Providing Security for Flash Loan System Using Cryptocurrency Wallets Supported by XSalsa20 in a Blockchain Environment

Abstract

The days of long lines at banks and piles of paperwork are long gone. The lending landscape has been completely transformed by digital loans, which provide a quick, easy, and frequently paperless transactions. A payee can apply for a digital loan anytime, anywhere. The entire lending procedure is accessible and efficient, but the availability of data on the Internet provides many risks and threats, where there are certain difficulties in the world of digital lending and data security, and privacy are major concerns. It is important to address the possibility of predatory lending practices that target weaker payees, especially with flash loans, which are considered a critical type of digital loan, as they add additional pressure to banks in terms of security because they return to the same block of the blockchain, and the possibility of tampering with them is considered great. Therefore, we have developed a security protocol based on the principle of digital cryptocurrency wallets: these digital wallets are protected by our use of the Xsalsa20 algorithm. It has high specifications and is enhanced with the usage of the Crow search algorithm, which guarantees fast and efficient search results. After the analysis of the proposed system in the Tamarin Prover tool, we obtained proof of a lot of security properties like data authenticity, perfect forward secrecy, and many others, which constitute the matter that gives our system the power of security. Also, we obtained 0.6667 ms. as the rate of processing speed, 2990 ms. as the time required by the proposed system to repay loans after the conditions are met, and, finally, our proposed system has the power to present a flexible property by creating 29,700 loans every 3 s; by this, we obtained a system that is secure, authentic, fast, and flexible.

1. Introduction

The traditional loan system has relied heavily on manual processes, with mountains of paperwork and face-to-face interactions [1]. With the development of automated technologies in the second part of the 20th century, all of this began to alter. The transition to automated loan systems was fueled by several factors:

• Mainframe computers and early software: Mainframe computers were developed in the 1950s and 60s, which paved the way for the automation of basic calculations and massive data storage. Early software was used to automate tasks like credit checks and loan application processing.
• Requirements for efficiency: As loan demand rose, lenders found it challenging to keep up with manual processing. Faster processing speeds promised by automation enabled them to handle more applications and preserve their competitiveness.
• Accuracy and reduced errors: Manual data entry and calculations were prone to errors. Automation made it possible to process loans with more accuracy and less chance of error.

These early steps toward automation made possible the sophisticated lending systems that the world utilizes today [2], which employ state-of-the-art technologies for a genuinely simplified loan experience. Also, this tremendous development in the field of loan systems, in addition to the capabilities, means, and tools that help in development, has emerged a new type of loan that is the subject of research, which is flash loans. Because they let payees borrow large amounts of money without requiring collateral as long as the money is paid back within the same transaction block, flash loans are special. The modern financial system cannot function without loan systems. These can be divided into two main categories: Loan Origination Systems (LOSs) and Loan Management Systems (LMSs) [3]. LOS software helps payers assess applications, obtain payee data, and generate the documentation required to initiate a loan. After the loan is granted, LMS software takes over and automates processes like interest calculations, payment tracking, and even identifying possible defaults. By streamlining the entire loan process, from application to repayment, loan systems benefit both payees and payers. For payers, they improve efficiency, reduce errors, and provide valuable data for informed lending decisions. For payees, they offer a smoother application process, faster approvals, and easier loan management. As long as the data for payers and all the lending system’s data are online, this makes them ever vulnerable to the danger of hacking, loss, or even the system lockdown. This is the reason that the security issue is a crucial issue in such systems.

With the tremendous development of technology, this development carries not only positives but also negatives, as data are exposed to dangers, hacking, and loss. In February 2020, one of the first and most well-known flash loan assaults happened on the decentralized lending protocol bZx. The attacker manipulated the price of Ethereum, a decentralized, open-source blockchain system, in order to profit from it by combining flash loans, price manipulation, and a re-entrancy flaw. A flash loan attack in April 2020 compromised the dForce (decentralized finance) protocol [4], thus allowing about $25 million worth of cryptocurrency to be stolen. By taking advantage of a weakness in the lending protocol, the attackers were able to manipulate balances and borrow and deposit money on a regular basis. As attacks evolve and new varieties appear regularly, as a result, new defense mechanisms and methods must be created, particularly for systems handling funds, client information, and bank reputations. This calls for the ongoing improvement of financial systems, and in our proposal, we have developed a system that protects the rights of payers and payees while simultaneously fending off a variety of contemporary attacks. The next subsection will clarify the traditional technique to secure the lending system.

1.1. Traditional Security Techniques for Lending Systems

Lending systems rely on a robust set of security measures to protect sensitive borrower data and financial transactions. Here are some key techniques:

• Data security: The following methods are used to maintain data security traditionally and previously.

  −

  Encryption: Using powerful algorithms like AES Advanced Encryption Standard, borrower data, including Social Security numbers, salary details, and credit reports, were encrypted both during transmission and while they were being stored [5].

  −

  Access controls: Based on user roles and responsibilities, access to borrower data was limited. An additional degree of protection was added to sensitive system access with multifactor authentication (MFA).

  −

  Data solitude: The most important data were isolated from the less important data and stored apart from them. This step was taken to minimize the impact of intrusion [6].

• User training and awareness: In such systems, the issue of security is a critical issue: not only should the people and staff that work on the system be aware of this issue but even the people who benefit from the system and customers as well [7].

