Double Bubble, Toil and Trouble: Enhancing Certified Robustness through Transitivity Andrew C. Cullen 1 Paul Montague 2 Sarah M. Erfani

In response to subtle adversarial examples flipping classifications of neural network models, recent research has promoted certified robustness as a solution. There, invariance of predictions to all norm-bounded attacks is achieved through randomised smoothing of network inputs. Today's state-of-the-art certifications make optimal use of the class output scores at the input instance under test: no better radius of certification (under the L