Ethereum may undergo the largest upgrade in history: EVM to be phased out, RISC-V to take over

Original Title: Goodbye EVM, Hello RISC-V

Original Author: jaehaerys.eth, Crypto Researcher

Original Translation: TechFlow

Summary

Ethereum is preparing for the most important architectural transformation since its inception: replacing the EVM with RISC-V.

The reason is simple—in a future centered around zero-knowledge (ZK), the EVM has become a performance bottleneck:

· Current zkEVMs rely on interpreters, resulting in a 50–800x performance slowdown;

· Precompiled modules make the protocol more complex and increase risk;

· The 256-bit stack design is extremely inefficient when generating proofs.

RISC-V’s solutions:

· Minimalist design (about 47 basic instructions) + mature LLVM ecosystem (supports Rust, C++, Go, and other languages);

· Has become the de facto zkVM standard (adopted by 90% of projects);

· Possesses a formal SAIL specification (compared to the ambiguous Yellow Paper) → enables strict verification;

· Hardware proof paths (ASICs/FPGAs) are already being tested (SP1, Nervos, Cartesi, etc.).

The migration process is divided into three stages:

· Replace with RISC-V as a precompiled module (low-risk testing);

· Dual VM era: EVM and RISC-V coexist and are fully interoperable;

· Reimplement EVM within RISC-V (Rosetta strategy).

Impact on the ecosystem:

· Optimistic Rollups (such as Arbitrum and Optimism) need to rebuild their fraud proof mechanisms;

· Zero-knowledge Rollups (such as Polygon, zkSync, Scroll) will gain huge advantages → cheaper, faster, simpler;

· Developers can directly use Rust, Go, and Python libraries on the L1 layer;

· Users will enjoy proof costs about 100 times lower → paving the way for Gigagas L1 (about 10,000 TPS).

Ultimately, Ethereum will evolve from a “smart contract virtual machine” into a minimalist, verifiable trust layer for the internet, with the ultimate goal of “ZK-Snarkifying everything.”

Ethereum at the Crossroads

Vitalik Buterin once said: “The endgame includes... ZK-Snarkifying everything.”

The endgame of zero-knowledge proofs (ZK) is now inevitable, and the core argument is simple: Ethereum is rebuilding itself from scratch based on zero-knowledge proofs. This marks the protocol’s technical endpoint—by restructuring L1, achieving its final form, powered by high-performance zkVMs supported by core development teams (such as Succinct).

With this vision as the endpoint, Ethereum is at the most important architectural transformation since its inception. This discussion is no longer about incremental upgrades, but about a complete overhaul of its computational core—replacing the Ethereum Virtual Machine (EVM). This move is the cornerstone of the broader “Lean Ethereum” vision.

The Lean Ethereum vision aims to systematically simplify the entire protocol, splitting it into three core modules: Lean Consensus, Lean Data, and Lean Execution. Among the core issues of Lean Execution, the most critical is: as the engine driving the smart contract revolution, has the EVM become the main bottleneck for Ethereum’s future development?

As Justin Drake from the Ethereum Foundation said, Ethereum’s long-term goal has always been to “Snarkify everything,” a powerful tool that can enhance all layers of the protocol. However, for a long time, this goal seemed like a “distant blueprint,” because achieving it required the concept of real-time proving. Now, as real-time proving gradually becomes a reality, the theoretical inefficiency of the EVM has turned into an urgent practical problem that needs to be solved.

This article will deeply analyze the technical and strategic arguments for migrating Ethereum L1 to the RISC-V instruction set architecture (ISA). This move not only promises unprecedented scalability but will also simplify the protocol structure and align Ethereum with the future of verifiable computation.

What Has Actually Changed?

Before discussing “why,” it is first necessary to clarify “what” is changing.

The EVM (Ethereum Virtual Machine) is the runtime environment for Ethereum smart contracts, known as the “world computer” that processes transactions and updates blockchain state. For years, its design was revolutionary, laying the foundation for the birth of decentralized finance (DeFi) and the NFT ecosystem. However, this nearly decade-old custom architecture has now accumulated a large amount of technical debt.

