Abstract.algebra 2011 Rosenberger Fine Carstensen

De Gruyter Graduate

Celine CarstensenBenjamin FineGerhard Rosenberger

Abstract AlgebraApplications to Galois Theory,Algebraic Geometry and Cryptography

De Gruyter

Mathematics Subject Classification 2010: Primary: 12-01, 13-01, 16-01, 20-01; Secondary: 01-01,08-01, 11-01, 14-01, 94-01.

This book is Volume 11 of the Sigma Series in Pure Mathematics, Heldermann Verlag.

ISBN 978-3-11-025008-4e-ISBN 978-3-11-025009-1

Library of Congress Cataloging-in-Publication Data

Carstensen, Celine.Abstract algebra : applications to Galois theory, algebraic geo-

metry, and cryptography / by Celine Carstensen, Benjamin Fine,and Gerhard Rosenberger.

p. cm. � (Sigma series in pure mathematics ; 11)Includes bibliographical references and index.ISBN 978-3-11-025008-4 (alk. paper)1. Algebra, Abstract. 2. Galois theory. 3. Geometry, Algebraic.

4. Crytography. I. Fine, Benjamin, 1948� II. Rosenberger, Ger-hard. III. Title.

QA162.C375 20115151.02�dc22

2010038153

Bibliographic information published by the Deutsche Nationalbibliothek

The Deutsche Nationalbibliothek lists this publication in the Deutsche Nationalbibliografie;detailed bibliographic data are available in the Internet at http://dnb.d-nb.de.

” 2011 Walter de Gruyter GmbH & Co. KG, Berlin/New York

Typesetting: Da-TeX Gerd Blumenstein, Leipzig, www.da-tex.dePrinting and binding: AZ Druck und Datentechnik GmbH, Kempten� Printed on acid-free paper

Printed in Germany

www.degruyter.com

Preface

Traditionally, mathematics has been separated into three main areas; algebra, analysisand geometry. Of course there is a great deal of overlap between these areas. Forexample, topology, which is geometric in nature, owes its origins and problems asmuch to analysis as to geometry. Further the basic techniques in studying topologyare predominantly algebraic. In general, algebraic methods and symbolism pervadeall of mathematics and it is essential for anyone learning any advanced mathematicsto be familiar with the concepts and methods in abstract algebra.

This is an introductory text on abstract algebra. It grew out of courses given toadvanced undergraduates and beginning graduate students in the United States andto mathematics students and teachers in Germany. We assume that the students arefamiliar with Calculus and with some linear algebra, primarily matrix algebra and thebasic concepts of vector spaces, bases and dimensions. All other necessary materialis introduced and explained in the book. We assume however that the students havesome, but not a great deal, of mathematical sophistication. Our experience is that thematerial in this can be completed in a full years course. We presented the materialsequentially so that polynomials and field extensions preceded an in depth look atgroup theory. We feel that a student who goes through the material in these notes willattain a solid background in abstract algebra and be able to move on to more advancedtopics.

The centerpiece of these notes is the development of Galois theory and its importantapplications, especially the insolvability of the quintic. After introducing the basic al-gebraic structures, groups, rings and fields, we begin the theory of polynomials andpolynomial equations over fields. We then develop the main ideas of field extensionsand adjoining elements to fields. After this we present the necessary material fromgroup theory needed to complete both the insolvability of the quintic and solvabilityby radicals in general. Hence the middle part of the book, Chapters 9 through 14 areconcerned with group theory including permutation groups, solvable groups, abeliangroups and group actions. Chapter 14 is somewhat off to the side of the main themeof the book. Here we give a brief introduction to free groups, group presentationsand combinatorial group theory. With the group theory material in hand we returnto Galois theory and study general normal and separable extensions and the funda-mental theorem of Galois theory. Using this we present several major applicationsof the theory including solvability by radicals and the insolvability of the quintic, thefundamental theorem of algebra, the construction of regular n-gons and the famousimpossibilities; squaring the circling, doubling the cube and trisecting an angle. We

vi Preface

finish in a slightly different direction giving an introduction to algebraic and groupbased cryptography.

October 2010 Celine CarstensenBenjamin Fine

Gerhard Rosenberger

Contents

Preface v

1 Groups, Rings and Fields 11.1 Abstract Algebra . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.2 Rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.3 Integral Domains and Fields . . . . . . . . . . . . . . . . . . . . . . 41.4 Subrings and Ideals . . . . . . . . . . . . . . . . . . . . . . . . . . . 61.5 Factor Rings and Ring Homomorphisms . . . . . . . . . . . . . . . . 91.6 Fields of Fractions . . . . . . . . . . . . . . . . . . . . . . . . . . . 131.7 Characteristic and Prime Rings . . . . . . . . . . . . . . . . . . . . . 141.8 Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171.9 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

2 Maximal and Prime Ideals 212.1 Maximal and Prime Ideals . . . . . . . . . . . . . . . . . . . . . . . 212.2 Prime Ideals and Integral Domains . . . . . . . . . . . . . . . . . . . 222.3 Maximal Ideals and Fields . . . . . . . . . . . . . . . . . . . . . . . 242.4 The Existence of Maximal Ideals . . . . . . . . . . . . . . . . . . . . 252.5 Principal Ideals and Principal Ideal Domains . . . . . . . . . . . . . . 272.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

3 Prime Elements and Unique Factorization Domains 293.1 The Fundamental Theorem of Arithmetic . . . . . . . . . . . . . . . 293.2 Prime Elements, Units and Irreducibles . . . . . . . . . . . . . . . . 353.3 Unique Factorization Domains . . . . . . . . . . . . . . . . . . . . . 383.4 Principal Ideal Domains and Unique Factorization . . . . . . . . . . . 413.5 Euclidean Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . 453.6 Overview of Integral Domains . . . . . . . . . . . . . . . . . . . . . 513.7 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

4 Polynomials and Polynomial Rings 534.1 Polynomials and Polynomial Rings . . . . . . . . . . . . . . . . . . . 534.2 Polynomial Rings over Fields . . . . . . . . . . . . . . . . . . . . . . 554.3 Polynomial Rings over Integral Domains . . . . . . . . . . . . . . . . 574.4 Polynomial Rings over Unique Factorization Domains . . . . . . . . 584.5 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

viii Contents

5 Field Extensions 665.1 Extension Fields and Finite Extensions . . . . . . . . . . . . . . . . . 665.2 Finite and Algebraic Extensions . . . . . . . . . . . . . . . . . . . . 695.3 Minimal Polynomials and Simple Extensions . . . . . . . . . . . . . 705.4 Algebraic Closures . . . . . . . . . . . . . . . . . . . . . . . . . . . 745.5 Algebraic and Transcendental Numbers . . . . . . . . . . . . . . . . 755.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78

6 Field Extensions and Compass and Straightedge Constructions 806.1 Geometric Constructions . . . . . . . . . . . . . . . . . . . . . . . . 806.2 Constructible Numbers and Field Extensions . . . . . . . . . . . . . . 806.3 Four Classical Construction Problems . . . . . . . . . . . . . . . . . 83

6.3.1 Squaring the Circle . . . . . . . . . . . . . . . . . . . . . . . 836.3.2 The Doubling of the Cube . . . . . . . . . . . . . . . . . . . 836.3.3 The Trisection of an Angle . . . . . . . . . . . . . . . . . . . 836.3.4 Construction of a Regular n-Gon . . . . . . . . . . . . . . . . 84

6.4 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89

7 Kronecker’s Theorem and Algebraic Closures 917.1 Kronecker’s Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . 917.2 Algebraic Closures and Algebraically Closed Fields . . . . . . . . . . 947.3 The Fundamental Theorem of Algebra . . . . . . . . . . . . . . . . . 100

7.3.1 Splitting Fields . . . . . . . . . . . . . . . . . . . . . . . . . 1007.3.2 Permutations and Symmetric Polynomials . . . . . . . . . . . 101

7.4 The Fundamental Theorem of Algebra . . . . . . . . . . . . . . . . . 1057.5 The Fundamental Theorem of Symmetric Polynomials . . . . . . . . 1097.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111

8 Splitting Fields and Normal Extensions 1138.1 Splitting Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1138.2 Normal Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . 1158.3 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118

9 Groups, Subgroups and Examples 1199.1 Groups, Subgroups and Isomorphisms . . . . . . . . . . . . . . . . . 1199.2 Examples of Groups . . . . . . . . . . . . . . . . . . . . . . . . . . 1219.3 Permutation Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . 1259.4 Cosets and Lagrange’s Theorem . . . . . . . . . . . . . . . . . . . . 1289.5 Generators and Cyclic Groups . . . . . . . . . . . . . . . . . . . . . 1339.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139

Contents ix

10 Normal Subgroups, Factor Groups and Direct Products 14110.1 Normal Subgroups and Factor Groups . . . . . . . . . . . . . . . . . 14110.2 The Group Isomorphism Theorems . . . . . . . . . . . . . . . . . . . 14610.3 Direct Products of Groups . . . . . . . . . . . . . . . . . . . . . . . 14910.4 Finite Abelian Groups . . . . . . . . . . . . . . . . . . . . . . . . . . 15110.5 Some Properties of Finite Groups . . . . . . . . . . . . . . . . . . . . 15610.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160

11 Symmetric and Alternating Groups 16111.1 Symmetric Groups and Cycle Decomposition . . . . . . . . . . . . . 16111.2 Parity and the Alternating Groups . . . . . . . . . . . . . . . . . . . 16411.3 Conjugation in Sn . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16711.4 The Simplicity of An . . . . . . . . . . . . . . . . . . . . . . . . . . 16811.5 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170

12 Solvable Groups 17112.1 Solvability and Solvable Groups . . . . . . . . . . . . . . . . . . . . 17112.2 Solvable Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17212.3 The Derived Series . . . . . . . . . . . . . . . . . . . . . . . . . . . 17512.4 Composition Series and the Jordan–Hölder Theorem . . . . . . . . . 17712.5 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179

13 Groups Actions and the Sylow Theorems 18013.1 Group Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18013.2 Conjugacy Classes and the Class Equation . . . . . . . . . . . . . . . 18113.3 The Sylow Theorems . . . . . . . . . . . . . . . . . . . . . . . . . . 18313.4 Some Applications of the Sylow Theorems . . . . . . . . . . . . . . 18713.5 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191

14 Free Groups and Group Presentations 19214.1 Group Presentations and Combinatorial Group Theory . . . . . . . . 19214.2 Free Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19314.3 Group Presentations . . . . . . . . . . . . . . . . . . . . . . . . . . . 198

14.3.1 The Modular Group . . . . . . . . . . . . . . . . . . . . . . 20014.4 Presentations of Subgroups . . . . . . . . . . . . . . . . . . . . . . . 20714.5 Geometric Interpretation . . . . . . . . . . . . . . . . . . . . . . . . 20914.6 Presentations of Factor Groups . . . . . . . . . . . . . . . . . . . . . 21214.7 Group Presentations and Decision Problems . . . . . . . . . . . . . . 21314.8 Group Amalgams: Free Products and Direct Products . . . . . . . . . 21414.9 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216

x Contents

15 Finite Galois Extensions 21715.1 Galois Theory and the Solvability of Polynomial Equations . . . . . . 21715.2 Automorphism Groups of Field Extensions . . . . . . . . . . . . . . 21815.3 Finite Galois Extensions . . . . . . . . . . . . . . . . . . . . . . . . 22015.4 The Fundamental Theorem of Galois Theory . . . . . . . . . . . . . 22115.5 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231

16 Separable Field Extensions 23316.1 Separability of Fields and Polynomials . . . . . . . . . . . . . . . . . 23316.2 Perfect Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23416.3 Finite Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23616.4 Separable Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . 23816.5 Separability and Galois Extensions . . . . . . . . . . . . . . . . . . . 24116.6 The Primitive Element Theorem . . . . . . . . . . . . . . . . . . . . 24516.7 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

17 Applications of Galois Theory 24817.1 Applications of Galois Theory . . . . . . . . . . . . . . . . . . . . . 24817.2 Field Extensions by Radicals . . . . . . . . . . . . . . . . . . . . . . 24817.3 Cyclotomic Extensions . . . . . . . . . . . . . . . . . . . . . . . . . 25217.4 Solvability and Galois Extensions . . . . . . . . . . . . . . . . . . . 25317.5 The Insolvability of the Quintic . . . . . . . . . . . . . . . . . . . . . 25417.6 Constructibility of Regular n-Gons . . . . . . . . . . . . . . . . . . . 25917.7 The Fundamental Theorem of Algebra . . . . . . . . . . . . . . . . . 26117.8 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 263

18 The Theory of Modules 26518.1 Modules Over Rings . . . . . . . . . . . . . . . . . . . . . . . . . . 26518.2 Annihilators and Torsion . . . . . . . . . . . . . . . . . . . . . . . . 27018.3 Direct Products and Direct Sums of Modules . . . . . . . . . . . . . 27118.4 Free Modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27318.5 Modules over Principal Ideal Domains . . . . . . . . . . . . . . . . . 27618.6 The Fundamental Theorem for Finitely Generated Modules . . . . . . 27918.7 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283

19 Finitely Generated Abelian Groups 28519.1 Finite Abelian Groups . . . . . . . . . . . . . . . . . . . . . . . . . . 28519.2 The Fundamental Theorem: p-Primary Components . . . . . . . . . 28619.3 The Fundamental Theorem: Elementary Divisors . . . . . . . . . . . 28819.4 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294

Contents xi

20 Integral and Transcendental Extensions 29520.1 The Ring of Algebraic Integers . . . . . . . . . . . . . . . . . . . . . 29520.2 Integral ring extensions . . . . . . . . . . . . . . . . . . . . . . . . . 29820.3 Transcendental field extensions . . . . . . . . . . . . . . . . . . . . . 30220.4 The transcendence of e and � . . . . . . . . . . . . . . . . . . . . . . 30720.5 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

21 The Hilbert Basis Theorem and the Nullstellensatz 31221.1 Algebraic Geometry . . . . . . . . . . . . . . . . . . . . . . . . . . . 31221.2 Algebraic Varieties and Radicals . . . . . . . . . . . . . . . . . . . . 31221.3 The Hilbert Basis Theorem . . . . . . . . . . . . . . . . . . . . . . . 31421.4 The Hilbert Nullstellensatz . . . . . . . . . . . . . . . . . . . . . . . 31521.5 Applications and Consequences of Hilbert’s Theorems . . . . . . . . 31721.6 Dimensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32021.7 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

22 Algebraic Cryptography 32622.1 Basic Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . 32622.2 Encryption and Number Theory . . . . . . . . . . . . . . . . . . . . 33122.3 Public Key Cryptography . . . . . . . . . . . . . . . . . . . . . . . . 335

22.3.1 The Diffie–Hellman Protocol . . . . . . . . . . . . . . . . . . 33622.3.2 The RSA Algorithm . . . . . . . . . . . . . . . . . . . . . . 33722.3.3 The El-Gamal Protocol . . . . . . . . . . . . . . . . . . . . . 33922.3.4 Elliptic Curves and Elliptic Curve Methods . . . . . . . . . . 341

22.4 Noncommutative Group based Cryptography . . . . . . . . . . . . . 34222.4.1 Free Group Cryptosystems . . . . . . . . . . . . . . . . . . . 345

22.5 Ko–Lee and Anshel–Anshel–Goldfeld Methods . . . . . . . . . . . . 34922.5.1 The Ko–Lee Protocol . . . . . . . . . . . . . . . . . . . . . . 35022.5.2 The Anshel–Anshel–Goldfeld Protocol . . . . . . . . . . . . 350

22.6 Platform Groups and Braid Group Cryptography . . . . . . . . . . . 35122.7 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356

Bibliography 359

Index 363

Chapter 1

Groups, Rings and Fields

1.1 Abstract Algebra

Abstract algebra or modern algebra can be best described as the theory of algebraicstructures. Briefly, an algebraic structure is a set S together with one or more binaryoperations on it satisfying axioms governing the operations. There are many alge-braic structures but the most commonly studied structures are groups, rings, fieldsand vector spaces. Also widely used are modules and algebras. In this first chapterwe will look at some basic preliminaries concerning groups, rings and fields. We willonly briefly touch on groups here, a more extensive treatment will be done later in thebook.

Mathematics traditionally has been subdivided into three main areas – analysis,algebra and geometry. These areas overlap in many places so that it is often difficultto determine whether a topic is one in geometry say or in analysis. Algebra andalgebraic methods permeate all these disciplines and most of mathematics has beenalgebraicized – that is uses the methods and language of algebra. Groups, rings andfields play a major role in the modern study of analysis, topology, geometry and evenapplied mathematics. We will see these connections in examples throughout the book.

Abstract algebra has its origins in two main areas and questions that arose in theseareas – the theory of numbers and the theory of equations. The theory of numbersdeals with the properties of the basic number systems – integers, rationals and realswhile the theory of equations, as the name indicates, deals with solving equations, inparticular polynomial equations. Both are subjects that date back to classical times.A whole section of Euclid’s elements is dedicated to number theory. The foundationsfor the modern study of number theory were laid by Fermat in the 1600s and then byGauss in the 1800s. In an attempt to prove Fermat’s big theorem Gauss introducedthe complex integers a C bi where a and b are integers and showed that this set hasunique factorization. These ideas were extended by Dedekind and Kronecker whodeveloped a wide ranging theory of algebraic number fields and algebraic integers.A large portion of the terminology used in abstract algebra, rings, ideals, factorizationcomes from the study of algebraic number fields. This has evolved into the moderndiscipline of algebraic number theory.

The second origin of modern abstract algebra was the problem of trying to deter-mine a formula for finding the solutions in terms of radicals of a fifth degree poly-nomial. It was proved first by Ruffini in 1800 and then by Abel that it is impossibleto find a formula in terms of radicals for such a solution. Galois in 1820 extended

2 Chapter 1 Groups, Rings and Fields

this and showed that such a formula is impossible for any degree five or greater. Inproving this he laid the groundwork for much of the development of modern abstractalgebra especially field theory and finite group theory. Earlier, in 1800, Gauss provedthe fundamental theorem of algebra which says that any nonconstant complex poly-nomial equation must have a solution. One of the goals of this book is to present acomprehensive treatment of Galois theory and a proof of the results mentioned above.

The locus of real points .x; y/ which satisfy a polynomial equation f .x; y/ D 0 iscalled an algebraic plane curve. Algebraic geometry deals with the study of algebraicplane curves and extensions to loci in a higher number of variables. Algebraic geom-etry is intricately tied to abstract algebra and especially commutative algebra. We willtouch on this in the book also.

Finally linear algebra, although a part of abstract algebra, arose in a somewhatdifferent context. Historically it grew out of the study of solution sets of systems oflinear equations and the study of the geometry of real n-dimensional spaces. It beganto be developed formally in the early 1800s with work of Jordan and Gauss and thenlater in the century by Cayley, Hamilton and Sylvester.

1.2 Rings

The primary motivating examples for algebraic structures are the basic number sys-tems; the integers Z, the rational numbers Q, the real numbers R and the complexnumbers C. Each of these has two basic operations, addition and multiplication andform what is called a ring. We formally define this.

Definition 1.2.1. A ring is a set R with two binary operations defined on it, addition,denoted by C, and multiplication, denoted by � , or just by juxtaposition, satisfyingthe following six axioms:

(1) Addition is commutative: aC b D b C a for each pair a; b in R.

(2) Addition is associative: aC .b C c/ D .aC b/C c for a; b; c 2 R.

(3) There exists an additive identity, denoted by 0, such that a C 0 D a for eacha 2 R.

(4) For each a 2 R there exists an additive inverse, denoted by �a, such that a C.�a/ D 0.

(5) Multiplication is associative: a.bc/ D .ab/c for a; b; c 2 R.

(6) Multiplication is left and right distributive over addition: a.b C c/ D ab C ac

and .b C c/a D baC ca for a; b; c 2 R.

Section 1.2 Rings 3

If in addition

(7) Multiplication is commutative: ab D ba for each pair a; b in R.

then R is a commutative ring.Further if

(8) There exists a multiplicative identity denoted by 1 such that a � 1 D a and 1 � a Da for each a in R.

then R is a ring with identity.If R satisfies (1) through (8) then R is a commutative ring with an identity.A set G with one operation, C, on it satisfying axioms (1) through (4) is called an

abelian group. We will discuss these further later in the chapter.The numbers systems Z;Q;R;C are all commutative rings with identity.A ring R with only one element is called trivial. A ring R with identity is trivial if

and only if 0 D 1.A finite ring is a ring R with only finitely many elements in it. Otherwise R is

an infinite ring. Z;Q;R;C are all infinite rings. Examples of finite rings are givenby the integers modulo n, Zn, with n > 1. The ring Zn consists of the elements0; 1; 2; : : : ; n�1with addition and multiplication done modulo n. That is, for example4 � 3 D 12 D 2 modulo 5. Hence in Z5 we have 4 � 3 D 2. The rings Zn are all finitecommutative rings with identity.

To give examples of rings without an identity consider the set nZ D ¹nz W z 2Zº consisting of all multiples of the fixed integer n. It is an easy verification (seeexercises) that this forms a ring under the same addition and multiplication as in Zbut that there is no identity for multiplication. Hence for each n 2 Z with n > 1 weget an infinite commutative ring without an identity.

To obtain examples of noncommutative rings we consider matrices. Let M2.Z/ bethe set of 2 � 2 matrices with integral entries. Addition of matrices is done compo-nentwise, that is

�

a1 b1

c1 d1

�

C�

a2 b2

c2 d2

�

D�

a1 C a2 b1 C b2

c1 C c2 d1 C d2

�

while multiplication is matrix multiplication

�

a1 b1

c1 d1

�

��

a2 b2

c2 d2

�

D�

a1a2 C b1c2 a1b2 C b1d2

c1a2 C d1c2 c1b2 C d1d2

�

:

Then again it is an easy verification (see exercises) that M2.Z/ forms a ring. Fur-ther since matrix multiplication is noncommutative this forms a noncommutative ring.However the identity matrix does form a multiplicative identity for it. M2.nZ/ withn > 1 provides an example of an infinite noncommutative ring without an identity.

Finally M2.Zn/ for n > 1 will give an example of a finite noncommutative ring.


1.3 Integral Domains and Fields

Our basic number systems have the property that if ab D 0 then either a D 0 or b D 0.However this is not necessarily true in the modular rings. For example 2 � 3 D 0 in Z6.

Definition 1.3.1. A zero divisor in a ring R is an element a 2 R with a ¤ 0 suchthat there exists an element b ¤ 0 with ab D 0. A commutative ring with an identity1 ¤ 0 and with no zero divisors is called an integral domain. Notice that having nozero divisors is equivalent to the fact that if ab D 0 in R then either a D 0 or b D 0.

Hence Z;Q;R;C are all integral domains but from the example above Z6 is not.In general we have the following.

Theorem 1.3.2. Zn is an integral domain if and only if n is a prime.

Proof. First of all notice that under multiplication modulo n an element m is 0 if andonly if n divides m. We will make this precise shortly. Recall further Euclid’s lemmawhich says that if a prime p divides a product ab then p divides a or p divides b.

Now suppose that n is a prime and ab D 0 in Zn. Then n divides ab. From Euclid’slemma it follows that n divides a or n divides b. In the first case a D 0 in Zn whilein the second b D 0 in Zn. It follows that there are no zero divisors in Zn and sinceZn is a commutative ring with an identity it is an integral domain.

Conversely suppose Zn is an integral domain. Suppose that n is not prime. Thenn D ab with 1 < a < n, 1 < b < n. It follows that ab D 0 in Zn with neither a norb being zero. Therefore they are zero divisors which is a contradiction. Hence n mustbe prime.

In Q every nonzero element has a multiplicative inverse. This is not true in Z whereonly the elements �1; 1 have multiplicative inverses within Z.

Definition 1.3.3. A unit in a ring R with identity is an element a which has a multi-plicative inverse, that is an element b such that ab D ba D 1. If a is a unit in R wedenote its inverse by a�1.

Hence every nonzero element of Q and of R and of C is a unit but in Z the onlyunits are ˙1. InM2.R/ the units are precisely those matrices that have nonzero deter-minant while inM2.Z/ the units are those integral matrices that have determinant ˙1.

Definition 1.3.4. A field F is a commutative ring with an identity 1 ¤ 0 where everynonzero element is a unit.

The rationals Q, the reals R and the complexes C are all fields. If we relax the com-mutativity requirement and just require that in the ring R with identity each nonzeroelement is a unit then we get a skew field or division ring.

Section 1.3 Integral Domains and Fields 5

Lemma 1.3.5. If F is a field then F is an integral domain.

Proof. Since a field F is already a commutative ring with an identity we must onlyshow that there are no zero divisors in F .

Suppose that ab D 0 with a ¤ 0. Since F is a field and a is nonzero it has aninverse a�1. Hence

a�1.ab/ D a�10 D 0 H) .a�1a/b D 0 H) b D 0:

Therefore F has no zero divisors and must be an integral domain.

Recall that Zn was an integral domain only when n was a prime. This turns out toalso be necessary and sufficient for Zn to be a field.

Theorem 1.3.6. Zn is a field if and only if n is a prime.

Proof. First suppose that Zn is a field. Then from Lemma 1.3.5 it is an integraldomain, so from Theorem 1.3.2 n must be a prime.

Conversely suppose that n is a prime. We must show that Zn is a field. Since wealready know that Zn is an integral domain we must only show that each nonzeroelement of Zn is a unit. Here we need some elementary facts from number theory. Ifa; b are integers we use the notation ajb to indicate that a divides b.

Recall that given nonzero integers a; b their greatest common divisor or GCD d >0is a positive integer which is a common divisor, that is d ja and d jb, and if d1 is anyother common divisor then d1jd . We denote the greatest common divisor of a; b byeither gcd.a; b/ or .a; b/. It can be proved that given nonzero integers a; b their GCDexists, is unique and can be characterized as the least positive linear combination ofa and b. If the GCD of a and b is 1 then we say that a and b are relatively prime orcoprime. This is equivalent to being able to express 1 as a linear combination of aand b.

Now let a 2 Zn with n prime and a ¤ 0. Since a ¤ 0 we have that n does notdivide a. Since n is prime it follows that a and nmust be relatively prime, .a; n/ D 1.From the number theoretic remarks above we then have that there exist x; y with

ax C ny D 1:

However in Zn the element ny D 0 and so in Zn we have

ax D 1:


Therefore a has a multiplicative inverse in Zn and is hence a unit. Since a was anarbitrary nonzero element we conclude that Zn is a field.

The theorem above is actually a special case of a more general result from whichTheorem 1.3.6 could also be obtained.

Theorem 1.3.7. Each finite integral domain is a field.

Proof. Let F be a finite integral domain. We must show that F is a field. It is clearlysufficient to show that each nonzero element of F is a unit. Let

¹0; 1; r1; : : : ; rnº

be the elements of F . Let ri be a fixed nonzero element and multiply each element ofF by ri on the left. Now

if rirj D rirk then ri .rj � rk/ D 0:

Since ri ¤ 0 it follows that rj � rk D 0 or rj D rk . Therefore all the products rirjare distinct. Hence

R D ¹0; 1; r1; : : : ; rnº D riR D ¹0; ri ; rir1; : : : ; rirnº:

Hence the identity element 1 must be in the right-hand list, that is there is an rj suchthat rirj D 1. Therefore ri has a multiplicative inverse and is hence a unit. ThereforeF is a field.

1.4 Subrings and Ideals

A very important concept in algebra is that of a substructure that is a subset havingthe same structure as the superset.

Definition 1.4.1. A subring of a ring R is a nonempty subset S that is also a ringunder the same operations as R. If R is a field and S also a field then its a subfield.

If S � R then S satisfies the same basic axioms, associativity and commutativityof addition for example. Therefore S will be a subring if it is nonempty and closedunder the operations, that is closed under addition, multiplication and taking additiveinverses.

Lemma 1.4.2. A subset S of a ring R is a subring if and only if S is nonempty andwhenever a; b 2 S we have aC b 2 S , a � b 2 S and ab 2 S .

Section 1.4 Subrings and Ideals 7

Example 1.4.3. Show that if n > 1 the set nZ is a subring of Z. Here clearly nZ isnonempty. Suppose a D nz1; b D nz2 are two element of nZ. Then

aC b D nz1 C nz2 D n.z1 C z2/ 2 nZ

a � b D nz1 � nz2 D n.z1 � z2/ 2 nZ

ab D nz1 �nz2 D n.nz1z2/ 2 nZ:

Therefore nZ is a subring.

Example 1.4.4. Show that the set of real numbers of the form

S D ¹uC vp2 W u; v 2 Qº

is a subring of R.Here 1C p

2 2 S , so S is nonempty. Suppose a D u1 C v1

p2, b D u2 C v2

p2

are two element of S . Then

aC b D .u1 C v1

p2/C .u2 C v2

p2/ D u1 C u2 C .v1 C v2/

p2 2 S

a � b D .u1 C v1

p2/ � .u2 C v2

p2/ D u1 � u2 C .v1 � v2/

p2 2 S

a � b D .u1 C v1

p2/ � .u2 C v2

p2/ D .u1u2 C 2v1v2/C .u1v2 C v1u2/

p22S:

Therefore S is a subring.

We will see this example later as an algebraic number field.In the following we are especially interested in special types of subrings called

ideals.

Definition 1.4.5. Let R be a ring and I � R. Then I is a (two-sided) ideal if thefollowing properties holds:

(1) I is nonempty.

(2) If a; b 2 I then a˙ b 2 I .

(3) If a 2 I and r is any element of R then ra 2 I and ar 2 I .

We denote the fact that I forms an ideal in R by I GR.

Notice that if a; b 2 I , then from (3) we have ab 2 I and ba 2 I . Hence I forms asubring, that is each ideal is also a subring. ¹0º and the whole ring R are trivial idealsof R.

If we assume that in (3) only ra 2 I then I is called a left ideal. Analogously wedefine a right ideal.


Lemma 1.4.6. Let R be a commutative ring and a 2 R. Then the set

hai D aR D ¹ar W r 2 Rºis an ideal of R.

This ideal is called the principal ideal generated by a.

Proof. We must verify the three properties of the definition. Since a 2 R we havethat aR is nonempty. If u D ar1; v D ar2 are two elements of aR then

u˙ v D ar1 ˙ ar2 D a.r1 ˙ r2/ 2 aRso (2) is satisfied.

Finally let u D ar1 2 aR and r 2 R. Then

ru D rar1 D a.rr1/ 2 aR and ur D ar1r D a.r1r/ 2 aR:Recall that a 2 hai if R has an identity.Notice that if n 2 Z then the principal ideal generated by n is precisely the ring

nZ, that we have already examined. Hence for each n > 1 the subring nZ is actuallyan ideal. We can show more.

Theorem 1.4.7. Any subring of Z is of the form nZ for some n. Hence each subringof Z is actually a principal ideal.

Proof. Let S be a subring of Z. If S D ¹0º then S D 0Z so we may assume thatS has nonzero elements. Since S is a subring if it has nonzero elements it must havepositive elements (since it has the additive inverse of any element in it).

Let SC be the set of positive elements in S . From the remarks above this is anonempty set and so there must be a least positive element n. We claim that S D nZ.

Let m be a positive element in S . By the division algorithm

m D qnC r;

where either r D 0 or 0 < r < n. Suppose that r ¤ 0. Then

r D m � qn:Now m 2 S and n 2 S . Since S is a subring it is closed under addition so thatqn 2 S . But S is a subring so m � qn 2 S . It follows that r 2 S . But this isa contradiction since n was the least positive element in S . Therefore r D 0 andm D qn. Hence each positive element in S is a multiple of n.

Now let m be a negative element of S . Then �m 2 S and �m is positive. Hence�m D qn and thus m D .�q/n. Therefore every element of S is a multiple of n andso S D nZ.

It follows that every subring of Z is of this form and therefore every subring of Zis an ideal.

Section 1.5 Factor Rings and Ring Homomorphisms 9

We mention that this is true in Z but not always true. For example Z is a subring ofQ but not an ideal.

An extension of the proof of Lemma 1.4.2 gives the following. We leave the proofas an exercise.

Lemma 1.4.8. Let R be a commutative ring and a1; : : : ; an 2 R be a finite set ofelements in R. Then the set

ha1; : : : ; ani D ¹r1a1 C r2a2 C � � � C rnan W ri 2 Rº

is an ideal of R.

This ideal is called the ideal generated by a1; : : : ; an.Recall that a1; : : : ; an are in ha1; : : : ; ani if R has an identity.

Theorem 1.4.9. Let R be a commutative ring with an identity 1 ¤ 0. Then R is afield if and only if the only ideals in R are ¹0º and R.

Proof. Suppose that R is a field and I C R is an ideal. We must show that eitherI D ¹0º or I D R. Suppose that I ¤ ¹0º then we must show that I D R.

Since I ¤ ¹0º there exists an element a 2 I with a ¤ 0. Since R is a field thiselement a has an inverse a�1. Since I is an ideal it follows that a�1a D 1 2 I . Letr 2 R then, since 1 2 I , we have r � 1 D r 2 I . Hence R � I and hence R D I .

Conversely suppose thatR is a commutative ring with an identity whose only idealsare ¹0º and R. We must show that R is a field or equivalently that every nonzeroelement of R has a multiplicative inverse.

Let a 2 R with a ¤ 0. Since R is a commutative ring and a ¤ 0, the principalideal aR is a nontrivial ideal in R. Hence aR D R. Therefore the multiplicativeidentity 1 2 aR. It follows that there exists an r 2 R with ar D 1. Hence a has amultiplicative inverse and R must be a field.

1.5 Factor Rings and Ring Homomorphisms

Given an ideal I in a ring R we can build a new ring called the factor ring or quotientring of R modulo I . The special condition on the subring I that rI � I and I r � I

for all r 2 R, that makes it an ideal, is specifically to allow this construction to be aring.

Definition 1.5.1. Let I be an ideal in a ring R. Then a coset of I is a subset of R ofthe form

r C I D ¹r C i W i 2 I ºwith r a fixed element of R.


Lemma 1.5.2. Let I be an ideal in a ring R. Then the cosets of I partition R, that isany two cosets are either coincide or disjoint.

We leave the proof to the exercises.Now on the set of all cosets of an ideal we will build a new ring.

Theorem 1.5.3. Let I be an ideal in a ring R. Let R=I be the set of all cosets of Iin R, that is

R=I D ¹r C I W r 2 Rº:We define addition and multiplication on R=I in the following manner:

.r1 C I /C .r2 C I / D .r1 C r2/C I

.r1 C I / � .r2 C I / D .r1 � r2/C I:

Then R=I forms a ring called the factor ring of R modulo I . The zero element ofR=I is 0C I and the additive inverse of r C I is �r C I .

Further if R is commutative then R=I is commutative and if R has an identity thenR=I has an identity 1C I .

Proof. The proofs that R=I satisfies the ring axioms under the definitions above isstraightforward. For example

.r1 C I /C .r2 C I / D .r1 C r2/C I D .r2 C r1/C I D .r2 C I /C .r1 C I /

and so addition is commutative.What must be shown is that both addition and multiplication are well-defined. That

is, ifr1 C I D r 01 C I and r2 C I D r 02 C I

then.r1 C I /C .r2 C I / D .r 01 C I /C .r 02 C I /

and.r1 C I / � .r2 C I / D .r 01 C I / � .r 02 C I /:

Now if r1 C I D r 01 C I then r1 2 r 01 C I and so r1 D r 01 C i1 for some i1 2 I .Similarly if r2 C I D r 02 C I then r2 2 r 02 C I and so r2 D r 02 C i2 for some i2 2 I .Then

.r1 C I /C .r2 C I / D .r 01 C i1 C I /C .r 02 C i2 C I / D .r 01 C I /C .r 02 C I /

since i1 C I D I and i2 C I D I . Similarly

.r1 C I / � .r2 C I / D .r 01 C i1 C I / � .r 02 C i2 C I /

D r 01 � r 02 C r 01i2 C r 02i1 C r 01I C r 02I C I � ID .r 01 � r 02/C I

since all the other products are in the ideal I .

Section 1.5 Factor Rings and Ring Homomorphisms 11

This shows that addition and multiplication are well-defined. It also shows why theideal property is necessary.

As an example let R be the integers Z. As we have seen each subring is an idealand of the form nZ for some natural number n. The factor ring Z=nZ is called theresidue class ring modulo n denoted Zn. Notice that we can take as cosets

0C nZ; 1C nZ; : : : ; .n � 1/C nZ:

Addition and multiplication of cosets is then just addition and multiplication mod-ulo n, as we can see, that this is just a formalization of the ring Zn, that we havealready looked at. Recall that Zn is an integral domain if and only if n is prime andZn is a field for precisely the same n. If n D 0 then Z=nZ is the same as Z.

We now show that ideals and factor rings are closely related to certain mappingsbetween rings.

Definition 1.5.4. Let R and S be rings. Then a mapping f W R ! S is a ringhomomorphism if

f .r1 C r2/ D f .r1/C f .r2/ for any r1; r2 2 Rf .r1 � r2/ D f .r1/ � f .r2/ for any r1; r2 2 R:

In addition,

(1) f is an epimorphism if it is surjective.

(2) f is an monomorphism if it is injective.

(3) f is an isomorphism if it is bijective, that is both surjective and injective. In thiscase R and S are said to be isomorphic rings which we denote by R Š S .

(4) f is an endomorphism if R D S , that is a ring homomorphism from a ring toitself.

(5) f is an automorphism if R D S and f is an isomorphism.

Lemma 1.5.5. Let R and S be rings and let f W R ! S be a ring homomorphism.Then

(1) f .0/ D 0 where the first 0 is the zero element of R and the second is the zeroelement of S .

(2) f .�r/ D �f .r/ for any r 2 R.

Proof. We obtain f .0/ D 0 from the equation f .0/ D f .0 C 0/ D f .0/ C f .0/.Hence 0 D f .0/ D f .r � r/ D f .r C .�r// D f .r/ C f .�r/, that is f .�r/ D�f .r/.


Definition 1.5.6. Let R and S be rings and let f W R ! S be a ring homomorphism.Then the kernel of f is

ker.f / D ¹r 2 R W f .r/ D 0º:The image of f , denoted im.f /, is the range of f within S . That is

im.f / D ¹s 2 S W there exists r 2 R with f .r/ D sº:

Theorem 1.5.7 (ring isomorphism theorem). Let R and S be rings and let

f W R ! S

be a ring homomorphism. Then

(1) ker.f / is an ideal in R, im.f / is a subring of S and

R= ker.f / Š im.f /:

(2) Conversely suppose that I is an ideal in a ring R. Then the map f W R ! R=I

given by f .r/ D r C I for r 2 R is a ring homomorphism whose kernel is Iand whose image is R=I .

The theorem says that the concepts of ideal of a ring and kernel of a ring homo-morphism coincide, that is each ideal is the kernel of a homomorphism and the kernelof each ring homomorphism is an ideal.

Proof. Let f W R ! S be a ring homomorphism and let I D ker.f /. We showfirst that I is an ideal. If r1; r2 2 I then f .r1/ D f .r2/ D 0. It follows from thehomomorphism property that

f .r1 ˙ r2/ D f .r1/˙ f .r2/ D 0C 0 D 0

f .r1 � r2/ D f .r1/ � f .r2/ D 0 � 0 D 0:

Therefore I is a subring.Now let i 2 I and r 2 R. Then

f .r � i/ D f .r/ � f .i/ D f .r/ � 0 D 0 and f .i � r/ D f .i/ �f .r/ D 0 �f .r/ D 0

and hence I is an ideal.Consider the factor ring R=I . Let f � W R=I ! im.f / by f �.r C I / D f .r/. We

show that f � is an isomorphism.First we show that it is well-defined. Suppose that r1 C I D r2 C I then r1 � r2 2

I D ker.f /. It follows that f .r1 � r2/ D 0 so f .r1/ D f .r2/. Hence f �.r1 C I / Df �.r2 C I / and the map f � is well-defined.

Section 1.6 Fields of Fractions 13

Now

f �..r1 C I /C .r2 C I // D f �..r1 C r2/C I / D f .r1 C r2/

D f .r1/C f .r2/ D f �.r1 C I /C f �.r2 C I /

and

f �..r1 C I / � .r2 C I // D f �..r1 � r2/C I / D f .r1 � r2/D f .r1/ �f .r2/ D f �.r1 C I / � f �.r2 C I /:

Hence f � is a homomorphism. We must now show that it is injective and surjective.Suppose that f �.r1 CI / D f �.r2 CI /. Then f .r1/ D f .r2/ so that f .r1 �r2/ D

0. Hence r1 � r2 2 ker.f / D I . Therefore r1 2 r2 C I and thus r1 C I D r2 C I

and the map f � is injective.Finally let s 2 im.f /. Then there exists and r 2 R such that f .r/ D s. Then

f �.r C I / D s and the map f � is surjective and hence an isomorphism. This provesthe first part of the theorem.

To prove the second part let I be an ideal in R and R=I the factor ring. Considerthe map f W R ! R=I given by f .r/ D r C I . From the definition of addition andmultiplication in the factor ringR=I it is clear that this is a homomorphism. Considerthe kernel of f . If r 2 ker.f / then f .r/ D r C I D 0 D 0 C I . This impliesthat r 2 I and hence the kernel of this map is exactly the ideal I completing thetheorem.

Theorem 1.5.7 is called the ring isomorphism theorem or the first ring isomorphismtheorem. We mention that there is an analogous theorem for each algebraic structure.In particular for groups and vector spaces. We will mention the result for groups inSection 1.8.

1.6 Fields of Fractions

The integers are an integral domain and the rationals Q are a field that contains theintegers. First we show that Q is the smallest field containing Z.

Theorem 1.6.1. The rationals Q are the smallest field containing the integers Z. Thatis if Z � F � Q with F a subfield of Q then F D Q.

Proof. Since Z � F we have m; n 2 F for any two integers m; n. Since F is asubfield, it is closed under taking division, that is taking multiplicative inverses andhence the fraction m

n2 F . Since each element of Q is such a fraction it follows that

Q � F . Since F � Q it follows that F D Q.


Notice that to construct the rationals from the integers we form all the fractionsmn

with n ¤ 0 and where m1

n1D m2

n2if m1n2 D n1m2. We then do the standard

operations on fractions. If we start with any integral domain D we can mimic thisconstruction to build a field of fractions fromD that is the smallest field containingD.

Theorem 1.6.2. Let D be an integral domain. Then there is a field F containing D,called the field of fractions for D, such that each element of F is a fraction from D,that is an element of the form d1d

�12 with d1; d2 2 D. Further F is unique up to

isomorphism and is the smallest field containing D.

Proof. The proof is just the mimicking of the construction of the rationals from theintegers. Let

F ? D ¹.d1; d2/ W d1; d2 ¤ 0; d1; d2 2 Dº:Define on F ? the equivalence relation

.d1; d2/ D .d 01; d 02/ if d1d02 D d2d

01:

Let F be the set of equivalence classes and define addition and multiplication in theusual manner as for fractions where the result is the equivalence class.

.d1; d2/C .d3; d4/ D .d1d4 C d2d3; d2d4/

.d1; d2/ � .d3; d4/ D .d1d3; d2d4/:

It is now straightforward to verify the ring axioms for F . The inverse of .d1; 1/ is.1; d1/ for d1 ¤ 0 in D.

As with Z we identify the elements of F as fractions d1

d2.

The proof that F is the smallest field containingD is the same as for Q from Z.

As examples we have that Q is the field of fractions for Z. A familiar but lesscommon example is the following.

Let RŒx� be the set of polynomials over the real numbers R. It can be shown thatRŒx� forms an integral domain. The field of fractions consists of all formal functionsf .x/g.x/

where f .x/; g.x/ are real polynomials with g.x/ ¤ 0. The corresponding fieldof fractions is called the field of rational functions over R and is denoted R.x/.

1.7 Characteristic and Prime Rings

We saw in the last section that Q is the smallest field containing the integers. Sinceany subfield of Q must contain the identity, it follows that any nontrivial subfield ofQ must contain the integers and hence be all of Q. Therefore Q has no nontrivialsubfields. We say that Q is a prime field.

Section 1.7 Characteristic and Prime Rings 15

Definition 1.7.1. A field F is a prime field if F contains no nontrivial subfields.

Lemma 1.7.2. Let K be any field. Then K contains a prime field F as a subfield.

Proof. LetK1; K2 be subfields ofK. If k1; k2 2 K1\K2 then k1˙k2 2 K1 sinceK1

is a subfield and k1 ˙ k2 2 K2 sinceK2 is a subfield. Therefore k1 ˙ k2 2 K1 \K2.Similarly k1k

�12 2 K1 \K2. It follows that K1 \K2 is again a subfield.

Now let F be the intersection of all subfields of K. From the argument above F isa subfield and the only nontrivial subfield of F is itself. Hence F is a prime field.

Definition 1.7.3. Let R be a commutative ring with an identity 1 ¤ 0. The smallestpositive integer n such that n � 1 D 1 C 1 C � � � C 1 D 0 is called the characteristicof R. If there is no such n, then R has characteristic 0. We denote the characteristicby char.R/.

Notice first that the characteristic of Z;Q;R are all zero. Further the characteristicof Zn is n.

Theorem 1.7.4. Let R be an integral domain. Then the characteristic of R is either0 or a prime. In particular the characteristic of a field is zero or a prime.

Proof. Suppose that R is an integral domain and char.R/ D n ¤ 0. Suppose thatn D mk with 1 < m < n, 1 < k < n. Then n � 1 D 0 D .m � 1/.k � 1/. SinceR is an integral domain we have no zero divisors and hence m � 1 D 0 or k � 1 D 0.However this is a contradiction since n is the least positive integer such that n � 1 D 0.Therefore n must be a prime.

We have seen that every field contains a prime field. We extend this.

Definition 1.7.5. A commutative ring R with an identity 1 ¤ 0 is a prime ring if theonly subring containing the identity is the whole ring.

Clearly both the integers Z and the modular integers Zn are prime rings. In fact upto isomorphism they are the only prime rings.

Theorem 1.7.6. Let R be a prime ring. If char.R/ D 0 then R Š Z, while ifchar.R/ D n > 0 then R Š Zn.

Proof. Suppose that char.R/ D 0. Let S D ¹r D m � 1 W r 2 R;m 2 Zº. Then S isa subring of R containing the identity (see the exercises) and hence S D R. Howeverthe mapm � 1 ! m gives an isomorphism from S to Z. It follows thatR is isomorphicto Z.

If char.R/ D n > 0 the proof is identical. Since n � 1 D 0 the subring S of Rdefined above is all of R and isomorphic to Zn.


Theorem 1.7.6 can be extended to fields with Q taking the place of Z and Zp, withp a prime, taking the place of Zn.

Theorem 1.7.7. Let K be a prime field. If K has characteristic 0 then K Š Q whileif K has characteristic p then K Š Zp.

Proof. The proof is identical to that of Theorem 1.7.6; however we consider the small-est subfield K1 of K containing S .

We mention that there can be infinite fields of characteristic p. Consider for ex-ample the field of fractions of the polynomial ring ZpŒx�. This is the field of rationalfunctions with coefficients in Zp.

We give a theorem on fields of characteristic p that will be important much laterwhen we look at Galois theory.

Theorem 1.7.8. Let K be a field of characteristic p. Then the mapping � W K ! K

given by �.k/ D kp is an injective endomorphism of K. In particular .a C b/p Dap C bp for any a; b 2 K.

This mapping is called the Frobenius homomorphism of K.Further if K is finite, � is an automorphism.

Proof. We first show that � is a homomorphism. Now

�.ab/ D .ab/p D apbp D �.a/�.b/:

We need a little more work for addition.

�.aC b/ D .aC b/p DpX

iD0

p

i

!

aibp�i D ap Cp�1X

iD1

p

i

!

aibp�i C bp

by the binomial expansion which holds in any commutative ring. However

p

i

!

D p.p1/ � � � .p � i C 1/

i � .i � 1/ � � � 1and it is clear that pj�p

i

�

for 1 � i � p � 1. Hence in K we have�

pi

� � 1 D 0 and sowe have

�.aC b/ D .aC b/p D ap C bp D �.a/C �.b/:

Therefore � is a homomorphism.Further � is always injective. To see this suppose that �.x/ D �.y/. Then

�.x � y/ D 0 H) .x � y/p D 0:

But K is a field so there are no zero divisors so we must have x � y D 0 or x D y.IfK is finite and � is injective it must also be surjective and hence an automorphism

of K.

Section 1.8 Groups 17

1.8 Groups

We close this first chapter by introducing some basic definitions and results fromgroup theory, that mirror the results, that were presented for rings and fields. We willlook at group theory in more detail later in the book. Proofs will be given at that point.

Definition 1.8.1. A group G is a set with one binary operation (which we will denoteby multiplication) such that

(1) The operation is associative.

(2) There exists an identity for this operation.

(3) Each g 2 G has an inverse for this operation.

If, in addition, the operation is commutative, the groupG is called an abelian group.The order of G is the number of elements in G, denoted by jGj. If jGj < 1; G is afinite group otherwise G is an infinite group.

Groups most often arise from invertible mappings of a set onto itself. Such map-pings are called permutations.

Theorem 1.8.2. The group of all permutations on a set A forms a group called thesymmetric group on A which we denote by SA. If A has more than 2 elements then SA

is nonabelian.

Definition 1.8.3. Let G1 and G2 be groups. Then a mapping f W G1 ! G2 is a(group) homomorphism if

f .g1g2/ D f .g1/f .g2/ for any g1; g2 2 G1:

As with rings we have further

(1) f is an epimorphism if it is surjective.

(2) f is an monomorphism if it is injective.

(3) f is an isomorphism if it is bijective, that is both surjective and injective. Inthis case G1 and G2 are said to be isomorphic groups, which we denote byG1 Š G2.

(4) f is an endomorphism if G1 D G2, that is a homomorphism from a group toitself.

(5) f is an automorphism if G1 D G2 and f is an isomorphism.


Lemma 1.8.4. Let G1 and G2 be groups and let f W G1 ! G2 be a homomorphism.Then

(a) f .1/ D 1 where the first 1 is the identity element of G1 and the second is theidentity element of G2.

(b) f .g�1/ D .f .g//�1 for any g 2 G1.

If A is a set, jAj denotes the size of A.

Theorem 1.8.5. If A1 and A2 are sets with jA1j D jA2j then SA1Š SA2

. If jAj D n

with n finite we call SA the symmetric group on n elements which we denote by Sn.Further we have jSnj D nŠ.

Subgroups are defined in an analogous manner to subrings. Special types of sub-groups called normal subgroups take the place in group theory that ideals play in ringtheory.

Definition 1.8.6. A subset H of a group G is a subgroup if H ¤ ; and H forms agroup under the same operation as G. Equivalently, H is a subgroup if H ¤ ; andH is closed under the operation and inverses.

Definition 1.8.7. If H is a subgroup of a group G, then a left coset of H is a subsetof G of the form gH D ¹gh W h 2 H º. A right coset of H is a subset of G of theform Hg D ¹hg W h 2 H º.

As with rings the cosets of a subgroup partition a group. We call the number ofright cosets of a subgroup H in a group G then index of H in G, denoted jG W H j.One can prove that the number of right cosets is equal to the number of left cosets.For finite groups we have the following beautiful result called Lagrange’s theorem.

Theorem 1.8.8 (Lagrange’s theorem). Let G be a finite group and H a subgroup.Then the order of H divides the order of G. In particular

jGj D jH jjG W H j:

Normal subgroups take the place of ideals in group theory.

Definition 1.8.9. A subgroupH of a groupG is a normal subgroup, denotedHCG,if every left coset of H is also a right coset, that is gH D Hg for each g 2 G. Notethat this does not say that g and H commute elementwise, just that the subsets gHand Hg are the same. Equivalently H is normal if g�1Hg D H for any g 2 G.

Normal subgroups allow us to construct factor groups just as ideals allowed us toconstruct factor rings.

Section 1.9 Exercises 19

Theorem 1.8.10. Let H be a normal subgroup of a group G. Let G=H be the set ofall cosets of H in G, that is

G=H D ¹gH W g 2 Gº:We define multiplication on G=H in the following manner

.g1H/.g2H/ D g1g2H:

ThenG=H forms a group called the factor group or quotient group ofG moduloH .The identity element of G=H is 1H and the inverse of gH is g�1H .

Further if G is abelian then G=H is also abelian.

Finally as with rings normal subgroups, factor groups are closely tied to homo-morphisms.

Definition 1.8.11. Let G1 and G2 be groups and let f W G1 ! G2 be a homomorph-ism. Then the kernel of f , denoted ker.f /, is

ker.f / D ¹g 2 G1 W f .g/ D 1º:The image of f , denoted im.f /, is the range of f within G2. That is

im.f / D ¹h 2 G2 W there exists g 2 G1 with f .g/ D hº:

Theorem 1.8.12 (group isomorphism theorem). Let G1 and G2 be groups and letf W G1 ! G2 be a homomorphism. Then

(1) ker.f / is a normal subgroup in G1. im.f / is a subgroup of G2 and

G1= ker.f / Š im.f /:

(2) Conversely suppose that H is a normal subgroup of a group G. Then the mapf W G ! G=H given by f .g/ D gH for g 2 G is a homomorphism whosekernel is H and whose image is G=H .

1.9 Exercises

1. Let � W K ! R be a homomorphism from a field K to a ring R. Show: Either�.a/ D 0 for all a 2 K or � is a monomorphism.

2. LetR be a ring andM ¤ ; an arbitrary set. Show that the following are equivalent:

(i) The ring of all mappings from M to R is a field.

(ii) M contains only one element and R is a field.


3. Let � be a set of prime numbers. Define

Q� D²

a

bW all prime divisors of b are in �

³

:

(i) Show that Q� is a subring of Q.

(ii) Let R be a subring of Q and let ab

2 R with coprime integers a; b. Show that1b

2 R.

(iii) Determine all subrings R of Q. (Hint: Consider the set of all prime divisorsof denominators of reduced elements of R.)

4. Prove Lemma 1.5.2.

5. Let R be a commutative ring with an identity 1 2 R. Let A, B and C be idealsin R. A C B WD ¹a C b W a 2 A; b 2 Bº and AB WD .¹ab W a 2 A; b 2 Bº/.Show:

(i) A C B GR, A C B D .A [ B/

(ii) AB D ¹a1b1 C � � � C anbn W n 2 N; ai 2 A; bi 2 Bº, AB � A \ B

(iii) A.B C C/ D AB C AC , .A C B/C D AB C BC , .AB/C D A.BC/

(iv) A D R , A \R� ¤ ;(v) a; b 2 R ) hai C hbi D ¹xaC yb W x; y 2 Rº

(vi) a; b 2 R ) haihbi D habi. Here hai D Ra D ¹xa W x 2 Rº.

6. Solve the following congruence:

3x � 5 mod 7:

Is this congruence also solvable mod 17?

7. Show that the set of 2 � 2 matrices over a ring R forms a ring.


9. Prove that if R is a ring with identity and S D ¹r D m � 1 W r 2 R;m 2 Zº then Sis a subring of R containing the identity.

Chapter 2

Maximal and Prime Ideals

2.1 Maximal and Prime Ideals

In the first chapter we defined ideals I in a ring R and then the factor ring R=I ofR modulo the ideal I . We saw further that if R is commutative then R=I is alsocommutative and if R has an identity then so does R=I . This raises further questionsconcerning the structure of factor rings. In particular we can ask under what condi-tions does R=I form an integral domain and under what conditions does R=I forma field. These questions lead us to define certain special properties of ideals, calledprime ideals and maximal ideals.

For motivation let us look back at the integers Z. Recall that each proper ideal in Zhas the form nZ for some n > 1 and the resulting factor ring Z=nZ is isomorphicto Zn. We proved the following result.

Theorem 2.1.1. Zn D Z=nZ is an integral domain if and only if n D p a prime.Further Zn is a field again if and only if n D p is a prime.

Hence for the integers Z a factor ring is a field if and only if it is an integral domain.We will see later that this is not true in general. However what is clear is that thespecial ideals nZ leading to integral domains and fields are precisely when n is aprime. We look at the ideals pZ with p a prime in two different ways and then usethese in subsequent sections to give the general definitions. We first need a famousresult, Euclid’s lemma, from number theory. For integers a; b the notation ajb meansthat a divides b.

Lemma 2.1.2 (Euclid). If p is a prime and pjab then pja or pjb.

Proof. Recall that the greatest common divisor or GCD of two integers a; b is aninteger d > 0 such that d is a common divisor of both a and b and if d1 is anothercommon divisor of a and b then d1jd . We express the GCD of a; b by d D .a; b/. Itis known that for any two integers a; b their GCD exists and is unique and further isthe least positive linear combination of a and b, that is the least positive integer of theform ax C by for integers x; y. The integers a; b are relatively prime if their GCD is1, .a; b/ D 1. In this case 1 is a linear combination of a and b.

Now suppose pjab where p is a prime. If p does not divide a then since the onlypositive divisors of p are 1 and p it follows that .a; p/ D 1. Hence 1 is expressible

22 Chapter 2 Maximal and Prime Ideals

as a linear combination of a and p. That is ax C py D 1 for some integers x; y.Multiply through by b, so that

abx C pby D b:

Now pjab so pjabx and pjpby. Therefore pjabx C pby, that is, pjb.

We now recast this lemma in two different ways in terms of the ideal pZ. Noticethat pZ consists precisely of all the multiples of p. Hence pjab is equivalent toab 2 pZ.

Lemma 2.1.3. If p is a prime and ab 2 pZ then a 2 pZ or b 2 pZ.

This conclusion will be taken as the definition of a prime ideal in the next section.

Lemma 2.1.4. If p is a prime and pZ � nZ then n D 1 or n D p. That is, everyideal in Z containing pZ with p a prime is either all of Z or pZ.

Proof. Suppose that pZ � nZ. Then p 2 nZ so p is a multiple of n. Since p is aprime it follows easily that either n D 1 or n D p.

In Section 2.3 the conclusion of this lemma will be taken as the definition of amaximal ideal.

2.2 Prime Ideals and Integral Domains

Motivated by Lemma 2.1.3 we make the following general definition for commutativerings R with identity.

Definition 2.2.1. Let R be a commutative ring. An ideal P in R with P ¤ R is aprime ideal if whenever ab 2 P with a; b 2 R then either a 2 P or b 2 P .

This property of an ideal is precisely what is necessary and sufficient to make thefactor ring R=I an integral domain.

Theorem 2.2.2. Let R be a commutative ring with an identity 1 ¤ 0 and let P be anontrivial ideal in R. Then P is a prime ideal if and only if the factor ring R=P is anintegral domain.

Proof. LetR be a commutative ring with an identity 1 ¤ 0 and let P be a prime ideal.We show that R=P is an integral domain. From the results in the last chapter we havethat R=P is again a commutative ring with an identity. Therefore we must show thatthere are no zero divisors in R=P . Suppose that .a C I /.b C I / D 0 in R=P . Thezero element in R=P is 0C P and hence

.aC P /.b C P / D 0 D 0C P H) ab C P D 0C P H) ab 2 P:

Section 2.2 Prime Ideals and Integral Domains 23

However P is a prime ideal so we must then have a 2 P or b 2 P . If a 2 P thenaCP D P D 0CP so aCP D 0 in R=P . The identical argument works if b 2 P .Therefore there are no zero divisors in R=P and hence R=P is an integral domain.

Conversely suppose that R=P is an integral domain. We must show that P is aprime ideal. Suppose that ab 2 P . Then .a C P /.b C P / D ab C P D 0 C P .Hence in R=P we have

.aC P /.b C P / D 0:

However R=P is an integral domain so it has no zero divisors. It follows that eithera C P D 0 and hence a 2 P or b C P D 0 and b 2 P . Therefore either a 2 P orb 2 P so P is a prime ideal.

In a commutative ring R we can define a multiplication of ideals. We then obtainan exact analog of Euclid’s lemma. Since R is commutative each ideal is 2-sided.

Definition 2.2.3. Let R be a commutative ring with an identity 1 ¤ 0 and let A andB be ideals in R. Define

AB D ¹a1b1 C � � � C anbn W ai 2 A; bi 2 B; n 2 Nº:That is AB is the set of finite sums of products ab with a 2 A and b 2 B .

Lemma 2.2.4. Let R be a commutative ring with an identity 1 ¤ 0 and let A and Bbe ideals in R. Then AB is an ideal.

Proof. We must verify that AB is a subring and that it is closed under multiplicationfrom R. Le r1; r2 2 AB . Then

r1 D a1b1 C � � � C anbn for some ai 2 A; bi 2 Band

r2 D a01b01 C � � � C a0mb0m for some a0i 2 A; b0i 2 B:Then

r1 ˙ r2 D a1b1 C � � � C anbn ˙ a01b01 ˙ � � � ˙ a0mb0mwhich is clearly in AB . Further

r1 � r2 D a1b1a01b01 C � � � C anbna

0mb

0m:

Consider for example the first term a1b1a01b01. Since R is commutative this is equal

to.a1a

01/.b1b

01/:

Now a1a01 2 A since A is a subring and b1b

01 2 B since B is a subring. Hence this

term is in AB . Similarly for each of the other terms. Therefore r1r2 2 AB and henceAB is a subring.


Now let r 2 R and consider rr1. This is then

rr1 D ra1b1 C � � � C ranbn:

Now rai 2 A for each i since A is an ideal. Hence each summand is in AB and thenrr1 2 AB . Therefore AB is an ideal.

Lemma 2.2.5. Let R be a commutative ring with an identity 1 ¤ 0 and let A andB be ideals in R. If P is a prime ideal in R then AB � P implies that A � P orB � P .

Proof. Suppose that AB � P with P a prime ideal and suppose that B is not con-tained in P . We show that A � P . Since AB � P each product aibj 2 P . Choosea b 2 B with b … P and let a be an arbitrary element of A. Then ab 2 P . SinceP is a prime ideal this implies either a 2 P or b 2 P . But by assumption b … P soa 2 P . Since a was arbitrary we have A � P .

2.3 Maximal Ideals and Fields

Now, motivated by Lemma 2.1.4 we define a maximal ideal.

Definition 2.3.1. Let R be a ring and I an ideal in R. Then I is a maximal ideal ifI ¤ R and if J is an ideal in R with I � J then I D J or J D R.

If R is a commutative ring with an identity this property of an ideal I is preciselywhat is necessary and sufficient so that R=I is a field.

Theorem 2.3.2. Let R be a commutative ring with an identity 1 ¤ 0 and let I be anideal in R. Then I is a maximal ideal if and only if the factor ring R=I is a field.

Proof. Suppose that R is a commutative ring with an identity 1 ¤ 0 and let I be anideal in R. Suppose first that I is a maximal ideal and we show that the factor ringR=I is a field.

Since R is a commutative ring with an identity the factor ring R=I is also a com-mutative ring with an identity. We must show then that each nonzero element of R=Ihas a multiplicative inverse. Suppose then that r D rCI 2 R=I is a nonzero elementof R=I . It follows that r … I . Consider the set hr; I i D ¹rx C i W x 2 R; i 2 I º.This is also an ideal (see exercises) called the ideal generated by r and I , denotedhr; I i. Clearly I � hr; I i and since r … I and r D r � 1 C 0 2 hr; I i it follows thathr; I i ¤ I . Since I is a maximal ideal it follows that hr; I i D R the whole ring.Hence the identity element 1 2 hr; I i and so there exist elements x 2 R and i 2 I

such that 1 D rx C i . But then 1 2 .r C I /.x C I / and so 1C I D .r C I /.x C I /.

Section 2.4 The Existence of Maximal Ideals 25

Since 1 C I is the multiplicative identity of R=I is follows that x C I is the multi-plicative inverse of r C I in R=I . Since r C I was an arbitrary nonzero element ofR=I it follows that R=I is a field.

Now suppose that R=I is a field for an ideal I . We show that I must be maximal.Suppose then that I1 is an ideal with I � I1 and I ¤ I1. We must show that I1 is allof R. Since I ¤ I1 there exists an r 2 I1 with r … I . Therefore the element r C I isnonzero in the factor ring R=I and since R=I is a field it must have a multiplicativeinverse x C I . Hence .r C I /.x C I / D rx C I D 1C I and therefore there is ani 2 I with 1 D rx C i . Since r 2 I1 and I1 is an ideal we get that rx 2 I1. Furthersince I � I1 it follows that rx C i 2 I1 and so 1 2 I1. If r1 is an arbitrary elementof R then r1 � 1 D r1 2 I1. Hence R � I1 and so R D I1. Therefore I is a maximalideal.

Recall that a field is already an integral domain. Combining this with the ideas ofprime and maximal ideals we obtain:

Theorem 2.3.3. Let R be a commutative ring with an identity 1 ¤ 0. Then eachmaximal ideal is a prime ideal

Proof. Suppose thatR is a commutative ring with an identity and I is a maximal idealin R. Then from Theorem 2.3.2 we have that the factor ring R=I is a field. But a fieldis an integral domain so R=I is an integral domain. Therefore from Theorem 2.2.2we have that I must be a prime ideal.

The converse is not true in general. That is there are prime ideals that are notmaximal. Consider for example R D Z the integers and I D ¹0º. Then I is an idealand R=I D Z=¹0º Š Z is an integral domain. Hence ¹0º is a prime ideal. HoweverZ is not a field so ¹0º is not maximal. Note however that in the integers Z a properideal is maximal if and only if it is a prime ideal.

2.4 The Existence of Maximal Ideals

In this section we prove that in any ring R with an identity there do exist maximalideals. Further given an ideal I ¤ R then there exists a maximal ideal I0 such thatI � I0. To prove this we need three important equivalent results from logic and settheory.

First recall that a partial order � on a set S is a reflexive, transitive relation on S .That is a � a for all a 2 S and if a � b; b � c then a � c. This is a “partial” ordersince there may exist elements a 2 S where neither a � b nor b � a. If A is any setthen it is clear that containment of subsets is a partial order on the power set P .A/.

If � is a partial order on a set M , then a chain on M is a subset K � M such thata; b 2 K implies that a � b or b � a. A chain on M is bounded if there exists an


m 2 M such that k � m for all k 2 K. The element m is called an upper boundfor K. An element m0 2 M is maximal if whenever m 2 M with m0 � m thenm D m0. We now state the three important results from logic.

Zorn’s lemma. If each chain of M has an upper bound in M then there is at leastone maximal element in M .

Axiom of well-ordering. Each set M can be well-ordered, such that each nonemptysubset of M contains a least element.

Axiom of choice. Let ¹Mi W i 2 I º be a nonempty collection of nonempty sets. Thenthere is a mapping f W I ! S

i2I Mi with f .i/ 2 Mi for all i 2 I .

The following can be proved.

Theorem 2.4.1. Zorn’s lemma, the axiom of well-ordering and the axiom of choiceare all equivalent.

We now show the existence of maximal ideals in commutative rings with identity.

Theorem 2.4.2. Let R be a commutative ring with an identity 1 ¤ 0 and let I be anideal in R with I ¤ R. Then there exists a maximal ideal I0 in R with I � I0. Inparticular a ring with an identity contains maximal ideals.

Proof. Let I be an ideal in the commutative ring R. We must show that there exists amaximal ideal I0 in R with I � I0.

LetM D ¹X W X is an ideal with I � X ¤ Rº:

Then M is partially ordered by containment. We want to show first that each chain inM has a maximal element. If K D ¹Xj W Xj 2 M; j 2 J º is a chain let

X 0 D[

j2J

Xj :

If a; b 2 X 0 then there exists an i; j 2 J with a 2 Xi ; b 2 Xj . Since K is a chaineither Xi � Xj or Xj � Xi . Without loss of generality suppose that Xi � Xj so thata; b 2 Xj . Then a ˙ b 2 Xj � X 0 and ab 2 Xj � X 0 since Xj is an ideal. Furtherif r 2 R then ra 2 Xj � X 0 since Xj is an ideal. Therefore X 0 is an ideal in R.

Since Xj ¤ R it follows that 1 … Xj for all j 2 J . Therefore 1 … X 0 and soX 0 ¤ R. It follows that under the partial order of containment X 0 is an upper boundfor K.

We now use Zorn’s lemma. From the argument above we have that each chain hasa maximal element. Hence for an ideal I the set M above has a maximal element.This maximal element I0 is then a maximal ideal containing I .

Section 2.5 Principal Ideals and Principal Ideal Domains 27

2.5 Principal Ideals and Principal Ideal Domains

Recall again that in the integers Z each ideal I is of the form nZ for some integer n.Hence in Z each ideal can be generated by a single element.

Lemma 2.5.1. Let R be a commutative ring and a1; : : : ; an be elements of R. Thenthe set

ha1; : : : ; ani D ¹r1a1 C � � � C rnan W ri 2 Rºforms an ideal in R called the ideal generated by a1; : : : ; an.

Proof. The proof is straightforward. Let

a D r1a1 C � � � C rnan; b D s1a1 C � � � C snan

with r1; : : : ; rn; s1; : : : ; sn elements of R, be two elements of ha1; : : : ; ani. Then

a˙ b D .r1 ˙ s1/a1 C � � � C .rn ˙ sn/an 2 ha1; : : : ; aniab D .r1s1a1/a1 C .r1s2a1/a2 C � � � C .rnsnan/an 2 ha1; : : : ; ani

so ha1; : : : ; ani forms a subring. Further if r 2 R we have

ra D .rr1/a1 C � � � C .rrn/an 2 ha1; : : : ; aniand so ha1; : : : ; ani is an ideal.

Definition 2.5.2. Let R be a commutative ring. An ideal I � R is a principal idealif it has a single generator. That is

I D hai D aR for some a 2 R:We now restate Theorem 1.4.7 of Chapter 1.

Theorem 2.5.3. Every nonzero ideal in Z is a principal ideal.

Proof. Every ideal I in Z is of the form nZ. This is the principal ideal generatedby n.

Definition 2.5.4. A principal ideal domain or PID is an integral domain in whichevery ideal is principal.

Corollary 2.5.5. The integers Z are a principal ideal domain.

We mention that the set of polynomials KŒx� with coefficients from a field K isalso a principal ideal domain. We will return to this in the next chapter.

Not every integral domain is a PID. Consider KŒx; y� the set of polynomials overK in two variables x; y. Let I consist of all the polynomials with zero constant term.


Lemma 2.5.6. The set I in KŒx; y� as defined above is an ideal but not a principalideal.

Proof. We leave the proof that I forms an ideal to the exercises. To show that it isnot a principal ideal suppose I D hp.x; y/i. Now the polynomial q.x/ D x has zeroconstant term so q.x/ 2 I . Hence p.x; y/ cannot be a constant polynomial. Furtherif p.x; y/ had any terms with y in them there would be no way to multiply p.x; y/by a polynomial h.x; y/ and obtain just x. Therefore p.x; y/ can contain no termswith y in them. But the same argument using s.y/ D y shows that p.x; y/ cannothave any terms with x in them. Therefore there can be no such p.x; y/ generating Iand so I is not principal and KŒx; y� is not a principal ideal domain.

2.6 Exercises

1. Consider the set hr; I i D ¹rx C i W x 2 R; i 2 I º where I is an ideal. Prove thatthis is also an ideal called the ideal generated by r and I , denoted hr; I i.

2. Let R and S be commutative rings and let � W R ! S be a ring epimorphism. LetM be a maximal ideal in R. Show:

�.M/ is a maximal ideal in S if and only if ker.�/ � M. Is �.M/ always aprime ideal of S?

3. Let A1; : : : ;At be ideals of a commutative ring R. Let P be a prime ideal of R.Show:

(i)Tt

iD1 Ai � P ) Aj � P for at least one index j .

(ii)Tt

iD1 Ai D P ) Aj D P for at least one index j .

4. Which of the following ideals A are prime ideals ofR? Which are maximal ideals?

(i) A D .x/, R D ZŒx�.

(ii) A D .x2/, R D ZŒx�.

(iii) A D .1C p5/, R D ZŒ

p5�.

(iv) A D .x; y/, R D QŒx; y�.

5. Let w D 12.1C p�3/. Show that h2i is a prime ideal and even a maximal ideal of

ZŒw�, but h2i is neither a prime ideal nor a maximal ideal of ZŒi �.

6. Let R D ¹ab

W a; b 2 Z; b oddº. Show that R is a subring of Q and that there isonly one maximal ideal M in R.

7. Let R be a ring with an identity. Let x; y 2 R and x ¤ 0 not be a zero divisor.Further let hxi be a prime ideal with hxi � hyi ¤ R. Show that hxi D hyi.

8. ConsiderKŒx; y� the set of polynomials overK in two variables x; y. Let I consistof all the polynomials with zero constant term. Prove that the set I is an ideal.

Chapter 3

Prime Elements and Unique FactorizationDomains

3.1 The Fundamental Theorem of Arithmetic

The integers Z have served as much of our motivation for properties of integral do-mains. In the last chapter we saw that Z is a principal ideal domain and furthermorethat prime ideals ¤ ¹0º are maximal. From the viewpoint of the multiplicative struc-ture of Z and the viewpoint of classical number theory the most important propertyof Z is the fundamental theorem of arithmetic. This states that any integer n ¤ 0 isuniquely expressible as a product of primes where uniqueness is up to ordering andthe introduction of ˙1, that is units. In this chapter we show that this property is notunique to the integers and there are many other integral domains where this also holds.These are called unique factorization domains and we will present several examples.First we review the fundamental theorem of arithmetic, its proof and several otherideas from classical number theory.

Theorem 3.1.1 (fundamental theorem of arithmetic). Given any integer n ¤ 0 thereis a factorization

n D cp1p2 � � �pk

where c D ˙1 and p1; : : : ; pn are primes. Further this factorization is unique up tothe ordering of the factors.

There are two main ingredients that go into the proof; induction and Euclid’slemma. We presented this in the last chapter. In turn however Euclid’s lemma de-pends upon the existence of greatest common divisors and their linear expressibility.Therefore to begin we present several basic ideas from number theory.

The starting point for the theory of numbers is divisibility.

Definition 3.1.2. If a; b are integers we say that a divides b, or that a is a factor ordivisor of b, if there exists an integer q such that b D aq. We denote this by ajb. b isthen a multiple of a. If b > 1 is an integer whose only factors are ˙1;˙b then b is aprime, otherwise b > 1 is composite.

The following properties of divisibility are straightforward consequences of thedefinition.

30 Chapter 3 Prime Elements and Unique Factorization Domains

Lemma 3.1.3. The following properties hold:

(1) ajb ) ajbc for any integer c.

(2) ajb and bjc implies ajc.

(3) ajb and ajc implies that aj.bx C cy/ for any integers x; y.

(4) ajb and bja implies that a D ˙b.

(5) If ajb and a > 0; b > 0 then a � b.

(6) ajb if and only if cajcb for any integer c ¤ 0.

(7) aj0 for all a 2 Z and 0ja only for a D 0.

(8) aj ˙ 1 only for a D ˙1.

(9) a1jb1 and a2jb2 implies that a1a2jb1b2.

If b; c; x; y are integers then an integer bx C cy is called a linear combination ofb; c. Thus part (3) of Lemma 3.1.3 says that if a is a common divisor of b; c then adivides any linear combination of b and c.

Further, note that if b > 1 is a composite then there exists x > 0 and y > 0 suchthat b D xy and from part (5) we must have 1 < x < b, 1 < y < b.

In ordinary arithmetic, given a; b we can always attempt to divide a into b. Thenext result called the division algorithm says that if a > 0 either a will divide b or theremainder of the division of b by a will be less than a.

Theorem 3.1.4 (division algorithm). Given integers a; b with a > 0 then there existunique integers q and r such that b D qaC r where either r D 0 or 0 < r < a.

One may think of q and r as the quotient and remainder respectively when dividingb by a.

Proof. Given a; b with a > 0 consider the set

S D ¹b � qa � 0 W q 2 Zº:If b > 0 then b C a � 0 and the sum is in S . If b � 0 then there exists a q > 0 with�qa < b. Then b C qa > 0 and is in S . Therefore in either case S is nonempty.Hence S is a nonempty subset of N [¹0º and therefore has a least element r . If r ¤ 0

we must show that 0 < r < a. Suppose r � a, then r D aC x with x � 0 and x < rsince a > 0. Then b�qa D r D aCx ) b� .qC1/a D x. This means that x 2 S .Since x < r this contradicts the minimality of r which is a contradiction. Thereforeif r ¤ 0 it follows that 0 < r < a.

The only thing left is to show the uniqueness of q and r . Suppose b D q1a C r1also. By the construction above r1 must also be the minimal element of S . Hencer1 � r and r � r1 so r D r1. Now

b � qa D b � q1a H) .q1 � q/a D 0

but since a > 0 it follows that q1 � q D 0 so that q D q1.

Section 3.1 The Fundamental Theorem of Arithmetic 31

The next idea that is necessary is the concept of greatest common divisor.

Definition 3.1.5. Given nonzero integers a; b their greatest common divisor or GCDd > 0 is a positive integer which is a common divisor, that is d ja and d jb, and if d1

is any other common divisor then d1jd . We denote the greatest common divisor ofa; b by either gcd.a; b/ or .a; b/.

Certainly, if a; b are nonzero integers with a > 0 and ajb then a D gcd.a; b/.The next result says that given any nonzero integers they do have a greatest common

divisor and it is unique.

Theorem 3.1.6. Given nonzero integers a; b their GCD exists, is unique and can becharacterized as the least positive linear combination of a and b.

Proof. Given nonzero a; b consider the set

S D ¹ax C by > 0 W x; y 2 Zº:

Now a2 C b2 > 0 so S is a nonempty subset of N and hence has a least elementd > 0. We show that d is the GCD.

First we must show that d is a common divisor. Now d D axC by and is the leastsuch positive linear combination. By the division algorithm a D qd C r with 0 �r < d . Suppose r ¤ 0. Then r D a�qd D a�q.axCby/ D .1�qx/a�qby > 0.Hence r is a positive linear combination of a and b and therefore is in S . But thenr < d contradicting the minimality of d in S . It follows that r D 0 and so a D qd

and d ja. An identical argument shows that d jb and so d is a common divisor of aand b. Let d1 be any other common divisor of a and b. Then d1 divides any linearcombination of a and b and so d1jd . Therefore d is the GCD of a and b.

Finally we must show that d is unique. Suppose d1 is another GCD of a and b.Then d1 > 0 and d1 is a common divisor of a; b. Then d1jd since d is a GCD.Identically d jd1 since d1 is a GCD. Therefore d D ˙d1 and then d D d1 since theyare both positive.

If .a; b/ D 1 then we say that a; b are relatively prime. It follows that a and b arerelatively prime if and only if 1 is expressible as a linear combination of a and b. Weneed the following three results.

Lemma 3.1.7. If d D .a; b/ then a D a1d and b D b1d with .a1; b1/ D 1.

Proof. If d D .a; b/ then d ja and d jb. Hence a D a1d and b D b1d . We have

d D ax C by D a1dx C b1dy:


Dividing both sides of the equation by d we obtain

1 D a1x C b1y:

Therefore .a1; b1/ D 1.

Lemma 3.1.8. For any integer c we have that .a; b/ D .a; b C ac/.

Proof. Suppose .a; b/ D d and .a; b C ac/ D d1. Now d is the least positive linearcombination of a and b. Suppose d D axCby. d1 is a linear combination of a; bCacso that

d1 D ar C .b C ac/s D a.cs C r/C bs:

Hence d1 is also a linear combination of a and b and therefore d1 � d . On the otherhand d1ja and d1j.bCac/ and so d1jb. Therefore d1jd so d1 � d . Combining thesewe must have d1 D d .

The next result, called the Euclidean algorithm, provides a technique for both find-ing the GCD of two integers and expressing the GCD as a linear combination.

Theorem 3.1.9 (Euclidean algorithm). Given integers b and a > 0 with a − b, formthe repeated divisions

b D q1aC r1; 0 < r1 < a

a D q2r1 C r2; 0 < r2 < r1

:::

rn�2 D qnrn�1 C rn; 0 < rn < rn�1

rn�1 D qnC1rn:

The last nonzero remainder rn is the GCD of a; b. Further rn can be expressed as alinear combination of a and b by successively eliminating the ri ’s in the intermediateequations.

Proof. In taking the successive divisions as outlined in the statement of the theoremeach remainder ri gets strictly smaller and still nonnegative. Hence it must finally endwith a zero remainder. Therefore there is a last nonzero remainder rn. We must showthat this is the GCD.

Now from Lemma 3.1.7 the gcd .a; b/ D .a; b�q1a/ D .a; r1/ D .r1; a�q2r1/ D.r1; r2/. Continuing in this manner we have then that .a; b/ D .rn�1; rn/ D rn sincern divides rn�1. This shows that rn is the GCD.

To express rn as a linear combination of a and b notice first that

rn D rn�2 � qnrn�1:

Section 3.1 The Fundamental Theorem of Arithmetic 33

Substituting this in the immediately preceding division we get

rn D rn�2 � qn.rn�3 � qn�1rn�2/ D .1C qnqn�1/rn�2 � qnrn�3:

Doing this successively we ultimately express rn as a linear combination of a and b.

Example 3.1.10. Find the GCD of 270 and 2412 and express it as a linear combina-tion of 270 and 2412.

We apply the Euclidean algorithm

2412 D .8/.270/C 252

270 D .1/.252/C 18

252 D .14/.18/:

Therefore the last nonzero remainder is 18 which is the GCD. We now must express18 as a linear combination of 270 and 2412.

From the first equation252 D 2412 � .8/.270/

which gives in the second equation

270 D 2412 � .8/.270/C 18 H) 18 D .�1/.2412/C .9/.270/

which is the desired linear combination.

The next result that we need is Euclid’s lemma. We stated and proved this in thelast chapter but we restate it here.

Lemma 3.1.11 (Euclid’s lemma). If p is a prime and pjab then pja or pjb.

We can now prove the fundamental theorem of arithmetic. Induction suffices toshow that there always exists such a decomposition into prime factors.

Lemma 3.1.12. Any integer n > 1 can be expressed as a product of primes, perhapswith only one factor.

Proof. The proof is by induction. n D 2 is prime so its true at the lowest level.Suppose that any integer 2 � k < n can be decomposed into prime factors, we mustshow that n then also has a prime factorization.

If n is prime then we are done. Suppose then that n is composite. Hence n D m1m2

with 1 < m1 < n, 1 < m2 < n. By the inductive hypothesis both m1 and m2 can beexpressed as products of primes. Therefore n can, also using the primes from m1 andm2, completing the proof.


Before we continue to the fundamental theorem we mention that the existence of aprime decomposition, unique or otherwise, can be used to prove that the set of primesis infinite. The proof we give goes back to Euclid and is quite straightforward.

Theorem 3.1.13. There are infinitely many primes.

Proof. Suppose that there are only finitely many primes p1; : : : ; pn. Each of these ispositive so we can form the positive integer

N D p1p2 � � �pn C 1:

From Lemma 3.1.12 N has a prime decomposition. In particular there is a prime pwhich divides N . Then

pj.p1p2 � � �pn C 1/:

Since the only primes are assumed p1; p2; : : : ; pn it follows that p D pi for somei D 1; : : : ; n. But then pjp1p2 � � �pi : : : pnc so p cannot divide p1 � � �pn C 1 whichis a contradiction. Therefore p is not one of the given primes showing that the list ofprimes must be endless.

We can now prove the fundamental theorem of arithmetic.

Proof. We assume that n � 1. If n � �1 we use c D �n and the proof is the same.The statement certainly holds for n D 1 with k D 0. Now suppose n > 1. FromLemma 3.1.12, n has a prime decomposition

n D p1p2 � � �pm:

We must show that this is unique up to the ordering of the factors. Suppose then thatn has another such factorization n D q1q2 � � � qk with the qi all prime. We must showthat m D k and that the primes are the same. Now we have

n D p1p2 � � �pm D q1 � � � qk:

Assume that k � m. From

n D p1p2 � � �pm D q1 � � � qk

it follows that p1jq1q2 � � � qk . From Lemma 3.1.11 then we must have that p1jqi forsome i . But qi is prime and p1 > 1 so it follows that p1 D qi . Therefore we caneliminate p1 and qi from both sides of the factorization to obtain

p2 � � �pm D q1 � � � qi�1qiC1 � � � qk :

Continuing in this manner we can eliminate all the pi from the left side of the factor-ization to obtain

1 D qmC1 � � � qk :

If qmC1; : : : ; qk were primes this would be impossible. Therefore m D k and eachprime pi was included in the primes q1; : : : ; qm. Therefore the factorizations differonly in the order of the factors, proving the theorem.

Section 3.2 Prime Elements, Units and Irreducibles 35

3.2 Prime Elements, Units and Irreducibles

We now let R be an arbitrary integral domain and attempt to mimic the divisibilitydefinitions and properties.

Definition 3.2.1. Let R be an integral domain.

(1) Suppose that a; b 2 R. Then a is a factor or divisor of b if there exists a c 2 Rwith b D ac. We denote this, as in the integers, by ajb. If a is a factor of b thenb is called a multiple of a.

(2) An element a 2 R is a unit if a has a multiplicative inverse within R, that isthere exists an element a�1 2 R with aa�1 D 1.

(3) A prime element of R is an element p ¤ 0 such that p is not a unit and if pjabthen pja or pjb.

(4) An irreducible in R is an element c ¤ 0 such that c is not a unit and if c D ab

then a or b must be a unit.

(5) a and b in R are associates if there exists a unit e 2 R with a D eb.

Notice that in the integers Z the units are just ˙1. The set of prime elementscoincides with the set of irreducible elements. In Z this are precisely the set of primenumbers. On the other hand if K is a field every nonzero element is a unit so in Kthere are no prime elements and no irreducible elements.

Recall that the modular rings Zn are fields (and integral domains) when n is aprime. In general if n is not a prime then Zn is a commutative ring with an identityand a unit is still an invertible element. We can characterize the units within Zn.

Lemma 3.2.2. a 2 Zn is a unit if and only if .a; n/ D 1.

Proof. Suppose .a; n/ D 1. Then there exist x; y 2 Z such that ax C ny D 1. Thisimplies that ax � 1 mod n which in turn implies that ax D 1 in Zn and therefore ais a unit.

Conversely suppose a is a unit in Zn. Then there is an x 2 Zn with ax D 1. Interms of congruence then

ax � 1 mod n H) njax � 1 H) ax � 1 D ny H) ax � ny D 1:

Therefore 1 is a linear combination of a and n and so .a; n/ D 1.

If R is an integral domain then the set of units within R will form a group.

Lemma 3.2.3. If R is a commutative ring with an identity then the set of units in Rform an abelian group under ring multiplication. This is called the unit group of Rdenoted U.R/.


Proof. The commutativity and associativity of U.R/ follow from the ring properties.The identity of U.R/ is the multiplicative identity of R while the ring multiplicativeinverse for each unit is the group inverse. We must show that U.R/ is closed underring multiplication. If a 2 R is a unit we denote its multiplicative inverse by a�1.Now suppose a; b 2 U.R/. Then a�1; b�1 exist. It follows that

.ab/.b�1a�1/ D a.bb�1/a�1 D aa�1 D 1:

Hence ab has an inverse, namely b�1a�1 (D a�1b�1 in a commutative ring) andhence ab is also a unit. Therefore U.R/ is closed under ring multiplication.

In general irreducible elements are not prime. Consider for example the subring ofthe complex numbers (see exercises) given by

R D ZŒip5� D ¹x C i

p5y W x; y 2 Zº:

This is a subring of the complex numbers C and hence can have no zero divisors.Therefore R is an integral domain.

For an element x C iyp5 2 R define its norm by

N.x C iyp5/ D jx C iy

p5j D x2 C 5y2:

Since x; y 2 Z it is clear that the norm of an element in R is a nonnegative integer.Further if a 2 R with N.a/ D 0 then a D 0.

We have the following result concerning the norm.

Lemma 3.2.4. Let R and N be as above. Then

(1) N.ab/ D N.a/N.b/ for any elements a; b 2 R.

(2) The units of R are those a 2 R with N.a/ D 1. In R the only units are ˙1.

Proof. The fact that the norm is multiplicative is straightforward and left to the exer-cises. If a 2 R is a unit then there exists a multiplicative inverse b 2 R with ab D 1.Then N.ab/ D N.a/N.b/ D 1. Since both N.a/ and N.b/ are nonnegative integerswe must have N.a/ D N.b/ D 1.

Conversely suppose that N.a/ D 1. If a D x C iyp5 then x2 C 5y2 D 1. Since

x; y 2 Z we must have y D 0 and x2 D 1. Then a D x D ˙1.

Using this lemma we can show that R possesses irreducible elements that are notprime.

Lemma 3.2.5. Let R be as above. Then 3 D 3C i0p5 is an irreducible element in

R but 3 is not prime.

Section 3.2 Prime Elements, Units and Irreducibles 37

Proof. Suppose that 3 D ab with a; b 2 R and a; b nonunits. Then N.3/ D 9 DN.a/N.b/ with neither N.a/D1 nor N.b/D1. Hence both N.a/D3 and N.b/D3.Let a D x C iy

p5. It follows that x2 C 5y2 D 3. Since x; y 2 Z this is impossible.

Therefore one of a or b must be a unit and 3 is an irreducible element.We show that 3 is not prime in R. Let a D 2 C i

p5 and b D 2 � i

p5. Then

ab D 9 and hence 3jab. Suppose 3ja so that a D 3c for some c 2 R. Then

9 D N.a/ D N.3/N.c/ D 9N.c/ H) N.c/ D 1:

Therefore c is a unit in R and from Lemma 3.2.4 we get c D ˙1. Hence a D ˙3.This is a contradiction, so 3 does not divide a. An identical argument shows that 3does not divide b. Therefore 3 is not a prime element in R.

We now examine the relationship between prime elements and irreducibles.

Theorem 3.2.6. Let R be an integral domain. Then

(1) Each prime element of R is irreducible.

(2) p 2 R is a prime element if and only if p ¤ 0 and hpi D pR is a prime ideal.

(3) p 2 R is irreducible if and only if p ¤ 0 and hpi D pR is maximal in the setof all principal ideals of R which are not equal to R.

Proof. (1) Suppose that p 2 R is a prime element and p D ab. We must show thateither a or b must be a unit. Now pjab so either pja or pjb. Without loss of generalitywe may assume that pja, so a D pr for some r 2 R. Hence p D ab D .pr/b Dp.rb/. However R is an integral domain so p � prb D p.1 � rb/ D 0 implies that1 � rb D 0 and hence rb D 1. Therefore b is a unit and hence p is irreducible.

(2) Suppose that p is a prime element. Then p ¤ 0. Consider the ideal pR andsuppose that ab 2 pR. Then ab is a multiple of p and hence pjab. Since p is primeit follows that pja or pjb. If pja then a 2 pR while if pjb then b 2 pR. ThereforepR is a prime ideal.

Conversely suppose that pR is a prime ideal and suppose that p D ab. Thenab 2 pR so a 2 pR or b 2 pR. If a 2 pR then pja and if b 2 pR then pjb and sop is prime.

(3) Let p be irreducible then p ¤ 0. Suppose that pR � aR where a 2 R. Thenp D ra for some r 2 R. Since p is irreducible it follows that either a is a unit or r isa unit. If r is a unit we have pR D raR D aR ¤ R since p is not a unit. If a is a unitthen aR D R and pR D rR ¤ R. Therefore pR is maximal in the set of principalideals not equal to R.

Conversely suppose p ¤ 0 and pR is a maximal ideal in the set of principal ideals¤ R. Let p D ab with a not a unit. We must show that b is a unit. Since aR ¤ R

and pR � aR from the maximality we must have pR D aR. Hence a D rp for somer 2 R. Then p D ab D rpb and as before we must have rb D 1 and b a unit.


Theorem 3.2.7. Let R be a principle ideal domain. Then:

(1) An element p 2 R is irreducible if and only if it is a prime element.

(2) A nonzero ideal of R is a maximal ideal if and only if it is a prime ideal.

(3) The maximal ideals of R are precisely those ideals pR where p is a primeelement.

Proof. First note that ¹0º is a prime ideal but not maximal.(1) We already know that prime elements are irreducible. To show the converse

suppose that p is irreducible. Since R is a principal ideal domain from Theorem 3.2.6we have that pR is a maximal ideal, and each maximal ideal is also a prime ideal.Therefore from Theorem 3.2.6 we have that p is a prime element.

(2) We already know that each maximal ideal is a prime ideal. To show the conversesuppose that I ¤ ¹0º is a prime ideal. Then I D pR where p is a prime elementwith p ¤ 0. Therefore p is irreducible from part (1) and hence pR is a maximal idealfrom Theorem 3.2.6.

(3) This follows directly from the proof in part (2) and Theorem 3.2.6.

3.3 Unique Factorization Domains

We now consider integral domains where there is unique factorization into primes. IfR is an integral domain and a; b 2 R then we say that a and b are associates if thereexists a unit � 2 R with a D �b.

Definition 3.3.1. An integral domain D is a unique factorization domain or UFD iffor each d 2 D then either d D 0, d is a unit or d has a factorization into primeswhich is unique up to ordering and unit factors. This means that if

r D p1 � � �pm D q1 � � � qk

then m D k and each pi is an associate of some qj .

There are several relationships in integral domains that are equivalent to uniquefactorization.

Definition 3.3.2. Let R be an integral domain.

(1) R has property (A) if and only if for each nonunit a ¤ 0 there are irreducibleelements q1; : : : ; qr 2 R satisfying a D q1 � � � qr .

(2) R has property (A0) if and only if for each nonunit a ¤ 0 there are primeelements p1; : : : ; pr 2 R satisfying a D p1 � � �pr .

Section 3.3 Unique Factorization Domains 39

(3) R has property (B) if and only if whenever q1; : : : ; qr and q01; : : : ; q0s are irre-ducible elements of R with

q1 � � � qr D q01 � � � q0sthen r D s and there is a permutation � 2 Sr such that for each i 2 ¹1; : : : ; rºthe elements qi and q0

�.i/are associates (uniqueness up to ordering and unit

factors).

(4) R has property (C) if and only if each irreducible element of R is a prime ele-ment.

Notice that properties (A) and (C) together are equivalent to what we defined asunique factorization. Hence an integral domain satisfying (A) and (C) is a UFD. Weshow next, that there are other equivalent formulations.

Theorem 3.3.3. In an integral domain R the following are equivalent:

(1) R is a UFD.

(2) R satisfies properties (A) and (B).

(3) R satisfies properties (A) and (C).

(4) R satisfies property (A0).

Proof. As remarked before the statement of the theorem by definition (A) and (C) areequivalent to unique factorization. We show here that (2), (3) and (4) are equivalent.

First we show that (2) implies (3).Suppose that R satisfies properties (A) and (B). We must show that it also satisfies

(C), that is we must show that if q 2 R is irreducible then q is prime. Suppose thatq 2 R is irreducible and qjab with a; b 2 R. Then we have ab D cq for some c 2 R.If a is a unit from ab D cq we get that b D a�1cq and qjb. Identically if b is a unit.Therefore we may assume that neither a nor b are units.

If c D 0 then since R is an integral domain either a D 0 or b D 0 and qja or qjb.We may assume then that c ¤ 0.

If c is a unit then q D c�1ab and since q is irreducible either c�1a or b are units.If c�1a is a unit then a is also a unit so if c is a unit either a or b are units contrary toour assumption.

Therefore we may assume that c ¤ 0 and c is not a unit. From property (A) wehave

a D q1 � � � qr

b D q01 � � � q0sc D q001 � � � q00t


where q1; : : : qr ; q01; : : : ; q

0s ; q

001 ; : : : q

00t are all irreducibles. Hence

q1 � � � qrq01 � � � q0s D q001 � � � q00t � q:

From property (B) q is an associate of some qi or q0j . Hence qjqi or qjq0j . It followsthat qja or qjb and therefore q is a prime element.

That (3) implies (4) is direct.We show that (4) implies (2).Suppose that R satisfies property (A0). We must show that it satisfies both (A)

and (B). We show first that (A) follows from (A0) by showing that irreducible elementsare prime.

Suppose that q is irreducible. Then from (A0) we have

q D p1 � � �pr

with each pi prime. It follows without loss of generality that p2 � � �pr is a unit and p1

is a nonunit and hence pi j1 for i D 2; : : : ; r . Thus q D p1 and q is prime. Therefore(A) holds.

We now show that (B) holds. Let

q1 � � � qr D q01 � � � q0swhere qi ; q

0j are all irreducibles and hence primes. Then

q01jq1 � � � qr

and so q01jqi for some i . Without loss of generality suppose q01jq1. Then q1 D aq01.Since q1 is irreducible it follows that a is a unit and q1 and q01 are associates. Itfollows then that

aq2 � � � qr D q02 � q0ssince R has no zero divisors. Property (B) holds then by induction and the theorem isproved.

Note that in our new terminology Z is a UFD. In the next section we will presentother examples of UFD’s however not every integral domain is a unique factorizationdomain.

As we defined in the last section let R be the following subring of C.


p5y W x; y 2 Zº:

R is an integral domain and we showed using the norm that 3 is an irreducible in R.Analogously we can show that the elements 2 C i

p5; 2 � i

p5 are also irreducibles

in R and further 3 is not an associate of either 2C ip5 or 2 � ip5. Then

9 D 3 � 3 D .2C ip5/.2 � ip5/

Section 3.4 Principal Ideal Domains and Unique Factorization 41

give two different decompositions for an element in terms of irreducible elements.The fact thatR is not a UFD also follows from the fact that 3 is an irreducible elementwhich is not prime.

Notice also that Euclid’s proof, that there are infinitely many primes in Z, works inany UFD.

Theorem 3.3.4. Let R be a UFD. Then R has infinitely many prime elements.

Unique factorization is tied to the famous solution of Fermat’s big theorem. Wilesand Taylor in 1995 proved the following.

Theorem 3.3.5. The equation xp Cyp D zp has no integral solutions with xyz ¤ 0

for any prime p � 3.

Kummer tried to prove this theorem by attempting to factor xp D zp �yp. Call the

conclusion of Theorem 3.3.4 in an integral domain R property .Fp/. Let � D e2�i

p .Then

zp � yp Dp�1Y

jD0

.z � �jy/:

View this equation in the ring

R D ZŒ�� D² p�1X

jD0

aj �j W aj 2 Z

³

:

Kummer proved that ifR is a UFD then property .Fp/ holds. However, independently,from Uchida and Montgomery (1971) R is a UFD only if p � 19 (see [41]).

3.4 Principal Ideal Domains and Unique Factorization

In this section we prove that every principal ideal domain (PID) is a unique factoriza-tion domain (UFD). We say that an ascending chain of ideals in R

I1 � I2 � � � � � In � � � �becomes stationary if there exists an m such that Ir D Im for all r � m.

Theorem 3.4.1. Let R be an integral domain. If each ascending chain of principalideals in R becomes stationary, then R satisfies property (A).

Proof. Suppose that a ¤ 0 is a not a unit in R. Suppose that a is not a productof irreducible elements. Clearly then a cannot itself be irreducible. Hence a D a1b1

with a1; b1 2 R and a1; b1 are not units. If both a1 or b1 can be expressed as a product


of irreducible elements then so can a. Without loss of generality then suppose that a1

is not a product of irreducible elements.Since a1ja we have the inclusion of ideals aR a1R. If a1R D aR then a1 2 aR

and a1 D ar D a1b1r which implies that b1 is a unit contrary to our assumption.Therefore aR ¤ a1R and the inclusion is proper. By iteration then we obtain a strictlyincreasing chain of ideals

aR � a1R � � � � � anR � � � � :

From our hypothesis on R this must become stationary contradicting the argumentabove that the inclusion is proper. Therefore a must be a product of irreducibles.

Theorem 3.4.2. Each principal ideal domain R is a unique factorization domain.

Proof. Suppose that R is a principal ideal domain. R satisfies property (C) by The-orem 3.2.7(1), so to show that it is a unique factorization domain we must show thatit also satisfies property (A). From the previous theorem it suffices to show that eachascending chain of principal ideals becomes stationary. Consider such an ascendingchain

a1R � a2R � � � � � anR � � � � :Now let

I D1[

iD1

aiR:

Now I is an ideal inR and hence a principal ideal. Therefore I D aR for some a 2 R.Since I is a union there exists an m such that a 2 amR. Therefore I D aR � amR

and hence I D amR and aiR � amR for all i � m. Therefore the chain becomesstationary and from Theorem 3.4.1 R satisfies property (A).

Since we showed that the integers Z are a PID we can recover the fundamental theo-rem of arithmetic from Theorem 3.4.2. We now present another important example ofa PID and hence a UFD. In the next chapter we will look in detail at polynomials withcoefficients in an integral domain. Below we consider polynomials with coefficientsin a field and for the present leave out many of the details.

