Will Quantum Computers Break Janus Henderson Anemoy AAA CLO Fund?
Whether quantum computers will break the Janus Henderson Anemoy AAA CLO Fund is a precise question that deserves a precise answer. The fund is a tokenised, on-chain representation of a traditional AAA-rated collateralised loan obligation portfolio. That means two distinct threat surfaces exist: the conventional financial infrastructure underneath, and the blockchain layer sitting on top. This article maps both, explains what would actually have to be true for a quantum attack to succeed, sets a realistic timeline anchored in current engineering reality, and describes the practical steps holders and fund managers can take now.
What the Janus Henderson Anemoy AAA CLO Fund Actually Is
The Anemoy AAA CLO Fund is a product of a partnership between asset manager Janus Henderson and Anemoy, a firm specialising in tokenised real-world assets (RWAs). The fund gives investors on-chain exposure to a portfolio of AAA-rated tranches of collateralised loan obligations, the highest-quality slice of a structured credit vehicle backed by diversified corporate loans.
What makes it technically interesting from a security standpoint is its dual-layer architecture:
- Underlying assets: Traditional senior CLO tranches, custodied and administered through conventional financial rails (SWIFT messaging, central securities depositories, prime brokerage).
- Token layer: On-chain token representing economic rights to those assets, settled on a public or permissioned blockchain using standard cryptographic signature schemes.
Both layers carry distinct exposures to a future quantum adversary, and conflating them produces confused risk analysis.
---
The Cryptographic Foundation: What Signature Scheme Is in Use?
Most tokenised RWA platforms, including those in the Anemoy ecosystem, settle transactions using Ethereum-compatible infrastructure. Ethereum's transaction signing relies on the Elliptic Curve Digital Signature Algorithm (ECDSA) over the secp256k1 curve. Wallet ownership, token transfers, and smart-contract interactions are all authorised by private keys whose security rests on the hardness of the elliptic curve discrete logarithm problem (ECDLP).
Why ECDSA Is Quantum-Vulnerable
In 1994, Peter Shor published a quantum algorithm that solves the integer factorisation and discrete logarithm problems in polynomial time on a sufficiently large quantum computer. Applied to secp256k1, Shor's algorithm can, in theory, derive a private key from its corresponding public key. Once a public key is exposed on-chain — which happens the moment a wallet signs any transaction — a capable quantum computer could reconstruct the private key and sign fraudulent transfers.
This is not a hypothetical vulnerability in the algorithm's logic. It is a mathematically proven weakness that affects every ECDSA-secured wallet and token, regardless of the asset the wallet holds.
The Traditional Finance Layer
The custody and settlement infrastructure beneath the fund's CLO holdings uses its own cryptographic stack: TLS for data-in-transit, RSA or ECC certificates for authentication, and proprietary messaging protocols. RSA is similarly broken by Shor's algorithm. However, traditional financial institutions operate in a closed, permissioned environment with multi-factor authentication, legal recourse, and the ability to reverse fraudulent transactions through administrative processes. The quantum threat to the TradFi layer is real but mitigated by non-cryptographic controls that simply do not exist in a trustless on-chain environment.
---
What Would Have to Be True for a Quantum Attack to Succeed?
Breaking the Anemoy fund's token layer is not a one-step event. A successful attack requires several conditions to be met simultaneously:
- A fault-tolerant quantum computer with sufficient logical qubits. Current estimates suggest that breaking a 256-bit elliptic curve key in a practical timeframe requires roughly 2,000–4,000 logical (error-corrected) qubits. As of 2025, the most advanced publicly disclosed systems operate with hundreds of physical qubits and error rates far too high to run Shor's algorithm at the required depth. The gap between physical and logical qubits, due to error-correction overhead, means the actual physical qubit count needed is in the millions by most estimates.
- The attacker has access to the target wallet's public key. Public keys are exposed on-chain after the first outbound transaction. Wallets that have never signed a transaction reveal only a hash of the public key (a Bitcoin or Ethereum address), which adds one layer of protection. But any active wallet that has ever transferred the Anemoy token has an exposed public key.
