Original title: Goodbye EVM, Hello RISC-V
Original author: jaehaerys.eth, crypto researcher
Original compilation: Deep Tide TechFlow
Summary
Ethereum is preparing for the most significant architectural transformation since its inception: replacing the EVM with RISC-V.
The reason is simple—in a future centered on zero-knowledge (ZK), the EVM has become a performance bottleneck:
The current zkEVM relies on interpreters, leading to a 50–800 times slowdown in performance;
Precompiled modules complicate the protocol and increase risks;
256-bit stack design is extremely inefficient when generating proofs.
The solution of RISC-V:
Minimal design (about 47 foundational instructions) + mature LLVM ecosystem (supporting languages like Rust, C++, Go, etc.);
Has become the de facto zkVM standard (90% of projects adopted);
Formal SAIL specification (as opposed to the ambiguous Yellow Paper) → enabling strict verification;
Hardware proof paths (ASICs/FPGAs) are under testing (SP1, Nervos, Cartesi, etc.).
The migration process is divided into three phases:
Replacing RISC-V as a precompiled module (low-risk testing);
Dual virtual machine era: EVM and RISC-V coexist and fully interoperate;
Reimplementing EVM within RISC-V (Rosetta strategy).
Ecosystem impact:
Optimistic Rollups (like Arbitrum and Optimism) need to rebuild their fraud proof mechanisms;
Zero-knowledge Rollups (like Polygon, zkSync, Scroll) will gain significant advantages → cheaper, faster, and simpler;
Developers can directly use language libraries such as Rust, Go, and Python at the L1 layer;
Users will enjoy approximately 100 times lower costs for proof → paving the way to Gigagas L1 (approximately 10,000 TPS).
Ultimately, Ethereum will evolve from a 'smart contract virtual machine' into a minimalist, verifiable trust layer for the internet, with the ultimate goal of 'snarkifying everything.'
Ethereum's crossroads
Vitalik Buterin once said, 'The end goal includes... making everything ZK-Snarkified.'
The endgame of zero-knowledge proofs (ZK) is inevitable, and its core argument is simple: Ethereum is fundamentally reshaping itself from scratch based on zero-knowledge proofs. This marks the technological endpoint of the protocol—achieving its final form through the reconstruction of L1, supported by high-performance zkVM driven by core development teams like Succinct.
With this vision as the end goal, Ethereum is at the most significant architectural transformation juncture since its inception. The discussion is no longer about gradual upgrades but about a complete restructuring of its computational core—replacing the Ethereum Virtual Machine (EVM). This initiative is the cornerstone of the broader 'Lean Ethereum' vision.
The Lean Ethereum vision aims to systematically simplify the entire protocol by breaking it into three core modules: Lean Consensus, Lean Data, and Lean Execution. Among the core issues in Lean Execution, the most critical point is: has the EVM become the main bottleneck for Ethereum's future development as the engine driving the smart contract revolution?
As Justin Drake from the Ethereum Foundation said, Ethereum's long-term goal has always been to 'Snarkify everything,' a powerful tool capable of enhancing the various layers of the protocol. However, for a long time, this goal seemed more like an 'unreachable blueprint' since achieving it requires the concept of real-time proving. Now, as real-time proving gradually becomes a reality, the theoretical inefficiencies of the EVM have transformed into a practical problem that needs to be addressed.
This article will delve into the technical and strategic arguments for migrating Ethereum L1 to the RISC-V instruction set architecture (ISA). This move is expected to not only unlock unprecedented scalability but also simplify the protocol structure and align Ethereum with the future of verifiable computing.
What exactly has changed?
Before discussing 'why,' it is important to clarify 'what' changes are occurring.
The Ethereum Virtual Machine (EVM) is the runtime environment for Ethereum smart contracts, referred to as the 'world computer' that processes transactions and updates the blockchain state. For years, its design has been revolutionary, laying the foundation for the birth of decentralized finance (DeFi) and the NFT ecosystem. However, this custom architecture, nearly a decade old, has now accumulated significant technical debt.
In contrast, RISC-V is not a product but an open standard—an alphabet for free, general-purpose processor design. As Jeremy Bruestle emphasized at the Ethproofs conference, its key principles make it an excellent choice for this role:
Minimalism: The foundational instruction set of RISC-V is extremely simple, containing only about 40 to 47 instructions. As Jeremy said, this makes it 'almost perfect for the use case of the super-minimal general machine that we need.'
