近年来，现代机器学习系统已成功应用于各种任务，但使此类系统对输入实例的对抗完全选择的修改似乎是一个更难的问题。可能会说没有完全满足的解决方案已经找到最新的解决方案，如果标准配方甚至允许原则的解决方案，则尚不清楚。因此，不是遵循有界扰动的经典路径，我们考虑类似于Bshouty和杰克逊引入的量子Pac学习模型[1995]。我们的第一款主要贡献表明，在该模型中，我们可以减少两个经典学习理论问题的结合的对抗性鲁棒性，即（问题1）找到生成模型的问题和（问题2）对尊重的鲁棒分类器的设计问题分配转移。我们的第二个关键贡献是考虑的框架不依赖于特定的（并且因此也有些任意的）威胁模型，如$ \ ell_p $界扰动。相反，我们的减少保证，为了解决我们模型中的对抗鲁棒性问题，它足以考虑一个距离概念，即Hellinger距离。从技术角度来看，我们的协议严重是基于近期量子计算代表团的进步，例如， Mahadev [2018]。虽然被认为的模型是量子，因此没有立即适用于“真实世界”的情况，但可能希望在未来可以找到一种方法可以找到将“真实世界”问题融入量子框架或者可以找到经典算法，其能够模仿其强大的量子对应物。

We present an approach for the verification of feed-forward neural networks in which all nodes have a piece-wise linear activation function. Such networks are often used in deep learning and have been shown to be hard to verify for modern satisfiability modulo theory (SMT) and integer linear programming (ILP) solvers.The starting point of our approach is the addition of a global linear approximation of the overall network behavior to the verification problem that helps with SMT-like reasoning over the network behavior. We present a specialized verification algorithm that employs this approximation in a search process in which it infers additional node phases for the non-linear nodes in the network from partial node phase assignments, similar to unit propagation in classical SAT solving. We also show how to infer additional conflict clauses and safe node fixtures from the results of the analysis steps performed during the search. The resulting approach is evaluated on collision avoidance and handwritten digit recognition case studies.