Janus Henderson Anemoy AAA CLO Fund Post-Quantum Migration: Roadmap, Risks, and What Holders Should Know
The Janus Henderson Anemoy AAA CLO Fund post-quantum migration question is becoming harder to ignore as the tokenised real-world asset (RWA) sector matures. Janus Henderson's Anemoy vehicle was one of the first institutional-grade fund structures to settle on a public blockchain, bringing AAA-rated collateralised loan obligation (CLO) exposure on-chain. Yet the very infrastructure that makes it innovative, ECDSA-secured smart contracts and wallet addresses, carries a latent vulnerability to sufficiently powerful quantum computers. This article examines what is publicly known about any migration plan, what a genuine post-quantum upgrade would require, and what options exist for holders in the interim.
What Is the Janus Henderson Anemoy AAA CLO Fund?
The Anemoy AAA CLO Fund, operated through Anemoy Limited and backed by Janus Henderson Investors, is a tokenised fund that provides investors with exposure to a portfolio of AAA-rated CLO tranches. It launched on the Solana blockchain before moving to Ethereum-compatible infrastructure, and it targets institutional and qualified investors seeking yield from senior-secured credit markets.
Key structural features include:
- Underlying assets: AAA-rated CLO tranches, the most senior and lowest-risk layer of structured credit vehicles backed by leveraged loans.
- Tokenisation layer: Fund units are represented as on-chain tokens, enabling near-instant settlement, programmable transfer restrictions, and secondary market liquidity without traditional fund administration lag.
- Regulatory wrapper: The fund is structured under appropriate offshore frameworks, with KYC/AML enforced at the smart-contract level via allowlist mechanics.
- Yield profile: As of recent reporting, the fund targets short-duration floating-rate exposure, making it a popular cash-management alternative for crypto-native treasuries and institutional allocators.
The proposition is straightforward: take a deeply liquid, highly rated segment of the credit market and make it as easy to hold as an ERC-20 token.
Why CLO AAA Tranches and Blockchain Are a Natural Fit
AAA CLO tranches have historically experienced near-zero default rates even through the 2008 financial crisis and the 2020 pandemic shock. They carry floating-rate coupons, which means yield moves with benchmark rates rather than being locked to a fixed spread. Putting them on-chain reduces settlement friction, automates distribution events via smart contracts, and allows 24/7 transferability between whitelisted counterparties.
The catch is that all of the efficiency gains depend on the security of the underlying blockchain cryptography. If that cryptography is eventually broken, the entire on-chain ownership and transfer record becomes vulnerable.
---
The Quantum Threat to Tokenised Fund Infrastructure
To understand why post-quantum migration matters for any blockchain-based fund, it helps to be precise about the actual attack vector.
How ECDSA Underpins On-Chain Ownership
Ethereum and most EVM-compatible chains use the Elliptic Curve Digital Signature Algorithm (ECDSA) with the secp256k1 curve to secure wallet addresses. Ownership of any token, including tokenised fund units, is asserted by proving knowledge of a private key via a digital signature. The security of that assertion rests on the computational hardness of the elliptic curve discrete logarithm problem (ECDLP).
A sufficiently large, fault-tolerant quantum computer running Shor's algorithm could solve the ECDLP in polynomial time, meaning it could derive private keys from observed public keys. Every address that has ever broadcast a transaction has revealed its public key, making those addresses theoretically susceptible once capable quantum hardware exists.
The Timeline and the "Harvest Now, Decrypt Later" Problem
Major quantum computing milestones have accelerated in recent years. IBM, Google, and several nation-state programmes have demonstrated systems in the hundreds to low thousands of physical qubits. The consensus among cryptographers is that a cryptographically relevant quantum computer (CRQC), one large and stable enough to run Shor's algorithm against 256-bit elliptic curve keys, likely remains years to a decade or more away. Estimates vary widely, but NIST's Post-Quantum Cryptography (PQC) standardisation project, which finalised its first set of algorithms in 2024, was explicitly designed to give institutions lead time for migration.
The more immediate risk is often called "harvest now, decrypt later" (HNDL): an adversary copies encrypted or signed data today and decrypts it retrospectively once a CRQC is available. For financial records, this primarily threatens confidentiality of transaction metadata, though the direct asset-theft vector requires an online CRQC at the time of attack.
Specific Risks for Tokenised RWA Funds
For a tokenised fund like Anemoy AAA CLO, the practical risks fall into three categories:
- Key compromise at the wallet level: An investor's wallet private key could theoretically be derived from their public key, allowing an attacker to transfer tokens out of that address.
- Smart contract signature verification: Any contract logic relying on ECDSA-based ownership proofs could be spoofed.
- Allowlist and compliance mechanics: KYC allowlists enforced by contract could be bypassed if the controlling private key is compromised.
