Math 806

Notes on Galois Theory

Mark Reeder ∗

April 12, 2012

Contents

1 Basic ring theory 3

1.1 Some applications of Zorn’s lemma . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

1.2 Polynomial Rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

1.3 Polynomials over Q . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2 Finite fields 11

3 Extensions of rings and fields 14

3.1 Symmetric polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

3.2 Integral ring extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

3.3 Prime ideals in Z[x]: elementary classification . . . . . . . . . . . . . . . . . . . . . . 19

3.4 The spectrum of a commutative ring . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

3.4.1 Spec(Z[x]) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3.5 Algebraic field extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

3.5.1 The ring of algebraic integers and the field of algebraic numbers . . . . . . . . 24

3.6 Field extensions of finite degree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

∗
Thanks to Beth Romano for careful reading and corrections

1
 3.6.1 Some abelian numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

3.6.2 Constructible numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

3.7 Splitting fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

3.8 Automorphisms and Galois Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . 33

3.8.1 Field automorphisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

3.8.2 Automorphisms of finite extensions . . . . . . . . . . . . . . . . . . . . . . . 33

3.8.3 Galois extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34

3.8.4 The Galois correspondence . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36

3.9 The Galois group of a polynomial . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

3.9.1 Imprimitive group actions and Galois groups . . . . . . . . . . . . . . . . . . 39

3.9.2 The Primitive Element Theorem . . . . . . . . . . . . . . . . . . . . . . . . . 40

3.9.3 Galois’ view of Galois groups . . . . . . . . . . . . . . . . . . . . . . . . . . 41

4 Computing Galois groups of polynomials 43

4.1 Transitive subgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43

4.2 Invariant Theory and Resolvents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45

4.2.1 The discriminant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

4.2.2 Cubic Polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

4.2.3 Quartic Polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49

4.2.4 Constructible numbers revisited . . . . . . . . . . . . . . . . . . . . . . . . . 54

5 Galois groups and prime ideals 54

5.1 The ring of integers in a number field . . . . . . . . . . . . . . . . . . . . . . . . . . 54

5.2 Decomposition and inertia groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

5.3 Frobenius classes in the Galois group of a polynomial . . . . . . . . . . . . . . . . . . 59

6 Cyclotomic extensions and abelian numbers 61

6.1 Gauss and Cyclotomy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62

2
 6.2 The Kronecker-Weber theorem and abelian numbers . . . . . . . . . . . . . . . . . . 66

1 Basic ring theory

A ring is a set R together with two functions +, · : G × G → G, satisfying the following three axioms:

R1 (R, +) is an abelian group with zero element 0R .

R2 (R, ·) is associative with unit element 1R satisfying r · 1R = 1R · r = r for all r ∈ R.

G3 The distributive law holds: (a + b) · c = (a · c) + (b · c) and a · (b + c) = (a · b) + (a · c) for all

a, b, c ∈ R.

We usually write ab = a · b, 0 = 0R and 1 = 1R . There is no assumption that 1R 6= 0R . But if 1R = 0R

then R = {0R }.

A unit in R is an element u ∈ R having a multiplicative inverse: u · u−1 = u−1 · u = 1R . The set R×

of units in R forms a group under ·.

A subring is a subset S ⊂ R containing 0R , 1R and closed under both operations +, ·, such that (S, +)
is a subgroup of (R, +).

A ring homomorphism f : R → R0 is a function from one ring R to another ring R0 such that
f (a + b) = f (a) + f (b) and f (ab) = f (a)f (b) for all a, b ∈ R and f (1R ) = 1R0 . The image f (R) is a
subring of R0 . Every ring R admits the canonical homomorphism

 : Z −→ R,

such that (n) = n1R , which is the sum of 1R with itself n-times.

If R, S are two rings then the direct product R×S has a ring structure with operations (r, s)+(r0 , s0 ) =
(r + r0 , s + s0 ) and (r, s) · (r0 , s0 ) = (r · r0 , s · s0 ). The zero element is 0R×S = (0R , 0S ) and the unit
element is 1R×S = (1R , 1S ). The projection maps from R × S to R and S are ring homomorphisms.

A ring R is commutative if ab = ba for all a, b ∈ R. All of our rings will be commutative unless
otherwise noted.

A commutative ring R is an integral domain if the cancellation law holds: If ab = ac then b = c for
all a, b, c, ∈ R.

An ideal in the commutative ring R is a subset I ⊂ R that is closed under addition from within and
multiplication from outside, that is, a + b ∈ I for all a, b ∈ I, and ra ∈ I for all r ∈ R and a ∈ I. The
sets {0} and R are ideals. The latter is sometimes called the unit ideal because an ideal I = R precisely
when I contains a unit of R. The kernel ker f = {r ∈ R : f (r) = 0R0 } of a ring homomorphism
f : R → R0 is an ideal.

3
If I, J are two ideals in R then the intersection
P I ∩ J, the sum I + J = {a + b : a ∈ I, b ∈ J} and
product IJ consisting of all finite sums i ai bi with ai ∈ I and bi ∈ J are ideals in R such that

IJ ⊂ I ∩ J ⊂ I + J.

The ideal I + J is the smallest ideal containing both I and J and is called the ideal generated by I
and J. If I + J = R then IJ = I ∩ J.

An ideal I is principal if I = Ra = {ra : r ∈ R} for some a ∈ I. We often write (a) = Ra. More
generally, the ideal generated by elements a1 , . . . , an of R is the ideal
n
X
(a1 , . . . , an ) = Ra1 + · · · + Ran = { ri ai : ri ∈ R ∀i}.
i=1

If R is an integral domain and a, b are two nonzero elements of R then (a) = (b) if and only if b = ua
for some unit u ∈ R× . If R = Z, then every ideal is principal; we have I = (n) where ±n are the
elements of I with smallest positive absolute value.

For any ideal I ⊂ R we can form the quotient ring

R/I = {r + I : r ∈ R}

whose elements are cosets r + I; we have r + I = r0 + I exactly when r − r0 ∈ I. The ring operations
on R/I are given by (r + I) + (r0 + I) = (r + r0 ) + I and (r + I)(r0 + I) = rr0 + I. The zero element is
0R/I = 0 + I, and the unit element is 1R/I = 1 + I. The operations are well-defined precisely because
I is an ideal. Any ring homomorphism f : R → R0 with I ⊂ ker f induces a quotient homomorphism
∼
f¯ : R/I → R such that f¯(r)+I = f (r). If I = ker f then f¯ induces an isomorphism f¯ : R/I → f (R).
The ideals in R/I are of the form J/I = {j + I : j ∈ J} where J is an ideal of R containing I.

A field is a commutative ring F such that F × := F −{0} is a group under the operation ·. In particular,
F × is nonempty, so 1F 6= 0F . A subfield F 0 ⊂ F is a subring which is also a field.

Lemma 1.1 A commutative ring R 6= {0} is a field if and only if R has no ideals other than {0} and
R.

Proof: If R is a field then every nonzero ideal I ⊂ R contains a unit, hence I = R. Conversely,
assume {0} and R are the only ideals in R. Let a ∈ R be any nonzero element. Then the principal
ideal (a) is nonzero, so must be R. Hence 1 ∈ (a). This means there is b ∈ R such that 1 = ba. Hence
a is a unit. 

A field homomorphism is a ring homomorphism f : F → F 0 between two fields F, F 0 . Since

f (1F ) = 1F 0 6= 0F 0 we cannot have ker f = F . From Lemma 1.1 we have

Corollary 1.2 Every field homomorphism is injective.

4
There are two kinds of fields. Let F be a field and consider the canonical homomorphism  : Z → F ,
sending n 7→ n · 1R , is an ideal in Z. If ker  = {0} then  extends to a field homomorphism  : Q −→
F , sending r/s (in lowest terms) to (r · 1F )(s · 1F )−1 ∈ F . Thus we have a canonical embedding
Q ,→ F . In this case we say F has characteristic zero. If ker  6= 0 then ker  = nZ for some integer
n > 0. If n = km for positive integers k, m < n, then im() = Z/nZ is a subring of F hence is an
integral domain, so n = p is prime. Thus, we have a canonical embedding Z/pZ ,→ F . In this case,
we say F has characteristic p. In such a field we have p · 1F = 0F .

Let A be a commutative ring. An A-algebra is a ring R together with a homomorphism  : A → R

whose image is contained in the center of R. If A = F is a field, then we may regard R as an F -vector
space via a · r = (a)r for a ∈ F and r ∈ R. In this case we say that R is a finite-dimensional
F -algebra if dimF R < ∞.

Proposition 1.3 1. A finite integral domain is a field.

2. If E is a field and F is a finite subring of E then F is a field.

3. If F is a field and R is a finite dimensional F -algebra which is also an integral domain, then R
is a field.

Proof: Suppose F is a finite integral domain. Then for any nonzero a ∈ F , the map La : F → F
given by La (b) = ab is injective, by the definition of integral domain. Since F is finite, La is also
surjective, so there is b ∈ F such that La (b) = 1. This proves item 1, of which item 2 is a special case,
since a subring of a field is an integral domain. Finally if R is a finite dimensional F -algebra we again
take any nonzero element r ∈ R and consider the map Lr : R → R given by Lr (s) = rs. Since the
map  : F → R giving the F -algebra structure on R maps F into the center of R, it follows that the
map Lr is F -linear. Again Lr is injective, hence surjective since dimF R < ∞, so r is a unit in R 

An ideal P in a commutative ring R is prime if R/P is an integral domain. Equivalently, R − P is

closed under multiplication. That is, if a, b ∈ R and ab ∈ P then a ∈ P or b ∈ P .

An ideal M in a commutative ring R is maximal if R/M is a field. Equivalently, if I is any ideal such
that M ⊂ I ⊂ R then either I = R or I = M .

A maximal ideal is prime, but not conversely in general, see below.

An integral domain R is a principal ideal domain (PID) if every ideal in R is principal. If R is a PID
then every prime ideal is maximal.

1.1 Some applications of Zorn’s lemma

An ordering on a set X is a relation x ≤ y between some pairs of elements x, y ∈ X such that

• x ≤ x,

5
 • x ≤ y and y ≤ z ⇒ x ≤ z,

• x ≤ y and y ≤ x ⇒ x = y.

A subset T ⊂ X is totally ordered if for all x, y ∈ T we have either x ≤ y or y ≤ x. An upper

bound of a subset S ⊂ X is an element b ∈ X such that x ≤ b for all x ∈ S.

Zorn’s Lemma asserts that if every non-empty totally ordered subset of X has an upper bound then
there exists m ∈ X such that if x ∈ X and x ≥ m then x = m. Such an element m, which need not be
unique, is called a maximal element of X. Zorn’s lemma is equivalent to the axiom of choice, hence
has no naive proof.

Applications of Zorn’s lemma include:

1. Every vector space has a basis.

2. The arbitrary product of compact sets is compact (Thychonoff’s theorem).

3. Every field has an algebraic closure.

4. Every ideal in a commutative ring is contained in a maximal ideal.

5. The intersection of all prime ideals in a commutative ring R is the set of nilpotent elements in R.

We use Zorn’s lemma to prove the last two items here.

Item 3: Let R be a commutative ring and let I be an ideal of R. We apply Zorn to the set X of Sideals
of R containing I, ordered by inclusion. If T is a totally ordered subset of X, then b(T ) := J∈T J
is again an ideal in X Indeed, the only non-obvious point is closure under addition, but if x ∈ J and
x0 ∈ J 0 with both J, J 0 ∈ T , then x + x0 is in the greater of J, J 0 hence is in T . Therefore T has the
upper bound b(T ). Let M be a maximal element of X. Then I ⊂ M and if J is any ideal containing
M then J ∈ X so J = M , so M is a maximal ideal of R containing I.

