Ethereum co-founder Vitalik Buterin published a deep analysis on May 18, examining the current state and prospects of Formal Verification techniques. He believes that AI-assisted Formal Verification will become the “ultimate form of software development,” and指出 that Ethereum will be an important part of the future “secure core” architecture.
## The Core Principles and Applicable Scenarios of Formal Verification
According to Vitalik’s article, Formal Verification is especially suitable for scenarios where “the goal is far more difficult than the implementation.” He explicitly lists four categories of core technical components for Ethereum’s next-stage upgrades:
Quantum-resistant signatures: Formal verification work for an SPHINCS signature variant already exists
STARK proof system: The Arklib project is dedicated to creating a fully formally verified STARK implementation
Byzantine fault-tolerant consensus algorithm: Work is currently underway to formally define and prove the safety properties of Lean consensus
ZK-EVM: The evm-asm project aims to build a complete formally verified EVM implementation (written directly in RISC-V assembly language)
Vitalik cites Yoichi Hirai’s view, calling this approach the “ultimate form of software development.”
## Directions for the Evolution of the “Secure Core” Architecture Described by Vitalik
According to Vitalik’s article, he describes the future evolution pattern of software architecture:
Secure core: Continuously strengthened through formal methods, carrying the highest level of trust; Vitalik clearly states that Ethereum, the operating system core, and IoT-related applications will become part of the secure core.
Insecure edges: Edge components run in a sandbox environment and are granted the minimum permissions needed to complete their work; if an edge component fails, the secure core provides protection.
## Confirmation Limitations and Failure Modes of Formal Verification
Vitalik concedes that Formal Verification is not a cure-all. He cites the work of researchers such as Nadim Kobeissi (Cryspen), confirming three main failure modes: partial verification (only verifying part of the code while crucial defects remain in unverified parts); specification omissions (errors in the security specifications themselves, or incorrect assumptions included in the proofs); side-channel attacks (side-channel attacks at the software-hardware boundary are hard to be captured by existing models).
Vitalik emphasizes that “provable correctness” fundamentally verifies the internal consistency between different expressed intentions, rather than any absolute correspondence with humans’ real intentions.
## Tools for AI-Assisted Formal Verification
According to the tools confirmed in Vitalik’s article: Lean (a mathematical proof language that can automatically verify theorems); Claude and Deepseek 4 Pro (Vitalik confirms they are sufficient for writing Lean proofs); Leanstral (a 119B-parameter open-weight model specialized for fine-tuning written for Lean, runnable locally, with benchmark performance better than many larger-scale general-purpose models).
## FAQ
#### Why does Vitalik think Ethereum should become a “secure core”?
Based on Vitalik’s article, Ethereum is similar to the operating system core, carrying the highest level of trust in society’s digitalization process. He points out that the design goal of the secure core is to achieve a security standard where buggy code is not allowed to proliferate, and to channel all additional hashrate brought by AI into improving the secure core’s security.
#### Why is Formal Verification especially suitable for technologies like STARK and ZK-EVM?
According to Vitalik’s analysis, the shared characteristic of these technologies is that “the goal is far more difficult than the implementation”—their security properties can be clearly defined using mathematical language, but the actual implementation is extremely complex, which is precisely the scenario where formal verification can make the most impact.
#### How does Vitalik suggest developers actually use AI-assisted Formal Verification?
According to Vitalik’s article, he suggests having AI write Lean code and mathematical proofs, so that users only need to check whether the proved statements match expectations, without having to write the tedious underlying proof code themselves. He confirms that Claude, Deepseek 4 Pro, and Leanstral are the main tools currently available.