The fund's underlying CLO assets are held off-chain by a custodian and are not directly exposed. The quantum risk sits entirely at the tokenisation and ownership-record layer.
---
Does Janus Henderson Anemoy Have a Post-Quantum Migration Plan?
As of the time of writing, there is no publicly documented post-quantum migration roadmap for the Janus Henderson Anemoy AAA CLO Fund. No official white paper, technical roadmap, or regulatory filing from Janus Henderson, Anemoy Limited, or their technology partners references a transition to NIST PQC-compliant cryptographic primitives.
This is not unusual. The majority of tokenised RWA projects, including those from large asset managers, have not yet published PQC migration plans. The standardisation work at NIST only concluded in 2024 with the finalisation of ML-KEM (CRYSTALS-Kyber) for key encapsulation and ML-DSA (CRYSTALS-Dilithium) for digital signatures. The ecosystem tooling, EVM precompiles, Solidity library support, hardware wallet firmware, is still catching up.
What Janus Henderson and Anemoy have published publicly focuses on:
- Fund strategy and credit quality of underlying CLOs
- Regulatory compliance and investor eligibility mechanics
- Liquidity windows and NAV calculation methodology
Bottom line: Investors should not assume a migration plan exists and should monitor official communications from Janus Henderson and Anemoy directly for any future announcements on cryptographic infrastructure.
---
What a Post-Quantum Migration Would Actually Involve
If Anemoy or any comparable tokenised fund were to execute a genuine post-quantum migration, the process would be technically and operationally complex. Below is a realistic breakdown of what that roadmap would look like.
Step 1: Cryptographic Audit and Algorithm Selection
The first step is a full audit of every cryptographic primitive in use: wallet signature schemes, smart contract verification logic, oracles, and any off-chain signing keys used by the fund administrator. The audit output determines which components need replacement and in what priority order.
Algorithm selection would almost certainly centre on NIST's finalised standards:
| Algorithm | Type | NIST Status | Use Case |
|---|---|---|---|
| ML-DSA (CRYSTALS-Dilithium) | Lattice-based signature | Finalised (FIPS 204) | Digital signatures, wallet auth |
| ML-KEM (CRYSTALS-Kyber) | Lattice-based KEM | Finalised (FIPS 203) | Key exchange, encrypted comms |
| SLH-DSA (SPHINCS+) | Hash-based signature | Finalised (FIPS 205) | Backup / stateless signing |
| FALCON | Lattice-based signature | Under consideration | Compact signatures |
Step 2: Smart Contract Redevelopment and Audit
ECDSA verification is deeply embedded in the EVM. A migration would likely require deploying entirely new token contracts that accept PQC-based signatures, or integrating PQC precompiles if and when they are added to the EVM specification (proposals exist but are not yet live on Ethereum mainnet as of 2025).
This is not a minor upgrade. It means:
- Rewriting transfer, allowlist, and distribution logic
- Third-party security audits of new contracts
- Testing on testnets across multiple scenarios including edge cases for compliance checks
- Coordinating with the fund's legal counsel to ensure the new contract architecture still satisfies the regulatory wrapper
Step 3: Token Migration and Investor Coordination
Existing token holders would need to migrate from old (ECDSA-secured) tokens to new (PQC-secured) tokens. This requires:
- Setting a migration window with clear start and end dates
- Providing investors with tools or guidance to generate PQC-compatible key pairs
- A smart-contract-based swap mechanism that burns old tokens and mints new ones after verifying eligibility
- Updating KYC/AML allowlists on the new contract
- Communicating with secondary market venues and custodians to update their systems
The investor coordination burden is significant for an institutional fund with a global investor base, particularly given the need to re-verify identity and eligibility on the new contract.
Step 4: Custodian and Oracle Integration
The off-chain CLO assets are held by a custodian. Any cryptographic interaction between the custodian's systems and the on-chain contracts, such as NAV attestations signed by an authorised oracle, would also need to use PQC-compliant signing keys.
This step depends on custodian technology readiness, which varies considerably across the institutional service provider landscape.
---
Interim Options for Current Holders
While no migration plan exists, holders of Anemoy AAA CLO tokens can take steps to reduce their exposure to the latent quantum risk at the wallet level.
Use Fresh Addresses and Minimise Public Key Exposure
An address that has never broadcast a signed transaction has not yet revealed its public key. An attacker with a CRQC would need to brute-force the address-to-public-key mapping, which is computationally harder than reversing a known public key to its private key. Holding assets in addresses that have never been used for outgoing transactions provides a marginal additional layer of security.
Hardware Wallet Security and Firmware Updates
Hardware wallet manufacturers including Ledger and Trezor are actively monitoring PQC developments. Keeping firmware updated ensures that any incremental PQC features, such as support for hybrid signing schemes, are available when released.