If F is a field and n is a nonnegative integer, then a polynomial of degree n over Fis a formal sum of the form

P.x/ D a0 C a1x C � � � C anxn

with ai 2 F for i D 0; : : : ; n, an ¤ 0, and x an indeterminate. A polynomialP.x/ over F is either a polynomial of some degree or the expression P.x/ D 0,which is called the zero polynomial and has degree �1. We denote the degree ofP.x/ by degP.x/. A polynomial of zero degree has the form P.x/ D a0 and is

Section 3.4 Principal Ideal Domains and Unique Factorization 43

called a constant polynomial and can be identified with the corresponding elementof F . The elements ai 2 F are called the coefficients of P.x/; an is the leadingcoefficient. If an D 1, P.x/ is called a monic polynomial. Two nonzero polynomialsare equal if and only if they have the same degree and exactly the same coefficients.A polynomial of degree 1 is called a linear polynomial while one of degree two is aquadratic polynomial.

We denote by F Œx� the set of all polynomials over F and we will show that F Œx�becomes a principal ideal domain and hence a unique factorization domain. We firstdefine addition, subtraction, and multiplication on F Œx� by algebraic manipulation.That is, suppose P.x/ D a0 C a1x C � � � C anx

n;Q.x/ D b0 C b1x C � � � C bmxm

thenP.x/˙Q.x/ D .a0 ˙ b0/C .a1 ˙ b1/x C � � � ;

that is, the coefficient of xi in P.x/˙Q.x/ is ai ˙ bi , where ai D 0 for i > n andbj D 0 for j > m. Multiplication is given by

P.x/Q.x/D.a0b0/C.a1b0Ca0b1/xC.a0b2Ca1b1Ca2b0/x2C� � �C.anbm/x

nCm;

that is, the coefficient of xi in P.x/Q.x/ is .a0bi C a1bi�1 C � � � C aib0/.

Example 3.4.3. Let P.x/ D 3x2 C 4x � 6 and Q.x/ D 2x C 7 be in QŒx�. Then

P.x/CQ.x/ D 3x2 C 6x C 1

and

P.x/Q.x/ D .3x2 C 4x � 6/.2x C 7/ D 6x3 C 29x2 C 16x � 42:From the definitions the following degree relationships are clear. The proofs are in

the exercises.

Lemma 3.4.4. Let 0 ¤ P.x/; 0 ¤ Q.x/ in F Œx�. Then:

(1) degP.x/Q.x/ D degP.x/C degQ.x/.

(2) deg.P.x/˙Q.x// � Max.degP.x/; degQ.x// if P.x/˙Q.x/ ¤ 0.

We next obtain the following.

Theorem 3.4.5. If F is a field, then F Œx� forms an integral domain. F can be nat-urally embedded into F Œx� by identifying each element of F with the correspondingconstant polynomial. The only units in F Œx� are the nonzero elements of F .

Proof. Verification of the basic ring properties is solely computational and is left tothe exercises. Since degP.x/Q.x/ D degP.x/C degQ.x/, it follows that if neitherP.x/ ¤ 0 nor Q.x/ ¤ 0 then P.x/Q.x/ ¤ 0 and therefore F Œx� is an integraldomain.


If G.x/ is a unit in F Œx�, then there exists an H.x/ 2 F Œx� with G.x/H.x/ D1. From the degrees we have degG.x/C degH.x/ D 0 and since degG.x/ � 0,degH.x/ � 0. This is possible only if degG.x/ D degH.x/ D 0. ThereforeG.x/2F .

Now that we have F Œx� as an integral domain we proceed to show that F Œx� is aprincipal ideal domain and hence there is unique factorization into primes. We firstrepeat the definition of a prime in F Œx�. If 0 ¤ f .x/ has no nontrivial, nonunit factors(it cannot be factorized into polynomials of lower degree) then f .x/ is a prime in F Œx�or a prime polynomial. A prime polynomial is also called an irreducible polynomial.Clearly, if degg.x/ D 1 then g.x/ is irreducible.

The fact that F Œx� is a principal ideal domain follows from the division algorithmfor polynomials, which is entirely analogous to the division algorithm for integers.

Lemma 3.4.6 (division algorithm in F Œx�). If 0 ¤ f .x/, 0 ¤ g.x/ 2 F Œx� thenthere exist unique polynomials q.x/; r.x/ 2 F Œx� such that f .x/ D q.x/g.x/C r.x/

where r.x/ D 0 or deg r.x/ < degg.x/. (The polynomials q.x/ and r.x/ are calledrespectively the quotient and remainder.)

This theorem is essentially long division of polynomials. A formal proof is basedon induction on the degree of g.x/. We omit this but give some examples from QŒx�.

Example 3.4.7. (a) Let f .x/ D 3x4 � 6x2 C 8x � 6, g.x/ D 2x2 C 4. Then

3x4 � 6x2 C 8x � 62x2 C 4

D 3

2x2 � 6 with remainder 8x C 18:

Thus here q.x/ D 32x2 � 6, r.x/ D 8x C 18.

(b) Let f .x/ D 2x5 C 2x4 C 6x3 C 10x2 C 4x, g.x/ D x2 C x. Then

2x5 C 2x4 C 6x3 C 10x2 C 4x

x2 C xD 2x3 C 6x C 4:

Thus here q.x/ D 2x3 C 6x C 4 and r.x/ D 0.

Theorem 3.4.8. Let F be a field. Then the polynomial ring F Œx� is a principal idealdomain and hence a unique factorization domain.

Proof. The proof is essentially analogous to the proof in the integers. Let I be anideal in F Œx� with I ¤ F Œx�. Let f .x/ be a polynomial in I of minimal degree. Weclaim that I D hf .x/i the principal ideal generated by f .x/. Let g.x/ 2 I . We mustshow that g.x/ is a multiple of f .x/. By the division algorithm in F Œx� we have

g.x/ D q.x/f .x/C r.x/

Section 3.5 Euclidean Domains 45

where r.x/ D 0 or deg.r.x//<deg.f .x//. If r.x/ ¤ 0 then deg.r.x//<deg.f .x//.However r.x/ D g.x/ � q.x/f .x/ 2 I since I is an ideal and g.x/; f .x/ 2 I . Thisis a contradiction since f .x/ was assumed to be a polynomial in I of minimal degree.Therefore r.x/ D 0 and hence g.x/ D q.x/f .x/ is a multiple of f .x/. Thereforeeach element of I is a multiple of f .x/ and hence I D hf .x/i.

Therefore F Œx� is a principal ideal domain and from Theorem 3.4.2 a unique fac-torization domain.

We proved that in a principal ideal domain every ascending chain of ideals becomesstationary. In general a ring R (commutative or not) satisfies the ascending chaincondition or ACC if every ascending chain of left (or right) ideals in R becomesstationary. A ring satisfying the ACC is called a Noetherian ring.

3.5 Euclidean Domains

In analyzing the proof of unique factorization in both Z and F Œx�, it is clear that itdepends primarily on the division algorithm. In Z the division algorithm dependedon the fact that the positive integers could be ordered and in F Œx� on the fact that thedegrees of nonzero polynomials are nonnegative integers and hence could be ordered.This basic idea can be generalized in the following way.

Definition 3.5.1. An integral domain D is a Euclidean domain if there exists a func-tion N from D? D D n ¹0º to the nonnegative integers such that

(1) N.r1/ � N.r1r2/ for any r1; r2 2 D?.

(2) For all r1; r2 2 D with r1 ¤ 0 there exist q; r 2 D such that

r2 D qr1 C r

where either r D 0 or N.r/ < N.r1/.

The function N is called a Euclidean norm on D.

Therefore Euclidean domains are precisely those integral domains which allow di-vision algorithms. In the integers Z define N.z/ D jzj. Then N is a Euclidean normon Z and hence Z is a Euclidean domain. On F Œx� define N.p.x// D deg.p.x// ifp.x/ ¤ 0. Then N is also a Euclidean norm on F Œx� so that F Œx� is also a Euclideandomain. In any Euclidean domain we can mimic the proofs of unique factorization inboth Z and F Œx� to obtain the following:

Theorem 3.5.2. Every Euclidean domain is a principal ideal domain and hence aunique factorization domain.

Before proving this theorem we must develop some results on the number theoryof general Euclidean domains. First some properties of the norm.


Lemma 3.5.3. If R is a Euclidean domain then

(a) N.1/ is minimal among ¹N.r/ W r 2 R?º.

(b) N.u/ D N.1/ if and only if u is a unit.

(c) N.a/ D N.b/ for a; b 2 R? if a; b are associates.

(d) N.a/ < N.ab/ unless b is a unit.

Proof. (a) From property (1) of Euclidean norms we have

N.1/ � N.1 � r/ D N.r/ for any r 2 R?:

(b) Suppose u is a unit. Then there exists u�1 with u �u�1 D 1. Then

N.u/ � N.u �u�1/ D N.1/:

From the minimality of N.1/ it follows that N.u/ D N.1/.Conversely suppose N.u/ D N.1/. Apply the division algorithm to get

1 D quC r:

If r ¤ 0 then N.r/ < N.u/ D N.1/ contradicting the minimality of N.1/. Thereforer D 0 and 1 D qu. Then u has a multiplicative inverse and hence is a unit.

(c) Suppose a; b 2 R? are associates. Then a D ub with u a unit. Then

N.b/ � N.ub/ D N.a/:

On the other hand b D u�1a so

N.a/ � N.u�1a/ D N.b/:

Since N.a/ � N.b/ and N.b/ � N.a/ it follows that N.a/ D N.b/.(d) Suppose N.a/ D N.ab/. Apply the division algorithm

a D q.ab/C r

where r D 0 or N.r/ < N.ab/. If r ¤ 0 then

r D a � qab D a.1 � qb/ H) N.ab/ D N.a/ � N.a.1 � qb// D N.r/

contradicting that N.r/ < N.ab/. Hence r D 0 and a D q.ab/ D .qb/a. Then

a D .qb/a D 1 � a H) qb D 1

since there are no zero divisors in an integral domain. Hence b is a unit. SinceN.a/ � N.ab/ it follows that if b is not a unit we must have N.a/ < N.ab/.


We can now prove Theorem 3.5.2.

Proof. Let D be a Euclidean domain. We show that each ideal I ¤ D in D isprincipal. Let I ¤ D be an ideal in D. If I D ¹0º then I D h0i and I is principal.Therefore we may assume that there are nonzero elements in I . Hence there areelements x 2 I with strictly positive norm. Let a be an element of I of minimalnorm. We claim that I D hai. Let b 2 I . We must show that b is a multiple of a.Now by the division algorithm

b D qaC r

where either r D 0 or N.r/ < N.a/. As in Z and F Œx� we have a contradiction ifr ¤ 0. In this caseN.r/ < N.a/ but r D b�qa 2 I since I is an ideal contradictingthe minimality of N.a/. Therefore r D 0 and b D qa and hence I D hai.

As a final example of a Euclidean domain we consider the Gaussian integers

ZŒi � D ¹aC bi W a; b 2 Zº:

It was first observed by Gauss that this set permits unique factorization. To show thiswe need a Euclidean norm on ZŒi �.

Definition 3.5.4. If z D aC bi 2 ZŒi � then its norm N.z/ is defined by

N.aC bi/ D a2 C b2:

The basic properties of this norm follow directly from the definition (see exercises).

Lemma 3.5.5. If ˛; ˇ 2 ZŒi � then:

(1) N.˛/ is an integer for all ˛ 2 ZŒi �.

(2) N.˛/ � 0 for all ˛ 2 ZŒi �.

(3) N.˛/ D 0 if and only if ˛ D 0.

(4) N.˛/ � 1 for all ˛ ¤ 0.

(5) N.˛ˇ/ D N.˛/N.ˇ/, that is the norm is multiplicative.

From the multiplicativity of the norm we have the following concerning primes andunits in ZŒi �.

Lemma 3.5.6. (1) u 2 ZŒi � is a unit if and only if N.u/ D 1.

(2) If � 2 ZŒi � and N.�/ D p where p is an ordinary prime in Z then � is a primein ZŒi �.


Proof. Certainly u is a unit if and only if N.u/DN.1/. But in ZŒi � we haveN.1/D1so the first part follows.

Suppose next that � 2 ZŒi � with N.�/ D p for some p 2 Z. Suppose that� D �1�2. From the multiplicativity of the norm we have

N.�/ D p D N.�1/N.�2/:

Since each norm is a positive ordinary integer and p is a prime it follows that eitherN.�1/ D 1 or N.�2/ D 1. Hence either �1 or �2 is a unit. Therefore � is a prime inZŒi �.

Armed with this norm we can show that ZŒi � is a Euclidean domain.

Theorem 3.5.7. The Gaussian integers ZŒi � form a Euclidean domain.

Proof. That ZŒi � forms a commutative ring with an identity can be verified directlyand easily. If ˛ˇ D 0 then N.˛/N.ˇ/ D 0 and since there are no zero divisors inZ we must have N.˛/ D 0 or N.ˇ/ D 0. But then either ˛ D 0 or ˇ D 0 andhence ZŒi � is an integral domain. To complete the proof we show that the norm N isa Euclidean norm.

From the multiplicativity of the norm we have if ˛; ˇ ¤ 0

N.˛ˇ/ D N.˛/N.ˇ/ � N.˛/ since N.ˇ/ � 1:

Therefore property (1) of Euclidean norms is satisfied. We must now show that thedivision algorithm holds.

Let ˛ D a C bi and ˇ D c C di be Gaussian integers. Recall that for a nonzerocomplex number z D x C iy its inverse is

1

zD z

jzj2 D x � iyx2 C y2

:

Therefore as a complex number

˛

ˇD ˛

ˇ

jˇj2 D .aC bi/c � dic2 C d2

D ac C bd

c2 C d2C ac � bdc2 C d2

i D uC iv:

Now since a; b; c; d are integers u; v must be rationals. The set

¹uC iv W u; v 2 Qº

is called the set of the Gaussian rationals.


If u; v 2 Z then u C iv 2 ZŒi �, ˛ D qˇ with q D u C iv, and we are done.Otherwise choose ordinary integers m; n satisfying ju�mj � 1

2and jv � nj � 1

2and

let q D mC in. Then q 2 ZŒi �. Let r D ˛ � qˇ. We must show that N.r/ < N.ˇ/.Working with complex absolute value we get

jr j D j˛ � qˇj D jˇjˇ

ˇ

ˇ

ˇ

˛

ˇ� q

ˇ

ˇ

ˇ

ˇ

:

Now

ˇ

ˇ

ˇ

ˇ

˛

ˇ�q

ˇ

ˇ

ˇ

ˇ

D j.u�m/C i.v�n/j Dq

.u �m/2 C .v � n/2 �s

�

1

2

�2

C�

1

2

�2

< 1:

Thereforejr j < jˇj H) jr j2 < jˇj2 H) N.r/ < N.ˇ/

completing the proof.

Since ZŒi � forms a Euclidean domain it follows from our previous results that ZŒi �must be a principal ideal domain and hence a unique factorization domain.

Corollary 3.5.8. The Gaussian integers are a UFD.

Since we will now be dealing with many kinds of integers we will refer to theordinary integers Z as the rational integers and the ordinary primes p as the rationalprimes. It is clear that Z can be embedded into ZŒi �. However not every rationalprime is also prime in ZŒi �. The primes in ZŒi � are called the Gaussian primes. Forexample we can show that both 1C i and 1� i are Gaussian primes, that is primes inZŒi �. However .1C i/.1 � i/ D 2 so that the rational prime 2 is not a prime in ZŒi �.Using the multiplicativity of the Euclidean norm in ZŒi � we can describe all the unitsand primes in ZŒi �.

Theorem 3.5.9. (1) The only units in ZŒi � are ˙1;˙i .(2) Suppose � is a Gaussian prime. Then � is either:

(a) a positive rational prime p � 3 mod 4 or an associate of such a rationalprime.

(b) 1C i or an associate of 1C i .

(c) aC bi or a� bi where a > 0, b > 0, a is even and N.�/ D a2 C b2 D p

with p a rational prime congruent to 1 mod 4 or an associate of aCbi ora � bi .

Proof. (1) Suppose u D x C iy 2 ZŒi � is a unit. Then from Lemma 3.5.6 we haveN.u/ D x2 C y2 D 1 implying that .x; y/ D .0;˙1/ or .x; y/ D .˙1; 0/. Henceu D ˙1 or u D ˙i .


(2) Now suppose that � is a Gaussian prime. Since N.�/ D �� and � 2 ZŒi �it follows that �jN.�/. N.�/ is a rational integer so N.�/ D p1 � � �pk where thepi ’s are rational primes. By Euclid’s lemma �jpi for some pi and hence a Gaussianprime must divide at least one rational prime. On the other hand suppose �jp and �jqwhere p; q are different primes. Then .p; q/ D 1 and hence there exist x; y 2 Z suchthat 1 D px C qy. It follows that �j1 a contradiction. Therefore a Gaussian primedivides one and only one rational prime.

Let p be the rational prime that � divides. Then N.�/jN.p/ D p2. Since N.�/is a rational integer it follows that N.�/ D p or N.�/ D p2. If � D a C bi thena2 C b2 D p or a2 C b2 D p2.

If p D 2 then a2 C b2 D 2 or a2 C b2 D 4. It follows that � D ˙2;˙2i or� D 1 C i or an associate of 1 C i . Since .1 C i/.1 � i/ D 2 and neither 1 C i

nor 1 � i are units it follows that neither 2 nor any of its associates are primes. Then� D 1C i or an associate of 1C i . To see that 1C i is prime suppose 1C i D ˛ˇ.Then N.1C i/ D 2 D N.˛/N.ˇ/. It follows that either N.˛/ D 1 or N.ˇ/ D 1 andeither ˛ or ˇ is a unit.

If p ¤ 2 then either p � 3 mod 4 or p � 1 mod 4. Suppose first that p � 3 mod4. Then a2 C b2 D p would imply from Fermat’s two-square theorem (see [35]) thatp � 1 mod 4. Therefore from the remarks above a2 C b2 D p2 and N.�/ D N.p/.Since �jp we have � D ˛p with ˛ 2 ZŒi �. From N.�/ D N.p/ we get thatN.˛/ D 1 and ˛ is a unit. Therefore � and p are associates. Hence in this case � isan associate of a rational prime congruent to 3 mod 4.

Finally suppose p � 1 mod 4. From the remarks above either N.�/ D p orN.�/ D p2. If N.�/ D p2 then a2 C b2 D p2. Since p � 1 mod 4 from Fermat’stwo square theorem there exist m; n 2 Z with m2 C n2 D p. Let u D mC in thenthe norm N.u/ D p. Since p is a rational prime it follows that u is a Gaussian prime.Similarly its conjugate u is also a Gaussian prime. Now uu D p2 D N.�/. Since�jN.�/ it follows that �juu and from Euclid’s lemma either �ju or �ju. If �ju theyare associates since both are primes. But this is a contradiction since N.�/ ¤ N.u/.The same is true if � ju.

It follows that if p � 1 mod 4, then N.�/ ¤ p2. Therefore in this case N.�/ Dp D a2 C b2. An associate of � has both a; b > 0 (see exercises). Further sincea2 C b2 D p one of a or b must be even. If a is odd then b is even then i� is anassociate of � with a even completing the proof.

Finally we mention that the methods used in ZŒi � cannot be applied to all quadraticintegers. For example we have seen that there is not unique factorization in ZŒ

p�5�.

Section 3.6 Overview of Integral Domains 51

3.6 Overview of Integral Domains

Here we present some additional definitions for special types of integral domains.

Definition 3.6.1. (1) A Dedekind domain D is an integral domain such that eachnonzero proper ideal A (¹0º ¤ A ¤ R) can be written uniquely as a product ofprime ideals

A D P1 � � �Pr

with each Pi a prime ideal and the factorization is unique up to ordering.

(2) A Prüfer ring is an integral domain such that

A � .B \ C/ D AB \ AC

for all ideals A;B;C in R.

Dedekind domains arise naturally in algebraic number theory. It can be proved thatthe rings of algebraic integers in any algebraic number field are Dedekind domains(see [35]).

IfR is a Dedekind domain it is also a Prüfer Ring. IfR is a Prüfer ring and a uniquefactorization domain then R is a principal ideal domain.

In the next chapter we will prove a theorem due to Gauss that ifR is a UFD then thepolynomial ring RŒx� is also a UFD. If K is a field we have already seen that KŒx� isa UFD. Hence the polynomial ring in several variables KŒx1; : : : ; xn� is also a UFD.This fact plays an important role in algebraic geometry.

3.7 Exercises

1. Let R be an integral domain and let � 2 R n .U.R/ [ ¹0º/. Show:

(i) If for each a 2 R with � − a there exist �;� 2 R with �� C �a D 1 then� is a prime element of R.

(ii) Give an example for a prime element � in an UFD R, which does not satisfythe conditions of (i).

2. LetR be an UFD and let a1; : : : ; at be pairwise coprime elements ofR. If a1 � � � at

is anm-th power (m 2 N), then all factors ai are an associate of anm-th power. Iseach ai necessarily an m-th power?

3. Decide if the unit group of ZŒp3�, ZŒ

p5� and ZŒ

p7� is finite or infinite. For which

a 2 Z are .1 � p5/ and .aC p

5/ associates in ZŒp5�?

4. Let k 2 Z and k ¤ x2 for all x 2 Z. Let ˛ D a C bpk and ˇ D c C d

pk be

elements of ZŒpk� and N.˛/ D a2 � kb2, N.ˇ/ D c2 � kd2. Show:


(i) The equality of the absolute values of N.˛/ and N.ˇ/ is necessary for theassociation of ˛ and ˇ in ZŒ

pk�. Is this constraint also sufficient?

(ii) Sufficient for the irreducibility of ˛ in ZŒpk� is the irreducibility of N.˛/ in

Z. Is this also necessary?

5. In general irreducible elements are not prime. Consider the set of complex numbergiven by


p5y W x; y 2 Zº:

Show that they form a subring of C.

6. For an element x C iyp5 2 R define its norm by

N.x C iyp5/ D jx C iy

p5j D x2 C 5y2:

Prove that the norm is multiplicative, that is N.ab/ D N.a/N.b/.


8. Prove that the set of polynomials RŒx� with coefficients in a ring R forms a ring.

9. Prove the basic properties of the norm of the Gaussian integers. If ˛; ˇ 2 ZŒi �then:

(i) N.˛/ is an integer for all ˛ 2 ZŒi �.

(ii) N.˛/ � 0 for all ˛ 2 ZŒi �.

(iii) N.˛/ D 0 if and only if ˛ D 0.

(iv) N.˛/ � 1 for all ˛ ¤ 0.

(v) N.˛ˇ/ D N.˛/N.ˇ/, that is the norm is multiplicative.

Chapter 4

Polynomials and Polynomial Rings

4.1 Polynomials and Polynomial Rings

In the last chapter we saw that if K is a field then the set of polynomials with coef-ficients in K, which we denoted KŒx�, forms a unique factorization domain. In thischapter we take a more detailed look at polynomials over a general ring R. We thenprove that if R is a UFD then the polynomial ring RŒx� is also a UFD. We first take aformal look at polynomials.

Let R be a commutative ring with an identity. Consider the set QR of functions ffrom the nonnegative integersN D N [¹0º intoR with only a finite number of valuesnonzero. That is

QR D ¹f W N ! R W f .n/ ¤ 0 for only finitely many nº:On QR we define the following addition and multiplication

.f C g/.m/ D f .m/C g.m/

.f �g/.m/ DX

iCjDm

f .i/g.j /:

If we let x D .0; 1; 0; : : :/ and identify .r; 0; : : :/ with r 2 R then

x0 D .1; 0; : : :/ D 1 and xiC1 D x � xi :

Now if f D .r0; r1; r2; : : :/ then f can be written as

f D1X

iD0

rixi D

mX

iD0

rixi

for some m � 0 since ri ¤ 0 for only finitely many i . Further this presentation isunique.

We now call x an indeterminate over R and write each element of QR as f .x/ DPm

iD0 rixi with f .x/ D 0 or rm ¤ 0. We also now writeRŒx� for QR. Each element of

RŒx� is called a polynomial overR. The elements r0; : : : ; rm are called the coefficientsof f .x/ with rm the leading coefficient. If rm ¤ 0 the natural number m is called thedegree of f .x/ which we denote by deg f .x/. We say that f .x/ D 0 has degree�1. The uniqueness of the representation of a polynomial implies that two nonzero

54 Chapter 4 Polynomials and Polynomial Rings

polynomials are equal if and only if they have the same degree and exactly the samecoefficients. A polynomial of degree 1 is called a linear polynomial while one ofdegree two is a quadratic polynomial. The set of polynomials of degree 0 togetherwith 0 form a ring isomorphic to R and hence can be identified with R, the constantpolynomials. Thus the ring R embeds in the set of polynomials RŒx�. The followingresults are straightforward concerning degree.

Lemma 4.1.1. Let f .x/ ¤ 0; g.x/ ¤ 0 2 RŒx�. Then:

(a) deg f .x/g.x/ � degf .x/C degg.x/.

(b) deg.f .x/˙ g.x// � Max.deg f .x/; degg.x//.

If R is an integral domain then we have equality in (a).

Theorem 4.1.2. LetR be a commutative ring with an identity. Then the set of polyno-mials RŒx� forms a ring called the ring of polynomials over R. The ring R identifiedwith 0 and the polynomials of degree 0 naturally embeds into RŒx�. RŒx� is commu-tative if and only if R is commutative. Further RŒx� is uniquely determined by R andx.

Proof. Set f .x/ D PniD0 rix

i and g.x/ D PmjD0 sjx

j . The ring properties followdirectly by computation. The identification of r 2 R with the polynomial r.x/ D r

provides the embedding of R into RŒx�. From the definition of multiplication in RŒx�if R is commutative then RŒx� is commutative. Conversely if RŒx� is commutativethen from the embedding of R into RŒx� it follows that R must be commutative. Notethat if R has a multiplicative identity 1 ¤ 0 then this is also the multiplicative identityof RŒx�.

Finally if S is a ring that contains R and ˛ 2 S then

RŒ˛� D²

X

i�0

ri˛i W ri 2 R and ri ¤ 0 for only a finite number of i

³

is a homomorphic image of RŒx� via the mapX

i�0

rixi 7!

X

i�0

ri˛i :

Hence RŒx� is uniquely determined by R and x.

If R is an integral domain then irreducible polynomials are defined as irreduciblesin the ring RŒx�. If R is a field then f .x/ is an irreducible polynomial if there isno factorization f .x/ D g.x/h.x/ where g.x/ and h.x/ are polynomials of lowerdegree than f .x/. Otherwise f .x/ is called reducible. In elementary mathematicspolynomials are considered as functions. We recover that idea via the concept ofevaluation.

Section 4.2 Polynomial Rings over Fields 55

Definition 4.1.3. Let f .x/ D r0 C r1x C � � � C rmxn be a polynomial over a com-

mutative ring R with an identity and let c 2 R. Then the element

f .c/ D r0 C r1c C � � � C rncn 2 R

is called the evaluation of f .x/ at c.

Definition 4.1.4. If f .x/ 2 RŒx� and f .c/ D 0 for c 2 R, then c is called a zero or aroot of f .x/ in R.

4.2 Polynomial Rings over Fields

We now restate some of the result of the last chapter for KŒx� where K is a field. Wethen consider some consequences of these results to zeros of polynomials.

Theorem 4.2.1. If F is a field, then F Œx� forms an integral domain. F can be nat-urally embedded into F Œx� by identifying each element of F with the correspondingconstant polynomial. The only units in F Œx� are the nonzero elements of F .

Proof. Verification of the basic ring properties is solely computational and is left tothe exercises. Since degP.x/Q.x/ D degP.x/C degQ.x/, it follows that if neitherP.x/ ¤ 0 nor Q.x/ ¤ 0 then P.x/Q.x/ ¤ 0 and therefore F Œx� is an integraldomain.

If G.x/ is a unit in F Œx�, then there exists an H.x/2F Œx� with G.x/H.x/D 1.From the degrees we have degG.x/ C degH.x/ D 0 and since degG.x/ � 0,degH.x/ � 0. This is possible only if degG.x/ D degH.x/ D 0. ThereforeG.x/ 2 F .

Now that we have F Œx� as an integral domain we proceed to show that F Œx� is aprincipal ideal domain and hence there is unique factorization into primes. We firstrepeat the definition of a prime in F Œx�. If 0 ¤ f .x/ has no nontrivial, nonunit factors(it cannot be factorized into polynomials of lower degree) then f .x/ is a prime in F Œx�or a prime polynomial. A prime polynomial is also called an irreducible polynomialover F . Clearly, if deg g.x/ D 1 then g.x/ is irreducible.

The fact that F Œx� is a principal ideal domain follows from the division algorithmfor polynomials, which is entirely analogous to the division algorithm for integers.

Theorem 4.2.2 (division algorithm in F Œx�). If 0 ¤ f .x/; 0 ¤ g.x/ 2 F Œx� thenthere exist unique polynomials q.x/; r.x/ 2 F Œx� such that f .x/ D q.x/g.x/C r.x/

where r.x/ D 0 or deg r.x/ < degg.x/. (The polynomials q.x/ and r.x/ are calledrespectively the quotient and remainder.)

This theorem is essentially long division of polynomials. A formal proof is basedon induction on the degree of g.x/. We omit this but give some examples from QŒx�.


Example 4.2.3. (a) Let f .x/ D 3x4 � 6x2 C 8x � 6, g.x/ D 2x2 C 4. Then

3x4 � 6x2 C 8x � 62x2 C 4

D 3

2x2 � 6 with remainder 8x C 18:

Thus here q.x/ D 32x2 � 6 and r.x/ D 8x C 18.

(b) Let f .x/ D 2x5 C 2x4 C 6x3 C 10x2 C 4x, g.x/ D x2 C x. Then

2x5 C 2x4 C 6x3 C 10x2 C 4x

x2 C xD 2x3 C 6x C 4:

Thus here q.x/ D 2x3 C 6x C 4 and r.x/ D 0.

Theorem 4.2.4. Let F be a field. Then the polynomial ring F Œx� is a principal idealdomain and hence a unique factorization domain.

We now give some consequences relative to zeros of polynomials in F Œx�.

Theorem 4.2.5. If f .x/ 2 F Œx� and c 2 F with f .c/ D 0 then

f .x/ D .x � c/h.x/;where degh.x/ < degf .x/.

Proof. Divide f .x/ by x � c. Then by the division algorithm we have

f .x/ D .x � c/h.x/C r.x/

where r.x/ D 0 or deg r.x/ < deg.x � c/ D 1. Hence if r.x/ ¤ 0 then r.x/ is apolynomial of degree 0, that is a constant polynomial, that is r.x/ D r for r 2 F .Hence we have

f .x/ D .x � c/h.x/C r:

This implies that0 D f .x/ D 0h.c/C r D r

and therefore r D 0 and f .x/ D .x � c/h.x/. Since deg.x � c/ D 1 we must havethat deg h.x/ < deg f .x/.

If f .x/ D .x � c/kh.x/ for some k � 1 with h.c/ ¤ 0 then c is called a zero oforder k.

Theorem 4.2.6. Let f .x/ 2 F Œx� with degree 2 or 3. Then f is irreducible if andonly if f .x/ doesn’t have a zero in F .

Proof. Suppose that f .x/ is irreducible of degree 2 or 3. If f .x/ has a zero c thenfrom Theorem 4.2.4 we have f .x/ D .x � c/h.x/ with h.x/ of degree 1 or 2. There-fore f .x/ is reducible a contradiction and hence f .x/ cannot have a zero.

Conversely from Theorem 4.2.4 if f .x/ has a zero and if of degree greater than 1then f .x/ is reducible.

Section 4.3 Polynomial Rings over Integral Domains 57

4.3 Polynomial Rings over Integral Domains

Here we consider RŒx� where R is an integral domain.

Definition 4.3.1. Let R be an integral domain. Then a1; a2; : : : ; an 2 R are coprimeif the set of all common divisors of a1; : : : ; an consists only of units.

Notice for example that this concept depends on the ring R. For example 6 and 9are not coprime over the integers Z since 3j6 and 3j9 and 3 is not a unit. However 6and 9 are coprime over the rationals Q. Here 3 is a unit.

Definition 4.3.2. Let f .x/ D PniD1 rix

i 2 RŒx� where R is an integral domain.Then f .x/ is a primitive polynomial or just primitive if r0; r1; : : : ; rn are coprimein R.

Theorem 4.3.3. Let R be an integral domain. Then

(a) The units of RŒx� are the units of R.

(b) If p is a prime element of R then p is a prime element of RŒx�.

Proof. If r 2 R is a unit then since R embeds into RŒx� it follows that r is also a unitin RŒx�. Conversely suppose that h.x/ 2 RŒx� is a unit. Then there is a g.x/ suchthat h.x/g.x/ D 1. Hence deg f .x/ C degg.x/ D deg 1 D 0. Since degrees arenonnegative integers it follows that deg f .x/ D degg.x/ D 0 and hence f .x/ 2 R.

Now suppose that p is a prime element of R. Then p ¤ 0 and pR is a prime idealin R. We must show that pRŒx� is a prime ideal in RŒx�. Consider the map

� W RŒx� ! .R=pR/Œx� given by

�

� nX

iD0

rixi

�

DnX

iD0

.ri C pR/xi :

Then � is an epimorphism with kernel pRŒx�. Since pR is a prime ideal we know thatR=pR is an integral domain. It follows that .R=pR/Œx� is also an integral domain.Hence pRŒx� must be a prime ideal in RŒx� and therefore p is also a prime elementof RŒx�.

Recall that each integral domain R can be embedded into a unique field of frac-tions K. We can use results on KŒx� to deduce some results in RŒx�.

Lemma 4.3.4. If K is a field then each nonzero f .x/ 2 KŒx� is a primitive.

Proof. Since K is a field each nonzero element of K is a unit. Therefore the onlycommon divisors of the coefficients of f .x/ are units and hence f .x/ 2 KŒx� isprimitive.


Theorem 4.3.5. Let R be an integral domain. Then each irreducible f .x/ 2 RŒx� ofdegree > 0 is primitive.

Proof. Let f .x/ be an irreducible polynomial in RŒx� and let r 2 R be a commondivisor of the coefficients of f .x/. Then f .x/ D rg.x/ where g.x/ 2 RŒx�. Thendeg f .x/ D degg.x/ > 0 so g.x/ … R. Since the units of RŒx� are the units of R itfollows that g.x/ is not a unit in RŒx�. Since f .x/ is irreducible it follows that r mustbe a unit in RŒx� and hence r is a unit in R. Therefore f .x/ is primitive.

Theorem 4.3.6. Let R be an integral domain and K its field of fractions. If f .x/ 2RŒx� is primitive and irreducible in KŒx� then f .x/ is irreducible in RŒx�.

Proof. Suppose that f .x/ 2 RŒx� is primitive and irreducible in KŒx� and supposethat f .x/ D g.x/h.x/ where g.x/; h.x/ 2 RŒx� � KŒx�. Since f .x/ is irreducibleinKŒx� either g.x/ or h.x/must be a unit inKŒx�. Without loss of generality supposethat g.x/ is a unit inKŒx�. Then g.x/ D g 2 K. But g.x/ 2 RŒx� andK\RŒx� D R.Hence g 2 R. Then g is a divisor of the coefficients of f .x/ and as f .x/ is prim-itive g.x/ must be a unit in R and therefore also a unit in RŒx�. Therefore f .x/ isirreducible in RŒx�.

4.4 Polynomial Rings over Unique Factorization Domains

In this section we prove that if R is a UFD then the polynomial ring RŒx� is also aUFD. We first need the following due to Gauss.

Theorem 4.4.1 (Gauss’ lemma). Let R be a UFD and f .x/; g.x/ primitive polyno-mials in RŒx�. Then their product f .x/g.x/ is also primitive.

Proof. Let R be a UFD and f .x/; g.x/ primitive polynomials in RŒx�. Suppose thatf .x/g.x/ is not primitive. Then there is a prime element p 2 R that divides eachof the coefficients of f .x/g.x/. Then pjf .x/g.x/. Since prime elements of R arealso prime elements of RŒx� it follows that p is also a prime element of RŒx� andhence pjf .x/ or pjg.x/. Therefore either f .x/ or g.x/ is not primitive giving acontradiction.

Theorem 4.4.2. Let R be a UFD and K its field of fractions.

(a) If g.x/ 2 KŒx� is nonzero then there is a nonzero a 2 K such that ag.x/ 2 RŒx�is primitive.

(b) Let f .x/; g.x/ 2 RŒx� with g.x/ primitive and f .x/ D ag.x/ for some a 2 K.Then a 2 R.

(c) If f .x/ 2 RŒx� is nonzero then there is a b 2 R and a primitive g.x/ 2 RŒx�

such that f .x/ D bg.x/.

Section 4.4 Polynomial Rings over Unique Factorization Domains 59

Proof. (a) Suppose that g.x/ D PniD0 aix

i with ai D ri

si, ri ; si 2 R. Set s D

s0s1 � � � sn. Then sg.x/ is a nonzero element of RŒx�. Let d be a greatest commondivisor of the coefficients of sg.x/. If we set a D s

dthen ag.x/ is primitive.

(b) For a 2 K there are coprime r; s 2 R satisfying a D rs. Suppose that a … R.

Then there is a prime element p 2 R dividing s. Since g.x/ is primitive p does notdivide all the coefficients of g.x/. However we also have f .x/ D ag.x/ D r

sg.x/.

Hence sf .x/ D rg.x/ where pjs and p doesn’t divide r . Therefore p divides all thecoefficients of g.x/ and hence a 2 R.

(c) From part (a) there is a nonzero a 2 K such that af .x/ is primitive in RŒx�.Then f .x/ D a�1.af .x//. From part (b) we must have a�1 2 R. Set g.x/ D af .x/

and b D a�1.

Theorem 4.4.3. Let R be a UFD and K its field of fractions. Let f .x/ 2 RŒx� be apolynomial of degree � 1.

(a) If f .x/ is primitive and f .x/jg.x/ inKŒx� then f .x/ divides g.x/ also inRŒx�.

(b) If f .x/ is irreducible in RŒx� then it is also irreducible in KŒx�.

(c) If f .x/ is primitive and a prime element of KŒx� then f .x/ is also a primeelement of RŒx�.

Proof. (a) Suppose that g.x/ D f .x/h.x/ with h.x/ 2 KŒx�. From Theorem 4.4.2part (a) there is a nonzero a 2 K such that h1.x/ D ah.x/ is primitive in RŒx�.Hence g.x/ D 1

a.f .x/h1.x/. From Gauss’ lemma f .x/h1.x/ is primitive in RŒx�

and therefore from Theorem 4.4.2 part (b) we have 1a

2 R. It follows that f .x/jg.x/in RŒx�.

(b) Suppose that g.x/ 2 KŒx� is a factor of f .x/. From Theorem 4.4.2 part (a)there is a nonzero a 2 K with g1.x/ D ag.x/ primitive in RŒx�. Since a is a unit inK it follows that

g.x/jf .x/ in KŒx� implies g1.x/jf .x/ in KŒx�

and hence since g1.x/ is primitive

g1.x/jf .x/ in RŒx�:

However by assumption f .x/ is irreducible in RŒx�. This implies that either g1.x/ isa unit in R or g1.x/ is an associate of f .x/.

If g1.x/ is a unit then g1 2 K and g1 D ga and hence g 2 K, that is g D g.x/ isa unit.

If g1.x/ is an associate of f .x/ then f .x/ D bg.x/ where b 2 K since g1.x/ Dag.x/ with a 2 K. Combining these it follows that f .x/ has only trivial factors inKŒx� and since by assumption f .x/ is nonconstant it follows that f .x/ is irreduciblein KŒx�.


(c) Suppose that f .x/jg.x/h.x/ with g.x/; h.x/ 2 RŒx�. Since f .x/ is a primeelement inKŒx�we have that f .x/jg.x/ or f .x/jh.x/ inKŒx�. From part (a) we havef .x/jg.x/ or f .x/jh.x/ in RŒx� implying that f .x/ is a prime element in RŒx�.

We can now state and prove our main result.

Theorem 4.4.4 (Gauss). Let R be a UFD. Then the polynomial ring RŒx� is also aUFD

Proof. By induction on degree we show that each nonunit f .x/ 2 RŒx�; f .x/ ¤ 0, isa product of prime elements. Since R is an integral domain so is RŒx�, and so the factthat RŒx� is a UFD then follows from Theorem 3.3.3.

If deg f .x/ D 0 then f .x/ D f is a nonunit inR. SinceR is a UFD f is a productof prime elements in R. However from Theorem 4.3.3 each prime factor is then alsoprime in RŒx�. Therefore f .x/ is a product of prime elements.

Now suppose n > 0 and that the claim is true for all polynomials f .x/ of degree< n. Let f .x/ be a polynomial of degree n > 0. From Theorem 4.4.2 (c) there is ana 2 R and a primitive h.x/ 2 RŒx� satisfying f .x/ D ah.x/. Since R is a UFD theelement a is a product of prime elements in R or a is a unit in R. Since the units inRŒx� are the units in R and a prime element in R is also a prime element in RŒx� itfollows that a is a product of prime elements in RŒx� or a is a unit in RŒx�. Let Kbe the field of fractions of R. Then KŒx� is a UFD. Hence h.x/ is a product of primeelements of KŒx�. Let p.x/ 2 KŒx� be a prime divisor of h.x/. From Theorem 4.4.2we can assume by multiplication of field elements that p.x/ 2 RŒx� and p.x/ isprimitive. From Theorem 4.4.2 (c) it follows that p.x/ is a prime element of RŒx� andfurther from Theorem 4.4.3 (a) that p.x/ is a divisor of h.x/ in RŒx�. Therefore

f .x/ D ah.x/ D ap.x/g.x/ 2 RŒx�where

(1) a is a product of prime elements of RŒx� or a is a unit in RŒx�,

(2) degp.x/ > 0, since p.x/ is a prime element in KŒx�,

(3) p.x/ is a prime element in RŒx�, and

(4) degg.x/ < degf .x/ since degp.x/ > 0.

By our inductive hypothesis we have then that g.x/ is a product of prime elementsin RŒx� or g.x/ is a unit in RŒx�. Therefore the claim holds for f .x/ and thereforeholds for all f .x/ by induction.

If RŒx� is a polynomial ring over R we can form a polynomial ring in a new in-determinate y over this ring to form .RŒx�/Œy�. It is straightforward that .RŒx�/Œy� isisomorphic to .RŒy�/Œx�. We denote both of these rings by RŒx; y� and consider thisas the ring of polynomials in two commuting variables x; y with coefficients in R.


If R is a UFD then from Theorem 4.4.4 RŒx� is also a UFD and hence RŒx; y�is also a UFD. Inductively then the ring of polynomials in n commuting variablesRŒx1; x2; : : : ; xn� is also a UFD.

Corollary 4.4.5. If R is a UFD then the polynomial ring in n commuting variablesRŒx1; : : : ; xn� is also a UFD.

We now give a condition for a polynomial in RŒx� to have a zero in KŒx� where Kis the field of fractions of R.

Theorem 4.4.6. Let R be a UFD and K its field of fractions. Let f .x/ D xn Crn�1x

n�1 C � � � C r0 2 RŒx�. Suppose that ˇ 2 K is a zero of f .x/. Then ˇ is in Rand is a divisor of r0.

Proof. Let ˇ D rs

where s ¤ 0 and r; s 2 R and r; s are coprime. Now

f

�

r

s

�

D 0 D rn

snC rn�1

rn�1

sn�1C � � � C r0:

Hence it follows that s must divide rn. Since r and s are coprime s must be a unit andthen without loss of generality we may assume that s D 1. Then ˇ 2 R and

r.rn�1 C � � � C a1/ D �a0

and so r ja0.

Note that since Z is a UFD, Gauss’ theorem implies that ZŒx� is also a UFD. How-ever ZŒx� is not a principal ideal domain. For example the set of integral polynomialswith even constant term is an ideal but not principal. We leave the verification to theexercises. On the other hand we saw that if K is a field KŒx� is a PID. The questionarises as to when RŒx� actually is a principal ideal domain. It turns out to be preciselywhen R is a field.

Theorem 4.4.7. LetR be a commutative ring with an identity. Then the following areequivalent:

(1) R is a field.

(2) RŒx� is Euclidean.

(3) RŒx� is a principal ideal domain.

Proof. From Section 4.2 we know that (a) implies (b) which in turn implies (c).Therefore we must show that (c) implies (a). Assume then that RŒx� is a principalideal domain. Define the map

� W RŒx� ! R


by�.f .x// D f .0/:

It is easy to see that � is a ring homomorphism with RŒx�= ker.�/ Š R. Thereforeker.�/ ¤ RŒx�. Since RŒx� is a principal ideal domain it is an integral domain. Itfollows that ker.�/must be a prime ideal since the quotient ring is an integral domain.However since RŒx� is a principal ideal domain prime ideals are maximal ideals andhence ker.�/ is a maximal ideal. Therefore R Š RŒx�= ker.�/ is a field.

We now consider the relationship between irreducibles inRŒx� for a general integraldomain and irreducibles in KŒx� where K is its field of fractions. This is handled bythe next result called Eisenstein’s criterion.

Theorem 4.4.8 (Eisenstein’s criterion). Let R be an integral domain and K its fieldof fractions. Let f .x/ D Pn

iD0 aixi 2 RŒx� of degree n > 0. Let p be a prime

element of R satisfying

(1) pjai for i D 0; : : : ; n � 1.

(2) p does not divide an.

(3) p2 does not divide a0.

Then:

(a) If f .x/ is primitive then f .x/ is irreducible in RŒx�.

(b) Suppose that R is a UFD. Then f .x/ is also irreducible in KŒx�.

Proof. (a) Suppose that f .x/ D g.x/h.x/ with g.x/; h.x/ 2 RŒx�. Suppose that

g.x/ DkX

iD1

bixi ; bk ¤ 0 and h.x/ D

lX

iD1

cjxj ; cl ¤ 0:

Then a0 D b0c0. Now pja0 but p2 does not divide a0. This implies that either pdoesn’t divide b0 or p doesn’t divide c0. Without loss of generality assume that pjb0

and p doesn’t divide c0.Since an D bkcl and p does not divide an it follows that p does not divide bk . Let

bj be the first coefficient of g.x/ which is not divisible by p. Consider

aj D bj c0 C � � � C b0cj

where everything after the first term is divisible by p. Since p does not divide bothbj and c0 it follows that p does not divide bj c0 and therefore p does not divide aj

which implies that j D n. Then from j � k � n it follows that k D n. Thereforedegg.x/ D degf .x/ and hence deg h.x/ D 0. Thus h 2 R. Then from f .x/ Dhg.x/ with f primitive it follows that h is a unit and therefore f .x/ is irreducible.


(b) Suppose that f .x/ D g.x/h.x/ with g.x/; h.x/ 2 RŒx�. The fact that f .x/was primitive was only used in the final part of part (a) so by the same arguments as inpart (a) we may assume without loss of generality that h 2 R � K. Therefore f .x/is irreducible in KŒx�.

We give some examples.

Example 4.4.9. Let R D Z and p a prime number. Suppose that n;m are integerssuch that n � 1 and p does not divide m. Then xn ˙ pm is irreducible in ZŒx� andQŒx�. In particular .pm/

1n is irrational.

Example 4.4.10. Let R D Z and p a prime number. Consider the polynomial

p.x/ D xp � 1x � 1 D xp�1 D xp�2 C � � � C 1:

Since all the coefficients of ˆp.x/ are equal to 1, Eisenstein’s criterion is not directlyapplicable. However the fact that p.x/ is irreducible implies that for any integer athe polynomial p.x C a/ is also irreducible in ZŒx�. It follows that

p.x C 1/ D .x C 1/p � 1.x C 1/ � 1 D xp C �

p1

�

xp�1 C � � � C �

pp�1

�

x C 1p � 1x

D xp�1 C

p

1

!

xp�1 C � � � C

p

p � 1

!

:

Now pj�pi

�

for 1 � i � p � 1 (see exercises) and moreover�

pp�1

� D p is not

divisible by p2. Therefore we can apply the Eisenstein criterion to conclude thatˆp.x/ is irreducible in ZŒx� and QŒx�.

Theorem 4.4.11. LetR be a UFD andK its field of fractions. Let f .x/DPniD0 aix

i

2 RŒx� be a polynomial of degree � 1. Let P be a prime ideal in R with an … P . LetR D R=P and let ˛ W RŒx� ! RŒx� be defined by

˛

� mX

iD0

rixi

�

DmX

iD0

.ri C P /xi :

˛ is an epimorphism. Then if ˛.f .x// is irreducible in RŒx� then f .x/ is irreduciblein KŒx�.

Proof. By Theorem 4.4.3 there is an a 2 R and a primitive g.x/ 2 RŒx� satisfyingf .x/ D ag.x/. Since an … P we have that ˛.a/ ¤ 0 and further the highestcoefficient of g.x/ is also not an element of P . If ˛.g.x// is reducible then ˛.f .x//is also reducible. Thus ˛.g.x// is irreducible. However from Theorem 4.4.4 g.x/ is


irreducible in KŒx� so f .x/ D ag.x/ is also irreducible in KŒx�. Therefore to provethe theorem it suffices to consider the case where f .x/ is primitive in RŒx�.

Now suppose that f .x/ is primitive. We show that f .x/ is irreducible in RŒx�.Suppose that f .x/ D g.x/h.x/, g.x/; h.x/ 2 RŒx� with f .x/; g.x/ nonunits in

RŒx�. Since f .x/ is primitive g; h … R and so degg.x/ < degf .x/ and deg h.x/ <deg f .x/.

Now we have ˛.f .x// D ˛.g.x//˛.h.x//. Since P is a prime ideal R=P is anintegral domain and so in RŒx� we have

deg˛.g.x//C deg˛.g.x// D deg˛.f .x// D degf .x/

since an … P . Since R is a UFD it has no zero divisors and so

degf .x/ D degg.x/C degh.x/:

Now

deg˛.g.x// � degg.x/

deg˛.h.x// � degh.x/:

Therefore deg˛.g.x// D degg.x/ and deg˛.h.x// D degh.x/. Therefore ˛.f .x//is reducible and we have a contradiction.

It is important to note that ˛.f .x// being reducible does not imply that f .x/ isreducible. For example f .x/ D x2 C 1 is irreducible in ZŒx�. However in Z2Œx� wehave

x2 C 1 D .x C 1/2

and hence f .x/ is reducible in Z2Œx�.

Example 4.4.12. Let f .x/ D x5 � x2 C 1 2 ZŒx�. Choose P D 2Z so that

˛.f .x// D x5 C x2 C 1 2 Z2Œx�:

Suppose that in Z2Œx� we have ˛.f .x// D g.x/h.x/. Without loss of generality wemay assume that g.x/ is of degree 1 or 2.

If degg.x/ D 1 then ˛.f .x// has a zero c in Z2Œx�. The two possibilities for c arec D 0 or c D 1. Then

If c D 0 then 0C 0C 1 D 1 ¤ 0:

If c D 1 then 1C 1C 1 D 1 ¤ 0:

Hence the degree of g.x/ cannot be 1.


Suppose degg.x/ D 2. The polynomials of degree 2 over Z2Œx� have the form

x2 C x C 1; x2 C x; x2 C 1; x2:

The last three, x2 Cx; x2 C1; x2 all have zeros in Z2Œx� so they can’t divide ˛.f .x//.Therefore g.x/ must be x2 C x C 1. Applying the division algorithm we obtain

˛.f .x// D .x3 C x2/.x2 C x C 1/C 1

and therefore x2CxC1 does not divide ˛.f .x//. It follows that ˛.f .x// is irreducibleand from the previous theorem f .x/ must be irreducible in QŒx�.

4.5 Exercises

1. For which a; b 2 Z does the polynomial x2 C 3x C 1 divide the polynomialx3 C x2 C ax C b?

2. Let aC bi 2 C be a zero of f .x/ 2 RŒx�. Show that also a� ib is a zero of f .x/.

3. Determine all irreducible polynomials over R. Factorize f .x/ 2 RŒx� in irre-ducible polynomials.

4. Let R be an integral domain, A G R an ideal and f 2 RŒx� a monic polynomial.Define Nf 2 RŒx�=AŒx� by the mapping RŒx� ! R=AŒx�, f D P

aixi 7! Nf D

P Naixi , where Na WD a C A. Show: If Nf 2 R=AŒx� is irreducible then also

f 2 RŒx� is irreducible.

5. Decide if the following polynomials f 2 RŒx� are irreducible:

(i) f .x/ D x3 C 2x2 C 3, R D Z.

(ii) f .x/ D x5 � 2x C 1, R D Q.

(iii) f .x/ D 3x4 C 7x2 C 14x C 7, R D Q.

(iv) f .x/ D x7 C .3 � i/x2 C .3C 4i/x C 4C 2i , R D ZŒi �.

(v) f .x/ D x4 C 3x3 C 2x2 C 3x C 4, R D Q.

(vi) f .x/ D 8x3 � 4x2 C 2x � 1, R D Z.

6. Let R be an integral domain with characteristic 0, let k � 1 and ˛ 2 R. In RŒx�define the derivatives f .k/.x/, k D 0; 1; 2; : : : , of a polynomial f .x/ 2 RŒx� by

f 0.x/ WD f .x/;

f .k/.x/ WD f .k�1/0

.x/:

Show that ˛ is a zero of order k of the polynomial f .x/ 2 RŒx�, if f .k�1/.˛/ D 0,but f .k/.˛/ ¤ 0.

7. Prove that the set of integral polynomials with even constant term is an ideal butnot principal.

8. Prove that pj�pi

�

for 1 � i � p � 1.

Chapter 5

Field Extensions

5.1 Extension Fields and Finite Extensions

Much of algebra in general arose from the theory of equations, specifically polynomialequations. As discovered by Galois and Abel the solutions of polynomial equationsover fields is intimately tied to the theory of field extensions. This theory eventuallyblossoms into Galois Theory. In this chapter we discuss the basic material concerningfield extensions.

Recall that if L is a field and K � L is also a field under the same operations as Lthen K is called a subfield of L. If we view this situation from the viewpoint of K wesay that L is an extension field or field extension of K. If K;L are fields with K � L

we always assume that K is a subfield of L.

Definition 5.1.1. IfK;L are fields withK � L then we say that L is a field extensionor extension field of K. We denote this by LjK.

Note that this is equivalent to having a field monomorphism

i W K ! L

and then identifying K and i.K/.

As examples we have that R is an extension field of Q and C is an extension fieldof both C and Q. If K is any field then the ring of polynomials KŒx� over K is anintegral domain. Let K.x/ be the field of fractions of KŒx�. This is called the field ofrational functions over K. Since K can be considered as part of KŒx� it follows thatK � K.x/ and hence K.x/ is an extension field of K.

A crucial concept is that of the degree of a field extension. Recall that a vector spaceV over a field F consists of an abelian group V together with scalar multiplicationfrom F satisfying:

(1) f v 2 V if f 2 F , v 2 V .

(2) f .uC v/ D f uC f v for f 2 F , u; v 2 V .

(3) .f C g/v D f v C gv for f; g 2 F , v 2 V .

(4) .fg/v D f .gv/ for f; g 2 F , v 2 V .

(5) 1v D v for v 2 V .

Section 5.1 Extension Fields and Finite Extensions 67

Notice that ifK is a subfield of L then multiplication of elements of L by elementsof K are still in L. Since L is an abelian group under addition, L can be consideredas a vector space over K. Thus any extension field is a vector space over any of itssubfields. Using this we define the degree jL W Kj of an extension K � L as thedimension dimK.L/ of L as a vector space over K. We call L a finite extension of Kif jL W Kj < 1.

Definition 5.1.2. If L is an extension field ofK then the degree of the extension LjKis defined as the dimension, dimK.L/, of L, as a vector space over K. We denote thedegree by jL W Kj. The field extension LjK is a finite extension if the degree jL W Kjis finite.

Lemma 5.1.3. jC W Rj D 2 but jR W Qj D 1.

Proof. Every complex number can be written uniquely as a C ib where a; b 2 R.Hence the elements 1; i constitute a basis for C over R and therefore the dimensionis 2, that is jC W Rj D 2.

The fact that jR W Qj D 1 depends on the existence of transcendental numbers.An element r 2 R is algebraic (over Q) if it satisfies some nonzero polynomial withcoefficients from Q. That is, P.r/ D 0, where

0 ¤ P.x/ D a0 C a1x C � � � C anxn with ai 2 Q:

Any q 2 Q is algebraic since if P.x/ D x � q then P.q/ D 0. However, manyirrationals are also algebraic. For example

p2 is algebraic since x2 � 2 D 0 has

p2

as a root. An element r 2 R is transcendental if it is not algebraic.In general it is very difficult to show that a particular element is transcendental.

However there are uncountably many transcendental elements (see exercises). Spe-cific examples are e and � . We will give a proof of their transcendence later in thisbook.

Since e is transcendental, for any natural number n the set of vectors ¹1; e;e2; : : : ; enº must be independent over Q, for otherwise there would be a polynomialthat e would satisfy. Therefore, we have infinitely many independent vectors in Rover Q which would be impossible if R had finite degree over Q.

Lemma 5.1.4. If K is any field then jK.x/ W Kj D 1.

Proof. For any n the elements 1; x; x2; : : : ; xn are independent over K. Therefore asin the proof of Lemma 5.1.3 K.x/ must be infinite dimensional over K.

If LjK and L1jK1 are field extensions then they are isomorphic field extensions ifthere exists a field isomorphism f W L ! L1 such that fjK is an isomorphism fromK to K1.

Suppose that K � L � M are fields. Below we show that the degrees multiply. Inthis situation where K � L � M we call L an intermediate field.

68 Chapter 5 Field Extensions

Theorem 5.1.5. Let K;L;M be fields with K � L � M . Then

jM W Kj D jM W LjjL W Kj:

Note that jM W Kj D 1 if and only if either jM W Lj D 1 or jL W Kj D 1.

Proof. Let ¹xi W i 2 I º be a basis for L as a vector space overK and let ¹yj W j 2 J ºbe a basis for M as a vector space over L. To prove the result it is sufficient to showthat the set

B D ¹xiyj W i 2 I; j 2 J ºis a basis for M as a vector space over K. To show this we must show that B is alinearly independent set over K and that B spans M .

Suppose thatX

i;j

kijxiyj D 0 where kij 2 K:

We can then write this sum as

X

j

�

X

i

kijxi

�

yj D 0:

ButP

i kijxi 2 L. Since ¹yj W j 2 J º is a basis forM over L the yj are independentover L and hence for each j we get,

P

i kijxi D 0. Now since ¹xi W i 2 I º is a basisfor L over K it follows that the xi are linearly independent and since for each j wehave

P

i kijxi D 0 it must be that kij D 0 for all i and for all j . Therefore the set Bis linearly independent over K.

Now suppose that m 2 M . Then since ¹yj W j 2 J º spans M over L we have

m DX

j

cjyj with cj 2 L:

However ¹xi W i 2 I º spans L over K and so for each cj we have

cj DX

i

kijxi with kij 2 K:

Combining these two sums we have

m DX

ij

kijxiyj

and hence B spans M over K. Therefore B is a basis for M over K and the result isproved.

Section 5.2 Finite and Algebraic Extensions 69

Corollary 5.1.6. (a) If jL W Kj is a prime number then there exists no proper inter-mediate field between L and K.

(b) If K � L and jL W Kj D 1 then L D K.

Let LjK be a field extension and suppose that A � L. Then certainly there aresubrings of L containing both A and K, for example L. We denote by KŒA� theintersection of all subrings of L containing both K and A. Since the intersection ofsubrings is a subring it follows that KŒA� is a subring containing both K and A andthe smallest such subring. We call KŒA� the ring adjunction of A to K.

In an analogous manner we let K.A/ be the intersection of all subfields of L con-taining both K and A. This is then a subfield of L and the smallest subfield of Lcontaining both K and A. The subfield K.A/ is called the field adjunction of A to K.

Clearly KŒA� � K.A/. If A D ¹a1; : : : ; anº then we write

KŒA� D KŒa1; : : : ; an� and K.A/ D K.a1; : : : ; an/:

Definition 5.1.7. The field extension LjK is finitely generated if there exist a1; : : : ;

an 2 L such that K D K.a1; : : : ; an/. The extension LjK is a simple extension ifthere is an a 2 L with L D K.a/. In this case a is called a primitive element of LjK.

Later we will look at an alternative way to view the adjunction constructions interms of polynomials.

5.2 Finite and Algebraic Extensions

We now turn to the relationship between field extensions and the solution of polyno-mial equations.

Definition 5.2.1. Let LjK be a field extension. An element a 2 L is algebraic overK if there exists a polynomial p.x/ 2 KŒx� with p.a/ D 0. L is an algebraicextension of K if each element of L is algebraic over K. An element a 2 L that isnot algebraic overK is called transcendental. L is a transcendental extension if thereare transcendental elements, that is they are not algebraic over K.

For the remainder of this section we assume that LjK is a field extension.

Lemma 5.2.2. Each element of K is algebraic over K.

Proof. Let k 2 K. Then k is a root of the polynomial p.x/ D x � k 2 KŒx�.


We tie now algebraic extensions to finite extensions.

Theorem 5.2.3. If LjK is a finite extension then LjK is an algebraic extension.

Proof. Suppose that LjK is a finite extension and a 2 L. We must show that a isalgebraic over K. Suppose that jL W Kj D n < 1 then dimK.L/ D n. It follows thatany nC 1 elements of L are linearly dependent over K.

Now consider the elements 1; a; a2; : : : ; an in L. These are nC 1 distinct elementsinL so they are dependent overK. Hence there exist c0; : : : ; cn 2 K not all zero suchthat

c0 C c1aC � � � C cnan D 0:

Let p.x/ D c0 C c1x C � � � C cnxn. Then p.x/ 2 KŒx� and p.a/ D 0. Therefore a

is algebraic over K. Since a was arbitrary it follows that L is an algebraic extensionof K.

From the previous theorem it follows that every finite extension is algebraic. Theconverse is not true, that is there are algebraic extensions that are not finite. We willgive examples in Section 5.4.

The following lemma gives some examples of algebraic and transcendental exten-sions.

Lemma 5.2.4. CjR is algebraic but RjQ and CjQ are transcendental. If K is anyfield then K.x/jK is transcendental.

Proof. Since 1; i constitute a basis for C over R we have jC W Rj D 2. Hence C is afinite extension of R and therefore from Theorem 5.2.3 an algebraic extension. Moredirectly if ˛ D aC ib 2 C then ˛ is a zero of x2 � 2ax C .a2 C b2/ 2 RŒx�.

The existence of transcendental numbers (we will discuss these more fully in Sec-tion 5.5) shows that both RjQ and CjQ are transcendental extensions.

Finally the element x 2 K.x/ is not a zero of any polynomial in KŒx�. Thereforex is a transcendental element so the extension K.x/jK is transcendental.

5.3 Minimal Polynomials and Simple Extensions

If LjK is a field extension and a 2 L is algebraic over K then p.a/ D 0 for somepolynomial p.x/ 2 KŒx�. In this section we consider the smallest such polynomialand tie it to a simple extension of K.

Definition 5.3.1. Suppose thatLjK is a field extension and a 2 L is algebraic overK.The polynomial ma.x/ 2 KŒx� is the minimal polynomial of a over K if

Section 5.3 Minimal Polynomials and Simple Extensions 71

(1) ma.x/ has leading coefficient 1, that is, it is a monic polynomial.

(2) ma.a/ D 0.

(3) If f .x/ 2 KŒx� with f .a/ D 0 then ma.x/jf .x/.Hence ma.x/ is the monic polynomial of minimal degree that has a as a zero.

We prove next that every algebraic element has such a minimal polynomial.

Theorem 5.3.2. Suppose thatLjK is a field extension and a 2 L is algebraic overK.Then

(1) The minimal polynomial ma.x/ 2 KŒx� exists and is irreducible over K.

(2) KŒa� Š K.a/ Š KŒx�=.ma.x// where .ma.x// is the principal ideal in KŒx�generated by ma.x/.

(3) jK.a/ W Kj D deg.ma.x//. Therefore K.a/jK is a finite extension.

Proof. (1) Suppose that a 2 L is algebraic over K. Let

I D ¹f .x/ 2 KŒx� W f .a/ D 0º:Since a is algebraic I ¤ ;. It is straightforward to show (see exercises) that I is anideal inKŒx�. SinceK is a field we have thatKŒx� is a principal ideal domain. Hencethere exists g.x/ 2 KŒx� with I D .g.x//. Let b be the leading coefficient of g.x/.Then ma.x/ D b�1g.x/ is a monic polynomial. We claim that ma.x/ is the minimalpolynomial of a and that ma.x/ is irreducible.

First it is clear that I D .g.x// D .ma.x//. If f .x/ 2 KŒx� with f .a/ D 0 thenf .x/ D h.x/ma.x/ for some h.x/. Thereforema.x/ divides any polynomial that hasa as a zero. It follows that ma.x/ is the minimal polynomial.

Suppose that ma.x/ D g1.x/g2.x/. Then since ma.a/ D 0 it follows that eitherg1.a/ D 0 or g2.a/ D 0. Suppose g1.a/ D 0. Then from above ma.x/jg1.x/

and since g1.x/jma.x/ we must then have that g2.x/ is a unit. Therefore ma.x/ isirreducible.

(2) Consider the map � W KŒx� ! KŒa� given by

�

�

X

i

kixi

�

DX

i

kiai :

Then � is a ring epimorphism (see exercises) and

ker.�/ D ¹f .x/ 2 KŒx� W f .a/ D 0º D .ma.x//

from the argument in the proof of part (1). It follows that

KŒx�=.ma.x// Š KŒa�:


Since ma.x/ is irreducible we have KŒx�=.ma.x// is a field and therefore KŒa� DK.a/.

(3) Let n D deg.ma.x//. We claim that the elements 1; a; : : : ; an�1 are a basis forKŒa� D K.a/ over K. First suppose that

n�1X

iD1

ciai D 0

with not all ci D 0 and ci 2 K. Then h.a/ D 0 where h.x/ D Pn�1iD0 cix

i . But thiscontradicts the fact that ma.x/ has minimal degree over all polynomials in KŒx� thathave a as a zero. Therefore the set 1; a; : : : ; an�1 is linearly independent over K.

Now let b 2 KŒa� Š KŒx�=.ma.x//. Then there is a g.x/ 2 KŒx� with b D g.a/.By the division algorithm

g.x/ D h.x/ma.x/C r.x/

where r.x/ D 0 or deg.r.x// < deg.ma.x//. Now

r.a/ D g.a/ � h.a/ma.a/ D g.a/ D b:

If r.x/ D 0 then b D 0. If r.x/ ¤ 0 then since deg.r.x// < n we have

r.x/ D c0 C c1x C � � � C cn�1xn�1

with ci 2 K and some ci but not all might be zero. This implies that

b D r.a/ D c0 C c1aC � � � C cn�1an�1

and hence b is a linear combination over K of 1; a; : : : ; an�1. Hence 1; a; : : : ; an�1

spans KŒa� over K and hence forms a basis.

Theorem 5.3.3. Suppose thatLjK is a field extension and a 2 L is algebraic overK.Suppose that f .x/ 2 KŒx� is a monic polynomial with f .a/ D 0. Then f .x/ is theminimal polynomial if and only if f .x/ is irreducible in KŒx�.

Proof. Suppose that f .x/ is the minimal polynomial of a. Then f .x/ is irreduciblefrom the previous theorem.

Conversely suppose that f .x/ is monic, irreducible and f .a/ D 0. From the pre-vious theorem ma.x/jf .x/. Since f .x/ is irreducible we have f .x/ D cma.x/ withc 2 K. However since both f .x/ and ma.x/ are monic we must have c D 1 andf .x/ D ma.x/.

We now show that a finite extension of K is actually finitely generated over K andfurther it is generated by finitely many algebraic elements.

Section 5.3 Minimal Polynomials and Simple Extensions 73

Theorem 5.3.4. Let LjK be a field extension. Then the following are equivalent:

(1) LjK is a finite extension.

(2) LjK is an algebraic extension and there exist elements a1; : : : ; an 2 L suchthat L D K.a1; : : : ; an/.

(3) There exist algebraic elements a1; : : : ; an 2 L such that L D K.a1; : : : ; an/.

Proof. (1) ) (2). We have seen in Theorem 5.2.3 that a finite extension is algebraic.Suppose that a1; : : : ; an are a basis for L over K. Then clearly L D K.a1; : : : ; an/.

(2) ) (3). If LjK is an algebraic extension and L D K.a1; : : : ; an/ then each ai

is algebraic over K.(3) ) (1). Suppose that there exist algebraic elements a1; : : : ; an 2 L such that

L D K.a1; : : : ; an/. We show that LjK is a finite extension. We do this by inductionon n. If n D 1 then L D K.a/ for some algebraic element a and the result followsfrom Theorem 5.3.2. Suppose now that n � 2. We assume then that an extensionK.a1; : : : ; an�1/ with a1; : : : ; an�1 algebraic elements is a finite extension. Nowsuppose that we have L D K.a1; : : : ; an/ with a1; : : : ; an algebraic elements.

Then

jK.a1; : : : ; an/ W KjD jK.a1; : : : ; an�1/.an/ W K.a1; : : : ; an�1/jjK.a1; : : : ; an�1/ W Kj:

The second term jK.a1; : : : ; an�1/ W Kj is finite from the inductive hypothesis. Thefirst term jK.a1; : : : ; an�1/.an/ W K.a1; : : : ; an�1/j is also finite from Theorem 5.3.2since it is a simple extension of the field K.a1; : : : ; an�1/ by the algebraic elementan. Therefore jK.a1; : : : ; an/ W Kj is finite.

Theorem 5.3.5. Suppose that K is a field and R is an integral domain with K � R.Then R can be viewed as a vector space over K. If dimK.R/ < 1 then R is a field.

Proof. Let r0 2 R with r0 ¤ 0. Define the map from R to R given by

�.r/ D rr0:

It is easy to show (see exercises) that this is a linear transformation from R to Rconsidered as a vector space over K.

Suppose that �.r/ D 0. Then rr0 D 0 and hence r D 0 since r0 ¤ 0 and R is anintegral domain. It follows that � is an injective map. Since R is a finite dimensionalvector space over K and � is an injective linear transformation it follows that � mustalso be surjective. This implies that there exists and r1 with �.r1/ D 1. Then r1r0 D 1

and hence r0 has an inverse within R. Since r0 was an arbitrary nonzero element ofR it follows that R is a field.


Theorem 5.3.6. Suppose thatK � L � M is a chain of field extensions. ThenM jKis algebraic if and only if M jL is algebraic and LjK is algebraic.

Proof. If M jK is algebraic then certainly M jL and LjK are algebraic.Now suppose that M jL and LjK are algebraic. We show that M jK is algebraic.

Let a 2 M . Then since a is algebraic over L there exist b0; b1; : : : ; bn 2 L with

b0 C b1aC � � � C bnan D 0:

Each bi is algebraic over K and hence K.b0; : : : ; bn/ is finite dimensional over K.Therefore K.b0; : : : ; bn/.a/ D K.b0; : : : ; bn; a/ is also finite dimensional over K.Therefore K.b0; : : : ; bn; a/ is a finite extension of K and hence an algebraic exten-sionK. Since a 2 K.b0; : : : ; bn; a/ it follows that a is algebraic overK and thereforeM is algebraic over K.

5.4 Algebraic Closures

As before suppose that LjK is a field extension. Since each element ofK is algebraicoverK there are certainly algebraic elements overK within L. Let AK denote the setof all elements of L that are algebraic overK. We prove that AK is actually a subfieldof L. It is called the algebraic closure of K within L.

Theorem 5.4.1. Suppose that LjK is a field extension and let AK denote the set ofall elements of L that are algebraic overK. Then AK is a subfield of L. AK is calledthe algebraic closure of K in L.

Proof. Since K � AK we have that AK ¤ ;. Let a; b 2 AK . Since a; b are bothalgebraic over K from Theorem 5.3.4 we have that K.a; b/ is a finite extension of K.Therefore K.a; b/ is an algebraic extension of K and hence each element of K.a; b/is algebraic overK. Now a; b 2 K.a; b/, if b ¤ 0, andK.a; b/ is a field so a˙ b; ab

and a=b are all in K.a; b/ and hence all algebraic over K. Therefore a ˙ b; ab; a=b,if b ¤ 0, are all in AK . It follows that AK is a subfield of L.

In Section 5.2 we showed that every finite extension is an algebraic extension. Wementioned that the converse is not necessarily true, that is there are algebraic exten-sions that are not finite. Here we give an example.

Theorem 5.4.2. Let A be the algebraic closure of the rational numbers Q within thecomplex numbers C. Then A is an algebraic extension of Q but jA W Qj D 1.

Proof. From the previous theorem A is an algebraic extension of Q. We show that itcannot be a finite extension. By Eisenstein’s criterion the rational polynomial f .x/ Dxp C p is irreducible over Q for any prime p. Let a be a zero in C of f .x/. Then

Section 5.5 Algebraic and Transcendental Numbers 75

a 2 A and jQ.a/ W Qj D p. Therefore jA W Qj � p for all primes p. Since there areinfinitely many primes this implies that jA W Qj D 1

5.5 Algebraic and Transcendental Numbers

In this section we consider the string of field extensions Q � R � C.

Definition 5.5.1. An algebraic number ˛ is an element of C which is algebraic overQ. Hence an algebraic number is an ˛ 2 C such that f .˛/ D 0 for some f .x/ 2QŒx�. If ˛ 2 C is not algebraic it is transcendental.

We will let A denote the totality of algebraic numbers within the complex num-bers C, and T the set of transcendentals so that C D A [ T . In the language of thelast subsection, A is the algebraic closure of Q within C. As in the general case, if˛ 2 C is algebraic we will let m˛.x/ denote the minimal polynomial of ˛ over Q.

We now examine the sets A and T more closely. Since A is precisely the algebraicclosure of Q in C we have from our general result that A actually forms a subfieldof C. Further since the intersection of subfields is again a subfield it follows thatA0 D A \ R the real algebraic numbers form a subfield of the reals.

Theorem 5.5.2. The set A of algebraic numbers forms a subfield of C. The subsetA0 D A \ R of real algebraic numbers forms a subfield of R.

Since each rational is algebraic it is clear that there are algebraic numbers. Fur-ther there are irrational algebraic numbers,

p2 for example, since it satisfies the irre-

ducible polynomial x2 � 2 D 0 over Q. On the other hand we haven’t examined thequestion of whether transcendental numbers really exist. To show that any particularcomplex number is transcendental is in general quite difficult. However it is relativelyeasy to show that there are uncountably infinitely many transcendentals.

Theorem 5.5.3. The set A of algebraic numbers is countably infinite. Therefore T

the set of transcendental numbers and T 0 D T \ R, the real transcendental numbers,are uncountably infinite.

Proof. LetPn D ¹f .x/ 2 QŒx� W deg.f .x// � nº:

Since if f .x/ 2 Pn, f .x/ D qo C q1x C � � � C qnxn with qi 2 Q we can identify a

polynomial of degree � n with an .nC 1/-tuple .q0; q1; : : : ; qn/ of rational numbers.Therefore the set Pn has the same size as the .nC 1/-fold Cartesian product of Q:

QnC1 D Q � Q � � � � � Q:


Since a finite Cartesian product of countable sets is still countable it follows that Pn

is a countable set.Now let

Bn D[

p.x/2Pn

¹roots ofp.x/º;

that is Bn is the union of all roots in C of all rational polynomials of degree � n.Since each such p.x/ has a maximum of n roots and since Pn is countable it followsthat Bn is a countable union of finite sets and hence is still countable. Now

A D1[

nD1

Bn

so A is a countable union of countable sets and is therefore countable.Since both R and C are uncountably infinite the second assertions follow directly

from the countability of A. If say T were countable then C D A [ T would also becountable which is a contradiction.

From Theorem 5.5.3 we know that there exist infinitely many transcendental num-bers. Liouville in 1851 gave the first proof of the existence of transcendentals byexhibiting a few. He gave as one the following example.

Theorem 5.5.4. The real number

c D1X

jD1

1

10j Š

is transcendental.

Proof. First of all since 110j Š <

110j , and

P1jD1

110j is a convergent geometric series,

it follows from the comparison test that the infinite series defining c converges anddefines a real number. Further since

P1jD1

110j D 1

9, it follows that c < 1

9< 1.

Suppose that c is algebraic so that g.c/ D 0 for some rational nonzero polyno-mial g.x/. Multiplying through by the least common multiple of all the denomina-tors in g.x/ we may suppose that f .c/ D 0 for some integral polynomial f .x/ DPn

jD0mjxj . Then c satisfies

nX

jD0

mj cj D 0

for some integers m0; : : : ; mn.

Section 5.5 Algebraic and Transcendental Numbers 77

If 0 < x < 1 then by the triangle inequality

jf 0.x/j Dˇ

ˇ

ˇ

ˇ

nX

jD1

jmjxj�1

ˇ

ˇ

ˇ

ˇ

�nX

jD1

jjmj j D B

where B is a real constant depending only on the coefficients of f .x/.Now let

ck DkX

jD1

1

10j Š

be the k-th partial sum for c. Then

jc � ckj D1X

jDkC1

1

10j Š< 2 � 1

10.kC1/Š:

Apply the mean value theorem to f .x/ at c and ck to obtain

jf .c/ � f .ck/j D jc � ckjjf 0./jfor some with ck < < c < 1. Now since 0 < < 1 we have

jc � ckjjf 0./j < 2B 1

10.kC1/Š:

On the other hand, since f .x/ can have at most n roots, it follows that for all klarge enough we would have f .ck/ ¤ 0. Since f .c/ D 0 we have

jf .c/ � f .ck/j D jf .ck/j Dˇ

ˇ

ˇ

ˇ

nX

jD1

mj cj

k

ˇ

ˇ

ˇ

ˇ

>1

10nkŠ

since for each j , mj cj

kis a rational number with denominator 10jkŠ. However if k is

chosen sufficiently large and n is fixed we have

1

10nkŠ>

2B

10.kC1/Š

contradicting the equality from the mean value theorem. Therefore c is transcenden-tal.

In 1873 Hermite proved that e is transcendental while Lindemann in 1882 showedthat � is transcendental. Schneider in 1934 showed that ab is transcendental if a ¤ 0,a and b are algebraic and b is irrational. Later in the book we will prove that both eand � are transcendental. An interesting open question is the following:

Is � transcendental over Q.e/?To close this section we show that in general if a 2 L is transcendental overK then

K.a/jK is isomorphic to the field of rational functions over K.


Theorem 5.5.5. Suppose that LjK is a field extension and a 2 L is transcendentalover K. Then K.a/jK is isomorphic to K.x/jK. Here the isomorphism � W K.x/ !K.a/ can be chosen such that �.x/ D a.

Proof. Define the map � W K.x/ ! K.a/ by

�

�

f .x/

g.x/

�

D f .a/

g.a/

for f .x/; g.x/ 2 KŒx� with g.x/ ¤ 0. Then � is a homomorphism and �.x/ D a.Since � ¤ 0 it follows that � is an isomorphism.

5.6 Exercises

1. Let a 2 C with a3 � 2a C 2 D 0 and b D a2 � a. Compute the minimalpolynomial mb.x/ of b over Q and compute the inverse of b in Q.a/.

2. Determine the algebraic closure of R in C.x/.

3. Let an WD 2np2 2 R, n D 1; 2; 3; : : : and A WD ¹an W n 2 Nº and E WD Q.A/.

Show:

(i) jQ.an/ W Qj D 2n.

(ii) jE W Qj D 1.

(iii) E D S1nD1 Q.an/.

(iv) E is algebraic over Q.

4. Determine jE W Qj for

(i) E D Q.p2;

p�2/.(ii) E D Q.

p3;

p3C 3

p3/.

(iii) E D Q.1Cip2; �1Cip

2/.

5. Show that Q.p2;

p3/ D ¹aCb

p2C c

p3Cd

p6 W a; b; c; d 2 Qº. Determine

the degree of Q.p2;

p3/ over Q. Further show that Q.

p2;

p3/ D Q.

p2 Cp

3/.

6. Let K, E be fields and a 2 E be transcendental over K. Show:

(i) Each element of K.a/jK is transcendental over K.

(ii) an is transcendental over K for each n > 1.

(iii) If L WD K. a3

aC1/ then a is algebraic over L. Determine the minimal poly-

nomial ma.x/ of a over L.


7. Let K be a field and a 2 K.x/jK. Show:

(i) x is algebraic over K.a/.

(ii) If L is a field with K � L K.x/, then jK.x/ W Lj < 1.

(iii) a is transcendental over K.

8. Suppose that a 2 L is algebraic over K. Let

I D ¹f .x/ 2 KŒx� W f .a/ D 0º:Since a is algebraic I ¤ ;. Prove that I is an ideal in KŒx�.

9. Prove that there are uncountably many transcendental numbers. To do this showthat the set A of algebraic numbers is countable. To do this:

(i) Show that QnŒx� the set of rational polynomials of degree � n is countable(finite Cartesian product of countable sets).

(ii) Let Bn D ¹Zeros of polynomials in Qnº. Show that B is countable.

(iii) Show that A D S1nD1 Bn and conclude that A is countable.

(iv) Show that the transcendental numbers are uncountable.

10. Consider the map � W KŒx� ! KŒa� given by

�

�

X

i

kixi

�

DX

i

kiai :

Show that � is a ring epimorphism.

11. Suppose that K is a field and R is an integral domain with K � R. Then R canbe viewed as a vector space over K. Let r0 2 R with r0 ¤ 0. Define the mapfrom R to R given by

�.r/ D rr0:

Show that this is a linear transformation fromR toR considered as a vector spaceover K.

Chapter 6

Field Extensions and Compass and StraightedgeConstructions

6.1 Geometric Constructions

Greek mathematicians in the classical period posed the problem of constructing cer-tain geometric figures in the Euclidean plane using only a straightedge and a compass.These are known as geometric construction problems.

Recall from elementary geometry that using a straightedge and compass it is pos-sible to draw a line parallel to a given line segment through a given point, to extenda given line segment, and to erect a perpendicular to a given line at a given point onthat line. There were other geometric construction problems that the Greeks couldnot determine straightedge and compass solutions but on the other hand were neverable to prove that such constructions were impossible. In particular there were fourfamous insolvable (to the Greeks) construction problems. The first is the squaring ofthe circle. This problem is, given a circle, to construct using straightedge and com-pass a square having area equal to that of the given circle. The second is the doublingof the cube. This problem is given a cube of given side length, to construct using astraightedge and compass, a side of a cube having double the volume of the originalcube. The third problem is the trisection of an angle. This problem is to trisect a givenangle using only a straightedge and compass. The final problem is the construction ofa regular n-gon. This problems asks which regular n-gons could be constructed usingonly straightedge and compass.

By translating each of these problems into the language of field extensions we canshow that each of the first three problems are insolvable in general and we can givethe complete solution to the construction of the regular n-gons.

6.2 Constructible Numbers and Field Extensions

We now translate the geometric construction problems into the language of field ex-tensions. As a first step we define a constructible number.

Definition 6.2.1. Suppose we are given a line segment of unit length. An ˛ 2 R isconstructible if we can construct a line segment of length j˛j in a finite number ofsteps from the unit segment using a straightedge and compass.

Section 6.2 Constructible Numbers and Field Extensions 81

Our first result is that the set of all constructible numbers forms a subfield of R.

Theorem 6.2.2. The set C of all constructible numbers forms a subfield of R. Fur-ther, Q � C .

Proof. Let C be the set of all constructible numbers. Since the given unit lengthsegment is constructible, we have 1 2 C . Therefore, C ¤ ;, and thus to show that itis a field we must show that it is closed under the field operations.

Suppose ˛; ˇ are constructible. We must show then that ˛ ˙ ˇ; ˛ˇ, and ˛=ˇ forˇ ¤ 0 are constructible. If ˛; ˇ > 0, construct a line segment of length j˛j. Atone end of this line segment extend it by a segment of length jˇj. This will constructa segment of length ˛ C ˇ. Similarly, if ˛ > ˇ, lay off a segment of length jˇjat the beginning of a segment of length j˛j. The remaining piece will be ˛ � ˇ.By considering cases we can do this in the same manner if either ˛ or ˇ or bothare negative. These constructions are pictured in Figure 6.1. Therefore, ˛ ˙ ˇ areconstructible.

Figure 6.1

In Figure 6.2 we show how to construct ˛ˇ. Let the line segment OA have lengthj˛j. Consider a line L through O not coincident with OA. Let OB have length jˇj asin the diagram. Let P be on ray OB so thatOP has length 1. Draw AP and then findQ on ray OA such that BQ is parallel to AP . From similar triangles we then have

jOP jjOBj D jOAj

jOQj ) 1

jˇj D j˛jjOQj :

Then jOQj D j˛jjˇj, and so ˛ˇ is constructible.

Figure 6.2

82 Chapter 6 Field Extensions and Compass and Straightedge Constructions

A similar construction, pictured in Figure 6.3, shows that ˛=ˇ for ˇ ¤ 0 is con-structible. Find OA;OB;OP as above. Now, connect A to B and let PQ be parallelto AB . From similar triangles again we have

1

jˇj D jOQjj˛j H) j˛j

jˇj D jOQj:

Hence ˛=ˇ is constructible.

Figure 6.3

Therefore, C is a subfield of R. Since char C D 0, it follows that Q � C .

Let us now consider analytically how a constructible number is found in the plane.Starting at the origin and using the unit length and the constructions above, we canlocate any point in the plane with rational coordinates. That is, we can construct thepoint P D .q1; q2/ with q1; q2 2 Q. Using only straightedge and compass, anyfurther point in the plane can be determined in one of the following three ways.

1. The intersection point of two lines each of which passes through two knownpoints each having rational coordinates.

2. The intersection point of a line passing through two known points having ra-tional coordinates and a circle whose center has rational coordinates and whoseradius squared is rational.

3. The intersection point of two circles each of whose centers has rational coordi-nates and each of whose radii is the square root of a rational number.

Analytically, the first case involves the solution of a pair of linear equations eachwith rational coefficients and thus only leads to other rational numbers. In cases twoand three we must solve equations of the form x2 C y2 C ax C by C c D 0, witha; b; c 2 Q. These will then be quadratic equations over Q, and thus the solutionswill either be in Q or in a quadratic extension Q.

p˛/ of Q. Once a real quadratic

extension of Q is found, the process can be iterated. Conversely it can be shown thatif ˛ is constructible, so is

p˛. We thus can prove the following theorem.

Section 6.3 Four Classical Construction Problems 83

Theorem 6.2.3. If is constructible with … Q, then there exists a finite number ofelements ˛1; : : : ; ˛r 2 R with ˛r D such that for i D 1; : : : ; r , Q.˛1; : : : ; ˛i / isa quadratic extension of Q.˛1; : : : ; ˛i�1/. In particular, jQ./ W Qj D 2n for somen � 1.

Therefore, the constructible numbers are precisely those real numbers that are con-tained in repeated quadratic extensions of Q. In the next section we use this idea toshow the impossibility of the first three mentioned construction problems.

6.3 Four Classical Construction Problems

We now consider the aforementioned construction problems. Our main techniquewill be to use Theorem 6.2.3. From this result we have that if is constructible with … Q, then jQ./ W Qj D 2n for some n � 1.

6.3.1 Squaring the Circle

Theorem 6.3.1. It is impossible to square the circle. That is, it is impossible in gen-eral, given a circle, to construct using straightedge and compass a square having areaequal to that of the given circle.

Proof. Suppose the given circle has radius 1. It is then constructible and would havean area of � . A corresponding square would then have to have a side of length

p� .

To be constructible a number ˛ must have jQ.˛/ W Qj D 2m < 1 and hence ˛ mustbe algebraic. However � is transcendental, so

p� is also transcendental and therefore

not constructible.

6.3.2 The Doubling of the Cube

Theorem 6.3.2. It is impossible to double the cube. This means that it is impossiblein general, given a cube of given side length, to construct using a straightedge andcompass, a side of a cube having double the volume of the original cube.

Proof. Let the given side length be 1, so that the original volume is also 1. To doublethis we would have to construct a side of length 21=3. However jQ.21=3/ W Qj D 3

since the minimal polynomial over Q is m21=3.x/ D x3 � 2. This is not a power of 2so 21=3 is not constructible.

6.3.3 The Trisection of an Angle

Theorem 6.3.3. It is impossible to trisect an angle. This means that it is impossiblein general to trisect a given angle using only a straightedge and compass.


Proof. An angle � is constructible if and only if a segment of length jcos � j is con-structible. Since cos.�=3/ D 1=2, therefore �=3 is constructible. We show that itcannot be trisected by straightedge and compass.

The following trigonometric identity holds

cos.3�/ D 4 cos3.�/ � 3 cos.�/:

Let ˛ D cos.�=9/. From the above identity we have 4˛3 � 3˛ � 12

D 0. Thepolynomial 4x3 � 3x � 1

2is irreducible over Q, and hence the minimal polynomial

over Q is m˛.x/ D x3 � 34x � 1

8. It follows that jQ.˛/ W Qj D 3, and hence ˛ is not

constructible. Therefore, the corresponding angle �=9 is not constructible. Therefore,�=3 is constructible, but it cannot be trisected.

6.3.4 Construction of a Regular n-Gon

The final construction problem we consider is the construction of regular n-gons. Thealgebraic study of the constructibility of regular n-gons was initiated by Gauss in theearly part of the nineteenth century.

Notice first that a regular n-gon will be constructible for n � 3 if and only ifthe angle 2�

nis constructible, which is the case if and only if the length cos 2�

nis a

constructible number. From our techniques if cos 2�n

is a constructible number thennecessarily jQ.cos.2�

n// W Qj D 2m for some m. After we discuss Galois theory we

see that this condition is also sufficient. Therefore cos 2�n

is a constructible number ifand only if jQ.cos.2�

n// W Qj D 2m for some m.

The solution of this problem, that is the determination of when jQ.cos.2�n/ W Qj D

2m involves two concepts from number theory; the Euler phi-function and Fermatprimes.

Definition 6.3.4. For any natural number n, the Euler phi-function is defined by

�.n/ D number of integers less than or equal to n and relatively prime to n:

Example 6.3.5. �.6/ D 2 since among 1; 2; 3; 4; 5; 6 only 1; 5 are relatively primeto 6.

It is fairly straightforward to develop a formula for �.n/. A formula is first deter-mined for primes and for prime powers and then pasted back together via the funda-mental theorem of arithmetic.

Lemma 6.3.6. For any prime p and m > 0,

�.pm/ D pm � pm�1 D pm

�

1 � 1

p

�

:


Proof. If 1 � a � p then either a D p or .a; p/ D 1. It follows that the positiveintegers less than or equal to pm which are not relatively prime to pm are preciselythe multiples of p that is p; 2p; 3p; : : : ; pm�1 �p. All other positive a < pm arerelatively prime to pm. Hence the number relatively prime to pm is

pm � pm�1:

Lemma 6.3.7. If .a; b/ D 1 then �.ab/ D �.a/�.b/.

Proof. Given a natural number n a reduced residue system modulo n is a set of in-tegers x1; : : : ; xk such that each xi is relatively prime to n, xi ¤ xj mod n unlessi D j and if .x; n/ D 1 for some integer x then x � xi mod n for some i . Clearly�.n/ is the size of a reduced residue system modulo n.

Let Ra D ¹x1; : : : ; x�.a/º be a reduced residue system modulo a, Rb D ¹y1; : : : ;

y�.b/º be a reduced residue system modulo b, and let

S D ¹ayi C bxj W i D 1; : : : ; �.b/; j D 1; : : : ; �.a/º:

We claim that S is a reduced residue system modulo ab. Since S has �.a/�.b/elements it will follow that �.ab/ D �.a/�.b/.

To show that S is a reduced residue system modulo ab we must show three things:first that each x 2 S is relatively prime to ab; second that the elements of S aredistinct; and finally that given any integer n with .n; ab/ D 1 then n � s mod ab forsome s 2 S .

Let x D ayi C bxj . Then since .xj ; a/ D 1 and .a; b/ D 1 it follows that.x; a/ D 1. Analogously .x; b/ D 1. Since x is relatively prime to both a and b wehave .x; ab/ D 1. This shows that each element of S is relatively prime to ab.

Next suppose that

ayi C bxj � ayk C bxl mod ab:

Thenabj.ayi C bxj / � .ayk C bxl / H) ayi � ayk mod b:

Since .a; b/ D 1 it follows that yi � yk mod b. But then yi D yk since Rb is areduced residue system. Similarly xj D xl . This shows that the elements of S aredistinct modulo ab.

Finally suppose .n; ab/ D 1. Since .a; b/ D 1 there exist x; y with ax C by D 1.Then

anx C bny D n:

Since .x; b/ D 1 and .n; b/ D 1 it follows that .nx; b/ D 1. Therefore there is ansi with nx D si C tb. In the same manner .ny; a/ D 1 and so there is an rj with


ny D rj C ua. Then

a.si C tb/C b.rj C ua/ D n H) n D asi C brj C .t C u/ab

H) n � ari C bsj mod ab

and we are done.

We now give the general formula for �.n/.

Theorem 6.3.8. Suppose n D pe1

1 � � �pek

kthen

�.n/ D .pe1

1 � pe1�11 /.p

e2

2 � pe2�12 / � � � .pek

k� pek�1

k/:

Proof. From the previous lemma we have

�.n/ D �.pe1

1 /�.pe22 / � � ��.pek

k/

D .pe1

1 � pe1�11 /.p

e2

2 � pe2�12 / � � � .pek

k� pek�1

k/

D pe1

1 .1 � 1=p1/ � � �pek

k.1 � 1=pk/ D p

e1

1 � � �pek

k� .1 � 1=p1/ � � � .1 � 1=pk/

D nY

i

.1 � 1=pi /:

Example 6.3.9. Determine �.126/. Now

126 D 2 � 32 � 7 H) �.126/ D �.2/�.32/�.7/ D .1/.32 � 3/.6/ D 36:

Hence there are 36 units in Z126.

An interesting result with many generalizations in number theory is the following.

Theorem 6.3.10. For n > 1 and for d � 1

X

d jn�.d/ D n:

Proof. We first prove the theorem for prime powers and then paste together via thefundamental theorem of arithmetic.

Suppose that n D pe for p a prime. Then the divisors of n are 1; p; p2; : : : ; pe , soX

d jn�.d/ D �.1/C �.p/C �.p2/C � � � C �.pe/

D 1C .p � 1/C .p2 � p/C � � � C .pe � pe�1/:

Notice that this sum telescopes, that is 1C .p � 1/ D p; p C .p2 � p/ D p2 andso on. Hence the sum is just pe and the result is proved for n a prime power.


We now do an induction on the number of distinct prime factors of n. The aboveargument shows that the result is true if n has only one distinct prime factor. Assumethat the result is true whenever an integer has less than k distinct prime factors andsuppose n D p

e1

1 � � �pek

khas k distinct prime factors. Then n D pec where p D p1,

e D e1 and c has fewer than k distinct prime factors. By the inductive hypothesis

X

d jc�.d/ D c:

Since .c; p/ D 1 the divisors of n are all of the form p˛d1 where d1jc and ˛ D0; 1; : : : ; e. It follows that

X

d jn�.d/ D

X

d1jc�.d1/C

X

d1jc�.pd1/C � � � C

X

d1jc�.ped1/:

Since .d1; p˛/ D 1 for any divisor of c this sum equals

X

d1jc�.d1/C

X

d1jc�.p/�.d1/C � � � C

X

d1jc�.pe/�.d1/

DX

d1jc�.d1/C .p � 1/

X

d1jc�.d1/C � � � C .pe � pe�1/

X

d1jc�.d1/

D c C .p � 1/c C .p2 � p/c C � � � C .pe � pe�1/c:

As in the case of prime powers this sum telescopes giving a final result

X

d jn�.d/ D pec D n:

Example 6.3.11. Consider n D 10. The divisors are 1; 2; 5; 10. Then �.1/ D 1,�.2/ D 1, �.5/ D 4, �.10/ D 4. Then

�.1/C �.2/C �.5/C �.10/ D 1C 1C 4C 4 D 10:

We will see later in the book that the Euler phi-function plays an important role inthe structure theory of abelian groups.

We now turn to Fermat primes.

Definition 6.3.12. The Fermat numbers are the sequence .Fn/ of positive integersdefined by

Fn D 22n C 1; n D 0; 1; 2; 3; : : : :

If a particular Fn is prime it is called a Fermat prime.


Fermat believed that all the numbers in this sequence were primes. In fact F0; F1;

F2; F3; F4 are all prime but F5 is composite and divisible by 641 (see exercises). It isstill an open question whether or not there are infinitely many Fermat primes. It hasbeen conjectured that there are only finitely many. On the other hand if a number ofthe form 2n C 1 is a prime for some integer n then it must be a Fermat prime.

Theorem 6.3.13. If a � 2 and an C 1, n � 1, is a prime then a is even and n D 2m

for some nonnegative integer m. In particular if p D 2k C 1, k � 1, is a prime thenk D 2n for some n and p is a Fermat prime.

Proof. If a is odd then an C 1 is even and hence not a prime. Suppose then that a iseven and n D kl with k odd and k � 3. Then

akl C 1

al C 1D a.k�1/l � a.k�2/l C � � � C 1:

Therefore al C 1 divides akl C 1 if k � 3. Hence if an C 1 is a prime we must haven D 2m.

We can now state the solution to the constructibility of regular n-gons.

Theorem 6.3.14. A regular n-gon is constructible with a straightedge and compassif and only if n D 2mp1 � � �pk where p1; : : : ; pk are distinct Fermat primes.

Before proving the theorem notice for example that a regular 20-gon is constructiblesince 20 D 22 � 5 and 5 is a Fermat prime. On the other hand a regular 11-gon is notconstructible.

Proof. Let � D e2�i

n be a primitive n-th root of unity. Since

e2�i

n D cos

�

2�

n

�

C i sin

�

2�

n

�

is easy to compute that (see exercises)

�C 1

�D 2 cos

�

2�

n

�

:

Therefore Q.� C 1�/ D Q.cos.2�

n//. After we discuss Galois theory in more detail

we will prove thatˇ

ˇ

ˇ

ˇ

Q

�

�C 1

�

�

W Q

ˇ

ˇ

ˇ

ˇ

D �.n/

2

where �.n/ is the Euler phi-function. Therefore cos.2�n/ is constructible if and only

if �.n/2

and hence �.n/ is a power of 2.


Suppose that n D 2mpe1

1 � � �pek

k, all pi odd primes. Then from Theorem 6.3.8

�.n/ D 2m�1 � .pe1

1 � pe1�11 /.p

e2

2 � pe2�12 / � � � .pek

k� pek�1

k/:

If this was a power of 2 each factor must also be a power of 2. Now

pei

i � pei�1i D p

ei�1i .pi � 1/:

If this is to be a power of 2 we must have ei D 1 and pi � 1 D 2ki for some ki .Therefore each prime is distinct to the first power and pi D 2ki C 1 is a Fermat primeproving the theorem.

6.4 Exercises

1. Let � be a given angle. In which of the following cases is the angle constructiblefrom the angle � by compass and straightedge?

(a) � D �13

, D �26

.

(b) � D �33

, D �11

.

(c) � D �7

, D �12

.

2. (The golden section) In the plane let AB be a given segment from A to B withlength a. The segment AB should be divided such that the proportion of AB tothe length of the bigger subsegment is equal to the proportion of the length of thebigger subsegment to the length of the smaller subsegment:

a

bD b

a � b ;

where b is the length of the bigger subsegment. Such a division is called divisionby the golden section. If we write b D ax, 0 < x < 1, then 1

xD x

1�x, that is

x2 D 1 � x. Show:

(a) 1x

D 1Cp52

D ˛.

(b) Construct the division ofAB by the golden section with compass and straight-edge.

(c) If we divide the radius r > 0 of a circle by the golden section, then thebigger part of the so divided radius is the side of the regular 10-gon with its10 vertices on the circle.

3. Given a regular 10-gon such that the 10 vertices are on the circle with radiusR > 0.Show that the length of each side is equal to the bigger part of the, by the goldensection divided, radius. Describe the procedure of the construction of the regular10-gon and 5-gon.


4. Construct the regular 17-gon with compass and straightedge. Hint: We have toconstruct the number 1

2.! C !�1/ D cos 2�

17, where ! D e

2�i17 . First, construct

the positive zero !1 of the polynomial x2 C x � 4; we get

!1 D 1

2.p17 � 1/ D ! C !�1 C !2 C !�2 C !4 C !�4 C !8 C !�8:

Then, construct the positive zero !2 of the polynomial x2 � !1x � 1; we get

!2 D 1

4

�p17 � 1C

q

34 � 2p17�

D ! C !�1 C !4 C !�4:

From !1 and !2 construct ˇ D 12.!2

2 � !1 C !2 � 4/. Then !3 D 2 cos 2�17

is thebiggest of the two positive zeros of the polynomial x2 � !2x C ˇ.

