Author: jaehaerys.eth
Compilation: Deep Tide TechFlow
Summary
Ethereum is preparing for its most significant architectural transformation since its inception: replacing the EVM with RISC-V.
The reason is simple— in a zero-knowledge (ZK)-centric future, EVM has become a performance bottleneck:
Current zkEVM relies on interpreters, leading to a performance slowdown of 50–800 times;
Precompiled modules complicate protocols and increase risks;
The 256-bit stack design is extremely inefficient when generating proofs.
The Solution of RISC-V:
Minimalistic Design (about 47 basic instructions) + Mature LLVM Ecosystem (supports languages like Rust, C++, Go);
Has become the de facto standard for zkVM (90% of projects adopted);
Has a formal SAIL specification (in contrast to the ambiguous Yellow Paper) → facilitates strict verification;
Hardware proof paths (ASICs/FPGAs) are already being tested (SP1, Nervos, Cartesi, etc.).
The migration process is divided into three phases:
Replacing RISC-V as a precompiled module (low-risk testing);
The Dual Virtual Machine Era: EVM and RISC-V coexist and fully interoperate;
Reimplementing EVM within RISC-V (Rosetta Strategy).
Ecosystem Impact:
Optimistic Rollups (like Arbitrum and Optimism) will need to rebuild their fraud proof mechanisms;
Zero-Knowledge Rollups (like Polygon, zkSync, Scroll) will gain significant advantages → cheaper, faster, simpler;
Developers will be able to use libraries in languages like Rust, Go, and Python directly at the L1 layer;
Users will enjoy proof costs that are about 100 times lower → leading to Gigagas L1 (around 10,000 TPS).
Ultimately, Ethereum will evolve from a 'smart contract virtual machine' to a minimal, verifiable trust layer of the internet, with the ultimate goal of 'ZK-Snarkifying everything.'
Ethereum's Crossroads
Vitalik Buterin once said, "The endpoint includes... ZK-snarkifying everything."
The endgame of zero-knowledge proofs (ZK) is inevitable, and its core argument is simple: Ethereum is rebuilding itself from the ground up based on zero-knowledge proofs. This marks the technical endpoint of the protocol—achieving its final form through the reconstruction of L1, driven by high-performance zkVM supported by core development teams like Succinct.
With this vision as the endpoint, Ethereum stands at the brink of its most significant architectural transformation since its inception. This discussion is no longer about gradual upgrades but a comprehensive reconstruction of its computational core—replacing the Ethereum Virtual Machine (EVM). This initiative is the cornerstone of the broader 'Lean Ethereum' vision.
The Lean Ethereum vision aims to systematically simplify the entire protocol by breaking it down into three core modules: Lean Consensus, Lean Data, and Lean Execution. Among the critical issues in Lean Execution, the most crucial question is: has the EVM, as the engine driving the smart contract revolution, become the primary bottleneck for Ethereum's future development?
As Ethereum Foundation's Justin Drake stated, the long-term goal of Ethereum has always been to 'snarkify everything,' a powerful tool that can enhance all layers of the protocol. However, for a long time, this goal seemed more like an 'elusive blueprint' because achieving it required the concept of real-time proving. Now, as real-time proving gradually becomes a reality, the theoretical inefficiencies of the EVM have turned into an urgent practical problem.
This article will delve into the technical and strategic arguments for migrating Ethereum L1 to the RISC-V instruction set architecture (ISA). This initiative is expected not only to unleash unprecedented scalability but also to simplify the protocol structure and align Ethereum with the future of verifiable computing.
What has actually changed?
Before discussing 'why,' it is essential to clarify 'what' is changing.
The EVM (Ethereum Virtual Machine) is the runtime environment for Ethereum smart contracts, often referred to as the 'world computer' that processes transactions and updates blockchain states. Over the years, its design has been revolutionary, laying the groundwork for the emergence of decentralized finance (DeFi) and the NFT ecosystem. However, this custom architecture from nearly a decade ago has now accumulated significant technical debt.
In contrast, RISC-V is not a product but an open standard—a free, general-purpose processor design 'alphabet.' As Jeremy Bruestle emphasized at the Ethproofs conference, its key principles make it an excellent choice for this role:
Minimalism: The basic instruction set of RISC-V is extremely simple, containing only about 40 to 47 instructions. As Jeremy stated, this makes it 'almost perfectly suited for the use case of the super minimalist general-purpose machine we need.'