Modular design: More complex functions are added through optional extensions. This feature is crucial as it allows the core to remain simple while expanding functionality according to demand, without imposing unnecessary complexity on the underlying protocol.
Open ecosystem: RISC-V has a large and mature toolchain support, including the LLVM compiler, allowing developers to use mainstream programming languages such as Rust, C++, and Go. As Justin Drake mentioned, 'There are rich tools around the compiler, and building compilers is extremely difficult... thus having these compiler toolchains is highly valuable.' RISC-V enables Ethereum to inherit these ready-made tools for free.
Interpreter overhead issues
The reasons driving the replacement of the EVM are not due to a single defect but the convergence of multiple fundamental limitations that can no longer be ignored in the future context of zero-knowledge proofs. These limitations include performance bottlenecks in zero-knowledge proof systems and the risks posed by the increasing complexity accumulated within the protocol.
The most urgent driving force behind this transformation is the inherent inefficiency of the EVM in zero-knowledge proof systems. As Ethereum gradually shifts to a model that verifies L1 state through ZK proofs, the performance of the prover becomes the biggest bottleneck.
The problem lies in how the current zkEVM operates. They do not directly zero-knowledge prove the EVM, but rather prove the interpreter of the EVM, which itself is compiled to RISC-V. Vitalik Buterin pointed out this core issue candidly:
If the implementation of zkVM is to compile the execution of the EVM into what ultimately becomes RISC-V code, why not expose the underlying RISC-V directly to smart contract developers? This can completely eliminate the overhead of the entire outer virtual machine.
This additional layer of explanation brings significant performance losses. Estimates suggest that this layer may lead to a performance drop of 50 to 800 times compared to native program proofs. Even after optimizing other bottlenecks (such as switching to the Poseidon hash algorithm), this part of 'block execution' will still account for 80-90% of all proof time, making the EVM the ultimate and most challenging obstacle for scaling L1. By removing this layer, Vitalik expects execution efficiency could improve by a factor of 100.
Technical debt trap
To compensate for the performance shortcomings of the EVM in specific cryptographic operations, Ethereum introduced precompiled contracts—dedicated functions hardcoded into the protocol. Although this solution seemed pragmatic at the time, it has now led to what Vitalik Buterin called a 'bad' situation:
Precompiled contracts are catastrophic for us... they greatly inflated Ethereum's trusted codebase... and they have led to serious problems that nearly resulted in consensus failures several times.
The complexity is staggering. Vitalik illustrated that the wrapper code for a single precompiled contract (such as modexp) is more complex than the entire RISC-V interpreter, while the logic of the precompiled contracts is actually more cumbersome. Adding new precompiled contracts requires a slow and politically contentious hard fork process, severely hindering application innovation that requires new cryptographic primitives. In this regard, Vitalik reached a clear conclusion:
I think we should stop adding any new precompiled contracts starting today.
The architectural technical debt of Ethereum
The core design of the EVM reflects the priorities of a past era, but it is no longer suited to modern computing needs. The EVM chose a 256-bit architecture to handle cryptographic values, but this architecture is highly inefficient for the 32-bit or 64-bit integers typically used in smart contracts. This inefficiency is particularly costly in ZK systems. As Vitalik explained:
When using smaller numbers, each number actually does not save any resources, while complexity increases two to fourfold.
Moreover, the stack architecture of the EVM is less efficient compared to the register architecture of RISC-V and modern CPUs. It requires more instructions to perform the same operations, which also complicates compiler optimizations.
These issues—including performance bottlenecks in ZK proofs, complexity from precompiles, and outdated architectural choices—collectively present a compelling and urgent case: Ethereum must move beyond the EVM and embrace a technological architecture more suited to the future.
RISC-V Blueprint: Reshaping the future of Ethereum with a stronger foundation
The advantages of RISC-V lie not only in addressing the shortcomings of the EVM but also in the inherent strength of its design philosophy. Its architecture offers a robust, simple, and verifiable foundation, making it well-suited for high-risk environments like Ethereum.
Why are open standards better than custom designs?
Unlike customized instruction set architectures (ISA) that require building an entire software ecosystem from scratch, RISC-V is a mature open standard with three key advantages:
Mature ecosystem
By adopting RISC-V, Ethereum can leverage decades of collective progress in computer science. As Justin Drake explained, this provides Ethereum with the opportunity to directly use world-class tools:
There is an infrastructure component called LLVM, which is a set of compiler toolchains that allows you to compile high-level programming languages into one of several backend targets. One of the supported backends is RISC-V. So if you support RISC-V, you automatically support all high-level languages supported by LLVM.
