Math 806Notes on Galois Theory

Mark Reeder ∗

April 12, 2012

Contents

1 Basic ring theory 3

1.1 Some applications of Zorn’s lemma . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

1.2 Polynomial Rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

1.3 Polynomials over Q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2 Finite fields 11

3 Extensions of rings and fields 14

3.1 Symmetric polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

3.2 Integral ring extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

3.3 Prime ideals in Z[x]: elementary classification . . . . . . . . . . . . . . . . . . . . . . 19

3.4 The spectrum of a commutative ring . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.4.1 Spec(Z[x]) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3.5 Algebraic field extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3.5.1 The ring of algebraic integers and the field of algebraic numbers . . . . . . . . 24

3.6 Field extensions of finite degree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

∗Thanks to Beth Romano for careful reading and corrections

1

3.6.1 Some abelian numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

3.6.2 Constructible numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

3.7 Splitting fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

3.8 Automorphisms and Galois Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . 33

3.8.1 Field automorphisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

3.8.2 Automorphisms of finite extensions . . . . . . . . . . . . . . . . . . . . . . . 33

3.8.3 Galois extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

3.8.4 The Galois correspondence . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

3.9 The Galois group of a polynomial . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

3.9.1 Imprimitive group actions and Galois groups . . . . . . . . . . . . . . . . . . 39

3.9.2 The Primitive Element Theorem . . . . . . . . . . . . . . . . . . . . . . . . . 40

3.9.3 Galois’ view of Galois groups . . . . . . . . . . . . . . . . . . . . . . . . . . 41

4 Computing Galois groups of polynomials 43

4.1 Transitive subgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

4.2 Invariant Theory and Resolvents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

4.2.1 The discriminant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

4.2.2 Cubic Polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

4.2.3 Quartic Polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

4.2.4 Constructible numbers revisited . . . . . . . . . . . . . . . . . . . . . . . . . 54

5 Galois groups and prime ideals 54

5.1 The ring of integers in a number field . . . . . . . . . . . . . . . . . . . . . . . . . . 54

5.2 Decomposition and inertia groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

5.3 Frobenius classes in the Galois group of a polynomial . . . . . . . . . . . . . . . . . . 59

6 Cyclotomic extensions and abelian numbers 61

6.1 Gauss and Cyclotomy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

2

6.2 The Kronecker-Weber theorem and abelian numbers . . . . . . . . . . . . . . . . . . 66

1 Basic ring theory

A ring is a set R together with two functions +, · : G×G→ G, satisfying the following three axioms:

R1 (R,+) is an abelian group with zero element 0R.

R2 (R, ·) is associative with unit element 1R satisfying r · 1R = 1R · r = r for all r ∈ R.

G3 The distributive law holds: (a+ b) · c = (a · c) + (b · c) and a · (b+ c) = (a · b) + (a · c) for alla, b, c ∈ R.

We usually write ab = a · b, 0 = 0R and 1 = 1R. There is no assumption that 1R 6= 0R. But if 1R = 0Rthen R = {0R}.

A unit in R is an element u ∈ R having a multiplicative inverse: u · u−1 = u−1 · u = 1R. The set R×

of units in R forms a group under ·.

A subring is a subset S ⊂ R containing 0R, 1R and closed under both operations +, ·, such that (S,+)is a subgroup of (R,+).

A ring homomorphism f : R → R′ is a function from one ring R to another ring R′ such thatf(a+ b) = f(a) + f(b) and f(ab) = f(a)f(b) for all a, b ∈ R and f(1R) = 1R′ . The image f(R) is asubring of R′. Every ring R admits the canonical homomorphism

ε : Z −→ R,

such that ε(n) = n1R, which is the sum of 1R with itself n-times.

IfR, S are two rings then the direct productR×S has a ring structure with operations (r, s)+(r′, s′) =(r + r′, s + s′) and (r, s) · (r′, s′) = (r · r′, s · s′). The zero element is 0R×S = (0R, 0S) and the unitelement is 1R×S = (1R, 1S). The projection maps from R× S to R and S are ring homomorphisms.

A ring R is commutative if ab = ba for all a, b ∈ R. All of our rings will be commutative unlessotherwise noted.

A commutative ring R is an integral domain if the cancellation law holds: If ab = ac then b = c forall a, b, c,∈ R.

An ideal in the commutative ring R is a subset I ⊂ R that is closed under addition from within andmultiplication from outside, that is, a+ b ∈ I for all a, b ∈ I , and ra ∈ I for all r ∈ R and a ∈ I . Thesets {0} andR are ideals. The latter is sometimes called the unit ideal because an ideal I = R preciselywhen I contains a unit of R. The kernel ker f = {r ∈ R : f(r) = 0R′} of a ring homomorphismf : R→ R′ is an ideal.

3

If I, J are two ideals in R then the intersection I ∩ J , the sum I + J = {a + b : a ∈ I, b ∈ J} andproduct IJ consisting of all finite sums

∑i aibi with ai ∈ I and bi ∈ J are ideals in R such that

IJ ⊂ I ∩ J ⊂ I + J.

The ideal I + J is the smallest ideal containing both I and J and is called the ideal generated by Iand J . If I + J = R then IJ = I ∩ J .

An ideal I is principal if I = Ra = {ra : r ∈ R} for some a ∈ I . We often write (a) = Ra. Moregenerally, the ideal generated by elements a1, . . . , an of R is the ideal

(a1, . . . , an) = Ra1 + · · ·+Ran = {n∑i=1

riai : ri ∈ R ∀i}.

If R is an integral domain and a, b are two nonzero elements of R then (a) = (b) if and only if b = uafor some unit u ∈ R×. If R = Z, then every ideal is principal; we have I = (n) where ±n are theelements of I with smallest positive absolute value.

For any ideal I ⊂ R we can form the quotient ring

R/I = {r + I : r ∈ R}

whose elements are cosets r+ I; we have r+ I = r′+ I exactly when r− r′ ∈ I . The ring operationson R/I are given by (r+I)+(r′+I) = (r+r′)+I and (r+I)(r′+I) = rr′+I . The zero element is0R/I = 0 + I , and the unit element is 1R/I = 1 + I . The operations are well-defined precisely becauseI is an ideal. Any ring homomorphism f : R→ R′ with I ⊂ ker f induces a quotient homomorphismf : R/I → R such that f(r)+I = f(r). If I = ker f then f induces an isomorphism f : R/I

∼→ f(R).The ideals in R/I are of the form J/I = {j + I : j ∈ J} where J is an ideal of R containing I .

A field is a commutative ring F such that F× := F−{0} is a group under the operation ·. In particular,F× is nonempty, so 1F 6= 0F . A subfield F ′ ⊂ F is a subring which is also a field.

Lemma 1.1 A commutative ring R 6= {0} is a field if and only if R has no ideals other than {0} andR.

Proof: If R is a field then every nonzero ideal I ⊂ R contains a unit, hence I = R. Conversely,assume {0} and R are the only ideals in R. Let a ∈ R be any nonzero element. Then the principalideal (a) is nonzero, so must be R. Hence 1 ∈ (a). This means there is b ∈ R such that 1 = ba. Hencea is a unit. �

A field homomorphism is a ring homomorphism f : F → F ′ between two fields F, F ′. Sincef(1F ) = 1F ′ 6= 0F ′ we cannot have ker f = F . From Lemma 1.1 we have

Corollary 1.2 Every field homomorphism is injective.

4

There are two kinds of fields. Let F be a field and consider the canonical homomorphism ε : Z → F ,sending n 7→ n · 1R, is an ideal in Z. If ker ε = {0} then ε extends to a field homomorphism ε : Q −→F , sending r/s (in lowest terms) to (r · 1F )(s · 1F )−1 ∈ F . Thus we have a canonical embeddingQ ↪→ F . In this case we say F has characteristic zero. If ker ε 6= 0 then ker ε = nZ for some integern > 0. If n = km for positive integers k,m < n, then im(ε) = Z/nZ is a subring of F hence is anintegral domain, so n = p is prime. Thus, we have a canonical embedding Z/pZ ↪→ F . In this case,we say F has characteristic p. In such a field we have p · 1F = 0F .

Let A be a commutative ring. An A-algebra is a ring R together with a homomorphism ε : A → Rwhose image is contained in the center of R. If A = F is a field, then we may regard R as an F -vectorspace via a · r = ε(a)r for a ∈ F and r ∈ R. In this case we say that R is a finite-dimensionalF -algebra if dimF R <∞.

Proposition 1.3 1. A finite integral domain is a field.

2. If E is a field and F is a finite subring of E then F is a field.

3. If F is a field and R is a finite dimensional F -algebra which is also an integral domain, then Ris a field.

Proof: Suppose F is a finite integral domain. Then for any nonzero a ∈ F , the map La : F → Fgiven by La(b) = ab is injective, by the definition of integral domain. Since F is finite, La is alsosurjective, so there is b ∈ F such that La(b) = 1. This proves item 1, of which item 2 is a special case,since a subring of a field is an integral domain. Finally if R is a finite dimensional F -algebra we againtake any nonzero element r ∈ R and consider the map Lr : R → R given by Lr(s) = rs. Since themap ε : F → R giving the F -algebra structure on R maps F into the center of R, it follows that themap Lr is F -linear. Again Lr is injective, hence surjective since dimF R <∞, so r is a unit in R �

An ideal P in a commutative ring R is prime if R/P is an integral domain. Equivalently, R − P isclosed under multiplication. That is, if a, b ∈ R and ab ∈ P then a ∈ P or b ∈ P .

An ideal M in a commutative ring R is maximal if R/M is a field. Equivalently, if I is any ideal suchthat M ⊂ I ⊂ R then either I = R or I = M .

A maximal ideal is prime, but not conversely in general, see below.

An integral domain R is a principal ideal domain (PID) if every ideal in R is principal. If R is a PIDthen every prime ideal is maximal.

1.1 Some applications of Zorn’s lemma

An ordering on a set X is a relation x ≤ y between some pairs of elements x, y ∈ X such that

• x ≤ x,

5

• x ≤ y and y ≤ z⇒ x ≤ z,

• x ≤ y and y ≤ x⇒ x = y.

A subset T ⊂ X is totally ordered if for all x, y ∈ T we have either x ≤ y or y ≤ x. An upperbound of a subset S ⊂ X is an element b ∈ X such that x ≤ b for all x ∈ S.

Zorn’s Lemma asserts that if every non-empty totally ordered subset of X has an upper bound thenthere exists m ∈ X such that if x ∈ X and x ≥ m then x = m. Such an element m, which need not beunique, is called a maximal element of X . Zorn’s lemma is equivalent to the axiom of choice, hencehas no naive proof.

Applications of Zorn’s lemma include:

1. Every vector space has a basis.

2. The arbitrary product of compact sets is compact (Thychonoff’s theorem).

3. Every field has an algebraic closure.

4. Every ideal in a commutative ring is contained in a maximal ideal.

5. The intersection of all prime ideals in a commutative ring R is the set of nilpotent elements in R.

We use Zorn’s lemma to prove the last two items here.

Item 3: Let R be a commutative ring and let I be an ideal of R. We apply Zorn to the set X of idealsof R containing I , ordered by inclusion. If T is a totally ordered subset of X , then b(T ) :=

⋃J∈T J

is again an ideal in X Indeed, the only non-obvious point is closure under addition, but if x ∈ J andx′ ∈ J ′ with both J, J ′ ∈ T , then x + x′ is in the greater of J, J ′ hence is in T . Therefore T has theupper bound b(T ). Let M be a maximal element of X . Then I ⊂ M and if J is any ideal containingM then J ∈ X so J = M , so M is a maximal ideal of R containing I .

Item 4: An element a ∈ R is nilpotent if an = 0 for some integer n ≥ 1. By induction on n, onesees that a nilpotent element is contained in every prime ideal. Suppose now that a ∈ R is contained inevery prime ideal of R but an 6= 0 for every integer n ≥ 1. Let S = {1, a, a2, . . . } and let X be the setof ideals I ⊂ R such that I∩S = ∅. If T is a totally ordered subset ofX then as above b(T ) =

⋃J∈T J

is an ideal in R and M(T ) ∩ S = ∅. By Zorn, there exists a maximal element M ∈ X . We showthat M is prime. Suppose not. Then there exist x, y ∈ R and xy ∈ M , but x /∈ M and y /∈ M . Bymaximality of M , the ideals (x,M) and (y,M) meet S. Hence there are u, v ∈ M and a, b, c, d ∈ Rsuch that ax+ bu ∈ S and cy + dv ∈ S. The product

(ax+ bu)(cy + dv) = acxy + bcuy + adxv + bduv

is again in S since S is closed under multiplication, but is is also in M since xy, u, v, uv ∈ M . Thiscontradicts M being in X . Therefore M is prime, so a ∈ M , another contradiction. Hence an = 0 forsome integer n so a is nilpotent.

6

1.2 Polynomial Rings

A polynomial over a commutative ring R is a finite formal sum f = c0 + c1x+ · · ·+ cnxn, where all

coefficients ci ∈ R and n ≥ 0 is and integer. The polynomials over R form a ring R[x] under the usualaddition and multiplication of polynomials. The degree deg(f) of a nonzero polynomial f ∈ R[x] isthe largest n such that cn 6= 0. We say f is monic if cn = 1, where n = deg(f). We identify R withthe polynomials in R[x] of degree zero. The units in R[x] are the units in R.

If R is an integral domain then for any two polynomials f, g ∈ R[x] we have

deg(fg) = deg(f) + deg(g).

It follows that R[x] is also an integral domain. However, if R is a PID then R[x] need not be a PID. Forexample, if R = Z and p is a prime, then Z[x] has the ideal (p, x) which is not principal, as well as theprime ideal (p) which is not maximal.

A polynomial f ∈ R[x] is reducible f = gh for some polynomials g, h ∈ R[x] having deg(g), deg(h)both strictly less than deg(f). We call such a factorization f = gh a nontrivial factorization. Apolynomial f ∈ R[x] is irreducible if f has no nontrivial factorization in F [x].

Let F be a field. Then the polynomial ring F [x] is a PID; if I ⊂ F [x] is a nonzero ideal then I = (f)where f is a polynomial in I of minimal degree. For example if I = (f, g) is generated by twopolynomials f, g ∈ F [x] then (f, g) = (h), where h = gcd(f, g) is the greatest common divisor off, g. Note that gcd(f, g) is only defined up to a nonzero constant factor. One can compute gcd(f, g)using the Euclidean Algorithm for polynomials.

Let f ∈ F [x] be a nonzero polynomial with deg(f) = n > 0. Let α = x + (f) ∈ F [x]. Using thedivision algorithm one can write every element β ∈ F [x]/(f) uniquely in the form

β = c0 + c1α + · · ·+ cn−1αn−1 (1)

with all ci ∈ F . In other words, the set {1, α, . . . , αn−1} is a basis of the F -vector space F [x]/(f), and

dimF F [x]/(f) = n = deg(f).

The product of two elements in the form (1) can be reduced to another of the same form using the rulef(α) = 0.

Since F [x] is a PID, the following are equivalent for a polynomial f ∈ F [x]:

1. the ideal (f) is maximal (that is, F [x]/(f) is a field);

2. the ideal (f) is prime (that is, F [x]/(f) is an integral domain);

3. if f = gh for g, h ∈ F [x] then one of g or h is constant.

4. f is irreducible in F [x].

7

It is important to specify F here since if E ⊃ F is a larger field then f could be irreducible in F [x] butreducible in E[x].

A general polynomial f ∈ F [x] has a unique factorization in the form

f = cf1f2 · · · fk,

where c ∈ F and each fi is monic and irreducible in F [x]. We say that f splits in F [x] if each fi hasdeg(fi) = 1. In this factorization it is possible to have fi = fj for i 6= j. However, let f ′ be the formalderivative of f . If gcd(f, f ′) = 1 then all of the fi are distinct.

Proposition 1.4 Let F be a field and let f ∈ F [x] have degree deg(f) > 0. Then there exists a fieldE ⊃ F and an element α ∈ E such that f(α) = 0. And there exists a field K ⊃ E such that f splitsin K[x].

Proof: Let f1 be an irreducible factor of f in F [x] and let E = F [x]/(f1). Then E is a field containingthe element α = x + (f1) and we have f(α) = f + (f1) = 0 + (f1) since f ∈ (f1). We view F as asubfield of E via the embedding F ↪→ E sending c 7→ +(f1) ∈ E, for any c ∈ F . This proves the firstassertion.

In E[x] we have f = (x − α)g, for some g ∈ E[x]. If deg g = 0, then f splits in E[x]. If deg(g) > 0we repeat the above process with f replaced by g, to construct a field L ⊃ E and an element β ∈ Lsuch that g(β) = 0. Then g = (x− β)h and f = (x− α)(x− β)h in L[x]. Continuing, we construct atower of at most deg(f) fields F ⊂ E ⊂ L ⊂ · · · ⊂ K such that f splits in K[x]. �

The ring F [x]/(f) may also be described as follows.

Proposition 1.5 Let F be a field and let f ∈ F [x] be a nonzero polynomial with factorization f =cfm1

1 · · · fm`` , where c ∈ F×, each fj ∈ F [x] is monic irreducible, fj 6= fk if j 6= k and the mj are

positive integers. Then the ring F [x]/(f) is isomorphic to a direct product of rings

F [x]/(f) '∏j=1

F [x]/(fmjj ),

via the isomorphism sending g + (f) ∈ F [x]/(f) to (g + (fm11 ), g + (fm2

2 ), . . . , g + (fm`` )).

Proof: This is an application of the Chinese Remainder Theorem, which asserts that if R is a commu-tative ring and I1, . . . , I` are ideals in R with intersection ∩jIj = I such that Ij + Ik = R for all pairsof indices j 6= k then we have a ring isomorphism

R/I∼−→∏j

R/Ij, (2)

sending r + I 7→ (r + I1, . . . , r + Ip). See [Lang] for a proof of (2). To apply this result to R = F [x],we first have to check that the ideals Ij = (f

mjj ) satisfy Ij + Ik = F [x] for i 6= j. Since fj, fk

8

are distinct monic irreducible polynomials, the ideals (fj) and (fk) are distinct maximal ideals of F [x]hence (fj, fk) = F [x]. Let Ij+Ik = (h). If deg(h) > 0 there exists a fieldE ⊃ F and α ∈ E such thath(α) = 0. Since fmjj , fmkk ∈ (h), this implies that fj(α) = fk(α) = 0, contradicting (fi, fk) = F [x].Hence deg(h) = 0, so Ij + Ik = F [x] as required.

Finally, since Ij + Ik = F [x] we have IjIk = Ij ∩ Ik, so that

(f) = (fm11 · · · f

m`` ) =

∏j=1

Ij =⋂j=1

Ij,

and Prop. 1.5 indeed follows from (2). �

1.3 Polynomials over Q

Here are four useful results on the irreducibility of polynomials in Q[x]. By clearing denominators, itsuffices to consider only polynomials in Z[x], that is, polynomials with integral coefficients.

Proposition 1.6 (rational root test) Suppose f = c0 + c1x + · · · + cnxn ∈ Z[x] has a rational root

r = a/b with a, b relatively prime integers. Then a | c0 and b | cn. In particular if f ∈ Z[x] is monicthen all rational roots of f are integers dividing f(0).

Proof: Clearing denominators in the equation f(r) = 0, we have

c0bn + c1b

n−1a+ · · ·+ cn−1ban−1 + cna

n = 0,

so a | c0bn and b | cnan. Since gcd(a, b) = 1 we must have a | c0 and b | cn. �

The next three results will use reduction modulo a prime. Let p be a prime in Z, then Fp = Z/pZis a field. Let c 7→ c denote the canonical projection Z → Fp. For each f =

∑cixi ∈ Z[x], let

f =∑cix

i ∈ Fp[x]. The mapping f 7→ f is a surjective ring homomorphism Z[x] → Fp[x], whosekernel is the ideal pZ[x] consisting of the integral polynomials all of whose coefficients are divisibleby p.