5. The Fibonacci-numbers fn, n 2 N [ ¹0º, are defined by f0 D 0, f1 D 1 andfnC2 D fnC1 C fn for n 2 N [ ¹0º. Show:

(a) fn D ˛n�ˇn

˛�ˇwith ˛ D 1Cp5

2, ˇ D 1�p5

2.

(b) .fnC1

fn/n2N converges and limn!1 fnC1

fnD 1Cp5

2 D ˛.

(c)�

0 11 1

�n D � fn�1 fn

fn fnC1

�

, n 2 N.

(d) f1 C f2 C � � � C fn D fnC2 � 1, n � 1.

(e) fn�1fnC1 � f 2n D .�1/n, n 2 N.

(f) f 21 C f 2

2 C � � � C f 2n D fnfnC1, n 2 N.

(g) The Fermat numbers F0; F1; F2; F3; F4. are all prime but F5 is compositeand divisible by 641.

6. Let � D e2�i

n be a primitive n-th root of unity. Using

e2�i

n D cos

�

2�

n

�

C i sin

�

2�

n

�

show that

�C 1

�D 2 cos

�

2�

n

�

:

Chapter 7

Kronecker’s Theorem and Algebraic Closures

7.1 Kronecker’s Theorem

In the last chapter we proved that if LjK is a field extension then there exists anintermediate field K � A � L such that A is algebraic over K and contains allthe elements of L that are algebraic over K. We call A the algebraic closure of Kwithin L. In this chapter we prove that starting with any field K we can constructan extension field K that is algebraic over K and is algebraically closed. By thiswe mean that there are no algebraic extensions of K or equivalently that there are noirreducible nonlinear polynomials in KŒx�. In the final section of this chapter we willgive a proof of the famous fundamental theorem of algebra which in the language ofthis chapter says that the field C of complex numbers is algebraically closed. We willpresent another proof of this important result later in the book after we discuss Galoistheory.

First we need the following crucial result of Kronecker which says that given apolynomial f .x/ in KŒx� where K is a field we can construct an extension field Lof K in which f .x/ has a root ˛. We say that L has been constructed by adjoining ˛to K. Recall that if f .x/ 2 KŒx� is irreducible then f .x/ can have no roots in K. Wefirst need the following concept.

Definition 7.1.1. Let LjK and L0jK be field extensions. Then a K-isomorphism isan isomorphism � W L ! L0 that is the identity map on K, that is fixes each elementof K.

Theorem 7.1.2 (Kronecker’s theorem). Let K be a field and f .x/ 2 KŒx�. Thenthere exists a finite extension K 0 of K where f .x/ has a root.

Proof. Suppose that f .x/ 2 KŒx�. We know that f .x/ factors into irreducible poly-nomials. Let p.x/ be an irreducible factor of f .x/. From the material in Chapter 4we know that since p.x/ is irreducible the principal ideal hp.x/i in KŒx� is a maxi-mal ideal. To see this suppose that g.x/ … hp.x/i, so that g.x/ is not a multiple ofp.x/. Since p.x/ is irreducible, it follows that .p.x/; g.x// D 1. Thus there existh.x/; k.x/ 2 KŒx� with

h.x/p.x/C k.x/g.x/ D 1:

92 Chapter 7 Kronecker’s Theorem and Algebraic Closures

The element on the left is in the ideal .g.x/; .p.x//, so the identity, 1, is in this ideal.Therefore, the whole ring KŒx� is in this ideal. Since g.x/ was arbitrary, this impliesthat the principal ideal hp.x/i is maximal.

Now let K 0 D KŒx�=hp.x/i. Since hp.x/i is a maximal ideal it follows that K0 isa field. We show that K can be embedded in K 0 and that p.x/ has a zero in K0.

First consider the map ˛ W KŒx� ! K 0 by ˛.f .x// D f .x/ C hp.x/i. This is ahomomorphism. Since the identity element 1 2 K is not in hp.x/i it follows that ˛restricted to K is nontrivial. Therefore ˛ restricted to K is a monomorphism sinceif ker.˛jK / ¤ K then ker.˛jK / D ¹0º. Therefore K can be embedded into ˛.K/which is contained in K 0. Therefore K0 can be considered as an extension field of K.Consider the element a D x C hp.x/i 2 K0. Then p.a/ D p.x/ C hp.x/i D0C hp.x/i since p.x/ 2 hp.x/i. But 0C hp.x/i is the zero element 0 of the factorring KŒx�=hp.x/i. Therefore in K0 we have p.a/ D 0 and hence p.x/ has a zeroin K 0. Since p.x/ divides f .x/ we must have f .a/ D 0 in K 0 also. Therefore wehave constructed an extension field of K in which f .x/ has a zero.

We now outline a slightly more constructive proof of Kronecker’s theorem. Fromthis construction we say that the field K0 constructed by adjoining the root ˛ to K.

Proof of Kronecker’s theorem. We can assume that f .x/ is irreducible. Suppose thatf .x/ D a0 C a1x C � � � C anx

n with an ¤ 0. Define ˛ to satisfy

a0 C a1˛ C � � � C an˛n D 0:

Now define K 0 D K.˛/ in the following manner. We let

K.˛/ D ¹c0 C c1˛ C � � � C cn�1˛n�1 W ci 2 Kº:

Then on K.˛/ define addition and subtraction componentwise and define multiplica-tion by algebraic manipulation, replacing powers of ˛ higher than ˛n by using

˛n D �a0 � a1˛ � � � � � an�1˛n�1

an:

We claim that K 0 D K.˛/ then forms a field of finite degree over K. The basicring properties follow easily by computation (see exercises) using the definitions. Wemust show then that every nonzero element of K.˛/ has a multiplicative inverse. Letg.˛/ 2 K.˛/. Then the corresponding polynomial g.x/ 2 KŒx� is a polynomial ofdegree � n � 1. Since f .x/ is irreducible of degree n it follows that f .x/ and g.x/must be relatively prime, that is .f .x/; g.x// D 1. Hence there exist a.x/; b.x/ 2KŒx� with

a.x/f .x/C b.x/g.x/ D 1:

Evaluate these polynomials at ˛ to get

a.˛/f .˛/C b.˛/g.˛/ D 1:

Section 7.1 Kronecker’s Theorem 93

Since by definition we have f .˛/ D 0 this becomes

b.˛/g.˛/ D 1:

Now b.˛/ might have degree higher than n � 1 in ˛. However using the relation thatf .˛/ D 0 we can rewrite b.˛/ as b.˛/ where b.˛/ now has degree � n � 1 in ˛ andhence is in K.˛/. Therefore

b.˛/g.˛/ D 1

and hence g.˛/ has a multiplicative inverse. It follows that K.˛/ is a field and bydefinition f .˛/ D 0. The elements 1; ˛; : : : ; ˛n�1 form a basis for K.˛/ over K andhence

jK.˛/ W Kj D n:

Example 7.1.3. Let f .x/ D x2 C1 2 RŒx�. This is irreducible over R. We constructthe field in which this has a root.

Let ˛ be an indeterminate with ˛2 C 1 D 0 or ˛2 D �1. The extension field R.˛/then has the form

R.˛/ D ¹x C ˛y W x; y 2 R; ˛2 D �1º:It is clear that this field is R-isomorphic to the complex numbers C, that is, R.˛/ ŠR.i/ Š C.

In Chapter 5 we showed that if LjK is a field extension and a 2 L is algebraic overK then there is a smallest algebraic extension K.a/ of K within L. Further K.a/ isdetermined by the minimal polynomial ma.x/. The difference between this construc-tion and the construction in Kronecker’s theorem is that in the proof of Kronecker’stheorem ˛ is defined to be the root and we constructed the field around it, whereasin the previous construction ˛ was assumed to satisfy the polynomial and K.˛/ wasan already existing field that contained ˛. However the next theorem says that theseconstructions are the same up to K-isomorphism.

Theorem 7.1.4. Let p.x/ 2 KŒx� be an irreducible polynomial and let K0 D K.˛/

be the extension field of K constructed in Kronecker’s theorem in which p.x/ has azero ˛. Let L be an extension field of K and suppose that a 2 L is algebraic withminimal polynomial m˛.x/ D p.x/. Then K.˛/ is K-isomorphic to K.a/.

Proof. If LjK is a field extension and a 2 L is algebraic then the construction of thesubfield K.a/ within L is identical to the construction outlined above for K.˛/. Ifdeg.p.x// D n then the elements 1; a; : : : ; an�1 constitute a basis for K.a/ over Kand the elements 1; ˛; : : : ; ˛n�1 constitute a basis for K.˛/ over K. The mapping

� W K.a/ ! K.˛/

defined by �.k/ D k if k 2 K and �.a/ D ˛ and then extended by linearity is easilyshown to be a K-isomorphism (see exercises).


Theorem 7.1.5. Let K be a field. Then the following are equivalent.

(1) Each nonconstant polynomial in KŒx� has a zero in K.

(2) Each nonconstant polynomial in KŒx� factors into linear factors over K. Thatis, for each f .x/ 2 KŒx� there exist elements a1; : : : ; an; b 2 K with

f .x/ D b.x � a1/ � � � .x � an/:

(3) An element of KŒx� is irreducible if and only if it is of degree one.

(4) If LjK is an algebraic extension then L D K.

Proof. Suppose that each nonconstant polynomial in KŒx� has a zero in K. Letf .x/ 2 KŒx� with deg.f .x// D n. Suppose that a1 is a zero of f .x/ then

f .x/ D .x � a1/h.x/

where the degree of h.x/ is n � 1. Now h.x/ has a zero a2 in K so that

f .x/ D .x � a1/.x � a2/g.x/

with deg.g.x// D n � 2. Continue in this manner and f .x/ factors completely intolinear factors. Hence (1) implies (2).

Now suppose (2), that is that each nonconstant polynomial in KŒx� factors intolinear factors over K. Suppose that f .x/ is irreducible. If deg.f .x// > 1 then f .x/factors into linear factors and hence is not irreducible. Therefore f .x/ must be ofdegree 1 and (2) implies (3).

Now suppose that an element of KŒx� is irreducible if and only if it is of degreeone and suppose that LjK is an algebraic extension. Let a 2 L. Then a is algebraicover K. Its minimal polynomial ma.x/ is monic and irreducible over K and hencefrom (3) is linear. Thereforema.x/ D x�a 2 KŒx�. It follows that a 2 K and henceK D L. Therefore (3) implies (4).

Finally suppose that wheneverLjK is an algebraic extension thenL D K. Supposethat f .x/ is a nonconstant polynomial in KŒx�. From Kronecker’s theorem thereexists a field extension L and a 2 L with f .a/ D 0. However L is an algebraicextension so by supposition K D L. Therefore a 2 K and f .x/ has a zero in K.Therefore (4) implies (1) completing the proof.

In the next section we will prove that given a field K we can always find an exten-sion field K with the properties of the last theorem.

7.2 Algebraic Closures and Algebraically Closed Fields

A field K is termed algebraically closed if K has no algebraic extensions other thanK itself. This is equivalent to any one of the conditions of Theorem 7.1.5.

Section 7.2 Algebraic Closures and Algebraically Closed Fields 95

Definition 7.2.1. A field K is algebraically closed if every nonconstant polynomialf .x/ 2 KŒx� has a zero in K.

The following theorem is just a restatement of Theorem 7.1.5.

Theorem 7.2.2. A field K is algebraically closed if and only it satisfies any one ofthe following conditions.

(1) Each nonconstant polynomial in KŒx� has a zero in K.

(2) Each nonconstant polynomial in KŒx� factors into linear factors over K. Thatis, for each f .x/ 2 KŒx� there exist elements a1; : : : ; an; b 2 K with

f .x/ D b.x � a1/ � � � .x � an/:

(3) An element of KŒx� is irreducible if and only if it is of degree one.

(4) If LjK is an algebraic extension then L D K.

The prime example of an algebraically closed field is the field C of complex num-bers. The fundamental theorem of algebra says that any nonconstant complex poly-nomial has a complex root.

We now show that the algebraic closure of one field within an algebraically closedfield is algebraically closed. First we define a general algebraic closure.

Definition 7.2.3. An extension fieldK of a field K is an algebraic closure of K if Kis algebraically closed and KjK is algebraic.

Theorem 7.2.4. Let K be a field and LjK an extension of K with L algebraicallyclosed. Let K D AK be the algebraic closure of K within L. ThenK is an algebraicclosure of K.

Proof. Let K D AK be the algebraic closure of K within L. We know that KjK isalgebraic therefore we must show that K is algebraically closed.

Let f .x/ be a nonconstant polynomial in KŒx�. Then f .x/ 2 LŒx�. Since L isalgebraically closed f .x/ has a zero a in L. Since f .a/ D 0 and f .x/ 2 KŒx� itfollows that a is algebraic over K. However K is algebraic over K and therefore ais also algebraic over K. Hence a 2 K and f .x/ has a zero in K. Therefore K isalgebraically closed.

We want to note the distinction between being algebraically closed and being analgebraic closure.

Lemma 7.2.5. The complex numbers C is an algebraic closure of R but not an al-gebraic closure of Q. An algebraic closure of Q is A the field of algebraic numberswithin C.


Proof. C is algebraically closed (the fundamental theorem of algebra) and sincejC W Rj D 2 it is algebraic over R. Therefore C is an algebraic closure of R. AlthoughC is algebraically closed and contains the rational numbers Q it is not an algebraicclosure of Q since it is not algebraic over Q since there exist transcendental elements.

On the other hand, A, the field of algebraic numbers within Q, is an algebraicclosure of Q from Theorem 7.2.4.

We now show that every field has an algebraic closure. To do this we first show thatany field can be embedded into an algebraically closed field.

Theorem 7.2.6. Let K be a field. Then K can be embedded into an algebraicallyclosed field.

Proof. We show first that there is an extension fieldL ofK in which each nonconstantpolynomial f .x/ 2 KŒx� has a zero in L.

Assign to each nonconstant f .x/ 2 KŒx� the symbol yf and consider

R D KŒyf W f .x/ 2 KŒx��the polynomial ring over K in the variables yf . Set

I D² nX

jD1

fj .yfj/rj W rj 2 R; fj .x/ 2 KŒx�

³

:

It is straightforward that I is an ideal in R. Suppose that I D R. Then 1 2 I . Hencethere is a linear combination

1 D g1f1.yf1/C � � � C gnfn.yfn

/

where gi 2 I D R.In the n polynomials g1; : : : ; gn there are only a finite number of variables, say for

exampleyf1; : : : ; yfn

; : : : ; yfm:

Hence

1 DnX

iD1

gi .yf1; : : : ; yfm

/fi .yfi/./:

Successive applications of Kronecker’s theorem lead us to construct an extension fieldP of K in which each fi has a zero ai . Substituting ai for yfi

in (8) above we getthat 1 D 0 a contradiction. Therefore I ¤ R.

Since I is a ideal not equal to the whole ring R it follows that I is contained ina maximal ideal M of R. Set L D R=M . Since M is maximal K is a field. NowK \ M D ¹0º. If not suppose that a 2 K \ M with a ¤ 0. Then a�1a D 1 2 M


and then M D R. Now define � W K ! L by �.k/ D kCM . Since K \M D ¹0º itfollows that ker.�/ D ¹0º so � is a monomorphism. This allows us to identify K and�.K/ and shows that K embeds into L.

Now suppose that f .x/ is a nonconstant polynomial in KŒx�. Then

f .yf CM/ D f .yf /CM:

However by the construction f .yf / 2 M so that

f .yf CM/ D M CM D the zero element of L:

Therefore yf CM is a zero of f .x/.Therefore we have constructed a field L in which every nonconstant polynomial in

KŒx� has a zero in L.We now iterate this procedure to form a chain of fields

K � K1.D L/ � K2 � � � �

such that each nonconstant polynomial of Ki Œx� has a zero in KiC1.Now let OK D S

I Ki . It is easy to show (see exercises) that OK is a field. If f .x/ isa nonconstant polynomial in OKŒx� then there is some i with f .x/ 2 Ki Œx�. Thereforef .x/ has a zero in KiC1Œx� � OK. Hence f .x/ has a zero in OK and OK is algebraicallyclosed.

Theorem 7.2.7. Let K be a field. Then K has an algebraic closure.

Proof. Let OK be an algebraically closed field containing K which exists from Theo-rem 7.2.6.

Now let K D A OK be the set of elements of OK that are algebraic over K. From

Theorem 7.2.4 OK is an algebraic closure of K.

The following lemma is straightforward. We leave the proof to the exercises.

Lemma 7.2.8. Let K;K0 be fields and � W K ! K 0 a homomorphism. Then

Q� W KŒx� ! K 0Œx� given by

Q�� nX

iD1

kixi

�

DnX

iD0

.�.ki //xi

is also a homomorphism. By convention we identify � and Q� and write � D Q�. If � isan isomorphism then so is Q�.


Lemma 7.2.9. Let K;K 0 be fields and � W K ! K 0 an isomorphism. Let f .x/ 2KŒx� be irreducible. Let K � K.a/ and K 0 � K0.a0/ where a is a zero of f .x/and a0 is a zero of �.f .x//. Then there is an isomorphism W K.a/ ! K0.a0/ with jK D � and .a/ D a0. Further is uniquely determined.

Proof. This is a generalized version of Theorem 7.1.4. If b 2 K.a/ then from theconstruction of K.a/ there is a polynomial g.x/ 2 KŒx� with b D g.a/. Define amap

W K.a/ ! K 0.a0/

by

.b/ D �.g.x//.a0/:

We show that is an isomorphism.First is well-defined. Suppose that b D g.a/ D h.a/ with h.x/ 2 KŒx�. Then

.g�h/.a/ D 0. Since f .x/ is irreducible this implies that f .x/ D cma.x/ and sincea is a zero of .g � h/.x/ then f .x/j.g � h/.x/. Then

�.f .x//j.�.g.x// � �.h.x///:

Since �.f .x//.a0/ D 0 this implies that �.g.x//.a0/ D �.h.x//.a0/ and hence themap is well-defined.

It is easy to show that is a homomorphism. Let b1 D g1.a/, b2 D g2.a/. Thenb1b1 D g1g2.a/. Hence

.b1b2/ D .�.g1g2//.a0/ D �.g1/.a

0/�.g2/.a0/ D .b1/ .b2/:

In the same manner we have .b1 C b2/ D .b1/C .b2/.Now suppose that k 2 K so that k 2 KŒx� is a constant polynomial. Then .k/ D

.�.k//.a0/ D �.k/. Therefore restricted to K is precisely �.As is not the zero mapping it follows that is a monomorphism.Finally sinceK.a/ is generated fromK and a, and restricted toK is � it follows

that is uniquely determined by � and .a/ D a0. Hence is unique.

Theorem 7.2.10. Let LjK be an algebraic extension. Suppose that L1 is an alge-braically closed field and � is an isomorphism from K to K1 � L1. Then there existsa monomorphism from L to L1 with jK D �.


Before we give the proof we note that the theorem gives the following diagram:

In particular the theorem can be applied to monomorphisms of a field K within analgebraic closure K of K. Specifically suppose that K � K where K is an algebraicclosure of K and let ˛ W K ! K be a monomorphism with ˛.K/ D K. Then thereexists an automorphism ˛� of K with ˛�jK D ˛.

Proof of Theorem 7.2.10. Consider the set

M D ¹.M; �/ WM is a field with K � M � L;

where there exists a monomorphism � W M ! L1 with �jK D �º:

Now the set M is nonempty since .K; �/ 2 M. Order M by .M1; �1/ < .M2; �2/

if M1 � M2 and .�2/jM1D �1. Let

K D ¹.Mi ; �i / W i 2 I º

be a chain in M. Let .M; �/ be defined by

M D[

i2I

Mi with �.a/ D �i .a/ for all a 2 Mi :

It is clear that M is an upper bound for the chain K . Since each chain has an upperbound it follows from Zorn’s lemma that M has a maximal element .N; �/. We showthat N D L.

Suppose that N ¨ L. Let a 2 L nN . Then a is algebraic over N and further alge-braic over K since LjK is algebraic. Let ma.x/ 2 NŒx� be the minimal polynomialof a relative to N . Since L1 is algebraically closed �.ma.x// has a zero a0 2 L1.Therefore there is a monomorphism �0 W N.a/ ! L1 with �0 restricted to N the sameas �. It follows that .N; �/ < .N.a/; �0/ since a … N . This contradicts the maximalityof N . Therefore N D L completing the proof.

Combining the previous two theorems we can now prove that any two algebraicclosures of a field K are unique up to K-isomorphism, that is up to an isomorphismthat is the identity on K.


Theorem 7.2.11. Let L1 and L2 be algebraic closures of the field K. Then there is aK-isomorphism � W L ! L1. Again byK-isomorphism we mean that � is the identityon K.

Proof. From Theorem 7.2.7 there is a monomorphism � W L1 ! L2 with � theidentity on K. However since L1 is algebraically closed so is �.L1/. Then L2j�.L1/

is an algebraic extension and since L2 is algebraically closed we must have L2 D�.L1/. Therefore � is also surjective and hence an isomorphism.

The following corollary is immediate.

Corollary 7.2.12. Let LjK and L0jK be field extensions with a 2 L and a0 2 L0algebraic elements over K. Then K.a/ is K-isomorphic to K.a0/ if and only ifjK.a/ W Kj D jK.a0/ W Kj and there is an element a00 2 K.a0/withma.x/ D ma00.x/.

7.3 The Fundamental Theorem of Algebra

In this section we give a proof of the fact that the complex numbers form an alge-braically closed field. This is known as the fundamental theorem of algebra. Firstwe need the concept of a splitting field for a polynomial. In the next chapter we willexamine this concept more deeply.

7.3.1 Splitting Fields

We have just seen that given an irreducible polynomial over a field F we could alwaysfind a field extension in which this polynomial has a root. We now push this furtherto obtain field extensions where a given polynomial has all its roots.

Definition 7.3.1. If K is a field and 0 ¤ f .x/ 2 KŒx� and K0 is an extension fieldof K, then f .x/ splits in K 0 (K 0 may be K), if f .x/ factors into linear factors inK 0Œx�. Equivalently, this means that all the roots of f .x/ are in K0.K 0 is a splitting field for f .x/ over K if K0 is the smallest extension field of K in

which f .x/ splits. (A splitting field for f .x/ is the smallest extension field in whichf .x/ has all its possible roots.)K 0 is a splitting field over K if it is the splitting field for some finite set of polyno-

mials over K.

Theorem 7.3.2. If K is a field and 0 ¤ f .x/ 2 KŒx�, then there exists a splittingfield for f .x/ over K.

Proof. The splitting field is constructed by repeated adjoining of roots. Suppose with-out loss of generality that f .x/ is irreducible of degree n over F . From Theorem 6.2.2there exists a field F 0 containing ˛ with f .˛/ D 0. Then f .x/ D .x�˛/g.x/ 2 F 0Œx�

Section 7.3 The Fundamental Theorem of Algebra 101

with deg g.x/ D n� 1. By an inductive argument g.x/ has a splitting field and there-fore so does f .x/.

In the next chapter we will give a further characterization of splitting fields.

7.3.2 Permutations and Symmetric Polynomials

To obtain a proof of the fundamental theorem of algebra we need to go a bit outsideof our main discussions of rings and fields and introduce symmetric polynomials.In order to introduce this concept we first review some basic ideas from elementarygroup theory which we will look at in detail later in the book.

Definition 7.3.3. A group G is a set with one binary operation which we will denoteby multiplication, such that

(1) The operation is associative, that is, .g1g2/g3 Dg1.g2g3/ for all g1; g2; g3 2G.

(2) There exists an identity for this operation, that is, an element 1 such that 1g D g

for each g 2 G.

(3) Each g 2 G has an inverse for this operation, that is, for each g there exists ag�1 with the property that gg�1 D 1.

If in addition the operation is commutative (g1g2 D g2g1 for all g1; g2 2 G), thegroup G is called an abelian group. The order of G is the number of elements in G,denoted jGj. If jGj < 1; G is a finite group. H � G is a subgroup if H is also agroup under the same operation as G. Equivalently, H is a subgroup if H ¤ ; andH is closed under the operation and inverses.

Groups most often arise from invertible mappings of a set onto itself. Such map-pings are called permutations.

Definition 7.3.4. If T is a set, a permutation on T is a one-to-one mapping of T ontoitself. We denote by ST the set of all permutations on T .

Theorem 7.3.5. For any set T , ST forms a group under composition called the sym-metric group on T . If T; T1 have the same cardinality (size), then ST Š ST1

. If T isa finite set with jT j D n, then ST is a finite group and jST j D nŠ.

Proof. If ST is the set of all permutations on the set T , we must show that compositionis an operation on ST that is associative and has an identity and inverses.

Let f; g 2 ST . Then f; g are one-to-one mappings of T onto itself. Considerf ıg W T ! T . If f ıg.t1/ D f ıg.t2/, then f .g.t1// D f .g.t2// and g.t1/ D g.t2/,since f is one-to-one. But then t1 D t2 since g is one-to-one.

If t 2 T , there exists t1 2 T with f .t1/ D t since f is onto. Then there existst2 2 T with g.t2/ D t1 since g is onto. Putting these together, f .g.t2// D t , and


therefore f ı g is onto. Therefore, f ı g is also a permutation and composition givesa valid binary operation on ST .

The identity function 1.t/ D t for all t 2 T will serve as the identity for ST , whilethe inverse function for each permutation will be the inverse. Such unique inversefunctions exist since each permutation is a bijection.

Finally, composition of functions is always associative and therefore ST forms agroup.

If T; T1 have the same cardinality, then there exists a bijection W T ! T1. Definea map F W ST ! ST1

in the following manner: if f 2 ST , let F.f / be the permu-tation on T1 given by F.f /.t1/ D .f . �1.t1///. It is straightforward to verify thatF is an isomorphism (see the exercises).

Finally, suppose jT j D n < 1. Then T D ¹t1; : : : ; tnº. Each f 2 ST can bepictured as

f D�

t1 : : : tnf .t1/ : : : f .tn/

�

:

For t1 there are n choices for f .t1/. For t2 there are only n � 1 choices since f isone-to-one. This continues down to only one choice for tn. Using the multiplicationprinciple, the number of choices for f and therefore the size of ST is

n.n � 1/ � � � 1 D nŠ:

For a set with n elements we denote ST by Sn called the symmetric group on nsymbols.

Example 7.3.6. Write down the six elements of S3 and give the multiplication tablefor the group.

Name the three elements 1; 2; 3. The six elements of S3 are then:

1 D�

1 2 3

1 2 3

�

; a D�

1 2 3

2 3 1

�

; b D�

1 2 3

3 1 2

�

c D�

1 2 3

2 1 3

�

; d D�

1 2 3

3 2 1

�

; e D�

1 2 3

1 3 2

�

:

The multiplication table for S3 can be written down directly by doing the requiredcomposition. For example,

ac D�

1 2 3

2 3 1

��

1 2 3

2 1 3

�

D�

1 2 3

3 2 1

�

D d:

To see this, note that a W 1 ! 2; 2 ! 3; 3 ! 1; c W 1 ! 2; 2 ! 1; 3 ! 3 and soac W 1 ! 3; 2 ! 2; 3 ! 1.

It is somewhat easier to construct the multiplication table if we make some obser-vations. First, a2 D b and a3 D 1. Next, c2 D 1, d D ac, e D a2c and finallyac D ca2.


From these relations the following multiplication table can be constructed:

1 a a2 c ac a2c

1 1 a a2 c ac a2c

a a a2 1 ac a2c c

a2 a2 1 a a2c c ac

c c a2c ac 1 a2 a

ac ac c a2c a 1 a2

a2c a2c ac c a2 a 1

:

To see this, consider, for example, .ac/a2 D a.ca2/ D a.ac/ D a2c.More generally, we can say that S3 has a presentation given by

S3 D ha; cI a3 D c2 D 1; ac D ca2i:

By this we mean that S3 is generated by a; c, or that S3 has generators a; c andthe whole group and its multiplication table can be generated by using the relationsa3 D c2 D 1, ac D ca2.

An important result, the form of which we will see later in our work on extensionfields, is the following.

Lemma 7.3.7. Let T be a set and T1 � T a subset. Let H be the subset of ST thatfixes each element of T1, that is, f 2 H if f .t/ D t for all t 2 T1. Then H is asubgroup.

Proof. H ¤ ; since 1 2 H . Now suppose h1; h2 2 H . Let t1 2 T1 and considerh1 ı h2.t1/ D h1.h2.t1//. Now h2.t1/ D t1 since h2 2 H , but then h1.t1/ D t1since h1 2 H . Therefore, h1 ı h2 2 H and H is closed under composition. If h1

fixes t1 then h�11 also fixes t1 so H is also closed under inverses and is therefore a

subgroup.

We now apply these ideas of permutations to certain polynomials in independentindeterminates over a field. We will look at these in detail later in this book.

Definition 7.3.8. Let y1; : : : ; yn be (independent) indeterminates over a field K.A polynomial f .y1; : : : ; yn/ 2 KŒy1; : : : ; yn� is a symmetric polynomial in y1;

: : : ; yn if f .y1; : : : ; yn/ is unchanged by any permutation of ¹y1; : : : ; ynº, thatis, f .y1; : : : ; yn/ D f . .y1/; : : : ; .yn//.

If K � K 0 are fields and ˛1; : : : ; ˛n are in F 0, then we call a polynomialf .˛1; : : : ; ˛n/ with coefficients in K symmetric in ˛1; : : : ; ˛n if f .˛1; : : : ; ˛n/ isunchanged by any permutation of ¹˛1; : : : ; ˛nº.


Example 7.3.9. Let K be a field and k0; k1 2 K. Let h.y1; y2/ D k0.y1 C y2/ Ck1.y1y2/.

There are two permutations on ¹y1; y2º, namely 1 W y1 ! y1, y2 ! y2 and 2 W y1 ! y2, y2 ! y1. Applying either one of these two to ¹y1; y2º leavesh.y1; y2/ invariant. Therefore, h.y1; y2/ is a symmetric polynomial.

Definition 7.3.10. Let x; y1; : : : ; yn be indeterminates over a field K (or elements ofan extension field K 0 of K). Form the polynomial

p.x; y1; : : : ; yn/ D .x � y1/ � � � .x � yn/:

The i -th elementary symmetric polynomial si in y1; : : : ; yn for i D 1; : : : ; n, is.�1/iai , where ai is the coefficient of xn�i in p.x; y1; : : : ; yn/.

Example 7.3.11. Consider y1; y2; y3. Then

p.x; y1; y2; y3/ D .x � y1/.x � y2/.x � y3/

D x3 � .y1 C y2 C y3/x2 C .y1y2 C y1y3 C y2y3/x � y1y2y3:

Therefore, the three elementary symmetric polynomials in y1; y2; y3 over any fieldare

(1) s1 D y1 C y2 C y3.

(2) s2 D y1y2 C y1y3 C y2y3.

(3) s3 D y1y2y3.

In general, the pattern of the last example holds for y1; : : : ; yn. That is,

s1 D y1 C y2 C � � � C yn

s2 D y1y2 C y1y3 C � � � C yn�1yn

s3 D y1y2y3 C y1y2y4 C � � � C yn�2yn�1yn

:::

sn D y1 � � �yn:

The importance of the elementary symmetric polynomials is that any symmetricpolynomial can be built up from the elementary symmetric polynomials. We make thisprecise in the next theorem called the fundamental theorem of symmetric polynomials.We will use this important result several times, and we will give a complete proof inSection 7.5.


Theorem 7.3.12 (fundamental theorem of symmetric polynomials). If P is a sym-metric polynomial in the indeterminates y1; : : : ; yn over a field K, that is, P 2KŒy1; : : : ; yn� and P is symmetric, then there exists a unique g 2 KŒy1; : : : ; yn� suchthat f .y1; : : : ; yn/ D g.s1; : : : ; sn/. That is, any symmetric polynomial in y1; : : : ; yn

is a polynomial expression in the elementary symmetric polynomials in y1; : : : ; yn.

From this theorem we obtain the following two lemmas, which will be crucial inour proof of the fundamental theorem of algebra.

Lemma 7.3.13. Let p.x/ 2 KŒx� and suppose p.x/ has the roots ˛1; : : : ; ˛n in thesplitting fieldK 0. Then the elementary symmetric polynomials in ˛1; : : : ; ˛n are inK.

Proof. Suppose p.x/ D c0 C c1x C � � � C cnxn 2 KŒx�. In K 0Œx�, p.x/ splits, with

roots ˛1; : : : ; ˛n, and thus in K 0Œx�,

p.x/ D cn.x � ˛1/ � � � .x � ˛n/:

The coefficients are then cn.�1/isi .˛1; : : : ; ˛n/, where the si .˛1; : : : ; ˛n/ are theelementary symmetric polynomials in ˛1; : : : ; ˛n. However, p.x/ 2 KŒx�, so eachcoefficient is in K. It follows then that for each i , cn.�1/isi .˛1; : : : ; ˛n/ 2 K, andhence si .˛1; : : : ; ˛n/ 2 K since cn 2 K.

Lemma 7.3.14. Let p.x/ 2 KŒx� and suppose p.x/ has the roots ˛1; : : : ; ˛n in thesplitting fieldK 0. Suppose further that g.x/ D g.x; ˛1; : : : ; ˛n/ 2 K0Œx�. If g.x/ is asymmetric polynomial in ˛1; : : : ; ˛n, then g.x/ 2 KŒx�.Proof. If g.x/ D g.x; ˛1; : : : ; ˛n/ is symmetric in ˛1; : : : ; ˛n, then from Theo-rem 7.3.12 it is a symmetric polynomial in the elementary symmetric polynomialsin ˛1; : : : ; ˛n. From Lemma 7.3.13 these are in the ground fieldK, so the coefficientsof g.x/ are in K. Therefore, g.x/ 2 KŒx�.


We now present a proof of the fundamental theorem of algebra.

Theorem 7.4.1 (fundamental theorem of algebra). Any nonconstant complex polyno-mial has a complex root. In other words, the complex number field C is algebraicallyclosed.

The proof depends on the following sequence lemmas. The crucial one now is thelast, which says that any real polynomial must have a complex root.

Lemma 7.4.2. Any odd-degree real polynomial must have a real root.


Proof. This is a consequence of the intermediate value theorem from analysis.Suppose P.x/ 2 RŒx� with degP.x/ D n D 2k C 1 and suppose the leading

coefficient an > 0 (the proof is almost identical if an < 0). Then

P.x/ D anxn C (lower terms)

and n is odd. Then,

(1) limx!1 P.x/ D limx!1 anxn D 1 since an > 0.

(2) limx!�1 P.x/ D limx!�1 anxn D �1 since an > 0 and n is odd.

From (1), P.x/ gets arbitrarily large positively, so there exists an x1 with P.x1/ >

0. Similarly, from (2) there exists an x2 with P.x2/ < 0.A real polynomial is a continuous real-valued function for all x 2 R. Since

P.x1/P.x2/ < 0, it follows from the intermediate value theorem that there existsan x3, between x1 and x2, such that P.x3/ D 0.

Lemma 7.4.3. Any degree-two complex polynomial must have a complex root.

Proof. This is a consequence of the quadratic formula and of the fact that any complexnumber has a square root.

If P.x/ D ax2 C bx C c, a ¤ 0, then the roots formally are

x1 D �b C pb2 � 4ac2a

; x2 D �b � pb2 � 4ac2a

:

From DeMoivre’s theorem every complex number has a square root, hence x1; x2

exist in C. They of course are the same if b2 � 4ac D 0.

To go further we need the concept of the conjugate of a polynomial and somestraightforward consequences of this idea.

Definition 7.4.4. If P.x/ D a0 C � � � C anxn is a complex polynomial then its con-

jugate is the polynomial P .x/ D a0 C � � � C anxn. That is, the conjugate is the

polynomial whose coefficients are the complex conjugates of those of P.x/.

Lemma 7.4.5. For any P.x/ 2 CŒx� we have:

(1) P.z/ D P .z/ if z 2 C.

(2) P.x/ is a real polynomial if and only if P.x/ D P .x/.

(3) If P.x/Q.x/ D H.x/ then H.x/ D .P .x//.Q.x//.


Proof. (1) Suppose z 2 C and P.z/ D a0 C � � � C anzn. Then

P.z/ D a0 C � � � C anzn D a0 C a1z C � � � C anzn D P .z/:

(2) Suppose P.x/ is real then ai D ai for all its coefficients and hence P.x/ DP .x/. Conversely suppose P.x/ D P .x/. Then ai D ai for all its coefficients andhence ai 2 R for each ai and so P.x/ is a real polynomial.

(3) The proof is a computation and left to the exercises.

Lemma 7.4.6. Suppose G.x/ 2 CŒx�. Then H.x/ D G.x/G.x/ 2 RŒx�.

Proof. H.x/ D G.x/G.x/ D G.x/G.x/ D G.x/G.x/ D G.x/G.x/ D H.x/.Therefore, H.x/ is a real polynomial.

Lemma 7.4.7. If every nonconstant real polynomial has a complex root, then everynonconstant complex polynomial has a complex root.

Proof. Let P.x/ 2 CŒx� and suppose that every nonconstant real polynomial has atleast one complex root. Let H.x/ D P.x/P .x/. From Lemma 7.4.6, H.x/ 2 RŒx�.By supposition there exists a z0 2 C with H.z0/ D 0. Then P.z0/P .z0/ D 0, andsince C is a field it has no zero divisors. Hence either P.z0/ D 0 or P .z0/ D 0. In thefirst case z0 is a root of P.x/. In the second case P .z0/ D 0. Then from Lemma 7.4.5

P .z0/ D P .z0/ D P.z0/ D 0. Therefore, z0 is a root of P.x/.

Now we come to the crucial lemma.

Lemma 7.4.8. Any nonconstant real polynomial has a complex root.

Proof. Let f .x/ D a0 C a1xC � � � C anxn 2 RŒx� with n � 1, an ¤ 0. The proof is

an induction on the degree n of f .x/.Suppose n D 2mq where q is odd. We do the induction on m. If m D 0 then

f .x/ has odd degree and the theorem is true from Lemma 7.4.2. Assume then thatthe theorem is true for all degrees d D 2kq0 where k < m and q0 is odd. Now assumethat the degree of f .x/ is n D 2mq.

Suppose K 0 is the splitting field for f .x/ over R in which the roots are ˛1; : : : ; ˛n.We show that at least one of these roots must be in C. (In fact, all are in C but toprove the lemma we need only show at least one.)

Let h 2 Z and form the polynomial

H.x/ DY

i<j

.x � .˛i C j C h˛i j //:


This is inK 0Œx�. In formingH.x/we chose pairs of roots ¹˛i ; j º, so the number ofsuch pairs is the number of ways of choosing two elements out of n D 2mq elements.This is given by

.2mq/.2mq � 1/2

D 2m�1q.2mq � 1/ D 2m�1q0

with q0 odd. Therefore, the degree of H.x/ is 2m�1q0.H.x/ is a symmetric polynomial in the roots ˛1; : : : ; ˛n. Since ˛1; : : : ; ˛n are the

roots of a real polynomial, from Lemma 7.3.14 any polynomial in the splitting fieldsymmetric in these roots must be a real polynomial.

Therefore, H.x/ 2 RŒx� with degree 2m�1q0. By the inductive hypothesis, then,H.x/ must have a complex root. This implies that there exists a pair ¹˛i ; j º with

˛i C j C h˛i j 2 C:

Since h was an arbitrary integer, for any integer h1 there must exist such a pair¹˛i ; j º with

˛i C j C h1˛i j 2 C:

Now let h1 vary over the integers. Since there are only finitely many such pairs¹˛i ; j º, it follows that there must be at least two different integers h1; h2 such that

z1 D ˛i C j C h1˛i j 2 C and z2 D ˛i C j C h2˛i j 2 C:

Then z1 � z2 D .h1 � h2/˛i j 2 C and since h1; h2 2 Z � C it follows that˛i j 2 C. But then h1˛i j 2 C, from which it follows that ˛i C j 2 C. Then,

p.x/ D .x � ˛i /.x � j / D x2 � .˛i C j /x C ˛i j 2 CŒx�:

However, p.x/ is then a degree-two complex polynomial and so from Lemma 7.4.3 itsroots are complex. Therefore, ˛i ; j 2 C, and therefore f .x/ has a complex root.

It is now easy to give a proof of the fundamental theorem of algebra. From Lem-ma 7.4.8 every nonconstant real polynomial has a complex root. From Lemma 7.4.7 ifevery nonconstant real polynomial has a complex root, then every nonconstant com-plex polynomial has a complex root proving the fundamental theorem.

Theorem 7.4.9. If E is a finite dimensional field extension of C, then E D C.

Proof. Let a 2 E. Regard the elements 1; a; a2; : : : . These elements become linearlydependent over C and we get a nonconstant polynomial over C with root a. By thefundamental theorem of algebra we know that a 2 C.

Corollary 7.4.10. If E is a finite dimensional field extension of R, then E D R orE D C.

Section 7.5 The Fundamental Theorem of Symmetric Polynomials 109

7.5 The Fundamental Theorem of Symmetric Polynomials

In the proof of the fundamental theorem of algebra that was given in the previous sec-tion we used the fact that any symmetric polynomial in n indeterminates is a polyno-mial in the elementary symmetric polynomials in these indeterminates. In this sectionwe give a proof of this theorem.

Let R be an integral domain with x1; : : : ; xn (independent) indeterminates overR and let RŒx1; : : : ; xn� be the polynomial ring in these indeterminates. Any poly-nomial f .x1; : : : ; xn/ 2 RŒx1; : : : ; xn� is composed of a sum of pieces of the formax

i1

1 : : : xinn with a 2 R. We first put an order on these pieces of a polynomial.

The piece axi11 : : : x

inn with a ¤ 0 is called higher than the piece bxj1

1 : : : xjnn with

b ¤ 0 if the first one of the differences

i1 � j1; i2 � j2; : : : ; in � jn

that differs from zero is in fact positive. The highest piece of a polynomial f .x1; : : : ;

xn/ is denoted by HG.f /.

Lemma 7.5.1. For f .x1; : : : ; xn/; g.x1; : : : ; xn/ 2 RŒx1; : : : ; xn� we have

HG.fg/ D HG.f /HG.g/:

Proof. We use an induction on n, the number of indeterminates. It is clearly true forn D 1, and now assume that the statement holds for all polynomials in k indeter-minates with k < n and n � 2. Order the polynomials via exponents on the firstindeterminate x1 so that

f .x1; : : : ; xn/ D xr1�r.x2; : : : ; xn/C xr�1

1 �r�1.x2; : : : ; xn/

C � � � C �0.x2; : : : ; xn/

g.x1; : : : ; xn/ D xs1 s.x2; : : : ; xn/C xs�1

1 s�1.x2; : : : ; xn/

C � � � C 0.x2; : : : ; xn/:

Then HG.fg/ D xrCs1 HG.�r s/. By the inductive hypothesis

HG.�r s/ D HG.�r/HG. s/:

Hence

HG.fg/ D xrCs1 HG.�r /HG. s/

D .xr1 HG.�r//.x

s1 HG. s// D HG.f /HG.g/:


The elementary symmetric polynomials in n indeterminates x1; : : : ; xn are

s1 D x1 C x2 C � � � C xn

s2 D x1x2 C x1x3 C � � � C xn�1xn

s3 D x1x2x3 C x1x2x4 C � � � C xn�2xn�1xn

:::

sn D x1 � � � xn:

These were found by forming the polynomial p.x; x1; : : : ; xn/ D .x�x1/ � � � .x�xn/. The i -th elementary symmetric polynomial si in x1; : : : ; xn is then .�1/iai ,where ai is the coefficient of xn�i in p.x; x1; : : : ; xn/.

In general,sk D

X

i1<i2<��<ik;1�k�n

xi1xi2

� � � xik ;

where the sum is taken over all the�

nk

�

different systems of indices i1; : : : ; ik withi1 < i2 < � � � < ik .

Further, a polynomial s.x1; : : : ; xn/ is a symmetric polynomial if s.x1; : : : ; xn/

is unchanged by any permutation of ¹x1; : : : ; xnº, that is, s.x1; : : : ; xn/ Ds. .x1/; : : : ; .xn//.

Lemma 7.5.2. In the highest piece axk1

1 � � � xknn ; a ¤ 0, of a symmetric polynomial

s.x1; : : : ; xn/ we have k1 � k2 � � � � � kn.

Proof. Assume that ki < kj for some i < j . As a symmetric polynomial, s.x1; : : : ;

xn/ also must then contain the piece axk1

1 � � � xkj

i � � � xki

j � � � xknn , which is higher than

axk1

1 � � � xki

i � � � xkj

j � � � xknn , giving a contradiction.

Lemma 7.5.3. The product sk1�k2

1 sk2�k3

2 � � � skn�1�kn

n�1 sknn with k1 � k2 � � � � � kn

has the highest piece xk1

1 xk2

2 � � � xknn .

Proof. From the definition of the elementary symmetric polynomials we have that

HG.stk/ D .x1x2 � � � xk/

t ; 1 � k � n; t � 1:

From Lemma 7.4.2,

HG.sk1�k2

1 sk2�k3

2 � � � skn�1�kn

n�1 sknn /

D xk1�k2

1 .x1x2/k2�k3 � � � .x1 � � � xkn�1�kn

n�1 /.x1 � � � xn/kn

D xk1

1 xk2

2 � � � xknn :


Theorem 7.5.4. Let s.x1; : : : ; xn/ 2 RŒx1; : : : ; xn� be a symmetric polynomial. Thens.x1; : : : ; xn/ can be uniquely expressed as a polynomial f .s1; : : : ; sn/ in the elemen-tary symmetric polynomials s1; : : : ; sn with coefficients from R.

Proof. We prove the existence of the polynomial f by induction on the size of thehighest pieces. If in the highest piece of a symmetric polynomial all exponents arezero, then it is constant, that is, an element of R and there is nothing to prove.

Now we assume that each symmetric polynomial with highest piece smaller thanthat of s.x1; : : : ; xn/ can be written as a polynomial in the elementary symmetricpolynomials. Let axk1

1 � � � xknn , a ¤ 0, be the highest piece of s.x1; : : : ; xn/. Let

t .x1; : : : ; xn/ D s.x1; : : : ; xn/ � ask1�k2

1 � � � skn�1�kn

n�1 sknn :

Clearly, t .x1; : : : ; xn/ is another symmetric polynomial, and from Lemma 7.4.5 thehighest piece of t .x1; : : : ; xn/ is smaller than that of s.x1; : : : ; xn/. Therefore,t .x1; : : : ; xn/ and hence s.x1; : : : ; xn/ D t .x1; : : : ; xn/ C as

k1�k2

1 � � � skn�1�kn

n�1 sknn

can be written as a polynomial in s1; : : : ; sn.To prove the uniqueness of this expression assume that s.x1; : : : ; xn/ D f .s1; : : : ;

sn/Dg.s1; : : : ; sn/. Then f .s1; : : : ; sn/ � g.s1; : : : ; sn/Dh.s1; : : : ; sn/D�.x1; : : : ;

xn/ is the zero polynomial in x1; : : : ; xn. Hence, if we write h.s1; : : : ; sn/ as a sum ofproducts of powers of the s1; : : : ; sn, all coefficients disappear because two differentproducts of powers in the s1; : : : ; sn have different highest pieces. This follows fromprevious set of lemmas. Therefore, f and g are the same, proving the theorem.

7.6 Exercises

1. Suppose that f .x/ D a0 C a1x C � � � C anxn 2 KŒx�, K a field, with an ¤ 0

and f .x/ irreducible. Define ˛ to satisfy

a0 C a1˛ C � � � C an˛n D 0

and define K 0 D K.˛/ in the following manner. We let

K.˛/ D ¹c0 C c1˛ C � � � C cn�1˛n�1 W ci 2 Kº:

Then on K.˛/ define addition and subtraction componentwise and define mul-tiplication by algebraic manipulation, replacing powers of ˛ higher than ˛n byusing

˛n D �a0 � a1˛ � � � � � an�1˛n�1

an:

Prove that K 0 D K.˛/ forms a ring.


2. Let f; g 2 KŒx� be irreducible polynomials of degree 2 over the field K. Let˛1; ˛2 respectively ˇ1; ˇ2 be zeros of f and g. For 1 � i; j � 2 let �ij D˛i C j . Show:

(a) jK.�ij / W Kj 2 ¹1; 2; 3º.

(b) For fixed f; g there are at most two different degrees in (a).

(c) Decide, which combinations of degrees in (b) (with f; g variable) are pos-sible, and give an example in each case.

3. Let LjK be a field extension, let � 2 L and f .x/ 2 LŒx� a polynomial of degree� 1. Let all coefficients of f .x/ be algebraic over K. If f .�/ D 0, then � isalgebraic over K.

4. Let LjK be a field extension and let M be an intermediate field. The extensionM jK is algebraic. For � 2 L the following are equivalent:

(a) � is algebraic over M .

(b) � is algebraic over K.

5. Let LjK be a field extension and �1; �2 2 L. Then the following are equivalent:

(a) �1 and �2 are algebraic over K.

(b) �1 C �2 and �1�2 are algebraic over K.

6. Let LjK be a simple field extension. Then there is an extension field L0 of L ofthe form L0 D K.�1; �2/ with:

(a) �1 and �2 are transcendental over K.

(b) The set of all over K algebraic elements of L0 is L.

7. In the proof of Theorem 7.1.4 show that the mapping

� W K.a/ ! K.˛/

defined by �.k/ D k if k 2 K and �.a/ D ˛ and then extended by linearity is aK-isomorphism.

8. For each i 2 I let Ki be a field. Now let OK D S

i2I Ki . Show that OK is a field.


10. If T; T1 are sets with the same cardinality, then there exists a bijection W T !T1. Define a map F W ST ! ST1

in the following manner: if f 2 ST , let F.f /be the permutation on T1 given by F.f /.t1/ D .f . �1.t1///. Prove that F isan isomorphism.

11. Prove that if P.X/;Q.x/;H.x/ 2 C then if P.x/Q.x/ D H.x/ then H.x/ D.P .x//.Q.x//.

Chapter 8

Splitting Fields and Normal Extensions

8.1 Splitting Fields

In the last chapter we introduced splitting fields and used this idea to present a proofof the fundamental theorem of algebra. The concept of a splitting field is essential tothe Galois theory of equations so in this chapter we look more deeply at this idea.

Definition 8.1.1. Let K be a field and f .x/ a nonconstant polynomial in KŒx�. Anextension field L of K is a splitting field for f .x/ over K if

(a) f .x/ splits into linear factors in LŒx�.

(b) If K � M � L and M ¤ L then f .x/ does not split into linear factors inMŒx�.

From part (b) in the definition the following is clear.

Lemma 8.1.2. L is a splitting field for f .x/ 2 KŒx� if and only if f .x/ splits intolinear factors in LŒx� and if f .x/ D b.x � a1/ � � � .x � an/ with b 2 K then L DK.a1; : : : ; an/.

Example 8.1.3. The field C of complex numbers is a splitting field for the polynomialp.x/ D x2 C 1 in RŒx�. In fact since C is algebraically closed it is a splitting fieldfor any real polynomial f .x/ 2 RŒx� which has at least one nonreal zero.

The field Q.i/ adjoining i to Q is a splitting field for x2 C 1 over QŒx�.

The next result was used in the previous chapter. We restate and reprove it here.

Theorem 8.1.4. Let K be a field. Then each nonconstant polynomial in KŒx� has asplitting field.

Proof. Let K be an algebraic closure of K. Then f .x/ splits in KŒx�, that is f .x/ Db.x � a1/ � � � .x � an/ with b 2 K and ai 2 K. Let L D K.a1; : : : ; an/. Then L isthe splitting field for f .x/ over K.

We next show that the splitting field over K of a given polynomial is unique up toK-isomorphism.

114 Chapter 8 Splitting Fields and Normal Extensions

Theorem 8.1.5. Let K;K 0 be field and � W K ! K0 an isomorphism. Let f .x/ be anonconstant polynomial in KŒx� and f 0.x/ D �.f .x// its image in K 0Œx�. Supposethat L is a splitting field for f .x/ overK and L0 is a splitting field for f 0.x/ overK 0.

(a) Suppose that L0 � L00. Then if W L ! L00 is a monomorphism with jK D �

then is an isomorphism from L onto L0. Moreover maps the set of zeros off .x/ inL onto the set of zeros of f 0.x/ inL0. The map is uniquely determinedby the values of the zeros of f .x/.

(b) If g.x/ is an irreducible factor of f .x/ inKŒx� and a is a zero of g.x/ in L anda0 is a zero of g0.x/ D �.g.x// in L0 then there is an isomorphism from L toL0 with jK D � and .a/ D .a0/.

Before giving the proof of this theorem we note that the following important resultis a direct consequence of it.

Theorem 8.1.6. A splitting field for f .x/ 2 KŒx� is unique up to K-isomorphism.

Proof of Theorem 8.1.5. Suppose that f .x/ D b.x�a1/ � � � .x�an/ 2 LŒx� and thatf 0.x/ D b0.x � a01/ � � � .x � a0n/ 2 L0Œx�. Then

f 0.x/ D �.f .x// D .f .x// D . .b//.x � .a1// � � � .x � .an//:

We have proved that polynomials have unique factorization over fields. Since L0 �L00 it follows that the set of zeros . .a1/; : : : ; .an// is a permutation of the set ofzeros .a01; : : : ; a0n/. In particular this implies that .ai / 2 L0, that is

im. / D L0 D K0.a1; : : : ; a0n/:

Since the image of is K 0.a1; : : : ; a0n/ D K0. .ai /; : : : ; .an// it is clear that is

uniquely determined by the images .ai /. This proves part (a).For part (b) embed L0 in an algebraic closure L00. Hence there is a monomorphism

�0 W K.a/ ! L00

with �0jK D � and �0.a/ D a0. Hence there is a monomorphism W L ! L00 with jK.a/

D �0. Then from part (a) it follows that W L ! L0 is an isomorphism.

Example 8.1.7. Let f .x/ D x3 � 7 2 QŒx�. This has no zeros in Q and since it is ofdegree 3 it follows that it must be irreducible in QŒx�.

Let ! D �12

Cp

32i 2 C. Then it is easy to show by computation that !2 D

�12

�p

32i and !3 D 1. Therefore the three zeros of f .x/ in C are

a1 D 71=3

a2 D ! � 71=3

a3 D !2 � 71=3:

Section 8.2 Normal Extensions 115

HenceL D Q.a1; a2; a3/ the splitting field of f .x/. Since the minimal polynomialof all three zeros over Q is the same .f .x// it follows that

Q.a1/ Š Q.a2/ Š Q.a3/:

Since Q.a1/ � R and a2; a3 are nonreal it is clear that a2; a3 … Q.a1/.Suppose that Q.a2/ D Q.a3/. Then ! D a3a

�12 2 Q.a2/ and so 71=3 D !�1a2 2

Q.a2/. Hence Q.a1/ � Q.a2/ and therefore Q.a1/ D Q.a2/ since they have thesame degree over Q. This contradiction shows that Q.a2/ and Q.a3/ are distinct.

By computation we have a3 D a�11 a2

2 and hence

L D Q.a1; a2; a3/ D Q.a1; a2/ D Q.71=3; !/:

Now the degree of L over Q is

jL W Qj D jQ.71=3; !/ W Q.!/jjQ.!/ W Qj:Now jQ.!/ W Qj D 2 since the minimal polynomial of ! over Q is x2 C x C 1.Since no zero of f .x/ lies in Q.!/ and the degree of f .x/ is 3 it follows that f .x/ isirreducible over Q.!/. Therefore we have that the degree of L over Q.!/ is 3. HencejL W Qj D .2/.3/ D 6.

We now have the following lattice diagram of fields and subfields:

We do not know however if there are any more intermediate fields. There could forexample be infinitely many. However as we will see when we do the Galois theorythere are no others.

8.2 Normal Extensions

We now consider algebraic field extensions L of K which have the property that iff .x/ 2 KŒx� has a zero in L then f .x/ must split in L. In particular we show that ifL is a splitting field of finite degree for some g.x/ 2 KŒx� then L has this property.


Definition 8.2.1. A field extension L of a field K is a normal extension if

(a) LjK is algebraic.

(b) Each irreducible polynomial f .x/ 2 KŒx� that has a zero in L splits into linearfactors in LŒx�.

Note that in Example 8.1.7 the extension fieldsQ.˛i /jQ are not normal extensions.Although f .x/ has a zero in Q.˛i / the polynomial f .x/ does not split into linearfactors in Q.˛i /Œx�.

We now show that LjK is a finite normal extension if and only if L is the splittingfield for some f .x/ 2 KŒx�.

Theorem 8.2.2. Let LjK be a finite extension. Then the following are equivalent.

(a) LjK is a normal extension.

(b) LjK is a splitting field for some f .x/ 2 KŒx�.(c) If L � L0 and W L ! L0 is a monomorphism with jK the identity map onK

then is an automorphism of L, that is .L/ D L.

Proof. Suppose that LjK is a finite normal extension. Since LjK is a finite extensionL is algebraic over K and since of finite degree we have L D K.a1; : : : ; an/ with ai

algebraic over K.Let fi .x/ 2 KŒx� be the minimal polynomial of ai . Since LjK is a normal ex-

tension fi .x/ splits in LŒx�. This is true for each i D 1; : : : ; n. Let f .x/ Df1.x/f2.x/ � � �fn.x/. Then f .x/ splits into linear factors in LŒx�. Since K DK.a1; : : : ; an/ the polynomial f .x/ cannot have all its zeros in any intermediate ex-tension between K and L. Therefore L is the splitting field for f .x/. Hence (a)implies (b).

Now suppose that L � L0 and W L ! L0 is a monomorphism with jK theidentity map on K. Then the extension field .L/ of K is also a splitting field forf .x/ since jK is the identity onK. Hence maps the zeros of f .x/ in L � L0 ontothe zeros of f .x/ in .L/ � L0 it follows that .L/ D L. Hence (b) implies (c).

Finally suppose (c). Hence we assume that if L � L0 and W L ! L0 is amonomorphism with jK the identity map on K then is an automorphism of L,that is .L/ D L.

As before LjK is algebraic since LjK is finite. Suppose that f .x/ 2 KŒx� is irre-ducible and that a 2 L is a zero of f .x/. There are algebraic elements a1; : : : ; an 2 Lwith L D K.a1; : : : ; an/ since LjK is finite. For i D 1; : : : ; n let fi .x/ 2 KŒx� bethe minimal polynomial of ai and let g.x/ D f .x/f1.x/ � � �fn.x/. Let L0 be thesplitting field of g.X/. Clearly L � L0. Let b 2 L0 be a zero of f .x/. From The-orem 8.1.5 there is an automorphism of L0 with .a/ D b and jK the identityon K. Hence by our assumption jL is an automorphism of L. It follows that b 2 Land hence f .x/ splits in LŒx�. Therefore (c) implies (a) completing the proof.

Section 8.2 Normal Extensions 117

To give simple examples of normal extensions we have the following lemma.

Lemma 8.2.3. If L is an extension of K with jL W Kj D 2 then L is a normalextension of K.

Proof. Suppose that jL W Kj D 2. Then LjK is algebraic since its finite. Let f .x/ 2KŒx� be irreducible with leading coefficient 1 and which has a zero in L. Let a beone zero. Then f .x/ must be the minimal polynomial of a. However deg.ma.x// �jL W Kj D 2 and hence f .x/ is of degree 1 or 2. Since f .x/ has a zero in L it followsthat it must split into linear factors in LŒx� and therefore L is a normal extension.

Later we will tie this result to group theory when we prove that a subgroup ofindex 2 must be a normal subgroup.

Example 8.2.4. As a first example of the lemma consider the polynomial f .x/ Dx2 � 2. In R this splits as .x � p

2/.x C p2/ and hence the field Q.

p2/ is the

splitting field of f .x/ D x2 � 2 over Q. Therefore Q.p2/ is a normal extension

of Q.

Example 8.2.5. As a second example consider the polynomial x4 � 2 in QŒx�. Thezeros in C are

21=4; 21=4i; 21=4i2; 21=4i3:

Hence

L D Q.21=4; 21=4i; 21=4i2; 21=4i3/

is the splitting field of x4 � 2 over Q.Now

L D Q.21=4; 21=4i; 21=4i2; 21=4i3/ D Q.21=4; i /:

Therefore we have

jL W Qj D jL W Q.21=4/jjQ.21=4/ W Qj:

Since x4 � 2 is irreducible over Q we have jQ.21=4/ W Qj D 4. Since i has degree 2over any real field we have jL W Q.21=4/j D 2. Therefore L is a normal extension ofQ.21=4/ and x2 � p

2 2 Q.p2/Œx� has the splitting field Q.21=4/.

Altogether we haveLjQ.21=4/, Q.21=4/jQ.21=2/, Q.21=2/jQ andLjQ are normalextensions. However Q.21=4/jQ is not normal since 21=4 is a zero of x4 � 2 butQ.21=4/ does not contain all the zeros of x4 � 2.


Hence, we have the following figure.

Figure 8.1

8.3 Exercises

1. Determine the splitting field of f .x/ 2 QŒx� and its degree over Q in the followingcases:

(a) f .x/ D x4 � p, where p is a prime.

(b) f .x/ D xp � 2, where p is a prime.

2. Determine the degree of the splitting field of the polynomial x4 C 4 over Q. De-termine the splitting field of x6 C 4x4 C 4x2 C 3 over Q.

3. For each a 2 Z let fa.x/ D x3 � ax2 C .a � 3/x C 1 2 QŒx� be given.

(a) fa is irreducible over Q for each a 2 Z.

(b) If b 2 R is a zero of fa, then also .1� b/�1 and .b � 1/b�1 are zeros of fa.

(c) Determine the splitting field L of fa.x/ over Q and its degree jL W Qj.4. Let K be a field and f .x/ 2 KŒx� a polynomial of degree n. Let L be a splitting

field of f .x/. Show:

(a) If a1; : : : ; an 2 L are the zeros of f , then jK.a1; : : : ; at / W Kj � n � .n �1/ � � � .n � t C 1/ for each t with 1 � t � n.

(b) L over K is of degree at most nŠ.

(c) If f .x/ is irreducible over K then n divides jL W Kj.

Chapter 9

Groups, Subgroups and Examples

9.1 Groups, Subgroups and Isomorphisms

Recall from Chapter 1 that the three most commonly studied algebraic structures aregroups, rings and fields. We have now looked rather extensively at rings and fields andin this chapter we consider the basic concepts of group theory. Groups arise in manydifferent areas of mathematics. For example they arise in geometry as groups of con-gruence motions and in topology as groups of various types of continuous functions.Later in this book they will appear in Galois theory as groups of automorphisms offields. First we recall the definition of a group given previously in Chapter 1.

Definition 9.1.1. A group G is a set with one binary operation which we will denoteby multiplication, such that

(1) The operation is associative, that is, .g1g2/g3 Dg1.g2g3/ for all g1; g2; g3 2G.

(2) There exists an identity for this operation, that is, an element 1 such that 1g D g

and g1 D g for each g 2 G.

(3) Each g 2 G has an inverse for this operation, that is, for each g there exists ag�1 with the property that gg�1 D 1 and g�1g D 1.

If in addition the operation is commutative, that is g1g2 D g2g1 for all g1; g2 2 G,the group G is called an abelian group.

The order ofG, denoted jGj, is the number of elements in the groupG. If jGj < 1,G is a finite group otherwise it is an infinite group.

It follows easily from the definition that the identity is unique and that each elementhas a unique inverse.

Lemma 9.1.2. If G is a group then there is a unique identity. Further if g 2 G itsinverse is unique. Finally if g1; g2 2 G then .g1g2/

�1 D g�12 g�1

1 .

Proof. Suppose that 1 and e are both identities for G. Then 1e D e since e is anidentity and 1e D 1 since 1 is an identity. Therefore 1 D e and there is only oneidentity.

Next suppose that g 2 G and g1 and g2 are inverses for g. Then

g1gg2 D .g1g/g2 D 1g2 D g2

120 Chapter 9 Groups, Subgroups and Examples

since g1g D 1. On the other hand

g1gg2 D g1.gg2/ D g11 D g1

since gg2 D 1. It follows that g1 D g2 and g has a unique inverse.Finally consider

.g1g2/.g�12 g�1

1 / D g1.g2g�12 /g�1

1 D g11g�11 D g1g

�11 D 1:

Therefore g�12 g�1

1 is an inverse for g1g2 and since inverses are unique it is the inverseof the product.

Groups most often arise as permutations on a set. We will see this, as well as otherspecific examples of groups, in the next sections.

Finite groups can be completely described by their group tables or multiplicationtables. These are sometimes called Cayley tables. In general, let G D ¹g1; : : : ; gnºbe a group, then the multiplication table of G is:

g1 g2 � � � gj � � � gn

g1 � � �g2 � � �:::

gi � � � � � � � � � gigj:::

gn : : :

The entry in the row of gi 2 G and column of gj 2 G is the product (in that order)gigj in G.

Groups satisfy the cancellation law for multiplication.

Lemma 9.1.3. IfG is a group and a; b; c 2 G with ab D ac or ba D ca then b D c.

Proof. Suppose that ab D ac. Then a has an inverse a�1 so we have

a�1.ab/ D a�1.ac/:

From the associativity of the group operation we then have

.a�1a/b D .a�1a/c H) 1 � b D 1 � c H) b D c:

A consequence of Lemma 9.1.3 is that each row and each column in a group table isjust a permutation of the group elements. That is each group element appears exactlyonce in each row and each column.

A subset H � G is a subgroup of G if H is also a group under the same operationas G. As for rings and fields a subset of a group is a subgroup if it is nonempty andclosed under both the group operation and inverses.

Section 9.2 Examples of Groups 121

Lemma 9.1.4. A subset H � G is a subgroup if H ¤ ; and H is closed under theoperation and inverses. That is, if a; b 2 H then ab 2 H and a�1; b�1 2 H .

We leave the proof of this to the exercises.Let G be a group and g 2 G; we denote by gn, n 2 N, as with numbers, the

product of g taken n times. A negative exponent will indicate the inverse of thepositive exponent. As usual, let g0 D 1. Clearly group exponentiation will satisfy thestandard laws of exponents. Now consider the set

H D ¹1 D g0; g; g�1; g2; g�2; : : :ºof all powers of g. We will denote this by hgi.

Lemma 9.1.5. If G is a group and g 2 G then hgi forms a subgroup of G called thecyclic subgroup generated by g. hgi is abelian even if G is not.

Proof. If g 2 G then g 2 hgi and hence hgi is nonempty. Suppose then that a Dgn; b D gm are elements of hgi. Then ab D gngm D gnCm 2 hgi so hgi is closedunder the group operation. Further a�1 D .gn/�1 D g�n 2 hgi so hgi is closedunder inverses. Therefore hgi is a subgroup.

Finally ab D gngm D gnCm D gmCn D gmgn D ba and hence hgi is abelian.

Suppose that g 2 G and gm D 1 for some positive integer m. Then let n bethe smallest positive integer such that gn D 1. It follows that the set of elements¹1; g; g2; : : : ; gn�1º are all distinct but for any other power gk we have gk D gt forsome k D 0; 1; : : : ; n � 1 (see exercises). The cyclic subgroup generated by g thenhas order n and we say that g has order n which we denote by o.g/ D n. If no such nexists we say that g has infinite order. We will look more deeply at cyclic groups andsubgroups in Section 9.5.

We introduce one more concept before looking at examples.

Definition 9.1.6. If G and H are groups then a mapping f W G ! H is a (group)homomorphism if f .g1g2/ D f .g1/f .g2/ for any g1; g2 2 G. If f is also a bijectionthen it is an isomorphism.

As with rings and fields we say that two groups G and H are isomorphic, denotedby G Š H , if there exists an isomorphism F W G ! H . This means that abstractlyG and H have exactly the same algebraic structure.

9.2 Examples of Groups

As already mentioned groups arise in many diverse areas of mathematics. In thissection and the next we present specific examples of groups.


First of all any ring or field under addition forms an abelian group. Hence, forexample .Z;C/; .Q;C/; .R;C/; .C;C/ where Z;Q;R;C are respectively the inte-gers, the rationals, the reals and the complex numbers, all are infinite abelian groups.If Zn is the modular ring Z=nZ then for any natural number n, .Zn;C/ forms a finiteabelian group. In abelian groups the group operation is often denoted by C and theidentity element by 0 (zero).

In a field F , the nonzero elements are all invertible and form a group under multi-plication. This is called the multiplicative group of the field F and is usually denotedby F �. Since multiplication in a field is commutative the multiplicative group of afield is an abelian group. Hence Q�;R�;C� are all infinite abelian groups while if pis a prime Z�p forms a finite abelian group. Recall that if p is a prime then the modularring Zp is a field.

Within Q�;R�;C� there are certain multiplicative subgroups. Since the positiverationals QC and the positive reals RC are closed under multiplication and inversethey form subgroups of Q� and R� respectively. In C if we consider the set of allcomplex numbers z with jzj D 1 then these form a multiplicative subgroup. Furtherwithin this subgroup if we consider the set of n-th roots of unity z (that is zn D 1) fora fixed n this forms a subgroup, this time of finite order.

The multiplicative group of a field is a special case of the unit group of a ring. IfR is a ring with identity, recall that a unit is an element of R with a multiplicativeinverse. Hence in Z the only units are ˙1 while in any field every nonzero element isa unit.

Lemma 9.2.1. If R is a ring with identity then the set of units in R forms a groupunder multiplication called the unit group of R and is denoted by U.R/. If R is a fieldthen U.R/ D R�.

Proof. Let R be a ring with identity. Then the identity 1 itself is a unit so 1 2 U.R/

and hence U.R/ is nonempty. If e 2 R is a unit then it has a multiplicative inversee�1. Clearly then the multiplicative inverse has an inverse, namely e so e�1 2 U.R/if e is. Hence to show U.R/ is a group we must show that it is closed under product.

Let e1; e2 2 U.R/. Then there exist e�11 ; e�1

2 . It follows that e�12 e�1

1 is an inversefor e1e2. Hence e1e2 is also a unit and U.R/ is closed under product. Therefore forany ring R with identity U.R/ forms a multiplicative group.

To present examples of nonabelian groups we turn to matrices. If F is a field we let

GL.n; F / D ¹n � n matrices over F with nonzero determinantº

andSL.n; F / D ¹n � n matrices over F with determinant oneº:

Section 9.2 Examples of Groups 123

Lemma 9.2.2. If F is a field then for n � 2, GL.n; F / forms a nonabelian groupunder matrix multiplication and SL.n; F / forms a subgroup.

GL.n; F / is called the n-dimensional general linear group over F , while SL.n; F /is called the n-dimensional special linear group over F .

Proof. Recall that for two n � n matrices A;B with n � 2 over a field we have

det.AB/ D det.A/ det.B/

where det is the determinant.Now for any field the n � n identity matrix I has determinant 1 and hence I 2

GL.n; F /. Since determinants multiply the product of two matrices with nonzerodeterminant has nonzero determinant so GL.n; F / is closed under product. Furtherover a field F if A is an invertible matrix then

det.A�1/ D 1

detA

and so if A has nonzero determinant so does its inverse. It follows that GL.n; F / hasthe inverse of any of its elements. Since matrix multiplication is associative it followsthat GL.n; F / form a group. It is nonabelian since in general matrix multiplication isnoncommutative.

We leave the fact that SL.n; F / forms a subgroup to the exercises.

Groups play an important role in geometry. In any metric geometry an isometry is amapping that preserves distance. To understand a geometry one must understand thegroup of isometries. We look briefly at the Euclidean geometry of the plane E2.

An isometry or congruence motion of E2 is a transformation or bijection T of E2

that preserves distance, that is d.a; b/ D d.T .a/; T .b// for all points a; b 2 E2.

Theorem 9.2.3. The set of congruence motions of E2 forms a group called theEuclidean group. We denote the Euclidean group by E .

Proof. The identity map I is clearly an isometry and since composition of mappingsis associative we need only show that the product of isometries is an isometry and thatthe inverse of an isometry is an isometry.

Let T;U be isometries. Then d.a; b/ D d.T .a/; T .b// and d.a; b/ D d.U.a/;

U.b// for any points a; b. Now consider

d.T U.a/; T U.b// D d.T .U.a//; T .U.b/// D d.U.a/; U.b//

since T is an isometry. However

d.U.a/; U.b// D d.a; b/

since U is an isometry. Combining these we have that T U is also an isometry.


Consider T �1 and points a; b. Then

d.T �1.a/; T �1.b// D d.T T �1.a/; T T �1.b//

since T is an isometry. But T T �1 D I and hence

d.T �1.a/; T �1.b// D d.T T �1.a/; T T �1.b// D d.a; b/:

Therefore T �1 is also an isometry and hence E is a group.

One of the major results concerning E is the following. We refer to [25], [26] and[22] for a more thorough treatment.

Theorem 9.2.4. If T 2 E then T is either a translation, rotation, reflection or glidereflection. The set of translations and rotations forms a subgroup.

Proof. We outline a brief proof. If T is an isometry and T fixes the origin .0; 0/then T is a linear mapping. It follows that T is a rotation or a reflection. If T doesnot fix the origin then there is a translation T0 such that T0T fixes the origin. Thisgives translations and glide reflections. In the exercises we expand out more of theproof.

If D is a geometric figure in E2, such as a triangle or square, then a symmetry ofD is a congruence motion T W E2 ! E2 that leaves D in place. It may move theindividual elements of D however. So for example a rotation about the center of acircle is a symmetry of the circle.

Lemma 9.2.5. If D is a geometric figure in E2 then the set of symmetries of D formsa subgroup of E called the symmetry group of D denoted by Sym.D/.

Proof. We show that Sym.D/ is a subgroup of E . The identity map I fixes D soI 2 Sym.D/ and so Sym.D/ is nonempty. Let T;U 2 Sym.D/. Then T mapsD to D and so does U . It follows directly that so does the composition T U andhence T U 2 Sym.D/. If T maps D to D then certainly the inverse does. ThereforeSym.D/ is a subgroup of E .

Example 9.2.6. Let T be an equilateral triangle. Then there are exactly six symme-tries of T (see exercises). These are

I D the identity

r D a rotation of 120ı around the center of T

r2 D a rotation of 240ı around the center of T

f D a reflection over the perpendicular bisector of one of the sides

f r D the composition of f and r

f r2 D the composition of f and r2:

Section 9.3 Permutation Groups 125

Sym.T / is called the dihedral group D3. In the next section we will see that it isisomorphic to S3, the symmetric group on 3 symbols.

9.3 Permutation Groups

Groups most often appear as groups of transformations or permutations on a set. Inthis section we will take a short look at permutation groups and then examine themmore deeply in the next chapter. We recall some ideas first introduced in Chapter 7 inrelation to the proof of the fundamental theorem of algebra.

Definition 9.3.1. If A is a set, a permutation on A is a one-to-one mapping of A ontoitself. We denote by SA the set of all permutations on A.

Theorem 9.3.2. For any set A, SA forms a group under composition called the sym-metric group on A. If jAj > 2 then SA is nonabelian. Further if A;B have the samecardinality, then SA Š SB .

Proof. If SA is the set of all permutations on the setA, we must show that compositionis an operation on SA that is associative and has an identity and inverses.

Let f; g 2 SA. Then f; g are one-to-one mappings of A onto itself. Considerf ı g W A ! A. If f ı g.a1/ D f ı g.a2/, then f .g.a1// D f .g.a2// andg.a1/ D g.a2/, since f is one-to-one. But then a1 D a2 since g is one-to-one.

If a 2 A, there exists a1 2 A with f .a1/ D a since f is onto. Then there existsa2 2 A with g.a2/ D a1 since g is onto. Putting these together, f .g.a2// D a, andtherefore f ı g is onto. Therefore, f ı g is also a permutation and composition givesa valid binary operation on SA.

The identity function 1.a/ D a for all a 2 A will serve as the identity for SA, whilethe inverse function for each permutation will be the inverse. Such unique inversefunctions exist since each permutation is a bijection.

Finally, composition of functions is always associative and therefore SA forms agroup.

Suppose that jAj > 2. Then A has at least 3 elements. Call them a1; a2; a2.Consider the 2 permutations f and g which fix (leave unchanged) all of A excepta1; a2; a3 and on these three elements

f .a1/ D a2; f .a2/ D a3; f .a3/ D a1

g.a1/ D a2; g.a2/ D a1; g.a3/ D a3:

Then under composition

f .g.a1// D a3; f .g.a2// D a2; f .g.a3// D a1


whileg.f .a1// D a1; g.f .a2// D a3; g.f .a3// D a2:

Therefore f ı g ¤ g ı f and hence SA is not abelian.If A;B have the same cardinality, then there exists a bijection W A ! B . Define a

map F W SA ! SB in the following manner: if f 2 SA, let F.f / be the permutationon B given by F.f /.b/ D .f . �1.b///. It is straightforward to verify that F is anisomorphism (see the exercises).

If A1 � A then those permutations on A that map A1 to A1 form a subgroup of SA

called the stabilizer of A1 denoted stab.A1/. We leave the proof to the exercises.

Lemma 9.3.3. If A1 � A then stab.A1/ D ¹f 2 SA W f W A1 ! A1º forms asubgroup of SA.

A permutation group is any subgroup of SA for some set A.We now look at finite permutation groups. Let A be a finite set, say A D ¹a1;

a2; : : : ; anº. Then each f 2 SA can be pictured as

f D�

a1 : : : an

f .a1/ : : : f .an/

�

:

For a1 there are n choices for f .a1/. For a2 there are only n � 1 choices since f isone-to-one. This continues down to only one choice for an. Using the multiplicationprinciple, the number of choices for f and therefore the size of SA is

n.n � 1/ � � � 1 D nŠ:

We have thus proved the following theorem.

Theorem 9.3.4. If jAj D n then jSAj D nŠ.

For a set with n elements we denote SA by Sn, called the symmetric group on nsymbols.

Example 9.3.5. Write down the six elements of S3 and give the multiplication tablefor the group.

Name the three elements 1; 2; 3. The six elements of S3 are then

1 D�

1 2 3

1 2 3

�

; a D�

1 2 3

2 3 1

�

; b D�

1 2 3

3 1 2

�

c D�

1 2 3

2 1 3

�

; d D�

1 2 3

3 2 1

�

; e D�

1 2 3

1 3 2

�

:

Section 9.3 Permutation Groups 127

The multiplication table for S3 can be written down directly by doing the requiredcomposition. For example,

ac D�

1 2 3

2 3 1

��

1 2 3

2 1 3

�

D�

1 2 3

3 2 1

�

D d:

To see this, note that a W 1 ! 2; 2 ! 3; 3 ! 1; c W 1 ! 2; 2 ! 1; 3 ! 3 and soac W 1 ! 3; 2 ! 2; 3 ! 1.

It is somewhat easier to construct the multiplication table if we make some obser-vations. First, a2 D b and a3 D 1. Next, c2 D 1, d D ac, e D a2c and finallyac D ca2.

From these relations the following multiplication table can be constructed:

1 a a2 c ac a2c

1 1 a a2 c ac a2c

a a a2 1 ac a2c c

a2 a2 1 a a2c c ac

c c a2c ac 1 a2 a

ac ac c a2c a 1 a2

a2c a2c ac c a2 a 1

To see this, consider, for example, .ac/a2 D a.ca2/ D a.ac/ D a2c.More generally, we can say that S3 has a presentation given by

S3 D ha; cI a3 D c2 D 1; ac D ca2i:By this we mean that S3 is generated by a; c, or that S3 has generators a; c and

the whole group and its multiplication table can be generated by using the relationsa3 D c2 D 1, ac D ca2.

A theorem of Cayley actually shows that every group is a permutation group.A group G is a permutation group on the group G itself considered as a set. Thisresult however does not give much information about the group.

Theorem 9.3.6 (Cayley’s theorem). Let G be a group. Consider the set of elementsof G. Then the group G is a permutation group on the set G, that is G is a subgroupof SG .

Proof. We show that to each g 2 G we can associate a permutation of the set G. Ifg 2 G let �g be the map given by

�g W g1 ! gg1 for each g1 2 G:It is straightforward to show that each �g is a permutation on G.


9.4 Cosets and Lagrange’s Theorem

In this section given a group G and a subgroup H we define an equivalence relationonG. The equivalence classes all have the same size and are called the (left) or (right)cosets of H in G.

Definition 9.4.1. Let G be a group and H � G a subgroup. For a; b 2 G definea � b if a�1b 2 H .

Lemma 9.4.2. Let G be a group and H � G a subgroup. Then the relation definedabove is an equivalence relation on G. The equivalence classes all have the form aH

for a 2 G and are called the left cosets of H in G. Clearly G is a disjoint union of itsleft cosets.

Proof. Let us show, first of all, that this is an equivalence relation. Now a � a

since a�1a D e 2 H . Therefore the relation is reflexive. Further a � b impliesa�1b 2 H , but since H is a subgroup of G we have b�1a D .a�1b/�1 2 H and sob � a. Therefore the relation is symmetric. Finally suppose that a � b and b � c.Then a�1b 2 H and b�1c 2 H . Since H is a subgroup a�1b � b�1c D a�1c 2 H ,and hence a � c. Therefore the relation is transitive and hence is an equivalencerelation.

For a 2 G the equivalence class is

Œa� D ¹g 2 G W a � gº D ¹a 2 G W a�1g 2 H º:

But then clearly g 2 aH . It follows that the equivalence class for a 2 G is preciselythe set

aH D ¹g 2 G W g D ah for some h 2 H º:These classes, aH , are called left cosets of H and since they are equivalence classesthey partition G. This means that every element of g is in one and only one left coset.In particular, bH D H D eH if and only if b 2 H .

If aH is a left coset then we call the element a a coset representative representative.A complete collection

¹a 2 G W ¹aH º is the set of all distinct left cosets of H º

is called a (left) transversal of H in G.One could define another equivalence relation by defining a � b if and only if

ba�1 2 H . Again this can be shown to be an equivalence relation on G, and theequivalence classes here are sets of the form

Ha D ¹g 2 G W g D ha for some h 2 H º;

Section 9.4 Cosets and Lagrange’s Theorem 129

called right cosets of H . Also, of course, G is the (disjoint) union of distinct rightcosets.

It is easy to see that any two left (right) cosets have the same order (number ofelements). To demonstrate this consider the mapping aH ! bH via ah 7! bh whereh 2 H . It is not hard to show that this mapping is 1-1 and onto (see exercises). Thuswe have jaH j D jbH j. (This is also true for right cosets and can be established in asimilar manner.) Letting b 2 H in the above discussion, we see jaH j D jH j, for anya 2 G, that is the size of each left or right coset is exactly the same as the subgroupH .

One can also see that the collection ¹aH º of all distinct left cosets has the samenumber of elements as the collection ¹Haº of all distinct right cosets. In other words,the number of left cosets equals the number of right cosets (this number may be infi-nite). For consider the map

f W aH ! Ha�1:

This mapping is well-defined: for if aH D bH , then b D ah where h 2 H . Thusf .bH/ D Hb�1 D Hh�1a�1 D f .aH/. It is not hard to show that this mappingis 1-1 and onto (see exercises). Hence the number of left cosets equals the number ofright cosets.

Definition 9.4.3. Let G be a group and H � G a subgroup. The number of distinctleft cosets, which is the same as the number of distinct right cosets, is called the indexof H in G, denoted by ŒG W H�.

Now let us consider the case where the group G is finite. Each left coset has thesame size as the subgroup H and here both are finite. Hence jaH j D jH j for eachcoset. Further the group G is a disjoint union of the left cosets, that is

G D H [ g1H [ � � � [ gnH:

Since this is a disjoint union we have

jGj D jH j C jg1H j C � � � C jgnH j D jH j C jH j C � � � C jH j D jH jŒG W H�:This establishes the following extremely important theorem.

Theorem 9.4.4 (Lagrange’s theorem). Let G be a group and H � G a subgroup.Then

jGj D jH jŒG W H�:If G is a finite group this implies that both the order of a subgroup and the index of asubgroup are divisors of the order of the group.

This theorem plays a crucial role in the structure theory of finite groups since itgreatly restricts the size of subgroups. For example in a group of order 10 there canbe proper subgroups only of orders 1, 2 and 5.


As an immediate corollary, we have the following result.

Corollary 9.4.5. The order of any element g 2 G, where G is a finite group, dividesthe order of the group. In particular if jGj D n and g 2 G then o.g/jn and gn D 1.

Proof. Let g 2 G and o.g/ D m. Thenm is the size of the cyclic subgroup generatedby g and hence divides m from Lagrange’s theorem. Then n D mk and so

gn D gmk D .gm/k D 1k D 1:

Before leaving this section we consider some results concerning general subsets ofa group.

Suppose that G is a group and S is an arbitrary nonempty subset of G, S � G andS ¤ ;; such a set S is usually called a complex of G.

If U and V are two complexes of G, the product UV is defined as follows:

UV D ¹g1g2 2 G W u 2 U; v 2 V º:

Now suppose that U; V are subgroups of G. When is the complex UV again asubgroup of G?

Theorem 9.4.6. The product UV of two subgroups U , V of a group G is itself asubgroup if and only if U and V commute, that is, if and only if UV D V U .

Proof. We note first that when we say U and V commute, we do not demand that thisis so elementwise. In other words, it is not required that uv D vu for all u 2 U andall v 2 V ; all that is required is that for any u 2 U and v 2 V uv D v1u1, for someelements u1 2 U and v1 2 V .

Assume that UV is a subgroup ofG. Let u 2 U and v 2 V . Then u 2 U � 1 � UV

and v 2 1 �V � UV . But since UV is assumed itself to be a subgroup, it follows thatvu 2 UV . Hence each product vu 2 UV and so V U � UV . In an identical mannerUV � V U and so UV D V U .

Conversely, suppose that UV D V U . Let g1 D u1v1 2 UV , g2 D u2v2 2 UV .Then

g1g1 D .u1v1/.u2v2/ D u1.v1u2/v2 D u1u3v3v2 D .u1u3/.v3v2/ 2 UV

since v1u2 D u3v3 for some u3 2 U and v3 2 V . Further

g�11 D .u1v1/

�1 D v�11 u�1

1 D u4v4:

It follows that UV is a subgroup.

Section 9.4 Cosets and Lagrange’s Theorem 131

Theorem 9.4.7 (product formula). Let U; V be subgroups of G and let R be a lefttransversal of the intersection U \ V in U . Then

UV D[

r2R

rV

where this is a disjoint union.In particular if U; V are finite then

jUV j D jU jjV jjU \ V j :

Proof. Since R � U we have that[

r2R

rV � UV:

In the other direction let uv 2 UV . Then

U D[

r2R

r.U \ V /:

It follows that u D rv0 with r 2 R and v0 2 U \ V . Hence

uv D rv0v 2 rV:The union of cosets of V is disjoint so

uv 2[

r2R

rV:

Therefore UV � S

r2R rV proving the equality.Now suppose that jU j and jV j are finite. Then we have

jUV j D jRjjV j D jU W U \ V jjV j D jU jjU \ V j jV j D jU jjV j

jU \ V j :

We now show that index is multiplicative. Later we will see how this fact is relatedto the multiplicativity of the degree of field extensions.

Theorem 9.4.8. SupposeG is a group andU and V are subgroups withU � V � G.Then if G is the disjoint union

G D[

r2R

rV

and V is the disjoint unionV D

[

s2S

sU


then we get a disjoint union for G as

G D[

r2R;s2S

rsU:

In particular if ŒG W V � and ŒV W U � are finite then

ŒG W U � D ŒG W V �ŒV W U �:Proof. Now

G D[

r2R

rV D[

r2R

�

[

s2S

sU

�

D[

r2R;s2S

rsU:

Suppose that r1s1U D r2s2U . Then r1s1UV D r2s2UV . But s1UV D V ands2UV D V so r1V D r2V which implies that r1 D r2. Then s1U D s2U whichimplies that s1 D s2. Therefore the union is disjoint.

The index formula now follows directly.

The next result says that the intersection of subgroups of finite index must again beof finite index.

Theorem 9.4.9 (Poincaré). Suppose that U; V are subgroups of finite index in G.Then U \ V is also of finite index. Further

ŒG W U \ V � � ŒG W U �ŒG W V �:If ŒG W U �; ŒG W V � are relatively prime then equality holds.

Proof. Let r be the number of left cosets of U in G that are contained in UV . r isfinite since the index ŒG W U � is finite. From Theorem 9.4.7 we then have

jV W U \ V j D r � ŒG W U �:Then from Theorem 9.4.8

ŒG W U \ V � D ŒG W V �ŒV W U \ V � � ŒG W V �ŒG W U �:Since both ŒG W U � and ŒG W V � are finite so is ŒG W U \ V �.

Now ŒG W U �jŒG W U \ V � and ŒG W V �jŒG W U \ V �. If ŒG W U � and ŒG W V � arerelatively prime then

ŒG W U �ŒG W V �jŒG W U \ V � H) ŒG W U �ŒG W V � � ŒG W U \ V �Therefore we must have equality.

Corollary 9.4.10. Suppose that ŒG W U � and ŒG W V � are finite and relatively prime.Then G D UV .

Section 9.5 Generators and Cyclic Groups 133

Proof. From Theorem 9.4.9 we have

ŒG W U \ V � D ŒG W U �ŒG W V �:

From Theorem 9.4.8

ŒG W U \ V � D ŒG W V �ŒV W U \ V �:

Combing these we haveŒV W U \ V � D ŒG W U �:

The number of left cosets of U in G that are contained in V U is equal to the numberof all left cosets of U in G. It follows then that we must have G D UV .

9.5 Generators and Cyclic Groups

We saw that if G is any group and g 2 G then the powers of g generate a subgroupof G called the cyclic subgroup generated by g. Here we explore more fully the ideaof generating a group or subgroup. We first need the following.

Lemma 9.5.1. If U and V are subgroups of a group G then their intersection U \Vis also a subgroup.

Proof. Since the identity of G is in both U and V we have that U \ V is nonempty.Suppose that g1; g2 2 U \ V . Then g1; g2 2 U and hence g�1

1 g2 2 U since U is asubgroup. Analogously g�1

1 g2 2 V . Hence g�1g2 2 U \ V and therefore U \ V isa subgroup.

Now let S be a subset of a group G. The subset S is certainly contained in at leastone subgroup of G, namely G itself. Let ¹U˛º be the collection of all subgroups ofG containing S . Then

T

˛ U˛ is again a subgroup of G from Lemma 9.5.1. Furtherit is the smallest subgroup of G containing S (see the exercises). We call

T

˛ U˛ thesubgroup of G generated by S and denote it by hSi or grp.S/. We call the set S a setof generators for hSi.

Definition 9.5.2. A subset M of a group G is a set of generators for G if G DhM i, that is the smallest subgroup of G containing M is all of G. We say that G isgenerated by M and that M is a set of generators for G.

Notice that any group G has at least one set of generators, namely G itself. IfG D hM i and M is a finite set then we say that G is finitely generated. Clearlyany finite group is finitely generated. Shortly we will give an example of a finitelygenerated infinite group.


Example 9.5.3. The set of all reflections forms a set of generators for the Euclideangroup E . Recall that any T 2 E is either a translation, a rotation, a reflection or aglide reflection. It can be shown (see exercises) that any one of these can be expressedas a product of 3 or fewer reflections.

We now consider the case where a group G has a single generator.

Definition 9.5.4. A group G is cyclic if there exists a g 2 G such that G D hgi.In this caseG D ¹gn W n 2 Zº, that isG consists of all the powers of the element g.

If there exists an integerm such that gm D 1, then there exists a smallest such positiveinteger say n. It follows that gk D gl if and only if k � l mod n. In this situation thedistinct powers of g are precisely

¹1 D g0; g; g2; : : : ; gn�1º:

It follows that jGj D n. We then call G a finite cyclic group. If no such power existsthen all the powers of G are distinct and G is an infinite cyclic group.

We show next that any two cyclic groups of the same order are isomorphic.

Theorem 9.5.5. (a) If G D hgi is an infinite cyclic group then G Š .Z;C/ that isthe integers under addition.

(b) If G D hgi is a finite cyclic group of order n then G Š .Zn;C/ that is theintegers modulo n under addition.

It follows that for a given order there is only one cyclic group up to isomorphism.

Proof. Let G be an infinite cyclic group with generator g. Map g onto 1 2 .Z;C/.Since g generatesG and 1 generates Z under addition this can be extended to a homo-morphism. It is straightforward to show that this defines an isomorphism.

Now let G be a finite cyclic group of order n with generator g. As above map g to1 2 Zn and extend to a homomorphism. Again it is straightforward to show that thisdefines an isomorphism.

Now let G and H be two cyclic groups of the same order. If both are infinite thenboth are isomorphic to .Z;C/ and hence isomorphic to each other. If both are finite oforder n then both are isomorphic to .Zn;C/ and hence isomorphic to each other.

Theorem 9.5.6. LetG D hgi be a finite cyclic group of order n. Then every subgroupof G is also cyclic. Further if d jn there exists a unique subgroup of G of order d .

Proof. Let G D hgi be a finite cyclic group of order n and suppose that H is asubgroup of G. Notice that if gm 2 H then g�m is also in H since H is a subgroup.Hence H must contain positive powers of the generator g. Let t be the smallestpositive power of g such that gt 2 H . We claim that H D hgt i the cyclic subgroup


of G generated by gt . Let h 2 H then h D gm for some positive integer m � t .Divide m by t to get

m D qt C r where r D 0 or 0 < r < t:

If r ¤ 0 then r D m � qt > 0. Now gm 2 H , gt 2 H so g�qt 2 H for any q sinceH is a subgroup. It follows that gmg�qt D gm�qt 2 H . This implies that gr 2 H .However this is a contradiction since r < t and t is the least positive power in H . Itfollows that r D 0 so m D qt . This implies that gm D gqt D .gt /q , that is gm isa multiple of gt . Therefore every element of H is a multiple of gt and therefore gt

generates H and hence H is cyclic.Now suppose that d jn so that n D kd . Let H D hgki, that is the subgroup of G

generated by gk . We claim that H has order d and that any other subgroup H1 of Gwith order d coincides with H . Now .gk/d D gkd D gn D 1 so the order of gk

divides d and hence is � d . Suppose that .gk/d1 D gkd1 D 1 with d1 < d . Thensince the order of g is n we have n D kd jkd1 with d1 < d which is impossible.Therefore the order of gk is d and h D hgki is a subgroup of G of order d .

Now let H1 be a subgroup of G of order d . We must show that H1 D H . Leth 2 H1 so h D gt and hence gtd D 1. It follows that njtd and so kd jtd and hencekjt , that is t D qk for some positive integer q. Therefore gt D .gk/q 2 H . ThereforeH1 � H and since they are of the same size H D H1.

Theorem 9.5.7. Let G D hgi be an infinite cyclic group. Then a subgroup H is ofthe form H D hgt i for a positive integer t . Further if t1; t2 are positive integers witht1 ¤ t2 then hgt1i and hgt2i are distinct.

Proof. Let G D hgi be an infinite cyclic group and H a subgroup of G. As in theproof of Theorem 9.5.6 H must contain positive powers of the generator g. Let t bethe smallest positive power of g such that gt 2 H . We claim thatH D hgt i the cyclicsubgroup of G generated by gt . Let h 2 H then h D gm for some positive integerm � t . Divide m by t to get

m D qt C r where r D 0 or 0 < r < t:

If r ¤ 0 then r D m � qt > 0. Now gm 2 H , gt 2 H so g�qt 2 H for any q sinceH is a subgroup. It follows that gmg�qt D gm�qt 2 H . This implies that gr 2 H .However this is a contradiction since r < t and t is the least positive power in H . Itfollows that r D 0 so m D qt . This implies that gm D gqt D .gt /q , that is gm isa multiple of gt . Therefore every element of H is a multiple of gt and therefore gt

generates H and hence H D hgt i.From the proof above in the subgroup hgt i the integer t is the smallest positive

power of g in hgt i. Therefore if t1; t2 are positive integers with t1 ¤ t2 then hgt1i andhgt2i are distinct.


Theorem 9.5.8. Let G D hgi be a cyclic group. Then

(a) IfGDhgi is finite of order n then gk is also a generator if and only if .k; n/D1.That is the generators of G are precisely those powers gk where k is relativelyprime to n.

(b) If G D hgi is infinite then the only generators are g; g�1.

Proof. (a) LetG D hgi be a finite cyclic group of order n and suppose that .k; n/ D 1.Then there exist integers x; y with kx C ny D 1. It follows that

g D gkxCny D .gk/x.gn/y D .gk/x

since gn D 1. Hence g is a power of gk that implies every element of G is also apower of gk . Therefore gk is also a generator.

Conversely suppose that gk is also a generator. Then g is a power of gk so thereexists an x such that g D gkx . It follows that kx � 1 modulo n and so there existsa y such that

kx C ny D 1:

This then implies that .k; n/ D 1.(b) If G D hgi is infinite then any power of g other than g�1 generates a proper

subgroup. If g is a power of gn for some n so that g D gnx it follows that gnx�1 D 1

so that g has finite order contradicting that G is infinite cyclic.

Recall that for positive integers n the Euler phi-function is defined as follows.

Definition 9.5.9. For any n > 0, let

�.n/ D number of integers less than or equal to n and relatively prime to n:

Example 9.5.10. �.6/ D 2 since among 1; 2; 3; 4; 5; 6 only 1; 5 are relatively primeto 6.

Corollary 9.5.11. If G D hgi is finite of order n then there are �.n/ generators forG where � is the Euler phi-function.

Proof. From Theorem 9.5.8 the generators of G are precisely the powers gk where.k; n/ D 1. The numbers relatively prime to n are counted by the Euler phi-function.

Recall that in an arbitrary group G, if g 2 G, then the order of g, denoted o.g/,is the order of the cyclic subgroup generated by g. Given two elements g; h 2 G ingeneral there is no relationship between o.g/; o.h/ and the order of the product gh.However if they commute there is a very direct relationship.


Lemma 9.5.12. Let G be an arbitrary group and g; h 2 G both of finite ordero.g/; o.h/. If g and h commute, that is gh D hg, then o.gh/ divides lcm.o.g/; o.h//.In particular if G is an abelian group then o.gh/j lcm.o.g/; o.h// for all g; h 2 G offinite order. Further if hgi \ hhi D ¹1º then o.gh/ D lcm.o.g/; o.h//.

Proof. Suppose o.g/ D n and o.h/ D m are finite. If g; h commute then for any kwe have .gh/k D gkhk . Let t D lcm.n;m/ then t D k1m; t D k2n. Hence

.gh/t D gtht D .gm/k1.hn/k2 D 1:

Therefore the order of gh is finite and divides t . Suppose that hgi \ hhi D ¹1º thatis the cyclic subgroup generated by g intersects trivially with the cyclic subgroupgenerated by h. Let k D o.gh/ which we know is finite from the first part of thelemma. Let t D lcm.n;m/. We then have .gh/k D gkhk D 1 which implies thatgk D h�k . Since the cyclic subgroups have only trivial intersection this implies thatgk D 1 and hk D 1. But then njk and mjk and hence t jk. Since kjt it follows thatk D t .

Recall that if m and n are relatively prime then lcm.m; n/ D mn. Further if theorders of g and h are relatively prime it follows from Lagrange’s theorem that hgi \hhi D ¹1º. We then get the following.

Corollary 9.5.13. If g; h commute and o.g/ and o.h/ are finite and relatively primethen o.gh/ D o.g/o.h/.

Definition 9.5.14. If G is a finite abelian group then the exponent of G is the lcm ofthe orders of all elements of G. That is

exp.G/ D lcm¹o.g/ W g 2 Gº:As a consequence of Lemma 9.5.12 we obtain

Lemma 9.5.15. LetG be a finite abelian group. ThenG contains an element of orderexp.G/.

Proof. Suppose that exp.G/ D pe1

1 � � �pek

kwith pi distinct primes. By the definition

of exp.G/ there is a gi 2 G with o.gi / D pei

i ri with pi and ri relatively prime. Lethi D g

ri

i . Then from Lemma 9.5.12 we get o.hi / D pei

i . Now let g D h1h2 � � �hk .From the corollary to Lemma 9.5.12 we have o.g/ D pe1

1 � � �pek

kD exp.G/.

If K is a field then the multiplicative subgroup of nonzero elements of K is anabelian groupK?. The above results lead to the fact that a finite subgroup ofK? mustactually be cyclic.

