Vitalik's Speech: Perfecting Quantum Resistance, Replicating Ethereum's L2 Is Meaningless | 2026 Hong Kong Web3 Carnival

On April 20, the 2026 Hong Kong Web3 Carnival grandly opened at the Hong Kong Convention and Exhibition Centre. Ethereum co-founder Vitalik Buterin delivered the closing keynote speech, offering a deep analysis of Ethereum's ultimate vision as the "world computer" and its ambitious roadmap for the next five years. The following is the full text of the speech:

Good morning everyone! Where is the Ethereum protocol heading? I think over the past few years, we have seen many significant changes in both theoretical and ecosystem areas. At the same time, we have also witnessed numerous transformations outside the Ethereum ecosystem, including the limitless possibilities brought by artificial intelligence, the potential imminent arrival of quantum computing, and advancements in fields like formal verification, cryptography, and zero-knowledge proofs.

I believe one of the important things we have been doing is rethinking what is truly meaningful: What is the purpose of using Ethereum? Why Ethereum? What are its characteristics? What makes a decentralized network need to possess these characteristics?

For example, how can we integrate these new technologies into the Ethereum protocol we previously wrote and the plans for the next five years? What exactly is Ethereum's purpose? I think it has two main functions:

First, Ethereum is like a public bulletin board. It is a place where applications can post messages, and everyone can see the content and order of these messages. These messages can be anything—transactions, hashes, encrypted data, and many other things. In fact, there are many opportunities for applications to use Ethereum as a place to publish data while leveraging other types of protocols to interpret this data (i.e., decrypt data and perform computations on it).

Second is the computer. Essentially, Ethereum allows you to have shared digital objects controlled by code. These digital objects can be many things: they can be assets, ERC-20 tokens, NFTs, their meaning is not limited to the theoretical level (ENS is an example), and can even refer to control over an organization (a DAO is an example). You can do many things, so both are extremely valuable. For decentralized applications, Ethereum ensures autonomous security, verifiability, fair participation, and gathers all users.

"Self-sovereignty" basically means that as a user, you can participate, verify, and ensure your own security entirely based on your own infrastructure. You don't need to trust any third party to run Ethereum, and if you don't want to, you don't need to trust any third party outside of Ethereum either.

Therefore, verifiability and the ability to verify ensure that the chain operates correctly and that everything that happens is validated as it should be. It also ensures anyone's right and the actual right to publish information to the bulletin board. So this is the core; we should view Ethereum as a technical module and think about all the applications this technical foundation can support. The most interesting applications will be hybrids of on-chain and off-chain components. This includes ENS, prediction markets, etc. Prediction markets have an on-chain component (i.e., assets created for each event, enabling trading of those assets) and off-chain components (one of which is the oracle). Sometimes the design of prediction markets or the matching of trading orders happens on-chain. Additionally, there are aspects involving privacy.

For example, people have been researching cryptographic protocols for decades to simplify or enable secure electronic voting. Many such protocols typically rely on a public bulletin board where people can publish information. In this case, they are encrypted ballots, ensuring everyone can participate. Anything related to privacy must include an on-chain part (for publishing data) and an off-chain part (for interpreting the data).

If it interprets the data, it must be done off-chain through a private protocol. So, we talk a lot about L2 (Layer 2). In my view, to judge which type of L2 is meaningful, you first need to understand which type is not: if you simply copy Ethereum, scale it up 100 times, make it more centralized, and that's it, it's meaningless. I think the truly meaningful L2s are those where you start examining various applications and ask: what off-chain components do they need? What parts do they need besides L1? Then you go and build those things.

What does this mean for Ethereum? We need to scale data; we need the ability to publish more data on-chain. PeerDAS, introduced in the latest hard fork last year, already includes this, but we still need to push further. Scaling computational power is also important because, as part of the Ethereum chain, scaling computational power can help different applications combine and communicate with each other without intermediaries.

If you visit the roadmap website (roadmap.org), you can find a roadmap designed for the next five years. The core short-term goals of the protocol are: first, short-term scaling, continuing to actively increase the Gas limit; second, beginning the rollout of zkEVM. zkEVM allows Ethereum to scale further and perform more complex computations while still making it easy to verify information on-chain. There's also early preparation for the post-quantum era. We have been thinking about quantum computing for years; we recognized it as a potential threat long ago, and we have some measures. Soon, in the short term, we will improve Ethereum's quantum resistance and refine the entire roadmap.

