# Proofs

# Proofs

In science, evidence is accumulated through experiments to assert the validity of a statement. Mathematics, in contrast, aims for a more absolute level of certainty. A mathematical proof provides a means for *guaranteeing* that a statement is true. Proofs are very powerful and are in some ways like computer programs. Indeed, there is a deep historic link between these two concepts that we will touch upon in this course — the invention of computers is intimately tied to the exploration of the idea of a mathematical proof about a century ago.

So what types of “computer science-related” statements might we want to prove? Here are two examples: (1) Does program \(P\) halt on every input? (2) Does program \(P\) correctly compute the function \(f(x)\), i.e. does it output \(f(x)\) on input \(x\), for every \(x\)? Note that each of these statements refers to the behavior of a program on *infinitely* many inputs. For such a statement, we can try to provide *evidence* that it is true by testing that it holds for many values of \(x\). Unfortunately, this does not guarantee that the statement holds for the infinitely many values of x that we did not test! To be certain that the statement is true, we must provide a rigorous *proof*.

So what is a proof? A proof is a finite sequence of steps, called *logical deductions*, which establishes the truth of a desired statement. In particular, the power of a proof lies in the fact that using *finite* means, we can guarantee the truth of a statement with *infinitely* many cases.

More specifically, a proof is typically structured as follows. Recall that there are certain statements, called axioms or postulates, that we accept without proof (we have to start somewhere). Starting from these axioms, a proof consists of a sequence of logical deductions: simple steps that apply the rules of logic. This results in a sequence of statements where each successive statement is necessarily true if the previous statements were true. This property is enforced by the rules of logic. Each statement follows from the previous statements. These rules of logic are a formal distillation of laws that were thought to underlie human thinking. They play a central role in the design of computers, starting with digital logic design or the fundamental principles behind the design of digital circuits. At a more advanced level, these rules of logic play an indispensable role in artificial intelligence, one of whose ultimate goals is to emulate human thought on a computer.

#### Organization of this Note

We begin in Notation and Basic Facts by setting notation and stating basic mathematical facts used throughout this note. We next introduce four different proof techniques: Direct Proof, Proof by Contraposition, Proof by Contradiction, and Proof by Cases. We then briefly discuss common pitfalls in and stylistic advice for proofs (Common Errors when Writing Proofs and Style and Substance in Proofs, respectively). We close with Exercises.

# Notation and Basic Facts

In this note, we use the following notation and basic mathematical facts. Let \(\mathbb{Z}\) denote the set of integers, i.e. \(\mathbb{Z}=\{\ldots,-2,-1,0,1,2,\ldots\}\), and \(\mathbb{N}\) the set of natural numbers \(\mathbb{N}=\{0,1,2,\ldots\}\). Recall that the sum or product of two integers is an integer, i.e. the set of integers is *closed* under addition and multiplication. The set of natural numbers is also closed under addition and multiplication.

Given integers \(a\) and \(b\), we say that \(a\) divides \(b\) (denoted \(a \mid b\)) iff there exists an integer \(q\) such that \(b=aq\). For example, \(2 \mid 10\) because there exists an integer \(q=5\) such that \(10=5\cdot 2\). We say a natural number \(p\) is *prime* if it is divisible only by \(1\) and itself.

Finally, we use the notation \(:=\) to indicate a definition. For example, \(q:=6\) defines variable \(q\) as having value \(6\).

# Direct Proof

With the language of propositional logic from Note 0 under our belts, we can now discuss proof techniques, and the real fun can begin. Are you ready? If so, here is our first technique, known as a *direct proof*. Throughout this section, keep in mind that our goal is give clear and concise proofs. Let’s begin with a very simple example.

**Theorem 1**

*For any \(a,b,c\in \mathbb{Z}\), if \(a \mid b\) and \(a \mid c\), then \(a \mid (b+c)\).*

Sanity check!Let \(P(x, y)\) denote “\(x \mid y\)”. Convince yourself that the statement above is equivalent to \((\forall a,b, c \in \mathbb{Z}) (P(a,b) \land P(a, c)) \implies P(a,b+c))\).