Theorem 9.5.16. Let K be a field. Then any finite subgroup of K? is cyclic.


Proof. Let A � K? with jAj D n. Suppose that m D exp.A/. Consider the poly-nomial f .x/ D xm � 1 2 KŒx�. Since the order of each element in A divides m itfollows that am D 1 for all a 2 A and hence each a 2 A is a zero of the polynomialf .x/. Hence f .x/ has at least n zeros. Since a polynomial of degree m over a fieldcan have at most m zeros it follows that n < m. From Lemma 9.5.15 there is anelement a 2 A with o.a/ D m. Since jAj D n it follows that mjn and hence m < n.Therefore m D n and hence A D hai showing that A is cyclic.

We close this section with two other results concerning cyclic groups. The firstproves, using group theory, a very interesting number theoretic result concerning theEuler phi-function.

Theorem 9.5.17. For n > 1 and for d � 1

X

d jn�.d/ D n:

Proof. Consider a cyclic group G of order n. For each d jn, d � 1 there is a uniquecyclic subgroup H of order d . H then has �.d/ generators. Each element in Ggenerates its own cyclic subgroup H1, say of order d and hence must be included inthe �.d/ generators of H1. Therefore

X

d jn�.d/ D sum of the numbers of generators of the cyclic subgroups of G:

But this must be the whole group and hence this sum is n.

We shall make use of the above theorem directly in the following theorem.

Theorem 9.5.18. If jGj D n and if for each positive d such that d jn, G has at mostone cyclic subgroup of order d , then G is cyclic (and consequently, has exactly onecyclic subgroup of order d ).

Proof. For each d jn, d > 0, let .d/ D the number of elements of G of order d .Then

X

d jn .d/ D n:

Now suppose that .d/ ¤ 0 for a given d jn. Then there exists an a 2 G of order dwhich generates a cyclic subgroup, hai, of order d of G. We claim that all elementsof G of order d are in hai. Indeed, if b 2 G with o.b/ D d and b … hai, then hbi is asecond cyclic subgroup of order d , distinct from hai. This contradicts the hypothesis,so the claim is proved. Thus, if .d/ ¤ 0, then .d/ D �.d/. In general, wehave .d/ � �.d/, for all positive d jn. But n D P

d jn .d/ � P

d jn �.d/, bythe previous theorem. It follows, clearly, from this that .d/ D �.d/ for all d jn. In


particular, .n/ D �.n/ � 1. Hence, there exists at least one element of G of ordern; hence G is cyclic. This completes the proof.

Corollary 9.5.19. If in a group G of order n, for each d jn, the equation xd D 1 hasat most d solutions in G, then G is cyclic.

Proof. The hypothesis clearly implies thatG can have at most one cyclic subgroup oforder d since all elements of such a subgroup satisfy the equation. So Theorem 9.5.17applies to give our result.

If H is a subgroup of a group G then G operates as a group of permutations onthe set ¹aH W a 2 Rº of left cosets of H in G where R is a left transversal of Hin G. This we can use to show that a finitely generated group has only finitely manysubgroups of a given finite index.

Theorem 9.5.20. Let G be a finitely generated group. The number of subgroups ofindex n < 1 is finite.

Proof. Let H be a subgroup of index n. We choose a left transversal ¹c1; : : : ; cnºfor H in G where c1 D 1 represents H . G permutes the set of cosets ciH bymultiplication from the left. This induces a homomorphism H from G to Sn asfollows. For each g 2 G let H .g/ be the permutation which maps i to j if gciH DcjH . H .g/ fixes the number 1 if and only if g 2 H because c1H D H . Now, letH and L be two different subgroups of index n in G. Then there exists g 2 H withg … L and H .g/ ¤ L.g/, and hence H and L are different. Since G is finitelygenerated there are only finitely many homomorphisms from G to Sn. Therefore thenumber of subgroups of index n < 1 is finite.

9.6 Exercises


2. Suppose that g 2 G and gm D 1 for some positive integer m. Let n be the small-est positive integer such that gn D 1. Show the set of elements ¹1; g; g2; : : : ;

gn�1º are all distinct but for any other power gk we have gk D gt for somek D 0; 1; : : : ; n � 1.

3. Let G be a group and U1; U2 be finite subgroups of G. If jU1j and jU2j arerelatively prime, then U1 \ U2 D ¹eº.

4. Let A;B be subgroups of a finite group G. If jAj � jBj > jGj then A \ B ¤ ¹eº.


5. Let G be the set of all real matrices of the form�

a �bb a

�

, where a2 C b2 ¤ 0.Show:

(a) G is a group.

(b) For each n 2 N there is at least one element of order n in G.

6. Let p be a prime, and let G D SL.2; p/. Show:

(a) G has at least 2p � 2 elements of order p (their exact number is p2 � 1).

(b) If p is odd, then xp D 1 for all x 2 G.

7. Let p be a prime and a 2 Z. Show that ap � a mod p.

8. Let F be a field. Show that the set of n � n matrices of determinant 1 over Fforms a group.

9. Here we outline a proof that every planar Euclidean congruence motion is eithera rotation, translation, reflection or glide reflection. An isometry in this problemis a planar Euclidean congruence motion. Show:

(a) If T is an isometry then it is completely determined by its action on a trian-gle – equivalent to showing that if T fixes three noncollinear points then itmust be the identity.

(b) If an isometry T has exactly one fixed point then it must be a rotation withthat point as center.

(c) If an isometry T has two fixed points then it fixes the line joining them.Then show that if T is not the identity it must be a reflection through thisline.

(d) If an isometry T has no fixed point but preserves orientation then it must bea translation.

(e) If an isometry T has no fixed point but reverses orientation then it must bea glide reflection.

10. Let Pn be a regular n-gon and DN its group of symmetries. Show that jDnj D2n. (Hint: First show that jDnj � 2n and then exhibit 2n distinct symmetries.)

11. If A;B have the same cardinality, then there exists a bijection W A ! B .Define a map F W SA ! SB in the following manner: if f 2 SA, let F.f / bethe permutation on B given by F.f /.b/ D .f . �1.b///. Show that F is anisomorphism.


Chapter 10

Normal Subgroups, Factor Groups andDirect Products

10.1 Normal Subgroups and Factor Groups

In rings we saw that there were certain special types of subrings, called ideals, thatallowed us to define factor rings. The analogous object for groups is called a normalsubgroup which we will define and investigate in this section.

Definition 10.1.1. Let G be an arbitrary group and suppose that H1 and H2 are sub-groups ofG. We say thatH2 is conjugate toH1 if there exists an element a 2 G suchthat H2 D aH1a

�1. H1;H2 are the called conjugate subgroups of G.

Lemma 10.1.2. Let G be an arbitrary group. Then the relation of conjugacy is anequivalence relation on the set of subgroups of G.

Proof. We must show that conjugacy is reflexive, symmetric and transitive. If H is asubgroup of G then 1�1H1 D H and henceH is conjugate to itself and therefore therelation is reflexive.

Suppose that H1 is conjugate to H2. Then there exists a g 2 G with g�1H1g DH2. This implies that gH2g

�1 D H1. However .g�1/�1 D g and hence lettingg�1 D g1 we have g�1

1 H2g1 D H1: ThereforeH2 is conjugate toH1 and conjugacyis symmetric.

Finally suppose that H1 is conjugate to H2 and H2 is conjugate to H3. Then thereexist g1; g2 2 G with H2 D g�1

1 H1g1 and H3 D g�12 H2g2. Then

H3 D g�12 g�1

1 H1g1g2 D .g1g2/�1H1.g1g2/:

Therefore H3 is conjugate to H2 and conjugacy is transitive.

Lemma 10.1.3. Let G be an arbitrary group. Then for g 2 G the map g W a !g�1ag is an automorphism on G.

Proof. For a fixed g 2 G define the map f W G ! G by f .a/ D g�1ag for a 2 G.We must show that this is a homomorphism and that it is one-to-one and onto.

142 Chapter 10 Normal Subgroups, Factor Groups and Direct Products

Let a1; a2 2 G. Then

f .a1a2/ D g�1a1a2g D .g�1a1g/.g�1a2g/ D f .a1/f .a2/:

Hence f is a homomorphism.If f .a1/ D f .a2/ then g�1a1g D g�1a2g. Clearly by the cancellation law we

then have a1 D a2 and hence f is one-to-one.Finally let a 2 G and let a1 D gag�1. Then a D g�1a1g and hence f .a1/ D a.

It follows that f is onto and therefore f is an automorphism on G.

In general a subgroup H of a group G may have many different conjugates. How-ever in certain situations the only conjugate of a subgroup H is H itself. If this is thecase we say thatH is a normal subgroup. We will see shortly that this is precisely theanalog for groups of the concept of an ideal in rings.

Definition 10.1.4. Let G be an arbitrary group. A subgroup H is a normal subgroupof G, which we denote by H GG, if g�1Hg D H for all g 2 G.

Since the conjugation map is an isomorphism it follows that if g�1Hg � H theng�1Hg D H . Hence in order to show that a subgroup is normal we need only showinclusion.

Lemma 10.1.5. Let N be a subgroup of a group G. Then if aNa�1 � N for alla 2 G, then aNa�1 D N . In particular, aNa�1 � N for all a 2 G implies that Nis a normal subgroup.

Notice that if g�1Hg D H then Hg D gH . That is as sets the left coset gHis equal to the right coset Hg. Hence for each h1 2 H there is an h2 2 H withgh1 D h2g. If H G G this is true for all g 2 G. Further if H is normal then for theproduct of two cosets g1H and g2H we have

.g1H/.g2H/ D g1.Hg2/H D g1g2.HH/ D g1g2H:

If .g1H/.g2H/ D .g1g2/H for all g1; g2 2 G we necessarily have gHg�1 D H

for all g 2 G.Hence we have proved:

Lemma 10.1.6. Let H be a subgroup of a group G. Then the following are equiva-lent:

(1) H is a normal subgroup of G.

(2) g�1Hg D H for all g 2 G.

(3) gH D Hg for all g 2 G.

(4) .g1H/.g2H/ D .g1g2/H for all g1; g2 2 G.

Section 10.1 Normal Subgroups and Factor Groups 143

This is precisely the condition needed to construct factor groups. First we givesome examples of normal subgroups.

Lemma 10.1.7. Every subgroup of an abelian group is normal.

Proof. Let G be abelian and H a subgroup of G. Suppose g 2 G then gh D hg forall h 2 H since G is abelian. It follows that gH D Hg. Since this is true for everyg 2 G it follows that H is normal.

Lemma 10.1.8. Let H � G be a subgroup of index 2, that is ŒG W H� D 2. Then His normal in G.

Proof. Suppose that ŒG W H� D 2. We must show that gH D Hg for all g 2 G. Ifg 2 H then clearly H D gH D Hg. Therefore we may assume that g is not in H .Then there are only 2 left cosets and 2 right cosets. That is,

G D H [ gH D H [Hg:Since the union is a disjoint union we must have gH D Hg and hence H is normal.

Lemma 10.1.9. Let K be any field. Then the group SL.n;K/ is a normal subgroupof GL.n;K/ for any positive integer n.

Proof. Recall that GL.n;K/ is the group of n � n matrices over the field K withnonzero determinant while SL.n;K/ is the subgroup of n � n matrices over the fieldK with determinant equal to 1. Let U 2 SL.n;K/ and T 2 GL.n;K/. ConsiderT �1UT . Then

det.T �1UT / D det.T �1/ det.U / det.T / D det.U / det.T �1T /

D det.U / det.I / D det.U / D 1:

Hence T �1UT 2 SL.n;K/ for any U 2 SL.n;K/ and any T 2 GL.n;K/. It followsthat T �1 SL.n;K/T � SL.n;K/ and therefore SL.n;K/ is normal in GL.n;K/.

The intersection of normal subgroups is again normal and the product of normalsubgroups is normal.

Lemma 10.1.10. Let N1; N2 be normal subgroups of the group G. Then

(1) N1 \N2 is a normal subgroup of G.

(2) N1N2 is a normal subgroup of G.

(3) IfH is any subgroup ofG thenN1 \H is a normal subgroup ofH andN1H DHN1.


Proof. (a) Let n 2 N1 \ N2 and g 2 G. Then g�1ng 2 N1 since N1 is normal.Similarly g�1ng 2 N2 since N2 is normal. Hence g�1ng 2 N1 \N2. It follows thatg�1.N1 \N2/g � N1 \N2 and therefore N1 \N2 is normal.

(b) Let n1 2 N1; n2 2 N2. Since N1; N2 are both normal N1N2 D N2N1 as setsand the complex N1N2 forms a subgroup of G. Let g 2 G and n1n2 2 N1N2. Then

g�1.n1n2/g D .g�1n1g/.g�1n2g/ 2 N1N2

since g�1n1g 2 N1 and g�1n2g 2 N2. Therefore N1N2 is normal in G.(c) Let h 2 H and n 2 N \H . Then as in part (a) h�1nh 2 N \H and therefore

N \ H is a normal subgroup of H . The same argument as in part (b) shows thatN1H D HN1.

We now construct factor groups or quotient groups of a group modulo a normalsubgroup.

Definition 10.1.11. Let G be an arbitrary group and H a normal subgroup of G. LetG=H denote the set of distinct left (and hence also right) cosets of H in G. On G=Hdefine the multiplication

.g1H/.g2H/ D g1g2H

for any elements g1H;g2H in G=H .

Theorem 10.1.12. Let G be a group and H a normal subgroup of G. Then G=Hunder the operation defined above forms a group. This group is called the factorgroup or quotient group of G modulo H . The identity element is the coset 1H D H

and the inverse of a coset gH is g�1H .

Proof. We first show that the operation on G=N is well-defined. Suppose that a0N DaN and b0N D bN , then b0 2 bN and so b0 D bn1. Similarly a0 D an2 wheren1; n2 2 N . Therefore

a0b0N D an2bn1N D an2bN

since n1 2 N . But b�1n2b D n3 2 N , since N is normal, so the right-hand side ofthe equation can be written as

an2bN D abN:

Thus we have shown that if N GG then a0b0N D abN , and the operation on G=N isindeed, well-defined.

The associative law is true because coset multiplication as defined above uses theordinary group operation which is by definition associative.

The coset N serves as the identity element of G=N . Notice that

aN �N D aN 2 D aN

Section 10.1 Normal Subgroups and Factor Groups 145

andN � aN D aN 2 D aN:

The inverse of aN is a�1N since

aNa�1N D aa�1N 2 D N:

We emphasize that the elements of G=N are cosets and thus subsets of G. IfjGj < 1, then jG=N j D ŒG W N�, the member of cosets of N in G. It is also tobe emphasized that in order for G=N to be a group N must be a normal subgroupof G.

In some cases properties of G are preserved in factor groups.

Lemma 10.1.13. If G is abelian then any factor group of G is also abelian. If G iscyclic then any factor group of G is also cyclic.

Proof. Suppose that G is abelian and H is a subgroup of G. H is necessarily normalfrom Lemma 10.1.7 so that we can form the factor group G=H . Let g1H;g2H 2G=H . Since G is abelian we have g1g2 D g2g1. Then in G=H ,

.g1H/.g2H/ D .g1g2/H D .g2g1/H D .g2H/.g1H/:

Therefore G=H is abelian.We leave the proof of the second part to the exercises.

An extremely important concept is when a group contains no proper normal sub-groups other than the identity subgroup ¹1º.

Definition 10.1.14. A group G ¤ ¹1º is simple provided that N GG implies N D G

or N D ¹1º.

One of the most outstanding problems in group theory has been to give a completeclassification of all finite simple groups. In other words, this is the program to dis-cover all finite simple groups and to prove that there are no more to be found. Thiswas accomplished through the efforts of many mathematicians. The proof of thismagnificent result took thousands of pages. We refer the reader to [18] for a completediscussion of this. We give one elementary example.

Lemma 10.1.15. Any finite group of prime order is simple and cyclic.

Proof. Suppose that G is a finite group and jGj D p where p is a prime. Let g 2 Gwith g ¤ 1. Then hgi is a nontrivial subgroup of G so its order divides the order ofG by Lagrange’s theorem. Since g ¤ 1 and p is a prime we must have jhgij D p.Therefore hgi is all of G, that is G D hgi and hence G is cyclic.

The argument above shows thatG has no nontrivial proper subgroups and thereforeno nontrivial normal subgroups. Therefore G is simple.

In the next chapter we will examine certain other finite simple groups.


10.2 The Group Isomorphism Theorems

In Chapter 1 we saw that there was a close relationship between ring homomorphismsand factor rings. In particular to each ideal, and consequently to each factor ring,there is a ring homomorphism that has that ideal as its kernel. Conversely to each ringhomomorphism its kernel is an ideal and the corresponding factor ring is isomorphicto the image of the homomorphism. This was formalized in Theorem 1.5.7 which wecalled the ring isomorphism theorem. We now look at the group theoretical analogof this result, called the group isomorphism theorem. We will then examine someconsequences of this result that will be crucial in the Galois theory of fields.

Definition 10.2.1. If G1 and G2 are groups and f W G1 ! G2 is a group homo-morphism then the kernel of f , denoted ker.f /, is defined as

ker.f / D ¹g 2 G1 W f .g/ D 1º:

That is the kernel is the set of the elements of G1 that map onto the identity of G2.The image of f , denoted im.f /, is the set of elements of G2 mapped onto by f fromelements of G1. That is

im.f / D ¹g 2 G2 W f .g1/ D g2 for some g1 2 G1º:

Note that if f is a surjection then im.f / D G2.

As with ring homomorphisms the kernel measures how far a homomorphism isfrom being an injection, that is, a one-to-one mapping.

Lemma 10.2.2. Let G1 and G2 are groups and f W G1 ! G2 a group homomorph-ism. Then f is injective if and only if ker.f / D ¹1º.

Proof. Suppose that f is injective. Since f .1/ D 1 we always have 1 2 ker.f /.Suppose that g 2 ker.f /. Then f .g/ D f .1/. Since f is injective this implies thatg D 1 and hence ker.f / D ¹1º.

Conversely suppose that ker.f / D ¹1º and f .g1/ D f .g2/. Then

f .g1/.f .g2//�1 D 1 H) f .g1g

�12 / D 1 H) g1g

�12 2 ker.f /:

Then since ker.f / D ¹1º we have g1g�12 D 1 and hence g1 D g2. Therefore f is

injective.

We now state the group isomorphism theorem. This is entirely analogous to thering isomorphism theorem replacing ideals by normal subgroups. We note that thistheorem is sometimes called the first group isomorphism theorem.

Section 10.2 The Group Isomorphism Theorems 147

Theorem 10.2.3 (group isomorphism theorem). (a) Let G1 and G2 be groups andf W G1 ! G2 a group homomorphism. Then ker.f / is a normal subgroup ofG1, im.f / is a subgroup of G2 and

G= ker.f / Š im.f /:

(b) Conversely suppose that N is a normal subgroup of a group G. Then thereexists a group H and a homomorphism f W G ! H such that ker.f / D N

and im.f / D H .

Proof. (a) Since 1 2 ker.f / the kernel is nonempty. Suppose that g1; g2 2 ker.f /.Then f .g1/ D f .g2/ D 1. It follows that f .g1g

�12 / D f .g1/.f .g2//

�1 D 1.Hence g1g

�12 2 ker.f / and therefore ker.f / is a subgroup of G1. Further for any

g 2 G1 we have

f .g�1g1g/ D .f .g//�1f .g1/f .g/

D .f .g//�1 � 1 �f .g/ D f .g�1g/ D f .1/ D 1:

Hence g�1g1g 2 ker.f / and ker.f / is a normal subgroup.It is straightforward to show that im.f / is a subgroup of G2.Consider the map Of W G= ker.f / ! im.f / defined by

Of .g ker.f // D f .g/:

We show that this is an isomorphism.Suppose that g1 ker.f / D g2 ker.f / then g1g

�12 2 ker.f / so that f .g1g

�12 / D 1.

This implies that f .g1/ D f .g2/ and hence the map Of is well-defined. Now

Of .g1 ker.f /g2 ker.f // D Of .g1g2 ker.f // D f .g1g2/

D f .g1/f .g2/ D Of .g1 ker.f // Of .g2 ker.f //

and therefore Of is a homomorphism.Suppose that Of .g1 ker.f // D Of .g2 ker.f // then f .g1/ D f .g2/ and hence

g1 ker.f / D g2 ker.f /. It follows that Of is injective.Finally suppose that h 2 im.f /. Then there exists a g 2 G1 with f .g/ D h. Then

Of .g ker.f // D h and Of is a surjection onto im.f /. Therefore Of is an isomorphismcompleting the proof of part (a).

(b) Conversely suppose that N is a normal subgroup of G. Define the map f WG ! G=N by f .g/ D gN for g 2 G. By the definition of the product in thequotient group G=N it is clear that f is a homomorphism with im.f / D G=N . Ifg 2 ker.f / then f .g/ D gN D N since N is the identity in G=N . However thisimplies that g 2 N and hence it follows that ker.f / D N completing the proof.


There are two related theorems that are called the second isomorphism theorem andthe third isomorphism theorem.

Theorem 10.2.4 (second isomorphism theorem). Let N be a normal subgroup of agroup G and U a subgroup of G. Then U \N is normal in U and

.UN/=N Š U=.U \N/:Proof. From Lemma 10.1.10 we know that U \N is normal in U . Define the map

˛ W UN ! U=U \Nby ˛.un/ D u.U \ N/. If un D u0n0 then u0�1u D n0n�1 2 U \ N . Thereforeu0.U \N/ D u.U \N/ and hence the map ˛ is well-defined.

Suppose that un; u0n0 2 UN SinceN is normal inG we have that unu0n0 2 uu0N .Hence unu0n0 D uu0n00 with n00 2 N . Then

˛.unu0n0/ D ˛.uu0n/ D uu0.U \N/:However U \N is normal in U so

uu0.U \N/ D u.U \N/u0.U \N/ D ˛.un/˛.u0n0/:

Therefore ˛ is a homomorphism.We have im.˛/ D U=.U \ N/ by definition. Suppose that un 2 ker.˛/. Then

˛.un/ D U \ N � N which implies u 2 N . Therefore ker.f / D N . From thegroup isomorphism theorem we then have

UN=N Š U=.U \N/proving the theorem.

Theorem 10.2.5 (third isomorphism theorem). Let N and M be normal subgroupsof a group G with N a subgroup of M . Then M=N is a normal subgroup in G=Nand

.G=N/=.M=N/ Š G=M:

Proof. Define the map ˇ W G=N ! G=M by

ˇ.gN/ D gM:

It is straightforward that ˇ is well-defined and a homomorphism. If gN 2 ker.ˇ/ thenˇ.gN/ D gM D M and hence g 2 M . It follows that ker.ˇ/ D M=N . In particularthis shows that M=N is normal in G=N . From the group isomorphism theorem then

.G=N/=.M=N/ Š G=M:

Section 10.3 Direct Products of Groups 149

For a normal subgroup N in G the homomorphism f W G ! G=N provides aone-to-one correspondence between subgroups of G containing N and the subgroupsof G=N . This correspondence will play a fundamental role in the study of subfieldsof a field.

Theorem 10.2.6 (correspondence theorem). Let N be a normal subgroup of a groupG and let f be the corresponding homomorphism f W G ! G=N . Then the mapping

� W H ! f .H/

where H is a subgroup of G containing N provides a one-to-one correspondencebetween all the subgroups of G=N and the subgroups of G containing N .

Proof. We first show that the mapping � is surjective. Let H1 be a subgroup of G=Nand let

H D ¹g 2 G W f .g/ 2 H1º:We show that H is a subgroup of G and that N � H .

If g1; g2 2 H then f .g1/ 2 H1 and f .g2/ 2 H1. Therefore f .g1/f .g2/ 2 H1

and hence f .g1g2/ 2 H1. Therefore g1g2 2 H . In an identical fashion g�11 2 H .

Therefore H is a subgroup of G. If n 2 N then f .n/ D 1 2 H1 and hence n 2 H .Therefore N � H showing that the map � is surjective.

Suppose that �.H1/ D �.H2/ where H1 and H2 are subgroups of G containingN . This implies that f .H1/ D f .H2/. Let g1 2 H1. Then f .g1/ D f .g2/ for someg2 2 H2. Then g1g

�12 2 ker.f / D N � H2. It follows that g1g

�12 2 H2 so that

g1 2 H2. Hence H1 � H2. In a similar fashion H2 � H1 and therefore H1 D H2.It follows that � is injective.

10.3 Direct Products of Groups

In this section we look at a very important construction, the direct product, whichallows us to build new groups out of existing groups. This construction is the analogfor groups of the direct sum of rings. As an application of this construction, in thenext section we present a theorem which completely describes the structure of finiteabelian groups.

Let G1; G2 be groups and let G be the Cartesian product of G1 and G2. That is

G D G1 �G2 D ¹.a; b/ W a 2 G1; b 2 G2º:On G define

.a1; b1/ � .a2; b2/ D .a1a2; b1b2/:

With this operation it is direct to verify the groups axioms forG and henceG becomesa group.


Theorem 10.3.1. Let G1; G2 be groups and G the Cartesian product G1 � G2 withthe operation defined above. Then G forms a group called the direct product of G1

and G2. The identity element is .1; 1/ and .g; h/�1 D .g�1; h�1/.

This construction can be iterated to any finite number of groups (also to an infinitenumber but we won’t consider that here) G1; : : : ; Gn to form the direct product G1 �G2 � � � � �Gn.

Theorem 10.3.2. For groups G1 and G2 we have G1 �G2 Š G2 �G1 and G1 �G2

is abelian if and only if each Gi , i D 1; 2, is abelian.

Proof. The map .a; b/ ! .b; a/ where a 2 G1; b 2 G2 provides an isomorphismfrom G1 �G2 ! G2 �G1.

Suppose that both G1; G2 are abelian. Then if a1; a2 2 G1; b1; b2 2 G2 we have

.a1; b1/.a2; b2/ D .a1a2; b1b2/ D .a2a1; b2b1/ D .a2; b2/.a1; b1/

and hence G1 �G2 is abelian.Conversely suppose G1 �G2 is abelian and suppose that a1; a2 2 G1. Then for the

identity 1 2 G2 we have

.a1a2; 1/ D .a1; 1/.a2; 1/ D .a2; 1/.a1; 1/ D .a2a1; 1/:

Therefore a1a2 D a2a1 and G1 is abelian. Identically G2 is abelian.

We show next that in G1 �G2 there are normal subgroups H1;H2 with H1 Š G1

and H2 Š G2.

Theorem 10.3.3. Let G D G1 �G2. LetH1 D ¹.a; 1/ W a 2 G1º andH2 D ¹.1; b/ Wb 2 G2º. Then both H1 and H2 are normal subgroups of G with G D H1H2 andH1 \H2 D ¹1º. Further H1 Š G1;H2 Š G2 and G=H1 Š G2 and G=H2 Š G1.

Proof. Map G1 � G2 onto G2 by .a; b/ ! b. It is clear that this map is a homo-morphism and that the kernel is H1 D ¹.a; 1/ W a 2 G1º. This establishes that H1

is a normal subgroup of G and that G=H1 Š G2. In an identical fashion we get thatG=H2 Š G1. The map .a; 1/ ! a provides the isomorphism from H1 onto G1.

If the factors are finite it is easy to find the order of G1 � G2. The size of theCartesian product is just the product of the sizes of the factors.

Lemma 10.3.4. If jG1j and jG2j are finite then jG1 �G2j D jG1jjG2j.Now suppose thatG is a group with normal subgroupsG1; G2 such thatG D G1G2

and G1 \ G2 D ¹1º. Then we will show that G is isomorphic to the direct productG1 �G2. In this case we say that G is the internal direct product of its subgroups andthat G1; G2 are direct factors of G.

Section 10.4 Finite Abelian Groups 151

Theorem 10.3.5. Suppose thatG is a group with normal subgroupsG1; G2 such thatG D G1G2 andG1 \G2 D ¹1º. ThenG is isomorphic to the direct productG1 �G2.

Proof. Since G D G1G2 each element of G has the form ab with a 2 G1; b 2 G2.We first show that each a 2 G1 commutes with each b 2 G2. Consider the elementaba�1b�1. Since G1 is normal ba�1b�1 2 G1 which implies that abab�1 2 G1.Since G2 is normal aba�1 2 G2 which implies that aba�1b�1 2 G2. Thereforeaba�1b�1 2 G1 \G2 D ¹1º and hence aba�1b1 D 1 so that ab D ba.

Now map G onto G1 �G2 by f .ab/ ! .a; b/. We claim that this is an isomorph-ism. It is clearly onto. Now

f ..a1b1/.a2b2// D f .a1a2b1b2/ D .a1a2; b1b2/

D .a1; b1/.a2; b2/ D f ..a1; b1//f .a2; b2//

so that f is a homomorphism. The kernel isG1 \G2 D ¹1º and so f is an isomorph-ism.

Although the end resulting groups are isomorphic we call G1 � G2 an externaldirect product if we started with the groups G1; G2 and constructed G1 � G2 andcall G1 � G2 an internal direct product if we started with a group G having normalsubgroups as in the theorem.

10.4 Finite Abelian Groups

We now use the results of the last section to present a theorem that completely pro-vides the structure of finite abelian groups. This theorem is a special case of a generalresult on modules that we will examine in detail later in the book.

Theorem 10.4.1 (basis theorem for finite abelian groups). Let G be a finite abeliangroup. Then G is a direct product of cyclic groups of prime power order.

Before giving the proof we give two examples showing how this theorem leads tothe classification of finite abelian groups.

Since all cyclic groups of order n are isomorphic to .Zn;C/we will denote a cyclicgroup of order n by Zn.

Example 10.4.2. Classify all abelian groups of order 60. Let G be an abelian groupof order 60. From Theorem 10.4.1 G must be a direct product of cyclic groups ofprime power order. Now 60 D 22 � 3 � 5 so the only primes involved are 2, 3 and 5.Hence the cyclic group involved in the direct product decomposition of G have ordereither 2, 4, 3 or 5 (by Lagrange’s theorem they must be divisors of 60). Therefore G


must be of the form

G Š Z4 � Z3 � Z5

G Š Z2 � Z2 � Z3 � Z5:

Hence up to isomorphism there are only two abelian groups of order 60.

Example 10.4.3. Classify all abelian groups of order 180. Now 180 D 22 � 32 � 5 sothe only primes involved are 2, 3 and 5. Hence the cyclic group involved in the directproduct decomposition of G have order either 2, 4, 3, 9 or 5 (by Lagrange’s theoremthey must be divisors of 180). Therefore G must be of the form

G Š Z4 � Z9 � Z5

G Š Z2 � Z2 � Z9 � Z5

G Š Z4 � Z3 � Z3 � Z5

G Š Z2 � Z2 � Z3 � Z3 � Z5:

Hence up to isomorphism there are four abelian groups of order 180.

The proof of Theorem 10.4.1 involves the following lemmas.

Lemma 10.4.4. Let G be a finite abelian group and let pjjGj where p is a prime.Then all the elements of G whose orders are a power of p form a normal subgroupof G. This subgroup is called the p-primary component of G, which we will denoteby Gp .

Proof. Let p be a prime with pjjGj and let a and b be two elements of G of order apower of p. Since G is abelian the order of ab is the lcm of the orders which is againa power of p. Therefore ab 2 Gp. The order of a�1 is the same as the order of a soa�1 2 Gp and therefore Gp is a subgroup.

Lemma 10.4.5. Let G be a finite abelian group of order n. Suppose that n Dp

e1

1 � � �pek

kwith p1; : : : ; pk distinct primes. Then

G Š Gp1� � � � �Gpk

where Gpiis the pi -primary component of G.

Proof. Each Gpiis normal since G is abelian and since distinct primes are relatively

prime the intersection of the Gpiis the identity. Therefore Lemma 10.4.5 will follow

by showing that each element of G is a product of elements in the Gp1.


Let g 2 G. Then the order of g is pf1

1 � � �pfk

k. We write this as pfi

i m with

.m; pi / D 1. Then gm has order pfi

i and hence is in Gpi. Now since p1; : : : ; pk

are relatively prime there exists m1; : : : ; mk with

m1pf1

1 C � � � Cmkpfk

kD 1

and hence

g D .gpf11 /m1 � � � .gp

fkk /mk :

Therefore g is a product of elements in the Gpi.

We next need the concept of a basis. Let G be any finitely generated abelian group(finite or infinite) and let g1; : : : ; gn be a set of generators for G. The generatorsg1; : : : ; gn form a basis if

G D hg1i � � � � � hgni;that is G is the direct product of the cyclic subgroups generated by the gi . The basistheorem for finite abelian groups says that any finite abelian group has a basis.

Suppose thatG is a finite abelian group with a basis g1; : : : ; gk so thatG D hg1i�� hgki. Since G is finite each gi has finite order say mi . It follows than from thefact that G is a direct product that each g 2 G can be expressed as

g D gn1

1 � � �gnk

k

and further the integers n1; : : : ; nk are unique modulo the order of gi . Hence eachinteger ni can be chosen in the range 0; 1; : : : ; mi � 1 and within this range for theelement g the integer ni is unique.

From the previous lemma each finite abelian group splits into a direct product ofits p-primary components for different primes p. Hence to complete the proof of thebasis theorem we must show that any finite abelian group of order pm for some primep has a basis. We call an abelian group of order pm an abelian p-group.

Consider an abelian group G of order pm for a prime p. It is somewhat easierto complete the proof if we consider the group using additive notation. That is theoperation is considered C, the identity as 0 and powers are given by multiples. Henceif an element g 2 G has order pk then in additive notation pkg D 0. A set ofelements g1; : : : ; gk is then a basis for G if each g 2 G can be expressed uniquely asg D m1g1 C � � � C mkgk where the mi are unique modulo the order of gi . We saythat the g1; : : : ; gk are independent and this is equivalent to the fact that wheneverm1g1 C � � � C mkgk D 0 then mi � 0 modulo the order of gi . We now prove thatany abelian p-group has a basis.

Lemma 10.4.6. Let G be a finite abelian group of prime power order pn for someprime p. Then G is a direct product of cyclic groups.


Notice that in the group G we have png D 0 for all g 2 G as a consequence ofLagrange’s theorem. Further every element has order a power of p. The smallestpower of p say pr such that prg D 0 for all g 2 G is called the exponent of G. Anyfinite abelian p-group must have some exponent pr .

Proof. The proof of this lemma is by induction on the exponent.The lowest possible exponent is p so suppose first that pg D 0 for all g 2 G. Since

G is finite it has a finite system of generators. Let S D ¹g1; : : : ; gkº be a minimal setof generators for G. We claim that this is a basis. Since this is a set of generators toshow its a basis we must show that they are independent. Hence suppose that we have

m1g1 C � � � Cmkgk D 0 (1)

for some set of integers mi . Since the order of each gi is p, as explained above wemay assume that 0 � mi < p for i D 1; : : : ; k. Suppose that one mi ¤ 0. Then.mi ; p/ D 1 and hence there exists an xi with mixi � 1 mod p (see Chapter 4).Multiplying the equation (1) by xi we get modulo p,

m1xig1 C � � � C gi C � � � Cmkxigk;

and rearranginggi D �m1xig1 � � � � �mkxkgk ;

But then gi can be expressed in terms of the other gj and therefore the set ¹g1; : : : ; gkºis not minimal. It follows that g1; : : : ; gk constitute a basis and the lemma is true forthe exponent p.

Now suppose that any finite abelian group of exponent pn�1 has a basis and as-sume that G has exponent pn. Consider the set G D pG D ¹pg W g 2 Gº. It isstraightforward that this forms a subgroup (see exercises). Since png D 0 for allg 2 G it follows that pn�1g D 0 for all g 2 G and so the exponent of G � pn�1.By the inductive hypothesis G has a basis

S D ¹pg1; : : : ; pgkº:Consider the set ¹g1; : : : ; gkº and adjoin to this set the set of all elements h 2 G

satisfying ph D 0. Call this set S1 so that we have

S1 D ¹g1; : : : ; gk; h1; : : : ; htº:We claim that S1 is a set of generators for G. Let g 2 G. Then pg 2 G which hasthe basis pg1; : : : ; pgk so that

pg D m1pg1 C � � � Cmkpgk :

This implies thatp.g �m1g1 � � � � �mkgk/ D 0


so that g1 �m1g1 � � � � �mkgk must be one of the hi . Hence

g �m1g1 � � � � �mkgk D hi so that g D m1g1 C � � � Cmkgk C hi

proving the claim.Now S1 is finite so there is a minimal subset of S1 that is still a generating system

for G. Call this S0 and suppose that S0, renumbering if necessary, is

S0 D ¹g1; : : : ; gr ; h1; : : : ; hsº with phi D 0 for i D 1; : : : ; s:

The subgroup generated by h1; : : : ; hs has exponent p so by inductive hypothesis hasa basis. We may assume than that h1; : : : ; hs is a basis for this subgroup and henceis independent. We claim now that g1; : : : ; gr ; h1; : : : ; hs are independent and henceform a basis for G.

Suppose that

m1gr C � � � Cmrgr C n1h1 C � � � C nshs D 0 (2)

for some integers m1; : : : ; mr ; h1; : : : ; hs . Each mi ; ni must be divisible by p. Sup-pose for example that somemi is not. Then .mi ; p/ D 1 and then .mi ; p

n/ D 1. Thisimplies that there exists an xi withmixi � 1 mod pn. Multiplying through by xi andrearranging we then obtain

gi D �m1xig1 � � � � � nsxihs:

Therefore gi can be expressed in terms of the remaining elements of S0 contradictingthe minimality of S0. An identical argument works if some ni is not divisible by p.Therefore the relation (2) takes the form

a1pg1 C � � � C arpgr C b1ph1 C � � � C bsphs D 0: (3)

Each of the terms phi D 0 so that (3) becomes

apg1 C � � � C arpgr D 0:

The g1; : : : ; gr are independent and hence aip D 0 for each i and hence ai D 0.Now (2) becomes

n1h1 C � � � C nshs D 0:

However h1; : : : ; hs are independent so each ni D 0 completing the claim.Therefore the whole group G has a basis proving the lemma by induction.

For more details see the proof of the general result on modules over principal idealdomains later in the book. There is also an additional elementary proof for the basistheorem for finitely generated abelian groups.


10.5 Some Properties of Finite Groups

Classification is an extremely important concept in algebra. A large part of the theoryis devoted to classifying all structures of a given type, for example all UFD’s. In mostcases this is not possible. Since for a given finite n there are only finitely many grouptables it is theoretically possible to classify all groups of order n. However even forsmall n this becomes impractical. We close the chapter by looking at some furtherresults on finite groups and then using these to classify all the finite groups up toorder 10.

Before stating the classification we give some further examples of groups that areneeded.

Example 10.5.1. In Example 9.2.6 we saw that the symmetry group of an equilateraltriangle had 6 elements and is generated by elements r and f which satisfy the rela-tions r3 D f 2 D 1, f �1rf D r�1, where r is a rotation of 120ı about the centerof the triangle and f is a reflection through an altitude. This was called the dihedralgroup D3 of order 6.

This can be generalized to any regular n-gon. If D is a regular n-gon, then thesymmetry group Dn has 2n elements and is called the dihedral group of order 2n. Itis generated by elements r and f which satisfy the relations rn D f 2 D 1, f �1rf Drn�1, where r is a rotation of 2�

nabout the center of the n-gon and f is a reflection.

Hence, D4, the symmetries of a square, has order 8 and D5, the symmetries of aregular pentagon, has order 10.

Example 10.5.2. Let i; j; k be the generators of the quaternions. Then we have

i2 D j 2 D k2 D �1; .�1/2 D 1 and ijk D 1:

These elements then form a group of order 8 called the quaternion group denotedby Q. Since ijk D 1 we have ij D �j i , and the generators i and j satisfy therelations i4 D j 4 D 1, i2 D j 2, ij D i2j i .

We now state the main classification and then prove it in a series of lemmas.

Theorem 10.5.3. Let G be a finite group.

(a) If jGj D 2 then G Š Z2.

(b) If jGj D 3 then G Š Z3.

(c) If jGj D 4 then G Š Z4 or G Š Z2 � Z2.

(d) If jGj D 5 then G Š Z5.

(e) If jGj D 6 then G Š Z6 Š Z2 � Z3 or G Š D3, the dihedral group with 6elements. (Note D3 Š S3 the symmetric group on 3 symbols.)

(f) If jGj D 7 then G Š Z7.

Section 10.5 Some Properties of Finite Groups 157

(g) If jGj D 8 then G Š Z8 or G Š Z4 � Z2 or G Š Z2 � Z2 � Z2 or G Š D4,the dihedral group of order 8, or G Š Q the quaternion group.

(h) If jGj D 9 then G Š Z9 or G Š Z3 � Z3.

(i) If jGj D 10 then G Š Z10 Š Z2 � Z5 or G Š D5, the dihedral group with10 elements.

Recall from Section 10.1 that a finite group of prime order must be cyclic. Hence inthe theorem the cases jGj D 2; 3; 5; 7 are handled. We next consider the case whereG has order p2 where p is a prime.

Definition 10.5.4. If G is a group then its center denoted Z.G/ is the set of elementsin G which commute with everything in G. That is

Z.G/ D ¹g 2 G W gh D hg for any h 2 Gº:

Lemma 10.5.5. For any group G the following hold:

(a) The center Z.G/ is a normal subgroup.

(b) G D Z.G/ if and only if G is abelian.

(c) If G=Z.G/ is cyclic then G is abelian.

Proof. (a) and (b) are direct and we leave them to the exercises. Consider the casewhere G=Z.G/ is cyclic. Then each coset of Z.G/ has the form gmZ.G/ whereg 2 G. Let a; b 2 G. Then since a; b are in cosets of the center we have a D gmu

and b D gnv with u; v 2 Z.G/. Then

ab D .gmu/.gnv/ D .gmgn/.uv/ D .gngm/.vu/ D .gnv/.gmu/ D ba

since u; v commute with everything. Therefore G is abelian.

A p-group is any finite group of prime power order. We need the following. Theproof of this is based on what is called the class equation which we will prove inChapter 13.

Lemma 10.5.6. A finite p-group has a nontrivial center of order at least p.

Lemma 10.5.7. If jGj D p2 with p a prime then G is abelian and hence G Š Zp2

or G Š Zp � Zp.

Proof. Suppose that jGj D p2. Then from the previous lemma G has a nontrivialcenter and hence jZ.G/j D p or jZ.G/j D p2. If jZ.G/j D p2 then G D Z.G/ andG is abelian. If jZ.G/j D p then jG=Z.G/j D p. Since p is a prime this implies thatG=Z.G/ is cyclic and hence from Lemma 10.5.5 G is abelian.


Lemma 10.5.7 handles the cases n D 4 and n D 9. Therefore if jGj D 4 wemust have G Š Z4 or G Š Z2 � Z2 and if jGj D 9 we must have G Š Z9 orG Š Z3 � Z3.

This leaves n D 6; 8; 10. We next handle 6 and 10.

Lemma 10.5.8. If G is any group where every nontrivial element has order 2 then Gis abelian.

Proof. Suppose that g2 D 1 for all g 2 G. This implies that g D g�1 for all g 2 G.Let a; b be arbitrary elements of G. Then

.ab/2 D 1 H) abab D 1 H) ab D b�1a�1 D ba:

Therefore a; b commute and G is abelian.

Lemma 10.5.9. If jGj D 6 then G Š Z6 or G Š D3.

Proof. Since 6 D 2 � 3 if G was abelian then G Š Z2 � Z3. Notice that if an abeliangroup has an element of order m and an element of order n with .n;m/ D 1 then ithas an element of order mn. Therefore for 6 if G is abelian there is an element oforder 6 and hence G Š Z2 � Z3 Š Z6.

Now suppose that G is nonabelian. The nontrivial elements of G have orders 2, 3or 6. If there is an element of order 6 then G is cyclic and hence abelian. If everyelement has order 2 then G is abelian. Therefore there is an element of order 3 sayg 2 G. The cyclic subgroup hgi D ¹1; g; g2º then has index 2 in G and is thereforenormal. Let h 2 G with h … hgi. Since g; g2 both generate hgi we must havehgi \ hhi D ¹1º. If h also had order 3 then jhg; hij D jhgijjhhij

jhgi\hhij D 9 which is

impossible. Therefore hmust have order 2. Since hgi is normal we have h�1gh D gt

for t D 1; 2. If h�1gh D g then g; h commute and the group G is abelian. Thereforeh�1gh D g2 D g�1. It follows that g; h generate a subgroup of G satisfying

g3 D h2 D 1; h1gh D g�1:

This defines a subgroup of order 6 isomorphic to D3 and hence must be all of G.

Lemma 10.5.10. If jGj D 10 then G Š Z10 or G Š D5.

Proof. The proof is almost identical to that for n D 6. Since 10 D 2 � 5 if G wereabelian G Š Z2 � Z5 D Z10.

Now suppose that G is nonabelian. As for n D 6, G must contain a normal cyclicsubgroup of order 5 say hgi D ¹1; g; g2; g3; g4º. If h … hgi then exactly as forn D 6 it follows that h must have order 2 and h�1gh D gt for t D 1; 2; 3; 4. If

Section 10.5 Some Properties of Finite Groups 159

h�1gh D g then g; h commute and G is abelian. Notice that h�1 D h. Suppose thath�1gh D hgh D g2. Then

.hgh/3 D .g2/3 D g6 D g H) g D h2gh2 D hg2h D g4 H) g D 1

which is a contradiction. Similarly hgh D g3 leads to a contradiction. Thereforeh�1gh D g4 D g�1 and g; h generate a subgroup of order 10 satisfying

g5 D h2 D 1I h�1gh D g�1:

Therefore this is all of G and is isomorphic to D5.

This leaves the case n D 8 that is the most difficult. If jGj D 8 and G is abelianthen clearly G Š Z8 or G Š Z4 � Z2 or G Š Z2 � Z2 � Z2. The proof ofTheorem 10.5.3 is then completed with the following.

Lemma 10.5.11. If G is a nonabelian group of order 8 then G Š D4 or G Š Q.

Proof. The nontrivial elements of G have orders 2, 4 or 8. If there is an element oforder 8 then G is cyclic and hence abelian while if every element has order 2 then Gis abelian. Hence we may assume that G has an element of order 4 say g. Then hgihas index 2 and is a normal subgroup. Suppose first that G has an element h … hgi oforder 2. Then

h�1gh D gt for some t D 1; 2; 3:

If h�1gh D g then as in the cases 6 and 10, hg; hi defines an abelian subgroup oforder 8 and hence G is abelian. If h�1gh D g2 then

.h�1gh/2 D .g2/2 D g4 D 1 H) g D h�2gh2 D h�1g2h D g4 H) g3 D 1

contradicting the fact that g has order 4. Therefore h�1gh D g3 D g�1. It followsthat g; h define a subgroup of order 8 isomorphic to D4. Since jGj D 8 this must beall of G and G Š D4.

Therefore we may now assume that every element h 2 G with h … hgi has order 4.Let h be such an element. Then h2 has order 2 so h2 2 hgi which implies thath2 D g2. This further implies that g2 is central, that is commutes with everything.Identifying g with i , h with j and g2 with �1 we get that G is isomorphic to Qcompleting Lemma 10.5.11 and the proof of Theorem 10.5.3.

In principle this type of analysis can be used to determine the structure of any finitegroup although it quickly becomes impractical. A major tool in this classificationis the following important result known as the Sylow theorem which now we juststate. We will prove this theorem in Chapter 13. If jGj D pmn with p a prime and.n; p/ D 1 then a subgroup of G of order pm is called a p-Sylow subgroup. It is notclear at first that a group will contain p-Sylow subgroups.


Theorem 10.5.12 (Sylow theorem). Let jGj D pmn with p a prime and .n; p/ D 1.

(a) G contains a p-Sylow subgroup.

(b) All p-Sylow subgroups of G are conjugate G.

(c) Any p-subgroup of G is contained in a p-Sylow subgroup.

(d) The number of p-Sylow subgroups of G is of the form 1C pk and divides n.

10.6 Exercises

1. Prove that if G is cyclic then any factor group of G is also cyclic.

2. Prove that for any group G the center Z.G/ is a normal subgroup and G D Z.G/

if and only if G is abelian.

3. Let U1 and U2 be subgroups of a group G. Let x; y 2 G. Show:

(i) If xU1 D yU2 then U1 D U2.

(ii) Give an example to show that xU1 D U2x does not imply U1 D U2.

4. Let U; V be subgroups of a group G. Let x; y 2 G. If UxV \ UyV ¤ ; thenUxV D UyV .

5. Let N be a cyclic normal subgroup of the group G. Then all subgroups of N arenormal subgroups of G. Give an example to show that the statement is not correctif N is not cyclic.

6. Let N1 and N2 be normal subgroups of G. Show:

(i) If all elements in N1 and N2 have finite order, then also the elements ofN1N2.

(ii) Let e1; e2 2 N. If nei

i D 1 for all ni 2 Ni (i D 1; 2), then xe1e2 D 1 for allx 2 N1N2.

7. Find groups N1; N2 and G with N1 G N2 G G, but N1 is not a normal subgroupof G.

8. Let G be a group generated by a and b and let bab�1 D ar and an D 1 forsuitable r 2 Z; n 2 N. Show:

(i) The subgroup A WD hai is a normal subgroup of G.

(ii) G=A D hbAi.(iii) G D ¹bjai W i; j 2 Zº.

9. Prove that any group of order 24 cannot be simple.

Chapter 11

Symmetric and Alternating Groups

11.1 Symmetric Groups and Cycle Decomposition

Groups most often appear as groups of transformations or permutations on a set. InGalois Theory groups will appear as permutation groups on the zeros of a polynomial.In Section 9.3 we introduced permutation groups and the symmetric group Sn. In thischapter we look more carefully at the structure of Sn and for each n introduce a veryimportant normal subgroup An of Sn called the alternating group on n symbols.

Recall that if A is a set, a permutation on A is a one-to-one mapping of A ontoitself. The set SA of all permutations on A forms a group under composition calledthe symmetric group on A. If jAj > 2 then SA is nonabelian. Further if A;B have thesame cardinality, then SA Š SB .

If jAj D n then jSAj D nŠ and in this case we denote SA by Sn, called the symmetricgroup on n symbols. For example jS3j D 6. In Example 9.3.5 we showed that the sixelements of S3 can be given by:

1 D�

1 2 3

1 2 3

�

; a D�

1 2 3

2 3 1

�

; b D�

1 2 3

3 1 2

�

c D�

1 2 3

2 1 3

�

; d D�

1 2 3

3 2 1

�

; e D�

1 2 3

1 3 2

�

:

Further we saw that S3 has a presentation given by

S3 D ha; cI a3 D c2 D 1; ac D ca2i:By this we mean that S3 is generated by a; c, or that S3 has generators a; c and

the whole group and its multiplication table can be generated by using the relationsa3 D c2 D 1, ac D ca2.

In general a permutation group is any subgroup of SA for a set A.For the remainder of this chapter we will only consider finite symmetric groups Sn

and always consider the set A as A D ¹1; 2; 3; : : : ; nº.

Definition 11.1.1. Suppose that f is a permutation of A D ¹1; 2; : : : ; nº, which hasthe following effect on the elements of A: There exists an element a1 2 A such thatf .a1/ D a2, f .a2/ D a3, . . . , f .ak�1/ D ak , f .ak/ D a1, and f leaves all otherelements (if there are any) of A fixed, i.e., f .aj / D aj for aj ¤ ai , i D 1; 2; : : : ; k.Such a permutation f is called a cycle or a k-cycle.

162 Chapter 11 Symmetric and Alternating Groups

We use the following notation for a k-cycle, f , as given above:

f D .a1; a2; : : : ; ak/:

The cycle notation is read from left to right, it says f takes a1 into a2, a2 into a3,etc., and finally ak , the last symbol, into a1, the first symbol. Moreover, f leaves allthe other elements not appearing in the representation above fixed.

Note that one can write the same cycle in many ways using this type of notation;e.g., f D .a2; a3; : : : ; ak ; a1/. In fact any cyclic rearrangement of the symbols givesthe same cycle. The integer k is the length of the cycle. Note we allow a cycle to havelength 1, i.e., f D .a1/, for instance, this is just the identity map. For this reason, wewill usually designate the identity of Sn by .1/ or just 1. (Of course, it also could bewritten as .ai / where ai 2 A.)

If f and g are two cycles, they are called disjoint cycles if the elements moved byone are left fixed by the other, that is, their representations contain different elementsof the set A (their representations are disjoint as sets).

Lemma 11.1.2. If f and g are disjoint cycles, then they must commute, that is, fg Dgf .

Proof. Since the cycles f and g are disjoint, each element moved by f is fixed byg and vice versa. First suppose f .ai / ¤ ai . This implies that g.ai / D ai andf 2.ai / ¤ f .ai /. But since f 2.ai / ¤ f .ai /, g.f .ai // D f .ai /. Thus .fg/.ai / Df .g.ai // D f .ai / while .gf /.ai / D g.f .ai // D f .ai /. Similarly if g.aj / ¤ aj ,then .fg/.aj / D .gf /.aj /. Finally, if f .ak/ D ak and g.ak/ D ak then clearly.fg/.ak/ D ak D .gf /.ak/. Thus gf D fg.

Before proceeding further with the theory, let us consider a specific example. LetA D ¹1; 2; : : : ; 8º and let

f D�

1 2 3 4 5 6 7 8

2 4 6 5 1 7 3 8

�

:

We pick an arbitrary number from the set A, say 1. Then f .1/ D 2, f .2/ D 4,f .4/ D 5, f .5/ D 1. Now select an element from A not in the set ¹1; 2; 4; 5º, say 3.Then f .3/ D 6, f .6/ D 7, f .7/ D 3. Next select any element of A not occurring inthe set ¹1; 2; 4; 5º [ ¹3; 6; 7º. The only element left is 8, and f .8/ D 8. It is clear thatwe can now write the permutation f as a product of cycles:

f D .1; 2; 4; 5/.3; 6; 7/.8/

Section 11.1 Symmetric Groups and Cycle Decomposition 163

where the order of the cycles is immaterial since they are disjoint and therefore com-mute. It is customary to omit such cycles as .8/ and write f simply as

f D .1245/.367/

with the understanding that the elements of A not appearing are left fixed by f .It is not difficult to generalize what was done here for a specific example, and show

that any permutation f can be written uniquely, except for order, as a product ofdisjoint cycles. Thus let f be a permutation on the set A D ¹1; 2; : : : ; nº, and leta1 2 A. Let f .a1/ D a2, f 2.a1/ D f .a2/ D a3, etc., and continue until a repetitionis obtained. We claim that this first occurs for a1, that is, the first repetition is sayf k.a1/ D f .ak/ D akC1 D a1. For suppose the first repetition occurs at the k-thiterate of f and

f k.a1/ D f .ak/ D akC1;

and akC1 D aj , where j < k. Then

f k.a1/ D f j�1.a1/;

and so f k�jC1.a1/ D a1. However, k�jC1 < k if j ¤ 1, and we assumed that thefirst repetition occurred for k. Thus, j D 1 and so f does cyclically permute the set¹a1; a2; : : : ; akº. If k < n, then there exists b1 2 A such that b1 … ¹a1; a2; : : : ; akºand we may proceed similarly with b1. We continue in this manner until all theelements of A are accounted for. It is then seen that f can be written in the form

f D .a1; : : : ; ak/.b1; : : : ; b`/.c1; : : : ; cm/ � � � .h1; : : : ; ht /:

Note that all powers f i .a1/ belong to the set ¹a1 D f 0.a1/ D f k.a1/; a2 Df 1.a1/; : : : ; ak D f k�1.a1/º, all powers f i .b1/ belong to the set ¹b1 D f 0.b1/ Df `.b1/; b2 D f 1.b1/; : : : ; b` D f `�1.b1/º; : : : . Here, by definition, b1 is the small-est element in ¹1; 2; : : : ; nº which does not belong to ¹a1 D f 0.a1/ D f k.a1/; a2 Df 1.a1/; : : : ; ak D f k�1.a1/º, c1 is the smallest element in ¹1; 2; : : : ; nº which doesnot belong to

¹a1 D f 0.a1/ D f k.a1/; a2 D f 1.a1/; : : : ; ak D f k�1.a1/º[ ¹b1 D f 0.b1/ D f `.b1/; b2 D f 1.b1/; : : : ; b` D f `�1.b1/º:

Therefore by construction, all the cycles are disjoint. From this it follows that kC`CmC � � � C t D n. It is clear that this factorization is unique except for the order of thefactors since it tells explicitly what effect f has on each element of A.

In summary we have proven the following result.

Theorem 11.1.3. Every permutation of Sn can be written uniquely as a product ofdisjoint cycles (up to order).


Example 11.1.4. The elements of S3 can be written in cycle notation as 1 D .1/;

.1; 2/; .1; 3/; .2; 3/; .1; 2; 3/; .1; 3; 2/. This is the largest symmetric group which con-sists entirely of cycles.

In S4, for example, the element .1; 2/.3; 4/ is not a cycle.Suppose we multiply two elements of S3 say .1; 2/ and .1; 3/. In forming the prod-

uct or composition here, we read from right to left. Thus to compute .1; 2/.1; 3/: Wenote the permutation .1; 3/ takes 1 into 3 and then the permutation .1; 2/ takes 3 into 3so the composite .1; 2/.1; 3/ takes 1 into 3. Continuing the permutation .1; 3/ takes 3into 1 and then the permutation .1; 2/ takes 1 into 2, so the composite .1; 2/.1; 3/takes 3 into 2. Finally .1; 3/ takes 2 into 2 and then .1; 2/ takes 2 into 1 so .1; 2/.1; 3/takes 2 into 1. Thus we see

.1; 2/.1; 3/ D .1; 3; 2/:

As another example of this cycle multiplication consider the product in S5,

.1; 2/.2; 4; 5/.1; 3/.1; 2; 5/:

Reading from right to left 1 7! 2 7! 2 7! 4 7! 4 so 1 7! 4. Now 4 7! 4 7! 4 7!5 7! 5 so 4 7! 5. Next 5 7! 1 7! 3 7! 3 7! 3 so 5 7! 3. Then 3 7! 3 7! 1 7! 1 7! 2

so 3 7! 2. Finally 2 7! 5 7! 5 7! 2 7! 1, so 2 7! 1. Since all the elements ofA D ¹1; 2; 3; 4; 5º have been accounted for, we have

.1; 2/.2; 4; 5/.1; 3/.1; 2; 5/ D .1; 4; 5; 3; 2/:

Let f 2 Sn. If f is a cycle of length 2, i.e., f D .a1; a2/ where a1; a2 2 A, thenf is called a transposition. Any cycle can be written as a product of transpositions,namely

.a1; : : : ; ak/ D .a1; ak/.a1; ak�1/ � � � .a1; a2/:

From Theorem 11.1.3 any permutation can be written in terms of cycles, but fromthe above any cycle can be written as a product of transpositions. Thus we have thefollowing result.

Theorem 11.1.5. Let f 2 Sn be any permutation of degree n. Then f can be writtenas a product of transpositions.

11.2 Parity and the Alternating Groups

If f is a permutation with a cycle decomposition

.a1; : : : ; ak/.b1; : : : ; bj / � � � .m1; : : : ; mt /

then f can be written as a product of

W.f / D .k � 1/C .j � 1/C � � � C .t � 1/

Section 11.2 Parity and the Alternating Groups 165

transpositions. The number W.f / is uniquely associated with the permutation fsince f is uniquely represented (up to order) as a product of disjoint cycles. However,there is nothing unique about the number of transpositions occurring in an arbitraryrepresentation of f as a product of transpositions. For example in S3

.1; 3; 2/ D .1; 2/.1; 3/ D .1; 2/.1; 3/.1; 2/.1; 2/;

since .1; 2/.1; 2/ D .1/, the identity permutation of S3.Although the number of transpositions is not unique in the representation of a per-

mutation, f , as a product of transpositions, we shall show, however, that the parity(even or oddness) of that number is unique. Moreover, this depends solely on thenumber W.f / uniquely associated with the representation of f . More explicitly, wehave the following result.

Theorem 11.2.1. If f is a permutation written as a product of disjoint cycles and ifW.f / is the associated integer given above, then if W.f / is even (odd) any repre-sentation of f as a product of transpositions must contain an even (odd) number oftranspositions.

Proof. We first observe the following:

.a; b/.b; c1; : : : ; ct /.a; b1; : : : ; bk/ D .a; b1; : : : ; bk ; b; c1; : : : ; ct /;

.a; b/.a; b1; : : : ; bk; b; c1; : : : ; ct / D .a; b1; : : : ; bk/.b; c1; : : : ; ct /:

Suppose now that f is represented as a product of disjoint cycles, where we includeall the 1-cycles of elements of A which f fixes, if any. If a and b occur in the samecycle in this representation for f ,

f D � � � .a; b1; : : : ; bk ; b; c1; : : : ; ct / � � � ;

then in the computation of W.f / this cycle contributes k C t C 1. Now consider.a; b/f . Since the cycles are disjoint and disjoint cycles commute,

.a; b/f D � � � .a; b/.a; b1; : : : ; bk ; b; c1; : : : ; ct / � � �

since neither a nor b can occur in any factor of f other than .a; b1; : : : ; bk ; b; c1;

: : : ; ct /. So that .a; b/ cancels out and we find that .a; b/f D� � � .b; c1; : : : ; ct /.a; b1;

: : : ; bk/ � � � . Since W..b; c1; : : : ; ct /.a; b1; : : : ; bk// D kC t but W.a; b1; : : : ; bk; b;

c1; : : : ; ct / D k C t C 1, we have W..a; b/f / D W.f / � 1.A similar analysis shows that in the case where a and b occur in different cycles in

the representation of f , then W..a; b/f / D W.f / C 1. Combining both cases, wehave

W..a; b/f / D W.f /˙ 1:


Now let f be written as a product of m transpositions, say

f D .a1; b1/.a2; b2/ � � � .am; bm/:

Then.am; bm/ � � � .a2; b2/.a1; b1/f D 1:

Iterating this, together with the fact that W.1/ D 0, shows that

W.f /.˙1/.˙1/.˙1/ � � � .˙1/ D 0;

where there are m terms of the form ˙1. Thus

W.f / D .˙1/.˙1/ � � � .˙1/;m times. Note if exactly p are C and q D m � p are � then m D p C q andW.f / D p � q. Hence m � W.f / .mod 2/. Thus, W.f / is even if and only if m iseven and this completes the proof.

It now makes sense to state the following definition since we know that the parityis indeed unique.

Definition 11.2.2. A permutation f 2 Sn is said to be even if it can be written as aproduct of an even number of transpositions. Similarly, f is called odd if it can bewritten as a product of an odd number of transpositions.

Definition 11.2.3. On the group Sn we define the sign function sgn W Sn ! .Z2;C/by sgn.�/ D 0 if � is an even permutation and sgn.�/ D 1 if � is an odd permutation.

We note that if f and g are even permutations then so are fg and f �1 and alsothe identity permutation is even. Further if f is even and g is odd it is clear that fgis odd. From this it is straightforward to establish the following.

Lemma 11.2.4. sgn is a homomorphism from Sn onto .Z2;C/.We now let

An D ¹� 2 Sn W sgn.�/ D 0º:That is, An is precisely the set of even permutations in Sn.

Theorem 11.2.5. For each n 2 N the set An forms a normal subgroup of index 2 inSn called the alternating group on n symbols. Further jAnj D nŠ

2.

Proof. By Lemma 11.2.4 sgn W Sn ! .Z2;C/ is a homomorphism. Then ker.sgn/ DAn and therefore An is a normal subgroup of Sn. Since im.sgn/ D Z2 we havejim.sgn/j D 2 and hence jSn=Anj D 2. Therefore ŒSn W An� D 2. Since jSnj D nŠ

then jAnj D nŠ2

follows from Lagrange’s theorem.

Section 11.3 Conjugation in Sn 167

11.3 Conjugation in Sn

Recall that in a group G two elements x; y 2 G are conjugates if there exists a g 2 Gwith g�1xg D y. Conjugacy is an equivalence relation on G. In the symmetricgroups Sn it is easy to determine if two elements are conjugates. We say that twopermutations in Sn have the same cycle structure if they have the same number ofcycles and the lengths are the same. Hence for example in S8 the permutations

�1 D .1; 3; 6; 7/.2; 5/ and �2 D .2; 3; 5; 6/.1; 8/

have the same cycle structure. In particular if �1; �2 are two permutations in Sn then�1; �2 are conjugates if and only if they have the same cycle structure. Therefore inS8 the permutations

�1 D .1; 3; 6; 7/.2; 5/ and �2 D .2; 3; 5; 6/.1; 8/

are conjugates.

Lemma 11.3.1. Let

� D .a11; a12; : : : ; a1k1/ � � � .as1; as2; : : : ; asks

/

be the cycle decomposition of � 2 Sn. Let � 2 Sn and denote by a�ij the image of aij

under � . Then

��1 D .a�11; a

�12; : : : ; a

�1k1/ � � � .a�

s1; a�s2; : : : ; a

�sks/:

Proof. (a) Consider a11 then operating on the left like functions we have

��1.a�11/ D ��.a11/ D �.a12/ D a�

12:

The same computation then follows for all the symbols aij proving the lemma.

Theorem 11.3.2. Two permutations �1; �2 2 Sn are conjugates if and only if theyare of the same cycle structure.

Proof. Suppose that �2 D ��1��1. Then from Lemma 11.3.1 we have that �1 and

�2 are of the same cycle structure.Conversely suppose that �1 and �2 are of the same cycle structure. Let

�1 D .a11; a12; : : : ; a1k1/ � � � .as1; as2; : : : ; asks

/

�2 D .b11; b12; : : : ; b1k1/ � � � .bs1; bs2; : : : ; bsks

/

where we place the cycles of the same length under each other. Let � be the per-mutation in Sn that maps each symbol in �1 to the digit below it in �2. Then fromLemma 11.3.1 we have ��1�

�1 D �2 and hence �1 and �2 are conjugate.


11.4 The Simplicity of An

A simple group is a group G with no nontrivial proper normal subgroups. Up to thispoint the only examples we have of simple groups are cyclic groups of prime order.In this section we prove that if n � 5 each alternating group An is a simple group.

Theorem 11.4.1. For each n � 3 each � 2 An is a product of cycles of length 3.

Proof. Let � 2 An. Since � is a product of an even number of transpositions to provethe theorem it suffices to show that if �1; �2 are transpositions then �1�2 is a productof 3-cycles.

Suppose that a; b; c; d are different digits in ¹1; : : : ; nº. There are three cases toconsider. First:

Case (1): .a; b/.a; b/ D 1 D .1; 2; 3/0

and hence it is true here.Next:

Case (2): .a; b/.b; c/ D .c; a; b/

and hence it is true here also.Finally:

Case (3): .a; b/.c; d/ D .a; b/.b; c/.b; c/.c; d/ D .c; a; b/.c; d; b/

since .b; c/.b; c/ D 1. Therefore it is true here also proving the theorem.

Now our main result:

Theorem 11.4.2. For n � 5 the alternating group An is a simple nonabelian group.

Proof. Suppose that N is a nontrivial normal subgroup of An with n � 5. We showthat N D An and hence that An is simple.

We claim first that N must contain a 3-cycle. Let 1 ¤ � 2 N then � is not atransposition since � 2 An. Therefore � moves at least 3 digits. If � moves exactly3 digits then it is a 3-cycle and we are done. Suppose then that � moves at least 4digits. Let � D �1 � � � �r with �i disjoint cycles.

Case (1): There is a �i D .: : : ; a; b; c; d/. Set D .a; b; c/ 2 An. Then

� ��1 D �i ��1i D .b; c; d/:

However from Lemma 11.3.1 .b; c; d/ D .a�i ; b�i ; c�i /. Further since � 2 N and Nis normal we have

�. ��1 �1/ D .b; c; d/.a; c; b/ D .a; d; b/:

Therefore in this case N contains a 3-cycle.

Section 11.4 The Simplicity of An 169

Case (2): There is a �i which is a 3-cycle. Then

� D .a; b; c/.d; e; : : :/:

Now set D .a; b; d/ 2 An and then

� ��1 D .b; c; e/ D .a� ; b� ; d�/

and �1� ��1 D .a; b; d/.b; c; e/ D .b; c; e; d; a/ 2 N:

Now use Case (1). Therefore in this case N has a 3-cycle.In the final case � is a disjoint product of transpositions.Case (3): � D .a; b/.c; d/ � � � . Since n � 5 there is an e ¤ a; b; c; d . Let

D .a; c; e/ 2 An. Then

� ��1 D .b; d; e1/ with e1 D e� ¤ b; d:

However .a� ; c� ; e� / D .b; d; e1/. Let D . �1� /��1. This is in N since N isnormal. If e D e1 then D .e; c; a/.b; d; e/ D .a; e; b; d; c/ and we can use Case (1)to get that N contains a 3-cycle. If e ¤ e1 then � D .e; c; a/.b; d; e1/ 2 N and thenwe can use Case (2) to obtain that N contains a 3-cycle.

These three cases show that N must contain a 3-cycle.If N is normal in An then from the argument above N contains a 3-cycle � . How-

ever from Theorem 11.3.2 any two 3-cycles in Sn are conjugate. Hence � is conjugateto any other 3-cycle in Sn. Since N is normal and � 2 N each of these conjugatesmust also be in N . Therefore N contains all 3-cycles in Sn. From Theorem 11.4.1each element of An is a product of 3-cycles. It follows then that each element of An

is in N . However since N � An this is only possible if N D An completing theproof.

Theorem 11.4.3. Let p be a prime and U � Sp a subgroup. Let � be a transpositionand ˛ a p-cycle with ˛; � 2 U . Then U D Sp.

Proof. Suppose without loss of generality that � D .1; 2/. Since ˛; ˛2; : : : ; ˛p�1

are p-cycles with no fixed points then there is an i with ˛i .1/ D 2. Without loss ofgenerality we may then assume that ˛ D .1; 2; a3; : : : ; ap/. Let

� D�

1 2 a3 � � � ap

1 2 3 � � � p�

:

Then from Lemma 10.3.4 we have

�˛��1 D .1; 2; : : : ; p/:

Further �.1; 2/��1 D .1; 2/. Hence U1 D �U��1 contains .1; 2/ and .1; 2; : : : ; p/.


Now we have

.1; 2; : : : ; p/.1; 2/.1; 2; : : : ; p/�1 D .2; 3/ 2 U1:

Analogously.1; 2; : : : ; p/.2; 3/.1; 2; : : : ; p/�1 D .3; 4/ 2 U1;

and so on until

.1; 2; : : : ; p/.p � 2; p � 1/.1; 2; : : : ; p/�1 D .p � 1; p/ 2 U1:

Hence the transpositions .1; 2/; .2; 3/; : : : ; .p � 1; p/ 2 U1. Moreover

.1; 2/.2; 3/.1; 2/ D .1; 3/ 2 U1:

In an identical fashion each .1; k/ 2 U1. Then for any digits s; t we have

.1; s/.1; t/.1; s/ D .s; t/ 2 U1:

Therefore U1 contains all the transpositions of Sp and hence U1 D Sp. Since U D�U1�

�1 we must have U D Sp also.

11.5 Exercises

1. Show that for n � 3 the group An is generated by ¹.12k/ W k � 3º.

2. Let D .k1; : : : ; ks/ 2 Sn be a permutation. Show that the order of is the leastcommon multiple of k1; : : : ; ks . Compute the order of � D �

1 2 3 4 5 6 72 6 5 1 3 4 7

� 2 S7.

3. Let G D S4.

(i) Determine a noncyclic subgroup H of order 4 of G.

(ii) Show that H is normal.

(iii) Show that f .g/.h/ WD ghg�1 defines an epimorphism f W G ! Aut.H/ forg 2 G and h 2 H . Determine its kernel.

4. Show that all subgroups of order 6 of S4 are conjugate.

Chapter 12

Solvable Groups

12.1 Solvability and Solvable Groups

The original motivation for Galois theory grew out of a famous problem in the theoryof equations. This problem was to determine the solvability or insolvability of a poly-nomial equation of degree 5 or higher in terms of a formula involving the coefficientsof the polynomial and only using algebraic operations and radicals. This questionarose out of the well-known quadratic formula.

The ability to solve quadratic equations and in essence the quadratic formula wasknown to the Babylonians some 3600 years ago. With the discovery of imaginarynumbers, the quadratic formula then says that any degree two polynomial over C canbe solved by radicals in terms of the coefficients. In the sixteenth century the Italianmathematician Niccolo Tartaglia discovered a similar formula in terms of radicals tosolve cubic equations. This cubic formula is now known erroneously as Cardano’sformula in honor of Cardano, who first published it in 1545. An earlier special ver-sion of this formula was discovered by Scipione del Ferro. Cardano’s student Ferrariextended the formula to solutions by radicals for fourth degree polynomials. Thecombination of these formulas says that polynomial equations of degree four or lessover the complex numbers can be solved by radicals.

From Cardano’s work until the very early nineteenth century, attempts were madeto find similar formulas for degree five polynomials. In 1805 Ruffini proved that fifthdegree polynomial equations are insolvable by radicals in general. Therefore thereexists no comparable formula for degree 5. Abel in 1825–1826 and Galois in 1831extended Ruffini’s result and proved the insolubility by radicals for all degrees five orgreater. In doing this, Galois developed a general theory of field extensions and itsrelationship to group theory. This has come to be known as Galois theory and is reallythe main focus of this book.

The solution of the insolvability of the quintic and higher involved a translation ofthe problem into a group theory setting. For a polynomial equation to be solvable byradicals its corresponding Galois group (a concept we will introduce in Chapter 16)must be a solvable group. This is a group with a certain defined structure. In thischapter we introduce and discuss this class of groups.

172 Chapter 12 Solvable Groups

12.2 Solvable Groups

A normal series for a group G is a finite chain of subgroups beginning with G andending with the identity subgroup ¹1º

G D G0 � G1 � G2 � � � � � ¹1º

in which each GiC1 is a proper normal subgroup of Gi . The factor groups Gi=GiC1

are called the factors of the series and n is the length of the series.

Definition 12.2.1. A groupG is solvable if it has a normal series with abelian factors,that is Gi=GiC1 is abelian for all i D 0; 1; : : : ; n. Such a normal series is called asolvable series.

If G is an abelian group then G D G0 � ¹1º provides a solvable series. Henceany abelian group is solvable. Further the symmetric group S3 on 3-symbols is alsosolvable however nonabelian. Consider the series

S3 � A3 � ¹1º:

Since jS3j D 6 we have jA3j D 3 and hence A3 is cyclic and therefore abelian.Further jS3=A3j D 2 and hence the factor group S3=A3 is also cyclic and henceabelian. Therefore the series above gives a solvable series for S3.

Lemma 12.2.2. If G is a finite solvable group then G has a normal series with cyclicfactors.

Proof. If G is a finite solvable group then by definition it has a normal series withabelian factors. Hence to prove the lemma it suffices to show that a finite abeliangroup has a normal series with cyclic factors.

Let A be a nontrivial finite abelian group. We do an induction on the order of A. IfjAj D 2 then A itself is cyclic and the result follows. Suppose that jAj > 2. Choosean 1 ¤ a 2 A. Let N D hai so that N is cyclic. Then we have the normal seriesA � N � ¹1º with A=N abelian. Further A=N has order less than A so A=N has anormal series with cyclic factors and the result follows.

Solvability is preserved under subgroups and factor groups.

Theorem 12.2.3. Let G be a solvable group. Then:

(1) Any subgroup H of G is also solvable.

(2) Any factor group G=N of G is also solvable.

Section 12.2 Solvable Groups 173

Proof. (1) Let G be a solvable group and suppose that

G D G0 � G1 � � � � � Gr � ¹1º

is a solvable series for G. Hence GiC1 is a normal subgroup of Gi for each i and thefactor group Gi=GiC1 is abelian.

Now let H be a subgroup of G and consider the chain of subgroups

H D H \G0 � H \G1 � � � � � H \Gr � ¹1º:

Since GiC1 is normal in Gi we know that H \GiC1 is normal in H \Gi and hencethis gives a finite normal series forH . Further from the second isomorphism theoremwe have for each i ,

.H \Gi /=.H \GiC1/ D .H \Gi /=..H \Gi / \GiC1/

Š .H \Gi /GiC1=GiC1 � Gi=GiC1:

However Gi=GiC1 is abelian so each factor in the normal series for H is abelian.Therefore the above series is a solvable series for H and hence H is also solvable.

(2) Let N be a normal subgroup of G. Then from (1) N is also solvable. As abovelet

G D G0 � G1 � � � � � Gr � ¹1ºbe a solvable series for G. Consider the chain of subgroups

G=N D G0N=N � G1N=N � � � � � GrN=N � N=N D ¹1º:

Let m 2 Gi�1; n 2 N . Then since N is normal in G,

.mn/�1GiN.mn/ D n�1m�1GimnN D n�1GinN

D n�1NGi D NGi D GiN:

It follows that GiC1N is normal in GiN for each i and therefore the series for G=Nis a normal series.

Further, again from the isomorphism theorems

.GiN=N/=.GiC1N=N/ Š Gi=.Gi \GiC1N/

Š .Gi=GiC1=..Gi \GiC1N/=GiC1/:

However the last group .Gi=GiC1=..Gi \ GiC1N/=GiC1/ is a factor group of thegroup Gi=GiC1 which is abelian. Hence this last group is also abelian and thereforeeach factor in the normal series for G=N is abelian. Hence this series is a solvableseries and G=N is solvable.


The following is a type of converse of the above theorem.

Theorem 12.2.4. Let G be group and H a normal subgroup of G. If both H andG=H are solvable then G is solvable.

Proof. Suppose that

H D H0 � H1 � � � � � Hr � ¹1ºG=H D G0=H � G1=H � � � � � Gs=H � H=H D ¹1º

are solvable series for H and G=H respectively. Then

G D G0 � G1 � � � � � Gs D H � H1 � � � � � ¹1ºgives a normal series for G. Further from the isomorphism theorems again

Gi=GiC1 Š .Gi=H/=.GiC1=H/

and hence each factor is abelian. Therefore this is a solvable series for G and henceG is solvable.

This theorem allows us to prove that solvability is preserved under direct products.

Corollary 12.2.5. LetG andH be solvable groups. Then their direct product G�His also solvable.

Proof. Suppose that G and H are solvable groups and K D G � H . Recall fromChapter 10 that G can be considered as a normal subgroup of K with K=G Š H .Therefore G is a solvable subgroup of K and G=K is a solvable quotient. It followsthen from Theorem 12.2.4 that K is solvable.

We saw that the symmetric group S3 is solvable. However the following theoremshows that the symmetric group Sn is not solvable for n � 5. This result will becrucial to the proof of the insolvability of the quintic and higher.

Theorem 12.2.6. For n � 5 the symmetric group Sn is not solvable.

Proof. For n � 5 we saw that the alternating group An is simple. Further An is non-abelian. Hence An cannot have a nontrivial normal series and so no solvable series.ThereforeAn is not solvable. If Sn were solvable for n � 5 then from Theorem 12.2.3An would also be solvable. Therefore Sn must also be nonsolvable for n � 5.

In general for a simple, solvable group we have the following.

Lemma 12.2.7. If a group G is both simple and solvable then G is cyclic of primeorder.

Section 12.3 The Derived Series 175

Proof. Suppose that G is a nontrivial simple, solvable group. Since G is simple theonly normal series forG isG D G0 � ¹1º. SinceG is solvable the factors are abelianand hence G is abelian. Again since G is simple G must be cyclic. If G were infinitethen G Š .Z;C/. However then 2Z is a proper normal subgroup, a contradiction.Therefore G must be finite cyclic. If the order were not prime then for each properdivisor of the order there would be a nontrivial proper normal subgroup. Therefore Gmust be of prime order.

In general a finite p-group is solvable.

Theorem 12.2.8. A finite p-group G is solvable.

Proof. Suppose that jGj D pn. We do this by induction on n. If n D 1 then jGj D p

and G is cyclic, hence abelian and therefore solvable. Suppose that n > 1. Then asused previously G has a nontrivial center Z.G/. If Z.G/ D G then G is abelian andhence solvable. If Z.G/ ¤ G then Z.G/ is a finite p-group of order less than pn.From our inductive hypothesis Z.G/ must be solvable. Further G=Z.G/ is then alsoa finite p-group of order less than pn so it is also solvable. HenceZ.G/ andG=Z.G/are both solvable so from Theorem 12.2.4 G is solvable.

12.3 The Derived Series

Let G be a group and let a; b 2 G. The product aba�1b�1 is called the commutatorof a and b. We write Œa; b� D aba�1b�1.

Clearly Œa; b� D 1 if and only if a and b commute.

Definition 12.3.1. Let G 0 be the subgroup of G which is generated by the set of allcommutators

G0 D gp.¹Œx; y� W x; y 2 Gº/:G 0 is called the commutator or (derived) subgroup of G. We sometimes write G0 DŒG;G�.

Theorem 12.3.2. For any group G the commutator subgroup G0 is a normal sub-group of G and G=G 0 is abelian. Further if H is a normal subgroup of G then G=His abelian if and only if G0 � H .

Proof. The commutator subgroup G 0 consists of all finite products of commutatorsand inverses of commutators. However

Œa; b��1 D .aba�1b�1/�1 D bab�1a�1 D Œb; a�


and so the inverse of a commutator is once again a commutator. It then follows thatG0 is precisely the set of all finite products of commutators, i.e., G0 is the set of allelements of the form

h1h2 � � �hn

where each hi is a commutator of elements of G.If h D Œa; b� for a; b 2 G, and x 2 G, xhx�1 D Œxax�1; xbx�1� is again

a commutator of elements of G. Now from our previous comments, an arbitraryelement of G 0 has the form h1h2 � � �hn, where each hi is a commutator. Thusx.h1h2 � � �hn/x

�1 D .xh1x�1/.xh2x

�1/ � � � .xhnx�1/ and, since by the above each

xhix�1 is a commutator, x.h1h2 � � �hn/x

�1 2 G0. It follows that G0 is a normalsubgroup of G.

Consider the factor group G=G 0. Let aG0 and bG0 be any two elements of G=G0.Then

ŒaG 0; bG0� D aG0 � bG0 � .aG0/�1 � .bG0/�1

D aG0 � bG0 � a�1G 0 � b�1G 0 D aba�1b�1G 0 D G0

since Œa; b� 2 G0. In other words, any two elements of G=G0 commute and thereforeG=G0 is abelian.

Now let N be a normal subgroup of G with G=N abelian. Let a; b 2 G then aNand bN commute since G=N is abelian. Therefore

ŒaN; bN � D aNbNa�1Nb�1N D aba�1b�1N D N:

It follows that Œa; b� 2 N . Therefore all commutators of elements in G lie in N andtherefore the commutator subgroup G0 � N .

From the second part of Theorem 12.3.2 we see that G0 is the minimal normalsubgroup of G such that G=N is abelian. We call G=G0 D Gab the abelianizationof G.

We consider next the following inductively defined sequence of subgroups of anarbitrary group G called the derived series.

Definition 12.3.3. For an arbitrary group G define G.0/ D G and G.1/ D G0 andthen inductively G.nC1/ D .G.n//0. That is G.nC1/ is the commutator subgroup orderived group of G.n/. The chain of subgroups

G D G.0/ � G.1/ � � � � � G.n/ � � � �is called the derived series for G.

Notice that sinceG.iC1/ is the commutator subgroup ofG.i/ we haveG.i/=G.iC1/

is abelian. If the derived series was finite then G would have a normal series withabelian factors and hence be solvable. The converse is also true and characterizessolvable groups in terms of the derived series.

Section 12.4 Composition Series and the Jordan–Hölder Theorem 177

Theorem 12.3.4. A group G is solvable if and only if its derived series is finite. Thatis there exists an n such that G.n/ D ¹1º.

Proof. If G.n/ D ¹1º for some n then as explained above the derived series providesa solvable series for G and hence G is solvable.

Conversely suppose that G is solvable and let

G D G0 � G1 � � � � � Gr D ¹1º

be a solvable series for G. We claim first that Gi � G.i/ for all i . We do this byinduction on r . If r D 0 then G D G0 D G.0/. Suppose that Gi � G.i/. ThenG 0i � .G.i//0 D G.iC1/. Since Gi=GiC1 is abelian it follows from Theorem 12.3.2that GiC1 � G0i . Therefore GiC1 � G.iC1/ establishing the claim.

Now if G is solvable from the claim we have that Gr � G.r/. However Gr D ¹1ºand therefore G.r/ D ¹1º proving the theorem.

The length of the derived series is called the solvability length of a solvable groupG. The class of solvable groups of class c consists of those solvable groups of solv-ability length c or less.

12.4 Composition Series and the Jordan–Hölder Theorem

The concept of a normal series is extremely important in the structure theory ofgroups. This is especially true for finite groups. If

G D G0 � G1 � � � � � ¹1ºG D H0 � H1 � � � � � ¹1º

are two normal series for the group G then the second is a refinement of the first if allthe terms of the second occur in the first series. Further, two normal series are calledequivalent or (isomorphic) if there exists a 1-1 correspondence between the factors(hence the length must be the same) of the two series such that the correspondingfactors are isomorphic.

Theorem 12.4.1 (Schreier’s theorem). Any two normal series for a group G haveequivalent refinements.

Proof. Consider two normal series for G

G D G0 � G1 � � � � � Gs � ¹1º D GsC1

G D H0 � H1 � � � � � Ht � ¹1º D GtC1:


Now define

Gij D .Gi \Hj /GiC1; j D 0; 1; 2; : : : ; t C 1;

Hj i D .Gi \Hj /HjC1; i D 0; 1; 2; : : : ; s C 1:

Then we have

G D G00 � G01 � � � � � G0;sC1 D G1

D G10 � � � � � G1;sC1 D G2 � � � � � Gt;sC1 D ¹eº;and

G D H00 � H01 � � � � � H0;tC1 D H1

D H10 � � � � � H1;tC1 D H2 � � � � � Hs;tC1 D ¹eº:Now applying the third isomorphism theorem to the groups Gi , Hj , GiC1, HjC1,we have that Gi;jC1 D .Gi \ HjC1/GiC1 is a normal subgroup of Gi;j D .Gi \Hj /GiC1 and Hj;iC1 D .GiC1 \Hj /HjC1 is a normal subgroup of Hj;i D .Gi \Hj /HjC1. Furthermore, also

Gij =Gi;jC1 Š Hj i=Hj;iC1:

Thus the above two are normal series which are refinements of the two given seriesand they are equivalent.

A proper normal subgroup N of a group G is called maximal in G if there does notexist any normal subgroup N � M � G with all inclusions proper. This is the grouptheoretic analog of a maximal ideal. An alternative characterization is the following.N is a maximal normal subgroup of G if and only if G=N is simple.

A normal series where each factor is simple can have no refinements.

Definition 12.4.2. A composition series for a group G is a normal series where allthe inclusions are proper and such that GiC1 is maximal in Gi . Equivalently a normalseries where each factor is simple.

It is possible that an arbitrary group does not have a composition series or even if itdoes have one, a subgroup of it may not have one. Of course, a finite group does havea composition series.

In the case in which a group, G, does have a composition series the followingimportant theorem, called the Jordan–Hölder theorem, provides a type of unique fac-torization.

Theorem 12.4.3 (Jordan–Hölder theorem). If a group G has a composition series,then any two composition series are equivalent, that is the composition factors areunique.


Proof. Suppose we are given two composition series. Applying Theorem 12.4.1 weget that the two composition series have equivalent refinements. But the only refine-ment of a composition series is one obtained by introducing repetitions. If in the 1-1correspondence between the factors of these refinements, the paired factors equal to¹eº are disregarded, that is if we drop the repetitions, we get clearly that the originalcomposition series are equivalent.

We remarked in Chapter 10 that the simple groups are important because they playa role in finite group theory somewhat analogous to that of the primes in numbertheory. In particular, an arbitrary finite group, G, can be broken down into simplecomponents. These uniquely determined simple components are, according to theJordan–Hölder theorem, the factors of a composition series for G.

12.5 Exercises

1. Let K be a field and

G D´ a x y

0 b z

0 0 c

!

W a; b; c; x; y; z 2 K; abc ¤ 0

μ

:

Show that G is solvable.

2. A group G is called polycyclic if it has a normal series with cyclic factors. Show:

(i) Each subgroup and each factor group of a polycyclic group is polycyclic.

(ii) In a polycyclic group each normal series has the same number of infinitecyclic factors.

3. Let G be a group. Show:

(i) If G is finite and solvable, then G is polycyclic.

(ii) If G is polycyclic, then G is finitely generated.

(iii) The group .Q;C/ is solvable, but not polycyclic.

4. Let N1 and N2 be normal subgroups of G. Show:

(i) If N1 and N2 are solvable, then also N1N2 is a solvable normal subgroupof G.

(ii) Is (i) still true, if we replace “solvable” by “abelian”?

5. Let N1; : : : ; Nt be normal subgroups of a group G. If all factor groups G=Ni aresolvable, then also G=.N1 \ � � � \Nt / is solvable.

Chapter 13

Groups Actions and the Sylow Theorems

13.1 Group Actions

A group action of a group G on a set A is a homomorphism from G into SA thesymmetric group on A. We say that G acts on A. Hence G acts on A if to each g 2 Gcorresponds a permutation

�g W A ! A

such that

(1) �g1.�g2

.a// D �g1g2.a/ for all g1; g2 2 G and for all a 2 A

(2) 1.a/ D a for all a 2 A.

For the remainder of this chapter if g 2 G and a 2 A we will write ga for �g.a/.Group actions are an extremely important idea and we use this idea in the present

chapter to prove several fundamental results in group theory.If G acts on the set A then we say that two elements a1; a2 2 A are congruent

under G if there exists a g 2 G with ga1 D a2. The set

Ga D ¹a1 2 A W a1 D ga for some g 2 Gºis called the orbit of a. It consists of elements congruent to a under G.

Lemma 13.1.1. If G acts on A then congruence under G is an equivalence relationon A.

Proof. Any element a 2 A is congruent to itself via the identity map and hence therelation is reflexive. If a1 � a2 so that ga1 D a2 for some g 2 G then g�1a2 D a1

and so a2 � a1 and the relation is symmetric. Finally is g1a1 D a2 and g2a2 D a3

then g2g1a1 D a3 and relation is transitive.

Recall that the equivalence classes under an equivalence relation partition a set. Fora given a 2 A its equivalence class under this relation is precisely its orbit as definedabove.

Corollary 13.1.2. If G acts on the set A then the orbits under G partition the set A.

We say that G acts transitively on A if any two elements of A are congruent un-der G. That is the action is transitive if for any a1; a2 2 A there is some g 2 G suchthat ga1 D a2.

Section 13.2 Conjugacy Classes and the Class Equation 181

If a 2 A the stabilizer of a consists of those g 2 G that fix a. Hence

StabG.a/ D ¹g 2 G W ga D aº:The following lemma is easily proved and left to the exercises.

Lemma 13.1.3. If G acts on A then for any a 2 A the stabilizer StabG.a/ is asubgroup of G.

We now prove the crucial theorem concerning group actions.

Theorem 13.1.4. Suppose that G acts on A and a 2 A. Let Ga be the orbit of aunder G and StabG.a/ its stabilizer. Then

jG W StabG.a/j D jGaj:That is the size of the orbit of a is the index of its stabilizer in G.

Proof. Suppose that g1; g2 2 G with g1 StabG.a/ D g2 StabG.a/, that is they definethe same left coset of the stabilizer. Then g�1

2 g1 2 StabG.a/. This implies thatg�1

2 g1a D a so that g2a D g1a. Hence any two elements in the same left cosetof the stabilizer produce the same image of a in Ga. Conversely if g1a D g2 theng1; g2 define the same left coset of StabG.a/. This shows that there is a one-to-onecorrespondence between left cosets of StabG.a/ and elements of Ga. It follows thatthe size of Ga is precisely the index of the stabilizer.

We will use this theorem repeatedly with different group actions to obtain importantgroup theoretic results.

13.2 Conjugacy Classes and the Class Equation

In Section 10.5 we introduced the center of a group

Z.G/ D ¹g 2 G W gg1 D g1g for all g1 2 Gº;and showed that it is a normal subgroup of G. We then used this normal subgroup inconjunction with what we called the class equation to show that any finite p-grouphas a nontrivial center. In this section we use group actions to derive the class equationand prove the result for finite p-groups.

Recall that if G is a group then two elements g1; g2 2 G are conjugate if thereexists a g 2 G with g�1g1g D g2. We saw that conjugacy is an equivalence relationonG. For g 2 G its equivalence class is called its conjugacy class that we will denoteby Cl.g/. Thus

Cl.g/ D ¹g1 2 G W g1 is conjugate to gº:

182 Chapter 13 Groups Actions and the Sylow Theorems

If g 2 G then its centralizer CG.g/ is the set of elements inG that commute with g:

CG.g/ D ¹g1 2 G W gg1 D g1gº:Theorem 13.2.1. Let G be a finite group and g 2 G. Then the centralizer of g is asubgroup of G and

jG W CG.g/j D jCl.g/j:That is the index of the centralizer of g is the size of its conjugacy class.

In particular for a finite group the size of each conjugacy class divides the order ofthe group.

Proof. Let the group G act on itself by conjugation. That is g.g1/ D g�1g1g. It iseasy to show that this is an action on the set G (see exercises). For g 2 G its orbit un-der this action is precisely its conjugacy class Cl.g/ and the stabilizer is its centralizerCG.g/. The statements in the theorem then follow directly from Theorem 13.1.4.

For any group G, since conjugacy is an equivalence relation, the conjugacy classespartition G. Hence

G D P[g2G

Cl.g/

where this union is a disjoint union. It follows that

jGj DX

g2G

jCl.g/j

where this sum is taken over distinct conjugacy classes.If Cl.g/ D ¹gº that is the conjugacy class of g is g alone then CG.g/ D G so that

g commutes with all of G. Therefore in this case g 2 Z.G/. This is true for everyelement of the center and therefore

G D Z.G/ [ P[g…Z.G/

Cl.g/

where again the second union is a disjoint union. The size of G is then the sum ofthese disjoint pieces so

jGj D jZ.G/j CX

g…Z.G/

jCl.g/j:

However from Theorem 13.2.1 jCl.g/j D jG W CG.g/j so the equation above becomes

jGj D jZ.G/j CX

g…Z.G/

jG W CG.g/j:

This is known as the class equation.

Section 13.3 The Sylow Theorems 183

Theorem 13.2.2 (class equation). Let G be a finite group. Then

jGj D jZ.G/j CX

g…Z.G/

jG W CG.g/j

where the sum is taken over the distinct centralizers.

As a first application we prove the result that finite p-groups have nontrivial centers.

Theorem 13.2.3. Let G be a finite p-group. Then G has a nontrivial center.

Proof. Let G be a finite p-group so that jGj D pn for some n and consider the classequation

jGj D jZ.G/j CX

g…Z.G/

jG W CG.g/j:

Since jG W CG.g/j divides jGj for each g 2 G we must have that pjjG W CG.g/j foreach g 2 G. Further pjjGj. Therefore p must divide jZ.G/j and hence jZ.G/j D pm

for some m � 1 and therefore Z.G/ is nontrivial.

The idea of conjugacy and the centralizer of an element can be extended to sub-groups. If H1;H2 are subgroups of a group G then H1;H2 are conjugate if thereexists a g 2 G such that g�1H1g D H2. As for elements conjugacy is an equiva-lence relation on the set of subgroups of G.

If H � G is a subgroup then its conjugacy class consists of all the subgroups of Gconjugate to it. The normalizer of H is

NG.H/ D ¹g 2 G W g�1Hg D H º:

As for elements let G act on the set of subgroups of G by conjugation. That is forg 2 G the map is given byH 7! g�1Hg. ForH � G the stabilizer under this actionis precisely the normalizer. Hence exactly as for elements we obtain the followingtheorem.

Theorem 13.2.4. Let G be a group and H � G a subgroup. Then the normalizerNG.H/ of H is a subgroup of G, H is normal in NG.H/ and

jG W NG.H/j D number of conjugates of H in G:

13.3 The Sylow Theorems

If G is a finite group and H � G is a subgroup then Lagrange’s theorem guaranteesthat the order of H divides the order of G. However the converse of Lagrange’stheorem is false. That is, if G is a finite group of order n and if d jn, then G need


not contain a subgroup of order d . If d is a prime p or a power of a prime pe ,however, then we shall see that G must contain subgroups of that order. In particular,we shall see that if pd is the highest power of p that divides n, than all subgroupsof that order are actually conjugate, and we shall finally get a formula concerningthe number of such subgroups. These theorems constitute the Sylow theorems whichwe will examine in this section. First we give an example where the converse ofLagrange’s theorem is false.

Lemma 13.3.1. The alternating group on 4 symbols A4 has order 12 but has nosubgroup of order 6.

Proof. Suppose that there exists a subgroup U �A4 with jU jD6. Then jA4 W U jD2

since jA4j D 12 and hence U is normal in A4.Now id, .1; 2/.3; 4/, .1; 3/.2; 4/, .1; 4/.2; 3/ are inA4. These each have order 2 and

commute so they form a subgroup V � A4 of order 4. This subgroup V Š Z2 � Z2.Then

12 D jA4j � jV U j D jV jjU jjV \ U j D 4 � 6

jV \ U j :

It follows that V \U ¤ ¹1º and since U is normal we have that V \U is also normalin A4.

Now .1; 2/.3; 4/ 2 V and by renaming the entries in V if necessary we may assumethat it is also in U so that .1; 2/.3; 4/ 2 V \ U . Since .1; 2; 3/ 2 A4 we have

.3; 2; 1/.1; 2/.3; 4/.1; 2; 3/ D .1; 3/.2; 4/ 2 V \ U

and then

.3; 2; 1/.1; 4/.2; 3/.1; 2; 3/ D .1; 2/.3; 4/ 2 V \ U:But then V � V \ U and so V � U . But this is impossible since jV j D 4 whichdoesn’t divide jU j D 6.

Definition 13.3.2. Let G be a finite group with jGj D n and let p be a prime suchthat pajn but no higher power of p divides n. A subgroup of G of order pa is calleda p-Sylow subgroup.

It is not a clear that a p-Sylow subgroup must exist. We will prove that for eachpjn a p-Sylow subgroup exists.

We first consider and prove a very special case.

Theorem 13.3.3. Let G be a finite abelian group and let p be a prime such thatpjjGj. Then G contains at least one element of order p.

Section 13.3 The Sylow Theorems 185

Proof. Suppose that G is a finite abelian group of order pn. We use induction on n.If n D 1 then G has order p and hence is cyclic and so has an element of order p.Suppose that the theorem is true for all abelian groups of order pm with m < n andsuppose that G has order pn. Suppose that g 2 G. If the order of g is pt for someinteger t then gt ¤ 1 and gt has order p proving the theorem in this case. Hencewe may suppose that g 2 G has order prime to p and we show that there must bean element whose order is a multiple of p and then use the above argument to get anelement of exact order p.

Hence we have g 2 G with order m where .m; p/ D 1. Since mjjGj D pn wemust havemjn. SinceG is abelian hgi is normal and the factor groupG=hgi is abelianof order p. n

m/ < pn. By the inductive hypothesisG=hgi has an element hhgi of order

p, h 2 G, and hence hp D gk for some k. gk has order m1jm and therefore h hasorder pm1. Now as above hm1 has order p proving the theorem.

Therefore if G is an abelian group and if pjn, then G contains a subgroup of or-der p, the cyclic subgroup of order p generated by an element a 2 G of order pwhose existence is guaranteed by the above theorem. We now present the first Sylowtheorem.

Theorem 13.3.4 (first Sylow theorem). Let G be a finite group and let pjjGj, then Gcontains a p-Sylow subgroup, that is a p-Sylow subgroup exists.

Proof. Let G be a finite group of order pn and as above we do induction on n. Ifn D 1 then G is cyclic and G is its own maximal p-subgroup and hence all of G isa p-Sylow subgroup. We assume then that if jGj D pm with m < n then G has ap-Sylow subgroup.

Assume that jGj D ptm with .m; p/ D 1. We must show that G contains asubgroup of order pt . IfH is a proper subgroup whose index is prime to p then jH jDptm1 withm1<m. Therefore by the inductive hypothesisH has a p-Sylow subgroupof order pt . This will also be a subgroup of G and hence a p-Sylow subgroup of G.

