Left-multiply both sides by \(a^{-1}\), then re-associate.

Set \(b := a \cdot a^{-1}\). Using 2, 4, and 3: \(b \cdot b = a (a^{-1} a) a^{-1} = a \cdot 1 \cdot a^{-1} = a \cdot a^{-1} = b\). Then left-multiplying \(b \cdot b = b\) by \(b^{-1}\): \(b = 1 \cdot b = (b^{-1} \cdot b) \cdot b = b^{-1} \cdot (b \cdot b) = b^{-1} \cdot b = 1\).

Compute \(a \cdot 1\) by first substituting \(1 = a^{-1} \cdot a\) (the left-inverse axiom 4), then re-associating to apply \(a \cdot a^{-1} = 1\) (8):

using 2 for the second equality and 3 for the last.

Right-multiplying both sides of \(h\) by \(a^{-1}\) and re-associating, both sides reduce to \(b\) and \(c\):

using 9, 8, 2, and the hypothesis \(h\) at the middle equality.

\((\Rightarrow )\) Suppose \(a \cdot b = a\). By 9, \(a = a \cdot 1\), so \(a \cdot b = a \cdot 1\). Left-cancelling \(a\) (7) gives \(b = 1\).

\((\Leftarrow )\) If \(b = 1\), then \(a \cdot b = a \cdot 1 = a\) by 9.

\((\Rightarrow )\) Suppose \(b \cdot a = a\). By 3, \(a = 1 \cdot a\), so \(b \cdot a = 1 \cdot a\). Right-cancelling \(a\) (10) gives \(b = 1\).

\((\Leftarrow )\) If \(b = 1\), then \(b \cdot a = 1 \cdot a = a\) by 3.

Specialize the hypothesis \(h\) at \(a = 1\) to get \(e \cdot 1 = 1\). The right-identity lemma 9 gives \(e \cdot 1 = e\). The two equalities together force \(e = e \cdot 1 = 1\).

Re-write \(\ell \) using 9, insert \(1 = a \cdot r\) from \(hr\), then re-associate with 2 to expose \(\ell \cdot a = 1\) from \(h\ell \):

using 3 for the last equality.

Starting from \(b\), insert \(1 = a \cdot a^{-1}\) (8) and re-associate to expose the hypothesis \(b \cdot a = 1\):

using 9 for the first equality, 2 for re-association, the hypothesis \(h\) in the middle, and 3 at the end.

The two directions are symmetric right-multiplications.

\((\Rightarrow )\) Suppose \(a \cdot b = c\). Right-multiplying both sides by \(b^{-1}\) and re-associating:

using 9, 8, and 2.

\((\Leftarrow )\) Suppose \(a = c \cdot b^{-1}\). Right-multiplying both sides by \(b\) and re-associating:

using 2, 4, and 9.

By 8, \(a \cdot a^{-1} = 1\). Apply the inverse-uniqueness lemma 15 with the substitution \(a \mapsto a^{-1}\) and \(b \mapsto a\): its hypothesis reads \(b \cdot a = 1\), which in our case is \(a \cdot a^{-1} = 1\), and its conclusion \(b = a^{-1}\) becomes \(a = (a^{-1})^{-1}\).

By 3 applied to \(1\), we have \(1 \cdot 1 = 1\). Apply the inverse-uniqueness lemma 15 with \(a \mapsto 1\) and \(b \mapsto 1\): its hypothesis \(b \cdot a = 1\) reads \(1 \cdot 1 = 1\), and its conclusion \(b = a^{-1}\) becomes \(1 = 1^{-1}\).

Take the inverse of both sides of \(h\) to get \((a^{-1})^{-1} = (b^{-1})^{-1}\). By 17 applied twice, \((a^{-1})^{-1} = a\) and \((b^{-1})^{-1} = b\), so \(a = b\).

We show \(b^{-1} \cdot a^{-1}\) is a left inverse of \(a \cdot b\), then apply uniqueness of inverses. Re-associating (2) to expose the middle cancellation \(a^{-1} \cdot a = 1\) (4), then dropping the identity (3):

Apply 15 with \(a \mapsto a \cdot b\) and \(b \mapsto b^{-1} \cdot a^{-1}\): from \(b \cdot a = 1\) it concludes \(b = a^{-1}\), here giving \(b^{-1} \cdot a^{-1} = (a \cdot b)^{-1}\).

Fix \(a, b \in G\). The proof applies the hypothesis \(h\) in three places.

First, at the product \(a \cdot b\): \((a \cdot b) \cdot (a \cdot b) = 1\). By 15, the product is its own inverse: \(a \cdot b = (a \cdot b)^{-1}\).