  −

  Staff education: Workers who have access to private data received training on security best practices, such as choosing secure passwords and recognizing phishing scams [8].

  −

  Payers’ education: Payers received instructions on how to safeguard their data and identify con artists. These tactics, when used correctly, offered a strong foundation for the security of lending systems [6]. But they were not without limitations. It took constant effort and close attention to detail to keep up a solid security posture. Furthermore, because loan systems stored data centrally, they were vulnerable to intentional attacks.

When properly applied, these strategies have provided a solid basis for lending systems security. They have not been without restrictions though. Continuous investment and attention to detail are necessary to maintain a strong security posture. In addition, lending systems are open to deliberate attacks due to their centralized data storage.

1.2. Security in Blockchain-Based Lending Systems

The complexity and expense of the loan approval process have often increased due to banks and other intermediaries [1]. However, blockchain disrupts this model by offering a safe, transparent, and decentralized alternative. Blockchain is essentially a distributed ledger technology that creates an impenetrable transaction record [9,10]. Imagine a massive spreadsheet that serves as a digital ledger, which is updated continually and dispersed across multiple computers on a network. In essence, a blockchain is a collection of data that has been chronologically linked and organized into blocks, including loan transactions. Since encryption guarantees the integrity of each block, tampering with data is practically impossible. This builds confidence and eliminates the need for a centralized authority to verify information. The combination of blockchain technology with lending systems offers several intriguing prospects, where blockchain technology enhances security and transparency, as well as streamlines loan processes through distributed ledgers. It encourages accountability and confidence, automates manual steps, and provides greater access to capital for borrowers who may not have access to financing through traditional methods.

As clarified in Figure 1a, the process of lending is never complete unless there is a centralized control represented by a bank or any financial institution. While in (b), there is a decentralized control represented by blockchain technology.

1.3. Main Contributions

Our main contributions here are as follows:

• We speed up the total time required to process the loan and deliver it to the payee as quickly as possible through our use of preprepared codes that greatly accelerate the work.
• We give great flexibility to the loan system in general by increasing the number of loans processed and added per second, which serves customers and gives profit to both the payee and the payer.
• The focus of our system is not limited to providing loans only, but rather on giving great importance to the payers and returning their money as quickly as possible after fulfilling our preprepared conditions to guarantee their rights and not cause them any financial losses or waste of time.
• We raise the level of security through our usage of the XSalsa20 algorithm as an encryption algorithm to protect the data after they are saved in the smart wallets.

The structure of our manuscript presentation is divided as follows. In Section 2, we will give a wide overview of the previous studies. Section 3 will present a full explanation of the loan concept and types. Section 4 is our proposed system methods and how they work, then Section 5 describes the proposed lending protocol step by step. Section 6 is the security analysis and performance analysis of our work, and finally, Section 7, Section 8 and Section 9 are the conclusion, limitations, and the future work respectively.

2. Literature Assessment on the Security of the Lending System

In this section, an analysis of the previous studies will be represented as follows. Li et al. [1] created a blockchain-based group lending system that can encourage the free movement of money across the group’s businesses. To achieve automatic loan condition determination and smart contract execution, the authors integrated the blockchain with a trusted execution environment. Additionally, they preserved the privacy of loan customers by utilizing linkable group signature technology. Additionally, they made the assertion computable and confidential by utilizing homomorphic encryption technology. However, in addition to the issue of security, the factor of speed in completing the loan and returning it is also considered an important and necessary factor for both the lender and the borrower, but in this research, the time factor was not addressed at all when evaluating the system. Mbodji et al. [2] proposed the creation of a peer-to-peer (P2P) lending business model and protocol that is mobile phone accessible and appropriate for poor nations. The protocol incorporates a smart contract-based service to prevent the diversion of aims. But this document contains just enough information to give a general overview of the project. However, further information on the technical implementation process could be needed. Bansal and Swamy [5] examined a pattern that aids in evaluating bank loans obtained via blockchain technology. In this scheme, debt repayment of defaulted debt is tracked by a decentralized system. The system they present would be able to obtain loans in place even in the absence of any collateral. But this system is slow, and it takes longer to deal with how the product functions. On the other hand, this article never mentioned the collateral or the guarantees of repaying the loan. Spyridon [11] represented a module where the borrowers can submit their information, upload papers that can be verified, and input the amount of loan they would like to apply for on its website. Lendoit gives loans that request a quality score, or credit rating, based on several verification sources. In a reverse auction, lenders bid on interest and repayment, thus dispersing the risk instead of focusing it and lowering the total interest rate. But, in addition to the interest rate applied to the loan, there can be other costs that need to be paid. If the credit score is low, a payee can be required to pay an interest rate that is more than what traditional lenders would charge. To safeguard the privacy of data, Wang et al. [12] introduced digital signatures and oracles. Performance assessments on unlocking codes and chain codes demonstrate the applicability of the approach they presented in a financial loan environment. They mentioned that their system is based on the smart contract, but they never gave a full assessment of the mentioned mechanism. Wang and Liu [13] suggested a standardized blockchain application model for fintech and found that blockchain has many potential applications that can be realized through distributed consensus, smart contract execution, cryptographic algorithms, and distributed ledgers. The study’s flaw, though, is that it never mentioned how to control the payment method, thus leaving the payer with no benefit from the proposed system.

