Fields and Galois Theory

MATH5246

Andrew Huberyahubery@maths.leeds.ac.uk

Chapter 1

Introduction

Galois Theory has its orgins in the study of roots of polynomials. It is notconcerned with finding the roots, which can be done using, say, the Newton-Raphson Method (see also here for an analysis of various techniques used incomputing for finding square-roots); rather, Galois Theory is interested in theform that the roots can take.In particular, we can ask which polynomials are solvable by radicals: givena polynomial

f = Xn + a1Xn−1 + · · ·+ an−1X + an ∈ Q[X],

we say f is solvable by radicals if we can express a root of f using only the fieldoperations +,−,×,÷ and r

√.

Some polynomials are always solvable by radicals. In school one learns that fora quadratic equation

f = X2 + 2pX + q,

one can complete the square to write

f = (X + p)2 + (q − p2),

and hence has roots−p±

√p2 − q.

This was essentially known to the Babylonians (ca. 1600BC).Similarly, a polynomial of the form

f = Xn − a

clearly has n√a as a root.

The question thus becomes: is every polynomial of degree n solvable by radicals?If yes, is there a general formula giving a root of all polynomials of degree n? Ifno, can we determine which polynomials are solvable by radicals?

1

In the sixteenth century, Ferro and Fontana (nicknamed Tartaglia because ofhis stutter) discovered a general formula which workes for all cubic polynomials.For example, the polynomial

f = X3 + 3X + 2

has as a root the number

3√−1 +

√2 +

3√−1−

√2.

On the other hand, you should be careful what you wish for: this general methodgives, for the polynomial

f = X3 − 15X − 4,

the root3√

2 + 11i+ 3√

2− 11i,

which is a rather complicated way of expressing the number 4.Soon after, Ferrari gave a general method for solving quartic polynomials. Thesemethods were published by Cardano, Ferrari’s mentor, in his Ars Magna in 1545.This proved that all polynomials of degree four are solvable by radicals, and infact that there is a general formula which works for all such polynomials. It tookanother three hundred years until Abel showed in 1824 that there is no formulagiving a radical expression for the root of all quintic polynomials. His result wasbased on an incomplete proof by Ruffini, and used the ideas of permutations,so was the beginning of group theory.Finally Galois in 1830 developed the ideas of group theory in order to decidewhich polynomials are solvable by radicals and which are not, and hence explainwhy there is no general method for finding roots of polynomials of degree five.His method allows one to prove, for example, that the polynomial X5 −X − 1is not solvable by radicals.

1.1 A Modern Approach

From a modern perspective, we replace the study of a polynomial by the studyof the field extension generated by its roots. We then consider the group of allfield automorphisms of this field extension, called the Galois group of the fieldextension. So, if K is a subfield of L, we consider the group

Gal(L/K) := {field automorphisms σ of L fixing every element of K}.

If f ∈ K[X] is a polynomial, and L is the field generated by all the roots of f ,then we write Gal(f) for Gal(L/K).As a simple example, the roots of f = X2+1 ∈ R[X] are±i ∈ C. Since C = R(i),we need to understand the group of all field automorphisms of C which fix R.

2

Any such automorphism σ is determined by σ(i), and since i2 = −1, we musthave σ(i)2 = −1, so σ(i) = ±i. In fact, both of these are allowed, so

Gal(X2 + 1) = Gal(C/R) ∼= Z/2Z

is a cyclic group of order two. This group is generated by the automorphismσ : x+ iy 7→ x− iy, which is just complex conjugation.In other words we can construct C from R by ‘adding in’ a root of the polynomialX2 + 1. From the point of view of R, however, we cannot distinguish betweenthe two roots ±i, and in a sense this is why complex conjugation exists.As a more involved example, we can consider the polynomial f = X3−2 ∈ Q[X].This has roots 3

√2, ω 3√

2, ω2 3√

2, where ω = 12 (−1+ i

√3) is a primitive cube root

of unity, so the field generated by the roots is Q( 3√

2, ω).Now, any field automorphism σ must permute the roots; for if α3 = 2, thenσ(α)3 = 2. Also, since ω =

(ω 3√

2)/(

3√

2)

is a quotient of two such roots, wesee that σ is completely determined by how it permutes the roots. This in factgives an injective group homomorphism from the Galois group to the symmetricgroup Sym3.Next, since exactly two of the roots are complex, we see that complex conjuga-tion is a field automorphism, giving

τ ∈ Gal(Q( 3√

2, ω)/Q), 3√

2 7→ 3√

2, ω 7→ ω2.

On the other hand, the general theory will tell us that the map 3√

2 7→ ω 3√

2 canbe extending to a field automorphism, giving

σ ∈ Gal(Q( 3√

2, ω)/Q), 3√

2 7→ 3√

2, ω 7→ ω.

Looking at the corresponding permutations, we get that τ is a transposition,whereas σ is a 3-cycle. We know that these elements generate the full symmetricgroup, so

Gal(Q( 3√

2, ω)/Q) ∼= Sym3.

If instead we had just added in one of the roots, say 3√

2, then we wouldn’thave had enough symmetries. In fact, the only field automorphism of Q( 3

√2)

is the identity. This helps explain why we need to include all the roots of thepolynomial.

1.2 Galois’ Theorem

One of the main theorems of this course will be the following.

Theorem 1.1. A polynomial f is solvable by radicals if and only if the groupGal(f) is solvable.Moreover, there exists for each n an irreducible polynomial f ∈ Q[X] havingGalois group Gal(f) = Symn.

3

Since Symn is solvable if and only if n ≤ 4, we conclude that there exist quinticpolynomials which are not solvable by radicals. The polynomial X5 − X − 1mentioned earlier is one such quintic.The Galois group of a field extension L/K tells us a lot about the internalstructure of the field L. In fact, in certain nice cases, there is an order-reversingbijection between the lattice of subfields of L containing K and the lattice ofsubgroups of Gal(L/K). This is called the Galois Correspondence. As aconsequence we see that in these cases there are only finitely many subfields ofL containing K, a fact which is far from obvious.This passing between subgroups and subfields is an important and extremelyuseful observation. One should remark that group theory was in its infancy atthat time, and in fact the abstract notion of a group had yet to be given. Galoiswas one of the first to appreciate the fundamental importance of groups, andnowadays this idea of studying an object by first understanding its symmetriesis prevalent in modern mathematics and physics.Let us discuss our approach to proving Galois’ Theorem. Recall that a polyno-mial f is solvable by radicals if we can write a root of f using just +,−,×,÷ andr√

. More generally, we say that a field extension L/K is a radical extensionif there exists a chain of subfields

K = K0 ⊂ K1 ⊂ · · · ⊂ Kn = L

such that Ki+1 is formed from Ki by extracting an r-th root of an element inKi. In other words, we adjoin an element λi such that λr

i ∈ Ki. We observethat if L/K is radical, then every element of L can be obtained by repeated useof +,−,×,÷, r

√.

The Galois correspondence now furnishes us with a chain of subgroups

{id} = Gal(L/L) ≤ · · · ≤ Gal(L/K1) ≤ Gal(L/K).

We would like to say that if Ki+1/Ki is formed by adjoining an r-th root,then Gal(Ki−1/Ki) is a cyclic group of order r. From this it would follow thatthe chain of subgroups described above is a subnormal series (each subgroupis normal in the next) with cyclic subquotients, and hence that Gal(L/K) is asolvable group.Unfortunately this is not true in general, but it is true once we assume that wehave enough roots of unity in the field K. We therefore have to apply a fewtechnical tricks to complete the proof.

4

Chapter 2

Background Material

2.1 Rings and Algebras

As mentioned in the introduction, Galois Theory involves the study of automor-phisms of fields. In fact, we often consider a field L containing another field Kas a subfield, and we want to understand the field automorphisms of L which fixevery element of K. For example, complex conjugation is a field automorphismof C which fixes every element of R.The appropriate language is therefore that of algebras. Given a field K, a K-algebra is a ring R containing K as a subfield. A K-algebra homomorphismf : R→ S is a ring homomorphism such that f(x) = x for all x ∈ K. We observethat every K-algebra is a fortiori a K-vector space, and that every K-algebrahomomorphism is a K-linear map.1

Examples include the polynomial ring K[X] and field extensions such as Q ⊂R or R ⊂ C. Also, if R is a K-algebra and I C RA a proper ideal, thenthe quotient ring R/I is again a K-algebra. For, we have a non-zero ringhomomorphism K → R → R/I, which is therefore injective since K is a field.We may subsequently identify K with its image inside R/I, giving the quotientR/I the structure of a K-algebra. In particular, if f ∈ K[X] is a non-constantpolynomial, then the quotient ring K[X]/(f) is a K-algebra.

2.2 Polynomial Rings

Let K be a field, and let K[X] be the ring of polynomials in one variable overK. The degree map on K[X] is given by

deg(f) = d provided f = a0Xd + · · ·+ a1X + ad with a0 6= 0, deg(0) = −∞.

1 It is sometimes better to consider R together with a ring homomorphism ιR : K → R.Then a K-algebra homomorphism f : R→ S is a ring homomorphism such that ιR = ιSf .

5

This satisfies

deg(fg) = deg(f) + deg(g) and deg(f) = 0⇔ f ∈ K×.

Using this we see that K[X] is an integral domain (it has no zero-divisors), andalso that the only units in K[X] are the non-zero constants, so elements of K×.

Theorem 2.1. The polynomial ring K[X] is a principal ideal domain.In fact, every non-zero ideal is generated by a monic polynomial, and this poly-nomial is uniquely determined by the ideal.

Proof. The zero ideal (0) is clearly principal, so let I be a non-zero ideal inK[X] and let 0 6= f ∈ I have minimal degree. By dividing through, we mayfurther assume that f is monic. We will show that I = (f).Take g ∈ I. By the Division Algorithm we can write g = qf + r for some q andr with deg(r) < deg(f). Rearranging gives r = g− qf ∈ I, so by the minimalityof f we must have r = 0, and hence g = qf ∈ (f). This proves that I ⊂ (f),and since f ∈ I we have equality.To see that f is unique, suppose that g is monic and I = (g). Swapping theroles of f and g in the above argument gives f = q′g, and so f = qq′f . Henceqq′ = 1, so q, q′ ∈ K×. Finally, since both f and g are monic and g = qf , wededuce that q = 1 and that f = g.

We call a polynomial f irreducible provided that f is non-constant and when-ever f = gh, one of g or h is a unit. Similarly, we call a polynomial f primeprovided that f is non-constant and if f divides gh, then f divides one of g orh. Clearly every prime is irreducible, but in fact the converse also holds.

Proposition 2.2. Every irreducible polynomial f is prime, and (f) is even amaximal ideal.

Proof. Let f ∈ K[X] be irreducible, and suppose that (f) ⊂ (g). Then f = ghfor some h, and since f is irreducible, either g is a unit, in which case (g) = K[X],or else h is a unit, in which case (g) = (f). Thus (f) is a maximal ideal.To see that f is prime, suppose that f divides gh, but that f does not divideg. Since (f) is a maximal ideal and g 6∈ (f) we must have that (f, g) = K[X].Thus there exist polynomials a and b with af + bg = 1. Multiplying by h givesafh+ bgh = h, and since f divides gh, it divides the left-hand side, and hencef divides h.

The next theorem states that K[X] is a unique factorisation domain.

Theorem 2.3. Every non-zero polynomial f ∈ K[X] can be written as f =af1 · · · fn, where a ∈ K× is a unit and the fi ∈ K[X] are monic and irreducible.Moreover, such an expression is unique up to the ordering of the fi.

6

Proof. Let f ∈ K[X] be non-constant. If f is irreducible, then we can writef = af1, where f1 is monic and a ∈ K×. Otherwise, if f is not irreducible, thenthere exists some expression f = gh with g and h non-constant polynomials.Now 0 < deg(g),deg(h) < deg(f), so by induction on degree we can expressboth g and h, and hence also f , in the desired form.Suppose now that f = af1 · · · fm = bg1 · · · gn, where a, b ∈ K× and fi, gj ∈K[X] are monic and irreducible. By comparing leading coefficients we see thata = b.From Proposition 2.2 we know that K[X]/(f1) is a field. Writing h for theimage of a polynomial h in K[X]/(f1), we have that f = 0, so g1 · · · gn = 0 andhence gi = 0 for some i. After reordering, we may assume that g1 = 0. Theng1 ∈ (f1), so g1 = uf1 for some u. Since g1 is irreducible and f1 is not a unit, umust be a unit. Finally, since f1 and g1 are both monic, u = 1 and so f1 = g1.It follows that f2 · · · fm = g2 · · · gn, so by induction on degree we have m = nand, after reordering, fi = gi for all i.

2.3 Roots of Polynomials

Given α ∈ K, we have a K-algebra homomorphism evα : K[X] → K sendingX 7→ α. This is called the evaluation map. We write f(α) for the imageof f in K and say that α is a root of a polynomial f ∈ K[X] provided thatf(α) = 0.Now, the evaluation map is surjective, so its kernel I is a maximal ideal. ClearlyX − α ∈ I, but by Proposition 2.2 the ideal (X − α) is also maximal, soI = (X − α). Therefore α is a root of f if and only if f ∈ (X − α), which is ifand only if X − α divides f .Using that K[X] is a unique factorisation domain, Theorem 2.3, it now fol-lows that a polynomial of degree d has at most d roots in K, counted withmultiplicities.We say that a polynomial f splits over K provided that it has precisely d rootsin K, counted with multiplicities. Equivalently, f factorises as a product oflinear polynomials in K[X].

2.4 Irreducibility Criteria

We now recall some facts about integer polynomials f ∈ Z[X].Analogous to the case of polynomials over fields, we can talk about divisibilityof integer polynomials, and hence about irreducible and prime polynomials.The situation is slightly more complicated, however, since although Z[X] is stilla unique factorisation domain, it is no longer a principal ideal domain. Forexample, the ideal (2, X2 + X + 1) is prime but not principal. In fact, thequotient ring Z[X]/(2, X2 +X + 1) is a field with four elements.

7

We therefore introduce a new concept. An integer polynomial f = a0Xd +

· · · + ad−1X + ad ∈ Z[X] is said to be primitive if gcd(a0, a1, . . . , ad) = 1. Inparticular, all monic polynomials are primitive.We recall the following three results concerning the irreducibility of integerpolynomials. Their proofs are included in the handout.

Lemma 2.4 (Gauss’ Lemma). If f ∈ Z[X] is primitive, then it is irreducibleover Z if and only if it is irreducible over Q.

Lemma 2.5 (Eisenstein’s Criterion). Let f = a0Xd + · · ·+ ad−1X + ad ∈ Z[X]

be primitive. Suppose that there exists a prime p such that p|ai for i = 1, . . . , d,but p - a0 and p2 - ad. Then f is irreducible.

Lemma 2.6 (Rational Root Test). Let f = a0Xd + · · · + ad ∈ Z[X]. If α =

p/q ∈ Q is a root of f such that gcd(p, q) = 1, then p|ad and q|a0.

In general, it is difficult to determine whether a given polynomial is irreducibleor not, and to find its decomposition into irreducible factors. One can comparethis to the problem of determining whether a given number is prime, and offinding its prime factorisation.Let K be a field and f ∈ K[X]. Clearly if deg(f) = 1, then f is irreducible.Also, if deg(f) = 2 or 3, then f is irreducible if and only if it has no linearfactor, which is if and only if it has no root in K. If deg(f) = 4, though, itcould have a decomposition into two irreducible quadratic polynomials.Suppose K = Q. Clearing denominators, we may assume f ∈ Z[X] is primitive.Then by Gauss’ Lemma, f is irreducible over Q if and only if it is irreducibleover Z. Moreover, by the Rational Root Test, we know the possible rationalroots of f . In particular, if f is monic, then any rational root is in fact integral.For higher degrees, we can also use Eisenstein’s Criterion. This is particularlyuseful if we combine it with a suitable linear change of variables Y = X − a.For example, if p is a prime, then the polynomial f = Xp−1 + · · · + X + 1 isirreducible. For, we have f = (Xp − 1)/(X − 1), and so applying the linearchange of variables Y = X − 1 we see that

f(Y ) = ((Y + 1)p − 1)/Y = Y p−1 + pY p−2 + · · ·+(p

r

)Y r−1 + · · ·+ p.

Since p is a prime, each binomial coefficient(pr

)for 0 < r < p is divisible by

p. We can therefore use Eisenstein’s Criterion to deduce that f(Y ), and hencealso f(X), is irreducible.Another powerful method is reduction modulo a prime p. We write Fp for thefield Z/pZ. Consider the surjective ring homomorphism Z[X]→ Fp[X], f 7→ f .If f = gh ∈ Z[X], then clearly f = gh ∈ Fp[X]. Thus if f is irreducible over Fp

for some prime p, then f itself must be irreducible over Z.Variations of this idea can also be applied. For example, suppose that we aregiven f ∈ Z[X] of degree 4. Using the Rational Root Test, we may assume

8

that f has no linear factors, so that if f = gh has a proper factorisation, thendeg(g) = deg(h) = 2. Now suppose that f ∈ Fp[X] factors as f = rs with r, sirreducible, deg(r) = 1, deg(s) = 3. This is incompatible with any factorisationf = gh with deg(g) = deg(h) = 2, so f must itself be irreducible.Finally we remark that there are computer algorithms for factorising polynomi-als. Over the integers one can use the LLL algorithm, whereas over a finite fieldone can use the Cantor-Zassenhaus algorithm. Both of these algorithms run inpolynomial time (viewed in terms of the degree of the polynomial).

Examples

1. f = X2 − 2 ∈ Z[X]. Eisenstein tells us that f is irreducible over Z, soby Gauss’ Lemma, f is irreducible over Q. In other words,

√2 is not a

rational number.

2. f = 29X

5 + 53X

4 + X3 + 13 . Clearing denominators we have g = 9f =

2X5 + 15X4 + 9X3 + 3. We can use Eisenstein’s Criterion with p = 3 todeduce that g, and hence f , is irreducible.

3. f = X3 − 7X2 + 3X + 3. The only possible rational roots are ±1,±3.Checking, we see that f = (X−1)(X2−6X−3) as a product of irreducibles.

4. f = X4 + 15X3 + 7. Working over F2, we have f = X4 +X3 + 1. Thishas no linear factor, since neither 0, 1 are roots of f over F2. Suppose

f = (X2 + aX + b)(X2 + cX + d)

= X4 + (a+ c)X3 + (b+ ac+ d)X2 + (ad+ bc)X + bd.

From the constant term we see that b = d = 1. Therefore the the coeffi-cient of X gives a+ c = 0, whereas the coefficient of X3 gives a+ c = 1, acontradiction. So f is irreducible over F2, whence f is irreducible over Z.

5. Consider f = X4 + 1 and its factorisations over various finite fields:

p f p f

2 (X + 1)4 7 (X2 + 3X + 1)(X2 − 3X + 1)

3 (X2 +X − 1)(X2 −X − 1) 11 (X2 + 3X − 1)(X2 − 3X − 1)

5 (X2 + 2)(X2 − 2) 13 (X2 + 5)(X2 − 5)

Either f is irreducible or else the product of two irreducible quadratics,but the above data give no further information. However, making thesubstitution Y = X − 1 we get (Y + 1)4 + 1 = Y 4 + 4Y 3 + 6Y 2 + 4Y + 2.Applying Eisenstein with p = 2 we see that f is irreducible.

9

Chapter 3

Field Extensions

3.1 The Tower Law

Let L be a field and K ⊂ L a subfield. We write L/K and call L a fieldextension of K. We observe that L is a K-algebra, so in particular a K-vectorspace. We denote its dimension by [L : K] and call this the degree of theextension. We say that L/K is a finite field extension if [L : K] is finite.Clearly L = K if and only if [L : K] = 1.Let M/L and L/K be field extensions. Then M/K is again field extension, andwe call M/L/K a tower of fields.

Theorem 3.1 (Tower Law). Let M/L/K be a tower of fields. Then

[M : K] = [M : L][L : K].

In particular, M/K is finite if and only if both M/L and L/K are finite.

Proof. Let {αi : i ∈ I} be a K-basis of L and {βj : j ∈ J} an L-basis of M . Weclaim that the set of products {αiβj : (i, j) ∈ I × J} is a K-basis of M .Linear Independence. Suppose that we have a finite sum

∑i,j λijαiβj = 0,

where λij ∈ K. We can rewrite this as∑

j

( ∑i λi,jαi

)βj = 0. Since the

coefficients of the βj lie in L we deduce that∑

i λi,jαi = 0 for all i, and thenthat λi,j = 0.Spanning. Take θ ∈ M . We can write θ =

∑j µjβj as a finite sum with

coefficients µj ∈ L. Now write µj =∑

i λijαi as a finite sum with coefficientsλij ∈ K. Then θ =

∑i,j λijαiβj as required.

3.2 Algebraic and Transcendental Elements

Let L/K be a field extension. Given α ∈ L we have a K-algebra homomorphismevα : K[X] → L sending X 7→ α, which we again call the evaluation map. We

10

say that α ∈ L is a root of f ∈ K[X] provided that f(α) = 0; this is if and onlyif X − α divides f as polynomials in L[X]. As before, a polynomial f ∈ K[X]of degree d has at most d roots in L (with multiplicities).Changing perspective, we say that α ∈ L is algebraic over K provided it is theroot of some polynomial f ∈ K[X]; otherwise, we say that α is transcendentalover K. We call a field extension L/K algebraic provided that every α ∈ L isalgebraic over K.The image of the evaluation map evα : K[X] → L is a subring of L, so anintegral domain, which we denote by K[α]. Moreover, since L is a field, thequotient field K(α) of K[α] is a subfield of L. We observe that K[α] is thesmallest subring of L containing both K and α, and similarly that K(α) is thesmallest subfield of L containing both K and α.Since the image of the evaluation map is an integral domain its kernel must bea prime ideal of K[X].

Theorem 3.2. Let L/K be a field extension and α ∈ L. Then there are twopossibilities:

1. (i) α is algebraic over K.(ii) Ker(evα) = (mα/K) for some monic irreducible polynomial mα/K .(iii) K(α) = K[α].(iv) [K(α) : K] = deg(mα/K) is finite.

2. (i) α is transcendental over K.(ii) evα injective.(iii) K(α) 6= K[α].(iv) [K(α) : K] is infinite.

Proof. By definition, α is algebraic over K if and only if the kernel of theevaluation map evα is non-zero, and then by Proposition 2.2 it is a maximalideal generated by a monic irreducible polynomial mα/K . This in turn impliesthat K[α] = K[X]/(mα/K) is a field, so equals K(α), and hence [K(α) : K] =deg(mα/K) is finite.On the other hand, α is transcendental over K if and only if the kernel iszero, or equivalently the evaluation map is injective. This in turn implies thatK[α] ∼= K[X] is not a field, so K[α] 6= K(α) and K(α) is infinite dimensionalover K.This proves that, for both cases, (i) is equivalent to (ii), and these imply both (iii)and (iv). Finally, if either K(α) = K[α] or [K(α) : K] is finite, then α cannotbe transcendental, so must be algebraic. Similarly, if either K(α) 6= K[α] or[K(α) : K] is infinite, then α cannot be algebraic, so must be transcendental.

For a field extension L/K and an element α ∈ L algebraic over K, we call themonic irreducible polynomial mα/K ∈ K[X] the minimal polynomial of αover K. It is uniquely determined by α and K.

11

Corollary 3.3. Let L/K be a field extension, α ∈ L algebraic over K, andf ∈ K[X]. Then α ∈ L is a root of f if and only if mα/K divides f aspolynomials in K[X].

Proof. We know that α is a root of f if and only if f(α) = 0, which is if andonly if f lies in the ideal Ker(evα) = (mα/K).

The next result is important since it allows us to construct field extensions ofK without reference to any other field.

Corollary 3.4 (Kronecker). Let f ∈ K[X] be non-constant. Then there existsa finite field extension L/K in which f has a root. In fact, we may assume that[L : K] ≤ deg(f).

Proof. Let g be a monic irreducible factor of f in K[X] and set L := K[X]/(g).Then L is a finite-dimensional K-algebra, of dimension deg(g) ≤ deg(f), andsince (g) is a maximal ideal it is also a field. Thus L/K is a finite field extension.Set α to be the image of X in L. Then the evaluation map evα/K has kernel(g), so contains f . In other words, α is a root of f in L.

Examples

1. C/R and i ∈ C. Then mi/R = X2 + 1.

2. C/Q and√

2 ∈ C. Then m√2/Q = X2 − 2.

3. C/R and√

2 ∈ R. Then m√2/R = X −

√2.

4. C/Q and ζ = exp(2πi/5) ∈ C. Then mζ/Q = X4 +X3 +X2 +X + 1.

5. π, e ∈ R are transcendental over Q (hard).

In fact, Hilbert’s Seventh Problem, from his address to the ICM in 1900, posedthe following problem:

If a and b are algebraic, with a 6= 0, 1 and b irrational, then is ab

necessarily transcendental?

This was proved in 1934, independently by Gelfond and Schneider. For example,

the number√

2√

2is transcendental (but note that ((

√2)√

2)√

2 = 2 is againrational).We remark that being algebraic or transcendental is a relative notion, since itdepends on the base field. For example, it is known that π ∈ R is transcendentalover Q, but it is clearly algebraic over R. In fact, for any field K, α ∈ K isalgebraic over K.

12

3.3 Intermediate Fields

Let L/K be a field extension. An intermediate field of L/K is a subfield Eof L containing K, in which case L/E/K is a tower of fields.Given a subset S ⊂ L, we write K[S] for the smallest subring of L containingboth K and S, and K(S) for the smallest such subfield. Note that K[S] is anintegral domain and K(S) is its quotient field.This definition makes sense since if Ai are subrings (respectively subfields) of Lcontaining K and S, then so too is their intersection

⋂iAi.

If S = {α1, . . . , αn} is a finite set, then we can describe K[S] = K[α1, . . . , αn]as the image of the K-algebra homomorphism

K[X1, . . . , Xn]→ L, Xi 7→ αi.

This extends the case discussed above of a single element K[α].We say that L/K is finitely generated provided L = K(α1, . . . , αn) for somefinite set of elements α1, . . . , αn. Every finite field extension is finitely gener-ated, since if α1, . . . , αn is a K-basis for L, then clearly L = K(α1, . . . , αn). IfL = K(α), then we say that the field extension L/K is simple, and call α aprimitive element for the field extension.If E and F are two intermediate fields of L/K, then we define their composi-tum EF to be the smallest subfield of L containing both of them. In thenotation above we have EF = E(F ) = F (E).We remark that in all of the above constructions we need the ambient fieldL. In particular, if we are given two field extensions E/K and F/K, there isno natural way to construct a field extension L/K containing both E and F ;we can only talk about the compositum EF when both E and F are alreadysubfields of some larger field L.

Remark

The definition of a compositum of two fields requires an ambient field. If Eand F are field extensions of K, we could instead consider the tensor productE⊗KF and take a maximal ideal I. Then E⊗KF/I is again a field and we haveembeddings E,F → E ⊗K F/I. The problem is that this definition depends onthe choice of I.For example, if

E ∼= F ∼= Q[X]/(X3 − 2) ∼= Q(3√2),

then

E ⊗K F ∼= Q[X,Y ]/(X3 − 2, X3 − Y 3)∼= Q[X,Y ]/

(X3 − 2, (X − Y )(X2 +XY + Y 2)

).

13

We have maximal ideals

I = (X3 − 2, X − Y ) and J = (X3 − 2, X2 +XY + Y 2),

giving fields

E ⊗K F/I ∼= Q[X]/(X3 − 2) ∼= Q(3√2),

E ⊗K F/J ∼= Q[X,Z]/(X3 − 2, Z2 + Z + 1) ∼= Q(3√2, ω).

Here we have made the substitution Z = Y/X and written ω for a primitivecube root of unity.We observe that

[E ⊗K F/I : Q] = 3 and [E ⊗K F/J : Q] = 6,

so the fields are not isomorphic.

3.4 Primitive Element Theorem

Recall that a field extension L/K is simple if there exists some α ∈ L such thatL = K(α), in which case we call α a primitive element for L/K. We now givea useful criterion showing when a finite field extension is simple.

