Abstract Algebra-Applications To Galois Theory Algebraic Geometry & Cryptography-Carstensen Fine & Rosenberger

De Gruyter Graduate
Celine Carstensen
Benjamin Fine
Gerhard Rosenberger
Abstract Algebra
Applications to Galois Theory,
Algebraic Geometry and Cryptography
De Gruyter
Mathematics Subject Classification 2010: Primary: 12-01, 13-01, 16-01, 20-01; Secondary: 01-01,
08-01, 11-01, 14-01, 94-01.
This book is Volume 11 of the Sigma Series in Pure Mathematics, Heldermann Verlag.
ISBN 978-3-11-025008-4
e-ISBN 978-3-11-025009-1
Library of Congress Cataloging-in-Publication Data
Carstensen, Celine.
Abstract algebra : applications to Galois theory, algebraic geometry, and cryptography / by Celine Carstensen, Benjamin Fine,
and Gerhard Rosenberger.
p. cm. (Sigma series in pure mathematics ; 11)
Includes bibliographical references and index.
ISBN 978-3-11-025008-4 (alk. paper)
1. Algebra, Abstract. 2. Galois theory. 3. Geometry, Algebraic.
4. Crytography. I. Fine, Benjamin, 1948 II. Rosenberger, Gerhard. III. Title.
QA162.C375 2011
5151.02dc22
2010038153
Bibliographic information published by the Deutsche Nationalbibliothek

The Deutsche Nationalbibliothek lists this publication in the Deutsche Nationalbibliografie;
detailed bibliographic data are available in the Internet at http://dnb.d-nb.de.
2011 Walter de Gruyter GmbH & Co. KG, Berlin/New York
Typesetting: Da-TeX Gerd Blumenstein, Leipzig, www.da-tex.de
Printing and binding: AZ Druck und Datentechnik GmbH, Kempten
Printed on acid-free paper
Printed in Germany
www.degruyter.com
Preface
Traditionally, mathematics has been separated into three main areas; algebra, analysis
and geometry. Of course there is a great deal of overlap between these areas. For
example, topology, which is geometric in nature, owes its origins and problems as
much to analysis as to geometry. Further the basic techniques in studying topology
are predominantly algebraic. In general, algebraic methods and symbolism pervade
all of mathematics and it is essential for anyone learning any advanced mathematics
to be familiar with the concepts and methods in abstract algebra.
This is an introductory text on abstract algebra. It grew out of courses given to
advanced undergraduates and beginning graduate students in the United States and
to mathematics students and teachers in Germany. We assume that the students are
familiar with Calculus and with some linear algebra, primarily matrix algebra and the
basic concepts of vector spaces, bases and dimensions. All other necessary material
is introduced and explained in the book. We assume however that the students have
some, but not a great deal, of mathematical sophistication. Our experience is that the
material in this can be completed in a full years course. We presented the material
sequentially so that polynomials and eld extensions preceded an in depth look at
group theory. We feel that a student who goes through the material in these notes will
attain a solid background in abstract algebra and be able to move on to more advanced
topics.
The centerpiece of these notes is the development of Galois theory and its important
applications, especially the insolvability of the quintic. After introducing the basic algebraic structures, groups, rings and elds, we begin the theory of polynomials and
polynomial equations over elds. We then develop the main ideas of eld extensions
and adjoining elements to elds. After this we present the necessary material from
group theory needed to complete both the insolvability of the quintic and solvability
by radicals in general. Hence the middle part of the book, Chapters 9 through 14 are
concerned with group theory including permutation groups, solvable groups, abelian
groups and group actions. Chapter 14 is somewhat off to the side of the main theme
of the book. Here we give a brief introduction to free groups, group presentations
and combinatorial group theory. With the group theory material in hand we return
to Galois theory and study general normal and separable extensions and the fundamental theorem of Galois theory. Using this we present several major applications
of the theory including solvability by radicals and the insolvability of the quintic, the
fundamental theorem of algebra, the construction of regular n-gons and the famous
impossibilities; squaring the circling, doubling the cube and trisecting an angle. We
vi
Preface
nish in a slightly different direction giving an introduction to algebraic and group

based cryptography.
October 2010
Celine Carstensen
Benjamin Fine
Gerhard Rosenberger
Contents
Preface
1 Groups, Rings and Fields
1.1 Abstract Algebra . . . . . . . . . . . .
1.2 Rings . . . . . . . . . . . . . . . . . .
1.3 Integral Domains and Fields . . . . . .
1.4 Subrings and Ideals . . . . . . . . . . .
1.5 Factor Rings and Ring Homomorphisms
1.6 Fields of Fractions . . . . . . . . . . .
1.7 Characteristic and Prime Rings . . . . .
1.8 Groups . . . . . . . . . . . . . . . . . .
1.9 Exercises . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
1
1
2
4
6
9
13
14
17
19
2 Maximal and Prime Ideals

2.1 Maximal and Prime Ideals . . . . . . . . . .
2.2 Prime Ideals and Integral Domains . . . . . .
2.3 Maximal Ideals and Fields . . . . . . . . . .
2.4 The Existence of Maximal Ideals . . . . . . .
2.5 Principal Ideals and Principal Ideal Domains .
2.6 Exercises . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
21
21
22
24
25
27
28
.
.
.
.
.
.
.
29
29
35
38
41
45
51
51
.
.
.
.
.
53
53
55
57
58
65
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
3 Prime Elements and Unique Factorization Domains

3.1 The Fundamental Theorem of Arithmetic . . . .
3.2 Prime Elements, Units and Irreducibles . . . . .
3.3 Unique Factorization Domains . . . . . . . . . .
3.4 Principal Ideal Domains and Unique Factorization
3.5 Euclidean Domains . . . . . . . . . . . . . . . .
3.6 Overview of Integral Domains . . . . . . . . . .
3.7 Exercises . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
4 Polynomials and Polynomial Rings

4.1 Polynomials and Polynomial Rings . . . . . . . . . . .
4.2 Polynomial Rings over Fields . . . . . . . . . . . . . .
4.3 Polynomial Rings over Integral Domains . . . . . . . .
4.4 Polynomial Rings over Unique Factorization Domains
4.5 Exercises . . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
viii
5
Contents
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
66
66
69
70
74
75
78
6 Field Extensions and Compass and Straightedge Constructions

6.1 Geometric Constructions . . . . . . . . . . . . . . . . . . .
6.2 Constructible Numbers and Field Extensions . . . . . . . . .
6.3 Four Classical Construction Problems . . . . . . . . . . . .
6.3.1 Squaring the Circle . . . . . . . . . . . . . . . . . .
6.3.2 The Doubling of the Cube . . . . . . . . . . . . . .
6.3.3 The Trisection of an Angle . . . . . . . . . . . . . .
6.3.4 Construction of a Regular n-Gon . . . . . . . . . . .
6.4 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
80
80
80
83
83
83
83
84
89
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
91
91
94
100
100
101
105
109
111
8 Splitting Fields and Normal Extensions

8.1 Splitting Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.2 Normal Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . .
8.3 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
113
113
115
118
9 Groups, Subgroups and Examples

9.1 Groups, Subgroups and Isomorphisms
9.2 Examples of Groups . . . . . . . . .
9.3 Permutation Groups . . . . . . . . . .
9.4 Cosets and Lagranges Theorem . . .
9.5 Generators and Cyclic Groups . . . .
9.6 Exercises . . . . . . . . . . . . . . .
119
119
121
125
128
133
139
Field Extensions
5.1 Extension Fields and Finite Extensions . . . .
5.2 Finite and Algebraic Extensions . . . . . . .
5.3 Minimal Polynomials and Simple Extensions
5.4 Algebraic Closures . . . . . . . . . . . . . .
5.5 Algebraic and Transcendental Numbers . . .
5.6 Exercises . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Kroneckers Theorem and Algebraic Closures

7.1 Kroneckers Theorem . . . . . . . . . . . . . . . . . .
7.2 Algebraic Closures and Algebraically Closed Fields . .
7.3 The Fundamental Theorem of Algebra . . . . . . . . .
7.3.1 Splitting Fields . . . . . . . . . . . . . . . . .
7.3.2 Permutations and Symmetric Polynomials . . .
7.4 The Fundamental Theorem of Algebra . . . . . . . . .
7.5 The Fundamental Theorem of Symmetric Polynomials
7.6 Exercises . . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
ix
Contents
10 Normal Subgroups, Factor Groups and Direct Products

10.1 Normal Subgroups and Factor Groups . . . . . . . .
10.2 The Group Isomorphism Theorems . . . . . . . . . .
10.3 Direct Products of Groups . . . . . . . . . . . . . .
10.4 Finite Abelian Groups . . . . . . . . . . . . . . . . .
10.5 Some Properties of Finite Groups . . . . . . . . . . .
10.6 Exercises . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
141
141
146
149
151
156
160
11 Symmetric and Alternating Groups

11.1 Symmetric Groups and Cycle Decomposition
11.2 Parity and the Alternating Groups . . . . . .
11.3 Conjugation in Sn . . . . . . . . . . . . . . .
11.4 The Simplicity of An . . . . . . . . . . . . .
11.5 Exercises . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
161
161
164
167
168
170
.
.
.
.
.
171
171
172
175
177
179
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
12 Solvable Groups
12.1 Solvability and Solvable Groups . . . . . . . . . . .
12.2 Solvable Groups . . . . . . . . . . . . . . . . . . . .
12.3 The Derived Series . . . . . . . . . . . . . . . . . .
12.4 Composition Series and the JordanHlder Theorem
12.5 Exercises . . . . . . . . . . . . . . . . . . . . . . .
13 Groups Actions and the Sylow Theorems
13.1 Group Actions . . . . . . . . . . . . . . . .
13.2 Conjugacy Classes and the Class Equation .
13.3 The Sylow Theorems . . . . . . . . . . . .
13.4 Some Applications of the Sylow Theorems
13.5 Exercises . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
180
180
181
183
187
191
14 Free Groups and Group Presentations

14.1 Group Presentations and Combinatorial Group Theory
14.2 Free Groups . . . . . . . . . . . . . . . . . . . . . . .
14.3 Group Presentations . . . . . . . . . . . . . . . . . . .
14.3.1 The Modular Group . . . . . . . . . . . . . .
14.4 Presentations of Subgroups . . . . . . . . . . . . . . .
14.5 Geometric Interpretation . . . . . . . . . . . . . . . .
14.6 Presentations of Factor Groups . . . . . . . . . . . . .
14.7 Group Presentations and Decision Problems . . . . . .
14.8 Group Amalgams: Free Products and Direct Products .
14.9 Exercises . . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
192
192
193
198
200
207
209
212
213
214
216
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Contents
15 Finite Galois Extensions

15.1 Galois Theory and the Solvability of Polynomial Equations
15.2 Automorphism Groups of Field Extensions . . . . . . . .
15.3 Finite Galois Extensions . . . . . . . . . . . . . . . . . .
15.4 The Fundamental Theorem of Galois Theory . . . . . . .
15.5 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
217
217
218
220
221
231
16 Separable Field Extensions

16.1 Separability of Fields and Polynomials
16.2 Perfect Fields . . . . . . . . . . . . .
16.3 Finite Fields . . . . . . . . . . . . . .
16.4 Separable Extensions . . . . . . . . .
16.5 Separability and Galois Extensions . .
16.6 The Primitive Element Theorem . . .
16.7 Exercises . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
233
233
234
236
238
241
245
247
17 Applications of Galois Theory

17.1 Applications of Galois Theory . . . .
17.2 Field Extensions by Radicals . . . . .
17.3 Cyclotomic Extensions . . . . . . . .
17.4 Solvability and Galois Extensions . .
17.5 The Insolvability of the Quintic . . . .
17.6 Constructibility of Regular n-Gons . .
17.7 The Fundamental Theorem of Algebra
17.8 Exercises . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
248
248
248
252
253
254
259
261
263
18 The Theory of Modules

18.1 Modules Over Rings . . . . . . . . . . . . . . . . . . . .
18.2 Annihilators and Torsion . . . . . . . . . . . . . . . . . .
18.3 Direct Products and Direct Sums of Modules . . . . . . .
18.4 Free Modules . . . . . . . . . . . . . . . . . . . . . . . .
18.5 Modules over Principal Ideal Domains . . . . . . . . . . .
18.6 The Fundamental Theorem for Finitely Generated Modules
18.7 Exercises . . . . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
265
265
270
271
273
276
279
283
.
.
.
.
285
285
286
288
294
19 Finitely Generated Abelian Groups

19.1 Finite Abelian Groups . . . . . . . . . . . . . . . . .
19.2 The Fundamental Theorem: p-Primary Components
19.3 The Fundamental Theorem: Elementary Divisors . .
19.4 Exercises . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
xi
Contents
20 Integral and Transcendental Extensions

20.1 The Ring of Algebraic Integers . . .
20.2 Integral ring extensions . . . . . . .
20.3 Transcendental eld extensions . . .
20.4 The transcendence of e and . . . .
20.5 Exercises . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
295
295
298
302
307
310
21 The Hilbert Basis Theorem and the Nullstellensatz

21.1 Algebraic Geometry . . . . . . . . . . . . . . . . . . .
21.2 Algebraic Varieties and Radicals . . . . . . . . . . . .
21.3 The Hilbert Basis Theorem . . . . . . . . . . . . . . .
21.4 The Hilbert Nullstellensatz . . . . . . . . . . . . . . .
21.5 Applications and Consequences of Hilberts Theorems
21.6 Dimensions . . . . . . . . . . . . . . . . . . . . . . .
21.7 Exercises . . . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
312
312
312
314
315
317
320
325
22 Algebraic Cryptography
22.1 Basic Cryptography . . . . . . . . . . . . . . . . .
22.2 Encryption and Number Theory . . . . . . . . . .
22.3 Public Key Cryptography . . . . . . . . . . . . . .
22.3.1 The DifeHellman Protocol . . . . . . . .
22.3.2 The RSA Algorithm . . . . . . . . . . . .
22.3.3 The El-Gamal Protocol . . . . . . . . . . .
22.3.4 Elliptic Curves and Elliptic Curve Methods
22.4 Noncommutative Group based Cryptography . . .
22.4.1 Free Group Cryptosystems . . . . . . . . .
22.5 KoLee and AnshelAnshelGoldfeld Methods . .
22.5.1 The KoLee Protocol . . . . . . . . . . . .
22.5.2 The AnshelAnshelGoldfeld Protocol . .
22.6 Platform Groups and Braid Group Cryptography .
22.7 Exercises . . . . . . . . . . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
326
326
331
335
336
337
339
341
342
345
349
350
350
351
356
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Bibliography
359
Index
363
Chapter 1
Groups, Rings and Fields
1.1
Abstract Algebra
Abstract algebra or modern algebra can be best described as the theory of algebraic
structures. Briey, an algebraic structure is a set S together with one or more binary
operations on it satisfying axioms governing the operations. There are many algebraic structures but the most commonly studied structures are groups, rings, elds
and vector spaces. Also widely used are modules and algebras. In this rst chapter
we will look at some basic preliminaries concerning groups, rings and elds. We will
only briey touch on groups here, a more extensive treatment will be done later in the
book.
Mathematics traditionally has been subdivided into three main areas analysis,
algebra and geometry. These areas overlap in many places so that it is often difcult
to determine whether a topic is one in geometry say or in analysis. Algebra and
algebraic methods permeate all these disciplines and most of mathematics has been
algebraicized that is uses the methods and language of algebra. Groups, rings and
elds play a major role in the modern study of analysis, topology, geometry and even
applied mathematics. We will see these connections in examples throughout the book.
Abstract algebra has its origins in two main areas and questions that arose in these
areas the theory of numbers and the theory of equations. The theory of numbers
deals with the properties of the basic number systems integers, rationals and reals
while the theory of equations, as the name indicates, deals with solving equations, in
particular polynomial equations. Both are subjects that date back to classical times.
A whole section of Euclids elements is dedicated to number theory. The foundations
for the modern study of number theory were laid by Fermat in the 1600s and then by
Gauss in the 1800s. In an attempt to prove Fermats big theorem Gauss introduced
the complex integers a C bi where a and b are integers and showed that this set has
unique factorization. These ideas were extended by Dedekind and Kronecker who
developed a wide ranging theory of algebraic number elds and algebraic integers.
A large portion of the terminology used in abstract algebra, rings, ideals, factorization
comes from the study of algebraic number elds. This has evolved into the modern
discipline of algebraic number theory.
The second origin of modern abstract algebra was the problem of trying to determine a formula for nding the solutions in terms of radicals of a fth degree polynomial. It was proved rst by Rufni in 1800 and then by Abel that it is impossible
to nd a formula in terms of radicals for such a solution. Galois in 1820 extended
Chapter 1 Groups, Rings and Fields
this and showed that such a formula is impossible for any degree ve or greater. In
proving this he laid the groundwork for much of the development of modern abstract
algebra especially eld theory and nite group theory. Earlier, in 1800, Gauss proved
the fundamental theorem of algebra which says that any nonconstant complex polynomial equation must have a solution. One of the goals of this book is to present a
comprehensive treatment of Galois theory and a proof of the results mentioned above.
The locus of real points .x; y/ which satisfy a polynomial equation f .x; y/ D 0 is
called an algebraic plane curve. Algebraic geometry deals with the study of algebraic
plane curves and extensions to loci in a higher number of variables. Algebraic geometry is intricately tied to abstract algebra and especially commutative algebra. We will
touch on this in the book also.
Finally linear algebra, although a part of abstract algebra, arose in a somewhat
different context. Historically it grew out of the study of solution sets of systems of
linear equations and the study of the geometry of real n-dimensional spaces. It began
to be developed formally in the early 1800s with work of Jordan and Gauss and then
later in the century by Cayley, Hamilton and Sylvester.
1.2
Rings
The primary motivating examples for algebraic structures are the basic number systems; the integers Z, the rational numbers Q, the real numbers R and the complex
numbers C. Each of these has two basic operations, addition and multiplication and
form what is called a ring. We formally dene this.
Denition 1.2.1. A ring is a set R with two binary operations dened on it, addition,
denoted by C, and multiplication, denoted by , or just by juxtaposition, satisfying
the following six axioms:
(1) Addition is commutative: a C b D b C a for each pair a; b in R.
(2) Addition is associative: a C .b C c/ D .a C b/ C c for a; b; c 2 R.
(3) There exists an additive identity, denoted by 0, such that a C 0 D a for each
a 2 R.
(4) For each a 2 R there exists an additive inverse, denoted by a, such that a C
.a/ D 0.
(5) Multiplication is associative: a.bc/ D .ab/c for a; b; c 2 R.
(6) Multiplication is left and right distributive over addition: a.b C c/ D ab C ac
and .b C c/a D ba C ca for a; b; c 2 R.
Section 1.2 Rings
If in addition
(7) Multiplication is commutative: ab D ba for each pair a; b in R.
then R is a commutative ring.
Further if
(8) There exists a multiplicative identity denoted by 1 such that a 1 D a and 1 a D
a for each a in R.
then R is a ring with identity.
If R satises (1) through (8) then R is a commutative ring with an identity.
A set G with one operation, C, on it satisfying axioms (1) through (4) is called an
abelian group. We will discuss these further later in the chapter.
The numbers systems Z; Q; R; C are all commutative rings with identity.
A ring R with only one element is called trivial. A ring R with identity is trivial if
and only if 0 D 1.
A nite ring is a ring R with only nitely many elements in it. Otherwise R is
an innite ring. Z; Q; R; C are all innite rings. Examples of nite rings are given
by the integers modulo n, Zn , with n > 1. The ring Zn consists of the elements
0; 1; 2; : : : ; n1 with addition and multiplication done modulo n. That is, for example
4 3 D 12 D 2 modulo 5. Hence in Z5 we have 4 3 D 2. The rings Zn are all nite
commutative rings with identity.
To give examples of rings without an identity consider the set nZ D nz W z 2
Z consisting of all multiples of the xed integer n. It is an easy verication (see
exercises) that this forms a ring under the same addition and multiplication as in Z
but that there is no identity for multiplication. Hence for each n 2 Z with n > 1 we
get an innite commutative ring without an identity.
To obtain examples of noncommutative rings we consider matrices. Let M2 .Z/ be
the set of 2 2 matrices with integral entries. Addition of matrices is done componentwise, that is

a2 b2
a1 C a2 b1 C b2
a1 b1
C
D
c1 d1
c2 d2
c1 C c2 d1 C d2
while multiplication is matrix multiplication
a 1 b1
c1 d1

a2 b2
a a C b1 c2 a1 b2 C b1 d2

D 1 2
:
c2 d 2
c1 a2 C d1 c2 c1 b2 C d1 d2
Then again it is an easy verication (see exercises) that M2 .Z/ forms a ring. Further since matrix multiplication is noncommutative this forms a noncommutative ring.
However the identity matrix does form a multiplicative identity for it. M2 .nZ/ with
n > 1 provides an example of an innite noncommutative ring without an identity.
Finally M2 .Zn / for n > 1 will give an example of a nite noncommutative ring.
1.3
Integral Domains and Fields
Our basic number systems have the property that if ab D 0 then either a D 0 or b D 0.
However this is not necessarily true in the modular rings. For example 2 3 D 0 in Z6 .
Denition 1.3.1. A zero divisor in a ring R is an element a 2 R with a 0 such
that there exists an element b 0 with ab D 0. A commutative ring with an identity
1 0 and with no zero divisors is called an integral domain. Notice that having no
zero divisors is equivalent to the fact that if ab D 0 in R then either a D 0 or b D 0.
Hence Z; Q; R; C are all integral domains but from the example above Z6 is not.
In general we have the following.
Theorem 1.3.2. Zn is an integral domain if and only if n is a prime.
Proof. First of all notice that under multiplication modulo n an element m is 0 if and
only if n divides m. We will make this precise shortly. Recall further Euclids lemma
which says that if a prime p divides a product ab then p divides a or p divides b.
Now suppose that n is a prime and ab D 0 in Zn . Then n divides ab. From Euclids
lemma it follows that n divides a or n divides b. In the rst case a D 0 in Zn while
in the second b D 0 in Zn . It follows that there are no zero divisors in Zn and since
Zn is a commutative ring with an identity it is an integral domain.
Conversely suppose Zn is an integral domain. Suppose that n is not prime. Then
n D ab with 1 < a < n, 1 < b < n. It follows that ab D 0 in Zn with neither a nor
b being zero. Therefore they are zero divisors which is a contradiction. Hence n must
be prime.
In Q every nonzero element has a multiplicative inverse. This is not true in Z where
only the elements 1; 1 have multiplicative inverses within Z.
Denition 1.3.3. A unit in a ring R with identity is an element a which has a multiplicative inverse, that is an element b such that ab D ba D 1. If a is a unit in R we
denote its inverse by a1 .
Hence every nonzero element of Q and of R and of C is a unit but in Z the only
units are 1. In M2 .R/ the units are precisely those matrices that have nonzero determinant while in M2 .Z/ the units are those integral matrices that have determinant 1.
Denition 1.3.4. A eld F is a commutative ring with an identity 1 0 where every
nonzero element is a unit.
The rationals Q, the reals R and the complexes C are all elds. If we relax the commutativity requirement and just require that in the ring R with identity each nonzero
element is a unit then we get a skew eld or division ring.
Section 1.3 Integral Domains and Fields
Lemma 1.3.5. If F is a eld then F is an integral domain.

Proof. Since a eld F is already a commutative ring with an identity we must only
show that there are no zero divisors in F .
Suppose that ab D 0 with a 0. Since F is a eld and a is nonzero it has an
inverse a1 . Hence
a1 .ab/ D a1 0 D 0 H) .a1 a/b D 0 H) b D 0:
Therefore F has no zero divisors and must be an integral domain.
Recall that Zn was an integral domain only when n was a prime. This turns out to
also be necessary and sufcient for Zn to be a eld.
Theorem 1.3.6. Zn is a eld if and only if n is a prime.
Proof. First suppose that Zn is a eld. Then from Lemma 1.3.5 it is an integral
domain, so from Theorem 1.3.2 n must be a prime.
Conversely suppose that n is a prime. We must show that Zn is a eld. Since we
already know that Zn is an integral domain we must only show that each nonzero
element of Zn is a unit. Here we need some elementary facts from number theory. If
a; b are integers we use the notation ajb to indicate that a divides b.
Recall that given nonzero integers a; b their greatest common divisor or GCD d > 0
is a positive integer which is a common divisor, that is d ja and d jb, and if d1 is any
other common divisor then d1 jd . We denote the greatest common divisor of a; b by
either gcd.a; b/ or .a; b/. It can be proved that given nonzero integers a; b their GCD
exists, is unique and can be characterized as the least positive linear combination of
a and b. If the GCD of a and b is 1 then we say that a and b are relatively prime or
coprime. This is equivalent to being able to express 1 as a linear combination of a
and b.
Now let a 2 Zn with n prime and a 0. Since a 0 we have that n does not
divide a. Since n is prime it follows that a and n must be relatively prime, .a; n/ D 1.
From the number theoretic remarks above we then have that there exist x; y with
ax C ny D 1:
However in Zn the element ny D 0 and so in Zn we have
ax D 1:
Therefore a has a multiplicative inverse in Zn and is hence a unit. Since a was an

arbitrary nonzero element we conclude that Zn is a eld.
The theorem above is actually a special case of a more general result from which
Theorem 1.3.6 could also be obtained.
Theorem 1.3.7. Each nite integral domain is a eld.
Proof. Let F be a nite integral domain. We must show that F is a eld. It is clearly
sufcient to show that each nonzero element of F is a unit. Let
0; 1; r1 ; : : : ; rn
be the elements of F . Let ri be a xed nonzero element and multiply each element of
F by ri on the left. Now
if ri rj D ri rk then ri .rj rk / D 0:
Since ri 0 it follows that rj rk D 0 or rj D rk . Therefore all the products ri rj
are distinct. Hence
R D 0; 1; r1 ; : : : ; rn D ri R D 0; ri ; ri r1 ; : : : ; ri rn :
Hence the identity element 1 must be in the right-hand list, that is there is an rj such
that ri rj D 1. Therefore ri has a multiplicative inverse and is hence a unit. Therefore
F is a eld.
1.4
Subrings and Ideals
A very important concept in algebra is that of a substructure that is a subset having

the same structure as the superset.
Denition 1.4.1. A subring of a ring R is a nonempty subset S that is also a ring
under the same operations as R. If R is a eld and S also a eld then its a subeld.
If S R then S satises the same basic axioms, associativity and commutativity
of addition for example. Therefore S will be a subring if it is nonempty and closed
under the operations, that is closed under addition, multiplication and taking additive
inverses.
Lemma 1.4.2. A subset S of a ring R is a subring if and only if S is nonempty and
whenever a; b 2 S we have a C b 2 S , a b 2 S and ab 2 S.
Section 1.4 Subrings and Ideals
Example 1.4.3. Show that if n > 1 the set nZ is a subring of Z. Here clearly nZ is
nonempty. Suppose a D nz1 ; b D nz2 are two element of nZ. Then
a C b D nz1 C nz2 D n.z1 C z2 / 2 nZ
a b D nz1 nz2 D n.z1 z2 / 2 nZ
ab D nz1 nz2 D n.nz1 z2 / 2 nZ:
Therefore nZ is a subring.
Example 1.4.4. Show that the set of real numbers of the form
p
S D u C v 2 W u; v 2 Q
is a subring of
p
p
p R.
Here 1 C 2 2 S , so S is nonempty. Suppose a D u1 C v1 2, b D u2 C v2 2
are two element of S. Then
p
p
p
a C b D .u1 C v1 2/ C .u2 C v2 2/ D u1 C u2 C .v1 C v2 / 2 2 S
p
p
p
a b D .u1 C v1 2/ .u2 C v2 2/ D u1 u2 C .v1 v2 / 2 2 S
p
p
p
a b D .u1 C v1 2/ .u2 C v2 2/ D .u1 u2 C 2v1 v2 / C .u1 v2 C v1 u2 / 2 2 S:
Therefore S is a subring.
We will see this example later as an algebraic number eld.
In the following we are especially interested in special types of subrings called
ideals.
Denition 1.4.5. Let R be a ring and I R. Then I is a (two-sided) ideal if the
following properties holds:
(1) I is nonempty.
(2) If a; b 2 I then a b 2 I .
(3) If a 2 I and r is any element of R then ra 2 I and ar 2 I .
We denote the fact that I forms an ideal in R by I G R.
Notice that if a; b 2 I , then from (3) we have ab 2 I and ba 2 I . Hence I forms a
subring, that is each ideal is also a subring. 0 and the whole ring R are trivial ideals
of R.
If we assume that in (3) only ra 2 I then I is called a left ideal. Analogously we
dene a right ideal.
Lemma 1.4.6. Let R be a commutative ring and a 2 R. Then the set

hai D aR D ar W r 2 R
is an ideal of R.
This ideal is called the principal ideal generated by a.
Proof. We must verify the three properties of the denition. Since a 2 R we have
that aR is nonempty. If u D ar1 ; v D ar2 are two elements of aR then
u v D ar1 ar2 D a.r1 r2 / 2 aR
so (2) is satised.
Finally let u D ar1 2 aR and r 2 R. Then
ru D rar1 D a.rr1 / 2 aR
and
ur D ar1 r D a.r1 r/ 2 aR:
Recall that a 2 hai if R has an identity.

Notice that if n 2 Z then the principal ideal generated by n is precisely the ring
nZ, that we have already examined. Hence for each n > 1 the subring nZ is actually
an ideal. We can show more.
Theorem 1.4.7. Any subring of Z is of the form nZ for some n. Hence each subring
of Z is actually a principal ideal.
Proof. Let S be a subring of Z. If S D 0 then S D 0Z so we may assume that
S has nonzero elements. Since S is a subring if it has nonzero elements it must have
positive elements (since it has the additive inverse of any element in it).
Let S C be the set of positive elements in S . From the remarks above this is a
nonempty set and so there must be a least positive element n. We claim that S D nZ.
Let m be a positive element in S . By the division algorithm
m D q n C r;
where either r D 0 or 0 < r < n. Suppose that r 0. Then
r D m q n:
Now m 2 S and n 2 S . Since S is a subring it is closed under addition so that
q n 2 S . But S is a subring so m q n 2 S. It follows that r 2 S. But this is
a contradiction since n was the least positive element in S. Therefore r D 0 and
m D q n. Hence each positive element in S is a multiple of n.
Now let m be a negative element of S . Then m 2 S and m is positive. Hence
m D q n and thus m D .q/n. Therefore every element of S is a multiple of n and
so S D nZ.
It follows that every subring of Z is of this form and therefore every subring of Z
is an ideal.
Section 1.5 Factor Rings and Ring Homomorphisms
We mention that this is true in Z but not always true. For example Z is a subring of
Q but not an ideal.
An extension of the proof of Lemma 1.4.2 gives the following. We leave the proof
as an exercise.
Lemma 1.4.8. Let R be a commutative ring and a1 ; : : : ; an 2 R be a nite set of
elements in R. Then the set
ha1 ; : : : ; an i D r1 a1 C r2 a2 C C rn an W ri 2 R
is an ideal of R.
This ideal is called the ideal generated by a1 ; : : : ; an .
Recall that a1 ; : : : ; an are in ha1 ; : : : ; an i if R has an identity.
Theorem 1.4.9. Let R be a commutative ring with an identity 1 0. Then R is a
eld if and only if the only ideals in R are 0 and R.
Proof. Suppose that R is a eld and I C R is an ideal. We must show that either
I D 0 or I D R. Suppose that I 0 then we must show that I D R.
Since I 0 there exists an element a 2 I with a 0. Since R is a eld this
element a has an inverse a1 . Since I is an ideal it follows that a1 a D 1 2 I . Let
r 2 R then, since 1 2 I , we have r 1 D r 2 I . Hence R I and hence R D I .
Conversely suppose that R is a commutative ring with an identity whose only ideals
are 0 and R. We must show that R is a eld or equivalently that every nonzero
element of R has a multiplicative inverse.
Let a 2 R with a 0. Since R is a commutative ring and a 0, the principal
ideal aR is a nontrivial ideal in R. Hence aR D R. Therefore the multiplicative
identity 1 2 aR. It follows that there exists an r 2 R with ar D 1. Hence a has a
multiplicative inverse and R must be a eld.
1.5
Factor Rings and Ring Homomorphisms
Given an ideal I in a ring R we can build a new ring called the factor ring or quotient
ring of R modulo I . The special condition on the subring I that rI I and I r I
for all r 2 R, that makes it an ideal, is specically to allow this construction to be a
ring.
Denition 1.5.1. Let I be an ideal in a ring R. Then a coset of I is a subset of R of
the form
r C I D r C i W i 2 I
with r a xed element of R.
10
Lemma 1.5.2. Let I be an ideal in a ring R. Then the cosets of I partition R, that is
any two cosets are either coincide or disjoint.
We leave the proof to the exercises.
Now on the set of all cosets of an ideal we will build a new ring.
Theorem 1.5.3. Let I be an ideal in a ring R. Let R=I be the set of all cosets of I
in R, that is
R=I D r C I W r 2 R:
We dene addition and multiplication on R=I in the following manner:
.r1 C I / C .r2 C I / D .r1 C r2 / C I
.r1 C I / .r2 C I / D .r1 r2 / C I:
Then R=I forms a ring called the factor ring of R modulo I . The zero element of
R=I is 0 C I and the additive inverse of r C I is r C I .
Further if R is commutative then R=I is commutative and if R has an identity then
R=I has an identity 1 C I .
Proof. The proofs that R=I satises the ring axioms under the denitions above is
straightforward. For example
.r1 C I / C .r2 C I / D .r1 C r2 / C I D .r2 C r1 / C I D .r2 C I / C .r1 C I /
and so addition is commutative.
What must be shown is that both addition and multiplication are well-dened. That
is, if
r1 C I D r10 C I and r2 C I D r20 C I
then
and
.r1 C I / C .r2 C I / D .r10 C I / C .r20 C I /

.r1 C I / .r2 C I / D .r10 C I / .r20 C I /:
Now if r1 C I D r10 C I then r1 2 r10 C I and so r1 D r10 C i1 for some i1 2 I .

Similarly if r2 C I D r20 C I then r2 2 r20 C I and so r2 D r20 C i2 for some i2 2 I .
Then
.r1 C I / C .r2 C I / D .r10 C i1 C I / C .r20 C i2 C I / D .r10 C I / C .r20 C I /
since i1 C I D I and i2 C I D I . Similarly
.r1 C I / .r2 C I / D .r10 C i1 C I / .r20 C i2 C I /
D r10 r20 C r10 i2 C r20 i1 C r10 I C r20 I C I I
D .r10 r20 / C I
since all the other products are in the ideal I .
Section 1.5 Factor Rings and Ring Homomorphisms
11
This shows that addition and multiplication are well-dened. It also shows why the
ideal property is necessary.
As an example let R be the integers Z. As we have seen each subring is an ideal
and of the form nZ for some natural number n. The factor ring Z=nZ is called the
residue class ring modulo n denoted Zn . Notice that we can take as cosets
0 C nZ; 1 C nZ; : : : ; .n 1/ C nZ:
Addition and multiplication of cosets is then just addition and multiplication modulo n, as we can see, that this is just a formalization of the ring Zn , that we have
already looked at. Recall that Zn is an integral domain if and only if n is prime and
Zn is a eld for precisely the same n. If n D 0 then Z=nZ is the same as Z.
We now show that ideals and factor rings are closely related to certain mappings
between rings.
Denition 1.5.4. Let R and S be rings. Then a mapping f W R ! S is a ring
homomorphism if
f .r1 C r2 / D f .r1 / C f .r2 / for any r1 ; r2 2 R
f .r1 r2 / D f .r1 / f .r2 /
for any r1 ; r2 2 R:
In addition,
(1) f is an epimorphism if it is surjective.
(2) f is an monomorphism if it is injective.
(3) f is an isomorphism if it is bijective, that is both surjective and injective. In this
case R and S are said to be isomorphic rings which we denote by R S.
(4) f is an endomorphism if R D S , that is a ring homomorphism from a ring to
itself.
(5) f is an automorphism if R D S and f is an isomorphism.
Lemma 1.5.5. Let R and S be rings and let f W R ! S be a ring homomorphism.
Then
(1) f .0/ D 0 where the rst 0 is the zero element of R and the second is the zero
element of S.
(2) f .r/ D f .r/ for any r 2 R.
Proof. We obtain f .0/ D 0 from the equation f .0/ D f .0 C 0/ D f .0/ C f .0/.
Hence 0 D f .0/ D f .r r/ D f .r C .r// D f .r/ C f .r/, that is f .r/ D
f .r/.
12
Denition 1.5.6. Let R and S be rings and let f W R ! S be a ring homomorphism.

Then the kernel of f is
ker.f / D r 2 R W f .r/ D 0:
The image of f , denoted im.f /, is the range of f within S. That is
im.f / D s 2 S W there exists r 2 R with f .r/ D s:
Theorem 1.5.7 (ring isomorphism theorem). Let R and S be rings and let
f WR!S
be a ring homomorphism. Then
(1) ker.f / is an ideal in R, im.f / is a subring of S and
R= ker.f / im.f /:
(2) Conversely suppose that I is an ideal in a ring R. Then the map f W R ! R=I
given by f .r/ D r C I for r 2 R is a ring homomorphism whose kernel is I
and whose image is R=I .
The theorem says that the concepts of ideal of a ring and kernel of a ring homomorphism coincide, that is each ideal is the kernel of a homomorphism and the kernel
of each ring homomorphism is an ideal.
Proof. Let f W R ! S be a ring homomorphism and let I D ker.f /. We show
rst that I is an ideal. If r1 ; r2 2 I then f .r1 / D f .r2 / D 0. It follows from the
homomorphism property that
f .r1 r2 / D f .r1 / f .r2 / D 0 C 0 D 0
f .r1 r2 / D f .r1 / f .r2 / D 0 0 D 0:
Therefore I is a subring.
Now let i 2 I and r 2 R. Then
f .r i / D f .r/ f .i / D f .r/ 0 D 0
and
f .i r/ D f .i/ f .r/ D 0 f .r/ D 0
and hence I is an ideal.

Consider the factor ring R=I . Let f W R=I ! im.f / by f .r C I / D f .r/. We
show that f is an isomorphism.
First we show that it is well-dened. Suppose that r1 C I D r2 C I then r1 r2 2
I D ker.f /. It follows that f .r1 r2 / D 0 so f .r1 / D f .r2 /. Hence f .r1 C I / D
f .r2 C I / and the map f is well-dened.
13
Section 1.6 Fields of Fractions
Now
f ..r1 C I / C .r2 C I // D f ..r1 C r2 / C I / D f .r1 C r2 /
D f .r1 / C f .r2 / D f .r1 C I / C f .r2 C I /
and
f ..r1 C I / .r2 C I // D f ..r1 r2 / C I / D f .r1 r2 /
D f .r1 / f .r2 / D f .r1 C I / f .r2 C I /:
Hence f is a homomorphism. We must now show that it is injective and surjective.
Suppose that f .r1 CI / D f .r2 CI /. Then f .r1 / D f .r2 / so that f .r1 r2 / D
0. Hence r1 r2 2 ker.f / D I . Therefore r1 2 r2 C I and thus r1 C I D r2 C I
and the map f is injective.
Finally let s 2 im.f /. Then there exists and r 2 R such that f .r/ D s. Then
f .r C I / D s and the map f is surjective and hence an isomorphism. This proves
the rst part of the theorem.
To prove the second part let I be an ideal in R and R=I the factor ring. Consider
the map f W R ! R=I given by f .r/ D r C I . From the denition of addition and
multiplication in the factor ring R=I it is clear that this is a homomorphism. Consider
the kernel of f . If r 2 ker.f / then f .r/ D r C I D 0 D 0 C I . This implies
that r 2 I and hence the kernel of this map is exactly the ideal I completing the
theorem.
Theorem 1.5.7 is called the ring isomorphism theorem or the rst ring isomorphism
theorem. We mention that there is an analogous theorem for each algebraic structure.
In particular for groups and vector spaces. We will mention the result for groups in
Section 1.8.
1.6
Fields of Fractions
The integers are an integral domain and the rationals Q are a eld that contains the
integers. First we show that Q is the smallest eld containing Z.
Theorem 1.6.1. The rationals Q are the smallest eld containing the integers Z. That
is if Z F Q with F a subeld of Q then F D Q.
Proof. Since Z F we have m; n 2 F for any two integers m; n. Since F is a
subeld, it is closed under taking division, that is taking multiplicative inverses and
hence the fraction m
n 2 F . Since each element of Q is such a fraction it follows that
Q F . Since F Q it follows that F D Q.
14
Notice that to construct the rationals from the integers we form all the fractions
m2
1
with n 0 and where m
n1 D n2 if m1 n2 D n1 m2 . We then do the standard
operations on fractions. If we start with any integral domain D we can mimic this
construction to build a eld of fractions from D that is the smallest eld containing D.
m
n
Theorem 1.6.2. Let D be an integral domain. Then there is a eld F containing D,

called the eld of fractions for D, such that each element of F is a fraction from D,
that is an element of the form d1 d21 with d1 ; d2 2 D. Further F is unique up to
isomorphism and is the smallest eld containing D.
Proof. The proof is just the mimicking of the construction of the rationals from the
integers. Let
F ? D .d1 ; d2 / W d1 ; d2 0; d1 ; d2 2 D:
Dene on F ? the equivalence relation
.d1 ; d2 / D .d10 ; d20 / if d1 d20 D d2 d10 :
Let F be the set of equivalence classes and dene addition and multiplication in the
usual manner as for fractions where the result is the equivalence class.
.d1 ; d2 / C .d3 ; d4 / D .d1 d4 C d2 d3 ; d2 d4 /
.d1 ; d2 / .d3 ; d4 / D .d1 d3 ; d2 d4 /:
It is now straightforward to verify the ring axioms for F . The inverse of .d1 ; 1/ is
.1; d1 / for d1 0 in D.
As with Z we identify the elements of F as fractions dd12 .
The proof that F is the smallest eld containing D is the same as for Q from Z.
As examples we have that Q is the eld of fractions for Z. A familiar but less
common example is the following.
Let Rx be the set of polynomials over the real numbers R. It can be shown that
Rx forms an integral domain. The eld of fractions consists of all formal functions
f .x/
where f .x/; g.x/ are real polynomials with g.x/ 0. The corresponding eld
g.x/
of fractions is called the eld of rational functions over R and is denoted R.x/.
1.7
Characteristic and Prime Rings
We saw in the last section that Q is the smallest eld containing the integers. Since
any subeld of Q must contain the identity, it follows that any nontrivial subeld of
Q must contain the integers and hence be all of Q. Therefore Q has no nontrivial
subelds. We say that Q is a prime eld.
Section 1.7 Characteristic and Prime Rings
15
Denition 1.7.1. A eld F is a prime eld if F contains no nontrivial subelds.

Lemma 1.7.2. Let K be any eld. Then K contains a prime eld F as a subeld.
Proof. Let K1 ; K2 be subelds of K. If k1 ; k2 2 K1 \K2 then k1 k2 2 K1 since K1
is a subeld and k1 k2 2 K2 since K2 is a subeld. Therefore k1 k2 2 K1 \ K2 .
Similarly k1 k21 2 K1 \ K2 . It follows that K1 \ K2 is again a subeld.
Now let F be the intersection of all subelds of K. From the argument above F is
a subeld and the only nontrivial subeld of F is itself. Hence F is a prime eld.
Denition 1.7.3. Let R be a commutative ring with an identity 1 0. The smallest
positive integer n such that n 1 D 1 C 1 C C 1 D 0 is called the characteristic
of R. If there is no such n, then R has characteristic 0. We denote the characteristic
by char.R/.
Notice rst that the characteristic of Z; Q; R are all zero. Further the characteristic
of Zn is n.
Theorem 1.7.4. Let R be an integral domain. Then the characteristic of R is either
0 or a prime. In particular the characteristic of a eld is zero or a prime.
Proof. Suppose that R is an integral domain and char.R/ D n 0. Suppose that
n D mk with 1 < m < n, 1 < k < n. Then n 1 D 0 D .m 1/.k 1/. Since
R is an integral domain we have no zero divisors and hence m 1 D 0 or k 1 D 0.
However this is a contradiction since n is the least positive integer such that n 1 D 0.
Therefore n must be a prime.
We have seen that every eld contains a prime eld. We extend this.
Denition 1.7.5. A commutative ring R with an identity 1 0 is a prime ring if the
only subring containing the identity is the whole ring.
Clearly both the integers Z and the modular integers Zn are prime rings. In fact up
to isomorphism they are the only prime rings.
Theorem 1.7.6. Let R be a prime ring. If char.R/ D 0 then R Z, while if
char.R/ D n > 0 then R Zn .
Proof. Suppose that char.R/ D 0. Let S D r D m 1 W r 2 R; m 2 Z. Then S is
a subring of R containing the identity (see the exercises) and hence S D R. However
the map m 1 ! m gives an isomorphism from S to Z. It follows that R is isomorphic
to Z.
If char.R/ D n > 0 the proof is identical. Since n 1 D 0 the subring S of R
dened above is all of R and isomorphic to Zn .
16
Theorem 1.7.6 can be extended to elds with Q taking the place of Z and Zp , with
p a prime, taking the place of Zn .
Theorem 1.7.7. Let K be a prime eld. If K has characteristic 0 then K Q while
if K has characteristic p then K Zp .
Proof. The proof is identical to that of Theorem 1.7.6; however we consider the smallest subeld K1 of K containing S.
We mention that there can be innite elds of characteristic p. Consider for example the eld of fractions of the polynomial ring Zp x. This is the eld of rational
functions with coefcients in Zp .
We give a theorem on elds of characteristic p that will be important much later
when we look at Galois theory.
Theorem 1.7.8. Let K be a eld of characteristic p. Then the mapping W K ! K
given by .k/ D k p is an injective endomorphism of K. In particular .a C b/p D
ap C b p for any a; b 2 K.
This mapping is called the Frobenius homomorphism of K.
Further if K is nite, is an automorphism.
Proof. We rst show that is a homomorphism. Now
.ab/ D .ab/p D ap b p D .a/.b/:
We need a little more work for addition.
!
!
p
p1
X
X p
p i pi
p
p
ab
ai b pi C b p
.a C b/ D .a C b/ D
Da C
i
i
i D0
i D1
by the binomial expansion which holds in any commutative ring. However

!
p
p.p1 / .p i C 1/
D
i
i .i 1/ 1

p
and it is clear that pj i for 1 i p 1. Hence in K we have pi 1 D 0 and so
we have
.a C b/ D .a C b/p D ap C b p D .a/ C .b/:
Therefore is a homomorphism.
Further is always injective. To see this suppose that .x/ D .y/. Then
.x y/ D 0 H) .x y/p D 0:
But K is a eld so there are no zero divisors so we must have x y D 0 or x D y.
If K is nite and is injective it must also be surjective and hence an automorphism
of K.
17
Section 1.8 Groups
1.8
Groups
We close this rst chapter by introducing some basic denitions and results from
group theory, that mirror the results, that were presented for rings and elds. We will
look at group theory in more detail later in the book. Proofs will be given at that point.
Denition 1.8.1. A group G is a set with one binary operation (which we will denote
by multiplication) such that
(1) The operation is associative.
(2) There exists an identity for this operation.
(3) Each g 2 G has an inverse for this operation.
If, in addition, the operation is commutative, the group G is called an abelian group.
The order of G is the number of elements in G, denoted by jGj. If jGj < 1; G is a
nite group otherwise G is an innite group.
Groups most often arise from invertible mappings of a set onto itself. Such mappings are called permutations.
Theorem 1.8.2. The group of all permutations on a set A forms a group called the
symmetric group on A which we denote by SA . If A has more than 2 elements then SA
is nonabelian.
Denition 1.8.3. Let G1 and G2 be groups. Then a mapping f W G1 ! G2 is a
(group) homomorphism if
f .g1 g2 / D f .g1 /f .g2 /
for any g1 ; g2 2 G1 :
As with rings we have further

(1) f is an epimorphism if it is surjective.
(2) f is an monomorphism if it is injective.
(3) f is an isomorphism if it is bijective, that is both surjective and injective. In
this case G1 and G2 are said to be isomorphic groups, which we denote by
G1 G2 .
(4) f is an endomorphism if G1 D G2 , that is a homomorphism from a group to
itself.
(5) f is an automorphism if G1 D G2 and f is an isomorphism.
18
Lemma 1.8.4. Let G1 and G2 be groups and let f W G1 ! G2 be a homomorphism.

Then
(a) f .1/ D 1 where the rst 1 is the identity element of G1 and the second is the
identity element of G2 .
(b) f .g 1 / D .f .g//1 for any g 2 G1 .
If A is a set, jAj denotes the size of A.
Theorem 1.8.5. If A1 and A2 are sets with jA1 j D jA2 j then SA1 SA2 . If jAj D n
with n nite we call SA the symmetric group on n elements which we denote by Sn .
Further we have jSn j D n.
Subgroups are dened in an analogous manner to subrings. Special types of subgroups called normal subgroups take the place in group theory that ideals play in ring
theory.
Denition 1.8.6. A subset H of a group G is a subgroup if H ; and H forms a
group under the same operation as G. Equivalently, H is a subgroup if H ; and
H is closed under the operation and inverses.
Denition 1.8.7. If H is a subgroup of a group G, then a left coset of H is a subset
of G of the form gH D gh W h 2 H . A right coset of H is a subset of G of the
form Hg D hg W h 2 H .
As with rings the cosets of a subgroup partition a group. We call the number of
right cosets of a subgroup H in a group G then index of H in G, denoted jG W H j.
One can prove that the number of right cosets is equal to the number of left cosets.
For nite groups we have the following beautiful result called Lagranges theorem.
Theorem 1.8.8 (Lagranges theorem). Let G be a nite group and H a subgroup.
Then the order of H divides the order of G. In particular
jGj D jH jjG W H j:
Normal subgroups take the place of ideals in group theory.
Denition 1.8.9. A subgroup H of a group G is a normal subgroup, denoted H C G,
if every left coset of H is also a right coset, that is gH D Hg for each g 2 G. Note
that this does not say that g and H commute elementwise, just that the subsets gH
and Hg are the same. Equivalently H is normal if g1 Hg D H for any g 2 G.
Normal subgroups allow us to construct factor groups just as ideals allowed us to
construct factor rings.
19
Section 1.9 Exercises
Theorem 1.8.10. Let H be a normal subgroup of a group G. Let G=H be the set of
all cosets of H in G, that is
G=H D gH W g 2 G:
We dene multiplication on G=H in the following manner
.g1 H /.g2 H / D g1 g2 H:
Then G=H forms a group called the factor group or quotient group of G modulo H .
The identity element of G=H is 1H and the inverse of gH is g 1 H .
Further if G is abelian then G=H is also abelian.
Finally as with rings normal subgroups, factor groups are closely tied to homomorphisms.
Denition 1.8.11. Let G1 and G2 be groups and let f W G1 ! G2 be a homomorphism. Then the kernel of f , denoted ker.f /, is
ker.f / D g 2 G1 W f .g/ D 1:
The image of f , denoted im.f /, is the range of f within G2 . That is
im.f / D h 2 G2 W there exists g 2 G1 with f .g/ D h:
Theorem 1.8.12 (group isomorphism theorem). Let G1 and G2 be groups and let
f W G1 ! G2 be a homomorphism. Then
(1) ker.f / is a normal subgroup in G1 . im.f / is a subgroup of G2 and
G1 = ker.f / im.f /:
(2) Conversely suppose that H is a normal subgroup of a group G. Then the map
f W G ! G=H given by f .g/ D gH for g 2 G is a homomorphism whose
kernel is H and whose image is G=H .
1.9
Exercises
1. Let W K ! R be a homomorphism from a eld K to a ring R. Show: Either

.a/ D 0 for all a 2 K or is a monomorphism.
2. Let R be a ring and M ; an arbitrary set. Show that the following are equivalent:
(i) The ring of all mappings from M to R is a eld.
(ii) M contains only one element and R is a eld.
20
3. Let be a set of prime numbers. Dene
a
Q D
W all prime divisors of b are in :
b
(i) Show that Q is a subring of Q.
(ii) Let R be a subring of Q and let
1
2 R.
b
a
b
2 R with coprime integers a; b. Show that
(iii) Determine all subrings R of Q. (Hint: Consider the set of all prime divisors
of denominators of reduced elements of R.)
4. Prove Lemma 1.5.2.
5. Let R be a commutative ring with an identity 1 2 R. Let A, B and C be ideals
in R. A C B WD a C b W a 2 A; b 2 B and AB WD .ab W a 2 A; b 2 B/.
Show:
(i) A C B G R, A C B D .A [ B/
(ii) AB D a1 b1 C C an bn W n 2 N; ai 2 A; bi 2 B, AB A \ B
(iii) A.B C C/ D AB C AC , .A C B/C D AB C BC , .AB/C D A.BC /
(iv) A D R , A \ R ;
(v) a; b 2 R ) hai C hbi D xa C yb W x; y 2 R
(vi) a; b 2 R ) haihbi D habi. Here hai D Ra D xa W x 2 R.
6. Solve the following congruence:
3x 5 mod 7:
Is this congruence also solvable mod 17?
7. Show that the set of 2 2 matrices over a ring R forms a ring.
9. Prove that if R is a ring with identity and S D r D m 1 W r 2 R; m 2 Z then S
is a subring of R containing the identity.
Chapter 2
Maximal and Prime Ideals
2.1
Maximal and Prime Ideals
In the rst chapter we dened ideals I in a ring R and then the factor ring R=I of
R modulo the ideal I . We saw further that if R is commutative then R=I is also
commutative and if R has an identity then so does R=I . This raises further questions
concerning the structure of factor rings. In particular we can ask under what conditions does R=I form an integral domain and under what conditions does R=I form
a eld. These questions lead us to dene certain special properties of ideals, called
prime ideals and maximal ideals.
For motivation let us look back at the integers Z. Recall that each proper ideal in Z
has the form nZ for some n > 1 and the resulting factor ring Z=nZ is isomorphic
to Zn . We proved the following result.
Theorem 2.1.1. Zn D Z=nZ is an integral domain if and only if n D p a prime.
Further Zn is a eld again if and only if n D p is a prime.
Hence for the integers Z a factor ring is a eld if and only if it is an integral domain.
We will see later that this is not true in general. However what is clear is that the
special ideals nZ leading to integral domains and elds are precisely when n is a
prime. We look at the ideals pZ with p a prime in two different ways and then use
these in subsequent sections to give the general denitions. We rst need a famous
result, Euclids lemma, from number theory. For integers a; b the notation ajb means
that a divides b.
Lemma 2.1.2 (Euclid). If p is a prime and pjab then pja or pjb.
Proof. Recall that the greatest common divisor or GCD of two integers a; b is an
integer d > 0 such that d is a common divisor of both a and b and if d1 is another
common divisor of a and b then d1 jd . We express the GCD of a; b by d D .a; b/. It
is known that for any two integers a; b their GCD exists and is unique and further is
the least positive linear combination of a and b, that is the least positive integer of the
form ax C by for integers x; y. The integers a; b are relatively prime if their GCD is
1, .a; b/ D 1. In this case 1 is a linear combination of a and b.
Now suppose pjab where p is a prime. If p does not divide a then since the only
positive divisors of p are 1 and p it follows that .a; p/ D 1. Hence 1 is expressible
22
Chapter 2 Maximal and Prime Ideals
as a linear combination of a and p. That is ax C py D 1 for some integers x; y.

Multiply through by b, so that
abx C pby D b:
Now pjab so pjabx and pjpby. Therefore pjabx C pby, that is, pjb.
We now recast this lemma in two different ways in terms of the ideal pZ. Notice
that pZ consists precisely of all the multiples of p. Hence pjab is equivalent to
ab 2 pZ.
Lemma 2.1.3. If p is a prime and ab 2 pZ then a 2 pZ or b 2 pZ.
This conclusion will be taken as the denition of a prime ideal in the next section.
Lemma 2.1.4. If p is a prime and pZ nZ then n D 1 or n D p. That is, every
ideal in Z containing pZ with p a prime is either all of Z or pZ.
Proof. Suppose that pZ nZ. Then p 2 nZ so p is a multiple of n. Since p is a
prime it follows easily that either n D 1 or n D p.
In Section 2.3 the conclusion of this lemma will be taken as the denition of a
maximal ideal.
2.2
Prime Ideals and Integral Domains
Motivated by Lemma 2.1.3 we make the following general denition for commutative
rings R with identity.
Denition 2.2.1. Let R be a commutative ring. An ideal P in R with P R is a
prime ideal if whenever ab 2 P with a; b 2 R then either a 2 P or b 2 P .
This property of an ideal is precisely what is necessary and sufcient to make the
factor ring R=I an integral domain.
Theorem 2.2.2. Let R be a commutative ring with an identity 1 0 and let P be a
nontrivial ideal in R. Then P is a prime ideal if and only if the factor ring R=P is an
integral domain.
Proof. Let R be a commutative ring with an identity 1 0 and let P be a prime ideal.
We show that R=P is an integral domain. From the results in the last chapter we have
that R=P is again a commutative ring with an identity. Therefore we must show that
there are no zero divisors in R=P . Suppose that .a C I /.b C I / D 0 in R=P . The
zero element in R=P is 0 C P and hence
.a C P /.b C P / D 0 D 0 C P H) ab C P D 0 C P H) ab 2 P:
Section 2.2 Prime Ideals and Integral Domains
23
However P is a prime ideal so we must then have a 2 P or b 2 P . If a 2 P then

a C P D P D 0 C P so a C P D 0 in R=P . The identical argument works if b 2 P .
Therefore there are no zero divisors in R=P and hence R=P is an integral domain.
Conversely suppose that R=P is an integral domain. We must show that P is a
prime ideal. Suppose that ab 2 P . Then .a C P /.b C P / D ab C P D 0 C P .
Hence in R=P we have
.a C P /.b C P / D 0:
However R=P is an integral domain so it has no zero divisors. It follows that either
a C P D 0 and hence a 2 P or b C P D 0 and b 2 P . Therefore either a 2 P or
b 2 P so P is a prime ideal.
In a commutative ring R we can dene a multiplication of ideals. We then obtain
an exact analog of Euclids lemma. Since R is commutative each ideal is 2-sided.
Denition 2.2.3. Let R be a commutative ring with an identity 1 0 and let A and
B be ideals in R. Dene
AB D a1 b1 C C an bn W ai 2 A; bi 2 B; n 2 N:
That is AB is the set of nite sums of products ab with a 2 A and b 2 B.
Lemma 2.2.4. Let R be a commutative ring with an identity 1 0 and let A and B
be ideals in R. Then AB is an ideal.
Proof. We must verify that AB is a subring and that it is closed under multiplication
from R. Le r1 ; r2 2 AB. Then
r1 D a1 b1 C C an bn
and
Then
0 0
bm
r2 D a10 b10 C C am
for some ai 2 A; bi 2 B
for some ai0 2 A; bi0 2 B:
0 0
r1 r2 D a1 b1 C C an bn a10 b10 am
bm
which is clearly in AB. Further

0 0
bm :
r1 r2 D a1 b1 a10 b10 C C an bn am
Consider for example the rst term a1 b1 a10 b10 . Since R is commutative this is equal
to
.a1 a10 /.b1 b10 /:
Now a1 a10 2 A since A is a subring and b1 b10 2 B since B is a subring. Hence this
term is in AB. Similarly for each of the other terms. Therefore r1 r2 2 AB and hence
AB is a subring.
24
Now let r 2 R and consider rr1 . This is then

rr1 D ra1 b1 C C ran bn :
Now rai 2 A for each i since A is an ideal. Hence each summand is in AB and then
rr1 2 AB. Therefore AB is an ideal.
Lemma 2.2.5. Let R be a commutative ring with an identity 1 0 and let A and
B be ideals in R. If P is a prime ideal in R then AB P implies that A P or
B P.
Proof. Suppose that AB P with P a prime ideal and suppose that B is not contained in P . We show that A P . Since AB P each product ai bj 2 P . Choose
a b 2 B with b P and let a be an arbitrary element of A. Then ab 2 P . Since
P is a prime ideal this implies either a 2 P or b 2 P . But by assumption b P so
a 2 P . Since a was arbitrary we have A P .
2.3
Maximal Ideals and Fields
Now, motivated by Lemma 2.1.4 we dene a maximal ideal.

Denition 2.3.1. Let R be a ring and I an ideal in R. Then I is a maximal ideal if
I R and if J is an ideal in R with I J then I D J or J D R.
If R is a commutative ring with an identity this property of an ideal I is precisely
what is necessary and sufcient so that R=I is a eld.
Theorem 2.3.2. Let R be a commutative ring with an identity 1 0 and let I be an
ideal in R. Then I is a maximal ideal if and only if the factor ring R=I is a eld.
Proof. Suppose that R is a commutative ring with an identity 1 0 and let I be an
ideal in R. Suppose rst that I is a maximal ideal and we show that the factor ring
R=I is a eld.
Since R is a commutative ring with an identity the factor ring R=I is also a commutative ring with an identity. We must show then that each nonzero element of R=I
has a multiplicative inverse. Suppose then that r D r CI 2 R=I is a nonzero element
of R=I . It follows that r I . Consider the set hr; I i D rx C i W x 2 R; i 2 I .
This is also an ideal (see exercises) called the ideal generated by r and I , denoted
hr; I i. Clearly I hr; I i and since r I and r D r 1 C 0 2 hr; I i it follows that
hr; I i I . Since I is a maximal ideal it follows that hr; I i D R the whole ring.
Hence the identity element 1 2 hr; I i and so there exist elements x 2 R and i 2 I
such that 1 D rx C i . But then 1 2 .r C I /.x C I / and so 1 C I D .r C I /.x C I /.
Section 2.4 The Existence of Maximal Ideals
25
Since 1 C I is the multiplicative identity of R=I is follows that x C I is the multiplicative inverse of r C I in R=I . Since r C I was an arbitrary nonzero element of
R=I it follows that R=I is a eld.
Now suppose that R=I is a eld for an ideal I . We show that I must be maximal.
Suppose then that I1 is an ideal with I I1 and I I1 . We must show that I1 is all
of R. Since I I1 there exists an r 2 I1 with r I . Therefore the element r C I is
nonzero in the factor ring R=I and since R=I is a eld it must have a multiplicative
inverse x C I . Hence .r C I /.x C I / D rx C I D 1 C I and therefore there is an
i 2 I with 1 D rx C i. Since r 2 I1 and I1 is an ideal we get that rx 2 I1 . Further
since I I1 it follows that rx C i 2 I1 and so 1 2 I1 . If r1 is an arbitrary element
of R then r1 1 D r1 2 I1 . Hence R I1 and so R D I1 . Therefore I is a maximal
ideal.
Recall that a eld is already an integral domain. Combining this with the ideas of
prime and maximal ideals we obtain:
Theorem 2.3.3. Let R be a commutative ring with an identity 1 0. Then each
maximal ideal is a prime ideal
Proof. Suppose that R is a commutative ring with an identity and I is a maximal ideal
in R. Then from Theorem 2.3.2 we have that the factor ring R=I is a eld. But a eld
is an integral domain so R=I is an integral domain. Therefore from Theorem 2.2.2
we have that I must be a prime ideal.
The converse is not true in general. That is there are prime ideals that are not
maximal. Consider for example R D Z the integers and I D 0. Then I is an ideal
and R=I D Z=0 Z is an integral domain. Hence 0 is a prime ideal. However
Z is not a eld so 0 is not maximal. Note however that in the integers Z a proper
ideal is maximal if and only if it is a prime ideal.
2.4
The Existence of Maximal Ideals
In this section we prove that in any ring R with an identity there do exist maximal
ideals. Further given an ideal I R then there exists a maximal ideal I0 such that
I I0 . To prove this we need three important equivalent results from logic and set
theory.
First recall that a partial order on a set S is a reexive, transitive relation on S.
That is a a for all a 2 S and if a b; b c then a c. This is a partial order
since there may exist elements a 2 S where neither a b nor b a. If A is any set
then it is clear that containment of subsets is a partial order on the power set P .A/.
If is a partial order on a set M , then a chain on M is a subset K M such that
a; b 2 K implies that a b or b a. A chain on M is bounded if there exists an
26
m 2 M such that k m for all k 2 K. The element m is called an upper bound

for K. An element m0 2 M is maximal if whenever m 2 M with m0 m then
m D m0 . We now state the three important results from logic.
Zorns lemma. If each chain of M has an upper bound in M then there is at least
one maximal element in M .
Axiom of well-ordering. Each set M can be well-ordered, such that each nonempty
subset of M contains a least element.
i 2 I be a nonempty collection of nonempty sets. Then
Axiom of choice. Let Mi W S
there is a mapping f W I ! i 2I Mi with f .i/ 2 Mi for all i 2 I .
The following can be proved.
Theorem 2.4.1. Zorns lemma, the axiom of well-ordering and the axiom of choice
are all equivalent.
We now show the existence of maximal ideals in commutative rings with identity.
Theorem 2.4.2. Let R be a commutative ring with an identity 1 0 and let I be an
ideal in R with I R. Then there exists a maximal ideal I0 in R with I I0 . In
particular a ring with an identity contains maximal ideals.
Proof. Let I be an ideal in the commutative ring R. We must show that there exists a
maximal ideal I0 in R with I I0 .
Let
M D X W X is an ideal with I X R:
Then M is partially ordered by containment. We want to show rst that each chain in
M has a maximal element. If K D Xj W Xj 2 M; j 2 J is a chain let
[
X0 D
Xj :
j 2J
If a; b 2 X 0 then there exists an i; j 2 J with a 2 Xi ; b 2 Xj . Since K is a chain

either Xi Xj or Xj Xi . Without loss of generality suppose that Xi Xj so that
a; b 2 Xj . Then a b 2 Xj X 0 and ab 2 Xj X 0 since Xj is an ideal. Further
if r 2 R then ra 2 Xj X 0 since Xj is an ideal. Therefore X 0 is an ideal in R.
Since Xj R it follows that 1 Xj for all j 2 J . Therefore 1 X 0 and so
0 R. It follows that under the partial order of containment X 0 is an upper bound
X
for K.
We now use Zorns lemma. From the argument above we have that each chain has
a maximal element. Hence for an ideal I the set M above has a maximal element.
This maximal element I0 is then a maximal ideal containing I .
Section 2.5 Principal Ideals and Principal Ideal Domains
2.5
27
Principal Ideals and Principal Ideal Domains
Recall again that in the integers Z each ideal I is of the form nZ for some integer n.
Hence in Z each ideal can be generated by a single element.
Lemma 2.5.1. Let R be a commutative ring and a1 ; : : : ; an be elements of R. Then
the set
ha1 ; : : : ; an i D r1 a1 C C rn an W ri 2 R
forms an ideal in R called the ideal generated by a1 ; : : : ; an .
Proof. The proof is straightforward. Let
a D r1 a1 C C rn an ;
b D s1 a1 C C sn an
with r1 ; : : : ; rn ; s1 ; : : : ; sn elements of R, be two elements of ha1 ; : : : ; an i. Then

a b D .r1 s1 /a1 C C .rn sn /an 2 ha1 ; : : : ; an i
ab D .r1 s1 a1 /a1 C .r1 s2 a1 /a2 C C .rn sn an /an 2 ha1 ; : : : ; an i
so ha1 ; : : : ; an i forms a subring. Further if r 2 R we have
ra D .rr1 /a1 C C .rrn /an 2 ha1 ; : : : ; an i
and so ha1 ; : : : ; an i is an ideal.
Denition 2.5.2. Let R be a commutative ring. An ideal I R is a principal ideal
if it has a single generator. That is
I D hai D aR
for some a 2 R:
We now restate Theorem 1.4.7 of Chapter 1.

Theorem 2.5.3. Every nonzero ideal in Z is a principal ideal.
Proof. Every ideal I in Z is of the form nZ. This is the principal ideal generated
by n.
Denition 2.5.4. A principal ideal domain or PID is an integral domain in which
every ideal is principal.
Corollary 2.5.5. The integers Z are a principal ideal domain.
We mention that the set of polynomials Kx with coefcients from a eld K is
also a principal ideal domain. We will return to this in the next chapter.
Not every integral domain is a PID. Consider Kx; y the set of polynomials over
K in two variables x; y. Let I consist of all the polynomials with zero constant term.
28
Lemma 2.5.6. The set I in Kx; y as dened above is an ideal but not a principal
ideal.
Proof. We leave the proof that I forms an ideal to the exercises. To show that it is
not a principal ideal suppose I D hp.x; y/i. Now the polynomial q.x/ D x has zero
constant term so q.x/ 2 I . Hence p.x; y/ cannot be a constant polynomial. Further
if p.x; y/ had any terms with y in them there would be no way to multiply p.x; y/
by a polynomial h.x; y/ and obtain just x. Therefore p.x; y/ can contain no terms
with y in them. But the same argument using s.y/ D y shows that p.x; y/ cannot
have any terms with x in them. Therefore there can be no such p.x; y/ generating I
and so I is not principal and Kx; y is not a principal ideal domain.
2.6
Exercises
1. Consider the set hr; I i D rx C i W x 2 R; i 2 I where I is an ideal. Prove that

this is also an ideal called the ideal generated by r and I , denoted hr; I i.
2. Let R and S be commutative rings and let W R ! S be a ring epimorphism. Let
M be a maximal ideal in R. Show:
.M/ is a maximal ideal in S if and only if ker./ M. Is .M/ always a
prime ideal of S?
3. Let A1 ; : : : ; A t be ideals of a commutative ring R. Let P be a prime ideal of R.
Show:
T
(i) tiD1 Ai P ) Aj P for at least one index j .
T
(ii) tiD1 Ai D P ) Aj D P for at least one index j .
4. Which of the following ideals A are prime ideals of R? Which are maximal ideals?
(i) A D .x/, R D Zx.
(ii) A D .x 2 /, R D Zx.
p
p
(iii) A D .1 C 5/, R D Z 5.
(iv) A D .x; y/, R D Qx; y.
p
5. Let w D 12 .1 C 3/. Show that h2i is a prime ideal and even a maximal ideal of
Zw, but h2i is neither a prime ideal nor a maximal ideal of Zi.
6. Let R D ab W a; b 2 Z; b odd. Show that R is a subring of Q and that there is
only one maximal ideal M in R.
7. Let R be a ring with an identity. Let x; y 2 R and x 0 not be a zero divisor.
Further let hxi be a prime ideal with hxi hyi R. Show that hxi D hyi.
8. Consider Kx; y the set of polynomials over K in two variables x; y. Let I consist
of all the polynomials with zero constant term. Prove that the set I is an ideal.
Chapter 3
Prime Elements and Unique Factorization

Domains
3.1
The Fundamental Theorem of Arithmetic
The integers Z have served as much of our motivation for properties of integral domains. In the last chapter we saw that Z is a principal ideal domain and furthermore
that prime ideals 0 are maximal. From the viewpoint of the multiplicative structure of Z and the viewpoint of classical number theory the most important property
of Z is the fundamental theorem of arithmetic. This states that any integer n 0 is
uniquely expressible as a product of primes where uniqueness is up to ordering and
the introduction of 1, that is units. In this chapter we show that this property is not
unique to the integers and there are many other integral domains where this also holds.
These are called unique factorization domains and we will present several examples.
First we review the fundamental theorem of arithmetic, its proof and several other
ideas from classical number theory.
Theorem 3.1.1 (fundamental theorem of arithmetic). Given any integer n 0 there
is a factorization
n D cp1 p2 pk
where c D 1 and p1 ; : : : ; pn are primes. Further this factorization is unique up to
the ordering of the factors.
There are two main ingredients that go into the proof; induction and Euclids
lemma. We presented this in the last chapter. In turn however Euclids lemma depends upon the existence of greatest common divisors and their linear expressibility.
Therefore to begin we present several basic ideas from number theory.
The starting point for the theory of numbers is divisibility.
Denition 3.1.2. If a; b are integers we say that a divides b, or that a is a factor or
divisor of b, if there exists an integer q such that b D aq. We denote this by ajb. b is
then a multiple of a. If b > 1 is an integer whose only factors are 1; b then b is a
prime, otherwise b > 1 is composite.
The following properties of divisibility are straightforward consequences of the
denition.
30
Chapter 3 Prime Elements and Unique Factorization Domains
Lemma 3.1.3. The following properties hold:

(1) ajb ) ajbc for any integer c.
(2) ajb and bjc implies ajc.
(3) ajb and ajc implies that aj.bx C cy/ for any integers x; y.
(4) ajb and bja implies that a D b.
(5) If ajb and a > 0; b > 0 then a b.
(6) ajb if and only if cajcb for any integer c 0.
(7) aj0 for all a 2 Z and 0ja only for a D 0.
(8) aj 1 only for a D 1.
(9) a1 jb1 and a2 jb2 implies that a1 a2 jb1 b2 .
If b; c; x; y are integers then an integer bx C cy is called a linear combination of
b; c. Thus part (3) of Lemma 3.1.3 says that if a is a common divisor of b; c then a
divides any linear combination of b and c.
Further, note that if b > 1 is a composite then there exists x > 0 and y > 0 such
that b D xy and from part (5) we must have 1 < x < b, 1 < y < b.
In ordinary arithmetic, given a; b we can always attempt to divide a into b. The
next result called the division algorithm says that if a > 0 either a will divide b or the
remainder of the division of b by a will be less than a.
Theorem 3.1.4 (division algorithm). Given integers a; b with a > 0 then there exist
unique integers q and r such that b D qa C r where either r D 0 or 0 < r < a.
One may think of q and r as the quotient and remainder respectively when dividing
b by a.
Proof. Given a; b with a > 0 consider the set
S D b qa 0 W q 2 Z:
If b > 0 then b C a 0 and the sum is in S. If b 0 then there exists a q > 0 with
qa < b. Then b C qa > 0 and is in S . Therefore in either case S is nonempty.
Hence S is a nonempty subset of N [ 0 and therefore has a least element r. If r 0
we must show that 0 < r < a. Suppose r a, then r D a C x with x 0 and x < r
since a > 0. Then b qa D r D a C x ) b .q C 1/a D x. This means that x 2 S.
Since x < r this contradicts the minimality of r which is a contradiction. Therefore
if r 0 it follows that 0 < r < a.
The only thing left is to show the uniqueness of q and r. Suppose b D q1 a C r1
also. By the construction above r1 must also be the minimal element of S . Hence
r1 r and r r1 so r D r1 . Now
b qa D b q1 a H) .q1 q/a D 0
but since a > 0 it follows that q1 q D 0 so that q D q1 .
Section 3.1 The Fundamental Theorem of Arithmetic
31
The next idea that is necessary is the concept of greatest common divisor.
Denition 3.1.5. Given nonzero integers a; b their greatest common divisor or GCD
d > 0 is a positive integer which is a common divisor, that is d ja and d jb, and if d1
is any other common divisor then d1 jd . We denote the greatest common divisor of
a; b by either gcd.a; b/ or .a; b/.
Certainly, if a; b are nonzero integers with a > 0 and ajb then a D gcd.a; b/.
The next result says that given any nonzero integers they do have a greatest common
divisor and it is unique.
Theorem 3.1.6. Given nonzero integers a; b their GCD exists, is unique and can be
characterized as the least positive linear combination of a and b.
Proof. Given nonzero a; b consider the set
S D ax C by > 0 W x; y 2 Z:
Now a2 C b 2 > 0 so S is a nonempty subset of N and hence has a least element
d > 0. We show that d is the GCD.
First we must show that d is a common divisor. Now d D ax C by and is the least
such positive linear combination. By the division algorithm a D qd C r with 0
r < d . Suppose r 0. Then r D a qd D a q.ax C by/ D .1 qx/a qby > 0.
Hence r is a positive linear combination of a and b and therefore is in S. But then
r < d contradicting the minimality of d in S. It follows that r D 0 and so a D qd
and d ja. An identical argument shows that d jb and so d is a common divisor of a
and b. Let d1 be any other common divisor of a and b. Then d1 divides any linear
combination of a and b and so d1 jd . Therefore d is the GCD of a and b.
Finally we must show that d is unique. Suppose d1 is another GCD of a and b.
Then d1 > 0 and d1 is a common divisor of a; b. Then d1 jd since d is a GCD.
Identically d jd1 since d1 is a GCD. Therefore d D d1 and then d D d1 since they
are both positive.
If .a; b/ D 1 then we say that a; b are relatively prime. It follows that a and b are
relatively prime if and only if 1 is expressible as a linear combination of a and b. We
need the following three results.
Lemma 3.1.7. If d D .a; b/ then a D a1 d and b D b1 d with .a1 ; b1 / D 1.
Proof. If d D .a; b/ then d ja and d jb. Hence a D a1 d and b D b1 d . We have
d D ax C by D a1 dx C b1 dy:
32
Dividing both sides of the equation by d we obtain

1 D a1 x C b1 y:
Therefore .a1 ; b1 / D 1.
Lemma 3.1.8. For any integer c we have that .a; b/ D .a; b C ac/.
Proof. Suppose .a; b/ D d and .a; b C ac/ D d1 . Now d is the least positive linear
combination of a and b. Suppose d D axCby. d1 is a linear combination of a; bCac
so that
d1 D ar C .b C ac/s D a.cs C r/ C bs:
Hence d1 is also a linear combination of a and b and therefore d1 d . On the other
hand d1 ja and d1 j.b C ac/ and so d1 jb. Therefore d1 jd so d1 d . Combining these
we must have d1 D d .
The next result, called the Euclidean algorithm, provides a technique for both nding the GCD of two integers and expressing the GCD as a linear combination.
Theorem 3.1.9 (Euclidean algorithm). Given integers b and a > 0 with a b, form
the repeated divisions
b D q1 a C r1 ;
0 < r1 < a
a D q2 r1 C r2 ;
0 < r2 < r1
::
:
rn2 D qn rn1 C rn ;
0 < rn < rn1
rn1 D qnC1 rn :
The last nonzero remainder rn is the GCD of a; b. Further rn can be expressed as a
linear combination of a and b by successively eliminating the ri s in the intermediate
equations.
Proof. In taking the successive divisions as outlined in the statement of the theorem
each remainder ri gets strictly smaller and still nonnegative. Hence it must nally end
with a zero remainder. Therefore there is a last nonzero remainder rn . We must show
that this is the GCD.
Now from Lemma 3.1.7 the gcd .a; b/ D .a; b q1 a/ D .a; r1 / D .r1 ; aq2 r1 / D
.r1 ; r2 /. Continuing in this manner we have then that .a; b/ D .rn1 ; rn / D rn since
rn divides rn1 . This shows that rn is the GCD.
To express rn as a linear combination of a and b notice rst that
rn D rn2 qn rn1 :
Section 3.1 The Fundamental Theorem of Arithmetic
33
Substituting this in the immediately preceding division we get

rn D rn2 qn .rn3 qn1 rn2 / D .1 C qn qn1 /rn2 qn rn3 :
Doing this successively we ultimately express rn as a linear combination of a and b.
Example 3.1.10. Find the GCD of 270 and 2412 and express it as a linear combination of 270 and 2412.
We apply the Euclidean algorithm
2412 D .8/.270/ C 252
270 D .1/.252/ C 18
252 D .14/.18/:
Therefore the last nonzero remainder is 18 which is the GCD. We now must express
18 as a linear combination of 270 and 2412.
From the rst equation
252 D 2412 .8/.270/
which gives in the second equation
270 D 2412 .8/.270/ C 18 H) 18 D .1/.2412/ C .9/.270/
which is the desired linear combination.
The next result that we need is Euclids lemma. We stated and proved this in the
last chapter but we restate it here.
Lemma 3.1.11 (Euclids lemma). If p is a prime and pjab then pja or pjb.
We can now prove the fundamental theorem of arithmetic. Induction sufces to
show that there always exists such a decomposition into prime factors.
Lemma 3.1.12. Any integer n > 1 can be expressed as a product of primes, perhaps
with only one factor.
Proof. The proof is by induction. n D 2 is prime so its true at the lowest level.
Suppose that any integer 2 k < n can be decomposed into prime factors, we must
show that n then also has a prime factorization.
If n is prime then we are done. Suppose then that n is composite. Hence n D m1 m2
with 1 < m1 < n, 1 < m2 < n. By the inductive hypothesis both m1 and m2 can be
expressed as products of primes. Therefore n can, also using the primes from m1 and
m2 , completing the proof.
34
Before we continue to the fundamental theorem we mention that the existence of a

prime decomposition, unique or otherwise, can be used to prove that the set of primes
is innite. The proof we give goes back to Euclid and is quite straightforward.
Theorem 3.1.13. There are innitely many primes.
Proof. Suppose that there are only nitely many primes p1 ; : : : ; pn . Each of these is
positive so we can form the positive integer
N D p1 p2 pn C 1:
From Lemma 3.1.12 N has a prime decomposition. In particular there is a prime p
which divides N . Then
pj.p1 p2 pn C 1/:
Since the only primes are assumed p1 ; p2 ; : : : ; pn it follows that p D pi for some
i D 1; : : : ; n. But then pjp1 p2 pi : : : pn c so p cannot divide p1 pn C 1 which
is a contradiction. Therefore p is not one of the given primes showing that the list of
primes must be endless.
We can now prove the fundamental theorem of arithmetic.
Proof. We assume that n 1. If n 1 we use c D n and the proof is the same.
The statement certainly holds for n D 1 with k D 0. Now suppose n > 1. From
Lemma 3.1.12, n has a prime decomposition
n D p1 p2 pm :
We must show that this is unique up to the ordering of the factors. Suppose then that
n has another such factorization n D q1 q2 qk with the qi all prime. We must show
that m D k and that the primes are the same. Now we have
n D p1 p2 pm D q1 qk :
Assume that k m. From
n D p1 p2 pm D q1 qk
it follows that p1 jq1 q2 qk . From Lemma 3.1.11 then we must have that p1 jqi for
some i. But qi is prime and p1 > 1 so it follows that p1 D qi . Therefore we can
eliminate p1 and qi from both sides of the factorization to obtain
p2 pm D q1 qi 1 qi C1 qk :
Continuing in this manner we can eliminate all the pi from the left side of the factorization to obtain
1 D qmC1 qk :
If qmC1 ; : : : ; qk were primes this would be impossible. Therefore m D k and each
prime pi was included in the primes q1 ; : : : ; qm . Therefore the factorizations differ
only in the order of the factors, proving the theorem.
Section 3.2 Prime Elements, Units and Irreducibles
3.2
35
Prime Elements, Units and Irreducibles
We now let R be an arbitrary integral domain and attempt to mimic the divisibility
denitions and properties.
Denition 3.2.1. Let R be an integral domain.
(1) Suppose that a; b 2 R. Then a is a factor or divisor of b if there exists a c 2 R
with b D ac. We denote this, as in the integers, by ajb. If a is a factor of b then
b is called a multiple of a.
(2) An element a 2 R is a unit if a has a multiplicative inverse within R, that is
there exists an element a1 2 R with aa1 D 1.
(3) A prime element of R is an element p 0 such that p is not a unit and if pjab
then pja or pjb.
(4) An irreducible in R is an element c 0 such that c is not a unit and if c D ab
then a or b must be a unit.
(5) a and b in R are associates if there exists a unit e 2 R with a D eb.
Notice that in the integers Z the units are just 1. The set of prime elements
coincides with the set of irreducible elements. In Z this are precisely the set of prime
numbers. On the other hand if K is a eld every nonzero element is a unit so in K
there are no prime elements and no irreducible elements.
Recall that the modular rings Zn are elds (and integral domains) when n is a
prime. In general if n is not a prime then Zn is a commutative ring with an identity
and a unit is still an invertible element. We can characterize the units within Zn .
Lemma 3.2.2. a 2 Zn is a unit if and only if .a; n/ D 1.
Proof. Suppose .a; n/ D 1. Then there exist x; y 2 Z such that ax C ny D 1. This
implies that ax 1 mod n which in turn implies that ax D 1 in Zn and therefore a
is a unit.
Conversely suppose a is a unit in Zn . Then there is an x 2 Zn with ax D 1. In
terms of congruence then
ax 1
mod n H) njax 1 H) ax 1 D ny H) ax ny D 1:
Therefore 1 is a linear combination of a and n and so .a; n/ D 1.

If R is an integral domain then the set of units within R will form a group.
Lemma 3.2.3. If R is a commutative ring with an identity then the set of units in R
form an abelian group under ring multiplication. This is called the unit group of R
denoted U.R/.
36
Proof. The commutativity and associativity of U.R/ follow from the ring properties.
The identity of U.R/ is the multiplicative identity of R while the ring multiplicative
inverse for each unit is the group inverse. We must show that U.R/ is closed under
ring multiplication. If a 2 R is a unit we denote its multiplicative inverse by a1 .
Now suppose a; b 2 U.R/. Then a1 ; b 1 exist. It follows that
.ab/.b 1 a1 / D a.bb 1 /a1 D aa1 D 1:
Hence ab has an inverse, namely b 1 a1 (D a1 b 1 in a commutative ring) and
hence ab is also a unit. Therefore U.R/ is closed under ring multiplication.
In general irreducible elements are not prime. Consider for example the subring of
the complex numbers (see exercises) given by
p
p
R D Zi 5 D x C i 5y W x; y 2 Z:
This is a subring of the complex numbers C and hence can have no zero divisors.
Therefore R is an integralpdomain.
For an element x C iy 5 2 R dene its norm by
p
p
N.x C iy 5/ D jx C iy 5j D x 2 C 5y 2 :
Since x; y 2 Z it is clear that the norm of an element in R is a nonnegative integer.
Further if a 2 R with N.a/ D 0 then a D 0.
We have the following result concerning the norm.
Lemma 3.2.4. Let R and N be as above. Then
(1) N.ab/ D N.a/N.b/ for any elements a; b 2 R.
(2) The units of R are those a 2 R with N.a/ D 1. In R the only units are 1.
Proof. The fact that the norm is multiplicative is straightforward and left to the exercises. If a 2 R is a unit then there exists a multiplicative inverse b 2 R with ab D 1.
Then N.ab/ D N.a/N.b/ D 1. Since both N.a/ and N.b/ are nonnegative integers
we must have N.a/ D N.b/ D 1.
p
Conversely suppose that N.a/ D 1. If a D x C iy 5 then x 2 C 5y 2 D 1. Since
x; y 2 Z we must have y D 0 and x 2 D 1. Then a D x D 1.
Using this lemma we can show that R possesses irreducible elements that are not
prime.
p
Lemma 3.2.5. Let R be as above. Then 3 D 3 C i 0 5 is an irreducible element in
R but 3 is not prime.
Section 3.2 Prime Elements, Units and Irreducibles
37
Proof. Suppose that 3 D ab with a; b 2 R and a; b nonunits. Then N.3/ D 9 D

N.a/N.b/ with p
neither N.a/ D 1 nor N.b/ D 1. Hence both N.a/ D 3 and N.b/ D 3.
Let a D x C iy 5. It follows that x 2 C 5y 2 D 3. Since x; y 2 Z this is impossible.
Therefore one of a or b must be a unit and 3 is an irreducible
element.
p
p
We show that 3 is not prime in R. Let a D 2 C i 5 and b D 2 i 5. Then
ab D 9 and hence 3jab. Suppose 3ja so that a D 3c for some c 2 R. Then
9 D N.a/ D N.3/N.c/ D 9N.c/ H) N.c/ D 1:
Therefore c is a unit in R and from Lemma 3.2.4 we get c D 1. Hence a D 3.
This is a contradiction, so 3 does not divide a. An identical argument shows that 3
does not divide b. Therefore 3 is not a prime element in R.
We now examine the relationship between prime elements and irreducibles.
Theorem 3.2.6. Let R be an integral domain. Then
(1) Each prime element of R is irreducible.
(2) p 2 R is a prime element if and only if p 0 and hpi D pR is a prime ideal.
(3) p 2 R is irreducible if and only if p 0 and hpi D pR is maximal in the set
of all principal ideals of R which are not equal to R.
Proof. (1) Suppose that p 2 R is a prime element and p D ab. We must show that
either a or b must be a unit. Now pjab so either pja or pjb. Without loss of generality
we may assume that pja, so a D pr for some r 2 R. Hence p D ab D .pr/b D
p.rb/. However R is an integral domain so p prb D p.1 rb/ D 0 implies that
1 rb D 0 and hence rb D 1. Therefore b is a unit and hence p is irreducible.
(2) Suppose that p is a prime element. Then p 0. Consider the ideal pR and
suppose that ab 2 pR. Then ab is a multiple of p and hence pjab. Since p is prime
it follows that pja or pjb. If pja then a 2 pR while if pjb then b 2 pR. Therefore
pR is a prime ideal.
Conversely suppose that pR is a prime ideal and suppose that p D ab. Then
ab 2 pR so a 2 pR or b 2 pR. If a 2 pR then pja and if b 2 pR then pjb and so
p is prime.
(3) Let p be irreducible then p 0. Suppose that pR aR where a 2 R. Then
p D ra for some r 2 R. Since p is irreducible it follows that either a is a unit or r is
a unit. If r is a unit we have pR D raR D aR R since p is not a unit. If a is a unit
then aR D R and pR D rR R. Therefore pR is maximal in the set of principal
ideals not equal to R.
Conversely suppose p 0 and pR is a maximal ideal in the set of principal ideals
R. Let p D ab with a not a unit. We must show that b is a unit. Since aR R
and pR aR from the maximality we must have pR D aR. Hence a D rp for some
r 2 R. Then p D ab D rpb and as before we must have rb D 1 and b a unit.
38
Theorem 3.2.7. Let R be a principle ideal domain. Then:

(1) An element p 2 R is irreducible if and only if it is a prime element.
(2) A nonzero ideal of R is a maximal ideal if and only if it is a prime ideal.
(3) The maximal ideals of R are precisely those ideals pR where p is a prime
element.
Proof. First note that 0 is a prime ideal but not maximal.
(1) We already know that prime elements are irreducible. To show the converse
suppose that p is irreducible. Since R is a principal ideal domain from Theorem 3.2.6
we have that pR is a maximal ideal, and each maximal ideal is also a prime ideal.
Therefore from Theorem 3.2.6 we have that p is a prime element.
(2) We already know that each maximal ideal is a prime ideal. To show the converse
suppose that I 0 is a prime ideal. Then I D pR where p is a prime element
with p 0. Therefore p is irreducible from part (1) and hence pR is a maximal ideal
from Theorem 3.2.6.
(3) This follows directly from the proof in part (2) and Theorem 3.2.6.
3.3
Unique Factorization Domains
We now consider integral domains where there is unique factorization into primes. If
R is an integral domain and a; b 2 R then we say that a and b are associates if there
exists a unit 2 R with a D b.
Denition 3.3.1. An integral domain D is a unique factorization domain or UFD if
for each d 2 D then either d D 0, d is a unit or d has a factorization into primes
which is unique up to ordering and unit factors. This means that if
r D p1 pm D q1 qk
then m D k and each pi is an associate of some qj .
There are several relationships in integral domains that are equivalent to unique
factorization.
Denition 3.3.2. Let R be an integral domain.
(1) R has property (A) if and only if for each nonunit a 0 there are irreducible
elements q1 ; : : : ; qr 2 R satisfying a D q1 qr .
(2) R has property (A0 ) if and only if for each nonunit a 0 there are prime
elements p1 ; : : : ; pr 2 R satisfying a D p1 pr .
Section 3.3 Unique Factorization Domains
39
(3) R has property (B) if and only if whenever q1 ; : : : ; qr and q10 ; : : : ; qs0 are irreducible elements of R with
q1 qr D q10 qs0
then r D s and there is a permutation 2 Sr such that for each i 2 1; : : : ; r
0
are associates (uniqueness up to ordering and unit
the elements qi and q.i/
factors).
(4) R has property (C) if and only if each irreducible element of R is a prime element.
Notice that properties (A) and (C) together are equivalent to what we dened as
unique factorization. Hence an integral domain satisfying (A) and (C) is a UFD. We
show next, that there are other equivalent formulations.
Theorem 3.3.3. In an integral domain R the following are equivalent:
(1) R is a UFD.
(2) R satises properties (A) and (B).
(3) R satises properties (A) and (C).
(4) R satises property (A0 ).
Proof. As remarked before the statement of the theorem by denition (A) and (C) are
equivalent to unique factorization. We show here that (2), (3) and (4) are equivalent.
First we show that (2) implies (3).
Suppose that R satises properties (A) and (B). We must show that it also satises
(C), that is we must show that if q 2 R is irreducible then q is prime. Suppose that
q 2 R is irreducible and qjab with a; b 2 R. Then we have ab D cq for some c 2 R.
If a is a unit from ab D cq we get that b D a1 cq and qjb. Identically if b is a unit.
Therefore we may assume that neither a nor b are units.
If c D 0 then since R is an integral domain either a D 0 or b D 0 and qja or qjb.
We may assume then that c 0.
If c is a unit then q D c 1 ab and since q is irreducible either c 1 a or b are units.
If c 1 a is a unit then a is also a unit so if c is a unit either a or b are units contrary to
our assumption.
Therefore we may assume that c 0 and c is not a unit. From property (A) we
have
a D q1 q r
b D q10 qs0
c D q100 q t00
40
where q1 ; : : : qr ; q10 ; : : : ; qs0 ; q100 ; : : : q t00 are all irreducibles. Hence

q1 qr q10 qs0 D q100 q t00 q:
From property (B) q is an associate of some qi or qj0 . Hence qjqi or qjqj0 . It follows
that qja or qjb and therefore q is a prime element.
That (3) implies (4) is direct.
We show that (4) implies (2).
Suppose that R satises property (A0 ). We must show that it satises both (A)
and (B). We show rst that (A) follows from (A0 ) by showing that irreducible elements
are prime.
Suppose that q is irreducible. Then from (A0 ) we have
q D p1 pr
with each pi prime. It follows without loss of generality that p2 pr is a unit and p1
is a nonunit and hence pi j1 for i D 2; : : : ; r. Thus q D p1 and q is prime. Therefore
(A) holds.
We now show that (B) holds. Let
q1 qr D q10 qs0
where qi ; qj0 are all irreducibles and hence primes. Then
q10 jq1 qr
and so q10 jqi for some i . Without loss of generality suppose q10 jq1 . Then q1 D aq10 .
Since q1 is irreducible it follows that a is a unit and q1 and q10 are associates. It
follows then that
aq2 qr D q20 qs0
since R has no zero divisors. Property (B) holds then by induction and the theorem is
proved.
Note that in our new terminology Z is a UFD. In the next section we will present
other examples of UFDs however not every integral domain is a unique factorization
domain.
As we dened in the last section let R be the following subring of C.
p
p
R is an integral domain and we showed using the norm
3 is an irreducible in R.
p that p
are also irreducibles
Analogously we can show that the elements 2 C i p5; 2 i 5p
in R and further 3 is not an associate of either 2 C i 5 or 2 i 5. Then
p
p
9 D 3 3 D .2 C i 5/.2 i 5/
41
Section 3.4 Principal Ideal Domains and Unique Factorization
give two different decompositions for an element in terms of irreducible elements.

The fact that R is not a UFD also follows from the fact that 3 is an irreducible element
which is not prime.
Notice also that Euclids proof, that there are innitely many primes in Z, works in
any UFD.
Theorem 3.3.4. Let R be a UFD. Then R has innitely many prime elements.
Unique factorization is tied to the famous solution of Fermats big theorem. Wiles
and Taylor in 1995 proved the following.
Theorem 3.3.5. The equation x p C y p D z p has no integral solutions with xyz 0
for any prime p 3.
Kummer tried to prove this theorem by attempting to factor x p D z p y p . Call the
2 i
conclusion of Theorem 3.3.4 in an integral domain R property .Fp /. Let D e p .
Then
p1
Y
p
p
.z j y/:
z y D
j D0
View this equation in the ring

R D Z D
p1
X
aj W aj 2 Z :
j D0
Kummer proved that if R is a UFD then property .Fp / holds. However, independently,
from Uchida and Montgomery (1971) R is a UFD only if p 19 (see [41]).
3.4
Principal Ideal Domains and Unique Factorization
In this section we prove that every principal ideal domain (PID) is a unique factorization domain (UFD). We say that an ascending chain of ideals in R
I1 I2 In
becomes stationary if there exists an m such that Ir D Im for all r m.
Theorem 3.4.1. Let R be an integral domain. If each ascending chain of principal
ideals in R becomes stationary, then R satises property (A).
Proof. Suppose that a 0 is a not a unit in R. Suppose that a is not a product
of irreducible elements. Clearly then a cannot itself be irreducible. Hence a D a1 b1
with a1 ; b1 2 R and a1 ; b1 are not units. If both a1 or b1 can be expressed as a product
42
of irreducible elements then so can a. Without loss of generality then suppose that a1
is not a product of irreducible elements.
Since a1 ja we have the inclusion of ideals aR a1 R. If a1 R D aR then a1 2 aR
and a1 D ar D a1 b1 r which implies that b1 is a unit contrary to our assumption.
Therefore aR a1 R and the inclusion is proper. By iteration then we obtain a strictly
increasing chain of ideals
aR a1 R an R :
From our hypothesis on R this must become stationary contradicting the argument
above that the inclusion is proper. Therefore a must be a product of irreducibles.
Theorem 3.4.2. Each principal ideal domain R is a unique factorization domain.
Proof. Suppose that R is a principal ideal domain. R satises property (C) by Theorem 3.2.7(1), so to show that it is a unique factorization domain we must show that
it also satises property (A). From the previous theorem it sufces to show that each
ascending chain of principal ideals becomes stationary. Consider such an ascending
chain
a1 R a2 R an R :
Now let
I D
1
[
ai R:
i D1
Now I is an ideal in R and hence a principal ideal. Therefore I D aR for some a 2 R.

