How Can I Publish My LLM Benchmark Without Giving the True Answers Away?

TL;DR

This paper introduces a method to publish LLM benchmarks without revealing true answers by injecting randomness, enabling open evaluation while detecting data contamination and preventing test-set overfitting.

Contribution

The authors propose a novel approach to publish benchmarks with hidden ground truths using answer randomness, balancing transparency and data protection.

Findings

Method effectively detects data contamination across benchmarks.

Randomized answers prevent models from surpassing Bayes accuracy.

Approach maintains open evaluation without revealing true answers.

Abstract

Publishing a large language model (LLM) benchmark on the Internet risks contaminating future LLMs: the benchmark may be unintentionally (or intentionally) used to train or select a model. A common mitigation is to keep the benchmark private and let participants submit their models or predictions to the organizers. However, this strategy will require trust in a single organization and still permits test-set overfitting through repeated queries. To overcome this issue, we propose a way to publish benchmarks without completely disclosing the ground-truth answers to the questions, while still maintaining the ability to openly evaluate LLMs. The main underlying idea is to reduces the best possible accuracy, i.e., Bayes accuracy, by injecting randomness to the answers by preparing several logically correct answers, and only include one of them as the solution in the benchmark. Not only is this helpful to keep us from disclosing the ground truth, but this also offers a test for detecting data contamination. In principle, even fully capable models should not surpass the Bayes accuracy. If a model surpasses this ceiling despite this expectation, this is a strong signal of data contamination. We present experimental evidence that our method can detect data contamination accurately on a wide range of benchmarks, models, and training methodologies.