Proposition 1.7 (Gauss’ lemma) If f ∈ Z[x] has a nontrivial factorization in Q[x] then f has anontrivial factorization in Z[x].

Proof: Suppose f = gh ∈ Q[x] with deg(g), deg(h) both strictly less than deg(f). There existpositive integers m,n such that g1 := mg and h1 := nh belong to Z[x] and have the same degreesas g, h, repectively. We have N1f = g1h1, where N1 = mn. If N1 = 1 then f has a nontrivialfactorization in Z[x] as claimed. If N1 > 1 there exists a prime p | N1. Let f , g1, h1 ∈ Fp[x] be thepolynomials obtained from g1, h1 by reduction modulo p. We have

g1h1 = g1h1 = N1f = N1f = 0,

9

since p | N1. Since Fp[x] is an integral domain, one of g1 or h1 must be zero. Say g1 = 0. This meansp divides every coefficient of g1, so that g2 := p−1g1 ∈ Z[x]. Let N2 = N1/p, and set h2 = h1. Wenow have N2f = g2h2, where g2, h2 ∈ Z[x] have the same degrees as g, h. Repeating this we getN2 > N3 > . . . until eventually Nk = 1 for some k, and f = gkhk is a nontrivial factorization of f inZ[x]. �

Proposition 1.8 Let f = c0 + c1x+ · · ·+ cnxn ∈ Z[x] have degree n and let p be a prime not dividing

cn. Suppose f is irreducible in Fp[x]. Then f is irreducible in Q[x].

Proof: If f is reducible in Q[x] then f has a nontrivial factorization f = gh in Z[x], by Gauss’ Lemma.Since p does not divide the leading coefficient of f , it cannot divide either leading coefficient of g orh. Now f = gh in Fp[x], and deg(g) = deg(g), deg(h) = deg(h), so this is a nontrivial factorizationof f , contradicting the hypothesis. �

Proposition 1.9 (Eisenstein’s criterion) Let f = c0 + c1x+ · · ·+ cnxn ∈ Z[x]. Suppose there exists

a prime p such that p2 - c0, p | c0, . . . , cn−1, p - cn. Then f is irreducible in Q[x].

Proof: If f is reducible in Q[x] then there exists a nontrivial factorization f = gh in Z[x]. By the lasttwo assumptions, we have gh = cnx

n 6= 0 in Fp[x]. By unique factorization Fp[x] there are integersa, b and 0 < k < n such that g = axk, h = bxn−k. It follows that p divides both g(0) and h(0). Hencep2 divides g(0)h(0) = f(0) = c0, contradicting the first assumption. �

Example: We illustrate some of the above ideas with the the cyclotomic polynomial

Φp(x) = 1 + x+ x2 + · · ·+ xp−1 =xp − 1

x− 1, (3)

where p is a prime number. Since

Φp(x+ 1) =(x+ 1)p − 1

x=

p−1∑k=1

(p

k

)xp−1

and p |(pk

)for 0 < k < p, it follows from Eisenstein’s criterion that Φp(x) is irreducible in Q[x]. The

roots of Φp in C are ζ, ζ2, . . . , ζp−1, where ζ = e2πi/p. Evaluating polynomials in Q[x] at x = ζ gives ahomomorphism Q[x]→ C with image Q(ζ) = {c0 + c1ζ + · · ·+ cp−1ζ

p−1 : ci ∈ Q} and this inducesan isomorphism

Q[x]/(Φp)ζ−→ Q(ζ).

Since xp − 1 = (x− 1)Φp(x), we also have, from Prop. ??,

Q[x]/(xp − 1) ' Q[x]/(x− 1)×Q[x]/(Φp) ' Q×Q(ζ),

where Q[x]/(x− 1) ' Q via evaluation at x = 1.

10

2 Finite fields

Let f ∈ Z[x] be a polynomial with integer coefficients. We have seen that it is useful to consider thepolynomial f ∈ Fp[x] obtained by reduction modulo p. Galois observed that such polynomials maynot have roots in Fp, just as polynomials in Q[x] may not have roots in Q, but may instead have rootsin some larger field. This led him to develop the theory of finite fields. Placing himself in the essentialcase where f is irreducible, the eighteen year old Galois writes

Dans ce cas, la congruence n’admettra donc aucune racine entieere, ne meme aucune racineincommensurable de degre inferieur. Il faut donc regarder les racines de cette congruencecomme des especes de symboles imaginaires, puisqu’elles ne satisfont pas aux questionsdes nombres entiers, symboles dont l’emploi, dans le calcul, sera souvent aussi utile quecelui de l’imaginaire

√−1 dans l’analyse ordinaire.

C’est la classification de ces imaginaires, et leur reduction au plus petit nombre possible,qui va nous occuper. 1

Galois goes on to develop almost the entire theory of finite fields in six pages. Because he is start-ing with an irreducible f(x) ∈ Z[x], Galois seems not to be concerned with the existence of suchpolynomials. That is where we begin, before merging with Galois’ path.

Proposition 2.1 Let F be a field of finite cardinality |F |. Then there exists a prime p, an integer n,and an irreducible polynomial f ∈ Fp[x] of degree n such that |F | = pn and

F ' Fp[x]/(f).

Proof: Since F is finite, the canonical homomorphism ε : Z → F must have nonzero kernel of theform pZ for some prime p. Hence ε induces a canonical embedding Fp ↪→ F . We may thus regard Fas a vector space over Fp. The dimension dimFp F must be finite since F is finite, so |F | = pn, wheren = dimFp F .

Recall that the multiplicative group F× is cyclic. Choose a generator γ ∈ F of F×. Evaluatingpolynomials at x = γ gives a homomorphism ϕγ : Fp[x] → F which is surjective since ϕγ(x) = γ.The kernel of ϕγ is a maximal ideal of Fp[x], which must be of the form (f), for some irreduciblepolynomial f ∈ Fp[x], so ϕγ induces an isomorphism Fp[x]/(f) ' F . �

Our next aim is to prove that for any prime power pn there exists a field F with |F | = pn. We find F byreverse engineering, by examining the properties of such a hypothetical field. Since F× is a group oforder |F×| = pn−1, every nonzero element β ∈ F satisfies βpn−1 = 1. Hence every β ∈ F (includingβ = 0) satisfies βpn = β. In other words, F must be a field consisting of the roots of the polynomial

1In this case, the congruence [f(x) ≡ 0 mod p] will admit no integer root, nor even a non-integral root of lowerdegree. One must therefore regard the roots of this congruence as kinds of imaginary symbols, because they do not satisfyquestions of ordinary integers, symbols whose use, in calculation, will often be just as useful as that of the imaginary

√−1

in ordinary analysis.It is the classification of these imaginaries, and their reduction to the smallest possible number, which will concern us.

11

f = xpn − x. And these roots are distinct, since f ′ = −1 has no roots, much less any root in common

with f . Such fields are almost constructed by Prop. 1.4, except the field E in that result could havemore elements than just the roots of xpn − x. A small adjustment will fix this problem, and allow us toprove:

Proposition 2.2 For all primes p and integers n ≥ 1 there exists a field of cardinality pn.

Proof: Let f = xpn − x and let E be a field containing Fp in which f splits. Let φ : E → E be the

Frobenius endomorphism, given by φ(β) = βp. Then the n-fold composition φn is the endomorphismof E given by φn(β) = βp

n . Its fixed points F := Eφn = {β ∈ E : βpn

= β} are a finite subring of Eand are hence a subfield of E, consisting precisely of the pn distinct roots of f . �

The larger field E used in the construction of Prop. 2.2 is not unique; but the field F is unique up toisomorphism, as we will soon show. First we need the factorization of xpn − x in Fp[x].

Let Irr(p, d) be the set of irreducible monic polynomials in Fp[x] of degree d.

Proposition 2.3 In Fp[x] we have the factorization

xpn − x =

∏d|n

f∈Irr(p,d)

f.

Proof: For any f ∈ Irr(p, n) the field F = Fp[x]/(f) has cardinality |F | = pn and contains the rootα = x + (f) of f . Since f is irreducible, we have (f) = {g ∈ Fp[x] : g(α) = 0}. As before, thepolynomial xpn − x splits in F [x]:

xpn − x =

∏β∈F

(x− β).

Since α ∈ F we have αpn − α = 0, so xpn − x ∈ (f), which means that f | xpn − x. This shows thatevery polynomial in Irr(p, n) divides xpn − x.

Suppose a, b are positive integers with a | b; write b = ac. In Z[x] have

xb − 1 = (xa)c − 1 = (xa − 1)(xa(c−1) + xa(c−2) + · · ·+ x2a + xa + 1),

so xa − 1 | xb − 1. This is also true in Z if x is replaced by any integer. If d | n we therefore havepd − 1 | pn − 1. But now taking a = pd − 1 and b = pn − 1 we get xpd−1 − 1 | xpn−1 − 1. Multiplyingby x we have

xpd − x | xpn − x.

We have already shown that every f ∈ Irr(n, d) divides xpd−x. Hence every f ∈ Irr(n, d) also dividesxp

n − x.

It remains to show there are no other divisors of xpn − x. Suppose g ∈ Irr(p, e) for some e andg | xpn − x. Let F be any field of cardinality |F | = pn. We know that xpn − x splits in F , so g has a

12

root β ∈ F . Evaluation at β gives a ring homomorphism Fp[x]β−→ F with kernel (g). This induces an

embedding of the field L = Fp[x]/(g) into F . Hence we may regard F as a vector space over L. Letr = dimL F be the dimension of F . Since deg g = e we have |L| = pe, so that

pn = |F | = |L|r = (pe)r,

and n = er so e | n. This completes the proof of Prop. 2.3. �

Now we can prove uniqueness of finite fields.

Proposition 2.4 Any two finite fields of the same cardinality are isomorphic as fields.

Let F and F ′ be two finite fields with |F | = |F ′|. As before there exist f, g ∈ Irr(p, n) such that

F ' Fp[x]/(f) and F ′ ' Fp[x]/(g).

In F [x] we factorxp

n − x =∏β∈F

(x− β).

By Prop. 2.3 we have g | xpn − x. Hence g has a root β ∈ F , and evaluation at β gives an embeddingF ′ ' Fp[x]/(g) ↪→ F . Since |F | = |F ′| this embedding is an isomorphism. �

For every prime power pn we write Fpn for a field of cardinality Fpn = pn. Beware that Fpn is onlydefined up to isomorphism but has many incarnations. For example, suppose n is prime. Then Prop.2.3 shows that

xpn − x

xp − x=

∏f∈Irr(p,n)

f.

Comparing degrees on both sides, we find that the number of irreducible polynomials in Fp[x] of primedegree n is

|Irr(p, n)| = pn − pn

.

Galois considered the case p = 7, n = 3, where there are | Irr(7, 3)| = 122 different polynomialsf ∈ F7[x] such that F7[x]/(f) ' F73 . One of them is x3 − 2. Galois denotes a root of this by i, so wehave the incarnation

F = F7[x]/(x3 − 2) = {a+ bi+ ci2 : a, b, c ∈ F7},

with multiplication rule i3 = 2. In this field i has order 9; its powers 1, i, i2 give a basis of F , but Galoisasks for a generator of the multiplicative group F×. Factoring 73 − 1 = 2 · 9 · 19, he notes that

F× ' C2 × C9 × C19,

and it suffices to find generators of each factor. The first two factors are generated by −1 and i. Theremaining factor is generated by an element of order 19. Optimistically writing this element as a+ bi,Galois computes (using the rule i3 = 2) that i− 1 has order 19. Hence the element

α := −1 · i · (i− 1) = i− i2

13

generates F× and has equation α3 − α + 2 = 0. Hence the field

E = Fp[x]/(x3 − x+ 2)

is a different incarnation of F73 for which the element α = x+ (x3 − x+ 2) generates E×.

Finally, the subfields of finite fields are easily described.

Proposition 2.5 The subfields of Fpn are in bijection with the divisors of n. Namely, the divisor d | ncorresponds to the subfield {β ∈ Fpn : βp

d= β} ' Fpd .

Proof: Assuming d | n, the proof of Prop. 2.2 shows that {β ∈ Fpn : βpd

= β} is the unique subfieldof Fpn isomorphic to Fpd . Conversely, if F is a subfield of Fpn , let β be a generator of F×. Being anelement of Fpn , β is a root of xpn − x. By Prop. 2.3, there exists an irreducible polynomial f ∈ Fp[x]of degree d | n such that f(β) = 0. This gives an embedding Fpd ' Fp[x]/(f) ↪→ Fpn . �

The Frobenius automorphism φ ∈ Aut(Fpn) given by φ(β) = βp has order n. Thus the cyclic groupCn acts on Fpn by field automorphisms. The divisors d | n parametrize the subgroups 〈φd〉 ' Cn/d ofCn. And the subfield of Fpn of elements fixed by 〈φd〉 is the unique subfield having pd elements. Thus,Prop. 2.5 can be rephrased as follows.

Proposition 2.6 There is a bijection between the subgroups of Cn and the subfields of Fpn , wherebythe subgroup D ≤ Cn corresponds to the subfield consisting of elements in Fpn fixed by D.

Note that the bijection in Prop. 2.6 is inclusion-reversing, so that the lattice of subgroups of Cn isreciprocal to the lattice of subfields of Fpn . This is a simple case of the main theorem of Galois theory.

3 Extensions of rings and fields

The main objects of study in Number Theory is the field of algebraic numbers

Q := {α ∈ C : f(α) = 0 for some f ∈ Z[x]}

and the ring of algebraic integers

Z := {α ∈ C : f(α) = 0 for some monic f ∈ Z[x]}.

Clearly Z ⊂ Q. The rational root test shows that Z ∩ Q = Z. However, it is not obvious that Q isa field or that Z is a ring. We will show that they are, and that Q is the quotient field of Z. First wedevelop some useful ideas about polynomials.

14

3.1 Symmetric polynomials

Let R be an integral domain with quotient field F . Let f(x) = c0 + c1x + · · · cnxn ∈ R[x] be apolynomial of degree n, with roots α1, . . . , αn in some field E ⊃ F . In E[x] we have two expressionsfor f(x):

cn

n∏i=1

(x− αi) = f(x) =n∑k=0

ckxk.

In these expressions, the coefficients ci are known, and the roots αi are usually mysterious. Let ustherefore regard the αi as variables, and rename them ti. The coefficients ck will become functions ofthe ti. Dropping cn, we consider the two expressions for the general polynomial of degree n:

n∏i=1

(x− ti) =n∑k=0

(−1)kskxn−k. (4)

This is an equation in the ring R[t1, . . . , tn][x] of polynomials in x; the coefficients sk are themselvespolynomials in t1, . . . , tn. Expanding the left side of (4), we find these coefficients to be

s0 = 1

s1 =∑

1≤i≤n

ti

s2 =∑

1≤i<j≤n

titj

...

sk =∑

1≤i1<i2<···<ik≤n

ti1 · · · tik

...sn = t1 · · · tn.

(5)

The functions sk ∈ R[t1, . . . , tn] are the elementary symmetric polynomials.

The symmetric group Sn acts on the ring R[t1, . . . , tn] by

(σ · f)(t1, . . . , tn) = f(tσ1, . . . , tσn),

where σ ∈ Sn and f ∈ R[t1, . . . , tn]. The Sn-invariant polynomials form the subring

R[t1, . . . , tn]Sn = {f ∈ R[t1, . . . , tn] : σ · f = f}.

of symmetric polynomials. Each sk belongs to R[t1, . . . , tn]Sn and these symmetric polynomialsare “elementary” in the sense that every symmetric polynomial is a polynomial in s1, . . . , sn. Moreprecisely, we have the

Theorem 3.1 (Symmetric Polynomial Theorem) The map

R[t1, . . . , tn] −→ R[t1, . . . , tn]Sn

sending f(t1, . . . , tn) 7→ f(s1, . . . , sn) is a ring isomorphism.

15

Proof: The map is clearly a ring homomorphism. To prove that it is bijective, it is convenient touse multi-index notation for polynomials. Let M be the set of n-tuples (m1,m2, . . . ,mn) of integersmi ≥ 0. For µ = (m1,m2, . . . ,mn) ∈ M , let |µ| = m1 + m2 + · · · + mn. We define a total orderingon M by declaring µ′ ≤ µ if either |µ′| < |µ| or there is 1 ≤ k < n such that

m′1 = m1, m′2 = m2, · · · ,m′k = mk, but m′k+1 < mk+1. (6)

We need two properties of this ordering. First, adding componentwise we have

µ′ ≤ µ and ν ′ ≤ ν ⇒ µ′ + ν ′ ≤ µ+ ν. (7)

Second, if µ = (m1, . . . ,mn) with m1 ≥ m2 ≥ · · · ≥ mn and µ′ is obtained from µ by a nontrivialpermutation of the coordinates mi, then µ′ < µ.

Now each element f ∈ R[t1, . . . , tn] can be written as∑

µ∈M cµtµ, where tµ = tm1

1 . . . tmnn and all butfinitely many cµ are zero. Let µ(f) be the maximal µ ∈M such that cµ 6= 0. From (7) it follows that

µ(fg) = µ(f) + µ(g).

Now µ(sk) = (1, 1, . . . , 1, 0, . . . , 0), with k 1’s. It follows that for integers dk ≥ 0 we have

µ(sd11 sd22 · · · sdnn ) = (d1 + d2 + · · ·+ dn, d2 + d3 + · · ·+ dn, . . . , dn). (8)

We now show that the map in Prop. 3.1 is surjective. Let f =∑

µ∈M cµtµ ∈ R[t1, . . . , tn]Sn and let

µ(f) = (m1, . . . ,mn). Since f is symmetric, all µ′ obtained by nontrivial permutations of the mi alsohave cµ′ 6= 0. Since µ(f) is maximal, we must have m1 ≥ m2 ≥ · · · ≥ mn. For 1 ≤ i < n letdi = mi −mi+1, and let dn = mn. Then dk + · · ·+ dn = mk so

µ(sd11 sd22 · · · sdnn ) = µ(f).

Hence lettingf ′ = f − cµ(f)s

d11 s

d22 · · · sdnn ,

we have µ(f ′) < µ(f). Repeating this process with f ′ and continuing, we eventually express f as apolynomial in s1, . . . , sn. Hence the map in Prop. 3.1 is surjective.

Now for injectivity. A polynomial f =∑

λ∈M cλtλ ∈ R[t1, . . . , tn] is mapped to f(s) =

∑λ∈M cλs

λ,and we have seen above that µ(sλ) = (`1 + · · ·+ `n, `2 + · · ·+ `n, . . . , `n). Equation (8) shows that ifλ′ 6= λ then µ(sλ) 6= µ(sλ

′). Hence µ(f(s)) = max{µ(sλ) : cλ 6= 0}. This shows that if f 6= 0 then

f(s) 6= 0. Hence the map in Prop. 3.1 is injective. �

Example 1: For each k ≥ 0 the polynomial

pk = tk1 + tk2 + · · ·+ tkn

is symmetric. We have

p1 = s1, p2 = s21 − 2s2, p3 = s3

1 − 3s1s2 + 3s3.

16

In general, pk can be expressed in terms of the elementary symmetric polynomials via the recursiveformula (“Newton’s identities”)

ksk +k∑i=1

(−1)ksk−ipi = 0.