By 20, \((a \cdot b)^{-1} = b^{-1} \cdot a^{-1}\), so \(a \cdot b = b^{-1} \cdot a^{-1}\).

Next, apply \(h\) at \(a\) alone: \(a \cdot a = 1\), so by 15, \(a = a^{-1}\). Similarly, \(h\) at \(b\) yields \(b = b^{-1}\).

Combining the three: \(a \cdot b = b^{-1} \cdot a^{-1} = b \cdot a\).

Induction on \(n\). Base: \(g^{m+0} = g^m = g^m \cdot 1 = g^m \cdot g^0\). Step: \(g^{m+(n+1)} = g^{(m+n)+1} = g^{m+n} \cdot g = (g^m \cdot g^n) \cdot g = g^m \cdot (g^n \cdot g) = g^m \cdot g^{n+1}\).

Induction on \(n\). Base: \((g^m)^0 = 1 = g^0 = g^{m \cdot 0}\). Step: \((g^m)^{n+1} = (g^m)^n \cdot g^m = g^{mn} \cdot g^m = g^{mn + m} = g^{m(n+1)}\), using 25.

\(1^1 = 1^0 \cdot 1 = 1 \cdot 1 = 1\) (24, 23, 3); \(0 {\lt} 1\); and minimality is vacuous (no \(k : \mathbb {N}\) has \(0 {\lt} k {\lt} 1\)).

By trichotomy. If \(m {\lt} n\), then \(m\) is a positive \(k {\lt} n\) with \(g^k = 1\), contradicting the minimality clause of \(hn\). Symmetric for \(n {\lt} m\). So \(m = n\).

\((\Leftarrow )\) Suppose \(n \mid m\), write \(m = kn\). Then \(g^m = g^{kn} = (g^n)^k\) by 26, and \((g^n)^k = 1^k\) since \(g^n = 1\) by the second clause of \(hn\). Finally \(1^k = 1\) for every \(k : \mathbb {N}\), which is a small induction using 23, 24, and 9.

\((\Rightarrow )\) Conversely, suppose \(g^m = 1\). By division with remainder, write \(m = qn + r\) with \(0 \leq r {\lt} n\). Then

using 25, 26, and \(g^n = 1\). So \(g^r = 1\). By the minimality clause of \(hn\) (no positive \(k {\lt} n\) has \(g^k = 1\)), and the bound \(r {\lt} n\), the only possibility is \(r = 0\). Hence \(m = qn\), i.e. \(n \mid m\).

Write \(\ell = k + (\ell - k)\); since \(k \leq \ell \), the subtraction \(\ell - k\) takes the natural value in \(\mathbb {N}\). By 25,

Therefore \(g^k = g^\ell \) holds iff \(g^k = g^k \cdot g^{\ell - k}\), and by 11 that simplifies to \(g^{\ell - k} = 1\). Apply 30 to get the equivalent condition \(n \mid (\ell - k)\).

Let \(d := \gcd (n, k)\), \(n' := n / d\), \(k' := k / d\). Then \(n = d n'\), \(k = d k'\), and \(\gcd (n', k') = 1\). We must verify the three clauses of \(\mathrm{IsOrderOf}\, (g^k)\, n'\).

Positivity. \(n' {\gt} 0\) since \(n {\gt} 0\) (the first clause of \(hn\)) and \(d \mid n\).

Vanishing power. Using 26 and \(g^n = 1\) (from \(hn\)):

Equivalently, by 30, \(n \mid k n'\), which is immediate since \(k n' = k' n\).

Minimality. Suppose \((g^k)^j = 1\) with \(0 {\lt} j\). By 26 and 30, \(g^{kj} = 1\) gives \(n \mid kj\), i.e. \(d n' \mid d k' j\), i.e. \(n' \mid k' j\). Since \(\gcd (n', k') = 1\) (Euclid’s coprime argument, 89), we conclude \(n' \mid j\), so \(j \geq n'\).

By 32, \(\mathrm{ord}(g^k) = n / \gcd (n, k)\). Both this and the hypothesised value \(n\) are orders of \(g^k\), so by uniqueness of order (29), \(\mathrm{ord}(g^k) = n\) iff \(n / \gcd (n, k) = n\), which (with \(n {\gt} 0\) from \(hn\)) is precisely \(\gcd (n, k) = 1\).

Destructure both, substitute \(h\), then show \(\sigma .\mathrm{invFun} = \tau .\mathrm{invFun}\) pointwise: \(\tau .\mathrm{invFun}\, y = \tau .\mathrm{invFun}(\sigma .\mathrm{toFun} (\sigma .\mathrm{invFun}\, y)) = \sigma .\mathrm{invFun}\, y\).