Asamoah et al. [14] developed a method for student loans, because financing is a major barrier to pursuing higher education in underdeveloped nations. Due to pupils’ parents’ unemployment and the weak economics of their nations, brilliant but impoverished youngsters are unable to finish their education. Consequently, the abilities of the pupils are not fully utilized. Governments offer student loans to higher education students in an effort to support them in pursuing higher education and realizing their full potential. Student loans are made available by the government through the Ministry of Education. When the students begin working, they repay the loan plus interest. However, they did not address collateral in their study, nor did they address how they managed the repayment of the loan. Wang [15] showed that blockchain increases bank credit by reducing management costs; in the absence of marketization, the blockchain can also increase bank lending by correcting the price of funds by reducing the gap between the interest rate on bank deposits and the market equilibrium. The findings are crucial for gaining a better understanding of how blockchain affects bank credit and how it works. On the other hand, this is a theoretical study, and it did not even clarify this proposal with numerical analysis. Avantika Andhale [16] introduced a smart contract-based financial debt management solution. To safeguard the privacy of the data, they introduced digital signatures, A blockchain-supported platform has been suggested in this study to eliminate the context of third-party lending. But on the other hand, in their proposed idea, they clarified that blockchain data privacy safeguards are not strong enough to withstand different types of cyberattacks. Hassija et al. [17] outlined how blockchain technology might help with decentralized credit scoring assessment and lessen reliance on paperwork. Lending money is subjective to each lender and is not always objective. Depending on their viewpoint, loan decisions entail varying degrees of risk and uncertainty. This study modeled an investment plan for various risk vs. return scenarios using the prospect theory. But, they never mentioned the security of repaying the loan.

3. The Core Concepts of Loans

In this section, detailed principles about loans will be clarified.

3.1. Loan Types

Examining loan types in more detail, we have Term vs. Revolving and Secured vs. Unsecured. There are various types of loans, and knowing the distinctions between them will help the payees to select the best one for their requirements. Here is an explanation of the main categories [11], as shown in

Table 1. Types of loans.

Loan Type	Description
Secured loans	Secured loans are ones in which the payer pledges collateral, which is an item that the payer has the right to take back if a payee does not pay back the loan. Because of the decreased risk to the payer, secured loans usually have lower interest rates. For example, consider that mortgage loans are used to buy houses. The collateral is the house itself. Used to purchase an automobile are auto loans. The vehicle acts as security. Title Loans: These take out a loan using the title of user’s car as security.
Unsecured Loans	Loans without collateral; since there is no collateral required, payers must approve the loan based solely on the payee’s creditworthiness, which entails a higher interest rate to cover the added risk. Some instances are include emergency situations, home renovations, and debt reduction, which are are just a few uses for personal loans. There are two types of student loans: subsidized—where the government pays interest while payees are enrolled in classes—and unsubsidized—where payees pay the interest. Credit cards: These usually have the highest interest rates of all loan kinds; credit cards are revolving lines of credit that clients can use repeatedly.
Term loans	Term loans are where the payee takes out a preset loan amount and pays it back over a predetermined period of time called the term in equal principal and interest installments. As an example, consider that mortgage loans usually have periods ranging from 15 to 30 years. For auto loans, terms range from two to seven years.
Revolving Loans	Revolving Loans: The payee can borrow money, pay it back, and borrow it again as needed. The payee has a credit limit. Only the balance that is still owed is subject to interest. As an example, consider credit cards—a revolving credit line that requires a minimum payment each month. The Home Equity Line of Credit is a secured credit line that is secured by the equity in the payee’s house.

. Table 1 provides a comprehensive review of the types of loans.

Therefore, the type of loan depends on the payer’s need in addition to his/her conditions. However, there is a special type of loan called flash loans, which represent the type that we concentrate on in this study. The next section will clarify the mechanism of how this type of loan works.

3.2. Flash Loans

In the field of decentralized finance, flash loans are a novel idea, where it is a particular kind of uncollateralized loan [18,19]. Payees can borrow money without having to put up any collateral, unlike with traditional loans. But the trick in this type is that both borrowing and repaying the loan must be completed in a single blockchain transaction [20]. Usually, this takes only a few seconds. Flash loans are code-based, where a self-executing code on the blockchain is the basis for flash loans. These loans make use of the special qualities of blockchain technology to facilitate fast and permissionless lending, which is in contrast to traditional loans that go through intermediaries and frequently involve drawn out processes. Due to this nature, borrowers can obtain significant amounts of cryptocurrency without requiring collateral as long as they pay back the loan within a single block of transactions. Flash loans democratize access to liquidity and reduce counterparty risk by relying on the immutability and transparency of the blockchain. Furthermore, in a single transaction, the payee puts a code specifying what they want to do with the borrowed money, as well as how they want to repay it [21]. The loan is processed if the code works as expected and repays the loan within the transaction. If not, there is never a loan given, and the entire transaction is reversed [22], wherein arbitrage is a typical use case for flash loans. This entails taking advantage of transient price variations throughout Bitcoin exchanges. The payee takes advantage of the price differential by using the flash loan to purchase a cryptocurrency on a less costly exchange and selling it right away on a more expensive one. The high-reward nature of flash loans can lead to significant losses if something goes wrong in the code.

As clarified in Figure 2, this type of loan is unsecured: there is no guarantee or even condition except the condition of the code that controlled the lending process. That is the reason that this type of loan is vulnerable to an attack, and the security issue is a huge matter if not controlled in such a loan. The whole subject of flash loan attacks will be discussed in the next section.

