{"bundle_type":"pith_open_graph_bundle","bundle_version":"1.0","pith_number":"pith:2024:ZFIKHNUQGXNNFBASP6SROIDXEJ","short_pith_number":"pith:ZFIKHNUQ","canonical_record":{"source":{"id":"2406.05670","kind":"arxiv","version":3},"metadata":{"license":"http://creativecommons.org/licenses/by-sa/4.0/","primary_cat":"cs.LG","submitted_at":"2024-06-09T06:59:46Z","cross_cats_sorted":["cs.CR","cs.CV"],"title_canon_sha256":"66072402e282153c09b8df4cc7f135c7a7011ea5df0e9cc40e452eb94099c467","abstract_canon_sha256":"4f23e930249474706d345fdd144b001de81366186c9f772d50fe1531368e65e5"},"schema_version":"1.0"},"canonical_sha256":"c950a3b69035dad284127fa51720772275587b9427f1a541b4fd1ecaa4188ee6","source":{"kind":"arxiv","id":"2406.05670","version":3},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2406.05670","created_at":"2026-06-08T01:04:59Z"},{"alias_kind":"arxiv_version","alias_value":"2406.05670v3","created_at":"2026-06-08T01:04:59Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2406.05670","created_at":"2026-06-08T01:04:59Z"},{"alias_kind":"pith_short_12","alias_value":"ZFIKHNUQGXNN","created_at":"2026-06-08T01:04:59Z"},{"alias_kind":"pith_short_16","alias_value":"ZFIKHNUQGXNNFBAS","created_at":"2026-06-08T01:04:59Z"},{"alias_kind":"pith_short_8","alias_value":"ZFIKHNUQ","created_at":"2026-06-08T01:04:59Z"}],"events":[{"event_type":"record_created","subject_pith_number":"pith:2024:ZFIKHNUQGXNNFBASP6SROIDXEJ","target":"record","payload":{"canonical_record":{"source":{"id":"2406.05670","kind":"arxiv","version":3},"metadata":{"license":"http://creativecommons.org/licenses/by-sa/4.0/","primary_cat":"cs.LG","submitted_at":"2024-06-09T06:59:46Z","cross_cats_sorted":["cs.CR","cs.CV"],"title_canon_sha256":"66072402e282153c09b8df4cc7f135c7a7011ea5df0e9cc40e452eb94099c467","abstract_canon_sha256":"4f23e930249474706d345fdd144b001de81366186c9f772d50fe1531368e65e5"},"schema_version":"1.0"},"canonical_sha256":"c950a3b69035dad284127fa51720772275587b9427f1a541b4fd1ecaa4188ee6","receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-06-08T01:04:59.315030Z","signature_b64":"CFyt9NbIX2z9R7sepTewhXLpygGYEVtPeOEHr2qimZWOsOG8aFahzDc0NAm2CRAwfaUKOfv5b9d611FrKCbIAw==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"c950a3b69035dad284127fa51720772275587b9427f1a541b4fd1ecaa4188ee6","last_reissued_at":"2026-06-08T01:04:59.314163Z","signature_status":"signed_v1","first_computed_at":"2026-06-08T01:04:59.314163Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"source_kind":"arxiv","source_id":"2406.05670","source_version":3,"attestation_state":"computed"},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-08T01:04:59Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"7cWEtHAZPyJOAd/QHZE8cUQKHHRlZJeVJeXeaq6knoLqZRjNOxa/82M6MWpdRq0SyhUbWlf0id8lPgtU8BJsBw==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-10T11:14:12.627748Z"},"content_sha256":"6fa3525f2cee2580a72b231ef33ed94b8a24c4c2024065a35b8f17a6488697e7","schema_version":"1.0","event_id":"sha256:6fa3525f2cee2580a72b231ef33ed94b8a24c4c2024065a35b8f17a6488697e7"},{"event_type":"graph_snapshot","subject_pith_number":"pith:2024:ZFIKHNUQGXNNFBASP6SROIDXEJ","target":"graph","payload":{"graph_snapshot":{"paper":{"title":"Certified Robustness to Data Poisoning in Gradient-Based Training","license":"http://creativecommons.org/licenses/by-sa/4.0/","headline":"","cross_cats":["cs.CR","cs.CV"],"primary_cat":"cs.LG","authors_text":"Calvin Tsay, Mark N. M\\\"uller, Matthew Wicker, Maximilian Baader, Philip Sosnin","submitted_at":"2024-06-09T06:59:46Z","abstract_excerpt":"Modern machine learning pipelines leverage large amounts of public data, making it infeasible to guarantee data quality and leaving models open to poisoning and backdoor attacks. Provably bounding model behavior under such attacks remains an open problem. In this work, we address this challenge by developing the first framework providing provable guarantees on the behavior of models trained with potentially manipulated data without modifying the model or learning algorithm. In particular, our