Item 4: An element a ∈ R is nilpotent if an = 0 for some integer n ≥ 1. By induction on n, one

sees that a nilpotent element is contained in every prime ideal. Suppose now that a ∈ R is contained in
every prime ideal of R but an 6= 0 for every integer n ≥ 1. Let S = {1, a, a2 , . . . } and let X beSthe set
of ideals I ⊂ R such that I ∩S = ∅. If T is a totally ordered subset of X then as above b(T ) = J∈T J
is an ideal in R and M (T ) ∩ S = ∅. By Zorn, there exists a maximal element M ∈ X. We show
that M is prime. Suppose not. Then there exist x, y ∈ R and xy ∈ M , but x ∈ / M and y ∈ / M . By
maximality of M , the ideals (x, M ) and (y, M ) meet S. Hence there are u, v ∈ M and a, b, c, d ∈ R
such that ax + bu ∈ S and cy + dv ∈ S. The product

(ax + bu)(cy + dv) = acxy + bcuy + adxv + bduv

is again in S since S is closed under multiplication, but is is also in M since xy, u, v, uv ∈ M . This
contradicts M being in X. Therefore M is prime, so a ∈ M , another contradiction. Hence an = 0 for
some integer n so a is nilpotent.

6
1.2 Polynomial Rings

A polynomial over a commutative ring R is a finite formal sum f = c0 + c1 x + · · · + cn xn , where all

coefficients ci ∈ R and n ≥ 0 is and integer. The polynomials over R form a ring R[x] under the usual
addition and multiplication of polynomials. The degree deg(f ) of a nonzero polynomial f ∈ R[x] is
the largest n such that cn 6= 0. We say f is monic if cn = 1, where n = deg(f ). We identify R with
the polynomials in R[x] of degree zero. The units in R[x] are the units in R.

If R is an integral domain then for any two polynomials f, g ∈ R[x] we have

deg(f g) = deg(f ) + deg(g).

It follows that R[x] is also an integral domain. However, if R is a PID then R[x] need not be a PID. For
example, if R = Z and p is a prime, then Z[x] has the ideal (p, x) which is not principal, as well as the
prime ideal (p) which is not maximal.

A polynomial f ∈ R[x] is reducible f = gh for some polynomials g, h ∈ R[x] having deg(g), deg(h)
both strictly less than deg(f ). We call such a factorization f = gh a nontrivial factorization. A
polynomial f ∈ R[x] is irreducible if f has no nontrivial factorization in F [x].

Let F be a field. Then the polynomial ring F [x] is a PID; if I ⊂ F [x] is a nonzero ideal then I = (f )
where f is a polynomial in I of minimal degree. For example if I = (f, g) is generated by two
polynomials f, g ∈ F [x] then (f, g) = (h), where h = gcd(f, g) is the greatest common divisor of
f, g. Note that gcd(f, g) is only defined up to a nonzero constant factor. One can compute gcd(f, g)
using the Euclidean Algorithm for polynomials.

Let f ∈ F [x] be a nonzero polynomial with deg(f ) = n > 0. Let α = x + (f ) ∈ F [x]. Using the
division algorithm one can write every element β ∈ F [x]/(f ) uniquely in the form

β = c0 + c1 α + · · · + cn−1 αn−1 (1)

with all ci ∈ F . In other words, the set {1, α, . . . , αn−1 } is a basis of the F -vector space F [x]/(f ), and

dimF F [x]/(f ) = n = deg(f ).

The product of two elements in the form (1) can be reduced to another of the same form using the rule
f (α) = 0.

Since F [x] is a PID, the following are equivalent for a polynomial f ∈ F [x]:

1. the ideal (f ) is maximal (that is, F [x]/(f ) is a field);

2. the ideal (f ) is prime (that is, F [x]/(f ) is an integral domain);

3. if f = gh for g, h ∈ F [x] then one of g or h is constant.

4. f is irreducible in F [x].

7
It is important to specify F here since if E ⊃ F is a larger field then f could be irreducible in F [x] but
reducible in E[x].

A general polynomial f ∈ F [x] has a unique factorization in the form

f = cf1 f2 · · · fk ,

where c ∈ F and each fi is monic and irreducible in F [x]. We say that f splits in F [x] if each fi has
deg(fi ) = 1. In this factorization it is possible to have fi = fj for i 6= j. However, let f 0 be the formal
derivative of f . If gcd(f, f 0 ) = 1 then all of the fi are distinct.

Proposition 1.4 Let F be a field and let f ∈ F [x] have degree deg(f ) > 0. Then there exists a field
E ⊃ F and an element α ∈ E such that f (α) = 0. And there exists a field K ⊃ E such that f splits
in K[x].

Proof: Let f1 be an irreducible factor of f in F [x] and let E = F [x]/(f1 ). Then E is a field containing
the element α = x + (f1 ) and we have f (α) = f + (f1 ) = 0 + (f1 ) since f ∈ (f1 ). We view F as a
subfield of E via the embedding F ,→ E sending c 7→ +(f1 ) ∈ E, for any c ∈ F . This proves the first
assertion.

In E[x] we have f = (x − α)g, for some g ∈ E[x]. If deg g = 0, then f splits in E[x]. If deg(g) > 0
we repeat the above process with f replaced by g, to construct a field L ⊃ E and an element β ∈ L
such that g(β) = 0. Then g = (x − β)h and f = (x − α)(x − β)h in L[x]. Continuing, we construct a
tower of at most deg(f ) fields F ⊂ E ⊂ L ⊂ · · · ⊂ K such that f splits in K[x]. 

The ring F [x]/(f ) may also be described as follows.

Proposition 1.5 Let F be a field and let f ∈ F [x] be a nonzero polynomial with factorization f =
cf1m1 · · · f`m` , where c ∈ F × , each fj ∈ F [x] is monic irreducible, fj 6= fk if j 6= k and the mj are
positive integers. Then the ring F [x]/(f ) is isomorphic to a direct product of rings
`
m
Y
F [x]/(f ) ' F [x]/(fj j ),
j=1

via the isomorphism sending g + (f ) ∈ F [x]/(f ) to (g + (f1m1 ), g + (f2m2 ), . . . , g + (f`m` )).

Proof: This is an application of the Chinese Remainder Theorem, which asserts that if R is a commu-
tative ring and I1 , . . . , I` are ideals in R with intersection ∩j Ij = I such that Ij + Ik = R for all pairs
of indices j 6= k then we have a ring isomorphism
∼
Y
R/I −→ R/Ij , (2)
j

sending r + I 7→ (r + I1 , . . . , r + Ip ). See [Lang] for a proof of (2). To apply this result to R = F [x],
m
we first have to check that the ideals Ij = (fj j ) satisfy Ij + Ik = F [x] for i 6= j. Since fj , fk

8
are distinct monic irreducible polynomials, the ideals (fj ) and (fk ) are distinct maximal ideals of F [x]
hence (fj , fk ) = F [x]. Let Ij +Ik = (h). If deg(h) > 0 there exists a field E ⊃ F and α ∈ E such that
m
h(α) = 0. Since fj j , fkmk ∈ (h), this implies that fj (α) = fk (α) = 0, contradicting (fi , fk ) = F [x].
Hence deg(h) = 0, so Ij + Ik = F [x] as required.

Finally, since Ij + Ik = F [x] we have Ij Ik = Ij ∩ Ik , so that

`
Y `
\
(f ) = (f1m1 · · · f`m` ) = Ij = Ij ,
j=1 j=1

and Prop. 1.5 indeed follows from (2). 

1.3 Polynomials over Q

Here are four useful results on the irreducibility of polynomials in Q[x]. By clearing denominators, it
suffices to consider only polynomials in Z[x], that is, polynomials with integral coefficients.

Proposition 1.6 (rational root test) Suppose f = c0 + c1 x + · · · + cn xn ∈ Z[x] has a rational root
r = a/b with a, b relatively prime integers. Then a | c0 and b | cn . In particular if f ∈ Z[x] is monic
then all rational roots of f are integers dividing f (0).

Proof: Clearing denominators in the equation f (r) = 0, we have

c0 bn + c1 bn−1 a + · · · + cn−1 ban−1 + cn an = 0,

so a | c0 bn and b | cn an . Since gcd(a, b) = 1 we must have a | c0 and b | cn . 

The next three results will use reduction modulo a prime. Let p be a prime in Z, Pthen Fp = Z/pZ
is a field. Let c →
7 c̄ denote the canonical projection Z → F p . For each f = ci xi ∈ Z[x], let
¯
f =
P i ¯
c̄i x ∈ Fp [x]. The mapping f 7→ f is a surjective ring homomorphism Z[x] → Fp [x], whose
kernel is the ideal pZ[x] consisting of the integral polynomials all of whose coefficients are divisible
by p.

Proposition 1.7 (Gauss’ lemma) If f ∈ Z[x] has a nontrivial factorization in Q[x] then f has a
nontrivial factorization in Z[x].

Proof: Suppose f = gh ∈ Q[x] with deg(g), deg(h) both strictly less than deg(f ). There exist
positive integers m, n such that g1 := mg and h1 := nh belong to Z[x] and have the same degrees
as g, h, repectively. We have N1 f = g1 h1 , where N1 = mn. If N1 = 1 then f has a nontrivial
factorization in Z[x] as claimed. If N1 > 1 there exists a prime p | N1 . Let f¯, ḡ1 , h̄1 ∈ Fp [x] be the
polynomials obtained from g1 , h1 by reduction modulo p. We have

ḡ1 h̄1 = g1 h1 = N1 f = N̄1 f¯ = 0,

9
since p | N1 . Since Fp [x] is an integral domain, one of ḡ1 or h̄1 must be zero. Say ḡ1 = 0. This means
p divides every coefficient of g1 , so that g2 := p−1 g1 ∈ Z[x]. Let N2 = N1 /p, and set h2 = h1 . We
now have N2 f = g2 h2 , where g2 , h2 ∈ Z[x] have the same degrees as g, h. Repeating this we get
N2 > N3 > . . . until eventually Nk = 1 for some k, and f = gk hk is a nontrivial factorization of f in
Z[x]. 

Proposition 1.8 Let f = c0 + c1 x + · · · + cn xn ∈ Z[x] have degree n and let p be a prime not dividing
cn . Suppose f¯ is irreducible in Fp [x]. Then f is irreducible in Q[x].

Proof: If f is reducible in Q[x] then f has a nontrivial factorization f = gh in Z[x], by Gauss’ Lemma.
Since p does not divide the leading coefficient of f , it cannot divide either leading coefficient of g or
h. Now f¯ = ḡ h̄ in Fp [x], and deg(ḡ) = deg(g), deg(h̄) = deg(h), so this is a nontrivial factorization
of f¯, contradicting the hypothesis. 

Proposition 1.9 (Eisenstein’s criterion) Let f = c0 + c1 x + · · · + cn xn ∈ Z[x]. Suppose there exists

a prime p such that p2 - c0 , p | c0 , . . . , cn−1 , p - cn . Then f is irreducible in Q[x].

Proof: If f is reducible in Q[x] then there exists a nontrivial factorization f = gh in Z[x]. By the last
two assumptions, we have ḡ h̄ = c̄n xn 6= 0 in Fp [x]. By unique factorization Fp [x] there are integers
a, b and 0 < k < n such that ḡ = āxk , h̄ = b̄xn−k . It follows that p divides both g(0) and h(0). Hence
p2 divides g(0)h(0) = f (0) = c0 , contradicting the first assumption. 

