Will Quantum Computers Break Janus Henderson Anemoy AAA CLO Fund?
The question of whether quantum computers will break Janus Henderson Anemoy AAA CLO Fund sits at the intersection of institutional DeFi, tokenised securities, and cryptographic infrastructure. It is not a fringe concern: the fund uses blockchain-based ownership records secured by the same elliptic-curve cryptography underpinning most of public crypto, and that cryptography has a known theoretical vulnerability to sufficiently powerful quantum hardware. This article walks through the exact mechanisms involved, what would actually have to be true for a breach to occur, where analysts place the realistic timeline, and what fund holders and protocol designers can do about it.
What Is the Janus Henderson Anemoy AAA CLO Fund?
The Janus Henderson Anemoy AAA CLO Fund is a tokenised money-market-adjacent product that brings institutional-grade, AAA-rated collateralised loan obligation (CLO) exposure onto a public blockchain. Launched in collaboration with Anemoy, it operates on the Solana network and targets qualified investors seeking yield from the senior-most, lowest-risk tranche of CLO structures.
Key structural points:
- Underlying assets: AAA-rated CLO tranches, backed by diversified pools of leveraged loans.
- Blockchain layer: Solana, using SPL token standards for ownership representation.
- Investor access: Permissioned, KYC/AML-gated. Token transfers are restricted to whitelisted wallets.
- Custody model: Off-chain legal ownership is mirrored on-chain. The token represents a beneficial interest, not direct ownership of the CLO notes themselves.
This structure matters enormously for the quantum-risk analysis. The fund is not a pure DeFi protocol where anyone can interact permissionlessly. It sits in a regulated, permissioned layer. That distinction will shape the realistic threat surface considerably.
---
How the Fund's Cryptographic Stack Actually Works
To assess quantum risk, you first need to understand what cryptographic primitives are actually in use.
Solana's Signature Scheme
Solana uses Ed25519, a variant of the Edwards-curve Digital Signature Algorithm (EdDSA). This is distinct from the ECDSA (secp256k1) used by Bitcoin and Ethereum. Both are elliptic-curve schemes and both are theoretically vulnerable to Shor's algorithm running on a sufficiently capable quantum computer, but the specific parameters differ.
Ed25519 offers a 128-bit classical security level. Against a quantum adversary running Shor's algorithm, the effective security drops to roughly 64-bit equivalent, since the algorithm can solve the discrete logarithm problem on elliptic curves in polynomial time. That is not considered secure against a large-scale quantum computer.
What "Breaking" the Signature Scheme Means
Breaking Ed25519 with a quantum computer would allow an attacker to:
- Derive a wallet's private key from its public key. The public key is visible on-chain the moment a transaction is broadcast. An attacker with sufficient quantum hardware could compute the corresponding private key and sign fraudulent transactions.
- Forge signatures on token transfers. In the context of the Anemoy CLO Fund, this could in theory mean forging a transfer of fund tokens out of a holder's wallet.
Critically, this attack vector applies to the *on-chain key infrastructure*, not to the underlying CLO notes themselves. The actual loan assets sit in a traditional legal trust structure. An attacker compromising a Solana wallet does not automatically seize the off-chain assets. However, they would control the on-chain representation of ownership, which carries significant legal and financial consequences.
The Permissioned Layer as a Partial Mitigant
Because Anemoy CLO Fund tokens are restricted to KYC-whitelisted wallets, a quantum attacker faces an additional obstacle: a forged transfer to a non-whitelisted wallet would be rejected at the smart-contract level. They would need to transfer tokens to another whitelisted address, meaning an existing, verified counterparty. This does not eliminate risk, but it meaningfully constrains the attack surface compared to a fully permissionless token.
---
What Would Actually Have to Be True for Q-Day to Threaten This Fund?
A realistic threat assessment requires stacking several conditions. All of the following would need to hold simultaneously:
| Condition | Current Status | Realistic Probability (2025 view) |
|---|---|---|
| A quantum computer capable of breaking 128-bit ECC exists | Not demonstrated | Very low before 2030; contested before 2035 |
| The attacker has access to that hardware | National-state level only, initially | Extremely low for near-term |
| The attacker targets this specific fund | Depends on AUM and attacker motivation | Low; high-value targets attract first |
| The permissioned whitelist does not stop the forged transfer | Requires a whitelisted destination wallet | Reduces but does not eliminate risk |
| Legal recourse and off-chain custody fail to recover value | Depends on jurisdiction and custodian | Low given institutional structure |
The honest conclusion from this table: the quantum threat to the Janus Henderson Anemoy AAA CLO Fund is real in principle but remote in practice for the next five to ten years. The more pressing near-term concern is the "harvest now, decrypt later" (HNDL) strategy, discussed below.
