The Natural Numbers in Constructive Set Theory

Mathematical Logic Quarterly, 23 October 2009

Michael Rathjen1, ∗ 1 Department of Pure Mathematics, University of Leeds, Leeds LS2 9JT, England

Received XXXX, revised XXXX, accepted XXXX Published online XXXX

Key words Constructive set theory, Natural number object, recursively saturated models, functional interpretation, proof-theoretic strength MSC (2000) 03F50; 03F25; 03E55; 03B15; 03C70 Constructive set theory started with Myhill’s seminal 1975 article [8]. This paper will be concerned with axiomatizations of the natural numbers in constructive set theory discerned in [3], clarifying the deductive relationships between these axiomatizations and the strength of various weak constructive set theories.

1 Introduction In a joint book project [3] (based on [2]), Peter Aczel and the author of this paper develop an extensive presentation of an approach to constructive mathematics that is based on an explicitly described axiom system. One of the aims of is to initiate an account of how constructive mathematics can be developed on the basis of a set theoretical axiom system. The intent is to prove each basic result relying on as weak an axiom system as possible. One of the first tasks to be addressed is the axiomatization of the natural numbers. The basic system with which [3] commences is called Elementary Constructive Set Theory, ECST. It is obtained from intuitionistic Zermelo-Fraenkel set theory, IZF by the following changes. 1. It uses the Replacement Scheme instead of the Collection Scheme. 2. It drops the Powerset Axiom and the Set Induction Scheme. 3. It uses the Bounded Separation Scheme instead of the full Separation Scheme. 4. It uses the Strong Infinity axiom instead of the Infinity axiom. Strong Infinity ∃a[Ind(a) ∧ ∀b[Ind(b) → ∀x ∈ a(x ∈ b)]] where we use the following abbreviations. • Empty(y) for (∀z ∈ y)⊥, • Succ(x, y) for ∀z[z ∈ y ↔ z ∈ x ∨ z = x], • Ind(a) for (∃y ∈ a)Empty(y) ∧ (∀x ∈ a)(∃y ∈ a)Succ(x, y).

Some Consequences of ECST Among other things, in ECST one can show the existence of ordered pairs, Cartesian products, quotients and much more. Also, if ∀x ∈ a ∃!y φ(x, y) then there exists a unique function f with dom(f) = a such that ∀x ∈ a φ(x, f(x)). The set of natural numbers will be obtained from the Strong Infinity axiom. The role of the number zero is played by the empty set. The infinite set of the Strong Infinity axiom is uniquely determined by its properties.

∗ Corresponding author E-mail: [email protected], Phone: +00 44 113 5109,

Lemma 1.1 (ECST) Let θ(a) be the formula

Ind(a) ∧ ∀y[Ind(y) → a ⊆ y].

If θ(a) and θ(b) then a = b. P r o o f. Ind(a) and Ind(b) yield a ⊆ b and b ⊆ a, hence a = b by Extensionality. Definition 1.2 The unique set a such that Ind(a) ∧ ∀y[Ind(y) → a ⊆ y] will be denoted by ω. We use a+ to denote a ∪ {a}. Theorem 1.3 (ECST) 1. ∀n ∈ ω [n = 0 ∨ (∃m ∈ ω) n = m+]. 2. ∀n ∈ ω (0 6= n+). 3. φ(0) ∧ ∀n ∈ ω[φ(n) → φ(n+)] → (∀n ∈ ω) φ(n) for every bounded formula φ(n). 4. ∀n ∈ ω (n is transitive). 5. ∀n ∈ ω (n∈ / n). 6. ∀n, m ∈ ω [n ∈ m → n+ ∈ m ∨ n+ = m]. 7. ∀n, m ∈ ω [n+ = m+ → n = m]. 8. ∀n ∈ ω (0 ∈ n+) 9. ∀n, m ∈ ω [n ∈ m ∨ n = m ∨ m ∈ n]. 10. m ∈ n ∨ m∈ / n and m = n ∨ m 6= n for all n, m ∈ ω. P r o o f. [3] Theorem 6.3. The previous theorem entails that the structure (ω, 0,S) satisfies the Dedekind-Peano axioms, where S(n) = n+ = n ∪ {n} for n ∈ ω. Dedekind showed that from his axioms one could derive the following method for defining functions on ω (identifying N and ω) by iteration. Definition 1.4 (Small Iteration) For each set A, each F : A → A and each a0 ∈ A there is a unique function H : ω → A such that

H(0) = a0, H(S(n)) = F (H(n)).

We call this Small Iteration, abbreviated s-ITERω, because we require A to be a set. We get full Iteration by allowing A and F to be classes. By ∆0-ITERω we will denote the schema where A and F are allowed to be ∆0 classes. In the next section it will be shown that ECST is a very weak theory in which Small Iteration cannot be proved. In particular it will be shown that the addition function on ω cannot be proved to exist in ECST.

A familiar generalization of Iteration is Primitive Recursion. The set version is the following axiom.

Deﬁnition 1.5 (Small Primitive recursion) For sets A, B, if F0 : B → A and F : B × ω × A → A then there is a (necessarily unique) H : B × ω → A such that for all b ∈ B

H(b, 0) = F0(b) H(b, n+) = F (b, n, H(b, n)) for all n ∈ ω

We refer to this scheme as s-PRIMω. Note that s-ITERω is essentially a restricted version of s-PRIMω where B is a singleton set and F does not depend on its ﬁrst argument.

Theorem 1.6 (ECST) Assuming s-ITERω the axiom scheme s-PRIMω holds. P r o o f. [3] Theorem 6.17.

Theorem 1.7 Heyting arithmetic, HA, can be interpreted in ECST + s-ITERω.

P r o o f. Using s-PRIMω we see that the primitive recursive functions on ω can all be deﬁned. Hence the fact that HA can be interpreted in ECST + s-ITERω follows from Theorem 1.3 and Theorem 1.6.

Although s-ITERω gives us all the primitive recursive functions, in [3] s-ITERω has not been selected as the right axiom to complete the axiomatization of the natural numbers. This status has been bestowed on the next axiom. Deﬁnition 1.8 (Finite Powers Axiom, FPA) For each set A the class nA of functions from n to A is a set for all n ∈ ω. Note that this axiom is an immediate consequence of the Exponentiation Axiom and so is a theorem of CZF.