Therefore we may assume that the index of any proper subgroupH ofG must haveindex divisible by p. Now consider the class equation for G,

jGj D jZ.G/j CX

g…Z.G/

jG W CG.g/j:

By assumption each of the indices are divisible by p and also pjjGj. ThereforepjjZ.G/j. It follows that Z.G/ is a finite abelian group whose order is divisibleby p. From Theorem 13.3.3 there exists an element g 2 Z.G/ � G of order p. Sinceg 2 Z.G/ we must have hgi normal in G. The factor group G=hgi then has orderpt�1m and by the inductive hypothesis must have a p-Sylow subgroup K of orderpt�1 and hence of index m. By the correspondence theorem there is a subgroup Kof G with hgi � K such that K=H Š K. Therefore jKj D pt and K is a p-Sylowsubgroup of G.


On the basis of this theorem, we can now strengthen the result obtained in Theo-rem 13.3.3.

Theorem 13.3.5 (Cauchy). If G is a finite group and if p is a prime such that pjjGj,then G contains at least one element of order p.

Proof. Let P be a p-Sylow subgroup of G, and let jP j D pt . If g 2 P , g ¤ 1, thenthe order of g is pt1 . Then gpt1�1

has order p.

We have seen that p-Sylow subgroups exist. We now wish to show that any twop-Sylow subgroups are conjugate. This is the content of the second Sylow theorem.

Theorem 13.3.6 (second Sylow theorem). Let G be a finite group and p a primesuch that pjjGj. Then any p-subgroup H of G is contained in a p-Sylow subgroup.Further all p-Sylow subgroups of G are conjugate. That is, if P1 and P2 are any twop-Sylow subgroups of G then there exists an a 2 G such that P1 D aP2a

�1.

Proof. Let� be the set of p-Sylow subgroups ofG and letG act on� by conjugation.This action will of course partition � into disjoint orbits. Let P be a fixed p-Sylowsubgroup and�P be its orbit under the conjugation action. The size of the orbit is theindex of its stabilizer that is j�P j D jG W StabG.P /j. Now P � StabG.P / and P isa maximal p-subgroup of G. It follows that the index of StabG.P / must be prime top and so the number of p-Sylow subgroups conjugate to P is prime to p.

Now let H be a p-subgroup of G and let H act on �P by conjugation. �P willitself decompose into disjoint orbits under this actions. Further the size of each orbitis an index of a subgroup of H and hence must be a power of p. On the other handthe size of the whole orbit is prime to p. Therefore there must be one orbit that hassize exactly 1. This orbit contains a p-Sylow subgroup P 0 and P 0 is fixed byH underconjugation, that is H normalizes P 0. It follows that HP 0 is a subgroup of G and P 0is normal in HP 0. From the second isomorphism theorem we then obtain

HP 0=P 0 Š H=.H \ P 0/:

Since H is a p-group the size of H=.H \ P 0/ is a power of p and therefore sois the size of HP 0=P 0. But P 0 is also a p-group so it follows that HP 0 also hasorder a power of p. Now P 0 � HP 0 but P 0 is a maximal p-subgroup of G. HenceHP 0 D P 0. This is possible only ifH � P 0 proving the first assertion in the theorem.Therefore any p-subgroup of G is obtained in a p-Sylow subgroup.

Now let H be a p-Sylow subgroup P1 and let P1 act on �P . Exactly as in theargument above P1 � P 0 where P 0 is a conjugate of P . Since P1 and P 0 are bothp-Sylow subgroups they have the same size and hence P1 D P 0. This implies thatP1 is a conjugate of P . Since P1 and P are arbitrary p-Sylow subgroups it followsthat all p-Sylow subgroups are conjugate.

Section 13.4 Some Applications of the Sylow Theorems 187

We come now to the last of the three Sylow theorems. This one gives us informationconcerning the number of p-Sylow subgroups.

Theorem 13.3.7 (third Sylow theorem). Let G be a finite group and p a prime suchthat pjjGj. Then the number of p-Sylow subgroups of G is of the form 1 C pk anddivides the order of jGj. It follows that if jGj D pam with .p;m/ D 1 then thenumber of p-Sylow subgroups divides m.

Proof. Let P be a p-Sylow subgroup and let P act on �, the set of all p-Sylowsubgroups, by conjugation. Now P normalizes itself so there is one orbit, namely Pthat has size exactly 1. Every other orbit has size a power of p since the size is theindex of a nontrivial subgroup of P and therefore must be divisible by p. Hence thesize of the � is 1C pk.

13.4 Some Applications of the Sylow Theorems

We now give some applications of the Sylow theorems. First we show that the con-verse of Lagrange’s theorem is true for both general p-groups and for finite abeliangroups.

Theorem 13.4.1. LetG be a group of order pn. ThenG contains at least one normalsubgroup of order pm, for each m such that 0 � m � n.

Proof. We use induction on n. For n D 1 the theorem is trivial. By Lemma 10.5.7any group of order p2 is abelian. This together with Theorem 13.3.3 establishes theclaim for n D 2.

We now assume the theorem is true for all groups G of order pk where 1 � k < n,where n > 2. Let G be a group of order pn. From Lemma 10.3.4 G has a nontrivialcenter of order at least p and hence an element g 2 Z.G/ of order p. Let N D hgi.Since g 2 Z.G/ it follows that N is normal subgroup of order p. Then G=N is oforder pn�1, and therefore, contains (by the induction hypothesis) normal subgroupsof orders pm�1, for 0 � m � 1 � n � 1. These groups are of the form H=N , wherethe normal subgroup H � G contains N and is of order pm, 1 � m � n, becausejH j D jN jŒH W N� D jN j � jH=N j.

On the basis of the first Sylow theorem we see that if G is a finite group and ifpkjjGj, then G must contain a subgroup of order pk . One can actually show that, asin the case of Sylow p-groups, the number of such subgroups is of the form 1C pt ,but we shall not prove this here.

Theorem 13.4.2. Let G be a finite abelian group of order n. Suppose that d jn. ThenG contains a subgroup of order d .


Proof. Suppose that n D pe1

1 � � �pek

kis the prime factorization of n. Then d D

pf1

1 � � �pfk

kfor some nonnegative f1; : : : ; fk . Now G has p1-Sylow subgroup H1 of

order pe1

1 . Hence from Theorem 13.4.1H1 has a subgroupK1 of order pf1

1 . Similarly

there are subgroupsK2; : : : ; Kk ofG of respective orders pf2

2 ; : : : ; pfk

k. Further since

the orders are disjoint Ki \Kj D ¹1º if i ¤ j . It follows that hK1; K2; : : : ; Kki has

order jK1jjK2j � � � jKkj D pf1

1 � � �pfk

kD d .

In Section 10.5 we examined the classification of finite groups of small orders. Herewe use the Sylow theorems to extend some of this material further.

Theorem 13.4.3. Let p; q be distinct primes with p < q and q not congruent to1 mod p. Then any group of order pq is cyclic. For example any group of order 15must be cyclic.

Proof. Suppose that jGj D pq with p < q and q not congruent to 1 mod p. Thenumber of q-Sylow subgroups is of the form 1C qk and divides p. Since q is greaterthan p this implies that there can be only one and hence there is a normal q-Sylowsubgroup H . Since q is a prime, H is cyclic of order q and therefore there is anelement g of order q.

The number of p-Sylow subgroups is of the form 1 C pk and divides q. Sinceq is not congruent to 1 mod p this implies that there also can be only one p-Sylowsubgroup and hence there is a normal p-Sylow subgroup K. Since p is a prime Kis cyclic of order p and therefore there is an element h of order p. Since p; q aredistinct primes H \ K D ¹1º. Consider the element g�1h�1gh. Since K is normalg�1hg 2 K. Then g�1h�1gh D .g�1h�1g/h 2 K. But H is also normal soh�1gh 2 H . This then implies that g�1h�1gh D g�1.h�1gh/ 2 H and thereforeg�1h�1gh 2 K \ H . It follows then that g�1h�1gh D 1 or gh D hg. Since g; hcommute the order of gh is the lcm of the orders of g and h which is pq. ThereforeG has an element of order pq. Since jGj D pq this implies that G is cyclic.

In the above theorem since we assumed that q is not congruent to 1 mod p andhence p ¤ 2. In the case when p D 2 we get another possibility.

Theorem 13.4.4. Let p be an odd prime and G a finite group of order 2p. Theneither G is cyclic or G is isomorphic to the dihedral group of order 2p, that is thegroup of symmetries of a regular p-gon. In this latter case G is generated by twoelements g and h which satisfy the relations gp D h2 D .gh/2 D 1.

Proof. As in the proof of Theorem 13.4.3 G must have a normal cyclic subgroup oforder p say hgi. Since 2jjGj the group G must have an element of order 2 say h.Consider the order of .gh/. By Lagrange’s theorem this element can have order1; 2; p; 2p. If the order is 1 then gh D 1 or g D h�1 D h. This is impossible

Section 13.4 Some Applications of the Sylow Theorems 189

since g has order p and h has order 2. If the order of gh is p then from the secondSylow theorem gh 2 hgi. But this implies that h 2 hgi which is impossible sinceevery nontrivial element of hgi has order p. Therefore the order of gh is either 2or 2p.

If the order of gh is 2p then since G has order 2p it must be cyclic.If the order of gh is 2 then within G we have the relations gp D h2 D .gh/2 D 1.

Let H D hg; hi be the subgroup of G generated by g and h. The relations gp Dh2 D .gh/2 D 1 imply that H has order 2p. Since jGj D 2p we get that H D G.G is isomorphic to the dihedral group Dp of order 2p (see exercises).

In the above description g represents a rotation of 2�p

of a regular p-gon aboutits center while h represents any reflection across a line of symmetry of the regularp-gon.

We have looked at the finite fields Zp . We give an example of a p-Sylow subgroupof a matrix group over Zp .

Example 13.4.5. Consider GL.n; p/, the group of n� n invertible matrices over Zp.If ¹v1; : : : ; vnº is a basis for .Zp/

n over Zp then the size of GL.n; p/ is the number ofindependent images ¹w1; : : : ; wnº of ¹v1; : : : ; vnº. For w1 there are pn � 1 choices,for w2 there are pn � p choices and so on. It follows that

jGL.n; p/j D .pn � 1/.pn � p/ � � � .pn � pn�1/ D p1C2C��C.n�1/m D pn.n�1/

2 m

with .p;m/ D 1. Therefore a p-Sylow subgroup must have size pn.n�1/

2 .Let P be the subgroup of upper triangular matrices with 1’s on the diagonal.

Then P has size p1C2C��C.n�1/ D pn.n�1/

2 and is therefore a p-Sylow subgroupof GL.n; p/.

The final example is a bit more difficult. We mentioned that a major result on finitegroups is the classification of the finite simple groups. This classification showed thatany finite simple group is either cyclic of prime order, in one of several classes ofgroups such as the An or one of a number of special examples called sporadic groups.One of the major tools in this classification is the following famous result called theFeit–Thompson theorem that showed that any finite group G of odd order is solvableand, in addition, if G is not cyclic then G is nonsimple.

Theorem 13.4.6 (Feit–Thompson theorem). Any finite group of odd order is solvable.

The proof of this theorem, one of the major results in algebra in the twentiethcentury is way beyond the scope of this book – the proof is actually hundreds ofpages in length when one counts the results used. However we look at the smallestnonabelian simple group.


Theorem 13.4.7. Suppose thatG is a simple group of order 60. ThenG is isomorphicto A5. Further A5 is the smallest nonabelian finite simple group.

Proof. Suppose that G is a simple group of order 60 D 22 � 3 � 5. The number of 5-Sylow subgroups is of the form 1C 5k and divides 12. Hence there is 1 or 6. Since Gis assumed simple and all 5-Sylow subgroups are conjugate there cannot be only oneand hence there are 6. Since each of these is cyclic of order 5 they intersect only inthe identity. Hence these 6 subgroups cover 24 distinct elements.

The number of 3-Sylow subgroups is of the form 1 C 3k and divides 20. Hencethere are 1; 4; 10. We claim that there are 10. There can’t be only 1 since G is simple.Suppose there were 4. Let G act on the set of 3-Sylow subgroups by conjugation.Since an action is a permutation this gives a homomorphism f from G into S4. Bythe first isomorphism theorem G= ker.f / Š im.f /. However since G is simple thekernel must be trivial and this implies thatG would imbed into S4. This is impossiblesince jGj D 60 > 24 D jS4j. Therefore there are 10 3-Sylow subgroups. Since eachof these is cyclic of order 3 they intersect only in the identity and therefore these 10subgroups cover 20 distinct elements.

Hence together with the elements in the 5-Sylow subgroups we have 44 nontrivialelements.

The number of 2-Sylow subgroups is of the form 1 C 2k and divides 15. Hencethere are 1; 3; 5; 15. We claim that there are 5. As before there can’t be only 1 sinceG is simple. There can’t be 3 since as for the case of 3-Sylow subgroups this wouldimply an imbedding of G into S3 which is impossible since jS3j D 6. Supposethat there were 15 2-Sylow subgroups each of order 4. The intersections would have amaximum of 2 elements and therefore each of these would contribute at least 2 distinctelements. This gives a minimum of 30 distinct elements. However we already have44 nontrivial elements from the 3-Sylow and 5-Sylow subgroups. Since jGj D 60 thisis too many. Therefore G must have 5 2-Sylow subgroups.

Now let G act on the set of 2-Sylow subgroups. This then as above implies animbedding of G into S5 so we may consider G as a subgroup of S5. However theonly subgroup of S5 of order 60 is A5 and therefore G Š A5.

The proof that A5 is the smallest nonabelian simple group is actually brute force.We show that any groupG of order less than 60 either has prime order or is nonsimple.There are strong tools that we can use. By the Feit–Thompson theorem we must onlyconsider groups of even order. From Theorem 13.4.4 we don’t have to consider orders2p. The rest can be done by an analysis using Sylow theory. For example we showthat any group of order 20 is nonsimple. Since 20 D 22 � 5 the number of 5-Sylowsubgroups is 1C 5k and divides 4. Hence there is only one and therefore it must benormal and soG is nonsimple. There is a strong theorem, whose proof is usually donewith representation theory, which says that any group whose order is divisible by onlytwo primes is solvable. Therefore for jGj D 60 we only have to show that groups oforder 30 D 2 � 3 � 5 and 42 D 2 � 3 � 7 are nonsimple. This is done in the same manner


as the first part of this proof. Suppose jGj D 30. The number of 5-Sylow subgroupsis of the form 1 C 5k and divides 6 hence there are 1 or 6. If G were simple therewould have to be 6 covering 24 distinct elements. The number of 3-Sylow subgroupsis of the form 1 C 3k and divides 10 hence there are 1; 4; 10. If there were 10 thesewould cover an additional 20 distinct elements which is impossible since we alreadyhave 24 and G has order 30. If there were 4 and G were simple then G would imbedinto S4, again impossible since jGj D 30 > 24. Therefore there is only one and hencea normal 3-Sylow subgroup. It follows that G cannot be simple. The case jGj D 42

is even simpler. There must be a normal 7-Sylow subgroup.

13.5 Exercises


2. Let the group G act on itself by conjugation. That is g.g1/ D g�1g1g. Prove thatthis is an action on the set G.

3. Show that the dihedral group Dn of order 2n has the presentation hr; f I rn Df 2 D .rf /2 D 1i.

4. Show that each group of order � 59 is solvable.

5. Let P1 and P2 be two different p-Sylow subgroups of a finite group G. Show thatP1P2 is not a subgroup of G.

6. Let G be a finite group. For a prime p the following are equivalent:

(i) G has exactly one p-Sylow subgroup.

(ii) The product of two elements of order p has again order p.

7. Let P andQ be two p-Sylow subgroups of the finite groupG. IfZ.P / is a normalsubgroup of Q, then Z.P / D Z.Q/.

8. Let p be a prime and G D SL.2; p/. Let P D hai, where a D �

1 10 1

�

.

(i) Determine the normalizer NG.P / and the number of p-Sylow subgroupsof G.

(ii) Determine the centralizer CG.a/. How many elements of order p does Ghave? In how many conjugacy classes can they be decomposed?

(iii) Show that all subgroups of G of order p.p � 1/ are conjugate.

(iv) Show that G has no elements of order p.p � 1/ for p � 5.

Chapter 14

Free Groups and Group Presentations

14.1 Group Presentations and Combinatorial GroupTheory

In discussing the symmetric group on 3 symbols and then the various dihedral groupsin Chapters 9, 10 and 11 we came across the concept of a group presentation. Roughlyfor a groupG a presentation consists of a set of generatorsX forG, so thatG D hXi,and a set of relations between the elements of X from which in principle the wholegroup table can be constructed. In this chapter we make this concept precise. Aswe will see, every group G has a presentation but it is mainly in the case where thegroup is finite or countably infinite that presentations are most useful. Historically theidea of group presentations arose out of the attempt to describe the countably infinitefundamental groups that came out of low dimensional topology. The study of groupsusing group presentations is called combinatorial group theory.

Before looking at group presentations in general we revisit two examples of finitegroups and then a class of infinite groups.

Consider the symmetric group on 3 symbols, S3. We saw that it has the following6 elements:

1 D�

1 2 3

1 2 3

�

; a D�

1 2 3

2 3 1

�

; b D�

1 2 3

3 1 2

�

c D�

1 2 3

2 1 3

�

; d D�

1 2 3

3 2 1

�

; e D�

1 2 3

1 3 2

�

:

Notice that a3 D 1, c2 D 1 and that ac D ca2. We claim that

ha; cI a3 D c2 D .ac/2 D 1iis a presentation for S3. First it is easy to show that S3 D ha; ci. Indeed

1 D 1; a D a; b D a2; c D c; d D ac; e D a2c

and so clearly a; c generate S3.Now from .ac/2 D acac D 1 we get that ca D a2c. This implies that if we write

any sequence (or word in our later language) in a and c we can also rearrange it sothat the only powers of a are a and a2, the only powers of c are c and all a termsprecede c terms. For example

aca2cac D aca.acac/ D a.ca/ D a.a2c/ D .a3/c D c:

Section 14.2 Free Groups 193

Therefore using the three relations form the presentation above each element of S3

can be written as a˛cˇ with ˛ D 0; 1; 2 and ˇ D 0; 1. From this the multiplication ofany two elements can be determined.

Exactly this type of argument applies to all the dihedral groups Dn. We saw thatin general jDnj D 2n. Since these are the symmetry groups of a regular n-gon wealways have a rotation r of angle 2�

nabout the center of the n-gon. This element r

would have order n. Let f be a reflection about any line of symmetry. Then f 2 D 1

and rf is a reflection about the rotated line which is also a line of symmetry. Therefore.rf /2 D 1. Exactly as for S3 the relation .rf /2 D 1 implies that f r D r�1f Drn�1f . This allows us to always place r terms in front of f terms in any word on rand f . Therefore the elements of Dn are always of the form

r˛f ˇ ; ˛ D 0; 1; 2; : : : ; n � 1; ˇ D 0; 1

and further the relations rn D f 2 D .rf /2 D 1 allow us to rearrange any word in rand f into this form. It follows that jhr; f ij D 2n and hence Dn D hr; f i togetherwith the relations above. Hence we obtain:

Theorem 14.1.1. If Dn is the symmetry group of a regular n-gon then a presentationfor Dn is given by

Dn D hr; f I rn D f 2 D .rf /2 D 1i:We now give one class of infinite examples. If G is an infinite cyclic group, so that

G Š Z, then G D hgI i is a presentation for G. That is G has a single generator withno relations.

A direct product of n copies of Z is called a free abelian group of rank n. We willdenote this by Zn. A presentation for Zn is then given by

Zn D hx1; x2; : : : ; xnI xixj D xjxi for all i; j D 1; : : : ; ni:

14.2 Free Groups

Crucial to the concept of a group presentation is the idea of a free group.

Definition 14.2.1. A group F is free on a subset X if every map f W X ! G with Ga group can be extended to a unique homomorphism f W F ! G. X is called a freebasis for F . In general a group F is a free group if it is free on some subset X . If Xis a free basis for a free group F we write F D F.X/.

We first show that given any set X there does exist a free group with free basis X .Let X D ¹xiºi2I be a set (possibly empty). We will construct a group F.X/ whichis free with free basis X . First let X�1 be a set disjoint from X but bijective to X . Ifxi 2 X then the corresponding element ofX�1 under the bijection we denote x�1

i and

194 Chapter 14 Free Groups and Group Presentations

say that xi and x�1i are associated. The set X�1 is called the set of formal inverses

fromX and we callX[X�1 the alphabet. Elements of the alphabet are called letters,hence a letter has the form x

�1

i where �i D ˙1. A word in X is a finite sequence ofletters from the alphabet. That is a word has the form

w D x�i1

i1x

�i2

i2: : : x

�in

in

where xij 2 X and �ij D ˙1. If n D 0 we call it the empty word which we willdenote e. The integer n is called the length of the word. Words of the form xix

�1i or

x�1i xi are called trivial words. We let W.X/ be the set of all words on X .If w1; w2 2 W.X/ we say that w1 is equivalent to w2, denoted w1 � w2, if

w1 can be converted to w2 by a finite string of insertions and deletions of trivialwords. For example if w1 D x3x4x

�14 x2x2 and w2 D x3x2x2 then w1 � w2. It is

straightforward to verify that this is an equivalence relation on W.X/ (see exercises).Let F.X/ denote the set of equivalence classes in W.X/ under this relation, henceF.X/ is a set of equivalence classes of words from X .

A word w 2 W.X/ is said to be freely reduced or reduced if it has no trivialsubwords (a subword is a connected sequence within a word). Hence in the exampleabove w2 D x3x2x2 is reduced but w1 D x3x4x

�14 x2x2 is not reduced. In each

equivalence class in F.X/ there is a unique element of minimal length. Further thiselement must be reduced or else it would be equivalent to something of smaller length.Two reduced words in W.X/ are either equal or not in the same equivalence class inF.X/. Hence F.X/ can also be considered as the set of all reduced words fromW.X/.

Given a word w D x�i1

i1x

�i2

i2: : : x

�in

inwe can find the unique reduced word w equiv-

alent to w via the following free reduction process. Beginning from the left side of wwe cancel each occurrence of a trivial subword. After all these possible cancellationswe have a word w0. Now we repeat the process again starting from the left side. Sincew has finite length eventually the resulting word will either be empty or reduced. Thefinal reduced w is the free reduction of w.

Now we build a multiplication on F.X/. If

w1 D x�i1

i1x

�i2

i2: : : x

�in

in; w2 D x

�j1

j1x

�j2

j2: : : x

�jm

jm

are two words in W.X/ then their concatenation w1 ? w2 is simply placing w2 af-ter w1,

w1 ? w2 D x�i1

i1x

�i2

i2: : : x

�in

inx

�j1

j1x

�j2

j2: : : x

�jm

jm:

If w1; w2 2 F.x/ then we define their product as

w1w2 D equivalence class of w1 ? w2:

That is we concatenate w1 and w2, and the product is the equivalence class of theresulting word. It is easy to show that if w1 � w01 and w2 � w02 then w1 ? w2 �


w01 ?w02 so that the above multiplication is well-defined. Equivalently we can think ofthis product in the following way. If w1; w2 are reduced words then to find w1w2 firstconcatenate and then freely reduce. Notice that if x

�in

inx

�j1

j1is a trivial word then it is

cancelled when the concatenation is formed. We say then that there is cancellation informing the product w1w2. Otherwise the product is formed without cancellation.

Theorem 14.2.2. Let X be a nonempty set and let F.X/ be as above. Then F.X/ isa free group with free basis X . Further if X D ; then F.X/ D ¹1º, if jX j D 1 thenF.X/ Š Z and if jX j � 2 then F.X/ is nonabelian.

Proof. We first show that F.X/ is a group and then show that it satisfies the universalmapping property on X . We consider F.X/ as the set of reduced words in W.X/with the multiplication defined above. Clearly the empty word acts as the identityelement 1. If w D x

�i1

i1x

�i2

i2: : : x

�in

inand w1 D x

��in

inx��in�1

in�1: : : x

��i1

i1then both

w ? w1 and w1 ? w freely reduce to the empty word and so w1 is the inverse of w.Therefore each element of F.X/ has an inverse. Therefore to show that F.X/ formsa group we must show that the multiplication is associative. Let

w1 D x�i1

i1x

�i2

i2: : : x

�in

in; w2 D x

�j1

j1x

�j2

j2: : : x

�jm

jm; w3 D x

�k1

k1x

�k2

k2: : : x

�kp

kp

be three freely reduced words in F.X/. We must show that

.w1w2/w3 D w1.w2w3/:

To prove this we use induction on m, the length of w2. If m D 0 then w2 is theempty word and hence the identity and it is certainly true. Now suppose that m D 1

so that w2 D x�j1

j1. We must consider exactly four cases.

Case (1): There is no cancellation in forming either w1w2 or w2w3. That is x�j1

j1¤

x��in

inand x

�j1

j1¤ x

��k1

k1. Then the product w1w2 is just the concatenation of the

words and so is .w1w2/w3. The same is true for w1.w2w3/. Therefore in this casew1.w2w3/ D .w1w2/w3.

Case (2): There is cancellation in forming w1w2 but not in forming w2w3. Thenif we concatenate all three words the only cancellation occurs between w1 and w2 ineither w1.w2w3/ or in .w1w2/w3 and hence they are equal. Therefore in this casew1.w2w3/ D .w1w2/w3.

Case (3): There is cancellation in forming w2w3 but not in forming w1w2. This isentirely analogous to Case (2) so therefore in this case w1.w2w3/ D .w1w2/w3.

Case (4): There is cancellation in forming w1w2 and also in forming w2w3. Thenx

�j1

j1D x

��in

inand x

�j1

j1D x

��k1

k1. Here

.w1w2/w3 D x�i1

i1: : : x

�in�1

in�1x

�k1

k1x

�k2

k2: : : x

�kp

kp:


On the other hand

w1.w2w3/ D x�i1

i1: : : x

�in

inx

�k2

k2: : : x

�kp

kp:

However these are equal since x�in

inD x

�k1

k1. Therefore in this final case w1.w2w3/ D

.w1w2/w3. It follows inductively from these four cases that the associative law holdsin F.X/ and therefore F.X/ forms a group.

Now suppose that f W X ! G is a map fromX into a groupG. By the constructionof F.X/ as a set of reduced words this can be extended to a unique homomorphism.If w 2 F with w D x

�i1

i1: : : x

�in

inthen define f .w/ D f .xi1

/�i1 � � �f .xin/�in . Since

multiplication in F.X/ is concatenation this defines a homomorphism and again formthe construction of F.X/ its the only one extending f . This is analogous to con-structing a linear transformation from one vector space to another by specifying theimages of a basis. Therefore F.X/ satisfies the universal mapping property of Defi-nition 14.2.1 and hence F.X/ is a free group with free basis X .

The final parts of Theorem 14.2.2 are straightforward. If X is empty the only re-duced word is the empty word and hence the group is just the identity. If X has asingle letter then F.X/ has a single generator and is therefore cyclic. It is easy to seethat it must be torsion-free and therefore F.X/ is infinite cyclic, that is F.x/ Š Z.Finally if jX j � 2 let x1; x2 2 X . Then x1x2 ¤ x2x1 and both are reduced. There-fore F.X/ is nonabelian.

The proof of Theorem 14.2.2 provides another way to look at free groups.

Theorem 14.2.3. F is a free group if and only if there is a generating set X such thatevery element of F has a unique representation as a freely reduced word on X .

The structure of a free group is entirely dependent on the cardinality of a free ba-sis. In particular the cardinality of a free basis jX j for a free group F is uniqueand is called the rank of F . If jX j < 1, F is of finite rank. If F has rank nand X D ¹x1; : : : ; xnº we say that F is free on ¹x1; : : : ; xnº. We denote this byF.x1; x2; : : : ; xn/.

Theorem 14.2.4. If X and Y are sets with the same cardinality, that is jX j D jY j,then F.X/ Š F.Y /, the resulting free groups are isomorphic. Further if F.X/ ŠF.Y / then jX j D jY j.Proof. Suppose that f W X ! Y is a bijection from X onto Y . Now Y � F.Y /

so there is a unique homomorphism � W F.X/ ! F.Y / extending f . Since f isa bijection it has an inverse f �1 W Y ! X and since F.Y / is free there is a uniquehomomorphism �1 from F.Y / to F.X/ extending f �1. Then ��1 is the identity mapon F.Y / and �1� is the identity map on F.X/. Therefore �; �1 are isomorphismswith � D ��1

1 .


Conversely suppose that F.X/ Š F.Y /. In F.X/ let N.X/ be the subgroup gen-erated by all squares in F.X/ that is

N.X/ D h¹g2 W g 2 F.X/ºi:

Then N.X/ is a normal subgroup and the factor group F.X/=N.X/ is abelian whereevery nontrivial element has order 2 (see exercises). Therefore F.X/=N.X/ canbe considered as a vector space over Z2, the finite field of order 2, with X as avector space basis. Hence jX j is the dimension of this vector space. Let N.Y /be the corresponding subgroup of F.Y /. Since F.X/ Š F.Y / we would haveF.X/=N.X/ Š F.Y /=N.Y / and therefore jY j is the dimension of the vector spaceF.Y /=N.Y /. Therefore jX j D jY j from the uniqueness of dimension of vectorspaces.

Expressing elements of F.X/ as a reduced word gives a normal form for elementsin a free group F . As we will see in Section 14.5 this solves what is termed theword problem for free groups. Another important concept is the following: a freelyreduced word W D x

e1v1x

e2v2: : : x

envn

is cyclically reduced if v1 ¤ vn or if v1 D vn

then e1 ¤ �en. Clearly then every element of a free group is conjugate to an elementgiven by a cyclically reduced word. This provides a method to determine conjugacyin free groups.

Theorem 14.2.5. In a free group F two elements g1; g2 are conjugate if and only ifa cyclically reduced word for g1 is a cyclic permutation of a cyclically reduced wordfor g2.

The theory of free groups has a large and extensive literature. We close this sectionby stating several important properties. Proofs for these results can be found in [24],[23] or [15].

Theorem 14.2.6. A free group is torsion-free.

From Theorem 14.2.4 we can deduce:

Theorem 14.2.7. An abelian subgroup of a free group must be cyclic.

Finally a celebrated theorem of Nielsen and Schreier states that a subgroup of a freegroup must be free.

Theorem 14.2.8 (Nielsen–Schreier). A subgroup of a free group is itself a free group.

Combinatorially F is free on X if X is a set of generators for F and there are nonontrivial relations. In particular:


There are several different proofs of this result (see [24]) with the most straightfor-ward being topological in nature. We give an outline of a simple topological proof inSection 14.4.

Nielsen, using a technique now called Nielsen transformations in his honor, firstproved this theorem about 1920 for finitely generated subgroups. Schreier shortlyafter found a combinatorial method to extend this to arbitrary subgroups. A com-plete version of the original combinatorial proof appears in [24] and in the notes byJohnson [19].

Schreier’s combinatorial proof also allows for a description of the free basis for thesubgroup. In particular, let F be free on X , and H � F a subgroup. Let T D ¹t˛ºbe a complete set of right coset representatives for F mod H with the property that ift˛ D x

e1v1x

e2v2: : : x

envn

2 T , with �i D ˙1 then all the initial segments 1; xe1v1; x

e1v1x

e2v2

,etc. are also in T . Such a system of coset representatives can always be found and iscalled a Schreier system or Schreier transversal for H . If g 2 F let g represent itscoset representative in T and further define for g 2 F and t 2 T , Stg D tg.tg/�1.Notice that Stg 2 H for all t; g. We then have:

Theorem 14.2.9 (explicit form of Nielsen–Schreier). Let F be free on X and H asubgroup of F . If T is a Schreier transversal for F mod H then H is free on the set¹Stx W t 2 T; x 2 X;Stx ¤ 1º.

Example 14.2.10. Let F be free on ¹a; bº and H D F.X2/ the normal subgroup ofF generated by all squares in F .

Then F=F.X2/ D ha; bI a2 D b2 D .ab/2 D 1i D Z2 � Z2. It follows that aSchreier system for F mod H is ¹1; a; b; abº with a D a; b D b and ba D ab. Fromthis it can be shown that H is free on the generating set

x1 D a2; x2 D bab�1a�1; x3 D b2; x4 D abab�1; x5 D ab2a�1:

The theorem also allows for a computation of the rank of H given the rank of Fand the index. Specifically:

Corollary 14.2.11. Suppose F is free of rank n and jF W H j D k. Then H is free ofrank nk � k C 1.

From the example we see that F is free of rank 2, H has index 4 so H is free ofrank 2 � 4 � 4C 1 D 5.

14.3 Group Presentations

The significance of free groups stems from the following result which is easily de-duced from the definition and will lead us directly to a formal definition of a group

Section 14.3 Group Presentations 199

presentation. Let G be any group and F the free group on the elements of G consid-ered as a set. The identity map f W G ! G can be extended to a homomorphism ofF onto G, therefore:

Theorem 14.3.1. Every group G is a homomorphic image of a free group. That is letG be any group. Then G D F=N where F is a free group.

In the above theorem instead of taking all the elements of G we can consider justa set X of generators for G. Then G is a factor group of F.X/, G Š F.X/=R. Thenormal subgroup N is the kernel of the homomorphism from F.X/ onto G. We useTheorem 14.3.1 to formally define a group presentation.

IfH is a subgroup of a group G then the normal closure ofH denoted by N.H/ isthe smallest normal subgroup of G containing H . This can be described alternativelyin the following manner. The normal closure of H is the subgroup of G generated byall conjugates of elements of H .

Now suppose that G is a group with X a set of generators for G. We also call Xa generating system for G. Now let G D F.X/=N as in Theorem 14.3.1 and thecomments after it. N is the kernel of the homomorphism f W F.X/ ! G. It followsthat if r is a free group word with r 2 N then r D 1 inG (under the homomorphism).We then call r a relator in G and the equation r D 1 a relation in G. Suppose that Ris a subset ofN such thatN D N.R/, thenR is called a set of defining relators forG.The equations r D 1, r 2 R, are a set of defining relations for G. It follows that anyrelator in G is a product of conjugates of elements of R. Equivalently r 2 F.X/ isa relator in G if and only if r can be reduced to the empty word by insertions anddeletions of elements of R and trivial words.

Definition 14.3.2. Let G be a group. Then a group presentation for G consists ofa set of generators X for G and a set R of defining relators. In this case we writeG D hX IRi. We could also write the presentation in terms of defining relations asG D hX I r D 1; r 2 Ri.

From Theorem 14.3.1 it follows immediately that every group has a presentation.However in general there are many presentations for the same group. If R � R1 thenR1 is also a set of defining relators.

Lemma 14.3.3. Let G be a group. Then G has a presentation.

If G D hX IRi and X is finite then G is said to be finitely generated. If R is finiteG is finitely related. If both X and R are finite G is finitely presented.

Using group presentations we get another characterization of free groups.

Theorem 14.3.4. F is a free group if and only if F has a presentation of the formF D hX I i.


Mimicking the construction of a free group from a set X we can show that to eachpresentation corresponds a group. Suppose that we are given a supposed presentationhX IRi where R is given as a set of words in X . Consider the free group F.X/on X . Define two words w1; w2 on X to be equivalent if w1 can be transformed intow2 using insertions and deletions of elements of R and trivial words. As in the freegroup case this is an equivalence relation. Let G be the set of equivalence classes.If we define multiplication as before as concatenation followed by the appropriateequivalence class then G is a group. Further each r 2 R must equal the identity inG so that G D hX IRi. Notice that here there may be no unique reduced word for anelement of G.

Theorem 14.3.5. Given hX IRi where X is a set and R is a set of words on X . Thenthere exists a group G with presentation hX IRi.

We now give some examples of group presentations.

Example 14.3.6. A free group of rank n has a presentation

Fn D hx1; : : : ; xnI i:

Example 14.3.7. A free abelian group of rank n has a presentation

Zn D hx1; : : : ; xnI xixjx�1i x�1

j ; i D 1; : : : ; n; j D 1; : : : ; ni:

Example 14.3.8. A cyclic group of order n has a presentation

Zn D hxI xn D 1i:

Example 14.3.9. The dihedral groups of order 2n representing the symmetry groupof a regular n-gon has a presentation

hr; f I rn D 1; f 2 D 1; .rf /2 D 1i:We look at this example in Section 14.3.1.

14.3.1 The Modular Group

In this section we give a more complicated example and then a nice application tonumber theory.

IfR is any commutative ring with an identity, then the set of invertible n�nmatriceswith entries from R forms a group under matrix multiplication called the n-dimen-sional general linear group over R (see [25]). This group is denoted by GLn.R/.Since det.A/ det.B/ D det.AB/ for square matrices A;B it follows that the subsetof GLn.R/ consisting of those matrices of determinant 1 forms a subgroup. This


subgroup is called the special linear group over R and is denoted by SLn.R/. In thissection we concentrate on SL2.Z/, or more specifically a quotient of it, PSL2.Z/ andfind presentations for them.

The group SL2.Z/ then consists of 2 � 2 integral matrices of determinant one:

SL2.Z/ D²�

a b

c d

�

W a; b; c; d 2 Z; ad � bc D 1

³

:

SL2.Z/ is called the homogeneous modular group and an element of SL2.Z/ is calleda unimodular matrix.

IfG is any group, recall that its center Z.G/ consists of those elements ofG whichcommute with all elements of G:

Z.G/ D ¹g 2 G W gh D hg;8h 2 Gº:Z.G/ is a normal subgroup of G and hence we can form the factor group G=Z.G/.For G D SL2.Z/ the only unimodular matrices that commute with all others are˙I D ˙� 1 0

0 1

�

. Therefore Z.SL2.Z// D ¹I;�I º. The quotient

SL2.Z/=Z.SL2.Z// D SL2.Z/=¹I;�I ºis denoted PSL2.Z/ and is called the projective special linear group or inhomoge-neous modular group. More commonly PSL2.Z/ is just called the Modular Groupand denoted by M .M arises in many different areas of mathematics including number theory, com-

plex analysis and Riemann surface theory and the theory of automorphic forms andfunctions. M is perhaps the most widely studied single finitely presented group. Com-plete discussions of M and its structure can be found in the books Integral Matricesby M. Newman [38] and Algebraic Theory of the Bianchi Groups by B. Fine [34].

SinceM D PSL2.Z/ D SL2.Z/=¹I;�I º it follows that each element ofM can beconsidered as ˙A where A is a unimodular matrix. A projective unimodular matrixis then

˙�

a b

c d

�

; a; b; c; d 2 Z; ad � bc D 1:

The elements of M can also be considered as linear fractional transformations overthe complex numbers

z0 D az C b

cz C d; a; b; c; d 2 Z; ad � bc D 1; where z 2 C:

Thought of in this way, M forms a Fuchsian group which is a discrete group ofisometries of the non-Euclidean hyperbolic plane. The book by Katok [20] givesa solid and clear introduction to such groups. This material can also be found incondensed form in [35].


We now determine presentations for both SL2.Z/ and M D PSL2.Z/.

Theorem 14.3.10. The group SL2.Z/ is generated by the elements

X D�

0 �11 0

�

and Y D�

0 1

�1 �1�

:

Further a complete set of defining relations for the group in terms of these genera-tors is given by

X4 D Y 3 D YX2Y �1X�2 D I:

It follows that SL2.Z/ has the presentation

hX; Y IX4 D Y 3 D YX2Y �1X�2 D I i:Proof. We first show that SL2.Z/ is generated by X and Y , that is every matrix A inthe group can be written as a product of powers of X and Y .

Let

U D�

1 1

0 1

�

:

Then a direct multiplication shows that U D XY and we show that SL2.Z/ is gener-ated by X and U which implies that it is also generated by X and Y . Further

U n D�

1 n

0 1

�

so that U has infinite order.Let A D �

a bc d

� 2 SL2.Z/. Then we have

XA D��c �da b

�

and U kA D�

aC kc b C kd

c d

�

for any k 2 Z. We may assume that jcj � jaj otherwise start with XA rather than A.If c D 0 then A D ˙U q for some q. If A D U q then certainly A is in the groupgenerated by X and U . If A D �U q then A D X2U q since X2 D �I . It followsthat here also A is in the group generated by X and U .

Now suppose c ¤ 0. Apply the Euclidean algorithm to a and c in the followingmodified way:

a D q0c C r1

�c D q1r1 C r2

r1 D q2r2 C r3

:::

.�1/nrn�1 D qnrn C 0


where rn D ˙1 since .a; c/ D 1. Then

XU�qn � � �XU�q0A D ˙U qnC1 with qnC1 2 Z:

ThereforeA D XmU q0XU q1 � � �XU qnXU qnC1

with m D 0; 1; 2; 3; q0; q1; : : : ; qnC1 2 Z and q0; : : : ; qn ¤ 0. Therefore X and Uand hence X and Y generate SL2.Z/.

We must now show that

X4 D Y 3 D YX2Y �1X�2 D I

are a complete set of defining relations for SL2.Z/ or that every relation on thesegenerators is derivable from these. It is straightforward to see that X and Y do satisfythese relations. Assume then that we have a relation

S D X�1Y ˛1X�2Y ˛2 � � �Y ˛nX�nC1 D I

with all �i ; j 2 Z. Using the set of relations

X4 D Y 3 D YX2Y �1X�2 D I

we may transform S so that

S D X�1Y ˛1 � � �Y ˛mX�mC1

with �1; �mC1 D 0; 1; 2 or 3 and ˛i D 1 or 2 for i D 1; : : : ; m andm � 0. Multiplyingby a suitable power of X we obtain

Y ˛1X � � �Y ˛mX D X˛ D S1

with m � 0 and ˛ D 0; 1; 2 or 3. Assume that m � 1 and let

S1 D�

a �b�c d

�

:

We show by induction that

a; b; c; d � 0; b C c > 0

ora; b; c; d � 0; b C c < 0:

This claim for the entries of S1 is true for

YX D�

1 0

�1 1�

and Y 2X D��1 1

0 �1�

:


Suppose it is correct for S2 D �

a1 �b1�c1 d1

�

. Then

YXS2 D�

a1 �b1

�.a1 C c1/ b1 C d1

�

and

Y 2XS2 D��a1 � c1 b1 C d1

c1 d1

�

:

Therefore the claim is correct for all S1 with m � 1. This gives a contradiction, forthe entries of X˛ with ˛ D 0; 1; 2 or 3 do not satisfy the claim. Hence m D 0 and Scan be reduced to a trivial relation by the given set of relations. Therefore they are acomplete set of defining relations and the theorem is proved.

Corollary 14.3.11. The modular group M D PSL2.Z/ has the presentation

M D hx; yI x2 D y3 D 1i:Further x; y can be taken as the linear fractional transformations

x W z0 D �1z

and y W z0 D � 1

z C 1:

Proof. The center of SL2.Z/ is ˙I . Since X2 D �I setting X2 D I in the pre-sentation for SL2.Z/ gives the presentation for M . Writing the projective matrices aslinear fractional transformations gives the second statement.

This corollary says that M is the free product of a cyclic group of order 2 and acyclic group of order 3 a concept we will introduce in Section 14.7.

We note that there is an elementary alternative proof to Corollary 14.3.11 as faras showing that X2 D Y 3 D 1 are a complete set of defining relations. As linearfractional transformations we have

X.z/ D �1z; Y.z/ D � 1

z C 1; Y 2.z/ D �z C 1

z:

Now letRC D ¹x 2 R W x > 0º and R� D ¹x 2 R W x < 0º:

ThenX.R�/ � RC and Y ˛.RC/ � R�; ˛ D 1; 2:

Let S 2 � . Using the relations X2 D Y 3 D 1 and a suitable conjugation we mayassume that either S D 1 is a consequence of these relations or that

S D Y ˛1XY ˛2 � � �XY ˛n

with 1 � ˛i � 2 and ˛1 D ˛n.


In this second case if x 2 RC then S.x/ 2 R� and hence S ¤ 1.This type of ping-pong argument can be used in many examples (see [23], [15]

and [19]). As another example consider the unimodular matrices

A D�

0 1

�1 2�

; B D�

0 �11 2

�

:

Let A;B denote the corresponding linear fractional transformations in the modulargroup M . We have

An D��nC 1 n

�n nC 1

�

; Bn D��nC 1 �n

n nC 1

�

for n 2 Z:

In particular A and B have infinite order. Now

An.R�/ � RC and B

n.RC/ � R�

for all n ¤ 0. The ping-pong argument used for any element of the type

S D An1B

m1 � � �BmkA

nkC1

with all ni ; mi ¤ 0 and n1 C nkC1 ¤ 0 shows that S.x/ 2 RC if x 2 R�. It followsthat there are no nontrivial relations on A and B and therefore the subgroup of Mgenerated by A;B must be a free group of rank 2.

To close this section we give a nice number theoretical application of the modulargroup. First we need the following corollary to Corollary 14.3.11.

Corollary 14.3.12. Let M D hX; Y IX2 D Y 3 D 1i be the modular group. If A isan element of order 2 then A is conjugate to X . If B is an element of order 3 then Bis conjugate to either Y or Y 2.

Definition 14.3.13. Let a; n be relatively prime integers with a ¤ 0; n � 1. Thena is a quadratic residue mod n if there exists an x 2 Z with x2 D a mod n, that isa D x2 C kn for some k 2 Z.

The following is called Fermat’s two-square theorem.

Theorem 14.3.14 (Fermat’s two-square theorem). Let n > 0 be a natural number.Then n D a2 C b2 with .a; b/ D 1 if and only if �1 is a quadratic residue modulo n.

Proof. Suppose �1 is a quadratic residue mod n. Then there exists an x with x2 ��1 mod n or x2 D �1 C mn. This implies that �x2 � mn D 1 so that there mustexist a projective unimodular matrix

A D ˙�

x n

m �x�

:


It is straightforward that A2 D 1 so by Corollary 14.3.12 A is conjugate within Mto X . Now consider conjugates of X within M . Let T D �

a bc d

�

. Then

T �1 D�

d �b�c a

�

and

TXT �1 D�

a b

c d

��

0 1

�1 0��

d �b�c a

�

D ˙��.bd C ac/ a2 C b2

�.c2 C d2/ bd C ac

�

: ()

Therefore any conjugate ofX must have form () and thereforeAmust have form ().Therefore nDa2Cb2. Further .a; b/D1 since in finding form () we had ad�bcD1.

Conversely suppose n D a2 C b2 with .a; b/ D 1. Then there exist c; d 2 Z withad � bc D 1 and hence there exists a projective unimodular matrix

T D ˙�

a b

c d

�

:

Then

TXT �1 D ˙�

˛ a2 C b2

�˛�

D ˙�

˛ n

�˛�

:

This has determinant one, so

�˛2 � n D 1 H) ˛2 D �1 � n H) ˛2 � �1 mod n:

Therefore �1 is a quadratic residue mod n.

This type of group theoretical proof can be extended in several directions. Kern-Isberner and Rosenberger [21] considered groups of matrices of the form

U D�

a bpN

cpN d

�

; a; b; c; d;N 2 Z; ad �Nbc D 1

or

U D�

apN b

c dpN

�

; a; b; c; d;N 2 Z; Nad � bc D 1:

They then proved that if

N 2 ¹1; 2; 4; 5; 6; 8; 9; 10; 12; 13; 16; 18; 22; 25; 28; 37; 58ºand n 2 N with .n;N / D 1 then:

(1) If �N is a quadratic residue mod n and n is a quadratic residue mod N then ncan be written as n D x2 CNy2 with x; y 2 Z.

(2) Conversely if n D x2 C Ny2 with x; y 2 Z and .x; y/ D 1 then �N is aquadratic residue mod n and n is a quadratic residue mod N .

The proof of the above results depends on the class number of Q.p�N/ (see [21]).

In another direction Fine [33] and [32] showed that the Fermat two-square propertyis actually a property satisfied by many rings R. These are called sum of squaresrings. For example if p � 3 mod 4 then Zpn for n > 1 is a sum of squares ring.

Section 14.4 Presentations of Subgroups 207

14.4 Presentations of Subgroups

Given a group presentation G D hX IRi it is possible to find a presentation for a sub-group H of G. The procedure to do this is called the Reidemeister–Schreier processand is a consequence of the explicit version of the Nielsen–Schreier theorem (Theo-rem 14.2.9). We give a brief description. A complete description and a verification ofits correctness is found in [24] or in [15].

Let G be a group with the presentation ha1; : : : ; anIR1; : : : ; Rki. Let H be asubgroup of G and T a Schreier system for G mod H defined analogously as above.

Reidemeister–Schreier Process. LetG;H and T be as above. ThenH is generatedby the set

¹StavW t 2 T; av 2 ¹a1; : : : ; anº; Stav

¤ 1ºwith a complete set of defining relations given by conjugates of the original relatorsrewritten in terms of the subgroup generating set.

In order to actual rewrite the relators in terms of the new generators we use a map-ping � on words on the generators of G called the Reidemeister rewriting process.This map is defined as follows: If

W D ae1v1ae2

v2: : : a

ej

vjwith ei D ˙1 defines an element of H

then

�.W / D Se1

t1;av1S

e2

t2;av2� � �Sej

tj ;avj

where ti is the coset representative of the initial segment ofW preceding aviif ei D 1

and ti is the representative of the initial segment of W up to and including a�1vi

ifei D �1. The complete set of relators rewritten in terms of the subgroup generatorsis then given by

¹�.tRi t�1/º with t 2 T and Ri runs over all relators in G:

We present two examples; one with a finite group and then an important examplewith a free group which shows that a countable free group contains free subgroups ofarbitrary ranks.

Example 14.4.1. Let G D A4 be the alternating group on 4 symbols. Then a presen-tation for G is

G D A4 D ha; bI a2 D b3 D .ab/3 D 1i:Let H D A04 the commutator subgroup. We use the above method to find a presenta-tion for H . Now

G=H D A4=A04 D ha; bI a2 D b3 D .ab/3 D Œa; b� D 1i D hbI b3 D 1i:


Therefore jA4 W A04j D 3. A Schreier system is then ¹1; b; b2º. The generators for A04are then

X1 D S1a D a; X2 D Sba D bab�1; X3 D Sb2a D b2ab

while the relations are

1. �.aa/ D S1aS1a D X21

2. �.baab�1/ D X22

3. �.b2aab�2/ D X23

4. �.bbb/ D 1

5. �.bbbbb�1/ D 1

6. �.b2bbbb�2/ D 1

7. �.ababab/ D S1aSbaSb2a D X1X2X3

8. �.babababb�1/ D SbaSb2aS1a D X2X3X1

9. �.b2abababb�2/ D Sb2aS1aSba D X3X1X2.

Therefore after eliminating redundant relations and using that X3 D X1X2 we get asa presentation for A04,

hX1; X2IX21 D X2

2 D .X1X2/2 D 1i:

Example 14.4.2. Let F D hx; yI i be the free group of rank 2. Let H be the commu-tator subgroup. Then

F=H D hx; yI Œx; y� D 1i D Z � Z

a free abelian group of rank 2. It follows that H has infinite index in F . As Schreiercoset representatives we can take

tm;n D xmyn; m D 0;˙1;˙2; : : : ; n D 0;˙1;˙2; : : : :

The corresponding Schreier generators for H are

xm;n D xmynx�my�n; m D 0;˙1;˙2; : : : ; n D 0;˙1;˙2; : : : :

The relations are only trivial and therefore H is free on the countable infinitely manygenerators above. It follows that a free group of rank 2 contains as a subgroup afree group of countably infinite rank. Since a free group of countable infinite rankcontains as subgroups free groups of all finite ranks it follows that a free group ofrank 2 contains as a subgroup a free subgroup of any arbitrary finite rank.

Section 14.5 Geometric Interpretation 209

Theorem 14.4.3. Let F be free of rank 2. Then the commutator subgroup F 0 is freeof countable infinite rank. In particular a free group of rank 2 contains as a subgroupa free group of any finite rank n.

Corollary 14.4.4. Let n;m be any pair of positive integers n;m � 2 and Fn, Fm freegroups of ranks n;m respectively. Then Fn can be embedded into Fm and Fm can beembedded into Fn.

14.5 Geometric Interpretation

Combinatorial group theory has its origins in topology and complex analysis. Espe-cially important in the development is the theory of the fundamental group. This con-nection is so deep that many people consider combinatorial group theory as the studyof the fundamental group – especially the fundamental group of a low-dimensionalcomplex. This connection proceeds in both directions. The fundamental group pro-vides methods and insights to study the topology. In the other direction the topologycan be used to study the groups.

Recall that if X is a topological space then its fundamental group based at a pointx0, denoted �.X; x0/, is the group of all homotopy classes of closed paths at x0. If Xis path connected then the fundamental groups at different points are all isomorphicand we can speak of the fundamental group of X which we will denote �.X/. Histor-ically group presentations were developed to handle the fundamental groups of spaceswhich allowed simplicial or cellular decompositions. In these cases the presentationof the fundamental group can be read off from the combinatorial decomposition ofthe space.

An (abstract) simplicial complex or cell complex K is a topological space consist-ing of a set of points called the vertices, which we will denote V.K/, and collectionsof subsets of vertices called simplexes or cells which have the property that the inter-section of any two simplices is again a simplex. If n is the number of vertices in a cellthen n�1 is called its dimension. Hence the set of vertices are the 0-dimensional cellsand a simplex ¹v1; : : : ; vnº is an .n � 1/-dimensional cell. The 1-dimensional cellsare called edges. These have the form ¹u; vº where u and v are vertices. One shouldthink of the cells in a geometric manner so that the edges are really edges, the 2-cellsare filled triangles, that are equivalent to disks and so on. The maximum dimension ofany cell in a complex K is called the dimension of K. From now on we will assumethat our simplicial complexes are path connected.

A graph � is just a 1-dimensional simplicial complex. Hence � consists of justvertices and edges. IfK is any complex then the set of vertices and edges is called the1-skeleton of K. Similarly all the cells of dimension less than or equal to 2 comprisethe 2-skeleton. A connected graph with no closed paths in it is called a tree. If K is


any complex then a maximal tree in K is a tree that can be contained in no other treewithin K.

From the viewpoint of combinatorial group theory what is relevant is that if K isa complex then a presentation of its fundamental group can be determined from its2-skeleton and read off directly. In particular:

Theorem 14.5.1. Suppose that K is a connected cell complex. Suppose that T isa maximal tree within the 1-skeleton of K. Then a presentation for �.K/ can bedetermined in the following manner:

Generators: all edges outside of the maximal tree T

Relations: (a) ¹u; vº D 1 if ¹u; vº is an edge in T

(b) ¹u; vº¹v;wº D ¹u;wº if u; v; w lie in a simplex of K.

From this the following is obvious:

Corollary 14.5.2. The fundamental group of a connected graph is free. Further itsrank is the number of edges outside a maximal tree.

A connected graph is homotopic to a wedge or bouquet of circles. If there aren circles in a bouquet of circles then the fundamental group is free of rank n. Theconverse is also true. A free group can be realized as the fundamental group of awedge of circles.

An important concept in applying combinatorial group theory is that of a coveringcomplex.

Definition 14.5.3. Suppose that K is a complex. Then a complex K1 is a coveringcomplex for K if there exists a surjection p W K1 ! K called a covering map withthe property that for any cell s 2 K the inverse image p�1.s/ is a union of pairwisedisjoint cells inK1 and p restricted to any of the preimage cells is a homeomorphism.

That is for each simplex S in K we have

p�1.S/ D[

Si

and p W Si ! S is a bijection for each i .

The following then becomes clear.

Lemma 14.5.4. If K1 is a connected covering complex for K then K1 and K havethe same dimension.

What is crucial in using covering complexes to study the fundamental group is thatthere is a Galois theory of covering complexes and maps. The covering map p inducesa homomorphism of the fundamental group which we will also call p. Then:

Section 14.5 Geometric Interpretation 211

Theorem 14.5.5. Let K1 be a covering complex of K with covering map p. Thenp.�.K1// is a subgroup of �.K/. Conversely to each subgroupH of �.K/ there is acovering complex K1 with �.K1/ D H . Hence there is a one-to-one correspondencebetween subgroups of the fundamental group of a complex K and covers of K.

We will see the analog of this theorem in regard to algebraic field extensions inChapter 15.

A topological space X is simply connected if �.X/ D ¹1º. Hence the coveringcomplex of K corresponding to the identity in �.K/ is simply connected. This iscalled the universal cover of K since it covers any other cover of K.

Based on Theorem 14.5.1 we get a very simple proof of the Nielsen–Schreier the-orem.

Theorem 14.5.6 (Nielsen–Schreier). Any subgroup of a free group is free.

Proof. Let F be a free group. Then F D �.K/ where K is a connected graph. LetH be a subgroup of F . Then H corresponds to a cover K1 of K. But a cover is also1-dimensional and hence H D �.K1/ where K1 is a connected graph and hence His also free.

The fact that a presentation of a fundamental group of a simplicial complex is de-termined by its 2-skeleton goes in the other direction also. That is given an arbitrarypresentation there exists a 2-dimensional complex whose fundamental group has thatpresentation. Essentially given a presentation hX IRi we consider a wedge of circleswith cardinality jX j. We then paste on a 2-cell for each relator W in R bounded bythe path corresponding to the word W .

Theorem 14.5.7. Given an arbitrary presentation hX IRi there exists a connected2-complex K with �.K/ D hX IRi.

We note that the books by Rotman [26] and Camps, große Rebel and Rosen-berger [15] have very nice detailed and accessible descriptions of groups and com-plexes.

Cayley and then Dehn introduced for each group G, a graph, now called its Cayleygraph, as a tool to apply complexes to the study of G. The Cayley graph is actuallytied to a presentation and not to the group itself. Gromov reversed the procedure andshowed that by considering the geometry of the Cayley graph one could get informa-tion about the group. This led to the development of the theory of hyperbolic groups(see for instance [15]).

Definition 14.5.8. Let G D hX IRi be a presentation. We form a graph �.G;X/ inthe following way. Let A D X [ X�1. For the vertex set of �.G;X/ we take theelements of G, that is V.�/ D ¹g W g 2 Gº. The edges of � are given by the set¹.g; x/ W g 2 G; x 2 Aº. We call g the initial point and gx is the terminal point. That


is two points g; g1 in the vertex set are connected by an edge if g1 D gx for somex 2 A. We have .g; x/�1 D .gx; x�1/. This gives a directed graph called the Cayleygraph of G on the generating set X .

Call x the label on the edge .g; x/. Given a g 2 G then G is represented by at leastone word W in A. This represents a path in the Cayley graph. The length of the wordW is the length of the path. This is equivalent to making each edge have length one.If we take the distance between 2 points as the minimum path length we make theCayley graph a metric space. This metric is called the word metric. If we extend thismetric to all pairs of points in the Cayley graph in the obvious way (making each edgea unit real interval) then the Cayley graph becomes a geodesic metric space. Eachclosed path in the Cayley graph represents a relator.

By left multiplication the groupG acts on the Cayley graph as a group of isometries.Further the action of G on the Cayley graph is without inversion, that is ge ¤ e�1,if e is an edge.

If we sew in a 2-cell for each closed path in the Cayley graph we get a simplyconnected 2-complex called the Cayley complex.

14.6 Presentations of Factor Groups

Let G be a group with a presentation G D hX IRi. Suppose that H is a factorgroup of G, that is H Š G=N for some normal subgroup N of G. We show thata presentation for H is then H D hX IR [ R1i where R1 is a, perhaps additional,system of relators.

Theorem 14.6.1 (Dyck’s theorem). Let G D hX IRi and suppose that H Š G=N

where N is a normal subgroup of G. Then a presentation for H is hX IR [ R1i forsome set of words R1 on X . Conversely the presentation hX IR[R1i defines a groupthat is a factor group of G.

Proof. Since each element ofH is a coset ofN they have the form gN for g 2 G. It isclear then that the images ofX generateH . Further sinceH is a homomorphic imageof G each relator in R is a relator in H . Let N1 be a set of elements that generateN and let R1 be the corresponding words in the free group on X . Then R1 is anadditional set of relators in H . Hence R [ R1 is a set of relators for H . Any relatorin H is either a relator in G and hence a consequence of R or can be realized as anelement of G that lies in N and hence is a consequence of R1. Therefore R[R1 is acomplete set of defining relators forH andH has the presentationH D hX IR[R1i.

Conversely G D hX IRi; G1 D hX IR [ R1i. Then G D F.X/=N1 where N1 DN.R/ and G1 D F.X/=N2 where N2 D N.R [ R1/. Hence N1 � N2. The normalsubgroup N2=N1 of F.X/=N1 corresponds to a normal subgroup of H of G and

Section 14.7 Group Presentations and Decision Problems 213

therefore by the isomorphism theorem

G=H Š .F.X/=N1/=.N2=N1/ Š F.X/=N2 Š G1:

14.7 Group Presentations and Decision Problems

We have seen that given any group G there exists a presentation for it, G D hX IRi.In the other direction given any presentation hX IRi we have seen that there is a groupwith that presentation. In principle every question about a group can be answered viaa presentation. However things are not that simple. Max Dehn in his pioneering workon combinatorial group theory about 1910 introduced the following three fundamentalgroup decision problems.

(1) Word Problem: Suppose G is a group given by a finite presentation. Does thereexist an algorithm to determine if an arbitrary word w in the generators of Gdefines the identity element of G?

(2) Conjugacy Problem: Suppose G is a group given by a finite presentation. Doesthere exist an algorithm to determine if an arbitrary pair of words u; v in thegenerators of G define conjugate elements of G?

(3) Isomorphism Problem: Does there exist an algorithm to determine given twoarbitrary finite presentations whether the groups they present are isomorphic ornot?

All three of these problems have negative answers in general. That is for each ofthese problems one can find a finite presentation for which these questions cannotbe answered algorithmically (see [23]). Attempts for solutions and for solutions inrestricted cases have been of central importance in combinatorial group theory. Forthis reason combinatorial group theory has always searched for and studied classes ofgroups in which these decision problems are solvable.

For finitely generated free groups there are simple and elegant solutions to all threeproblems. If F is a free group on x1; : : : ; xn and W is a freely reduced word inx1; : : : ; xn then W ¤ 1 if and only if L.W / � 1. Since freely reducing any wordto a freely reduced word is algorithmic this provides a solution to the word problem.Further a freely reduced word W D x

e1v1x

e2v2: : : x

envn

is cyclically reduced if v1 ¤ vn

or if v1 D vn then e1 ¤ �en. Clearly then every element of a free group is conjugateto an element given by a cyclically reduced word called a cyclic reduction. This leadsto a solution to the conjugacy problem. Suppose V and W are two words in thegenerators of F and V ;W are respective cyclic reductions. Then V is conjugate toW if and only if V is a cyclic permutation of W . Finally two finitely generated freegroups are isomorphic if and only if they have the same rank.


14.8 Group Amalgams: Free Products and Direct Products

Closely related to free groups in both form and properties are free products of groups.Let A D ha1; : : : IR1; : : :i and B D hb1; : : : IS1; : : :i be two groups. We consider Aand B to be disjoint. Then:

Definition 14.8.1. The free product of A and B denoted A B is the group G withthe presentation ha1; : : : ; b1; : : : IR1; : : : ; S1; : : :i, that is the generators of G consistof the disjoint union of the generators of A and B with relators taken as the disjointunion of the relators Ri of A and Sj of B . A and B are called the factors of G.

In an analogous manner the concept of a free product can be extended to an arbitrarycollection of groups.

Definition 14.8.2. If A˛ D hgensA˛I relsA˛i; ˛ 2 I, is a collection of groups, thentheir free product G D A˛ is the group whose generators consist of the disjointunion of the generators of the A˛ and whose relators are the disjoint union of therelators of the A˛.

Free products exist and are nontrivial. We have:

Theorem 14.8.3. Let G D A B . Then the maps A ! G and B ! G are in-jections. The subgroup of G generated by the generators of A has the presentationhgenerators of AI relators of Ai, that is, is isomorphic to A. Similarly for B . Thus Aand B can be considered as subgroups of G. In particular A B is nontrivial if Aand B are.

Free products share many properties with free groups. First of all there is a cate-gorical formulation of free products. Specifically we have:

Theorem 14.8.4. A group G is the free product of its subgroups A and B if A and Bgenerate G and given homomorphisms f1 W A ! H;f2 W B ! H into a group Hthere exists a unique homomorphism f W G ! H extending f1 and f2.

Secondly each element of a free product has a normal form related to the reducedwords of free groups. If G D A B then a reduced sequence or reduced word in Gis a sequence g1g2 : : : gn, n � 0, with gi ¤ 1, each gi in either A or B and gi ; giC1

not both in the same factor. Then:

Theorem 14.8.5. Each element g 2 G D A B has a unique representation as areduced sequence. The length n is unique and is called the syllable length. The casen D 0 is reserved for the identity.

Section 14.8 Group Amalgams: Free Products and Direct Products 215

A reduced word g1 : : : gn 2 G D AB is called cyclically reduced if either n � 1

or n � 2 and g1 and gn are from different factors. Certainly every element of G isconjugate to a cyclically reduced word.

From this we obtain several important properties of free products which are analo-gous to properties in free groups.

Theorem 14.8.6. An element of finite order in a free product is conjugate to an el-ement of finite order in a factor. In particular a finite subgroup of a free product isentirely contained in a conjugate of a factor.

Theorem 14.8.7. If two elements of a free product commute then they are both powersof a single element or are contained in a conjugate of an abelian subgroup of a factor.

Finally a theorem of Kurosh extends the Nielsen–Schreier theorem to free products.

Theorem 14.8.8 (Kurosh). A subgroup of a free product is also a free product. Ex-plicitly if G D A B and H � G then

H D F .A˛/ .Bˇ /

where F is a free group and .A˛/ is a free product of conjugates of subgroups of Aand .Bˇ / is a free product of conjugates of subgroups of B .

We note that the rank of F as well as the number of the other factors can be com-puted. A complete discussion of these is in [24], [23] and [15].

IfA andB are disjoint groups then we now have two types of products forming newgroups out of them, the free product and the direct product. In both these productsthe original factors inject. In the free product there are no relations between elementsof A and elements of B while in a direct product each element of A commutes witheach element of B . If a 2 A and b 2 B a cross commutator is Œa; b� D aba�1b�1.The direct product is a factor group of the free product and the kernel is precisely thenormal subgroup generated by all the cross commutators.

Theorem 14.8.9. Suppose that A and B are disjoint groups. Then

A � B D .A ? B/=H

where H is the normal closure in A ?B of all the cross commutators. In particular apresentation for A � B is given by

A � B D hgensA; gensBI relsA; relsB; Œa; b� for all a 2 A; b 2 Bi:


14.9 Exercises

1. Let X�1 be a set disjoint from X but bijective to X . A word in X is a finitesequence of letters from the alphabet. That is a word has the form

w D x�i1

i1x

�i2

i2: : : x

�in

in;

where xij 2 X and �ij D ˙1. Let W.X/ be the set of all words on X .

If w1; w2 2 W.X/ we say that w1 is equivalent to w2, denoted w1 � w2, if w1

can be converted tow2 by a finite string of insertions and deletions of trivial words.Verify that this is an equivalence relation on W.X/.

2. In F.X/ let N.X/ be the subgroup generated by all squares in F.X/ that is

N.X/ D h¹g2 W g 2 F.X/ºi:Show thatN.X/ is a normal subgroup and the factor group F.X/=N.X/ is abelianwhere every nontrivial element has order 2.

3. Show that a free group F is torsion-free.

4. Let F be a free group and a; b 2 F . Show: If ak D bk , k ¤ 0, then a D b.

5. Let F D ha; bI i a free group with basis ¹a; bº. Let ci D a�ibai , i 2 Z. ThenG D hci ; i 2 Zi is free with basis ¹ci ji 2 Zº.

6. Show that hx; yI x2y3; x3y4i Š hxI xi D ¹1º.

7. Let G D hv1; : : : ; vnI v21 � � � v2

ni, n � 1, and ˛ W G ! Z2 the epimorphism with˛.vi / D �1 for all i . Let U be the kernel of ˛. Then U has a presentationU D hx1; : : : ; xn�1; y1; : : : ; yn�1Iy1x1 � � �yn�1xn�1y

�1n�1x

�1n�1 � � �y�1

1 x�11 i.

8. Let M D hx; yI x2; y3i Š PSL.2;Z/ be the modular group. Let M 0 be thecommutator subgroup. Show that M 0 is a free group of rank 2 with a basis¹Œx; y�; Œx; y2�º.

Chapter 15

Finite Galois Extensions

15.1 Galois Theory and the Solvability of PolynomialEquations

As we mentioned in Chapter 1, one of the origins of abstract algebra was the problemof trying to determine a formula for finding the solutions in terms of radicals of afifth degree polynomial. It was proved first by Ruffini in 1800 and then by Abel thatit is impossible to find a formula in terms of radicals for such a solution. Galois in1820 extended this and showed that such a formula is impossible for any degree fiveor greater. In proving this he laid the groundwork for much of the development ofmodern abstract algebra especially field theory and finite group theory. One of thegoals of this book has been to present a comprehensive treatment of Galois theory anda proof of the results mentioned above. At this point we have covered enough generalalgebra and group theory to discuss Galois extensions and general Galois theory.

In modern terms, Galois theory is that branch of mathematics that deals with theinterplay of the algebraic theory of fields, the theory of equations and finite grouptheory. This theory was introduced by Evariste Galois about 1830 in his study of theinsolvability by radicals of quintic (degree 5) polynomials, a result proved somewhatearlier by Ruffini and independently by Abel. Galois was the first to see the closeconnection between field extensions and permutation groups. In doing so he initiatedthe study of finite groups. He was the first to use the term group, as an abstractconcept, although his definition was really just for a closed set of permutations.

The method Galois developed not only facilitated the proof of the insolvability ofthe quintic and higher powers but led to other applications and to a much larger theoryas well.

The main idea of Galois theory is to associate to certain special types of algebraicfield extensions called Galois extensions a group called the Galois group. The prop-erties of the field extension will be reflected in the properties of the group, which aresomewhat easier to examine. Thus, for example, solvability by radicals can be trans-lated into solvability of groups which was discussed in Chapter 12. Showing that forevery degree five or greater there exists a field extension whose Galois group is notsolvable proves that there cannot be a general formula for solvability by radicals.

The tie-in to the theory of equations is as follows: If f .x/ D 0 is a polynomialequation over some field F , we can form the splitting fieldK. This is usually a Galois

218 Chapter 15 Finite Galois Extensions

extension, and therefore has a Galois group called the Galois group of the equation.As before, properties of this group will reflect properties of this equation.

15.2 Automorphism Groups of Field Extensions

In order to define the Galois group we must first consider the automorphism group ofa field extension. In this section K;L;M will always be (commutative) fields withadditive identity 0 and multiplicative identity 1.

Definition 15.2.1. Let LjK be a field extension. Then the set

Aut.LjK/ D ¹˛ 2 Aut.L/ W ˛jK D the identity on Kº

is called the set of automorphisms of L over K. Notice that if ˛ 2 Aut.LjK/ then˛.k/ D k for all k 2 K.

Lemma 15.2.2. Let LjK be a field extension. Then Aut.LjK/ forms a group calledthe Galois group of LjK.

Proof. Aut.LjK/ � Aut.L/ and hence to show that Aut.LjK/ is a group we onlyhave to show that its a subgroup of Aut.L/. Now the identity map on L is certainlythe identity map on K so 1 2 Aut.LjK/ and hence Aut.LjK/ is nonempty. If ˛; ˇ 2Aut.LjK/ then consider ˛�1ˇ. If k2K then ˇ.k/Dk and ˛.k/Dk so ˛�1.k/Dk.Therefore ˛�1ˇ.k/ D k for all k 2 K and hence ˛�1ˇ 2 Aut.LjK/. It follows thatAut.LjK/ is a subgroup of Aut.L/ and therefore a group.

If f .x/ 2 KŒx� n K and L is the splitting field of f .x/ over K then Aut.LjK/ isalso called the Galois group of f .x/.

Theorem 15.2.3. If P is the prime field of L then Aut.LjP / D Aut.L/.

Proof. We must show that any automorphism of a prime field P is the identity. If˛ 2 Aut.L/ then ˛.1/ D 1 and so ˛.n � 1/ D n � 1. Therefore in P , ˛ fixes all integermultiples of the identity. However every element of P can be written as a quotientm � 1n �1

of integer multiples of the identity. Since ˛ is a field homomorphism and ˛ fixesboth the top and the bottom it follows that ˛ will fix every element of this form andhence fix each element of P .

For splitting fields the Galois group is a permutation group on the roots of thedefining polynomial.

Theorem 15.2.4. Let f .x/ 2 KŒx� and L the splitting field of f .x/ overK. Supposethat f .x/ has roots ˛1; : : : ; ˛n 2 L.

Section 15.2 Automorphism Groups of Field Extensions 219

(a) Then each � 2 Aut.LjK/ is a permutation on the roots. In particular Aut.LjK/is isomorphic to a subgroup of Sn and uniquely determined by the zeros of f .x/.

(b) If f .x/ is irreducible then Aut.LjK/ operates transitively on ¹˛1; : : : ; ˛nº.Hence for each i; j there is a � 2 Aut.LjK/ such that �.˛i / D j .

(c) If f .x/ D b.x�˛1/ � � � .x�˛n/with ˛1; : : : ; ˛n distinct and Aut.LjK/ operatestransitively on ˛1; : : : ; ˛n then f .x/ is irreducible.

Proof. For the proofs we use the results of Chapter 8.(a) Let � 2 Aut.K/. Then from Theorem 8.1.5 we obtain that � permutes the roots

˛1; : : : ; ˛n. Hence �j¹˛1;:::;˛nº 2 Sn. This map then defines a homomorphism

� W Aut.LjK/ ! Sn by �.�/ D �j¹˛1;:::;˛nº:

Further � is uniquely determined by the images �.˛i /. It follows that � is a mono-morphism.

(b) If f .x/ is irreducible then Aut.LjK/ operates transitively on the set ¹˛1; : : : ;

˛nº again following from Theorem 8.1.5.(c) Suppose that f .x/ D b.x � ˛1/ � � � .x � ˛n/ with ˛1; : : : ; ˛n distinct and f 2

Aut.LjK/ operates transitively on ˛1; : : : ; ˛n. Assume that f .x/ D g.x/h.x/ withg.x/; h.x/ 2 KŒx� nK. Without loss of generality let ˛1 be a zero of g.x/ and ˛n bea zero of h.x/.

Let ˛ 2 Aut.LjK/ with ˛.˛1/ D ˛n. However ˛.g.x// D g.x/, that is ˛.˛1/ isa zero of ˛.g.x// D g.x/ which gives a contradiction since ˛n is not a zero of g.x/.Therefore f .x/ must be irreducible.

Example 15.2.5. Let f .x/ D .x2 � 2/.x2 � 3/ 2 QŒx�. The field L D Q.p2;

p3/

is the spitting field of f .x/.Over L we have

f .x/ D .x C p2/.x � p

2/.x C p3/.x � p

3/:

We want to determine the Galois group Aut.LjQ/ D Aut.L/ D G.

Lemma 15.2.6. The Galois group G above is the Klein 4-group.

Proof. First we show that jAut.L/j � 4. Let ˛ 2 Aut.L/. Then ˛ is uniquelydetermined by ˛.

p2/ and ˛.

p3/ and

˛.2/ D 2 D .p2/2 D ˛.

p2

2/ D .˛.

p2//2:

Hence ˛.p2/ D ˙p

2. Analogously ˛.p3/ D ˙p

3. From this it follows thatjAut.L/j � 4. Further ˛2 D 1 for any ˛ 2 G.

Next we show that the polynomial f .x/ D x2 �3 is irreducible overK D Q.p2/.

Assume that x2 � 3 were reducible over K. Thenp3 2 K. This implies that

p3 D


ab

C cd

p2 with a; b; c; d 2 Z and b ¤ 0 ¤ d and gcd.c; d/ D 1. Then bd

p3 D

ad C bcp2 hence 3b2d2 D a2b2 C 2b2c2 C 2

p2adbc. Since bd ¤ 0 this implies

that we must have ac D 0. If c D 0 thenp3 D a

b2 Q a contradiction. If a D 0 thenp

3 D cd

p2 which implies 3d2 D 2c2. It follows from this that 3j gcd.c; d/ D 1

again a contradiction. Hence f .x/ D x2 � 3 is irreducible over K D Q.p2/.

SinceL is the splitting field of f .x/ and f .x/ is irreducible overK then there existsan automorphism ˛ 2 Aut.L/ with ˛.

p3/ D �p

3 and ˛jK D IK , that is ˛.p2/ Dp

2. Analogously there is a ˇ 2 Aut.L/ with ˇ.p2/ D �p

2 and ˇ.p3/ D p

3.Clearly ˛ ¤ ˇ, ˛ˇ D ˇ˛ and ˛ ¤ ˛ˇ ¤ ˇ. It follows that Aut.L/ D ¹1; ˛; ˇ; ˛ˇº.


15.3 Finite Galois Extensions

We now define (finite) Galois extensions. First we introduce the concept of a Fix field.Let K be a field and G a subgroup of Aut.K/. Define the set

Fix.K;G/ D ¹k 2 K W g.k/ D k 8g 2 Gº:

Theorem 15.3.1. For a G � Aut.K/, the set Fix.K;G/ is a subfield of K called theFix field of G over K.

Proof. 1 2 K is in Fix.K;G/ so Fix.K;G/ is not empty. Let k1; k2 2 Fix.K;G/ andlet g 2 G. Then g.k1 ˙ k2/ D g.k1/ ˙ g.k2/ since g is an automorphism. Theng.k1/˙ g.k2/ D k1 ˙ k2 and it follows that k1 ˙ k2 2 Fix.K;G/. In an analogousmanner k1k

�12 2 Fix.K;G/ if k2 ¤ 0 and therefore Fix.K;G/ is a subfield ofK.

Using the concept of a fix field we define a finite Galois extension.

Definition 15.3.2. LjK is a (finite) Galois extension if there exists a finite subgroupG � Aut.L/ such that K D Fix.L;G/.

We now give some examples of finite Galois extensions.

Lemma 15.3.3. Let L D Q.p2;

p3/ and K D Q. Then LjK is a Galois extension.

Proof. Let G D Aut.LjK/. From the example in the previous section there areautomorphisms ˛; ˇ 2 G with

˛.p3/ D �p

3; ˛.p2/ D p

2 and ˇ.p2/ D �p

2; ˇ.p3/ D p

3:

We haveQ.

p2;

p3/ D ¹c C d

p3 W c; d 2 Q.

p2/º:

Let t D a1 C b1

p2C .a2 C b2

p2/

p3 2 Fix.L;G/.

Section 15.4 The Fundamental Theorem of Galois Theory 221

Then applying ˇ we have

t D ˇ.t/ D a1 � b1

p2C .a2 � b2

p2/

p3:

It follows that b1 C b2

p3 D 0, that is, b1 D b2 D 0 since

p3 … Q. Therefore

t D a1 C a2

p3. Applying ˛ we have ˛.t/ D a1 � a2

p3 and hence a2 D 0.

Therefore t D a1 2 Q. Hence Q D Fix.L;G/ and LjK is a Galois extension.

Lemma 15.3.4. Let L D Q.214 / and K D Q. Then LjK is not a Galois extension.

Proof. Suppose that ˛ 2 Aut.L/ and a D 214 . Then a is a zero of x4 � 2 and hence

˛.a/ D 214 or

˛.a/ D i214 … L since i … L or

˛.a/ D �214 or

˛.a/ D �i2 14 … L since i … L:

In particular ˛.p2/ D p

2 and therefore

Fix.L;Aut.L// D Q.p2/ ¤ Q:

15.4 The Fundamental Theorem of Galois Theory

We now state the fundamental theorem of Galois theory. This theorem describes theinterplay between the Galois group and Galois extensions. In particular the result tiestogether subgroups of the Galois group and intermediate fields between L and K.

Theorem 15.4.1 (fundamental theorem of Galois theory). Let LjK be a Galois ex-tension with Galois group G D Aut.LjK/. For each intermediate field E let �.E/ bethe subgroup of G fixing E. Then:

(1) � is a bijection between intermediate fields containing K and subgroups of G.

(2) LjK is a finite extension and if M is an intermediate field then

jL W M j D jAut.LjM/jjM W Kj D jAut.LjK/ W Aut.LjM/j:

(3) If M is an intermediate field then

(a) LjM is always a Galois extension

(b) M jK is a Galois extension if and only if

Aut.LjM/ is a normal subgroup of Aut.LjK/:


(4) If M is an intermediate field and M jK is a Galois extension then

(a) ˛.M/ D M for all ˛ 2 Aut.LjK/,(b) the map � W Aut.LjK/ ! Aut.M jK/ with �.˛/ D ˛jM D ˇ is an

epimorphism,

(c) Aut.M jK/ D Aut.LjK/=Aut.LjM/.

(5) The lattice of subfields of L containing K is the inverted lattice of subgroups ofAut.KjL/.

We will prove this main result via a series of theorems and then combine them all.

Theorem 15.4.2. Let G be a group, K a field and ˛1; : : : ; ˛n pairwise distinct grouphomomorphisms from G to K? the multiplicative group of K. Then ˛1; : : : ; ˛n arelinearly independent elements of the K-vector space of all homomorphisms from G

to K.

Proof. The proof is by induction on n. If n D 1 and k˛1 D 0 with k 2 K then0 D k˛1.1/ D k � 1 and hence k D 0. Now suppose that n � 2 and suppose that eachn � 1 of the ˛1; : : : ; ˛n are linearly independent over K. If

nX

iD1

ki˛i D 0; ki 2 K ()

then we must show that all ki D 0. Since ˛1 ¤ ˛n there exists an a 2 G with˛1.a/ ¤ ˛n.a/. Let g 2 G and apply the sum above to ag. We get

nX

iD1

ki .˛i .a//.˛i .g// D 0: ()

Now multiply equation () by ˛n.a/ 2 K to get

nX

iD1

ki .˛n.a//.˛i .g// D 0: ()

If we subtract equation () from equation () then the last term vanishes and wehave an equation in the n � 1 homomorphism ˛1; : : : ; ˛n�1. Since these are linearlyindependent we obtain

k1.˛1.a// � k1.˛n.a// D 0

for the coefficient for ˛1. Since ˛1.a/ ¤ ˛n.a/ we must have k1 D 0. Now˛2; : : : ; ˛n�1 are by assumption linearly independent so k2 D � � � D kn D 0 also.Hence all the coefficients must be zero and therefore the mappings are indepen-dent.


Theorem 15.4.3. Let ˛1; : : : ; ˛n be pairwise distinct monomorphisms from the fieldK into the field K 0. Let

L D ¹k 2 K W ˛1.k/ D ˛2.k/ D � � � D ˛n.k/º:

Then L is a subfield of K with jL W Kj � n.

Proof. Certainly L is a field. Assume that r D jK W Lj < n and let ¹a1; : : : ; arº be abasis of the L-vector space K. We consider the following system of linear equationswith r equations and n unknowns.

.˛1.a1//x1 C � � � C .˛n.a1//xn D 0

:::

.˛1.ar //x1 C � � � C .˛n.ar//xn D 0:

Since r < n there exists a nontrivial solution .x1; : : : ; xn/ 2 .K0/n.Let a 2 K. Then

a DrX

jD1

ljaj with lj 2 L:

From the definition of L we have

˛1.lj / D ˛i .lj / for i D 2; : : : ; n:

Then with our nontrivial solution .x1; : : : ; xn/ we have

nX

iD1

xi .˛i .a// DnX

iD1

xi

� rX

jD1

˛i .lj /˛i .aj /

�

DrX

jD1

.˛1.lj //

nX

iD1

xi .˛i .aj // D 0

since ˛1.lj / D ˛i .lj / for i D 2; : : : ; n. This holds for all a 2 K and hencePn

iD1 xi˛i D 0 contradicting Theorem 15.4.2. Therefore our assumption that jK WLj < n must be false and hence jK W Lj � n.

Definition 15.4.4. Let K be a field and G a finite subgroup of Aut.K/. The maptrG W K ! K given by

trG.k/ DX

˛2G

˛.k/

is called the G-trace of K.


Theorem 15.4.5. Let K be a field and G a finite subgroup of Aut.K/. Then

¹0º ¤ trG.K/ � Fix.K;G/:

Proof. Let ˇ 2 G. Then

ˇ.trG.k// DX

˛2G

ˇ˛.k/ DX

˛2G

˛.k/ D trG.k/:

Therefore trG.K/ � Fix.K;G/.Now assume that trG.k/D 0 for all k 2K. Then

P

˛2G ˛.k/D 0 for all k 2K.It follows that

P

˛2G ˛ is the zero map and hence the set of all ˛ 2 G are linearly de-pendent as elements of the K-vector space of all maps from K to K. This contradictsTheorem 15.4.2 and hence the trace cannot be the zero map.


jK W Fix.K;G/j D jGj:Proof. Let L D Fix.K;G/ and suppose that jGj D n. From Theorem 15.4.3 weknow that jK W Lj � n. We must show that jK W Lj � n.

Suppose that G D ¹˛1; : : : ; ˛nº. To prove the result we show that if m > n anda1; : : : ; am 2 K then a1; : : : ; am are linearly dependent.

We consider the system of equations

.˛�11 .a1//x1 C � � � C .˛�1

1 .am//xm D 0

:::

.˛�1n .a1//x1 C � � � C .˛�1

n .am//xm D 0:

Since m > n there exists a nontrivial solution .y1; : : : ; ym/ 2 Km. Suppose thatyl ¤ 0. Using Theorem 15.4.5 we can choose k 2 K with trG.k/ ¤ 0. Define

.x1; : : : ; xm/ D ky�1l .y1; : : : ; ym/:

Thism-tuple .x1; : : : ; xm/ is then also a nontrivial solution of the system of equationsconsidered above.

Then we havetrG.xl/ D trG.k/ since xl D k:

Now we apply ˛i to the i -th equation to obtain

a1.˛1.x1//C � � � C am.˛1.xm// D 0

:::

a1.˛n.x1//C � � � C am.˛n.xm// D 0:


Summation leads to

0 DmX

jD1

aj

nX

iD1

.˛i .xj // DmX

jD1

.trG.xj //aj

by definition of the G-trace. Hence a1; : : : ; am are linearly dependent over L sincetrG.xl/ ¤ 0. Therefore jK W Lj � n. Combining this with Theorem 15.4.3 we getthat jK W Lj D n D jGj.


Aut.Kj Fix.K;G// D G:

Proof. G � Aut.Kj Fix.K;G// since if g 2 G then g 2 Aut.K/ and g fixesFix.K;G/ by definition. Therefore we must show that Aut.Kj Fix.K;G// � G.

Assume then that there exists an ˛ 2 Aut.Kj Fix.K;G// with ˛ … G. Suppose, asin the previous proof, jGj D n and G D ¹˛1; : : : ; ˛nº with ˛1 D 1. Now

Fix.K;G/ D ¹a 2 K W a D ˛2.a/ D � � � D ˛n.a/ºD ¹a 2 K W ˛.a/ D a D ˛2.a/ D � � � D ˛n.a/º:

From Theorem 15.4.3 we have that jK W Fix.K;G/j � n C 1. However from Theo-rem 15.4.6 jK W Fix.K;G/j D n getting a contradiction.

Suppose that LjK is a Galois extension. We now establish that the map � betweenintermediate fields K � E � L and subgroups of Aut.LjK/ is a bijection.

Theorem 15.4.8. Let LjK be a Galois extension. Then:

(1) Aut.LjK/ is finite and

Fix.L;Aut.LjK// D K:

(2) If H � Aut.LjK/ then

Aut.Lj Fix.L;H// D H:

Proof. (1) If .LjK/ is a Galois extension there is a finite subgroup of Aut.L/ withK D Fix.K;G/. From Theorem 15.4.7 we have G D Aut.LjK/. In particularAut.LjK/ is finite and K D Fix.L;Aut.LjK//.

(2) Let H � Aut.LjK/. From part (1) H is finite and then Aut.Lj Fix.L;H// DH from Theorem 15.4.7.


Theorem 15.4.9. Let LjK be a field extension. Then the following are equivalent.

(1) LjK is a Galois extension.

(2) jL W Kj D jAut.LjK/j < 1.

(3) jAut.LjK/j < 1 and K D Fix.L;Aut.LjK//.Proof. (1) ) (2): Now jAut.LjK/j < 1 and Fix.L;Aut.LjK// D K from Theo-rem 15.4.8. Therefore jL W Kj D jAut.LjK/j from Theorem 15.4.6.

(2) ) (3): Let G D Aut.LjK/. Then K � Fix.L;G/ � L. From Theorem 15.4.6we have

jL W Fix.L;G/j D jGj D jL W Kj:(3) ) (1) follows directly from the definition completing the proof.

We now show that ifLjK is a Galois extension then LjM is also a Galois extensionfor any intermediate field M .

Theorem 15.4.10. Let LjK be a Galois extension and K � M � L be an interme-diate field. Then LjM is always a Galois extension and

jM W Kj D jAut.LjK/ W Aut.LjM/j:

Proof. Let G D Aut.LjK/. Then jGj < 1 and further K D Fix.L;G/ from The-orem 15.4.9. Define H D Aut.LjM/ and M 0 D Fix.L;H/. We must show thatM 0 D M for then LjM is a Galois extension.

Since the elements of H fix M we have M � M 0. Let G D SriD1 ˛iH a disjoint

union of the cosets of H . Let ˛1 D 1 and define ˇi D .˛i /jM . The ˇ1; : : : ; ˇr arepairwise distinct for if ˇi D j , that is .˛i /jM D . j /jM , then ˛�1

j ˛i 2 H so ˛i andj are in the same coset.

We claim that

¹a 2 M W ˇ1.a/ D � � � D ˇr.a/º D M \ Fix.L;G/:

Further we know that

M \ Fix.L;G/ D M \K D K

from Theorem 15.4.9.To establish the claim it is clear that

M \ Fix.L;G/ � ¹a 2 M W ˇ1.a/ D � � � D ˇr .a/º

sincea D ˇi .a/ D ˛i .a/ for ˛i 2 G; a 2 K:


Hence we must show that

¹a 2 M W ˇ1.a/ D � � � D ˇr.a/º � M \ Fix.L;G/:

To do this we must show that ˛.b/ D b for all ˛ 2 G, b 2 M . We have ˛ 2 ˛iH

for some i and hence ˛ D ˛i for 2 H . We obtain then

˛.b/ D ˛i ..b// D ˛i .b/ D ˇi .b/ D b

proving the inclusion and establishing the claim.Now jM W Kj � r from Theorem 15.4.3. From the degree formula we get

jL W M 0jjM 0 W M jjM W Kj D jL W Kj D jGj D jG W H jjH j D r jL W M 0jsince jL W Kj D jGj from Theorem 15.4.9 and jH j D jL W M 0j from Theorem 15.4.6.Therefore jM W M 0j D 1 and hence M D M 0 since jM W Kj � r . Now

jM W Kj D jG W H j D jAut.LjK/ W Aut.LjM/jcompleting the proof.

Lemma 15.4.11. Let LjK be a field extension and K � M � L be an intermediatefield. If ˛ 2 Aut.LjK/ then

Aut.Lj˛.M// D ˛Aut.LjM/˛�1:

Proof. Now ˇ 2 Aut.Lj˛.M// if and only if ˇ.˛.a// D ˛.a/ for all a 2 M . Thisoccurs if and only if ˛�1ˇ˛.a/ D a for all a 2 M which is true if and only ifˇ 2 ˛Aut.LjM/˛�1.

Lemma 15.4.12. LetLjK be a Galois extension andK � M � L be an intermediatefield. Suppose that ˛.M/ D M for all ˛ 2 Aut.LjK/. Then

� W Aut.LjK/ ! Aut.M jK/ by �.˛/ D ˛jM

is an epimorphism with kernel ker.�/ D Aut.LjM/.

Proof. It is clear that � is a homomorphism with ker.�/ D Aut.LjM/ (see exercises).We must show that it is an epimorphism.

Let G D im.�/. Since LjK is a Galois extension we get that

Fix.M;G/ D Fix.L;Aut.LjK// \M D K \M D K:

Then from Theorem 15.4.8 we have

Aut.M jK/ D Aut.M j Fix..M;G// D G

and therefore � is an epimorphism.


Theorem 15.4.13. Let LjK be a Galois extension and K � M � L be an interme-diate field. Then the following are equivalent.

(1) M jK is a Galois extension.

(2) If ˛ 2 Aut.LjK/ then ˛.M/ D M .

(3) Aut.LjM/ is a normal subgroup of Aut.LjK/.Proof. (1) ) (2): Suppose that M jK is a Galois extension. Let Aut.M jK/ D ¹˛1;

: : : ; ˛rº. Consider the ˛i as monomorphisms from M into L. Let ˛rC1 W M ! L bea monomorphism with ˛rC1jK

D 1. Then

¹a 2 M W ˛1.a/ D ˛2.a/ � � � D ˛r.a/ D ˛rC1.a/º D K

sinceM jK is a Galois extension. Therefore from Theorem 15.4.3 we have that, if the˛1; : : : ; ˛r ; ˛rC1 are distinct then

jM W Kj � r C 1 > r D jAut.M jK/j D jM W Kj

giving a contradiction. Hence if ˛rC1 2 Aut.LjK/ is arbitrary then ˛rC1jM2

¹˛1; : : : ; ˛rº, that is ˛rC1 fixes M .(2) ) (1): Suppose that if ˛ 2 Aut.LjK/ then ˛.M/ D M . The map � W

Aut.LjK/ ! Aut.M jK/ with �.˛/ D ˛jM is surjective. Since LjK is a Galoisextension then Aut.LjK/ is finite. Therefore also H D Aut.M jK/ is finite. Toprove (1) then it is sufficient to show that K D Fix.M;H/.

The fieldK � Fix.M;H/ from the definition of the Fix field. Hence we must showthat Fix.M;H/ � K. Assume that there exists an ˛ 2 Aut.LjK/ with ˛.a/ ¤ a.Recall that LjK is a Galois extension and therefore Fix.L;Aut.LjK// D K. Defineˇ D ˛jM . Then ˇ 2 H since ˛.M/ D M and our original assumption. Thenˇ.a/ ¤ a contradicting a 2 Fix.M;H/. Therefore K D Fix.M;H/ and M jK is aGalois extension.

(2) ) (3): Suppose that if ˛ 2 Aut.LjK/ then ˛.M/ D M . Then Aut.LjM/ is anormal subgroup of Aut.LjK/ follows from Lemma 15.4.12 since Aut.LjM/ is thekernel of �.

(3) ) (2): Suppose that Aut.LjM/ is a normal subgroup of Aut.LjK/. Let ˛ 2Aut.LjK/ then from our assumption and Lemma 15.4.11 we get that

Aut.Lj˛.M// D Aut.LjM/:

Now LjM and Lj˛.M/ are Galois extensions by Theorem 15.4.10. Therefore

˛.M/ D Fix.L;Aut.Lj˛.M// D Fix.L;Aut.LjM// D M



We now combine all of these results to give the proof of Theorem 15.4.1, the fun-damental theorem of Galois theory.

Proof of Theorem 15.4.1. Let LjK be a Galois extension.(1) Let G � Aut.LjK/. Both G and Aut.LjK/ are finite from Theorem 15.4.8.

Further G D Aut.Lj Fix.L;G// from Theorem 15.4.7.Now let M be an intermediate field of LjK. Then LjM is a Galois extension from

Theorem 15.4.10 and then Fix.L;Aut.LjM// D M from Theorem 15.4.8.(2) Let M be an intermediate field of LjK. From Theorem 15.4.10 LjM is a

Galois extension. From Theorem 15.4.9 we have jL W M j D jAut.LjM/j. ApplyingTheorem 15.4.10 we get the result on indices

jM W Kj D jAut.LjK/ W Aut.LjM/j:

(3) Let M be an intermediate field of LjK.(a) From Theorem 15.4.10 we have that LjM is a Galois extension.(b) From Theorem 15.4.13 M jK is a Galois extension if and only if

Aut.LjM/ is a normal subgroup of Aut.LjK/:

(4) Let M jK be a Galois extension.(a) ˛.M/ D M for all ˛ 2 Aut.LjK/ from Theorem 15.4.13.(b) The map � W Aut.LjK/ ! Aut.M jK/ with �.˛/ D ˛jM D ˇ is an epimorph-

ism follows from Lemma 15.4.12 and Theorem 15.4.13.(c) Aut.M jK/DAut.LjK/=Aut.LjM/ follows directly from the group isomorph-

ism theorem.(5) That the lattice of subfields of L containing K is the inverted lattice of sub-

groups of Aut.LjK/ follows directly from the previous results.

In Chapter 8 we looked at the following example (Example 8.1.7). Here we analyzeit further using the Galois theory.

Example 15.4.14. Let f .x/ D x3 � 7 2 QŒx�. This has no zeros in Q and since it isof degree 3 it follows that it must be irreducible in QŒx�.

Let ! D �12

Cp

32i 2 C. Then it is easy to show by computation that

!2 D �12

�p3

2i and !3 D 1:

Therefore the three zeros of f .x/ in C are

a1 D 71=3; a2 D !.71=3/; a3 D !2.71=3/:


Hence L D Q.a1; a2; a3/ is the splitting field of f .x/. Since the minimal polyno-mial of all three zeros over Q is the same .f .x// it follows that

Q.a1/ Š Q.a2/ Š Q.a3/:

Since Q.a1/ � R and a2; a3 are nonreal it is clear that a2; a3 … Q.a1/.Suppose that Q.a2/ D Q.a3/. Then ! D a3a

�12 2 Q.a2/ and so 71=3 D !�1a2 2

Q.a2/. HenceQ.a1/ � Q.a2/ and therefore Q.a1/ D Q.a2/ since they are the samedegree over Q. This contradiction shows that Q.a2/ and Q.a3/ are distinct.

By computation we have a3 D a�11 a2

2 and hence

L D Q.a1; a2; a3/ D Q.a1; a2/ D Q.71=3; !/:

Now the degree of L over Q is

jL W Qj D jQ.71=3; !/ W Q.!/jjQ.!/ W Qj:Now jQ.!/ W Qj D 2 since the minimal polynomial of ! over Q is x2 C x C 1.

Since no zero of f .x/ lies in Q.!/ and the degree of f .x/ is 3 it follows that f .x/ isirreducible over Q.!/. Therefore we have that the degree of L over Q.!/ is 3. HencejL W Qj D .2/.3/ D 6.

Clearly then we have the following lattice of intermediate fields:

The question then arises as to whether these are all the intermediate fields. Theanswer is yes which we now prove.

Let G D Aut.LjQ/ D Aut.L/. (Aut.LjQ/ D Aut.L/ since Q is a prime field).Now G Š S3. G acts transitively on ¹a1; a2; a3º since f is irreducible. Let ı W C !C be the automorphism of C taking each element to its complex conjugate, that isı.z/ D z.

Then ı.f / D f and ıjL 2 G (see Theorem 8.2.2). Since a1 2 R we get thatıj¹a1;a2;a3º D .a2; a3/ the 2-cycle that maps a2 to a3 and a3 to a2. Since G istransitive on ¹a1; a2; a3º there is a � 2 G with �.a1/ D a2.


Case 1: �.a3/ D a3. Then � D .a1; a2/ and .a1; a2/.a2; a3/ D .a1; a2; a3/ 2 G.Case 2: �.a3/ ¤ a3. Then � is a 3-cycle. In either case G is generated by a

transposition and a 3-cycle. Hence G is all of S3. Then LjQ is a Galois extensionfrom Theorem 15.4.9 since jGj D jL W Qj.

The subgroups of S3 are as follows:

Hence the above lattice of fields is complete. LjQ;QjQ;Q.!/jQ and LjQ.ai / areGalois extensions while Q.ai /jQ with i D 1; 2; 3 are not Galois extensions.

15.5 Exercises

1. Let K � M � L be a chain of fields and let � W Aut.LjK/ ! Aut.M jK/ bedefined by �.˛/ D ˛jM . Show that � is an epimorphism with kernel ker.�/ DAut.LjM/.

2. Show that Q.514 /jQ.p5/ and Q.

p5/jQ are Galois extensions and Q.5

14 /jQ is

not a Galois extension.

3. Let LjK be a field extension and u; v 2 L algebraic over K with jK.u/ W Kj D m

and jK.v/ W Kj D n. If m and n are coprime, then jK.u; v/ W Kj D n �m.

4. Let p; q be prime numbers with p ¤ q. Let L D Q.pp; q

13 /. Show that

L D Q.pp � q 1

3 /. Determine a basis of L over Q and the minimal polynomial

ofpp � q 1

3 .

5. Let K D Q.21n / with n � 2.

(i) Determine the number of Q-embeddings W K ! R. Show that for eachsuch embedding we have .K/ D K.

(ii) Determine Aut.KjQ/.


6. Let ˛ Dp

5C 2p5.

(i) Determine the minimal polynomial of ˛ over Q.

