Will Quantum Computers Break Janus Henderson Anemoy Treasury Fund?

Will quantum computers break Janus Henderson Anemoy Treasury Fund? It is a fair question for any serious tokenised-asset holder to ask. The Anemoy Treasury Fund, brought to blockchain infrastructure by Janus Henderson and Anemoy, represents a new class of on-chain US Treasury exposure — but the cryptographic foundations underneath every tokenised asset are the same ones that quantum computing threatens to unravel. This article walks through the mechanics: how the fund's token infrastructure works, which signature schemes are at risk, what would actually have to be true for an attack to succeed, realistic timelines, and what holders and issuers can do about it.

What Is the Janus Henderson Anemoy Treasury Fund?

The Anemoy Treasury Fund is a tokenised money-market fund that provides on-chain access to short-duration US Treasury bill exposure. Janus Henderson partnered with Anemoy, a regulated tokenisation platform, to bring the product to a permissioned blockchain environment. The fund sits within a growing segment of real-world asset (RWA) tokenisation, where traditional financial instruments are represented as digital tokens on a distributed ledger.

Key structural points:

The product sits at the intersection of TradFi and DeFi infrastructure. That intersection is precisely where quantum risk is most underappreciated, because institutional investors are accustomed to thinking about sovereign credit risk and duration risk, not cryptographic risk.

---

The Cryptographic Layer Underneath Tokenised Funds

Every tokenised fund, regardless of its brand or underlying asset, relies on public-key cryptography to:

  1. Authenticate ownership (wallets and private keys)
  2. Authorise transfers (digital signatures on transactions)
  3. Secure smart contract interactions (on-chain function calls)

EVM-based infrastructure, which underpins Ethereum and most compatible chains, uses the Elliptic Curve Digital Signature Algorithm (ECDSA) with the secp256k1 curve. ECDSA is what protects every Ethereum wallet address. When you sign a transaction, you prove ownership of a private key without revealing it, using the mathematical hardness of the elliptic curve discrete logarithm problem (ECDLP).

Why ECDSA Is Quantum-Vulnerable

Shor's algorithm, developed by mathematician Peter Shor in 1994, demonstrated that a sufficiently powerful quantum computer could solve the ECDLP in polynomial time, compared to the exponential time required by classical computers. In practical terms: a large-scale, fault-tolerant quantum computer running Shor's algorithm could derive a private key from a known public key.

For blockchain wallets, the public key is exposed — either directly in the address derivation, or temporarily at the point a transaction is broadcast. That exposure window is the attack surface.

What About the Smart Contracts Themselves?

Smart contracts are compiled bytecode stored on-chain. They do not carry private keys, but they do verify signatures. If the signature scheme they rely on is broken, an attacker who can forge valid signatures could authorise fraudulent transfers. For a permissioned fund like Anemoy, this would mean bypassing access controls, redirecting redemption proceeds, or minting unauthorised token balances.

The hash functions used in Ethereum (Keccak-256) are considered significantly more quantum-resistant than ECDSA. Grover's algorithm can theoretically halve the effective security of a hash function, but Keccak-256 at 256 bits retains roughly 128 bits of quantum security, still well within acceptable margins. The acute risk is ECDSA, not hashing.

---

What Would Have to Be True for a Q-Day Attack to Succeed?

"Q-day" is shorthand for the point at which a quantum computer becomes capable of breaking ECDSA at practical speed. Several conditions must be met simultaneously:

Hardware Requirements

Current quantum computers, including IBM's Eagle/Condor/Heron processors and Google's Sycamore series, operate with noisy intermediate-scale quantum (NISQ) hardware. Breaking 256-bit elliptic curve cryptography is estimated to require millions of physical qubits operating with very low error rates, sustained for hours. As of 2025, the most advanced systems have thousands of physical qubits, with error rates still far above the fault-tolerant threshold.

