I still don't get it. For example, if each block contains the hash of the previous block (including the hash of all its transactions), then it's already possible to verify if a block was illegally substituted for another (e.g. secretly behind the scenes) because the following block hash would become inconsistent. The verification step would be O(1) time complexity because you just need to check the block hash and the hash of its two neighbors which is faster than Merkle Proof which is O(log n).
The clue is in "all transitions" part. If you have n blocks adding values, you have to verify O(n) blocks on average to check, that the value is in the chain leading to the current head.
With Merkle tree you just need a path from leaf to the root - so O(log n) hashes required.
Is it related to Bitcoin's design with input and output transactions and the double spend problem?
It still seems that the problem can be solved by including a hash of the previous record as part of each new record. Then to verify the validity of any given record, you just fetch that record, its predecessor and its successor. If the record's hash cannot be computed using the predecessor's hash plus the hash of the current record's transactions (in a way that it's consistent with the successor's hash), then you know the current record is invalid.
It's about anchoring your knowledge/trust. If you start with zero data, you're saying that it's enough to just fetch that record. How to do that? You need to query full nodes specifically for the block that contains your record. But how do you know it is part of the "real" blockchain? They could provide you fake block - even faking whole history, just to fake your record is there.
That is not possible when you are querying many full nodes for current node, without telling them what you are looking for. They cannot return different results based on your query. You can trust that one piece of information - newest block.
In order to verify validity of the record, you need the block containing that result and checking that it is in history of the current block. That requires fetching O(n) blocks. Keep in mind that you need to trust just the head - even if someone wanted to provide you fake history, they are not able to, as it is infeasible to create block matching specific hash.
But instead of having linear block chain (corresponding to list datatype) you can have a Merkle tree (corresponding to tree datatype), where it is possible to compute hash of each node having just its two children. You can anchor your knowledge in the hash of the root (e.g. by having all nodes provide you the same value). Than anyone can prove you in a trustless way, that the tree contains specific leaf: by providing way to verify the hash of all nodes on the path from the leaf to the root. That requires O(log n) data, compared to O(n) in linear blockchain.
