Review for NeurIPS paper: Provably Robust Metric Learning

Summary and Contributions: The paper presents a mahalanobis learning algorithm that is certifiable robust to adversarial attacks. The algorithm learns a Mahalabobis matrix which maximizes the minimal adversarial attack on each example. The method is compared against standard learning algorithms on a series of datasets and show that indeed the proposed algorithm has a good robustness to attacks, exhibiting the lowest values of robust error, and often has also the lowest error. To learn the Mahalanobis matrix it defines an objective it establishes a lower bound for minimal adversarial perturbation of some training instance that is parametrized by the Mahalanobis matrix. The bound is based on the minimal perturbation that given an instance and a negative and a positive instance will change the nearest neighbor relation.