Both sides have forward function \(\mathrm{not} \circ \mathrm{not} = \mathrm{id}\); apply 38.

\((\sigma \cdot \tau ).\mathrm{toFun} = \sigma .\mathrm{toFun} \circ \tau .\mathrm{toFun}\) definitionally. Case-split on \(\tau .\mathrm{toFun}\, \mathrm{true}\). If \(\mathrm{true}\), identity is direct. If \(\mathrm{false}\), use that \(\sigma .\mathrm{toFun}\) is injective on Bool (via \(\sigma .\mathrm{left\_ inv}\)) to conclude \(\sigma .\mathrm{toFun}\, \mathrm{false} = !(\sigma .\mathrm{toFun}\, \mathrm{true})\).

\(s \cdot s = 1\) (50) and 15 give \(s = s^{-1}\).

20: \((a \cdot b)^{-1} = b^{-1} \cdot a^{-1}\); then commute via 54.

Commute \(g\) past \(h\), re-associate, then \(g \cdot g^{-1} = 1\) and \(h \cdot 1 = h\).

Induction on \(n\); the step uses commutativity to slide a single \(g\) past \(h^n\).

Pick \(x\) with \(P\, x\). Then \(1 = x \cdot x^{-1} \in P\) (8). From \(P\, 1\) and \(P\, a\): \(a^{-1} = 1 \cdot a^{-1} \in P\) (3). From \(P\, a\) and \(P\, b^{-1}\): \(a \cdot b = a \cdot (b^{-1})^{-1} \in P\) (17).

Induction on the inductive predicate \(\mathrm{Closure}\, U\): the four constructors match exactly the four closure conditions of MySubgroup.

Induction on \(n\). Base: \(g^0 = 1 \in \langle g \rangle \). Step: \(g^{n+1} = g^n \cdot g\) with \(g^n, g \in \langle g \rangle \).

Induction on \((\mathrm{cyclic}\, g).\mathrm{carrier}\, x\), i.e. on the inductive predicate \(\mathrm{Generated}\, g\). The four constructors of \(\mathrm{Generated}\, g\) correspond exactly to the four closure conditions of \(H\):

• \(g \in H\) is the hypothesis \(hg\);

• \(1 \in H\) by \(H.\mathrm{one\_ mem}\);

• closure under \(\cdot \) by \(H.\mathrm{mul\_ mem}\);

• closure under \((-)^{-1}\) by \(H.\mathrm{inv\_ mem}\).

So each step of the induction stays inside \(H\).

Two cases on whether \(H\) is trivial.

Case 1: \(H = \{ 1\} \). Take \(g' := 1\). Then \(g' \in H\) by MySubgroup.one_mem, and \(\langle 1 \rangle = \{ 1\} \) (the inductive closure of \(\{ 1\} \) is generated only by \(1\)), which agrees with \(H\).

Case 2: \(H \neq \{ 1\} \). Since \(H \subseteq \langle g \rangle \), every \(h \in H\) has the form \(h = g^m\) for some \(m \in \mathbb {Z}\) (informally; or some \(g^m \cdot g^{-m'}\) via the inductive \(\mathrm{Generated}\)). \(H\) contains some non-identity element, hence some \(g^m\) with \(m \neq 0\); closure of \(H\) under \((-)^{-1}\) produces a positive-exponent element. Let \(k\) be the smallest positive integer with \(g^k \in H\) (well-ordering). Take \(g' := g^k\).

Closure of \(H\) under \(\cdot \) and \((-)^{-1}\) gives every \(g^{jk} \in H\) for \(j \in \mathbb {Z}\), so \(\langle g^k \rangle \subseteq H\). Conversely, fix any \(h = g^m \in H\) and divide \(m = qk + r\) with \(0 \leq r {\lt} k\). Then \(g^r = g^m \cdot (g^k)^{-q}\) is a product of elements of \(H\), hence in \(H\). Minimality of \(k\) and \(0 \leq r {\lt} k\) force \(r = 0\), so \(g^m = (g^k)^q \in \langle g^k \rangle \).

\((ka) + (k'a) = (k + k') a\).

\(-(ka) = (-k) a\).

If \(S = \{ 0\} \), take \(a = 0\). Otherwise \(S\) contains some nonzero \(n\); closure under negation gives \(|n| {\gt} 0 \in S\), so \(\{ n \in S : n {\gt} 0\} \) is non-empty. Let \(a\) be its least element (well-ordering). Closure under \(+\) and negation gives \(a\mathbb {Z} \subseteq S\). For \(S \subseteq a\mathbb {Z}\), take \(n \in S\) and write \(n = qa + r\) with \(0 \leq r {\lt} a\) (division with remainder); then \(r = n - qa \in S\), and by minimality \(r = 0\), so \(a \mid n\).

