{"id":10578,"date":"2019-03-06T09:00:47","date_gmt":"2019-03-06T17:00:47","guid":{"rendered":"https:\/\/www.privateinternetaccess.com\/blog\/?p=10578"},"modified":"2024-01-31T00:41:02","modified_gmt":"2024-01-31T08:41:02","slug":"a-serious-concern-about-post-quantum-cryptography-and-strength-targets","status":"publish","type":"post","link":"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/","title":{"rendered":"A Serious Concern About Post-Quantum Cryptography and Strength Targets"},"content":{"rendered":"<p>I have been writing a number of articles about the state of the NIST post-quantum cryptography competition, with short summaries on the projects and what they are all about.<\/p>\n<p>What I haven\u2019t talked about is the structure of the competition, and my concerns about the inclusion of relative \u201cstrength targets\u201d for the new algorithms to be selected. NIST has standardized \u201csecurity levels\u201d for encryption, where you cite the latest academic research about the properties of your proposed encryption, and try to assign a \u201cstrength\u201d of your proposed scheme based on the current research. You cite both the strengths and the weaknesses that are known about your proposal and justify your choices based on the work of others. It is somewhere between a mathematical proof and peer-review. At the end of this road you come up with a number, which represents a relative \u201cbit strength\u201d that is supposed to be modeled after different strengths of <a href=\"https:\/\/en.wikipedia.org\/wiki\/Advanced_Encryption_Standard\">AES (the current encryption standard)<\/a> and <a href=\"https:\/\/en.wikipedia.org\/wiki\/Secure_Hash_Algorithms\">SHA (the current hashing standard)<\/a>.<\/p>\n<h3>The \u201csecurity levels\u201d for the NIST post-quantum competition are defined as follows:<\/h3>\n<p><strong>Security level 1<\/strong> \u2013 Any attack that breaks the relevant security definition must require computational resources comparable to or greater than those required for key search on a block cipher with a 128-bit key (e.g. AES128)<\/p>\n<p><strong>Security level 2<\/strong> \u2013 Any attack that breaks the relevant security definition must require computational resources comparable to or greater than those required for collision search on a 256-bit hash function (e.g. SHA256\/ SHA3-256)<\/p>\n<p><strong>Security level 3<\/strong> \u2013 Any attack that breaks the relevant security definition must require computational resources comparable to or greater than those required for key search on a block cipher with a 192-bit key (e.g. AES192)<\/p>\n<p><strong>Security level 4<\/strong> \u2013 Any attack that breaks the relevant security definition must require computational resources comparable to or greater than those required for collision search on a 384-bit hash function (e.g. SHA384\/ SHA3-384)<\/p>\n<p><strong>Security level 5<\/strong> \u2013 Any attack that breaks the relevant security definition must require computational resources comparable to or greater than those required for key search on a block cipher with a 256-bit key (e.g. AES256)<\/p>\n<h3>The Goal: Find New Encryption for 2020 and Beyond.<\/h3>\n<p>The primary goal of the competition is to find new asymmetric ciphers (to use as handshakes to establish secure connections) and to find a new authentication system to replace DSA\/ECDSA\/RSA to establish message authenticity and integrity checking. Both of these options need to be able to meet security level 5, which is the AES256 equivalent strength.<\/p>\n<h3>The Problem: Thin Margins of Safety<\/h3>\n<p>The problem with capping the strength on new cryptography is that new serious breakthroughs could be on the horizon that exponentially speed up analysis of these new algorithms. With such a large unknown factor, targeting today\u2019s relative strength seems like an odd choice, especially knowing that we have situations where state-level actors are collecting encrypted data and storing it away until they have the technology to break it.<\/p>\n<p>This thinking is not unfounded as <em>it has already happened<\/em> with a <a href=\"https:\/\/eprint.iacr.org\/2016\/351.pdf\">new analysis method for Ring Learning With Errors cryptography<\/a> (R-LWE). In <a href=\"https:\/\/eprint.iacr.org\/2015\/971.pdf\">this paper<\/a>, a method is described where weak rings can be found that have isogenous rings that are easier to solve. These flawed rings allow a sqrt (or faster) speedup of analysis. These are the kinds of speedups that can allow trivial breaking of encryption. A \u201cSecurity Level 1\u201d cipher that has a breakthrough that allows a sqrt speedup on analysis suddenly only has 64 or less \u201cbits of strength\u201d, which is very breakable.<\/p>\n<p>To me, with real-world evidence that speedups like this on the current candidates are possible, it seems reckless to not insert a huge margin of safety into these encryption schemes, so that they resist advancements in technology.<\/p>\n<h2>The Current Approach is not Prudent<\/h2>\n<p>NIST\u2019s approach seems to be \u201cwe\u2019ll make the keys larger if a speedup is found.\u201d Which does not seem to take into account that<strong> a significant speedup would allow all encryption up to that point to be broken<\/strong>, AND would require everyone to update\/upgrade to support the new key lengths.<\/p>\n<p>Yes, larger keys and formula values are slower to calculate, but many of these new encryption schemes are actually computationally faster than current ones, and there\u2019s room to improve the margin of safety.<\/p>\n<p>Here\u2019s hoping that the finalists for a new standard can be tuned by the end user for much larger margins of safety.