Example: We illustrate some of the above ideas with the the cyclotomic polynomial
xp − 1
Φp (x) = 1 + x + x2 + · · · + xp−1 = , (3)
x−1
where p is a prime number. Since
p−1  
(x + 1)p − 1 X p p−1
Φp (x + 1) = = x
x k=1
k

and p | kp for 0 < k < p, it follows from Eisenstein’s criterion that Φp (x) is irreducible in Q[x]. The

roots of Φp in C are ζ, ζ 2 , . . . , ζ p−1 , where ζ = e2πi/p . Evaluating polynomials in Q[x] at x = ζ gives a

homomorphism Q[x] → C with image Q(ζ) = {c0 + c1 ζ + · · · + cp−1 ζ p−1 : ci ∈ Q} and this induces
an isomorphism
ζ
Q[x]/(Φp ) −→ Q(ζ).
Since xp − 1 = (x − 1)Φp (x), we also have, from Prop. ??,

Q[x]/(xp − 1) ' Q[x]/(x − 1) × Q[x]/(Φp ) ' Q × Q(ζ),

where Q[x]/(x − 1) ' Q via evaluation at x = 1.

10
2 Finite fields

Let f ∈ Z[x] be a polynomial with integer coefficients. We have seen that it is useful to consider the
polynomial f¯ ∈ Fp [x] obtained by reduction modulo p. Galois observed that such polynomials may
not have roots in Fp , just as polynomials in Q[x] may not have roots in Q, but may instead have roots
in some larger field. This led him to develop the theory of finite fields. Placing himself in the essential
case where f is irreducible, the eighteen year old Galois writes

Dans ce cas, la congruence n’admettra donc aucune racine entieère, ne même aucune racine
incommensurable de degré inférieur. Il faut donc regarder les racines de cette congruence
comme des espèces de symboles imaginaires, puisqu’elles ne satisfont pas aux questions
des nombres entiérs, √
symboles dont l’emploi, dans le calcul, sera souvent aussi utile que
celui de l’imaginaire −1 dans l’analyse ordinaire.
C’est la classification de ces imaginaires, et leur réduction au plus petit nombre possible,
qui va nous occuper. 1

Galois goes on to develop almost the entire theory of finite fields in six pages. Because he is start-
ing with an irreducible f (x) ∈ Z[x], Galois seems not to be concerned with the existence of such
polynomials. That is where we begin, before merging with Galois’ path.

Proposition 2.1 Let F be a field of finite cardinality |F |. Then there exists a prime p, an integer n,
and an irreducible polynomial f ∈ Fp [x] of degree n such that |F | = pn and

F ' Fp [x]/(f ).

Proof: Since F is finite, the canonical homomorphism  : Z → F must have nonzero kernel of the
form pZ for some prime p. Hence  induces a canonical embedding Fp ,→ F . We may thus regard F
as a vector space over Fp . The dimension dimFp F must be finite since F is finite, so |F | = pn , where
n = dimFp F .

Recall that the multiplicative group F × is cyclic. Choose a generator γ ∈ F of F × . Evaluating

polynomials at x = γ gives a homomorphism ϕγ : Fp [x] → F which is surjective since ϕγ (x) = γ.
The kernel of ϕγ is a maximal ideal of Fp [x], which must be of the form (f ), for some irreducible
polynomial f ∈ Fp [x], so ϕγ induces an isomorphism Fp [x]/(f ) ' F . 

Our next aim is to prove that for any prime power pn there exists a field F with |F | = pn . We find F by
reverse engineering, by examining the properties of such a hypothetical field. Since F × is a group of
n
order |F × | = pn − 1, every nonzero element β ∈ F satisfies β p −1 = 1. Hence every β ∈ F (including
n
β = 0) satisfies β p = β. In other words, F must be a field consisting of the roots of the polynomial
1
In this case, the congruence [f (x) ≡ 0 mod p] will admit no integer root, nor even a non-integral root of lower
degree. One must therefore regard the roots of this congruence as kinds of imaginary symbols, because they do not satisfy√
questions of ordinary integers, symbols whose use, in calculation, will often be just as useful as that of the imaginary −1
in ordinary analysis.
It is the classification of these imaginaries, and their reduction to the smallest possible number, which will concern us.

11
 n
f = xp − x. And these roots are distinct, since f 0 = −1 has no roots, much less any root in common
with f . Such fields are almost constructed by Prop. 1.4, except the field E in that result could have
n
more elements than just the roots of xp − x. A small adjustment will fix this problem, and allow us to
prove:

Proposition 2.2 For all primes p and integers n ≥ 1 there exists a field of cardinality pn .

n
Proof: Let f = xp − x and let E be a field containing Fp in which f splits. Let φ : E → E be the
Frobenius endomorphism, given by φ(β) = β p . Then the n-fold composition φn is the endomorphism
n n n
of E given by φn (β) = β p . Its fixed points F := E φ = {β ∈ E : β p = β} are a finite subring of E
and are hence a subfield of E, consisting precisely of the pn distinct roots of f . 

The larger field E used in the construction of Prop. 2.2 is not unique; but the field F is unique up to
n
isomorphism, as we will soon show. First we need the factorization of xp − x in Fp [x].

Let Irr(p, d) be the set of irreducible monic polynomials in Fp [x] of degree d.

Proposition 2.3 In Fp [x] we have the factorization

n
Y
xp − x = f.
d|n
f ∈Irr(p,d)

Proof: For any f ∈ Irr(p, n) the field F = Fp [x]/(f ) has cardinality |F | = pn and contains the root
α = x + (f ) of f . Since f is irreducible, we have (f ) = {g ∈ Fp [x] : g(α) = 0}. As before, the
n
polynomial xp − x splits in F [x]:
n
Y
xp − x = (x − β).
β∈F

n n n
Since α ∈ F we have αp − α = 0, so xp − x ∈ (f ), which means that f | xp − x. This shows that
n
every polynomial in Irr(p, n) divides xp − x.

Suppose a, b are positive integers with a | b; write b = ac. In Z[x] have

xb − 1 = (xa )c − 1 = (xa − 1)(xa(c−1) + xa(c−2) + · · · + x2a + xa + 1),

so xa − 1 | xb − 1. This is also true in Z if x is replaced by any integer. If d | n we therefore have

d n
pd − 1 | pn − 1. But now taking a = pd − 1 and b = pn − 1 we get xp −1 − 1 | xp −1 − 1. Multiplying
by x we have
d n
xp − x | xp − x.
d
We have already shown that every f ∈ Irr(n, d) divides xp −x. Hence every f ∈ Irr(n, d) also divides
n
xp − x.
n
It remains to show there are no other divisors of xp − x. Suppose g ∈ Irr(p, e) for some e and
n n
g | xp − x. Let F be any field of cardinality |F | = pn . We know that xp − x splits in F , so g has a

12
 β
root β ∈ F . Evaluation at β gives a ring homomorphism Fp [x] −→ F with kernel (g). This induces an
embedding of the field L = Fp [x]/(g) into F . Hence we may regard F as a vector space over L. Let
r = dimL F be the dimension of F . Since deg g = e we have |L| = pe , so that

pn = |F | = |L|r = (pe )r ,

and n = er so e | n. This completes the proof of Prop. 2.3. 

Now we can prove uniqueness of finite fields.

Proposition 2.4 Any two finite fields of the same cardinality are isomorphic as fields.

Let F and F 0 be two finite fields with |F | = |F 0 |. As before there exist f, g ∈ Irr(p, n) such that

F ' Fp [x]/(f ) and F 0 ' Fp [x]/(g).

In F [x] we factor
n
Y
xp − x = (x − β).
β∈F
n
By Prop. 2.3 we have g | xp − x. Hence g has a root β ∈ F , and evaluation at β gives an embedding
F 0 ' Fp [x]/(g) ,→ F . Since |F | = |F 0 | this embedding is an isomorphism. 

For every prime power pn we write Fpn for a field of cardinality Fpn = pn . Beware that Fpn is only
defined up to isomorphism but has many incarnations. For example, suppose n is prime. Then Prop.
2.3 shows that n
xp − x Y
= f.
xp − x
f ∈Irr(p,n)

Comparing degrees on both sides, we find that the number of irreducible polynomials in Fp [x] of prime
degree n is
pn − p
|Irr(p, n)| = .
n
Galois considered the case p = 7, n = 3, where there are | Irr(7, 3)| = 122 different polynomials
f ∈ F7 [x] such that F7 [x]/(f ) ' F73 . One of them is x3 − 2. Galois denotes a root of this by i, so we
have the incarnation

F = F7 [x]/(x3 − 2) = {a + bi + ci2 : a, b, c ∈ F7 },

with multiplication rule i3 = 2. In this field i has order 9; its powers 1, i, i2 give a basis of F , but Galois
asks for a generator of the multiplicative group F × . Factoring 73 − 1 = 2 · 9 · 19, he notes that

F × ' C2 × C9 × C19 ,

and it suffices to find generators of each factor. The first two factors are generated by −1 and i. The
remaining factor is generated by an element of order 19. Optimistically writing this element as a + bi,
Galois computes (using the rule i3 = 2) that i − 1 has order 19. Hence the element

α := −1 · i · (i − 1) = i − i2

13
generates F × and has equation α3 − α + 2 = 0. Hence the field

E = Fp [x]/(x3 − x + 2)

is a different incarnation of F73 for which the element α = x + (x3 − x + 2) generates E × .

Finally, the subfields of finite fields are easily described.

Proposition 2.5 The subfields of Fpn are in bijection with the divisors of n. Namely, the divisor d | n
d
corresponds to the subfield {β ∈ Fpn : β p = β} ' Fpd .

d
Proof: Assuming d | n, the proof of Prop. 2.2 shows that {β ∈ Fpn : β p = β} is the unique subfield
of Fpn isomorphic to Fpd . Conversely, if F is a subfield of Fpn , let β be a generator of F × . Being an
n
element of Fpn , β is a root of xp − x. By Prop. 2.3, there exists an irreducible polynomial f ∈ Fp [x]
of degree d | n such that f (β) = 0. This gives an embedding Fpd ' Fp [x]/(f ) ,→ Fpn . 

The Frobenius automorphism φ ∈ Aut(Fpn ) given by φ(β) = β p has order n. Thus the cyclic group
Cn acts on Fpn by field automorphisms. The divisors d | n parametrize the subgroups hφd i ' Cn/d of
Cn . And the subfield of Fpn of elements fixed by hφd i is the unique subfield having pd elements. Thus,
Prop. 2.5 can be rephrased as follows.

Proposition 2.6 There is a bijection between the subgroups of Cn and the subfields of Fpn , whereby
the subgroup D ≤ Cn corresponds to the subfield consisting of elements in Fpn fixed by D.

Note that the bijection in Prop. 2.6 is inclusion-reversing, so that the lattice of subgroups of Cn is
reciprocal to the lattice of subfields of Fpn . This is a simple case of the main theorem of Galois theory.

3 Extensions of rings and fields

The main objects of study in Number Theory is the field of algebraic numbers

Q̄ := {α ∈ C : f (α) = 0 for some f ∈ Z[x]}

and the ring of algebraic integers

Z̄ := {α ∈ C : f (α) = 0 for some monic f ∈ Z[x]}.

Clearly Z̄ ⊂ Q̄. The rational root test shows that Z̄ ∩ Q = Z. However, it is not obvious that Q̄ is
a field or that Z̄ is a ring. We will show that they are, and that Q̄ is the quotient field of Z̄. First we
develop some useful ideas about polynomials.