Since I is a union there exists an m such that a 2 am R. Therefore I D aR am R
and hence I D am R and ai R am R for all i m. Therefore the chain becomes
stationary and from Theorem 3.4.1 R satises property (A).
Since we showed that the integers Z are a PID we can recover the fundamental theorem of arithmetic from Theorem 3.4.2. We now present another important example of
a PID and hence a UFD. In the next chapter we will look in detail at polynomials with
coefcients in an integral domain. Below we consider polynomials with coefcients
in a eld and for the present leave out many of the details.
If F is a eld and n is a nonnegative integer, then a polynomial of degree n over F
is a formal sum of the form
P .x/ D a0 C a1 x C C an x n
with ai 2 F for i D 0; : : : ; n, an 0, and x an indeterminate. A polynomial
P .x/ over F is either a polynomial of some degree or the expression P .x/ D 0,
which is called the zero polynomial and has degree 1. We denote the degree of
P .x/ by deg P .x/. A polynomial of zero degree has the form P .x/ D a0 and is
Section 3.4 Principal Ideal Domains and Unique Factorization
43
called a constant polynomial and can be identied with the corresponding element
of F . The elements ai 2 F are called the coefcients of P .x/; an is the leading
coefcient. If an D 1, P .x/ is called a monic polynomial. Two nonzero polynomials
are equal if and only if they have the same degree and exactly the same coefcients.
A polynomial of degree 1 is called a linear polynomial while one of degree two is a
quadratic polynomial.
We denote by F x the set of all polynomials over F and we will show that F x
becomes a principal ideal domain and hence a unique factorization domain. We rst
dene addition, subtraction, and multiplication on F x by algebraic manipulation.
That is, suppose P .x/ D a0 C a1 x C C an x n ; Q.x/ D b0 C b1 x C C bm x m
then
P .x/ Q.x/ D .a0 b0 / C .a1 b1 /x C ;
that is, the coefcient of x i in P .x/ Q.x/ is ai bi , where ai D 0 for i > n and
bj D 0 for j > m. Multiplication is given by
P .x/Q.x/ D .a0 b0 /C.a1 b0 Ca0 b1 /xC.a0 b2 Ca1 b1 Ca2 b0 /x 2 C C.an bm /x nCm ;
that is, the coefcient of x i in P .x/Q.x/ is .a0 bi C a1 bi 1 C C ai b0 /.
Example 3.4.3. Let P .x/ D 3x 2 C 4x 6 and Q.x/ D 2x C 7 be in Qx. Then
P .x/ C Q.x/ D 3x 2 C 6x C 1
and
P .x/Q.x/ D .3x 2 C 4x 6/.2x C 7/ D 6x 3 C 29x 2 C 16x 42:
From the denitions the following degree relationships are clear. The proofs are in
the exercises.
Lemma 3.4.4. Let 0 P .x/; 0 Q.x/ in F x. Then:
(1) deg P .x/Q.x/ D deg P .x/ C deg Q.x/.
(2) deg.P .x/ Q.x// Max.deg P .x/; deg Q.x// if P .x/ Q.x/ 0.
We next obtain the following.
Theorem 3.4.5. If F is a eld, then F x forms an integral domain. F can be naturally embedded into F x by identifying each element of F with the corresponding
constant polynomial. The only units in F x are the nonzero elements of F .
Proof. Verication of the basic ring properties is solely computational and is left to
the exercises. Since deg P .x/Q.x/ D deg P .x/ C deg Q.x/, it follows that if neither
P .x/ 0 nor Q.x/ 0 then P .x/Q.x/ 0 and therefore F x is an integral
domain.
44
If G.x/ is a unit in F x, then there exists an H.x/ 2 F x with G.x/H.x/ D

1. From the degrees we have deg G.x/ C deg H.x/ D 0 and since deg G.x/ 0,
deg H.x/ 0. This is possible only if deg G.x/ D deg H.x/ D 0. Therefore
G.x/ 2 F .
Now that we have F x as an integral domain we proceed to show that F x is a
principal ideal domain and hence there is unique factorization into primes. We rst
repeat the denition of a prime in F x. If 0 f .x/ has no nontrivial, nonunit factors
(it cannot be factorized into polynomials of lower degree) then f .x/ is a prime in F x
or a prime polynomial. A prime polynomial is also called an irreducible polynomial.
Clearly, if deg g.x/ D 1 then g.x/ is irreducible.
The fact that F x is a principal ideal domain follows from the division algorithm
for polynomials, which is entirely analogous to the division algorithm for integers.
Lemma 3.4.6 (division algorithm in F x). If 0 f .x/, 0 g.x/ 2 F x then
there exist unique polynomials q.x/; r.x/ 2 F x such that f .x/ D q.x/g.x/ C r.x/
where r.x/ D 0 or deg r.x/ < deg g.x/. (The polynomials q.x/ and r.x/ are called
respectively the quotient and remainder.)
This theorem is essentially long division of polynomials. A formal proof is based
on induction on the degree of g.x/. We omit this but give some examples from Qx.
Example 3.4.7.
(a) Let f .x/ D 3x 4 6x 2 C 8x 6, g.x/ D 2x 2 C 4. Then
3x 4 6x 2 C 8x 6
3
D x 2 6 with remainder 8x C 18:
2
2x C 4
2
Thus here q.x/ D 32 x 2 6, r.x/ D 8x C 18.
(b) Let f .x/ D 2x 5 C 2x 4 C 6x 3 C 10x 2 C 4x, g.x/ D x 2 C x. Then
2x 5 C 2x 4 C 6x 3 C 10x 2 C 4x
D 2x 3 C 6x C 4:
x2 C x
Thus here q.x/ D 2x 3 C 6x C 4 and r.x/ D 0.
Theorem 3.4.8. Let F be a eld. Then the polynomial ring F x is a principal ideal
domain and hence a unique factorization domain.
Proof. The proof is essentially analogous to the proof in the integers. Let I be an
ideal in F x with I F x. Let f .x/ be a polynomial in I of minimal degree. We
claim that I D hf .x/i the principal ideal generated by f .x/. Let g.x/ 2 I . We must
show that g.x/ is a multiple of f .x/. By the division algorithm in F x we have
g.x/ D q.x/f .x/ C r.x/
45
Section 3.5 Euclidean Domains
where r.x/ D 0 or deg.r.x// < deg.f .x//. If r.x/ 0 then deg.r.x// < deg.f .x//.
However r.x/ D g.x/ q.x/f .x/ 2 I since I is an ideal and g.x/; f .x/ 2 I . This
is a contradiction since f .x/ was assumed to be a polynomial in I of minimal degree.
Therefore r.x/ D 0 and hence g.x/ D q.x/f .x/ is a multiple of f .x/. Therefore
each element of I is a multiple of f .x/ and hence I D hf .x/i.
Therefore F x is a principal ideal domain and from Theorem 3.4.2 a unique factorization domain.
We proved that in a principal ideal domain every ascending chain of ideals becomes
stationary. In general a ring R (commutative or not) satises the ascending chain
condition or ACC if every ascending chain of left (or right) ideals in R becomes
stationary. A ring satisfying the ACC is called a Noetherian ring.
3.5
Euclidean Domains
In analyzing the proof of unique factorization in both Z and F x, it is clear that it
depends primarily on the division algorithm. In Z the division algorithm depended
on the fact that the positive integers could be ordered and in F x on the fact that the
degrees of nonzero polynomials are nonnegative integers and hence could be ordered.
This basic idea can be generalized in the following way.
Denition 3.5.1. An integral domain D is a Euclidean domain if there exists a function N from D ? D D n 0 to the nonnegative integers such that
(1) N.r1 / N.r1 r2 / for any r1 ; r2 2 D ? .
(2) For all r1 ; r2 2 D with r1 0 there exist q; r 2 D such that
r2 D qr1 C r
where either r D 0 or N.r/ < N.r1 /.
The function N is called a Euclidean norm on D.
Therefore Euclidean domains are precisely those integral domains which allow division algorithms. In the integers Z dene N.z/ D jzj. Then N is a Euclidean norm
on Z and hence Z is a Euclidean domain. On F x dene N.p.x// D deg.p.x// if
p.x/ 0. Then N is also a Euclidean norm on F x so that F x is also a Euclidean
domain. In any Euclidean domain we can mimic the proofs of unique factorization in
both Z and F x to obtain the following:
Theorem 3.5.2. Every Euclidean domain is a principal ideal domain and hence a
unique factorization domain.
Before proving this theorem we must develop some results on the number theory
of general Euclidean domains. First some properties of the norm.
46
Lemma 3.5.3. If R is a Euclidean domain then

(a) N.1/ is minimal among N.r/ W r 2 R? .
(b) N.u/ D N.1/ if and only if u is a unit.
(c) N.a/ D N.b/ for a; b 2 R? if a; b are associates.
(d) N.a/ < N.ab/ unless b is a unit.
Proof. (a) From property (1) of Euclidean norms we have
N.1/ N.1 r/ D N.r/
for any r 2 R? :
(b) Suppose u is a unit. Then there exists u1 with u u1 D 1. Then
N.u/ N.u u1 / D N.1/:
From the minimality of N.1/ it follows that N.u/ D N.1/.
Conversely suppose N.u/ D N.1/. Apply the division algorithm to get
1 D qu C r:
If r 0 then N.r/ < N.u/ D N.1/ contradicting the minimality of N.1/. Therefore
r D 0 and 1 D qu. Then u has a multiplicative inverse and hence is a unit.
(c) Suppose a; b 2 R? are associates. Then a D ub with u a unit. Then
N.b/ N.ub/ D N.a/:
On the other hand b D u1 a so
N.a/ N.u1 a/ D N.b/:
Since N.a/ N.b/ and N.b/ N.a/ it follows that N.a/ D N.b/.
(d) Suppose N.a/ D N.ab/. Apply the division algorithm
a D q.ab/ C r
where r D 0 or N.r/ < N.ab/. If r 0 then
r D a qab D a.1 qb/ H) N.ab/ D N.a/ N.a.1 qb// D N.r/
contradicting that N.r/ < N.ab/. Hence r D 0 and a D q.ab/ D .qb/a. Then
a D .qb/a D 1 a H) qb D 1
since there are no zero divisors in an integral domain. Hence b is a unit. Since
N.a/ N.ab/ it follows that if b is not a unit we must have N.a/ < N.ab/.
47
We can now prove Theorem 3.5.2.

Proof. Let D be a Euclidean domain. We show that each ideal I D in D is
principal. Let I D be an ideal in D. If I D 0 then I D h0i and I is principal.
Therefore we may assume that there are nonzero elements in I . Hence there are
elements x 2 I with strictly positive norm. Let a be an element of I of minimal
norm. We claim that I D hai. Let b 2 I . We must show that b is a multiple of a.
Now by the division algorithm
b D qa C r
where either r D 0 or N.r/ < N.a/. As in Z and F x we have a contradiction if
r 0. In this case N.r/ < N.a/ but r D b qa 2 I since I is an ideal contradicting
the minimality of N.a/. Therefore r D 0 and b D qa and hence I D hai.
As a nal example of a Euclidean domain we consider the Gaussian integers
Zi D a C bi W a; b 2 Z:
It was rst observed by Gauss that this set permits unique factorization. To show this
we need a Euclidean norm on Zi.
Denition 3.5.4. If z D a C bi 2 Zi then its norm N.z/ is dened by
N.a C bi / D a2 C b 2 :
The basic properties of this norm follow directly from the denition (see exercises).
Lemma 3.5.5. If ; 2 Zi then:
(1) N./ is an integer for all 2 Zi.
(2) N./ 0 for all 2 Zi.
(3) N./ D 0 if and only if D 0.
(4) N./ 1 for all 0.
(5) N./ D N./N./, that is the norm is multiplicative.
From the multiplicativity of the norm we have the following concerning primes and
units in Zi.
Lemma 3.5.6.
(1) u 2 Zi is a unit if and only if N.u/ D 1.
(2) If 2 Zi and N./ D p where p is an ordinary prime in Z then is a prime

in Zi.
48
Proof. Certainly u is a unit if and only if N.u/ D N.1/. But in Zi we have N.1/ D 1
so the rst part follows.
Suppose next that 2 Zi with N./ D p for some p 2 Z. Suppose that
D 1 2 . From the multiplicativity of the norm we have
N./ D p D N.1 /N.2 /:
Since each norm is a positive ordinary integer and p is a prime it follows that either
N.1 / D 1 or N.2 / D 1. Hence either 1 or 2 is a unit. Therefore is a prime in
Zi.
Armed with this norm we can show that Zi is a Euclidean domain.
Theorem 3.5.7. The Gaussian integers Zi form a Euclidean domain.
Proof. That Zi forms a commutative ring with an identity can be veried directly
and easily. If D 0 then N./N./ D 0 and since there are no zero divisors in
Z we must have N./ D 0 or N./ D 0. But then either D 0 or D 0 and
hence Zi is an integral domain. To complete the proof we show that the norm N is
a Euclidean norm.
From the multiplicativity of the norm we have if ; 0
N./ D N./N./ N./
since N./ 1:
Therefore property (1) of Euclidean norms is satised. We must now show that the
division algorithm holds.
Let D a C bi and D c C d i be Gaussian integers. Recall that for a nonzero
complex number z D x C iy its inverse is
z
x iy
1
:
D 2 D 2
z
jzj
x C y2
Therefore as a complex number
c di
D 2 D .a C bi / 2
jj
c C d2
ac C bd
ac bd
D 2
C 2
i D u C iv:
2
c Cd
c C d2
Now since a; b; c; d are integers u; v must be rationals. The set
u C iv W u; v 2 Q
is called the set of the Gaussian rationals.
49
If u; v 2 Z then u C iv 2 Zi, D q with q D u C iv, and we are done.

Otherwise choose ordinary integers m; n satisfying ju mj 12 and jv nj 12 and
let q D m C i n. Then q 2 Zi. Let r D q. We must show that N.r/ < N./.
Working with complex absolute value we get
jrj D j qj D jj q :
Now
2 2
q
1
1
q D j.u m/ C i.v n/j D .u m/2 C .v n/2
C
< 1:
2
2
Therefore
jrj < jj H) jrj2 < jj2 H) N.r/ < N./
completing the proof.
Since Zi forms a Euclidean domain it follows from our previous results that Zi
must be a principal ideal domain and hence a unique factorization domain.
Corollary 3.5.8. The Gaussian integers are a UFD.
Since we will now be dealing with many kinds of integers we will refer to the
ordinary integers Z as the rational integers and the ordinary primes p as the rational
primes. It is clear that Z can be embedded into Zi. However not every rational
prime is also prime in Zi. The primes in Zi are called the Gaussian primes. For
example we can show that both 1 C i and 1 i are Gaussian primes, that is primes in
Zi. However .1 C i/.1 i / D 2 so that the rational prime 2 is not a prime in Zi.
Using the multiplicativity of the Euclidean norm in Zi we can describe all the units
and primes in Zi.
Theorem 3.5.9.
(1) The only units in Zi are 1; i.
(2) Suppose is a Gaussian prime. Then is either:

(a) a positive rational prime p 3 mod 4 or an associate of such a rational
prime.
(b) 1 C i or an associate of 1 C i.
(c) a C bi or a bi where a > 0, b > 0, a is even and N./ D a 2 C b 2 D p
with p a rational prime congruent to 1 mod 4 or an associate of a C bi or
a bi .
Proof. (1) Suppose u D x C iy 2 Zi is a unit. Then from Lemma 3.5.6 we have
N.u/ D x 2 C y 2 D 1 implying that .x; y/ D .0; 1/ or .x; y/ D .1; 0/. Hence
u D 1 or u D i.
50
(2) Now suppose that is a Gaussian prime. Since N./ D and 2 Zi
it follows that jN./. N./ is a rational integer so N./ D p1 pk where the
pi s are rational primes. By Euclids lemma jpi for some pi and hence a Gaussian
prime must divide at least one rational prime. On the other hand suppose jp and jq
where p; q are different primes. Then .p; q/ D 1 and hence there exist x; y 2 Z such
that 1 D px C qy. It follows that j1 a contradiction. Therefore a Gaussian prime
divides one and only one rational prime.
Let p be the rational prime that divides. Then N./jN.p/ D p 2 . Since N./
is a rational integer it follows that N./ D p or N./ D p2 . If D a C bi then
a2 C b 2 D p or a2 C b 2 D p 2 .
If p D 2 then a2 C b 2 D 2 or a2 C b 2 D 4. It follows that D 2; 2i or
D 1 C i or an associate of 1 C i . Since .1 C i/.1 i / D 2 and neither 1 C i
nor 1 i are units it follows that neither 2 nor any of its associates are primes. Then
D 1 C i or an associate of 1 C i . To see that 1 C i is prime suppose 1 C i D .
Then N.1 C i / D 2 D N./N./. It follows that either N./ D 1 or N./ D 1 and
either or is a unit.
If p 2 then either p 3 mod 4 or p 1 mod 4. Suppose rst that p 3 mod
4. Then a2 C b 2 D p would imply from Fermats two-square theorem (see [35]) that
p 1 mod 4. Therefore from the remarks above a2 C b 2 D p 2 and N./ D N.p/.
Since jp we have D p with 2 Zi. From N./ D N.p/ we get that
N./ D 1 and is a unit. Therefore and p are associates. Hence in this case is
an associate of a rational prime congruent to 3 mod 4.
Finally suppose p 1 mod 4. From the remarks above either N./ D p or
N./ D p 2 . If N./ D p 2 then a2 C b 2 D p 2 . Since p 1 mod 4 from Fermats
two square theorem there exist m; n 2 Z with m2 C n2 D p. Let u D m C i n then
the norm N.u/ D p. Since p is a rational prime it follows that u is a Gaussian prime.
Similarly its conjugate u is also a Gaussian prime. Now uu D p 2 D N./. Since
jN./ it follows that juu and from Euclids lemma either ju or ju. If ju they
are associates since both are primes. But this is a contradiction since N./ N.u/.
The same is true if ju.
It follows that if p 1 mod 4, then N./ p 2 . Therefore in this case N./ D
p D a2 C b 2 . An associate of has both a; b > 0 (see exercises). Further since
a2 C b 2 D p one of a or b must be even. If a is odd then b is even then i is an
associate of with a even completing the proof.
Finally we mention that the methods used in Zi cannot be applied to all quadratic
p
integers. For example we have seen that there is not unique factorization in Z 5.
Section 3.6 Overview of Integral Domains
3.6
51
Overview of Integral Domains
Here we present some additional denitions for special types of integral domains.
Denition 3.6.1. (1) A Dedekind domain D is an integral domain such that each
nonzero proper ideal A (0 A R) can be written uniquely as a product of
prime ideals
A D P1 Pr
with each Pi a prime ideal and the factorization is unique up to ordering.
(2) A Prfer ring is an integral domain such that
A .B \ C / D AB \ AC
for all ideals A; B; C in R.
Dedekind domains arise naturally in algebraic number theory. It can be proved that
the rings of algebraic integers in any algebraic number eld are Dedekind domains
(see [35]).
If R is a Dedekind domain it is also a Prfer Ring. If R is a Prfer ring and a unique
factorization domain then R is a principal ideal domain.
In the next chapter we will prove a theorem due to Gauss that if R is a UFD then the
polynomial ring Rx is also a UFD. If K is a eld we have already seen that Kx is
a UFD. Hence the polynomial ring in several variables Kx1 ; : : : ; xn is also a UFD.
This fact plays an important role in algebraic geometry.
3.7
Exercises
1. Let R be an integral domain and let 2 R n .U.R/ [ 0/. Show:

(i) If for each a 2 R with a there exist ; 2 R with C a D 1 then
is a prime element of R.
(ii) Give an example for a prime element in an UFD R, which does not satisfy
the conditions of (i).
2. Let R be an UFD and let a1 ; : : : ; a t be pairwise coprime elements of R. If a1 a t
is an m-th power (m 2 N), then all factors ai are an associate of an m-th power. Is
each ai necessarily an m-th power?
p
p
p
3, Z 5 and Z 7
3. Decide if the unit
pis nite or innite. For which
pgroup of Z p
a 2 Z are .1 5/ and .a C 5/ associates in Z 5?
p
p
4. Let k 2 Z andp
k x 2 for all x 2 Z. Let D a C b k and D c C d k be
elements of Z k and N./ D a2 kb 2 , N./ D c 2 kd 2 . Show:
52
(i) The equality of the absolutepvalues of N./ and N./ is necessary for the
association of and in Z k. Is this constraint also sufcient?
p
(ii) Sufcient for the irreducibility of in Z k is the irreducibility of N./ in
Z. Is this also necessary?
5. In general irreducible elements are not prime. Consider the set of complex number
given by
p
p
Show that they form a subring of C.
p
6. For an element x C iy 5 2 R dene its norm by
p
p
N.x C iy 5/ D jx C iy 5j D x 2 C 5y 2 :
Prove that the norm is multiplicative, that is N.ab/ D N.a/N.b/.
8. Prove that the set of polynomials Rx with coefcients in a ring R forms a ring.
9. Prove the basic properties of the norm of the Gaussian integers. If ; 2 Zi
then:
(i) N./ is an integer for all 2 Zi.
(ii) N./ 0 for all 2 Zi.
(iii) N./ D 0 if and only if D 0.
(iv) N./ 1 for all 0.
(v) N./ D N./N./, that is the norm is multiplicative.
Chapter 4
Polynomials and Polynomial Rings
4.1
Polynomials and Polynomial Rings
In the last chapter we saw that if K is a eld then the set of polynomials with coefcients in K, which we denoted Kx, forms a unique factorization domain. In this
chapter we take a more detailed look at polynomials over a general ring R. We then
prove that if R is a UFD then the polynomial ring Rx is also a UFD. We rst take a
formal look at polynomials.
Let R be a commutative ring with an identity. Consider the set RQ of functions f
from the nonnegative integers N D N [0 into R with only a nite number of values
nonzero. That is
RQ D f W N ! R W f .n/ 0 for only nitely many n:
On RQ we dene the following addition and multiplication
.f C g/.m/ D f .m/ C g.m/
X
f .i/g.j /:
.f g/.m/ D
i Cj Dm
If we let x D .0; 1; 0; : : :/ and identify .r; 0; : : :/ with r 2 R then

x 0 D .1; 0; : : :/ D 1 and
x i C1 D x x i :
Now if f D .r0 ; r1 ; r2 ; : : :/ then f can be written as

f D
1
X
i D0
ri x i D
m
X
ri x i
i D0
for some m 0 since ri 0 for only nitely many i. Further this presentation is
unique.
now call x an indeterminate over R and write each element of RQ as f .x/ D
PWe
m
i
Q
iD0 ri x with f .x/ D 0 or rm 0. We also now write Rx for R. Each element of
Rx is called a polynomial over R. The elements r0 ; : : : ; rm are called the coefcients
of f .x/ with rm the leading coefcient. If rm 0 the natural number m is called the
degree of f .x/ which we denote by deg f .x/. We say that f .x/ D 0 has degree
1. The uniqueness of the representation of a polynomial implies that two nonzero
54
Chapter 4 Polynomials and Polynomial Rings
polynomials are equal if and only if they have the same degree and exactly the same
coefcients. A polynomial of degree 1 is called a linear polynomial while one of
degree two is a quadratic polynomial. The set of polynomials of degree 0 together
with 0 form a ring isomorphic to R and hence can be identied with R, the constant
polynomials. Thus the ring R embeds in the set of polynomials Rx. The following
results are straightforward concerning degree.
Lemma 4.1.1. Let f .x/ 0; g.x/ 0 2 Rx. Then:
(a) deg f .x/g.x/ deg f .x/ C deg g.x/.
(b) deg.f .x/ g.x// Max.deg f .x/; deg g.x//.
If R is an integral domain then we have equality in (a).
Theorem 4.1.2. Let R be a commutative ring with an identity. Then the set of polynomials Rx forms a ring called the ring of polynomials over R. The ring R identied
with 0 and the polynomials of degree 0 naturally embeds into Rx. Rx is commutative if and only if R is commutative. Further Rx is uniquely determined by R and
x.
P
P
Proof. Set f .x/ D niD0 ri x i and g.x/ D jmD0 sj x j . The ring properties follow
directly by computation. The identication of r 2 R with the polynomial r.x/ D r
provides the embedding of R into Rx. From the denition of multiplication in Rx
if R is commutative then Rx is commutative. Conversely if Rx is commutative
then from the embedding of R into Rx it follows that R must be commutative. Note
that if R has a multiplicative identity 1 0 then this is also the multiplicative identity
of Rx.
Finally if S is a ring that contains R and 2 S then
X
i
ri W ri 2 R and ri 0 for only a nite number of i
R D
i 0
is a homomorphic image of Rx via the map

X
X
ri x i 7!
ri i :
i 0
i 0
Hence Rx is uniquely determined by R and x.

If R is an integral domain then irreducible polynomials are dened as irreducibles
in the ring Rx. If R is a eld then f .x/ is an irreducible polynomial if there is
no factorization f .x/ D g.x/h.x/ where g.x/ and h.x/ are polynomials of lower
degree than f .x/. Otherwise f .x/ is called reducible. In elementary mathematics
polynomials are considered as functions. We recover that idea via the concept of
evaluation.
Section 4.2 Polynomial Rings over Fields
55
Denition 4.1.3. Let f .x/ D r0 C r1 x C C rm x n be a polynomial over a commutative ring R with an identity and let c 2 R. Then the element
f .c/ D r0 C r1 c C C rn c n 2 R
is called the evaluation of f .x/ at c.
Denition 4.1.4. If f .x/ 2 Rx and f .c/ D 0 for c 2 R, then c is called a zero or a
root of f .x/ in R.
4.2
Polynomial Rings over Fields
We now restate some of the result of the last chapter for Kx where K is a eld. We
then consider some consequences of these results to zeros of polynomials.
Theorem 4.2.1. If F is a eld, then F x forms an integral domain. F can be naturally embedded into F x by identifying each element of F with the corresponding
constant polynomial. The only units in F x are the nonzero elements of F .
Proof. Verication of the basic ring properties is solely computational and is left to
the exercises. Since deg P .x/Q.x/ D deg P .x/ C deg Q.x/, it follows that if neither
P .x/ 0 nor Q.x/ 0 then P .x/Q.x/ 0 and therefore F x is an integral
domain.
If G.x/ is a unit in F x, then there exists an H.x/ 2 F x with G.x/H.x/ D 1.
From the degrees we have deg G.x/ C deg H.x/ D 0 and since deg G.x/ 0,
deg H.x/ 0. This is possible only if deg G.x/ D deg H.x/ D 0. Therefore
G.x/ 2 F .
Now that we have F x as an integral domain we proceed to show that F x is a
principal ideal domain and hence there is unique factorization into primes. We rst
repeat the denition of a prime in F x. If 0 f .x/ has no nontrivial, nonunit factors
(it cannot be factorized into polynomials of lower degree) then f .x/ is a prime in F x
or a prime polynomial. A prime polynomial is also called an irreducible polynomial
over F . Clearly, if deg g.x/ D 1 then g.x/ is irreducible.
The fact that F x is a principal ideal domain follows from the division algorithm
for polynomials, which is entirely analogous to the division algorithm for integers.
Theorem 4.2.2 (division algorithm in F x). If 0 f .x/; 0 g.x/ 2 F x then
there exist unique polynomials q.x/; r.x/ 2 F x such that f .x/ D q.x/g.x/ C r.x/
where r.x/ D 0 or deg r.x/ < deg g.x/. (The polynomials q.x/ and r.x/ are called
respectively the quotient and remainder.)
This theorem is essentially long division of polynomials. A formal proof is based
on induction on the degree of g.x/. We omit this but give some examples from Qx.
56
Example 4.2.3.
(a) Let f .x/ D 3x 4 6x 2 C 8x 6, g.x/ D 2x 2 C 4. Then
3x 4 6x 2 C 8x 6
3
D x 2 6 with remainder 8x C 18:
2
2x C 4
2
Thus here q.x/ D 32 x 2 6 and r.x/ D 8x C 18.
(b) Let f .x/ D 2x 5 C 2x 4 C 6x 3 C 10x 2 C 4x, g.x/ D x 2 C x. Then
2x 5 C 2x 4 C 6x 3 C 10x 2 C 4x
D 2x 3 C 6x C 4:
x2 C x
Thus here q.x/ D 2x 3 C 6x C 4 and r.x/ D 0.
Theorem 4.2.4. Let F be a eld. Then the polynomial ring F x is a principal ideal
domain and hence a unique factorization domain.
We now give some consequences relative to zeros of polynomials in F x.
Theorem 4.2.5. If f .x/ 2 F x and c 2 F with f .c/ D 0 then
f .x/ D .x c/h.x/;
where deg h.x/ < deg f .x/.
Proof. Divide f .x/ by x c. Then by the division algorithm we have
f .x/ D .x c/h.x/ C r.x/
where r.x/ D 0 or deg r.x/ < deg.x c/ D 1. Hence if r.x/ 0 then r.x/ is a
polynomial of degree 0, that is a constant polynomial, that is r.x/ D r for r 2 F .
Hence we have
f .x/ D .x c/h.x/ C r:
This implies that
0 D f .x/ D 0h.c/ C r D r
and therefore r D 0 and f .x/ D .x c/h.x/. Since deg.x c/ D 1 we must have
that deg h.x/ < deg f .x/.
If f .x/ D .x c/k h.x/ for some k 1 with h.c/ 0 then c is called a zero of
order k.
Theorem 4.2.6. Let f .x/ 2 F x with degree 2 or 3. Then f is irreducible if and
only if f .x/ doesnt have a zero in F .
Proof. Suppose that f .x/ is irreducible of degree 2 or 3. If f .x/ has a zero c then
from Theorem 4.2.4 we have f .x/ D .x c/h.x/ with h.x/ of degree 1 or 2. Therefore f .x/ is reducible a contradiction and hence f .x/ cannot have a zero.
Conversely from Theorem 4.2.4 if f .x/ has a zero and if of degree greater than 1
then f .x/ is reducible.
Section 4.3 Polynomial Rings over Integral Domains
4.3
57
Polynomial Rings over Integral Domains
Here we consider Rx where R is an integral domain.

Denition 4.3.1. Let R be an integral domain. Then a1 ; a2 ; : : : ; an 2 R are coprime
if the set of all common divisors of a1 ; : : : ; an consists only of units.
Notice for example that this concept depends on the ring R. For example 6 and 9
are not coprime over the integers Z since 3j6 and 3j9 and 3 is not a unit. However 6
and 9 are coprime over the rationals Q. Here 3 is a unit.
Pn
i
Denition 4.3.2. Let f .x/ D
i D1 ri x 2 Rx where R is an integral domain.
Then f .x/ is a primitive polynomial or just primitive if r0 ; r1 ; : : : ; rn are coprime
in R.
Theorem 4.3.3. Let R be an integral domain. Then
(a) The units of Rx are the units of R.
(b) If p is a prime element of R then p is a prime element of Rx.
Proof. If r 2 R is a unit then since R embeds into Rx it follows that r is also a unit
in Rx. Conversely suppose that h.x/ 2 Rx is a unit. Then there is a g.x/ such
that h.x/g.x/ D 1. Hence deg f .x/ C deg g.x/ D deg 1 D 0. Since degrees are
nonnegative integers it follows that deg f .x/ D deg g.x/ D 0 and hence f .x/ 2 R.
Now suppose that p is a prime element of R. Then p 0 and pR is a prime ideal
in R. We must show that pRx is a prime ideal in Rx. Consider the map
W Rx ! .R=pR/x given by
X
X
n
n
i
ri x D
.ri C pR/x i :

i D0
i D0
Then is an epimorphism with kernel pRx. Since pR is a prime ideal we know that
R=pR is an integral domain. It follows that .R=pR/x is also an integral domain.
Hence pRx must be a prime ideal in Rx and therefore p is also a prime element
of Rx.
Recall that each integral domain R can be embedded into a unique eld of fractions K. We can use results on Kx to deduce some results in Rx.
Lemma 4.3.4. If K is a eld then each nonzero f .x/ 2 Kx is a primitive.
Proof. Since K is a eld each nonzero element of K is a unit. Therefore the only
common divisors of the coefcients of f .x/ are units and hence f .x/ 2 Kx is
primitive.
58
Theorem 4.3.5. Let R be an integral domain. Then each irreducible f .x/ 2 Rx of
degree > 0 is primitive.
Proof. Let f .x/ be an irreducible polynomial in Rx and let r 2 R be a common
divisor of the coefcients of f .x/. Then f .x/ D rg.x/ where g.x/ 2 Rx. Then
deg f .x/ D deg g.x/ > 0 so g.x/ R. Since the units of Rx are the units of R it
follows that g.x/ is not a unit in Rx. Since f .x/ is irreducible it follows that r must
be a unit in Rx and hence r is a unit in R. Therefore f .x/ is primitive.
Theorem 4.3.6. Let R be an integral domain and K its eld of fractions. If f .x/ 2
Rx is primitive and irreducible in Kx then f .x/ is irreducible in Rx.
Proof. Suppose that f .x/ 2 Rx is primitive and irreducible in Kx and suppose
that f .x/ D g.x/h.x/ where g.x/; h.x/ 2 Rx Kx. Since f .x/ is irreducible
in Kx either g.x/ or h.x/ must be a unit in Kx. Without loss of generality suppose
that g.x/ is a unit in Kx. Then g.x/ D g 2 K. But g.x/ 2 Rx and K \Rx D R.
Hence g 2 R. Then g is a divisor of the coefcients of f .x/ and as f .x/ is primitive g.x/ must be a unit in R and therefore also a unit in Rx. Therefore f .x/ is
irreducible in Rx.
4.4
Polynomial Rings over Unique Factorization Domains
In this section we prove that if R is a UFD then the polynomial ring Rx is also a
UFD. We rst need the following due to Gauss.
Theorem 4.4.1 (Gauss lemma). Let R be a UFD and f .x/; g.x/ primitive polynomials in Rx. Then their product f .x/g.x/ is also primitive.
Proof. Let R be a UFD and f .x/; g.x/ primitive polynomials in Rx. Suppose that
f .x/g.x/ is not primitive. Then there is a prime element p 2 R that divides each
of the coefcients of f .x/g.x/. Then pjf .x/g.x/. Since prime elements of R are
also prime elements of Rx it follows that p is also a prime element of Rx and
hence pjf .x/ or pjg.x/. Therefore either f .x/ or g.x/ is not primitive giving a
contradiction.
Theorem 4.4.2. Let R be a UFD and K its eld of fractions.
(a) If g.x/ 2 Kx is nonzero then there is a nonzero a 2 K such that ag.x/ 2 Rx
is primitive.
(b) Let f .x/; g.x/ 2 Rx with g.x/ primitive and f .x/ D ag.x/ for some a 2 K.
Then a 2 R.
(c) If f .x/ 2 Rx is nonzero then there is a b 2 R and a primitive g.x/ 2 Rx
such that f .x/ D bg.x/.
Section 4.4 Polynomial Rings over Unique Factorization Domains
59
Pn
ri
i
Proof. (a) Suppose that g.x/ D
i D0 ai x with ai D si , ri ; si 2 R. Set s D
s0 s1 sn . Then sg.x/ is a nonzero element of Rx. Let d be a greatest common
divisor of the coefcients of sg.x/. If we set a D ds then ag.x/ is primitive.
(b) For a 2 K there are coprime r; s 2 R satisfying a D rs . Suppose that a R.
Then there is a prime element p 2 R dividing s. Since g.x/ is primitive p does not
divide all the coefcients of g.x/. However we also have f .x/ D ag.x/ D rs g.x/.
Hence sf .x/ D rg.x/ where pjs and p doesnt divide r. Therefore p divides all the
coefcients of g.x/ and hence a 2 R.
(c) From part (a) there is a nonzero a 2 K such that af .x/ is primitive in Rx.
Then f .x/ D a1 .af .x//. From part (b) we must have a1 2 R. Set g.x/ D af .x/
and b D a1 .
Theorem 4.4.3. Let R be a UFD and K its eld of fractions. Let f .x/ 2 Rx be a
polynomial of degree 1.
(a) If f .x/ is primitive and f .x/jg.x/ in Kx then f .x/ divides g.x/ also in Rx.
(b) If f .x/ is irreducible in Rx then it is also irreducible in Kx.
(c) If f .x/ is primitive and a prime element of Kx then f .x/ is also a prime
element of Rx.
Proof. (a) Suppose that g.x/ D f .x/h.x/ with h.x/ 2 Kx. From Theorem 4.4.2
part (a) there is a nonzero a 2 K such that h1 .x/ D ah.x/ is primitive in Rx.
Hence g.x/ D a1 .f .x/h1 .x/. From Gauss lemma f .x/h1 .x/ is primitive in Rx
and therefore from Theorem 4.4.2 part (b) we have a1 2 R. It follows that f .x/jg.x/
in Rx.
(b) Suppose that g.x/ 2 Kx is a factor of f .x/. From Theorem 4.4.2 part (a)
there is a nonzero a 2 K with g1 .x/ D ag.x/ primitive in Rx. Since a is a unit in
K it follows that
g.x/jf .x/ in Kx
implies
g1 .x/jf .x/ in Kx
and hence since g1 .x/ is primitive

g1 .x/jf .x/ in Rx:
However by assumption f .x/ is irreducible in Rx. This implies that either g1 .x/ is
a unit in R or g1 .x/ is an associate of f .x/.
If g1 .x/ is a unit then g1 2 K and g1 D ga and hence g 2 K, that is g D g.x/ is
a unit.
If g1 .x/ is an associate of f .x/ then f .x/ D bg.x/ where b 2 K since g1 .x/ D
ag.x/ with a 2 K. Combining these it follows that f .x/ has only trivial factors in
Kx and since by assumption f .x/ is nonconstant it follows that f .x/ is irreducible
in Kx.
60
(c) Suppose that f .x/jg.x/h.x/ with g.x/; h.x/ 2 Rx. Since f .x/ is a prime
element in Kx we have that f .x/jg.x/ or f .x/jh.x/ in Kx. From part (a) we have
f .x/jg.x/ or f .x/jh.x/ in Rx implying that f .x/ is a prime element in Rx.
We can now state and prove our main result.
Theorem 4.4.4 (Gauss). Let R be a UFD. Then the polynomial ring Rx is also a
UFD
Proof. By induction on degree we show that each nonunit f .x/ 2 Rx; f .x/ 0, is
a product of prime elements. Since R is an integral domain so is Rx, and so the fact
that Rx is a UFD then follows from Theorem 3.3.3.
If deg f .x/ D 0 then f .x/ D f is a nonunit in R. Since R is a UFD f is a product
of prime elements in R. However from Theorem 4.3.3 each prime factor is then also
prime in Rx. Therefore f .x/ is a product of prime elements.
Now suppose n > 0 and that the claim is true for all polynomials f .x/ of degree
< n. Let f .x/ be a polynomial of degree n > 0. From Theorem 4.4.2 (c) there is an
a 2 R and a primitive h.x/ 2 Rx satisfying f .x/ D ah.x/. Since R is a UFD the
element a is a product of prime elements in R or a is a unit in R. Since the units in
Rx are the units in R and a prime element in R is also a prime element in Rx it
follows that a is a product of prime elements in Rx or a is a unit in Rx. Let K
be the eld of fractions of R. Then Kx is a UFD. Hence h.x/ is a product of prime
elements of Kx. Let p.x/ 2 Kx be a prime divisor of h.x/. From Theorem 4.4.2
we can assume by multiplication of eld elements that p.x/ 2 Rx and p.x/ is
primitive. From Theorem 4.4.2 (c) it follows that p.x/ is a prime element of Rx and
further from Theorem 4.4.3 (a) that p.x/ is a divisor of h.x/ in Rx. Therefore
f .x/ D ah.x/ D ap.x/g.x/ 2 Rx
where
(1) a is a product of prime elements of Rx or a is a unit in Rx,
(2) deg p.x/ > 0, since p.x/ is a prime element in Kx,
(3) p.x/ is a prime element in Rx, and
(4) deg g.x/ < deg f .x/ since deg p.x/ > 0.
By our inductive hypothesis we have then that g.x/ is a product of prime elements
in Rx or g.x/ is a unit in Rx. Therefore the claim holds for f .x/ and therefore
holds for all f .x/ by induction.
If Rx is a polynomial ring over R we can form a polynomial ring in a new indeterminate y over this ring to form .Rx/y. It is straightforward that .Rx/y is
isomorphic to .Ry/x. We denote both of these rings by Rx; y and consider this
as the ring of polynomials in two commuting variables x; y with coefcients in R.
61
If R is a UFD then from Theorem 4.4.4 Rx is also a UFD and hence Rx; y
is also a UFD. Inductively then the ring of polynomials in n commuting variables
Rx1 ; x2 ; : : : ; xn is also a UFD.
Corollary 4.4.5. If R is a UFD then the polynomial ring in n commuting variables
Rx1 ; : : : ; xn is also a UFD.
We now give a condition for a polynomial in Rx to have a zero in Kx where K
is the eld of fractions of R.
Theorem 4.4.6. Let R be a UFD and K its eld of fractions. Let f .x/ D x n C
rn1 x n1 C C r0 2 Rx. Suppose that 2 K is a zero of f .x/. Then is in R
and is a divisor of r0 .
Proof. Let D
r
s
where s 0 and r; s 2 R and r; s are coprime. Now

f

r n1
rn
r
D 0 D n C rn1 n1 C C r0 :
s
s
s
Hence it follows that s must divide r n . Since r and s are coprime s must be a unit and
then without loss of generality we may assume that s D 1. Then 2 R and
r.r n1 C C a1 / D a0
and so rja0 .
Note that since Z is a UFD, Gauss theorem implies that Zx is also a UFD. However Zx is not a principal ideal domain. For example the set of integral polynomials
with even constant term is an ideal but not principal. We leave the verication to the
exercises. On the other hand we saw that if K is a eld Kx is a PID. The question
arises as to when Rx actually is a principal ideal domain. It turns out to be precisely
when R is a eld.
Theorem 4.4.7. Let R be a commutative ring with an identity. Then the following are
equivalent:
(1) R is a eld.
(2) Rx is Euclidean.
(3) Rx is a principal ideal domain.
Proof. From Section 4.2 we know that (a) implies (b) which in turn implies (c).
Therefore we must show that (c) implies (a). Assume then that Rx is a principal
ideal domain. Dene the map
W Rx ! R
62
by
.f .x// D f .0/:
It is easy to see that is a ring homomorphism with Rx= ker. / R. Therefore
ker. / Rx. Since Rx is a principal ideal domain it is an integral domain. It
follows that ker. / must be a prime ideal since the quotient ring is an integral domain.
However since Rx is a principal ideal domain prime ideals are maximal ideals and
hence ker. / is a maximal ideal. Therefore R Rx= ker. / is a eld.
We now consider the relationship between irreducibles in Rx for a general integral
domain and irreducibles in Kx where K is its eld of fractions. This is handled by
the next result called Eisensteins criterion.
Theorem 4.4.8 (Eisensteins
Let R be an integral domain and K its eld
Pcriterion).
n
i 2 Rx of degree n > 0. Let p be a prime
a
x
of fractions. Let f .x/ D
i D0 i
element of R satisfying
(1) pjai for i D 0; : : : ; n 1.
(2) p does not divide an .
(3) p 2 does not divide a0 .
Then:
(a) If f .x/ is primitive then f .x/ is irreducible in Rx.
(b) Suppose that R is a UFD. Then f .x/ is also irreducible in Kx.
Proof. (a) Suppose that f .x/ D g.x/h.x/ with g.x/; h.x/ 2 Rx. Suppose that
g.x/ D
k
X
bi x i ;
bk 0 and
h.x/ D
i D1
l
X
cj x j ;
cl 0:
i D1
Then a0 D b0 c0 . Now pja0 but p 2 does not divide a0 . This implies that either p
doesnt divide b0 or p doesnt divide c0 . Without loss of generality assume that pjb0
and p doesnt divide c0 .
Since an D bk cl and p does not divide an it follows that p does not divide bk . Let
bj be the rst coefcient of g.x/ which is not divisible by p. Consider
aj D bj c0 C C b0 cj
where everything after the rst term is divisible by p. Since p does not divide both
bj and c0 it follows that p does not divide bj c0 and therefore p does not divide aj
which implies that j D n. Then from j k n it follows that k D n. Therefore
deg g.x/ D deg f .x/ and hence deg h.x/ D 0. Thus h 2 R. Then from f .x/ D
hg.x/ with f primitive it follows that h is a unit and therefore f .x/ is irreducible.
63
(b) Suppose that f .x/ D g.x/h.x/ with g.x/; h.x/ 2 Rx. The fact that f .x/
was primitive was only used in the nal part of part (a) so by the same arguments as in
part (a) we may assume without loss of generality that h 2 R K. Therefore f .x/
is irreducible in Kx.
We give some examples.
Example 4.4.9. Let R D Z and p a prime number. Suppose that n; m are integers
such that n 1 and p does not divide m. Then x n pm is irreducible in Zx and
1
Qx. In particular .pm/ n is irrational.
Example 4.4.10. Let R D Z and p a prime number. Consider the polynomial
p .x/ D
xp 1
D x p1 D x p2 C C 1:
x1
Since all the coefcients of p .x/ are equal to 1, Eisensteins criterion is not directly
applicable. However the fact that p .x/ is irreducible implies that for any integer a
the polynomial p .x C a/ is also irreducible in Zx. It follows that

p
x p C p1 x p1 C C p1
x C 1p 1
.x C 1/p 1
D
p .x C 1/ D
.x C 1/ 1
x
!
!
p p1
p
D x p1 C
x
C C
:
1
p1
p

D p is not
Now pj pi for 1 i p 1 (see exercises) and moreover p1
2
divisible by p . Therefore we can apply the Eisenstein criterion to conclude that
p .x/ is irreducible in Zx and Qx.
P
Theorem 4.4.11. Let R be a UFD and K its eld of fractions. Let f .x/ D niD0 ai x i
2 Rx be a polynomial of degree 1. Let P be a prime ideal in R with an P . Let
R D R=P and let W Rx ! Rx be dened by
X
m
i D0

ri x
m
X
.ri C P /x i :
i D0
is an epimorphism. Then if .f .x// is irreducible in Rx then f .x/ is irreducible

in Kx.
Proof. By Theorem 4.4.3 there is an a 2 R and a primitive g.x/ 2 Rx satisfying
f .x/ D ag.x/. Since an P we have that .a/ 0 and further the highest
coefcient of g.x/ is also not an element of P . If .g.x// is reducible then .f .x//
is also reducible. Thus .g.x// is irreducible. However from Theorem 4.4.4 g.x/ is
64
irreducible in Kx so f .x/ D ag.x/ is also irreducible in Kx. Therefore to prove

the theorem it sufces to consider the case where f .x/ is primitive in Rx.
Now suppose that f .x/ is primitive. We show that f .x/ is irreducible in Rx.
Suppose that f .x/ D g.x/h.x/, g.x/; h.x/ 2 Rx with f .x/; g.x/ nonunits in
Rx. Since f .x/ is primitive g; h R and so deg g.x/ < deg f .x/ and deg h.x/ <
deg f .x/.
Now we have .f .x// D .g.x//.h.x//. Since P is a prime ideal R=P is an
integral domain and so in Rx we have
deg .g.x// C deg .g.x// D deg .f .x// D deg f .x/
since an P . Since R is a UFD it has no zero divisors and so
deg f .x/ D deg g.x/ C deg h.x/:
Now
deg .g.x// deg g.x/
deg .h.x// deg h.x/:
Therefore deg .g.x// D deg g.x/ and deg .h.x// D deg h.x/. Therefore .f .x//
is reducible and we have a contradiction.
It is important to note that .f .x// being reducible does not imply that f .x/ is
reducible. For example f .x/ D x 2 C 1 is irreducible in Zx. However in Z2 x we
have
x 2 C 1 D .x C 1/2
and hence f .x/ is reducible in Z2 x.
Example 4.4.12. Let f .x/ D x 5 x 2 C 1 2 Zx. Choose P D 2Z so that
.f .x// D x 5 C x 2 C 1 2 Z2 x:
Suppose that in Z2 x we have .f .x// D g.x/h.x/. Without loss of generality we
may assume that g.x/ is of degree 1 or 2.
If deg g.x/ D 1 then .f .x// has a zero c in Z2 x. The two possibilities for c are
c D 0 or c D 1. Then
If c D 0 then 0 C 0 C 1 D 1 0:
If c D 1 then 1 C 1 C 1 D 1 0:
Hence the degree of g.x/ cannot be 1.
65
Suppose deg g.x/ D 2. The polynomials of degree 2 over Z2 x have the form
x 2 C x C 1;
x 2 C x;
x 2 C 1;
x2:
The last three, x 2 Cx; x 2 C1; x 2 all have zeros in Z2 x so they cant divide .f .x//.
Therefore g.x/ must be x 2 C x C 1. Applying the division algorithm we obtain
.f .x// D .x 3 C x 2 /.x 2 C x C 1/ C 1
and therefore x 2 CxC1 does not divide .f .x//. It follows that .f .x// is irreducible
and from the previous theorem f .x/ must be irreducible in Qx.
4.5
Exercises
1. For which a; b 2 Z does the polynomial x 2 C 3x C 1 divide the polynomial

x 3 C x 2 C ax C b?
2. Let a C bi 2 C be a zero of f .x/ 2 Rx. Show that also a i b is a zero of f .x/.
3. Determine all irreducible polynomials over R. Factorize f .x/ 2 Rx in irreducible polynomials.
4. Let R be an integral domain, A G R an ideal and f 2 Rx a monic
P polynomial.
N
Dene
f 2 Rx=Ax by the mapping Rx ! R=Ax, f D
ai x i 7! fN D
P
i
N
aNi x , where aN WD a C A. Show: If f 2 R=Ax is irreducible then also
f 2 Rx is irreducible.
5. Decide if the following polynomials f 2 Rx are irreducible:
(i) f .x/ D x 3 C 2x 2 C 3, R D Z.
(ii) f .x/ D x 5 2x C 1, R D Q.
(iii) f .x/ D 3x 4 C 7x 2 C 14x C 7, R D Q.
(iv) f .x/ D x 7 C .3 i /x 2 C .3 C 4i /x C 4 C 2i , R D Zi.
(v) f .x/ D x 4 C 3x 3 C 2x 2 C 3x C 4, R D Q.
(vi) f .x/ D 8x 3 4x 2 C 2x 1, R D Z.
6. Let R be an integral domain with characteristic 0, let k 1 and 2 R. In Rx
dene the derivatives f .k/ .x/, k D 0; 1; 2; : : : , of a polynomial f .x/ 2 Rx by
f 0 .x/ WD f .x/;
0
f .k/ .x/ WD f .k1/ .x/:

Show that is a zero of order k of the polynomial f .x/ 2 Rx, if f .k1/ ./ D 0,
but f .k/ ./ 0.
7. Prove that the set of integral polynomials with even constant term is an ideal but
not principal.

8. Prove that pj pi for 1 i p 1.
Chapter 5
Field Extensions
5.1
Extension Fields and Finite Extensions
Much of algebra in general arose from the theory of equations, specically polynomial
equations. As discovered by Galois and Abel the solutions of polynomial equations
over elds is intimately tied to the theory of eld extensions. This theory eventually
blossoms into Galois Theory. In this chapter we discuss the basic material concerning
eld extensions.
Recall that if L is a eld and K L is also a eld under the same operations as L
then K is called a subeld of L. If we view this situation from the viewpoint of K we
say that L is an extension eld or eld extension of K. If K; L are elds with K L
we always assume that K is a subeld of L.
Denition 5.1.1. If K; L are elds with K L then we say that L is a eld extension
or extension eld of K. We denote this by LjK.
Note that this is equivalent to having a eld monomorphism
i WK!L
and then identifying K and i.K/.
As examples we have that R is an extension eld of Q and C is an extension eld
of both C and Q. If K is any eld then the ring of polynomials Kx over K is an
integral domain. Let K.x/ be the eld of fractions of Kx. This is called the eld of
rational functions over K. Since K can be considered as part of Kx it follows that
K K.x/ and hence K.x/ is an extension eld of K.
A crucial concept is that of the degree of a eld extension. Recall that a vector space
V over a eld F consists of an abelian group V together with scalar multiplication
from F satisfying:
(1) f v 2 V if f 2 F , v 2 V .
(2) f .u C v/ D f u C f v for f 2 F , u; v 2 V .
(3) .f C g/v D f v C gv for f; g 2 F , v 2 V .
(4) .fg/v D f .gv/ for f; g 2 F , v 2 V .
(5) 1v D v for v 2 V .
67
Section 5.1 Extension Fields and Finite Extensions
Notice that if K is a subeld of L then multiplication of elements of L by elements

of K are still in L. Since L is an abelian group under addition, L can be considered
as a vector space over K. Thus any extension eld is a vector space over any of its
subelds. Using this we dene the degree jL W Kj of an extension K L as the
dimension dimK .L/ of L as a vector space over K. We call L a nite extension of K
if jL W Kj < 1.
Denition 5.1.2. If L is an extension eld of K then the degree of the extension LjK
is dened as the dimension, dimK .L/, of L, as a vector space over K. We denote the
degree by jL W Kj. The eld extension LjK is a nite extension if the degree jL W Kj
is nite.
Lemma 5.1.3. jC W Rj D 2 but jR W Qj D 1.
Proof. Every complex number can be written uniquely as a C i b where a; b 2 R.
Hence the elements 1; i constitute a basis for C over R and therefore the dimension
is 2, that is jC W Rj D 2.
The fact that jR W Qj D 1 depends on the existence of transcendental numbers.
An element r 2 R is algebraic (over Q) if it satises some nonzero polynomial with
coefcients from Q. That is, P .r/ D 0, where
0 P .x/ D a0 C a1 x C C an x n
with ai 2 Q:
Any q 2 Q is algebraic since if P .x/ D p

x q then P .q/ D 0. However, many
p
irrationals are also algebraic. For example 2 is algebraic since x 2 2 D 0 has 2
as a root. An element r 2 R is transcendental if it is not algebraic.
In general it is very difcult to show that a particular element is transcendental.
However there are uncountably many transcendental elements (see exercises). Specic examples are e and . We will give a proof of their transcendence later in this
book.
Since e is transcendental, for any natural number n the set of vectors 1; e;
e 2 ; : : : ; e n must be independent over Q, for otherwise there would be a polynomial
that e would satisfy. Therefore, we have innitely many independent vectors in R
over Q which would be impossible if R had nite degree over Q.
Lemma 5.1.4. If K is any eld then jK.x/ W Kj D 1.
Proof. For any n the elements 1; x; x 2 ; : : : ; x n are independent over K. Therefore as
in the proof of Lemma 5.1.3 K.x/ must be innite dimensional over K.
If LjK and L1 jK1 are eld extensions then they are isomorphic eld extensions if
there exists a eld isomorphism f W L ! L1 such that fjK is an isomorphism from
K to K1 .
Suppose that K L M are elds. Below we show that the degrees multiply. In
this situation where K L M we call L an intermediate eld.
68
Chapter 5 Field Extensions
Theorem 5.1.5. Let K; L; M be elds with K L M . Then

jM W Kj D jM W LjjL W Kj:
Note that jM W Kj D 1 if and only if either jM W Lj D 1 or jL W Kj D 1.
Proof. Let xi W i 2 I be a basis for L as a vector space over K and let yj W j 2 J
be a basis for M as a vector space over L. To prove the result it is sufcient to show
that the set
B D xi yj W i 2 I; j 2 J
is a basis for M as a vector space over K. To show this we must show that B is a
linearly independent set over K and that B spans M .
Suppose that
X
kij xi yj D 0 where kij 2 K:
i;j
We can then write this sum as

XX
j

kij xi yj D 0:
P
But i kij xi 2 L. Since yj W j 2 JP
is a basis for M over L the yj are independent
over L and hence for each j we get, i kij xi D 0. Now since xi W i 2 I is a basis
for LP
over K it follows that the xi are linearly independent and since for each j we
have i kij xi D 0 it must be that kij D 0 for all i and for all j . Therefore the set B
is linearly independent over K.
Now suppose that m 2 M . Then since yj W j 2 J spans M over L we have
mD
cj yj
with cj 2 L:
However xi W i 2 I spans L over K and so for each cj we have

cj D
kij xi
with kij 2 K:
Combining these two sums we have

mD
kij xi yj
ij
and hence B spans M over K. Therefore B is a basis for M over K and the result is
proved.
69
Section 5.2 Finite and Algebraic Extensions
Corollary 5.1.6. (a) If jL W Kj is a prime number then there exists no proper intermediate eld between L and K.
(b) If K L and jL W Kj D 1 then L D K.
Let LjK be a eld extension and suppose that A L. Then certainly there are
subrings of L containing both A and K, for example L. We denote by KA the
intersection of all subrings of L containing both K and A. Since the intersection of
subrings is a subring it follows that KA is a subring containing both K and A and
the smallest such subring. We call KA the ring adjunction of A to K.
In an analogous manner we let K.A/ be the intersection of all subelds of L containing both K and A. This is then a subeld of L and the smallest subeld of L
containing both K and A. The subeld K.A/ is called the eld adjunction of A to K.
Clearly KA K.A/. If A D a1 ; : : : ; an then we write
KA D Ka1 ; : : : ; an and
K.A/ D K.a1 ; : : : ; an /:
Denition 5.1.7. The eld extension LjK is nitely generated if there exist a1 ; : : : ;
an 2 L such that K D K.a1 ; : : : ; an /. The extension LjK is a simple extension if
there is an a 2 L with L D K.a/. In this case a is called a primitive element of LjK.
Later we will look at an alternative way to view the adjunction constructions in
terms of polynomials.
5.2
Finite and Algebraic Extensions
We now turn to the relationship between eld extensions and the solution of polynomial equations.
Denition 5.2.1. Let LjK be a eld extension. An element a 2 L is algebraic over
K if there exists a polynomial p.x/ 2 Kx with p.a/ D 0. L is an algebraic
extension of K if each element of L is algebraic over K. An element a 2 L that is
not algebraic over K is called transcendental. L is a transcendental extension if there
are transcendental elements, that is they are not algebraic over K.
For the remainder of this section we assume that LjK is a eld extension.
Lemma 5.2.2. Each element of K is algebraic over K.
Proof. Let k 2 K. Then k is a root of the polynomial p.x/ D x k 2 Kx.
70
We tie now algebraic extensions to nite extensions.

Theorem 5.2.3. If LjK is a nite extension then LjK is an algebraic extension.
Proof. Suppose that LjK is a nite extension and a 2 L. We must show that a is
algebraic over K. Suppose that jL W Kj D n < 1 then dimK .L/ D n. It follows that
any n C 1 elements of L are linearly dependent over K.
Now consider the elements 1; a; a 2 ; : : : ; an in L. These are n C 1 distinct elements
in L so they are dependent over K. Hence there exist c0 ; : : : ; cn 2 K not all zero such
that
c0 C c1 a C C cn an D 0:
Let p.x/ D c0 C c1 x C C cn x n . Then p.x/ 2 Kx and p.a/ D 0. Therefore a
is algebraic over K. Since a was arbitrary it follows that L is an algebraic extension
of K.
From the previous theorem it follows that every nite extension is algebraic. The
converse is not true, that is there are algebraic extensions that are not nite. We will
give examples in Section 5.4.
The following lemma gives some examples of algebraic and transcendental extensions.
Lemma 5.2.4. CjR is algebraic but RjQ and CjQ are transcendental. If K is any
eld then K.x/jK is transcendental.
Proof. Since 1; i constitute a basis for C over R we have jC W Rj D 2. Hence C is a
nite extension of R and therefore from Theorem 5.2.3 an algebraic extension. More
directly if D a C i b 2 C then is a zero of x 2 2ax C .a2 C b 2 / 2 Rx.
The existence of transcendental numbers (we will discuss these more fully in Section 5.5) shows that both RjQ and CjQ are transcendental extensions.
Finally the element x 2 K.x/ is not a zero of any polynomial in Kx. Therefore
x is a transcendental element so the extension K.x/jK is transcendental.
5.3
Minimal Polynomials and Simple Extensions
If LjK is a eld extension and a 2 L is algebraic over K then p.a/ D 0 for some
polynomial p.x/ 2 Kx. In this section we consider the smallest such polynomial
and tie it to a simple extension of K.
Denition 5.3.1. Suppose that LjK is a eld extension and a 2 L is algebraic over K.
The polynomial ma .x/ 2 Kx is the minimal polynomial of a over K if
Section 5.3 Minimal Polynomials and Simple Extensions
71
(1) ma .x/ has leading coefcient 1, that is, it is a monic polynomial.

(2) ma .a/ D 0.
(3) If f .x/ 2 Kx with f .a/ D 0 then ma .x/jf .x/.
Hence ma .x/ is the monic polynomial of minimal degree that has a as a zero.
We prove next that every algebraic element has such a minimal polynomial.
Theorem 5.3.2. Suppose that LjK is a eld extension and a 2 L is algebraic over K.
Then
(1) The minimal polynomial ma .x/ 2 Kx exists and is irreducible over K.
(2) Ka K.a/ Kx=.ma .x// where .ma .x// is the principal ideal in Kx
generated by ma .x/.
(3) jK.a/ W Kj D deg.ma .x//. Therefore K.a/jK is a nite extension.
Proof. (1) Suppose that a 2 L is algebraic over K. Let
I D f .x/ 2 Kx W f .a/ D 0:
Since a is algebraic I ;. It is straightforward to show (see exercises) that I is an
ideal in Kx. Since K is a eld we have that Kx is a principal ideal domain. Hence
there exists g.x/ 2 Kx with I D .g.x//. Let b be the leading coefcient of g.x/.
Then ma .x/ D b 1 g.x/ is a monic polynomial. We claim that ma .x/ is the minimal
polynomial of a and that ma .x/ is irreducible.
First it is clear that I D .g.x// D .ma .x//. If f .x/ 2 Kx with f .a/ D 0 then
f .x/ D h.x/ma .x/ for some h.x/. Therefore ma .x/ divides any polynomial that has
a as a zero. It follows that ma .x/ is the minimal polynomial.
Suppose that ma .x/ D g1 .x/g2 .x/. Then since ma .a/ D 0 it follows that either
g1 .a/ D 0 or g2 .a/ D 0. Suppose g1 .a/ D 0. Then from above ma .x/jg1 .x/
and since g1 .x/jma .x/ we must then have that g2 .x/ is a unit. Therefore ma .x/ is
irreducible.
(2) Consider the map W Kx ! Ka given by
X
X
i
ki x D
ki a i :

i
Then is a ring epimorphism (see exercises) and

ker. / D f .x/ 2 Kx W f .a/ D 0 D .ma .x//
from the argument in the proof of part (1). It follows that
Kx=.ma .x// Ka:
72
Since ma .x/ is irreducible we have Kx=.ma .x// is a eld and therefore Ka D
K.a/.
(3) Let n D deg.ma .x//. We claim that the elements 1; a; : : : ; an1 are a basis for
Ka D K.a/ over K. First suppose that
n1
X
ci a i D 0
i D1
P
i
with not all ci D 0 and ci 2 K. Then h.a/ D 0 where h.x/ D n1
i D0 ci x . But this
contradicts the fact that ma .x/ has minimal degree over all polynomials in Kx that
have a as a zero. Therefore the set 1; a; : : : ; an1 is linearly independent over K.
Now let b 2 Ka Kx=.ma .x//. Then there is a g.x/ 2 Kx with b D g.a/.
By the division algorithm
g.x/ D h.x/ma .x/ C r.x/
where r.x/ D 0 or deg.r.x// < deg.ma .x//. Now
r.a/ D g.a/ h.a/ma .a/ D g.a/ D b:
If r.x/ D 0 then b D 0. If r.x/ 0 then since deg.r.x// < n we have
r.x/ D c0 C c1 x C C cn1 x n1
with ci 2 K and some ci but not all might be zero. This implies that
b D r.a/ D c0 C c1 a C C cn1 an1
and hence b is a linear combination over K of 1; a; : : : ; an1 . Hence 1; a; : : : ; an1
spans Ka over K and hence forms a basis.
Theorem 5.3.3. Suppose that LjK is a eld extension and a 2 L is algebraic over K.
Suppose that f .x/ 2 Kx is a monic polynomial with f .a/ D 0. Then f .x/ is the
minimal polynomial if and only if f .x/ is irreducible in Kx.
Proof. Suppose that f .x/ is the minimal polynomial of a. Then f .x/ is irreducible
from the previous theorem.
Conversely suppose that f .x/ is monic, irreducible and f .a/ D 0. From the previous theorem ma .x/jf .x/. Since f .x/ is irreducible we have f .x/ D cma .x/ with
c 2 K. However since both f .x/ and ma .x/ are monic we must have c D 1 and
f .x/ D ma .x/.
We now show that a nite extension of K is actually nitely generated over K and
further it is generated by nitely many algebraic elements.
Section 5.3 Minimal Polynomials and Simple Extensions
73
Theorem 5.3.4. Let LjK be a eld extension. Then the following are equivalent:
(1) LjK is a nite extension.
(2) LjK is an algebraic extension and there exist elements a1 ; : : : ; an 2 L such
that L D K.a1 ; : : : ; an /.
(3) There exist algebraic elements a1 ; : : : ; an 2 L such that L D K.a1 ; : : : ; an /.
Proof. (1) ) (2). We have seen in Theorem 5.2.3 that a nite extension is algebraic.
Suppose that a1 ; : : : ; an are a basis for L over K. Then clearly L D K.a1 ; : : : ; an /.
(2) ) (3). If LjK is an algebraic extension and L D K.a1 ; : : : ; an / then each ai
is algebraic over K.
(3) ) (1). Suppose that there exist algebraic elements a1 ; : : : ; an 2 L such that
L D K.a1 ; : : : ; an /. We show that LjK is a nite extension. We do this by induction
on n. If n D 1 then L D K.a/ for some algebraic element a and the result follows
from Theorem 5.3.2. Suppose now that n 2. We assume then that an extension
K.a1 ; : : : ; an1 / with a1 ; : : : ; an1 algebraic elements is a nite extension. Now
suppose that we have L D K.a1 ; : : : ; an / with a1 ; : : : ; an algebraic elements.
Then
jK.a1 ; : : : ; an / W Kj
D jK.a1 ; : : : ; an1 /.an / W K.a1 ; : : : ; an1 /jjK.a1 ; : : : ; an1 / W Kj:
The second term jK.a1 ; : : : ; an1 / W Kj is nite from the inductive hypothesis. The
rst term jK.a1 ; : : : ; an1 /.an / W K.a1 ; : : : ; an1 /j is also nite from Theorem 5.3.2
since it is a simple extension of the eld K.a1 ; : : : ; an1 / by the algebraic element
an . Therefore jK.a1 ; : : : ; an / W Kj is nite.
Theorem 5.3.5. Suppose that K is a eld and R is an integral domain with K R.
Then R can be viewed as a vector space over K. If dimK .R/ < 1 then R is a eld.
Proof. Let r0 2 R with r0 0. Dene the map from R to R given by
.r/ D rr0 :
It is easy to show (see exercises) that this is a linear transformation from R to R
considered as a vector space over K.
Suppose that .r/ D 0. Then rr0 D 0 and hence r D 0 since r0 0 and R is an
integral domain. It follows that is an injective map. Since R is a nite dimensional
vector space over K and is an injective linear transformation it follows that must
also be surjective. This implies that there exists and r1 with .r1 / D 1. Then r1 r0 D 1
and hence r0 has an inverse within R. Since r0 was an arbitrary nonzero element of
R it follows that R is a eld.
74
Theorem 5.3.6. Suppose that K L M is a chain of eld extensions. Then M jK

is algebraic if and only if M jL is algebraic and LjK is algebraic.
Proof. If M jK is algebraic then certainly M jL and LjK are algebraic.
Now suppose that M jL and LjK are algebraic. We show that M jK is algebraic.
Let a 2 M . Then since a is algebraic over L there exist b0 ; b1 ; : : : ; bn 2 L with
b0 C b1 a C C bn an D 0:
Each bi is algebraic over K and hence K.b0 ; : : : ; bn / is nite dimensional over K.
Therefore K.b0 ; : : : ; bn /.a/ D K.b0 ; : : : ; bn ; a/ is also nite dimensional over K.
Therefore K.b0 ; : : : ; bn ; a/ is a nite extension of K and hence an algebraic extension K. Since a 2 K.b0 ; : : : ; bn ; a/ it follows that a is algebraic over K and therefore
M is algebraic over K.
5.4
Algebraic Closures
As before suppose that LjK is a eld extension. Since each element of K is algebraic
over K there are certainly algebraic elements over K within L. Let AK denote the set
of all elements of L that are algebraic over K. We prove that AK is actually a subeld
of L. It is called the algebraic closure of K within L.
Theorem 5.4.1. Suppose that LjK is a eld extension and let AK denote the set of
all elements of L that are algebraic over K. Then AK is a subeld of L. AK is called
the algebraic closure of K in L.
Proof. Since K AK we have that AK ;. Let a; b 2 AK . Since a; b are both
algebraic over K from Theorem 5.3.4 we have that K.a; b/ is a nite extension of K.
Therefore K.a; b/ is an algebraic extension of K and hence each element of K.a; b/
is algebraic over K. Now a; b 2 K.a; b/, if b 0, and K.a; b/ is a eld so a b; ab
and a=b are all in K.a; b/ and hence all algebraic over K. Therefore a b; ab; a=b,
if b 0, are all in AK . It follows that AK is a subeld of L.
In Section 5.2 we showed that every nite extension is an algebraic extension. We
mentioned that the converse is not necessarily true, that is there are algebraic extensions that are not nite. Here we give an example.
Theorem 5.4.2. Let A be the algebraic closure of the rational numbers Q within the
complex numbers C. Then A is an algebraic extension of Q but jA W Qj D 1.
Proof. From the previous theorem A is an algebraic extension of Q. We show that it
cannot be a nite extension. By Eisensteins criterion the rational polynomial f .x/ D
x p C p is irreducible over Q for any prime p. Let a be a zero in C of f .x/. Then
Section 5.5 Algebraic and Transcendental Numbers
75
a 2 A and jQ.a/ W Qj D p. Therefore jA W Qj p for all primes p. Since there are

innitely many primes this implies that jA W Qj D 1
5.5
Algebraic and Transcendental Numbers
In this section we consider the string of eld extensions Q R C.

Denition 5.5.1. An algebraic number is an element of C which is algebraic over
Q. Hence an algebraic number is an 2 C such that f ./ D 0 for some f .x/ 2
Qx. If 2 C is not algebraic it is transcendental.
We will let A denote the totality of algebraic numbers within the complex numbers C, and T the set of transcendentals so that C D A [ T . In the language of the
last subsection, A is the algebraic closure of Q within C. As in the general case, if
2 C is algebraic we will let m .x/ denote the minimal polynomial of over Q.
We now examine the sets A and T more closely. Since A is precisely the algebraic
closure of Q in C we have from our general result that A actually forms a subeld
of C. Further since the intersection of subelds is again a subeld it follows that
A0 D A \ R the real algebraic numbers form a subeld of the reals.
Theorem 5.5.2. The set A of algebraic numbers forms a subeld of C. The subset
A0 D A \ R of real algebraic numbers forms a subeld of R.
Since each rational is algebraic it is clear
p that there are algebraic numbers. Further there are irrational algebraic numbers, 2 for example, since it satises the irreducible polynomial x 2 2 D 0 over Q. On the other hand we havent examined the
question of whether transcendental numbers really exist. To show that any particular
complex number is transcendental is in general quite difcult. However it is relatively
easy to show that there are uncountably innitely many transcendentals.
Theorem 5.5.3. The set A of algebraic numbers is countably innite. Therefore T
the set of transcendental numbers and T 0 D T \ R, the real transcendental numbers,
are uncountably innite.
Proof. Let
Pn D f .x/ 2 Qx W deg.f .x// n:
Since if f .x/ 2 Pn , f .x/ D qo C q1 x C C qn x n with qi 2 Q we can identify a
polynomial of degree n with an .n C 1/-tuple .q0 ; q1 ; : : : ; qn / of rational numbers.
Therefore the set Pn has the same size as the .n C 1/-fold Cartesian product of Q:
QnC1 D Q Q Q:
76
Since a nite Cartesian product of countable sets is still countable it follows that Pn
is a countable set.
Now let
[
Bn D
roots ofp.x/;
p.x/2Pn
that is Bn is the union of all roots in C of all rational polynomials of degree n.

Since each such p.x/ has a maximum of n roots and since Pn is countable it follows
that Bn is a countable union of nite sets and hence is still countable. Now
AD
1
[
Bn
nD1
so A is a countable union of countable sets and is therefore countable.

Since both R and C are uncountably innite the second assertions follow directly
from the countability of A. If say T were countable then C D A [ T would also be
countable which is a contradiction.
From Theorem 5.5.3 we know that there exist innitely many transcendental numbers. Liouville in 1851 gave the rst proof of the existence of transcendentals by
exhibiting a few. He gave as one the following example.
Theorem 5.5.4. The real number
cD
1
X
1
10j
j D1
is transcendental.
P
Proof. First of all since 101j < 101j , and j1D1 101j is a convergent geometric series,
it follows from the comparison test P
that the innite series dening c converges and
denes a real number. Further since j1D1 101j D 19 , it follows that c < 19 < 1.
Suppose that c is algebraic so that g.c/ D 0 for some rational nonzero polynomial g.x/. Multiplying through by the least common multiple of all the denominators
Pn in g.x/j we may suppose that f .c/ D 0 for some integral polynomial f .x/ D
j D0 mj x . Then c satises
n
X
j D0
for some integers m0 ; : : : ; mn .
mj c j D 0
77
Section 5.5 Algebraic and Transcendental Numbers
If 0 < x < 1 then by the triangle inequality

n
X
n
X
0
j 1
j mj x
jj mj j D B

jf .x/j D
j D1
j D1
where B is a real constant depending only on the coefcients of f .x/.

Now let
k
X
1
ck D
10j
j D1
be the k-th partial sum for c. Then

jc ck j D
1
X
j DkC1
1
1
< 2 .kC1/ :
j
10
10
Apply the mean value theorem to f .x/ at c and ck to obtain

jf .c/ f .ck /j D jc ck jjf 0 . /j
for some with ck < < c < 1. Now since 0 < < 1 we have
jc ck jjf 0 . /j < 2B
1
10.kC1/
On the other hand, since f .x/ can have at most n roots, it follows that for all k
large enough we would have f .ck / 0. Since f .c/ D 0 we have
X
n
1
j
jf .c/ f .ck /j D jf .ck /j D

mj ck > nk
10
j D1
since for each j , mj ckj is a rational number with denominator 10j k . However if k is
chosen sufciently large and n is xed we have
2B
1
> .kC1/
nk
10
10
contradicting the equality from the mean value theorem. Therefore c is transcendental.
In 1873 Hermite proved that e is transcendental while Lindemann in 1882 showed
that is transcendental. Schneider in 1934 showed that ab is transcendental if a 0,
a and b are algebraic and b is irrational. Later in the book we will prove that both e
and are transcendental. An interesting open question is the following:
Is transcendental over Q.e/?
To close this section we show that in general if a 2 L is transcendental over K then
K.a/jK is isomorphic to the eld of rational functions over K.
78
Theorem 5.5.5. Suppose that LjK is a eld extension and a 2 L is transcendental

over K. Then K.a/jK is isomorphic to K.x/jK. Here the isomorphism W K.x/ !
K.a/ can be chosen such that .x/ D a.
Proof. Dene the map W K.x/ ! K.a/ by

f .a/
f .x/
D

g.x/
g.a/
for f .x/; g.x/ 2 Kx with g.x/ 0. Then is a homomorphism and .x/ D a.
Since 0 it follows that is an isomorphism.
5.6
1.
Exercises
Let a 2 C with a3 2a C 2 D 0 and b D a2 a. Compute the minimal
polynomial mb .x/ of b over Q and compute the inverse of b in Q.a/.
Determine the algebraic closure of R in C.x/.

p
2n
2 2 R, n D 1; 2; 3; : : : and A WD an W n 2 N and E WD Q.A/.
3. Let an WD
Show:
2.
(i) jQ.an / W Qj D 2n .
(ii) jE W Qj D 1.
S
(iii) E D 1
nD1 Q.an /.
(iv) E is algebraic over Q.
4.
Determine jE W Qj for
p p
(i) E D Q. 2; 2/.
p
p p
(ii) E D Q. 3; 3 C 3 3/.
p ; 1Ci
p /.
(iii) E D Q. 1Ci
2
2
p p
p
p
p
5. Show that Q. 2;p 3/pD a C b 2 C c 3 C d 6 W a; b;p
c; d p
2 Q. Determine
p
2;
3/
over
Q.
Further
show
that
Q.
2;
3/ D Q. 2 C
the
degree
of
Q.
p
3/.
6.
Let K, E be elds and a 2 E be transcendental over K. Show:

(i) Each element of K.a/jK is transcendental over K.
(ii) an is transcendental over K for each n > 1.
3
a
(iii) If L WD K. aC1
/ then a is algebraic over L. Determine the minimal polynomial ma .x/ of a over L.
79
7.
Let K be a eld and a 2 K.x/jK. Show:

(i) x is algebraic over K.a/.
(ii) If L is a eld with K L K.x/, then jK.x/ W Lj < 1.
(iii) a is transcendental over K.
8.
Suppose that a 2 L is algebraic over K. Let

I D f .x/ 2 Kx W f .a/ D 0:
Since a is algebraic I ;. Prove that I is an ideal in Kx.
9.
Prove that there are uncountably many transcendental numbers. To do this show
that the set A of algebraic numbers is countable. To do this:
(i) Show that Qn x the set of rational polynomials of degree n is countable
(nite Cartesian product of countable sets).
(ii) Let Bn D Zeros of polynomials in Qn . Show that B is countable.
S
(iii) Show that A D 1
nD1 Bn and conclude that A is countable.
(iv) Show that the transcendental numbers are uncountable.
10. Consider the map W Kx ! Ka given by

X
X
i

ki x D
ki a i :
i
Show that is a ring epimorphism.

11. Suppose that K is a eld and R is an integral domain with K R. Then R can
be viewed as a vector space over K. Let r0 2 R with r0 0. Dene the map
from R to R given by
.r/ D rr0 :
Show that this is a linear transformation from R to R considered as a vector space
over K.
Chapter 6
Field Extensions and Compass and Straightedge

Constructions
6.1
Geometric Constructions
Greek mathematicians in the classical period posed the problem of constructing certain geometric gures in the Euclidean plane using only a straightedge and a compass.
These are known as geometric construction problems.
Recall from elementary geometry that using a straightedge and compass it is possible to draw a line parallel to a given line segment through a given point, to extend
a given line segment, and to erect a perpendicular to a given line at a given point on
that line. There were other geometric construction problems that the Greeks could
not determine straightedge and compass solutions but on the other hand were never
able to prove that such constructions were impossible. In particular there were four
famous insolvable (to the Greeks) construction problems. The rst is the squaring of
the circle. This problem is, given a circle, to construct using straightedge and compass a square having area equal to that of the given circle. The second is the doubling
of the cube. This problem is given a cube of given side length, to construct using a
straightedge and compass, a side of a cube having double the volume of the original
cube. The third problem is the trisection of an angle. This problem is to trisect a given
angle using only a straightedge and compass. The nal problem is the construction of
a regular n-gon. This problems asks which regular n-gons could be constructed using
only straightedge and compass.
By translating each of these problems into the language of eld extensions we can
show that each of the rst three problems are insolvable in general and we can give
the complete solution to the construction of the regular n-gons.
6.2
Constructible Numbers and Field Extensions
We now translate the geometric construction problems into the language of eld extensions. As a rst step we dene a constructible number.
Denition 6.2.1. Suppose we are given a line segment of unit length. An 2 R is
constructible if we can construct a line segment of length jj in a nite number of
steps from the unit segment using a straightedge and compass.
Section 6.2 Constructible Numbers and Field Extensions
81
Our rst result is that the set of all constructible numbers forms a subeld of R.
Theorem 6.2.2. The set C of all constructible numbers forms a subeld of R. Further, Q C .
Proof. Let C be the set of all constructible numbers. Since the given unit length
segment is constructible, we have 1 2 C. Therefore, C ;, and thus to show that it
is a eld we must show that it is closed under the eld operations.
Suppose ; are constructible. We must show then that ; , and = for
0 are constructible. If ; > 0, construct a line segment of length jj. At
one end of this line segment extend it by a segment of length jj. This will construct
a segment of length C . Similarly, if > , lay off a segment of length jj
at the beginning of a segment of length jj. The remaining piece will be .
By considering cases we can do this in the same manner if either or or both
are negative. These constructions are pictured in Figure 6.1. Therefore, are
constructible.
Figure 6.1
In Figure 6.2 we show how to construct . Let the line segment OA have length
jj. Consider a line L through O not coincident with OA. Let OB have length jj as
in the diagram. Let P be on ray OB so that OP has length 1. Draw AP and then nd
Q on ray OA such that BQ is parallel to AP . From similar triangles we then have
jOP j
jOBj
jOAj
jOQj
jj
1
D
:
jj
jOQj
Then jOQj D jjjj, and so is constructible.
Figure 6.2
82
Chapter 6 Field Extensions and Compass and Straightedge Constructions
A similar construction, pictured in Figure 6.3, shows that = for 0 is constructible. Find OA; OB; OP as above. Now, connect A to B and let PQ be parallel
to AB. From similar triangles again we have
jOQj
jj
1
D
H)
D jOQj:
jj
jj
jj
Hence = is constructible.
Figure 6.3
Therefore, C is a subeld of R. Since char C D 0, it follows that Q C .
Let us now consider analytically how a constructible number is found in the plane.
Starting at the origin and using the unit length and the constructions above, we can
locate any point in the plane with rational coordinates. That is, we can construct the
point P D .q1 ; q2 / with q1 ; q2 2 Q. Using only straightedge and compass, any
further point in the plane can be determined in one of the following three ways.
1. The intersection point of two lines each of which passes through two known
points each having rational coordinates.
2. The intersection point of a line passing through two known points having rational coordinates and a circle whose center has rational coordinates and whose
radius squared is rational.
3. The intersection point of two circles each of whose centers has rational coordinates and each of whose radii is the square root of a rational number.
Analytically, the rst case involves the solution of a pair of linear equations each
with rational coefcients and thus only leads to other rational numbers. In cases two
and three we must solve equations of the form x 2 C y 2 C ax C by C c D 0, with
a; b; c 2 Q. These will then be quadratic equations over Q, and thus the solutions
p
will either be in Q or in a quadratic extension Q. / of Q. Once a real quadratic
extension of Q is found, the process can be iterated. Conversely it can be shown that
p
if is constructible, so is . We thus can prove the following theorem.
Section 6.3 Four Classical Construction Problems
83
Theorem 6.2.3. If
is constructible with
Q, then there exists a nite number of
elements 1 ; : : : ; r 2 R with r D
such that for i D 1; : : : ; r, Q.1 ; : : : ; i / is
a quadratic extension of Q.1 ; : : : ; i 1 /. In particular, jQ.
/ W Qj D 2n for some
n 1.
Therefore, the constructible numbers are precisely those real numbers that are contained in repeated quadratic extensions of Q. In the next section we use this idea to
show the impossibility of the rst three mentioned construction problems.
6.3
Four Classical Construction Problems
We now consider the aforementioned construction problems. Our main technique

will be to use Theorem 6.2.3. From this result we have that if
is constructible with
Q, then jQ.
/ W Qj D 2n for some n 1.
6.3.1 Squaring the Circle

Theorem 6.3.1. It is impossible to square the circle. That is, it is impossible in general, given a circle, to construct using straightedge and compass a square having area
equal to that of the given circle.
Proof. Suppose the given circle has radius 1. It is then constructible and would have
p
an area of . A corresponding square would then have to have a side of length .
To be constructible a number must have jQ./ W Qj D 2m < 1 and hence must
p
be algebraic. However is transcendental, so is also transcendental and therefore
not constructible.
6.3.2 The Doubling of the Cube

Theorem 6.3.2. It is impossible to double the cube. This means that it is impossible
in general, given a cube of given side length, to construct using a straightedge and
compass, a side of a cube having double the volume of the original cube.
Proof. Let the given side length be 1, so that the original volume is also 1. To double
this we would have to construct a side of length 21=3 . However jQ.21=3 / W Qj D 3
since the minimal polynomial over Q is m21=3 .x/ D x 3 2. This is not a power of 2
so 21=3 is not constructible.
6.3.3 The Trisection of an Angle

Theorem 6.3.3. It is impossible to trisect an angle. This means that it is impossible
in general to trisect a given angle using only a straightedge and compass.
84
Proof. An angle is constructible if and only if a segment of length jcos j is constructible. Since cos.=3/ D 1=2, therefore =3 is constructible. We show that it
cannot be trisected by straightedge and compass.
The following trigonometric identity holds
cos.3 / D 4 cos3 . / 3 cos. /:
Let D cos.=9/. From the above identity we have 4 3 3 12 D 0. The
polynomial 4x 3 3x 12 is irreducible over Q, and hence the minimal polynomial
over Q is m .x/ D x 3 34 x 18 . It follows that jQ./ W Qj D 3, and hence is not
constructible. Therefore, the corresponding angle =9 is not constructible. Therefore,
=3 is constructible, but it cannot be trisected.
6.3.4 Construction of a Regular n-Gon

The nal construction problem we consider is the construction of regular n-gons. The
algebraic study of the constructibility of regular n-gons was initiated by Gauss in the
early part of the nineteenth century.
Notice rst that a regular n-gon will be constructible for n 3 if and only if
2
the angle 2
n is constructible, which is the case if and only if the length cos n is a
2
constructible number. From our techniques if cos n is a constructible number then
m
necessarily jQ.cos. 2
n // W Qj D 2 for some m. After we discuss Galois theory we
see that this condition is also sufcient. Therefore cos 2
n is a constructible number if
2
m
and only if jQ.cos. n // W Qj D 2 for some m.
The solution of this problem, that is the determination of when jQ.cos. 2
n / W Qj D
m
2 involves two concepts from number theory; the Euler phi-function and Fermat
primes.
Denition 6.3.4. For any natural number n, the Euler phi-function is dened by
.n/ D number of integers less than or equal to n and relatively prime to n:
Example 6.3.5. .6/ D 2 since among 1; 2; 3; 4; 5; 6 only 1; 5 are relatively prime
to 6.
It is fairly straightforward to develop a formula for .n/. A formula is rst determined for primes and for prime powers and then pasted back together via the fundamental theorem of arithmetic.
Lemma 6.3.6. For any prime p and m > 0,

1
:
.p m / D p m p m1 D p m 1
p
85
Proof. If 1 a p then either a D p or .a; p/ D 1. It follows that the positive

integers less than or equal to p m which are not relatively prime to p m are precisely
the multiples of p that is p; 2p; 3p; : : : ; p m1 p. All other positive a < p m are
relatively prime to p m . Hence the number relatively prime to p m is
p m p m1 :
Lemma 6.3.7. If .a; b/ D 1 then .ab/ D .a/.b/.
Proof. Given a natural number n a reduced residue system modulo n is a set of integers x1 ; : : : ; xk such that each xi is relatively prime to n, xi xj mod n unless
i D j and if .x; n/ D 1 for some integer x then x xi mod n for some i. Clearly
.n/ is the size of a reduced residue system modulo n.
Let Ra D x1 ; : : : ; x.a/ be a reduced residue system modulo a, Rb D y1 ; : : : ;
y.b/ be a reduced residue system modulo b, and let
S D ayi C bxj W i D 1; : : : ; .b/; j D 1; : : : ; .a/:
We claim that S is a reduced residue system modulo ab. Since S has .a/.b/
elements it will follow that .ab/ D .a/.b/.
To show that S is a reduced residue system modulo ab we must show three things:
rst that each x 2 S is relatively prime to ab; second that the elements of S are
distinct; and nally that given any integer n with .n; ab/ D 1 then n s mod ab for
some s 2 S .
Let x D ayi C bxj . Then since .xj ; a/ D 1 and .a; b/ D 1 it follows that
.x; a/ D 1. Analogously .x; b/ D 1. Since x is relatively prime to both a and b we
have .x; ab/ D 1. This shows that each element of S is relatively prime to ab.
Next suppose that
ayi C bxj ayk C bxl
mod ab:
Then
abj.ayi C bxj / .ayk C bxl / H) ayi ayk
mod b:
Since .a; b/ D 1 it follows that yi yk mod b. But then yi D yk since Rb is a

reduced residue system. Similarly xj D xl . This shows that the elements of S are
distinct modulo ab.
Finally suppose .n; ab/ D 1. Since .a; b/ D 1 there exist x; y with ax C by D 1.
Then
anx C bny D n:
Since .x; b/ D 1 and .n; b/ D 1 it follows that .nx; b/ D 1. Therefore there is an
si with nx D si C t b. In the same manner .ny; a/ D 1 and so there is an rj with
86
ny D rj C ua. Then
a.si C t b/ C b.rj C ua/ D n H) n D asi C brj C .t C u/ab
H) n ari C bsj
mod ab
and we are done.

We now give the general formula for .n/.
e
Theorem 6.3.8. Suppose n D p1e1 pkk then
.n/ D .p1e1 p1e1 1 /.p2e2 p2e2 1 / .pkek pkek 1 /:

Proof. From the previous lemma we have
e
.n/ D .p1e1 /.p2e2 / .pkk /

D .p1e1 p1e1 1 /.p2e2 p2e2 1 / .pkek pkek 1 /
D p1e1 .1 1=p1 / pkek .1 1=pk / D p1e1 pkek .1 1=p1 / .1 1=pk /
Y
D n .1 1=pi /:
i
Example 6.3.9. Determine .126/. Now

126 D 2 32 7 H) .126/ D .2/.32 /.7/ D .1/.32 3/.6/ D 36:
Hence there are 36 units in Z126 .
An interesting result with many generalizations in number theory is the following.
Theorem 6.3.10. For n > 1 and for d 1
X
.d / D n:
d jn
Proof. We rst prove the theorem for prime powers and then paste together via the
fundamental theorem of arithmetic.
Suppose that n D p e for p a prime. Then the divisors of n are 1; p; p 2 ; : : : ; p e , so
X
.d / D .1/ C .p/ C .p 2 / C C .p e /
d jn
D 1 C .p 1/ C .p 2 p/ C C .p e p e1 /:
Notice that this sum telescopes, that is 1 C .p 1/ D p; p C .p 2 p/ D p 2 and
so on. Hence the sum is just p e and the result is proved for n a prime power.
87
We now do an induction on the number of distinct prime factors of n. The above

argument shows that the result is true if n has only one distinct prime factor. Assume
that the result is true whenever an integer has less than k distinct prime factors and
suppose n D p1e1 pkek has k distinct prime factors. Then n D p e c where p D p1 ,
e D e1 and c has fewer than k distinct prime factors. By the inductive hypothesis
X
.d / D c:
d jc
Since .c; p/ D 1 the divisors of n are all of the form p d1 where d1 jc and D
0; 1; : : : ; e. It follows that
X
X
X
X
.d / D
.d1 / C
.pd1 / C C
.p e d1 /:
d jn
d1 jc
d1 jc
d1 jc
Since .d1 ; p / D 1 for any divisor of c this sum equals

X
.d1 / C
d1 jc
.p/.d1 / C C
d1 jc
.d1 / C .p 1/
d1 jc
.p e /.d1 /
d1 jc
.d1 / C C .p e p e1 /
d1 jc
2
.d1 /
d1 jc
e
D c C .p 1/c C .p p/c C C .p p
e1
/c:
As in the case of prime powers this sum telescopes giving a nal result
X
.d / D p e c D n:
d jn
Example 6.3.11. Consider n D 10. The divisors are 1; 2; 5; 10. Then .1/ D 1,
.2/ D 1, .5/ D 4, .10/ D 4. Then
.1/ C .2/ C .5/ C .10/ D 1 C 1 C 4 C 4 D 10:
We will see later in the book that the Euler phi-function plays an important role in
the structure theory of abelian groups.
We now turn to Fermat primes.
Denition 6.3.12. The Fermat numbers are the sequence .Fn / of positive integers
dened by
n
Fn D 22 C 1; n D 0; 1; 2; 3; : : : :
If a particular Fn is prime it is called a Fermat prime.
88
Fermat believed that all the numbers in this sequence were primes. In fact F0 ; F1 ;
F2 ; F3 ; F4 are all prime but F5 is composite and divisible by 641 (see exercises). It is
still an open question whether or not there are innitely many Fermat primes. It has
been conjectured that there are only nitely many. On the other hand if a number of
the form 2n C 1 is a prime for some integer n then it must be a Fermat prime.
Theorem 6.3.13. If a 2 and an C 1, n 1, is a prime then a is even and n D 2m
for some nonnegative integer m. In particular if p D 2k C 1, k 1, is a prime then
k D 2n for some n and p is a Fermat prime.
Proof. If a is odd then an C 1 is even and hence not a prime. Suppose then that a is
even and n D kl with k odd and k 3. Then
akl C 1
D a.k1/l a.k2/l C C 1:
al C 1
Therefore al C 1 divides akl C 1 if k 3. Hence if an C 1 is a prime we must have
n D 2m .
We can now state the solution to the constructibility of regular n-gons.
Theorem 6.3.14. A regular n-gon is constructible with a straightedge and compass
if and only if n D 2m p1 pk where p1 ; : : : ; pk are distinct Fermat primes.
Before proving the theorem notice for example that a regular 20-gon is constructible
since 20 D 22 5 and 5 is a Fermat prime. On the other hand a regular 11-gon is not
constructible.
Proof. Let D e
2 i
n
be a primitive n-th root of unity. Since

2 i
2
2
e n D cos
C i sin
n
n
is easy to compute that (see exercises)

2
1
:
C D 2 cos

n
Therefore Q. C
we will prove that
1
/
D Q.cos. 2
n //. After we discuss Galois theory in more detail

Q C 1 W Q D .n/

2
where .n/ is the Euler phi-function. Therefore cos. 2

n / is constructible if and only
.n/
if 2 and hence .n/ is a power of 2.
89
Suppose that n D 2m p1e1 pkek , all pi odd primes. Then from Theorem 6.3.8
.n/ D 2m1 .p1e1 p1e1 1 /.p2e2 p2e2 1 / .pkek pkek 1 /:
If this was a power of 2 each factor must also be a power of 2. Now
piei piei 1 D piei 1 .pi 1/:
If this is to be a power of 2 we must have ei D 1 and pi 1 D 2ki for some ki .
Therefore each prime is distinct to the rst power and pi D 2ki C 1 is a Fermat prime
proving the theorem.
6.4
Exercises
1. Let be a given angle. In which of the following cases is the angle

from the angle by compass and straightedge?
(a) D
(b) D
(c) D

13 ,

33 ,

7,
constructible

26 .

D 11
.