3.3. Flash Loan Attacks

A flash loan attack is an act that occurs when someone takes advantage of the code governing the loan process, thus leaving the loanee open to illegal changes or infractions in the Bitcoin market [23]. In this instance, the attacker obtains a flash loan, uses the contract to influence market conditions to their advantage, turns a profit, and pays back the loan all at once. Attackers use flash loans’ uncollateralized nature as a means of market manipulation, money theft, and platform disruption. The standard procedure for a flash loan attack is as follows:

• Big Borrowing: The attacker starts a flash loan by taking out a sizable cryptocurrency loan.
• Market Manipulation: The attacker manipulates the price of a certain cryptocurrency or asset by using borrowed funds.
• Code Seize: Attackers may occasionally take advantage of the code vulnerabilities to take money straight out of the system.
• Profit and Disappear: After the manipulation or exploit is finished, the attacker repays the initial loan in the same transaction using the remaining funds from the flash loan. This quick payback and execution are critical to the attack as a whole.

This is why the security of lending systems is continuously being improved, and developers are always looking for new ways to make them less susceptible to hacking. In this research, we develop a new method for improving security in lending systems based on flash loans. Our full contributions and the mechanism of work will be discussed and explained in the following sections.

4. Mechanisms of Our Proposed Protocol

The core of our proposed protocol is based on the following principles and algorithms.

4.1. XSalsa20 Algorithm

XSalsa20 is a cryptographic algorithm used primarily for encryption and decryption. It is an extended version of the Salsa20 stream cipher, which was designed by Daniel Bernstein [24]. The number 20 refers to the number of rounds of the XSalsa20 core function that are applied during the encryption process. The Xsalsa20 stream cipher is a potent cryptographic method intended for the high-performance encryption of data streams. The Salsa20 family of ciphers, which is renowned for its effectiveness and security, includes this one. Stream ciphers generate a keystream of pseudorandom bits, which are XORed with the plaintext to produce the ciphertext. This ciphertext can be deciphered by XORing it with the same keystream. The fundamental characteristic of this algorithm, which is the reasons we utilize it as the foundation of our suggested protocol, is its speed: Xsalsa20 works well for real-time applications that need fast encryption and decryption because of its speed. Its efficiency can be attributed to its emphasis on simple operations and lightweight architecture. In terms of safety, Xsalsa20 has proven its strong security profile by thwarting multiple cryptanalytic assaults. Certain components of its architecture guard against well-known attacks like differential and linear cryptanalysis. Hence, stream ciphers such as Xsalsa20 are perfect for encrypting data streams, because they operate with single bits as opposed to large data blocks. Because of this, they work well for protocols like financial transactions and applications in general. XSalsa20 is clarified in detail, with all its phases in Algorithm 1.

Algorithm 1 XSalsa20 steps.

Input: $K⟵$ 256-bit key $N⟵$ 64-bit nonce $C⟵$ 64-bit counter $H⟵$ 256-bit encryption key Output: $Z⟵$ 512-bit keystream block Start    1: Initialize parameters State Vector (S): The algorithm uses a 16-byte states vector (S) containing various elements: $S⟵$ (sigma, C [0], C [1], C [2], C [3], H [0], H [1], H [2], H [3], N [0], N [1], N [2], N [3], K [0], K [1], K [2], K [3])    2: Set up the internal state    3: Core Round Loop (20 rounds) This function operates on a 16-byte input (X) and performs bitwise operations to mix its elements: Core($X⟵$) ${\left(rotateLeft{(X\left[0\right],7)}^{X\left[4\right]}\right)}^{(X{\left[12\right]}^{rotateRight\left(X\right[1],9)}})$ + ${\left(X{\left[2\right]}^{X\left[0\right]}\right)}^{\left(rotateLeft\right(X\left[8\right],13)}$) + ($X{\left[10\right]}^{X\left[6\right]}{)}^{\left(rotateRight\right(X\left[5\right],15)}$)    4: Quarter Round: Perform a specific mixing operation on subsections of the state (four words each) using additions, shifts, and XORs.    5: Permute the state S by shifting rows and rotating columns to further enhance diffusion. $rotateLeft(X,N)$: Shifts the bits of X left by N positions. $rotateRight(X,N)$: Shifts the bits of X right by N positions. Bitwise XOR operation    6: Introduce a round constant that changes with each round to improve confusion.    7: Final Output Generation    8: Apply the quarter round operation one last time on the final state.    9: Generate Keystream Block: The key (K) and nonce (N) are combined using the HChaCha20 construction (similar to XSalsa20) to generate the initial key (H).  10: Extract a 64-byte S block of pseudorandom bytes from the final state as the keystream.  11: Repeat (for additional keystream blocks).  12: Increment a counter in the state to distinguish different keystream blocks.  13: Return to the core round loop to generate the next keystream block.  14: The resulting ciphertext or plaintext is the final output after all blocks have been processed. End

The permutation procedure in XSalsa20, which applies several rounds of the Salsa20 core function, is in fact essential to the algorithm’s general functionality and security. Because the permutation process is a fundamental part of XSalsa20’s architecture, it is a dependable option for systems that need robust cryptographic protection: this is the reason why we suggested it as a crucial method in our proposed system. The significance of the permutation procedure in XSalsa20 is defined as follows:

• All of the output bytes of XSalsa20 depend on all of the input bytes of the key, nonce, and block counter. An attacker will find it difficult to identify any patterns or connections between the cipher’s input and output due to its properties of confusion and diffusion.
• By implementing the core function over several rounds (20 rounds in XSalsa20), the algorithm distributes any possible vulnerabilities throughout the rounds, thus resulting in a high level of security.
• By using multiple rounds of permutation, attackers are prevented from taking advantage of biases and linearity, which might be used to infer details about the plaintext or key.
• XSalsa20 uses both the key and the nonce in every permutation cycle to make sure that variations in either parameter produce radically different results. This feature is essential to security, because it keeps adversaries from analyzing patterns in plaintext or ciphertext to determine the key or nonce.