14
3.1 Symmetric polynomials

Let R be an integral domain with quotient field F . Let f (x) = c0 + c1 x + · · · cn xn ∈ R[x] be a

polynomial of degree n, with roots α1 , . . . , αn in some field E ⊃ F . In E[x] we have two expressions
for f (x):
Yn Xn
cn (x − αi ) = f (x) = ck x k .
i=1 k=0
In these expressions, the coefficients ci are known, and the roots αi are usually mysterious. Let us
therefore regard the αi as variables, and rename them ti . The coefficients ck will become functions of
the ti . Dropping cn , we consider the two expressions for the general polynomial of degree n:
n
Y n
X
(x − ti ) = (−1)k sk xn−k . (4)
i=1 k=0

This is an equation in the ring R[t1 , . . . , tn ][x] of polynomials in x; the coefficients sk are themselves
polynomials in t1 , . . . , tn . Expanding the left side of (4), we find these coefficients to be
s0 = 1
X
s1 = ti
1≤i≤n
X
s2 = ti tj
1≤i<j≤n
.. (5)
.
X
sk = ti1 · · · tik
1≤i1 <i2 <···<ik ≤n
..
.
sn = t1 · · · tn .
The functions sk ∈ R[t1 , . . . , tn ] are the elementary symmetric polynomials.

The symmetric group Sn acts on the ring R[t1 , . . . , tn ] by

(σ · f )(t1 , . . . , tn ) = f (tσ1 , . . . , tσn ),
where σ ∈ Sn and f ∈ R[t1 , . . . , tn ]. The Sn -invariant polynomials form the subring
R[t1 , . . . , tn ]Sn = {f ∈ R[t1 , . . . , tn ] : σ · f = f }.
of symmetric polynomials. Each sk belongs to R[t1 , . . . , tn ]Sn and these symmetric polynomials
are “elementary” in the sense that every symmetric polynomial is a polynomial in s1 , . . . , sn . More
precisely, we have the

Theorem 3.1 (Symmetric Polynomial Theorem) The map

R[t1 , . . . , tn ] −→ R[t1 , . . . , tn ]Sn
sending f (t1 , . . . , tn ) 7→ f (s1 , . . . , sn ) is a ring isomorphism.

15
Proof: The map is clearly a ring homomorphism. To prove that it is bijective, it is convenient to
use multi-index notation for polynomials. Let M be the set of n-tuples (m1 , m2 , . . . , mn ) of integers
mi ≥ 0. For µ = (m1 , m2 , . . . , mn ) ∈ M , let |µ| = m1 + m2 + · · · + mn . We define a total ordering
on M by declaring µ0 ≤ µ if either |µ0 | < |µ| or there is 1 ≤ k < n such that

m01 = m1 , m02 = m2 , · · · , m0k = mk , but m0k+1 < mk+1 . (6)

We need two properties of this ordering. First, adding componentwise we have

µ0 ≤ µ and ν 0 ≤ ν ⇒ µ0 + ν 0 ≤ µ + ν. (7)

Second, if µ = (m1 , . . . , mn ) with m1 ≥ m2 ≥ · · · ≥ mn and µ0 is obtained from µ by a nontrivial

permutation of the coordinates mi , then µ0 < µ.

Now each element f ∈ R[t1 , . . . , tn ] can be written as µ∈M cµ tµ , where tµ = tm mn

P
1 . . . tn and all but
1

finitely many cµ are zero. Let µ(f ) be the maximal µ ∈ M such that cµ 6= 0. From (7) it follows that

µ(f g) = µ(f ) + µ(g).

Now µ(sk ) = (1, 1, . . . , 1, 0, . . . , 0), with k 1’s. It follows that for integers dk ≥ 0 we have

µ(sd11 sd22 · · · sdnn ) = (d1 + d2 + · · · + dn , d2 + d3 + · · · + dn , . . . , dn ). (8)

We now show that the map in Prop. 3.1 is surjective. Let f = µ∈M cµ tµ ∈ R[t1 , . . . , tn ]Sn and let
P
µ(f ) = (m1 , . . . , mn ). Since f is symmetric, all µ0 obtained by nontrivial permutations of the mi also
have cµ0 6= 0. Since µ(f ) is maximal, we must have m1 ≥ m2 ≥ · · · ≥ mn . For 1 ≤ i < n let
di = mi − mi+1 , and let dn = mn . Then dk + · · · + dn = mk so

µ(s1d1 sd22 · · · sdnn ) = µ(f ).

Hence letting
f 0 = f − cµ(f ) sd11 sd22 · · · sdnn ,
we have µ(f 0 ) < µ(f ). Repeating this process with f 0 and continuing, we eventually express f as a
polynomial in s1 , . . . , sn . Hence the map in Prop. 3.1 is surjective.

Now for injectivity. A polynomial f = λ∈M cλ tλ ∈ R[t1 , . . . , tn ] is mapped to f (s) = λ∈M cλ sλ ,

P P
and we have seen above that µ(sλ ) = (`1 + · · · + `n , `2 + · · · + `n , . . . , `n ). Equation (8) shows that if
0
λ0 6= λ then µ(sλ ) 6= µ(sλ ). Hence µ(f (s)) = max{µ(sλ ) : cλ 6= 0}. This shows that if f 6= 0 then
f (s) 6= 0. Hence the map in Prop. 3.1 is injective. 

Example 1: For each k ≥ 0 the polynomial

pk = tk1 + tk2 + · · · + tkn

is symmetric. We have

p 1 = s1 , p2 = s21 − 2s2 , p3 = s31 − 3s1 s2 + 3s3 .

16
In general, pk can be expressed in terms of the elementary symmetric polynomials via the recursive
formula (“Newton’s identities”)
Xk
ksk + (−1)k sk−i pi = 0.
i=1

Example 2: The polynomial Y

d= (ti − tj )
1≤i<j≤n

is not quite symmetric. We have σ · d = sgn(σ)d, so d is invariant under the alternating group An but
not the full symmetric group Sn . However the square
Y
D= (ti − tj )2
1≤i<j≤n

is symmetric. This D is the discriminant polynomial. Its expression in terms of elementary symmetric
polynomials is complicated even for small n:

n=2: D = s21 − 4s2

n=3: D = s21 s22 − 27s23 − 4s32 − 4s31 s3 + 18s1 s2 s3
n=4: D = s21 s22 s23 + 256s34 − 27s43 − 27s41 s24 + 144s21 s2 s24 − 128s22 s24 + 4s21 s32 s4 + 16s42 s4
− 192s1 s3 s24 + 18s31 s2 s3 s4 − 80s1 s22 s3 s4 − 6s21 s23 s4 + 144s2 s23 s4 − 4s32 s23 − 4s31 s33
+ 18s1 s2 s33 .
(9)

In general the degree of D is n(n−1) and µ(D) = 2(n−1, n−2, . . . , 1) = µ(s21 s22 · · · s2n ) so s21 s22 · · · s2n
appears with coefficient = 1 in D. Does sn−1n always appear with coefficient ±nn ? For n = 5 this
coefficient is +55 . Does snn−1 always appear with coefficient ±(n − 1)n−1 ? For n = 5 this coefficient
is +256.

3.2 Integral ring extensions

Let R be an integral domain and let S be a subring of R. An element α ∈ R is integral over S if there
exists a monic polynomial f ∈ S[x] such that f (α) = 0. Let

RS = {α ∈ R : α is integral over S}.

Every s ∈ S is the root of the monic polynomial x − s ∈ S[x], so S ⊂ RS , so we have

S ⊂ RS ⊂ R.

Proposition 3.2 RS is a subring of R.

17
Proof: Let α, β ∈ RS be roots of monic polynomials f, g ∈ S[x]. Let h = f g ∈ S[x] and let E be a
field containing S in which h splits. By specializing ti 7→ γi in the general polynomial (4), we have
n
Y n
X
h= (x − γi ) = (−1)k sk (γ1 , . . . , γn )xn−k .
i=1 k=0

Since h ∈ S[x], each coefficient sk (γ1 , . . . , γn ) belongs to S. By the symmetric polynomial theorem,
we have f (γ1 , . . . , γn ) ∈ S for each symmetric polynomial f ∈ S[t1 , . . . , tn ]. Now the coefficients of
Y Y
H× = (x − γi γj ) and H+ = (x − γi − γj )
1≤i<j≤n 1≤i<j≤n

are symmetric polynomials evaluated at (γ1 , . . . , γn ), hence these coefficients lie in S, and H× , H+ are
monic polynomials in S[x]. Since αβ ∈ {γi γj } and α + β ∈ {γi + γj } we have H× (αβ) = 0 and
H+ (α + β) = 0, so αβ and α + β are integral over S. 

Integral extensions of Z have a property in common with PID’s, namely:

Proposition 3.3 Let R be an integral domain in which every element is integral over Z. Then every
nonzero prime ideal in R is maximal.

Proof: Let P be a prime ideal in R. Choose a nonzero element β ∈ P . Then β satisfies an equation
β n + c1 β n−1 + · · · + cn = 0, with all ci ∈ Z. Factoring out powers of β, and remembering that R is
an integral domain, we may assume that cn 6= 0. Then cn ∈ Rβ ⊂ P . This shows that P ∩ Z 6= {0}.
Since it is clear that P ∩ Z is a prime ideal in Z, we have P ∩ Z = pZ for some prime number p. Now
Fp = Z/pZ ,→ R/P , via the canonical homomorphism  : Z → R. Hence R/P is an Fp -algebra.

Let α ∈ R have nonzero image ᾱ ∈ R/P . Since R is integral over Z we have R/P algebraic over
Fp . Hence the homomorphism Fp [x] → R/P given by evaluation at α has kernel generated by an
irreducible polynomial f ∈ Fp [x]. As Fp [x]/(f ) is a field, it follows that ᾱ is contained in a subfield of
R/P and is therefore invertible in R/P . Hence R/P is a field, so P is maximal. 
√
Not every integral
√ extension of Z is a PID. For example, the ring Z[ −6] is integral over Z. Indeed,
every α ∈ Z[ −6] is a root of the √polynomial √x2 − (α + ᾱ)x + αᾱ, where ᾱ is the complex√conjugate
of α. However, the ideal P = (2, −6) in√Z[ −6] is not principal. For if P = (2m + n −6) with
m, n ∈ Z, then there would exist α, β ∈ Z[ −6] such that
√ √ √
2 = α · (2m + n −6), −6 = β · (2m + n −6),

so
4 = αᾱ(4m2 + 6n2 ), 6 = β β̄ · (4m2 + 6n2 ),
and 4m2 + 6n2 would divide 2 = 6 − 4, impossible. However,√P is maximal by Prop. 3.3. Indeed, P
is the kernel of the ring homomorphism R → F2 sending a + b −6 7→ a mod 2.

18
3.3 Prime ideals in Z[x]: elementary classification

In Z[x] we have only a partial division algorithm.

Proposition 3.4 If f and g are polynomials in Z[x] and f is monic, then there exist q, r ∈ Z[x] with
deg(r) < deg(f ) such that g = qr + r.

Proof: The proof for polynomials over a field works just as well here, since we do not have to divide
by the leading coefficient of f . 

The condition that f be monic is necessary. For example, there are no polynomials q, r ∈ Z[x] with
deg(r) < deg(2x) such that x2 = 2x · q + r. This complicates the picture of ideals in Z[x]. For
example, not every ideal in Z[x] is principal.

A polynomial f ∈ Z[x] is primitive if gcd(f ) = 1. Every f ∈ Z[x] can be written as f = cf1 where
c = gcd(f ) and f1 ∈ Z[x] is primitive.

Lemma 3.5 The product of two primitive polynomials is primitive. More generally, for f, g ∈ Z[x] we
have gcd(f g) = gcd(f ) · gcd(g).

Proof: If f and g are primitive but p is a prime dividing gcd(f g). Then f g = f¯ḡ = 0 ∈ Fp [x], so
either f¯ = 0 or ḡ = 0, so p divides gcd(f ) or gcd(g), a contradiction.