Theorem 1.9 (ECST) The Finite Powers Axiom implies s-ITERω. P r o o f. [3] Theorem 6.10.

There are several desirable consequences that FPA has but s-ITERω doesn’t seem to have (see [3]).

Conjecture 1.10 ECST + s-ITERω does not prove FPA.

With ECST + s-ITERω we have already reached the strength of Peano Arithmetic. In section 3 it will be shown that the addition of Strong Collection and Subset Collection to ECST doesn’t yield any more proof- theoretic strength. The latter system will be referred to as CZF−. In the main, it differs from CZF only by the omission of Set Induction. Moreover, adding the Axiom of Dependent Choices or the Presentation Axiom to CZF− doesn’t add proof-theoretic strength either. The final schema we are going to consider is ∆0-ITERω. ∆0-ITERω implies FPA on the basis of ECST (see [3]). The implication cannot be reversed though as the final section provides a proof that ECST + ∆0-ITERω proves the consistency of PA. ∆0-ITERω implies that every set possesses a transitive closure. It doesn’t seem to be possible to prove this from FPA. The proof of the weakness of ECST is established in two steps. Firstly, in section 2, ECST gets subjected − to a functional interpretation in a version of Godel’s¨ T over sets, dubbed T∈ . The second step, carried out in − section 3, consists of interpreting T∈ in a type structure over a recursively saturated elementary extension of the structure (N; 0, SUC, <) which is known to be decidable and incapable of defining the addition function.

2 A functional interpretation of ECST

− In this section we will sketch a functional interpretation of ECST in a typed theory T∈ . A functional inter- − pretation of CZF in T∈ - an extension of Godel’s¨ T to sets - was given by W. Burr. T∈ is a fragment of T∈ of [5] which arises from T∈ by firstly dropping the recursion terms Rσ and their defining axioms, and secondly discarding the Foundation rule but adding the axioms of Strong Infinity as basic axioms. Since in a later section − T∈ will be interpreted in an admissible structure with urelements it is in order to recall the language and the − axioms of T∈ . − Definition 2.1 (Definition of T∈ ) The collection T of linear type symbols is defined by: (1) o ∈ T , (2) if σ, τ ∈ T then σ → τ ∈ T . The outermost brackets of a type symbol are usually suppressed. We use the − abbreviations 1 := o → o, 2 := 1 → o, σ → τ → ρ := σ → (τ → ρ) etc. T∈ contains the following basic terms (by writing t : σ we convey that t is a term of type σ): • countably many variables xσ, yσ,... : σ for each type σ • constants 0, ω : o

• combinators Kτσ : τ → σ → τ

• combinators Sρστ :(ρ → σ → τ) → (ρ → σ) → ρ → τ

• Suc ,I : o → o → o

• N : o → o → o → o

• U : 1 → o → o.

− The terms of T∈ are defined inductively as follows: Each basic term of type σ is a term of type σ; if t is a term of type σ → τ and s is a term of type σ then (ts) is a term of type τ. − The ∆0 formulae of T∈ constitute the smallest collection of formulae that contains the atomic formulae s ∈ t, s = t, ⊥ with s, t terms of type o and is closed under ∧, ∨, → and bounded quantification (∀x ∈ s), (∃x ∈ s), where s, x : o and x does not occur in s. Note that ∆0 formulae do not contain equations of higher types but may contain terms of arbitrary type as sub-terms. − The formulae of T∈ are generated from the ∆0 formulae and equations s = t between terms of the same type σ (called equations of type σ) by closing off under ∧, → and bounded universal quantification (∀x ∈ s), where s, x : o and x does not occur in s. − It appears to be opportune to point out that there are no unbounded quantifiers in T∈ formulae and that higher type equations neither occur in the scope of a disjunction nor of an existential quantifier. Definition 2.2 Below we shall assume that all terms have suitable types and that the formulae are well-formed. − We shall also drop the typing information in the combinators K and S. The Axioms and Rules of T∈ are the following:

1. the intuitionistic rules for the propositional connectives and bounded quantiﬁers (for details see [5], §2);

2. equality axioms: s = s, s = t → ϕ(s) → ϕ(t), where s and t have the same type;

3. Set-Extensionality: (∀z ∈ s)z ∈ t ∧ (∀z ∈ t)z ∈ s → s = t

4. x ∈ 0 →⊥

5. x ∈ ω ↔ [x = 0 ∨ (∃y ∈ ω) x = Suc yy]

6. 0 ∈ s ∧ (∀x ∈ s) Suc xx ∈ s → (∀x ∈ ω)x ∈ s

7. x ∈ Suc st ↔ (x ∈ s ∨ x = t)

8. x ∈ Ist ↔ [x ∈ t ∧ (∀y ∈ s)x ∈ y]

9. x ∈ Nstr ↔ [x ∈ s ∧ (x ∈ t → x ∈ r)]

10. x ∈ Ufs ↔ (∃y ∈ s)x ∈ fy

11. Kst = s

12. Sqtr = (qr)(tr)

13. (Extensionality rule): From θ → sa = ta infer θ → s = t, providing a is an eigenvariable, i.e. a does not occur free in θ, s, t.

A more informal rendering of the axioms (7), (8), (9), (10) is the following: Suc st = s ∪ {t}, Ist = t ∩ T s, Nstr = {x ∈ s | x ∈ t → x ∈ r}; Ufs = S{fx | x ∈ s}. − × The functional interpretation of T∈ to be deployed is the same as in [5], namely the translation of [5], − Deﬁnition 4.1. That it works in the context of the weaker theories ECST and T∈ follows by carefully scouring the proofs of [5]. × − Theorem 2.3 (Interpretation theorem) ECST plus Strong Collection is -interpretable in T∈ .

