What 15 privacy protocols actually deliver. Sources listed in footnotes.
| Privacy Model | Cryptographic Foundation | Performance & UX | Ecosystem & Access | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Protocol | Multi-asset privacy pool |
Formally ZK proofs |
No user-managed note secrets |
Efficient note discovery |
Selective disclosure |
No trusted setup |
Post-quantum proof system |
Succinct verifiability |
Fast shield/ unshield |
End-to-end transaction time |
Scalable private transactions |
Programmable privacy |
DeFi composability |
Existing ecosystem |
EVM compatible |
Account abstraction |
Hardware wallet support |
| one pool hides all token types | ZK property formally proven | no separate note secrets to lose | find your funds fast | reveal only what you choose | no ceremony, no trust needed | hash-based proof layer | anyone can verify the chain | go private or public in seconds | proof + confirmation speed | high throughput, low cost | complex private app logic | works with existing protocols | real users, real liquidity | runs on EVM chains | multisig, recovery, session keys | sign with Ledger/Trezor | |
A Starknet regulatory-disclosure privacy-pool design for supported regular ERC-20 assets, with v0.14.2 sequencer-level proof-verification infrastructure live and product access rolling out through partners.
Privacy primitives: proofs, notes, nullifiers, channels, note discovery, viewing-key primitives, delegated phase-1 proving, sequencer-level verification, and the phase-2 client-side/mobile proving roadmap.
The regulatory-disclosure pool design for supported regular ERC-20 assets; public product access is still partner-led.
Asset behavior: supported ERC-20s enter shielded mode, move privately inside the pool, and return to public ERC-20 state.
Wallet teams, ZK / proving engineers, privacy infra builders, Cairo-native teams.
The public surface is v0.14.2 + SNIP-36: offchain execution proofs as a first-class transaction primitive. Generate proofs, attach them to Invoke V3, read proof_facts onchain.
Building a product, token, or wallet integration that needs privacy? We’re working directly with integration partners in this phase.
For non-custodial dapps, the integration surface is the wallet API. Partner wallets and trusted backends can use the SDK inside their own trust boundary; raw viewing keys should not leave it. Open-source SDK access is planned some weeks after public STRK20 launch.
As of May 29, 2026, there are fifteen major privacy protocols in crypto, each taking a fundamentally different approach. This grid evaluates them across 17 technical properties in four categories: privacy model, cryptographic foundation, performance and UX, and ecosystem access.
STRK20 on Starknet, Aztec, Railgun, and Privacy Boost all support multi-asset privacy pools, meaning multiple token types share a single anonymity set. Midnight supports multiple shielded token types, but its docs do not yet establish one canonical shared pool. Tongo on Starknet is different: it encrypts balances and transfer amounts, but does not hide sender/receiver accounts or asset type, so it is confidential rather than anonymous. Zcash and Monero are single-asset only. STRK20 is one of the few rows where users are not expected to preserve separate per-note secret material outside the normal account flow, and it pairs that model with Starknet account abstraction. Most other protocols require two or more key pairs or independent note material. For this column, STRK20 frames its model as regulatory disclosure through encrypted viewing keys and an independent audit path for legitimate regulatory requests. Zcash, Aztec, Aleo, Railgun, and Midnight offer user- or app-controlled disclosure paths; Tornado Cash Classic supports a narrower Compliance Tool for proving a specific deposit/withdrawal link; Tempo, USX, Privacy Boost, and Tongo expose more issuer-, operator-, auditor-, or regulator-oriented disclosure paths.
STRK20 uses S-two STARK proofs: hash-based, post-quantum at the proof layer, and require no trusted setup. The strict academic formal-ZK property is a parallel Stwo track. Tongo uses ElGamal over the Stark curve with Sigma-style zero-knowledge proofs and no trusted setup; zkSecurity audited Tongo and its SHE library in October 2025, but Tongo is still elliptic-curve based and not post-quantum. Zcash's Orchard upgrade uses Halo 2 (no setup), but its older Sapling pool still relies on a trusted ceremony. Aztec uses PLONK with a universal updatable SRS. Railgun, Privacy Boost, and Tornado Cash use Groth16, which requires per-circuit ceremonies. STRK20's post-quantum score reflects the STARK proof system, not a blanket claim that every Starknet dependency is end-to-end post-quantum today. Zama is marked partial because its TFHE stack relies on lattice-based LWE assumptions, but its model is not succinct ZK verification.
STRK20's disclosed design offers one of the fastest user-facing shielding paths: ~2s block confirmation plus sub-5s proof generation in the current delegated/operator-side phase-1 proving path. The grid separates that from client-side/mobile proving, which is still a phase-2 roadmap item for STRK20. Tongo has no mandatory funding, withdrawal, or ragequit wait beyond Starknet transaction confirmation, but its speed rows are partial because no public end-to-end private-transfer wallet/proving benchmark was found. Zcash is bottlenecked by ~75s block times. Privacy Boost advertises sub-500ms TEE proof generation and high throughput through epoch batching, but transfers settle when relays submit epochs and the privacy path depends on an enclave operator. Aztec runs ~6s blocks in Alpha Mainnet (launched March 31, 2026), but Aztec's own Alpha security posts describe the network as experimental alpha software with known vulnerabilities and caution users about value at risk. Midnight uses client-side proving on a roughly 6-second block cadence, but has not yet published a public mainnet latency benchmark. Railgun imposes a mandatory 1-hour standby after shielding. Monero is always private by default but has no opt-out to a transparent state. For scalability, STRK20 inherits Starknet's scalable execution and sequencer-level S-two proof verification. Aztec currently processes about 1 TPS in its Alpha phase.