Theorem 3.5 (Primitive Element). Let L/K be a finite extension. Then L/Kis simple if and only if L/K has only finitely many intermediate fields.

Proof. Suppose first that L = K(α) is a finite and simple field extension of K.Then α is algebraic over K, say with minimal polynomial m = mα/K ∈ K[X].Consider the map φ sending an intermediate field F of L/K to the polynomialmα/F , viewed as a polynomial over L. Since α is a root of m, we know thatmα/F dividesm over F , and hence also over L. Thus φ(F ) is a monic polynomialdividing m over L, so the image of φ is a finite set.We also have a map ψ from the monic polynomials dividing m to the intermedi-ate fields of L/K, sending the polynomial f = Xn +an−1X

n−1 + · · ·+a1X+a0

to the field F = K(a0, a1, . . . , an−1) generated over K by the coefficients of f .We wish to show that ψφ = id, so that ψ is a left inverse for φ, and hence that φis injective. Since the image of φ is finite we deduce that L/K has only finitelymany intermediate fields.Let F be an intermediate field of L/K and let f := φ(F ) = mα/F be theminimal polynomial of α over F . Then L = F (α), so [L : F ] = deg(f). Now letF ′ := ψ(f) be the intermediate field generated by the coefficients of f . Sinceeach coefficient of f lies in F we clearly have F ′ ⊂ F , and so [L : F ′] ≥ [L :F ] = deg(f). On the other hand we also have L = F ′(α), and since α is a rootof f ∈ F ′[X] we must have [L : F ′] ≤ deg(f). Thus [L : F ′] = deg(f), so by theTower Law [F : F ′] = 1, whence F = F ′. This proves that ψφ = id.

14

For the other direction, we separate the proof into two cases, depending onwhether or not K is an infinite field.Let L/K be a finite field extension having only finitely many intermediate fields.Suppose that K is an infinite field. We show that for any α, β ∈ L there existsλ ∈ K such that K(α, β) = K(α+ λβ).For convenience set θλ := α + λβ. Now, since L/K has only finitely manyintermediate fields, but K is infinite, there exist λ 6= µ ∈ K with K(θλ) =K(θµ). Thus both

β =θλ − θµ

λ− µand α =

λθµ − µθλ

λ− µlie in K(θλ), so that K(α, β) = K(θλ). This proves the claim.By induction, given α1, . . . , αn ∈ L, there exist λ2, . . . , λn ∈ K such that

K(α1, . . . , αn) = K(α1 + λ2α2 + · · ·+ λnαn).

Since L/K is finite, it is finitely generated and hence simple.If, on the other hand, K is a finite field, then so too is L, and hence L× is acyclic group by the lemma below. Let α be a generator for this group. Thenclearly L = K(α), so L/K is simple.

It remains to prove the following lemma.

Lemma 3.6. Let G be a finite group such that, for all m ≥ 1, there are at mostm elements x ∈ G such that xm = 1. Then G is cyclic.In particular, if G is a finite subgroup of the multiplicative group K× of somefield K, then G is cyclic. If K is a finite field, then K× is a cyclic group.

Proof. Write θ(m) for the number of elements in G of order m. If θ(m) > 0,then there exists some element g ∈ G of order m, and so 〈g〉 ≤ G is a cyclicgroup of order m. This contains m elements, all of which satisfy xm = 1, so byour assumption on G these are the only such elements. We deduce that θ(m)equals the number of generators of this subgroup, which we know is given byEuler’s totient (or phi) function:

φ(m) := |{1 ≤ d ≤ m : gcd(d,m) = 1}|.

It follows that θ(m) is either zero or equals φ(m).Now, Lagrange’s Theorem tells us that every element in G has order dividingn := |G|, so n =

∑m|n θ(m). On the other hand, by considering the case of a

cyclic group, we know that n =∑

m|n φ(m). Since θ(m) ≤ φ(m) for all m|n, wededuce that θ(m) = φ(m) for all m|n. In particular, θ(n) = φ(n) > 0, so G hasan element of order n, so G is cyclic.If K is a field, then there are at most m solutions to the equation Xm = 1 inK. Thus each finite subgroup of K× is cyclic. If K is a finite field, then K×

itself is a finite group, so cyclic.

15

Chapter 4

Field Embeddings

Let L be a field. Recall that a field automorphism of L is a bijective ringhomomorphism σ : L → L. We denote the set of all field automorphisms of Lby Aut(L), and observe that this is a group under composition.Let G ≤ Aut(L) be a subgroup of field automorphisms of L. We define its fixedfield to be

LG := {x ∈ L : σ(x) = x for all σ ∈ G}.Note that LG is indeed a subfield of L.Conversely, if K is a subfield of L, then we may consider the set of K-algebraautomorphisms, or simply K-automorphisms, of L

Gal(L/K) := {σ ∈ Aut(L) : σ(x) = x for all x ∈ K}.

Note that this is a subgroup of Aut(L). We call Gal(L/K) the Galois groupof the field extension L/K.More generally, let F/K be another field extension. We write HomK(F,L) forthe set of K-algebra homomorphisms, or simply K-embeddings, F → L

HomK(F,L) := {σ : F → L : σ(x) = x for all x ∈ K}.

Recall that every such K-embedding is an injective linear map of K-vectorspaces. In particular, if L/K is finite, then HomK(L,L) = Gal(L/K).The next proposition relates some of these concepts. As usual, given a group Gand a subgroup H ≤ G, we write (G : H) for the set of left cosets of H in G, and[G : H] for the number of such cosets. Thus [G : H] = |G|/|H| by Lagrange’sTheorem.

Proposition 4.1. Let L/F/K be a tower of field extensions.

1. Composing with the inclusion F ↪→ L gives an injection Gal(F/K) ↪→HomK(F,L), whose image is precisely those field embeddings having imageF ; that is, the set of σ : F → L with σ(F ) = F .

16

2. Gal(L/F ) ≤ Gal(L/K) is a subgroup, and restriction to F gives an injec-tion

(Gal(L/K) : Gal(L/F )

)↪→ HomK(F,L).

Proof. 1. Composition with the inclusion map ι is clearly injective, and ifσ ∈ Gal(F/K), then ισ clearly has image F . Conversely, if τ ∈ HomK(F,L)has image F , then it restricts to a K-automorphism σ of F , so τ = ισ andσ ∈ Gal(F/K).2. Since K ⊂ F , any F -automorphism of L is necessarily a K-automorphism,whence Gal(L/F ) ≤ Gal(L/K). Restriction to F now gives a map Gal(L/K)→HomK(F,L). Moreover, σ and τ restrict to the same K-embedding if and onlyif σ−1τ fixes F . This happens if and only if σ−1τ ∈ Gal(L/F ), or equivalentlyτ ∈ σGal(L/F ), giving the required injective map from left cosets to fieldembeddings.

4.1 Artin’s Extension Theorem

Let F/K and L/K be finite field extensions. We saw above that we are inter-ested in K-embeddings F → L. One way of constructing these is to start withthe field embedding K → L, and then to iteratively ‘add in’ the elements of F .More precisely, suppose that F = K(α1, . . . , αn), and set Fi := K(α1, . . . , αi).Then Fi = Fi−1(αi) is a simple field extension, so if we have constructed a fieldembedding σi : Fi → L, we just need to understand when we can extend thisto a field embedding σi+1 : Fi+1 → L. This is the content of Artin’s ExtensionTheorem.We need some terminolgy. Let F/K be a field extension and ι : K → L a fieldembedding. We say that a field embedding σ : F → L extends ι provided thatσ(x) = ι(x) for all x ∈ K.

Theorem 4.2 (Artin’s Extension Theorem). Let K(α)/K be a finite, simplefield extension.

1. If L/K is another field extension, then the K-embeddings σ : K(α) → Lare in bijection with the roots of mα/K in L, the bijection being given byσ 7→ σ(α).

2. More generally, if ι : K → L is a field embedding, then the extensionsσ : K(α)→ L of ι are in bijection with the roots of ι(mα/K) in L.

Proof. For convenience set m := mα/K . We have a K-algebra isomorphismK[X]/(m) ∼−→ K(α) via X 7→ α. By the Factor Lemma we know that K-embeddings σ : K(α) → L are in bijection with K-algebra homomorphismsσ : K[X] → L such that σ(m) = 0. Now, each K-algebra homomorphismσ : K[X] → L is completely determined by the element β := σ(X), in whichcase σ = evβ , and then σ(m) = 0 if and only if β is a root of m.

17

For the general case we observe that ι is injective, so induces an isomorphismof K with its image K ′, say, and that L/K ′ is a field extension. We have a ringisomorphism K[X] ∼= K ′[X], which just acts via ι on the coefficients, and hencea field isomorphism K[X]/(m) ∼= K ′[X]/(ι(m)). Using this isomorphism, fieldembeddings K[X]/(m) → L extending ι are in bijection with K ′-embeddingsK ′[X]/(ι(m))→ L, which we have just shown are in bijection with the roots ofι(m) in L.

Examples

Artin’s Extension Theorem is actually very easy to use.

1. Let√

2 ∈ C. Then m√2/Q = X2 − 2. This has roots ±

√2 in C. We

therefore have two embeddings Q(√

2) → C. These are given by theidentity ι1 :

√2 7→

√2 and ι2 :

√2 7→ −

√2.

In fact, both of these restrict to automorphisms of Q(√

2), so

Gal(Q(√

2)/Q) ∼= Z/2Z.

2. Let ω := exp(2πi/3) = 12 (−1 + i

√3) ∈ C. This has minimal polynomial

mω/Q = X2 + X + 1, with roots ω and ω2 = ω. We therefore havetwo embeddings Q(ω) → C given by the identity ω 7→ ω and complexconjugation ω 7→ ω.

Again, both of these restrict to automorphisms of Q(ω), giving

Gal(Q(ω)/Q) ∼= Z/2Z.

3. Let α = 3√

2 ∈ R. Then mα/Q = X3 − 2. This has a unique root in R, sothere is only the identity map Q(α)→ R. On the other hand, X3 − 2 hasroots α, ωα, ω2α in C, so we have three embeddings Q(α)→ C. These aregiven by ι : α 7→ α, θ : α 7→ ωα and φ : α 7→ ω2α.

We have therefore shown that

Gal(Q(α)/Q) = {id} and HomQ(Q(α),C) = {ι, θ, φ}.

In particular, we can have a strict inequality in Proposition 4.1 (1).

4. Consider the tower L/F/Q, where L = Q( 4√

2) and F = Q(√

2). Thenthere are two embeddings F → L, given as in (1) by

√2 7→ ±

√2. On

the other hand, 4√

2 has minimal polynomial X4 − 2 over Q. This hastwo real roots, ± 4

√2, and two complex roots, ±i 4

√2. Therefore there are

two automorphisms of L, given by 4√

2 7→ ± 4√

2. Finally, both of thesenecessarily fix

√2, and hence F . Thus

Gal(Q( 4√

2)/Q) = Gal(Q( 4√

2)/Q(√

2)) ∼= Z/2Z.

18

In particular, we can have a strict inequality in Proposition 4.1 (2).

We observe that the field embedding ι1 : F → L,√

2 7→√

2, can beextended in two different ways to an automorphism of L, namely thetwo automorphisms 4

√2 7→ ± 4

√2. On the other hand, the field embedding

ι2 : F → L,√

2 7→ −√

2 cannot be extended to an automorphism of L.

This agrees with Artin’s Extension Theorem, since the minimal polyno-mial of 4

√2 over F is X2−

√2 (why?). Then ι1(X2−

√2) = X2−

√2, and

this has two roots in L, namely ± 4√

2. On the other hand, ι2(X2−√

2) =X2 +

√2, and this has no roots in L, since both its roots are complex.

5. Consider instead M = Q( 6√

2). Then the minimal polynomial of 6√

2 overF = Q(

√2) is n := X3 −

√2. Then ι1(n) = n has exactly one root in M ,

namely 6√

2, and ι2(n) = X3 +√

2 also has exactly one root in M , namely− 6√

2. Thus ι1 and ι2 can both be extended uniquely to automorphismsof M .

6. We now compute all embeddings Q(α, ω) → C, where α = 3√

2 and ω =exp(2πi/3) as above. We begin by noting that [Q(α, ω) : Q] = 6. For,we know that [Q(ω) : Q] = 2 and that [Q(α) : Q] = 3. It follows fromthe Tower Law that both 2 and 3, and hence 6, divide [Q(α, ω) : Q].On the other hand, we know that α is a root of X3 − 2 over Q(ω), so[Q(α, ω) : Q(ω)] ≤ 3, whence [Q(α, ω) : Q] ≤ 6.

In particular, X3 − 2 is the minimal polynomial of α over Q(ω).

We have already computed all embeddings Q(ω)→ C, namely the identityand complex conjugation τ : ω 7→ ω2. Clearly both fix the minimal poly-nomial X3 − 2 of α, and since this polynomial has three distinct roots inC, we see that both id and τ extend in three different ways to embeddingsQ(α, ω)→ C.

Finally, all of these embeddings restrict to automorphisms of Q(α, ω).Therefore we have in fact computed the Galois group Gal(Q(α, ω)/Q).We list these six automorphisms in the table below, showing their actionson α and ω.

id σ σ2 τ στ σ2τ

ω 7→ ω ω 7→ ω ω 7→ ω ω 7→ ω2 ω 7→ ω2 ω 7→ ω2

α 7→ α α 7→ ωα α 7→ ω2α α 7→ α α 7→ ωα α 7→ ω2α

Note that τ still denotes complex conjugation. Also, the names exhibitsome of the compositions in the Galois group. For example,

σ2(ω) = σ(ω) = ω, σ2(α) = σ(ωα) = σ(ω)σ(α) = ω · ωα = ω2α.

Similarly,

στ(ω) = σ(ω2) = σ(ω)2 = ω2, στ(α) = σ(α) = ωα.

19

Moreover, since

τσ(ω) = τ(ω) = ω2, τσ(α) = τ(ωα) = τ(ω)τ(α) = ω2α,

we have that τσ = σ2τ . Since we also have σ3 = τ2 = id we deducethat the Galois group is isomorphic to Sym3. We observe for later that|Sym3| = 6 = [Q(α, ω) : Q].

4.2 Linear Independence of Characters

Let G be a group and L a field. A character1 of G in L is a group homo-morphism σ : G → L×. The trivial character is the group homomorphismσ(g) = 1 for all g ∈ G.Note that if σ : K → L is a field embedding, then we obtain a characterσ : K× → L×. In particular, all field automorphisms of L induce characters.Given characters σ1, . . . , σn of G in L and elements λ1, . . . , λn of L we may formthe linear combination

∑i λiσi, sending g ∈ G to the element

∑i λiσi(g) ∈ L.

This is a well-defined map, but is no longer a character of G. We say thatthe characters σi are linearly independent over L if the only solution to∑

i λiσi = 0 is when λi = 0 for all i.

Theorem 4.3 (Dedekind). For any group G and field K, distinct charactersG→ K× are linearly independent.

Proof. Suppose we have a non-trivial expression∑n

i=1 λiσi = 0 for distinctcharacters σi and coefficients λi ∈ K. Assume further that such an expressionhas a minimum number of coefficients λi, so each λi is non-zero. Dividingthrough, we may assume that λn = −1. Thus

∑n−1i=1 λiσi = σn.

Now, since σ1 and σn are distinct, there exists g ∈ G such that σ1(g) 6= σn(g).Set µi := σi(g) − σn(g) and consider the linear expression

∑n−1i=1 λiµiσi. Then

for each h ∈ G we haven−1∑i=1

λiµiσi(h) =n−1∑i=1

λiσi(g)σi(h)−n−1∑i=1

λiσn(g)σi(h)

=n−1∑i=1

λiσi(gh)− σn(g)n−1∑i=1

λiσi(h)

= σn(gh)− σn(g)σn(h) = 0,

using that characters are multiplicative. It follows that∑n−1

i=1 λiµiσi = 0, so wehave a new equation of linear dependence, but having fewer terms. Thus eachλiµi = 0, so each µi = 0, but µ1 = σ1(g)− σn(g) 6= 0, a contradiction.We deduce that λi = 0 for all i, so that the σi are linearly independent.

1 Such a character is called an irreducible character of degree one in courses on grouprepresentation theory.

20

Corollary 4.4. Let L/K and F/K be field extensions, and assume that F/Kis finite. Then |HomK(F,L)| ≤ [F : K].In particular, if L/K is finite, then |Gal(L/K)| ≤ [L : K].

Proof. Let x1, . . . , xn be a K-basis for F , and let σ1, . . . , σm be distinct elementsof HomK(F,L). Form the matrix M := (σi(xj)) ∈ Mm×n(L), and view M t asa linear map M t : Lm → Ln. If m > n, then this has a non-zero kernel, so wecan find elements λi ∈ L, not all zero, with∑

i

λiσi(xj) = 0 for all j.

Since the xj form a K-basis for F and the σi fix K, we deduce that∑

i λiσi(x) =0 for all x ∈ F , and hence that

∑i λiσi = 0, contradicting the linear indepen-

dence of the σi. Thus m ≤ n, and hence |HomK(F,L)| ≤ [F : K].

21

Chapter 5

Galois Extensions

We saw in the previous section that if L/K is a finite field extension, thenGal(L/K) is a finite group of size at most [L : K]. We call L/K a Galois ex-tension provided |Gal(L/K)| = [L : K], which is to say that the field extensionL/K has the maximal amount of symmetry.We remark that in Section 4.1, Example (1) we proved that Q(

√2)/Q is a

Galois extension with Galois group Sym2, and in Example (6) we proved thatQ( 3√

2, ω)/Q is a Galois extension with Galois group Sym3.On the other hand, Q( 3

√2)/Q has no non-trivial automorphism by Example (3),

but has degree 3, so is not Galois.We begin by showing that Galois extensions arise as fixed fields of field auto-morphisms.

Proposition 5.1. Let L be a field and G ≤ Aut(L) a finite group of fieldautomorphisms of L. Set K := LG to be its fixed field. Then L/K is a Galoisextension, and Gal(L/K) = G.

Proof. Clearly G ≤ Gal(L/K). We will show that |G| ≥ [L : K]; hence L/K isa finite extension, and since by Corollary 4.4 we have [L : K] ≥ |Gal(L/K)|, itfollows that L/K is Galois and G = Gal(L/K).The proof is similar in style to that of Theorem 4.3.Let G = {σ1, . . . , σm} and take x1, . . . , xn ∈ L, linearly independent over K.Form the matrix M = (σi(xj)) ∈Mm×n, and view it as a linear map M : Ln →Lm. If m < n, then this has non-trivial kernel, so there exist λj ∈ L, not allzero, with ∑

j

λjσi(xj) = 0 for all i.

Take such a solution having a minimal number of non-zero terms. Dividingthrough and renumbering, we may assume that λn = 1.

22

Now, the λj cannot all lie in K, since otherwise σi(∑

j λjxj) = 0, whence∑j λjxj = 0, contradicting the linear independence of the xj . So without loss

of generality we may assume that λ1 6∈ K. Next, since K = LG, we haveσ(λ1) 6= λ1 for some σ ∈ G. Applying σ to our list of equations, and using thatG = {σσi}, we get ∑

j

σ(λj)σi(xj) = 0 for all i.

Subtracting then gives∑j

µjσi(xj) = 0 for all i, where µj := λj − σ(λj).

Since µn = 0, this has fewer non-zero terms, so by minimality µj = 0 for all j.On the other hand, µ1 6= 0, a contradiction.We conclude that m ≥ n, and so |G| ≥ [L : K].

Corollary 5.2. Let L/K be a Galois extension with Galois group G. ThenK = LG.

Proof. Since L/K is a Galois extension we have |G| = [L : K], and so G is afinite group. Then, by the proposition, |G| = [L : LG]. Clearly K ⊂ LG, so theTower Law gives us that [LG : K] = 1, whence LG = K.

We observe that L/K is Galois if and only if K is the fixed field of Gal(L/K).This condition is used by some authors as the definition of a Galois extension.

5.1 The Galois Correspondence

The next theorem is of great importance: it states that intermediate fields ofGalois extensions correspond to subgroups of the Galois group. In particular,there are only finitely many intermediate fields.

Theorem 5.3 (Fundamental Theorem of Galois Theory). Let L/K be Galoiswith Galois group G. Then there exists a bijection

{subgroups of G} ←→ {intermediate fields of L/K}H 7−→ LH

Gal(L/F ) ←− [ F

In particular, for each intermediate field F , the extension L/F is Galois.

Proof. Let H be a subgroup of G and set F := LH . Since H is a subgroup ofG = Gal(L/K) we know that K ⊂ F , so that F is an intermediate field of L/K.Moreover, H is a finite group (since G is), so we can apply Proposition 5.1 to

23

deduce that L/F is Galois with Galois group H. This proves that Gal(L/LH) =H.Conversely, let F be an intermediate field of L/K and set H := Gal(L/F ).Since K ⊂ F , we see that H fixes K, and so H is a subgroup of G. Now, byCorollary 4.4 we know that [L : F ] ≥ |H| and [F : K] ≥ |HomK(F,L)|, whereasby Proposition 4.1 we know that |HomK(F,L)| ≥ [G : H]. We can now use theTower Law to deduce that

[L : K] = [L : F ][F : K] ≥ |H|[G : H] = |G|.

Since L/K is Galois we have |G| = [L : K], and so we must have equality above.It follows that |H| = [L : F ], and thus L/F is Galois with Galois group H.Hence H has fixed field F by Corollary 5.2.

For convenience we record the following result, shown during the above proofand improving Proposition 4.1.

Corollary 5.4. Let L/K be Galois with Galois group G. Let F be an in-termediate field of L/K and set H := Gal(L/F ). Then there is a bijection(G : H) ∼= HomK(F,L), with both sides having size [F : K].

The next result investigates the correspondence between subgroups and inter-mediate fields more closely.We need some terminology. If F is an intermediate field of a Galois extensionL/K, then we call Gal(L/F ) the Galois group associated to F .

Theorem 5.5 (Galois Correspondence). Let L/K be Galois with Galois groupG. Let H,Hi be subgroups of G, with fixed fields F, Fi.

1. H1 ≤ H2 if and only if F1 ⊃ F2.

2. H1 ∩H2 has fixed field the compositum F1F2.

3. F1 ∩ F2 has associated group 〈H1,H2〉.

4. If σ ∈ G, then σ(F ) has associated group σHσ−1.

5. F/K is Galois if and only if σ(F ) = F for all σ ∈ G, which is if andonly if H CG is a normal subgroup. In this case, F/K has Galois group(isomorphic to) G/H.

Recall that if H1,H2 ≤ G are subgroups, then we write 〈H1,H2〉 for the smallestsubgroup of G containing both H1 and H2.

Proof. 1. IfH1 ≤ H2, then everything fixed by all elements ofH2 is necessarilyfixed by all elements of H1, so F1 ⊃ F2. Conversely, if F1 ⊃ F2, then everyautomorphism fixing all elements of F1 necessarily fixes all elements of F2, soH1 ≤ H2.

24

2. Let H1 ∩H2 have fixed field M , and let F1F2 have associated Galois groupB. Since F1F2 ⊃ Fi we have B ≤ Hi, and hence B ≤ H1 ∩ H2. Conversely,since H1 ∩H2 ⊂ Hi we have M ⊃ Fi, and hence M ⊃ F1F2. Applying (1) thengives H1 ∩H2 ⊂ B. Thus B = H1 ∩H2 and M = F1F2.3. This is similar. Let 〈H1,H2〉 have fixed field M , and let F1 ∩ F2 have as-sociated Galois group B. Since Fi ⊃ F1 ∩ F2 we have Hi ≤ B, and hence〈H1,H2〉 ≤ B. Conversely, since Hi ≤ 〈H1,H2〉 we have Fi ⊃ M , and henceF1 ∩ F2 ⊃ M . Applying (1) then gives B ≤ 〈H1,H2〉. Thus B = 〈H1,H2〉 andM = F1 ∩ F2.4. The Galois group associated to σ(F ) consists of all automorphisms τ suchthat τσ(x) = σ(x) for all x ∈ F , or equivalently σ−1τσ(x) = x for all x ∈ F .Thus τ ∈ Gal(L/σ(F )) if and only if σ−1τσ ∈ Gal(L/F ) = H, which is if andonly if τ ∈ σHσ−1.5. By (4) we know that H is a normal subgroup if and only if σ(F ) = F for allσ ∈ G. Next, by Corollary 5.4 we have a bijection (G : H) ∼= HomK(F,L), soevery K-embedding F → L is the restriction to F of some element in G. ThusH is normal if and only if every K-embedding σ : F → L has image F .On the other hand we have an inclusion ι : Gal(F/K) ↪→ HomK(F,L) by Propo-sition 4.1, whose image is precisely those σ satisfying σ(F ) = F . Therefore His normal if and only if ι is a bijection, and since |HomK(F,L)| = [F : K] byCorollary 5.4, this is equivalent to |Gal(F/K)| = [F : K], and hence to F/Kbeing Galois.Finally, if this holds, then we have a (set-theoretic) bijection G/H ∼= Gal(F/K).This sends a coset σH to its restriction σ : F → L, which we know has imageF so lies in Gal(F/K). An easy check shows that this bijection respects themultiplication and preserves the identity, so is a group isomorphism.

Remarks

The first statement says that the bijection between subgroups of G and inter-mediate fields of L/K is inclusion-reversing. The next two statements saythat the bijection preserves the lattice structure.Later we will introduce the notion of a normal field extension, and then (5) saysthat H is a normal subgroup if and only if F/K is a normal field extension. Infact, this is the origin of the term normal subgroup.We have the following two pictures representing properties (2) and (3) above.

25

L

F1F2

F1 ∩ F2

K

F1

F2 Galoiscorrespondence

{1}

H1 ∩H2

〈H1,H2〉

G

H1

H2

Example

Set α = 3√

2 and ω = exp(2πi/3). We know that the field extension Q(α, ω)/Qis Galois with Galois group Sym3. Moreover, the automorphisms are given by

id σ σ2 τ στ σ2τ

ω 7→ ω ω 7→ ω ω 7→ ω ω 7→ ω2 ω 7→ ω2 ω 7→ ω2

α 7→ α α 7→ ωα α 7→ ω2α α 7→ α α 7→ ωα α 7→ ω2α

Now, the proper subgroups of Sym3 are {id}, the group of order three 〈σ〉, andthe three groups of order two 〈τ〉, 〈στ〉, 〈σ2τ〉.The subgroup 〈σ〉 has fixed field Q(ω). For, σ fixes ω, so Q(σ) is contained inthe fixed field. On the other hand, the subgroup has index two, and Q(ω)/Qhas degree two, so we must have equality.The subgroup 〈τ〉 has fixed field Q(α). For, τ fixes α, and we can again argueby degrees.Similarly, the subgroup 〈στ〉 has fixed field Q(ω2α), and 〈σ2τ〉 has fixed fieldQ(ωα).We usually display this by drawing the lattices of subgroups and intermediatefields.

〈σ〉

{1}

S3

〈τ〉 〈στ〉 〈σ2τ〉

Q(ω)

L = Q(α, ω)

Q

Q(α) Q(ω2α) Q(ωα)

Note that 〈σ〉 = Alt3 is a normal subgroup, and that Q(ω)/Q is Galois.

26

5.2 Transitive Group Actions

Let a group G act on a set X. We say that the action is transitive providedthat, for x, y ∈ X there exists g ∈ G with g(x) = y. We are going to showthat if L/K is a Galois extension with Galois group G, then for each α ∈ L itsminimal polynomial mα/K splits into distinct linear factors over L and G actstransitively on the roots.

Proposition 5.6. Let L/K be Galois with Galois group G. Let α ∈ L and setd = [L : K(α)]. Then ∏

σ∈G

(X − σ(α)

)= (mα/K)d.

Moreover, mα/K splits into distinct linear factors over L.

Proof. Set f :=∏

σ∈G

(X − σ(α)

). If τ ∈ G, then

τ(f) =∏σ∈G

(X − τσ(α)

)=

∏σ∈G

(X − σ(α)

)= f.