− P r o o f. Firstly it should be said that the constant ω of ECST is translated in the language of T∈ by replacing − × it with the constant ω of T∈ . Note that the translation does not affect ∆0 formulae and hence the axioms × − of Strong Inﬁnity are easily shown to be -interpretable in T∈ by means of the axioms (4)-(7). For the other axioms of ECST as well as Strong Collection the proof is the same as for [5], Theorem 4.3. Since ECST does − not have Set Induction the recursors Rσ are not required for the interpretation and thus it works with T∈ in lieu of T∈.

Corollary 2.4 Let ϕ(x, y) be a formula of ECST of the form ∃z θ(x, y, z) with θ ∆0 and all free variables exhibited. Suppose that ECST + Strong Collection ` ∃!y ϕ(x, y). − Then there are closed terms Q : 1,F : 1,Z : o → 1 of T∈ such that − T∈ ` (∃u ∈ Qx) u = u ∧ (∀u ∈ Qx) θ(x, F x, (Zu)x) (1) where x, u : o.

P r o o f. The same as for [5], Corollary 4.5.

Corollary 2.5 Let ψ(y) be a ∆0 formula of ECST with at most y free such that

ECST + Strong Collection ` ∃!y ψ(y).

− Then there is a closed term p : o of T∈ such that

− T∈ ` ψ(p).

P r o o f. Let θ(x, y, z):≡ ψ(y) and make the substitution x 7→ 0 in (1). Finally let p := F 0.

3 ECST is a weak theory The goal of this section is to prove the following theorem. Theorem 3.1 ECST does not prove the existence of the addition function on ω. A fortiori ECST does not prove small primitive recursion.

Let NL := (N; 0, SUC, <) be the structure obtained from the natural numbers by furnishing them with a successor relation SUC such that SUC(n, m) ⇔ m = n + 1, a constant for the zero element and the less-than relation. It is well known that the theory of NL is decidable and that the graph of the addition function on N is not definable in NL (see [6], Section 3.2). Next we take a recursively saturated elementary extension M of NL, and finally we let HYPM be the smallest admissible set above the urelement structure M (as defined in [4], II. Definition 5.8). HYPM is of the form (M; L(M, λ) ∩ VM , ∈) for some limit ordinal λ, where M stands for the domain of M, VM is the class of sets over M and L(M, λ) = S β<λ L(M, β) is a constructible hierarchy over M with L(M, 0) = M and L(M, α + 1) obtained from L(M, α) by applying the Godel¨ functions F1,..., F8 and some further simple functions to the elements of L(M, α) ∪ {L(M, α)}. The ordinal λ is usually denoted by O(M). Since M is recursively saturated, it follows from a theorem of John Schlipf that O(M) = ω (see [4], IV. Theorem 5.3). The urelement version of a theorem due to Gandy then implies that the relations on M in HYPM are just the first-order definable relations of M (see [4], II. Corollary 7.2). The next step is to use HYPM as a universe for interpreting ECST. There is an obstacle, though, as the set of von Neumann integers ω is not an element of HYPM. To model the inductive set postulated by the strong infinity axiom of ECST we will use the set M and view its ordering

∀z ∈ aE ∃u ∈ bE z ˙= u ∧ ∀u ∈ bE ∃z ∈ aE z ˙= u ⇔ a ˙= b (2)

for all a, b ∈ HYPM, where

a if a is a set in HYPM; aE = {n ∈ M : n

We deﬁne the ∆1 predicate ˙= by recursion (cf. [4], chapter I, Corollary 6.6) in the admissible set HYPM as follows:

x ˙= y ⇔ [x, y ∈ M ∧ x = y] ∨

[∀z ∈ xE ∃u ∈ yE (z ˙= u) ∧ ∀u ∈ yE ∃z ∈ xE (z ˙= u)]. Finally we let ˙ x ∈ y ⇔ ∃u ∈ yE (x ˙= u).

M Lemma 3.2 Let SUC be the interpretation of SUC in M. Let a, b, c ∈ HYPM. (i) a ˙= a.

(ii) a ˙= b ⇒ b ˙= a.

(iii) a ˙= b ∧ b ˙= c ⇒ a ˙= c. ˙ (iv) x ∈ aE ⇒ x ∈ a. (v) x ∈˙ a ∧ x ˙= y ⇒ y ∈˙ a.

(vi) ∀z ∈ aE ∃u ∈ bE z ˙= u ∧ ∀u ∈ bE ∃z ∈ aE z ˙= u ⇔ a ˙= b. (vii) ∀z ∈˙ a ∃u ∈˙ b (z ˙= u) ∧ ∀u ∈˙ b ∃z ∈˙ a (z ˙= u) ⇔ a ˙= b.

(viii) [x, y ∈ M ∧ x ˙= y] ⇒ x = y.

M (ix) [x, y ∈ M ∧ SUC (x, y)] ⇒ xE ∪ {x} ˙= y.

(x) 0 ∈˙ a ∧ ∀x, y ∈ M[x ∈˙ a ∧ SUCM(x, y) ⇒ y ∈˙ a] ⇒ ∀x ∈ M x ∈˙ a.

P r o o f. (i) is proved by induction on rk(a), the rank of a. (ii) is proved by induction on max(rk(a), rk(b)), while (iii) is proved by induction on max(rk(a), rk(b), rk(c)). (iv) follows from (i) and the deﬁnition of ∈˙ . (v) follows from (iii). (vi) follows from (i)-(v). (vii) follows from (vi) and (iii). (viii): Note that {hx, yi ∈ M × M : x ˙= y} is a set in HYPM and a

relation on M. Therefore it is deﬁnable in M and hence we can use induction on x along

∀u

By the inductive assumption, the latter implies

∀u

thus

∀u

− 3.1 Interpreting T∈ in HYPM A function f with domain and range subsets of an admissible set A is said to be A-recursive if its graph is A-r.e., i.e. its graph is Σ1 on A. − We shall use the hereditarily ˙= -extensional recursive functionals of ﬁnite type over HYPM to model T∈ in HYPM. We shall need the following result. Theorem 3.3 Let A = (B; A, ∈,...) be an admissible set. There is an A-r.e. relation Tn which parametrizes the class of n-ary A-r.e. relations, with indices from A. P r o o f. [4], V. Theorem 1.3.