(ii) Show that Q.a/jQ is a Galois extension.

(iii) Determine Aut.Q.a/jQ/.7. Let K be a field of prime characteristic p and let f .x/ D xp � x C a 2 K be an

irreducible polynomial. Let L D K.v/, where v is a zero of f .x/.

(i) If ˛ is a zero of f .x/ then also ˛ C 1.

(ii) LjK is a Galois extension.

(iii) There is exactly one K-automorphism of L with .v/ D v C 1.

(iv) The Galois group Aut.LjK/ is cyclic with generating element .

Chapter 16

Separable Field Extensions

16.1 Separability of Fields and Polynomials

In the previous chapter we introduced and examined Galois extensions. Recall thatLjK is a Galois extension if there exists a finite subgroup G � Aut.L/ such thatK D Fix.L;G/. The following questions immediately arise.

(1) Under what conditions is a field extension LjK a Galois extension?

(2) When is LjK a Galois extension when L is the splitting field of a polynomialf .x/ 2 KŒx�?

In this chapter we consider these questions and completely characterize Galois ex-tensions. In order to do this we must introduce separable extensions.

Definition 16.1.1. Let K be a field. Then a nonconstant polynomial f .x/ 2 KŒx� iscalled separable over K if each irreducible factor of f .x/ has only simple zeros in itssplitting field.

We now extend this definition to field extensions.

Definition 16.1.2. Let LjK be a field extension and a 2 L. Then a is separableoverK if a is a zero of a separable polynomial. The field extensionLjK is a separablefield extension or just separable if all a 2 L are separable over K. In particular aseparable extension is an algebraic extension.

Finally we consider fields where every nonconstant polynomial is separable.

Definition 16.1.3. A field K is perfect if each nonconstant polynomial in KŒx� isseparable over K.

The following is straightforward from the definitions. An element a is separableover K if and only if its minimal polynomial ma.x/ is separable.

If f .x/ 2 KŒx� then f .x/ D PniD0 kix

i with ki 2 K. The formal derivative off .x/ is then f 0.x/ D Pn

iD1 ikixi�1. As in ordinary Calculus we have the usual

differentiation rules.f .x/C g.x//0 D f 0.x/C g0.x/

and.f .x/g.x//0 D f 0.x/g.x/C f .x/g0.x/

for f .x/; g.x/ 2 KŒx�.

234 Chapter 16 Separable Field Extensions

Lemma 16.1.4. Let K be a field and f .x/ an irreducible nonconstant polynomial inKŒx�. Then f .x/ is separable if and only if its formal derivative is nonzero.

Proof. Let L be the splitting field of f .x/ over K. Let f .x/ D .x � a/rg.x/ where.x � a/ does not divide g.x/. Then

f 0.x/ D .x � a/r�1.rg.x/C .x � a/g0.x//:If f 0.x/ ¤ 0 then a is a zero of f .x/ in L over K of multiplicity m � 2 if and onlyif .x � a/jf .x/ and also .x � a/jf 0.x/.

Let f .x/ be a separable polynomial over KŒx� and let a be a zero of f .x/ in L.Then if f .x/ D .x � a/rg.x/ with .x � a/ not dividing g.x/ we must have r D 1.Then

f 0.x/ D g.x/C .x � a/g0.x/:If g0.x/ D 0 then f 0.x/ D g.x/ ¤ 0. Now suppose that g0.x/ ¤ 0. Assumethat f 0.x/ D 0. Then necessarily .x � a/jg.x/ giving a contradiction. Thereforef 0.x/ ¤ 0.

Conversely suppose that f 0.x/ ¤ 0. Assume that f .x/ is not separable. Then bothf .x/ and f 0.x/ have a common zero a 2 L. Let ma.x/ be the minimal polynomialof a in KŒx�. Then ma.x/jf .x/ and ma.x/jf 0.x/. Since f .x/ is irreducible then thedegree of ma.x/ must equal the degree of f .x/. But ma.x/ must also have the samedegree as f 0.x/ which is less than that of f .x/ giving a contradiction. Thereforef .x/ must be separable.

We now consider the following example of a nonseparable polynomial over thefinite field Zp of p elements. We will denote this field now as GF.p/, the Galois fieldof p elements.

Example 16.1.5. Let K D GF.p/ and L D K.t/ the field of rational functions in tover K. Consider the polynomial f .x/ D xp � t 2 LŒx�.

Now KŒt�=tKŒt � Š K. Since K is a field this implies that tKŒt � is a maximal idealand hence a prime ideal inKŒt� with prime element t 2 KŒt� (see Theorem 3.2.7). Bythe Eisenstein criteria f .x/ is an irreducible polynomial in LŒx� (see Theorem 4.4.8).However f 0.x/ D pxp�1 D 0 since char.K/ D p. Therefore f .x/ is not separable.

16.2 Perfect Fields

We now consider when a field K is perfect. First we show that in general any fieldof characteristic 0 is perfect. In particular the rationals Q are perfect and hence anyextension of the rationals is separable.

Theorem 16.2.1. Each field K of characteristic zero is perfect.

Section 16.2 Perfect Fields 235

Proof. Suppose that K is a field with char.K/ D 0. Suppose that f .x/ is a non-constant polynomial in KŒx�. Then f 0.x/ ¤ 0. If f .x/ is irreducible then f .x/ isseparable from Lemma 16.1.4. Therefore by definition each nonconstant polynomialf .x/ 2 KŒx� is separable.

We remark that in the original motivation for Galois theory the ground field was therationals Q. Since this has characteristic zero it is perfect and all extensions are sepa-rable. Hence the question of separability didn’t arise until the question of extensionsof fields of prime characteristic arose.

Corollary 16.2.2. Any finite extension of the rationals Q is separable.

We now consider the case of prime characteristic.

Theorem 16.2.3. Let K be a field with char.K/ D p ¤ 0. If f .x/ is a nonconstantpolynomial in KŒx� then the following are equivalent:

(1) f 0.x/ D 0.

(2) f .x/ is a polynomial in xp, that is, there is a g.x/ 2 KŒx� with f .x/ D g.xp/.

If in .1/ and .2/ f .x/ is irreducible then f .x/ is not separable over K if and only iff .x/ is a polynomial in xp.

Proof. Let f .x/ D PniD1 aix

i . Then f 0.x/ D 0 if and only if pji for all i withai ¤ 0. But this is equivalent to

f .x/ D a0 C apxp C � � � C amx

mp:

If f .x/ is irreducible then we have that f .x/ is not separable if and only if f 0.x/ D0 from Lemma 16.1.4.

Theorem 16.2.4. Let K be a field with char.K/ D p ¤ 0. Then the following areequivalent:

(1) K is perfect.

(2) Each element in K has a p-th root in K.

(3) The Frobenius homomorphism x 7! xp is an automorphism of K.

Proof. First we show that (1) implies (2). Suppose thatK is perfect and a 2 K. Thenxp �a is separable overK. Let g.x/ 2 KŒx� be an irreducible factor of xp �a. Let Lbe the splitting field of g.x/ over K and b a zero of g.x/ in L. Then bp D a. Furtherxp �bp D .x�b/p 2 LŒx� since the characteristic ofK is p. Hence g.x/ D .x�b/sand then s must equal 1 since g.x/ is irreducible. Therefore b 2 K and b is a p-throot of a.

Now we show that (2) implies (3). Recall that the Frobenius homomorphism � Wx 7! xp is injective (see Theorem 1.8.8). We must show that it is also surjective. Let


a 2 K and let b be a p-th root of a so that a D bp . Then �.b/ D bp D a and � issurjective.

Finally we show that (3) implies (1). Let � W x 7! xp be surjective. It follows thateach a 2 K has a p-th root in K. Now let f .x/ 2 KŒx� be irreducible. Assume thatf .x/ is not separable. From Theorem 16.2.3 there is a g.x/ 2 KŒx� with f .x/ Dg.xp/, that is

f .x/ D a0 C a1xp C � � � C amx

mp:

Let bi 2 K with ai D bpi . Then

f .x/ D bpo C b

p1 x

p C � � � C bpmx

mp D .b0 C b1x C � � � C bmxm/p:

However this is a contradiction since f .x/ is irreducible. Therefore f .x/ is separablecompleting the proof.

Theorem 16.2.5. Let K be a field with char.K/ D p ¤ 0. Then each element of Khas at most one p-th power in K.

Proof. Suppose that b1; b2 2 K with bp1 D b

p2 D a. Then

0 D bp1 � bp

2 D .b1 � b2/p :

Since K has no zero divisors it follows that b1 D b2.

16.3 Finite Fields

In this section we consider finite fields. In particular we show that ifK is a finite fieldthen jKj D pm for some prime p and natural number m > 0. Further we show thatif K1; K2 are finite fields with jK1j D jK2j then K1 Š K2. Hence there is a uniquefinite field for each possible order.

Notice that if K is a finite field then by necessity charK D p ¤ 0. We first showthat in this case K is always perfect.

Theorem 16.3.1. A finite field is perfect.

Proof. Let K be a finite field of characteristic p > 0. Then the Frobenius map � Wx 7! xp is surjective since its injective and K is finite. Therefore K is perfect fromTheorem 16.2.4.

Next we show that each finite field has order pm for some prime p and naturalnumber m > 0.

Lemma 16.3.2. LetK be a finite field. Then jKj D pm for some prime p and naturalnumber m > 0.

Section 16.3 Finite Fields 237

Proof. Let K be a finite field with characteristic p > 0. Then K can be consideredas a vector space over K D GF.p/ and hence of finite dimension since jKj < 1. If˛1; : : : ; ˛m is a basis then each f 2 K can be written as f D c1˛1 C� � �Ccn˛m witheach ci 2 GF.p/. Hence there are p choices for each ci and therefore pm choices foreach f .

In Theorem 9.5.16 we proved that any finite subgroup of the multiplicative groupof a field is cyclic. If K is a finite field then its multiplicative subgroup K? is finiteand hence is cyclic.

Lemma 16.3.3. LetK be a finite field. Then its multiplicative subgroupK? is cyclic.

If K is a finite field with order pm then its multiplicative subgroup K? has orderpm � 1. Then from Lagrange’s theorem each nonzero element to the power pm is theidentity. Therefore we have the result.

Lemma 16.3.4. Let K be a field of order pm. Then each ˛ 2 K is a zero of thepolynomial xpm � x. In particular if ˛ ¤ 0 then ˛ is a zero of xpm�1 � 1.

If K is a finite field of order pm, it is a finite extension of GF.p/. Since the mul-tiplicative group is cyclic we must have K D GF.p/.˛/ for some ˛ 2 K. Fromthis we obtain that for a given possible finite order there is only one finite field up toisomorphism.

Theorem 16.3.5. Let K1; K2 be finite fields with jK1j D jK2j. Then K1 Š K2.

Proof. Let jK1j D jK2j D pm. From the remarks above K1 D GF.p/.˛/ where ˛has order pm � 1 in K?

1 . Similarly K2 D GF.p/.ˇ/ where ˇ also has order pm � 1

in K?2 . Hence GF.p/.˛/ Š GF.p/.ˇ/ and therefore K1 Š K2.

In Lemma 16.3.2 we saw that if K is a finite field then jKj D pn for some primep and positive integer n. We now show that given a prime power pn there does exista finite field of that order.

Theorem 16.3.6. Let p be a prime and n > 0 a natural number. Then there exists afield K of order pn.

Proof. Given a prime p consider the polynomial g.x/ D xpn � x 2 GF.p/Œx�. LetK be the splitting field of this polynomial over GF.p/. Since a finite field is perfectK is a separable extension and hence all the zeros of g.x/ are distinct in K.

Let F be the set of pn distinct zeros of g.x/ within K. Let a; b 2 F . Since

.a˙ b/pn D apn ˙ bpn

and .ab/pn D apn

bpn


it follows that F forms a subfield ofK. However F contains all the zeros of g.x/ andsince K is the smallest extension of GF.p/ containing all the zeros of g.x/ we musthave K D F . Since F has pn elements it follows that the order of K is pn.

Combining Theorems 16.3.5 and 16.3.6 we get the following summary result indi-cating that up to isomorphism there exists one and only one finite field of order pn.

Theorem 16.3.7. Let p be a prime and n > 0 a natural number. Then up to iso-morphism there exists a unique finite field of order pn.

16.4 Separable Extensions

In this section we consider some properties of separable extensions.

Theorem 16.4.1. Let K be a field with K � L and L algebraically closed. Let˛ W K ! L be a monomorphism. Then the number of monomorphisms ˇ W K.a/ ! L

with ˇjK D ˛ is equal to the number of pairwise distinct zeros in L of the minimalpolynomial ma of a over K.

Proof. Let ˇ be as in the statement of the theorem. Then ˇ is uniquely determinedby ˇ.a/ and ˇ.a/ is a zero of the polynomial ˇ.ma.x// D ˛.ma.x//. Now let a0be a zero of ˛.ma.x// in L. Then there exists a ˇ W K.a/ ! L with ˇ.a/ D a0from Theorem 7.1.4. Therefore ˛ has exactly as many extensions ˇ as ˛.ma.x// haspairwise distinct zeros in L. The number of pairwise distinct zeros of ˛.ma.x// isequal to the number of pairwise distinct zeros of ma.x/. This can be seen as follows.Let L0 be a splitting field of ma.x/ and L1 � L a splitting field of ˛.ma.x//. FromTheorems 8.1.5 and 8.1.6 there is an isomorphism W L0 ! L1 which maps thezeros of ma.x/ onto the zeros of ˛.ma.x//.

Lemma 16.4.2. Let LjK be a finite extension with L � L and L algebraicallyclosed. In particular L D K.a1; : : : ; an/ where the ai are algebraic over K. Letki be the number of pairwise distinct zeros of the minimal polynomial mai

of ai overK.a1; : : : ; an�1/ inL. Then there are exactly k1; : : : ; kn monomorphisms ˇ W L ! L

with ˇjK D 1K .

Proof. From Theorem 16.4.1 there are exactly p1 monomorphisms ˛ W K.a1/ ! L

with ˛jK equal to the identity on K. Each such ˛ has exactly p2 extensions of theidentity on K to K.a1; a2/. We now continue in this manner.

Theorem 16.4.3. Let LjK be a field extension withM an intermediate field. If a 2 Lis separable over K then it is also separable over M .

Section 16.4 Separable Extensions 239

Proof. This follows directly from the fact that the minimal polynomial of a over Mdivides the minimal polynomial of a over K.


(1) LjK is finite and separable.

(2) There are finitely many separable elements a1; : : : ; an over K with K D K.a1;

: : : ; an/.

(3) LjK is finite and if L � L with L algebraically closed then there are exactlyŒL W K� monomorphisms ˛ W L ! L with ˛jK D 1K .

Proof. That (1) implies (2) follows directly from the definitions. We show then that(2) implies (3). Let L D K.a1; : : : ; an/ where a1; : : : ; an are separable elementsover K. The extension LjK is finite (see Theorem 5.3.4). Let pi be the number ofpairwise distinct zeros in L of the minimal polynomial mai

.x/ D fi .x/ of ai overK.a1; : : : ; ai�1/. Then pi � deg.fi / D jK.a1; : : : ; ai / W K.a1; : : : ; ai�1/j. Hencepi D deg.fi .x// since ai is separable over K.a1; : : : ; ai�1/ from Theorem 16.4.3.Therefore

ŒL W K� D p1 � � �pn

is equal to the number of monomorphisms ˛ W L ! L with ˛jK the identity on K.Finally we show that (3) implies (1). Suppose then the conditions of (3). Since

LjK is finite there are finitely many a1; : : : ; an 2 L with L D K.a1; : : : ; an/. Let pi

and fi .x/ be as in the proof above and hence pi � deg.fi .x//. By assumption wehave

ŒL W K� D p1 � � �pn

equal to the number of monomorphisms ˛ W L ! L with ˛jK the identity onK. Also

ŒL W K� D p1 � � �pn � deg.f1.x// � � � deg.fn.x// D ŒL W K�:Hence pi D deg.fi.x//. Therefore by definition each ai is separable over K.

To complete the proof we must show that LjK is separable. Inductively it sufficesto prove that K.a1/jK is separable over K whenever a1 is separable over K and notin K.

This is clear if char.K/ D 0 because K is perfect. Suppose then that char.K/ Dp > 0. First we show that K.ap

1 / D K.a1/. Certainly K.ap1 / � K.a1/. Assume that

a1 … K.ap1 /. Then g.x/ D xp � a

p1 is the minimal polynomial of a1 over K. This

follows from the fact that xp �ap1 D .x�a1/

p and hence there can be no irreduciblefactor of xp � ap

1 of the form .x � a1/m with m < p and mjp.

However it follows then in this case that g0.x/ D 0 contradicting the separabilityof a1 over K. Therefore K.a1/ D K.a

p1 /.

Let E D K.a1/ then also E D K.Ep/ where Ep is the field generated by the p-thpowers of E. Now let b 2 E D K.a1/. We must show that the minimal polynomialof b, say mb.x/, is separable over K.


Assume that mb.x/ is not separable over K. Then

mb.x/ DkX

iD0

bixpi ; bi 2 K; bk D 1

from Theorem 16.2.3. We have

b0 C b1bp C � � � C bkb

pk D 0:

Therefore the elements 1; bp; : : : ; bpk are linearly dependent overK. SinceK.a1/ DE D K.Ep/ we find that 1; b; : : : ; bk are linearly dependent also since if they wereindependent the p-th powers would also be independent. However this is not possiblesince k < deg.mb.x//. Therefore mb.x/ is separable over K and hence K.a1/jK isseparable. Altogether LjK is then finite and separable completing the proof.

Theorem 16.4.5. Let LjK be a field extension and let M be an intermediate field.Then the following are equivalent.

(1) LjK is separable.

(2) LjM and M jK are separable.

Proof. We first show that (1) ) (2): If LjK is separable then LjM is separable byTheorem 16.4.3 and M jK is separable.

Now suppose (2) and let M jK and LjM be separable. Let a 2 L and let

ma.x/ D f .x/ D b0 C � � � C bn�1xn�1 C xn

be the minimal polynomial of a over M . Then f .x/ is separable. Let

M 0 D K.b1; : : : ; bn�1/:

We have K � M 0 � M and hence M 0jK is separable since M jK is separable.Further a is separable over M 0 since f .x/ is separable and f .x/ 2 M 0Œx�. FromTheorem 16.4.1 there are m D deg.f .x// D ŒM 0.a/ W M 0� extensions of ˛ W M 0 !M with M the algebraic closure of M 0.

Since M 0jK is separable and finite there are ŒM 0 W K� monomorphisms ˛ W M 0 !M from Theorem 16.4.4. Altogether there are ŒM 0.a/ W K� monomorphisms ˛ WM 0 ! M with ˛jK the identity on K. Therefore M 0.a/jK is separable from Theo-rem 16.4.4. Hence a is separable over K and then LjK is separable. Therefore (2)implies (1).

Theorem 16.4.6. Let LjK be a field extension and let S � L such that all elementsof S are separable over K. Then K.S/jK is separable and KŒS� D K.S/.

Section 16.5 Separability and Galois Extensions 241

Proof. Let W be the set of finite subsets of S . Let T 2 W . From Theorem 16.4.4 weobtain that K.T /jK is separable. Since each element of K.S/ is contained in someK.T / we have that K.S/jK is separable. Since all elements of S are algebraic wehave that KŒS� D K.S/,

Theorem 16.4.7. Let LjK be a field extension. Then there exists in L a uniquelydetermined maximal field M with the property that M jK is separable. If a 2 L isseparable over M then a 2 M . M is called the separable hull of K in L.

Proof. Let S be the set of all elements in L which are separable over K. DefineM D K.S/. Then M jK is separable from Theorem 16.4.6. Now, let a 2 L beseparable overM . ThenM.a/jM is separable from Theorem 16.4.4. FurtherM.a/jKis separable from Theorem 16.4.5. It follows that a 2 M .

16.5 Separability and Galois Extensions

We now completely characterize Galois extensions LjK as finite, normal, separableextensions.


(1) LjK is a Galois extension.

(2) L is the splitting field of a separable polynomial in KŒx�.

(3) LjK is finite, normal and separable.

Therefore we may characterize Galois extensions of a field K as finite, normal andseparable extensions of K.

Proof. Recall from Theorem 8.2.2 that an extension LjK is normal if

(1) Ljk is algebraic and

(2) each irreducible polynomial f .x/ 2 KŒx� that has a zero in L splits into linearfactors in LŒx�.

Now suppose that LjK is a Galois extension. Then LjK is finite from Theo-rem 15.4.1. Let L D K.b1; : : : ; bm/ and mbi

.x/ D fi .x/ be the minimal polynomialof bi over K. Let ai1 ; : : : ; ain be the pairwise distinct elements from

Hi D ¹˛.bi / W ˛ 2 Aut.LjK/º:Define

gi .x/ D .x � ai1/ � � � .x � ain/ 2 LŒx�:

If ˛ 2 Aut.LjK/ then ˛.gi / D gi since ˛ permutes the elements of Hi . This meansthat the coefficients of gi .x/ are in Fix.L;Aut.LjK// D K. Further gi .x/ 2 KŒx�


because bi is one of the aij and fi .x/jgi .x/. The group Aut.LjK/ acts transitively on¹ai1

; : : : ; ainº by the choice of ai1 ; : : : ; ain . Therefore each gi .x/ is irreducible (see

Theorem 15.2.4). It follows that fi .x/ D gi .x/. Now fi .x/ has only simple zerosin L, that is no zero has multiplicity � 2 and hence fi .x/ splits over L. ThereforeL is a splitting field of f .x/ D f1.x/ � � �fm.x/ and f .x/ is separable by definition.Hence (1) implies (2).

Now suppose that L is a splitting field of the separable polynomial f .x/ 2 KŒx�

and LjK is finite. From Theorem 16.4.4 we get that LjK is separable since L DK.a1; : : : ; an/ with each ai separable over K. Therefore LjK is normal from Defini-tion 8.2.1. Hence (2) implies (3).

Finally suppose that LjK is finite, normal and separable. Since LjK is finite andseparable from Theorem 16.4.4 there exist exactly ŒL W K� monomorphisms ˛ W L !L, L the algebraic closure of L, with ˛jK the identity on K. Since LjK is normalthese monomorphisms are already automorphisms of L from Theorem 8.2.2. HenceŒL W K� � jAut.LjK/j. Further jL W Kj � jAut.LjK/j from Theorem 15.4.3.Combining these we have ŒL W K� D Aut.LjK/ and hence LjK is a Galois extensionfrom Theorem 15.4.9. Therefore (3) implies (1) completing the proof.

Recall that any field of characteristic 0 is perfect and therefore any finite extensionis separable. Applying this to Q implies that the Galois extensions of the rationals areprecisely the splitting fields of polynomials.

Corollary 16.5.2. The Galois extensions of the rationals are precisely the splittingfields of polynomials in QŒx�.

Theorem 16.5.3. Let LjK be a finite, separable field extension. Then there exists anextension field M of L such that M jK is a Galois extension.

Proof. Let L D K.a1; : : : ; an/ with all ai separable over K. Let fi .x/ be the mini-mal polynomial of ai overK. Then each fi .x/ and hence also f .x/Df1.x/ � � �fn.x/

is separable over K. Let M be the splitting field of f .x/ over K. Then M jK is aGalois extension from Theorem 16.5.1.

Example 16.5.4. Let K D Q be the rationals and let f .x/ D x4 � 2 2 QŒx�. FromChapter 8 we know that L D Q. 4

p2; i/ is a splitting field of f .x/. By the Eisenstein

criteria f .x/ is irreducible and ŒL W Q� D 8. Moreover

4p2; i

4p2; � 4

p2; �i 4

p2

are the zeros of f .x/. Since the rationals are perfect, f .x/ is separable. LjK is aGalois extension by Theorem 16.5.1. From the calculations in Chapter 15 we have

jAut.LjK/j D jAut.L/j D ŒL W K� D 8:

Section 16.5 Separability and Galois Extensions 243

Let

G D Aut.LjK/ D Aut.LjQ/ D Aut.L/:

We want to determine the subgroup lattice of the Galois group G. We show G Š D4

the dihedral group of order 8. Since there are 4 zeros of f .x/ and G permutes theseG must be a subgroup of S4 and since the order is 8, G is a 2-Sylow subgroup of S4.From this we have that

G D h.2; 4/; .1; 2; 3; 4/i:

If we let � D .2; 4/ and D .1; 2; 3; 4/ we get the isomorphism between G and D4.From Theorem 14.1.1 we know that D4 D hr; f I r4 D f 2 D .rf /2 D 1i.

This can also be seen in the following manner. Let

a1 D 4p2; a2 D i

4p2; a3 D � 4

p2; a4 D �i 4

p2:

Let ˛ 2 G. ˛ is determined if we know ˛.4p2/ and ˛.i/. The possibilities for ˛.i/

are i or �i that is the zeros of x2 C 1.The possibilities for 4

p2 are the 4 zeros of f .x/ D x4 � 2. Hence we have 8

possibilities for ˛. These are exactly the elements of the group G. We have ı; � 2 Gwith

ı.4p2/ D i

4p2; ı.i/ D i

and

�.4p2/ D 4

p2; �.i/ D �i:

It is straightforward to show that ı has order 4, � has order 2 and ı� has order 2. Thesedefine a group of order 8 isomorphic to D4 and since G has 8 elements this must beall of G.

We now look at the subgroup lattice of G and then the corresponding field lattice.Let ı and � be as above. Then G has 5 subgroups of order 2

¹1; ı2º; ¹1; �º; ¹1; ı�º; ¹1; ı2�º; ¹1; ı3�º:

Of these only ¹1; ı2º is normal in G.G has 3 subgroups of order 4

¹1; ı; ı2; ı3º; ¹1; ı2; �; �ı2º; ¹1; ı2; ı�; ı3�º

and all are normal since they all have index 2.


Hence we have the following subgroup lattice:

From this we construct the lattice of fields and intermediate fields. Since there are10 proper subgroups of G, from the fundamental theorem of Galois theory there are10 intermediate fields in LjQ namely the fix fields Fix.L;H/ where H is a propersubgroup of G. In the identification the extension field corresponding to the wholegroup G is the ground field Q (recall that the lattice of fields is the inverted latticeof the subgroups), while the extension field corresponding to the identity is the wholefield L. We now consider the other proper subgroups. Let ı; � be as before.

(1) Consider M1 D Fix.L; ¹1; �º/. Now ¹1; �º fixes Q. 4p2/ elementwise so that

Q. 4p2/ � M1. Further ŒL W M1� D j¹1; �ºj D 2 and hence ŒL W Q. 4

p2/� D 2.

Therefore M1 D Q. 4p2/.

(2) Consider M2 D Fix.L; ¹1; �ıº/. We have

�ı.4p2/ D �.i

4p2/ D �i 4

p2

�ı.i4p2/ D �.� 4

p2/ D � 4

p2

�ı.� 4p2/ D �.�i 4

p2/ D i

4p2

�ı.�i 4p2/ D �.

4p2/ D 4

p2:

It follows that �ı fixes .1 � i/ 4p2 and hence M2 D Q..1 � i/ 4

p2/.

(3) ConsiderM3 D Fix.L; ¹1; �ı2º. The map �ı2 interchanges a1 and a3 and fixesa2 and a4. Therefore M3 D Q.i 4

p2/.

Section 16.6 The Primitive Element Theorem 245

In an analogous manner we can then consider the other 5 proper subgroups andcorresponding intermediate fields. If we let b1 D .1� i/ 4

p2 and b2 D .1C i/

4p2 we

get the following lattice of fields and subfields.

16.6 The Primitive Element Theorem

In this section we describe finite separable field extensions as simple extensions. Iffollows that a Galois extension is always a simple extension.

Theorem 16.6.1 (primitive element theorem). Let L D K.1; : : : ; n/ and supposethat each i is separable over K. Then there exists a 0 2 L such that L D K.0/.The element 0 is called a primitive element.

Proof. Suppose first that K is a finite field. Then L is also a finite field and thereforeL? D h0i is cyclic. Therefore L D K.0/ and the theorem is proved if K is a finitefield.

Now suppose that K is infinite. Inductively it suffices to prove the theorem forn D 2. Hence let ˛; ˇ 2 L be separable over K. We must show that there exists a 2 L with K.˛; ˇ/ D K./.

Let L be the splitting field of the polynomial m˛.x/mˇ .x/ over L where m˛.x/;

mˇ .x/ are respectively the minimal polynomials of ˛; ˇ over K. In LŒx� we have

m˛.x/ D .x � ˛1/.x � ˛2/ � � � .x � ˛s/ with ˛ D ˛1

mˇ .x/ D .x � ˇ1/.x � ˇ2/ � � � .x � ˇt / with ˇ D ˇ1:

By assumption the ˛i and the j are respectively pairwise distinct.For each pair .i; j / with 1 � i � s, 2 � j � t the equation

˛1 C zˇ1 D ˛i C z j


has exactly one solution z 2 L since j � ˇ1 ¤ 0 if j � 2. Since K is infinite thereexists a c 2 K with

˛1 C cˇ1 ¤ ˛i C c j

for all i; j with 1 � i � s, 2 � j � t . With such a value c 2 K we define

D ˛ C cˇ D ˛1 C cˇ1:

We claim that K.˛; ˇ/ D K./. It suffices to show that ˇ 2 K./ for then ˛ D � cˇ 2 K./. This implies that K.˛; ˇ/ � K./ and since 2 K.˛; ˇ/ it followsthat K.˛; ˇ/ D K./.

To show that ˇ 2 K./ we first define f .x/ D m˛. � cx/ and let d.x/ Dgcd.f .x/;mˇ .x//. We may assume that d.x/ is monic. We show that d.x/ D x�ˇ.Then ˇ 2 K./ since d.x/ 2 K./Œx�.

Assume first that d.x/ D 1. Then gcd.f .x/;mˇ .x// D 1 and f .x/ andmˇ .x/ arealso relatively prime in LŒx�. This is a contradiction since f .x/ and mˇ .x/ have thecommon zero ˇ 2 L and hence the common divisor x � ˇ.

Therefore d.x/ ¤ 1 so deg.d.x// � 1.The polynomial d.x/ is a divisor ofmˇ .x/ and hence d.x/ splits into linear factors

of the form x � j , 1 � j � t in LŒx�. The proof is completed if we can show thatno linear factor of the form x � j with 2 � j � t is a divisor of f .x/. That is, wemust show that f . j / ¤ 0 in L if j � 2.

Now f . j / D m˛. � c j / D m˛.˛1 C cˇ1 � c j /. Suppose that f . j / D 0 forsome j � 2. This would imply that ˛i D ˛1Ccˇ1�c j , that is, ˛1Ccˇ1 D j Cc j

for j � 2. This contradicts the choice of the value c. Therefore f . j / ¤ 0 if j � 2


In the above theorem it is sufficient to assume that n�1 of 1; : : : ; n are separableover K. The proof is similar. We only need that the ˇ1; : : : ; ˇt are pairwise distinctif ˇ is separable over K to show that K.˛; ˇ/ D K./ for some 2 L.

If K is a perfect field then every finite extension is separable. Therefore we get thefollowing corollary.

Corollary 16.6.2. Let LjK be a finite extension with K a perfect field. Then L DK./ for some 2 L.

Corollary 16.6.3. Let LjK be a finite extension with K a perfect field. Then thereexist only finitely many intermediate fields E with K � E � L.

Proof. Since K is a perfect field we have L D K./ for some 2 L. Let m� .x/ 2KŒx� be the minimal polynomial of overK and let L be the splitting field ofm� .x/

over K. Then LjK is a Galois extension and hence there are only finitely manyintermediate fields between K and L. Therefore also only finitely many between Kand L.


Suppose that LjK is algebraic. Then in general L D K./ for some 2 L if andonly if there exist only finitely many intermediate fields E with K � E � L.

This condition on intermediate fields implies that LjK is finite if LjK is algebraic.Hence we have proved this result in the case that K is perfect. The general case isdiscussed in the book of S. Lang [8].

16.7 Exercises

1. Let f .x/ D x4 � 8x3 C 24x2 � 32x C 14 2 QŒx� and let v 2 C be a zero of f .Let ˛ WD v.4 � v/ and K a splitting field of f over Q. Show:

(i) f is irreducible over Q and f .x/ D f .4 � x/.(ii) There is exactly one automorphism of Q.v/ with .v/ D 4 � v.

(iii) L WD Q.˛/ is the Fix field of and jL W Qj D 2.

(iv) Determine the minimal polynomial of ˛ over Q and determine ˛.

(v) jQ.v/ W Lj D 2 and determine the minimal polynomial of v over L anddetermine v and all other zeros of f .x/.

(vi) Determine the degree of jK W Qj.(vii) Determine the structure of Aut.KjQ/.

2. Let LjK be a field extension and f 2 KŒx� a separable polynomial. Let Z bea splitting field of f over L and Z0 a splitting field of f over K. Show thatAut.ZjL/ is isomorphic to a subgroup of Aut.Z0jK/.

3. Let LjK be a field extension and v 2 L. For each element c 2 K it isK.vC c/ DK.v/. For c ¤ 0 it is K.cv/ D K.v/.

4. Let v D p2C p

3 and let K D Q.v/. Show thatp2 and

p3 are presentable as a

Q-linear combination of 1; v; v2; v3. Conclude that K D Q.p2;

p3/.

5. Let L be the splitting field of x3 � 5 over Q in C. Determine a primitive elementt of L over Q.

Chapter 17

Applications of Galois Theory

17.1 Applications of Galois Theory

As we mentioned in Chapter 1 Galois theory was originally developed as part of theproof that polynomial equations of degree 5 or higher over the rationals cannot besolved by formulas in terms of radicals. In this chapter we do this first and prove theinsolvability of the quintic by radicals. To do this we must examine in detail what wecall radical extensions.

We then return to some geometric material we started in Chapter 6. There usinggeneral field extensions we proved the impossibility of certain geometric compassand straightedge constructions. Here we use Galois theory to consider constructiblen-gons.

Finally we will use Galois theory to present a proof of the fundamental theoremof algebra which says essentially that the complex number field C is algebraicallyclosed.

17.2 Field Extensions by Radicals

We would like to use Galois theory to prove the insolvability by radicals of polynomialequations of degree 5 or higher. To do this we must introduce extensions by radicalsand solvability by radicals.

Definition 17.2.1. Let LjK be a field extension.

(1) Each zero of a polynomial xn � a 2 KŒx� in L is called a radical (over K). Wedenote it by n

pa (if a more detailed identification is not necessary).

(2) L is called a simple extension of K by a radical ifL D K. npa/ for some a 2 K.

(3) L is called an extension of K by radicals if there is a chain of fields

K D L0 � L1 � � � � � Lm D L

such that each Li is a simple extension of Li�1 by a radical for each i D1; : : : ; m.

(4) Let f .x/ 2 KŒx�. Then the equation f .x/ D 0 is solvable by radicals or justsolvable if the splitting field of f .x/ over K is contained in an extension of Kby radicals.

Section 17.2 Field Extensions by Radicals 249

In proving the insolvability of the quintic we will look for necessary and sufficientconditions for the solvability of polynomial equations. Our main result will be that iff .x/ 2 KŒx� then f .x/ D 0 is solvable over K if the Galois group of the splittingfield of f .x/ over K is a solvable group (see Chapter 11).

In the remainder of this section we assume that all fields have characteristic zero.The next theorem gives a characterization of simple extensions by radicals.

Theorem 17.2.2. Let LjK be a field extension and n 2 N. Assume that the polyno-mial xn � 1 splits into linear factors in KŒx� so that K contains all the n-th roots ofunity. Then L D K. n

pa/ for some a 2 K if and only if L is a Galois extension over

K and Aut.LjK/ D Z=mZ for some m 2 N with mjn.

Proof. The n-th roots of unity, that is the zeros of the polynomial xn � 1 2 KŒx�,form a cyclic multiplicative group F � K? of order n since each finite subgroup ofthe multiplicative groupK? ofK is cyclic and jF j D n. We call an n-th root of unity! primitive if F D h!i.

Now let L D K. npa/ with a 2 K, that is, L D K.ˇ/ with ˇn D a 2 K. Let ! be

a primitive n-th root of unity. With this ˇ the elements !ˇ; !2ˇ; : : : ; !nˇ D ˇ arezeros of xn � a. Hence the polynomial xn � a splits into linear factors over L andhence L D K.ˇ/ is a splitting field of xn � a over K. It follows that LjK is a Galoisextension.

Let 2 Aut.LjK/. Then .ˇ/ D !�ˇ for some 0 < � � n. The element !� isuniquely determined by and we may write !� D ! .

Consider the map � W Aut.LjK/ ! F given by ! ! where ! is defined asabove by .ˇ/ D !ˇ. If �; 2 Aut.LjK/ then

�.ˇ/ D .!� / .ˇ/ D !�!ˇ

because !� 2 K.Therefore �. �/ D �. /�.�/ and hence � is a homomorphism. The kernel ker.�/

contains all the K-automorphisms of L for which .ˇ/ D ˇ. However since K DK.ˇ/ it follows that ker.�/ contains only the identity. The Galois group Aut.LjK/ istherefore isomorphic to a subgroup of F . Since F is cyclic of order n we have thatAut.LjK/ is cyclic of order m for some mjn completing one way in the theorem.

Conversely first suppose that LjK is a Galois extension with Aut.LjK/ D Zn acyclic group of order n. Let be a generator of Aut.LjK/. This is equivalent to

Aut.LjK/ D ¹ ; 2; : : : ; n D 1º:Let ! be a primitive n-th root of unity. Then by assumption ! 2 K, .!/ D !

and F D ¹!;!2; : : : ; !n D 1º. Further the pairwise distinct automorphism � ,� D 1; 2; : : : ; n, of L are linearly independent, that is there exists an � 2 L such that

! ? � DnX

�D1

!� �.�/ ¤ 0:

250 Chapter 17 Applications of Galois Theory

The element ! ?� is called the Lagrange resolvent of ! by �. We fix such an element� 2 L. Then we get, since .!/ D !,

.! ? �/ DnX

�D1

!� �C1.�/ D !�1nX

�D1

!�C1 �C1.�/ D !�1nC1X

�D2

!� �.�/

D !�1nX

�D1

!� �.�/ D !�1.! ? �/:

Further �.! ?�/ D !��.! ?�/, � D 1; 2; : : : ; n. Hence the onlyK-automorphismof L which fixes ! ? � is the identity. Therefore Aut.LjK.! ? �// D ¹1º and henceL D K.! ? �/ by the fundamental theorem of Galois theory.

Further

..! ? �/n/ D . .! ? �//n D .!�1.! ? �//n D !�n.! ? �/n D .! ? �/n:

Therefore .! ? �/n 2 Fix.L;Aut.LjK// D K again from the fundamental theoremof Galois theory. If a D .! ? �/n 2 K then first a 2 K and second L D K. n

pa/ D

K.! ? �/. This proves the result in the case where m D n. We now use this to proveit in general.

Suppose that LjK is a Galois extension with Aut.LjK/ D Zm a cyclic group oforder m where n D qm for some q � 1. If n D qm then L D K.

mpb/ for some

b 2 K by the above argument. Hence L D K.ˇ/ with ˇm 2 K. Then certainlya D ˇn D .ˇm/q 2 K and therefore L D K.ˇ/ D K. n

pa/ for some a 2 K

completing the general case.

We next show that every extension by radicals is contained in a Galois extension byradicals.

Theorem 17.2.3. Each extension L of K by radicals is contained in a Galois exten-sion QL of K by radicals. This means that there is an extension QL of K by radicalswith L � QL and QLjK is a Galois extension.

Proof. We use induction on the degree m D ŒL W K�. Suppose that m D 1. IfL D K. n

pa/ then if ! is a primitive n-th root of unity define QK D K.!/ and QL D

QK. npa/. We then get the chain K � QK � QL with L � QL and QLjK is a Galois

extension. This last statement is due to the fact that QL is the splitting field of thepolynomial xn � a 2 KŒx� over K. Hence the theorem is true if m D 1.

Now suppose that m � 2 and suppose that the theorem is true for all extensions Fof K by radicals with ŒF W K� < m.

Since m � 2 by the definition of extension by radicals there exists a simple exten-sion LjE by a radical. That is there exists a field E with

K � E � L; ŒL W E� � 2

Section 17.2 Field Extensions by Radicals 251

and L D E. npa/ for some a 2 E; n 2 N. Now ŒE W K� < m so be the inductive

hypothesis there exists a Galois extension by radicals QE of K with E � QE. Let G DAut. QEjK/ and let QL be the splitting field of the polynomial f .x/ D ma.x

n/ 2 KŒx�over QE where ma.x/ is the minimal polynomial of a over K. We show that QL has thedesired properties.

Now npa 2 L is a zero of the polynomial f .x/ and E � QE � QL. Therefore QL

contains an E-isomorphic image of L D K. npa/ and hence we may consider QL as an

extension of L.Since QE is a Galois extension of K the polynomial f .x/ may be factored as

f .x/ D .xn � ˛1/ � � � .xn � ˛s/

with ˛i 2 QE for i D 1; : : : ; s. All zeros of f .x/ in QL are radicals over QE. ThereforeQL is an extension by radicals of QE. Since QE is also an extension by radicals of K weobtain that QL is an extension by radicals of K.

Since QE is a Galois extension ofK we have that QE is a splitting field of a polynomialg.x/ 2 KŒx�. Further QL is a splitting field of f .x/ 2 KŒx� over QE. Altogether thenwe have that QL is a splitting field of f .x/g.x/ 2 KŒx� over K. Therefore QL is aGalois extension of K completing the proof.

We will eventually show that a polynomial equation is solvable by radicals if andonly if the corresponding Galois group is a solvable group. We now begin to findconditions where the Galois group is solvable.

Lemma 17.2.4. Let K D L0 � L1 � � � � � Lr D L be a chain of fields such thatthe following hold:

(i) L is a Galois extension of K.

(ii) Lj is a Galois extension of Lj�1 for j D 1; : : : ; r .

(iii) Gj D Aut.Lj jLj�1/ is abelian for j D 1; : : : ; r .

Then G D Aut.LjK/ is solvable.

Proof. We prove the lemma by induction on r . If r D 0 then G D ¹1º and there isnothing to prove. Suppose then that r � 1 and assume that the lemma holds for allsuch chains of fields with a length r 0 < r . Since L1jK is a Galois extension thenAut.L1jK/ is a normal subgroup of G by the fundamental theorem of Galois theoryand further

G1 D Aut.L1jK/ D G=Aut.LjL1/:

Since G1 is an abelian group it is solvable and by assumption Aut.LjL1/ is solvable.Therefore G is solvable (see Theorem 12.2.4).

Lemma 17.2.5. Let LjK be a field extension. Let QK and QL be the splitting fields ofthe polynomial xn � 1 2 KŒx� over K and L respectively. Since K � L we haveQK � QL. Then the following hold:


(1) If 2 Aut. QLjL/ then j QK 2 Aut. QKjK/ and the map

Aut. QLjL/ ! Aut. QKjK/ given by 7! j QKis an injective homomorphism.

(2) Suppose that in addition LjK is a Galois extension. Then QLjK is also a Galoisextension. If further 2 Aut. QLj QK/ then jL 2 Aut.LjK/ and

Aut. QLj QK/ ! Aut.LjK/ given by 7! jL

is an injective homomorphism.

Proof. (1) Let ! be a primitive n-th root of unity. Then QK D K.!/ and QL D L.!/.Each 2 Aut. QLjL/ maps ! onto a primitive n-th root of unity and fixes K � L

elementwise. Hence from 2 Aut. QLjL/ we get that j QK 2 Aut. QKjK/. Certainly

the map 7! j QK defines a homomorphism Aut. QLjL/ ! Aut. QKjK/. Let j QK D 1

with 2 Aut. QLjL/. Then .!/ D ! and therefore we have already that D 1 sinceQL D L.!/.

(2) IfL is the splitting field of a polynomial g.x/ overK then QL is the splitting fieldof g.x/.xn � 1/ over K. Hence QLjK is a Galois extension. Therefore K � L � QLand LjK; QLjL and QLjK are all Galois extensions. Therefore from the fundamentaltheorem of Galois theory

Aut.LjK/ D ¹ jLI 2 Aut. QLjK/º:In particular jL 2 Aut.LjK/ if 2 Aut. QLj QK/. Certainly the map Aut. QLj QK/ !Aut.LjK/ given by 7! jL is a homomorphism. From 2 Aut. QLj QK/ we get that .!/ D ! where as above ! is a primitive n-th root of unity. Therefore if jL D 1

then already D 1 since QL D L.!/. Hence the map is injective.

17.3 Cyclotomic Extensions

Very important in the solvability by radicals problem are the splitting fields of thepolynomials xn � 1 over Q. These are called cyclotomic fields.

Definition 17.3.1. The splitting field of the polynomial xn � 1 2 QŒx� with n � 2 iscalled the n-th cyclotomic field denoted kn.

We have kn D Q.!/ where ! is a primitive n-th root of unity, for example ! De

2�in over Q. knjQ is a Galois extension and the Galois group Aut.knjQ/ is the set

of automorphisms m W ! ! !m with 1 � m � n and gcd.m; n/ D 1.To understand this group G we need the following concept. A prime residue class

mod n is a residue class a C nZ with gcd.a; n/ D 1. The set of the prime residue

Section 17.4 Solvability and Galois Extensions 253

classes mod n is just the set of invertible elements with respect to multiplication ofthe Z=nZ. This forms a multiplicative group that we denote by .Z=nZ/? D Pn. Wehave jPnj D �.n/ where �.n/ is the Euler phi-function.

If G D Aut.knjQ/ then clearly G Š Pn under the map m 7! mC nZ.If n D p is a prime number then G D Aut.knjQ/ is cyclic with jGj D p � 1.If n D p2 then jGj D jAut.kp2 jQ/j D p.p � 1/ since

xp2�1

x � 1x � 1xp � 1 D xp.p�1/ C xp.p�1/�1 C � � � C 1

and each primitive p-th root of unity is a zero of this polynomial.

Lemma 17.3.2. Let K be a field and QK be the splitting field of xn � 1 over K. ThenAut. QKjK/ is abelian.

Proof. We apply Lemma 17.2.5 for the field extension KjQ. This can be done sincethe characteristic ofK is zero and Q is the prime field ofK. It follows that Aut. QKjK/is isomorphic to a subgroup of Aut. QQjQ/ from part (1) of Lemma 17.2.5. But QQ D kn

and hence Aut. QQjQ/ is abelian. Therefore Aut. QKjK/ is abelian.

17.4 Solvability and Galois Extensions

In this section we prove that solvability by radicals is equivalent to the solvability ofthe Galois group.

Theorem 17.4.1. Let LjK be a Galois extension of K by radicals. Then G DAut.LjK/ is a solvable group.

Proof. Suppose that LjK is a Galois extension. Then we have a chain of fields

K D L0 � L1 � � � � � Lr D L

such that Lj D Lj�1.njpaj / for some aj 2 Lj . Let n D n1 � � �nr and let QLj be

the splitting field of the polynomial xn � 1 2 KŒx� over Lj for each j D 0; 1; : : : ; r .Then QLj D QLj�1.

njpaj / and we get the chain

K � QK D QL0 � QL1 � � � � � QLr D QL:From part (2) of Lemma 17.2.5 we get that QLjK is a Galois extension. FurtherQLj j QLj�1 is a Galois extension with Aut. QLj j QLj�1/ cyclic from Theorem 17.2.2. Espe-cially Aut. QLj j QLj�1/ is abelian. The group Aut. QKjK/ is abelian from Lemma 17.3.2.Therefore we may apply Lemma 17.2.4 to the chain

K � QK D QL0 � � � � � QLr D QL:


Therefore QG D Aut. QLjK/ is solvable. The group G D Aut.LjK/ is a homomorphicimage of QG from the fundamental theorem of Galois theory. Since homomorphicimages of solvable groups are still solvable (see Theorem 12.2.3) it follows that G issolvable.

Lemma 17.4.2. Let LjK be a Galois extension and suppose that G D Aut.LjK/ issolvable. Assume further thatK contains all q-th roots of unity for each prime divisorq of m D ŒL W K�. Then L is an extension of K by radicals.

Proof. Let LjK be a Galois extension and suppose that G D Aut.LjK/ is solvableand assume that K contains all the q-th roots of unity for each prime divisor q ofm D ŒL W K�. We prove the result by induction on m.

If m D 1 then L D K and the result is clear. Now suppose that m � 2 and assumethat the result holds for all Galois extensions L0jK 0 with ŒL0 W K 0� < m. Now G DAut.LjK/ is solvable and G is nontrivial since m � 2. Let q be a prime divisor of m.From Lemma 12.2.2 and Theorem 13.3.5 it follows that there is a normal subgroupH of G with G=H cyclic of order q. Let E D Fix.L;H/. From the fundamentaltheorem of Galois theory EjK is a Galois extension with Aut.EjK/ Š G=H andhence Aut.EjK/ is cyclic of order q. From Theorem 17.2.2EjK is a simple extensionof K by a radical. The proof is completed if we can show that L is an extension of Eby radicals.

The extension LjE is a Galois extension and the group Aut.LjE/ is solvable sinceit is a subgroup of G D Aut.LjK/. Each prime divisor p of ŒL W E� is also a primedivisor of m D ŒL W K� by the degree formula. Hence as an extension of K the fieldE contains all the p-th roots of unity. Finally

ŒL W E� D ŒL W K�ŒE W K� D m

q< m:

Therefore LjE is an extension of E by radicals from the inductive assumption com-pleting the proof.

17.5 The Insolvability of the Quintic

We are now able to prove the insolvability of the quintic. This is one of the mostimportant applications of Galois theory. As we mentioned we do this by equating thesolvability of a polynomial equation by radicals to the solvability of the Galois groupof the splitting field of this polynomial.

Theorem 17.5.1. Let K be a field of characteristic 0 and let f .x/ 2 KŒx�. Supposethat L is the splitting field of f .x/ over K. Then the polynomial equation f .x/ D 0

is solvable by radicals if and only if Aut.LjK/ is solvable.

Section 17.5 The Insolvability of the Quintic 255

Proof. Suppose first that f .x/ D 0 is solvable by radicals. Then L is contained inan extension L0 of K by radicals. Hence L is contained in a Galois extension QL ofK by radicals from Theorem 17.2.3. The group QG D Aut. QLjK/ is solvable fromTheorem 17.4.1. Further LjK is a Galois extension. Therefore the Galois groupAut.LjK/ is solvable as a subgroup of QG.

Conversely suppose that the group Aut.LjK/ is solvable. Let q1; : : : ; qr be theprime divisors of m D ŒK W K� and let n D q1 � � � qr . Let QK and QL be the splittingfields of the polynomial xn � 1 2 KŒx� over K and L respectively. We have QK � QL.From part (2) of Lemma 17.2.5 we have that QLjK is a Galois extension and Aut. QLj QK/is isomorphic to a subgroup of Aut.LjK/. From this we first obtain that Œ QL W QK� DjAut. QLj QK/j is a divisor of ŒL W K� D jAut.LjK/j. Hence each prime divisor q ofŒ QL W QK� is also a prime divisor of ŒL W K�. Therefore QL is an extension by radicalsof QK by Lemma 17.4.2. Since QK D K.!/ where ! is a primitive n-th root of unitywe obtain that QL is also an extension ofK by radicals. Therefore L is contained in anextension QL of K by radicals and therefore f .x/ D 0 is solvable by radicals.

Corollary 17.5.2. Let K be a field of characteristic 0 and let f .x/ 2 KŒx� be apolynomial of degree m with 1 � m � 4. Then the equation f .x/ D 0 is solvable byradicals.

Proof. Let L be the splitting field of f .x/ over K. The Galois group Aut.LjK/ isisomorphic to the subgroup of the symmetric group Sm. Now the group S4 is solvablevia the chain

¹1º � Z2 � D2 � A4 � S4

where Z2 is the cyclic group of order 2 and D2 is the Klein 4-group which is iso-morphic to Z2 � Z2. Because Sm � S4 for 1 � m � 4 it follows that Aut.LjK/ issolvable. From Theorem 17.5.1 the equation f .x/ D 0 is solvable by radicals.

Corollary 17.5.2 uses the general theory to show that any polynomial equation ofdegree less than or equal to 4 is solvable by radicals. This however does not provideexplicit formulas for the solutions. We present these below.

Let K be a field of characteristic 0 and let f .x/ 2 KŒx� be a polynomial of degreem with 1 � m � 4.

Case (1): If deg.f .x// D 1 then f .x/ D axC b with a; b 2 K and a ¤ 0. A zerois then given by k D �b

a.

Case (2): If deg.f .x// D 2 then f .x/ D ax2 C bx C c with a; b; c 2 K anda ¤ 0. The zeros are then given by the quadratic formula

k D �b ˙ pb2 � 4ac2a

:

We note that the quadratic formula holds over any field of characteristic not equal to 2.Whether there is a solution within the field K then depends on whether b2 � 4ac hasa square root within K.


For the cases of degrees 3 and 4 we have the general forms of what are known asCardano’s formulas.

Case (3): If deg.f .x// D 3 then f .x/ D ax3 C bx2 C cxC d with a; b; c; d 2 Kand a ¤ 0. Dividing through by a we may assume without loss of generality thata D 1.

By a substitution x D y � b3

the polynomial is transformed into

g.y/ D y3 C py C q 2 KŒy�:

Let L be the splitting field of g.y/ over K and let ˛ 2 L be a zero of g.y/ so that

˛3 C p˛ C q D 0:

If p D 0 then ˛ D 3p�q so that g.y/ has the three zeros

3p�q; ! 3

p�q; !2 3p�q

where ! is a primitive third root of unity, !3 D 1 with ! ¤ !2.Now let p ¤ 0 and let ˇ be a zero of x2 � ˛x � p

3in a suitable extension L0 of L.

We have ˇ ¤ 0 since p ¤ 0. Hence ˛ D ˇ � p3ˇ

. Putting this into the transformedcubic equation

˛3 C p˛ C q D 0

we get

ˇ3 � p3

27ˇ3C q D 0:

Define D ˇ3 and ı D .�p3ˇ/3 so that

C ı C q D 0:

Then

2 C q ��

p

3

�3

D 0 and � p3

27ıC ı C q D 0 and ı2 C qı �

�

p

3

�3

D 0:

Hence the zeros of the polynomial

x2 C qx ��

p

3

�3

are

; ı D �q2

˙s

�

q

2

�2

C�

p

3

�3

:

Section 17.5 The Insolvability of the Quintic 257

If we have D ı then both are equal to �q2

ands

�

q

2

�2

C�

p

3

�3

D 0:

Then from the definitions of ; ı we have D ˇ3 and ı D .�p3ˇ/3. From above

˛ D ˇ � p3ˇ

. Therefore we get ˛ by finding the cube roots of and ı.There are certain possibilities and combinations with these cube roots but because

of the conditions the cube roots of and ı are not independent. We must satisfy thecondition

3p

3p

ı D ˇ�p3ˇ

D �p3:

Therefore we get the final result:The zeros of g.y/ D y3 C py C q with p ¤ 0 are

uC v; !uC !2v; !2uC !v

where ! is a primitive third root of unity and

u D 3

v

u

u

t�q2

Cs

�

q

2

�2

C�

p

3

�3

and v D 3

v

u

u

t�q2

�s

�

q

2

�2

C�

p

3

�3

:

The above is known as the cubic formula or Cardano’s formula.Case (4): If deg.f .x// D 4 then f .x/ D ax4 C bx3 C cx2 C dx C e with

a; b; c; d; e 2 K and a ¤ 0. Dividing through by a we may assume without loss ofgenerality that a D 1.

By a substitution x D y � b4a the polynomial f .x/ is transformed into

g.y/ D y4 C py2 C qy C r:

The zeros of g.y/ are

y1 D 1

2.p˛1 C p

˛2 C p˛3/

y2 D 1

2.p˛1 � p

˛2 � p˛3/

y3 D 1

2.�p

˛1 C p˛2 � p

˛3/

y4 D 1

2.�p

˛1 � p˛2 C p

˛3/

where ˛1; ˛2; ˛3 are the zeros of the cubic polynomial

h.z/ D z3 C 2pz C .p2 � 4r/z � q2 2 QŒz�:


The polynomial h.z/ is called the cubic resolvent of g.y/. For a detailed proof of thecase where m D 4 see [8].

The following theorem is due to Abel and shows the insolvability of the generaldegree 5 polynomial over the rationals Q.

Theorem 17.5.3. LetL be the splitting field of the polynomial f .x/ D x5�2x4C2 2QŒx� over Q. Then Aut.LjK/ D S5 the symmetric group on 5 letters. Since S5 is notsolvable the equation f .x/ D 0 is not solvable by radicals.

Proof. The polynomial f .x/ is irreducible over Q by the Eisenstein criterion. Furtherf .x/ has five zeros in the complex numbers C by the fundamental theorem of algebra(see Section 17.7). We claim that f .x/ has exactly 3 real zeros and 2 nonreal zeroswhich then necessarily are complex conjugates. In particular the 5 zeros are pairwisedistinct.

To see the claim notice first that f .x/ has at least 3 real zeros from the intermediatevalue theorem. As a real function f .x/ is continuous and f .�1/ D �1 < 0 andf .0/ D 2 > 0 so it must have a real zero between �1 and 0. Further f .3

2/ D

�813< 0 and f .2/ D 2 > 0. Hence there must be distinct real zeros between 0

and 32

and between 32

and 2. Suppose that f .x/ has more than 3 real zeros. Thenf 0.x/ D x3.5x � 8/ has at least 3 pairwise distinct real zeros from Rolle’s theorem.But f 0.x/ clearly has only 2 real zeros so this is not the case. Therefore f .x/ hasexactly 3 real zeros and hence 2 nonreal zeros that are complex conjugates.

Let L be the splitting field of f .x/. The field L lies in C and the restriction of themap ı W z 7! z of C to L maps the set of zeros of f .x/ onto themselves. Therefore ıis an automorphism ofL. The map ı fixes the 3 real zeros and transposes the 2 nonrealzeros. From this we now show that Aut.LjQ/ D AutL D G D S5 the full symmetricgroup on 5 symbols. Clearly G � S5 since G acts as a permutation group on the 5zeros of f .x/.

Since ı transposes the 2 nonreal roots, G (as a permutation group) contains at leastone transposition. Since f .x/ is irreducible G acts transitively on the zeros of f .x/.Let x0 be one of the zeros of f .x/ and let Gx0

be the stabilizer of x0. Since G actstransitively x0 has five images under G and therefore the index of the stabilizer mustbe 5 (see Chapter 10).

5 D ŒG W Gx0�

which by Lagrange’s theorem must divide the order of G. Therefore from theSylow theorems G contains an element of order 5. Hence G contains a 5-cycle anda transposition and therefore by Theorem 11.4.3 it follows that G D S5. Since S5 isnot solvable it follows that f .x/ cannot be solved by radicals.

Since Abel’s theorem shows that there exists a degree 5 polynomial that cannot besolved by radicals it follows that there can be no formula like Cardano’s formula interms of radicals for degree 5.

Section 17.6 Constructibility of Regular n-Gons 259

Corollary 17.5.4. There is no general formula for solving by radicals a fifth degreepolynomial over the rationals.

We now show that this result can be further extended to any degree greater than 5.

Theorem 17.5.5. For each n � 5 there exist polynomials f .x/ 2 QŒx� of degree nfor which the equation f .x/ D 0 is not solvable by radicals.

Proof. Let f .x/ D xn�5.x5�2x4C2/ and letL be the splitting field of f .x/ over Q.Then Aut.LjQ/ D Aut.L/ contains a subgroup that is isomorphic to S5. It followsthat Aut.L/ is not solvable and therefore the equation f .x/ D 0 is not solvable byradicals.

This immediately implies the following.

Corollary 17.5.6. There is no general formula for solving by radicals polynomialequations over the rationals of degree 5 or greater.

17.6 Constructibility of Regular n-Gons

In Chapter 6 we considered certain geometric material related to field extensions.There, using general field extensions, we proved the impossibility of certain geomet-ric compass and straightedge constructions. In particular there were four famous in-solvable (to the Greeks) construction problems. The first is the squaring of the circle.This problem is, given a circle, to construct using straightedge and compass a squarehaving area equal to that of the given circle. The second is the doubling of the cube.This problem is given a cube of given side length, to construct, using a straightedgeand compass, a side of a cube having double the volume of the original cube. Thethird problem is the trisection of an angle. This problem is to trisect a given angleusing only a straightedge and compass. The final problem is the construction of aregular n-gon. This problems asks which regular n-gons could be constructed usingonly straightedge and compass. In Chapter 6 we proved the impossibility of the first3 problems. Here we use Galois theory to consider constructible n-gons.

Recall that a Fermat number is a positive integer of the form

Fn D 22n C 1; n D 0; 1; 2; 3; : : : :

If a particular Fm is prime it is called a Fermat prime.Fermat believed that all the numbers in this sequence were primes. In fact F0; F1;

F2; F3; F4 are all prime but F5 is composite and divisible by 641 (see exercises). It isstill an open question whether or not there are infinitely many Fermat primes. It hasbeen conjectured that there are only finitely many. On the other hand if a number of


the form 2n C 1 is a prime for some integer n then it must be a Fermat prime that is nmust be a power of 2.

We first need the following.

Theorem 17.6.1. Let p D 2n C 1, n D 2s with s � 0 be a Fermat prime. Then thereexists a chain of fields

Q D L0 � L1 � � � � � Ln D kp

where kp is the p-th cyclotomic field such that

ŒLj W Lj�1� D 2

for j D 1; : : : ; n.

Proof. The extension kpjQ is a Galois extension and Œkp W Q� D p � 1. FurtherAut.kp/ is cyclic of order p � 1 D 2n. Hence there is a chain of subgroups

¹1º D Un � Un�1 � � � � � U0 D Aut.kp/

with ŒUj�1 W Uj � D 2 for j D 1; : : : ; n. From the fundamental theorem of Galoistheory the fields Lj D Fix.kp; Uj / with j D 0; : : : ; n have the desired properties.

The following corollaries describe completely the constructible n-gons tying themto Fermat primes.

Corollary 17.6.2. Consider the numbers 0; 1, that is a unit line segment or a unitcircle. A regular p-gon with p � 3 prime is constructible from ¹0; 1º using a straight-edge and compass if and only if p D 22s C 1; s � 0 is a Fermat prime.

Proof. From Theorem 6.3.13 we have that if a regular p-gon is constructible with astraightedge and compass then p must be a Fermat prime. The sufficiency followsfrom Theorem 17.6.1.

We now extend this to general n-gons. Let m; n 2 N. Assume that we may con-struct from ¹0; 1º a regular n-gon and a regular m-gon. In particular this means thatwe may construct the real numbers cos.2�

n/; sin.2�

n/; cos.2�

m/ and sin.2�

m/. If the

gcd.m; n/ D 1 then we may construct from ¹0; 1º a regular mn-gon.To see this notice that

cos

�

2�

nC 2�

m

�

Dcos

�

2.nCm/�

nm

�

Dcos

�

2�

n

�

cos

�

2�

m

�

� sin

�

2�

n

�

sin

�

2�

m

�

and

sin

�

2�

nC 2�

m

�

Dsin

�

2.nCm/�

nm

�

Dsin

�

2�

n

�

cos

�

2�

m

�

C cos

�

2�

n

�

sin

�

2�

m

�

:


Therefore we may construct from ¹0; 1º the numbers cos. 2�mn/ and sin. 2�

mn/ because

gcd.nCm;mn/ D 1. Therefore we may construct from ¹0; 1º a regular mn-gon.Now let p � 3 be a prime. Then Œkp2 W Q� D p.p � 1/ which is not a power

of 2. Therefore from ¹0; 1º it is not possible to construct a regular p2-gon. Hencealtogether we have the following.

Corollary 17.6.3. Consider the numbers 0; 1, that is a unit line segment or a unitcircle. A regular n-gon with n 2 N is constructible from ¹0; 1º using a straightedgeand compass if and only if

(i) n D 2m, m � 0 or

(ii) p D 2mp1p2 � � �pr , m � 0 and the pi are pairwise distinct Fermat primes.

Proof. Certainly we may construct a 2m-gon. Further if r; s 2 N with gcd.r; s/ D 1

and if we can construct a regular rs-gon then clearly we may construct a regular r-gonand a regular s-gon.


The fundamental theorem of algebra is one of the most important algebraic results.This says that any nonconstant complex polynomial must have a complex zero. Inthe language of field extensions this says that the field of complex numbers C isalgebraically closed. There are many distinct and completely different proofs of thisresult. In [3] twelve proofs were given covering a wide area of mathematics. In thissection we use Galois theory to present a proof. Before doing this we briefly mentionsome of the history surrounding this theorem.

The first mention of the fundamental theorem of algebra, in the form that everypolynomial equation of degree n has exactly n roots, was given by Peter Roth ofNurnberg in 1608. However its conjecture is generally credited to Girard who alsostated the result in 1629. It was then more clearly stated by Descartes in 1637 whoalso distinguished between real and imaginary roots. The first published proof of thefundamental theorem of algebra was then given by D’Alembert in 1746. Howeverthere were gaps in D’Alembert’s proof and the first fully accepted proof was thatgiven by Gauss in 1797 in his Ph.D. thesis. This was published in 1799. Interestinglyenough, in reviewing Gauss’ original proof, modern scholars tend to agree that thereare as many holes in this proof as in D’Alembert’s proof. Gauss, however, publishedthree other proofs with no such holes. He published second and third proofs in 1816while his final proof, which was essentially another version of the first, was presentedin 1849.

Theorem 17.7.1. Each nonconstant polynomial f .x/ 2 CŒx�, where C is the field ofcomplex numbers, has a zero in C. Therefore C is an algebraically closed field.


Proof. Let f .x/ 2 CŒx� be a nonconstant polynomial and let K be the splitting fieldof f .x/ over C. Since the characteristic of the complex numbers C is zero this willbe a Galois extension of C. Since C is a finite extension of R this field K would alsobe a Galois extension of R. The fundamental theorem of algebra asserts that K mustbe C itself, and hence the fundamental theorem of algebra is equivalent to the factthat any nontrivial Galois extension of C must be C.

LetK be any finite extension of R with jK W Rj D 2mq; .2; q/ D 1. Ifm D 0, thenK is an odd-degree extension of R. Since K is separable over R, from the primitiveelement theorem it is a simple extension, and hence K D R.˛/, where the minimalpolynomial m˛.x/ over R has odd degree. However, odd-degree real polynomialsalways have a real root, and therefore m˛.x/ is irreducible only if its degree is one.But then ˛ 2 R and K D R. Therefore, if K is a nontrivial finite extension of Rof degree 2mq we must have m > 0. This shows more generally that there are noodd-degree finite extensions of R.

Suppose thatK is a degree 2 extension of C. ThenK D C.˛/with degm˛.x/ D 2

where m˛.x/ is the minimal polynomial of ˛ over C. But from the quadratic formulacomplex quadratic polynomials always have roots in C so a contradiction. Therefore,C has no degree 2 extensions.

Now, let K be a Galois extension of C. Then K is also Galois over R. SupposejK W Rj D 2mq, .2; q/ D 1. From the argument above we must have m > 0. LetG D Gal.K=R/ be the Galois group. Then jGj D 2mq, m > 0, .2; q/ D 1. Thus Ghas a 2-Sylow subgroup of order 2m and index q (see Theorem 13.3.4). This wouldcorrespond to an intermediate field E with jK W Ej D 2m and jE W Rj D q. However,then E is an odd-degree finite extension of R. It follows that q D 1 and E D R.Therefore, jK W Rj D 2m and jGj D 2m.

Now, jK W Cj D 2m�1 and suppose G1 D Gal.K=C/. This is a 2-group. If it werenot trivial, then from Theorem 13.4.1 there would exist a subgroup of order 2m�2

and index 2. This would correspond to an intermediate field E of degree 2 over C.However from the argument above C has no degree 2 extensions. It follows then thatG1 is trivial, that is, jG1j D 1, so jK W Cj D 1 and K D C completing the proof.

The fact that C is algebraically closed limits the possible algebraic extensions ofthe reals.

Corollary 17.7.2. LetK be a finite field extension of the real numbers R. ThenKDRor K D C.

Proof. Since jK W Rj < 1 by the primitive element theorem K D R.˛/ for some˛ 2 K. Then the minimal polynomial m˛.x/ of ˛ over R is in RŒx� and hence inCŒx�. Therefore form the fundamental theorem of algebra it has a root in C. Hence˛ 2 C. If ˛ 2 R then K D R, if not then K D C.


17.8 Exercises

1. For f .x/ 2 QŒx� with

f .x/ D x6 � 12x4 C 36x2 � 50.f .x/ D 4x4 � 12x2 C 20x � 3/

determine for each complex zero ˛ of f .x/ a finite number of radicals i D ˇ1

mi

i ,i D 1; : : : ; r , and a presentation of ˛ as a rational function in 1; : : : ; r over Qsuch that iC1 is irreducible over Q.1; : : : ; i / and ˇiC1 2 Q.1; : : : ; i / fori D 0; : : : ; r � 1.

2. Let K be a field of prime characteristic p. Let n 2 N and Kn the splitting field ofxn � 1 over K. Show that Aut.KnjK/ is cyclic.

3. Let f .x/ D x4 � x C 1 2 ZŒx�. Show:

(i) f has a real zero.

(ii) f is irreducible over Q.

(iii) If uC iv (u; v 2 R) is a zero of f in C, then g D x3 �4x�1 is the minimalpolynomial of 4u2 over Q.

(iv) The Galois group of f over Q has an element of order 3.

(v) No zero a 2 C of f is constructible from the points 0 and 1 with straightedgeand compass.

4. Show that each polynomial f .x/ over R decomposes in linear factors and quadrat-ic factors (f .x/ D d.x � a1/ � .x � a2/ � � � .x2 C b1xC c1/ � .x2 C b2xC c2/ � � � ,d 2 R).

5. Let E be a finite (commutative) field extension of R. Then E Š R or E Š C.

6. Let n � 1 be a natural number and x an indeterminate over C. Consider thepolynomial xn � 1 2 ZŒx�. In CŒx� it decomposes in linear factors:

xn � 1 D .x � �1/.x � �2/ � � � .x � �n/;

where the complex numbers

�� D e2�i �n D cos

2��

nC i � sin

2��

n; 1 � � � n;

are all (different) n-th roots of unity, that is especially �n D 1. These �� form afrom �1 generated multiplicative cyclic group G D ¹�1; �2; : : : ; �nº. It is �� D ��

1 .

An n-th root of unity �� is called a primitive n-th root of unity, if �� is not an m-throot of unity for any m < n.


Show that the following are equivalent:

(i) �� is a primitive n-th root of unity.

(ii) �� is a generating element of G.

(iii) gcd.�; n/=1.

7. The polynomial �n.x/ 2 CŒx�, whose zeros are exactly the primitive n-th roots ofunity, is called the n-th cyclotomic polynomial. With Exercise 6 it is:

�n.x/ DY

1��ngcd.�;n/D1

.x � ��/ DY

1��ngcd.�;n/D1

.x � e2�i �n /:

The degree of �n.x/ is the number of the integers ¹1; : : : ; nº, which are coprimeto n. Show:

(i) xn � 1 D Q

d�1d jn

�d .x/.

(ii) �n.x/ 2 ZŒx� for all n � 1.

(iii) �n.x/ is irreducible over Q (and therefore also over Z) for all n � 1.

8. Show that the Fermat numbers F0; F1; F2; F3; F4 are all prime but F5 is compositeand divisible by 641.

Chapter 18

The Theory of Modules

18.1 Modules Over Rings

Recall that a vector space V over a field F is an abelian group V with a scalar multi-plication � W F � V ! V satisfying

(1) f .v1 C v2/ D f v1 C f v2 for f 2 F and v1; v2 2 V .

(2) .f1 C f2/v D f1v C f2v for f1; f2 2 F and v 2 V .

(3) .f1f2/v D f1.f2v/ for f1; f2 2 F and v 2 V .

(4) 1v D v for v 2 V .

Vector spaces are the fundamental algebraic structures in linear algebra and thestudy of linear equations. Vector spaces have been crucial in our study of fields andGalois theory since any field extension is a vector space over any subfield. In thiscontext the degree of a field extension is just the dimension of the extension field as avector space over the base field.

If we modify the definition of a vector space to allow scalar multiplication from anarbitrary ring we obtain a more general structure called a module. We will formallydefine this below. Modules generalize vector spaces but the fact that the scalars donot necessarily have inverses makes the study of modules much more complicated.Modules will play an important role in both the study of rings and the study of abeliangroups. In fact any abelian group is a module over the integers Z so that modules, be-sides being generalizations of vector spaces can also be considered as generalizationsof abelian groups.

In this chapter we will introduce the theory of modules. In particular we will extendto modules the basic algebraic properties such as the isomorphism theorems that havebeen introduced earlier for groups, rings and fields.

In this chapter we restrict ourselves to commutative rings so that throughout R isalways a commutative ring. If R has an identity 1 then we always consider only thecase that 1 ¤ 0. Throughout this chapter we use letters a;b; c;m; : : : for ideals in R.For principal ideals we write hai or aR for the ideal generated by a 2 R. We notehowever that the definition can be extended to include modules over noncommutativerings. In this case we would speak of left modules and right modules.

Definition 18.1.1. Let R D .R;C; � / a commutative ring and M D .M;C/ anabelian group. M together with a scalar multiplication � W R�M ! M; .˛; x/ 7! ˛x,is called a R-module or module over R if the following axioms hold:

266 Chapter 18 The Theory of Modules

(M1) .˛ C ˇ/x D ˛x C ˇx,

(M2) ˛.x C y/ D ˛x C ˛y and

(M3) .˛ˇ/x D ˛.ˇx/ for all ˛; ˇ 2 R and x; y 2 M .

If R has an identity 1 then M is called an unitary R-module if in addition

(M4) 1 � x D x for all x 2 M holds.

In the following, R always is a commutative ring. If R contains an identity 1 thenM always is an unitary R-module. If R has an identity 1 then we always assume1 ¤ 0.

As usual we have the rules:

0 � x D 0; ˛ � 0 D 0; �.˛x/ D .�˛/x D ˛.�x/

for all ˛ 2 R and for all x 2 M .We next present a series of examples of modules.

Example 18.1.2. (1) If R D K is a field then a K-module is a K-vector space.

(2) Let G D .G;C/ be an abelian group. If n 2 Z and x 2 G then nx is defined asusual:

0 � x D 0;

nx D x C � � � C x„ ƒ‚ …

n-times

if n > 0 and

nx D .�n/.�x/ if n < 0:

Then G is an unitary Z-module via the scalar multiplication

� W Z �G ! G; .n; x/ 7! nx:

(3) Let S be a subring of R. Then via .s; r/ 7! sr the ring R itself becomes anS -module.

(4) Let K be a field, V a K-vector space and f W V ! V a linear map of V . Letp D P

i ˛i ti 2 KŒt�. Then p.f / WD P

i ˛ifi defines a linear map of V and

V is an unitary KŒt�-module via the scalar multiplication

KŒt� � V ! V; .p; v/ 7! pv WD p.f /.v/:

(5) If R is a commutative ring and a is an ideal in R then a is a module over R.

Basic to all algebraic theory is the concept of substructures. Next we define sub-modules.

Section 18.1 Modules Over Rings 267

Definition 18.1.3. LetM be an R-module. ; ¤ U � M is called a submodule ofMif

(UMI) .U;C/ < .M;C/ and

(UMII) ˛ 2 R; u 2 U ) ˛u 2 U , that is, RU � U .

Example 18.1.4. (1) In an abelian group G, considered as a Z-module, the sub-groups are precisely the submodules.

(2) The submodules of R, considered as a R-module, are precisely the ideals.

(3) Rx WD ¹˛x W ˛ 2 Rº is a submodule of M for each x 2 M .

(4) Let K be a field, V a K-vector space and f W V ! V a linear map of V .Let U be a submodule of V , considered as a KŒt�-module as above. Then thefollowing holds:

(a) U < V .

(b) pU D p.f /U � U for all p 2 KŒt�. Especially ˛U � U for p D ˛ 2 Kand tU D f .U / � U for p D t , that is, U is an f -invariant subspace. Onthe other side also, p.f /U � U for all p 2 KŒt� if U is an f -invariantsubspace.

We next extend to modules the concept of a generating system. For a single gener-ator, as with groups, this is called cyclic.

Definition 18.1.5. A submodule U of the R-module M is called cyclic if there existsan x 2 M with U D Rx.

As in vector spaces, groups and rings the following constructions are standard lead-ing us to generating systems.

(1) Let M be a R-module and ¹Ui W i 2 I º a family of submodules. ThenT

i2I Ui

is a submodule of M .

(2) Let M be a R-module. If A � M then we define

hAi WD\

¹U W U submodule of M with A � U º:

hAi is the smallest submodule of M which contains A. If R has an identity 1then hAi is the set of all linear combinations

P

i ˛iai with all ˛i 2 R, allai 2 A. This holds because M is unitary and na D n.1 � a/ D .n � 1/a forn 2 Z and a 2 A, that is, we may consider the pseudoproduct na as a realproduct in the module. Especially, if R has a unit 1 then aR D h¹aºi DW hai.


Definition 18.1.6. LetR have an identity 1. IfM D hAi thenA is called a generatingsystem of M . M is called finitely generated if there are a1; : : : ; an 2 M with M Dh¹a1; : : : ; anºi DW ha1; : : : ; ani.

The following is clear.

Lemma 18.1.7. Let Ui be submodules of M , i 2 I , I an index set. Then

�

[

i2I

Ui

D²

X

i2L

ai W ai 2 Ui ; L � I finite

³

:

We write hSi2I Ui i DW Pi2I Ui and call this submodule the sum of theUi . A sumP

i2I Ui is called a direct sum if for each representation of 0 as 0 D P

ai , ai 2 Ui ,it follows that all ai D 0. This is equivalent to Ui \ P

i¤j Uj D 0 for all i 2 I .Notation:

L

i2I Ui ; and if I D ¹1; : : : ; nº then we write U1 ˚ � � � ˚ Un, too.In analogy with our previously defined algebraic structure we extend to modules

the concepts of quotient modules and module homomorphisms.

Definition 18.1.8. LetU be a submodule of theR-moduleM . LetM=U be the factorgroup. We define a (well-defined) scalar multiplication

R �M=U ! M=U; ˛.x C U / WD ˛x C U:

With this M=U is a R-module, the factor module or quotient module of M by U . InM=U we have the operations

.x C U /C .y C U / D .x C y/C U

and˛.x C U / D ˛x C U:

A moduleM over a ring R can also be considered as a module over a quotient ringof R. The following is straightforward to verify (see exercises).

Lemma 18.1.9. Let a C R an ideal in R and M a R-module. The set of all finitesums of the form

P

˛ixi , ˛i 2 a, xi 2 M , is a submodule of M which we denoteby aM . The factor group M=aM becomes a R=a-module via the well-defined scalarmultiplication

.˛ C a/.mC aM/ D ˛mC aM:

If here R has an identity 1 and a is a maximal ideal then M=aM becomes a vectorspace over the field K D R=a.

Section 18.1 Modules Over Rings 269

We next define module homomorphisms

Definition 18.1.10. Let R be a ring and M , N be R-modules. A map f W M ! N

is called a R-module homomorphism (or R-linear) if

f .x C y/ D f .x/C f .y/

andf .˛x/ D f .x/

for all ˛ 2 R and all x; y 2 M . Endo-, epi-, mono-, iso- and automorphisms aredefined analogously via the corresponding properties of the maps. If f W M ! N

and g W N ! P are module homomorphisms then g ı f W M ! P is also a modulehomomorphism. If f W M ! N is an isomorphism then also f �1 W N ! M .

We define kernel and image in the usual way:

ker.f / WD ¹x 2 M W f .x/ D 0º

andim.f / WD f .M/ D ¹f .x/ W x 2 M º:

ker.f / is a submodule of M and im.f / is a submodule of N . As usual:

f is injective ” ker.f / D ¹0º:

If U is a submodule of M then the map x 7! x C U defines a module epimorphism(the canonical epimorphism) from M onto M=U with kernel U .

There are module isomorphism theorems. The proofs are straightforward exten-sions of the corresponding proofs for groups and rings.

Theorem 18.1.11 (module isomorphism theorems). Let M;N be R-modules.

(1) If f W M ! N is a module homomorphism then

f .M/ Š M= ker.f /:

(2) If U; V are submodules of the R-module M then

U=.U \ V / Š .U C V /=V:

(3) If U and V are submodules of the R-module M with U � V � M then

.M=U /=.V=U / Š M=V:


For the proofs, as for groups, just consider the map f W U C V ! U=.U \ V /,uC v 7! uC .U \ V / which is well-defined because U \ V is a submodule of U ;we have ker.f / D V .

Note that ˛ 7! ˛�, � 2 R fixed, defines a module homomorphism R ! R if weconsider R itself as a R-module.

18.2 Annihilators and Torsion

In this section we define torsion for an R-module and a very important subring of Rcalled the annihilator.

Definition 18.2.1. Let M be an R-module. For a fixed a 2 M consider the map�a W R ! M , �a.˛/ WD ˛a. �a is a module homomorphism considering R as anR-module. We call ker.�a/ the annihilator of a denoted Ann.a/, that is

Ann.a/ D ¹˛ 2 R W ˛a D 0º:

Lemma 18.2.2. Ann.a/ is a submodule of R and the module isomorphism theorem.1/ gives R=Ann.a/ Š Ra.

We next extend the annihilator to whole submodules of M .

Definition 18.2.3. Let U be a submodule of the R-module M . The annihilatorAnn.U / is defined to be

Ann.U / WD ¹˛ 2 R W ˛u D 0 for all u 2 U º:

As for single elements, since Ann.U / D T

u2U Ann.u/, then Ann.U / is a sub-module of R. If � 2 R, u 2 U , then �u 2 U , that means, if u 2 Ann.U / then also�u 2 Ann.U / because .˛�/u D ˛.�u/ D 0. Hence, Ann.U / is an ideal in R.

Suppose that G is an abelian group. Then as mentioned G is a Z-module. Anelement g 2 G is a torsion element or has finite order if ng D 0 for some n 2 N. Theset Tor.G/ consists of all the torsion elements in G. An abelian group is torsion-freeif Tor.G/ D ¹0º.

Lemma 18.2.4. Let G be an abelian group. Then Tor.G/ is a subgroup of G andG=Tor.G/ is torsion-free.

We extend this concept now to general modules.

Section 18.3 Direct Products and Direct Sums of Modules 271

Definition 18.2.5. The R-moduleM is called faithful if Ann.M/ D ¹0º. An elementa 2 M is called a torsion element, or element of finite order, if Ann.a/ ¤ ¹0º.A module without torsion elements ¤ 0 is called torsion-free. If the R-module M istorsion-free then R has no zero divisors ¤ 0.

Theorem 18.2.6. Let R be an integral domain and M an R-module (by our agree-ment M is unitary). Let Tor.M/ D T .M/ be the set of torsion elements of M . ThenTor.M/ is a submodule of M and M=Tor.M/ is torsion-free.

Proof. If m 2 Tor.M/, ˛ 2 Ann.m/, ˛ ¤ 0 and ˇ 2 R then we get ˛.ˇm/ D.˛ˇ/m D .ˇ˛/m D ˇ.˛m/ D 0, that is, ˇm 2 Tor.M/, because ˛ˇ ¤ 0 if ˇ ¤ 0

(R is an integral domain). Letm0 another element of Tor.M/ and 0 ¤ ˛0 2 Ann.m0/.Then ˛˛0 ¤ 0 and ˛˛0.mCm0/ D ˛˛0mC ˛˛0m0 D ˛0.˛m/C ˛.˛0m0/ D 0, thatis, mCm0 2 Tor.M/. Therefore Tor.M/ is a submodule.

Now, let m C Tor.M/ be a torsion element in M=Tor.M/. Let ˛ 2 R, ˛ ¤ 0

with ˛.m C Tor.M// D ˛m C Tor.M/ D Tor.M/. Then ˛m 2 Tor.M/. Hencethere exists a ˇ 2 R, ˇ ¤ 0, with 0 D ˇ.˛m/ D .ˇ˛/m. Since ˇ˛ ¤ 0 we get thatm 2 Tor.M/ and the torsion element mC Tor.M/ is trivial.

18.3 Direct Products and Direct Sums of Modules

Let Mi , i 2 I , I ¤ ;, be a family of R-modules. On the direct product

P DY

i2I

Mi D²

f W I ![

i2I

Mi W f .i/ 2 Mi for all i 2 I³

we define the module operations

C W P � P ! P and � W R � P ! P

via.f C g/.i/ WD f .i/C g.i/ and . f /.i/ WD f .i/:

Together with this operations P D Q

i2I Mi is an R-module, the direct product ofthe Mi . If we identify f with the I -tuple of the images f D .fi /i2I then the sumand the scalar multiplication are componentwise. If I D ¹1; : : : ; nº and Mi D M forall i 2 I then we write, as usual, Mn D Q

i2I Mi .We make the agreement that

Q

i2ID;Mi WD ¹0º.L

i2I Mi WD ¹f 2 Q

i2I Mi W f .i/ D 0 for almost all iº (“for almost all i”means that there are at most finitely many i with f .i/ ¤ 0) is a submodule of thedirect product, called the direct sum of the Mi . If I D ¹1; : : : ; nº then we writeL

i2I Mi D M1 ˚ � � � ˚Mn. HereQn

iD1Mi D LniD1Mi for finite I .


Theorem 18.3.1. (1) If � 2 Per.I / is a permutation of I then

Y

i2I

Mi ŠY

i2I

M�.i/

andM

i2I

Mi ŠM

i2I

M�.i/:

(2) If I D PSj2J Ij , the disjoint union, then

Y

i2I

Mi ŠY

j2J

�

Y

i2Ij

Mi

�

andM

i2I

Mi ŠM

j2J

�

M

i2Ij

Mi

�

:

Proof. (1) Consider the map f 7! f ı � .(2) Consider the map f 7! S

j2J fj where fj 2 Qi2IjMi is the restriction of f

onto Ij , andS

j2J fj is on J defined by .S

j2J fj /.k/ WD fk D f .k/.

Let I ¤ ;. IfM D Q

i2I Mi then we get in a natural manner module homomorph-isms �i W M ! Mi via f 7! f .i/I�i is called the projection onto the i -th compo-nent. In duality we define module homomorphisms ıi W Mi ! L

i2I Mi � Q

i2I Mi

via ıi .mi / D .nj /j2I where nj D 0 if i ¤ j and ni D mi . ıi is called thei -th canonical injection. If I D ¹1; : : : ; nº then �i .a1; : : : ; ai ; : : : ; an/ D ai andıi .mi / D .0; : : : ; 0;mi ; 0; : : : ; 0/.

Theorem 18.3.2 (universal properties). Let A;Mi ; i 2 I ¤ ;, be R-modules.

(1) If �i W A ! Mi , i 2 I , are module homomorphisms then there exists exactly onemodule homomorphism � W A ! Q

i2I Mi such that for each i the followingdiagram commutes:

that is, �j D �j ı � where �j is the j -th projection.

Section 18.4 Free Modules 273

(2) If ‰i W Mi ! A, i 2 I , are module homomorphisms then there exists exactlyone module homomorphism ‰ W Li2I Mi ! A such that for each j 2 J thefollowing diagram commutes:

that is, ‰j D ‰ ı ıj where ıj is the j -th canonical injection.

Proof. (1) If there is such � then the j -th component of �.a/ is equal �j .a/ because�j ı � D �j . Hence, define �.a/ 2 Q

i2I Mi via �.a/.i/ WD �i .a/, and � is thedesired map.

(2) If there is such a‰ with‰ı j D‰j then‰.x/D‰..xi //D‰.Pi2I ıi .xi //DP

i2I ‰ ı ıi .xi / D P

i2I ‰i .xi /. Hence define ‰..xi // D P

i2I ‰i .xi /, and ‰ isthe desired map (recall that the sum is well defined).

18.4 Free Modules

If V is a vector space over a field F then V always has a basis over F which maybe infinite. Despite the similarity to vector spaces, because the scalars may not haveinverses this is not necessarily true for modules.

We now define a basis for a module and show that only free modules have bases.Let R be a ring with identity 1, M be a unitary R-module and S � M . Each finite

sumP

˛isi , the ˛i 2 R and the si 2 S , is called a linear combination in S . SinceM is unitary and S ¤ ; then hSi is exactly the set of all linear combinations in S.In the following we assume that S ¤ ;. If S D ; then hSi D h;i D ¹0º, and thiscase is not interesting. For convention, in the following we always assume mi ¤ mj

if i ¤ j in a finite sumP

˛imi with all ˛i 2 R and all mi 2 M .

Definition 18.4.1. A finite set ¹m1; : : : ; mnº � M is called linear independent orfree (over R) if a representation 0 D Pn

iD1 ˛imi implies always ˛i D 0 for all i 2¹1; : : : ; nº, that is, 0 can be represented only trivially on ¹m1; : : : ; mnº. A nonemptysubset S � M is called free (over R) if each finite subset of S is free.

Definition 18.4.2. Let M be a R-module (as above).

(1) S � M is called a basis of M if

(a) M D hSi and

(b) S is free (over R).


(2) If M has a basis then M is called a free R-module. If S is a basis of M then Mis called free on S or free with basis S .

In this sense we can consider ¹0º as a free module with basis ;.

Example 18.4.3. 1. R �R D R2, as R-module, is free with basis ¹.1; 0/; .0; 1/º.

2. More general, let I ¤ ;. ThenL

i2I Ri with Ri D R for all i 2 I is free withbasis ¹�i W I ! R W �i .j / D ıij ; i; j 2 I º where

ıij D´

0 if i ¤ j ;

1 if i D j :

Especially, if I D ¹1; : : : ; nº then Rn D ¹.a1; : : : ; an/ W ai 2 Rº is free withbasis ¹�i D .0; : : : ; 0

„ ƒ‚ …

i�1

; 1; 0; : : : ; 0/I 1 � i � nº.

3. Let G be an abelian group. If G, as a Z-module, is free on S � G, then G iscalled a free abelian group with basis S . If jS j D n < 1 then G Š Zn.

Theorem 18.4.4. The R-module M is free on S if and only if each m 2 M can bewritten uniquely in the form

P

˛isi with ˛i 2 R, si 2 S . This is exactly the casewhen M D L

s2S Rs is the direct sum of the cyclic submodules Rs, and each Rs ismodule isomorphic to R.

Proof. If S is a basis then each m 2 M can be written as m D P

˛i si becauseM D hSi. This representation is unique because if

P

˛isi D P

ˇisi thenP

.˛i �ˇi /si D 0, that is ˛i � ˇi D 0 for all i . If, on the other side, we assume that therepresentation is unique then we get from

P

˛isi D 0 D P

0 � si that all ˛i D 0,and therefore M is free on S . The rest of the theorem essentially is a rewriting ofthe definition. If each m 2 M can be written as m D P

˛isi then M D P

s2S Rs.If x 2 Rs0 \ P

s2S;s¤s0 Rs with s0 2 S then x D ˛0s0 D P

si¤s0;si2S ˛isi and0 D ˛0s0 � P

si¤s0;si2S ˛isi and therefore ˛0 D 0 and ˛i D 0 for all i . Thisgives M D L

s2S Rs. The cyclic modules Rs are isomorphic to R=Ann.s/, andAnn.s/ D ¹0º in the free modules. On the other side such modules are free on S .

Corollary 18.4.5. (1) M is free on S , M Š L

s2S Rs , Rs D R for all s 2 S .

(2) If M is finitely generated and free then there exists an n 2 N0 such that M ŠRn D R˚ � � � ˚R

„ ƒ‚ …

n-times

.

Proof. Part (1) is clear. We prove part (2). LetM D hx1; : : : ; xri and S a basis ofM .Each xi is uniquely representable on S as xi D P

si2S ˛isi . Since the xi generateMwe get m D P

ˇixi D P

i;j ˇi j sj for arbitrary m 2 M , and we need only finitelymany sj to generate M . Hence S is finite.

Section 18.4 Free Modules 275

Theorem 18.4.6. Let R be a commutative ring with identity 1 and M a free R-module. Then any two bases of M have the same cardinality.

Proof. R contains a maximal ideal m, and R=m is a field (see Theorem 2.3.2 and2.4.2). Then M=mM is a vector space over R=m. From M Š L

s2S Rs with basisS we get mM Š L

s2S ms and, hence,

M=mM Š�

M

s2S

Rs

�

=mM ŠM

s2S

.Rs=mM/ ŠM

s2S

R=m:

Hence the R=m-vector space M=mM has a basis of the cardinality of S . This givesthe result.

Let R be a commutative ring with identity 1 and M a free R-module. The cardi-nality of a basis is an invariant of M , called the rank of M or dimension of M . Ifrank.M/ D n < 1 then this means M Š Rn.

Theorem 18.4.7. Each R-module is a (module-)homomorphic image of a free R-module.

Proof. Let M be a R-module. We consider F WD L

m2M Rm with Rm D R for allm 2 M . F is a free R-module. The map f W F ! M , f ..˛m/m2M / D P

˛mm

defines a surjective module homomorphism.

Theorem 18.4.8. Let F;M be R-modules, and let F be free. Let f W M ! F be amodule epimorphism. Then there exists a module homomorphism g W F ! M withf ı g D idF , and we have M D ker.f /˚ g.F /.

Proof. Let S be a basis of F . By the axiom of choice there exists for each s 2 S anelement ms 2 M with f .ms/ D s (f is surjective). We define the map g W F ! M

via s 7! ms linearly, that is, g.P

si2S ˛isi / D P

si2S ˛imsi. Since F is free, the map

g is well defined. Obviously f ıg.s/ D f .ms/ D s for s 2 S , that means f ıg D idF

because F is free on S . For eachm 2 M we have alsom D gıf .m/C.m�gıf .m//where g ı f .m/ D g.f .m// 2 g.F /, and since f ı g D idF the elements of theform m � g ı f .m/ are in the kernel of f . Therefore M D g.F /C ker.f /. Now letx 2 g.F /\ker.f /. Then x D g.y/ for some y 2 F and 0 D f .x/ D f ıg.y/ D y,and hence x D 0. Therefore the sum is direct: M D g.F /˚ ker.f /.

Corollary 18.4.9. Let M be an R-module and N a submodule such that M=N isfree. Then there is a submodule N 0 of M with M D N ˚N 0.

Proof. Apply the above theorem for the canonical map � W M ! M=N withker.�/ D N .


18.5 Modules over Principal Ideal Domains

We now specialize to the case of modules over principal ideal domains. For the re-mainder of this section R is always a principal ideal domain ¤ ¹0º. We now use thenotation .˛/ WD ˛R, ˛ 2 R, for the principal ideal ˛R.

Theorem 18.5.1. Let M be a free R-module of finite rank over the principal idealdomain R. Then each submodule U is free of finite rank, and rank.U / � rank.M/.

Proof. We prove the theorem by induction on n D rank.M/. The theorem certainlyholds if n D 0. Now let n � 1 and assume that the theorem holds for all free R-modules of rank < n. Let M be a free R-module of rank n with basis ¹x1; : : : ; xnº.Let U be a submodule of M . We represent the elements of U as linear combinationof the basis elements x1; : : : ; xn, and we consider the set of coefficients of x1 for theelements of U :

a D²

ˇ 2 R W ˇx1 CnX

iD2

ˇixi 2 U³

:

Certainly a is an ideal in R. Since R is a principal ideal domain we have a D .˛1/

for some ˛1 2 R. Let u 2 U be an element in U which has ˛1 as its first coefficient,that is

u D ˛1x1 CnX

iD2

˛ixi 2 U:

Let v 2 U be arbitrary. Then

v D �.˛1x1/CnX

iD2

�ixi :

Hence v��u2U 0 WDU \M 0 whereM 0 is the freeR-module with basis ¹x2; : : : ; xnº.By induction, U 0 is a free submodule of M 0 with a basis ¹y1; : : : ; ytº, t � n � 1. If˛1 D 0 then a D .0/ and U D U 0, and there is nothing to prove. Now let ˛1 ¤ 0. Weshow that ¹u; y1; : : : ; ytº is a basis of U . v � �u is a linear combination of the basiselements of U 0, that is, v � �u D Pt

iD1 �iyi uniquely. Hence v D �uCPtiD1 �iyi

and U D hu; y1; : : : ; yt i. Now let be 0 D u C PtiD1 �iyi . We write u and the

yi as linear combinations in the basis elements x1; : : : ; xn of M . There is only anx1-portion in u. Hence

0 D ˛1x1 CnX

iD2

�0ixi :

Therefore first ˛1x1 D 0, that is, D 0 because R has no zero divisor ¤ 0, andfurther �02 D � � � D �0n D 0, that means, �1 D � � � D �t D 0.

Section 18.5 Modules over Principal Ideal Domains 277

Let R be a principal ideal domain. Then the annihilator Ann.x/ in R-modules Mhas certain further properties. Let x 2 M . By definition

Ann.x/ D ¹˛ 2 R W ˛x D 0º GR; an ideal in R;

hence Ann.x/ D .ıx/. If x D 0 then .ıx/ D R. ıx is called the order of x and.ıx/ the order ideal of x. ıx is uniquely determined up to units in R (that is, upto elements � with ��0 D 1 for some �0 2 R). For a submodule U of M we callAnn.U / D T

u2U .ıu/ D .�/ the order ideal of U . In an abelian groupG, consideredas a Z-module, this order for elements corresponds exactly with the order as groupelements if we choose ıx � 0 for x 2 G.

Theorem 18.5.2. Let R be a principal ideal domain and M be a finitely generatedtorsion-free R-module. Then M is free.

Proof. Let M D hx1; : : : ; xni torsion-free and R a principal ideal domain. Eachsubmodule hxi i D Rxi is free because M is torsion-free. We call a subset S �hx1; : : : ; xni free if the submodule hSi is free. Since hxi i is free there exist suchnonempty subsets. Under all free subsets S � hx1; : : : ; xni we choose one with amaximal number of elements. We may assume that ¹x1; : : : ; xsº, 1 � s � n, is sucha maximal set – after possible renaming. If s D n then the theorem holds. Now, lets < n. By the choice of s the sets ¹x1; : : : ; xs ; xj º with s < j � n are not free.Hence there are j 2 R and ˛i 2 R, not all 0, with

jxj DsX

iD1

˛ixi ; j ¤ 0; s < j � n:

For the product ˛ WD ˛sC1 � � �˛n ¤ 0 we get ˛xj 2 Rx1 ˚ � � � ˚ Rxs DW F ,s < j � n, because ˛xi 2 F for 1 � i � s. Altogether we get ˛M � F . ˛M is asubmodule of the free R-module F of rank s. By Theorem 18.5.1 we have that ˛Mis free. Since ˛ ¤ 0 and M is torsion-free, the map M ! ˛M , x 7! ˛x, defines an(module) isomorphism, that is, M Š ˛M . Therefore, also M is free.

We remind that for an integral domain R the set

Tor.M/ D T .M/ D ¹x 2 M W 9˛ 2 R; ˛ ¤ 0; with ˛x D 0ºof the torsion elements of an R-module M is a submodule with torsion-free factormodule M=T .M/.

Corollary 18.5.3. Let R be a principal ideal domain and M be a finitely generatedR-module. Then M D T .M/˚ F with a free submodule F Š M=T .M/.

Proof. M=T .M/ is a finitely generated, torsion-free R-module, and, hence, free. ByCorollary 18.4.9 we have M D T .M/˚ F , F Š M=T .M/.


From now on we are interested in the case that M ¤ ¹0º is a torsion R-module,that is, M D T .M/. Let R be a principal ideal domain and M D T .M/ an R-module. Let M ¤ ¹0º and finitely generated. As above, let ıx the order of x 2 M –unique up to units in R – and .ıx/ D ¹˛ 2 R W ˛x D 0º the order ideal of x. Let.�/ D T

x2M .ıx/ the order ideal of M . Since .�/ � .ıx/ we have ıxj� for allx 2 M . Since principal ideal domains are unique factorization domains, if � ¤ 0

then there can not be many essentially different orders (that means different up tounits). Since M ¤ ¹0º and finitely generated we have in any case � ¤ 0, because ifM D hx1; : : : ; xni, ˛ixi D 0 with ˛i ¤ 0 then ˛M D ¹0º if ˛ WD ˛1 � � �˛n ¤ 0.

Lemma 18.5.4. Let R be a principal ideal domain and M ¤ ¹0º be an R-modulewith M D T .M/.

(1) If the orders ıx and ıy of x; y 2 M are relatively prime, that is, gcd.ıx ; ıy/D1,then .ıxCy/ D .ıxıy/.