D 12 .
2. (The golden section) In the plane let AB be a given segment from A to B with
length a. The segment AB should be divided such that the proportion of AB to
the length of the bigger subsegment is equal to the proportion of the length of the
bigger subsegment to the length of the smaller subsegment:
b
a
D
;
b
ab
where b is the length of the bigger subsegment. Such a division is called division
x
by the golden section. If we write b D ax, 0 < x < 1, then x1 D 1x
, that is
2 D 1 x. Show:
x
(a)
1
x
p
1C 5
2
D .
(b) Construct the division of AB by the golden section with compass and straightedge.
(c) If we divide the radius r > 0 of a circle by the golden section, then the
bigger part of the so divided radius is the side of the regular 10-gon with its
10 vertices on the circle.
3. Given a regular 10-gon such that the 10 vertices are on the circle with radius R > 0.
Show that the length of each side is equal to the bigger part of the, by the golden
section divided, radius. Describe the procedure of the construction of the regular
10-gon and 5-gon.
90
4. Construct the regular 17-gon with compass and straightedge. Hint: We have to
2 i
17 . First, construct
construct the number 12 .! C ! 1 / D cos 2
17 , where ! D e
2
the positive zero !1 of the polynomial x C x 4; we get
1 p
!1 D . 17 1/ D ! C ! 1 C ! 2 C ! 2 C ! 4 C ! 4 C ! 8 C ! 8 :
2
Then, construct the positive zero !2 of the polynomial x 2 !1 x 1; we get
q
p
1 p
17 1 C 34 2 17 D ! C ! 1 C ! 4 C ! 4 :
!2 D
4
From !1 and !2 construct D 12 .!22 !1 C !2 4/. Then !3 D 2 cos 2
17 is the
biggest of the two positive zeros of the polynomial x 2 !2 x C .
5. The Fibonacci-numbers fn , n 2 N [ 0, are dened by f0 D 0, f1 D 1 and
fnC2 D fnC1 C fn for n 2 N [ 0. Show:
(a) fn D
n n
with D
p
1C 5
2 ,
(b) . nC1
/
converges and limn!1
fn n2N
0 1 n fn1 fn
(c) 1 1 D fn fnC1 , n 2 N.
p
1 5
2 .
fnC1
fn
p
1C 5
2
D .
(d) f1 C f2 C C fn D fnC2 1, n 1.
(e) fn1 fnC1 fn2 D .1/n , n 2 N.
(f) f12 C f22 C C fn2 D fn fnC1 , n 2 N.
(g) The Fermat numbers F0 ; F1 ; F2 ; F3 ; F4 . are all prime but F5 is composite
and divisible by 641.
6. Let D e
show that
2 i
n
be a primitive n-th root of unity. Using

2 i
2
2
e n D cos
C i sin
n
n

2
1
C D 2 cos
:

n
Chapter 7
Kroneckers Theorem and Algebraic Closures
7.1
Kroneckers Theorem
In the last chapter we proved that if LjK is a eld extension then there exists an
intermediate eld K A L such that A is algebraic over K and contains all
the elements of L that are algebraic over K. We call A the algebraic closure of K
within L. In this chapter we prove that starting with any eld K we can construct
an extension eld K that is algebraic over K and is algebraically closed. By this
we mean that there are no algebraic extensions of K or equivalently that there are no
irreducible nonlinear polynomials in Kx. In the nal section of this chapter we will
give a proof of the famous fundamental theorem of algebra which in the language of
this chapter says that the eld C of complex numbers is algebraically closed. We will
present another proof of this important result later in the book after we discuss Galois
theory.
First we need the following crucial result of Kronecker which says that given a
polynomial f .x/ in Kx where K is a eld we can construct an extension eld L
of K in which f .x/ has a root . We say that L has been constructed by adjoining
to K. Recall that if f .x/ 2 Kx is irreducible then f .x/ can have no roots in K. We
rst need the following concept.
Denition 7.1.1. Let LjK and L0 jK be eld extensions. Then a K-isomorphism is
an isomorphism W L ! L0 that is the identity map on K, that is xes each element
of K.
Theorem 7.1.2 (Kroneckers theorem). Let K be a eld and f .x/ 2 Kx. Then
there exists a nite extension K 0 of K where f .x/ has a root.
Proof. Suppose that f .x/ 2 Kx. We know that f .x/ factors into irreducible polynomials. Let p.x/ be an irreducible factor of f .x/. From the material in Chapter 4
we know that since p.x/ is irreducible the principal ideal hp.x/i in Kx is a maximal ideal. To see this suppose that g.x/ hp.x/i, so that g.x/ is not a multiple of
p.x/. Since p.x/ is irreducible, it follows that .p.x/; g.x// D 1. Thus there exist
h.x/; k.x/ 2 Kx with
h.x/p.x/ C k.x/g.x/ D 1:
92
Chapter 7 Kroneckers Theorem and Algebraic Closures
The element on the left is in the ideal .g.x/; .p.x//, so the identity, 1, is in this ideal.
Therefore, the whole ring Kx is in this ideal. Since g.x/ was arbitrary, this implies
that the principal ideal hp.x/i is maximal.
Now let K 0 D Kx=hp.x/i. Since hp.x/i is a maximal ideal it follows that K 0 is
a eld. We show that K can be embedded in K 0 and that p.x/ has a zero in K 0 .
First consider the map W Kx ! K 0 by .f .x// D f .x/ C hp.x/i. This is a
homomorphism. Since the identity element 1 2 K is not in hp.x/i it follows that
restricted to K is nontrivial. Therefore restricted to K is a monomorphism since
if ker.jK / K then ker.jK / D 0. Therefore K can be embedded into .K/
which is contained in K 0 . Therefore K 0 can be considered as an extension eld of K.
Consider the element a D x C hp.x/i 2 K 0 . Then p.a/ D p.x/ C hp.x/i D
0 C hp.x/i since p.x/ 2 hp.x/i. But 0 C hp.x/i is the zero element 0 of the factor
ring Kx=hp.x/i. Therefore in K 0 we have p.a/ D 0 and hence p.x/ has a zero
in K 0 . Since p.x/ divides f .x/ we must have f .a/ D 0 in K 0 also. Therefore we
have constructed an extension eld of K in which f .x/ has a zero.
We now outline a slightly more constructive proof of Kroneckers theorem. From
this construction we say that the eld K 0 constructed by adjoining the root to K.
Proof of Kroneckers theorem. We can assume that f .x/ is irreducible. Suppose that
f .x/ D a0 C a1 x C C an x n with an 0. Dene to satisfy
a0 C a1 C C an n D 0:
Now dene K 0 D K./ in the following manner. We let
K./ D c0 C c1 C C cn1 n1 W ci 2 K:
Then on K./ dene addition and subtraction componentwise and dene multiplication by algebraic manipulation, replacing powers of higher than n by using
n D
a0 a1 an1 n1

:
an
We claim that K 0 D K./ then forms a eld of nite degree over K. The basic
ring properties follow easily by computation (see exercises) using the denitions. We
must show then that every nonzero element of K./ has a multiplicative inverse. Let
g./ 2 K./. Then the corresponding polynomial g.x/ 2 Kx is a polynomial of
degree n 1. Since f .x/ is irreducible of degree n it follows that f .x/ and g.x/
must be relatively prime, that is .f .x/; g.x// D 1. Hence there exist a.x/; b.x/ 2
Kx with
a.x/f .x/ C b.x/g.x/ D 1:
Evaluate these polynomials at to get
a./f ./ C b./g./ D 1:
93
Section 7.1 Kroneckers Theorem
Since by denition we have f ./ D 0 this becomes

b./g./ D 1:
Now b./ might have degree higher than n 1 in . However using the relation that
f ./ D 0 we can rewrite b./ as b./ where b./ now has degree n 1 in and
hence is in K./. Therefore
b./g./ D 1
and hence g./ has a multiplicative inverse. It follows that K./ is a eld and by
denition f ./ D 0. The elements 1; ; : : : ; n1 form a basis for K./ over K and
hence
jK./ W Kj D n:
Example 7.1.3. Let f .x/ D x 2 C 1 2 Rx. This is irreducible over R. We construct
the eld in which this has a root.
Let be an indeterminate with 2 C 1 D 0 or 2 D 1. The extension eld R./
then has the form
R./ D x C y W x; y 2 R; 2 D 1:
It is clear that this eld is R-isomorphic to the complex numbers C, that is, R./
R.i/ C.
In Chapter 5 we showed that if LjK is a eld extension and a 2 L is algebraic over
K then there is a smallest algebraic extension K.a/ of K within L. Further K.a/ is
determined by the minimal polynomial ma .x/. The difference between this construction and the construction in Kroneckers theorem is that in the proof of Kroneckers
theorem is dened to be the root and we constructed the eld around it, whereas
in the previous construction was assumed to satisfy the polynomial and K./ was
an already existing eld that contained . However the next theorem says that these
constructions are the same up to K-isomorphism.
Theorem 7.1.4. Let p.x/ 2 Kx be an irreducible polynomial and let K 0 D K./
be the extension eld of K constructed in Kroneckers theorem in which p.x/ has a
zero . Let L be an extension eld of K and suppose that a 2 L is algebraic with
minimal polynomial m .x/ D p.x/. Then K./ is K-isomorphic to K.a/.
Proof. If LjK is a eld extension and a 2 L is algebraic then the construction of the
subeld K.a/ within L is identical to the construction outlined above for K./. If
deg.p.x// D n then the elements 1; a; : : : ; a n1 constitute a basis for K.a/ over K
and the elements 1; ; : : : ; n1 constitute a basis for K./ over K. The mapping
W K.a/ ! K./
dened by .k/ D k if k 2 K and .a/ D and then extended by linearity is easily
shown to be a K-isomorphism (see exercises).
94
Theorem 7.1.5. Let K be a eld. Then the following are equivalent.

(1) Each nonconstant polynomial in Kx has a zero in K.
(2) Each nonconstant polynomial in Kx factors into linear factors over K. That
is, for each f .x/ 2 Kx there exist elements a1 ; : : : ; an ; b 2 K with
f .x/ D b.x a1 / .x an /:
(3) An element of Kx is irreducible if and only if it is of degree one.
(4) If LjK is an algebraic extension then L D K.
Proof. Suppose that each nonconstant polynomial in Kx has a zero in K. Let
f .x/ 2 Kx with deg.f .x// D n. Suppose that a1 is a zero of f .x/ then
f .x/ D .x a1 /h.x/
where the degree of h.x/ is n 1. Now h.x/ has a zero a2 in K so that
f .x/ D .x a1 /.x a2 /g.x/
with deg.g.x// D n 2. Continue in this manner and f .x/ factors completely into
linear factors. Hence (1) implies (2).
Now suppose (2), that is that each nonconstant polynomial in Kx factors into
linear factors over K. Suppose that f .x/ is irreducible. If deg.f .x// > 1 then f .x/
factors into linear factors and hence is not irreducible. Therefore f .x/ must be of
degree 1 and (2) implies (3).
Now suppose that an element of Kx is irreducible if and only if it is of degree
one and suppose that LjK is an algebraic extension. Let a 2 L. Then a is algebraic
over K. Its minimal polynomial ma .x/ is monic and irreducible over K and hence
from (3) is linear. Therefore ma .x/ D x a 2 Kx. It follows that a 2 K and hence
K D L. Therefore (3) implies (4).
Finally suppose that whenever LjK is an algebraic extension then L D K. Suppose
that f .x/ is a nonconstant polynomial in Kx. From Kroneckers theorem there
exists a eld extension L and a 2 L with f .a/ D 0. However L is an algebraic
extension so by supposition K D L. Therefore a 2 K and f .x/ has a zero in K.
Therefore (4) implies (1) completing the proof.
In the next section we will prove that given a eld K we can always nd an extension eld K with the properties of the last theorem.
7.2
Algebraic Closures and Algebraically Closed Fields
A eld K is termed algebraically closed if K has no algebraic extensions other than

K itself. This is equivalent to any one of the conditions of Theorem 7.1.5.
Section 7.2 Algebraic Closures and Algebraically Closed Fields
95
Denition 7.2.1. A eld K is algebraically closed if every nonconstant polynomial

f .x/ 2 Kx has a zero in K.
The following theorem is just a restatement of Theorem 7.1.5.
Theorem 7.2.2. A eld K is algebraically closed if and only it satises any one of
the following conditions.
(1) Each nonconstant polynomial in Kx has a zero in K.
(2) Each nonconstant polynomial in Kx factors into linear factors over K. That
is, for each f .x/ 2 Kx there exist elements a1 ; : : : ; an ; b 2 K with
f .x/ D b.x a1 / .x an /:
(3) An element of Kx is irreducible if and only if it is of degree one.
(4) If LjK is an algebraic extension then L D K.
The prime example of an algebraically closed eld is the eld C of complex numbers. The fundamental theorem of algebra says that any nonconstant complex polynomial has a complex root.
We now show that the algebraic closure of one eld within an algebraically closed
eld is algebraically closed. First we dene a general algebraic closure.
Denition 7.2.3. An extension eld K of a eld K is an algebraic closure of K if K
is algebraically closed and KjK is algebraic.
Theorem 7.2.4. Let K be a eld and LjK an extension of K with L algebraically
closed. Let K D AK be the algebraic closure of K within L. Then K is an algebraic
closure of K.
Proof. Let K D AK be the algebraic closure of K within L. We know that KjK is
algebraic therefore we must show that K is algebraically closed.
Let f .x/ be a nonconstant polynomial in Kx. Then f .x/ 2 Lx. Since L is
algebraically closed f .x/ has a zero a in L. Since f .a/ D 0 and f .x/ 2 Kx it
follows that a is algebraic over K. However K is algebraic over K and therefore a
is also algebraic over K. Hence a 2 K and f .x/ has a zero in K. Therefore K is
algebraically closed.
We want to note the distinction between being algebraically closed and being an
algebraic closure.
Lemma 7.2.5. The complex numbers C is an algebraic closure of R but not an algebraic closure of Q. An algebraic closure of Q is A the eld of algebraic numbers
within C.
96
Proof. C is algebraically closed (the fundamental theorem of algebra) and since

jC W Rj D 2 it is algebraic over R. Therefore C is an algebraic closure of R. Although
C is algebraically closed and contains the rational numbers Q it is not an algebraic
closure of Q since it is not algebraic over Q since there exist transcendental elements.
On the other hand, A, the eld of algebraic numbers within Q, is an algebraic
closure of Q from Theorem 7.2.4.
We now show that every eld has an algebraic closure. To do this we rst show that
any eld can be embedded into an algebraically closed eld.
Theorem 7.2.6. Let K be a eld. Then K can be embedded into an algebraically
closed eld.
Proof. We show rst that there is an extension eld L of K in which each nonconstant
polynomial f .x/ 2 Kx has a zero in L.
Assign to each nonconstant f .x/ 2 Kx the symbol yf and consider
R D Kyf W f .x/ 2 Kx
the polynomial ring over K in the variables yf . Set
I D
X
n
fj .yfj /rj W rj 2 R; fj .x/ 2 Kx :
j D1
It is straightforward that I is an ideal in R. Suppose that I D R. Then 1 2 I . Hence

there is a linear combination
1 D g1 f1 .yf1 / C C gn fn .yfn /
where gi 2 I D R.
In the n polynomials g1 ; : : : ; gn there are only a nite number of variables, say for
example
yf1 ; : : : ; yfn ; : : : ; yfm :
Hence
1D
n
X
gi .yf1 ; : : : ; yfm /fi .yfi /.

/:
i D1
Successive applications of Kroneckers theorem lead us to construct an extension eld

P of K in which each fi has a zero ai . Substituting ai for yfi in (8) above we get
that 1 D 0 a contradiction. Therefore I R.
Since I is a ideal not equal to the whole ring R it follows that I is contained in
a maximal ideal M of R. Set L D R=M . Since M is maximal K is a eld. Now
K \ M D 0. If not suppose that a 2 K \ M with a 0. Then a1 a D 1 2 M
97
and then M D R. Now dene W K ! L by .k/ D k C M . Since K \ M D 0 it

follows that ker. / D 0 so is a monomorphism. This allows us to identify K and
.K/ and shows that K embeds into L.
Now suppose that f .x/ is a nonconstant polynomial in Kx. Then
f .yf C M / D f .yf / C M:
However by the construction f .yf / 2 M so that
f .yf C M / D M C M D the zero element of L:
Therefore yf C M is a zero of f .x/.
Therefore we have constructed a eld L in which every nonconstant polynomial in
Kx has a zero in L.
We now iterate this procedure to form a chain of elds
K K1 .D L/ K2
such that each nonconstant
polynomial of Ki x has a zero in Ki C1 .
S
Now let KO D I Ki . It is easy to show (see exercises) that KO is a eld. If f .x/ is
O
a nonconstant polynomial in Kx
then there is some i with f .x/ 2 Ki x. Therefore
O Hence f .x/ has a zero in KO and KO is algebraically
f .x/ has a zero in Ki C1 x K.
closed.
Theorem 7.2.7. Let K be a eld. Then K has an algebraic closure.
Proof. Let KO be an algebraically closed eld containing K which exists from Theorem 7.2.6.
Now let K D AKO be the set of elements of KO that are algebraic over K. From
Theorem 7.2.4 KO is an algebraic closure of K.
The following lemma is straightforward. We leave the proof to the exercises.
Lemma 7.2.8. Let K; K 0 be elds and W K ! K 0 a homomorphism. Then
Q W Kx ! K 0 x given by
X
X
n
n
i
Q
ki x D
..ki //x i

i D1
i D0
Q If is
is also a homomorphism. By convention we identify and Q and write D .
Q
an isomorphism then so is .
98
Lemma 7.2.9. Let K; K 0 be elds and W K ! K 0 an isomorphism. Let f .x/ 2

Kx be irreducible. Let K K.a/ and K 0 K 0 .a0 / where a is a zero of f .x/
and a0 is a zero of .f .x//. Then there is an isomorphism W K.a/ ! K 0 .a0 / with
0
is uniquely determined.
jK D and .a/ D a . Further
Proof. This is a generalized version of Theorem 7.1.4. If b 2 K.a/ then from the
construction of K.a/ there is a polynomial g.x/ 2 Kx with b D g.a/. Dene a
map
W K.a/ ! K 0 .a0 /
by
.b/ D .g.x//.a0 /:
We show that is an isomorphism.
First is well-dened. Suppose that b D g.a/ D h.a/ with h.x/ 2 Kx. Then
.g h/.a/ D 0. Since f .x/ is irreducible this implies that f .x/ D cma .x/ and since
a is a zero of .g h/.x/ then f .x/j.g h/.x/. Then
.f .x//j..g.x// .h.x///:
Since .f .x//.a0 / D 0 this implies that .g.x//.a0 / D .h.x//.a0 / and hence the
map is well-dened.
It is easy to show that is a homomorphism. Let b1 D g1 .a/, b2 D g2 .a/. Then
b
b1 1 D g1 g2 .a/. Hence
.b1 b2 / D ..g1 g2 //.a0 / D .g1 /.a0 /.g2 /.a0 / D
.b1 / .b2 /:
In the same manner we have .b1 C b2 / D .b1 / C .b2 /.

Now suppose that k 2 K so that k 2 Kx is a constant polynomial. Then .k/ D
..k//.a0 / D .k/. Therefore restricted to K is precisely .
As is not the zero mapping it follows that is a monomorphism.
Finally since K.a/ is generated from K and a, and restricted to K is it follows
that is uniquely determined by and .a/ D a0 . Hence is unique.
Theorem 7.2.10. Let LjK be an algebraic extension. Suppose that L1 is an algebraically closed eld and is an isomorphism from K to K1 L1 . Then there exists
a monomorphism from L to L1 with jK D .
99
Before we give the proof we note that the theorem gives the following diagram:
In particular the theorem can be applied to monomorphisms of a eld K within an

algebraic closure K of K. Specically suppose that K K where K is an algebraic
closure of K and let W K ! K be a monomorphism with .K/ D K. Then there
exists an automorphism of K with jK D .
Proof of Theorem 7.2.10. Consider the set
M D .M; / W M is a eld with K M L;
where there exists a monomorphism W M ! L1 with jK D :
Now the set M is nonempty since .K; / 2 M. Order M by .M1 ; 1 / < .M2 ; 2 /
if M1 M2 and .2 /jM1 D 1 . Let
K D .Mi ; i / W i 2 I
be a chain in M. Let .M; / be dened by
M D
Mi
with .a/ D i .a/ for all a 2 Mi :
i 2I
It is clear that M is an upper bound for the chain K. Since each chain has an upper
bound it follows from Zorns lemma that M has a maximal element .N; /. We show
that N D L.
Suppose that N L. Let a 2 L n N . Then a is algebraic over N and further algebraic over K since LjK is algebraic. Let ma .x/ 2 N x be the minimal polynomial
of a relative to N . Since L1 is algebraically closed .ma .x// has a zero a0 2 L1 .
Therefore there is a monomorphism 0 W N.a/ ! L1 with 0 restricted to N the same
as . It follows that .N; / < .N.a/; 0 / since a N . This contradicts the maximality
of N . Therefore N D L completing the proof.
Combining the previous two theorems we can now prove that any two algebraic
closures of a eld K are unique up to K-isomorphism, that is up to an isomorphism
that is the identity on K.
100
Theorem 7.2.11. Let L1 and L2 be algebraic closures of the eld K. Then there is a
K-isomorphism W L ! L1 . Again by K-isomorphism we mean that is the identity
on K.
Proof. From Theorem 7.2.7 there is a monomorphism W L1 ! L2 with the
identity on K. However since L1 is algebraically closed so is .L1 /. Then L2 j .L1 /
is an algebraic extension and since L2 is algebraically closed we must have L2 D
.L1 /. Therefore is also surjective and hence an isomorphism.
The following corollary is immediate.
Corollary 7.2.12. Let LjK and L0 jK be eld extensions with a 2 L and a0 2 L0
algebraic elements over K. Then K.a/ is K-isomorphic to K.a0 / if and only if
jK.a/ W Kj D jK.a0 / W Kj and there is an element a00 2 K.a0 / with ma .x/ D ma00 .x/.
7.3
The Fundamental Theorem of Algebra
In this section we give a proof of the fact that the complex numbers form an algebraically closed eld. This is known as the fundamental theorem of algebra. First
we need the concept of a splitting eld for a polynomial. In the next chapter we will
examine this concept more deeply.
7.3.1 Splitting Fields

We have just seen that given an irreducible polynomial over a eld F we could always
nd a eld extension in which this polynomial has a root. We now push this further
to obtain eld extensions where a given polynomial has all its roots.
Denition 7.3.1. If K is a eld and 0 f .x/ 2 Kx and K 0 is an extension eld
of K, then f .x/ splits in K 0 (K 0 may be K), if f .x/ factors into linear factors in
K 0 x. Equivalently, this means that all the roots of f .x/ are in K 0 .
K 0 is a splitting eld for f .x/ over K if K 0 is the smallest extension eld of K in
which f .x/ splits. (A splitting eld for f .x/ is the smallest extension eld in which
f .x/ has all its possible roots.)
K 0 is a splitting eld over K if it is the splitting eld for some nite set of polynomials over K.
Theorem 7.3.2. If K is a eld and 0 f .x/ 2 Kx, then there exists a splitting
eld for f .x/ over K.
Proof. The splitting eld is constructed by repeated adjoining of roots. Suppose without loss of generality that f .x/ is irreducible of degree n over F . From Theorem 6.2.2
there exists a eld F 0 containing with f ./ D 0. Then f .x/ D .x/g.x/ 2 F 0 x
Section 7.3 The Fundamental Theorem of Algebra
101
with deg g.x/ D n 1. By an inductive argument g.x/ has a splitting eld and therefore so does f .x/.
In the next chapter we will give a further characterization of splitting elds.
7.3.2 Permutations and Symmetric Polynomials

To obtain a proof of the fundamental theorem of algebra we need to go a bit outside
of our main discussions of rings and elds and introduce symmetric polynomials.
In order to introduce this concept we rst review some basic ideas from elementary
group theory which we will look at in detail later in the book.
Denition 7.3.3. A group G is a set with one binary operation which we will denote
by multiplication, such that
(1) The operation is associative, that is, .g1 g2 /g3 D g1 .g2 g3 / for all g1 ; g2 ; g3 2 G.
(2) There exists an identity for this operation, that is, an element 1 such that 1g D g
for each g 2 G.
(3) Each g 2 G has an inverse for this operation, that is, for each g there exists a
g 1 with the property that gg1 D 1.
If in addition the operation is commutative (g1 g2 D g2 g1 for all g1 ; g2 2 G), the
group G is called an abelian group. The order of G is the number of elements in G,
denoted jGj. If jGj < 1; G is a nite group. H G is a subgroup if H is also a
group under the same operation as G. Equivalently, H is a subgroup if H ; and
H is closed under the operation and inverses.
Groups most often arise from invertible mappings of a set onto itself. Such mappings are called permutations.
Denition 7.3.4. If T is a set, a permutation on T is a one-to-one mapping of T onto
itself. We denote by ST the set of all permutations on T .
Theorem 7.3.5. For any set T , ST forms a group under composition called the symmetric group on T . If T; T1 have the same cardinality (size), then ST ST1 . If T is
a nite set with jT j D n, then ST is a nite group and jST j D n.
Proof. If ST is the set of all permutations on the set T , we must show that composition
is an operation on ST that is associative and has an identity and inverses.
Let f; g 2 ST . Then f; g are one-to-one mappings of T onto itself. Consider
f g W T ! T . If f g.t1 / D f g.t2 /, then f .g.t1 // D f .g.t2 // and g.t1 / D g.t2 /,
since f is one-to-one. But then t1 D t2 since g is one-to-one.
If t 2 T , there exists t1 2 T with f .t1 / D t since f is onto. Then there exists
t2 2 T with g.t2 / D t1 since g is onto. Putting these together, f .g.t2 // D t , and
102
therefore f g is onto. Therefore, f g is also a permutation and composition gives

a valid binary operation on ST .
The identity function 1.t / D t for all t 2 T will serve as the identity for ST , while
the inverse function for each permutation will be the inverse. Such unique inverse
functions exist since each permutation is a bijection.
Finally, composition of functions is always associative and therefore ST forms a
group.
If T; T1 have the same cardinality, then there exists a bijection W T ! T1 . Dene
a map F W ST ! ST1 in the following manner: if f 2 ST , let F .f / be the permutation on T1 given by F .f /.t1 / D .f . 1 .t1 ///. It is straightforward to verify that
F is an isomorphism (see the exercises).
Finally, suppose jT j D n < 1. Then T D t1 ; : : : ; tn . Each f 2 ST can be
pictured as

t1 : : : t n
:
f D
f .t1 / : : : f .tn /
For t1 there are n choices for f .t1 /. For t2 there are only n 1 choices since f is
one-to-one. This continues down to only one choice for tn . Using the multiplication
principle, the number of choices for f and therefore the size of ST is
n.n 1/ 1 D n:
For a set with n elements we denote ST by Sn called the symmetric group on n
symbols.
Example 7.3.6. Write down the six elements of S3 and give the multiplication table
for the group.
Name the three elements 1; 2; 3. The six elements of S3 are then:

1 2 3
1 2 3
1 2 3
1D
;
aD
;
bD
1 2 3
2 3 1
3 1 2

1 2 3
1 2 3
1 2 3
cD
;
dD
;
eD
:
2 1 3
3 2 1
1 3 2
The multiplication table for S3 can be written down directly by doing the required
composition. For example,

1 2 3
1 2 3
1 2 3
ac D
D
D d:
2 3 1
2 1 3
3 2 1
To see this, note that a W 1 ! 2; 2 ! 3; 3 ! 1; c W 1 ! 2; 2 ! 1; 3 ! 3 and so
ac W 1 ! 3; 2 ! 2; 3 ! 1.
It is somewhat easier to construct the multiplication table if we make some observations. First, a2 D b and a3 D 1. Next, c 2 D 1, d D ac, e D a2 c and nally
ac D ca2 .
103
From these relations the following multiplication table can be constructed:
1
a
a2
c
ac
a2 c
1
1
a
a2
c
ac
a2 c
a
a
a2
1
a2 c
c
ac
a2
a2
1
a
ac
a2 c
c
c
c
ac
a2 c
1
a
a2
ac
ac
a2 c
c
a2
1
a
a2 c
a2 c
c
ac :
a
a2
1
To see this, consider, for example, .ac/a2 D a.ca2 / D a.ac/ D a2 c.

More generally, we can say that S3 has a presentation given by
S3 D ha; cI a3 D c 2 D 1; ac D ca2 i:
By this we mean that S3 is generated by a; c, or that S3 has generators a; c and
the whole group and its multiplication table can be generated by using the relations
a3 D c 2 D 1, ac D ca2 .
An important result, the form of which we will see later in our work on extension
elds, is the following.
Lemma 7.3.7. Let T be a set and T1 T a subset. Let H be the subset of ST that
xes each element of T1 , that is, f 2 H if f .t / D t for all t 2 T1 . Then H is a
subgroup.
Proof. H ; since 1 2 H . Now suppose h1 ; h2 2 H . Let t1 2 T1 and consider
h1 h2 .t1 / D h1 .h2 .t1 //. Now h2 .t1 / D t1 since h2 2 H , but then h1 .t1 / D t1
since h1 2 H . Therefore, h1 h2 2 H and H is closed under composition. If h1
xes t1 then h1
1 also xes t1 so H is also closed under inverses and is therefore a
subgroup.
We now apply these ideas of permutations to certain polynomials in independent
indeterminates over a eld. We will look at these in detail later in this book.
Denition 7.3.8. Let y1 ; : : : ; yn be (independent) indeterminates over a eld K.
A polynomial f .y1 ; : : : ; yn / 2 Ky1 ; : : : ; yn is a symmetric polynomial in y1 ;
: : : ; yn if f .y1 ; : : : ; yn / is unchanged by any permutation of y1 ; : : : ; yn , that
is, f .y1 ; : : : ; yn / D f . .y1 /; : : : ; .yn //.
If K K 0 are elds and 1 ; : : : ; n are in F 0 , then we call a polynomial
f .1 ; : : : ; n / with coefcients in K symmetric in 1 ; : : : ; n if f .1 ; : : : ; n / is
unchanged by any permutation of 1 ; : : : ; n .
104
Example 7.3.9. Let K be a eld and k0 ; k1 2 K. Let h.y1 ; y2 / D k0 .y1 C y2 / C

k1 .y1 y2 /.
There are two permutations on y1 ; y2 , namely 1 W y1 ! y1 , y2 ! y2 and
2 W y1 ! y2 , y2 ! y1 . Applying either one of these two to y1 ; y2 leaves
h.y1 ; y2 / invariant. Therefore, h.y1 ; y2 / is a symmetric polynomial.
Denition 7.3.10. Let x; y1 ; : : : ; yn be indeterminates over a eld K (or elements of
an extension eld K 0 of K). Form the polynomial
p.x; y1 ; : : : ; yn / D .x y1 / .x yn /:
The i-th elementary symmetric polynomial si in y1 ; : : : ; yn for i D 1; : : : ; n, is
.1/i ai , where ai is the coefcient of x ni in p.x; y1 ; : : : ; yn /.
Example 7.3.11. Consider y1 ; y2 ; y3 . Then
p.x; y1 ; y2 ; y3 / D .x y1 /.x y2 /.x y3 /
D x 3 .y1 C y2 C y3 /x 2 C .y1 y2 C y1 y3 C y2 y3 /x y1 y2 y3 :
Therefore, the three elementary symmetric polynomials in y1 ; y2 ; y3 over any eld
are
(1) s1 D y1 C y2 C y3 .
(2) s2 D y1 y2 C y1 y3 C y2 y3 .
(3) s3 D y1 y2 y3 .
In general, the pattern of the last example holds for y1 ; : : : ; yn . That is,
s1 D y1 C y2 C C yn
s2 D y1 y2 C y1 y3 C C yn1 yn
s3 D y1 y2 y3 C y1 y2 y4 C C yn2 yn1 yn
::
:
sn D y1 yn :
The importance of the elementary symmetric polynomials is that any symmetric
polynomial can be built up from the elementary symmetric polynomials. We make this
precise in the next theorem called the fundamental theorem of symmetric polynomials.
We will use this important result several times, and we will give a complete proof in
Section 7.5.
105
Theorem 7.3.12 (fundamental theorem of symmetric polynomials). If P is a symmetric polynomial in the indeterminates y1 ; : : : ; yn over a eld K, that is, P 2
Ky1 ; : : : ; yn and P is symmetric, then there exists a unique g 2 Ky1 ; : : : ; yn such
that f .y1 ; : : : ; yn / D g.s1 ; : : : ; sn /. That is, any symmetric polynomial in y1 ; : : : ; yn
is a polynomial expression in the elementary symmetric polynomials in y1 ; : : : ; yn .
From this theorem we obtain the following two lemmas, which will be crucial in
our proof of the fundamental theorem of algebra.
Lemma 7.3.13. Let p.x/ 2 Kx and suppose p.x/ has the roots 1 ; : : : ; n in the
splitting eld K 0 . Then the elementary symmetric polynomials in 1 ; : : : ; n are in K.
Proof. Suppose p.x/ D c0 C c1 x C C cn x n 2 Kx. In K 0 x, p.x/ splits, with
roots 1 ; : : : ; n , and thus in K 0 x,
p.x/ D cn .x 1 / .x n /:
The coefcients are then cn .1/i si .1 ; : : : ; n /, where the si .1 ; : : : ; n / are the
elementary symmetric polynomials in 1 ; : : : ; n . However, p.x/ 2 Kx, so each
coefcient is in K. It follows then that for each i, cn .1/i si .1 ; : : : ; n / 2 K, and
hence si .1 ; : : : ; n / 2 K since cn 2 K.
Lemma 7.3.14. Let p.x/ 2 Kx and suppose p.x/ has the roots 1 ; : : : ; n in the
splitting eld K 0 . Suppose further that g.x/ D g.x; 1 ; : : : ; n / 2 K 0 x. If g.x/ is a
symmetric polynomial in 1 ; : : : ; n , then g.x/ 2 Kx.
Proof. If g.x/ D g.x; 1 ; : : : ; n / is symmetric in 1 ; : : : ; n , then from Theorem 7.3.12 it is a symmetric polynomial in the elementary symmetric polynomials
in 1 ; : : : ; n . From Lemma 7.3.13 these are in the ground eld K, so the coefcients
of g.x/ are in K. Therefore, g.x/ 2 Kx.
7.4
We now present a proof of the fundamental theorem of algebra.

Theorem 7.4.1 (fundamental theorem of algebra). Any nonconstant complex polynomial has a complex root. In other words, the complex number eld C is algebraically
closed.
The proof depends on the following sequence lemmas. The crucial one now is the
last, which says that any real polynomial must have a complex root.
Lemma 7.4.2. Any odd-degree real polynomial must have a real root.
106
Proof. This is a consequence of the intermediate value theorem from analysis.

Suppose P .x/ 2 Rx with deg P .x/ D n D 2k C 1 and suppose the leading
coefcient an > 0 (the proof is almost identical if an < 0). Then
P .x/ D an x n C (lower terms)
and n is odd. Then,
(1) limx!1 P .x/ D limx!1 an x n D 1 since an > 0.
(2) limx!1 P .x/ D limx!1 an x n D 1 since an > 0 and n is odd.
From (1), P .x/ gets arbitrarily large positively, so there exists an x1 with P .x1 / >
0. Similarly, from (2) there exists an x2 with P .x2 / < 0.
A real polynomial is a continuous real-valued function for all x 2 R. Since
P .x1 /P .x2 / < 0, it follows from the intermediate value theorem that there exists
an x3 , between x1 and x2 , such that P .x3 / D 0.
Lemma 7.4.3. Any degree-two complex polynomial must have a complex root.
Proof. This is a consequence of the quadratic formula and of the fact that any complex
number has a square root.
If P .x/ D ax 2 C bx C c, a 0, then the roots formally are
x1 D
b C
p
b 2 4ac
;
2a
x2 D
b
p
b 2 4ac
:
2a
From DeMoivres theorem every complex number has a square root, hence x1 ; x2
exist in C. They of course are the same if b 2 4ac D 0.
To go further we need the concept of the conjugate of a polynomial and some
straightforward consequences of this idea.
Denition 7.4.4. If P .x/ D a0 C C an x n is a complex polynomial then its conjugate is the polynomial P .x/ D a0 C C an x n . That is, the conjugate is the
polynomial whose coefcients are the complex conjugates of those of P .x/.
Lemma 7.4.5. For any P .x/ 2 Cx we have:
(1) P .z/ D P .z/ if z 2 C.
(2) P .x/ is a real polynomial if and only if P .x/ D P .x/.
(3) If P .x/Q.x/ D H.x/ then H .x/ D .P .x//.Q.x//.
107
Proof. (1) Suppose z 2 C and P .z/ D a0 C C an z n . Then

P .z/ D a0 C C an z n D a0 C a1 z C C an z n D P .z/:
(2) Suppose P .x/ is real then ai D ai for all its coefcients and hence P .x/ D
P .x/. Conversely suppose P .x/ D P .x/. Then ai D ai for all its coefcients and
hence ai 2 R for each ai and so P .x/ is a real polynomial.
(3) The proof is a computation and left to the exercises.
Lemma 7.4.6. Suppose G.x/ 2 Cx. Then H.x/ D G.x/G.x/ 2 Rx.
Proof. H .x/ D G.x/G.x/ D G.x/G.x/ D G.x/G.x/ D G.x/G.x/ D H.x/.
Therefore, H.x/ is a real polynomial.
Lemma 7.4.7. If every nonconstant real polynomial has a complex root, then every
nonconstant complex polynomial has a complex root.
Proof. Let P .x/ 2 Cx and suppose that every nonconstant real polynomial has at
least one complex root. Let H.x/ D P .x/P .x/. From Lemma 7.4.6, H.x/ 2 Rx.
By supposition there exists a z0 2 C with H.z0 / D 0. Then P .z0 /P .z0 / D 0, and
since C is a eld it has no zero divisors. Hence either P .z0 / D 0 or P .z0 / D 0. In the
rst case z0 is a root of P .x/. In the second case P .z0 / D 0. Then from Lemma 7.4.5
P .z0 / D P .z0 / D P .z0 / D 0. Therefore, z0 is a root of P .x/.
Now we come to the crucial lemma.
Lemma 7.4.8. Any nonconstant real polynomial has a complex root.
Proof. Let f .x/ D a0 C a1 x C C an x n 2 Rx with n 1, an 0. The proof is
an induction on the degree n of f .x/.
Suppose n D 2m q where q is odd. We do the induction on m. If m D 0 then
f .x/ has odd degree and the theorem is true from Lemma 7.4.2. Assume then that
the theorem is true for all degrees d D 2k q 0 where k < m and q 0 is odd. Now assume
that the degree of f .x/ is n D 2m q.
Suppose K 0 is the splitting eld for f .x/ over R in which the roots are 1 ; : : : ; n .
We show that at least one of these roots must be in C. (In fact, all are in C but to
prove the lemma we need only show at least one.)
Let h 2 Z and form the polynomial
H.x/ D
Y
i<j
.x .i C j C hi j //:
108
This is in K 0 x. In forming H.x/ we chose pairs of roots i ; j , so the number of

such pairs is the number of ways of choosing two elements out of n D 2m q elements.
This is given by
.2m q/.2m q 1/
D 2m1 q.2m q 1/ D 2m1 q 0
2
with q 0 odd. Therefore, the degree of H.x/ is 2m1 q 0 .
H.x/ is a symmetric polynomial in the roots 1 ; : : : ; n . Since 1 ; : : : ; n are the
roots of a real polynomial, from Lemma 7.3.14 any polynomial in the splitting eld
symmetric in these roots must be a real polynomial.
Therefore, H.x/ 2 Rx with degree 2m1 q 0 . By the inductive hypothesis, then,
H.x/ must have a complex root. This implies that there exists a pair i ; j with
i C j C hi j 2 C:
Since h was an arbitrary integer, for any integer h1 there must exist such a pair
i ; j with
i C j C h1 i j 2 C:
Now let h1 vary over the integers. Since there are only nitely many such pairs
i ; j , it follows that there must be at least two different integers h1 ; h2 such that
z1 D i C j C h1 i j 2 C
and
z2 D i C j C h2 i j 2 C:
Then z1 z2 D .h1 h2 /i j 2 C and since h1 ; h2 2 Z C it follows that
i j 2 C. But then h1 i j 2 C, from which it follows that i C j 2 C. Then,

p.x/ D .x i /.x j / D x 2 .i C j /x C i j 2 Cx:
However, p.x/ is then a degree-two complex polynomial and so from Lemma 7.4.3 its
roots are complex. Therefore, i ; j 2 C, and therefore f .x/ has a complex root.
It is now easy to give a proof of the fundamental theorem of algebra. From Lemma 7.4.8 every nonconstant real polynomial has a complex root. From Lemma 7.4.7 if
every nonconstant real polynomial has a complex root, then every nonconstant complex polynomial has a complex root proving the fundamental theorem.
Theorem 7.4.9. If E is a nite dimensional eld extension of C, then E D C.
Proof. Let a 2 E. Regard the elements 1; a; a2 ; : : : . These elements become linearly
dependent over C and we get a nonconstant polynomial over C with root a. By the
fundamental theorem of algebra we know that a 2 C.
Corollary 7.4.10. If E is a nite dimensional eld extension of R, then E D R or
E D C.
Section 7.5 The Fundamental Theorem of Symmetric Polynomials
7.5
109
The Fundamental Theorem of Symmetric Polynomials
In the proof of the fundamental theorem of algebra that was given in the previous section we used the fact that any symmetric polynomial in n indeterminates is a polynomial in the elementary symmetric polynomials in these indeterminates. In this section
we give a proof of this theorem.
Let R be an integral domain with x1 ; : : : ; xn (independent) indeterminates over
R and let Rx1 ; : : : ; xn be the polynomial ring in these indeterminates. Any polynomial f .x1 ; : : : ; xn / 2 Rx1 ; : : : ; xn is composed of a sum of pieces of the form
ax1i1 : : : xnin with a 2 R. We rst put an order on these pieces of a polynomial.
j
j
The piece ax1i1 : : : xnin with a 0 is called higher than the piece bx11 : : : xnn with
b 0 if the rst one of the differences
i1 j1 ; i2 j2 ; : : : ; in jn
that differs from zero is in fact positive. The highest piece of a polynomial f .x1 ; : : : ;
xn / is denoted by HG.f /.
Lemma 7.5.1. For f .x1 ; : : : ; xn /; g.x1 ; : : : ; xn / 2 Rx1 ; : : : ; xn we have
HG.fg/ D HG.f / HG.g/:
Proof. We use an induction on n, the number of indeterminates. It is clearly true for
n D 1, and now assume that the statement holds for all polynomials in k indeterminates with k < n and n 2. Order the polynomials via exponents on the rst
indeterminate x1 so that
f .x1 ; : : : ; xn / D x1r r .x2 ; : : : ; xn / C x1r1 r1 .x2 ; : : : ; xn /
C C 0 .x2 ; : : : ; xn /
g.x1 ; : : : ; xn / D x1s
s .x2 ; : : : ; xn /
C C
Then HG.fg/ D x1rCs HG.r
s /.
HG.r
C x1s1
s1 .x2 ; : : : ; xn /
0 .x2 ; : : : ; xn /:
By the inductive hypothesis

s/
D HG.r / HG.
s /:
Hence
HG.fg/ D x1rCs HG.r / HG.
s/
D .x1r HG.r //.x1s HG.
s //
D HG.f / HG.g/:
110
The elementary symmetric polynomials in n indeterminates x1 ; : : : ; xn are

s1 D x1 C x2 C C xn
s2 D x1 x2 C x1 x3 C C xn1 xn
s3 D x1 x2 x3 C x1 x2 x4 C C xn2 xn1 xn
::
:
sn D x1 xn :
These were found by forming the polynomial p.x; x1 ; : : : ; xn / D .x x1 / .x
xn /. The i -th elementary symmetric polynomial si in x1 ; : : : ; xn is then .1/i ai ,
where ai is the coefcient of x ni in p.x; x1 ; : : : ; xn /.
In general,
X
sk D
xi1 xi2 xik ;
i1 <i2 <<ik ;1kn

where the sum is taken over all the kn different systems of indices i1 ; : : : ; ik with
i1 < i2 < < ik .
Further, a polynomial s.x1 ; : : : ; xn / is a symmetric polynomial if s.x1 ; : : : ; xn /
is unchanged by any permutation of x1 ; : : : ; xn , that is, s.x1 ; : : : ; xn / D
s. .x1 /; : : : ; .xn //.
Lemma 7.5.2. In the highest piece ax1k1 xnkn ; a 0, of a symmetric polynomial
s.x1 ; : : : ; xn / we have k1 k2 kn .
Proof. Assume that ki < kj for some i < j . As a symmetric polynomial, s.x1 ; : : : ;
k
xn / also must then contain the piece ax1k1 xi j xjki xnkn , which is higher than
k
ax1k1 xiki xj j xnkn , giving a contradiction.

kn1 kn kn
Lemma 7.5.3. The product s1k1 k2 s2k2 k3 sn1
sn with k1 k2 kn
k1 k2
kn
has the highest piece x1 x2 xn .
Proof. From the denition of the elementary symmetric polynomials we have that
HG.skt / D .x1 x2 xk /t ;
1 k n; t 1:
From Lemma 7.4.2,

kn1 kn kn
sn /
HG.s1k1 k2 s2k2 k3 sn1
kn1 kn
/.x1 xn /kn
D x1k1 k2 .x1 x2 /k2 k3 .x1 xn1
D x1k1 x2k2 xnkn :
111
Theorem 7.5.4. Let s.x1 ; : : : ; xn / 2 Rx1 ; : : : ; xn be a symmetric polynomial. Then

s.x1 ; : : : ; xn / can be uniquely expressed as a polynomial f .s1 ; : : : ; sn / in the elementary symmetric polynomials s1 ; : : : ; sn with coefcients from R.
Proof. We prove the existence of the polynomial f by induction on the size of the
highest pieces. If in the highest piece of a symmetric polynomial all exponents are
zero, then it is constant, that is, an element of R and there is nothing to prove.
Now we assume that each symmetric polynomial with highest piece smaller than
that of s.x1 ; : : : ; xn / can be written as a polynomial in the elementary symmetric
polynomials. Let ax1k1 xnkn , a 0, be the highest piece of s.x1 ; : : : ; xn /. Let
kn1 kn kn
sn :
t .x1 ; : : : ; xn / D s.x1 ; : : : ; xn / as1k1 k2 sn1
Clearly, t .x1 ; : : : ; xn / is another symmetric polynomial, and from Lemma 7.4.5 the
highest piece of t .x1 ; : : : ; xn / is smaller than that of s.x1 ; : : : ; xn /. Therefore,
kn1 kn kn
sn
t .x1 ; : : : ; xn / and hence s.x1 ; : : : ; xn / D t .x1 ; : : : ; xn / C as1k1 k2 sn1
can be written as a polynomial in s1 ; : : : ; sn .
To prove the uniqueness of this expression assume that s.x1 ; : : : ; xn / D f .s1 ; : : : ;
sn / D g.s1 ; : : : ; sn /. Then f .s1 ; : : : ; sn / g.s1 ; : : : ; sn / D h.s1 ; : : : ; sn / D .x1 ; : : : ;
xn / is the zero polynomial in x1 ; : : : ; xn . Hence, if we write h.s1 ; : : : ; sn / as a sum of
products of powers of the s1 ; : : : ; sn , all coefcients disappear because two different
products of powers in the s1 ; : : : ; sn have different highest pieces. This follows from
previous set of lemmas. Therefore, f and g are the same, proving the theorem.
7.6
1.
Exercises
Suppose that f .x/ D a0 C a1 x C C an x n 2 Kx, K a eld, with an 0
and f .x/ irreducible. Dene to satisfy
a0 C a1 C C an n D 0
and dene K 0 D K./ in the following manner. We let
K./ D c0 C c1 C C cn1 n1 W ci 2 K:
Then on K./ dene addition and subtraction componentwise and dene multiplication by algebraic manipulation, replacing powers of higher than n by
using
a0 a1 an1 n1
:
n D
an
Prove that K 0 D K./ forms a ring.
112
2.
Let f; g 2 Kx be irreducible polynomials of degree 2 over the eld K. Let

1 ; 2 respectively 1 ; 2 be zeros of f and g. For 1 i; j 2 let ij D
i C j . Show:
(a) jK.ij / W Kj 2 1; 2; 3.
(b) For xed f; g there are at most two different degrees in (a).
(c) Decide, which combinations of degrees in (b) (with f; g variable) are possible, and give an example in each case.
3.
Let LjK be a eld extension, let 2 L and f .x/ 2 Lx a polynomial of degree
1. Let all coefcients of f .x/ be algebraic over K. If f ./ D 0, then is
algebraic over K.
4.
Let LjK be a eld extension and let M be an intermediate eld. The extension
M jK is algebraic. For 2 L the following are equivalent:
(a) is algebraic over M .
(b) is algebraic over K.
5.
Let LjK be a eld extension and 1 ; 2 2 L. Then the following are equivalent:
(a) 1 and 2 are algebraic over K.
(b) 1 C 2 and 1 2 are algebraic over K.
6.
Let LjK be a simple eld extension. Then there is an extension eld L0 of L of

the form L0 D K.1 ; 2 / with:
(a) 1 and 2 are transcendental over K.
(b) The set of all over K algebraic elements of L0 is L.
7.
In the proof of Theorem 7.1.4 show that the mapping

W K.a/ ! K./
dened by .k/ D k if k 2 K and .a/ D and then extended by linearity is a

K-isomorphism.
S
8. For each i 2 I let Ki be a eld. Now let KO D i 2I Ki . Show that KO is a eld.
9.
Prove Lemma 7.2.8.
10. If T; T1 are sets with the same cardinality, then there exists a bijection W T !
T1 . Dene a map F W ST ! ST1 in the following manner: if f 2 ST , let F .f /
be the permutation on T1 given by F .f /.t1 / D .f . 1 .t1 ///. Prove that F is
an isomorphism.
11. Prove that if P .X /; Q.x/; H.x/ 2 C then if P .x/Q.x/ D H.x/ then H .x/ D
.P .x//.Q.x//.
Chapter 8
Splitting Fields and Normal Extensions
8.1
Splitting Fields
In the last chapter we introduced splitting elds and used this idea to present a proof
of the fundamental theorem of algebra. The concept of a splitting eld is essential to
the Galois theory of equations so in this chapter we look more deeply at this idea.
Denition 8.1.1. Let K be a eld and f .x/ a nonconstant polynomial in Kx. An
extension eld L of K is a splitting eld for f .x/ over K if
(a) f .x/ splits into linear factors in Lx.
(b) If K M L and M L then f .x/ does not split into linear factors in
M x.
From part (b) in the denition the following is clear.
Lemma 8.1.2. L is a splitting eld for f .x/ 2 Kx if and only if f .x/ splits into
linear factors in Lx and if f .x/ D b.x a1 / .x an / with b 2 K then L D
K.a1 ; : : : ; an /.
Example 8.1.3. The eld C of complex numbers is a splitting eld for the polynomial
p.x/ D x 2 C 1 in Rx. In fact since C is algebraically closed it is a splitting eld
for any real polynomial f .x/ 2 Rx which has at least one nonreal zero.
The eld Q.i/ adjoining i to Q is a splitting eld for x 2 C 1 over Qx.
The next result was used in the previous chapter. We restate and reprove it here.
Theorem 8.1.4. Let K be a eld. Then each nonconstant polynomial in Kx has a
splitting eld.
Proof. Let K be an algebraic closure of K. Then f .x/ splits in Kx, that is f .x/ D
b.x a1 / .x an / with b 2 K and ai 2 K. Let L D K.a1 ; : : : ; an /. Then L is
the splitting eld for f .x/ over K.
We next show that the splitting eld over K of a given polynomial is unique up to
K-isomorphism.
114
Chapter 8 Splitting Fields and Normal Extensions
Theorem 8.1.5. Let K; K 0 be eld and W K ! K 0 an isomorphism. Let f .x/ be a

nonconstant polynomial in Kx and f 0 .x/ D .f .x// its image in K 0 x. Suppose
that L is a splitting eld for f .x/ over K and L0 is a splitting eld for f 0 .x/ over K 0 .
(a) Suppose that L0 L00 . Then if W L ! L00 is a monomorphism with jK D
then is an isomorphism from L onto L0 . Moreover maps the set of zeros of
f .x/ in L onto the set of zeros of f 0 .x/ in L0 . The map is uniquely determined
by the values of the zeros of f .x/.
(b) If g.x/ is an irreducible factor of f .x/ in Kx and a is a zero of g.x/ in L and
a 0 is a zero of g 0 .x/ D .g.x// in L0 then there is an isomorphism from L to
L0 with jK D and .a/ D .a0 /.
Before giving the proof of this theorem we note that the following important result
is a direct consequence of it.
Theorem 8.1.6. A splitting eld for f .x/ 2 Kx is unique up to K-isomorphism.
Proof of Theorem 8.1.5. Suppose that f .x/ D b.x a1 / .x an / 2 Lx and that
f 0 .x/ D b 0 .x a10 / .x an0 / 2 L0 x. Then
f 0 .x/ D .f .x// D
.f .x// D . .b//.x
.a1 // .x
.an //:
We have proved that polynomials have unique factorization over elds. Since L0
L00 it follows that the set of zeros . .a1 /; : : : ; .an // is a permutation of the set of
zeros .a10 ; : : : ; an0 /. In particular this implies that .ai / 2 L0 , that is
im. / D L0 D K 0 .a1 ; : : : ; an0 /:
Since the image of is K 0 .a1 ; : : : ; an0 / D K 0 . .ai /; : : : ; .an // it is clear that is
uniquely determined by the images .ai /. This proves part (a).
For part (b) embed L0 in an algebraic closure L00 . Hence there is a monomorphism
0 W K.a/ ! L00
with j0K D and 0 .a/ D a0 . Hence there is a monomorphism W L ! L00 with
0
W L ! L0 is an isomorphism.
jK.a/ D . Then from part (a) it follows that
Example 8.1.7. Let f .x/ D x 3 7 2 Qx. This has no zeros in Q and since it is of
degree 3 it follows that
it must be irreducible in Qx.
p
Let ! D 12 C 23 i 2 C. Then it is easy to show by computation that ! 2 D
12
3
2 i
and ! 3 D 1. Therefore the three zeros of f .x/ in C are

a1 D 71=3
a2 D ! 71=3
a3 D ! 2 71=3 :
Section 8.2 Normal Extensions
115
Hence L D Q.a1 ; a2 ; a3 / the splitting eld of f .x/. Since the minimal polynomial
of all three zeros over Q is the same .f .x// it follows that
Q.a1 / Q.a2 / Q.a3 /:
Since Q.a1 / R and a2 ; a3 are nonreal it is clear that a2 ; a3 Q.a1 /.
Suppose that Q.a2 / D Q.a3 /. Then ! D a3 a21 2 Q.a2 / and so 71=3 D ! 1 a2 2
Q.a2 /. Hence Q.a1 / Q.a2 / and therefore Q.a1 / D Q.a2 / since they have the
same degree over Q. This contradiction shows that Q.a2 / and Q.a3 / are distinct.
By computation we have a3 D a11 a22 and hence
L D Q.a1 ; a2 ; a3 / D Q.a1 ; a2 / D Q.71=3 ; !/:
Now the degree of L over Q is
jL W Qj D jQ.71=3 ; !/ W Q.!/jjQ.!/ W Qj:
Now jQ.!/ W Qj D 2 since the minimal polynomial of ! over Q is x 2 C x C 1.
Since no zero of f .x/ lies in Q.!/ and the degree of f .x/ is 3 it follows that f .x/ is
irreducible over Q.!/. Therefore we have that the degree of L over Q.!/ is 3. Hence
jL W Qj D .2/.3/ D 6.
We now have the following lattice diagram of elds and subelds:
We do not know however if there are any more intermediate elds. There could for
example be innitely many. However as we will see when we do the Galois theory
there are no others.
8.2
Normal Extensions
We now consider algebraic eld extensions L of K which have the property that if
f .x/ 2 Kx has a zero in L then f .x/ must split in L. In particular we show that if
L is a splitting eld of nite degree for some g.x/ 2 Kx then L has this property.
116
Denition 8.2.1. A eld extension L of a eld K is a normal extension if

(a) LjK is algebraic.
(b) Each irreducible polynomial f .x/ 2 Kx that has a zero in L splits into linear
factors in Lx.
Note that in Example 8.1.7 the extension elds Q.i /jQ are not normal extensions.
Although f .x/ has a zero in Q.i / the polynomial f .x/ does not split into linear
factors in Q.i /x.
We now show that LjK is a nite normal extension if and only if L is the splitting
eld for some f .x/ 2 Kx.
Theorem 8.2.2. Let LjK be a nite extension. Then the following are equivalent.
(a) LjK is a normal extension.
(b) LjK is a splitting eld for some f .x/ 2 Kx.
(c) If L L0 and W L ! L0 is a monomorphism with
then is an automorphism of L, that is .L/ D L.
jK
the identity map on K
Proof. Suppose that LjK is a nite normal extension. Since LjK is a nite extension
L is algebraic over K and since of nite degree we have L D K.a1 ; : : : ; an / with ai
algebraic over K.
Let fi .x/ 2 Kx be the minimal polynomial of ai . Since LjK is a normal extension fi .x/ splits in Lx. This is true for each i D 1; : : : ; n. Let f .x/ D
f1 .x/f2 .x/ fn .x/. Then f .x/ splits into linear factors in Lx. Since K D
K.a1 ; : : : ; an / the polynomial f .x/ cannot have all its zeros in any intermediate extension between K and L. Therefore L is the splitting eld for f .x/. Hence (a)
implies (b).
Now suppose that L L0 and
W L ! L0 is a monomorphism with jK the
identity map on K. Then the extension eld .L/ of K is also a splitting eld for
f .x/ since jK is the identity on K. Hence maps the zeros of f .x/ in L L0 onto
the zeros of f .x/ in .L/ L0 it follows that .L/ D L. Hence (b) implies (c).
W L ! L0 is a
Finally suppose (c). Hence we assume that if L L0 and
monomorphism with jK the identity map on K then is an automorphism of L,
that is .L/ D L.
As before LjK is algebraic since LjK is nite. Suppose that f .x/ 2 Kx is irreducible and that a 2 L is a zero of f .x/. There are algebraic elements a1 ; : : : ; an 2 L
with L D K.a1 ; : : : ; an / since LjK is nite. For i D 1; : : : ; n let fi .x/ 2 Kx be
the minimal polynomial of ai and let g.x/ D f .x/f1 .x/ fn .x/. Let L0 be the
splitting eld of g.X/. Clearly L L0 . Let b 2 L0 be a zero of f .x/. From Theorem 8.1.5 there is an automorphism of L0 with .a/ D b and jK the identity
on K. Hence by our assumption jL is an automorphism of L. It follows that b 2 L
and hence f .x/ splits in Lx. Therefore (c) implies (a) completing the proof.
117
Section 8.2 Normal Extensions
To give simple examples of normal extensions we have the following lemma.

Lemma 8.2.3. If L is an extension of K with jL W Kj D 2 then L is a normal
extension of K.
Proof. Suppose that jL W Kj D 2. Then LjK is algebraic since its nite. Let f .x/ 2
Kx be irreducible with leading coefcient 1 and which has a zero in L. Let a be
one zero. Then f .x/ must be the minimal polynomial of a. However deg.ma .x//
jL W Kj D 2 and hence f .x/ is of degree 1 or 2. Since f .x/ has a zero in L it follows
that it must split into linear factors in Lx and therefore L is a normal extension.
Later we will tie this result to group theory when we prove that a subgroup of
index 2 must be a normal subgroup.
Example 8.2.4. As a rst examplepof the lemma
consider the polynomial
p
p f .x/ D
the
eld
Q.
2/ is the
x 2 2. In R this splits as .x 2/.x C 2/ and hence
p
splitting eld of f .x/ D x 2 2 over Q. Therefore Q. 2/ is a normal extension
of Q.
Example 8.2.5. As a second example consider the polynomial x 4 2 in Qx. The
zeros in C are
21=4 ;
21=4 i;
21=4 i 2 ;
21=4 i 3 :
Hence
L D Q.21=4 ; 21=4 i; 21=4 i 2 ; 21=4 i 3 /
is the splitting eld of x 4 2 over Q.
Now
L D Q.21=4 ; 21=4 i; 21=4 i 2 ; 21=4 i 3 / D Q.21=4 ; i /:
Therefore we have
jL W Qj D jL W Q.21=4 /jjQ.21=4 / W Qj:
Since x 4 2 is irreducible over Q we have jQ.21=4 / W Qj D 4. Since i has degree 2
1=4
a normal extension of
over any real eld we
p have jL
p W Q.2 /j D 2. Therefore L is1=4
1=4
2
Q.2 / and x 2 2 Q. 2/x has the splitting eld Q.2 /.
Altogether we have LjQ.21=4 /, Q.21=4 /jQ.21=2 /, Q.21=2 /jQ and LjQ are normal
extensions. However Q.21=4 /jQ is not normal since 21=4 is a zero of x 4 2 but
Q.21=4 / does not contain all the zeros of x 4 2.
118
Hence, we have the following gure.
Figure 8.1
8.3
Exercises
1. Determine the splitting eld of f .x/ 2 Qx and its degree over Q in the following
cases:
(a) f .x/ D x 4 p, where p is a prime.
(b) f .x/ D x p 2, where p is a prime.
2. Determine the degree of the splitting eld of the polynomial x 4 C 4 over Q. Determine the splitting eld of x 6 C 4x 4 C 4x 2 C 3 over Q.
3. For each a 2 Z let fa .x/ D x 3 ax 2 C .a 3/x C 1 2 Qx be given.
(a) fa is irreducible over Q for each a 2 Z.
(b) If b 2 R is a zero of fa , then also .1 b/1 and .b 1/b 1 are zeros of fa .
(c) Determine the splitting eld L of fa .x/ over Q and its degree jL W Qj.
4. Let K be a eld and f .x/ 2 Kx a polynomial of degree n. Let L be a splitting
eld of f .x/. Show:
(a) If a1 ; : : : ; an 2 L are the zeros of f , then jK.a1 ; : : : ; a t / W Kj n .n
1/ .n t C 1/ for each t with 1 t n.
(b) L over K is of degree at most n.
(c) If f .x/ is irreducible over K then n divides jL W Kj.
Chapter 9
Groups, Subgroups and Examples
9.1
Groups, Subgroups and Isomorphisms
Recall from Chapter 1 that the three most commonly studied algebraic structures are
groups, rings and elds. We have now looked rather extensively at rings and elds and
in this chapter we consider the basic concepts of group theory. Groups arise in many
different areas of mathematics. For example they arise in geometry as groups of congruence motions and in topology as groups of various types of continuous functions.
Later in this book they will appear in Galois theory as groups of automorphisms of
elds. First we recall the denition of a group given previously in Chapter 1.
Denition 9.1.1. A group G is a set with one binary operation which we will denote
by multiplication, such that
(1) The operation is associative, that is, .g1 g2 /g3 D g1 .g2 g3 / for all g1 ; g2 ; g3 2 G.
(2) There exists an identity for this operation, that is, an element 1 such that 1g D g
and g1 D g for each g 2 G.
(3) Each g 2 G has an inverse for this operation, that is, for each g there exists a
g 1 with the property that gg1 D 1 and g 1 g D 1.
If in addition the operation is commutative, that is g1 g2 D g2 g1 for all g1 ; g2 2 G,
the group G is called an abelian group.
The order of G, denoted jGj, is the number of elements in the group G. If jGj < 1,
G is a nite group otherwise it is an innite group.
It follows easily from the denition that the identity is unique and that each element
has a unique inverse.
Lemma 9.1.2. If G is a group then there is a unique identity. Further if g 2 G its
inverse is unique. Finally if g1 ; g2 2 G then .g1 g2 /1 D g21 g11 .
Proof. Suppose that 1 and e are both identities for G. Then 1e D e since e is an
identity and 1e D 1 since 1 is an identity. Therefore 1 D e and there is only one
identity.
Next suppose that g 2 G and g1 and g2 are inverses for g. Then
g1 gg2 D .g1 g/g2 D 1g2 D g2
120
Chapter 9 Groups, Subgroups and Examples
since g1 g D 1. On the other hand

g1 gg2 D g1 .gg2 / D g1 1 D g1
since gg2 D 1. It follows that g1 D g2 and g has a unique inverse.
Finally consider
.g1 g2 /.g21 g11 / D g1 .g2 g21 /g11 D g1 1g11 D g1 g11 D 1:
Therefore g21 g11 is an inverse for g1 g2 and since inverses are unique it is the inverse
of the product.
Groups most often arise as permutations on a set. We will see this, as well as other
specic examples of groups, in the next sections.
Finite groups can be completely described by their group tables or multiplication
tables. These are sometimes called Cayley tables. In general, let G D g1 ; : : : ; gn
be a group, then the multiplication table of G is:
g1
g2
::
:
g1 g2 gj

gn
gi gi gj
::
:
gn : : :
The entry in the row of gi 2 G and column of gj 2 G is the product (in that order)
gi gj in G.
Groups satisfy the cancellation law for multiplication.
Lemma 9.1.3. If G is a group and a; b; c 2 G with ab D ac or ba D ca then b D c.
Proof. Suppose that ab D ac. Then a has an inverse a1 so we have
a1 .ab/ D a1 .ac/:
From the associativity of the group operation we then have
.a1 a/b D .a1 a/c H) 1 b D 1 c H) b D c:
A consequence of Lemma 9.1.3 is that each row and each column in a group table is
just a permutation of the group elements. That is each group element appears exactly
once in each row and each column.
A subset H G is a subgroup of G if H is also a group under the same operation
as G. As for rings and elds a subset of a group is a subgroup if it is nonempty and
closed under both the group operation and inverses.
Section 9.2 Examples of Groups
121
Lemma 9.1.4. A subset H G is a subgroup if H ; and H is closed under the

operation and inverses. That is, if a; b 2 H then ab 2 H and a1 ; b 1 2 H .
We leave the proof of this to the exercises.
Let G be a group and g 2 G; we denote by g n , n 2 N, as with numbers, the
product of g taken n times. A negative exponent will indicate the inverse of the
positive exponent. As usual, let g0 D 1. Clearly group exponentiation will satisfy the
standard laws of exponents. Now consider the set
H D 1 D g 0 ; g; g 1 ; g 2 ; g 2 ; : : :
of all powers of g. We will denote this by hgi.
Lemma 9.1.5. If G is a group and g 2 G then hgi forms a subgroup of G called the
cyclic subgroup generated by g. hgi is abelian even if G is not.
Proof. If g 2 G then g 2 hgi and hence hgi is nonempty. Suppose then that a D
g n ; b D g m are elements of hgi. Then ab D gn g m D g nCm 2 hgi so hgi is closed
under the group operation. Further a1 D .g n /1 D g n 2 hgi so hgi is closed
under inverses. Therefore hgi is a subgroup.
Finally ab D g n g m D g nCm D g mCn D g m g n D ba and hence hgi is abelian.
Suppose that g 2 G and g m D 1 for some positive integer m. Then let n be
the smallest positive integer such that g n D 1. It follows that the set of elements
1; g; g 2 ; : : : ; g n1 are all distinct but for any other power g k we have gk D g t for
some k D 0; 1; : : : ; n 1 (see exercises). The cyclic subgroup generated by g then
has order n and we say that g has order n which we denote by o.g/ D n. If no such n
exists we say that g has innite order. We will look more deeply at cyclic groups and
subgroups in Section 9.5.
We introduce one more concept before looking at examples.
Denition 9.1.6. If G and H are groups then a mapping f W G ! H is a (group)
homomorphism if f .g1 g2 / D f .g1 /f .g2 / for any g1 ; g2 2 G. If f is also a bijection
then it is an isomorphism.
As with rings and elds we say that two groups G and H are isomorphic, denoted
by G H , if there exists an isomorphism F W G ! H . This means that abstractly
G and H have exactly the same algebraic structure.
9.2
Examples of Groups
As already mentioned groups arise in many diverse areas of mathematics. In this

section and the next we present specic examples of groups.
122
First of all any ring or eld under addition forms an abelian group. Hence, for
example .Z; C/; .Q; C/; .R; C/; .C; C/ where Z; Q; R; C are respectively the integers, the rationals, the reals and the complex numbers, all are innite abelian groups.
If Zn is the modular ring Z=nZ then for any natural number n, .Zn ; C/ forms a nite
abelian group. In abelian groups the group operation is often denoted by C and the
identity element by 0 (zero).
In a eld F , the nonzero elements are all invertible and form a group under multiplication. This is called the multiplicative group of the eld F and is usually denoted
by F . Since multiplication in a eld is commutative the multiplicative group of a
eld is an abelian group. Hence Q ; R ; C are all innite abelian groups while if p
is a prime Zp forms a nite abelian group. Recall that if p is a prime then the modular
ring Zp is a eld.
Within Q ; R ; C there are certain multiplicative subgroups. Since the positive
rationals QC and the positive reals RC are closed under multiplication and inverse
they form subgroups of Q and R respectively. In C if we consider the set of all
complex numbers z with jzj D 1 then these form a multiplicative subgroup. Further
within this subgroup if we consider the set of n-th roots of unity z (that is z n D 1) for
a xed n this forms a subgroup, this time of nite order.
The multiplicative group of a eld is a special case of the unit group of a ring. If
R is a ring with identity, recall that a unit is an element of R with a multiplicative
inverse. Hence in Z the only units are 1 while in any eld every nonzero element is
a unit.
Lemma 9.2.1. If R is a ring with identity then the set of units in R forms a group
under multiplication called the unit group of R and is denoted by U.R/. If R is a eld
then U.R/ D R .
Proof. Let R be a ring with identity. Then the identity 1 itself is a unit so 1 2 U.R/
and hence U.R/ is nonempty. If e 2 R is a unit then it has a multiplicative inverse
e 1 . Clearly then the multiplicative inverse has an inverse, namely e so e1 2 U.R/
if e is. Hence to show U.R/ is a group we must show that it is closed under product.
Let e1 ; e2 2 U.R/. Then there exist e11 ; e21 . It follows that e21 e11 is an inverse
for e1 e2 . Hence e1 e2 is also a unit and U.R/ is closed under product. Therefore for
any ring R with identity U.R/ forms a multiplicative group.
To present examples of nonabelian groups we turn to matrices. If F is a eld we let
GL.n; F / D n n matrices over F with nonzero determinant
and
SL.n; F / D n n matrices over F with determinant one:
123
Section 9.2 Examples of Groups
Lemma 9.2.2. If F is a eld then for n 2, GL.n; F / forms a nonabelian group

under matrix multiplication and SL.n; F / forms a subgroup.
GL.n; F / is called the n-dimensional general linear group over F , while SL.n; F /
is called the n-dimensional special linear group over F .
Proof. Recall that for two n n matrices A; B with n 2 over a eld we have
det.AB/ D det.A/ det.B/
where det is the determinant.
Now for any eld the n n identity matrix I has determinant 1 and hence I 2
GL.n; F /. Since determinants multiply the product of two matrices with nonzero
determinant has nonzero determinant so GL.n; F / is closed under product. Further
over a eld F if A is an invertible matrix then
det.A1 / D
1
det A
and so if A has nonzero determinant so does its inverse. It follows that GL.n; F / has
the inverse of any of its elements. Since matrix multiplication is associative it follows
that GL.n; F / form a group. It is nonabelian since in general matrix multiplication is
noncommutative.
We leave the fact that SL.n; F / forms a subgroup to the exercises.
Groups play an important role in geometry. In any metric geometry an isometry is a
mapping that preserves distance. To understand a geometry one must understand the
group of isometries. We look briey at the Euclidean geometry of the plane E 2 .
An isometry or congruence motion of E 2 is a transformation or bijection T of E 2
that preserves distance, that is d.a; b/ D d.T .a/; T .b// for all points a; b 2 E 2 .
Theorem 9.2.3. The set of congruence motions of E 2 forms a group called the
Euclidean group. We denote the Euclidean group by E.
Proof. The identity map I is clearly an isometry and since composition of mappings
is associative we need only show that the product of isometries is an isometry and that
the inverse of an isometry is an isometry.
Let T; U be isometries. Then d.a; b/ D d.T .a/; T .b// and d.a; b/ D d.U.a/;
U.b// for any points a; b. Now consider
d.T U.a/; T U.b// D d.T .U.a//; T .U.b/// D d.U.a/; U.b//
since T is an isometry. However
d.U.a/; U.b// D d.a; b/
since U is an isometry. Combining these we have that T U is also an isometry.
124
Consider T 1 and points a; b. Then

d.T 1 .a/; T 1 .b// D d.T T 1 .a/; T T 1 .b//
since T is an isometry. But T T 1 D I and hence
d.T 1 .a/; T 1 .b// D d.T T 1 .a/; T T 1 .b// D d.a; b/:
Therefore T 1 is also an isometry and hence E is a group.
One of the major results concerning E is the following. We refer to [25], [26] and
[22] for a more thorough treatment.
Theorem 9.2.4. If T 2 E then T is either a translation, rotation, reection or glide
reection. The set of translations and rotations forms a subgroup.
Proof. We outline a brief proof. If T is an isometry and T xes the origin .0; 0/
then T is a linear mapping. It follows that T is a rotation or a reection. If T does
not x the origin then there is a translation T0 such that T0 T xes the origin. This
gives translations and glide reections. In the exercises we expand out more of the
proof.
If D is a geometric gure in E 2 , such as a triangle or square, then a symmetry of
D is a congruence motion T W E 2 ! E 2 that leaves D in place. It may move the
individual elements of D however. So for example a rotation about the center of a
circle is a symmetry of the circle.
Lemma 9.2.5. If D is a geometric gure in E 2 then the set of symmetries of D forms
a subgroup of E called the symmetry group of D denoted by Sym.D/.
Proof. We show that Sym.D/ is a subgroup of E. The identity map I xes D so
I 2 Sym.D/ and so Sym.D/ is nonempty. Let T; U 2 Sym.D/. Then T maps
D to D and so does U . It follows directly that so does the composition T U and
hence T U 2 Sym.D/. If T maps D to D then certainly the inverse does. Therefore
Sym.D/ is a subgroup of E.
Example 9.2.6. Let T be an equilateral triangle. Then there are exactly six symmetries of T (see exercises). These are
I D the identity
r D a rotation of 120 around the center of T
r 2 D a rotation of 240 around the center of T
f D a reection over the perpendicular bisector of one of the sides
f r D the composition of f and r
f r 2 D the composition of f and r 2 :
125
Section 9.3 Permutation Groups
Sym.T / is called the dihedral group D3 . In the next section we will see that it is
isomorphic to S3 , the symmetric group on 3 symbols.
9.3
Permutation Groups
Groups most often appear as groups of transformations or permutations on a set. In

this section we will take a short look at permutation groups and then examine them
more deeply in the next chapter. We recall some ideas rst introduced in Chapter 7 in
relation to the proof of the fundamental theorem of algebra.
Denition 9.3.1. If A is a set, a permutation on A is a one-to-one mapping of A onto
itself. We denote by SA the set of all permutations on A.
Theorem 9.3.2. For any set A, SA forms a group under composition called the symmetric group on A. If jAj > 2 then SA is nonabelian. Further if A; B have the same
cardinality, then SA SB .
Proof. If SA is the set of all permutations on the set A, we must show that composition
is an operation on SA that is associative and has an identity and inverses.
Let f; g 2 SA . Then f; g are one-to-one mappings of A onto itself. Consider
f g W A ! A. If f g.a1 / D f g.a2 /, then f .g.a1 // D f .g.a2 // and
g.a1 / D g.a2 /, since f is one-to-one. But then a1 D a2 since g is one-to-one.
If a 2 A, there exists a1 2 A with f .a1 / D a since f is onto. Then there exists
a2 2 A with g.a2 / D a1 since g is onto. Putting these together, f .g.a2 // D a, and
therefore f g is onto. Therefore, f g is also a permutation and composition gives
a valid binary operation on SA .
The identity function 1.a/ D a for all a 2 A will serve as the identity for SA , while
the inverse function for each permutation will be the inverse. Such unique inverse
functions exist since each permutation is a bijection.
Finally, composition of functions is always associative and therefore SA forms a
group.
Suppose that jAj > 2. Then A has at least 3 elements. Call them a1 ; a2 ; a2 .
Consider the 2 permutations f and g which x (leave unchanged) all of A except
a1 ; a2 ; a3 and on these three elements
f .a1 / D a2 ;
f .a2 / D a3 ;
f .a3 / D a1
g.a1 / D a2 ;
g.a2 / D a1 ;
g.a3 / D a3 :
Then under composition

f .g.a1 // D a3 ;
f .g.a2 // D a2 ;
f .g.a3 // D a1
126
while
g.f .a1 // D a1 ;
g.f .a2 // D a3 ;
g.f .a3 // D a2 :
Therefore f g g f and hence SA is not abelian.

If A; B have the same cardinality, then there exists a bijection W A ! B. Dene a
map F W SA ! SB in the following manner: if f 2 SA , let F .f / be the permutation
on B given by F .f /.b/ D .f . 1 .b///. It is straightforward to verify that F is an
isomorphism (see the exercises).
If A1 A then those permutations on A that map A1 to A1 form a subgroup of SA
called the stabilizer of A1 denoted stab.A1 /. We leave the proof to the exercises.
Lemma 9.3.3. If A1 A then stab.A1 / D f 2 SA W f W A1 ! A1 forms a
subgroup of SA .
A permutation group is any subgroup of SA for some set A.
We now look at nite permutation groups. Let A be a nite set, say A D a1 ;
a2 ; : : : ; an . Then each f 2 SA can be pictured as

a1 : : : an
f D
:
f .a1 / : : : f .an /
For a1 there are n choices for f .a1 /. For a2 there are only n 1 choices since f is
one-to-one. This continues down to only one choice for an . Using the multiplication
principle, the number of choices for f and therefore the size of SA is
n.n 1/ 1 D n:
We have thus proved the following theorem.
Theorem 9.3.4. If jAj D n then jSA j D n.
For a set with n elements we denote SA by Sn , called the symmetric group on n
symbols.
Example 9.3.5. Write down the six elements of S3 and give the multiplication table
for the group.
Name the three elements 1; 2; 3. The six elements of S3 are then

1 2 3
1 2 3
1 2 3
1D
;
aD
;
bD
1 2 3
2 3 1
3 1 2

1 2 3
1 2 3
1 2 3
cD
;
dD
;
eD
:
2 1 3
3 2 1
1 3 2
127
Section 9.3 Permutation Groups
The multiplication table for S3 can be written down directly by doing the required
composition. For example,

1 2 3
1 2 3
1 2 3
ac D
D
D d:
2 3 1
2 1 3
3 2 1
To see this, note that a W 1 ! 2; 2 ! 3; 3 ! 1; c W 1 ! 2; 2 ! 1; 3 ! 3 and so
ac W 1 ! 3; 2 ! 2; 3 ! 1.
It is somewhat easier to construct the multiplication table if we make some observations. First, a2 D b and a3 D 1. Next, c 2 D 1, d D ac, e D a2 c and nally
ac D ca2 .
From these relations the following multiplication table can be constructed:
1
a
a2
c
ac
a2 c
1
1
a
a2
c
ac
a2 c
a
a
a2
1
a2 c
c
ac
a2
a2
1
a
ac
a2 c
c
c
c
ac
a2 c
1
a
a2
ac
ac
a2 c
c
a2
1
a
a2 c
a2 c
c
ac
a
a2
1
To see this, consider, for example, .ac/a2 D a.ca2 / D a.ac/ D a2 c.

More generally, we can say that S3 has a presentation given by
a3 D c 2 D 1, ac D ca2 .
A theorem of Cayley actually shows that every group is a permutation group.
A group G is a permutation group on the group G itself considered as a set. This
result however does not give much information about the group.
Theorem 9.3.6 (Cayleys theorem). Let G be a group. Consider the set of elements
of G. Then the group G is a permutation group on the set G, that is G is a subgroup
of SG .
Proof. We show that to each g 2 G we can associate a permutation of the set G. If
g 2 G let g be the map given by
g W g1 ! gg1
for each g1 2 G:
It is straightforward to show that each g is a permutation on G.
128
9.4
Cosets and Lagranges Theorem
In this section given a group G and a subgroup H we dene an equivalence relation

on G. The equivalence classes all have the same size and are called the (left) or (right)
cosets of H in G.
Denition 9.4.1. Let G be a group and H G a subgroup. For a; b 2 G dene
a b if a1 b 2 H .
Lemma 9.4.2. Let G be a group and H G a subgroup. Then the relation dened
above is an equivalence relation on G. The equivalence classes all have the form aH
for a 2 G and are called the left cosets of H in G. Clearly G is a disjoint union of its
left cosets.
Proof. Let us show, rst of all, that this is an equivalence relation. Now a a
since a1 a D e 2 H . Therefore the relation is reexive. Further a b implies
a1 b 2 H , but since H is a subgroup of G we have b 1 a D .a1 b/1 2 H and so
b a. Therefore the relation is symmetric. Finally suppose that a b and b c.
Then a1 b 2 H and b 1 c 2 H . Since H is a subgroup a1 b b 1 c D a1 c 2 H ,
and hence a c. Therefore the relation is transitive and hence is an equivalence
relation.
For a 2 G the equivalence class is
a D g 2 G W a g D a 2 G W a1 g 2 H :
But then clearly g 2 aH . It follows that the equivalence class for a 2 G is precisely
the set
aH D g 2 G W g D ah for some h 2 H :
These classes, aH , are called left cosets of H and since they are equivalence classes
they partition G. This means that every element of g is in one and only one left coset.
In particular, bH D H D eH if and only if b 2 H .
If aH is a left coset then we call the element a a coset representative representative.
A complete collection
a 2 G W aH is the set of all distinct left cosets of H
is called a (left) transversal of H in G.
One could dene another equivalence relation by dening a b if and only if
ba1 2 H . Again this can be shown to be an equivalence relation on G, and the
equivalence classes here are sets of the form
Ha D g 2 G W g D ha for some h 2 H ;
Section 9.4 Cosets and Lagranges Theorem
129
called right cosets of H . Also, of course, G is the (disjoint) union of distinct right
cosets.
It is easy to see that any two left (right) cosets have the same order (number of
elements). To demonstrate this consider the mapping aH ! bH via ah 7! bh where
h 2 H . It is not hard to show that this mapping is 1-1 and onto (see exercises). Thus
we have jaH j D jbH j. (This is also true for right cosets and can be established in a
similar manner.) Letting b 2 H in the above discussion, we see jaH j D jH j, for any
a 2 G, that is the size of each left or right coset is exactly the same as the subgroup H .
One can also see that the collection aH of all distinct left cosets has the same
number of elements as the collection Ha of all distinct right cosets. In other words,
the number of left cosets equals the number of right cosets (this number may be innite). For consider the map
f W aH ! Ha1 :
This mapping is well-dened: for if aH D bH , then b D ah where h 2 H . Thus
f .bH / D H b 1 D H h1 a1 D f .aH /. It is not hard to show that this mapping
is 1-1 and onto (see exercises). Hence the number of left cosets equals the number of
right cosets.
Denition 9.4.3. Let G be a group and H G a subgroup. The number of distinct
left cosets, which is the same as the number of distinct right cosets, is called the index
of H in G, denoted by G W H .
Now let us consider the case where the group G is nite. Each left coset has the
same size as the subgroup H and here both are nite. Hence jaH j D jH j for each
coset. Further the group G is a disjoint union of the left cosets, that is
G D H [ g1 H [ [ gn H:
Since this is a disjoint union we have
jGj D jH j C jg1 H j C C jgn H j D jH j C jH j C C jH j D jH jG W H :
This establishes the following extremely important theorem.
Theorem 9.4.4 (Lagranges theorem). Let G be a group and H G a subgroup.
Then
jGj D jH jG W H :
If G is a nite group this implies that both the order of a subgroup and the index of a
subgroup are divisors of the order of the group.
This theorem plays a crucial role in the structure theory of nite groups since it
greatly restricts the size of subgroups. For example in a group of order 10 there can
be proper subgroups only of orders 1, 2 and 5.
130
As an immediate corollary, we have the following result.

Corollary 9.4.5. The order of any element g 2 G, where G is a nite group, divides
the order of the group. In particular if jGj D n and g 2 G then o.g/jn and gn D 1.
Proof. Let g 2 G and o.g/ D m. Then m is the size of the cyclic subgroup generated
by g and hence divides m from Lagranges theorem. Then n D mk and so
g n D g mk D .g m /k D 1k D 1:
Before leaving this section we consider some results concerning general subsets of
a group.
Suppose that G is a group and S is an arbitrary nonempty subset of G, S G and
S ;; such a set S is usually called a complex of G.
If U and V are two complexes of G, the product U V is dened as follows:
U V D g1 g2 2 G W u 2 U; v 2 V :
Now suppose that U; V are subgroups of G. When is the complex U V again a
subgroup of G?
Theorem 9.4.6. The product U V of two subgroups U , V of a group G is itself a
subgroup if and only if U and V commute, that is, if and only if U V D V U .
Proof. We note rst that when we say U and V commute, we do not demand that this
is so elementwise. In other words, it is not required that uv D vu for all u 2 U and
all v 2 V ; all that is required is that for any u 2 U and v 2 V uv D v1 u1 , for some
elements u1 2 U and v1 2 V .
Assume that U V is a subgroup of G. Let u 2 U and v 2 V . Then u 2 U 1 U V
and v 2 1 V U V . But since U V is assumed itself to be a subgroup, it follows that
vu 2 U V . Hence each product vu 2 U V and so V U U V . In an identical manner
U V V U and so U V D V U .
Conversely, suppose that U V D V U . Let g1 D u1 v1 2 U V , g2 D u2 v2 2 U V .
Then
g1 g1 D .u1 v1 /.u2 v2 / D u1 .v1 u2 /v2 D u1 u3 v3 v2 D .u1 u3 /.v3 v2 / 2 U V
since v1 u2 D u3 v3 for some u3 2 U and v3 2 V . Further
g11 D .u1 v1 /1 D v11 u1
1 D u 4 v4 :
It follows that U V is a subgroup.
131
Section 9.4 Cosets and Lagranges Theorem
Theorem 9.4.7 (product formula). Let U; V be subgroups of G and let R be a left

transversal of the intersection U \ V in U . Then
[
rV
UV D
r2R
where this is a disjoint union.

In particular if U; V are nite then
jU V j D
jU jjV j
:
jU \ V j
Proof. Since R U we have that

[
rV U V:
r2R
In the other direction let uv 2 U V . Then

[
r.U \ V /:
U D
r2R
It follows that u D rv 0 with r 2 R and v 0 2 U \ V . Hence

uv D rv 0 v 2 rV:
The union of cosets of V is disjoint so
uv 2
rV:
r2R
S
Therefore U V r2R rV proving the equality.
Now suppose that jU j and jV j are nite. Then we have
jU V j D jRjjV j D jU W U \ V jjV j D
jU j
jU jjV j
jV j D
:
jU \ V j
jU \ V j
We now show that index is multiplicative. Later we will see how this fact is related
to the multiplicativity of the degree of eld extensions.
Theorem 9.4.8. Suppose G is a group and U and V are subgroups with U V G.
Then if G is the disjoint union
[
rV
GD
r2R
and V is the disjoint union

V D
[
s2S
sU
132
then we get a disjoint union for G as

GD
rsU:
r2R;s2S
In particular if G W V and V W U are nite then

G W U D G W V V W U :
Proof. Now
GD
rV D
r2R
[[
r2R
s2S

sU
rsU:
r2R;s2S
Suppose that r1 s1 U D r2 s2 U . Then r1 s1 U V D r2 s2 U V . But s1 U V D V and

s2 U V D V so r1 V D r2 V which implies that r1 D r2 . Then s1 U D s2 U which
implies that s1 D s2 . Therefore the union is disjoint.
The index formula now follows directly.
The next result says that the intersection of subgroups of nite index must again be
of nite index.
Theorem 9.4.9 (Poincar). Suppose that U; V are subgroups of nite index in G.
Then U \ V is also of nite index. Further
G W U \ V G W U G W V :
If G W U ; G W V are relatively prime then equality holds.
Proof. Let r be the number of left cosets of U in G that are contained in U V . r is
nite since the index G W U is nite. From Theorem 9.4.7 we then have
jV W U \ V j D r G W U :
Then from Theorem 9.4.8
G W U \ V D G W V V W U \ V G W V G W U :
Since both G W U and G W V are nite so is G W U \ V .
Now G W U jG W U \ V and G W V jG W U \ V . If G W U and G W V are
relatively prime then
G W U G W V jG W U \ V H) G W U G W V G W U \ V
Therefore we must have equality.
Corollary 9.4.10. Suppose that G W U and G W V are nite and relatively prime.
Then G D U V .
Section 9.5 Generators and Cyclic Groups
133
Proof. From Theorem 9.4.9 we have

G W U \ V D G W U G W V :
From Theorem 9.4.8
G W U \ V D G W V V W U \ V :
Combing these we have
V W U \ V D G W U :
The number of left cosets of U in G that are contained in V U is equal to the number
of all left cosets of U in G. It follows then that we must have G D U V .
9.5
Generators and Cyclic Groups
We saw that if G is any group and g 2 G then the powers of g generate a subgroup
of G called the cyclic subgroup generated by g. Here we explore more fully the idea
of generating a group or subgroup. We rst need the following.
Lemma 9.5.1. If U and V are subgroups of a group G then their intersection U \ V
is also a subgroup.
Proof. Since the identity of G is in both U and V we have that U \ V is nonempty.
Suppose that g1 ; g2 2 U \ V . Then g1 ; g2 2 U and hence g11 g2 2 U since U is a
subgroup. Analogously g11 g2 2 V . Hence g 1 g2 2 U \ V and therefore U \ V is
a subgroup.
Now let S be a subset of a group G. The subset S is certainly contained in at least
one subgroup of G, namely
T G itself. Let U be the collection of all subgroups of
G containing S . Then U is again a subgroup of G from Lemma 9.5.1.
T Further
it is the smallest subgroup of G containing S (see the exercises). We call U the
subgroup of G generated by S and denote it by hS i or grp.S/. We call the set S a set
of generators for hS i.
Denition 9.5.2. A subset M of a group G is a set of generators for G if G D
hM i, that is the smallest subgroup of G containing M is all of G. We say that G is
generated by M and that M is a set of generators for G.
Notice that any group G has at least one set of generators, namely G itself. If
G D hM i and M is a nite set then we say that G is nitely generated. Clearly
any nite group is nitely generated. Shortly we will give an example of a nitely
generated innite group.
134
Example 9.5.3. The set of all reections forms a set of generators for the Euclidean
group E. Recall that any T 2 E is either a translation, a rotation, a reection or a
glide reection. It can be shown (see exercises) that any one of these can be expressed
as a product of 3 or fewer reections.
We now consider the case where a group G has a single generator.
Denition 9.5.4. A group G is cyclic if there exists a g 2 G such that G D hgi.
In this case G D g n W n 2 Z, that is G consists of all the powers of the element g.
If there exists an integer m such that g m D 1, then there exists a smallest such positive
integer say n. It follows that g k D g l if and only if k l mod n. In this situation the
distinct powers of g are precisely
1 D g 0 ; g; g 2 ; : : : ; gn1 :
It follows that jGj D n. We then call G a nite cyclic group. If no such power exists
then all the powers of G are distinct and G is an innite cyclic group.
We show next that any two cyclic groups of the same order are isomorphic.
Theorem 9.5.5. (a) If G D hgi is an innite cyclic group then G .Z; C/ that is
the integers under addition.
(b) If G D hgi is a nite cyclic group of order n then G .Zn ; C/ that is the
integers modulo n under addition.
It follows that for a given order there is only one cyclic group up to isomorphism.
Proof. Let G be an innite cyclic group with generator g. Map g onto 1 2 .Z; C/.
Since g generates G and 1 generates Z under addition this can be extended to a homomorphism. It is straightforward to show that this denes an isomorphism.
Now let G be a nite cyclic group of order n with generator g. As above map g to
1 2 Zn and extend to a homomorphism. Again it is straightforward to show that this
denes an isomorphism.
Now let G and H be two cyclic groups of the same order. If both are innite then
both are isomorphic to .Z; C/ and hence isomorphic to each other. If both are nite of
order n then both are isomorphic to .Zn ; C/ and hence isomorphic to each other.
Theorem 9.5.6. Let G D hgi be a nite cyclic group of order n. Then every subgroup
of G is also cyclic. Further if d jn there exists a unique subgroup of G of order d .
Proof. Let G D hgi be a nite cyclic group of order n and suppose that H is a
subgroup of G. Notice that if g m 2 H then g m is also in H since H is a subgroup.
Hence H must contain positive powers of the generator g. Let t be the smallest
positive power of g such that g t 2 H . We claim that H D hg t i the cyclic subgroup
135
of G generated by g t . Let h 2 H then h D g m for some positive integer m t .