Example 2: The polynomiald =

∏1≤i<j≤n

(ti − tj)

is not quite symmetric. We have σ · d = sgn(σ)d, so d is invariant under the alternating group An butnot the full symmetric group Sn. However the square

D =∏

1≤i<j≤n

(ti − tj)2

is symmetric. ThisD is the discriminant polynomial. Its expression in terms of elementary symmetricpolynomials is complicated even for small n:

n = 2 : D = s21 − 4s2

n = 3 : D = s21s

22 − 27s2

3 − 4s32 − 4s3

1s3 + 18s1s2s3

n = 4 : D = s21s

22s

23 + 256s3

4 − 27s43 − 27s4

1s24 + 144s2

1s2s24 − 128s2

2s24 + 4s2

1s32s4 + 16s4

2s4

− 192s1s3s24 + 18s3

1s2s3s4 − 80s1s22s3s4 − 6s2

1s23s4 + 144s2s

23s4 − 4s3

2s23 − 4s3

1s33

+ 18s1s2s33.

(9)

In general the degree ofD is n(n−1) and µ(D) = 2(n−1, n−2, . . . , 1) = µ(s21s

22 · · · s2

n) so s21s

22 · · · s2

n

appears with coefficient = 1 in D. Does sn−1n always appear with coefficient ±nn? For n = 5 this

coefficient is +55. Does snn−1 always appear with coefficient ±(n − 1)n−1? For n = 5 this coefficientis +256.

3.2 Integral ring extensions

Let R be an integral domain and let S be a subring of R. An element α ∈ R is integral over S if thereexists a monic polynomial f ∈ S[x] such that f(α) = 0. Let

RS = {α ∈ R : α is integral over S}.

Every s ∈ S is the root of the monic polynomial x− s ∈ S[x], so S ⊂ RS , so we have

S ⊂ RS ⊂ R.

Proposition 3.2 RS is a subring of R.

17

Proof: Let α, β ∈ RS be roots of monic polynomials f, g ∈ S[x]. Let h = fg ∈ S[x] and let E be afield containing S in which h splits. By specializing ti 7→ γi in the general polynomial (4), we have

h =n∏i=1

(x− γi) =n∑k=0

(−1)ksk(γ1, . . . , γn)xn−k.

Since h ∈ S[x], each coefficient sk(γ1, . . . , γn) belongs to S. By the symmetric polynomial theorem,we have f(γ1, . . . , γn) ∈ S for each symmetric polynomial f ∈ S[t1, . . . , tn]. Now the coefficients of

H× =∏

1≤i<j≤n

(x− γiγj) and H+ =∏

1≤i<j≤n

(x− γi − γj)

are symmetric polynomials evaluated at (γ1, . . . , γn), hence these coefficients lie in S, and H×, H+ aremonic polynomials in S[x]. Since αβ ∈ {γiγj} and α + β ∈ {γi + γj} we have H×(αβ) = 0 andH+(α + β) = 0, so αβ and α + β are integral over S. �

Integral extensions of Z have a property in common with PID’s, namely:

Proposition 3.3 Let R be an integral domain in which every element is integral over Z. Then everynonzero prime ideal in R is maximal.

Proof: Let P be a prime ideal in R. Choose a nonzero element β ∈ P . Then β satisfies an equationβn + c1β

n−1 + · · · + cn = 0, with all ci ∈ Z. Factoring out powers of β, and remembering that R isan integral domain, we may assume that cn 6= 0. Then cn ∈ Rβ ⊂ P . This shows that P ∩ Z 6= {0}.Since it is clear that P ∩ Z is a prime ideal in Z, we have P ∩ Z = pZ for some prime number p. NowFp = Z/pZ ↪→ R/P , via the canonical homomorphism ε : Z→ R. Hence R/P is an Fp-algebra.

Let α ∈ R have nonzero image α ∈ R/P . Since R is integral over Z we have R/P algebraic overFp. Hence the homomorphism Fp[x] → R/P given by evaluation at α has kernel generated by anirreducible polynomial f ∈ Fp[x]. As Fp[x]/(f) is a field, it follows that α is contained in a subfield ofR/P and is therefore invertible in R/P . Hence R/P is a field, so P is maximal. �

Not every integral extension of Z is a PID. For example, the ring Z[√−6] is integral over Z. Indeed,

every α ∈ Z[√−6] is a root of the polynomial x2 − (α+ α)x+ αα, where α is the complex conjugate

of α. However, the ideal P = (2,√−6) in Z[

√−6] is not principal. For if P = (2m + n

√−6) with

m,n ∈ Z, then there would exist α, β ∈ Z[√−6] such that

2 = α · (2m+ n√−6),

√−6 = β · (2m+ n

√−6),

so4 = αα(4m2 + 6n2), 6 = ββ · (4m2 + 6n2),

and 4m2 + 6n2 would divide 2 = 6− 4, impossible. However, P is maximal by Prop. 3.3. Indeed, Pis the kernel of the ring homomorphism R→ F2 sending a+ b

√−6 7→ a mod 2.

18

3.3 Prime ideals in Z[x]: elementary classification

In Z[x] we have only a partial division algorithm.

Proposition 3.4 If f and g are polynomials in Z[x] and f is monic, then there exist q, r ∈ Z[x] withdeg(r) < deg(f) such that g = qr + r.

Proof: The proof for polynomials over a field works just as well here, since we do not have to divideby the leading coefficient of f . �

The condition that f be monic is necessary. For example, there are no polynomials q, r ∈ Z[x] withdeg(r) < deg(2x) such that x2 = 2x · q + r. This complicates the picture of ideals in Z[x]. Forexample, not every ideal in Z[x] is principal.

A polynomial f ∈ Z[x] is primitive if gcd(f) = 1. Every f ∈ Z[x] can be written as f = cf1 wherec = gcd(f) and f1 ∈ Z[x] is primitive.

Lemma 3.5 The product of two primitive polynomials is primitive. More generally, for f, g ∈ Z[x] wehave gcd(fg) = gcd(f) · gcd(g).

Proof: If f and g are primitive but p is a prime dividing gcd(fg). Then fg = f g = 0 ∈ Fp[x], soeither f = 0 or g = 0, so p divides gcd(f) or gcd(g), a contradiction.

In general, let f = af1 and g = bg1, where a = gcd(f), b = gcd(g) and f1, g1 are primitive. Thengcd(fg) = gcd(af1 · bg1) = ab gcd(f1g1) = ab, by the first case. �

Lemma 3.6 If f ∈ Q[x] is a monic polynomial then there is d ∈ Z such that f1 := df ∈ Z[x] and isprimitive; we have fQ[x] ∩ Z[x] = f1Z[x]

Proof: Writef =

a0

b0

+a1

b1

x+ · · ·+ an−1

bn−1

xn−1 + xn

with all ai, bi ∈ Z and gcd(ai, bi) = 1. Let d be the least common multiple of the bi’s. Then df ∈ Z[x]has leading term dxn. Let p be a prime dividing d and write d = mpr, where p - m. Then r > 0 is themaximal power of p dividing any bi. Choose i such that pr | bi. Then p - (d/bi). And p - ai becausegcd(ai, bi) = 1 Hence p does not divide the coefficient dai/bi of df , so df is primitive.

It is clear that the polynomial f1 := df belongs to fQ[x] ∩ Z[x], so that f1Z[x] ⊂ fQ[x] ∩ Z[x].Conversely, suppose g ∈ fQ[x]∩Z[x]. Let g = fh, with h ∈ Q[x]. Choose c ∈ Z such that ch ∈ Z[x].Then cdg = f1 · ch, so cd · gcd(g) = gcd(ch). But since c | gcd(ch) we have h ∈ Z[x] to beginwith, and d · gcd(g) = gcd(h), so we even have h ∈ dZ[x]. Write h = dh1 with h1 ∈ Z[x]. Theng = fh = f · dh1 = f1h1 ∈ f1Z[x]. �

Theorem 3.7 Every polynomial f ∈ Z[x] factors as f = cf1 · · · fn, where c = gcd(f) ∈ Z and fi inZ[x] are primitive nonconstant and irreducible in Z[x]. This factorization is unique up to sign and theorder of the factors.

19

Proof: We may assume that f is primitive. If f = gh for nonconstant g, h ∈ Z[x] then 1 = gcd(f) =gcd(g) gcd(h) by Lemma 3.5, so g, h are primitive. Repeating this, we obtain a factorization of f intoa product of primitive irreducible nonconstant polynomials. Suppose f1 · · · fk = f = g1 · · · g` are twofactorizations of f into primitive nonconstant irreducible polynomials in Z[x]. By Gauss’ Lemma, eachof the polynomials fi and gi are irreducible in Q[x]. By unique factorization in Q[x] we have k = `and after re-indexing there are rational numbers ai/bi such that fi = (ai/bi)gi for all i. Since fi and giare both primitive we have

bi = gcd(bifi) = gcd(aigi) = ai

so fi = gi up to sign. �

We now classify the prime ideals in Z[x]. We note first that P ∩ Z is a prime ideal in Z, hence eitherP ∩ Z = {0} or P ∩ Z = pZ for a unique prime p ∈ Z.

Theorem 3.8 The nonzero prime ideals in Z[x] are classified as follows.

1. If P ∩Z = {0} then P = fZ[x], where f is the unique (up to sign) primitive polynomial in P ofminimal degree.

2. If P ∩ Z = pZ and P contains no primitive polynomial, then P = pZ[x].

3. If P ∩ Z = pZ and P contains a primitive polynomial then P = pZ[x] + fZ[x] where f ∈ Z[x]is primitive with irreducible reduction f ∈ Fp[x]. The ideal (f) in Fp[x] depends only on P .

Proof:

Assume that P ∩ Z = pZ and P contains no primitive polynomial. Let f ∈ P and write f = cf1 withc = gcd(f) and f1 primitive. Since f1 /∈ P , we must have c ∈ P ∩ Z. Hence p | c so f ∈ pZ[x] asclaimed.

For the rest of the proof we assume that P contains a primitive polynomial and let m be the minimaldegree of a primitive polynomial in P . If f ∈ P is primitive with deg f = m then Theorem 3.7 impliesthat f is irreducible in Z[x].

Suppose that P 6= fZ[x]. Let n ≥ 0 be the minimal degree of a polynomial in P − fZ[x] and chooseg ∈ P − fZ[x] of this minimal degree n. Suppose g factors as g = hk in Z[x]. Neither h nor k canbelong to fZ[x]. If, say, h ∈ P then by minimality deg(h) = deg(g) and k is constant. By Gauss’Lemma, f and g are irreducible in Q[x] so there exist a(x), b(x) ∈ Q[x] such that af+bg = 1. Clearingdenominators in the coefficients of a, b we find d ∈ Z such that da, db ∈ Z[x] and daf + dbg = d ∈ P .

If P ∩ Z = {0} this is a contradiction, so P = fZ[x] as claimed, and any other primitive polynomialh ∈ P of degree m is divisible by f in Z[x], so h = ±f .

If P ∩ Z = pZ then p | d and the ideal (p, f) = pZ[x] + fZ[x] is contained in P . Let f ∈ Fp[x] bethe reduction of f modulo p. Since f is primitive, we have f 6= 0. Suppose f is reducible in Fp[x].Then there are polynomials h, k, r ∈ Z[x] such that f = hk + pr, both h and k are nonconstant, and

20

deg(h) + deg(k) = deg(f) ≤ deg(f). Since p ∈ P we have hk ∈ P . By minimality of m, either h ork is constant, a contradiction. Therefore f is irreducible in Fp. It follows that

Z[x]/(p, f) ' Fp/(f)

is a field, so (p, f) is a maximal ideal in Z[x] and we have (p, f) = P , as claimed.

Finally, suppose (p, f) = P = (p, g) where f, g ∈ Z[x] are primitive with irreducible reductionsf , g ∈ Fp[x]. There are h, k ∈ Z[x] such that f = ph+ gk, so f = gk ∈ (g). Likewise g ∈ (f), so that(f) = (g). This completes the proof of Thm. 3.8. �

From Prop. 3.3 we know that prime ideals in integral extensions of Z are maximal. We can nowsharpen this as follows.

Corollary 3.9 Let R be an integral domain and let α in R be integral over Z with minimal monicirreducible polynomial f ∈ Z[x]. Then every nonzero prime ideal P of R is maximal and has the formP = (p, g(α)), where p ∈ Z is prime and g ∈ Z[x] is monic such that g is an irreducible factor f inFp[x] and we have

Z[α]/P ' Fp[x]/gFp[x] ' Fpd ,

where d = deg g.

Proof: Let f ∈ Z[x] be the monic irreducible polynomial of α. Then Z[x]/fZ[x] ' Z[α] viaevaluation at α, so the prime ideals of Z[α] correspond to the prime ideals of Z[x] containing f . Fromthe classification of prime ideals in Z[x], we see these primes consist of fZ[x] itself and the primes(p, g), where g is irreducible modulo p and f = gh + pk for some h, k ∈ Z[x]. This last is equivalentto having f = gh in Fp[x]. In other words, g must be an irreducible factor of f in Fp[x]. When thisholds, we have isomorphisms

Z[α]/(p, g(α))∼←− Z[x]/(p, g)

∼−→ Fp[x]/gFp[x],

induced by evaluation at α and reduction modulo p, respectively. Since g is irreducible of degree d, thering Fp[x]/gFp[x] is a field of cardinality pd. �

3.4 The spectrum of a commutative ring

Let R be a commutative ring. Define Spec(R) to be the set of prime ideals of R. There is a topologyon Spec(R) for which the closed sets are those of the form

V (I) = {P ∈ Spec(R) : I ⊂ P},

where I is an ideal in R. One checks that

• V ({0}) = R and V (R) = ∅;

• V (I) ∪ V (J) = V (IJ) for any two ideals I, J in R;

21

•⋂j V (Ij) = V

(∑j Ij

)for any family of ideals {Ij} in R,

so that the sets V (I) are indeed the closed sets of a topology on Spec(R). The open sets are then thecomplements U(I) = {P ∈ Spec(R) : I 6⊂ P}.

In this topology points in Spec(R) are not generally closed. If P ∈ Spec(R) and V (I) contains P ,then V (P ) ⊂ V (I). It follows that the closure of {P} is V (P ). We have {P} = V (P ) exactly whenP is maximal. Hence, the closed points in Spec(R) are the maximal ideals of R. At the other extreme,if R is an integral domain then {0} ∈ Spec(R), and

{ {0} } = V ({0}) = R.

That is, the point {0} is dense in Spec(R). We set ξR = {0} and call this the generic point in Spec(R).

The correspondence theorem for ideals gives a bijection

Spec(R/I)∼−→ V (I)

which is a homeomorphism because it sends any closed set V ((I + J)/I) ⊂ Spec(R/I) to the closedset V (I) ∩ V (J) ⊂ V (I).

More generally, any ring homomorphism ϕ : R→ R′ gives a function

ϕ∗ : Spec(R′) −→ Spec(R) Q 7→ ϕ−1(Q).

One checks that (ϕ∗)−1 (V (I)) = V (I ′), where I ′ is the ideal of R′ generated by ϕ(I). It follows thatϕ∗ is continuous.

For any ideal J ⊂ R′, one checks that

ϕ∗(V (J)) = imϕ∗ ∩ V (ϕ−1(J)).

If we give imϕ∗ the subspace topology from Spec(R) then ϕ∗ : Spec(R′)→ imϕ∗ is a closed map.

If R is a subring of R′ and ϕ : R ↪→ R′ is the inclusion then ϕ∗(Q) = Q ∩R, for any Q ∈ Spec(R′).

If R′ is an integral domain then kerϕ is a prime ideal in R and ϕ∗ sends the generic point ξR′ ∈Spec(R′) to kerϕ ∈ Spec(R).

3.4.1 Spec(Z[x])

We illustrate all of this with the evident ring homomorphisms

Q[x] Z[x]oo // Fp[x]

Z

OO,

22

which give continuous maps

Spec(Q[x])η // Spec(Z[x])

ε

��

Spec(Fp[x])πoo

Spec(Z)

.

We haveSpec(Z) = {ξZ} ∪ {pZ : p prime}Spec(Q[x]) = {ξQ[x]} ∪ {fQ[x] : f ∈ Q[x] irreducible}Spec(Fp[x]) = {ξFp[x]} ∪ {fFp[x] : f ∈ Q[x] irreducible}.

From Theorem 3.8, the points P ∈ Spec(Z[t]) are of three types:

i) P = fZ[x], where f ∈ Z[x] is primitive and irreducible.

ii) P = pZ[x], where p is a prime in Z.

iii) P = pZ[x] + fZ[x] where p ∈ Z is prime and f ∈ Z[x] is primitive with f ∈ Fp irreducible.

This classification fits in neatly with the partition of Spec(Z[x]) into fibers of ε:

The primes of type i) are the points in the generic fiber ε−1(ξZ).

The primes in types ii) are dense in the closed fiber ε−1(pZ).

The primes of type iii) are the closed points in ε−1(pZ).

Moreover, η and π give homeomorphisms onto the fibers (with the subspace topology)

Spec(Q[x])∼−→ηε−1(ξZ) ⊂ Spec(Z[x]) ⊃ ε−1(pZ)

∼←−π

Spec(Fp[x]).

Explicitly, we haveη(fQ[x]) = f1Z[x],

where f1 is the unique primitive irreducible polynomial in fQ[x]∩Z[x] (cf. Lemma 3.6) and π(fFp[x]) =pZ[x] + fZ[x] (cf. part 3 of Theorem 3.8).

We also have the following “transverse” partition of Spec(Z[x]). Let f ∈ Z[x] be primitive and irre-ducible. Then the closure of the point fZ[x] is

{fZ[x]} = V (fZ[x]) = {fZ[x]} ∪ {(p, g) : g is an irreducible factor off ∈ Fp[x]},

and is homeomorphic to Spec(Z[α]), where α is an element in a number field with minimal integral (notnecessarily monic) polynomial f . Thus, the points in {fZ[x]} ∩ ε−1(pZ) correspond to the irreduciblefactors of f modulo p, and also the the primes in Z[α] which contain p.

3.5 Algebraic field extensions

If a field F is a subfield of a field E, we say that E/F is a field extension. Let E/F be a fieldextension. We say that α ∈ E is algebraic over F if there exists a nonzero polynomial f ∈ F [x] such

23

that f(α) = 0. 2 Equivalently, α is algebraic over F if the map ϕα : F [x]→ E has nonzero kernel. Inthis case kerϕα = (fα), where fα is the unique monic polynomial in kerϕα of lowest degree, and ϕinduces an isomorphism

ϕα : F [x]/(fα) ∼−→ F (α),

where F (α) = imϕα is the subfield of E generated by F and α. We have

F (α) = {c0 + c1α + · · ·+ cn−1αn−1 : ci ∈ F},

where n = deg fα. The polynomial fα is the minimal polynomial of α. A field extension E/F itselfan algebraic extension if every element of E is algebraic over F .

Corollary 3.10 Given a field extension E/F , the set L = {α ∈ E : α is algebraic over F} is asubfield of E containing F .

Proof: That L is a subring of E follows from Prop. 3.2. If α is a nonzero element of L with minimalpolynomial fα ∈ F [x] of degree n, then α−1 is a root of the polynomial g(x) = xnfα(1/x) ∈ F [x], soα−1 ∈ L. Therefore L is a field. �

Remark: If K/E and E/F are two algebraic field extensions, then K/F is also algebraic. We deferthe proof of this to the next section (see Cor. 3.15).

The typical situation in which integrality and algebraicity are related is as follows. Let S be an integraldomain with quotient field F and let E/F be a field extension. The integral closure of S in E is thesubring R ⊂ E consisting of elements of E which are integral over S.

Proposition 3.11 If α ∈ E is algebraic over F then there exists s ∈ S such that sα ∈ R.

Proof: Let fα =∑ckx

k be the minimal polynomial of α over F , with n = deg fα. There exists s ∈ Ssuch that rck ∈ S for all k, and sα is a root of the monic polynomial snfα(x/s) ∈ S[x]. �

Corollary 3.12 Let S be an integral domain with quotient field F , let E/F be an algebraic extensionand let R be the integral closure of S in E. Then E is the quotient field of R.

