{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2018:XHDYTO5DN46M62VNC6SFZUNMRD","short_pith_number":"pith:XHDYTO5D","schema_version":"1.0","canonical_sha256":"b9c789bba36f3ccf6aad17a45cd1ac88d001807f2808e4e3ea9bb7790bd89038","source":{"kind":"arxiv","id":"1802.03471","version":4},"attestation_state":"computed","paper":{"title":"Certified Robustness to Adversarial Examples with Differential Privacy","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.AI","cs.CR","cs.LG"],"primary_cat":"stat.ML","authors_text":"Daniel Hsu, Mathias Lecuyer, Roxana Geambasu, Suman Jana, Vaggelis Atlidakis","submitted_at":"2018-02-09T22:24:50Z","abstract_excerpt":"Adversarial examples that fool machine learning models, particularly deep neural networks, have been a topic of intense research interest, with attacks and defenses being developed in a tight back-and-forth. Most past defenses are best effort and have been shown to be vulnerable to sophisticated attacks. Recently a set of certified defenses have been introduced, which provide guarantees of robustness to norm-bounded attacks, but they either do not scale to large datasets or are limited in the types of models they can support. This paper presents the first certified defense that both scales to "},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"1802.03471","kind":"arxiv","version":4},"metadata":{"license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","primary_cat":"stat.ML","submitted_at":"2018-02-09T22:24:50Z","cross_cats_sorted":["cs.AI","cs.CR","cs.LG"],"title_canon_sha256":"42dbb48993bae6dd8fe86ae60328e3b428ce1eabcdfc4a6a9218e8e9a5a92a23","abstract_canon_sha256":"18f696323537f647c9727498bbf3e688812893f401aadf1fda8e383076ad9565"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-05-17T23:44:48.432708Z","signature_b64":"aAwWSSpcI+FFPheV5vSV0Zt9r637QNcUSPG4ibDFwopSOZZwxOzACnc7xAtnXma4AGoYnz6ftSypQScVaXrCAg==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"b9c789bba36f3ccf6aad17a45cd1ac88d001807f2808e4e3ea9bb7790bd89038","last_reissued_at":"2026-05-17T23:44:48.432217Z","signature_status":"signed_v1","first_computed_at":"2026-05-17T23:44:48.432217Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"Certified Robustness to Adversarial Examples with Differential Privacy","license":"http://arxiv.org/licenses/nonexclusive-distrib/1.0/","headline":"","cross_cats":["cs.AI","cs.CR","cs.LG"],"primary_cat":"stat.ML","authors_text":"Daniel Hsu, Mathias Lecuyer, Roxana Geambasu, Suman Jana, Vaggelis Atlidakis","submitted_at":"2018-02-09T22:24:50Z","abstract_excerpt":"Adversarial examples that fool machine learning models, particularly deep neural networks, have been a topic of intense research interest, with attacks and defenses being developed in a tight back-and-forth. Most past defenses are best effort and have been shown to be vulnerable to sophisticated attacks. Recently a set of certified defenses have been introduced, which provide guarantees of robustness to norm-bounded attacks, but they either do not scale to large datasets or are limited in the types of models they can support. This paper presents the first certified defense that both scales to "},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"1802.03471","kind":"arxiv","version":4},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"1802.03471","created_at":"2026-05-17T23:44:48.432292+00:00"},{"alias_kind":"arxiv_version","alias_value":"1802.03471v4","created_at":"2026-05-17T23:44:48.432292+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.1802.03471","created_at":"2026-05-17T23:44:48.432292+00:00"},{"alias_kind":"pith_short_12","alias_value":"XHDYTO5DN46M","created_at":"2026-05-18T12:33:01.666342+00:00"},{"alias_kind":"pith_short_16","alias_value":"XHDYTO5DN46M62VN","created_at":"2026-05-18T12:33:01.666342+00:00"},{"alias_kind":"pith_short_8","alias_value":"XHDYTO5D","created_at":"2026-05-18T12:33:01.666342+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":5,"internal_anchor_count":2,"sample":[{"citing_arxiv_id":"1906.11923","citing_title":"Differentially private sub-Gaussian location estimators","ref_index":23,"is_internal_anchor":true},{"citing_arxiv_id":"2605.04317","citing_title":"The Threshold Breakdown Point","ref_index":83,"is_internal_anchor":true},{"citing_arxiv_id":"2605.04317","citing_title":"The Threshold Breakdown Point","ref_index":83,"is_internal_anchor":false},{"citing_arxiv_id":"2605.07690","citing_title":"Fortifying Time Series: DTW-Certified Robust Anomaly Detection","ref_index":33,"is_internal_anchor":false},{"citing_arxiv_id":"2604.20495","citing_title":"Towards Certified Malware Detection: Provable Guarantees Against Evasion Attacks","ref_index":9,"is_internal_anchor":false}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/XHDYTO5DN46M62VNC6SFZUNMRD","json":"https://pith.science/pith/XHDYTO5DN46M62VNC6SFZUNMRD.json","graph_json":"https://pith.science/api/pith-number/XHDYTO5DN46M62VNC6SFZUNMRD/graph.json","events_json":"https://pith.science/api/pith-number/XHDYTO5DN46M62VNC6SFZUNMRD/events.json","paper":"https://pith.science/paper/XHDYTO5D"},"agent_actions":{"view_html":"https://pith.science/pith/XHDYTO5DN46M62VNC6SFZUNMRD","download_json":"https://pith.science/pith/XHDYTO5DN46M62VNC6SFZUNMRD.json","view_paper":"https://pith.science/paper/XHDYTO5D","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=1802.03471&json=true","fetch_graph":"https://pith.science/api/pith-number/XHDYTO5DN46M62VNC6SFZUNMRD/graph.json","fetch_events":"https://pith.science/api/pith-number/XHDYTO5DN46M62VNC6SFZUNMRD/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/XHDYTO5DN46M62VNC6SFZUNMRD/action/timestamp_anchor","attest_storage":"https://pith.science/pith/XHDYTO5DN46M62VNC6SFZUNMRD/action/storage_attestation","attest_author":"https://pith.science/pith/XHDYTO5DN46M62VNC6SFZUNMRD/action/author_attestation","sign_citation":"https://pith.science/pith/XHDYTO5DN46M62VNC6SFZUNMRD/action/citation_signature","submit_replication":"https://pith.science/pith/XHDYTO5DN46M62VNC6SFZUNMRD/action/replication_record"}},"created_at":"2026-05-17T23:44:48.432292+00:00","updated_at":"2026-05-17T23:44:48.432292+00:00"}