Divide m by t to get
m D qt C r
where r D 0 or 0 < r < t:
If r 0 then r D m qt > 0. Now g m 2 H , g t 2 H so g qt 2 H for any q since

H is a subgroup. It follows that g m g qt D gmqt 2 H . This implies that gr 2 H .
However this is a contradiction since r < t and t is the least positive power in H . It
follows that r D 0 so m D qt . This implies that g m D gqt D .g t /q , that is gm is
a multiple of g t . Therefore every element of H is a multiple of g t and therefore g t
generates H and hence H is cyclic.
Now suppose that d jn so that n D kd . Let H D hgk i, that is the subgroup of G
generated by g k . We claim that H has order d and that any other subgroup H1 of G
with order d coincides with H . Now .g k /d D g kd D g n D 1 so the order of gk
divides d and hence is d . Suppose that .g k /d1 D g kd1 D 1 with d1 < d . Then
since the order of g is n we have n D kd jkd1 with d1 < d which is impossible.
Therefore the order of g k is d and h D hgk i is a subgroup of G of order d .
Now let H1 be a subgroup of G of order d . We must show that H1 D H . Let
h 2 H1 so h D g t and hence g td D 1. It follows that njt d and so kd jt d and hence
kjt , that is t D qk for some positive integer q. Therefore g t D .gk /q 2 H . Therefore
H1 H and since they are of the same size H D H1 .
Theorem 9.5.7. Let G D hgi be an innite cyclic group. Then a subgroup H is of
the form H D hg t i for a positive integer t . Further if t1 ; t2 are positive integers with
t1 t2 then hg t1 i and hg t2 i are distinct.
Proof. Let G D hgi be an innite cyclic group and H a subgroup of G. As in the
proof of Theorem 9.5.6 H must contain positive powers of the generator g. Let t be
the smallest positive power of g such that g t 2 H . We claim that H D hgt i the cyclic
subgroup of G generated by g t . Let h 2 H then h D gm for some positive integer
m t . Divide m by t to get
m D qt C r
where r D 0 or 0 < r < t:
If r 0 then r D m qt > 0. Now g m 2 H , g t 2 H so g qt 2 H for any q since

H is a subgroup. It follows that g m g qt D gmqt 2 H . This implies that gr 2 H .
However this is a contradiction since r < t and t is the least positive power in H . It
follows that r D 0 so m D qt . This implies that g m D gqt D .g t /q , that is gm is
a multiple of g t . Therefore every element of H is a multiple of g t and therefore g t
generates H and hence H D hg t i.
From the proof above in the subgroup hg t i the integer t is the smallest positive
power of g in hg t i. Therefore if t1 ; t2 are positive integers with t1 t2 then hg t1 i and
hg t2 i are distinct.
136
Theorem 9.5.8. Let G D hgi be a cyclic group. Then

(a) If G D hgi is nite of order n then g k is also a generator if and only if .k; n/ D 1.
That is the generators of G are precisely those powers gk where k is relatively
prime to n.
(b) If G D hgi is innite then the only generators are g; g1 .
Proof. (a) Let G D hgi be a nite cyclic group of order n and suppose that .k; n/ D 1.
Then there exist integers x; y with kx C ny D 1. It follows that
g D g kxCny D .gk /x .gn /y D .g k /x
since gn D 1. Hence g is a power of g k that implies every element of G is also a
power of g k . Therefore g k is also a generator.
Conversely suppose that gk is also a generator. Then g is a power of gk so there
exists an x such that g D g kx . It follows that kx 1 modulo n and so there exists
a y such that
kx C ny D 1:
This then implies that .k; n/ D 1.
(b) If G D hgi is innite then any power of g other than g 1 generates a proper
subgroup. If g is a power of g n for some n so that g D g nx it follows that g nx1 D 1
so that g has nite order contradicting that G is innite cyclic.
Recall that for positive integers n the Euler phi-function is dened as follows.
Denition 9.5.9. For any n > 0, let
.n/ D number of integers less than or equal to n and relatively prime to n:
Example 9.5.10. .6/ D 2 since among 1; 2; 3; 4; 5; 6 only 1; 5 are relatively prime
to 6.
Corollary 9.5.11. If G D hgi is nite of order n then there are .n/ generators for
G where is the Euler phi-function.
Proof. From Theorem 9.5.8 the generators of G are precisely the powers gk where
.k; n/ D 1. The numbers relatively prime to n are counted by the Euler phi-function.
Recall that in an arbitrary group G, if g 2 G, then the order of g, denoted o.g/,
is the order of the cyclic subgroup generated by g. Given two elements g; h 2 G in
general there is no relationship between o.g/; o.h/ and the order of the product gh.
However if they commute there is a very direct relationship.
137
Lemma 9.5.12. Let G be an arbitrary group and g; h 2 G both of nite order

o.g/; o.h/. If g and h commute, that is gh D hg, then o.gh/ divides lcm.o.g/; o.h//.
In particular if G is an abelian group then o.gh/j lcm.o.g/; o.h// for all g; h 2 G of
nite order. Further if hgi \ hhi D 1 then o.gh/ D lcm.o.g/; o.h//.
Proof. Suppose o.g/ D n and o.h/ D m are nite. If g; h commute then for any k
we have .gh/k D gk hk . Let t D lcm.n; m/ then t D k1 m; t D k2 n. Hence
.gh/t D g t ht D .g m /k1 .hn /k2 D 1:
Therefore the order of gh is nite and divides t . Suppose that hgi \ hhi D 1 that
is the cyclic subgroup generated by g intersects trivially with the cyclic subgroup
generated by h. Let k D o.gh/ which we know is nite from the rst part of the
lemma. Let t D lcm.n; m/. We then have .gh/k D gk hk D 1 which implies that
g k D hk . Since the cyclic subgroups have only trivial intersection this implies that
g k D 1 and hk D 1. But then njk and mjk and hence t jk. Since kjt it follows that
k D t.
Recall that if m and n are relatively prime then lcm.m; n/ D mn. Further if the
orders of g and h are relatively prime it follows from Lagranges theorem that hgi \
hhi D 1. We then get the following.
Corollary 9.5.13. If g; h commute and o.g/ and o.h/ are nite and relatively prime
then o.gh/ D o.g/o.h/.
Denition 9.5.14. If G is a nite abelian group then the exponent of G is the lcm of
the orders of all elements of G. That is
exp.G/ D lcmo.g/ W g 2 G:
As a consequence of Lemma 9.5.12 we obtain
Lemma 9.5.15. Let G be a nite abelian group. Then G contains an element of order
exp.G/.
e
Proof. Suppose that exp.G/ D p1e1 pkk with pi distinct primes. By the denition
of exp.G/ there is a gi 2 G with o.gi / D piei ri with pi and ri relatively prime. Let
hi D giri . Then from Lemma 9.5.12 we get o.hi / D piei . Now let g D h1 h2 hk .
From the corollary to Lemma 9.5.12 we have o.g/ D p1e1 pkek D exp.G/.
If K is a eld then the multiplicative subgroup of nonzero elements of K is an

abelian group K ? . The above results lead to the fact that a nite subgroup of K ? must
actually be cyclic.
Theorem 9.5.16. Let K be a eld. Then any nite subgroup of K ? is cyclic.
138
Proof. Let A K ? with jAj D n. Suppose that m D exp.A/. Consider the polynomial f .x/ D x m 1 2 Kx. Since the order of each element in A divides m it
follows that am D 1 for all a 2 A and hence each a 2 A is a zero of the polynomial
f .x/. Hence f .x/ has at least n zeros. Since a polynomial of degree m over a eld
can have at most m zeros it follows that n < m. From Lemma 9.5.15 there is an
element a 2 A with o.a/ D m. Since jAj D n it follows that mjn and hence m < n.
Therefore m D n and hence A D hai showing that A is cyclic.
We close this section with two other results concerning cyclic groups. The rst
proves, using group theory, a very interesting number theoretic result concerning the
Euler phi-function.
Theorem 9.5.17. For n > 1 and for d 1
X
.d / D n:
d jn
Proof. Consider a cyclic group G of order n. For each d jn, d 1 there is a unique
cyclic subgroup H of order d . H then has .d / generators. Each element in G
generates its own cyclic subgroup H1 , say of order d and hence must be included in
the .d / generators of H1 . Therefore
X
.d / D sum of the numbers of generators of the cyclic subgroups of G:
d jn
But this must be the whole group and hence this sum is n.
We shall make use of the above theorem directly in the following theorem.
Theorem 9.5.18. If jGj D n and if for each positive d such that d jn, G has at most
one cyclic subgroup of order d , then G is cyclic (and consequently, has exactly one
cyclic subgroup of order d ).
Proof. For each d jn, d > 0, let .d / D the number of elements of G of order d .
Then
X
.d / D n:
d jn
Now suppose that .d / 0 for a given d jn. Then there exists an a 2 G of order d
which generates a cyclic subgroup, hai, of order d of G. We claim that all elements
of G of order d are in hai. Indeed, if b 2 G with o.b/ D d and b hai, then hbi is a
second cyclic subgroup of order d , distinct from hai. This contradicts the hypothesis,
so the claim is proved. Thus, if .d / 0, then P
.d / D .d /. P
In general, we
have .d / .d /, for all positive d jn. But n D d jn .d / d jn .d /, by
the previous theorem. It follows, clearly, from this that .d / D .d / for all d jn. In
139
particular, .n/ D .n/ 1. Hence, there exists at least one element of G of order
n; hence G is cyclic. This completes the proof.
Corollary 9.5.19. If in a group G of order n, for each d jn, the equation x d D 1 has
at most d solutions in G, then G is cyclic.
Proof. The hypothesis clearly implies that G can have at most one cyclic subgroup of
order d since all elements of such a subgroup satisfy the equation. So Theorem 9.5.17
applies to give our result.
If H is a subgroup of a group G then G operates as a group of permutations on
the set aH W a 2 R of left cosets of H in G where R is a left transversal of H
in G. This we can use to show that a nitely generated group has only nitely many
subgroups of a given nite index.
Theorem 9.5.20. Let G be a nitely generated group. The number of subgroups of
index n < 1 is nite.
Proof. Let H be a subgroup of index n. We choose a left transversal c1 ; : : : ; cn
for H in G where c1 D 1 represents H . G permutes the set of cosets ci H by
multiplication from the left. This induces a homomorphism H from G to Sn as
follows. For each g 2 G let H .g/ be the permutation which maps i to j if gci H D
cj H . H .g/ xes the number 1 if and only if g 2 H because c1 H D H . Now, let
H and L be two different subgroups of index n in G. Then there exists g 2 H with
g L and H .g/ L .g/, and hence H and L are different. Since G is nitely
generated there are only nitely many homomorphisms from G to Sn . Therefore the
number of subgroups of index n < 1 is nite.
9.6
Exercises
1.
Prove Lemma 9.1.4.
2.
Suppose that g 2 G and g m D 1 for some positive integer m. Let n be the smallest positive integer such that gn D 1. Show the set of elements 1; g; g2 ; : : : ;
g n1 are all distinct but for any other power g k we have g k D g t for some
k D 0; 1; : : : ; n 1.
3.
Let G be a group and U1 ; U2 be nite subgroups of G. If jU1 j and jU2 j are

relatively prime, then U1 \ U2 D e.
4.
Let A; B be subgroups of a nite group G. If jAj jBj > jGj then A \ B e.
140
5.
Let G be the set of all real matrices of the form

Show:
a b
b a
, where a2 C b 2 0.
(a) G is a group.
(b) For each n 2 N there is at least one element of order n in G.
6.
Let p be a prime, and let G D SL.2; p/. Show:

(a) G has at least 2p 2 elements of order p (their exact number is p 2 1).
(b) If p is odd, then x p D 1 for all x 2 G.
7.
Let p be a prime and a 2 Z. Show that ap a mod p.
8.
Let F be a eld. Show that the set of n n matrices of determinant 1 over F

forms a group.
9.
Here we outline a proof that every planar Euclidean congruence motion is either
a rotation, translation, reection or glide reection. An isometry in this problem
is a planar Euclidean congruence motion. Show:
(a) If T is an isometry then it is completely determined by its action on a triangle equivalent to showing that if T xes three noncollinear points then it
must be the identity.
(b) If an isometry T has exactly one xed point then it must be a rotation with
that point as center.
(c) If an isometry T has two xed points then it xes the line joining them.
Then show that if T is not the identity it must be a reection through this
line.
(d) If an isometry T has no xed point but preserves orientation then it must be
a translation.
(e) If an isometry T has no xed point but reverses orientation then it must be
a glide reection.
10. Let Pn be a regular n-gon and DN its group of symmetries. Show that jDn j D
2n. (Hint: First show that jDn j 2n and then exhibit 2n distinct symmetries.)
11. If A; B have the same cardinality, then there exists a bijection W A ! B.
Dene a map F W SA ! SB in the following manner: if f 2 SA , let F .f / be
the permutation on B given by F .f /.b/ D .f . 1 .b///. Show that F is an
isomorphism.
Chapter 10
Normal Subgroups, Factor Groups and

Direct Products
10.1
Normal Subgroups and Factor Groups
In rings we saw that there were certain special types of subrings, called ideals, that
allowed us to dene factor rings. The analogous object for groups is called a normal
subgroup which we will dene and investigate in this section.
Denition 10.1.1. Let G be an arbitrary group and suppose that H1 and H2 are subgroups of G. We say that H2 is conjugate to H1 if there exists an element a 2 G such
that H2 D aH1 a1 . H1 ; H2 are the called conjugate subgroups of G.
Lemma 10.1.2. Let G be an arbitrary group. Then the relation of conjugacy is an
equivalence relation on the set of subgroups of G.
Proof. We must show that conjugacy is reexive, symmetric and transitive. If H is a
subgroup of G then 11 H1 D H and hence H is conjugate to itself and therefore the
relation is reexive.
Suppose that H1 is conjugate to H2 . Then there exists a g 2 G with g 1 H1 g D
H2 . This implies that gH2 g 1 D H1 . However .g 1 /1 D g and hence letting
g 1 D g1 we have g11 H2 g1 D H1 : Therefore H2 is conjugate to H1 and conjugacy
is symmetric.
Finally suppose that H1 is conjugate to H2 and H2 is conjugate to H3 . Then there
exist g1 ; g2 2 G with H2 D g11 H1 g1 and H3 D g21 H2 g2 . Then
H3 D g21 g11 H1 g1 g2 D .g1 g2 /1 H1 .g1 g2 /:
Therefore H3 is conjugate to H2 and conjugacy is transitive.
Lemma 10.1.3. Let G be an arbitrary group. Then for g 2 G the map g W a !
g 1 ag is an automorphism on G.
Proof. For a xed g 2 G dene the map f W G ! G by f .a/ D g 1 ag for a 2 G.
We must show that this is a homomorphism and that it is one-to-one and onto.
142
Chapter 10 Normal Subgroups, Factor Groups and Direct Products
Let a1 ; a2 2 G. Then
f .a1 a2 / D g 1 a1 a2 g D .g1 a1 g/.g 1 a2 g/ D f .a1 /f .a2 /:
Hence f is a homomorphism.
If f .a1 / D f .a2 / then g 1 a1 g D g 1 a2 g. Clearly by the cancellation law we
then have a1 D a2 and hence f is one-to-one.
Finally let a 2 G and let a1 D gag 1 . Then a D g 1 a1 g and hence f .a1 / D a.
It follows that f is onto and therefore f is an automorphism on G.
In general a subgroup H of a group G may have many different conjugates. However in certain situations the only conjugate of a subgroup H is H itself. If this is the
case we say that H is a normal subgroup. We will see shortly that this is precisely the
analog for groups of the concept of an ideal in rings.
Denition 10.1.4. Let G be an arbitrary group. A subgroup H is a normal subgroup
of G, which we denote by H G G, if g 1 Hg D H for all g 2 G.
Since the conjugation map is an isomorphism it follows that if g 1 Hg H then
D H . Hence in order to show that a subgroup is normal we need only show
g
inclusion.
1 Hg
Lemma 10.1.5. Let N be a subgroup of a group G. Then if aNa1 N for all

a 2 G, then aNa1 D N . In particular, aNa1 N for all a 2 G implies that N
is a normal subgroup.
Notice that if g 1 Hg D H then Hg D gH . That is as sets the left coset gH
is equal to the right coset Hg. Hence for each h1 2 H there is an h2 2 H with
gh1 D h2 g. If H G G this is true for all g 2 G. Further if H is normal then for the
product of two cosets g1 H and g2 H we have
.g1 H /.g2 H / D g1 .Hg2 /H D g1 g2 .HH / D g1 g2 H:
If .g1 H /.g2 H / D .g1 g2 /H for all g1 ; g2 2 G we necessarily have gHg1 D H
for all g 2 G.
Hence we have proved:
Lemma 10.1.6. Let H be a subgroup of a group G. Then the following are equivalent:
(1) H is a normal subgroup of G.
(2) g 1 Hg D H for all g 2 G.
(3) gH D Hg for all g 2 G.
(4) .g1 H /.g2 H / D .g1 g2 /H for all g1 ; g2 2 G.
Section 10.1 Normal Subgroups and Factor Groups
143
This is precisely the condition needed to construct factor groups. First we give
some examples of normal subgroups.
Lemma 10.1.7. Every subgroup of an abelian group is normal.
Proof. Let G be abelian and H a subgroup of G. Suppose g 2 G then gh D hg for
all h 2 H since G is abelian. It follows that gH D Hg. Since this is true for every
g 2 G it follows that H is normal.
Lemma 10.1.8. Let H G be a subgroup of index 2, that is G W H D 2. Then H
is normal in G.
Proof. Suppose that G W H D 2. We must show that gH D Hg for all g 2 G. If
g 2 H then clearly H D gH D Hg. Therefore we may assume that g is not in H .
Then there are only 2 left cosets and 2 right cosets. That is,
G D H [ gH D H [ Hg:
Since the union is a disjoint union we must have gH D Hg and hence H is normal.
Lemma 10.1.9. Let K be any eld. Then the group SL.n; K/ is a normal subgroup
of GL.n; K/ for any positive integer n.
Proof. Recall that GL.n; K/ is the group of n n matrices over the eld K with
nonzero determinant while SL.n; K/ is the subgroup of n n matrices over the eld
K with determinant equal to 1. Let U 2 SL.n; K/ and T 2 GL.n; K/. Consider
T 1 U T . Then
det.T 1 U T / D det.T 1 / det.U / det.T / D det.U / det.T 1 T /
D det.U / det.I / D det.U / D 1:
Hence T 1 U T 2 SL.n; K/ for any U 2 SL.n; K/ and any T 2 GL.n; K/. It follows
that T 1 SL.n; K/T SL.n; K/ and therefore SL.n; K/ is normal in GL.n; K/.
The intersection of normal subgroups is again normal and the product of normal
subgroups is normal.
Lemma 10.1.10. Let N1 ; N2 be normal subgroups of the group G. Then
(1) N1 \ N2 is a normal subgroup of G.
(2) N1 N2 is a normal subgroup of G.
(3) If H is any subgroup of G then N1 \H is a normal subgroup of H and N1 H D
HN1 .
144
Proof. (a) Let n 2 N1 \ N2 and g 2 G. Then g 1 ng 2 N1 since N1 is normal.

Similarly g 1 ng 2 N2 since N2 is normal. Hence g1 ng 2 N1 \ N2 . It follows that
g 1 .N1 \ N2 /g N1 \ N2 and therefore N1 \ N2 is normal.
(b) Let n1 2 N1 ; n2 2 N2 . Since N1 ; N2 are both normal N1 N2 D N2 N1 as sets
and the complex N1 N2 forms a subgroup of G. Let g 2 G and n1 n2 2 N1 N2 . Then
g 1 .n1 n2 /g D .g 1 n1 g/.g 1 n2 g/ 2 N1 N2
since g 1 n1 g 2 N1 and g 1 n2 g 2 N2 . Therefore N1 N2 is normal in G.
(c) Let h 2 H and n 2 N \ H . Then as in part (a) h1 nh 2 N \ H and therefore
N \ H is a normal subgroup of H . The same argument as in part (b) shows that
N1 H D HN1 .
We now construct factor groups or quotient groups of a group modulo a normal
subgroup.
Denition 10.1.11. Let G be an arbitrary group and H a normal subgroup of G. Let
G=H denote the set of distinct left (and hence also right) cosets of H in G. On G=H
dene the multiplication
.g1 H /.g2 H / D g1 g2 H
for any elements g1 H; g2 H in G=H .
Theorem 10.1.12. Let G be a group and H a normal subgroup of G. Then G=H
under the operation dened above forms a group. This group is called the factor
group or quotient group of G modulo H . The identity element is the coset 1H D H
and the inverse of a coset gH is g 1 H .
Proof. We rst show that the operation on G=N is well-dened. Suppose that a0 N D
aN and b 0 N D bN , then b 0 2 bN and so b 0 D bn1 . Similarly a0 D an2 where
n1 ; n2 2 N . Therefore
a0 b 0 N D an2 bn1 N D an2 bN
since n1 2 N . But b 1 n2 b D n3 2 N , since N is normal, so the right-hand side of
the equation can be written as
an2 bN D abN:
Thus we have shown that if N G G then a0 b 0 N D abN , and the operation on G=N is
indeed, well-dened.
The associative law is true because coset multiplication as dened above uses the
ordinary group operation which is by denition associative.
The coset N serves as the identity element of G=N . Notice that
aN N D aN 2 D aN
Section 10.1 Normal Subgroups and Factor Groups
145
and
N aN D aN 2 D aN:
The inverse of aN is a1 N since
aNa1 N D aa1 N 2 D N:
We emphasize that the elements of G=N are cosets and thus subsets of G. If
jGj < 1, then jG=N j D G W N , the member of cosets of N in G. It is also to
be emphasized that in order for G=N to be a group N must be a normal subgroup
of G.
In some cases properties of G are preserved in factor groups.
Lemma 10.1.13. If G is abelian then any factor group of G is also abelian. If G is
cyclic then any factor group of G is also cyclic.
Proof. Suppose that G is abelian and H is a subgroup of G. H is necessarily normal
from Lemma 10.1.7 so that we can form the factor group G=H . Let g1 H; g2 H 2
G=H . Since G is abelian we have g1 g2 D g2 g1 . Then in G=H ,
.g1 H /.g2 H / D .g1 g2 /H D .g2 g1 /H D .g2 H /.g1 H /:
Therefore G=H is abelian.
We leave the proof of the second part to the exercises.
An extremely important concept is when a group contains no proper normal subgroups other than the identity subgroup 1.
Denition 10.1.14. A group G 1 is simple provided that N G G implies N D G
or N D 1.
One of the most outstanding problems in group theory has been to give a complete
classication of all nite simple groups. In other words, this is the program to discover all nite simple groups and to prove that there are no more to be found. This
was accomplished through the efforts of many mathematicians. The proof of this
magnicent result took thousands of pages. We refer the reader to [18] for a complete
discussion of this. We give one elementary example.
Lemma 10.1.15. Any nite group of prime order is simple and cyclic.
Proof. Suppose that G is a nite group and jGj D p where p is a prime. Let g 2 G
with g 1. Then hgi is a nontrivial subgroup of G so its order divides the order of
G by Lagranges theorem. Since g 1 and p is a prime we must have jhgij D p.
Therefore hgi is all of G, that is G D hgi and hence G is cyclic.
The argument above shows that G has no nontrivial proper subgroups and therefore
no nontrivial normal subgroups. Therefore G is simple.
In the next chapter we will examine certain other nite simple groups.
146
10.2
The Group Isomorphism Theorems
In Chapter 1 we saw that there was a close relationship between ring homomorphisms
and factor rings. In particular to each ideal, and consequently to each factor ring,
there is a ring homomorphism that has that ideal as its kernel. Conversely to each ring
homomorphism its kernel is an ideal and the corresponding factor ring is isomorphic
to the image of the homomorphism. This was formalized in Theorem 1.5.7 which we
called the ring isomorphism theorem. We now look at the group theoretical analog
of this result, called the group isomorphism theorem. We will then examine some
consequences of this result that will be crucial in the Galois theory of elds.
Denition 10.2.1. If G1 and G2 are groups and f W G1 ! G2 is a group homomorphism then the kernel of f , denoted ker.f /, is dened as
ker.f / D g 2 G1 W f .g/ D 1:
That is the kernel is the set of the elements of G1 that map onto the identity of G2 .
The image of f , denoted im.f /, is the set of elements of G2 mapped onto by f from
elements of G1 . That is
im.f / D g 2 G2 W f .g1 / D g2 for some g1 2 G1 :
Note that if f is a surjection then im.f / D G2 .
As with ring homomorphisms the kernel measures how far a homomorphism is
from being an injection, that is, a one-to-one mapping.
Lemma 10.2.2. Let G1 and G2 are groups and f W G1 ! G2 a group homomorphism. Then f is injective if and only if ker.f / D 1.
Proof. Suppose that f is injective. Since f .1/ D 1 we always have 1 2 ker.f /.
Suppose that g 2 ker.f /. Then f .g/ D f .1/. Since f is injective this implies that
g D 1 and hence ker.f / D 1.
Conversely suppose that ker.f / D 1 and f .g1 / D f .g2 /. Then
f .g1 /.f .g2 //1 D 1 H) f .g1 g21 / D 1 H) g1 g21 2 ker.f /:
Then since ker.f / D 1 we have g1 g21 D 1 and hence g1 D g2 . Therefore f is
injective.
We now state the group isomorphism theorem. This is entirely analogous to the
ring isomorphism theorem replacing ideals by normal subgroups. We note that this
theorem is sometimes called the rst group isomorphism theorem.
Section 10.2 The Group Isomorphism Theorems
147
Theorem 10.2.3 (group isomorphism theorem). (a) Let G1 and G2 be groups and
f W G1 ! G2 a group homomorphism. Then ker.f / is a normal subgroup of
G1 , im.f / is a subgroup of G2 and
G= ker.f / im.f /:
(b) Conversely suppose that N is a normal subgroup of a group G. Then there
exists a group H and a homomorphism f W G ! H such that ker.f / D N
and im.f / D H .
Proof. (a) Since 1 2 ker.f / the kernel is nonempty. Suppose that g1 ; g2 2 ker.f /.
Then f .g1 / D f .g2 / D 1. It follows that f .g1 g21 / D f .g1 /.f .g2 //1 D 1.
Hence g1 g21 2 ker.f / and therefore ker.f / is a subgroup of G1 . Further for any
g 2 G1 we have
f .g1 g1 g/ D .f .g//1 f .g1 /f .g/
D .f .g//1 1 f .g/ D f .g 1 g/ D f .1/ D 1:
Hence g 1 g1 g 2 ker.f / and ker.f / is a normal subgroup.
It is straightforward to show that im.f / is a subgroup of G2 .
Consider the map fO W G= ker.f / ! im.f / dened by
fO.g ker.f // D f .g/:
We show that this is an isomorphism.
Suppose that g1 ker.f / D g2 ker.f / then g1 g21 2 ker.f / so that f .g1 g21 / D 1.
This implies that f .g1 / D f .g2 / and hence the map fO is well-dened. Now
fO.g1 ker.f /g2 ker.f // D fO.g1 g2 ker.f // D f .g1 g2 /
D f .g1 /f .g2 / D fO.g1 ker.f //fO.g2 ker.f //
and therefore fO is a homomorphism.
Suppose that fO.g1 ker.f // D fO.g2 ker.f // then f .g1 / D f .g2 / and hence
g1 ker.f / D g2 ker.f /. It follows that fO is injective.
Finally suppose that h 2 im.f /. Then there exists a g 2 G1 with f .g/ D h. Then
fO.g ker.f // D h and fO is a surjection onto im.f /. Therefore fO is an isomorphism
completing the proof of part (a).
(b) Conversely suppose that N is a normal subgroup of G. Dene the map f W
G ! G=N by f .g/ D gN for g 2 G. By the denition of the product in the
quotient group G=N it is clear that f is a homomorphism with im.f / D G=N . If
g 2 ker.f / then f .g/ D gN D N since N is the identity in G=N . However this
implies that g 2 N and hence it follows that ker.f / D N completing the proof.
148
There are two related theorems that are called the second isomorphism theorem and
the third isomorphism theorem.
Theorem 10.2.4 (second isomorphism theorem). Let N be a normal subgroup of a
group G and U a subgroup of G. Then U \ N is normal in U and
.UN /=N U=.U \ N /:
Proof. From Lemma 10.1.10 we know that U \ N is normal in U . Dene the map
W UN ! U=U \ N
by .un/ D u.U \ N /. If un D u0 n0 then u01 u D n0 n1 2 U \ N . Therefore
u0 .U \ N / D u.U \ N / and hence the map is well-dened.
Suppose that un; u0 n0 2 UN Since N is normal in G we have that unu0 n0 2 uu0 N .
Hence unu0 n0 D uu0 n00 with n00 2 N . Then
.unu0 n0 / D .uu0 n/ D uu0 .U \ N /:
However U \ N is normal in U so
uu0 .U \ N / D u.U \ N /u0 .U \ N / D .un/.u0 n0 /:
Therefore is a homomorphism.
We have im./ D U=.U \ N / by denition. Suppose that un 2 ker./. Then
.un/ D U \ N N which implies u 2 N . Therefore ker.f / D N . From the
group isomorphism theorem we then have
UN=N U=.U \ N /
proving the theorem.
Theorem 10.2.5 (third isomorphism theorem). Let N and M be normal subgroups
of a group G with N a subgroup of M . Then M=N is a normal subgroup in G=N
and
.G=N /=.M=N / G=M:
Proof. Dene the map W G=N ! G=M by
.gN / D gM:
It is straightforward that is well-dened and a homomorphism. If gN 2 ker./ then
.gN / D gM D M and hence g 2 M . It follows that ker./ D M=N . In particular
this shows that M=N is normal in G=N . From the group isomorphism theorem then
.G=N /=.M=N / G=M:
Section 10.3 Direct Products of Groups
149
For a normal subgroup N in G the homomorphism f W G ! G=N provides a

one-to-one correspondence between subgroups of G containing N and the subgroups
of G=N . This correspondence will play a fundamental role in the study of subelds
of a eld.
Theorem 10.2.6 (correspondence theorem). Let N be a normal subgroup of a group
G and let f be the corresponding homomorphism f W G ! G=N . Then the mapping
W H ! f .H /
where H is a subgroup of G containing N provides a one-to-one correspondence
between all the subgroups of G=N and the subgroups of G containing N .
Proof. We rst show that the mapping is surjective. Let H1 be a subgroup of G=N
and let
H D g 2 G W f .g/ 2 H1 :
We show that H is a subgroup of G and that N H .
If g1 ; g2 2 H then f .g1 / 2 H1 and f .g2 / 2 H1 . Therefore f .g1 /f .g2 / 2 H1
and hence f .g1 g2 / 2 H1 . Therefore g1 g2 2 H . In an identical fashion g11 2 H .
Therefore H is a subgroup of G. If n 2 N then f .n/ D 1 2 H1 and hence n 2 H .
Therefore N H showing that the map is surjective.
Suppose that .H1 / D .H2 / where H1 and H2 are subgroups of G containing
N . This implies that f .H1 / D f .H2 /. Let g1 2 H1 . Then f .g1 / D f .g2 / for some
g2 2 H2 . Then g1 g21 2 ker.f / D N H2 . It follows that g1 g21 2 H2 so that
g1 2 H2 . Hence H1 H2 . In a similar fashion H2 H1 and therefore H1 D H2 .
It follows that is injective.
10.3
Direct Products of Groups
In this section we look at a very important construction, the direct product, which
allows us to build new groups out of existing groups. This construction is the analog
for groups of the direct sum of rings. As an application of this construction, in the
next section we present a theorem which completely describes the structure of nite
abelian groups.
Let G1 ; G2 be groups and let G be the Cartesian product of G1 and G2 . That is
G D G1 G2 D .a; b/ W a 2 G1 ; b 2 G2 :
On G dene
.a1 ; b1 / .a2 ; b2 / D .a1 a2 ; b1 b2 /:
With this operation it is direct to verify the groups axioms for G and hence G becomes
a group.
150
Theorem 10.3.1. Let G1 ; G2 be groups and G the Cartesian product G1 G2 with

the operation dened above. Then G forms a group called the direct product of G1
and G2 . The identity element is .1; 1/ and .g; h/1 D .g1 ; h1 /.
This construction can be iterated to any nite number of groups (also to an innite
number but we wont consider that here) G1 ; : : : ; Gn to form the direct product G1
G2 Gn .
Theorem 10.3.2. For groups G1 and G2 we have G1 G2 G2 G1 and G1 G2
is abelian if and only if each Gi , i D 1; 2, is abelian.
Proof. The map .a; b/ ! .b; a/ where a 2 G1 ; b 2 G2 provides an isomorphism
from G1 G2 ! G2 G1 .
Suppose that both G1 ; G2 are abelian. Then if a1 ; a2 2 G1 ; b1 ; b2 2 G2 we have
.a1 ; b1 /.a2 ; b2 / D .a1 a2 ; b1 b2 / D .a2 a1 ; b2 b1 / D .a2 ; b2 /.a1 ; b1 /
and hence G1 G2 is abelian.
Conversely suppose G1 G2 is abelian and suppose that a1 ; a2 2 G1 . Then for the
identity 1 2 G2 we have
.a1 a2 ; 1/ D .a1 ; 1/.a2 ; 1/ D .a2 ; 1/.a1 ; 1/ D .a2 a1 ; 1/:
Therefore a1 a2 D a2 a1 and G1 is abelian. Identically G2 is abelian.
We show next that in G1 G2 there are normal subgroups H1 ; H2 with H1 G1
and H2 G2 .
Theorem 10.3.3. Let G D G1 G2 . Let H1 D .a; 1/ W a 2 G1 and H2 D .1; b/ W
b 2 G2 . Then both H1 and H2 are normal subgroups of G with G D H1 H2 and
H1 \ H2 D 1. Further H1 G1 ; H2 G2 and G=H1 G2 and G=H2 G1 .
Proof. Map G1 G2 onto G2 by .a; b/ ! b. It is clear that this map is a homomorphism and that the kernel is H1 D .a; 1/ W a 2 G1 . This establishes that H1
is a normal subgroup of G and that G=H1 G2 . In an identical fashion we get that
G=H2 G1 . The map .a; 1/ ! a provides the isomorphism from H1 onto G1 .
If the factors are nite it is easy to nd the order of G1 G2 . The size of the
Cartesian product is just the product of the sizes of the factors.
Lemma 10.3.4. If jG1 j and jG2 j are nite then jG1 G2 j D jG1 jjG2 j.
Now suppose that G is a group with normal subgroups G1 ; G2 such that G D G1 G2
and G1 \ G2 D 1. Then we will show that G is isomorphic to the direct product
G1 G2 . In this case we say that G is the internal direct product of its subgroups and
that G1 ; G2 are direct factors of G.
Section 10.4 Finite Abelian Groups
151
Theorem 10.3.5. Suppose that G is a group with normal subgroups G1 ; G2 such that
G D G1 G2 and G1 \ G2 D 1. Then G is isomorphic to the direct product G1 G2 .
Proof. Since G D G1 G2 each element of G has the form ab with a 2 G1 ; b 2 G2 .
We rst show that each a 2 G1 commutes with each b 2 G2 . Consider the element
aba 1 b 1 . Since G1 is normal ba1 b 1 2 G1 which implies that abab 1 2 G1 .
Since G2 is normal aba1 2 G2 which implies that aba1 b 1 2 G2 . Therefore
aba1 b 1 2 G1 \ G2 D 1 and hence aba1 b 1 D 1 so that ab D ba.
Now map G onto G1 G2 by f .ab/ ! .a; b/. We claim that this is an isomorphism. It is clearly onto. Now
f ..a1 b1 /.a2 b2 // D f .a1 a2 b1 b2 / D .a1 a2 ; b1 b2 /
D .a1 ; b1 /.a2 ; b2 / D f ..a1 ; b1 //f .a2 ; b2 //
so that f is a homomorphism. The kernel is G1 \ G2 D 1 and so f is an isomorphism.
Although the end resulting groups are isomorphic we call G1 G2 an external
direct product if we started with the groups G1 ; G2 and constructed G1 G2 and
call G1 G2 an internal direct product if we started with a group G having normal
subgroups as in the theorem.
10.4
Finite Abelian Groups
We now use the results of the last section to present a theorem that completely provides the structure of nite abelian groups. This theorem is a special case of a general
result on modules that we will examine in detail later in the book.
Theorem 10.4.1 (basis theorem for nite abelian groups). Let G be a nite abelian
group. Then G is a direct product of cyclic groups of prime power order.
Before giving the proof we give two examples showing how this theorem leads to
the classication of nite abelian groups.
Since all cyclic groups of order n are isomorphic to .Zn ; C/ we will denote a cyclic
group of order n by Zn .
Example 10.4.2. Classify all abelian groups of order 60. Let G be an abelian group
of order 60. From Theorem 10.4.1 G must be a direct product of cyclic groups of
prime power order. Now 60 D 22 3 5 so the only primes involved are 2, 3 and 5.
Hence the cyclic group involved in the direct product decomposition of G have order
either 2, 4, 3 or 5 (by Lagranges theorem they must be divisors of 60). Therefore G
152
must be of the form

G Z4 Z3 Z5
G Z2 Z2 Z3 Z5 :
Hence up to isomorphism there are only two abelian groups of order 60.
Example 10.4.3. Classify all abelian groups of order 180. Now 180 D 22 32 5 so
the only primes involved are 2, 3 and 5. Hence the cyclic group involved in the direct
product decomposition of G have order either 2, 4, 3, 9 or 5 (by Lagranges theorem
they must be divisors of 180). Therefore G must be of the form
G Z4 Z9 Z5
G Z2 Z2 Z9 Z5
G Z4 Z3 Z3 Z5
G Z2 Z2 Z3 Z3 Z5 :
Hence up to isomorphism there are four abelian groups of order 180.
The proof of Theorem 10.4.1 involves the following lemmas.
Lemma 10.4.4. Let G be a nite abelian group and let pjjGj where p is a prime.
Then all the elements of G whose orders are a power of p form a normal subgroup
of G. This subgroup is called the p-primary component of G, which we will denote
by Gp .
Proof. Let p be a prime with pjjGj and let a and b be two elements of G of order a
power of p. Since G is abelian the order of ab is the lcm of the orders which is again
a power of p. Therefore ab 2 Gp . The order of a1 is the same as the order of a so
a 1 2 Gp and therefore Gp is a subgroup.
Lemma 10.4.5. Let G be a nite abelian group of order n. Suppose that n D
e
p1e1 pkk with p1 ; : : : ; pk distinct primes. Then
G Gp1 Gpk
where Gpi is the pi -primary component of G.
Proof. Each Gpi is normal since G is abelian and since distinct primes are relatively
prime the intersection of the Gpi is the identity. Therefore Lemma 10.4.5 will follow
by showing that each element of G is a product of elements in the Gp1 .
153
Let g 2 G. Then the order of g is p1f1 pkfk . We write this as pifi m with
f
.m; pi / D 1. Then g m has order pi i and hence is in Gpi . Now since p1 ; : : : ; pk

are relatively prime there exists m1 ; : : : ; mk with
f
m1 p1 1 C C mk pk k D 1
and hence
f1
fk
g D .g p1 /m1 .g pk /mk :
Therefore g is a product of elements in the Gpi .
We next need the concept of a basis. Let G be any nitely generated abelian group
(nite or innite) and let g1 ; : : : ; gn be a set of generators for G. The generators
g1 ; : : : ; gn form a basis if
G D hg1 i hgn i;
that is G is the direct product of the cyclic subgroups generated by the gi . The basis
theorem for nite abelian groups says that any nite abelian group has a basis.
Suppose that G is a nite abelian group with a basis g1 ; : : : ; gk so that G D hg1 i
hgk i. Since G is nite each gi has nite order say mi . It follows than from the
fact that G is a direct product that each g 2 G can be expressed as
g D g1n1 gknk
and further the integers n1 ; : : : ; nk are unique modulo the order of gi . Hence each
integer ni can be chosen in the range 0; 1; : : : ; mi 1 and within this range for the
element g the integer ni is unique.
From the previous lemma each nite abelian group splits into a direct product of
its p-primary components for different primes p. Hence to complete the proof of the
basis theorem we must show that any nite abelian group of order p m for some prime
p has a basis. We call an abelian group of order p m an abelian p-group.
Consider an abelian group G of order p m for a prime p. It is somewhat easier
to complete the proof if we consider the group using additive notation. That is the
operation is considered C, the identity as 0 and powers are given by multiples. Hence
if an element g 2 G has order p k then in additive notation p k g D 0. A set of
elements g1 ; : : : ; gk is then a basis for G if each g 2 G can be expressed uniquely as
g D m1 g1 C C mk gk where the mi are unique modulo the order of gi . We say
that the g1 ; : : : ; gk are independent and this is equivalent to the fact that whenever
m1 g1 C C mk gk D 0 then mi 0 modulo the order of gi . We now prove that
any abelian p-group has a basis.
Lemma 10.4.6. Let G be a nite abelian group of prime power order p n for some
prime p. Then G is a direct product of cyclic groups.
154
Notice that in the group G we have p n g D 0 for all g 2 G as a consequence of

Lagranges theorem. Further every element has order a power of p. The smallest
power of p say p r such that p r g D 0 for all g 2 G is called the exponent of G. Any
nite abelian p-group must have some exponent p r .
Proof. The proof of this lemma is by induction on the exponent.
The lowest possible exponent is p so suppose rst that pg D 0 for all g 2 G. Since
G is nite it has a nite system of generators. Let S D g1 ; : : : ; gk be a minimal set
of generators for G. We claim that this is a basis. Since this is a set of generators to
show its a basis we must show that they are independent. Hence suppose that we have
m1 g1 C C mk gk D 0
(1)
for some set of integers mi . Since the order of each gi is p, as explained above we
may assume that 0 mi < p for i D 1; : : : ; k. Suppose that one mi 0. Then
.mi ; p/ D 1 and hence there exists an xi with mi xi 1 mod p (see Chapter 4).
Multiplying the equation (1) by xi we get modulo p,
m1 xi g1 C C gi C C mk xi gk ;
and rearranging
gi D m1 xi g1 mk xk gk ;
But then gi can be expressed in terms of the other gj and therefore the set g1 ; : : : ; gk
is not minimal. It follows that g1 ; : : : ; gk constitute a basis and the lemma is true for
the exponent p.
Now suppose that any nite abelian group of exponent p n1 has a basis and assume that G has exponent p n . Consider the set G D pG D pg W g 2 G. It is
straightforward that this forms a subgroup (see exercises). Since p n g D 0 for all
g 2 G it follows that p n1 g D 0 for all g 2 G and so the exponent of G p n1 .
By the inductive hypothesis G has a basis
S D pg1 ; : : : ; pgk :
Consider the set g1 ; : : : ; gk and adjoin to this set the set of all elements h 2 G
satisfying ph D 0. Call this set S1 so that we have
S1 D g1 ; : : : ; gk ; h1 ; : : : ; h t :
We claim that S1 is a set of generators for G. Let g 2 G. Then pg 2 G which has
the basis pg1 ; : : : ; pgk so that
pg D m1 pg1 C C mk pgk :
This implies that
p.g m1 g1 mk gk / D 0
155
so that g1 m1 g1 mk gk must be one of the hi . Hence

g m 1 g 1 m k g k D hi
so that g D m1 g1 C C mk gk C hi
proving the claim.

Now S1 is nite so there is a minimal subset of S1 that is still a generating system
for G. Call this S0 and suppose that S0 , renumbering if necessary, is
S0 D g1 ; : : : ; gr ; h1 ; : : : ; hs with phi D 0 for i D 1; : : : ; s:
The subgroup generated by h1 ; : : : ; hs has exponent p so by inductive hypothesis has
a basis. We may assume than that h1 ; : : : ; hs is a basis for this subgroup and hence
is independent. We claim now that g1 ; : : : ; gr ; h1 ; : : : ; hs are independent and hence
form a basis for G.
Suppose that
m1 gr C C mr gr C n1 h1 C C ns hs D 0
(2)
for some integers m1 ; : : : ; mr ; h1 ; : : : ; hs . Each mi ; ni must be divisible by p. Suppose for example that some mi is not. Then .mi ; p/ D 1 and then .mi ; p n / D 1. This
implies that there exists an xi with mi xi 1 mod p n . Multiplying through by xi and
rearranging we then obtain
gi D m1 xi g1 ns xi hs :
Therefore gi can be expressed in terms of the remaining elements of S0 contradicting
the minimality of S0 . An identical argument works if some ni is not divisible by p.
Therefore the relation (2) takes the form
a1 pg1 C C ar pgr C b1 ph1 C C bs phs D 0:
(3)
Each of the terms phi D 0 so that (3) becomes

ap g1 C C ar pgr D 0:
The g1 ; : : : ; gr are independent and hence ai p D 0 for each i and hence ai D 0.
Now (2) becomes
n1 h1 C C ns hs D 0:
However h1 ; : : : ; hs are independent so each ni D 0 completing the claim.
Therefore the whole group G has a basis proving the lemma by induction.
For more details see the proof of the general result on modules over principal ideal
domains later in the book. There is also an additional elementary proof for the basis
theorem for nitely generated abelian groups.
156
10.5
Some Properties of Finite Groups
Classication is an extremely important concept in algebra. A large part of the theory

is devoted to classifying all structures of a given type, for example all UFDs. In most
cases this is not possible. Since for a given nite n there are only nitely many group
tables it is theoretically possible to classify all groups of order n. However even for
small n this becomes impractical. We close the chapter by looking at some further
results on nite groups and then using these to classify all the nite groups up to
order 10.
Before stating the classication we give some further examples of groups that are
needed.
Example 10.5.1. In Example 9.2.6 we saw that the symmetry group of an equilateral
triangle had 6 elements and is generated by elements r and f which satisfy the relations r 3 D f 2 D 1, f 1 rf D r 1 , where r is a rotation of 120 about the center
of the triangle and f is a reection through an altitude. This was called the dihedral
group D3 of order 6.
This can be generalized to any regular n-gon. If D is a regular n-gon, then the
symmetry group Dn has 2n elements and is called the dihedral group of order 2n. It
is generated by elements r and f which satisfy the relations r n D f 2 D 1, f 1 rf D
r n1 , where r is a rotation of 2
n about the center of the n-gon and f is a reection.
Hence, D4 , the symmetries of a square, has order 8 and D5 , the symmetries of a
regular pentagon, has order 10.
Example 10.5.2. Let i; j; k be the generators of the quaternions. Then we have
i 2 D j 2 D k 2 D 1;
.1/2 D 1
and
ij k D 1:
These elements then form a group of order 8 called the quaternion group denoted
by Q. Since ij k D 1 we have ij D j i , and the generators i and j satisfy the
relations i 4 D j 4 D 1, i 2 D j 2 , ij D i 2 j i .
We now state the main classication and then prove it in a series of lemmas.
Theorem 10.5.3. Let G be a nite group.
(a) If jGj D 2 then G Z2 .
(b) If jGj D 3 then G Z3 .
(c) If jGj D 4 then G Z4 or G Z2 Z2 .
(d) If jGj D 5 then G Z5 .
(e) If jGj D 6 then G Z6 Z2 Z3 or G D3 , the dihedral group with 6
elements. (Note D3 S3 the symmetric group on 3 symbols.)
(f) If jGj D 7 then G Z7 .
Section 10.5 Some Properties of Finite Groups
157
(g) If jGj D 8 then G Z8 or G Z4 Z2 or G Z2 Z2 Z2 or G D4 ,

the dihedral group of order 8, or G Q the quaternion group.
(h) If jGj D 9 then G Z9 or G Z3 Z3 .
(i) If jGj D 10 then G Z10 Z2 Z5 or G D5 , the dihedral group with
10 elements.
Recall from Section 10.1 that a nite group of prime order must be cyclic. Hence in
the theorem the cases jGj D 2; 3; 5; 7 are handled. We next consider the case where
G has order p 2 where p is a prime.
Denition 10.5.4. If G is a group then its center denoted Z.G/ is the set of elements
in G which commute with everything in G. That is
Z.G/ D g 2 G W gh D hg for any h 2 G:
Lemma 10.5.5. For any group G the following hold:
(a) The center Z.G/ is a normal subgroup.
(b) G D Z.G/ if and only if G is abelian.
(c) If G=Z.G/ is cyclic then G is abelian.
Proof. (a) and (b) are direct and we leave them to the exercises. Consider the case
where G=Z.G/ is cyclic. Then each coset of Z.G/ has the form g m Z.G/ where
g 2 G. Let a; b 2 G. Then since a; b are in cosets of the center we have a D g m u
and b D g n v with u; v 2 Z.G/. Then
ab D .g m u/.g n v/ D .g m g n /.uv/ D .g n g m /.vu/ D .g n v/.g m u/ D ba
since u; v commute with everything. Therefore G is abelian.
A p-group is any nite group of prime power order. We need the following. The
proof of this is based on what is called the class equation which we will prove in
Chapter 13.
Lemma 10.5.6. A nite p-group has a nontrivial center of order at least p.
Lemma 10.5.7. If jGj D p2 with p a prime then G is abelian and hence G Zp2
or G Zp Zp .
Proof. Suppose that jGj D p 2 . Then from the previous lemma G has a nontrivial
center and hence jZ.G/j D p or jZ.G/j D p 2 . If jZ.G/j D p 2 then G D Z.G/ and
G is abelian. If jZ.G/j D p then jG=Z.G/j D p. Since p is a prime this implies that
G=Z.G/ is cyclic and hence from Lemma 10.5.5 G is abelian.
158
Lemma 10.5.7 handles the cases n D 4 and n D 9. Therefore if jGj D 4 we

must have G Z4 or G Z2 Z2 and if jGj D 9 we must have G Z9 or
G Z 3 Z3 .
This leaves n D 6; 8; 10. We next handle 6 and 10.
Lemma 10.5.8. If G is any group where every nontrivial element has order 2 then G
is abelian.
Proof. Suppose that g 2 D 1 for all g 2 G. This implies that g D g 1 for all g 2 G.
Let a; b be arbitrary elements of G. Then
.ab/2 D 1 H) abab D 1 H) ab D b 1 a1 D ba:
Therefore a; b commute and G is abelian.
Lemma 10.5.9. If jGj D 6 then G Z6 or G D3 .
Proof. Since 6 D 2 3 if G was abelian then G Z2 Z3 . Notice that if an abelian
group has an element of order m and an element of order n with .n; m/ D 1 then it
has an element of order mn. Therefore for 6 if G is abelian there is an element of
order 6 and hence G Z2 Z3 Z6 .
Now suppose that G is nonabelian. The nontrivial elements of G have orders 2, 3
or 6. If there is an element of order 6 then G is cyclic and hence abelian. If every
element has order 2 then G is abelian. Therefore there is an element of order 3 say
g 2 G. The cyclic subgroup hgi D 1; g; g 2 then has index 2 in G and is therefore
normal. Let h 2 G with h hgi. Since g; g 2 both generate hgi we must have
jhgijjhhij
hgi \ hhi D 1. If h also had order 3 then jhg; hij D jhgi\hhij
D 9 which is
impossible. Therefore h must have order 2. Since hgi is normal we have h1 gh D g t
for t D 1; 2. If h1 gh D g then g; h commute and the group G is abelian. Therefore
h1 gh D g 2 D g 1 . It follows that g; h generate a subgroup of G satisfying
g 3 D h2 D 1;
h1 gh D g 1 :
This denes a subgroup of order 6 isomorphic to D3 and hence must be all of G.

Lemma 10.5.10. If jGj D 10 then G Z10 or G D5 .
Proof. The proof is almost identical to that for n D 6. Since 10 D 2 5 if G were
abelian G Z2 Z5 D Z10 .
Now suppose that G is nonabelian. As for n D 6, G must contain a normal cyclic
subgroup of order 5 say hgi D 1; g; g 2 ; g 3 ; g 4 . If h hgi then exactly as for
n D 6 it follows that h must have order 2 and h1 gh D g t for t D 1; 2; 3; 4. If
Section 10.5 Some Properties of Finite Groups
159
h1 gh D g then g; h commute and G is abelian. Notice that h1 D h. Suppose that
h1 gh D hgh D g 2 . Then
.hgh/3 D .g2 /3 D g 6 D g H) g D h2 gh2 D hg2 h D g4 H) g D 1
which is a contradiction. Similarly hgh D g 3 leads to a contradiction. Therefore
h1 gh D g4 D g 1 and g; h generate a subgroup of order 10 satisfying
g 5 D h2 D 1I
h1 gh D g1 :
Therefore this is all of G and is isomorphic to D5 .

This leaves the case n D 8 that is the most difcult. If jGj D 8 and G is abelian
then clearly G Z8 or G Z4 Z2 or G Z2 Z2 Z2 . The proof of
Theorem 10.5.3 is then completed with the following.
Lemma 10.5.11. If G is a nonabelian group of order 8 then G D4 or G Q.
Proof. The nontrivial elements of G have orders 2, 4 or 8. If there is an element of
order 8 then G is cyclic and hence abelian while if every element has order 2 then G
is abelian. Hence we may assume that G has an element of order 4 say g. Then hgi
has index 2 and is a normal subgroup. Suppose rst that G has an element h hgi of
order 2. Then
h1 gh D g t for some t D 1; 2; 3:
If h1 gh D g then as in the cases 6 and 10, hg; hi denes an abelian subgroup of
order 8 and hence G is abelian. If h1 gh D g2 then
.h1 gh/2 D .g 2 /2 D g4 D 1 H) g D h2 gh2 D h1 g 2 h D g 4 H) g 3 D 1
contradicting the fact that g has order 4. Therefore h1 gh D g 3 D g 1 . It follows
that g; h dene a subgroup of order 8 isomorphic to D4 . Since jGj D 8 this must be
all of G and G D4 .
Therefore we may now assume that every element h 2 G with h hgi has order 4.
Let h be such an element. Then h2 has order 2 so h2 2 hgi which implies that
h2 D g 2 . This further implies that g 2 is central, that is commutes with everything.
Identifying g with i , h with j and g 2 with 1 we get that G is isomorphic to Q
completing Lemma 10.5.11 and the proof of Theorem 10.5.3.
In principle this type of analysis can be used to determine the structure of any nite
group although it quickly becomes impractical. A major tool in this classication
is the following important result known as the Sylow theorem which now we just
state. We will prove this theorem in Chapter 13. If jGj D p m n with p a prime and
.n; p/ D 1 then a subgroup of G of order p m is called a p-Sylow subgroup. It is not
clear at rst that a group will contain p-Sylow subgroups.
160
Theorem 10.5.12 (Sylow theorem). Let jGj D p m n with p a prime and .n; p/ D 1.
(a) G contains a p-Sylow subgroup.
(b) All p-Sylow subgroups of G are conjugate G.
(c) Any p-subgroup of G is contained in a p-Sylow subgroup.
(d) The number of p-Sylow subgroups of G is of the form 1 C pk and divides n.
10.6
Exercises
1. Prove that if G is cyclic then any factor group of G is also cyclic.

2. Prove that for any group G the center Z.G/ is a normal subgroup and G D Z.G/
if and only if G is abelian.
3. Let U1 and U2 be subgroups of a group G. Let x; y 2 G. Show:
(i) If xU1 D yU2 then U1 D U2 .
(ii) Give an example to show that xU1 D U2 x does not imply U1 D U2 .
4. Let U; V be subgroups of a group G. Let x; y 2 G. If UxV \ UyV ; then
UxV D UyV .
5. Let N be a cyclic normal subgroup of the group G. Then all subgroups of N are
normal subgroups of G. Give an example to show that the statement is not correct
if N is not cyclic.
6. Let N1 and N2 be normal subgroups of G. Show:
(i) If all elements in N1 and N2 have nite order, then also the elements of
N1 N 2 .
e
(ii) Let e1 ; e2 2 N. If ni i D 1 for all ni 2 Ni (i D 1; 2), then x e1 e2 D 1 for all
x 2 N 1 N2 .
7. Find groups N1 ; N2 and G with N1 G N2 G G, but N1 is not a normal subgroup

of G.
8. Let G be a group generated by a and b and let bab 1 D ar and an D 1 for
suitable r 2 Z; n 2 N. Show:
(i) The subgroup A WD hai is a normal subgroup of G.
(ii) G=A D hbAi.
(iii) G D b j ai W i; j 2 Z.
9. Prove that any group of order 24 cannot be simple.
Chapter 11
Symmetric and Alternating Groups
11.1
Symmetric Groups and Cycle Decomposition
Groups most often appear as groups of transformations or permutations on a set. In

Galois Theory groups will appear as permutation groups on the zeros of a polynomial.
In Section 9.3 we introduced permutation groups and the symmetric group Sn . In this
chapter we look more carefully at the structure of Sn and for each n introduce a very
important normal subgroup An of Sn called the alternating group on n symbols.
Recall that if A is a set, a permutation on A is a one-to-one mapping of A onto
itself. The set SA of all permutations on A forms a group under composition called
the symmetric group on A. If jAj > 2 then SA is nonabelian. Further if A; B have the
same cardinality, then SA SB .
If jAj D n then jSA j D n and in this case we denote SA by Sn , called the symmetric
group on n symbols. For example jS3 j D 6. In Example 9.3.5 we showed that the six
elements of S3 can be given by:

1 2 3
1 2 3
1 2 3
1D
;
aD
;
bD
1 2 3
2 3 1
3 1 2

1 2 3
1 2 3
1 2 3
cD
;
dD
;
eD
:
2 1 3
3 2 1
1 3 2
Further we saw that S3 has a presentation given by
a3 D c 2 D 1, ac D ca2 .
In general a permutation group is any subgroup of SA for a set A.
For the remainder of this chapter we will only consider nite symmetric groups Sn
and always consider the set A as A D 1; 2; 3; : : : ; n.
Denition 11.1.1. Suppose that f is a permutation of A D 1; 2; : : : ; n, which has
the following effect on the elements of A: There exists an element a1 2 A such that
f .a1 / D a2 , f .a2 / D a3 , . . . , f .ak1 / D ak , f .ak / D a1 , and f leaves all other
elements (if there are any) of A xed, i.e., f .aj / D aj for aj ai , i D 1; 2; : : : ; k.
Such a permutation f is called a cycle or a k-cycle.
162
Chapter 11 Symmetric and Alternating Groups
We use the following notation for a k-cycle, f , as given above:

f D .a1 ; a2 ; : : : ; ak /:
The cycle notation is read from left to right, it says f takes a1 into a2 , a2 into a3 ,
etc., and nally ak , the last symbol, into a1 , the rst symbol. Moreover, f leaves all
the other elements not appearing in the representation above xed.
Note that one can write the same cycle in many ways using this type of notation;
e.g., f D .a2 ; a3 ; : : : ; ak ; a1 /. In fact any cyclic rearrangement of the symbols gives
the same cycle. The integer k is the length of the cycle. Note we allow a cycle to have
length 1, i.e., f D .a1 /, for instance, this is just the identity map. For this reason, we
will usually designate the identity of Sn by .1/ or just 1. (Of course, it also could be
written as .ai / where ai 2 A.)
If f and g are two cycles, they are called disjoint cycles if the elements moved by
one are left xed by the other, that is, their representations contain different elements
of the set A (their representations are disjoint as sets).
Lemma 11.1.2. If f and g are disjoint cycles, then they must commute, that is, fg D
gf .
Proof. Since the cycles f and g are disjoint, each element moved by f is xed by
g and vice versa. First suppose f .ai / ai . This implies that g.ai / D ai and
f 2 .ai / f .ai /. But since f 2 .ai / f .ai /, g.f .ai // D f .ai /. Thus .fg/.ai / D
f .g.ai // D f .ai / while .gf /.ai / D g.f .ai // D f .ai /. Similarly if g.aj / aj ,
then .fg/.aj / D .gf /.aj /. Finally, if f .ak / D ak and g.ak / D ak then clearly
.fg/.ak / D ak D .gf /.ak /. Thus gf D fg.
Before proceeding further with the theory, let us consider a specic example. Let
A D 1; 2; : : : ; 8 and let

1 2 3 4 5 6 7 8
f D
:
2 4 6 5 1 7 3 8
We pick an arbitrary number from the set A, say 1. Then f .1/ D 2, f .2/ D 4,
f .4/ D 5, f .5/ D 1. Now select an element from A not in the set 1; 2; 4; 5, say 3.
Then f .3/ D 6, f .6/ D 7, f .7/ D 3. Next select any element of A not occurring in
the set 1; 2; 4; 5 [ 3; 6; 7. The only element left is 8, and f .8/ D 8. It is clear that
we can now write the permutation f as a product of cycles:
f D .1; 2; 4; 5/.3; 6; 7/.8/
Section 11.1 Symmetric Groups and Cycle Decomposition
163
where the order of the cycles is immaterial since they are disjoint and therefore commute. It is customary to omit such cycles as .8/ and write f simply as
f D .1245/.367/
with the understanding that the elements of A not appearing are left xed by f .
It is not difcult to generalize what was done here for a specic example, and show
that any permutation f can be written uniquely, except for order, as a product of
disjoint cycles. Thus let f be a permutation on the set A D 1; 2; : : : ; n, and let
a1 2 A. Let f .a1 / D a2 , f 2 .a1 / D f .a2 / D a3 , etc., and continue until a repetition
is obtained. We claim that this rst occurs for a1 , that is, the rst repetition is say
f k .a1 / D f .ak / D akC1 D a1 . For suppose the rst repetition occurs at the k-th
iterate of f and
f k .a1 / D f .ak / D akC1 ;
and akC1 D aj , where j < k. Then
f k .a1 / D f j 1 .a1 /;
and so f kj C1 .a1 / D a1 . However, k j C1 < k if j 1, and we assumed that the
rst repetition occurred for k. Thus, j D 1 and so f does cyclically permute the set
a1 ; a2 ; : : : ; ak . If k < n, then there exists b1 2 A such that b1 a1 ; a2 ; : : : ; ak
and we may proceed similarly with b1 . We continue in this manner until all the
elements of A are accounted for. It is then seen that f can be written in the form
f D .a1 ; : : : ; ak /.b1 ; : : : ; b` /.c1 ; : : : ; cm / .h1 ; : : : ; h t /:
Note that all powers f i .a1 / belong to the set a1 D f 0 .a1 / D f k .a1 /; a2 D
f 1 .a1 /; : : : ; ak D f k1 .a1 /, all powers f i .b1 / belong to the set b1 D f 0 .b1 / D
f ` .b1 /; b2 D f 1 .b1 /; : : : ; b` D f `1 .b1 /; : : : . Here, by denition, b1 is the smallest element in 1; 2; : : : ; n which does not belong to a1 D f 0 .a1 / D f k .a1 /; a2 D
f 1 .a1 /; : : : ; ak D f k1 .a1 /, c1 is the smallest element in 1; 2; : : : ; n which does
not belong to
a1 D f 0 .a1 / D f k .a1 /; a2 D f 1 .a1 /; : : : ; ak D f k1 .a1 /
[ b1 D f 0 .b1 / D f ` .b1 /; b2 D f 1 .b1 /; : : : ; b` D f `1 .b1 /:
Therefore by construction, all the cycles are disjoint. From this it follows that k C ` C
m C C t D n. It is clear that this factorization is unique except for the order of the
factors since it tells explicitly what effect f has on each element of A.
In summary we have proven the following result.
Theorem 11.1.3. Every permutation of Sn can be written uniquely as a product of
disjoint cycles (up to order).
164
Example 11.1.4. The elements of S3 can be written in cycle notation as 1 D .1/;

.1; 2/; .1; 3/; .2; 3/; .1; 2; 3/; .1; 3; 2/. This is the largest symmetric group which consists entirely of cycles.
In S4 , for example, the element .1; 2/.3; 4/ is not a cycle.
Suppose we multiply two elements of S3 say .1; 2/ and .1; 3/. In forming the product or composition here, we read from right to left. Thus to compute .1; 2/.1; 3/: We
note the permutation .1; 3/ takes 1 into 3 and then the permutation .1; 2/ takes 3 into 3
so the composite .1; 2/.1; 3/ takes 1 into 3. Continuing the permutation .1; 3/ takes 3
into 1 and then the permutation .1; 2/ takes 1 into 2, so the composite .1; 2/.1; 3/
takes 3 into 2. Finally .1; 3/ takes 2 into 2 and then .1; 2/ takes 2 into 1 so .1; 2/.1; 3/
takes 2 into 1. Thus we see
.1; 2/.1; 3/ D .1; 3; 2/:
As another example of this cycle multiplication consider the product in S5 ,
.1; 2/.2; 4; 5/.1; 3/.1; 2; 5/:
Reading from right to left 1 7! 2 7! 2 7! 4 7! 4 so 1 7! 4. Now 4 7! 4 7! 4 7!
5 7! 5 so 4 7! 5. Next 5 7! 1 7! 3 7! 3 7! 3 so 5 7! 3. Then 3 7! 3 7! 1 7! 1 7! 2
so 3 7! 2. Finally 2 7! 5 7! 5 7! 2 7! 1, so 2 7! 1. Since all the elements of
A D 1; 2; 3; 4; 5 have been accounted for, we have
.1; 2/.2; 4; 5/.1; 3/.1; 2; 5/ D .1; 4; 5; 3; 2/:
Let f 2 Sn . If f is a cycle of length 2, i.e., f D .a1 ; a2 / where a1 ; a2 2 A, then
f is called a transposition. Any cycle can be written as a product of transpositions,
namely
.a1 ; : : : ; ak / D .a1 ; ak /.a1 ; ak1 / .a1 ; a2 /:
From Theorem 11.1.3 any permutation can be written in terms of cycles, but from
the above any cycle can be written as a product of transpositions. Thus we have the
following result.
Theorem 11.1.5. Let f 2 Sn be any permutation of degree n. Then f can be written
as a product of transpositions.
11.2
Parity and the Alternating Groups
If f is a permutation with a cycle decomposition

.a1 ; : : : ; ak /.b1 ; : : : ; bj / .m1 ; : : : ; m t /
then f can be written as a product of
W .f / D .k 1/ C .j 1/ C C .t 1/
Section 11.2 Parity and the Alternating Groups
165
transpositions. The number W .f / is uniquely associated with the permutation f

since f is uniquely represented (up to order) as a product of disjoint cycles. However,
there is nothing unique about the number of transpositions occurring in an arbitrary
representation of f as a product of transpositions. For example in S3
.1; 3; 2/ D .1; 2/.1; 3/ D .1; 2/.1; 3/.1; 2/.1; 2/;
since .1; 2/.1; 2/ D .1/, the identity permutation of S3 .
Although the number of transpositions is not unique in the representation of a permutation, f , as a product of transpositions, we shall show, however, that the parity
(even or oddness) of that number is unique. Moreover, this depends solely on the
number W .f / uniquely associated with the representation of f . More explicitly, we
have the following result.
Theorem 11.2.1. If f is a permutation written as a product of disjoint cycles and if
W .f / is the associated integer given above, then if W .f / is even (odd) any representation of f as a product of transpositions must contain an even (odd) number of
transpositions.
Proof. We rst observe the following:
.a; b/.b; c1 ; : : : ; c t /.a; b1 ; : : : ; bk / D .a; b1 ; : : : ; bk ; b; c1 ; : : : ; c t /;
.a; b/.a; b1 ; : : : ; bk ; b; c1 ; : : : ; c t / D .a; b1 ; : : : ; bk /.b; c1 ; : : : ; c t /:
Suppose now that f is represented as a product of disjoint cycles, where we include
all the 1-cycles of elements of A which f xes, if any. If a and b occur in the same
cycle in this representation for f ,
f D .a; b1 ; : : : ; bk ; b; c1 ; : : : ; c t / ;
then in the computation of W .f / this cycle contributes k C t C 1. Now consider
.a; b/f . Since the cycles are disjoint and disjoint cycles commute,
.a; b/f D .a; b/.a; b1 ; : : : ; bk ; b; c1 ; : : : ; c t /
since neither a nor b can occur in any factor of f other than .a; b1 ; : : : ; bk ; b; c1 ;
: : : ; c t /. So that .a; b/ cancels out and we nd that .a; b/f D .b; c1 ; : : : ; c t /.a; b1 ;
: : : ; bk / . Since W ..b; c1 ; : : : ; c t /.a; b1 ; : : : ; bk // D k C t but W .a; b1 ; : : : ; bk ; b;
c1 ; : : : ; c t / D k C t C 1, we have W ..a; b/f / D W .f / 1.
A similar analysis shows that in the case where a and b occur in different cycles in
the representation of f , then W ..a; b/f / D W .f / C 1. Combining both cases, we
have
W ..a; b/f / D W .f / 1:
166
Now let f be written as a product of m transpositions, say

f D .a1 ; b1 /.a2 ; b2 / .am ; bm /:
Then
.am ; bm / .a2 ; b2 /.a1 ; b1 /f D 1:
Iterating this, together with the fact that W .1/ D 0, shows that
W .f /.1/.1/.1/ .1/ D 0;
where there are m terms of the form 1. Thus
W .f / D .1/.1/ .1/;
m times. Note if exactly p are C and q D m p are then m D p C q and
W .f / D p q. Hence m W .f / .mod 2/. Thus, W .f / is even if and only if m is
even and this completes the proof.
It now makes sense to state the following denition since we know that the parity
is indeed unique.
Denition 11.2.2. A permutation f 2 Sn is said to be even if it can be written as a
product of an even number of transpositions. Similarly, f is called odd if it can be
written as a product of an odd number of transpositions.
Denition 11.2.3. On the group Sn we dene the sign function sgn W Sn ! .Z2 ; C/
by sgn./ D 0 if is an even permutation and sgn./ D 1 if is an odd permutation.
We note that if f and g are even permutations then so are fg and f 1 and also
the identity permutation is even. Further if f is even and g is odd it is clear that fg
is odd. From this it is straightforward to establish the following.
Lemma 11.2.4. sgn is a homomorphism from Sn onto .Z2 ; C/.
We now let
An D 2 Sn W sgn./ D 0:
That is, An is precisely the set of even permutations in Sn .
Theorem 11.2.5. For each n 2 N the set An forms a normal subgroup of index 2 in
Sn called the alternating group on n symbols. Further jAn j D n
2.
Proof. By Lemma 11.2.4 sgn W Sn ! .Z2 ; C/ is a homomorphism. Then ker.sgn/ D
An and therefore An is a normal subgroup of Sn . Since im.sgn/ D Z2 we have
jim.sgn/j D 2 and hence jSn =An j D 2. Therefore Sn W An D 2. Since jSn j D n
then jAn j D n
2 follows from Lagranges theorem.
167
Section 11.3 Conjugation in Sn
11.3
Conjugation in Sn
Recall that in a group G two elements x; y 2 G are conjugates if there exists a g 2 G

with g 1 xg D y. Conjugacy is an equivalence relation on G. In the symmetric
groups Sn it is easy to determine if two elements are conjugates. We say that two
permutations in Sn have the same cycle structure if they have the same number of
cycles and the lengths are the same. Hence for example in S8 the permutations
1 D .1; 3; 6; 7/.2; 5/ and
2 D .2; 3; 5; 6/.1; 8/
have the same cycle structure. In particular if 1 ; 2 are two permutations in Sn then
1 ; 2 are conjugates if and only if they have the same cycle structure. Therefore in
S8 the permutations
1 D .1; 3; 6; 7/.2; 5/ and
2 D .2; 3; 5; 6/.1; 8/
are conjugates.
Lemma 11.3.1. Let
D .a11 ; a12 ; : : : ; a1k1 / .as1 ; as2 ; : : : ; asks /
the image of a
be the cycle decomposition of 2 Sn . Let 2 Sn and denote by aij
ij
under . Then

1 D .a11
; a12
; : : : ; a1k
/ .as1
; as2
; : : : ; ask
/:
1
s
Proof. (a) Consider a11 then operating on the left like functions we have

/ D .a11 / D .a12 / D a12
:
1 .a11
The same computation then follows for all the symbols aij proving the lemma.
Theorem 11.3.2. Two permutations 1 ; 2 2 Sn are conjugates if and only if they
are of the same cycle structure.
Proof. Suppose that 2 D 1 1 . Then from Lemma 11.3.1 we have that 1 and
2 are of the same cycle structure.
Conversely suppose that 1 and 2 are of the same cycle structure. Let
1 D .a11 ; a12 ; : : : ; a1k1 / .as1 ; as2 ; : : : ; asks /
2 D .b11 ; b12 ; : : : ; b1k1 / .bs1 ; bs2 ; : : : ; bsks /
where we place the cycles of the same length under each other. Let be the permutation in Sn that maps each symbol in 1 to the digit below it in 2 . Then from
Lemma 11.3.1 we have 1 1 D 2 and hence 1 and 2 are conjugate.
168
11.4
The Simplicity of An
A simple group is a group G with no nontrivial proper normal subgroups. Up to this

point the only examples we have of simple groups are cyclic groups of prime order.
In this section we prove that if n 5 each alternating group An is a simple group.
Theorem 11.4.1. For each n 3 each 2 An is a product of cycles of length 3.
Proof. Let 2 An . Since is a product of an even number of transpositions to prove
the theorem it sufces to show that if 1 ; 2 are transpositions then 1 2 is a product
of 3-cycles.
Suppose that a; b; c; d are different digits in 1; : : : ; n. There are three cases to
consider. First:
Case (1): .a; b/.a; b/ D 1 D .1; 2; 3/0
and hence it is true here.
Next:
Case (2):
.a; b/.b; c/ D .c; a; b/
and hence it is true here also.

Finally:
Case (3):
.a; b/.c; d / D .a; b/.b; c/.b; c/.c; d / D .c; a; b/.c; d; b/
since .b; c/.b; c/ D 1. Therefore it is true here also proving the theorem.
Now our main result:
Theorem 11.4.2. For n 5 the alternating group An is a simple nonabelian group.
Proof. Suppose that N is a nontrivial normal subgroup of An with n 5. We show
that N D An and hence that An is simple.
We claim rst that N must contain a 3-cycle. Let 1 2 N then is not a
transposition since 2 An . Therefore moves at least 3 digits. If moves exactly
3 digits then it is a 3-cycle and we are done. Suppose then that moves at least 4
digits. Let D 1 r with i disjoint cycles.
Case (1): There is a i D .: : : ; a; b; c; d /. Set D .a; b; c/ 2 An . Then
1 D i i1 D .b; c; d /:
However from Lemma 11.3.1 .b; c; d / D .ai ; b i ; c i /. Further since 2 N and N
is normal we have
. 1 1 / D .b; c; d /.a; c; b/ D .a; d; b/:
Therefore in this case N contains a 3-cycle.
169
Section 11.4 The Simplicity of An
Case (2): There is a i which is a 3-cycle. Then

D .a; b; c/.d; e; : : :/:
Now set D .a; b; d / 2 An and then
1 D .b; c; e/ D .a ; b ; d /
and
1 1 D .a; b; d /.b; c; e/ D .b; c; e; d; a/ 2 N:
Now use Case (1). Therefore in this case N has a 3-cycle.

In the nal case is a disjoint product of transpositions.
Case (3): D .a; b/.c; d / . Since n 5 there is an e a; b; c; d . Let
D .a; c; e/ 2 An . Then
1 D .b; d; e1 /
with e1 D e b; d:
However .a ; c ; e / D .b; d; e1 /. Let

D . 1 / 1 . This is in N since N is
normal. If e D e1 then
D .e; c; a/.b; d; e/ D .a; e; b; d; c/ and we can use Case (1)
to get that N contains a 3-cycle. If e e1 then D .e; c; a/.b; d; e1 / 2 N and then
we can use Case (2) to obtain that N contains a 3-cycle.
These three cases show that N must contain a 3-cycle.
If N is normal in An then from the argument above N contains a 3-cycle . However from Theorem 11.3.2 any two 3-cycles in Sn are conjugate. Hence is conjugate
to any other 3-cycle in Sn . Since N is normal and 2 N each of these conjugates
must also be in N . Therefore N contains all 3-cycles in Sn . From Theorem 11.4.1
each element of An is a product of 3-cycles. It follows then that each element of An
is in N . However since N An this is only possible if N D An completing the
proof.
Theorem 11.4.3. Let p be a prime and U Sp a subgroup. Let be a transposition
and a p-cycle with ; 2 U . Then U D Sp .
Proof. Suppose without loss of generality that D .1; 2/. Since ; 2 ; : : : ; p1
are p-cycles with no xed points then there is an i with i .1/ D 2. Without loss of
generality we may then assume that D .1; 2; a3 ; : : : ; ap /. Let

1 2 a3 ap
:
D
1 2 3 p
Then from Lemma 10.3.4 we have
1 D .1; 2; : : : ; p/:
Further .1; 2/ 1 D .1; 2/. Hence U1 D U 1 contains .1; 2/ and .1; 2; : : : ; p/.
170
Now we have
.1; 2; : : : ; p/.1; 2/.1; 2; : : : ; p/1 D .2; 3/ 2 U1 :
Analogously
.1; 2; : : : ; p/.2; 3/.1; 2; : : : ; p/1 D .3; 4/ 2 U1 ;
and so on until
.1; 2; : : : ; p/.p 2; p 1/.1; 2; : : : ; p/1 D .p 1; p/ 2 U1 :
Hence the transpositions .1; 2/; .2; 3/; : : : ; .p 1; p/ 2 U1 . Moreover
.1; 2/.2; 3/.1; 2/ D .1; 3/ 2 U1 :
In an identical fashion each .1; k/ 2 U1 . Then for any digits s; t we have
.1; s/.1; t /.1; s/ D .s; t / 2 U1 :
Therefore U1 contains all the transpositions of Sp and hence U1 D Sp . Since U D
U1 1 we must have U D Sp also.
11.5
Exercises
1. Show that for n 3 the group An is generated by .12k/ W k 3.

2. Let D .k1 ; : : : ; ks / 2 Sn be a permutation. Show that theorder of is the least
common multiple of k1 ; : : : ; ks . Compute the order of D 12 26 35 41 53 64 77 2 S7 .
3. Let G D S4 .
(i) Determine a noncyclic subgroup H of order 4 of G.
(ii) Show that H is normal.
(iii) Show that f .g/.h/ WD ghg1 denes an epimorphism f W G ! Aut.H / for
g 2 G and h 2 H . Determine its kernel.
4. Show that all subgroups of order 6 of S4 are conjugate.
Chapter 12
Solvable Groups
12.1
Solvability and Solvable Groups
The original motivation for Galois theory grew out of a famous problem in the theory
of equations. This problem was to determine the solvability or insolvability of a polynomial equation of degree 5 or higher in terms of a formula involving the coefcients
of the polynomial and only using algebraic operations and radicals. This question
arose out of the well-known quadratic formula.
The ability to solve quadratic equations and in essence the quadratic formula was
known to the Babylonians some 3600 years ago. With the discovery of imaginary
numbers, the quadratic formula then says that any degree two polynomial over C can
be solved by radicals in terms of the coefcients. In the sixteenth century the Italian
mathematician Niccolo Tartaglia discovered a similar formula in terms of radicals to
solve cubic equations. This cubic formula is now known erroneously as Cardanos
formula in honor of Cardano, who rst published it in 1545. An earlier special version of this formula was discovered by Scipione del Ferro. Cardanos student Ferrari
extended the formula to solutions by radicals for fourth degree polynomials. The
combination of these formulas says that polynomial equations of degree four or less
over the complex numbers can be solved by radicals.
From Cardanos work until the very early nineteenth century, attempts were made
to nd similar formulas for degree ve polynomials. In 1805 Rufni proved that fth
degree polynomial equations are insolvable by radicals in general. Therefore there
exists no comparable formula for degree 5. Abel in 18251826 and Galois in 1831
extended Rufnis result and proved the insolubility by radicals for all degrees ve or
greater. In doing this, Galois developed a general theory of eld extensions and its
relationship to group theory. This has come to be known as Galois theory and is really
the main focus of this book.
The solution of the insolvability of the quintic and higher involved a translation of
the problem into a group theory setting. For a polynomial equation to be solvable by
radicals its corresponding Galois group (a concept we will introduce in Chapter 16)
must be a solvable group. This is a group with a certain dened structure. In this
chapter we introduce and discuss this class of groups.
172
12.2
Chapter 12 Solvable Groups
Solvable Groups
A normal series for a group G is a nite chain of subgroups beginning with G and
ending with the identity subgroup 1
G D G0 G1 G2 1
in which each Gi C1 is a proper normal subgroup of Gi . The factor groups Gi =Gi C1
are called the factors of the series and n is the length of the series.
Denition 12.2.1. A group G is solvable if it has a normal series with abelian factors,
that is Gi =Gi C1 is abelian for all i D 0; 1; : : : ; n. Such a normal series is called a
solvable series.
If G is an abelian group then G D G0 1 provides a solvable series. Hence
any abelian group is solvable. Further the symmetric group S3 on 3-symbols is also
solvable however nonabelian. Consider the series
S3 A3 1:
Since jS3 j D 6 we have jA3 j D 3 and hence A3 is cyclic and therefore abelian.
Further jS3 =A3 j D 2 and hence the factor group S3 =A3 is also cyclic and hence
abelian. Therefore the series above gives a solvable series for S3 .
Lemma 12.2.2. If G is a nite solvable group then G has a normal series with cyclic
factors.
Proof. If G is a nite solvable group then by denition it has a normal series with
abelian factors. Hence to prove the lemma it sufces to show that a nite abelian
group has a normal series with cyclic factors.
Let A be a nontrivial nite abelian group. We do an induction on the order of A. If
jAj D 2 then A itself is cyclic and the result follows. Suppose that jAj > 2. Choose
an 1 a 2 A. Let N D hai so that N is cyclic. Then we have the normal series
A N 1 with A=N abelian. Further A=N has order less than A so A=N has a
normal series with cyclic factors and the result follows.
Solvability is preserved under subgroups and factor groups.
Theorem 12.2.3. Let G be a solvable group. Then:
(1) Any subgroup H of G is also solvable.
(2) Any factor group G=N of G is also solvable.
173
Section 12.2 Solvable Groups
Proof. (1) Let G be a solvable group and suppose that

G D G0 G1 Gr 1
is a solvable series for G. Hence Gi C1 is a normal subgroup of Gi for each i and the
factor group Gi =Gi C1 is abelian.
Now let H be a subgroup of G and consider the chain of subgroups
H D H \ G0 H \ G1 H \ Gr 1:
Since GiC1 is normal in Gi we know that H \ Gi C1 is normal in H \ Gi and hence
this gives a nite normal series for H . Further from the second isomorphism theorem
we have for each i ,
.H \ Gi /=.H \ Gi C1 / D .H \ Gi /=..H \ Gi / \ Gi C1 /
.H \ Gi /Gi C1 =Gi C1 Gi =Gi C1 :
However Gi =GiC1 is abelian so each factor in the normal series for H is abelian.
Therefore the above series is a solvable series for H and hence H is also solvable.
(2) Let N be a normal subgroup of G. Then from (1) N is also solvable. As above
let
G D G0 G1 Gr 1
be a solvable series for G. Consider the chain of subgroups
G=N D G0 N=N G1 N=N Gr N=N N=N D 1:
Let m 2 Gi1 ; n 2 N . Then since N is normal in G,
.mn/1 Gi N.mn/ D n1 m1 Gi mnN D n1 Gi nN
D n1 NGi D NGi D Gi N:
It follows that Gi C1 N is normal in Gi N for each i and therefore the series for G=N
is a normal series.
Further, again from the isomorphism theorems
.Gi N=N /=.Gi C1 N=N / Gi =.Gi \ Gi C1 N /
.Gi =Gi C1 =..Gi \ Gi C1 N /=Gi C1 /:
However the last group .Gi =Gi C1 =..Gi \ Gi C1 N /=Gi C1 / is a factor group of the
group Gi =GiC1 which is abelian. Hence this last group is also abelian and therefore
each factor in the normal series for G=N is abelian. Hence this series is a solvable
series and G=N is solvable.
174
The following is a type of converse of the above theorem.

Theorem 12.2.4. Let G be group and H a normal subgroup of G. If both H and
G=H are solvable then G is solvable.
Proof. Suppose that
H D H0 H1 Hr 1
G=H D G0 =H G1 =H Gs =H H=H D 1
are solvable series for H and G=H respectively. Then
G D G0 G1 Gs D H H1 1
gives a normal series for G. Further from the isomorphism theorems again
Gi =Gi C1 .Gi =H /=.Gi C1 =H /
and hence each factor is abelian. Therefore this is a solvable series for G and hence
G is solvable.
This theorem allows us to prove that solvability is preserved under direct products.
Corollary 12.2.5. Let G and H be solvable groups. Then their direct product G H
is also solvable.
Proof. Suppose that G and H are solvable groups and K D G H . Recall from
Chapter 10 that G can be considered as a normal subgroup of K with K=G H .
Therefore G is a solvable subgroup of K and G=K is a solvable quotient. It follows
then from Theorem 12.2.4 that K is solvable.
We saw that the symmetric group S3 is solvable. However the following theorem
shows that the symmetric group Sn is not solvable for n 5. This result will be
crucial to the proof of the insolvability of the quintic and higher.
Theorem 12.2.6. For n 5 the symmetric group Sn is not solvable.
Proof. For n 5 we saw that the alternating group An is simple. Further An is nonabelian. Hence An cannot have a nontrivial normal series and so no solvable series.
Therefore An is not solvable. If Sn were solvable for n 5 then from Theorem 12.2.3
An would also be solvable. Therefore Sn must also be nonsolvable for n 5.
In general for a simple, solvable group we have the following.
Lemma 12.2.7. If a group G is both simple and solvable then G is cyclic of prime
order.
Section 12.3 The Derived Series
175
Proof. Suppose that G is a nontrivial simple, solvable group. Since G is simple the
only normal series for G is G D G0 1. Since G is solvable the factors are abelian
and hence G is abelian. Again since G is simple G must be cyclic. If G were innite
then G .Z; C/. However then 2Z is a proper normal subgroup, a contradiction.
Therefore G must be nite cyclic. If the order were not prime then for each proper
divisor of the order there would be a nontrivial proper normal subgroup. Therefore G
must be of prime order.
In general a nite p-group is solvable.
Theorem 12.2.8. A nite p-group G is solvable.
Proof. Suppose that jGj D p n . We do this by induction on n. If n D 1 then jGj D p
and G is cyclic, hence abelian and therefore solvable. Suppose that n > 1. Then as
used previously G has a nontrivial center Z.G/. If Z.G/ D G then G is abelian and
hence solvable. If Z.G/ G then Z.G/ is a nite p-group of order less than pn .
From our inductive hypothesis Z.G/ must be solvable. Further G=Z.G/ is then also
a nite p-group of order less than p n so it is also solvable. Hence Z.G/ and G=Z.G/
are both solvable so from Theorem 12.2.4 G is solvable.
12.3
The Derived Series
Let G be a group and let a; b 2 G. The product aba1 b 1 is called the commutator
of a and b. We write a; b D aba1 b 1 .
Clearly a; b D 1 if and only if a and b commute.
Denition 12.3.1. Let G 0 be the subgroup of G which is generated by the set of all
commutators
G 0 D gp.x; y W x; y 2 G/:
G 0 is called the commutator or (derived) subgroup of G. We sometimes write G 0 D
G; G.
Theorem 12.3.2. For any group G the commutator subgroup G 0 is a normal subgroup of G and G=G 0 is abelian. Further if H is a normal subgroup of G then G=H
is abelian if and only if G 0 H .
Proof. The commutator subgroup G 0 consists of all nite products of commutators
and inverses of commutators. However
a; b1 D .aba1 b 1 /1 D bab 1 a1 D b; a
176
and so the inverse of a commutator is once again a commutator. It then follows that
G 0 is precisely the set of all nite products of commutators, i.e., G 0 is the set of all
elements of the form
h 1 h2 h n
where each hi is a commutator of elements of G.
If h D a; b for a; b 2 G, and x 2 G, xhx 1 D xax 1 ; xbx 1 is again
a commutator of elements of G. Now from our previous comments, an arbitrary
element of G 0 has the form h1 h2 hn , where each hi is a commutator. Thus
x.h1 h2 hn /x 1 D .xh1 x 1 /.xh2 x 1 / .xhn x 1 / and, since by the above each
xhi x 1 is a commutator, x.h1 h2 hn /x 1 2 G 0 . It follows that G 0 is a normal
subgroup of G.
Consider the factor group G=G 0 . Let aG 0 and bG 0 be any two elements of G=G 0 .
Then
aG 0 ; bG 0 D aG 0 bG 0 .aG 0 /1 .bG 0 /1
D aG 0 bG 0 a1 G 0 b 1 G 0 D aba1 b 1 G 0 D G 0
since a; b 2 G 0 . In other words, any two elements of G=G 0 commute and therefore
G=G 0 is abelian.
Now let N be a normal subgroup of G with G=N abelian. Let a; b 2 G then aN
and bN commute since G=N is abelian. Therefore
aN; bN D aN bNa1 N b 1 N D aba1 b 1 N D N:
It follows that a; b 2 N . Therefore all commutators of elements in G lie in N and
therefore the commutator subgroup G 0 N .
From the second part of Theorem 12.3.2 we see that G 0 is the minimal normal
subgroup of G such that G=N is abelian. We call G=G 0 D Gab the abelianization
of G.
We consider next the following inductively dened sequence of subgroups of an
arbitrary group G called the derived series.
Denition 12.3.3. For an arbitrary group G dene G .0/ D G and G .1/ D G 0 and
then inductively G .nC1/ D .G .n/ /0 . That is G .nC1/ is the commutator subgroup or
derived group of G .n/ . The chain of subgroups
G D G .0/ G .1/ G .n/
is called the derived series for G.
Notice that since G .i C1/ is the commutator subgroup of G .i/ we have G .i/ =G .i C1/
is abelian. If the derived series was nite then G would have a normal series with
abelian factors and hence be solvable. The converse is also true and characterizes
solvable groups in terms of the derived series.
Section 12.4 Composition Series and the JordanHlder Theorem
177
Theorem 12.3.4. A group G is solvable if and only if its derived series is nite. That
is there exists an n such that G .n/ D 1.
Proof. If G .n/ D 1 for some n then as explained above the derived series provides
a solvable series for G and hence G is solvable.
Conversely suppose that G is solvable and let
G D G0 G1 Gr D 1
be a solvable series for G. We claim rst that Gi G .i/ for all i . We do this by
induction on r. If r D 0 then G D G0 D G .0/ . Suppose that Gi G .i/ . Then
Gi0 .G .i/ /0 D G .i C1/ . Since Gi =Gi C1 is abelian it follows from Theorem 12.3.2
that GiC1 Gi0 . Therefore Gi C1 G .i C1/ establishing the claim.
Now if G is solvable from the claim we have that Gr G .r/ . However Gr D 1
and therefore G .r/ D 1 proving the theorem.
The length of the derived series is called the solvability length of a solvable group
G. The class of solvable groups of class c consists of those solvable groups of solvability length c or less.
12.4
Composition Series and the JordanHlder Theorem
The concept of a normal series is extremely important in the structure theory of

groups. This is especially true for nite groups. If
G D G0 G1 1
G D H0 H1 1
are two normal series for the group G then the second is a renement of the rst if all
the terms of the second occur in the rst series. Further, two normal series are called
equivalent or (isomorphic) if there exists a 1-1 correspondence between the factors
(hence the length must be the same) of the two series such that the corresponding
factors are isomorphic.
Theorem 12.4.1 (Schreiers theorem). Any two normal series for a group G have
equivalent renements.
Proof. Consider two normal series for G
G D G0 G1 Gs 1 D GsC1
G D H0 H1 H t 1 D G tC1 :
178
Now dene
Gij D .Gi \ Hj /Gi C1 ;
j D 0; 1; 2; : : : ; t C 1;
Hj i D .Gi \ Hj /Hj C1 ;
i D 0; 1; 2; : : : ; s C 1:
Then we have
G D G00 G01 G0;sC1 D G1
D G10 G1;sC1 D G2 G t;sC1 D e;
and
G D H00 H01 H0;tC1 D H1
D H10 H1;tC1 D H2 Hs;tC1 D e:
Now applying the third isomorphism theorem to the groups Gi , Hj , Gi C1 , Hj C1 ,
we have that Gi;j C1 D .Gi \ Hj C1 /Gi C1 is a normal subgroup of Gi;j D .Gi \
Hj /GiC1 and Hj;i C1 D .Gi C1 \ Hj /Hj C1 is a normal subgroup of Hj;i D .Gi \
Hj /Hj C1 . Furthermore, also
Gij =Gi;j C1 Hj i =Hj;i C1 :
Thus the above two are normal series which are renements of the two given series
and they are equivalent.
A proper normal subgroup N of a group G is called maximal in G if there does not
exist any normal subgroup N M G with all inclusions proper. This is the group
theoretic analog of a maximal ideal. An alternative characterization is the following.
N is a maximal normal subgroup of G if and only if G=N is simple.
A normal series where each factor is simple can have no renements.
Denition 12.4.2. A composition series for a group G is a normal series where all
the inclusions are proper and such that Gi C1 is maximal in Gi . Equivalently a normal
series where each factor is simple.
It is possible that an arbitrary group does not have a composition series or even if it
does have one, a subgroup of it may not have one. Of course, a nite group does have
a composition series.
In the case in which a group, G, does have a composition series the following
important theorem, called the JordanHlder theorem, provides a type of unique factorization.
Theorem 12.4.3 (JordanHlder theorem). If a group G has a composition series,
then any two composition series are equivalent, that is the composition factors are
unique.
179
Proof. Suppose we are given two composition series. Applying Theorem 12.4.1 we
get that the two composition series have equivalent renements. But the only renement of a composition series is one obtained by introducing repetitions. If in the 1-1
correspondence between the factors of these renements, the paired factors equal to
e are disregarded, that is if we drop the repetitions, we get clearly that the original
composition series are equivalent.
We remarked in Chapter 10 that the simple groups are important because they play
a role in nite group theory somewhat analogous to that of the primes in number
theory. In particular, an arbitrary nite group, G, can be broken down into simple
components. These uniquely determined simple components are, according to the
JordanHlder theorem, the factors of a composition series for G.
12.5
Exercises
1. Let K be a eld and

a x y!
0 b z W a; b; c; x; y; z 2 K; abc 0 :
GD
0 0 c
Show that G is solvable.
2. A group G is called polycyclic if it has a normal series with cyclic factors. Show:
(i) Each subgroup and each factor group of a polycyclic group is polycyclic.
(ii) In a polycyclic group each normal series has the same number of innite
cyclic factors.
3. Let G be a group. Show:
(i) If G is nite and solvable, then G is polycyclic.
(ii) If G is polycyclic, then G is nitely generated.
(iii) The group .Q; C/ is solvable, but not polycyclic.
4. Let N1 and N2 be normal subgroups of G. Show:
(i) If N1 and N2 are solvable, then also N1 N2 is a solvable normal subgroup
of G.
(ii) Is (i) still true, if we replace solvable by abelian?
5. Let N1 ; : : : ; N t be normal subgroups of a group G. If all factor groups G=Ni are
solvable, then also G=.N1 \ \ N t / is solvable.
Chapter 13
Groups Actions and the Sylow Theorems
13.1
Group Actions
A group action of a group G on a set A is a homomorphism from G into SA the

symmetric group on A. We say that G acts on A. Hence G acts on A if to each g 2 G
corresponds a permutation
g W A ! A
such that
(1) g1 .g2 .a// D g1 g2 .a/ for all g1 ; g2 2 G and for all a 2 A
(2) 1.a/ D a for all a 2 A.
For the remainder of this chapter if g 2 G and a 2 A we will write ga for g .a/.
Group actions are an extremely important idea and we use this idea in the present
chapter to prove several fundamental results in group theory.
If G acts on the set A then we say that two elements a1 ; a2 2 A are congruent
under G if there exists a g 2 G with ga1 D a2 . The set
Ga D a1 2 A W a1 D ga for some g 2 G
is called the orbit of a. It consists of elements congruent to a under G.
Lemma 13.1.1. If G acts on A then congruence under G is an equivalence relation
on A.
Proof. Any element a 2 A is congruent to itself via the identity map and hence the
relation is reexive. If a1 a2 so that ga1 D a2 for some g 2 G then g 1 a2 D a1
and so a2 a1 and the relation is symmetric. Finally is g1 a1 D a2 and g2 a2 D a3
then g2 g1 a1 D a3 and relation is transitive.
Recall that the equivalence classes under an equivalence relation partition a set. For
a given a 2 A its equivalence class under this relation is precisely its orbit as dened
above.
Corollary 13.1.2. If G acts on the set A then the orbits under G partition the set A.
We say that G acts transitively on A if any two elements of A are congruent under G. That is the action is transitive if for any a1 ; a2 2 A there is some g 2 G such
that ga1 D a2 .
Section 13.2 Conjugacy Classes and the Class Equation
181
If a 2 A the stabilizer of a consists of those g 2 G that x a. Hence

StabG .a/ D g 2 G W ga D a:
The following lemma is easily proved and left to the exercises.
Lemma 13.1.3. If G acts on A then for any a 2 A the stabilizer StabG .a/ is a
subgroup of G.
We now prove the crucial theorem concerning group actions.
Theorem 13.1.4. Suppose that G acts on A and a 2 A. Let Ga be the orbit of a
under G and StabG .a/ its stabilizer. Then
jG W StabG .a/j D jGa j:
That is the size of the orbit of a is the index of its stabilizer in G.
Proof. Suppose that g1 ; g2 2 G with g1 StabG .a/ D g2 StabG .a/, that is they dene
the same left coset of the stabilizer. Then g21 g1 2 StabG .a/. This implies that
g21 g1 a D a so that g2 a D g1 a. Hence any two elements in the same left coset
of the stabilizer produce the same image of a in Ga . Conversely if g1 a D g2 then
g1 ; g2 dene the same left coset of StabG .a/. This shows that there is a one-to-one
correspondence between left cosets of StabG .a/ and elements of Ga . It follows that
the size of Ga is precisely the index of the stabilizer.
We will use this theorem repeatedly with different group actions to obtain important
group theoretic results.
13.2
Conjugacy Classes and the Class Equation
In Section 10.5 we introduced the center of a group

Z.G/ D g 2 G W gg1 D g1 g for all g1 2 G;
and showed that it is a normal subgroup of G. We then used this normal subgroup in
conjunction with what we called the class equation to show that any nite p-group
has a nontrivial center. In this section we use group actions to derive the class equation
and prove the result for nite p-groups.
Recall that if G is a group then two elements g1 ; g2 2 G are conjugate if there
exists a g 2 G with g 1 g1 g D g2 . We saw that conjugacy is an equivalence relation
on G. For g 2 G its equivalence class is called its conjugacy class that we will denote
by Cl.g/. Thus
Cl.g/ D g1 2 G W g1 is conjugate to g:
182
Chapter 13 Groups Actions and the Sylow Theorems
If g 2 G then its centralizer CG .g/ is the set of elements in G that commute with g:
CG .g/ D g1 2 G W gg1 D g1 g:
Theorem 13.2.1. Let G be a nite group and g 2 G. Then the centralizer of g is a
subgroup of G and
jG W CG .g/j D jCl.g/j:
That is the index of the centralizer of g is the size of its conjugacy class.
In particular for a nite group the size of each conjugacy class divides the order of
the group.
Proof. Let the group G act on itself by conjugation. That is g.g1 / D g 1 g1 g. It is
easy to show that this is an action on the set G (see exercises). For g 2 G its orbit under this action is precisely its conjugacy class Cl.g/ and the stabilizer is its centralizer
CG .g/. The statements in the theorem then follow directly from Theorem 13.1.4.
For any group G, since conjugacy is an equivalence relation, the conjugacy classes
partition G. Hence
[
P
GD
Cl.g/
g2G
where this union is a disjoint union. It follows that

X
jCl.g/j
jGj D
g2G
where this sum is taken over distinct conjugacy classes.

If Cl.g/ D g that is the conjugacy class of g is g alone then CG .g/ D G so that
g commutes with all of G. Therefore in this case g 2 Z.G/. This is true for every
element of the center and therefore
[
P
Cl.g/
G D Z.G/ [
gZ.G/
where again the second union is a disjoint union. The size of G is then the sum of
these disjoint pieces so
X
jCl.g/j:
jGj D jZ.G/j C
gZ.G/
However from Theorem 13.2.1 jCl.g/j D jG W CG .g/j so the equation above becomes
X
jG W CG .g/j:
jGj D jZ.G/j C
gZ.G/
This is known as the class equation.
183
Section 13.3 The Sylow Theorems
Theorem 13.2.2 (class equation). Let G be a nite group. Then

X
jG W CG .g/j
jGj D jZ.G/j C
gZ.G/
where the sum is taken over the distinct centralizers.

