Scalable Digital Compute-in-Memory Ising Machines for Robustness Verification of Binary Neural Networks

TL;DR

This paper presents a scalable digital compute-in-memory Ising machine that reformulates BNN robustness verification as a QUBO problem, enabling efficient adversarial testing with significant speed and power efficiency improvements.

Contribution

It introduces a novel SRAM-based digital Ising machine architecture for BNN robustness verification, leveraging in-memory annealing to accelerate and improve power efficiency.

Findings

Achieves 178x faster convergence than CPU-based methods.

Provides 1538x better power efficiency.

Successfully demonstrates non-robustness of BNNs using the proposed approach.

Abstract

Verification of binary neural network (BNN) robustness is NP-hard, as it can be formulated as a combinatorial search for an adversarial perturbation that induces misclassification. Exact verification methods therefore scale poorly with problem dimension, motivating the use of hardware-accelerated heuristics and unconventional computing platforms, such as Ising solvers, that can efficiently explore complex energy landscapes and discover high-quality solutions. In this work, we reformulate BNN robustness verification as a quadratic unconstrained binary optimization (QUBO) problem and solve it using a digital compute-in-memory (DCIM) SRAM-based Ising machine. Instead of requiring globally optimal solutions, we exploit imperfect solutions produced by the DCIM Ising machine to extract adversarial perturbations and thereby demonstrate the non-robustness of the BNN. The proposed architecture stores quantized QUBO coefficients in approximately 9.1~Mb of SRAM and performs annealing in memory via voltage-controlled pseudo-read dynamics, enabling iterative updates with minimal data movement. Experimental projections indicate that the proposed approach achieves a $178\times$ acceleration in convergence rate and a $1538\times$ improvement in power efficiency relative to conventional CPU-based implementations.