In contrast, RISC-V is not a product but an open standard—a free, general-purpose processor design “alphabet.” As Jeremy Bruestle emphasized at the Ethproofs conference, its key principles make it an excellent choice for this role:

· Minimalism: RISC-V’s base instruction set is extremely simple, containing only about 40 to 47 instructions. As Jeremy said, this makes it “almost perfectly suited for the use case of the ultra-minimalist general-purpose machine we need.”

· Modular Design: More complex features are added through optional extensions. This is crucial because it allows the core to remain simple while expanding functionality as needed, without imposing unnecessary complexity on the base protocol.

· Open Ecosystem: RISC-V has a large and mature toolchain, including the LLVM compiler, allowing developers to use mainstream programming languages such as Rust, C++, and Go. As Justin Drake mentioned: “The tools around compilers are very rich, and building compilers is extremely difficult... so having these compiler toolchains is extremely valuable.” RISC-V allows Ethereum to inherit these ready-made tools for free.

The Interpreter Overhead Problem

The push to replace the EVM is not due to a single flaw, but rather the convergence of multiple fundamental limitations, which, in a future centered around zero-knowledge proofs, can no longer be ignored. These limitations include performance bottlenecks in zero-knowledge proof systems and the risks brought by increasing complexity accumulated within the protocol.

The most urgent driver of this transformation is the EVM’s inherent inefficiency in zero-knowledge proof systems. As Ethereum gradually shifts to a model where L1 state is verified via ZK proofs, prover performance becomes the biggest bottleneck.

The problem lies in how current zkEVMs work. They do not directly prove the EVM in zero-knowledge, but rather prove the EVM’s interpreter, which itself is compiled to RISC-V. Vitalik Buterin bluntly pointed out this core issue:

“...If the way you implement a zkVM is by compiling EVM execution into something that ultimately becomes RISC-V code, then why not just expose the underlying RISC-V directly to smart contract developers? This would completely eliminate the overhead of the entire outer virtual machine.”

This extra interpretation layer brings huge performance loss. Estimates show that, compared to proving native programs, this layer can cause a 50 to 800 times performance drop. After optimizing other bottlenecks (such as switching to the Poseidon hash algorithm), this “block execution” still accounts for 80-90% of all proving time, making the EVM the final and most difficult obstacle to scaling L1. By removing this layer, Vitalik expects execution efficiency could improve by 100 times.

The Technical Debt Trap

To compensate for the EVM’s lack of performance in certain cryptographic operations, Ethereum introduced precompiled contracts—specialized functions hardcoded directly into the protocol. While this solution seemed pragmatic at the time, it has now led to what Vitalik Buterin calls a “bad” situation:

“Precompiles have been disastrous for us... They have greatly bloated Ethereum’s trusted codebase... and they have caused us to almost have several consensus failures.”

This complexity is shocking. Vitalik gives the example that the wrapper code for a single precompile (such as modexp) is more complex than the entire RISC-V interpreter, and the precompile logic is actually even more convoluted. Adding new precompiles requires a slow and politically contentious hard fork process, severely hindering application innovation that needs new cryptographic primitives. On this, Vitalik draws a clear conclusion:

“I think we should stop adding any new precompiles starting today.”

Ethereum’s Architectural Technical Debt

The EVM’s core design reflects the priorities of a past era, but it is no longer suitable for modern computational needs. The EVM chose a 256-bit architecture to handle cryptographic values, but for the 32-bit or 64-bit integers commonly used in smart contracts, this architecture is extremely inefficient. This inefficiency is especially costly in ZK systems. As Vitalik explains:

“When using smaller numbers, each number doesn’t actually save any resources, and the complexity increases by two to four times.”

In addition, the EVM’s stack architecture is less efficient than the register architectures of RISC-V and modern CPUs. It requires more instructions to accomplish the same operations and also makes compiler optimization more complex.

These issues—including the performance bottleneck of ZK proofs, the complexity of precompiles, and outdated architectural choices—together form a compelling and urgent reason: Ethereum must move beyond the EVM and embrace a technology architecture better suited for the future.

The RISC-V Blueprint: Reshaping Ethereum’s Future with a Stronger Foundation

The advantage of RISC-V lies not only in the EVM’s shortcomings, but also in the inherent strength of its design philosophy. Its architecture provides a robust, simple, and verifiable foundation, ideally suited for high-risk environments like Ethereum.

Why Are Open Standards Better Than Custom Designs?