A 2022 paper by Mark Webber et al. (University of Sussex) estimated that breaking Bitcoin's ECDSA in one hour would require approximately 317 million physical qubits. Breaking it within the 10-minute Bitcoin block time window would require 1.9 billion. These numbers illustrate the hardware gap that remains.

The Attack Window

There are two threat models:

Threat ModelDescriptionApplicability to Anemoy Fund
**Harvest now, decrypt later (HNDL)**Attacker captures encrypted data today and decrypts it once a quantum computer is availableApplies to encrypted communications; less directly relevant to on-chain token ownership
**Live signature forgery**Attacker uses a live quantum computer to derive a private key from a broadcast transaction and signs a competing transactionDirectly relevant to ECDSA-secured wallets and smart contract calls
**Dormant address attack**Public key is visible on-chain for addresses that have already transacted; attacker targets those keys offlineRelevant to any wallet that has made at least one outbound transaction

For a tokenised fund with permissioned transfers, the dormant address model is arguably the highest-risk scenario. Wallet addresses that have completed subscriptions or redemptions have exposed their public keys. A quantum attacker with sufficient capability could target those addresses without needing to intercept any live traffic.

---

Realistic Timeline: When Should Fund Holders Start Worrying?

There is no consensus on an exact Q-day date, but credible institutional estimates cluster around the following ranges:

The NIST PQC standardisation process, completed after a multi-year evaluation, was driven by the recognition that cryptographic migration takes decades in large systems. Financial infrastructure is among the most complex to migrate, which is why NIST and the financial regulators that follow its guidance consider a 10-to-15-year migration runway prudent, not alarmist.

The practical takeaway: Holders of the Anemoy Treasury Fund face no imminent quantum threat to their tokens today. But the window to begin thinking about migration is open now, not in 2035.

---

What Holders and Issuers Can Do Now

For Token Holders

  1. Audit your wallet type. Hardware wallets and software wallets both use ECDSA. Your private key is only as secure as the signature scheme protecting it.
  2. Avoid address reuse. Reusing wallet addresses increases the time your public key is visible on-chain, expanding the dormant address attack window.
  3. Monitor issuer communications. Anemoy and Janus Henderson will be responsible for any smart contract migrations or token standard upgrades. Holders should stay informed about whether the fund's infrastructure is being upgraded to post-quantum signature schemes.
  4. Consider custody options. Institutional custodians are more likely to adopt post-quantum cryptography at the infrastructure level before individual retail wallets do.

For Fund Issuers and Platform Operators

The NIST PQC standards provide a clear migration path:

Migrating a permissioned tokenised fund is more tractable than migrating an open, decentralised protocol. The issuer controls the smart contracts, the KYC registry, and the token standard. A planned migration with a token swap mechanism is operationally feasible, though it requires regulatory coordination and custody system updates.

---

How Natively Post-Quantum Designs Differ

Most tokenised RWA products, including the Anemoy fund, were built on EVM infrastructure that predates NIST's PQC finalisation. They are retrofitting quantum resistance onto a classically designed system, a migration path that is workable but complex.

By contrast, projects designed from the ground up with post-quantum cryptography can implement lattice-based or hash-based signature schemes at the protocol layer, without the technical debt of ECDSA. BMIC.ai is one example of this approach: it is built on NIST PQC-aligned lattice-based cryptography from inception, meaning the wallet and token infrastructure does not carry ECDSA exposure at all. This is architecturally different from a fund that plans to migrate ECDSA infrastructure later.

The distinction matters for assessing long-term cryptographic risk, not because Q-day is imminent, but because the cost and complexity of migration increases the longer a system operates on a vulnerable signature scheme.

