2 Proof
2 Proof
2 Proof
1 Proofs
In science, evidence is accumulated through experiments to assert the validity of a statement. Mathematics,
in contrast, aims for a more absolute level of certainty. A mathematical proof provides a means for guar-
anteeing that a statement is true. Proofs are very powerful and are in some ways like computer programs.
Indeed, there is a deep historic link between these two concepts that we will touch upon in this course —
the invention of computers is intimately tied to the exploration of the idea of a mathematical proof about a
century ago.
So what types of “computer science-related” statements might we want to prove? Here are two examples:
(1) Does program P halt on every input? (2) Does program P correctly compute the function f (x), i.e. does
it output f (x) on input x, for every x? Note that each of these statements refers to the behavior of a program
on infinitely many inputs. For such a statement, we can try to provide evidence that it is true by testing that it
holds for many values of x. Unfortunately, this does not guarantee that the statement holds for the infinitely
many values of x that we did not test! To be certain that the statement is true, we must provide a rigorous
proof.
So what is a proof? A proof is a finite sequence of steps, called logical deductions, which establishes the
truth of a desired statement. In particular, the power of a proof lies in the fact that using finite means, we
can guarantee the truth of a statement with infinitely many cases.
More specifically, a proof is typically structured as follows. Recall that there are certain statements, called
axioms or postulates, that we accept without proof (we have to start somewhere). Starting from these axioms,
a proof consists of a sequence of logical deductions: Simple steps that apply the rules of logic. This results in
a sequence of statements where each successive statement is necessarily true if the previous statements were
true. This property is enforced by the rules of logic: Each statement follows from the previous statements.
These rules of logic are a formal distillation of laws that were thought to underlie human thinking. They
play a central role in the design of computers, starting with digital logic design or the fundamental principles
behind the design of digital circuits. At a more advanced level, these rules of logic play an indispensable
role in artificial intelligence, one of whose ultimate goals is to emulate human thought on a computer.
Organization of this note. We begin in Section 2 by setting notation and stating basic mathematical facts
used throughout this note. We next introduce four different proof techniques: Direct proof (Section 3), proof
by contraposition (Section 4), proof by contradiction (Section 5), and proof by cases (Section 6). We then
briefly discuss common pitfalls in and stylistic advice for proofs (Sections 7 and 8, respectively). We close
with exercises in Section 9.
3 Direct Proof
With the language of propositional logic from Note 0 under our belts, we can now discuss proof techniques,
and the real fun can begin. Are you ready? If so, here is our first technique, known as a direct proof.
Throughout this section, keep in mind that our goal is give clear and concise proofs. Let’s begin with a very
simple example.
Theorem 2.1. For any a, b, c ∈ Z, if a|b and a|c, then a|(b + c).
Sanity check! Let P(x, y) denote “x|y”. Convince yourself that the statement above is equivalent to (∀a, b, c ∈
Z) (P(a, b) ∧ P(a, c)) =⇒ P(a, b + c)).
At a high level, a direct proof proceeds as follows. For each x, the proposition we are trying to prove is of the
form P(x) =⇒ Q(x). A direct proof of this starts by assuming P(x) for a generic value of x and eventually
concludes Q(x) through a chain of implications:
Direct Proof
Goal: To prove P =⇒ Q.
Approach: Assume P
..
.
Therefore Q
Proof of Theorem 2.1. Assume that a|b and a|c, i.e. there exist integers q1 and q2 such that b = q1 a and
c = q2 a. Then, b + c = q1 a + q2 a = (q1 + q2 )a. Since the Z is closed under addition, we conclude that
(q1 + q2 ) ∈ Z, and so a|(b + c), as desired.
Easy as pie, right? But wait, earlier we said Theorem 2.1 was equivalent to (∀a, b, c ∈ Z) (P(a, b) ∧
P(a, c)) =⇒ P(a, b + c)); where in the proof above did we encounter the ∀ quantifier? The key insight
is that the proof did not assume any specific values for a, b, and c; indeed, our proof holds for arbitrary
a, b, c ∈ Z! Thus, we have indeed proven the desired claim.
Sanity check! Give a direct proof of the following statement: For any a, b, c ∈ Z, if a|b and a|c, then a|(b−c).
(∀n ∈ Z+ )(n < 1000) =⇒ (sum of n’s digits divisible by 9 =⇒ n divisible by 9),
where Z+ denotes the set of positive integers, {1, 2, . . .}. Now the proof proceeds similarly — we start by
assuming, for a generic value of n, that the sum of n’s digits is divisible by 9. Then we perform a sequence
of implications to conclude that n itself is divisible by 9.
