Randomized smoothing achieves certifiable robustness by convolving the base classifier with a noise distribution, but its reliance on Monte Carlo sampling incurs substantial computational overhead, hindering scalability to large models. This paper introduces the first trainable surrogate neural network to replace Monte Carlo sampling, directly modeling the output probability distribution of the smoothed classifier. The surrogate enables deterministic, end-to-end differentiable robustness certification while preserving certified radius accuracy. Our approach accelerates certification by approximately 600× compared to standard Monte Carlo–based methods, fully maintaining compatibility with conventional randomized smoothing frameworks and theoretical certified radius guarantees. The core innovation lies in decoupling sampling from inference via a learnable, deterministic surrogate model—enabling, for the first time, high-accuracy, low-latency certifiable robustness without stochastic approximation.

Randomized smoothing has emerged as a potent certifiable defense against adversarial attacks by employing smoothing noises from specific distributions to ensure the robustness of a smoothed classifier. However, the utilization of Monte Carlo sampling in this process introduces a compute-intensive element, which constrains the practicality of randomized smoothing on a larger scale. To address this limitation, we propose a novel approach that replaces Monte Carlo sampling with the training of a surrogate neural network. Through extensive experimentation in various settings, we demonstrate the efficacy of our approach in approximating the smoothed classifier with remarkable precision. Furthermore, we demonstrate that our approach significantly accelerates the robust radius certification process, providing nearly $600$X improvement in computation time, overcoming the computational bottlenecks associated with traditional randomized smoothing.