In general, let f = af1 and g = bg1 , where a = gcd(f ), b = gcd(g) and f1 , g1 are primitive. Then
gcd(f g) = gcd(af1 · bg1 ) = ab gcd(f1 g1 ) = ab, by the first case. 

Lemma 3.6 If f ∈ Q[x] is a monic polynomial then there is d ∈ Z such that f1 := df ∈ Z[x] and is
primitive; we have f Q[x] ∩ Z[x] = f1 Z[x]

Proof: Write
a0 a1 an−1 n−1
f= + x + ··· + x + xn
b0 b1 bn−1
with all ai , bi ∈ Z and gcd(ai , bi ) = 1. Let d be the least common multiple of the bi ’s. Then df ∈ Z[x]
has leading term dxn . Let p be a prime dividing d and write d = mpr , where p - m. Then r > 0 is the
maximal power of p dividing any bi . Choose i such that pr | bi . Then p - (d/bi ). And p - ai because
gcd(ai , bi ) = 1 Hence p does not divide the coefficient dai /bi of df , so df is primitive.

It is clear that the polynomial f1 := df belongs to f Q[x] ∩ Z[x], so that f1 Z[x] ⊂ f Q[x] ∩ Z[x].
Conversely, suppose g ∈ f Q[x] ∩ Z[x]. Let g = f h, with h ∈ Q[x]. Choose c ∈ Z such that ch ∈ Z[x].
Then cdg = f1 · ch, so cd · gcd(g) = gcd(ch). But since c | gcd(ch) we have h ∈ Z[x] to begin
with, and d · gcd(g) = gcd(h), so we even have h ∈ dZ[x]. Write h = dh1 with h1 ∈ Z[x]. Then
g = f h = f · dh1 = f1 h1 ∈ f1 Z[x]. 

Theorem 3.7 Every polynomial f ∈ Z[x] factors as f = cf1 · · · fn , where c = gcd(f ) ∈ Z and fi in
Z[x] are primitive nonconstant and irreducible in Z[x]. This factorization is unique up to sign and the
order of the factors.

19
Proof: We may assume that f is primitive. If f = gh for nonconstant g, h ∈ Z[x] then 1 = gcd(f ) =
gcd(g) gcd(h) by Lemma 3.5, so g, h are primitive. Repeating this, we obtain a factorization of f into
a product of primitive irreducible nonconstant polynomials. Suppose f1 · · · fk = f = g1 · · · g` are two
factorizations of f into primitive nonconstant irreducible polynomials in Z[x]. By Gauss’ Lemma, each
of the polynomials fi and gi are irreducible in Q[x]. By unique factorization in Q[x] we have k = `
and after re-indexing there are rational numbers ai /bi such that fi = (ai /bi )gi for all i. Since fi and gi
are both primitive we have
bi = gcd(bi fi ) = gcd(ai gi ) = ai
so fi = gi up to sign. 

We now classify the prime ideals in Z[x]. We note first that P ∩ Z is a prime ideal in Z, hence either
P ∩ Z = {0} or P ∩ Z = pZ for a unique prime p ∈ Z.

Theorem 3.8 The nonzero prime ideals in Z[x] are classified as follows.

1. If P ∩ Z = {0} then P = f Z[x], where f is the unique (up to sign) primitive polynomial in P of
minimal degree.

2. If P ∩ Z = pZ and P contains no primitive polynomial, then P = pZ[x].

3. If P ∩ Z = pZ and P contains a primitive polynomial then P = pZ[x] + f Z[x] where f ∈ Z[x]

is primitive with irreducible reduction f¯ ∈ Fp [x]. The ideal (f¯) in Fp [x] depends only on P .

Proof:

Assume that P ∩ Z = pZ and P contains no primitive polynomial. Let f ∈ P and write f = cf1 with
c = gcd(f ) and f1 primitive. Since f1 ∈
/ P , we must have c ∈ P ∩ Z. Hence p | c so f ∈ pZ[x] as
claimed.

For the rest of the proof we assume that P contains a primitive polynomial and let m be the minimal
degree of a primitive polynomial in P . If f ∈ P is primitive with deg f = m then Theorem 3.7 implies
that f is irreducible in Z[x].

Suppose that P 6= f Z[x]. Let n ≥ 0 be the minimal degree of a polynomial in P − f Z[x] and choose
g ∈ P − f Z[x] of this minimal degree n. Suppose g factors as g = hk in Z[x]. Neither h nor k can
belong to f Z[x]. If, say, h ∈ P then by minimality deg(h) = deg(g) and k is constant. By Gauss’
Lemma, f and g are irreducible in Q[x] so there exist a(x), b(x) ∈ Q[x] such that af +bg = 1. Clearing
denominators in the coefficients of a, b we find d ∈ Z such that da, db ∈ Z[x] and daf + dbg = d ∈ P .

If P ∩ Z = {0} this is a contradiction, so P = f Z[x] as claimed, and any other primitive polynomial
h ∈ P of degree m is divisible by f in Z[x], so h = ±f .

If P ∩ Z = pZ then p | d and the ideal (p, f ) = pZ[x] + f Z[x] is contained in P . Let f¯ ∈ Fp [x] be
the reduction of f modulo p. Since f is primitive, we have f¯ 6= 0. Suppose f¯ is reducible in Fp [x].
Then there are polynomials h, k, r ∈ Z[x] such that f = hk + pr, both h and k are nonconstant, and

20
deg(h) + deg(k) = deg(f¯) ≤ deg(f ). Since p ∈ P we have hk ∈ P . By minimality of m, either h or
k is constant, a contradiction. Therefore f¯ is irreducible in Fp . It follows that

Z[x]/(p, f ) ' Fp /(f¯)

is a field, so (p, f ) is a maximal ideal in Z[x] and we have (p, f ) = P , as claimed.

Finally, suppose (p, f ) = P = (p, g) where f, g ∈ Z[x] are primitive with irreducible reductions
f¯, ḡ ∈ Fp [x]. There are h, k ∈ Z[x] such that f = ph + gk, so f¯ = ḡ k̄ ∈ (ḡ). Likewise ḡ ∈ (f¯), so that
(f¯) = (ḡ). This completes the proof of Thm. 3.8. 

From Prop. 3.3 we know that prime ideals in integral extensions of Z are maximal. We can now
sharpen this as follows.

Corollary 3.9 Let R be an integral domain and let α in R be integral over Z with minimal monic
irreducible polynomial f ∈ Z[x]. Then every nonzero prime ideal P of R is maximal and has the form
P = (p, g(α)), where p ∈ Z is prime and g ∈ Z[x] is monic such that ḡ is an irreducible factor f¯ in
Fp [x] and we have
Z[α]/P ' Fp [x]/ḡFp [x] ' Fpd ,
where d = deg g.

Proof: Let f ∈ Z[x] be the monic irreducible polynomial of α. Then Z[x]/f Z[x] ' Z[α] via
evaluation at α, so the prime ideals of Z[α] correspond to the prime ideals of Z[x] containing f . From
the classification of prime ideals in Z[x], we see these primes consist of f Z[x] itself and the primes
(p, g), where ḡ is irreducible modulo p and f = gh + pk for some h, k ∈ Z[x]. This last is equivalent
to having f¯ = ḡ h̄ in Fp [x]. In other words, ḡ must be an irreducible factor of f¯ in Fp [x]. When this
holds, we have isomorphisms
∼ ∼
Z[α]/(p, g(α)) ←− Z[x]/(p, g) −→ Fp [x]/ḡFp [x],

induced by evaluation at α and reduction modulo p, respectively. Since ḡ is irreducible of degree d, the
ring Fp [x]/ḡFp [x] is a field of cardinality pd . 

3.4 The spectrum of a commutative ring

Let R be a commutative ring. Define Spec(R) to be the set of prime ideals of R. There is a topology
on Spec(R) for which the closed sets are those of the form

V (I) = {P ∈ Spec(R) : I ⊂ P },

where I is an ideal in R. One checks that

• V ({0}) = R and V (R) = ∅;

• V (I) ∪ V (J) = V (IJ) for any two ideals I, J in R;

21
 T P 
• j V (Ij ) = V j Ij for any family of ideals {Ij } in R,

so that the sets V (I) are indeed the closed sets of a topology on Spec(R). The open sets are then the
complements U (I) = {P ∈ Spec(R) : I 6⊂ P }.

In this topology points in Spec(R) are not generally closed. If P ∈ Spec(R) and V (I) contains P ,
then V (P ) ⊂ V (I). It follows that the closure of {P } is V (P ). We have {P } = V (P ) exactly when
P is maximal. Hence, the closed points in Spec(R) are the maximal ideals of R. At the other extreme,
if R is an integral domain then {0} ∈ Spec(R), and

{ {0} } = V ({0}) = R.

That is, the point {0} is dense in Spec(R). We set ξR = {0} and call this the generic point in Spec(R).

The correspondence theorem for ideals gives a bijection

∼
Spec(R/I) −→ V (I)

which is a homeomorphism because it sends any closed set V ((I + J)/I) ⊂ Spec(R/I) to the closed
set V (I) ∩ V (J) ⊂ V (I).

More generally, any ring homomorphism ϕ : R → R0 gives a function

ϕ∗ : Spec(R0 ) −→ Spec(R) Q 7→ ϕ−1 (Q).

One checks that (ϕ∗ )−1 (V (I)) = V (I 0 ), where I 0 is the ideal of R0 generated by ϕ(I). It follows that
ϕ∗ is continuous.

For any ideal J ⊂ R0 , one checks that

ϕ∗ (V (J)) = im ϕ∗ ∩ V (ϕ−1 (J)).

If we give im ϕ∗ the subspace topology from Spec(R) then ϕ∗ : Spec(R0 ) → im ϕ∗ is a closed map.

If R is a subring of R0 and ϕ : R ,→ R0 is the inclusion then ϕ∗ (Q) = Q ∩ R, for any Q ∈ Spec(R0 ).

If R0 is an integral domain then ker ϕ is a prime ideal in R and ϕ∗ sends the generic point ξR0 ∈
Spec(R0 ) to ker ϕ ∈ Spec(R).

3.4.1 Spec(Z[x])

We illustrate all of this with the evident ring homomorphisms

Q[x] o Z[x]
O
/ Fp [x] ,

22
which give continuous maps
η
Spec(Q[x]) / Spec(Z[x]) o π
Spec(Fp [x]) .
ε

Spec(Z)
We have
Spec(Z) = {ξZ } ∪ {pZ : p prime}
Spec(Q[x]) = {ξQ[x] } ∪ {f Q[x] : f ∈ Q[x] irreducible}
Spec(Fp [x]) = {ξFp [x] } ∪ {f Fp [x] : f ∈ Q[x] irreducible}.
From Theorem 3.8, the points P ∈ Spec(Z[t]) are of three types:

i) P = f Z[x], where f ∈ Z[x] is primitive and irreducible.

ii) P = pZ[x], where p is a prime in Z.

iii) P = pZ[x] + f Z[x] where p ∈ Z is prime and f ∈ Z[x] is primitive with f¯ ∈ Fp irreducible.

This classification fits in neatly with the partition of Spec(Z[x]) into fibers of ε:

The primes of type i) are the points in the generic fiber ε−1 (ξZ ).

The primes in types ii) are dense in the closed fiber ε−1 (pZ).

The primes of type iii) are the closed points in ε−1 (pZ).

Moreover, η and π give homeomorphisms onto the fibers (with the subspace topology)
∼ ∼
Spec(Q[x]) −→ ε−1 (ξZ ) ⊂ Spec(Z[x]) ⊃ ε−1 (pZ) ←− Spec(Fp [x]).
η π

Explicitly, we have
η(f Q[x]) = f1 Z[x],
where f1 is the unique primitive irreducible polynomial in f Q[x]∩Z[x] (cf. Lemma 3.6) and π(f¯Fp [x]) =
pZ[x] + f Z[x] (cf. part 3 of Theorem 3.8).

