Reviews: Unlabeled Data Improves Adversarial Robustness

This paper theoretically and empirically shows that guarantee of non-trivial adversarial robustness only requires more unlabeled data. The paper theoretically proves that under the Gaussian model, more unlabeled data is enough to certify small robust accuracy (1e-3 in the paper) by their robust self-training algorithm. It is a pleasure to read it. The main concern is that the connection between the theory and the experiment is loose. The theory has very strong assumptions on the true model (Gaussian model).