Will Quantum Computers Break Janus Henderson Anemoy AAA CLO Fund?

The question of whether quantum computers will break Janus Henderson Anemoy AAA CLO Fund sits at the intersection of institutional DeFi, tokenised securities, and cryptographic infrastructure. It is not a fringe concern: the fund uses blockchain-based ownership records secured by the same elliptic-curve cryptography underpinning most of public crypto, and that cryptography has a known theoretical vulnerability to sufficiently powerful quantum hardware. This article walks through the exact mechanisms involved, what would actually have to be true for a breach to occur, where analysts place the realistic timeline, and what fund holders and protocol designers can do about it.

What Is the Janus Henderson Anemoy AAA CLO Fund?

The Janus Henderson Anemoy AAA CLO Fund is a tokenised money-market-adjacent product that brings institutional-grade, AAA-rated collateralised loan obligation (CLO) exposure onto a public blockchain. Launched in collaboration with Anemoy, it operates on the Solana network and targets qualified investors seeking yield from the senior-most, lowest-risk tranche of CLO structures.

Key structural points:

This structure matters enormously for the quantum-risk analysis. The fund is not a pure DeFi protocol where anyone can interact permissionlessly. It sits in a regulated, permissioned layer. That distinction will shape the realistic threat surface considerably.

---

How the Fund's Cryptographic Stack Actually Works

To assess quantum risk, you first need to understand what cryptographic primitives are actually in use.

Solana's Signature Scheme

Solana uses Ed25519, a variant of the Edwards-curve Digital Signature Algorithm (EdDSA). This is distinct from the ECDSA (secp256k1) used by Bitcoin and Ethereum. Both are elliptic-curve schemes and both are theoretically vulnerable to Shor's algorithm running on a sufficiently capable quantum computer, but the specific parameters differ.

Ed25519 offers a 128-bit classical security level. Against a quantum adversary running Shor's algorithm, the effective security drops to roughly 64-bit equivalent, since the algorithm can solve the discrete logarithm problem on elliptic curves in polynomial time. That is not considered secure against a large-scale quantum computer.

What "Breaking" the Signature Scheme Means

Breaking Ed25519 with a quantum computer would allow an attacker to:

  1. Derive a wallet's private key from its public key. The public key is visible on-chain the moment a transaction is broadcast. An attacker with sufficient quantum hardware could compute the corresponding private key and sign fraudulent transactions.
  2. Forge signatures on token transfers. In the context of the Anemoy CLO Fund, this could in theory mean forging a transfer of fund tokens out of a holder's wallet.

Critically, this attack vector applies to the *on-chain key infrastructure*, not to the underlying CLO notes themselves. The actual loan assets sit in a traditional legal trust structure. An attacker compromising a Solana wallet does not automatically seize the off-chain assets. However, they would control the on-chain representation of ownership, which carries significant legal and financial consequences.

The Permissioned Layer as a Partial Mitigant

Because Anemoy CLO Fund tokens are restricted to KYC-whitelisted wallets, a quantum attacker faces an additional obstacle: a forged transfer to a non-whitelisted wallet would be rejected at the smart-contract level. They would need to transfer tokens to another whitelisted address, meaning an existing, verified counterparty. This does not eliminate risk, but it meaningfully constrains the attack surface compared to a fully permissionless token.

---

What Would Actually Have to Be True for Q-Day to Threaten This Fund?

A realistic threat assessment requires stacking several conditions. All of the following would need to hold simultaneously:

ConditionCurrent StatusRealistic Probability (2025 view)
A quantum computer capable of breaking 128-bit ECC existsNot demonstratedVery low before 2030; contested before 2035
The attacker has access to that hardwareNational-state level only, initiallyExtremely low for near-term
The attacker targets this specific fundDepends on AUM and attacker motivationLow; high-value targets attract first
The permissioned whitelist does not stop the forged transferRequires a whitelisted destination walletReduces but does not eliminate risk
Legal recourse and off-chain custody fail to recover valueDepends on jurisdiction and custodianLow given institutional structure

The honest conclusion from this table: the quantum threat to the Janus Henderson Anemoy AAA CLO Fund is real in principle but remote in practice for the next five to ten years. The more pressing near-term concern is the "harvest now, decrypt later" (HNDL) strategy, discussed below.

---

The Harvest-Now-Decrypt-Later Problem

The HNDL attack is the most immediately relevant quantum threat to any blockchain-based asset, including this fund. The mechanics are straightforward:

  1. An adversary intercepts and stores encrypted communications or on-chain transaction data *today*.
  2. When quantum hardware matures, they retroactively decrypt that data to extract private keys or sensitive information.

