A Formal IT-Security Model for the Correction and Abort Requirement of Electronic Voting

This paper addresses a basic security requirement of electronic voting, namely that a voter can correct or abort his vote at any time prior to his final vote casting. This requirement serves as a protection against voter precipitance (haste). We specify rules for a reset and cancel function that implement the correction and abort requirement. These rules are integrated in an extended version of the formal IT security model provided in [VG08]. We show that these rules do respect the requirements covered in this model namely that each voter can cast a vote, that no voter loses his voting right without having cast a vote and that only eligible voters can cast a vote. This paper formally describes and mathematically proves the model and finally shows at which places of a voting process the formal rules apply. 1 This paper is developed within the project “ModIWA – Modellierung von Internetwahlen” which is funded by DFG, and carried out at the Universities Kassel (Roßnagel, Richter) and Koblenz-Landau (Grimm, Hupf)