cryptanalysis of the 10 round hash and full compression
play

Cryptanalysis of the 10-Round Hash and Full Compression Function of - PowerPoint PPT Presentation

Oct 22, 2022 •356 likes •822 views

Cryptanalysis of the 10-Round Hash and Full Compression Function of SHAvite-3-512 Praveen Gauravaram 1 , Ga eten Leurent 2 , Florian Mendel 3 , Mar a Naya-Plasencia 4 , Thomas Peyrin 5 , Christian Rechberger 6 , Martin Schl affer 3 , 1

  1. Cryptanalysis of the 10-Round Hash and Full Compression Function of SHAvite-3-512 Praveen Gauravaram 1 , Ga¨ eten Leurent 2 , Florian Mendel 3 , Mar´ ıa Naya-Plasencia 4 , Thomas Peyrin 5 , Christian Rechberger 6 , Martin Schl¨ affer 3 , 1 Department of Mathematics, DTU, Denmark, 2 ENS, France, 3 IAIK, TU Graz, Austria, 4 FHNW Windisch, Switzerland, 5 Ingenico, France, 6 ESAT/COSIC, K.U.Leuven and IBBT, Belgium Africacrypt 2010 (initially discussed at ECRYPT2 Hash3 workshop) Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 1 / 31

  2. Outline Motivation 1 SHAvite-3 2 Basic Attack Strategy 3 Attack on Compression Function 4 Attack on Hash Function 5 6 Conclusion Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 2 / 31

  3. Overview Motivation 1 SHAvite-3 2 Basic Attack Strategy 3 Attack on Compression Function 4 Attack on Hash Function 5 6 Conclusion Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 3 / 31

  4. Cryptographic Hash Function n ∗ m h ( m ) h Hash function h maps arbitrary length input m to n -bit output h ( m ) Collision Resistance find m , m ′ with m � = m ′ and h ( m ) = h ( m ′ ) birthday attack applies (freedom to choose h ( m ) ) generic complexity: 2 n / 2 Second-Preimage Resistance given m , h ( m ) find m ′ with m � = m ′ and h ( m ) = h ( m ′ ) generic complexity: 2 n Preimage Resistance given h ( m ) find m generic complexity: 2 n Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 4 / 31

  5. Hash Function Cryptanalysis Recent improvements in hash functions cryptanalysis last decade: major weaknesses in many hash functions especially in MD-family of hash functions NIST standard SHA-1 broken NIST SHA-3 competition [Nat07] (2008-2012) find a successor of SHA-1 and SHA-2 similar as AES competition (2000) Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 5 / 31

  6. SHA-3 Candidates 64 submissions to NIST call (October 2008) 51 round 1 candidates (December 2008) many broken, too slow, not chosen, ... 14 round 2 candidates (August 2009) chosen by NIST, tweaks allowed 5 finalists (fall 2010) to focus analysis choose winner in 2011 standardize SHA-3 in 2012 Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 6 / 31

  7. How to Compare Attacks on SHA-3 Candidates? Attacks on Building Blocks very different requirements for different designs building blocks often not ideal sponge: trivial “compression function” collisions/preimages distinguishers on building blocks? when is an attack interesting? NIST: not anticipated by the designers if it extends to the hash function Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 7 / 31

  8. How to Compare Attacks on SHA-3 Candidates? Attacks on Building Blocks very different requirements for different designs building blocks often not ideal sponge: trivial “compression function” collisions/preimages distinguishers on building blocks? when is an attack interesting? NIST: not anticipated by the designers if it extends to the hash function Attacks on Hash Function same requirements for all candidates a lot easier to compare attacks on reduced hash function? still hard to compare different security parameter(s) Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 7 / 31

  9. How to Compare Attacks on SHA-3 Candidates? Attacks on Building Blocks very different requirements for different designs building blocks often not ideal sponge: trivial “compression function” collisions/preimages distinguishers on building blocks? when is an attack interesting? NIST: not anticipated by the designers if it extends to the hash function Attacks on Hash Function same requirements for all candidates a lot easier to compare attacks on reduced hash function? still hard to compare different security parameter(s) Collection of SHA-3 Attacks: http://ehash.iaik.tugraz.at/wiki/The SHA-3 Zoo Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 7 / 31

  10. Overview Motivation 1 SHAvite-3 2 Basic Attack Strategy 3 Attack on Compression Function 4 Attack on Hash Function 5 6 Conclusion Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 8 / 31

  11. Description of SHAvite-3-512 M 1 M 2 M 3 M t f f f f H ( m ) IV n n n n cnt salt cnt salt cnt salt cnt salt Designed by Orr Dunkelman and Eli Biham [BD08] Round 2 candidate tweaked Iterated hash function single-pipe construction Haifa design principle Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 9 / 31