Definition 3.4 In what follows it is assumed that all objects are in HYPM and that all quantifiers range over HYPM. Let Tn be a HYPM-r.e. relation which parametrizes the n-ary HYPM-r.e. relations (as defined in the proof of Theorem 3.3). If ∃!x Tn+1(c, a1, . . . , an, x) holds we shall write [c](a1, . . . , an) ↓ and also denote the unique b such that Tn+1(c, a1, . . . , an, b) by [c](a1, . . . , an). For each finite type σ we inductively define the ˙= -extensional hereditarily recursive functionals of type σ over HYPM as follows:

x ∈ To :⇔ x ∈ HYPM x ˙=oy :⇔ x, y ∈ HYPM ∧ x ˙= y c ∈ Tρ→τ :⇔ ∀a ∈ Tρ ([c](a)↓ ∧ [c](a) ∈ Tτ ) ∧ 0 0 0 ∀aa ∈ Tρ[ a ˙=ρa → [c](a) ˙=τ [c](a )]

c ˙=ρ→τ d :⇔ c, d ∈ Tρ→τ ∧ ∀a ∈ Tρ [c](a) ˙=τ [d](a).

We remark that the classes Tσ and ˙=σ are deﬁnable in HYPM. Of course, the complexity of the deﬁning formulas increases with the complexity of the type σ.

Deﬁnition 3.5 We deﬁne maps SucE,IE,NE,KE as follows:

SucE(a, b) = aE ∪ {b}

IE(a, b) = bE ∩ {x | ∀y ∈ aE x ∈ yE}

NE(a, b, c) = {x ∈ aE | x ∈ bE → x ∈ cE}

KE(a, b) = a. Note that by Lemma 3.2 the foregoing maps are ˙= -extensional in all arguments. We also deﬁne relations UE,SE as follows: [ UE(a, b, c):⇔ c = {(f(x))E | x ∈ bE} for some function f with domain bE

such that ∀x ∈ bE T2(a, x, f(x))

SE(a, b, c, d):⇔ ∃xy [T2(a, c, x) ∧ T2(b, c, y) ∧ T2(x, y, d)].

If there is a unique c such that UE(a, b, c) holds, this c will be denoted by UE(a, b). Similarly if there is exactly one d such that SE(a, b, c, d) this d will be denoted by SE(a, b, c). Observe that UE is functional and total on T1 × To and for a ∈ T1 we have [ UE(a, b) = {([a](x))E | x ∈ bE}.

Similarly, SE is functional and total on Tρ→σ→τ × Tρ→σ × Tρ for all ρ, σ, τ, and if (a, b, c) ∈ Tρ→σ→τ × Tρ→σ × Tρ then SE(a, b, c) = ([a](c)) ([b](c)). 0 0 0 Observe also that UE is ˙=1 and ˙=o extensional on T1 × To, i.e. if (a, b), (a , b ) ∈ T1 × To, a ˙=1a 0 0 0 0 0 0 and b ˙=ob then UE(a, b) ˙=oUE(a , b ). Likewise, SE is extensional in the sense that if (a, b, c), (a , b , c ) ∈ 0 0 0 0 0 0 Tρ→σ→τ × Tρ→σ × Tρ, a ˙=ρ→σ→τ a , b ˙=ρ→σb and c ˙=ρc then SE(a, b, c) ˙=τ SE(a , b , c ). On account of their deﬁnitions, all these maps and multi maps have HYPM-r.e. graphs and thus they have indices in the sense of Theorem 3.3. Since an S-m-n or parameter theorem can easily be proved for A-r.e. relations for any admissible set A, one can construct indices eSuc, eI , eN , eU , eK , eS ∈ HYPM such that eSuc, eI ∈

To→o→o, eN ∈ To→o→o→o, eU ∈ T1→o→o, eK ∈ Tτ→σ→τ for all τ, σ, and eS ∈ T(ρ→σ→τ)→(ρ→σ)→ρ→τ for all ρ, σ, τ, and, moreover, [[eSuc](a)](b) = SucE(a, b); [[eI ](a)](b) = IE(a, b); [[[eN ](a)](b)](c) = NE(a, b, c); [[eU ](a)](b) = UE(a, b) if a ∈ T1; [[eK ](a)](b) = a; [[[eS](a)](b)](c) = SE(a, b, c) whenever (a, b, c) ∈ Tρ→σ→τ × Tρ→σ × Tρ. − Theorem 3.6 T∈ has an interpretation in the ˙= -extensional hereditarily recursive functionals of type σ over HYPM as follows:

• The constants 0, ω, Kτσ,Sρστ , Suc ,I,N,U are interpreted as 0, M, eK , eS, eSuc, eI , eN , eU , respectively.

• Variables of type σ are interpreted as elements of Tσ. 0 0 • If s : σ → τ and t : σ are terms interpreted by elements s ∈ Tσ→τ and t ∈ Tσ, then st is interpreted as [s0](t0). • The elementhood relation is interpreted as ∈˙ while the equality between terms of type σ is interpreted as ˙=σ. • Logical connectives and bounded quantiﬁers are interpreted by themselves.

σ1 σn − Given a formula ϕ(x1 , . . . , xn ) of T∈ with all free variables exhibited, and a1 ∈ Tσ1 , . . . , an ∈ Tσn , we T σi denote by ϕ[a1, . . . , an] the above interpretation with respect to the assignment xi 7→ ai. We then have:

− σ1 σn T T∈ ` ϕ(x1 , . . . , xn ) ⇒ HYPM |= ϕ[a1, . . . , an] . − P r o o f. That the axioms of T∈ are validated by this interpretation follows from the choice of the constants 0, M, eK , eS, eSuc, eI , eN , eU , i.e. the deﬁning equations of the corresponding maps KE,SE, SucE,IE,NE,UE and the properties proved in Lemma 3.2. More precisely, axioms (5) and (7) follow from Lemma 3.2 (ix) while axiom (6) follows from Lemma 3.2 (x). Corollary 3.7 ECST plus Strong Collection does not prove the existence of the addition function on ω. P r o o f. Assuming otherwise, ECST proves the statement ∃!f θ(f), where θ(f) is the formula expressing that f is a function with domain ω × ω and range ω satisfying ∀x ∈ ω f(x, 0) = x ∧ ∀xy ∈ ω f(x, y + 1) = f(x, y) + 1