\(d = 1 \cdot d \in d\mathbb {Z} = a\mathbb {Z} + b\mathbb {Z}\) gives the desired \(r, s\).

\(a = 1 \cdot a + 0 \cdot b \in a\mathbb {Z} + b\mathbb {Z} = d\mathbb {Z}\), so \(d \mid a\); symmetrically \(d \mid b\).

85: \(\exists r, s : ra + sb = d\). \(e \mid a \; \wedge \; e \mid b \; \Longrightarrow \; e \mid ra + sb = d\).

\((\Rightarrow )\) 85 with \(d = 1\). \((\Leftarrow )\) \(ra + sb = 1\) puts \(1\) in \(a\mathbb {Z} + b\mathbb {Z}\); so \(\mathbb {Z} = 1\mathbb {Z} \subseteq a\mathbb {Z} + b\mathbb {Z}\); the reverse inclusion is automatic.

Suppose \(p \nmid a\). Since the only positive divisors of \(p\) are \(1\) and \(p\), \(\gcd (a, p) = 1\). By 89, \(\exists r, s : ra + sp = 1\); multiplying by \(b\) yields \(rab + spb = b\), and \(p\) divides both summands, hence \(b\).

By definition of \(\mathrm{IsLcm}\), \(m\mathbb {Z} = a\mathbb {Z} \cap b\mathbb {Z}\), and \(m \in m\mathbb {Z}\) (via \(m = 1 \cdot m\)). So \(m \in a\mathbb {Z}\), meaning there is some \(k\) with \(m = ka\); this is precisely \(a \mid m\). Symmetrically, \(m \in b\mathbb {Z}\) gives \(b \mid m\).

\(a \mid n\) says \(n \in a\mathbb {Z}\) and \(b \mid n\) says \(n \in b\mathbb {Z}\), so \(n \in a\mathbb {Z} \cap b\mathbb {Z} = m\mathbb {Z}\), which is precisely \(m \mid n\).

By 86, \(d \mid a\) and \(d \mid b\), so \(a / d\) and \(b / d\) are integers and \(ab/d\) is a common multiple of \(a\) and \(b\). By the universality of \(\mathrm{lcm}\) (92), \(m \mid ab/d\), hence \(dm \mid ab\).

Conversely, write \(d = ra + sb\) (85). By 91, \(a \mid m\) and \(b \mid m\), so \(m = at = bu\) for some integers \(t, u\). Then

so \(ab \mid dm\).

Each of \(dm\) and \(ab\) divides the other, so they agree up to sign: \(|dm| = |ab|\). Since \(d, m \geq 0\) (definitions of \(\mathrm{IsGcd}\), \(\mathrm{IsLcm}\)), \(dm \geq 0\), and we conclude \(d \cdot m = |a \cdot b|\).

Start from the identity \(1 = 1 \cdot 1\) in \(G\) (3). Applying \(\varphi \) and using multiplicativity 96 gives

Rewriting the left-hand side as \(\varphi (1) = \varphi (1) \cdot 1\) (9):

Cancelling \(\varphi (1)\) on the left (7) yields \(\varphi (1) = 1\).

We show \(\varphi (a^{-1})\) is a left inverse of \(\varphi (a)\), then apply uniqueness of inverses. Using multiplicativity 96, the left-inverse axiom 4, and identity preservation 97:

Now 15 (with \(a \mapsto \varphi (a)\) and \(b \mapsto \varphi (a^{-1})\)) concludes \(\varphi (a^{-1}) = \varphi (a)^{-1}\).

Induction on \(n\).

Base (\(n = 0\)): by 23 both sides reduce to the identity:

using 97 for the middle equality.

Step (\(n \mapsto n + 1\)): assume \(\varphi (a^n) = \varphi (a)^n\). By 24, \(a^{n+1} = a^n \cdot a\); multiplicativity 96 and the inductive hypothesis yield

with the last equality again by 24.

A chain of equivalences. The first is cancellation in \(G'\): \(\varphi (a) = \varphi (b)\) holds iff multiplying both sides on the left by \(\varphi (a)^{-1}\) gives the same thing, i.e. iff \(\varphi (a)^{-1} \cdot \varphi (b) = 1\). The second uses 98 to rewrite \(\varphi (a)^{-1} = \varphi (a^{-1})\). The third uses multiplicativity 96 to combine the two factors into one application of \(\varphi \):

The last condition is exactly \(a^{-1} \cdot b \in \ker \varphi \).