  12. SHAvite-3-512 Compression Function h i − 1 M i cnt salt state key update schedule h i block cipher in Davies-Meyer mode state update: 14-round Feistel network (F-function: 4 AES rounds) key schedule: parallel AES rounds with linear mixing layers Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 10 / 31

  13. State Update A i B i C i D i F i F ′ i RK i RK ′ i A i + 1 B i + 1 C i + 1 D i + 1 F i ( x ) = AES ( AES ( AES ( AES ( x ⊕ k 0 0 , i ) ⊕ k 1 0 , i ) ⊕ k 2 0 , i ) ⊕ k 3 0 , i ) AES ( x ) = MixColumns ( ShiftRows ( SubBytes ( x ))) RK i = ( k 0 0 , i , k 1 0 , i , k 2 0 , i , k 3 0 , i ) Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 11 / 31

  14. Key Schedule k 0 k 1 k 2 k 3 k 0 k 1 k 2 k 3 0 , 8 0 , 8 0 , 8 0 , 8 1 , 8 1 , 8 1 , 8 1 , 8 AES AES AES AES AES AES AES AES ( s 0 , s 1 , s 2 , s 3) ( s 4 , s 5 , s 6 , s 7) ( s 8 , s 9 , s 10 , s 11) ( s 12 , s 13 , s 14 , s 15) ( s 0 , s 1 , s 2 , s 3) ( s 4 , s 5 , s 6 , s 7) ( s 8 , s 9 , s 10 , s 11) ( s 12 , s 13 , s 14 , s 15) cnt [2] cnt [3] cnt [0] cnt [1] k 0 k 1 k 2 k 3 k 0 k 1 k 2 k 3 0 , 9 0 , 9 0 , 9 0 , 9 1 , 9 1 , 9 1 , 9 1 , 9 Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 12 / 31

  15. Key Schedule k 0 k 1 k 2 k 3 k 0 k 1 k 2 k 3 0 , 9 0 , 9 0 , 9 0 , 9 1 , 9 1 , 9 1 , 9 1 , 9 k 0 k 1 k 2 k 3 k 0 k 1 k 2 k 3 0 , 10 0 , 10 0 , 10 0 , 10 1 , 10 1 , 10 1 , 10 1 , 10 Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 12 / 31

  16. Key Schedule (schematic) RK 0 RK ′ M = 1024 bit 0 AES ( k i , j ⊕ salt ) (8 × AES ) c 3 c 2 c 1 c 0 Linear Layer 1 RK 1 RK ′ 1 Linear Layer 2 RK 2 RK ′ 2 AES ( k i , j ⊕ salt ) c 2 c 3 c 0 c 1 Linear Layer 1 RK 3 RK ′ 3 Linear Layer 2 RK 4 RK ′ 4 AES ( k i , j ⊕ salt ) Linear Layer 1 RK 5 RK ′ 5 c 1 c 0 c 3 c 2 Linear Layer 2 RK 6 RK ′ 6 Round 1: plain counter words added: cnt = c 0 c 1 c 2 c 3 Round 2: inverted and shuffled counter words added Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 13 / 31

  17. Overview Motivation 1 SHAvite-3 2 Basic Attack Strategy 3 Attack on Compression Function 4 Attack on Hash Function 5 6 Conclusion Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 14 / 31

  18. Cancellation Property [BDLF09] A i B i C i D i F ′ F i i RK i RK ′ i A i + 1 B i + 1 C i + 1 D i + 1 F i + 1 F ′ i + 1 RK i + 1 RK ′ i + 1 B i ⊕ F ′ i + 1 ( D i + 1 ) A i + 2 B i + 2 C i + 2 D i + 2 F i + 2 F ′ i + 2 RK i + 2 RK ′ i + 2 B i ⊕ F ′ i + 1 ( D i + 1 ) A i + 3 B i + 3 C i + 3 D i + 3 F ′ F i + 3 i + 3 RK i + 3 RK ′ i + 3 A i + 4 B i + 4 C i + 4 D i + 4 Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 15 / 31

  19. Cancellation Property [BDLF09] A i B i C i D i F ′ F i i idea: keep B i unchanged RK i RK ′ i B i + 4 = B i A i + 1 B i + 1 B i C i + 1 D i + 1 F i + 1 F ′ i + 1 RK i + 1 RK ′ i + 1 B i ⊕ F ′ i + 1 ( D i + 1 ) A i + 2 B i + 2 C i + 2 D i + 2 F i + 2 F ′ i + 2 RK i + 2 RK ′ i + 2 B i ⊕ F ′ i + 1 ( D i + 1 ) A i + 3 B i + 3 C i + 3 D i + 3 F ′ F i + 3 i + 3 B i RK ′ RK i + 3 i + 3 A i + 4 B i + 4 C i + 4 D i + 4 Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 15 / 31