XSalsa20’s permutation procedure ensures that the cipher functions securely under a range of circumstances and inputs, thus ensuring that encrypted data—in the case of the suggested system, the payee and payer information—are kept private and impenetrable.

4.2. Cryptocurrency Wallets

A cryptocurrency wallet is a digital wallet that communicates with a blockchain network in the context of cryptocurrency. It can be used to send, manage, and store cryptocurrency holdings. Smart wallets for cryptocurrencies have the following important features:

• Safe Storage: Keeping people’s private keys safe is the main purpose of a cryptocurrency wallet. On the blockchain network, these keys serve as ownership proof for cryptocurrencies, much like digital signatures. People are unable to use or access the cryptocurrency without them.
• Transmitting and Obtaining Crypto: A user-friendly interface for sending and receiving different cryptocurrencies is offered by crypto wallets. They let the payee and payer create the wallet address, which is a special code on the blockchain that anybody may use to transfer anyone cryptocurrency.
• Management and Tracking: A lot of wallets include tools for keeping track of transactions and managing the individual’s cryptocurrency holdings. However, cryptocurrency wallets store the private keys, which are the passwords that are necessary to access payee and payer cryptocurrency on the blockchain, as opposed to traditional wallets that store actual cash.

Security Facilities in Cryptocurrency Wallets

A public key cryptography technique is used by cryptocurrency wallets. For the purpose of receiving cryptocurrency, the individuals have a public key that can be disclosed, similar to the bank account number, and a private key that must be kept private in order to access and spend the individual’s holdings. Password Protection: For extra security, the majority of wallets need a strong password. Some go so far as to provide multifactor authentication, MFA, in order to further strengthen security against unwanted access. This is the reason why we suggested to combine this tremendous principle alongside with XSalsa20 algorithm in order to add more powerful security to the whole lending process.

4.3. Crow Search Algorithm

In the field of optimization algorithms, the crow search algorithm (CSA) is a more recent invention. It models the social behavior of crows, where crows are shrewd birds that have been observed to stash extra food for later consumption. Furthermore, they can follow other crows to take their secret stashes, because they are highly perceptive birds. It is categorized as a swarm intelligence technique. An outline of the main CSA components is provided next.

Design of Algorithms

The CSA models a colony of crows looking for the best answers. Every crow stands for a potential fix for the optimization issue. The system considers two primary crow behaviors:

• Hiding food: Crows scour the search area for locations with promise or possible solutions.
• Food theft: Crows follow one another in search of better ways to do things (improvement).
• Procedure: Crows change their positions iteratively by striking a balance between exploitation fine-tuning effective solutions and exploration discovering new places. This balance is influenced by two main factors.
• The distance a crow may cover in a single search is known as its flight length.
• The awareness probability measures the chance that a crow will be followed by another crow.

This algorithm is simple to understand and implement. It requires a few control parameters. Additionally, it can handle complex optimization problems. We chose it to be in our proposed protocol to provide more powerful characteristics to the whole lending process.

5. Proposed Lending Protocol Step-by-Step Process

In the beginning, the system receives the user’s request for a loan, where the user specifies the amount of cryptocurrency he/she wants to lend for a short period. The first step of the proposed system is to keep all of the user’s information in the smart wallet, which acts as a repository and a reference for that information. Then, to preserve that information, the XSalsa20 algorithm is applied to encrypt all that information stored in the wallet. To protect it from any tampering, preprepared codes are applied to the requested loan, which means, for example, that it is a condition that the loan be returned with the same block and also that it be returned according to a specific date to guarantee the payer’s right. Then comes the role of the crow search algorithm to verify the extent to which the conditions are met to determine whether it is possible to move forward within a single blockchain transaction where the payee funds are transferred to his/ her smart wallet. Specifically, all along the process, XSalsa20 is used to securely encrypt and process the necessary transactions or operations. For a better understanding of the workflow of our proposed protocol, Figure 3 will illustrate the whole process starting from the moment of sending a request from the payee to the moment of obtaining the loan.

As shown in the diagram above, the first stage of our proposed system is as follows:

• Storage or insurance: This is the stage in which all the payee’s information is stored in the wallet, from the name to the address and electronic email on the smart wallet, which are encrypted using the XSalsa20 algorithm.
• Stage of controlling lending process: This is implemented through preprepared codes that guarantee the rights of both the payee and the payer together. That is, when the conditions are met, the process is completed, and if the conditions are not met, the process ends.
• Finally, our proposed system, when the conditions are met, reaches the final stage, which is the stage of storing on the blockchain.

