Standards & Trust

Built on government cryptography standards

Throndar is built on the post-quantum algorithms NIST standardized and the algorithm suite NSA selected for national security systems — and governs every answer under the NIST AI Risk Management Framework. Below is the full primitive-to-standard mapping, with every source linked.

NIST PQC algorithmsAligned with CNSA 2.0 suiteNIST AI RMF alignedNo certification claimed
Post-quantum cryptography

NIST-standardized, today

Throndar protects session keys with ML-KEM-1024 — the highest-strength (NIST security category 5) parameter set of the NIST-standardized key-encapsulation algorithm (FIPS 203, finalized August 13, 2024) — deployed in a hybrid alongside classical X25519. Messages are signed with ML-DSA-87 (FIPS 204, category 5). A second, independent post-quantum signature uses Falcon — the algorithm NIST selected for its forthcoming FN-DSA standard (FIPS 206, still in development) — giving every signature two different lattice foundations.

  • Key exchange: hybrid X25519 + ML-KEM-1024 (classical + NIST-standardized lattice KEM).
  • Signatures: ML-DSA-87 (FIPS 204) plus a Falcon dual-signature — two independent lattice families.
  • Falcon is an addition; FN-DSA (FIPS 206) is selected by NIST but not yet published — Throndar makes no FIPS 206 claim.
  • Verifiable provenance: every answer is ML-DSA-87-signed into a tamper-evident receipt you can verify in your own browser at /verify/receipt.
National-security alignment

Aligned with the CNSA 2.0 algorithm suite

Throndar's post-quantum core uses the same two algorithms, at the same maximum parameter sets, that NSA's Commercial National Security Algorithm Suite 2.0 specifies for U.S. National Security Systems: ML-KEM-1024 for key establishment and ML-DSA-87 for signatures. The U.S. government's quantum strategy (National Security Memorandum 10, 2022) set a goal for national security systems to be quantum-resistant by 2035 — Throndar already runs on those algorithms today.

  • Algorithm alignment with the CNSA 2.0 suite (ML-KEM-1024 + ML-DSA-87) — alignment, not certification.
  • Closes the 'harvest now, decrypt later' window CISA, NSA, and NIST warn about — long-secrecy data is protected now.
  • Falcon is an added second signature, described separately and NOT part of CNSA 2.0.

“Aligned with the CNSA 2.0 algorithm suite” describes our algorithm choices. Throndar is not CNSA 2.0 compliant, NSA-certified, or approved for National Security Systems.

AI governance

Every answer governed under the NIST AI RMF

Throndar's governed Mixture-of-Agents operationalizes the NIST AI Risk Management Framework (NIST AI 100-1, January 2023) and aligns with its Generative AI Profile (NIST AI 600-1, July 2024): every answer is routed, deliberated across the council, and run through a governance gate that labels it (PASS or flagged) before it ships — embodying the framework's Govern, Map, Measure, and Manage functions and directly targeting the generative-AI risks the profile names, confabulation and information integrity. The architecture is designed aroundthe practices in the NSA/CISA/FBI joint guidance “Deploying AI Systems Securely” (April 15, 2024): strict access controls, monitoring, and a hardened deployment environment.

  • A governance gate labels every council answer (PASS or flagged) before it ships, designed around the AI RMF's four functions.
  • Designed against the OWASP Top 10 for LLM Applications (2025), including LLM01 prompt injection, with multi-model cross-review.
  • Wording is deliberate: 'aligned with / designed around', never 'certified' or 'audited against'.
Security practices

Documented, not just declared

Beyond algorithms, Throndar maintains the governance artifacts a serious secure-AI program requires — a written threat model, an incident-response runbook with live kill-switches, and a secure-AI deployment mapping to the NSA/CISA/FBI guidance and the OWASP Top 10 for LLM Applications. These are available to enterprise customers under NDA.

  • Written STRIDE threat model covering every trust boundary — reviewed quarterly and on any boundary change.
  • Incident-response runbook with no-deploy kill-switches (anon demo, media engines, payment rails, token rotation).
  • Secure-AI deployment + OWASP LLM Top 10 control mapping, with a defined adversarial-testing cadence.
  • Available to enterprise customers under NDA.
The mapping

Primitive → standard, every source linked

Each row maps a Throndar primitive to the public standard it's built on or aligned with. Identifiers link to the issuing body.

Session key establishment — hybrid X25519 + ML-KEM-1024

Finalized Aug 2024 · category 5

Primary message signature — ML-DSA-87

Finalized Aug 2024 · category 5

Second / dual signature — Falcon

Selected — standard forthcoming, not yet published

National-security algorithm alignment — ML-KEM-1024 + ML-DSA-87

Aligned (alignment, not certification)

AI governance pipeline — Govern · Map · Measure · Manage

Aligned / operationalized

Governed council vs. confabulation + information integrity

Aligned

Secure-AI deployment — access controls, monitoring, hardened env

Designed around the practices

LLM input/output + prompt-injection defenses

Designed against

SLH-DSA (hash-based signatures)

Available · opt-in (not on by default)

Throndar implements NIST-standardized post-quantum algorithms and aligns with the NSA CNSA 2.0 algorithm suite and the NIST AI Risk Management Framework. Throndar is not FIPS 140-3 validated, not CMVP-certified, not NSA-certified, and not CNSA 2.0 compliant, and makes no certification claim. FN-DSA (FIPS 206) is a forthcoming NIST standard that is not yet published. SLH-DSA (FIPS 205) is implemented as an available, opt-in diversity co-signature (THRONDAR_SLHDSA_LEG) and is not enabled by default. Standards alignment is self-attested.