\((\Rightarrow )\) Assume \(\varphi \) is injective and let \(a \in \ker \varphi \), i.e. \(\varphi (a) = 1\). Since \(\varphi (1) = 1\) (97), \(\varphi (a) = \varphi (1)\). Injectivity gives \(a = 1\).

\((\Leftarrow )\) Assume \(\ker \varphi = \{ 1\} \) and let \(a, b \in G\) with \(\varphi (a) = \varphi (b)\). By the kernel test 104, \(a^{-1} \cdot b \in \ker \varphi \), so \(a^{-1} \cdot b = 1\). Left-multiplying by \(a\) and simplifying with 8 and 3 (or via \(\mathrm{mul\_ eq\_ iff\_ eq\_ mul\_ inv}\) rearrangements): \(b = a\).

\(g \cdot h \cdot g^{-1} = h\) in an abelian group (57).

Fix \(g \in G\) and \(h \in \ker \varphi \) (so \(\varphi (h) = 1\)). We show \(g \cdot h \cdot g^{-1} \in \ker \varphi \) by direct computation. Multiplicativity 96 and the inverse-preservation lemma 98 give

Substituting \(\varphi (h) = 1\) and simplifying with 3 (or 9) and 8:

Hence \(g \cdot h \cdot g^{-1} \in \ker \varphi \).

For \(g \in G\) and \(h \in \varphi ^{-1}(K)\) (i.e. \(\varphi (h) \in K\)), \(\varphi (g h g^{-1}) = \varphi (g) \cdot \varphi (h) \cdot \varphi (g)^{-1} \in K\) by \(K \triangleleft G'\), so \(g h g^{-1} \in \varphi ^{-1}(K)\).

\(h = 1 \Longrightarrow g \cdot 1 \cdot g^{-1} = g \cdot g^{-1} = 1\) via 9 and 8.

Membership in \(\top \) is trivially True.

\(h \in H \cap K \Longrightarrow h \in H \text{ and } h \in K\), so \(g h g^{-1} \in H\) and \(g h g^{-1} \in K\), hence \(g h g^{-1} \in H \cap K\).

Unfolding \((z \in Z(G))\) to \(\forall x,\; z x = x z\), both sides are literally the same statement \(\forall z, x \in G,\; z \cdot x = x \cdot z\) — the first quantified over \(z\) first, the second over \(a\) first, but the underlying universal statement is the same.

Fix \(z \in Z(G)\) and \(g \in G\); we must show that \(g z g^{-1}\) commutes with every element of \(G\). Let \(x \in G\) be arbitrary.

The key step is to insert \(1 = g^{-1} g\) in the middle of \((g z g^{-1}) \cdot x\), then commute \(z\) past \(g^{-1} x g\) using \(z \in Z(G)\):

The first and last lines use 2, 4, 8, 3, and 9 to perform the insertion and cancellation. Hence \(g z g^{-1} \in Z(G)\).

Fix \(h \in H\) and an arbitrary \(h' \in G\); we show \(h' \in H \iff h \cdot h' \cdot h^{-1} \in H\).

\((\Rightarrow )\) If \(h' \in H\), then since \(h \in H\), \(h^{-1} \in H\) (by MySubgroup.inv_mem), and \(H\) is closed under multiplication (by MySubgroup.mul_mem), the product \(h \cdot h' \cdot h^{-1}\) lies in \(H\).

\((\Leftarrow )\) Conversely, suppose \(h \cdot h' \cdot h^{-1} \in H\). Conjugating by \(h^{-1}\) — which also lies in \(H\) — and using 17 to identify \((h^{-1})^{-1}\) with \(h\):

again by closure of \(H\) under multiplication.

Both sides assert: \(\forall g, h,\; h \in H \iff g h g^{-1} \in H\).

\((\Rightarrow )\) Assume \(H \triangleleft G\). Fix \(g \in G\) and \(h \in G\). The forward implication \(h \in H \Longrightarrow g h g^{-1} \in H\) is the definition of \(H \triangleleft G\). For the reverse, suppose \(g h g^{-1} \in H\). Apply normality with \(g^{-1}\) in place of \(g\) to the element \(g h g^{-1}\):

using 17 to rewrite \((g^{-1})^{-1} = g\).

\((\Leftarrow )\) Conversely, if every \(g \in G\) lies in \(N_G(H)\), then in particular the forward direction of the biconditional gives \(h \in H \Longrightarrow g h g^{-1} \in H\) for every \(g \in G\) — which is exactly \(H \triangleleft G\).