(2) Let ız be the order of z 2 M , z ¤ 0. If ız D ˛ˇ with gcd.˛; ˇ/ D 1 then thereexist x; y 2 M with z D x C y and .ıx/ D .˛/, .ıy/ D .ˇ/.

Proof. (1) Since ıxıy.x C y/ D ıxıyx C ıxıyy D ıyıxx C ıxıyy D 0 we get.ıxıy/ � .ıxCy/. On the other side, from ıxx D 0 and ıxCy.x C y/ D 0 we get0 D ıxıxCy.xC y/ D ıxıxCyy, that means, ıxıxCy 2 .ıy/ and, hence, ıy jıxıxCy .Since gcd.ıx; ıy/ D 1 we have ıy jıxCy . Analogously ıxjıxCy . Hence, ıxıy jıxCy

and .ıxCy/ � .ıxıy/.(2) Let ız D ˛ˇ with gcd.˛; ˇ/ D 1. Then there are �; 2 R with 1 D �˛ C ˇ.

Therefore we get

z D 1 � z D �˛z„ƒ‚…

DWyC ˇz„ƒ‚…

DWxD y C x D x C y:

Since ˛x D ˛ ˇz D ızz D 0 we get ˛ 2 .ız/, that means, ıxj˛. On the otherside, from 0 D ıxx D ˇıxz we get ızj ˇıx and hence ˛ˇj ˇıx because ız D ˛ˇ.Therefore ˛j ıx . From gcd.˛; / D 1 we get ˛jıx . Therefore ˛ is associated toıx , that is ˛ D ıx� with � a unit in R and further .˛/ D .ıx/. Analogously .ˇ/ D.ıy/.

In Lemma 18.5.4 we do not need M D T .M/. We only need x; y; z 2 M withıx ¤ 0, ıy ¤ 0 and ız ¤ 0, respectively.

Corollary 18.5.5. Let R be a principal ideal domain and M ¤ ¹0º be an R-modulewith M D T .M/.

1. Let x1; : : : ; xn 2 M be pairwise different and pairwise relatively prime ordersıxi

D ˛i . Then y D x1 C � � � C xn has order ˛ WD ˛1 : : : ˛n.

Section 18.6 The Fundamental Theorem for Finitely Generated Modules 279

2. Let 0 ¤ x 2 M and ıx D ��k1

1 : : : �knn be a prime decomposition of the order

ıx of x (� a unit in R and the �i pairwise nonassociate prime elements in R)where n > 0, ki > 0. Then there exist xi , i D 1; : : : ; n, with ıxi

associated to

�ki

i and x D x1 C � � � C xn.

18.6 The Fundamental Theorem for Finitely GeneratedModules

In Section 10.4 we described the following result called the basis theorem for finiteabelian groups (in the following we give a complete proof in detail; an elementaryproof is given in Chapter 19.).

Theorem 18.6.1 (Theorem 10.4.1, basis theorem for finite abelian groups). Let G bea finite abelian group. Then G is a direct product of cyclic groups of prime powerorder.

This allowed us, for a given finite order n, to present a complete classification ofabelian groups of order n. In this section we extend this result to general modules overprincipal ideal domains. As a consequence we obtain the fundamental decompositiontheorem for finitely generated (not necessarily finite) abelian groups, which finallyproves Theorem 10.4.1. In the next chapter we present a separate proof of this in aslightly different format.

Definition 18.6.2. Let R be a principal ideal domain and M be an R-module. Let� 2 R be a prime element. M� WD ¹x 2 M W 9k � 0 with �kx D 0º is called the�-primary component of M . If M D M� for some prime element � 2 R then M iscalled �-primary.

We certainly have the following.

1. M� is a submodule of M .

2. The primary components correspond to the p-subgroup inabelian groups.

Theorem 18.6.3. Let R be a principal ideal domain and M ¤ ¹0º be an R-modulewith M D T .M/. Then M is the direct sum of its �-primary components.

Proof. x 2 M has finite order ıx . Let ıx D ��k1

1 � � ��knn be a prime decomposition

of ıx . By Corollary 18.5.5 we have that x D P

xi with xi 2 M�i. That means

M D P

�2P M� where P is the set of the prime elements of R. Let y 2 M� \P

2P;¤� M , that is, ıy D �k for some k � 0 and y D P

xi with xi 2 Mi, that

means ıxiD li for some li � 0. By Corollary 18.5.5 we get that y has the order

Q

i¤� li

i , that means, �k is associated toQ

i¤� li

i . Therefore k D li D 0 forall i , and the sum is direct.


If R is a principal ideal domain and ¹0º ¤ M D T .M/ a finitely generated torsionR-module then there are only finitely many �-primary components, that is to say forthe prime elements � with �j� where .�/ is the order ideal of M .

Corollary 18.6.4. Let R be a principal ideal domain and ¹0º ¤ M be a finitelygenerated torsion R-module. Then M has only finitely many nontrivial primary com-ponents M�1

; : : : ;M�n, and we have

M DnM

iD1

M�i:

Hence we have a reduction of the decomposition problem to the primary compo-nents.

Theorem 18.6.5. Let R be a principal ideal domain, � 2 R a prime element andM ¤ ¹0º be a R-module with �kM D ¹0º; further let m 2 M with .ım/ D .�k/.Then there exists a submodule N � M with M D Rm˚N .

Proof. By Zorn’s lemma the set ¹U W U submodule of M and U \ Rm D ¹0ºº hasa maximal element N . This set is nonempty because it contains ¹0º. We considerM 0 WD N ˚ Rm � M and have to show that M 0 D M . Assume that M 0 ¤ M .Then there exists a x 2 M with x … M 0, especially x … N . Then N is properlycontained in the submodule Rx C N D hx;N i. By our choice of N we get A WD.Rx C N/ \ Rm ¤ ¹0º. If z 2 A, z ¤ 0, then z D �m D ˛x C n with �,˛ 2 R and n 2 N . Since z ¤ 0 we have �m ¤ 0; also x ¤ 0 because otherwisez 2 Rm\N D ¹0º. ˛ is not a unit in R because otherwise x D ˛�1.�m� n/ 2 M 0.Hence we have: If x 2 M , x … M 0 then there exist ˛ 2 R, ˛ ¤ 0, ˛ not a unit in R,� 2 R with �m ¤ 0 and n 2 N such that

˛x D �mC n: (?)

Especially ˛x 2 M 0.Now let ˛ D ��1 : : : �r be a prime decomposition. We consider one after the

other the elements x; �rx; �r�1�rx; : : : ; ��1 : : : �rx D ˛x. We have x … M 0 but˛x 2 M 0; hence there exists an y … M 0 with �iy 2 N CRm.

1. �i ¤� , � the prime element in the statement of the theorem. Then gcd.�i ; �k/

D 1, hence there are , 0 2 R with �i C 0�k D 1, and we get Rm D.R�i C R�k/m D �iRm because �km D 0. Therefore �iy 2 M 0 D N ˚Rm D N C �iRm.

2. �i D � . Then we write �y as �y D n C �m with n 2 N and � 2 R.This is possible because �y 2 M 0. Since �kM D ¹0º we get 0 D �k�1 ��y D�k�1nC�k�1�m. Therefore �k�1n D �k�1�m D 0 becauseN\Rm D ¹0º.Especially we get �k�1� 2 .ım/, that is, �kj�k�1� and, hence, �j�. Therefore�y D nC �m D nC ��0m 2 N C �Rm, �0 2 R.

Section 18.6 The Fundamental Theorem for Finitely Generated Modules 281

Hence, in any case we have �iy 2 N C �iRm, that is, �iy D nC �iz with n 2 Nand z 2 Rm. It follows �i .y � z/ D n 2 N .y�z is not an element ofM 0 because y … M 0. By (?) we have therefore ˛; ˇ 2 R,

ˇ ¤ 0 not a unit in R with ˇ.y � z/ D n0 C ˛m, ˛m ¤ 0, n0 2 N . We writez0 D ˛m, then z0 2 Rm, z0 ¤ 0, and ˇ.y � z/ D n0 C z0. So, we have the equationsˇ.y � z/ D n0 C z0, z0 ¤ 0, and

�i .y � z/ D n: (??)

We have gcd.ˇ; �i / D 1 because otherwise �i jˇ and, hence, ˇ.y � z/ 2 N andz0 D 0 because N \ Rm D ¹0º. Then there exist ; 0 with �i C 0ˇ D 1. In (??)we multiply the first equation with 0 and the second with .

Addition gives y � z 2 N ˚ Rm D M 0, and hence y 2 M 0 which contradictsy … M 0. Therefore M D M 0.

Theorem 18.6.6. Let R be a principal ideal domain, � 2 R a prime element andM ¤ ¹0º a finitely generated �-primary R-module. Then there exist finitely manym1; : : : ; ms 2 M with M D Ls

iD1Rmi .

Proof. Let M D hx1; : : : ; xni. Each xi has an order �ki . We may assume thatk1 D max¹k1; k2; : : : ; knº, possibly after renaming. We have �kixi D 0 for all i .Since xk1

i D .xki

i /k1�ki we have also �k1M D 0, and also .ıx1

/ D .�k1/. ThenM D Rx1 ˚N for some submodule N � M by Theorem 18.6.5.Now N Š M=Rx1

and M=Rx1 is generated by the elements x2 C Rx1; : : : ; xn C Rx1. Hence, N isfinitely generated by n � 1 elements; and certainly N is �-primary. This proves theresult by induction.

Since RmiŠ R=Ann.mi / and Ann.mi / D .ımi

/ D .�ki / we get the followingextension of Theorem 18.6.6.

Theorem 18.6.7. Let R be a principal ideal domain, � 2 R a prime element andM ¤ ¹0º a finitely generated �-primary R-module. Then there exist finitely manyk1; : : : ; ks 2 N with

M ŠsM

iD0

R=.�ki /;

and M is, up to isomorphism, uniquely determined by .k1; : : : ; ks/.

Proof. The first part, that is, a description as M Š LsiD0R=.�

ki / follows directlyfrom Theorem 18.6.6. Now, let

M ŠnM

iD0

R=.�ki / ŠmM

iD0

R=.� li /:


We may assume that k1 � k2 � � � � � kn > 0 and l1 � l2 � � � � � lm > 0. Weconsider first the submodule N WD ¹x 2 M W �x D 0º. Let M D Ln

iD1R=.�ki /. If

we write then x D P

.ri C .�ki // we have �x D 0 if and only if ri 2 .�ki�1/, thatis, N Š Ln

iD1.�ki�1/=.�ki / Š Ln

iD1R=.�/ because �k�1R=�kR Š R=�R.Since .˛C .�//x D ˛x if �x D 0 we get that N is an R=.�/-module, and, hence,

a vector space over the field R=.�/. From the decompositions

N ŠnM

iD1

R=.�/ and, analogously, N ŠmM

iD1

R=.�/

we getn D dimR=.�/N D m: (???)

Assume that there is an i with ki < li or li < ki . Without loss of generality assumethat there is an i with ki < li .

Let j be the smallest index for which kj < lj . Then (because of the ordering ofthe ki )

M 0 WD �kjM ŠnM

iD1

�kjR=�kiR Šj�1M

iD1

�kjR=�kiR;

because if i > j then �kjR=�kiR D ¹0º.We now consider M 0 D �kjM with respect to the second decomposition, that is,

M 0 Š LmiD1 �

kjR=� liR. By our choice of j we have kj < lj � li for 1 � i � j .Therefore, in this second decomposition, the first j summands �kjR=� liR are

unequal ¹0º, that is �kjR=� liR ¤ ¹0º if 1 � i � j . The remaining summands are¹0º or of the form R=�sR. Hence, altogether, on the one side M 0 is a direct sumof j � 1 cyclic submodules and on the other side a direct sum of t � j nontrivialsubmodules. But this contradicts the above result (???) about the number of directsums for finitely generated �-primary modules because, certainly, M 0 is also finitelygenerated and �-primary. Therefore ki D li for i D 1; : : : ; n. This proves thetheorem.

Theorem 18.6.8 (fundamental theorem for finitely generated modules over princi-pal ideal domains). Let R be a principal ideal domain and M ¤ ¹0º be a finitelygenerated (unitary) R-module. Then there exist prime elements �1; : : : ; �r 2 R,0 � r < 1 and numbers k1; : : : ; kr 2 tN, t 2 N0 such that

M Š R=.�k1

1 /˚R=.�k2

2 /˚ � � � ˚R=.�krr /˚R˚ � � � ˚R

„ ƒ‚ …

t-times

;

and M is, up to isomorphism, uniquely determined by .�k1

1 ; : : : ; �krr ; t /.


The prime elements �i are not necessarily pairwise different (up to units inR), thatmeans it can be �i D ��j for i ¤ j where � is a unit in R.

Proof. The proof is a combination of the preceding results. The free part of M isisomorphic toM=T .M/, and the rank ofM=T .M/, which we call here t , is uniquelydetermined because two bases of M=T .M/ have the same cardinality. Therefore wemay restrict ourselves on torsion modules. Here we have a reduction to �-primarymodules because in a decomposition M D L

i R=.�ki

i / is M� D L

�iD� R=.�ki

i /

the �-primary component of M (an isomorphism certainly maps a �-primary com-ponent onto a �-primary component). So it is only necessary, now, to consider �-primary modules M . The uniqueness statement now follows from Theorem 18.6.8.

Since abelian groups can be considered as Z-modules, and Z is a principal idealdomain, we get the following corollary. We will restate this result in the next chapterand prove a different version of it.

Theorem 18.6.9 (fundamental theorem for finitely generated abelian groups). Let¹0º ¤ G D .G;C/ be a finitely generated abelian group. Then there exist primenumbers p1; : : : ; pr , 0 � r < 1, and numbers k1; : : : ; kr 2 N, t 2 N0 such that

G Š Z=.pk1

1 Z/˚ � � � ˚ Z=.pkrr Z/˚ Z ˚ � � � ˚ Z

„ ƒ‚ …

t-times

;

and G is, up to isomorphism, uniquely determined by .pk1

1 ; : : : ; pkrr ; t /.

18.7 Exercises

1. LetM andN be isomorphic modules over a commutative ring R. Then EndR.M/

and EndR.N / are isomorphic rings. (EndR.M/ is the set of all R-modules endo-morphisms of M .)

2. Let R be an integral domain and M an R-module with M D Tor.M/ (torsionmodule). Show that HomR.M;R/ D 0. (HomR.M;R/ is the set of all R-modulehomomorphisms from M to R.)

3. Prove the isomorphism theorems for modules (1), (2) and (3) in Theorem 18.1.11in detail.

4. Let M;M 0; N be R-modules, R a commutative ring. Show:

(i) HomR.M ˚M 0; N / Š HomR.M;N / � HomR.M0; N /

(ii) HomR.N;M �M 0/ Š HomR.N;M/˚ HomR.N;M0/.

5. Show that two free modules having bases whose cardinalities are equal are isomor-phic.


6. Let M be an unitary R-module (R a commutative ring) and let ¹m1; : : : ; msº be afinite subset of M . Show that the following are equivalent:

(i) ¹m1; : : : ; msº generates M freely.

(ii) ¹m1; : : : ; msº is linearly independent and generates M .

(iii) Every element m 2 M is uniquely expressible in the form m D PsiD1 rimi

with ri 2 R.

(iv) Each Rmi is torsion-free, and M D Rm1 ˚ � � � ˚Rms .

7. Let R be a principal domain and M ¤ ¹0º be an R-module with M D T .M/.

(i) Let x1; : : : ; xn 2 M be pairwise different and pairwise relatively prime or-ders ıxi

D ˛i . Then y D x1 C � � � C xn has order ˛ WD ˛1 : : : ˛n.

(ii) Let 0 ¤ x 2 M and ıx D ��k1

1 � � ��knn be a prime decomposition of the

order ıx of x (� a unit in R and the �i pairwise nonassociate prime elementsin R) where n > 0, ki > 0. Then there exist xi , i D 1; : : : ; n, with ıxi

associated to �ki

i and x D x1 C � � � C xn.

Chapter 19

Finitely Generated Abelian Groups

19.1 Finite Abelian Groups

In Chapter 10 we described the following theorem that completely provides the struc-ture of finite abelian groups. As we saw in Chapter 18 this result is a special case of ageneral result on modules over principal ideal domains.

Theorem 19.1.1 (Theorem 10.4.1, basis theorem for finite abelian groups). Let G bea finite abelian group. Then G is a direct product of cyclic groups of prime powerorder.

We review two examples that show how this theorem leads to the classification offinite abelian groups. In particular this theorem allows us, for a given finite order n,to present a complete classification of abelian groups of order n.

Since all cyclic groups of order n are isomorphic to .Zn;C/, Zn D Z=nZ, we willdenote a cyclic group of order n by Zn.

Example 19.1.2. Classify all abelian groups of order 60. Let G be an abelian groupof order 60. From Theorem 10.4.1 G must be a direct product of cyclic groups ofprime power order. Now 60 D 22 � 3 � 5 so the only primes involved are 2, 3 and 5.Hence the cyclic groups involved in the direct product decomposition of G have ordereither 2, 4, 3 or 5 (by Lagrange’s theorem they must be divisors of 60). Therefore Gmust be of the form

G Š Z4 � Z3 � Z5

or

G Š Z2 � Z2 � Z3 � Z5:

Hence up to isomorphism there are only two abelian groups of order 60.

Example 19.1.3. Classify all abelian groups of order 180. Let G be an abelian groupof order 180. Now 180 D 22 � 32 � 5 so the only primes involved are 2, 3 and 5. Hencethe cyclic groups involved in the direct product decomposition of G have order either2, 4, 3, 9 or 5 (by Lagrange’s theorem they must be divisors of 180). Therefore G

286 Chapter 19 Finitely Generated Abelian Groups

must be of the form

G Š Z4 � Z9 � Z5

G Š Z2 � Z2 � Z9 � Z5

G Š Z4 � Z3 � Z3 � Z5

G Š Z2 � Z2 � Z3 � Z3 � Z5:

Hence up to isomorphism there are four abelian groups of order 180.

The proof of Theorem 19.1.1 involves the following lemmas. We refer back toChapter 10 or Chapter 18 for the proofs. Notice how these lemmas mirror the re-sults for finitely generated modules over principal ideal domains considered in thelast chapter.

Lemma 19.1.4. Let G be a finite abelian group and let pjjGj where p is a prime.Then all the elements of G whose orders are a power of p form a normal subgroupof G. This subgroup is called the p-primary component of G, which we will denoteby Gp .

Lemma 19.1.5. Let G be a finite abelian group of order n. Suppose that n Dp

e1

1 � � �pek

kwith p1; : : : ; pk distinct primes. Then

G Š Gp1� � � � �Gpk

where Gpiis the pi -primary component of G.

Theorem 19.1.6 (basis theorem for finite abelian groups). Let G be a finite abeliangroup. Then G is a direct product of cyclic groups of prime power order.

19.2 The Fundamental Theorem: p-Primary Components

In this section we use the fundamental theorem for finitely generated modules overprincipal ideal domains to extend the basis theorem for finite abelian groups to themore general case of finitely generated abelian groups. In this section we considerthe decomposition into p-primary components, mirroring our result in the finite case.In the next chapter we present a different form of the basis theorem with a moreelementary proof.

Section 19.2 The Fundamental Theorem: p-Primary Components 287

In Chapter 18 we proved the following:

Theorem 19.2.1 (fundamental theorem for finitely generated modules over princi-pal ideal domains). Let R be a principal ideal domain and M ¤ ¹0º be a finitelygenerated (unitary) R-module. Then there exist prime elements �1; : : : ; �r 2 R,0 � r < 1 and numbers k1; : : : ; kr 2 N, t 2 N0 such that

M Š R=.�k1

1 /˚R=.�k2

2 /˚ � � � ˚R=.�krr /˚R˚ � � � ˚R

„ ƒ‚ …

t-times

;

and M is, up to isomorphism, uniquely determined by .�k1

1 ; : : : ; �krr ; t /.

The prime elements �i are not necessarily pairwise different (up to units inR), thatmeans it can be �i D ��j for i ¤ j where � is a unit in R.

Since abelian groups can be considered as Z-modules, and Z is a principal idealdomain, we get the following corollary which is extremely important in its own right.

Theorem 19.2.2 (fundamental theorem for finitely generated abelian groups). Let¹0º ¤ G D .G;C/ be a finitely generated abelian group. Then there exist primenumbers p1; : : : ; pr , 0 � r < 1, and numbers k1; : : : ; kr 2 N, t 2 N0 such that

G Š Z=.pk1

1 Z/˚ � � � ˚ Z=.pkrr Z/˚ Z ˚ � � � ˚ Z

„ ƒ‚ …

t-times

;


1 ; : : : ; pkrr ; t /.

Notice that the number t of infinite components is unique. This is called the rankor Betti number of the abelian group G. This number plays an important role in thestudy of homology and cohomology groups in topology.

If G D Z � Z � � � � � Z D Zr for some r we call G a free abelian group of rankr . Notice that if an abelian group G is torsion-free then the p-primary componentsare just the identity. It follows that in this case G is a free abelian group of finite rank.Again using module theory it follows that subgroups of this must also be free abelianand of smaller or equal rank. Notice the distinction between free abelian groups andabsolutely free groups (see Chapter 14). In the free group case a nonabelian freegroup of finite rank contains free subgroups of all possible countable ranks. In thefree abelian case however the subgroups have smaller or equal rank. We summarizethis comments.

Theorem 19.2.3. Let G ¤ ¹0º be a finitely generated torsion-free abelian group.Then G is a free abelian group of finite rank r that is G Š Zr . Further if H is asubgroup of G then H is also free abelian and the rank ofH is smaller or equal thanthe rank of G.


19.3 The Fundamental Theorem: Elementary Divisors

In this section we present the fundamental theorem of finitely generated abeliangroups in a slightly different form and present an elementary proof of it.

In the followingG is always a finitely generated abelian group. We use the addition“C” for the binary operation, that is,

C W G �G ! G; .x; y/ 7! x C y:

We also write ng instead of gn and use 0 as the symbol for the identity element in G,that is, 0Cg D g for all g 2 G. G D hg1; : : : ; gt i, 0 � t < 1, that is, G is (finitely)generated by g1; : : : ; gt , is equivalent to the fact that each g 2 G can be written inthe form g D n1g1 C n2g2 C � � � C ntgt , ni 2 Z. A relation between the gi withcoefficients n1; : : : ; nt is then each equation of the form n1g1 C � � � C ntgt D 0.A relation is called nontrivial if ni ¤ 0 for at least one i . A system R of relationsin G is called a system of defining relations, if each relation in G is a consequenceof R. The elements g1; : : : ; gt are called integrally linear independent if there areno nontrivial relations between them. A finite generating system ¹g1; : : : ; gtº of Gis called a minimal generating system if there is no generating system with t � 1

elements.Certainly each finitely generated group has a minimal generating system. In the

following we always assume that our finitely generated abelian group G is unequal¹0º, that is, G is nontrivial.

As above, we may consider G as a finitely generated Z-module, and in this sense,the subgroups of G are precisely the submodules. Hence, it is clear what we mean ifwe call G a direct product G D U1 � � � � � Us of its subgroups U1; : : : ; Us , namely,each g 2 G can be written as g D u1 C u2 C � � � C us with ui 2 Ui and

Ui \� s

Y

jD1;j¤i

Uj

�

D ¹0º:

To emphasize the little difference between abelian groups and Z-modules we hereuse the notation “direct product” instead of “direct sum”. Considered as Z-modules,for finite index sets I D ¹1; : : : ; sº we have anyway

sY

iD1

Ui DsM

iD1

Ui :

Finally we use the notation Zn instead of Z=nZ, n 2 N. In general, we use Zn tobe a cyclic group of order n.

Section 19.3 The Fundamental Theorem: Elementary Divisors 289

The aim in this section is to prove the following:

Theorem 19.3.1 (basis theorem for finitely generated abelian groups). Let G ¤ ¹0ºbe a finitely generated abelian group. Then G is a direct product

G Š Zk1� � � � �Zkr

� U1 � � � � � Us;

r � 0, s � 0, of cyclic subgroups with jZkij D ki for i D 1; : : : ; r , ki jkiC1 for

i D 1; : : : ; r � 1 and Uj Š Z for j D 1; : : : ; s. Here the numbers k1; : : : ; kr , r ands are uniquely determined by G, that means, are k01; : : : ; k0r ; r 0 and s0 the respectivenumbers for a second analogous decomposition of G then r D r 0, k1 D k01; : : : ; kr Dk0r and s D s0.

The numbers ki are called the elementary divisors of G.We can have r D 0 or s D 0 (but not both because G ¤ ¹0º). If s > 0, r D 0 then

G is a free abelian group of rank s (exactly the same rank if you consider G as a freeZ-module of rank s). If s D 0 then G is finite, in fact: s D 0 , G is finite.

We first prove some preliminary results.

Lemma 19.3.2. Let G D hg1; : : : ; gt i, t � 2, an abelian group. Then also G Dhg1 CPt

iD2migi ; g2; : : : ; gt i for arbitrary m2; : : : ; mt 2 Z.

Lemma 19.3.3. LetG be a finitely generated abelian group. Among all nontrivial re-lations between elements of minimal generating systems of G we choose one relation

m1g1 C � � � Cmtgt D 0 (?)

with smallest possible positive coefficient, and let this smallest coefficient be m1. Let

n1g1 C � � � C ntgt D 0 (??)

be another relation between the same generators g1; : : : ; gt . Then

(1) m1jn1 and

(2) m1jmi for i D 1; 2; : : : ; t .

Proof. (1) Assume m1 − n1. Then n1 D qm1 Cm01 with 0 < m01 < m1. If we mul-tiply the relation (?) with q and subtract the resulting relation from the relation (??)then we get a relation with a coefficientm01 < m1 which contradicts the choice ofm1.Hence m1jn1.

(2) Assume m1 − m2. Then m2 D qm1 C m02 with 0 < m02 < m2. ¹g1 Cqg2; g2; : : : ; gtº is a minimal generating system which satisfies the relation m1.g1 Cqg2/ C m02g2 C m3g3 C � � � C mtgt D 0, and this relation has a coefficient m02 <m1. This again contradicts the choice of m1. Hence m1jm2 and further m1jmi fori D 1; : : : ; t .


Lemma 19.3.4 (invariant characterization of kr for finite abelian groupsG). LetG DZk1

� � � � �Zkrand Zki

finite cyclic of order ki � 2, i D 1; : : : ; r , with ki jkiC1 fori D 1; : : : ; r � 1. Then kr is the smallest natural number n such that ng D 0 for allg 2 G. kr is called the exponent or the maximal order of G.

Proof. 1. Let g 2 G arbitrary, that is, g D n1g1 C � � � C nrgr with gi 2 Zki.

Then kigi D 0 for i D 1; : : : ; r by the theorem of Fermat. Since ki jkr we getkrg D n1k1g1 C � � � C nrkrgr D 0.

2. Let a 2 G with ZkrD hai. Then the order of a is kr and, hence, na ¤ 0 for all

0 < n < kr .

Lemma 19.3.5 (invariant characterization of s). Let G D Zk1� � � � � Zkr

� U1 �� Us , s > 0, where the Zki

are finite cyclic groups of order ki and the Uj areinfinite cyclic groups. Then, s is the maximal number of integrally linear independentelements of G; s is called the rank of G.

Proof. 1. Let gi 2 Ui , gi ¤ 0, for i D 1; : : : ; s. Then the g1; : : : ; gs are integrallylinear independent because from n1g1 C � � � C nsgs D 0, the ni 2 Z, we get n1g1 2U1 \ .U2 � � � � � Us/ D ¹0º, and, hence, n1g1 D 0, that is n1 D 0, because g1 hasinfinite order. Analogously we get n2 D � � � D ns D 0.

2. Let g1; : : : ; gsC1 2 G. We look for integers x1; : : : ; xsC1, not all 0, such that arelation

PsC1iD1 xigi D 0 holds. Let Zki

2 hai i, Uj D hbj i. Then we may write eachgi as gi D mi1a1 C � � � Cmirar C ni1b1 C � � � C nisbs for i D 1; : : : ; s C 1, wheremijaj 2 Zkj

and nilbl 2 Ul .

Case 1: all mij aj D 0. ThenPsC1

iD1 xigi D 0 is equivalent to

sC1X

iD1

xi

� sX

jD1

nij bj

�

DsX

jD1

� sC1X

iD1

nijxi

�

bj D 0:

The systemPsC1

iD1 nijxi D 0, j D 1; : : : ; s, of linear equations has at least one non-trivial rational solution .x1; : : : ; xsC1/ because we have more unknown than equa-tions. Multiplication with the common denominator gives a nontrivial integral solu-tion .x1; : : : ; xsC1/2ZsC1. For this solution we get

sC1X

iD1

xigi D 0:

Case 2: mijaj arbitrary. Let k ¤ 0 be a common multiple of the orders kj of thecyclic groups Zkj

, j D 1; : : : ; r . Then

kgi D mi1ka1„ ƒ‚ …

D0

C � � � Cmirkar„ ƒ‚ …

D0

Cni1kb1 C � � � C niskbs


for i D 1; : : : ; s C 1. By case 1 the kg1; : : : ; kgsC1 are integrally linear depen-dent, that is, we have integers x1; : : : ; xsC1, not all 0, with

PsC1iD1 xi .kgi / D 0 D

PsC1iD1.xik/gi , and the xik are not all 0. Hence, also g1; : : : ; gsC1 are integrally

linear dependent.

Lemma 19.3.6. Let G WD Zk1� � � � �Zkr

Š Zk01

� � � � �Zk0r0

DW G0, the Zki; Zk0

j

cyclic groups of orders ki ¤ 1 and k0j ¤ 1, respectively and ki jkiC1 for i D1; : : : ; r � 1 and k0j jk0jC1 for j D 1; : : : ; r 0 � 1. Then r D r 0 and k1 D k01,k2 D k02; : : : ; kr D k0r .

Proof. We prove this lemma by induction on the group order jGj D jG0j. Certainly,Lemma 19.3.6 holds if jGj � 2 because then either G D ¹0º, and here r D r 0 D 0 orG Š Z2, and here r D r 0 D 1. Now let jGj > 2. Then especially r � 1. Inductivelywe assume that Lemma 19.3.6 holds for all finite abelian groups of order less than jGj.By Lemma 19.3.4 the number kr is invariantly characterized, that is, from G Š G0follows kr D k0r 0 , that is especially, Zkr

Š Zk0r0

. Then G=ZkrŠ G=Zk0

r0, that is,

Zk1� � � � �Zkr�1

Š Zk01

� � � � �Zk0r0�1

. Inductively r � 1 D r 0 � 1, that is, r D r 0,and k1 D k01; : : : ; kr�1 D k0r 0�1. This proves Lemma 19.3.6.

We can now present the main result, which we state again, and its proof.

Theorem 19.3.7 (basis theorem for finitely generated abelian groups). Let G ¤ ¹0ºbe a finitely generated abelian group. Then G is a direct product

G Š Zk1� � � � �Zkr

� U1 � � � � � Us; r � 0; s � 0;

of cyclic subgroups with jZkij D ki for i D 1; : : : ; r , ki jkiC1 for i D 1; : : : ; r � 1

and Uj Š Z for j D 1; : : : ; s. Here the numbers k1; : : : ; kr ; r and s are uniquelydetermined by G, that means, are k01; : : : ; k0r ; r 0 and s0 the respective numbers fora second analogous decomposition of G then r D r 0, k1 D k01; : : : ; kr D k0r ands D s0.

Proof. (a) We first prove the existence of the given decomposition. Let G ¤ ¹0º be afinitely generated abelian group. Let t , 0 < t < 1, be the number of elements in aminimal generating system ofG. We have to show that G is decomposable as a directproduct of t cyclic groups with the given description. We prove this by induction on t .If t D 1 then the basis theorem certainly is correct. Now let t � 2 and assume thatthe assertion holds for all abelian groups with less then t generators.

Case 1: There does not exist a minimal generating system of G which satisfies anontrivial relation. Let ¹g1; : : : ; gtº be an arbitrary minimal generating system for G.Let Ui D hgi i. Then all Ui are infinite cyclic and we haveG D U1 �� Ut becauseif, for instance, U1 \ .U2 C � � � C Ut / ¤ ¹0º then we must have a nontrivial relationbetween the g1; : : : ; gt .


Case 2: There exist minimal generating systems of G which satisfy nontrivial rela-tions. Among all nontrivial relations between elements of minimal generating systemsof G we choose one relation

m1g1 C � � � Cmtgt D 0 (?)

with smallest possible positive coefficient. Without loss of generality, let m1 bethis coefficient. By Lemma 19.3.3 we get m2 D q2m1; : : : ; mt D qtm1. Now,¹g1 CPt

iD2 qigi ; g2; : : : ; gt º is a minimal generating system ofG by Lemma 19.3.2.Define h1 D g1 CPt

iD2 qigi , then m1h1 D 0. If n1h1 C n2g2 C � � � C ntgt D 0 isan arbitrary relation between h1; g2; : : : ; gt thenm1jn1 by Lemma 19.3.3, and, hencen1h1 D 0. Define H1 WD hh1i and G0 D hg2; : : : ; gt i. Then G D H1 �G0. This wecan see as follows: First, each g 2 G can be written as g D m1h1 C m2g2 C � � � Cmtgt D m1h1 C g0 with g0 2 G0. Also H1 \ G0 D ¹0º because m1h1 D g0 2 G0implies a relation n1h1 C n2g2 C � � � C ntgt D 0 and from this we get, as above,n1h1 D g0 D 0. Now, inductively, G0 D Zk2

� � � � � Zkr� U1 � � � � � Us with Zki

a cyclic group of order ki , i D 2; : : : ; r , ki jkiC1 for i D 2; : : : ; r � 2, Uj Š Z forj D 1; : : : ; s, and .r � 1/ C s D t � 1, that is, r C s D t . Further, G D H1 � G0where H1 is cyclic of order m1. If r � 2 then we get a nontrivial relation

m1h1„ƒ‚…

D0

C k2h2„ƒ‚…

D0

D 0

since k2 ¤ 0. Again m1jk2 by Lemma 19.3.3. This gives the desired decomposition.(b) We now prove the uniqueness statement.Case 1: G is finite abelian. Then the claim follows from Lemma 19.3.6Case 2: G is arbitrary finitely generated and abelian. Let T WD ¹x 2 G W jxj < 1º,

that is the set of elements ofG of finite order. SinceG is abelian T is a subgroup ofG,the so called torsion subgroup ofG. If, as above,G D Zk1

�� Zkr�U1 �� Us

then T D Zk1�� Zkr

because an element b1C� � �CbrCc1C� � �Ccs with bi 2 Zki,

cj 2 Uj has finite order if and only if all cj D 0. That means: Zk1� � � � � Zkr

is,independent of the special decomposition, uniquely determined byG, and hence, alsothe numbers r; k1; : : : ; kr by Lemma 19.3.6. Finally the number s, the rank of G,is uniquely determined by Lemma 19.3.5. This proves the basis theorem for finitelygenerated abelian groups.

As a corollary we get the fundamental theorem for finitely generated abelian groupsas given in Theorem 19.2.1.

Theorem 19.3.8. Let ¹0º ¤ G D .G;C/ be a finitely generated abelian group. Thenthere exist prime numbers p1; : : : ; pr , 0 � r < 1, and numbers k1; : : : ; kr 2 N,t 2 N0 such that

G Š Zp

k11

� � � � � Zp

krr

� Z � � � � � Z„ ƒ‚ …

t-times

;


1 ; : : : ; pkrr ; t /.


Proof. For the existence we only have to show that Zmn ŠZm�Zn if gcd.m; n/D1.For this we write Un D hm C mnZi < Zmn, Um D hn C nmZi < Zmn, andUn \ Um D ¹mnZº because gcd.m; n/ D 1. Further there are h; k 2 Z with 1 Dhm C kn. Hence, l C mnZ D hlm C mnZ C kln C mnZ, and therefore Zmn DUn � Um Š Zn � Zm.

For the uniqueness statement we may reduce the problem to the case jGj D pk for aprime number p and k 2 N. But here the result follows directly from Lemma 19.3.6.

From this proof we automatically get the Chinese remainder theorem for the caseZn D Z=nZ.

Theorem 19.3.9 (Chinese remainder theorem). Let m1; : : : ; mr 2 N, r � 2, withgcd.mi ; mj / D 1 for i ¤ j . Define m WD m1 � � �mr .

(1) � W Zm ! Zm1� � � � � Zmr

, aCmZ 7! .aCm1Z; : : : ; aCmrZ/, defines aring isomorphism.

(2) The restriction of � on the multiplicative group of the prime residue classesdefines a group isomorphism Z?

m ! Z?m1

� � � � � Z?mr

.

(3) For given a1; : : : ; ar 2 Z there exists modulo m exactly one x 2 Z with x �ai .mod mi / for i D 1; : : : ; r .

Recall that for k 2 N a prime residue class is defined by aCkZ with gcd.a; k/ D 1.The set of prime residue classes modulo k is certainly a multiplicative group.

Proof. By Theorem 19.3.1 we get that � is an additive group isomorphism which canbe extended directly to a ring isomorphism via .a CmZ/.b CmZ/ 7! .ab Cm1Z;: : : ; ab CmrZ/. The remaining statements are now obvious.

Let A.n/ be the number of nonisomorphic finite abelian groups of order n Dp

k1

1 � � �pkrr , r � 1, with pairwise different prime numbers p1; : : : ; pr and k1; : : : ;

kr 2 N. By Theorem 19.2.2 we have A.n/ D A.pk1

1 / � � �A.pkrr /. Hence, to cal-

culate A.n/, we have to calculate A.pm/ for a prime number p m 2 N. Again, byTheorem 19.2.2, we get G Š Zpm1 � � � � � Zpmk , all mi � 1, if G is abelian oforder pm. If we compare the orders we get m D m1 C � � � C mk . We may orderthe mi by size. A k-tuple .m1; : : : ; mk/ with 0 < m1 � m2 � � � � � mk andm1 Cm2 C � � � Cmk D m is called a partition of m. From above each abelian groupof order pm gives a partition .m1; : : : ; mk/ of m for some k with 1 � k � m. Onthe other side, each partition .m1; : : : ; mk/ of m gives an abelian group of order pm,namely Zpm1 � � � � � Zpmk . Theorem 19.2.2 shows that different partitions give non-isomorphic groups. If we define p.m/ to be the number of partitions ofm then we getthe following: A.pm/ D p.m/ and A.pk1

1 � � �pkrr / D p.k1/ � � �p.kr /.


19.4 Exercises

1. Let H be a finite generated abelian group, which is the homomorphic image of atorsion-free abelian group of finite rank n. Show that H is the direct sum of � n

cyclic groups.

2. Determine (up to isomorphism) all groups of order p2 (p prime) and all abeliangroups of order � 15.

3. Let G be an abelian group with generating elements a1; : : : ; a4 and defining rela-tions

5a1 C 4a2 C a3 C 5a4 D 0

7a1 C 6a2 C 5a3 C 11a4 D 0

2a1 C 2a2 C 10a3 C 12a4 D 0

10a1 C 8a2 � 4a3 C 4a4 D 0:

Express G as a direct product of cyclic groups.

4. Let G be a finite abelian group and u D Q

g2G g the product of all elements of G.Show: If G has an element a of order 2, then u D a, otherwise u D e. Concludefrom this the theorem of Wilson:

.p � 1/Š � �1.mod p/ for each prime p:

5. Let p be a prime and G a finite abelian p-group, that is the order of all elements ofG is finite and a power of p. Show that G is cyclic, if G has exactly one subgroupof order p. Is the statement still correct, if G is not abelian?

Chapter 20

Integral and Transcendental Extensions

20.1 The Ring of Algebraic Integers

Recall that a complex number ˛ is an algebraic number if it is algebraic over therational numbers Q. That is ˛ is a zero of a polynomial p.x/ 2 QŒx�. If ˛ 2 C is notalgebraic then it is a transcendental number.

We will let A denote the totality of algebraic numbers within the complex num-bers C, and T the set of transcendentals so that C D A [ T . The set A is thealgebraic closure of Q within C.

The set A of algebraic numbers forms a subfield of C (see Chapter 5) and thesubset A0 D A \ R of real algebraic numbers forms a subfield of R. The field A isan algebraic extension of the rationals Q, however the degree is infinite.

Since each rational is algebraic it is clear that there are algebraic numbers. Furtherthere are irrational algebraic numbers,

p2 for example, since it is a root of the irre-

ducible polynomial x2 �2 over Q. In Chapter 5 we proved that there are uncountablyinfinitely many transcendental numbers (Theorem 5.5.3). However it is very difficultto prove that any particular real or complex number is actually transcendental. InTheorem 5.5.4 we showed that the real number

c D1X

jD1

1

10j Š

is transcendental.In this section we examine a special type of algebraic number called an algebraic

integer. These are the algebraic numbers that are zeros of monic integral polynomials.The set of all such algebraic integers forms a subring of C. The proofs in this sectioncan be found in [35].

After we do this we extend the concept of an algebraic integer to a general con-text and define integral ring extensions. We then consider field extensions that arenonalgebraic – transcendental field extensions. Finally we will prove that the familiarnumbers e and � are transcendental.

Definition 20.1.1. An algebraic integer is a complex number ˛ that is a root of amonic integral polynomial. That is, ˛ 2 C is an algebraic integer if there existsf .x/ 2 ZŒx� with f .x/ D xn C bn�1x

n�1 C � � � C b0, bi 2 Z, n � 1, and f .˛/ D 0.

An algebraic integer is clearly an algebraic number. The following are clear.

296 Chapter 20 Integral and Transcendental Extensions

Lemma 20.1.2. If ˛ 2 C is an algebraic integer, then all its conjugates, ˛1; : : : ; ˛n,over Q are also algebraic integers.

Lemma 20.1.3. ˛ 2 C is an algebraic integer if and only if m˛ 2 ZŒx�.

To prove the converse of this lemma we need the concept of a primitive integralpolynomial. This is a polynomial p.x/ 2 ZŒx� such that the GCD of all its coefficientsis 1. The following can be proved (see exercises):

(1) If f .x/ and g.x/ are primitive then so is f .x/g.x/.

(2) If f .x/ 2 ZŒx� is monic then it is primitive.

(3) If f .x/ 2 QŒx� then there exists a rational number c such that f .x/ D cf1.x/

with f1.x/ primitive.

Now suppose f .x/ 2 ZŒx� is a monic polynomial with f .˛/ D 0. Let p.x/ Dm˛.x/. Then p.x/ divides f .x/ so f .x/ D p.x/q.x/.

Let p.x/ D c1p1.x/ with p1.x/ primitive and let q.x/ D c2q1.x/ with q1.x/

primitive. Thenf .x/ D cp1.x/q1.x/:

Since f .x/ is monic it is primitive and hence c D 1 so f .x/ D p1.x/q1.x/.Since p1.x/ and q1.x/ are integral and their product is monic they both must be

monic. Since p.x/ D c1p1.x/ and they are both monic it follows that c1 D 1 andhence p.x/ D p1.x/. Therefore p.x/ D m˛.x/ is integral.

When we speak of algebraic integers we will refer to the ordinary integers as ra-tional integers. The next lemma shows the close ties between algebraic integers andrational integers.

Lemma 20.1.4. If ˛ is an algebraic integer and also rational then it is a rationalinteger.

The following ties algebraic numbers in general to corresponding algebraic inte-gers. Notice that if q 2 Q then there exists a rational integer n such that nq 2 Z. Thisresult generalizes this simple idea.

Theorem 20.1.5. If � is an algebraic number then there exists a rational integer r¤0such that r� is an algebraic integer.

We saw that the set A of all algebraic numbers is a subfield of C. In the samemanner the set I of all algebraic integers forms a subring of A. First an extension ofthe following result on algebraic numbers.

Lemma 20.1.6. Suppose ˛1; : : : ; ˛n are the set of conjugates over Q of an algebraicinteger ˛. Then any integral symmetric function of ˛1; : : : ; ˛n is a rational integer.

Section 20.1 The Ring of Algebraic Integers 297

Theorem 20.1.7. The set I of all algebraic integers forms a subring of A.

We note that A, the field of algebraic numbers, is precisely the quotient field of thering of algebraic integers.

An algebraic number field is a finite extension of Q within C. Since any finiteextension of Q is a simple extension each algebraic number field has the form K DQ.�/ for some algebraic number � .

Let K D Q.�/ be an algebraic number field and let RK D K \ I. Then RK formsa subring of K called the algebraic integers or just integers of K. An analysis of theproof of Theorem 20.1.5 shows that each ˇ 2 K can be written as

ˇ D ˛

r

with ˛ 2 RK and r 2 Z.These rings of algebraic integers share many properties with the rational integers.

While there may not be unique factorization into primes there is always prime factor-ization.

Theorem 20.1.8. Let K be an algebraic number field and RK its ring of integers.Then each ˛ 2 RK is either 0, a unit or can be factored into a product of primes.

We stress again that the prime factorization need not be unique. However fromthe existence of a prime factorization we can mimic Euclid’s original proof of theinfinitude of primes (see [35]) to obtain:

Corollary 20.1.9. There exist infinitely many primes inRK for any algebraic numberring RK .

Just as any algebraic number field is finite dimensional over Q we will see that eachRK is of finite degree over Q. That is if K has degree n over Q we show that thereexists !1; : : : ; !n in RK such that each ˛ 2 RK is expressible as

˛ D m1!1 C � � � Cmn!n

where m1; : : : ; mn 2 Z.

Definition 20.1.10. An integral basis for RK is a set of integers !1; : : : ; !t 2 RK

such that each ˛ 2 RK can be expressed uniquely as

˛ D m1!1 C � � � Cmt!t

where m1; : : : ; mt 2 Z.

The finite degree comes from the following result that shows there does exist anintegral basis (see [35]).

Theorem 20.1.11. Let RK be the ring of integers in the algebraic number field K ofdegree n over Q. Then there exists at least one integral basis for RK .


20.2 Integral ring extensions

We now extend the concept of an algebraic integer to general ring extensions. We firstneed the idea of an R-algebra where R is a commutative ring with identity 1 ¤ 0.

Definition 20.2.1. Let R be a commutative ring with an identity 1 ¤ 0. An R-algebra or algebra over R is a unitary R-module A in which there is an additionalmultiplication such that

(1) A is a ring with respect to the addition and this multiplication

(2) .rx/y D x.ry/ D r.xy/ for all r 2 R and x; y 2 A.

As examples of R-algebras first consider R D K where K is a field and let A DMn.K/ the set of all .n � n/-matrices over K. Then Mn.K/ is a K-algebra. Furtherthe set of polynomials KŒx� is also a K-algebra.

We now define ring extensions. Let A be a ring, not necessarily commutative, withan identity 1 ¤ 0, and R be a commutative subring of A which contains 1. Assumethat R is contained in the center of A, that is, rx D xr for all r 2 R and x 2 A. Wethen call A a ring extension of R and write AjR. If AjR is a ring extension then A isan R-algebra in a natural manner.

Let A be an R-algebra with an identity 1 ¤ 0. Then we have the canonical ringhomomorphism � W R ! A, r 7! r � 1. The image R0 WD �.R/ is a subring of thecenter of A, and R0 contains the identity element of A. Then AjR0 is a ring extension(in the above sense). Hence, if A is a R-algebra with an identity 1 ¤ 0 then we mayconsider R as a subring of A and AjR as a ring extension.

We now will extend to the general context of ring extensions the ideas of integralelements and integral extensions. As above, let R be a commutative ring with anidentity 1 ¤ 0 and let A be an R-algebra.

Definition 20.2.2. An element a 2 A is said to be integral overR or integrally depen-dent overR if there is a monic polynomial f .x/ D xn C˛n�1x

n�1 C� � �C˛0 2 RŒx�of degree n � 1 over R with f .a/ D an C ˛n�1a

n�1 C � � � C ˛0 D 0. That is, a isintegral over R if it is a root of a monic polynomial of degree � 1 over R.

An equation that an integral element satisfies is called integral equation of a overR.If A has an identity 1 ¤ 0 then we may write a0 D 1 and

PniD0 ˛ia

i with ˛n D 1.

Example 20.2.3. 1. Let EjK be a field extension. a 2 E is integral over K if andonly if a is algebraic over K. If K is the quotient field of an integral domain Rand a2E is algebraic overK then there exists an ˛2R with ˛a integral overR,because if 0 D ˛na

n C � � � C ˛0 then 0 D .˛na/n C � � � C ˛n�1

n ˛0.

2. The elements of C which are integral over Z are precisely the algebraic integersover Z, that is, the roots of monic polynomials over Z.

Section 20.2 Integral ring extensions 299

Theorem 20.2.4. Let R be as above and A an R-algebra with an identity 1 ¤ 0. IfA is, as an R-module, finitely generated then each element of A is integral over R.

Proof. Let ¹b1; : : : ; bnº be a finite generating system of A, as an R-module. We mayassume that b1 D 1, otherwise add 1 to the system. As explained in the preliminaries,without loss of generality, we may assume that R�A. Let a2A. For each 1�j � n

we have an equation abj D PnkD1 ˛kj bk for some ˛kj 2 R. In other words:

nX

kD1

.˛kj � ıjka/bk D 0 (??)

for j D 1; : : : ; n, where

ıjk D´

0 if j ¤ k;

1 if j D k:

Define jk WD ˛kj � ıjka and C D .jk/j;k . C is an .n � n/-matrix over thecommutative ring RŒa�; recall that RŒa� has an identity element. Let QC D . Qjk/j;k bethe complimentary matrix of C . Then QCC D .detC/En. From (??) we get

0 DnX

jD1

Qij

� nX

kD1

jkbk

�

DnX

kD1

nX

jD1

Qij jkbk DnX

kD1

.detC/ıikbk D .detC/bi

for all 1 � i � n. Since b1 D 1 we have necessarily that detC D det. jk �ıjka/j;k D 0 (recall that ıjk D ıkj ). Hence a is a root of the monic polynomialf .x/ D det.ıjkx � jk/ 2 RŒx� of degree n � 1. Hence a is integral over R.

Definition 20.2.5. A ring extension AjR is called an integral extension if each ele-ment ofA is integral overR. A ring extensionAjR is called finite ifA, as aR-module,is finitely generated.

Recall that finite field extensions are algebraic extensions. As an immediate conse-quence of Theorem 20.2.4 we get the corresponding result for ring extensions.

Theorem 20.2.6. Each finite ring extension AjR is an integral extension.

Theorem 20.2.7. Let A be an R-algebra with an identity 1 ¤ 0. If a 2 A then thefollowing are equivalent:

(1) a is integral over R.

(2) The subalgebra RŒa� is, as an R-module, finitely generated.

(3) There exists a subalgebra A0 of A which contains a and which is, as an R-module, finitely generated.

A subalgebra of an algebra over R is a submodule which is also a subring.


Proof. (1) ) (2): We have RŒa� D ¹g.a/ W g 2 RŒx�º. Let f .a/ D 0 be an integralequation of a over R. Since f is monic, by the division algorithm, for each g 2 RŒx�there are h; r 2RŒx� with gDh �f C r and rD0 or r¤0 and deg.r/<deg.f /DWn.Let r ¤ 0. Since g.a/ D r.a/, we get that ¹1; a; : : : ; an�1º is a generating systemfor the R-module RŒa�.

(2) ) (3): Take A0 D RŒa�.(3) ) (1): Use Theorem 20.2.4 for A0.

For the remainder of this chapter all rings are commutative with an identity 1 ¤ 0.

Theorem 20.2.8. Let AjR and BjA be finite ring extensions. Then also BjR is finite.

Proof. From A D Re1 C � � �CRem and B D Af1 C � � �CAfn we get B D Re1f1 C� � � CRemfn.

Theorem 20.2.9. Let AjR be a ring extension. Then the following are equivalent:

(1) There are finitely many, over R integral elements a1; : : : ; am in A such thatA D RŒa1; : : : ; am�.

(2) AjR is finite.

Proof. (2) ) (1): We only need to take for a1; : : : ; am a generating system of A asan R-module, and the result holds because A D Ra1 C � � � C Ram, and each ai isintegral over R by Theorem 20.2.4.

(1) ) (2): We use induction for m. If m D 0 then there is nothing to prove.Now let m � 1, and assume that (1) holds. Define A0 D RŒa1; : : : ; am�1�. ThenA D A0Œam�, and am is integral over A0. AjA0 is finite by Theorem 20.2.7. By theinduction assumption, A0jR is finite. Then AjR is finite by Theorem 20.2.8.

Definition 20.2.10. Let AjR be a ring extension. Then the subset C D ¹a 2 A W a isintegral over Rº � A is called the integral closure of R in A.

Theorem 20.2.11. Let AjR be a ring extension. Then the integral closure of R in Ais a subring of A with R � A.

Proof. R � C because ˛ 2 R is a root of the polynomial x � ˛. Let a; b 2 C .We consider the subalgebra RŒa; b� of the R-algebra A. RŒa; b�jR is finite by Theo-rem 20.2.9. Hence, by Theorem 20.2.4, all elements from RŒa; b� are integral over R,that is, RŒa; b� � C . Especially, aC b, a � b and ab are in C .

We extend to ring extensions the idea of a closure.

Definition 20.2.12. Let AjR a ring extension. R is called integrally closed in A, if Ritself is its integral closure in R, that is, R D C , the integral closure of R in A.

Section 20.2 Integral ring extensions 301

Theorem 20.2.13. For each ring extension AjR the integral closure C of R in A isintegrally closed in A.

Proof. Let a 2 A be integral over C . Then an C ˛n�1an�1 C � � � C ˛0 D 0 for some

˛i 2 C , n � 1. Then a is also integral over the R-subalgebra A0 D RŒ˛0; : : : ; ˛n�1�

of C ; and A0jR is finite. Further A0Œa�jA is finite. Hence A0Œa�jR is finite. ByTheorem 20.2.4, then a 2 A0Œa� is already integral over R, that is, a 2 C .

Theorem 20.2.14. Let AjR and BjA be ring extensions. If AjR and BjA are integralextensions then also BjR is an integral extension (and certainly vice versa).

Proof. Let C be the integral closure ofR in B . We have A � C since AjR is integral.Together with BjAwe also have thatBjC is integral. By Theorem 20.2.13 we get thatC is integrally closed in B . Hence, B D C .

We now consider integrally closed integral domains.

Definition 20.2.15. An integral domain R is called integrally closed if R is integrallyclosed in its quotient field K.

Theorem 20.2.16. Each unique factorization domain R is integrally closed.

Proof. Let ˛ 2 K and ˛ D ab

with a; b 2 R, a ¤ 0. Since R is a unique factorizationdomain we may assume that a and b are relatively prime. Let ˛ be integral over R.Then we have over R an integral equation ˛n C an�1˛

n�1 C � � � C a0 D 0 for ˛.Multiplication with bn gives an C ban�1 C � � � C bna0 D 0. Hence b is a divisorof an. Since a and b are relatively prime in R, we have that b is a unit in R and,hence, ˛ D a

b2 R.

Theorem 20.2.17. Let R be an integral domain and K its quotient field. Let EjKbe a finite field extension. Let R be integrally closed, and ˛ 2 E be integral over R.Then the minimal polynomial g 2 KŒx� of ˛ over K has only coefficients of R.

Proof. Let g 2 KŒx� be the minimal polynomial of ˛ over K (recall that g is monicby definition). Let NE be an algebraic closure ofE. Then g.x/ D .x�˛1/ � � � .x�˛n/

with ˛1 D ˛ over NE. There are K-isomorphisms i W K.˛/ ! NE with i .˛/ D ˛i .Hence all ˛i are also integral over R. Since all coefficients of g are polynomialexpressions Cj .˛1; : : : ; ˛n/ in the ˛i we get that all coefficients of g are integral overR (see Theorem 20.2.11). Now g 2 RŒx� because g 2 KŒx� and R is integrallyclosed.

Theorem 20.2.18. Let R be an integrally closed integral domain and K be its quo-tient field. Let f; g; h 2 KŒx� be monic polynomials over K with f D gh. Iff 2 RŒx� then also g; h 2 RŒx�.


Proof. Let E be the splitting field of f over K. Over E we have f .x/ D .x �˛1/ � � � .x � ˛n/. Since f is monic all ˛k are integral over R (see the proof of Theo-rem 20.2.17). Since f D gh there are I; J � ¹1; : : : ; nº with g.x/ D Q

i2I .x � ˛i /

and h.x/ D Q

j2J .x � j /. As polynomial expressions in the ˛i , i 2 I , and j ,j 2 J , respectively, the coefficients of g and h, respectively, are integral over R.On the other side all these coefficients are in K and R is integrally closed. Henceg; h 2 RŒx�.

Theorem 20.2.19. Let EjR be an integral ring extension. If E is a field then also Ris a field.

Proof. Let ˛ 2 R n ¹0º. The element 1˛

2 E satisfies an integral equation . 1˛/n C

an�1.1˛/n�1 C � � � C a0 D 0 over R. Multiplication with ˛n�1 gives 1

˛D �an�1 �

an�2˛ � � � � � a0˛n�1 2 R. Hence, R is a field.

20.3 Transcendental field extensions

Recall that a transcendental number is an element of C that is not algebraic over Q.More generally if EjK is a field extension then an element ˛ 2 E is transcendentalover K if it is not algebraic, that is, it is not a zero of any polynomial f .x/ 2 KŒx�.Since finite extensions are algebraic clearlyEjK will contain transcendental elementsonly if ŒE W K� D 1. However this is not sufficient. The field A of algebraic numbersis algebraic over Q but infinite dimensional over Q. We now extend the idea of atranscendental number to that of a transcendental extension.

Let K � E be fields, that is, EjK is a field extension. Let M be a subset of E.The algebraic cover ofM in E is defined to be the algebraic closureH.M/ ofK.M/

in E, that is, HK;E .M/ D H.M/ D ¹˛ 2 E W ˛ algebraic over K.M/º. H.M/ is afield with K � K.M/ � H.M/ � E. ˛ 2 E is called algebraically dependent onM (over K) if ˛ 2 H.M/, that is, if ˛ is algebraic over K.M/.

The following are clear.

1. M � H.M/,

2. M � M 0 ) H.M/ � H.M 0/ and

3. H.H.M// D H.M/.

Definition 20.3.1. (a) M is said to be algebraically independent (over K) if ˛ …H.M n ¹˛º/ for all ˛ 2 M , that is, if each ˛ 2 M is transcendental overK.M n ¹˛º/.

(b) M is said to be algebraically dependent (over K) if M is not algebraicallyindependent.

The proofs of the statements in the following lemma are straightforward.

Section 20.3 Transcendental field extensions 303

Lemma 20.3.2. (1) M is algebraically dependent if and only if there exists an˛ 2 M which is algebraic over K.M n ¹˛º/.

(2) Let ˛ 2 M . Then ˛ 2 H.M n ¹˛º/ , H.M/ D H.M n ¹˛º/.(3) If ˛ … M and ˛ is algebraic over K.M/ then M [ ¹˛º is algebraically depen-

dent.

(4) M is algebraically dependent if and only if there is a finite subset in M whichis algebraically dependent.

(5) M is algebraically independent if and only if each finite subset of M is alge-braically independent.

(6) M is algebraically independent if and only if the following holds: If ˛1; : : : ; ˛n

are finitely many, pairwise different elements of M then the canonical homo-morphism � W KŒx1; : : : ; xn� ! E, f .x1; : : : ; xn/ 7! f .˛1; : : : ; ˛n/ is injec-tive; or in other words: for all f 2 KŒx1; : : : ; xn� we have that f D 0 iff .˛1; : : : ; ˛n/ D 0, that is, there is no nontrivial algebraic relation between the˛1; : : : ; ˛n over K.

(7) Let M � E, ˛ 2 E. If M is algebraically independent and M [ ¹˛º al-gebraically dependent then ˛ 2 H.M/, that is, ˛ is algebraically dependenton M .

(8) Let M � E, B � M . If B is maximal algebraically independent, that is, if˛ 2 M n B then B [ ¹˛º is algebraically dependent, then M � H.B/, that is,each element of M is algebraic over K.B/.

We will show that any field extension can be decomposed into a transcendentalextension over an algebraic extension. We need the idea of a transcendence basis.

Definition 20.3.3. B � E is called a transcendence basis of the field extension EjKif the following two conditions are satisfied:

1. E D H.B/, that is, the extension EjK.B/ is algebraic.

2. B is algebraically independent over K.

Theorem 20.3.4. If B � E then the following are equivalent:

(1) B is a transcendence basis of EjK.

(2) If B � M � E with H.M/ D E, then B is a maximal algebraically indepen-dent subset of M .

(3) There exists a subset M � E with H.M/ D E which contains B as a maximalalgebraically independent subset.


Proof. (1) ) (2): Let ˛ 2 M n B . We have to show that B [ ¹˛º is algebraicallydependent. But this is clear because ˛ 2 H.B/ D E.

(2) ) (3): We just take M D E.(3) ) (1): We have to show that H.B/ D E. Certainly M � H.B/. Hence,

E D H.M/ � H.H.B// D H.B/ � E.

We next show that any field extension does have a transcendence basis.

Theorem 20.3.5. Each field extension EjK has a transcendence basis. More con-cretely: If there is a subset M � E such that EjK.M/ is algebraic and if there is asubset C � M which is algebraically independent then there exists a transcendencebasis B of EjK with C � B � M .

Proof. We have to extend C to a maximal algebraically independent subset B of M .By Theorem 20.3.4, such a B is a transcendence basis of EjK. If M is finite thensuch a B certainly exists. Now let M be not finite. We argue analogously as for theexistence of a basis of a vector space, for instance with Zorn’s lemma: If a partiallyordered, nonempty set S is inductive, then there exist maximal elements in S . Here,a partially ordered, nonempty set S is said to be inductive if every totally orderedsubset of S has an upper bound in S . The set N of all algebraically independentsubsets of M which contain C is partially ordered with respect to “�”, and N ¤ ;because C 2 N . Let K ¤ ; be an ascending chain in N , that is, given an ascendingchain ; ¤ Y1 � Y2 � � � � . in N . The union U D S

Y2K Y is also algebraicallyindependent. Hence, there exists a maximal algebraically independent subset B � M

with C � B .

Theorem 20.3.6. Let EjK be a field extension and M be a subset of E for whichEjK.M/ is algebraic. Let C be an arbitrary subset of E which is algebraicallyindependent on K. Then there exists a subset M 0 � M with C \M 0 D ; such thatC [M 0 is a transcendence basis of EjK.

Proof. Take M [ C and define M 0 WD B n C in Theorem 20.3.5.

Theorem 20.3.7. Let B;B 0 be two transcendence bases of the field extension EjK.Then there is a bijection � W B ! B 0. In other words, any two transcendence basesof EjK have the same cardinal number.

Proof. (a) If B is a transcendental basis of EjK and M is a subset of E such thatEjK.M/ is algebraic then we may write B D S

˛2M B˛ with finite sets B˛. Espe-cially, if B is infinite then the cardinal number of B is not bigger than the cardinalnumber of M .

(b) Let B and B 0 be two transcendence bases of EjK. If B and B 0 are bothinfinite then B and B 0 have the same cardinal number by (a) and the theorem by

Section 20.3 Transcendental field extensions 305

Schroeder–Bernstein [5]. We now prove Theorem 20.3.7 for the case that EjK hasa finite transcendence basis. Let B be finite with n elements. Let C be an arbi-trary algebraically independent subset in E over K with m elements. We show thatm � n. Let C D ¹˛1; : : : ; ˛mº with m � n. We show by induction that for eachinteger k, 0 � k � n, there are subsets B ¥ B1 ¥ � � � ¥ Bk of B such that¹˛1; : : : ; ˛kº [ Bk is a transcendence basis of EjK and ¹˛1; : : : ; ˛kº \ Bk D ;. Fork D 0 we take B0 D B , and the statement holds. Assume now that the statementis correct for 0 � k < n. By Theorem 20.3.4 and 20.3.5 there is a subset BkC1

of ¹˛1; : : : ; ˛kº [ Bk such that ¹˛1; : : : ; ˛kC1º [ BkC1 is a transcendence basis ofEjK and ¹˛1; : : : ; ˛kC1º \ BkC1 D ;. Then necessarily BkC1 � Bk . AssumeBk D BkC1. Then on one side, Bk [ ¹˛1; : : : ; ˛kC1º is algebraic independent be-causeBk D BkC1. On the other side, alsoBk[¹˛1; : : : ; ˛kº[¹akC1º is algebraicallydependent, which gives a contradiction. Hence, BkC1 ¦ Bk . Now Bk has at mostn � k elements, hence Bn D ;, that is, ¹˛1; : : : ; ˛nº D ¹˛1; : : : ; ˛nº [ Bn is a tran-scendence basis of EjK. Because C D ¹˛1; : : : ; ˛mº is algebraically independent,we cannot have m > n. Hence m � n; and B and B 0 have the same number ofelements because B 0 must also be finite.

Since the cardinality of any transcendence basis for a field extension EjK is thesame we can define the transcendence degree.

Definition 20.3.8. The transcendence degree trgd.EjK/ of a field extension is thecardinal number of one (and hence of each) transcendence basis of EjK. A fieldextension EjK is called purely transcendental, if EjK has a transcendence basis Bwith E D K.B/.

We note the following facts:

(1) If EjK is purely transcendental and B D ¹˛1; : : : ; ˛nº is a transcendence basisof EjK then E is K-isomorphic to the quotient field of the polynomial ringKŒx1; : : : ; xn� of the independence indeterminates x1; : : : ; xn.

(2) K is algebraically closed in E if EjK is purely transcendental.

(3) By Theorem 20.3.4, the field extension EjK has an intermediate field F , K �F � E, such that F jK is purely transcendental andEjF is algebraic. CertainlyF is not uniquely determined.

For example take Q � F � Q.i; �/, and for F we may take F D Q.�/ andalso F D Q.i�/, for instance.

(4) trgd.RjQ/ D trgd.CjQ/ D card R, the cardinal number of R. This holdsbecause the set of the algebraic numbers (over Q) is countable.

Theorem 20.3.9. Let EjK a field extension and F an arbitrary intermediate field,K � F � E. Let B a transcendence basis of F jK and B 0 a transcendence base of


EjF . Then B \ B 0 D ;, and B [ B 0 is a transcendence basis of EjK. Especially:trgd.EjK/ D trgd.EjF /C trgd.F jK/.Proof. (1) Assume ˛ 2 B \ B 0. As an element of F , then ˛ is algebraic overF.B 0/ n ¹˛º. But this gives a contradiction because ˛ 2 B 0, and B 0 is algebraicallyindependent over F .

(2) F jK.B/ is an algebraic extension, and also F.B 0/jK.B [ B 0/ D K.B/.B 0/.Since the relation “algebraic extension” is transitive, we have that EjK.B [ B 0/ isalgebraic.

(3) Finally we have to show that B [ B 0 is algebraically independent over K. ByTheorems 20.3.5 and 20.3.6 there is a subset B 00 of B [ B 0 with B \ B 00 D ; suchthat B [ B 00 is a transcendence basis of EjK. We have B 00 � B 0, and have to showthat B 0 � B 00. Assume that there is an ˛ 2 B 0 with ˛ … B 00. Then ˛ is algebraicoverK.B[B 00/ D K.B/.B 00/ and, hence, algebraic over F.B 00/. Since B 00 � B 0 wehave that ˛ is algebraically independent over F , which gives a contradiction. HenceB 00 D B 0.

Theorem 20.3.10 (Noether’s normalization theorem). Let K be a field and A DKŒa1; : : : ; an�. Then there exist elements u1; : : : ; um, 0 � m � n, in A with thefollowing properties:

(1) KŒu1; : : : ; um� is K-isomorphic to the polynomial ring KŒx1; : : : ; xm� of theindependent indeterminates x1; : : : ; xm.

(2) The ring extension AjKŒu1; : : : ; um� is an integral extension, that is, for eacha2AnKŒu1; : : : ; um� there exists a monic polynomial f .x/DxnC˛n�1x

n�1C� � � C ˛0 2 KŒu1; : : : ; um�Œx� of degree n � 1 with f .a/ D an C ˛n�1a

n�1 C� � � C ˛0 D 0. Especially AjKŒu1; : : : ; um� is finite.

Proof. Without loss of generality, let the a1; : : : ; an be pairwise different. We provethe theorem by induction on n. If n D 1 then there is nothing to show. Now, letn � 2, and assume that the statement holds for n�1. If there is no nontrivial algebraicrelation f .a1; : : : ; an/ D 0 over K between the a1; : : : ; an then there is nothing toshow. Hence, let there exists a polynomial f 2 KŒx1; : : : ; xn� with f ¤ 0 andf .a1; : : : ; an/ D 0. Let f D P

�D.�1;:::;�n/ c�x�1

1 � � � x�nn . Let �2; �3; : : : ; �n be

natural numbers which we specify later. Define b2 D a2 � a�2

1 , b3 D a3 � a�3

1 ,. . . ; bn D an � a

�n

1 . Then ai D bi C a�i

1 for 2 � i � n, hence, f .a1; b2 Ca

�2

1 ; : : : ; bn C a�n

1 / D 0. We write R WD KŒx1; : : : ; xn� and consider the polynomialring RŒy2; : : : ; yn� of the n � 1 independent indeterminates y2; : : : ; yn over R. InRŒy2; : : : ; yn� we consider the polynomial f .x1; y2 C x

�2

1 ; : : : ; yn C x�n

1 /. We mayrewrite this polynomial as

X

�D.�1;:::;�n/

c�x�1C�2�2C��C�n�n

1 C g.x1; y2; : : : ; yn/

Section 20.4 The transcendence of e and � 307

with a polynomial g.x1; y2; : : : ; yn/ for which, as a polynomial in x1 overKŒy2; : : : ;

yn�, the degree in x1 is smaller than the degree ofP

�D.�1;:::;�n/ c�x�1C�2�2C��C�n�n

1 ,provided that we may choose the �2; : : : ; �n in such a way that this really holds. Wenow specify the �2; : : : ; �n. We write � WD .1; �2; : : : ; �n/ and define the scalarproduct �� D 1 � �1 C �2�2 C � � � C �n�n. Choose p 2 N with p > deg.f / Dmax¹�1 C � � � C �n W c� ¤ 0º. We now take � D .1; p; p2; : : : ; pn�1/. If � D.�1; : : : ; �n/ with c� ¤ 0 and �0 D .�01; : : : ; �0n/ with c0� ¤ 0 are different n-tuplethen indeed �� ¤ ��0 because �i ; �

0i < p for all i , 1 � i � n. This follows from

the uniqueness of the p-adic expression of a natural number. Hence, we may choose�2; : : : ; �n such that f .x1; y2 C x

�2

1 ; : : : ; yn C x�n

1 / D cxN1 C h.x1; y2; : : : ; yn/

with c 2 K, c ¤ 0, and h 2 KŒy2; : : : ; yn�Œx1� has in x1 a degree < N . If we divideby c and take a1; b2; : : : ; bn for x1; y2; : : : ; yn then we get an integral equation of a1

over KŒb2; : : : ; bn�. Therefore, the ring extension A D KŒa1; : : : ; an�jKŒb2; : : : ; bn�

is integral (see Theorem 20.2.9), ai D bi C a�i

1 for 2 � i � n. By induction thereexists elements u1; : : : ; um in KŒb2; : : : ; bn� with the following properties:

1. KŒu1; : : : ; um� is a polynomial ring of them independent indeterminates u1; : : : ;

um and

2. KŒb2; : : : ; bn�jKŒu1; : : : ; um� is integral.

Hence, also AjKŒu1; : : : ; um� is integral by Theorem 20.2.14.

Corollary 20.3.11. Let EjK be a field extension. If E D KŒa1; : : : ; an� for a1; : : : ;

an 2 E then EjK is algebraic.

Proof. By Theorem 20.3.10 we have that E contains a polynomial ring KŒu1; : : : ;

um�, 0 � m � n, of the m independent indeterminates u1; : : : ; um as a subring forwhich EjKŒu1; : : : ; um� is integral. We claim that then already KŒu1; : : : ; um� is afield. To prove that, let a 2 KŒu1; : : : ; um�, a ¤ 0. The element a�1 2 E satisfies anintegral equation .a�1/n C˛n�1.a

�1/n�1 C � � � C˛0 D 0 overKŒu1; : : : ; um� DW R.Hence, a�1 D �˛n�1 � ˛n�2a � � � � � ˛0a

n�1 2 R. Therefore R is a field whichproves the claim. This is possible only for m D 0, and then EjK is integral, that ishere algebraic.

20.4 The transcendence of e and �

Although we have shown that within C there are continuously many transcendentalnumbers we have only shown that one particular number is transcendental. In thissection we prove that the numbers e and � are transcendental. We start with e.

Theorem 20.4.1. e is a transcendental number, that is, transcendental over Q.


Proof. Let f .x/ 2 RŒx� with the degree of f .x/ D m � 1. Let z1 2 C, z1 ¤ 0, and W Œ0; 1� ! C, .t/ D tz1. Let

I.z1/ DZ

�

ez1�zf .z/dz D�

Z z1

0

�

�

ez1�zf .z/dz:

By .R z1

0 /� we mean the integral from 0 to z1 along . Recall that�

Z z1

0

�

�

ez1�zf .z/dz D �f .z1/C ez1f .0/C�

Z z1

0

�

�

ez1�zf 0.z/dz:

It follows then by repeated partial integration that

(1) I.z1/ D ez1Pm

jD0 f.j /.0/ �Pm

jD0 f.j /.z1/.

Let jf j.x/ be the polynomial that we get if we replace the coefficients of f .x/ bytheir absolute values. Since jez1�zj � ejz1�zj � ejz1j, we get

(2) jI.z1/j � jz1jejz1jjf j.jz1j/.Now assume that e is an algebraic number, that is,

(3) q0 C q1e C � � � C qnen D 0 for n � 1 and integers q0 ¤ 0; q1; : : : ; qn, and the

greatest common divisor of q0; q1; : : : ; qn, is equal to 1.

We consider now the polynomial f .x/ D xp�1.x � 1/p : : : .x � n/p with p a suf-ficiently large prime number, and we consider I.z1/ with respect to this polynomial.Let

J D q0I.0/C q1I.1/C � � � C qnI.n/:

From (1) and (3) we get that

J D �mX

jD0

nX

kD0

qkf.j /.k/;

where m D .nC 1/p � 1 since .q0 C q1e C � � � C qnen/.Pm

jD0.f.j /.0// D 0.

Now, f .j /.k/ D 0 if j < p, k > 0, and if j < p � 1 then k D 0, and hencef .j /.k/ is an integer that is divisible by pŠ for all j; k except for j D p � 1, k D 0.Further, f .p�1/.0/ D .p � 1/Š.�1/np.nŠ/p , and hence, if p > n, then f .p�1/.0/ isan integer divisible by .p � 1/Š but not by pŠ.

It follows that J is a nonzero integer that is divisible by .p � 1/Š if p > jq0j andp > n. So let p > n; p > jq0j, so that jJ j � .p � 1/Š.

Now, jf j.k/ � .2n/m. Together with (2) we then get that

jJ j � jq1jejf j.1/C � � � C jqnjnenjf j.n/ � cp

for a number c independent of p. It follows that

.p � 1/Š � jJ j � cp;

Section 20.4 The transcendence of e and � 309

that is,

1 � jJ j.p � 1/Š � c

cp�1

.p � 1/Š :

This gives a contradiction, since cp�1

.p�1/Š! 0 as p ! 1. Therefore, e is transcen-

dental.

We now move on to the transcendence of � . We first need the following lemma.

Lemma 20.4.2. Suppose ˛ 2 C is an algebraic number and f .x/ D anxnC� � �Ca0,

n � 1, an ¤ 0, and all ai 2 Z .f .x/ 2 ZŒx�/ with f .˛/ D 0. Then an˛ is analgebraic integer.

Proof.

an�1n f .x/ D an

nxn C an�1

n an�1xn�1 C � � � C an�1

n a0

D .anx/n C an�1.anx/

n�1 C � � � C an�1n a0

D g.anx/ D g.y/ 2 ZŒy�

where y D anx and g.y/ is monic. Then g.an˛/ D 0, and hence an˛ is an algebraicinteger.

Theorem 20.4.3. � is a transcendental number, that is, transcendental over Q.

Proof. Assume that � is an algebraic number. Then � D i� is also algebraic. Let�1 D �; �2; : : : ; �d be the conjugates of � . Suppose

p.x/ D q0 C q1x C � � � C qdxd 2 ZŒx�; qd > 0; and gcd.q0; : : : ; qd / D 1

is the entire minimal polynomial of � over Q. Then �1 D �; �2; : : : ; �d are the zerosof this polynomial. Let t D qd . Then from Lemma 20.4.2, t�i is an algebraic integerfor all i . From ei� C 1 D 0 and from �1 D i� we get that

.1C e1/.1C e2/ � � � .1C ed / D 0:

The product on the left side can be written as a sum of 2d terms e� , where � D�1�1 C � � � C �d�d , �j D 0 or 1. Let n be the number of terms �1�1 C � � � C �d�d thatare nonzero. Call these ˛1; : : : ; ˛n. We then have an equation

q C e˛1 C � � � C e˛n D 0

with q D 2d � n > 0. Recall that all t˛i , are algebraic integers and we consider thepolynomial

f .x/ D tnpxp�1.x � ˛1/p � � � .x � ˛n/

p


with p a sufficiently large prime integer. We have f .x/ 2 RŒx�, since the ˛i are alge-braic numbers and the elementary symmetric polynomials in ˛1; : : : ; ˛n are rationalnumbers.

Let I.z1/ be defined as in the proof of Theorem 20.4.1, and now let

J D I.˛1/C � � � C I.˛n/:

From (1) in the proof of Theorem 20.4.1 and (4) we get

J D �qmX

jD0

f .j /.0/ �mX

jD0

nX

kD1

f .j /.˛k/;

with m D .nC 1/p � 1.Now,

PnkD1 f

.j /.˛k/ is a symmetric polynomial in t˛1; : : : ; t˛n with integer coef-ficients since the t˛i are algebraic integers. It follows from the main theorem on sym-metric polynomials that

PmjD0

PnkD1 f

.j /.˛k/ is an integer. Further, f .j /.˛k/ D 0

for j < p. HencePm

jD0

PnkD1 f

.j /.˛k/ is an integer divisible by pŠ.

Now, f .j /.0/ is an integer divisible by pŠ if j ¤ p � 1, and f .p�1/.0/ D .p �1/Š.�t /np.˛1 : : : ˛n/

p is an integer divisible by .p � 1/Š but not divisible by pŠ if pis sufficiently large. In particular, this is true if p > jtn.˛1 � � �˛n/j and also p > q.

From (2) in the proof of Theorem 20.4.1 we get that

jJ j � j˛1jej˛1jjf j.j˛1j/C � � � C j˛njej˛njjf j.j˛nj/ � cp

for some number c independent of p.As in the proof of Theorem 20.4.1, this gives us

.p � 1/Š � jJ j � cp;

that is,

1 � jJ j.p � 1/Š � c

cp�1

.p � 1/Š :

This, as before, gives a contradiction, since cp�1

.p�1/Š! 0 as p ! 1. Therefore, �

is transcendental.

20.5 Exercises

1. A polynomial p.x/ 2 ZŒx� is primitive if the GCD of all its coefficients is 1. Provethe following:

(i) If f .x/ and g.x/ are primitive then so is f .x/g.x/.

(ii) If f .x/ 2 ZŒx� is monic then it is primitive.


(iii) If f .x/ 2 QŒx� then there exists a rational number c such that f .x/ D cf1.x/

with f1.x/ primitive.

2. Let d be a square-free integer and K D Q.pd/ be a quadratic field. Let RK be

the subring of K of the algebraic integers of K. Show that

(i) RK D ¹m C npd W m; n 2 Zº if d � 2.mod 4/ or d � 3.mod 4/.

¹1;pdº is an integral basis for RK .

(ii) RK D ¹mCn1Cpd2

W m; n 2 Zº if d � 1.mod 4/. ¹1; 1Cpd2

º is an integralbasis for RK .

(iii) If d < 0 then there are only finitely many units in RK .

(iv) If d > 0 then there are infinitely many units in RK .

3. Let K D Q.˛/ with ˛3 C ˛C 1 D 0 and RK the subring of the algebraic integersin K. Show that

(i) ¹1; ˛; ˛2º is an integral basis for RK .

(ii) RK D ZŒ˛�.

4. Let AjR be an integral ring extension. If A is an integral domain andR a field thenA is also a field.

5. Let AjR be an integral extension. Let P be a prime ideal of A and p be a primeideal of R such that P \R D p. Show that

(i) If p is maximal in R then P is maximal in A. (Hint: consider A=P .)

(ii) If P0 is another prime ideal of A with P0 \ R D p and P0 � P then P DP0. (Hint: we may assume that A is an integral domain and P \ R D ¹0º,otherwise go to A=P .)

6. Show that for a field extension EjK the following are equivalent:

(i) ŒE W K.B/� < 1 for each transcendence basis B of EjK.

(ii) trgd.EjK/ < 1 and ŒE W K.B/� < 1 for each transcendence basis B ofEjK.

(iii) There is a finite transcendence basis B of EjK with ŒE W K.B/� < 1.

(iv) There are finitely many x1; : : : ; xn 2 E with E D K.x1; : : : ; xn/.

7. Let EjK be a field extension. If EjK is purely transcendental then K is alge-braically closed in E.

Chapter 21

The Hilbert Basis Theorem and the Nullstellensatz

21.1 Algebraic Geometry

An extremely important application of abstract algebra and an application central toall of mathematics is the subject of algebraic geometry. As the name suggests thisis the branch of mathematics that uses the techniques of abstract algebra to studygeometric problems. Classically algebraic geometry involved the study of algebraiccurves which roughly are the sets of zeros of a polynomial or set of polynomialsin several variables over a field. For example, in two variables a real algebraic planecurve is the set of zeros in R2 of a polynomial p.x; y/ 2 RŒx; y�. The common planarcurves such as parabolas and the other conic sections are all plane algebraic curves.In actual practice plane algebraic curves are usually considered over the complexnumbers and are projectivized.

The algebraic theory that deals most directly with algebraic geometry is called com-mutative algebra. This is the study of commutative rings, ideals in commutative ringsand modules over commutative rings. A large portion of this book has dealt withcommutative algebra.

Although we will not consider the geometric aspects of algebraic geometry in gen-eral we will close the book by introducing some of the basic algebraic ideas that arecrucial to the subject. These include the concept of an algebraic variety or algebraicset and its radical. We also state and prove two of the cornerstones of the theory asapplied to commutative algebra – the Hilbert basis theorem and the Nullstellensatz.

In this chapter we consider a fixed field extension C jK and the polynomial ringKŒx1; : : : ; xn� of the n independent indeterminates x1; : : : ; xn. Again, in this chapterwe often use letters a;b;m; p;P;A;Q; : : : for ideals in rings.

21.2 Algebraic Varieties and Radicals

We first define the concept of an algebraic variety.

Definition 21.2.1. If M � KŒx1; : : : ; xn� then we define

N .M/ D ¹.˛1; : : : ; ˛n/ 2 C n W f .˛1; : : : ; ˛n/ D 0 8f 2 M º:

˛ D .˛1; : : : ; ˛n/ 2 N .M/ is called a zero (Nullstelle) of M in C n; and N .M/ iscalled the zero set of M in C n. If we want to mention C then we write N .M/ D

Section 21.2 Algebraic Varieties and Radicals 313

NC .M/. A subset V � Cn of the form V D N .M/ for someM � KŒx1; : : : ; xn� iscalled an algebraic variety or (affine) algebraic set of C n overK, or just an algebraicK-set of C n.

For any subset N of C n we can reverse the procedure and consider the set of poly-nomials whose zero set is N .

Definition 21.2.2. Suppose that N � C n. Then

I.N / D ¹f 2 KŒx1; : : : ; xn� W f .˛1; : : : ; ˛n/ D 0 8.˛1; : : : ; ˛n/ 2 N º:Instead of f 2 I.N / we also say that f vanishes on N (over K). If we want tomention K then we write I.N / D IK.N /.

What is important is that the set I.N / forms an ideal. The proof is straightforward.

Theorem 21.2.3. For any subset N � C n the set I.N / is an ideal in KŒx1; : : : ; xn�;it is called the vanishing ideal of N � C n in KŒx1; : : : ; xn�,

The following result examines the relationship between subsets in C n and theirvanishing ideals.

Theorem 21.2.4. The following properties hold:

(1) M � M 0 ) N .M 0/ � N .M/,

(2) If a D .M/ is the ideal inKŒx1; : : : ; xn� generated byM , then N .M/ D N .a/,

(3) N � N 0 ) I.N 0/ � I.N /,

(4) M � IN .M/ for all M � KŒx1; : : : ; xn�,

(5) N � N I.N / for all N � Cn,

(6) If .ai /i2I is a family of ideals inKŒx1; : : : ; xn� thenT

i2I N.ai /DN.P

i2I ai /.Here

P

i2I ai is the ideal in KŒx1; : : : ; xn�, generated by the unionS

i2I ai ,

(7) If a;b are ideals in KŒx1; : : : ; xn� then N .a/ [ N .b/ D N .ab/ D N .a \ b/.Here ab is the ideal inKŒx1; : : : ; xn� generated by all products fg where f 2 a

and g 2 b,

(8) N .M/ D N IN .M/ for all M � KŒx1; : : : ; xn�,

(9) V D N I.V / for all algebraic K-sets V ,

(10) I.N / D IN I.N / for all N � C n.

Proof. The proofs are straightforward. Hence, we prove only (7), (8) and (9). Therest can be left as exercise for the reader.

Proof of (7): Since ab � a\b � a;b we have by (1) the inclusion N .a/[N .b/ �N .a \ b/ � N .ab/. Hence, we have to show that N .ab/ � N .a/ [ N .b/.

314 Chapter 21 The Hilbert Basis Theorem and the Nullstellensatz

Let ˛ D .˛1; : : : ; ˛n/ 2 C n be a zero of ab but not a zero of a. Then there is anf 2 a with f .˛/ ¤ 0, and hence for all g 2 b we get f .˛/g.˛/ D .fg/.˛/ D 0 and,hence, g.˛/ D 0. Therefore ˛ 2 N .b/.

Proof of (8) and (9): Let M � KŒx1; : : : ; xn�. Then, on the one side, M �IN .M/ by (5) and further N IN .M/ � N .M/ by (1). On the other side, N .M/ �N IN .M/ by (6). Therefore N .M/ D N IN .M/ for all M � KŒx1; : : : ; xn�.

Now, the algebraic K-sets of C n are precisely the sets of the form V D N .M/.Hence, V D N I.V /.

We make the following agreement: if a is an ideal in KŒx1; : : : ; xn� then we write

a GKŒx1; : : : ; xn�:

If a G KŒx1; : : : ; xn� then we do not have a D IN .a/ in general, that is, a is ingeneral not equal to the vanishing ideal of its zero set in C n. The reason for this isthat not each ideal a occurs as a vanishing ideal of some N � C n. If a D I.N / thenwe must have:

f m 2 a; m � 1 H) f 2 a: (?)

Hence, for instance, if a D .x21 ; : : : ; x

2n/ G KŒx1; : : : ; xn� then a is not of the form

a D I.N / for some N � C n. We now define the radical of an ideal.

Definition 21.2.5. Let R be a commutative ring, and a G R be an ideal in R. Thenpa D ¹f 2 R W f m 2 a for some m 2 Nº is an ideal in R.

pa is called the radical

of a (in R). a is said to be reduced ifp

a D a.

We note that thep0 is called the nil radical of R; it contains exactly the nilpotent

elements of R, that is, the elements a 2 R with am D 0 for some m 2 N.Let a G R be an ideal in R and � W R ! R=a the canonical mapping. Then

pa is

exactly the preimage of the nil radical of R=a.

21.3 The Hilbert Basis Theorem

In this section we show that ifK is a field then each ideal a GKŒx1; : : : ; xn� is finitelygenerated. This is the content of the Hilbert basis theorem. This has as an importantconsequence that any algebraic variety of C n is the zero set of only finitely manypolynomials.

The Hilbert basis theorem follows directly from the following Theorem 21.3.2.Before we state this theorem we need a definition.

Definition 21.3.1. Let R be a commutative ring with an identity 1 ¤ 0. R is said tobe noetherian if each ideal in R is generated by finitely many elements, that is, eachideal in R is finitely generated.

Section 21.4 The Hilbert Nullstellensatz 315

Theorem 21.3.2. Let R be a noetherian ring. Then the polynomial ring RŒx� over Ris also noetherian.

Proof. Let 0 ¤ fk 2 RŒx�. With deg.fk/ we denote the degree of fk . Let a G RŒx�be an ideal in RŒx�. Assume that a is not finitely generated. Then, especially, a ¤ 0.We construct a sequence of polynomials fk 2 a such that the highest coefficients ak

generate an ideal in R which is not finitely generated. This produces then a contra-diction, and, hence, a is in fact finitely generated. Choose f1 2 a, f1 ¤ 0, so thatdeg.f1/ D n1 is minimal.

If k � 1 then choose fkC1 2 a, fkC1 … .f1; : : : ; fk/ so that deg.fkC1/ D nkC1 isminimal for the polynomials in a n .f1; : : : ; fk/. This is possible because we assumethat a is not finitely generated. We have nk � nkC1 by our construction. Further.a1; : : : ; ak/ ¦ .a1; : : : ; ak; akC1/.

Proof of this claim: Assume that .a1; : : : ; ak/ D .a1; : : : ; ak; akC1/. Then akC1 2.a1; : : : ; ak/. Hence, there are bi 2 R with akC1 D Pk

iD1 aibi . Let g.x/ DPk

iD1 bifi .x/xnkC1�ni , hence, g 2 .f1; : : : ; fk/ and g D akC1x

nkC1 C � � � . There-fore deg.fkC1 � g/ < nkC1 and fkC1 � g … .f1; : : : ; fk/ which contradicts thechoice of fkC1. This proves the claim.

Hence .a1; : : : ; ak/ ¦ .a1; : : : ; ak ; akC1/ which contradicts the fact that R isnoetherian. Hence a is finitely generated.

We now have the Hilbert basis theorem.

Theorem 21.3.3 (Hilbert basis theorem). Let K be a field. Then each ideal a GKŒx1; : : : ; xn� is finitely generated, that is, a D .f1; : : : ; fm/ for finitely many f1; : : : ;

fm 2 KŒx1; : : : ; xn�.

Corollary 21.3.4. If C jK is a field extension then each algebraic K-set V of C n isalready the zero set of only finitely many polynomials f1; : : : ; fm 2 KŒx1; : : : ; xn�:

V D ¹.˛1; : : : ; ˛n/ 2 C n W fi .˛1; : : : ; ˛n/ D 0 for i D 1; : : : ; mº:Further we write V D N .f1; : : : ; fm/.

21.4 The Hilbert Nullstellensatz

Vanishing ideals of subsets of C n are not necessarily reduced. For an arbitrary fieldC , the condition

f m 2 a; m � 1 H) f 2 a

is, in general, not sufficient for a G KŒx1; : : : ; xn� to be a vanishing ideal of a subsetof C n. For example let n � 2,K D C D R and a D .x2

1 C� � �Cx2n/GRŒx1; : : : ; xn�.

a is a prime ideal in RŒx1; : : : ; xn� because x21 C � � � C x2

n is a prime element in


RŒx1; : : : ; xn�. Hence, a is reduced. But, on the other side, N .a/ D ¹0º andI.¹0º/ D .x1; : : : ; xn/. Therefore a is not of the form I.N / for some N � Cn.If this would be the case, then a D I.N / D IN I.N / D I ¹0º D .x1; : : : ; xn/

because of Theorem 21.2.4(10), which gives a contradiction.The Nullstellensatz of Hilbert which we give in two forms shows that if a is re-

duced, that is, a D pa, then IN .a/ D a.

Theorem 21.4.1 (Hilbert’s Nullstellensatz, first form). Let C jK be a field extensionwith C algebraically closed. If a GKŒx1; : : : ; xn� then IN .a/ D p

a. Moreover, if a

is reduced, that is, a D pa, then IN .a/ D a. Therefore N defines a bijective map

between the set of reduced ideals inKŒx1; : : : ; xn� and the set of the algebraicK-setsin C n; and I defines the inverse map.

The proof follows from:

Theorem 21.4.2 (Hilbert’s Nullstellensatz, second form). Let C jK be a field exten-sion with C algebraically closed. Let a G KŒx1; : : : ; xn� with a ¤ KŒx1; : : : ; xn�.Then there exists an ˛ D .˛1; : : : ; ˛n/ 2 C n with f .˛/ D 0 for all f 2 a, that is,NC .a/ ¤ ;.

Proof. Since a ¤ KŒx1; : : : ; xn� there exists a maximal ideal mGKŒx1; : : : ; xn� witha � m. We consider the canonical map � W KŒx1; : : : ; xn� ! KŒx1; : : : ; xn�=m. Letˇi D �.xi / for i D 1; : : : ; n. Then KŒx1; : : : ; xn�=m D KŒˇ1; : : : ; ˇn� DW E. Sincem is maximal, E is a field. Moreover EjK is algebraic by Corollary 20.3.11. Hencethere exists a K-homomorphism W KŒˇ1; : : : ; ˇn� ! C (C is algebraically closed).Let ˛i D .ˇi /; we have f .˛1; : : : ; ˛n/ D 0 for all f 2 m. Since a � m this holdsalso for all f 2 a. Hence we get a zero .˛1; : : : ; ˛n/ of a in C n.

Proof of Theorem 21.4.1. Let a G KŒx1; : : : ; xn�, and let f 2 IN .a/. We have toshow that f m 2 a for some m 2 N. If f D 0 then there is nothing to show.

Now, let f ¤ 0. We consider KŒx1; : : : ; xn� as a subring of KŒx1; : : : ; xn; xnC1�

of the n C 1 independent indeterminates x1; : : : ; xn; xnC1. In KŒx1; : : : ; xn; xnC1�

we consider the ideal Na D .a; 1�xnC1f /GKŒx1; : : : ; xn; xnC1�, generated by a and1 � xnC1f .

Case 1: Na ¤ KŒx1; : : : ; xn; xnC1�.Na then has a zero .ˇ1; : : : ; ˇn; ˇnC1/ in C nC1 by Theorem 21.2.4. Hence, for

.ˇ1; : : : ; ˇn; ˇnC1/ 2 N . Na/ we have the equations:

(1) g.ˇ1; : : : ; ˇn/ D 0 for all g 2 a and

(2) f .ˇ1; : : : ; ˇn/ˇnC1 D 1.

From (1) we get .ˇ1; : : : ; ˇn/ 2 N .a/. Hence, especially, f .ˇ1; : : : ; ˇn/ D 0 forour f 2 IN .a/. But this contradicts (2). Therefore Na ¤ KŒx1; : : : ; xn; xnC1� is notpossible. Therefore we have

Section 21.5 Applications and Consequences of Hilbert’s Theorems 317

Case 2: Na D KŒx1; : : : ; xn; xnC1�, that is, 1 2 Na. Then there exists a relation of theform

1 DX

i

higi C h.1 � xnC1f / for some gi 2a and hi ; h2KŒx1; : : : ; xn; xnC1�:

The map xi 7! xi for 1 � i � n and xnC1 7! 1f

defines a homomorphism � WKŒx1; : : : ; xn; xnC1� ! K.x1; : : : ; xn/, the quotient field ofKŒx1; : : : ; xn�. From (3)we get a relation 1 D P

i hi .x1; : : : ; xn;1f/gi .x1; : : : ; xn/ in K.x1; : : : ; xn/. If we

multiply this with a suitable power f m of f we get f m D P

iQhi .x1; : : : ; xn/gi .x1;

: : : ; xn/ for some polynomials Qh 2 KŒx1; : : : ; xn�. Since gi 2 a we get f m 2 a.

21.5 Applications and Consequences of Hilbert’s Theorems

Theorem 21.5.1. Each nonempty set of algebraic K-sets in Cn contains a minimalelement. In other words: For each descending chain

V1 � V2 � � � � � Vm � VmC1 � � � � (1)

of algebraic K-sets Vi in C n there exists an integer m such that Vm D VmC1 DVmC2 D � � � , or equivalently, every strictly descending chain V1 ¥ V2 ¥ � � � ofalgebraic K-sets Vi in C n is finite.

Proof. We apply the operator I , that is, we pass to the vanishing ideals. This gives anascending chain of ideals

I.V1/ � I.V2/ � � � � � I.Vm/ � I.VmC1/ � � � � : (2)

The union of the I.Vi / is an ideal inKŒx1; : : : ; xn�, and, hence, by Theorem 21.3.3finitely generated. Hence, there is an m with I.Vm/ D I.VmC1/ D I.VmC2/ D � � � .

Now we apply the operator N and get the desired result because Vi D N I.Vi / byTheorem 21.2.4 (10).

Definition 21.5.2. An algebraic K-set V ¤ ; in C n is called irreducible if it is notdescribable as a union V D V1 [ V2 of two algebraic K-sets Vi ¤ ; in Cn withVi ¤ V for i D 1; 2. An irreducible algebraic K-set in C n is also called a K-varietyin C n.

Theorem 21.5.3. An algebraic K-set V ¤ ; in C n is irreducible if and only if itsvanishing ideal Ik.V /DI.V / is a prime ideal of RDKŒx1; : : : ; xn� with I.V /¤R.

Proof. (1) Let V be irreducible. Let fg 2 I.V /. Then V D N I.V / � N .fg/ DN .f / [ N .g/, hence V D V1 [ V2 with the algebraic K-sets V1 D N .f / \ V and


V2 D N .g/ \ V . Now V is irreducible, hence, V D V1 or V D V2; say V D V1.Then V � N .f /, and therefore f 2 IN .f / � I.V /. Since V ¤ ; we have further1 … I.V /, that is, I.V / ¤ R.

(2) Let I.V / G R with I.V / ¤ R be a prime ideal. Let V D V1 [ V2, V1 ¤ V ,with algebraic K-sets Vi in C n. First,

I.V / D I.V1 [ V2/ D I.V1/ \ I.V2/ � I.V1/I.V2/; (?)

where I.V1/I.V2/ is the ideal generated by all products fg with f 2 I.V1/, g 2I.V2/. We have I.V1/ ¤ I.V / because otherwise V1 D N I.V1/ D N I.V / D V

contradicting V1 ¤ V . Hence, there is a f 2 I.V1/ with f … I.V /. Now, I.V / ¤ R

is a prime ideal, and hence, necessarily I.V2/ � I.V / by (?). It follows that V � V2,and, hence, V is irreducible.

Note that the affine space Kn is, as the zero set of the zero polynomial 0, itselfan algebraic K-set in Kn. If K is infinite then I.Kn/ D ¹0º and, hence Kn isirreducible by Theorem 21.5.3. Moreover, if K is infinite then Kn can not be writtenas a union of finitely many proper algebraic K-subsets. If K is finite then Kn is notirreducible.

Further each algebraic K-set V in C n is also an algebraic C -set in C n. If V is anirreducible algebraic K-set in C n then, in general, it is not an irreducible algebraicC -set in C n.

Theorem 21.5.4. Each algebraic K-set V in C n can be written as a finite unionV D V1 [ V2 [ � � � [ Vr of irreducible algebraic K-sets Vi in Cn. If here Vi ª Vk

for all pairs .i; k/ with i ¤ k then this presentation is unique, up to the ordering ofthe Vi ; and then the Vi are called the irreducible K-components of V .

Proof. Let a be the set of all algebraic K-sets in C n which can not be presented as afinite union of irreducible algebraic K-sets in C n.

Assume that a ¤ ;. By Theorem 21.4.1 there is a minimal element V in a. This Vis not irreducible, otherwise we have a presentation as desired. Hence there exists apresentation V D V1 [V2 with algebraicK-sets Vi which are strictly smaller than V .By definition, both V1 and V2 have a presentation as desired, and hence V has one,too, which gives a contradiction. Hence, a D ;.

Now suppose that V D V1 [ � � � [ Vr D W1 [ � � � [Ws be two presentations of thedesired form. For each Vi we have a presentation Vi D .Vi \W1/[ � � � [ .Vi \Ws/.Each Vi \Wj is a K-algebraic set (see Theorem 21.2.4). Since Vi is irreducible, weget that there is a Wj with Vi D Vi \Wj , that is, Vi � Wj . Analogously, for this Wj

there is a Vk with Wj � Vk . Altogether Vi � Wj � Vk . But Vp ª Vq if p ¤ q.Hence, from Vi � Wj � Vk we get i D k and therefore Vi D Wj , that means, foreach Vi there is a Wj with Vi D Wj . Analogously, for each Wk there is a Vl withWk D Vl . This proves the theorem.

