You are on page 1of 66

Math 806

Notes on Galois Theory


Mark Reeder

April 12, 2012
Contents
1 Basic ring theory 3
1.1 Some applications of Zorns lemma . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.2 Polynomial Rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.3 Polynomials over Q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2 Finite elds 11
3 Extensions of rings and elds 14
3.1 Symmetric polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.2 Integral ring extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
3.3 Prime ideals in Z[x]: elementary classication . . . . . . . . . . . . . . . . . . . . . . 19
3.4 The spectrum of a commutative ring . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.4.1 Spec(Z[x]) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.5 Algebraic eld extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
3.5.1 The ring of algebraic integers and the eld of algebraic numbers . . . . . . . . 24
3.6 Field extensions of nite degree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

Thanks to Beth Romano for careful reading and corrections


1
3.6.1 Some abelian numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.6.2 Constructible numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.7 Splitting elds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.8 Automorphisms and Galois Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.8.1 Field automorphisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
3.8.2 Automorphisms of nite extensions . . . . . . . . . . . . . . . . . . . . . . . 33
3.8.3 Galois extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
3.8.4 The Galois correspondence . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
3.9 The Galois group of a polynomial . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
3.9.1 Imprimitive group actions and Galois groups . . . . . . . . . . . . . . . . . . 39
3.9.2 The Primitive Element Theorem . . . . . . . . . . . . . . . . . . . . . . . . . 40
3.9.3 Galois view of Galois groups . . . . . . . . . . . . . . . . . . . . . . . . . . 41
4 Computing Galois groups of polynomials 43
4.1 Transitive subgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
4.2 Invariant Theory and Resolvents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
4.2.1 The discriminant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
4.2.2 Cubic Polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
4.2.3 Quartic Polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
4.2.4 Constructible numbers revisited . . . . . . . . . . . . . . . . . . . . . . . . . 54
5 Galois groups and prime ideals 54
5.1 The ring of integers in a number eld . . . . . . . . . . . . . . . . . . . . . . . . . . 54
5.2 Decomposition and inertia groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
5.3 Frobenius classes in the Galois group of a polynomial . . . . . . . . . . . . . . . . . . 59
6 Cyclotomic extensions and abelian numbers 61
6.1 Gauss and Cyclotomy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
2
6.2 The Kronecker-Weber theorem and abelian numbers . . . . . . . . . . . . . . . . . . 66
1 Basic ring theory
A ring is a set R together with two functions +, : GG G, satisfying the following three axioms:
R1 (R, +) is an abelian group with zero element 0
R
.
R2 (R, ) is associative with unit element 1
R
satisfying r 1
R
= 1
R
r = r for all r R.
G3 The distributive law holds: (a + b) c = (a c) + (b c) and a (b + c) = (a b) + (a c) for all
a, b, c R.
We usually write ab = a b, 0 = 0
R
and 1 = 1
R
. There is no assumption that 1
R
,= 0
R
. But if 1
R
= 0
R
then R = 0
R
.
A unit in R is an element u R having a multiplicative inverse: u u
1
= u
1
u = 1
R
. The set R

of units in R forms a group under .


A subring is a subset S R containing 0
R
, 1
R
and closed under both operations +, , such that (S, +)
is a subgroup of (R, +).
A ring homomorphism f : R R

is a function from one ring R to another ring R

such that
f(a + b) = f(a) + f(b) and f(ab) = f(a)f(b) for all a, b R and f(1
R
) = 1
R
. The image f(R) is a
subring of R

. Every ring R admits the canonical homomorphism


: Z R,
such that (n) = n1
R
, which is the sum of 1
R
with itself n-times.
If R, S are two rings then the direct product RS has a ring structure with operations (r, s)+(r

, s

) =
(r + r

, s + s

) and (r, s) (r

, s

) = (r r

, s s

). The zero element is 0


RS
= (0
R
, 0
S
) and the unit
element is 1
RS
= (1
R
, 1
S
). The projection maps from R S to R and S are ring homomorphisms.
A ring R is commutative if ab = ba for all a, b R. All of our rings will be commutative unless
otherwise noted.
A commutative ring R is an integral domain if the cancellation law holds: If ab = ac then b = c for
all a, b, c, R.
An ideal in the commutative ring R is a subset I R that is closed under addition from within and
multiplication from outside, that is, a + b I for all a, b I, and ra I for all r R and a I. The
sets 0 and Rare ideals. The latter is sometimes called the unit ideal because an ideal I = Rprecisely
when I contains a unit of R. The kernel ker f = r R : f(r) = 0
R
of a ring homomorphism
f : R R

is an ideal.
3
If I, J are two ideals in R then the intersection I J, the sum I + J = a + b : a I, b J and
product IJ consisting of all nite sums

i
a
i
b
i
with a
i
I and b
i
J are ideals in R such that
IJ I J I + J.
The ideal I + J is the smallest ideal containing both I and J and is called the ideal generated by I
and J. If I + J = R then IJ = I J.
An ideal I is principal if I = Ra = ra : r R for some a I. We often write (a) = Ra. More
generally, the ideal generated by elements a
1
, . . . , a
n
of R is the ideal
(a
1
, . . . , a
n
) = Ra
1
+ + Ra
n
=
n

i=1
r
i
a
i
: r
i
R i.
If R is an integral domain and a, b are two nonzero elements of R then (a) = (b) if and only if b = ua
for some unit u R

. If R = Z, then every ideal is principal; we have I = (n) where n are the


elements of I with smallest positive absolute value.
For any ideal I R we can form the quotient ring
R/I = r + I : r R
whose elements are cosets r +I; we have r +I = r

+I exactly when r r

I. The ring operations


on R/I are given by (r +I) +(r

+I) = (r +r

) +I and (r +I)(r

+I) = rr

+I. The zero element is


0
R/I
= 0 +I, and the unit element is 1
R/I
= 1 +I. The operations are well-dened precisely because
I is an ideal. Any ring homomorphism f : R R

with I ker f induces a quotient homomorphism

f : R/I Rsuch that



f(r)+I = f(r). If I = ker f then

f induces an isomorphism

f : R/I

f(R).
The ideals in R/I are of the form J/I = j + I : j J where J is an ideal of R containing I.
A eld is a commutative ring F such that F

:= F 0 is a group under the operation . In particular,


F

is nonempty, so 1
F
,= 0
F
. A subeld F

F is a subring which is also a eld.


Lemma 1.1 A commutative ring R ,= 0 is a eld if and only if R has no ideals other than 0 and
R.
Proof: If R is a eld then every nonzero ideal I R contains a unit, hence I = R. Conversely,
assume 0 and R are the only ideals in R. Let a R be any nonzero element. Then the principal
ideal (a) is nonzero, so must be R. Hence 1 (a). This means there is b R such that 1 = ba. Hence
a is a unit.
A eld homomorphism is a ring homomorphism f : F F

between two elds F, F

. Since
f(1
F
) = 1
F
,= 0
F
we cannot have ker f = F. From Lemma 1.1 we have
Corollary 1.2 Every eld homomorphism is injective.
4
There are two kinds of elds. Let F be a eld and consider the canonical homomorphism : Z F,
sending n n 1
R
, is an ideal in Z. If ker = 0 then extends to a eld homomorphism : Q
F, sending r/s (in lowest terms) to (r 1
F
)(s 1
F
)
1
F. Thus we have a canonical embedding
Q F. In this case we say F has characteristic zero. If ker ,= 0 then ker = nZ for some integer
n > 0. If n = km for positive integers k, m < n, then im() = Z/nZ is a subring of F hence is an
integral domain, so n = p is prime. Thus, we have a canonical embedding Z/pZ F. In this case,
we say F has characteristic p. In such a eld we have p 1
F
= 0
F
.
Let A be a commutative ring. An A-algebra is a ring R together with a homomorphism : A R
whose image is contained in the center of R. If A = F is a eld, then we may regard R as an F-vector
space via a r = (a)r for a F and r R. In this case we say that R is a nite-dimensional
F-algebra if dim
F
R < .
Proposition 1.3 1. A nite integral domain is a eld.
2. If E is a eld and F is a nite subring of E then F is a eld.
3. If F is a eld and R is a nite dimensional F-algebra which is also an integral domain, then R
is a eld.
Proof: Suppose F is a nite integral domain. Then for any nonzero a F, the map L
a
: F F
given by L
a
(b) = ab is injective, by the denition of integral domain. Since F is nite, L
a
is also
surjective, so there is b F such that L
a
(b) = 1. This proves item 1, of which item 2 is a special case,
since a subring of a eld is an integral domain. Finally if R is a nite dimensional F-algebra we again
take any nonzero element r R and consider the map L
r
: R R given by L
r
(s) = rs. Since the
map : F R giving the F-algebra structure on R maps F into the center of R, it follows that the
map L
r
is F-linear. Again L
r
is injective, hence surjective since dim
F
R < , so r is a unit in R
An ideal P in a commutative ring R is prime if R/P is an integral domain. Equivalently, R P is
closed under multiplication. That is, if a, b R and ab P then a P or b P.
An ideal M in a commutative ring R is maximal if R/M is a eld. Equivalently, if I is any ideal such
that M I R then either I = R or I = M.
A maximal ideal is prime, but not conversely in general, see below.
An integral domain R is a principal ideal domain (PID) if every ideal in R is principal. If R is a PID
then every prime ideal is maximal.
1.1 Some applications of Zorns lemma
An ordering on a set X is a relation x y between some pairs of elements x, y X such that
x x,
5
x y and y z x z,
x y and y x x = y.
A subset T X is totally ordered if for all x, y T we have either x y or y x. An upper
bound of a subset S X is an element b X such that x b for all x S.
Zorns Lemma asserts that if every non-empty totally ordered subset of X has an upper bound then
there exists m X such that if x X and x m then x = m. Such an element m, which need not be
unique, is called a maximal element of X. Zorns lemma is equivalent to the axiom of choice, hence
has no naive proof.
Applications of Zorns lemma include:
1. Every vector space has a basis.
2. The arbitrary product of compact sets is compact (Thychonoffs theorem).
3. Every eld has an algebraic closure.
4. Every ideal in a commutative ring is contained in a maximal ideal.
5. The intersection of all prime ideals in a commutative ring R is the set of nilpotent elements in R.
We use Zorns lemma to prove the last two items here.
Item 3: Let R be a commutative ring and let I be an ideal of R. We apply Zorn to the set X of ideals
of R containing I, ordered by inclusion. If T is a totally ordered subset of X, then b(T) :=

JT
J
is again an ideal in X Indeed, the only non-obvious point is closure under addition, but if x J and
x

with both J, J

T, then x + x

is in the greater of J, J

hence is in T. Therefore T has the


upper bound b(T). Let M be a maximal element of X. Then I M and if J is any ideal containing
M then J X so J = M, so M is a maximal ideal of R containing I.
Item 4: An element a R is nilpotent if a
n
= 0 for some integer n 1. By induction on n, one
sees that a nilpotent element is contained in every prime ideal. Suppose now that a R is contained in
every prime ideal of R but a
n
,= 0 for every integer n 1. Let S = 1, a, a
2
, . . . and let X be the set
of ideals I Rsuch that I S = . If T is a totally ordered subset of X then as above b(T) =

JT
J
is an ideal in R and M(T) S = . By Zorn, there exists a maximal element M X. We show
that M is prime. Suppose not. Then there exist x, y R and xy M, but x / M and y / M. By
maximality of M, the ideals (x, M) and (y, M) meet S. Hence there are u, v M and a, b, c, d R
such that ax + bu S and cy + dv S. The product
(ax + bu)(cy + dv) = acxy + bcuy + adxv + bduv
is again in S since S is closed under multiplication, but is is also in M since xy, u, v, uv M. This
contradicts M being in X. Therefore M is prime, so a M, another contradiction. Hence a
n
= 0 for
some integer n so a is nilpotent.
6
1.2 Polynomial Rings
A polynomial over a commutative ring R is a nite formal sum f = c
0
+ c
1
x + + c
n
x
n
, where all
coefcients c
i
R and n 0 is and integer. The polynomials over R form a ring R[x] under the usual
addition and multiplication of polynomials. The degree deg(f) of a nonzero polynomial f R[x] is
the largest n such that c
n
,= 0. We say f is monic if c
n
= 1, where n = deg(f). We identify R with
the polynomials in R[x] of degree zero. The units in R[x] are the units in R.
If R is an integral domain then for any two polynomials f, g R[x] we have
deg(fg) = deg(f) + deg(g).
It follows that R[x] is also an integral domain. However, if R is a PID then R[x] need not be a PID. For
example, if R = Z and p is a prime, then Z[x] has the ideal (p, x) which is not principal, as well as the
prime ideal (p) which is not maximal.
A polynomial f R[x] is reducible f = gh for some polynomials g, h R[x] having deg(g), deg(h)
both strictly less than deg(f). We call such a factorization f = gh a nontrivial factorization. A
polynomial f R[x] is irreducible if f has no nontrivial factorization in F[x].
Let F be a eld. Then the polynomial ring F[x] is a PID; if I F[x] is a nonzero ideal then I = (f)
where f is a polynomial in I of minimal degree. For example if I = (f, g) is generated by two
polynomials f, g F[x] then (f, g) = (h), where h = gcd(f, g) is the greatest common divisor of
f, g. Note that gcd(f, g) is only dened up to a nonzero constant factor. One can compute gcd(f, g)
using the Euclidean Algorithm for polynomials.
Let f F[x] be a nonzero polynomial with deg(f) = n > 0. Let = x + (f) F[x]. Using the
division algorithm one can write every element F[x]/(f) uniquely in the form
= c
0
+ c
1
+ + c
n1

n1
(1)
with all c
i
F. In other words, the set 1, , . . . ,
n1
is a basis of the F-vector space F[x]/(f), and
dim
F
F[x]/(f) = n = deg(f).
The product of two elements in the form (1) can be reduced to another of the same form using the rule
f() = 0.
Since F[x] is a PID, the following are equivalent for a polynomial f F[x]:
1. the ideal (f) is maximal (that is, F[x]/(f) is a eld);
2. the ideal (f) is prime (that is, F[x]/(f) is an integral domain);
3. if f = gh for g, h F[x] then one of g or h is constant.
4. f is irreducible in F[x].
7
It is important to specify F here since if E F is a larger eld then f could be irreducible in F[x] but
reducible in E[x].
A general polynomial f F[x] has a unique factorization in the form
f = cf
1
f
2
f
k
,
where c F and each f
i
is monic and irreducible in F[x]. We say that f splits in F[x] if each f
i
has
deg(f
i
) = 1. In this factorization it is possible to have f
i
= f
j
for i ,= j. However, let f

be the formal
derivative of f. If gcd(f, f

) = 1 then all of the f


i
are distinct.
Proposition 1.4 Let F be a eld and let f F[x] have degree deg(f) > 0. Then there exists a eld
E F and an element E such that f() = 0. And there exists a eld K E such that f splits
in K[x].
Proof: Let f
1
be an irreducible factor of f in F[x] and let E = F[x]/(f
1
). Then E is a eld containing
the element = x + (f
1
) and we have f() = f + (f
1
) = 0 + (f
1
) since f (f
1
). We view F as a
subeld of E via the embedding F E sending c +(f
1
) E, for any c F. This proves the rst
assertion.
In E[x] we have f = (x )g, for some g E[x]. If deg g = 0, then f splits in E[x]. If deg(g) > 0
we repeat the above process with f replaced by g, to construct a eld L E and an element L
such that g() = 0. Then g = (x )h and f = (x )(x )h in L[x]. Continuing, we construct a
tower of at most deg(f) elds F E L K such that f splits in K[x].
The ring F[x]/(f) may also be described as follows.
Proposition 1.5 Let F be a eld and let f F[x] be a nonzero polynomial with factorization f =
cf
m
1
1
f
m

, where c F

, each f
j
F[x] is monic irreducible, f
j
,= f
k
if j ,= k and the m
j
are
positive integers. Then the ring F[x]/(f) is isomorphic to a direct product of rings
F[x]/(f)

j=1
F[x]/(f
m
j
j
),
via the isomorphism sending g + (f) F[x]/(f) to (g + (f
m
1
1
), g + (f
m
2
2
), . . . , g + (f
m

)).
Proof: This is an application of the Chinese Remainder Theorem, which asserts that if R is a commu-
tative ring and I
1
, . . . , I

are ideals in R with intersection


j
I
j
= I such that I
j
+ I
k
= R for all pairs
of indices j ,= k then we have a ring isomorphism
R/I

j
R/I
j
, (2)
sending r + I (r + I
1
, . . . , r + I
p
). See [Lang] for a proof of (2). To apply this result to R = F[x],
we rst have to check that the ideals I
j
= (f
m
j
j
) satisfy I
j
+ I
k
= F[x] for i ,= j. Since f
j
, f
k
8
are distinct monic irreducible polynomials, the ideals (f
j
) and (f
k
) are distinct maximal ideals of F[x]
hence (f
j
, f
k
) = F[x]. Let I
j
+I
k
= (h). If deg(h) > 0 there exists a eld E F and E such that
h() = 0. Since f
m
j
j
, f
m
k
k
(h), this implies that f
j
() = f
k
() = 0, contradicting (f
i
, f
k
) = F[x].
Hence deg(h) = 0, so I
j
+ I
k
= F[x] as required.
Finally, since I
j
+ I
k
= F[x] we have I
j
I
k
= I
j
I
k
, so that
(f) = (f
m
1
1
f
m