Modular Design: More complex functionalities are added through optional extensions. This feature is crucial because it allows the core to remain simple while expanding functionality based on demand, without imposing unnecessary complexity on the foundational protocol.
Open Ecosystem: RISC-V has extensive and mature toolchain support, including the LLVM compiler, enabling developers to use mainstream programming languages such as Rust, C++, and Go. As Justin Drake mentioned, "The tools around compilers are incredibly rich, and building compilers is extremely difficult... thus, having these compiler toolchains is tremendously valuable." RISC-V allows Ethereum to inherit these ready-made tools for free.
Interpreter Overhead Issue
The reasons for replacing the EVM are not due to any single flaw, but rather the convergence of multiple fundamental limitations that have become impossible to ignore in the zero-knowledge proof-centric future. These limitations include performance bottlenecks in zero-knowledge proof systems and the risks posed by the growing complexity accumulated within the protocol.
Interpreter Overhead Issue
The most urgent driving force behind this transformation is the inherent inefficiency of the EVM in zero-knowledge proof systems. As Ethereum gradually shifts toward a model where L1 states are verified through ZK proofs, prover performance becomes the biggest bottleneck.
The problem lies in the way current zkEVMs operate. They do not directly prove the EVM but instead prove the interpreter of the EVM, which itself is compiled into RISC-V. Vitalik Buterin bluntly pointed out this core issue:
"... If the implementation of the zkVM compiles the execution of the EVM into what ultimately becomes RISC-V code, why not expose the underlying RISC-V directly to smart contract developers? This would completely eliminate the overhead of the entire outer virtual machine."
This additional layer of interpretation brings significant performance losses. Estimates suggest that this layer could lead to a performance drop of 50 to 800 times compared to proving native programs. Even after optimizing other bottlenecks (like switching to the Poseidon hashing algorithm), this portion of 'block execution' will still account for 80-90% of all proof times, making the EVM the ultimate and most challenging obstacle to scaling L1. By removing this layer, Vitalik anticipates that execution efficiency could improve by a factor of 100.
Technical Debt Trap
To compensate for the EVM's performance shortcomings in specific cryptographic operations, Ethereum introduced precompiled contracts—dedicated functionalities hard-coded directly into the protocol. While this solution seemed pragmatic at the time, it has now led to what Vitalik Buterin referred to as a 'bad' situation:
"Precompiles have been disastrous for us... they have greatly inflated Ethereum's trusted codebase... and they have led to several near-consensus failure issues."
The complexity is staggering. Vitalik illustrated that the wrapper code for a single precompiled contract (like modexp) is more complex than the entire RISC-V interpreter, while the logic of precompiled contracts is indeed more cumbersome. Adding new precompiled contracts requires going through a slow and politically contentious hard fork process, severely hindering application innovation that requires new cryptographic primitives. In this regard, Vitalik reaches a clear conclusion:
"I think we should stop adding any new precompiled contracts starting today."
The Architectural Technical Debt of Ethereum
The core design of the EVM reflects the priorities of a bygone era, but it is no longer suitable for modern computing demands. The EVM chose a 256-bit architecture to handle cryptographic values, but this architecture is extremely inefficient for the 32-bit or 64-bit integers commonly used in smart contracts. This inefficiency is particularly costly in ZK systems. As Vitalik explained:
"When using smaller numbers, each number actually saves no resources, while complexity increases two to four times."
Moreover, the stack architecture of the EVM is less efficient than RISC-V and modern CPU register architectures. It requires more instructions to accomplish the same operation, complicating compiler optimizations.
These issues—including the performance bottlenecks of ZK proofs, the complexity of precompiles, and outdated architectural choices—collectively form a compelling and urgent reason: Ethereum must move beyond the EVM and embrace a technology architecture better suited for the future.
RISC-V Blueprint: Reshaping the Future of Ethereum with a Stronger Foundation
The strengths of RISC-V lie not only in the shortcomings of the EVM but also in the inherent power of its design philosophy. Its architecture provides a robust, simple, and verifiable foundation that is well-suited for high-risk environments like Ethereum.
Why are open standards better than custom designs?
Unlike customized instruction set architectures (ISA) that require building an entire software ecosystem from scratch, RISC-V is a mature open standard with three key advantages:
Mature Ecosystem
By adopting RISC-V, Ethereum can leverage decades of collective progress in the field of computer science. As Justin Drake explained, this gives Ethereum the opportunity to directly use world-class tools:
"There is an infrastructure component called LLVM, which is a suite of compiler tools that allows you to compile high-level programming languages into one of several backend targets. One of the supported backends is RISC-V. So if you support RISC-V, you can automatically support all high-level languages that LLVM supports."
