What Is Seraphis? Monero's Next-Generation Transaction Protocol

Monero's ring size has been frozen at 16 since the August 2022 hard fork, which means every time you spend, your real input hides among exactly 15 decoys. That number was a deliberate compromise — large enough to frustrate casual analysis, small enough to keep transactions cheap. Researchers have spent years asking a harder question: what would it take to hide your spend among thousands of outputs, or even every output ever created, without bloating the chain? Seraphis is one of the most ambitious answers the Monero Research Lab has produced.

If you have read about Monero's roadmap recently, you have probably seen Seraphis, Jamtis, and FCMP++ mentioned in the same breath, often with no clear explanation of how they relate. Some people assume Seraphis is the next upgrade already on its way to your wallet. The reality in 2026 is more interesting and more nuanced than that. This guide explains what Seraphis actually is, the problems it was designed to solve, how it differs from the RingCT and CLSAG system securing your coins today, and where it sits relative to the work that is actually shipping. Whether you hold XMR you bought through MoneroSwapper or coins you mined yourself, understanding this roadmap helps you read upgrade news without the hype.

Why Seraphis exists: the limits of today's protocol

Monero already gives you privacy on three fronts. RingCT hides transaction amounts, stealth address technology hides the receiver, and ring signatures — currently in the CLSAG form — hide which input you actually spent. The system works, but it carries structural limits that have nagged at researchers for years.

• The anonymity set is small and fixed: A ring of 16 means a chain analyst starts every guess with a 1-in-16 chance. That is decent, but it is not the "needle in a haystack the size of the whole chain" that maximal privacy would demand. Heuristics and timing analysis can sometimes narrow it further.
• Decoys age badly: Because rings are sampled from existing outputs, statistical quirks — the "newest output is usually the real spend" heuristic, for example — give analysts probabilistic footholds that grow over time as more spend patterns accumulate.
• The protocol is monolithic: In the current design the membership proof, the ownership proof, and the amount proof are tightly coupled. Swapping in a better proof system later means a deep, risky rewrite rather than a clean module replacement.
• Multisig is fragile: Monero's existing multisignature scheme is notoriously complicated and has needed multiple rounds of fixes. The underlying math was never designed with clean multisig in mind.

Seraphis was conceived by Monero researcher koe as a ground-up redesign of the transaction protocol that addresses these structural issues at once. Rather than patch the existing CryptoNote-derived design again, it rethinks how a Monero transaction proves "I own one of these outputs, I am spending it exactly once, and the amounts balance" — and it does so in a way that is meant to last for the next decade rather than the next fork.

What Seraphis actually changes

Seraphis is best understood as an abstract transaction protocol: it defines the rules a valid spend must satisfy and deliberately leaves room for the proof systems underneath to evolve. That abstraction is the whole point. The design draws on academic work such as Lelantus Spark and the earlier Triptych proposal, and it separates concerns that the current protocol jams together.

A swappable membership proof

The headline feature is decoupling. In Seraphis, the membership proof — the part that shows your spent output belongs to some set of plausible outputs — is a pluggable component. The anonymity set is no longer hard-wired to a ring of 16. The protocol can support much larger sets, and crucially it can adopt a stronger proof system in the future without another full protocol redesign.

This is where full-chain membership proofs enter the story. Instead of proving membership in a ring of 16, the goal becomes proving membership in the entire set of outputs that have ever existed on the chain — well over 100 million by 2026. A spend would then be indistinguishable from any other output in Monero's history, which is the strongest membership privacy that is mathematically meaningful.

Jamtis: the addressing layer

A new transaction protocol needs a new addressing scheme, and that is Jamtis. Where Seraphis governs how spends are proven, Jamtis governs how funds are addressed, scanned, and received. It was designed to fix long-standing wallet-level annoyances that have nothing to do with ring math but everything to do with day-to-day use.

• Cleaner addresses: Jamtis replaces the awkward split between standard addresses, integrated addresses, and payment IDs with a single, consistent address format. The legacy payment ID system, which has leaked metadata in the past, goes away.
• Faster, more reliable scanning: The current Subaddress system relies on a precomputed lookahead window, so a wallet can miss funds sent to a Subaddress far beyond that window. Jamtis is designed so wallets reliably detect received funds without that fragile guessing game.
• Janus attack resistance: A Janus attack tries to confirm that two of your addresses belong to the same wallet by crafting a malicious payment. Jamtis bakes in resistance so that linking two of your addresses this way no longer works.

Tiered wallet access and forward secrecy

One of the most practical innovations is tiered keys. Today a Monero wallet effectively has a View key and a Spend key, which gives you a blunt all-or-nothing split. Jamtis introduces several key tiers so you can grant precise capabilities to different parties or devices.

Picture a merchant: one tier lets a point-of-sale device generate fresh addresses, another lets an accountant detect which payments arrived, and a higher tier lets the back office compute the full balance — all without ever exposing the key that authorizes spending. The same structure also improves things like view-only wallets and light-wallet servers, and it supports forward secrecy properties so that a key compromised tomorrow does not retroactively expose everything you ever received.

Seraphis is not a single feature you toggle on — it is a new foundation designed so Monero can keep upgrading its privacy guarantees for years without tearing up the floorboards each time.

Seraphis vs. the current protocol vs. FCMP++

Here is the part that confuses most people. Seraphis, Jamtis, and FCMP++ are related but distinct, and the relationship between them shifted significantly between 2023 and 2025. The table below lays out how each piece compares to the protocol running today.

