On the Computational Entanglement of Distant Features in Adversarial Machine Learning

TL;DR

This work addresses why overparameterized networks can fit random noise and how this capacity relates to adversarial vulnerability. It develops a parameter-inference framework based on likelihood maximization, introduces a Cosine-Distance Locality-Sensitive Hashing construction and a MaxLikelihood algorithm for linear networks, and analyzes the emergent computational entanglement via a spacetime-diagram analogy that mirrors time dilation and length contraction. The authors further connect entanglement to information reconciliation, enabling noise-tolerant secret sharing and demonstrating adversarial example generation as a special case, including worst-case scenarios where non-robust features appear as manipulable noise. The findings suggest computational entanglement as a potentially universal principle in overparameterized systems, with implications for robustness, security, and the interpretation of non-robust features in adversarial contexts, and propose several avenues for extending these insights to nonlinear architectures and large-scale models.

Abstract

In this research, we introduce the concept of "computational entanglement," a phenomenon observed in overparameterized feedforward linear networks that enables the network to achieve zero loss by fitting random noise, even on previously unseen test samples. Analyzing this behavior through spacetime diagrams reveals its connection to length contraction, where both training and test samples converge toward a shared normalized point within a flat Riemannian manifold. Moreover, we present a novel application of computational entanglement in transforming a worst-case adversarial examples-inputs that are highly non-robust and uninterpretable to human observers-into outputs that are both recognizable and robust. This provides new insights into the behavior of non-robust features in adversarial example generation, underscoring the critical role of computational entanglement in enhancing model robustness and advancing our understanding of neural networks in adversarial contexts.

Figures (9)

• Figure 1: Example of robust and non-robust features (images credited to ilyas2019adversarial).
• Figure 2: Experiment Overview: Convergence test with MaxLikelihood algorithm
• Figure 3: Results of the convergence test showing the distribution of loss values and convergence patterns.
• Figure 4: $a$) The trajectory of the output vector can be visualized by adding an additional dimension, $L$ corresponding to the layer index. We associate this layer index with the time component, $t$ and a constant, $c$, which can be interpreted as the speed of light in a spacetime diagram. $b$) A spacetime diagram illustrates the relationship between the input and output vectors within our model.
• Figure 5: a) to e) demonstrate the trajectory of the normalized output vector with an additional dimension $ct'$ representing the temporal component within a spacetime framework, as the number of layers $L$ increases. f) illustrates the delay in computational entanglement due to an increase in the constant $c$.