STRK20 is designed for anonymous interaction with existing Starknet liquidity and app surfaces, rather than a separate privacy chain; this is not a promise that every existing DeFi contract needs zero custom work. Railgun already works across Ethereum, Polygon, Arbitrum, and BSC. Tongo, Aztec, Canton, Midnight, Tempo, Aleo, and Privacy Boost have privacy-capable application environments, SDKs, or token standards within their own ecosystems but are not composable with existing Ethereum or Starknet DeFi without custom integration or unshielding. Starknet, Zcash, Monero, Solana, Canton, and Tornado Cash all have established deployed ecosystems with real liquidity or usage history. Tongo is live on Starknet and integrated into Starkzap, but the confidential-transfer ecosystem is still early. Tempo and Midnight are newly live and still early. USX is live on Scroll and its Private Transfer page describes an active flow, but TVL and privacy-transfer footprint are still modest. Privacy Boost is live as an OP Mainnet beta and has announced Startale/Soneium integration, but public usage telemetry is not yet available. Zama mainnet is live with early applications and infrastructure integrations, but its ecosystem is still nascent.
STRK20 (Starknet) covers a wide range of properties: multi-asset privacy, no trusted setup, a hash-based STARK proof layer, fast shielding, an existing-liquidity DeFi path, programmable privacy, and account abstraction. It is designed to let supported regular ERC-20 assets enter shielded mode on Starknet, move privately inside the pool, and withdraw back to public ERC-20 state. Tongo is best read as a Starknet confidential-transfer primitive: it hides balances and amounts for ERC-20 transfers, but not sender, receiver, or asset type. Zcash pioneered zero-knowledge proofs for payments and has the longest track record. Monero offers always-on privacy with strong anonymity but limited programmability. Aztec is building a full programmable privacy L2 with Noir and its own execution environment, but it remains alpha-stage with explicit security caveats. Midnight is a privacy-first programmable chain built around hybrid public/private state and selective disclosure, with a live but still early ecosystem. Railgun brings privacy to existing EVM DeFi through its shielded pool. Privacy Boost targets enterprise EVM apps with a Groth16 plus TEE privacy SDK; it has strong UX and compliance positioning but a larger privacy trust surface. Aleo enables private computation with Leo, but each program runs in isolation. Zama takes a different approach with fully homomorphic encryption, computing on encrypted data through confidential Solidity contracts, and is beginning to show early mainnet applications and integrations.
STRK20 is Starknet's regulatory-disclosure privacy-pool design for supported regular ERC-20 assets. Starknet v0.14.2 puts sequencer-level S-two proof verification on mainnet, while public STRK20 product access is still partner-led. The design uses a single multi-asset privacy pool, a STARK proof layer with no trusted setup, account abstraction for key management, multi-call composability that lets one private transaction chain unshielding, swaps, and reshielding in a single flow, and regulatory disclosure through encrypted viewing keys and an independent audit path for regulated flows.
STRK20 (Starknet), Tongo, Monero, Solana Confidential, and Canton require no trusted setup. STRK20 uses STARKs, which are hash-based. Tongo uses ElGamal/Sigma-style proofs over the Stark curve. Monero uses Bulletproofs+. Solana uses ElGamal/Bulletproofs. Zcash's Orchard upgrade uses Halo 2 (no setup) but its Sapling pool still has one. Aztec and Aleo use universal SRS setups. Railgun, Privacy Boost, and Tornado Cash use Groth16 per-circuit ceremonies. Tempo is marked partial because its private-token cryptography is not yet publicly specified.
For this grid's proof-system row, STRK20 (Starknet) receives credit because STARKs are hash-based. That should not be read as a claim that every Starknet dependency is end-to-end post-quantum today. Zama receives partial credit: its TFHE stack relies on lattice-based LWE hardness assumptions, but it is not a succinct proof system. Tongo, Zcash, Aztec, Aleo, Railgun, Privacy Boost, and other elliptic-curve-based systems are not treated as post-quantum.
STRK20 lets supported regular ERC-20 assets enter shielded mode on Starknet through a multi-asset privacy pool. Tongo supports confidential ERC-20 transfers on Starknet by encrypting balances and transfer amounts, but it does not hide sender, receiver, or asset type. Railgun supports private transfers of ERC-20 tokens on Ethereum, Polygon, Arbitrum, and BSC. Zama's fhEVM enables confidential ERC-20s through fully homomorphic encryption.
No. Tongo is confidential rather than anonymous: it hides balances and transfer amounts, but sender and receiver accounts and the asset type remain visible. That is why the grid does not score Tongo as a multi-asset anonymity pool.
In this grid, STRK20 scores strongly across multi-asset privacy, S-two STARK proofs, no trusted setup, post-quantum proving, an existing-liquidity DeFi path with multi-call composability, and account abstraction. Its current shielding path uses delegated wallet/operator proving; client-side and mobile proving is the phase-2 path. Zcash has the longest deployed track record of zero-knowledge payments. Monero has always-on privacy by default.
STRK20 on Starknet has one of the fastest disclosed user-facing shield/unshield paths: ~2 second block confirmation plus sub-5 second proof generation in the current delegated/operator-side phase-1 proving path. Tongo has no mandatory funding or withdrawal wait beyond Starknet confirmation, but it is marked partial because no public end-to-end wallet/proving benchmark was found. Zcash is bottlenecked by ~75 second block times. Aztec has ~6 second blocks in Alpha Mainnet (launched March 31, 2026). Railgun requires a mandatory 1-hour standby period after shielding.