---
The Harvest-Now-Decrypt-Later Problem
The HNDL attack is the most immediately relevant quantum threat to any blockchain-based asset, including this fund. The mechanics are straightforward:
- An adversary intercepts and stores encrypted communications or on-chain transaction data *today*.
- When quantum hardware matures, they retroactively decrypt that data to extract private keys or sensitive information.
For a fund like Anemoy's CLO product, the relevant HNDL surface includes:
- Wallet key generation data if transmitted insecurely at onboarding.
- Reused public keys. In Ed25519, a public key is exposed when a transaction is signed. If the same key persists for years, it accumulates exposure. Best practice is key rotation, but most institutional wallet setups do not rotate frequently.
- Smart contract interactions that reveal addresses and signing patterns over time.
The HNDL vector means the quantum risk clock starts *now*, not when quantum computers actually become powerful enough to run Shor's algorithm in real time. Data being harvested in 2025 could be cracked in 2033 or 2037. For long-duration institutional holdings, this is a non-trivial consideration.
---
Realistic Timeline: What Do Analysts and Researchers Say?
Estimating Q-day is genuinely difficult, and serious researchers disagree. A balanced summary of the current expert landscape:
Pessimistic Scenario (Earlier Q-Day, ~2030-2033)
- Driven by rapid progress in quantum error correction, particularly Google's and IBM's published roadmaps.
- IBM has publicly committed to fault-tolerant quantum systems by the early 2030s.
- Some cryptographers argue that once error correction thresholds are crossed, scaling becomes faster than currently modelled.
Consensus Scenario (~2035-2040)
- Most academic cryptographers and national standards bodies (NIST, NCSC, BSI) treat the 2030s as the planning horizon.
- NIST finalised its first post-quantum cryptographic standards in 2024 (CRYSTALS-Kyber for key encapsulation, CRYSTALS-Dilithium and FALCON for signatures). Their guidance implicitly treats a 10-15 year migration window as prudent.
Optimistic / Sceptical Scenario (Post-2040 or Never at Scale)
- Some physicists argue that physical qubit decoherence and engineering challenges are fundamentally harder than roadmaps suggest.
- Even if cryptographically relevant quantum computers (CRQCs) are built, they may remain rare, expensive, and state-controlled for decades.
Practical implication for fund holders: the timeline uncertainty argues for *preparation now* rather than waiting for consensus certainty. Migration to post-quantum infrastructure takes years at institutional scale.
---
What Holders and Institutional Participants Can Do
The quantum threat to tokenised fund infrastructure is manageable, but it requires deliberate action across multiple layers. Holders and issuers have distinct responsibilities.
For Fund Holders
- Monitor key hygiene. Avoid reusing wallet addresses across interactions. Use fresh addresses for each transaction where the protocol permits.
- Prefer hardware wallets with forward-looking firmware. Some hardware wallet manufacturers are already planning Ed25519 replacement roadmaps aligned with NIST PQC standards.
- Stay informed on Solana's migration plans. The Solana Foundation will eventually need to address post-quantum signature migration. Track their roadmap and validator upgrade announcements.
- Assess holding horizon against the HNDL window. If you expect to hold for 10+ years, the cryptographic environment at maturity looks meaningfully different from today's.
For Issuers and Protocol Designers
- Design token standards with cryptographic agility. The ability to upgrade the underlying signature scheme without re-issuing tokens is architecturally important.
- Build quantum-resistant key management into onboarding. New investor wallet generation should already consider PQC-compatible key derivation paths where tooling permits.
- Engage custodians on quantum risk frameworks. Institutional custodians (Anchorage, Fireblocks, BitGo) are beginning to publish quantum preparedness roadmaps. Issuers should require disclosure.
- Consider natively post-quantum infrastructure for new deployments. Projects built from the ground up on lattice-based cryptography, such as BMIC.ai, which uses NIST PQC-aligned, lattice-based signing, offer a reference point for what cryptographic agility looks like when baked in from day one rather than retrofitted.
---
How Natively Post-Quantum Designs Differ
There is a meaningful architectural distinction between projects that are retrofitting quantum resistance and those designed with it as a foundational assumption.