3.5.1 The ring of algebraic integers and the field of algebraic numbers

The field of algebraic numbers is the field Q consisting of complex numbers which are algebraic overQ. That is, Q consists of those complex numbers α which are roots of polynomials in Q[x].

The ring of algebraic integers is the ring Z consisting of complex numbers which are integral over Z.That is, Z consists of those complex numbers α which are roots of monic polynomials in Z[x].

2If this holds, we could arrange f to be monic, so α is integral over the subring F of E. We use the word “algebraic”instead of “integral” in the context fields to emphasize that we are only interested in the property that the powers of α satisfyan algebraic relation.

24

From Cor. 3.12 it follows that Q is the quotient field of Z.

The rational root test shows that Z ∩Q = Z.

The ring Z and its quotient field Q are the main objects of study in number theory.

3.6 Field extensions of finite degree

A field extension E/F is finite if E has finite dimension as an F -vector space. In this case we write

[E : F ] = dimF E.

Proposition 3.13 IF L/E and E/F are finite extensions of fields then L/F is finite and we have

[L : F ] = [L : E][E : F ].

Proof: Let {α1, . . . , αn} be an F -basis of E and let {β1, . . . , βm} be an E-basis of L. One checks that{αiβj : 1 ≤ i ≤ n, 1 ≤ j ≤ m} is an F -basis of L. �

A pair of extensions L/E,E/F is called a tower of fields. Towers often appear by adjoining elements,as follows. Suppose K/F is a field extension and α ∈ K. The field F (α) is the intersection of all sub-fields of K containing α. More generally, given α1, . . . , αn ∈ K, the field F (α1, . . . , αn) is the inter-section of all subfields ofK containing {α1, . . . , αn}. We have F (α1, . . . , αn) = F (α1, . . . , αn−1)(αn)and the field F (α1, . . . , αn) can be obtained from F adjoining one element at a time, forming a tower:

F ⊂ F (α1) ⊂ F (α1, α2) ⊂ · · ·F (α1, · · · , αn) ⊂ K.

A field F (α1, · · · , αn) obtained in this way is finitely generated over F .

Proposition 3.14 A finite field extension E/F is algebraic. If E/F is algebraic and E is finitelygenerated over F then E/F is finite.

Proof: Let E/F be a finite extension and let α ∈ E. Then the set of powers {αi} must be linearlydependent over F . A dependence relation is of the form c0 + c1α + · · · + cnx

n = 0, with all ck ∈ F .Thus α is a root of the polynomial c0 + c1x + · · · + cnx

n, so α is algebraic over F . Since α ∈ E wasarbitrary, we have E/F algebraic.

Now suppose E = F (α) is an algebraic extension of F generated by a single element α with minimalpolynomial fα ∈ F [x]. Then F [x]/(fα) ' E via evaluation at α, and [E : F ] = deg fα < ∞, soE/F is finite. Finally suppose E = F (α1, . . . , αn) is finitely generated and algebraic over F . LetF0 = F and for 1 ≤ i ≤ n let Fi = F (α1, . . . , αi) = Fi−1(αi). By what we just proved for a singlegenerator, [Fi : Fi−1] <∞ for each 1 ≤ i ≤ n. From Prop. 3.13 we have [Fi : F ] = [Fi : Fi−1][Fi−1 :Fi−2] · · · [F1 : F ] <∞. In particular [E : F ] <∞. �

Now we can prove that algebraicity is preserved under towers.

25

Corollary 3.15 If L/E and E/F are algebraic then L/F is algebraic.

Proof: Let α ∈ L. Since L/E is algebraic, there is f =∑n

k=0 ckxk ∈ E[x] such that f(α) = 0.

Each coefficient ck lies in E and E/F is algebraic so each ck is algebraic over F . That is, each cklies in the algebraic closure FE of F in E. Since FE is a field (Cor. 3.10), the finitely generated fieldK = F (c0, . . . , cn) ⊂ FE is is algebraic over F . HenceK/F is finite by Prop. 3.13. And f ∈ K[x], soα is algebraic over K so K(α)/K is finite, again by Prop. 3.13. So K(α)/F is finite, hence algebraicover F , so α is algebraic over F . Since α ∈ L was arbitrary, the extension L/F is algebraic. �

3.6.1 Some abelian numbers

An abelian number is an element of Q(e2πi/n) for some integer n ≥ 1. 3

Both complex numbers e±2πi/n are roots of xn − 1, hence lie in Z. Since Z is closed under addition,it follows that 2 cos(2π/n) = e2πi/n + e−2πi/n is an algebraic integer. The factor of 2 is necessary.For example, α = cos(2π/12) =

√3/2 satisfies 4α2 − 3 = 0, but no monic polynomial over Z. For

1 ≤ n ≤ 12 we list the monic polynomials in Z[x] of minimal degree having e2πi/n and 2 cos(2π/n) asroots:

n e2πi/n 2 cos(2π/n)1 x− 1 x− 22 x+ 1 x+ 23 x2 + x+ 1 x+ 14 x2 + 1 x5 x4 + x3 + x2 + x+ 1 x2 + x− 16 x2 − x+ 1 x− 17 x6 + x5 + x4 + x3 + x2 + x+ 1 x3 + x2 − 2x− 18 x4 + 1 x2 − 29 x6 + x3 + 1 x3 − 3x+ 110 x5 − x4 + x3 − x2 + x− 1 x2 − x− 111 x10 + x9 + · · ·+ x+ 1 x5 + x4 − 4x3 − 3x2 + 3x+ 112 x4 − x2 + 1 x2 − 3

(10)

For a general prime p > 2, the minimal polynomial Ψp(x) of 2 cos(2π/p) is found as follows. Writep = 2n+ 1, so that

z−nΦp(z) = zn + zn−1 + · · ·+ z1−n + z−n = Ψ(z + z−1),

where Ψ ∈ Z[x] is a monic polynomial of degree n, which we will compute in a moment. Since n isthe degree of the minimal polynomial of 2 cos(2π/p) and

Ψ(2 cos(2π/p)) = Ψ(e2πi/p + e−2πi/p) = e−2nπi/pΦp(e2πi/p) = 0,

it follows that Ψ = Ψp is the minimal polynomial of 2 cos(2π/p). To determine Ψp, let

fn(z) = zn + zn−2 + · · ·+ z2−n + z−n.

3The term “abelian” will make more sense when we see the Kronecker-Weber theorem.

26

Then we have the Clebsch-Gordon rule 4

f1 · fn = fn−1 + fn. (11)

Using equation (11) one verifies by induction that

f2k(z) = (−1)kk∑i=0

(−1)i(k + i

k − i

)(z + z−1)2i = g2k(z + z−1)

f2k+1(z) = (−1)kk∑i=0

(−1)i(k + i+ 1

k − i

)(z + z−1)2i+1 = g2k+1(z + z−1),

(12)

where

g2k(x) = (−1)kk∑i=0

(−1)i(k + i

k − i

)x2i

g2k+1(x) = (−1)kk∑i=0

(−1)i(k + i+ 1

k − i

)x2i+1.

(13)

Since Ψp(z + z−1) = fn(z) + fn−1(z) = gn(z + z−1) + gn−1(z + z−1), it follows that the minimalpolynomial of 2 cos(2π/p) is given by

Ψp(x) = gn(x) + gn−1(x), (14)

where the polynomials gn, gn−1 are given by (13). Since these two polynomials have opposite parity,there is no cancellation between their terms.

3.6.2 Constructible numbers

The geometric constructions in Euclid’s Elements can be explained in terms of finite and algebraicextensions of Q. The allowed constructions are of two types:

1. Given distinct points α, β ∈ C we can draw the line through α and β.

2. Given α ∈ C and a real number r > 0 we can draw the circle with center α and radius r.

A number α ∈ C is constructible if, starting with 0, 1 we can obtain α by a sequence of constructionsof types 1 and 2 and taking intersections. Let

K = {α ∈ C : α is constructible}.4fn(z) is the trace of a matrix in SL2(C) with eigenvalues z, z−1 acting on the space Symn of symmetric polynomials

of degree n on C2, and the Clebsch-Gordon rule gives the tensor product decomposition of representations

Sym1⊗Symn = Symn−1⊕Symn+1 .

27

Many of the geometric constructions in the Elements can be expressed in algebraic language as follows.

Theorem 3.16 The set K is a subfield of C, algebraic over Q and closed under taking square-roots.

Proof: Intersections of lines and circles are found by solving a linear or quadratic equation withcoefficients already constructed. Hence a complex number α is constructible exactly when there istower of extensions

Q = F0 ⊂ F1 ⊂ F2 ⊂ · · · ⊂ Fn

with each [Fi : Fi−1] = 2, and α ∈ Fn. Each α ∈ K lies in a finite extension of Q, hence is algebraicover Q. And the square-roots of a given complex number can constructed using operations 1 and 2.Hence α ∈ K implies (both values of)

√α are in K. �

The constructible numbers are precisely those which can be expressed in terms of nested square-roots.For example Prop. I.1 in the Elements constructs e2πi/6 = (−1 +

√−3)/2, whose minimal polynomial

is x2 − x + 1, by drawing the line through 0, 1, then drawing the circles of radius 1 centered at 0, 1.Elsewhere in the Elements Euclid proves that the root of unity e2πi/n is constructible for

n = 2, 3, 4, 5, 6, 8, 10, 12, 15 (15)

and that e2πi/n constructible implies eπi/n constructible. This shows that 2 cos(2π/n) is also con-structible for these n. Constructing e2πi/n or 2 cos(2π/n) is equivalent to constructing a regular polygonwith n sides. Naturally, the Greeks and those who came after were tantalized by the gaps in Euclid’slist (15).

The Three Problems of Antiquity are really questions about K.

1. To square the circle. [Is π ∈ K?]

2. To duplicate the cube. [Is 3√

2 ∈ K?]

3. To trisect a given angle. [For example, is cos(2π/9) ∈ K?]

As the Greeks suspected, the answers to the three questions are No, No and No. We address the secondand third No’s here. 5

Let α ∈ K and let Q = F0 ⊂ F1 ⊂ F2 ⊂ · · · ⊂ Fn be a tower of quadratic extensions with α ∈ Fn.Then Q ⊂ Q(α) ⊂ Fn, so [Q(α) : Q] divides [Fn : Q] = 2n. Since [Q(α) : Q] is the degree of theminimal polynomial fα ∈ Q[x] of α over Q, this proves

Proposition 3.17 If α ∈ K then deg fα is a power of 2.

5The No for problem 1 is the transcendence of π (that is, π is not algebraic over Q). This was proved in 1882 byLindenmann. Proofs abound on the web, using facts about algebraic numbers and symmetric polynomials that we haveproved, and some basic analysis.

28

For α = 3√

2 we have fα = x3 − 2, so 3√

2 /∈ K.

For α = cos(2π/9) we have fα = x3 − 3x+ 1 (see the list (10)) so cos(2π/9) /∈ K.

This explains the absence of n = 9 in the list (10). The other missing numbers are primes or twice aprime. For n = p a prime, the minimal polynomial of e2πi/p is the cyclotomic polynomial Φp(x) =1 +x+x2 + · · ·+xp−1 (see (3)). Hence e2πi/p can only be constructible if p− 1 is a power of 2, whichforces p = 22m + 1 to be a Fermat prime. The known Fermat primes are

3 = 2 + 1, 5 = 22 + 1, 17 = 24 + 1, 257 = 28 + 1, 65537 = 216 + 1.

These are the only known primes for which e2πi/p could be constructible. In fact each of these roots ofunity is constructible. For an expression of e2πi/17 in terms of nested square roots, see [Hardy-Wright,p.60]. The issue here is that the converse of Prop. 3.17 is false: there are algebraic integers α ∈ Z forwhich deg fα a power of 2 yet α is not constructible. The precise criterion for constructibility requiresmore information about fα than just its degree. This extra information comes from Galois theory.

3.7 Splitting fields

Let F be a field and let f ∈ F [x]. Recall from Prop. 1.4 that there exists a field L ⊃ F such thatf splits into product of linear factors in L[x]. The field L is not unique; indeed, a smaller field maysuffice to split f . We seek minimal fields in which f splits.

We say that E is a splitting field for f over F if

1. f is a product of linear factors in E, and

2. E is generated by the roots of f in E.

Example 1: We constructed Fpn as the splitting field of f = xpn − x over Fp.

Example 2: Let F = Q and let f = x3 − 2. The roots of f in C are α, ζα, ζ2α, where ζ = e2πi/3 andα is the real cube-root of 2. A splitting field is constructed via the tower

Q ⊂ Q(α) ⊂ Q(α, ζ).

Since fα = x3 − 2, we have [Q(α) : Q] = 3. Since ζ is not real, its minimal polynomial x2 + x + 1over Q remains irreducible over Q(α) and therefore [Q(α, ζ) : Q(α)] = 2. Hence the splitting fieldQ(α, ζ) has degree [Q(α, ζ) : Q] = 2 · 3 = 6 over Q.

Example 3: Let F = Q and let f = x3 + x2 − 2x − 1. This is the minimal polynomial of α =2 cos(2π/7) and the other roots of f are β = 2 cos(4π/7) and γ = 2 cos(6π/7). The trigonometricidentities

cos 2θ = 2 cos θ − 1, cos 3θ = 4 cos3 θ − 3 cos θ.

show that β, γ are rational polynomial expressions in α. Hence Q(α) is the splitting field of f and itsdegree is [Q(α) : Q] = 3.

29

It turns out that the splitting field of a cubic polynomial f = x3 +ax2 +bx+c ∈ F [x] has degree either3 or 6 over F , and this can be detected (without knowing anything about the roots of f ) by whether thediscriminant (see (9))

D(f) = a2b2 − 27c2 − 4b3 − 4a3c+ 18abc (16)

is a square in F×. In Example 2, we have D(f) = −27 · 4 a non-square in Q×, while in Example 3,we have D(f) = 49 ∈ Q×2.

Splitting fields always exist. For if we choose any field L in which f splits, say

f = cn∏i=1

(x− αi) ∈ L[x],

the field E = F (α1, . . . , αn) is a splitting field for f over F . 6

Any splitting field is has finite degree over F , since it is obtained by adjoining finitely many roots.

However, splitting fields are not unique. For example, take F = Q and f = x2 − 2 ∈ Q[x]. Thepolynomial Q splits in R and also in the p-adic field Qp for when 2 ∈ F×2

p , which occurs exactly when16 | (p2 − 1). We have infinitely many splitting fields E = Q(α), where α is a root of x2 − 2 in R orQp for such p. Each of these fields consist of completely different elements (real or p-adic numbers)but they are both isomorphic to Q[x]/(x2 − 2), hence E ' E ′ as fields. So the best we can hope for isthat splitting fields are unique up to isomorphism. This is true.

Proposition 3.18 Let F be a field, let f ∈ F [x] and let E,E ′ be two splitting fields of f over F . Thenthere is a field isomorphism ϕ : E

∼−→ E ′ such that ϕ(a) = a for all a ∈ F .

The assertion of Prop. 3.18 may be visualized in the commutative diagram, where the vertical arrowsare the inclusion maps.

E∼−−−→ϕ

E ′x xF −−−→

idF

(17)

An isomorphism ϕ as in the diagram (17) is called an isomorphism over F .

Prop. 3.18 will follow from a more flexible result whose proof is more amenable to induction: Wereplace the lower line in (17) by a fixed isomorphism of fields ψ : F → F ′. This extends to anisomorphism of polynomial rings ψ : F [x] → F ′[x] given by ψ(

∑ckx

k) =∑ψ(ck)x

k. It will beconvenient to write g′ = ψ(g) for g ∈ F [x].

Theorem 3.19 (The Extension Theorem) Fix a field isomorphism ψ : F∼−→ F ′ as above. Let f ∈

F [x], with f ′ = ψ(f) ∈ F ′[x] and suppose E,E ′ are splitting fields of f, f ′ over F, F ′, respectively.

6F (α1, . . . , αn) is the intersection of all subfields of L containing F and {α1, . . . , αn}. Inductively, we haveF (α1, . . . , αn) = F (α1, . . . , αn−1(αn).

30

There exists a field isomorphism ϕ : E∼−→ E ′ extending ψ, that is, so that we have a commutative

diagramE

∼−−−→ϕ

E ′x xF

∼−−−→ψ

F ′

(18)

Proof: We use induction on [E : F ], which is finite. If [E : F ] = 1 there is nothing to prove.Otherwise, there is a root α of f in E such that α /∈ F . Let g ∈ F [x] be the minimal polynomial of α.Then g′ is irreducible in F ′[x]. And g | f in F [x], so g′ | f ′ in F ′[x]. Since f ′ splits in E ′, there is aroot α′ ∈ E ′ of g′. And g′ is the minimal polynomial of α′ in F ′[x]. Hence we have field isomorphisms

F (α)∼←−α

F [x]/(g)∼−→ψ

F ′[x]/(g′)∼−→α′

F ′(α′)

which give an isomorphism ψ1 : F (α)∼−→ F ′(α′) extending ψ. Since [E : F (α)] < [E : F ], the

isomorphism ψ1 extends, by induction, to an isomorphism ϕ : E∼−→ E ′. Clearly ϕ also extends ψ. �

Corollary 3.20 Let f ∈ F [x] and let L/F be a field extension such that f splits in L[x] as

f = ck∏i=1

(x− αi)mi ,

where the αi are the distinct roots of f in L and the mi are positive integers. Then the set {mi}, withmultiplicities, is independent of L.

Proof: Let L′/F be another extension splitting f , so that f = c∏`

j=1(x − α′j)m′i in L′[x]. Let

E = F (α1, . . . , αk) andE ′ = F (α′1, . . . , α′`) be the splitting fields of f over F in L and L′ respectively.

By Prop. 3.18, there is an isomorphism ϕ : E∼→ E ′ over F . The induced map ϕ : E[x]→ E ′[x] is the

identity on F [x], so in E ′[x] we have

c

k∏i=1

(x− ϕ(αi))mi = ϕ(f) = f = c

∏j=1

(x− α′j)m′i .

By unique factorization in E ′[x] we have

{ϕ(αi)} = {α′j}, and {mi} = {m′j}

as sets-with-multiplicities. �

It therefore makes sense to say that a polynomial f ∈ F [x] has a multiple root if f has a repeated factor(some mi > 1) in a splitting field of f over F . Otherwise (if all mi = 1) we say f has distinct roots.Having multiple or distinct roots is a quality independent of the choice of splitting field containing theroots.

31

Example: Suppose F has characteristic p and let f = xp − a ∈ F [x] where a ∈ F . Let E/F be anextension in which f splits and let α, β be two roots of f in E. Then αp = a = βp, so α/β is a rootof xp − 1 = (x − 1)p, meaning that α = β. Hence f = (x − α)p in E[x], so f has a multiple root.Assume now that a is not the pth power of any element in F . I claim that f is irreducible in F [x]. Forif g ∈ F [x] is a nonconstant monic factor of f then g also divides f in E[x] so g = (x− α)k for some1 ≤ k ≤ p. The coefficient of xk−1 in g is −kα, which must belong to F , since g ∈ F [x]. But α /∈ F ,since a /∈ F p. Hence k = p and g = f . Therefore f is an irreducible polynomial having a multipleroot.

Proposition 3.21 Let F be a field. For a nonconstant irreducible polynomal f ∈ F [x], the followingare equivalent.

1. f has a multiple root.

2. The formal derivative f is the zero polynomial. 7

3. The field F has characteristic p > 0 and f ∈ F [xp].

Proof: (1⇒ 2): Let E be a splitting field for f . If f has a multiple root then f has a root α ∈ E suchthat f(x) = (x− α)mg(x) in E[x], with m > 2. Then f(x) = m(x− α)m−1g(x) + (x− α)mg(x) sof(α) = 0. Since f is irreducible in F [x] it follows that f | f . If f 6= 0 then deg f < deg f would be acontradiction, so f = 0 in F [x].