At a high level, a direct proof proceeds as follows. For each \(x\), the proposition we are trying to prove is of the form \(P(x) \implies Q(x)\). A direct proof of this starts by assuming \(P(x)\) for a generic value of \(x\) and eventually concludes \(Q(x)\) through a chain of implications:

**Direct Proof**

Goal: |
To prove \(P \implies Q\). |

Approach: |
Assume \(P\) \(\vdots\) Therefore \(Q\) |

*Proof of Theorem 1*. Assume that \(a \mid b\) and \(a \mid c\), i.e. there exist integers \(q_1\) and \(q_2\) such that \(b=q_1a\) and \(c=q_2a\). Then, \(b+c=q_1a+q_2a=(q_1+q_2)a\). Since the \(\mathbb{Z}\) is closed under addition, we conclude that \((q_1+q_2)\in\mathbb{Z}\), and so \(a \mid (b+c)\), as desired. \(\square\)

Easy as pie, right? But wait, earlier we said Theorem 1 was equivalent to \((\forall a,b,c\in\mathbb{Z})\;(P(a,b)\wedge P(a,c))\implies P(a,b+c))\); where in the proof above did we encounter the \(\forall\) quantifier? The key insight is that the proof did not assume any *specific* values for \(a\), \(b\), and \(c\); indeed, our proof holds for arbitrary \(a,b,c\in\mathbb{Z}\)! Thus, we have indeed proven the desired claim.

Sanity check!Give a direct proof of the following statement: For any \(a,b, c \in \mathbb{Z}\), if \(a \mid b\) and \(a\mid c\), then \(a \mid (b−c)\).

Let’s try something a little more challenging.

**Theorem 2**

*Let \(0<n<1000\) be an integer. If the sum of the digits of \(n\) is divisible by \(9\), then \(n\) is divisible by \(9\).*

Observe that this statement is equivalent to \[(\forall n\in\mathbb{Z}^+)(n <1000) \implies (\text{sum of $n$'s digits divisible by $9$}\implies \text{$n$ divisible by $9$}),\] where \(\mathbb{Z}^+\) denotes the set of positive integers, \(\{1,2,\ldots\}\). Now the proof proceeds similarly — we start by assuming, for a generic value of \(n\), that the sum of \(n\)’s digits is divisible by \(9\). Then we perform a sequence of implications to conclude that \(n\) itself is divisible by \(9\).

*Proof of Theorem 2*. Let \(n\) in decimal be written as \(n=abc\), i.e. \(n=100a+10b+c\). Assume that the sum of the digits of \(n\) is divisible by \(9\), i.e. \[\exists k\in\mathbb{Z} \quad\text{such that}\quad a+b+c = 9k.\](1) Adding \(99a + 9b\) to both sides of Equation 1, we have \[100a+10b+c = n=9k + 99a + 9b = 9(k+11a+b).\] We conclude that \(n\) is divisible by \(9\). \(\square\)

Is the converse of Theorem 2 also true? Recall that the *converse* of \(P\implies Q\) is \(Q\implies P\). The converse of Theorem 2 says that for any integer \(0<n<1000\), if \(n\) is divisible by \(9\), then the sum of the digits of \(n\) is divisible by \(9\).

**Theorem 3** *(Converse of Theorem 2)*

*Let \(0<n<1000\) be an integer. If \(n\) is divisible by \(9\), then the sum of the digits of \(n\) is divisible by \(9\).*

*Proof*. Assume that \(n\) is divisible by \(9\). We use the same notation for the digits of \(n\) as we used in Theorem 2’s proof. We proceed as follows. \[\begin{align*}
n\text{ is divisible by }9 &\implies n=9l\quad\text{ for }l \in \mathbb{Z}\\
&\implies 100a + 10b + c = 9l\\
&\implies 99a+9b + (a+b+c) = 9l\\
&\implies a+b+c = 9l-99a-9b\\
&\implies a+b+c = 9(l-11a-b)\\
&\implies a+b+c = 9k \quad\text{ for } k=l-11a-b\in\mathbb{Z}.\end{align*}\] We conclude that \(a+b+c\) is divisible by \(9\). \(\square\)

We now come to the moral of this story. We have shown both Theorem 2 and its converse, Theorem 3. This means that the sum of the digits of \(n\) is divisible by \(9\) *if and only if* \(n\) is divisible by \(9\); in other words, these two statements are logically equivalent. So the key lesson is this: Whenever you wish to prove an equivalence \(P\iff Q\), always proceed by showing \(P\implies Q\) and \(Q\implies P\) separately (as we have done here).