Section 21.5 Applications and Consequences of Hilbert’s Theorems 319

Example 21.5.5. 1. Let M D ¹ghº � RŒx; y� with g.x/ D x2 C y2 � 1 andf .x/ D x2 C y2 � 2. Then N .M/ D V D V1 [ V2 where V1 D N .g/ andV2 D N .f /, and V is not irreducible.

2. Let M D ¹f º � RŒx; y� with f .x; y/ D xy � 1; f is irreducible in RŒx; y�,therefore the ideal .f / is a prime ideal in RŒx; y�. Hence V D N .f / is irre-ducible.

Definition 21.5.6. Let V be an algebraicK-set in Cn. The residue class ringKŒV � DKŒx1; : : : ; xn�=I.V / is called the (affine) coordinate ring of V .

KŒV � can be identified with the ring of all those functions V ! C which are givenby polynomials from KŒx1; : : : ; xn�. As a homomorphic image of KŒx1; : : : ; xn�, weget that KŒV � can be described in the form KŒV � D KŒ˛1; : : : ; ˛n�; therefore a K-algebra of the formKŒ˛1; : : : ; ˛n� is often called an affineK-algebra. If the algebraicK-set V in C n is irreducible – we can call V now an (affine) K-variety in Cn – thenKŒV � is an integral domain with an identity because I.V / is then a prime ideal withI.V / ¤ R by Theorem 21.4.2. The quotient field K.V / D QuotKŒV � is called thefield of rational functions on the K-variety V .

We note the following:

1. If C is algebraically closed then V D C n is a K-variety and K.V / is the fieldK.x1; : : : ; xn/ of the rational functions in n variables over K.

2. Let the affineK-algebraA D KŒ˛1; : : : ; ˛n� be an integral domain with an iden-tity 1¤0. Then A Š KŒx1; : : : ; xn�=p for some prime ideal p¤KŒx1; : : : ; xn�.Hence, if C is algebraically closed then A is isomorphic to the coordinate ringof the K-variety V D N .p/ in C n (see Hilbert’s Nullstellensatz, first form,Theorem 21.4.1).

3. If the affineK-algebraA D KŒ˛1; : : : ; ˛n� is an integral domain with an identity1 ¤ 0 then we define the transcendence degree trgd.AjK/ to the transcendencedegree of the field extension Quot.A/jK, that is, trgd.AjK/D trgd.Quot.A/jK/,Quot.A/ the quotient field of A.

In this sense trgd.KŒx1; : : : ; xn�jK/ D n. Since Quot.A/ D K.˛1; : : : ; ˛n/ weget trgd.AjK/ � n by Theorem 20.3.10.

4. An arbitrary affine K-algebra KŒ˛1; : : : ; ˛n� is, as a homomorphic image ofthe polynomial ring KŒx1; : : : ; xn�, noetherian (see Theorem 21.2.4 and Theo-rem 21.2.3).

Example 21.5.7. Let !1; !2 2 C two elements which are linear independent over R.An element ! D m1!1 C m2!2 with m1; m2 2 Z, is called a period. The periodsdescribe an abelian group � D ¹m1!1 Cm2!2 W m1; m2 2 Zº Š Z ˚ Z and give alattice in C.


An elliptic function f (with respect to �) is a meromorphic function with periodgroup �, that is, f .z C w/ D f .z/ for all z 2 C. The Weierstrass }-function,

}.z/ D 1

z2C

X

0¤w2�

�

1

.z � w/2 � 1

w2

�

;

is an elliptic function.With g2 D 60

P

0¤w2�1

w4 and g3 D 140P

0¤w2�1

w6 we get the differential

equation }0.z/2 D 4}.z/3 Cg2}.z/Cg3 D 0. The set of elliptic functions is a fieldE, and each elliptic function is a rational function in } and } 0 (for details see, forinstance, [27]).

The polynomial f .t/ D t2 � 4s3 C g2s C g3 2 C.s/Œt � is irreducible over C.s/.For the corresponding algebraic C.s/-set V we get K.V / D C.s/Œt �=.t2 � 4s3 Cg2s C g3/ Š E with respect to t 7! }0, s 7! }.

21.6 Dimensions

From now we assume that C is algebraically closed.

Definition 21.6.1. (1) The dimension dim.V / of an algebraicK-set V in Cn is saidto be the supremum of all integersm for which there exists a strictly descendingchain V0 © V1 © � � � © Vm of K-varieties Vi in C n with Vi � V for all i .

(2) Let A be a commutative ring with an identity 1 ¤ 0. The height h.p/ of a primeideal p ¤ A of A is said to be the supremum of all integers m for which thereexists a strictly ascending chain p0 ¨ p1 ¨ � � � ¨ pm D p of prime ideals pi ofA with pi ¤ A. The dimension (Krull dimension) dim.A/ of A is said to be thesupremum of the heights of all prime ideals ¤ A in A.

Theorem 21.6.2. Let V be an algebraic K-set in C n. Then dim.V / D dim.KŒV �/.

Proof. By Theorem 21.2.4 and Theorem 21.4.2 we have a bijective map betweenthe K-varieties W with W � V and the prime ideals ¤ R D KŒx1; : : : ; xn� of Rwhich contain I.V / (the bijective map reverses the inclusion). But these prime idealscorrespond exactly with the prime ideals ¤ KŒV � of KŒV � D KŒx1; : : : ; xn�=I.V /

which gives the statement.

Section 21.6 Dimensions 321

Suppose that V is an algebraicK-set in C n and let V1; : : : ; Vr the irreducible com-ponents of V . Then dim.V / D max¹dimV1; : : : ; dimVrº because if V is a K-varietywith V 0 � V then V 0 D .V 0\V1/[� � �[.V 0\Vr/. Hence, we may restrict ourselveson K-varieties V .

If we consider the special case of the K-variety V D C 1 D C (recall that C isalgebraically closed and, hence, especially C is infinite). Then KŒV � D KŒx�, thepolynomial ring KŒx� in one indeterminate x. Now, KŒx� is a principal ideal domain,and hence, each prime ideal ¤ KŒx� is either a maximal ideal or the zero ideal ¹0ºof KŒx�. The only K-varieties in V D C are therefore V itself and the zero set ofirreducible polynomials in KŒx�. Hence, if V D C then dim.V / D dimKŒV � D 1 Dtrgd.KŒV �jK/.

Theorem 21.6.3. Let A D KŒ˛1; : : : ; ˛n� be an affine K-algebra and let A be alsoan integral domain. Let ¹0º D p0 ¨ p1 ¨ � � � ¨ pm be a maximal strictly ascendingchain of prime ideals in A (such a chain exists since A is noetherian). Then m Dtrgd.AjK/ D dim.A/. In other words:

All maximal ideals of A have the same height, and this height is equal to the tran-scendence degree of A over K.

Corollary 21.6.4. Let V be a K-variety in C n. Then dim.V / D trgd.KŒV �jK/.We prove Theorem 21.6.3 in several steps.

Lemma 21.6.5. Let R be an unique factorization domain. Then each prime ideal p

with height h.p/ D 1 is a principal ideal.

Proof. p ¤ ¹0º since h.p/ D 1. Hence there is an f 2 p, f ¤ 0. Since R isan unique factorization domain, f has a decomposition f D p1 � � �ps with primeelements pi 2 R. Now, p is a prime ideal, hence some pi 2 p because f 2 p, sayp1 2 p. Then we have the chain ¹0º ¨ .p1/ � p, and .p1/ is a prime ideal of R.Since h.p/ D 1 we get .p1/ D p.

Lemma 21.6.6. Let R D KŒy1; : : : ; yr � be the polynomial ring of the r independentindeterminates y1; : : : ; yr over the field K (recall that R is a unique factorizationdomain). If p is a prime ideal in R with height h.p/ D 1 then the residue class ringNR D R=p has transcendence degree r � 1 over K.

Proof. By Lemma 21.6.5 we have that p D .p/ for some nonconstant polynomial p 2KŒy1; : : : ; yr �. Let the indeterminate y D yr occur in p, that is, degy.p/ � 1, the de-gree in y. If f is a multiple of p then also degy.f / � 1. Hence, p\KŒy1; : : : ; yr � ¤¹0º. Therefore the residue class mapping R ! NR D KŒ Ny1; : : : ; Nyr � induces an iso-morphism KŒy1; : : : ; yr�1� ! KŒ Ny1; : : : ; Nyr�1� of the subring KŒy1; : : : ; yr�1�, thatis, Ny1; : : : ; Nyr�1 are algebraically independent over K. On the other side p. Ny1; : : : ;


Nyr�1; Nyr/ D 0 is a nontrivial algebraic relation for Nyr over K. Ny1; : : : ; Nyr�1/. Hence,altogether trgd. NRjK/ D trgd.K. Ny1; : : : ; Nyr/jK/ D r � 1 by Theorem 20.3.9.

Before we describe the last technical lemma we need some preparatory theoreticalmaterial.

Let R;A be integral domains (with identity 1 ¤ 0) and let AjR be a ring extension.We first consider only R.

(1) A subset S � R n ¹0º is called a multiplicative subset of R if 1 2 S for theidentity 1 of R, and if s; t 2 S then also st 2 S . .x; s/ � .y; t/ W, xt � ys D 0

defines an equivalence relation on M D R � S . Let xs

be the equivalence class of.x; s/ and S�1R the set of all equivalence classes. We call x

sa fraction. If we add

and multiply fractions as usual we get that S�1R becomes an integral domain; it iscalled the ring of fractions of R with respect to S . If, especially, S D R n ¹0º thenS�1R D Quot.R/, the quotient field of R.

Now, back to the general situation. i W R ! S�1R, i.r/ D r1

, defines an embed-ding of R into S�1R. Hence, we may consider R as a subring of S�1R. For eachs 2 S � R n ¹0º we have that i.s/ is an unit in S�1R, that is, i.s/ is invertible,and that each element of S�1R has the form i.s/�1i.r/ with r 2 R, s 2 S . There-fore S�1R is uniquely determined up to isomorphisms; and we have the followinguniversal property:

If � W R ! R0 is a ring homomorphism (of integral domains) such that �.s/is invertible for each s 2 S then there exist exactly one ring homomorphism � WS�1R ! R0 with �ı i D �. If a GR is an ideal in a then we write S�1a for the idealin S�1R generated by i.a/. S�1a is the set of all elements of the form a

swith a 2 a

and s 2 S ; further S�1a D .1/ , a \ S ¤ ;.Vice versa, if A G S�1R is an ideal in S�1R then we denote the ideal i�1.A/ G R

with A \ R, too. An ideal a G R is of the form a D i�1.A/ if and only if there is nos 2 S such that its image in R=a under the canonical map R ! R=a is a proper zerodivisor in R=a. Under the mapping P ! P \ R and p 7! S�1p the prime ideals inS�1R correspond exactly to the prime ideals in R which do not contain an elementof S .

We now identify R with i.R/.(2) Now, let p GR be a prime ideal in R. Then S D R n p is multiplicative. In this

case we write Rp instead of S�1R and call Rp the quotient ring of R with respect top or the localization of R of p. Put m D pRp D S�1p. Then 1 … m. Each elementof Rp=m is a unit in Rp and vice versa. In other words: Each ideal a ¤ .1/ in Rp iscontained in m, or equivalently, m is the only maximal ideal in Rp. A commutativering with an identity 1 ¤ 0, which has exactly one maximal ideal, is called a localring. Hence Rp is a local ring. From part (1) we get further: the prime ideals ofthe local ring Rp correspond bijectively to the prime ideals of R which are containedin p.

Section 21.6 Dimensions 323

(3) Now we consider our ring extension AjR as above. Let q be a prime ideal in R.Claim: If qA\R D q then there exists a prime ideal Q GA with Q \R D q (and

vice versa).Proof of the claim: If S D R n q then qA \ S D ;. Hence qS�1A is a proper

ideal in S�1A and hence contained in a maximal ideal m in S�1A, here qS�1A isthe ideal in S�1A which is generated by q. Define Q D m \ A; Q is a prime idealin A, and Q \R D q by part (1) because Q \ S D ; where S D R n q.

(4) Now letAjR be an integral extension (A;R integral domains as above). Assumethat R is integrally closed in its quotient field K. Let P GA be a prime ideal in A andp D P \R.

Claim: If q GR is a prime ideal in A with q � p then qAp \R D q.Proof of the claim: An arbitrary ˇ 2 qAp has the form ˇ D ˛

swith ˛ 2 qA, qA

the ideal in A generated by q, and s 2 S D A n p. An integral equation for ˛ 2 qA

over K is given a form ˛n C an�1˛n�1 C � � � C a0 D 0 with ai 2 q. This can be

seen as follows: we have certainly a form ˛ D b1˛1 C � � � C bm˛m with bi 2 q and˛i 2 A. The subring A0 D RŒ˛1; : : : ; ˛m� is, as an R-module, finitely generated, and˛A0 � qA0. Now, ai 2 q follows with the same type of arguments as in the proof ofTheorem 20.2.4.

Now, in addition, let ˇ 2 R. Then, for s D ˛ˇ

, we have an equation

sn C an�1

ˇsn�1 C � � � C a0

ˇnD 0

over K. But s is integral over R, and, hence, all an�1

ˇ i 2 R.We are now prepared to prove the last preliminary lemma which we need for the

proof of Theorem 21.6.3.

Lemma 21.6.7 (Krull’s going up lemma). Let AjR be an integral ring extension ofintegral domains and let R be integrally closed in its quotient field. Let p and q beprime ideals in R with q � p. Further let P be a prime ideal in A with P \ R D p.Then there exists a prime ideal Q in A with Q \R D q and Q � P.

Proof. It is enough to show that there exists a prime ideal Q in Ap with Q \R D q.This can be seen from the preceding preparations. By part (1) and (2) such a Q hasthe form Q D Q0Ap with a prime ideal Q0 in A with Q0 � P and Q \ A D Q0.It follows q D Q0 \ R � P \ R D p. And the existence of such a Q follows fromparts (3) and (4).

Proof of Theorem 21.6.3. Let first be m D 0. Then ¹0º is a maximal ideal in A and,hence, A D KŒ˛1; : : : ; ˛n� a field. By Corollary 20.3.11 then AjK is algebraic and,hence, trgd.AjK/ D 0. So, Theorem 21.3.3 holds for m D 0.

Now, let m � 1. We use Noether’s normalization theorem. A has a polynomialring R D KŒy1; : : : ; yr � of the r independent indeterminates y1; : : : ; yr as a subring,


and AjR is an integral extension. As a polynomial ring over K the ring R is a uniquefactorization domain and hence, certainly, algebraically closed (in its quotient field).

Now, let

¹0º D P0 ¨ P1 ¨ � � � ¨ Pm (1)

be a maximal strictly ascending chain of prime ideals in A. If we intersect with R weget a chain

¹0º D p0 � p1 � � � � � pm (2)

of prime ideals pi D Pi \R ofR. Since AjR is integral, the chain (2) is also a strictlyascending chain. This follows from Krull’s going up lemma (Lemma 21.6.7) becauseif pi D pj then Pi D Pj . If Pm is a maximal ideal in A then also pm is a maximalideal in R because AjR is integral (consider A=Pm and use Theorem 17.2.21). If thechain (1) is maximal and strictly then also the chain (2).

Now, let the chain (1) be maximal and strictly. If we pass to the residue class ringsNA D A=P1 and NR D R=p1 then we get the chains of prime ideals ¹0º D NP1 �NP2 � � � � � NPm and ¹0º D Np1 � Np2 � � � � � Npm for the affine K-algebras NA andNR, respectively, but with a 1 less length. By induction, we may assume that already

trgd. NAjK/ D m � 1 D trgd. NRjK/. On the other side, by construction we havetrgd.AjK/ D trgd.RjK/ D r . To prove Theorem 21.3.3 finally, we have to show thatr D m. If we compare both equations then r D m follows if trgd. NRjK/ D r � 1. Butthis holds by Lemma 21.6.6.

Theorem 21.6.8. Let V be a K-variety in Cn. Then dim.V / D n � 1 if and only ifV D .f / for some irreducible polynomial f 2 KŒx1; : : : ; xn�.

Proof. (1) Let V be a K-variety in Cn with dim.V / D n � 1. The correspond-ing ideal (in the sense of Theorem 21.2.4) is by Theorem 21.4.2 a prime ideal p inKŒx1; : : : ; xn�. By Theorem 21.3.3 and Corollary 21.3.4 we get h.p/ D 1 for theheight of p because dim.V / D n� 1 (see also Theorem 21.3.2). Since KŒx1; : : : ; xn�

is a unique factorization domain we get that p D .f / is a principal ideal by Lem-ma 21.6.5.

(2) Now let f 2 KŒx1; : : : ; xn� be irreducible. We have to show that V D N .f /

has dimension n � 1. For that, by Theorem 21.6.3, we have to show that the primeideal p D .f / has the height h.p/ D 1. Assume that this is not the case. Thenthere exists a prime ideal q ¤ p with ¹0º ¤ q � p. Choose g 2 q, g ¤ 0. Letg D uf e1�

e2

2 � � ��err be its prime factorization in KŒx1; : : : ; xn�. Now g 2 q and

f … q because q ¤ p. Hence, there is a �i in q ¨ p D .f / which is impossible.Therefore h.p/ D 1.


21.7 Exercises

1. Let A D KŒa1; : : : ; an� and C jK a field extension with C algebraically closed.Show that there is a K-algebra homomorphism KŒa1; : : : ; an� ! C .

2. Let KŒx1; : : : ; xn� be the polynomial ring of the n independent indeterminatesx1; : : : ; xn over the algebraically closed fieldK. The maximal ideals ofKŒx1; : : : ;

xn� are exactly the ideals of the form m.˛/ D .x1 � ˛1; x2 � ˛2; : : : ; xn � ˛n/

with ˛ D .˛1; : : : ; ˛n/ 2 Kn.

3. The nil radicalp0 of A D KŒa1; : : : ; an� corresponds with the Jacobson radical

of A, that is, the intersection of all maximal ideals of A.

4. Let R be a commutative ring with 1 ¤ 0. If each prime ideal of R is finitelygenerated then R is noetherian.

5. Prove the theoretical preparations for Krull’s going up lemma in detail.

6. Let KŒx1; : : : ; xn� be the polynomial ring of the n independent indeterminatesx1; : : : ; xn. For each ideal a of KŒx1; : : : ; xn� there exists a natural number mwith the following property: if f 2 KŒx1; : : : ; xn� vanishes on the zero set of a

then f m 2 a.

7. Let K be a field with charK ¤ 2 and a; b 2 K?. We consider the polynomialf .x; y/ D ax2 C by2 � 1 2 KŒx; y�, the polynomial ring of the independentindeterminates x and y. Let C be the algebraic closure of K.x/ and ˇ 2 C withf .x; ˇ/ D 0. Show that:

(i) f is irreducible over the algebraic closure C0 of K (in C ).

(ii) trgd.K.x; ˇ/jK/ D 1, ŒK.x; ˇ/ W K.x/� D 2, and K is algebraically closedin K.x; ˇ/.

Chapter 22

Algebraic Cryptography

22.1 Basic Cryptography

As we have mentioned, much of mathematics has been algebraicized, that is uses themethods and techniques of abstract algebra. Throughout this book we have lookedat various applications of the algebraic ideas. Many of these were to other areas ofmathematics, such as the insolvability of the quintic. In this final chapter we movein a slightly different direction and look at applications of algebra to cryptography.This has become increasingly important because of the extensive use of cryptographyand cryptosystems in modern commerce and communications. We first give a briefintroduction to general cryptography and its history.

Cryptography refers to the science and/or art of sending and receiving coded mes-sages. Coding and hidden ciphering is an old endeavor used by governments andmilitaries and between private individuals from ancient times. Recently it has becomeeven more prominent because of the necessity of sending secure and private informa-tion, such as credit card numbers, over essentially open communication systems.

Traditionally cryptography is the science and or art of devising and implementingsecret codes or cryptosystems. Cryptanalysis is the science and or art of breaking cryp-tosystems while cryptology refers to the whole field of cryptography plus cryptanal-ysis. In most modern literature cryptography is used synonymously with cryptology.Theoretically cryptography uses mathematics, computer science and engineering.

A cryptosystem or code is an algorithm to change a plain message, called the plain-text message, into a coded message, called the ciphertext message. In general both theplaintext message (uncoded message) and the ciphertext message (coded message)are written in some N letter alphabet which is usually the same for both plaintext andcode. The method of coding or the encoding algorithm is then a transformation ofthe N letters. The most common way to perform this transformation is to considerthe N letters as N integers modulo N and then perform a number theoretical func-tion on them. Therefore most encoding algorithms use modular arithmetic and hencecryptography is closely tied to number theory. The subject is very broad, and as men-tioned above, very current, due to the need for publically viewed but coded messages.There are many references to the subject. The book by Koblitz [60] gives an outstand-ing introduction to the interaction between number theory and cryptography. It alsoincludes many references to other sources. The book by Stinson [68] describes thewhole area.

Section 22.1 Basic Cryptography 327

Modern cryptography is usually separated into classical cryptography also calledsymmetric key cryptography and public key cryptography. In the former, both theencoding and decoding algorithms are supposedly known only to the sender and re-ceiver, usually referred to as Bob and Alice. In the latter, the encryption method ispublic knowledge but only the receiver knows how to decode.

The message that one wants to send is written in plaintext and then converted intocode. The coded message is written in ciphertext. The plaintext message and cipher-text message are written in some alphabets that are usually the same. The processof putting the plaintext message into code is called enciphering or encryption whilethe reverse process is called deciphering or decryption. Encryption algorithms breakthe plaintext and ciphertext message into message units. These are single letters orpairs of letters or more generally k-vectors of letters. The transformations are doneon these message units and the encryption algorithm is a mapping from the set ofplaintext message units to the set of ciphertext message units. Putting this into amathematical formulation we let

P D set of all plaintext message units

C D set of all ciphertext message units:

The encryption algorithm is then the application of an invertible function

f W P ! C :

The function f is the encryption map. The inverse

f �1 W C ! P

is the decryption or deciphering map. The triple ¹P ;C ; f º, consisting of a set ofplaintext message units, a set of cipertext message units and an encryption map, iscalled a cryptosystem.

Breaking a code is called cryptanalysis. An attempt to break a code is called anattack. Most cryptanalysis depends on a statistical frequency analysis of the plaintextlanguage used (see exercises). Cryptanalysis depends also on a knowledge of the formof the code, that is, the type of cryptosystem used.

We now give some examples of cryptosystems and cryptanalysis.

Example 22.1.1. The simplest type of encryption algorithm is a permutation cipher.Here the letters of the plaintext alphabet are permuted and the plaintext message issent in the permuted letters. Mathematically if the alphabet has N letters and is apermutation on 1; : : : ; N , the letter i in each message unit is replaced by .i/. Forexample suppose the plaintext language is English and the plaintext word is BOB and

328 Chapter 22 Algebraic Cryptography

the permutation algorithm is

a b c d e f g h i j k l mb c d f g h j k l n o p r

n o p q r s t u v w x y zs t v w x a e i z m q y u

then BOB ! CSC.

Example 22.1.2. A very straightforward example of a permutation encryption algo-rithm is a shift algorithm. Here we consider the plaintext alphabet as the integers0; 1; : : : ; N � 1 mod N . We choose a fixed integer k and the encryption algorithm is

f W m ! mC k mod N:

This is often known as a Caesar code after Julius Caesar who supposedly inventedit. It was used by the Union Army during the American Civil War. For example ifboth the plaintext and ciphertext alphabets were English and each message unit wasa single letter then N D 26. Suppose k D 5 and we wish to send the messageATTACK. If a D 0 then ATTACK is the numerical sequence 0; 20; 20; 0; 2; 11. Theencoded message would then be FZZFIP.

Any permutation encryption algorithm which goes letter to letter is very simple toattack using a statistical analysis. If enough messages are intercepted and the plaintextlanguage is guessed then a frequency analysis of the letters will suffice to crack thecode. For example in the English language the three most commonly occurring lettersare E, T and A with a frequency of occurrence of approximately 13% and 9% and 8%respectively. By examining the frequency of occurrences of letters in the ciphertextthe letters corresponding to E, T and A can be uncovered.

Example 22.1.3. A variation on the Caesar code is the Vignère code. Here messageunits are considered as k-vectors of integers mod N from an N letter alphabet. LetB D .b1; : : : ; bk/ be a fixed k-vector in Zk

n. The Vignère code then takes a messageunit

.a1; : : : ; ak/ ! .a1 C b1; : : : ; ak C bk/ mod N:

From a cryptanalysis point of view a Vignère code is no more secure than a Caesarcode and is susceptible to the same type of statistical attack.

The Alberti Code is a polyalphabetic cipher and can be often be used to thwart astatistical frequency attack. We describe it in the next example.

Example 22.1.4. Suppose we have an N letter alphabet. We then form an N � N

matrix P where each row and column is a distinct permutation of the plaintext alpha-bet. Hence P is a permutation matrix on the integers 0; : : : ; N � 1. Bob and Alice

Section 22.1 Basic Cryptography 329

decide on a keyword. The keyword is placed above the plaintext message and theintersection of the keyword letter and plaintext letter below it will determine whichcipher alphabet to use. We will make this precise with an 9 letter alphabet A, B, C, D,E, O, S, T, U. Here for simplicity we will assume that each row is just a shift of theprevious row, but any permutation can be used.

Key LettersA B C D E O S T U

a A a b c d e o s t ul B b c d e o s t u ap C c d e o s t u a bh D d e o s t u a b ca E e o s t u a b c db O o s t u a b c d ee S s t u a b c d e ot T t u a b c d e o ss U u a b c d e o s t.

Suppose the plaintext message is STAB DOC and Bob and Alice have chosen thekeyword BET. We place the keyword repeatedly over the message

B E T B E T BS T A B D O C:

To encode we look at B which lies over S. The intersection of the B key letter and theS alphabet is a t so we encrypt the S with T. The next key letter is E which lies over T.The intersection of the E keyletter with the T alphabet is c. Continuing in this mannerand ignoring the space we get the encryption

STAB DOC ! TCTCTDD:

Example 22.1.5. A final example, which is not number theory based, is the so-calledBeale Cipher. This has a very interesting history which is related in the popularbook Archimedes Revenge by Paul Hoffman (see [56]). Here letters are encryptedby numbering the first letters of each word in some document like the Declaration ofIndependence or the Bible. There will then be several choices for each letter and aBeale cipher is quite difficult to attack.

Until relatively recent times cryptography was mainly concerned with message con-fidentiality – that is sending secret messages so that interceptors or eavesdropperscannot decipher them. The discipline was primarily used in military and espionagesituations. This changed with the vast amount of confidential data that had to betransmitted over public airways so the field has expanded to many different types ofcryptographic techniques such as digital signatures and message authentications.


Cryptography and encryption does have a long and celebrated history. In the Bible,in the book of Jeremiah, they use what is called an Atabash Code. In this code theletters of the alphabet – Hebrew in the Bible but can be used with any alphabet – arepermuted first to last. That is, in the Latin alphabet, Z would go to A and so on.

The Kabbalists and the Kabbala believe that the Bible – written in Hebrew whereeach letter also stands for a number – is a code from heaven. They have devisedelaborate ways to decode it. This idea has seeped into popular culture where the book“The Bible Code” became a bestseller.

In his military campaigns Julius Caesar would send out coded messages. Hismethod, which we looked at in the last section, is now known as a Caesar code. Itis a shift cipher. That is each letter is shifted a certain amount to the right. A shiftcipher is a special case of an affine cipher that will be elaborated upon in the nextsection. The Caesar code was resurrected and used during the American Civil War.

Coded messages produced by most of the historical methods reveal statistical in-formation about the plaintext. This could be used in most cases to break the codes.The discovery of frequency analysis was done by the Arab mathematician Al-Kindiin the ninth century and the basic classical substitution ciphers became more or lesseasily breakable. About 1470 Leon Alberti developed a method to thwart statisticalanalysis. His innovation was to use a polyalphabetic cipher where different parts ofthe message are encrypted with different alphabets. We looked at an example of anAlberti code in this section.

A different way to thwart statistical attacks is to use blank and neutral letters, thatis meaningless letters within the message. Mary, Queen of Scots, used a randompermutation cipher with neutrals in it, where a neutral was a random meaninglesssymbol. Unfortunately for her, her messages were decoded and she was beheaded.

There have been various physical devices and aids used to create codes. Priorto the widespread use of the computer the most famous cryptographic aid was theEnigma machine developed and used by the German military during the Second WorldWar. This was a rotor machine using a polyalphabetic cipher. An early version wasbroken by Polish cryptographers early in the war so a larger system was built that wasconsidered unbreakable. British cryptographers led by Alan Turing broke this andBritish knowledge of German secrets had a great effect on the latter part of the war.

The development of digital computers allowed for the development of much morecomplicated cryptosystems. Further this allowed for the encryption using anythingthat can be placed in binary formats whereas historical cryptosystems could only berendered using language texts. This has revolutionized cryptography.

In 1976 Diffie and Hellman developed the first usable public key exchange protocol.This allowed for the transmission of secret data over open airways. A year later Rivest,Adelman and Shamir, developed the RSA algorithm, a second public key protocol.There are now many and we will discuss them later. In 1997 it became known thatpublic key cryptography had been developed earlier by James Ellis working for British

Section 22.2 Encryption and Number Theory 331

Intelligence and that both the Diffie–Hellman and RSA protocols had been developedearlier by Malcom Williamson and Clifford Cocks respectively.

22.2 Encryption and Number Theory

Here we describe some basic number theoretically derived cryptosystems. In applyinga cryptosystem to an N letter alphabet we consider the letters as integers mod N .The encryption algorithms then apply number theoretic functions and use modulararithmetic on these integers. One example of this was the shift, or Caesar cipher,described in the last section. In this encryption method a fixed integer k is chosen andthe encryption map is given

f W m ! mC k mod N:

The shift algorithm is a special case of an affine cipher. Recall that an affine mapon a ring R is a function f .x/ D ax C b with a; b; x 2 R. We apply such a map tothe ring of integers modulo n, that is, R D Zn, as the encryption map. Specificallyagain suppose we have an N letter alphabet and we consider the letters as the integers0; 1; : : : ; N � 1 mod N , that is in the ring ZN . We choose integers a; b 2 ZN with.a;N / D 1 and b ¤ 0. a; b are called the keys of the cryptosystem . The encryptionmap is then given by

f W m ! amC b mod N:

Example 22.2.1. Using an affine cipher with the English language and keys a D 3,b D 5 encode the message EAT AT JOE’S. Ignore spaces and punctuation.

The numerical sequence for the message ignoring the spaces and punctuation is

4; 0; 19; 0; 19; 9; 14; 4; 18:

Applying the map f .m/ D 3mC 5 mod 26 we get

17; 5; 62; 5; 62; 32; 47; 17; 59 ! 17; 5; 10; 5; 10; 6; 21; 17; 7:

Now rewriting these as letters we get

EAT AT JOE’S ! RFKFKGVRH:

Since .a;N / D 1 the integer a has a multiplicative inverse a�1 mod N . The de-cryption map for an affine cipher with keys a; b is then

f �1 W m ! a�1.m � b/ mod N:

Since an affine cipher, as given above, goes letter to letter it is easy to attack usinga statistical frequency approach. Further if an attacker can determine two letters and


knows that it is an affine cipher the keys can be determined and the code broken. Togive better security it is preferable to use k-vectors of letters as message units. Theform then of an affine cipher becomes

f W v ! Av C B

where here v and B are k-vectors from ZkN and A is an invertible k � k matrix with

entries from the ring ZN . The computations are then done modulo N . Since v is ak-vector and A is a k � k matrix the matrix product Av produces another k-vectorfrom Zk

N . Adding the k-vectorB again produces a k-vector so the ciphertext messageunit is again a k-vector. The keys for this affine cryptosystem are the encipheringmatrix A and the shift vector B . The matrix A is chosen to be invertible over ZN

(equivalent to the determinant of A being a unit in the ring ZN ) so the decryptionmap is given by

v ! A�1.v � B/:Here A�1 is the matrix inverse over ZN and v is a k-vector. The enciphering matrixA and the shift vector B are now the keys of the cryptosystem.

A statistical frequency attack on such a cryptosystem requires knowledge, withina given language, of the statistical frequency of k-strings of letters. This is moredifficult to determine than the statistical frequency of single letters. As for a letter toletter affine cipher, if k C 1 message units, where k is the message block length, arediscovered, then the code can be broken.

Example 22.2.2. Using an affine cipher with message units of length 2 in the Englishlanguage and keys

A D�

5 1

8 7

�

; B D .5; 3/

encode the message EAT AT JOE’S. Again ignore spaces and punctuation.Message units of length 2, that is 2-vectors of letters are called digraphs. We first

must place the plaintext message in terms of these message units. The numericalsequence for the message EAT AT JOE’S ignoring the spaces and punctuation is asbefore

4; 0; 19; 0; 19; 9; 14; 4; 18:

Therefore the message units are

.4; 0/; .19; 0/; .19; 9/; .14; 4/; .18; 18/

repeating the last letter to end the message.The enciphering matrix A has determinant 1 which is a unit mod 26 and hence is

invertible so it is a valid key.

Section 22.2 Encryption and Number Theory 333

Now we must apply the map f .v/ D AvCB mod 26 to each digraph. For example

A

�

4

0

�

C B D�

5 1

8 7

��

4

0

�

C�

5

3

�

D�

20

32

�

C�

5

3

�

D�

25

9

�

:

Doing this to the other message units we obtain

.25; 9/; .22; 25/; .5; 10/; .1; 13/; .9; 13/:

Now rewriting these as digraphs of letters we get

(Z, J), (W, Z), (F, K), (B, N), (J, N):

Therefore the coded message is

EAT AT JOE’S ! ZJWZFKBNJN:

Example 22.2.3. Suppose we receive the message ZJWZFKBNJN and we wish todecode it. We know that an affine cipher with message units of length 2 in the Englishlanguage and keys

A D�

5 1

8 7

�

; B D .5; 3/

is being used.The decryption map is given by

v ! A�1.v � B/:so we must find the inverse matrix for A. For a 2� 2 invertible matrix

�

a bc d

�

we have

�

a b

c d

��1

D 1

ad � bc�

d �b�c a

�

:

Therefore in this case recalling that multiplication is mod 26

A D�

5 1

8 7

�

H) A�1 D�

7 �1�8 5

�

:

The message ZJWZFKBNJN in terms of message units is

.25; 9/; .22; 25/; .5; 10/; .1; 13/; .9; 13/:

We apply the decryption map to each digraph. For example

A�1

��

20

6

�

� B�

D�

7 �1�8 5

��

25

9

�

��

5

3

��

D .4; 0/:


Doing this to each we obtain

.4; 0/; .19; 0/; .19; 9/; .14; 4/; .18; 18/

and rewriting in terms of letters

(E, A), (T, A), (T, J), (O, E), (S, S):

This gives us

ZJWZFKBNJN ! EATATJOESS:

Modern cryptography is done via a computer. Hence all messages both plaintextand ciphertext are actually presented as binary strings. Important in this regard is theconcept of a hash function.

A cryptographic hash function is a deterministic function

h W S ! ¹0; 1ºn

that returns for each arbitrary block of data, called a message, a fixed size bit string.It should have the property that a change in the data will change the hash value. Thehash value is called the digest.

An ideal cryptographic hash function has the following properties:

(1) It is easy to compute the hash value for any given message.

(2) It is infeasible to find a message that has a given hash value (preimage resistant).

(3) It is infeasible to modify a message without changing its hash.

(4) It is infeasible to find two different messages with the same hash (collision re-sistant).

A cryptographic hash function can serve as a digital signature.Hash functions can also be used with encryption. Suppose that Bob and Alice want

to communicate openly. They have exchanged a secret key K that supposedly onlythey know. Let fK be an encryption function or encryption algorithm based on thekey K. Alice wants to send the message m to Bob and m is given as a binary bitstring. Alice sends to Bob

fK.m/˚ h.K/

where ˚ is addition modulo 2.Bob knows the key K and hence its hash value h.K/. He now computes

fK.m/˚ h.K/˚ h.K/:

Section 22.3 Public Key Cryptography 335

Since addition modulo 2 has order 2 we have

fK.m/˚ h.K/˚ h.K/ D fk.M/:

Bob now applies the decryption algorithm f �1K to decode the message.

Alice could have just as easily sent fK.m/ ˚ K. However sending the hash hastwo benefits. Usually the hash is shorter than the key and from the properties of hashfunctions it gives another level of security. As we will see, tying the secret key tothe actual encryption in this manner is the basis for the El-Gamal and elliptic curvecryptographic methods.

The encryption algorithm fK is usually a symmetric key encryption so that any-one knowing K can encrypt and decrypt easily. However it should be resistant toplaintext-ciphertext attacks. That is if an attacker gains some knowledge of a pieceof plaintext together with the corresponding ciphertext it should not compromise thewhole system.

The encryption algorithm can either be a block cipher or a stream cipher. In theformer, blocks of fixed length k are transformed into blocks of fixed length n andthere is a method to ties the encrypted blocks together. In the latter, a stream cipher,bits are transformed one by one into new bit strings by some procedure.

In 2001 the National Institute of Standards and Technology adopted a block ci-pher now called AES for Advanced Encryption System as the industry standard for asymmetric key encryption. Although not universally used it is the most widely used.This block cipher was a standardization of the Rijnadel cipher named after its inventorRijmen and Daeman.

AES replaced DES or Digital Encryption System which had been the standard.Parts of DES were found to be insecure. AES proceeds with several rounds of en-crypting blocks and then mixing blocks. The mathematics in AES is done over thefinite field GF.28/.

22.3 Public Key Cryptography

Presently there are many instances where secure information must be sent over opencommunication lines. These include for example banking and financial transactions,purchasing items via credit cards over the Internet and similar things. This led to thedevelopment of public key cryptography. Roughly, in classical cryptography only thesender and receiver know the encoding and decoding methods. Further it is a featureof such cryptosystems, such as the ones that we’ve looked at, that if the encryptingmethod is known then the decryption can be carried out. In public key cryptogra-phy the encryption method is public knowledge but only the receiver knows how todecode. More precisely in a classical cryptosystem once the encrypting algorithm isknown the decryption algorithm can be implemented in approximately the same orderof magnitude of time. In a public key cryptosystem, developed first by Diffie and


Hellman, the decryption algorithm is much more difficult to implement. This diffi-culty depends on the type of computing machinery used and as computers get better,new and more secure public key cryptosystems become necessary.

The basic idea in a public key cryptosystem is to have a one-way function or trap-door function. That is a function which is easy to implement but very hard to invert.Hence it becomes simple to encrypt a message but very hard, unless you know theinverse, to decrypt.

The standard model for public key systems is the following. Alice wants to send amessage to Bob. The encrypting map fA for Alice is public knowledge as well as theencrypting map fB for Bob. On the other hand the decryption algorithms f �1

A andf �1

B are secret and known only to Alice and Bob respectively. Let P be the messageAlice wants to send to Bob. She sends fBf

�1A .P /. To decode Bob applies first f �1

B ,which only he knows. This gives him f �1

B .fBf�1

A .P // D f �1A .P /. He then looks

up fA which is publically available and applies this fA.f�1

A .P // D P to obtain themessage. Why not just send fB.P /. Bob is the only one who can decode this. Theidea is authentication, that is being certain from Bob’s point of view that the messagereally came from Alice. Suppose P is Alice’s verification; signature, social securitynumber etc. If Bob receives fB.P / it could be sent by anyone since fB is public. Onthe other hand since only Alice supposedly knows f �1

A getting a reasonable messagefrom fA.f

�1B fBf

�1A .P // would verify that it is from Alice. Applying f �1

B aloneshould result in nonsense.

Getting a reasonable one way function can be a formidable task. The most widelyused (at present) public key systems are based on difficult to invert number theoreticfunctions. The original public key system was developed by Diffie and Hellman in1976. It was followed closely by a second public key system developed by Rivest,Shamir and Adeelman known as the RSA system. Although at present there are manydifferent public key systems in use most are variations of these original two. Thevariations are attempts to make the systems more secure. We will discuss four suchsystems.

22.3.1 The Diffie–Hellman Protocol

Diffie and Hellman in 1976 developed the original public key idea using the discretelog problem. In modular arithmetic it is easy to raise an element to a power but difficultto determine, given an element, if it is a power of another element. Specifically if Gis a finite group, such as the cyclic multiplicative group of Zp where p is a prime,and h D gk for some k then the discrete log of h to the base g is any integer t withh D gt .

The rough form of the Diffie–Hellman public key system is as follows. Bob andAlice will use a classical cryptosystem based on a key k with 1 < k < q � 1 whereq is a prime. It is the key k that Alice must share with Bob. Let g be a multiplicative


generator of Z?q the multiplicative group of Zq . The generator g is public. It is known

that this group is cyclic if q is a prime.Alice chooses an a 2 Zq with 1 < a < q � 1. She makes public ga. Bob chooses

a b 2 Z?q and makes public gb . The secret key is gab . Both Bob and Alice, but

presumably none else, can discover this key. Alice knows her secret power a and thevalue gb is public from Bob. Hence she can compute the key gab D .gb/a. Theanalogous situation holds for Bob. An attacker however only knows ga and gb and g.Unless the attacker can solve the discrete log problem the key exchange is secure.

Given q; g; ga; gb the problem of determining the secret key gab is called theDiffie–Hellman problem. At present the only known solution is to solve the discretelog problem which appears to be very hard. In choosing the prime q and the generatorg it is assumed that the prime q is very large so that the order of g is very large. Thereare algorithms to solve the discrete log problem is q is too small.

One attack on the Diffie–Hellman key exchange is a man in the middle attack. Sincethe basic protocol involves no authentication an attacker can pretend to be Bob andget information from Alice and then pretend to be Alice and get information fromBob. In this way the attacker could get the secret shared key. To prevent this, digitalsignatures are often used (see [60] for a discussion of these).

The decision Diffie–Hellman problem is given a prime q and ga mod q, gb mod qand gc mod q determine if gc D gab.

In 1997 it became known that the ideas of public key cryptography were developedby British Intelligence Services prior to Diffie and Hellman.

22.3.2 The RSA Algorithm

In 1977 Rivest, Adelman and Shamir developed the RSA algorithm, which is presently(in several variations) the most widely used public key cryptosystem. It is based onthe difficulty of factoring large integers and in particular on the fact that it is easier totest for primality than to factor very large integers.

In basic form the RSA algorithm works as follows. Alice chooses two large primespA; qA and an integer eA relatively prime to �.pAqA/ D .pA � 1/.qA � 1/ where �is the Euler phi-function. It is assumed that these integers are chosen randomly tominimize attack. Primality tests arise in the following manner. Alice first randomlychooses a large odd integer m and tests it for primality. If its prime it is used. Ifnot, she tests m C 2, m C 4 and so on until she gets her first prime pA. She thenrepeats the process to get qA. Similarly she chooses another odd integer m and testsuntil she gets an eA relatively prime to �.pAqA/. The primes she chooses should bequite large. Originally RSA used primes of approximately 100 decimal digits, but ascomputing and attack have become more sophisticated, larger primes have had to beutilized. Presently keys with 400 decimal digits are not uncommon. Once Alice hasobtained pA; qA; eA she lets nA D pAqA and computes dA, the multiplicative inverseof eA modulo �.nA/. That is dA satisfies eAdA � 1 mod .pA �1/.qA �1/. She makes


public the enciphering key KA D .nA; eA/ and the encryption algorithm known to allis

fA.P / D P eA mod nA

where P 2 ZnAis a message unit. It can be shown that if .eA; .pA � 1/.qA � 1// D 1

and eAdA � 1 mod .pA � 1/.qA � 1/ then P eAdA � P mod nA (see exercises).Therefore the decryption algorithm is

f �1A .C/ D Cda mod nA:

Notice then that f �1A .fA.P // D P eAdA � P mod nA so it is the inverse.

Now Bob makes the same type of choices to obtain pB ; qB ; eB . He lets nB DpBqB and makes public his key KB D .nB ; eB/.

If Alice wants to send a message to Bob that can be authenticated to be from Aliceshe sends fB.f

�1A .P //. An attack then requires factoring nA or nB which is much

more difficult than obtaining the primes pA; qA; pB ; qB .In practice suppose there is an N letter alphabet which is to be used for both plain-

text and ciphertext. The plaintext message is to consist of k vectors of letters and theciphertext message of l vectors of letters with k < l . Each of the k plaintext lettersin a message unit P are then considered as integers mod N and the whole plaintextmessage is considered as a k digit integer written to the base N (see example below).The transformed message is then written as an l digit integer mod N and then thedigits are then considered integers mod N from which encrypted letters are found.To ensure that the range of plaintext messages and ciphertext messages are the samek < l are chosen so that

N k < nU < N l

for each user U, that is nU D pU qU . In this case any plaintext message P is aninteger less than N k considered as an element of ZnU

. Since nU < N l the imageunder the power transformation corresponds to an l digit integer written to the baseN and hence to an l letter block. We give an example with relatively small primes. Inreal world applications the primes would be chosen to have over a hundred digits andthe computations and choices must be done using good computing machinery.

Example 22.3.1. Suppose N D 26, k D 2 and l D 3. Suppose further that Alicechooses pA D 29, qA D 41, eA D 13. Here nA D 29 � 41 D 1189 so she makespublic the key KA D .1189; 13/. She then computes the multiplicative inverse dA

of 13 mod 1120 D 28 � 40. Now suppose we want to send her the message TABU.Since k D 2 the message units in plaintext are 2 vectors of letters so we separate themessage into TA BU. We show how to send TA. First the numerical sequence for theletters TA mod 26 is (19,0). We then use these as the digits of a 2-digit number to thebase 26. Hence

TA D 19 � 26C 0 � 1 D 494:


We now compute the power transformation using her eA D 13 to evaluate

f .19; 0/ D 49413 mod 1189:

This is evaluated as 320. Now we write 320 to the base 26. By our choices of k; l thiscan be written with a maximum of 3 digits to this base. Then

320 D 0 � 262 C 12 � 26C 8:

The letters in the encoded message then correspond to .0; 12; 8/ and therefore theencryption of TA is AMI.

To decode the message Alice knows dA and applies the inverse transformation.

Since we have assumed that k < l this seems to restrict the direction in whichmessages can be sent. In practice to allow messages to go between any two users thefollowing is done. Suppose Alice is sending an authenticated message to Bob. Thekeys kA D .nA; eA/; kB D .nB ; eB/ are public. If nA < nB Alice sends fBf

�1A .P /.

On the other hand if nA > nB she sends f �1A fB.P /.

There have been attacks on RSA for special types of primes so care must be chosenin choosing the primes.

The computations and choices used in real world implementations of the RSA algo-rithm must be done with computers. Similarly, attacks on RSA are done via comput-ers. As computing machinery gets stronger and factoring algorithms get faster, RSAbecomes less secure and larger and larger primes must be used. In order to combatthis, other public key methods are in various stages of ongoing development. RSA andDiffie–Hellman and many related public key cryptosystems use properties in abeliangroups. In recent years a great deal of work has been done to encrypt and decrypt us-ing certain nonabelian groups such as linear groups or braid groups. We will discussthese later in the chapter.

22.3.3 The El-Gamal Protocol

The El-Gamal cryptosystem is a method to use the Diffie–Hellman key exchangemethod to do encryption. The method works as follows and uses the fact that hashfunctions can also be used with encryption. Suppose that Bob and Alice want tocommunicate openly. They have exchanged a secret key K that supposedly only theyknow. Let fK be an encryption function or encryption algorithm based on the key K.Alice wants to send the message m to Bob and m is given as a binary bit string. Alicesends to Bob

fK.m/˚ h.K/

where ˚ is addition modulo 2.Bob knows the key K and hence its hash value h.K/. He now computes

fK.m/˚ h.K/˚ h.K/:


Since addition modulo 2 has order 2 we have

fK.m/˚ h.K/˚ h.K/ D fk.M/:

Bob now applies the decryption algorithm f �1K to decode the message.

Hence if K is a publicly exchanged secret key and fK is a cryptosystem based onK then the above format allows an encryption algorithm to go with the key exchange.The El-Gamal system does this with the Diffie–Hellman key exchange protocol.

Suppose that Bob and Alice want to communicate openly. Alice chooses a primeq and a generator g of the multiplicative group Zq . q should be large enough tothwart the known discrete logarithm algorithms. Alice then chooses an integer a with1 < a < q � 1. She then computes

A D ga mod q:

Her public key is then .q; g; A/. Bob wants to send a message M to Alice. He firstencrypts the message an integerm mod q. For Bob to now send an encrypted messagem to Alice he chooses a random integer b with 1 < b < q � 2 and compute

B D gb mod q:

Bob then sends to Alice the integer

c D Abm mod q

that is Bob encrypts the whole message by multiplying it by the Diffie–Hellmanshared key. The complete El-Gamal ciphertext is then the pair .B; c/.

How does Alice decode the message. Given the message m she knows how toreconstruct the plaintext message M so she must recover the mod q integer m. As inthe Diffie–Hellman key exchange she can compute the shared key Ab D Ba. She canthen divide c by this Diffie–Hellman key gab to obtain m. To avoid having to find theinverse of Ba mod q which can be difficult she computes the exponent x D p�1�a.The inverse is then Bx mod q.

For each new El-Gamal encryption a new exponent b is chosen so that there is arandom component of El-Gamal which improves the security.

Breaking the El-Gamal system is as difficult as breaking the Diffie–Hellman pro-tocol and hence is based on the difficulty of the discrete log problem. However theEl-Gamal has the advantage that the choice of primes is random. As mentioned theprimes should be chosen large enough to not be susceptible to known discrete logalgorithms. Presently the primes should be of binary length at least 512.

c D Abm mod q:


22.3.4 Elliptic Curves and Elliptic Curve Methods

A very powerful approach which has had wide ranging applications in cryptographyis to use elliptic curves. If F is a field of characteristic not equal to 2 or 3 then anelliptic curve over F is the locus of points .x; y/ 2 F � F satisfying the equation

y2 D x3 C ax C b with 4a3 C 27b2 ¤ 0:

We denote by 0 a single point at infinity and let

E.F / D ¹.x; y/ 2 F � F W y2 D x3 C ax C bº [ ¹0º:The important thing about elliptic curves from the viewpoint of cryptography is that

a group structure can be placed on E.F /. In particular we define the operation C onE.F / by

1. 0C P D P for any point P 2 E.F /.2. If P D .x; y/ then �P D .x;�y/ and �0 D 0.

3. P C .�P / D 0 for any point P 2 E.F /.4. If P1 D .x1; y1/; P2 D .x2; y2/ with P1 ¤ �P2 then

P1 C P2 D .x3; y3/ with

x3 D m2 � .x1 C x2/; y3 D �m.x3 � x1/ � y1

andm D y2 � y1

x2 � x1if x2 ¤ x1

and

m D 3x21 C a

2y1if x2 D x1:

This operation has a very nice geometric interpretation if F D R the real numbers.It is known as the chord and tangent method. If P1 ¤ P2 are two points on the curvethen the line through P1; P2 intersects the curve at another point P3. If we reflect P3

through the x-axis we get P1 C P2. If P2 D P2 we take the tangent line at P1.With this operation E.F / becomes an abelian group (due to Cassels) whose struc-

ture can be worked out.

Theorem 22.3.2. E.F / together with the operations defined above forms an abeliangroup. In F is a finite field of order pk then E.F / is either cyclic or has the structure

E.F / D Zm1� Zm2

with m1jm2 and m1j.pk � 1/.


A comprehensive description and discussion of elliptic curve methods can be foundin Crandall and Pomerance [52].

The groups of elliptic curves can be used for cryptography as developed by Koblitzand others. If q is a prime and a; b 2 Zq then we can form the elliptic curve E.p Wa; b/ and the corresponding elliptic curve abelian group. In this group the Diffie–Hellman key exchange protocol and the corresponding El-Gamal encryption systemcan be implemented. Care must be taken that the discrete log problem in E.qI a; b/ isdifficult. The curve is then called a cryptographically secure elliptic curve.

Elliptic curve public-key cryptosystems are at present the most important commu-tative alternatives to the use of the RSA algorithm. There are several reasons for this.They are more efficient in many cases than RSA and keys in elliptic curve systems aremuch smaller than keys in RSA. It is felt that it is important to have good workablealternatives to RSA in the event that factoring algorithms become strong enough tocompromise RSA encryption.

22.4 Noncommutative Group based Cryptography

The public key cryptosystems and public key exchange protocols that we have dis-cussed, such as the RSA algorithm, Diffie–Hellman, El-Gamal and elliptic curvemethods are number theory based and hence depend on the structure of abelian groups.Although there have been no overall successful attacks on the standard methods thereis a feeling that the strength of computing machinery has made these techniques theo-retically susceptible to attack. As a result of this, there has been a recent active line ofresearch to develop cryptosystems and key exchange protocols using noncommutativecryptographic platforms. This line of investigation has been given the broad title ofnoncommutative algebraic cryptography. Since most of the cryptographic platformsare groups this is also known as group based cryptography. The book by Myasnikov,Shpilrain and Ushakov [63] provides an overview of group based cryptographic meth-ods tied to complexity theory.

Up to this point the main sources for noncommutative cryptographic platforms hasbeen nonabelian groups. In cryptosystems based on these objects algebraic propertiesof the platforms are used prominently in both devising cryptosystems and in crypt-analysis. In particular the nonsolvability of certain algorithmic problems in finitelypresented groups, such as the conjugator search problem, has been crucial in encryp-tion and decryption.

The main sources for nonabelian groups are combinatorial group theory and lin-ear group theory. Braid group cryptography (see [53]), where encryption is donewithin the classical braid groups, is one prominent example. The one way functionsin braid group systems are based on the difficulty of solving group theoretic decisionproblems such as the conjugacy problem and conjugator search problem. Althoughbraid group cryptography had initial spectacular success, various potential attacks

Section 22.4 Noncommutative Group based Cryptography 343

have been identified. Borovik, Myasnikov, Shpilrain [49] and others have studied thestatistical aspects of these attacks and have identified what are termed black holesin the platform groups outside of which present cryptographic problems. Baumslag.Fine and Xu in [46] and [69] suggested potential cryptosystems using a combinationof combinatorial group theory and linear groups and a general schema for the thesetypes of cryptosystems was given. In [47] a public key version of this schema usingthe classical modular group as a platform was presented. A cryptosystem using theextended modular group SL2.Z/ was developed by Yamamura [70] but was subse-quently shown to have loopholes [67]. In [47] attacks based on these loopholes wereclosed.

The extension of the cryptographic ideas to noncommutative platforms involves thefollowing ideas,

(1) General Algebraic Techniques for Developing Cryptosystems

(2) Potential Algebraic Platforms (Specific Groups, Rings, etc.) for implementingthe Techniques

(3) Cryptanalysis and Security Analysis of the Resulting Systems.

The main source for noncommutative platforms are nonabelian groups and the mainmethod for handling nonabelian groups in cryptography is combinatorial group theorywhich we discussed in detail in Chapter 14. The basic idea in using combinatorialgroup theory for cryptography is that elements of groups can be expressed as wordsin some alphabet. If there is an easy method to rewrite group elements in terms ofthese words and further the technique used in this rewriting process can be suppliedby a secret key then a cryptosystem can be created.

One of the earliest descriptions of a free group cryptosystem was in a paper byW. Magnus in the early 1970s [61]. Recall that the classical modular group M isM D PSL2.Z/. Hence M consists of the 2 � 2 projective integral matrices:

M D²

˙�

a b

c d

�

W ad � bc D 1; a; b; c; d 2 Z

³

:

Equivalently M can be considered as the set of integral linear fractional transforma-tions with determinant 1:

z0 D az C b

cz C d; ad � bc D 1; a; b; c; d 2 Z:

Magnus proved the following theorem.

Theorem 22.4.1 ([46]). The matrices

˙�

1 1

1 2

�

; ˙�

1C 4t2 2t

2t 1

�

; t D 1; 2; 3; : : :


freely generate a free subgroup F of infinite index in M . Further distinct elements ofF have distinct first columns.

Since the entries in the generating matrices are positive we can do the following.Choose a set

T1; : : : ; Tn

of projective matrices from the set above with n large enough to encode a desiredplaintext alphabet A. Any message would be encoded by a word

W.T1; : : : ; Tn/

with nonnegative exponents. This represents an element g of F . The two elementsin the first column determine W and therefore g. Receiving W then determines themessage uniquely.

The idea of using the difficulty of group theory decision problems in infinite non-abelian groups was first developed by Magyarik and Wagner in 1985. They deviseda public key protocol based on the difficulty of the solution of the word problem (seeChapter 14). Although this was a seminal idea their basic cryptosystem was really un-workable and not secure in the form they presented. Wagner and Magyarik outlineda conceptual public key cryptosystem based on the hardness of the word problem forfinitely presented groups. At the same time, they gave a specific example of sucha system. González Vasco and Steinwandt proved that their approach is vulnerableto so-called reaction attacks. In particular, for the proposed instance it is possible toretrieve the private key just by watching the performance of a legitimate recipient.

The general scheme of the Wagner and Magyarik public-key cryptosystemis asfollows. Let X be a finite set of generators, and let R and S be finite sets of relatorssuch that the group G0 D hX IR [ Si has an easy word problem. That is the wordproblem can be solved in polynomial time while the G D hX IRi has a hard wordproblem (see Chapter 14 for terminology).

Choose two wordsW0 andW1 which are not equivalent inG0 (and hence not equiv-alent in G). The public key is the presentation hX IRi and the chosen words W0 andW1. To encrypt a single bit 2 ¹0; 1º, pick Wi and transform it into a ciphertext wordW by repeatedly and randomly applying Tietze transformations to the presentationhX IRi. To decrypt a word W , run the algorithm for the word problem of G0 in or-der to decide which of WiW

�1 is equivalent to the empty word for the presentationhX IR [ Si The private key is the set S . Actually, this is not sufficient and Wagnerand Magyarik are not clear on this point. The public key should be a deterministicpolynomial-time algorithm for the word problem of G0 D hX IR [ Si. Just knowingS does not automatically and explicitly give us an efficient algorithm (even if such analgorithm exists).


22.4.1 Free Group Cryptosystems

The simplest example of a nonabelian group based cryptosystem is perhaps a freegroup cryptosystem. This can be described in the following manner.

Consider a free group F on free generators x1; : : : ; xr . Then each element g inF has a unique expression as a word W.x1; : : : ; xr/. Let W1; : : : ; Wk with Wi DWi .x1; : : : ; xr/ be a set of words in the generators x1; : : : ; xr of the free group F .At the most basic level, to construct a cryptosystem, suppose that we have a plaintextalphabet A. For example, suppose that A D ¹a; b; : : :º are the symbols needed toconstruct meaningful messages in English. To encrypt, use a substitution ciphertext

A ! ¹W1; : : : ; Wkº:

That is

a 7! W1; b 7! W2; : : : :

Then given a word W.a; b; : : :/ in the plaintext alphabet form the free group wordW.W1; W2; : : :/. This represents an element g in F . Send out g as the secret message.

In order to implement this scheme we need a concrete representation of g andthen for decryption a way to rewrite g back in terms of W1; : : : ; Wk . This concreterepresentation is the idea behind homomorphic cryptosystems.

The decryption algorithm in a free group cryptosystem then depends on the Reide-meister–Schreier rewriting process. As described in Chapter 14 this is a method torewrite elements of a subgroup of a free group in terms of the generators of that sub-group. Recall that roughly it works as follows. Assume that W1; : : : ; Wk are freegenerators for some subgroup H of a free group F on ¹x1; : : : ; xnº. Each Wi is thena reduced word in the generators ¹x1; : : : ; xnº. A Schreier transversal for H is a set¹h1; : : : ; ht ; : : :º of (left) coset representatives forH in F of a special form (see Chap-ter 14). Any subgroup of a free group has a Schreier transversal. The Reidemeister–Schreier process allows one to construct a set of generators W1; : : : ; Wk for H byusing a Schreier transversal. Further given the Schreier transversal from which the setof generators for H was constructed, the Reidemeister–Schreier rewriting process al-lows us to algorithmically rewrite an element of H . Given such an element expressedas a word W D W.x1; : : : ; xr/ in the generators of F this algorithm rewrites W as aword W ?.W1; : : : ; Wk/ in the generators of H .

The knowledge of a Schreier transversal and the use of Reidemeister–Schreierrewriting facilitates the decoding process in the free group case but is not essen-tial. Given a known set of generators for a subgroup the Stallings Folding Methodto develop a subgroup graph can also be utilized to rewrite in terms of the given gen-erators. The paper by Kapovich and Myasnikov [58] is now a standard reference forthis method in free groups. At present there is an ongoing study of the complexity ofReidemeister–Schreier being done by Baumslag, Brukhov, Fine and Troeger.


Pure free group cryptosystems are subject to various attacks and can be broken eas-ily. However a public key free group cryptosystem using a free group representationin the Modular group was developed by Baumslag, Fine and Xu [46, 47]. The mostsuccessful attacks on free group cryptosystems are called length based attacks. Herean attacker multiplies a word in ciphertext by a generator to get a shorter word whichcould possibly be decoded.

Baumslag, Fine and Xu in [46] described the following general encryption schemeusing free group cryptography. A further enhancement was discussed in the pa-per [47].

We start with a finitely presented group

G D hX jRiwhere X D ¹x1; : : : ; xnº and a faithful representation

� W G ! G:

G can be any one of several different kinds of objects – linear group, permutationgroup, power series ring etc.

We assume that there is an algorithm to re-express an element of �.G/ inG in termsof the generators of G. That is if g D W.x1; : : : ; xn; : : :/ 2 G where W is a word inthe these generators and we are given �.g/ 2 G we can algorithmically find g and itsexpression as the word W.x1; : : : ; xn/.

Once we have G we assume that we have two free subgroups K;H with

H � K � G:

We assume that we have fixed Schreier transversals forK inG and forH inK both ofwhich are held in secret by the communicating parties Bob and Alice. Now based onthe fixed Schreier transversals we have sets of Schreier generators constructed fromthe Reidemeister–Schreier process for K and for H .

k1; : : : ; km; : : : for K

andh1; : : : ; ht ; : : : for H:

Notice that the generators forK will be given as words in x1; : : : ; xn the generatorsof G while the generators for H will be given as words in the generators k1; k2; : : :

for K. We note further that H and K may coincide and that H and K need not ingeneral be free but only have a unique set of normal forms so that the representationof an element in terms of the given Schreier generators is unique.

We will encode within H , or more precisely within �.H/. We assume that thenumber of generators for H is larger than the set of characters within our plaintext


alphabet. Let A D ¹a; b; c; : : :º be our plaintext alphabet. At the simplest level wechoose a starting point i , within the generators of H , and encode

a 7! hi ; b 7! hiC1; : : : etc.

Suppose that Bob wants to communicate the messageW.a; b; c; : : :/ to Alice whereW is a word in the plaintext alphabet. Recall that both Bob and Alice know thevarious Schreier transversals which are kept secret between them. Bob then encodesW.hi ; hiC1; : : :/ and computes in G the element W.�.hi /; �.hiC1/; : : :/ which hesends to Alice. This is sent as a matrix if G is a linear group or as a permutation if Gis a permutation group and so on.

Alice uses the algorithm for G relative to G to rewrite W.�.hi /; �.hiC1/; : : :/ asa word W ?.x1; : : : ; xn/ in the generators of G. She then uses the Schreier transver-sal for K in G to rewrite using the Reidemeister–Schreier process W ? as a wordW ??.k1; : : : ; ks ; : : :/ in the generators of K. Since K is free or has unique normalforms this expression for the element of K is unique. Once she has the word writtenin the generators of K she uses the transversal for H in K to rewrite again, using theReidemeister–Schreier process, in terms of the generators forH . She then has a wordW ???.hi ; hiC1; : : :/ and using hi 7! a; hiC1 7! b; : : : decodes the message.

In actual implementation an additional random noise factor is added.In [46] and [47] an implementation of this process was presented that used for

the base group G the classical modular group M D PSL2.Z/. Further it was apolyalphabetic cipher which was secure.

The system in the modular group M was presented as follows. A list of finitelygenerated free subgroups H1; : : : ;Hm of M is public and presented by their systemsof generators (presented as matrices). In a full practical implementation it is assumedthat m is large. For each Hi we have a Schreier transversal

h1;i ; : : : ; ht.i/;i

and a corresponding ordered set of generators

W1;i ; : : : ; Wm.i/;i

constructed from the Schreier transversal by the Reidemeister–Schreier process. It isassumed that each m.i/ l where l is the size of the plaintext alphabet, that is eachsubgroup has many more generators than the size of the plaintext alphabet. AlthoughBob and Alice know these subgroups in terms of free group generators what is madepublic are generating systems given in terms of matrices.

The subgroups on this list and their corresponding Schreier transversals can be cho-sen in a variety of ways. For example the commutator subgroup of the Modular groupis free of rank 2 and some of the subgroups Hi can be determined from homomorph-isms of this subgroup onto a set of finite groups.


Suppose that Bob wants to send a message to Alice. Bob first chooses three integers.m; q; t/ where

m D choice of the subgroup Hm

q D starting point among the generators of Hm

for the substitution of the plaintext alphabet

t D size of the message unit:

We clarify the meanings of q and t . Once Bob chooses m, to further clarify themeaning of q, he makes the substitution

a 7! Wm;q; b 7! Wm;qC1; : : : :

Again the assumption is that m.i/ l so that starting almost anywhere in the se-quence of generators of Hm will allow this substitution. The message unit size t isthe number of coded letters that Bob will place into each coded integral matrix.

Once Bob has made the choices .m; q; t/ he takes his plaintext messageW.a; b; : : :/and groups blocks of t letters. He then makes the given substitution above to form thecorresponding matrices in the Modular group;

T1; : : : ; Ts :

We now introduce a random noise factor. After forming T1; : : : ; Ts , Bob then mul-tiplies on the right each Ti by a random matrix in M say RTi

(different for eachTi ). The only restriction on this random matrix RTi

is that there is no free cancella-tion in forming the product TiRTi

. This can be easily checked and ensures that thefreely reduced form for TiRTi

is just the concatenation of the expressions for Ti andRTi

. Next he sends Alice the integral key .m; q; t/ by some public key method (RSA,Anshel–Anshel–Goldfeld etc.). He then sends the message as s random matrices

T1RT1; T2RT2

; : : : ; TsRTs:

Hence what is actually being sent out are not elements of the chosen subgroup Hm

but rather elements of random right cosets of Hm in M . The purpose of sendingcoset elements is two-fold. The first is to hinder any geometric attack by maskingthe subgroup. The second is that it makes the resulting words in the modular groupgenerators longer – effectively hindering a brute force attack.

To decode the message Alice first uses public key decryption to obtain the integralkeys .m; q; t/. She then knows the subgroup Hm, the ciphertext substitution fromthe generators of Hm and how many letters t each matrix encodes. She next usesthe algorithms described in Section 14.4 to express each TiRTi

in terms of the freegroup generators of M say WTi

.y1; : : : ; yn/. She has knowledge of the Schreier

Section 22.5 Ko–Lee and Anshel–Anshel–Goldfeld Methods 349

transversal, which is held secretly by Bob and Alice, so now uses the Reidemeister–Schreier rewriting process to start expressing this freely reduced word in terms of thegenerators of Hm. The Reidemeister–Schreier rewriting is done letter by letter fromleft to right (see Chapter 14). Hence when she reaches t of the free generators shestops. Notice that the string that she is rewriting is longer than what she needs torewrite in order to decode as a result of the random polynomial RTi

. This is due tothe fact that she is actually rewriting not an element of the subgroup but an element ina right coset. This presents a further difficulty to an attacker. Since these are randomright cosets it makes it difficult to pick up statistical patterns in the generators even ifmore than one message is intercepted. In practice the subgroups should be changedwith each message.

The initial key .m; q; t/ is changed frequently. Hence as mentioned above thismethod becomes a type of polyalphabetic cipher. Polyalphabetic ciphers have histor-ically been very difficult to decode.

A further variation of this method using a formal power series ring in noncommut-ing variables over a field was described in [43].

There have been many cryptosystems based on the difficulty of solving hard grouptheoretic problems. The book by Myasnikov, Shpilrain and Ushakov [63] describesmany of these in detail.

22.5 Ko–Lee and Anshel–Anshel–Goldfeld Methods

After the initial attempt by Wagner and Magyarik to develop a cryptosystem based ona hard group theoretic problem there have been many developments using nonabeliangroups in cryptography. Among the first were the cryptographic schemes of Anshel,Anshel and Goldfeld [42] and Ko and Lee [59]. Both sets of authors, at about thesame time, proposed using nonabelian groups and combinatorial group theory forpublic key exchange. The security of these systems depended on the difficulty ofsolving certain “hard” group theoretic problems.

The methods of both Anshel–Anshel–Goldfeld and Ko–Lee can be considered asgroup theoretic analogs of the number theory based Diffie–Hellman method. The ba-sic underlying idea is the following. IfG is a group and g; h 2 G we let gh denote theconjugate of g by h, that is gh D h�1gh. The simple observation is that this behaveslike ordinary exponentiation in that .gh1/h2 D gh1h2 . From this straightforward ideaone can exactly mimic the Diffie–Hellman protocol within a nonabelian group.

Both the Anshel–Anshel–Goldfeld protocol and the Ko–Lee protocol start with aplatform group G given by a group presentation. A major assumption in both proto-cols is that the elements of G have nice unique normal forms that are easy to computefor given group elements. However it is further assumed that given normal forms forx; y 2 G the normal form for the product xy does not reveal x or y.


22.5.1 The Ko–Lee Protocol

Ko and Lee [59] developed a public key exchange system that is a direct translationof the Diffie–Hellman protocol to a nonabelian group theoretic setting. Its security isbased on the difficulty of the conjugacy problem. We again assume that the platformgroup has nice unique normal forms that are easy to compute given a group elementbut hard to recover the group element. Recall again that gh means the conjugate of gby h.

In the Ko–Lee protocol, Alice and Bob choose commuting subgroups A and B ofthe platform group G. A is Alice’s subgroup while Bob’s subgroup is B and these aresecret. Now they completely mimic the classical Diffie–Hellman technique. There isa public element g 2 G, Alice chooses a random secret element a 2 A and makespublic ga. Bob chooses a random secret element b 2 B and makes public gb . Thesecret shared key is gab. Notice that ab D ba since the subgroups commute. Itfollows then, that .ga/b D gab D gba D .gb/a just as if these were exponents.Hence both Bob and Alice can determine the common secret. The difficulty is in thedifficulty of the conjugacy problem.

The conjugacy problem for a group G, or more precisely for a group presentationfor G is given g; h 2 G to determine algorithmically if they are conjugates. As withthe conjugator search problem it is known that the conjugacy is undecidable in generalbut there are groups where it is but hard. These groups then become the target platformgroups for the Ko–Lee protocol. As with the Anshel–Anshel–Goldfeld protocol, Koand Lee suggest the use of the braid groups.

As with the standard Diffie–Hellman key exchange protocol using number the-ory the Ko–Lee protocol can be changed to an encryption system via the El-Gamalmethod. Their are several different variants of noncommutative El-Gamal systems.

22.5.2 The Anshel–Anshel–Goldfeld Protocol

We now describe the Anshel–Anshel–Goldfeld public key exchange protocol. LetG be the platform group given by a finite presentation and with the assumptions onnormal forms as described above.

Alice and Bob want to communicate a shared secret. First, Alice and Bob chooserandom finitely generated subgroups of G by giving a set of generators for each.

A D ¹a1; : : : ; anº; B D ¹b1; : : : ; bmºand make them public. The subgroup A is Alice’s subgroup while the subgroup B isBob’s subgroup.

Alice chooses a secret group word a D W.a1; : : : ; an/ in her subgroup while Bobchooses a secret group word b D V.b1; : : : ; bm/ in his subgroup. For an elementg 2 G we let NF.g/ denote the normal form for g. Alice knows her secret word aand knows the generators bi of Bob’s subgroup. She makes public the normal forms

Section 22.6 Platform Groups and Braid Group Cryptography 351

of the conjugatesNF.ba

i /; i D 1; : : : ; m:

Bob knows his secret word b and the generators ai of Alice’s subgroup and makespublic the normal forms of the conjugates

NF.abj /; j D 1; : : : ; n:

The common shared secret is the commutator

Œa; b� D a�1b�1ab D a�1ab D .ba/�1b:

Notice that Alice knows ab since she knows a in terms of generators ai of hersubgroup and she knows the conjugates by b since Bob has made the conjugates ofthe generators of A by b public. Since Alice knows ab she knows Œa; b� D a�1ab.

In an analogous manner Bob knows Œa; b� D .ba/�1b. An attacker would haveto know the corresponding conjugator, that is the element that conjugates each of thegenerators. Given elements g; h in a groupG where it is known that gk D k�1gk D h

the conjugator search problem is to determine the conjugator k. It is known thatthis problem is undecidable in general, that is there are groups where the conjugatorcannot be determined algorithmically. On the other hand there are groups where theconjugator search problem is solvable but “difficult”, that is the complexity of solvingthe conjugator search problem is hard. Such groups become the ideal platform groupsfor the Anshel–Anshel–Goldfeld protocol.

The security in this system is then in the difficulty of the conjugator search problem.Anshel, Anshel and Goldfeld suggested the Braid Groups as potential platforms, usefor example B80 with 12 or more generators in the subgroups. Their suggestion andthat of Ko and Lee led to development of braid group cryptography. There have beenvarious attacks on the Braid group system. However some have been handled bychanging the parameters. In general the ideas remain valid despite the attacks.

The Anshel–Anshel–Goldfeld key exchange can be developed into a cryptosystemagain by the El-Gamal method.

There have been many other public key exchange protocols developed using non-abelian groups. A large number of them are described in the book of Myasnikov,Shpilrain and Ushakov [63]. The authors of that book themselves have developedmany of these methods. They use different “hard” group theoretic decision problemsand many have been broken. On the other hand the security of many of them is stillopen and they perhaps can be used as viable alternatives to commutative methods.

22.6 Platform Groups and Braid Group Cryptography

Given a group based encryption scheme, such as Ko–Lee or Anshel–Anshel–Goldfelda platform group is a groupG in which the encryption is to take place. In general, plat-form groups for the noncommutative protocols that we have discussed require certain


properties. The first is the existence of a normal form for elements in the group. Nor-mal forms provide an effective method of disguising elements. Without this, one candetermine a secret key simply by inspection of group elements. Further ifN.x/;N.y/are the normal forms for x; y respectively then it should difficult to determine N.x/and N.y/ from N.xy/. The existence of a normal form in a group implies that thegroup has solvable word problem, which is essential for these protocols. For purposesof practicality, the group also needs an efficiently computable normal form, whichensures an efficiently solvable word problem.

In addition to the platform group having normal form, ideally, it would also be largeenough so that a brute force search for the secret key is infeasible.

Currently, there are many potential platform groups that have been suggested. Thefollowing are some of the proposals. We refer to [63] for a discussion of many ofthese.

� Braid groups (Ko–Lee, Anshel–Anshel–Goldfeld),

� Thompson Groups (Shpilrain–Ushakov) [65],

� Polycyclic Groups (Eick–Kahrobaei) [54],

� Linear Groups (Baumslag–Fine–Xu) [46, 47],

� Free metabelian Groups (Shpilrain–Zapata) [66],

� Artin Groups (Shpilrain–Zapata) [66],

� Grigorchuk Groups (Petrides) [64],

� Groups of Matrices (Grigoriev–Ponomarenko) [55],

� Surface Braid Groups (Camps) [51].

Most of these are discussed in detail in [63].As platform groups for their respective protocols, both Ko–Lee and Anshel–

Anshel–Goldfeld suggested the braid groups Bn (see [50]). The groups in this classof groups possess the desired properties for the key exchange and key transport proto-cols; they have nice presentations with solvable word problems and conjugacy prob-lems; the solution to the conjugacy and conjugator search problem is “hard”; thereare several possibilities for normal forms for element and they have many choices forlarge commuting subgroups. Initially the braid groups were considered so ideal asplatforms that many other cryptographic applications were framed within the braidgroup setting. These included authentication, that is identifying over a public air-wave that a message received was from the correct sender and digital signature, thatis sending an encrypted message with an included authentication. There was so muchenthusiasm about using these groups that the whole area of study was named braidgroup cryptography. A comprehensive and well-written article by Dehornoy [31] pro-vides a detailed overview of the subject and we refer the reader to that for technicaldetails.


After the initial successes with braid group cryptographic schemes there were somesurprisingly effective attacks. There were essentially three types of attacks; an attackusing solutions to the conjugacy and conjugator search problems, an attack usingheuristic probability within Bn and an attack based on the fact that there are faith-ful linear representations of each Bn (see [31]). What is most surprising is that theAnshel–Anshel–Goldfeld method was susceptible to a length based attack. In theAnshel–Anshel–Goldfeld method the parameters are the specific braid group Bn andthe rank of the secret subgroups for Bob and Alice. A length based attack essentiallybroke the method for the initial parameters suggested by AAG. The parameters werethen made larger and attacks by this method were less successful. However this ledto research on why these attacks on the conjugator search problem within Bn weresuccessful. What was discovered was that generically a random subgroup of Bn is afree group and hence length based attacks are essentially attacks on free group cryp-tography and therefore successful. What this indicated was that although randomnessis important in cryptography in using the braid groups as platforms subgroups cannotbe chosen purely randomly.

Braid groups arise in several different areas of mathematics and have several equiv-alent formulations. We close this chapter and the book with a brief introduction tobraid groups. A complete topological and algebraic description can be found in thebook of Joan Birman [50].

A braid on n strings is obtained by starting with n parallel strings and intertwiningthem. We number the strings at each vertical position and keep track of where eachindividual string begins and ends. We say that two braids are equivalent if it is possibleto move the strings of one of the braids in space without moving the endpoints ormoving through a string and obtain the other braid. A braid with no crossings iscalled a trivial braid. We form a product of braids in the following manner. If u is thefirst braid and v is the second braid then uv is the braid formed by placing the startingpoints for the strings in v at the endpoints of the strings in u. The inverse of a braidis the mirror image in the horizontal plane. It is clear that if we form the product ofa braid and its mirror image we get a braid equivalent to the trivial braid. With thesedefinitions the set of all equivalence classes braids on n strings forms a group Bn. Welet i denote the braid that has a single crossing from string i over string i C 1. Sincea general braid is just a series of crossings it follows that Bn is generated by the set i ;i D 1; : : : ; n � 1.

There is an equivalent algebraic formulation of the braid group Bn. Let Fn be afree on the n generators x1; : : : ; xn with n > 2. Let i , i D 1; : : : ; n � 1 be theautomorphism of Fn given by

i W xi 7! xiC1; xiC1 7! x�1iC1xixiC1

i W xj 7! xj ; j ¤ i; i C 1:


Then each i corresponds precisely to the basic crossings in Bn. Therefore Bn canbe considered as the subgroup of Aut.Fn/ generated by the automorphisms i , Artinproved [28] (see also [24]) that a finite presentation for Bn is given by

Bn D h 1; : : : ; n�1I Œ i ; j � D 1 if ji � j j > 1;xiC1xixiC1 D xixiC1xi ; i D 1; : : : ; n � 1i:

This is now called the Artin presentation. The fact that Bn is contained in Aut.Fn/

provides an elementary solution to the word problem in Bn since one can determineeasily if an automorphism of Fn is trivial on all the generators. We note that al-though the braid groups Bn are linear (the Lawrence-Krammer representation is faith-ful (see [31]) it is known that Aut.Fn/ is not linear (see [34]).

From the commuting relations in the Artin presentation it is clear that each Bn hasthe requisite collection of commuting subgroups.

The conjugacy problem forBn was originally solved by Garside and it was assumedthat it was hard in the complexity sense. Recently there has been significant researchon the complexity of the solution to the conjugacy problem (see [63] and [31]).

There are several possibilities for normal forms for elements of Bn. The two mostcommonly used are the Garside normal form and the Dehornoy handle form. Theseare described in [31] and [63].

For braid group cryptography one must be careful in using more than one normalform in an encryption scheme. The second may expose what the first is hiding andvice versa (see [31]).

We describe first the Dehornoy handle form. Let W be a word in the generators ofthe braid group Bn. An xi -handle is a subword of W of the form

x��i Vx�

i

with � D ˙1 and where the word V does not involve xi . If V does not contain anyxiC1-handles then the xi -handle is called permitted

A braid word W is obtained from a braid word W 0 by a one step handle reductionif some subword of W is a permitted xi -handle x��

i Vx�i and W 0 is obtained from W

by applying the following substitutions for all letters in the xi -handle

x˙1j ! 1 if j D i

x˙1j ! x��

iC1x˙1i x�

iC1 if j D i C 1

x˙1j ! x˙1

j if j < i or j > i C 1:

W can be obtained from W 0 by an m-step handle reduction if W can be obtainedfrom W 0 by a sequence of m one-step handle reductions.

A word is handle free if it has no handles. The handle free braid words providenormal forms for the elements of Bn.


Theorem 22.6.1. Let W be a braid word. Then the following holds:

(1) Any sequence of handle reductions applied to W will eventually stop and pro-duce a handle free braid word V representing the same element as W .

(2) The word W represents the identity in Bn if and only if any sequence of handlereductions applied to W produces the trivial word or equivalently the handlefree form of W is trivial.

The handle free reduction process is very efficient and most of the time works inpolynomial time on the length of the braid word to produce the handle free form.However there is no known theoretical complexity estimate (see [31]).

Garside solved the conjugacy problem using a different type of normal form forBn. Let Sn be the symmetric group on n letters and for each s 2 Sn let s be theshortest positive braid such that �.s/ D s. The elements

S D ¹s W s 2 Snº � Bn

are called simple elements. We order the simple elements so that s < t if thereexists r 2 Sn such that t D sr . This produces a lattice structure on S .

The trivial braid is the smallest element of S while the greatest element of S is thehalf-twist braid

� D .n;n�1;:::;2;1/:

The Garside left normal form of a braid a 2 Bn is a pair .p; .s1; : : : ; st // wherep 2 Z and s1; : : : ; st is a sequence of permutations in Sn n ¹1;�º satisfying for eachi D 1; : : : ; t � 1

1 D gcd.s�1i

�; siC1/

wheregcd.s; t / D max¹r W r < s and r < tº:

A normal form .p; .s1; : : : ; st // represents the element

p�s1

: : : sn:

Theorem 22.6.2. There exists an algorithm which computes the normal form of thecorresponding braid for any braid word W D w.x1; : : : ; xn/.


22.7 Exercises

1. Show that if p; q are primes and e; d are positive integers with .e; .p�1/.q�1// D1 and ed � 1 mod .p � 1/.q � 1/ then aed � a mod pq for any integer a. (Thisis the basis if the decryption function used in the RSA algorithm.

2. The following table gives the approximate statistical frequency of occurrence ofletters in the English language. The passage below is encrypted with a simplepermutation cipher without punctuation. Use a frequency analysis to try to decodeit.

letter frequency letter frequency letter frequencyA :082 B :015 C :028

D :043 E :127 F :022

G :020 H :061 I 070

J :002 K :008 L :040

M :024 N :067 O :075

P :019 Q :001 R :060

S :063 T :091 U :028

V :010 W :023 X :001

Y :020 Z :001

ZKIRNVMFNYVIRHZKLHRGREVRMGVTVIDSR

XSSZHZHGHLMOBKLHRGREVWRERHLIHLMVZ

MWRGHVOUKIRNVMFNYVIHKOZBZXIFXRZOI

LOVRMMFNYVIGSVLIBZMWZIVGSVYZHRHUL

IGHSHVMLGVHGSVIVZIVRMURMRGVOBNZMB

KIRNVHZMWGSVBHVIEVZHYFROWRMTYOLXP

HULIZOOGSVKLHRGREVRMGVTVIH

3. Encrypt the message NO MORE WAR using an affine cipher with single letterskeys a D 7, b D 5.

4. Encrypt the message NO MORE WAR using an affine cipher on 2 vectors of lettersand an encrypting keys

A D�

5 2

1 1

�

; B D .3; 7/:

5. What is the decryption algorithm for the affine cipher given in the last problem.

6. How many different affine enciphering transformations are there on single letterswith an N letter alphabet.

7. Let N 2 N with N � 2 and n ! anC b with .a;N / D 1 is an affine cipher onanN letter alphabet. Show that if any two letters are guessed n1 ! m1, n2 ! m2

with .n1 � n2; N / D 1 then the code can be broken.


8. Let F be a free group of rank 3 with generators x; y; z. Code the English alphabetby a 7! 0, b 7! 1; : : : . Consider the free group cryptosystem given by

i 7! Wi

where Wi D xiyiC1ziC2x�iC1. Code the message EAT AT JOES with this sys-tem.

9. In the Anshel–Anshel–Goldfeld protocol verify that both Bob and Alice will knowthe commutator.

Bibliography

General Abstract Algebra

[1] M. Artin, Algebra, Prentice-Hall. 1991.

[2] C. Curtis and I. Reiner, Representation Theory of Finite Groups and Associative Alge-bras, Wiley Interscience, 1966.

[3] B. Fine and G. Rosenberger, The Fundamental Theorem of Algebra, Springer-Verlag,2000.

[4] J. Fraleigh, A First Course in Abstract Algebra, 7th ed., Addison-Wesley, 2003.

[5] P. R. Halmos, Naive Set Theory, Springer-Verlag, 1998.

[6] I. Herstein, Topics in Algebra, Blaisdell, 1964.

[7] M. Kreuzer and S. Robiano, Computational Commutative Algebra I and II, Springer-Verlag, 1999.

[8] S. Lang, Algebra, Addison-Wesley, 1965.

[9] S. MacLane and G. Birkhoff, Algebra, Macmillan, 1967.

[10] N. McCoy, Introduction to Modern Algebra. Allyn and Bacon, 1960.

[11] N. McCoy, The Theory of Rings, Macmillan, 1964.

[12] G. Stroth, Algebra. Einführung in die Galoistheorie, De Gruyter, 1998.

Group Theory and Related Topics

[13] G. Baumslag, Topics in Combinatorial Group Theory, Birkhäuser, 1993.

[14] O. Bogopolski, Introduction to Group Theory, European Mathematical Society, 2008.

[15] T. Camps, V. große Rebel and G. Rosenberger, Einführung in die kombinatorische unddie geometrische Gruppentheorie, Heldermann Verlag, 2008.

[16] T. Camps, S. Künling and G. Rosenberger, Einführung in die mengenteoretische und diealgebraische Topologie, Heldermann Verlag, 2006.

[17] B. Fine and G. Rosenberger, Algebraic Generalizations of Discrete Groups, MarcelDekker, 2001.

[18] D. Gorenstein, Finite Simple Groups. An Introduction to their Classification, PlenumPress, 1982.

[19] D. Johnson, Presentations of Groups, Cambridge University Press, 1990.

[20] S. Katok, Fuchsian Groups, Univ. of Chicago Press, 1992.

360 Bibliography

[21] G. Kern-Isberner and G. Rosenberger. Normalteiler vom Geschlecht eins in freien Pro-dukten endlicher zyklischer Gruppen, Results in Math., 11, 1987, 272–288.

[22] R. C. Lyndon, Groups and Geometry, LMS Lecture Note Series 101, Cambridge Uni-versity Press, 1985.

[23] R. C. Lyndon and P. Schupp, Combinatorial Group Theory, Springer-Verlag 1977.

[24] W. Magnus, A. Karrass and D. Solitar Combinatorial Group Theory, Wiley, 1966.

[25] D. J. S. Robinson, A Course in the Theory of Groups, Springer-Verlag, 1982.

[26] J. Rotman, Group Theory, 3rd ed., Wm. C. Brown, 1988.

Number Theory

[27] L. Ahlfors, Introduction to Complex Analysis, Springer-Verlag, 1968.

[28] T. M. Apostol, Introduction to Analytic Number Theory, Springer-Verlag, 1976.

[29] A. Baker, Transcendental Number Theory, Cambridge University Press, 1975.

[30] H. Cohn, A Classical Invitation to Algebraic Numbers and Class Fields, Springer-Verlag,1978.

[31] L. E. Dickson, History of the Theory of Numbers, Chelsea, 1950.

[32] B. Fine, A note on the two-square theorem, Can. Math. Bulletin, 20, 1977, 93–94.

[33] B. Fine, Sums of squares rings, Can. J. Math., 29, 1977, 155–160.

[34] B. Fine, The Algebraic Theory of the Bianchi Groups, Marcel Dekker, 1989.

[35] B. Fine and G. Rosenberger, Number Theory: An Introduction via the Distribution ofPrimes, Birkhäuser, 2006.

[36] G. H. Hardy and E. M. Wright, 5th ed., An Introduction to the Theory of Numbers.Clarendon Press, 1979.

[37] E. Landau, Elementary Number Theory, Chelsea, 1958.

[38] M. Newman, Integral Matrics, Academic Press, 1972.

[39] I. Niven and H. S. Zuckerman, The Theory of Numbers, 4th ed., John Wiley, 1980.

[40] O. Ore, Number Theory and its History, McGraw-Hill, 1949.

[41] H. Pollard and H. Diamond The Theory of Algebraic Numbers, Carus MathematicalMonographs, 9, Math. Assoc. of America, 1975.

Bibliography 361

Cryptography

[42] I. Anshel, M. Anshel and D. Goldfeld, An algebraic method for public key cryptography,Math. Res. Lett., 6, 1999, 287–291.

[43] G. Baumslag, Y. Brjukhov, B. Fine and G. Rosenberger, Some cryptoprimitives for non-commutative algebraic cryptography, Aspects of Infinite Groups, World Scientific Press,26–44, 2009.

[44] G. Baumslag, Y. Brjukhov, B. Fine and D. Troeger, Challenge response password secu-rity using combinatorial group theory, Groups Complex. Cryptol., 2, 2010, 67–81.

[45] G. Baumslag, T. Camps, B. Fine, G. Rosenberger and X. Xu, Designing key transportprotocols using combinatorial group theory, Cont. Math. 418, 2006, 35–43.

[46] G. Baumslag, B. Fine and X. Xu, Cryptosystems using linear groups, Appl. Algebra Eng.Commun. Comput. 17, 2006, 205–217.

[47] G. Baumslag, B. Fine and X. Xu, A proposed public key cryptosystem using the modulargroup, Cont. Math. 421, 2007, 35–44.

[48] J. Birman, Braids, Links and Mapping Class Groups, Annals of Math Studies, Vol. 82,Princeton University Press, 1975.

[49] A. V. Borovik, A. G. Myasnikov and V. Shpilrain, Measuring sets in infinite groups,Computational and Statistical Group Theory, Contemp. Math. 298, 2002, 21–42.

[50] J. A. Buchmann, Introduction to Cryptography, Springer 2004.

[51] T. Camps, Surface Braid Groups as Platform Groups and Applications in Cryptography,Ph.D. thesis, Universität Dortmund 2009.

[52] R. E. Crandall and C. Pomerance, Prime Numbers. A Computational Perspective, 2nded., Springer-Verlag, 2005.

[53] P. Dehornoy, Braid-based cryptography, Cont. Math., 360, 2004, 5–34.

[54] B. Eick and D. Kahrobaei, Polycyclic groups: A new platform for cryptology? math.GR/0411077 (2004), 1–7.

[55] D. Grigoriev and I. Ponomarenko, Homomorphic public-key cryptosystems over groupsand rings, Quaderni di Matematica, 2005.

[56] P. Hoffman, Archimedes’ Revenge, W. W. Norton & Company, 1988.

[57] D. Kahrobaei and B. Khan, A non-commutative generalization of the El-Gamal keyexchange using polycyclic groups, Proceeding of IEEE, 2006, 1–5.

[58] I. Kapovich and A. Myasnikov, Stallings foldings and subgroups of free groups, J. Alge-bra 248, 2002, 608–668.

[59] K. H. Ko, S. J. Lee, J. H. Cheon, J. H. Han, J. S. Kang and C. Park, New public-keycryptosystems using Braid groups, Advances in Cryptography, Proceedings of Crypto2000, Lecture Notes in Computer Science 1880, 2000, 166–183.

[60] N. Koblitz, Algebraic Methods of Cryptography, Springer, 1998.

362 Bibliography

[61] W. Magnus, Rational representations of fuchsian groups and non-parabolic subgroupsof the modular group, Nachrichten der Akad. Göttingen, 1973, 179–189.

[62] A. G. Myasnikov, V. Shpilrain and A. Ushakov, A practical attack on some braid groupbased cryptographic protocols, CRYPTO 2005, Lecture Notes in Computer Science3621, 2005, 86–96.

[63] A. G. Myasnikov, V. Shpilrain and A. Ushakov, Group-Based Cryptography, AdvancedCourses in Mathematics, CRM Barcelona, 2007.

[64] G. Petrides, Cryptoanalysis of the public key cryptosystem based on the word problemon the Grigorchuk groups, Cryptography and Coding, Lecture Notes in Computer Sci-ence 2898, 2003, 234–244.

[65] V. Shpilrain and A. Ushakov, The conjugacy search problem in public key cryptography;unnecessary and insufficient, Applicable Algebra in Engineering, Communication andcomputing, 17, 2006 285–289.

[66] V. Shpilrain and A. Zapata, Using the subgroup memberhsip problem in public key cryp-tography, Cont. Math., 418, 2006, 169–179.

[67] R. Steinwandt, Loopholes in two public key cryptosystems using the modular groups,preprint, University of Karlsruhe, 2000.

[68] R. Stinson, Cryptography; Theory and Practice, Chapman and Hall, 2002.

[69] X. Xu, Cryptography and Infinite Group Theory, Ph.D. thesis, CUNY, 2006.

[70] A. Yamamura, Public key cryptosystems using the modular group, Public Key Crypto-graphy, Lecture Notes in Computer Sciences 1431, 1998, 203–216.

Index

Aabelian group, 3, 101abelianization, 176adjoining a root, 92AES, 335affine cipher, 331affine coordinate ring, 319algebraic closure, 74, 91, 95algebraic extension, 69algebraic geometry, 312algebraic integer, 295algebraic number field, 297algebraic numbers, 67, 75algebraic variety, 312algebraically closed, 91, 94alternating group, 166annihilator, 270Anshel–Anshel–Goldfeld protocol, 350associates, 35automorphism, 11axiom of choice, 26axiom of well-ordering, 26

Bbasis theorem for finite abelian

groups, 151, 285Betti number, 287block cipher, 335braid group, 353braid group cryptography, 353

CCardano’s formulas, 256Cayley graph, 211Cayley’s theorem, 127cell complex, 209centralizer, 182characteristic, 15ciphertext, 327class equation, 183combinatorial group theory, 192commutative algebra, 312

commutative ring, 3commutator, 175composition series, 178congruence motion, 123conjugacy class, 181conjugacy problem, 213constructible number, 80construction of a regular n-gon, 84coset, 18, 128cryptanalysis, 326, 327cryptography, 326

public key, 327symmetric key, 327

cryptology, 326cryptosystem, 326cyclic group, 121cyclotomic field, 252

Ddecryption, 327Dedekind domain, 51Dehornoy handle form, 354derived series, 176Diffie–Hellman protocol, 336dihedral groups, 156dimension of an algebraic set, 320discrete log problem, 336divisibility, 29division algorithm, 30doubling the cube, 83Dyck’s theorem, 212

EEisenstein’s criterion, 62El-Gamal protocol, 339elliptic curve methods, 341elliptic function, 320encryption, 327Euclid’s lemma, 21Euclidean algorithm, 32Euclidean domain, 45Euclidean group, 123

364 Index

Euclidean norm, 45extension field, 66

Ffactor group, 19, 144factor ring, 9Feit–Thompson theorem, 189field, 4

extension, 66field extension, 66

algebraic, 69by radicals, 248degree, 67finite, 67finitely generated, 69isomorphic, 67separable, 233simple, 69transcendental, 69

field of fractions, 14finite fields, 236finite integral domains, 6fix field, 220free group, 193

rank, 196free group cryptosystems, 345free modules, 273free product, 214free reduction, 194Frobenius homomorphism, 16Fuchsian group, 201fundamental theorem

of algebra, 105, 261fundamental theorem of arithmetic, 29fundamental theorem of Galois

theory, 221fundamental theorem of modules, 279fundamental theorem of symmetric poly-

nomials, 104

GGalois extension, 233

finite, 220Galois group, 218Galois theory, 217Garside normal form, 355Gauss’ lemma, 58

Gaussian integers, 47Gaussian primes, 49Gaussian rationals, 48general linear group, 123group, 17, 101, 119

abelian, 3, 17, 119center, 181conjugate elements, 181coset, 128cyclic, 134direct product, 150finite, 17, 101, 119finitely generated, 199finitely presented, 199finitely related, 199free abelian, 287free product, 214generating system, 199generators, 127, 199homomorphism, 121internal direct product, 150isomorphism, 121order, 17, 101, 119presentation, 127, 199relations, 127relator, 199simple, 168solvable, 172transversal, 128

group action, 180group based cryptography, 342group isomorphism theorem, 19, 146group presentation, 199group table, 120

Hhash function, 334Hilbert basis theorem, 315Hilbert’s Nullstellensatz, 316homomorphism

group, 17automorphism, 17epimorphism, 17isomorphism, 17monomorphism, 17

ring, 11automorphism, 11

Index 365

endomorphism, 11epimorphism, 11isomorphism, 11monomorphism, 11

Iideal, 7

generators, 27maximal, 24prime, 22product, 23

ideals in Z, 8index of a subgroup, 18insolvability of the quintic, 254integral closure, 300integral domain, 4integral element, 298integral ring extension, 299integrally closed, 300intermediate field, 67irreducible element, 35isometry, 123isomorphism problem, 213

JJordan–Hölder theorem, 178

KK-isomorphism, 91kernel, 19Ko–Lee protocol, 350Kronecker’s theorem, 91Krull dimension, 320Krull’s lemma, 323Kurosh theorem, 215

LLagrange’s theorem, 18local ring, 322

Mmaximal ideal, 24minimal polynomial, 70modular group, 200modular rings, 5modular rings in Z, 11module, 265

NNielsen–Schreier theorem, 197noetherian, 314noncommutative algebraic

cryptography, 343norm, 36normal extension, 116normal forms, 197normal series, 172normal subgroup, 18, 142normalizer, 183

Oone-way function, 336

Pp-group, 157p-Sylow subgroup, 159perfect field, 233permutation, 17, 101permutation cipher, 327permutation group, 126plaintext, 327platform group, 351polynomial, 42, 53

coefficients, 43, 53constant, 43degree, 42, 53irreducible, 44, 54, 55leading coefficient, 43, 53linear, 43, 54prime, 44, 55primitive, 57quadratic, 43, 54separable, 233zero, 42zero of, 55

Prüfer ring, 51prime element, 35prime field, 14prime ideal, 22prime ring, 15primitive element theorem, 245principal ideal, 8, 27principal ideal domain, 27public key cryptosystem, 336purely transcendental, 305

366 Index

Qquotient group, 19, 144quotient ring, 9

RR-algebra, 298R-module, 265

cyclic, 267direct product, 271factor module, 268faithful, 271free, 273generators, 268quotient module, 268torsion element, 270unitary, 266

radical, 314nil, 314

rational integers, 49rational primes, 49Reidemeister–Schreier process, 207ring, 2

commutative, 3finite, 3prime, 15trivial, 3with identity, 3

ring extension, 298ring isomorphism theorem, 12ring of polynomials, 54RSA algorithm, 337

Sseparable field extension, 233separable hull, 241separable polynomial, 233simple extension, 69simple group, 168simplicial complex, 209solvability by radicals, 248solvable group, 172solvable series, 172special linear group, 123splitting field, 100, 113squaring the circle, 83stabilizer, 126, 181stream cipher, 335

subfield, 6subgroup, 18, 101, 120

commutator, 175conjugate, 141cyclic, 121derived, 175index, 129normal, 142

subring, 6Sylow theorems, 160, 183symmetric group, 17, 101, 161symmetric polynomials, 104symmetry, 124

Ttranscendence basis, 303transcendence degree, 305, 319transcendental extension, 69transcendental numbers, 67, 75transitive action, 180transposition, 164trapdoor function, 336trisecting an angle, 83

UUFD, 38unique factorization domain, 38unit, 4, 35unit group, 35

Vvector space, 66

WWagner–Magyarik system, 344word, 194

cyclically reduced, 197length, 194reduced, 194trivial, 194

word problem, 213

Zzero divisor, 4Zorn’s lemma, 26

Abstract.algebra 2011 Rosenberger Fine Carstensen

Documents

Transcript of Abstract.algebra 2011 Rosenberger Fine Carstensen