The biggest privacy upgrade in Monero's 12-year history. Updated March 2026.
Monero currently uses ring signatures to hide the true sender. When you spend XMR, your transaction includes 15 decoy inputs alongside your real one, creating a ring of 16 possible signers. An observer cannot tell which of the 16 is real.
This works well — Monero has never been reliably traced. But it is not perfect:
FCMP++ eliminates all of these attack vectors.
Before (ring signatures): Your transaction proves "I am one of these 16 outputs" — but the 16 are visible to everyone.
After (FCMP++): Your transaction proves "I am one of ALL outputs that have ever existed on Monero's blockchain" — and nobody can tell which ones were even considered.
Instead of selecting 16 specific decoys, FCMP++ uses curve trees — a Merkle-like tree structure over elliptic curves — to prove membership in the entire output set without revealing which output is yours.
| Feature | Ring Signatures (Current) | FCMP++ (Upcoming) |
|---|---|---|
| Anonymity set | 16 outputs | ALL outputs (~100M+) |
| Decoy selection | 16 specific, visible decoys | Hidden — no decoys needed |
| Statistical analysis | Possible (academic research) | Effectively impossible |
| Flooding attacks | Partially effective | Irrelevant — all outputs in set |
| Proof size | ~1.5 KB per input | ~3-5 KB per input (estimated) |
| Verification time | ~5 ms | ~10-20 ms (estimated) |
| Transaction fees | ~$0.001 | ~$0.002-0.005 (estimated) |
Imagine every unspent output on Monero's blockchain is a leaf in a giant tree. To prove you own one leaf without revealing which one, you create a proof that says: "I know a path from some leaf to the root of this tree, and the leaf is a valid output that I control."
The proof is zero-knowledge — it reveals nothing about which leaf (output) is yours. The verifier can check the proof against the tree root (which they know from the blockchain) and confirm the statement is true, without learning anything else.
The mathematical foundation uses Selene (a new Pedersen-based inner-product argument) over two elliptic curves, creating a "cycle" that allows efficient recursive proving.
For P2P traders: FCMP++ makes Monero significantly harder to analyze. Today, sophisticated actors (exchanges, blockchain analytics firms, governments) can apply heuristic analysis to ring signatures. After FCMP++, even theoretical analysis becomes impractical.
This strengthens the case for P2P trading: even if your counterparty is compromised, the on-chain trail reveals nothing.
Chainalysis, CipherTrace (now Mastercard), and Elliptic have all claimed "Monero tracing" capabilities. These claims are already dubious with ring size 16 — see Can Monero Be Traced?. With FCMP++, their statistical methods lose all theoretical basis. The IRS's $625,000 bounty for Monero tracing becomes even more futile.
FCMP++ may accelerate exchange delistings, as regulators cite "enhanced privacy" as justification. But this is already happening: Binance, OKX, and most major exchanges have already delisted XMR. P2P trading (complete guide) is already the primary path for Monero users. FCMP++ reinforces this trend rather than creating it.
Is Monero legal after FCMP++? Yes — privacy technology is legal in virtually every jurisdiction. Owning and using Monero is not a crime.
| Milestone | Status (March 2026) |
|---|---|
| Research paper published | ✔ Complete |
| Reference implementation | ✔ Complete (Rust) |
| Integration into Monero codebase | In progress (active PRs) |
| Testnet deployment | Expected H1 2026 |
| Mainnet hard fork | Expected H2 2026 (no exact date) |
| Wallet updates required | All wallets must update before fork |
FCMP++ replaces ring signatures, but the other privacy layers remain:
Zcash's Halo 2 upgrade also uses recursive proofs, but Zcash privacy remains optional (~5% of transactions). FCMP++ on Monero is mandatory — every single transaction uses it. Mandatory > optional for privacy. Full comparison: Monero vs Zcash.
Update your wallet before the hard fork. That's it. Your funds, seed, and addresses remain the same.
Slightly — FCMP++ proofs are larger than ring signatures. But fees should stay well under $0.01 per transaction.
Haveno and multisig escrow will work the same after FCMP++. The 2-of-3 multisig mechanism is independent of ring signatures.
Seraphis was an earlier proposal that included FCMP-like features plus address changes. FCMP++ is a more focused upgrade that achieves the privacy benefits without requiring address format changes.
FCMP++ is not just an incremental improvement — it is a paradigm shift. Moving from "hide among 16" to "hide among all" closes the theoretical gap between Monero's privacy and perfect privacy. For P2P traders, this means even stronger guarantees that on-chain analysis cannot compromise your trades.
After FCMP++, the primary privacy risks become user-side: IP leaks (mitigated by running your own node over Tor), exchange deposits (mitigated by buying without KYC), and metadata leaks (mitigated by good operational security).
Trade Monero P2P — Maximum Privacy, Now and After FCMP++
Cash by Mail (EU-wide) • Face-to-Face (SW Germany) • 683 trades, 100% feedback