The new system guarantees proven security, not based on unproven mathematical assumptions
An experimental instruction would reduce that cost to $3.05 and could become a standard.
A group of researchers presented this Tuesday, May 19 at Ethereum Research a new post-quantum cryptographic verifier for the Ethereum Virtual Machine (EVM). The development replaces a previous scheme whose security was compromised after the refutation of its theoretical basis in three academic works published between 2025 and 2026.
The new system maintains costs comparable to the current ones, but introduces a key change: It relies exclusively on mathematical results proven, eliminating reliance on unverified guesses.
This advance is part of efforts to adapt Ethereum to a scenario with quantum computers, capable of breaking elliptic curve cryptography schemes such as Groth16, widely used in zero-knowledge (ZK) proofs. The plan is for full network protection by 2029.
The problem of the previous design
The verifier presented in 2024 depended on a hypothesis known as capacity-bound proximity gap in Reed-Solomon codes. In simple terms, this conjecture I was trying to limit how many verifications They are necessary to ensure that a polynomial is correct without having to check it completely.
The problem is that this “rule” was not proven. Three subsequent investigations, cited on the Ethereum Research blog, showed that it is not fulfilled in all cases.
By failing this assumption, the previous verifier loses efficiency and security: need more consultations to maintain the same level of trust, which increases the cost in gas and leaves open the possibility of accepting invalid tests with a higher probability than expected.
What changes: from conjectures to proven guarantees
The new verifier, according to the study, replaces that weakness with well-established mathematical tools.
One of the central changes is the use of Johnson bound, a classic result in code theorys. This bound defines a clear limit on how many errors a system can tolerate when trying to reconstruct a message (or a polynomial) without ambiguity.
In other words: establishes the extent to which information can be “corrected” without running the risk of accepting incorrect data. Unlike the previous conjecture, this limit is formally proven, allowing verifiable security guarantees to be constructed.
Additionally, the system operates on a 31-bit field, instead of the 254 bits of the previous design. This reduces computational complexity and makes verification within the EVM more efficient.
Under these parameters, the authors estimate a robustness of 100 bits for polynomials of size 2²². In practice, this means that the probability of accepting a false test is extremely low (on the order of 1 in 2¹⁰⁰).
Costs: in line with what Ethereum already uses
The new verifier has an estimated cost of 5.64 million gas (about $3.98 at the price of 0.554 gwei and ETH trading at over $2,200), a figure comparable to current systems in production.
For reference, ZK test-based solutions like StarkNet have reported costs close to 5 million gas in 2021 and around 6 million in 2024.
This parity is key: it indicates that improving quantum resistance does not imply, at least in this case, a prohibitive jump in costs.
Limitations: not yet deployable
Despite the progress, the system is not yet ready to be implemented directly on the main network.
The main obstacle is technical: the verifier contract exceeds the size limit allowed by Ethereum by more than 8,500 bytes of 24,576. This forces it to be divided into multiple contracts, a task that has not yet been completed.
Furthermore, important measurements are missing, such as the total cost without simplifications in Merkle proofs, and the integration of the verifier within a complete knowledge proof system.
The new verifier solves a critical problem: it replaces an invalid theoretical foundation with solid mathematical foundations, while maintaining competitive costs. However, it is still just one piece in a larger system. Until it is fully integrated and can be deployed on the mainnet, Ethereum’s “post-quantum shield” will continue to be a technical promise in developmentmore than a solution ready for widespread use.