Hybrid Query Node Identification

• Hybrid query node identification is the process of assigning optimal execution models to query nodes by integrating graph pattern matching and encrypted query planning techniques.
• It uses runtime index graphs and double simulation to prune candidate nodes, applying multiway join strategies to achieve efficient, optimal enumeration.
• Adaptive cost modeling and micro-benchmarking dynamically select between trusted execution environments and pure cryptographic processing to maximize performance and security.

Hybrid query node identification refers to the systematic delineation and allocation of computational strategies for query nodes or subplan operators in hybrid query evaluation settings. These settings typically involve environments where different physical execution paradigms (e.g., cryptographic primitives, trusted execution environments, path-vs-edge semantics in graphs) are available, and the system must decide on a per-node (or per-operator) basis which paradigm to employ. This concept has two principal instantiations in recent literature: efficient graph pattern matching with hybrid edge semantics (Wu et al., 2021), and adaptive encrypted database query planning (Li et al., 2024). In both contexts, node identification is fundamental to achieving optimal trade-offs between expressiveness, efficiency, and security.

1. Formal Foundations in Hybrid Graph Pattern Queries

Hybrid query node identification in graph pattern matching begins from the definition of hybrid graph pattern queries. Consider a data graph $G=(V,E)$, a directed, node-labeled graph with each node $u$ having $\mathit{label}(u) \in \mathcal L$, and a pattern graph $P=(V_P,E_P)$, also labeled over $\mathcal L$. Edges in $P$ are partitioned into direct edges $E_P^d$ (requiring single-arc matches) and reachability edges $E_P^r$ (requiring path matches).

The objective is to enumerate all homomorphisms $f: V_P \to V$ such that labels match ($\mathit{label}(p) = \mathit{label}(f(p))$) and for every pattern edge $e=(p,q)$, the mapping

• requires $(f(p),f(q)) \in E$ if $e \in E_P^d$,
• or a directed path $f(p)\prec f(q)$ in $G$ if $e \in E_P^r$.

Hybrid query node identification is thus the process of determining, for each $p \in V_P$, the precise subset of $V$ (candidate set $C(p)$) that might serve as $f(p)$ in some homomorphism subject to edge semantics (Wu et al., 2021).

2. Runtime Index Graph Construction and Candidate Pruning

Identification is operationalized through a runtime index graph (RIG), built by simulating the mappings from pattern to data nodes. The "double simulation" relation

$S \subseteq V_P \times V$

is iteratively pruned to include only feasible $(p,v)$ pairs, based on:

• label matching,
• a forward condition (every outgoing $(p \to p')$ in $E_P$ has a match from $v$ to some $v'$ with $(p',v')\in S$ under appropriate edge semantics),
• and a backward condition (analogous for incoming edges).

Stabilizing $S$ yields candidate sets $C(p)=\{v\mid (p,v)\in S\}$ for all $p \in V_P$. This process leverages alternating forward and backward passes (e.g., FB-SimDag for DAG patterns) and, for cyclic patterns, additional $\Delta$-steps to reach fixpoint (Wu et al., 2021).

The refined RIG is a $|V_P|$-partite graph where each part is $C(p)$ and edges represent valid correspondences for the pattern's adjacency—again, respecting hybrid edge semantics.

3. Enumeration and Multi-Way Join Strategies

After node identification, a query-node-at-a-time backtracking algorithm (MJoin) enumerates all homomorphisms. For each pattern node (following a chosen search order), possible assignments are intersected along RIG edges—always performing multiway intersections before recursing, thereby avoiding large intermediate join results. This is formalized as:

procedure ENUM(k, t): if k>n: output t[1..n] and return let p = σ[k]; S = C(p) for each assigned neighbor q: S ← S ∩ {Pred_q or Succ_q} for v in S: t[k] := v; ENUM(k+1, t)

Intersections are performed using compressed bitmaps, achieving both high pruning power and efficiency. Under fractional edge cover bounds, this procedure achieves worst-case optimal enumeration complexity (AGM bound) (Wu et al., 2021).

4. Self-Adaptive Hybrid Identification in Encrypted Database Query Planning

In adaptive encrypted query processing (e.g., Enc²DB), hybrid query node identification refers to annotating each plan node/operator in an encrypted SQL plan with the optimal execution mode: either pure cryptographic computation (software UDF) or trusted execution environment (TEE, e.g., SGX enclave) (Li et al., 2024).