---

Comparison: ECDSA-Based vs. Post-Quantum Tokenised Asset Infrastructure

FeatureECDSA-Based Infrastructure (e.g. EVM chains)Natively Post-Quantum Infrastructure
**Signature scheme**ECDSA (secp256k1)Lattice-based (Dilithium, FALCON) or hash-based (SPHINCS+)
**Quantum vulnerability**High (Shor's algorithm applicable)Designed to resist Shor's algorithm
**Current security (classical)**StrongStrong
**Migration complexity**High (requires smart contract upgrades, wallet migration, custody changes)None (built-in from launch)
**NIST PQC alignment**Requires migration to achieve alignmentNative
**Ecosystem maturity**Very high (Ethereum, EVM tooling)Early-stage; growing rapidly post-NIST finalisation
**Performance overhead**BaselineSlightly larger key/signature sizes; manageable at modern hardware speeds

---

Summary: A Measured Risk Assessment

The Janus Henderson Anemoy Treasury Fund's quantum exposure is real but not urgent. The fund inherits the ECDSA-based signature scheme of the EVM infrastructure it runs on, which is theoretically vulnerable to Shor's algorithm. However, breaking 256-bit elliptic curve cryptography requires hardware capabilities that do not exist today and are unlikely to materialise before the early-to-mid 2030s at the earliest.

The responsible framing is this: quantum risk is a long-tail tail risk with a known mitigation path. NIST has standardised the replacement algorithms. The financial industry has a migration timeline. The question for Anemoy, Janus Henderson, and every other tokenised RWA issuer is not whether to migrate, but when and how. Given that tokenised fund infrastructure is issuer-controlled and permissioned, migration is more tractable here than in open blockchain protocols. Starting the planning process now, rather than at the last moment, is the prudent position.

Frequently Asked Questions

Will quantum computers break Janus Henderson Anemoy Treasury Fund tokens?

Not with current quantum hardware. The fund's EVM-based token infrastructure uses ECDSA, which is theoretically vulnerable to Shor's algorithm on a large-scale fault-tolerant quantum computer. However, that hardware does not exist today and is not expected to reach the required scale for at least a decade. The risk is real but long-term, and there is a clear NIST-standardised migration path available.

What cryptographic scheme does the Anemoy Treasury Fund use?

The fund is built on EVM-compatible blockchain infrastructure, which uses the Elliptic Curve Digital Signature Algorithm (ECDSA) with the secp256k1 curve. This is the same signature scheme used by Ethereum and most EVM-compatible chains. ECDSA is what protects wallet private keys and authorises on-chain transactions.

When is Q-day expected to arrive?

There is no consensus date, but most credible estimates place cryptographically relevant quantum computing in the 2030-2040 range. Breaking 256-bit elliptic curve cryptography is estimated to require millions of physical qubits with very low error rates. Current systems have thousands of qubits with significantly higher error rates. NIST designed its post-quantum cryptography migration timeline around a 10-to-15-year horizon from its 2024 standards finalisation.

What can Anemoy Treasury Fund holders do to reduce quantum risk?

Practical steps include avoiding address reuse (which limits how long your public key is exposed on-chain), using institutional custodians that are more likely to adopt post-quantum standards early, and monitoring communications from Anemoy and Janus Henderson about any planned smart contract or token standard upgrades. Holders cannot change the underlying signature scheme themselves — that responsibility lies with the issuer and platform operator.

Can the Anemoy fund migrate to post-quantum cryptography?

Yes, and it is more tractable for a permissioned tokenised fund than for an open blockchain protocol. Because the issuer controls the smart contracts, KYC registry, and token standard, a planned migration using NIST-standardised algorithms like CRYSTALS-Dilithium or FALCON is operationally feasible. It requires coordination with custodians, regulators, and token holders, but the technical path is well-defined.

What is the difference between a harvest-now-decrypt-later attack and a live signature forgery attack?

Harvest-now-decrypt-later (HNDL) means an attacker captures encrypted data today and stores it until a quantum computer is available to decrypt it. Live signature forgery means using a live quantum computer to derive a private key from a broadcast transaction in real time and sign a competing transaction before the legitimate one confirms. For tokenised funds, the dormant address attack — where public keys already visible on-chain are targeted offline — is an additional relevant threat model that sits between these two categories.