We also have the following “transverse” partition of Spec(Z[x]). Let f ∈ Z[x] be primitive and irre-
ducible. Then the closure of the point f Z[x] is
{f Z[x]} = V (f Z[x]) = {f Z[x]} ∪ {(p, g) : ḡ is an irreducible factor off¯ ∈ Fp [x]},
and is homeomorphic to Spec(Z[α]), where α is an element in a number field with minimal integral (not
necessarily monic) polynomial f . Thus, the points in {f Z[x]} ∩ ε−1 (pZ) correspond to the irreducible
factors of f modulo p, and also the the primes in Z[α] which contain p.

3.5 Algebraic field extensions

If a field F is a subfield of a field E, we say that E/F is a field extension. Let E/F be a field
extension. We say that α ∈ E is algebraic over F if there exists a nonzero polynomial f ∈ F [x] such

23
that f (α) = 0. 2 Equivalently, α is algebraic over F if the map ϕα : F [x] → E has nonzero kernel. In
this case ker ϕα = (fα ), where fα is the unique monic polynomial in ker ϕα of lowest degree, and ϕ
induces an isomorphism
ϕα : F [x]/(fα ) ∼−→ F (α),
where F (α) = im ϕα is the subfield of E generated by F and α. We have

F (α) = {c0 + c1 α + · · · + cn−1 αn−1 : ci ∈ F },

where n = deg fα . The polynomial fα is the minimal polynomial of α. A field extension E/F itself
an algebraic extension if every element of E is algebraic over F .

Corollary 3.10 Given a field extension E/F , the set L = {α ∈ E : α is algebraic over F } is a
subfield of E containing F .

Proof: That L is a subring of E follows from Prop. 3.2. If α is a nonzero element of L with minimal
polynomial fα ∈ F [x] of degree n, then α−1 is a root of the polynomial g(x) = xn fα (1/x) ∈ F [x], so
α−1 ∈ L. Therefore L is a field. 

Remark: If K/E and E/F are two algebraic field extensions, then K/F is also algebraic. We defer
the proof of this to the next section (see Cor. 3.15).

The typical situation in which integrality and algebraicity are related is as follows. Let S be an integral
domain with quotient field F and let E/F be a field extension. The integral closure of S in E is the
subring R ⊂ E consisting of elements of E which are integral over S.

Proposition 3.11 If α ∈ E is algebraic over F then there exists s ∈ S such that sα ∈ R.

Proof: Let fα = ck xk be the minimal polynomial of α over F , with n = deg fα . There exists s ∈ S
P
such that rck ∈ S for all k, and sα is a root of the monic polynomial sn fα (x/s) ∈ S[x]. 

Corollary 3.12 Let S be an integral domain with quotient field F , let E/F be an algebraic extension
and let R be the integral closure of S in E. Then E is the quotient field of R.

3.5.1 The ring of algebraic integers and the field of algebraic numbers

The field of algebraic numbers is the field Q consisting of complex numbers which are algebraic over
Q. That is, Q consists of those complex numbers α which are roots of polynomials in Q[x].

The ring of algebraic integers is the ring Z consisting of complex numbers which are integral over Z.
That is, Z̄ consists of those complex numbers α which are roots of monic polynomials in Z[x].
2
If this holds, we could arrange f to be monic, so α is integral over the subring F of E. We use the word “algebraic”
instead of “integral” in the context fields to emphasize that we are only interested in the property that the powers of α satisfy
an algebraic relation.

24
From Cor. 3.12 it follows that Q is the quotient field of Z.

The rational root test shows that Z ∩ Q = Z.

The ring Z and its quotient field Q are the main objects of study in number theory.

3.6 Field extensions of finite degree

A field extension E/F is finite if E has finite dimension as an F -vector space. In this case we write

[E : F ] = dimF E.

Proposition 3.13 IF L/E and E/F are finite extensions of fields then L/F is finite and we have

[L : F ] = [L : E][E : F ].

Proof: Let {α1 , . . . , αn } be an F -basis of E and let {β1 , . . . , βm } be an E-basis of L. One checks that
{αi βj : 1 ≤ i ≤ n, 1 ≤ j ≤ m} is an F -basis of L. 

A pair of extensions L/E, E/F is called a tower of fields. Towers often appear by adjoining elements,
as follows. Suppose K/F is a field extension and α ∈ K. The field F (α) is the intersection of all sub-
fields of K containing α. More generally, given α1 , . . . , αn ∈ K, the field F (α1 , . . . , αn ) is the inter-
section of all subfields of K containing {α1 , . . . , αn }. We have F (α1 , . . . , αn ) = F (α1 , . . . , αn−1 )(αn )
and the field F (α1 , . . . , αn ) can be obtained from F adjoining one element at a time, forming a tower:

F ⊂ F (α1 ) ⊂ F (α1 , α2 ) ⊂ · · · F (α1 , · · · , αn ) ⊂ K.

A field F (α1 , · · · , αn ) obtained in this way is finitely generated over F .

Proposition 3.14 A finite field extension E/F is algebraic. If E/F is algebraic and E is finitely
generated over F then E/F is finite.

Proof: Let E/F be a finite extension and let α ∈ E. Then the set of powers {αi } must be linearly
dependent over F . A dependence relation is of the form c0 + c1 α + · · · + cn xn = 0, with all ck ∈ F .
Thus α is a root of the polynomial c0 + c1 x + · · · + cn xn , so α is algebraic over F . Since α ∈ E was
arbitrary, we have E/F algebraic.

Now suppose E = F (α) is an algebraic extension of F generated by a single element α with minimal
polynomial fα ∈ F [x]. Then F [x]/(fα ) ' E via evaluation at α, and [E : F ] = deg fα < ∞, so
E/F is finite. Finally suppose E = F (α1 , . . . , αn ) is finitely generated and algebraic over F . Let
F0 = F and for 1 ≤ i ≤ n let Fi = F (α1 , . . . , αi ) = Fi−1 (αi ). By what we just proved for a single
generator, [Fi : Fi−1 ] < ∞ for each 1 ≤ i ≤ n. From Prop. 3.13 we have [Fi : F ] = [Fi : Fi−1 ][Fi−1 :
Fi−2 ] · · · [F1 : F ] < ∞. In particular [E : F ] < ∞. 

Now we can prove that algebraicity is preserved under towers.

25
Corollary 3.15 If L/E and E/F are algebraic then L/F is algebraic.

Proof: Let α ∈ L. Since L/E is algebraic, there is f = nk=0 ck xk ∈ E[x] such that f (α) = 0.
P
Each coefficient ck lies in E and E/F is algebraic so each ck is algebraic over F . That is, each ck
lies in the algebraic closure F E of F in E. Since F E is a field (Cor. 3.10), the finitely generated field
K = F (c0 , . . . , cn ) ⊂ F E is is algebraic over F . Hence K/F is finite by Prop. 3.13. And f ∈ K[x], so
α is algebraic over K so K(α)/K is finite, again by Prop. 3.13. So K(α)/F is finite, hence algebraic
over F , so α is algebraic over F . Since α ∈ L was arbitrary, the extension L/F is algebraic. 

3.6.1 Some abelian numbers

An abelian number is an element of Q(e2πi/n ) for some integer n ≥ 1. 3

Both complex numbers e±2πi/n are roots of xn − 1, hence lie in Z. Since Z is closed under addition,
−2πi/n
it follows that 2 cos(2π/n) = e2πi/n √ +e is an algebraic integer. The factor of 2 is necessary.
For example, α = cos(2π/12) = 3/2 satisfies 4α2 − 3 = 0, but no monic polynomial over Z. For
1 ≤ n ≤ 12 we list the monic polynomials in Z[x] of minimal degree having e2πi/n and 2 cos(2π/n) as
roots:
n e2πi/n 2 cos(2π/n)
1 x−1 x−2
2 x+1 x+2
2
3 x +x+1 x+1
4 x2 + 1 x
4 3 2 2
5 x +x +x +x+1 x +x−1
2
6 x −x+1 x−1 (10)
7 x6 + x5 + x4 + x3 + x 2 + x + 1 x3 + x2 − 2x − 1
8 x4 + 1 x2 − 2
6 3 3
9 x +x +1 x − 3x + 1
5 4 3 2
10 x −x +x −x +x−1 x2 − x − 1
11 x10 + x9 + · · · + x + 1 x5 + x4 − 4x3 − 3x2 + 3x + 1
4 2
12 x −x +1 x2 − 3
For a general prime p > 2, the minimal polynomial Ψp (x) of 2 cos(2π/p) is found as follows. Write
p = 2n + 1, so that

z −n Φp (z) = z n + z n−1 + · · · + z 1−n + z −n = Ψ(z + z −1 ),

where Ψ ∈ Z[x] is a monic polynomial of degree n, which we will compute in a moment. Since n is
the degree of the minimal polynomial of 2 cos(2π/p) and

Ψ(2 cos(2π/p)) = Ψ(e2πi/p + e−2πi/p ) = e−2nπi/p Φp (e2πi/p ) = 0,

it follows that Ψ = Ψp is the minimal polynomial of 2 cos(2π/p). To determine Ψp , let

fn (z) = z n + z n−2 + · · · + z 2−n + z −n .

3
The term “abelian” will make more sense when we see the Kronecker-Weber theorem.

26
Then we have the Clebsch-Gordon rule 4

f1 · fn = fn−1 + fn . (11)
Using equation (11) one verifies by induction that
k  
X k+i
f2k (z) = (−1) k
(−1) i
(z + z −1 )2i = g2k (z + z −1 )
i=0
k − i
k   (12)
i k+i+1
X
f2k+1 (z) = (−1)k
(−1) (z + z −1 )2i+1 = g2k+1 (z + z −1 ),
i=0
k − i

where
k  
i k+i
X
k
g2k (x) = (−1) (−1) x2i
i=0
k−i
k   (13)
i k+i+1
X
k
g2k+1 (x) = (−1) (−1) x2i+1 .
i=0
k − i

Since Ψp (z + z −1 ) = fn (z) + fn−1 (z) = gn (z + z −1 ) + gn−1 (z + z −1 ), it follows that the minimal

polynomial of 2 cos(2π/p) is given by

Ψp (x) = gn (x) + gn−1 (x), (14)

where the polynomials gn , gn−1 are given by (13). Since these two polynomials have opposite parity,
there is no cancellation between their terms.

3.6.2 Constructible numbers

The geometric constructions in Euclid’s Elements can be explained in terms of finite and algebraic
extensions of Q. The allowed constructions are of two types:

1. Given distinct points α, β ∈ C we can draw the line through α and β.

2. Given α ∈ C and a real number r > 0 we can draw the circle with center α and radius r.

A number α ∈ C is constructible if, starting with 0, 1 we can obtain α by a sequence of constructions

of types 1 and 2 and taking intersections. Let

K = {α ∈ C : α is constructible}.
4
fn (z) is the trace of a matrix in SL2 (C) with eigenvalues z, z −1 acting on the space Symn of symmetric polynomials
of degree n on C2 , and the Clebsch-Gordon rule gives the tensor product decomposition of representations

Sym1 ⊗ Symn = Symn−1 ⊕ Symn+1 .

27
Many of the geometric constructions in the Elements can be expressed in algebraic language as follows.

Theorem 3.16 The set K is a subfield of C, algebraic over Q and closed under taking square-roots.

