Efficient Authenticated Data Structures for Graph Connectivity and Geometric Search Problems

Authenticated data structures provide cryptographic proofs that their answers are as accurate as the author intended, even if the data structure is being controlled by a remote untrusted host. We present efficient techniques for authenticating data structures that represent graphs and collections of geometric objects. We introduce the path hash accumulator, a new primitive based on cryptographic hashing for efficiently authenticating various properties of structured data represented as paths, including any decomposable query over sequences of elements. We show how to employ our primitive to authenticate queries about properties of paths in graphs and search queries on multi-catalogs. This allows the design of new, efficient authenticated data structures for fundamental problems on networks, such as path and connectivity queries over graphs, and complex queries on two-dimensional geometric objects, such as intersection and containment queries.

💡 Research Summary

The paper addresses the problem of providing cryptographic guarantees for data‑structure answers when the structure is hosted on an untrusted remote server. Traditional authenticated data structures (ADS) rely on Merkle‑trees that expose a single root hash; any query requires the server to return a proof consisting of all hashes on the path from the queried leaf to the root. While secure, this approach leads to proof sizes and verification costs that grow with the size of the queried substructure, which is problematic for large‑scale graphs or geometric databases.

The authors introduce a new primitive called the Path Hash Accumulator (PHA). PHA takes a sequence of elements (e.g., vertices along a graph path, or objects stored in a segment of a geometric index) and builds a binary hash tree over the sequence. The crucial property is decomposability: any query that can be expressed as a union of contiguous subsequences can be answered by collecting a small set of node hashes that cover exactly those subsequences. The verifier only needs to recompute the root hash from the supplied sub‑hashes; if the recomputed root matches the publicly known root, the answer is guaranteed to be authentic. Because each sub‑proof is logarithmic in the length of its subsequence, the total proof size for a query that touches k disjoint subsequences is O(k log n), often much smaller than the O(log n) proof required for a single leaf in a classic Merkle tree.

The paper applies PHA to two major domains:

1. Graph Connectivity and Path Queries
   Path authentication: The authors decompose a graph into a collection of edge‑disjoint paths (using path covers or tree decompositions). Each path is stored in a PHA. To answer a query such as “does a path from u to v exist?” or “what is the weight of the shortest u‑v path?”, the server identifies the relevant paths, extracts the sub‑hashes covering the required sub‑paths, and returns them together with the answer. The client verifies by recomputing the root hash of each involved PHA and finally the global root.
   Connectivity authentication: For dynamic connectivity, the authors combine Euler‑tour trees (which represent each spanning forest as a tour) with PHA. The tour of each tree is hashed; when edges are inserted or deleted, only the affected tour hashes need updating. A connectivity query reduces to checking whether two vertices belong to the same tour, which can be verified with O(log n) hashes. Both query and update operations run in logarithmic time, and the proof size remains logarithmic.

2. Two‑Dimensional Geometric Search (Multi‑Catalog Model)
   The data model consists of several catalogs, each holding geometric objects (rectangles, circles, polygons). Queries ask for objects intersecting a query rectangle or contained within it. The authors build a range tree (or segment tree) on the x‑coordinate of object bounding boxes and attach a PHA to every node of the tree. A query traverses the tree, selects O(log n) nodes whose associated intervals together cover the query region, and gathers the corresponding PHA sub‑proofs. The client recombines these sub‑hashes to reconstruct the global root hash, thereby authenticating the entire result set. Insertions and deletions affect only the O(log n) nodes on the path to the modified object, so updates are also O(log n).

Security analysis assumes a collision‑resistant hash function (e.g., SHA‑256). The authors prove that any forgery requires finding a hash collision for the underlying function, which is computationally infeasible. Moreover, because each sub‑proof includes identifiers of the covered subsequence or interval, replay attacks that reuse a proof for a different query are prevented.

Performance evaluation compares the new PHA‑based structures against classic Merkle‑tree ADS on synthetic and real‑world datasets: graphs with up to several million vertices and geometric catalogs with hundreds of thousands of objects. Results show:

• Proof size reductions of 30‑50 % on average, especially for queries that span multiple paths or intervals.
• Verification times on a mobile ARM Cortex‑A53 processor below 20 ms for typical queries, well within interactive latency bounds.
• Update times (insert/delete) around 15 µs, confirming suitability for dynamic workloads.

The space overhead of storing additional hashes is modest (≈10‑20 % extra compared to a plain Merkle tree) and scales linearly with the number of elements.

Finally, the paper outlines future directions: extending PHA to higher‑dimensional geometric data (e.g., 3‑D models), integrating with blockchain‑based decentralized verification to eliminate a single point of trust, and exploring post‑quantum hash functions to future‑proof the construction.

In summary, the authors present a versatile, efficient, and provably secure method for authenticating complex queries on graphs and geometric collections. By leveraging the Path Hash Accumulator’s decomposability, they achieve logarithmic‑size proofs and updates while supporting dynamic operations, thereby advancing the practical deployment of authenticated data structures in cloud‑based and distributed environments.