(2 ⇒ 3): Suppose f = 0 in F [x]. If f =∑n

k=0 ckxk, then f =

∑nk=1 kckx

k−1 = 0. Hence kck = 0for all 1 ≤ k ≤ n, so if xk appears in f we must have k = 0 ∈ F . This forces F to have characteristicp > 0 and p | k whenever ck 6= 0, meaning that f ∈ F [xp].

(3 ⇒ 1): Suppose f ∈ F [xp], so that f(x) = g(xp) for some g ∈ F [x]. Let E be a splitting field of gover F . In E[x] we have g = c

∏(x − αi)mi . Enlarging E if necessary, we may assume that xp − αi

splits inE for each i. The previous example shows that there exist βi inE such that xp−αi = (x−βi)p.We have

f = c∏

(xp − αi)mi = c∏

(x− βi)pmi .

Since each pmi > 1, the polynomial f has a multiple root. �

A polynomial f ∈ F [x] is separable if each irreducible factor of f in F [x] has distinct roots. A productof separable polynomials is separable.

An algebraic extension E/F is separable if every polynomial f ∈ F [x] having a root in E is separableover F . Equivalently, E/F is separable if for every α ∈ E the minimal polynomial of α over F hasdistinct roots. An algebraic extension E/F is inseparable if it is not separable.

If F has characteristic zero then every algebraic extension E/F is separable.

F is a finite field of characteristic p then every algebraic extensionE/F is separable. For the Frobeniusmap φ : F → F sending φ(a) = ap is injective (since ap − 1 = (a − 1)p) hence surjective since F

7 If f =∑n

k=0 ckxk then f =

∑nk=1 kckx

k−1.

32

is finite. It follows that F [xp] = F [x]p. Hence F [xp] contains no nonconstant irreducible polynomialsover F , so every irreducible polynomial f ∈ F [x] is separable.

A field F can have inseparable extensions only if F is infinite of characteristic p. For example, let F =Fp(T ) be the field of rational functions over Fp in the variable T . Then the polynomial xp − T ∈ F [x]is not separable over F (see the example prior to Prop. 3.21), and its splitting field E = Fp(T 1/p) is aninseparable extension of F .

3.8 Automorphisms and Galois Extensions

3.8.1 Field automorphisms

For any field extension E/F , let

Aut(E/F ) = {σ ∈ Aut(E) : σ(a) = a for all a ∈ F}

denote the group of automorphisms of E which are the identity on F . An element σ ∈ Aut(E/F )makes the following diagram (cf. (17)) commute:

Eσ−−−→ Ex x

F −−−→id

F.

(19)

If F is the prime field (either Q or Fp according as the characteristic is 0 or p > 0, then every automor-phism of E is trivial on F , so in this case F = Aut(E) is the full automorphism group of E.

Each σ ∈ Aut(E/F ) extends to an automorphism of the polynomial ring E[x] by acting on the coef-ficients: σ(

∑ckx

k) :=∑σ(ck)x

k. If f ∈ F [x], then σ(f) = f . Hence if α ∈ E is a root of f , thenσ(α) is also a root of f . Thus, Aut(E/F ) permutes the roots of every polynomial f ∈ F [x].

3.8.2 Automorphisms of finite extensions

If E/F is a finite extension, then the automorphism group Aut(E/F ) is finite. More precisely, wehave:

Proposition 3.22 IfE/F is a finite extension of degree n, then Aut(E/F ) is isomorphic to a subgroupof Sn.

Proof: Assume E/F is finite and let G = Aut(E/F ). Then we have E = F (α1, . . . , αn) for someelements αi ∈ E. Let fi ∈ F [x] be the minimal polynomial of αi and let ni be the number of roots offi in E. These roots are permuted by G which acts faithfully on {α1, . . . , αn}, since the αi generate Eover F . This gives an injective homomorphism G ↪→ Sn. �

33

Beware that Aut(E/F ) can be trivial even when E ) F . For example, let F = Q and let E = Q(α)where α is the real root of x3−2. The other roots of x3−2 are not real and they do not lie in E. Henceany element of Aut(E) must fix α and hence is trivial since α generates E. The problem is that Q(α)is too small to display the symmetry of the three roots of x3 − 2.

3.8.3 Galois extensions

A finite extension E/F is Galois if E is the splitting field of a separable polynomial f ∈ F [x]. If Kis any intermediate field, F ⊂ K ⊂ E, then E is also the splitting field of f over K, so the extensionE/K is Galois. When E/F is Galois the group Aut(E/F ) is called the Galois group of E/F .

Proposition 3.23 If E/F is a Galois extension then |Aut(E/F )| = [E : F ].

Proof: We use induction on the degree [E : F ]. Let f ∈ F [x] be a separable polynomial for whichE is the splitting field over F . Let f1 be an irreducible factor of f . Then f1 has distinct roots, since fis separable. Let α1, . . . , αs be these distinct roots of f1, where s = deg f1. These roots generate thesplitting field F1 = F (α1, . . . , αs) of f1 in E. For each 1 ≤ i ≤ s, the isomorphisms

F (α1)∼←−α1

F [x]/(f1)∼−→αi

F (αi)

give an isomorphism F (α1)∼−→ F (αi) which extends, by Prop. 3.19, to an automorphism ϕi ∈

Aut(F1/F ) sending α1 7→ αi. Hence Aut(F1/F ) is transitive on the roots of f1. The stabilizer of α1

is Aut(F1/F (α1)), which by induction has order

|Aut(F1/F (α1))| = [F1 : F (α1)]

and has index s = deg f1 = [F (α1) : F ] in Aut(F1/F ). Therefore we have

|Aut(F1/F )| = |Aut(F1/F (α1))| · [F (α1) : F ] = [F1 : F (α1)] · [F (α1) : F ] = [F1 : F ].

If F1 = E, we are done. Assume F1 6= E. Since Aut(E/F ) permutes the roots of f1, and these rootsgenerate F1, each automorphism in Aut(E/F ) restricts to an automorphism of Aut(F1/F ), giving ahomomorphism r : Aut(E/F ) → Aut(F1/F ). Since E is also the splitting field of f over F1, itfollows from Prop. 3.19 that r is surjective. And ker r = Aut(E/F1) by definition. Thus we have anexact sequence

1 −→ Aut(E/F1) −→ Aut(E/F )r−→ Aut(F1/F ) −→ 1.

Again by induction we have |Aut(E/F1)| = [E : F1]. And we have shown above that |Aut(F1/F )| =[F1 : F ]. Therefore

|Aut(E/F )| = |Aut(E/F1)| · |Aut(F1/F )| = [E : F1] · [F1 : F ] = [E : F ],

as was to be shown. �

If G is any subgroup of Aut(E), the fixed field of G is the subfield EG of elements in E fixed by everyelement of G:

EG = {α ∈ E : σ(α) = α for all σ ∈ G}.

34

Lemma 3.24 Let E be a field and let G be a finite subgroup of Aut(E). Then [E : EG] ≤ |G|.

Proof: We show that any set of more than |G| elements in E is linearly dependent over EG. Let{α1, . . . , αn} ⊂ E, with n > |G|. Let V ⊂ En be the set of simultaneous solutions of the linearequations

eq(σ) : σ(α1)x1 + σ(α2)x2 + · · ·+ σ(αn)xn = 0,

one equation for each σ ∈ G. If v = (v1, . . . , vn) ∈ V then τ(v) := (τ(v1), . . . , τ(vn)) is a solution ofeq(τσ) for all σ ∈ G, which is the same set of equations permuted, so τ(v) ∈ V for any τ ∈ G.

Since there are fewer equations eq(σ) than variables xi, the solution space V is nonzero. For eachv = (v1, . . . , vn) ∈ V let m(v) be the number of nonzero entries vi and let

m = min{m(v) : 0 6= v ∈ V } > 0.

Choose a solution v with m(v) = v, and let vi be a nonzero entry of v. Then u = v−1i v is another

solution in V with m nonzero entries, and now ui = 1.

For any τ ∈ G the solution τ(u) has nonzero entries in the same places as u, and τ(ui) = 1 = ui. Som(τ(u)− u) < m, so τ(u)− u = 0. Therefore τ(u) = u for every τ ∈ G, so each entry uj of u lies inEG. Considering eq(σ) for σ = e, we have

α1u1 + · · ·+ αnun = 0.

Thus, the αi are indeed linearly independent over EG. �

Proposition 3.25 Let E be a field and let G be a finite subgroup of Aut(E). Then E/EG is Galois,with Galois group Aut(E/EG) = G, and [E : EG] = |G|.

Proof: Let {α1, α2, . . . , αn} be a G-orbit in E. The polynomial g =∏

(x − αi) is fixed by G, henceit belongs to EG[x] and g(α1) = 0. Hence α1 is algebraic over EG. Let f ∈ EG[x] be the minimalpolynomial of α1. Then f is also fixed by G, so each αi is also a root of f and g | f . Since f isirreducible in EG[x] we have f = g =

∏(x− αi).

By Lemma 3.24, the extension E/EG is finite, so E = EG(β1, . . . , βs) for some elements βi ∈ E. Bythe second claim, the minimal polynomial fi ∈ EG[x] of βi splits into distinct linear factors in E[x].Hence E is the splitting field of the separable polynomial f =

∏fi ∈ EG[x], so E/EG is Galois.

By definition we have G ≤ Aut(E/EG). And Prop. 3.23 and Lemma 3.24 imply that

|Aut(E/EG)| = [E : EG] ≤ |G|.

It follows that G = Aut(E/EG).

The equality [E : EG] = |G| now follows from Prop. 3.23. �

Theorem 3.26 Let E/F be a finite extension of fields, and let G = Aut(E/F ). Then the followingare equivalent.

35

1. E/F is Galois;

2. F = EG;

3. [E : F ] = |G|.

Proof: First note that G is finite, by Prop. 3.22, so Prop. 3.25 applies, and we have

E/EG is Galois, G = Aut(E/EG) and [E : EG] = |G|.

This shows that 3⇔ 2⇒ 1. And 1⇒ 3 is Prop. 3.23. �

Remark: It is not true that if L/E and E/F are Galois then L/F is Galois. Consider the tower 8

Q ⊂ Q(√

2) ⊂ Q(4√

2).

From the proofs of Props. 3.23 and 3.25 we can extract additional corollaries.

Corollary 3.27 Let E/F be a Galois extension with Galois group G = Aut(E/F ), and let f ∈ E[x].

1. We have f ∈ F [x] if and only if σ(f) = f for all σ ∈ G.

2. If f ∈ F [x] and f has root in E then f splits in E[x].

3. If f ∈ F [x] and f has root in E then f is irreducible in F [x] iff G is transitive on the roots of f .

3.8.4 The Galois correspondence

Let E/F be a Galois extension with Galois group G = Aut(E/F ). The Main Theorem of GaloisTheory asserts that subgroups H of G and the intermediate fields M lying between F and E are inbijection. A more precise statement of the theorem is as follows.

Theorem 3.28 (The Galois Correspondence) There are mutually inverse bijections

{subgroups H ≤ G} ←→ {intermediate fields F ⊂M ⊂ E}

sending H 7→ EH , and sending M 7→ Aut(E/M). These bijections have the following properties.

1. If H and J are subgroups of G then H ≤ J if and only if EJ ⊂ EH .

2. If H ≤ J ≤ G we have [J : H] = [EH : EJ ].

3. If g ∈ G then EgHg−1= g(EH) and if M = EH we have Aut(E/g(M)) = gAut(E/M)g−1.

8Thanks to Andrew Phillips for providing this example.

36

4. The following are equivalent:

i) The subgroup H is normal in G;

ii) the extension EH/F is Galois;

iii) G preserves EH .

When i)-iii) hold, we have an isomorphism G/H ' Aut(EH/F ), via restriction.

Proof: By Prop. 3.23, the group G is finite of order |G| = [E : F ]. Hence every subgroup H ≤ G isfinite, so Prop. 3.25 shows that Aut(E/EH) = H . Conversely if M is an intermediate field then E/Mis Galois. Let H = Aut(E/M). Theorem 3.26 shows that M = EH . Hence the correspondencesH 7→ EH and M 7→ Aut(E/M) are mutually inverse bijections.

Let H and J be subgroups of G. If H ≤ J then clearly EJ ⊂ EH . Conversely, if EJ ⊂ EH then Hacts trivially on EJ so H ≤ Aut(E/EJ) = J .

When H ≤ J and EJ ⊂ EH , we have

[J : H] =|J ||H|

=|Aut(E/EJ)||Aut(E/EH)|

=[E : EJ ]

[E : EH ]=

[E : EH ] · [EH : EJ ]

[E : EH ].

In a G-action, the fixed-point sets of conjugate subgroups H, gHg−1 ≤ G are conjugate by g. Thisshows that EgHg−1

= g(EH). Then we have

Aut(E/g(EH)) = Aut(E/EgHg−1) = gHg−1 = gAut(E/EH)g−1.

If H is normal in G then g(EH) = EgHg−1= EH , so G preserves EH . If G preserves EH we have a

restriction map r : G → Aut(EH) whose kernel is the subgroup fixing EH . This subgroup is H , soH = ker r is normal in G. And G/H is a finite subgroup of Aut(EH/F ) with fixed-field F , so EH/Fis Galois. And if EH/F is Galois then EH is the splitting field of a separable polynomial f ∈ F [x].Letting α1, . . . , αs be the roots of f in EH , we have EH = F (α1, . . . , αs). The group G fixes f , hencepermutes the roots {αi}, so G preserves EH . This proves item 4. �

3.9 The Galois group of a polynomial

Let F be a field, let f ∈ F [x] be a separable polynomial, and let E be a splitting field of f , so that wehave the Galois group Aut(E/F ). If E ′ is another splitting field of f then we have an isomorphismE ' E ′ over F (see Prop. 3.18), which induces an isomorphism of Galois groups Aut(E/F ) 'Aut(E ′/F ). The isomorphism class of the group

Gf := Aut(E/F )

is therefore independent of E; the group Gf is the Galois group of f over F .

37

Note that Gf is a more refined object than Aut(E/F ). The latter group depends only on the extensionE/F , and E could be the splitting field of many different polynomials. 9 But with Gf we single outa particular polynomial f ∈ F [x], hence a particular set of orbits of Aut(E/F ) in E, and a particularrealization of Aut(E/F ) as a group of permutations.

Suppose f has degree n, and let X be the set of roots of f in E. The group Gf permutes the roots inX , giving a homomorphism Gf → SX ' Sn, which is injective since E is generated by X . Thus Gf

is isomorphic to a subgroup of Sn, where n = deg f .

Assume now that f is irreducible in F [x]. This occurs exactly when Gf is transitive on X . Let α ∈ Xand let Hα ≤ Gf be the stabilizer of α in Gf . Then EHα = F (α), so Hα and F (α) are related by theGalois correspondence. Note that [Gf : H] = [E : F (α)] = n, as it should be.

SinceGf is transitive onX , the subgroupsHα are conjugate to each other inGf and the subfields F (α)are permuted transitively by Gf . However, some of these subgroups and subfields could coincide. Thismeans we have an equivalence relation on X , via the rule:

α ∼ β ⇔ F (α) = F (β).

Let

X =m∏i=1

Xi

be the partition of X into equivalence classes Xi, which we call blocks. Two roots α, β ∈ X are in thesame block Xi exactly when α is a polynomial expression in β and vice-versa. If we now choose oneroot αi ∈ Xi for each 1 ≤ i ≤ m, and let Hi be the stabilizer of αi in G, we have distinct subgroupsH1, . . . , Hm and distinct subfields F (α1), . . . , F (αm), related by the following partial picture of theGalois correspondence:

e

H1

n

H2

n

. . . Hm

n

Gf

E

F (α1)n

F (α2)n

. . . F (αm)n

F

These are partial pictures of the Galois correspondence that appear for any irreducible f ∈ F [x]. Themissing part of these pictures depends on the structure of Gf .

9For example, if α = 3√2 and ζ = exp(2πi/3), then E = Q(α, ζ) is the splitting field of f1 = x3 − 2, so Gf1 is

naturally a subgroup of S3, permuting the three roots α, αζ, αζ2 of f1. But also Q(α, ζ) = Q(α + ζ), so E is also thesplitting field of f2 = x6 + 3x5 + 6x4 + 3x3 + 9x + 9, which is the minimal polynomial of α + ζ over Q. Now Gf2 isnaturally a subgroup of S6, permuting the six roots of f2, which are αζi + ζj for i = 0, 1, 2 and j = 1, 2.

38

3.9.1 Imprimitive group actions and Galois groups

In the above pictures, the extensions F (αi)/F will be Galois (equivalently Hi / Gf ) exactly whenm = 1. However, even if F (αi)/F is not Galois, the automorphism group Aut(F (αi)/F ) need notbe trivial. This group is is independent of i, since the subgroups Hi and subfields F (αi) are all Gf -conjugate, and is therefore canonically attached to Gf .

To determine Aut(F (αi)/F ) we first consider blocks in the setting of general group actions. Let G bea finite group acting transitively on a set X and suppose there exists a partition

X =m∐i=1

Xi

into disjoint subsets Xi permuted by G. Let k be the common cardinality |Xi| = k. The G-action onX is called imprimitive if there exists such a partition with k > 1.

Various subgroups are associated to a partition X =∐Xi, as follows.

Ji = {g ∈ G : gXi = Xi}, Hi = {g ∈ G : gx = x ∀x ∈ Xi}.

Then Ji acts transitively on Xi and Hi acts trivially on Xi, so we have an injective homomorphisimJi/Hi ↪→ SXi . Let Zi be the centralizer of Ji/Hi in SXi . The groups Ji, Hi, Zi are permuted by G.

Lemma 3.29 The following conditions are equivalent:

1. The Hi are distinct;

2. Ji is the full normalizer of Hi in G;

3. Xi is the full fixed-point set of Hi in X .

Proof: This is a straightforward exercise. �

Assume the conditions of Lemma 3.29 hold. The centralizer Z = CSX (G) preserves each Xi, andcommutes there with Ji/Hi, so Z ⊂

∏Zi. Let zi ∈ Zi be such that z = (z1, . . . , zm) ∈ Z. We will

show that all zi are determined by z1. Choose g ∈ G such that gX1 = Xi. Pick x1 ∈ X1 and letxi = gx1 ∈ Xi. Then

zig · x1 = zg · x1 = gz · x1 = gz1 · x1,

so zi = gz1g−1. The element zi = gz1g

−1 ∈ Zi depends only on i and not on the choice of g. Hencefor any z1 ∈ Z1 we can define zi = gz1g

−1 for any g ∈ G sending gX1 = Xi and we have

Z = {(z1, . . . , zm) : z1 ∈ Z1} ' Z1.

We return to return to the setting of Galois groups. Let f ∈ F [x] be irreducible and separable, withsplitting field E and Galois group Gf = Aut(E/F ). Recall we have partitioned the set X of roots of

39

f into equivalence classes X =∐Xi, via the relation α ∼ β ⇔ F (α) = F (β). Choose one root αi in

each block Xi. The field Fi = F (αi) depends only on i and not on the choice of αi. The objects in theabstract theory of blocks become

Ji = {g ∈ G : gFi = Fi}, Hi = Aut(E/Fi), Ji/Hi = Aut(Fi/F ).

Proposition 3.30 For all 1 ≤ i ≤ m we have Aut(Fi/F ) ' CSX (Gf ), the centralizer of Gf in SX .

Proof: From the Galois correspondence we have Fi = EHi . The Fi are distinct, so the subgroups Hi

are distinct. Hence the conditions of Lemma 3.29 hold, and we have CSX (G) ' Z1.