This significantly lowers the development barrier, allowing millions of developers familiar with languages like Rust, C++, and Go to easily get started.
The Minimalist Design Philosophy of RISC-V is a deliberate feature rather than a limitation. Its basic instruction set contains only about 47 instructions, keeping the core of the virtual machine exceedingly simple. This simplicity has significant advantages in security, as a smaller trusted codebase is easier to audit and formally verify.
The factual standard in the field of zero-knowledge proofs. More importantly, the zkVM ecosystem has already made its choice. As Justin Drake noted, a clear trend can be seen from Ethproofs data:
"RISC-V is the leading instruction set architecture (ISA) for zkVM backends."
Among the ten zkVMs capable of proving Ethereum blocks, nine have chosen RISC-V as their target architecture. This market convergence sends a strong signal: Ethereum's adoption of RISC-V is not a speculative attempt, but rather an alignment with a standard that has already been validated in practice and recognized by projects building its zero-knowledge future.
Born for Trust, Not Just Execution
In addition to a broad ecosystem, the internal architecture of RISC-V is particularly suitable for building secure and verifiable systems. First, RISC-V has a formalized, machine-readable specification—SAIL. This is a significant advancement compared to the EVM's specification, which mainly exists in written form (the Yellow Paper). The Yellow Paper has some ambiguities, whereas the SAIL specification provides a 'gold standard' capable of supporting critical mathematical correctness proofs, essential for protecting valuable protocols. As Alex Hicks from the Ethereum Foundation (EF) mentioned at the Ethproofs conference, this allows zkVM circuits to directly 'verify against the official RISC-V specification.' Secondly, RISC-V includes a privileged architecture, a feature often overlooked but crucial for security. It defines different levels of operation, primarily including user mode (for untrusted applications like smart contracts) and supervisor mode (for trusted 'execution kernels'). Cartesi's Diego provided an in-depth explanation of this:
"The operating system itself must protect itself from the influence of other code. It needs to isolate different programs from each other, and all these mechanisms are part of the RISC-V standard."
In the architecture of RISC-V, smart contracts running in user mode cannot directly access the blockchain state. Instead, they need to make requests to a trusted kernel running in supervisor mode via a special ECALL (environment call) instruction. This mechanism constructs a security boundary enforced by hardware, which is more robust and easier to verify than the EVM's model that purely relies on software sandboxing.
Vitalik's Vision
This transformation is envisioned as a gradual, multi-phase process to ensure system stability and backward compatibility. As Ethereum founder Vitalik Buterin articulated, this approach aims for 'evolutionary' development rather than radical 'revolutionary' change.
Step One: Precompiled Alternatives
The initial phase adopts the most conservative approach, introducing limited functionality of the new virtual machine (VM). As Vitalik Buterin suggested, "We can start using the new VM in limited scenarios, such as replacing precompiled functions." Specifically, this will pause the addition of new EVM precompiled functions in favor of implementing required functions through RISC-V programs approved via whitelisting. This approach allows the new VM to undergo real-world testing in a low-risk environment on the mainnet, while the Ethereum client acts as an intermediary between the two execution environments.
Step Two: Coexistence of Two Virtual Machines
The next phase will 'open the new VM directly to users.' Smart contracts can indicate whether their bytecode is EVM or RISC-V through tags. A key feature is achieving seamless interoperability: 'Two types of contracts can call each other.' This functionality will be realized through system calls (ECALL), enabling the two virtual machines to collaborate within the same ecosystem.
Step Three: EVM as a Simulated Contract ('Rosetta' Strategy)
The ultimate goal is to achieve extreme simplification of the protocol. At this stage, 'we will implement the EVM as one version in the new VM.' The standardized EVM will become a formally verified smart contract running on native RISC-V L1. This not only ensures permanent support for old applications but also allows client developers to maintain a simplified execution engine, significantly reducing complexity and maintenance costs.
Ripple Effect in the Ecosystem
The transition from EVM to RISC-V is not just a transformation of the core protocol; it will have profound implications for the entire Ethereum ecosystem. This transformation will not only reshape the developer experience but fundamentally change the competitive landscape of Layer-2 solutions and unlock new economic validation models.