Proof: Intersections of lines and circles are found by solving a linear or quadratic equation with
coefficients already constructed. Hence a complex number α is constructible exactly when there is
tower of extensions
Q = F0 ⊂ F1 ⊂ F2 ⊂ · · · ⊂ Fn
with each [Fi : Fi−1 ] = 2, and α ∈ Fn . Each α ∈ K lies in a finite extension of Q, hence is algebraic
over Q. And the square-roots of a given√ complex number can constructed using operations 1 and 2.
Hence α ∈ K implies (both values of) α are in K. 

The constructible numbers are precisely those which can be expressed

√ in terms of nested square-roots.
For example Prop. I.1 in the Elements constructs e2πi/6 = (−1 + −3)/2, whose minimal polynomial
is x2 − x + 1, by drawing the line through 0, 1, then drawing the circles of radius 1 centered at 0, 1.
Elsewhere in the Elements Euclid proves that the root of unity e2πi/n is constructible for

n = 2, 3, 4, 5, 6, 8, 10, 12, 15 (15)

and that e2πi/n constructible implies eπi/n constructible. This shows that 2 cos(2π/n) is also con-
structible for these n. Constructing e2πi/n or 2 cos(2π/n) is equivalent to constructing a regular polygon
with n sides. Naturally, the Greeks and those who came after were tantalized by the gaps in Euclid’s
list (15).

The Three Problems of Antiquity are really questions about K.

1. To square the circle. [Is π ∈ K?]

√
2. To duplicate the cube. [Is 3 2 ∈ K?]

3. To trisect a given angle. [For example, is cos(2π/9) ∈ K?]

As the Greeks suspected, the answers to the three questions are No, No and No. We address the second
and third No’s here. 5

Let α ∈ K and let Q = F0 ⊂ F1 ⊂ F2 ⊂ · · · ⊂ Fn be a tower of quadratic extensions with α ∈ Fn .

Then Q ⊂ Q(α) ⊂ Fn , so [Q(α) : Q] divides [Fn : Q] = 2n . Since [Q(α) : Q] is the degree of the
minimal polynomial fα ∈ Q[x] of α over Q, this proves

Proposition 3.17 If α ∈ K then deg fα is a power of 2.

5
The No for problem 1 is the transcendence of π (that is, π is not algebraic over Q). This was proved in 1882 by
Lindenmann. Proofs abound on the web, using facts about algebraic numbers and symmetric polynomials that we have
proved, and some basic analysis.

28
 √ √
For α = 3
2 we have fα = x3 − 2, so 3 2 ∈
/ K.

For α = cos(2π/9) we have fα = x3 − 3x + 1 (see the list (10)) so cos(2π/9) ∈

/ K.

This explains the absence of n = 9 in the list (10). The other missing numbers are primes or twice a
prime. For n = p a prime, the minimal polynomial of e2πi/p is the cyclotomic polynomial Φp (x) =
1 + x + x2 + · · · + xp−1 (see (3)). Hence e2πi/p can only be constructible if p − 1 is a power of 2, which
m
forces p = 22 + 1 to be a Fermat prime. The known Fermat primes are

3 = 2 + 1, 5 = 22 + 1, 17 = 24 + 1, 257 = 28 + 1, 65537 = 216 + 1.

These are the only known primes for which e2πi/p could be constructible. In fact each of these roots of
unity is constructible. For an expression of e2πi/17 in terms of nested square roots, see [Hardy-Wright,
p.60]. The issue here is that the converse of Prop. 3.17 is false: there are algebraic integers α ∈ Z for
which deg fα a power of 2 yet α is not constructible. The precise criterion for constructibility requires
more information about fα than just its degree. This extra information comes from Galois theory.

3.7 Splitting fields

Let F be a field and let f ∈ F [x]. Recall from Prop. 1.4 that there exists a field L ⊃ F such that
f splits into product of linear factors in L[x]. The field L is not unique; indeed, a smaller field may
suffice to split f . We seek minimal fields in which f splits.

We say that E is a splitting field for f over F if

1. f is a product of linear factors in E, and

2. E is generated by the roots of f in E.

n
Example 1: We constructed Fpn as the splitting field of f = xp − x over Fp .

Example 2: Let F = Q and let f = x3 − 2. The roots of f in C are α, ζα, ζ 2 α, where ζ = e2πi/3 and
α is the real cube-root of 2. A splitting field is constructed via the tower

Q ⊂ Q(α) ⊂ Q(α, ζ).

Since fα = x3 − 2, we have [Q(α) : Q] = 3. Since ζ is not real, its minimal polynomial x2 + x + 1

over Q remains irreducible over Q(α) and therefore [Q(α, ζ) : Q(α)] = 2. Hence the splitting field
Q(α, ζ) has degree [Q(α, ζ) : Q] = 2 · 3 = 6 over Q.

Example 3: Let F = Q and let f = x3 + x2 − 2x − 1. This is the minimal polynomial of α =

2 cos(2π/7) and the other roots of f are β = 2 cos(4π/7) and γ = 2 cos(6π/7). The trigonometric
identities
cos 2θ = 2 cos θ − 1, cos 3θ = 4 cos3 θ − 3 cos θ.
show that β, γ are rational polynomial expressions in α. Hence Q(α) is the splitting field of f and its
degree is [Q(α) : Q] = 3.

29
It turns out that the splitting field of a cubic polynomial f = x3 + ax2 + bx + c ∈ F [x] has degree either
3 or 6 over F , and this can be detected (without knowing anything about the roots of f ) by whether the
discriminant (see (9))
D(f ) = a2 b2 − 27c2 − 4b3 − 4a3 c + 18abc (16)
is a square in F × . In Example 2, we have D(f ) = −27 · 4 a non-square in Q× , while in Example 3,
we have D(f ) = 49 ∈ Q×2 .

Splitting fields always exist. For if we choose any field L in which f splits, say
n
Y
f = c (x − αi ) ∈ L[x],
i=1

6
the field E = F (α1 , . . . , αn ) is a splitting field for f over F .

Any splitting field is has finite degree over F , since it is obtained by adjoining finitely many roots.

However, splitting fields are not unique. For example, take F = Q and f = x2 − 2 ∈ Q[x]. The
polynomial Q splits in R and also in the p-adic field Qp for when 2 ∈ F×2
p , which occurs exactly when
16 | (p − 1). We have infinitely many splitting fields E = Q(α), where α is a root of x2 − 2 in R or
2

Qp for such p. Each of these fields consist of completely different elements (real or p-adic numbers)
but they are both isomorphic to Q[x]/(x2 − 2), hence E ' E 0 as fields. So the best we can hope for is
that splitting fields are unique up to isomorphism. This is true.

Proposition 3.18 Let F be a field, let f ∈ F [x] and let E, E 0 be two splitting fields of f over F . Then
∼
there is a field isomorphism ϕ : E −→ E 0 such that ϕ(a) = a for all a ∈ F .

The assertion of Prop. 3.18 may be visualized in the commutative diagram, where the vertical arrows
are the inclusion maps.
∼
E −−−→ E 0
ϕ
x x
(17)
 
 
F −−−→ F
id

An isomorphism ϕ as in the diagram (17) is called an isomorphism over F .

Prop. 3.18 will follow from a more flexible result whose proof is more amenable to induction: We
0
replace the lower line in (17) by a fixed isomorphism of fields ψP: F → FP . This extends to an
0 k
isomorphism of polynomial rings ψ : F [x] → F [x] given by ψ( ck x ) = ψ(ck )xk . It will be
convenient to write g 0 = ψ(g) for g ∈ F [x].

∼
Theorem 3.19 (The Extension Theorem) Fix a field isomorphism ψ : F −→ F 0 as above. Let f ∈
F [x], with f 0 = ψ(f ) ∈ F 0 [x] and suppose E, E 0 are splitting fields of f, f 0 over F, F 0 , respectively.
6
F (α1 , . . . , αn ) is the intersection of all subfields of L containing F and {α1 , . . . , αn }. Inductively, we have
F (α1 , . . . , αn ) = F (α1 , . . . , αn−1 (αn ).

30
 ∼
There exists a field isomorphism ϕ : E −→ E 0 extending ψ, that is, so that we have a commutative
diagram
∼
E −−−→ E 0
ϕ
x x
(18)
 
 
∼
F −−−→ F 0
ψ

Proof: We use induction on [E : F ], which is finite. If [E : F ] = 1 there is nothing to prove.

Otherwise, there is a root α of f in E such that α ∈ / F . Let g ∈ F [x] be the minimal polynomial of α.
Then g is irreducible in F [x]. And g | f in F [x], so g 0 | f 0 in F 0 [x]. Since f 0 splits in E 0 , there is a
0 0

root α0 ∈ E 0 of g 0 . And g 0 is the minimal polynomial of α0 in F 0 [x]. Hence we have field isomorphisms
∼ ∼ ∼
F (α) ←− F [x]/(g) −→ F 0 [x]/(g 0 ) −→
0
F 0 (α0 )
α ψ α

∼
which give an isomorphism ψ1 : F (α) −→ F 0 (α0 ) extending ψ. Since [E : F (α)] < [E : F ], the
∼
isomorphism ψ1 extends, by induction, to an isomorphism ϕ : E −→ E 0 . Clearly ϕ also extends ψ. 

Corollary 3.20 Let f ∈ F [x] and let L/F be a field extension such that f splits in L[x] as
k
Y
f = c (x − αi )mi ,
i=1

where the αi are the distinct roots of f in L and the mi are positive integers. Then the set {mi }, with
multiplicities, is independent of L.

0
Proof: Let L0 /F be another extension splitting f , so that f = c `j=1 (x − αj0 )mi in L0 [x]. Let
Q
E = F (α1 , . . . , αk ) and E 0 = F (α10 , . . . , α`0 ) be the splitting fields of f over F in L and L0 respectively.
∼
By Prop. 3.18, there is an isomorphism ϕ : E → E 0 over F . The induced map ϕ : E[x] → E 0 [x] is the
identity on F [x], so in E 0 [x] we have
k `
0
Y Y
c (x − ϕ(αi ))mi = ϕ(f ) = f = c (x − αj0 )mi .
i=1 j=1

By unique factorization in E 0 [x] we have

{ϕ(αi )} = {αj0 }, and {mi } = {m0j }

as sets-with-multiplicities. 

It therefore makes sense to say that a polynomial f ∈ F [x] has a multiple root if f has a repeated factor
(some mi > 1) in a splitting field of f over F . Otherwise (if all mi = 1) we say f has distinct roots.
Having multiple or distinct roots is a quality independent of the choice of splitting field containing the
roots.

31
Example: Suppose F has characteristic p and let f = xp − a ∈ F [x] where a ∈ F . Let E/F be an
extension in which f splits and let α, β be two roots of f in E. Then αp = a = β p , so α/β is a root
of xp − 1 = (x − 1)p , meaning that α = β. Hence f = (x − α)p in E[x], so f has a multiple root.
Assume now that a is not the pth power of any element in F . I claim that f is irreducible in F [x]. For
if g ∈ F [x] is a nonconstant monic factor of f then g also divides f in E[x] so g = (x − α)k for some
1 ≤ k ≤ p. The coefficient of xk−1 in g is −kα, which must belong to F , since g ∈ F [x]. But α ∈ / F,
since a ∈/ F p . Hence k = p and g = f . Therefore f is an irreducible polynomial having a multiple
root.

Proposition 3.21 Let F be a field. For a nonconstant irreducible polynomal f ∈ F [x], the following
are equivalent.

1. f has a multiple root.