− with y + 1 := y ∪ {y} and 0 := ∅. By Corollary 2.5 there then exists a closed term p : o of T∈ such that − T T∈ ` θ(p), and hence by Theorem 3.6 we conclude that HYPM |= θ(p) , entailing that there exists a function g ∈ HYPM with domain M × M and range M satisfying ∀n ∈ M g(n, 0) = n ∧ ∀nkk0 ∈ M [SUCM(k, k0) ⇒ SUCM(g(n, k), g(n, k0))], with SUCM being the interpretation of SUC in M. Since g ⊆ M × M and M is recursively saturated the graph of g is deﬁnable in M. This implies that there exists a formula ψ(x, y, z, u1, . . . , ur) of the language of M and m1, . . . , mr ∈ M such that M |= ∀xy∃!z ψ(x, y, z, ~m) ∧ ∀x ψ(x, 0, x, ~m) ∧ (3) ∀xyzy0z0 [ψ(x, y, z, ~m) ∧ SUC(y, y0) ∧ ψ(x, y0, z0, ~m) ⇒ SUC(z, z0)] .

Abbreviating the formula of (3) by χ(~m), it holds M |= ∃u1 . . . ur χ(u1, . . . , ur) and therefore we conclude that NL |= ∃u1 . . . ur χ(u1, . . . , ur) as M is an elementary extension of NL = (N; 0, SUC, <). But then addition would be deﬁnable in NL, contradicting a well-known result about NL.

Corollary 3.8 s-ITERω is not provable in ECST plus Strong Collection. P r o o f. Obvious by the previous Corollary. Remark 3.9 Corollary 3.7 indicates that ECST plus Strong Collection is a very weak theory. We conjecture that this theory has a ﬁnitistic consistency proof, say in elementary recursive arithmetic.

− 0 4 CZF is Π2 conservative over HA In this section we show that CZF− is of the same proof-theoretic strength as Heyting Arithmetic, especially − 0 0 that CZF is Π2 conservative over HA. To be more precise, a Π2 statement θ of HA, i.e. a sentence of the form ∀x∃yψ with ψ quantifier-free, has a canonical translation θs into the language of set theory, whereby the quantifiers become restricted to ω and the symbols for the less-than relation, 0, successor, addition and multiplication are replaced by their set-theoretic counterparts/descriptions. We will show that CZF− ` θs if and only if HA ` θ (or PA ` θ). As in the previous section we shall use the method of recursively saturated models, though this time a syntactic translation (hence finitistic reduction) is readily available, making the employment of recursively saturated models an act of laziness. The interpretations also validate some choice principles. Definition 4.1 Let xRy stand for hx, yi ∈ R. A mathematically very useful axiom to have in set theory is the Dependent Choices Axiom, DC, i.e., for all sets A and (set) relations R ⊆ a × a, whenever

(∀x ∈ A)(∃y ∈ A) xRy and b0 ∈ A, then there exists a function f : ω → A such that f(0) = b0 and

(∀n ∈ ω) f(n)Rf(n + 1).

The Presentation Axiom, PAx, is an example of a choice principle which is validated upon interpretation in type theory. In category theory it is also known as the existence of enough projective sets. A set P is a base if for any P -indexed family (Xa)a∈P of inhabited sets Xa, there exists a function f with domain P such that, for all a ∈ P , f(a) ∈ Xa. PAx is the statement that every set is the surjective image of a base. Throughout this section we fix a countable recursively saturated model of PA M. In the language of arithmetic we can define Turing machine application {e}(x) ' y i.e. the Turing machine with code e run on input number x yields the result y. As M is a non-standard model there will be (codes of) non-standard Turing machines. For e, x ∈ M we will use the shorthand e • x↓ to convey that M |= {e}(x) ' y for some y ∈ M; for a set X we use e • x ∈ X to convey that M |= e • x ' y and y ∈ X for some y ∈ M (actually unique y). We shall define “internal” versions of intensional and extensional transfinite type structures with dependent products and dependent sums over M.

Definition 4.2 Let x, y 7→ (x, y) be an M-definable bijective pairing function on M with inverses z 7→ (z)0 and z 7→ (z)1, i.e. ((x, y))0 = x and ((x, y))1 = y. Let (x, y, z) = (x, (y, z)) etc. 0, 1, 2, 3 will denote the first four elements of M. The intensional types of M and their elements are defined inductively. The set of elements of a type A is called its extension and denoted by Aˆ.

M 1. N := (0, 0) is a type with extension M.

M M 2. For each m ∈ M, Nm := (0, SUC (m)) is a type with extension {k ∈ M | k

3. If A and B are types, then A +M B := (1, A, B) is a type with extension

{(0, x) | x ∈ Aˆ} ∪ {(1, x) | x ∈ Bˆ}.

4. If A is a type and for each x ∈ Aˆ, F (x) is a type, where F ∈ M and F (x) means F • x, then

M Y F (x) := (2, A, F ) x:A

is a type with extension {f ∈ M | ∀x ∈ Aˆ f • x ∈ F[(x)}.

5. If A is a type and for each x ∈ Aˆ, F (x) is a type, where F ∈ M, then

M X F (x) := (3, A, F ) x:A

is a type with extension {(x, u) | x ∈ Aˆ ∧ u ∈ F[(x)}.

The obvious question to ask is: Why should we distinguish between a type A and its extension Aˆ. Well, the reason is that we want to apply the Turing machine application operation of M to types. To make this possible, types have to be elements of M. Deﬁnition 4.3 We also deﬁne the extensional types of M. Here every type A comes equipped with its own equality relation =A and functions between types have to respect those equality relations. Again, the set of elements of a type A will be called its extension and be denoted by Aˆ.

M M 1. is a type with extension M. = is just the equality of M. N N M 2. For each m ∈ M, Nm is a type with extension {k ∈ M | k

3. If A and B are types, then A +M B is a type with extension

{(0, x) | x ∈ Aˆ} ∪ {(1, x) | x ∈ Bˆ}.

