Saved in:
Bibliographic Details
Main Authors: Rajore, Tanmay, Chandran, Nishanth, Sitaram, Sunayana, Gupta, Divya, Sharma, Rahul, Mittal, Kashish, Swaminathan, Manohar
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2403.00393
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909229832470528
author Rajore, Tanmay
Chandran, Nishanth
Sitaram, Sunayana
Gupta, Divya
Sharma, Rahul
Mittal, Kashish
Swaminathan, Manohar
author_facet Rajore, Tanmay
Chandran, Nishanth
Sitaram, Sunayana
Gupta, Divya
Sharma, Rahul
Mittal, Kashish
Swaminathan, Manohar
contents Benchmarking is the de-facto standard for evaluating LLMs, due to its speed, replicability and low cost. However, recent work has pointed out that the majority of the open source benchmarks available today have been contaminated or leaked into LLMs, meaning that LLMs have access to test data during pretraining and/or fine-tuning. This raises serious concerns about the validity of benchmarking studies conducted so far and the future of evaluation using benchmarks. To solve this problem, we propose Private Benchmarking, a solution where test datasets are kept private and models are evaluated without revealing the test data to the model. We describe various scenarios (depending on the trust placed on model owners or dataset owners), and present solutions to avoid data contamination using private benchmarking. For scenarios where the model weights need to be kept private, we describe solutions from confidential computing and cryptography that can aid in private benchmarking. We build an end-to-end system, TRUCE, that enables such private benchmarking showing that the overheads introduced to protect models and benchmark are negligible (in the case of confidential computing) and tractable (when cryptographic security is required). Finally, we also discuss solutions to the problem of benchmark dataset auditing, to ensure that private benchmarks are of sufficiently high quality.
format Preprint
id arxiv_https___arxiv_org_abs_2403_00393
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle TRUCE: Private Benchmarking to Prevent Contamination and Improve Comparative Evaluation of LLMs
Rajore, Tanmay
Chandran, Nishanth
Sitaram, Sunayana
Gupta, Divya
Sharma, Rahul
Mittal, Kashish
Swaminathan, Manohar
Cryptography and Security
Computation and Language
Benchmarking is the de-facto standard for evaluating LLMs, due to its speed, replicability and low cost. However, recent work has pointed out that the majority of the open source benchmarks available today have been contaminated or leaked into LLMs, meaning that LLMs have access to test data during pretraining and/or fine-tuning. This raises serious concerns about the validity of benchmarking studies conducted so far and the future of evaluation using benchmarks. To solve this problem, we propose Private Benchmarking, a solution where test datasets are kept private and models are evaluated without revealing the test data to the model. We describe various scenarios (depending on the trust placed on model owners or dataset owners), and present solutions to avoid data contamination using private benchmarking. For scenarios where the model weights need to be kept private, we describe solutions from confidential computing and cryptography that can aid in private benchmarking. We build an end-to-end system, TRUCE, that enables such private benchmarking showing that the overheads introduced to protect models and benchmark are negligible (in the case of confidential computing) and tractable (when cryptographic security is required). Finally, we also discuss solutions to the problem of benchmark dataset auditing, to ensure that private benchmarks are of sufficiently high quality.
title TRUCE: Private Benchmarking to Prevent Contamination and Improve Comparative Evaluation of LLMs
topic Cryptography and Security
Computation and Language
url https://arxiv.org/abs/2403.00393