This work addresses the challenge of model extraction in black-box settings where only hard labels are accessible, a scenario in which discontinuities in decision boundaries hinder the efficient recovery of geometric information. To overcome this limitation, the authors propose a signed distance–based supervision mechanism that reformulates the replication task as a smooth regression problem, leveraging the local geometric structure of the teacher model’s decision boundary for knowledge distillation. Key innovations include replacing hard labels with signed distances, introducing an α-controlled smoothing and regularization strategy, and developing two distance estimation algorithms that require no internal access to the target model, thereby enabling Hölder/Lipschitz control over the replicated decision boundary. Experiments on synthetic and UCI benchmark datasets demonstrate significant improvements in replication fidelity and generalization accuracy, while also allowing the replica model to output uncertainty estimates in the form of distance values.

Deployed machine learning systems must continuously evolve as data, architectures, and regulations change, often without access to original training data or model internals. In such settings, black-box copying provides a practical refactoring mechanism, i.e. upgrading legacy models by learning replicas from input-output queries alone. When restricted to hard-label outputs, copying turns into a discontinuous surface reconstruction problem from pointwise queries, severely limiting the ability to recover boundary geometry efficiently. We propose a distance-based copying (distillation) framework that replaces hard-label supervision with signed distances to the teacher's decision boundary, converting copying into a smooth regression problem that exploits local geometry. We develop an $\alpha$-governed smoothing and regularization scheme with H\"older/Lipschitz control over the induced target surface, and introduce two model-agnostic algorithms to estimate signed distances under label-only access. Experiments on synthetic problems and UCI benchmarks show consistent improvements in fidelity and generalization accuracy over hard-label baselines, while enabling distance outputs as uncertainty-related signals for black-box replicas.