Randomized Smoothing (RS) has been proven a promising method for endowing an arbitrary image classifier with certified robustness. However, the substantial uncertainty inherent in the high-dimensional isotropic Gaussian noise imposes the curse of dimensionality on RS. Specifically, the upper bound of ${\ell_2}$ certified robustness radius provided by RS exhibits a diminishing trend with the expansion of the input dimension $d$, proportionally decreasing at a rate of $1/\sqrt{d}$. This paper explores the feasibility of providing ${\ell_2}$ certified robustness for high-dimensional input through the utilization of dual smoothing in the lower-dimensional space. The proposed Dual Randomized Smoothing (DRS) down-samples the input image into two sub-images and smooths the two sub-images in lower dimensions. Theoretically, we prove that DRS guarantees a tight ${\ell_2}$ certified robustness radius for the original input and reveal that DRS attains a superior upper bound on the ${\ell_2}$ robustness radius, which decreases proportionally at a rate of $(1/\sqrt m + 1/\sqrt n )$ with $m+n=d$. Extensive experiments demonstrate the generalizability and effectiveness of DRS, which exhibits a notable capability to integrate with established methodologies, yielding substantial improvements in both accuracy and ${\ell_2}$ certified robustness baselines of RS on the CIFAR-10 and ImageNet datasets. Code is available at https://github.com/xiasong0501/DRS.

翻译：随机平滑（RS）已被证明是一种赋予任意图像分类器认证鲁棒性的有效方法。然而，高维各向同性高斯噪声固有的巨大不确定性给RS带来了维度灾难。具体而言，RS提供的${\ell_2}$认证鲁棒半径上界随着输入维度$d$的扩大呈现递减趋势，其下降速率与$1/\sqrt{d}$成正比。本文探讨了通过在低维空间中使用双重平滑为高维输入提供${\ell_2}$认证鲁棒性的可行性。所提出的双重随机平滑（DRS）方法将输入图像下采样为两个子图像，并在更低维度上对这两个子图像进行平滑处理。理论上，我们证明了DRS能够为原始输入保证一个紧致的${\ell_2}$认证鲁棒半径，并揭示了DRS在${\ell_2}$鲁棒半径上获得了更优的上界，该上界以$(1/\sqrt m + 1/\sqrt n )$的速率下降，其中$m+n=d$。大量实验证明了DRS的泛化能力和有效性，该方法展现出与现有方法结合的显著能力，在CIFAR-10和ImageNet数据集上，相较于RS的基线，在准确率和${\ell_2}$认证鲁棒性方面均取得了显著提升。代码发布于https://github.com/xiasong0501/DRS。