# Proof by Contraposition

We now move to our second proof technique. Recall from our discussion on propositional logic that any implication \(P\implies Q\) is equivalent to its contrapositive \(\neg Q\implies \neg P\). Yet, sometimes \(\neg Q\implies \neg P\) can be much simpler to prove than \(P\implies Q\). Thus, a proof by contraposition proceeds by proving \(\neg Q\implies \neg P\) instead of \(P\implies Q\).

**Proof by Contraposition**

Goal: |
To prove \(P \implies Q\). |

Approach: |
Assume \(\neg Q\) \(\vdots\) Therefore \(\neg P\) |

Conclusion: |
\(\neg Q \implies \neg P\), which is equivalent to \(P \implies Q\). |

Consider now the following theorem:

**Theorem 4**

*Let \(n\) be a positive integer and let \(d\) divide \(n\). If \(n\) is odd then \(d\) is odd.*

Proving this via the technique of direct proof seems difficult; we would assume \(n\) is odd in Step 1, but then what? An approach via contraposition, on the other hand, turns out to be much easier.

Sanity check!What is the contrapositive of Theorem 4? (Answer: If \(d\) is even, then \(n\) is even.)

*Proof of Theorem 4*. We proceed by contraposition. Assume that \(d\) is even. Then, by definition, \(d=2k\) for some \(k\in \mathbb{Z}\). Because \(d \mid n\), \(n=dl\), for some \(l \in \mathbb{Z}\). Combining these two statements, we have \(n=dl=(2k)l=2(kl)\). We conclude that \(n\) is even. \(\square\)

Note that this time, the first line of our proof stated our proof technique — this is good practice for any proof, similar to how commenting code is good practice when programming. Stating your proof technique like this is an enormous aid to your reader in understanding where your proof will go next. (Let us not forget that a reader who understands your proof, such a teaching assistant or instructor, is much more likely to give you a good grade for it!)

# Proof by Contradiction

Of all the proof techniques we discuss in this note, it’s perhaps hardest to resist the appeal of this one; after all, who wouldn’t want to use a technique known as *reductio ad absurdum*, i.e. reduction to an absurdity? The idea in a proof by contradiction is to assume that the claim you wish to prove is *false* (yes, this seems backwards, but bear with us). Then, you show that this leads to a conclusion which is utter nonsense: A contradiction. Hence, you conclude that your claim must in fact have been true.

Sanity check!A proof by contradiction relies crucially on the fact that if a proposition is not false, then it must be true. Which law from a previous lecture embodied this black or white interpretation of a statement?

**Proof by Contradiction**

Goal: |
To prove \(P\). |

Approach: |
Assume \(\neg P\) \(\vdots\) \(R\) \(\vdots\) \(\neg R\) |

Conclusion: |
\(\neg P \implies \neg R \land R\), which is a contradiction. Thus, \(P\). |

If you are not convinced by the intuitive explanation thus far as to why proof by contradiction works, here is the formal reasoning: A proof by contradiction shows that \(\neg P\implies \neg R\wedge R\equiv\text{False}\). The contrapositive of this statement is hence \(\text{True}\implies P\).

Let us now take this proof technique on a trial run. Note that in doing so, we are continuing a long-standing legacy — the proof of the theorem below dates back more than 2000 years to the ancient Greek mathematician, Euclid of Alexandria!^{1}

**Theorem 5**

*There are infinitely many prime numbers.*

To appreciate the power of contradiction, let us pause for a moment to ponder how we might try to prove Theorem 5 via a different proof technique, such as, say, a direct proof. It seems very difficult, right? How would you construct infinitely many prime numbers? The remarkable thing about contradiction, however, is that if we assume the statement is false, i.e. there are only finitely many primes, bad things will happen.

