To address the high computational cost and practical deployment challenges of adversarial purification in diffusion models, this paper proposes the One-Step Neural Function Evaluation (OSCP) framework—a highly efficient defense method. Methodologically: (i) it introduces the first single-Noise-Function-Evaluation (NFE) adversarial purification paradigm; (ii) it formulates a Gaussian Adversarial Noise Distillation (GAND) objective to alleviate optimization tension between consistency constraints and adversarial perturbations; and (iii) it incorporates Controllable Adaptive Purification (CAP), leveraging a non-learnable edge-detection operator to guide denoising and enhance image fidelity. Evaluated on ImageNet, OSCP achieves 74.19% robust accuracy with only 0.1 seconds per purification—over 100× faster than baselines such as DiffPure—significantly advancing the practical applicability of diffusion-based adversarial defenses.

Neural networks have revolutionized numerous fields with their exceptional performance, yet they remain susceptible to adversarial attacks through subtle perturbations. While diffusion-based purification methods like DiffPure offer promising defense mechanisms, their computational overhead presents a significant practical limitation. In this paper, we introduce One Step Control Purification (OSCP), a novel defense framework that achieves robust adversarial purification in a single Neural Function Evaluation (NFE) within diffusion models. We propose Gaussian Adversarial Noise Distillation (GAND) as the distillation objective and Controlled Adversarial Purification (CAP) as the inference pipeline, which makes OSCP demonstrate remarkable efficiency while maintaining defense efficacy. Our proposed GAND addresses a fundamental tension between consistency distillation and adversarial perturbation, bridging the gap between natural and adversarial manifolds in the latent space, while remaining computationally efficient through Parameter-Efficient Fine-Tuning (PEFT) methods such as LoRA, eliminating the high computational budget request from full parameter fine-tuning. The CAP guides the purification process through the unlearnable edge detection operator calculated by the input image as an extra prompt, effectively preventing the purified images from deviating from their original appearance when large purification steps are used. Our experimental results on ImageNet showcase OSCP's superior performance, achieving a 74.19% defense success rate with merely 0.1s per purification -- a 100-fold speedup compared to conventional approaches.