Thus every coefficient of f is in the fixed field of G, so f ∈ K[X].ConsiderH := Stab(α) = {σ ∈ G : σ(α) = α}. Then clearlyH = Gal(L/K(α)),so d := |H| = [L : K(α)] and [G : H] = [K(α) : K]. If we take coset represen-tatives σi for H in G, then f = md, where m =

∏i

(X − σi(α)

). Note that m

is a monic polynomial of degree [G : H] = [K(α) : K], and splits into distinctlinear factors over L. Moreover, since each τ ∈ G just permutes the roots of f ,the same is true for m. Thus τ(m) = m for all τ ∈ G, so m ∈ K[X]. Finally,since α is a root of m, we conclude that m = mα/K .

We say that two elements α and β of L are K-conjugates if they have thesame minimal polynomial over K.

Corollary 5.7. Let L/K be Galois with Galois group G. Then α, β ∈ L areK-conjugates if and only if there exists σ ∈ G with σ(α) = β. In particular, Gacts transitively on the roots of mα/K .

Proof. We have just seen that mα/K =∏

i

(X − σi(α)

), where σi are coset

representatives for Gal(L/K(α)) in G. Now, β is a K-conjugate of α if and onlyif it is a root of mα/K , which is if and only if it is of the form σ(α) for someσ ∈ G.

27

Chapter 6

Calculating Galois Groups

6.1 Example 1

Consider the irreducible polynomial f = X4 − 2 ∈ Q[X] and set α := 4√

2 ∈ R.Over the complex numbers f has roots ±α,±iα. Set L = Q(α, i). We will showthat L/Q is Galois with Galois group D8, the dihedral group of order eight, orsymmetry group of a square.There are four embeddings Q(α) → L given by α 7→ imα for 0 ≤ m < 4. Also,since α ∈ R we see that i 6∈ Q(α), and hence that i has minimal polynomialX2+1 over Q(α). By Artin’s Extension Theorem, each embedding α 7→ imα canbe extended in two ways by i 7→ ±i. This gives the eight elements of Gal(L/Q)

α 7→ imα

i 7→ iand

α 7→ imα

i 7→ −i.

Set σ to be the map α 7→ iα, i 7→ i and τ to be the map α 7→ α, i 7→ −i. Thenσ has order four, τ is complex conjugation, so has order two, and τσ = σ3τ .Hence Gal(L/Q) ∼= D8, the dihedral group of order 8, or the symmetry groupof a square.In fact, the four roots imα of f in C form the four vertices of a square, withdiagonals along the real and imaginary axes. In this picture, σ is just therotation anticlockwise by π/2 and τ is reflection in the real axis.

−α α

iα

−iα

τ

σ

28

As usual we draw the lattices of subgroups and intermediate fields. Note thatall inclusions of subgroups have index 2.

{1}

D8

〈σ2τ〉 〈τ〉 〈σ2〉 〈στ〉 〈σ3τ〉

〈σ2, τ〉 〈σ〉 〈σ2, στ〉

L = Q(α, i)

Q

Q(iα) Q(α) Q(α2, i) E F

Q(α2) Q(i) G

To find the fixed fields we can proceed as follows. Clearly σ fixes i, so Q(i) iscontained in the fixed field of 〈σ〉. On the other hand, 〈σ〉 has index two in D8

and Q(i)/Q has degree two, so Q(i) is the fixed field of 〈σ〉.Similar reasoning shows that 〈τ〉 has fixed field Q(α).We now apply the Galois Correspondence. Using that σ〈τ〉σ−1 = 〈στσ−1〉 =〈σ2τ〉, we see that 〈σ2τ〉 has fixed field Q(σ(α)) = Q(iα).Next, the subgroup 〈τ, σ2τ〉 = 〈σ2, τ〉 has fixed field the intersection Q(α) ∩Q(iα). This equals Q(α2), since we obviously have one inclusion and the degreescoincide. It now follows that the group 〈σ2〉 = 〈σ〉 ∩ 〈σ2, τ〉 has fixed fieldQ(α2, i).It remains to calculate the intermediate fields E, F and G.The subfield G is contained in Q(α2, i) = Q(

√2, i), and we have seen such field

extensions before. We deduce that G = Q(iα2) = Q(i√

2).Consider στ . Viewing the four roots imα of f as the points of a square inC, we observe that στ swaps α and iα, and hence fixes the midpoint α(1 + i)of the side connecting α with iα. Now, α(1 + i) has four distinct conjugates±α(1+i),±α(1−i), so Q(α(1+i))/Q has degree four, and hence E = Q(α(1+i)).Finally, we can conjugate by σ to deduce that F = σ(E) = Q(α(1− i)).We seem to have lost some symmetry in our diagram of intermediate fields, butwe can reclaim this by applying some more thought to the fields E and F . Webegin by noting that the primitive eighth root of unity ζ := exp(2πi/8) can bewritten as

ζ =1 + i√

2=

1 + i

α2.

It follows that L = Q(α, ζ). Furthermore, ζ2 = i and α2 = ζ+ζ−1, so Q(α2, i) =Q(ζ). Also, F is generated by

2α(1− i)

=1 + i

α= αζ,

29

and similarly E is generated by

2α(1 + i)

=α3

1 + i= αζ−1 = −αζ3.

Observe that

σ(ζ) =1 + i

−α2= −ζ and τ(ζ) =

1− iα2

= ζ−1.

We can therefore rewrite the lattice of intermediate fields as

Q(α, ζ)

Q

Q(αζ2) Q(α) Q(ζ) Q(αζ3) Q(αζ)

Q(α2) Q(ζ2) Q(α2ζ2)

The proper normal subgroups of D8 are

〈σ2, τ〉, 〈σ〉, 〈σ2, στ〉, 〈σ〉,

and so their respective fixed fields are Galois over Q

Q(α2), Q(i), Q(iα2), Q(ζ).

30

6.2 Example 2

Let α =√

(2 +√

2)(3 +√

3). We will show that L = Q(α) is Galois over Q andhas Galois group Q8, the quaternion group.Observe that α2 = (2 +

√2)(3 +

√3) = 6 + 3

√2 + 2

√3 +√

6. Thus Q(α2) ⊂Q(√

2,√

3), which we know is Galois over Q with Galois group V ∼= (Z/2Z)2.We can write V = {1, σ, τ , στ}, where

σ(√

2) = −√

2

σ(√

3) =√

3and

τ(√

2) =√

2

τ(√

3) = −√

3.

Consider the four conjugates of α2

6 + 3√

2 + 2√

3 +√

6, 6− 3√

2 + 2√

3−√

6

6 + 3√

2− 2√

3−√

6, 6− 3√

2− 2√

3 +√

6.

Since {1,√

2,√

3,√

6} is a Q-basis for Q(√

2,√

3), we observe that these fourelements are all distinct. Thus α2 is a primitive element for Q(

√2,√

3). Inparticular, Q(α2)/Q is Galois with Galois group V .Clearly [Q(α) : Q(α2)] ≤ 2, so to prove equality, we must show that α 6∈Q(α2) = Q(

√2,√

3). Suppose for a contradiction that α ∈ Q(√

2,√

3) andconsider ατ(α). This must lie in the fixed field of 〈τ〉, namely Q(

√2). On the

other hand

(ατ(α))2 = α2τ(α2) = (2 +√

2)(3 +√

3) · (2 +√

2)(3−√

3) = 6(2 +√

2)2.

Thus

6 =(ατ(α)2 +√

2

)2

and hence√

6 = ± ατ(α)2 +√

2∈ Q(

√2).

This yields the required contradiction. Therefore [Q(α) : Q] = 8.We have shown that the minimal polynomial of α over Q(α2) = Q(

√2,√

3) issimply X2 − (2 +

√2)(3 +

√3). By Artin’s Extension Theorem we can extend

each of the four embeddings Q(α2) → C, given by the elements of V , in twoways. This gives the eight possible embeddings Q(α)→ C

α 7→ ±√

(2±√

2)(3±√

3),

where we can choose the signs independently of one another.Observe that we can now find the minimal polynomial of α over Q, since this isthe polynomial of degree eight having precisely these roots. We calculate

m := mα/Q = X8 − 24X6 + 144X4 − 288X2 + 144.

Now,√2−√

2 =

√(2−

√2)(2 +

√2)√

2 +√

2=

√2√

2 +√

2=√

2√

2 +√

22 +√

2=

√2 +√

21 +√

2

31

and similarly √3−√

3 =√

6√3 +√

3=√

2√

3 +√

31 +√

3.

Therefore √(2−

√2)(3 +

√3) =

α

1 +√

2√(2 +

√2)(3−

√3) =

α√

21 +√

3√(2−

√2)(3−

√3) =

√2√

6α

=2√

3α

and since Q(α2) = Q(√

2,√

3), we see that√

2,√

3,√

6 ∈ Q(α), and hence eachof the roots lies in Q(α). We conclude that each embedding Q(α) → C hasimage Q(α), so restricts to an automorphism of Q(α). Thus Gal(Q(α)/Q) hasorder eight and so Q(α)/Q is Galois.We now show that the Galois group is isomorphic to the quaternion group Q8.Define σ to be the following extension of σ

σ :√

2 7→ −√

2,√

3 7→√

3, α 7→√

(2−√

2)(3 +√

3) =α

1 +√

2.

Similarly define τ to be the following extension of τ

τ :√

2 7→√

2,√

3 7→ −√

3, α 7→√

(2 +√

2)(3−√

3) =α√

21 +√

3.

Then

σ2(α) =σ(α)

σ(1 +√

2)=α/(1 +

√2)

1−√

2= −α

τ2(α) =τ(α√

2)τ(1 +

√3)

=2α/(1 +

√3)

1−√

3= −α.

Hence σ2 = τ2 and σ4 = 1. Also στ(√

3) = −√

3 and

στ(α) =σ(α√

2)σ(1 +

√3)

=−α√

2/(1 +√

2)1 +√

3=

−α√

2(1 +

√2)(1 +

√3)

=−2√

3α

,

so (στ)2(α) = −α. It follows from the discussion below that Gal(Q(α)/Q) ∼= Q8.We recall that the quaternions are given as

H := {a+ bi+ cj + dk : i2 = j2 = k2 = ijk = −1, a, b, c, d ∈ R}.

This is a non-commutative R-algebra. Note that ij = k, jk = i and ki = j,whereas ji = −k, kj = −i, ik = −j.

32

The quaternion group Q8 is given as the multiplicative subgroup

Q8 := {±1,±i,±j,±k} ⊂ H.

This has the presentation

Q8 = 〈i, j : i2 = j2 = (ij)2, i4 = 1〉,

so Q8∼= Gal(Q(α)/Q) via i 7→ σ and j 7→ τ .

We next compute all possible subgroups of Q8.The subgroup Z = 〈−1〉 is central, so normal, and the quotient group Q8/Zis isomorphic to the Klein four group V ∼= (Z/2Z)2. The Third IsomorphismTheorem now tells us that the subgroups of Q8 containing Z are in bijectionwith the subgroups of V . This yields the subgroups 〈i〉, 〈j〉 and 〈k〉, each ofwhich is isomorphic to Z/4Z. In fact, together with Z, these are the only propersubgroups of Q8. For, let H ≤ Q8 be a proper subgroup and take 1 6= h ∈ H.Then either h2 = −1, or else h2 = 1 and so h = −1. In either case we see that−1 ∈ H, so Z ⊂ H and H is on our list.We can now draw the lattices of subgroups and intermediate fields. Again, allinclusions of subgroups have index 2.

{1}

〈σ2〉

Q8

〈τ〉 〈σ〉 〈στ〉

Q(α)

Q(√

2,√

3)

Q

Q(√

2) Q(√

3) Q(√

6)

For, we know that σ fixes√

3, so by degrees Q(√

3) is the fixed field of 〈σ〉.Similarly, 〈τ〉 has fixed field Q(

√2) and 〈στ〉 has fixed field Q(

√6). Finally,

by the Galois Correspondence, the intersection 〈σ〉 ∩ 〈τ〉 = 〈σ2〉 has fixed fieldQ(√

2,√

3).Note that all subgroups are normal, so all intermediate fields are Galois over Q.

33

Chapter 7

Some Applications

We now consider two particular cases of Galois extensions.

7.1 Symmetric Functions

Let k be a field. Let k[t1, . . . , tn] be a polynomial ring over k with n indeter-minates, and set L := k(t1, . . . , tn) to be its quotient field. Alternatively wecan construct L via a sequence of simple transcendental field extensions: set-ting ki := k(t1, . . . , ti) we see that ki = ki−1(ti) is a simple transcendental fieldextension.The symmetric group Symn acts on the set {t1, . . . , tn} via σ(ti) := tσ(i). Thistherefore extends to a k-algebra automorphism of k[t1, . . . , tn]. Note that Symn

acts faithfully, in the sense that σ(f) = f for all f implies σ = id.Using that L is the quotient field of k[t1, . . . , tn] we deduce that Symn acts on Las k-automorphisms. In other words we have an injective group homomorphismSymn → Gal(L/k). We can now apply Proposition 5.1 to deduce that L/LSymn

is a Galois extension with Galois group Symn. The fixed field LSymn is calledthe field of symmetric functions.For 1 ≤ r ≤ n define

sr :=∑

i1<···<ir

ti1 · · · tir ,

so that in particular

s1 = t1 + t2 + · · ·+ tn and sn = t1t2 · · · tn.

We can view the summands of sr as being indexed by the r-element subsets of{1, . . . , n}. Since the group Symn acts transitively on the set of all r-elementsubsets we see that each sr is fixed by Symn, so lies in the fixed field. We set

K := k(s1, . . . , sn),

34

the subfield of L generated over k by the elements s1, . . . , sn.

Theorem 7.1 (Fundamental Theorem of Symmetric Functions). The extensionL/K is Galois with Galois group Symn. In particular, any symmetric function(a rational function of the ti which is fixed by Symn) can be expressed as arational function of the si.Moreover, any symmetric polynomial (a polynomial in the ti which is fixed bySymn) can be expressed as a polynomial in the si. Hence the fixed ring ofk[t1, . . . , tn] is k[s1, . . . , sn].

Proof. As observed above, L/LSymn is a Galois extension with Galois groupSymn, so [L : LSymn ] = |Symn| = n!. We also have K ⊂ LSymn , so [L : K] ≥ n!.It therefore suffices to prove that [L : K] ≤ n!, for then [L : K] = n!, and soK = LSymn .Set Ki := K(t1, . . . , ti). Then Ki = Ki−1(ti), so by the Tower Law it is enoughto show that [Ki+1 : Ki] ≤ n− i. Consider the polynomial

f := (X − t1)(X − t2) · · · (X − tn) = Xn − s1Xn−1 + s2Xn−2 + · · ·+ (−1)nsn.

Then f ∈ K[X]. Moreover, since t1, . . . , ti ∈ Ki we deduce that

fi := (X − ti+1) · · · (X − tn) = f/(X − t1) · · · (X − ti) ∈ Ki[X].

Now, ti+1 is a root of the polynomial fi, so [Ki+1 : Ki] = [Ki(ti+1) : Ki] ≤deg(fi) = n− i as required.This proves that [L : K] ≤ n!, and hence that K = LSymn is the fixed field.To prove the second statement we set S := k[s1, . . . , sn]. Then S is a subringof K, so an integral domain, and clearly K is the quotient field of S. Moregenerally, set Si := S[t1, . . . , ti], so that Si is a subring of Ki and has quotientfield Ki.We saw above that f0 = f ∈ S[X]. Moreover, since each polynomial (X −t1) · · · (X − ti) ∈ Si[X] is monic and divides f over Ki, we must have thatfi = f/(X − 1) · · · (X − ti) ∈ Si[X].We claim that any polynomial in k[t1, . . . , tn] can be written as a sum of elementsof the form gm, where g ∈ S and

m ∈M := {ta11 · · · tan

n : 0 ≤ ai < n− i}.

Take a polynomial h ∈ k[t1, . . . , tn]. Since tn is a root of fn−1 ∈ Sn−1[X] andfn−1 has degree one, we can replace any occurrence of tn with an element ofSn−1. Similarly, since tn−1 is a root of fn−2 ∈ Sn−2[X] and fn−2 has degreetwo, we can replace all occurrences of tdn−1 for d > 1 by a linear polynomialin tn−2 with coefficients in Sn−2. Continuing in this way, we can use thatfi−1 ∈ Si−1[X] to replace all occurrences of tdi for d > n− i by a polynomial ofdegree n − i in ti with coefficients in Si−1. Doing this for all i = n, . . . , 1, wecan express h in the given form, proving the claim.

35

It follows that the monomials in M form a K-basis of L. For, [L : K] = n! =|M|, so it is enough to show that they span. Any element in L can be writtenas a fraction g/h with g, h ∈ k[t1, . . . , tn] and h 6= 0. Set h :=

∏σ 6=id σ(g),

so that H := hh is fixed by Symn, so lies in K, and G := gh ∈ k[t1, . . . , tn].Now, g/h = G/H and we have just shown that G can be written as a K-linearcombination of elements in M. Thus the same is true of G/H = g/h, so M isa spanning set as required.Finally, let h ∈ k[t1, . . . , tn] be a symmetric polynomial. Then h ∈ K, and alsoh is an S-linear combination of elements inM. SinceM is a K-basis, these twoexpressions must agree, so h ∈ S.

It is instructive to see an example of this procedure. Take n = 3. We wish towrite the polynomial h := t21t3 + t32 as an S-linear combination of elements ofM, where S = k[s1, s2, s3] andM = {1, t1, t2, t21, t1t2, t21t2}.We have the polynomials

f0 = (X − t1)(X − t2)(X − t3) = X3 − s1X2 + s2X − s3

f1 = (X − t2)(X − t3) =f0

X − t1= X2 − (s1 − t1)X + (s2 − s1t1 + t21)

f2 = X − t3 =f1

X − t2= X − (s1 − t1 − t2)

It follows that we can make the following replacements

t3 = s1 − t1 − t2t22 = (s1 − t1)t2 − (s2 − s1t1 + t21)

t31 = s1t21 − s2t1 + s3

Replacing t3 in h gives

h = s1t21 − t31 − t21t2 + t32.

We next observe that

t32 = t2 · t22 = (s1 − t1)t22 − (s2 − s1t1 + t21)t2= (s1 − t1)2t2 − (s1 − t1)(s2 − s1t1 + t21)− (s2 − s1t1 + t21)t2= (s21 − s2 − s1t1)t2 − (s1s2 − s21t1 − s2t1 + 2s1t21 − t31).

Substituting in gives

h = (s21 − s2 − s1t1 − t21)t2 + (−s1s2 + s21t1 + s2t1 − s1t21)= −s1s2 + (s21 + s2)t1 + (s21 − s2)t2 − s1t21 − s1t1t2 − t21t2.

36

7.2 The J-Invariant

We wish to define an action of the group Sym3 on the field k(t). Recall thatSym3 has the presentation

Sym3 = 〈σ, τ : σ3 = τ2 = (στ)2 = id〉.

Consider the k-algebra homomorphisms

σ, τ : k[t]→ k(t), σ(t) := (1− t)−1, τ(t) := t−1.

Since (1− t)−1 and t−1 are both transcendental over k, these k-algebra homo-morphisms extend to k-embeddings

σ, τ : k(t)→ k(t).

Moreover, a quick check reveals that σ3 = τ2 = (στ)2 = id, so we obtain thatSym3 acts as on k(t) as k-automorphisms. In other words we have a grouphomomorphism Sym3 → Gal(k(t)/k). Finally, computing g(t) for all g ∈ Sym3

shows that this action is faithful, so the group homomorphism is injective.Let L = k(t) and K = LSym3 . Then Proposition 5.1 tells us that L/K is Galoiswith Galois group Sym3.

Theorem 7.2. We have K = k(J), where J =(t2 − t+ 1)3

t2(t− 1)2.

Proof. A short calculation gives that both σ(J) = J and τ(J) = J , so that Jlies in the fixed field K. Since L/K is Galois with Galois group Sym3 we knowthat [L : K] = |Sym3| = 6, so [L : k(J)] ≥ 6. It is therefore enough to showthat [L : k(J)] ≤ 6. For this, we just observe that t is a root of the polynomial(X2 −X + 1)3 − JX2(X − 1)2 ∈ k(J)[X].

In other words, the set of functions f ∈ k(t) for which

f(t) = f((1− t)−1) = f(t−1)

is precisely the field k(J) of functions in J .We remark that

(X2 −X + 1)3 − JX2(X − 1)2 =∏

g∈Sym3

(X − g(t)

).

For, t, and hence each g(t) for g ∈ Sym3, is a root of the left-hand side, whichis a monic polynomial of degree six.We can view

σ : t 7→ (1− t)−1 and τ : t 7→ t−1

as functions on C \ {0, 1}. In fact, we can even extend these to functions on theRiemann Sphere P1 := C ∪ {∞}. This defines an action of Sym3 on P1.

37

Proposition 7.3. Two numbers λ, µ ∈ P1 lie in the same Sym3 orbit if andonly if J(λ) = J(µ).

Proof. Since J is in the fixed field we have J(g(λ)) = J(λ) for all g ∈ Sym3.Conversely, suppose that J(µ) = J(λ) 6=∞. Then µ is a root of the polynomial

(X2 −X + 1)3 − J(λ)X2(X − 1)2 =∏

g∈Sym3

(X − g(λ)).

Finally, if J(λ) = ∞, then λ ∈ {0, 1,∞} and these three points form a singleSym3 orbit.

This action of Sym3 on P1 arises in the definition of the cross-ratio. Recallthat the cross-ratio of four complex numbers may be defined as

[z1, z2;w1, w2] :=(z1 − w1)(z2 − w2)(z1 − w2)(z2 − w1)

∈ P1 := C ∪ {∞}.

However, reordering the four complex numbers generally gives a different value.In fact, the symmetry group Sym4 acts on the quadruple (z1, z2, w1, w2) byplace-permutation. Since

[z1, z2;w1, w2] = [z2, z1;w2, w1] = [w1, w2; z1, z2] = [w2, w1; z2, z1]

we see that the subgroup

V := {id, (12)(34), (13)(24), (14)(23)}

acts trivially. Now V CS4 is a normal subgroup and the factor group is isomor-phic to Sym3. If we define λ := [z1, z2;w1, w2], then

[z1, w1;w2, z2] = (1− λ)−1 = σ(λ) and [z1, z2;w2, w1] = λ−1 = τ(λ),

so we recover the action of Sym3 on P1.The function J is important in the study of elliptic curves. The Legendrenormal form of an elliptic curve E is

Y 2 = X(X − 1)(X − λ) with λ ∈ C \ {0, 1}.

Moreover, two elliptic curves E,E′ are isomorphic if and only if the numbersλ, λ′ lie in the same Sym3-orbit, so if and only if J(λ) = J(λ′). We thereforedefine J(E) := J(λ), and this parameterises the isomorphism classes of ellipticcurves. (It is common to define j(E) := 28J(E) and declare this to be thej-invariant of the elliptic curve E.)For more interesting facts about cubics, elliptic curves and Sym3, try here.

38

Chapter 8

Normal Extensions

Recall from Proposition 5.6 that if L/K is Galois, then for every α ∈ L, itsminimal polynomial over K splits over L. In this chapter we investigate thisproperty further.

8.1 Splitting Field Extensions

Let L/K be a field extension and f ∈ K[X] a non-constant polynomial. Wesay that f splits over L provided it factorises as a product of linear polynomialsover L; equivalently if f has deg(f) roots in L (counted with multiplicities).We say that L/K is a splitting field extension for f provided that f splitsover L, but not over a proper intermediate field of L/K.

Lemma 8.1. Let L/K be a field extension, f ∈ K[X] and assume that f splitsover L. Then there is a unique intermediate field of L/K which is a splitting fieldextension for f , namely E = K(α1, . . . , αn), where α1, . . . , αn are the distinctroots of f in L.

Proof. Let F be an intermediate field of L/K. Then f splits over F if and onlyif F contains every root of f , which is if and only if F contains E. In particular,f splits over E, but not over any intermediate field of E/K, so that E/K is asplitting field extension for f .

We can combine the previous lemma with Kronecker’s Theorem and induction toprove that splitting field extensions always exist, and then use Artin’s ExtensionTheorem to prove that they are unique up to isomorphism.

Theorem 8.2 (Existence and Uniqueness of Splitting Field Extensions). Letf ∈ K[X] be non-constant. Then there exists a splitting field extension L/K off , and [L : K] ≤ deg(f)!. Moreover, if L′/K is another splitting field extensionof f , then there exists a K-isomorphism L

∼−→ L′.

39

More generally, let ι : K ∼−→ K ′ be a field isomorphism, L/K a splitting fieldextension for f , and L′/K ′ a splitting field extension for ι(f). Then there existsa field isomorphism L

∼−→ L′ extending ι.

Proof. Existence. By Kronecker’s Theorem there exists a simple field exten-sion K(α1)/K of degree at most deg(f) such that α1 is a root of f . This isconstructed by taking an irreducible factor m of f , forming the field extensionK[X]/(m) of K, and letting α1 be the image of X.Now, over K(α1), we can write f = (X − α1)g, and deg(g) = deg(f) − 1. Byinduction on degree there exists a splitting field extension L/K(α1) for g, and[L : K(α1)] ≤ deg(g)!. It follows from the Tower Law that [L : K] ≤ deg(f)!.Let α2, . . . , αn be the roots of g in L. Since L/K(α1) is a splitting field extensionfor g we must have by the previous lemma that

L = K(α1)(α2, . . . , αn) = K(α1, . . . , αn).

Now, α1, . . . , αn are the roots of f in L, so by the previous lemma once morewe obtain that L/K is a splitting field extension for f .Uniqueness. We want to apply the same kind of induction argument to proveuniqueness, which is why we need the more general statement concerning iso-morphisms extending ι, and not just K-isomorphisms.Suppose that ι : K ∼−→ K ′ is a field isomorphism and that L′/K ′ is a splittingfield extension of f ′ := ι(f) ∈ K ′[X].Let α ∈ L be a root of f , and let m = mα/K be the minimal polynomial of αover K. Then m ∈ K[X] is a factor of f , so ι(m) ∈ K ′[X] is a factor of f ′.Since f ′ splits over L′, so too does ι(m). Let α′ ∈ L′ be a root of ι(m). SetE := K(α) and E′ := K ′(α′). By Artin’s Extension Theorem the map α 7→ α′

induces a field isomorphism τ : E ∼−→ E′ extending ι.Now, over E, we can write f = (X−α)g and L/E is a splitting field extension ofg. Similarly, over E′, we can write f ′ = (X −α′)g′ and L′/E′ is a splitting fieldextension of g′. Since τ(f) = f ′ and τ(α) = α′, we must have that τ(g) = g′.We therefore have a field isomorphism τ : E ∼−→ E′, a splitting field extensionL/E of g ∈ E[X], and a splitting field extension L′/E′ of g′ := τ(g). Byinduction on degree we can extend τ to a field isomorphism σ : L ∼−→ L′.Finally, since τ extends ι : K ∼−→ K ′, so too does σ.

We can also define splitting field extensions of sets of polynomials S ⊂ K[X].This is a field extension L/K over which every f ∈ S splits, but where nointermediate field has this property.

Corollary 8.3. Let S ⊂ K[X] be a finite subset. Then there exists a splittingfield extension for S over K, and this is unique up to isomorphism.

Proof. If S = {f1, . . . , fn}, then L/K is a splitting field extension for S if andonly if it is a splitting field extension for f = f1 · · · fn.

40

A much harder result is that splitting field extensions exist and are unique upto isomorphism for arbitrary subsets S ⊂ K[X]. This follows from the existenceof the algebraic closure of a field. See Chapter 14.

8.2 Normal Extensions

An algebraic field extension L/K is called normal if, for all α ∈ L, its minimalpolynomial mα/K splits over L.We begin by relating normal extensions to the seemingly weaker condition ofsplitting field extensions.

Theorem 8.4. A finite field extension L/K is normal if and only if it is asplitting field extension for some polynomial f ∈ K[X].