To proceed, we now state a simple lemma which is handy in showing Theorem 5. Its proof will be deferred to a future lecture in which we learn about induction.

**Lemma 1**

*Every natural number greater than one is either prime or has a prime divisor.*

*Proof of Theorem 5*. We proceed by contradiction. Suppose that Theorem 5 is false, i.e. that there are only finitely many primes, say \(k\) of them. Then, we can enumerate them: \(p_1, p_2, p_3, \ldots, p_k\).

Now, define number \(q:=p_1 p_2 p_3 \dotsm p_k + 1\), which is the product of all primes plus one. We claim that \(q\) cannot be prime. Why? Because by definition, it is larger than all the primes \(p_1\) through \(p_k\)! By Lemma 1, we therefore conclude that \(q\) has a prime divisor, \(p\). This will be our statement \(R\).

Next, because \(p_1, \ldots, p_k\) are all the primes, \(p\) must be equal to one of them; thus, \(p\) divides \(r:=p_1 p_2 p_3 \dotsm p_k\). Hence, \(p \mid q\) and \(p \mid r\), implying \(p \mid (q-r)\). But \(q-r=1\), implying \(p\leq 1\), and hence \(p\) is not prime; this is the statement \(\neg R\). We thus have \(R\wedge \neg R\), which is a contradiction, as desired. \(\square\)

Now that we’re warmed up, let’s tackle another classic proof involving contradictions. Recall that a **rational number** is a number that can be expressed as the ratio of two integers. For example, \(2/3\), \(3/5\), and \(9/16\) are rational numbers. Numbers which *cannot* be expressed as fractions, on the other hand, are called **irrational**. Now, how about \(\sqrt{2}\)? Do you think it’s rational or irrational? The answer is as follows.

**Theorem 6**

*\(\sqrt{2}\) is irrational.*

Before giving the proof, let us ask a crucial question: Why should contradiction be a good candidate proof technique to try here? Well, consider this: Theorem 5 and Theorem 6 share something fundamental in common — in both cases, we wish to show that something *doesn’t* exist. For example, for Theorem 5, we wished to show that a largest prime doesn’t exist, and for Theorem 6, we wish to show that integers \(a\) and \(b\) satisfying \(\sqrt{2}=a/b\) don’t exist. In general, proving that something *doesn’t* exist seems difficult. But this is actually one setting in which proof by contradiction shines.

To prove Theorem 6, we use the following simple lemma. In Exercises, we ask you to prove Lemma 2.

**Lemma 2**

*If \(a^2\) is even, then \(a\) is even.*

*Proof of Theorem 6*. We proceed by contradiction. Assume that \(\sqrt{2}\) is rational. By the definition of rational numbers, there are integers \(a\) and \(b\) with no common factor other than 1, such that \(\sqrt{2} = a/b\). Let our assertion \(R\) state that \(a\) and \(b\) share no common factors.

Now, for any numbers \(x\) and \(y\), we know that \(x = y \implies x^2 = y^2\). Hence \(2 = {a^2}/{b^2}\). Multiplying both sides by \(b^2\), we have \(a^2 = 2b^2\). Since \(b\) is an integer, it follows that \(b^2\) is an integer, and thus \(a^2\) is even (by the definition of evenness). Plugging in Lemma 2, we hence have that \(a\) is even. In other words, there exists integer \(c\) such that \(a = 2c\).

Combining all our facts thus far, we have that \(2b^2 = 4 c^2\), or \(b^2 = 2 c^2\). Since \(c\) is an integer, \(c^2\) is an integer, and hence \(b^2\) is even. Thus, again applying Lemma 2, we conclude that \(b\) is even.