framework certifies robustness against untargeted and targeted poisoning, as well as backdoor attacks,"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2406.05670","kind":"arxiv","version":3},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2406.05670/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"verdict_id":null},"signer":{"signer_id":"pith.science","signer_type":"pith_registry","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"created_at":"2026-06-08T01:04:59Z","supersedes":[],"prev_event":null,"signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"P8lvnZ6hZC/sDR0Orw/uPstnEQqHNGwxhBnhYlobQRXvMIDnJL8HMCakXBROq4MZp1tpscZEsgBDZNYqpfjcAQ==","signed_message":"open_graph_event_sha256_bytes","signed_at":"2026-06-10T11:14:12.628475Z"},"content_sha256":"5c57d29a117cdca8beb64ef12c00026ac977b88068301dbdaa9668aba278cdb5","schema_version":"1.0","event_id":"sha256:5c57d29a117cdca8beb64ef12c00026ac977b88068301dbdaa9668aba278cdb5"}],"timestamp_proofs":[],"mirror_hints":[{"mirror_type":"https","name":"Pith Resolver","base_url":"https://pith.science","bundle_url":"https://pith.science/pith/ZFIKHNUQGXNNFBASP6SROIDXEJ/bundle.json","state_url":"https://pith.science/pith/ZFIKHNUQGXNNFBASP6SROIDXEJ/state.json","well_known_bundle_url":"https://pith.science/.well-known/pith/ZFIKHNUQGXNNFBASP6SROIDXEJ/bundle.json","status":"primary"}],"public_keys":[{"key_id":"pith-v1-2026-05","algorithm":"ed25519","format":"raw","public_key_b64":"stVStoiQhXFxp4s2pdzPNoqVNBMojDU/fJ2db5S3CbM=","public_key_hex":"b2d552b68890857171a78b36a5dccf368a953413288c353f7c9d9d6f94b709b3","fingerprint_sha256_b32_first128bits":"RVFV5Z2OI2J3ZUO7ERDEBCYNKS","fingerprint_sha256_hex":"8d4b5ee74e4693bcd1df2446408b0d54","rotates_at":null,"url":"https://pith.science/pith-signing-key.json","notes":"Pith uses this Ed25519 key to sign canonical record SHA-256 digests. Verify with: ed25519_verify(public_key, message=canonical_sha256_bytes, signature=base64decode(signature_b64))."}],"merge_version":"pith-open-graph-merge-v1","built_at":"2026-06-10T11:14:12Z","links":{"resolver":"https://pith.science/pith/ZFIKHNUQGXNNFBASP6SROIDXEJ","bundle":"https://pith.science/pith/ZFIKHNUQGXNNFBASP6SROIDXEJ/bundle.json","state":"https://pith.science/pith/ZFIKHNUQGXNNFBASP6SROIDXEJ/state.json","well_known_bundle":"https://pith.science/.well-known/pith/ZFIKHNUQGXNNFBASP6SROIDXEJ/bundle.json"},"state":{"state_type":"pith_open_graph_state","state_version":"1.0","pith_number":"pith:2024:ZFIKHNUQGXNNFBASP6SROIDXEJ","merge_version":"pith-open-graph-merge-v1","event_count":2,"valid_event_count":2,"invalid_event_count":0,"equivocation_count":0,"current":{"canonical_record":{"metadata":{"abstract_canon_sha256":"4f23e930249474706d345fdd144b001de81366186c9f772d50fe1531368e65e5","cross_cats_sorted":["cs.CR","cs.CV"],"license":"http://creativecommons.org/licenses/by-sa/4.0/","primary_cat":"cs.LG","submitted_at":"2024-06-09T06:59:46Z","title_canon_sha256":"66072402e282153c09b8df4cc7f135c7a7011ea5df0e9cc40e452eb94099c467"},"schema_version":"1.0","source":{"id":"2406.05670","kind":"arxiv","version":3}},"source_aliases":[{"alias_kind":"arxiv","alias_value":"2406.05670","created_at":"2026-06-08T01:04:59Z"},{"alias_kind":"arxiv_version","alias_value":"2406.05670v3","created_at":"2026-06-08T01:04:59Z"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2406.05670","created_at":"2026-06-08T01:04:59Z"},{"alias_kind":"pith_short_12","alias_value":"ZFIKHNUQGXNN","created_at":"2026-06-08T01:04:59Z"},{"alias_kind":"pith_short_16","alias_value":"ZFIKHNUQGXNNFBAS","created_at":"2026-06-08T01:04:59Z"},{"alias_kind":"pith_short_8","alias_value":"ZFIKHNUQ","created_at":"2026-06-08T01:04:59Z"}],"graph_snapshots":[{"event_id":"sha256:5c57d29a117cdca8beb64ef12c00026ac977b88068301dbdaa9668aba278cdb5","target":"graph","created_at":"2026-06-08T01:04:59Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"graph_snapshot":{"author_claims":{"count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","strong_count":0},"builder_version":"pith-number-builder-2026-05-17-v1","claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"integrity":{"available":true,"clean":true,"detectors_run":[],"endpoint":"/pith/2406.05670/integrity.json","findings":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938","summary":{"advisory":0,"by_detector":{},"critical":0,"informational":0}},"paper":{"abstract_excerpt":"Modern