For a fund like Anemoy's CLO product, the relevant HNDL surface includes:

The HNDL vector means the quantum risk clock starts *now*, not when quantum computers actually become powerful enough to run Shor's algorithm in real time. Data being harvested in 2025 could be cracked in 2033 or 2037. For long-duration institutional holdings, this is a non-trivial consideration.

---

Realistic Timeline: What Do Analysts and Researchers Say?

Estimating Q-day is genuinely difficult, and serious researchers disagree. A balanced summary of the current expert landscape:

Pessimistic Scenario (Earlier Q-Day, ~2030-2033)

Consensus Scenario (~2035-2040)

Optimistic / Sceptical Scenario (Post-2040 or Never at Scale)

Practical implication for fund holders: the timeline uncertainty argues for *preparation now* rather than waiting for consensus certainty. Migration to post-quantum infrastructure takes years at institutional scale.

---

What Holders and Institutional Participants Can Do

The quantum threat to tokenised fund infrastructure is manageable, but it requires deliberate action across multiple layers. Holders and issuers have distinct responsibilities.

For Fund Holders

For Issuers and Protocol Designers

---

How Natively Post-Quantum Designs Differ

There is a meaningful architectural distinction between projects that are retrofitting quantum resistance and those designed with it as a foundational assumption.

Retrofitting quantum resistance onto an existing chain like Solana involves:

By contrast, a natively post-quantum system starts with lattice-based or hash-based signatures at the protocol level, meaning there is no legacy key infrastructure to migrate and no mixed-security transition window. The cryptographic threat surface is structurally smaller from genesis.

For institutional investors evaluating tokenised fund products over a 10-year horizon, this architectural difference will increasingly factor into due diligence frameworks. It is analogous to choosing between a building retrofitted with earthquake resistance and one designed seismically from the foundation.

---

Summary: A Balanced Risk Assessment

The Janus Henderson Anemoy AAA CLO Fund faces a quantum computer threat that is:

The question is not whether to take quantum risk seriously, but how to calibrate the urgency appropriately. For a long-duration institutional product like this fund, the answer is: begin migration planning now, even if the immediate threat level remains low.

Frequently Asked Questions

Will quantum computers break the Janus Henderson Anemoy AAA CLO Fund's on-chain infrastructure?

Not with current or near-term quantum hardware. The fund uses Ed25519 signatures on Solana, which is theoretically vulnerable to Shor's algorithm on a cryptographically relevant quantum computer (CRQC). However, no CRQC of sufficient scale exists in 2025, and mainstream expert consensus places that capability in the mid-2030s at the earliest. The risk is real in principle but remote in practice for the next several years.

What cryptographic scheme does Solana use, and is it quantum-safe?

Solana uses Ed25519, an Edwards-curve Digital Signature Algorithm. It is not quantum-safe. Like all elliptic-curve schemes, it is vulnerable to Shor's algorithm running on a large-scale quantum computer. NIST has already finalised post-quantum alternatives (CRYSTALS-Dilithium, FALCON) that would replace it, but Solana has not yet migrated to these standards.

What is the harvest-now-decrypt-later (HNDL) attack and does it apply to this fund?

HNDL involves storing encrypted data or on-chain transaction records today and decrypting them when quantum hardware matures. It is relevant to this fund because wallet addresses and signing patterns are publicly visible on Solana. If the same wallet key persists for many years, it accumulates exposure. Holders with long investment horizons should consider key rotation and monitor the fund issuer's quantum preparedness roadmap.

Does the fund's permissioned structure reduce quantum risk?

Yes, partially. Because fund tokens can only transfer between KYC-whitelisted wallets, a quantum attacker who forged a transaction would need to send tokens to another verified wallet. This limits the practical attack surface compared to a fully permissionless token. However, it does not eliminate the risk entirely, since a sophisticated attacker could potentially compromise a whitelisted wallet.

What should holders do to protect themselves against quantum risk?

Practical steps include avoiding wallet address reuse, using hardware wallets with active firmware development roadmaps, monitoring Solana's post-quantum migration plans, and assessing your holding horizon against the HNDL window. Holders planning to stay invested for 10 or more years face a materially different cryptographic environment at exit than today, making quantum awareness a relevant part of long-term due diligence.

When do analysts expect quantum computers to be capable of breaking elliptic-curve cryptography?

Expert estimates range widely. Pessimistic scenarios place a cryptographically relevant quantum computer (CRQC) as early as 2030-2033, driven by rapid progress at Google and IBM. The consensus among academic cryptographers and standards bodies like NIST sits closer to 2035-2040. A sceptical minority argues fundamental engineering challenges push the timeline beyond 2040. NIST's decision to finalise post-quantum standards in 2024 reflects an institutional view that a 10-15 year preparation window is prudent.