The Repositioning of Rollups: The Duel of Optimistic and ZK
Adopting a RISC-V execution layer at the L1 level will have dramatically different impacts on the two main types of Rollups.
Optimistic Rollups (like Arbitrum, Optimism) face architectural challenges. Their security model relies on re-executing disputed transactions via L1 EVM to resolve fraud proofs. If the EVM at L1 is replaced, this model will completely collapse. These projects will face tough choices: either undergo massive engineering overhauls to design a fraud-proof system tailored for the new L1 VM or completely detach from Ethereum's security model.
In contrast, ZK Rollups will gain significant strategic advantages. The vast majority of ZK Rollups have already adopted RISC-V as their internal instruction set architecture (ISA). An L1 that 'speaks the same language' will enable tighter and more efficient integration. Justin Drake proposed the future vision of 'native Rollups': L2 effectively becomes a specialized instance of L1's own execution environment, utilizing L1’s built-in VM for seamless settlement. This alignment will bring about the following changes:
Technical Stack Simplification: L2 teams will no longer need to build complex bridging mechanisms between the internal RISC-V execution environment and the EVM.
Tools and code reuse: Compilers, debuggers, and formal verification tools developed for the L1 RISC-V environment can be directly used by L2, significantly lowering development costs.
Economic incentive alignment: The Gas fees of L1 will more accurately reflect the actual costs of ZK verification based on RISC-V, forming a more reasonable economic model.
A New Era for Developers and Users
For Ethereum developers, this transformation will be gradual rather than disruptive.
For developers, they will gain access to a broader and more mature software development ecosystem. As Vitalik Buterin pointed out, developers will be able to "write contracts in Rust, while these options can coexist." Meanwhile, he predicts that "Solidity and Vyper will continue to be popular for their elegant design in smart contract logic for a long time." This shift will be revolutionary, as it allows mainstream programming languages and their vast library resources to be used through the LLVM toolchain. Vitalik likens it to a 'NodeJS-like experience,' where developers can write on-chain and off-chain code in the same language, achieving integration in development.
For users, this transformation will ultimately bring lower costs and higher performance network experiences. It is expected that proof costs will be reduced by about 100 times, from several dollars per transaction to just a few cents or even less. This directly translates to lower L1 fees and L2 settlement costs. This economic feasibility will unlock the vision of 'Gigagas L1,' aiming for performance of about 10,000 TPS, paving the way for more complex and higher-value on-chain applications in the future.
Succinct Labs and SP1: Building Proof of the Future Now
Ethereum is poised for a major shift. 'Scaling L1, scaling blocks' is a strategic imperative within the EF protocol cluster. Significant performance improvements are expected in the next 6 to 12 months.
https://blog.ethereum.org/2025/07/31/lean-ethereum
Teams like Succinct Labs have already demonstrated the theoretical advantages of RISC-V in practice, and their work serves as a powerful case for validating this proposal.
SP1 developed by Succinct Labs is a high-performance, open-source zkVM based on RISC-V, validating the feasibility of the new architectural approach. SP1 adopts a 'precompile-centric' philosophy, perfectly addressing the cryptographic bottleneck issues of the EVM. Unlike traditional methods that rely on slow, hard-coded precompiles, SP1 offloads intensive operations like Keccak hashing to specially designed, manually optimized ZK circuits, invoked through standard ECALL instructions. This approach combines the performance of custom hardware with the flexibility of software, providing developers with a more efficient and scalable solution.
The practical impact of Succinct Labs has already become apparent. Their OP Succinct product empowers Optimistic Rollups with zero-knowledge proof capabilities (ZK-ify). As Succinct co-founder Uma Roy explained:
"With Rollups using OP Stack, there's no longer a need to wait seven days for final confirmation and withdrawals... now it only takes an hour to complete confirmation. This speed increase is fantastic."
This breakthrough solves a key pain point for the entire OP Stack ecosystem. Additionally, Succinct's infrastructure—the Succinct Prover Network—is designed as a decentralized proof generation market, showcasing a viable economic model for the future of verifiable computing. Their work is not only a proof of concept but also a practical blueprint for the future, as described in this article.
How Ethereum Reduces Risk
One major advantage of RISC-V is that it makes the holy grail of formal verification—proving the correctness of systems through mathematics—an achievable goal. The specification for the EVM is written in natural language in the Yellow Paper, making formalization difficult. In contrast, RISC-V has an official, machine-readable SAIL specification that provides a clear 'golden reference' for its behavior.