But we have just shown that both \(a\) and \(b\) are even. In particular, this means they share the common factor 2. This implies \(\neg R\). We conclude that \(R\land \neg R\) holds; thus, we have a contradiction, as desired. \(\square\)

# Proof by Cases

Here is a proof to tickle your fancy; it relies on another proof technique known as proof by *cases*, which we will touch on informally in this section. Specifically, the idea behind a proof by cases is as follows: Sometimes when we wish to prove a claim, we don’t know which of a set of possible cases is true, but we know that *at least one* of the cases is true. What we can do then is to prove the result in *both* cases; then, clearly the general statement must hold.

**Theorem 7**

*There exist irrational numbers \(x\) and \(y\) such that \(x^y\) is rational.*

*Proof*. We proceed by cases. Note that the statement of the theorem is quantified by an existential quantifier: Thus, to prove our claim, it suffices to demonstrate a single \(x\) and \(y\) such that \(x^y\) is rational. To do so, let \(x=\sqrt{2}\) and \(y=\sqrt{2}\). Let us divide our proof into two cases, exactly one of which must be true:

\(\sqrt{2}^{\sqrt{2}}\) is rational, or

\(\sqrt{2}^{\sqrt{2}}\) is irrational.

(Case 1) Assume first that \(\sqrt{2}^{\sqrt{2}}\) is rational. But this immediately yields our claim, since \(x\) and \(y\) are irrational numbers such that \(x^y\) is rational.

(Case 2) Assume now that \(\sqrt{2}^{\sqrt{2}}\) is irrational. Our first guess for \(x\) and \(y\) was not quite right, but now we have a new irrational number to play with, \(\sqrt{2}^{\sqrt{2}}\). So, let’s try setting \(x=\sqrt{2}^{\sqrt{2}}\) and \(y=\sqrt{2}\). Then, \[x^y = \left(\sqrt{2}^{\sqrt{2}}\right)^{\sqrt{2}} = \sqrt{2}^{\sqrt{2}\sqrt{2}} = \sqrt{2}^2 = 2,\] where the second equality follows from the axiom \((x^y)^z=x^{yz}\). But now we again started with two irrational numbers \(x\) and \(y\) and obtained rational \(x^y\).

Since one of Case 1 or Case 2 must hold, we thus conclude that the statement of Theorem 7 is true. \(\square\)

Before closing, let us point out a peculiarity of the proof above. What were the *actual* numbers \(x\) and \(y\) satisfying the claim of Theorem 7? Were they \(x=\sqrt{2}\) and \(y=\sqrt{2}\)? Or \(x=\sqrt{2}^{\sqrt{2}}\) and \(y=\sqrt{2}\)? Well, since we did a case analysis, it’s not clear which of the two choices is actually the correct one. In other words, we have just demonstrated something rather remarkable known as a **non-constructive** proof: We’ve proven that some object \(X\) exists, but without explicitly revealing what \(X\) itself is!

# Common Errors when Writing Proofs

The ability to write clean and concise proofs is a remarkable thing, and is arguably among the highest forms of intellectual enlightenment one can achieve. It requires your mind to critically reflect on its own inner workings (i.e. your thought processes), and reorganize them into a coherent and logical sequence of thoughts. In other words, your mind is improving itself at a very fundamental level, far transcending the boundaries of computer science or any particular area of study. The benefits of this training will touch every aspect of your life as you know it; indeed, it will shape the way you approach life itself.

As with any such fundamental achievement, developing the ability to write rigorous proofs is likely among the most difficult learning challenges you will face in university, so do not despair if it gives you trouble; you are not alone. There is simply no substitute here for lots and lots of practice. To help get you started on your way, we now raise some red flags regarding common pitfalls in composing proofs. Let us begin with a simple, but common error.

**Claim:** \(-2 = 2\).

**Proof?** Assume \(-2 = 2\). Squaring both sides, we have \((-2)^2 = 2^2\), or \(4 = 4\), which is true. We conclude that \(-2 = 2\), as desired. \(\spadesuit\)

The theorem is obviously false, so what did we do wrong? Our arithmetic is correct, and each step rigorously follows from the previous step. So, the error must lie in the very beginning of the proof, where we made a brazen assumption: That \(-2=2\). But wait, wasn’t this the very statement we were trying to prove? Exactly. In other words, to prove the statement \(P\equiv \text{“$-2=2$"}\), we just proved that \(P\implies\text{True}\), which is not the same as proving \(P\). Lesson #1: When writing proofs, do not assume the claim you aim to prove!