machine learning pipelines leverage large amounts of public data, making it infeasible to guarantee data quality and leaving models open to poisoning and backdoor attacks. Provably bounding model behavior under such attacks remains an open problem. In this work, we address this challenge by developing the first framework providing provable guarantees on the behavior of models trained with potentially manipulated data without modifying the model or learning algorithm. In particular, our framework certifies robustness against untargeted and targeted poisoning, as well as backdoor attacks,","authors_text":"Calvin Tsay, Mark N. M\\\"uller, Matthew Wicker, Maximilian Baader, Philip Sosnin","cross_cats":["cs.CR","cs.CV"],"headline":"","license":"http://creativecommons.org/licenses/by-sa/4.0/","primary_cat":"cs.LG","submitted_at":"2024-06-09T06:59:46Z","title":"Certified Robustness to Data Poisoning in Gradient-Based Training"},"references":{"count":0,"internal_anchors":0,"resolved_work":0,"sample":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2406.05670","kind":"arxiv","version":3},"verdict":{"created_at":null,"id":null,"model_set":{},"one_line_summary":"","pipeline_version":null,"pith_extraction_headline":"","strongest_claim":"","weakest_assumption":""}},"verdict_id":null}}],"author_attestations":[],"timestamp_anchors":[],"storage_attestations":[],"citation_signatures":[],"replication_records":[],"corrections":[],"mirror_hints":[],"record_created":{"event_id":"sha256:6fa3525f2cee2580a72b231ef33ed94b8a24c4c2024065a35b8f17a6488697e7","target":"record","created_at":"2026-06-08T01:04:59Z","signer":{"key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signer_id":"pith.science","signer_type":"pith_registry"},"payload":{"attestation_state":"computed","canonical_record":{"metadata":{"abstract_canon_sha256":"4f23e930249474706d345fdd144b001de81366186c9f772d50fe1531368e65e5","cross_cats_sorted":["cs.CR","cs.CV"],"license":"http://creativecommons.org/licenses/by-sa/4.0/","primary_cat":"cs.LG","submitted_at":"2024-06-09T06:59:46Z","title_canon_sha256":"66072402e282153c09b8df4cc7f135c7a7011ea5df0e9cc40e452eb94099c467"},"schema_version":"1.0","source":{"id":"2406.05670","kind":"arxiv","version":3}},"canonical_sha256":"c950a3b69035dad284127fa51720772275587b9427f1a541b4fd1ecaa4188ee6","receipt":{"algorithm":"ed25519","builder_version":"pith-number-builder-2026-05-17-v1","canonical_sha256":"c950a3b69035dad284127fa51720772275587b9427f1a541b4fd1ecaa4188ee6","first_computed_at":"2026-06-08T01:04:59.314163Z","key_id":"pith-v1-2026-05","kind":"pith_receipt","last_reissued_at":"2026-06-08T01:04:59.314163Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","receipt_version":"0.3","signature_b64":"CFyt9NbIX2z9R7sepTewhXLpygGYEVtPeOEHr2qimZWOsOG8aFahzDc0NAm2CRAwfaUKOfv5b9d611FrKCbIAw==","signature_status":"signed_v1","signed_at":"2026-06-08T01:04:59.315030Z","signed_message":"canonical_sha256_bytes"},"source_id":"2406.05670","source_kind":"arxiv","source_version":3}}},"equivocations":[],"invalid_events":[],"applied_event_ids":["sha256:6fa3525f2cee2580a72b231ef33ed94b8a24c4c2024065a35b8f17a6488697e7","sha256:5c57d29a117cdca8beb64ef12c00026ac977b88068301dbdaa9668aba278cdb5"],"state_sha256":"7d2ad4b0f93cffbd632bd883ebfe91442335e0245b565ca7b6a362b352892df4"},"bundle_signature":{"signature_status":"signed_v1","algorithm":"ed25519","key_id":"pith-v1-2026-05","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54","signature_b64":"zLKutxih38XiEIETJ6jALicUSor8SvfP56IAWkSAJlsMBe10sOz/DWfWHtAQV1TVFrZ42X3SrrsKC4GGohduDQ==","signed_message":"bundle_sha256_bytes","signed_at":"2026-06-10T11:14:12.632646Z","bundle_sha256":"fec1d99783fba80a407e79a14a664e0fc0d7df7f38834cf6037476c407adc429"}}