This greatly lowers the barriers to entry, enabling millions of developers familiar with languages like Rust, C++, and Go to easily get started.
The minimalist design philosophy of RISC-V is an intentional feature rather than a limitation. Its foundational instruction set contains only about 47 instructions, keeping the core of the virtual machine extremely concise. This simplicity offers significant advantages in terms of security, as a smaller trusted codebase is easier to audit and formally verify.
Fact standards in the field of zero-knowledge proofs. More importantly, the zkVM ecosystem has already made its choice. As Justin Drake pointed out, a clear trend can be seen from Ethproofs data.
RISC-V is the leading instruction set architecture (ISA) for zkVM backends.
Among the ten zkVMs that can prove Ethereum blocks, nine have chosen RISC-V as their target architecture. This market convergence sends a strong signal: Ethereum's adoption of RISC-V is not a speculative attempt but aligns with a standard that has been practically validated and recognized by projects building its zero-knowledge future.
Born for trust, not just execution
In addition to a broad ecosystem, the internal architecture of RISC-V is particularly well-suited for building secure and verifiable systems. Firstly, RISC-V has a formalized, machine-readable specification—SAIL. This is a significant improvement compared to the EVM's specification (which primarily exists in textual form in the Yellow Paper), which has some ambiguity, whereas the SAIL specification provides a 'gold standard' that can support critical mathematical correctness proofs, essential for protecting valuable protocols. As Alex Hicks from the Ethereum Foundation mentioned in the Ethproofs conference, this allows zkVM circuits to be directly 'verified against the official RISC-V specification.' Secondly, RISC-V includes a privileged architecture, a commonly overlooked but crucial feature for security. It defines different operational levels, mainly including user mode (for untrusted applications like smart contracts) and supervisor mode (for trusted 'execution kernels'). Diego from Cartesi elaborated on this.
The operating system itself must protect itself from the influence of other code. It needs to isolate the execution of different programs from each other, and all these mechanisms are part of the RISC-V standard.
In the architecture of RISC-V, smart contracts running in user mode cannot directly access the blockchain's state. Instead, it needs to issue a request to a trusted kernel running in supervisor mode via a special ECALL (environment call) instruction. This mechanism constructs a security boundary enforced by hardware, which is more robust and easier to verify than the EVM's model that relies purely on software sandboxing.
Vitalik's vision
This transformation is envisioned as a gradual, multi-stage process to ensure system stability and backward compatibility. As Ethereum founder Vitalik Buterin articulated, this approach aims to achieve an 'evolutionary' development rather than a complete 'revolutionary' change.
Step one: Precompiled alternatives
The initial phase will take the most conservative approach, introducing limited functionality of the new virtual machine (VM). As Vitalik Buterin suggested: 'We can start using the new VM in limited scenarios, such as replacing precompiled functions.' Specifically, this will pause the addition of new EVM precompiled functions, replacing them with functionality implemented through whitelisted RISC-V programs. This approach allows the new VM to undergo real-world testing in the mainnet in a low-risk environment, while serving as an intermediary between the two execution environments through the Ethereum client.
Step two: Coexistence of dual virtual machines
The next phase will 'open the new VM directly to users.' Smart contracts can indicate through tags whether their bytecode is EVM or RISC-V. The key feature is to achieve seamless interoperability: 'The two types of contracts can call each other.' This functionality will be implemented through system calls (ECALL), enabling the two virtual machines to cooperate within the same ecosystem.
Step three: EVM as a simulated contract ('Rosetta' strategy)
The ultimate goal is to achieve the simplification of the protocol. At this stage, 'we will treat the EVM as an implementation within the new VM.' The standardized EVM will become formally verified smart contracts running on the native RISC-V L1. This not only ensures permanent support for legacy applications but also allows client developers to maintain a single simplified execution engine, significantly reducing complexity and maintenance costs.
Ripple effects in the ecosystem
The transition from EVM to RISC-V is not just a transformation of the core protocol; it will have a profound impact on the entire Ethereum ecosystem. This transformation will not only reshape the developer experience but fundamentally change the competitive landscape of Layer-2 solutions and unlock new economic validation models.