The proposed loan system’s full steps are as follows (Figure 4 describes the organizational structure of the proposed system):

• Payee Application:
  • The payee submits a loan request through the proposed system specifying the loan amount, repayment period, and interest.
  • The loan request is encrypted using XSalsa20 with a secret key shared only between the payee and the payer.
  • The encrypted loan request is stored securely on the smart wallet for transparency and immutability.
  • The payee’s smart wallet address is verified to ensure they have a valid digital identity and can receive funds.
• Creditworthiness Assessment:
  • Xsalsa20 is used to decrypt the loan request using the secret key.
  • The crow search algorithm analyzes the payee’s financial data transaction history, smart wallet balance, and potentially anonymized credit bureau reports.
  • This decentralized approach facilitates fair credit scoring without relying solely on centralized authorities.
  • The algorithm outputs a credit score that reflects the payee’s ability to repay the loan.
• Loan Repayment Options:
  • The loan request (excluding sensitive payee data) is broadcast to a pool of potential payers within the blockchain network.
  • Investors can browse available loan requests, assess risk based on the credit score and loan details, and commit funds to the loan through their smart wallets.
  • The payee selects their preferred repayment method like fixed installments, bullet payment, or early repayment with potential discounts.
• Code-Based Condition Execution:
  • Once sufficient funds are pledged by payers to meet the loan amount, code-based terms are automatically deployed on the blockchain.
  • The code-based terms govern the entire loan lifecycle: disbursement, repayment installments, potential penalties for late payments, and interest calculations.
• Loan Disbursement:
  • Upon the term’s execution, funds are securely transferred from payees’ smart wallets to the payers’ smart wallets.
  • This process is transparent and tamper-proof due to the blockchain’s characteristics.
• Loan Repayment Management:
  • The code-based terms automatically schedule repayment installments based on the chosen method and loan terms.
  • Payees make repayments directly to the code-based terms using their smart wallets.
• Reputation Management:
  • Payees’ repayment history and loan fulfillment are recorded on the blockchain, thus enhancing their creditworthiness for future loan applications.
  • Similarly, payers’ lending activity and on-time returns are tracked, thus influencing their attractiveness to the payee.
• Security Considerations:
  • XSalsa20 encryption can be used to protect sensitive borrower data during initial loan request transmission.
  • Secure enclaves or trusted intermediaries can be employed for decryption within a controlled environment.
  • Robust key management practices are crucial to ensure the security of encryption keys.

6. Assessment of the Proposed Work

The actual evaluation of the proposed system depends on the following factors.

6.1. Security Assessment

The most prominent attacks to which loan systems are exposed and how our proposed system confronts them are given in

Table 2. The system against well-known attacks.

Attack Type	Attack Action	Our System Faces Attacks
Flash loan attacks	In the field of decentralized finance (DeFi), flash loan assaults are a particular kind of hacking that makes use of the special features of flash loans. In these attacks, a sizable amount of money is borrowed in a single transaction, which is used to manipulate asset prices across many platforms and then is swiftly repaid in the same transaction. This makes it possible for hackers to take advantage of smart contract flaws like front running and pricing oracle manipulation to profit at the expense of other users or protocols. Attacks using flash loans have been used to carry out intricate plans, like market manipulation or arbitrage chances, thus costing DeFi platforms and their users a great deal of money.	In the case of our proposed work, we optimize this type of attack by our usage of the Xsalsa20 algorithm because of the powerful cryptography of this algorithm and the mix between the public key, private key, and the static value that are used to mix it to increase the power; this type of attacks has never affected the security of our proposed system.
Hot wallet attack	This attack refers to the theft and illegal access to cryptocurrency funds kept in internet-connected online wallets. These wallets are convenient, but they are also more susceptible to hacking attempts because they are frequently used for regular transactions, trading, and instant access to funds. Cybercriminals can use a number of strategies, including phishing assaults, malware infections, social engineering, as well as taking advantage of security flaws in wallet services or exchange platforms to access hot wallets. The victims may suffer monetary losses when hackers shift Bitcoin cash to their own wallets once they have access to a hot wallet.	Our smart wallet usage is supported by the powerful cryptography of the XSalsa20 algorithm as a primary phase, and then it is supported by the smart contracts conditions as a secondary phase; this action gives two-authentication access to the system.
Transaction malleability attack	This type of cyberattack exploits vulnerabilities in cryptocurrency transaction records, such as those found in Bitcoin. This attack involves modifying a transaction’s unique identification number, or transaction ID, before the transaction is confirmed on the blockchain, without affecting the transaction’s real content or nature. By altering the transaction ID, attackers may slow down or confuse the network, which could result in issues with transaction verifications and poorer network performance as a whole. This type of attack cannot be used to steal money or create new currencies, but it could result in momentary interruptions like transaction failures or delays in transaction confirmation. Transaction data have been changed for malicious purposes in the past through attacks on transaction malleability.	Our system is supported by the secured smart wallet, where all the information about the payee and the payer is encrypted and managed by code-based conditions. This action protects the system against this type of attack.
Cold wallet theft attack	This attack is used to describe the theft and illegal access to Bitcoin funds kept in offline wallets without an internet connection. Compared to hot wallets, these wallets—also referred to as cold storage wallets—are thought to be a more secure way to store digital assets, since they are less susceptible to hacking attempts. Since cold wallets are not constantly connected to online networks and are therefore less vulnerable to cyberattacks, they are often used for long-term storage or as a backup for significant quantities of cryptocurrency. Cold wallets can still be the target of skilled attackers, though, who may use internal threats, physical theft, social engineering, or other strategies to obtain private keys or recovery seeds linked to the wallet.	First, our system is supported by online usage of the smart wallet; this is the reason that our system is not affected by this asset.
Investment scam attack	An investment scam attack is a deliberate attempt to trick the payee into giving up his/her money through a fake investment opportunity. Scammers will lure the payee with the promise of high returns and low risks, but their goal is to steal the money.	Through our usage of the smart wallet technique, all the information is saved in a matter that guarantees the rights of all parties.
Coin age accumulation attack	A mechanism of coin accumulation attack that specifically addresses blockchains that use a Proof-of-Stake (PoS) consensus protocol. In PoS, validators elect new blocks into the blockchain system by using their network stake. PoS typically scales a “coin age”, which reflects the validator’s stake. The coin age combines consideration of both the amount of coins held and how long they have been held. The higher the age of coins (older coin age), the greater the impact on the validation process of the blocks. An attacker earns a lot of coins and keeps them for a long while. This makes them by far the largest contributor to the stakes of the network.	As a result of our use of preprogrammed conditions to control the loan return process and the borrowing system in general, this type of attack can be confronted with ease by setting the period for each currency, which leads to not exceeding it and raising an alarm to warn the system in the case of overtaking.
Block discarding attack	In this attack, malicious miners control the valid blocks they have mined and withhold them from being broadcast to the entire network. The attacker does not publish the block to the network but just discards it and continues to mine into the block secretly. It gives rise to a concealed fork in the blockchain. Such malicious actors may try to re-use the same coins twice by including the amount in their fork and then broadcasting a conflicting transaction to the main chain. This will lead the attacker to unjustly receive more than the fair amount of the mining pool reward while preventing the timely advancement of the overall mining progress by refusing to hand over blocks.	This type of attack in our proposed system is controlled by our preprepared conditions and controlled using a programming code so that the programming code is written to control time, that is, given a specific time limit to publish the winning block. Thus, control over time manipulation and block hiding is achieved.