But more is true: An automorphism σ ∈ Aut(Fi/F ) is completely determined by its effect on αi. AndAut(Fi/F ) acts transitively on Xi by the extension theorem. Hence Ji/Hi ' Aut(Fi/F ) acts freelyand transitively on Xi, so the action of Ji/Hi on Xi is isomorphic to the left regular representation ofJi/Hi. For any group, the centralizer of the left regular representation is the right regular representation.Hence Zi is the image of the right regular representation of Ji/Hi, so Zi ' Ji/Hi. We conclude thatCSX (G) ' Aut(Fi/F ) for all 1 ≤ i ≤ m. �

3.9.2 The Primitive Element Theorem

We have seen, in the example Q(11/3, 21/3) = Q(11/3 + 21/3) that a field given by two generators maybe generated by a single element. We saw this also with finite fields, whose multiplicative groups arecyclic. Galois used this result heavily (see next section) so we will prove it now.

Theorem 3.31 (Primitive Element Theorem) Let E/F be a finite separable extension. Then thereexists γ ∈ E such that E = F (γ).

Proof: (From Milne [FG].) Since we know the result when F is finite, assume F is infinite. We mayalso assume by induction that E = F (α, β). We will find an element c ∈ F such that E = F (α+ cβ).Let f, g be the minimal polynomials of α, β over F . Since E/F is separable, these have distinct roots,α = α1, . . . , αs and β = β1, . . . , βt in some field L ⊃ E. Since F is infinite, there exists c ∈ F suchthat

c 6= αi − αβ − βj

for all j 6= 1. We set γ = α+cβ, and claim that F (α, β) = F (γ). The polynomials g(x) and f(γ−cx)have coefficients in F (γ). Our choice of c ensures that they have only one root in common, namelyβ. Hence the ideal they generate in F (γ)[x] is generated by a polynomial h with coefficients in F (γ)having β as its unique root. Hence h splits in F (γ)[x] and β ∈ F (γ). And then α = γ − cβ ∈ F (γ) aswell, so F (α, β) = F (γ). �

Example: Let E ⊂ C be the splitting field over Q of x3 − 2. We know that E = Q(α, ζ), where α isthe real root of x3 − 2 and ζ = e2πi/3. I claim that

E = Q(α + ζ).

40

This follows from the proof above, once we check that none of

α− α, αζ − α, αζ2 − α

are equal to ζ − ζ2. The minimal polynomial of α + ζ is

f = x6 + 3x5 + 6x4 + 3x3 + 9x+ 9,

whose discriminant is −24 · 317.

3.9.3 Galois’ view of Galois groups

Speaking from the grave, Galois introduced mankind to Galois groups with the following statement. 10

THEOREME. - Soit une equation donnee, dont a,b,c,... sont les m racines. Il y auratoujours un groupe de permutations des lettres a,b,c,... qui jouira de la propriete suivante:

1o Que toute fonction des racines, invariable par les substitutions de ce groupe, soitrationnellement connue;

2o Reciproquement, que toute fonction des racines, determinable rationnellement, soitinvariable par les substitutions.

Here is a literal translation:

THEOREM.- Let an equation be given, where a, b, c, . . . are them roots. There will alwaysbe a group of permutations of the letters a, b, c, . . . which will enjoy the following property:

1. That any function of the roots, invariant by the substitutions of this group, be ratio-nally known;

2. Conversely, that any function of the roots, rationally determinable, be invariant bythe substitutions.

In a footnote, Galois clarifies that by “invariant by the substitutions” he means the values of a functionat the roots are invariant, not just the function itself. And “rationally known” means the values areexpressible in terms of the coefficients of the given equation, along with some “adjoined quantities”(I’m not sure what Galois means by the latter).

Here is a mathematical translation. We are given an equation f(x) = 0, where f ∈ F [x] is a polyno-mial, and α1, . . . , αm are the m roots of this equation in some splitting field E. Let R = F [x1, . . . , xm]be the ring of polynomials in variables x1, . . . , xm. For r ∈ R, write r(α) = r(α1, . . . , αm) for thevalue of r at the roots, so that E = {r(α) : r ∈ R}. These values r(α) are Galois’ “functions of

10“Memoire sur les conditions de resolubilite des equations par radicaux”, published in 1846. Galois died in 1832. Notethat he uses the future tense.

41

the roots”, and to be “rationally known” means that r(α) ∈ F . Recall the group Sm acts on R by(σ, r) 7→ σr, where

σr(x1, . . . , xm) = r(xσ1, . . . , xσm).

With this notation, Galois’ theorem becomes

Theorem 3.32 There is a subgroup G ≤ Sm characterized by the following property:

[σr(α) = r(α) for all σ ∈ G] ⇔ r(α) ∈ F. (20)

Let us first verify that our Galois group Gf = Aut(E/F ), viewed as subgroup of Sm via its action onthe roots {αi}, is the same as Galois’ Galois group G.

If σ ∈ Gf then for all r ∈ R we have σ(r(α)) = r(σ(α)) = σr(α). Since EGf = F , we haver(α) ∈ F iff σr(α) = r(α) for all σ ∈ Gf . Hence the elements of Gf satisfy the property (20), so wehave Gf ≤ G.

For the other containment, let Iα = {r ∈ R : r(α) = 0} be the kernel of the ring homomorphismR → E, sending r 7→ r(α). This gives an isomorphism R/Iα ' E. Suppose now that σ ∈ G.For all r ∈ Iα we have r(α) = 0 ∈ F , so σr(α) = r(α) = 0. Thus, G preserves Iα and we geta homomorphism G → Aut(R/Iα) ' Aut(E). Since Sm acts trivially on F ⊂ R, the image ofthis homomorphism lies in Aut(E/F ) = Gf . Finally the homomorphism is injective because G actsfaithfully on the roots {αi}. Thus we have an injection G ↪→ Gf , so G = Gf . �

We now give Galois’ proof of his theorem, using the language of Thm. 3.32, and filling in the details.

The first step is to construct the permutation group G. Let E be a field containing the roots α1, . . . , αmof f . By the Primitive Element Theorem 3.31, 11 there exists γ in E such that E = F (γ). Hence thereare polynomials h1, . . . , hm ∈ F [x] such that

αi = hi(γ), 1 ≤ i ≤ m.

Let g ∈ F [x] be the minimal polynomial of γ over F and let γ = γ1, . . . , γn be the roots of g, wheren = deg g = [E : F ]. Galois proves 12 that for any i, j the value hi(γj) is also a root of f . To see this,note that for any i we have f(hi(γ)) = f(αi) = 0, so the polynomial f ◦ hi is divisible by the minimalpolynomial g of γ, so f(hi(γj)) = 0 for all j. It follows that for each i, j we have

hi(γj) = σjαi (21)

for some permutation σj of {α1, . . . , αm}. The group G is then

G = {σj : 1 ≤ j ≤ n}.11In Lemme II of [op. cit.] Galois states the Primitive Element Theorem without proof but he is careful to assume f is

separable, and he remarks that we may take γ to be an F -linear combination of the αi’s, as we see from the proof of Thm.3.31.

12See Lemme IV of op. cit.

42

We now prove that if σj ∈ G and r ∈ F [x1, . . . , xm] satisfies σjr(α) = r(α), then r(α) ∈ F . Let rh ∈F [x] be the polynomial rh(x) = r(h1(x), h2(x), . . . , hm(x)). Then rh(γ) = r(α) and the equations(21) become

rh(γj) = rh(γ), 1 ≤ j ≤ n.

These equations imply that r(α) ∈ F . To see this, note that the polynomial

(x− r(α))n =n∏j=1

(x− rh(γj)) (22)

has coefficients given in terms of the elementary symmetric polynomials: sk(rh(γ1), . . . , rh(γn)). Butthe polynomials sk(rh(x1), . . . , rh(xn)) are themselves symmetric, hence they lie in F [s1, . . . , sn], bythe Symmetric Polynomial Theorem. And the values sk(γ1, . . . , γn) are the coefficients of g(x), hencethey lie in F , so sk(rh(γ1), . . . , rh(γn)) ∈ F for each k. Now differentiating (x − r(α))n, we getr(α) ∈ F , as claimed.

Conversely, if r(α) ∈ F , then the polynomial rh−r(α) belongs to F [x]. Since rh(γ) = r(α), it followsthat rh − r(α) is divisible by the minimal polynomial g of γ. Hence each γj is a root of rh − r(α), sofor each j we have σ

j r(α) = rh(γj) = r(α). �

4 Computing Galois groups of polynomials

Let F be a field, and let f ∈ F [x] be a separable irreducible polynomial of degree n, with splittingfield E = F (α1, . . . , αn), where α1, . . . , αn are the roots of F in E. What can we say about the Galoisgroup Gf? 13

4.1 Transitive subgroups

Since f is irreducible, Gf is a transitive subgroup of Sn, via its permutations of the roots αi. Thelattices of transitive subgroups of Sn for some small values of n are as follows. 14

13For tables of number fields of small degree, see http://hobbes.la.asu.edu/courses/low-grd/14For more group tables, see http://math.asu.edu/ jj/Groups/.

43

S3

2

A3

S4

3

2

A4 = L2(3)

3D4

22

C4 D2

S5

6

2

A5 = L2(5)

6F20

2

D5

2

C5

S7

120

2

A7

15

L2(7)

8F42

3

2

F21

3D7

2

C7

S11

9!

2

A11

12

7!

M11

12

L2(11)

12F110

5

2

F55

D11

2

C11

Here the groups Sn, An, Dn, Cn are as usual the symmetric, alternating, dihedral (of order 2n) andcyclic groups. The other groups are as follows.

L2(p) = PSL2(p) acting via its exceptional permutation representation of degree p. These were dis-covered by Galois, who noted they only exist for p = 3, 5, 7, 11.

Fp(p−1) = Fp o F×p is the ax + b group over Fp, which has subgroups Fph = Fp oH , for each divisorh | (p− 1), where H ≤ F×p is the unique subgroup of order h.

M11 is the Mathieu group of order 8 · 9 · 10 · 11 = 7920, the smallest simple sporadic group.

44

S6 720

A6 360

S∗5 = PGL2(5) 120

S23 · 2 72

A∗5 = PSL2(5) 60

B3 48

S23 F36 36

S−4 S+4 S∗4 24

(S23)+ 18

D6 A∗4 12

C6 S3 6

4.2 Invariant Theory and Resolvents

Let F be a field, and recall that the symmetric group Sn acts on the ring R = F [t1, . . . , tn] byσr(t1, . . . , tn) = r(tσ1, . . . , tσn), and that the symmetric polynomials RSn = {r ∈ R : σr = r}

RSn = F [s1, . . . , sn],

where sk(t1, . . . , tn) =∑ti1 . . . tik , summed over all 1 ≤ i1 < · · · < ik ≤ n, is the elementary

symmetric polynomial of degree k.

45

4.2.1 The discriminant

From now on we assume that char(F ) 6= 2. The polynomial d ∈ R = F [t1, . . . , tn] given by

d =∏i<j

ti − tj,

has square equal to the discriminant polynomial

D = d2 ∈ RSn .

For all σ ∈ Sn we haveσd = sgn(σ) · d,

so d ∈ RAn is invariant under the alternating group An.

Let f ∈ F [x] be a polynomial of degree n, with distinct roots α1, . . . , αn. Then

f =n∑k=0

(−1)ksk(α)xn−k,

so the values sk(α) lie in F . Since D ∈ RSn is a polynomial in the sk’s, its value D(α) is that samepolynomial evaluated at the coefficients of f , which are known. We write this value as

Df = D(α) = d(α)2 =∏i<j

(αi − αj)2 ∈ F.

Since f has distinct roots, we have Df 6= 0.

The Galois group of Gf is a subgroup of Sn via its permutations of the roots, so we can ask whenGf ≤ An. The answer is as follows.

Proposition 4.1 We have Gf ≤ An if and only if Df ∈ F×2 is a nonzero square in F .

Proof: If Gf ≤ An then d is invariant under Gf so we have σ(d(α)) = σd(α) = d(α) for all σ ∈ Gf .Hence d(α) ∈ F× so Df = d(α)2 ∈ F×2. Conversely, if Df ∈ F×2 then reversing the previousargument shows that d(α) = σd(α) = sgn(σ) · d(α) for all σ ∈ Gf . Since d(α) 6= 0, this impliesGf ≤ An. �

The explicit formula for Df in terms of the coefficients of f is complicated, as we have seen in section3.1. You can call it up in Mathematica by the command Discriminant[poly, x]. One can simplifythe formulas for Df (at least if the characteristic of k does not divide n) by replacing f(x) = xn +axn−1 +. . . by f(x−a/n) = xn+0xn−1 +. . . , which does not changeGf . Thus, we have the formulas

f = x3 + bx+ c : Df = −4b3 − 27c2

f = x4 + bx2 + cx+ d : Df = −4b3c2 − 27c4 + 16b4d+ 144bc2d− 128b2d2 + 256d3

f = x5 + bx3 + e : Df = 2233b5e2 + 55e4

f = x5 + cx2 + e : Df = 2233c5e+ 55e4

f = x5 + dx+ e : Df = 44d5 + 55e4

46

It can be shown that f = xn + rx+ s has discriminant

Df = ansn−1 + an−1r

n, an = (−1)n(n−1)/2nn.

Invariant theory is the study of polynomials invariant under an action of a group G on a polynomialring R = F [t1, . . . , tn]. These invariants form a subring

RG := {r ∈ R : gr = r} ⊂ R.

For example, we have seen that when G = Sn acts on R by σr(t1, . . . , tn) = r(tσ1, . . . , tσn), theinvariants Now let G = Gf be the Galois group of our polynomial f , viewed as a subgroup of Sn bypermuting the roots α1, . . . , αn of f in a splitting field E. For r ∈ R, we abbreviate

r(α) = r(α1, . . . , αn) ∈ E.

One can use Invariant theory to move down the lattice of transitive subgroups as follows. Suppose thatwe have subgroups H ≤ J ⊂ Sn and that Gf ⊂ J . 15 We want to decide if Gf is contained in someconjugate of H . For subgroups B,C of a group A, let us write B ≤A C if there exists a ∈ A such thatB ≤ Ca. So we want to decide if Gf ≤J H .

Let r ∈ R be a polynomial whose stabilizer in J is H:

H = {σ ∈ J : σr = r}.

The data {J,H, r} combine to give a resolvent polynomial:

ResJ/H(t, x) =∏

σ∈J/H

(x− σr) ∈ RJ [x].

Note that ResJ/H(t, x) is a polynomial in x whose coefficients in R are polynomials in t1, . . . , tn. Itmakes sense to take the product over the cosets J/H because H fixes r, and since J permutes thecosets, the coefficients of ResJ/H(t, x) in fact lie in RJ , as claimed.

If we now specialize t 7→ α, we get a polynomial

ResJ/H(α, x) =∏

σ∈J/H

(x− σr(α)) ∈ F [x].

At first glance it may seem only that ResJ/H ∈ E[x]. However, if c(t) ∈ RJ is some coefficient ofResJ/H(t, x), then since Gf ≤ J we have τ(c(α)) = τc(α) = c(α) for all τ ∈ Gf , so in fact c(α) ∈ Fand ResJ/H(α, x) lies in F [x] as claimed.

The polynomial ResJ/H(α, x) contains the following information about Gf .

Proposition 4.2 If Gf ≤J H then ResJ/H(α, x) has a root in F . And if ResJ/H(α, x) has a simpleroot in F , then Gf ≤J H .

15For example, we could have J = Sn, or perhaps J < Sn and by previous work we have found that Gf ≤ J .

47

Proof: Suppose Gf ≤ σHσ−1 for some σ ∈ J . We know that σr(α) is a root of ResJ/H(α, x), andfor all τ ∈ Gf we have

τ(σr(α)) = τσr(α) = σ·σ−1τσr(α) == σr(α),

since σ−1τσ ∈ H fixes r.

Conversely, if ResJ/H(α, x) has a simple root in F , then this root is σr(α) for some σ ∈ J . Now forall τ ∈ Gf we have

σr(α) = τ(σr(α)) = τσr(α).

Since the root is simple, we must have σr = τσr, so σ−1τσ fixes r. Since τ ∈ Gf was arbitrary, thismeans σ−1Gfσ ≤ H , or Gf ≤ σHσ−1, as claimed. �

4.2.2 Cubic Polynomials

Recall our assumption that char(F ) 6= 2 Let f = x3 +ax2 + bx+ c be an irreducible cubic polynomialover F with distinct roots α, β, γ generating a splitting field E. The discriminant

Df = (α− β)(β − γ)(γ − α) = a2b2 − 4b3 − 4a3c+ 18abc− 27c2 ∈ F×.

If Df ∈ F×2 then Gf = A3 has no proper subgroups. Hence there are no proper intermediate fields,we have F (α) = F (β) = F (γ). This means that each root is a polynomial expression in the others.

Example 1: Let F = Q. The polynomial f = x3 + x2 − 2x− 1 ∈ Q[x] has Df = 49 and roots

α = 2 cos(2π/7), 2 cos(4π/7), 2 cos(6π/7),

satisfying the relations β = α2 − 2, γ = −α2 − α + 1.

Example 2: 16 The polynomial f(x) = x3 − tx2 + (t − 3)x + 1 ∈ Q(t)[x] has discriminant Df =(t2 − 3t + 9)2, hence has Galois group A3 over Q(t). Specializing t to any value in Q such thatt2 − 3t+ 9 6= 0, we get a cubic in Q[x] with Galois group A3 over Q.

If f ∈ F [x] has Df ∈ F× − F×2 then Gf = S3 and the correspondence between subgroups andintermediate fields is given by

{e}

〈(12)〉 〈(23)〉 〈(13)〉

A3

Gf = S3

E

F (γ) F (α) F (β)

F (√Df )

F

16Serre, “Topics in Galois Theory”, p. 1

48

4.2.3 Quartic Polynomials

Let f = x4 + ax3 + bx2 + cx + d be an irreducible separable quartic polynomial over F with rootsα1, α2, α3, α4. The polynomials

A = t1t3 + t2t4

B = t1t2 + t3t4

C = t1t4 + t2t3

(23)

Form an S4-orbit in R; the stabilizer of any one of A,B,C is a D4, while the stabilizer of all three isK4. One checks that

(A−B)(B − C)(A− C) =∏

1≤i<j≤4

(ti − tj). (24)

LettingJ = CS4((1 3)(2 4)) = StabS4(A) ' D4,

we get the generic resolvent

ResS4/D4(t, x) = (x− A)(x−B)(x− C) = x3 − s2x2 + (s3s1 − 4s4)x+ (4s4s2 − s4s

21 − s2

3).

This specializes to the cubic resolvent

g = ResS4/J(α, x) = x3 − bx2 + (ac− 4d)x+ (4bd− a2d− c2),

whose roots are

α = α1α3 + α2α4

β = α1α2 + α3α4

γ = α1α4 + α2α3.

(25)

Under this same specialization, equation (24) becomes the equality of discriminants

Dg = Df . (26)

In particular, since f has distinct roots, so does g. Let L = F (α, β, γ) be the splitting field of g in E.Then L is Galois over F so L = EH for some normal subgroup H /Gf , and there is an exact sequence

1 −→ HAut(E/L)

−→ GfAut(Gf/F )

−→ Gf/HAut(L/F )

−→ 1. (27)

Since K4 fixes the polynomials A,B,C, it fixes their specializations α, β, γ, so we have K4 ≤ H .

We again assume char(F ) 6= 2.

Case 1: Df /∈ F×2 and g has no root in F . Then Gf is not contained in A4 or D4, so we must haveGf = S4. The exact sequence (27) becomes

1 −→ K4 −→ S4 −→ S3 −→ 1.