Proof. Suppose first that L/K is normal. Since L/K is finite, it is finitelygenerated, say L = K(α1, . . . , αn). Let mi = mαi/K be the minimal polynomialof αi over K, and set f := m1 · · ·mn. Using that L/K is normal, we know thateach mi splits over L, so f also splits over L. As L is generated over K byroots of f , we can apply Lemma 8.1 to conclude that L/K is a splitting fieldextension for f .Conversely, let L/K be a splitting field extension for f ∈ K[X]. Take α ∈ Land let m = mα/K be its minimal polynomial. We need to show that m splitsover K. To this end, let M/L be a splitting field extension of m.Take β ∈M a root of m. By Artin’s Extension Theorem we know that there isa K-isomorphism ι : K(α) ∼−→ K(β), α 7→ β.Now, let γ1, . . . , γn be the roots of f in L. Since L/K is a splitting field extensionof f , we know that L = K(γ1, . . . , γn). It follows that

L(β) = K(β, γ1, . . . , γn) = K(β)(γ1, . . . , γn),

so that L(β)/K(β) is also a splitting field extension for f .We therefore have aK-isomorphism ι : K(α) ∼−→ K(β), a splitting field extensionL/K(α) for f ∈ K[X], and a splitting field extension L(β)/K(β) for ι(f) = f .We can therefore apply Theorem 8.2 to obtain a field isomorphism σ : L ∼−→ L(β)extending ι. In particular, since ι is a K-isomorphism, so too is σ. It followsthat [L : K] = [L(β) : K], so by the Tower Law we have [L(β) : L] = 1, andhence L(β) = L. In other words, β ∈ L, so every root of m lies in L, so m splitsover L.

8.3 Normal Closure

One has to be careful when dealing with normal extensions, since it is possibleto have a tower M/L/K of fields with both M/L and L/K normal, but M/Knot normal.

41

For example, take K = Q, L = Q(√

2) and M = Q( 4√2). Then L/Q is thesplitting field of X2 − 2 and M/L is the splitting field of X2 −

√2. However,

M/Q is not normal. For, the minimal polynomial of 4√2 over Q is m := X4− 2,which decomposes as (X − 4√2)(X + 4√2)(X2 +

√2) over M . Since M ⊂ R but

the roots of X2 +√

2 are complex, we see that m does not split over M .For this reason, we make the following definition. Let L/K be finite. A fieldextension M/L is called a normal closure of L/K if M/K is normal, butM ′/K is not normal for a proper intermediate field of M/L. (Note the relevantbase fields.)

Theorem 8.5 (Existence and Uniqueness of Normal Closures). Let L/K befinite. Then there exists a normal closure M/L of L/K, of finite degree, andunique up to isomorphism.

Proof. Since L/K is finite, it is finitely generated, say L = K(α1, . . . , αn). Letmi = mαi/K be the minimal polynomial of αi over K, and set f := m1 · · ·mn.Let M/L be a field extension such that M/K is normal. Then each αi ∈M , somi splits over M , and hence f splits over M .Conversely, let M/L be a splitting field extension for f . By Lemma 8.1, ifS ⊂M is the set of roots of f , then M = L(S). Since each αi is a root of f , wehave αi ∈ S, and so M = L(S) = K(α1, . . . , αn, S) = K(S). Therefore M/Kis a splitting field extension for f , by the same lemma, and hence is normal byTheorem 8.4.It follows that a field extension N/L is a normal closure for L/K if and onlyif it is a splitting field extension for f . The finiteness and uniqueness are nowimmediate consequences of Theorem 8.2.

42

Chapter 9

Finite Fields

A finite field is a field with only finitely many elements. Examples include thefields Fp := Z/pZ for each prime number p. In this chapter we will constructall finite fields, and compute the Galois groups of all field extensions involvingfinite fields. We will show that two finite fields are isomorphic if and only ifthey have the same number of elements, and that all field extensions of finitefields are Galois with cyclic Galois groups.Recall that the characteristic of a ring R is the integer n ≥ 0 generating thekernel of the (unique) ring homomorphism Z→ R. The characteristic of a fieldis either 0 or a prime number.In particular, the characteristic of a finite field F is always a prime number p,so F has prime subfield Fp. Moreover, if F/Fp has degree n, then F has pn

elements.Finally we shall need the derivative of a polynomial. Let K be any field. Thenthe linear map

D : K[X]→ K[X], Xn 7→ nXn−1

satisfies the product rule D(fg) = D(f)g+fD(g). We usually write f ′ for D(f)and call it the derivative.

9.1 Frobenius Homomorphism

Let K be any field of characteristic p > 0. The Frobenius homomorphismis defined to be the map

Fr: K → K, x 7→ xp.

Lemma 9.1. The Frobenius homomorphism is a field homomorphism. In par-ticular, it is injective.

43

Proof. We need to check that

(x+ y)p = xp + yp, (xy)p = xpyp, 0p = 0 and 1p = 1.

The last three are obvious, so we just need to check that (x + y)p = xp + yp.Using the binomial formula, we have

(x+ y)p =p∑

r=0

(p

r

)xryp−r.

Since(pr

)= p!/r!(p − r)! and p does not divide r! for any 0 ≤ r < p, we

deduce that p divides(pr

)for each 0 < r < p. Since char(K) = p, we get

(x+ y)p = xp + yp as required.

Note that, by induction, (x1 + · · ·+ xn)p = xp1 + · · ·+ xp

n.As usual we may extend the Frobenius homomorphism to the polynomial ringK[X] via

Fr(a0X

n + · · ·+ an−1X + an

)= ap

0Xn + · · ·+ ap

n−1X + apn.

Lemma 9.2. Let f ∈ K[X]. Then Fr(f)(Xp) = f(X)p.

Proof. Write f = a0Xn + · · ·+an−1X+an. As noted above,

( ∑i x

pi

)=

∑i x

pi ,

sof(X)p = ap

0Xpn + · · ·+ ap

n−1Xp + ap

n = Fr(f)(Xp).

9.2 Finite Fields

Consider the polynomial Xp − X over FP . We know that 1 is a root of thispolynomial, and since

(1 + · · ·+ 1)p = 1p + · · ·+ 1p = 1 + · · ·+ 1,

we see that every element of Fp is a root. This gives p distinct roots, so

Xp −X = X(X − 1)(X − 2) · · · (X − p+ 1) =∏

α∈Fp

(Xα).

Note that equating coefficients of X gives (p − 1)! ≡ (−1)p mod p, and since(−1)p ≡ −1 mod p for all primes p, we deduce Wilson’s Theorem, that (p−1)! ≡−1 mod p.

Proposition 9.3. Let F/Fp be a field extension of degree n. Then this extensionis Galois with cyclic Galois group generated by the Frobenius homomorphism,and the elements of F are precisely the roots of Xpn −X, so

Xpn

−X =∏α∈F

(X − α).

44

Proof. We know that F is a finite field with pn elements. Now the Frobeniushomomorphism is a field endomorphism of F , so injective, and hence bijectivesince F is a finite set. Thus Fr is a field automorphism of F . The fixed field ofFr is the set of α ∈ F such that αp = α, so the set of roots of Xp −X, whichis just the prime subfield Fp. Thus, by Proposition 5.1, F/FP is Galois withGalois group the cyclic group 〈Fr〉. Since this group has order [F : Fp] = n, wehave

Gal(F/Fp) = 〈Fr〉 ∼= Z/nZ.

Next, we know that Frn = id on F , so every element α ∈ F satisfies αpn

= α, sois a root of Xpn −X. Since F has pn elements, we deduce that this polynomialsplits over F as

Xpn

−X =∏α∈F

(X − α).

Proposition 9.4. For each prime p and integer n ≥ 1 there exists a finite fieldwith pn elements. It is a splitting field extension of Xpn − X over Fp, so isunique up to isomorphism

Proof. Let F/Fp be a splitting field extension of Xpn−X. We first observe thatthe roots of f in F are all distinct. For, if α is a repeated root, then over Fwe can write f = (X − α)2g for some polynomial g. Taking derivatives gives−1 = (X − α)

(2g + (X − α)g′

), a contradiction by considering degrees.

Now consider the fixed field of the cyclic group 〈Frn〉. This consists of thoseelements α ∈ F satisfying αpn

= α, so equals the set of roots of f in F . Thereforethe set of roots of f form a subfield of F of size pn. Since F is a splitting fieldextension for f , it equals this fixed field, so F has size pn.Conversely, if F has pn elements, then the proposition tells us that F is asplitting field extension of Xpn −X.

Since all finite fields of size pn are isomorphic, we usually abuse notation anddenote any such field by Fpn .We can now apply the Galois Correspondence to deduce that the intermediatefields of Fpn/Fp are in bijection with the subgroups of the Galois group 〈Fr〉 ∼=Z/nZ. The subgroups are given as 〈Frr〉 ∼= Z/(n/r)Z for each r|n. This grouphas index r, so the fixed field of Frr has degree r over Fp, and hence is isomorphicto Fpr .This yields the following result.

Theorem 9.5. The finite field Fpn contains Fpr as a subfield if and only if rdivides n, in which case Fpn/Fpr is Galois with cyclic Galois group generatedby Frr : x 7→ xpr

.

In general we simplify notation by taking our base field to be Fq for some primepower q = pr. Then each finite field extension of Fq is of the form Fqn/Fq, andthe Galois group is generated by Frq : x 7→ xq.

45

Recall from Proposition 5.6 that if L/K is Galois with Galois group G, and ifα ∈ L, then mα/K splits over L and has distinct roots. Moreover, the roots areall of the form σ(α) for some σ ∈ G.

Corollary 9.6. Let f ∈ Fq[X] be irreducible of degree n. Then Fq[X]/(f) ∼= Fqn

is a Galois extension, and the roots of f are of the form αqr

for 0 ≤ r < n,where α ∈ Fq[X]/(f) denotes the image of X.

9.3 Irreducible Polynomials over Finite Fields

Proposition 9.7. Let q = pr be a prime power. Over Fq we have the factori-sation

Xqn

−X =∏

f monic,irreddeg(f)|n

f.

Proof. We have already seen that

Xqn

−X =∏

α∈Fqn

(X − α).

On the other hand, consider the product g of all monic irreducible polynomialsover Fq of degree dividing n. Let f be an irreducible factor of g, of degree r.Then f splits into distinct linear factors over the subfield Fqr of Fqn , so alsoover Fqn . Hence g splits into distinct linear factors over Fqn . Since deg(g) =qn = |Fqn | we get that

g =∏

α∈Fqn

(X − α),

proving that g = Xqn −X.

Define ϕd(q) to be the number of monic irreducible polynomials of degree d overFq. We wish to obtain a formula for ϕd(q). For this we will need the Mobiusfunction µ(n), which is defined as follows:

µ(n) :=

{(−1)r if n = p1 · · · pr is a product of distinct primes;0 if d2|n for some d ≥ 2.

We immediately see that µ(1) = 1 and that µ(mn) = µ(m)µ(n) provided m andn are coprime (i.e. µ is a multiplicative function).The following is a fundamental result.

Lemma 9.8. ∑d|n

µ(d) =

{1 if n = 1;0 if n ≥ 2.

46

Proof. Set N(n) :=∑

d|n µ(d). Since µ is a multiplicative function, so too isN . In other words, if m and n are coprime, then N(mn) = N(m)N(n). We arereduced to the case of a prime power n = pr. Now N(1) = 1 whereas if r ≥ 1,then N(pr) = µ(1) + µ(p) = 0.

The importance is revealed by the next result, which allows us to invert formulaeinvolving sums over divisors.

Lemma 9.9. Suppose we have functions fn and gn for all positive integers n.Then

fn =∑d|n

gd if and only if gn =∑d|n

µ(

nd

)fd.

We now use this technique to obtain a formula for ϕn(q).

Theorem 9.10.ϕn(q) =

1n

∑d|n

µ(d)qn/d.

Proof. We have from Proposition 9.7 that

Xqn

−X =∏d|n

∏f monic,irred

deg(f)=d

f.

Comparing degrees we getqn =

∑d|n

dϕd(q).

Inverting this formula (with fn = qn and gn = nϕn(q)), we obtain that

nϕn(q) =∑d|n

µ(

nd

)qd =

∑d|n

µ(d)qn/d

as required.

Examples

We know that ϕ1(q) = q, and the irreducible polynomials of degree 1 over Fq

are just the linear polynomials X − α for α ∈ Fq.Next we have

ϕ2(q) =12(q2 − q

), ϕ3(q) =

13(q3 − q

), ϕ4(q) =

14(q4 − q2

).

We can compute the irreducible polynomials over F2 or F3 using the Sieve ofErastothenes, but taking irreducible polynomials over a finite field instead ofprime numbers in the integers. (That this method works is due to the fact thatK[X], like Z, is a Euclidean domain.)

47

We have the following irreducible polynomials over F2.

X2 +X + 1

X3 +X + 1, X3 +X2 + 1

X4 +X + 1, X4 +X3 + 1, X4 +X3 +X2 +X + 1.

Over F3 we have three irreducible quadratics.

X2 + 1, X2 +X − 1, X2 −X − 1.

48

Chapter 10

Separable Extensions

Recall from Proposition 5.6 that if L/K is Galois, then for every α ∈ L, itsminimal polynomial overK has distinct roots in L. In this chapter we investigatethis property further.

10.1 Separable Polynomials

We call an irreducible polynomial f ∈ K[X] separable over K if f has distinctroots in a splitting field extension. Since splitting field extensions are uniqueup to isomorphism, this definition depends only on f and K. We say that ageneral polynomial f ∈ K[X] is separable over K if each irreducible factor isseparable over K.Changing perspective, let L/K be an algebraic field extension and α ∈ L. Wesay that α is separable over K if its minimal polynomial mα/K is separable overK. We say that L/K itself is separable if each α ∈ L is separable over K.We start by giving a criterion for when an irreducible polynomial is separable.

Theorem 10.1. Let f ∈ K[X] be irreducible. Then the following are equivalent.

1. f is inseparable over K.

2. gcd(f, f ′) 6= 1.

3. f ′ = 0.

4. char(K) = p > 0 and f(X) = g(Xp) for some g ∈ K[X] (necessarilyirreducible).

Proof. (1) ⇒ (2) Let L/K be a splitting field extension for f . Since f has arepeated root in L, say α, we can can write f = (X − α)2g for some g ∈ L[X].Taking derivatives gives f ′ = (X−α)

(2g+(X−α)g′

), so that α is again a root

of f ′. Hence mα/K divides both f and f ′ over K, so gcd(f, f ′) 6= 1.

49

(2)⇒ (3) Since f is irreducible, if gcd(f, f ′) 6= 1, then it must equal f . There-fore f divides f ′ but deg(f) > deg(f ′). This can only happen if f ′ = 0.(3) ⇒ (4) Write f =

∑n anX

n ∈ K[X]. Then 0 = f ′ =∑

n nanXn−1, so

nan = 0 ∈ K for all n. If char(K) = 0, then an = 0 for all n ≥ 1, so thatf = a0 ∈ K is constant, contradicting the assumption that f is irreducible.Thus char(K) = p > 0 and an = 0 unless p|n, so that f(X) = g(Xp) with g =∑

r aprXr ∈ K[X]. To see that g is irreducible, suppose that g = g1g2 ∈ K[X].

Then f(X) = g(Xp) = g1(Xp)g2(Xp) ∈ K[X], so f irreducible implies one ofthe gi is constant, and so g is irreducible.(4) ⇒ (1) Let char(K) = p > 0 and f(X) = g(Xp) ∈ K[X]. Let L/K be thesplitting field extension for f . If α ∈ L is a root of f , then 0 = f(α) = g(αp), soαp is a root of g. Thus X − αp divides g over L, which implies that Xp − αp =(X − α)p divides g(Xp) = f(X). Thus α is a repeated root of f in L, so f isinseparable.

We call a field K perfect if every irreducible polynomial f ∈ K[X] is separable.We observe that all fields of characteristic 0 are separable. Also, all algebraicallyclosed fields are perfect (since all irreducible polynomials are linear). Finally, itfollows from Corollary 9.6 that all finite fields are perfect.It is instructive to see an example of an inseparable field extension.

Lemma 10.2. Let K be a field of characteristic p > 0, and let α ∈ K. Thenthe polynomial Xp − α is either irreducible, or else factors as (X − β)p.

Proof. Let L/K be a splitting field extension for Xp − α, and let β ∈ L bea root of this polynomial. Then βp = α, so over L we have the factorisationXp − α = (X − β)p. By unique factorisation in K[X], any irreducible factor ofXp − α must be of the form (X − β)m for some 1 ≤ m ≤ p. In particular, theconstant term βm must lie in K.Suppose βm ∈ K for some 1 < m < p. Since p is prime there exist integers a, bwith ap+ bm = 1. Then αa(βm)b = βap+bm = β ∈ K. Therefore either β ∈ Kand Xp − α = (X − β)p over K, or else Xp − α is irreducible over K.

Proposition 10.3. Consider the transcendental extension Fp(x)/Fp. Let y =xp. Then the minimal polynomial of x over Fp(y) is Xp − y, and the fieldextension Fp(x)/Fp(y) is inseparable of degree p.

Proof. Clearly x is a root of m = Xp − y, so by the previous lemma we justneed to prove that x 6∈ Fp(y).Note that y is transcendental over Fp. So, if x ∈ Fp(y), then there exist polyno-mials f, g ∈ Fp[X] such that x = f(y)/g(y), or equivalently f(y) = g(y)x. Sincey = xp, this gives f(xp) = g(xp)x. As x is transcendental over Fp, this impliesf(Xp) = g(Xp)X in Fp[X], a contradiction by comparing degrees.1

1 Alternatively, apply Exercise Sheet 4, Question (7).

50

We next want to show that the set of separable elements in a field extensionL/K forms an intermediate field.

Lemma 10.4. Let K be a field of characteristic p > 0, and let L/K be a fieldextension. For α ∈ L, algebraic over K, we have the following dichotomy.

1. α is separable over K if and only if [K(α) : K(αp)] = 1.

2. α is inseparable over K if and only if [K(α) : K(αp)] = p.

Proof. If α is separable over K, then it is separable over any intermediate fieldE of L/K. For, mα/E divides mα/K , so also has distinct roots in a splitting fieldextension. In particular, α is separable over K(αp). On the other hand, theminimal polynomial of α over K(αp) divides Xp −αp, and by Lemma 10.2 thispolynomial is either irreducible, so α is inseparable over K(αp), or else factorsas (X − α)p, so α ∈ K(αp). We deduce that [K(α) : K(αp)] = 1.Conversely, if α is inseparable over K, then mα/K(X) = f(Xp) for some monicirreducible polynomial f ∈ K[X]. Since αp is a root of f , we see that f =mαp/K , so that [K(αp) : K] = deg(f) and [K(α) : K] = deg(m) = pdeg(f).Thus [K(α) : K(αp)] = p.

Theorem 10.5. Let L/K be a field extension and write Lsep/K for the set ofelements α ∈ L which are separable over K. Then Lsep/K is an intermediatefield of L/K, and is a separable field extension of K.

Proof. This is trivial when char(K) = 0, so let char(K) = p > 0. Clearly eachelement of K is separable over K, so K ⊂ Lsep/K . It remains to show thatLsep/K is a closed under sums, products and inverses, so is a subfield of L. Inother words, we need to show that if α, β ∈ Lsep/K with β non-zero, then α± βand αβ±1 are all separable over K.Let γ be any one of these elements. Then K(β, γ) = K(α, β), and by applyingthe Frobenius homomorphism we also have K(βp, γp) = K(αp, βp). Now β isseparable over K, so it is also separable over any intermediate field E of L/K,and so E(βp) = E(β) by the previous lemma. Similarly α is separable over K,so K(αp) = K(α). Combining these results for E = K(α) gives K(αp, βp) =K(α, β). We deduce that K(βp, γp) = K(β, γ), so by the Tower Law

[K(γ) : K(γp)] =[K(β, γ) : K(γp)][K(β, γ) : K(γ)]

=[K(βp, γp) : K(γp)]

[K(β, γ) : K(γ)].

Finally, let m be the minimal polynomial of β over K(γ). Applying the Frobe-nius homomorphism we have Fr(m)(Xp) = m(X)p, so βp is a root of Fr(m).Since m ∈ K(γ)[X] we see that Fr(m) ∈ K(γp)[X]. Therefore the minimalpolynomial n of βp over K(γp) divides Fr(m), so

[K(βp, γp) : K(γp)] = deg(n) ≤ deg(Fr(m)) = deg(m) = [K(β, γ) : K(γ)].

Thus [K(γ) : K(γp)] ≤ 1, so K(γ) = K(γp) and γ is separable over K.

51

10.2 Characterisation of Galois Extensions

We now come to an important result, which states that a finite field extensionis Galois if and only if it is separable and normal. This characterisation is oftentaken to be the definition of a Galois extension, but the approach we have takenhas the benefit of emphasising the symmetries of a Galois extension.

Theorem 10.6. Let L/K be a field extension. The following are equivalent.

1. L/K is Galois.

2. L/K is finite, separable and normal.

3. L/K is a splitting field extension of a separable polynomial f ∈ K[X].

Proof. (1)⇒ (2) Let L/K be Galois. Then it is necessarily finite. Furthermore,we saw in Proposition 5.6 that for each α ∈ L, its minimal polynomial mα/K

splits into distinct linear factors over L. Thus L/K is also separable and normal.(2)⇒ (3) Let L/K be finite, separable and normal. Then it is a splitting fieldextension for some polynomial f ∈ K[X] by Theorem 8.4. Let m be a monicirreducible factor of f , and let α ∈ L be a root of m. Then m is necessarily theminimal polynomial of α over K, so is separable by assumption. Thus f is aseparable polynomial.(3)⇒ (1) Let f ∈ K[X] be a separable polynomial, and let L/K be a splittingfield extension for f . We are going to prove that L/K is Galois by induction onthe degree [L : K]. Set G := Gal(L/K) and let E be the fixed field of G.Let α ∈ L \K be a root of f , so m := mα/K is a separable polynomial. ThenL/K(α) is again a splitting field extension for f , but of smaller degree, so isGalois by induction. Then Gal(L/K(α)) ≤ G is a subgroup, so the fixed fieldof G is contained in the fixed field of Gal(L/K(α)); that is, E ⊂ K(α).Set n+ 1 := [K(α) : K]. Given θ ∈ E ⊂ K(α) we can write

θ = a0αn + · · ·+ an−1α+ an for some ai ∈ K.

Set g := a0Xn + · · ·+ an−1X + (an − θ) ∈ E[X].

Let β ∈ L be a root of m. We claim that g(β) = 0. By Artin’s ExtensionTheorem there exists a K-isomorphism ι : K(α) ∼−→ K(β), α 7→ β. Now L/K(β)is also a splitting field extension for f = ι(f), so by Theorem 8.2 there exists afield automorphism σ of L extending ι. Since ι is a K-isomorphism, so too is σ,and hence σ ∈ Gal(L/K).By assumption σ fixes every element of E, and also that σ(α) = β. Therefore

θ = σ(θ) = a0βn + · · ·+ an−1β + an,

so g(β) = 0 as required.Since m has n + 1 distinct roots but deg(g) ≤ n we deduce that g = 0, soθ = an ∈ K. Thus E = K and L/K is Galois by Proposition 5.1.

52

Corollary 10.7. Let L/K be a finite, separable field extension. Then L/K issimple. In particular, all Galois extensions are simple.

Proof. Let L = K(α1, . . . , αn), let mi be the minimal polynomial of αi overK, and let m = m1 · · ·mn. Since L/K is separable, each αi is separable overK, so each mi is an irreducible separable polynomial. Hence m is a separablepolynomial.Now, if M/L is the normal closure for L/K, then M/K is a splitting field ex-tension for m, so is Galois by the theorem. By the Fundamental Theorem,the intermediate fields of M/K are in bijection with the subgroups of the Ga-lois group. Thus there are only finitely many intermediate fields of M/K, sothere can be only finitely many subfields of L/K. Hence L/K is simple by thePrimitive Element Theorem.

In the exercises we will construct a finite field extension L/K which has infinitelymany intermediate fields, and hence is not simple.Another important consequence of the theorem is that we can view Galois groupsas transitive subgroups of symmetric groups. If f ∈ K[X] is a separable poly-nomial, we write Gal(f) for the Galois group of a splitting field extension L/Kfor f . This is well-defined by Theorem 8.2.

Proposition 10.8. Let f ∈ K[X] be a separable irreducible polynomial of degreen. Then the action of Gal(f) on the roots of f induces an injective grouphomomorphism Gal(f) ↪→ Symn with image a transitive subgroup.

Proof. Let L/K be a splitting field extension for f , so a Galois extension bythe theorem. If α1, . . . , αn are the roots of f in L, then L = K(α1, . . . , αn),so the action of Gal(f) = Gal(L/K) is completely determined by its action onthe roots of f . This yields an injective group homomorphism Gal(f) ↪→ Symn.Finally, Gal(f) acts transitively on the roots of f by Corollary 5.7, so its imagein Symn must be a transitive subgroup.

This result restricts the possible Galois groups quite considerably. For example,if f ∈ Q[X] is an irreducible cubic, then Gal(f) is isomorphic to either Z/3Z orSym3. If f ∈ Q[X] is an irreducible quartic, then Gal(f) is isomorphic to oneof

Sym4, Alt4, D8, Z/4Z, (Z/2Z)2.

The group D8 is the dihedral group with 8 elements, or the symmetry groupof a square. We can view it as a transitive subgroup of Sym4 by taking〈(1234), (12)(34)〉. The group V := (Z/2Z)2 is often called the Klein four group(Kleinsche Vierergruppe), and can be viewed as a transitive subgroup of Sym4

by taking 〈(12)(34), (13)(24)〉.

53

As an example of how useful this is, consider the following result.

Proposition 10.9. Let p be a prime. The only transitive subgroup of Symp

containing a transposition is Symp itself.In particular, if f ∈ Q[X] is an irreducible polynomial of degree p having pre-cisely two non-real roots, then Gal(f) ∼= Symp.

Proof. Let G ≤ Symp be a transitive subgroup. Then G acts transitively on theset {1, 2, . . . , p}, so by the Orbit-Stabiliser Theorem, H = StabG(1) has indexp in G. Thus p divides |G|, so G contains an element of order p, and hence ap-cycle σ, by Cauchy’s Theorem.Suppose further that G contains a transposition (1 a). Note that, for some1 ≤ r < p we have σr = (1 a · · · ), and that this is again a p-cycle. Relabelling,we may assume that G contains (1 2) and (1 2 · · · p). Conjugating the trans-position shows that G also contains (i i + 1) for all i, and we know that thesetranspositions generate the full symmetric group. Thus G = Symp.Now let f ∈ Q[X] be irreducible of degree p, and having precisely two complexroots. Then Gal(f) ≤ Symp is a transitive subgroup. Moreover, complex con-jugation fixes f , so permutes the roots of f , and hence acts as a transposition.Thus Gal(f) contains a transposition, so Gal(f) = Symp.

For example, the Galois group of f = X5 − 4X + 2 ∈ Q[X] is Sym5. For, f isirreducible by Eisenstein, and has precisely three real roots, as seen by drawingits graph. We can therefore apply the proposition.

−2 −1 0 1 2

X5 − 4X + 2

10.3 Changing the Base Field

Let E and F be intermediate fields of a field extension L/K. It is often useful tobe able to translate results about the field extension E/K to the field extensionEF/F , which we call base change.

54

Theorem 10.10. Let L/K be a field extension, and E,F intermediate fields.

1. If E/K is Galois, then so is EF/F , and Gal(EF/F ) is isomorphic to thesubgroup Gal(E/E ∩ F ) of Gal(E/K).

2. If both E/K and F/K are Galois, then so too are EF/K and E ∩ F/K.If E ∩ F = K, then Gal(EF/K) is isomorphic to the direct productGal(E/K)×Gal(F/K).

