguishing its path from higher-throughput rivals like Solana.