As a rst application we prove the result that nite p-groups have nontrivial centers.
Theorem 13.2.3. Let G be a nite p-group. Then G has a nontrivial center.
Proof. Let G be a nite p-group so that jGj D p n for some n and consider the class
equation
X
jG W CG .g/j:
jGj D jZ.G/j C
gZ.G/
Since jG W CG .g/j divides jGj for each g 2 G we must have that pjjG W CG .g/j for
each g 2 G. Further pjjGj. Therefore p must divide jZ.G/j and hence jZ.G/j D p m
for some m 1 and therefore Z.G/ is nontrivial.
The idea of conjugacy and the centralizer of an element can be extended to subgroups. If H1 ; H2 are subgroups of a group G then H1 ; H2 are conjugate if there
exists a g 2 G such that g 1 H1 g D H2 . As for elements conjugacy is an equivalence relation on the set of subgroups of G.
If H G is a subgroup then its conjugacy class consists of all the subgroups of G
conjugate to it. The normalizer of H is
NG .H / D g 2 G W g1 Hg D H :
As for elements let G act on the set of subgroups of G by conjugation. That is for
g 2 G the map is given by H 7! g 1 Hg. For H G the stabilizer under this action
is precisely the normalizer. Hence exactly as for elements we obtain the following
theorem.
Theorem 13.2.4. Let G be a group and H G a subgroup. Then the normalizer
NG .H / of H is a subgroup of G, H is normal in NG .H / and
jG W NG .H /j D number of conjugates of H in G:
13.3
The Sylow Theorems
If G is a nite group and H G is a subgroup then Lagranges theorem guarantees

that the order of H divides the order of G. However the converse of Lagranges
theorem is false. That is, if G is a nite group of order n and if d jn, then G need
184
not contain a subgroup of order d . If d is a prime p or a power of a prime p e ,

however, then we shall see that G must contain subgroups of that order. In particular,
we shall see that if p d is the highest power of p that divides n, than all subgroups
of that order are actually conjugate, and we shall nally get a formula concerning
the number of such subgroups. These theorems constitute the Sylow theorems which
we will examine in this section. First we give an example where the converse of
Lagranges theorem is false.
Lemma 13.3.1. The alternating group on 4 symbols A4 has order 12 but has no
subgroup of order 6.
Proof. Suppose that there exists a subgroup U A4 with jU j D 6. Then jA4 W U j D 2
since jA4 j D 12 and hence U is normal in A4 .
Now id, .1; 2/.3; 4/, .1; 3/.2; 4/, .1; 4/.2; 3/ are in A4 . These each have order 2 and
commute so they form a subgroup V A4 of order 4. This subgroup V Z2 Z2 .
Then
jV jjU j
46
D
:
12 D jA4 j jV U j D
jV \ U j
jV \ U j
It follows that V \ U 1 and since U is normal we have that V \ U is also normal
in A4 .
Now .1; 2/.3; 4/ 2 V and by renaming the entries in V if necessary we may assume
that it is also in U so that .1; 2/.3; 4/ 2 V \ U . Since .1; 2; 3/ 2 A4 we have
.3; 2; 1/.1; 2/.3; 4/.1; 2; 3/ D .1; 3/.2; 4/ 2 V \ U
and then
.3; 2; 1/.1; 4/.2; 3/.1; 2; 3/ D .1; 2/.3; 4/ 2 V \ U:
But then V V \ U and so V U . But this is impossible since jV j D 4 which
doesnt divide jU j D 6.
Denition 13.3.2. Let G be a nite group with jGj D n and let p be a prime such
that p a jn but no higher power of p divides n. A subgroup of G of order pa is called
a p-Sylow subgroup.
It is not a clear that a p-Sylow subgroup must exist. We will prove that for each
pjn a p-Sylow subgroup exists.
We rst consider and prove a very special case.
Theorem 13.3.3. Let G be a nite abelian group and let p be a prime such that
pjjGj. Then G contains at least one element of order p.
185
Section 13.3 The Sylow Theorems
Proof. Suppose that G is a nite abelian group of order pn. We use induction on n.
If n D 1 then G has order p and hence is cyclic and so has an element of order p.
Suppose that the theorem is true for all abelian groups of order pm with m < n and
suppose that G has order pn. Suppose that g 2 G. If the order of g is pt for some
integer t then g t 1 and g t has order p proving the theorem in this case. Hence
we may suppose that g 2 G has order prime to p and we show that there must be
an element whose order is a multiple of p and then use the above argument to get an
element of exact order p.
Hence we have g 2 G with order m where .m; p/ D 1. Since mjjGj D pn we
must have mjn. Since G is abelian hgi is normal and the factor group G=hgi is abelian
n
of order p. m
/ < pn. By the inductive hypothesis G=hgi has an element hhgi of order
p, h 2 G, and hence hp D g k for some k. g k has order m1 jm and therefore h has
order pm1 . Now as above hm1 has order p proving the theorem.
Therefore if G is an abelian group and if pjn, then G contains a subgroup of order p, the cyclic subgroup of order p generated by an element a 2 G of order p
whose existence is guaranteed by the above theorem. We now present the rst Sylow
theorem.
Theorem 13.3.4 (rst Sylow theorem). Let G be a nite group and let pjjGj, then G
contains a p-Sylow subgroup, that is a p-Sylow subgroup exists.
Proof. Let G be a nite group of order pn and as above we do induction on n. If
n D 1 then G is cyclic and G is its own maximal p-subgroup and hence all of G is
a p-Sylow subgroup. We assume then that if jGj D pm with m < n then G has a
p-Sylow subgroup.
Assume that jGj D p t m with .m; p/ D 1. We must show that G contains a
subgroup of order p t . If H is a proper subgroup whose index is prime to p then jH j D
p t m1 with m1 < m. Therefore by the inductive hypothesis H has a p-Sylow subgroup
of order p t . This will also be a subgroup of G and hence a p-Sylow subgroup of G.
Therefore we may assume that the index of any proper subgroup H of G must have
index divisible by p. Now consider the class equation for G,
X
jGj D jZ.G/j C
jG W CG .g/j:
gZ.G/
By assumption each of the indices are divisible by p and also pjjGj. Therefore
pjjZ.G/j. It follows that Z.G/ is a nite abelian group whose order is divisible
by p. From Theorem 13.3.3 there exists an element g 2 Z.G/ G of order p. Since
g 2 Z.G/ we must have hgi normal in G. The factor group G=hgi then has order
p t1 m and by the inductive hypothesis must have a p-Sylow subgroup K of order
p t1 and hence of index m. By the correspondence theorem there is a subgroup K
of G with hgi K such that K=H K. Therefore jKj D p t and K is a p-Sylow
subgroup of G.
186
On the basis of this theorem, we can now strengthen the result obtained in Theorem 13.3.3.
Theorem 13.3.5 (Cauchy). If G is a nite group and if p is a prime such that pjjGj,
then G contains at least one element of order p.
Proof. Let P be a p-Sylow subgroup of G, and let jP j D pt . If g 2 P , g 1, then
t 1
the order of g is p t1 . Then g p 1 has order p.
We have seen that p-Sylow subgroups exist. We now wish to show that any two
p-Sylow subgroups are conjugate. This is the content of the second Sylow theorem.
Theorem 13.3.6 (second Sylow theorem). Let G be a nite group and p a prime
such that pjjGj. Then any p-subgroup H of G is contained in a p-Sylow subgroup.
Further all p-Sylow subgroups of G are conjugate. That is, if P1 and P2 are any two
p-Sylow subgroups of G then there exists an a 2 G such that P1 D aP2 a1 .
Proof. Let be the set of p-Sylow subgroups of G and let G act on by conjugation.
This action will of course partition into disjoint orbits. Let P be a xed p-Sylow
subgroup and P be its orbit under the conjugation action. The size of the orbit is the
index of its stabilizer that is jP j D jG W StabG .P /j. Now P StabG .P / and P is
a maximal p-subgroup of G. It follows that the index of StabG .P / must be prime to
p and so the number of p-Sylow subgroups conjugate to P is prime to p.
Now let H be a p-subgroup of G and let H act on P by conjugation. P will
itself decompose into disjoint orbits under this actions. Further the size of each orbit
is an index of a subgroup of H and hence must be a power of p. On the other hand
the size of the whole orbit is prime to p. Therefore there must be one orbit that has
size exactly 1. This orbit contains a p-Sylow subgroup P 0 and P 0 is xed by H under
conjugation, that is H normalizes P 0 . It follows that HP 0 is a subgroup of G and P 0
is normal in HP 0 . From the second isomorphism theorem we then obtain
HP 0 =P 0 H=.H \ P 0 /:
Since H is a p-group the size of H=.H \ P 0 / is a power of p and therefore so
is the size of HP 0 =P 0 . But P 0 is also a p-group so it follows that HP 0 also has
order a power of p. Now P 0 HP 0 but P 0 is a maximal p-subgroup of G. Hence
HP 0 D P 0 . This is possible only if H P 0 proving the rst assertion in the theorem.
Therefore any p-subgroup of G is obtained in a p-Sylow subgroup.
Now let H be a p-Sylow subgroup P1 and let P1 act on P . Exactly as in the
argument above P1 P 0 where P 0 is a conjugate of P . Since P1 and P 0 are both
p-Sylow subgroups they have the same size and hence P1 D P 0 . This implies that
P1 is a conjugate of P . Since P1 and P are arbitrary p-Sylow subgroups it follows
that all p-Sylow subgroups are conjugate.
Section 13.4 Some Applications of the Sylow Theorems
187
We come now to the last of the three Sylow theorems. This one gives us information
concerning the number of p-Sylow subgroups.
Theorem 13.3.7 (third Sylow theorem). Let G be a nite group and p a prime such
that pjjGj. Then the number of p-Sylow subgroups of G is of the form 1 C pk and
divides the order of jGj. It follows that if jGj D p a m with .p; m/ D 1 then the
number of p-Sylow subgroups divides m.
Proof. Let P be a p-Sylow subgroup and let P act on , the set of all p-Sylow
subgroups, by conjugation. Now P normalizes itself so there is one orbit, namely P
that has size exactly 1. Every other orbit has size a power of p since the size is the
index of a nontrivial subgroup of P and therefore must be divisible by p. Hence the
size of the is 1 C pk.
13.4
Some Applications of the Sylow Theorems
We now give some applications of the Sylow theorems. First we show that the converse of Lagranges theorem is true for both general p-groups and for nite abelian
groups.
Theorem 13.4.1. Let G be a group of order p n . Then G contains at least one normal
subgroup of order p m , for each m such that 0 m n.
Proof. We use induction on n. For n D 1 the theorem is trivial. By Lemma 10.5.7
any group of order p 2 is abelian. This together with Theorem 13.3.3 establishes the
claim for n D 2.
We now assume the theorem is true for all groups G of order p k where 1 k < n,
where n > 2. Let G be a group of order p n . From Lemma 10.3.4 G has a nontrivial
center of order at least p and hence an element g 2 Z.G/ of order p. Let N D hgi.
Since g 2 Z.G/ it follows that N is normal subgroup of order p. Then G=N is of
order p n1 , and therefore, contains (by the induction hypothesis) normal subgroups
of orders p m1 , for 0 m 1 n 1. These groups are of the form H=N , where
the normal subgroup H G contains N and is of order p m , 1 m n, because
jH j D jN jH W N D jN j jH=N j.
On the basis of the rst Sylow theorem we see that if G is a nite group and if
p k jjGj, then G must contain a subgroup of order p k . One can actually show that, as
in the case of Sylow p-groups, the number of such subgroups is of the form 1 C pt ,
but we shall not prove this here.
Theorem 13.4.2. Let G be a nite abelian group of order n. Suppose that d jn. Then
G contains a subgroup of order d .
188
Proof. Suppose that n D p1e1 pkek is the prime factorization of n. Then d D

f
p1 1 pk k for some nonnegative f1 ; : : : ; fk . Now G has p1 -Sylow subgroup H1 of
f
order p1e1 . Hence from Theorem 13.4.1 H1 has a subgroup K1 of order p1 1 . Similarly
f
f
there are subgroups K2 ; : : : ; Kk of G of respective orders p2 2 ; : : : ; pk k . Further since
the orders are disjoint Ki \ Kj D 1 if i j . It follows that hK1 ; K2 ; : : : ; Kk i has
f
f
order jK1 jjK2 j jKk j D p1 1 pk k D d .
In Section 10.5 we examined the classication of nite groups of small orders. Here
we use the Sylow theorems to extend some of this material further.
Theorem 13.4.3. Let p; q be distinct primes with p < q and q not congruent to
1 mod p. Then any group of order pq is cyclic. For example any group of order 15
must be cyclic.
Proof. Suppose that jGj D pq with p < q and q not congruent to 1 mod p. The
number of q-Sylow subgroups is of the form 1 C qk and divides p. Since q is greater
than p this implies that there can be only one and hence there is a normal q-Sylow
subgroup H . Since q is a prime, H is cyclic of order q and therefore there is an
element g of order q.
The number of p-Sylow subgroups is of the form 1 C pk and divides q. Since
q is not congruent to 1 mod p this implies that there also can be only one p-Sylow
subgroup and hence there is a normal p-Sylow subgroup K. Since p is a prime K
is cyclic of order p and therefore there is an element h of order p. Since p; q are
distinct primes H \ K D 1. Consider the element g 1 h1 gh. Since K is normal
g 1 hg 2 K. Then g1 h1 gh D .g 1 h1 g/h 2 K. But H is also normal so
h1 gh 2 H . This then implies that g 1 h1 gh D g 1 .h1 gh/ 2 H and therefore
g 1 h1 gh 2 K \ H . It follows then that g 1 h1 gh D 1 or gh D hg. Since g; h
commute the order of gh is the lcm of the orders of g and h which is pq. Therefore
G has an element of order pq. Since jGj D pq this implies that G is cyclic.
In the above theorem since we assumed that q is not congruent to 1 mod p and
hence p 2. In the case when p D 2 we get another possibility.
Theorem 13.4.4. Let p be an odd prime and G a nite group of order 2p. Then
either G is cyclic or G is isomorphic to the dihedral group of order 2p, that is the
group of symmetries of a regular p-gon. In this latter case G is generated by two
elements g and h which satisfy the relations g p D h2 D .gh/2 D 1.
Proof. As in the proof of Theorem 13.4.3 G must have a normal cyclic subgroup of
order p say hgi. Since 2jjGj the group G must have an element of order 2 say h.
Consider the order of .gh/. By Lagranges theorem this element can have order
1; 2; p; 2p. If the order is 1 then gh D 1 or g D h1 D h. This is impossible
189
Section 13.4 Some Applications of the Sylow Theorems
since g has order p and h has order 2. If the order of gh is p then from the second
Sylow theorem gh 2 hgi. But this implies that h 2 hgi which is impossible since
every nontrivial element of hgi has order p. Therefore the order of gh is either 2
or 2p.
If the order of gh is 2p then since G has order 2p it must be cyclic.
If the order of gh is 2 then within G we have the relations gp D h2 D .gh/2 D 1.
Let H D hg; hi be the subgroup of G generated by g and h. The relations g p D
h2 D .gh/2 D 1 imply that H has order 2p. Since jGj D 2p we get that H D G.
G is isomorphic to the dihedral group Dp of order 2p (see exercises).
In the above description g represents a rotation of 2
p of a regular p-gon about
its center while h represents any reection across a line of symmetry of the regular
p-gon.
We have looked at the nite elds Zp . We give an example of a p-Sylow subgroup
of a matrix group over Zp .
Example 13.4.5. Consider GL.n; p/, the group of n n invertible matrices over Zp .
If v1 ; : : : ; vn is a basis for .Zp /n over Zp then the size of GL.n; p/ is the number of
independent images w1 ; : : : ; wn of v1 ; : : : ; vn . For w1 there are p n 1 choices,
for w2 there are p n p choices and so on. It follows that
jGL.n; p/j D .p n 1/.p n p/ .p n p n1 / D p 1C2CC.n1/ m D p
n.n1/
2
n.n1/
with .p; m/ D 1. Therefore a p-Sylow subgroup must have size p 2 .

Let P be the subgroup of upper triangular matrices with 1s on the diagonal.
n.n1/
Then P has size p 1C2CC.n1/ D p 2 and is therefore a p-Sylow subgroup
of GL.n; p/.
The nal example is a bit more difcult. We mentioned that a major result on nite
groups is the classication of the nite simple groups. This classication showed that
any nite simple group is either cyclic of prime order, in one of several classes of
groups such as the An or one of a number of special examples called sporadic groups.
One of the major tools in this classication is the following famous result called the
FeitThompson theorem that showed that any nite group G of odd order is solvable
and, in addition, if G is not cyclic then G is nonsimple.
Theorem 13.4.6 (FeitThompson theorem). Any nite group of odd order is solvable.
The proof of this theorem, one of the major results in algebra in the twentieth
century is way beyond the scope of this book the proof is actually hundreds of
pages in length when one counts the results used. However we look at the smallest
nonabelian simple group.
190
Theorem 13.4.7. Suppose that G is a simple group of order 60. Then G is isomorphic
to A5 . Further A5 is the smallest nonabelian nite simple group.
Proof. Suppose that G is a simple group of order 60 D 22 3 5. The number of 5Sylow subgroups is of the form 1 C 5k and divides 12. Hence there is 1 or 6. Since G
is assumed simple and all 5-Sylow subgroups are conjugate there cannot be only one
and hence there are 6. Since each of these is cyclic of order 5 they intersect only in
the identity. Hence these 6 subgroups cover 24 distinct elements.
The number of 3-Sylow subgroups is of the form 1 C 3k and divides 20. Hence
there are 1; 4; 10. We claim that there are 10. There cant be only 1 since G is simple.
Suppose there were 4. Let G act on the set of 3-Sylow subgroups by conjugation.
Since an action is a permutation this gives a homomorphism f from G into S4 . By
the rst isomorphism theorem G= ker.f / im.f /. However since G is simple the
kernel must be trivial and this implies that G would imbed into S4 . This is impossible
since jGj D 60 > 24 D jS4 j. Therefore there are 10 3-Sylow subgroups. Since each
of these is cyclic of order 3 they intersect only in the identity and therefore these 10
subgroups cover 20 distinct elements.
Hence together with the elements in the 5-Sylow subgroups we have 44 nontrivial
elements.
The number of 2-Sylow subgroups is of the form 1 C 2k and divides 15. Hence
there are 1; 3; 5; 15. We claim that there are 5. As before there cant be only 1 since
G is simple. There cant be 3 since as for the case of 3-Sylow subgroups this would
imply an imbedding of G into S3 which is impossible since jS3 j D 6. Suppose
that there were 15 2-Sylow subgroups each of order 4. The intersections would have a
maximum of 2 elements and therefore each of these would contribute at least 2 distinct
elements. This gives a minimum of 30 distinct elements. However we already have
44 nontrivial elements from the 3-Sylow and 5-Sylow subgroups. Since jGj D 60 this
is too many. Therefore G must have 5 2-Sylow subgroups.
Now let G act on the set of 2-Sylow subgroups. This then as above implies an
imbedding of G into S5 so we may consider G as a subgroup of S5 . However the
only subgroup of S5 of order 60 is A5 and therefore G A5 .
The proof that A5 is the smallest nonabelian simple group is actually brute force.
We show that any group G of order less than 60 either has prime order or is nonsimple.
There are strong tools that we can use. By the FeitThompson theorem we must only
consider groups of even order. From Theorem 13.4.4 we dont have to consider orders
2p. The rest can be done by an analysis using Sylow theory. For example we show
that any group of order 20 is nonsimple. Since 20 D 22 5 the number of 5-Sylow
subgroups is 1 C 5k and divides 4. Hence there is only one and therefore it must be
normal and so G is nonsimple. There is a strong theorem, whose proof is usually done
with representation theory, which says that any group whose order is divisible by only
two primes is solvable. Therefore for jGj D 60 we only have to show that groups of
order 30 D 2 3 5 and 42 D 2 3 7 are nonsimple. This is done in the same manner
191
as the rst part of this proof. Suppose jGj D 30. The number of 5-Sylow subgroups
is of the form 1 C 5k and divides 6 hence there are 1 or 6. If G were simple there
would have to be 6 covering 24 distinct elements. The number of 3-Sylow subgroups
is of the form 1 C 3k and divides 10 hence there are 1; 4; 10. If there were 10 these
would cover an additional 20 distinct elements which is impossible since we already
have 24 and G has order 30. If there were 4 and G were simple then G would imbed
into S4 , again impossible since jGj D 30 > 24. Therefore there is only one and hence
a normal 3-Sylow subgroup. It follows that G cannot be simple. The case jGj D 42
is even simpler. There must be a normal 7-Sylow subgroup.
13.5
Exercises

2. Let the group G act on itself by conjugation. That is g.g1 / D g 1 g1 g. Prove that
this is an action on the set G.
3. Show that the dihedral group Dn of order 2n has the presentation hr; f I r n D
f 2 D .rf /2 D 1i.
4. Show that each group of order 59 is solvable.
5. Let P1 and P2 be two different p-Sylow subgroups of a nite group G. Show that
P1 P2 is not a subgroup of G.
6. Let G be a nite group. For a prime p the following are equivalent:
(i) G has exactly one p-Sylow subgroup.
(ii) The product of two elements of order p has again order p.
7. Let P and Q be two p-Sylow subgroups of the nite group G. If Z.P / is a normal
subgroup of Q, then Z.P / D Z.Q/.

8. Let p be a prime and G D SL.2; p/. Let P D hai, where a D 10 11 .
(i) Determine the normalizer NG .P / and the number of p-Sylow subgroups
of G.
(ii) Determine the centralizer CG .a/. How many elements of order p does G
have? In how many conjugacy classes can they be decomposed?
(iii) Show that all subgroups of G of order p.p 1/ are conjugate.
(iv) Show that G has no elements of order p.p 1/ for p 5.
Chapter 14
Free Groups and Group Presentations
14.1
Group Presentations and Combinatorial Group

Theory
In discussing the symmetric group on 3 symbols and then the various dihedral groups
in Chapters 9, 10 and 11 we came across the concept of a group presentation. Roughly
for a group G a presentation consists of a set of generators X for G, so that G D hXi,
and a set of relations between the elements of X from which in principle the whole
group table can be constructed. In this chapter we make this concept precise. As
we will see, every group G has a presentation but it is mainly in the case where the
group is nite or countably innite that presentations are most useful. Historically the
idea of group presentations arose out of the attempt to describe the countably innite
fundamental groups that came out of low dimensional topology. The study of groups
using group presentations is called combinatorial group theory.
Before looking at group presentations in general we revisit two examples of nite
groups and then a class of innite groups.
Consider the symmetric group on 3 symbols, S3 . We saw that it has the following
6 elements:

1 2 3
1 2 3
1 2 3
1D
;
aD
;
bD
1 2 3
2 3 1
3 1 2

1 2 3
1 2 3
1 2 3
cD
;
dD
;
eD
:
2 1 3
3 2 1
1 3 2
Notice that a 3 D 1, c 2 D 1 and that ac D ca2 . We claim that
ha; cI a3 D c 2 D .ac/2 D 1i
is a presentation for S3 . First it is easy to show that S3 D ha; ci. Indeed
1 D 1;
a D a;
b D a2 ;
c D c;
d D ac;
e D a2 c
and so clearly a; c generate S3 .

Now from .ac/2 D acac D 1 we get that ca D a2 c. This implies that if we write
any sequence (or word in our later language) in a and c we can also rearrange it so
that the only powers of a are a and a2 , the only powers of c are c and all a terms
precede c terms. For example
aca2 cac D aca.acac/ D a.ca/ D a.a2 c/ D .a3 /c D c:
193
Section 14.2 Free Groups
Therefore using the three relations form the presentation above each element of S3
can be written as a c with D 0; 1; 2 and D 0; 1. From this the multiplication of
any two elements can be determined.
Exactly this type of argument applies to all the dihedral groups Dn . We saw that
in general jDn j D 2n. Since these are the symmetry groups of a regular n-gon we
always have a rotation r of angle 2
n about the center of the n-gon. This element r
would have order n. Let f be a reection about any line of symmetry. Then f 2 D 1
and rf is a reection about the rotated line which is also a line of symmetry. Therefore
.rf /2 D 1. Exactly as for S3 the relation .rf /2 D 1 implies that f r D r 1 f D
r n1 f . This allows us to always place r terms in front of f terms in any word on r
and f . Therefore the elements of Dn are always of the form
rf ;
D 0; 1; 2; : : : ; n 1;
D 0; 1
and further the relations r n D f 2 D .rf /2 D 1 allow us to rearrange any word in r

and f into this form. It follows that jhr; f ij D 2n and hence Dn D hr; f i together
with the relations above. Hence we obtain:
Theorem 14.1.1. If Dn is the symmetry group of a regular n-gon then a presentation
for Dn is given by
Dn D hr; f I r n D f 2 D .rf /2 D 1i:
We now give one class of innite examples. If G is an innite cyclic group, so that
G Z, then G D hgI i is a presentation for G. That is G has a single generator with
no relations.
A direct product of n copies of Z is called a free abelian group of rank n. We will
denote this by Zn . A presentation for Zn is then given by
Zn D hx1 ; x2 ; : : : ; xn I xi xj D xj xi for all i; j D 1; : : : ; ni:
14.2
Free Groups
Crucial to the concept of a group presentation is the idea of a free group.

Denition 14.2.1. A group F is free on a subset X if every map f W X ! G with G
a group can be extended to a unique homomorphism f W F ! G. X is called a free
basis for F . In general a group F is a free group if it is free on some subset X . If X
is a free basis for a free group F we write F D F .X /.
We rst show that given any set X there does exist a free group with free basis X.
Let X D xi i2I be a set (possibly empty). We will construct a group F .X / which
is free with free basis X. First let X 1 be a set disjoint from X but bijective to X. If
xi 2 X then the corresponding element of X 1 under the bijection we denote xi1 and
194
Chapter 14 Free Groups and Group Presentations
say that xi and xi1 are associated. The set X 1 is called the set of formal inverses
from X and we call X [X 1 the alphabet. Elements of the alphabet are called letters,
hence a letter has the form xi1 where i D 1. A word in X is a nite sequence of
letters from the alphabet. That is a word has the form
i
i
w D xi1 1 xi22 : : : xinin

where xij 2 X and ij D 1. If n D 0 we call it the empty word which we will
denote e. The integer n is called the length of the word. Words of the form xi xi1 or
xi1 xi are called trivial words. We let W .X / be the set of all words on X.
If w1 ; w2 2 W .X / we say that w1 is equivalent to w2 , denoted w1 w2 , if
w1 can be converted to w2 by a nite string of insertions and deletions of trivial
words. For example if w1 D x3 x4 x41 x2 x2 and w2 D x3 x2 x2 then w1 w2 . It is
straightforward to verify that this is an equivalence relation on W .X / (see exercises).
Let F .X / denote the set of equivalence classes in W .X / under this relation, hence
F .X / is a set of equivalence classes of words from X.
A word w 2 W .X / is said to be freely reduced or reduced if it has no trivial
subwords (a subword is a connected sequence within a word). Hence in the example
above w2 D x3 x2 x2 is reduced but w1 D x3 x4 x41 x2 x2 is not reduced. In each
equivalence class in F .X / there is a unique element of minimal length. Further this
element must be reduced or else it would be equivalent to something of smaller length.
Two reduced words in W .X / are either equal or not in the same equivalence class in
F .X /. Hence F .X / can also be considered as the set of all reduced words from
W .X /.
i i

Given a word w D xi1 1 xi22 : : : xinin we can nd the unique reduced word w equivalent to w via the following free reduction process. Beginning from the left side of w
we cancel each occurrence of a trivial subword. After all these possible cancellations
we have a word w 0 . Now we repeat the process again starting from the left side. Since
w has nite length eventually the resulting word will either be empty or reduced. The
nal reduced w is the free reduction of w.
Now we build a multiplication on F .X /. If
i
i
w1 D xi1 1 xi22 : : : xinin ;
j
j
jm
w2 D xj1 1 xj2 2 : : : xjm
are two words in W .X / then their concatenation w1 ? w2 is simply placing w2 after w1 ,

i i
j j

jm
:
w1 ? w2 D xi1 1 xi22 : : : xinin xj1 1 xj2 2 : : : xjm
If w1 ; w2 2 F .x/ then we dene their product as
w1 w2 D equivalence class of w1 ? w2 :
That is we concatenate w1 and w2 , and the product is the equivalence class of the
resulting word. It is easy to show that if w1 w10 and w2 w20 then w1 ? w2
195
w10 ? w20 so that the above multiplication is well-dened. Equivalently we can think of
this product in the following way. If w1 ; w2 are reduced words then to nd w1 w2 rst
j

concatenate and then freely reduce. Notice that if xinin xj1 1 is a trivial word then it is
cancelled when the concatenation is formed. We say then that there is cancellation in
forming the product w1 w2 . Otherwise the product is formed without cancellation.
Theorem 14.2.2. Let X be a nonempty set and let F .X / be as above. Then F .X / is
a free group with free basis X. Further if X D ; then F .X / D 1, if jX j D 1 then
F .X / Z and if jX j 2 then F .X / is nonabelian.
Proof. We rst show that F .X / is a group and then show that it satises the universal
mapping property on X. We consider F .X / as the set of reduced words in W .X /
with the multiplication dened above. Clearly the empty word acts as the identity
i i
i
i

element 1. If w D xi11 xi22 : : : xinin and w1 D xin in xin1n1 : : : xi1 1 then both
w ? w1 and w1 ? w freely reduce to the empty word and so w1 is the inverse of w.
Therefore each element of F .X / has an inverse. Therefore to show that F .X / forms
a group we must show that the multiplication is associative. Let
i
i
w1 D xi1 1 xi22 : : : xinin ;
j
j
jm
w2 D xj1 1 xj2 2 : : : xjm
;
k
k
k
w3 D xk11 xk22 : : : xkpp
be three freely reduced words in F .X /. We must show that

.w1 w2 /w3 D w1 .w2 w3 /:
To prove this we use induction on m, the length of w2 . If m D 0 then w2 is the
empty word and hence the identity and it is certainly true. Now suppose that m D 1
j
so that w2 D xj1 1 . We must consider exactly four cases.
j
Case (1): There is no cancellation in forming either w1 w2 or w2 w3 . That is xj1 1

j
k
xin in and xj1 1 xk1 1 . Then the product w1 w2 is just the concatenation of the
words and so is .w1 w2 /w3 . The same is true for w1 .w2 w3 /. Therefore in this case
w1 .w2 w3 / D .w1 w2 /w3 .
Case (2): There is cancellation in forming w1 w2 but not in forming w2 w3 . Then
if we concatenate all three words the only cancellation occurs between w1 and w2 in
either w1 .w2 w3 / or in .w1 w2 /w3 and hence they are equal. Therefore in this case
w1 .w2 w3 / D .w1 w2 /w3 .
Case (3): There is cancellation in forming w2 w3 but not in forming w1 w2 . This is
entirely analogous to Case (2) so therefore in this case w1 .w2 w3 / D .w1 w2 /w3 .
Case (4): There is cancellation in forming w1 w2 and also in forming w2 w3 . Then
j
j
k

xj1 1 D xin in and xj1 1 D xk1 1 . Here
i
i
k
k
k
n1
xk11 xk22 : : : xkpp :
.w1 w2 /w3 D xi1 1 : : : xin1
196
On the other hand

i
k
k
w1 .w2 w3 / D xi11 : : : xinin xk22 : : : xkpp :

k
However these are equal since xinin D xk11 . Therefore in this nal case w1 .w2 w3 / D
.w1 w2 /w3 . It follows inductively from these four cases that the associative law holds
in F .X / and therefore F .X / forms a group.
Now suppose that f W X ! G is a map from X into a group G. By the construction
of F .X / as a set of reduced words this can be extended to a unique homomorphism.
i

If w 2 F with w D xi11 : : : xinin then dene f .w/ D f .xi1 /i1 f .xin /in . Since
multiplication in F .X / is concatenation this denes a homomorphism and again form
the construction of F .X / its the only one extending f . This is analogous to constructing a linear transformation from one vector space to another by specifying the
images of a basis. Therefore F .X / satises the universal mapping property of Denition 14.2.1 and hence F .X / is a free group with free basis X.
The nal parts of Theorem 14.2.2 are straightforward. If X is empty the only reduced word is the empty word and hence the group is just the identity. If X has a
single letter then F .X / has a single generator and is therefore cyclic. It is easy to see
that it must be torsion-free and therefore F .X / is innite cyclic, that is F .x/ Z.
Finally if jX j 2 let x1 ; x2 2 X. Then x1 x2 x2 x1 and both are reduced. Therefore F .X / is nonabelian.
The proof of Theorem 14.2.2 provides another way to look at free groups.
Theorem 14.2.3. F is a free group if and only if there is a generating set X such that
every element of F has a unique representation as a freely reduced word on X.
The structure of a free group is entirely dependent on the cardinality of a free basis. In particular the cardinality of a free basis jX j for a free group F is unique
and is called the rank of F . If jX j < 1, F is of nite rank. If F has rank n
and X D x1 ; : : : ; xn we say that F is free on x1 ; : : : ; xn . We denote this by
F .x1 ; x2 ; : : : ; xn /.
Theorem 14.2.4. If X and Y are sets with the same cardinality, that is jX j D jY j,
then F .X / F .Y /, the resulting free groups are isomorphic. Further if F .X /
F .Y / then jX j D jY j.
Proof. Suppose that f W X ! Y is a bijection from X onto Y . Now Y F .Y /
so there is a unique homomorphism W F .X / ! F .Y / extending f . Since f is
a bijection it has an inverse f 1 W Y ! X and since F .Y / is free there is a unique
homomorphism 1 from F .Y / to F .X / extending f 1 . Then 1 is the identity map
on F .Y / and 1 is the identity map on F .X /. Therefore ; 1 are isomorphisms
with D 11 .
197
Conversely suppose that F .X / F .Y /. In F .X / let N.X / be the subgroup generated by all squares in F .X / that is
N.X / D hg2 W g 2 F .X /i:
Then N.X / is a normal subgroup and the factor group F .X /=N.X / is abelian where
every nontrivial element has order 2 (see exercises). Therefore F .X /=N.X / can
be considered as a vector space over Z2 , the nite eld of order 2, with X as a
vector space basis. Hence jX j is the dimension of this vector space. Let N.Y /
be the corresponding subgroup of F .Y /. Since F .X / F .Y / we would have
F .X /=N.X / F .Y /=N.Y / and therefore jY j is the dimension of the vector space
F .Y /=N.Y /. Therefore jX j D jY j from the uniqueness of dimension of vector
spaces.
Expressing elements of F .X / as a reduced word gives a normal form for elements
in a free group F . As we will see in Section 14.5 this solves what is termed the
word problem for free groups. Another important concept is the following: a freely
reduced word W D xve11 xve22 : : : xvenn is cyclically reduced if v1 vn or if v1 D vn
then e1 en . Clearly then every element of a free group is conjugate to an element
given by a cyclically reduced word. This provides a method to determine conjugacy
in free groups.
Theorem 14.2.5. In a free group F two elements g1 ; g2 are conjugate if and only if
a cyclically reduced word for g1 is a cyclic permutation of a cyclically reduced word
for g2 .
The theory of free groups has a large and extensive literature. We close this section
by stating several important properties. Proofs for these results can be found in [24],
[23] or [15].
Theorem 14.2.6. A free group is torsion-free.
From Theorem 14.2.4 we can deduce:
Theorem 14.2.7. An abelian subgroup of a free group must be cyclic.
Finally a celebrated theorem of Nielsen and Schreier states that a subgroup of a free
group must be free.
Theorem 14.2.8 (NielsenSchreier). A subgroup of a free group is itself a free group.
Combinatorially F is free on X if X is a set of generators for F and there are no
nontrivial relations. In particular:
198
There are several different proofs of this result (see [24]) with the most straightforward being topological in nature. We give an outline of a simple topological proof in
Section 14.4.
Nielsen, using a technique now called Nielsen transformations in his honor, rst
proved this theorem about 1920 for nitely generated subgroups. Schreier shortly
after found a combinatorial method to extend this to arbitrary subgroups. A complete version of the original combinatorial proof appears in [24] and in the notes by
Johnson [19].
Schreiers combinatorial proof also allows for a description of the free basis for the
subgroup. In particular, let F be free on X, and H F a subgroup. Let T D t
be a complete set of right coset representatives for F mod H with the property that if
t D xve11 xve22 : : : xvenn 2 T , with i D 1 then all the initial segments 1; xve11 ; xve11 xve22 ,
etc. are also in T . Such a system of coset representatives can always be found and is
called a Schreier system or Schreier transversal for H . If g 2 F let g represent its
coset representative in T and further dene for g 2 F and t 2 T , S tg D tg.tg/1 .
Notice that S tg 2 H for all t; g. We then have:
Theorem 14.2.9 (explicit form of NielsenSchreier). Let F be free on X and H a
subgroup of F . If T is a Schreier transversal for F mod H then H is free on the set
Stx W t 2 T; x 2 X; S tx 1.
Example 14.2.10. Let F be free on a; b and H D F .X 2 / the normal subgroup of
F generated by all squares in F .
Then F=F .X 2 / D ha; bI a2 D b 2 D .ab/2 D 1i D Z2 Z2 . It follows that a
Schreier system for F mod H is 1; a; b; ab with a D a; b D b and ba D ab. From
this it can be shown that H is free on the generating set
x1 D a 2 ;
x2 D bab 1 a1 ;
x3 D b 2 ;
x4 D abab 1 ;
x5 D ab 2 a1 :
The theorem also allows for a computation of the rank of H given the rank of F
and the index. Specically:
Corollary 14.2.11. Suppose F is free of rank n and jF W H j D k. Then H is free of
rank nk k C 1.
From the example we see that F is free of rank 2, H has index 4 so H is free of
rank 2 4 4 C 1 D 5.
14.3
Group Presentations
The signicance of free groups stems from the following result which is easily deduced from the denition and will lead us directly to a formal denition of a group
Section 14.3 Group Presentations
199
presentation. Let G be any group and F the free group on the elements of G considered as a set. The identity map f W G ! G can be extended to a homomorphism of
F onto G, therefore:
Theorem 14.3.1. Every group G is a homomorphic image of a free group. That is let
G be any group. Then G D F=N where F is a free group.
In the above theorem instead of taking all the elements of G we can consider just
a set X of generators for G. Then G is a factor group of F .X /, G F .X /=R. The
normal subgroup N is the kernel of the homomorphism from F .X / onto G. We use
Theorem 14.3.1 to formally dene a group presentation.
If H is a subgroup of a group G then the normal closure of H denoted by N.H / is
the smallest normal subgroup of G containing H . This can be described alternatively
in the following manner. The normal closure of H is the subgroup of G generated by
all conjugates of elements of H .
Now suppose that G is a group with X a set of generators for G. We also call X
a generating system for G. Now let G D F .X /=N as in Theorem 14.3.1 and the
comments after it. N is the kernel of the homomorphism f W F .X / ! G. It follows
that if r is a free group word with r 2 N then r D 1 in G (under the homomorphism).
We then call r a relator in G and the equation r D 1 a relation in G. Suppose that R
is a subset of N such that N D N.R/, then R is called a set of dening relators for G.
The equations r D 1, r 2 R, are a set of dening relations for G. It follows that any
relator in G is a product of conjugates of elements of R. Equivalently r 2 F .X / is
a relator in G if and only if r can be reduced to the empty word by insertions and
deletions of elements of R and trivial words.
Denition 14.3.2. Let G be a group. Then a group presentation for G consists of
a set of generators X for G and a set R of dening relators. In this case we write
G D hXI Ri. We could also write the presentation in terms of dening relations as
G D hXI r D 1; r 2 Ri.
From Theorem 14.3.1 it follows immediately that every group has a presentation.
However in general there are many presentations for the same group. If R R1 then
R1 is also a set of dening relators.
Lemma 14.3.3. Let G be a group. Then G has a presentation.
If G D hXI Ri and X is nite then G is said to be nitely generated. If R is nite
G is nitely related. If both X and R are nite G is nitely presented.
Using group presentations we get another characterization of free groups.
Theorem 14.3.4. F is a free group if and only if F has a presentation of the form
F D hXI i.
200
Mimicking the construction of a free group from a set X we can show that to each
presentation corresponds a group. Suppose that we are given a supposed presentation
hXI Ri where R is given as a set of words in X. Consider the free group F .X /
on X. Dene two words w1 ; w2 on X to be equivalent if w1 can be transformed into
w2 using insertions and deletions of elements of R and trivial words. As in the free
group case this is an equivalence relation. Let G be the set of equivalence classes.
If we dene multiplication as before as concatenation followed by the appropriate
equivalence class then G is a group. Further each r 2 R must equal the identity in
G so that G D hX I Ri. Notice that here there may be no unique reduced word for an
element of G.
Theorem 14.3.5. Given hXI Ri where X is a set and R is a set of words on X. Then
there exists a group G with presentation hXI Ri.
We now give some examples of group presentations.
Example 14.3.6. A free group of rank n has a presentation
Fn D hx1 ; : : : ; xn I i:
Example 14.3.7. A free abelian group of rank n has a presentation
Zn D hx1 ; : : : ; xn I xi xj xi1 xj1 ; i D 1; : : : ; n; j D 1; : : : ; ni:
Example 14.3.8. A cyclic group of order n has a presentation
Zn D hxI x n D 1i:
Example 14.3.9. The dihedral groups of order 2n representing the symmetry group
of a regular n-gon has a presentation
hr; f I r n D 1; f 2 D 1; .rf /2 D 1i:
We look at this example in Section 14.3.1.
14.3.1 The Modular Group

In this section we give a more complicated example and then a nice application to
number theory.
If R is any commutative ring with an identity, then the set of invertible nn matrices
with entries from R forms a group under matrix multiplication called the n-dimensional general linear group over R (see [25]). This group is denoted by GLn .R/.
Since det.A/ det.B/ D det.AB/ for square matrices A; B it follows that the subset
of GLn .R/ consisting of those matrices of determinant 1 forms a subgroup. This
201
subgroup is called the special linear group over R and is denoted by SLn .R/. In this
section we concentrate on SL2 .Z/, or more specically a quotient of it, PSL2 .Z/ and
nd presentations for them.
The group SL2 .Z/ then consists of 2 2 integral matrices of determinant one:

a b
W a; b; c; d 2 Z; ad bc D 1 :
SL2 .Z/ D
c d
SL2 .Z/ is called the homogeneous modular group and an element of SL2 .Z/ is called
a unimodular matrix.
If G is any group, recall that its center Z.G/ consists of those elements of G which
commute with all elements of G:
Z.G/ D g 2 G W gh D hg; 8h 2 G:
Z.G/ is a normal subgroup of G and hence we can form the factor group G=Z.G/.
For G D SL2 .Z/ the only unimodular matrices that commute with all others are
I D 10 01 . Therefore Z.SL2 .Z// D I; I . The quotient
SL2 .Z/=Z.SL2 .Z// D SL2 .Z/=I; I
is denoted PSL2 .Z/ and is called the projective special linear group or inhomogeneous modular group. More commonly PSL2 .Z/ is just called the Modular Group
and denoted by M .
M arises in many different areas of mathematics including number theory, complex analysis and Riemann surface theory and the theory of automorphic forms and
functions. M is perhaps the most widely studied single nitely presented group. Complete discussions of M and its structure can be found in the books Integral Matrices
by M. Newman [38] and Algebraic Theory of the Bianchi Groups by B. Fine [34].
Since M D PSL2 .Z/ D SL2 .Z/=I; I it follows that each element of M can be
considered as A where A is a unimodular matrix. A projective unimodular matrix
is then

a b
; a; b; c; d 2 Z; ad bc D 1:
c d
The elements of M can also be considered as linear fractional transformations over
the complex numbers
z0 D
az C b
;
cz C d
a; b; c; d 2 Z; ad bc D 1; where z 2 C:
Thought of in this way, M forms a Fuchsian group which is a discrete group of

isometries of the non-Euclidean hyperbolic plane. The book by Katok [20] gives
a solid and clear introduction to such groups. This material can also be found in
condensed form in [35].
202
We now determine presentations for both SL2 .Z/ and M D PSL2 .Z/.
Theorem 14.3.10. The group SL2 .Z/ is generated by the elements

0 1
0 1
XD
and Y D
:
1 0
1 1
Further a complete set of dening relations for the group in terms of these generators is given by
X 4 D Y 3 D YX 2 Y 1 X 2 D I:
It follows that SL2 .Z/ has the presentation
hX; Y I X 4 D Y 3 D YX 2 Y 1 X 2 D I i:
Proof. We rst show that SL2 .Z/ is generated by X and Y , that is every matrix A in
the group can be written as a product of powers of X and Y .
Let

1 1
U D
:
0 1
Then a direct multiplication shows that U D X Y and we show that SL2 .Z/ is generated by X and U which implies that it is also generated by X and Y . Further

1 n
n
U D
0 1
so that U has
order.

innite
Let A D ac db 2 SL2 .Z/. Then we have

a C kc b C kd
c d
XA D
and U k A D
c
d
a b
for any k 2 Z. We may assume that jcj jaj otherwise start with XA rather than A.
If c D 0 then A D U q for some q. If A D U q then certainly A is in the group
generated by X and U . If A D U q then A D X 2 U q since X 2 D I . It follows
that here also A is in the group generated by X and U .
Now suppose c 0. Apply the Euclidean algorithm to a and c in the following
modied way:
a D q0 c C r1
c D q1 r1 C r2
r1 D q2 r2 C r3
::
:
.1/n rn1 D qn rn C 0
203
where rn D 1 since .a; c/ D 1. Then

X U qn X U q0 A D U qnC1
with qnC1 2 Z:
Therefore
A D X m U q0 X U q1 X U qn X U qnC1
with m D 0; 1; 2; 3; q0 ; q1 ; : : : ; qnC1 2 Z and q0 ; : : : ; qn 0. Therefore X and U
and hence X and Y generate SL2 .Z/.
We must now show that
X 4 D Y 3 D YX 2 Y 1 X 2 D I
are a complete set of dening relations for SL2 .Z/ or that every relation on these
generators is derivable from these. It is straightforward to see that X and Y do satisfy
these relations. Assume then that we have a relation
S D X 1 Y 1 X 2 Y 2 Y n X nC1 D I
with all i ; j 2 Z. Using the set of relations
X 4 D Y 3 D YX 2 Y 1 X 2 D I
we may transform S so that
S D X 1 Y 1 Y m X mC1
with 1 ; mC1 D 0; 1; 2 or 3 and i D 1 or 2 for i D 1; : : : ; m and m 0. Multiplying
by a suitable power of X we obtain
Y 1 X Y m X D X D S1
with m 0 and D 0; 1; 2 or 3. Assume that m 1 and let

a b
S1 D
:
c d
We show by induction that
a; b; c; d 0;
bCc >0
a; b; c; d 0;
b C c < 0:
or
This claim for the entries of S1 is true for

1 0
YX D
and
1 1
Y 2X D

1 1
:
0 1
204
Suppose it is correct for S2 D
a1 b1
.
c1 d1
Then

b1
a1
YXS2 D
.a1 C c1 / b1 C d1

a1 c1 b1 C d1
2
:
Y XS2 D
c1
d1
and
Therefore the claim is correct for all S1 with m 1. This gives a contradiction, for
the entries of X with D 0; 1; 2 or 3 do not satisfy the claim. Hence m D 0 and S
can be reduced to a trivial relation by the given set of relations. Therefore they are a
complete set of dening relations and the theorem is proved.
Corollary 14.3.11. The modular group M D PSL2 .Z/ has the presentation
M D hx; yI x 2 D y 3 D 1i:
Further x; y can be taken as the linear fractional transformations
x W z0 D
1
z
and
y W z0 D
1
:
zC1
Proof. The center of SL2 .Z/ is I . Since X 2 D I setting X 2 D I in the presentation for SL2 .Z/ gives the presentation for M . Writing the projective matrices as
linear fractional transformations gives the second statement.
This corollary says that M is the free product of a cyclic group of order 2 and a
cyclic group of order 3 a concept we will introduce in Section 14.7.
We note that there is an elementary alternative proof to Corollary 14.3.11 as far
as showing that X 2 D Y 3 D 1 are a complete set of dening relations. As linear
fractional transformations we have
1
X.z/ D ;
z
Now let
Then
Y .z/ D
RC D x 2 R W x > 0
X.R / RC
and
1
;
zC1
and
Y 2 .z/ D
zC1
:
z
R D x 2 R W x < 0:
Y .RC / R ;
D 1; 2:
Let S 2 . Using the relations X 2 D Y 3 D 1 and a suitable conjugation we may

assume that either S D 1 is a consequence of these relations or that
S D Y 1 X Y 2 X Y n
with 1 i 2 and 1 D n .
205
In this second case if x 2 RC then S.x/ 2 R and hence S 1.

This type of ping-pong argument can be used in many examples (see [23], [15]
and [19]). As another example consider the unimodular matrices

0 1
0 1
AD
; BD
:
1 2
1 2
Let A; B denote the corresponding linear fractional transformations in the modular
group M . We have

n C 1 n
n C 1 n
n
n
A D
; B D
for n 2 Z:
n n C 1
n
nC1
In particular A and B have innite order. Now
n
A .R / RC
and B .RC / R
for all n 0. The ping-pong argument used for any element of the type
n1
S DA B
m1
B
mk
nkC1
with all ni ; mi 0 and n1 C nkC1 0 shows that S.x/ 2 RC if x 2 R . It follows

that there are no nontrivial relations on A and B and therefore the subgroup of M
generated by A; B must be a free group of rank 2.
To close this section we give a nice number theoretical application of the modular
group. First we need the following corollary to Corollary 14.3.11.
Corollary 14.3.12. Let M D hX; Y I X 2 D Y 3 D 1i be the modular group. If A is
an element of order 2 then A is conjugate to X. If B is an element of order 3 then B
is conjugate to either Y or Y 2 .
Denition 14.3.13. Let a; n be relatively prime integers with a 0; n 1. Then
a is a quadratic residue mod n if there exists an x 2 Z with x 2 D a mod n, that is
a D x 2 C k n for some k 2 Z.
The following is called Fermats two-square theorem.
Theorem 14.3.14 (Fermats two-square theorem). Let n > 0 be a natural number.
Then n D a2 C b 2 with .a; b/ D 1 if and only if 1 is a quadratic residue modulo n.
Proof. Suppose 1 is a quadratic residue mod n. Then there exists an x with x 2
1 mod n or x 2 D 1 C mn. This implies that x 2 mn D 1 so that there must
exist a projective unimodular matrix

x n
AD
:
m x
206
It is straightforward that A2 D 1 so by Corollary 14.3.12 A is conjugate within M

to X. Now consider conjugates of X within M . Let T D ac db . Then

d b
T 1 D
c a
and
TX T 1 D
a b
c d

0 1
d b
.bd C ac/ a2 C b 2
:
D
.c 2 C d 2 / bd C ac
1 0
c a
(
)
Therefore any conjugate of X must have form (

) and therefore A must have form (
).
Therefore n D a2 Cb 2 . Further .a; b/ D 1 since in nding form (
) we had ad bc D 1.
Conversely suppose n D a2 C b 2 with .a; b/ D 1. Then there exist c; d 2 Z with
ad bc D 1 and hence there exists a projective unimodular matrix

a b
T D
:
c d
Then
TX T
1

n
a2 C b 2
D
:
D
This has determinant one, so

2 n
D 1 H) 2 D 1 n
H) 2 1
mod n:
Therefore 1 is a quadratic residue mod n.

This type of group theoretical proof can be extended in several directions. KernIsberner and Rosenberger [21] considered groups of matrices of the form
p

a b N
; a; b; c; d; N 2 Z; ad N bc D 1
U D p
c N d
or

p
a N p
b
; a; b; c; d; N 2 Z; Nad bc D 1:
U D
c d N
They then proved that if
N 2 1; 2; 4; 5; 6; 8; 9; 10; 12; 13; 16; 18; 22; 25; 28; 37; 58
and n 2 N with .n; N / D 1 then:
(1) If N is a quadratic residue mod n and n is a quadratic residue mod N then n
can be written as n D x 2 C Ny 2 with x; y 2 Z.
(2) Conversely if n D x 2 C Ny 2 with x; y 2 Z and .x; y/ D 1 then N is a
quadratic residue mod n and n is a quadratic residue mod N .
p
The proof of the above results depends on the class number of Q. N / (see [21]).
In another direction Fine [33] and [32] showed that the Fermat two-square property
is actually a property satised by many rings R. These are called sum of squares
rings. For example if p 3 mod 4 then Zp n for n > 1 is a sum of squares ring.
207
Section 14.4 Presentations of Subgroups
14.4
Presentations of Subgroups
Given a group presentation G D hXI Ri it is possible to nd a presentation for a subgroup H of G. The procedure to do this is called the ReidemeisterSchreier process
and is a consequence of the explicit version of the NielsenSchreier theorem (Theorem 14.2.9). We give a brief description. A complete description and a verication of
its correctness is found in [24] or in [15].
Let G be a group with the presentation ha1 ; : : : ; an I R1 ; : : : ; Rk i. Let H be a
subgroup of G and T a Schreier system for G mod H dened analogously as above.
ReidemeisterSchreier Process. Let G; H and T be as above. Then H is generated
by the set
S tav W t 2 T; av 2 a1 ; : : : ; an ; S tav 1
with a complete set of dening relations given by conjugates of the original relators
rewritten in terms of the subgroup generating set.
In order to actual rewrite the relators in terms of the new generators we use a mapping on words on the generators of G called the Reidemeister rewriting process.
This map is dened as follows: If
e
W D ave11 ave22 : : : avjj with ei D 1 denes an element of H

then
e
.W / D S te11;av S te22;av S tjj;av

1
where ti is the coset representative of the initial segment of W preceding avi if ei D 1

if
and ti is the representative of the initial segment of W up to and including av1
i
ei D 1. The complete set of relators rewritten in terms of the subgroup generators
is then given by
.tRi t 1 / with t 2 T and Ri runs over all relators in G:
We present two examples; one with a nite group and then an important example
with a free group which shows that a countable free group contains free subgroups of
arbitrary ranks.
Example 14.4.1. Let G D A4 be the alternating group on 4 symbols. Then a presentation for G is
G D A4 D ha; bI a2 D b 3 D .ab/3 D 1i:
Let H D A04 the commutator subgroup. We use the above method to nd a presentation for H . Now
G=H D A4 =A04 D ha; bI a2 D b 3 D .ab/3 D a; b D 1i D hbI b 3 D 1i:
208
Therefore jA4 W A04 j D 3. A Schreier system is then 1; b; b 2 . The generators for A04
are then
X1 D S1a D a;
X2 D Sba D bab 1 ;
X3 D Sb 2 a D b 2 ab
while the relations are

1. .aa/ D S1a S1a D X12
2. .baab 1 / D X22
3. .b 2 aab 2 / D X32
4. .bbb/ D 1
5. .bbbbb 1 / D 1
6. .b 2 bbbb 2 / D 1
7. .ababab/ D S1a Sba Sb 2 a D X1 X2 X3
8. .babababb 1 / D Sba Sb 2 a S1a D X2 X3 X1
9. .b 2 abababb 2 / D Sb 2 a S1a Sba D X3 X1 X2 .
Therefore after eliminating redundant relations and using that X3 D X1 X2 we get as
a presentation for A04 ,
hX1 ; X2 I X12 D X22 D .X1 X2 /2 D 1i:
Example 14.4.2. Let F D hx; yI i be the free group of rank 2. Let H be the commutator subgroup. Then
F=H D hx; yI x; y D 1i D Z Z
a free abelian group of rank 2. It follows that H has innite index in F . As Schreier
coset representatives we can take
tm;n D x m y n ;
m D 0; 1; 2; : : : ; n D 0; 1; 2; : : : :
The corresponding Schreier generators for H are

xm;n D x m y n x m y n ;
m D 0; 1; 2; : : : ; n D 0; 1; 2; : : : :
The relations are only trivial and therefore H is free on the countable innitely many
generators above. It follows that a free group of rank 2 contains as a subgroup a
free group of countably innite rank. Since a free group of countable innite rank
contains as subgroups free groups of all nite ranks it follows that a free group of
rank 2 contains as a subgroup a free subgroup of any arbitrary nite rank.
Section 14.5 Geometric Interpretation
209
Theorem 14.4.3. Let F be free of rank 2. Then the commutator subgroup F 0 is free
of countable innite rank. In particular a free group of rank 2 contains as a subgroup
a free group of any nite rank n.
Corollary 14.4.4. Let n; m be any pair of positive integers n; m 2 and Fn , Fm free
groups of ranks n; m respectively. Then Fn can be embedded into Fm and Fm can be
embedded into Fn .
14.5
Geometric Interpretation
Combinatorial group theory has its origins in topology and complex analysis. Especially important in the development is the theory of the fundamental group. This connection is so deep that many people consider combinatorial group theory as the study
of the fundamental group especially the fundamental group of a low-dimensional
complex. This connection proceeds in both directions. The fundamental group provides methods and insights to study the topology. In the other direction the topology
can be used to study the groups.
Recall that if X is a topological space then its fundamental group based at a point
x0 , denoted .X; x0 /, is the group of all homotopy classes of closed paths at x0 . If X
is path connected then the fundamental groups at different points are all isomorphic
and we can speak of the fundamental group of X which we will denote .X /. Historically group presentations were developed to handle the fundamental groups of spaces
which allowed simplicial or cellular decompositions. In these cases the presentation
of the fundamental group can be read off from the combinatorial decomposition of
the space.
An (abstract) simplicial complex or cell complex K is a topological space consisting of a set of points called the vertices, which we will denote V .K/, and collections
of subsets of vertices called simplexes or cells which have the property that the intersection of any two simplices is again a simplex. If n is the number of vertices in a cell
then n 1 is called its dimension. Hence the set of vertices are the 0-dimensional cells
and a simplex v1 ; : : : ; vn is an .n 1/-dimensional cell. The 1-dimensional cells
are called edges. These have the form u; v where u and v are vertices. One should
think of the cells in a geometric manner so that the edges are really edges, the 2-cells
are lled triangles, that are equivalent to disks and so on. The maximum dimension of
any cell in a complex K is called the dimension of K. From now on we will assume
that our simplicial complexes are path connected.
A graph is just a 1-dimensional simplicial complex. Hence consists of just
vertices and edges. If K is any complex then the set of vertices and edges is called the
1-skeleton of K. Similarly all the cells of dimension less than or equal to 2 comprise
the 2-skeleton. A connected graph with no closed paths in it is called a tree. If K is
210
any complex then a maximal tree in K is a tree that can be contained in no other tree
within K.
From the viewpoint of combinatorial group theory what is relevant is that if K is
a complex then a presentation of its fundamental group can be determined from its
2-skeleton and read off directly. In particular:
Theorem 14.5.1. Suppose that K is a connected cell complex. Suppose that T is
a maximal tree within the 1-skeleton of K. Then a presentation for .K/ can be
determined in the following manner:
Generators: all edges outside of the maximal tree T
Relations:
(a) u; v D 1 if u; v is an edge in T
(b) u; vv; w D u; w if u; v; w lie in a simplex of K.
From this the following is obvious:

Corollary 14.5.2. The fundamental group of a connected graph is free. Further its
rank is the number of edges outside a maximal tree.
A connected graph is homotopic to a wedge or bouquet of circles. If there are
n circles in a bouquet of circles then the fundamental group is free of rank n. The
converse is also true. A free group can be realized as the fundamental group of a
wedge of circles.
An important concept in applying combinatorial group theory is that of a covering
complex.
Denition 14.5.3. Suppose that K is a complex. Then a complex K1 is a covering
complex for K if there exists a surjection p W K1 ! K called a covering map with
the property that for any cell s 2 K the inverse image p 1 .s/ is a union of pairwise
disjoint cells in K1 and p restricted to any of the preimage cells is a homeomorphism.
That is for each simplex S in K we have
[
p 1 .S/ D
Si
and p W Si ! S is a bijection for each i .
The following then becomes clear.
Lemma 14.5.4. If K1 is a connected covering complex for K then K1 and K have
the same dimension.
What is crucial in using covering complexes to study the fundamental group is that
there is a Galois theory of covering complexes and maps. The covering map p induces
a homomorphism of the fundamental group which we will also call p. Then:
Section 14.5 Geometric Interpretation
211
Theorem 14.5.5. Let K1 be a covering complex of K with covering map p. Then

p..K1 // is a subgroup of .K/. Conversely to each subgroup H of .K/ there is a
covering complex K1 with .K1 / D H . Hence there is a one-to-one correspondence
between subgroups of the fundamental group of a complex K and covers of K.
We will see the analog of this theorem in regard to algebraic eld extensions in
Chapter 15.
A topological space X is simply connected if .X / D 1. Hence the covering
complex of K corresponding to the identity in .K/ is simply connected. This is
called the universal cover of K since it covers any other cover of K.
Based on Theorem 14.5.1 we get a very simple proof of the NielsenSchreier theorem.
Theorem 14.5.6 (NielsenSchreier). Any subgroup of a free group is free.
Proof. Let F be a free group. Then F D .K/ where K is a connected graph. Let
H be a subgroup of F . Then H corresponds to a cover K1 of K. But a cover is also
1-dimensional and hence H D .K1 / where K1 is a connected graph and hence H
is also free.
The fact that a presentation of a fundamental group of a simplicial complex is determined by its 2-skeleton goes in the other direction also. That is given an arbitrary
presentation there exists a 2-dimensional complex whose fundamental group has that
presentation. Essentially given a presentation hXI Ri we consider a wedge of circles
with cardinality jX j. We then paste on a 2-cell for each relator W in R bounded by
the path corresponding to the word W .
Theorem 14.5.7. Given an arbitrary presentation hXI Ri there exists a connected
2-complex K with .K/ D hXI Ri.
We note that the books by Rotman [26] and Camps, groe Rebel and Rosenberger [15] have very nice detailed and accessible descriptions of groups and complexes.
Cayley and then Dehn introduced for each group G, a graph, now called its Cayley
graph, as a tool to apply complexes to the study of G. The Cayley graph is actually
tied to a presentation and not to the group itself. Gromov reversed the procedure and
showed that by considering the geometry of the Cayley graph one could get information about the group. This led to the development of the theory of hyperbolic groups
(see for instance [15]).
Denition 14.5.8. Let G D hXI Ri be a presentation. We form a graph .G; X / in
the following way. Let A D X [ X 1 . For the vertex set of .G; X / we take the
elements of G, that is V ./ D g W g 2 G. The edges of are given by the set
.g; x/ W g 2 G; x 2 A. We call g the initial point and gx is the terminal point. That
212
is two points g; g1 in the vertex set are connected by an edge if g1 D gx for some
x 2 A. We have .g; x/1 D .gx; x 1 /. This gives a directed graph called the Cayley
graph of G on the generating set X.
Call x the label on the edge .g; x/. Given a g 2 G then G is represented by at least
one word W in A. This represents a path in the Cayley graph. The length of the word
W is the length of the path. This is equivalent to making each edge have length one.
If we take the distance between 2 points as the minimum path length we make the
Cayley graph a metric space. This metric is called the word metric. If we extend this
metric to all pairs of points in the Cayley graph in the obvious way (making each edge
a unit real interval) then the Cayley graph becomes a geodesic metric space. Each
closed path in the Cayley graph represents a relator.
By left multiplication the group G acts on the Cayley graph as a group of isometries.
Further the action of G on the Cayley graph is without inversion, that is ge e 1 ,
if e is an edge.
If we sew in a 2-cell for each closed path in the Cayley graph we get a simply
connected 2-complex called the Cayley complex.
14.6
Presentations of Factor Groups
Let G be a group with a presentation G D hXI Ri. Suppose that H is a factor

group of G, that is H G=N for some normal subgroup N of G. We show that
a presentation for H is then H D hX I R [ R1 i where R1 is a, perhaps additional,
system of relators.
Theorem 14.6.1 (Dycks theorem). Let G D hX I Ri and suppose that H G=N
where N is a normal subgroup of G. Then a presentation for H is hXI R [ R1 i for
some set of words R1 on X. Conversely the presentation hXI R [ R1 i denes a group
that is a factor group of G.
Proof. Since each element of H is a coset of N they have the form gN for g 2 G. It is
clear then that the images of X generate H . Further since H is a homomorphic image
of G each relator in R is a relator in H . Let N1 be a set of elements that generate
N and let R1 be the corresponding words in the free group on X. Then R1 is an
additional set of relators in H . Hence R [ R1 is a set of relators for H . Any relator
in H is either a relator in G and hence a consequence of R or can be realized as an
element of G that lies in N and hence is a consequence of R1 . Therefore R [ R1 is a
complete set of dening relators for H and H has the presentation H D hX I R [R1 i.
Conversely G D hXI Ri; G1 D hXI R [ R1 i. Then G D F .X /=N1 where N1 D
N.R/ and G1 D F .X /=N2 where N2 D N.R [ R1 /. Hence N1 N2 . The normal
subgroup N2 =N1 of F .X /=N1 corresponds to a normal subgroup of H of G and
Section 14.7 Group Presentations and Decision Problems
213
therefore by the isomorphism theorem

G=H .F .X /=N1 /=.N2 =N1 / F .X /=N2 G1 :
14.7
Group Presentations and Decision Problems
We have seen that given any group G there exists a presentation for it, G D hXI Ri.
In the other direction given any presentation hXI Ri we have seen that there is a group
with that presentation. In principle every question about a group can be answered via
a presentation. However things are not that simple. Max Dehn in his pioneering work
on combinatorial group theory about 1910 introduced the following three fundamental
group decision problems.
(1) Word Problem: Suppose G is a group given by a nite presentation. Does there
exist an algorithm to determine if an arbitrary word w in the generators of G
denes the identity element of G?
(2) Conjugacy Problem: Suppose G is a group given by a nite presentation. Does
there exist an algorithm to determine if an arbitrary pair of words u; v in the
generators of G dene conjugate elements of G?
(3) Isomorphism Problem: Does there exist an algorithm to determine given two
arbitrary nite presentations whether the groups they present are isomorphic or
not?
All three of these problems have negative answers in general. That is for each of
these problems one can nd a nite presentation for which these questions cannot
be answered algorithmically (see [23]). Attempts for solutions and for solutions in
restricted cases have been of central importance in combinatorial group theory. For
this reason combinatorial group theory has always searched for and studied classes of
groups in which these decision problems are solvable.
For nitely generated free groups there are simple and elegant solutions to all three
problems. If F is a free group on x1 ; : : : ; xn and W is a freely reduced word in
x1 ; : : : ; xn then W 1 if and only if L.W / 1. Since freely reducing any word
to a freely reduced word is algorithmic this provides a solution to the word problem.
Further a freely reduced word W D xve11 xve22 : : : xvenn is cyclically reduced if v1 vn
or if v1 D vn then e1 en . Clearly then every element of a free group is conjugate
to an element given by a cyclically reduced word called a cyclic reduction. This leads
to a solution to the conjugacy problem. Suppose V and W are two words in the
generators of F and V ; W are respective cyclic reductions. Then V is conjugate to
W if and only if V is a cyclic permutation of W . Finally two nitely generated free
groups are isomorphic if and only if they have the same rank.
214
14.8
Group Amalgams: Free Products and Direct Products
Closely related to free groups in both form and properties are free products of groups.
Let A D ha1 ; : : : I R1 ; : : :i and B D hb1 ; : : : I S1 ; : : :i be two groups. We consider A
and B to be disjoint. Then:
Denition 14.8.1. The free product of A and B denoted A
B is the group G with
the presentation ha1 ; : : : ; b1 ; : : : I R1 ; : : : ; S1 ; : : :i, that is the generators of G consist
of the disjoint union of the generators of A and B with relators taken as the disjoint
union of the relators Ri of A and Sj of B. A and B are called the factors of G.
In an analogous manner the concept of a free product can be extended to an arbitrary
collection of groups.
Denition 14.8.2. If A D hgens A I rels A i; 2 I, is a collection of groups, then
their free product G D
A is the group whose generators consist of the disjoint
union of the generators of the A and whose relators are the disjoint union of the
relators of the A .
Free products exist and are nontrivial. We have:
Theorem 14.8.3. Let G D A
B. Then the maps A ! G and B ! G are injections. The subgroup of G generated by the generators of A has the presentation
hgenerators of AI relators of Ai, that is, is isomorphic to A. Similarly for B. Thus A
and B can be considered as subgroups of G. In particular A
B is nontrivial if A
and B are.
Free products share many properties with free groups. First of all there is a categorical formulation of free products. Specically we have:
Theorem 14.8.4. A group G is the free product of its subgroups A and B if A and B
generate G and given homomorphisms f1 W A ! H; f2 W B ! H into a group H
there exists a unique homomorphism f W G ! H extending f1 and f2 .
Secondly each element of a free product has a normal form related to the reduced
words of free groups. If G D A
B then a reduced sequence or reduced word in G
is a sequence g1 g2 : : : gn , n 0, with gi 1, each gi in either A or B and gi ; gi C1
not both in the same factor. Then:
Theorem 14.8.5. Each element g 2 G D A
B has a unique representation as a
reduced sequence. The length n is unique and is called the syllable length. The case
n D 0 is reserved for the identity.
Section 14.8 Group Amalgams: Free Products and Direct Products
215
A reduced word g1 : : : gn 2 G D A
B is called cyclically reduced if either n 1
or n 2 and g1 and gn are from different factors. Certainly every element of G is
conjugate to a cyclically reduced word.
From this we obtain several important properties of free products which are analogous to properties in free groups.
Theorem 14.8.6. An element of nite order in a free product is conjugate to an element of nite order in a factor. In particular a nite subgroup of a free product is
entirely contained in a conjugate of a factor.
Theorem 14.8.7. If two elements of a free product commute then they are both powers
of a single element or are contained in a conjugate of an abelian subgroup of a factor.
Finally a theorem of Kurosh extends the NielsenSchreier theorem to free products.
Theorem 14.8.8 (Kurosh). A subgroup of a free product is also a free product. Explicitly if G D A
B and H G then
H D F
.
A /
.
B /
where F is a free group and .
A / is a free product of conjugates of subgroups of A
and .
B / is a free product of conjugates of subgroups of B.
We note that the rank of F as well as the number of the other factors can be computed. A complete discussion of these is in [24], [23] and [15].
If A and B are disjoint groups then we now have two types of products forming new
groups out of them, the free product and the direct product. In both these products
the original factors inject. In the free product there are no relations between elements
of A and elements of B while in a direct product each element of A commutes with
each element of B. If a 2 A and b 2 B a cross commutator is a; b D aba1 b 1 .
The direct product is a factor group of the free product and the kernel is precisely the
normal subgroup generated by all the cross commutators.
Theorem 14.8.9. Suppose that A and B are disjoint groups. Then
A B D .A ? B/=H
where H is the normal closure in A ? B of all the cross commutators. In particular a
presentation for A B is given by
A B D hgens A; gens BI rels A; rels B; a; b for all a 2 A; b 2 Bi:
216
14.9
Exercises
1. Let X 1 be a set disjoint from X but bijective to X. A word in X is a nite

sequence of letters from the alphabet. That is a word has the form
i
i
w D xi11 xi2 2 : : : xinin ;

where xij 2 X and ij D 1. Let W .X / be the set of all words on X.
If w1 ; w2 2 W .X / we say that w1 is equivalent to w2 , denoted w1 w2 , if w1
can be converted to w2 by a nite string of insertions and deletions of trivial words.
Verify that this is an equivalence relation on W .X /.
2. In F .X / let N.X / be the subgroup generated by all squares in F .X / that is
N.X / D hg2 W g 2 F .X /i:
Show that N.X / is a normal subgroup and the factor group F .X /=N.X / is abelian
where every nontrivial element has order 2.
3. Show that a free group F is torsion-free.
4. Let F be a free group and a; b 2 F . Show: If ak D b k , k 0, then a D b.
5. Let F D ha; bI i a free group with basis a; b. Let ci D ai bai , i 2 Z. Then
G D hci ; i 2 Zi is free with basis ci ji 2 Z.
6. Show that hx; yI x 2 y 3 ; x 3 y 4 i hxI xi D 1.
7. Let G D hv1 ; : : : ; vn I v12 vn2 i, n 1, and W G ! Z2 the epimorphism with
.vi / D 1 for all i. Let U be the kernel of . Then U has a presentation
1 1
U D hx1 ; : : : ; xn1 ; y1 ; : : : ; yn1 I y1 x1 yn1 xn1 yn1
xn1 y11 x11 i.
8. Let M D hx; yI x 2 ; y 3 i PSL.2; Z/ be the modular group. Let M 0 be the
commutator subgroup. Show that M 0 is a free group of rank 2 with a basis
x; y; x; y 2 .
Chapter 15
Finite Galois Extensions
15.1
Galois Theory and the Solvability of Polynomial

Equations
As we mentioned in Chapter 1, one of the origins of abstract algebra was the problem
of trying to determine a formula for nding the solutions in terms of radicals of a
fth degree polynomial. It was proved rst by Rufni in 1800 and then by Abel that
it is impossible to nd a formula in terms of radicals for such a solution. Galois in
1820 extended this and showed that such a formula is impossible for any degree ve
or greater. In proving this he laid the groundwork for much of the development of
modern abstract algebra especially eld theory and nite group theory. One of the
goals of this book has been to present a comprehensive treatment of Galois theory and
a proof of the results mentioned above. At this point we have covered enough general
algebra and group theory to discuss Galois extensions and general Galois theory.
In modern terms, Galois theory is that branch of mathematics that deals with the
interplay of the algebraic theory of elds, the theory of equations and nite group
theory. This theory was introduced by Evariste Galois about 1830 in his study of the
insolvability by radicals of quintic (degree 5) polynomials, a result proved somewhat
earlier by Rufni and independently by Abel. Galois was the rst to see the close
connection between eld extensions and permutation groups. In doing so he initiated
the study of nite groups. He was the rst to use the term group, as an abstract
concept, although his denition was really just for a closed set of permutations.
The method Galois developed not only facilitated the proof of the insolvability of
the quintic and higher powers but led to other applications and to a much larger theory
as well.
The main idea of Galois theory is to associate to certain special types of algebraic
eld extensions called Galois extensions a group called the Galois group. The properties of the eld extension will be reected in the properties of the group, which are
somewhat easier to examine. Thus, for example, solvability by radicals can be translated into solvability of groups which was discussed in Chapter 12. Showing that for
every degree ve or greater there exists a eld extension whose Galois group is not
solvable proves that there cannot be a general formula for solvability by radicals.
The tie-in to the theory of equations is as follows: If f .x/ D 0 is a polynomial
equation over some eld F , we can form the splitting eld K. This is usually a Galois
218
Chapter 15 Finite Galois Extensions
extension, and therefore has a Galois group called the Galois group of the equation.
As before, properties of this group will reect properties of this equation.
15.2
Automorphism Groups of Field Extensions
In order to dene the Galois group we must rst consider the automorphism group of
a eld extension. In this section K; L; M will always be (commutative) elds with
additive identity 0 and multiplicative identity 1.
Denition 15.2.1. Let LjK be a eld extension. Then the set
Aut.LjK/ D 2 Aut.L/ W jK D the identity on K
is called the set of automorphisms of L over K. Notice that if 2 Aut.LjK/ then
.k/ D k for all k 2 K.
Lemma 15.2.2. Let LjK be a eld extension. Then Aut.LjK/ forms a group called
the Galois group of LjK.
Proof. Aut.LjK/ Aut.L/ and hence to show that Aut.LjK/ is a group we only
have to show that its a subgroup of Aut.L/. Now the identity map on L is certainly
the identity map on K so 1 2 Aut.LjK/ and hence Aut.LjK/ is nonempty. If ; 2
Aut.LjK/ then consider 1 . If k 2 K then .k/ D k and .k/ D k so 1 .k/ D k.
Therefore 1 .k/ D k for all k 2 K and hence 1 2 Aut.LjK/. It follows that
Aut.LjK/ is a subgroup of Aut.L/ and therefore a group.
If f .x/ 2 Kx n K and L is the splitting eld of f .x/ over K then Aut.LjK/ is
also called the Galois group of f .x/.
Theorem 15.2.3. If P is the prime eld of L then Aut.LjP / D Aut.L/.
Proof. We must show that any automorphism of a prime eld P is the identity. If
2 Aut.L/ then .1/ D 1 and so .n 1/ D n 1. Therefore in P , xes all integer
multiples of the identity. However every element of P can be written as a quotient
m1
n 1 of integer multiples of the identity. Since is a eld homomorphism and xes
both the top and the bottom it follows that will x every element of this form and
hence x each element of P .
For splitting elds the Galois group is a permutation group on the roots of the
dening polynomial.
Theorem 15.2.4. Let f .x/ 2 Kx and L the splitting eld of f .x/ over K. Suppose
that f .x/ has roots 1 ; : : : ; n 2 L.
Section 15.2 Automorphism Groups of Field Extensions
219
(a) Then each 2 Aut.LjK/ is a permutation on the roots. In particular Aut.LjK/

is isomorphic to a subgroup of Sn and uniquely determined by the zeros of f .x/.
(b) If f .x/ is irreducible then Aut.LjK/ operates transitively on 1 ; : : : ; n .
Hence for each i; j there is a 2 Aut.LjK/ such that .i / D j .
(c) If f .x/ D b.x1 / .xn / with 1 ; : : : ; n distinct and Aut.LjK/ operates
transitively on 1 ; : : : ; n then f .x/ is irreducible.
Proof. For the proofs we use the results of Chapter 8.
(a) Let 2 Aut.K/. Then from Theorem 8.1.5 we obtain that permutes the roots
1 ; : : : ; n . Hence j1 ;:::;n 2 Sn . This map then denes a homomorphism
W Aut.LjK/ ! Sn
by ./ D j1 ;:::;n :
Further is uniquely determined by the images .i /. It follows that is a monomorphism.

(b) If f .x/ is irreducible then Aut.LjK/ operates transitively on the set 1 ; : : : ;
n again following from Theorem 8.1.5.
(c) Suppose that f .x/ D b.x 1 / .x n / with 1 ; : : : ; n distinct and f 2
Aut.LjK/ operates transitively on 1 ; : : : ; n . Assume that f .x/ D g.x/h.x/ with
g.x/; h.x/ 2 Kx n K. Without loss of generality let 1 be a zero of g.x/ and n be
a zero of h.x/.
Let 2 Aut.LjK/ with .1 / D n . However .g.x// D g.x/, that is .1 / is
a zero of .g.x// D g.x/ which gives a contradiction since n is not a zero of g.x/.
Therefore f .x/ must be irreducible.
p p
Example 15.2.5. Let f .x/ D .x 2 2/.x 2 3/ 2 Qx. The eld L D Q. 2; 3/
is the spitting eld of f .x/.
Over L we have
p
p
p
p
f .x/ D .x C 2/.x 2/.x C 3/.x 3/:
We want to determine the Galois group Aut.LjQ/ D Aut.L/ D G.
Lemma 15.2.6. The Galois group G above is the Klein 4-group.
Proof. First we show
4. Let 2 Aut.L/. Then is uniquely
p that jAut.L/j
p
determined by . 2/ and . 3/ and
p 2
p
p
.2/ D 2 D . 2/2 D . 2 / D .. 2//2 :
p
p
p
p
Hence . 2/ D 2. Analogously . 3/ D 3. From this it follows that
jAut.L/j 4. Further 2 D 1 for any 2 G.
p
3 is irreducible over K D Q.
Next we show that the polynomial f .x/ D x 2 p
p 2/.
Assume that x 2 3 were reducible over K. Then 3 2 K. This implies that 3 D
220
p
p
C dc 2 with a; b; c; d 2 Z and b 0 d and gcd.c; d / D 1. Then bd 3 D
p
p
c 2 C 2 2adbc. Since bd 0 this implies
ad C bc 2 hence 3b 2 d 2 D a2 b 2 C 2b 2p
that we must have ac D 0. If c D 0 then 3 D ab 2 Q a contradiction. If a D 0 then
p
p
3 D dc 2 which implies 3d 2 D 2c 2 . It follows from this that 3j gcd.c; d / D 1
p
again a contradiction. Hence f .x/ D x 2 3 is irreducible over K D Q. 2/.
Since L is the splitting eld of f .x/ and
p f .x/ is
pirreducible over K then therepexists
an automorphism 2 Aut.L/ with . 3/ D 3 and jK D IK , that is . 2/ D
p
p
p
p
p
2. Analogously there is a 2 Aut.L/ with . 2/ D 2 and . 3/ D 3.
Clearly , D and . It follows that Aut.L/ D 1; ; ; .
a
b
15.3
Finite Galois Extensions
We now dene (nite) Galois extensions. First we introduce the concept of a Fix eld.
Let K be a eld and G a subgroup of Aut.K/. Dene the set
Fix.K; G/ D k 2 K W g.k/ D k 8g 2 G:
Theorem 15.3.1. For a G Aut.K/, the set Fix.K; G/ is a subeld of K called the
Fix eld of G over K.
Proof. 1 2 K is in Fix.K; G/ so Fix.K; G/ is not empty. Let k1 ; k2 2 Fix.K; G/ and
let g 2 G. Then g.k1 k2 / D g.k1 / g.k2 / since g is an automorphism. Then
g.k1 / g.k2 / D k1 k2 and it follows that k1 k2 2 Fix.K; G/. In an analogous
manner k1 k21 2 Fix.K; G/ if k2 0 and therefore Fix.K; G/ is a subeld of K.
Using the concept of a x eld we dene a nite Galois extension.
Denition 15.3.2. LjK is a (nite) Galois extension if there exists a nite subgroup
G Aut.L/ such that K D Fix.L; G/.
We now give some examples of nite Galois extensions.
p p
Lemma 15.3.3. Let L D Q. 2; 3/ and K D Q. Then LjK is a Galois extension.
Proof. Let G D Aut.LjK/. From the example in the previous section there are
automorphisms ; 2 G with
p
p
p
p
p
p
p
p
. 3/ D 3; . 2/ D 2 and . 2/ D 2; . 3/ D 3:
We have
p
p
p p
Q. 2; 3/ D c C d 3 W c; d 2 Q. 2/:
p
p p
Let t D a1 C b1 2 C .a2 C b2 2/ 3 2 Fix.L; G/.
221
Section 15.4 The Fundamental Theorem of Galois Theory
Then applying we have
p
p p
t D .t / D a1 b1 2 C .a2 b2 2/ 3:
p
p
It follows thatp
b1 C b2 3 D 0, that is, b1 D b2 D 0 since
p 3 Q. Therefore
t D a1 C a2 3. Applying we have .t / D a1 a2 3 and hence a2 D 0.
Therefore t D a1 2 Q. Hence Q D Fix.L; G/ and LjK is a Galois extension.
1
Lemma 15.3.4. Let L D Q.2 4 / and K D Q. Then LjK is not a Galois extension.
1
Proof. Suppose that 2 Aut.L/ and a D 2 4 . Then a is a zero of x 4 2 and hence

1
.a/ D 2 4
or
1
.a/ D i 2 4 L
.a/ D 2
1
4
since i L
or
or
1
4
.a/ D i 2 L
p
p
In particular . 2/ D 2 and therefore
since i L:
p
Fix.L; Aut.L// D Q. 2/ Q:
15.4
The Fundamental Theorem of Galois Theory
We now state the fundamental theorem of Galois theory. This theorem describes the
interplay between the Galois group and Galois extensions. In particular the result ties
together subgroups of the Galois group and intermediate elds between L and K.
Theorem 15.4.1 (fundamental theorem of Galois theory). Let LjK be a Galois extension with Galois group G D Aut.LjK/. For each intermediate eld E let .E/ be
the subgroup of G xing E. Then:
(1) is a bijection between intermediate elds containing K and subgroups of G.
(2) LjK is a nite extension and if M is an intermediate eld then
jL W M j D jAut.LjM /j
jM W Kj D jAut.LjK/ W Aut.LjM /j:
(3) If M is an intermediate eld then
(a) LjM is always a Galois extension
(b) M jK is a Galois extension if and only if
Aut.LjM / is a normal subgroup of Aut.LjK/:
222
(4) If M is an intermediate eld and M jK is a Galois extension then

(a) .M / D M for all 2 Aut.LjK/,
(b) the map W Aut.LjK/ ! Aut.M jK/ with ./ D jM D is an
epimorphism,
(c) Aut.M jK/ D Aut.LjK/= Aut.LjM /.
(5) The lattice of subelds of L containing K is the inverted lattice of subgroups of
Aut.KjL/.
We will prove this main result via a series of theorems and then combine them all.
Theorem 15.4.2. Let G be a group, K a eld and 1 ; : : : ; n pairwise distinct group
homomorphisms from G to K ? the multiplicative group of K. Then 1 ; : : : ; n are
linearly independent elements of the K-vector space of all homomorphisms from G
to K.
Proof. The proof is by induction on n. If n D 1 and k1 D 0 with k 2 K then
0 D k1 .1/ D k 1 and hence k D 0. Now suppose that n 2 and suppose that each
n 1 of the 1 ; : : : ; n are linearly independent over K. If
n
X
ki i D 0;
ki 2 K
(
)
i D1
then we must show that all ki D 0. Since 1 n there exists an a 2 G with

1 .a/ n .a/. Let g 2 G and apply the sum above to ag. We get
n
X
ki .i .a//.i .g// D 0:
i D1
Now multiply equation (

) by n .a/ 2 K to get
n
X
ki .n .a//.i .g// D 0:
i D1
If we subtract equation (
) from equation (
) then the last term vanishes and we

have an equation in the n 1 homomorphism 1 ; : : : ; n1 . Since these are linearly
independent we obtain
k1 .1 .a// k1 .n .a// D 0
for the coefcient for 1 . Since 1 .a/ n .a/ we must have k1 D 0. Now
2 ; : : : ; n1 are by assumption linearly independent so k2 D D kn D 0 also.
Hence all the coefcients must be zero and therefore the mappings are independent.
223
Theorem 15.4.3. Let 1 ; : : : ; n be pairwise distinct monomorphisms from the eld

K into the eld K 0 . Let
L D k 2 K W 1 .k/ D 2 .k/ D D n .k/:
Then L is a subeld of K with jL W Kj n.
Proof. Certainly L is a eld. Assume that r D jK W Lj < n and let a1 ; : : : ; ar be a
basis of the L-vector space K. We consider the following system of linear equations
with r equations and n unknowns.
.1 .a1 //x1 C C .n .a1 //xn D 0
::
:
.1 .ar //x1 C C .n .ar //xn D 0:
Since r < n there exists a nontrivial solution .x1 ; : : : ; xn / 2 .K 0 /n .
Let a 2 K. Then
r
X
lj aj with lj 2 L:
aD
j D1
From the denition of L we have

1 .lj / D i .lj / for i D 2; : : : ; n:
Then with our nontrivial solution .x1 ; : : : ; xn / we have
n
X
xi .i .a// D
i D1
n
X
xi
i D1
r
X
X
r

i .lj /i .aj /
j D1
.1 .lj //
j D1
n
X
xi .i .aj // D 0
i D1
since
Pn 1 .lj / D i .lj / for i D 2; : : : ; n. This holds for all a 2 K and hence
iD1 xi i D 0 contradicting Theorem 15.4.2. Therefore our assumption that jK W
Lj < n must be false and hence jK W Lj n.
Denition 15.4.4. Let K be a eld and G a nite subgroup of Aut.K/. The map
trG W K ! K given by
X
.k/
trG .k/ D
2G
is called the G-trace of K.
224
Theorem 15.4.5. Let K be a eld and G a nite subgroup of Aut.K/. Then

0 trG .K/ Fix.K; G/:
Proof. Let 2 G. Then
.trG .k// D
X
2G
.k/ D
.k/ D trG .k/:
2G
Therefore trG .K/ Fix.K; G/.

P
Now assumePthat trG .k/ D 0 for all k 2 K. Then 2G .k/ D 0 for all k 2 K.
It follows that 2G is the zero map and hence the set of all 2 G are linearly dependent as elements of the K-vector space of all maps from K to K. This contradicts
Theorem 15.4.2 and hence the trace cannot be the zero map.
jK W Fix.K; G/j D jGj:
Proof. Let L D Fix.K; G/ and suppose that jGj D n. From Theorem 15.4.3 we
know that jK W Lj n. We must show that jK W Lj n.
Suppose that G D 1 ; : : : ; n . To prove the result we show that if m > n and
a1 ; : : : ; am 2 K then a1 ; : : : ; am are linearly dependent.
We consider the system of equations
.11 .a1 //x1 C C .11 .am //xm D 0
::
:
.n1 .a1 //x1 C C .n1 .am //xm D 0:
Since m > n there exists a nontrivial solution .y1 ; : : : ; ym / 2 K m . Suppose that
yl 0. Using Theorem 15.4.5 we can choose k 2 K with trG .k/ 0. Dene
.x1 ; : : : ; xm / D kyl1 .y1 ; : : : ; ym /:
This m-tuple .x1 ; : : : ; xm / is then also a nontrivial solution of the system of equations
considered above.
Then we have
trG .xl / D trG .k/ since xl D k:
Now we apply i to the i-th equation to obtain
a1 .1 .x1 // C C am .1 .xm // D 0
::
:
a1 .n .x1 // C C am .n .xm // D 0:
225
Summation leads to
0D
m
X
j D1
aj
n
m
X
X
.i .xj // D
.trG .xj //aj
i D1
j D1
by denition of the G-trace. Hence a1 ; : : : ; am are linearly dependent over L since

trG .xl / 0. Therefore jK W Lj n. Combining this with Theorem 15.4.3 we get
that jK W Lj D n D jGj.
Aut.Kj Fix.K; G// D G:
Proof. G Aut.Kj Fix.K; G// since if g 2 G then g 2 Aut.K/ and g xes
Fix.K; G/ by denition. Therefore we must show that Aut.Kj Fix.K; G// G.
Assume then that there exists an 2 Aut.Kj Fix.K; G// with G. Suppose, as
in the previous proof, jGj D n and G D 1 ; : : : ; n with 1 D 1. Now
Fix.K; G/ D a 2 K W a D 2 .a/ D D n .a/
D a 2 K W .a/ D a D 2 .a/ D D n .a/:
From Theorem 15.4.3 we have that jK W Fix.K; G/j n C 1. However from Theorem 15.4.6 jK W Fix.K; G/j D n getting a contradiction.
Suppose that LjK is a Galois extension. We now establish that the map between
intermediate elds K E L and subgroups of Aut.LjK/ is a bijection.
Theorem 15.4.8. Let LjK be a Galois extension. Then:
(1) Aut.LjK/ is nite and
Fix.L; Aut.LjK// D K:
(2) If H Aut.LjK/ then
Aut.Lj Fix.L; H // D H:
Proof. (1) If .LjK/ is a Galois extension there is a nite subgroup of Aut.L/ with
K D Fix.K; G/. From Theorem 15.4.7 we have G D Aut.LjK/. In particular
Aut.LjK/ is nite and K D Fix.L; Aut.LjK//.
(2) Let H Aut.LjK/. From part (1) H is nite and then Aut.Lj Fix.L; H // D
H from Theorem 15.4.7.
226
Theorem 15.4.9. Let LjK be a eld extension. Then the following are equivalent.
(1) LjK is a Galois extension.
(2) jL W Kj D jAut.LjK/j < 1.
(3) jAut.LjK/j < 1 and K D Fix.L; Aut.LjK//.
Proof. (1) ) (2): Now jAut.LjK/j < 1 and Fix.L; Aut.LjK// D K from Theorem 15.4.8. Therefore jL W Kj D jAut.LjK/j from Theorem 15.4.6.
(2) ) (3): Let G D Aut.LjK/. Then K Fix.L; G/ L. From Theorem 15.4.6
we have
jL W Fix.L; G/j D jGj D jL W Kj:
(3) ) (1) follows directly from the denition completing the proof.
We now show that if LjK is a Galois extension then LjM is also a Galois extension
for any intermediate eld M .
Theorem 15.4.10. Let LjK be a Galois extension and K M L be an intermediate eld. Then LjM is always a Galois extension and
Proof. Let G D Aut.LjK/. Then jGj < 1 and further K D Fix.L; G/ from Theorem 15.4.9. Dene H D Aut.LjM / and M 0 D Fix.L; H /. We must show that
M 0 D M for then LjM is a Galois extension.
S
Since the elements of H x M we have M M 0 . Let G D riD1 i H a disjoint
union of the cosets of H . Let 1 D 1 and dene i D .i /jM . The 1 ; : : : ; r are
pairwise distinct for if i D j , that is .i /jM D .j /jM , then j1 i 2 H so i and
j are in the same coset.
We claim that
a 2 M W 1 .a/ D D r .a/ D M \ Fix.L; G/:
Further we know that
M \ Fix.L; G/ D M \ K D K
from Theorem 15.4.9.
To establish the claim it is clear that
M \ Fix.L; G/ a 2 M W 1 .a/ D D r .a/
since
a D i .a/ D i .a/
for i 2 G; a 2 K:
227
Hence we must show that

a 2 M W 1 .a/ D D r .a/ M \ Fix.L; G/:
To do this we must show that .b/ D b for all 2 G, b 2 M . We have 2 i H
for some i and hence D i
for
2 H . We obtain then
.b/ D i .
.b// D i .b/ D i .b/ D b
proving the inclusion and establishing the claim.
Now jM W Kj r from Theorem 15.4.3. From the degree formula we get
jL W M 0 jjM 0 W M jjM W Kj D jL W Kj D jGj D jG W H jjH j D rjL W M 0 j
since jL W Kj D jGj from Theorem 15.4.9 and jH j D jL W M 0 j from Theorem 15.4.6.
Therefore jM W M 0 j D 1 and hence M D M 0 since jM W Kj r. Now
jM W Kj D jG W H j D jAut.LjK/ W Aut.LjM /j
Lemma 15.4.11. Let LjK be a eld extension and K M L be an intermediate
eld. If 2 Aut.LjK/ then
Aut.Lj.M // D Aut.LjM / 1 :
Proof. Now 2 Aut.Lj.M // if and only if ..a// D .a/ for all a 2 M . This
occurs if and only if 1 .a/ D a for all a 2 M which is true if and only if
2 Aut.LjM / 1 .
Lemma 15.4.12. Let LjK be a Galois extension and K M L be an intermediate
eld. Suppose that .M / D M for all 2 Aut.LjK/. Then
W Aut.LjK/ ! Aut.M jK/
by ./ D jM
is an epimorphism with kernel ker./ D Aut.LjM /.

Proof. It is clear that is a homomorphism with ker./ D Aut.LjM / (see exercises).
We must show that it is an epimorphism.
Let G D im./. Since LjK is a Galois extension we get that
Fix.M; G/ D Fix.L; Aut.LjK// \ M D K \ M D K:
Then from Theorem 15.4.8 we have
Aut.M jK/ D Aut.M j Fix..M; G// D G
and therefore is an epimorphism.
228
Theorem 15.4.13. Let LjK be a Galois extension and K M L be an intermediate eld. Then the following are equivalent.
(1) M jK is a Galois extension.
(2) If 2 Aut.LjK/ then .M / D M .
(3) Aut.LjM / is a normal subgroup of Aut.LjK/.
Proof. (1) ) (2): Suppose that M jK is a Galois extension. Let Aut.M jK/ D 1 ;
: : : ; r . Consider the i as monomorphisms from M into L. Let rC1 W M ! L be
a monomorphism with rC1jK D 1. Then
a 2 M W 1 .a/ D 2 .a/ D r .a/ D rC1 .a/ D K
since M jK is a Galois extension. Therefore from Theorem 15.4.3 we have that, if the
1 ; : : : ; r ; rC1 are distinct then
jM W Kj r C 1 > r D jAut.M jK/j D jM W Kj
giving a contradiction. Hence if rC1 2 Aut.LjK/ is arbitrary then rC1jM 2
1 ; : : : ; r , that is rC1 xes M .
(2) ) (1): Suppose that if 2 Aut.LjK/ then .M / D M . The map W
Aut.LjK/ ! Aut.M jK/ with ./ D jM is surjective. Since LjK is a Galois
extension then Aut.LjK/ is nite. Therefore also H D Aut.M jK/ is nite. To
prove (1) then it is sufcient to show that K D Fix.M; H /.
The eld K Fix.M; H / from the denition of the Fix eld. Hence we must show
that Fix.M; H / K. Assume that there exists an 2 Aut.LjK/ with .a/ a.
Recall that LjK is a Galois extension and therefore Fix.L; Aut.LjK// D K. Dene
D jM . Then 2 H since .M / D M and our original assumption. Then
.a/ a contradicting a 2 Fix.M; H /. Therefore K D Fix.M; H / and M jK is a
Galois extension.
(2) ) (3): Suppose that if 2 Aut.LjK/ then .M / D M . Then Aut.LjM / is a
normal subgroup of Aut.LjK/ follows from Lemma 15.4.12 since Aut.LjM / is the
kernel of .
(3) ) (2): Suppose that Aut.LjM / is a normal subgroup of Aut.LjK/. Let 2
Aut.LjK/ then from our assumption and Lemma 15.4.11 we get that
Aut.Lj.M // D Aut.LjM /:
Now LjM and Lj.M / are Galois extensions by Theorem 15.4.10. Therefore
.M / D Fix.L; Aut.Lj.M // D Fix.L; Aut.LjM // D M
229
We now combine all of these results to give the proof of Theorem 15.4.1, the fundamental theorem of Galois theory.
Proof of Theorem 15.4.1. Let LjK be a Galois extension.
(1) Let G Aut.LjK/. Both G and Aut.LjK/ are nite from Theorem 15.4.8.
Further G D Aut.Lj Fix.L; G// from Theorem 15.4.7.
Now let M be an intermediate eld of LjK. Then LjM is a Galois extension from
Theorem 15.4.10 and then Fix.L; Aut.LjM // D M from Theorem 15.4.8.
(2) Let M be an intermediate eld of LjK. From Theorem 15.4.10 LjM is a
Galois extension. From Theorem 15.4.9 we have jL W M j D jAut.LjM /j. Applying
Theorem 15.4.10 we get the result on indices
(3) Let M be an intermediate eld of LjK.
(a) From Theorem 15.4.10 we have that LjM is a Galois extension.
(b) From Theorem 15.4.13 M jK is a Galois extension if and only if
Aut.LjM / is a normal subgroup of Aut.LjK/:
(4) Let M jK be a Galois extension.
(a) .M / D M for all 2 Aut.LjK/ from Theorem 15.4.13.
(b) The map W Aut.LjK/ ! Aut.M jK/ with ./ D jM D is an epimorphism follows from Lemma 15.4.12 and Theorem 15.4.13.
(c) Aut.M jK/ D Aut.LjK/= Aut.LjM / follows directly from the group isomorphism theorem.
(5) That the lattice of subelds of L containing K is the inverted lattice of subgroups of Aut.LjK/ follows directly from the previous results.
In Chapter 8 we looked at the following example (Example 8.1.7). Here we analyze
it further using the Galois theory.
Example 15.4.14. Let f .x/ D x 3 7 2 Qx. This has no zeros in Q and since it is
of degree 3 it follows
that it must be irreducible in Qx.
p
3
1
Let ! D 2 C 2 i 2 C. Then it is easy to show by computation that
p
3
1
i
! D
2
2
2
and
! 3 D 1:
Therefore the three zeros of f .x/ in C are

a1 D 71=3 ;
a2 D !.71=3 /;
a3 D ! 2 .71=3 /:
230
Hence L D Q.a1 ; a2 ; a3 / is the splitting eld of f .x/. Since the minimal polynomial of all three zeros over Q is the same .f .x// it follows that
Q.a1 / Q.a2 / Q.a3 /:
Since Q.a1 / R and a2 ; a3 are nonreal it is clear that a2 ; a3 Q.a1 /.
Suppose that Q.a2 / D Q.a3 /. Then ! D a3 a21 2 Q.a2 / and so 71=3 D ! 1 a2 2
Q.a2 /. Hence Q.a1 / Q.a2 / and therefore Q.a1 / D Q.a2 / since they are the same
degree over Q. This contradiction shows that Q.a2 / and Q.a3 / are distinct.
By computation we have a3 D a11 a22 and hence
L D Q.a1 ; a2 ; a3 / D Q.a1 ; a2 / D Q.71=3 ; !/:
Now the degree of L over Q is
jL W Qj D jQ.71=3 ; !/ W Q.!/jjQ.!/ W Qj:
Now jQ.!/ W Qj D 2 since the minimal polynomial of ! over Q is x 2 C x C 1.
Since no zero of f .x/ lies in Q.!/ and the degree of f .x/ is 3 it follows that f .x/ is
irreducible over Q.!/. Therefore we have that the degree of L over Q.!/ is 3. Hence
jL W Qj D .2/.3/ D 6.
Clearly then we have the following lattice of intermediate elds:
The question then arises as to whether these are all the intermediate elds. The
answer is yes which we now prove.
Let G D Aut.LjQ/ D Aut.L/. (Aut.LjQ/ D Aut.L/ since Q is a prime eld).
Now G S3 . G acts transitively on a1 ; a2 ; a3 since f is irreducible. Let W C !
C be the automorphism of C taking each element to its complex conjugate, that is
.z/ D z.
Then .f / D f and jL 2 G (see Theorem 8.2.2). Since a1 2 R we get that
ja1 ;a2 ;a3 D .a2 ; a3 / the 2-cycle that maps a2 to a3 and a3 to a2 . Since G is
transitive on a1 ; a2 ; a3 there is a 2 G with .a1 / D a2 .
231
Case 1: .a3 / D a3 . Then D .a1 ; a2 / and .a1 ; a2 /.a2 ; a3 / D .a1 ; a2 ; a3 / 2 G.

Case 2: .a3 / a3 . Then is a 3-cycle. In either case G is generated by a
transposition and a 3-cycle. Hence G is all of S3 . Then LjQ is a Galois extension
from Theorem 15.4.9 since jGj D jL W Qj.
The subgroups of S3 are as follows:
Hence the above lattice of elds is complete. LjQ; QjQ; Q.!/jQ and LjQ.ai / are
Galois extensions while Q.ai /jQ with i D 1; 2; 3 are not Galois extensions.
15.5
Exercises
1. Let K M L be a chain of elds and let W Aut.LjK/ ! Aut.M jK/ be

dened by ./ D jM . Show that is an epimorphism with kernel ker./ D
Aut.LjM /.
p
p
1
1
2. Show that Q.5 4 /jQ. 5/ and Q. 5/jQ are Galois extensions and Q.5 4 /jQ is
not a Galois extension.
3. Let LjK be a eld extension and u; v 2 L algebraic over K with jK.u/ W Kj D m
and jK.v/ W Kj D n. If m and n are coprime, then jK.u; v/ W Kj D n m.
1
p
4. Let p; q be prime numbers with p q. Let L D Q. p; q 3 /. Show that
1
p
L D Q. p q 3 /. Determine a basis of L over Q and the minimal polynomial
1
p
of p q 3 .
1
5. Let K D Q.2 n / with n 2.