Monitor NIST PQC Ecosystem Adoption
The window for migration risk is not immediate. Monitoring the adoption of NIST PQC standards by Ethereum core developers and EVM tooling providers gives investors lead time. Key indicators to watch include EIP proposals for PQC precompiles, announcements from major wallet providers, and Anemoy's own technical communications.
Diversify Across Quantum-Ready Infrastructure Where Possible
Some newer blockchain protocols and token infrastructures are being built with post-quantum cryptography from the ground up. Projects using lattice-based cryptographic schemes, such as BMIC.ai, which uses NIST PQC-aligned lattice-based cryptography specifically to address the Q-day risk, represent an emerging category worth understanding as the RWA tokenisation space continues to evolve.
---
Broader Industry Context: Where RWA Tokenisation Stands on PQC
The Anemoy fund is not alone in its lack of a published PQC roadmap. A review of major tokenised RWA projects as of mid-2025 finds that virtually none, including offerings from Franklin Templeton, BlackRock's BUIDL fund, and Ondo Finance, have published specific PQC migration timelines.
The reasons are practical:
- Regulatory clarity is still emerging. NIST finalised its first PQC standards in 2024, and regulatory guidance on cryptographic requirements for financial services has not yet made PQC migration mandatory.
- Tooling is immature. EVM-native PQC support requires protocol-level changes that are still in research and proposal stages.
- The risk horizon is uncertain. Without a definitive timeline for CRQC availability, it is difficult for compliance and risk teams to justify the migration cost on a near-term basis.
The trajectory, however, is clear. As quantum hardware milestones continue to be reached and NIST standards become embedded in regulatory frameworks, the question for tokenised fund managers will shift from "should we migrate?" to "why haven't you migrated yet?" Asset managers who begin the technical groundwork now, even at a research and planning stage, will be better positioned when that threshold arrives.
---
Summary
The Janus Henderson Anemoy AAA CLO Fund is a pioneering tokenised credit instrument with genuine institutional pedigree. Its post-quantum posture, however, reflects the broader industry reality: strong financial engineering combined with cryptographic infrastructure that was not designed with quantum adversaries in mind, and no publicly documented plan to change that. For holders, the practical risk is not immediate, but the structural vulnerability is real. Monitoring official communications, maintaining good wallet hygiene, and staying informed about EVM-level PQC developments are the most actionable steps available today.
Frequently Asked Questions
Does the Janus Henderson Anemoy AAA CLO Fund have a post-quantum migration plan?
As of mid-2025, there is no publicly documented post-quantum migration roadmap for the Janus Henderson Anemoy AAA CLO Fund. Neither Janus Henderson nor Anemoy Limited has published a white paper, technical roadmap, or regulatory filing referencing a transition to NIST PQC-compliant cryptographic standards. Investors should check official communications directly for any future announcements.
What is the actual quantum risk for tokenised fund units like those issued by Anemoy?
The risk sits at the wallet and smart contract layer, not in the underlying CLO assets themselves. A sufficiently powerful quantum computer running Shor's algorithm could derive private keys from public keys secured by ECDSA, potentially allowing an attacker to transfer tokenised fund units without authorisation. The underlying CLO assets are held off-chain by a custodian and are not directly exposed to this attack vector.
What NIST post-quantum algorithms would a fund migration most likely use?
The most relevant NIST-finalised standards are ML-DSA (CRYSTALS-Dilithium, FIPS 204) for digital signatures and ML-KEM (CRYSTALS-Kyber, FIPS 203) for key encapsulation. SLH-DSA (SPHINCS+, FIPS 205) is a hash-based backup option. Any migration of smart contract signature verification would need to align with one or more of these standards.
How long would a post-quantum migration take for a tokenised RWA fund?
A realistic estimate is 12 to 24 months from initiation, accounting for cryptographic audits, smart contract redevelopment and security audits, regulatory review, custodian and oracle integration, and investor coordination for the token swap. The investor coordination step is particularly complex for institutional funds with global investor bases and strict KYC/AML requirements.
Is the quantum threat to ECDSA immediate?
No, not according to current scientific consensus. A cryptographically relevant quantum computer capable of breaking 256-bit elliptic curve keys does not yet exist and is generally estimated to be years to over a decade away. The more near-term concern is the 'harvest now, decrypt later' threat, where adversaries collect data today to decrypt once capable hardware is available. NIST standardised its first PQC algorithms in 2024 specifically to give institutions lead time to migrate before the threat materialises.
What can current Anemoy AAA CLO token holders do while awaiting any official migration plan?
Practical steps include holding tokens in wallet addresses that have never broadcast a signed transaction (to avoid public key exposure), keeping hardware wallet firmware updated, and monitoring NIST PQC ecosystem adoption across EVM tooling and wallet providers. Investors should also watch Janus Henderson and Anemoy's official channels for any forthcoming technical announcements related to cryptographic infrastructure upgrades.