) =

j=1
I
j
=

j=1
I
j
,
and Prop. 1.5 indeed follows from (2).
1.3 Polynomials over Q
Here are four useful results on the irreducibility of polynomials in Q[x]. By clearing denominators, it
sufces to consider only polynomials in Z[x], that is, polynomials with integral coefcients.
Proposition 1.6 (rational root test) Suppose f = c
0
+ c
1
x + + c
n
x
n
Z[x] has a rational root
r = a/b with a, b relatively prime integers. Then a [ c
0
and b [ c
n
. In particular if f Z[x] is monic
then all rational roots of f are integers dividing f(0).
Proof: Clearing denominators in the equation f(r) = 0, we have
c
0
b
n
+ c
1
b
n1
a + + c
n1
ba
n1
+ c
n
a
n
= 0,
so a [ c
0
b
n
and b [ c
n
a
n
. Since gcd(a, b) = 1 we must have a [ c
0
and b [ c
n
.
The next three results will use reduction modulo a prime. Let p be a prime in Z, then F
p
= Z/pZ
is a eld. Let c c denote the canonical projection Z F
p
. For each f =

c
i
x
i
Z[x], let

f =

c
i
x
i
F
p
[x]. The mapping f

f is a surjective ring homomorphism Z[x] F
p
[x], whose
kernel is the ideal pZ[x] consisting of the integral polynomials all of whose coefcients are divisible
by p.
Proposition 1.7 (Gauss lemma) If f Z[x] has a nontrivial factorization in Q[x] then f has a
nontrivial factorization in Z[x].
Proof: Suppose f = gh Q[x] with deg(g), deg(h) both strictly less than deg(f). There exist
positive integers m, n such that g
1
:= mg and h
1
:= nh belong to Z[x] and have the same degrees
as g, h, repectively. We have N
1
f = g
1
h
1
, where N
1
= mn. If N
1
= 1 then f has a nontrivial
factorization in Z[x] as claimed. If N
1
> 1 there exists a prime p [ N
1
. Let

f, g
1
,

h
1
F
p
[x] be the
polynomials obtained from g
1
, h
1
by reduction modulo p. We have
g
1

h
1
= g
1
h
1
= N
1
f =

N
1

f = 0,
9
since p [ N
1
. Since F
p
[x] is an integral domain, one of g
1
or

h
1
must be zero. Say g
1
= 0. This means
p divides every coefcient of g
1
, so that g
2
:= p
1
g
1
Z[x]. Let N
2
= N
1
/p, and set h
2
= h
1
. We
now have N
2
f = g
2
h
2
, where g
2
, h
2
Z[x] have the same degrees as g, h. Repeating this we get
N
2
> N
3
> . . . until eventually N
k
= 1 for some k, and f = g
k
h
k
is a nontrivial factorization of f in
Z[x].
Proposition 1.8 Let f = c
0
+c
1
x+ +c
n
x
n
Z[x] have degree n and let p be a prime not dividing
c
n
. Suppose

f is irreducible in F
p
[x]. Then f is irreducible in Q[x].
Proof: If f is reducible in Q[x] then f has a nontrivial factorization f = gh in Z[x], by Gauss Lemma.
Since p does not divide the leading coefcient of f, it cannot divide either leading coefcient of g or
h. Now

f = g

h in F
p
[x], and deg( g) = deg(g), deg(

h) = deg(h), so this is a nontrivial factorization


of

f, contradicting the hypothesis.
Proposition 1.9 (Eisensteins criterion) Let f = c
0
+ c
1
x + + c
n
x
n
Z[x]. Suppose there exists
a prime p such that p
2
c
0
, p [ c
0
, . . . , c
n1
, p c
n
. Then f is irreducible in Q[x].
Proof: If f is reducible in Q[x] then there exists a nontrivial factorization f = gh in Z[x]. By the last
two assumptions, we have g

h = c
n
x
n
,= 0 in F
p
[x]. By unique factorization F
p
[x] there are integers
a, b and 0 < k < n such that g = ax
k
,

h =

bx
nk
. It follows that p divides both g(0) and h(0). Hence
p
2
divides g(0)h(0) = f(0) = c
0
, contradicting the rst assumption.
Example: We illustrate some of the above ideas with the the cyclotomic polynomial

p
(x) = 1 + x + x
2
+ + x
p1
=
x
p
1
x 1
, (3)
where p is a prime number. Since

p
(x + 1) =
(x + 1)
p
1
x
=
p1

k=1
_
p
k
_
x
p1
and p [
_
p
k
_
for 0 < k < p, it follows from Eisensteins criterion that
p
(x) is irreducible in Q[x]. The
roots of
p
in C are ,
2
, . . . ,
p1
, where = e
2i/p
. Evaluating polynomials in Q[x] at x = gives a
homomorphism Q[x] C with image Q() = c
0
+c
1
+ +c
p1

p1
: c
i
Q and this induces
an isomorphism
Q[x]/(
p
)

Q().
Since x
p
1 = (x 1)
p
(x), we also have, from Prop. ??,
Q[x]/(x
p
1) Q[x]/(x 1) Q[x]/(
p
) QQ(),
where Q[x]/(x 1) Q via evaluation at x = 1.
10
2 Finite elds
Let f Z[x] be a polynomial with integer coefcients. We have seen that it is useful to consider the
polynomial

f F
p
[x] obtained by reduction modulo p. Galois observed that such polynomials may
not have roots in F
p
, just as polynomials in Q[x] may not have roots in Q, but may instead have roots
in some larger eld. This led him to develop the theory of nite elds. Placing himself in the essential
case where f is irreducible, the eighteen year old Galois writes
Dans ce cas, la congruence nadmettra donc aucune racine entie` ere, ne m eme aucune racine
incommensurable de degr e inf erieur. Il faut donc regarder les racines de cette congruence
comme des esp` eces de symboles imaginaires, puisquelles ne satisfont pas aux questions
des nombres enti ers, symboles dont lemploi, dans le calcul, sera souvent aussi utile que
celui de limaginaire

1 dans lanalyse ordinaire.


Cest la classication de ces imaginaires, et leur r eduction au plus petit nombre possible,
qui va nous occuper.
1
Galois goes on to develop almost the entire theory of nite elds in six pages. Because he is start-
ing with an irreducible f(x) Z[x], Galois seems not to be concerned with the existence of such
polynomials. That is where we begin, before merging with Galois path.
Proposition 2.1 Let F be a eld of nite cardinality [F[. Then there exists a prime p, an integer n,
and an irreducible polynomial f F
p
[x] of degree n such that [F[ = p
n
and
F F
p
[x]/(f).
Proof: Since F is nite, the canonical homomorphism : Z F must have nonzero kernel of the
form pZ for some prime p. Hence induces a canonical embedding F
p
F. We may thus regard F
as a vector space over F
p
. The dimension dim
Fp
F must be nite since F is nite, so [F[ = p
n
, where
n = dim
Fp
F.
Recall that the multiplicative group F

is cyclic. Choose a generator F of F

. Evaluating
polynomials at x = gives a homomorphism

: F
p
[x] F which is surjective since

(x) = .
The kernel of

is a maximal ideal of F
p
[x], which must be of the form (f), for some irreducible
polynomial f F
p
[x], so

induces an isomorphism F
p
[x]/(f) F.
Our next aim is to prove that for any prime power p
n
there exists a eld F with [F[ = p
n
. We nd F by
reverse engineering, by examining the properties of such a hypothetical eld. Since F

is a group of
order [F

[ = p
n
1, every nonzero element F satises
p
n
1
= 1. Hence every F (including
= 0) satises
p
n
= . In other words, F must be a eld consisting of the roots of the polynomial
1
In this case, the congruence [f(x) 0 mod p] will admit no integer root, nor even a non-integral root of lower
degree. One must therefore regard the roots of this congruence as kinds of imaginary symbols, because they do not satisfy
questions of ordinary integers, symbols whose use, in calculation, will often be just as useful as that of the imaginary

1
in ordinary analysis.
It is the classication of these imaginaries, and their reduction to the smallest possible number, which will concern us.
11
f = x
p
n
x. And these roots are distinct, since f

= 1 has no roots, much less any root in common


with f. Such elds are almost constructed by Prop. 1.4, except the eld E in that result could have
more elements than just the roots of x
p
n
x. A small adjustment will x this problem, and allow us to
prove:
Proposition 2.2 For all primes p and integers n 1 there exists a eld of cardinality p
n
.
Proof: Let f = x
p
n
x and let E be a eld containing F
p
in which f splits. Let : E E be the
Frobenius endomorphism, given by () =
p
. Then the n-fold composition
n
is the endomorphism
of E given by
n
() =
p
n
. Its xed points F := E

n
= E :
p
n
= are a nite subring of E
and are hence a subeld of E, consisting precisely of the p
n
distinct roots of f.
The larger eld E used in the construction of Prop. 2.2 is not unique; but the eld F is unique up to
isomorphism, as we will soon show. First we need the factorization of x
p
n
x in F
p
[x].
Let Irr(p, d) be the set of irreducible monic polynomials in F
p
[x] of degree d.
Proposition 2.3 In F
p
[x] we have the factorization
x
p
n
x =

d|n
fIrr(p,d)
f.
Proof: For any f Irr(p, n) the eld F = F
p
[x]/(f) has cardinality [F[ = p
n
and contains the root
= x + (f) of f. Since f is irreducible, we have (f) = g F
p
[x] : g() = 0. As before, the
polynomial x
p
n
x splits in F[x]:
x
p
n
x =

F
(x ).
Since F we have
p
n
= 0, so x
p
n
x (f), which means that f [ x
p
n
x. This shows that
every polynomial in Irr(p, n) divides x
p
n
x.
Suppose a, b are positive integers with a [ b; write b = ac. In Z[x] have
x
b
1 = (x
a
)
c
1 = (x
a
1)(x
a(c1)
+ x
a(c2)
+ + x
2a
+ x
a
+ 1),
so x
a
1 [ x
b
1. This is also true in Z if x is replaced by any integer. If d [ n we therefore have
p
d
1 [ p
n
1. But now taking a = p
d
1 and b = p
n
1 we get x
p
d
1
1 [ x
p
n
1
1. Multiplying
by x we have
x
p
d
x [ x
p
n
x.
We have already shown that every f Irr(n, d) divides x
p
d
x. Hence every f Irr(n, d) also divides
x
p
n
x.
It remains to show there are no other divisors of x
p
n
x. Suppose g Irr(p, e) for some e and
g [ x
p
n
x. Let F be any eld of cardinality [F[ = p
n
. We know that x
p
n
x splits in F, so g has a
12
root F. Evaluation at gives a ring homomorphism F
p
[x]

F with kernel (g). This induces an
embedding of the eld L = F
p
[x]/(g) into F. Hence we may regard F as a vector space over L. Let
r = dim
L
F be the dimension of F. Since deg g = e we have [L[ = p
e
, so that
p
n
= [F[ = [L[
r
= (p
e
)
r
,
and n = er so e [ n. This completes the proof of Prop. 2.3.
Now we can prove uniqueness of nite elds.
Proposition 2.4 Any two nite elds of the same cardinality are isomorphic as elds.
Let F and F

be two nite elds with [F[ = [F

[. As before there exist f, g Irr(p, n) such that


F F
p
[x]/(f) and F

F
p
[x]/(g).
In F[x] we factor
x
p
n
x =

F
(x ).
By Prop. 2.3 we have g [ x
p
n
x. Hence g has a root F, and evaluation at gives an embedding
F

F
p
[x]/(g) F. Since [F[ = [F

[ this embedding is an isomorphism.


For every prime power p
n
we write F
p
n for a eld of cardinality F
p
n = p
n
. Beware that F
p
n is only
dened up to isomorphism but has many incarnations. For example, suppose n is prime. Then Prop.
2.3 shows that
x
p
n
x
x
p
x
=

fIrr(p,n)
f.
Comparing degrees on both sides, we nd that the number of irreducible polynomials in F
p
[x] of prime
degree n is
[Irr(p, n)[ =
p
n
p
n
.
Galois considered the case p = 7, n = 3, where there are [ Irr(7, 3)[ = 122 different polynomials
f F
7
[x] such that F
7
[x]/(f) F
7
3. One of them is x
3
2. Galois denotes a root of this by i, so we
have the incarnation
F = F
7
[x]/(x
3
2) = a + bi + ci
2
: a, b, c F
7
,
with multiplication rule i
3
= 2. In this eld i has order 9; its powers 1, i, i
2
give a basis of F, but Galois
asks for a generator of the multiplicative group F

. Factoring 7
3
1 = 2 9 19, he notes that
F

C
2
C
9
C
19
,
and it sufces to nd generators of each factor. The rst two factors are generated by 1 and i. The
remaining factor is generated by an element of order 19. Optimistically writing this element as a + bi,
Galois computes (using the rule i
3
= 2) that i 1 has order 19. Hence the element
:= 1 i (i 1) = i i
2
13
generates F

and has equation


3
+ 2 = 0. Hence the eld
E = F
p
[x]/(x
3
x + 2)
is a different incarnation of F
7
3 for which the element = x + (x
3
x + 2) generates E

.
Finally, the subelds of nite elds are easily described.
Proposition 2.5 The subelds of F
p
n are in bijection with the divisors of n. Namely, the divisor d [ n
corresponds to the subeld F
p
n :
p
d
= F
p
d.
Proof: Assuming d [ n, the proof of Prop. 2.2 shows that F
p
n :
p
d
= is the unique subeld
of F
p
n isomorphic to F
p
d. Conversely, if F is a subeld of F
p
n, let be a generator of F

. Being an
element of F
p
n, is a root of x
p
n
x. By Prop. 2.3, there exists an irreducible polynomial f F
p
[x]
of degree d [ n such that f() = 0. This gives an embedding F
p
d F
p
[x]/(f) F
p
n.
The Frobenius automorphism Aut(F
p
n) given by () =
p
has order n. Thus the cyclic group
C
n
acts on F
p
n by eld automorphisms. The divisors d [ n parametrize the subgroups
d
C
n/d
of
C
n
. And the subeld of F
p
n of elements xed by
d
is the unique subeld having p
d
elements. Thus,
Prop. 2.5 can be rephrased as follows.
Proposition 2.6 There is a bijection between the subgroups of C
n
and the subelds of F
p
n, whereby
the subgroup D C
n
corresponds to the subeld consisting of elements in F
p
n xed by D.
Note that the bijection in Prop. 2.6 is inclusion-reversing, so that the lattice of subgroups of C
n
is
reciprocal to the lattice of subelds of F
p
n. This is a simple case of the main theorem of Galois theory.
3 Extensions of rings and elds
The main objects of study in Number Theory is the eld of algebraic numbers

Q := C : f() = 0 for some f Z[x]


and the ring of algebraic integers

Z := C : f() = 0 for some monic f Z[x].


Clearly

Z

Q. The rational root test shows that

Z Q = Z. However, it is not obvious that

Q is
a eld or that

Z is a ring. We will show that they are, and that

Q is the quotient eld of

Z. First we
develop some useful ideas about polynomials.
14
3.1 Symmetric polynomials
Let R be an integral domain with quotient eld F. Let f(x) = c
0
+ c
1
x + c
n
x
n
R[x] be a
polynomial of degree n, with roots
1
, . . . ,
n
in some eld E F. In E[x] we have two expressions
for f(x):
c
n
n

i=1
(x
i
) = f(x) =
n

k=0
c
k
x
k
.
In these expressions, the coefcients c
i
are known, and the roots
i
are usually mysterious. Let us
therefore regard the
i
as variables, and rename them t
i
. The coefcients c
k
will become functions of
the t
i
. Dropping c
n
, we consider the two expressions for the general polynomial of degree n:
n

i=1
(x t
i
) =
n

k=0
(1)
k
s
k
x
nk
. (4)
This is an equation in the ring R[t
1
, . . . , t
n
][x] of polynomials in x; the coefcients s
k
are themselves
polynomials in t
1
, . . . , t
n
. Expanding the left side of (4), we nd these coefcients to be
s
0
= 1
s
1
=

1in
t
i
s
2
=

1i<jn
t
i
t
j
.
.
.
s
k
=

1i
1
<i
2
<<i
k
n
t
i
1
t
i
k
.
.
.
s
n
= t
1
t
n
.
(5)
The functions s
k
R[t
1
, . . . , t
n
] are the elementary symmetric polynomials.
The symmetric group S
n
acts on the ring R[t
1
, . . . , t
n
] by
( f)(t
1
, . . . , t
n
) = f(t
1
, . . . , t
n
),
where S
n
and f R[t
1
, . . . , t
n
]. The S
n
-invariant polynomials form the subring
R[t
1
, . . . , t
n
]
Sn
= f R[t
1
, . . . , t
n
] : f = f.
of symmetric polynomials. Each s
k
belongs to R[t
1
, . . . , t
n
]
Sn
and these symmetric polynomials
are elementary in the sense that every symmetric polynomial is a polynomial in s
1
, . . . , s
n
. More
precisely, we have the
Theorem 3.1 (Symmetric Polynomial Theorem) The map
R[t
1
, . . . , t
n
] R[t
1
, . . . , t
n
]
Sn
sending f(t
1
, . . . , t
n
) f(s
1
, . . . , s
n
) is a ring isomorphism.
15
Proof: The map is clearly a ring homomorphism. To prove that it is bijective, it is convenient to
use multi-index notation for polynomials. Let M be the set of n-tuples (m
1
, m
2
, . . . , m
n
) of integers
m
i
0. For = (m
1
, m
2
, . . . , m
n
) M, let [[ = m
1
+ m
2
+ + m
n
. We dene a total ordering
on M by declaring

if either [

[ < [[ or there is 1 k < n such that


m

1
= m
1
, m

2
= m
2
, , m

k
= m
k
, but m

k+1
< m
k+1
. (6)
We need two properties of this ordering. First, adding componentwise we have

and

+ . (7)
Second, if = (m
1
, . . . , m
n
) with m
1
m
2
m
n
and

is obtained from by a nontrivial


permutation of the coordinates m
i
, then

< .
Now each element f R[t
1
, . . . , t
n
] can be written as

M
c

, where t

= t
m
1
1
. . . t
mn
n
and all but
nitely many c

are zero. Let (f) be the maximal M such that c

,= 0. From (7) it follows that


(fg) = (f) + (g).
Now (s
k
) = (1, 1, . . . , 1, 0, . . . , 0), with k 1s. It follows that for integers d
k
0 we have
(s
d
1
1
s
d
2
2
s
dn
n
) = (d
1
+ d
2
+ + d
n
, d
2
+ d
3
+ + d
n
, . . . , d
n
). (8)
We now show that the map in Prop. 3.1 is surjective. Let f =

M
c

R[t
1
, . . . , t
n
]
Sn
and let
(f) = (m
1
, . . . , m
n
). Since f is symmetric, all

obtained by nontrivial permutations of the m


i
also
have c

,= 0. Since (f) is maximal, we must have m


1
m
2
m
n
. For 1 i < n let
d
i
= m
i
m
i+1
, and let d
n
= m
n
. Then d
k
+ + d
n
= m
k
so
(s
d
1
1
s
d
2
2
s
dn
n
) = (f).
Hence letting
f

= f c
(f)
s
d
1
1
s
d
2
2
s
dn
n
,
we have (f

) < (f). Repeating this process with f

and continuing, we eventually express f as a


polynomial in s
1
, . . . , s
n
. Hence the map in Prop. 3.1 is surjective.
Now for injectivity. A polynomial f =

M
c

R[t
1
, . . . , t
n
] is mapped to f(s) =

M
c

,
and we have seen above that (s

) = (
1
+ +
n
,
2
+ +
n
, . . . ,
n
). Equation (8) shows that if

,= then (s

) ,= (s

). Hence (f(s)) = max(s

) : c

,= 0. This shows that if f ,= 0 then


f(s) ,= 0. Hence the map in Prop. 3.1 is injective.
Example 1: For each k 0 the polynomial
p
k
= t
k
1
+ t
k
2
+ + t
k
n
is symmetric. We have
p
1
= s
1
, p
2
= s
2
1
2s
2
, p
3
= s
3
1
3s
1
s
2
+ 3s
3
.
16
In general, p
k
can be expressed in terms of the elementary symmetric polynomials via the recursive
formula (Newtons identities)
ks
k
+
k

i=1
(1)
k
s
ki
p
i
= 0.
Example 2: The polynomial
d =

1i<jn
(t
i
t
j
)
is not quite symmetric. We have d = sgn()d, so d is invariant under the alternating group A
n
but
not the full symmetric group S
n
. However the square
D =

