Adversarial robustness is a critical property in a variety of modern machine learning applications. While it has been the subject of several recent theoretical studies, many important questions related to adversarial robustness are still open. In this work, we study a fundamental question regarding Bayes optimality for adversarial robustness. We provide general sufficient conditions under which the existence of a Bayes optimal classifier can be guaranteed for adversarial robustness. Our results can provide a useful tool for a subsequent study of surrogate losses in adversarial robustness and their consistency properties. This manuscript is the extended and corrected version of the paper \emph{On the Existence of the Adversarial Bayes Classifier} published in NeurIPS 2021. There were two errors in theorem statements in the original paper -- one in the definition of pseudo-certifiable robustness and the other in the measurability of $A^\e$ for arbitrary metric spaces. In this version we correct the errors. Furthermore, the results of the original paper did not apply to some non-strictly convex norms and here we extend our results to all possible norms.

翻译：对抗鲁棒性是现代机器学习应用中一个至关重要的性质。尽管近期已有若干理论研究涉及该主题，但关于对抗鲁棒性的许多重要问题仍未解决。本文研究了一个与对抗鲁棒性贝叶斯最优性相关的根本性问题。我们给出了保证对抗鲁棒性存在贝叶斯最优分类器的一般充分条件。我们的研究成果可为后续研究对抗鲁棒性中的替代损失及其一致性性质提供有效工具。本手稿是发表于NeurIPS 2021的论文《关于对抗性贝叶斯分类器存在性》的扩展与修正版本。原论文中定理陈述存在两处错误——其一为伪可证鲁棒性的定义有误，其二为任意度量空间下$A^\e$的可测性问题。本版本已修正上述错误。此外，原论文结果不适用于某些非严格凸范数，本研究将结果扩展至所有可能的范数。