Retrofitting quantum resistance onto an existing chain like Solana involves:
- Coordinating validator software upgrades across a decentralised set.
- Migrating all existing key pairs, which requires wallet-holder participation.
- Maintaining backward compatibility during a transition period, which itself creates a mixed-security environment.
- Updating smart contract audit standards to reflect new cryptographic primitives.
By contrast, a natively post-quantum system starts with lattice-based or hash-based signatures at the protocol level, meaning there is no legacy key infrastructure to migrate and no mixed-security transition window. The cryptographic threat surface is structurally smaller from genesis.
For institutional investors evaluating tokenised fund products over a 10-year horizon, this architectural difference will increasingly factor into due diligence frameworks. It is analogous to choosing between a building retrofitted with earthquake resistance and one designed seismically from the foundation.
---
Summary: A Balanced Risk Assessment
The Janus Henderson Anemoy AAA CLO Fund faces a quantum computer threat that is:
- Theoretically real. Ed25519 on Solana is not quantum-resistant, and Shor's algorithm would break it given sufficient hardware.
- Practically remote in the short term. No CRQC capable of breaking 128-bit ECC exists in 2025, and mainstream expert consensus places that capability in the mid-2030s at the earliest.
- Partially mitigated by structure. The permissioned, KYC-gated token model meaningfully constrains the attack surface compared to permissionless DeFi.
- More pressing via HNDL than direct attack. Data harvested today could be exploited in a future when quantum hardware is available, making key hygiene and migration planning relevant now.
- Manageable with deliberate action. Holders, issuers, and infrastructure providers all have concrete steps available, and NIST has now standardised the post-quantum primitives they need.
The question is not whether to take quantum risk seriously, but how to calibrate the urgency appropriately. For a long-duration institutional product like this fund, the answer is: begin migration planning now, even if the immediate threat level remains low.
Frequently Asked Questions
Will quantum computers break the Janus Henderson Anemoy AAA CLO Fund's on-chain infrastructure?
Not with current or near-term quantum hardware. The fund uses Ed25519 signatures on Solana, which is theoretically vulnerable to Shor's algorithm on a cryptographically relevant quantum computer (CRQC). However, no CRQC of sufficient scale exists in 2025, and mainstream expert consensus places that capability in the mid-2030s at the earliest. The risk is real in principle but remote in practice for the next several years.
What cryptographic scheme does Solana use, and is it quantum-safe?
Solana uses Ed25519, an Edwards-curve Digital Signature Algorithm. It is not quantum-safe. Like all elliptic-curve schemes, it is vulnerable to Shor's algorithm running on a large-scale quantum computer. NIST has already finalised post-quantum alternatives (CRYSTALS-Dilithium, FALCON) that would replace it, but Solana has not yet migrated to these standards.
What is the harvest-now-decrypt-later (HNDL) attack and does it apply to this fund?
HNDL involves storing encrypted data or on-chain transaction records today and decrypting them when quantum hardware matures. It is relevant to this fund because wallet addresses and signing patterns are publicly visible on Solana. If the same wallet key persists for many years, it accumulates exposure. Holders with long investment horizons should consider key rotation and monitor the fund issuer's quantum preparedness roadmap.
Does the fund's permissioned structure reduce quantum risk?
Yes, partially. Because fund tokens can only transfer between KYC-whitelisted wallets, a quantum attacker who forged a transaction would need to send tokens to another verified wallet. This limits the practical attack surface compared to a fully permissionless token. However, it does not eliminate the risk entirely, since a sophisticated attacker could potentially compromise a whitelisted wallet.
What should holders do to protect themselves against quantum risk?
Practical steps include avoiding wallet address reuse, using hardware wallets with active firmware development roadmaps, monitoring Solana's post-quantum migration plans, and assessing your holding horizon against the HNDL window. Holders planning to stay invested for 10 or more years face a materially different cryptographic environment at exit than today, making quantum awareness a relevant part of long-term due diligence.
When do analysts expect quantum computers to be capable of breaking elliptic-curve cryptography?
Expert estimates range widely. Pessimistic scenarios place a cryptographically relevant quantum computer (CRQC) as early as 2030-2033, driven by rapid progress at Google and IBM. The consensus among academic cryptographers and standards bodies like NIST sits closer to 2035-2040. A sceptical minority argues fundamental engineering challenges push the timeline beyond 2040. NIST's decision to finalise post-quantum standards in 2024 reflects an institutional view that a 10-15 year preparation window is prudent.