Randomized Smoothing (RS) has been proven a promising method for endowing an arbitrary image classifier with certified robustness. However, the substantial uncertainty inherent in the high-dimensional isotropic Gaussian noise imposes the curse of dimensionality on RS. Specifically, the upper bound of ${\ell_2}$ certified robustness radius provided by RS exhibits a diminishing trend with the expansion of the input dimension $d$, proportionally decreasing at a rate of $1/\sqrt{d}$. This paper explores the feasibility of providing ${\ell_2}$ certified robustness for high-dimensional input through the utilization of dual smoothing in the lower-dimensional space. The proposed Dual Randomized Smoothing (DRS) down-samples the input image into two sub-images and smooths the two sub-images in lower dimensions. Theoretically, we prove that DRS guarantees a tight ${\ell_2}$ certified robustness radius for the original input and reveal that DRS attains a superior upper bound on the ${\ell_2}$ robustness radius, which decreases proportionally at a rate of $(1/\sqrt m + 1/\sqrt n )$ with $m+n=d$. Extensive experiments demonstrate the generalizability and effectiveness of DRS, which exhibits a notable capability to integrate with established methodologies, yielding substantial improvements in both accuracy and ${\ell_2}$ certified robustness baselines of RS on the CIFAR-10 and ImageNet datasets. Code is available at https://github.com/xiasong0501/DRS.

翻译：随机平滑（RS）已被证明是一种为任意图像分类器赋予认证鲁棒性的有效方法。然而，高维各向同性高斯噪声中固有的巨大不确定性给RS带来了维度灾难问题。具体而言，RS提供的${\ell_2}$认证鲁棒半径上界会随着输入维度$d$的增大呈$1/\sqrt{d}$的比例递减趋势。本文探索了通过在下维空间进行双重平滑，为高维输入提供${\ell_2}$认证鲁棒性的可行性。提出的双重随机平滑（DRS）方法将输入图像降采样为两个子图像，并在较低维度上对这两个子图像进行平滑处理。理论层面，我们证明了DRS能够保证原始输入具有紧致的${\ell_2}$认证鲁棒半径，并揭示了DRS可获得更优的${\ell_2}$鲁棒半径上界，该上界以$(1/\sqrt m + 1/\sqrt n )$的速率随$m+n=d$递减。大量实验验证了DRS的泛化能力和有效性，该方法能显著与现有技术相融合，在CIFAR-10和ImageNet数据集上大幅提升RS的准确率与${\ell_2}$认证鲁棒基线。代码开源地址：https://github.com/xiasong0501/DRS。