From dc1b3e71ceb70a7574473e02782dc1aae2f02707 Mon Sep 17 00:00:00 2001
From: Delicious233 <delicious233@hnu.edu.cn>
Date: Mon, 25 May 2026 07:39:38 +0800
Subject: [PATCH] Record HOLD paper refresh artifact boundary

---
 ROADMAP.md                                                 | 7 +++++++
 ...miahold-higher-order-langevin-artifact-gate-20260515.md | 7 +++++++
 docs/evidence/reproduction-status.md                       | 2 +-
 workspaces/implementation/challenger-queue.md              | 2 +-
 4 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/ROADMAP.md b/ROADMAP.md
index 1d4cdb60..02b73adb 100644
--- a/ROADMAP.md
+++ b/ROADMAP.md
@@ -1488,6 +1488,13 @@ checkpoint-bound target artifacts, reusable member/nonmember score rows, ROC
 arrays, metric JSON, generated responses, or a ready verifier. AUROC/ROC paths
 are runtime/W&B outputs, not committed replay packets.
 
+The 2026-05-25 related-paper refresh checked arXiv `2605.19170` /
+`Reducing Diffusion Model Memorization with Higher Order Langevin Dynamics`.
+It is same-family HOLD memorization-mitigation context, not a new artifact
+surface: arXiv PDF/source are public, but exact-title, arXiv-id, and phrase
+GitHub repository searches returned no official repository, while code search
+found only unrelated course/index JSON entries.
+
 Decision: `defense-code-public / split-and-attack-code-present /
 score-artifacts-missing / no download / no GPU release / no admitted row`.
 This retains MIAHOLD as defense watch-plus evidence only. Do not download
diff --git a/docs/evidence/miahold-higher-order-langevin-artifact-gate-20260515.md b/docs/evidence/miahold-higher-order-langevin-artifact-gate-20260515.md
index 6a1887c7..0499e96a 100644
--- a/docs/evidence/miahold-higher-order-langevin-artifact-gate-20260515.md
+++ b/docs/evidence/miahold-higher-order-langevin-artifact-gate-20260515.md
@@ -1,6 +1,7 @@
 # MIAHOLD Higher-Order Langevin Artifact Gate
 
 > Date: 2026-05-15
+> Live refresh: 2026-05-25
 > Status: defense-code-public / split-and-attack-code-present / score-artifacts-missing / no download / no GPU release / no admitted row
 
 ## Question
@@ -30,6 +31,7 @@ generated sample packet, or score output was downloaded or executed.
 | CIFAR repo latest push observed | `2026-02-06T17:42:37Z` |
 | CIFAR repo license field | `Other` |
 | GitHub releases | none observed for either repository |
+| 2026-05-25 related arXiv refresh | arXiv `2605.19170` / `Reducing Diffusion Model Memorization with Higher Order Langevin Dynamics` is same-family HOLD / higher-order Langevin memorization-mitigation context by Benjamin Sterling, Monica F. Bugallo, and Tom Tirer. Its PDF and source are public, but exact-title, arXiv-id, and phrase GitHub repository searches returned no official repository, and code search found only unrelated course/index JSON entries. |
 
 ## Public Evidence Checked
 
@@ -46,6 +48,7 @@ generated sample packet, or score output was downloaded or executed.
 | `MIAHOLDCIFAR/pia.py` | Implements a HOLD-style proximal inference attack: it collects train/validation images, assigns member/nonmember labels, computes ROC arrays in memory, prints `AUC = ...`, and logs `val/AUROC` to W&B. The code comments out saving ROC arrays as artifacts. |
 | `MIAHOLDCIFAR/log2.err` / `log2.out` / `nohup.out` | Show a local CUDA training attempt and argument errors. They do not contain a final replayable AUROC board, strict-tail metrics, score arrays, checkpoints, or artifact hashes. |
 | Recursive trees | Outside toy/model/logs and split text files, no committed `.npz`, `.npy`, `.h5`, `.hdf5`, score CSV, metric JSON, ROC artifact, or model-checkpoint-bound MIA packet was found. |
+| arXiv `2605.19170` live refresh | The paper-source surface is useful mechanism context for why HOLD may reduce memorization, but it does not add target checkpoints, member/nonmember manifests, generated packets, score rows, ROC arrays, metric JSON, verifier output, or official code beyond the already-gated MIAHOLD repositories. |
 