Proof. 1. Since E/K is Galois, it is a splitting field extension of some separablepolynomial f ∈ K[X] by Theorem 10.6. Then EF/F is a splitting field extensionof f , now viewed in F [X], so is Galois by the same theorem.Now let σ ∈ Gal(EF/F ). Then σ is completely determined by its action on theroots of f , and all of these lie in E. So σ restricts to a K-automorphism of E,inducing an injective map Gal(EF/F ) ↪→ Gal(E/K), which is easily seen to bea group homomorphism.Finally, let G ≤ Gal(E/K) be the image of Gal(EF/F ). Then x ∈ E is fixed byG if and only if x ∈ EF is fixed by Gal(EF/F ), which is if and only if x ∈ F .Thus the fixed field of G is E ∩ F , so G = Gal(E/E ∩ F ).2. Suppose that F/K is also Galois, so a splitting field extension of some sep-arable polynomial g ∈ K[X]. Then EF/K is a splitting field extension of fg,which is separable, so EF/K is Galois.Since EF/K is finite and separable, so too is E ∩ F/K. To see that the latterfield extension is also normal, and hence Galois, take γ ∈ E ∩ F . Then mγ/K

splits over E, since E/K is normal, and similarly also over F/K. Therefore allthe roots of mγ/K necessarily lie in E ∩ F , so mγ/K splits over E ∩ F .Assume now that E ∩ F = K. As in (1), restriction to E yields a group ho-momorphism Gal(EF/K)→ Gal(E/K). For, E/K is a splitting field extensionof f and any σ ∈ Gal(EF/K) must permute these roots, so σ restricts to anautomorphism of E. Similarly, F/K is a splitting field for g, so restriction to Fyields a group homomorphism Gal(EF/K) → Gal(F/K). Together these givea group homomorphism

θ : Gal(EF/K)→ Gal(E/K)×Gal(F/K).

Since EF/K is a splitting field extension for fg, any σ ∈ Gal(EF/K) is com-pletely determined by its action on the roots of f and g, so by its restrictionsto E and F . Thus θ is injective. Finally, by (1) we know that

[EF : F ] = |Gal(EF/F )| = |Gal(E/E ∩ F )| = |Gal(E/K)| = [E : K],

so by the Tower Law

[EF : K] = [EF : F ][F : K] = [E : K][F : K]

and hence|Gal(EF/K)| = |Gal(E/K)||Gal(F/K)|.

This implies that θ must be a bijection, and hence a group isomorphism.

55

Corollary 10.11. Let L/K be a field extension, and E and F intermediatefields. If E/K is Galois, then [EF : F ] divides [E : K].

Proof. By part (1) of the theorem we have

[EF : F ] = |Gal(EF/F )| = |Gal(E/E ∩ F )| = [E : E ∩ F ],

which divides [E : K] by the Tower Law.

This result is not true if E/K is not Galois. For example, let E = Q( 3√

2) andF = Q(ω 3

√2), where ω is a primitive cube root of unity. Then EF = Q( 3

√2, ω),

so [E : Q] = [F : Q] = 3 and [EF : Q] = 6, whence [EF : F ] = 2.

56

Chapter 11

Cyclotomic and CyclicExtensions

In this chapter we shall examine two special types of field extensions — cyclo-tomic extensions, given by adjoining a primitive n-th root of unity, and cyclicextensions, given by adjoining an arbitrary n-th root under the assumptionthat the base field already contains a primitive n-th root of unity. Both ofthese cases are relatively easy to study, and have far reaching generalisations toabelian Kummer theory and class field theory.

11.1 Cyclotomic Extensions

Recall that ζ ∈ K is called a primitive n-th root of unity if ζn = 1 butζd 6= 1 for all 1 ≤ d < n. For example we could take ζ = exp(2πi/n) ∈ C.Let ζ ∈ K be a primitive n-th root of unity. We make the following observations.

1. The n numbers ζr for 1 ≤ r ≤ n are all distinct. For, if ζr = ζs with1 ≤ r < s ≤ n, then ζs−r = 1 and 1 ≤ s − r < n, contradicting the factthat ζ was a primitive n-th root of unity.

2. The set µn := {ζr : 1 ≤ r ≤ n} is a cyclic group under multiplication,generated by ζ. Hence µn is isomorphic to the additive group Z/nZ.

3. If 1 ≤ r ≤ n, then ζr is a primitive n/d-th root of unity, where d =gcd(r, n).

4. µn contains µd for all d|n. In particular, if ξ is an n/d-th root of unity,then ξ = ζds for some 1 ≤ s ≤ n/d.

57

We define the n-th cyclotomic polynomial as

Φn(X) :=∏

1≤r≤ngcd(r,n)=1

(X − ζr) =∏

ξ primitive n-throot of unity

(X − ξ).

We therefore have the factorisation

Xn − 1 =∏

1≤r≤n

(X − ζr) =∏d|n

Φd(X).

Note also that deg(Φn) = φ(n), where φ(n) is Euler’s totient (or phi) function

φ(n) = |{1 ≤ r ≤ n : gcd(r, n) = 1}|.

Theorem 11.1. The polynomial Φn(X) lies in Z[X] and is irreducible.If ζ ∈ C is a primitive n-th root of unity, then Q(ζ)/Q is Galois with abelian Ga-lois group. In fact, Gal(Q(ζ)/Q) ∼= (Z/nZ)× via σr(ζ) := ζr for r ∈ (Z/nZ)×.

Proof. We first observe that each Φd(X) is monic. By induction we may assumeΦd(X) ∈ Z[X] for d < n. Since

∏d|n Φd(X) = Xn − 1, the Division Algorithm

tells us Φn(X) ∈ Q[X], and then Gauss’s Lemma gives that Φn(X) ∈ Z[X].Now let f ∈ Q[X] be the minimal polynomial of ζ, a primitive n-th root ofunity. We claim that if ξ is any root of f , then so is ξp for all primes p - n. Itwill follow that ζr is a root of f for all 1 ≤ r ≤ n with gcd(r, n) = 1, and hencethat Φn(X) = f is irreducible.Since ζ is a root of Xn − 1, we can write Xn − 1 = f(X)g(X). Again, bothpolynomials are monic with rational coefficients, so Gauss’s Lemma tells usthat f, g ∈ Z[X]. Let ξ be a root of f , p a prime not dividing n and assumefor contradiction that ξp is not a root of f . Then ξp must be a root of g(X),so that ξ is a root of g(Xp). Since f is the minimal polynomial of ξ, it dividesg(Xp). Hence g(Xp) = f(X)h(X), and by Gauss’s Lemma once more we seethat h ∈ Z[X] and is monic.We now reduce coefficients modulo p. Denote by f , g and h respectively theimages of f , g and h in Fp[X]. By Lemma 9.2 we have g(X)p = g(Xp) =f(X)h(X). Thus gcd(f , g) 6= 1. Since Xn− 1 = f(X)g(X), we see that Xn− 1has repeated roots. It follows that Xn − 1 and its derivative nXn−1 have acommon divisor, but since p - n this cannot happen, proving the claim.We have shown that Φn(X) is the minimal polynomial of ζ over Q. Thus[Q(ζ) : Q] = deg(Φn) = φ(n). Since all n-th roots of unity (primitive or not)are powers of ζ, we see that Q(ζ)/Q is the splitting field extension of Φn (orequivalently of Xn − 1). Hence Q(ζ)/Q is Galois.Let G = Gal(Q(ζ)/Q), so |G| = φ(n). By Artin’s Extension Theorem theelements of G are in bijection with the roots of Φn, so are all of the form σr : ζ 7→ζr for some 1 ≤ r ≤ n coprime to n. Consider the bijection (Z/nZ)× → G,r 7→ σr. Since 1 7→ σ1 = id and σrσs(ζ) = σr(ζ)s = ζrs, this map is a groupisomorphism.

58

Recall from Proposition 9.3 that every finite extension of a finite field is Galoiswith cyclic Galois group.

Theorem 11.2. Let K = Fq be a finite field and L/K a splitting field extensionof Xn − 1. Then L contains a primitive n-th root of unity if and only if thecharacteristic of K does not divide n, in which case L/K has degree d, where dis the order of q modulo n, so Gal(L/K) ↪→ (Z/nZ)×.

Proof. Suppose first that p := char(K) divides n, say n = pm. Let ζ ∈ L be ann-th root of unity. Then ζm is a root of Xp − 1 = (X − 1)p, so ζm = 1. HenceL cannot contain a primitive n-th root of unity.Conversely, suppose that p does not divide n. Then q ∈ (Z/nZ)×, so let d bethe order of q in this group. Note that Z/dZ ∼= 〈q〉 ↪→ (Z/nZ)×. Let M/K bea field extension of degree e, so M has size qe. Now, Xn − 1 is coprime to itsderivative, so has no repeated roots in a splitting field extension. Therefore, byProposition 9.7, Xn − 1 splits over M if and only if Xn − 1 divides Xqe−1 − 1,which is if and only if n divides qe − 1, and hence if and only if d divides e.Therefore the splitting field extension L of Xn − 1 must be Fqd .Finally, we know from Lemma 3.6 that L× is cyclic, say with generator θ. Thusθ has order qd − 1 = mn, so ζ = θm has order n, so is a primitive n-th root ofunity.

Corollary 11.3. Let L/K be a field extension, and suppose ζ ∈ L is a primitiven-th root of unity. Then K(ζ)/K is Galois, and Gal(K(ζ)/K) ↪→ (Z/nZ)×.

Proof. Let k be the prime subfield of K. Then k(ζ)/k is Galois with Galoisgroup a subgroup of (Z/nZ)×, by Theorem 11.1 in characteristic zero or byTheorem 11.2 in positive characteristic. Then K(ζ) is the compositum of Kand k(ζ), so K(ζ)/K is Galois with Gal(K(ζ)/K) isomorphic to a subgroup ofGal(k(ζ)/k) by Theorem 10.10.

Since we will need this result later, we now show that the compositum of twocyclotomic field extensions is again cyclotomic.

Lemma 11.4. Let L/K be a field extension containing a primitive m-th rootof unity ξ and a primitive n-th root of unity η. Set d := gcd{m,n} and l :=lcm{m,n}. Then L contains a primitive l-th root of unity ζ, and K(ξ, η) =K(ζ).

Proof. We begin by adjoining a primitive l-th root of unity ζ to L. Then ξ, η ∈K(ζ). Conversely, for some integers r and s we have ζl/m = ξr and ζl/n = ηs.By Euclid’s Algorithm we can find integers a and b such that am + bn = d.Then, using that mn = dl, we see that ξbrηas = ζ(am+bn)/d = ζ, so ζ ∈ K(ξ, η).Thus K(ξ, η) = K(ζ).

59

11.2 Hilbert’s Theorem 90

Let L/K be a Galois field extension with Galois group G. The trace and normof α in L/K are given by

TrLK(α) :=

∑σ∈G

σ(α) and NLK(α) :=

∏σ∈G

σ(α).

We observe that

TrLK(α+ β) = TrL

K(α) + TrLK(β) and NL

K(αβ) = NLK(α) NL

K(β),

so that TrLK : L→ K is an additive group homomorphism, and NL

K : L× → K×

is a multiplicative group homomorphism.

Theorem 11.5 (Hilbert’s Theorem 90). Let L/K be Galois with Galois groupGal(L/K) ∼= Z/nZ. Let σ be a generator for Gal(L/K). Then for β ∈ L wehave NL

K(β) = 1 if and only if there exists α ∈ L such that β = σ(α)/α.

Proof. Suppose that β = σ(α)/α. Then

NLK(β) = βσ(β) · · ·σn−1(β) =

σ(α)α

σ2(α)σ(α)

· · · σn(α)αn−1(α)

=σn(α)α

= 1.

Conversely, suppose that NLK(β) = 1. Define

λi := σi(β) · · ·σn−1(β) =1

βσ(β) · · ·σi−1(β).

By the Linear Independence of Characters the σi are linearly independent overL. Hence there exists γ ∈ L such that

α :=n−1∑i=0

λiσi(γ) 6= 0.

Now, σ(λi) = βλi+1 and λ0 = λn = 1. Therefore

σ(α) =n−1∑i=0

σ(λi)σi+1(γ) =n−1∑i=0

βλi+1σi+1(γ) = β

n∑i=1

λiσi(γ) = αβ,

so β = σ(α)/α as required.

Pythagorean Triples

As a cute application of this we can prove that every Pythagorean triple (x, y, z),that is, integers x, y, z such that x2 + y2 = z2, is of the form

(x, y, z) = c(a2 − b2, 2ab, a2 + b2) a, b ∈ Z coprime, 2c ∈ Z.

60

For, let us consider the field of Gaussian numbers Q(i). This is a quadraticextension of Q, so has Galois group Z/2Z, induced by complex conjugation,and Q contains a primitive second root of unity, namely −1.Note that the norm of β = x+ yi (with x, y ∈ Q) is N(β) = (x+ yi)(x− yi) =x2 + y2.Therefore by Hilbert’s Theorem 90 we see that x2 + y2 = 1 if and only if thereexists α = a− bi with

x+ yi =a+ bi

a− bi=

(a2 − b2) + 2abia2 + b2

.

Therefore every rational solution to x2 + y2 = 1 is of the form

(x, y) =(a2 − b2

a2 + b2,

2aba2 + b2

).

Now, (x, y, z) is a Pythagorean triple if and only if (x/z) + (y/z)i has norm 1.Therefore there exist rational numbers a, b with x/z = (a2 − b2)/(a2 + b2) andy/z = 2ab/(a2 + b2). Clearing denominators and removing common factors, wemay even assume that a, b ∈ Z are coprime. Therefore (x, y, z) is a Pythagoreantriple if and only if there exist coprime integers a, b and a rational number csuch that

(x, y, z) = c(a2 − b2, 2ab, a2 + b2).

Finally, since x, y, z are integers, the denominator of c must divide both a2− b2and a2 + b2, and hence must divide their sum 2a2 and difference 2b2. Since aand b are coprime we see that the denominator of c is at most 2, so 2c ∈ Z.

11.3 Cyclic Extensions

A Galois extension L/K is called cyclic if its Galois group is cyclic. We willnow study cyclic extensions under the assumption that the base field has enoughroots of unity.

Proposition 11.6. Let L/K be a cyclic Galois extension of degree n, andassume that K contain a primitive n-th root of unity. Then L/K is a splittingfield extension of some Xn − a ∈ K[X].

Proof. Let σ be a generator for the Galois group. If ζ ∈ K is a primitive n-throot of unity, then σ(ζ) = ζ, so NL

K(ζ) = ζn = 1. By Hilbert’s Theorem 90 thereexists α ∈ L with ζ = σ(α)/α. Thus σ(α) = ζα, so σr(α) = ζrα. Then α has nconjugates in L, so K(α)/K has degree n, and hence L = K(α). Moreover, theminimal polynomial of α over K is

mα/K =∏r

(X − ζrα) = αn∏r

((X/α)− ζr) = αn((X/α)n − 1) = Xn − αn.

Therefore αn = a ∈ K and L/K is a splitting field extension of Xn − a.

61

Importantly, the converse also holds.

Proposition 11.7. Let L/K be a splitting field extension of some Xn − a ∈K[X], and assume that K contains a primitive n-th root of unity. Then L/Kis Galois with cyclic Galois group of order dividing n.

Proof. Let α ∈ L be a root of Xn−a. Then the other roots are just ζrα, whereζ ∈ K is a primitive n-th root of unity. Therefore L = K(α). Moreover, sinceXn − a has distinct roots it is a separable polynomial, so L/K is Galois byTheorem 10.6.Now, the minimal polynomial m of α over K divides Xn − a, so the roots ofm are given by ζrα for r in some subset R ⊂ Z/nZ containing 0. By Artin’sExtension Theorem the elements of the Galois group G = Gal(L/K) are ofthe form σr : α 7→ ζrα for r ∈ R. Finally, σrσs(α) = ζr+sα = σr+s(α), andσ−1

r (α) = ζ−rα = σ−r(α). Therefore R ≤ Z/nZ is a subgroup, and the bijectionR→ G, r 7→ σr, is a group isomorphism.This proves that the Galois group of L/K is cyclic of order dividing n.

62

Chapter 12

Radical Extensions

We now come back to our motivating question of whether we can express theroots of an irreducible polynomial as radical expressions in the coefficients ofthe polynomial. This has a beautiful answer in terms of the structure of theGalois group: an irreducible polynomial f over a field of characteristic zero issolvable by radicals if and only if Gal(f) is a solvable group.The main difficulty in the proof is that the base field usually does not containenough roots of unity. We therefore have to adjoin these in order to make ourdeductions. Finally we show that every root of unity has a radical expression,finishing the proof.

12.1 Radical Extensions

Informally, if L/K is a field extension, then a radical expression of α ∈ L isone involving only the elements of K, the field operations +,−,×,÷ and n-throots. For example, the following element

α = 11√

37√√

2 + 9 3√

15− 124√

1 + 5√

6

is a radical expression for α over Q.More precisely, we say that a field extension L/K is radical if there exists atower

K = K0 ⊂ K1 ⊂ · · · ⊂ Kr = L

such that each field extension Ki/Ki+1 is given by extracting an ni-th root, soKi = Ki−1(αi) is simple and αni

i ∈ Ki−1. We call such a tower a radical towerfor L/K. Note that all radical extensions are necessarily finite.Given a radical tower L = Kr/ · · · /K1/K0 = K for L/K, there exists an integern such that each Ki/Ki−1 is given by extracting an n-th root. For, we knowthat Ki = Ki−1(αi) with αni

i ∈ Ki−1. Let n = lcm(n1, . . . , nr). Then ni divides

63

n, so αni ∈ Ki−1. We will call such an integer n an exponent for the radical

extension L/K. (N.B. This is non-standard terminology, but useful.)We will need two properties about radical extensions. The first concerns basechange, the second, normal closures.

Lemma 12.1. Let L/K be a field extension, and E and F intermediate fields.If E/K is radical of exponent n, then so is EF/F .

Proof. LetK = K0 ⊂ K1 ⊂ · · · ⊂ Kr = E

be a radical tower of exponent n. Write Ki = Ki−1(αi) where αni ∈ Ki−1. Set

Fi := FKi. Then Fi = Fi−1(αi) and αni ∈ Fi−1. Hence

F = F0 ⊂ F1 ⊂ · · · ⊂ Fr = EF

is a radical tower for EF/F of exponent n.

Proposition 12.2. Let M/L be a normal closure of L/K. If L/K is radical ofexponent n, then so is M/K.

Proof. LetK = K0 ⊂ K1 ⊂ · · · ⊂ Kr = L

be a radical tower of exponent n. Write Ki = Ki−1(αi) with αni ∈ Ki−1.

Let M/L be a normal closure of L/K and set Mi to be the normal closure ofKi/K inside M . Observe that Ki = K(α1, α2, . . . , αi), so if mi is the minimalpolynomial of αi over K, then Mi/K is the splitting field extension of fi :=m1m2 · · ·mi inside M . In particular, Mi/Mi−1 is the splitting field extensionof mi inside M , so Mi is generated over Mi−1 by the roots of mi.We claim that each Mi/Mi−1 is radical of exponent n, so by concatenating theirradical towers we will obtain a radical tower for M/K of exponent n. In fact,we will show that if βi is any other root of mi, then βn

i ∈Mi−1.By Artin’s Extension Theorem there is a K-isomorphism ι : K(αi) → K(βi)sending αi to βi. Since Mi/K is the splitting field extension of fi, so tooare Mi/K(αi) and Mi/K(βi). Also, fi ∈ K[X], so ι(fi) = fi. Therefore, byTheorem 8.2, there is a K-automorphism σ of Mi extending ι.Finally, Mi−1/K is the unique splitting field extension of fi−1 inside M andσ(fi−1) = fi−1. It follows that σ induces a K-automorphism of Mi−1. Thusβn = σ(αn) ∈Mi−1 as required.

Warning

If L/K is radical and E is an intermediate field, then E/K is not in generalradical. This is not surprising: just because every element of E has a radical

64

expression, we do not expect that every element which can be expressed usingthe same radicals necessarily lies in E.For this reason we make the following definition. A polynomial f ∈ K[X]is solvable by radicals if there exists a radical extension M/K containingevery root of f . Since normal closures of radical extensions are again radical,Proposition 12.2, we may even assume that M/K is normal, so contains asplitting field extension L for f . We do not require that L/K is itself radical.

12.2 Solvable Groups

Before we continue, we will need to recall some facts about solvable groups.Given a finite group G, a chain of subgroups {1} = Gr ≤ · · · ≤ G0 = G iscalled a subnormal series if Gi C Gi+1 for all i. The factor groups Gi−1/Gi

are called the subquotients of the subnormal series. A chain is called a normalseries if each Gi is a normal subgroup of G. (Some authors call a subnormalseries a normal series, but then have no name for a normal series.)A finite group G is called solvable provided there exists a subnormal seriesfor G such that all subquotients are cyclic. We observe that a simple group issolvable if and only if it is cyclic of prime order.We say that a chain of subgroups {1} = G′

n ≤ · · · ≤ G′0 = G is a refinement

of a chain {1} = Gm ≤ · · · ≤ G0 = G provided that each Gi occurs as some G′j .

Lemma 12.3. A group is solvable if and only if it has a subnormal serieswhose subquotients are all cyclic of prime order, which is if and only if it has asubnormal series whose subquotients are all abelian.

Proof. All finite abelian groups are direct products of cyclic groups, and allcyclic groups have a normal series whose subquotients are cyclic of prime order.Thus, given a subnormal series with abelian subquotients, we can refine it to asubnormal series whose subquotients are cyclic of prime order.

The next two propositions show that subnormal series pass to subgroups andto quotient groups.

Proposition 12.4. Let G be a finite group and let {1} = Gr C · · ·CG0 = G bea subnormal series for G. If H ≤ G is a subgroup, then setting Hi := H ∩ Gi

gives a subnormal series {1} = Hr C · · ·CH0 = H for H. Moreover, Hi−1/Hi ≤Gi−1/Gi.In particular, G solvable implies H solvable.

Proof. We have Hi−1 ≤ Gi−1, Gi CGi−1 and Hi = Hi−1∩Gi, so by the SecondIsomorphism Theorem, Hi CHi−1 and Hi−1/Hi

∼= (Hi−1Gi)/Gi ≤ Gi−1/Gi.For the second part we observe that subgroups of abelian (respectively cyclic)groups are again abelian (respectively cyclic).

65

Proposition 12.5. Let G be a finite group and let {1} = Gr C · · · C G0 = Gbe a subnormal series for G. If H C G is a normal subgroup, then settingGi := (GiH)/H gives a subnormal series {1} = Gr C · · ·C G0 = G/H for G/H.Moreover, Gi−1/Gi � Gi−1/Gi.In particular, G solvable implies G/H solvable.

Proof. We first observe that GiH CGi−1H is a normal subgroup. This can bedone using the Isomorphism Theorems, but it is just as easy to prove it directly.Let xy ∈ GiH, where x ∈ Gi and y ∈ H. Similarly let gh ∈ Gi−1H, whereg ∈ Gi−1 and h ∈ H. Then

(gh)(xy)(gh)−1 = ghxyh−1g−1 = (gxg−1)g((x−1hx)yh−1

)g−1.

Since Gi C Gi−1 we have gxg−1 ∈ Gi; since H C G we have x−1hx ∈ H,so (x−1hx)yh−1 ∈ H, and hence g

((x−1hx)yh−1

)g−1 ∈ H. This proves that

GiH CGi−1H.It now follows from the Third Isomorphism Theorem that Gi = (GiH)/H is anormal subgroup of Gi−1 = (Gi−1H)/H, with quotient

Gi−1/Gi∼= (Gi−1H)/(GiH).

This in turn is isomorphic to Gi−1/(Gi−1 ∩ (GiH)) by the Second IsomorphismTheorem, since Gi−1H = Gi−1(GiH).We therefore have an epimorphism Gi−1 � Gi−1/(Gi−1 ∩ GiH) ∼= Gi−1/Gi.As Gi lies in the kernel, the First Isomorphism Theorem gives an epimorphismGi−1/Gi � Gi−1/Gi as required.The second part follows as in the previous proposition, since quotients of abelian(respecively cyclic) groups are again abelian (respectively cyclic).

Theorem 12.6. Let H CG be finite groups. Then G is solvable if and only ifboth H and G/H are solvable.

Proof. Using the propositions above, it only remains to prove that ifH andG/Hare both solvable, then G is solvable. Denote by π : G → G/H the canonicalepimorphism.Let {1} = Gs C · · · C G0 = G/H be a subnormal series for G/H and let{1} = Hr C · · · CHs = H be a subnormal series for H. Define Gi := π−1(Gi)for 0 ≤ i ≤ s and Gi := Hi for s ≤ i ≤ r. Since π−1(Gs) = H, this definition isconsistent.Then {1} = GrC· · ·CG0 = G is a subnormal series for G. Moreover, Gi−1/Gi

∼=Hi−1/Hi for s < i ≤ r and Gi−1/Gi

∼= Gi−1/Gi for 0 < i ≤ s. The first of theseis clear, and the second follows from the Third Isomorphism Theorem.In particular, if each Hi−1/Hi and Gi−1/Gi is abelian (respectively cyclic), thenso is each Gi−1/Gi. Hence if H and G/H are both solvable, then so is G.

66

It is easy to show that every p-group for p a prime is a solvable group. In fact,any such group is nilpotent, meaning that we even have a normal series withabelian subquotients.

Theorem 12.7. Let p be a prime and G a finite p-group. Then G is nilpotent,so solvable.

Proof. We recall that Z(G) is the centre of G, so the set of elements z com-muting with all g ∈ G. Then Z(G) CG is clearly a normal subgroup.Now, since G is a p-group, it has non-trivial centre. For, we let G act on itself byconjugation. The orbits of size one are given by the elements of the centre Z(G),and note that |Z(G)| ≥ 1 since 1 ∈ Z(G). Let X be a set of representatives forthe conjugacy classes of size at least 2. For x ∈ X let Gx = StabG(x) be thestabiliser of x, so by the Orbit-Stabiliser Theorem [G : Gx] = |OrbG(x)| > 1.Since G is a p-group, we see that p divides each [G : Gx]. Therefore |G| =|Z(G)| +

∑x∈X [G : Gx], so p divides |Z(G)|. In particular, G has non-trivial

centre.We can define a normal series of G by setting Z0 := {1} and iteratively definingZi+1 to be the preimage in G of Z(G/Zi), so that Z1 = Z(G). For, G/Zi is ap-group, so has non-trivial centre, so Zi < Zi+1 is a strict inclusion.

More generally, we have the following famous theorem. John Thompson wasrecently awarded the Abel Prize for this and other work on finite groups.

Theorem 12.8 (Feit-Thompson). Every finite group of odd order is solvable.In particular, if G is a finite simple group, then either G is cyclic of prime orderor else |G| is even.

We shall need the following result, concerning the solvablility of the symmetricand alternating groups.

Theorem 12.9. The alternating group Altn is solvable if n ≤ 4 and simple ifn ≥ 5. In particular, the symmetric group Symn is solvable if and only if n ≤ 4.

Proof. For n = 4 we have the normal series {1} C V C Alt4 C Sym4, whereV = 〈(12)(34), (13)(24)〉 is the Klein four group. Since each quotient is abelian,we have the result. Moreover, since Sym4/V

∼= Sym3, we also obtain that Sym3

is solvable.On the other hand, if n ≥ 5, then Altn is simple but not cyclic, so not solvable.Since Altn CSymn, the full symmetric group Symn is not solvable for n ≥ 5.

12.3 Solvable Galois Extensions

We now come to one of the highlights of Galois Theory. We assume throughoutthat all fields have characteristic zero.

67

Proposition 12.10. Let L/K be Galois and radical. Then Gal(L/K) is solv-able.