Unlike custom instruction set architectures (ISAs) that require building an entire software ecosystem from scratch, RISC-V is a mature open standard with three key advantages:

Mature Ecosystem

By adopting RISC-V, Ethereum can leverage decades of collective progress in computer science. As Justin Drake explains, this gives Ethereum the opportunity to directly use world-class tools:

“There’s an infrastructure component called LLVM, which is a set of compiler toolchains that allow you to compile high-level programming languages to one of many backend targets. One of the supported backends is RISC-V. So if you support RISC-V, you can automatically support all high-level languages supported by LLVM.”

This greatly lowers the development threshold, allowing millions of developers familiar with languages like Rust, C++, and Go to easily get started.

Minimalist Design Philosophy The minimalism of RISC-V is a deliberate feature, not a limitation. Its base instruction set contains only about 47 instructions, keeping the VM core extremely simple. This simplicity has significant security advantages, as a smaller trusted codebase is easier to audit and formally verify.

De Facto Standard in Zero-Knowledge Proofs More importantly, the zkVM ecosystem has already made its choice. As Justin Drake points out, Ethproofs data shows a clear trend:

“RISC-V is the leading instruction set architecture (ISA) for zkVM backends.”

Of the ten zkVMs capable of proving Ethereum blocks, nine have chosen RISC-V as their target architecture. This market convergence sends a strong signal: by adopting RISC-V, Ethereum is not making a speculative attempt, but aligning with a standard that has already been validated and adopted by projects building the zero-knowledge future.

Born for Trust, Not Just Execution

Beyond its broad ecosystem, RISC-V’s internal architecture is also particularly suited for building secure and verifiable systems. First, RISC-V has a formal, machine-readable specification—SAIL. Compared to the EVM’s specification (mainly the textual Yellow Paper), this is a huge step forward. The Yellow Paper has some ambiguity, while the SAIL specification provides a “gold standard” that supports critical mathematical correctness proofs, which is vital for protecting high-value protocols. As Alex Hicks from the Ethereum Foundation (EF) mentioned at the Ethproofs conference, this allows zkVM circuits to be directly “verified against the official RISC-V specification.” Second, RISC-V includes a privileged architecture, a feature often overlooked but crucial for security. It defines different levels of operation, mainly user mode (for untrusted applications like smart contracts) and supervisor mode (for the trusted “execution kernel”). Diego from Cartesi explained this in depth:

“The operating system itself must protect itself from other code. It needs to isolate different programs from each other, and all these mechanisms are part of the RISC-V standard.”

In RISC-V’s architecture, smart contracts running in user mode cannot directly access the blockchain’s state. Instead, they must make requests to the trusted kernel running in supervisor mode via a special ECALL (environment call) instruction. This mechanism builds a hardware-enforced security boundary, which is more robust and easier to verify than the EVM’s purely software sandbox model.

Vitalik’s Vision

This transformation is envisioned as a gradual, multi-stage process to ensure system stability and backward compatibility. As Ethereum founder Vitalik Buterin explained, this approach aims for “evolutionary” rather than “revolutionary” change.

Step One: Precompile Replacement

The initial stage takes the most conservative approach, introducing limited functionality of the new virtual machine (VM). As Vitalik Buterin suggested: “We can start using the new VM in limited scenarios, such as replacing precompiled functions.” Specifically, this will halt the addition of new EVM precompiles, instead implementing required functions through whitelisted RISC-V programs. This approach allows the new VM to be battle-tested on mainnet in a low-risk environment, with Ethereum clients acting as intermediaries between the two execution environments.

Step Two: Dual VM Coexistence

The next stage will “open the new VM directly to users.” Smart contracts can indicate via a flag whether their bytecode is EVM or RISC-V. The key feature is seamless interoperability: “Both types of contracts can call each other.” This will be achieved via system calls (ECALL), enabling the two VMs to collaborate within the same ecosystem.

Step Three: EVM as Simulated Contract (“Rosetta” Strategy)

The ultimate goal is to achieve protocol minimalism. At this stage, “we implement the EVM as a type of contract within the new VM.” The standardized EVM will become a formally verified smart contract running on native RISC-V L1. This not only ensures permanent support for legacy applications but also allows client developers to maintain only a simplified execution engine, significantly reducing complexity and maintenance costs.