The equality on A +M B is deﬁned by

(i, x) = (j, y) iff [i = j = 0 ∧ x = y] ∨ [i = j = 1 ∧ x = y]. A+M B A B

4. If A is a type, F ∈ M, and for each x ∈ Aˆ, F (x) (= F • x) is a type such that F (x) and F (y) have the

same extension whenever x =A y, then then F is said to be a family of types over A. 5. If A is a type and F is a family of types over A, then

M Y F (x) x:A is a type with extension

ˆ ˆ {f ∈ M | ∀x ∈ A f • x ∈ F[(x) ∧ ∀x, y ∈ A[x =A y → f • x =F (x) f • y]}.

QM For f, g in the extension of x:A F (x), ˆ f = M g iff ∀x ∈ A f • x =F (x) g • x. Q F (x) x:A

6. If A is a type and F is a family of types over A, then

M X F (x) x:A

ˆ PM is a type with extension {(x, u) | x ∈ A ∧ u ∈ F[(x)}. Equality on x:A F (x) is deﬁned by

M (u, v) =P (w, z) iff u =A w ∧ v =F (u) z. x:A F (x)

Remark 4.4 The ordinary product and arrow types can be deﬁned with the aid of dependent products and sums, respectively. Let A, B be types and F ∈ M be a function such that F (x) = B for all x ∈ M.

M M X Y A × B := F (x) A → B := F (x). x:A x:A . M Definition 4.5 (The set-theoretic universe Vi ) Starting from the intensional type structure of M, we are going to construct a universe of sets for intuitionistic set theory. The rough idea is that a set X is given by a type A together with a set-valued function f defined on A (or rather the extension of A) such that X = {f(x) | x ∈ A}. Again, the objects of this universe will be coded as elements of M. The above set will be coded as sup(A, f), where sup(A, f) = (8, (A, f)) or whatever. We sometimes write {f(x) | x ∈ A} for sup(A, f). By the recursion theorem we can pick a standard number u such that {u}(x) ' sup(x, u) (this is provable in PA). M The universe of sets over the intensional type structure of M, Vi , is defined inductively by two rules:

M M • sup(Nm , u) ∈ Vi for all m ∈ M;

ˆ M M • if A is a type of M, f ∈ M, and ∀x ∈ A f • x ∈ Vi , then sup(A, f) ∈ Vi .

M M We shall use variables α, β, γ, . . . to range over elements of Vi . Each α ∈ Vi is of the form sup(A, f). Deﬁne α¯ := A and α˜ := f. M We assign an ordinal rank(α) to every α ∈ Vi by letting

M rank(sup(Nm , u)) = 0 [ rank(α) = ( {rank(˜α • x) | x ∈ α¯}) + 1

M if α is not of the form sup(Nm , u). M Whence if α is not of the form sup(Nm , u) then rank(α) > 0. An essential characteristic of set theory is extensionality, i.e. that sets having the same elements are to be M identified. So if {f(x) | x ∈ A} and {g(y) | y ∈ B} are in Vi and for every x ∈ A there exists y ∈ B such that f(x) and g(y) represent the same set and conversely for every y ∈ B there exists x ∈ A such that f(x) and g(y) represent the same set, then {f(x) | x ∈ A} and {g(y) | y ∈ B} should be identified as sets. This idea gives rise M to an equivalence relation (bisimulation) on Vi . M Definition 4.6 (Kleene realizability over Vi ) We will introduce a realizability semantics for sentences of set M theory with parameters from Vi . Bounded set quantifiers will be treated as quantifiers in their own right, i.e., M bounded and unbounded quantifiers are treated as syntactically different kinds of quantifiers. Let α, β ∈ Vi and e, f ∈ M. We write ei,j for ((e)i)j. To convey that x is in the extension of α¯ we’ll just write x ∈ α¯ instead of x ∈ α¯ˆ. In what follows we shall also omit •, i.e. e • x gets shortened to ex. ex1x2 stands for (ex1)x2, ex1x2x3 stands for ((ex1)x2)x3 etc. For ordinals a, b we denote by a]b the natural ordinal sum (see e.g. [9], Definition 7.13). We define

M M 0 e M sup(Nm , u) = sup(Nm0 , u) iff m = m .

If rank(α)] rank(β) > 0 let

¯ ˜ e M α = β iff ∀i ∈ α¯ [e0,0i ∈ β ∧ e0,1i M αi˜ = β(e0,0i)] ∧ ¯ ˜ ∀i ∈ β [e1,0i ∈ α¯ ∧ e1,1i M βi =α ˜(e1,0i)]

For other formulas realizability is deﬁned as follows: ¯ ˜ e M α ∈ β iff (e)0 ∈ β ∧ (e)1 M α = β(e)0

e M φ ∧ ψ iff (e)0 M φ ∧ (e)1 M ψ e M φ ∨ ψ iff (e)0 = 0 ∧ (e)1 M φ ∨ (e)0 = 1 ∧ (e)1 M ψ

e M ¬φ iff ∀f ∈ M ¬f M φ e M φ → ψ iff ∀f ∈ M f M φ → ef M ψ

e M ∀x ∈ α φ(x) iff ∀i ∈ α¯ ei M φ(˜αi)

e M ∃x ∈ α φ(x) iff (e)0 ∈ α¯ ∧ (e)1 M φ(˜α(e)0) M e M ∀xφ(x) iff ∀α ∈ Vi eα M φ(α) M e M ∃xφ(x) iff (e)0 ∈ Vi ∧ (e)1 M φ((e)0).

The definition of e M α = β falls under the scope of definition by transfinite recursion. Here it proceeds by recursion on rank(α)] rank(β).

