Will Quantum Computers Break Janus Henderson Anemoy Treasury Fund?

Will quantum computers break Janus Henderson Anemoy Treasury Fund — and if so, when, and how seriously? This article answers that question with precision: examining the cryptographic signature scheme underpinning the fund's on-chain infrastructure, what a sufficiently powerful quantum computer would actually need to do to compromise it, where current hardware sits on that path, and what realistic steps exist for both the fund's operators and its token holders. No fear-mongering, no vague warnings — just a clear-eyed analysis of the mechanism and the timeline.

What Is the Janus Henderson Anemoy Treasury Fund?

The Janus Henderson Anemoy Treasury Fund is a tokenised real-world asset (RWA) product that brings exposure to short-duration U.S. Treasury bills onto a public blockchain. Launched through a partnership between asset manager Janus Henderson and Anemoy, the fund operates on the Ethereum-compatible Flare Network, minting a token (TBILL) that represents fractional ownership of the underlying Treasury portfolio.

The fund targets institutional and qualified investors seeking yield-bearing, on-chain liquidity. Its appeal lies precisely in combining the credit quality of U.S. government debt with the programmability and composability of DeFi infrastructure. Settlement, custody attestation, and transfer are all mediated by smart contracts, which means the fund's security profile is inseparable from the cryptography securing those contracts and the wallets that hold the tokens.

How On-Chain Ownership Is Established

Ownership of TBILL tokens is recorded on-chain by associating balances with Ethereum-style addresses. Each address is derived from a public key, which is itself derived from a private key using elliptic curve cryptography — specifically the secp256k1 curve, the same curve used by Bitcoin and the vast majority of EVM-compatible chains. To spend, transfer, or redeem tokens, the holder must produce a valid ECDSA (Elliptic Curve Digital Signature Algorithm) signature proving knowledge of the private key.

This is the cryptographic layer that quantum computing puts under pressure.

---

The Quantum Threat to ECDSA: The Mechanism

To understand whether quantum computers will break the Janus Henderson Anemoy Treasury Fund, you first need to understand what "breaking" actually means in cryptographic terms.

Shor's Algorithm and Elliptic Curve Keys

In 1994, mathematician Peter Shor published an algorithm that runs efficiently on quantum hardware and can factor large integers and compute discrete logarithms in polynomial time. ECDSA security rests entirely on the hardness of the elliptic curve discrete logarithm problem (ECDLP). A cryptographically relevant quantum computer (CRQC) running Shor's algorithm could, in theory, derive a private key from a known public key.

The attack path for an EVM-based token holder looks like this:

1. A holder's public key is exposed on-chain the moment they broadcast any transaction (the public key is revealed in the signature).
2. A CRQC runs Shor's algorithm against that public key.
3. The attacker derives the corresponding private key.
4. The attacker signs a fraudulent transfer and drains the wallet before the legitimate holder can act.

Critically, addresses that have *never* broadcast a transaction expose only the address hash, not the raw public key. Keccak-256 hashing provides a layer of quantum resistance for unspent, never-transacted addresses because Grover's algorithm (the relevant quantum search tool) only delivers a quadratic speedup against hash functions, making a preimage attack computationally impractical even with a CRQC.

For Anemoy TBILL holders, however, any wallet that has ever made a transfer or redemption has already exposed its public key. Those wallets face the full ECDSA exposure if a CRQC materialises.

What "Breaking" Would Actually Require

Breaking ECDSA on secp256k1 with Shor's algorithm requires a fault-tolerant quantum computer with an estimated 2,330 to 4,000+ logical qubits (per various academic estimates, including the landmark 2022 paper by Mark Webber et al. in AVS Quantum Science). Logical qubits are error-corrected; today's physical qubits are noisy and require hundreds to thousands of physical qubits per logical qubit depending on the error rate.

Current state of the art:

• IBM Heron (2024): 133 physical qubits (not fault-tolerant at scale)
• Google Willow (2024): 105 physical qubits, demonstrated improved error correction at small scale
• No machine has demonstrated fault-tolerant logical qubit arrays remotely close to the scale required

The gap between present hardware and a CRQC capable of attacking ECDSA is not a matter of a firmware update — it is a fundamental engineering challenge spanning decades of research in error correction, qubit coherence, and interconnect scaling.

---

Realistic Timeline: When Does Q-Day Arrive?

"Q-day" is the shorthand for the moment a CRQC capable of breaking RSA-2048 or ECDSA-256 becomes operational. Analyst estimates vary widely, and that variance itself is informative.

The consensus among serious cryptographers is that a CRQC able to break ECDSA in a practically useful timeframe (hours to days, not millennia) is unlikely before 2035 and more probably arrives, if at all, in the 2040s. Some researchers assign meaningful probability to it never arriving in a form that is economically deployable before the infrastructure has migrated.

The key planning phrase here is "harvest now, decrypt later" (HNDL). Adversaries with sufficient resources can record encrypted on-chain data and signatures today, then decrypt them retroactively once a CRQC exists. For a fund holding Treasury securities, the risk is less about archived signatures (those are public anyway) and more about private key exposure for wallets whose public keys are already on-chain.

