Randomized smoothing is currently considered the state-of-the-art method to obtain certifiably robust classifiers. Despite its remarkable performance, the method is associated with various serious problems such as "certified accuracy waterfalls", certification vs.\ accuracy trade-off, or even fairness issues. Input-dependent smoothing approaches have been proposed with intention of overcoming these flaws. However, we demonstrate that these methods lack formal guarantees and so the resulting certificates are not justified. We show that in general, the input-dependent smoothing suffers from the curse of dimensionality, forcing the variance function to have low semi-elasticity. On the other hand, we provide a theoretical and practical framework that enables the usage of input-dependent smoothing even in the presence of the curse of dimensionality, under strict restrictions. We present one concrete design of the smoothing variance function and test it on CIFAR10 and MNIST. Our design mitigates some of the problems of classical smoothing and is formally underlined, yet further improvement of the design is still necessary.

翻译：随机平滑当前被认为是获得可证明鲁棒分类器的最先进方法。尽管其性能卓越，但该方法伴随着各种严重问题，例如“认证准确率瀑布”、认证与准确率之间的权衡，甚至公平性问题。为解决这些缺陷，研究人员提出了依赖于输入的平滑方法。然而，我们证明这些方法缺乏形式化保证，因此所得认证结果缺乏合理性。我们表明，在一般情况下，依赖于输入的平滑会受到维数灾难的影响，迫使方差函数具有低半弹性。另一方面，我们提供了一个理论与实践的框架，在严格限制下，即使存在维数灾难，也能使用依赖于输入的平滑。我们提出了一种具体的平滑方差函数设计，并在CIFAR10和MNIST数据集上进行了测试。该设计缓解了经典平滑的部分问题，且具有形式化基础，但进一步优化设计仍属必要。