Repositioning Rollups: The showdown between Optimistic and ZK
Adopting the RISC-V execution layer at the L1 level will have radically different impacts on the two main types of Rollups.
Optimistic Rollups (like Arbitrum and Optimism) face architectural challenges. Their security model relies on resolving fraud proofs by re-executing disputed transactions through the L1 EVM. If the EVM of L1 is replaced, this model will collapse completely. These projects will face tough choices: either undergo massive engineering renovations to design a fraud-proof system targeted at the new L1 VM or completely detach from Ethereum's security model.
In contrast, ZK Rollups will gain a significant strategic advantage. The vast majority of ZK Rollups have already chosen RISC-V as their internal instruction set architecture (ISA). An L1 that 'speaks the same language' will enable tighter and more efficient integration. Justin Drake proposed the future vision of 'native Rollups': L2 effectively becomes a specialized instance of L1's execution environment, utilizing L1's built-in VM for seamless settlement. This alignment will bring about the following changes:
Technical stack simplification: L2 teams will no longer need to build complex bridging mechanisms between the internal RISC-V execution environment and the EVM.
Tools and code reuse: Compilers, debuggers, and formal verification tools developed for the L1 RISC-V environment can be directly used by L2, greatly reducing development costs.
Economic incentives alignment: The Gas fees of L1 will more accurately reflect the actual costs of RISC-V-based ZK verification, leading to a more reasonable economic model.
A new era for developers and users
For Ethereum developers, this transformation will be gradual rather than disruptive.
For developers, they will have access to a broader and more mature software development ecosystem. As Vitalik Buterin pointed out, developers will 'be able to write contracts in Rust, while these options can coexist.' Meanwhile, he predicts that 'Solidity and Vyper will remain popular for a long time due to their elegant design in smart contract logic.' By using mainstream programming languages and their vast library resources through the LLVM toolchain, this shift will be revolutionary. Vitalik likens it to a 'NodeJS-style experience,' allowing developers to write on-chain and off-chain code in the same language, achieving integrated development.
For users, this transformation will ultimately bring a lower-cost, higher-performance network experience. The cost of proving is expected to decrease by about 100 times, from several dollars per transaction to a few cents or even less. This directly translates into lower L1 fees and L2 settlement fees. This economic viability will unlock the vision of 'Gigagas L1,' aiming for approximately 10,000 TPS performance, paving the way for more complex and higher-value on-chain applications in the future.
Succinct Labs and SP1: Building the proof future in the present
Ethereum is gearing up. 'Scale L1, scale blocks' is the strategic urgent task within the EF protocol cluster. Significant performance improvements are expected in the next 6 to 12 months.
https://blog.ethereum.org/2025/07/31/lean-ethereum
Teams like Succinct Labs have already demonstrated the theoretical advantages of RISC-V in practice, and their work provides a strong case for validating this proposal.
The SP1 developed by Succinct Labs is a high-performance, open-source zkVM based on RISC-V, proving the feasibility of the new architectural approach. It adopts a 'precompile-centric' philosophy, perfectly addressing the cryptographic bottlenecks of the EVM. Unlike traditional reliance on slow, hard-coded precompiles, SP1 offloads intensive operations like Keccak hashing to specially designed, manually optimized ZK circuits, called through standard ECALL instructions. This approach combines the performance of custom hardware with the flexibility of software, providing developers with a more efficient and scalable solution.
The practical impact of Succinct Labs has already become apparent. Their OP Succinct product empowers Optimistic Rollups with zero-knowledge proof capabilities (ZK-ify). As Succinct co-founder Uma Roy explained:
For Rollups using the OP Stack, there is no longer a need to wait seven days for final confirmation and withdrawal... now it only takes an hour to complete confirmation. This speed improvement is fantastic.
This breakthrough addresses the key pain points of the entire OP Stack ecosystem. Additionally, Succinct's infrastructure—the Succinct Prover Network—is designed as a decentralized proof generation market, showcasing a viable economic model for the future of verifiable computing. Their work is not only a proof of concept but also a practical blueprint for the future, as described in this article.
How Ethereum reduces risks
One of the significant advantages of RISC-V is that it makes the holy grail of formal verification—proving the correctness of systems through mathematics—an achievable goal. The EVM's specification is written in natural language in the Yellow Paper, making it difficult to formalize. In contrast, RISC-V has an official, machine-readable SAIL specification that provides a clear 'golden reference' for its behavior.