This paves the way for stronger security. As Ethereum Foundation's Alex Hicks pointed out, work is already underway to 'formalize verify zkVM RISC-V circuits against the official RISC-V specification.' This is a milestone achievement that shifts trust from error-prone human implementations to verifiable mathematical proofs, opening new heights for blockchain security.
The Main Risks of Transformation
Although the L1 of the RISC-V architecture has many advantages, it also brings new complex challenges.
Gas Measurement Issues
Creating a deterministic and fair Gas model for general-purpose instruction set architectures (ISA) is an unresolved challenge. Simple instruction counting methods are vulnerable to denial-of-service attacks. For example, an attacker could design a program that repeatedly triggers cache misses, leading to high resource consumption at very low Gas costs. This issue poses serious challenges to network stability and economic models.
Toolchain Security and the 'Reproducible Builds' Issue
This is the most significant and often underestimated risk in the transformation process. The security model shifts from relying on the on-chain virtual machine to depending on off-chain compilers (like LLVM), which are highly complex and known to contain vulnerabilities. Attackers may exploit compiler vulnerabilities to convert seemingly harmless source code into malicious bytecode. Furthermore, ensuring that the on-chain compiled binaries are completely identical to the public source code—the 'reproducible builds' issue—is also extremely challenging. Minor differences in the build environment can lead to different binaries being generated, impacting transparency and trust. These issues pose serious tests to the security of developers and users.
Mitigation strategies
The path forward requires multi-layered defense strategies.
Phased Rollout
Adopting a gradual, multi-phase transition plan is a core strategy for managing risk. By initially introducing RISC-V as a precompiled alternative and then running in a dual virtual machine environment, the community can gain operational experience and build confidence in a low-risk setting, avoiding any irreversible changes. This incremental approach provides a stable foundation for the technical transformation.
Comprehensive Audit: Fuzz Testing and Formal Verification
Although formal verification is the ultimate goal, it must be combined with continuous, high-intensity testing. As Diligence Security's Valentine demonstrated in the Ethproofs conference call, their Argus fuzz testing tool has already uncovered 11 critical soundness and integrity vulnerabilities in leading zkVMs. This indicates that even the most well-designed systems may have vulnerabilities that can only be discovered through rigorous adversarial testing. The combination of fuzz testing and formal verification provides stronger assurances of system security.
Standardization
To avoid fragmentation of the ecosystem, the community needs to unify around a single, standardized RISC-V configuration. This may be the RV64GC combined with a Linux-compatible ABI, as this combination has the broadest support in mainstream programming languages and tools, maximizing the advantages of the new ecosystem. Standardization will not only enhance developer efficiency but also lay a solid foundation for the long-term growth of the ecosystem.
Ethereum's Verifiable Future
The proposal to replace the Ethereum Virtual Machine (EVM) with RISC-V is not just a gradual upgrade, but a fundamental reconstruction of Ethereum's execution layer. This ambitious vision aims to address deep-seated scalability bottlenecks, simplify protocol complexity, and align the platform with a broader ecosystem of general-purpose computing. Despite facing significant technical and social challenges, the long-term strategic benefits are substantial enough to justify this bold endeavor.
This transformation focuses on a series of core trade-offs:
The balance between the significant performance gains of a ZK-native architecture and the urgent need for backward compatibility;
The trade-off between the security advantages of a simplified protocol and the inertia of the EVM's vast network effects;
The powerful capabilities of a general ecosystem versus the risks of relying on complex third-party toolchains.
Ultimately, this architectural transformation will be key to realizing the commitment to 'Lean Execution' and will be an important part of the 'Lean Ethereum' vision. It will transform Ethereum's L1 from a simple smart contract platform into an efficient and secure settlement and data availability layer, specifically designed to support a vast universe of verifiable computing.
As Vitalik Buterin said, "The endpoint is... providing ZK-snarks for everything."
Projects like Ethproofs provide objective data and collaboration platforms for this transformation, while the Succinct Labs team provides an actionable blueprint for this future through the practical application of their SP1 zkVM. By embracing RISC-V, Ethereum not only addresses its scalability bottlenecks but positions itself as the foundational trust layer of the next generation of the internet—driven by the third major cryptographic primitive SNARK after hashes and signatures.
Proving the software of the world, ushering in a new era of cryptography.
Learn More:
Vitalik's Interpretation: Click to Watch
ETHProofs Fourth Discussion: Click to Watch