Theorem 4.7 ϕ(v1, . . . , vr) be a formula of set theory with at most the free variables exhibited. If

− CZF + DC ` ϕ(v1, . . . , vr)

M then there exists e ∈ M such that for all α1, . . . , αr ∈ Vi ,

M |= eα1 . . . αr ↓ and

eα1 . . . αr M ϕ(α1, . . . , αr). − e can be effectively constructed from the CZF + DC-deduction of ϕ(v1, . . . , vr). P r o o f. Up to now we haven’t used the assumption that M is recursively saturated. Clearly the definition of M Vi can be done in HYPM as it falls under the scope of Σ1 inductive definitions on an admissible set (see [4], VI. Theorem 3.8). One of the first axioms we have to find a realizer for is extensionality. If rank(α)] rank(β) > 0, and d M ∀x ∈ α x ∈ β ∧ ∀x ∈ β x ∈ α then clearly (by definition as it were) d M α = β, and thus

i M ∀x ∈ α x ∈ β ∧ ∀x ∈ β x ∈ α → α = β, (4) where i is a machine code for the identity function. If, however, rank(α) = 0 and rank(β) = 0, we have to argue M M ∗ M differently. Then α = sup(Nm , u) and β = sup(Nk , u) for some m, k ∈ M. Put k := sup(Nk , u). One easily proves ∗ ∗ ∗ ∗ ∀d, k ∈ M [d M ∀x ∈ m x ∈ k ∧ ∀x ∈ k x ∈ m ⇒ m = k] (5) for all m ∈ M by induction on

M to be replaced by induction on rank(α) for α ∈ Vi . The validation of DC is similar to the validation of RDC in [10], Lemma 4.25, crucially exploiting (6).

0 s − s Corollary 4.8 Let θ be a Π2 sentence of arithmetic and θ be its set-theoretic rendering. If CZF +DC ` θ then M |= θ.

∗ M s P r o o f. Put n := sup(Nn , u). Let θ be the formula ∀x∃yϕ(x, y) with ϕ(x, y) quantiﬁer-free. Then θ is s − s s the formula ∀x ∈ ω ∃y ∈ ω ϕ(x, y) . From CZF + DC ` θ we obtain e M ∀x ∈ ω ∃y ∈ ω ϕ(x, y) for some e ∈ M. Unravelling the latter, we get

0 0 ∗ ∗ s ∀m ∈ M∃e , k ∈ M e M ϕ(m , k ) . 0 ∗ ∗ s The claim follows from the fact that e M ϕ(m , k ) implies M |= ϕ(m, k). The details of proving this fact are too laborious and tedious and thus have to be omitted.

− 0 Corollary 4.9 CZF + DC is Π2-conservative over PA and HA. − s 0 P r o o f. By Corollary 4.8, if CZF +DC ` θ for a Π2 statement θ, then M |= θ. Since M was an arbitrary recursively saturated model of PA and every countable model of PA has a recursively saturated elementary extension, θ holds in all countable models of PA and is thus provable in PA. Moreover, PA and HA prove the 0 same Π2 statements. Corollary 4.10 The use of recursively saturated models is not necessary for establishing Corollary 4.9. In- − stead of using a translation of CZF + DC into HYPM one can use a similar syntactic translation into the r − theory PAΩ of [7] which is conservative over PA, thus providing a finitistic reduction of CZF + DC to PA and HA. Conjecture 4.11 We conjecture that CZF− is conservative over HA for all arithmetic formulae. M M We shall also consider an extensional version of Vi , dubbed Vξ , and extensional Kleene realizability over M Vξ . M Definition 4.12 (The set-theoretic universe Vξ ) Here we start from the extensional type structure of M. M M The universe of sets over the extensional type structure of M, Vξ , and an equality relation = M on Vξ Vξ are defined inductively. Rather than x =A y we shall write x = y ∈ A. ∀x = y ∈ A ψ is an abbreviation for ∀x, y ∈ A[x =A y → ψ]. M The simultaneous inductive definition of Vξ and = M has the following clauses: Vξ

M M M M M 1. sup(Nm , u) ∈ Vξ and sup(Nm , u) = sup(Nm , u) ∈ Vξ for all m ∈ M. 2. Let A, B be extensional types of M and f, g ∈ M.

M M M (i) If ∀x ∈ A fx ∈ Vξ and ∀x = y ∈ A fx = fy ∈ Vξ , then sup(A, f) ∈ Vξ . M M [(ii) If A and B have the same elements, sup(A, f), sup(B, g) ∈ Vξ , and ∀x ∈ A fx = gx ∈ Vξ , then M sup(A, f) = sup(B, g) ∈ Vξ .

M Deﬁnition 4.13 (Extensional Kleene realizability over Vξ ) We write di,j for ((d)i)j. ∀i = j ∈ α¯ ψ is an abbreviation for ∀i, j ∈ α¯[i = j ∈ α¯ → ψ]. We deﬁne ξ M M 0 e = d sup( , u) = sup( 0 , u) m = m . M Nm Nm iff If rank(α)] rank(β) > 0 let

ξ d = e α = β M iff ξ ∀i = j ∈ α¯ [d i = e j ∈ β¯ ∧ d i = e j αi˜ = β˜(d i)] ∧ 0,0 0,0 0,1 0,1 M 0,0 ξ ∀i = j ∈ β¯ [d i = e j ∈ α¯ ∧ d i = e j βi˜ =α ˜(d i)] 1,0 1,0 1,1 1,1 M 1,0

For other formulas realizability is deﬁned as follows:

ξ ξ d = e α ∈ β (d) = (e) ∈ β¯ ∧ (d) = (e) α = β˜(d) M iff 0 0 1 1 M 0 ξ ξ ξ d = e φ ∧ ψ (d) = (e) φ ∧ (d) = (e) ψ M iff 0 0 M 1 1 M ξ ξ d = e φ ∨ ψ (d) = (e) = 0 ∧ (d) = (e) φ M iff 0 0 1 1 M ξ ∨ (d) = (e) = 1 ∧ (d) = (e) ψ 0 0 1 1 M ξ ξ d = e ¬φ ∀f ∈ M ¬f = f φ M iff M ξ ξ ξ d = e φ → ψ ∀f, g ∈ M f = g φ → df = eg ψ M iff M M ξ ξ d = e ∀x ∈ α φ(x) ∀i, j [i = j ∈ α¯ → di = ej φ(˜αi)] M iff M ξ ξ d = e ∃x ∈ α φ(x) (d) = (e) ∈ α¯ ∧ (d) = (e) φ(˜α(d) ) M iff 0 0 1 1 M 0 ξ M M ξ d = e ∀xφ(x) ∀α, β ∈ V [α = β ∈ V → dα = eβ φ(α)] M iff ξ ξ M ξ M ξ d = e ∃xφ(x) (d) = (e) ∈ V ∧ (d) = (e) φ((d) ). M iff 0 0 ξ 1 1 M 0

