As quantum computing rapidly evolves, widely used cryptographic algorithms such as RSA, Diffie-Hellman, and Elliptic Curve Cryptography (ECC) are becoming increasingly vulnerable. Quantum computers use quantum bits (qubits) and leverage quantum superposition to solve certain problems exponentially faster than traditional supercomputers. For example, Google’s 105-qubit Willow chip can perform the equivalent of years of classic computer work in 5 minutes for certain benchmarks. Although today’s quantum computers have far fewer qubits than the millions required to break widely used asymmetric encryption algorithms, researchers estimate that quantum attacks could become practical within 5 to 10 years.
This future but distinct possibility of breaking cryptography opens up a risk popularly known as “harvest-now/decrypt-later“. Adversaries can capture and store encrypted data and TLS traffic today, knowing they will be able to decrypt it in the future when quantum computing advances sufficiently. Since long-lived data—including PII, PHI, financial records, Intellectual property, and sensitive communication—must remain confidential for many years, it is vital to upgrade cryptography to address this evolving risk.
To help the industry address this risk, the U.S. National Institute of Standards and Technology (NIST) announced a set of quantum-safe algorithms for key encapsulation and digital signatures. These algorithms include ML-KEM and ML-DSA.
We are excited to announce that Oracle AI Database 26ai is among the first database systems to provide quantum-safe TLS for encrypting network connections. Oracle AI Database 26ai supports the use of NIST-approved AES-256 symmetric encryption algorithms, offering strong protection against both classical and quantum threats for its components.
Quantum-safe cryptography in Oracle AI Database 26ai
Oracle AI Database 26ai integrates the cryptographic algorithms necessary to help protect your database against quantum attacks. The key features included in this release are:
- Support for selected quantum-safe cryptographic algorithms for key exchange and digital signing
- ML-KEM (Module Lattice Key Encapsulation Mechanism) for key exchange
- ML-DSA (Module Lattice Digital Signature Algorithm) for signing and verification
- Support for TLS to utilize quantum-safe key exchange algorithms to encrypt traffic between a database client and server
- Full support for AES-256 encryption and SHA-256 message digest across all Oracle Database features, providing a complete suite of quantum-resistant algorithms
We will now discuss how Oracle AI Database 26ai protects data at rest and in motion from advanced quantum computers.
Encrypting all data at rest
Oracle AI Database 26ai safeguards data at rest with AES-256, offering strong protection against both classical and quantum threats.
- For new databases, use Transparent Data Encryption (TDE) with AES-256 as the encryption algorithm.
Note: The default encryption algorithm in Oracle AI Database 26ai for both TDE tablespace and column-level encryption is AES-256. Oracle Cloud databases across multiple versions of database releases have been encrypted by default with AES-256.
- For existing databases, identify existing data that does not use NIST approved encryption algorithms, or is encrypted using a shorter key length such as AES-128, and then re-encrypt them with AES-256 using the ALTER TABLESPACE REKEY command.
Note: In earlier database versions (19c, 21c), the default for tablespace encryption was AES-128, although users could have manually changed the default to AES-256 using the dynamic parameter TABLESPACE_ENCRYPTION_DEFAULT_ALGORITHM. Master encryption keys are always AES-256.
Protecting TLS encrypted traffic
Network traffic between database clients and servers is typically encrypted using industry-standard TLS. Currently, session keys are protected using algorithms such as Elliptic Curve Diffie-Hellman Ephemeral (ECDHE), and sessions are authenticated using digital signature algorithms like RSA.
To protect such communication from harvest-now attacks by future Quantum computers, we suggest that you begin by using TLS 1.3 for encrypted communications; and then enable the quantum-safe key exchange algorithm ML-KEM. This approach allows you to maintain the existing TLS cipher suites and RSA 2048 or equivalent strength certificates, while strengthening session key exchange using quantum-safe algorithms.
In Oracle AI Database 26ai, you can enable ML-KEM key exchange in TLS 1.3 for both server and client using the TLS_KEY_EXCHANGE_GROUPS parameter. At least one side must require ML-KEM for it to be used; otherwise, ECDHE is the default for backward compatibility.
During migration, your server can simultaneously accept traditional and quantum-safe TLS 1.3 clients until all clients support ML-KEM. Once migration is complete, configure the system to accept only ML-KEM.
Using ML-DSA signed certificates
Quantum computers can eventually forge digital signatures created with RSA or ECC, thus undermining trust and authenticity. For example, a TLS handshake that uses an RSA certificate could be compromised by quantum adversaries in the future. To mitigate this, Oracle AI Database 26ai supports certificates signed with the quantum-safe ML-DSA algorithm during TLS handshakes. Public certificate authorities are expected to adopt ML-DSA-based certificates by 2026. In the meantime, you can create and use self-signed ML-DSA certificates with Oracle’s orapki utility if there is an urgent need for advanced protection.
Performance Considerations
Although quantum-safe keys and signatures are about 10 times larger than classic ECDHE keys, our benchmarks indicate that ML-KEM provides up to a 10% performance improvement over the current ECDHE algorithm. Combined with the efficiency of TLS 1.3 handshake, organizations migrating from TLS 1.2 to TLS 1.3 may find that increased security comes with improved performance!
Database Client Tools and Drivers
Oracle AI Database 26ai enables quantum-safe algorithms for Oracle Call Interface (OCI) drivers (including SQL*Plus, SQL Developer using the thick client, ODP.NET Unmanaged) as well as the database server. Future releases will extend support to additional clients such as SQL Developer using JDBC, SQLcl, the SQL Developer plug-in for VS Code, and Oracle drivers for Python, Node.js, and ODP.NET.
Next Steps
Adopting quantum-safe algorithms in Oracle Database is a proactive step to help safeguard your data from future “harvest-now, decrypt-later” threats. Start by building an inventory of the cryptographic algorithms currently in use in your databases. Then, update configurations to utilize AES-256 and TLS 1.3 with ML-KEM for encryption and key exchange.
For detailed guidance, consult the Oracle Database Security guide.