The approach is formalized as follows:

• For each operator $\mathit{op}$, cost models are provided for both physical implementations:

$$C_{\mathrm{soft}}(\mathit{op}, N) = C_{\mathrm{calc}}^{\mathrm{soft}}(\mathit{op}) \cdot N + C_{\mathrm{decide}}(\mathit{op})$$

$$C_{\mathrm{TEE}}(\mathit{op}, N) = C_{\mathrm{ecall}} + [C_{\mathrm{calc}}^{\mathrm{tee}}(\mathit{op}) \cdot N] + C_{\mathrm{runtime}} + C_{\mathrm{decide}}(\mathit{op})$$

where $N$ is operator cardinality, $C_{\mathrm{ecall}}$ is SGX transition overhead, and $C_{\mathrm{runtime}}$ is an adaptively estimated EPC paging penalty.

• At runtime or optimization time, a micro-benchmark runs within the enclave to estimate $C_{\mathrm{runtime}}$, switching modes depending on current system load.
• Node identification is performed by the pseudocode routine:

for op in queryPlan.operatorsThatAreSecure: if C_TEE < C_soft: op.implementation = "TEE_UDF" else: op.implementation = "CRYPT_SOFT"

The system thus adapts dynamically to the current cost structure, assigning secure operators to enclave or software paths as appropriate (Li et al., 2024).

5. Integration with Indexing and Cost-Based Optimization

Hybrid node identification naturally integrates with physical data structures such as encrypted B-tree indexes. Enc²DB introduces an ore_en user-defined type (ORE ciphertext) along with operator classes such as ore_en_abs_ops, enabling PostgreSQL’s planner to treat order-preserving encryption indexes equivalently to native B-trees. As a result, hybrid path decisions (e.g., whether ore_en_abs_gt for range queries should be run as a pure-crypto UDF or in enclave) are factored into the optimizer’s plan node labeling, leveraging the cost framework described above (Li et al., 2024).

6. Illustrative Workflows and Examples

Hybrid Graph Pattern Queries

For pattern $P$ with nodes $\{A,B,C\}$ and direct/reachability edges, and data graph $G$ with appropriate labels and structure:

• Candidate sets after simulation: $C(A),C(B),C(C)$, pruned via forward and backward sweeps.
• Enumeration yields all possible assignments realizing the hybrid semantics via multiway intersections over the refined RIG, as detailed in (Wu et al., 2021).

Encrypted Query Planning

Given a query with ORE and DET predicates, the Enc²DB planner, using its hybrid identification routine, assigns DET equality to software UDFs (always cheaper), whereas ORE range predicates are evaluated for cost; if enclave cost is lower and no EPC paging is present, the node uses the TEE path, otherwise pure crypto. This assignment may change adaptively across queries or even at runtime as micro-benchmarks capture dynamic overheads (Li et al., 2024).

7. Best Practices and Empirical Outcomes

Across both domains, the following best practices and insights have emerged:

• Double simulation prunes up to $99\%$ of irrelevant candidate nodes in graph queries within $2–3$ sweeps.
• On-the-fly RIG construction (no persistent indexes) minimizes memory overhead.
• Multiway intersection algorithms avoid materializing large join intermediates and match AGM-optimal enumeration bounds.
• In encryption settings, maintaining micro-benchmarked overhead estimators and providing per-operator mode choices ensures robust cost performance under variable workloads.
• Enc²DB’s approach significantly outperforms static assignment and legacy graph/database query engines, confirmed by comprehensive experiments on real and synthetic datasets exhibiting one to three orders of magnitude speedup, and scalability to large patterns and graphs (Wu et al., 2021, Li et al., 2024).

Context	Node Identification Target	Key Mechanism
Graph Pattern Matching	Candidate data nodes for $f(p)$	Double simulation, iterative pruning
Encrypted DB Query	Secure operator execution assignment	Cost model, micro-benchmarking, adapt.

Hybrid query node identification underpins efficient, secure, and scalable query execution by leveraging structural, semantic, and runtime properties to optimally partition computational responsibilities in diverse hybrid environments.