ξ ξ e θ e = e θ M iff M . Theorem 4.14 Let ϕ(v1, . . . , vr) be a formula of set theory with at most the free variables exhibited. If

− CZF + PAx ` ϕ(v1, . . . , vr)

M then there exists an e ∈ M such that for all α1, . . . , αr ∈ Vξ ,

M |= eα1 . . . αr ↓ and ξ eα . . . α ϕ(α , . . . , α ). 1 r M 1 r − e can be effectively constructed from the CZF + PAx-deduction of ϕ(v1, . . . , vr). P r o o f. The CZF− part of the proof is the same as for Theorem 4.7. For the PAx part one first defines a M M M map τ : Extensional types of M → Vξ as in [1] Theorem 7.1 except that τ(N ) := sup(N , j) where j an M M M index for the function m 7→ sup(Nm , u) and τ(Nm ) = sup(Nm , u). The function τ actually has an index eτ as M it can be defined by the recursion theorem in M. Next one shows that every τ(A) is realizably a base in Vξ and M M that every α ∈ Vξ is the image of the base S(τ(¯α), α) as defined in [1] Theorem 7.3. Thus Vξ realizes PAx. More details can be found in [10], section 4.4.

− 0 Corollary 4.15 CZF + PAx is Π2-conservative over PA and HA. Corollary 4.16 The use of recursively saturated models is not necessary for establishing Corollary 4.15. − Instead of using a translation of CZF + PAx into HYPM one can use a similar syntactic translation into the r − theory PAΩ of [7] which is conservative over PA, thus providing a ﬁnitistic reduction of CZF + PAx to PA and HA.

− 5 ECST + ∆0-ITERω is stronger than CZF − Theorem 5.1 ECST + ∆0-ITERω proves the consistency of CZF . P r o o f. We know that CZF− is finitistically reducible to Heyting Arithmetic and Peano Arithmetic. Gentzen’s consistency proof of Peano Arithmetic uses an ordinal representation system for the ordinal ε0 and transfinite induction up to this ordinal for primitive recursive predicates. Apart from the transfinite induction, Gentzen’s proof is formalizable in primitive recursive arithmetic. It thus suffices to show that transfinite induction up to ε0 is provable in ECST + ∆0-ITERω for arbitrary sets. For definiteness we shall now refer to the wellordering

ξ proof for ε0 given in [9], §14. Let hA, ≺, 0, +˙ , ξ 7→ ω˙ i be a primitive recursive ordinal representation system ξ for ε0 with A ⊆ ω, ≺ being the ordering, and +˙ and ξ 7→ ω˙ being the operations of addition and exponentiation with base ω. In what follows let X be a set. Variables α, ξ, η are assumed to range over A. The wellordering proof uses the Sprung (jump) operation

Sp(X) := {α | ∀ξ [∀η(η ≺ ξ → η ∈ X) → ∀η (η ≺ ξ+˙ ω ˙ α → η ∈ X)]} and the ∆0 predicate Prog(≺,X) := ∀α [∀ξ(ξ ≺ α → ξ ∈ X) → α ∈ X.]

Sp(X) is a set by Bounded Separation. Given a set X we can use ∆0-ITERω to get a (unique) function FX with domain ω such that FX (0) = X and FX (n + 1) = Sp(FX (n)). By the same proof as for [9], Lemma 15.6 one proves that Prog(≺,X) → Prog(≺, Sp(X)). (7)

Consequently with ∆0 induction on ω one gets

Prog(≺,X) → ∀n ∈ ω Prog(≺,FX (n)). (8) By the same proof as for [9] Lemma 15.5 combined with (7) one obtains Prog(≺,X) ∧ ∀ξ[ξ ≺ α → ξ ∈ Sp(X)] → ∀ξ[ξ ≺ ω˙ α → ξ ∈ X]. (9) (8) and (9) yield that Prog(≺,X) → ∀α α ∈ X i.e. transﬁnite induction up to ε0 for arbitrary sets.

Acknowledgements This material is based upon work supported by the National Science Foundation under Award No. DMS-0301162. I am grateful to the referee for making a number of helpful suggestions.

References

[1] P. Aczel: The type theoretic interpretation of constructive set theory: Choice principles. In: A.S. Troelstra and D. van Dalen, editors, The L.E.J. Brouwer Centenary Symposium (North Holland, Amsterdam 1982) 1–40. [2] P. Aczel, M. Rathjen: Notes on constructive set theory, Technical Report 40, Institut Mittag-Lefﬂer (The Royal Swedish Academy of Sciences, 2001). http://www.mittag-leffler.se/preprints/0001/, Preprint No. 40. [3] P. Aczel, M. Rathjen: Notes on constructive set theory, Preprint (2006) 225 pages. (Available from the authors upon request.) [4] J. Barwise: Admissible Sets and Structures (Springer-Verlag, Berlin, Heidelberg, New York, 1975). [5] W. Burr: Functional Interpretation of Aczel’s constructive set theory. Annals of Pure and Applied Logic 104 (2000) 31–73. [6] H.B. Enderton: A Mathematical Introduction to Logic. Second Edition (Academic Press, London, 2001). [7]G.J ager:¨ Fixed points in Peano arithmetic with ordinals. Annals of Pure and Applied Logic 60 (1993) 119–132. [8] J. Myhill: Constructive set theory. Journal of Symbolic Logic 40 (1975) 347–382. [9] W. Pohlers: Proof theory. Lecture Notes in Mathematics 1407 (Springer, Berlin, 1989). [10] M. Rathjen: The formulae-as-classes interpretation of constructive set theory. In: H. Schwichtenberg, K. Spies (eds.): Proof Technology and Computation (IOS Press, Amsterdam, 2006) 279–322.