<\/p>\n<p>\u00a0<\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I have been writing a number of articles about the state of the NIST post-quantum cryptography competition, with short summaries on the projects and what they are all about. What I haven\u2019t talked about is the structure of the competition, and my concerns about the inclusion of relative \u201cstrength targets\u201d for the new algorithms to &hellip; <a href=\"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;A Serious Concern About Post-Quantum Cryptography and Strength Targets&#8221;<\/span><\/a><\/p>\n","protected":false},"author":32,"featured_media":10588,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_stopmodifiedupdate":false,"_modified_date":"","footnotes":""},"categories":[12,1001,1],"tags":[1375,1104,1377,1352,932,1376],"class_list":["post-10578","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-encryption","category-news","tag-cryptanalysis","tag-cryptography","tag-handshake","tag-nist","tag-quantum-resistance","tag-signatures"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.9 (Yoast SEO v26.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>A Serious Concern About Post-Quantum Cryptography and Strength Targets<\/title>\n<meta name=\"description\" content=\"This article discusses the potential problems with assigning arbitrary &quot;strength targets&quot; for new encryption and signature schemes in the NIST competition.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A Serious Concern About Post-Quantum Cryptography and Strength Targets\" \/>\n<meta property=\"og:description\" content=\"This article discusses the potential problems with assigning arbitrary &quot;strength targets&quot; for new encryption and signature schemes in the NIST competition.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/\" \/>\n<meta property=\"og:site_name\" content=\"PIA\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/privateinternetaccess\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-03-06T17:00:47+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-31T08:41:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/03\/pq-strength-targets.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Derek Zimmer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@http:\/\/www.twitter.com\/ostifofficial\" \/>\n<meta name=\"twitter:site\" content=\"@buyvpnservice\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Derek Zimmer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/\"},\"author\":{\"name\":\"Derek Zimmer\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/e9f24badc1559621e721d94ecb18d6e1\"},\"headline\":\"A Serious Concern About Post-Quantum Cryptography and Strength Targets\",\"datePublished\":\"2019-03-06T17:00:47+00:00\",\"dateModified\":\"2024-01-31T08:41:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/\"},\"wordCount\":749,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/03\/pq-strength-targets.png\",\"keywords\":[\"cryptanalysis\",\"cryptography\",\"handshake\",\"NIST\",\"quantum resistance\",\"signatures\"],\"articleSection\":[\"Cybersecurity\",\"Encryption\",\"General Privacy News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/\",\"name\":\"A Serious Concern About Post-Quantum Cryptography and Strength Targets\",\"isPartOf\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/03\/pq-strength-targets.png\",\"datePublished\":\"2019-03-06T17:00:47+00:00\",\"dateModified\":\"2024-01-31T08:41:02+00:00\",\"description\":\"This article discusses the potential problems with assigning arbitrary \\\"strength targets\\\" for new encryption and signature schemes in the NIST competition.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/#primaryimage\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/03\/pq-strength-targets.png\",\"contentUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/03\/pq-strength-targets.png\",\"width\":1600,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.privateinternetaccess.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A Serious Concern About Post-Quantum Cryptography and Strength Targets\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#website\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/\",\"name\":\"PIA\",\"description\":\"Online privacy news from around the world.\",\"publisher\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.privateinternetaccess.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\",\"name\":\"Private Internet Access\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png\",\"contentUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png\",\"width\":1200,\"height\":1200,\"caption\":\"Private Internet Access\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/privateinternetaccess\/\",\"https:\/\/x.com\/buyvpnservice\",\"https:\/\/www.instagram.com\/piavpn\/\",\"https:\/\/www.youtube.com\/channel\/UClyJZ47Rizb1xnwuKXDI0_w\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/e9f24badc1559621e721d94ecb18d6e1\",\"name\":\"Derek Zimmer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/399c45f76a929cfe8ed46349f8166d975f7fa088108970562cf67fa46ab0176d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/399c45f76a929cfe8ed46349f8166d975f7fa088108970562cf67fa46ab0176d?s=96&d=mm&r=g\",\"caption\":\"Derek Zimmer\"},\"description\":\"Derek is a cryptographer, security expert and privacy activist. He has twelve years of security experience and six years of experience designing and implementing privacy systems. He founded the Open Source Technology Improvement Fund (OSTIF) which focuses on creating and improving open-source security solutions through auditing, bug bounties, and resource gathering and management.\",\"sameAs\":[\"https:\/\/ostif.org\/\",\"https:\/\/www.linkedin.com\/in\/derek-zimmer-2164a441\/\",\"https:\/\/x.com\/http:\/\/www.twitter.com\/ostifofficial\"],\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/author\/derek-zimmer\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"A Serious Concern About Post-Quantum Cryptography and Strength Targets","description":"This article discusses the potential problems with assigning arbitrary \"strength targets\" for new encryption and signature schemes in the NIST competition.