Proof of Theorem 2.2. Let n in decimal be written as n = abc, i.e. n = 100a + 10b + c. Assume that the sum
of the digits of n is divisible by 9, i.e.
Is the converse of Theorem 2.2 also true? Recall that the converse of P =⇒ Q is Q =⇒ P. The converse of
Theorem 2.2 says that for any integer 0 < n < 1000, if n is divisible by 9, then the sum of the digits of n is
divisible by 9.
Theorem 2.3 (Converse of Theorem 2.2). Let 0 < n < 1000 be an integer. If n is divisible by 9, then the
sum of the digits of n is divisible by 9.
Proof. Assume that n is divisible by 9. We use the same notation for the digits of n as we used in Theo-
rem 2.2’s proof. We proceed as follows.
n is divisible by 9 =⇒ n = 9l for l ∈ Z
=⇒ 100a + 10b + c = 9l
=⇒ 99a + 9b + (a + b + c) = 9l
=⇒ a + b + c = 9l − 99a − 9b
=⇒ a + b + c = 9(l − 11a − b)
=⇒ a + b + c = 9k for k = l − 11a − b ∈ Z.
We now come to the moral of this story. We have shown both Theorem 2.2 and its converse, Theorem 2.3.
This means that the sum of the digits of n is divisible by 9 if and only if n is divisible by 9; in other words,
these two statements are logically equivalent. So the key lesson is this: Whenever you wish to prove an
equivalence P ⇐⇒ Q, always proceed by showing P =⇒ Q and Q =⇒ P separately (as we have done here).
Proof by Contraposition
Goal: To prove P =⇒ Q.
Approach: Assume ¬Q.
..
.
Therefore ¬P
Conclusion: ¬Q =⇒ ¬P, which is equivalent to P =⇒ Q.
Theorem 2.4. Let n be a positive integer and let d divide n. If n is odd then d is odd.
Proving this via the technique of direct proof seems difficult; we would assume n is odd in Step 1, but then
what? An approach via contraposition, on the other hand, turns out to be much easier.
Sanity check! What is the contrapositive of Theorem 2.4? (Answer: If d is even, then n is even.)
Proof of Theorem 2.4. We proceed by contraposition. Assume that d is even. Then, by definition, d = 2k
for some k ∈ Z. Because d|n, n = dl, for some l ∈ Z. Combining these two statements, we have n = dl =
(2k)l = 2(kl). We conclude that n is even.
Note that this time, the first line of our proof stated our proof technique — this is good practice for any
proof, similar to how commenting code is good practice when programming. Stating your proof technique
like this is an enormous aid to your reader in understanding where your proof will go next. (Let us not forget
that a reader who understands your proof, such a teaching assistant or instructor, is much more likely to give
you a good grade for it!)
As another illustration of proof by contraposition, we will prove a famous theorem called the Pigeonhole
Principle. Although the statement of the theorem may seem simple, it has surprising consequences.
Theorem 2.5 (Pigeonhole Principle). Let n and k be positive integers. Place n objects into k boxes. If n > k,
then at least one box must contain multiple objects.
The name of the theorem comes from imagining that the n objects are pigeons and we are trying to place
them in pigeonholes.
Proof of Theorem 2.5. We proceed by contraposition. If all boxes contain at most one object, then the
number of objects is at most the number of boxes, i.e., n ≤ k.
5 Proof by Contradiction
Of all the proof techniques we discuss in this note, it’s perhaps hardest to resist the appeal of this one; after
all, who wouldn’t want to use a technique known as reductio ad absurdum, i.e. reduction to an absurdity?
The idea in a proof by contradiction is to assume that the claim you wish to prove is false (yes, this seems
backwards, but bear with us). Then, you show that this leads to a conclusion which is utter nonsense: A
contradiction. Hence, you conclude that your claim must in fact have been true.
Sanity check! A proof by contradiction relies crucially on the fact that if a proposition is not false, then it
must be true. Which law from a previous lecture embodied this black or white interpretation of a statement?
Proof by Contradiction
Goal: To prove P.
Approach: Assume ¬P.
..
.
R
..
.
¬R
Conclusion: ¬P =⇒ ¬R ∧ R, which is a contradiction. Thus, P.
If you are not convinced by the intuitive explanation thus far as to why proof by contradiction works, here
is the formal reasoning: A proof by contradiction shows that ¬P =⇒ ¬R ∧ R ≡ False. The contrapositive of
this statement is hence True =⇒ P.
Let us now take this proof technique on a trial run. Note that in doing so, we are continuing a long-
standing legacy — the proof of the theorem below dates back more than 2000 years to the ancient Greek
mathematician, Euclid of Alexandria!1
To appreciate the power of contradiction, let us pause for a moment to ponder how we might try to prove
1 It is perhaps worth pausing here to appreciate the true scale of this statement — after all, how many aspects of our human
heritage remain relevant after multiple millenia? Music? Fashion? All of these are quickly outdated with time. But mathematics is,
in a sense, timeless.