Proof. Let L/K be radical of exponent n, say having a radical tower

K = K0 ⊂ K1 ⊂ · · · ⊂ Kr = L

with Ki = Ki−1(αi) and αni ∈ Ki−1. Let M/L be a splitting field extension of

Xn − 1, and let ζ ∈M be a primitive n-th root of unity.Note that L/K and K(ζ)/K are both Galois, so their compositum L(ζ) = M isGalois over K by Theorem 10.10. By the Galois Correspondence we know thatGal(M/K(ζ)) is a normal subgroup of Gal(M/K) with quotient Gal(K(ζ)/K),and this latter group is abelian by Corollary 11.3. So, by Theorem 12.6,Gal(M/K) is solvable if and only if Gal(M/K(ζ)) is solvable.On the other hand, we similarly have that Gal(M/L) is a normal subgroup ofGal(M/K) with quotient Gal(L/K). So Gal(M/K) solvable implies Gal(L/K)solvable. Putting this together we see that Gal(M/K(ζ)) solvable impliesGal(L/K) solvable.Now, M = L(ζ), so Lemma 12.1 implies that M/K(ζ) is radical of exponent n.In fact, setting Mi := Ki(ζ), we obtain the radical tower

K(ζ) = M0 ⊂M1 ⊂ · · · ⊂Mr = M

with Mi = Mi−1(αi) and αni ∈ Mi−1. Since Mi−1 contains ζ, a primitive n-th

root of unity, we know from Proposition 11.7 that Mi/Mi−1 is Galois with cyclicGalois group (of order dividing n). It follows from the Galois Correspondencethat, setting Gi := Gal(M/Mi), we have a subnormal series

{1} = Gr C · · ·CG1 CG0 = Gal(M/K(ζ))

with cyclic subquotients Gi−1/Gi∼= Gal(Mi/Mi−1). Hence Gal(M/K(ζ)) is a

solvable group as required.

The converse is slightly trickier, since we have not shown that each root of unityhas a radical expression. In fact, we prove this simultaneously.

Proposition 12.11. Let L/K be Galois with solvable Galois group. Then thereexists an extension M/L such that M/K is Galois and radical.

Proof. Let L/K have degree n. We shall prove by induction on n that thereexists a root of unity ζ such that L(ζ)/K is Galois and radical. Note that thecase n = 1 is trivial.Consider K(η)/K, where η is a primitive n-th root of unity. We know fromCorollary 11.3 that this field extension is Galois of degree dividing φ(n) withabelian Galois group. Therefore, by induction, there exists a root of unity ξsuch that K(ξ, η)/K is Galois and radical. If ξ is a primitive m-th root of unity,

68

then Lemma 11.4 tells us that K(ξ, η) = K(ζ), where ζ is a primitive l-th rootof unity for l = lcm{m,n}.Now let L(ζ)/L be a splitting field extension of X l − 1, where ζ is a primitivel-th root of unity. Note that L/K and K(ζ)/K are both Galois, so their com-positum L(ζ) is Galois over K by Theorem 10.10. Therefore it is enough toprove that L(ζ)/K(ζ) is radical, since then we can concatenate radical towersfor L(ζ)/K(ζ) and K(ζ)/K to deduce that L(ζ)/K is radical.By Theorem 10.10 once more we know that Gal(L(ζ)/K(ζ)) is isomorphic to asubgroup of Gal(L/K), so is solvable by Theorem 12.6 and has order dividingn. Let {1} = Gr C · · · C G0 = Gal(L(ζ)/K(ζ)) be a subnormal series forGal(L(ζ)/K(ζ)) with cyclic subquotients. Let Mi be the fixed field of Gi, so

K(ζ) = M0 ⊂M1 ⊂ · · · ⊂Mr = L(ζ)

is a tower of field extensions. By the Galois Correspondence we have thatMi/Mi−1 is Galois with Galois group Gi−1/Gi, so cyclic of order dividing n.SinceMi−1 contains a primitive n-th root of unity, we can apply Proposition 11.6to get that Mi = Mi−1(αi) with αn

i ∈Mi−1. Hence L(ζ) = Mr/ · · · /M0 = K(ζ)is a radical tower of exponent n. This proves that L(ζ)/K(ζ) is radical.

We summarise this discussion in the following theorem.

Theorem 12.12 (Galois). A Galois field extension L/K has solvable Galoisgroup if and only if there exists an extension M/L with M/K Galois and radical.In particular, a polynomial f ∈ K[X] is solvable by radicals if and only if Gal(f)is a solvable group.

Proof. The first part is immediate from the previous two propositions. For thesecond, let f ∈ K[X] and let L/K be a splitting field extension of f . Then fis solvable by radicals if and only if there exists an extension M/L such thatM/K is Galois and radical, which is equivalent to Gal(f) = Gal(L/K) being asolvable group.

Corollary 12.13. There exist quintic polynomials f ∈ Q[X] which are notsolvable by radicals.

Proof. We saw at the end of Section 10.2 that f = X5 − 4X + 2 ∈ Q[X] isirreducible and has Galois group Sym5. Therefore Gal(f) is not solvable, so fis not solvable by radicals.

69

Chapter 13

Cubics and Quartics

In this chapter we apply the above considerations to cubic and quartic polyno-mials, and in so doing obtain radical expressions for their roots. In particular,we recover Cardano’s formula from Exercise Sheet 1, and motivate the con-structions involved. The formula for the quartic is due to Ferrari, a student ofCardano. We will assume throughout that K is a field of characteristic zero,though in fact it is enough to take characteristic different from 2 or 3.

13.1 Solving the Cubic

Let f = X3−s1X2 +s2X−s3 ∈ K[X] be irreducible and let αi for i = 1, 2, 3 bethe roots of f in a splitting field extension L/K. Thus the si are the elementarysymmetric functions in the roots

s1 = α1 + α2 + α3, s2 = α1α2 + α2α3 + α3α1, s3 = α1α2α3.

Let G ≤ Sym3 be the Galois group of f . Recall that we have the subnormalseries {1}C Alt3 C Sym3 with cyclic subquotients of degrees 3 and 2. We needto compute the fixed field of G ∩Alt3. Define

δ =∏i<j

(αi − αj) = (α21α2 + α2

2α3 + α23α1)− (α1α

22 + α2α

23 + α3α

21),

so that the discriminant of f is

∆(f) = δ2 = s21s22 − 4s31s3 − 4s32 + 18s1s2s3 − 27s23.

Now, σ(δ) = sgn(σ)δ, so σ ∈ G fixes δ if and only if it is an even permutation.Thus G ∩ Alt3 has fixed field K(δ). Note that, since f is irreducible, G is atransitive subgroup, so G ∩Alt3 = Alt3.

70

This also gives a criterion for the Galois group of an irreducible cubic f ∈ K[X].

√∆ Gal(f)

not in K Sym3

in K Alt3

In order to obtain radical expressions for the roots we need to adjoin a primitivecube root of unity ω. So, from now on assume that ω ∈ K. Then by Proposition11.6 we have L = K(δ, u) with u3 ∈ K(δ). In fact, if σ is a generator for Alt3,say σ = (123), then σ(u) = ωu, and conversely any such u works. An obviouschoice is

u := α1 + ωα2 + ω2α3.

An easy calculation shows that u3 equals

(α31 +α3

2 +α33)+6α1α2α3 +3ω(α2

1α2 +α22α3 +α2

3α1)+3ω2(α1α22 +α2α

23 +α3α

21).

Now, using the formulae

(α21α2 + α2

2α3 + α23α1) + (α1α

22 + α2α

23 + α3α

21) = s1s2 − 3s3

(α21α2 + α2

2α3 + α23α1)− (α1α

22 + α2α

23 + α3α

21) = δ

as well asα3

1 + α32 + α3

3 = s31 − 3s1s2 + 3s3

we can write

u3 = s31 − 92s1s2 + 27

2 s3 + 32 (ω − ω2)δ = 1

2 (λ+ 3(ω − ω2)δ),

where λ = 2s31 − 9s1s2 + 27s3. Note also that ω − ω2 =√−3.

We can similarly form the sum v = α1 + ω2α2 + ωα3, so that

v3 = 12 (λ− 3(ω − ω2)δ) and uv = s21 − 3s2.

Finally we can solve for αi using the three expressions

s1 =∑

i

αi, u =∑

i

ωi−1αi, v =∑

i

ω2(i−1)αi.

This gives

α1 = 13 (s1 + u+ v), α2 = 1

3 (s1 + ω2u+ ωv), α3 = 13 (s1 + ωu+ ω2v).

Observe that u3 and v3 are the roots of the auxillary quadratic

X2 − λX + 14 (λ2 + 27∆) ∈ K[X].

This recovers the formula from Exercise Sheet 1 when s1 = 0 (except the u andv used there are one third of the u and v used above).

71

13.2 Solving the Quartic

Now let f = X4 − s1X3 + s2X3 − s3X + s4 ∈ K[X] be an irreducible quartic.

Let L/K be a splitting field extension and let αi ∈ L for i = 1, 2, 3, 4 be theroots of f . Let G ≤ Sym4 be the Galois group of f . Note that the si are againthe elementary symmetric functions in the roots

s1 = α1 + α2 + α3 + α4, s2 = α1α2 + α1α3 + α1α4 + α2α3 + α2α4 + α3α4,

s3 = α1α2α3 + α1α2α4 + α1α3α4 + α2α3α4, s4 = α1α2α3α4.

Recall that Sym4 has a normal series {id} C V C Alt4 C Sym4 with abeliansubquotients. In fact, for solving the quartic, the most important subgroup isV , since Sym4/V

∼= Sym3. Therefore the fixed field of V corresponds to thesplitting field of a cubic, called the auxillary cubic. Since V ∼= (Z/2Z)2 it hasthree subgroups of order two, which we can then use, together with the roots ofthe auxillary cubic, to obtain radical expressions for the roots.Note that, under the isomorphism Sym4/V

∼= Sym3, the preimage of Alt3 isAlt4, and the preimages of the three subgroups of order two give three subgroupsof Sym4 containing V and isomorphic to D8. These have fixed fields generatedby the individual roots of the auxillary cubic.

Fixed Fields

We want to find the fixed fields of the subgroups G ∩ V and G ∩ Alt4. In fact,we will also need the fixed fields for G ∩D and G ∩ T , where

D = {id, (12), (34), (12)(34), (13)(24), (14)(23), (1324), (1423)} ∼= D8

andT = {id, (12)(34)} ∼= Z/2Z.

Note that {1}CTCV CD is a subnormal series, with all subquotients isomorphicto Z/2Z.We will prove the following.

subgroup G ∩ T G ∩ V G ∩D G ∩Alt4

fixed field F (α1 + α2, α1α2) F K(a) K(δ)

The notation is as follows. As usual we have set

δ =∏i<j

(αi − αj) =∑

σ∈Alt4

α3σ(1)α

2σ(2)ασ(3) −

∑σ∈Alt4

ασ(1)α2σ(2)α

3σ(3),

so that the discriminant of f is ∆(f) = δ2.

72

Also, F = K(a, b, c), where

a := (α1 + α2)(α3 + α4), b := (α1 + α3)(α2 + α4), c := (α1 + α4)(α2 + α3)

are the roots of the auxillary cubic

g := X3 − 2s2X2 + (s22 + s1s3 − 4s4)X + (s23 + s21s4 − s1s2s3) ∈ K[X].

We first compute the fixed field of G∩Alt4. Note that, as before, if σ ∈ G, thenσ(δ) = sgn(σ)δ. It follows that ∆ ∈ K and Gal(L/K(δ)) = G ∩Alt4.Next consider G ∩ V . We have V = {id, (12)(34), (13)(24), (14)(23)}, so it isnatural to look at the elements a, b, c given above. We calculate that

a+ b+ c = 2s2, ab+ bc+ ca = s22 + s1s3 − 4s4, abc = −s23 − s21s4 + s1s2s3

so that a, b, c are indeed the roots of the auxillary cubic g.Note that the roots a, b, c of g are all distinct (although g need not be irre-ducible). In fact, f and g have the same (non-zero) discriminant: for,

a− b = −(α1 − α4)(α2 − α3),b− c = −(α1 − α2)(α3 − α4),a− c = −(α1 − α3)(α2 − α4),

so that(a− b)(a− c)(b− c) = −

∏i<j

(αi − αj) = −δ.

It follows that K(a) is the fixed field of G ∩D. Moreover, doing this for K(b)and K(c) and using the Galois Correspondence shows that K(a, b, c) is the fixedfield of G ∩ V .We remark that K(a, b, c)/K is Galois, since it is the splitting field extensionof g. This reflects the fact that G ∩ V is normal in G. We immediately getthat Gal(g) ∼= G/(G ∩ V ), which is a subgroup of Sym4/V

∼= Sym3. Since thepreimage of Alt3 is just Alt4 it is no great surprise that f and g have the samediscriminant.Finally consider G ∩ T . There is a slight technicality in computing the fixedfield for this subgroup, since it may be that one of α1 + α2 or α1α2 lies in F .We begin by observing that (X − α1)(X − α2) 6= (X − α3)(X − α4), since theyhave distinct roots. Therefore either α1 + α2 6= α3 + α4 or α1α2 6= α3α4.Assume that α1 +α2 6= α3 +α4. Then α1 +α2 = αi +αj implies {i, j} = {1, 2},and so K(α1 + α2) is the fixed field of G ∩ 〈(12), (34)〉. Thus F (α1 + α2) is thefixed field of G ∩ V ∩ 〈(12), (34)〉 = G ∩ T .If instead α1α2 6= α3α4, then we see that the fixed field of G ∩ T is F (α1α2).In either case, we get that the fixed field is F (α1 + α2, α1α2).We remark that

s3 = s1α1α2 +α1 + α2

α1α2(s4 − α2

1α22).

73

In particular, if α1α2 6= α3α4, then α1 + α2 ∈ K(α1α2). Similarly

s3 − 12s1s2 + 1

8s31 =

(α1 + α2 − 1

2s1)(s2 − a+ 1

2s1(α1 + α2 − 12s2)− 2α1α2

),

and recall that a = (α1 + α2)(s1 − α1 − α2). So, if α1 + α2 6= α3 + α4, thenα1α2 ∈ K(α1 + α2).These expressions seem to be new — at least I could not find them in thestandard literature.

Galois Group

We can now calculate the Galois group G of f .

g ∈ K[X] δ√s21 − 4a,

√(s2 − a)2 − 4s4 Gal(f)

splits Virreducible in K Alt4irreducible not in K Sym4

root a both in K(√

∆) Z/4Zroot a not both in K(

√∆) D8

Recall that G is a transitive subgroup of Sym4, so is one of

Sym4, Alt4, D8 = 〈Z/4Z, V 〉, Z/4Z, V.

Also, we saw above that G/(G ∩ V ) = Gal(g). So, if g splits over K, thenG = G∩V , and hence G = V . On the other hand, if g is irreducible, then Gal(g),and hence G, contains a 3-cycle. Since g and f have the same discriminant∆ = δ2, we see that either δ ∈ K, so Gal(g) = Alt3 and G = Alt4, or elseδ 6∈ K, so Gal(g) = Sym3 and G = Sym4.Finally, suppose that g has a single root a ∈ K. Then also b + c, bc ∈ K, andδ = (a2 − a(b + c) + bc)(b − c) 6= 0. So δ ∈ K if and only if b − c ∈ K, whichis if and only if g splits over K. By assumption this does not happen, so wehave K < K(δ) = F . Therefore G > G ∩ Alt4 = G ∩ V . It follows that G iseither D8 or Z/4Z. Now, either α1 + α2, α1α2 are both in K(δ), in which caseG∩ T = G∩ V and G ∼= Z/4Z, or else they are not both in K(δ), in which caseG ∩ T < G ∩ V and G ∼= D8.Note that α1 +α2, α3 +α4 are the roots of the quadratic X2−s1X+a, whereasα1α2, α3α4 are the roots of the quadratic X2 − pX + s4. These have respectivediscriminants s21 − 4a and (s2 − a)2 − 4s4, so the result follows.

74

Radical Expressions

We can also use this information to find radical expressions for the roots of f .We already know how to solve the cubic

g = X3 − 2s2X2 + (s22 − 4s4 + s1s3)X − (s1s2s3 − s21s4 − s23),

assuming thatK contains a primitive cube root of unity ω. We set

λ = 2(2s2)3 − 9(2s2)(s22 − 4s4 + s1s3) + 27(s1s2s3 − s21s4 − s23)= −2s32 − 27s23 − 27s21s4 + 72s2s4 + 9s1s2s3.

and takeu3 = 1

2 (λ+ 3(ω − ω2)δ), v3 = 12 (λ− 3(ω − ω2)δ)

withuv = (2s2)2 − 3(s22 − 4s4 + s1s3) = s22 + 12s4 − 3s1s3.

Then the roots of g are

a = 13 (2s2 + u+ v), b = 1

3 (2s2 + ω2u+ ωv), c = 13 (2s2 + ωu+ ω2v).

This gives the field F = K(a, b, c).There are now two possible approaches. The theory says we should take asquare root to get F (α1 + α2, α1α2), and then another square root to get L.Unfortunately, due to the technicality mentioned above, we do not know whichsquare root to take, either

√s21 − 4a or

√(s2 − a)2 − 4s4.

The alternative is to take three square roots and construct F (α1+α2), F (α1+α3)and F (α1 + α4). Then L is the compositum of these three fields: for example,

(α1 + α2) + (α1 + α3) + (α1 + α4) = 2α1 + s1.

We therefore solve the three quadratics

X2 − s1X + a, X2 − s1X + b, X2 − s1X + c,

but making sure that the square roots of the discriminants are chosen such that

β1 =√

14s

21 − a = α1 + α2 − 1

2s1 = 12

((α1 + α2)− (α3 + α4)

)β2 =

√14s

21 − b = α1 + α3 − 1

2s1 = 12

((α1 + α3)− (α2 + α4)

)β3 =

√14s

21 − c = α1 + α4 − 1

2s1 = 12

((α1 + α4)− (α2 + α3)

).

Note that, after relabelling the roots αi, we may assume that β2, β3 are in thecorrect form. Then

β2β3 = s2 − a+ 12s1(α1 + α2 − 1

2 )− 2α1α2,

75

so (by our earlier computation relating α1 + α2 and α1α2) the assumption onthe βi is equivalent to the compatibility condition

β1β2β3 = s3 − 12s1s2 + 1

8s31.

This in effect says that we only need take two square roots, since the third canthen be obtained using this expression. Having done this we can solve for α1:

2α1 = 12s1 + β1 + β2 + β3.

Summary

In summary, given a quartic

f = X4 − s1X3 + s2X2 − s3X + s4 ∈ K[X],

where K contains a primitive cube root of unity, we solve the auxillary cubic

g = X3 − 2s2X2 + (s22 + s1s3 − 4s4)X + (s23 + s21s4 − s1s2s3)

to get the roots a, b, c. We then take square roots

β1 =√

14s

21 − a, β2 =

√14s

21 − b, β3 =

√14s

21 − c

with signs chosen such that

β1β2β3 = s3 − 12s1s2 + 1

8s31.

The roots of f are then given by

2α1 = 12s1 + β1 + β2 + β3 2α3 = 1

2s1 − β1 + β2 − β3

2α2 = 12s1 + β1 − β2 − β3 2α4 = 1

2s1 − β1 − β2 + β3.

Biquadratic Polynomials

As a special case, consider a biquadratic polynomial1

f = X4 + s2X2 + s4 ∈ K[X].

When f is irreducible we have the following possibilities for Gal(f).

Gal(f) ∼=

V if s4 is a square in KZ/4Z if s4(s22 − 4s4) is a square in KD8 otherwise

1 This is standard terminology, but a biquadratic extension is not a splitting field extensionof a general biquadratic polynomial, but rather of two quadratic polynomials, for exampleQ(√

2,√

3)/Q.

76

For, the auxillary polynomial is

g = X(X2 − 2s2X + (s22 − 4s4)),

so g always has the root a = 0 in K, and the discriminant is ∆ = 16s4(s22−4s4)2.Therefore δ ∈ K if and only if s4 is a square in K, and then the splitting fieldextension of g is F = K(

√s4) = F (δ). Finally, s21− 4a = 0, so we only need ask

whether s22 − 4s4 is a square in K(√s4). Note here that since f is irreducible,

s22 − 4s4 is not a square in K.We can now apply the previous criterion. If s4 is a square in K, then g splitsover K and G = V . Assume a = 0 is the only root of g in K. Then G = Z/4Zif and only if s22 − 4s4 is a square in K(

√s4), otherwise G = D8.

Finally, s22 − 4s4 is a square in K(√s4) if and only if s4(s22 − 4s4) is a square in

K. For, assume that s22 − 4s4 = (x + y√s4)2 with x, y ∈ K. Multiplying out

and equating coefficients gives that xy = 0. Since s22− 4s4 is not a square in K,we cannot have y = 0. Therefore x = 0 and s4(s22 − 4s4) = (s4y)2 is a squarein K. Conversely, suppose that s4(s22 − 4s4) is a square in K. Since s22 − 4s4 isnot a square in K, neither is s4, but then s22 − 4s4 is a square in K(

√s4).

77

Chapter 14

Algebraically Closed Fields

This chapter is non-examinable, and is included only for completeness.A field L is called algebraically closed if every non-constant polynomial f hasa root in L. In other words, the only irreducible polynomials are those of degreeone. An algebraic closure of K is an algebraic field extension L/K with Lalgebraically closed.Algebraic closures are special cases of normal field extensions, or of splittingfield extensions.

Lemma 14.1. L is an algebraic closure of K if and only if if is the splittingfield extension for the set of all polynomials in K[X].

Proof. Let L be an algebraic closure of K and take f ∈ K[X] non-constant.Then f factorises over L as a product of degree one polynomials; in otherwords, f splits over L. It follows that L/K contains a unique intermediate fieldF which is a splitting field extension for the set of all polynomials in K[X].For, we can take the intersection over all such intermediate fields. Since L/Kis algebraic, if α ∈ L \ F , then the minimal polynomial mα/K cannot split overF , a contradiction. Thus L = F .Conversely, let L/K be a splitting field extension for the set of all polynomialsin K[X]. Then L/K is necessarily generated by the set of all roots of all poly-nomials in K[X], all of which are algebraic elements, so L/K is algebraic. Nowtake f ∈ L[X] and let α be a root of f in some extension of L. Then, by thetransitivity of algebraic extensions, Exercsie Sheet 7, Question 2, we know thatα is algebraic over K. By assumption mα/K ∈ K[X] splits over L, so α ∈ L.Therefore L is algebraically closed.

Having made this connection, we can try and prove the existence and uniquenessof algebraic closures. As is often the case, we will need to replace the inductionproof of Theorem 8.2 with an application of Zorn’s Lemma.

78

Before we begin, we make a further observation, which will simplify considerablythe construction of an algebraic closure.

Proposition 14.2. Let L/K be algebraic. If every f ∈ K[X] has a root in L,then L is algebraically closed.

Proof. Take f ∈ L[X] and let α be a root of f in some field extension of L. Bythe transitivity of algebraic extensions, α is algebraic over K, say with minimalpolynomial m. Let L′/L be a splitting field extension of m, and let M ⊂ L′

be the splitting field extension of m over K. We want to show that M ⊂ L, sothat in particular α ∈ L.We know that M/K is finite and normal, so we can use the results from ExerciseSheet 7, Question 7; that is, let E = M sep/K and let F = MGal(M/K). Thenboth E/K and M/F are Galois, with isomorphic Galois groups, and both M/Eand F/K are purely inseparable. Finally, M = EF is the compositum of E andF . Therefore, it is enough to show that both E and F are subfields of L.Since E/K is Galois, it is simple by Corollary 10.7, say E = K(β). ThenE = K(β′) for any root β′ of mβ/K , and by assumption L contains a root ofmβ/K . This proves that E ⊂ L.Since F/K is purely inseparable, if γ ∈ F , then mγ/K = Xq − γq where q = pn

is a power of the characteristic (or q = 1 in characteristic zero). This polynomialhas a unique root, namely γ, so again our assumption on L implies that γ ∈ L.It follows that F ⊂ L.

Theorem 14.3 (Existence of Algebraic Closures). Every field K has an alge-braic closure.

Proof. For each non-constant polynomial f ∈ K[X] we take an indeterminateXf and form the ring R := K[{Xf : f ∈ K[X] \K}]. (In fact, it is enough totake just the monic irreducible polynomials.) Consider the ideal ICR generatedby the elements f(Xf ) ∈ R.We claim that I is a proper ideal, and hence is contained in a maximal idealJ CR by Theorem B.3 (which uses Zorn’s Lemma).It will follow that L := R/J is a field extension of K generated by the imagesxf of the Xf . Since f(Xf ) ∈ I we have f(xf ) = 0 in L, so each xf is algebraicover K and hence L/K is algebraic. Finally, each non-constant polynomialf ∈ K[X] has a root in L, namely xf . Therefore, by the previous proposition,L is an algebraic closure of K.It remains to prove the claim. If I is not proper, then it contains the identity,so we can write 1 = g1f1(Xf1)+ · · ·+ gnfn(Xfn) for some distinct non-constantpolynomials fi ∈ K[X] and some elements gi ∈ R. Now, each gj uses onlyfinitely many variables, so the expression above only uses finitely many variables,say X1, . . . , Xm with the convention that Xi = Xfi

for 1 ≤ i ≤ n. We can nowwrite 1 =

∑ni=1 gi(X1, . . . , Xm)fi(Xi) ∈ K[X1, . . . , Xm].

79

Let E/K be a finite extension in which each fi has a root, say fi(αi) = 0. Setαi = 0 for n < i ≤ m. Applying the evaluation map K[X1, . . . , Xm] → E,Xi 7→ αi, give 1 =

∑i gi(α1, . . . , αm)fi(αi) = 0 in E, a contradiction. Thus I

is a proper ideal and the claim is proved.

Before we continue, recall from Exercise Sheet 5, Question 7, that if L/K istranscendental, then there exist K-endomorphisms of L which are not automor-phisms. We now show that this cannot happen when L/K is algebraic.

Proposition 14.4. Let L/K be algebraic and let σ be a K-endomorphism ofL. Then σ is a K-automorphism.

Proof. Since σ is necessarily injective, we just need to show that σ is surjective.It will follow that σ−1 is a K-embedding, and hence that σ is K-automorphism.Let α ∈ L, say with minimal polynomial m = mα/K . Let α = α1, . . . , αn be thedistinct roots of m in L. (Note: we are not assuming that m splits over L, orthat it is separable.) Since σ(m) = m, we know that σ(αi) is again a root of m,so σ(αi) ∈ {α1, . . . , αn}. Since σ is injective, it induces an injective map from{α1, . . . , αn} to itself, which is necessarily a bijection. Thus each αi lies in theimage of σ. In particular, α ∈ σ(L), so σ is surjective.

Theorem 14.5 (Uniqueness of Algebraic Closures). Let ι : K ∼−→ K ′ be a fieldisomorphism, let L/K be algebraic, and let L′ be an algebraic closure of K ′.Then there exists a field embedding σ : L→ L′ extending ι.Moreover, if L is algebraically closed, then σ is an isomorphism.

Proof. To prove the existence of σ we shall use Zorn’s Lemma.Let S denote the set of all pairs (F, τ) such that F is an intermediate field ofL/K and τ : F → L′ is a field embedding extending ι. We endow S with apartial order by setting (E, ρ) ≤ (F, τ) if E ⊂ F and τ extends ρ. Clearly S isnon-empty, since it contains (K, ι). Moreover, every chain has an upper bound.For, if {(Fi, τi)} is a totally ordered subset, then F :=

⋃i Fi is an intermediate

field of L/K and we can define τ : F → L′ by setting τ(α) = τi(α) for any isuch that α ∈ Fi. Then (F, τ) is an upper bound for the chain {(Fi, τi)}.By Zorn’s Lemma, S contains a maximal element (F, σ). We claim that F =L. Otherwise, let α ∈ L \ F . Then α is algebraic over F , say with minimalpolynomial m = mα/F . Now σ(m) ∈ L′[X] has a root α′ ∈ L′ since L′ isalgebraically closed. Therefore, by Artin’s Extension Theorem, we can extendσ to a field embedding τ : F (α) → L′ via α 7→ α′. Thus (F, σ) < (F (α), τ),contradicting the maximality of (F, σ). Therefore F = L and there exists a fieldembedding σ : L→ L′ extending ι.Now suppose that L is an algebraic closure ofK. Then we have a field embeddingσ : L → L′ extending ι, and a field embedding τ : L′ → L extending ι−1. Itfollows that στ is aK ′-endomorphism of L′, so an automorphism by the previousproposition. In particular, σ is surjective, and hence an isomorphism.

80

Since all algebraic closures of K are isomorphic, it is common to fix one of themand denote it by K.By the transitivity of algebraic extensions, it is easy to see that if L/K is a fieldextension with L algebraically closed, then K = Lalg/K is an algebraic closureof K. For example, since C is algebraically closed, we have Q = Calg/Q.Another useful corollary concerns splitting field extensions of arbitrary subsetsS ⊂ K[X].