49

Since most polynomials do not have rational roots, almost all quartics f have Gf = S4.

Case 2: Df ∈ F×2 and g has no root in F . Then Gf is contained in A4 but not in D4, so we musthave Gf = A4. Since Dg = Df ∈ F×2, the extension L/F has degree three with Galois group A3.The exact sequence (27) becomes

1 −→ K4 −→ A4 −→ A3 −→ 1.

Let Hi ' C3 be the stabilizer of αi in Gf , and let Ji = 〈(1 i)(jk)〉 be the stabilizer of the root α1αiof the irreducible quadratic equation x2 − (α1αi + αjαk)x + d over L. The correspondence betweensubgroups and intermediate fields is given by

{e}

J2 J3 J4

H1 H2 H3 H4

K4

Gf = A4

E

F (α1α2) F (α1α3) F (α1α4)

F (α1) F (α2) F (α3) F (α4)

F (α, β, γ) = L

F

Examples of quartics f ∈ Q[x] with Gf = A4 include:

quarticf discriminant Df resolvent cubic gx4 + 8x+ 12 212 · 34 x3 − 48x− 64

x4 + 9x2 + 13x+ 30 36 · 72 · 132 x3 − 9x2 − 120x+ 911x4 + 18x2 − 4x+ 82 28 · 1092 x3 − 18x2 − 328x+ 5888

50

Case 3: Df ∈ F×2 and g has a root in F . Then Gf ≤ A4 ∩D4 = K4 acts trivially on {α, β, γ} so gsplits over F . The exact sequence (27) becomes

1 −→ K4 −→ K4 −→ 1 −→ 1.

Since [E : F ] = 4, each root αi generates E over F . Since α = α1α3 + α2α4 ∈ F the polynomialx2 − αx + d lies in F [x] and has roots α1α3, α2α4 in E. Similarly for β and γ. Hence for i =2, 3, 4 we have subfields F (α1αi) ⊂ E quadratic over F . The correspondence between subgroups andintermediate fields is given by

{e}

J2 J3 J4

Gf = K4

E

F (α1α2) F (α1α3) F (α1α4)

F

Examples of quartics f ∈ Q[x] with Gf = K4 include:

quarticf discriminant Df resolvent cubic gx4 + 1 44 x(x2 − 4)

x4 + x2 + 1 24 · 32 (x− 1)(x2 − 4)x4 − 10x2 + 1 214 · 32 (x+ 10)(x2 − 4).

These are the minimal polynomials of eπi/4, eπi/6,√

2 +√

3, respectively.

Case 3: If Df /∈ F×2 and g has a root in F then either Gf = D4 or Gf = C4.

The next proposition addresses this ambiguity.

Proposition 4.3 Assume that Df /∈ F×2 and the cubic resolvent g has a root α ∈ F . Then

1. Gf ' C4 if and only if f is reducible over the subfield M = F (√Df ).

2. α is the unique root of g in F .

3. Gf ' C4 if and only if α2 − 4d and a2 + 4(α− b) are both squares in M . 17

Proof: We have g = (x − α)h(x), where h(x) ∈ F [x]. Let β, γ be the roots of h. Then h(x) =x2 − (β + γ)x+ γβ, so β + γ and βγ lie in F . Since

Df = Dg = (α− β)2(α− γ)2(β − γ)2 = h(α)2(β − γ)2 /∈ F×2,

we cannot have β − γ ∈ F , so α is the unique root of g in F . From this we also see that β, γ ∈ M , soM is the splitting field of g over F .

17L.C. Kappe, B. Warren, Amer. Math. Monthly 1989

51

Under the Galois correspondence, we have M = EG∩A4 /G, and G∩A4 = Aut(E/M) Since G ≤ D4

we have

G ∩ A4 = G ∩K4 =

{K4 if G ' D4

〈τ 2〉 if G = 〈τ〉 ' C4.

Now f is irreducible in M [x] iff G ∩ A4 = Aut(E/M) is transitive on the roots of f , which happensexactly when G ' D4. Otherwise, if f is reducible in M [x] then G ∩ A4 cannot be transitive on theroots of f , which happens exactly when G ' C4.

The last assertion is equivalent to the polynomial

h(x) = (x2 − αx+ d)(x2 + ax+ b− α) (28)

splitting in M . We may number the roots of f as α1, α2, α3, α4 of f so that α = α1α3 + α2α4. In thislabellingG ≤ CS4((1 3)(2 4)) ' D4. The two factors of h have roots α1α3, α2α4 and α1+α3, α2+α4,respectively, so h splits in E.

If G ' C4 then E/F contains only one quadratic subfield, namely M . Hence every quadratic polyno-mial splitting in E must split in M , so h splits in M .

Conversely, suppose h splits in M . Then α1α3, α2α4, α1 + α3, α2 + α4 ∈M , so the polynomial

k(x) := (x2 − (α1 + α3)x+ α1α3 = (x− α1)(x− α3) ∈M [x].

Let L be the splitting field of k over M . Then α1, α3 ∈ L and also α, β, γ ∈ M ⊂ L, since g splits inM . Hence α2 + α4 = −a− (α1 + α3) ∈ L.

One checks that (α1−α2)(α1−α4)(α2−α3)(α3−α4) is invariant under CS4((1 3)(1 4)), hence underG, so it lies in F×. From Df = Dg we get

(α1 − α3)(α2 − α4) ∈ F× · (β − γ).

Since α1, α3, β, γ ∈ L it follows that α2 − α4 ∈ L.

We have now shown that α1, α2, α3, α4 ∈ L, so L = E. Since deg k = 2, this shows that [E : M ] ≤ 2,so [E : F ] ≤ 4 and G = 〈(1 2 3 4)〉 ' C4. �

One can also approach this using resolvents. Let J = CS4((1 3)(1 4)) and let H ≤ J be the subgroup

H = 〈(1 2 3 4)〉 = StabJ(t1t22 + t2t

23 + t3t

24 + t4t

21) ' C4.

The D4/C4-resolvent is

ResD4/C4(t, x) = [x− (t1t22 + t2t

23 + t3t

24 + t4t

21)][x− (t21t2 + t22t3 + t23t4 + t24t1] ∈ RJ [x],

52

which specializes to the quadratic resolvent 18

q(x) =x2 − (2c− ab+ aα)x+ 12

(a2d− 4bd+ 2b3 + 2a3c− 10abc+ 11c2

)+(ac− 2a2b+ 2b2 + 4d

)α +

(2a2 − b

)α2 − 3α3,

(29)

whose roots are

η = α1α22 + α2α

23 + α3α

24 + α4α

21

ξ = α21α2 + α2

2α3 + α23α4 + α2

4α1.(30)

and whose discriminant Dq = (η − ξ)2 is given rationally by

Dq = a2b2−4b3+2a2bα−4b2α−3a2α2+2bα2+6α3−4a3c+16abc+2aαc−18c2−2a2d+8bd−8αd.

Assume Dq 6= 0. Then we have G ≤ C4 iff Dq ∈ F×2, by Prop. 4.2. Unfortunately, Dq is often zero,meaning that the quadratic resolvent has one root of multiplicity two, so Prop. 4.2 does not apply inthese cases. However, when Dq 6= 0 its square-class gives independent confirmation of the decision ofwhether Gf ≤ C4.

Examples of quartics f ∈ Q[x] with Gf = D4 include:

quarticf discriminant Df resolvent cubic g Dq

x4 + 4x+ 2 211 (x− 4)(x2 − 8) 0x4 + d (d 6= �) 44 · d3 x(x2 − 4d) 0

x4 + ax3 + (b− 2)x2 + ax+ 1 (a2 − 4b+ 16)2(b2 − 4a2) (x− 2)(x2 + (4− b)x+ a2 − 2b+ 4) Df

In the last line we assume b2 − 4a2 6= �.

Examples of quartics f ∈ Q[x] with Gf = C4 include:

quarticf discriminant Df resolvent cubic g Dq

x4 + x3 + x2 + x+ 1 53 (x− 2)(x2 + x− 1) 52

x4 + x3 + 2x2 − 4x+ 3 32 · 133 (x− 5)(x2 + 3x− 1) 132

x4 + x3 − 6x2 − x+ 1 22 · 173 (x+ 2)(x2 − 4x− 12) 22 · 172

x4 + x3 + 4x2 + 20x+ 23 72 · 293 (x+ 2)(x2 − 4x− 12) 22 · 292

x4 − 2ax2 + a2 − b2d 44 · b4d2(a2 − b2d) x(x2 − 4d) 0(a2 − b2d = � · d 6= �)

The first four examples are the quartic subfields of Q(e2πi/p) for p = 5, 13, 17, 29 (see section 1.7). Inthe last example, f = x4− 2ax2 + a2− b2d has splitting field E = Q(

√a+ b

√d). The polynomial in

(28) is (x2 + 2ax+ a2 − b2d) · x2, which splits over Q(√d), giving Gf = C4.

18To compute this specialization, we have to express the two coefficients of ResD4/C4(t, x) in terms of the J-invariant

polynomial T := t1t3 + t2t4 and symmetric polynomials. The hardest coefficient is the constant term ResD4/C4(t, 0).

Since it has degree six, we set

(t1t22 + t2t

23 + t3t

24 + t4t

21)(t

21t2 + t22t3 + t23t4 + t24t1) = S6 + S4T + S2T

2 + S0T,

where Sk are unknown symmetric polynomials of degree k. One can use the SymmetricReduction command inMathematica to find S4, S2, S0 such that T − (S4T + S2T

2 + S0T ) is symmetric, which gives S6.

53

4.2.4 Constructible numbers revisited

Recall the field K of constructible numbers, from section 3.6.2. These are the numbers in α ∈ C suchthat Q(α) is at the top of a tower of fields

Q = F0 ⊂ F1 ⊂ · · · ⊂ Fn = Q(α) (31)

such that [Fi : Fi−1] = 2 for each 1 ≤ i ≤ n. As we have seen in Prop. 3.17, this implies that theminimal polynomial fα of every element α ∈ K over Q has degree a power of 2. We can now see whythis degree condition is not sufficient to guarantee that α ∈ K.

For suppose such a tower (31) exists. Since quadratic extensions are always Galois, and Galois ex-tensions are preserved under towers (see Prop. ??), having α ∈ K forces Q(α) to be Galois over Q,and the Galois group Aut(Q(α)) must be a 2-group. But if we take any irreducible quartic polynomialf ∈ Q[x] with Gf = A4, then the subfields Q(αi) generated by the roots of f are quartic non-Galoisextensions of Q. Hence the numbers αi are not constructible. Note that the quartic fields Q(αi) haveno quadratic subfields, corresponding to A4 having no subgroups of index two. Thus, the failure of theconverse of Prop. 3.17 corresponds to the failure of the converse to Lagrange’s theorem.

However, if Q(α)/Q is Galois of degree 2n over Q, then the Galois group G = Aut(Q(α)) has order2n and from group theory we know there is a chain of subgroups

{e} = Gn < Gn−1 < · · · < G0 = G,

with |Gi| = 2n−i for each i. The Galois correspondence then gives a tower of fields as in (31), whereFi is the fixed-field of Gi in Fn = Q(α). Thus we have proved:

Theorem 4.4 3.17 A number α ∈ C is constructible if and only if Q(α) is Galois over Q with degreea power of 2.

5 Galois groups and prime ideals

Let f ∈ Z[x] be a monic polynomial with Galois group Gf over Q. For each prime p in Z we canreduce the coefficients of f modulo p and get a polynomial f ∈ Fp[x]. Thus we have another Galoisgroup Gf , this time over Fp. The permutation group Gf is completely determined by the factorizationof f in Fp[x], hence can be calculated explicitly for any given prime p. The remarkable fact is that Gf

is a subquotient of Gf , and is even a subgroup of Gf for all but finitely many primes p. The origin ofthis fact is the relation between primes in Z and prime ideals in the ring of integers in the splitting fieldof f over Q.

5.1 The ring of integers in a number field

A number field is a field E ⊃ Q for which E is a finite dimensional Q-vector space. The ring ofintegers in E is the subring R of elements in E which are integral over Z. We have seen that R is aring. In this section we consider the structure of the additive group of R.

54

An abelian group A is free of rank n if A ' Zn. Equivalently there exists a subset {α1, . . . , αn} ⊂ A,called a basis, which generates A and is linearly independent over Z. We have A ' Zα1 ⊕ · · · ⊕ Zαnand every element of A can be written uniquely as a Z-linear combination of elements of the basis{α1, . . . , αn}. Note that for any prime p we have A/pA ' (Z/pZ)n, so the rank n depends only on Aand not on the choice of basis.

Lemma 5.1 Let B be a free abelian group of rank n ≥ 1 and let A be a subgroup of B. Then A is freeabelian of rank ≤ n.

Proof: Let {β1, . . . , βn} be a basis of B. For 1 ≤ r ≤ n we set

Br =r⊕i=1

Zβi, Ar = A ∩Br,

so that An = A. We prove by induction on r that Ar has rank ≤ r for all r.

At the first step, A1 = A ∩ Zβ1 is a subgroup of Zβ1 ' Z, so there is a ∈ Z such that A1 = Zaβ1 iszero if a = 0 and is free of rank 1 ≤ n if a 6= 0.

Assume that Ar−1 is free of rank s ≤ r− 1, and let {α1, . . . , αs} be a basis of Ar−1. Let π : Br → Zβrbe the map sending

b1β1 + · · ·+ brβr 7→ brβr.

Then π(Ar) is a subgroup of Zβr ' Z. Let α ∈ Ar be any element such that π(α) generates π(Ar).It is easy to check that {α1, . . . , αs, α} spans Ar. If π(α) = 0 then {α1, . . . , αs} is also a basis of Arand we’re done. Assume π(α) 6= 0 and suppose c1α1 + · · · + csαs + cα = 0, with all ci, c ∈ Z. Thencα ∈ Ar−1 ⊂ kerπ, so cπ(α) = 0, forcing c = 0. Now the remaining ci = 0 by linear indpendence of{α1, . . . , αs, α}. Hence {α1, . . . , αs, α} is a basis of Ar and the proof is complete. �

Lemma 5.2 Let A ≤ B be free abelian groups of rank n and let C be an intermediate group: A ≤C ≤ B. Then C is free abelian of rank n.

Proof: Applying Lemma 5.1 to the containment C ≤ B we have C free of rank m ≤ n. From thecontainment A ≤ C we have A free of rank ≤ m. But since A has rank n we must have m = n. �

Proposition 5.3 Let E be a number field, of degree n over Q. Then the ring of integers R of E is afree abelian group of rank n.

We first assume that E/Q is Galois. From Prop. 3.12 we have QR = E. It follows that E has aQ-basis {α1, . . . , αn} contained in R. Note that {α1, . . . , αn} need not be a Z-basis of R. Let Abe the subgroup of R generated by {α1, . . . , αn}. Since linear independence over Q implies linearindendence over Z, the set {α1, . . . , αn} is a basis of A, so A is free of rank n. We will find r ∈ Qsuch that R ⊂ rA. Since rA is also free of rank n, the Proposition will then follow from Lemma 5.2.

55

The group G = Aut(E) has order n; list its elements as G = {σ1, . . . , σn}, and set αij = σj(αi),obtaining an n × n matrix [αij]. If we apply some σ ∈ G to each entry αij the columns of the matrixare permuted, so the determinant δ := det[αij] will change by at most a sign ±. Hence the numberD := δ2 is invariant under G and we have D ∈ R ∩Q = Z.

Let β ∈ R and write β = c−10 (c1α1 + · · ·+ cnαn), with ci ∈ Z. Then

σj(β) =n∑i=1

cic0

αij,

so we have

[αij]

c1/c0...

cn/c0

=

σ1(β)...

σn(β)

.

From the formula for the inverse of a matrix, it follows that δ·[αij]−1 has entries inR, so that δ·(ci/c0) ∈R for each i, and then D · (ci/c0) ∈ R ∩ Q = Z, so that D · β ∈ A and β ∈ D−1 · A. ThereforeR ⊂ D−1 · A and the proposition is proved when E/Q is Galois.

Now let E/Q be an arbitrary finite extension. Choose a Galois extension L/Q containing E and let Sbe the ring of integers of L. By what we just proved, S is free of rank [L : Q]. Now R = S ∩ E, soR is free of some rank m ≤ [L : Q], by Lemma 5.1. Since a Z-basis of R is a Q-basis of E, we musthave m = n, so R is free of rank n, as claimed. �.

Remark: The number D appearing in the proof is discriminant of E/Q, usually denoted DE/Q:

DE/Q = det[αij]2. (32)

It is related to discriminants of polynomials as follows. If E = Q(α) where α ∈ R has monic minimalpolynomial f ∈ Z[x] then

Df = [R : Z[α]]2 ·DE/Q.

Proposition 5.4 Let E be a number field, of degree n over Q, let R be the ring of integers in E, let pbe a prime in Z and let P be a prime ideal of R containing p. Then R/P is a finite field of cardinalitydividing pn.

Proof: From Prop. 3.3, we have that P is a maximal ideal in R, so R/P is a field. Let n = [E : Q].From Lemma 5.3, we have R ' Zn, as abelian groups. Hence R/pR ' (Z/pZ)n. Since p ∈ P , wehave a surjective map R/pR→ R/P , and the proposition follows. �

For each prime p in Z, the subset

Spec(R/pR) = {P ∈ Spec(R) : p ∈ P} = {P ∈ Spec(R) : P ∩ Z = pZ}

is the set of prime ideals in R containing p. In more geometric terms, Spec(R/pR) is the fiber over pZof the map Spec(R)→ Spec(Z) induced by the canonical homomorphism ε : Z→ R.

56

Remark: Assume 19 thatR = Z[α] is generated by a single element αwith minimal monic polynomialf ∈ Z[x]. Then Spec(R) = Spec(Z[x]/fZ[x]) is the closure of the point fZ[x] in Spec(Z[x]) andSpec(Fp[x]) = Spec(Z[x]/pZ[x]) is the fiber of Spec(Z[x]) over pZ ∈ Spec(Z). Then Spec(R/pR) isthe intersection of these two sub-schemes of Spec(Z[x]):

Spec(R/pR) = Spec(Z[x]/fZ[x]) ∩ Spec(Z[x]/pZ[x]).

Now

R/pR ' Fp[x]/(f) '∏i=1

Fp[x]/(f eii ),

where f = f e11 · · · fe`` and the fi are distinct and irreducible in Fp[x]. Each factor is a local ring with

maximal ideal Pi = (p, fi) and we have Spec(R/pR) = {(p, fi) : i = 1, . . . , `}.

5.2 Decomposition and inertia groups

Now let E/Q be a Galois extension with ring of integers R and Galois group G = Aut(E). The actionof G on E preserves R and permutes the prime ideals of R, so we have a G-action on Spec(R). SinceG fixes each prime p in Z, it follows that G acts on each fiber Spec(R/pR) of Spec(R) over Spec(Z).

Proposition 5.5 The group G acts transitively on Spec(R/pR), for each prime p ∈ Z.

Proof: Suppose G does not act transitively on Spec(R/pR) for some prime p ∈ Z. Then there areP,Q ∈ Xp such that Q 6= σP for all σ ∈ G. Since primes in R are maximal, we can apply the ChineseRemainder Theorem: There exists α ∈ R such that

α ≡ 0 mod Q, and α ≡ 1 mod σP ∀ σ ∈ G.

The productN(α) :=

∏σ∈G

σ(α) = α ·∏σ 6=e

σ(α)

lies in Q because α ∈ Q and Q is an ideal. On the other hand N(α) is G-invariant, hence lies inQ ∩ R = Z. Thus, N(α) ∈ Q ∩ Z = pZ. But pZ = P ∩ Z, so we also have N(α) ∈ P . Since P isprime we must have τ(α) ∈ P for some τ ∈ G, so α ∈ τ−1P , contradicting the congruence α ≡ 1mod σP for σ = τ−1. �

It follows that the G-orbits in Spec(R) are precisely the fibers Spec(R/pR) and the map Spec(R) →Spec(Z) induces a bijection

G\ Spec(R)∼−→ Spec(Z).