Lemma 2.1. Every natural number greater than one is either prime or has a prime divisor.
Proof of Theorem 2.6. We proceed by contradiction. Suppose that Theorem 2.6 is false, i.e. that there are
only finitely many primes, say k of them. Then, we can enumerate them: p1 , p2 , p3 , . . . , pk .
Now, define number q := p1 p2 p3 . . . pk + 1, which is the product of all primes plus one. We claim that q
cannot be prime. Why? Because by definition, it is larger than all the primes p1 through pk ! By Lemma 2.1,
we therefore conclude that q has a prime divisor, p. This will be our statement R.
Next, because p1 , p2 , p3 , . . . , pk are all the primes, p must be equal to one of them; thus, p divides r :=
p1 p2 p3 . . . pk . Hence, p|q and p|r, implying p|(q − r). But q − r = 1, implying p ≤ 1, and hence p is not
prime; this is the statement ¬R. We thus have R ∧ ¬R, which is a contradiction, as desired.
Now that we’re warmed up, let’s tackle another classic proof involving contradictions. Recall that a rational
number is a number that can be expressed as the ratio of two integers. For example, 23 , 53 , and 16
9
are rational
numbers. Numbers
√ which cannot be expressed as fractions, on the other hand, are called irrational. Now,
how about 2? Do you think it’s rational or irrational? The answer is as follows.
√
Theorem 2.7. 2 is irrational.
Before giving the proof, let us ask a crucial question: Why should contradiction be a good candidate proof
technique to try here? Well, consider this: Theorem 2.6 and Theorem 2.7 share something fundamental in
common — in both cases, we wish to show that something doesn’t exist. For example, for Theorem 2.6, we
wished to show
√ that a largest prime doesn’t exist, and for Theorem 2.7, we wish to show that integers a and
b satisfying 2 = a/b don’t exist. In general, proving that something doesn’t exist seems difficult. But this
is actually one setting in which proof by contradiction shines.
To prove Theorem 2.7, we use the following simple lemma. In Section 9, we ask you to prove Lemma 2.2.
Proof. We proceed by cases. Note that the statement of the theorem is quantified by an existential quantifier:
Thus, y
√ to prove our
√ claim, it suffices to demonstrate a single x and y such that x is rational. To do so, let
x = 2 and y = 2. Let us divide our proof into two cases, exactly one of which must be true:
√ √2
(a) 2 is rational, or
√ √2
(b) 2 is irrational.
√ √2
(Case (a)) Assume first that 2 is rational. But this immediately yields our claim, since x and y are
irrational numbers such that xy is rational.
√ √2
(Case (b)) Assume now that 2 is irrational. Our first guess for x and y was not quite right, but now we
√ √2 √ √2 √
have a new irrational number to play with, 2 . So, let’s try setting x = 2 and y = 2. Then,
√ √2
y
√ 2 √ √2√2 √ 2
x = 2 = 2 = 2 = 2,
where the second equality follows from the axiom (xy )z = xyz . But now we again started with two irrational
numbers x and y and obtained rational xy .
Since one of case (a) or case (b) must hold, we thus conclude that the statement of Theorem 2.8 is true.
Before closing, let us point out a peculiarity of the proof above. What were the actual numbers x and y
√ √ √ √2 √
satisfying the claim of Theorem 2.8? Were they x = 2 and y = 2? Or x = 2 and y = 2? Well, since
we did a case analysis, it’s not clear which of the two choices is actually the correct one. In other words,
we have just demonstrated something rather remarkable known as a non-constructive proof: We’ve proven
that some object X exists, but without explicitly revealing what X itself is!
x2 − xy = x2 − y2 (since x = y)
x(x − y) = (x + y)(x − y)
x = x+y (divide both sides by x − y)
x = 2x.
Sanity check! To see why this proof fails, ask yourself this: If a ≤ b, is it necessarily true that |a| ≤ |b|? Can
you give a counterexample?
In addition, do not forget that multiplying an inequality by a negative number flips the direction of the
inequality! For example, multiplying both sides of −2 < 5 by −1 yields 2 > −5, as you would expect.
9 Exercises
1. Generalize the proof of Theorem 2.2 so that it works for any positive integer n. (H INT: Suppose n has
k−1
k digits, and write ai for the digits of n, so that n = ∑i=0 (ai · 10i ).)
2. Prove Lemma 2.2. (Hint: First try a direct proof. Then, try contraposition. Which proof approach is
better suited to proving this lemma?)