LipNeXt: Scaling up Lipschitz-based Certified Robustness to Billion-parameter Models

Lipschitz-based certification offers efficient, deterministic robustness guarantees but has struggled to scale in model size, training efficiency, and ImageNet performance. We introduce \emph{LipNeXt}, the first \emph{constraint-free} and \emph{convolution-free} 1-Lipschitz architecture for certified robustness. LipNeXt is built using two techniques: (1) a manifold optimization procedure that updates parameters directly on the orthogonal manifold and (2) a \emph{Spatial Shift Module} to model spatial pattern without convolutions. The full network uses orthogonal projections, spatial shifts, a simple 1-Lipschitz $β$-Abs nonlinearity, and $L_2$ spatial pooling to maintain tight Lipschitz control while enabling expressive feature mixing. Across CIFAR-10/100 and Tiny-ImageNet, LipNeXt achieves state-of-the-art clean and certified robust accuracy (CRA), and on ImageNet it scales to 1-2B large models, improving CRA over prior Lipschitz models (e.g., up to $+8\%$ at $\varepsilon{=}1$) while retaining efficient, stable low-precision training. These results demonstrate that Lipschitz-based certification can benefit from modern scaling trends without sacrificing determinism or efficiency.

Key Contributions

• LipNeXt: first constraint-free, convolution-free 1-Lipschitz architecture for certified robustness, enabling stable bfloat16 training at billion-parameter scale
• Manifold optimization procedure that updates parameters directly on the orthogonal manifold, eliminating power-iteration overhead and numerical fragility
• Spatial Shift Module replacing depthwise convolutions while preserving tight Lipschitz control and expressive spatial feature mixing

🛡️ Threat Analysis

Details

Similar Papers