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/","og_locale":"en_US","og_type":"article","og_title":"A Serious Concern About Post-Quantum Cryptography and Strength Targets","og_description":"This article discusses the potential problems with assigning arbitrary \"strength targets\" for new encryption and signature schemes in the NIST competition.","og_url":"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/","og_site_name":"PIA","article_publisher":"https:\/\/www.facebook.com\/privateinternetaccess\/","article_published_time":"2019-03-06T17:00:47+00:00","article_modified_time":"2024-01-31T08:41:02+00:00","og_image":[{"width":1600,"height":900,"url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/03\/pq-strength-targets.png","type":"image\/png"}],"author":"Derek Zimmer","twitter_card":"summary_large_image","twitter_creator":"@http:\/\/www.twitter.com\/ostifofficial","twitter_site":"@buyvpnservice","twitter_misc":{"Written by":"Derek Zimmer","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/#article","isPartOf":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/"},"author":{"name":"Derek Zimmer","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/e9f24badc1559621e721d94ecb18d6e1"},"headline":"A Serious Concern About Post-Quantum Cryptography and Strength Targets","datePublished":"2019-03-06T17:00:47+00:00","dateModified":"2024-01-31T08:41:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/"},"wordCount":749,"commentCount":0,"publisher":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/#primaryimage"},"thumbnailUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/03\/pq-strength-targets.png","keywords":["cryptanalysis","cryptography","handshake","NIST","quantum resistance","signatures"],"articleSection":["Cybersecurity","Encryption","General Privacy News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/","url":"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/","name":"A Serious Concern About Post-Quantum Cryptography and Strength Targets","isPartOf":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/#primaryimage"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/#primaryimage"},"thumbnailUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/03\/pq-strength-targets.png","datePublished":"2019-03-06T17:00:47+00:00","dateModified":"2024-01-31T08:41:02+00:00","description":"This article discusses the potential problems with assigning arbitrary \"strength targets\" for new encryption and signature schemes in the NIST competition.","breadcrumb":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/#primaryimage","url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/03\/pq-strength-targets.png","contentUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/03\/pq-strength-targets.png","width":1600,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/www.privateinternetaccess.com\/blog\/a-serious-concern-about-post-quantum-cryptography-and-strength-targets\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.privateinternetaccess.com\/blog\/"},{"@type":"ListItem","position":2,"name":"A Serious Concern About Post-Quantum Cryptography and Strength Targets"}]},{"@type":"WebSite","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#website","url":"https:\/\/www.privateinternetaccess.com\/blog\/","name":"PIA","description":"Online privacy news from around the world.","publisher":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.privateinternetaccess.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization","name":"Private Internet Access","url":"https:\/\/www.privateinternetaccess.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png","contentUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png","width":1200,"height":1200,"caption":"Private Internet Access"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/privateinternetaccess\/","https:\/\/x.com\/buyvpnservice","https:\/\/www.instagram.com\/piavpn\/","https:\/\/www.youtube.com\/channel\/UClyJZ47Rizb1xnwuKXDI0_w"]},{"@type":"Person","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/e9f24badc1559621e721d94ecb18d6e1","name":"Derek Zimmer","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/399c45f76a929cfe8ed46349f8166d975f7fa088108970562cf67fa46ab0176d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/399c45f76a929cfe8ed46349f8166d975f7fa088108970562cf67fa46ab0176d?s=96&d=mm&r=g","caption":"Derek Zimmer"},"description":"Derek is a cryptographer, security expert and privacy activist. He has twelve years of security experience and six years of experience designing and implementing privacy systems. He founded the Open Source Technology Improvement Fund (OSTIF) which focuses on creating and improving open-source security solutions through auditing, bug bounties, and resource gathering and management.","sameAs":["https:\/\/ostif.org\/","https:\/\/www.linkedin.com\/in\/derek-zimmer-2164a441\/","https:\/\/x.com\/http:\/\/www.twitter.com\/ostifofficial"],"url":"https:\/\/www.privateinternetaccess.com\/blog\/author\/derek-zimmer\/"}]}},"_links":{"self":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/10578","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/comments?post=10578"}],"version-history":[{"count":5,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/10578\/revisions"}],"predecessor-version":[{"id":10589,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/10578\/revisions\/10589"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/media\/10588"}],"wp:attachment":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/media?parent=10578"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/categories?post=10578"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/tags?post=10578"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}