What Oracle Blockchain Tables Actually Are
An Oracle blockchain table is a heap-organized table with two additions. First, each row gets a cryptographic hash that chains it to the previous row in the same sequence (defined by instance ID, chain ID, and sequence number). Second, rows cannot be deleted within a configurable retention period — and in some configurations, never. The hash chain means that if any previously committed row is modified or deleted, the chain breaks, and Oracle's verification function will detect it.
This is not a public blockchain. There is no distributed consensus, no decentralized ledger, no cryptocurrency. The chain is stored entirely within the Oracle database. The tamper-evidence property holds only against an attacker who can modify the database's data files or issued SQL — not against a compromised DBA with direct tablespace access who knows how to recompute the hash chain.
That distinction matters for how you assess the threat model. Blockchain tables defend against:
- Application-layer tampering (UPDATE or DELETE via SQL that leaves forensic traces)
- Insider threats that use authorized SQL channels to modify records
- Audit log manipulation by lower-privileged DBAs who have DML rights but not direct storage access
They do not defend against a DBA with SYSDBA access and the willingness to manipulate the physical data files and recompute hashes. For that level of assurance, you need external attestation — Oracle provides a mechanism to publish hash digests to external storage (flat files, object storage, external services) for this purpose.
Creating and Configuring a Blockchain Table
-- Create a blockchain table with 30-day row retention
-- Rows cannot be deleted for 30 days after insert
CREATE BLOCKCHAIN TABLE financial_audit_log (
event_id NUMBER GENERATED ALWAYS AS IDENTITY,
event_timestamp TIMESTAMP WITH TIME ZONE DEFAULT SYSTIMESTAMP,
user_id NUMBER NOT NULL,
action_type VARCHAR2(50) NOT NULL,
table_name VARCHAR2(128),
row_id_affected VARCHAR2(100),
old_values CLOB,
new_values CLOB,
application_id VARCHAR2(50)
)
NO DROP UNTIL 365 DAYS IDLE -- table cannot be dropped until 365 days of inactivity
NO DELETE UNTIL 30 DAYS AFTER INSERT -- rows locked for 30 days
HASHING USING "SHA2_512" VERSION "v1";
The retention options:
NO DELETE LOCKED— rows are permanently non-deletable. Rarely appropriate; prevents any data retention compliance actions.NO DELETE UNTIL n DAYS AFTER INSERT— rows cannot be deleted for n days. Appropriate for audit logs where you need time-bounded immutability.NO DELETE— deletes are permitted but only by the table owner, and the hash chain still detects unauthorized deletion.
-- Insert into a blockchain table (standard DML, no special syntax)
INSERT INTO financial_audit_log (
user_id, action_type, table_name, row_id_affected, old_values, new_values
) VALUES (
1042, 'UPDATE', 'accounts', 'AAABBB123', '{"balance": 50000}', '{"balance": 48500}'
);
-- The hidden columns Oracle adds automatically:
-- ORABCTAB_INST_ID$ -- instance ID
-- ORABCTAB_CHAIN_ID$ -- chain ID
-- ORABCTAB_SEQ_NUM$ -- sequence within chain
-- ORABCTAB_CREATION_TIME$ -- row creation timestamp
-- ORABCTAB_USER_NUMBER$ -- user who inserted
-- ORABCTAB_HASH$ -- SHA-512 hash of this row + previous row
-- ORABCTAB_SIGNATURE$ -- optional user signature
-- ORABCTAB_SIGNATURE_ALG$ -- signature algorithm
-- ORABCTAB_SPARE$ -- reserved
Verifying the Hash Chain
-- Verify all rows in the blockchain table
DECLARE
verify_rows NUMBER;
corrupt_count NUMBER;
BEGIN
DBMS_BLOCKCHAIN_TABLE.VERIFY_ROWS(
owner_name => 'APPSCHEMA',
table_name => 'FINANCIAL_AUDIT_LOG',
number_of_rows => verify_rows,
corruption_count => corrupt_count
);
DBMS_OUTPUT.PUT_LINE('Rows verified: ' || verify_rows);
DBMS_OUTPUT.PUT_LINE('Corrupt rows: ' || corrupt_count);
END;
/
-- Verify a specific row range by timestamp
DECLARE
verify_rows NUMBER;
corrupt_count NUMBER;
BEGIN
DBMS_BLOCKCHAIN_TABLE.VERIFY_ROWS(
owner_name => 'APPSCHEMA',
table_name => 'FINANCIAL_AUDIT_LOG',
start_time => TIMESTAMP '2025-01-01 00:00:00',
end_time => TIMESTAMP '2025-03-31 23:59:59',
number_of_rows => verify_rows,
corruption_count => corrupt_count
);
END;
/
Verification scans the hash chain and confirms each row's hash matches the hash of its content chained to the previous row. A non-zero corruption_count means at least one row has been tampered with — but it does not tell you which one without row-level iteration. Build a verification job that logs results and alerts on any non-zero corruption count.