 ## Gate Result
 
@@ -72,6 +75,10 @@ next execution cycle: checkpoint-bound target identity, immutable
 member/nonmember manifests, reusable score rows, ROC arrays, strict-tail
 metrics, or a ready verifier command.
 
+The 2026-05-25 arXiv `2605.19170` refresh does not change that decision. It
+adds a same-family HOLD memorization-mitigation paper-source surface, not a
+new replay target or admitted defense packet.
+
 Smallest valid reopen condition:
 
 - A public HOLD++ checkpoint bundle with size/hash and training binding for a
diff --git a/docs/evidence/reproduction-status.md b/docs/evidence/reproduction-status.md
index 931602b6..57a55021 100644
--- a/docs/evidence/reproduction-status.md
+++ b/docs/evidence/reproduction-status.md
@@ -61,7 +61,7 @@ Smoke tests and dry runs are engineering validation, not benchmark claims.
 | DurMI TTS duration-loss MIA | `hold-cross-modal-watch-plus` | OpenReview `NvHFk2D2g3` / Zenodo `10.5281/zenodo.15474571` is a strong cross-modal watch-plus artifact: the public supplement ships GradTTS/WaveGrad2/VoiceFlow attack code and a GradTTS LJSpeech `5,977 / 5,977` exact split, while Zenodo exposes open metadata for dataset archives and checkpoints. It is not executable in the current image/latent-image cycle because the release does not ship reusable duration-loss score arrays, ROC arrays, metric JSON, generated result graphs, or a TTS/audio consumer-boundary decision. No dataset/checkpoint download or GPU release. See [durmi-tts-artifact-gate-20260515.md](durmi-tts-artifact-gate-20260515.md). |
 | DualMD / DistillMD disjoint-split defense | `hold-defense-watch-plus` | OpenReview `PjIe6IesEm` ships the `DDMD/` supplementary code tree with DDPM/LDM training, disjoint teacher, distillation, PIA/SecMIA, black-box attack, DDPM split-index files, and FID stats. The embedded Git origin `btr13010/DDMD` is not public, and the supplement does not ship frozen checkpoints, defended/undefended score rows, ROC arrays, metric JSON, generated responses, or a ready verifier. No SharePoint Pokemon payload, Stable Diffusion weight, CIFAR/STL/Tiny-ImageNet dataset download, training, GPU release, or admitted defense row. See [dualmd-distillmd-defense-artifact-gate-20260515.md](dualmd-distillmd-defense-artifact-gate-20260515.md). |
 | DIFFENCE classifier defense | `hold-defense-watch-plus` | Official `SPIN-UMass/Diffence` is code-public and commits configs plus small split-index files, but the protected target is an image classifier and diffusion is only a pre-inference defense component. The release depends on Google Drive classifier/diffusion checkpoints and local result generation, and it commits no defended/undefended logits, score rows, ROC arrays, metric JSON, or ready verifier. No checkpoint/data download, classifier/diffusion training, MIA script run, GPU release, or admitted defense row. See [diffence-classifier-defense-artifact-gate-20260515.md](diffence-classifier-defense-artifact-gate-20260515.md). |
-| MIAHOLD / HOLD++ higher-order Langevin defense | `hold-defense-watch-plus` | Official `bensterl15/MIAHOLD` and `bensterl15/MIAHOLDCIFAR` are code-public and expose a real higher-order Langevin defense path, audio split filelists, a CIFAR HOLD config, and PIA-style attack code. They do not ship checkpoint-bound target artifacts, reusable member/nonmember scores, ROC arrays, metric JSON, or ready verifier outputs; AUROC is printed/logged only after execution. No Google Drive checkpoint/data download, W&B scraping, training, GPU release, or admitted defense row. See [miahold-higher-order-langevin-artifact-gate-20260515.md](miahold-higher-order-langevin-artifact-gate-20260515.md). |