The stabilizer of a prime P ∈ Spec(R) is the decomposition group

GP = {σ ∈ G : σP = P}.19If we replace Z by Zp we can avoid this assumption.

57

From Prop. 5.5 we have [G : GP ] = | Spec(R/pR)|, and if P,Q ∈ Spec(R/pR) the subgroups GP

and GQ are conjugate in G.

Let us now fix P ∈ Spec(R/pR). For each α ∈ R let α = α + P be the image of α in the finitefield R/P . The decomposition group GP preserves P , hence it acts on R/P , so we have a canonicalhomomorphism

π : GP −→ Aut(R/P ) σ 7→ πσ, given by πσ(α) = σ(α).

The group Aut(R/P ) ' Cr is cyclic of order r = [R/P : Fp], generated by the Frobenius automor-phism φp ∈ Aut(R/P ) given by φp(x) = xp for all x ∈ R/P .

Proposition 5.6 The canonical homomorphism π : GP → Aut(R/P ) is surjective.

Proof: If R/P = Fp then Aut(R/P ) is trivial, and so is the result. We may therefore assumeR/P 6= Fp. Choose β ∈ R such that R/P = Fp(β). For example we could take β to be a generator of(R/P )×. Note that β /∈ Fp since R/P 6= Fp. Let g ∈ Z[x] be the monic minimal polynomial of thealgebraic integer β. Since G has a root in E, namely β, and E/Q is Galois, the polynomial g splits inE[x] and all of the roots of g in E actually lie in R. These roots β = β1, . . . , βm ∈ R are permutedtransitively by G, since g is irreducible in Q[x]. The roots of g in R/P are β = β1, . . . , βm, and theseare permuted, not necessarily transitively, by Aut(R/P ) = 〈φp〉. Hence we have βp = βi for some1 ≤ i ≤ m. Since G is transitive on {β1, . . . , βm} there exists σ ∈ G such that σ(β) = βi.

I claim that σ ∈ GP . Suppose not. Then we have distinct maximal ideals P 6= σP . By the ChineseRemainder Theorem, there exists α ∈ R such that

α ≡ β mod P, and α ≡ 1 mod σP.

We then get two congruences in R/P :

αp ≡ βp mod P, and σ−1(α) ≡ 1 mod P,

which implyβ = σ−1(βi) ≡ σ−1(βp) ≡ σ−1(αp) = 1 mod P.

This forces β = 1 ∈ Fp, a contradiction.

Therefore σ ∈ GP , and we have

πσ(β) = σ(β) = βi = βp = φp(β).

Since β generates R/P , it follows that πσ = φp generates Aut(R/P ), so π is surjective. �

The inertia group IP is the kernel of the canonical surjection π : GP → Aut(R/P ). It fits into theexact sequence

1 −→ IP −→ GPπ−→ Aut(R/P ) −→ 1.

58

If P,Q ∈ Spec(R)p and σ ∈ G is such that σP = Q then σGPσ−1 = GQ and σIPσ−1 = IQ. Hence

the degree r of R/P over Fp and the order e of IP depend only on p and we have

|G| = e · r · s,

wheree = |IP |, r = [GP : IP ], s = [G : GP ] = | Spec(R)p|.

The number e is called the ramification degree of p. We say that p is ramified in E if e > 1 andunramified in E if e = 1. Equivalently, p is unramified in E exactly when the canonical surjectionπ : GP → Aut(G/P ) is an isomorphism. In this case, we have a unique element σP ∈ GP such thatπ(σP ) = φp is the Frobenius automorphism of R/P . One can check that τσP τ−1 = στ(P ) for anyτ ∈ G. Thus for each unramified prime p ∈ Z we have a conjugacy class Frobp ⊂ G given by

Frobp = {σP : p ∈ P}.

We will see that only a finite number of primes are ramified. As p varies among the all-but-finitelymany unramified primes in Z, the conjugacy class Frobp varies among the conjugacy classes in G. TheChebotarev Density Theorem asserts that, statistically, each conjugacy class in G is visited by its fairshare of primes.

Theorem 5.7 (Chebotarev Density Theorem) Let E/Q be a Galois extension and let C be a conju-gacy class in the Galois group G = Aut(E). Then we have

limN→∞

|{primes p ≤ N : Frobp = C}||{all primes p ≤ N}|

=|C||G|

.

Proof: See [Neukirch, Algebraic Number Theory ,VII.13]. �

Dedekind proved that that the ramified primes are exactly those which divide the discriminant DE/Q,defined in (32). 20 In the next section we will prove a weaker result withDE/Q replaced by a polynomialdiscriminant Df .

5.3 Frobenius classes in the Galois group of a polynomial

Let f ∈ Z[x] be a monic polynomial with deg f = d. Let E be the splitting field of f over Q and let Rbe the ring of integers in E. Let p ∈ Z be a prime not dividing the discriminant Df , let f ∈ Fp[x] bethe reduction of f modulo p, and let P be a prime ideal in R containing p.

Since p - Df , and Df = Df because Df is an integral polynomial in the coefficients of f , it followsthat both f and f have d-distinct roots in R and R/P respectively. If α1, . . . , αd are the distinct rootsof f in R, then their images α1, . . . , αd in R/P are the distinct roots of f in R/P . Thus, we havehomomorphisms

GP ↪→ Sd ←− Aut(G/P ),

where the left-hand map is the restriction of the injection G ↪→ Sd.20See for example, Neukirch Algebraic Number Theory III.2.

59

Proposition 5.8 Assume that p does not divide the discriminant Df . Then p is unramified in E. Moreprecisely, the map π : GP → Aut(R/P ) is an isomorphism making the following diagram commute:

GP

π // Aut(R/P )

yySd

In particular, Frobp and φp belong to the same conjugacy class in Sd.

Proof: Take σ ∈ GP and 1 ≤ i ≤ n. Suppose σ(αi) = αj Then πσ(αi) = σ(αi) = αj , so σ and πσinduce the same permutation in Sd. �

Proposition 5.9 Assume p - Df . If f = f1 . . . f`, with fi irreducible in Fp[x], then the elements ofFrobp have cycle type [d1, d2, . . . , d`] in Sd, where di = deg fi.

For example, Frobp consists of d-cycles if and only if f is irreducible modulo p.

To apply Prop. 5.9, it is useful to have

Proposition 5.10 [Jordan’s Lemma] Let G be a finite group and let H ≤ G be a subgroup of G suchthat H ∩ C is nonempty for every conjugacy class C in G. Then H = G.

Proof: We have

|G| =

∣∣∣∣∣∣⋃

g∈G/H

gHg−1

∣∣∣∣∣∣ ≤ 1 + [G : H](|H| − 1) = |G| − ([G : H]− 1),

so [G : H] = 1. �

Example: Suppose f ∈ Z[x] is irreducible of degree five. Below we tabulate the transitive subgroupsG ≤ S5 and the number of each cycle type in G.

G [5] [41] [32] [311] [221] [2111] [15]S5 24 30 32 20 15 10 1A5 24 0 0 20 15 0 1F20 4 10 0 0 5 0 1D5 4 0 0 0 5 0 1C5 4 0 0 0 0 0 1

If there exists a prime p such that Frobp has type [32] then G = S5, since no proper transitive subgroupof S5 contains such a cycle type. Similarly, if Frobp is of type [311] for some p then Gf is either S5 orA5, which can be decided by a discriminant calculation.

60

Example: (Exercise in Lang) Let f = x6 + 22x5− 9x4 + 12x3− 37x2− 29x− 15. Reducing modulo2, 3, 5 we find cycle types [6], [51], [214] in Gf , which implies that Gf = S6.

Example: Let f = x6 − 10x3 + 15x2 − 6x + 1. One can check that (1 − x)6f(1/(1 − x)) = f(x).Hence if α is a root of f , so are α′ = 1/(1− α) and α′′ = 1− (1/α). One checks that f is irreduciblemodulo 17, so α, α′, α′′ are distinct. It follows that Gf centralizes a [33]-cycle in S6. The centralizerH = CS6([33]) has structure (C3 × C3) o C2, with C2 acting by permuting the factors and containsonly elements of cycle types [6], [3111], [33], [222], [16]. To show Gf = H , it suffices to find elementsin Gf of each of these cycle types.

class: [6] [3111] [33] [222] [16]smallest p : 17 11 5 13 127

This proves that Gf = H .

6 Cyclotomic extensions and abelian numbers

Fix an integer n ≥ 2 and let µn = {α ∈ C× : αn = 1} be the group of nth-roots of unity in C×. Theseare the roots of xn − 1 and are generated by the complex number ζ = e2πi/n. The primitive nth rootsof unity are the generators of µn; these are the powers ζk for k in the unit group U(n) := (Z/nZ)×.

Since all of the roots of xn − 1 are powers of ζ , the field Q(ζ) is the splitting field of xn − 1, so it isGalois over Q. Let G = Aut(Q(ζ)) be the Galois group. Each σ ∈ G is determined by its effect on ζand σ(ζ) must be another primitive nth root of unity. Hence we have an injective homomorphism

κ : G −→ U(n), given by σ(ζ) = ζκ(σ).

The nth cyclotomic polynomialΦn(x) :=

∏k∈U(n)

(x− ζk)

has for roots exactly the primitive nth roots of unity. As these are permuted by G, it follows that Φn isG-invariant, and hence has coefficients in Z ∩Q = Z.

Proposition 6.1 Φn(x) is irreducible over Q.

Proof: Let f be the minimal polynomial of ζ over Q. Since ζ ∈ Z we have f monic in Z[x] andf | xn − 1, so we may factor xn − 1 = fg in Z[x].

Let p be any prime not dividing n. Then ζp is another root of xn − 1 so either f(ζp) = 0 or g(ζp) = 0.Suppose g(ζp) = 0. Let h(x) = g(xp). Then h(ζ) = 0 so h = fq for some q ∈ Z[x]. In Fp[x] we have

f · q = h = gp.

It follows that f and g have a common factor. But xn− 1 has distinct roots modulo p, since p - n. Thiscontradiction shows that g(ζp) 6= 0, so we must have f(ζp) = 0.

61

This holds for all primes p not dividing n, hence f(ζk) = 0 for all k ∈ U(n). It follows that f = Φn.

�

Recall that the order of U(n) is given by the Euler function φ(n) = |U(n)|.

Corollary 6.2 We have [Q(ζ) : Q] = φ(n) and the map κ : G→ U(n) is an isomorphism.

We now compute the classes Frobp ⊂ G for each p not dividing n. SinceG is abelian, each class Frobpconsists of a single element:

Frobp = {σp}.

Proposition 6.3 For any prime p not dividing n, the element κ(σp) ∈ U(n) is given by κ(σp) ≡ pmod n.

Proof: Let R be the ring of integers of Q(ζ) and let P be a prime ideal of R containing p. Since p - n,the reduction

Φn =∏

k∈U(n)

(x− ζk)

has distinct roots ζk ∈ R/P .

If σ, τ ∈ G are such that σ(ζ) = σ(τ), we have κ(σ) = κ(τ), so σ = τ by the injectivity of κ. By thesurjectivity of κ there is an element τp ∈ G such that κ(τp) = p. That is, τp(ζ) = ζp. But

τp(ζ) = ζp = σp(ζ),

so in fact τp = σp as we wished to show. �

For a given k ∈ U(n) we have κ(σp) = k if and only if p ∈ k + nZ. Thus, Chebotarev’s Theorem 5.7reduces to Dirichlet’s Theorem on primes in an arithmetic progression. 21

Theorem 6.4 (Dirichlet’s Theorem)

limN→∞

|{p ≤ N : p ∈ k + nZ}||{p < N}|

=1

φ(n).

6.1 Gauss and Cyclotomy

In his Disquisitiones chapter VII, Gauss proposes to find the “Equations defining sections of a circle”.Fix a prime p ≥ 3 and cut the unit circle |z| = 1 into p equal parts, starting at z = 1. The cut points

21Historically Dirichlet’s Theorem came first and inspired Chebotarev. See Serre’s Course in Arithmetic for a directproof of Dirichlet’s Theorem.

62

ζ, ζ2, . . . , ζp−1 = ζ all have minimal polynomial Φp = 1 + x+ x2 + · · ·+ xp−1 and generate the fieldQ(ζ).

The x-coordinates of the cut points, doubled, are ζ + ζ , ζ2 + ζ2, . . . . These have minimal polynomialΨp given in equation (14) and generate the unique subfield Q(ζ + ζ) of degree (p− 1)/2.

At the other extreme, the quadratic subfield of Q(ζ) is generated by√εp, where ε ∈ {±1} is given by

p ≡ ε mod 4. We can see this as follows. The cyclic group F×p has a unique subgroup of index two,namely F×2

p , so there is a unique nontrivial homomorphism(·p

): F×p −→ {±1},

called the Legendre symbol, given by(k

p

)=

{+1 if k ∈ F×2

p

−1 if k /∈ F×2p .

It can be shown 22 that the sum ∑k∈F×p

(k

p

)ζk

squares to(−1p

)p = εp.

More generally, the subfields of Q(ζ) are in bijection with subgroups of Aut(Q(ζ)), and we have anisomorphism

F×p∼−→ Aut(Q(ζ)), given by k 7→ σk,

where σk is the automorphism of Q(ζ) determined on the generator by σk(ζ) = ζk.

The group F×p is cyclic of order p − 1, so its subgroups correspond to divisors of p − 1. Fix a divisord | (p− 1) and let Hd be the unique subgroup of index d in F×p . Then Q(ζ)Hd is the unique subfield ofQ(ζ) of degree d over Q. This field has a canonical generator, as follows.

Lemma 6.5 We have Q(ζ)Hd = Q(αd), where

αd =∑h∈Hd

ζh.

Proof: By the Galois correspondence, Q(αd) = Q(ζ)J for a unique subgroup J ≤ F×p . Since αd isclearly Hd-invariant, we have Q(ζ)J ⊂ Q(ζ)Hd , so Hd ≤ J . It suffices to show that J ≤ Hd. Givens ∈ J , we have ∑

h∈Hd

ζh = αd = σs(αd) =∑h∈Hd

ζhs.

22Lang, VI.3

63

Since {ζk : k ∈ F×p } is a basis of Q(ζ), it follows that ζ = ζhs for some h ∈ Hd, so hs = 1 and thisshows s ∈ Hd. �

From Lemma 6.5, it follows that

[Q(αd) : Q] = [F×p : Hd] = d.

Gauss’ problem becomes that of finding the minimal polynomial of αd.

The polynomialfd(x) :=

∏k∈F×p /Hd

(x− σk(αd))

is invariant under Aut(Q(ζ)), has αd as a root, and has degree d, so fd(x) ∈ Z[x] is the minimal monicpolynomial of αd. It remains to find the coefficients of fd.

Choose a generator g of F×p and let d′ = (p− 1)/d. Then Hd = 〈gd〉 and {1, g, g2, . . . , gd−1} is a set ofcoset representatives for F×p /Hd. The choice of g gives an isomorphism

F×p∼−→ Z/(p− 1)Z, gj 7→ j mod (p− 1)

sending Hd → 〈d〉. The partition of F×p into cosets of Hd corresponds to the partition

Z/(p− 1)Z =d−1∐i=0

Cd(i),

where Cd(i) = {dk + i : 0 ≤ k ≤ d′}. We have

αd =d′∑k=1

ζgdk

,

fd(x) =d−1∏i=0

(x− σgi(αd)),

andσgi(αd) =

∑`∈Cd(i)

ζg`

. (33)

The sums in (33) are called Gauss periods; they are the roots of fd.

For explicit computations, we can make the periods into polynomials and treat them symbolically.Thus, we replace each g` mod p by a representative 1 ≤ g` ≤ p− 1 and define polynomials

Ai(t) =∑

`∈Cd(i)

zg` ∈ Z[t],

and

Fd(t, x) =d−1∏i=0

(x− Ai(t)) ∈ R[x],

64

where R = Z[t]. Now fd(x) is the polynomial remainder of Fd(t) modulo Φp(t), taken in R[t].

Example: Take p = 13, d = 4 and g = 2 as generator of F×13. The the partition of F×13 into cosets ofH4 and the periods are given by

{24, 28, 212} mod 13≡ {3, 9, 1} α4 = ζ + ζ3 + ζ9

{21+4, 21+8, 21+12} ≡ {6, 5, 2} σ2(α4) = ζ6 + ζ5 + ζ2

{22+4, 22+8, 22+12} ≡ {12, 10, 4} σ4(α4) = ζ12 + ζ10 + ζ4

{23+4, 23+8, 23+12} ≡ {11, 7, 8} σ8(α4) = ζ11 + ζ7 + ζ8.

We have

F4(t, x) = (x− t− t3 − t9)(x− t6 − t5 − t2)(x− t12 − t10 − t4)(x− t11 − t7 − t8),

whose remainder modulo Φ13(t) is

f4(x) = x4 + x3 + 2x2 − 4x+ 3.

We can check this result using our analysis of quartic polynomials (cf. section 4.2.3), for the quarticf = f4. Let’s see if we get Gf = C4.

The discriminant is Df = 32 · 133 so Gf 6≤ A4.

The cubic resolvent is x3 − 2x2 − 16x+ 5 = (x− 5)(x2 + 3x− 1), so Gf ≤ D4.

The quadratic resolvent (see (29)) has discriminant 132, soGf ≤ C4, as it should be. And the quadraticsubfield is

√Df =

√13, again as it should be.

This method computes the minimal polynomial fd of the canonical generator of the degree d- subfieldof Q(ζ) for any given p and d | p−1. Gauss found a general formula for f3, in the following remarkableresult.

Theorem 6.6 (Gauss) 23 Let p = 1 + 3k be a prime ≡ 1 mod 3 and let ζ = e2πi/p. Then

1. There are unique integers A,B such that 4p = A2 + 27B2 and A ≡ 1 mod 3.

2. The generator α3 of the cubic subfield of Q(ζ) has minimal polynomial

f3 = x3 + x2 − kx− p(A+ 3)− 1

27

of discriminant Df3 = (pB)2.

3. The number of points in P2(Fp) lying on the curve X3 + Y 3 + Z3 = 0 is equal to p+ 1 + A.

23See Gauss Disquisitiones Art. 358, as well as Silverman-Tate Rational points on elliptic curves IV.2.

65

6.2 The Kronecker-Weber theorem and abelian numbers

A Galois extension E/F is abelian if the Galois group Aut(E/F ) is abelian.

Theorem 6.7 (Kronecker-Weber) Every abelian extension of Q is a subfield of Q(e2πi/n), for somepositive integer n.

The minimal such n is called the conductor of the abelian extensionE/Q. In the Disquisitiones, Gaussfound the abelian extensions of Q of prime conductor.

In terms of polynomials, Kronecker-Weber asserts that if f ∈ Q[x] is a polynomial with abelian Galoisgroup Gf , then the roots of f are polynomial expressions in e2πi/n for some n. I like to call such rootsabelian numbers. The set Qab of all abelian numbers is a subfield of C and is an algebraic extensionof Q. Kronecker-Weber gives an explicit description of Qab, as the union of all cyclotomic fields:

Qab =⋃n≥1

Q(e2πi/n).

In group-theoretic terms, the Kronecker-Weber theorem says that every finite abelian quotient ofAut(Q) factors through Aut(Q(e2πi/n)), for some n. Today, the Kronecker-Weber theorem is regardedas a corollary of Class-Field Theory, which describes abelian extensions of a number field F in termsof the arithmetic of F . 24

24See, for example, Neukirch Algebraic Number Theory.

66