External Digest Publication for Stronger Assurance
Publishing row digests to an external system breaks the "recompute the chain" attack vector. If a DBA modifies rows and recomputes hashes, the previously published external digests will no longer match:
-- Get a digest for external publication
DECLARE
digest RAW(2000);
digest_b64 VARCHAR2(4000);
BEGIN
DBMS_BLOCKCHAIN_TABLE.GET_DIGEST(
owner_name => 'APPSCHEMA',
table_name => 'FINANCIAL_AUDIT_LOG',
digest_type => DBMS_BLOCKCHAIN_TABLE.LAST_DIGEST,
digest => digest
);
digest_b64 := UTL_RAW.CAST_TO_VARCHAR2(
UTL_ENCODE.BASE64_ENCODE(digest)
);
-- Write digest_b64 to an external system: S3, an external API, a signed log file
DBMS_OUTPUT.PUT_LINE('Digest: ' || digest_b64);
END;
/
The external publication cadence depends on your threat model. For financial audit logs, publishing a digest every hour gives a 1-hour tamper detection window. Publishing after every 1000 inserts gives coverage at that transaction volume boundary. Automate this with a DBMS_SCHEDULER job.
Use Cases That Actually Justify the Feature
Financial Transaction Audit Trails
Regulations like SOX, PCI-DSS, and various banking frameworks require audit trails that cannot be modified retroactively. A blockchain table storing every financial transaction modification provides a cryptographically verifiable audit trail that satisfies this requirement within the database layer — no external audit system required for the immutability guarantee.
The practical design: write to the blockchain audit table from a trigger on the financial transaction table, or from the application layer immediately after each DML operation. Use a service account for writes to minimize the number of principals who can insert, and restrict direct SELECT to auditors and compliance roles.
Healthcare Record Modification Logs
HIPAA's audit control standard (§164.312(b)) requires audit logs of access and modification to protected health information. A blockchain table storing PHI access and modification events provides tamper-evident logging that can be produced in response to a breach investigation or OCR audit. The immutability property is more defensible than a standard audit table that a compromised account could modify.
Document Version Control for Legal Workflows
Contract management systems that store document versions in Oracle can use blockchain tables to record version transitions with cryptographic proof that the version history has not been altered. This is particularly relevant for e-signature workflows where the chain of custody matters for enforceability.
Supply Chain Event Recording
Manufacturing and logistics applications that track custody transfers, inspection events, or quality control sign-offs benefit from tamper-evident recording. A blockchain table storing each custody event — with the inserting user's identity captured in ORABCTAB_USER_NUMBER$ — creates an immutable chain of custody record without requiring an external distributed ledger.
Use Cases That Don't Justify It
Not every audit log needs blockchain table semantics. The feature has real costs:
- INSERT performance overhead. Computing SHA-512 and maintaining the chain adds latency to every INSERT. On high-throughput tables, this is measurable. Benchmark before deploying.
- No UPDATE or DELETE within retention window. If your application ever needs to correct a bad audit record (data entry error, test data cleanup), you cannot. Plan for this from the start.
- Export and archival complexity. Standard data archival workflows that move old rows to cold storage do not work within the retention window. Design your retention policy before creating the table.
- Not portable. Blockchain tables are Oracle-specific. If you're planning a migration away from Oracle, this feature creates additional migration debt.
For general-purpose application audit logging where tamper-evidence is a nice-to-have rather than a compliance requirement, a standard append-only table with row-level security and tight DML grants provides adequate protection at significantly lower operational cost.
Oracle 23ai: Immutable Tables as a Lighter Alternative
Oracle 23ai introduced Immutable Tables, which provide the append-only and retention constraints of blockchain tables without the hash chain overhead. If your requirement is purely "rows cannot be deleted within a retention window" without the cryptographic tamper-detection, immutable tables are simpler to operate and have lower insert overhead.
-- Oracle 23ai: create an immutable table (lighter than blockchain table)
CREATE IMMUTABLE TABLE application_events (
event_id NUMBER GENERATED ALWAYS AS IDENTITY,
event_time TIMESTAMP DEFAULT SYSTIMESTAMP,
event_type VARCHAR2(100),
event_data CLOB
)
NO DROP UNTIL 180 DAYS IDLE
NO DELETE UNTIL 90 DAYS AFTER INSERT;
Use blockchain tables when you specifically need cryptographic proof of non-tampering. Use immutable tables when you need retention guarantees without the hash chain complexity.
Evaluating Oracle 21c/23ai features for a compliance use case?
We assess Oracle feature adoption decisions — including blockchain tables, immutable tables, and audit vault — against your specific compliance framework and operational constraints. Free assessment, no obligation.