PICKLE commits an application’s state vector in an incremental Merkle tree and equips each verifier with a batch proof expressed purely in terms of node positions. A single global sibling map stores each required hash at most once, while per-verifier proofs reference this map without duplicating hashes. Leaf updates patch the global map along the affected paths, leaving proof structure unchanged. As a result, patch communication scales with the number of distinct touched siblings rather than with the number or size of verifier batches while preserving per-verifier isolation. We implement PICKLE and compare it to per-path proofs and per-verifier multiproofs on synthetic multi-verifier workloads. Across varied verifier numbers and tree sizes, PICKLE reduces patch communication cost and update time, while relying only on hash computations and simple table lookups.
Author
Kim Seonghyun - Ericsson Research, Sweden
Presented and published at the Workshop on Security and Privacy of Next-Generation Networks (FutureG) 2026, part of Network and Distributed System Security (NDSS) Symposium 2026.
Available from the NDSS Symposium web.
This work is funded by Sweden’s Innovation Agency under grant agreement No. 2025-02987 (SUSTAINET) and the European Union’s Horizon Europe Research and Innovation Programme under grant agreement No. 101135576 (INTEND).