Skip to content

Benchmarks

PET decisions should be based on evidence, not vibes.

Use this section when a PET choice sounds plausible but you need to know whether it survives real workload constraints.

Benchmark Dimensions

Dimension Question
Privacy Does the benchmark test the claim the system actually makes?
Utility Does the PET preserve the downstream decision, not just a generic score?
Cost What are compute, latency, bandwidth, storage, integration, and review costs?
Robustness What happens under drift, poisoning, repeated queries, dropouts, or small cohorts?
Operations Can a normal team deploy, monitor, debug, and explain the system?
Evidence quality Is the result measured, deployment-backed, literature-backed, or expert judgment?

Benchmark Source Quality

Benchmark claims need both an evidence level and a source-quality label. A measured value from a vendor blog is not the same thing as a reproducible benchmark package, and an illustrative scorecard value is not a measurement.

Source quality Meaning Decision use
Reproducible benchmark package Workload, code, data or data generator, environment, and run date are available Strongest benchmark evidence if the workload matches
Peer-reviewed measurement Paper reports workload, method, parameters, and limits Useful with scope checks; reproduce before procurement
Operator measurement Deploying team or vendor reports measured results Useful lead; validate independently for high-stakes decisions
Independent replication Non-operator repeats or challenges a claimed result Strong evidence for or against generalization
Expert estimate Maintainer or practitioner estimate without a run artifact Planning only; replace before commitment
Unsourced / illustrative Teaching value created for a scorecard example Never cite as performance evidence

(Evidence: Expert judgment. Source quality: Project standard. Reviewed 2026-06-17 — this taxonomy is a reporting discipline, not a measurement result.)

Benchmark Card

Every benchmark should report:

  • workload and intended decision;
  • data shape and privacy unit;
  • threat model and allowed output;
  • PET stack and parameters;
  • hardware, software versions, and deployment assumptions;
  • baselines and rejected alternatives;
  • privacy, utility, cost, latency, and robustness results;
  • evidence level and source-quality label for each high-impact result;
  • failure cases and what the benchmark does not measure.

Scorecards

Start with Scorecards for reusable benchmark templates covering:

  • private RAG;
  • private inference;
  • cross-silo FL;
  • synthetic data release;
  • federated analytics and MPC analytics.

Anti-Patterns

  • Reporting only accuracy when privacy loss is the core claim.
  • Reporting only cryptographic runtime when integration dominates cost.
  • Hiding failed parameter settings.
  • Benchmarking on clean centralized data when deployment data is distributed and messy.
  • Comparing PETs without naming the protected asset and adversary.