+| MIAHOLD / HOLD++ higher-order Langevin defense | `hold-defense-watch-plus` | Official `bensterl15/MIAHOLD` and `bensterl15/MIAHOLDCIFAR` are code-public and expose a real higher-order Langevin defense path, audio split filelists, a CIFAR HOLD config, and PIA-style attack code. They do not ship checkpoint-bound target artifacts, reusable member/nonmember scores, ROC arrays, metric JSON, or ready verifier outputs; AUROC is printed/logged only after execution. The 2026-05-25 arXiv `2605.19170` refresh adds same-family HOLD memorization-mitigation paper context, but GitHub searches found no official repository or code/artifact release for that paper. No Google Drive checkpoint/data download, W&B scraping, training, GPU release, or admitted defense row. See [miahold-higher-order-langevin-artifact-gate-20260515.md](miahold-higher-order-langevin-artifact-gate-20260515.md). |
 | VAE2Diffusion latent-space inversion | `hold-membership-blocked` | `mx-ethan-rao/VAE2Diffusion` is code-public and implements a distinct decoder-geometry / latent-dimension filtering line for LDM membership inference, but the README split/checkpoint link is empty, GitHub releases are absent, the recursive tree has no split, checkpoint, score, ROC, metric, response, or verifier artifact blobs, and scripts point to author-local paths requiring training/fine-tuning and pullback/per-dim cache generation. No dataset/model/checkpoint/cache download, GPU release, or admitted row. See [vae2diffusion-latent-space-inversion-gate-20260515.md](vae2diffusion-latent-space-inversion-gate-20260515.md). |
 | Score-based `SimA` official release | `hold-split-manifest-only` | `mx-ethan-rao/SimA` is code-public and implements a distinct denoiser-output score-norm attack across DDPM, Guided Diffusion, LDM, SD1.4, and SD1.5 scripts, but the release has empty split/checkpoint links, no GitHub release assets, no non-vendor split manifests, no checkpoints, no score arrays, no ROC/metric artifacts, and no ready verifier packet. No download or GPU release. See [sima-scorebased-artifact-gate-20260515.md](sima-scorebased-artifact-gate-20260515.md). |
 | Diffusion memorization reference | `hold-semantic-shift` | `YuxinWenRick/diffusion_memorization` is an ICLR 2024 memorization detection/mitigation reference with a public `500`-row `sdv1_500_memorized.jsonl` prompt manifest, but it is not a ready per-sample MIA packet. The ground-truth image archive is `2.60G`, `CompVis/stable-diffusion-v1-4` is not locally cached, and the repo does not ship exact member/nonmember MIA splits, generated response/noise-track packets, score JSON, ROC CSVs, or low-FPR metric artifacts. No download or GPU release. See [diffusion-memorization-asset-gate-20260515.md](diffusion-memorization-asset-gate-20260515.md). |
diff --git a/workspaces/implementation/challenger-queue.md b/workspaces/implementation/challenger-queue.md
index 69bddfaa..5646f06f 100644
--- a/workspaces/implementation/challenger-queue.md
+++ b/workspaces/implementation/challenger-queue.md
@@ -52,7 +52,7 @@ timeline. Historical run IDs and dated notes are in `legacy/`.
 | Quantile Diffusion MIA SecMI `t_error` replay | gray-box / Lane A-B | candidate-support-only | third-party public CIFAR10/CIFAR100 SecMI-style score rows and split manifests replay from committed files with positive AUC | not official Quantile Regression paper output; same-family SecMI support only; no admitted-row consumer contract | keep as support evidence only; do not clone full repo, download DDPM/CIFAR/SharePoint assets, train, fit quantile models, or release GPU |
 | DualMD / DistillMD disjoint-split defense | defense / Lane A-B | defense watch-plus | OpenReview DDMD supplement exposes DDPM/LDM defense code, DDPM split-index files, and FID stats | embedded GitHub origin is not public; no checkpoint-bound defended/undefended scores, ROC arrays, metric JSON, generated response packets, or ready verifier are released | keep as defense watch-plus only; do not download SharePoint Pokemon, Stable Diffusion, CIFAR/STL/Tiny-ImageNet assets, train, run attack scripts, or release GPU |
