# FCMP++ vs other privacy tech — Zcash, CoinJoin, Mimblewimble, Lelantus-Spark > Side-by-side: FCMP++ (Monero) vs zk-SNARKs (Zcash), CoinJoin (Bitcoin), Mimblewimble (Beam/Grin), Lelantus-Spark (Firo). Threat models, trust assumptions, anonymity sets, default-on vs opt-in, and where each makes sense. Canonical URL: https://xmr.club/guides/fcmp-vs-other-privacy-tech Locales: https://xmr.club/llm/guides/fcmp-vs-other-privacy-tech.txt · https://xmr.club/zh/llm/guides/fcmp-vs-other-privacy-tech.txt · https://xmr.club/es/llm/guides/fcmp-vs-other-privacy-tech.txt · https://xmr.club/ru/llm/guides/fcmp-vs-other-privacy-tech.txt ## Overview Every "privacy crypto" makes the case differently. FCMP++ is Monero's 2026 answer to "how do we keep privacy default-on while scaling the anonymity set to the entire chain". This guide compares it against the four other approaches you'll see cited: zk-SNARKs (Zcash), CoinJoin (Bitcoin Wasabi/Samourai-style mixers), Mimblewimble (Beam, Grin), and Lelantus-Spark (Firo). Each does something different — and each has trade-offs FCMP++ doesn't. ## Body Quick comparison Approach Default-on? Anonymity set Trusted setup? Proof size Chains FCMP++ Yes All chain UTXOs No ~2 KB / input Monero (post-fork) zk-SNARKs Opt-in (shielded pool) Shielded-pool only Yes (per-circuit) ~200 bytes Zcash CoinJoin No (user-initiated) Mix participants No n/a (just a tx) Bitcoin (Wasabi, etc.) Mimblewimble Yes Cut-through outputs No Compact (cut-through) Beam, Grin Lelantus-Spark Opt-in (Spark pool) Spark-pool subset No ~2-3 KB / input Firo "Default-on" matters a lot for the floor: opt-in privacy schemes have the well-known "the few transparent users stand out" problem. FCMP++ in this lineup FCMP++ is the only entry that combines all four: default-on privacy, no trusted setup, maximal-possible anonymity set, and a proof small enough for blockchain inclusion. The trade-off is per-input proof size — ~2 KB vs Zcash's ~200 bytes — but Monero accepts the bandwidth in exchange for keeping privacy default-on for every transaction without a trusted-setup ceremony. zk-SNARKs (Zcash) Zcash uses zero-knowledge SNARKs (Succinct Non-interactive Arguments of Knowledge) to prove transaction validity in encrypted form. Inside the "shielded pool", everything is encrypted — sender, recipient, amount — and the proof is tiny (~200 bytes). Strengths: Smallest proofs of any privacy scheme. Cheap bandwidth-wise. Strong privacy inside the shielded pool — encrypted everything. Trade-offs: Opt-in. Most Zcash supply has historically lived in the transparent pool; only a fraction routes through shielded. The shielded users stand out by definition. Trusted setup. Earlier Zcash versions required a multi-party "ceremony" to generate the proving parameters. If the ceremony was compromised, undetectable inflation became possible. Halo 2 (current Zcash) removes the trusted setup; older shielded pools predating Halo 2 had it. Reputation hangover persists. Computational cost on the prover side. SNARK proving is slow — multi-second on phones. Wallet UX has caught up but it constrains design. CoinJoin (Bitcoin) CoinJoin is not a privacy chain — it's an opt-in mixing protocol on top of Bitcoin's fully transparent chain. Many users co-sign a single transaction with many inputs and many same-value outputs, so chain analysis can't straightforwardly link any specific input to any specific output. Strengths: Runs on Bitcoin — no new chain needed. Most-liquid base layer. No new cryptography. Just clever use of standard signatures + scripts. Coordinator-free designs (e.g. Wabisabi) avoid central trust. Trade-offs: Opt-in . Most Bitcoin spends are pseudonymous-but-traceable. CoinJoin participants are a tiny subset. Anonymity set = participants in that specific round . Maybe 100, maybe 1000 — orders of magnitude smaller than chain-wide. Heuristics still exist. Coin-control mistakes (mixing then immediately consolidating) re-link your outputs. Regulatory pressure. Tornado Cash sanctions in 2022 + Wasabi/Samourai shutdowns in 2024 set a precedent that operators of mixing