,

Table 3. Counter attack of the proposed loan system vs. other systems.

Loan Type	2024 [25]	2021 [26]	2023 [14]	2017 [27]	2021 [28]	2021 [29]	2023 [30]	Proposed Protocol
Flash loans attacks	✓					✓	✓	✓
Hot wallet attack		✓			✓		✓	✓
Transaction malleability Attack			✓				✓	✓
Cold wallet theft attack					✓		✓	✓
Investment scam attack				✓				✓
Coin age accumulation attack						✓		✓
Block discarding attack								✓

, and Figure 5, respectively.

6.2. Scrutiny of Performance

To analyze the performance of the proposed system, we used the Tamarin Prover analysis tool, which is described below.

6.2.1. Tamarin Prover

Tamarin Prover is software that aims at formal verification of cryptographic protocols and serves as a critical shield for potential breach examples [31]. Doing meticulous analysis of these protocols Tamarin Prover can highlight vulnerabilities that audit if they still follow building security properties. This advanced authentication method prevents the leakage of important data being transacted across multiple channels.

It is noted that by applying the security analysis using the Tamarin Prover analysis tool, we have analyzed the system using the protocols shown in the diagram in Figure 6, which contains the security properties shown as well. We have found that all the security properties in our proposed system are secure and free from any attacks.

6.2.2. Efficiency Parameters

First, before starting to review the performance parameters, all the analysis that was conducted on the data of the proposed system was implemented using Java on the Ubuntu 16.04 LTS system. The characteristics of the computer used for the study were embedded with an Intel core^TM 3110M CPU and 4.00 GB of RAM. The parameters are as follows:

• Loan processing speed: The meaning of loan processing speed is how long it takes for a payee to review a loan system and come to a decision on whether it needs approval or not. In other words, it defines how quickly the payee can go from logging the system to a green light or rejection and the funds arriving in the payee’s account. In a broad sense, this is the loan approval process and depends on the payee and blockchain or smart wallet. Traditional loan processes used to take a long time, but in the case of our proposed system, it is all shown in Figure 7. As clarified in Figure 7, the time of a loan to be processed in the proposed system is not more than 0.6667 milliseconds, which is a matter that gives the proposed system the characteristic of being fast.
• Effectiveness of loan repayment: Repayment is completely concerned with the efficacy of payees in fulfilling their payment obligations. In other words, it measures the efficiency of the loan system specifically: its ability to implement measures to ensure that all payments are made on time and in full. The primary indicator of loan repayment compliance is the repayment rate, which represents the proportion of payees who honor their loan obligations on time. An efficient loan system is indicated by a high repayment rate. Figure 8 shows the time required for the system to repay the loan after the predefined conditions are fulfilled, and in the case of our proposed system, this is not more than 2990 milliseconds.
• Loan system flexibility: This term refers to the system’s capacity to accommodate a growing number of loan numbers and number of payees without affecting its effectiveness or efficiency. It concerns how well the system can expand without affecting the performance of the system, as shown in Figure 9.

Overall,

Table 4. The proposed loan system vs. other systems.

Blockchain-Based Loan Systems	Number of Loans per Seconds	Loan Processing Speed	Time to Loan Repay
2017 [27]	2727/15 s
2021 [28]	2356/18 s
2023 [14]		13.8 s
2019 [11]			1 s
Proposed system	29,700/3 s	0.6667 ms	2990 ms

gives a wide overview of the performance analysis compared to previous studies.