  20. Cancellation Property [BDLF09] A i B i C i D i F ′ F i i idea: keep B i unchanged RK i RK ′ i B i + 4 = B i A i + 1 B i + 1 B i C i + 1 D i + 1 when does this happen? F i + 1 F ′ i + 1 F i + 3 ( B i + 3 ) = F ′ i + 1 ( D i + 1 ) RK i + 1 RK ′ i + 1 B i ⊕ F ′ B i ⊕ F ′ i + 1 ( D i + 1 ) i + 1 ( D i + 1 ) A i + 2 B i + 2 C i + 2 D i + 2 F i + 2 F ′ i + 2 RK i + 2 RK ′ i + 2 B i ⊕ F ′ B i ⊕ F ′ i + 1 ( D i + 1 ) i + 1 ( D i + 1 ) A i + 3 B i + 3 C i + 3 D i + 3 F ′ F i + 3 i + 3 B i RK ′ RK i + 3 i + 3 A i + 4 B i + 4 C i + 4 D i + 4 Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 15 / 31

  21. Cancellation Property [BDLF09] A i B i C i D i F ′ F i i idea: keep B i unchanged RK i RK ′ i B i + 4 = B i A i + 1 B i + 1 B i C i + 1 D i + 1 when does this happen? F i + 1 F ′ i + 1 F i + 3 ( B i + 3 ) = F ′ i + 1 ( D i + 1 ) RK i + 1 RK ′ i + 1 or more specific: B i ⊕ F ′ B i ⊕ F ′ i + 1 ( D i + 1 ) i + 1 ( D i + 1 ) F i + 2 ( B i + 2 ) = 0 D i + 1 A i + 2 B i + 2 C i + 2 D i + 2 RK i + 3 = RK ′ 0 F i + 2 F ′ i + 1 i + 2 D i + 1 RK i + 2 RK ′ i + 2 second case: B i ⊕ F ′ B i ⊕ F ′ i + 1 ( D i + 1 ) i + 1 ( D i + 1 ) A i + 3 B i + 3 C i + 3 D i + 3 two 128-bit conditions F ′ F i + 3 i + 3 but easier to fulfill B i RK ′ RK i + 3 i + 3 conditions can be “interleaved” A i + 4 B i + 4 C i + 4 D i + 4 Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 15 / 31

  22. Interleaving interleave cancellation property with same value Z = B i = B i + 4 Z = B i + 2 = B i + 4 Martin Schl¨ affer Africacrypt 2010 Cryptanalysis of SHAvite-3-512 16 / 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cryptanalysis of Round-Reduced KECCAK using Non-Linear Structures Mahesh Sreekumar Rajasree

Cryptanalysis of Round-Reduced KECCAK using Non-Linear Structures Mahesh Sreekumar Rajasree

Cryptanalysis of Round-Reduced KECCAK using Non-Linear Structures Mahesh Sreekumar Rajasree Center for Cybersecurity, Indian Institute of Technology Kanpur INDOCRYPT 2019, Hyderabad Outline 2 Introduction Hash function Structure of KECCAK

752 views • 50 slides
Algebraic Cryptanalysis of Round-Reduced Keccak with Linear Structures Meicheng Liu joint work

Algebraic Cryptanalysis of Round-Reduced Keccak with Linear Structures Meicheng Liu joint work

Algebraic Cryptanalysis of Round-Reduced Keccak with Linear Structures Meicheng Liu joint work with Jian Guo and Ling Song ASK 2016, September 2016 1/45 Outline Introduction SHA-3 hash function Specifications of Keccak Main Results

913 views • 65 slides
Hash function design and MD2, MD4, MD5 Title of Presentation SHA-512 SHA-1 cryptanalysis:

Hash function design and MD2, MD4, MD5 Title of Presentation SHA-512 SHA-1 cryptanalysis:

Hash Functions June 2013 Bart Preneel Hash functions X.509 Annex D RIPEMD-160 SHA-3 MDC-2 SHA-256 Hash function design and MD2, MD4, MD5 Title of Presentation SHA-512 SHA-1 cryptanalysis: basic topics Bart Preneel This is an input to

402 views • 14 slides
Linear Structures: Applications to Cryptanalysis of Round-Reduced Keccak Meicheng Liu joint work

Linear Structures: Applications to Cryptanalysis of Round-Reduced Keccak Meicheng Liu joint work

