Built on government cryptography standards
Throndar is built on the post-quantum algorithms NIST standardized and the algorithm suite NSA selected for national security systems — and governs every answer under the NIST AI Risk Management Framework. Below is the full primitive-to-standard mapping, with every source linked.
NIST-standardized, today
Throndar protects session keys with ML-KEM-1024 — the highest-strength (NIST security category 5) parameter set of the NIST-standardized key-encapsulation algorithm (FIPS 203, finalized August 13, 2024) — deployed in a hybrid alongside classical X25519. Messages are signed with ML-DSA-87 (FIPS 204, category 5). A second, independent post-quantum signature uses Falcon — the algorithm NIST selected for its forthcoming FN-DSA standard (FIPS 206, still in development) — giving every signature two different lattice foundations.
- Key exchange: hybrid X25519 + ML-KEM-1024 (classical + NIST-standardized lattice KEM).
- Signatures: ML-DSA-87 (FIPS 204) plus a Falcon dual-signature — two independent lattice families.
- Falcon is an addition; FN-DSA (FIPS 206) is selected by NIST but not yet published — Throndar makes no FIPS 206 claim.
- Verifiable provenance: every answer is ML-DSA-87-signed into a tamper-evident receipt you can verify in your own browser at /verify/receipt.
Aligned with the CNSA 2.0 algorithm suite
Throndar's post-quantum core uses the same two algorithms, at the same maximum parameter sets, that NSA's Commercial National Security Algorithm Suite 2.0 specifies for U.S. National Security Systems: ML-KEM-1024 for key establishment and ML-DSA-87 for signatures. The U.S. government's quantum strategy (National Security Memorandum 10, 2022) set a goal for national security systems to be quantum-resistant by 2035 — Throndar already runs on those algorithms today.
- Algorithm alignment with the CNSA 2.0 suite (ML-KEM-1024 + ML-DSA-87) — alignment, not certification.
- Closes the 'harvest now, decrypt later' window CISA, NSA, and NIST warn about — long-secrecy data is protected now.
- Falcon is an added second signature, described separately and NOT part of CNSA 2.0.
“Aligned with the CNSA 2.0 algorithm suite” describes our algorithm choices. Throndar is not CNSA 2.0 compliant, NSA-certified, or approved for National Security Systems.
Every answer governed under the NIST AI RMF
Throndar's governed Mixture-of-Agents operationalizes the NIST AI Risk Management Framework (NIST AI 100-1, January 2023) and aligns with its Generative AI Profile (NIST AI 600-1, July 2024): every answer is routed, deliberated across the council, and run through a governance gate that labels it (PASS or flagged) before it ships — embodying the framework's Govern, Map, Measure, and Manage functions and directly targeting the generative-AI risks the profile names, confabulation and information integrity. The architecture is designed aroundthe practices in the NSA/CISA/FBI joint guidance “Deploying AI Systems Securely” (April 15, 2024): strict access controls, monitoring, and a hardened deployment environment.
- A governance gate labels every council answer (PASS or flagged) before it ships, designed around the AI RMF's four functions.
- Designed against the OWASP Top 10 for LLM Applications (2025), including LLM01 prompt injection, with multi-model cross-review.
- Wording is deliberate: 'aligned with / designed around', never 'certified' or 'audited against'.
Documented, not just declared
Beyond algorithms, Throndar maintains the governance artifacts a serious secure-AI program requires — a written threat model, an incident-response runbook with live kill-switches, and a secure-AI deployment mapping to the NSA/CISA/FBI guidance and the OWASP Top 10 for LLM Applications. These are available to enterprise customers under NDA.
- Written STRIDE threat model covering every trust boundary — reviewed quarterly and on any boundary change.
- Incident-response runbook with no-deploy kill-switches (anon demo, media engines, payment rails, token rotation).
- Secure-AI deployment + OWASP LLM Top 10 control mapping, with a defined adversarial-testing cadence.
- Available to enterprise customers under NDA.
Primitive → standard, every source linked
Each row maps a Throndar primitive to the public standard it's built on or aligned with. Identifiers link to the issuing body.
Session key establishment — hybrid X25519 + ML-KEM-1024
Second / dual signature — Falcon
National-security algorithm alignment — ML-KEM-1024 + ML-DSA-87
AI governance pipeline — Govern · Map · Measure · Manage
Governed council vs. confabulation + information integrity
Secure-AI deployment — access controls, monitoring, hardened env
LLM input/output + prompt-injection defenses
| Throndar primitive | Standard · identifier | Body | Status |
|---|---|---|---|
| Session key establishment — hybrid X25519 + ML-KEM-1024 | ML-KEM · FIPS 203 | NIST | Finalized Aug 2024 · category 5 |
| Primary message signature — ML-DSA-87 | ML-DSA · FIPS 204 | NIST | Finalized Aug 2024 · category 5 |
| Second / dual signature — Falcon | FN-DSA · FIPS 206 | NIST | Selected — standard forthcoming, not yet published |
| National-security algorithm alignment — ML-KEM-1024 + ML-DSA-87 | CNSA 2.0 algorithm suite · NSA CSI | NSA | Aligned (alignment, not certification) |
| AI governance pipeline — Govern · Map · Measure · Manage | AI Risk Management Framework 1.0 · NIST AI 100-1 | NIST | Aligned / operationalized |
| Governed council vs. confabulation + information integrity | Generative AI Profile · NIST AI 600-1 | NIST | Aligned |
| Secure-AI deployment — access controls, monitoring, hardened env | Deploying AI Systems Securely · Joint CSI | NSA / CISA / FBI | Designed around the practices |
| LLM input/output + prompt-injection defenses | Top 10 for LLM Applications 2025 (LLM01) · OWASP | OWASP (industry) | Designed against |
| SLH-DSA (hash-based signatures) | SLH-DSA · FIPS 205 | NIST | Available · opt-in (not on by default) |
Throndar implements NIST-standardized post-quantum algorithms and aligns with the NSA CNSA 2.0 algorithm suite and the NIST AI Risk Management Framework. Throndar is not FIPS 140-3 validated, not CMVP-certified, not NSA-certified, and not CNSA 2.0 compliant, and makes no certification claim. FN-DSA (FIPS 206) is a forthcoming NIST standard that is not yet published. SLH-DSA (FIPS 205) is implemented as an available, opt-in diversity co-signature (THRONDAR_SLHDSA_LEG) and is not enabled by default. Standards alignment is self-attested.