For example, ultimately, all parts of Ethereum will achieve full quantum-resistant security, and very efficiently. We will also improve the block building process and enhance support for privacy. Therefore, there are many EIP proposals for short-term scaling that will be applied in the next phase. For instance, **Block Access Lists** enable parallelization; Gas repricing improves efficiency and makes increasing the Gas limit safer.

ePBS (proposer-builder separation) makes it safer for Ethereum blocks to take longer to verify and also improves nodes' ability to download state. There's also EIP-8141 (the account abstraction proposal), which is very simple and powerful. Basically, a transaction is a series of calls, where one call might be verification and another might be execution. This allows Ethereum to easily provide native support for smart contract wallets, for sponsoring others' transactions, supporting quantum-resistant signature algorithms, and privacy protocols.

So, this makes Ethereum more versatile, thereby supporting many features. Quantum-resistant signature algorithms do exist; they have existed for 20 years. We know what they are and how to build them. The problem is they are not efficient. A quantum-resistant signature takes up 2000-3000 bytes, while current signatures are only 64 bytes; it also costs 200,000 Gas on-chain, while now it only costs 3000 Gas. Therefore, there are two types of signatures we can use: one is hash-based, and the other is lattice-based signatures. The idea is to add vectorization into the EVM, essentially applying the same logic used to make computers run AI quickly. We are actively working to make signatures resistant to quantum attacks and more efficient.

Scaling state storage, account balances, and smart contract execution is relatively easy, but scaling storage is more difficult. There's still a lot of work, and we must focus on this. So, these are all the short-term and long-term plans, and this is the direction we truly want Ethereum to develop. Ethereum is not meant to compete with high-frequency trading platforms. Ethereum is not meant to be the fastest chain. Ethereum aims to be the secure chain, the decentralized chain, the chain that will stay online, the chain you can always rely on.

So, one goal is to maximize secure consensus. This means if the network is secure, it can withstand 49% of nodes failing, and it can actually withstand almost all nodes going offline, thus possessing the same properties as Bitcoin. If there is a network issue, you can still maintain 33% security finality. That's the first part.

The second part is formal verification of everything. And we have already started actively using artificial intelligence to generate code proofs, proving that the software version running Ethereum indeed possesses the properties it should have. We have made progress; this was impossible two years ago. AI is developing rapidly, so we are leveraging this, pursuing extreme simplicity, keeping the long-term protocol as simple as possible, and maximizing preparedness for the future.

Therefore, a network needs to pass offline tests. If a network needs to be used, you can rely on it even if there is no power outlet available. Because it's actually the same principle, and it's what Bitcoin pursues. If you want to be a long-term holder, you need to ensure the security of your digital assets long-term. You need to rely on something that can continuously guarantee security, whose security does not depend on the continued existence of a particular team or that team continuing to work. Ethereum's consensus combines the advantages of two approaches: the Bitcoin-style longest chain rule and the BFT (Byzantine Fault Tolerance) method. This is finality, coupled with optimal security properties, quantum security, and fast finality.

Therefore, finality is achieved within one to three slots. It is expected that the chain will reach finality in about 10-20 seconds, or even less. zkVM allows you to verify the chain without relying on a large computer to run all operations yourself. Everyone should verify the chain; even your phone, IoT devices should verify the chain before you trust it. And the zero-knowledge virtual machine (zkVM) is already fast enough to prove that real-time virtual machine execution is feasible. The goal this year is to make them secure enough, starting with using zkVM for a small percentage of the network and gradually increasing that proportion. By 2028, this enables it to scale and handle more transactions without sacrificing decentralization.

What is the vision for these things? Ethereum is the world computer. It is both a globally shared layer for making commitments, publishing data, and recording actions; it is a platform where data can be published, where you can prove data has been published or not yet published, and it is open for everyone to use; it is also a globally shared layer for guaranteeing the execution of high-value rules. Ethereum needs to have maximum robustness and be extremely easy to verify. I believe in the future, with AI, it will actually become easier, simpler than we imagine, to truly ensure software security.

If you want to secure software, but people are unwilling to do so, then there will be 10 times more software vulnerabilities and 10 times more attacks than before. Therefore, Ethereum, as a blockchain, needs to prioritize security first, then decentralization. When these conditions are guaranteed, provide this security to users as much as possible. So, if you intend to build decentralized applications that ensure self-sovereignty, security, verifiability, and guarantee user participation—this includes finance, decentralized social, identity, and applications that are partly financial, partly non-financial (including ENS, prediction markets, etc.), covering many things. Ethereum can make application development simple; by default, this is the core goal.

The roadmap for the next four years is designed precisely around this goal. Thank you!