Ripple Effects on the Ecosystem

The transition from EVM to RISC-V is not just a change to the core protocol—it will have profound effects on the entire Ethereum ecosystem. This transformation will not only reshape the developer experience but also fundamentally alter the competitive landscape of Layer-2 solutions and unlock new economic verification models.

Rollup Repositioning: Optimistic vs. ZK

Adopting a RISC-V execution layer at L1 will have very different impacts on the two main types of Rollups.

Optimistic Rollups (such as Arbitrum, Optimism) face architectural challenges. Their security model relies on re-executing disputed transactions on L1 EVM to resolve fraud proofs. If the L1 EVM is replaced, this model collapses. These projects will face a tough choice: either undertake massive engineering to design a fraud proof system for the new L1 VM, or completely detach from Ethereum’s security model.

In contrast, ZK Rollups will gain a huge strategic advantage. The vast majority of ZK Rollups have already adopted RISC-V as their internal instruction set architecture (ISA). An L1 “speaking the same language” will enable much tighter and more efficient integration. Justin Drake envisions a future of “native Rollups”: L2s essentially become specialized instances of L1’s own execution environment, using L1’s built-in VM for seamless settlement. This alignment will bring the following changes:

· Simplified Tech Stack: L2 teams will no longer need to build complex bridging mechanisms between their internal RISC-V execution environment and the EVM.

· Tool and Code Reuse: Compilers, debuggers, and formal verification tools developed for the L1 RISC-V environment can be directly used by L2s, greatly reducing development costs.

· Economic Incentive Alignment: L1 gas fees will more accurately reflect the actual cost of RISC-V-based ZK verification, forming a more rational economic model.

A New Era for Developers and Users

For Ethereum developers, this transformation will be gradual, not disruptive.

For developers, they will gain access to a broader and more mature software development ecosystem. As Vitalik Buterin points out, developers will “be able to write contracts in Rust, and these options can coexist.” Meanwhile, he predicts “Solidity and Vyper will remain popular for their elegant design in smart contract logic.” Using mainstream programming languages and their vast library resources via the LLVM toolchain, this shift will be revolutionary. Vitalik likens it to a “NodeJS-like experience,” where developers can write both on-chain and off-chain code in the same language, achieving unified development.

For users, this transformation will ultimately bring lower costs and higher performance network experiences. Proof costs are expected to drop by about 100 times, from several dollars per transaction to just a few cents or even less. This directly translates to lower L1 and L2 settlement fees. This economic viability will unlock the “Gigagas L1” vision, aiming for about 10,000 TPS, paving the way for more complex and higher-value on-chain applications in the future.

Succinct Labs and SP1: Building the Proof Future Now

Ethereum is gearing up. “Scaling L1, scaling blocks” is a strategically urgent task within the EF protocol cluster. Significant performance improvements are expected in the next 6 to 12 months.

Teams like Succinct Labs have already demonstrated the theoretical advantages of RISC-V in practice, making their work a powerful case for validating this proposal.

SP1, developed by Succinct Labs, is a high-performance, open-source zkVM based on RISC-V, validating the feasibility of the new architectural approach. SP1 adopts a “precompile-centric” philosophy, perfectly solving the EVM’s cryptographic bottleneck. Unlike traditional slow, hardcoded precompiles, SP1 offloads intensive operations such as Keccak hashing to specially designed, hand-optimized ZK circuits, invoked via standard ECALL instructions. This approach combines the performance of custom hardware with the flexibility of software, providing developers with a more efficient and scalable solution.

Succinct Labs’ real-world impact is already evident. Their OP Succinct product uses SP1 to ZK-ify Optimistic Rollups. As Succinct co-founder Uma Roy explains:

“With Rollups using the OP Stack, you no longer need to wait seven days for final confirmation and withdrawal... Now, confirmation can be completed in just one hour. This speed improvement is fantastic.”

This breakthrough solves a key pain point for the entire OP Stack ecosystem. In addition, Succinct’s infrastructure—the Succinct Prover Network—is designed as a decentralized proof generation marketplace, showcasing a viable economic model for future verifiable computation. Their work is not just a proof of concept, but a practical blueprint for the future, as described in this article.

How Ethereum Reduces Risk

One major advantage of RISC-V is that it makes the holy grail of formal verification—mathematically proving system correctness—an achievable goal. The EVM’s specification is written in natural language in the Yellow Paper, making formalization difficult. In contrast, RISC-V has an official, machine-readable SAIL specification, providing a clear “golden reference” for its behavior.

