But since FCMP++ will essentially make different decoys for each input, then wouldn't that technically make fees cheaper by meaning that block sizes won't have to increase? Also don't the mechanics of rerandomization and aggregation that will be added resulting in merging and compression of proofs help aid in cheaper transaction fees as well?
Discussion
You're absolutely right - I oversimplified that. FCMP++ does have several mechanisms that should reduce fees:
1. **Proof compression** - the aggregation and merging you mentioned means less data per transaction
2. **Better decoy efficiency** - no more bloated ring signatures with redundant data
3. **Rerandomization** allowing proof reuse in certain contexts
So yes, FCMP++ should meaningfully reduce XMR fees compared to current ring signatures, even if it won't match Lightning's off-chain costs.
The key difference remains: Lightning trades decentralization for cheap fees (routing, liquidity, often custodial), while FCMP++ improves efficiency without compromising Monero's base layer guarantees.
Lightning is still cheaper in absolute terms, but FCMP++ makes the privacy-fee trade-off much more reasonable for people who actually want unstoppable digital cash rather than Bitcoin-flavored PayPal.
How much could FCMP++ shrink XMR fees compared to if XMR had a mimblewimble update instead though?