FCMP++ — full-chain membership proofs, in an enhanced form developed largely by the researcher known as kayabaNerve — is the pragmatic breakthrough. The original assumption was that full-chain membership proofs would arrive bundled inside Seraphis. But FCMP++ turned out to be deployable on Monero's existing RingCT outputs without first replacing the whole transaction protocol. It uses a cycle of elliptic curves (named Helios and Selene) arranged as a curve tree, plus a spend-authorization-and-linkability proof, to prove your input belongs to the entire chain rather than a ring of 16.

Because FCMP++ delivers the single biggest privacy win — the jump from 16 to full-chain — without the multi-year risk of a complete rewrite, the community prioritized it. A dedicated community-funded effort paid for multiple independent audits of the FCMP++ cryptography across 2024 and 2025. Alongside it, a new addressing scheme called Carrot brings many of Jamtis's benefits (Janus resistance, tiered keys, forward secrecy) to the FCMP++ world without requiring Seraphis first.

Where Seraphis stands on the 2026 roadmap

So is Seraphis dead? No — but it is no longer the immediate next step, and that is the single most important thing to understand from this article. The thinking that produced Seraphis fed directly into FCMP++ and Carrot, which capture the most valuable improvements on a shorter, safer timeline. Seraphis as a complete transaction-protocol swap remains a longer-term option that the community may or may not pursue once full-chain membership proofs are live.

If you are a regular Monero user, here is how any of this reaches you in practice:

1. Research and audits finish. Cryptographers specify the upgrade, then independent firms audit the code and the math. FCMP++ went through exactly this in 2024–2025.
2. A hard fork is scheduled. Monero coordinates network upgrades roughly on a cadence, bundling consensus changes into a dated fork.
3. You update your software. When the fork lands, you upgrade the official wallet from getmonero.org (or your hardware-wallet firmware). Your keys and balance carry over; you do not move coins manually.
4. Old transaction types stop being valid. After the fork height, the network requires the new format, and your wallet builds transactions the new way automatically.

In other words, you will not "install Seraphis." You will update your wallet around a hard fork, and the protocol underneath will be whatever the network has agreed to activate — most likely FCMP++ with Carrot first, with Seraphis-style changes a possibility further out.

What it means for everyday Monero users

It is easy to treat all of this as academic, but the practical stakes are real. The 2024–2025 wave of exchange delistings — driven by tightening rules under frameworks like the EU's MiCA and pressure from regulators that the IRS and FATF help shape — pushed many holders toward self-custody and no-account swaps precisely because Monero's privacy still works. The upgrades described here are about keeping that privacy ahead of increasingly sophisticated chain analysis.

Consider a freelancer who accepts XMR for remote work. Today, each payment they receive hides among 16 ring members, and a determined analyst with enough data points might chip away at that. Once full-chain membership proofs activate, that same payment hides among every output in Monero's history, and the "newest output is probably the real one" heuristic stops working entirely. The freelancer does nothing differently except update their wallet — but the privacy floor under every transaction rises sharply.

The takeaway for users is calm patience. You do not need to act on Seraphis news today, you do not need to move coins in anticipation, and you should be skeptical of anyone selling urgency around it. When the next fork is announced, update your wallet on schedule and keep your Mnemonic seed backed up offline. If you need to top up your holdings in the meantime, you can acquire XMR without an account through MoneroSwapper and send it straight to a wallet you control. The protocol will keep getting better underneath you.

FAQ

Is Seraphis live on Monero right now?

No. As of 2026, Seraphis remains a researched and specified protocol that has not been activated on Monero's mainnet. The network still runs on RingCT with CLSAG ring signatures and a ring size of 16. The near-term upgrade the community has prioritized is FCMP++, which delivers full-chain membership proofs on the existing protocol rather than replacing it wholesale.

What is the difference between Seraphis and Jamtis?

Seraphis is the transaction protocol — it defines how a spend is proven valid, including the swappable membership proof. Jamtis is the addressing scheme designed to pair with Seraphis: it governs how addresses are formed, how wallets scan for received funds, Janus-attack resistance, and tiered key access. Think of Seraphis as the engine and Jamtis as the addressing and wallet layer built on top of it.

How does Seraphis relate to FCMP++?

They overlap in goals but differ in scope. Full-chain membership proofs were originally expected to arrive inside Seraphis. FCMP++ is an enhanced version that can be deployed on Monero's current RingCT outputs without first swapping the entire transaction protocol, so it ships sooner and with less risk. Much of the thinking behind Seraphis fed into FCMP++ and its companion addressing scheme, Carrot.

Will Seraphis make my older Monero unspendable?

No. Network upgrades change how new transactions are built and validated, not who owns what. Your keys and balance carry over across a hard fork. When an upgrade activates, you simply update your wallet software to a version that supports the new format, and it constructs transactions the new way automatically. You never have to migrate coins by hand.

How big would the anonymity set become?

With full-chain membership proofs, your spent input would be provably indistinguishable from every output ever created on the Monero chain — over 100 million by 2026 — instead of the current ring of 16. That is the strongest membership privacy that is mathematically meaningful, because there are no decoys to age or statistically distinguish; the entire chain is the anonymity set.

Conclusion

Seraphis is best understood not as a button you will press but as a research foundation: an abstract, modular transaction protocol from the Monero Research Lab designed to support far larger anonymity sets, cleaner addressing through Jamtis, tiered wallet keys, and saner multisig. Its most valuable idea — proving your spend belongs to the entire chain rather than a ring of 16 — is arriving sooner through FCMP++ and the Carrot addressing scheme, deployable on today's RingCT base without a full rewrite. Knowing that distinction is what separates an informed Monero user from someone chasing roadmap rumors. When the next hard fork lands, the move is simple: update your wallet and keep your seed safe. And if you want to add to your stack while the cryptographers do their work, you can buy Monero anonymously through MoneroSwapper and hold it in a wallet whose keys never leave your hands.