1i<jn
(t
i
t
j
)
2
is symmetric. This D is the discriminant polynomial. Its expression in terms of elementary symmetric
polynomials is complicated even for small n:
n = 2 : D = s
2
1
4s
2
n = 3 : D = s
2
1
s
2
2
27s
2
3
4s
3
2
4s
3
1
s
3
+ 18s
1
s
2
s
3
n = 4 : D = s
2
1
s
2
2
s
2
3
+ 256s
3
4
27s
4
3
27s
4
1
s
2
4
+ 144s
2
1
s
2
s
2
4
128s
2
2
s
2
4
+ 4s
2
1
s
3
2
s
4
+ 16s
4
2
s
4
192s
1
s
3
s
2
4
+ 18s
3
1
s
2
s
3
s
4
80s
1
s
2
2
s
3
s
4
6s
2
1
s
2
3
s
4
+ 144s
2
s
2
3
s
4
4s
3
2
s
2
3
4s
3
1
s
3
3
+ 18s
1
s
2
s
3
3
.
(9)
In general the degree of D is n(n1) and (D) = 2(n1, n2, . . . , 1) = (s
2
1
s
2
2
s
2
n
) so s
2
1
s
2
2
s
2
n
appears with coefcient = 1 in D. Does s
n1
n
always appear with coefcient n
n
? For n = 5 this
coefcient is +5
5
. Does s
n
n1
always appear with coefcient (n 1)
n1
? For n = 5 this coefcient
is +256.
3.2 Integral ring extensions
Let R be an integral domain and let S be a subring of R. An element R is integral over S if there
exists a monic polynomial f S[x] such that f() = 0. Let
R
S
= R : is integral over S.
Every s S is the root of the monic polynomial x s S[x], so S R
S
, so we have
S R
S
R.
Proposition 3.2 R
S
is a subring of R.
17
Proof: Let , R
S
be roots of monic polynomials f, g S[x]. Let h = fg S[x] and let E be a
eld containing S in which h splits. By specializing t
i

i
in the general polynomial (4), we have
h =
n

i=1
(x
i
) =
n

k=0
(1)
k
s
k
(
1
, . . . ,
n
)x
nk
.
Since h S[x], each coefcient s
k
(
1
, . . . ,
n
) belongs to S. By the symmetric polynomial theorem,
we have f(
1
, . . . ,
n
) S for each symmetric polynomial f S[t
1
, . . . , t
n
]. Now the coefcients of
H

1i<jn
(x
i

j
) and H
+
=

1i<jn
(x
i

j
)
are symmetric polynomials evaluated at (
1
, . . . ,
n
), hence these coefcients lie in S, and H

, H
+
are
monic polynomials in S[x]. Since
i

j
and +
i
+
j
we have H

() = 0 and
H
+
( + ) = 0, so and + are integral over S.
Integral extensions of Z have a property in common with PIDs, namely:
Proposition 3.3 Let R be an integral domain in which every element is integral over Z. Then every
nonzero prime ideal in R is maximal.
Proof: Let P be a prime ideal in R. Choose a nonzero element P. Then satises an equation

n
+ c
1

n1
+ + c
n
= 0, with all c
i
Z. Factoring out powers of , and remembering that R is
an integral domain, we may assume that c
n
,= 0. Then c
n
R P. This shows that P Z ,= 0.
Since it is clear that P Z is a prime ideal in Z, we have P Z = pZ for some prime number p. Now
F
p
= Z/pZ R/P, via the canonical homomorphism : Z R. Hence R/P is an F
p
-algebra.
Let R have nonzero image R/P. Since R is integral over Z we have R/P algebraic over
F
p
. Hence the homomorphism F
p
[x] R/P given by evaluation at has kernel generated by an
irreducible polynomial f F
p
[x]. As F
p
[x]/(f) is a eld, it follows that is contained in a subeld of
R/P and is therefore invertible in R/P. Hence R/P is a eld, so P is maximal.
Not every integral extension of Z is a PID. For example, the ring Z[

6] is integral over Z. Indeed,


every Z[

6] is a root of the polynomial x


2
( + )x + , where is the complex conjugate
of . However, the ideal P = (2,

6) in Z[

6] is not principal. For if P = (2m + n

6) with
m, n Z, then there would exist , Z[

6] such that
2 = (2m + n

6),

6 = (2m + n

6),
so
4 = (4m
2
+ 6n
2
), 6 =

(4m
2
+ 6n
2
),
and 4m
2
+ 6n
2
would divide 2 = 6 4, impossible. However, P is maximal by Prop. 3.3. Indeed, P
is the kernel of the ring homomorphism R F
2
sending a + b

6 a mod 2.
18
3.3 Prime ideals in Z[x]: elementary classication
In Z[x] we have only a partial division algorithm.
Proposition 3.4 If f and g are polynomials in Z[x] and f is monic, then there exist q, r Z[x] with
deg(r) < deg(f) such that g = qr + r.
Proof: The proof for polynomials over a eld works just as well here, since we do not have to divide
by the leading coefcient of f.
The condition that f be monic is necessary. For example, there are no polynomials q, r Z[x] with
deg(r) < deg(2x) such that x
2
= 2x q + r. This complicates the picture of ideals in Z[x]. For
example, not every ideal in Z[x] is principal.
A polynomial f Z[x] is primitive if gcd(f) = 1. Every f Z[x] can be written as f = cf
1
where
c = gcd(f) and f
1
Z[x] is primitive.
Lemma 3.5 The product of two primitive polynomials is primitive. More generally, for f, g Z[x] we
have gcd(fg) = gcd(f) gcd(g).
Proof: If f and g are primitive but p is a prime dividing gcd(fg). Then fg =

f g = 0 F
p
[x], so
either

f = 0 or g = 0, so p divides gcd(f) or gcd(g), a contradiction.
In general, let f = af
1
and g = bg
1
, where a = gcd(f), b = gcd(g) and f
1
, g
1
are primitive. Then
gcd(fg) = gcd(af
1
bg
1
) = ab gcd(f
1
g
1
) = ab, by the rst case.
Lemma 3.6 If f Q[x] is a monic polynomial then there is d Z such that f
1
:= df Z[x] and is
primitive; we have fQ[x] Z[x] = f
1
Z[x]
Proof: Write
f =
a
0
b
0
+
a
1
b
1
x + +
a
n1
b
n1
x
n1
+ x
n
with all a
i
, b
i
Z and gcd(a
i
, b
i
) = 1. Let d be the least common multiple of the b
i
s. Then df Z[x]
has leading term dx
n
. Let p be a prime dividing d and write d = mp
r
, where p m. Then r > 0 is the
maximal power of p dividing any b
i
. Choose i such that p
r
[ b
i
. Then p (d/b
i
). And p a
i
because
gcd(a
i
, b
i
) = 1 Hence p does not divide the coefcient da
i
/b
i
of df, so df is primitive.
It is clear that the polynomial f
1
:= df belongs to fQ[x] Z[x], so that f
1
Z[x] fQ[x] Z[x].
Conversely, suppose g fQ[x] Z[x]. Let g = fh, with h Q[x]. Choose c Z such that ch Z[x].
Then cdg = f
1
ch, so cd gcd(g) = gcd(ch). But since c [ gcd(ch) we have h Z[x] to begin
with, and d gcd(g) = gcd(h), so we even have h dZ[x]. Write h = dh
1
with h
1
Z[x]. Then
g = fh = f dh
1
= f
1
h
1
f
1
Z[x].
Theorem 3.7 Every polynomial f Z[x] factors as f = cf
1
f
n
, where c = gcd(f) Z and f
i
in
Z[x] are primitive nonconstant and irreducible in Z[x]. This factorization is unique up to sign and the
order of the factors.
19
Proof: We may assume that f is primitive. If f = gh for nonconstant g, h Z[x] then 1 = gcd(f) =
gcd(g) gcd(h) by Lemma 3.5, so g, h are primitive. Repeating this, we obtain a factorization of f into
a product of primitive irreducible nonconstant polynomials. Suppose f
1
f
k
= f = g
1
g

are two
factorizations of f into primitive nonconstant irreducible polynomials in Z[x]. By Gauss Lemma, each
of the polynomials f
i
and g
i
are irreducible in Q[x]. By unique factorization in Q[x] we have k =
and after re-indexing there are rational numbers a
i
/b
i
such that f
i
= (a
i
/b
i
)g
i
for all i. Since f
i
and g
i
are both primitive we have
b
i
= gcd(b
i
f
i
) = gcd(a
i
g
i
) = a
i
so f
i
= g
i
up to sign.
We now classify the prime ideals in Z[x]. We note rst that P Z is a prime ideal in Z, hence either
P Z = 0 or P Z = pZ for a unique prime p Z.
Theorem 3.8 The nonzero prime ideals in Z[x] are classied as follows.
1. If P Z = 0 then P = fZ[x], where f is the unique (up to sign) primitive polynomial in P of
minimal degree.
2. If P Z = pZ and P contains no primitive polynomial, then P = pZ[x].
3. If P Z = pZ and P contains a primitive polynomial then P = pZ[x] + fZ[x] where f Z[x]
is primitive with irreducible reduction

f F
p
[x]. The ideal (

f) in F
p
[x] depends only on P.
Proof:
Assume that P Z = pZ and P contains no primitive polynomial. Let f P and write f = cf
1
with
c = gcd(f) and f
1
primitive. Since f
1
/ P, we must have c P Z. Hence p [ c so f pZ[x] as
claimed.
For the rest of the proof we assume that P contains a primitive polynomial and let m be the minimal
degree of a primitive polynomial in P. If f P is primitive with deg f = m then Theorem 3.7 implies
that f is irreducible in Z[x].
Suppose that P ,= fZ[x]. Let n 0 be the minimal degree of a polynomial in P fZ[x] and choose
g P fZ[x] of this minimal degree n. Suppose g factors as g = hk in Z[x]. Neither h nor k can
belong to fZ[x]. If, say, h P then by minimality deg(h) = deg(g) and k is constant. By Gauss
Lemma, f and g are irreducible in Q[x] so there exist a(x), b(x) Q[x] such that af +bg = 1. Clearing
denominators in the coefcients of a, b we nd d Z such that da, db Z[x] and daf +dbg = d P.
If P Z = 0 this is a contradiction, so P = fZ[x] as claimed, and any other primitive polynomial
h P of degree m is divisible by f in Z[x], so h = f.
If P Z = pZ then p [ d and the ideal (p, f) = pZ[x] + fZ[x] is contained in P. Let

f F
p
[x] be
the reduction of f modulo p. Since f is primitive, we have

f ,= 0. Suppose

f is reducible in F
p
[x].
Then there are polynomials h, k, r Z[x] such that f = hk + pr, both h and k are nonconstant, and
20
deg(h) + deg(k) = deg(

f) deg(f). Since p P we have hk P. By minimality of m, either h or
k is constant, a contradiction. Therefore

f is irreducible in F
p
. It follows that
Z[x]/(p, f) F
p
/(

f)
is a eld, so (p, f) is a maximal ideal in Z[x] and we have (p, f) = P, as claimed.
Finally, suppose (p, f) = P = (p, g) where f, g Z[x] are primitive with irreducible reductions

f, g F
p
[x]. There are h, k Z[x] such that f = ph +gk, so

f = g

k ( g). Likewise g (

f), so that
(

f) = ( g). This completes the proof of Thm. 3.8.
From Prop. 3.3 we know that prime ideals in integral extensions of Z are maximal. We can now
sharpen this as follows.
Corollary 3.9 Let R be an integral domain and let in R be integral over Z with minimal monic
irreducible polynomial f Z[x]. Then every nonzero prime ideal P of R is maximal and has the form
P = (p, g()), where p Z is prime and g Z[x] is monic such that g is an irreducible factor

f in
F
p
[x] and we have
Z[]/P F
p
[x]/ gF
p
[x] F
p
d,
where d = deg g.
Proof: Let f Z[x] be the monic irreducible polynomial of . Then Z[x]/fZ[x] Z[] via
evaluation at , so the prime ideals of Z[] correspond to the prime ideals of Z[x] containing f. From
the classication of prime ideals in Z[x], we see these primes consist of fZ[x] itself and the primes
(p, g), where g is irreducible modulo p and f = gh + pk for some h, k Z[x]. This last is equivalent
to having

f = g

h in F
p
[x]. In other words, g must be an irreducible factor of

f in F
p
[x]. When this
holds, we have isomorphisms
Z[]/(p, g())

Z[x]/(p, g)

F
p
[x]/ gF
p
[x],
induced by evaluation at and reduction modulo p, respectively. Since g is irreducible of degree d, the
ring F
p
[x]/ gF
p
[x] is a eld of cardinality p
d
.
3.4 The spectrum of a commutative ring
Let R be a commutative ring. Dene Spec(R) to be the set of prime ideals of R. There is a topology
on Spec(R) for which the closed sets are those of the form
V (I) = P Spec(R) : I P,
where I is an ideal in R. One checks that
V (0) = R and V (R) = ;
V (I) V (J) = V (IJ) for any two ideals I, J in R;
21


j
V (I
j
) = V
_

j
I
j
_
for any family of ideals I
j
in R,
so that the sets V (I) are indeed the closed sets of a topology on Spec(R). The open sets are then the
complements U(I) = P Spec(R) : I , P.
In this topology points in Spec(R) are not generally closed. If P Spec(R) and V (I) contains P,
then V (P) V (I). It follows that the closure of P is V (P). We have P = V (P) exactly when
P is maximal. Hence, the closed points in Spec(R) are the maximal ideals of R. At the other extreme,
if R is an integral domain then 0 Spec(R), and
0 = V (0) = R.
That is, the point 0 is dense in Spec(R). We set
R
= 0 and call this the generic point in Spec(R).
The correspondence theorem for ideals gives a bijection
Spec(R/I)

V (I)
which is a homeomorphism because it sends any closed set V ((I + J)/I) Spec(R/I) to the closed
set V (I) V (J) V (I).
More generally, any ring homomorphism : R R

gives a function

: Spec(R

) Spec(R) Q
1
(Q).
One checks that (

)
1
(V (I)) = V (I

), where I

is the ideal of R

generated by (I). It follows that

is continuous.
For any ideal J R

, one checks that

(V (J)) = im

V (
1
(J)).
If we give im

the subspace topology from Spec(R) then

: Spec(R

) im

is a closed map.
If R is a subring of R

and : R R

is the inclusion then

(Q) = Q R, for any Q Spec(R

).
If R

is an integral domain then ker is a prime ideal in R and

sends the generic point


R

Spec(R

) to ker Spec(R).
3.4.1 Spec(Z[x])
We illustrate all of this with the evident ring homomorphisms
Q[x] Z[x]
oo //
F
p
[x]
Z
OO
,
22
which give continuous maps
Spec(Q[x])

//
Spec(Z[x])

Spec(F
p
[x])

oo
Spec(Z)
.
We have
Spec(Z) =
Z
pZ : p prime
Spec(Q[x]) =
Q[x]
fQ[x] : f Q[x] irreducible
Spec(F
p
[x]) =
Fp[x]
fF
p
[x] : f Q[x] irreducible.
From Theorem 3.8, the points P Spec(Z[t]) are of three types:
i) P = fZ[x], where f Z[x] is primitive and irreducible.
ii) P = pZ[x], where p is a prime in Z.
iii) P = pZ[x] + fZ[x] where p Z is prime and f Z[x] is primitive with

f F
p
irreducible.
This classication ts in neatly with the partition of Spec(Z[x]) into bers of :
The primes of type i) are the points in the generic ber
1
(
Z
).
The primes in types ii) are dense in the closed ber
1
(pZ).
The primes of type iii) are the closed points in
1
(pZ).
Moreover, and give homeomorphisms onto the bers (with the subspace topology)
Spec(Q[x])

1
(
Z
) Spec(Z[x])
1
(pZ)

Spec(F
p
[x]).
Explicitly, we have
(fQ[x]) = f
1
Z[x],
where f
1
is the unique primitive irreducible polynomial in fQ[x]Z[x] (cf. Lemma 3.6) and (

fF
p
[x]) =
pZ[x] + fZ[x] (cf. part 3 of Theorem 3.8).
We also have the following transverse partition of Spec(Z[x]). Let f Z[x] be primitive and irre-
ducible. Then the closure of the point fZ[x] is
fZ[x] = V (fZ[x]) = fZ[x] (p, g) : g is an irreducible factor of

f F
p
[x],
and is homeomorphic to Spec(Z[]), where is an element in a number eld with minimal integral (not
necessarily monic) polynomial f. Thus, the points in fZ[x]
1
(pZ) correspond to the irreducible
factors of f modulo p, and also the the primes in Z[] which contain p.
3.5 Algebraic eld extensions
If a eld F is a subeld of a eld E, we say that E/F is a eld extension. Let E/F be a eld
extension. We say that E is algebraic over F if there exists a nonzero polynomial f F[x] such
23
that f() = 0.
2
Equivalently, is algebraic over F if the map

: F[x] E has nonzero kernel. In


this case ker

= (f

), where f

is the unique monic polynomial in ker

of lowest degree, and


induces an isomorphism

: F[x]/(f

) F(),
where F() = im

is the subeld of E generated by F and . We have


F() = c
0
+ c
1
+ + c
n1

n1
: c
i
F,
where n = deg f

. The polynomial f

is the minimal polynomial of . A eld extension E/F itself


an algebraic extension if every element of E is algebraic over F.
Corollary 3.10 Given a eld extension E/F, the set L = E : is algebraic over F is a
subeld of E containing F.
Proof: That L is a subring of E follows from Prop. 3.2. If is a nonzero element of L with minimal
polynomial f

F[x] of degree n, then


1
is a root of the polynomial g(x) = x
n
f

(1/x) F[x], so

1
L. Therefore L is a eld.
Remark: If K/E and E/F are two algebraic eld extensions, then K/F is also algebraic. We defer
the proof of this to the next section (see Cor. 3.15).
The typical situation in which integrality and algebraicity are related is as follows. Let S be an integral
domain with quotient eld F and let E/F be a eld extension. The integral closure of S in E is the
subring R E consisting of elements of E which are integral over S.
Proposition 3.11 If E is algebraic over F then there exists s S such that s R.
Proof: Let f

c
k
x
k
be the minimal polynomial of over F, with n = deg f

. There exists s S
such that rc
k
S for all k, and s is a root of the monic polynomial s
n
f

(x/s) S[x].
Corollary 3.12 Let S be an integral domain with quotient eld F, let E/F be an algebraic extension
and let R be the integral closure of S in E. Then E is the quotient eld of R.
3.5.1 The ring of algebraic integers and the eld of algebraic numbers
The eld of algebraic numbers is the eld Qconsisting of complex numbers which are algebraic over
Q. That is, Q consists of those complex numbers which are roots of polynomials in Q[x].
The ring of algebraic integers is the ring Z consisting of complex numbers which are integral over Z.
That is,