Lesson #2 is about the number zero: In particular, never forget to consider the case where your variables take on the value \(0\). Otherwise, this can happen:

**Claim:** \(1 = 2\).

**Proof?** Assume that \(x=y\) for integers \(x,y\in\mathbb{Z}\). Then, \[\begin{align*}
x^2-xy &= x^2-y^2 && \text{(since $x=y$)}\\
x(x-y) &= (x+y)(x-y) &&\\
x &= x+y &&\text{(divide both sides by $x-y$)}\\
x &= 2x.\end{align*}\] Setting \(x=y=1\) yields the claim. \(\spadesuit\)

But, clearly \(1\neq 2\), unless your grade school teachers were lying to you. Where did we go wrong? In deriving the third equality, we divided by \((x-y)\). What is the value of \((x-y)\) in our setting? Zero. Dividing by zero is not well-defined; thus the third equality does not hold.

Lesson #3 says to be careful when mixing negative numbers and inequalities. For example:

**Claim:** \(4 \leq 1\).

**Proof?** We know that \(-2\leq 1\); squaring both sides of this inequality yields \(4 \leq 1\). \(\spadesuit\)

Sanity check!To see why this proof fails, ask yourself this: If \(a \le b\), is it necessarily true that \(|a| \le |b|\)? Can you give a counterexample?

In addition, do not forget that multiplying an inequality by a negative number flips the direction of the inequality! For example, multiplying both sides of \(-2 < 5\) by \(-1\) yields \(2 > -5\), as you would expect.

# Style and Substance in Proofs

We conclude with some general words of advice. First, get in the habit of thinking carefully before you write down the next sentence of your proof. If you cannot explain clearly why the step is justified, you are making a leap and you need to go back and think some more. In theory, each step in a proof must be justified by appealing to a definition or general axiom. In practice the depth to which one must do this is a matter of taste. For example, we could break down the step, “Since \(a\) is an integer, \((2a^2 + 2a)\) is an integer,” into several more steps. [Exercise: What are they?] A justification can be stated without proof only if you are absolutely confident that (1) it is correct and (2) the reader will automatically agree that it is correct.

Notice that in the proof that \(\sqrt{2}\) is irrational, we used the result, “For any integer \(n\), if \(n^2\) is even then \(n\) is even,” twice. This suggests that it may be a useful fact in many proofs. A subsidiary result that is useful in a more complex proof is called a *lemma*. It is often a good idea to break down a long proof into several lemmas. This is similar to the way in which large programming tasks should be divided up into smaller subroutines. Furthermore, make each lemma (like each subroutine) as general as possible so it can be reused elsewhere.

The dividing line between lemmas and theorems is not clear-cut. Usually, when writing a paper, the theorems are those propositions that you want to “export” from the paper to the rest of the world, whereas the lemmas are propositions used locally in the proofs of your theorems. There are, however, some lemmas (for example, the Pumping Lemma and the Lifting Lemma) that are perhaps more famous and important than the theorems they were used to prove.

Finally, you should remember that the point of this lecture was not the specific statements we proved, but the different proof strategies, and their logical structure. Make sure you understand them clearly; you will be using them when you write your own proofs in homework and exams.

# Exercises

Generalize the proof of Theorem 2 so that it works for

*any*positive integer \(n\). [*Hint*: Suppose \(n\) has \(k\) digits, and write \(a_i\) for the digits of \(n\), so that \(n=\sum_{i=0}^{k-1} (a_i\cdot10^i)\).]Prove Lemma 2. [

*Hint*: First try a direct proof. Then, try contraposition. Which proof approach is better suited to proving this lemma?]

It is perhaps worth pausing here to appreciate the true scale of this statement — after all, how many aspects of our human heritage remain relevant after multiple millenia? Music? Fashion? All of these are quickly outdated with time. But mathematics is, in a sense, timeless.↩