This paves the way for stronger security. As Alex Hicks from the Ethereum Foundation pointed out, work is already underway to 'extract zkVM RISC-V circuits for formal verification against the official RISC-V specification in Lean.' This is a milestone progress that shifts trust from fallible human implementations to verifiable mathematical proofs, opening up new heights for blockchain security.
The main risks of transformation
Although the L1 architecture of RISC-V has many advantages, it also brings new complex challenges.
Gas measurement issues
Creating a deterministic and fair Gas model for general-purpose instruction set architectures (ISA) is an unsolved challenge. Simple instruction counting methods are vulnerable to denial-of-service attacks. For example, an attacker can design a program that repeatedly triggers cache misses, resulting in high resource consumption with very low Gas costs. This issue poses significant challenges to network stability and economic models.
Toolchain security and reproducible build issues
This is the most important and often underestimated risk during the transformation process. The security model shifts from relying on on-chain virtual machines to relying on off-chain compilers (like LLVM), which are highly complex and known to contain vulnerabilities. Attackers may exploit compiler vulnerabilities to transform seemingly harmless source code into malicious bytecode. Moreover, ensuring that the compiled binary files on-chain match the public source code exactly—known as the 'reproducible build' problem—is also extremely challenging. Minor differences in the build environment could lead to different binary outputs, thus affecting transparency and trust. These issues pose significant challenges to the safety of developers and users.
Mitigation strategies
The way forward requires multi-layered defense strategies.
Phased rollout
Adopting a gradual, multi-phase transition plan is a core strategy for managing risks. By first introducing RISC-V as a precompiled alternative and then operating in a dual virtual machine environment, the community can build operational experience and confidence in a low-risk environment, avoiding any irreversible changes. This incremental approach provides a stable foundation for technological transformation.
Comprehensive auditing: fuzz testing and formal verification
Although formal verification is the ultimate goal, it must be combined with ongoing, high-intensity testing. As Valentine from Diligence Security demonstrated in the Ethproofs conference, their Argus fuzz testing tool has already discovered 11 critical soundness and integrity vulnerabilities in leading zkVM. This indicates that even the best-designed systems can have vulnerabilities that can only be found through rigorous adversarial testing. The combination of fuzz testing and formal verification provides a stronger guarantee of system security.
Standardization
To avoid fragmentation of the ecosystem, the community needs to adopt a single, standardized RISC-V configuration. This may be a combination of RV64GC and a Linux-compatible ABI, as this combination has the widest support in mainstream programming languages and tools, maximizing the advantages of the new ecosystem. Standardization not only enhances developer efficiency but also lays a solid foundation for the long-term development of the ecosystem.
Ethereum's verifiable future
The proposal to replace the Ethereum Virtual Machine (EVM) with RISC-V is not just a gradual upgrade but a fundamental restructuring of Ethereum's execution layer. This ambitious vision aims to address deep-rooted scalability bottlenecks, simplify protocol complexity, and align the platform with the broader ecosystem of general-purpose computing. Despite the enormous technical and social challenges this transformation faces, its long-term strategic benefits are sufficient to justify this bold endeavor.
This transformation focuses on a series of core trade-offs:
The balance between the immense performance gains brought by a ZK-native architecture and the pressing need for backward compatibility;
The trade-off between security advantages brought by simplifying the protocol and the inertia of the EVM's massive network effects;
The choice between the powerful capabilities of a general-purpose ecosystem and the risks of relying on complex third-party toolchains.
Ultimately, this architectural transformation will be key to realizing the commitment to 'Lean Execution' and will be an important component of the 'Lean Ethereum' vision. It will transform Ethereum's L1 from a simple smart contract platform into an efficient and secure settlement and data availability layer, designed to support the vast universe of verifiable computing.
As Vitalik Buterin said, 'The end goal is... to provide ZK-snark for everything.'
Projects like Ethproofs provide objective data and collaborative platforms for this transformation, while the Succinct Labs team provides a practical blueprint for this future through the application of their SP1 zkVM. By embracing RISC-V, Ethereum not only addresses its scalability bottlenecks but positions itself as the foundational trust layer for the next generation of the internet—driven by SNARK, the third cryptographic primitive after hashes and signatures.
Proving the software world, opening a new era of encryption.
Learn more:
Vitalik's interpretation: Click to watch
ETHProofs Fourth Discussion: Click to watch
Original link