Corollary 14.6. Let S ⊂ K[X] be an arbitrary subset. Then a splitting fieldextension of S over K exists, and is unique up to isomorphism.

Proof. Let K be an algebraic closure of K. Then each f ∈ S splits over K, sothere is a unique intermediate field L, minimal with respect to this property.For, as usual, we take the intersection over all such intermediate fields.

If ι : K ∼−→ K ′ is a field isomorphism and K′

an algebraic closure of K ′, thenthere exists a field isomorphism σ : K ∼−→ K

′extending σ. Now, there is a

unique splitting field extension L′ of S′ := ι(S) inside K′. Since σ(L) is also a

splitting field extension of S′ we must have that σ(L) = L′. In other words, σ

restricts to an isomorphism LL−→′extending ι.

Using this we see that many results actually extend from the finite case to thealgebraic case. For example, normal field extensions are the same as splittingfield extensions, and normal closures of algebraic extensions always exist.

81

Chapter 15

Selected Topics

15.1 The Normal Basis Theorem

The Normal Basis Theorem is due to Hensel (1888) in the case of finite fields,and Noether (1932) and Deuring (1933) for general Galois extensions. It statesthat for a Galois extension L/K, there is a K-basis of L given by a single orbit{σ(θ) : σ ∈ Gal(L/K)} of the Galois group.This basis has applications to cryptography, since it is easy to manipulate andis computationally very efficient.

Theorem 15.1 (Normal Basis). Let L/K be Galois. Then there exists anelement θ ∈ L such that the set {σ(θ) : σ ∈ Gal(L/K)} is a K-basis for L,called a normal basis.

We shall split the proof into two cases: when the field is infinite, or when theGalois group is cyclic (which includes all finite fields).

15.1.1 Proof for infinite fields

Recall that, for an irreducible polynomial f ∈ K[X] with roots α1, . . . , αn, wehave the discriminant ∆(f) := (−1)(

n2) ∏

i 6=j(αi − αj). We can generalise thisnotion as follows.Let L/K be a Galois extension with Galois group G = {σ1, . . . , σn}. For{α1, . . . , αn} ⊂ L we define

∆(α1, . . . , αn) := det(TrL

K(αiαj))∈ K.

We observe that we can rewrite this as follows. Set

A :=(σi(αj)

)∈Mn(L).

82

ThenAtA =

( ∑i

σi(αiαj))

=(TrL

K(αiαj))∈Mn(K),

using thatTrL

K =∑

i

σi,

as shown in Proposition 15.9. Therefore

∆(α1, . . . , αn) = det(A)2.

This definition generalises the discriminant for f . For, let L/K be the splittingfield of f and let α1, . . . , αn be the roots of f in L. We may assume that theGalois group acts via σi(α1) = αi. Therefore, using the subset {1, α1, . . . , α

n−11 },

we obtain as above that

A :=(σi(α

j−11 )

)=

(αj−1

i

).

This is a Van der Monde matrix, so

det(A) =∏i>j

(αi − αj), whence ∆(1, α1, . . . , αn−11 ) = det(A)2 = ∆(f).

Proposition 15.2. Let L/K be Galois. Then {α1, . . . , αn} is a K-basis for Lif and only if ∆(α1, . . . , αn) 6= 0.

Proof. Let Gal(L/K) = {σi} and set A := (σi(αj)) as before. Then A is non-singular if and only if ∆(α1, . . . , αn) 6= 0.Suppose first that A is singular. Then there exists λi ∈ L such that (λi)A = 0,or in other words,

∑i λiσi(αj) = 0 for all j. If the αj were a K-basis, then

for any θ ∈ L we could write θ =∑

j µjαj . Then∑

i λiσi(θ) = 0, so that∑i λiσi = 0, contradicting the Linear Independence of Characters. Hence the

αi do not form a K-basis of L.Conversely, suppose thatA is non-singular. Then the αi are linearly independentover K. For, if

∑j λjαj = 0 for some λj ∈ K, then applying σi yields that∑

j σi(αj)λj = 0 for all i. Therefore A(λi) = 0. Since A is non-singular, wededuce that λj = 0 for all i.

We can now prove the Normal Basis Theorem for infinite fields.Let L/K be Galois with Galois group Gal(L/K) = {σi}. By the PrimitiveElement Theorem, we can write L = K(α). Set f ∈ K[X] to be the minimalpolynomial of α. Over L we have f =

∏i(X − σi(α)), by Proposition 15.9. For

convenience we assume that σ1 = id and α1 = α, and write αi = σi(α).The idea is now to use the Chinese Remainder Theorem to obtain

L[X]/(f) ∼= Ln, X 7→ (α1, . . . , αn) where n := deg(f) = [L : K].

83

In particular, we have a complete set of pairwise orthogonal idempotents in Ln

given by ei having 1 in place i and 0 elsewhere.More explicitly, set

gi :=∏j 6=i

X − αj

αi − αj.

Then clearly gi(αj) = 0 for i 6= j and gi(αi) = 1 (so that gi 7→ ei ∈ Ln). Notealso that σi(g1) = gi. Furthermore, if i 6= j, then each αl is a root of ghigj , sof divides gigj in L[X] (corresponding to eiej = 0 for i 6= j in Ln). Finally, wehave the polynomial identity

∑i gi = 1 in L[X] (corresponding to 1 =

∑i ei in

Ln). For, the left hand side is a polynomial of degree at most n− 1, and takesthe value 1 at each αl; therefore it is identically 1.Thus, in L[X], we have gigj ≡ 0 mod f for i 6= j, and gj =

∑i gigj ≡ g2

j mod f .From this we obtain that, in K[X], we have TrL

K(gigj) ≡ 0 mod f for i 6= j andTrL

K(g2i ) ≡ TrL

K(gi) = 1 mod f . This yields the polynomial identity

∆(gi) = det(TrL

K(gigj))≡ 1 mod f,

since the off-diagonal entries vanish, and the diagonal entries are all 1.We can now define a polynomial h ∈ K[X] via h(X) = ∆(gi). As a polynomial,this is non-zero, since it is congruent to 1 modulo f . Since K is an infinite field,there exists some λ ∈ K such that h(λ) 6= 0 (and h(λ) = ∆(gi(λ))). Settingθ := g1(λ), we have gi(λ) = σi(θ), and hence ∆(σi(θ)) = h(λ) 6= 0. By theprevious Proposition, we deduce that {σi(θ)} is a normal basis for L/K.

As a simple example, consider Q(i)/Q. Then f = X2 + 1, and g1 = 12i (X + i)

and g2 = −12i (X − i). Hence

Tr(g21) = −1

4Tr(X2 + 2iX − 1) = −1

2(X2 − 1) = 1− 1

2f.

Similarly

Tr(g22) = 1− 1

2f and Tr(g1g2) =

12f,

so thath(X) = det

(Tr(gigj)

)= 1− f = X2.

The result then says that {g1(λ), g2(λ)} = { 12i (λ+ i), −1

2i (λ− i)} is a Q-basis ifand only if λ 6= 0.

15.1.2 Proof for cyclic Galois groups

Let σ ∈ Gal(L/K) be a generator for the Galois group. We observe that anynormal basis for L/K is of the form {θ, σ(θ), . . . , σn−1(θ)}, where n = [L : K].Recall that L is a K-vector space of dimension n and that σ is a K-linear endo-morphism of L. In particular, we can talk about the characteristic polynomial

84

χ of σ, and also its minimal polynomial m. Clearly σn = 1, so that the minimalpolynomial m divides Xn − 1. On the other hand, by the Linear Independenceof Characters, we know that 1, σ, . . . , σn−1 are linearly independent, so that σdoes not satisfy any polynomial relation of degree less then n. Since [L : K] = nwe deduce that m = χ = Xn − 1.The normal basis theorem therefore follows from the a general result in linearalgebra. Let V be a K-vector space of dimension n and let S ∈ EndK(V ).A cyclic vector for S is a vector v ∈ V such that {v, S(v), · · · , Sn−1(v)} is aK-basis of V .

Theorem 15.3. The endomorphism S has a cyclic vector if and only if itsminimal polynomial equals its characteristic polynomial.

The proof of this is essentially a special case of the rational normal form formatrices. (The rational normal form is a generalisation of the Jordan normalform which works for arbitrary fields, not just algebraically closed fields.) Ourapproach will be via polynomials.Let χ = pr1

1 · · · prss be the characteristic polynomial of S, where pi ∈ K[X] are

pairwise coprime, monic irreducible polynomials. Again, the Chinese RemainderTheorem tells us that

K[X]/(χ) ∼= K[X]/(pr11 )× · · · ×K[X]/(prs

s ).

We again have a complete set of pairwise orthogonal idempotents ei having 1in the i-th factor and 0 elsewhere.Explicitly, set

fi :=∏j 6=i

prj

j = m/prii .

Then gcd(f1, . . . , fs) = 1, so there exist gi with∑

i gifi = 1. We observethat χ divides fifj for i 6= j. Hence fj =

∑i gififj ≡ gjf

2j mod (χ), so that

(gifi)2 ≡ gifi mod (χ). In summary,

Pi := gifi, PiPj ≡ 0 mod (χ) for i 6= j, P 2i ≡ Pi mod (χ).

(Thus Pi 7→ ei.)Set Pi := Pi(S) = gi(S)fi(S). By the Cayley-Hamilton Theorem, we know thatχ(S) = 0 on V . Thus

P 2i = Pi, PiPj = 0 for i 6= j, and

∑i

Pi = id.

Using this we can write

V =⊕

i

Vi, where Vi = Im(Pi).

85

For, we know that v =∑

i Pi(v). On the other hand, if Pi(v) = Pj(w) for somev, w ∈ V and some i 6= j, then Pj(w) = P 2

j (w) = PjPi(v) = 0. This shows thatthe sum is direct.Note that Vi = Ker(pi(S)ri), so that the Vi are generalised eigenspaces. For,if v = Pi(w) ∈ Vi, then since pri

i fi = χ, we have pi(S)riPi = 0, so v ∈Ker(pi(S)ri). Conversely, if pi(S)ri(v) = 0, then writing v =

∑j Pj(v) and

using that prii divides fj for i 6= j, we see that Pj(v) = 0 for all j 6= i. Hence

v = Pi(v) ∈ Vi.Next we note that each Vi is S-invariant; i.e. if v ∈ Vi, then S(v) ∈ Vi. For,PiS = SPi, which follows from the fact that Pi = gi(S)fi(S) is a polyno-mial in S. Therefore S can be represented as a block diagonal matrix S =diag(S1, . . . , Ss), where Si represents the induced action of S on Vi.We can now reduce to the case when V = Vi for some i. For, if vi ∈ Vi is acyclic vector for Si for each i, then v =

∑i vi ∈ V is a cyclic vector for S. To

see this, we just note that vi = Pi(v) ∈ W := Span{v, S(v), S2(v), . . .}. ThusVi ≤W for each i, whence W = V . Also, the characteristic polynomial χi of Si

on Vi is just prii , whereas if the minimal polynomial of S equals m = pa1

1 · · · pass

with 1 ≤ ai ≤ ri, then the minimal polynomial mi of Si equals mi = paii . So

m = χ if and only if ai = ri for all i, which is if and only if mi = χi for all i.Therefore it is enough to prove the result when χ = pr for some monic irreduciblepolynomial p.Suppose first that m 6= χ. Then for each vector v ∈ V the subspace W :=Span{v, S(v), S2(v), . . .} has dimension at most deg(m) < deg(χ) = dimV .Therefore V cannot have a cyclic vector. (As a trivial example, think of S = id,which has minimal polynomial X − 1 and characteristic polynomial (X − 1)n.If n ≥ 2, then S does not have a cyclic vector.)Now suppose that m = χ, and consider pr−1. By definition, p(S)r−1 6= 0, sothere exists v ∈ V such that p(S)r−1(v) 6= 0. We claim that such a vectoris a cyclic vector for S. Again, set W := Span{v, S(v), S2(v), . . .}. We knowthat W ≤ V is an S-invariant subspace. It follows from the First IsomorphismTheorem that S induces an action on the quotient V/W . In particular, we canrepresent S as an upper-triangular block matrix

S =(S1 S3

0 S2

), where S1 = S|W ∈ EndK(W ), S3 = S ∈ EndK(V/W ).

Therefore χ = χ1χ2, where χi is the characteristic polynomial of Si. (We havealready mentioned this fact in the Remark following Theorem 15.4 about thenorm and trace.) Since χ = pr is a power of an irreducible polynomial, we deducethat χ1 = pa for some 1 ≤ a ≤ r. By the Cayley-Hamilton Theorem once more,we know that p(S)a = 0 on W , whereas by construction p(S)r−1(v) 6= 0. Thusa ≥ r, so that a = r and dimW = deg(pr) = dimV , so that V = W .This completes the proof of Theorem 15.3, and hence the proof of the NormalBasis Theorem when the Galois group is cyclic.

86

15.2 The Norm and Trace

Let L/K be a finite field extension and α ∈ L. Then multiplication by αinduces a K-linear endomorphism A of L. The Cayley-Hamilton Theorem saysthat every endomorphism satisfies its own characteristic equation χA(X) =det(X − A) ∈ K[X]; that is, χA(A) is the zero-map on L. We observe thatAr(β) = αrβ for all β ∈ L, so that χA(A) acts on L as multiplication by χA(α).Therefore α is a root of the polynomial χA(X).Note that the characteristic polynomial χA(X) is a monic polynomial and isindependent of the choice of basis, so depends only on α and L/K. We denoteit by χL

α/K and call it the field equation of α/K with respect to L.

Theorem 15.4. Let L/k be a finite field extension and let α ∈ L. Then

χk(α)α/k = mα/k and χL

α/k = (mα/k)[L:k(α)].

Proof. Suppose first that L = k(α). Since α is a root of the polynomial χLα/k,

we know that mα/k divides χLα/k. Since they are both monic polynomials of

degree [k(α) : k], they must be equal. This proves the first result.Now let K = k(α) (or more generally any subfield of L containing k(α)). Let{ui}i be a K-basis of L and {vp}p a k-basis of K. Then {uivp}(i,p) is a k-basisof L. Let A : L → L and B : K → K be the k-linear maps corresponding tomultiplication by α. Let B = (bpq) be the matrix with respect to {vp} andA = (aipjq) the matrix with respect to {uivp}. Then∑

i,p

aipjquivp = αujvq = ujαvq =∑

p

bpqujvp.

Hence aipjq = δijbpq, so A can be written in block-diagonal form, with [L : K]copies of B on the diagonal. This proves the second statement.

Remark. A different proof can be constructed using the following general resultfrom linear algebra: if V is a k-vector space, A : V → V a k-linear endomorphismof V and U ≤ V a subspace such that A(U) ⊂ U , then A induces endomorphismsB : U → U and C : V/U → V/U . Choosing a basis for U and extending to abasis for V , we can write the matrix for A in block form, with the matrices forB and C on the diagonal, and zero in the bottom left corner. Thus χA = χBχC .Let L/K be a finite field extension, α ∈ L and A the K-linear automorphismof L induced by multiplication by α. We define the norm of α in L/K to beNL

K(α) := det(A) and the trace of α in L/K to be TrLK(α) := Tr(A).

Proposition 15.5. Let L/K be a finite field extension and α, β ∈ L. Then

1. NLK : L∗ → K∗ is a group homomorphism between multiplicative groups.

In particular, NLK(αβ) = NL

K(α)NLK(β).

87

2. TrLK : L → K is a group homomorphism between additive groups. In par-

ticular, TrLK(α+ β) = TrL

K(α) + TrLK(β).

Proof. Let A and B be the K-linear automorphisms of L induced by multipli-cation by α and β respectively. Then AB corresponds to multiplication by αβ,so

NLK(αβ) = det(AB) = det(A) det(B) = NL

K(α)NLK(β).

If α ∈ L is non-zero, then A is invertible, so that NLK(α) = det(A) 6= 0. If

α = 1, then A = idL so that NLK(1) = 1. This shows that NL

K : L∗ → K∗ is agroup homomorphism.Similarly, A+B corresponds to multiplication by α+ β, so

TrLK(α+ β) = Tr(A+B) = Tr(A) + Tr(B) = TrL

K(α) + TrLK(β).

If α = 0, then A = 0 so TrLK(0) = 0. Thus TrL

K : L → K is a group homomor-phism.

Theorem 15.6. Let L/K/k be finite field extensions. Then

NLk = NK

k ◦NLK and TrL

k = TrKk ◦ TrL

K .

A proof of this is outlined in the exercises, although we will provide a differentproof later on using Galois Theory in the special case when L/k is separable.

15.3 Norm and Trace Revisited

In this section we relate the minimal polynomial and the field equation of anelement α to its conjugates σ(α). This is often easier to work with than theoriginal definition.We begin with a useful observation, which generalises Theorem ?? (6). LetL/K be finite, with normal closure M/L. Let E denote the set of K-embeddingsL→M . We let Gal(M/K) act (on the left) on E via σ ·τ : L→M , x 7→ σ(τ(x)).Note that σ · id = σ|L.

Proposition 15.7. Gal(M/K) acts transitively on E, and the stabiliser of id ∈E equals Gal(M/L). In particular, the map Gal(M/K) → E, σ 7→ σ|L inducesa natural bijection between the cosets of Gal(M/L) in Gal(M/K) and E.

Proof. Let τ ∈ E . By Theorem ??, we can extend τ to σ ∈ Gal(M/K). Inparticular, σ · id = σ|L = τ , so Gal(M/K) acts transitively on E . Clearlyσ · id = id if and only if σ ∈ Gal(M/L), so by the Orbit-Stabiliser Theorem themap σ 7→ σ · id = σ|L induces a bijection between the cosets of Gal(M/L) inGal(M/K) and E as required.

88

We observe that the number |E| of distinct K-embeddings L → M equals theindex of Gal(M/L) in Gal(M/K). If L/K is separable, then M/K is Galois, so|E| = [L : K] by the Fundamental Theorem of Galois Theory. This proves thenext corollary.

Corollary 15.8. Let L/K be finite and separable, with normal closure M/L.Then there are precisely [L : K] distinct K-embeddings L→M .

[In fact, this has a converse: L/K is separable if and only if there are precisely[L : K] distinct K-emebddings L → M . This leads some authors define L/Kto be separable if there are [L : K] distinct K-embeddings L→M .]

Proposition 15.9. Let L/K be finite and separable, with normal closure M/L.Let σ1, . . . , σn be the distinct K-embeddings L→M . Then for α ∈ L we have

χLα/K =

(X − σ1(α)

)· · ·

(X − σn(α)

).

In particular,

NLK(α) =

∏j

σj(α) and TrLK(α) =

∑j

σj(α).

Proof. Let M/K be Galois, say with Galois group G := Gal(M/K). For anintermediate field L let σ1, . . . , σn be the distinct K-embeddings L → M . Weknow that n = [L : K] by Corollary 15.8. For α ∈ L define

fLα/K :=

n∏i=1

(X − σi(α)

).

We wish to show that fLα/K = χL

α/K for all L and all α ∈ L.We observe that

fMα/K =

∏σ∈G

(X − σ(α)

),

whereas by Artin’s Extension Theorem

fK(α)α/K = mα/K ,

since the distinct K-embeddings K(α) → M are in bijection with the roots ofmα/K .

For α ∈ L we can apply Proposition 15.7 to deduce that fMα/K =

(fL

α/K

)[M :L].For, the value of σ(α) depends only on the restriction σ|L. In particular, forL = K(α) we have fM

α/K =(mα/K

)[M :K(α)], so fMα/K = χM

α/K by Theorem 15.4.From this it follows that(

χLα/K

)[M :L] = χMα/K = fM

α/K =(fL

α/K

)[M :L].

Therefore χLα/K = fL

α/K by unique factorisation in L[X].

By definition, if χLα/K = Xn − a1X

n−1 + · · ·+ (−1)nan, then TrLK(α) = a1 and

NLK(α) = an.

89

Note that, by Proposition 15.7,∑

j σj(α) and∏

j σj(α) are fixed by Gal(M/K),so these elements really do lie in K. Also, we may write TrL

K =∑

j σj as a linearcombination of the characters σj .As promised, we can now prove transitivity of norm and trace for separableextensions.

Theorem 15.10. Let L/K/k be finite, separable extensions. Then for α ∈ Lwe have

NLk (α) = NK

k

(NL

K(α))

TrLk (α) = TrK

k

(TrL

K(α)).

Proof. Let M/L be the normal closure of L/K and consider the chain of sub-groups Gal(M/L) ≤ Gal(M/K) ≤ Gal(M/k). Let σj be coset representativesof Gal(M/L) in Gal(M/K), and let τi be coset representatives of Gal(M/K) inGal(M/k). Thus 1 ≤ i ≤ [K : k] and 1 ≤ j ≤ [L : K].We claim that the τiσj are coset representatives for Gal(M/L) in Gal(M/k).[This is actually quite general, applying to all finite groups.] For, supposeτiσj = τrσs. We know that σj Gal(M/L) ⊂ Gal(M/K). Since the τi Gal(M/K)are distinct inside Gal(M/k), we must therefore have i = r. Then since theσj Gal(M/L) are distinct in Gal(M/K), we must have j = s. Therefore theτiσj represent distinct cosets. Since there are [L : K][K : k] = [L : K] of them,we are done.Now, using Proposition 15.7, we can write

NKk

(NL

K(α))

=∏

i

τi( ∏

j

σj(α))

=∏i,j

τi(σj(α)

)=

∏i,j

(τiσj)(α) = NLk (α),

and similarly for Tr.

15.4 Infinite Galois Extensions

In general we call a field extension L/K Galois provided it is normal and separa-ble. Then Gal(L/K) is a profinite group, which we endow with the (Krull) topol-ogy. The Fundamental Theorem of Galois Theory then describes a inclusion-reversing bijection between the lattice of intermediate fields and the lattice ofclosed subgroups of Gal(L/K).

15.5 Theorems of Frobenius and Tchebotarev

Take f ∈ Z[X] be monic and irreducible of degree n and let G = Gal(f) be theGalois group of f over Q. As usual we can view G as a subgroup of Symn.Frobenius’s Theorem states that if p is a prime and f ∈ Fp[X] factorises as aproduct of irreducible polynomials of degrees d1, d2, . . . (with

∑i di = n), then

90

G contains an element of cycle type (d1, d2, . . .). This is proved using alge-braic number theory, and requires lifting the Frobenius homomorphism (whichnecessarily has this cycle type) to an element of the Galois group G.Much harder is Tchebotarev’s Theorem, which states that, given a set of num-bers d1, d2, . . . with

∑i di = n, the frequency with which these numbers occur

as the degrees of the irreducibles in the factorisation modulo p as we take alarger and larger number of primes p coincides with the proportion of elementsof G which have this cycle type.A special case is given by considering f = X2 − q for a prime number q. ThenG = Z/2Z, so half its elements have cycle type (2), and the other half have cycletype (1, 1).Now, modulo p, either f is irreducible, which is if and only if

(qp

)= −1, or

else f factorises as a product of two linear polynomials, which is if and only if(qp

)= 1.

Suppose for simplicity that q ≡ 1 mod 4. then by the Law of Quadratic Reci-procity we have

(qp

)=

(pq

). Then Tchebotarev’s Theorem reduces to the state-

ment that, as we take larger and larger numbers of primes, approximately halfof them are quadratic residues modulo q.Now, the weaker version of Dedekind’s Theorem on primes in arithmetical pro-gressions says that for each 1 ≤ a < q, there are infinitely many primes pcongruent to a modulo q. The stronger version of this theorem then states that,as we take larger and larger numbers of primes p, they are approximately evenlydistributed between the different residue classes, so that approximately 1/(q−1)primes are congruent modulo q to any give a (with gcd{a, q} = 1). Since thereare as many quadratic residues as there are non-residues, we finally obtain thisspecial case of Tchebotarev’s Theorem.The same ideas can be used to prove the result for a general quadratic extensionof Q, so taking f = X2 − d for an arbitrary non-square integer d.

91

Appendix A

Background

This is a summary of some background material about groups and rings.

A.1 Groups

A group is a set G together with a map G ×G → G, (a, b) 7→ a · b, called thegroup law, satisfying

associative a · (b · c) = (a · b) · c for all a, b, c ∈ G.unital there exists e ∈ G with e · a = a = a · e for all a ∈ G.

admits inverses for each a ∈ G there exists b ∈ G with a · b = e = b · a.The cardinality |G| is called the order of the group.We often write the group law as multiplication, so we write ab instead of a · b,1 for the unit, and a−1 for the inverse of a.A group is called abelian, or commutative, provided a·b = b·a for all a, b ∈ G.In this case we sometimes write the group law as addition, so we write a + binstead of a · b, 0 for the unit, and −a for the inverse of a.A subset H ⊂ G is a subgroup, denoted H ≤ G, provided it is

non-empty e ∈ H.closed under multiplication ab ∈ H for all a, b ∈ H.

closed under inverses a ∈ H implies a−1 ∈ H.It follows that the group law on G restricts to a group law on H, so that H isitself a group.Clearly G is a subgroup of itself; all other subgroups are called proper. Thesubset {e} is always a subgroup, called the trivial subgroup.Let H ≤ G be a subgroup. We define an equivalence relation on G by settinga ∼ b if a−1b ∈ H. The equivalence classes aH := {ah : h ∈ H} are called theleft cosets of H. The set of all left cosets is denoted (G : H); its cardinalityis denoted [G : H] and called the index of H in G. A complete set of coset

92

representatives is a subset S ⊂ G such that the cosets aH for a ∈ S aredistinct, and every coset is of this form.

Theorem A.1 (Lagrange). Let H ≤ G be a subgroup and let a ∈ G. Then themap H → aH, h 7→ ah is a bijection. It follows that [G : H] = |G|/|H|.

If H,H ′ ≤ G are subgroups, then so too is their intersection H ∩H ′. It followsthat there is a smallest subgroup of G containing any given subset A ⊂ G, calledthe subgroup generated by A and denoted 〈A〉; for we can define it to be theintersection of all subgroups of G containing A. In particular the subgroups ofG form a lattice with respect to inclusions.As a special case we have the subgroup 〈a〉 generated by a single element, calleda cyclic subgroup. The order of an element a ∈ G is the order of the subgroupit generates.If H ≤ G is a subgroup and a ∈ G, then aHa−1 = {aha−1 : h ∈ H} is again asubgroup of G, called a conjugate of H. We call a subgroup normal, denotedH CG, provided that it is equal to all of its conjugates; that is, aHa−1 = H forall a ∈ G, or equivalently aH = Ha for all a ∈ G.For a normal subgroup H C G we can define a group law on the set of cosets(G : H) via aH · bH := abH. The resulting group is denoted G/H and calledthe quotient group of G by H.A map f : G→ G′ between groups is called a group homomorphism providedthat itrespects the multiplication f(ab) = f(a)f(b) for all a, b ∈ G.

preserves the unit f(1) = 1.The image Im(f) := {f(a) ∈ G′ : a ∈ G} of f is a subgroup of G′; con-versely, if H ≤ G is a subgroup, then the inclusion map ι : H ↪→ G is a grouphomomorphism.The kernel Ker(f) := {a ∈ G : f(a) = 1} of f is a normal subgroup of G;conversely, if N CG is normal, then the canonical map π : G � G/N is a grouphomomorphism.If g : G′ → G′′ is another group homomorphism, then the composition gf : G→G′′ is again a group homomorphism. We say that f is an isomorphism providedthat there exists a group homomorphism g : G′ → G such that gf = idG andfg = idG′ .

Lemma A.2. Let f : G→ G′ be a group homomorphism. Then

1. f is injective if and only if Ker(f) is trivial.

2. f is an isomorphism if and only if it is bijective.

Lemma A.3 (Factor Lemma). Let N C G be a normal subgroup. Then theset of group homomorphisms G/N → G′ is in bijection with the set of grouphomomorphisms f : G→ G′ with N ⊂ Ker(f).

93

Theorem A.4 (Isomorphism Theorems). 1. Let f : G → G′ be a group ho-momorphism. Then f induces an isomorphism G/Ker(f) ∼−→ Im(f).