(i) Determine the number of Q-embeddings W K ! R. Show that for each
such embedding we have .K/ D K.
(ii) Determine Aut.KjQ/.
232
6. Let D
p
p
5 C 2 5.
(i) Determine the minimal polynomial of over Q.

(ii) Show that Q.a/jQ is a Galois extension.
(iii) Determine Aut.Q.a/jQ/.
7. Let K be a eld of prime characteristic p and let f .x/ D x p x C a 2 K be an
irreducible polynomial. Let L D K.v/, where v is a zero of f .x/.
(i) If is a zero of f .x/ then also C 1.
(ii) LjK is a Galois extension.
(iii) There is exactly one K-automorphism of L with .v/ D v C 1.
(iv) The Galois group Aut.LjK/ is cyclic with generating element .
Chapter 16
Separable Field Extensions
16.1
Separability of Fields and Polynomials
In the previous chapter we introduced and examined Galois extensions. Recall that
LjK is a Galois extension if there exists a nite subgroup G Aut.L/ such that
K D Fix.L; G/. The following questions immediately arise.
(1) Under what conditions is a eld extension LjK a Galois extension?
(2) When is LjK a Galois extension when L is the splitting eld of a polynomial
f .x/ 2 Kx?
In this chapter we consider these questions and completely characterize Galois extensions. In order to do this we must introduce separable extensions.
Denition 16.1.1. Let K be a eld. Then a nonconstant polynomial f .x/ 2 Kx is
called separable over K if each irreducible factor of f .x/ has only simple zeros in its
splitting eld.
We now extend this denition to eld extensions.
Denition 16.1.2. Let LjK be a eld extension and a 2 L. Then a is separable
over K if a is a zero of a separable polynomial. The eld extension LjK is a separable
eld extension or just separable if all a 2 L are separable over K. In particular a
separable extension is an algebraic extension.
Finally we consider elds where every nonconstant polynomial is separable.
Denition 16.1.3. A eld K is perfect if each nonconstant polynomial in Kx is
separable over K.
The following is straightforward from the denitions. An element a is separable
over K if and only if its minimal polynomial
ma .x/ is separable.
P
If f .x/ 2 Kx then P
f .x/ D niD0 ki x i with ki 2 K. The formal derivative of
f .x/ is then f 0 .x/ D niD1 i ki x i 1 . As in ordinary Calculus we have the usual
differentiation rules
.f .x/ C g.x//0 D f 0 .x/ C g 0 .x/
and
.f .x/g.x//0 D f 0 .x/g.x/ C f .x/g 0 .x/
for f .x/; g.x/ 2 Kx.
234
Chapter 16 Separable Field Extensions
Lemma 16.1.4. Let K be a eld and f .x/ an irreducible nonconstant polynomial in

Kx. Then f .x/ is separable if and only if its formal derivative is nonzero.
Proof. Let L be the splitting eld of f .x/ over K. Let f .x/ D .x a/r g.x/ where
.x a/ does not divide g.x/. Then
f 0 .x/ D .x a/r1 .rg.x/ C .x a/g 0 .x//:
If f 0 .x/ 0 then a is a zero of f .x/ in L over K of multiplicity m 2 if and only
if .x a/jf .x/ and also .x a/jf 0 .x/.
Let f .x/ be a separable polynomial over Kx and let a be a zero of f .x/ in L.
Then if f .x/ D .x a/r g.x/ with .x a/ not dividing g.x/ we must have r D 1.
Then
f 0 .x/ D g.x/ C .x a/g 0 .x/:
If g 0 .x/ D 0 then f 0 .x/ D g.x/ 0. Now suppose that g0 .x/ 0. Assume
that f 0 .x/ D 0. Then necessarily .x a/jg.x/ giving a contradiction. Therefore
f 0 .x/ 0.
Conversely suppose that f 0 .x/ 0. Assume that f .x/ is not separable. Then both
f .x/ and f 0 .x/ have a common zero a 2 L. Let ma .x/ be the minimal polynomial
of a in Kx. Then ma .x/jf .x/ and ma .x/jf 0 .x/. Since f .x/ is irreducible then the
degree of ma .x/ must equal the degree of f .x/. But ma .x/ must also have the same
degree as f 0 .x/ which is less than that of f .x/ giving a contradiction. Therefore
f .x/ must be separable.
We now consider the following example of a nonseparable polynomial over the
nite eld Zp of p elements. We will denote this eld now as GF.p/, the Galois eld
of p elements.
Example 16.1.5. Let K D GF.p/ and L D K.t / the eld of rational functions in t
over K. Consider the polynomial f .x/ D x p t 2 Lx.
Now Kt =tKt K. Since K is a eld this implies that tKt is a maximal ideal
and hence a prime ideal in Kt with prime element t 2 Kt (see Theorem 3.2.7). By
the Eisenstein criteria f .x/ is an irreducible polynomial in Lx (see Theorem 4.4.8).
However f 0 .x/ D px p1 D 0 since char.K/ D p. Therefore f .x/ is not separable.
16.2
Perfect Fields
We now consider when a eld K is perfect. First we show that in general any eld
of characteristic 0 is perfect. In particular the rationals Q are perfect and hence any
extension of the rationals is separable.
Theorem 16.2.1. Each eld K of characteristic zero is perfect.
Section 16.2 Perfect Fields
235
Proof. Suppose that K is a eld with char.K/ D 0. Suppose that f .x/ is a nonconstant polynomial in Kx. Then f 0 .x/ 0. If f .x/ is irreducible then f .x/ is
separable from Lemma 16.1.4. Therefore by denition each nonconstant polynomial
f .x/ 2 Kx is separable.
We remark that in the original motivation for Galois theory the ground eld was the
rationals Q. Since this has characteristic zero it is perfect and all extensions are separable. Hence the question of separability didnt arise until the question of extensions
of elds of prime characteristic arose.
Corollary 16.2.2. Any nite extension of the rationals Q is separable.
We now consider the case of prime characteristic.
Theorem 16.2.3. Let K be a eld with char.K/ D p 0. If f .x/ is a nonconstant
polynomial in Kx then the following are equivalent:
(1) f 0 .x/ D 0.
(2) f .x/ is a polynomial in x p , that is, there is a g.x/ 2 Kx with f .x/ D g.x p /.
If in .1/ and .2/ f .x/ is irreducible then f .x/ is not separable over K if and only if
f .x/ is a polynomial in x p .
P
Proof. Let f .x/ D niD1 ai x i . Then f 0 .x/ D 0 if and only if pji for all i with
ai 0. But this is equivalent to
f .x/ D a0 C ap x p C C am x mp :
If f .x/ is irreducible then we have that f .x/ is not separable if and only if f 0 .x/ D
0 from Lemma 16.1.4.
Theorem 16.2.4. Let K be a eld with char.K/ D p 0. Then the following are
equivalent:
(1) K is perfect.
(2) Each element in K has a p-th root in K.
(3) The Frobenius homomorphism x 7! x p is an automorphism of K.
Proof. First we show that (1) implies (2). Suppose that K is perfect and a 2 K. Then
x p a is separable over K. Let g.x/ 2 Kx be an irreducible factor of x p a. Let L
be the splitting eld of g.x/ over K and b a zero of g.x/ in L. Then b p D a. Further
x p b p D .x b/p 2 Lx since the characteristic of K is p. Hence g.x/ D .x b/s
and then s must equal 1 since g.x/ is irreducible. Therefore b 2 K and b is a p-th
root of a.
Now we show that (2) implies (3). Recall that the Frobenius homomorphism W
x 7! x p is injective (see Theorem 1.8.8). We must show that it is also surjective. Let
236
a 2 K and let b be a p-th root of a so that a D b p . Then .b/ D b p D a and is

surjective.
Finally we show that (3) implies (1). Let W x 7! x p be surjective. It follows that
each a 2 K has a p-th root in K. Now let f .x/ 2 Kx be irreducible. Assume that
f .x/ is not separable. From Theorem 16.2.3 there is a g.x/ 2 Kx with f .x/ D
g.x p /, that is
f .x/ D a0 C a1 x p C C am x mp :
Let bi 2 K with ai D bip . Then
p
p mp
x D .b0 C b1 x C C bm x m /p :
f .x/ D bop C b1 x p C C bm
However this is a contradiction since f .x/ is irreducible. Therefore f .x/ is separable

Theorem 16.2.5. Let K be a eld with char.K/ D p 0. Then each element of K
has at most one p-th power in K.
p
p
Proof. Suppose that b1 ; b2 2 K with b1 D b2 D a. Then
0 D b1p b2p D .b1 b2 /p :

Since K has no zero divisors it follows that b1 D b2 .
16.3
Finite Fields
In this section we consider nite elds. In particular we show that if K is a nite eld
then jKj D p m for some prime p and natural number m > 0. Further we show that
if K1 ; K2 are nite elds with jK1 j D jK2 j then K1 K2 . Hence there is a unique
nite eld for each possible order.
Notice that if K is a nite eld then by necessity char K D p 0. We rst show
that in this case K is always perfect.
Theorem 16.3.1. A nite eld is perfect.
Proof. Let K be a nite eld of characteristic p > 0. Then the Frobenius map W
x 7! x p is surjective since its injective and K is nite. Therefore K is perfect from
Theorem 16.2.4.
Next we show that each nite eld has order p m for some prime p and natural
number m > 0.
Lemma 16.3.2. Let K be a nite eld. Then jKj D p m for some prime p and natural
number m > 0.
237
Section 16.3 Finite Fields
Proof. Let K be a nite eld with characteristic p > 0. Then K can be considered
as a vector space over K D GF.p/ and hence of nite dimension since jKj < 1. If
1 ; : : : ; m is a basis then each f 2 K can be written as f D c1 1 C C cn m with
each ci 2 GF.p/. Hence there are p choices for each ci and therefore p m choices for
each f .
In Theorem 9.5.16 we proved that any nite subgroup of the multiplicative group
of a eld is cyclic. If K is a nite eld then its multiplicative subgroup K ? is nite
and hence is cyclic.
Lemma 16.3.3. Let K be a nite eld. Then its multiplicative subgroup K ? is cyclic.
If K is a nite eld with order p m then its multiplicative subgroup K ? has order
p 1. Then from Lagranges theorem each nonzero element to the power p m is the
identity. Therefore we have the result.
m
Lemma 16.3.4. Let K be a eld of order p m . Then each 2 K is a zero of the

m
m
polynomial x p x. In particular if 0 then is a zero of x p 1 1.
If K is a nite eld of order p m , it is a nite extension of GF.p/. Since the multiplicative group is cyclic we must have K D GF.p/./ for some 2 K. From
this we obtain that for a given possible nite order there is only one nite eld up to
isomorphism.
Theorem 16.3.5. Let K1 ; K2 be nite elds with jK1 j D jK2 j. Then K1 K2 .
Proof. Let jK1 j D jK2 j D p m . From the remarks above K1 D GF.p/./ where
has order p m 1 in K1? . Similarly K2 D GF.p/./ where also has order p m 1
in K2? . Hence GF.p/./ GF.p/./ and therefore K1 K2 .
In Lemma 16.3.2 we saw that if K is a nite eld then jKj D pn for some prime
p and positive integer n. We now show that given a prime power p n there does exist
a nite eld of that order.
Theorem 16.3.6. Let p be a prime and n > 0 a natural number. Then there exists a
eld K of order p n .
n
Proof. Given a prime p consider the polynomial g.x/ D x p x 2 GF.p/x. Let

K be the splitting eld of this polynomial over GF.p/. Since a nite eld is perfect
K is a separable extension and hence all the zeros of g.x/ are distinct in K.
Let F be the set of p n distinct zeros of g.x/ within K. Let a; b 2 F . Since
n
.a b/p D ap b p
and
.ab/p D ap b p
238
it follows that F forms a subeld of K. However F contains all the zeros of g.x/ and
since K is the smallest extension of GF.p/ containing all the zeros of g.x/ we must
have K D F . Since F has p n elements it follows that the order of K is p n .
Combining Theorems 16.3.5 and 16.3.6 we get the following summary result indicating that up to isomorphism there exists one and only one nite eld of order p n .
Theorem 16.3.7. Let p be a prime and n > 0 a natural number. Then up to isomorphism there exists a unique nite eld of order p n .
16.4
Separable Extensions
In this section we consider some properties of separable extensions.

Theorem 16.4.1. Let K be a eld with K L and L algebraically closed. Let
W K ! L be a monomorphism. Then the number of monomorphisms W K.a/ ! L
with jK D is equal to the number of pairwise distinct zeros in L of the minimal
polynomial ma of a over K.
Proof. Let be as in the statement of the theorem. Then is uniquely determined
by .a/ and .a/ is a zero of the polynomial .ma .x// D .ma .x//. Now let a0
be a zero of .ma .x// in L. Then there exists a W K.a/ ! L with .a/ D a0
from Theorem 7.1.4. Therefore has exactly as many extensions as .ma .x// has
pairwise distinct zeros in L. The number of pairwise distinct zeros of .ma .x// is
equal to the number of pairwise distinct zeros of ma .x/. This can be seen as follows.
Let L0 be a splitting eld of ma .x/ and L1 L a splitting eld of .ma .x//. From
Theorems 8.1.5 and 8.1.6 there is an isomorphism
W L0 ! L1 which maps the
zeros of ma .x/ onto the zeros of .ma .x//.
Lemma 16.4.2. Let LjK be a nite extension with L L and L algebraically
closed. In particular L D K.a1 ; : : : ; an / where the ai are algebraic over K. Let
ki be the number of pairwise distinct zeros of the minimal polynomial mai of ai over
K.a1 ; : : : ; an1 / in L. Then there are exactly k1 ; : : : ; kn monomorphisms W L ! L
with jK D 1K .
Proof. From Theorem 16.4.1 there are exactly p1 monomorphisms W K.a1 / ! L
with jK equal to the identity on K. Each such has exactly p2 extensions of the
identity on K to K.a1 ; a2 /. We now continue in this manner.
Theorem 16.4.3. Let LjK be a eld extension with M an intermediate eld. If a 2 L
is separable over K then it is also separable over M .
Section 16.4 Separable Extensions
239
Proof. This follows directly from the fact that the minimal polynomial of a over M
divides the minimal polynomial of a over K.
(1) LjK is nite and separable.
(2) There are nitely many separable elements a1 ; : : : ; an over K with K D K.a1 ;
: : : ; an /.
(3) LjK is nite and if L L with L algebraically closed then there are exactly
L W K monomorphisms W L ! L with jK D 1K .
Proof. That (1) implies (2) follows directly from the denitions. We show then that
(2) implies (3). Let L D K.a1 ; : : : ; an / where a1 ; : : : ; an are separable elements
over K. The extension LjK is nite (see Theorem 5.3.4). Let pi be the number of
pairwise distinct zeros in L of the minimal polynomial mai .x/ D fi .x/ of ai over
K.a1 ; : : : ; ai1 /. Then pi deg.fi / D jK.a1 ; : : : ; ai / W K.a1 ; : : : ; ai 1 /j. Hence
pi D deg.fi .x// since ai is separable over K.a1 ; : : : ; ai 1 / from Theorem 16.4.3.
Therefore
L W K D p1 pn
is equal to the number of monomorphisms W L ! L with jK the identity on K.
Finally we show that (3) implies (1). Suppose then the conditions of (3). Since
LjK is nite there are nitely many a1 ; : : : ; an 2 L with L D K.a1 ; : : : ; an /. Let pi
and fi .x/ be as in the proof above and hence pi deg.fi .x//. By assumption we
have
L W K D p1 pn
equal to the number of monomorphisms W L ! L with jK the identity on K. Also
L W K D p1 pn deg.f1 .x// deg.fn .x// D L W K:
Hence pi D deg.fi .x//. Therefore by denition each ai is separable over K.
To complete the proof we must show that LjK is separable. Inductively it sufces
to prove that K.a1 /jK is separable over K whenever a1 is separable over K and not
in K.
This is clear if char.K/ D 0 because K is perfect. Suppose then that char.K/ D
p
p
p > 0. First we show that K.a1 / D K.a1 /. Certainly K.a1 / K.a1 /. Assume that
p
p
p
a1 K.a1 /. Then g.x/ D x a1 is the minimal polynomial of a1 over K. This
p
follows from the fact that x p a1 D .x a1 /p and hence there can be no irreducible
p
factor of x p a1 of the form .x a1 /m with m < p and mjp.
However it follows then in this case that g 0 .x/ D 0 contradicting the separability
p
of a1 over K. Therefore K.a1 / D K.a1 /.
p
Let E D K.a1 / then also E D K.E / where E p is the eld generated by the p-th
powers of E. Now let b 2 E D K.a1 /. We must show that the minimal polynomial
of b, say mb .x/, is separable over K.
240
Assume that mb .x/ is not separable over K. Then

mb .x/ D
k
X
bi x pi ;
bi 2 K; bk D 1
i D0
from Theorem 16.2.3. We have

b0 C b1 b p C C bk b pk D 0:
Therefore the elements 1; b p ; : : : ; b pk are linearly dependent over K. Since K.a1 / D
E D K.E p / we nd that 1; b; : : : ; b k are linearly dependent also since if they were
independent the p-th powers would also be independent. However this is not possible
since k < deg.mb .x//. Therefore mb .x/ is separable over K and hence K.a1 /jK is
separable. Altogether LjK is then nite and separable completing the proof.
Theorem 16.4.5. Let LjK be a eld extension and let M be an intermediate eld.
Then the following are equivalent.
(1) LjK is separable.
(2) LjM and M jK are separable.
Proof. We rst show that (1) ) (2): If LjK is separable then LjM is separable by
Theorem 16.4.3 and M jK is separable.
Now suppose (2) and let M jK and LjM be separable. Let a 2 L and let
ma .x/ D f .x/ D b0 C C bn1 x n1 C x n
be the minimal polynomial of a over M . Then f .x/ is separable. Let
M 0 D K.b1 ; : : : ; bn1 /:
We have K M 0 M and hence M 0 jK is separable since M jK is separable.
Further a is separable over M 0 since f .x/ is separable and f .x/ 2 M 0 x. From
Theorem 16.4.1 there are m D deg.f .x// D M 0 .a/ W M 0 extensions of W M 0 !
M with M the algebraic closure of M 0 .
Since M 0 jK is separable and nite there are M 0 W K monomorphisms W M 0 !
M from Theorem 16.4.4. Altogether there are M 0 .a/ W K monomorphisms W
M 0 ! M with jK the identity on K. Therefore M 0 .a/jK is separable from Theorem 16.4.4. Hence a is separable over K and then LjK is separable. Therefore (2)
implies (1).
Theorem 16.4.6. Let LjK be a eld extension and let S L such that all elements
of S are separable over K. Then K.S /jK is separable and KS D K.S /.
Section 16.5 Separability and Galois Extensions
241
Proof. Let W be the set of nite subsets of S. Let T 2 W . From Theorem 16.4.4 we
obtain that K.T /jK is separable. Since each element of K.S / is contained in some
K.T / we have that K.S /jK is separable. Since all elements of S are algebraic we
have that KS D K.S /,
Theorem 16.4.7. Let LjK be a eld extension. Then there exists in L a uniquely
determined maximal eld M with the property that M jK is separable. If a 2 L is
separable over M then a 2 M . M is called the separable hull of K in L.
Proof. Let S be the set of all elements in L which are separable over K. Dene
M D K.S /. Then M jK is separable from Theorem 16.4.6. Now, let a 2 L be
separable over M . Then M.a/jM is separable from Theorem 16.4.4. Further M.a/jK
is separable from Theorem 16.4.5. It follows that a 2 M .
16.5
Separability and Galois Extensions
We now completely characterize Galois extensions LjK as nite, normal, separable

extensions.
(1) LjK is a Galois extension.
(2) L is the splitting eld of a separable polynomial in Kx.
(3) LjK is nite, normal and separable.
Therefore we may characterize Galois extensions of a eld K as nite, normal and
separable extensions of K.
Proof. Recall from Theorem 8.2.2 that an extension LjK is normal if
(1) Ljk is algebraic and
(2) each irreducible polynomial f .x/ 2 Kx that has a zero in L splits into linear
factors in Lx.
Now suppose that LjK is a Galois extension. Then LjK is nite from Theorem 15.4.1. Let L D K.b1 ; : : : ; bm / and mbi .x/ D fi .x/ be the minimal polynomial
of bi over K. Let ai1 ; : : : ; ain be the pairwise distinct elements from
Hi D .bi / W 2 Aut.LjK/:
Dene
gi .x/ D .x ai1 / .x ain / 2 Lx:
If 2 Aut.LjK/ then .gi / D gi since permutes the elements of Hi . This means
that the coefcients of gi .x/ are in Fix.L; Aut.LjK// D K. Further gi .x/ 2 Kx
242
because bi is one of the aij and fi .x/jgi .x/. The group Aut.LjK/ acts transitively on
ai1 ; : : : ; ain by the choice of ai1 ; : : : ; ain . Therefore each gi .x/ is irreducible (see
Theorem 15.2.4). It follows that fi .x/ D gi .x/. Now fi .x/ has only simple zeros
in L, that is no zero has multiplicity 2 and hence fi .x/ splits over L. Therefore
L is a splitting eld of f .x/ D f1 .x/ fm .x/ and f .x/ is separable by denition.
Hence (1) implies (2).
Now suppose that L is a splitting eld of the separable polynomial f .x/ 2 Kx
and LjK is nite. From Theorem 16.4.4 we get that LjK is separable since L D
K.a1 ; : : : ; an / with each ai separable over K. Therefore LjK is normal from Denition 8.2.1. Hence (2) implies (3).
Finally suppose that LjK is nite, normal and separable. Since LjK is nite and
separable from Theorem 16.4.4 there exist exactly L W K monomorphisms W L !
L, L the algebraic closure of L, with jK the identity on K. Since LjK is normal
these monomorphisms are already automorphisms of L from Theorem 8.2.2. Hence
L W K jAut.LjK/j. Further jL W Kj jAut.LjK/j from Theorem 15.4.3.
Combining these we have L W K D Aut.LjK/ and hence LjK is a Galois extension
from Theorem 15.4.9. Therefore (3) implies (1) completing the proof.
Recall that any eld of characteristic 0 is perfect and therefore any nite extension
is separable. Applying this to Q implies that the Galois extensions of the rationals are
precisely the splitting elds of polynomials.
Corollary 16.5.2. The Galois extensions of the rationals are precisely the splitting
elds of polynomials in Qx.
Theorem 16.5.3. Let LjK be a nite, separable eld extension. Then there exists an
extension eld M of L such that M jK is a Galois extension.
Proof. Let L D K.a1 ; : : : ; an / with all ai separable over K. Let fi .x/ be the minimal polynomial of ai over K. Then each fi .x/ and hence also f .x/ D f1 .x/ fn .x/
is separable over K. Let M be the splitting eld of f .x/ over K. Then M jK is a
Galois extension from Theorem 16.5.1.
Example 16.5.4. Let K D Q bep
the rationals and let f .x/ D x 4 2 2 Qx. From
4
Chapter 8 we know that L D Q. 2; i/ is a splitting eld of f .x/. By the Eisenstein
criteria f .x/ is irreducible and L W Q D 8. Moreover
p
p
p
p
4
4
4
4
2; i 2; 2; i 2
are the zeros of f .x/. Since the rationals are perfect, f .x/ is separable. LjK is a
Galois extension by Theorem 16.5.1. From the calculations in Chapter 15 we have
jAut.LjK/j D jAut.L/j D L W K D 8:
243
Section 16.5 Separability and Galois Extensions
Let
G D Aut.LjK/ D Aut.LjQ/ D Aut.L/:
We want to determine the subgroup lattice of the Galois group G. We show G D4
the dihedral group of order 8. Since there are 4 zeros of f .x/ and G permutes these
G must be a subgroup of S4 and since the order is 8, G is a 2-Sylow subgroup of S4 .
From this we have that
G D h.2; 4/; .1; 2; 3; 4/i:
If we let D .2; 4/ and D .1; 2; 3; 4/ we get the isomorphism between G and D4 .
From Theorem 14.1.1 we know that D4 D hr; f I r 4 D f 2 D .rf /2 D 1i.
This can also be seen in the following manner. Let
a1 D
p
4
2;
a2 D i
p
4
2;
p
4
a3 D 2;
a4 D i
p
4
2:
p
Let 2 G. is determined if we know . 4 2/ and .i /. The possibilities for .i /
are i or i that is the zeros
of x 2 C 1.
p
4
The possibilities for 2 are the 4 zeros of f .x/ D x 4 2. Hence we have 8
possibilities for . These are exactly the elements of the group G. We have ; 2 G
with
p
p
4
4
. 2/ D i 2; .i/ D i
and
p
p
4
4
. 2/ D 2;
.i/ D i:
It is straightforward to show that has order 4, has order 2 and has order 2. These
dene a group of order 8 isomorphic to D4 and since G has 8 elements this must be
all of G.
We now look at the subgroup lattice of G and then the corresponding eld lattice.
Let and be as above. Then G has 5 subgroups of order 2
1; 2 ; 1; ; 1; ; 1; 2 ; 1; 3 :
Of these only 1; 2 is normal in G.
G has 3 subgroups of order 4
1; ; 2 ; 3 ; 1; 2 ; ; 2 ; 1; 2 ; ; 3
and all are normal since they all have index 2.
244
Hence we have the following subgroup lattice:
From this we construct the lattice of elds and intermediate elds. Since there are
10 proper subgroups of G, from the fundamental theorem of Galois theory there are
10 intermediate elds in LjQ namely the x elds Fix.L; H / where H is a proper
subgroup of G. In the identication the extension eld corresponding to the whole
group G is the ground eld Q (recall that the lattice of elds is the inverted lattice
of the subgroups), while the extension eld corresponding to the identity is the whole
eld L. We now consider the other proper subgroups. Let ; be as before.
p
so that
(1) Consider
M1 D Fix.L; 1; /. Now 1; xes Q. 4 2/ elementwise
p
p
4
4
Q. 2/ M1 . Further
p L W M1 D j1; j D 2 and hence L W Q. 2/ D 2.
Therefore M1 D Q. 4 2/.
(2) Consider M2 D Fix.L; 1; /. We have
p
p
p
4
4
4
. 2/ D .i 2/ D i 2
p
p
p
4
4
4
.i 2/ D . 2/ D 2
p
p
p
4
4
4
. 2/ D .i 2/ D i 2
p
p
p
4
4
4
.i 2/ D . 2/ D 2:
p
p
It follows that xes .1 i / 4 2 and hence M2 D Q..1 i / 4 2/.
(3) Consider M3 D Fix.L; 1; 2 . p
The map 2 interchanges a1 and a3 and xes
a2 and a4 . Therefore M3 D Q.i 4 2/.
245
Section 16.6 The Primitive Element Theorem
In an analogous manner we can then consider the other

p 5 proper subgroups
p and
corresponding intermediate elds. If we let b1 D .1 i / 4 2 and b2 D .1 C i / 4 2 we
get the following lattice of elds and subelds.
16.6
The Primitive Element Theorem
In this section we describe nite separable eld extensions as simple extensions. If

follows that a Galois extension is always a simple extension.
Theorem 16.6.1 (primitive element theorem). Let L D K.
1 ; : : : ;
n / and suppose
that each
i is separable over K. Then there exists a
0 2 L such that L D K.
0 /.
The element
0 is called a primitive element.
Proof. Suppose rst that K is a nite eld. Then L is also a nite eld and therefore
L? D h
0 i is cyclic. Therefore L D K.
0 / and the theorem is proved if K is a nite
eld.
Now suppose that K is innite. Inductively it sufces to prove the theorem for
n D 2. Hence let ; 2 L be separable over K. We must show that there exists a
2 L with K.; / D K.
/.
Let L be the splitting eld of the polynomial m .x/m .x/ over L where m .x/;
m .x/ are respectively the minimal polynomials of ; over K. In Lx we have
m .x/ D .x 1 /.x 2 / .x s / with D 1
m .x/ D .x 1 /.x 2 / .x t /
with D 1 :
By assumption the i and the j are respectively pairwise distinct.

For each pair .i; j / with 1 i s, 2 j t the equation
1 C z1 D i C zj
246
has exactly one solution z 2 L since j 1 0 if j 2. Since K is innite there

exists a c 2 K with
1 C c1 i C cj
for all i; j with 1 i s, 2 j t . With such a value c 2 K we dene
D C c D 1 C c1 :
We claim that K.; / D K.
/. It sufces to show that 2 K.
/ for then D
c 2 K.
/. This implies that K.; / K.
/ and since
2 K.; / it follows
that K.; / D K.
/.
To show that 2 K.
/ we rst dene f .x/ D m .
cx/ and let d.x/ D
gcd.f .x/; m .x//. We may assume that d.x/ is monic. We show that d.x/ D x .
Then 2 K.
/ since d.x/ 2 K.
/x.
Assume rst that d.x/ D 1. Then gcd.f .x/; m .x// D 1 and f .x/ and m .x/ are
also relatively prime in Lx. This is a contradiction since f .x/ and m .x/ have the
common zero 2 L and hence the common divisor x .
Therefore d.x/ 1 so deg.d.x// 1.
The polynomial d.x/ is a divisor of m .x/ and hence d.x/ splits into linear factors
of the form x j , 1 j t in Lx. The proof is completed if we can show that
no linear factor of the form x j with 2 j t is a divisor of f .x/. That is, we
must show that f .j / 0 in L if j 2.
Now f .j / D m .
cj / D m .1 C c1 cj /. Suppose that f .j / D 0 for
some j 2. This would imply that i D 1 Cc1 cj , that is, 1 Cc1 D j Ccj
for j 2. This contradicts the choice of the value c. Therefore f .j / 0 if j 2
In the above theorem it is sufcient to assume that n 1 of
1 ; : : : ;
n are separable
over K. The proof is similar. We only need that the 1 ; : : : ; t are pairwise distinct
if is separable over K to show that K.; / D K.
/ for some
2 L.
If K is a perfect eld then every nite extension is separable. Therefore we get the
following corollary.
Corollary 16.6.2. Let LjK be a nite extension with K a perfect eld. Then L D
K.
/ for some
2 L.
Corollary 16.6.3. Let LjK be a nite extension with K a perfect eld. Then there
exist only nitely many intermediate elds E with K E L.
Proof. Since K is a perfect eld we have L D K.
/ for some
2 L. Let m .x/ 2
Kx be the minimal polynomial of
over K and let L be the splitting eld of m .x/
over K. Then LjK is a Galois extension and hence there are only nitely many
intermediate elds between K and L. Therefore also only nitely many between K
and L.
247
Suppose that LjK is algebraic. Then in general L D K.

/ for some
2 L if and
only if there exist only nitely many intermediate elds E with K E L.
This condition on intermediate elds implies that LjK is nite if LjK is algebraic.
Hence we have proved this result in the case that K is perfect. The general case is
discussed in the book of S. Lang [8].
16.7
Exercises
1. Let f .x/ D x 4 8x 3 C 24x 2 32x C 14 2 Qx and let v 2 C be a zero of f .

Let WD v.4 v/ and K a splitting eld of f over Q. Show:
(i) f is irreducible over Q and f .x/ D f .4 x/.
(ii) There is exactly one automorphism of Q.v/ with .v/ D 4 v.
(iii) L WD Q./ is the Fix eld of and jL W Qj D 2.
(iv) Determine the minimal polynomial of over Q and determine .
(v) jQ.v/ W Lj D 2 and determine the minimal polynomial of v over L and
determine v and all other zeros of f .x/.
(vi) Determine the degree of jK W Qj.
(vii) Determine the structure of Aut.KjQ/.
2. Let LjK be a eld extension and f 2 Kx a separable polynomial. Let Z be
a splitting eld of f over L and Z0 a splitting eld of f over K. Show that
Aut.ZjL/ is isomorphic to a subgroup of Aut.Z0 jK/.
3. Let LjK be a eld extension and v 2 L. For each element c 2 K it is K.v C c/ D
K.v/. For c 0 it is K.cv/ D K.v/.
p
p
p
p
presentable as a
4. Let v D 2 C 3 and let K D Q.v/. Show that 2 and 3parep
Q-linear combination of 1; v; v 2 ; v 3 . Conclude that K D Q. 2; 3/.
5. Let L be the splitting eld of x 3 5 over Q in C. Determine a primitive element
t of L over Q.
Chapter 17
Applications of Galois Theory
17.1
Applications of Galois Theory
As we mentioned in Chapter 1 Galois theory was originally developed as part of the

proof that polynomial equations of degree 5 or higher over the rationals cannot be
solved by formulas in terms of radicals. In this chapter we do this rst and prove the
insolvability of the quintic by radicals. To do this we must examine in detail what we
call radical extensions.
We then return to some geometric material we started in Chapter 6. There using
general eld extensions we proved the impossibility of certain geometric compass
and straightedge constructions. Here we use Galois theory to consider constructible
n-gons.
Finally we will use Galois theory to present a proof of the fundamental theorem
of algebra which says essentially that the complex number eld C is algebraically
closed.
17.2
Field Extensions by Radicals
We would like to use Galois theory to prove the insolvability by radicals of polynomial
equations of degree 5 or higher. To do this we must introduce extensions by radicals
and solvability by radicals.
Denition 17.2.1. Let LjK be a eld extension.
(1) Each zero of a polynomial x n a 2 Kx in L is called a radical (over K). We
p
denote it by n a (if a more detailed identication is not necessary).
p
(2) L is called a simple extension of K by a radical if L D K. n a/ for some a 2 K.
(3) L is called an extension of K by radicals if there is a chain of elds
K D L 0 L 1 Lm D L
such that each Li is a simple extension of Li 1 by a radical for each i D
1; : : : ; m.
(4) Let f .x/ 2 Kx. Then the equation f .x/ D 0 is solvable by radicals or just
solvable if the splitting eld of f .x/ over K is contained in an extension of K
by radicals.
249
Section 17.2 Field Extensions by Radicals
In proving the insolvability of the quintic we will look for necessary and sufcient
conditions for the solvability of polynomial equations. Our main result will be that if
f .x/ 2 Kx then f .x/ D 0 is solvable over K if the Galois group of the splitting
eld of f .x/ over K is a solvable group (see Chapter 11).
In the remainder of this section we assume that all elds have characteristic zero.
The next theorem gives a characterization of simple extensions by radicals.
Theorem 17.2.2. Let LjK be a eld extension and n 2 N. Assume that the polynomial x n 1 splits into linear factors in Kx so that K contains all the n-th roots of
p
unity. Then L D K. n a/ for some a 2 K if and only if L is a Galois extension over
K and Aut.LjK/ D Z=mZ for some m 2 N with mjn.
Proof. The n-th roots of unity, that is the zeros of the polynomial x n 1 2 Kx,
form a cyclic multiplicative group F K ? of order n since each nite subgroup of
the multiplicative group K ? of K is cyclic and jF j D n. We call an n-th root of unity
! primitive if F D h!i.
p
Now let L D K. n a/ with a 2 K, that is, L D K./ with n D a 2 K. Let ! be
a primitive n-th root of unity. With this the elements !; ! 2 ; : : : ; ! n D are
zeros of x n a. Hence the polynomial x n a splits into linear factors over L and
hence L D K./ is a splitting eld of x n a over K. It follows that LjK is a Galois
extension.
Let 2 Aut.LjK/. Then ./ D ! for some 0 < n. The element ! is
uniquely determined by and we may write ! D ! .
Consider the map W Aut.LjK/ ! F given by ! ! where ! is dened as
above by ./ D ! . If ; 2 Aut.LjK/ then
./ D .! / ./ D ! !
because ! 2 K.
Therefore . / D . /. / and hence is a homomorphism. The kernel ker./
contains all the K-automorphisms of L for which ./ D . However since K D
K./ it follows that ker./ contains only the identity. The Galois group Aut.LjK/ is
therefore isomorphic to a subgroup of F . Since F is cyclic of order n we have that
Aut.LjK/ is cyclic of order m for some mjn completing one way in the theorem.
Conversely rst suppose that LjK is a Galois extension with Aut.LjK/ D Zn a
cyclic group of order n. Let be a generator of Aut.LjK/. This is equivalent to
Aut.LjK/ D ; 2 ; : : : ; n D 1:
Let ! be a primitive n-th root of unity. Then by assumption ! 2 K, .!/ D !
and F D !; ! 2 ; : : : ; ! n D 1. Further the pairwise distinct automorphism ,
D 1; 2; : : : ; n, of L are linearly independent, that is there exists an 2 L such that
!?D
n
X
D1
! ./ 0:
250
Chapter 17 Applications of Galois Theory
The element ! ? is called the Lagrange resolvent of ! by . We x such an element

2 L. Then we get, since .!/ D !,
.! ? / D
n
X
C1
D1
D ! 1
./ D !
1
n
X
C1 C1
./ D !
D1
n
X
1
nC1
X
! ./
D2
! ./ D ! 1 .! ? /:
D1
Further .! ? / D ! .! ? /, D 1; 2; : : : ; n. Hence the only K-automorphism

of L which xes ! ? is the identity. Therefore Aut.LjK.! ? // D 1 and hence
L D K.! ? / by the fundamental theorem of Galois theory.
Further
..! ? /n / D . .! ? //n D .! 1 .! ? //n D ! n .! ? /n D .! ? /n :
Therefore .! ? /n 2 Fix.L; Aut.LjK// D K again from the fundamental theorem
p
of Galois theory. If a D .! ? /n 2 K then rst a 2 K and second L D K. n a/ D
K.! ? /. This proves the result in the case where m D n. We now use this to prove
it in general.
Suppose that LjK is a Galois extension with Aut.LjK/ D Zm a cyclic
p group of
m
order m where n D q m for some q 1. If n D q m then L D K. b/ for some
b 2 K by the above argument. Hence L D K./ with m 2 K. Then certainly
p
a D n D . m /q 2 K and therefore L D K./ D K. n a/ for some a 2 K
completing the general case.
We next show that every extension by radicals is contained in a Galois extension by
radicals.
Theorem 17.2.3. Each extension L of K by radicals is contained in a Galois extension LQ of K by radicals. This means that there is an extension LQ of K by radicals
Q
with L LQ and LjK
is a Galois extension.
Proof. We use induction on the degree m D L W K. Suppose that m D 1. If
p
L D K. n a/ then if ! is a primitive n-th root of unity dene KQ D K.!/ and LQ D
p
Q
Q n a/. We then get the chain K KQ LQ with L LQ and LjK
is a Galois
K.
extension. This last statement is due to the fact that LQ is the splitting eld of the
polynomial x n a 2 Kx over K. Hence the theorem is true if m D 1.
Now suppose that m 2 and suppose that the theorem is true for all extensions F
of K by radicals with F W K < m.
Since m 2 by the denition of extension by radicals there exists a simple extension LjE by a radical. That is there exists a eld E with
K E L;
L W E 2
Section 17.2 Field Extensions by Radicals
251
p
and L D E. n a/ for some a 2 E; n 2 N. Now E W K < m so be the inductive
Q Let G D
hypothesis there exists a Galois extension by radicals EQ of K with E E.
Q
Aut.EjK/
and let LQ be the splitting eld of the polynomial f .x/ D ma .x n / 2 Kx
over EQ where ma .x/ is the minimal polynomial of a over K. We show that LQ has the
desired properties.
p
Q Therefore LQ
Now n a 2 L is a zero of the polynomial f .x/ and E EQ L.
p
n
contains an E-isomorphic image of L D K. a/ and hence we may consider LQ as an
extension of L.
Since EQ is a Galois extension of K the polynomial f .x/ may be factored as
f .x/ D .x n 1 / .x n s /
Q Therefore
with i 2 EQ for i D 1; : : : ; s. All zeros of f .x/ in LQ are radicals over E.
Q
Q
Q
L is an extension by radicals of E. Since E is also an extension by radicals of K we
obtain that LQ is an extension by radicals of K.
Since EQ is a Galois extension of K we have that EQ is a splitting eld of a polynomial
Q is a splitting eld of f .x/ 2 Kx over E.
Q Altogether then
g.x/ 2 Kx. Further L
Q
we have that L is a splitting eld of f .x/g.x/ 2 Kx over K. Therefore LQ is a
Galois extension of K completing the proof.
We will eventually show that a polynomial equation is solvable by radicals if and
only if the corresponding Galois group is a solvable group. We now begin to nd
conditions where the Galois group is solvable.
Lemma 17.2.4. Let K D L0 L1 Lr D L be a chain of elds such that
the following hold:
(i) L is a Galois extension of K.
(ii) Lj is a Galois extension of Lj 1 for j D 1; : : : ; r.
(iii) Gj D Aut.Lj jLj 1 / is abelian for j D 1; : : : ; r.
Then G D Aut.LjK/ is solvable.
Proof. We prove the lemma by induction on r. If r D 0 then G D 1 and there is
nothing to prove. Suppose then that r 1 and assume that the lemma holds for all
such chains of elds with a length r 0 < r. Since L1 jK is a Galois extension then
Aut.L1 jK/ is a normal subgroup of G by the fundamental theorem of Galois theory
and further
G1 D Aut.L1 jK/ D G= Aut.LjL1 /:
Since G1 is an abelian group it is solvable and by assumption Aut.LjL1 / is solvable.
Therefore G is solvable (see Theorem 12.2.4).
Lemma 17.2.5. Let LjK be a eld extension. Let KQ and LQ be the splitting elds of
the polynomial x n 1 2 Kx over K and L respectively. Since K L we have
Q Then the following hold:
KQ L.
252
Q
Q
(1) If 2 Aut.LjL/
then jKQ 2 Aut.KjK/
and the map
Q
Q
Aut.LjL/
! Aut.KjK/
given by 7! jKQ
is an injective homomorphism.
Q
(2) Suppose that in addition LjK is a Galois extension. Then LjK
is also a Galois
Q
Q
extension. If further 2 Aut.LjK/ then jL 2 Aut.LjK/ and
Q K/
Q ! Aut.LjK/ given by 7! jL
Aut.Lj
is an injective homomorphism.
Proof. (1) Let ! be a primitive n-th root of unity. Then KQ D K.!/ and LQ D L.!/.
Q
Each 2 Aut.LjL/
maps ! onto a primitive n-th root of unity and xes K L
Q
Q
Certainly
elementwise. Hence from 2 Aut.LjL/
we get that jKQ 2 Aut.KjK/.
Q
Q
the map 7! jKQ denes a homomorphism Aut.LjL/ ! Aut.KjK/. Let jKQ D 1
Q
with 2 Aut.LjL/.
Then .!/ D ! and therefore we have already that D 1 since
Q
L D L.!/.
(2) If L is the splitting eld of a polynomial g.x/ over K then LQ is the splitting eld
Q
of g.x/.x n 1/ over K. Hence LjK
is a Galois extension. Therefore K L LQ
Q
Q
and LjK; LjL and LjK are all Galois extensions. Therefore from the fundamental
theorem of Galois theory
Q
Aut.LjK/ D jL I 2 Aut.LjK/:
Q K/.
Q Certainly the map Aut.Lj
Q K/
Q !
In particular jL 2 Aut.LjK/ if 2 Aut.Lj
Q K/
Q we get that
Aut.LjK/ given by 7! jL is a homomorphism. From 2 Aut.Lj
.!/ D ! where as above ! is a primitive n-th root of unity. Therefore if jL D 1
Q D L.!/. Hence the map is injective.
then already D 1 since L
17.3
Cyclotomic Extensions
Very important in the solvability by radicals problem are the splitting elds of the
polynomials x n 1 over Q. These are called cyclotomic elds.
Denition 17.3.1. The splitting eld of the polynomial x n 1 2 Qx with n 2 is
called the n-th cyclotomic eld denoted kn .
We have kn D Q.!/ where ! is a primitive n-th root of unity, for example ! D
over Q. kn jQ is a Galois extension and the Galois group Aut.kn jQ/ is the set
e
of automorphisms m W ! ! ! m with 1 m n and gcd.m; n/ D 1.
To understand this group G we need the following concept. A prime residue class
mod n is a residue class a C nZ with gcd.a; n/ D 1. The set of the prime residue
2 i
n
Section 17.4 Solvability and Galois Extensions
253
classes mod n is just the set of invertible elements with respect to multiplication of
the Z=nZ. This forms a multiplicative group that we denote by .Z=nZ/? D Pn . We
have jPn j D .n/ where .n/ is the Euler phi-function.
If G D Aut.kn jQ/ then clearly G Pn under the map m 7! m C nZ.
If n D p is a prime number then G D Aut.kn jQ/ is cyclic with jGj D p 1.
If n D p 2 then jGj D jAut.kp 2 jQ/j D p.p 1/ since
x p 1 x 1
D x p.p1/ C x p.p1/1 C C 1
x 1 xp 1
2
and each primitive p-th root of unity is a zero of this polynomial.

Lemma 17.3.2. Let K be a eld and KQ be the splitting eld of x n 1 over K. Then
Q
Aut.KjK/
is abelian.
Proof. We apply Lemma 17.2.5 for the eld extension KjQ. This can be done since
Q
the characteristic of K is zero and Q is the prime eld of K. It follows that Aut.KjK/
Q
Q D kn
is isomorphic to a subgroup of Aut.QjQ/
from part (1) of Lemma 17.2.5. But Q
Q
Q
and hence Aut.QjQ/
is abelian. Therefore Aut.KjK/
is abelian.
17.4
Solvability and Galois Extensions
In this section we prove that solvability by radicals is equivalent to the solvability of

the Galois group.
Theorem 17.4.1. Let LjK be a Galois extension of K by radicals. Then G D
Aut.LjK/ is a solvable group.
Proof. Suppose that LjK is a Galois extension. Then we have a chain of elds
K D L0 L1 Lr D L
p
such that Lj D Lj 1 . nj aj / for some aj 2 Lj . Let n D n1 nr and let LQ j be
the splitting eld of the polynomial x n 1 2 Kx over Lj for each j D 0; 1; : : : ; r.
p
Q j 1 . nj aj / and we get the chain
Qj D L
Then L
Q0 L
Q 1 LQ r D L:
Q
K KQ D L
Q
From part (2) of Lemma 17.2.5 we get that LjK
is a Galois extension. Further
Q
Q
Q
Q
Lj jLj 1 is a Galois extension with Aut.Lj jLj 1 / cyclic from Theorem 17.2.2. EspeQ j 1 / is abelian. The group Aut.KjK/
Q
Q j jL
is abelian from Lemma 17.3.2.
cially Aut.L
Therefore we may apply Lemma 17.2.4 to the chain
Q 0 LQ r D L:
Q
K KQ D L
254
Q
Therefore GQ D Aut.LjK/
is solvable. The group G D Aut.LjK/ is a homomorphic
Q
image of G from the fundamental theorem of Galois theory. Since homomorphic
images of solvable groups are still solvable (see Theorem 12.2.3) it follows that G is
solvable.
Lemma 17.4.2. Let LjK be a Galois extension and suppose that G D Aut.LjK/ is
solvable. Assume further that K contains all q-th roots of unity for each prime divisor
q of m D L W K. Then L is an extension of K by radicals.
Proof. Let LjK be a Galois extension and suppose that G D Aut.LjK/ is solvable
and assume that K contains all the q-th roots of unity for each prime divisor q of
m D L W K. We prove the result by induction on m.
If m D 1 then L D K and the result is clear. Now suppose that m 2 and assume
that the result holds for all Galois extensions L0 jK 0 with L0 W K 0 < m. Now G D
Aut.LjK/ is solvable and G is nontrivial since m 2. Let q be a prime divisor of m.
From Lemma 12.2.2 and Theorem 13.3.5 it follows that there is a normal subgroup
H of G with G=H cyclic of order q. Let E D Fix.L; H /. From the fundamental
theorem of Galois theory EjK is a Galois extension with Aut.EjK/ G=H and
hence Aut.EjK/ is cyclic of order q. From Theorem 17.2.2 EjK is a simple extension
of K by a radical. The proof is completed if we can show that L is an extension of E
by radicals.
The extension LjE is a Galois extension and the group Aut.LjE/ is solvable since
it is a subgroup of G D Aut.LjK/. Each prime divisor p of L W E is also a prime
divisor of m D L W K by the degree formula. Hence as an extension of K the eld
E contains all the p-th roots of unity. Finally
L W E D
m
L W K
D
< m:
E W K
q
Therefore LjE is an extension of E by radicals from the inductive assumption completing the proof.
17.5
The Insolvability of the Quintic
We are now able to prove the insolvability of the quintic. This is one of the most
important applications of Galois theory. As we mentioned we do this by equating the
solvability of a polynomial equation by radicals to the solvability of the Galois group
of the splitting eld of this polynomial.
Theorem 17.5.1. Let K be a eld of characteristic 0 and let f .x/ 2 Kx. Suppose
that L is the splitting eld of f .x/ over K. Then the polynomial equation f .x/ D 0
is solvable by radicals if and only if Aut.LjK/ is solvable.
Section 17.5 The Insolvability of the Quintic
255
Proof. Suppose rst that f .x/ D 0 is solvable by radicals. Then L is contained in

an extension L0 of K by radicals. Hence L is contained in a Galois extension LQ of
Q
K by radicals from Theorem 17.2.3. The group GQ D Aut.LjK/
is solvable from
Theorem 17.4.1. Further LjK is a Galois extension. Therefore the Galois group
Q
Aut.LjK/ is solvable as a subgroup of G.
Conversely suppose that the group Aut.LjK/ is solvable. Let q1 ; : : : ; qr be the
prime divisors of m D K W K and let n D q1 qr . Let KQ and LQ be the splitting
Q
elds of the polynomial x n 1 2 Kx over K and L respectively. We have KQ L.
Q
Q
Q
From part (2) of Lemma 17.2.5 we have that LjK is a Galois extension and Aut.LjK/
Q D
is isomorphic to a subgroup of Aut.LjK/. From this we rst obtain that LQ W K
Q
Q
jAut.LjK/j is a divisor of L W K D jAut.LjK/j. Hence each prime divisor q of
Q is also a prime divisor of L W K. Therefore LQ is an extension by radicals
LQ W K
of KQ by Lemma 17.4.2. Since KQ D K.!/ where ! is a primitive n-th root of unity
we obtain that LQ is also an extension of K by radicals. Therefore L is contained in an
extension LQ of K by radicals and therefore f .x/ D 0 is solvable by radicals.
Corollary 17.5.2. Let K be a eld of characteristic 0 and let f .x/ 2 Kx be a
polynomial of degree m with 1 m 4. Then the equation f .x/ D 0 is solvable by
radicals.
Proof. Let L be the splitting eld of f .x/ over K. The Galois group Aut.LjK/ is
isomorphic to the subgroup of the symmetric group Sm . Now the group S4 is solvable
via the chain
1 Z2 D2 A4 S4
where Z2 is the cyclic group of order 2 and D2 is the Klein 4-group which is isomorphic to Z2 Z2 . Because Sm S4 for 1 m 4 it follows that Aut.LjK/ is
solvable. From Theorem 17.5.1 the equation f .x/ D 0 is solvable by radicals.
Corollary 17.5.2 uses the general theory to show that any polynomial equation of
degree less than or equal to 4 is solvable by radicals. This however does not provide
explicit formulas for the solutions. We present these below.
Let K be a eld of characteristic 0 and let f .x/ 2 Kx be a polynomial of degree
m with 1 m 4.
Case (1): If deg.f .x// D 1 then f .x/ D ax C b with a; b 2 K and a 0. A zero
is then given by k D ab .
Case (2): If deg.f .x// D 2 then f .x/ D ax 2 C bx C c with a; b; c 2 K and
a 0. The zeros are then given by the quadratic formula
p
b b 2 4ac
:
kD
2a
We note that the quadratic formula holds over any eld of characteristic not equal to 2.
Whether there is a solution within the eld K then depends on whether b 2 4ac has
a square root within K.
256
For the cases of degrees 3 and 4 we have the general forms of what are known as
Cardanos formulas.
Case (3): If deg.f .x// D 3 then f .x/ D ax 3 C bx 2 C cx C d with a; b; c; d 2 K
and a 0. Dividing through by a we may assume without loss of generality that
a D 1.
By a substitution x D y b3 the polynomial is transformed into
g.y/ D y 3 C py C q 2 Ky:
Let L be the splitting eld of g.y/ over K and let 2 L be a zero of g.y/ so that
3 C p C q D 0:
If p D 0 then D
p
3
q so that g.y/ has the three zeros

p
3
q;
p
3
q;
!2
p
3
q
where ! is a primitive third root of unity, ! 3 D 1 with ! ! 2 .

Now let p 0 and let be a zero of x 2 x p3 in a suitable extension L0 of L.
p
. Putting this into the transformed
We have 0 since p 0. Hence D 3
cubic equation
3 C p C q D 0
we get
3
p3
C q D 0:
27 3
Dene
D 3 and D . p
/3 so that
3
C C q D 0:
Then
3
p
D 0 and
C q

3
2
p3

C C q D 0 and
27
Hence the zeros of the polynomial

3
p
x C qx
3
2
are
s
2 3
p
q
q
C
:
; D
2
2
3
3
p
D 0:
C q
3
2
257
Section 17.5 The Insolvability of the Quintic
If we have
D then both are equal to q2 and
s
2 3
p
q
C
D 0:
2
3
Then from the denitions of
; we have
D 3 and D . p
/3 . From above
3
p
D 3 . Therefore we get by nding the cube roots of
and .
There are certain possibilities and combinations with these cube roots but because
of the conditions the cube roots of
and are not independent. We must satisfy the
condition
p
p
p
p
3
3 D
D :
3
3
Therefore we get the nal result:
The zeros of g.y/ D y 3 C py C q with p 0 are
u C v;
!u C ! 2 v;
! 2 u C !v
where ! is a primitive third root of unity and

v
s
u
2 3
u q
p
q
t
C
and v D
uD 3 C
2
2
3
v
s
u
2 3
u q
p
q
t
C
:

3
2
2
3
The above is known as the cubic formula or Cardanos formula.

Case (4): If deg.f .x// D 4 then f .x/ D ax 4 C bx 3 C cx 2 C dx C e with
a; b; c; d; e 2 K and a 0. Dividing through by a we may assume without loss of
generality that a D 1.
b
By a substitution x D y 4a
the polynomial f .x/ is transformed into
g.y/ D y 4 C py 2 C qy C r:
The zeros of g.y/ are
p
p
1 p
y1 D . 1 C 2 C 3 /
2
p
p
1 p
y2 D . 1 2 3 /
2
p
p
1 p
y3 D . 1 C 2 3 /
2
p
p
1 p
y4 D . 1 2 C 3 /
2
where 1 ; 2 ; 3 are the zeros of the cubic polynomial
h.z/ D z 3 C 2pz C .p 2 4r/z q 2 2 Qz:
258
The polynomial h.z/ is called the cubic resolvent of g.y/. For a detailed proof of the
case where m D 4 see [8].
The following theorem is due to Abel and shows the insolvability of the general
degree 5 polynomial over the rationals Q.
Theorem 17.5.3. Let L be the splitting eld of the polynomial f .x/ D x 5 2x 4 C2 2
Qx over Q. Then Aut.LjK/ D S5 the symmetric group on 5 letters. Since S5 is not
solvable the equation f .x/ D 0 is not solvable by radicals.
Proof. The polynomial f .x/ is irreducible over Q by the Eisenstein criterion. Further
f .x/ has ve zeros in the complex numbers C by the fundamental theorem of algebra
(see Section 17.7). We claim that f .x/ has exactly 3 real zeros and 2 nonreal zeros
which then necessarily are complex conjugates. In particular the 5 zeros are pairwise
distinct.
To see the claim notice rst that f .x/ has at least 3 real zeros from the intermediate
value theorem. As a real function f .x/ is continuous and f .1/ D 1 < 0 and
f .0/ D 2 > 0 so it must have a real zero between 1 and 0. Further f . 32 / D
81
3 < 0 and f .2/ D 2 > 0. Hence there must be distinct real zeros between 0
and 32 and between 32 and 2. Suppose that f .x/ has more than 3 real zeros. Then
f 0 .x/ D x 3 .5x 8/ has at least 3 pairwise distinct real zeros from Rolles theorem.
But f 0 .x/ clearly has only 2 real zeros so this is not the case. Therefore f .x/ has
exactly 3 real zeros and hence 2 nonreal zeros that are complex conjugates.
Let L be the splitting eld of f .x/. The eld L lies in C and the restriction of the
map W z 7! z of C to L maps the set of zeros of f .x/ onto themselves. Therefore
is an automorphism of L. The map xes the 3 real zeros and transposes the 2 nonreal
zeros. From this we now show that Aut.LjQ/ D Aut L D G D S5 the full symmetric
group on 5 symbols. Clearly G S5 since G acts as a permutation group on the 5
zeros of f .x/.
Since transposes the 2 nonreal roots, G (as a permutation group) contains at least
one transposition. Since f .x/ is irreducible G acts transitively on the zeros of f .x/.
Let x0 be one of the zeros of f .x/ and let Gx0 be the stabilizer of x0 . Since G acts
transitively x0 has ve images under G and therefore the index of the stabilizer must
be 5 (see Chapter 10).
5 D G W Gx0
which by Lagranges theorem must divide the order of G. Therefore from the
Sylow theorems G contains an element of order 5. Hence G contains a 5-cycle and
a transposition and therefore by Theorem 11.4.3 it follows that G D S5 . Since S5 is
not solvable it follows that f .x/ cannot be solved by radicals.
Since Abels theorem shows that there exists a degree 5 polynomial that cannot be
solved by radicals it follows that there can be no formula like Cardanos formula in
terms of radicals for degree 5.
Section 17.6 Constructibility of Regular n-Gons
259
Corollary 17.5.4. There is no general formula for solving by radicals a fth degree
polynomial over the rationals.
We now show that this result can be further extended to any degree greater than 5.
Theorem 17.5.5. For each n 5 there exist polynomials f .x/ 2 Qx of degree n
for which the equation f .x/ D 0 is not solvable by radicals.
Proof. Let f .x/ D x n5 .x 5 2x 4 C2/ and let L be the splitting eld of f .x/ over Q.
Then Aut.LjQ/ D Aut.L/ contains a subgroup that is isomorphic to S5 . It follows
that Aut.L/ is not solvable and therefore the equation f .x/ D 0 is not solvable by
radicals.
This immediately implies the following.
Corollary 17.5.6. There is no general formula for solving by radicals polynomial
equations over the rationals of degree 5 or greater.
17.6
Constructibility of Regular n-Gons
In Chapter 6 we considered certain geometric material related to eld extensions.

There, using general eld extensions, we proved the impossibility of certain geometric compass and straightedge constructions. In particular there were four famous insolvable (to the Greeks) construction problems. The rst is the squaring of the circle.
This problem is, given a circle, to construct using straightedge and compass a square
having area equal to that of the given circle. The second is the doubling of the cube.
This problem is given a cube of given side length, to construct, using a straightedge
and compass, a side of a cube having double the volume of the original cube. The
third problem is the trisection of an angle. This problem is to trisect a given angle
using only a straightedge and compass. The nal problem is the construction of a
regular n-gon. This problems asks which regular n-gons could be constructed using
only straightedge and compass. In Chapter 6 we proved the impossibility of the rst
3 problems. Here we use Galois theory to consider constructible n-gons.
Recall that a Fermat number is a positive integer of the form
n
Fn D 22 C 1;
n D 0; 1; 2; 3; : : : :
If a particular Fm is prime it is called a Fermat prime.

Fermat believed that all the numbers in this sequence were primes. In fact F0 ; F1 ;
F2 ; F3 ; F4 are all prime but F5 is composite and divisible by 641 (see exercises). It is
still an open question whether or not there are innitely many Fermat primes. It has
been conjectured that there are only nitely many. On the other hand if a number of
260
the form 2n C 1 is a prime for some integer n then it must be a Fermat prime that is n
must be a power of 2.
We rst need the following.
Theorem 17.6.1. Let p D 2n C 1, n D 2s with s 0 be a Fermat prime. Then there
exists a chain of elds
Q D L0 L1 Ln D kp
where kp is the p-th cyclotomic eld such that
Lj W Lj 1 D 2
for j D 1; : : : ; n.
Proof. The extension kp jQ is a Galois extension and kp W Q D p 1. Further
Aut.kp / is cyclic of order p 1 D 2n . Hence there is a chain of subgroups
1 D Un Un1 U0 D Aut.kp /
with Uj 1 W Uj D 2 for j D 1; : : : ; n. From the fundamental theorem of Galois
theory the elds Lj D Fix.kp ; Uj / with j D 0; : : : ; n have the desired properties.
The following corollaries describe completely the constructible n-gons tying them
to Fermat primes.
Corollary 17.6.2. Consider the numbers 0; 1, that is a unit line segment or a unit
circle. A regular p-gon with p 3 prime is constructible from 0; 1 using a straights
edge and compass if and only if p D 22 C 1; s 0 is a Fermat prime.
Proof. From Theorem 6.3.13 we have that if a regular p-gon is constructible with a
straightedge and compass then p must be a Fermat prime. The sufciency follows
from Theorem 17.6.1.
We now extend this to general n-gons. Let m; n 2 N. Assume that we may construct from 0; 1 a regular n-gon and a regular m-gon. In particular this means that
2
2
2
we may construct the real numbers cos. 2
n /; sin. n /; cos. m / and sin. m /. If the
gcd.m; n/ D 1 then we may construct from 0; 1 a regular mn-gon.
To see this notice that

2
2.n C m/
2
2
2
2
2
C
D cos
D cos
cos
sin
sin
cos
n
m
nm
n
m
n
m
and

2
2.n C m/
2
2
2
2
2
sin
D sin
D sin
cos
C cos
sin
:
C
n
m
nm
n
m
n
m
261
2
2
Therefore we may construct from 0; 1 the numbers cos. mn
/ and sin. mn
/ because
gcd.n C m; mn/ D 1. Therefore we may construct from 0; 1 a regular mn-gon.
Now let p 3 be a prime. Then kp2 W Q D p.p 1/ which is not a power
of 2. Therefore from 0; 1 it is not possible to construct a regular p 2 -gon. Hence
altogether we have the following.
Corollary 17.6.3. Consider the numbers 0; 1, that is a unit line segment or a unit
circle. A regular n-gon with n 2 N is constructible from 0; 1 using a straightedge
and compass if and only if
(i) n D 2m , m 0 or
(ii) p D 2m p1 p2 pr , m 0 and the pi are pairwise distinct Fermat primes.
Proof. Certainly we may construct a 2m -gon. Further if r; s 2 N with gcd.r; s/ D 1
and if we can construct a regular rs-gon then clearly we may construct a regular r-gon
and a regular s-gon.
17.7
The fundamental theorem of algebra is one of the most important algebraic results.
This says that any nonconstant complex polynomial must have a complex zero. In
the language of eld extensions this says that the eld of complex numbers C is
algebraically closed. There are many distinct and completely different proofs of this
result. In [3] twelve proofs were given covering a wide area of mathematics. In this
section we use Galois theory to present a proof. Before doing this we briey mention
some of the history surrounding this theorem.
The rst mention of the fundamental theorem of algebra, in the form that every
polynomial equation of degree n has exactly n roots, was given by Peter Roth of
Nurnberg in 1608. However its conjecture is generally credited to Girard who also
stated the result in 1629. It was then more clearly stated by Descartes in 1637 who
also distinguished between real and imaginary roots. The rst published proof of the
fundamental theorem of algebra was then given by DAlembert in 1746. However
there were gaps in DAlemberts proof and the rst fully accepted proof was that
given by Gauss in 1797 in his Ph.D. thesis. This was published in 1799. Interestingly
enough, in reviewing Gauss original proof, modern scholars tend to agree that there
are as many holes in this proof as in DAlemberts proof. Gauss, however, published
three other proofs with no such holes. He published second and third proofs in 1816
while his nal proof, which was essentially another version of the rst, was presented
in 1849.
Theorem 17.7.1. Each nonconstant polynomial f .x/ 2 Cx, where C is the eld of
complex numbers, has a zero in C. Therefore C is an algebraically closed eld.
262
Proof. Let f .x/ 2 Cx be a nonconstant polynomial and let K be the splitting eld
of f .x/ over C. Since the characteristic of the complex numbers C is zero this will
be a Galois extension of C. Since C is a nite extension of R this eld K would also
be a Galois extension of R. The fundamental theorem of algebra asserts that K must
be C itself, and hence the fundamental theorem of algebra is equivalent to the fact
that any nontrivial Galois extension of C must be C.
Let K be any nite extension of R with jK W Rj D 2m q; .2; q/ D 1. If m D 0, then
K is an odd-degree extension of R. Since K is separable over R, from the primitive
element theorem it is a simple extension, and hence K D R./, where the minimal
polynomial m .x/ over R has odd degree. However, odd-degree real polynomials
always have a real root, and therefore m .x/ is irreducible only if its degree is one.
But then 2 R and K D R. Therefore, if K is a nontrivial nite extension of R
of degree 2m q we must have m > 0. This shows more generally that there are no
odd-degree nite extensions of R.
Suppose that K is a degree 2 extension of C. Then K D C./ with deg m .x/ D 2
where m .x/ is the minimal polynomial of over C. But from the quadratic formula
complex quadratic polynomials always have roots in C so a contradiction. Therefore,
C has no degree 2 extensions.
Now, let K be a Galois extension of C. Then K is also Galois over R. Suppose
jK W Rj D 2m q, .2; q/ D 1. From the argument above we must have m > 0. Let
G D Gal.K=R/ be the Galois group. Then jGj D 2m q, m > 0, .2; q/ D 1. Thus G
has a 2-Sylow subgroup of order 2m and index q (see Theorem 13.3.4). This would
correspond to an intermediate eld E with jK W Ej D 2m and jE W Rj D q. However,
then E is an odd-degree nite extension of R. It follows that q D 1 and E D R.
Therefore, jK W Rj D 2m and jGj D 2m .
Now, jK W Cj D 2m1 and suppose G1 D Gal.K=C/. This is a 2-group. If it were
not trivial, then from Theorem 13.4.1 there would exist a subgroup of order 2m2
and index 2. This would correspond to an intermediate eld E of degree 2 over C.
However from the argument above C has no degree 2 extensions. It follows then that
G1 is trivial, that is, jG1 j D 1, so jK W Cj D 1 and K D C completing the proof.
The fact that C is algebraically closed limits the possible algebraic extensions of
the reals.
Corollary 17.7.2. Let K be a nite eld extension of the real numbers R. Then K D R
or K D C.
Proof. Since jK W Rj < 1 by the primitive element theorem K D R./ for some
2 K. Then the minimal polynomial m .x/ of over R is in Rx and hence in
Cx. Therefore form the fundamental theorem of algebra it has a root in C. Hence
2 C. If 2 R then K D R, if not then K D C.
263
17.8
Exercises
1. For f .x/ 2 Qx with

f .x/ D x 6 12x 4 C 36x 2 50
.f .x/ D 4x 4 12x 2 C 20x 3/
1
m
determine for each complex zero of f .x/ a nite number of radicals

i D i i ,
i D 1; : : : ; r, and a presentation of as a rational function in
1 ; : : : ;
r over Q
such that
iC1 is irreducible over Q.
1 ; : : : ;
i / and i C1 2 Q.
1 ; : : : ;
i / for
i D 0; : : : ; r 1.
2. Let K be a eld of prime characteristic p. Let n 2 N and Kn the splitting eld of
x n 1 over K. Show that Aut.Kn jK/ is cyclic.
3. Let f .x/ D x 4 x C 1 2 Zx. Show:
(i) f has a real zero.
(ii) f is irreducible over Q.
(iii) If u C iv (u; v 2 R) is a zero of f in C, then g D x 3 4x 1 is the minimal
polynomial of 4u2 over Q.
(iv) The Galois group of f over Q has an element of order 3.
(v) No zero a 2 C of f is constructible from the points 0 and 1 with straightedge
and compass.
4. Show that each polynomial f .x/ over R decomposes in linear factors and quadratic factors (f .x/ D d.x a1 / .x a2 / .x 2 C b1 x C c1 / .x 2 C b2 x C c2 / ,
d 2 R).
5. Let E be a nite (commutative) eld extension of R. Then E R or E C.
6. Let n 1 be a natural number and x an indeterminate over C. Consider the
polynomial x n 1 2 Zx. In Cx it decomposes in linear factors:
x n 1 D .x 1 /.x 2 / .x n /;
where the complex numbers
D e 2 i n D cos
2
2
C i sin
;
n
n
1 n;
are all (different) n-th roots of unity, that is especially n D 1. These form a
from 1 generated multiplicative cyclic group G D 1 ; 2 ; : : : ; n . It is D 1 .
An n-th root of unity is called a primitive n-th root of unity, if is not an m-th
root of unity for any m < n.
264
Show that the following are equivalent:

(i) is a primitive n-th root of unity.
(ii) is a generating element of G.
(iii) gcd.; n/=1.
7. The polynomial n .x/ 2 Cx, whose zeros are exactly the primitive n-th roots of
unity, is called the n-th cyclotomic polynomial. With Exercise 6 it is:
Y
Y

.x / D
.x e 2 i n /:
n .x/ D
1n
gcd.;n/D1
1n
gcd.;n/D1
The degree of n .x/ is the number of the integers 1; : : : ; n, which are coprime
to n. Show:
Q
(i) x n 1 D d 1 d .x/.
d jn
(ii) n .x/ 2 Zx for all n 1.

(iii) n .x/ is irreducible over Q (and therefore also over Z) for all n 1.
8. Show that the Fermat numbers F0 ; F1 ; F2 ; F3 ; F4 are all prime but F5 is composite
and divisible by 641.
Chapter 18
The Theory of Modules
18.1
Modules Over Rings
Recall that a vector space V over a eld F is an abelian group V with a scalar multiplication W F V ! V satisfying
(1) f .v1 C v2 / D f v1 C f v2 for f 2 F and v1 ; v2 2 V .
(2) .f1 C f2 /v D f1 v C f2 v for f1 ; f2 2 F and v 2 V .
(3) .f1 f2 /v D f1 .f2 v/ for f1 ; f2 2 F and v 2 V .
(4) 1v D v for v 2 V .
Vector spaces are the fundamental algebraic structures in linear algebra and the
study of linear equations. Vector spaces have been crucial in our study of elds and
Galois theory since any eld extension is a vector space over any subeld. In this
context the degree of a eld extension is just the dimension of the extension eld as a
vector space over the base eld.
If we modify the denition of a vector space to allow scalar multiplication from an
arbitrary ring we obtain a more general structure called a module. We will formally
dene this below. Modules generalize vector spaces but the fact that the scalars do
not necessarily have inverses makes the study of modules much more complicated.
Modules will play an important role in both the study of rings and the study of abelian
groups. In fact any abelian group is a module over the integers Z so that modules, besides being generalizations of vector spaces can also be considered as generalizations
of abelian groups.
In this chapter we will introduce the theory of modules. In particular we will extend
to modules the basic algebraic properties such as the isomorphism theorems that have
been introduced earlier for groups, rings and elds.
In this chapter we restrict ourselves to commutative rings so that throughout R is
always a commutative ring. If R has an identity 1 then we always consider only the
case that 1 0. Throughout this chapter we use letters a; b; c; m; : : : for ideals in R.
For principal ideals we write hai or aR for the ideal generated by a 2 R. We note
however that the denition can be extended to include modules over noncommutative
rings. In this case we would speak of left modules and right modules.
Denition 18.1.1. Let R D .R; C; / a commutative ring and M D .M; C/ an
abelian group. M together with a scalar multiplication W RM ! M; .; x/ 7! x,
is called a R-module or module over R if the following axioms hold:
266
Chapter 18 The Theory of Modules
(M1) . C /x D x C x,
(M2) .x C y/ D x C y and
(M3) ./x D .x/ for all ; 2 R and x; y 2 M .
If R has an identity 1 then M is called an unitary R-module if in addition
(M4) 1 x D x for all x 2 M holds.
In the following, R always is a commutative ring. If R contains an identity 1 then
M always is an unitary R-module. If R has an identity 1 then we always assume
1 0.
As usual we have the rules:
0 x D 0;
0 D 0;
.x/ D ./x D .x/
for all 2 R and for all x 2 M .

We next present a series of examples of modules.
Example 18.1.2.
(1) If R D K is a eld then a K-module is a K-vector space.
(2) Let G D .G; C/ be an abelian group. If n 2 Z and x 2 G then nx is dened as

usual:
0 x D 0;
nx D x
C
x
C
if n > 0
and
n-times
nx D .n/.x/
if n < 0:
Then G is an unitary Z-module via the scalar multiplication

W Z G ! G;
.n; x/ 7! nx:
(3) Let S be a subring of R. Then via .s; r/ 7! sr the ring R itself becomes an
S-module.
(4) Let KPbe a eld, V a K-vector space and
P f W Vi ! V a linear map of V . Let
i
p D i i t 2 Kt . Then p.f / WD i i f denes a linear map of V and
V is an unitary Kt -module via the scalar multiplication
Kt V ! V;
.p; v/ 7! pv WD p.f /.v/:
(5) If R is a commutative ring and a is an ideal in R then a is a module over R.

Basic to all algebraic theory is the concept of substructures. Next we dene submodules.
Section 18.1 Modules Over Rings
267
Denition 18.1.3. Let M be an R-module. ; U M is called a submodule of M

if
(UMI) .U; C/ < .M; C/ and
(UMII) 2 R; u 2 U ) u 2 U , that is, RU U .
Example 18.1.4. (1) In an abelian group G, considered as a Z-module, the subgroups are precisely the submodules.
(2) The submodules of R, considered as a R-module, are precisely the ideals.
(3) Rx WD x W 2 R is a submodule of M for each x 2 M .
(4) Let K be a eld, V a K-vector space and f W V ! V a linear map of V .
Let U be a submodule of V , considered as a Kt -module as above. Then the
following holds:
(a) U < V .
(b) pU D p.f /U U for all p 2 Kt . Especially U U for p D 2 K
and t U D f .U / U for p D t , that is, U is an f -invariant subspace. On
the other side also, p.f /U U for all p 2 Kt if U is an f -invariant
subspace.
We next extend to modules the concept of a generating system. For a single generator, as with groups, this is called cyclic.
Denition 18.1.5. A submodule U of the R-module M is called cyclic if there exists
an x 2 M with U D Rx.
As in vector spaces, groups and rings the following constructions are standard leading us to generating systems.
T
(1) Let M be a R-module and Ui W i 2 I a family of submodules. Then i 2I Ui
is a submodule of M .
(2) Let M be a R-module. If A M then we dene
hAi WD
U W U submodule of M with A U :
hAi is the smallest submodule of M which contains

P A. If R has an identity 1
then hAi is the set of all linear combinations i i ai with all i 2 R, all
ai 2 A. This holds because M is unitary and na D n.1 a/ D .n 1/a for
n 2 Z and a 2 A, that is, we may consider the pseudoproduct na as a real
product in the module. Especially, if R has a unit 1 then aR D hai DW hai.
268
Denition 18.1.6. Let R have an identity 1. If M D hAi then A is called a generating

system of M . M is called nitely generated if there are a1 ; : : : ; an 2 M with M D
ha1 ; : : : ; an i DW ha1 ; : : : ; an i.
The following is clear.
Lemma 18.1.7. Let Ui be submodules of M , i 2 I , I an index set. Then
[ X
Ui D
ai W ai 2 Ui ; L I nite :
i 2I
i 2L
the Ui . A sum
PWe write h i 2I Ui i DW i 2I Ui and call this submodule the sum ofP
ai , ai 2 Ui ,
i2I Ui is called a direct sum if for each representation
Pof 0 as 0 D
it follows L
that all ai D 0. This is equivalent to Ui \ i j Uj D 0 for all i 2 I .
Notation: i 2I Ui ; and if I D 1; : : : ; n then we write U1 Un , too.
In analogy with our previously dened algebraic structure we extend to modules
the concepts of quotient modules and module homomorphisms.
Denition 18.1.8. Let U be a submodule of the R-module M . Let M=U be the factor
group. We dene a (well-dened) scalar multiplication
R M=U ! M=U;
.x C U / WD x C U:
With this M=U is a R-module, the factor module or quotient module of M by U . In

M=U we have the operations
.x C U / C .y C U / D .x C y/ C U
and
.x C U / D x C U:
A module M over a ring R can also be considered as a module over a quotient ring
of R. The following is straightforward to verify (see exercises).
Lemma 18.1.9. Let
P a C R an ideal in R and M a R-module. The set of all nite
sums of the form
i xi , i 2 a, xi 2 M , is a submodule of M which we denote
by aM . The factor group M=aM becomes a R=a-module via the well-dened scalar
multiplication
. C a/.m C aM / D m C aM:
If here R has an identity 1 and a is a maximal ideal then M=aM becomes a vector
space over the eld K D R=a.
269
Section 18.1 Modules Over Rings
We next dene module homomorphisms

Denition 18.1.10. Let R be a ring and M , N be R-modules. A map f W M ! N
is called a R-module homomorphism (or R-linear) if
f .x C y/ D f .x/ C f .y/
and
f .x/ D f .x/
for all 2 R and all x; y 2 M . Endo-, epi-, mono-, iso- and automorphisms are
dened analogously via the corresponding properties of the maps. If f W M ! N
and g W N ! P are module homomorphisms then g f W M ! P is also a module
homomorphism. If f W M ! N is an isomorphism then also f 1 W N ! M .
We dene kernel and image in the usual way:
ker.f / WD x 2 M W f .x/ D 0
and
im.f / WD f .M / D f .x/ W x 2 M :
ker.f / is a submodule of M and im.f / is a submodule of N . As usual:
f is injective ker.f / D 0:
If U is a submodule of M then the map x 7! x C U denes a module epimorphism
(the canonical epimorphism) from M onto M=U with kernel U .
There are module isomorphism theorems. The proofs are straightforward extensions of the corresponding proofs for groups and rings.
Theorem 18.1.11 (module isomorphism theorems). Let M; N be R-modules.
(1) If f W M ! N is a module homomorphism then
f .M / M= ker.f /:
(2) If U; V are submodules of the R-module M then
U=.U \ V / .U C V /=V:
(3) If U and V are submodules of the R-module M with U V M then
.M=U /=.V =U / M=V:
270
For the proofs, as for groups, just consider the map f W U C V ! U=.U \ V /,
u C v 7! u C .U \ V / which is well-dened because U \ V is a submodule of U ;
we have ker.f / D V .
Note that 7! , 2 R xed, denes a module homomorphism R ! R if we
consider R itself as a R-module.
18.2
Annihilators and Torsion
In this section we dene torsion for an R-module and a very important subring of R
called the annihilator.
Denition 18.2.1. Let M be an R-module. For a xed a 2 M consider the map
a W R ! M , a ./ WD a. a is a module homomorphism considering R as an
R-module. We call ker.a / the annihilator of a denoted Ann.a/, that is
Ann.a/ D 2 R W a D 0:
Lemma 18.2.2. Ann.a/ is a submodule of R and the module isomorphism theorem
.1/ gives R= Ann.a/ Ra.
We next extend the annihilator to whole submodules of M .
Denition 18.2.3. Let U be a submodule of the R-module M . The annihilator
Ann.U / is dened to be
Ann.U / WD 2 R W u D 0 for all u 2 U :
T
As for single elements, since Ann.U / D u2U Ann.u/, then Ann.U / is a submodule of R. If 2 R, u 2 U , then u 2 U , that means, if u 2 Ann.U / then also
u 2 Ann.U / because ./u D .u/ D 0. Hence, Ann.U / is an ideal in R.
Suppose that G is an abelian group. Then as mentioned G is a Z-module. An
element g 2 G is a torsion element or has nite order if ng D 0 for some n 2 N. The
set Tor.G/ consists of all the torsion elements in G. An abelian group is torsion-free
if Tor.G/ D 0.
Lemma 18.2.4. Let G be an abelian group. Then Tor.G/ is a subgroup of G and
G= Tor.G/ is torsion-free.
We extend this concept now to general modules.
Section 18.3 Direct Products and Direct Sums of Modules
271
Denition 18.2.5. The R-module M is called faithful if Ann.M / D 0. An element

a 2 M is called a torsion element, or element of nite order, if Ann.a/ 0.
A module without torsion elements 0 is called torsion-free. If the R-module M is
torsion-free then R has no zero divisors 0.
Theorem 18.2.6. Let R be an integral domain and M an R-module (by our agreement M is unitary). Let Tor.M / D T .M / be the set of torsion elements of M . Then
Tor.M / is a submodule of M and M= Tor.M / is torsion-free.
Proof. If m 2 Tor.M /, 2 Ann.m/, 0 and 2 R then we get .m/ D
./m D ./m D .m/ D 0, that is, m 2 Tor.M /, because 0 if 0
(R is an integral domain). Let m0 another element of Tor.M / and 0 0 2 Ann.m0 /.
Then 0 0 and 0 .m C m0 / D 0 m C 0 m0 D 0 .m/ C . 0 m0 / D 0, that
is, m C m0 2 Tor.M /. Therefore Tor.M / is a submodule.
Now, let m C Tor.M / be a torsion element in M= Tor.M /. Let 2 R, 0
with .m C Tor.M // D m C Tor.M / D Tor.M /. Then m 2 Tor.M /. Hence
there exists a 2 R, 0, with 0 D .m/ D ./m. Since 0 we get that
m 2 Tor.M / and the torsion element m C Tor.M / is trivial.
18.3
Direct Products and Direct Sums of Modules
Let Mi , i 2 I , I ;, be a family of R-modules. On the direct product
[
Y
Mi D f W I !
Mi W f .i/ 2 Mi for all i 2 I
P D
i 2I
i 2I
we dene the module operations

CWP P !P
and
WRP !P
via
.f C g/.i/ WD f .i / C g.i/ and .f /.i/ WD f .i/:
Q
Together with this operations P D i 2I Mi is an R-module, the direct product of
the Mi . If we identify f with the I -tuple of the images f D .fi /i 2I then the sum
and the scalar multiplication are componentwise.
If I D 1; : : : ; n and Mi D M for
Q
n D
all i 2 I then we write, as usual,QM
i 2I Mi .
M
WD 0.
We
make
the
agreement
that
i
i 2I D;
L
Q
M
WD
f
2
M
W
f
.i
/
D
0 for almost all i (for almost all i
i
i
i2I
i 2I
means that there are at most nitely many i with f .i/ 0) is a submodule of the
If I D 1; : : : ; n then we write
direct
product, called the direct sumQof the Mi . L
L
n
n
M
D
M

M
.
Here
M
D
i
1
n
i
i2I
i D1
i D1 Mi for nite I .
272
Theorem 18.3.1.
(1) If 2 Per.I / is a permutation of I then

Y
Mi
i 2I
and
M.i/
i 2I
Mi
i 2I
M.i/ :
i 2I
S
(2) If I D P j 2J Ij , the disjoint union, then
Y
Mi
i 2I
and
M
i 2I
YY
j 2J
Mi
Mi
i 2Ij
M M
j 2J

Mi :
i 2Ij
Proof. (1) Consider the map fS7! f .

Q
(2) Consider the map f 7! j 2J fj where fj 2 i 2Ij Mi is the restriction of f
S
S
onto Ij , and j 2J fj is on J dened by . j 2J fj /.k/ WD fk D f .k/.
Q
Let I ;. If M D i 2I Mi then we get in a natural manner module homomorphisms i W M ! Mi via f 7! f .i /I i is called the projectionLonto the i-thQcomponent. In duality we dene module homomorphisms i W Mi ! i 2I Mi i 2I Mi
via i .mi / D .nj /j 2I where nj D 0 if i j and ni D mi . i is called the
i-th canonical injection. If I D 1; : : : ; n then i .a1 ; : : : ; ai ; : : : ; an / D ai and
i .mi / D .0; : : : ; 0; mi ; 0; : : : ; 0/.
Theorem 18.3.2 (universal properties). Let A; Mi ; i 2 I ;, be R-modules.
(1) If i W A ! Mi , i 2 I , are module homomorphisms
then there exists exactly one
Q
module homomorphism W A ! i 2I Mi such that for each i the following
diagram commutes:
that is, j D j where j is the j -th projection.
Section 18.4 Free Modules
273
(2) If i W Mi ! A, i 2 I , are module

L homomorphisms then there exists exactly
one module homomorphism W i 2I Mi ! A such that for each j 2 J the
following diagram commutes:
that is, j D j where j is the j -th canonical injection.

Proof. (1) If there is such then the j Q
-th component of .a/ is equal j .a/ because
j D j . Hence, dene .a/ 2 i 2I Mi via .a/.i/ WD i .a/, and is the
desired map.
P
// D . i 2I i .xi // D
a with j D j then .x/ D ..xi P
P(2) If there is such P
i2I i .xi / D
i 2I i .xi /. Hence dene ..xi // D
i 2I i .xi /, and is
the desired map (recall that the sum is well dened).
18.4
Free Modules
If V is a vector space over a eld F then V always has a basis over F which may
be innite. Despite the similarity to vector spaces, because the scalars may not have
inverses this is not necessarily true for modules.
We now dene a basis for a module and show that only free modules have bases.
LetPR be a ring with identity 1, M be a unitary R-module and S M . Each nite
sum
i si , the i 2 R and the si 2 S, is called a linear combination in S. Since
M is unitary and S ; then hSi is exactly the set of all linear combinations in S.
In the following we assume that S ;. If S D ; then hS i D h;i D 0, and this
case is not interesting. For
P convention, in the following we always assume mi mj
if i j in a nite sum i mi with all i 2 R and all mi 2 M .
: : ; mn M is called linear independent or
Denition 18.4.1. A nite set m1 ; : P
free (over R) if a representation 0 D niD1 i mi implies always i D 0 for all i 2
1; : : : ; n, that is, 0 can be represented only trivially on m1 ; : : : ; mn . A nonempty
subset S M is called free (over R) if each nite subset of S is free.
Denition 18.4.2. Let M be a R-module (as above).
(1) S M is called a basis of M if
(a) M D hSi and
(b) S is free (over R).
274
(2) If M has a basis then M is called a free R-module. If S is a basis of M then M

is called free on S or free with basis S .
In this sense we can consider 0 as a free module with basis ;.
1. R R D R2 , as R-module, is free with basis .1; 0/; .0; 1/.
L
2. More general, let I ;. Then i 2I Ri with Ri D R for all i 2 I is free with
basis i W I ! R W i .j / D ij ; i; j 2 I where
0 if i j ;
ij D
1 if i D j :
Example 18.4.3.
Especially, if I D 1; : : : ; n then Rn D .a1 ; : : : ; an / W ai 2 R is free with

basis i D .0; : : : ; 0; 1; 0; : : : ; 0/I 1 i n.

i 1
3. Let G be an abelian group. If G, as a Z-module, is free on S G, then G is

called a free abelian group with basis S . If jS j D n < 1 then G Zn .
Theorem 18.4.4. The R-module
P M is free on S if and only if each m 2 M can be
written uniquely
i si with i 2 R, si 2 S. This is exactly the case
L in the form
when M D s2S Rs is the direct sum of the cyclic submodules Rs, and each Rs is
module isomorphic to R.
P
because
Proof. If S is a basis then each m 2 M can be written
as mPD
i si P
P
i si then .i
M D hSi. This representation is unique because if i si D
i /si D 0, that is i i D 0 for all i . P
If, on the other side,
we
assume that the
P
0 si that all i D 0,
representation is unique then we get from
i si D 0 D
and therefore M is free on S. The rest of the theorem
of
P
Pessentially is a rewriting
the denition. P
If each m 2 M can be written as m D
i si then
P M D s2S Rs.
If x 2 Rs 0 \P s2S;ss 0 Rs with s 0 2 S then x D 0 s 0 D
si s 0 ;si 2S i si and
0 D 0 s 0 L si s 0 ;si 2S i si and therefore 0 D 0 and i D 0 for all i. This
gives M D
s2S Rs. The cyclic modules Rs are isomorphic to R= Ann.s/, and
Ann.s/ D 0 in the free modules. On the other side such modules are free on S.
Corollary 18.4.5.
(1) M is free on S , M
L
s2S
Rs , Rs D R for all s 2 S.
(2) If M is nitely generated and free then there exists an n 2 N0 such that M
Rn D R
R
.

n-times
Proof. Part (1) is clear. We prove part (2). Let MPD hx1 ; : : : ; xr i and S a basis of M .
representable
on S as xi D si 2S i si . Since the xi generate M
Each xi is uniquely
P
P
we get m D
i xi D i;j i j sj for arbitrary m 2 M , and we need only nitely
many sj to generate M . Hence S is nite.
275
Section 18.4 Free Modules
Theorem 18.4.6. Let R be a commutative ring with identity 1 and M a free Rmodule. Then any two bases of M have the same cardinality.
Proof. R contains a maximal ideal m, and R=m is a eld (seeL
Theorem 2.3.2 and
2.4.2). Then M=mM
is
a
vector
space
over
R=m.
From
M
s2S Rs with basis

L
S we get mM s2S ms and, hence,
M
M
M
M=mM
Rs =mM
.Rs=mM /
R=m:
s2S
s2S
s2S
Hence the R=m-vector space M=mM has a basis of the cardinality of S. This gives
the result.
Let R be a commutative ring with identity 1 and M a free R-module. The cardinality of a basis is an invariant of M , called the rank of M or dimension of M . If
rank.M / D n < 1 then this means M Rn .
Theorem 18.4.7. Each R-module is a (module-)homomorphic image of a free Rmodule.
L
Proof. Let M be a R-module. We consider F WD m2M Rm with Rm D R
Pfor all
m m
m 2 M . F is a free R-module. The map f W F ! M , f ..m /m2M / D
denes a surjective module homomorphism.
Theorem 18.4.8. Let F; M be R-modules, and let F be free. Let f W M ! F be a
module epimorphism. Then there exists a module homomorphism g W F ! M with
f g D idF , and we have M D ker.f / g.F /.
Proof. Let S be a basis of F . By the axiom of choice there exists for each s 2 S an
element ms 2 M with f .ms / P
D s (f is surjective).
We dene the map g W F ! M
P
via s 7! ms linearly, that is, g. si 2S i si / D si 2S i msi . Since F is free, the map
g is well dened. Obviously f g.s/ D f .ms / D s for s 2 S, that means f g D idF
because F is free on S . For each m 2 M we have also m D gf .m/C.mgf .m//
where g f .m/ D g.f .m// 2 g.F /, and since f g D idF the elements of the
form m g f .m/ are in the kernel of f . Therefore M D g.F / C ker.f /. Now let
x 2 g.F / \ ker.f /. Then x D g.y/ for some y 2 F and 0 D f .x/ D f g.y/ D y,
and hence x D 0. Therefore the sum is direct: M D g.F / ker.f /.
Corollary 18.4.9. Let M be an R-module and N a submodule such that M=N is
free. Then there is a submodule N 0 of M with M D N N 0 .
Proof. Apply the above theorem for the canonical map W M ! M=N with
ker./ D N .
276
18.5
Modules over Principal Ideal Domains
We now specialize to the case of modules over principal ideal domains. For the remainder of this section R is always a principal ideal domain 0. We now use the
notation ./ WD R, 2 R, for the principal ideal R.
Theorem 18.5.1. Let M be a free R-module of nite rank over the principal ideal
domain R. Then each submodule U is free of nite rank, and rank.U / rank.M /.
Proof. We prove the theorem by induction on n D rank.M /. The theorem certainly
holds if n D 0. Now let n 1 and assume that the theorem holds for all free Rmodules of rank < n. Let M be a free R-module of rank n with basis x1 ; : : : ; xn .
Let U be a submodule of M . We represent the elements of U as linear combination
of the basis elements x1 ; : : : ; xn , and we consider the set of coefcients of x1 for the
elements of U :
n
X
a D 2 R W x1 C
i xi 2 U :
i D2
Certainly a is an ideal in R. Since R is a principal ideal domain we have a D .1 /

for some 1 2 R. Let u 2 U be an element in U which has 1 as its rst coefcient,
that is
n
X
i xi 2 U:
u D 1 x1 C
i D2
Let v 2 U be arbitrary. Then

v D .1 x1 / C
n
X
i xi :
i D2
Hence v u 2 U 0 WD U \M 0 where M 0 is the free R-module with basis x2 ; : : : ; xn .

By induction, U 0 is a free submodule of M 0 with a basis y1 ; : : : ; y t , t n 1. If
1 D 0 then a D .0/ and U D U 0 , and there is nothing to prove. Now let 1 0. We
show that u; y1 ; : : : ; y t is a basisPof U . v u is a linear combination of
basis
Pthe
t
t
0 , that is, v u D
elements of U
i D1 i yi uniquely.
P Hence v D u C i D1 i yi
and U D hu; y1 ; : : : ; y t i. Now let be 0 D
u C ti D1 i yi . We write u and the
yi as linear combinations in the basis elements x1 ; : : : ; xn of M . There is only an
x1 -portion in
u. Hence
n
X
0 D
1 x1 C
0i xi :
i D2
Therefore rst
1 x1 D 0, that is,
D 0 because R has no zero divisor 0, and
further 02 D D 0n D 0, that means, 1 D D t D 0.
277
Section 18.5 Modules over Principal Ideal Domains
Let R be a principal ideal domain. Then the annihilator Ann.x/ in R-modules M

has certain further properties. Let x 2 M . By denition
Ann.x/ D 2 R W x D 0 G R;
an ideal in R;
hence Ann.x/ D .x /. If x D 0 then .x / D R. x is called the order of x and

.x / the order ideal of x. x is uniquely determined up to units in R (that is, up
to elements T
with 0 D 1 for some 0 2 R). For a submodule U of M we call
Ann.U / D u2U .u / D ./ the order ideal of U . In an abelian group G, considered
as a Z-module, this order for elements corresponds exactly with the order as group
elements if we choose x 0 for x 2 G.
Theorem 18.5.2. Let R be a principal ideal domain and M be a nitely generated
torsion-free R-module. Then M is free.
Proof. Let M D hx1 ; : : : ; xn i torsion-free and R a principal ideal domain. Each
submodule hxi i D Rxi is free because M is torsion-free. We call a subset S
hx1 ; : : : ; xn i free if the submodule hSi is free. Since hxi i is free there exist such
nonempty subsets. Under all free subsets S hx1 ; : : : ; xn i we choose one with a
maximal number of elements. We may assume that x1 ; : : : ; xs , 1 s n, is such
a maximal set after possible renaming. If s D n then the theorem holds. Now, let
s < n. By the choice of s the sets x1 ; : : : ; xs ; xj with s < j n are not free.
Hence there are j 2 R and i 2 R, not all 0, with
j xj D
s
X
i xi ;
j 0; s < j n:
i D1
For the product WD sC1 n 0 we get xj 2 Rx1 Rxs DW F ,

s < j n, because xi 2 F for 1 i s. Altogether we get M F . M is a
submodule of the free R-module F of rank s. By Theorem 18.5.1 we have that M
is free. Since 0 and M is torsion-free, the map M ! M , x 7! x, denes an
(module) isomorphism, that is, M M . Therefore, also M is free.
We remind that for an integral domain R the set
Tor.M / D T .M / D x 2 M W 9 2 R; 0; with x D 0
of the torsion elements of an R-module M is a submodule with torsion-free factor
module M=T .M /.
Corollary 18.5.3. Let R be a principal ideal domain and M be a nitely generated
R-module. Then M D T .M / F with a free submodule F M=T .M /.
Proof. M=T .M / is a nitely generated, torsion-free R-module, and, hence, free. By
Corollary 18.4.9 we have M D T .M / F , F M=T .M /.
278
From now on we are interested in the case that M 0 is a torsion R-module,

that is, M D T .M /. Let R be a principal ideal domain and M D T .M / an Rmodule. Let M 0 and nitely generated. As above, let x the order of x 2 M
unique up
T to units in R and .x / D 2 R W x D 0 the order ideal of x. Let
./ D x2M .x / the order ideal of M . Since ./ .x / we have x j for all
x 2 M . Since principal ideal domains are unique factorization domains, if 0
then there can not be many essentially different orders (that means different up to
units). Since M 0 and nitely generated we have in any case 0, because if
M D hx1 ; : : : ; xn i, i xi D 0 with i 0 then M D 0 if WD 1 n 0.
Lemma 18.5.4. Let R be a principal ideal domain and M 0 be an R-module
with M D T .M /.
(1) If the orders x and y of x; y 2 M are relatively prime, that is, gcd.x ; y / D 1,
then .xCy / D .x y /.
(2) Let z be the order of z 2 M , z 0. If z D with gcd.; / D 1 then there
exist x; y 2 M with z D x C y and .x / D ./, .y / D ./.
Proof. (1) Since x y .x C y/ D x y x C x y y D y x x C x y y D 0 we get
.x y / .xCy /. On the other side, from x x D 0 and xCy .x C y/ D 0 we get
0 D x xCy .x C y/ D x xCy y, that means, x xCy 2 .y / and, hence, y jx xCy .
Since gcd.x ; y / D 1 we have y jxCy . Analogously x jxCy . Hence, x y jxCy
and .xCy / .x y /.
(2) Let z D with gcd.; / D 1. Then there are ; 2 R with 1 D C .
Therefore we get
z D 1 z D z C z D y C x D x C y:

DWy
DWx
Since x D z D z z D 0 we get 2 .z /, that means, x j. On the other

side, from 0 D x x D x z we get z j x and hence j x because z D .
Therefore j x . From gcd.; / D 1 we get jx . Therefore is associated to
x , that is D x with a unit in R and further ./ D .x /. Analogously ./ D
.y /.
In Lemma 18.5.4 we do not need M D T .M /. We only need x; y; z 2 M with
x 0, y 0 and z 0, respectively.
Corollary 18.5.5. Let R be a principal ideal domain and M 0 be an R-module
with M D T .M /.
1. Let x1 ; : : : ; xn 2 M be pairwise different and pairwise relatively prime orders
xi D i . Then y D x1 C C xn has order WD 1 : : : n .
Section 18.6 The Fundamental Theorem for Finitely Generated Modules
279
2. Let 0 x 2 M and x D 1k1 : : : nkn be a prime decomposition of the order

x of x ( a unit in R and the i pairwise nonassociate prime elements in R)
where n > 0, ki > 0. Then there exist xi , i D 1; : : : ; n, with xi associated to
iki and x D x1 C C xn .
18.6
The Fundamental Theorem for Finitely Generated

Modules
In Section 10.4 we described the following result called the basis theorem for nite
abelian groups (in the following we give a complete proof in detail; an elementary
proof is given in Chapter 19.).
Theorem 18.6.1 (Theorem 10.4.1, basis theorem for nite abelian groups). Let G be
a nite abelian group. Then G is a direct product of cyclic groups of prime power
order.
This allowed us, for a given nite order n, to present a complete classication of
abelian groups of order n. In this section we extend this result to general modules over
principal ideal domains. As a consequence we obtain the fundamental decomposition
theorem for nitely generated (not necessarily nite) abelian groups, which nally
proves Theorem 10.4.1. In the next chapter we present a separate proof of this in a
slightly different format.
Denition 18.6.2. Let R be a principal ideal domain and M be an R-module. Let
2 R be a prime element. M WD x 2 M W 9k 0 with k x D 0 is called the
-primary component of M . If M D M for some prime element 2 R then M is
called -primary.
We certainly have the following.
1. M is a submodule of M .
2. The primary components correspond to the p-subgroup inabelian groups.
Theorem 18.6.3. Let R be a principal ideal domain and M 0 be an R-module
with M D T .M /. Then M is the direct sum of its -primary components.
1
nkn be a prime decomposition
Proof. x 2 M has nite order x . Let x D 1kP
of x . P
By Corollary 18.5.5 we have that x D
xi with xi 2 Mi . That means
M
where
P
is
the
set
of
the
prime
elements
M
D

2P
P of R. Let y 2 M \
P
k for some k 0 and y D
M
,
that
is,
D

xi with xi 2 M i , that

y
2P;
l
i
means xi D for some li 0. By Corollary 18.5.5 we get that y has the order
Q
Q
li
li
k
i i , that means, is associated to
i i . Therefore k D li D 0 for
all i, and the sum is direct.
280
If R is a principal ideal domain and 0 M D T .M / a nitely generated torsion

R-module then there are only nitely many -primary components, that is to say for
the prime elements with j where ./ is the order ideal of M .
Corollary 18.6.4. Let R be a principal ideal domain and 0 M be a nitely
generated torsion R-module. Then M has only nitely many nontrivial primary components M1 ; : : : ; Mn , and we have
M D
n
M
Mi :
i D1
Hence we have a reduction of the decomposition problem to the primary components.