Linear Structures: Applications to Cryptanalysis of Round-Reduced Keccak Meicheng Liu joint work with Jian Guo and Ling Song Asiacrypt 2016 1/28 Outline Introduction SHA-3 hash function Linear Structures Linear structures of Keccak-f

474 views • 43 slides
Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must

Hash Functions Hash Functions 1 Cryptographic Hash Function Crypto hash function h(x) must provide o Compression output length is small o Efficiency h(x) easy to compute for any x o One-way given a value y it is infeasible to find

465 views • 42 slides
(username, password) ? x ? ? ? ? but (username,hash(password))

(username, password) ? x ? ? ? ? but (username,hash(password))

Hash Functions - Bart Preneel June 2016 Hash functions X.509 Annex D RIPEMD-160 SHA-3 MDC-2 SHA-256 MD2, MD4, MD5 Introduction to the SHA-512 SHA-1 Design and Cryptanalysis of Cryptographic Hash Functions This is an input to a crypto-

517 views • 10 slides
A Tool for Differential Cryptanalysis of ARX Based Hash Functions Florian Mendel KU Leuven,

A Tool for Differential Cryptanalysis of ARX Based Hash Functions Florian Mendel KU Leuven,

A Tool for Differential Cryptanalysis of ARX Based Hash Functions Florian Mendel KU Leuven, Belgium Outline 1 Motivation 2 Application to SHA-1 3 Application to other Hash Functions 4 Summary and Future Work Collision Attacks on the

652 views • 46 slides
New Techniques for Cryptanalysis of Cryptographic Hash Functions Rafi Chen Department of

New Techniques for Cryptanalysis of Cryptographic Hash Functions Rafi Chen Department of

New Techniques for Cryptanalysis of Cryptographic Hash Functions Rafi Chen Department of Computer Science, Technion Israel Institute of Technology Joint work with Eli Biham Cryptoday 2011 p. 1/52 Talk Outline Definition and properties

963 views • 95 slides
Tools in Cryptanalysis of Hash Functions Application to SHA-256 Florian Mendel Institute for

Tools in Cryptanalysis of Hash Functions Application to SHA-256 Florian Mendel Institute for

Tools in Cryptanalysis of Hash Functions Application to SHA-256 Florian Mendel Institute for Applied Information Processing and Communications (IAIK) Graz University of Technology Inffeldgasse 16a, A-8010 Graz, Austria Outline Motivation 1

602 views • 42 slides
Cryptanalysis of FORK-256 and some comments on the state of hash functions research Krystian

Cryptanalysis of FORK-256 and some comments on the state of hash functions research Krystian

Cryptanalysis of FORK-256 and some comments on the state of hash functions research Krystian Matusiewicz kmatus@ics.mq.edu.au Centre for Advanced Computing Algorithms and Cryptography, Department of Computing, Macquarie University IM PAN, 20

859 views • 55 slides
Introduction to the Design and Title of Presentation Cryptanalysis of Cryptographic Hash

Introduction to the Design and Title of Presentation Cryptanalysis of Cryptographic Hash

Introduction to the Design and Title of Presentation Cryptanalysis of Cryptographic Hash Functions Bart Preneel KU Leuven - COS IC firstname.lastname@ esat.kuleuven.be Design and S ecurity of Cryptographic Functions, Algorithms and Devices

982 views • 67 slides
/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of

/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of

/ 33 1 Cryptanalysis of Reduced round SKINNY Block Cipher Outline A brief description of SKINNY Zero-Correlation Linear Cryptanalysis of SKINNY MILP model for SKINNY64 cipher Using MILP in Impossible differential

420 views • 31 slides
New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia Ya Liu 1 ,

New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia Ya Liu 1 ,

New Observations on Impossible Differential Cryptanalysis of Reduced-Round Camellia Ya Liu 1 , Leibo Li 2 , Dawu Gu 1 , Xiaoyun Wang 2,3 , Zhiqiang Liu 1 , Jiazhe Chen 2 , Wei Li 4 1. Shanghai Jiao Tong University, 2. Shangdong University 3.