 | DIFFENCE classifier defense | defense / Lane A-B | defense watch-plus | official repo plus Zenodo `10.5281/zenodo.13706131` snapshot expose code, configs, and split-index files | protected target is an image classifier, diffusion is only a pre-inference defense component, and no checkpoint-bound defended/undefended logits, score rows, ROC arrays, metric JSON, or ready verifier are committed | keep as classifier-defense watch-plus only; do not download Google Drive checkpoints/datasets, train, run MIA scripts, or release GPU |
-| MIAHOLD / HOLD++ higher-order Langevin defense | defense / Lane A-B | defense watch-plus | official MIAHOLD repos expose higher-order Langevin defense code, audio split filelists, a CIFAR HOLD config, and PIA-style attack code | no checkpoint-bound target artifact, reusable score rows, ROC arrays, metric JSON, generated responses, or ready verifier | keep as defense watch-plus only; do not download Google Drive checkpoints/datasets, scrape W&B, train HOLD++ models, or release GPU |
+| MIAHOLD / HOLD++ higher-order Langevin defense | defense / Lane A-B | defense watch-plus | official MIAHOLD repos expose higher-order Langevin defense code, audio split filelists, a CIFAR HOLD config, and PIA-style attack code; arXiv `2605.19170` adds same-family HOLD memorization-mitigation paper context | no checkpoint-bound target artifact, reusable score rows, ROC arrays, metric JSON, generated responses, ready verifier, or new official code/artifact release for `2605.19170` | keep as defense watch-plus only; do not download Google Drive checkpoints/datasets, scrape W&B, train HOLD++ models, implement from the new paper, or release GPU |
 | MT-MIA relational diffusion score packet | intake / Lane A | relational-tabular support-only | official `joshward96/MT-MIA` repo exposes multi-table member/nonmember/reference splits, pre-generated ClavaDDPM and RelDiff synthetic outputs, and `18` MT-MIA score/metric JSONL packets | outside current image/latent Platform/Runtime boundary; packets lack row-ID-bound score manifests and no relational-tabular consumer schema exists | keep as Research-only support evidence; do not download raw/synthetic data, full repo, or training assets, regenerate RelDiff, release GPU, or promote Platform/Runtime rows |
 | VAE2Diffusion latent-space inversion | gray-box / Lane A | code-public latent-space MIA watch-plus | official `mx-ethan-rao/VAE2Diffusion` repo exposes decoder-geometry / latent-dimension filtering code and LDM/SD scripts; arXiv source claims public splits/checkpoints | README split/checkpoint link is empty; no GitHub releases; recursive tree has no split/checkpoint/score/ROC/metric/response/verifier artifacts; scripts require author-local paths and from-scratch training/fine-tuning/cache generation | keep as latent-space mechanism watch; do not download datasets/models/checkpoints/caches, train/fine-tune, run SimA/PFAMI/PIA variants, release GPU, or promote Platform/Runtime rows |
 | DCR copying / replication | intake / Lane A | copying/memorization semantic-shift watch-plus | official `somepago/DCR` repo exposes diffusion replication/copying code, retrieval/similarity scripts, metric helpers, and a committed LAION caption manifest | README LAION-10k Drive split link returns `404`; claim is copying rather than per-sample MIA; no immutable member/nonmember MIA split, target checkpoint, generated response package, score rows, ROC arrays, metric JSON, or ready verifier | keep as copying/privacy watch only; do not download LAION/Drive/model assets, fine-tune, infer, run retrieval, release GPU, or promote Platform/Runtime rows |