Adaptive and oblivious statistical adversaries are equivalent

TL;DR

This paper proves that in statistical tasks, adaptive and oblivious adversaries are essentially equivalent in power, resolving a key open question and showing that algorithms resilient to oblivious corruption can be adapted to handle adaptive corruption with minimal overhead.

Contribution

It demonstrates the equivalence of adaptive and oblivious adversaries in statistical settings, providing a simple construction to adapt algorithms accordingly.

Findings

Adaptive and oblivious adversaries are equivalent up to polynomial factors.

Algorithms resilient to oblivious corruption can be adapted for adaptive adversaries.

The construction maintains computational efficiency with a polynomially larger sample.

Abstract

We resolve a fundamental question about the ability to perform a statistical task, such as learning, when an adversary corrupts the sample. Such adversaries are specified by the types of corruption they can make and their level of knowledge about the sample. The latter distinguishes between sample-adaptive adversaries which know the contents of the sample when choosing the corruption, and sample-oblivious adversaries, which do not. We prove that for all types of corruptions, sample-adaptive and sample-oblivious adversaries are \emph{equivalent} up to polynomial factors in the sample size. This resolves the main open question introduced by [BLMT22] and further explored in [CHL+23]. Specifically, consider any algorithm $A$ that solves a statistical task even when a sample-oblivious adversary corrupts its input. We show that there is an algorithm $A'$ that solves the same task when the corresponding sample-adaptive adversary corrupts its input. The construction of $A'$ is simple and maintains the computational efficiency of $A$: It requests a polynomially larger sample than $A$ uses and then runs $A$ on a uniformly random subsample.