472 views • 25 slides
Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and

Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and

Cryptanalysis of Modern Symmetric-Key Block Ciphers [Based on A Tutorial on Linear and Differential Cryptanalysis by Howard Heys.] Modern block ciphers (like DES and AES): - proceed in rounds - each round has its own round key or subkey

644 views • 21 slides
x ? ? ? ? computation easy One Way Hash Function (OWHF) h h h h h

x ? ? ? ? computation easy One Way Hash Function (OWHF) h h h h h

ECRYPT Bart Preneel Emerging Topics in Cryptographic Design and Cryptanalysis Generic Constructions 30 April- 4 May 2007, Samos Greece for Iterated Hash Functions Outline Generic Constructions Generic Constructions for Iterated Hash

759 views • 10 slides
Cryptanalysis of WIDEA Conclusion Hash collisions Key recovery Truncated differential FSE 2013

Cryptanalysis of WIDEA Conclusion Hash collisions Key recovery Truncated differential FSE 2013

Introduction 1/24 Gatan Leurent Cryptanalysis of WIDEA Conclusion Hash collisions Key recovery Truncated differential FSE 2013 UCL Crypto Group FSE 2013 Cryptanalysis of WIDEA G. Leurent Microelectronics Laboratory UCL Crypto Group

617 views • 32 slides
CAN AUTHENTICATION AND ENCRYPTION February 2017 CAN PROVIDES MULTIPLE ATTACK VECTORS Record

CAN AUTHENTICATION AND ENCRYPTION February 2017 CAN PROVIDES MULTIPLE ATTACK VECTORS Record

Implementing scalable CAN Security with CANcrypt by Olaf Pfeiffer CAN AUTHENTICATION AND ENCRYPTION February 2017 CAN PROVIDES MULTIPLE ATTACK VECTORS Record and re-play messages Can trigger desired actions Re-engineering

320 views • 21 slides
Cryptanalysis of the Knapsack Generator Simon Knellwolf Willi Meier FHNW, Switzerland FSE 2011,

Cryptanalysis of the Knapsack Generator Simon Knellwolf Willi Meier FHNW, Switzerland FSE 2011,

Cryptanalysis of the Knapsack Generator Simon Knellwolf Willi Meier FHNW, Switzerland FSE 2011, February 14-16, Lyngby, Denmark. 1 / 15 Knapsack Generator n -bit integers w 0 , . . . , w n 1 ( weights ) n -bit LFSR sequence u 0 , u 1 , u 2

337 views • 15 slides
Tink: a cryptographic library Bartosz Przydatek joint work with Daniel Bleichenbacher and Thai

Tink: a cryptographic library Bartosz Przydatek joint work with Daniel Bleichenbacher and Thai

slides from presentation at Real World Crypto 2019 Tink: a cryptographic library Bartosz Przydatek joint work with Daniel Bleichenbacher and Thai Duong with contributions by Haris Andrianakis , Thanh Bui , Thomas Holenstein , Charles Lee , Erhan

657 views • 38 slides
The case for ubiquitous transport-level encryption Andrea Bittau, Michael Hamburg, Mark Handley,

The case for ubiquitous transport-level encryption Andrea Bittau, Michael Hamburg, Mark Handley,

Introduction tcpcrypt Performance Conclusion 1/25 The case for ubiquitous transport-level encryption Andrea Bittau, Michael Hamburg, Mark Handley, David Mazi` eres, and Dan Boneh Stanford and UCL August 13, 2010 Goals Introduction

615 views • 42 slides
Introduction to Cryptography Slide 1 Definition process data into unintelligible form,

Introduction to Cryptography Slide 1 Definition process data into unintelligible form,

1 Introduction to Cryptography Slide 1 Definition process data into unintelligible form, reversibly, without data loss typically digitally usually one-to-one in size $ compression analog cryptography: voice changers, shredder

331 views • 10 slides
Data integrity protection Data integrity protection with cryptsetup tools with cryptsetup tools

Data integrity protection Data integrity protection with cryptsetup tools with cryptsetup tools

Centre for Research on Cryptography and Security research.redhat.com crocs.fi.muni.cz Data integrity protection Data integrity protection with cryptsetup tools with cryptsetup tools What is the Linux dm-integrity module and What is the

883 views • 25 slides
University of California San Francisco Department of Pathology 35 th Annual Current Issues in

University of California San Francisco Department of Pathology 35 th Annual Current Issues in

University of California San Francisco Department of Pathology 35 th Annual Current Issues in Anatomic Pathology May 23, 2019 12:15-1:15 pm Problematic Cases on the GI service grace.kim@ucsf.edu Topics Covered Focus on problematic areas in the

102 views • 8 slides
Serrated colorectal polyps serrated adenoma superhighway to colon cancer Implications for the

Serrated colorectal polyps serrated adenoma superhighway to colon cancer Implications for the

5/24/2013 2013 CURRENT ISSUES IN SURGICAL PATHOLOGY Serrated colorectal polyps Terminology and the emergence of sessile Serrated colorectal polyps serrated adenoma superhighway to colon cancer Implications for the surgical pathologist

395 views • 25 slides

More recommend