Z consists of those complex numbers which are roots of monic polynomials in Z[x].
2
If this holds, we could arrange f to be monic, so is integral over the subring F of E. We use the word algebraic
instead of integral in the context elds to emphasize that we are only interested in the property that the powers of satisfy
an algebraic relation.
24
From Cor. 3.12 it follows that Q is the quotient eld of Z.
The rational root test shows that Z Q = Z.
The ring Z and its quotient eld Q are the main objects of study in number theory.
3.6 Field extensions of nite degree
A eld extension E/F is nite if E has nite dimension as an F-vector space. In this case we write
[E : F] = dim
F
E.
Proposition 3.13 IF L/E and E/F are nite extensions of elds then L/F is nite and we have
[L : F] = [L : E][E : F].
Proof: Let
1
, . . . ,
n
be an F-basis of E and let
1
, . . . ,
m
be an E-basis of L. One checks that

j
: 1 i n, 1 j m is an F-basis of L.
A pair of extensions L/E, E/F is called a tower of elds. Towers often appear by adjoining elements,
as follows. Suppose K/F is a eld extension and K. The eld F() is the intersection of all sub-
elds of K containing . More generally, given
1
, . . . ,
n
K, the eld F(
1
, . . . ,
n
) is the inter-
section of all subelds of K containing
1
, . . . ,
n
. We have F(
1
, . . . ,
n
) = F(
1
, . . . ,
n1
)(
n
)
and the eld F(
1
, . . . ,
n
) can be obtained from F adjoining one element at a time, forming a tower:
F F(
1
) F(
1
,
2
) F(
1
, ,
n
) K.
A eld F(
1
, ,
n
) obtained in this way is nitely generated over F.
Proposition 3.14 A nite eld extension E/F is algebraic. If E/F is algebraic and E is nitely
generated over F then E/F is nite.
Proof: Let E/F be a nite extension and let E. Then the set of powers
i
must be linearly
dependent over F. A dependence relation is of the form c
0
+ c
1
+ + c
n
x
n
= 0, with all c
k
F.
Thus is a root of the polynomial c
0
+ c
1
x + + c
n
x
n
, so is algebraic over F. Since E was
arbitrary, we have E/F algebraic.
Now suppose E = F() is an algebraic extension of F generated by a single element with minimal
polynomial f

F[x]. Then F[x]/(f

) E via evaluation at , and [E : F] = deg f

< , so
E/F is nite. Finally suppose E = F(
1
, . . . ,
n
) is nitely generated and algebraic over F. Let
F
0
= F and for 1 i n let F
i
= F(
1
, . . . ,
i
) = F
i1
(
i
). By what we just proved for a single
generator, [F
i
: F
i1
] < for each 1 i n. From Prop. 3.13 we have [F
i
: F] = [F
i
: F
i1
][F
i1
:
F
i2
] [F
1
: F] < . In particular [E : F] < .
Now we can prove that algebraicity is preserved under towers.
25
Corollary 3.15 If L/E and E/F are algebraic then L/F is algebraic.
Proof: Let L. Since L/E is algebraic, there is f =

n
k=0
c
k
x
k
E[x] such that f() = 0.
Each coefcient c
k
lies in E and E/F is algebraic so each c
k
is algebraic over F. That is, each c
k
lies in the algebraic closure F
E
of F in E. Since F
E
is a eld (Cor. 3.10), the nitely generated eld
K = F(c
0
, . . . , c
n
) F
E
is is algebraic over F. Hence K/F is nite by Prop. 3.13. And f K[x], so
is algebraic over K so K()/K is nite, again by Prop. 3.13. So K()/F is nite, hence algebraic
over F, so is algebraic over F. Since L was arbitrary, the extension L/F is algebraic.
3.6.1 Some abelian numbers
An abelian number is an element of Q(e
2i/n
) for some integer n 1.
3
Both complex numbers e
2i/n
are roots of x
n
1, hence lie in Z. Since Z is closed under addition,
it follows that 2 cos(2/n) = e
2i/n
+ e
2i/n
is an algebraic integer. The factor of 2 is necessary.
For example, = cos(2/12) =

3/2 satises 4
2
3 = 0, but no monic polynomial over Z. For
1 n 12 we list the monic polynomials in Z[x] of minimal degree having e
2i/n
and 2 cos(2/n) as
roots:
n e
2i/n
2 cos(2/n)
1 x 1 x 2
2 x + 1 x + 2
3 x
2
+ x + 1 x + 1
4 x
2
+ 1 x
5 x
4
+ x
3
+ x
2
+ x + 1 x
2
+ x 1
6 x
2
x + 1 x 1
7 x
6
+ x
5
+ x
4
+ x
3
+ x
2
+ x + 1 x
3
+ x
2
2x 1
8 x
4
+ 1 x
2
2
9 x
6
+ x
3
+ 1 x
3
3x + 1
10 x
5
x
4
+ x
3
x
2
+ x 1 x
2
x 1
11 x
10
+ x
9
+ + x + 1 x
5
+ x
4
4x
3
3x
2
+ 3x + 1
12 x
4
x
2
+ 1 x
2
3
(10)
For a general prime p > 2, the minimal polynomial
p
(x) of 2 cos(2/p) is found as follows. Write
p = 2n + 1, so that
z
n

p
(z) = z
n
+ z
n1
+ + z
1n
+ z
n
= (z + z
1
),
where Z[x] is a monic polynomial of degree n, which we will compute in a moment. Since n is
the degree of the minimal polynomial of 2 cos(2/p) and
(2 cos(2/p)) = (e
2i/p
+ e
2i/p
) = e
2ni/p

p
(e
2i/p
) = 0,
it follows that =
p
is the minimal polynomial of 2 cos(2/p). To determine
p
, let
f
n
(z) = z
n
+ z
n2
+ + z
2n
+ z
n
.
3
The term abelian will make more sense when we see the Kronecker-Weber theorem.
26
Then we have the Clebsch-Gordon rule
4
f
1
f
n
= f
n1
+ f
n
. (11)
Using equation (11) one veries by induction that
f
2k
(z) = (1)
k
k

i=0
(1)
i
_
k + i
k i
_
(z + z
1
)
2i
= g
2k
(z + z
1
)
f
2k+1
(z) = (1)
k
k

i=0
(1)
i
_
k + i + 1
k i
_
(z + z
1
)
2i+1
= g
2k+1
(z + z
1
),
(12)
where
g
2k
(x) = (1)
k
k

i=0
(1)
i
_
k + i
k i
_
x
2i
g
2k+1
(x) = (1)
k
k

i=0
(1)
i
_
k + i + 1
k i
_
x
2i+1
.
(13)
Since
p
(z + z
1
) = f
n
(z) + f
n1
(z) = g
n
(z + z
1
) + g
n1
(z + z
1
), it follows that the minimal
polynomial of 2 cos(2/p) is given by

p
(x) = g
n
(x) + g
n1
(x), (14)
where the polynomials g
n
, g
n1
are given by (13). Since these two polynomials have opposite parity,
there is no cancellation between their terms.
3.6.2 Constructible numbers
The geometric constructions in Euclids Elements can be explained in terms of nite and algebraic
extensions of Q. The allowed constructions are of two types:
1. Given distinct points , C we can draw the line through and .
2. Given C and a real number r > 0 we can draw the circle with center and radius r.
A number C is constructible if, starting with 0, 1 we can obtain by a sequence of constructions
of types 1 and 2 and taking intersections. Let
K = C : is constructible.
4
f
n
(z) is the trace of a matrix in SL
2
(C) with eigenvalues z, z
1
acting on the space Sym
n
of symmetric polynomials
of degree n on C
2
, and the Clebsch-Gordon rule gives the tensor product decomposition of representations
Sym
1
Sym
n
= Sym
n1
Sym
n+1
.
27
Many of the geometric constructions in the Elements can be expressed in algebraic language as follows.
Theorem 3.16 The set K is a subeld of C, algebraic over Q and closed under taking square-roots.
Proof: Intersections of lines and circles are found by solving a linear or quadratic equation with
coefcients already constructed. Hence a complex number is constructible exactly when there is
tower of extensions
Q = F
0
F
1
F
2
F
n
with each [F
i
: F
i1
] = 2, and F
n
. Each K lies in a nite extension of Q, hence is algebraic
over Q. And the square-roots of a given complex number can constructed using operations 1 and 2.
Hence K implies (both values of)

are in K.
The constructible numbers are precisely those which can be expressed in terms of nested square-roots.
For example Prop. I.1 in the Elements constructs e
2i/6
= (1 +

3)/2, whose minimal polynomial


is x
2
x + 1, by drawing the line through 0, 1, then drawing the circles of radius 1 centered at 0, 1.
Elsewhere in the Elements Euclid proves that the root of unity e
2i/n
is constructible for
n = 2, 3, 4, 5, 6, 8, 10, 12, 15 (15)
and that e
2i/n
constructible implies e
i/n
constructible. This shows that 2 cos(2/n) is also con-
structible for these n. Constructing e
2i/n
or 2 cos(2/n) is equivalent to constructing a regular polygon
with n sides. Naturally, the Greeks and those who came after were tantalized by the gaps in Euclids
list (15).
The Three Problems of Antiquity are really questions about K.
1. To square the circle. [Is K?]
2. To duplicate the cube. [Is
3

2 K?]
3. To trisect a given angle. [For example, is cos(2/9) K?]
As the Greeks suspected, the answers to the three questions are No, No and No. We address the second
and third Nos here.
5
Let K and let Q = F
0
F
1
F
2
F
n
be a tower of quadratic extensions with F
n
.
Then Q Q() F
n
, so [Q() : Q] divides [F
n
: Q] = 2
n
. Since [Q() : Q] is the degree of the
minimal polynomial f

Q[x] of over Q, this proves


Proposition 3.17 If K then deg f

is a power of 2.
5
The No for problem 1 is the transcendence of (that is, is not algebraic over Q). This was proved in 1882 by
Lindenmann. Proofs abound on the web, using facts about algebraic numbers and symmetric polynomials that we have
proved, and some basic analysis.
28
For =
3

2 we have f

= x
3
2, so
3

2 / K.
For = cos(2/9) we have f

= x
3
3x + 1 (see the list (10)) so cos(2/9) / K.
This explains the absence of n = 9 in the list (10). The other missing numbers are primes or twice a
prime. For n = p a prime, the minimal polynomial of e
2i/p
is the cyclotomic polynomial
p
(x) =
1 +x+x
2
+ +x
p1
(see (3)). Hence e
2i/p
can only be constructible if p 1 is a power of 2, which
forces p = 2
2
m
+ 1 to be a Fermat prime. The known Fermat primes are
3 = 2 + 1, 5 = 2
2
+ 1, 17 = 2
4
+ 1, 257 = 2
8
+ 1, 65537 = 2
16
+ 1.
These are the only known primes for which e
2i/p
could be constructible. In fact each of these roots of
unity is constructible. For an expression of e
2i/17
in terms of nested square roots, see [Hardy-Wright,
p.60]. The issue here is that the converse of Prop. 3.17 is false: there are algebraic integers Z for
which deg f

a power of 2 yet is not constructible. The precise criterion for constructibility requires
more information about f

than just its degree. This extra information comes from Galois theory.
3.7 Splitting elds
Let F be a eld and let f F[x]. Recall from Prop. 1.4 that there exists a eld L F such that
f splits into product of linear factors in L[x]. The eld L is not unique; indeed, a smaller eld may
sufce to split f. We seek minimal elds in which f splits.
We say that E is a splitting eld for f over F if
1. f is a product of linear factors in E, and
2. E is generated by the roots of f in E.
Example 1: We constructed F
p
n as the splitting eld of f = x
p
n
x over F
p
.
Example 2: Let F = Q and let f = x
3
2. The roots of f in C are , ,
2
, where = e
2i/3
and
is the real cube-root of 2. A splitting eld is constructed via the tower
Q Q() Q(, ).
Since f

= x
3
2, we have [Q() : Q] = 3. Since is not real, its minimal polynomial x
2
+ x + 1
over Q remains irreducible over Q() and therefore [Q(, ) : Q()] = 2. Hence the splitting eld
Q(, ) has degree [Q(, ) : Q] = 2 3 = 6 over Q.
Example 3: Let F = Q and let f = x
3
+ x
2
2x 1. This is the minimal polynomial of =
2 cos(2/7) and the other roots of f are = 2 cos(4/7) and = 2 cos(6/7). The trigonometric
identities
cos 2 = 2 cos 1, cos 3 = 4 cos
3
3 cos .
show that , are rational polynomial expressions in . Hence Q() is the splitting eld of f and its
degree is [Q() : Q] = 3.
29
It turns out that the splitting eld of a cubic polynomial f = x
3
+ax
2
+bx+c F[x] has degree either
3 or 6 over F, and this can be detected (without knowing anything about the roots of f) by whether the
discriminant (see (9))
D(f) = a
2
b
2
27c
2
4b
3
4a
3
c + 18abc (16)
is a square in F

. In Example 2, we have D(f) = 27 4 a non-square in Q

, while in Example 3,
we have D(f) = 49 Q
2
.
Splitting elds always exist. For if we choose any eld L in which f splits, say
f = c
n

i=1
(x
i
) L[x],
the eld E = F(
1
, . . . ,
n
) is a splitting eld for f over F.
6
Any splitting eld is has nite degree over F, since it is obtained by adjoining nitely many roots.
However, splitting elds are not unique. For example, take F = Q and f = x
2
2 Q[x]. The
polynomial Q splits in R and also in the p-adic eld Q
p
for when 2 F
2
p
, which occurs exactly when
16 [ (p
2
1). We have innitely many splitting elds E = Q(), where is a root of x
2
2 in R or
Q
p
for such p. Each of these elds consist of completely different elements (real or p-adic numbers)
but they are both isomorphic to Q[x]/(x
2
2), hence E E

as elds. So the best we can hope for is


that splitting elds are unique up to isomorphism. This is true.
Proposition 3.18 Let F be a eld, let f F[x] and let E, E

be two splitting elds of f over F. Then


there is a eld isomorphism : E

E

such that (a) = a for all a F.


The assertion of Prop. 3.18 may be visualized in the commutative diagram, where the vertical arrows
are the inclusion maps.
E

F
id
F
(17)
An isomorphism as in the diagram (17) is called an isomorphism over F.
Prop. 3.18 will follow from a more exible result whose proof is more amenable to induction: We
replace the lower line in (17) by a xed isomorphism of elds : F F

. This extends to an
isomorphism of polynomial rings : F[x] F

[x] given by (

c
k
x
k
) =

(c
k
)x
k
. It will be
convenient to write g

= (g) for g F[x].


Theorem 3.19 (The Extension Theorem) Fix a eld isomorphism : F

F

as above. Let f
F[x], with f

= (f) F

[x] and suppose E, E

are splitting elds of f, f

over F, F

, respectively.
6
F(
1
, . . . ,
n
) is the intersection of all subelds of L containing F and
1
, . . . ,
n
. Inductively, we have
F(
1
, . . . ,
n
) = F(
1
, . . . ,
n1
(
n
).
30
There exists a eld isomorphism : E

E

extending , that is, so that we have a commutative


diagram
E

(18)
Proof: We use induction on [E : F], which is nite. If [E : F] = 1 there is nothing to prove.
Otherwise, there is a root of f in E such that / F. Let g F[x] be the minimal polynomial of .
Then g

is irreducible in F

[x]. And g [ f in F[x], so g

[ f

in F

[x]. Since f

splits in E

, there is a
root

of g

. And g

is the minimal polynomial of

in F

[x]. Hence we have eld isomorphisms


F()

F[x]/(g)

[x]/(g

)
which give an isomorphism
1
: F()

F

) extending . Since [E : F()] < [E : F], the


isomorphism
1
extends, by induction, to an isomorphism : E

E

. Clearly also extends .


Corollary 3.20 Let f F[x] and let L/F be a eld extension such that f splits in L[x] as
f = c
k

i=1
(x
i
)
m
i
,
where the
i
are the distinct roots of f in L and the m
i
are positive integers. Then the set m
i
, with
multiplicities, is independent of L.
Proof: Let L

/F be another extension splitting f, so that f = c

j=1
(x

j
)
m

i
in L

[x]. Let
E = F(
1
, . . . ,
k
) and E

= F(

1
, . . . ,

) be the splitting elds of f over F in L and L

respectively.
By Prop. 3.18, there is an isomorphism : E

E

over F. The induced map : E[x] E

[x] is the
identity on F[x], so in E

[x] we have
c
k

i=1
(x (
i
))
m
i
= (f) = f = c

j=1
(x

j
)
m

i
.
By unique factorization in E

[x] we have
(
i
) =

j
, and m
i
= m

as sets-with-multiplicities.
It therefore makes sense to say that a polynomial f F[x] has a multiple root if f has a repeated factor
(some m
i
> 1) in a splitting eld of f over F. Otherwise (if all m
i
= 1) we say f has distinct roots.
Having multiple or distinct roots is a quality independent of the choice of splitting eld containing the
roots.
31
Example: Suppose F has characteristic p and let f = x
p
a F[x] where a F. Let E/F be an
extension in which f splits and let , be two roots of f in E. Then
p
= a =
p
, so / is a root
of x
p
1 = (x 1)
p
, meaning that = . Hence f = (x )
p
in E[x], so f has a multiple root.
Assume now that a is not the p
th
power of any element in F. I claim that f is irreducible in F[x]. For
if g F[x] is a nonconstant monic factor of f then g also divides f in E[x] so g = (x )
k
for some
1 k p. The coefcient of x
k1
in g is k, which must belong to F, since g F[x]. But / F,
since a / F
p
. Hence k = p and g = f. Therefore f is an irreducible polynomial having a multiple
root.
Proposition 3.21 Let F be a eld. For a nonconstant irreducible polynomal f F[x], the following
are equivalent.
1. f has a multiple root.
2. The formal derivative

f is the zero polynomial.
7
3. The eld F has characteristic p > 0 and f F[x
p
].
Proof: (1 2): Let E be a splitting eld for f. If f has a multiple root then f has a root E such
that f(x) = (x )
m
g(x) in E[x], with m > 2. Then

f(x) = m(x )
m1
g(x) + (x )
m
g(x) so

f() = 0. Since f is irreducible in F[x] it follows that f [



f. If

f ,= 0 then deg

f < deg f would be a
contradiction, so

f = 0 in F[x].
(2 3): Suppose

f = 0 in F[x]. If f =

n
k=0
c
k
x
k
, then

f =

n
k=1
kc
k
x
k1
= 0. Hence kc
k
= 0
for all 1 k n, so if x
k
appears in f we must have k = 0 F. This forces F to have characteristic
p > 0 and p [ k whenever c
k
,= 0, meaning that f F[x
p
].
(3 1): Suppose f F[x
p
], so that f(x) = g(x
p
) for some g F[x]. Let E be a splitting eld of g
over F. In E[x] we have g = c

(x
i
)
m
i
. Enlarging E if necessary, we may assume that x
p

i
splits in E for each i. The previous example shows that there exist
i
in E such that x
p

i
= (x
i
)
p
.
We have
f = c

(x
p

i
)
m
i
= c

(x
i
)
pm
i
.
Since each pm
i
> 1, the polynomial f has a multiple root.
A polynomial f F[x] is separable if each irreducible factor of f in F[x] has distinct roots. A product
of separable polynomials is separable.
An algebraic extension E/F is separable if every polynomial f F[x] having a root in E is separable
over F. Equivalently, E/F is separable if for every E the minimal polynomial of over F has
distinct roots. An algebraic extension E/F is inseparable if it is not separable.
If F has characteristic zero then every algebraic extension E/F is separable.
F is a nite eld of characteristic p then every algebraic extension E/F is separable. For the Frobenius
map : F F sending (a) = a
p
is injective (since a
p
1 = (a 1)
p
) hence surjective since F
7
If f =

n
k=0
c
k
x
k
then

f =

n
k=1
kc
k
x
k1
.
32
is nite. It follows that F[x
p
] = F[x]
p
. Hence F[x
p
] contains no nonconstant irreducible polynomials
over F, so every irreducible polynomial f F[x] is separable.
A eld F can have inseparable extensions only if F is innite of characteristic p. For example, let F =
F
p
(T) be the eld of rational functions over F
p
in the variable T. Then the polynomial x
p
T F[x]
is not separable over F (see the example prior to Prop. 3.21), and its splitting eld E = F
p
(T
1/p
) is an
inseparable extension of F.
3.8 Automorphisms and Galois Extensions
3.8.1 Field automorphisms
For any eld extension E/F, let
Aut(E/F) = Aut(E) : (a) = a for all a F
denote the group of automorphisms of E which are the identity on F. An element Aut(E/F)
makes the following diagram (cf. (17)) commute:
E

E

F
id
F.
(19)
If F is the prime eld (either Q or F
p
according as the characteristic is 0 or p > 0, then every automor-
phism of E is trivial on F, so in this case F = Aut(E) is the full automorphism group of E.
Each Aut(E/F) extends to an automorphism of the polynomial ring E[x] by acting on the coef-
cients: (

c
k
x
k
) :=

(c
k
)x
k
. If f F[x], then (f) = f. Hence if E is a root of f, then
() is also a root of f. Thus, Aut(E/F) permutes the roots of every polynomial f F[x].
3.8.2 Automorphisms of nite extensions
If E/F is a nite extension, then the automorphism group Aut(E/F) is nite. More precisely, we
have:
Proposition 3.22 If E/F is a nite extension of degree n, then Aut(E/F) is isomorphic to a subgroup
of S
n
.
Proof: Assume E/F is nite and let G = Aut(E/F). Then we have E = F(
1
, . . . ,
n
) for some
elements
i
E. Let f
i
F[x] be the minimal polynomial of
i
and let n
i
be the number of roots of
f
i
in E. These roots are permuted by G which acts faithfully on
1
, . . . ,
n
, since the
i
generate E
over F. This gives an injective homomorphism G S
n
.
33
Beware that Aut(E/F) can be trivial even when E F. For example, let F = Q and let E = Q()
where is the real root of x
3
2. The other roots of x
3
2 are not real and they do not lie in E. Hence
any element of Aut(E) must x and hence is trivial since generates E. The problem is that Q()
is too small to display the symmetry of the three roots of x
3
2.
3.8.3 Galois extensions
A nite extension E/F is Galois if E is the splitting eld of a separable polynomial f F[x]. If K
is any intermediate eld, F K E, then E is also the splitting eld of f over K, so the extension
E/K is Galois. When E/F is Galois the group Aut(E/F) is called the Galois group of E/F.
Proposition 3.23 If E/F is a Galois extension then [ Aut(E/F)[ = [E : F].
Proof: We use induction on the degree [E : F]. Let f F[x] be a separable polynomial for which
E is the splitting eld over F. Let f
1
be an irreducible factor of f. Then f
1
has distinct roots, since f
is separable. Let
1
, . . . ,
s
be these distinct roots of f
1
, where s = deg f
1
. These roots generate the
splitting eld F
1
= F(
1
, . . . ,
s
) of f
1
in E. For each 1 i s, the isomorphisms
F(
1
)

1
F[x]/(f
1
)

i
F(
i
)
give an isomorphism F(
1
)

F(
i
) which extends, by Prop. 3.19, to an automorphism
i

Aut(F
1
/F) sending
1

i
. Hence Aut(F
1
/F) is transitive on the roots of f
1
. The stabilizer of
1
is Aut(F
1
/F(
1
)), which by induction has order
[ Aut(F
1
/F(
1
))[ = [F
1
: F(
1
)]
and has index s = deg f
1
= [F(
1
) : F] in Aut(F
1
/F). Therefore we have
[ Aut(F
1
/F)[ = [ Aut(F
1
/F(
1
))[ [F(
1
) : F] = [F
1
: F(
1
)] [F(
1
) : F] = [F
1
: F].
If F
1
= E, we are done. Assume F
1
,= E. Since Aut(E/F) permutes the roots of f
1
, and these roots
generate F
1
, each automorphism in Aut(E/F) restricts to an automorphism of Aut(F
1
/F), giving a
homomorphism r : Aut(E/F) Aut(F
1
/F). Since E is also the splitting eld of f over F
1
, it
follows from Prop. 3.19 that r is surjective. And ker r = Aut(E/F
1
) by denition. Thus we have an
exact sequence
1 Aut(E/F
1
) Aut(E/F)
r
Aut(F
1
/F) 1.
Again by induction we have [ Aut(E/F
1
)[ = [E : F
1
]. And we have shown above that [ Aut(F
1
/F)[ =
[F
1
: F]. Therefore
[ Aut(E/F)[ = [ Aut(E/F
1
)[ [ Aut(F
1
/F)[ = [E : F
1
] [F
1
: F] = [E : F],
as was to be shown.
If G is any subgroup of Aut(E), the xed eld of G is the subeld E
G
of elements in E xed by every
element of G:
E
G
= E : () = for all G.
34
Lemma 3.24 Let E be a eld and let G be a nite subgroup of Aut(E). Then [E : E
G
] [G[.
Proof: We show that any set of more than [G[ elements in E is linearly dependent over E
G
. Let

1
, . . . ,
n
E, with n > [G[. Let V E
n
be the set of simultaneous solutions of the linear
equations
eq() : (
1
)x
1
+ (
2
)x
2
+ + (
n
)x
n
= 0,
one equation for each G. If v = (v
1
, . . . , v
n
) V then (v) := ((v
1
), . . . , (v
n
)) is a solution of
eq() for all G, which is the same set of equations permuted, so (v) V for any G.
Since there are fewer equations eq() than variables x
i
, the solution space V is nonzero. For each
v = (v
1
, . . . , v
n
) V let m(v) be the number of nonzero entries v
i
and let
m = minm(v) : 0 ,= v V > 0.
Choose a solution v with m(v) = v, and let v
i
be a nonzero entry of v. Then u = v
1
i
v is another
solution in V with m nonzero entries, and now u
i
= 1.
For any G the solution (u) has nonzero entries in the same places as u, and (u
i
) = 1 = u
i
. So
m((u) u) < m, so (u) u = 0. Therefore (u) = u for every G, so each entry u
j
of u lies in
E
G
. Considering eq() for = e, we have

1
u
1
+ +
n
u
n
= 0.
Thus, the
i
are indeed linearly independent over E
G
.
Proposition 3.25 Let E be a eld and let G be a nite subgroup of Aut(E). Then E/E
G
is Galois,
with Galois group Aut(E/E
G
) = G, and [E : E
G
] = [G[.
Proof: Let
1
,
2
, . . . ,
n
be a G-orbit in E. The polynomial g =

(x
i
) is xed by G, hence
it belongs to E
G
[x] and g(
1
) = 0. Hence
1
is algebraic over E
G
. Let f E
G
[x] be the minimal
polynomial of
1
. Then f is also xed by G, so each
i
is also a root of f and g [ f. Since f is
irreducible in E
G
[x] we have f = g =

(x
i
).
By Lemma 3.24, the extension E/E
G
is nite, so E = E
G
(
1
, . . . ,
s
) for some elements
i
E. By
the second claim, the minimal polynomial f
i
E
G
[x] of
i
splits into distinct linear factors in E[x].
Hence E is the splitting eld of the separable polynomial f =

f
i
E
G
[x], so E/E
G
is Galois.
By denition we have G Aut(E/E
G
). And Prop. 3.23 and Lemma 3.24 imply that
[ Aut(E/E
G
)[ = [E : E
G
] [G[.
It follows that G = Aut(E/E
G
).
The equality [E : E
G
] = [G[ now follows from Prop. 3.23.
Theorem 3.26 Let E/F be a nite extension of elds, and let G = Aut(E/F). Then the following
are equivalent.
35
1. E/F is Galois;
2. F = E
G
;
3. [E : F] = [G[.
Proof: First note that G is nite, by Prop. 3.22, so Prop. 3.25 applies, and we have
E/E
G
is Galois, G = Aut(E/E
G
) and [E : E
G
] = [G[.
This shows that 3 2 1. And 1 3 is Prop. 3.23.
Remark: It is not true that if L/E and E/F are Galois then L/F is Galois. Consider the tower
8
Q Q(

2) Q(
4

2).
From the proofs of Props. 3.23 and 3.25 we can extract additional corollaries.
Corollary 3.27 Let E/F be a Galois extension with Galois group G = Aut(E/F), and let f E[x].
1. We have f F[x] if and only if (f) = f for all G.
2. If f F[x] and f has root in E then f splits in E[x].
3. If f F[x] and f has root in E then f is irreducible in F[x] iff G is transitive on the roots of f.
3.8.4 The Galois correspondence
Let E/F be a Galois extension with Galois group G = Aut(E/F). The Main Theorem of Galois
Theory asserts that subgroups H of G and the intermediate elds M lying between F and E are in
bijection. A more precise statement of the theorem is as follows.
Theorem 3.28 (The Galois Correspondence) There are mutually inverse bijections
subgroups H G intermediate elds F M E
sending H E
H
, and sending M Aut(E/M). These bijections have the following properties.
1. If H and J are subgroups of G then H J if and only if E
J
E
H
.
2. If H J G we have [J : H] = [E
H
: E
J
].
3. If g G then E
gHg
1
= g(E
H
) and if M = E
H
we have Aut(E/g(M)) = g Aut(E/M)g
1
.
8
Thanks to Andrew Phillips for providing this example.
36
4. The following are equivalent:
i) The subgroup H is normal in G;
ii) the extension E
H
/F is Galois;
iii) G preserves E
H
.
When i)-iii) hold, we have an isomorphism G/H Aut(E
H
/F), via restriction.
Proof: By Prop. 3.23, the group G is nite of order [G[ = [E : F]. Hence every subgroup H G is
nite, so Prop. 3.25 shows that Aut(E/E
H
) = H. Conversely if M is an intermediate eld then E/M
is Galois. Let H = Aut(E/M). Theorem 3.26 shows that M = E
H
. Hence the correspondences
H E
H
and M Aut(E/M) are mutually inverse bijections.
Let H and J be subgroups of G. If H J then clearly E
J
E
H
. Conversely, if E
J
E
H
then H
acts trivially on E
J
so H Aut(E/E
J
) = J.
When H J and E
J
E
H
, we have
[J : H] =
[J[
[H[
=
[ Aut(E/E
J
)[
[ Aut(E/E
H
)[
=
[E : E
J
]
[E : E
H
]
=
[E : E
H
] [E
H
: E
J
]
[E : E
H
]
.
In a G-action, the xed-point sets of conjugate subgroups H, gHg
1
G are conjugate by g. This
shows that E
gHg
1
= g(E
H
). Then we have
Aut(E/g(E
H
)) = Aut(E/E
gHg

1
) = gHg
1
= g Aut(E/E
H
)g
1
.
If H is normal in G then g(E
H
) = E
gHg
1
= E
H
, so G preserves E
H
. If G preserves E
H
we have a
restriction map r : G Aut(E
H
) whose kernel is the subgroup xing E
H
. This subgroup is H, so
H = ker r is normal in G. And G/H is a nite subgroup of Aut(E
H
/F) with xed-eld F, so E
H
/F
is Galois. And if E
H
/F is Galois then E
H
is the splitting eld of a separable polynomial f F[x].
Letting
1
, . . . ,
s
be the roots of f in E
H
, we have E
H
= F(
1
, . . . ,
s
). The group G xes f, hence
permutes the roots
i
, so G preserves E
H
. This proves item 4.
3.9 The Galois group of a polynomial
Let F be a eld, let f F[x] be a separable polynomial, and let E be a splitting eld of f, so that we
have the Galois group Aut(E/F). If E

is another splitting eld of f then we have an isomorphism


E E

over F (see Prop. 3.18), which induces an isomorphism of Galois groups Aut(E/F)
Aut(E

/F). The isomorphism class of the group


G
f
:= Aut(E/F)
is therefore independent of E; the group G
f
is the Galois group of f over F.
37
Note that G
f
is a more rened object than Aut(E/F). The latter group depends only on the extension
E/F, and E could be the splitting eld of many different polynomials.
9
But with G
f
we single out
a particular polynomial f F[x], hence a particular set of orbits of Aut(E/F) in E, and a particular
realization of Aut(E/F) as a group of permutations.
Suppose f has degree n, and let X be the set of roots of f in E. The group G
f
permutes the roots in
X, giving a homomorphism G
f
S
X
S
n
, which is injective since E is generated by X. Thus G
f
is isomorphic to a subgroup of S
n
, where n = deg f.
Assume now that f is irreducible in F[x]. This occurs exactly when G
f
is transitive on X. Let X
and let H

G
f
be the stabilizer of in G
f
. Then E
H
= F(), so H

and F() are related by the


Galois correspondence. Note that [G
f
: H] = [E : F()] = n, as it should be.
Since G
f
is transitive on X, the subgroups H

are conjugate to each other in G


f
and the subelds F()
are permuted transitively by G
f
. However, some of these subgroups and subelds could coincide. This
means we have an equivalence relation on X, via the rule:
F() = F().
Let
X =
m

i=1
X
i
be the partition of X into equivalence classes X
i
, which we call blocks. Two roots , X are in the
same block X
i
exactly when is a polynomial expression in and vice-versa. If we now choose one
root
i
X
i
for each 1 i m, and let H
i
be the stabilizer of
i
in G, we have distinct subgroups
H
1
, . . . , H
m
and distinct subelds F(
1
), . . . , F(
m
), related by the following partial picture of the
Galois correspondence:
e
H
1
n
H
2
n
. . . H
m
n
G
f
E
F(
1
)
n
F(
2
)
n
. . . F(
m
)
n
F
These are partial pictures of the Galois correspondence that appear for any irreducible f F[x]. The
missing part of these pictures depends on the structure of G
f
.
9
For example, if =
3

2 and = exp(2i/3), then E = Q(, ) is the splitting eld of f


1
= x
3
2, so G
f1
is
naturally a subgroup of S
3
, permuting the three roots , ,
2
of f
1
. But also Q(, ) = Q( + ), so E is also the
splitting eld of f
2
= x
6
+ 3x
5
+ 6x
4
+ 3x
3
+ 9x + 9, which is the minimal polynomial of + over Q. Now G
f2
is
naturally a subgroup of S
6
, permuting the six roots of f
2
, which are
i
+
j
for i = 0, 1, 2 and j = 1, 2.
38
3.9.1 Imprimitive group actions and Galois groups
In the above pictures, the extensions F(
i
)/F will be Galois (equivalently H
i
G
f
) exactly when
m = 1. However, even if F(
i
)/F is not Galois, the automorphism group Aut(F(
i
)/F) need not
be trivial. This group is is independent of i, since the subgroups H
i
and subelds F(
i
) are all G
f
-
conjugate, and is therefore canonically attached to G
f
.
To determine Aut(F(
i
)/F) we rst consider blocks in the setting of general group actions. Let G be
a nite group acting transitively on a set X and suppose there exists a partition
X =
m

i=1
X
i
into disjoint subsets X
i
permuted by G. Let k be the common cardinality [X
i
[ = k. The G-action on
X is called imprimitive if there exists such a partition with k > 1.
Various subgroups are associated to a partition X =

X
i
, as follows.
J
i
= g G : gX
i
= X
i
, H
i
= g G : gx = x x X
i
.
Then J
i
acts transitively on X
i
and H
i
acts trivially on X
i
, so we have an injective homomorphisim
J
i
/H
i
S
X
i
. Let Z
i
be the centralizer of J
i
/H
i
in S
X
i
. The groups J
i
, H
i
, Z
i
are permuted by G.
Lemma 3.29 The following conditions are equivalent:
1. The H
i
are distinct;
2. J
i
is the full normalizer of H
i
in G;
3. X
i
is the full xed-point set of H
i
in X.
Proof: This is a straightforward exercise.
Assume the conditions of Lemma 3.29 hold. The centralizer Z = C
S
X
(G) preserves each X
i
, and
commutes there with J
i
/H
i
, so Z

Z
i
. Let z
i
Z
i
be such that z = (z
1
, . . . , z
m
) Z. We will
show that all z
i
are determined by z
1
. Choose g G such that gX
1
= X
i
. Pick x
1
X
1
and let
x
i
= gx
1
X
i
. Then
z
i
g x
1
= zg x
1
= gz x
1
= gz
1
x
1
,
so z
i
= gz
1
g
1
. The element z
i
= gz
1
g
1
Z
i
depends only on i and not on the choice of g. Hence
for any z
1
Z
1
we can dene z
i
= gz
1
g
1
for any g G sending gX
1
= X
i
and we have
Z = (z
1
, . . . , z
m
) : z
1
Z
1
Z
1
.
We return to return to the setting of Galois groups. Let f F[x] be irreducible and separable, with
splitting eld E and Galois group G
f
= Aut(E/F). Recall we have partitioned the set X of roots of
39
f into equivalence classes X =

X
i
, via the relation F() = F(). Choose one root
i
in
each block X
i
. The eld F
i
= F(
i
) depends only on i and not on the choice of
i
. The objects in the
abstract theory of blocks become
J
i
= g G : gF
i
= F
i
, H
i
= Aut(E/F
i
), J
i
/H
i
= Aut(F
i
/F).
Proposition 3.30 For all 1 i m we have Aut(F
i
/F) C
S
X
(G
f
), the centralizer of G
f
in S
X
.
Proof: From the Galois correspondence we have F
i
= E
H
i
. The F
i
are distinct, so the subgroups H
i
are distinct. Hence the conditions of Lemma 3.29 hold, and we have C
S
X
(G) Z
1
.
But more is true: An automorphism Aut(F
i
/F) is completely determined by its effect on
i
. And
Aut(F
i
/F) acts transitively on X
i
by the extension theorem. Hence J
i
/H
i
Aut(F
i
/F) acts freely
and transitively on X
i
, so the action of J
i
/H
i
on X
i
is isomorphic to the left regular representation of
J
i
/H
i
. For any group, the centralizer of the left regular representation is the right regular representation.
Hence Z
i
is the image of the right regular representation of J
i
/H
i
, so Z
i
J
i
/H
i
. We conclude that
C
S
X
(G) Aut(F
i
/F) for all 1 i m.
3.9.2 The Primitive Element Theorem
We have seen, in the example Q(1
1/3
, 2
1/3
) = Q(1
1/3
+ 2
1/3
) that a eld given by two generators may
be generated by a single element. We saw this also with nite elds, whose multiplicative groups are
cyclic. Galois used this result heavily (see next section) so we will prove it now.
Theorem 3.31 (Primitive Element Theorem) Let E/F be a nite separable extension. Then there
exists E such that E = F().
Proof: (From Milne [FG].) Since we know the result when F is nite, assume F is innite. We may
also assume by induction that E = F(, ). We will nd an element c F such that E = F( +c).
Let f, g be the minimal polynomials of , over F. Since E/F is separable, these have distinct roots,
=
1
, . . . ,
s
and =
1
, . . . ,
t
in some eld L E. Since F is innite, there exists c F such
that
c ,=

i


j
for all j ,= 1. We set = +c, and claim that F(, ) = F(). The polynomials g(x) and f( cx)
have coefcients in F(). Our choice of c ensures that they have only one root in common, namely
. Hence the ideal they generate in F()[x] is generated by a polynomial h with coefcients in F()
having as its unique root. Hence h splits in F()[x] and F(). And then = c F() as
well, so F(, ) = F().
Example: Let E C be the splitting eld over Q of x
3
2. We know that E = Q(, ), where is
the real root of x
3
2 and = e
2i/3
. I claim that
E = Q( + ).
40
This follows from the proof above, once we check that none of
, ,
2

are equal to
2
. The minimal polynomial of + is
f = x
6
+ 3x
5
+ 6x
4
+ 3x
3
+ 9x + 9,
whose discriminant is 2
4
3
17
.
3.9.3 Galois view of Galois groups
Speaking from the grave, Galois introduced mankind to Galois groups with the following statement.
10
TH

EOR
`
EME. - Soit une equation donn ee, dont a,b,c,... sont les m racines. Il y aura
toujours un groupe de permutations des lettres a,b,c,... qui jouira de la propri et e suivante:
1
o
Que toute fonction des racines, invariable par les substitutions de ce groupe, soit
rationnellement connue;
2
o
R eciproquement, que toute fonction des racines, d eterminable rationnellement, soit
invariable par les substitutions.
Here is a literal translation:
THEOREM.- Let an equation be given, where a, b, c, . . . are the mroots. There will always
be a group of permutations of the letters a, b, c, . . . which will enjoy the following property:
1. That any function of the roots, invariant by the substitutions of this group, be ratio-
nally known;
2. Conversely, that any function of the roots, rationally determinable, be invariant by
the substitutions.
In a footnote, Galois claries that by invariant by the substitutions he means the values of a function
at the roots are invariant, not just the function itself. And rationally known means the values are
expressible in terms of the coefcients of the given equation, along with some adjoined quantities
(Im not sure what Galois means by the latter).
Here is a mathematical translation. We are given an equation f(x) = 0, where f F[x] is a polyno-
mial, and
1
, . . . ,
m
are the m roots of this equation in some splitting eld E. Let R = F[x
1
, . . . , x
m
]
be the ring of polynomials in variables x
1
, . . . , x
m
. For r R, write r() = r(
1
, . . . ,
m
) for the
value of r at the roots, so that E = r() : r R. These values r() are Galois functions of
10
M emoire sur les conditions de r esolubilit e des equations par radicaux, published in 1846. Galois died in 1832. Note
that he uses the future tense.
41
the roots, and to be rationally known means that r() F. Recall the group S
m
acts on R by
(, r)

r, where

r(x
1
, . . . , x
m
) = r(x
1
, . . . , x
m
).
With this notation, Galois theorem becomes
Theorem 3.32 There is a subgroup G S
m
characterized by the following property:
[

r() = r() for all G] r() F. (20)


Let us rst verify that our Galois group G
f
= Aut(E/F), viewed as subgroup of S
m
via its action on
the roots
i
, is the same as Galois Galois group G.
If G
f
then for all r R we have (r()) = r(()) =

r(). Since E
G
f
= F, we have
r() F iff

r() = r() for all G
f
. Hence the elements of G
f
satisfy the property (20), so we
have G
f
G.
For the other containment, let I

= r R : r() = 0 be the kernel of the ring homomorphism


R E, sending r r(). This gives an isomorphism R/I

E. Suppose now that G.


For all r I

we have r() = 0 F, so

r() = r() = 0. Thus, G preserves I

and we get
a homomorphism G Aut(R/I

) Aut(E). Since S
m
acts trivially on F R, the image of
this homomorphism lies in Aut(E/F) = G
f
. Finally the homomorphism is injective because G acts
faithfully on the roots
i
. Thus we have an injection G G
f
, so G = G
f
.
We now give Galois proof of his theorem, using the language of Thm. 3.32, and lling in the details.
The rst step is to construct the permutation group G. Let E be a eld containing the roots
1
, . . . ,
m
of f. By the Primitive Element Theorem 3.31,
11
there exists in E such that E = F(). Hence there
are polynomials h
1
, . . . , h
m
F[x] such that

i
= h
i
(), 1 i m.
Let g F[x] be the minimal polynomial of over F and let =
1
, . . . ,
n
be the roots of g, where
n = deg g = [E : F]. Galois proves
12
that for any i, j the value h
i
(
j
) is also a root of f. To see this,
note that for any i we have f(h
i
()) = f(
i
) = 0, so the polynomial f h
i
is divisible by the minimal
polynomial g of , so f(h
i
(
j
)) = 0 for all j. It follows that for each i, j we have
h
i
(
j
) =
j

i
(21)
for some permutation
j
of
1
, . . . ,
m
. The group G is then
G =
j
: 1 j n.
11
In Lemme II of [op. cit.] Galois states the Primitive Element Theorem without proof but he is careful to assume f is
separable, and he remarks that we may take to be an F-linear combination of the
i
s, as we see from the proof of Thm.
3.31.
12
See Lemme IV of op. cit.
42
We now prove that if
j
G and r F[x
1
, . . . , x
m
] satises

j
r() = r(), then r() F. Let r
h

F[x] be the polynomial r
h
(x) = r(h
1
(x), h
2
(x), . . . , h
m
(x)). Then r
h
() = r() and the equations
(21) become
r
h
(
j
) = r
h
(), 1 j n.
These equations imply that r() F. To see this, note that the polynomial
(x r())
n
=
n

j=1
(x r
h
(
j
)) (22)
has coefcients given in terms of the elementary symmetric polynomials: s
k
(r
h
(
1
), . . . , r
h
(
n
)). But
the polynomials s
k
(r
h
(x
1
), . . . , r
h
(x
n
)) are themselves symmetric, hence they lie in F[s
1
, . . . , s
n
], by
the Symmetric Polynomial Theorem. And the values s
k
(
1
, . . . ,
n
) are the coefcients of g(x), hence
they lie in F, so s
k
(r
h
(
1
), . . . , r
h
(
n
)) F for each k. Now differentiating (x r())
n
, we get
r() F, as claimed.
Conversely, if r() F, then the polynomial r
h
r() belongs to F[x]. Since r
h
() = r(), it follows
that r
h
r() is divisible by the minimal polynomial g of . Hence each
j
is a root of r
h
r(), so
for each j we have

j
r() = r
h
(
j
) = r().
4 Computing Galois groups of polynomials
Let F be a eld, and let f F[x] be a separable irreducible polynomial of degree n, with splitting
eld E = F(
1
, . . . ,
n
), where
1
, . . . ,
n
are the roots of F in E. What can we say about the Galois
group G
f
?
13
4.1 Transitive subgroups
Since f is irreducible, G
f
is a transitive subgroup of S
n
, via its permutations of the roots
i
. The
lattices of transitive subgroups of S
n
for some small values of n are as follows.
14
13
For tables of number elds of small degree, see http://hobbes.la.asu.edu/courses/low-grd/
14
For more group tables, see http://math.asu.edu/ jj/Groups/.
43
S
3
2
A
3
S
4
3
2
A
4
= L
2
(3)
3
D
4
2
2
C
4
D
2
S
5
6
2
A
5
= L
2
(5)
6
F
20
2
D
5
2
C
5
S
7
120
2
A
7
15
L
2
(7)
8 F
42
3
2
F
21
3
D
7
2
C
7
S
11
9!
2
A
11
1
2
7!
M
11
12
L
2
(11)
12
F
110
5
2
F
55
D
11
2
C
11
Here the groups S
n
, A
n
, D
n
, C
n
are as usual the symmetric, alternating, dihedral (of order 2n) and
cyclic groups. The other groups are as follows.
L
2
(p) = PSL
2
(p) acting via its exceptional permutation representation of degree p. These were dis-
covered by Galois, who noted they only exist for p = 3, 5, 7, 11.
F
p(p1)
= F
p
F

p
is the ax + b group over F
p
, which has subgroups F
ph
= F
p
H, for each divisor
h [ (p 1), where H F

p
is the unique subgroup of order h.
M
11
is the Mathieu group of order 8 9 10 11 = 7920, the smallest simple sporadic group.
44
S
6
720
A
6
360
S

5
= PGL
2
(5) 120
S
2
3
2 72
A

5
= PSL
2
(5) 60
B
3
48
S
2
3
F
36
36
S

4
S
+
4
S

4
24
(S
2
3
)
+
18
D
6
A

4
12
C
6
S
3
6
4.2 Invariant Theory and Resolvents
Let F be a eld, and recall that the symmetric group S
n
acts on the ring R = F[t
1
, . . . , t
n
] by

r(t
1
, . . . , t
n
) = r(t
1
, . . . , t
n
), and that the symmetric polynomials R
Sn
= r R :

r = r
R
Sn
= F[s
1
, . . . , s
n
],
where s
k
(t
1
, . . . , t
n
) =

t
i
1
. . . t
i
k
, summed over all 1 i
1
< < i
k
n, is the elementary
symmetric polynomial of degree k.
45
4.2.1 The discriminant
From now on we assume that char(F) ,= 2. The polynomial d R = F[t
1
, . . . , t
n
] given by
d =

i<j
t
i
t
j
,
has square equal to the discriminant polynomial
D = d
2
R
Sn
.
For all S
n
we have

d = sgn() d,
so d R
An
is invariant under the alternating group A
n
.
Let f F[x] be a polynomial of degree n, with distinct roots
1
, . . . ,
n
. Then
f =
n

k=0
(1)
k
s
k
()x
nk
,
so the values s
k
() lie in F. Since D R
Sn
is a polynomial in the s
k
s, its value D() is that same
polynomial evaluated at the coefcients of f, which are known. We write this value as
D
f
= D() = d()
2
=

i<j
(
i

j
)
2
F.
Since f has distinct roots, we have D
f
,= 0.
The Galois group of G
f
is a subgroup of S
n
via its permutations of the roots, so we can ask when
G
f
A
n
. The answer is as follows.
Proposition 4.1 We have G
f
A
n
if and only if D
f
F
2
is a nonzero square in F.
Proof: If G
f
A
n
then d is invariant under G
f
so we have (d()) =

d() = d() for all G
f
.
Hence d() F

so D
f
= d()
2
F
2
. Conversely, if D
f
F
2
then reversing the previous
argument shows that d() =

d() = sgn() d() for all G
f
. Since d() ,= 0, this implies
G
f
A
n
.
The explicit formula for D
f
in terms of the coefcients of f is complicated, as we have seen in section
3.1. You can call it up in Mathematica by the command Discriminant[poly, x]. One can simplify
the formulas for D
f
(at least if the characteristic of k does not divide n) by replacing f(x) = x
n
+
ax
n1
+. . . by f(xa/n) = x
n
+0x
n1
+. . . , which does not change G
f
. Thus, we have the formulas
f = x
3
+ bx + c : D
f
= 4b
3
27c
2
f = x
4
+ bx
2
+ cx + d : D
f
= 4b
3
c
2
27c
4
+ 16b
4
d + 144bc
2
d 128b
2
d
2
+ 256d
3
f = x
5
+ bx
3
+ e : D
f
= 2
2
3
3
b
5
e
2
+ 5
5
e
4
f = x
5
+ cx
2
+ e : D
f
= 2
2
3
3
c
5
e + 5
5
e
4
f = x
5
+ dx + e : D
f
= 4
4
d
5
+ 5
5
e
4
46
It can be shown that f = x
n
+ rx + s has discriminant
D
f
= a
n
s
n1
+ a
n1
r
n
, a
n
= (1)
n(n1)/2
n
n
.
Invariant theory is the study of polynomials invariant under an action of a group G on a polynomial
ring R = F[t
1
, . . . , t
n
]. These invariants form a subring
R
G
:= r R :
g
r = r R.
For example, we have seen that when G = S
n
acts on R by

r(t
1
, . . . , t
n
) = r(t
1
, . . . , t
n
), the
invariants Now let G = G
f
be the Galois group of our polynomial f, viewed as a subgroup of S
n
by
permuting the roots
1
, . . . ,
n
of f in a splitting eld E. For r R, we abbreviate
r() = r(
1
, . . . ,
n
) E.
One can use Invariant theory to move down the lattice of transitive subgroups as follows. Suppose that
we have subgroups H J S
n
and that G
f
J.
15
We want to decide if G
f
is contained in some
conjugate of H. For subgroups B, C of a group A, let us write B
A
C if there exists a A such that
B C
a
. So we want to decide if G
f

J
H.
Let r R be a polynomial whose stabilizer in J is H:
H = J :

r = r.
The data J, H, r combine to give a resolvent polynomial:
Res
J/H
(t, x) =

J/H
(x

r) R
J
[x].
Note that Res
J/H
(t, x) is a polynomial in x whose coefcients in R are polynomials in t
1
, . . . , t
n
. It
makes sense to take the product over the cosets J/H because H xes r, and since J permutes the
cosets, the coefcients of Res
J/H
(t, x) in fact lie in R
J
, as claimed.
If we now specialize t , we get a polynomial
Res
J/H
(, x) =

J/H
(x

r()) F[x].
At rst glance it may seem only that Res
J/H
E[x]. However, if c(t) R
J
is some coefcient of
Res
J/H
(t, x), then since G
f
J we have (c()) =

c() = c() for all G
f
, so in fact c() F
and Res
J/H
(, x) lies in F[x] as claimed.
The polynomial Res
J/H
(, x) contains the following information about G
f
.
Proposition 4.2 If G
f

J
H then Res
J/H
(, x) has a root in F. And if Res
J/H
(, x) has a simple
root in F, then G
f

J
H.
15
For example, we could have J = S
n
, or perhaps J < S
n
and by previous work we have found that G
f
J.
47
Proof: Suppose G
f
H
1
for some J. We know that

r() is a root of Res
J/H
(, x), and
for all G
f
we have
(

r()) =

r() =

1

r() ==

r(),
since
1
H xes r.
Conversely, if Res
J/H
(, x) has a simple root in F, then this root is

r() for some J. Now for
all G
f
we have

r() = (

r()) =

r().
Since the root is simple, we must have

r =

r, so
1
xes r. Since G
f
was arbitrary, this
means
1
G
f
H, or G
f
H
1
, as claimed.
4.2.2 Cubic Polynomials
Recall our assumption that char(F) ,= 2 Let f = x
3
+ax
2
+bx+c be an irreducible cubic polynomial
over F with distinct roots , , generating a splitting eld E. The discriminant
D
f
= ( )( )( ) = a
2
b
2
4b
3
4a
3
c + 18abc 27c
2
F

.
If D
f
F
2
then G
f
= A
3
has no proper subgroups. Hence there are no proper intermediate elds,
we have F() = F() = F(). This means that each root is a polynomial expression in the others.
Example 1: Let F = Q. The polynomial f = x
3
+ x
2
2x 1 Q[x] has D
f
= 49 and roots
= 2 cos(2/7), 2 cos(4/7), 2 cos(6/7),
satisfying the relations =
2
2, =
2
+ 1.
Example 2:
16
The polynomial f(x) = x
3
tx
2
+ (t 3)x + 1 Q(t)[x] has discriminant D
f
=
(t
2
3t + 9)
2
, hence has Galois group A
3
over Q(t). Specializing t to any value in Q such that
t
2
3t + 9 ,= 0, we get a cubic in Q[x] with Galois group A
3
over Q.
If f F[x] has D
f
F

F
2
then G
f
= S
3
and the correspondence between subgroups and
intermediate elds is given by
e
(12) (23) (13)
A
3
G
f
= S
3
E
F() F() F()
F(
_
D
f
)
F
16
Serre, Topics in Galois Theory, p. 1
48
4.2.3 Quartic Polynomials
Let f = x
4
+ ax
3
+ bx
2
+ cx + d be an irreducible separable quartic polynomial over F with roots

1
,
2
,
3
,
4
. The polynomials
A = t
1
t
3
+ t
2
t
4
B = t
1
t
2
+ t
3
t
4
C = t
1
t
4
+ t
2
t
3
(23)
Form an S
4
-orbit in R; the stabilizer of any one of A, B, C is a D
4
, while the stabilizer of all three is
K
4
. One checks that
(A B)(B C)(A C) =

1i<j4
(t
i
t
j
). (24)
Letting
J = C
S
4
((1 3)(2 4)) = Stab
S
4
(A) D
4
,
we get the generic resolvent
Res
S
4
/D
4
(t, x) = (x A)(x B)(x C) = x
3
s
2
x
2
+ (s
3
s
1
4s4)x + (4s
4
s
2
s
4
s
2
1
s
2
3
).
This specializes to the cubic resolvent
g = Res
S
4
/J
(, x) = x
3
bx
2
+ (ac 4d)x + (4bd a
2
d c
2
),
whose roots are
=
1

3
+
2

4
=
1

2
+
3

4
=
1

4
+
2

3
.
(25)
Under this same specialization, equation (24) becomes the equality of discriminants
D
g
= D
f
. (26)
In particular, since f has distinct roots, so does g. Let L = F(, , ) be the splitting eld of g in E.
Then L is Galois over F so L = E
H
for some normal subgroup H G
f
, and there is an exact sequence
1 H
Aut(E/L)
G
f
Aut(G
f
/F)
G
f
/H
Aut(L/F)
1. (27)
Since K
4
xes the polynomials A, B, C, it xes their specializations , , , so we have K
4
H.
We again assume char(F) ,= 2.
Case 1: D
f
/ F
2
and g has no root in F. Then G
f
is not contained in A
4
or D
4
, so we must have
G
f
= S
4
. The exact sequence (27) becomes
1 K
4
S
4
S
3
1.
49
Since most polynomials do not have rational roots, almost all quartics f have G
f
= S
4
.
Case 2: D
f
F
2
and g has no root in F. Then G
f
is contained in A
4
but not in D
4
, so we must
have G
f
= A
4
. Since D
g
= D
f
F
2
, the extension L/F has degree three with Galois group A
3
.
The exact sequence (27) becomes
1 K
4
A
4
A
3
1.
Let H
i
C
3
be the stabilizer of
i
in G
f
, and let J
i
= (1 i)(jk) be the stabilizer of the root
1

i
of the irreducible quadratic equation x
2
(
1

i
+
j

k
)x + d over L. The correspondence between
subgroups and intermediate elds is given by
e
J
2
J
3
J
4
H
1
H
2
H
3
H
4
K
4
G
f
= A
4
E
F(
1

2
) F(
1

3
) F(
1

4
)
F(
1
) F(
2
) F(
3
) F(
4
)
F(, , ) = L
F
Examples of quartics f Q[x] with G
f
= A
4
include:
quarticf discriminant D
f
resolvent cubic g
x
4
+ 8x + 12 2
12
3
4
x
3
48x 64
x
4
+ 9x
2
+ 13x + 30 3
6
7
2
13
2
x
3
9x
2
120x + 911
x
4
+ 18x
2
4x + 82 2
8
109
2
x
3
18x
2
328x + 5888
50
Case 3: D
f
F
2
and g has a root in F. Then G
f
A
4
D
4
= K
4
acts trivially on , , so g
splits over F. The exact sequence (27) becomes
1 K
4
K
4
1 1.
Since [E : F] = 4, each root
i
generates E over F. Since =
1

3
+
2

4
F the polynomial
x
2
x + d lies in F[x] and has roots
1

3
,
2

4
in E. Similarly for and . Hence for i =
2, 3, 4 we have subelds F(
1

i
) E quadratic over F. The correspondence between subgroups and
intermediate elds is given by
e
J
2
J
3
J
4
G
f
= K
4
E
F(
1

2
) F(
1

3
) F(
1

4
)
F
Examples of quartics f Q[x] with G
f
= K
4
include:
quarticf discriminant D
f
resolvent cubic g
x
4
+ 1 4
4
x(x
2
4)
x
4
+ x
2
+ 1 2
4
3
2
(x 1)(x
2
4)
x
4
10x
2
+ 1 2
14
3
2
(x + 10)(x
2
4).
These are the minimal polynomials of e
i/4
, e
i/6
,

2 +

3, respectively.
Case 3: If D
f
/ F
2
and g has a root in F then either G
f
= D
4
or G
f
= C
4
.
The next proposition addresses this ambiguity.
Proposition 4.3 Assume that D
f
/ F
2
and the cubic resolvent g has a root F. Then
1. G
f
C
4
if and only if f is reducible over the subeld M = F(
_
D
f
).
2. is the unique root of g in F.
3. G
f
C
4
if and only if
2
4d and a
2
+ 4( b) are both squares in M.
17
Proof: We have g = (x )h(x), where h(x) F[x]. Let , be the roots of h. Then h(x) =
x
2
( + )x + , so + and lie in F. Since
D
f
= D
g
= ( )
2
( )
2
( )
2
= h()
2
( )
2
/ F
2
,
we cannot have F, so is the unique root of g in F. From this we also see that , M, so
M is the splitting eld of g over F.
17
L.C. Kappe, B. Warren, Amer. Math. Monthly 1989
51
Under the Galois correspondence, we have M = E
GA
4
G, and GA
4
= Aut(E/M) Since G D
4
we have
G A
4
= G K
4
=
_
K
4
if G D
4

2
if G = C
4
.
Now f is irreducible in M[x] iff G A
4
= Aut(E/M) is transitive on the roots of f, which happens
exactly when G D
4
. Otherwise, if f is reducible in M[x] then G A
4
cannot be transitive on the
roots of f, which happens exactly when G C
4
.
The last assertion is equivalent to the polynomial
h(x) = (x
2
x + d)(x
2
+ ax + b ) (28)
splitting in M. We may number the roots of f as
1
,
2
,
3
,
4
of f so that =
1

3
+
2

4
. In this
labelling G C
S
4
((1 3)(2 4)) D
4
. The two factors of h have roots
1

3
,
2

4
and
1
+
3
,
2
+
4
,
respectively, so h splits in E.
If G C
4
then E/F contains only one quadratic subeld, namely M. Hence every quadratic polyno-
mial splitting in E must split in M, so h splits in M.
Conversely, suppose h splits in M. Then
1

3
,
2

4
,
1
+
3
,
2
+
4
M, so the polynomial
k(x) := (x
2
(
1
+
3
)x +
1

3
= (x
1
)(x
3
) M[x].
Let L be the splitting eld of k over M. Then
1
,
3
L and also , , M L, since g splits in
M. Hence
2
+
4
= a (
1
+
3
) L.
One checks that (
1

2
)(
1

4
)(
2

3
)(
3

4
) is invariant under C
S
4
((1 3)(1 4)), hence under
G, so it lies in F

. From D
f
= D
g
we get
(
1

3
)(
2

4
) F

( ).
Since
1
,
3
, , L it follows that
2

4
L.
We have now shown that
1
,
2
,
3
,
4
L, so L = E. Since deg k = 2, this shows that [E : M] 2,
so [E : F] 4 and G = (1 2 3 4) C
4
.
One can also approach this using resolvents. Let J = C
S
4
((1 3)(1 4)) and let H J be the subgroup
H = (1 2 3 4) = Stab
J
(t
1
t
2
2
+ t
2
t
2
3
+ t
3
t
2
4
+ t
4
t
2
1
) C
4
.
The D
4
/C
4
-resolvent is
Res
D
4
/C
4
(t, x) = [x (t
1
t
2
2
+ t
2
t
2
3
+ t
3
t
2
4
+ t
4
t
2
1
)][x (t
2
1
t
2
+ t
2
2
t
3
+ t
2
3
t
4
+ t
2
4
t
1
] R
J
[x],
52
which specializes to the quadratic resolvent
18
q(x) =x
2
(2c ab + a)x +
1
2
_
a
2
d 4bd + 2b
3
+ 2a
3
c 10abc + 11c
2
_
+
_
ac 2a
2
b + 2b
2
+ 4d
_
+
_
2a
2
b
_

2
3
3
,
(29)
whose roots are
=
1

2
2
+
2

2
3
+
3

2
4
+
4

2
1
=
2
1

2
+
2
2

3
+
2
3

4
+
2
4

1
.
(30)
and whose discriminant D
q
= ( )
2
is given rationally by
D
q
= a
2
b
2
4b
3
+2a
2
b4b
2
3a
2

2
+2b
2
+6
3
4a
3
c+16abc+2ac18c
2
2a
2
d+8bd8d.
Assume D
q
,= 0. Then we have G C
4
iff D
q
F
2
, by Prop. 4.2. Unfortunately, D
q
is often zero,
meaning that the quadratic resolvent has one root of multiplicity two, so Prop. 4.2 does not apply in
these cases. However, when D
q
,= 0 its square-class gives independent conrmation of the decision of
whether G
f
C
4
.
Examples of quartics f Q[x] with G
f
= D
4
include:
quarticf discriminant D
f
resolvent cubic g D
q
x
4
+ 4x + 2 2
11
(x 4)(x
2
8) 0
x
4
+ d (d ,= ) 4
4
d
3
x(x
2
4d) 0
x
4
+ ax
3
+ (b 2)x
2
+ ax + 1 (a
2
4b + 16)
2
(b
2
4a
2
) (x 2)(x
2
+ (4 b)x + a
2
2b + 4) D
f
In the last line we assume b
2
4a
2
,= .
Examples of quartics f Q[x] with G
f
= C
4
include:
quarticf discriminant D
f
resolvent cubic g D
q
x
4
+ x
3
+ x
2
+ x + 1 5
3
(x 2)(x
2
+ x 1) 5
2
x
4
+ x
3
+ 2x
2
4x + 3 3
2
13
3
(x 5)(x
2
+ 3x 1) 13
2
x
4
+ x
3
6x
2
x + 1 2
2
17
3
(x + 2)(x
2
4x 12) 2
2
17
2
x
4
+ x
3
+ 4x
2
+ 20x + 23 7
2
29
3
(x + 2)(x
2
4x 12) 2
2
29
2
x
4
2ax
2
+ a
2
b
2
d 4
4
b
4
d
2
(a
2
b
2
d) x(x
2
4d) 0
(a
2
b
2
d = d ,= )
The rst four examples are the quartic subelds of Q(e
2i/p
) for p = 5, 13, 17, 29 (see section 1.7). In
the last example, f = x
4
2ax
2
+a
2
b
2
d has splitting eld E = Q(
_
a + b

d). The polynomial in


(28) is (x
2
+ 2ax + a
2
b
2
d) x
2
, which splits over Q(

d), giving G
f
= C
4
.
18
To compute this specialization, we have to express the two coefcients of Res
D4/C4
(t, x) in terms of the J-invariant
polynomial T := t
1
t
3
+ t
2
t
4
and symmetric polynomials. The hardest coefcient is the constant term Res
D4/C4
(t, 0).
Since it has degree six, we set
(t
1
t
2
2
+ t
2
t
2
3
+ t
3
t
2
4
+ t
4
t
2
1
)(t
2
1
t
2
+ t
2
2
t
3
+ t
2
3
t
4
+ t
2
4
t
1
) = S
6
+ S
4
T + S
2
T
2
+ S
0
T,
where S
k
are unknown symmetric polynomials of degree k. One can use the SymmetricReduction command in
Mathematica to nd S
4
, S
2
, S
0
such that T (S
4
T + S
2
T
2
+ S
0
T) is symmetric, which gives S
6
.
53
4.2.4 Constructible numbers revisited
Recall the eld K of constructible numbers, from section 3.6.2. These are the numbers in C such
that Q() is at the top of a tower of elds
Q = F
0
F
1
F
n
= Q() (31)
such that [F
i
: F
i1
] = 2 for each 1 i n. As we have seen in Prop. 3.17, this implies that the
minimal polynomial f

of every element K over Q has degree a power of 2. We can now see why
this degree condition is not sufcient to guarantee that K.
For suppose such a tower (31) exists. Since quadratic extensions are always Galois, and Galois ex-
tensions are preserved under towers (see Prop. ??), having K forces Q() to be Galois over Q,
and the Galois group Aut(Q()) must be a 2-group. But if we take any irreducible quartic polynomial
f Q[x] with G
f
= A
4
, then the subelds Q(
i
) generated by the roots of f are quartic non-Galois
extensions of Q. Hence the numbers
i
are not constructible. Note that the quartic elds Q(
i
) have
no quadratic subelds, corresponding to A
4
having no subgroups of index two. Thus, the failure of the
converse of Prop. 3.17 corresponds to the failure of the converse to Lagranges theorem.
However, if Q()/Q is Galois of degree 2
n
over Q, then the Galois group G = Aut(Q()) has order
2
n
and from group theory we know there is a chain of subgroups
e = G
n
< G
n1
< < G
0
= G,
with [G
i
[ = 2
ni
for each i. The Galois correspondence then gives a tower of elds as in (31), where
F
i
is the xed-eld of G
i
in F
n
= Q(). Thus we have proved:
Theorem 4.4 3.17 A number C is constructible if and only if Q() is Galois over Q with degree
a power of 2.
5 Galois groups and prime ideals
Let f Z[x] be a monic polynomial with Galois group G
f
over Q. For each prime p in Z we can
reduce the coefcients of f modulo p and get a polynomial

f F
p
[x]. Thus we have another Galois
group G
f
, this time over F
p
. The permutation group G
f
is completely determined by the factorization
of

f in F
p
[x], hence can be calculated explicitly for any given prime p. The remarkable fact is that G
f
is a subquotient of G
f
, and is even a subgroup of G
f
for all but nitely many primes p. The origin of
this fact is the relation between primes in Z and prime ideals in the ring of integers in the splitting eld
of f over Q.
5.1 The ring of integers in a number eld
A number eld is a eld E Q for which E is a nite dimensional Q-vector space. The ring of
integers in E is the subring R of elements in E which are integral over Z. We have seen that R is a
ring. In this section we consider the structure of the additive group of R.
54
An abelian group A is free of rank n if A Z
n
. Equivalently there exists a subset
1
, . . . ,
n
A,
called a basis, which generates A and is linearly independent over Z. We have A Z
1
Z
n
and every element of A can be written uniquely as a Z-linear combination of elements of the basis

1
, . . . ,
n
. Note that for any prime p we have A/pA (Z/pZ)
n
, so the rank n depends only on A
and not on the choice of basis.
Lemma 5.1 Let B be a free abelian group of rank n 1 and let A be a subgroup of B. Then A is free
abelian of rank n.
Proof: Let
1
, . . . ,
n
be a basis of B. For 1 r n we set
B
r
=
r

i=1
Z
i
, A
r
= A B
r
,
so that A
n
= A. We prove by induction on r that A
r
has rank r for all r.
At the rst step, A
1
= A Z
1
is a subgroup of Z
1
Z, so there is a Z such that A
1
= Za
1
is
zero if a = 0 and is free of rank 1 n if a ,= 0.
Assume that A
r1
is free of rank s r 1, and let
1
, . . . ,
s
be a basis of A
r1
. Let : B
r
Z
r
be the map sending
b
1

1
+ + b
r

r
b
r

r
.
Then (A
r
) is a subgroup of Z
r
Z. Let A
r
be any element such that () generates (A
r
).
It is easy to check that
1
, . . . ,
s
, spans A
r
. If () = 0 then
1
, . . . ,
s
is also a basis of A
r
and were done. Assume () ,= 0 and suppose c
1

1
+ + c
s

s
+ c = 0, with all c
i
, c Z. Then
c A
r1
ker , so c() = 0, forcing c = 0. Now the remaining c
i
= 0 by linear indpendence of

1
, . . . ,
s
, . Hence
1
, . . . ,
s
, is a basis of A
r
and the proof is complete.
Lemma 5.2 Let A B be free abelian groups of rank n and let C be an intermediate group: A
C B. Then C is free abelian of rank n.
Proof: Applying Lemma 5.1 to the containment C B we have C free of rank m n. From the
containment A C we have A free of rank m. But since A has rank n we must have m = n.
Proposition 5.3 Let E be a number eld, of degree n over Q. Then the ring of integers R of E is a
free abelian group of rank n.
We rst assume that E/Q is Galois. From Prop. 3.12 we have QR = E. It follows that E has a
Q-basis
1
, . . . ,
n
contained in R. Note that
1
, . . . ,
n
need not be a Z-basis of R. Let A
be the subgroup of R generated by
1
, . . . ,
n
. Since linear independence over Q implies linear
indendence over Z, the set
1
, . . . ,
n
is a basis of A, so A is free of rank n. We will nd r Q
such that R rA. Since rA is also free of rank n, the Proposition will then follow from Lemma 5.2.
55
The group G = Aut(E) has order n; list its elements as G =
1
, . . . ,
n
, and set
ij
=
j
(
i
),
obtaining an n n matrix [
ij
]. If we apply some G to each entry
ij
the columns of the matrix
are permuted, so the determinant := det[
ij
] will change by at most a sign . Hence the number
D :=
2
is invariant under G and we have D R Q = Z.
Let R and write = c
1
0
(c
1

1
+ + c
n

n
), with c
i
Z. Then

j
() =
n

i=1
c
i
c
0

ij
,
so we have
[
ij
]
_
_
_
c
1
/c
0
.
.
.
c
n
/c
0
_
_
_
=
_
_
_

1
()
.
.
.

n
()
_
_
_
.
Fromthe formula for the inverse of a matrix, it follows that [
ij
]
1
has entries in R, so that (c
i
/c
0
)
R for each i, and then D (c
i
/c
0
) R Q = Z, so that D A and D
1
A. Therefore
R D
1
A and the proposition is proved when E/Q is Galois.
Now let E/Q be an arbitrary nite extension. Choose a Galois extension L/Q containing E and let S
be the ring of integers of L. By what we just proved, S is free of rank [L : Q]. Now R = S E, so
R is free of some rank m [L : Q], by Lemma 5.1. Since a Z-basis of R is a Q-basis of E, we must
have m = n, so R is free of rank n, as claimed. .
Remark: The number D appearing in the proof is discriminant of E/Q, usually denoted D
E/Q
:
D
E/Q
= det[
ij
]
2
. (32)
It is related to discriminants of polynomials as follows. If E = Q() where R has monic minimal
polynomial f Z[x] then
D
f
= [R : Z[]]
2
D
E/Q
.
Proposition 5.4 Let E be a number eld, of degree n over Q, let R be the ring of integers in E, let p
be a prime in Z and let P be a prime ideal of R containing p. Then R/P is a nite eld of cardinality
dividing p
n
.
Proof: From Prop. 3.3, we have that P is a maximal ideal in R, so R/P is a eld. Let n = [E : Q].
From Lemma 5.3, we have R Z
n
, as abelian groups. Hence R/pR (Z/pZ)
n
. Since p P, we
have a surjective map R/pR R/P, and the proposition follows.
For each prime p in Z, the subset
Spec(R/pR) = P Spec(R) : p P = P Spec(R) : P Z = pZ
is the set of prime ideals in R containing p. In more geometric terms, Spec(R/pR) is the ber over pZ
of the map Spec(R) Spec(Z) induced by the canonical homomorphism : Z R.
56
Remark: Assume
19
that R = Z[] is generated by a single element with minimal monic polynomial
f Z[x]. Then Spec(R) = Spec(Z[x]/fZ[x]) is the closure of the point fZ[x] in Spec(Z[x]) and
Spec(F
p
[x]) = Spec(Z[x]/pZ[x]) is the ber of Spec(Z[x]) over pZ Spec(Z). Then Spec(R/pR) is
the intersection of these two sub-schemes of Spec(Z[x]):
Spec(R/pR) = Spec(Z[x]/fZ[x]) Spec(Z[x]/pZ[x]).
Now
R/pR F
p
[x]/(

f)

i=1
F
p
[x]/(

f
e
i
i
),
where

f =

f
e
1
1
f
e

and the

f
i
are distinct and irreducible in F
p
[x]. Each factor is a local ring with
maximal ideal P
i
= (p,

f
i
) and we have Spec(R/pR) = (p, f
i
) : i = 1, . . . , .
5.2 Decomposition and inertia groups
Now let E/Qbe a Galois extension with ring of integers R and Galois group G = Aut(E). The action
of G on E preserves R and permutes the prime ideals of R, so we have a G-action on Spec(R). Since
G xes each prime p in Z, it follows that G acts on each ber Spec(R/pR) of Spec(R) over Spec(Z).
Proposition 5.5 The group G acts transitively on Spec(R/pR), for each prime p Z.
Proof: Suppose G does not act transitively on Spec(R/pR) for some prime p Z. Then there are
P, Q X
p
such that Q ,= P for all G. Since primes in R are maximal, we can apply the Chinese
Remainder Theorem: There exists R such that
0 mod Q, and 1 mod P G.
The product
N() :=

G
() =

=e
()
lies in Q because Q and Q is an ideal. On the other hand N() is G-invariant, hence lies in
Q R = Z. Thus, N() Q Z = pZ. But pZ = P Z, so we also have N() P. Since P is
prime we must have () P for some G, so
1
P, contradicting the congruence 1
mod P for =
1
.
It follows that the G-orbits in Spec(R) are precisely the bers Spec(R/pR) and the map Spec(R)
Spec(Z) induces a bijection
G Spec(R)

Spec(Z).
The stabilizer of a prime P Spec(R) is the decomposition group
G
P
= G : P = P.
19
If we replace Z by Z
p
we can avoid this assumption.
57
From Prop. 5.5 we have [G : G
P
] = [ Spec(R/pR)[, and if P, Q Spec(R/pR) the subgroups G
P
and G
Q
are conjugate in G.
Let us now x P Spec(R/pR). For each R let = + P be the image of in the nite
eld R/P. The decomposition group G
P
preserves P, hence it acts on R/P, so we have a canonical
homomorphism
: G
P
Aut(R/P)

, given by

( ) = ().
The group Aut(R/P) C
r
is cyclic of order r = [R/P : F
p
], generated by the Frobenius automor-
phism
p
Aut(R/P) given by
p
(x) = x
p
for all x R/P.
Proposition 5.6 The canonical homomorphism : G
P
Aut(R/P) is surjective.
Proof: If R/P = F
p
then Aut(R/P) is trivial, and so is the result. We may therefore assume
R/P ,= F
p
. Choose R such that R/P = F
p
(

). For example we could take



to be a generator of
(R/P)

. Note that

/ F
p
since R/P ,= F
p
. Let g Z[x] be the monic minimal polynomial of the
algebraic integer . Since G has a root in E, namely , and E/Q is Galois, the polynomial g splits in
E[x] and all of the roots of g in E actually lie in R. These roots =
1
, . . . ,
m
R are permuted
transitively by G, since g is irreducible in Q[x]. The roots of g in R/P are

=

1
, . . . ,

m
, and these
are permuted, not necessarily transitively, by Aut(R/P) =
p
. Hence we have

p
=

i
for some
1 i m. Since G is transitive on
1
, . . . ,
m
there exists G such that () =
i
.
I claim that G
P
. Suppose not. Then we have distinct maximal ideals P ,= P. By the Chinese
Remainder Theorem, there exists R such that
mod P, and 1 mod P.
We then get two congruences in R/P:

p

p
mod P, and
1
() 1 mod P,
which imply
=
1
(
i
)
1
(
p
)
1
(
p
) = 1 mod P.
This forces

= 1 F
p
, a contradiction.
Therefore G
P
, and we have

) = () =

i
=

p
=
p
(

).
Since

generates R/P, it follows that

=
p
generates Aut(R/P), so is surjective.
The inertia group I
P
is the kernel of the canonical surjection : G
P
Aut(R/P). It ts into the
exact sequence
1 I
P
G
P

Aut(R/P) 1.
58
If P, Q Spec(R)
p
and G is such that P = Q then G
P

1
= G
Q
and I
P

1
= I
Q
. Hence
the degree r of R/P over F
p
and the order e of I
P
depend only on p and we have
[G[ = e r s,
where
e = [I
P
[, r = [G
P
: I
P
], s = [G : G
P
] = [ Spec(R)
p
[.
The number e is called the ramication degree of p. We say that p is ramied in E if e > 1 and
unramied in E if e = 1. Equivalently, p is unramied in E exactly when the canonical surjection
: G
P
Aut(G/P) is an isomorphism. In this case, we have a unique element
P
G
P
such that
(
P
) =
p
is the Frobenius automorphism of R/P. One can check that
P

1
=
(P)
for any
G. Thus for each unramied prime p Z we have a conjugacy class Frob
p
G given by
Frob
p
=
P
: p P.
We will see that only a nite number of primes are ramied. As p varies among the all-but-nitely
many unramied primes in Z, the conjugacy class Frob
p
varies among the conjugacy classes in G. The
Chebotarev Density Theorem asserts that, statistically, each conjugacy class in G is visited by its fair
share of primes.
Theorem 5.7 (Chebotarev Density Theorem) Let E/Q be a Galois extension and let C be a conju-
gacy class in the Galois group G = Aut(E). Then we have
lim
N
[primes p N : Frob
p
= C[
[all primes p N[
=
[C[
[G[
.
Proof: See [Neukirch, Algebraic Number Theory ,VII.13].
Dedekind proved that that the ramied primes are exactly those which divide the discriminant D
E/Q
,
dened in (32).
20
In the next section we will prove a weaker result with D
E/Q
replaced by a polynomial
discriminant D
f
.
5.3 Frobenius classes in the Galois group of a polynomial
Let f Z[x] be a monic polynomial with deg f = d. Let E be the splitting eld of f over Q and let R
be the ring of integers in E. Let p Z be a prime not dividing the discriminant D
f
, let

f F
p
[x] be
the reduction of f modulo p, and let P be a prime ideal in R containing p.
Since p D
f
, and D
f
= D
f
because D
f
is an integral polynomial in the coefcients of f, it follows
that both f and

f have d-distinct roots in R and R/P respectively. If
1
, . . . ,
d
are the distinct roots
of f in R, then their images
1
, . . . ,
d
in R/P are the distinct roots of

f in R/P. Thus, we have
homomorphisms
G
P
S
d
Aut(G/P),
where the left-hand map is the restriction of the injection G S
d
.
20
See for example, Neukirch Algebraic Number Theory III.2.
59
Proposition 5.8 Assume that p does not divide the discriminant D
f
. Then p is unramied in E. More
precisely, the map : G
P
Aut(R/P) is an isomorphism making the following diagram commute:
G
P

//
Aut(R/P)
yy
S
d
In particular, Frob
p
and
p
belong to the same conjugacy class in S
d
.
Proof: Take G
P
and 1 i n. Suppose (
i
) =
j
Then

(
i
) = (
i
) =
j
, so and

induce the same permutation in S


d
.
Proposition 5.9 Assume p D
f
. If

f =

f
1
. . .

f

, with

f
i
irreducible in F
p
[x], then the elements of
Frob
p
have cycle type [d
1
, d
2
, . . . , d

] in S
d
, where

d
i
= deg

f
i
.
For example, Frob
p
consists of d-cycles if and only if f is irreducible modulo p.
To apply Prop. 5.9, it is useful to have
Proposition 5.10 [Jordans Lemma] Let G be a nite group and let H G be a subgroup of G such
that H C is nonempty for every conjugacy class C in G. Then H = G.
Proof: We have
[G[ =

_
gG/H
gHg
1

1 + [G : H]([H[ 1) = [G[ ([G : H] 1),


so [G : H] = 1.
Example: Suppose f Z[x] is irreducible of degree ve. Below we tabulate the transitive subgroups
G S
5
and the number of each cycle type in G.
G [5] [41] [32] [311] [221] [2111] [1
5
]
S
5
24 30 32 20 15 10 1
A
5
24 0 0 20 15 0 1
F
20
4 10 0 0 5 0 1
D
5
4 0 0 0 5 0 1
C
5
4 0 0 0 0 0 1
If there exists a prime p such that Frob
p
has type [32] then G = S
5
, since no proper transitive subgroup
of S
5
contains such a cycle type. Similarly, if Frob
p
is of type [311] for some p then G
f
is either S
5
or
A
5
, which can be decided by a discriminant calculation.
60
Example: (Exercise in Lang) Let f = x
6
+22x
5
9x
4
+12x
3
37x
2
29x 15. Reducing modulo
2, 3, 5 we nd cycle types [6], [51], [21
4
] in G
f
, which implies that G
f
= S
6
.
Example: Let f = x
6
10x
3
+ 15x
2
6x + 1. One can check that (1 x)
6
f(1/(1 x)) = f(x).
Hence if is a root of f, so are

= 1/(1 ) and

= 1 (1/). One checks that f is irreducible


modulo 17, so ,

are distinct. It follows that G


f
centralizes a [33]-cycle in S
6
. The centralizer
H = C
S
6
([33]) has structure (C
3
C
3
) C
2
, with C
2
acting by permuting the factors and contains
only elements of cycle types [6], [3111], [33], [222], [1
6
]. To show G
f
= H, it sufces to nd elements
in G
f
of each of these cycle types.
class: [6] [3111] [33] [222] [1
6
]
smallest p : 17 11 5 13 127
This proves that G
f
= H.
6 Cyclotomic extensions and abelian numbers
Fix an integer n 2 and let
n
= C

:
n
= 1 be the group of n
th
-roots of unity in C

. These
are the roots of x
n
1 and are generated by the complex number = e
2i/n
. The primitive n
th
roots
of unity are the generators of
n
; these are the powers
k
for k in the unit group U(n) := (Z/nZ)

.
Since all of the roots of x
n
1 are powers of , the eld Q() is the splitting eld of x
n
1, so it is
Galois over Q. Let G = Aut(Q()) be the Galois group. Each G is determined by its effect on
and () must be another primitive n
th
root of unity. Hence we have an injective homomorphism
: G U(n), given by () =
()
.
The n
th
cyclotomic polynomial

n
(x) :=

kU(n)
(x
k
)
has for roots exactly the primitive n
th
roots of unity. As these are permuted by G, it follows that
n
is
G-invariant, and hence has coefcients in Z Q = Z.
Proposition 6.1
n
(x) is irreducible over Q.
Proof: Let f be the minimal polynomial of over Q. Since

Z we have f monic in Z[x] and
f [ x
n
1, so we may factor x
n
1 = fg in Z[x].
Let p be any prime not dividing n. Then
p
is another root of x
n
1 so either f(
p
) = 0 or g(
p
) = 0.
Suppose g(
p
) = 0. Let h(x) = g(x
p
). Then h() = 0 so h = fq for some q Z[x]. In F
p
[x] we have

f q =

h = g
p
.
It follows that

f and g have a common factor. But x
n
1 has distinct roots modulo p, since p n. This
contradiction shows that g(
p
) ,= 0, so we must have f(
p
) = 0.
61
This holds for all primes p not dividing n, hence f(
k
) = 0 for all k U(n). It follows that f =
n
.

Recall that the order of U(n) is given by the Euler function (n) = [U(n)[.
Corollary 6.2 We have [Q() : Q] = (n) and the map : G U(n) is an isomorphism.
We now compute the classes Frob
p
Gfor each p not dividing n. Since Gis abelian, each class Frob
p
consists of a single element:
Frob
p
=
p
.
Proposition 6.3 For any prime p not dividing n, the element (
p
) U(n) is given by (
p
) p
mod n.
Proof: Let R be the ring of integers of Q() and let P be a prime ideal of R containing p. Since p n,
the reduction

n
=

kU(n)
(x

k
)
has distinct roots

k
R/P.
If , G are such that () = (), we have () = (), so = by the injectivity of . By the
surjectivity of there is an element
p
G such that (
p
) = p. That is,
p
() =
p
. But

p
() =

p
=
p
(),
so in fact
p
=
p
as we wished to show.
For a given k U(n) we have (
p
) = k if and only if p k + nZ. Thus, Chebotarevs Theorem 5.7
reduces to Dirichlets Theorem on primes in an arithmetic progression.
21
Theorem 6.4 (Dirichlets Theorem)
lim
N
[p N : p k + nZ[
[p < N[
=
1
(n)
.
6.1 Gauss and Cyclotomy
In his Disquisitiones chapter VII, Gauss proposes to nd the Equations dening sections of a circle.
Fix a prime p 3 and cut the unit circle [z[ = 1 into p equal parts, starting at z = 1. The cut points
21
Historically Dirichlets Theorem came rst and inspired Chebotarev. See Serres Course in Arithmetic for a direct
proof of Dirichlets Theorem.
62
,
2
, . . . ,
p1
=

all have minimal polynomial
p
= 1 + x + x
2
+ + x
p1
and generate the eld
Q().
The x-coordinates of the cut points, doubled, are +

,
2
+

2
, . . . . These have minimal polynomial

p
given in equation (14) and generate the unique subeld Q( +

) of degree (p 1)/2.
At the other extreme, the quadratic subeld of Q() is generated by

p, where 1 is given by
p mod 4. We can see this as follows. The cyclic group F

p
has a unique subgroup of index two,
namely F
2
p
, so there is a unique nontrivial homomorphism
_

p
_
: F

p
1,
called the Legendre symbol, given by
_
k
p
_
=
_
+1 if k F
2
p
1 if k / F
2
p
.
It can be shown
22
that the sum

kF

p
_
k
p
_

k
squares to
_
1
p
_
p = p.
More generally, the subelds of Q() are in bijection with subgroups of Aut(Q()), and we have an
isomorphism
F

Aut(Q()), given by k
k
,
where
k
is the automorphism of Q() determined on the generator by
k
() =
k
.
The group F

p
is cyclic of order p 1, so its subgroups correspond to divisors of p 1. Fix a divisor
d [ (p 1) and let H
d
be the unique subgroup of index d in F

p
. Then Q()
H
d
is the unique subeld of
Q() of degree d over Q. This eld has a canonical generator, as follows.
Lemma 6.5 We have Q()
H
d
= Q(
d
), where

d
=

hH
d

h
.
Proof: By the Galois correspondence, Q(
d
) = Q()
J
for a unique subgroup J F

p
. Since
d
is
clearly H
d
-invariant, we have Q()
J
Q()
H
d
, so H
d
J. It sufces to show that J H
d
. Given
s J, we have

hH
d

h
=
d
=
s
(
d
) =

hH
d

hs
.
22
Lang, VI.3
63
Since
k
: k F

p
is a basis of Q(), it follows that =
hs
for some h H
d
, so hs = 1 and this
shows s H
d
.
From Lemma 6.5, it follows that
[Q(
d
) : Q] = [F

p
: H
d
] = d.
Gauss problem becomes that of nding the minimal polynomial of
d
.
The polynomial
f
d
(x) :=

kF

p
/H
d
(x
k
(
d
))
is invariant under Aut(Q()), has
d
as a root, and has degree d, so f
d
(x) Z[x] is the minimal monic
polynomial of
d
. It remains to nd the coefcients of f
d
.
Choose a generator g of F

p
and let d

= (p 1)/d. Then H
d
= g
d
and 1, g, g
2
, . . . , g
d1
is a set of
coset representatives for F

p
/H
d
. The choice of g gives an isomorphism
F

Z/(p 1)Z, g
j
j mod (p 1)
sending H
d
d. The partition of F

p
into cosets of H
d
corresponds to the partition
Z/(p 1)Z =
d1

i=0
C
d
(i),
where C
d
(i) = dk + i : 0 k d

. We have

d
=
d

k=1

g
dk
,
f
d
(x) =
d1

i=0
(x
g
i (
d
)),
and

g
i (
d
) =

C
d
(i)

. (33)
The sums in (33) are called Gauss periods; they are the roots of f
d
.
For explicit computations, we can make the periods into polynomials and treat them symbolically.
Thus, we replace each g

mod p by a representative 1 g

p 1 and dene polynomials


A
i
(t) =

C
d
(i)
z
g

Z[t],
and
F
d
(t, x) =
d1

i=0
(x A
i
(t)) R[x],
64
where R = Z[t]. Now f
d
(x) is the polynomial remainder of F
d
(t) modulo
p
(t), taken in R[t].
Example: Take p = 13, d = 4 and g = 2 as generator of F

13
. The the partition of F

13
into cosets of
H
4
and the periods are given by
2
4
, 2
8
, 2
12

mod 13
3, 9, 1
4
= +
3
+
9
2
1+4
, 2
1+8
, 2
1+12
6, 5, 2
2
(
4
) =
6
+
5
+
2
2
2+4
, 2
2+8
, 2
2+12
12, 10, 4
4
(
4
) =
12
+
10
+
4
2
3+4
, 2
3+8
, 2
3+12
11, 7, 8
8
(
4
) =
11
+
7
+
8
.
We have
F
4
(t, x) = (x t t
3
t
9
)(x t
6
t
5
t
2
)(x t
12
t
10
t
4
)(x t
11
t
7
t
8
),
whose remainder modulo
13
(t) is
f
4
(x) = x
4
+ x
3
+ 2x
2
4x + 3.
We can check this result using our analysis of quartic polynomials (cf. section 4.2.3), for the quartic
f = f
4
. Lets see if we get G
f
= C
4
.
The discriminant is D
f
= 3
2
13
3
so G
f
, A
4
.
The cubic resolvent is x
3
2x
2
16x + 5 = (x 5)(x
2
+ 3x 1), so G
f
D
4
.
The quadratic resolvent (see (29)) has discriminant 13
2
, so G
f
C
4
, as it should be. And the quadratic
subeld is
_
D
f
=

13, again as it should be.


This method computes the minimal polynomial f
d
of the canonical generator of the degree d- subeld
of Q() for any given p and d [ p1. Gauss found a general formula for f
3
, in the following remarkable
result.
Theorem 6.6 (Gauss)
23
Let p = 1 + 3k be a prime 1 mod 3 and let = e
2i/p
. Then
1. There are unique integers A, B such that 4p = A
2
+ 27B
2
and A 1 mod 3.
2. The generator
3
of the cubic subeld of Q() has minimal polynomial
f
3
= x
3
+ x
2
kx
p(A + 3) 1
27
of discriminant D
f
3
= (pB)
2
.
3. The number of points in P
2
(F
p
) lying on the curve X
3
+ Y
3
+ Z
3
= 0 is equal to p + 1 + A.
23
See Gauss Disquisitiones Art. 358, as well as Silverman-Tate Rational points on elliptic curves IV.2.
65
6.2 The Kronecker-Weber theorem and abelian numbers
A Galois extension E/F is abelian if the Galois group Aut(E/F) is abelian.
Theorem 6.7 (Kronecker-Weber) Every abelian extension of Q is a subeld of Q(e
2i/n
), for some
positive integer n.
The minimal such n is called the conductor of the abelian extension E/Q. In the Disquisitiones, Gauss
found the abelian extensions of Q of prime conductor.
In terms of polynomials, Kronecker-Weber asserts that if f Q[x] is a polynomial with abelian Galois
group G
f
, then the roots of f are polynomial expressions in e
2i/n
for some n. I like to call such roots
abelian numbers. The set Q
ab
of all abelian numbers is a subeld of C and is an algebraic extension
of Q. Kronecker-Weber gives an explicit description of Q
ab
, as the union of all cyclotomic elds:
Q
ab
=
_
n1
Q(e
2i/n
).
In group-theoretic terms, the Kronecker-Weber theorem says that every nite abelian quotient of
Aut(Q) factors through Aut(Q(e
2i/n
)), for some n. Today, the Kronecker-Weber theorem is regarded
as a corollary of Class-Field Theory, which describes abelian extensions of a number eld F in terms
of the arithmetic of F.
24
24
See, for example, Neukirch Algebraic Number Theory.
66

You might also like