- Sufficient compute time relative to block finality. Even if a powerful quantum computer existed, it would need to derive the private key and broadcast a fraudulent transaction before the network finalises legitimate activity. As quantum hardware scales, this window calculation becomes increasingly adversarial.
- No migration or upgrade by the fund or its custodian. If the token contract or the underlying custody arrangement migrates to post-quantum cryptography before a capable adversary exists, the attack surface disappears.
All four conditions must be met. The current bottleneck is condition one by a very wide margin.
---
Realistic Timeline: When Is Q-Day?
"Q-day" refers to the point at which a quantum computer can break production cryptographic keys faster than new keys can be rotated. Analyst views vary considerably:
| Source | Estimated Timeline |
|---|---|
| NIST (2024 PQC standards publication context) | Precautionary migration recommended within 10 years |
| NSA CNSA 2.0 directive | Transition to PQC by 2030–2035 for national security systems |
| IBM Quantum roadmap | Error-corrected utility-scale systems targeted for late 2020s |
| Google Quantum AI | Fault-tolerant systems at scale: 2030s best case |
| Academic consensus (conservative) | Cryptographically relevant quantum computer: 2030–2050 range |
The range reflects genuine uncertainty. Quantum hardware development is non-linear, and a breakthrough in error correction could compress timelines significantly. The responsible framing is not "this will definitely happen in 2035" but rather "the probability is non-trivial over a 15–20 year horizon, and the cost of migration now is low relative to the cost of migration under pressure."
The Harvest-Now, Decrypt-Later Threat
One aspect that is often overlooked is that a state-level adversary does not need to wait until Q-day to begin an attack. The strategy known as "harvest now, decrypt later" involves collecting encrypted data or on-chain transaction records today and decrypting them once quantum capability matures. For the Anemoy fund, this means:
- On-chain transaction history is permanently public and cannot be retroactively encrypted.
- An adversary harvesting public keys and signed messages today could derive private keys at a future date.
- This is particularly relevant for long-lived fund structures where the same wallets may hold positions for a decade or more.
---
What Holders and Fund Managers Can Do Now
The good news is that migration paths exist and are increasingly well-defined. NIST finalised its first set of post-quantum cryptographic standards in 2024, including CRYSTALS-Kyber (key encapsulation) and CRYSTALS-Dilithium (digital signatures), both based on lattice problems that are not known to be vulnerable to Shor's algorithm.
Steps for Individual Token Holders
- Use hardware wallets with active development roadmaps. Prefer custodians that have published PQC migration plans.
- Minimise public key exposure. If your wallet has never sent a transaction, your public key is still hashed. This is a marginal but real protection.
- Monitor the fund manager's communications. Janus Henderson and Anemoy will need to publish token migration plans as PQC standards mature. Watch for formal announcements.
- Diversify custodial arrangements. Do not concentrate holdings in a single wallet address for extended periods.
Steps for Fund Operators
- Audit the smart contract's upgrade path. Can the token contract be migrated to a new address controlled by a PQC-secured key? If the contract is immutable, a token migration event (similar to a hard fork or contract upgrade) will be required.
- Engage with layer-1 roadmaps. Ethereum's long-term roadmap acknowledges the quantum threat. Sticking with chains that have active PQC upgrade plans is strategically sound.
- Apply NIST PQC standards to off-chain infrastructure now. TLS certificates, API authentication, and internal messaging can be upgraded to PQC today without waiting for on-chain solutions.
- Establish key rotation policies. Define how often wallet addresses are rotated and under what conditions an emergency migration would be triggered.
---
How Natively Post-Quantum Designs Differ
The Anemoy fund was built on existing blockchain infrastructure that predates the NIST PQC standards. That is not a criticism — it reflects the state of the ecosystem at the time of design. But it illustrates a structural difference between retrofitting PQC onto an existing system and building PQC in from the ground up.
