Fast SDP certification of neural networks : towards large multi-class datasets

Margot Boyer; Clément Rambour; Zacharie ALES; Amélie Lambert

Fast SDP certification of neural networks : towards large multi-class datasets

Margot Boyer, Clément Rambour, Zacharie ALES, Amélie Lambert

19 Sept 2025 (modified: 11 Feb 2026)Submitted to ICLR 2026EveryoneRevisionsBibTeXCC BY 4.0

Keywords: Adversarial robustness, SDP relaxation, certification

TL;DR: We introduce a new quadratic formulation and its SDP relaxation to simultaneously certify a neural network accross all classes with pruning of all stable actives and inactives neurons and addition of tightening cuts.

Abstract: We present a new quadratic model for the certification problem in adversarial robustness, which simultaneously accounts for all possible target classes. Building on this model, we propose a novel semidefinite programming (SDP) relaxation for incomplete verification. A key advantage of our approach is that it certifies robustness in a single optimization, avoiding the need for a separate resolution per class. This yields a significant computational speed-up and enables scalability to large datasets with many classes. To further gain in efficiency, we also propose an effective pruning strategy of active neurons, thus reducing the problem dimensionality and accelerating convergence.

Supplementary Material: pdf

Primary Area: alignment, fairness, safety, privacy, and societal considerations

Submission Number: 19017

Loading