infrastructure can be prosecuted. The protocol survives; the user-facing services have churned. Mimblewimble (Beam, Grin) Mimblewimble is a different blockchain design entirely: no addresses, no scripting language, transactions are aggregated and "cut-through" so intermediate outputs disappear from the chain. The default is privacy + compact chain. Strengths: Smallest chain footprint of any privacy design — cut-through erases intermediate state. Default-on privacy. No opt-in pool. No trusted setup. Trade-offs: No on-chain addresses. Sender and receiver must do an interactive transaction-building step. Asynchronous payments (drop coins to an address while the recipient is offline) don't work the same way as in Bitcoin/Monero. Limited script. No on-chain DeFi-style logic; Mimblewimble chose simplicity over expressiveness. Smaller, less battle-tested communities. Beam and Grin both lost mining hashrate share over the years; ecosystem support thinned out. Privacy is good on chain but harder to compose with other systems (wallets, exchanges, payment processors). Lelantus-Spark (Firo) Lelantus-Spark is Firo's privacy scheme: zero-knowledge proofs over a shielded pool with no trusted setup. Conceptually it sits between Monero's default-on privacy and Zcash's opt-in pool: you opt into the Spark pool, but inside the pool, all transactions are private. Strengths: No trusted setup. Better cryptographic posture than pre-Halo2 Zcash. Strong privacy inside the Spark pool. Direct intellectual lineage to Monero's research direction (similar primitives). Trade-offs: Opt-in pool model. Same problem as Zcash: most users are outside the pool. The pool itself is the anonymity set. Smaller ecosystem than Monero or Bitcoin. Firo is a smaller chain by market cap, hashrate, and developer base. Proof size similar to FCMP++ (~2-3 KB) but over a much smaller anonymity set, so the privacy-per-byte ratio is worse. Where FCMP++ stands out Comparing across the table: Default-on + max anonymity set: Only FCMP++ and Mimblewimble are both default-on AND large anonymity set. Mimblewimble pays for it with no scripting and no async payments; FCMP++ keeps Monero's addressing model intact. No trusted setup: FCMP++, CoinJoin, Mimblewimble, Lelantus-Spark all clean. Pre-Halo2 Zcash had the reputational shadow of its setup ceremony; current Zcash with Halo 2 removes it but the older shielded pool still exists. Composability: FCMP++ + Monero's addressing means existing wallets, exchanges, payment processors, and Tor-friendly tooling keep working unchanged. The fork is internal. CoinJoin and zk-SNARK opt-in pools demand additional steps from users. Mimblewimble demands interactive transaction-building. Liquidity: Bitcoin (CoinJoin venue) has the deepest liquidity by far. Monero (FCMP++) has the second-deepest privacy-coin liquidity. Zcash has shrunk; Firo and Mimblewimble chains have smaller pools still. The summary: if you want default-on privacy without trusted setup, with the largest possible anonymity set and a working ecosystem, FCMP++ is the only entry that hits all four . The cost is per-input proof size (~2 KB vs Zcash's ~200 bytes). That's the deliberate trade Monero is making. When is the comparison not relevant None of these helps if you: Use a custodial exchange. The exchange knows everything — protocol-layer privacy doesn't reach into their database. Reveal your IP. All of the above leak at the network layer if you don't pair with Tor or I2P. Reuse an address. CoinJoin and FCMP++ are about the chain layer; address reuse breaks both. See Receive XMR privately for hygiene. Care more about identity-shielding than coin-flow-shielding. None of these change KYC at the on-ramp. See What is no-KYC? . FCMP++ is a chain-layer privacy primitive. The rest of the stack (network, identity, operational) is independent and equally important. See also FCMP++ explained — what the upgrade actually does inside Monero. Prepare for FCMP++ — pre-fork checklist. Privacy threat models — pick the right tools for your adversary. ## License CC-BY-4.0. Attribute "xmr.club".