Augment then Smooth: Reconciling Differential Privacy with Certified Robustness

Differential privacy and randomized smoothing respectively provide certifiable guarantees against privacy and adversarial attacks on machine learning models, however, it is not well understood how implementing either defense impacts the other. We argue that it is possible to achieve both privacy guarantees and certified robustness simultaneously, and provide a framework for integrating certified robustness through randomized smoothing into differentially private model training.