2. Let H ≤ G be a subgroup, and N C G a normal subgroup. Then HN :={hn : h ∈ H,n ∈ N} is a subgroup of G. Moreover, NCHN and H∩NCHare normal subgroups, and there is an isomorphism H/H ∩N ∼−→ HN/N .

3. Let M,N CG be normal subgroups with M ⊂ N . Then N/M CG/M is anormal subgroup, and there is an isomorphism (G/M)/(N/M) ∼−→ G/N .

Group Actions

Given a set X we can consider the set SymX of all bijections σ : X → X. ThenSymX is a group under composition. If X = {1, . . . , n} we usually write Symn

and call this the symmetric group.A k-cycle in Symn is a permutation of the form σ = (a1 a2 · · · ak), denotingthe function

ai 7→ ai+1 for 1 ≤ i < k, ak 7→ a1, all other elements fixed.

A 2-cycle is also called a transposition. There is a group homomorphismsgn: Symn → {±1}, called the sign map, sending each k-cycle to (−1)k−1.The kernel Altn of the sign map is called the alternating group.We say that a group G acts on X if there exists a group homomorphism f : G→SymX . Equivalently, we can regard this as a map G × X → X, (a, x) 7→ axwhich is

associative a(bx) = (ab)x for all a, b ∈ G and x ∈ X.unital 1x = x for all x ∈ X.

It is clear that G acts on itself by left multiplication, (a, b) 7→ ab. We also havethat G acts on itself by conjugation, (a, b) 7→ aba−1. If H ≤ G is a subgroup,then G acts on the set of cosets (G : H) by (a, bH) 7→ abH.The orbit of x ∈ X is the subset Orb(x) := {ax : a ∈ G} of X. The stabiliserof x is the subgroup Stab(x) := {a ∈ G : ax = x} of G. We observe thatStab(ax) = aStab(x)a−1, which is a conjugate of the subgroup Stab(x).We have the following theorem, generalising Lagrange’s Theorem in the case ofthe action of G on the set of cosets (G : H).

Theorem A.5 (Orbit-Stabiliser). Let a group G act on a set X, and let x ∈ X.Then the map G→ X, a 7→ ax induces a bijection (G : Stab(x)) ∼−→ Orb(x). Itfollows that |Orb(x)||Stab(x)| = |G|.

We say that an action of G on X is faithful if the group homomorphism G→SymX is injective, which is the same as saying that if ax = x for all x ∈ X,then a = 1. We say that the action is transitive provided that for all x, y ∈ Xthere exists a ∈ G with ax = y.

94

Examples

1. The integers form an abelian group under addition. This is cyclic, gen-erated by either 1 or −1. For each n ∈ Z we have the cyclic subgroup〈n〉 = nZ = {· · · ,−n, 0, n, 2n, · · · }. The factor group Z/nZ has cosetrepresentatives 0, 1, . . . , n− 1.

2. The non-zero complex numbers form an abelian group under multipli-cation. For each n we have the cyclic subgroup µn := 〈exp(2πi/n)〉 ={exp(2πik/n) : k ∈ Z}.

3. There is a group homomorphism Z → µn, k 7→ exp(2πki/n). This isonto with kernel nZ, so induces an isomorphism Z/nZ ∼−→ µn. Notethat the group law on the left is written additively, whereas it is writtenmultiplicatively on the right.

4. The symmetric group Symn is generated by all transpositions. The alter-nating group Altn is generated by all 3-cycles.

5. The set of symmetries of a geometric figure is a group with respect tocomposition, and the subset of all rotations is a normal subgroup. Thisfits nicely with the idea that conjugation can be thought of as a change ofpoint of view.

A.2 Rings

An (associative, unital) ring is a set R together with two operations R×R→ R,(a, b) 7→ a+ b (addition) and (a, b) 7→ ab (multiplication), satisfying

addition R is an abelian group under addition.multiplication the multiplication is associative and unital.distributivity a(b+ c) = ab+ ac, (a+ b)c = ac+ bc for all a, b, c ∈ R.

A ring is called commutative provided that the multiplication is commutative.From now on we will only consider commutative rings, and so shall simply callthem rings. A ring R is called trivial if 1 = 0, in which case R = {0}.A subset S ⊂ R is a subring, denoted S ≤ R, provided that it

additive subgroup a+ b,−a ∈ S for all a, b ∈ S.contains the unit 1 ∈ S.

closed under multiplication ab ∈ S for all a, b ∈ S.It follows that the ring structure on R restricts to a ring structure on S.If S, S′ ≤ R are subrings, then so too is their intersection S ∩ S′. It followsthat there is a smallest subring of R containing any given subset A ⊂ G, calledthe subring generated by A and denoted 〈A〉; for we can define it to be theintersection of all subrings of R containing A. In particular the subrings of Rform a lattice with respect to inclusions.The prime subring of R is the smallest subring of R.

95

A subset I ⊂ R is an ideal, denoted I CR, provided that itadditive subgroup a+ b,−a ∈ I for all a, b ∈ I.

closed under multiplication by R ab ∈ I for all a ∈ R and b ∈ I.Clearly R is an ideal of itself; all other ideals are called proper. The subset{0} is an ideal, called the trivial ideal, or zero ideal.If I, I ′ ≤ R are ideals, then so too is their intersection I ∩ I ′. It follows thatthere is a smallest ideal of R containing any given subset A ⊂ G, called the idealgenerated by A and denoted (A); for we can define it to be the intersectionof all ideals of R containing A. In particular the ideals of R form a lattice withrespect to inclusions.As a special case we have the ideal (a) generated by a single element, called aprincipal ideal.Let ICR be an ideal. Then I is an additive subgroup, hence normal, so we canform the quotient R/I as an additive group. We may now define a multiplicationon R/I by (a+I) ·(b+I) := ab+I, making R/I into a ring, called the quotientring of R by I.A map f : R→ R′ between two rings is called a ring homomorphism providedthat it

respects the addition f(a+ b) = f(a) + f(b) for all a, b ∈ R.respects the multiplication f(ab) = f(a)f(b) for all a, b ∈ R.preserves the zero and unit f(0) = 0 and f(1) = 1.

In particular, f is an additive group homomorphism.The image Im(f) := {f(a) ∈ R′ : a ∈ R} of f is a subring of R′; conversely, ifS ≤ R is a subring, then the inclusion map ι : S ↪→ R is a ring homomorphism.The kernel Ker(f) := {a ∈ R : f(a) = 0} of f is an ideal of R; conversely, ifICR is an ideal, then the canonical map π : R � R/I is a ring homomorphism.If g : R′ → R′′ is another ring homomorphism, then the composition gf : R →R′′ is again a ring homomorphism. We say that f is an isomorphism providedthat there exists a ring homomorphism g : R′ → R such that gf = idR andfg = idR′ .

Lemma A.6. Let f : R→ R′ be a group homomorphism. Then

1. f is injective if and only if Ker(f) is trivial.

2. f is an isomorphism if and only if it is bijective.

Lemma A.7 (Factor Lemma). Let I C R be an ideal. Then the set of ringhomomorphisms R/I → R′ is in bijection with the set of ring homomorphismsf : R→ R′ with I ⊂ Ker(f).

Theorem A.8 (Isomorphism Theorems). 1. Let f : R → R′ be a ring ho-momorphism. Then f induces an isomorphism R/Ker(f) ∼−→ Im(f).

2. Let S ≤ R be a subgroup, and I CR an ideal. Then S + I := {a+ b : a ∈S, b ∈ I} is a subring of R. Moreover, I C S + I and S ∩ I C S are ideals,and there is an isomorphism S/S ∩ I ∼−→ (S + I)/I.

96

3. Let I, J CR be ideals with I ⊂ J . Then J/I CR/I is an ideal, and thereis an isomorphism (R/I)/(J/I) ∼−→ R/J .

Principal Ideal Domains

We write R× := {a ∈ R : ∃b ∈ R with ab = 1} for the set of units of a ring R.Note that R× is an abelian group under multiplication. We call two elements aand b associates if they differ by a unit, so a = ub for some unit u. Equivalently(a) = (b) as ideals.A field is a non-trivial ring K such that every non-zero element is a unit, soK× = K \ {0}. More generally, an integral domain is a non-trivial ring Rwith no zero-divisors, i.e. ab = 0 implies a = 0 or b = 0. Equivalently, R hascancellation, so that if ax = bx for some x 6= 0, then a = b.If R is an integral domain, then we can form the field of fractions Quot(R) of Rin exactly the same way that the field of rational numbers Q is constructed fromthe ring of integers Z. We first define an equivalence relation on R × (R \ {0})by (a, b) ∼ (c, d) if ad = bc. The equivalence class of (a, b) is denoted by a/b.We can now define a ring structure of the set Quot(R) of all equivalence classesby

a

b+c

d:=

ad+ bc

bdadn

a

b· cd

:=ac

bd.

We identify R with the subring {a/1 : a ∈ R} of Quot(R).The field of fractions satisfies the following universal property: if R is an integraldomain, K a field, and f : R→ K a ring homomorphism, then there is a uniquefield homomorphism f : Quot(R) → K extending f ; that is, f(a/1) = f(a) forall a ∈ R.We say that an ideal I CR ismaximal if I is proper, and I ⊂ J CR implies J = I or J = R.

prime if xy ∈ I implies x ∈ I or y ∈ I.

Proposition A.9. Let R be a ring and I CR an ideal of R. Then

1. R/I is a field if and only if I is maximal. Equivalently R is a field if andonly if (0) and R are the only ideals of R.

2. R/I is an integral domain if and only if I is prime. Equivalently R is anintegral domain if and only if (0) is prime.

3. I maximal implies I prime. Equivalently, if R is a field, then it is anintegral domain.

In particular, if f : K → R is a ring homomorphism from a field K to a non-trivial ring R, then f is injective.A principal ideal domain is an integral domain R for which every ideal isprincipal, so of the form (a) for some a ∈ R.

97

Proposition A.10. The ring of integers Z is a principal ideal domain. In fact,the ideal generated by two integers a and b equals the ideal generated by theirgreatest common divisor d.

Proof. Let I C Z be a non-zero ideal, and let a > 0 be minimal such that b ∈ I.Let b ∈ I. By the Euclidean Algorithm, there exist integers q, r with a > r ≥ 0such that b = qa + r. Now, r = b − qa ∈ I, so the minimality of a gives r = 0and b = qa. Thus I = (a).

Let R be a non-trivial ring. Then there exists a unique ring homomorphismf : Z → R. We define the characteristic of R to be char(R) := n whereKer(f) = (n) and n ≥ 0.By an analogous argument using the division algorithm, one can show that thepolynomial ring K[X] is also a principal ideal domain.We say that an element a ∈ R divides b, written a|b, if there exists x ∈ R suchthat b = ax. Equivalently, b ∈ (a), or (b) ⊂ (a). Note that 1 divides every otherelement, and each element divides 0.If R is an integral domain, then a|b and b|a if and only if there exists a unitu ∈ R× such that b = au. For, there exist u, v ∈ R such that b = au anda = bv. If b = 0 then a = 0. Otherwise, since b = buv, we have uv = 1, so thatu, v ∈ R× are units.Let R be an integral domain and a ∈ R non-zero and not a unit. We call a

prime if a|xy implies a|x or a|y.irreducible if a = xy implies x is a unit or y is a unit.

Proposition A.11. Let R be an integral domain and a ∈ R non-zero and nota unit.

1. a is prime if and only if (a) is a prime ideal.

2. a prime implies a irreducible. The converse holds if R is a principal idealdomain, in which case (a) is a maximal ideal.

Proof. 1. Let a be prime and suppose that xy ∈ (a). Then a|xy, whence a|xor a|y. In other words, x ∈ (a) or y ∈ (a), so that (a) is a prime ideal. Theconverse is similar.2. Let a be prime and suppose that a = xy. Without loss of generality a|x, sothat x = ab for some b. Now a = xy = aby, so by = 1 and y is a unit. Thus a isirreducible.Now suppose that R is a principal ideal domain and let a be irreducible. Supposethat (a) ⊂ (x). Then a = xy for some y, and since a is irreducible, either x is aunit, in which case (x) = R, or else y is a unit, in which case (a) = (x). Hence(a) is a maximal ideal.

98

Unique Factorisation Domains

An integral domain R is called a unique factorisation domain if every ele-ment can be written uniquely as a product of irreducibles

existence each a ∈ R which is non-zero and not a unit can be writtenas a product of irreducibles a = x1 · · ·xm.

uniqueness if a = x1 · · ·xm and a = y1 · · · yn with each xi and yj irre-ducible, then m = n and (after re-ordering) xi and yi areassociates (so yi = uixi for some unit ui ∈ R×).

Clearly if R is a unique factorisation domain, then every irreducible element isprime. For, if a is irreducible and xy ∈ (a), then xy = ab for some b. Since ais irreducible and factorisations are unique, a must occur in the factorisation ofeither x or y, whence x ∈ (a) or y ∈ (a).One important result is that if R is a unique factorisation domain, then so toois the ring of polynomials R[X]. To see this we first prove the special case whenR is a field; in fact, we show that every principal ideal domain. The generalcase then follows from Gauss’s Lemma.

Theorem A.12. Every principal ideal domain is a unique factorisation do-main.1

Proof. Let R be a principal ideal domain. We first show that every increasingsequence of ideals stabilises (so that R is Noetherian).Suppose we have an increasing sequence of ideals I1 ⊂ I2 ⊂ · · · . Then the unionI :=

⋃i Ii is again an ideal, and since R is a principal ideal domain we can write

Ii = (ai) and I = (a). Now, a ∈⋃

i Ii, so a ∈ Ii for some i. Therefore I ⊂ Ii, soI = Ii, and hence I = In for all n ≥ i.Now take a1 ∈ R non-zero and not a unit, and suppose for contradiction thata1 cannot be written as a product of irreducibles. Then a1 is not irreducible, sowe can write a1 = a2a

′2 with neither a2 nor a′2 a unit. If both a2 and a′2 can be

expressed as a product of irreducibles, then the same would be true of a1, so wemay assume that a2 cannot be written as a product of irreducibles. Repeatingthe argument yields an increasing sequence of ideals (a1) ⊂ (a2) ⊂ · · · . Also,by construction, (ai−1) 6= (ai), since ai−1 = aia

′i and a′i is not a unit. Therefore

this sequence of ideals does not stabilise, contradicting the above result.To see that this expression is unique, let a = x1 · · ·xm = y1 · · · yn with each xi

and yj irreducible. Since (x1) is a prime ideal (in fact maximal), R/(x1) is anintegral domain (in fact a field) and y1 · · · yn = a = 0 in R/(x1). Thus, afterre-ordering, y1 = 0. Hence y1 ∈ (x1), say y1 = u1x1. Since both x1 and y1 areirreducible, u1 must be a unit. Therefore (x1) = (y1) and x2 · · ·xm = u1y2 · · · yn.Since y′2 := u1y2 is irreducible and (y′2) = (y2), the result follows by inductionon m+ n.

1 In fact, if R is a Noetherian integral domain, then R is a unique factorisation domain ifand only if all irreducible elements are prime. The proof is the same, but using the Noetherianproperty to deduce that the ascending chain of ideals stabilises.

99

For the remainder of this section, R will denote a unique factorisation domainand K its field of fractions.

Lemma A.13. Any two elements in R have a greatest common divisor,and this is unique up to associates.

Proof. Given a and b, write ab = uxm11 · · ·xmn

n for some unit u and pairwisenon-associate irreducible elements xi (so (xi) 6= (xj) for i 6= j). We can nowwrite a = u′xr1

1 · · ·xrnn and b = u′′xs1

1 · · ·xsnn for some units u′, u′′. Note that

mi = ri + si. Set gcd(a, b) := xl11 · · ·xln

n , where li := min(ri, si).Clearly gcd(a, b) divides both a and b, and any other element which divides botha and b must divide gcd(a, b) by unique factorisation.

Given a non-zero polynomial f = anXn+ · · ·+a0 ∈ R[X], we define its content

cont(f) to be the greatest common divisor of the coefficients ai. We call fprimitive if cont(f) is a unit. Note that, if 0 6= d ∈ R, then cont(df) =d · cont(f).More generally, let f ∈ K[X] be non-zero. By clearing denominators, there ex-ists 0 6= d ∈ R such that df ∈ R[X]. We therefore define cont(f) := cont(df)/d ∈K. To see that this is well-defined let 0 6= d′ ∈ R also satisfy d′f ∈ R[X]. Then

d′ · cont(df) = cont(dd′f) = d · cont(d′f),

so that cont(df)/d = cont(d′f)/d′. It follows as before that if d ∈ K× andf ∈ K[X], then cont(df) = d · cont(f).

Lemma A.14. Let f, g ∈ K[X] be non-zero.

1. f/cont(f) ∈ R[X] and is primitive. Conversely, if c ∈ K× is such thatf/c ∈ R[X] is primitive, then c = cont(f) (up to a unit of R).

2. cont(f) ∈ R if and only if f ∈ R[X].

3. cont(fg) = cont(f)cont(g).

Proof. 1. Suppose first that f ∈ R[X] and has coefficients ai. Since cont(f) =gcd(ai) we know that ai/cont(f) ∈ R and that these elements are coprime. Thusf/cont(f) ∈ R[X] is primitive.Now let f ∈ K[X]. Taking 0 6= d ∈ R such that df ∈ R[X] we see thatf/cont(f) = df/cont(df) ∈ R[X] is primitive.Finally, let c ∈ K× be such that f/c ∈ R[X] is primitive. Then 1 = cont(f/c) =cont(f)/c, so that c = cont(f).2. By (1) we can write f = cont(f)f ′ for some f ′ ∈ R[X] primitive, so cont(f) ∈R implies f ∈ R[X]. The converse is immediate.3. Set c := cont(f) and d := cont(g). By (1) we can write f = cf ′ and g = dg′

for some f ′, g′ ∈ R[X] primitive. Then fg = cdf ′g′ and f ′g′ ∈ R[X], so if wecan show that f ′g′ is primitive, then cont(fg) = cd as required.

100

Let p ∈ R be prime and consider the quotient ring (R/(p))[X]. Since R/(p) isan integral domain, so too is (R/(p))[X]. Since f ′ and g′ are primitive, we knowthat p does not divide every coefficient of f ′ or g′, so f ′ and g′ are non-zero in(R/(p))[X]. Thus f ′g′ = f ′ · g′ is non-zero, so p does not divide cont(f ′g′).It follows that cont(f ′g′) is not divisible by any irreducible element of R, henceis a unit, and f ′g′ is primitive.

Lemma A.15 (Gauss’s Lemma). If f ∈ R[X] is irreducible over R, then it isirreducible over K. The converse holds when f is primitive.

Proof. We prove the contrapositive. Suppose f = gh ∈ K[X]. Since cont(f) =cont(g)cont(h) we can factorise f over R as

f = cont(f) · (g/cont(g)) · (h/cont(h)).

Conversely let f ∈ R[X] be primitive and suppose that f is irreducible over K.Let f = gh be a factorisation over R. Since f is irreducible over K we mayassume without loss of generality that g is a unit in K[X], so deg(g) = 0 andhence g ∈ R. Therefore g divides cont(f), which is a unit since f is primitive.Hence g is a unit, so f is irreducible over R.

Theorem A.16. The polynomial ring R[X] is again a unique factorisationdomain. The units of R[X] are the units of R. The irreducible elements ofR[X] are the irreducible elements of R together with the primitive irreduciblepolynomials.

Proof. Since R is an integral domain, we can consider leading terms of poly-nomials to deduce that R[X] is also an integral domain and that the units ofR[X] are just the units of R. Also, by considering degrees, we see that eachirreducible in R remains irreducible in R[X].Let f ∈ R[X] be non-constant. Since K[X] is a principal ideal domain, itis a unique factorisation domain, so we can write f = g1 · · · gr with each gi

irreducible in K[X]. Set ci := cont(gi), c := c1 · · · cr and fi := gi/ci, so fi ∈R[X] is a primitive irreducible polynomial by Gauss’s Lemma and f = cf1 · · · fr.Then c = cont(f) ∈ R, so can be written as a product of irreducibles in R. Thuseach polynomial can be written as a product of irreducible elements.To see that this expression is unique, suppose that f = cg1 · · · gr and f =dh1 · · ·hs with c, d ∈ R and gi, hj ∈ R[X] primitive irreducible polynomials.Then gi, hj ∈ K[X] are irreducible by Gauss’s Lemma, so using that K[X]is a unique factorisation domain we deduce that, after reordering, r = s andhi = uigi for some ui ∈ K×. Then ui = cont(hi) ∈ R×, so gi and hi areassociates. Finally, setting u := u1 · · ·ur ∈ R× gives that c = ud ∈ R, so c andd are associates. Since R is a unique factorisation domain, we are done.

We finish with some methods to investigate the irreducibility of polynomials inR[X] for a unique factorisation domain R.

101

Theorem A.17 (Eisenstein’s Criterion). Let f = a0Xd + · · ·+ ad−1X + ad ∈

R[X] be primitive. Suppose that there exists a prime p ∈ R such that p|ai for1 ≤ i ≤ d, but p - a0 and p2 - ad. Then f is irreducible.

Proof. Since p is prime we know that R/(p) is an integral domain. Let F be itsfield of fractions.Suppose that f = gh for some non-constant polynomials g, h ∈ R[X]. Writeg = b0X

r + · · · + br and h = c0Xs + · · · + cs, so that d = r + s, a0 = b0c0,

ad = brcs and r, s ≥ 1. Consider gh = f = a0Xd ∈ (R/(p))[X]. Since F [X] is

a unique factorisation domain we must have that g = b0Xr and h = c0X

s inF [X], so also in (R/(p))[X]. In particular, p divides bi for all 1 ≤ i ≤ r and cjfor all 1 ≤ j ≤ s. Thus p2 divides brcs = ad, a contradiction.

Theorem A.18 (Rational Root Test). Let f = a0Xd + · · · + ad ∈ R[X] and

suppose that α ∈ K is a root of f . Write α = p/q with p, q ∈ R coprime. Thenq|a0 and p|ad.

Proof. We have the equality

0 = qdf(p/q) = a0pd + a1p

d−1q + · · ·+ ad−1pqd−1 + adq

d.

Thus p divides adqd and q divides a0p

d. Since gcd(p, q) = 1 we conclude thatp|ad and q|a0.

This theorem is often used in the following form.

Corollary A.19. Let f = Xn + an−1Xn−1 + · · · + a0 ∈ R[X] be a monic

polynomial. Then any root α ∈ K of f actually lies in R and is a divisor of a0.

Examples

1. C × C with component-wise addition and multiplication is a ring, withzero (0, 0) and unit (1, 1), but is not an integral domain. Why not?

2. If R is a ring, then we can form the polynomial ring R[X]. Its elementsare the polynomials f(X) = a0X

n + a1Xn−1 + · · · + a0 with coefficients

ai ∈ R, on which we have the usual addition and multiplication. We writedeg(f) = max{n : an 6= 0} if f 6= 0, and set deg(0) := −∞.

If R is an integral domain, then so too is R[X]. Moreover the units ofR[X] are just the units of R.

If ICR, then there is a surjective ring homomorphism R[X]→ (R/I)[X],aXn 7→ aXn. This has kernel I[X], the set of polynomials, all of whosecoefficients lie in I, so giving a ring isomorphism R[X]/I[X] ∼= (R/I)[X].

3. More generally, if {Xi} is a (possibly infinite) set of indeterminates, thenR[{Xi}] is a ring whose elements are finite R-linear combinations of mono-mials, where each monomial is a finite product of powers of the Xi.

102

4. Z, Z[X] and Z[X,Y ] are all unique factorisation domains, but only Z is aprincipal ideal domain. For example, (2, X) C Z[X] is not principal.

If K is a field, then K, K[X] and K[X,Y ] are all unique factorisationdomains, but only K and K[X] are principal ideal domains. For example,(X,Y ) CK[X,Y ] is not principal.

5. Z[√−2] = {a + b

√−2 : a, b ∈ Z} is a principal ideal domain, in fact a

Euclidean domain (there is a version of the Euclidean Algorithm). Theonly units are ±1.

With a little bit more theory one can describe the primes in Z[√−2]. If

p ∈ Z is an odd prime, then either p ≡ 1, 3 mod 8, in which case p is primein Z[

√−2], or else p ≡ 5, 7 mod 8, in which case we can solve a2 +2b2 = p

and a+ b√−2 is prime. The only other prime element is

√−2 itself.

Z[√−5] is not a unique factorisation domain, since 1 +

√−5 is irreducible

but not prime. Can you prove this?

103

Appendix B

Zorn’s Lemma

This chapter is non-examinable.A partially ordered set, or poset, (S,≤) is a set with a relation ≤ satisfying

Reflexivity a ≤ a for all a.Antisymmetry a ≤ b and b ≤ a imply a = b.

Transitivity a ≤ b and b ≤ c imply a ≤ c.

The poset (S,≤) is totally ordered if, for all a, b ∈ S, either a ≤ b or b ≤ a.A maximal element of S is an element a ∈ S such that if a ≤ b, then a = b.If (S,≤) is a poset, then a chain in S is a non-empty subset which is totallyordered by ≤. If C ⊂ S is a subset, then an upper bound for C is an elementa ∈ S such that c ≤ a for all c ∈ C.Zorn’s Lemma. Let (S,≤) be a non-empty poset in which every chain has anupper bound. Then S has a maximal element.Zorn’s Lemma is logically equivalent in Zermelo-Fraenkel Set Theory to theAxiom of Choice, which says that if Si are sets, then the product

∏i Si is

non-empty. In other words, we can make an infinite number of arbitrary choices.We often use Zorn’s Lemma when proving statements for infinte sets when wewould have used induction for finite sets.Typical examples are the following three results, the first of which uses theAxiom of Choice; the latter two, Zorn’s Lemma.

Theorem B.1. Every surjective map between sets has a right inverse.

Proof. Let f : X → Y be a surjective map between two sets. A right inverse gof f is a map g : Y → X such that fg = idY . Therefore, to construct g, we needto choose an element in the fibre f−1(y) ⊂ X for each element y ∈ Y . Thus,if Y is infinite, we need to make an infinite number of arbitrary choices, hencerequire the Axiom of Choice.

104

Theorem B.2. Every vector space has a basis.

Proof. Let S be the collection of linearly independent subsets of a non-zerovector space V over a field K. This is non-empty, since each non-zero vectoris linearly independent. We endow S with the partial order ⊂ coming frominclusion.Let C = {Bi} be a chain in S. Then C has an upper bound, namely the unionB =

⋃iBi. For, consider a finite linear relation

∑j λjbj = 0 with λj ∈ K and

bj ∈ B. Since there are only finitely many bj in this relation, they all lie insome Bi, so are linearly independent. Thus λj = 0 for all j and B is linearlyindependent.Zorn’s Lemma implies that S has a maximal element B. We claim that B is aspanning set for V , and thus a basis. For, if not, then there exists some v ∈ Vwhich cannot be written as a finite linear combination of elements of B. ThusB∪{v} is a linearly independent set, which contradicts the maximality of B.

Theorem B.3. Every proper ideal of a ring is contained in a maximal ideal.

Proof. Let R be a ring. Let S be the set of proper ideals of R, ordered byinclusion ⊂. This is non-empty, since (0) C R. Let C = {Ii} be a chain in S.Then I =

⋃i Ii is an upper bound for C. We need to check that I is a proper

ideal. It is an ideal, since if x, y ∈ I, then x, y ∈ Ii for some i. Hence x + yand rx for r ∈ R are both contained in Ii ⊂ I. To see that I is proper, supposeotherwise. Then we can write 1 =

∑j rjxj as a finite linear combination with

rj ∈ R and xj ∈ I. Since there are only finitely many xj in this relation, theyall lie in some Ii. Hence 1 ∈ Ii, a contradiction since Ii was assumed to beproper. Hence I CR is proper.Zorn’s Lemma implies that S has a maximal element I, which is necessarily amaximal ideal.

One should remark that, although generally assumed to hold, Zorn’s Lemma,or equivalently the Axiom of Choice, also yield several ‘paradoxes’, for examplethe Banach-Tarski Paradox.For some nice quotations on the Axiom of Choice, visit here.

105