Projects designed natively around post-quantum cryptography, such as BMIC.ai, use lattice-based signature schemes aligned with NIST's PQC standards at the wallet and transaction layer from day one. There is no legacy ECDSA infrastructure to migrate away from, no token contract that needs an upgrade event, and no period of dual-stack operation during which both old and new keys exist simultaneously. The security model is coherent from genesis rather than patched incrementally.
This architectural difference matters for long-duration assets. A CLO fund with a 5–10 year investment horizon extends meaningfully into the window where quantum risk, while still probabilistic, is no longer negligible. Holders of tokenised RWAs with multi-year lock-up periods have a stronger reason to care about the cryptographic durability of the token layer than spot traders who cycle positions weekly.
---
Summary: Is the Fund Broken Now? No. Should Holders Pay Attention? Yes.
The Janus Henderson Anemoy AAA CLO Fund is not cryptographically broken today. No quantum computer capable of running Shor's algorithm against a 256-bit elliptic curve key at production scale exists. The underlying CLO assets are secured through conventional financial infrastructure with its own non-cryptographic safeguards.
However, several factors justify active monitoring rather than complacency:
- The harvest-now, decrypt-later threat is real and operates on today's data with tomorrow's compute.
- The fund's investment horizon likely extends into a window where quantum risk becomes progressively less theoretical.
- Token-layer security depends entirely on the cryptographic assumptions of ECDSA, which are provably broken by a sufficiently powerful quantum computer.
- Migration is tractable but requires proactive planning from both fund operators and infrastructure providers.
The appropriate response is not alarm. It is the same disciplined risk management that applies to any infrastructure dependency: understand the exposure, monitor developments, and act on migration when the cost-benefit calculation shifts — ideally before it becomes urgent.
Frequently Asked Questions
Will quantum computers break the Janus Henderson Anemoy AAA CLO Fund right now?
No. No quantum computer capable of breaking a 256-bit elliptic curve key — the type used by Ethereum-compatible token infrastructure — exists as of 2025. The fund's token layer is currently secure under classical threat models. The risk is forward-looking, not immediate.
What specific cryptographic algorithm protects the Anemoy fund's token layer?
The token layer uses Ethereum-compatible infrastructure secured by ECDSA (Elliptic Curve Digital Signature Algorithm) over the secp256k1 curve. This algorithm is theoretically vulnerable to Shor's quantum algorithm but only on a fault-tolerant quantum computer with millions of physical qubits — hardware that does not currently exist.
What is the harvest-now, decrypt-later threat and why does it matter for CLO fund holders?
Harvest-now, decrypt-later refers to an adversary collecting on-chain transaction data and public keys today, with the intention of decrypting or forging signatures once a capable quantum computer becomes available. Because on-chain data is permanent and public, wallets that have already signed transactions have permanently exposed public keys. For holders with multi-year lock-up periods, this is a concrete rather than purely theoretical concern.
When do most analysts expect a cryptographically relevant quantum computer to exist?
Estimates range from the early 2030s in optimistic scenarios to mid-2040s or beyond in conservative academic projections. NIST and the NSA have both issued guidance recommending migration to post-quantum cryptographic standards within the next 5–15 years, which reflects the genuine uncertainty in the timeline.
What can Janus Henderson and Anemoy do to protect the fund against future quantum threats?
Fund operators can audit the smart contract's upgrade path to assess whether a migration to a post-quantum-secured token contract is feasible, upgrade off-chain infrastructure (TLS, API authentication) to NIST PQC standards now, and establish key rotation policies for wallet addresses. They should also monitor Ethereum's own roadmap for post-quantum signature integration at the protocol level.
How does a natively post-quantum wallet differ from an ECDSA wallet migrated to PQC?
A natively post-quantum design uses lattice-based or other PQC-aligned signature schemes from its first transaction, meaning there is no legacy ECDSA infrastructure to migrate away from and no period where both old and new key types coexist. A retrofitted migration requires a transition period, a token migration event, and careful management of the dual-stack window, during which old keys may still be exposed.