Theorem 18.6.5. Let R be a principal ideal domain, 2 R a prime element and
M 0 be a R-module with k M D 0; further let m 2 M with .m / D . k /.
Then there exists a submodule N M with M D Rm N .
Proof. By Zorns lemma the set U W U submodule of M and U \ Rm D 0 has
a maximal element N . This set is nonempty because it contains 0. We consider
M 0 WD N Rm M and have to show that M 0 D M . Assume that M 0 M .
Then there exists a x 2 M with x M 0 , especially x N . Then N is properly
contained in the submodule Rx C N D hx; N i. By our choice of N we get A WD
.Rx C N / \ Rm 0. If z 2 A, z 0, then z D m D x C n with ,
2 R and n 2 N . Since z 0 we have m 0; also x 0 because otherwise
z 2 Rm \ N D 0. is not a unit in R because otherwise x D 1 .m n/ 2 M 0 .
Hence we have: If x 2 M , x M 0 then there exist 2 R, 0, not a unit in R,
2 R with m 0 and n 2 N such that
x D m C n:
(?)
Especially x 2 M 0 .
Now let D 1 : : : r be a prime decomposition. We consider one after the
other the elements x; r x; r1 r x; : : : ; 1 : : : r x D x. We have x M 0 but
x 2 M 0 ; hence there exists an y M 0 with i y 2 N C Rm.
1. i , the prime element in the statement of the theorem. Then gcd.i ; k /
D 1, hence there are , 0 2 R with i C 0 k D 1, and we get Rm D
.Ri C R k /m D i Rm because k m D 0. Therefore i y 2 M 0 D N
Rm D N C i Rm.
2. i D . Then we write y as y D n C m with n 2 N and 2 R.
This is possible because y 2 M 0 . Since k M D 0 we get 0 D k1 y D
k1 nC k1 m. Therefore k1 n D k1 m D 0 because N \Rm D 0.
Especially we get k1 2 .m /, that is, k j k1 and, hence, j. Therefore
y D n C m D n C 0 m 2 N C Rm, 0 2 R.
Section 18.6 The Fundamental Theorem for Finitely Generated Modules
281
Hence, in any case we have i y 2 N C i Rm, that is, i y D n C i z with n 2 N

and z 2 Rm. It follows i .y z/ D n 2 N .
y z is not an element of M 0 because y M 0 . By (?) we have therefore ; 2 R,
0 not a unit in R with .y z/ D n0 C m, m 0, n0 2 N . We write
z 0 D m, then z 0 2 Rm, z 0 0, and .y z/ D n0 C z 0 . So, we have the equations
.y z/ D n0 C z 0 , z 0 0, and
i .y z/ D n:
(??)
We have gcd.; i / D 1 because otherwise i j and, hence, .y z/ 2 N and

z 0 D 0 because N \ Rm D 0. Then there exist
;
0 with
i C
0 D 1. In (??)
we multiply the rst equation with
0 and the second with
.
Addition gives y z 2 N Rm D M 0 , and hence y 2 M 0 which contradicts
y M 0 . Therefore M D M 0 .
M 0 a nitely generated
L-primary R-module. Then there exist nitely many
m1 ; : : : ; ms 2 M with M D siD1 Rmi .
Proof. Let M D hx1 ; : : : ; xn i. Each xi has an order ki . We may assume that
k1 D maxk1 ; k2 ; : : : ; kn , possibly after renaming. We have ki xi D 0 for all i.
Since xik1 D .xiki /k1 ki we have also k1 M D 0, and also .x1 / D . k1 /. Then
M D Rx1 N for some submodule N M by Theorem 18.6.5.Now N M=Rx1
and M=Rx1 is generated by the elements x2 C Rx1 ; : : : ; xn C Rx1 . Hence, N is
nitely generated by n 1 elements; and certainly N is -primary. This proves the
result by induction.
Since Rmi R= Ann.mi / and Ann.mi / D .mi / D . ki / we get the following
extension of Theorem 18.6.6.
M 0 a nitely generated -primary R-module. Then there exist nitely many
k1 ; : : : ; ks 2 N with
s
M
R=. ki /;
M
i D0
and M is, up to isomorphism, uniquely determined by .k1 ; : : : ; ks /.

L
Proof. The rst part, that is, a description as M siD0 R=. ki / follows directly
from Theorem 18.6.6. Now, let
M
n
M
i D0
ki
R=. /
m
M
i D0
R=. li /:
282
We may assume that k1 k2 kn > 0 and l1 l2 L

lm > 0. We
n
ki
consider rst the submodule
N
WD
x
2
M
W
x
D
0.
Let
M
D
i D1 R=. /. If
P
k
k
1
we writeL
then x D .ri C . i //Lwe have x D 0 if and only if ri 2 . i /, that
is, N niD1 . ki 1 /=. ki / niD1 R=./ because k1 R= k R R=R.
Since . C .//x D x if x D 0 we get that N is an R=./-module, and, hence,
a vector space over the eld R=./. From the decompositions
N
n
M
R=./
and, analogously,
i D1
m
M
R=./
i D1
we get
n D dimR=./ N D m:
(???)
Assume that there is an i with ki < li or li < ki . Without loss of generality assume
that there is an i with ki < li .
Let j be the smallest index for which kj < lj . Then (because of the ordering of
the ki )
0
kj
M WD M
n
M
i D1
kj
ki
R= R
j 1
M
kj R= ki R;
i D1
because if i > j then kj R= ki R D 0.

We now
M 0 D kj M with respect to the second decomposition, that is,
Lm consider
0
k
j
M iD1 R= li R. By our choice of j we have kj < lj li for 1 i j .
Therefore, in this second decomposition, the rst j summands kj R= li R are
unequal 0, that is kj R= li R 0 if 1 i j . The remaining summands are
0 or of the form R= s R. Hence, altogether, on the one side M 0 is a direct sum
of j 1 cyclic submodules and on the other side a direct sum of t j nontrivial
submodules. But this contradicts the above result (???) about the number of direct
sums for nitely generated -primary modules because, certainly, M 0 is also nitely
generated and -primary. Therefore ki D li for i D 1; : : : ; n. This proves the
theorem.
Theorem 18.6.8 (fundamental theorem for nitely generated modules over principal ideal domains). Let R be a principal ideal domain and M 0 be a nitely
generated (unitary) R-module. Then there exist prime elements 1 ; : : : ; r 2 R,
0 r < 1 and numbers k1 ; : : : ; kr 2 t N, t 2 N0 such that
R
M R=.1k1 / R=.2k2 / R=.rkr / R

;
t-times
and M is, up to isomorphism, uniquely determined by .1k1 ; : : : ; rkr ; t /.
283
The prime elements i are not necessarily pairwise different (up to units in R), that
means it can be i D j for i j where is a unit in R.
Proof. The proof is a combination of the preceding results. The free part of M is
isomorphic to M=T .M /, and the rank of M=T .M /, which we call here t , is uniquely
determined because two bases of M=T .M / have the same cardinality. Therefore we
may restrict ourselves on torsion modules. Here we have a reduction to -primary
L
L
modules because in a decomposition M D i R=.iki / is M D i D R=.iki /
the -primary component of M (an isomorphism certainly maps a -primary component onto a -primary component). So it is only necessary, now, to consider primary modules M . The uniqueness statement now follows from Theorem 18.6.8.
Since abelian groups can be considered as Z-modules, and Z is a principal ideal
domain, we get the following corollary. We will restate this result in the next chapter
and prove a different version of it.
Theorem 18.6.9 (fundamental theorem for nitely generated abelian groups). Let
0 G D .G; C/ be a nitely generated abelian group. Then there exist prime
numbers p1 ; : : : ; pr , 0 r < 1, and numbers k1 ; : : : ; kr 2 N, t 2 N0 such that
Z
G Z=.p1k1 Z/ Z=.prkr Z/ Z
;

t-times
and G is, up to isomorphism, uniquely determined by .p1k1 ; : : : ; prkr ; t /.
18.7
Exercises
1. Let M and N be isomorphic modules over a commutative ring R. Then EndR .M /

and EndR .N / are isomorphic rings. (EndR .M / is the set of all R-modules endomorphisms of M .)
2. Let R be an integral domain and M an R-module with M D Tor.M / (torsion
module). Show that HomR .M; R/ D 0. (HomR .M; R/ is the set of all R-module
homomorphisms from M to R.)
3. Prove the isomorphism theorems for modules (1), (2) and (3) in Theorem 18.1.11
in detail.
4. Let M; M 0 ; N be R-modules, R a commutative ring. Show:
(i) HomR .M M 0 ; N / HomR .M; N / HomR .M 0 ; N /
(ii) HomR .N; M M 0 / HomR .N; M / HomR .N; M 0 /.
5. Show that two free modules having bases whose cardinalities are equal are isomorphic.
284
6. Let M be an unitary R-module (R a commutative ring) and let m1 ; : : : ; ms be a

nite subset of M . Show that the following are equivalent:
(i) m1 ; : : : ; ms generates M freely.
(ii) m1 ; : : : ; ms is linearly independent and generates M .
(iii) Every element m 2 M is uniquely expressible in the form m D
with ri 2 R.
Ps
i D1 ri mi
(iv) Each Rmi is torsion-free, and M D Rm1 Rms .

7. Let R be a principal domain and M 0 be an R-module with M D T .M /.
(i) Let x1 ; : : : ; xn 2 M be pairwise different and pairwise relatively prime orders xi D i . Then y D x1 C C xn has order WD 1 : : : n .
(ii) Let 0 x 2 M and x D 1k1 nkn be a prime decomposition of the
order x of x ( a unit in R and the i pairwise nonassociate prime elements
in R) where n > 0, ki > 0. Then there exist xi , i D 1; : : : ; n, with xi
associated to iki and x D x1 C C xn .
Chapter 19
Finitely Generated Abelian Groups
19.1
Finite Abelian Groups
In Chapter 10 we described the following theorem that completely provides the structure of nite abelian groups. As we saw in Chapter 18 this result is a special case of a
general result on modules over principal ideal domains.
Theorem 19.1.1 (Theorem 10.4.1, basis theorem for nite abelian groups). Let G be
a nite abelian group. Then G is a direct product of cyclic groups of prime power
order.
We review two examples that show how this theorem leads to the classication of
nite abelian groups. In particular this theorem allows us, for a given nite order n,
to present a complete classication of abelian groups of order n.
Since all cyclic groups of order n are isomorphic to .Zn ; C/, Zn D Z=nZ, we will
denote a cyclic group of order n by Zn .
of order 60. From Theorem 10.4.1 G must be a direct product of cyclic groups of
prime power order. Now 60 D 22 3 5 so the only primes involved are 2, 3 and 5.
Hence the cyclic groups involved in the direct product decomposition of G have order
either 2, 4, 3 or 5 (by Lagranges theorem they must be divisors of 60). Therefore G
must be of the form
G Z4 Z3 Z5
or
G Z2 Z2 Z3 Z5 :
Hence up to isomorphism there are only two abelian groups of order 60.
of order 180. Now 180 D 22 32 5 so the only primes involved are 2, 3 and 5. Hence
the cyclic groups involved in the direct product decomposition of G have order either
2, 4, 3, 9 or 5 (by Lagranges theorem they must be divisors of 180). Therefore G
286
Chapter 19 Finitely Generated Abelian Groups
must be of the form

G Z4 Z9 Z5
G Z2 Z2 Z9 Z5
G Z4 Z3 Z3 Z5
G Z2 Z2 Z3 Z3 Z5 :
Hence up to isomorphism there are four abelian groups of order 180.
The proof of Theorem 19.1.1 involves the following lemmas. We refer back to
Chapter 10 or Chapter 18 for the proofs. Notice how these lemmas mirror the results for nitely generated modules over principal ideal domains considered in the
last chapter.
Lemma 19.1.4. Let G be a nite abelian group and let pjjGj where p is a prime.
Then all the elements of G whose orders are a power of p form a normal subgroup
of G. This subgroup is called the p-primary component of G, which we will denote
by Gp .
Lemma 19.1.5. Let G be a nite abelian group of order n. Suppose that n D
p1e1 pkek with p1 ; : : : ; pk distinct primes. Then
G Gp1 Gpk
where Gpi is the pi -primary component of G.
Theorem 19.1.6 (basis theorem for nite abelian groups). Let G be a nite abelian
group. Then G is a direct product of cyclic groups of prime power order.
19.2
The Fundamental Theorem: p-Primary Components
In this section we use the fundamental theorem for nitely generated modules over
principal ideal domains to extend the basis theorem for nite abelian groups to the
more general case of nitely generated abelian groups. In this section we consider
the decomposition into p-primary components, mirroring our result in the nite case.
In the next chapter we present a different form of the basis theorem with a more
elementary proof.
287
Section 19.2 The Fundamental Theorem: p-Primary Components
In Chapter 18 we proved the following:

Theorem 19.2.1 (fundamental theorem for nitely generated modules over principal ideal domains). Let R be a principal ideal domain and M 0 be a nitely
generated (unitary) R-module. Then there exist prime elements 1 ; : : : ; r 2 R,
0 r < 1 and numbers k1 ; : : : ; kr 2 N, t 2 N0 such that
M R=.1k1 / R=.2k2 / R=.rkr / R
R
;

t-times
and M is, up to isomorphism, uniquely determined by .1k1 ; : : : ; rkr ; t /.

The prime elements i are not necessarily pairwise different (up to units in R), that
means it can be i D j for i j where is a unit in R.
Since abelian groups can be considered as Z-modules, and Z is a principal ideal
domain, we get the following corollary which is extremely important in its own right.
Theorem 19.2.2 (fundamental theorem for nitely generated abelian groups). Let
0 G D .G; C/ be a nitely generated abelian group. Then there exist prime
numbers p1 ; : : : ; pr , 0 r < 1, and numbers k1 ; : : : ; kr 2 N, t 2 N0 such that
Z
G Z=.p1k1 Z/ Z=.prkr Z/ Z
;

t-times

Notice that the number t of innite components is unique. This is called the rank
or Betti number of the abelian group G. This number plays an important role in the
study of homology and cohomology groups in topology.
If G D Z Z Z D Zr for some r we call G a free abelian group of rank
r. Notice that if an abelian group G is torsion-free then the p-primary components
are just the identity. It follows that in this case G is a free abelian group of nite rank.
Again using module theory it follows that subgroups of this must also be free abelian
and of smaller or equal rank. Notice the distinction between free abelian groups and
absolutely free groups (see Chapter 14). In the free group case a nonabelian free
group of nite rank contains free subgroups of all possible countable ranks. In the
free abelian case however the subgroups have smaller or equal rank. We summarize
this comments.
Theorem 19.2.3. Let G 0 be a nitely generated torsion-free abelian group.
Then G is a free abelian group of nite rank r that is G Zr . Further if H is a
subgroup of G then H is also free abelian and the rank of H is smaller or equal than
the rank of G.
288
19.3
The Fundamental Theorem: Elementary Divisors
In this section we present the fundamental theorem of nitely generated abelian

groups in a slightly different form and present an elementary proof of it.
In the following G is always a nitely generated abelian group. We use the addition
C for the binary operation, that is,
C W G G ! G;
.x; y/ 7! x C y:
We also write ng instead of g n and use 0 as the symbol for the identity element in G,
that is, 0 C g D g for all g 2 G. G D hg1 ; : : : ; g t i, 0 t < 1, that is, G is (nitely)
generated by g1 ; : : : ; g t , is equivalent to the fact that each g 2 G can be written in
the form g D n1 g1 C n2 g2 C C n t g t , ni 2 Z. A relation between the gi with
coefcients n1 ; : : : ; n t is then each equation of the form n1 g1 C C n t g t D 0.
A relation is called nontrivial if ni 0 for at least one i. A system R of relations
in G is called a system of dening relations, if each relation in G is a consequence
of R. The elements g1 ; : : : ; g t are called integrally linear independent if there are
no nontrivial relations between them. A nite generating system g1 ; : : : ; g t of G
is called a minimal generating system if there is no generating system with t 1
elements.
Certainly each nitely generated group has a minimal generating system. In the
following we always assume that our nitely generated abelian group G is unequal
0, that is, G is nontrivial.
As above, we may consider G as a nitely generated Z-module, and in this sense,
the subgroups of G are precisely the submodules. Hence, it is clear what we mean if
we call G a direct product G D U1 Us of its subgroups U1 ; : : : ; Us , namely,
each g 2 G can be written as g D u1 C u2 C C us with ui 2 Ui and
s
Y
Ui \
Uj
D 0:
j D1;j i
To emphasize the little difference between abelian groups and Z-modules we here
use the notation direct product instead of direct sum. Considered as Z-modules,
for nite index sets I D 1; : : : ; s we have anyway
s
Y
i D1
Ui D
s
M
Ui :
i D1
Finally we use the notation Zn instead of Z=nZ, n 2 N. In general, we use Zn to

be a cyclic group of order n.
Section 19.3 The Fundamental Theorem: Elementary Divisors
289
The aim in this section is to prove the following:

Theorem 19.3.1 (basis theorem for nitely generated abelian groups). Let G 0
be a nitely generated abelian group. Then G is a direct product
G Zk1 Zkr U1 Us ;
r 0, s 0, of cyclic subgroups with jZki j D ki for i D 1; : : : ; r, ki jki C1 for
i D 1; : : : ; r 1 and Uj Z for j D 1; : : : ; s. Here the numbers k1 ; : : : ; kr , r and
s are uniquely determined by G, that means, are k10 ; : : : ; kr0 ; r 0 and s 0 the respective
numbers for a second analogous decomposition of G then r D r 0 , k1 D k10 ; : : : ; kr D
kr0 and s D s 0 .
The numbers ki are called the elementary divisors of G.
We can have r D 0 or s D 0 (but not both because G 0). If s > 0, r D 0 then
G is a free abelian group of rank s (exactly the same rank if you consider G as a free
Z-module of rank s). If s D 0 then G is nite, in fact: s D 0 , G is nite.
We rst prove some preliminary results.
Lemma
P19.3.2. Let G D hg1 ; : : : ; g t i, t 2, an abelian group. Then also G D
hg1 C tiD2 mi gi ; g2 ; : : : ; g t i for arbitrary m2 ; : : : ; m t 2 Z.
Lemma 19.3.3. Let G be a nitely generated abelian group. Among all nontrivial relations between elements of minimal generating systems of G we choose one relation
m1 g1 C C m t g t D 0
(?)
with smallest possible positive coefcient, and let this smallest coefcient be m1 . Let
n1 g1 C C n t g t D 0
(??)
be another relation between the same generators g1 ; : : : ; g t . Then

(1) m1 jn1 and
(2) m1 jmi for i D 1; 2; : : : ; t .
Proof. (1) Assume m1 n1 . Then n1 D q m1 C m01 with 0 < m01 < m1 . If we multiply the relation (?) with q and subtract the resulting relation from the relation (??)
then we get a relation with a coefcient m01 < m1 which contradicts the choice of m1 .
Hence m1 jn1 .
(2) Assume m1 m2 . Then m2 D q m1 C m02 with 0 < m02 < m2 . g1 C
qg2 ; g2 ; : : : ; g t is a minimal generating system which satises the relation m1 .g1 C
qg2 / C m02 g2 C m3 g3 C C m t g t D 0, and this relation has a coefcient m02 <
m1 . This again contradicts the choice of m1 . Hence m1 jm2 and further m1 jmi for
i D 1; : : : ; t .
290
Lemma 19.3.4 (invariant characterization of kr for nite abelian groups G). Let G D
Zk1 Zkr and Zki nite cyclic of order ki 2, i D 1; : : : ; r, with ki jki C1 for
i D 1; : : : ; r 1. Then kr is the smallest natural number n such that ng D 0 for all
g 2 G. kr is called the exponent or the maximal order of G.
Proof. 1. Let g 2 G arbitrary, that is, g D n1 g1 C C nr gr with gi 2 Zki .
Then ki gi D 0 for i D 1; : : : ; r by the theorem of Fermat. Since ki jkr we get
kr g D n1 k1 g1 C C nr kr gr D 0.
2. Let a 2 G with Zkr D hai. Then the order of a is kr and, hence, na 0 for all
0 < n < kr .
Lemma 19.3.5 (invariant characterization of s). Let G D Zk1 Zkr U1
Us , s > 0, where the Zki are nite cyclic groups of order ki and the Uj are
innite cyclic groups. Then, s is the maximal number of integrally linear independent
elements of G; s is called the rank of G.
Proof. 1. Let gi 2 Ui , gi 0, for i D 1; : : : ; s. Then the g1 ; : : : ; gs are integrally
linear independent because from n1 g1 C C ns gs D 0, the ni 2 Z, we get n1 g1 2
U1 \ .U2 Us / D 0, and, hence, n1 g1 D 0, that is n1 D 0, because g1 has
innite order. Analogously we get n2 D D ns D 0.
2. LetP
g1 ; : : : ; gsC1 2 G. We look for integers x1 ; : : : ; xsC1 , not all 0, such that a
relation sC1
iD1 xi gi D 0 holds. Let Zki 2 hai i, Uj D hbj i. Then we may write each
gi as gi D mi1 a1 C C mir ar C ni1 b1 C C nis bs for i D 1; : : : ; s C 1, where
mij aj 2 Zkj and nil bl 2 Ul .
P
Case 1: all mij aj D 0. Then sC1
i D1 xi gi D 0 is equivalent to
sC1
X
xi
X
s
i D1

nij bj
j D1
s sC1
X
X
j D1

nij xi bj D 0:
i D1
P
The system sC1
i D1 nij xi D 0, j D 1; : : : ; s, of linear equations has at least one nontrivial rational solution .x1 ; : : : ; xsC1 / because we have more unknown than equations. Multiplication with the common denominator gives a nontrivial integral solution .x1 ; : : : ; xsC1 / 2 ZsC1 . For this solution we get
sC1
X
xi gi D 0:
i D1
Case 2: mij aj arbitrary. Let k 0 be a common multiple of the orders kj of the

cyclic groups Zkj , j D 1; : : : ; r. Then
kgi D mi1 ka1 C C mir kar Cni1 kb1 C C nis kbs

D0
D0
291
for i D 1; : : : ; s C 1. By case 1 the kg1 ; : : : ; kgsC1 are integrally

linear depenP
x
.kg
dent, that is, we have integers x1 ; : : : ; xsC1 , not all 0, with sC1
i
i/ D 0 D
i D1
PsC1
.x
k/g
,
and
the
x
k
are
not
all
0.
Hence,
also
g
;
:
:
:
;
g
are
integrally
i
i
1
sC1
iD1 i
linear dependent.
Lemma 19.3.6. Let G WD Zk1 Zkr Zk10 Zk 0 0 DW G 0 , the Zki ; Zkj0
r
cyclic groups of orders ki 1 and kj0 1, respectively and ki jki C1 for i D
1; : : : ; r 1 and kj0 jkj0 C1 for j D 1; : : : ; r 0 1. Then r D r 0 and k1 D k10 ,
k2 D k20 ; : : : ; kr D kr0 .
Proof. We prove this lemma by induction on the group order jGj D jG 0 j. Certainly,
Lemma 19.3.6 holds if jGj 2 because then either G D 0, and here r D r 0 D 0 or
G Z2 , and here r D r 0 D 1. Now let jGj > 2. Then especially r 1. Inductively
we assume that Lemma 19.3.6 holds for all nite abelian groups of order less than jGj.
By Lemma 19.3.4 the number kr is invariantly characterized, that is, from G G 0
follows kr D kr0 0 , that is especially, Zkr Zk 0 0 . Then G=Zkr G=Zk 0 0 , that is,
r
r
Zk1 Zkr1 Zk10 Zk 0 0 . Inductively r 1 D r 0 1, that is, r D r 0 ,
r 1
and k1 D k10 ; : : : ; kr1 D kr0 0 1 . This proves Lemma 19.3.6.
We can now present the main result, which we state again, and its proof.
Theorem 19.3.7 (basis theorem for nitely generated abelian groups). Let G 0
be a nitely generated abelian group. Then G is a direct product
G Zk1 Zkr U1 Us ;
r 0; s 0;
of cyclic subgroups with jZki j D ki for i D 1; : : : ; r, ki jki C1 for i D 1; : : : ; r 1

and Uj Z for j D 1; : : : ; s. Here the numbers k1 ; : : : ; kr ; r and s are uniquely
determined by G, that means, are k10 ; : : : ; kr0 ; r 0 and s 0 the respective numbers for
a second analogous decomposition of G then r D r 0 , k1 D k10 ; : : : ; kr D kr0 and
s D s0.
Proof. (a) We rst prove the existence of the given decomposition. Let G 0 be a
nitely generated abelian group. Let t , 0 < t < 1, be the number of elements in a
minimal generating system of G. We have to show that G is decomposable as a direct
product of t cyclic groups with the given description. We prove this by induction on t .
If t D 1 then the basis theorem certainly is correct. Now let t 2 and assume that
the assertion holds for all abelian groups with less then t generators.
Case 1: There does not exist a minimal generating system of G which satises a
nontrivial relation. Let g1 ; : : : ; g t be an arbitrary minimal generating system for G.
Let Ui D hgi i. Then all Ui are innite cyclic and we have G D U1 U t because
if, for instance, U1 \ .U2 C C U t / 0 then we must have a nontrivial relation
between the g1 ; : : : ; g t .
292
Case 2: There exist minimal generating systems of G which satisfy nontrivial relations. Among all nontrivial relations between elements of minimal generating systems
of G we choose one relation
m1 g 1 C C m t g t D 0
(?)
with smallest possible positive coefcient. Without loss of generality, let m1 be

this coefcient.
By Lemma 19.3.3 we get m2 D q2 m1 ; : : : ; m t D q t m1 . Now,
P
g1 C tiD2 qi gi ; gP
2 ; : : : ; g t is a minimal generating system of G by Lemma 19.3.2.
Dene h1 D g1 C ti D2 qi gi , then m1 h1 D 0. If n1 h1 C n2 g2 C C n t g t D 0 is
an arbitrary relation between h1 ; g2 ; : : : ; g t then m1 jn1 by Lemma 19.3.3, and, hence
n1 h1 D 0. Dene H1 WD hh1 i and G 0 D hg2 ; : : : ; g t i. Then G D H1 G 0 . This we
can see as follows: First, each g 2 G can be written as g D m1 h1 C m2 g2 C C
m t g t D m1 h1 C g 0 with g 0 2 G 0 . Also H1 \ G 0 D 0 because m1 h1 D g 0 2 G 0
implies a relation n1 h1 C n2 g2 C C n t g t D 0 and from this we get, as above,
n1 h1 D g 0 D 0. Now, inductively, G 0 D Zk2 Zkr U1 Us with Zki
a cyclic group of order ki , i D 2; : : : ; r, ki jki C1 for i D 2; : : : ; r 2, Uj Z for
j D 1; : : : ; s, and .r 1/ C s D t 1, that is, r C s D t . Further, G D H1 G 0
where H1 is cyclic of order m1 . If r 2 then we get a nontrivial relation
m1 h1 C k2 h2 D 0
D0
D0
since k2 0. Again m1 jk2 by Lemma 19.3.3. This gives the desired decomposition.
(b) We now prove the uniqueness statement.
Case 1: G is nite abelian. Then the claim follows from Lemma 19.3.6
Case 2: G is arbitrary nitely generated and abelian. Let T WD x 2 G W jxj < 1,
that is the set of elements of G of nite order. Since G is abelian T is a subgroup of G,
the so called torsion subgroup of G. If, as above, G D Zk1 Zkr U1 Us
then T D Zk1 Zkr because an element b1 C Cbr Cc1 C Ccs with bi 2 Zki ,
cj 2 Uj has nite order if and only if all cj D 0. That means: Zk1 Zkr is,
independent of the special decomposition, uniquely determined by G, and hence, also
the numbers r; k1 ; : : : ; kr by Lemma 19.3.6. Finally the number s, the rank of G,
is uniquely determined by Lemma 19.3.5. This proves the basis theorem for nitely
generated abelian groups.
As a corollary we get the fundamental theorem for nitely generated abelian groups
as given in Theorem 19.2.1.
Theorem 19.3.8. Let 0 G D .G; C/ be a nitely generated abelian group. Then
there exist prime numbers p1 ; : : : ; pr , 0 r < 1, and numbers k1 ; : : : ; kr 2 N,
t 2 N0 such that
Z
G Z k1 Zp kr Z

;
p1
t-times
293
Proof. For the existence we only have to show that Zmn Zm Zn if gcd.m; n/ D 1.
For this we write Un D hm C mnZi < Zmn , Um D hn C nmZi < Zmn , and
Un \ Um D mnZ because gcd.m; n/ D 1. Further there are h; k 2 Z with 1 D
hm C k n. Hence, l C mnZ D hlm C mnZ C kln C mnZ, and therefore Zmn D
U n Um Z n Z m .
For the uniqueness statement we may reduce the problem to the case jGj D p k for a
prime number p and k 2 N. But here the result follows directly from Lemma 19.3.6.
From this proof we automatically get the Chinese remainder theorem for the case
Zn D Z=nZ.
Theorem 19.3.9 (Chinese remainder theorem). Let m1 ; : : : ; mr 2 N, r 2, with
gcd.mi ; mj / D 1 for i j . Dene m WD m1 mr .
(1) W Zm ! Zm1 Zmr , a C mZ 7! .a C m1 Z; : : : ; a C mr Z/, denes a
ring isomorphism.
(2) The restriction of on the multiplicative group of the prime residue classes
denes a group isomorphism Z?m ! Z?m1 Z?mr .
(3) For given a1 ; : : : ; ar 2 Z there exists modulo m exactly one x 2 Z with x
ai .mod mi / for i D 1; : : : ; r.
Recall that for k 2 N a prime residue class is dened by aCkZ with gcd.a; k/ D 1.
The set of prime residue classes modulo k is certainly a multiplicative group.
Proof. By Theorem 19.3.1 we get that is an additive group isomorphism which can
be extended directly to a ring isomorphism via .a C mZ/.b C mZ/ 7! .ab C m1 Z;
: : : ; ab C mr Z/. The remaining statements are now obvious.
Let A.n/ be the number of nonisomorphic nite abelian groups of order n D
p1k1 prkr , r 1, with pairwise different prime numbers p1 ; : : : ; pr and k1 ; : : : ;
kr 2 N. By Theorem 19.2.2 we have A.n/ D A.p1k1 / A.prkr /. Hence, to calculate A.n/, we have to calculate A.p m / for a prime number p m 2 N. Again, by
Theorem 19.2.2, we get G Zp m1 Zp mk , all mi 1, if G is abelian of
order p m . If we compare the orders we get m D m1 C C mk . We may order
the mi by size. A k-tuple .m1 ; : : : ; mk / with 0 < m1 m2 mk and
m1 C m2 C C mk D m is called a partition of m. From above each abelian group
of order p m gives a partition .m1 ; : : : ; mk / of m for some k with 1 k m. On
the other side, each partition .m1 ; : : : ; mk / of m gives an abelian group of order p m ,
namely Zpm1 Zpmk . Theorem 19.2.2 shows that different partitions give nonisomorphic groups. If we dene p.m/ to be the number of partitions of m then we get
the following: A.p m / D p.m/ and A.p1k1 prkr / D p.k1 / p.kr /.
294
19.4
Exercises
1. Let H be a nite generated abelian group, which is the homomorphic image of a

torsion-free abelian group of nite rank n. Show that H is the direct sum of n
cyclic groups.
2. Determine (up to isomorphism) all groups of order p 2 (p prime) and all abelian
groups of order 15.
3. Let G be an abelian group with generating elements a1 ; : : : ; a4 and dening relations
5a1 C 4a2 C a3 C 5a4 D 0
7a1 C 6a2 C 5a3 C 11a4 D 0
2a1 C 2a2 C 10a3 C 12a4 D 0
10a1 C 8a2 4a3 C 4a4 D 0:
Express G as a direct product of cyclic groups.
Q
4. Let G be a nite abelian group and u D g2G g the product of all elements of G.
Show: If G has an element a of order 2, then u D a, otherwise u D e. Conclude
from this the theorem of Wilson:
.p 1/ 1.mod p/
for each prime p:
5. Let p be a prime and G a nite abelian p-group, that is the order of all elements of
G is nite and a power of p. Show that G is cyclic, if G has exactly one subgroup
of order p. Is the statement still correct, if G is not abelian?
Chapter 20
Integral and Transcendental Extensions
20.1
The Ring of Algebraic Integers
Recall that a complex number is an algebraic number if it is algebraic over the

rational numbers Q. That is is a zero of a polynomial p.x/ 2 Qx. If 2 C is not
algebraic then it is a transcendental number.
We will let A denote the totality of algebraic numbers within the complex numbers C, and T the set of transcendentals so that C D A [ T . The set A is the
algebraic closure of Q within C.
The set A of algebraic numbers forms a subeld of C (see Chapter 5) and the
subset A0 D A \ R of real algebraic numbers forms a subeld of R. The eld A is
an algebraic extension of the rationals Q, however the degree is innite.
Since each rational is algebraic it is clear
p that there are algebraic numbers. Further
there are irrational algebraic numbers, 2 for example, since it is a root of the irreducible polynomial x 2 2 over Q. In Chapter 5 we proved that there are uncountably
innitely many transcendental numbers (Theorem 5.5.3). However it is very difcult
to prove that any particular real or complex number is actually transcendental. In
Theorem 5.5.4 we showed that the real number
cD
1
X
1
10j
j D1
is transcendental.
In this section we examine a special type of algebraic number called an algebraic
integer. These are the algebraic numbers that are zeros of monic integral polynomials.
The set of all such algebraic integers forms a subring of C. The proofs in this section
can be found in [35].
After we do this we extend the concept of an algebraic integer to a general context and dene integral ring extensions. We then consider eld extensions that are
nonalgebraic transcendental eld extensions. Finally we will prove that the familiar
numbers e and are transcendental.
Denition 20.1.1. An algebraic integer is a complex number that is a root of a
monic integral polynomial. That is, 2 C is an algebraic integer if there exists
f .x/ 2 Zx with f .x/ D x n C bn1 x n1 C C b0 , bi 2 Z, n 1, and f ./ D 0.
An algebraic integer is clearly an algebraic number. The following are clear.
296
Chapter 20 Integral and Transcendental Extensions
Lemma 20.1.2. If 2 C is an algebraic integer, then all its conjugates, 1 ; : : : ; n ,

over Q are also algebraic integers.
Lemma 20.1.3. 2 C is an algebraic integer if and only if m 2 Zx.
To prove the converse of this lemma we need the concept of a primitive integral
polynomial. This is a polynomial p.x/ 2 Zx such that the GCD of all its coefcients
is 1. The following can be proved (see exercises):
(1) If f .x/ and g.x/ are primitive then so is f .x/g.x/.
(2) If f .x/ 2 Zx is monic then it is primitive.
(3) If f .x/ 2 Qx then there exists a rational number c such that f .x/ D cf1 .x/
with f1 .x/ primitive.
Now suppose f .x/ 2 Zx is a monic polynomial with f ./ D 0. Let p.x/ D
m .x/. Then p.x/ divides f .x/ so f .x/ D p.x/q.x/.
Let p.x/ D c1 p1 .x/ with p1 .x/ primitive and let q.x/ D c2 q1 .x/ with q1 .x/
primitive. Then
f .x/ D cp1 .x/q1 .x/:
Since f .x/ is monic it is primitive and hence c D 1 so f .x/ D p1 .x/q1 .x/.
Since p1 .x/ and q1 .x/ are integral and their product is monic they both must be
monic. Since p.x/ D c1 p1 .x/ and they are both monic it follows that c1 D 1 and
hence p.x/ D p1 .x/. Therefore p.x/ D m .x/ is integral.
When we speak of algebraic integers we will refer to the ordinary integers as rational integers. The next lemma shows the close ties between algebraic integers and
rational integers.
Lemma 20.1.4. If is an algebraic integer and also rational then it is a rational
integer.
The following ties algebraic numbers in general to corresponding algebraic integers. Notice that if q 2 Q then there exists a rational integer n such that nq 2 Z. This
result generalizes this simple idea.
Theorem 20.1.5. If is an algebraic number then there exists a rational integer r 0
such that r is an algebraic integer.
We saw that the set A of all algebraic numbers is a subeld of C. In the same
manner the set I of all algebraic integers forms a subring of A. First an extension of
the following result on algebraic numbers.
Lemma 20.1.6. Suppose 1 ; : : : ; n are the set of conjugates over Q of an algebraic
integer . Then any integral symmetric function of 1 ; : : : ; n is a rational integer.
Section 20.1 The Ring of Algebraic Integers
297
Theorem 20.1.7. The set I of all algebraic integers forms a subring of A.

We note that A, the eld of algebraic numbers, is precisely the quotient eld of the
ring of algebraic integers.
An algebraic number eld is a nite extension of Q within C. Since any nite
extension of Q is a simple extension each algebraic number eld has the form K D
Q. / for some algebraic number .
Let K D Q. / be an algebraic number eld and let RK D K \ I. Then RK forms
a subring of K called the algebraic integers or just integers of K. An analysis of the
proof of Theorem 20.1.5 shows that each 2 K can be written as
D
r
with 2 RK and r 2 Z.
These rings of algebraic integers share many properties with the rational integers.
While there may not be unique factorization into primes there is always prime factorization.
Theorem 20.1.8. Let K be an algebraic number eld and RK its ring of integers.
Then each 2 RK is either 0, a unit or can be factored into a product of primes.
We stress again that the prime factorization need not be unique. However from
the existence of a prime factorization we can mimic Euclids original proof of the
innitude of primes (see [35]) to obtain:
Corollary 20.1.9. There exist innitely many primes in RK for any algebraic number
ring RK .
Just as any algebraic number eld is nite dimensional over Q we will see that each
RK is of nite degree over Q. That is if K has degree n over Q we show that there
exists !1 ; : : : ; !n in RK such that each 2 RK is expressible as
D m1 !1 C C mn !n
where m1 ; : : : ; mn 2 Z.
Denition 20.1.10. An integral basis for RK is a set of integers !1 ; : : : ; ! t 2 RK
such that each 2 RK can be expressed uniquely as
D m1 !1 C C m t ! t
where m1 ; : : : ; m t 2 Z.
The nite degree comes from the following result that shows there does exist an
integral basis (see [35]).
Theorem 20.1.11. Let RK be the ring of integers in the algebraic number eld K of
degree n over Q. Then there exists at least one integral basis for RK .
298
20.2
Integral ring extensions
We now extend the concept of an algebraic integer to general ring extensions. We rst
need the idea of an R-algebra where R is a commutative ring with identity 1 0.
Denition 20.2.1. Let R be a commutative ring with an identity 1 0. An Ralgebra or algebra over R is a unitary R-module A in which there is an additional
multiplication such that
(1) A is a ring with respect to the addition and this multiplication
(2) .rx/y D x.ry/ D r.xy/ for all r 2 R and x; y 2 A.
As examples of R-algebras rst consider R D K where K is a eld and let A D
Mn .K/ the set of all .n n/-matrices over K. Then Mn .K/ is a K-algebra. Further
the set of polynomials Kx is also a K-algebra.
We now dene ring extensions. Let A be a ring, not necessarily commutative, with
an identity 1 0, and R be a commutative subring of A which contains 1. Assume
that R is contained in the center of A, that is, rx D xr for all r 2 R and x 2 A. We
then call A a ring extension of R and write AjR. If AjR is a ring extension then A is
an R-algebra in a natural manner.
Let A be an R-algebra with an identity 1 0. Then we have the canonical ring
homomorphism W R ! A, r 7! r 1. The image R0 WD .R/ is a subring of the
center of A, and R 0 contains the identity element of A. Then AjR0 is a ring extension
(in the above sense). Hence, if A is a R-algebra with an identity 1 0 then we may
consider R as a subring of A and AjR as a ring extension.
We now will extend to the general context of ring extensions the ideas of integral
elements and integral extensions. As above, let R be a commutative ring with an
identity 1 0 and let A be an R-algebra.
Denition 20.2.2. An element a 2 A is said to be integral over R or integrally dependent over R if there is a monic polynomial f .x/ D x n C n1 x n1 C C 0 2 Rx
of degree n 1 over R with f .a/ D an C n1 an1 C C 0 D 0. That is, a is
integral over R if it is a root of a monic polynomial of degree 1 over R.
An equation that an integral element satises is called integral
P equation of a over R.
If A has an identity 1 0 then we may write a0 D 1 and niD0 i ai with n D 1.
Example 20.2.3.
1. Let EjK be a eld extension. a 2 E is integral over K if and
only if a is algebraic over K. If K is the quotient eld of an integral domain R
and a 2 E is algebraic over K then there exists an 2 R with a integral over R,
because if 0 D n an C C 0 then 0 D .n a/n C C nn1 0 .
2. The elements of C which are integral over Z are precisely the algebraic integers
over Z, that is, the roots of monic polynomials over Z.
299
Section 20.2 Integral ring extensions
Theorem 20.2.4. Let R be as above and A an R-algebra with an identity 1 0. If

A is, as an R-module, nitely generated then each element of A is integral over R.
Proof. Let b1 ; : : : ; bn be a nite generating system of A, as an R-module. We may
assume that b1 D 1, otherwise add 1 to the system. As explained in the preliminaries,
without loss of generality, wePmay assume that R A. Let a 2 A. For each 1 j n
we have an equation abj D nkD1 kj bk for some kj 2 R. In other words:
n
X
.kj j k a/bk D 0
(??)
kD1
for j D 1; : : : ; n, where
j k D
0 if j k;
1 if j D k:
Dene
j k WD kj j k a and C D .
j k /j;k . C is an .n n/-matrix over the
commutative ring Ra; recall that Ra has an identity element. Let CQ D .
Qj k /j;k be
the complimentary matrix of C . Then CQ C D .det C /En . From (??) we get
0D
n
X
j D1
Qij
X
n
j k bk
kD1
n
n X
X
kD1 j D1
Qij
j k bk D
n
X
.det C /ik bk D .det C /bi
kD1
for all 1 i n. Since b1 D 1 we have necessarily that det C D det.j k

j k a/j;k D 0 (recall that j k D kj ). Hence a is a root of the monic polynomial
f .x/ D det.j k x j k / 2 Rx of degree n 1. Hence a is integral over R.
Denition 20.2.5. A ring extension AjR is called an integral extension if each element of A is integral over R. A ring extension AjR is called nite if A, as a R-module,
is nitely generated.
Recall that nite eld extensions are algebraic extensions. As an immediate consequence of Theorem 20.2.4 we get the corresponding result for ring extensions.
Theorem 20.2.6. Each nite ring extension AjR is an integral extension.
Theorem 20.2.7. Let A be an R-algebra with an identity 1 0. If a 2 A then the
following are equivalent:
(1) a is integral over R.
(2) The subalgebra Ra is, as an R-module, nitely generated.
(3) There exists a subalgebra A0 of A which contains a and which is, as an Rmodule, nitely generated.
A subalgebra of an algebra over R is a submodule which is also a subring.
300
Proof. (1) ) (2): We have Ra D g.a/ W g 2 Rx. Let f .a/ D 0 be an integral
equation of a over R. Since f is monic, by the division algorithm, for each g 2 Rx
there are h; r 2 Rx with g D h f C r and r D 0 or r 0 and deg.r/ < deg.f / DW n.
Let r 0. Since g.a/ D r.a/, we get that 1; a; : : : ; an1 is a generating system
for the R-module Ra.
(2) ) (3): Take A0 D Ra.
(3) ) (1): Use Theorem 20.2.4 for A0 .
For the remainder of this chapter all rings are commutative with an identity 1 0.
Theorem 20.2.8. Let AjR and BjA be nite ring extensions. Then also BjR is nite.
Proof. From A D Re1 C C Rem and B D Af1 C C Afn we get B D Re1 f1 C
C Rem fn .
Theorem 20.2.9. Let AjR be a ring extension. Then the following are equivalent:
(1) There are nitely many, over R integral elements a1 ; : : : ; am in A such that
A D Ra1 ; : : : ; am .
(2) AjR is nite.
Proof. (2) ) (1): We only need to take for a1 ; : : : ; am a generating system of A as
an R-module, and the result holds because A D Ra1 C C Ram , and each ai is
integral over R by Theorem 20.2.4.
(1) ) (2): We use induction for m. If m D 0 then there is nothing to prove.
Now let m 1, and assume that (1) holds. Dene A0 D Ra1 ; : : : ; am1 . Then
A D A0 am , and am is integral over A0 . AjA0 is nite by Theorem 20.2.7. By the
induction assumption, A0 jR is nite. Then AjR is nite by Theorem 20.2.8.
Denition 20.2.10. Let AjR be a ring extension. Then the subset C D a 2 A W a is
integral over R A is called the integral closure of R in A.
Theorem 20.2.11. Let AjR be a ring extension. Then the integral closure of R in A
is a subring of A with R A.
Proof. R C because 2 R is a root of the polynomial x . Let a; b 2 C .
We consider the subalgebra Ra; b of the R-algebra A. Ra; bjR is nite by Theorem 20.2.9. Hence, by Theorem 20.2.4, all elements from Ra; b are integral over R,
that is, Ra; b C . Especially, a C b, a b and ab are in C .
We extend to ring extensions the idea of a closure.
Denition 20.2.12. Let AjR a ring extension. R is called integrally closed in A, if R
itself is its integral closure in R, that is, R D C , the integral closure of R in A.
Section 20.2 Integral ring extensions
301
Theorem 20.2.13. For each ring extension AjR the integral closure C of R in A is
integrally closed in A.
Proof. Let a 2 A be integral over C . Then an C n1 an1 C C 0 D 0 for some
i 2 C , n 1. Then a is also integral over the R-subalgebra A0 D R0 ; : : : ; n1
of C ; and A0 jR is nite. Further A0 ajA is nite. Hence A0 ajR is nite. By
Theorem 20.2.4, then a 2 A0 a is already integral over R, that is, a 2 C .
Theorem 20.2.14. Let AjR and BjA be ring extensions. If AjR and BjA are integral
extensions then also BjR is an integral extension (and certainly vice versa).
Proof. Let C be the integral closure of R in B. We have A C since AjR is integral.
Together with BjA we also have that BjC is integral. By Theorem 20.2.13 we get that
C is integrally closed in B. Hence, B D C .
We now consider integrally closed integral domains.
Denition 20.2.15. An integral domain R is called integrally closed if R is integrally
closed in its quotient eld K.
Theorem 20.2.16. Each unique factorization domain R is integrally closed.
Proof. Let 2 K and D ab with a; b 2 R, a 0. Since R is a unique factorization
domain we may assume that a and b are relatively prime. Let be integral over R.
Then we have over R an integral equation n C an1 n1 C C a0 D 0 for .
Multiplication with b n gives an C ban1 C C b n a0 D 0. Hence b is a divisor
of an . Since a and b are relatively prime in R, we have that b is a unit in R and,
hence, D ab 2 R.
Theorem 20.2.17. Let R be an integral domain and K its quotient eld. Let EjK
be a nite eld extension. Let R be integrally closed, and 2 E be integral over R.
Then the minimal polynomial g 2 Kx of over K has only coefcients of R.
Proof. Let g 2 Kx be the minimal polynomial of over K (recall that g is monic
by denition). Let EN be an algebraic closure of E. Then g.x/ D .x 1 / .x n /
N There are K-isomorphisms i W K./ ! EN with i ./ D i .
with 1 D over E.
Hence all i are also integral over R. Since all coefcients of g are polynomial
expressions Cj .1 ; : : : ; n / in the i we get that all coefcients of g are integral over
R (see Theorem 20.2.11). Now g 2 Rx because g 2 Kx and R is integrally
closed.
Theorem 20.2.18. Let R be an integrally closed integral domain and K be its quotient eld. Let f; g; h 2 Kx be monic polynomials over K with f D gh. If
f 2 Rx then also g; h 2 Rx.
302
Proof. Let E be the splitting eld of f over K. Over E we have f .x/ D .x

1 / .x n /. Since f is monic all k are integral over R (see the proof
Q of Theorem 20.2.17).Q
Since f D gh there are I; J 1; : : : ; n with g.x/ D i 2I .x i /
and h.x/ D j 2J .x j /. As polynomial expressions in the i , i 2 I , and j ,
j 2 J , respectively, the coefcients of g and h, respectively, are integral over R.
On the other side all these coefcients are in K and R is integrally closed. Hence
g; h 2 Rx.
Theorem 20.2.19. Let EjR be an integral ring extension. If E is a eld then also R
is a eld.
Proof. Let 2 R n 0. The element 1 2 E satises an integral equation . 1 /n C
an1 . 1 /n1 C C a0 D 0 over R. Multiplication with n1 gives 1 D an1
an2 a0 n1 2 R. Hence, R is a eld.
20.3
Transcendental eld extensions
Recall that a transcendental number is an element of C that is not algebraic over Q.

More generally if EjK is a eld extension then an element 2 E is transcendental
over K if it is not algebraic, that is, it is not a zero of any polynomial f .x/ 2 Kx.
Since nite extensions are algebraic clearly EjK will contain transcendental elements
only if E W K D 1. However this is not sufcient. The eld A of algebraic numbers
is algebraic over Q but innite dimensional over Q. We now extend the idea of a
transcendental number to that of a transcendental extension.
Let K E be elds, that is, EjK is a eld extension. Let M be a subset of E.
The algebraic cover of M in E is dened to be the algebraic closure H.M / of K.M /
in E, that is, HK;E .M / D H.M / D 2 E W algebraic over K.M /. H.M / is a
eld with K K.M / H.M / E. 2 E is called algebraically dependent on
M (over K) if 2 H.M /, that is, if is algebraic over K.M /.
The following are clear.
1. M H.M /,
2. M M 0 ) H.M / H.M 0 / and
3. H.H.M // D H.M /.
Denition 20.3.1. (a) M is said to be algebraically independent (over K) if
H.M n / for all 2 M , that is, if each 2 M is transcendental over
K.M n /.
(b) M is said to be algebraically dependent (over K) if M is not algebraically
independent.
The proofs of the statements in the following lemma are straightforward.
Section 20.3 Transcendental eld extensions
303
Lemma 20.3.2. (1) M is algebraically dependent if and only if there exists an

2 M which is algebraic over K.M n /.
(2) Let 2 M . Then 2 H.M n / , H.M / D H.M n /.
(3) If M and is algebraic over K.M / then M [ is algebraically dependent.
(4) M is algebraically dependent if and only if there is a nite subset in M which
is algebraically dependent.
(5) M is algebraically independent if and only if each nite subset of M is algebraically independent.
(6) M is algebraically independent if and only if the following holds: If 1 ; : : : ; n
are nitely many, pairwise different elements of M then the canonical homomorphism W Kx1 ; : : : ; xn ! E, f .x1 ; : : : ; xn / 7! f .1 ; : : : ; n / is injective; or in other words: for all f 2 Kx1 ; : : : ; xn we have that f D 0 if
f .1 ; : : : ; n / D 0, that is, there is no nontrivial algebraic relation between the
1 ; : : : ; n over K.
(7) Let M E, 2 E. If M is algebraically independent and M [ algebraically dependent then 2 H.M /, that is, is algebraically dependent
on M .
(8) Let M E, B M . If B is maximal algebraically independent, that is, if
2 M n B then B [ is algebraically dependent, then M H.B/, that is,
each element of M is algebraic over K.B/.
We will show that any eld extension can be decomposed into a transcendental
extension over an algebraic extension. We need the idea of a transcendence basis.
Denition 20.3.3. B E is called a transcendence basis of the eld extension EjK
if the following two conditions are satised:
1. E D H.B/, that is, the extension EjK.B/ is algebraic.
2. B is algebraically independent over K.
Theorem 20.3.4. If B E then the following are equivalent:
(1) B is a transcendence basis of EjK.
(2) If B M E with H.M / D E, then B is a maximal algebraically independent subset of M .
(3) There exists a subset M E with H.M / D E which contains B as a maximal
algebraically independent subset.
304
Proof. (1) ) (2): Let 2 M n B. We have to show that B [ is algebraically

dependent. But this is clear because 2 H.B/ D E.
(2) ) (3): We just take M D E.
(3) ) (1): We have to show that H.B/ D E. Certainly M H.B/. Hence,
E D H.M / H.H.B// D H.B/ E.
We next show that any eld extension does have a transcendence basis.
Theorem 20.3.5. Each eld extension EjK has a transcendence basis. More concretely: If there is a subset M E such that EjK.M / is algebraic and if there is a
subset C M which is algebraically independent then there exists a transcendence
basis B of EjK with C B M .
Proof. We have to extend C to a maximal algebraically independent subset B of M .
By Theorem 20.3.4, such a B is a transcendence basis of EjK. If M is nite then
such a B certainly exists. Now let M be not nite. We argue analogously as for the
existence of a basis of a vector space, for instance with Zorns lemma: If a partially
ordered, nonempty set S is inductive, then there exist maximal elements in S. Here,
a partially ordered, nonempty set S is said to be inductive if every totally ordered
subset of S has an upper bound in S . The set N of all algebraically independent
subsets of M which contain C is partially ordered with respect to , and N ;
because C 2 N . Let K ; be an ascending chain in S
N , that is, given an ascending
chain ; Y1 Y2 . in N . The union U D Y 2K Y is also algebraically
independent. Hence, there exists a maximal algebraically independent subset B M
with C B.
Theorem 20.3.6. Let EjK be a eld extension and M be a subset of E for which
EjK.M / is algebraic. Let C be an arbitrary subset of E which is algebraically
independent on K. Then there exists a subset M 0 M with C \ M 0 D ; such that
C [ M 0 is a transcendence basis of EjK.
Proof. Take M [ C and dene M 0 WD B n C in Theorem 20.3.5.
Theorem 20.3.7. Let B; B 0 be two transcendence bases of the eld extension EjK.
Then there is a bijection W B ! B 0 . In other words, any two transcendence bases
of EjK have the same cardinal number.
Proof. (a) If B is a transcendental basis of EjK
S and M is a subset of E such that
EjK.M / is algebraic then we may write B D 2M B with nite sets B . Especially, if B is innite then the cardinal number of B is not bigger than the cardinal
number of M .
(b) Let B and B 0 be two transcendence bases of EjK. If B and B 0 are both
innite then B and B 0 have the same cardinal number by (a) and the theorem by
Section 20.3 Transcendental eld extensions
305
SchroederBernstein [5]. We now prove Theorem 20.3.7 for the case that EjK has
a nite transcendence basis. Let B be nite with n elements. Let C be an arbitrary algebraically independent subset in E over K with m elements. We show that
m n. Let C D 1 ; : : : ; m with m n. We show by induction that for each
integer k, 0 k n, there are subsets B B1 Bk of B such that
1 ; : : : ; k [ Bk is a transcendence basis of EjK and 1 ; : : : ; k \ Bk D ;. For
k D 0 we take B0 D B, and the statement holds. Assume now that the statement
is correct for 0 k < n. By Theorem 20.3.4 and 20.3.5 there is a subset BkC1
of 1 ; : : : ; k [ Bk such that 1 ; : : : ; kC1 [ BkC1 is a transcendence basis of
EjK and 1 ; : : : ; kC1 \ BkC1 D ;. Then necessarily BkC1 Bk . Assume
Bk D BkC1 . Then on one side, Bk [ 1 ; : : : ; kC1 is algebraic independent because Bk D BkC1 . On the other side, also Bk [1 ; : : : ; k [akC1 is algebraically
dependent, which gives a contradiction. Hence, BkC1 Bk . Now Bk has at most
n k elements, hence Bn D ;, that is, 1 ; : : : ; n D 1 ; : : : ; n [ Bn is a transcendence basis of EjK. Because C D 1 ; : : : ; m is algebraically independent,
we cannot have m > n. Hence m n; and B and B 0 have the same number of
elements because B 0 must also be nite.
Since the cardinality of any transcendence basis for a eld extension EjK is the
same we can dene the transcendence degree.
Denition 20.3.8. The transcendence degree trgd.EjK/ of a eld extension is the
cardinal number of one (and hence of each) transcendence basis of EjK. A eld
extension EjK is called purely transcendental, if EjK has a transcendence basis B
with E D K.B/.
We note the following facts:
(1) If EjK is purely transcendental and B D 1 ; : : : ; n is a transcendence basis
of EjK then E is K-isomorphic to the quotient eld of the polynomial ring
Kx1 ; : : : ; xn of the independence indeterminates x1 ; : : : ; xn .
(2) K is algebraically closed in E if EjK is purely transcendental.
(3) By Theorem 20.3.4, the eld extension EjK has an intermediate eld F , K
F E, such that F jK is purely transcendental and EjF is algebraic. Certainly
F is not uniquely determined.
For example take Q F Q.i; /, and for F we may take F D Q./ and
also F D Q.i/, for instance.
(4) trgd.RjQ/ D trgd.CjQ/ D card R, the cardinal number of R. This holds
because the set of the algebraic numbers (over Q) is countable.
Theorem 20.3.9. Let EjK a eld extension and F an arbitrary intermediate eld,
K F E. Let B a transcendence basis of F jK and B 0 a transcendence base of
306
EjF . Then B \ B 0 D ;, and B [ B 0 is a transcendence basis of EjK. Especially:

trgd.EjK/ D trgd.EjF / C trgd.F jK/.
Proof. (1) Assume 2 B \ B 0 . As an element of F , then is algebraic over
F .B 0 / n . But this gives a contradiction because 2 B 0 , and B 0 is algebraically
independent over F .
(2) F jK.B/ is an algebraic extension, and also F .B 0 /jK.B [ B 0 / D K.B/.B 0 /.
Since the relation algebraic extension is transitive, we have that EjK.B [ B 0 / is
algebraic.
(3) Finally we have to show that B [ B 0 is algebraically independent over K. By
Theorems 20.3.5 and 20.3.6 there is a subset B 00 of B [ B 0 with B \ B 00 D ; such
that B [ B 00 is a transcendence basis of EjK. We have B 00 B 0 , and have to show
that B 0 B 00 . Assume that there is an 2 B 0 with B 00 . Then is algebraic
over K.B [ B 00 / D K.B/.B 00 / and, hence, algebraic over F .B 00 /. Since B 00 B 0 we
have that is algebraically independent over F , which gives a contradiction. Hence
B 00 D B 0 .
Theorem 20.3.10 (Noethers normalization theorem). Let K be a eld and A D
Ka1 ; : : : ; an . Then there exist elements u1 ; : : : ; um , 0 m n, in A with the
following properties:
(1) Ku1 ; : : : ; um is K-isomorphic to the polynomial ring Kx1 ; : : : ; xm of the
independent indeterminates x1 ; : : : ; xm .
(2) The ring extension AjKu1 ; : : : ; um is an integral extension, that is, for each
a 2 AnKu1 ; : : : ; um there exists a monic polynomial f .x/ D x n Cn1 x n1 C
C 0 2 Ku1 ; : : : ; um x of degree n 1 with f .a/ D an C n1 an1 C
C 0 D 0. Especially AjKu1 ; : : : ; um is nite.
Proof. Without loss of generality, let the a1 ; : : : ; an be pairwise different. We prove
the theorem by induction on n. If n D 1 then there is nothing to show. Now, let
n 2, and assume that the statement holds for n1. If there is no nontrivial algebraic
relation f .a1 ; : : : ; an / D 0 over K between the a1 ; : : : ; an then there is nothing to
show. Hence, let there exists aP
polynomial f 2 Kx1 ; : : : ; xn with f 0 and
1
n
f .a1 ; : : : ; an / D 0. Let f D
D.1 ;:::;n / c x1 xn . Let 2 ; 3 ; : : : ; n be

natural numbers which we specify later. Dene b2 D a2 a1 2 , b3 D a3 a1 3 ,

. . . ; bn D an a1 n . Then ai D bi C a1 i for 2 i n, hence, f .a1 ; b2 C
2
n
a1 ; : : : ; bn C a1 / D 0. We write R WD Kx1 ; : : : ; xn and consider the polynomial
ring Ry2 ; : : : ; yn of the n 1 independent indeterminates y2 ; : : : ; yn over R. In

Ry2 ; : : : ; yn we consider the polynomial f .x1 ; y2 C x1 2 ; : : : ; yn C x1 n /. We may
rewrite this polynomial as
X
C CCn n
c x11 2 2
C g.x1 ; y2 ; : : : ; yn /
D.1 ;:::;n /
Section 20.4 The transcendence of e and
307
with a polynomial g.x1 ; y2 ; : : : ; yn / for which, asPa polynomial in x1 over Ky2 ; : : : ;

C CCn n
,
yn , the degree in x1 is smaller than the degree of D.1 ;:::;n / c x11 2 2
provided that we may choose the 2 ; : : : ; n in such a way that this really holds. We
now specify the 2 ; : : : ; n . We write WD .1; 2 ; : : : ; n / and dene the scalar
product D 1 1 C 2 2 C C n n . Choose p 2 N with p > deg.f / D
max1 C C n W c 0. We now take D .1; p; p 2 ; : : : ; p n1 /. If D
.1 ; : : : ; n / with c 0 and 0 D .10 ; : : : ; n0 / with c0 0 are different n-tuple
then indeed 0 because i ; i0 < p for all i, 1 i n. This follows from
the uniqueness of the p-adic expression of a natural number. Hence, we may choose

2 ; : : : ; n such that f .x1 ; y2 C x1 2 ; : : : ; yn C x1 n / D cx1N C h.x1 ; y2 ; : : : ; yn /
with c 2 K, c 0, and h 2 Ky2 ; : : : ; yn x1 has in x1 a degree < N . If we divide
by c and take a1 ; b2 ; : : : ; bn for x1 ; y2 ; : : : ; yn then we get an integral equation of a1
over Kb2 ; : : : ; bn . Therefore, the ring extension A D Ka1 ; : : : ; an jKb2 ; : : : ; bn

is integral (see Theorem 20.2.9), ai D bi C a1 i for 2 i n. By induction there
exists elements u1 ; : : : ; um in Kb2 ; : : : ; bn with the following properties:
1. Ku1 ; : : : ; um is a polynomial ring of the m independent indeterminates u1 ; : : : ;
um and
2. Kb2 ; : : : ; bn jKu1 ; : : : ; um is integral.
Hence, also AjKu1 ; : : : ; um is integral by Theorem 20.2.14.
Corollary 20.3.11. Let EjK be a eld extension. If E D Ka1 ; : : : ; an for a1 ; : : : ;
an 2 E then EjK is algebraic.
Proof. By Theorem 20.3.10 we have that E contains a polynomial ring Ku1 ; : : : ;
um , 0 m n, of the m independent indeterminates u1 ; : : : ; um as a subring for
which EjKu1 ; : : : ; um is integral. We claim that then already Ku1 ; : : : ; um is a
eld. To prove that, let a 2 Ku1 ; : : : ; um , a 0. The element a1 2 E satises an
integral equation .a1 /n C n1 .a1 /n1 C C 0 D 0 over Ku1 ; : : : ; um DW R.
Hence, a1 D n1 n2 a 0 an1 2 R. Therefore R is a eld which
proves the claim. This is possible only for m D 0, and then EjK is integral, that is
here algebraic.
20.4
The transcendence of e and
Although we have shown that within C there are continuously many transcendental
numbers we have only shown that one particular number is transcendental. In this
section we prove that the numbers e and are transcendental. We start with e.
Theorem 20.4.1. e is a transcendental number, that is, transcendental over Q.
308
Proof. Let f .x/ 2 Rx with the degree of f .x/ D m 1. Let z1 2 C, z1 0, and
W 0; 1 ! C,
.t / D t z1 . Let
Z z1
Z
z1 z
I.z1 / D
e
f .z/dz D
e z1 z f .z/dz:

R z1
By . 0 / we mean the integral from 0 to z1 along

. Recall that
Z z1
Z z1
e z1 z f .z/dz D f .z1 / C e z1 f .0/ C
e z1 z f 0 .z/dz:
0
It follows then by repeated partial integration that

P
P
(1) I.z1 / D e z1 jmD0 f .j / .0/ jmD0 f .j / .z1 /.
Let jf j.x/ be the polynomial that we get if we replace the coefcients of f .x/ by
their absolute values. Since je z1 z j e jz1 zj e jz1 j , we get
(2) jI.z1 /j jz1 je jz1 j jf j.jz1 j/.
Now assume that e is an algebraic number, that is,
(3) q0 C q1 e C C qn e n D 0 for n 1 and integers q0 0; q1 ; : : : ; qn , and the
greatest common divisor of q0 ; q1 ; : : : ; qn , is equal to 1.
We consider now the polynomial f .x/ D x p1 .x 1/p : : : .x n/p with p a sufciently large prime number, and we consider I.z1 / with respect to this polynomial.
Let
J D q0 I.0/ C q1 I.1/ C C qn I.n/:
From (1) and (3) we get that
J D
m X
n
X
qk f .j / .k/;
j D0 kD0
P
where m D .n C 1/p 1 since .q0 C q1 e C C qn e n /. jmD0 .f .j / .0// D 0.
Now, f .j / .k/ D 0 if j < p, k > 0, and if j < p 1 then k D 0, and hence
.j / .k/ is an integer that is divisible by p for all j; k except for j D p 1, k D 0.
f
Further, f .p1/ .0/ D .p 1/.1/np .n/p , and hence, if p > n, then f .p1/ .0/ is
an integer divisible by .p 1/ but not by p.
It follows that J is a nonzero integer that is divisible by .p 1/ if p > jq0 j and
p > n. So let p > n; p > jq0 j, so that jJ j .p 1/.
Now, jf j.k/ .2n/m . Together with (2) we then get that
jJ j jq1 jejf j.1/ C C jqn jne n jf j.n/ c p
for a number c independent of p. It follows that
.p 1/ jJ j c p ;
309
Section 20.4 The transcendence of e and
that is,
1
jJ j
c p1
c
:
.p 1/
.p 1/
This gives a contradiction, since

dental.
c p1
.p1/
! 0 as p ! 1. Therefore, e is transcen-
We now move on to the transcendence of . We rst need the following lemma.

Lemma 20.4.2. Suppose 2 C is an algebraic number and f .x/ D an x n C Ca0 ,
n 1, an 0, and all ai 2 Z .f .x/ 2 Zx/ with f ./ D 0. Then an is an
algebraic integer.
Proof.
ann1 f .x/ D ann x n C ann1 an1 x n1 C C ann1 a0
D .an x/n C an1 .an x/n1 C C ann1 a0
D g.an x/ D g.y/ 2 Zy
where y D an x and g.y/ is monic. Then g.an / D 0, and hence an is an algebraic
integer.
Theorem 20.4.3. is a transcendental number, that is, transcendental over Q.
Proof. Assume that is an algebraic number. Then D i is also algebraic. Let
1 D ; 2 ; : : : ; d be the conjugates of . Suppose
p.x/ D q0 C q1 x C C qd x d 2 Zx;
qd > 0;
and
gcd.q0 ; : : : ; qd / D 1
is the entire minimal polynomial of over Q. Then 1 D ; 2 ; : : : ; d are the zeros

of this polynomial. Let t D qd . Then from Lemma 20.4.2, t i is an algebraic integer
for all i. From e i C 1 D 0 and from 1 D i we get that
.1 C e
1 /.1 C e
2 / .1 C e
d / D 0:
The product on the left side can be written as a sum of 2d terms e , where D
1 1 C C d d , j D 0 or 1. Let n be the number of terms 1 1 C C d d that
are nonzero. Call these 1 ; : : : ; n . We then have an equation
q C e 1 C C e n D 0
with q D 2d n > 0. Recall that all t i , are algebraic integers and we consider the
polynomial
f .x/ D t np x p1 .x 1 /p .x n /p
310
with p a sufciently large prime integer. We have f .x/ 2 Rx, since the i are algebraic numbers and the elementary symmetric polynomials in 1 ; : : : ; n are rational
numbers.
Let I.z1 / be dened as in the proof of Theorem 20.4.1, and now let
J D I.1 / C C I.n /:
From (1) in the proof of Theorem 20.4.1 and (4) we get
J D q
m
X
j D0
f .j / .0/
n
m X
X
f .j / .k /;
j D0 kD1
with m D
P.n C 1/p 1.
Now, nkD1 f .j / .k / is a symmetric polynomial in t 1 ; : : : ; t n with integer coefalgebraic
cients since the t i are P
P integers. It follows from the main theorem on symmetric polynomials that jmD0 nkD1 f .j / .k / is an integer. Further, f .j / .k / D 0
P
P
for j < p. Hence jmD0 nkD1 f .j / .k / is an integer divisible by p.
Now, f .j / .0/ is an integer divisible by p if j p 1, and f .p1/ .0/ D .p
1/.t /np .1 : : : n /p is an integer divisible by .p 1/ but not divisible by p if p
is sufciently large. In particular, this is true if p > jt n .1 n /j and also p > q.
From (2) in the proof of Theorem 20.4.1 we get that
jJ j j1 je j1 j jf j.j1 j/ C C jn je jn j jf j.jn j/ c p
for some number c independent of p.
As in the proof of Theorem 20.4.1, this gives us
.p 1/ jJ j c p ;
that is,
1
c p1
jJ j
c
:
.p 1/
.p 1/
This, as before, gives a contradiction, since

is transcendental.
20.5
c p1
.p1/
! 0 as p ! 1. Therefore,
Exercises
1. A polynomial p.x/ 2 Zx is primitive if the GCD of all its coefcients is 1. Prove
the following:
(i) If f .x/ and g.x/ are primitive then so is f .x/g.x/.
(ii) If f .x/ 2 Zx is monic then it is primitive.
311
(iii) If f .x/ 2 Qx then there exists a rational number c such that f .x/ D cf1 .x/
with f1 .x/ primitive.
p
2. Let d be a square-free integer and K D Q. d / be a quadratic eld. Let RK be
the subring of K of the algebraic integers of K. Show that
p
(i) RKpD m C n d W m; n 2 Z if d 2.mod 4/ or d 3.mod 4/.
1; d is an integral basis for RK .
p
(ii) RK D m C n 1C2
basis for RK .
W m; n 2 Z if d 1. mod 4/. 1; 1C2
is an integral
(iii) If d < 0 then there are only nitely many units in RK .

(iv) If d > 0 then there are innitely many units in RK .
3. Let K D Q./ with 3 C C 1 D 0 and RK the subring of the algebraic integers
in K. Show that
(i) 1; ; 2 is an integral basis for RK .
(ii) RK D Z.
4. Let AjR be an integral ring extension. If A is an integral domain and R a eld then
A is also a eld.
5. Let AjR be an integral extension. Let P be a prime ideal of A and p be a prime
ideal of R such that P \ R D p. Show that
(i) If p is maximal in R then P is maximal in A. (Hint: consider A=P .)
(ii) If P0 is another prime ideal of A with P0 \ R D p and P0 P then P D
P0 . (Hint: we may assume that A is an integral domain and P \ R D 0,
otherwise go to A=P .)
6. Show that for a eld extension EjK the following are equivalent:
(i) E W K.B/ < 1 for each transcendence basis B of EjK.
(ii) trgd.EjK/ < 1 and E W K.B/ < 1 for each transcendence basis B of
EjK.
(iii) There is a nite transcendence basis B of EjK with E W K.B/ < 1.
(iv) There are nitely many x1 ; : : : ; xn 2 E with E D K.x1 ; : : : ; xn /.
7. Let EjK be a eld extension. If EjK is purely transcendental then K is algebraically closed in E.
Chapter 21
The Hilbert Basis Theorem and the Nullstellensatz
21.1
Algebraic Geometry
An extremely important application of abstract algebra and an application central to

all of mathematics is the subject of algebraic geometry. As the name suggests this
is the branch of mathematics that uses the techniques of abstract algebra to study
geometric problems. Classically algebraic geometry involved the study of algebraic
curves which roughly are the sets of zeros of a polynomial or set of polynomials
in several variables over a eld. For example, in two variables a real algebraic plane
curve is the set of zeros in R2 of a polynomial p.x; y/ 2 Rx; y. The common planar
curves such as parabolas and the other conic sections are all plane algebraic curves.
In actual practice plane algebraic curves are usually considered over the complex
numbers and are projectivized.
The algebraic theory that deals most directly with algebraic geometry is called commutative algebra. This is the study of commutative rings, ideals in commutative rings
and modules over commutative rings. A large portion of this book has dealt with
commutative algebra.
Although we will not consider the geometric aspects of algebraic geometry in general we will close the book by introducing some of the basic algebraic ideas that are
crucial to the subject. These include the concept of an algebraic variety or algebraic
set and its radical. We also state and prove two of the cornerstones of the theory as
applied to commutative algebra the Hilbert basis theorem and the Nullstellensatz.
In this chapter we consider a xed eld extension C jK and the polynomial ring
Kx1 ; : : : ; xn of the n independent indeterminates x1 ; : : : ; xn . Again, in this chapter
we often use letters a; b; m; p; P; A; Q; : : : for ideals in rings.
21.2
Algebraic Varieties and Radicals
We rst dene the concept of an algebraic variety.

Denition 21.2.1. If M Kx1 ; : : : ; xn then we dene
N .M / D .1 ; : : : ; n / 2 C n W f .1 ; : : : ; n / D 0 8f 2 M :
D .1 ; : : : ; n / 2 N .M / is called a zero (Nullstelle) of M in C n ; and N .M / is
called the zero set of M in C n . If we want to mention C then we write N .M / D
Section 21.2 Algebraic Varieties and Radicals
313
NC .M /. A subset V C n of the form V D N .M / for some M Kx1 ; : : : ; xn is

called an algebraic variety or (afne) algebraic set of C n over K, or just an algebraic
K-set of C n .
For any subset N of C n we can reverse the procedure and consider the set of polynomials whose zero set is N .
Denition 21.2.2. Suppose that N C n . Then
I.N / D f 2 Kx1 ; : : : ; xn W f .1 ; : : : ; n / D 0 8.1 ; : : : ; n / 2 N :
Instead of f 2 I.N / we also say that f vanishes on N (over K). If we want to
mention K then we write I.N / D IK .N /.
What is important is that the set I.N / forms an ideal. The proof is straightforward.
Theorem 21.2.3. For any subset N C n the set I.N / is an ideal in Kx1 ; : : : ; xn ;
it is called the vanishing ideal of N C n in Kx1 ; : : : ; xn ,
The following result examines the relationship between subsets in C n and their
vanishing ideals.
Theorem 21.2.4. The following properties hold:
(1) M M 0 ) N .M 0 / N .M /,
(2) If a D .M / is the ideal in Kx1 ; : : : ; xn generated by M , then N .M / D N .a/,
(3) N N 0 ) I.N 0 / I.N /,
(4) M I N .M / for all M Kx1 ; : : : ; xn ,
(5) N N I.N / for all N C n ,
T
P
(6) If .ai /P
. i 2I ai /.
i2I is a family of ideals in Kx1 ; : : : ; xn then
i 2I N .ai /DNS
Here i2I ai is the ideal in Kx1 ; : : : ; xn , generated by the union i 2I ai ,
(7) If a; b are ideals in Kx1 ; : : : ; xn then N .a/ [ N .b/ D N .ab/ D N .a \ b/.
Here ab is the ideal in Kx1 ; : : : ; xn generated by all products fg where f 2 a
and g 2 b,
(8) N .M / D N I N .M / for all M Kx1 ; : : : ; xn ,
(9) V D N I.V / for all algebraic K-sets V ,
(10) I.N / D I N I.N / for all N C n .
Proof. The proofs are straightforward. Hence, we prove only (7), (8) and (9). The
rest can be left as exercise for the reader.
Proof of (7): Since ab a\b a; b we have by (1) the inclusion N .a/[N .b/
N .a \ b/ N .ab/. Hence, we have to show that N .ab/ N .a/ [ N .b/.
314
Chapter 21 The Hilbert Basis Theorem and the Nullstellensatz
Let D .1 ; : : : ; n / 2 C n be a zero of ab but not a zero of a. Then there is an

f 2 a with f ./ 0, and hence for all g 2 b we get f ./g./ D .fg/./ D 0 and,
hence, g./ D 0. Therefore 2 N .b/.
Proof of (8) and (9): Let M Kx1 ; : : : ; xn . Then, on the one side, M
I N .M / by (5) and further N I N .M / N .M / by (1). On the other side, N .M /
N I N .M / by (6). Therefore N .M / D N I N .M / for all M Kx1 ; : : : ; xn .
Now, the algebraic K-sets of C n are precisely the sets of the form V D N .M /.
Hence, V D N I.V /.
We make the following agreement: if a is an ideal in Kx1 ; : : : ; xn then we write
a G Kx1 ; : : : ; xn :
If a G Kx1 ; : : : ; xn then we do not have a D I N .a/ in general, that is, a is in
general not equal to the vanishing ideal of its zero set in C n . The reason for this is
that not each ideal a occurs as a vanishing ideal of some N C n . If a D I.N / then
we must have:
(?)
f m 2 a; m 1 H) f 2 a:
Hence, for instance, if a D .x12 ; : : : ; xn2 / G Kx1 ; : : : ; xn then a is not of the form
a D I.N / for some N C n . We now dene the radical of an ideal.
Denition 21.2.5. Let R be a commutative ring, and a G R be an ideal in R. Then
p
p
a D f 2 R W f m 2 a for some m 2 N is an ideal in R. a is called the radical
p
of a (in R). a is said to be reduced if a D a.
p
We note that the 0 is called the nil radical of R; it contains exactly the nilpotent
elements of R, that is, the elements a 2 R with am D 0 for some m 2 N.
p
Let a G R be an ideal in R and W R ! R=a the canonical mapping. Then a is
exactly the preimage of the nil radical of R=a.
21.3
The Hilbert Basis Theorem
In this section we show that if K is a eld then each ideal a G Kx1 ; : : : ; xn is nitely
generated. This is the content of the Hilbert basis theorem. This has as an important
consequence that any algebraic variety of C n is the zero set of only nitely many
polynomials.
The Hilbert basis theorem follows directly from the following Theorem 21.3.2.
Before we state this theorem we need a denition.
Denition 21.3.1. Let R be a commutative ring with an identity 1 0. R is said to
be noetherian if each ideal in R is generated by nitely many elements, that is, each
ideal in R is nitely generated.
Section 21.4 The Hilbert Nullstellensatz
315
Theorem 21.3.2. Let R be a noetherian ring. Then the polynomial ring Rx over R
is also noetherian.
Proof. Let 0 fk 2 Rx. With deg.fk / we denote the degree of fk . Let a G Rx
be an ideal in Rx. Assume that a is not nitely generated. Then, especially, a 0.
We construct a sequence of polynomials fk 2 a such that the highest coefcients ak
generate an ideal in R which is not nitely generated. This produces then a contradiction, and, hence, a is in fact nitely generated. Choose f1 2 a, f1 0, so that
deg.f1 / D n1 is minimal.
If k 1 then choose fkC1 2 a, fkC1 .f1 ; : : : ; fk / so that deg.fkC1 / D nkC1 is
minimal for the polynomials in a n .f1 ; : : : ; fk /. This is possible because we assume
that a is not nitely generated. We have nk nkC1 by our construction. Further
.a1 ; : : : ; ak / .a1 ; : : : ; ak ; akC1 /.
Proof of this claim: Assume that .a1 ; : : : ; ak / D .a1 ; : : : ; ak ; akC1 /. Then akC1 2
Pk
.a1 ; : : : ; ak /. Hence, there are bi 2 R with akC1 D
i D1 ai bi . Let g.x/ D
Pk
n
n
kC1
i
, hence, g 2 .f1 ; : : : ; fk / and g D akC1 x nkC1 C . ThereiD1 bi fi .x/x
fore deg.fkC1 g/ < nkC1 and fkC1 g .f1 ; : : : ; fk / which contradicts the
choice of fkC1 . This proves the claim.
Hence .a1 ; : : : ; ak / .a1 ; : : : ; ak ; akC1 / which contradicts the fact that R is
noetherian. Hence a is nitely generated.
We now have the Hilbert basis theorem.
Theorem 21.3.3 (Hilbert basis theorem). Let K be a eld. Then each ideal a G
Kx1 ; : : : ; xn is nitely generated, that is, a D .f1 ; : : : ; fm / for nitely many f1 ; : : : ;
fm 2 Kx1 ; : : : ; xn .
Corollary 21.3.4. If C jK is a eld extension then each algebraic K-set V of C n is
already the zero set of only nitely many polynomials f1 ; : : : ; fm 2 Kx1 ; : : : ; xn :
V D .1 ; : : : ; n / 2 C n W fi .1 ; : : : ; n / D 0 for i D 1; : : : ; m:
Further we write V D N .f1 ; : : : ; fm /.
21.4
The Hilbert Nullstellensatz
Vanishing ideals of subsets of C n are not necessarily reduced. For an arbitrary eld
C , the condition
f m 2 a; m 1 H) f 2 a
is, in general, not sufcient for a G Kx1 ; : : : ; xn to be a vanishing ideal of a subset
of C n . For example let n 2, K D C D R and a D .x12 C C xn2 / G Rx1 ; : : : ; xn .
a is a prime ideal in Rx1 ; : : : ; xn because x12 C C xn2 is a prime element in
316
Rx1 ; : : : ; xn . Hence, a is reduced. But, on the other side, N .a/ D 0 and

I.0/ D .x1 ; : : : ; xn /. Therefore a is not of the form I.N / for some N C n .
If this would be the case, then a D I.N / D I N I.N / D I 0 D .x1 ; : : : ; xn /
because of Theorem 21.2.4(10), which gives a contradiction.
The Nullstellensatz of Hilbert which we give in two forms shows that if a is rep
duced, that is, a D a, then I N .a/ D a.
Theorem 21.4.1 (Hilberts Nullstellensatz, rst form). Let C jK be a eld extension
p
with C algebraically closed. If a G Kx1 ; : : : ; xn then I N .a/ D a. Moreover, if a
p
is reduced, that is, a D a, then I N .a/ D a. Therefore N denes a bijective map
between the set of reduced ideals in Kx1 ; : : : ; xn and the set of the algebraic K-sets
in C n ; and I denes the inverse map.
The proof follows from:
Theorem 21.4.2 (Hilberts Nullstellensatz, second form). Let C jK be a eld extension with C algebraically closed. Let a G Kx1 ; : : : ; xn with a Kx1 ; : : : ; xn .
Then there exists an D .1 ; : : : ; n / 2 C n with f ./ D 0 for all f 2 a, that is,
NC .a/ ;.
Proof. Since a Kx1 ; : : : ; xn there exists a maximal ideal m G Kx1 ; : : : ; xn with
a m. We consider the canonical map W Kx1 ; : : : ; xn ! Kx1 ; : : : ; xn =m. Let
i D .xi / for i D 1; : : : ; n. Then Kx1 ; : : : ; xn =m D K1 ; : : : ; n DW E. Since
m is maximal, E is a eld. Moreover EjK is algebraic by Corollary 20.3.11. Hence
there exists a K-homomorphism W K1 ; : : : ; n ! C (C is algebraically closed).
Let i D .i /; we have f .1 ; : : : ; n / D 0 for all f 2 m. Since a m this holds
also for all f 2 a. Hence we get a zero .1 ; : : : ; n / of a in C n .
Proof of Theorem 21.4.1. Let a G Kx1 ; : : : ; xn , and let f 2 I N .a/. We have to
show that f m 2 a for some m 2 N. If f D 0 then there is nothing to show.
Now, let f 0. We consider Kx1 ; : : : ; xn as a subring of Kx1 ; : : : ; xn ; xnC1
of the n C 1 independent indeterminates x1 ; : : : ; xn ; xnC1 . In Kx1 ; : : : ; xn ; xnC1
we consider the ideal aN D .a; 1 xnC1 f / G Kx1 ; : : : ; xn ; xnC1 , generated by a and
1 xnC1 f .
Case 1: aN Kx1 ; : : : ; xn ; xnC1 .
aN then has a zero .1 ; : : : ; n ; nC1 / in C nC1 by Theorem 21.2.4. Hence, for
N we have the equations:
.1 ; : : : ; n ; nC1 / 2 N .a/
(1) g.1 ; : : : ; n / D 0 for all g 2 a and
(2) f .1 ; : : : ; n /nC1 D 1.
From (1) we get .1 ; : : : ; n / 2 N .a/. Hence, especially, f .1 ; : : : ; n / D 0 for
our f 2 I N .a/. But this contradicts (2). Therefore aN Kx1 ; : : : ; xn ; xnC1 is not
possible. Therefore we have
Section 21.5 Applications and Consequences of Hilberts Theorems
317
Case 2: aN D Kx1 ; : : : ; xn ; xnC1 , that is, 1 2 a.

N Then there exists a relation of the
form
X
hi gi C h.1 xnC1 f / for some gi 2 a and hi ; h 2 Kx1 ; : : : ; xn ; xnC1 :
1D
i
The map xi 7! xi for 1 i n and xnC1 7! f1 denes a homomorphism W

Kx1 ; : : : ; xn ; xnC1 !PK.x1 ; : : : ; xn /, the quotient eld of Kx1 ; : : : ; xn . From (3)
we get a relation 1 D i hi .x1 ; : : : ; xn ; f1 /gi .x1 ; : : : ; xn / in K.x1 ; : : : ; xn /. If we
P
multiply this with a suitable power f m of f we get f m D i hQ i .x1 ; : : : ; xn /gi .x1 ;
: : : ; xn / for some polynomials hQ 2 Kx1 ; : : : ; xn . Since gi 2 a we get f m 2 a.
21.5
Applications and Consequences of Hilberts Theorems
Theorem 21.5.1. Each nonempty set of algebraic K-sets in C n contains a minimal

element. In other words: For each descending chain
V1 V2 Vm VmC1
(1)
of algebraic K-sets Vi in C n there exists an integer m such that Vm D VmC1 D

VmC2 D , or equivalently, every strictly descending chain V1 V2 of
algebraic K-sets Vi in C n is nite.
Proof. We apply the operator I , that is, we pass to the vanishing ideals. This gives an
ascending chain of ideals
I.V1 / I.V2 / I.Vm / I.VmC1 / :
(2)
The union of the I.Vi / is an ideal in Kx1 ; : : : ; xn , and, hence, by Theorem 21.3.3
nitely generated. Hence, there is an m with I.Vm / D I.VmC1 / D I.VmC2 / D .
Now we apply the operator N and get the desired result because Vi D N I.Vi / by
Theorem 21.2.4 (10).
Denition 21.5.2. An algebraic K-set V ; in C n is called irreducible if it is not
describable as a union V D V1 [ V2 of two algebraic K-sets Vi ; in C n with
Vi V for i D 1; 2. An irreducible algebraic K-set in C n is also called a K-variety
in C n .
Theorem 21.5.3. An algebraic K-set V ; in C n is irreducible if and only if its
vanishing ideal Ik .V / D I.V / is a prime ideal of R D Kx1 ; : : : ; xn with I.V / R.
Proof. (1) Let V be irreducible. Let fg 2 I.V /. Then V D N I.V / N .fg/ D
N .f / [ N .g/, hence V D V1 [ V2 with the algebraic K-sets V1 D N .f / \ V and
318
V2 D N .g/ \ V . Now V is irreducible, hence, V D V1 or V D V2 ; say V D V1 .

Then V N .f /, and therefore f 2 I N .f / I.V /. Since V ; we have further
1 I.V /, that is, I.V / R.
(2) Let I.V / G R with I.V / R be a prime ideal. Let V D V1 [ V2 , V1 V ,
with algebraic K-sets Vi in C n . First,
I.V / D I.V1 [ V2 / D I.V1 / \ I.V2 / I.V1 /I.V2 /;
(?)
where I.V1 /I.V2 / is the ideal generated by all products fg with f 2 I.V1 /, g 2
I.V2 /. We have I.V1 / I.V / because otherwise V1 D N I.V1 / D N I.V / D V
contradicting V1 V . Hence, there is a f 2 I.V1 / with f I.V /. Now, I.V / R
is a prime ideal, and hence, necessarily I.V2 / I.V / by (?). It follows that V V2 ,
and, hence, V is irreducible.
Note that the afne space K n is, as the zero set of the zero polynomial 0, itself
an algebraic K-set in K n . If K is innite then I.K n / D 0 and, hence K n is
irreducible by Theorem 21.5.3. Moreover, if K is innite then K n can not be written
as a union of nitely many proper algebraic K-subsets. If K is nite then K n is not
irreducible.
Further each algebraic K-set V in C n is also an algebraic C -set in C n . If V is an
irreducible algebraic K-set in C n then, in general, it is not an irreducible algebraic
C -set in C n .
Theorem 21.5.4. Each algebraic K-set V in C n can be written as a nite union
V D V1 [ V2 [ [ Vr of irreducible algebraic K-sets Vi in C n . If here Vi Vk
for all pairs .i; k/ with i k then this presentation is unique, up to the ordering of
the Vi ; and then the Vi are called the irreducible K-components of V .
Proof. Let a be the set of all algebraic K-sets in C n which can not be presented as a
nite union of irreducible algebraic K-sets in C n .
Assume that a ;. By Theorem 21.4.1 there is a minimal element V in a. This V
is not irreducible, otherwise we have a presentation as desired. Hence there exists a
presentation V D V1 [ V2 with algebraic K-sets Vi which are strictly smaller than V .
By denition, both V1 and V2 have a presentation as desired, and hence V has one,
too, which gives a contradiction. Hence, a D ;.
Now suppose that V D V1 [ [ Vr D W1 [ [ Ws be two presentations of the
desired form. For each Vi we have a presentation Vi D .Vi \ W1 / [ [ .Vi \ Ws /.
Each Vi \ Wj is a K-algebraic set (see Theorem 21.2.4). Since Vi is irreducible, we
get that there is a Wj with Vi D Vi \ Wj , that is, Vi Wj . Analogously, for this Wj
there is a Vk with Wj Vk . Altogether Vi Wj Vk . But Vp Vq if p q.
Hence, from Vi Wj Vk we get i D k and therefore Vi D Wj , that means, for
each Vi there is a Wj with Vi D Wj . Analogously, for each Wk there is a Vl with
Wk D Vl . This proves the theorem.
Section 21.5 Applications and Consequences of Hilberts Theorems
319
Example 21.5.5.
1. Let M D gh Rx; y with g.x/ D x 2 C y 2 1 and
2
f .x/ D x C y 2 2. Then N .M / D V D V1 [ V2 where V1 D N .g/ and
V2 D N .f /, and V is not irreducible.
2. Let M D f Rx; y with f .x; y/ D xy 1; f is irreducible in Rx; y,
therefore the ideal .f / is a prime ideal in Rx; y. Hence V D N .f / is irreducible.
Denition 21.5.6. Let V be an algebraic K-set in C n . The residue class ring KV D
Kx1 ; : : : ; xn =I.V / is called the (afne) coordinate ring of V .
KV can be identied with the ring of all those functions V ! C which are given
by polynomials from Kx1 ; : : : ; xn . As a homomorphic image of Kx1 ; : : : ; xn , we
get that KV can be described in the form KV D K1 ; : : : ; n ; therefore a Kalgebra of the form K1 ; : : : ; n is often called an afne K-algebra. If the algebraic
K-set V in C n is irreducible we can call V now an (afne) K-variety in C n then
KV is an integral domain with an identity because I.V / is then a prime ideal with
I.V / R by Theorem 21.4.2. The quotient eld K.V / D Quot KV is called the
eld of rational functions on the K-variety V .
We note the following:
1. If C is algebraically closed then V D C n is a K-variety and K.V / is the eld
K.x1 ; : : : ; xn / of the rational functions in n variables over K.
2. Let the afne K-algebra A D K1 ; : : : ; n be an integral domain with an identity 1 0. Then A Kx1 ; : : : ; xn =p for some prime ideal p Kx1 ; : : : ; xn .
Hence, if C is algebraically closed then A is isomorphic to the coordinate ring
of the K-variety V D N .p/ in C n (see Hilberts Nullstellensatz, rst form,
Theorem 21.4.1).
3. If the afne K-algebra A D K1 ; : : : ; n is an integral domain with an identity
1 0 then we dene the transcendence degree trgd.AjK/ to the transcendence
degree of the eld extension Quot.A/jK, that is, trgd.AjK/ D trgd.Quot.A/jK/,
Quot.A/ the quotient eld of A.
In this sense trgd.Kx1 ; : : : ; xn jK/ D n. Since Quot.A/ D K.1 ; : : : ; n / we
get trgd.AjK/ n by Theorem 20.3.10.
4. An arbitrary afne K-algebra K1 ; : : : ; n is, as a homomorphic image of
the polynomial ring Kx1 ; : : : ; xn , noetherian (see Theorem 21.2.4 and Theorem 21.2.3).
Example 21.5.7. Let !1 ; !2 2 C two elements which are linear independent over R.
An element ! D m1 !1 C m2 !2 with m1 ; m2 2 Z, is called a period. The periods
describe an abelian group D m1 !1 C m2 !2 W m1 ; m2 2 Z Z Z and give a
lattice in C.
320
An elliptic function f (with respect to ) is a meromorphic function with period

group , that is, f .z C w/ D f .z/ for all z 2 C. The Weierstrass }-function,

X
1
1
1

}.z/ D 2 C
;
z
.z w/2 w 2
0w2
is an elliptic function.
P
P
With g2 D 60 0w2 w14 and g3 D 140 0w2 w16 we get the differential
equation } 0 .z/2 D 4}.z/3 C g2 }.z/ C g3 D 0. The set of elliptic functions is a eld
E, and each elliptic function is a rational function in } and } 0 (for details see, for
instance, [27]).
The polynomial f .t / D t 2 4s 3 C g2 s C g3 2 C.s/t is irreducible over C.s/.
For the corresponding algebraic C.s/-set V we get K.V / D C.s/t =.t 2 4s 3 C
g2 s C g3 / E with respect to t 7! } 0 , s 7! }.
21.6
Dimensions
From now we assume that C is algebraically closed.