---

Specific Exposure Points for Anemoy TBILL Holders

The fund itself does not store private keys; it operates smart contracts on Flare Network. The exposure surfaces are:

1. Investor Wallet Keys

Any investor wallet that has interacted with the TBILL contract has exposed its public key. If a CRQC becomes available, those keys are theoretically vulnerable. The mitigation is straightforward: migrate holdings to a fresh address before Q-day and avoid transacting from that address until it supports a post-quantum signature scheme.

2. Anemoy's Contract Upgrade and Admin Keys

The smart contracts governing the fund likely have admin or upgrade keys controlled by Anemoy and/or Janus Henderson's operations teams. If those keys use ECDSA (standard for EVM), they carry the same theoretical vulnerability. Institutional key management using HSMs (Hardware Security Modules) does not change the underlying cryptographic algorithm, only the physical security of key storage.

3. Flare Network's Validator Set

The Flare Network itself uses consensus mechanisms secured by ECDSA keys held by validators. A successful CRQC attack on validator keys could theoretically compromise block production or finality, affecting every asset on the chain, not just TBILL. This is a systemic, chain-level risk rather than a fund-specific one.

4. Oracle Infrastructure

Anemoy's NAV attestations and Treasury price feeds rely on oracle networks (Flare's native FTSO system). Oracles sign data with — again — ECDSA keys. Compromised oracle signatures could allow false NAV reporting, a vector that doesn't even require breaking individual investor wallets.

---

What Would Have to Be True for This to Happen?

Synthesising the above, a successful quantum attack on the Janus Henderson Anemoy Treasury Fund would require all of the following to be true simultaneously:

• A CRQC capable of running Shor's against 256-bit ECDSA becomes operational.
• The Flare Network has not migrated to post-quantum signature schemes (e.g., CRYSTALS-Dilithium or FALCON, both now NIST-standardised).
• Anemoy has not rotated contract and admin keys to post-quantum alternatives.
• Investors have not moved holdings to post-quantum-secured wallets.
• The attack is executed before the network detects anomalous behaviour and freezes upgrades.

Every one of those conditions must hold. Given that NIST finalised its first post-quantum cryptography standards in August 2024 (FIPS 203, 204, 205), the migration tooling now exists. The question is execution speed across the ecosystem.

---

What Holders and Operators Can Do Right Now

Practical steps do not require waiting for Q-day to become imminent:

For individual TBILL holders:

1. Track which wallets have exposed public keys (any wallet that has signed a transaction).
2. Monitor Flare Network's post-quantum migration roadmap and announcements.
3. When PQC-compatible wallet infrastructure becomes available on Flare, migrate holdings proactively rather than reactively.
4. For new positions, consider whether the custodian or platform offers any post-quantum key management layer.

For Anemoy / Janus Henderson operations:

1. Audit all admin and upgrade keys; document which have exposed public keys.
2. Engage Flare Network on its PQC transition timeline and participate in any testnet migration.
3. Publish a cryptographic transition roadmap to give institutional investors visibility.
4. Evaluate whether oracle infrastructure partners (FTSO, third-party feeds) have PQC plans.

For the broader ecosystem:

• Ethereum's own core developers have discussed account abstraction (EIP-7560 and related proposals) as a path to swapping signature schemes without breaking backward compatibility. If Flare tracks Ethereum's EVM upgrades, this migration path may eventually be available without requiring users to manually rotate addresses.

---

How Natively Post-Quantum Designs Differ

The distinction between "migrating to post-quantum" and "being natively post-quantum" matters more than it might seem. Legacy EVM chains retrofitting PQC face enormous coordination problems: every wallet provider, every dApp, every oracle, and every bridge must upgrade in lockstep or residual ECDSA exposure persists somewhere in the stack.

Projects built from the ground up on post-quantum cryptographic primitives — using lattice-based algorithms like CRYSTALS-Kyber for key encapsulation or CRYSTALS-Dilithium for signatures, aligned with NIST's PQC standards from day one — don't carry that technical debt. BMIC.ai is one example of a wallet and token infrastructure designed with post-quantum cryptography as a core architectural choice rather than a planned future retrofit, meaning holders don't depend on a coordinated ecosystem-wide upgrade cycle to achieve Q-day protection.

The contrast is meaningful for RWA investors evaluating long-term custody risk: a fund operating on a chain mid-migration carries transitional exposure that a natively quantum-resistant infrastructure does not.

---

Summary: Should Janus Henderson Anemoy Treasury Fund Holders Be Worried?

The honest answer is: not urgently, but not dismissively either.

The cryptographic threat from quantum computers to ECDSA is real in principle and the underlying mechanism is well-understood. A CRQC powerful enough to execute the attack does not exist today and is unlikely to exist before the mid-2030s at the earliest, giving the ecosystem a planning window of at least a decade.

The Janus Henderson Anemoy Treasury Fund's specific exposure sits at the wallet level, the contract admin key level, and the chain-infrastructure level. None of these is unique to this fund — they are universal to every EVM-based product. The fund's institutional pedigree makes it more likely, not less, that its operators will engage seriously with post-quantum migration planning as NIST standards mature and tooling becomes production-ready.

The scenario to watch is not a sudden Q-day ambush but rather the slow erosion of confidence if the Flare Network and Anemoy lag the broader industry on PQC migration timelines. Institutional investors, particularly sovereign wealth funds and regulated asset managers, will scrutinise cryptographic hygiene increasingly as the 2030s approach.