6.3. Encryption and Decryption Analysis

The encryption in our proposed system is based primarily on the use of the XSalsa20 algorithm, and therefore the evaluation of encryption and decryption will also largely determine the security of the system and its response speed. The analysis is as follows:

• Key generating assessment:
  An essential parameter to assess the performance of the proposed system is to assess the key generating in the XSalsa20 algorithm. The key generation process is considered to be the basis of security, where usually this algorithm generates the key using a cryptographically secure pseudorandom number generator, CSPRNG, while in the proposed method, we do not depend on the traditional generators that take a lot of time and slow the system efficiency, and we used modern embedded libraries in Java called crypto_box_keypair(); we provide a comparison between Figure 10 that shows the key generating using the traditional way using CSPRNG and Figure 11 that illustrate the key generation using crypto_box_keypair().
  As we can see in Figure 10, the speed of generating the key in the traditional method used in XSalsa20 was 10,000 ns, while Figure 11, clarifies the speed of the proposed system in generating the keys necessary for encryption, which did not exceed 0.17 ns and is a matter that will provide more speed to the overall execution speed of the proposed system.
• Cryptography Assessment:
  The security of our system depends largely on the encryption of the XSalsa20 algorithm, so the evaluation of the encryption and decryption time that this algorithm takes was considered one of the basic factors for evaluating the system as a whole. As can be seen in Figure 12, the speed of encrypting data for the whole loan system in general came out to not more than 0.00526 nanoseconds, while the decryption time came out to 0.003186 nanoseconds. Figure 12 shows these two times in detail. From this figure, we notice that the encryption time took more than the decryption time because it was added to the time of generating the key and the nonce value, but in general, both times are considered fast compared to other previous systems, as shown in

  Table 5. Encryption and decryption speed comparison.

  Blockchain-Based Loan Systems	Encryption Speed	Decryption Speed
  [14]	0.0023 ms	0.0025 ms
  [32]	8.745 ms	4.367 ms
  [33]	0.251 s	0.0811 s
  [34]	0.6014 ms	0.5805 ms
  [35]	59.813 ms	76.732 ms
  [36]	247.43 ms	269.25 ms
  [37]	0.08 ms	1.786 ms
  Proposed system	0.00526 ns	0.003186 ns

  . After the analysis of this parameter, we conclude that our overall system has the power of speed combined with security.

7. Conclusions

In order to speed up the completion of loans and the borrowing system in general and in order to keep pace with developments in technology, financial companies have resorted to making borrowing systems available on the Internet, which has made them vulnerable to attacks, hacking, and manipulation, as well as exposed them to other matters such as attempts by borrowers themselves to manipulate the system. Therefore, there is an urgent need to develop security related to these systems for the purpose of protecting lenders and borrowers and completing transactions on time. Therefore, we have developed a self-integrated security system based on smart wallet technology and software-controlled conditions to control the return of loans at the specified time and rely on blockchain as a security distributor and storage system for the system. In general, after analyzing the results, we have obtained a system that can accomplish 29,700 loans every 3 s, which is a matter that is considered fast in comparison to other systems based on blockchain. We have also obtained a system with a speed of 0.6667 milliseconds in processing entire loans until the moment of storage in the blockchain. Then, when we analyzed the system, we found that the time it takes for the system to return the loans does not exceed 0.2990 milliseconds when the return conditions are met. This makes our system characterized by speed, security, and integrity of data, and it preserves the data of both the lender and the borrower. Finally, we gained 0.17 nanoseconds as the speed of key generating, while 0.00526 nanoseconds and 0.003186 nanoseconds were the overall times of the encryption and decryption, respectively. In summary, this technology offers the chance to establish a low-fraud, decentralized, and remotely secured investing environment.

8. Limitations

The suggested solution offers a fresh approach to managing and accomplishing flash loans that is quick, easy, and secure. However, any research or any new suggestion for creating e-lending systems that make use of the blockchain is regarded as a challenging issue, first because blockchain technology is considered to be a new technology, while the second reason is that each time we deal with payee and payer information, it is sensitive and fraught with danger. Third, because it is unable to alter the information once the blocks have been created in the blockchain, one of the study’s constraints may be the update issue with the blockchain information. Fourth, dealing with flash loans is considered a very critical matter, as the time factor plays an essential role in maintaining the safe completion of this type of loan, because the loan must be returned in the same block and quickly. Therefore, reducing the time taken for the process as a whole is considered necessary every time. Finally, storing the information of both the payee and the payer is considered necessary and at the same time at stake, because this drains a large amount of memory and system resources, which can be processed in the future and reduce the size of this data using different methods.

9. Future Aspirations

Each system, regardless of its quality and efficiency in terms of security issues, can be developed and improved in the future to repel various emerging attacks, because technology is advancing while changes or loopholes occur in designed systems. In the future and to increase security, it is possible to use the Know Your Customer principle, which is popular in banking applications for identification. Additionally, it is also possible to use anti-money laundering (AML) functionalities within the system, which are policies, laws, and regulations that are designed to prevent financial crimes and illicit activities by criminals, as well as their use for regulatory compliance. Finally, it is possible to add machine/deep learning models within smart contracts to adjust loan terms based on real-time risk assessment dynamically.