This paves the way for stronger security. As Alex Hicks from the Ethereum Foundation points out, work is already underway to “formally verify zkVM RISC-V circuits against the official RISC-V specification extracted into Lean.” This is a milestone, shifting trust from error-prone human implementations to verifiable mathematical proofs, opening new heights for blockchain security.

Main Risks of the Transformation

Although an L1 based on RISC-V architecture has many advantages, it also brings new and complex challenges.

Gas Metering Issues

Creating a deterministic and fair gas model for a general-purpose instruction set architecture (ISA) is an unsolved problem. Simple instruction counting is vulnerable to denial-of-service attacks. For example, an attacker could design a program that repeatedly triggers cache misses, causing high resource consumption at very low gas cost. This poses severe challenges to network stability and the economic model.

Toolchain Security and “Reproducible Build” Issues

This is the most important and often underestimated risk in the transformation process. The security model shifts from relying on the on-chain VM to relying on off-chain compilers (such as LLVM), which are extremely complex and known to have vulnerabilities. Attackers could exploit compiler bugs to turn seemingly benign source code into malicious bytecode. In addition, ensuring that the compiled binary on-chain exactly matches the publicly available source code—the “reproducible build” problem—is also extremely difficult. Tiny differences in the build environment can lead to different binaries, affecting transparency and trust. These issues pose severe challenges to the security of both developers and users.

Mitigation Strategies

The path forward requires multi-layered defense strategies.

Phased Rollout

Adopting a gradual, multi-stage transition plan is a core strategy for managing risk. By first introducing RISC-V as a precompile replacement and then running in a dual-VM environment, the community can gain operational experience and build confidence in a low-risk environment, avoiding any irreversible changes. This incremental approach provides a stable foundation for technical transformation.

Comprehensive Auditing: Fuzz Testing and Formal Verification

Although formal verification is the ultimate goal, it must be combined with continuous, intensive testing. As demonstrated by Valentine from Diligence Security in the Ethproofs conference call, their Argus fuzz testing tool has already found 11 critical soundness and completeness bugs in leading zkVMs. This shows that even the best-designed systems may have vulnerabilities that can only be discovered through rigorous adversarial testing. The combination of fuzz testing and formal verification provides stronger security guarantees for the system.

Standardization

To avoid ecosystem fragmentation, the community should adopt a single, standardized RISC-V configuration. This may be the RV64GC with a Linux-compatible ABI, as this combination has the broadest support in mainstream programming languages and tools, maximizing the benefits of the new ecosystem. Standardization not only improves developer efficiency but also lays a solid foundation for the ecosystem’s long-term development.

Ethereum’s Verifiable Future

The proposal to replace the Ethereum Virtual Machine (EVM) with RISC-V is not just an incremental upgrade, but a fundamental reconstruction of Ethereum’s execution layer. This ambitious vision aims to address deep scalability bottlenecks, simplify protocol complexity, and align the platform with the broader ecosystem of general-purpose computation. Although this transformation faces enormous technical and social challenges, its long-term strategic benefits are sufficient to justify this bold effort.

This transformation focuses on a series of core trade-offs:

· The balance between the huge performance gains of a ZK-native architecture and the urgent need for backward compatibility;

· The trade-off between the security advantages of protocol simplification and the inertia of the EVM’s massive network effects;

· The choice between the power of a general-purpose ecosystem and the risks of relying on complex third-party toolchains.

Ultimately, this architectural transformation will be key to fulfilling the promise of “Lean Execution” and is an important part of the “Lean Ethereum” vision. It will transform Ethereum’s L1 from a simple smart contract platform into an efficient and secure settlement and data availability layer, designed to support the vast universe of verifiable computation.

As Vitalik Buterin said, “The endgame is... to provide ZK-snark for everything.”

Projects like Ethproofs provide objective data and collaborative platforms for this transformation, while the Succinct Labs team, through the practical application of their SP1 zkVM, provides an actionable blueprint for this future. By embracing RISC-V, Ethereum not only solves its own scalability bottleneck but also positions itself as the foundational trust layer for the next-generation internet—driven by SNARKs, the third major cryptographic primitive after hashes and signatures.

Prove the world’s software, usher in a new era of cryptography.

Learn more: