Fields and Galois Theory

MATH5246
Andrew Hubery
ahubery@maths.leeds.ac.uk
Chapter 1
Introduction
Galois Theory has its orgins in the study of roots of polynomials. It is not
concerned with nding the roots, which can be done using, say, the Newton-
Raphson Method (see also here for an analysis of various techniques used in
computing for nding square-roots); rather, Galois Theory is interested in the
form that the roots can take.
In particular, we can ask which polynomials are solvable by radicals: given
a polynomial
f = X
n
+a
1
X
n1
+ +a
n1
X +a
n
Q[X],
we say f is solvable by radicals if we can express a root of f using only the eld
operations +, , , and
r

.
Some polynomials are always solvable by radicals. In school one learns that for
a quadratic equation
f = X
2
+ 2pX +q,
one can complete the square to write
f = (X +p)
2
+ (q p
2
),
and hence has roots
p
_
p
2
q.
This was essentially known to the Babylonians (ca. 1600BC).
Similarly, a polynomial of the form
f = X
n
a
clearly has
n

a as a root.
The question thus becomes: is every polynomial of degree n solvable by radicals?
If yes, is there a general formula giving a root of all polynomials of degree n? If
no, can we determine which polynomials are solvable by radicals?
1
In the sixteenth century, Ferro and Fontana (nicknamed Tartaglia because of
his stutter) discovered a general formula which workes for all cubic polynomials.
For example, the polynomial
f = X
3
+ 3X + 2
has as a root the number
3
_
1 +

2 +
3
_
1

2.
On the other hand, you should be careful what you wish for: this general method
gives, for the polynomial
f = X
3
15X 4,
the root
3

2 + 11i +
3

2 11i,
which is a rather complicated way of expressing the number 4.
Soon after, Ferrari gave a general method for solving quartic polynomials. These
methods were published by Cardano, Ferraris mentor, in his Ars Magna in 1545.
This proved that all polynomials of degree four are solvable by radicals, and in
fact that there is a general formula which works for all such polynomials. It took
another three hundred years until Abel showed in 1824 that there is no formula
giving a radical expression for the root of all quintic polynomials. His result was
based on an incomplete proof by Runi, and used the ideas of permutations,
so was the beginning of group theory.
Finally Galois in 1830 developed the ideas of group theory in order to decide
which polynomials are solvable by radicals and which are not, and hence explain
why there is no general method for nding roots of polynomials of degree ve.
His method allows one to prove, for example, that the polynomial X
5
X 1
is not solvable by radicals.
1.1 A Modern Approach
From a modern perspective, we replace the study of a polynomial by the study
of the eld extension generated by its roots. We then consider the group of all
eld automorphisms of this eld extension, called the Galois group of the eld
extension. So, if K is a subeld of L, we consider the group
Gal(L/K) := eld automorphisms of L xing every element of K.
If f K[X] is a polynomial, and L is the eld generated by all the roots of f,
then we write Gal(f) for Gal(L/K).
As a simple example, the roots of f = X
2
+1 R[X] are i C. Since C = R(i),
we need to understand the group of all eld automorphisms of C which x R.
2
Any such automorphism is determined by (i), and since i
2
= 1, we must
have (i)
2
= 1, so (i) = i. In fact, both of these are allowed, so
Gal(X
2
+ 1) = Gal(C/R)

= Z/2Z
is a cyclic group of order two. This group is generated by the automorphism
: x +iy x iy, which is just complex conjugation.
In other words we can construct C fromR by adding in a root of the polynomial
X
2
+ 1. From the point of view of R, however, we cannot distinguish between
the two roots i, and in a sense this is why complex conjugation exists.
As a more involved example, we can consider the polynomial f = X
3
2 Q[X].
This has roots
3

2,
3

2,
2
3

2, where =
1
2
(1+i

3) is a primitive cube root

of unity, so the eld generated by the roots is Q(
3

2, ).
Now, any eld automorphism must permute the roots; for if
3
= 2, then
()
3
= 2. Also, since =
_

2
_
/
_
3

2
_
is a quotient of two such roots, we
see that is completely determined by how it permutes the roots. This in fact
gives an injective group homomorphism from the Galois group to the symmetric
group Sym
3
.
Next, since exactly two of the roots are complex, we see that complex conjuga-
tion is a eld automorphism, giving
Gal(Q(
3

2, )/Q),
3

2
3

2,
2
.
On the other hand, the general theory will tell us that the map
3

2
3

2 can
be extending to a eld automorphism, giving
Gal(Q(
3

2, )/Q),
3

2
3

2, .
Looking at the corresponding permutations, we get that is a transposition,
whereas is a 3-cycle. We know that these elements generate the full symmetric
group, so
Gal(Q(
3

2, )/Q)

= Sym
3
.
If instead we had just added in one of the roots, say
3

2, then we wouldnt
have had enough symmetries. In fact, the only eld automorphism of Q(
3

2)
is the identity. This helps explain why we need to include all the roots of the
polynomial.
1.2 Galois Theorem
One of the main theorems of this course will be the following.
Theorem 1.1. A polynomial f is solvable by radicals if and only if the group
Gal(f) is solvable.
Moreover, there exists for each n an irreducible polynomial f Q[X] having
Galois group Gal(f) = Sym
n
.
3
Since Sym
n
is solvable if and only if n 4, we conclude that there exist quintic
polynomials which are not solvable by radicals. The polynomial X
5
X 1
mentioned earlier is one such quintic.
The Galois group of a eld extension L/K tells us a lot about the internal
structure of the eld L. In fact, in certain nice cases, there is an order-reversing
bijection between the lattice of subelds of L containing K and the lattice of
subgroups of Gal(L/K). This is called the Galois Correspondence. As a
consequence we see that in these cases there are only nitely many subelds of
L containing K, a fact which is far from obvious.
This passing between subgroups and subelds is an important and extremely
useful observation. One should remark that group theory was in its infancy at
that time, and in fact the abstract notion of a group had yet to be given. Galois
was one of the rst to appreciate the fundamental importance of groups, and
nowadays this idea of studying an object by rst understanding its symmetries
is prevalent in modern mathematics and physics.
Let us discuss our approach to proving Galois Theorem. Recall that a polyno-
mial f is solvable by radicals if we can write a root of f using just +, , , and
r

. More generally, we say that a eld extension L/K is a radical extension

if there exists a chain of subelds
K = K
0
K
1
K
n
= L
such that K
i+1
is formed from K
i
by extracting an r-th root of an element in
K
i
. In other words, we adjoin an element
i
such that
r
i
K
i
. We observe
that if L/K is radical, then every element of L can be obtained by repeated use
of +, , , ,
r

.
The Galois correspondence now furnishes us with a chain of subgroups
id = Gal(L/L) Gal(L/K
1
) Gal(L/K).
We would like to say that if K
i+1
/K
i
is formed by adjoining an r-th root,
then Gal(K
i1
/K
i
) is a cyclic group of order r. From this it would follow that
the chain of subgroups described above is a subnormal series (each subgroup
is normal in the next) with cyclic subquotients, and hence that Gal(L/K) is a
solvable group.
Unfortunately this is not true in general, but it is true once we assume that we
have enough roots of unity in the eld K. We therefore have to apply a few
technical tricks to complete the proof.
4
Chapter 2
Background Material
2.1 Rings and Algebras
As mentioned in the introduction, Galois Theory involves the study of automor-
phisms of elds. In fact, we often consider a eld L containing another eld K
as a subeld, and we want to understand the eld automorphisms of L which x
every element of K. For example, complex conjugation is a eld automorphism
of C which xes every element of R.
The appropriate language is therefore that of algebras. Given a eld K, a K-
algebra is a ring R containing K as a subeld. A K-algebra homomorphism
f : R S is a ring homomorphism such that f(x) = x for all x K. We observe
that every K-algebra is a fortiori a K-vector space, and that every K-algebra
homomorphism is a K-linear map.
1
Examples include the polynomial ring K[X] and eld extensions such as Q
R or R C. Also, if R is a K-algebra and I RA a proper ideal, then
the quotient ring R/I is again a K-algebra. For, we have a non-zero ring
homomorphism K R R/I, which is therefore injective since K is a eld.
We may subsequently identify K with its image inside R/I, giving the quotient
R/I the structure of a K-algebra. In particular, if f K[X] is a non-constant
polynomial, then the quotient ring K[X]/(f) is a K-algebra.
2.2 Polynomial Rings
Let K be a eld, and let K[X] be the ring of polynomials in one variable over
K. The degree map on K[X] is given by
deg(f) = d provided f = a
0
X
d
+ +a
1
X +a
d
with a
0
,= 0, deg(0) = .
1
It is sometimes better to consider R together with a ring homomorphism
R
: K R.
Then a K-algebra homomorphism f : R S is a ring homomorphism such that
R
=
S
f.
5
This satises
deg(fg) = deg(f) + deg(g) and deg(f) = 0 f K

.
Using this we see that K[X] is an integral domain (it has no zero-divisors), and
also that the only units in K[X] are the non-zero constants, so elements of K

.
Theorem 2.1. The polynomial ring K[X] is a principal ideal domain.
In fact, every non-zero ideal is generated by a monic polynomial, and this poly-
nomial is uniquely determined by the ideal.
Proof. The zero ideal (0) is clearly principal, so let I be a non-zero ideal in
K[X] and let 0 ,= f I have minimal degree. By dividing through, we may
further assume that f is monic. We will show that I = (f).
Take g I. By the Division Algorithm we can write g = qf +r for some q and
r with deg(r) < deg(f). Rearranging gives r = g qf I, so by the minimality
of f we must have r = 0, and hence g = qf (f). This proves that I (f),
and since f I we have equality.
To see that f is unique, suppose that g is monic and I = (g). Swapping the
roles of f and g in the above argument gives f = q

g, and so f = qq

f. Hence
qq

= 1, so q, q

. Finally, since both f and g are monic and g = qf, we

deduce that q = 1 and that f = g.
We call a polynomial f irreducible provided that f is non-constant and when-
ever f = gh, one of g or h is a unit. Similarly, we call a polynomial f prime
provided that f is non-constant and if f divides gh, then f divides one of g or
h. Clearly every prime is irreducible, but in fact the converse also holds.
Proposition 2.2. Every irreducible polynomial f is prime, and (f) is even a
maximal ideal.
Proof. Let f K[X] be irreducible, and suppose that (f) (g). Then f = gh
for some h, and since f is irreducible, either g is a unit, in which case (g) = K[X],
or else h is a unit, in which case (g) = (f). Thus (f) is a maximal ideal.
To see that f is prime, suppose that f divides gh, but that f does not divide
g. Since (f) is a maximal ideal and g , (f) we must have that (f, g) = K[X].
Thus there exist polynomials a and b with af +bg = 1. Multiplying by h gives
afh +bgh = h, and since f divides gh, it divides the left-hand side, and hence
f divides h.
The next theorem states that K[X] is a unique factorisation domain.
Theorem 2.3. Every non-zero polynomial f K[X] can be written as f =
af
1
f
n
, where a K

is a unit and the f

i
K[X] are monic and irreducible.
Moreover, such an expression is unique up to the ordering of the f
i
.
6
Proof. Let f K[X] be non-constant. If f is irreducible, then we can write
f = af
1
, where f
1
is monic and a K

. Otherwise, if f is not irreducible, then

there exists some expression f = gh with g and h non-constant polynomials.
Now 0 < deg(g), deg(h) < deg(f), so by induction on degree we can express
both g and h, and hence also f, in the desired form.
Suppose now that f = af
1
f
m
= bg
1
g
n
, where a, b K

and f
i
, g
j

K[X] are monic and irreducible. By comparing leading coecients we see that
a = b.
From Proposition 2.2 we know that K[X]/(f
1
) is a eld. Writing

h for the
image of a polynomial h in K[X]/(f
1
), we have that

f = 0, so g
1
g
n
= 0 and
hence g
i
= 0 for some i. After reordering, we may assume that g
1
= 0. Then
g
1
(f
1
), so g
1
= uf
1
for some u. Since g
1
is irreducible and f
1
is not a unit, u
must be a unit. Finally, since f
1
and g
1
are both monic, u = 1 and so f
1
= g
1
.
It follows that f
2
f
m
= g
2
g
n
, so by induction on degree we have m = n
and, after reordering, f
i
= g
i
for all i.
2.3 Roots of Polynomials
Given K, we have a K-algebra homomorphism ev

: K[X] K sending
X . This is called the evaluation map. We write f() for the image
of f in K and say that is a root of a polynomial f K[X] provided that
f() = 0.
Now, the evaluation map is surjective, so its kernel I is a maximal ideal. Clearly
X I, but by Proposition 2.2 the ideal (X ) is also maximal, so
I = (X ). Therefore is a root of f if and only if f (X ), which is if
and only if X divides f.
Using that K[X] is a unique factorisation domain, Theorem 2.3, it now fol-
lows that a polynomial of degree d has at most d roots in K, counted with
multiplicities.
We say that a polynomial f splits over K provided that it has precisely d roots
in K, counted with multiplicities. Equivalently, f factorises as a product of
linear polynomials in K[X].
2.4 Irreducibility Criteria
We now recall some facts about integer polynomials f Z[X].
Analogous to the case of polynomials over elds, we can talk about divisibility
of integer polynomials, and hence about irreducible and prime polynomials.
The situation is slightly more complicated, however, since although Z[X] is still
a unique factorisation domain, it is no longer a principal ideal domain. For
example, the ideal (2, X
2
+ X + 1) is prime but not principal. In fact, the
quotient ring Z[X]/(2, X
2
+X + 1) is a eld with four elements.
7
We therefore introduce a new concept. An integer polynomial f = a
0
X
d
+
+ a
d1
X + a
d
Z[X] is said to be primitive if gcd(a
0
, a
1
, . . . , a
d
) = 1. In
particular, all monic polynomials are primitive.
We recall the following three results concerning the irreducibility of integer
polynomials. Their proofs are included in the handout.
Lemma 2.4 (Gauss Lemma). If f Z[X] is primitive, then it is irreducible
over Z if and only if it is irreducible over Q.
Lemma 2.5 (Eisensteins Criterion). Let f = a
0
X
d
+ +a
d1
X +a
d
Z[X]
be primitive. Suppose that there exists a prime p such that p[a
i
for i = 1, . . . , d,
but p a
0
and p
2
a
d
. Then f is irreducible.
Lemma 2.6 (Rational Root Test). Let f = a
0
X
d
+ + a
d
Z[X]. If =
p/q Q is a root of f such that gcd(p, q) = 1, then p[a
d
and q[a
0
.
In general, it is dicult to determine whether a given polynomial is irreducible
or not, and to nd its decomposition into irreducible factors. One can compare
this to the problem of determining whether a given number is prime, and of
nding its prime factorisation.
Let K be a eld and f K[X]. Clearly if deg(f) = 1, then f is irreducible.
Also, if deg(f) = 2 or 3, then f is irreducible if and only if it has no linear
factor, which is if and only if it has no root in K. If deg(f) = 4, though, it
could have a decomposition into two irreducible quadratic polynomials.
Suppose K = Q. Clearing denominators, we may assume f Z[X] is primitive.
Then by Gauss Lemma, f is irreducible over Q if and only if it is irreducible
over Z. Moreover, by the Rational Root Test, we know the possible rational
roots of f. In particular, if f is monic, then any rational root is in fact integral.
For higher degrees, we can also use Eisensteins Criterion. This is particularly
useful if we combine it with a suitable linear change of variables Y = X a.
For example, if p is a prime, then the polynomial f = X
p1
+ + X + 1 is
irreducible. For, we have f = (X
p
1)/(X 1), and so applying the linear
change of variables Y = X 1 we see that
f(Y ) = ((Y + 1)
p
1)/Y = Y
p1
+pY
p2
+ +
_
p
r
_
Y
r1
+ +p.
Since p is a prime, each binomial coecient
_
p
r
_
for 0 < r < p is divisible by
p. We can therefore use Eisensteins Criterion to deduce that f(Y ), and hence
also f(X), is irreducible.
Another powerful method is reduction modulo a prime p. We write F
p
for the
eld Z/pZ. Consider the surjective ring homomorphism Z[X] F
p
[X], f

f.
If f = gh Z[X], then clearly

f = g

h F
p
[X]. Thus if

f is irreducible over F
p
for some prime p, then f itself must be irreducible over Z.
Variations of this idea can also be applied. For example, suppose that we are
given f Z[X] of degree 4. Using the Rational Root Test, we may assume
8
that f has no linear factors, so that if f = gh has a proper factorisation, then
deg(g) = deg(h) = 2. Now suppose that

f F
p
[X] factors as

f = rs with r, s
irreducible, deg(r) = 1, deg(s) = 3. This is incompatible with any factorisation
f = gh with deg(g) = deg(h) = 2, so f must itself be irreducible.
Finally we remark that there are computer algorithms for factorising polynomi-
als. Over the integers one can use the LLL algorithm, whereas over a nite eld
one can use the Cantor-Zassenhaus algorithm. Both of these algorithms run in
polynomial time (viewed in terms of the degree of the polynomial).
Examples
1. f = X
2
2 Z[X]. Eisenstein tells us that f is irreducible over Z, so
by Gauss Lemma, f is irreducible over Q. In other words,

2 is not a
rational number.
2. f =
2
9
X
5
+
5
3
X
4
+ X
3
+
1
3
. Clearing denominators we have g = 9f =
2X
5
+ 15X
4
+ 9X
3
+ 3. We can use Eisensteins Criterion with p = 3 to
deduce that g, and hence f, is irreducible.
3. f = X
3
7X
2
+ 3X + 3. The only possible rational roots are 1, 3.
Checking, we see that f = (X1)(X
2
6X3) as a product of irreducibles.
4. f = X
4
+ 15X
3
+ 7. Working over F
2
, we have

f = X
4
+ X
3
+ 1. This
has no linear factor, since neither 0, 1 are roots of

f over F
2
. Suppose

f = (X
2
+aX +b)(X
2
+cX +d)
= X
4
+ (a +c)X
3
+ (b +ac +d)X
2
+ (ad +bc)X +bd.
From the constant term we see that b = d = 1. Therefore the the coe-
cient of X gives a +c = 0, whereas the coecient of X
3
gives a +c = 1, a
contradiction. So

f is irreducible over F
2
, whence f is irreducible over Z.
5. Consider f = X
4
+ 1 and its factorisations over various nite elds:
p

f p

f
2 (X + 1)
4
7 (X
2
+ 3X + 1)(X
2
3X + 1)
3 (X
2
+X 1)(X
2
X 1) 11 (X
2
+ 3X 1)(X
2
3X 1)
5 (X
2
+ 2)(X
2
2) 13 (X
2
+ 5)(X
2
5)
Either f is irreducible or else the product of two irreducible quadratics,
but the above data give no further information. However, making the
substitution Y = X 1 we get (Y +1)
4
+1 = Y
4
+4Y
3
+6Y
2
+4Y +2.
Applying Eisenstein with p = 2 we see that f is irreducible.
9
Chapter 3
Field Extensions
3.1 The Tower Law
Let L be a eld and K L a subeld. We write L/K and call L a eld
extension of K. We observe that L is a K-algebra, so in particular a K-vector
space. We denote its dimension by [L : K] and call this the degree of the
extension. We say that L/K is a nite eld extension if [L : K] is nite.
Clearly L = K if and only if [L : K] = 1.
Let M/L and L/K be eld extensions. Then M/K is again eld extension, and
we call M/L/K a tower of elds.
Theorem 3.1 (Tower Law). Let M/L/K be a tower of elds. Then
[M : K] = [M : L][L : K].
In particular, M/K is nite if and only if both M/L and L/K are nite.
Proof. Let
i
: i I be a K-basis of L and
j
: j J an L-basis of M. We
claim that the set of products
i

j
: (i, j) I J is a K-basis of M.
Linear Independence. Suppose that we have a nite sum

i,j

ij

j
= 0,
where
ij
K. We can rewrite this as

j
_
i

i,j

i
_

j
= 0. Since the
coecients of the
j
lie in L we deduce that

i

i,j

i
= 0 for all i, and then
that
i,j
= 0.
Spanning. Take M. We can write =

j

j

j
as a nite sum with
coecients
j
L. Now write
j
=

ij

i
as a nite sum with coecients

ij
K. Then =

i,j

ij

j
as required.
3.2 Algebraic and Transcendental Elements
Let L/K be a eld extension. Given L we have a K-algebra homomorphism
ev

: K[X] L sending X , which we again call the evaluation map. We

10
say that L is a root of f K[X] provided that f() = 0; this is if and only
if X divides f as polynomials in L[X]. As before, a polynomial f K[X]
of degree d has at most d roots in L (with multiplicities).
Changing perspective, we say that L is algebraic over K provided it is the
root of some polynomial f K[X]; otherwise, we say that is transcendental
over K. We call a eld extension L/K algebraic provided that every L is
algebraic over K.
The image of the evaluation map ev

: K[X] L is a subring of L, so an
integral domain, which we denote by K[]. Moreover, since L is a eld, the
quotient eld K() of K[] is a subeld of L. We observe that K[] is the
smallest subring of L containing both K and , and similarly that K() is the
smallest subeld of L containing both K and .
Since the image of the evaluation map is an integral domain its kernel must be
a prime ideal of K[X].
Theorem 3.2. Let L/K be a eld extension and L. Then there are two
possibilities:
1. (i) is algebraic over K.
(ii) Ker(ev

) = (m
/K
) for some monic irreducible polynomial m
/K
.
(iii) K() = K[].
(iv) [K() : K] = deg(m
/K
) is nite.
2. (i) is transcendental over K.
(ii) ev

injective.
(iii) K() ,= K[].
(iv) [K() : K] is innite.
Proof. By denition, is algebraic over K if and only if the kernel of the
evaluation map ev

is non-zero, and then by Proposition 2.2 it is a maximal

ideal generated by a monic irreducible polynomial m
/K
. This in turn implies
that K[] = K[X]/(m
/K
) is a eld, so equals K(), and hence [K() : K] =
deg(m
/K
) is nite.
On the other hand, is transcendental over K if and only if the kernel is
zero, or equivalently the evaluation map is injective. This in turn implies that
K[]

= K[X] is not a eld, so K[] ,= K() and K() is innite dimensional
over K.
This proves that, for both cases, (i) is equivalent to (ii), and these imply both (iii)
and (iv). Finally, if either K() = K[] or [K() : K] is nite, then cannot
be transcendental, so must be algebraic. Similarly, if either K() ,= K[] or
[K() : K] is innite, then cannot be algebraic, so must be transcendental.
For a eld extension L/K and an element L algebraic over K, we call the
monic irreducible polynomial m
/K
K[X] the minimal polynomial of
over K. It is uniquely determined by and K.
11
Corollary 3.3. Let L/K be a eld extension, L algebraic over K, and
f K[X]. Then L is a root of f if and only if m
/K
divides f as
polynomials in K[X].
Proof. We know that is a root of f if and only if f() = 0, which is if and
only if f lies in the ideal Ker(ev

) = (m
/K
).
The next result is important since it allows us to construct eld extensions of
K without reference to any other eld.
Corollary 3.4 (Kronecker). Let f K[X] be non-constant. Then there exists
a nite eld extension L/K in which f has a root. In fact, we may assume that
[L : K] deg(f).
Proof. Let g be a monic irreducible factor of f in K[X] and set L := K[X]/(g).
Then L is a nite-dimensional K-algebra, of dimension deg(g) deg(f), and
since (g) is a maximal ideal it is also a eld. Thus L/K is a nite eld extension.
Set to be the image of X in L. Then the evaluation map ev
/K
has kernel
(g), so contains f. In other words, is a root of f in L.
Examples
1. C/R and i C. Then m
i/R
= X
2
+ 1.
2. C/Q and

2 C. Then m

2/Q
= X
2
2.
3. C/R and

2 R. Then m

2/R
= X

2.
4. C/Q and = exp(2i/5) C. Then m
/Q
= X
4
+X
3
+X
2
+X + 1.
5. , e R are transcendental over Q (hard).
In fact, Hilberts Seventh Problem, from his address to the ICM in 1900, posed
the following problem:
If a and b are algebraic, with a ,= 0, 1 and b irrational, then is a
b
necessarily transcendental?
This was proved in 1934, independently by Gelfond and Schneider. For example,
the number

2

2
is transcendental (but note that ((

2)

2
)

2
= 2 is again
rational).
We remark that being algebraic or transcendental is a relative notion, since it
depends on the base eld. For example, it is known that R is transcendental
over Q, but it is clearly algebraic over R. In fact, for any eld K, K is
algebraic over K.
12
3.3 Intermediate Fields
Let L/K be a eld extension. An intermediate eld of L/K is a subeld E
of L containing K, in which case L/E/K is a tower of elds.
Given a subset S L, we write K[S] for the smallest subring of L containing
both K and S, and K(S) for the smallest such subeld. Note that K[S] is an
integral domain and K(S) is its quotient eld.
This denition makes sense since if A
i
are subrings (respectively subelds) of L
containing K and S, then so too is their intersection

i
A
i
.
If S =
1
, . . . ,
n
is a nite set, then we can describe K[S] = K[
1
, . . . ,
n
]
as the image of the K-algebra homomorphism
K[X
1
, . . . , X
n
] L, X
i

i
.
This extends the case discussed above of a single element K[].
We say that L/K is nitely generated provided L = K(
1
, . . . ,
n
) for some
nite set of elements
1
, . . . ,
n
. Every nite eld extension is nitely gener-
ated, since if
1
, . . . ,
n
is a K-basis for L, then clearly L = K(
1
, . . . ,
n
). If
L = K(), then we say that the eld extension L/K is simple, and call a
primitive element for the eld extension.
If E and F are two intermediate elds of L/K, then we dene their composi-
tum EF to be the smallest subeld of L containing both of them. In the
notation above we have EF = E(F) = F(E).
We remark that in all of the above constructions we need the ambient eld
L. In particular, if we are given two eld extensions E/K and F/K, there is
no natural way to construct a eld extension L/K containing both E and F;
we can only talk about the compositum EF when both E and F are already
subelds of some larger eld L.
Remark
The denition of a compositum of two elds requires an ambient eld. If E
and F are eld extensions of K, we could instead consider the tensor product
E
K
F and take a maximal ideal I. Then E
K
F/I is again a eld and we have
embeddings E, F E
K
F/I. The problem is that this denition depends on
the choice of I.
For example, if
E

= F

= Q[X]/(X
3
2)

= Q(
3

2),
then
E
K
F

= Q[X, Y ]/(X
3
2, X
3
Y
3
)

= Q[X, Y ]/
_
X
3
2, (X Y )(X
2
+XY +Y
2
)
_
.
13
We have maximal ideals
I = (X
3
2, X Y ) and J = (X
3
2, X
2
+XY +Y
2
),
giving elds
E
K
F/I

= Q[X]/(X
3
2)

= Q(
3

2),
E
K
F/J

= Q[X, Z]/(X
3
2, Z
2
+Z + 1)

= Q(
3

2, ).
Here we have made the substitution Z = Y/X and written for a primitive
cube root of unity.
We observe that
[E
K
F/I : Q] = 3 and [E
K
F/J : Q] = 6,
so the elds are not isomorphic.
3.4 Primitive Element Theorem
Recall that a eld extension L/K is simple if there exists some L such that
L = K(), in which case we call a primitive element for L/K. We now give
a useful criterion showing when a nite eld extension is simple.
Theorem 3.5 (Primitive Element). Let L/K be a nite extension. Then L/K
is simple if and only if L/K has only nitely many intermediate elds.
Proof. Suppose rst that L = K() is a nite and simple eld extension of K.
Then is algebraic over K, say with minimal polynomial m = m
/K
K[X].
Consider the map sending an intermediate eld F of L/K to the polynomial
m
/F
, viewed as a polynomial over L. Since is a root of m, we know that
m
/F
divides m over F, and hence also over L. Thus (F) is a monic polynomial
dividing m over L, so the image of is a nite set.
We also have a map from the monic polynomials dividing m to the intermedi-
ate elds of L/K, sending the polynomial f = X
n
+a
n1
X
n1
+ +a
1
X+a
0
to the eld F = K(a
0
, a
1
, . . . , a
n1
) generated over K by the coecients of f.
We wish to show that = id, so that is a left inverse for , and hence that
is injective. Since the image of is nite we deduce that L/K has only nitely
many intermediate elds.
Let F be an intermediate eld of L/K and let f := (F) = m
/F
be the
minimal polynomial of over F. Then L = F(), so [L : F] = deg(f). Now let
F

:= (f) be the intermediate eld generated by the coecients of f. Since

each coecient of f lies in F we clearly have F

F, and so [L : F

] [L :
F] = deg(f). On the other hand we also have L = F

(), and since is a root

of f F

[X] we must have [L : F

] deg(f). Thus [L : F

] = deg(f), so by the
Tower Law [F : F

] = 1, whence F = F

. This proves that = id.

14
For the other direction, we separate the proof into two cases, depending on
whether or not K is an innite eld.
Let L/K be a nite eld extension having only nitely many intermediate elds.
Suppose that K is an innite eld. We show that for any , L there exists
K such that K(, ) = K( +).
For convenience set

:= + . Now, since L/K has only nitely many

intermediate elds, but K is innite, there exist ,= K with K(

) =
K(

). Thus both
=

and =

lie in K(

), so that K(, ) = K(

). This proves the claim.

By induction, given
1
, . . . ,
n
L, there exist
2
, . . . ,
n
K such that
K(
1
, . . . ,
n
) = K(
1
+
2

2
+ +
n

n
).
Since L/K is nite, it is nitely generated and hence simple.
If, on the other hand, K is a nite eld, then so too is L, and hence L

is a
cyclic group by the lemma below. Let be a generator for this group. Then
clearly L = K(), so L/K is simple.
It remains to prove the following lemma.
Lemma 3.6. Let G be a nite group such that, for all m 1, there are at most
m elements x G such that x
m
= 1. Then G is cyclic.
In particular, if G is a nite subgroup of the multiplicative group K

of some
eld K, then G is cyclic. If K is a nite eld, then K

is a cyclic group.
Proof. Write (m) for the number of elements in G of order m. If (m) > 0,
then there exists some element g G of order m, and so g) G is a cyclic
group of order m. This contains m elements, all of which satisfy x
m
= 1, so by
our assumption on G these are the only such elements. We deduce that (m)
equals the number of generators of this subgroup, which we know is given by
Eulers totient (or phi) function:
(m) := [1 d m : gcd(d, m) = 1[.
It follows that (m) is either zero or equals (m).
Now, Lagranges Theorem tells us that every element in G has order dividing
n := [G[, so n =

m|n
(m). On the other hand, by considering the case of a
cyclic group, we know that n =

m|n
(m). Since (m) (m) for all m[n, we
deduce that (m) = (m) for all m[n. In particular, (n) = (n) > 0, so G has
an element of order n, so G is cyclic.
If K is a eld, then there are at most m solutions to the equation X
m
= 1 in
K. Thus each nite subgroup of K

is cyclic. If K is a nite eld, then K

itself is a nite group, so cyclic.

15
Chapter 4
Field Embeddings
Let L be a eld. Recall that a eld automorphism of L is a bijective ring
homomorphism : L L. We denote the set of all eld automorphisms of L
by Aut(L), and observe that this is a group under composition.
Let G Aut(L) be a subgroup of eld automorphisms of L. We dene its xed
eld to be
L
G
:= x L : (x) = x for all G.
Note that L
G
is indeed a subeld of L.
Conversely, if K is a subeld of L, then we may consider the set of K-algebra
automorphisms, or simply K-automorphisms, of L
Gal(L/K) := Aut(L) : (x) = x for all x K.
Note that this is a subgroup of Aut(L). We call Gal(L/K) the Galois group
of the eld extension L/K.
More generally, let F/K be another eld extension. We write Hom
K
(F, L) for
the set of K-algebra homomorphisms, or simply K-embeddings, F L
Hom
K
(F, L) := : F L : (x) = x for all x K.
Recall that every such K-embedding is an injective linear map of K-vector
spaces. In particular, if L/K is nite, then Hom
K
(L, L) = Gal(L/K).
The next proposition relates some of these concepts. As usual, given a group G
and a subgroup H G, we write (G : H) for the set of left cosets of H in G, and
[G : H] for the number of such cosets. Thus [G : H] = [G[/[H[ by Lagranges
Theorem.
Proposition 4.1. Let L/F/K be a tower of eld extensions.
1. Composing with the inclusion F L gives an injection Gal(F/K)
Hom
K
(F, L), whose image is precisely those eld embeddings having image
F; that is, the set of : F L with (F) = F.
16
2. Gal(L/F) Gal(L/K) is a subgroup, and restriction to F gives an injec-
tion
_
Gal(L/K) : Gal(L/F)
_
Hom
K
(F, L).
Proof. 1. Composition with the inclusion map is clearly injective, and if
Gal(F/K), then clearly has image F. Conversely, if Hom
K
(F, L)
has image F, then it restricts to a K-automorphism of F, so = and
Gal(F/K).
2. Since K F, any F-automorphism of L is necessarily a K-automorphism,
whence Gal(L/F) Gal(L/K). Restriction to F now gives a map Gal(L/K)
Hom
K
(F, L). Moreover, and restrict to the same K-embedding if and only
if
1
xes F. This happens if and only if
1
Gal(L/F), or equivalently
Gal(L/F), giving the required injective map from left cosets to eld
embeddings.
4.1 Artins Extension Theorem
Let F/K and L/K be nite eld extensions. We saw above that we are inter-
ested in K-embeddings F L. One way of constructing these is to start with
the eld embedding K L, and then to iteratively add in the elements of F.
More precisely, suppose that F = K(
1
, . . . ,
n
), and set F
i
:= K(
1
, . . . ,
i
).
Then F
i
= F
i1
(
i
) is a simple eld extension, so if we have constructed a eld
embedding
i
: F
i
L, we just need to understand when we can extend this
to a eld embedding
i+1
: F
i+1
L. This is the content of Artins Extension
Theorem.
We need some terminolgy. Let F/K be a eld extension and : K L a eld
embedding. We say that a eld embedding : F L extends provided that
(x) = (x) for all x K.
Theorem 4.2 (Artins Extension Theorem). Let K()/K be a nite, simple
eld extension.
1. If L/K is another eld extension, then the K-embeddings : K() L
are in bijection with the roots of m
/K
in L, the bijection being given by
().
2. More generally, if : K L is a eld embedding, then the extensions
: K() L of are in bijection with the roots of (m
/K
) in L.
Proof. For convenience set m := m
/K
. We have a K-algebra isomorphism
K[X]/(m)

K() via X . By the Factor Lemma we know that K-
embeddings : K() L are in bijection with K-algebra homomorphisms
: K[X] L such that (m) = 0. Now, each K-algebra homomorphism
: K[X] L is completely determined by the element := (X), in which
case = ev

, and then (m) = 0 if and only if is a root of m.

17
For the general case we observe that is injective, so induces an isomorphism
of K with its image K

, say, and that L/K

is a eld extension. We have a ring

isomorphism K[X]

= K

[X], which just acts via on the coecients, and hence

a eld isomorphism K[X]/(m)

= K

[X]/((m)). Using this isomorphism, eld

embeddings K[X]/(m) L extending are in bijection with K

-embeddings
K

[X]/((m)) L, which we have just shown are in bijection with the roots of
(m) in L.
Examples
Artins Extension Theorem is actually very easy to use.
1. Let

2 C. Then m

2/Q
= X
2
2. This has roots

2 in C. We
therefore have two embeddings Q(

2) C. These are given by the

identity
1
:

2

2 and
2
:

2

2.
In fact, both of these restrict to automorphisms of Q(

2), so
Gal(Q(

2)/Q)

= Z/2Z.
2. Let := exp(2i/3) =
1
2
(1 + i

3) C. This has minimal polynomial

m
/Q
= X
2
+ X + 1, with roots and
2
= . We therefore have
two embeddings Q() C given by the identity and complex
conjugation .
Again, both of these restrict to automorphisms of Q(), giving
Gal(Q()/Q)

= Z/2Z.
3. Let =
3

2 R. Then m
/Q
= X
3
2. This has a unique root in R, so
there is only the identity map Q() R. On the other hand, X
3
2 has
roots , ,
2
in C, so we have three embeddings Q() C. These are
given by : , : and :
2
.
We have therefore shown that
Gal(Q()/Q) = id and Hom
Q
(Q(), C) = , , .
In particular, we can have a strict inequality in Proposition 4.1 (1).
4. Consider the tower L/F/Q, where L = Q(
4

2) and F = Q(

2). Then
there are two embeddings F L, given as in (1) by

2

2. On
the other hand,
4

2 has minimal polynomial X

4
2 over Q. This has
two real roots,
4

2, and two complex roots, i

4

2. Therefore there are

two automorphisms of L, given by
4

2
4

2. Finally, both of these

necessarily x

2, and hence F. Thus
Gal(Q(
4

2)/Q) = Gal(Q(
4

2)/Q(

2))

= Z/2Z.
18
In particular, we can have a strict inequality in Proposition 4.1 (2).
We observe that the eld embedding
1
: F L,

2

2, can be
extended in two dierent ways to an automorphism of L, namely the
two automorphisms
4

2
4

2. On the other hand, the eld embedding

2
: F L,

2

2 cannot be extended to an automorphism of L.

This agrees with Artins Extension Theorem, since the minimal polyno-
mial of
4

2 over F is X
2

2 (why?). Then
1
(X
2

2) = X
2

2, and
this has two roots in L, namely
4

2. On the other hand,

2
(X
2

2) =
X
2
+

2, and this has no roots in L, since both its roots are complex.
5. Consider instead M = Q(
6

2). Then the minimal polynomial of

6

2 over
F = Q(

2) is n := X
3

2. Then
1
(n) = n has exactly one root in M,
namely
6

2, and
2
(n) = X
3
+

2 also has exactly one root in M, namely

2. Thus
1
and
2
can both be extended uniquely to automorphisms
of M.
6. We now compute all embeddings Q(, ) C, where =
3

2 and =
exp(2i/3) as above. We begin by noting that [Q(, ) : Q] = 6. For,
we know that [Q() : Q] = 2 and that [Q() : Q] = 3. It follows from
the Tower Law that both 2 and 3, and hence 6, divide [Q(, ) : Q].
On the other hand, we know that is a root of X
3
2 over Q(), so
[Q(, ) : Q()] 3, whence [Q(, ) : Q] 6.
In particular, X
3
2 is the minimal polynomial of over Q().
We have already computed all embeddings Q() C, namely the identity
and complex conjugation :
2
. Clearly both x the minimal poly-
nomial X
3
2 of , and since this polynomial has three distinct roots in
C, we see that both id and extend in three dierent ways to embeddings
Q(, ) C.
Finally, all of these embeddings restrict to automorphisms of Q(, ).
Therefore we have in fact computed the Galois group Gal(Q(, )/Q).
We list these six automorphisms in the table below, showing their actions
on and .
id
2

2

2

2

2

2

2

Note that still denotes complex conjugation. Also, the names exhibit
some of the compositions in the Galois group. For example,

2
() = () = ,
2
() = () = ()() = =
2
.
Similarly,
() = (
2
) = ()
2
=
2
, () = () = .
19
Moreover, since
() = () =
2
, () = () = ()() =
2
,
we have that =
2
. Since we also have
3
=
2
= id we deduce
that the Galois group is isomorphic to Sym
3
. We observe for later that
[Sym
3
[ = 6 = [Q(, ) : Q].
4.2 Linear Independence of Characters
Let G be a group and L a eld. A character
1
of G in L is a group homo-
morphism : G L

. The trivial character is the group homomorphism

(g) = 1 for all g G.
Note that if : K L is a eld embedding, then we obtain a character
: K

. In particular, all eld automorphisms of L induce characters.

Given characters
1
, . . . ,
n
of G in L and elements
1
, . . . ,
n
of L we may form
the linear combination

i

i
, sending g G to the element

i

i
(g) L.
This is a well-dened map, but is no longer a character of G. We say that
the characters
i
are linearly independent over L if the only solution to

i
= 0 is when
i
= 0 for all i.
Theorem 4.3 (Dedekind). For any group G and eld K, distinct characters
G K

are linearly independent.

Proof. Suppose we have a non-trivial expression

n
i=1

i
= 0 for distinct
characters
i
and coecients
i
K. Assume further that such an expression
has a minimum number of coecients
i
, so each
i
is non-zero. Dividing
through, we may assume that
n
= 1. Thus

n1
i=1

i

i
=
n
.
Now, since
1
and
n
are distinct, there exists g G such that
1
(g) ,=
n
(g).
Set
i
:=
i
(g)
n
(g) and consider the linear expression

n1
i=1

i

i
. Then
for each h G we have
n1

i=1

i
(h) =
n1

i=1

i
(g)
i
(h)
n1

i=1

n
(g)
i
(h)
=
n1

i=1

i
(gh)
n
(g)
n1

i=1

i
(h)
=
n
(gh)
n
(g)
n
(h) = 0,
using that characters are multiplicative. It follows that

n1
i=1

i

i
= 0, so we
have a new equation of linear dependence, but having fewer terms. Thus each

i
= 0, so each
i
= 0, but
1
=
1
(g)
n
(g) ,= 0, a contradiction.
We deduce that
i
= 0 for all i, so that the
i
are linearly independent.
1
Such a character is called an irreducible character of degree one in courses on group
representation theory.
20
Corollary 4.4. Let L/K and F/K be eld extensions, and assume that F/K
is nite. Then [ Hom
K
(F, L)[ [F : K].
In particular, if L/K is nite, then [ Gal(L/K)[ [L : K].
Proof. Let x
1
, . . . , x
n
be a K-basis for F, and let
1
, . . . ,
m
be distinct elements
of Hom
K
(F, L). Form the matrix M := (
i
(x
j
)) M
mn
(L), and view M
t
as
a linear map M
t
: L
m
L
n
. If m > n, then this has a non-zero kernel, so we
can nd elements
i
L, not all zero, with

i
(x
j
) = 0 for all j.
Since the x
j
form a K-basis for F and the
i
x K, we deduce that

i
(x) =
0 for all x F, and hence that

i

i
= 0, contradicting the linear indepen-
dence of the
i
. Thus m n, and hence [ Hom
K
(F, L)[ [F : K].
21
Chapter 5
Galois Extensions
We saw in the previous section that if L/K is a nite eld extension, then
Gal(L/K) is a nite group of size at most [L : K]. We call L/K a Galois ex-
tension provided [ Gal(L/K)[ = [L : K], which is to say that the eld extension
L/K has the maximal amount of symmetry.
We remark that in Section 4.1, Example (1) we proved that Q(

2)/Q is a
Galois extension with Galois group Sym
2
, and in Example (6) we proved that
Q(
3

2, )/Q is a Galois extension with Galois group Sym

3
.
On the other hand, Q(
3

2)/Q has no non-trivial automorphism by Example (3),

but has degree 3, so is not Galois.
We begin by showing that Galois extensions arise as xed elds of eld auto-
morphisms.
Proposition 5.1. Let L be a eld and G Aut(L) a nite group of eld
automorphisms of L. Set K := L
G
to be its xed eld. Then L/K is a Galois
extension, and Gal(L/K) = G.
Proof. Clearly G Gal(L/K). We will show that [G[ [L : K]; hence L/K is
a nite extension, and since by Corollary 4.4 we have [L : K] [ Gal(L/K)[, it
follows that L/K is Galois and G = Gal(L/K).
The proof is similar in style to that of Theorem 4.3.
Let G =
1
, . . . ,
m
and take x
1
, . . . , x
n
L, linearly independent over K.
Form the matrix M = (
i
(x
j
)) M
mn
, and view it as a linear map M: L
n

L
m
. If m < n, then this has non-trivial kernel, so there exist
j
L, not all
zero, with

i
(x
j
) = 0 for all i.
Take such a solution having a minimal number of non-zero terms. Dividing
through and renumbering, we may assume that
n
= 1.
22
Now, the
j
cannot all lie in K, since otherwise
i
(

j

j
x
j
) = 0, whence

j

j
x
j
= 0, contradicting the linear independence of the x
j
. So without loss
of generality we may assume that
1
, K. Next, since K = L
G
, we have
(
1
) ,=
1
for some G. Applying to our list of equations, and using that
G =
i
, we get

j
(
j
)
i
(x
j
) = 0 for all i.
Subtracting then gives

i
(x
j
) = 0 for all i, where
j
:=
j
(
j
).
Since
n
= 0, this has fewer non-zero terms, so by minimality
j
= 0 for all j.
On the other hand,
1
,= 0, a contradiction.
We conclude that m n, and so [G[ [L : K].
Corollary 5.2. Let L/K be a Galois extension with Galois group G. Then
K = L
G
.
Proof. Since L/K is a Galois extension we have [G[ = [L : K], and so G is a
nite group. Then, by the proposition, [G[ = [L : L
G
]. Clearly K L
G
, so the
Tower Law gives us that [L
G
: K] = 1, whence L
G
= K.
We observe that L/K is Galois if and only if K is the xed eld of Gal(L/K).
This condition is used by some authors as the denition of a Galois extension.
5.1 The Galois Correspondence
The next theorem is of great importance: it states that intermediate elds of
Galois extensions correspond to subgroups of the Galois group. In particular,
there are only nitely many intermediate elds.
Theorem 5.3 (Fundamental Theorem of Galois Theory). Let L/K be Galois
with Galois group G. Then there exists a bijection
subgroups of G intermediate elds of L/K
H L
H
Gal(L/F) F
In particular, for each intermediate eld F, the extension L/F is Galois.
Proof. Let H be a subgroup of G and set F := L
H
. Since H is a subgroup of
G = Gal(L/K) we know that K F, so that F is an intermediate eld of L/K.
Moreover, H is a nite group (since G is), so we can apply Proposition 5.1 to
23
deduce that L/F is Galois with Galois group H. This proves that Gal(L/L
H
) =
H.
Conversely, let F be an intermediate eld of L/K and set H := Gal(L/F).
Since K F, we see that H xes K, and so H is a subgroup of G. Now, by
Corollary 4.4 we know that [L : F] [H[ and [F : K] [ Hom
K
(F, L)[, whereas
by Proposition 4.1 we know that [ Hom
K
(F, L)[ [G : H]. We can now use the
Tower Law to deduce that
[L : K] = [L : F][F : K] [H[[G : H] = [G[.
Since L/K is Galois we have [G[ = [L : K], and so we must have equality above.
It follows that [H[ = [L : F], and thus L/F is Galois with Galois group H.
Hence H has xed eld F by Corollary 5.2.
For convenience we record the following result, shown during the above proof
and improving Proposition 4.1.
Corollary 5.4. Let L/K be Galois with Galois group G. Let F be an in-
termediate eld of L/K and set H := Gal(L/F). Then there is a bijection
(G : H)

= Hom
K
(F, L), with both sides having size [F : K].
The next result investigates the correspondence between subgroups and inter-
mediate elds more closely.
We need some terminology. If F is an intermediate eld of a Galois extension
L/K, then we call Gal(L/F) the Galois group associated to F.
Theorem 5.5 (Galois Correspondence). Let L/K be Galois with Galois group
G. Let H, H
i
be subgroups of G, with xed elds F, F
i
.
1. H
1
H
2
if and only if F
1
F
2
.
2. H
1
H
2
has xed eld the compositum F
1
F
2
.
3. F
1
F
2
has associated group H
1
, H
2
).
4. If G, then (F) has associated group H
1
.
5. F/K is Galois if and only if (F) = F for all G, which is if and
only if H G is a normal subgroup. In this case, F/K has Galois group
(isomorphic to) G/H.
Recall that if H
1
, H
2
G are subgroups, then we write H
1
, H
2
) for the smallest
subgroup of G containing both H
1
and H
2
.
Proof. 1. If H
1
H
2
, then everything xed by all elements of H
2
is necessarily
xed by all elements of H
1
, so F
1
F
2
. Conversely, if F
1
F
2
, then every
automorphism xing all elements of F
1
necessarily xes all elements of F
2
, so
H
1
H
2
.
24
2. Let H
1
H
2
have xed eld M, and let F
1
F
2
have associated Galois group
B. Since F
1
F
2
F
i
we have B H
i
, and hence B H
1
H
2
. Conversely,
since H
1
H
2
H
i
we have M F
i
, and hence M F
1
F
2
. Applying (1) then
gives H
1
H
2
B. Thus B = H
1
H
2
and M = F
1
F
2
.
3. This is similar. Let H
1
, H
2
) have xed eld M, and let F
1
F
2
have as-
sociated Galois group B. Since F
i
F
1
F
2
we have H
i
B, and hence
H
1
, H
2
) B. Conversely, since H
i
H
1
, H
2
) we have F
i
M, and hence
F
1
F
2
M. Applying (1) then gives B H
1
, H
2
). Thus B = H
1
, H
2
) and
M = F
1
F
2
.
4. The Galois group associated to (F) consists of all automorphisms such
that (x) = (x) for all x F, or equivalently
1
(x) = x for all x F.
Thus Gal(L/(F)) if and only if
1
Gal(L/F) = H, which is if and
only if H
1
.
5. By (4) we know that H is a normal subgroup if and only if (F) = F for all
G. Next, by Corollary 5.4 we have a bijection (G : H)

= Hom
K
(F, L), so
every K-embedding F L is the restriction to F of some element in G. Thus
H is normal if and only if every K-embedding : F L has image F.
On the other hand we have an inclusion : Gal(F/K) Hom
K
(F, L) by Propo-
sition 4.1, whose image is precisely those satisfying (F) = F. Therefore H
is normal if and only if is a bijection, and since [ Hom
K
(F, L)[ = [F : K] by
Corollary 5.4, this is equivalent to [ Gal(F/K)[ = [F : K], and hence to F/K
being Galois.
Finally, if this holds, then we have a (set-theoretic) bijection G/H

= Gal(F/K).
This sends a coset H to its restriction : F L, which we know has image
F so lies in Gal(F/K). An easy check shows that this bijection respects the
multiplication and preserves the identity, so is a group isomorphism.
Remarks
The rst statement says that the bijection between subgroups of G and inter-
mediate elds of L/K is inclusion-reversing. The next two statements say
that the bijection preserves the lattice structure.
Later we will introduce the notion of a normal eld extension, and then (5) says
that H is a normal subgroup if and only if F/K is a normal eld extension. In
fact, this is the origin of the term normal subgroup.
We have the following two pictures representing properties (2) and (3) above.
25
L
F
1
F
2
F
1
F
2
K
F
1
F
2 Galois
correspondence
1
H
1
H
2
H
1
, H
2
)
G
H
1
H
2
Example
Set =
3

2 and = exp(2i/3). We know that the eld extension Q(, )/Q

is Galois with Galois group Sym
3
. Moreover, the automorphisms are given by
id
2

2

2

2

2

2

2

Now, the proper subgroups of Sym

3
are id, the group of order three ), and
the three groups of order two ), ),
2
).
The subgroup ) has xed eld Q(). For, xes , so Q() is contained in
the xed eld. On the other hand, the subgroup has index two, and Q()/Q
has degree two, so we must have equality.
The subgroup ) has xed eld Q(). For, xes , and we can again argue
by degrees.
Similarly, the subgroup ) has xed eld Q(
2
), and
2
) has xed eld
Q().
We usually display this by drawing the lattices of subgroups and intermediate
elds.
)
1
S
3
) )
2
)
Q()
L = Q(, )
Q
Q() Q(
2
) Q()
Note that ) = Alt
3
is a normal subgroup, and that Q()/Q is Galois.
26
5.2 Transitive Group Actions
Let a group G act on a set X. We say that the action is transitive provided
that, for x, y X there exists g G with g(x) = y. We are going to show
that if L/K is a Galois extension with Galois group G, then for each L its
minimal polynomial m
/K
splits into distinct linear factors over L and G acts
transitively on the roots.
Proposition 5.6. Let L/K be Galois with Galois group G. Let L and set
d = [L : K()]. Then

G
_
X ()
_
= (m
/K
)
d
.
Moreover, m
/K
splits into distinct linear factors over L.
Proof. Set f :=

G
_
X ()
_
. If G, then
(f) =

G
_
X ()
_
=

G
_
X ()
_
= f.
Thus every coecient of f is in the xed eld of G, so f K[X].
Consider H := Stab() = G : () = . Then clearly H = Gal(L/K()),
so d := [H[ = [L : K()] and [G : H] = [K() : K]. If we take coset represen-
tatives
i
for H in G, then f = m
d
, where m =

i
_
X
i
()
_
. Note that m
is a monic polynomial of degree [G : H] = [K() : K], and splits into distinct
linear factors over L. Moreover, since each G just permutes the roots of f,
the same is true for m. Thus (m) = m for all G, so m K[X]. Finally,
since is a root of m, we conclude that m = m
/K
.
We say that two elements and of L are K-conjugates if they have the
same minimal polynomial over K.
Corollary 5.7. Let L/K be Galois with Galois group G. Then , L are
K-conjugates if and only if there exists G with () = . In particular, G
acts transitively on the roots of m
/K
.
Proof. We have just seen that m
/K
=

i
_
X
i
()
_
, where
i
are coset
representatives for Gal(L/K()) in G. Now, is a K-conjugate of if and only
if it is a root of m
/K
, which is if and only if it is of the form () for some
G.
27
Chapter 6
Calculating Galois Groups
6.1 Example 1
Consider the irreducible polynomial f = X
4
2 Q[X] and set :=
4

2 R.
Over the complex numbers f has roots , i. Set L = Q(, i). We will show
that L/Q is Galois with Galois group D
8
, the dihedral group of order eight, or
symmetry group of a square.
There are four embeddings Q() L given by i
m
for 0 m < 4. Also,
since R we see that i , Q(), and hence that i has minimal polynomial
X
2
+1 over Q(). By Artins Extension Theorem, each embedding i
m
can
be extended in two ways by i i. This gives the eight elements of Gal(L/Q)
i
m

i i
and
i
m

i i.
Set to be the map i, i i and to be the map , i i. Then
has order four, is complex conjugation, so has order two, and =
3
.
Hence Gal(L/Q)

= D
8
, the dihedral group of order 8, or the symmetry group
of a square.
In fact, the four roots i
m
of f in C form the four vertices of a square, with
diagonals along the real and imaginary axes. In this picture, is just the
rotation anticlockwise by /2 and is reection in the real axis.

i
i

28
As usual we draw the lattices of subgroups and intermediate elds. Note that
all inclusions of subgroups have index 2.
1
D
8

2
) )
2
) )
3
)

2
, ) )
2
, )
L = Q(, i)
Q
Q(i) Q() Q(
2
, i)
E F
Q(
2
) Q(i)
G
To nd the xed elds we can proceed as follows. Clearly xes i, so Q(i) is
contained in the xed eld of ). On the other hand, ) has index two in D
8
and Q(i)/Q has degree two, so Q(i) is the xed eld of ).
Similar reasoning shows that ) has xed eld Q().
We now apply the Galois Correspondence. Using that )
1
=
1
) =

2
), we see that
2
) has xed eld Q(()) = Q(i).
Next, the subgroup ,
2
) =
2
, ) has xed eld the intersection Q()
Q(i). This equals Q(
2
), since we obviously have one inclusion and the degrees
coincide. It now follows that the group
2
) = )
2
, ) has xed eld
Q(
2
, i).
It remains to calculate the intermediate elds E, F and G.
The subeld G is contained in Q(
2
, i) = Q(

2, i), and we have seen such eld

extensions before. We deduce that G = Q(i
2
) = Q(i

2).
Consider . Viewing the four roots i
m
of f as the points of a square in
C, we observe that swaps and i, and hence xes the midpoint (1 + i)
of the side connecting with i. Now, (1 + i) has four distinct conjugates
(1+i), (1i), so Q((1+i))/Qhas degree four, and hence E = Q((1+i)).
Finally, we can conjugate by to deduce that F = (E) = Q((1 i)).
We seem to have lost some symmetry in our diagram of intermediate elds, but
we can reclaim this by applying some more thought to the elds E and F. We
begin by noting that the primitive eighth root of unity := exp(2i/8) can be
written as
=
1 +i

2
=
1 +i

2
.
It follows that L = Q(, ). Furthermore,
2
= i and
2
= +
1
, so Q(
2
, i) =
Q(). Also, F is generated by
2
(1 i)
=
1 +i

= ,
29
and similarly E is generated by
2
(1 +i)
=

3
1 +i
=
1
=
3
.
Observe that
() =
1 +i

2
= and () =
1 i

2
=
1
.
We can therefore rewrite the lattice of intermediate elds as
Q(, )
Q
Q(
2
) Q() Q() Q(
3
) Q()
Q(
2
) Q(
2
) Q(
2

2
)
The proper normal subgroups of D
8
are

2
, ), ),
2
, ), ),
and so their respective xed elds are Galois over Q
Q(
2
), Q(i), Q(i
2
), Q().
30
6.2 Example 2
Let =
_
(2 +

2)(3 +

3). We will show that L = Q() is Galois over Q and

has Galois group Q
8
, the quaternion group.
Observe that
2
= (2 +

2)(3 +

3) = 6 + 3

2 + 2

3 +

6. Thus Q(
2
)
Q(

2,

3), which we know is Galois over Q with Galois group V

= (Z/2Z)
2
.
We can write V = 1, , , , where
(

2) =

2
(

3) =

3
and
(

2) =

2
(

3) =

3.
Consider the four conjugates of
2
6 + 3

2 + 2

3 +

6, 6 3

2 + 2

6
6 + 3

2 2

6, 6 3

2 2

3 +

6.
Since 1,

2,

3,

6 is a Q-basis for Q(

2,

3), we observe that these four

elements are all distinct. Thus
2
is a primitive element for Q(

2,

3). In
particular, Q(
2
)/Q is Galois with Galois group V .
Clearly [Q() : Q(
2
)] 2, so to prove equality, we must show that ,
Q(
2
) = Q(

2,

3). Suppose for a contradiction that Q(

2,

3) and
consider (). This must lie in the xed eld of ), namely Q(

2). On the
other hand
( ())
2
=
2
(
2
) = (2 +

2)(3 +

3) (2 +

2)(3

3) = 6(2 +

2)
2
.
Thus
6 =
_
()
2 +

2
_
2
and hence

6 =
()
2 +

2
Q(

2).
This yields the required contradiction. Therefore [Q() : Q] = 8.
We have shown that the minimal polynomial of over Q(
2
) = Q(

2,

3) is
simply X
2
(2 +

2)(3 +

3). By Artins Extension Theorem we can extend

each of the four embeddings Q(
2
) C, given by the elements of V , in two
ways. This gives the eight possible embeddings Q() C

_
(2

2)(3

3),
where we can choose the signs independently of one another.
Observe that we can now nd the minimal polynomial of over Q, since this is
the polynomial of degree eight having precisely these roots. We calculate
m := m
/Q
= X
8
24X
6
+ 144X
4
288X
2
+ 144.
Now,
_
2

2 =
_
(2

2)(2 +

2)
_
2 +

2
=

2
_
2 +

2
=

2
_
2 +

2
2 +

2
=
_
2 +

2
1 +

2
31
and similarly
_
3

3 =

6
_
3 +

3
=

2
_
3 +

3
1 +

3
.
Therefore
_
(2

2)(3 +

3) =

1 +

2
_
(2 +

2)(3

3) =

2
1 +

3
_
(2

2)(3

3) =

=
2

and since Q(
2
) = Q(

2,

3), we see that

2,

3,

6 Q(), and hence each

of the roots lies in Q(). We conclude that each embedding Q() C has
image Q(), so restricts to an automorphism of Q(). Thus Gal(Q()/Q) has
order eight and so Q()/Q is Galois.
We now show that the Galois group is isomorphic to the quaternion group Q
8
.
Dene to be the following extension of
:

2

2,

3,
_
(2

2)(3 +

3) =

1 +

2
.
Similarly dene to be the following extension of
:

2

2,

3,
_
(2 +

2)(3

3) =

2
1 +

3
.
Then

2
() =
()
(1 +

2)
=
/(1 +

2)
1

2
=

2
() =
(

2)
(1 +

3)
=
2/(1 +

3)
1

3
= .
Hence
2
=
2
and
4
= 1. Also (

3) =

3 and
() =
(

2)
(1 +

3)
=

2/(1 +

2)
1 +

3
=

2
(1 +

2)(1 +

3)
=
2

,
so ()
2
() = . It follows from the discussion below that Gal(Q()/Q)

= Q
8
.
We recall that the quaternions are given as
H := a +bi +cj +dk : i
2
= j
2
= k
2
= ijk = 1, a, b, c, d R.
This is a non-commutative R-algebra. Note that ij = k, jk = i and ki = j,
whereas ji = k, kj = i, ik = j.
32
The quaternion group Q
8
is given as the multiplicative subgroup
Q
8
:= 1, i, j, k H.
This has the presentation
Q
8
= i, j : i
2
= j
2
= (ij)
2
, i
4
= 1),
so Q
8

= Gal(Q()/Q) via i and j .
We next compute all possible subgroups of Q
8
.
The subgroup Z = 1) is central, so normal, and the quotient group Q
8
/Z
is isomorphic to the Klein four group V

= (Z/2Z)
2
. The Third Isomorphism
Theorem now tells us that the subgroups of Q
8
containing Z are in bijection
with the subgroups of V . This yields the subgroups i), j) and k), each of
which is isomorphic to Z/4Z. In fact, together with Z, these are the only proper
subgroups of Q
8
. For, let H Q
8
be a proper subgroup and take 1 ,= h H.
Then either h
2
= 1, or else h
2
= 1 and so h = 1. In either case we see that
1 H, so Z H and H is on our list.
We can now draw the lattices of subgroups and intermediate elds. Again, all
inclusions of subgroups have index 2.
1

2
)
Q
8
) ) )
Q()
Q(

2,

3)
Q
Q(

2) Q(

3) Q(

6)
For, we know that xes

3, so by degrees Q(

3) is the xed eld of ).

Similarly, ) has xed eld Q(

2) and ) has xed eld Q(

6). Finally,
by the Galois Correspondence, the intersection ) ) =
2
) has xed eld
Q(

2,

3).
Note that all subgroups are normal, so all intermediate elds are Galois over Q.
33
Chapter 7
Some Applications
We now consider two particular cases of Galois extensions.
7.1 Symmetric Functions
Let k be a eld. Let k[t
1
, . . . , t
n
] be a polynomial ring over k with n indeter-
minates, and set L := k(t
1
, . . . , t
n
) to be its quotient eld. Alternatively we
can construct L via a sequence of simple transcendental eld extensions: set-
ting k
i
:= k(t
1
, . . . , t
i
) we see that k
i
= k
i1
(t
i
) is a simple transcendental eld
extension.
The symmetric group Sym
n
acts on the set t
1
, . . . , t
n
via (t
i
) := t
(i)
. This
therefore extends to a k-algebra automorphism of k[t
1
, . . . , t
n
]. Note that Sym
n
acts faithfully, in the sense that (f) = f for all f implies = id.
Using that L is the quotient eld of k[t
1
, . . . , t
n
] we deduce that Sym
n
acts on L
as k-automorphisms. In other words we have an injective group homomorphism
Sym
n
Gal(L/k). We can now apply Proposition 5.1 to deduce that L/L
Sym
n
is a Galois extension with Galois group Sym
n
. The xed eld L
Sym
n
is called
the eld of symmetric functions.
For 1 r n dene
s
r
:=

i1<<ir
t
i1
t
ir
,
so that in particular
s
1
= t
1
+t
2
+ +t
n
and s
n
= t
1
t
2
t
n
.
We can view the summands of s
r
as being indexed by the r-element subsets of
1, . . . , n. Since the group Sym
n
acts transitively on the set of all r-element
subsets we see that each s
r
is xed by Sym
n
, so lies in the xed eld. We set
K := k(s
1
, . . . , s
n
),
34
the subeld of L generated over k by the elements s
1
, . . . , s
n
.
Theorem 7.1 (Fundamental Theorem of Symmetric Functions). The extension
L/K is Galois with Galois group Sym
n
. In particular, any symmetric function
(a rational function of the t
i
which is xed by Sym
n
) can be expressed as a
rational function of the s
i
.
Moreover, any symmetric polynomial (a polynomial in the t
i
which is xed by
Sym
n
) can be expressed as a polynomial in the s
i
. Hence the xed ring of
k[t
1
, . . . , t
n
] is k[s
1
, . . . , s
n
].
Proof. As observed above, L/L
Sym
n
is a Galois extension with Galois group
Sym
n
, so [L : L
Sym
n
] = [Sym
n
[ = n!. We also have K L
Sym
n
, so [L : K] n!.
It therefore suces to prove that [L : K] n!, for then [L : K] = n!, and so
K = L
Sym
n
.
Set K
i
:= K(t
1
, . . . , t
i
). Then K
i
= K
i1
(t
i
), so by the Tower Law it is enough
to show that [K
i+1
: K
i
] n i. Consider the polynomial
f := (X t
1
)(X t
2
) (X t
n
) = X
n
s
1
X
n1
+s
2
X
n2
+ + (1)
n
s
n
.
Then f K[X]. Moreover, since t
1
, . . . , t
i
K
i
we deduce that
f
i
:= (X t
i+1
) (X t
n
) = f/(X t
1
) (X t
i
) K
i
[X].
Now, t
i+1
is a root of the polynomial f
i
, so [K
i+1
: K
i
] = [K
i
(t
i+1
) : K
i
]
deg(f
i
) = n i as required.
This proves that [L : K] n!, and hence that K = L
Sym
n
is the xed eld.
To prove the second statement we set S := k[s
1
, . . . , s
n
]. Then S is a subring
of K, so an integral domain, and clearly K is the quotient eld of S. More
generally, set S
i
:= S[t
1
, . . . , t
i
], so that S
i
is a subring of K
i
and has quotient
eld K
i
.
We saw above that f
0
= f S[X]. Moreover, since each polynomial (X
t
1
) (X t
i
) S
i
[X] is monic and divides f over K
i
, we must have that
f
i
= f/(X 1) (X t
i
) S
i
[X].
We claim that any polynomial in k[t
1
, . . . , t
n
] can be written as a sum of elements
of the form gm, where g S and
m /:= t
a1
1
t
an
n
: 0 a
i
< n i.
Take a polynomial h k[t
1
, . . . , t
n
]. Since t
n
is a root of f
n1
S
n1
[X] and
f
n1
has degree one, we can replace any occurrence of t
n
with an element of
S
n1
. Similarly, since t
n1
is a root of f
n2
S
n2
[X] and f
n2
has degree
two, we can replace all occurrences of t
d
n1
for d > 1 by a linear polynomial
in t
n2
with coecients in S
n2
. Continuing in this way, we can use that
f
i1
S
i1
[X] to replace all occurrences of t
d
i
for d > n i by a polynomial of
degree n i in t
i
with coecients in S
i1
. Doing this for all i = n, . . . , 1, we
can express h in the given form, proving the claim.
35
It follows that the monomials in / form a K-basis of L. For, [L : K] = n! =
[/[, so it is enough to show that they span. Any element in L can be written
as a fraction g/h with g, h k[t
1
, . . . , t
n
] and h ,= 0. Set

h :=

=id
(g),
so that H := h

h is xed by Sym
n
, so lies in K, and G := g

h k[t
1
, . . . , t
n
].
Now, g/h = G/H and we have just shown that G can be written as a K-linear
combination of elements in /. Thus the same is true of G/H = g/h, so / is
a spanning set as required.
Finally, let h k[t
1
, . . . , t
n
] be a symmetric polynomial. Then h K, and also
h is an S-linear combination of elements in /. Since /is a K-basis, these two
expressions must agree, so h S.
It is instructive to see an example of this procedure. Take n = 3. We wish to
write the polynomial h := t
2
1
t
3
+ t
3
2
as an S-linear combination of elements of
/, where S = k[s
1
, s
2
, s
3
] and /= 1, t
1
, t
2
, t
2
1
, t
1
t
2
, t
2
1
t
2
.
We have the polynomials
f
0
= (X t
1
)(X t
2
)(X t
3
) = X
3
s
1
X
2
+s
2
X s
3
f
1
= (X t
2
)(X t
3
) =
f
0
X t
1
= X
2
(s
1
t
1
)X + (s
2
s
1
t
1
+t
2
1
)
f
2
= X t
3
=
f
1
X t
2
= X (s
1
t
1
t
2
)
It follows that we can make the following replacements
t
3
= s
1
t
1
t
2
t
2
2
= (s
1
t
1
)t
2
(s
2
s
1
t
1
+t
2
1
)
t
3
1
= s
1
t
2
1
s
2
t
1
+s
3
Replacing t
3
in h gives
h = s
1
t
2
1
t
3
1
t
2
1
t
2
+t
3
2
.
We next observe that
t
3
2
= t
2
t
2
2
= (s
1
t
1
)t
2
2
(s
2
s
1
t
1
+t
2
1
)t
2
= (s
1
t
1
)
2
t
2
(s
1
t
1
)(s
2
s
1
t
1
+t
2
1
) (s
2
s
1
t
1
+t
2
1
)t
2
= (s
2
1
s
2
s
1
t
1
)t
2
(s
1
s
2
s
2
1
t
1
s
2
t
1
+ 2s
1
t
2
1
t
3
1
).
Substituting in gives
h = (s
2
1
s
2
s
1
t
1
t
2
1
)t
2
+ (s
1
s
2
+s
2
1
t
1
+s
2
t
1
s
1
t
2
1
)
= s
1
s
2
+ (s
2
1
+s
2
)t
1
+ (s
2
1
s
2
)t
2
s
1
t
2
1
s
1
t
1
t
2
t
2
1
t
2
.
36
7.2 The J-Invariant
We wish to dene an action of the group Sym
3
on the eld k(t). Recall that
Sym
3
has the presentation
Sym
3
= , :
3
=
2
= ()
2
= id).
Consider the k-algebra homomorphisms
, : k[t] k(t), (t) := (1 t)
1
, (t) := t
1
.
Since (1 t)
1
and t
1
are both transcendental over k, these k-algebra homo-
morphisms extend to k-embeddings
, : k(t) k(t).
Moreover, a quick check reveals that
3
=
2
= ()
2
= id, so we obtain that
Sym
3
acts as on k(t) as k-automorphisms. In other words we have a group
homomorphism Sym
3
Gal(k(t)/k). Finally, computing g(t) for all g Sym
3
shows that this action is faithful, so the group homomorphism is injective.
Let L = k(t) and K = L
Sym
3
. Then Proposition 5.1 tells us that L/K is Galois
with Galois group Sym
3
.
Theorem 7.2. We have K = k(J), where J =
(t
2
t + 1)
3
t
2
(t 1)
2
.
Proof. A short calculation gives that both (J) = J and (J) = J, so that J
lies in the xed eld K. Since L/K is Galois with Galois group Sym
3
we know
that [L : K] = [Sym
3
[ = 6, so [L : k(J)] 6. It is therefore enough to show
that [L : k(J)] 6. For this, we just observe that t is a root of the polynomial
(X
2
X + 1)
3
JX
2
(X 1)
2
k(J)[X].
In other words, the set of functions f k(t) for which
f(t) = f((1 t)
1
) = f(t
1
)
is precisely the eld k(J) of functions in J.
We remark that
(X
2
X + 1)
3
JX
2
(X 1)
2
=

gSym
3
_
X g(t)
_
.
For, t, and hence each g(t) for g Sym
3
, is a root of the left-hand side, which
is a monic polynomial of degree six.
We can view
: t (1 t)
1
and : t t
1
as functions on C 0, 1. In fact, we can even extend these to functions on the
Riemann Sphere P
1
:= C . This denes an action of Sym
3
on P
1
.
37
Proposition 7.3. Two numbers , P
1
lie in the same Sym
3
orbit if and
only if J() = J().
Proof. Since J is in the xed eld we have J(g()) = J() for all g Sym
3
.
Conversely, suppose that J() = J() ,= . Then is a root of the polynomial
(X
2
X + 1)
3
J()X
2
(X 1)
2
=

gSym
3
(X g()).
Finally, if J() = , then 0, 1, and these three points form a single
Sym
3
orbit.
This action of Sym
3
on P
1
arises in the denition of the cross-ratio. Recall
that the cross-ratio of four complex numbers may be dened as
[z
1
, z
2
; w
1
, w
2
] :=
(z
1
w
1
)(z
2
w
2
)
(z
1
w
2
)(z
2
w
1
)
P
1
:= C .
However, reordering the four complex numbers generally gives a dierent value.
In fact, the symmetry group Sym
4
acts on the quadruple (z
1
, z
2
, w
1
, w
2
) by
place-permutation. Since
[z
1
, z
2
; w
1
, w
2
] = [z
2
, z
1
; w
2
, w
1
] = [w
1
, w
2
; z
1
, z
2
] = [w
2
, w
1
; z
2
, z
1
]
we see that the subgroup
V := id, (12)(34), (13)(24), (14)(23)
acts trivially. Now V S
4
is a normal subgroup and the factor group is isomor-
phic to Sym
3
. If we dene := [z
1
, z
2
; w
1
, w
2
], then
[z
1
, w
1
; w
2
, z
2
] = (1 )
1
= () and [z
1
, z
2
; w
2
, w
1
] =
1
= (),
so we recover the action of Sym
3
on P
1
.
The function J is important in the study of elliptic curves. The Legendre
normal form of an elliptic curve E is
Y
2
= X(X 1)(X ) with C 0, 1.
Moreover, two elliptic curves E, E

are isomorphic if and only if the numbers

,

lie in the same Sym

3
-orbit, so if and only if J() = J(

). We therefore
dene J(E) := J(), and this parameterises the isomorphism classes of elliptic
curves. (It is common to dene j(E) := 2
8
J(E) and declare this to be the
j-invariant of the elliptic curve E.)
For more interesting facts about cubics, elliptic curves and Sym
3
, try here.
38
Chapter 8
Normal Extensions
Recall from Proposition 5.6 that if L/K is Galois, then for every L, its
minimal polynomial over K splits over L. In this chapter we investigate this
property further.
8.1 Splitting Field Extensions
Let L/K be a eld extension and f K[X] a non-constant polynomial. We
say that f splits over L provided it factorises as a product of linear polynomials
over L; equivalently if f has deg(f) roots in L (counted with multiplicities).
We say that L/K is a splitting eld extension for f provided that f splits
over L, but not over a proper intermediate eld of L/K.
Lemma 8.1. Let L/K be a eld extension, f K[X] and assume that f splits
over L. Then there is a unique intermediate eld of L/K which is a splitting eld
extension for f, namely E = K(
1
, . . . ,
n
), where
1
, . . . ,
n
are the distinct
roots of f in L.
Proof. Let F be an intermediate eld of L/K. Then f splits over F if and only
if F contains every root of f, which is if and only if F contains E. In particular,
f splits over E, but not over any intermediate eld of E/K, so that E/K is a
splitting eld extension for f.
We can combine the previous lemma with Kroneckers Theorem and induction to
prove that splitting eld extensions always exist, and then use Artins Extension
Theorem to prove that they are unique up to isomorphism.
Theorem 8.2 (Existence and Uniqueness of Splitting Field Extensions). Let
f K[X] be non-constant. Then there exists a splitting eld extension L/K of
f, and [L : K] deg(f)!. Moreover, if L

/K is another splitting eld extension

of f, then there exists a K-isomorphism L

L

.
39
More generally, let : K

K

be a eld isomorphism, L/K a splitting eld

extension for f, and L

/K

a splitting eld extension for (f). Then there exists

a eld isomorphism L

L

extending .
Proof. Existence. By Kroneckers Theorem there exists a simple eld exten-
sion K(
1
)/K of degree at most deg(f) such that
1
is a root of f. This is
constructed by taking an irreducible factor m of f, forming the eld extension
K[X]/(m) of K, and letting
1
be the image of X.
Now, over K(
1
), we can write f = (X
1
)g, and deg(g) = deg(f) 1. By
induction on degree there exists a splitting eld extension L/K(
1
) for g, and
[L : K(
1
)] deg(g)!. It follows from the Tower Law that [L : K] deg(f)!.
Let
2
, . . . ,
n
be the roots of g in L. Since L/K(
1
) is a splitting eld extension
for g we must have by the previous lemma that
L = K(
1
)(
2
, . . . ,
n
) = K(
1
, . . . ,
n
).
Now,
1
, . . . ,
n
are the roots of f in L, so by the previous lemma once more
we obtain that L/K is a splitting eld extension for f.
Uniqueness. We want to apply the same kind of induction argument to prove
uniqueness, which is why we need the more general statement concerning iso-
morphisms extending , and not just K-isomorphisms.
Suppose that : K

K

is a eld isomorphism and that L

/K

is a splitting
eld extension of f

:= (f) K

[X].
Let L be a root of f, and let m = m
/K
be the minimal polynomial of
over K. Then m K[X] is a factor of f, so (m) K

[X] is a factor of f

.
Since f

splits over L

, so too does (m). Let

be a root of (m). Set

E := K() and E

:= K

). By Artins Extension Theorem the map

induces a eld isomorphism : E

E

extending .
Now, over E, we can write f = (X)g and L/E is a splitting eld extension of
g. Similarly, over E

, we can write f

= (X

)g

and L

/E

is a splitting eld
extension of g

. Since (f) = f

and () =

, we must have that (g) = g

.
We therefore have a eld isomorphism : E

E

, a splitting eld extension

L/E of g E[X], and a splitting eld extension L

/E

of g

:= (g). By
induction on degree we can extend to a eld isomorphism : L

L

.
Finally, since extends : K

K

, so too does .
We can also dene splitting eld extensions of sets of polynomials S K[X].
This is a eld extension L/K over which every f S splits, but where no
intermediate eld has this property.
Corollary 8.3. Let S K[X] be a nite subset. Then there exists a splitting
eld extension for S over K, and this is unique up to isomorphism.
Proof. If S = f
1
, . . . , f
n
, then L/K is a splitting eld extension for S if and
only if it is a splitting eld extension for f = f
1
f
n
.
40
A much harder result is that splitting eld extensions exist and are unique up
to isomorphism for arbitrary subsets S K[X]. This follows from the existence
of the algebraic closure of a eld. See Chapter 14.
8.2 Normal Extensions
An algebraic eld extension L/K is called normal if, for all L, its minimal
polynomial m
/K
splits over L.
We begin by relating normal extensions to the seemingly weaker condition of
splitting eld extensions.
Theorem 8.4. A nite eld extension L/K is normal if and only if it is a
splitting eld extension for some polynomial f K[X].
Proof. Suppose rst that L/K is normal. Since L/K is nite, it is nitely
generated, say L = K(
1
, . . . ,
n
). Let m
i
= m
i/K
be the minimal polynomial
of
i
over K, and set f := m
1
m
n
. Using that L/K is normal, we know that
each m
i
splits over L, so f also splits over L. As L is generated over K by
roots of f, we can apply Lemma 8.1 to conclude that L/K is a splitting eld
extension for f.
Conversely, let L/K be a splitting eld extension for f K[X]. Take L
and let m = m
/K
be its minimal polynomial. We need to show that m splits
over K. To this end, let M/L be a splitting eld extension of m.
Take M a root of m. By Artins Extension Theorem we know that there is
a K-isomorphism : K()

K(), .
Now, let
1
, . . . ,
n
be the roots of f in L. Since L/K is a splitting eld extension
of f, we know that L = K(
1
, . . . ,
n
). It follows that
L() = K(,
1
, . . . ,
n
) = K()(
1
, . . . ,
n
),
so that L()/K() is also a splitting eld extension for f.
We therefore have a K-isomorphism : K()

K(), a splitting eld extension
L/K() for f K[X], and a splitting eld extension L()/K() for (f) = f.
We can therefore apply Theorem 8.2 to obtain a eld isomorphism : L

L()
extending . In particular, since is a K-isomorphism, so too is . It follows
that [L : K] = [L() : K], so by the Tower Law we have [L() : L] = 1, and
hence L() = L. In other words, L, so every root of m lies in L, so m splits
over L.
8.3 Normal Closure
One has to be careful when dealing with normal extensions, since it is possible
to have a tower M/L/K of elds with both M/L and L/K normal, but M/K
not normal.
41
For example, take K = Q, L = Q(

2) and M = Q(
4

2). Then L/Q is the

splitting eld of X
2
2 and M/L is the splitting eld of X
2

2. However,
M/Q is not normal. For, the minimal polynomial of
4

2 over Q is m := X
4
2,
which decomposes as (X
4

2)(X +
4

2)(X
2
+

2) over M. Since M R but

the roots of X
2
+

2 are complex, we see that m does not split over M.

For this reason, we make the following denition. Let L/K be nite. A eld
extension M/L is called a normal closure of L/K if M/K is normal, but
M

/K is not normal for a proper intermediate eld of M/L. (Note the relevant
base elds.)
Theorem 8.5 (Existence and Uniqueness of Normal Closures). Let L/K be
nite. Then there exists a normal closure M/L of L/K, of nite degree, and
unique up to isomorphism.
Proof. Since L/K is nite, it is nitely generated, say L = K(
1
, . . . ,
n
). Let
m
i
= m
i/K
be the minimal polynomial of
i
over K, and set f := m
1
m
n
.
Let M/L be a eld extension such that M/K is normal. Then each
i
M, so
m
i
splits over M, and hence f splits over M.
Conversely, let M/L be a splitting eld extension for f. By Lemma 8.1, if
S M is the set of roots of f, then M = L(S). Since each
i
is a root of f, we
have
i
S, and so M = L(S) = K(
1
, . . . ,
n
, S) = K(S). Therefore M/K
is a splitting eld extension for f, by the same lemma, and hence is normal by
Theorem 8.4.
It follows that a eld extension N/L is a normal closure for L/K if and only
if it is a splitting eld extension for f. The niteness and uniqueness are now
immediate consequences of Theorem 8.2.
42
Chapter 9
Finite Fields
A nite eld is a eld with only nitely many elements. Examples include the
elds F
p
:= Z/pZ for each prime number p. In this chapter we will construct
all nite elds, and compute the Galois groups of all eld extensions involving
nite elds. We will show that two nite elds are isomorphic if and only if
they have the same number of elements, and that all eld extensions of nite
elds are Galois with cyclic Galois groups.
Recall that the characteristic of a ring R is the integer n 0 generating the
kernel of the (unique) ring homomorphism Z R. The characteristic of a eld
is either 0 or a prime number.
In particular, the characteristic of a nite eld F is always a prime number p,
so F has prime subeld F
p
. Moreover, if F/F
p
has degree n, then F has p
n
elements.
Finally we shall need the derivative of a polynomial. Let K be any eld. Then
the linear map
D: K[X] K[X], X
n
nX
n1
satises the product rule D(fg) = D(f)g+fD(g). We usually write f

for D(f)
and call it the derivative.
9.1 Frobenius Homomorphism
Let K be any eld of characteristic p > 0. The Frobenius homomorphism
is dened to be the map
Fr: K K, x x
p
.
Lemma 9.1. The Frobenius homomorphism is a eld homomorphism. In par-
ticular, it is injective.
43
Proof. We need to check that
(x +y)
p
= x
p
+y
p
, (xy)
p
= x
p
y
p
, 0
p
= 0 and 1
p
= 1.
The last three are obvious, so we just need to check that (x + y)
p
= x
p
+ y
p
.
Using the binomial formula, we have
(x +y)
p
=
p

r=0
_
p
r
_
x
r
y
pr
.
Since
_
p
r
_
= p!/r!(p r)! and p does not divide r! for any 0 r < p, we
deduce that p divides
_
p
r
_
for each 0 < r < p. Since char(K) = p, we get
(x +y)
p
= x
p
+y
p
as required.
Note that, by induction, (x
1
+ +x
n
)
p
= x
p
1
+ +x
p
n
.
As usual we may extend the Frobenius homomorphism to the polynomial ring
K[X] via
Fr
_
a
0
X
n
+ +a
n1
X +a
n
_
= a
p
0
X
n
+ +a
p
n1
X +a
p
n
.
Lemma 9.2. Let f K[X]. Then Fr(f)(X
p
) = f(X)
p
.
Proof. Write f = a
0
X
n
+ +a
n1
X+a
n
. As noted above,
_
i
x
p
i
_
=

i
x
p
i
,
so
f(X)
p
= a
p
0
X
pn
+ +a
p
n1
X
p
+a
p
n
= Fr(f)(X
p
).
9.2 Finite Fields
Consider the polynomial X
p
X over F
P
. We know that 1 is a root of this
polynomial, and since
(1 + + 1)
p
= 1
p
+ + 1
p
= 1 + + 1,
we see that every element of F
p
is a root. This gives p distinct roots, so
X
p
X = X(X 1)(X 2) (X p + 1) =

Fp
(X

).
Note that equating coecients of X gives (p 1)! (1)
p
mod p, and since
(1)
p
1 mod p for all primes p, we deduce Wilsons Theorem, that (p1)!
1 mod p.
Proposition 9.3. Let F/F
p
be a eld extension of degree n. Then this extension
is Galois with cyclic Galois group generated by the Frobenius homomorphism,
and the elements of F are precisely the roots of X
p
n
X, so
X
p
n
X =

F
(X ).
44
Proof. We know that F is a nite eld with p
n
elements. Now the Frobenius
homomorphism is a eld endomorphism of F, so injective, and hence bijective
since F is a nite set. Thus Fr is a eld automorphism of F. The xed eld of
Fr is the set of F such that
p
= , so the set of roots of X
p
X, which
is just the prime subeld F
p
. Thus, by Proposition 5.1, F/F
P
is Galois with
Galois group the cyclic group Fr). Since this group has order [F : F
p
] = n, we
have
Gal(F/F
p
) = Fr)

= Z/nZ.
Next, we know that Fr
n
= id on F, so every element F satises
p
n
= , so
is a root of X
p
n
X. Since F has p
n
elements, we deduce that this polynomial
splits over F as
X
p
n
X =

F
(X ).
Proposition 9.4. For each prime p and integer n 1 there exists a nite eld
with p
n
elements. It is a splitting eld extension of X
p
n
X over F
p
, so is
unique up to isomorphism
Proof. Let F/F
p
be a splitting eld extension of X
p
n
X. We rst observe that
the roots of f in F are all distinct. For, if is a repeated root, then over F
we can write f = (X )
2
g for some polynomial g. Taking derivatives gives
1 = (X )
_
2g + (X )g

_
, a contradiction by considering degrees.
Now consider the xed eld of the cyclic group Fr
n
). This consists of those
elements F satisfying
p
n
= , so equals the set of roots of f in F. Therefore
the set of roots of f form a subeld of F of size p
n
. Since F is a splitting eld
extension for f, it equals this xed eld, so F has size p
n
.
Conversely, if F has p
n
elements, then the proposition tells us that F is a
splitting eld extension of X
p
n
X.
Since all nite elds of size p
n
are isomorphic, we usually abuse notation and
denote any such eld by F
p
n.
We can now apply the Galois Correspondence to deduce that the intermediate
elds of F
p
n/F
p
are in bijection with the subgroups of the Galois group Fr)

=
Z/nZ. The subgroups are given as Fr
r
)

= Z/(n/r)Z for each r[n. This group
has index r, so the xed eld of Fr
r
has degree r over F
p
, and hence is isomorphic
to F
p
r .
This yields the following result.
Theorem 9.5. The nite eld F
p
n contains F
p
r as a subeld if and only if r
divides n, in which case F
p
n/F
p
r is Galois with cyclic Galois group generated
by Fr
r
: x x
p
r
.
In general we simplify notation by taking our base eld to be F
q
for some prime
power q = p
r
. Then each nite eld extension of F
q
is of the form F
q
n/F
q
, and
the Galois group is generated by Fr
q
: x x
q
.
45
Recall from Proposition 5.6 that if L/K is Galois with Galois group G, and if
L, then m
/K
splits over L and has distinct roots. Moreover, the roots are
all of the form () for some G.
Corollary 9.6. Let f F
q
[X] be irreducible of degree n. Then F
q
[X]/(f)

= F
q
n
is a Galois extension, and the roots of f are of the form
q
r
for 0 r < n,
where F
q
[X]/(f) denotes the image of X.
9.3 Irreducible Polynomials over Finite Fields
Proposition 9.7. Let q = p
r
be a prime power. Over F
q
we have the factori-
sation
X
q
n
X =

f monic,irred
deg(f)|n
f.
Proof. We have already seen that
X
q
n
X =

F
q
n
(X ).
On the other hand, consider the product g of all monic irreducible polynomials
over F
q
of degree dividing n. Let f be an irreducible factor of g, of degree r.
Then f splits into distinct linear factors over the subeld F
q
r of F
q
n, so also
over F
q
n. Hence g splits into distinct linear factors over F
q
n. Since deg(g) =
q
n
= [F
q
n[ we get that
g =

F
q
n
(X ),
proving that g = X
q
n
X.
Dene
d
(q) to be the number of monic irreducible polynomials of degree d over
F
q
. We wish to obtain a formula for
d
(q). For this we will need the Mobius
function (n), which is dened as follows:
(n) :=
_
(1)
r
if n = p
1
p
r
is a product of distinct primes;
0 if d
2
[n for some d 2.
We immediately see that (1) = 1 and that (mn) = (m)(n) provided m and
n are coprime (i.e. is a multiplicative function).
The following is a fundamental result.
Lemma 9.8.

d|n
(d) =
_
1 if n = 1;
0 if n 2.
46
Proof. Set N(n) :=

d|n
(d). Since is a multiplicative function, so too is
N. In other words, if m and n are coprime, then N(mn) = N(m)N(n). We are
reduced to the case of a prime power n = p
r
. Now N(1) = 1 whereas if r 1,
then N(p
r
) = (1) +(p) = 0.
The importance is revealed by the next result, which allows us to invert formulae
involving sums over divisors.
Lemma 9.9. Suppose we have functions f
n
and g
n
for all positive integers n.
Then
f
n
=

d|n
g
d
if and only if g
n
=

d|n

_
n
d
_
f
d
.
We now use this technique to obtain a formula for
n
(q).
Theorem 9.10.

n
(q) =
1
n

d|n
(d)q
n/d
.
Proof. We have from Proposition 9.7 that
X
q
n
X =

d|n

f monic,irred
deg(f)=d
f.
Comparing degrees we get
q
n
=

d|n
d
d
(q).
Inverting this formula (with f
n
= q
n
and g
n
= n
n
(q)), we obtain that
n
n
(q) =

d|n

_
n
d
_
q
d
=

d|n
(d)q
n/d
as required.
Examples
We know that
1
(q) = q, and the irreducible polynomials of degree 1 over F
q
are just the linear polynomials X for F
q
.
Next we have

2
(q) =
1
2
_
q
2
q
_
,
3
(q) =
1
3
_
q
3
q
_
,
4
(q) =
1
4
_
q
4
q
2
_
.
We can compute the irreducible polynomials over F
2
or F
3
using the Sieve of
Erastothenes, but taking irreducible polynomials over a nite eld instead of
prime numbers in the integers. (That this method works is due to the fact that
K[X], like Z, is a Euclidean domain.)
47
We have the following irreducible polynomials over F
2
.
X
2
+X + 1
X
3
+X + 1, X
3
+X
2
+ 1
X
4
+X + 1, X
4
+X
3
+ 1, X
4
+X
3
+X
2
+X + 1.
Over F
3
we have three irreducible quadratics.
X
2
+ 1, X
2
+X 1, X
2
X 1.
48
Chapter 10
Separable Extensions
Recall from Proposition 5.6 that if L/K is Galois, then for every L, its
minimal polynomial over K has distinct roots in L. In this chapter we investigate
this property further.
10.1 Separable Polynomials
We call an irreducible polynomial f K[X] separable over K if f has distinct
roots in a splitting eld extension. Since splitting eld extensions are unique
up to isomorphism, this denition depends only on f and K. We say that a
general polynomial f K[X] is separable over K if each irreducible factor is
separable over K.
Changing perspective, let L/K be an algebraic eld extension and L. We
say that is separable over K if its minimal polynomial m
/K
is separable over
K. We say that L/K itself is separable if each L is separable over K.
We start by giving a criterion for when an irreducible polynomial is separable.
Theorem 10.1. Let f K[X] be irreducible. Then the following are equivalent.
1. f is inseparable over K.
2. gcd(f, f

) ,= 1.
3. f

= 0.
4. char(K) = p > 0 and f(X) = g(X
p
) for some g K[X] (necessarily
irreducible).
Proof. (1) (2) Let L/K be a splitting eld extension for f. Since f has a
repeated root in L, say , we can can write f = (X )
2
g for some g L[X].
Taking derivatives gives f

= (X)
_
2g +(X)g

_
, so that is again a root
of f

. Hence m
/K
divides both f and f

over K, so gcd(f, f

) ,= 1.
49
(2) (3) Since f is irreducible, if gcd(f, f

) ,= 1, then it must equal f. There-

fore f divides f

but deg(f) > deg(f

). This can only happen if f

= 0.
(3) (4) Write f =

n
a
n
X
n
K[X]. Then 0 = f

=

n
na
n
X
n1
, so
na
n
= 0 K for all n. If char(K) = 0, then a
n
= 0 for all n 1, so that
f = a
0
K is constant, contradicting the assumption that f is irreducible.
Thus char(K) = p > 0 and a
n
= 0 unless p[n, so that f(X) = g(X
p
) with g =

r
a
pr
X
r
K[X]. To see that g is irreducible, suppose that g = g
1
g
2
K[X].
Then f(X) = g(X
p
) = g
1
(X
p
)g
2
(X
p
) K[X], so f irreducible implies one of
the g
i
is constant, and so g is irreducible.
(4) (1) Let char(K) = p > 0 and f(X) = g(X
p
) K[X]. Let L/K be the
splitting eld extension for f. If L is a root of f, then 0 = f() = g(
p
), so

p
is a root of g. Thus X
p
divides g over L, which implies that X
p

p
=
(X )
p
divides g(X
p
) = f(X). Thus is a repeated root of f in L, so f is
inseparable.
We call a eld K perfect if every irreducible polynomial f K[X] is separable.
We observe that all elds of characteristic 0 are separable. Also, all algebraically
closed elds are perfect (since all irreducible polynomials are linear). Finally, it
follows from Corollary 9.6 that all nite elds are perfect.
It is instructive to see an example of an inseparable eld extension.
Lemma 10.2. Let K be a eld of characteristic p > 0, and let K. Then
the polynomial X
p
is either irreducible, or else factors as (X )
p
.
Proof. Let L/K be a splitting eld extension for X
p
, and let L be
a root of this polynomial. Then
p
= , so over L we have the factorisation
X
p
= (X )
p
. By unique factorisation in K[X], any irreducible factor of
X
p
must be of the form (X )
m
for some 1 m p. In particular, the
constant term
m
must lie in K.
Suppose
m
K for some 1 < m < p. Since p is prime there exist integers a, b
with ap + bm = 1. Then
a
(
m
)
b
=
ap+bm
= K. Therefore either K
and X
p
= (X )
p
over K, or else X
p
is irreducible over K.
Proposition 10.3. Consider the transcendental extension F
p
(x)/F
p
. Let y =
x
p
. Then the minimal polynomial of x over F
p
(y) is X
p
y, and the eld
extension F
p
(x)/F
p
(y) is inseparable of degree p.
Proof. Clearly x is a root of m = X
p
y, so by the previous lemma we just
need to prove that x , F
p
(y).
Note that y is transcendental over F
p
. So, if x F
p
(y), then there exist polyno-
mials f, g F
p
[X] such that x = f(y)/g(y), or equivalently f(y) = g(y)x. Since
y = x
p
, this gives f(x
p
) = g(x
p
)x. As x is transcendental over F
p
, this implies
f(X
p
) = g(X
p
)X in F
p
[X], a contradiction by comparing degrees.
1
1
Alternatively, apply Exercise Sheet 4, Question (7).
50
We next want to show that the set of separable elements in a eld extension
L/K forms an intermediate eld.
Lemma 10.4. Let K be a eld of characteristic p > 0, and let L/K be a eld
extension. For L, algebraic over K, we have the following dichotomy.
1. is separable over K if and only if [K() : K(
p
)] = 1.
2. is inseparable over K if and only if [K() : K(
p
)] = p.
Proof. If is separable over K, then it is separable over any intermediate eld
E of L/K. For, m
/E
divides m
/K
, so also has distinct roots in a splitting eld
extension. In particular, is separable over K(
p
). On the other hand, the
minimal polynomial of over K(
p
) divides X
p

p
, and by Lemma 10.2 this
polynomial is either irreducible, so is inseparable over K(
p
), or else factors
as (X )
p
, so K(
p
). We deduce that [K() : K(
p
)] = 1.
Conversely, if is inseparable over K, then m
/K
(X) = f(X
p
) for some monic
irreducible polynomial f K[X]. Since
p
is a root of f, we see that f =
m

p
/K
, so that [K(
p
) : K] = deg(f) and [K() : K] = deg(m) = p deg(f).
Thus [K() : K(
p
)] = p.
Theorem 10.5. Let L/K be a eld extension and write L
sep/K
for the set of
elements L which are separable over K. Then L
sep/K
is an intermediate
eld of L/K, and is a separable eld extension of K.
Proof. This is trivial when char(K) = 0, so let char(K) = p > 0. Clearly each
element of K is separable over K, so K L
sep/K
. It remains to show that
L
sep/K
is a closed under sums, products and inverses, so is a subeld of L. In
other words, we need to show that if , L
sep/K
with non-zero, then
and
1
are all separable over K.
Let be any one of these elements. Then K(, ) = K(, ), and by applying
the Frobenius homomorphism we also have K(
p
,
p
) = K(
p
,
p
). Now is
separable over K, so it is also separable over any intermediate eld E of L/K,
and so E(
p
) = E() by the previous lemma. Similarly is separable over K,
so K(
p
) = K(). Combining these results for E = K() gives K(
p
,
p
) =
K(, ). We deduce that K(
p
,
p
) = K(, ), so by the Tower Law
[K() : K(
p
)] =
[K(, ) : K(
p
)]
[K(, ) : K()]
=
[K(
p
,
p
) : K(
p
)]
[K(, ) : K()]
.
Finally, let m be the minimal polynomial of over K(). Applying the Frobe-
nius homomorphism we have Fr(m)(X
p
) = m(X)
p
, so
p
is a root of Fr(m).
Since m K()[X] we see that Fr(m) K(
p
)[X]. Therefore the minimal
polynomial n of
p
over K(
p
) divides Fr(m), so
[K(
p
,
p
) : K(
p
)] = deg(n) deg(Fr(m)) = deg(m) = [K(, ) : K()].
Thus [K() : K(
p
)] 1, so K() = K(
p
) and is separable over K.
51
10.2 Characterisation of Galois Extensions
We now come to an important result, which states that a nite eld extension
is Galois if and only if it is separable and normal. This characterisation is often
taken to be the denition of a Galois extension, but the approach we have taken
has the benet of emphasising the symmetries of a Galois extension.
Theorem 10.6. Let L/K be a eld extension. The following are equivalent.
1. L/K is Galois.
2. L/K is nite, separable and normal.
3. L/K is a splitting eld extension of a separable polynomial f K[X].
Proof. (1) (2) Let L/K be Galois. Then it is necessarily nite. Furthermore,
we saw in Proposition 5.6 that for each L, its minimal polynomial m
/K
splits into distinct linear factors over L. Thus L/K is also separable and normal.
(2) (3) Let L/K be nite, separable and normal. Then it is a splitting eld
extension for some polynomial f K[X] by Theorem 8.4. Let m be a monic
irreducible factor of f, and let L be a root of m. Then m is necessarily the
minimal polynomial of over K, so is separable by assumption. Thus f is a
separable polynomial.
(3) (1) Let f K[X] be a separable polynomial, and let L/K be a splitting
eld extension for f. We are going to prove that L/K is Galois by induction on
the degree [L : K]. Set G := Gal(L/K) and let E be the xed eld of G.
Let L K be a root of f, so m := m
/K
is a separable polynomial. Then
L/K() is again a splitting eld extension for f, but of smaller degree, so is
Galois by induction. Then Gal(L/K()) G is a subgroup, so the xed eld
of G is contained in the xed eld of Gal(L/K()); that is, E K().
Set n + 1 := [K() : K]. Given E K() we can write
= a
0

n
+ +a
n1
+a
n
for some a
i
K.
Set g := a
0
X
n
+ +a
n1
X + (a
n
) E[X].
Let L be a root of m. We claim that g() = 0. By Artins Extension
Theorem there exists a K-isomorphism : K()

K(), . Now L/K()
is also a splitting eld extension for f = (f), so by Theorem 8.2 there exists a
eld automorphism of L extending . Since is a K-isomorphism, so too is ,
and hence Gal(L/K).
By assumption xes every element of E, and also that () = . Therefore
= () = a
0

n
+ +a
n1
+a
n
,
so g() = 0 as required.
Since m has n + 1 distinct roots but deg(g) n we deduce that g = 0, so
= a
n
K. Thus E = K and L/K is Galois by Proposition 5.1.
52
Corollary 10.7. Let L/K be a nite, separable eld extension. Then L/K is
simple. In particular, all Galois extensions are simple.
Proof. Let L = K(
1
, . . . ,
n
), let m
i
be the minimal polynomial of
i
over
K, and let m = m
1
m
n
. Since L/K is separable, each
i
is separable over
K, so each m
i
is an irreducible separable polynomial. Hence m is a separable
polynomial.
Now, if M/L is the normal closure for L/K, then M/K is a splitting eld ex-
tension for m, so is Galois by the theorem. By the Fundamental Theorem,
the intermediate elds of M/K are in bijection with the subgroups of the Ga-
lois group. Thus there are only nitely many intermediate elds of M/K, so
there can be only nitely many subelds of L/K. Hence L/K is simple by the
Primitive Element Theorem.
In the exercises we will construct a nite eld extension L/K which has innitely
many intermediate elds, and hence is not simple.
Another important consequence of the theorem is that we can view Galois groups
as transitive subgroups of symmetric groups. If f K[X] is a separable poly-
nomial, we write Gal(f) for the Galois group of a splitting eld extension L/K
for f. This is well-dened by Theorem 8.2.
Proposition 10.8. Let f K[X] be a separable irreducible polynomial of degree
n. Then the action of Gal(f) on the roots of f induces an injective group
homomorphism Gal(f) Sym
n
with image a transitive subgroup.
Proof. Let L/K be a splitting eld extension for f, so a Galois extension by
the theorem. If
1
, . . . ,
n
are the roots of f in L, then L = K(
1
, . . . ,
n
),
so the action of Gal(f) = Gal(L/K) is completely determined by its action on
the roots of f. This yields an injective group homomorphism Gal(f) Sym
n
.
Finally, Gal(f) acts transitively on the roots of f by Corollary 5.7, so its image
in Sym
n
must be a transitive subgroup.
This result restricts the possible Galois groups quite considerably. For example,
if f Q[X] is an irreducible cubic, then Gal(f) is isomorphic to either Z/3Z or
Sym
3
. If f Q[X] is an irreducible quartic, then Gal(f) is isomorphic to one
of
Sym
4
, Alt
4
, D
8
, Z/4Z, (Z/2Z)
2
.
The group D
8
is the dihedral group with 8 elements, or the symmetry group
of a square. We can view it as a transitive subgroup of Sym
4
by taking
(1234), (12)(34)). The group V := (Z/2Z)
2
is often called the Klein four group
(Kleinsche Vierergruppe), and can be viewed as a transitive subgroup of Sym
4
by taking (12)(34), (13)(24)).
53
As an example of how useful this is, consider the following result.
Proposition 10.9. Let p be a prime. The only transitive subgroup of Sym
p
containing a transposition is Sym
p
itself.
In particular, if f Q[X] is an irreducible polynomial of degree p having pre-
cisely two non-real roots, then Gal(f)

= Sym
p
.
Proof. Let G Sym
p
be a transitive subgroup. Then G acts transitively on the
set 1, 2, . . . , p, so by the Orbit-Stabiliser Theorem, H = Stab
G
(1) has index
p in G. Thus p divides [G[, so G contains an element of order p, and hence a
p-cycle , by Cauchys Theorem.
Suppose further that G contains a transposition (1 a). Note that, for some
1 r < p we have
r
= (1 a ), and that this is again a p-cycle. Relabelling,
we may assume that G contains (1 2) and (1 2 p). Conjugating the trans-
position shows that G also contains (i i + 1) for all i, and we know that these
transpositions generate the full symmetric group. Thus G = Sym
p
.
Now let f Q[X] be irreducible of degree p, and having precisely two complex
roots. Then Gal(f) Sym
p
is a transitive subgroup. Moreover, complex con-
jugation xes f, so permutes the roots of f, and hence acts as a transposition.
Thus Gal(f) contains a transposition, so Gal(f) = Sym
p
.
For example, the Galois group of f = X
5
4X + 2 Q[X] is Sym
5
. For, f is
irreducible by Eisenstein, and has precisely three real roots, as seen by drawing
its graph. We can therefore apply the proposition.
2 1 0 1 2
X
5
4X + 2
10.3 Changing the Base Field
Let E and F be intermediate elds of a eld extension L/K. It is often useful to
be able to translate results about the eld extension E/K to the eld extension
EF/F, which we call base change.
54
Theorem 10.10. Let L/K be a eld extension, and E, F intermediate elds.
1. If E/K is Galois, then so is EF/F, and Gal(EF/F) is isomorphic to the
subgroup Gal(E/E F) of Gal(E/K).
2. If both E/K and F/K are Galois, then so too are EF/K and E F/K.
If E F = K, then Gal(EF/K) is isomorphic to the direct product
Gal(E/K) Gal(F/K).
Proof. 1. Since E/K is Galois, it is a splitting eld extension of some separable
polynomial f K[X] by Theorem 10.6. Then EF/F is a splitting eld extension
of f, now viewed in F[X], so is Galois by the same theorem.
Now let Gal(EF/F). Then is completely determined by its action on the
roots of f, and all of these lie in E. So restricts to a K-automorphism of E,
inducing an injective map Gal(EF/F) Gal(E/K), which is easily seen to be
a group homomorphism.
Finally, let G Gal(E/K) be the image of Gal(EF/F). Then x E is xed by
G if and only if x EF is xed by Gal(EF/F), which is if and only if x F.
Thus the xed eld of G is E F, so G = Gal(E/E F).
2. Suppose that F/K is also Galois, so a splitting eld extension of some sep-
arable polynomial g K[X]. Then EF/K is a splitting eld extension of fg,
which is separable, so EF/K is Galois.
Since EF/K is nite and separable, so too is E F/K. To see that the latter
eld extension is also normal, and hence Galois, take E F. Then m
/K
splits over E, since E/K is normal, and similarly also over F/K. Therefore all
the roots of m
/K
necessarily lie in E F, so m
/K
splits over E F.
Assume now that E F = K. As in (1), restriction to E yields a group ho-
momorphism Gal(EF/K) Gal(E/K). For, E/K is a splitting eld extension
of f and any Gal(EF/K) must permute these roots, so restricts to an
automorphism of E. Similarly, F/K is a splitting eld for g, so restriction to F
yields a group homomorphism Gal(EF/K) Gal(F/K). Together these give
a group homomorphism
: Gal(EF/K) Gal(E/K) Gal(F/K).
Since EF/K is a splitting eld extension for fg, any Gal(EF/K) is com-
pletely determined by its action on the roots of f and g, so by its restrictions
to E and F. Thus is injective. Finally, by (1) we know that
[EF : F] = [ Gal(EF/F)[ = [ Gal(E/E F)[ = [ Gal(E/K)[ = [E : K],
so by the Tower Law
[EF : K] = [EF : F][F : K] = [E : K][F : K]
and hence
[ Gal(EF/K)[ = [ Gal(E/K)[[ Gal(F/K)[.
This implies that must be a bijection, and hence a group isomorphism.
55
Corollary 10.11. Let L/K be a eld extension, and E and F intermediate
elds. If E/K is Galois, then [EF : F] divides [E : K].
Proof. By part (1) of the theorem we have
[EF : F] = [ Gal(EF/F)[ = [ Gal(E/E F)[ = [E : E F],
which divides [E : K] by the Tower Law.
This result is not true if E/K is not Galois. For example, let E = Q(
3

2) and
F = Q(
3

2), where is a primitive cube root of unity. Then EF = Q(

3

2, ),
so [E : Q] = [F : Q] = 3 and [EF : Q] = 6, whence [EF : F] = 2.
56
Chapter 11
Cyclotomic and Cyclic
Extensions
In this chapter we shall examine two special types of eld extensions cyclo-
tomic extensions, given by adjoining a primitive n-th root of unity, and cyclic
extensions, given by adjoining an arbitrary n-th root under the assumption
that the base eld already contains a primitive n-th root of unity. Both of
these cases are relatively easy to study, and have far reaching generalisations to
abelian Kummer theory and class eld theory.
11.1 Cyclotomic Extensions
Recall that K is called a primitive n-th root of unity if
n
= 1 but

d
,= 1 for all 1 d < n. For example we could take = exp(2i/n) C.
Let K be a primitive n-th root of unity. We make the following observations.
1. The n numbers
r
for 1 r n are all distinct. For, if
r
=
s
with
1 r < s n, then
sr
= 1 and 1 s r < n, contradicting the fact
that was a primitive n-th root of unity.
2. The set
n
:=
r
: 1 r n is a cyclic group under multiplication,
generated by . Hence
n
is isomorphic to the additive group Z/nZ.
3. If 1 r n, then
r
is a primitive n/d-th root of unity, where d =
gcd(r, n).
4.
n
contains
d
for all d[n. In particular, if is an n/d-th root of unity,
then =
ds
for some 1 s n/d.
57
We dene the n-th cyclotomic polynomial as

n
(X) :=

1rn
gcd(r,n)=1
(X
r
) =

primitive n-th
root of unity
(X ).
We therefore have the factorisation
X
n
1 =

1rn
(X
r
) =

d|n

d
(X).
Note also that deg(
n
) = (n), where (n) is Eulers totient (or phi) function
(n) = [1 r n : gcd(r, n) = 1[.
Theorem 11.1. The polynomial
n
(X) lies in Z[X] and is irreducible.
If C is a primitive n-th root of unity, then Q()/Q is Galois with abelian Ga-
lois group. In fact, Gal(Q()/Q)

= (Z/nZ)

via
r
() :=
r
for r (Z/nZ)

.
Proof. We rst observe that each
d
(X) is monic. By induction we may assume

d
(X) Z[X] for d < n. Since

d|n

d
(X) = X
n
1, the Division Algorithm
tells us
n
(X) Q[X], and then Gausss Lemma gives that
n
(X) Z[X].
Now let f Q[X] be the minimal polynomial of , a primitive n-th root of
unity. We claim that if is any root of f, then so is
p
for all primes p n. It
will follow that
r
is a root of f for all 1 r n with gcd(r, n) = 1, and hence
that
n
(X) = f is irreducible.
Since is a root of X
n
1, we can write X
n
1 = f(X)g(X). Again, both
polynomials are monic with rational coecients, so Gausss Lemma tells us
that f, g Z[X]. Let be a root of f, p a prime not dividing n and assume
for contradiction that
p
is not a root of f. Then
p
must be a root of g(X),
so that is a root of g(X
p
). Since f is the minimal polynomial of , it divides
g(X
p
). Hence g(X
p
) = f(X)h(X), and by Gausss Lemma once more we see
that h Z[X] and is monic.
We now reduce coecients modulo p. Denote by

f, g and

h respectively the
images of f, g and h in F
p
[X]. By Lemma 9.2 we have g(X)
p
= g(X
p
) =

f(X)

h(X). Thus gcd(

f, g) ,= 1. Since X
n
1 =

f(X) g(X), we see that X
n
1
has repeated roots. It follows that X
n
1 and its derivative nX
n1
have a
common divisor, but since p n this cannot happen, proving the claim.
We have shown that
n
(X) is the minimal polynomial of over Q. Thus
[Q() : Q] = deg(
n
) = (n). Since all n-th roots of unity (primitive or not)
are powers of , we see that Q()/Q is the splitting eld extension of
n
(or
equivalently of X
n
1). Hence Q()/Q is Galois.
Let G = Gal(Q()/Q), so [G[ = (n). By Artins Extension Theorem the
elements of G are in bijection with the roots of
n
, so are all of the form
r
:

r
for some 1 r n coprime to n. Consider the bijection (Z/nZ)

G,
r
r
. Since 1
1
= id and
r

s
() =
r
()
s
=
rs
, this map is a group
isomorphism.
58
Recall from Proposition 9.3 that every nite extension of a nite eld is Galois
with cyclic Galois group.
Theorem 11.2. Let K = F
q
be a nite eld and L/K a splitting eld extension
of X
n
1. Then L contains a primitive n-th root of unity if and only if the
characteristic of K does not divide n, in which case L/K has degree d, where d
is the order of q modulo n, so Gal(L/K) (Z/nZ)

.
Proof. Suppose rst that p := char(K) divides n, say n = pm. Let L be an
n-th root of unity. Then
m
is a root of X
p
1 = (X 1)
p
, so
m
= 1. Hence
L cannot contain a primitive n-th root of unity.
Conversely, suppose that p does not divide n. Then q (Z/nZ)

, so let d be
the order of q in this group. Note that Z/dZ

= q) (Z/nZ)

. Let M/K be
a eld extension of degree e, so M has size q
e
. Now, X
n
1 is coprime to its
derivative, so has no repeated roots in a splitting eld extension. Therefore, by
Proposition 9.7, X
n
1 splits over M if and only if X
n
1 divides X
q
e
1
1,
which is if and only if n divides q
e
1, and hence if and only if d divides e.
Therefore the splitting eld extension L of X
n
1 must be F
q
d.
Finally, we know from Lemma 3.6 that L

is cyclic, say with generator . Thus

has order q
d
1 = mn, so =
m
has order n, so is a primitive n-th root of
unity.
Corollary 11.3. Let L/K be a eld extension, and suppose L is a primitive
n-th root of unity. Then K()/K is Galois, and Gal(K()/K) (Z/nZ)

.
Proof. Let k be the prime subeld of K. Then k()/k is Galois with Galois
group a subgroup of (Z/nZ)

, by Theorem 11.1 in characteristic zero or by

Theorem 11.2 in positive characteristic. Then K() is the compositum of K
and k(), so K()/K is Galois with Gal(K()/K) isomorphic to a subgroup of
Gal(k()/k) by Theorem 10.10.
Since we will need this result later, we now show that the compositum of two
cyclotomic eld extensions is again cyclotomic.
Lemma 11.4. Let L/K be a eld extension containing a primitive m-th root
of unity and a primitive n-th root of unity . Set d := gcdm, n and l :=
lcmm, n. Then L contains a primitive l-th root of unity , and K(, ) =
K().
Proof. We begin by adjoining a primitive l-th root of unity to L. Then ,
K(). Conversely, for some integers r and s we have
l/m
=
r
and
l/n
=
s
.
By Euclids Algorithm we can nd integers a and b such that am + bn = d.
Then, using that mn = dl, we see that
br

as
=
(am+bn)/d
= , so K(, ).
Thus K(, ) = K().
59
11.2 Hilberts Theorem 90
Let L/K be a Galois eld extension with Galois group G. The trace and norm
of in L/K are given by
Tr
L
K
() :=

G
() and N
L
K
() :=

G
().
We observe that
Tr
L
K
( +) = Tr
L
K
() + Tr
L
K
() and N
L
K
() = N
L
K
() N
L
K
(),
so that Tr
L
K
: L K is an additive group homomorphism, and N
L
K
: L

is a multiplicative group homomorphism.

Theorem 11.5 (Hilberts Theorem 90). Let L/K be Galois with Galois group
Gal(L/K)

= Z/nZ. Let be a generator for Gal(L/K). Then for L we
have N
L
K
() = 1 if and only if there exists L such that = ()/.
Proof. Suppose that = ()/. Then
N
L
K
() = ()
n1
() =
()

2
()
()


n
()

n1
()
=

n
()

= 1.
Conversely, suppose that N
L
K
() = 1. Dene

i
:=
i
()
n1
() =
1
()
i1
()
.
By the Linear Independence of Characters the
i
are linearly independent over
L. Hence there exists L such that
:=
n1

i=0

i
() ,= 0.
Now, (
i
) =
i+1
and
0
=
n
= 1. Therefore
() =
n1

i=0
(
i
)
i+1
() =
n1

i=0

i+1

i+1
() =
n

i=1

i
() = ,
so = ()/ as required.
Pythagorean Triples
As a cute application of this we can prove that every Pythagorean triple (x, y, z),
that is, integers x, y, z such that x
2
+y
2
= z
2
, is of the form
(x, y, z) = c(a
2
b
2
, 2ab, a
2
+b
2
) a, b Z coprime, 2c Z.
60
For, let us consider the eld of Gaussian numbers Q(i). This is a quadratic
extension of Q, so has Galois group Z/2Z, induced by complex conjugation,
and Q contains a primitive second root of unity, namely 1.
Note that the norm of = x +yi (with x, y Q) is N() = (x +yi)(x yi) =
x
2
+y
2
.
Therefore by Hilberts Theorem 90 we see that x
2
+y
2
= 1 if and only if there
exists = a bi with
x +yi =
a +bi
a bi
=
(a
2
b
2
) + 2abi
a
2
+b
2
.
Therefore every rational solution to x
2
+y
2
= 1 is of the form
(x, y) =
_
a
2
b
2
a
2
+b
2
,
2ab
a
2
+b
2
_
.
Now, (x, y, z) is a Pythagorean triple if and only if (x/z) + (y/z)i has norm 1.
Therefore there exist rational numbers a, b with x/z = (a
2
b
2
)/(a
2
+ b
2
) and
y/z = 2ab/(a
2
+b
2
). Clearing denominators and removing common factors, we
may even assume that a, b Z are coprime. Therefore (x, y, z) is a Pythagorean
triple if and only if there exist coprime integers a, b and a rational number c
such that
(x, y, z) = c(a
2
b
2
, 2ab, a
2
+b
2
).
Finally, since x, y, z are integers, the denominator of c must divide both a
2
b
2
and a
2
+ b
2
, and hence must divide their sum 2a
2
and dierence 2b
2
. Since a
and b are coprime we see that the denominator of c is at most 2, so 2c Z.
11.3 Cyclic Extensions
A Galois extension L/K is called cyclic if its Galois group is cyclic. We will
now study cyclic extensions under the assumption that the base eld has enough
roots of unity.
Proposition 11.6. Let L/K be a cyclic Galois extension of degree n, and
assume that K contain a primitive n-th root of unity. Then L/K is a splitting
eld extension of some X
n
a K[X].
Proof. Let be a generator for the Galois group. If K is a primitive n-th
root of unity, then () = , so N
L
K
() =
n
= 1. By Hilberts Theorem 90 there
exists L with = ()/. Thus () = , so
r
() =
r
. Then has n
conjugates in L, so K()/K has degree n, and hence L = K(). Moreover, the
minimal polynomial of over K is
m
/K
=

r
(X
r
) =
n

r
((X/)
r
) =
n
((X/)
n
1) = X
n

n
.
Therefore
n
= a K and L/K is a splitting eld extension of X
n
a.
61
Importantly, the converse also holds.
Proposition 11.7. Let L/K be a splitting eld extension of some X
n
a
K[X], and assume that K contains a primitive n-th root of unity. Then L/K
is Galois with cyclic Galois group of order dividing n.
Proof. Let L be a root of X
n
a. Then the other roots are just
r
, where
K is a primitive n-th root of unity. Therefore L = K(). Moreover, since
X
n
a has distinct roots it is a separable polynomial, so L/K is Galois by
Theorem 10.6.
Now, the minimal polynomial m of over K divides X
n
a, so the roots of
m are given by
r
for r in some subset R Z/nZ containing 0. By Artins
Extension Theorem the elements of the Galois group G = Gal(L/K) are of
the form
r
:
r
for r R. Finally,
r

s
() =
r+s
=
r+s
(), and

1
r
() =
r
=
r
(). Therefore R Z/nZ is a subgroup, and the bijection
R G, r
r
, is a group isomorphism.
This proves that the Galois group of L/K is cyclic of order dividing n.
62
Chapter 12
Radical Extensions
We now come back to our motivating question of whether we can express the
roots of an irreducible polynomial as radical expressions in the coecients of
the polynomial. This has a beautiful answer in terms of the structure of the
Galois group: an irreducible polynomial f over a eld of characteristic zero is
solvable by radicals if and only if Gal(f) is a solvable group.
The main diculty in the proof is that the base eld usually does not contain
enough roots of unity. We therefore have to adjoin these in order to make our
deductions. Finally we show that every root of unity has a radical expression,
nishing the proof.
12.1 Radical Extensions
Informally, if L/K is a eld extension, then a radical expression of L is
one involving only the elements of K, the eld operations +, , , and n-th
roots. For example, the following element
=
11

3
7
_

2 + 9
3

15 12
4
_
1 +
5

6
is a radical expression for over Q.
More precisely, we say that a eld extension L/K is radical if there exists a
tower
K = K
0
K
1
K
r
= L
such that each eld extension K
i
/K
i+1
is given by extracting an n
i
-th root, so
K
i
= K
i1
(
i
) is simple and
ni
i
K
i1
. We call such a tower a radical tower
for L/K. Note that all radical extensions are necessarily nite.
Given a radical tower L = K
r
/ /K
1
/K
0
= K for L/K, there exists an integer
n such that each K
i
/K
i1
is given by extracting an n-th root. For, we know
that K
i
= K
i1
(
i
) with
ni
i
K
i1
. Let n = lcm(n
1
, . . . , n
r
). Then n
i
divides
63
n, so
n
i
K
i1
. We will call such an integer n an exponent for the radical
extension L/K. (N.B. This is non-standard terminology, but useful.)
We will need two properties about radical extensions. The rst concerns base
change, the second, normal closures.
Lemma 12.1. Let L/K be a eld extension, and E and F intermediate elds.
If E/K is radical of exponent n, then so is EF/F.
Proof. Let
K = K
0
K
1
K
r
= E
be a radical tower of exponent n. Write K
i
= K
i1
(
i
) where
n
i
K
i1
. Set
F
i
:= FK
i
. Then F
i
= F
i1
(
i
) and
n
i
F
i1
. Hence
F = F
0
F
1
F
r
= EF
is a radical tower for EF/F of exponent n.
Proposition 12.2. Let M/L be a normal closure of L/K. If L/K is radical of
exponent n, then so is M/K.
Proof. Let
K = K
0
K
1
K
r
= L
be a radical tower of exponent n. Write K
i
= K
i1
(
i
) with
n
i
K
i1
.
Let M/L be a normal closure of L/K and set M
i
to be the normal closure of
K
i
/K inside M. Observe that K
i
= K(
1
,
2
, . . . ,
i
), so if m
i
is the minimal
polynomial of
i
over K, then M
i
/K is the splitting eld extension of f
i
:=
m
1
m
2
m
i
inside M. In particular, M
i
/M
i1
is the splitting eld extension
of m
i
inside M, so M
i
is generated over M
i1
by the roots of m
i
.
We claim that each M
i
/M
i1
is radical of exponent n, so by concatenating their
radical towers we will obtain a radical tower for M/K of exponent n. In fact,
we will show that if
i
is any other root of m
i
, then
n
i
M
i1
.
By Artins Extension Theorem there is a K-isomorphism : K(
i
) K(
i
)
sending
i
to
i
. Since M
i
/K is the splitting eld extension of f
i
, so too
are M
i
/K(
i
) and M
i
/K(
i
). Also, f
i
K[X], so (f
i
) = f
i
. Therefore, by
Theorem 8.2, there is a K-automorphism of M
i
extending .
Finally, M
i1
/K is the unique splitting eld extension of f
i1
inside M and
(f
i1
) = f
i1
. It follows that induces a K-automorphism of M
i1
. Thus

n
= (
n
) M
i1
as required.
Warning
If L/K is radical and E is an intermediate eld, then E/K is not in general
radical. This is not surprising: just because every element of E has a radical
64
expression, we do not expect that every element which can be expressed using
the same radicals necessarily lies in E.
For this reason we make the following denition. A polynomial f K[X]
is solvable by radicals if there exists a radical extension M/K containing
every root of f. Since normal closures of radical extensions are again radical,
Proposition 12.2, we may even assume that M/K is normal, so contains a
splitting eld extension L for f. We do not require that L/K is itself radical.
12.2 Solvable Groups
Before we continue, we will need to recall some facts about solvable groups.
Given a nite group G, a chain of subgroups 1 = G
r
G
0
= G is
called a subnormal series if G
i
G
i+1
for all i. The factor groups G
i1
/G
i
are called the subquotients of the subnormal series. A chain is called a normal
series if each G
i
is a normal subgroup of G. (Some authors call a subnormal
series a normal series, but then have no name for a normal series.)
A nite group G is called solvable provided there exists a subnormal series
for G such that all subquotients are cyclic. We observe that a simple group is
solvable if and only if it is cyclic of prime order.
We say that a chain of subgroups 1 = G

n
G

0
= G is a renement
of a chain 1 = G
m
G
0
= G provided that each G
i
occurs as some G

j
.
Lemma 12.3. A group is solvable if and only if it has a subnormal series
whose subquotients are all cyclic of prime order, which is if and only if it has a
subnormal series whose subquotients are all abelian.
Proof. All nite abelian groups are direct products of cyclic groups, and all
cyclic groups have a normal series whose subquotients are cyclic of prime order.
Thus, given a subnormal series with abelian subquotients, we can rene it to a
subnormal series whose subquotients are cyclic of prime order.
The next two propositions show that subnormal series pass to subgroups and
to quotient groups.
Proposition 12.4. Let G be a nite group and let 1 = G
r
G
0
= G be
a subnormal series for G. If H G is a subgroup, then setting H
i
:= H G
i
gives a subnormal series 1 = H
r
H
0
= H for H. Moreover, H
i1
/H
i

G
i1
/G
i
.
In particular, G solvable implies H solvable.
Proof. We have H
i1
G
i1
, G
i
G
i1
and H
i
= H
i1
G
i
, so by the Second
Isomorphism Theorem, H
i
H
i1
and H
i1
/H
i

= (H
i1
G
i
)/G
i
G
i1
/G
i
.
For the second part we observe that subgroups of abelian (respectively cyclic)
groups are again abelian (respectively cyclic).
65
Proposition 12.5. Let G be a nite group and let 1 = G
r
G
0
= G
be a subnormal series for G. If H G is a normal subgroup, then setting

G
i
:= (G
i
H)/H gives a subnormal series 1 =

G
r


G
0
= G/H for G/H.
Moreover, G
i1
/G
i


G
i1
/

G
i
.
In particular, G solvable implies G/H solvable.
Proof. We rst observe that G
i
H G
i1
H is a normal subgroup. This can be
done using the Isomorphism Theorems, but it is just as easy to prove it directly.
Let xy G
i
H, where x G
i
and y H. Similarly let gh G
i1
H, where
g G
i1
and h H. Then
(gh)(xy)(gh)
1
= ghxyh
1
g
1
= (gxg
1
)g
_
(x
1
hx)yh
1
_
g
1
.
Since G
i
G
i1
we have gxg
1
G
i
; since H G we have x
1
hx H,
so (x
1
hx)yh
1
H, and hence g
_
(x
1
hx)yh
1
_
g
1
H. This proves that
G
i
H G
i1
H.
It now follows from the Third Isomorphism Theorem that

G
i
= (G
i
H)/H is a
normal subgroup of

G
i1
= (G
i1
H)/H, with quotient

G
i1
/

G
i

= (G
i1
H)/(G
i
H).
This in turn is isomorphic to G
i1
/(G
i1
(G
i
H)) by the Second Isomorphism
Theorem, since G
i1
H = G
i1
(G
i
H).
We therefore have an epimorphism G
i1
G
i1
/(G
i1
G
i
H)

=

G
i1
/

G
i
.
As G
i
lies in the kernel, the First Isomorphism Theorem gives an epimorphism
G
i1
/G
i


G
i1
/

G
i
as required.
The second part follows as in the previous proposition, since quotients of abelian
(respecively cyclic) groups are again abelian (respectively cyclic).
Theorem 12.6. Let H G be nite groups. Then G is solvable if and only if
both H and G/H are solvable.
Proof. Using the propositions above, it only remains to prove that if H and G/H
are both solvable, then G is solvable. Denote by : G G/H the canonical
epimorphism.
Let 1 =

G
s


G
0
= G/H be a subnormal series for G/H and let
1 = H
r
H
s
= H be a subnormal series for H. Dene G
i
:=
1
(

G
i
)
for 0 i s and G
i
:= H
i
for s i r. Since
1
(

G
s
) = H, this denition is
consistent.
Then 1 = G
r
G
0
= G is a subnormal series for G. Moreover, G
i1
/G
i

=
H
i1
/H
i
for s < i r and G
i1
/G
i

=

G
i1
/

G
i
for 0 < i s. The rst of these
is clear, and the second follows from the Third Isomorphism Theorem.
In particular, if each H
i1
/H
i
and

G
i1
/

G
i
is abelian (respectively cyclic), then
so is each G
i1
/G
i
. Hence if H and G/H are both solvable, then so is G.
66
It is easy to show that every p-group for p a prime is a solvable group. In fact,
any such group is nilpotent, meaning that we even have a normal series with
abelian subquotients.
Theorem 12.7. Let p be a prime and G a nite p-group. Then G is nilpotent,
so solvable.
Proof. We recall that Z(G) is the centre of G, so the set of elements z com-
muting with all g G. Then Z(G) G is clearly a normal subgroup.
Now, since G is a p-group, it has non-trivial centre. For, we let G act on itself by
conjugation. The orbits of size one are given by the elements of the centre Z(G),
and note that [Z(G)[ 1 since 1 Z(G). Let X be a set of representatives for
the conjugacy classes of size at least 2. For x X let G
x
= Stab
G
(x) be the
stabiliser of x, so by the Orbit-Stabiliser Theorem [G : G
x
] = [Orb
G
(x)[ > 1.
Since G is a p-group, we see that p divides each [G : G
x
]. Therefore [G[ =
[Z(G)[ +

xX
[G : G
x
], so p divides [Z(G)[. In particular, G has non-trivial
centre.
We can dene a normal series of G by setting Z
0
:= 1 and iteratively dening
Z
i+1
to be the preimage in G of Z(G/Z
i
), so that Z
1
= Z(G). For, G/Z
i
is a
p-group, so has non-trivial centre, so Z
i
< Z
i+1
is a strict inclusion.
More generally, we have the following famous theorem. John Thompson was
recently awarded the Abel Prize for this and other work on nite groups.
Theorem 12.8 (Feit-Thompson). Every nite group of odd order is solvable.
In particular, if G is a nite simple group, then either G is cyclic of prime order
or else [G[ is even.
We shall need the following result, concerning the solvablility of the symmetric
and alternating groups.
Theorem 12.9. The alternating group Alt
n
is solvable if n 4 and simple if
n 5. In particular, the symmetric group Sym
n
is solvable if and only if n 4.
Proof. For n = 4 we have the normal series 1 V Alt
4
Sym
4
, where
V = (12)(34), (13)(24)) is the Klein four group. Since each quotient is abelian,
we have the result. Moreover, since Sym
4
/V

= Sym
3
, we also obtain that Sym
3
is solvable.
On the other hand, if n 5, then Alt
n
is simple but not cyclic, so not solvable.
Since Alt
n
Sym
n
, the full symmetric group Sym
n
is not solvable for n 5.
12.3 Solvable Galois Extensions
We now come to one of the highlights of Galois Theory. We assume throughout
that all elds have characteristic zero.
67
Proposition 12.10. Let L/K be Galois and radical. Then Gal(L/K) is solv-
able.
Proof. Let L/K be radical of exponent n, say having a radical tower
K = K
0
K
1
K
r
= L
with K
i
= K
i1
(
i
) and
n
i
K
i1
. Let M/L be a splitting eld extension of
X
n
1, and let M be a primitive n-th root of unity.
Note that L/K and K()/K are both Galois, so their compositum L() = M is
Galois over K by Theorem 10.10. By the Galois Correspondence we know that
Gal(M/K()) is a normal subgroup of Gal(M/K) with quotient Gal(K()/K),
and this latter group is abelian by Corollary 11.3. So, by Theorem 12.6,
Gal(M/K) is solvable if and only if Gal(M/K()) is solvable.
On the other hand, we similarly have that Gal(M/L) is a normal subgroup of
Gal(M/K) with quotient Gal(L/K). So Gal(M/K) solvable implies Gal(L/K)
solvable. Putting this together we see that Gal(M/K()) solvable implies
Gal(L/K) solvable.
Now, M = L(), so Lemma 12.1 implies that M/K() is radical of exponent n.
In fact, setting M
i
:= K
i
(), we obtain the radical tower
K() = M
0
M
1
M
r
= M
with M
i
= M
i1
(
i
) and
n
i
M
i1
. Since M
i1
contains , a primitive n-th
root of unity, we know from Proposition 11.7 that M
i
/M
i1
is Galois with cyclic
Galois group (of order dividing n). It follows from the Galois Correspondence
that, setting G
i
:= Gal(M/M
i
), we have a subnormal series
1 = G
r
G
1
G
0
= Gal(M/K())
with cyclic subquotients G
i1
/G
i

= Gal(M
i
/M
i1
). Hence Gal(M/K()) is a
solvable group as required.
The converse is slightly trickier, since we have not shown that each root of unity
has a radical expression. In fact, we prove this simultaneously.
Proposition 12.11. Let L/K be Galois with solvable Galois group. Then there
exists an extension M/L such that M/K is Galois and radical.
Proof. Let L/K have degree n. We shall prove by induction on n that there
exists a root of unity such that L()/K is Galois and radical. Note that the
case n = 1 is trivial.
Consider K()/K, where is a primitive n-th root of unity. We know from
Corollary 11.3 that this eld extension is Galois of degree dividing (n) with
abelian Galois group. Therefore, by induction, there exists a root of unity
such that K(, )/K is Galois and radical. If is a primitive m-th root of unity,
68
then Lemma 11.4 tells us that K(, ) = K(), where is a primitive l-th root
of unity for l = lcmm, n.
Now let L()/L be a splitting eld extension of X
l
1, where is a primitive
l-th root of unity. Note that L/K and K()/K are both Galois, so their com-
positum L() is Galois over K by Theorem 10.10. Therefore it is enough to
prove that L()/K() is radical, since then we can concatenate radical towers
for L()/K() and K()/K to deduce that L()/K is radical.
By Theorem 10.10 once more we know that Gal(L()/K()) is isomorphic to a
subgroup of Gal(L/K), so is solvable by Theorem 12.6 and has order dividing
n. Let 1 = G
r
G
0
= Gal(L()/K()) be a subnormal series for
Gal(L()/K()) with cyclic subquotients. Let M
i
be the xed eld of G
i
, so
K() = M
0
M
1
M
r
= L()
is a tower of eld extensions. By the Galois Correspondence we have that
M
i
/M
i1
is Galois with Galois group G
i1
/G
i
, so cyclic of order dividing n.
Since M
i1
contains a primitive n-th root of unity, we can apply Proposition 11.6
to get that M
i
= M
i1
(
i
) with
n
i
M
i1
. Hence L() = M
r
/ /M
0
= K()
is a radical tower of exponent n. This proves that L()/K() is radical.
We summarise this discussion in the following theorem.
Theorem 12.12 (Galois). A Galois eld extension L/K has solvable Galois
group if and only if there exists an extension M/L with M/K Galois and radical.
In particular, a polynomial f K[X] is solvable by radicals if and only if Gal(f)
is a solvable group.
Proof. The rst part is immediate from the previous two propositions. For the
second, let f K[X] and let L/K be a splitting eld extension of f. Then f
is solvable by radicals if and only if there exists an extension M/L such that
M/K is Galois and radical, which is equivalent to Gal(f) = Gal(L/K) being a
solvable group.
Corollary 12.13. There exist quintic polynomials f Q[X] which are not
solvable by radicals.
Proof. We saw at the end of Section 10.2 that f = X
5
4X + 2 Q[X] is
irreducible and has Galois group Sym
5
. Therefore Gal(f) is not solvable, so f
is not solvable by radicals.
69
Chapter 13
Cubics and Quartics
In this chapter we apply the above considerations to cubic and quartic polyno-
mials, and in so doing obtain radical expressions for their roots. In particular,
we recover Cardanos formula from Exercise Sheet 1, and motivate the con-
structions involved. The formula for the quartic is due to Ferrari, a student of
Cardano. We will assume throughout that K is a eld of characteristic zero,
though in fact it is enough to take characteristic dierent from 2 or 3.
13.1 Solving the Cubic
Let f = X
3
s
1
X
2
+s
2
Xs
3
K[X] be irreducible and let
i
for i = 1, 2, 3 be
the roots of f in a splitting eld extension L/K. Thus the s
i
are the elementary
symmetric functions in the roots
s
1
=
1
+
2
+
3
, s
2
=
1

2
+
2

3
+
3

1
, s
3
=
1

3
.
Let G Sym
3
be the Galois group of f. Recall that we have the subnormal
series 1 Alt
3
Sym
3
with cyclic subquotients of degrees 3 and 2. We need
to compute the xed eld of G Alt
3
. Dene
=

i<j
(
i

j
) = (
2
1

2
+
2
2

3
+
2
3

1
) (
1

2
2
+
2

2
3
+
3

2
1
),
so that the discriminant of f is
(f) =
2
= s
2
1
s
2
2
4s
3
1
s
3
4s
3
2
+ 18s
1
s
2
s
3
27s
2
3
.
Now, () = sgn(), so G xes if and only if it is an even permutation.
Thus G Alt
3
has xed eld K(). Note that, since f is irreducible, G is a
transitive subgroup, so G Alt
3
= Alt
3
.
70
This also gives a criterion for the Galois group of an irreducible cubic f K[X].

Gal(f)
not in K Sym
3
in K Alt
3
In order to obtain radical expressions for the roots we need to adjoin a primitive
cube root of unity . So, from now on assume that K. Then by Proposition
11.6 we have L = K(, u) with u
3
K(). In fact, if is a generator for Alt
3
,
say = (123), then (u) = u, and conversely any such u works. An obvious
choice is
u :=
1
+
2
+
2

3
.
An easy calculation shows that u
3
equals
(
3
1
+
3
2
+
3
3
)+6
1

3
+3(
2
1

2
+
2
2

3
+
2
3

1
)+3
2
(
1

2
2
+
2

2
3
+
3

2
1
).
Now, using the formulae
(
2
1

2
+
2
2

3
+
2
3

1
) + (
1

2
2
+
2

2
3
+
3

2
1
) = s
1
s
2
3s
3
(
2
1

2
+
2
2

3
+
2
3

1
) (
1

2
2
+
2

2
3
+
3

2
1
) =
as well as

3
1
+
3
2
+
3
3
= s
3
1
3s
1
s
2
+ 3s
3
we can write
u
3
= s
3
1

9
2
s
1
s
2
+
27
2
s
3
+
3
2
(
2
) =
1
2
( + 3(
2
)),
where = 2s
3
1
9s
1
s
2
+ 27s
3
. Note also that
2
=

3.
We can similarly form the sum v =
1
+
2

2
+
3
, so that
v
3
=
1
2
( 3(
2
)) and uv = s
2
1
3s
2
.
Finally we can solve for
i
using the three expressions
s
1
=

i
, u =

i1

i
, v =

2(i1)

i
.
This gives

1
=
1
3
(s
1
+u +v),
2
=
1
3
(s
1
+
2
u +v),
3
=
1
3
(s
1
+u +
2
v).
Observe that u
3
and v
3
are the roots of the auxillary quadratic
X
2
X +
1
4
(
2
+ 27) K[X].
This recovers the formula from Exercise Sheet 1 when s
1
= 0 (except the u and
v used there are one third of the u and v used above).
71
13.2 Solving the Quartic
Now let f = X
4
s
1
X
3
+ s
2
X
3
s
3
X + s
4
K[X] be an irreducible quartic.
Let L/K be a splitting eld extension and let
i
L for i = 1, 2, 3, 4 be the
roots of f. Let G Sym
4
be the Galois group of f. Note that the s
i
are again
the elementary symmetric functions in the roots
s
1
=
1
+
2
+
3
+
4
, s
2
=
1

2
+
1

3
+
1

4
+
2

3
+
2

4
+
3

4
,
s
3
=
1

3
+
1

4
+
1

4
+
2

4
, s
4
=
1

4
.
Recall that Sym
4
has a normal series id V Alt
4
Sym
4
with abelian
subquotients. In fact, for solving the quartic, the most important subgroup is
V , since Sym
4
/V

= Sym
3
. Therefore the xed eld of V corresponds to the
splitting eld of a cubic, called the auxillary cubic. Since V

= (Z/2Z)
2
it has
three subgroups of order two, which we can then use, together with the roots of
the auxillary cubic, to obtain radical expressions for the roots.
Note that, under the isomorphism Sym
4
/V

= Sym
3
, the preimage of Alt
3
is
Alt
4
, and the preimages of the three subgroups of order two give three subgroups
of Sym
4
containing V and isomorphic to D
8
. These have xed elds generated
by the individual roots of the auxillary cubic.
Fixed Fields
We want to nd the xed elds of the subgroups G V and G Alt
4
. In fact,
we will also need the xed elds for G D and G T, where
D = id, (12), (34), (12)(34), (13)(24), (14)(23), (1324), (1423)

= D
8
and
T = id, (12)(34)

= Z/2Z.
Note that 1T V D is a subnormal series, with all subquotients isomorphic
to Z/2Z.
We will prove the following.
subgroup G T G V G D G Alt
4
xed eld F(
1
+
2
,
1

2
) F K(a) K()
The notation is as follows. As usual we have set
=

i<j
(
i

j
) =

Alt4

3
(1)

2
(2)

(3)

Alt4

(1)

2
(2)

3
(3)
,
so that the discriminant of f is (f) =
2
.
72
Also, F = K(a, b, c), where
a := (
1
+
2
)(
3
+
4
), b := (
1
+
3
)(
2
+
4
), c := (
1
+
4
)(
2
+
3
)
are the roots of the auxillary cubic
g := X
3
2s
2
X
2
+ (s
2
2
+s
1
s
3
4s
4
)X + (s
2
3
+s
2
1
s
4
s
1
s
2
s
3
) K[X].
We rst compute the xed eld of GAlt
4
. Note that, as before, if G, then
() = sgn(). It follows that K and Gal(L/K()) = G Alt
4
.
Next consider G V . We have V = id, (12)(34), (13)(24), (14)(23), so it is
natural to look at the elements a, b, c given above. We calculate that
a +b +c = 2s
2
, ab +bc +ca = s
2
2
+s
1
s
3
4s
4
, abc = s
2
3
s
2
1
s
4
+s
1
s
2
s
3
so that a, b, c are indeed the roots of the auxillary cubic g.
Note that the roots a, b, c of g are all distinct (although g need not be irre-
ducible). In fact, f and g have the same (non-zero) discriminant: for,
a b = (
1

4
)(
2

3
),
b c = (
1

2
)(
3

4
),
a c = (
1

3
)(
2

4
),
so that
(a b)(a c)(b c) =

i<j
(
i

j
) = .
It follows that K(a) is the xed eld of G D. Moreover, doing this for K(b)
and K(c) and using the Galois Correspondence shows that K(a, b, c) is the xed
eld of G V .
We remark that K(a, b, c)/K is Galois, since it is the splitting eld extension
of g. This reects the fact that G V is normal in G. We immediately get
that Gal(g)

= G/(G V ), which is a subgroup of Sym
4
/V

= Sym
3
. Since the
preimage of Alt
3
is just Alt
4
it is no great surprise that f and g have the same
discriminant.
Finally consider G T. There is a slight technicality in computing the xed
eld for this subgroup, since it may be that one of
1
+
2
or
1

2
lies in F.
We begin by observing that (X
1
)(X
2
) ,= (X
3
)(X
4
), since they
have distinct roots. Therefore either
1
+
2
,=
3
+
4
or
1

2
,=
3

4
.
Assume that
1
+
2
,=
3
+
4
. Then
1
+
2
=
i
+
j
implies i, j = 1, 2,
and so K(
1
+
2
) is the xed eld of G (12), (34)). Thus F(
1
+
2
) is the
xed eld of G V (12), (34)) = G T.
If instead
1

2
,=
3

4
, then we see that the xed eld of G T is F(
1

2
).
In either case, we get that the xed eld is F(
1
+
2
,
1

2
).
We remark that
s
3
= s
1

2
+

1
+
2

2
(s
4

2
1

2
2
).
73
In particular, if
1

2
,=
3

4
, then
1
+
2
K(
1

2
). Similarly
s
3

1
2
s
1
s
2
+
1
8
s
3
1
=
_

1
+
2

1
2
s
1
__
s
2
a +
1
2
s
1
(
1
+
2

1
2
s
2
) 2
1

2
_
,
and recall that a = (
1
+
2
)(s
1

1

2
). So, if
1
+
2
,=
3
+
4
, then

2
K(
1
+
2
).
These expressions seem to be new at least I could not nd them in the
standard literature.
Galois Group
We can now calculate the Galois group G of f.
g K[X]
_
s
2
1
4a,
_
(s
2
a)
2
4s
4
Gal(f)
splits V
irreducible in K Alt
4
irreducible not in K Sym
4
root a both in K(

) Z/4Z
root a not both in K(

) D
8
Recall that G is a transitive subgroup of Sym
4
, so is one of
Sym
4
, Alt
4
, D
8
= Z/4Z, V ), Z/4Z, V.
Also, we saw above that G/(G V ) = Gal(g). So, if g splits over K, then
G = GV , and hence G = V . On the other hand, if g is irreducible, then Gal(g),
and hence G, contains a 3-cycle. Since g and f have the same discriminant
=
2
, we see that either K, so Gal(g) = Alt
3
and G = Alt
4
, or else
, K, so Gal(g) = Sym
3
and G = Sym
4
.
Finally, suppose that g has a single root a K. Then also b + c, bc K, and
= (a
2
a(b + c) + bc)(b c) ,= 0. So K if and only if b c K, which
is if and only if g splits over K. By assumption this does not happen, so we
have K < K() = F. Therefore G > G Alt
4
= G V . It follows that G is
either D
8
or Z/4Z. Now, either
1
+
2
,
1

2
are both in K(), in which case
GT = GV and G

= Z/4Z, or else they are not both in K(), in which case

G T < G V and G

= D
8
.
Note that
1
+
2
,
3
+
4
are the roots of the quadratic X
2
s
1
X+a, whereas

2
,
3

4
are the roots of the quadratic X
2
pX +s
4
. These have respective
discriminants s
2
1
4a and (s
2
a)
2
4s
4
, so the result follows.
74
Radical Expressions
We can also use this information to nd radical expressions for the roots of f.
We already know how to solve the cubic
g = X
3
2s
2
X
2
+ (s
2
2
4s
4
+s
1
s
3
)X (s
1
s
2
s
3
s
2
1
s
4
s
2
3
),
assuming thatK contains a primitive cube root of unity . We set
= 2(2s
2
)
3
9(2s
2
)(s
2
2
4s
4
+s
1
s
3
) + 27(s
1
s
2
s
3
s
2
1
s
4
s
2
3
)
= 2s
3
2
27s
2
3
27s
2
1
s
4
+ 72s
2
s
4
+ 9s
1
s
2
s
3
.
and take
u
3
=
1
2
( + 3(
2
)), v
3
=
1
2
( 3(
2
))
with
uv = (2s
2
)
2
3(s
2
2
4s
4
+s
1
s
3
) = s
2
2
+ 12s
4
3s
1
s
3
.
Then the roots of g are
a =
1
3
(2s
2
+u +v), b =
1
3
(2s
2
+
2
u +v), c =
1
3
(2s
2
+u +
2
v).
This gives the eld F = K(a, b, c).
There are now two possible approaches. The theory says we should take a
square root to get F(
1
+
2
,
1

2
), and then another square root to get L.
Unfortunately, due to the technicality mentioned above, we do not know which
square root to take, either
_
s
2
1
4a or
_
(s
2
a)
2
4s
4
.
The alternative is to take three square roots and construct F(
1
+
2
), F(
1
+
3
)
and F(
1
+
4
). Then L is the compositum of these three elds: for example,
(
1
+
2
) + (
1
+
3
) + (
1
+
4
) = 2
1
+s
1
.
We therefore solve the three quadratics
X
2
s
1
X +a, X
2
s
1
X +b, X
2
s
1
X +c,
but making sure that the square roots of the discriminants are chosen such that

1
=
_
1
4
s
2
1
a =
1
+
2

1
2
s
1
=
1
2
_
(
1
+
2
) (
3
+
4
)
_

2
=
_
1
4
s
2
1
b =
1
+
3

1
2
s
1
=
1
2
_
(
1
+
3
) (
2
+
4
)
_

3
=
_
1
4
s
2
1
c =
1
+
4

1
2
s
1
=
1
2
_
(
1
+
4
) (
2
+
3
)
_
.
Note that, after relabelling the roots
i
, we may assume that
2
,
3
are in the
correct form. Then

3
= s
2
a +
1
2
s
1
(
1
+
2

1
2
) 2
1

2
,
75
so (by our earlier computation relating
1
+
2
and
1

2
) the assumption on
the
i
is equivalent to the compatibility condition

3
= s
3

1
2
s
1
s
2
+
1
8
s
3
1
.
This in eect says that we only need take two square roots, since the third can
then be obtained using this expression. Having done this we can solve for
1
:
2
1
=
1
2
s
1
+
1
+
2
+
3
.
Summary
In summary, given a quartic
f = X
4
s
1
X
3
+s
2
X
2
s
3
X +s
4
K[X],
where K contains a primitive cube root of unity, we solve the auxillary cubic
g = X
3
2s
2
X
2
+ (s
2
2
+s
1
s
3
4s
4
)X + (s
2
3
+s
2
1
s
4
s
1
s
2
s
3
)
to get the roots a, b, c. We then take square roots

1
=
_
1
4
s
2
1
a,
2
=
_
1
4
s
2
1
b,
3
=
_
1
4
s
2
1
c
with signs chosen such that

3
= s
3

1
2
s
1
s
2
+
1
8
s
3
1
.
The roots of f are then given by
2
1
=
1
2
s
1
+
1
+
2
+
3
2
3
=
1
2
s
1

1
+
2

3
2
2
=
1
2
s
1
+
1

3
2
4
=
1
2
s
1

2
+
3
.
Biquadratic Polynomials
As a special case, consider a biquadratic polynomial
1
f = X
4
+s
2
X
2
+s
4
K[X].
When f is irreducible we have the following possibilities for Gal(f).
Gal(f)

=
_

_
V if s
4
is a square in K
Z/4Z if s
4
(s
2
2
4s
4
) is a square in K
D
8
otherwise
1
This is standard terminology, but a biquadratic extension is not a splitting eld extension
of a general biquadratic polynomial, but rather of two quadratic polynomials, for example
Q(

2,

3)/Q.
76
For, the auxillary polynomial is
g = X(X
2
2s
2
X + (s
2
2
4s
4
)),
so g always has the root a = 0 in K, and the discriminant is = 16s
4
(s
2
2
4s
4
)
2
.
Therefore K if and only if s
4
is a square in K, and then the splitting eld
extension of g is F = K(

s
4
) = F(). Finally, s
2
1
4a = 0, so we only need ask
whether s
2
2
4s
4
is a square in K(

s
4
). Note here that since f is irreducible,
s
2
2
4s
4
is not a square in K.
We can now apply the previous criterion. If s
4
is a square in K, then g splits
over K and G = V . Assume a = 0 is the only root of g in K. Then G = Z/4Z
if and only if s
2
2
4s
4
is a square in K(

s
4
), otherwise G = D
8
.
Finally, s
2
2
4s
4
is a square in K(

s
4
) if and only if s
4
(s
2
2
4s
4
) is a square in
K. For, assume that s
2
2
4s
4
= (x + y

s
4
)
2
with x, y K. Multiplying out
and equating coecients gives that xy = 0. Since s
2
2
4s
4
is not a square in K,
we cannot have y = 0. Therefore x = 0 and s
4
(s
2
2
4s
4
) = (s
4
y)
2
is a square
in K. Conversely, suppose that s
4
(s
2
2
4s
4
) is a square in K. Since s
2
2
4s
4
is
not a square in K, neither is s
4
, but then s
2
2
4s
4
is a square in K(

s
4
).
77
Chapter 14
Algebraically Closed Fields
This chapter is non-examinable, and is included only for completeness.
A eld L is called algebraically closed if every non-constant polynomial f has
a root in L. In other words, the only irreducible polynomials are those of degree
one. An algebraic closure of K is an algebraic eld extension L/K with L
algebraically closed.
Algebraic closures are special cases of normal eld extensions, or of splitting
eld extensions.
Lemma 14.1. L is an algebraic closure of K if and only if if is the splitting
eld extension for the set of all polynomials in K[X].
Proof. Let L be an algebraic closure of K and take f K[X] non-constant.
Then f factorises over L as a product of degree one polynomials; in other
words, f splits over L. It follows that L/K contains a unique intermediate eld
F which is a splitting eld extension for the set of all polynomials in K[X].
For, we can take the intersection over all such intermediate elds. Since L/K
is algebraic, if L F, then the minimal polynomial m
/K
cannot split over
F, a contradiction. Thus L = F.
Conversely, let L/K be a splitting eld extension for the set of all polynomials
in K[X]. Then L/K is necessarily generated by the set of all roots of all poly-
nomials in K[X], all of which are algebraic elements, so L/K is algebraic. Now
take f L[X] and let be a root of f in some extension of L. Then, by the
transitivity of algebraic extensions, Exercsie Sheet 7, Question 2, we know that
is algebraic over K. By assumption m
/K
K[X] splits over L, so L.
Therefore L is algebraically closed.
Having made this connection, we can try and prove the existence and uniqueness
of algebraic closures. As is often the case, we will need to replace the induction
proof of Theorem 8.2 with an application of Zorns Lemma.
78
Before we begin, we make a further observation, which will simplify considerably
the construction of an algebraic closure.
Proposition 14.2. Let L/K be algebraic. If every f K[X] has a root in L,
then L is algebraically closed.
Proof. Take f L[X] and let be a root of f in some eld extension of L. By
the transitivity of algebraic extensions, is algebraic over K, say with minimal
polynomial m. Let L

/L be a splitting eld extension of m, and let M L

be the splitting eld extension of m over K. We want to show that M L, so

that in particular L.
We know that M/K is nite and normal, so we can use the results from Exercise
Sheet 7, Question 7; that is, let E = M
sep/K
and let F = M
Gal(M/K)
. Then
both E/K and M/F are Galois, with isomorphic Galois groups, and both M/E
and F/K are purely inseparable. Finally, M = EF is the compositum of E and
F. Therefore, it is enough to show that both E and F are subelds of L.
Since E/K is Galois, it is simple by Corollary 10.7, say E = K(). Then
E = K(

) for any root

of m
/K
, and by assumption L contains a root of
m
/K
. This proves that E L.
Since F/K is purely inseparable, if F, then m
/K
= X
q

q
where q = p
n
is a power of the characteristic (or q = 1 in characteristic zero). This polynomial
has a unique root, namely , so again our assumption on L implies that L.
It follows that F L.
Theorem 14.3 (Existence of Algebraic Closures). Every eld K has an alge-
braic closure.
Proof. For each non-constant polynomial f K[X] we take an indeterminate
X
f
and form the ring R := K[X
f
: f K[X] K]. (In fact, it is enough to
take just the monic irreducible polynomials.) Consider the ideal I R generated
by the elements f(X
f
) R.
We claim that I is a proper ideal, and hence is contained in a maximal ideal
J R by Theorem B.3 (which uses Zorns Lemma).
It will follow that L := R/J is a eld extension of K generated by the images
x
f
of the X
f
. Since f(X
f
) I we have f(x
f
) = 0 in L, so each x
f
is algebraic
over K and hence L/K is algebraic. Finally, each non-constant polynomial
f K[X] has a root in L, namely x
f
. Therefore, by the previous proposition,
L is an algebraic closure of K.
It remains to prove the claim. If I is not proper, then it contains the identity,
so we can write 1 = g
1
f
1
(X
f1
) + +g
n
f
n
(X
fn
) for some distinct non-constant
polynomials f
i
K[X] and some elements g
i
R. Now, each g
j
uses only
nitely many variables, so the expression above only uses nitely many variables,
say X
1
, . . . , X
m
with the convention that X
i
= X
fi
for 1 i n. We can now
write 1 =

n
i=1
g
i
(X
1
, . . . , X
m
)f
i
(X
i
) K[X
1
, . . . , X
m
].
79
Let E/K be a nite extension in which each f
i
has a root, say f
i
(
i
) = 0. Set

i
= 0 for n < i m. Applying the evaluation map K[X
1
, . . . , X
m
] E,
X
i

i
, give 1 =

i
g
i
(
1
, . . . ,
m
)f
i
(
i
) = 0 in E, a contradiction. Thus I
is a proper ideal and the claim is proved.
Before we continue, recall from Exercise Sheet 5, Question 7, that if L/K is
transcendental, then there exist K-endomorphisms of L which are not automor-
phisms. We now show that this cannot happen when L/K is algebraic.
Proposition 14.4. Let L/K be algebraic and let be a K-endomorphism of
L. Then is a K-automorphism.
Proof. Since is necessarily injective, we just need to show that is surjective.
It will follow that
1
is a K-embedding, and hence that is K-automorphism.
Let L, say with minimal polynomial m = m
/K
. Let =
1
, . . . ,
n
be the
distinct roots of m in L. (Note: we are not assuming that m splits over L, or
that it is separable.) Since (m) = m, we know that (
i
) is again a root of m,
so (
i
)
1
, . . . ,
n
. Since is injective, it induces an injective map from

1
, . . . ,
n
to itself, which is necessarily a bijection. Thus each
i
lies in the
image of . In particular, (L), so is surjective.
Theorem 14.5 (Uniqueness of Algebraic Closures). Let : K

K

be a eld
isomorphism, let L/K be algebraic, and let L

be an algebraic closure of K

.
Then there exists a eld embedding : L L

extending .
Moreover, if L is algebraically closed, then is an isomorphism.
Proof. To prove the existence of we shall use Zorns Lemma.
Let S denote the set of all pairs (F, ) such that F is an intermediate eld of
L/K and : F L

is a eld embedding extending . We endow S with a

partial order by setting (E, ) (F, ) if E F and extends . Clearly S is
non-empty, since it contains (K, ). Moreover, every chain has an upper bound.
For, if (F
i
,
i
) is a totally ordered subset, then F :=

i
F
i
is an intermediate
eld of L/K and we can dene : F L

by setting () =
i
() for any i
such that F
i
. Then (F, ) is an upper bound for the chain (F
i
,
i
).
By Zorns Lemma, S contains a maximal element (F, ). We claim that F =
L. Otherwise, let L F. Then is algebraic over F, say with minimal
polynomial m = m
/F
. Now (m) L

[X] has a root

since L

is
algebraically closed. Therefore, by Artins Extension Theorem, we can extend
to a eld embedding : F() L

via

. Thus (F, ) < (F(), ),

contradicting the maximality of (F, ). Therefore F = L and there exists a eld
embedding : L L

extending .
Now suppose that L is an algebraic closure of K. Then we have a eld embedding
: L L

extending , and a eld embedding : L

L extending
1
. It
follows that is a K

-endomorphism of L

, so an automorphism by the previous

proposition. In particular, is surjective, and hence an isomorphism.
80
Since all algebraic closures of K are isomorphic, it is common to x one of them
and denote it by K.
By the transitivity of algebraic extensions, it is easy to see that if L/K is a eld
extension with L algebraically closed, then K = L
alg/K
is an algebraic closure
of K. For example, since C is algebraically closed, we have Q = C
alg/Q
.
Another useful corollary concerns splitting eld extensions of arbitrary subsets
S K[X].
Corollary 14.6. Let S K[X] be an arbitrary subset. Then a splitting eld
extension of S over K exists, and is unique up to isomorphism.
Proof. Let K be an algebraic closure of K. Then each f S splits over K, so
there is a unique intermediate eld L, minimal with respect to this property.
For, as usual, we take the intersection over all such intermediate elds.
If : K

K

is a eld isomorphism and K

an algebraic closure of K

, then
there exists a eld isomorphism : K

K

extending . Now, there is a

unique splitting eld extension L

of S

:= (S) inside K

. Since (L) is also a

splitting eld extension of S

we must have that (L) = L

. In other words,
restricts to an isomorphism L
L

extending .
Using this we see that many results actually extend from the nite case to the
algebraic case. For example, normal eld extensions are the same as splitting
eld extensions, and normal closures of algebraic extensions always exist.
81
Chapter 15
Selected Topics
15.1 The Normal Basis Theorem
The Normal Basis Theorem is due to Hensel (1888) in the case of nite elds,
and Noether (1932) and Deuring (1933) for general Galois extensions. It states
that for a Galois extension L/K, there is a K-basis of L given by a single orbit
() : Gal(L/K) of the Galois group.
This basis has applications to cryptography, since it is easy to manipulate and
is computationally very ecient.
Theorem 15.1 (Normal Basis). Let L/K be Galois. Then there exists an
element L such that the set () : Gal(L/K) is a K-basis for L,
called a normal basis.
We shall split the proof into two cases: when the eld is innite, or when the
Galois group is cyclic (which includes all nite elds).
15.1.1 Proof for innite elds
Recall that, for an irreducible polynomial f K[X] with roots
1
, . . . ,
n
, we
have the discriminant (f) := (1)
(
n
2
)

i=j
(
i

j
). We can generalise this
notion as follows.
Let L/K be a Galois extension with Galois group G =
1
, . . . ,
n
. For

1
, . . . ,
n
L we dene
(
1
, . . . ,
n
) := det
_
Tr
L
K
(
i

j
)
_
K.
We observe that we can rewrite this as follows. Set
A :=
_

i
(
j
)
_
M
n
(L).
82
Then
A
t
A =
_

i
(
i

j
)
_
=
_
Tr
L
K
(
i

j
)
_
M
n
(K),
using that
Tr
L
K
=

i
,
as shown in Proposition 15.9. Therefore
(
1
, . . . ,
n
) = det(A)
2
.
This denition generalises the discriminant for f. For, let L/K be the splitting
eld of f and let
1
, . . . ,
n
be the roots of f in L. We may assume that the
Galois group acts via
i
(
1
) =
i
. Therefore, using the subset 1,
1
, . . . ,
n1
1
,
we obtain as above that
A :=
_

i
(
j1
1
)
_
=
_

j1
i
_
.
This is a Van der Monde matrix, so
det(A) =

i>j
(
i

j
), whence (1,
1
, . . . ,
n1
1
) = det(A)
2
= (f).
Proposition 15.2. Let L/K be Galois. Then
1
, . . . ,
n
is a K-basis for L
if and only if (
1
, . . . ,
n
) ,= 0.
Proof. Let Gal(L/K) =
i
and set A := (
i
(
j
)) as before. Then A is non-
singular if and only if (
1
, . . . ,
n
) ,= 0.
Suppose rst that A is singular. Then there exists
i
L such that (
i
)A = 0,
or in other words,

i

i
(
j
) = 0 for all j. If the
j
were a K-basis, then
for any L we could write =

j

j

j
. Then

i

i
() = 0, so that

i
= 0, contradicting the Linear Independence of Characters. Hence the

i
do not form a K-basis of L.
Conversely, suppose that Ais non-singular. Then the
i
are linearly independent
over K. For, if

j

j

j
= 0 for some
j
K, then applying
i
yields that

j

i
(
j
)
j
= 0 for all i. Therefore A(
i
) = 0. Since A is non-singular, we
deduce that
j
= 0 for all i.
We can now prove the Normal Basis Theorem for innite elds.
Let L/K be Galois with Galois group Gal(L/K) =
i
. By the Primitive
Element Theorem, we can write L = K(). Set f K[X] to be the minimal
polynomial of . Over L we have f =

i
(X
i
()), by Proposition 15.9. For
convenience we assume that
1
= id and
1
= , and write
i
=
i
().
The idea is now to use the Chinese Remainder Theorem to obtain
L[X]/(f)

= L
n
, X (
1
, . . . ,
n
) where n := deg(f) = [L : K].
83
In particular, we have a complete set of pairwise orthogonal idempotents in L
n
given by e
i
having 1 in place i and 0 elsewhere.
More explicitly, set
g
i
:=

j=i
X
j

j
.
Then clearly g
i
(
j
) = 0 for i ,= j and g
i
(
i
) = 1 (so that g
i
e
i
L
n
). Note
also that
i
(g
1
) = g
i
. Furthermore, if i ,= j, then each
l
is a root of gh
i
g
j
, so
f divides g
i
g
j
in L[X] (corresponding to e
i
e
j
= 0 for i ,= j in L
n
). Finally, we
have the polynomial identity

i
g
i
= 1 in L[X] (corresponding to 1 =

i
e
i
in
L
n
). For, the left hand side is a polynomial of degree at most n 1, and takes
the value 1 at each
l
; therefore it is identically 1.
Thus, in L[X], we have g
i
g
j
0 mod f for i ,= j, and g
j
=

i
g
i
g
j
g
2
j
mod f.
From this we obtain that, in K[X], we have Tr
L
K
(g
i
g
j
) 0 mod f for i ,= j and
Tr
L
K
(g
2
i
) Tr
L
K
(g
i
) = 1 mod f. This yields the polynomial identity
(g
i
) = det
_
Tr
L
K
(g
i
g
j
)
_
1 mod f,
since the o-diagonal entries vanish, and the diagonal entries are all 1.
We can now dene a polynomial h K[X] via h(X) = (g
i
). As a polynomial,
this is non-zero, since it is congruent to 1 modulo f. Since K is an innite eld,
there exists some K such that h() ,= 0 (and h() = (g
i
())). Setting
:= g
1
(), we have g
i
() =
i
(), and hence (
i
()) = h() ,= 0. By the
previous Proposition, we deduce that
i
() is a normal basis for L/K.
As a simple example, consider Q(i)/Q. Then f = X
2
+ 1, and g
1
=
1
2i
(X + i)
and g
2
=
1
2i
(X i). Hence
Tr(g
2
1
) =
1
4
Tr(X
2
+ 2iX 1) =
1
2
(X
2
1) = 1
1
2
f.
Similarly
Tr(g
2
2
) = 1
1
2
f and Tr(g
1
g
2
) =
1
2
f,
so that
h(X) = det
_
Tr(g
i
g
j
)
_
= 1 f = X
2
.
The result then says that g
1
(), g
2
() =
1
2i
( +i),
1
2i
( i) is a Q-basis if
and only if ,= 0.
15.1.2 Proof for cyclic Galois groups
Let Gal(L/K) be a generator for the Galois group. We observe that any
normal basis for L/K is of the form , (), . . . ,
n1
(), where n = [L : K].
Recall that L is a K-vector space of dimension n and that is a K-linear endo-
morphism of L. In particular, we can talk about the characteristic polynomial
84
of , and also its minimal polynomial m. Clearly
n
= 1, so that the minimal
polynomial m divides X
n
1. On the other hand, by the Linear Independence
of Characters, we know that 1, , . . . ,
n1
are linearly independent, so that
does not satisfy any polynomial relation of degree less then n. Since [L : K] = n
we deduce that m = = X
n
1.
The normal basis theorem therefore follows from the a general result in linear
algebra. Let V be a K-vector space of dimension n and let S End
K
(V ).
A cyclic vector for S is a vector v V such that v, S(v), , S
n1
(v) is a
K-basis of V .
Theorem 15.3. The endomorphism S has a cyclic vector if and only if its
minimal polynomial equals its characteristic polynomial.
The proof of this is essentially a special case of the rational normal form for
matrices. (The rational normal form is a generalisation of the Jordan normal
form which works for arbitrary elds, not just algebraically closed elds.) Our
approach will be via polynomials.
Let = p
r1
1
p
rs
s
be the characteristic polynomial of S, where p
i
K[X] are
pairwise coprime, monic irreducible polynomials. Again, the Chinese Remainder
Theorem tells us that
K[X]/()

= K[X]/(p
r1
1
) K[X]/(p
rs
s
).
We again have a complete set of pairwise orthogonal idempotents e
i
having 1
in the i-th factor and 0 elsewhere.
Explicitly, set
f
i
:=

j=i
p
rj
j
= m/p
ri
i
.
Then gcd(f
1
, . . . , f
s
) = 1, so there exist g
i
with

i
g
i
f
i
= 1. We observe
that divides f
i
f
j
for i ,= j. Hence f
j
=

i
g
i
f
i
f
j
g
j
f
2
j
mod (), so that
(g
i
f
i
)
2
g
i
f
i
mod (). In summary,

P
i
:= g
i
f
i
,

P
i

P
j
0 mod () for i ,= j,

P
2
i


P
i
mod ().
(Thus

P
i
e
i
.)
Set P
i
:=

P
i
(S) = g
i
(S)f
i
(S). By the Cayley-Hamilton Theorem, we know that
(S) = 0 on V . Thus
P
2
i
= P
i
, P
i
P
j
= 0 for i ,= j, and

i
P
i
= id.
Using this we can write
V =

i
V
i
, where V
i
= Im(P
i
).
85
For, we know that v =

i
P
i
(v). On the other hand, if P
i
(v) = P
j
(w) for some
v, w V and some i ,= j, then P
j
(w) = P
2
j
(w) = P
j
P
i
(v) = 0. This shows that
the sum is direct.
Note that V
i
= Ker(p
i
(S)
ri
), so that the V
i
are generalised eigenspaces. For,
if v = P
i
(w) V
i
, then since p
ri
i
f
i
= , we have p
i
(S)
ri
P
i
= 0, so v
Ker(p
i
(S)
ri
). Conversely, if p
i
(S)
ri
(v) = 0, then writing v =

j
P
j
(v) and
using that p
ri
i
divides f
j
for i ,= j, we see that P
j
(v) = 0 for all j ,= i. Hence
v = P
i
(v) V
i
.
Next we note that each V
i
is S-invariant; i.e. if v V
i
, then S(v) V
i
. For,
P
i
S = SP
i
, which follows from the fact that P
i
= g
i
(S)f
i
(S) is a polyno-
mial in S. Therefore S can be represented as a block diagonal matrix S =
diag(S
1
, . . . , S
s
), where S
i
represents the induced action of S on V
i
.
We can now reduce to the case when V = V
i
for some i. For, if v
i
V
i
is a
cyclic vector for S
i
for each i, then v =

i
v
i
V is a cyclic vector for S. To
see this, we just note that v
i
= P
i
(v) W := Spanv, S(v), S
2
(v), . . .. Thus
V
i
W for each i, whence W = V . Also, the characteristic polynomial
i
of S
i
on V
i
is just p
ri
i
, whereas if the minimal polynomial of S equals m = p
a1
1
p
as
s
with 1 a
i
r
i
, then the minimal polynomial m
i
of S
i
equals m
i
= p
ai
i
. So
m = if and only if a
i
= r
i
for all i, which is if and only if m
i
=
i
for all i.
Therefore it is enough to prove the result when = p
r
for some monic irreducible
polynomial p.
Suppose rst that m ,= . Then for each vector v V the subspace W :=
Spanv, S(v), S
2
(v), . . . has dimension at most deg(m) < deg() = dimV .
Therefore V cannot have a cyclic vector. (As a trivial example, think of S = id,
which has minimal polynomial X 1 and characteristic polynomial (X 1)
n
.
If n 2, then S does not have a cyclic vector.)
Now suppose that m = , and consider p
r1
. By denition, p(S)
r1
,= 0, so
there exists v V such that p(S)
r1
(v) ,= 0. We claim that such a vector
is a cyclic vector for S. Again, set W := Spanv, S(v), S
2
(v), . . .. We know
that W V is an S-invariant subspace. It follows from the First Isomorphism
Theorem that S induces an action on the quotient V/W. In particular, we can
represent S as an upper-triangular block matrix
S =
_
S
1
S
3
0 S
2
_
, where S
1
= S[
W
End
K
(W), S
3
=

S End
K
(V/W).
Therefore =
1

2
, where
i
is the characteristic polynomial of S
i
. (We have
already mentioned this fact in the Remark following Theorem 15.4 about the
norm and trace.) Since = p
r
is a power of an irreducible polynomial, we deduce
that
1
= p
a
for some 1 a r. By the Cayley-Hamilton Theorem once more,
we know that p(S)
a
= 0 on W, whereas by construction p(S)
r1
(v) ,= 0. Thus
a r, so that a = r and dimW = deg(p
r
) = dimV , so that V = W.
This completes the proof of Theorem 15.3, and hence the proof of the Normal
Basis Theorem when the Galois group is cyclic.
86
15.2 The Norm and Trace
Let L/K be a nite eld extension and L. Then multiplication by
induces a K-linear endomorphism A of L. The Cayley-Hamilton Theorem says
that every endomorphism satises its own characteristic equation
A
(X) =
det(X A) K[X]; that is,
A
(A) is the zero-map on L. We observe that
A
r
() =
r
for all L, so that
A
(A) acts on L as multiplication by
A
().
Therefore is a root of the polynomial
A
(X).
Note that the characteristic polynomial
A
(X) is a monic polynomial and is
independent of the choice of basis, so depends only on and L/K. We denote
it by
L
/K
and call it the eld equation of /K with respect to L.
Theorem 15.4. Let L/k be a nite eld extension and let L. Then

k()
/k
= m
/k
and
L
/k
= (m
/k
)
[L:k()]
.
Proof. Suppose rst that L = k(). Since is a root of the polynomial
L
/k
,
we know that m
/k
divides
L
/k
. Since they are both monic polynomials of
degree [k() : k], they must be equal. This proves the rst result.
Now let K = k() (or more generally any subeld of L containing k()). Let
u
i

i
be a K-basis of L and v
p

p
a k-basis of K. Then u
i
v
p

(i,p)
is a k-basis
of L. Let A: L L and B: K K be the k-linear maps corresponding to
multiplication by . Let B = (b
pq
) be the matrix with respect to v
p
and
A = (a
ipjq
) the matrix with respect to u
i
v
p
. Then

i,p
a
ipjq
u
i
v
p
= u
j
v
q
= u
j
v
q
=

p
b
pq
u
j
v
p
.
Hence a
ipjq
=
ij
b
pq
, so A can be written in block-diagonal form, with [L : K]
copies of B on the diagonal. This proves the second statement.
Remark. A dierent proof can be constructed using the following general result
from linear algebra: if V is a k-vector space, A: V V a k-linear endomorphism
of V and U V a subspace such that A(U) U, then A induces endomorphisms
B: U U and C: V/U V/U. Choosing a basis for U and extending to a
basis for V , we can write the matrix for A in block form, with the matrices for
B and C on the diagonal, and zero in the bottom left corner. Thus
A
=
B

C
.
Let L/K be a nite eld extension, L and A the K-linear automorphism
of L induced by multiplication by . We dene the norm of in L/K to be
N
L
K
() := det(A) and the trace of in L/K to be Tr
L
K
() := Tr(A).
Proposition 15.5. Let L/K be a nite eld extension and , L. Then
1. N
L
K
: L

is a group homomorphism between multiplicative groups.

In particular, N
L
K
() = N
L
K
()N
L
K
().
87
2. Tr
L
K
: L K is a group homomorphism between additive groups. In par-
ticular, Tr
L
K
( +) = Tr
L
K
() + Tr
L
K
().
Proof. Let A and B be the K-linear automorphisms of L induced by multipli-
cation by and respectively. Then AB corresponds to multiplication by ,
so
N
L
K
() = det(AB) = det(A) det(B) = N
L
K
()N
L
K
().
If L is non-zero, then A is invertible, so that N
L
K
() = det(A) ,= 0. If
= 1, then A = id
L
so that N
L
K
(1) = 1. This shows that N
L
K
: L

is a
group homomorphism.
Similarly, A+B corresponds to multiplication by +, so
Tr
L
K
( +) = Tr(A+B) = Tr(A) + Tr(B) = Tr
L
K
() + Tr
L
K
().
If = 0, then A = 0 so Tr
L
K
(0) = 0. Thus Tr
L
K
: L K is a group homomor-
phism.
Theorem 15.6. Let L/K/k be nite eld extensions. Then
N
L
k
= N
K
k
N
L
K
and Tr
L
k
= Tr
K
k
Tr
L
K
.
A proof of this is outlined in the exercises, although we will provide a dierent
proof later on using Galois Theory in the special case when L/k is separable.
15.3 Norm and Trace Revisited
In this section we relate the minimal polynomial and the eld equation of an
element to its conjugates (). This is often easier to work with than the
original denition.
We begin with a useful observation, which generalises Theorem ?? (6). Let
L/K be nite, with normal closure M/L. Let c denote the set of K-embeddings
L M. We let Gal(M/K) act (on the left) on c via : L M, x ((x)).
Note that id = [
L
.
Proposition 15.7. Gal(M/K) acts transitively on c, and the stabiliser of id
c equals Gal(M/L). In particular, the map Gal(M/K) c, [
L
induces
a natural bijection between the cosets of Gal(M/L) in Gal(M/K) and c.
Proof. Let c. By Theorem ??, we can extend to Gal(M/K). In
particular, id = [
L
= , so Gal(M/K) acts transitively on c. Clearly
id = id if and only if Gal(M/L), so by the Orbit-Stabiliser Theorem the
map id = [
L
induces a bijection between the cosets of Gal(M/L) in
Gal(M/K) and c as required.
88
We observe that the number [c[ of distinct K-embeddings L M equals the
index of Gal(M/L) in Gal(M/K). If L/K is separable, then M/K is Galois, so
[c[ = [L : K] by the Fundamental Theorem of Galois Theory. This proves the
next corollary.
Corollary 15.8. Let L/K be nite and separable, with normal closure M/L.
Then there are precisely [L : K] distinct K-embeddings L M.
[In fact, this has a converse: L/K is separable if and only if there are precisely
[L : K] distinct K-emebddings L M. This leads some authors dene L/K
to be separable if there are [L : K] distinct K-embeddings L M.]
Proposition 15.9. Let L/K be nite and separable, with normal closure M/L.
Let
1
, . . . ,
n
be the distinct K-embeddings L M. Then for L we have

L
/K
=
_
X
1
()
_

_
X
n
()
_
.
In particular,
N
L
K
() =

j
() and Tr
L
K
() =

j
().
Proof. Let M/K be Galois, say with Galois group G := Gal(M/K). For an
intermediate eld L let
1
, . . . ,
n
be the distinct K-embeddings L M. We
know that n = [L : K] by Corollary 15.8. For L dene
f
L
/K
:=
n

i=1
_
X
i
()
_
.
We wish to show that f
L
/K
=
L
/K
for all L and all L.
We observe that
f
M
/K
=

G
_
X ()
_
,
whereas by Artins Extension Theorem
f
K()
/K
= m
/K
,
since the distinct K-embeddings K() M are in bijection with the roots of
m
/K
.
For L we can apply Proposition 15.7 to deduce that f
M
/K
=
_
f
L
/K
_
[M:L]
.
For, the value of () depends only on the restriction [
L
. In particular, for
L = K() we have f
M
/K
=
_
m
/K
_
[M:K()]
, so f
M
/K
=
M
/K
by Theorem 15.4.
From this it follows that
_

L
/K
_
[M:L]
=
M
/K
= f
M
/K
=
_
f
L
/K
_
[M:L]
.
Therefore
L
/K
= f
L
/K
by unique factorisation in L[X].
By denition, if
L
/K
= X
n
a
1
X
n1
+ +(1)
n
a
n
, then Tr
L
K
() = a
1
and
N
L
K
() = a
n
.
89
Note that, by Proposition 15.7,

j

j
() and

j

j
() are xed by Gal(M/K),
so these elements really do lie in K. Also, we may write Tr
L
K
=

j

j
as a linear
combination of the characters
j
.
As promised, we can now prove transitivity of norm and trace for separable
extensions.
Theorem 15.10. Let L/K/k be nite, separable extensions. Then for L
we have
N
L
k
() = N
K
k
_
N
L
K
()
_
Tr
L
k
() = Tr
K
k
_
Tr
L
K
()
_
.
Proof. Let M/L be the normal closure of L/K and consider the chain of sub-
groups Gal(M/L) Gal(M/K) Gal(M/k). Let
j
be coset representatives
of Gal(M/L) in Gal(M/K), and let
i
be coset representatives of Gal(M/K) in
Gal(M/k). Thus 1 i [K : k] and 1 j [L : K].
We claim that the
i

j
are coset representatives for Gal(M/L) in Gal(M/k).
[This is actually quite general, applying to all nite groups.] For, suppose

j
=
r

s
. We know that
j
Gal(M/L) Gal(M/K). Since the
i
Gal(M/K)
are distinct inside Gal(M/k), we must therefore have i = r. Then since the

j
Gal(M/L) are distinct in Gal(M/K), we must have j = s. Therefore the

j
represent distinct cosets. Since there are [L : K][K : k] = [L : K] of them,
we are done.
Now, using Proposition 15.7, we can write
N
K
k
_
N
L
K
()
_
=

i
_

j
()
_
=

i,j

i
_

j
()
_
=

i,j
(
i

j
)() = N
L
k
(),
and similarly for Tr.
15.4 Innite Galois Extensions
In general we call a eld extension L/K Galois provided it is normal and separa-
ble. Then Gal(L/K) is a pronite group, which we endow with the (Krull) topol-
ogy. The Fundamental Theorem of Galois Theory then describes a inclusion-
reversing bijection between the lattice of intermediate elds and the lattice of
closed subgroups of Gal(L/K).
15.5 Theorems of Frobenius and Tchebotarev
Take f Z[X] be monic and irreducible of degree n and let G = Gal(f) be the
Galois group of f over Q. As usual we can view G as a subgroup of Sym
n
.
Frobeniuss Theorem states that if p is a prime and

f F
p
[X] factorises as a
product of irreducible polynomials of degrees d
1
, d
2
, . . . (with

i
d
i
= n), then
90
G contains an element of cycle type (d
1
, d
2
, . . .). This is proved using alge-
braic number theory, and requires lifting the Frobenius homomorphism (which
necessarily has this cycle type) to an element of the Galois group G.
Much harder is Tchebotarevs Theorem, which states that, given a set of num-
bers d
1
, d
2
, . . . with

i
d
i
= n, the frequency with which these numbers occur
as the degrees of the irreducibles in the factorisation modulo p as we take a
larger and larger number of primes p coincides with the proportion of elements
of G which have this cycle type.
A special case is given by considering f = X
2
q for a prime number q. Then
G = Z/2Z, so half its elements have cycle type (2), and the other half have cycle
type (1, 1).
Now, modulo p, either

f is irreducible, which is if and only if
_
q
p
_
= 1, or
else

f factorises as a product of two linear polynomials, which is if and only if
_
q
p
_
= 1.
Suppose for simplicity that q 1 mod 4. then by the Law of Quadratic Reci-
procity we have
_
q
p
_
=
_
p
q
_
. Then Tchebotarevs Theorem reduces to the state-
ment that, as we take larger and larger numbers of primes, approximately half
of them are quadratic residues modulo q.
Now, the weaker version of Dedekinds Theorem on primes in arithmetical pro-
gressions says that for each 1 a < q, there are innitely many primes p
congruent to a modulo q. The stronger version of this theorem then states that,
as we take larger and larger numbers of primes p, they are approximately evenly
distributed between the dierent residue classes, so that approximately 1/(q1)
primes are congruent modulo q to any give a (with gcda, q = 1). Since there
are as many quadratic residues as there are non-residues, we nally obtain this
special case of Tchebotarevs Theorem.
The same ideas can be used to prove the result for a general quadratic extension
of Q, so taking f = X
2
d for an arbitrary non-square integer d.
91
Appendix A
Background
This is a summary of some background material about groups and rings.
A.1 Groups
A group is a set G together with a map G G G, (a, b) a b, called the
group law, satisfying
associative a (b c) = (a b) c for all a, b, c G.
unital there exists e G with e a = a = a e for all a G.
admits inverses for each a G there exists b G with a b = e = b a.
The cardinality [G[ is called the order of the group.
We often write the group law as multiplication, so we write ab instead of a b,
1 for the unit, and a
1
for the inverse of a.
A group is called abelian, or commutative, provided ab = ba for all a, b G.
In this case we sometimes write the group law as addition, so we write a + b
instead of a b, 0 for the unit, and a for the inverse of a.
A subset H G is a subgroup, denoted H G, provided it is
non-empty e H.
closed under multiplication ab H for all a, b H.
closed under inverses a H implies a
1
H.
It follows that the group law on G restricts to a group law on H, so that H is
itself a group.
Clearly G is a subgroup of itself; all other subgroups are called proper. The
subset e is always a subgroup, called the trivial subgroup.
Let H G be a subgroup. We dene an equivalence relation on G by setting
a b if a
1
b H. The equivalence classes aH := ah : h H are called the
left cosets of H. The set of all left cosets is denoted (G : H); its cardinality
is denoted [G : H] and called the index of H in G. A complete set of coset
92
representatives is a subset S G such that the cosets aH for a S are
distinct, and every coset is of this form.
Theorem A.1 (Lagrange). Let H G be a subgroup and let a G. Then the
map H aH, h ah is a bijection. It follows that [G : H] = [G[/[H[.
If H, H

G are subgroups, then so too is their intersection H H

. It follows
that there is a smallest subgroup of G containing any given subset A G, called
the subgroup generated by A and denoted A); for we can dene it to be the
intersection of all subgroups of G containing A. In particular the subgroups of
G form a lattice with respect to inclusions.
As a special case we have the subgroup a) generated by a single element, called
a cyclic subgroup. The order of an element a G is the order of the subgroup
it generates.
If H G is a subgroup and a G, then aHa
1
= aha
1
: h H is again a
subgroup of G, called a conjugate of H. We call a subgroup normal, denoted
HG, provided that it is equal to all of its conjugates; that is, aHa
1
= H for
all a G, or equivalently aH = Ha for all a G.
For a normal subgroup H G we can dene a group law on the set of cosets
(G : H) via aH bH := abH. The resulting group is denoted G/H and called
the quotient group of G by H.
A map f : G G

between groups is called a group homomorphism provided

that it
respects the multiplication f(ab) = f(a)f(b) for all a, b G.
preserves the unit f(1) = 1.
The image Im(f) := f(a) G

: a G of f is a subgroup of G

; con-
versely, if H G is a subgroup, then the inclusion map : H G is a group
homomorphism.
The kernel Ker(f) := a G : f(a) = 1 of f is a normal subgroup of G;
conversely, if N G is normal, then the canonical map : G G/N is a group
homomorphism.
If g : G

is another group homomorphism, then the composition gf : G

G

is again a group homomorphism. We say that f is an isomorphismprovided

that there exists a group homomorphism g : G

G such that gf = id
G
and
fg = id
G
.
Lemma A.2. Let f : G G

be a group homomorphism. Then

1. f is injective if and only if Ker(f) is trivial.
2. f is an isomorphism if and only if it is bijective.
Lemma A.3 (Factor Lemma). Let N G be a normal subgroup. Then the
set of group homomorphisms G/N G

is in bijection with the set of group

homomorphisms f : G G

with N Ker(f).
93
Theorem A.4 (Isomorphism Theorems). 1. Let f : G G

be a group ho-
momorphism. Then f induces an isomorphism G/ Ker(f)

Im(f).
2. Let H G be a subgroup, and N G a normal subgroup. Then HN :=
hn : h H, n N is a subgroup of G. Moreover, NHN and HNH
are normal subgroups, and there is an isomorphism H/H N

HN/N.
3. Let M, N G be normal subgroups with M N. Then N/MG/M is a
normal subgroup, and there is an isomorphism (G/M)/(N/M)

G/N.
Group Actions
Given a set X we can consider the set Sym
X
of all bijections : X X. Then
Sym
X
is a group under composition. If X = 1, . . . , n we usually write Sym
n
and call this the symmetric group.
A k-cycle in Sym
n
is a permutation of the form = (a
1
a
2
a
k
), denoting
the function
a
i
a
i+1
for 1 i < k, a
k
a
1
, all other elements xed.
A 2-cycle is also called a transposition. There is a group homomorphism
sgn: Sym
n
1, called the sign map, sending each k-cycle to (1)
k1
.
The kernel Alt
n
of the sign map is called the alternating group.
We say that a group G acts on X if there exists a group homomorphism f : G
Sym
X
. Equivalently, we can regard this as a map G X X, (a, x) ax
which is
associative a(bx) = (ab)x for all a, b G and x X.
unital 1x = x for all x X.
It is clear that G acts on itself by left multiplication, (a, b) ab. We also have
that G acts on itself by conjugation, (a, b) aba
1
. If H G is a subgroup,
then G acts on the set of cosets (G : H) by (a, bH) abH.
The orbit of x X is the subset Orb(x) := ax : a G of X. The stabiliser
of x is the subgroup Stab(x) := a G : ax = x of G. We observe that
Stab(ax) = aStab(x)a
1
, which is a conjugate of the subgroup Stab(x).
We have the following theorem, generalising Lagranges Theorem in the case of
the action of G on the set of cosets (G : H).
Theorem A.5 (Orbit-Stabiliser). Let a group G act on a set X, and let x X.
Then the map G X, a ax induces a bijection (G : Stab(x))

Orb(x). It
follows that [Orb(x)[[Stab(x)[ = [G[.
We say that an action of G on X is faithful if the group homomorphism G
Sym
X
is injective, which is the same as saying that if ax = x for all x X,
then a = 1. We say that the action is transitive provided that for all x, y X
there exists a G with ax = y.
94
Examples
1. The integers form an abelian group under addition. This is cyclic, gen-
erated by either 1 or 1. For each n Z we have the cyclic subgroup
n) = nZ = , n, 0, n, 2n, . The factor group Z/nZ has coset
representatives 0, 1, . . . , n 1.
2. The non-zero complex numbers form an abelian group under multipli-
cation. For each n we have the cyclic subgroup
n
:= exp(2i/n)) =
exp(2ik/n) : k Z.
3. There is a group homomorphism Z
n
, k exp(2ki/n). This is
onto with kernel nZ, so induces an isomorphism Z/nZ


n
. Note
that the group law on the left is written additively, whereas it is written
multiplicatively on the right.
4. The symmetric group Sym
n
is generated by all transpositions. The alter-
nating group Alt
n
is generated by all 3-cycles.
5. The set of symmetries of a geometric gure is a group with respect to
composition, and the subset of all rotations is a normal subgroup. This
ts nicely with the idea that conjugation can be thought of as a change of
point of view.
A.2 Rings
An (associative, unital) ring is a set R together with two operations RR R,
(a, b) a +b (addition) and (a, b) ab (multiplication), satisfying
addition R is an abelian group under addition.
multiplication the multiplication is associative and unital.
distributivity a(b +c) = ab +ac, (a +b)c = ac +bc for all a, b, c R.
A ring is called commutative provided that the multiplication is commutative.
From now on we will only consider commutative rings, and so shall simply call
them rings. A ring R is called trivial if 1 = 0, in which case R = 0.
A subset S R is a subring, denoted S R, provided that it
additive subgroup a +b, a S for all a, b S.
contains the unit 1 S.
closed under multiplication ab S for all a, b S.
It follows that the ring structure on R restricts to a ring structure on S.
If S, S

R are subrings, then so too is their intersection S S

. It follows
that there is a smallest subring of R containing any given subset A G, called
the subring generated by A and denoted A); for we can dene it to be the
intersection of all subrings of R containing A. In particular the subrings of R
form a lattice with respect to inclusions.
The prime subring of R is the smallest subring of R.
95
A subset I R is an ideal, denoted I R, provided that it
additive subgroup a +b, a I for all a, b I.
closed under multiplication by R ab I for all a R and b I.
Clearly R is an ideal of itself; all other ideals are called proper. The subset
0 is an ideal, called the trivial ideal, or zero ideal.
If I, I

R are ideals, then so too is their intersection I I

. It follows that
there is a smallest ideal of R containing any given subset A G, called the ideal
generated by A and denoted (A); for we can dene it to be the intersection
of all ideals of R containing A. In particular the ideals of R form a lattice with
respect to inclusions.
As a special case we have the ideal (a) generated by a single element, called a
principal ideal.
Let I R be an ideal. Then I is an additive subgroup, hence normal, so we can
form the quotient R/I as an additive group. We may now dene a multiplication
on R/I by (a+I) (b+I) := ab+I, making R/I into a ring, called the quotient
ring of R by I.
A map f : R R

between two rings is called a ring homomorphism provided

that it
respects the addition f(a +b) = f(a) +f(b) for all a, b R.
respects the multiplication f(ab) = f(a)f(b) for all a, b R.
preserves the zero and unit f(0) = 0 and f(1) = 1.
In particular, f is an additive group homomorphism.
The image Im(f) := f(a) R

: a R of f is a subring of R

; conversely, if
S R is a subring, then the inclusion map : S R is a ring homomorphism.
The kernel Ker(f) := a R : f(a) = 0 of f is an ideal of R; conversely, if
I R is an ideal, then the canonical map : R R/I is a ring homomorphism.
If g : R

is another ring homomorphism, then the composition gf : R

R

is again a ring homomorphism. We say that f is an isomorphism provided

that there exists a ring homomorphism g : R

R such that gf = id
R
and
fg = id
R
.
Lemma A.6. Let f : R R

be a group homomorphism. Then

1. f is injective if and only if Ker(f) is trivial.
2. f is an isomorphism if and only if it is bijective.
Lemma A.7 (Factor Lemma). Let I R be an ideal. Then the set of ring
homomorphisms R/I R

is in bijection with the set of ring homomorphisms

f : R R

with I Ker(f).
Theorem A.8 (Isomorphism Theorems). 1. Let f : R R

be a ring ho-
momorphism. Then f induces an isomorphism R/ Ker(f)

Im(f).
2. Let S R be a subgroup, and I R an ideal. Then S +I := a +b : a
S, b I is a subring of R. Moreover, I S +I and S I S are ideals,
and there is an isomorphism S/S I

(S +I)/I.
96
3. Let I, J R be ideals with I J. Then J/I R/I is an ideal, and there
is an isomorphism (R/I)/(J/I)

R/J.
Principal Ideal Domains
We write R

:= a R : b R with ab = 1 for the set of units of a ring R.

Note that R

is an abelian group under multiplication. We call two elements a

and b associates if they dier by a unit, so a = ub for some unit u. Equivalently
(a) = (b) as ideals.
A eld is a non-trivial ring K such that every non-zero element is a unit, so
K

= K 0. More generally, an integral domain is a non-trivial ring R

with no zero-divisors, i.e. ab = 0 implies a = 0 or b = 0. Equivalently, R has
cancellation, so that if ax = bx for some x ,= 0, then a = b.
If R is an integral domain, then we can form the eld of fractions Quot(R) of R
in exactly the same way that the eld of rational numbers Q is constructed from
the ring of integers Z. We rst dene an equivalence relation on R (R 0)
by (a, b) (c, d) if ad = bc. The equivalence class of (a, b) is denoted by a/b.
We can now dene a ring structure of the set Quot(R) of all equivalence classes
by
a
b
+
c
d
:=
ad +bc
bd
adn
a
b

c
d
:=
ac
bd
.
We identify R with the subring a/1 : a R of Quot(R).
The eld of fractions satises the following universal property: if R is an integral
domain, K a eld, and f : R K a ring homomorphism, then there is a unique
eld homomorphism

f : Quot(R) K extending f; that is,

f(a/1) = f(a) for
all a R.
We say that an ideal I R is
maximal if I is proper, and I J R implies J = I or J = R.
prime if xy I implies x I or y I.
Proposition A.9. Let R be a ring and I R an ideal of R. Then
1. R/I is a eld if and only if I is maximal. Equivalently R is a eld if and
only if (0) and R are the only ideals of R.
2. R/I is an integral domain if and only if I is prime. Equivalently R is an
integral domain if and only if (0) is prime.
3. I maximal implies I prime. Equivalently, if R is a eld, then it is an
integral domain.
In particular, if f : K R is a ring homomorphism from a eld K to a non-
trivial ring R, then f is injective.
A principal ideal domain is an integral domain R for which every ideal is
principal, so of the form (a) for some a R.
97
Proposition A.10. The ring of integers Z is a principal ideal domain. In fact,
the ideal generated by two integers a and b equals the ideal generated by their
greatest common divisor d.
Proof. Let I Z be a non-zero ideal, and let a > 0 be minimal such that b I.
Let b I. By the Euclidean Algorithm, there exist integers q, r with a > r 0
such that b = qa + r. Now, r = b qa I, so the minimality of a gives r = 0
and b = qa. Thus I = (a).
Let R be a non-trivial ring. Then there exists a unique ring homomorphism
f : Z R. We dene the characteristic of R to be char(R) := n where
Ker(f) = (n) and n 0.
By an analogous argument using the division algorithm, one can show that the
polynomial ring K[X] is also a principal ideal domain.
We say that an element a R divides b, written a[b, if there exists x R such
that b = ax. Equivalently, b (a), or (b) (a). Note that 1 divides every other
element, and each element divides 0.
If R is an integral domain, then a[b and b[a if and only if there exists a unit
u R

such that b = au. For, there exist u, v R such that b = au and

a = bv. If b = 0 then a = 0. Otherwise, since b = buv, we have uv = 1, so that
u, v R

are units.
Let R be an integral domain and a R non-zero and not a unit. We call a
prime if a[xy implies a[x or a[y.
irreducible if a = xy implies x is a unit or y is a unit.
Proposition A.11. Let R be an integral domain and a R non-zero and not
a unit.
1. a is prime if and only if (a) is a prime ideal.
2. a prime implies a irreducible. The converse holds if R is a principal ideal
domain, in which case (a) is a maximal ideal.
Proof. 1. Let a be prime and suppose that xy (a). Then a[xy, whence a[x
or a[y. In other words, x (a) or y (a), so that (a) is a prime ideal. The
converse is similar.
2. Let a be prime and suppose that a = xy. Without loss of generality a[x, so
that x = ab for some b. Now a = xy = aby, so by = 1 and y is a unit. Thus a is
irreducible.
Now suppose that R is a principal ideal domain and let a be irreducible. Suppose
that (a) (x). Then a = xy for some y, and since a is irreducible, either x is a
unit, in which case (x) = R, or else y is a unit, in which case (a) = (x). Hence
(a) is a maximal ideal.
98
Unique Factorisation Domains
An integral domain R is called a unique factorisation domain if every ele-
ment can be written uniquely as a product of irreducibles
existence each a R which is non-zero and not a unit can be written
as a product of irreducibles a = x
1
x
m
.
uniqueness if a = x
1
x
m
and a = y
1
y
n
with each x
i
and y
j
irre-
ducible, then m = n and (after re-ordering) x
i
and y
i
are
associates (so y
i
= u
i
x
i
for some unit u
i
R

).
Clearly if R is a unique factorisation domain, then every irreducible element is
prime. For, if a is irreducible and xy (a), then xy = ab for some b. Since a
is irreducible and factorisations are unique, a must occur in the factorisation of
either x or y, whence x (a) or y (a).
One important result is that if R is a unique factorisation domain, then so too
is the ring of polynomials R[X]. To see this we rst prove the special case when
R is a eld; in fact, we show that every principal ideal domain. The general
case then follows from Gausss Lemma.
Theorem A.12. Every principal ideal domain is a unique factorisation do-
main.
1
Proof. Let R be a principal ideal domain. We rst show that every increasing
sequence of ideals stabilises (so that R is Noetherian).
Suppose we have an increasing sequence of ideals I
1
I
2
. Then the union
I :=

i
I
i
is again an ideal, and since R is a principal ideal domain we can write
I
i
= (a
i
) and I = (a). Now, a

i
I
i
, so a I
i
for some i. Therefore I I
i
, so
I = I
i
, and hence I = I
n
for all n i.
Now take a
1
R non-zero and not a unit, and suppose for contradiction that
a
1
cannot be written as a product of irreducibles. Then a
1
is not irreducible, so
we can write a
1
= a
2
a

2
with neither a
2
nor a

2
a unit. If both a
2
and a

2
can be
expressed as a product of irreducibles, then the same would be true of a
1
, so we
may assume that a
2
cannot be written as a product of irreducibles. Repeating
the argument yields an increasing sequence of ideals (a
1
) (a
2
) . Also,
by construction, (a
i1
) ,= (a
i
), since a
i1
= a
i
a

i
and a

i
is not a unit. Therefore
this sequence of ideals does not stabilise, contradicting the above result.
To see that this expression is unique, let a = x
1
x
m
= y
1
y
n
with each x
i
and y
j
irreducible. Since (x
1
) is a prime ideal (in fact maximal), R/(x
1
) is an
integral domain (in fact a eld) and y
1
y
n
= a = 0 in R/(x
1
). Thus, after
re-ordering, y
1
= 0. Hence y
1
(x
1
), say y
1
= u
1
x
1
. Since both x
1
and y
1
are
irreducible, u
1
must be a unit. Therefore (x
1
) = (y
1
) and x
2
x
m
= u
1
y
2
y
n
.
Since y

2
:= u
1
y
2
is irreducible and (y

2
) = (y
2
), the result follows by induction
on m+n.
1
In fact, if R is a Noetherian integral domain, then R is a unique factorisation domain if
and only if all irreducible elements are prime. The proof is the same, but using the Noetherian
property to deduce that the ascending chain of ideals stabilises.
99
For the remainder of this section, R will denote a unique factorisation domain
and K its eld of fractions.
Lemma A.13. Any two elements in R have a greatest common divisor,
and this is unique up to associates.
Proof. Given a and b, write ab = ux
m1
1
x
mn
n
for some unit u and pairwise
non-associate irreducible elements x
i
(so (x
i
) ,= (x
j
) for i ,= j). We can now
write a = u

x
r1
1
x
rn
n
and b = u

x
s1
1
x
sn
n
for some units u

, u

. Note that
m
i
= r
i
+s
i
. Set gcd(a, b) := x
l1
1
x
ln
n
, where l
i
:= min(r
i
, s
i
).
Clearly gcd(a, b) divides both a and b, and any other element which divides both
a and b must divide gcd(a, b) by unique factorisation.
Given a non-zero polynomial f = a
n
X
n
+ +a
0
R[X], we dene its content
cont(f) to be the greatest common divisor of the coecients a
i
. We call f
primitive if cont(f) is a unit. Note that, if 0 ,= d R, then cont(df) =
d cont(f).
More generally, let f K[X] be non-zero. By clearing denominators, there ex-
ists 0 ,= d R such that df R[X]. We therefore dene cont(f) := cont(df)/d
K. To see that this is well-dened let 0 ,= d

R also satisfy d

f R[X]. Then
d

cont(df) = cont(dd

f) = d cont(d

f),
so that cont(df)/d = cont(d

f)/d

. It follows as before that if d K

and
f K[X], then cont(df) = d cont(f).
Lemma A.14. Let f, g K[X] be non-zero.
1. f/cont(f) R[X] and is primitive. Conversely, if c K

is such that
f/c R[X] is primitive, then c = cont(f) (up to a unit of R).
2. cont(f) R if and only if f R[X].
3. cont(fg) = cont(f)cont(g).
Proof. 1. Suppose rst that f R[X] and has coecients a
i
. Since cont(f) =
gcd(a
i
) we know that a
i
/cont(f) R and that these elements are coprime. Thus
f/cont(f) R[X] is primitive.
Now let f K[X]. Taking 0 ,= d R such that df R[X] we see that
f/cont(f) = df/cont(df) R[X] is primitive.
Finally, let c K

be such that f/c R[X] is primitive. Then 1 = cont(f/c) =

cont(f)/c, so that c = cont(f).
2. By (1) we can write f = cont(f)f

for some f

R[X] primitive, so cont(f)

R implies f R[X]. The converse is immediate.
3. Set c := cont(f) and d := cont(g). By (1) we can write f = cf

and g = dg

for some f

, g

R[X] primitive. Then fg = cdf

and f

R[X], so if we
can show that f

is primitive, then cont(fg) = cd as required.

100
Let p R be prime and consider the quotient ring (R/(p))[X]. Since R/(p) is
an integral domain, so too is (R/(p))[X]. Since f

and g

are primitive, we know

that p does not divide every coecient of f

or g

, so f

and g

are non-zero in
(R/(p))[X]. Thus f

= f

is non-zero, so p does not divide cont(f

).
It follows that cont(f

) is not divisible by any irreducible element of R, hence

is a unit, and f

is primitive.
Lemma A.15 (Gausss Lemma). If f R[X] is irreducible over R, then it is
irreducible over K. The converse holds when f is primitive.
Proof. We prove the contrapositive. Suppose f = gh K[X]. Since cont(f) =
cont(g)cont(h) we can factorise f over R as
f = cont(f) (g/cont(g)) (h/cont(h)).
Conversely let f R[X] be primitive and suppose that f is irreducible over K.
Let f = gh be a factorisation over R. Since f is irreducible over K we may
assume without loss of generality that g is a unit in K[X], so deg(g) = 0 and
hence g R. Therefore g divides cont(f), which is a unit since f is primitive.
Hence g is a unit, so f is irreducible over R.
Theorem A.16. The polynomial ring R[X] is again a unique factorisation
domain. The units of R[X] are the units of R. The irreducible elements of
R[X] are the irreducible elements of R together with the primitive irreducible
polynomials.
Proof. Since R is an integral domain, we can consider leading terms of poly-
nomials to deduce that R[X] is also an integral domain and that the units of
R[X] are just the units of R. Also, by considering degrees, we see that each
irreducible in R remains irreducible in R[X].
Let f R[X] be non-constant. Since K[X] is a principal ideal domain, it
is a unique factorisation domain, so we can write f = g
1
g
r
with each g
i
irreducible in K[X]. Set c
i
:= cont(g
i
), c := c
1
c
r
and f
i
:= g
i
/c
i
, so f
i

R[X] is a primitive irreducible polynomial by Gausss Lemma and f = cf
1
f
r
.
Then c = cont(f) R, so can be written as a product of irreducibles in R. Thus
each polynomial can be written as a product of irreducible elements.
To see that this expression is unique, suppose that f = cg
1
g
r
and f =
dh
1
h
s
with c, d R and g
i
, h
j
R[X] primitive irreducible polynomials.
Then g
i
, h
j
K[X] are irreducible by Gausss Lemma, so using that K[X]
is a unique factorisation domain we deduce that, after reordering, r = s and
h
i
= u
i
g
i
for some u
i
K

. Then u
i
= cont(h
i
) R

, so g
i
and h
i
are
associates. Finally, setting u := u
1
u
r
R

gives that c = ud R, so c and

d are associates. Since R is a unique factorisation domain, we are done.
We nish with some methods to investigate the irreducibility of polynomials in
R[X] for a unique factorisation domain R.
101
Theorem A.17 (Eisensteins Criterion). Let f = a
0
X
d
+ + a
d1
X + a
d

R[X] be primitive. Suppose that there exists a prime p R such that p[a
i
for
1 i d, but p a
0
and p
2
a
d
. Then f is irreducible.
Proof. Since p is prime we know that R/(p) is an integral domain. Let F be its
eld of fractions.
Suppose that f = gh for some non-constant polynomials g, h R[X]. Write
g = b
0
X
r
+ + b
r
and h = c
0
X
s
+ + c
s
, so that d = r + s, a
0
= b
0
c
0
,
a
d
= b
r
c
s
and r, s 1. Consider g

h =

f = a
0
X
d
(R/(p))[X]. Since F[X] is
a unique factorisation domain we must have that g =

b
0
X
r
and

h = c
0
X
s
in
F[X], so also in (R/(p))[X]. In particular, p divides b
i
for all 1 i r and c
j
for all 1 j s. Thus p
2
divides b
r
c
s
= a
d
, a contradiction.
Theorem A.18 (Rational Root Test). Let f = a
0
X
d
+ + a
d
R[X] and
suppose that K is a root of f. Write = p/q with p, q R coprime. Then
q[a
0
and p[a
d
.
Proof. We have the equality
0 = q
d
f(p/q) = a
0
p
d
+a
1
p
d1
q + +a
d1
pq
d1
+a
d
q
d
.
Thus p divides a
d
q
d
and q divides a
0
p
d
. Since gcd(p, q) = 1 we conclude that
p[a
d
and q[a
0
.
This theorem is often used in the following form.
Corollary A.19. Let f = X
n
+ a
n1
X
n1
+ + a
0
R[X] be a monic
polynomial. Then any root K of f actually lies in R and is a divisor of a
0
.
Examples
1. C C with component-wise addition and multiplication is a ring, with
zero (0, 0) and unit (1, 1), but is not an integral domain. Why not?
2. If R is a ring, then we can form the polynomial ring R[X]. Its elements
are the polynomials f(X) = a
0
X
n
+ a
1
X
n1
+ + a
0
with coecients
a
i
R, on which we have the usual addition and multiplication. We write
deg(f) = maxn : a
n
,= 0 if f ,= 0, and set deg(0) := .
If R is an integral domain, then so too is R[X]. Moreover the units of
R[X] are just the units of R.
If I R, then there is a surjective ring homomorphism R[X] (R/I)[X],
aX
n
aX
n
. This has kernel I[X], the set of polynomials, all of whose
coecients lie in I, so giving a ring isomorphism R[X]/I[X]

= (R/I)[X].
3. More generally, if X
i
is a (possibly innite) set of indeterminates, then
R[X
i
] is a ring whose elements are nite R-linear combinations of mono-
mials, where each monomial is a nite product of powers of the X
i
.
102
4. Z, Z[X] and Z[X, Y ] are all unique factorisation domains, but only Z is a
principal ideal domain. For example, (2, X) Z[X] is not principal.
If K is a eld, then K, K[X] and K[X, Y ] are all unique factorisation
domains, but only K and K[X] are principal ideal domains. For example,
(X, Y ) K[X, Y ] is not principal.
5. Z[

2] = a + b

2 : a, b Z is a principal ideal domain, in fact a

Euclidean domain (there is a version of the Euclidean Algorithm). The
only units are 1.
With a little bit more theory one can describe the primes in Z[

2]. If
p Z is an odd prime, then either p 1, 3 mod 8, in which case p is prime
in Z[

2], or else p 5, 7 mod 8, in which case we can solve a

2
+2b
2
= p
and a +b

2 is prime. The only other prime element is

2 itself.
Z[

5] is not a unique factorisation domain, since 1 +

5 is irreducible
but not prime. Can you prove this?
103
Appendix B
Zorns Lemma
This chapter is non-examinable.
A partially ordered set, or poset, (S, ) is a set with a relation satisfying
Reexivity a a for all a.
Antisymmetry a b and b a imply a = b.
Transitivity a b and b c imply a c.
The poset (S, ) is totally ordered if, for all a, b S, either a b or b a.
A maximal element of S is an element a S such that if a b, then a = b.
If (S, ) is a poset, then a chain in S is a non-empty subset which is totally
ordered by . If C S is a subset, then an upper bound for C is an element
a S such that c a for all c C.
Zorns Lemma. Let (S, ) be a non-empty poset in which every chain has an
upper bound. Then S has a maximal element.
Zorns Lemma is logically equivalent in Zermelo-Fraenkel Set Theory to the
Axiom of Choice, which says that if S
i
are sets, then the product

i
S
i
is
non-empty. In other words, we can make an innite number of arbitrary choices.
We often use Zorns Lemma when proving statements for innte sets when we
would have used induction for nite sets.
Typical examples are the following three results, the rst of which uses the
Axiom of Choice; the latter two, Zorns Lemma.
Theorem B.1. Every surjective map between sets has a right inverse.
Proof. Let f : X Y be a surjective map between two sets. A right inverse g
of f is a map g : Y X such that fg = id
Y
. Therefore, to construct g, we need
to choose an element in the bre f
1
(y) X for each element y Y . Thus,
if Y is innite, we need to make an innite number of arbitrary choices, hence
require the Axiom of Choice.
104
Theorem B.2. Every vector space has a basis.
Proof. Let S be the collection of linearly independent subsets of a non-zero
vector space V over a eld K. This is non-empty, since each non-zero vector
is linearly independent. We endow S with the partial order coming from
inclusion.
Let C = B
i
be a chain in S. Then C has an upper bound, namely the union
B =

i
B
i
. For, consider a nite linear relation

j

j
b
j
= 0 with
j
K and
b
j
B. Since there are only nitely many b
j
in this relation, they all lie in
some B
i
, so are linearly independent. Thus
j
= 0 for all j and B is linearly
independent.
Zorns Lemma implies that S has a maximal element B. We claim that B is a
spanning set for V , and thus a basis. For, if not, then there exists some v V
which cannot be written as a nite linear combination of elements of B. Thus
Bv is a linearly independent set, which contradicts the maximality of B.
Theorem B.3. Every proper ideal of a ring is contained in a maximal ideal.
Proof. Let R be a ring. Let S be the set of proper ideals of R, ordered by
inclusion . This is non-empty, since (0) R. Let C = I
i
be a chain in S.
Then I =

i
I
i
is an upper bound for C. We need to check that I is a proper
ideal. It is an ideal, since if x, y I, then x, y I
i
for some i. Hence x + y
and rx for r R are both contained in I
i
I. To see that I is proper, suppose
otherwise. Then we can write 1 =

j
r
j
x
j
as a nite linear combination with
r
j
R and x
j
I. Since there are only nitely many x
j
in this relation, they
all lie in some I
i
. Hence 1 I
i
, a contradiction since I
i
was assumed to be
proper. Hence I R is proper.
Zorns Lemma implies that S has a maximal element I, which is necessarily a
maximal ideal.
One should remark that, although generally assumed to hold, Zorns Lemma,
or equivalently the Axiom of Choice, also yield several paradoxes, for example
the Banach-Tarski Paradox.
For some nice quotations on the Axiom of Choice, visit here.
105