Denition 21.6.1. (1) The dimension dim.V / of an algebraic K-set V in C n is said
to be the supremum of all integers m for which there exists a strictly descending
chain V0 V1 Vm of K-varieties Vi in C n with Vi V for all i.
(2) Let A be a commutative ring with an identity 1 0. The height h.p/ of a prime
ideal p A of A is said to be the supremum of all integers m for which there
exists a strictly ascending chain p0 p1 pm D p of prime ideals pi of
A with pi A. The dimension (Krull dimension) dim.A/ of A is said to be the
supremum of the heights of all prime ideals A in A.
Theorem 21.6.2. Let V be an algebraic K-set in C n . Then dim.V / D dim.KV /.
Proof. By Theorem 21.2.4 and Theorem 21.4.2 we have a bijective map between
the K-varieties W with W V and the prime ideals R D Kx1 ; : : : ; xn of R
which contain I.V / (the bijective map reverses the inclusion). But these prime ideals
correspond exactly with the prime ideals KV of KV D Kx1 ; : : : ; xn =I.V /
which gives the statement.
Section 21.6 Dimensions
321
Suppose that V is an algebraic K-set in C n and let V1 ; : : : ; Vr the irreducible components of V . Then dim.V / D maxdim V1 ; : : : ; dim Vr because if V is a K-variety
with V 0 V then V 0 D .V 0 \ V1 / [ [ .V 0 \ Vr /. Hence, we may restrict ourselves
on K-varieties V .
If we consider the special case of the K-variety V D C 1 D C (recall that C is
algebraically closed and, hence, especially C is innite). Then KV D Kx, the
polynomial ring Kx in one indeterminate x. Now, Kx is a principal ideal domain,
and hence, each prime ideal Kx is either a maximal ideal or the zero ideal 0
of Kx. The only K-varieties in V D C are therefore V itself and the zero set of
irreducible polynomials in Kx. Hence, if V D C then dim.V / D dim KV D 1 D
trgd.KV jK/.
Theorem 21.6.3. Let A D K1 ; : : : ; n be an afne K-algebra and let A be also
an integral domain. Let 0 D p0 p1 pm be a maximal strictly ascending
chain of prime ideals in A (such a chain exists since A is noetherian). Then m D
trgd.AjK/ D dim.A/. In other words:
All maximal ideals of A have the same height, and this height is equal to the transcendence degree of A over K.
Corollary 21.6.4. Let V be a K-variety in C n . Then dim.V / D trgd.KV jK/.
We prove Theorem 21.6.3 in several steps.
Lemma 21.6.5. Let R be an unique factorization domain. Then each prime ideal p
with height h.p/ D 1 is a principal ideal.
Proof. p 0 since h.p/ D 1. Hence there is an f 2 p, f 0. Since R is
an unique factorization domain, f has a decomposition f D p1 ps with prime
elements pi 2 R. Now, p is a prime ideal, hence some pi 2 p because f 2 p, say
p1 2 p. Then we have the chain 0 .p1 / p, and .p1 / is a prime ideal of R.
Since h.p/ D 1 we get .p1 / D p.
Lemma 21.6.6. Let R D Ky1 ; : : : ; yr be the polynomial ring of the r independent
indeterminates y1 ; : : : ; yr over the eld K (recall that R is a unique factorization
domain). If p is a prime ideal in R with height h.p/ D 1 then the residue class ring
RN D R=p has transcendence degree r 1 over K.
Proof. By Lemma 21.6.5 we have that p D .p/ for some nonconstant polynomial p 2
Ky1 ; : : : ; yr . Let the indeterminate y D yr occur in p, that is, degy .p/ 1, the degree in y. If f is a multiple of p then also degy .f / 1. Hence, p \ Ky1 ; : : : ; yr
0. Therefore the residue class mapping R ! RN D KyN1 ; : : : ; yNr induces an isomorphism Ky1 ; : : : ; yr1 ! KyN1 ; : : : ; yNr1 of the subring Ky1 ; : : : ; yr1 , that
is, yN1 ; : : : ; yNr1 are algebraically independent over K. On the other side p.yN1 ; : : : ;
322
yNr1 ; yNr / D 0 is a nontrivial algebraic relation for yNr over K.yN1 ; : : : ; yNr1 /. Hence,
N
altogether trgd.RjK/
D trgd.K.yN1 ; : : : ; yNr /jK/ D r 1 by Theorem 20.3.9.
Before we describe the last technical lemma we need some preparatory theoretical
material.
Let R; A be integral domains (with identity 1 0) and let AjR be a ring extension.
We rst consider only R.
(1) A subset S R n 0 is called a multiplicative subset of R if 1 2 S for the
identity 1 of R, and if s; t 2 S then also st 2 S. .x; s/ .y; t / W, xt ys D 0
denes an equivalence relation on M D R S. Let xs be the equivalence class of
.x; s/ and S 1 R the set of all equivalence classes. We call xs a fraction. If we add
and multiply fractions as usual we get that S 1 R becomes an integral domain; it is
called the ring of fractions of R with respect to S. If, especially, S D R n 0 then
S 1 R D Quot.R/, the quotient eld of R.
Now, back to the general situation. i W R ! S 1 R, i.r/ D 1r , denes an embedding of R into S 1 R. Hence, we may consider R as a subring of S 1 R. For each
s 2 S R n 0 we have that i.s/ is an unit in S 1 R, that is, i.s/ is invertible,
and that each element of S 1 R has the form i.s/1 i.r/ with r 2 R, s 2 S . Therefore S 1 R is uniquely determined up to isomorphisms; and we have the following
universal property:
If W R ! R0 is a ring homomorphism (of integral domains) such that .s/
is invertible for each s 2 S then there exist exactly one ring homomorphism W
S 1 R ! R0 with i D . If a G R is an ideal in a then we write S 1 a for the ideal
in S 1 R generated by i.a/. S 1 a is the set of all elements of the form as with a 2 a
and s 2 S; further S 1 a D .1/ , a \ S ;.
Vice versa, if A G S 1 R is an ideal in S 1 R then we denote the ideal i 1 .A/ G R
with A \ R, too. An ideal a G R is of the form a D i 1 .A/ if and only if there is no
s 2 S such that its image in R=a under the canonical map R ! R=a is a proper zero
divisor in R=a. Under the mapping P ! P \ R and p 7! S 1 p the prime ideals in
S 1 R correspond exactly to the prime ideals in R which do not contain an element
of S.
We now identify R with i.R/.
(2) Now, let p G R be a prime ideal in R. Then S D R n p is multiplicative. In this
case we write Rp instead of S 1 R and call Rp the quotient ring of R with respect to
p or the localization of R of p. Put m D pRp D S 1 p. Then 1 m. Each element
of Rp =m is a unit in Rp and vice versa. In other words: Each ideal a .1/ in Rp is
contained in m, or equivalently, m is the only maximal ideal in Rp . A commutative
ring with an identity 1 0, which has exactly one maximal ideal, is called a local
ring. Hence Rp is a local ring. From part (1) we get further: the prime ideals of
the local ring Rp correspond bijectively to the prime ideals of R which are contained
in p.
323
Section 21.6 Dimensions
(3) Now we consider our ring extension AjR as above. Let q be a prime ideal in R.
Claim: If qA \ R D q then there exists a prime ideal Q G A with Q \ R D q (and
vice versa).
Proof of the claim: If S D R n q then qA \ S D ;. Hence qS 1 A is a proper
ideal in S 1 A and hence contained in a maximal ideal m in S 1 A, here qS 1 A is
the ideal in S 1 A which is generated by q. Dene Q D m \ A; Q is a prime ideal
in A, and Q \ R D q by part (1) because Q \ S D ; where S D R n q.
(4) Now let AjR be an integral extension (A; R integral domains as above). Assume
that R is integrally closed in its quotient eld K. Let P G A be a prime ideal in A and
p D P \ R.
Claim: If q G R is a prime ideal in A with q p then qAp \ R D q.
Proof of the claim: An arbitrary 2 qAp has the form D s with 2 qA, qA
the ideal in A generated by q, and s 2 S D A n p. An integral equation for 2 qA
over K is given a form n C an1 n1 C C a0 D 0 with ai 2 q. This can be
seen as follows: we have certainly a form D b1 1 C C bm m with bi 2 q and
i 2 A. The subring A0 D R1 ; : : : ; m is, as an R-module, nitely generated, and
A0 qA0 . Now, ai 2 q follows with the same type of arguments as in the proof of
Theorem 20.2.4.
Now, in addition, let 2 R. Then, for s D , we have an equation
sn C
an1 n1
a0
C C n D 0
s
2 R.
over K. But s is integral over R, and, hence, all an1
i
We are now prepared to prove the last preliminary lemma which we need for the
proof of Theorem 21.6.3.
Lemma 21.6.7 (Krulls going up lemma). Let AjR be an integral ring extension of
integral domains and let R be integrally closed in its quotient eld. Let p and q be
prime ideals in R with q p. Further let P be a prime ideal in A with P \ R D p.
Then there exists a prime ideal Q in A with Q \ R D q and Q P.
Proof. It is enough to show that there exists a prime ideal Q in Ap with Q \ R D q.
This can be seen from the preceding preparations. By part (1) and (2) such a Q has
the form Q D Q0 Ap with a prime ideal Q0 in A with Q0 P and Q \ A D Q0 .
It follows q D Q0 \ R P \ R D p. And the existence of such a Q follows from
parts (3) and (4).
Proof of Theorem 21.6.3. Let rst be m D 0. Then 0 is a maximal ideal in A and,
hence, A D K1 ; : : : ; n a eld. By Corollary 20.3.11 then AjK is algebraic and,
hence, trgd.AjK/ D 0. So, Theorem 21.3.3 holds for m D 0.
Now, let m 1. We use Noethers normalization theorem. A has a polynomial
ring R D Ky1 ; : : : ; yr of the r independent indeterminates y1 ; : : : ; yr as a subring,
324
and AjR is an integral extension. As a polynomial ring over K the ring R is a unique
factorization domain and hence, certainly, algebraically closed (in its quotient eld).
Now, let
0 D P0 P1 Pm
(1)
be a maximal strictly ascending chain of prime ideals in A. If we intersect with R we

get a chain
0 D p0 p1 pm
(2)
of prime ideals pi D Pi \R of R. Since AjR is integral, the chain (2) is also a strictly
ascending chain. This follows from Krulls going up lemma (Lemma 21.6.7) because
if pi D pj then Pi D Pj . If Pm is a maximal ideal in A then also pm is a maximal
ideal in R because AjR is integral (consider A=Pm and use Theorem 17.2.21). If the
chain (1) is maximal and strictly then also the chain (2).
Now, let the chain (1) be maximal and strictly. If we pass to the residue class rings
N1
AN D A=P1 and RN D R=p1 then we get the chains of prime ideals 0 D P
N
N
P2 Pm and 0 D pN 1 pN 2 pN m for the afne K-algebras AN and
N respectively, but with a 1 less length. By induction, we may assume that already
R,
N
N
trgd.AjK/
D m 1 D trgd.RjK/.
On the other side, by construction we have
trgd.AjK/ D trgd.RjK/ D r. To prove Theorem 21.3.3 nally, we have to show that
N
r D m. If we compare both equations then r D m follows if trgd.RjK/
D r 1. But
this holds by Lemma 21.6.6.
Theorem 21.6.8. Let V be a K-variety in C n . Then dim.V / D n 1 if and only if
V D .f / for some irreducible polynomial f 2 Kx1 ; : : : ; xn .
Proof. (1) Let V be a K-variety in C n with dim.V / D n 1. The corresponding ideal (in the sense of Theorem 21.2.4) is by Theorem 21.4.2 a prime ideal p in
Kx1 ; : : : ; xn . By Theorem 21.3.3 and Corollary 21.3.4 we get h.p/ D 1 for the
height of p because dim.V / D n 1 (see also Theorem 21.3.2). Since Kx1 ; : : : ; xn
is a unique factorization domain we get that p D .f / is a principal ideal by Lemma 21.6.5.
(2) Now let f 2 Kx1 ; : : : ; xn be irreducible. We have to show that V D N .f /
has dimension n 1. For that, by Theorem 21.6.3, we have to show that the prime
ideal p D .f / has the height h.p/ D 1. Assume that this is not the case. Then
there exists a prime ideal q p with 0 q p. Choose g 2 q, g 0. Let
g D uf e1 2e2 rer be its prime factorization in Kx1 ; : : : ; xn . Now g 2 q and
f q because q p. Hence, there is a i in q p D .f / which is impossible.
Therefore h.p/ D 1.
21.7
325
Exercises
1. Let A D Ka1 ; : : : ; an and C jK a eld extension with C algebraically closed.

Show that there is a K-algebra homomorphism Ka1 ; : : : ; an ! C .
2. Let Kx1 ; : : : ; xn be the polynomial ring of the n independent indeterminates
x1 ; : : : ; xn over the algebraically closed eld K. The maximal ideals of Kx1 ; : : : ;
xn are exactly the ideals of the form m./ D .x1 1 ; x2 2 ; : : : ; xn n /
with D .1 ; : : : ; n / 2 K n .
p
3. The nil radical 0 of A D Ka1 ; : : : ; an corresponds with the Jacobson radical
of A, that is, the intersection of all maximal ideals of A.
4. Let R be a commutative ring with 1 0. If each prime ideal of R is nitely
generated then R is noetherian.
5. Prove the theoretical preparations for Krulls going up lemma in detail.
6. Let Kx1 ; : : : ; xn be the polynomial ring of the n independent indeterminates
x1 ; : : : ; xn . For each ideal a of Kx1 ; : : : ; xn there exists a natural number m
with the following property: if f 2 Kx1 ; : : : ; xn vanishes on the zero set of a
then f m 2 a.
7. Let K be a eld with char K 2 and a; b 2 K ? . We consider the polynomial
f .x; y/ D ax 2 C by 2 1 2 Kx; y, the polynomial ring of the independent
indeterminates x and y. Let C be the algebraic closure of K.x/ and 2 C with
f .x; / D 0. Show that:
(i) f is irreducible over the algebraic closure C0 of K (in C ).
(ii) trgd.K.x; /jK/ D 1, K.x; / W K.x/ D 2, and K is algebraically closed
in K.x; /.
Chapter 22
Algebraic Cryptography
22.1
Basic Cryptography
As we have mentioned, much of mathematics has been algebraicized, that is uses the
methods and techniques of abstract algebra. Throughout this book we have looked
at various applications of the algebraic ideas. Many of these were to other areas of
mathematics, such as the insolvability of the quintic. In this nal chapter we move
in a slightly different direction and look at applications of algebra to cryptography.
This has become increasingly important because of the extensive use of cryptography
and cryptosystems in modern commerce and communications. We rst give a brief
introduction to general cryptography and its history.
Cryptography refers to the science and/or art of sending and receiving coded messages. Coding and hidden ciphering is an old endeavor used by governments and
militaries and between private individuals from ancient times. Recently it has become
even more prominent because of the necessity of sending secure and private information, such as credit card numbers, over essentially open communication systems.
Traditionally cryptography is the science and or art of devising and implementing
secret codes or cryptosystems. Cryptanalysis is the science and or art of breaking cryptosystems while cryptology refers to the whole eld of cryptography plus cryptanalysis. In most modern literature cryptography is used synonymously with cryptology.
Theoretically cryptography uses mathematics, computer science and engineering.
A cryptosystem or code is an algorithm to change a plain message, called the plaintext message, into a coded message, called the ciphertext message. In general both the
plaintext message (uncoded message) and the ciphertext message (coded message)
are written in some N letter alphabet which is usually the same for both plaintext and
code. The method of coding or the encoding algorithm is then a transformation of
the N letters. The most common way to perform this transformation is to consider
the N letters as N integers modulo N and then perform a number theoretical function on them. Therefore most encoding algorithms use modular arithmetic and hence
cryptography is closely tied to number theory. The subject is very broad, and as mentioned above, very current, due to the need for publically viewed but coded messages.
There are many references to the subject. The book by Koblitz [60] gives an outstanding introduction to the interaction between number theory and cryptography. It also
includes many references to other sources. The book by Stinson [68] describes the
whole area.
327
Section 22.1 Basic Cryptography
Modern cryptography is usually separated into classical cryptography also called

symmetric key cryptography and public key cryptography. In the former, both the
encoding and decoding algorithms are supposedly known only to the sender and receiver, usually referred to as Bob and Alice. In the latter, the encryption method is
public knowledge but only the receiver knows how to decode.
The message that one wants to send is written in plaintext and then converted into
code. The coded message is written in ciphertext. The plaintext message and ciphertext message are written in some alphabets that are usually the same. The process
of putting the plaintext message into code is called enciphering or encryption while
the reverse process is called deciphering or decryption. Encryption algorithms break
the plaintext and ciphertext message into message units. These are single letters or
pairs of letters or more generally k-vectors of letters. The transformations are done
on these message units and the encryption algorithm is a mapping from the set of
plaintext message units to the set of ciphertext message units. Putting this into a
mathematical formulation we let
P D set of all plaintext message units
C D set of all ciphertext message units:
The encryption algorithm is then the application of an invertible function
f W P ! C:
The function f is the encryption map. The inverse
f 1 W C ! P
is the decryption or deciphering map. The triple P ; C ; f , consisting of a set of
plaintext message units, a set of cipertext message units and an encryption map, is
called a cryptosystem.
Breaking a code is called cryptanalysis. An attempt to break a code is called an
attack. Most cryptanalysis depends on a statistical frequency analysis of the plaintext
language used (see exercises). Cryptanalysis depends also on a knowledge of the form
of the code, that is, the type of cryptosystem used.
We now give some examples of cryptosystems and cryptanalysis.
Example 22.1.1. The simplest type of encryption algorithm is a permutation cipher.
Here the letters of the plaintext alphabet are permuted and the plaintext message is
sent in the permuted letters. Mathematically if the alphabet has N letters and is a
permutation on 1; : : : ; N , the letter i in each message unit is replaced by .i /. For
example suppose the plaintext language is English and the plaintext word is BOB and
328
Chapter 22 Algebraic Cryptography
the permutation algorithm is

a b c d e f g h i j k l m
b c d f g h j k l n o p r
n o p q r s t u v w x y z
s t v w x a e i z m q y u
then BOB ! CSC.
Example 22.1.2. A very straightforward example of a permutation encryption algorithm is a shift algorithm. Here we consider the plaintext alphabet as the integers
0; 1; : : : ; N 1 mod N . We choose a xed integer k and the encryption algorithm is
f Wm!mCk
mod N:
This is often known as a Caesar code after Julius Caesar who supposedly invented
it. It was used by the Union Army during the American Civil War. For example if
both the plaintext and ciphertext alphabets were English and each message unit was
a single letter then N D 26. Suppose k D 5 and we wish to send the message
ATTACK. If a D 0 then ATTACK is the numerical sequence 0; 20; 20; 0; 2; 11. The
encoded message would then be FZZFIP.
Any permutation encryption algorithm which goes letter to letter is very simple to
attack using a statistical analysis. If enough messages are intercepted and the plaintext
language is guessed then a frequency analysis of the letters will sufce to crack the
code. For example in the English language the three most commonly occurring letters
are E, T and A with a frequency of occurrence of approximately 13% and 9% and 8%
respectively. By examining the frequency of occurrences of letters in the ciphertext
the letters corresponding to E, T and A can be uncovered.
Example 22.1.3. A variation on the Caesar code is the Vignre code. Here message
units are considered as k-vectors of integers mod N from an N letter alphabet. Let
B D .b1 ; : : : ; bk / be a xed k-vector in Zkn . The Vignre code then takes a message
unit
.a1 ; : : : ; ak / ! .a1 C b1 ; : : : ; ak C bk / mod N:
From a cryptanalysis point of view a Vignre code is no more secure than a Caesar
code and is susceptible to the same type of statistical attack.
The Alberti Code is a polyalphabetic cipher and can be often be used to thwart a
statistical frequency attack. We describe it in the next example.
Example 22.1.4. Suppose we have an N letter alphabet. We then form an N N
matrix P where each row and column is a distinct permutation of the plaintext alphabet. Hence P is a permutation matrix on the integers 0; : : : ; N 1. Bob and Alice
329
Section 22.1 Basic Cryptography
decide on a keyword. The keyword is placed above the plaintext message and the
intersection of the keyword letter and plaintext letter below it will determine which
cipher alphabet to use. We will make this precise with an 9 letter alphabet A, B, C, D,
E, O, S, T, U. Here for simplicity we will assume that each row is just a shift of the
previous row, but any permutation can be used.
Key Letters
A B C D E O S T U
a
A a b c d e o s t u
l
B b c d e o s t u a
p
C c d e o s t u a b
h
D d e o s t u a b c
a
E e o s t u a b c d
b
O o s t u a b c d e
e
S s t u a b c d e o
t
T t u a b c d e o s
s
U u a b c d e o s t.
Suppose the plaintext message is STAB DOC and Bob and Alice have chosen the
keyword BET. We place the keyword repeatedly over the message
B E T B E T B
S T A B D O C:
To encode we look at B which lies over S. The intersection of the B key letter and the
S alphabet is a t so we encrypt the S with T. The next key letter is E which lies over T.
The intersection of the E keyletter with the T alphabet is c. Continuing in this manner
and ignoring the space we get the encryption
STAB DOC ! TCTCTDD:
Example 22.1.5. A nal example, which is not number theory based, is the so-called
Beale Cipher. This has a very interesting history which is related in the popular
book Archimedes Revenge by Paul Hoffman (see [56]). Here letters are encrypted
by numbering the rst letters of each word in some document like the Declaration of
Independence or the Bible. There will then be several choices for each letter and a
Beale cipher is quite difcult to attack.
Until relatively recent times cryptography was mainly concerned with message condentiality that is sending secret messages so that interceptors or eavesdroppers
cannot decipher them. The discipline was primarily used in military and espionage
situations. This changed with the vast amount of condential data that had to be
transmitted over public airways so the eld has expanded to many different types of
cryptographic techniques such as digital signatures and message authentications.
330
Cryptography and encryption does have a long and celebrated history. In the Bible,
in the book of Jeremiah, they use what is called an Atabash Code. In this code the
letters of the alphabet Hebrew in the Bible but can be used with any alphabet are
permuted rst to last. That is, in the Latin alphabet, Z would go to A and so on.
The Kabbalists and the Kabbala believe that the Bible written in Hebrew where
each letter also stands for a number is a code from heaven. They have devised
elaborate ways to decode it. This idea has seeped into popular culture where the book
The Bible Code became a bestseller.
In his military campaigns Julius Caesar would send out coded messages. His
method, which we looked at in the last section, is now known as a Caesar code. It
is a shift cipher. That is each letter is shifted a certain amount to the right. A shift
cipher is a special case of an afne cipher that will be elaborated upon in the next
section. The Caesar code was resurrected and used during the American Civil War.
Coded messages produced by most of the historical methods reveal statistical information about the plaintext. This could be used in most cases to break the codes.
The discovery of frequency analysis was done by the Arab mathematician Al-Kindi
in the ninth century and the basic classical substitution ciphers became more or less
easily breakable. About 1470 Leon Alberti developed a method to thwart statistical
analysis. His innovation was to use a polyalphabetic cipher where different parts of
the message are encrypted with different alphabets. We looked at an example of an
Alberti code in this section.
A different way to thwart statistical attacks is to use blank and neutral letters, that
is meaningless letters within the message. Mary, Queen of Scots, used a random
permutation cipher with neutrals in it, where a neutral was a random meaningless
symbol. Unfortunately for her, her messages were decoded and she was beheaded.
There have been various physical devices and aids used to create codes. Prior
to the widespread use of the computer the most famous cryptographic aid was the
Enigma machine developed and used by the German military during the Second World
War. This was a rotor machine using a polyalphabetic cipher. An early version was
broken by Polish cryptographers early in the war so a larger system was built that was
considered unbreakable. British cryptographers led by Alan Turing broke this and
British knowledge of German secrets had a great effect on the latter part of the war.
The development of digital computers allowed for the development of much more
complicated cryptosystems. Further this allowed for the encryption using anything
that can be placed in binary formats whereas historical cryptosystems could only be
rendered using language texts. This has revolutionized cryptography.
In 1976 Dife and Hellman developed the rst usable public key exchange protocol.
This allowed for the transmission of secret data over open airways. A year later Rivest,
Adelman and Shamir, developed the RSA algorithm, a second public key protocol.
There are now many and we will discuss them later. In 1997 it became known that
public key cryptography had been developed earlier by James Ellis working for British
331
Section 22.2 Encryption and Number Theory
Intelligence and that both the DifeHellman and RSA protocols had been developed
earlier by Malcom Williamson and Clifford Cocks respectively.
22.2
Encryption and Number Theory
Here we describe some basic number theoretically derived cryptosystems. In applying

a cryptosystem to an N letter alphabet we consider the letters as integers mod N .
The encryption algorithms then apply number theoretic functions and use modular
arithmetic on these integers. One example of this was the shift, or Caesar cipher,
described in the last section. In this encryption method a xed integer k is chosen and
the encryption map is given
f Wm!mCk
mod N:
The shift algorithm is a special case of an afne cipher. Recall that an afne map
on a ring R is a function f .x/ D ax C b with a; b; x 2 R. We apply such a map to
the ring of integers modulo n, that is, R D Zn , as the encryption map. Specically
again suppose we have an N letter alphabet and we consider the letters as the integers
0; 1; : : : ; N 1 mod N , that is in the ring ZN . We choose integers a; b 2 ZN with
.a; N / D 1 and b 0. a; b are called the keys of the cryptosystem . The encryption
map is then given by
f W m ! am C b mod N:
Example 22.2.1. Using an afne cipher with the English language and keys a D 3,
b D 5 encode the message EAT AT JOES. Ignore spaces and punctuation.
The numerical sequence for the message ignoring the spaces and punctuation is
4; 0; 19; 0; 19; 9; 14; 4; 18:
Applying the map f .m/ D 3m C 5 mod 26 we get
17; 5; 62; 5; 62; 32; 47; 17; 59 ! 17; 5; 10; 5; 10; 6; 21; 17; 7:
Now rewriting these as letters we get
EAT AT JOES ! RFKFKGVRH:
Since .a; N / D 1 the integer a has a multiplicative inverse a1 mod N . The decryption map for an afne cipher with keys a; b is then
f 1 W m ! a1 .m b/ mod N:
Since an afne cipher, as given above, goes letter to letter it is easy to attack using
a statistical frequency approach. Further if an attacker can determine two letters and
332
knows that it is an afne cipher the keys can be determined and the code broken. To
give better security it is preferable to use k-vectors of letters as message units. The
form then of an afne cipher becomes
f W v ! Av C B
where here v and B are k-vectors from ZkN and A is an invertible k k matrix with
entries from the ring ZN . The computations are then done modulo N . Since v is a
k-vector and A is a k k matrix the matrix product Av produces another k-vector
from ZkN . Adding the k-vector B again produces a k-vector so the ciphertext message
unit is again a k-vector. The keys for this afne cryptosystem are the enciphering
matrix A and the shift vector B. The matrix A is chosen to be invertible over ZN
(equivalent to the determinant of A being a unit in the ring ZN ) so the decryption
map is given by
v ! A1 .v B/:
Here A1 is the matrix inverse over ZN and v is a k-vector. The enciphering matrix
A and the shift vector B are now the keys of the cryptosystem.
A statistical frequency attack on such a cryptosystem requires knowledge, within
a given language, of the statistical frequency of k-strings of letters. This is more
difcult to determine than the statistical frequency of single letters. As for a letter to
letter afne cipher, if k C 1 message units, where k is the message block length, are
discovered, then the code can be broken.
Example 22.2.2. Using an afne cipher with message units of length 2 in the English
language and keys

5 1
AD
; B D .5; 3/
8 7
encode the message EAT AT JOES. Again ignore spaces and punctuation.
Message units of length 2, that is 2-vectors of letters are called digraphs. We rst
must place the plaintext message in terms of these message units. The numerical
sequence for the message EAT AT JOES ignoring the spaces and punctuation is as
before
4; 0; 19; 0; 19; 9; 14; 4; 18:
Therefore the message units are
.4; 0/; .19; 0/; .19; 9/; .14; 4/; .18; 18/
repeating the last letter to end the message.
The enciphering matrix A has determinant 1 which is a unit mod 26 and hence is
invertible so it is a valid key.
333
Section 22.2 Encryption and Number Theory
Now we must apply the map f .v/ D Av CB mod 26 to each digraph. For example

4
5 1
4
5
20
5
25
A
CB D
C
D
C
D
:
0
8 7
0
3
32
3
9
Doing this to the other message units we obtain
.25; 9/; .22; 25/; .5; 10/; .1; 13/; .9; 13/:
Now rewriting these as digraphs of letters we get
(Z, J), (W, Z), (F, K), (B, N), (J, N):
Therefore the coded message is
EAT AT JOES ! ZJWZFKBNJN:
Example 22.2.3. Suppose we receive the message ZJWZFKBNJN and we wish to
decode it. We know that an afne cipher with message units of length 2 in the English
language and keys

5 1
AD
; B D .5; 3/
8 7
is being used.
The decryption map is given by
v ! A1 .v B/:
so we must nd the inverse matrix for A. For a 2 2 invertible matrix
a b
c d
1
1
D
ad bc
a
b
c d

d b
:
c a
Therefore in this case recalling that multiplication is mod 26

5 1
7 1
AD
H) A1 D
:
8 7
8 5
The message ZJWZFKBNJN in terms of message units is
.25; 9/; .22; 25/; .5; 10/; .1; 13/; .9; 13/:
We apply the decryption map to each digraph. For example

20
7 1
25
5
B D

D .4; 0/:
A1
6
8 5
9
3
we have
334
Doing this to each we obtain

.4; 0/; .19; 0/; .19; 9/; .14; 4/; .18; 18/
and rewriting in terms of letters
(E, A), (T, A), (T, J), (O, E), (S, S):
This gives us
ZJWZFKBNJN ! EATATJOESS:
Modern cryptography is done via a computer. Hence all messages both plaintext
and ciphertext are actually presented as binary strings. Important in this regard is the
concept of a hash function.
A cryptographic hash function is a deterministic function
h W S ! 0; 1n
that returns for each arbitrary block of data, called a message, a xed size bit string.
It should have the property that a change in the data will change the hash value. The
hash value is called the digest.
An ideal cryptographic hash function has the following properties:
(1) It is easy to compute the hash value for any given message.
(2) It is infeasible to nd a message that has a given hash value (preimage resistant).
(3) It is infeasible to modify a message without changing its hash.
(4) It is infeasible to nd two different messages with the same hash (collision resistant).
A cryptographic hash function can serve as a digital signature.
Hash functions can also be used with encryption. Suppose that Bob and Alice want
to communicate openly. They have exchanged a secret key K that supposedly only
they know. Let fK be an encryption function or encryption algorithm based on the
key K. Alice wants to send the message m to Bob and m is given as a binary bit
string. Alice sends to Bob
fK .m/ h.K/
where is addition modulo 2.
Bob knows the key K and hence its hash value h.K/. He now computes
fK .m/ h.K/ h.K/:
Section 22.3 Public Key Cryptography
335
Since addition modulo 2 has order 2 we have

fK .m/ h.K/ h.K/ D fk .M /:
Bob now applies the decryption algorithm fK1 to decode the message.
Alice could have just as easily sent fK .m/ K. However sending the hash has
two benets. Usually the hash is shorter than the key and from the properties of hash
functions it gives another level of security. As we will see, tying the secret key to
the actual encryption in this manner is the basis for the El-Gamal and elliptic curve
cryptographic methods.
The encryption algorithm fK is usually a symmetric key encryption so that anyone knowing K can encrypt and decrypt easily. However it should be resistant to
plaintext-ciphertext attacks. That is if an attacker gains some knowledge of a piece
of plaintext together with the corresponding ciphertext it should not compromise the
whole system.
The encryption algorithm can either be a block cipher or a stream cipher. In the
former, blocks of xed length k are transformed into blocks of xed length n and
there is a method to ties the encrypted blocks together. In the latter, a stream cipher,
bits are transformed one by one into new bit strings by some procedure.
In 2001 the National Institute of Standards and Technology adopted a block cipher now called AES for Advanced Encryption System as the industry standard for a
symmetric key encryption. Although not universally used it is the most widely used.
This block cipher was a standardization of the Rijnadel cipher named after its inventor
Rijmen and Daeman.
AES replaced DES or Digital Encryption System which had been the standard.
Parts of DES were found to be insecure. AES proceeds with several rounds of encrypting blocks and then mixing blocks. The mathematics in AES is done over the
nite eld GF.28 /.
22.3
Public Key Cryptography
Presently there are many instances where secure information must be sent over open
communication lines. These include for example banking and nancial transactions,
purchasing items via credit cards over the Internet and similar things. This led to the
development of public key cryptography. Roughly, in classical cryptography only the
sender and receiver know the encoding and decoding methods. Further it is a feature
of such cryptosystems, such as the ones that weve looked at, that if the encrypting
method is known then the decryption can be carried out. In public key cryptography the encryption method is public knowledge but only the receiver knows how to
decode. More precisely in a classical cryptosystem once the encrypting algorithm is
known the decryption algorithm can be implemented in approximately the same order
of magnitude of time. In a public key cryptosystem, developed rst by Dife and
336
Hellman, the decryption algorithm is much more difcult to implement. This difculty depends on the type of computing machinery used and as computers get better,
new and more secure public key cryptosystems become necessary.
The basic idea in a public key cryptosystem is to have a one-way function or trapdoor function. That is a function which is easy to implement but very hard to invert.
Hence it becomes simple to encrypt a message but very hard, unless you know the
inverse, to decrypt.
The standard model for public key systems is the following. Alice wants to send a
message to Bob. The encrypting map fA for Alice is public knowledge as well as the
encrypting map fB for Bob. On the other hand the decryption algorithms fA1 and
fB1 are secret and known only to Alice and Bob respectively. Let P be the message
Alice wants to send to Bob. She sends fB fA1 .P /. To decode Bob applies rst fB1 ,
which only he knows. This gives him fB1 .fB fA1 .P // D fA1 .P /. He then looks
up fA which is publically available and applies this fA .fA1 .P // D P to obtain the
message. Why not just send fB .P /. Bob is the only one who can decode this. The
idea is authentication, that is being certain from Bobs point of view that the message
really came from Alice. Suppose P is Alices verication; signature, social security
number etc. If Bob receives fB .P / it could be sent by anyone since fB is public. On
the other hand since only Alice supposedly knows fA1 getting a reasonable message
from fA .fB1 fB fA1 .P // would verify that it is from Alice. Applying fB1 alone
should result in nonsense.
Getting a reasonable one way function can be a formidable task. The most widely
used (at present) public key systems are based on difcult to invert number theoretic
functions. The original public key system was developed by Dife and Hellman in
1976. It was followed closely by a second public key system developed by Rivest,
Shamir and Adeelman known as the RSA system. Although at present there are many
different public key systems in use most are variations of these original two. The
variations are attempts to make the systems more secure. We will discuss four such
systems.
22.3.1 The DifeHellman Protocol

Dife and Hellman in 1976 developed the original public key idea using the discrete
log problem. In modular arithmetic it is easy to raise an element to a power but difcult
to determine, given an element, if it is a power of another element. Specically if G
is a nite group, such as the cyclic multiplicative group of Zp where p is a prime,
and h D gk for some k then the discrete log of h to the base g is any integer t with
h D gt .
The rough form of the DifeHellman public key system is as follows. Bob and
Alice will use a classical cryptosystem based on a key k with 1 < k < q 1 where
q is a prime. It is the key k that Alice must share with Bob. Let g be a multiplicative
337
generator of Z?q the multiplicative group of Zq . The generator g is public. It is known

that this group is cyclic if q is a prime.
Alice chooses an a 2 Zq with 1 < a < q 1. She makes public ga . Bob chooses
a b 2 Z?q and makes public g b . The secret key is gab . Both Bob and Alice, but
presumably none else, can discover this key. Alice knows her secret power a and the
value g b is public from Bob. Hence she can compute the key gab D .g b /a . The
analogous situation holds for Bob. An attacker however only knows g a and g b and g.
Unless the attacker can solve the discrete log problem the key exchange is secure.
Given q; g; g a ; g b the problem of determining the secret key gab is called the
DifeHellman problem. At present the only known solution is to solve the discrete
log problem which appears to be very hard. In choosing the prime q and the generator
g it is assumed that the prime q is very large so that the order of g is very large. There
are algorithms to solve the discrete log problem is q is too small.
One attack on the DifeHellman key exchange is a man in the middle attack. Since
the basic protocol involves no authentication an attacker can pretend to be Bob and
get information from Alice and then pretend to be Alice and get information from
Bob. In this way the attacker could get the secret shared key. To prevent this, digital
signatures are often used (see [60] for a discussion of these).
The decision DifeHellman problem is given a prime q and g a mod q, g b mod q
and g c mod q determine if gc D g ab .
In 1997 it became known that the ideas of public key cryptography were developed
by British Intelligence Services prior to Dife and Hellman.
22.3.2 The RSA Algorithm

In 1977 Rivest, Adelman and Shamir developed the RSA algorithm, which is presently
(in several variations) the most widely used public key cryptosystem. It is based on
the difculty of factoring large integers and in particular on the fact that it is easier to
test for primality than to factor very large integers.
In basic form the RSA algorithm works as follows. Alice chooses two large primes
pA ; qA and an integer eA relatively prime to .pA qA / D .pA 1/.qA 1/ where
is the Euler phi-function. It is assumed that these integers are chosen randomly to
minimize attack. Primality tests arise in the following manner. Alice rst randomly
chooses a large odd integer m and tests it for primality. If its prime it is used. If
not, she tests m C 2, m C 4 and so on until she gets her rst prime pA . She then
repeats the process to get qA . Similarly she chooses another odd integer m and tests
until she gets an eA relatively prime to .pA qA /. The primes she chooses should be
quite large. Originally RSA used primes of approximately 100 decimal digits, but as
computing and attack have become more sophisticated, larger primes have had to be
utilized. Presently keys with 400 decimal digits are not uncommon. Once Alice has
obtained pA ; qA ; eA she lets nA D pA qA and computes dA , the multiplicative inverse
of eA modulo .nA /. That is dA satises eA dA 1 mod .pA 1/.qA 1/. She makes
338
public the enciphering key KA D .nA ; eA / and the encryption algorithm known to all
is
fA .P / D P eA mod nA
where P 2 ZnA is a message unit. It can be shown that if .eA ; .pA 1/.qA 1// D 1
and eA dA 1 mod .pA 1/.qA 1/ then P eA dA P mod nA (see exercises).
Therefore the decryption algorithm is
fA1 .C / D C da
mod nA :
Notice then that fA1 .fA .P // D P eA dA P mod nA so it is the inverse.

Now Bob makes the same type of choices to obtain pB ; qB ; eB . He lets nB D
pB qB and makes public his key KB D .nB ; eB /.
If Alice wants to send a message to Bob that can be authenticated to be from Alice
she sends fB .fA1 .P //. An attack then requires factoring nA or nB which is much
more difcult than obtaining the primes pA ; qA ; pB ; qB .
In practice suppose there is an N letter alphabet which is to be used for both plaintext and ciphertext. The plaintext message is to consist of k vectors of letters and the
ciphertext message of l vectors of letters with k < l. Each of the k plaintext letters
in a message unit P are then considered as integers mod N and the whole plaintext
message is considered as a k digit integer written to the base N (see example below).
The transformed message is then written as an l digit integer mod N and then the
digits are then considered integers mod N from which encrypted letters are found.
To ensure that the range of plaintext messages and ciphertext messages are the same
k < l are chosen so that
N k < nU < N l
for each user U, that is nU D pU qU . In this case any plaintext message P is an
integer less than N k considered as an element of ZnU . Since nU < N l the image
under the power transformation corresponds to an l digit integer written to the base
N and hence to an l letter block. We give an example with relatively small primes. In
real world applications the primes would be chosen to have over a hundred digits and
the computations and choices must be done using good computing machinery.
Example 22.3.1. Suppose N D 26, k D 2 and l D 3. Suppose further that Alice
chooses pA D 29, qA D 41, eA D 13. Here nA D 29 41 D 1189 so she makes
public the key KA D .1189; 13/. She then computes the multiplicative inverse dA
of 13 mod 1120 D 28 40. Now suppose we want to send her the message TABU.
Since k D 2 the message units in plaintext are 2 vectors of letters so we separate the
message into TA BU. We show how to send TA. First the numerical sequence for the
letters TA mod 26 is (19,0). We then use these as the digits of a 2-digit number to the
base 26. Hence
TA D 19 26 C 0 1 D 494:
339
We now compute the power transformation using her eA D 13 to evaluate

f .19; 0/ D 49413
mod 1189:
This is evaluated as 320. Now we write 320 to the base 26. By our choices of k; l this
can be written with a maximum of 3 digits to this base. Then
320 D 0 262 C 12 26 C 8:
The letters in the encoded message then correspond to .0; 12; 8/ and therefore the
encryption of TA is AMI.
To decode the message Alice knows dA and applies the inverse transformation.
Since we have assumed that k < l this seems to restrict the direction in which
messages can be sent. In practice to allow messages to go between any two users the
following is done. Suppose Alice is sending an authenticated message to Bob. The
keys kA D .nA ; eA /; kB D .nB ; eB / are public. If nA < nB Alice sends fB fA1 .P /.
On the other hand if nA > nB she sends fA1 fB .P /.
There have been attacks on RSA for special types of primes so care must be chosen
in choosing the primes.
The computations and choices used in real world implementations of the RSA algorithm must be done with computers. Similarly, attacks on RSA are done via computers. As computing machinery gets stronger and factoring algorithms get faster, RSA
becomes less secure and larger and larger primes must be used. In order to combat
this, other public key methods are in various stages of ongoing development. RSA and
DifeHellman and many related public key cryptosystems use properties in abelian
groups. In recent years a great deal of work has been done to encrypt and decrypt using certain nonabelian groups such as linear groups or braid groups. We will discuss
these later in the chapter.
22.3.3 The El-Gamal Protocol

The El-Gamal cryptosystem is a method to use the DifeHellman key exchange
method to do encryption. The method works as follows and uses the fact that hash
functions can also be used with encryption. Suppose that Bob and Alice want to
communicate openly. They have exchanged a secret key K that supposedly only they
know. Let fK be an encryption function or encryption algorithm based on the key K.
Alice wants to send the message m to Bob and m is given as a binary bit string. Alice
sends to Bob
fK .m/ h.K/
where is addition modulo 2.
Bob knows the key K and hence its hash value h.K/. He now computes
fK .m/ h.K/ h.K/:
340
Since addition modulo 2 has order 2 we have

fK .m/ h.K/ h.K/ D fk .M /:
Bob now applies the decryption algorithm fK1 to decode the message.
Hence if K is a publicly exchanged secret key and fK is a cryptosystem based on
K then the above format allows an encryption algorithm to go with the key exchange.
The El-Gamal system does this with the DifeHellman key exchange protocol.
Suppose that Bob and Alice want to communicate openly. Alice chooses a prime
q and a generator g of the multiplicative group Zq . q should be large enough to
thwart the known discrete logarithm algorithms. Alice then chooses an integer a with
1 < a < q 1. She then computes
A D ga
mod q:
Her public key is then .q; g; A/. Bob wants to send a message M to Alice. He rst
encrypts the message an integer m mod q. For Bob to now send an encrypted message
m to Alice he chooses a random integer b with 1 < b < q 2 and compute
B D gb
mod q:
Bob then sends to Alice the integer

c D Ab m mod q
that is Bob encrypts the whole message by multiplying it by the DifeHellman
shared key. The complete El-Gamal ciphertext is then the pair .B; c/.
How does Alice decode the message. Given the message m she knows how to
reconstruct the plaintext message M so she must recover the mod q integer m. As in
the DifeHellman key exchange she can compute the shared key Ab D B a . She can
then divide c by this DifeHellman key g ab to obtain m. To avoid having to nd the
inverse of B a mod q which can be difcult she computes the exponent x D p 1 a.
The inverse is then B x mod q.
For each new El-Gamal encryption a new exponent b is chosen so that there is a
random component of El-Gamal which improves the security.
Breaking the El-Gamal system is as difcult as breaking the DifeHellman protocol and hence is based on the difculty of the discrete log problem. However the
El-Gamal has the advantage that the choice of primes is random. As mentioned the
primes should be chosen large enough to not be susceptible to known discrete log
algorithms. Presently the primes should be of binary length at least 512.
c D Ab m
mod q:
341
22.3.4 Elliptic Curves and Elliptic Curve Methods

A very powerful approach which has had wide ranging applications in cryptography
is to use elliptic curves. If F is a eld of characteristic not equal to 2 or 3 then an
elliptic curve over F is the locus of points .x; y/ 2 F F satisfying the equation
y 2 D x 3 C ax C b
with 4a3 C 27b 2 0:
We denote by 0 a single point at innity and let

E.F / D .x; y/ 2 F F W y 2 D x 3 C ax C b [ 0:
The important thing about elliptic curves from the viewpoint of cryptography is that
a group structure can be placed on E.F /. In particular we dene the operation C on
E.F / by
1. 0 C P D P for any point P 2 E.F /.
2. If P D .x; y/ then P D .x; y/ and 0 D 0.
3. P C .P / D 0 for any point P 2 E.F /.
4. If P1 D .x1 ; y1 /; P2 D .x2 ; y2 / with P1 P2 then
P1 C P2 D .x3 ; y3 /
with
x3 D m2 .x1 C x2 /;
and
y3 D m.x3 x1 / y1
mD
y2 y 1
x2 x 1
if x2 x1
mD
3x12 C a
2y1
if x2 D x1 :
and
This operation has a very nice geometric interpretation if F D R the real numbers.
It is known as the chord and tangent method. If P1 P2 are two points on the curve
then the line through P1 ; P2 intersects the curve at another point P3 . If we reect P3
through the x-axis we get P1 C P2 . If P2 D P2 we take the tangent line at P1 .
With this operation E.F / becomes an abelian group (due to Cassels) whose structure can be worked out.
Theorem 22.3.2. E.F / together with the operations dened above forms an abelian
group. In F is a nite eld of order p k then E.F / is either cyclic or has the structure
E.F / D Zm1 Zm2
with m1 jm2 and m1 j.p k 1/.
342
A comprehensive description and discussion of elliptic curve methods can be found

in Crandall and Pomerance [52].
The groups of elliptic curves can be used for cryptography as developed by Koblitz
and others. If q is a prime and a; b 2 Zq then we can form the elliptic curve E.p W
a; b/ and the corresponding elliptic curve abelian group. In this group the Dife
Hellman key exchange protocol and the corresponding El-Gamal encryption system
can be implemented. Care must be taken that the discrete log problem in E.qI a; b/ is
difcult. The curve is then called a cryptographically secure elliptic curve.
Elliptic curve public-key cryptosystems are at present the most important commutative alternatives to the use of the RSA algorithm. There are several reasons for this.
They are more efcient in many cases than RSA and keys in elliptic curve systems are
much smaller than keys in RSA. It is felt that it is important to have good workable
alternatives to RSA in the event that factoring algorithms become strong enough to
compromise RSA encryption.
22.4
Noncommutative Group based Cryptography
The public key cryptosystems and public key exchange protocols that we have discussed, such as the RSA algorithm, DifeHellman, El-Gamal and elliptic curve
methods are number theory based and hence depend on the structure of abelian groups.
Although there have been no overall successful attacks on the standard methods there
is a feeling that the strength of computing machinery has made these techniques theoretically susceptible to attack. As a result of this, there has been a recent active line of
research to develop cryptosystems and key exchange protocols using noncommutative
cryptographic platforms. This line of investigation has been given the broad title of
noncommutative algebraic cryptography. Since most of the cryptographic platforms
are groups this is also known as group based cryptography. The book by Myasnikov,
Shpilrain and Ushakov [63] provides an overview of group based cryptographic methods tied to complexity theory.
Up to this point the main sources for noncommutative cryptographic platforms has
been nonabelian groups. In cryptosystems based on these objects algebraic properties
of the platforms are used prominently in both devising cryptosystems and in cryptanalysis. In particular the nonsolvability of certain algorithmic problems in nitely
presented groups, such as the conjugator search problem, has been crucial in encryption and decryption.
The main sources for nonabelian groups are combinatorial group theory and linear group theory. Braid group cryptography (see [53]), where encryption is done
within the classical braid groups, is one prominent example. The one way functions
in braid group systems are based on the difculty of solving group theoretic decision
problems such as the conjugacy problem and conjugator search problem. Although
braid group cryptography had initial spectacular success, various potential attacks
Section 22.4 Noncommutative Group based Cryptography
343
have been identied. Borovik, Myasnikov, Shpilrain [49] and others have studied the
statistical aspects of these attacks and have identied what are termed black holes
in the platform groups outside of which present cryptographic problems. Baumslag.
Fine and Xu in [46] and [69] suggested potential cryptosystems using a combination
of combinatorial group theory and linear groups and a general schema for the these
types of cryptosystems was given. In [47] a public key version of this schema using
the classical modular group as a platform was presented. A cryptosystem using the
extended modular group SL2 .Z/ was developed by Yamamura [70] but was subsequently shown to have loopholes [67]. In [47] attacks based on these loopholes were
closed.
The extension of the cryptographic ideas to noncommutative platforms involves the
following ideas,
(1) General Algebraic Techniques for Developing Cryptosystems
(2) Potential Algebraic Platforms (Specic Groups, Rings, etc.) for implementing
the Techniques
(3) Cryptanalysis and Security Analysis of the Resulting Systems.
The main source for noncommutative platforms are nonabelian groups and the main
method for handling nonabelian groups in cryptography is combinatorial group theory
which we discussed in detail in Chapter 14. The basic idea in using combinatorial
group theory for cryptography is that elements of groups can be expressed as words
in some alphabet. If there is an easy method to rewrite group elements in terms of
these words and further the technique used in this rewriting process can be supplied
by a secret key then a cryptosystem can be created.
One of the earliest descriptions of a free group cryptosystem was in a paper by
W. Magnus in the early 1970s [61]. Recall that the classical modular group M is
M D PSL2 .Z/. Hence M consists of the 2 2 projective integral matrices:

a b
M D
W ad bc D 1; a; b; c; d 2 Z :
c d
Equivalently M can be considered as the set of integral linear fractional transformations with determinant 1:
z0 D
az C b
;
cz C d
ad bc D 1;
a; b; c; d 2 Z:
Magnus proved the following theorem.

Theorem 22.4.1 ([46]).

1
The matrices

1
1 C 4t 2 2t
;
;
2t
1
2
t D 1; 2; 3; : : :
344
freely generate a free subgroup F of innite index in M . Further distinct elements of

F have distinct rst columns.
Since the entries in the generating matrices are positive we can do the following.
Choose a set
T1 ; : : : ; Tn
of projective matrices from the set above with n large enough to encode a desired
plaintext alphabet A. Any message would be encoded by a word
W .T1 ; : : : ; Tn /
with nonnegative exponents. This represents an element g of F . The two elements
in the rst column determine W and therefore g. Receiving W then determines the
message uniquely.
The idea of using the difculty of group theory decision problems in innite nonabelian groups was rst developed by Magyarik and Wagner in 1985. They devised
a public key protocol based on the difculty of the solution of the word problem (see
Chapter 14). Although this was a seminal idea their basic cryptosystem was really unworkable and not secure in the form they presented. Wagner and Magyarik outlined
a conceptual public key cryptosystem based on the hardness of the word problem for
nitely presented groups. At the same time, they gave a specic example of such
a system. Gonzlez Vasco and Steinwandt proved that their approach is vulnerable
to so-called reaction attacks. In particular, for the proposed instance it is possible to
retrieve the private key just by watching the performance of a legitimate recipient.
The general scheme of the Wagner and Magyarik public-key cryptosystemis as
follows. Let X be a nite set of generators, and let R and S be nite sets of relators
such that the group G0 D hXI R [ S i has an easy word problem. That is the word
problem can be solved in polynomial time while the G D hX I Ri has a hard word
problem (see Chapter 14 for terminology).
Choose two words W0 and W1 which are not equivalent in G0 (and hence not equivalent in G). The public key is the presentation hXI Ri and the chosen words W0 and
W1 . To encrypt a single bit 2 0; 1, pick Wi and transform it into a ciphertext word
W by repeatedly and randomly applying Tietze transformations to the presentation
hX I Ri. To decrypt a word W , run the algorithm for the word problem of G0 in order to decide which of Wi W 1 is equivalent to the empty word for the presentation
hXI R [ Si The private key is the set S. Actually, this is not sufcient and Wagner
and Magyarik are not clear on this point. The public key should be a deterministic
polynomial-time algorithm for the word problem of G0 D hX I R [ Si. Just knowing
S does not automatically and explicitly give us an efcient algorithm (even if such an
algorithm exists).
345
22.4.1 Free Group Cryptosystems

The simplest example of a nonabelian group based cryptosystem is perhaps a free
group cryptosystem. This can be described in the following manner.
Consider a free group F on free generators x1 ; : : : ; xr . Then each element g in
F has a unique expression as a word W .x1 ; : : : ; xr /. Let W1 ; : : : ; Wk with Wi D
Wi .x1 ; : : : ; xr / be a set of words in the generators x1 ; : : : ; xr of the free group F .
At the most basic level, to construct a cryptosystem, suppose that we have a plaintext
alphabet A. For example, suppose that A D a; b; : : : are the symbols needed to
construct meaningful messages in English. To encrypt, use a substitution ciphertext
A ! W1 ; : : : ; Wk :
That is
a 7! W1 ;
b 7! W2 ; : : : :
Then given a word W .a; b; : : :/ in the plaintext alphabet form the free group word
W .W1 ; W2 ; : : :/. This represents an element g in F . Send out g as the secret message.
In order to implement this scheme we need a concrete representation of g and
then for decryption a way to rewrite g back in terms of W1 ; : : : ; Wk . This concrete
representation is the idea behind homomorphic cryptosystems.
The decryption algorithm in a free group cryptosystem then depends on the ReidemeisterSchreier rewriting process. As described in Chapter 14 this is a method to
rewrite elements of a subgroup of a free group in terms of the generators of that subgroup. Recall that roughly it works as follows. Assume that W1 ; : : : ; Wk are free
generators for some subgroup H of a free group F on x1 ; : : : ; xn . Each Wi is then
a reduced word in the generators x1 ; : : : ; xn . A Schreier transversal for H is a set
h1 ; : : : ; h t ; : : : of (left) coset representatives for H in F of a special form (see Chapter 14). Any subgroup of a free group has a Schreier transversal. The Reidemeister
Schreier process allows one to construct a set of generators W1 ; : : : ; Wk for H by
using a Schreier transversal. Further given the Schreier transversal from which the set
of generators for H was constructed, the ReidemeisterSchreier rewriting process allows us to algorithmically rewrite an element of H . Given such an element expressed
as a word W D W .x1 ; : : : ; xr / in the generators of F this algorithm rewrites W as a
word W ? .W1 ; : : : ; Wk / in the generators of H .
The knowledge of a Schreier transversal and the use of ReidemeisterSchreier
rewriting facilitates the decoding process in the free group case but is not essential. Given a known set of generators for a subgroup the Stallings Folding Method
to develop a subgroup graph can also be utilized to rewrite in terms of the given generators. The paper by Kapovich and Myasnikov [58] is now a standard reference for
this method in free groups. At present there is an ongoing study of the complexity of
ReidemeisterSchreier being done by Baumslag, Brukhov, Fine and Troeger.
346
Pure free group cryptosystems are subject to various attacks and can be broken easily. However a public key free group cryptosystem using a free group representation
in the Modular group was developed by Baumslag, Fine and Xu [46, 47]. The most
successful attacks on free group cryptosystems are called length based attacks. Here
an attacker multiplies a word in ciphertext by a generator to get a shorter word which
could possibly be decoded.
Baumslag, Fine and Xu in [46] described the following general encryption scheme
using free group cryptography. A further enhancement was discussed in the paper [47].
We start with a nitely presented group
G D hXjRi
where X D x1 ; : : : ; xn and a faithful representation
W G ! G:
G can be any one of several different kinds of objects linear group, permutation
group, power series ring etc.
We assume that there is an algorithm to re-express an element of .G/ in G in terms
of the generators of G. That is if g D W .x1 ; : : : ; xn ; : : :/ 2 G where W is a word in
the these generators and we are given .g/ 2 G we can algorithmically nd g and its
expression as the word W .x1 ; : : : ; xn /.
Once we have G we assume that we have two free subgroups K; H with
H K G:
We assume that we have xed Schreier transversals for K in G and for H in K both of
which are held in secret by the communicating parties Bob and Alice. Now based on
the xed Schreier transversals we have sets of Schreier generators constructed from
the ReidemeisterSchreier process for K and for H .
k1 ; : : : ; km ; : : :
for K
h1 ; : : : ; h t ; : : :
for H:
and
Notice that the generators for K will be given as words in x1 ; : : : ; xn the generators
of G while the generators for H will be given as words in the generators k1 ; k2 ; : : :
for K. We note further that H and K may coincide and that H and K need not in
general be free but only have a unique set of normal forms so that the representation
of an element in terms of the given Schreier generators is unique.
We will encode within H , or more precisely within .H /. We assume that the
number of generators for H is larger than the set of characters within our plaintext
347
alphabet. Let A D a; b; c; : : : be our plaintext alphabet. At the simplest level we

choose a starting point i, within the generators of H , and encode
a 7! hi ;
b 7! hi C1 ; : : :
etc.
Suppose that Bob wants to communicate the message W .a; b; c; : : :/ to Alice where
W is a word in the plaintext alphabet. Recall that both Bob and Alice know the
various Schreier transversals which are kept secret between them. Bob then encodes
W .hi ; hiC1 ; : : :/ and computes in G the element W ..hi /; .hi C1 /; : : :/ which he
sends to Alice. This is sent as a matrix if G is a linear group or as a permutation if G
is a permutation group and so on.
Alice uses the algorithm for G relative to G to rewrite W ..hi /; .hi C1 /; : : :/ as
a word W ? .x1 ; : : : ; xn / in the generators of G. She then uses the Schreier transversal for K in G to rewrite using the ReidemeisterSchreier process W ? as a word
W ?? .k1 ; : : : ; ks ; : : :/ in the generators of K. Since K is free or has unique normal
forms this expression for the element of K is unique. Once she has the word written
in the generators of K she uses the transversal for H in K to rewrite again, using the
ReidemeisterSchreier process, in terms of the generators for H . She then has a word
W ??? .hi ; hiC1 ; : : :/ and using hi 7! a; hi C1 7! b; : : : decodes the message.
In actual implementation an additional random noise factor is added.
In [46] and [47] an implementation of this process was presented that used for
the base group G the classical modular group M D PSL2 .Z/. Further it was a
polyalphabetic cipher which was secure.
The system in the modular group M was presented as follows. A list of nitely
generated free subgroups H1 ; : : : ; Hm of M is public and presented by their systems
of generators (presented as matrices). In a full practical implementation it is assumed
that m is large. For each Hi we have a Schreier transversal
h1;i ; : : : ; h t.i/;i
and a corresponding ordered set of generators
W1;i ; : : : ; Wm.i /;i
constructed from the Schreier transversal by the ReidemeisterSchreier process. It is
assumed that each m.i/ l where l is the size of the plaintext alphabet, that is each
subgroup has many more generators than the size of the plaintext alphabet. Although
Bob and Alice know these subgroups in terms of free group generators what is made
public are generating systems given in terms of matrices.
The subgroups on this list and their corresponding Schreier transversals can be chosen in a variety of ways. For example the commutator subgroup of the Modular group
is free of rank 2 and some of the subgroups Hi can be determined from homomorphisms of this subgroup onto a set of nite groups.
348
Suppose that Bob wants to send a message to Alice. Bob rst chooses three integers
.m; q; t / where
m D choice of the subgroup Hm
q D starting point among the generators of Hm
for the substitution of the plaintext alphabet
t D size of the message unit:
We clarify the meanings of q and t . Once Bob chooses m, to further clarify the
meaning of q, he makes the substitution
a 7! Wm;q ;
b 7! Wm;qC1 ; : : : :
Again the assumption is that m.i/ l so that starting almost anywhere in the sequence of generators of Hm will allow this substitution. The message unit size t is
the number of coded letters that Bob will place into each coded integral matrix.
Once Bob has made the choices .m; q; t / he takes his plaintext message W .a; b; : : :/
and groups blocks of t letters. He then makes the given substitution above to form the
corresponding matrices in the Modular group;
T1 ; : : : ; Ts :
We now introduce a random noise factor. After forming T1 ; : : : ; Ts , Bob then multiplies on the right each Ti by a random matrix in M say RTi (different for each
Ti ). The only restriction on this random matrix RTi is that there is no free cancellation in forming the product Ti RTi . This can be easily checked and ensures that the
freely reduced form for Ti RTi is just the concatenation of the expressions for Ti and
RTi . Next he sends Alice the integral key .m; q; t / by some public key method (RSA,
AnshelAnshelGoldfeld etc.). He then sends the message as s random matrices
T1 RT1 ; T2 RT2 ; : : : ; Ts RTs :
Hence what is actually being sent out are not elements of the chosen subgroup Hm
but rather elements of random right cosets of Hm in M . The purpose of sending
coset elements is two-fold. The rst is to hinder any geometric attack by masking
the subgroup. The second is that it makes the resulting words in the modular group
generators longer effectively hindering a brute force attack.
To decode the message Alice rst uses public key decryption to obtain the integral
keys .m; q; t /. She then knows the subgroup Hm , the ciphertext substitution from
the generators of Hm and how many letters t each matrix encodes. She next uses
the algorithms described in Section 14.4 to express each Ti RTi in terms of the free
group generators of M say WTi .y1 ; : : : ; yn /. She has knowledge of the Schreier
Section 22.5 KoLee and AnshelAnshelGoldfeld Methods
349
transversal, which is held secretly by Bob and Alice, so now uses the Reidemeister
Schreier rewriting process to start expressing this freely reduced word in terms of the
generators of Hm . The ReidemeisterSchreier rewriting is done letter by letter from
left to right (see Chapter 14). Hence when she reaches t of the free generators she
stops. Notice that the string that she is rewriting is longer than what she needs to
rewrite in order to decode as a result of the random polynomial RTi . This is due to
the fact that she is actually rewriting not an element of the subgroup but an element in
a right coset. This presents a further difculty to an attacker. Since these are random
right cosets it makes it difcult to pick up statistical patterns in the generators even if
more than one message is intercepted. In practice the subgroups should be changed
with each message.
The initial key .m; q; t / is changed frequently. Hence as mentioned above this
method becomes a type of polyalphabetic cipher. Polyalphabetic ciphers have historically been very difcult to decode.
A further variation of this method using a formal power series ring in noncommuting variables over a eld was described in [43].
There have been many cryptosystems based on the difculty of solving hard group
theoretic problems. The book by Myasnikov, Shpilrain and Ushakov [63] describes
many of these in detail.
22.5
KoLee and AnshelAnshelGoldfeld Methods
After the initial attempt by Wagner and Magyarik to develop a cryptosystem based on
a hard group theoretic problem there have been many developments using nonabelian
groups in cryptography. Among the rst were the cryptographic schemes of Anshel,
Anshel and Goldfeld [42] and Ko and Lee [59]. Both sets of authors, at about the
same time, proposed using nonabelian groups and combinatorial group theory for
public key exchange. The security of these systems depended on the difculty of
solving certain hard group theoretic problems.
The methods of both AnshelAnshelGoldfeld and KoLee can be considered as
group theoretic analogs of the number theory based DifeHellman method. The basic underlying idea is the following. If G is a group and g; h 2 G we let gh denote the
conjugate of g by h, that is g h D h1 gh. The simple observation is that this behaves
like ordinary exponentiation in that .gh1 /h2 D g h1 h2 . From this straightforward idea
one can exactly mimic the DifeHellman protocol within a nonabelian group.
Both the AnshelAnshelGoldfeld protocol and the KoLee protocol start with a
platform group G given by a group presentation. A major assumption in both protocols is that the elements of G have nice unique normal forms that are easy to compute
for given group elements. However it is further assumed that given normal forms for
x; y 2 G the normal form for the product xy does not reveal x or y.
350
22.5.1 The KoLee Protocol

Ko and Lee [59] developed a public key exchange system that is a direct translation
of the DifeHellman protocol to a nonabelian group theoretic setting. Its security is
based on the difculty of the conjugacy problem. We again assume that the platform
group has nice unique normal forms that are easy to compute given a group element
but hard to recover the group element. Recall again that gh means the conjugate of g
by h.
In the KoLee protocol, Alice and Bob choose commuting subgroups A and B of
the platform group G. A is Alices subgroup while Bobs subgroup is B and these are
secret. Now they completely mimic the classical DifeHellman technique. There is
a public element g 2 G, Alice chooses a random secret element a 2 A and makes
public g a . Bob chooses a random secret element b 2 B and makes public gb . The
secret shared key is g ab . Notice that ab D ba since the subgroups commute. It
follows then, that .g a /b D gab D gba D .g b /a just as if these were exponents.
Hence both Bob and Alice can determine the common secret. The difculty is in the
difculty of the conjugacy problem.
The conjugacy problem for a group G, or more precisely for a group presentation
for G is given g; h 2 G to determine algorithmically if they are conjugates. As with
the conjugator search problem it is known that the conjugacy is undecidable in general
but there are groups where it is but hard. These groups then become the target platform
groups for the KoLee protocol. As with the AnshelAnshelGoldfeld protocol, Ko
and Lee suggest the use of the braid groups.
As with the standard DifeHellman key exchange protocol using number theory the KoLee protocol can be changed to an encryption system via the El-Gamal
method. Their are several different variants of noncommutative El-Gamal systems.
22.5.2 The AnshelAnshelGoldfeld Protocol

We now describe the AnshelAnshelGoldfeld public key exchange protocol. Let
G be the platform group given by a nite presentation and with the assumptions on
normal forms as described above.
Alice and Bob want to communicate a shared secret. First, Alice and Bob choose
random nitely generated subgroups of G by giving a set of generators for each.
A D a1 ; : : : ; an ;
B D b1 ; : : : ; bm
and make them public. The subgroup A is Alices subgroup while the subgroup B is
Bobs subgroup.
Alice chooses a secret group word a D W .a1 ; : : : ; an / in her subgroup while Bob
chooses a secret group word b D V .b1 ; : : : ; bm / in his subgroup. For an element
g 2 G we let NF.g/ denote the normal form for g. Alice knows her secret word a
and knows the generators bi of Bobs subgroup. She makes public the normal forms
Section 22.6 Platform Groups and Braid Group Cryptography
351
of the conjugates
NF.bia /;
i D 1; : : : ; m:
Bob knows his secret word b and the generators ai of Alices subgroup and makes
public the normal forms of the conjugates
NF.ajb /;
j D 1; : : : ; n:
The common shared secret is the commutator

a; b D a1 b 1 ab D a1 ab D .b a /1 b:
Notice that Alice knows ab since she knows a in terms of generators ai of her
subgroup and she knows the conjugates by b since Bob has made the conjugates of
the generators of A by b public. Since Alice knows ab she knows a; b D a1 ab .
In an analogous manner Bob knows a; b D .b a /1 b. An attacker would have
to know the corresponding conjugator, that is the element that conjugates each of the
generators. Given elements g; h in a group G where it is known that g k D k 1 gk D h
the conjugator search problem is to determine the conjugator k. It is known that
this problem is undecidable in general, that is there are groups where the conjugator
cannot be determined algorithmically. On the other hand there are groups where the
conjugator search problem is solvable but difcult, that is the complexity of solving
the conjugator search problem is hard. Such groups become the ideal platform groups
for the AnshelAnshelGoldfeld protocol.
The security in this system is then in the difculty of the conjugator search problem.
Anshel, Anshel and Goldfeld suggested the Braid Groups as potential platforms, use
for example B80 with 12 or more generators in the subgroups. Their suggestion and
that of Ko and Lee led to development of braid group cryptography. There have been
various attacks on the Braid group system. However some have been handled by
changing the parameters. In general the ideas remain valid despite the attacks.
The AnshelAnshelGoldfeld key exchange can be developed into a cryptosystem
again by the El-Gamal method.
There have been many other public key exchange protocols developed using nonabelian groups. A large number of them are described in the book of Myasnikov,
Shpilrain and Ushakov [63]. The authors of that book themselves have developed
many of these methods. They use different hard group theoretic decision problems
and many have been broken. On the other hand the security of many of them is still
open and they perhaps can be used as viable alternatives to commutative methods.
22.6
Platform Groups and Braid Group Cryptography
Given a group based encryption scheme, such as KoLee or AnshelAnshelGoldfeld

a platform group is a group G in which the encryption is to take place. In general, platform groups for the noncommutative protocols that we have discussed require certain
352
properties. The rst is the existence of a normal form for elements in the group. Normal forms provide an effective method of disguising elements. Without this, one can
determine a secret key simply by inspection of group elements. Further if N.x/; N.y/
are the normal forms for x; y respectively then it should difcult to determine N.x/
and N.y/ from N.xy/. The existence of a normal form in a group implies that the
group has solvable word problem, which is essential for these protocols. For purposes
of practicality, the group also needs an efciently computable normal form, which
ensures an efciently solvable word problem.
In addition to the platform group having normal form, ideally, it would also be large
enough so that a brute force search for the secret key is infeasible.
Currently, there are many potential platform groups that have been suggested. The
following are some of the proposals. We refer to [63] for a discussion of many of
these.
Braid groups (KoLee, AnshelAnshelGoldfeld),
Thompson Groups (ShpilrainUshakov) [65],
Polycyclic Groups (EickKahrobaei) [54],
Linear Groups (BaumslagFineXu) [46, 47],
Free metabelian Groups (ShpilrainZapata) [66],
Artin Groups (ShpilrainZapata) [66],
Grigorchuk Groups (Petrides) [64],
Groups of Matrices (GrigorievPonomarenko) [55],
Surface Braid Groups (Camps) [51].
Most of these are discussed in detail in [63].

As platform groups for their respective protocols, both KoLee and Anshel
AnshelGoldfeld suggested the braid groups Bn (see [50]). The groups in this class
of groups possess the desired properties for the key exchange and key transport protocols; they have nice presentations with solvable word problems and conjugacy problems; the solution to the conjugacy and conjugator search problem is hard; there
are several possibilities for normal forms for element and they have many choices for
large commuting subgroups. Initially the braid groups were considered so ideal as
platforms that many other cryptographic applications were framed within the braid
group setting. These included authentication, that is identifying over a public airwave that a message received was from the correct sender and digital signature, that
is sending an encrypted message with an included authentication. There was so much
enthusiasm about using these groups that the whole area of study was named braid
group cryptography. A comprehensive and well-written article by Dehornoy [31] provides a detailed overview of the subject and we refer the reader to that for technical
details.
353
After the initial successes with braid group cryptographic schemes there were some
surprisingly effective attacks. There were essentially three types of attacks; an attack
using solutions to the conjugacy and conjugator search problems, an attack using
heuristic probability within Bn and an attack based on the fact that there are faithful linear representations of each Bn (see [31]). What is most surprising is that the
AnshelAnshelGoldfeld method was susceptible to a length based attack. In the
AnshelAnshelGoldfeld method the parameters are the specic braid group Bn and
the rank of the secret subgroups for Bob and Alice. A length based attack essentially
broke the method for the initial parameters suggested by AAG. The parameters were
then made larger and attacks by this method were less successful. However this led
to research on why these attacks on the conjugator search problem within Bn were
successful. What was discovered was that generically a random subgroup of Bn is a
free group and hence length based attacks are essentially attacks on free group cryptography and therefore successful. What this indicated was that although randomness
is important in cryptography in using the braid groups as platforms subgroups cannot
be chosen purely randomly.
Braid groups arise in several different areas of mathematics and have several equivalent formulations. We close this chapter and the book with a brief introduction to
braid groups. A complete topological and algebraic description can be found in the
book of Joan Birman [50].
A braid on n strings is obtained by starting with n parallel strings and intertwining
them. We number the strings at each vertical position and keep track of where each
individual string begins and ends. We say that two braids are equivalent if it is possible
to move the strings of one of the braids in space without moving the endpoints or
moving through a string and obtain the other braid. A braid with no crossings is
called a trivial braid. We form a product of braids in the following manner. If u is the
rst braid and v is the second braid then uv is the braid formed by placing the starting
points for the strings in v at the endpoints of the strings in u. The inverse of a braid
is the mirror image in the horizontal plane. It is clear that if we form the product of
a braid and its mirror image we get a braid equivalent to the trivial braid. With these
denitions the set of all equivalence classes braids on n strings forms a group Bn . We
let i denote the braid that has a single crossing from string i over string i C 1. Since
a general braid is just a series of crossings it follows that Bn is generated by the set i ;
i D 1; : : : ; n 1.
There is an equivalent algebraic formulation of the braid group Bn . Let Fn be a
free on the n generators x1 ; : : : ; xn with n > 2. Let i , i D 1; : : : ; n 1 be the
automorphism of Fn given by
i W xi 7! xi C1 ; xi C1 7! xi1
C1 xi xi C1
i W xj 7! xj ;
j i; i C 1:
354
Then each i corresponds precisely to the basic crossings in Bn . Therefore Bn can

be considered as the subgroup of Aut.Fn / generated by the automorphisms i , Artin
proved [28] (see also [24]) that a nite presentation for Bn is given by
Bn D h 1 ; : : : ; n1 I i ; j D 1 if ji j j > 1;
xi C1 xi xi C1 D xi xi C1 xi ; i D 1; : : : ; n 1i:
This is now called the Artin presentation. The fact that Bn is contained in Aut.Fn /
provides an elementary solution to the word problem in Bn since one can determine
easily if an automorphism of Fn is trivial on all the generators. We note that although the braid groups Bn are linear (the Lawrence-Krammer representation is faithful (see [31]) it is known that Aut.Fn / is not linear (see [34]).
From the commuting relations in the Artin presentation it is clear that each Bn has
the requisite collection of commuting subgroups.
The conjugacy problem for Bn was originally solved by Garside and it was assumed
that it was hard in the complexity sense. Recently there has been signicant research
on the complexity of the solution to the conjugacy problem (see [63] and [31]).
There are several possibilities for normal forms for elements of Bn . The two most
commonly used are the Garside normal form and the Dehornoy handle form. These
are described in [31] and [63].
For braid group cryptography one must be careful in using more than one normal
form in an encryption scheme. The second may expose what the rst is hiding and
vice versa (see [31]).
We describe rst the Dehornoy handle form. Let W be a word in the generators of
the braid group Bn . An xi -handle is a subword of W of the form
xi V xi
with D 1 and where the word V does not involve xi . If V does not contain any
xiC1 -handles then the xi -handle is called permitted
A braid word W is obtained from a braid word W 0 by a one step handle reduction
if some subword of W is a permitted xi -handle xi V xi and W 0 is obtained from W
by applying the following substitutions for all letters in the xi -handle
xj1 ! 1
if j D i
1
xj1 ! xi
C1 xi xi C1
if j D i C 1
xj1 ! xj1
if j < i or j > i C 1:
W can be obtained from W 0 by an m-step handle reduction if W can be obtained

from W 0 by a sequence of m one-step handle reductions.
A word is handle free if it has no handles. The handle free braid words provide
normal forms for the elements of Bn .
355
Theorem 22.6.1. Let W be a braid word. Then the following holds:

(1) Any sequence of handle reductions applied to W will eventually stop and produce a handle free braid word V representing the same element as W .
(2) The word W represents the identity in Bn if and only if any sequence of handle
reductions applied to W produces the trivial word or equivalently the handle
free form of W is trivial.
The handle free reduction process is very efcient and most of the time works in
polynomial time on the length of the braid word to produce the handle free form.
However there is no known theoretical complexity estimate (see [31]).
Garside solved the conjugacy problem using a different type of normal form for
Bn . Let Sn be the symmetric group on n letters and for each s 2 Sn let s be the
shortest positive braid such that . s / D s. The elements
S D s W s 2 Sn Bn
are called simple elements. We order the simple elements so that s < t if there
exists r 2 Sn such that t D s r . This produces a lattice structure on S.
The trivial braid is the smallest element of S while the greatest element of S is the
half-twist braid
D .n;n1;:::;2;1/ :
The Garside left normal form of a braid a 2 Bn is a pair .p; .s1 ; : : : ; s t // where
p 2 Z and s1 ; : : : ; s t is a sequence of permutations in Sn n 1; satisfying for each
i D 1; : : : ; t 1
1 D gcd. s 1 ; siC1 /
i
where
gcd. s ; t / D max r W r < s and r < t :
A normal form .p; .s1 ; : : : ; s t // represents the element
p

s1 : : : sn :
Theorem 22.6.2. There exists an algorithm which computes the normal form of the
corresponding braid for any braid word W D w.x1 ; : : : ; xn /.
356
22.7
Exercises
1. Show that if p; q are primes and e; d are positive integers with .e; .p1/.q1// D
1 and ed 1 mod .p 1/.q 1/ then aed a mod pq for any integer a. (This
is the basis if the decryption function used in the RSA algorithm.
2. The following table gives the approximate statistical frequency of occurrence of
letters in the English language. The passage below is encrypted with a simple
permutation cipher without punctuation. Use a frequency analysis to try to decode
it.
letter frequency letter frequency letter frequency
A
:082
B
:015
C
:028
D
:043
E
:127
F
:022
G
:020
H
:061
I
070
J
:002
K
:008
L
:040
M
:024
N
:067
O
:075
P
:019
Q
:001
R
:060
S
:063
T
:091
U
:028
V
:010
W
:023
X
:001
Y
:020
Z
:001
ZKIRNVMFNYVIRHZKLHRGREVRMGVTVIDSR
XSSZHZHGHLMOBKLHRGREVWRERHLIHLMVZ
MWRGHVOUKIRNVMFNYVIHKOZBZXIFXRZOI
LOVRMMFNYVIGSVLIBZMWZIVGSVYZHRHUL
IGHSHVMLGVHGSVIVZIVRMURMRGVOBNZMB
KIRNVHZMWGSVBHVIEVZHYFROWRMTYOLXP
HULIZOOGSVKLHRGREVRMGVTVIH
3. Encrypt the message NO MORE WAR using an afne cipher with single letters
keys a D 7, b D 5.
4. Encrypt the message NO MORE WAR using an afne cipher on 2 vectors of letters
and an encrypting keys

5 2
AD
; B D .3; 7/:
1 1
5. What is the decryption algorithm for the afne cipher given in the last problem.
6. How many different afne enciphering transformations are there on single letters
with an N letter alphabet.
7. Let N 2 N with N 2 and n ! an C b with .a; N / D 1 is an afne cipher on
an N letter alphabet. Show that if any two letters are guessed n1 ! m1 , n2 ! m2
with .n1 n2 ; N / D 1 then the code can be broken.
357
8. Let F be a free group of rank 3 with generators x; y; z. Code the English alphabet
by a 7! 0, b 7! 1; : : : . Consider the free group cryptosystem given by
i 7! Wi
where Wi D x i y i C1 z i C2 x i C1 . Code the message EAT AT JOES with this system.
9. In the AnshelAnshelGoldfeld protocol verify that both Bob and Alice will know
the commutator.
Bibliography
General Abstract Algebra

[1] M. Artin, Algebra, Prentice-Hall. 1991.
[2] C. Curtis and I. Reiner, Representation Theory of Finite Groups and Associative Algebras, Wiley Interscience, 1966.
[3] B. Fine and G. Rosenberger, The Fundamental Theorem of Algebra, Springer-Verlag,
2000.
[4] J. Fraleigh, A First Course in Abstract Algebra, 7th ed., Addison-Wesley, 2003.
[5] P. R. Halmos, Naive Set Theory, Springer-Verlag, 1998.
[6] I. Herstein, Topics in Algebra, Blaisdell, 1964.
[7] M. Kreuzer and S. Robiano, Computational Commutative Algebra I and II, SpringerVerlag, 1999.
[8] S. Lang, Algebra, Addison-Wesley, 1965.
[9] S. MacLane and G. Birkhoff, Algebra, Macmillan, 1967.
[10] N. McCoy, Introduction to Modern Algebra. Allyn and Bacon, 1960.
[11] N. McCoy, The Theory of Rings, Macmillan, 1964.
[12] G. Stroth, Algebra. Einfhrung in die Galoistheorie, De Gruyter, 1998.
Group Theory and Related Topics

[13] G. Baumslag, Topics in Combinatorial Group Theory, Birkhuser, 1993.
[14] O. Bogopolski, Introduction to Group Theory, European Mathematical Society, 2008.
[15] T. Camps, V. groe Rebel and G. Rosenberger, Einfhrung in die kombinatorische und
die geometrische Gruppentheorie, Heldermann Verlag, 2008.
[16] T. Camps, S. Knling and G. Rosenberger, Einfhrung in die mengenteoretische und die
algebraische Topologie, Heldermann Verlag, 2006.
[17] B. Fine and G. Rosenberger, Algebraic Generalizations of Discrete Groups, Marcel
Dekker, 2001.
[18] D. Gorenstein, Finite Simple Groups. An Introduction to their Classication, Plenum
Press, 1982.
[19] D. Johnson, Presentations of Groups, Cambridge University Press, 1990.
[20] S. Katok, Fuchsian Groups, Univ. of Chicago Press, 1992.
360
Bibliography
[21] G. Kern-Isberner and G. Rosenberger. Normalteiler vom Geschlecht eins in freien Produkten endlicher zyklischer Gruppen, Results in Math., 11, 1987, 272288.
[22] R. C. Lyndon, Groups and Geometry, LMS Lecture Note Series 101, Cambridge University Press, 1985.
[23] R. C. Lyndon and P. Schupp, Combinatorial Group Theory, Springer-Verlag 1977.
[24] W. Magnus, A. Karrass and D. Solitar Combinatorial Group Theory, Wiley, 1966.
[25] D. J. S. Robinson, A Course in the Theory of Groups, Springer-Verlag, 1982.
[26] J. Rotman, Group Theory, 3rd ed., Wm. C. Brown, 1988.
Number Theory
[27] L. Ahlfors, Introduction to Complex Analysis, Springer-Verlag, 1968.
[28] T. M. Apostol, Introduction to Analytic Number Theory, Springer-Verlag, 1976.
[29] A. Baker, Transcendental Number Theory, Cambridge University Press, 1975.
[30] H. Cohn, A Classical Invitation to Algebraic Numbers and Class Fields, Springer-Verlag,
1978.
[31] L. E. Dickson, History of the Theory of Numbers, Chelsea, 1950.
[32] B. Fine, A note on the two-square theorem, Can. Math. Bulletin, 20, 1977, 9394.
[33] B. Fine, Sums of squares rings, Can. J. Math., 29, 1977, 155160.
[34] B. Fine, The Algebraic Theory of the Bianchi Groups, Marcel Dekker, 1989.
[35] B. Fine and G. Rosenberger, Number Theory: An Introduction via the Distribution of
Primes, Birkhuser, 2006.
[36] G. H. Hardy and E. M. Wright, 5th ed., An Introduction to the Theory of Numbers.
Clarendon Press, 1979.
[37] E. Landau, Elementary Number Theory, Chelsea, 1958.
[38] M. Newman, Integral Matrics, Academic Press, 1972.
[39] I. Niven and H. S. Zuckerman, The Theory of Numbers, 4th ed., John Wiley, 1980.
[40] O. Ore, Number Theory and its History, McGraw-Hill, 1949.
[41] H. Pollard and H. Diamond The Theory of Algebraic Numbers, Carus Mathematical
Monographs, 9, Math. Assoc. of America, 1975.
Bibliography
361
Cryptography
[42] I. Anshel, M. Anshel and D. Goldfeld, An algebraic method for public key cryptography,
Math. Res. Lett., 6, 1999, 287291.
[43] G. Baumslag, Y. Brjukhov, B. Fine and G. Rosenberger, Some cryptoprimitives for noncommutative algebraic cryptography, Aspects of Innite Groups, World Scientic Press,
2644, 2009.
[44] G. Baumslag, Y. Brjukhov, B. Fine and D. Troeger, Challenge response password security using combinatorial group theory, Groups Complex. Cryptol., 2, 2010, 6781.
[45] G. Baumslag, T. Camps, B. Fine, G. Rosenberger and X. Xu, Designing key transport
protocols using combinatorial group theory, Cont. Math. 418, 2006, 3543.
[46] G. Baumslag, B. Fine and X. Xu, Cryptosystems using linear groups, Appl. Algebra Eng.
Commun. Comput. 17, 2006, 205217.
[47] G. Baumslag, B. Fine and X. Xu, A proposed public key cryptosystem using the modular
group, Cont. Math. 421, 2007, 3544.
[48] J. Birman, Braids, Links and Mapping Class Groups, Annals of Math Studies, Vol. 82,
Princeton University Press, 1975.
[49] A. V. Borovik, A. G. Myasnikov and V. Shpilrain, Measuring sets in innite groups,
Computational and Statistical Group Theory, Contemp. Math. 298, 2002, 2142.
[50] J. A. Buchmann, Introduction to Cryptography, Springer 2004.
[51] T. Camps, Surface Braid Groups as Platform Groups and Applications in Cryptography,
Ph.D. thesis, Universitt Dortmund 2009.
[52] R. E. Crandall and C. Pomerance, Prime Numbers. A Computational Perspective, 2nd
ed., Springer-Verlag, 2005.
[53] P. Dehornoy, Braid-based cryptography, Cont. Math., 360, 2004, 534.
[54] B. Eick and D. Kahrobaei, Polycyclic groups: A new platform for cryptology? math.GR/
0411077 (2004), 17.
[55] D. Grigoriev and I. Ponomarenko, Homomorphic public-key cryptosystems over groups
and rings, Quaderni di Matematica, 2005.
[56] P. Hoffman, Archimedes Revenge, W. W. Norton & Company, 1988.
[57] D. Kahrobaei and B. Khan, A non-commutative generalization of the El-Gamal key
exchange using polycyclic groups, Proceeding of IEEE, 2006, 15.
[58] I. Kapovich and A. Myasnikov, Stallings foldings and subgroups of free groups, J. Algebra 248, 2002, 608668.
[59] K. H. Ko, S. J. Lee, J. H. Cheon, J. H. Han, J. S. Kang and C. Park, New public-key
cryptosystems using Braid groups, Advances in Cryptography, Proceedings of Crypto
2000, Lecture Notes in Computer Science 1880, 2000, 166183.
[60] N. Koblitz, Algebraic Methods of Cryptography, Springer, 1998.
362
Bibliography
[61] W. Magnus, Rational representations of fuchsian groups and non-parabolic subgroups

of the modular group, Nachrichten der Akad. Gttingen, 1973, 179189.
[62] A. G. Myasnikov, V. Shpilrain and A. Ushakov, A practical attack on some braid group
based cryptographic protocols, CRYPTO 2005, Lecture Notes in Computer Science
3621, 2005, 8696.
[63] A. G. Myasnikov, V. Shpilrain and A. Ushakov, Group-Based Cryptography, Advanced
Courses in Mathematics, CRM Barcelona, 2007.
[64] G. Petrides, Cryptoanalysis of the public key cryptosystem based on the word problem
on the Grigorchuk groups, Cryptography and Coding, Lecture Notes in Computer Science 2898, 2003, 234244.
[65] V. Shpilrain and A. Ushakov, The conjugacy search problem in public key cryptography;
unnecessary and insufcient, Applicable Algebra in Engineering, Communication and
computing, 17, 2006 285289.
[66] V. Shpilrain and A. Zapata, Using the subgroup memberhsip problem in public key cryptography, Cont. Math., 418, 2006, 169179.
[67] R. Steinwandt, Loopholes in two public key cryptosystems using the modular groups,
preprint, University of Karlsruhe, 2000.
[68] R. Stinson, Cryptography; Theory and Practice, Chapman and Hall, 2002.
[69] X. Xu, Cryptography and Innite Group Theory, Ph.D. thesis, CUNY, 2006.
[70] A. Yamamura, Public key cryptosystems using the modular group, Public Key Cryptography, Lecture Notes in Computer Sciences 1431, 1998, 203216.
Index
A
abelian group, 3, 101
abelianization, 176
adjoining a root, 92
AES, 335
afne cipher, 331
afne coordinate ring, 319
algebraic closure, 74, 91, 95
algebraic extension, 69
algebraic geometry, 312
algebraic integer, 295
algebraic number eld, 297
algebraic numbers, 67, 75
algebraic variety, 312
algebraically closed, 91, 94
alternating group, 166
annihilator, 270
AnshelAnshelGoldfeld protocol, 350
associates, 35
automorphism, 11
axiom of choice, 26
axiom of well-ordering, 26
B
basis theorem for nite abelian
groups, 151, 285
Betti number, 287
block cipher, 335
braid group, 353
braid group cryptography, 353
C
Cardanos formulas, 256
Cayley graph, 211
Cayleys theorem, 127
cell complex, 209
centralizer, 182
characteristic, 15
ciphertext, 327
class equation, 183
combinatorial group theory, 192
commutative algebra, 312
commutative ring, 3
commutator, 175
composition series, 178
congruence motion, 123
conjugacy class, 181
conjugacy problem, 213
constructible number, 80
construction of a regular n-gon, 84
coset, 18, 128
cryptanalysis, 326, 327
cryptography, 326
public key, 327
symmetric key, 327
cryptology, 326
cryptosystem, 326
cyclic group, 121
cyclotomic eld, 252
D
decryption, 327
Dedekind domain, 51
Dehornoy handle form, 354
derived series, 176
DifeHellman protocol, 336
dihedral groups, 156
dimension of an algebraic set, 320
discrete log problem, 336
divisibility, 29
division algorithm, 30
doubling the cube, 83
Dycks theorem, 212
E
Eisensteins criterion, 62
El-Gamal protocol, 339
elliptic curve methods, 341
elliptic function, 320
encryption, 327
Euclids lemma, 21
Euclidean algorithm, 32
Euclidean domain, 45
Euclidean group, 123
364
Euclidean norm, 45
extension eld, 66
F
factor group, 19, 144
factor ring, 9
FeitThompson theorem, 189
eld, 4
extension, 66
eld extension, 66
algebraic, 69
by radicals, 248
degree, 67
nite, 67
nitely generated, 69
isomorphic, 67
separable, 233
simple, 69
transcendental, 69
eld of fractions, 14
nite elds, 236
nite integral domains, 6
x eld, 220
free group, 193
rank, 196
free group cryptosystems, 345
free modules, 273
free product, 214
free reduction, 194
Frobenius homomorphism, 16
Fuchsian group, 201
fundamental theorem
of algebra, 105, 261
fundamental theorem of arithmetic, 29
fundamental theorem of Galois
theory, 221
fundamental theorem of modules, 279
fundamental theorem of symmetric polynomials, 104
G
Galois extension, 233
nite, 220
Galois group, 218
Galois theory, 217
Garside normal form, 355
Gauss lemma, 58
Index
Gaussian integers, 47
Gaussian primes, 49
Gaussian rationals, 48
general linear group, 123
group, 17, 101, 119
abelian, 3, 17, 119
center, 181
conjugate elements, 181
coset, 128
cyclic, 134
direct product, 150
nite, 17, 101, 119
nitely generated, 199
nitely presented, 199
nitely related, 199
free abelian, 287
free product, 214
generating system, 199
generators, 127, 199
homomorphism, 121
internal direct product, 150
isomorphism, 121
order, 17, 101, 119
presentation, 127, 199
relations, 127
relator, 199
simple, 168
solvable, 172
transversal, 128
group action, 180
group based cryptography, 342
group isomorphism theorem, 19, 146
group presentation, 199
group table, 120
H
hash function, 334
Hilbert basis theorem, 315
Hilberts Nullstellensatz, 316
homomorphism
group, 17
automorphism, 17
epimorphism, 17
isomorphism, 17
monomorphism, 17
ring, 11
automorphism, 11
365
Index
endomorphism, 11
epimorphism, 11
isomorphism, 11
monomorphism, 11
I
ideal, 7
generators, 27
maximal, 24
prime, 22
product, 23
ideals in Z, 8
index of a subgroup, 18
insolvability of the quintic, 254
integral closure, 300
integral domain, 4
integral element, 298
integral ring extension, 299
integrally closed, 300
intermediate eld, 67
irreducible element, 35
isometry, 123
isomorphism problem, 213
J
JordanHlder theorem, 178
K
K-isomorphism, 91
kernel, 19
KoLee protocol, 350
Kroneckers theorem, 91
Krull dimension, 320
Krulls lemma, 323
Kurosh theorem, 215
L
Lagranges theorem, 18
local ring, 322
M
maximal ideal, 24
minimal polynomial, 70
modular group, 200
modular rings, 5
modular rings in Z, 11
module, 265
N
NielsenSchreier theorem, 197
noetherian, 314
noncommutative algebraic
cryptography, 343
norm, 36
normal extension, 116
normal forms, 197
normal series, 172
normal subgroup, 18, 142
normalizer, 183
O
one-way function, 336
P
p-group, 157
p-Sylow subgroup, 159
perfect eld, 233
permutation, 17, 101
permutation cipher, 327
permutation group, 126
plaintext, 327
platform group, 351
polynomial, 42, 53
coefcients, 43, 53
constant, 43
degree, 42, 53
irreducible, 44, 54, 55
leading coefcient, 43, 53
linear, 43, 54
prime, 44, 55
primitive, 57
quadratic, 43, 54
separable, 233
zero, 42
zero of, 55
Prfer ring, 51
prime element, 35
prime eld, 14
prime ideal, 22
prime ring, 15
primitive element theorem, 245
principal ideal, 8, 27
principal ideal domain, 27
public key cryptosystem, 336
purely transcendental, 305
366
Q
quotient group, 19, 144
quotient ring, 9
R
R-algebra, 298
R-module, 265
cyclic, 267
direct product, 271
factor module, 268
faithful, 271
free, 273
generators, 268
quotient module, 268
torsion element, 270
unitary, 266
radical, 314
nil, 314
rational integers, 49
rational primes, 49
ReidemeisterSchreier process, 207
ring, 2
commutative, 3
nite, 3
prime, 15
trivial, 3
with identity, 3
ring extension, 298
ring isomorphism theorem, 12
ring of polynomials, 54
RSA algorithm, 337
Index
subeld, 6
subgroup, 18, 101, 120
commutator, 175
conjugate, 141
cyclic, 121
derived, 175
index, 129
normal, 142
subring, 6
Sylow theorems, 160, 183
symmetric group, 17, 101, 161
symmetric polynomials, 104
symmetry, 124
T
transcendence basis, 303
transcendence degree, 305, 319
transcendental extension, 69
transcendental numbers, 67, 75
transitive action, 180
transposition, 164
trapdoor function, 336
trisecting an angle, 83
U
UFD, 38
unique factorization domain, 38
unit, 4, 35
unit group, 35
V
vector space, 66
separable eld extension, 233

separable hull, 241
separable polynomial, 233
simple extension, 69
simple group, 168
simplicial complex, 209
solvability by radicals, 248
solvable group, 172
solvable series, 172
special linear group, 123
splitting eld, 100, 113
squaring the circle, 83
stabilizer, 126, 181
stream cipher, 335
WagnerMagyarik system, 344

word, 194
cyclically reduced, 197
length, 194
reduced, 194
trivial, 194
word problem, 213
Z
zero divisor, 4
Zorns lemma, 26

Abstract Algebra-Applications To Galois Theory Algebraic Geometry & Cryptography-Carstensen Fine & Rosenberger

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Abstract Algebra-Applications To Galois Theory Algebraic Geometry & Cryptography-Carstensen Fine & Rosenberger

Transféré par

Droits d'auteur :

Formats disponibles

De Gruyter Graduate

Bibliographic information published by the Deutsche Nationalbibliothek

nish in a slightly different direction giving an introduction to algebraic and group

2 Maximal and Prime Ideals

3 Prime Elements and Unique Factorization Domains

4 Polynomials and Polynomial Rings

6 Field Extensions and Compass and Straightedge Constructions

8 Splitting Fields and Normal Extensions

9 Groups, Subgroups and Examples

Kroneckers Theorem and Algebraic Closures

10 Normal Subgroups, Factor Groups and Direct Products

11 Symmetric and Alternating Groups

14 Free Groups and Group Presentations

15 Finite Galois Extensions

16 Separable Field Extensions

17 Applications of Galois Theory

18 The Theory of Modules

19 Finitely Generated Abelian Groups

20 Integral and Transcendental Extensions

21 The Hilbert Basis Theorem and the Nullstellensatz

Groups, Rings and Fields

Chapter 1 Groups, Rings and Fields

Section 1.2 Rings

Chapter 1 Groups, Rings and Fields

Integral Domains and Fields

Section 1.3 Integral Domains and Fields

Lemma 1.3.5. If F is a eld then F is an integral domain.

Chapter 1 Groups, Rings and Fields

Therefore a has a multiplicative inverse in Zn and is hence a unit. Since a was an

Subrings and Ideals

A very important concept in algebra is that of a substructure that is a subset having

Section 1.4 Subrings and Ideals

Chapter 1 Groups, Rings and Fields

Lemma 1.4.6. Let R be a commutative ring and a 2 R. Then the set

ur D ar1 r D a.r1 r/ 2 aR:

Recall that a 2 hai if R has an identity.

Section 1.5 Factor Rings and Ring Homomorphisms

Factor Rings and Ring Homomorphisms

Chapter 1 Groups, Rings and Fields

.r1 C I / C .r2 C I / D .r10 C I / C .r20 C I /

Now if r1 C I D r10 C I then r1 2 r10 C I and so r1 D r10 C i1 for some i1 2 I .

Section 1.5 Factor Rings and Ring Homomorphisms

Chapter 1 Groups, Rings and Fields

Denition 1.5.6. Let R and S be rings and let f W R ! S be a ring homomorphism.

f .i r/ D f .i/ f .r/ D 0 f .r/ D 0

and hence I is an ideal.

Section 1.6 Fields of Fractions

Chapter 1 Groups, Rings and Fields

Theorem 1.6.2. Let D be an integral domain. Then there is a eld F containing D,

Characteristic and Prime Rings

Section 1.7 Characteristic and Prime Rings

Denition 1.7.1. A eld F is a prime eld if F contains no nontrivial subelds.

Chapter 1 Groups, Rings and Fields

by the binomial expansion which holds in any commutative ring. However

Section 1.8 Groups

As with rings we have further

Chapter 1 Groups, Rings and Fields

Lemma 1.8.4. Let G1 and G2 be groups and let f W G1 ! G2 be a homomorphism.

Section 1.9 Exercises

1. Let W K ! R be a homomorphism from a eld K to a ring R. Show: Either

Chapter 1 Groups, Rings and Fields

3. Let be a set of prime numbers. Dene

2 R with coprime integers a; b. Show that

m 2 M such that k m for all k 2 K. The element m is called an upper bound