2. The formal derivative f˙ is the zero polynomial. 7

3. The field F has characteristic p > 0 and f ∈ F [xp ].

Proof: (1 ⇒ 2): Let E be a splitting field for f . If f has a multiple root then f has a root α ∈ E such
that f (x) = (x − α)m g(x) in E[x], with m > 2. Then f˙(x) = m(x − α)m−1 g(x) + (x − α)m ġ(x) so
f˙(α) = 0. Since f is irreducible in F [x] it follows that f | f˙. If f˙ 6= 0 then deg f˙ < deg f would be a
contradiction, so f˙ = 0 in F [x].

(2 ⇒ 3): Suppose f˙ = 0 in F [x]. If f = nk=0 ck xk , then f˙ = nk=1 kck xk−1 = 0. Hence kck = 0
P P
for all 1 ≤ k ≤ n, so if xk appears in f we must have k = 0 ∈ F . This forces F to have characteristic
p > 0 and p | k whenever ck 6= 0, meaning that f ∈ F [xp ].

(3 ⇒ 1): Suppose f ∈ F [xp ], soQthat f (x) = g(xp ) for some g ∈ F [x]. Let E be a splitting field of g
over F . In E[x] we have g = c (x − αi )mi . Enlarging E if necessary, we may assume that xp − αi
splits in E for each i. The previous example shows that there exist βi in E such that xp −αi = (x−βi )p .
We have Y Y
f = c (xp − αi )mi = c (x − βi )pmi .
Since each pmi > 1, the polynomial f has a multiple root. 

A polynomial f ∈ F [x] is separable if each irreducible factor of f in F [x] has distinct roots. A product
of separable polynomials is separable.

An algebraic extension E/F is separable if every polynomial f ∈ F [x] having a root in E is separable
over F . Equivalently, E/F is separable if for every α ∈ E the minimal polynomial of α over F has
distinct roots. An algebraic extension E/F is inseparable if it is not separable.

If F has characteristic zero then every algebraic extension E/F is separable.

F is a finite field of characteristic p then every algebraic extension E/F is separable. For the Frobenius
map φ : F → F sending φ(a) = ap is injective (since ap − 1 = (a − 1)p ) hence surjective since F
Pn Pn
7
If f = k=0 ck x
k
then f˙ = k=1 kck xk−1 .

32
is finite. It follows that F [xp ] = F [x]p . Hence F [xp ] contains no nonconstant irreducible polynomials
over F , so every irreducible polynomial f ∈ F [x] is separable.

A field F can have inseparable extensions only if F is infinite of characteristic p. For example, let F =
Fp (T ) be the field of rational functions over Fp in the variable T . Then the polynomial xp − T ∈ F [x]
is not separable over F (see the example prior to Prop. 3.21), and its splitting field E = Fp (T 1/p ) is an
inseparable extension of F .

3.8 Automorphisms and Galois Extensions

3.8.1 Field automorphisms

For any field extension E/F , let

Aut(E/F ) = {σ ∈ Aut(E) : σ(a) = a for all a ∈ F }

denote the group of automorphisms of E which are the identity on F . An element σ ∈ Aut(E/F )
makes the following diagram (cf. (17)) commute:
σ
E −−−→ E
x x
 
  (19)
F −−−→ F.
id

If F is the prime field (either Q or Fp according as the characteristic is 0 or p > 0, then every automor-
phism of E is trivial on F , so in this case F = Aut(E) is the full automorphism group of E.

Each σ ∈ Aut(E/F ) extends to an automorphism of the polynomial ring E[x] by acting on the coef-
k
σ(ck )xk . If f ∈ F [x], then σ(f ) = f . Hence if α ∈ E is a root of f , then
P P
ficients: σ( ck x ) :=
σ(α) is also a root of f . Thus, Aut(E/F ) permutes the roots of every polynomial f ∈ F [x].

3.8.2 Automorphisms of finite extensions

If E/F is a finite extension, then the automorphism group Aut(E/F ) is finite. More precisely, we
have:

Proposition 3.22 If E/F is a finite extension of degree n, then Aut(E/F ) is isomorphic to a subgroup
of Sn .

Proof: Assume E/F is finite and let G = Aut(E/F ). Then we have E = F (α1 , . . . , αn ) for some
elements αi ∈ E. Let fi ∈ F [x] be the minimal polynomial of αi and let ni be the number of roots of
fi in E. These roots are permuted by G which acts faithfully on {α1 , . . . , αn }, since the αi generate E
over F . This gives an injective homomorphism G ,→ Sn . 

33
Beware that Aut(E/F ) can be trivial even when E ) F . For example, let F = Q and let E = Q(α)
where α is the real root of x3 − 2. The other roots of x3 − 2 are not real and they do not lie in E. Hence
any element of Aut(E) must fix α and hence is trivial since α generates E. The problem is that Q(α)
is too small to display the symmetry of the three roots of x3 − 2.

3.8.3 Galois extensions

A finite extension E/F is Galois if E is the splitting field of a separable polynomial f ∈ F [x]. If K
is any intermediate field, F ⊂ K ⊂ E, then E is also the splitting field of f over K, so the extension
E/K is Galois. When E/F is Galois the group Aut(E/F ) is called the Galois group of E/F .

Proposition 3.23 If E/F is a Galois extension then | Aut(E/F )| = [E : F ].

Proof: We use induction on the degree [E : F ]. Let f ∈ F [x] be a separable polynomial for which
E is the splitting field over F . Let f1 be an irreducible factor of f . Then f1 has distinct roots, since f
is separable. Let α1 , . . . , αs be these distinct roots of f1 , where s = deg f1 . These roots generate the
splitting field F1 = F (α1 , . . . , αs ) of f1 in E. For each 1 ≤ i ≤ s, the isomorphisms
∼ ∼
F (α1 ) ←− F [x]/(f1 ) −→ F (αi )
α1 αi

∼
give an isomorphism F (α1 ) −→ F (αi ) which extends, by Prop. 3.19, to an automorphism ϕi ∈
Aut(F1 /F ) sending α1 7→ αi . Hence Aut(F1 /F ) is transitive on the roots of f1 . The stabilizer of α1
is Aut(F1 /F (α1 )), which by induction has order
| Aut(F1 /F (α1 ))| = [F1 : F (α1 )]
and has index s = deg f1 = [F (α1 ) : F ] in Aut(F1 /F ). Therefore we have
| Aut(F1 /F )| = | Aut(F1 /F (α1 ))| · [F (α1 ) : F ] = [F1 : F (α1 )] · [F (α1 ) : F ] = [F1 : F ].
If F1 = E, we are done. Assume F1 6= E. Since Aut(E/F ) permutes the roots of f1 , and these roots
generate F1 , each automorphism in Aut(E/F ) restricts to an automorphism of Aut(F1 /F ), giving a
homomorphism r : Aut(E/F ) → Aut(F1 /F ). Since E is also the splitting field of f over F1 , it
follows from Prop. 3.19 that r is surjective. And ker r = Aut(E/F1 ) by definition. Thus we have an
exact sequence
r
1 −→ Aut(E/F1 ) −→ Aut(E/F ) −→ Aut(F1 /F ) −→ 1.
Again by induction we have | Aut(E/F1 )| = [E : F1 ]. And we have shown above that | Aut(F1 /F )| =
[F1 : F ]. Therefore
| Aut(E/F )| = | Aut(E/F1 )| · | Aut(F1 /F )| = [E : F1 ] · [F1 : F ] = [E : F ],
as was to be shown. 

If G is any subgroup of Aut(E), the fixed field of G is the subfield E G of elements in E fixed by every
element of G:
E G = {α ∈ E : σ(α) = α for all σ ∈ G}.

34
Lemma 3.24 Let E be a field and let G be a finite subgroup of Aut(E). Then [E : E G ] ≤ |G|.

Proof: We show that any set of more than |G| elements in E is linearly dependent over E G . Let
{α1 , . . . , αn } ⊂ E, with n > |G|. Let V ⊂ E n be the set of simultaneous solutions of the linear
equations
eq(σ) : σ(α1 )x1 + σ(α2 )x2 + · · · + σ(αn )xn = 0,
one equation for each σ ∈ G. If v = (v1 , . . . , vn ) ∈ V then τ (v) := (τ (v1 ), . . . , τ (vn )) is a solution of
eq(τ σ) for all σ ∈ G, which is the same set of equations permuted, so τ (v) ∈ V for any τ ∈ G.

Since there are fewer equations eq(σ) than variables xi , the solution space V is nonzero. For each
v = (v1 , . . . , vn ) ∈ V let m(v) be the number of nonzero entries vi and let

m = min{m(v) : 0 6= v ∈ V } > 0.

Choose a solution v with m(v) = v, and let vi be a nonzero entry of v. Then u = vi−1 v is another
solution in V with m nonzero entries, and now ui = 1.

For any τ ∈ G the solution τ (u) has nonzero entries in the same places as u, and τ (ui ) = 1 = ui . So
m(τ (u) − u) < m, so τ (u) − u = 0. Therefore τ (u) = u for every τ ∈ G, so each entry uj of u lies in
E G . Considering eq(σ) for σ = e, we have

α1 u1 + · · · + αn un = 0.

Thus, the αi are indeed linearly independent over E G . 

Proposition 3.25 Let E be a field and let G be a finite subgroup of Aut(E). Then E/E G is Galois,
with Galois group Aut(E/E G ) = G, and [E : E G ] = |G|.

Q
Proof: Let {α1 , α2 , . . . , αn } be a G-orbit in E. The polynomial g = (x − αi ) is fixed by G, hence
it belongs to E G [x] and g(α1 ) = 0. Hence α1 is algebraic over E G . Let f ∈ E G [x] be the minimal
polynomial of α1 . Then f is also fixed Q by G, so each αi is also a root of f and g | f . Since f is
irreducible in E G [x] we have f = g = (x − αi ).

By Lemma 3.24, the extension E/E G is finite, so E = E G (β1 , . . . , βs ) for some elements βi ∈ E. By
the second claim, the minimal polynomial fi ∈ E G [x] of βi splits
Q into distinct linear factors in E[x].
Hence E is the splitting field of the separable polynomial f = fi ∈ E [x], so E/E G is Galois.
G

By definition we have G ≤ Aut(E/E G ). And Prop. 3.23 and Lemma 3.24 imply that

| Aut(E/E G )| = [E : E G ] ≤ |G|.

It follows that G = Aut(E/E G ).

The equality [E : E G ] = |G| now follows from Prop. 3.23. 

Theorem 3.26 Let E/F be a finite extension of fields, and let G = Aut(E/F ). Then the following
are equivalent.

35
 1. E/F is Galois;

2. F = E G ;

3. [E : F ] = |G|.

Proof: First note that G is finite, by Prop. 3.22, so Prop. 3.25 applies, and we have

E/E G is Galois, G = Aut(E/E G ) and [E : E G ] = |G|.

This shows that 3 ⇔ 2 ⇒ 1. And 1 ⇒ 3 is Prop. 3.23. 

Remark: It is not true that if L/E and E/F are Galois then L/F is Galois. Consider the tower 8
√ √
4
Q ⊂ Q( 2) ⊂ Q( 2).

From the proofs of Props. 3.23 and 3.25 we can extract additional corollaries.

Corollary 3.27 Let E/F be a Galois extension with Galois group G = Aut(E/F ), and let f ∈ E[x].

1. We have f ∈ F [x] if and only if σ(f ) = f for all σ ∈ G.

2. If f ∈ F [x] and f has root in E then f splits in E[x].

3. If f ∈ F [x] and f has root in E then f is irreducible in F [x] iff G is transitive on the roots of f .

3.8.4 The Galois correspondence

Let E/F be a Galois extension with Galois group G = Aut(E/F ). The Main Theorem of Galois
Theory asserts that subgroups H of G and the intermediate fields M lying between F and E are in
bijection. A more precise statement of the theorem is as follows.

Theorem 3.28 (The Galois Correspondence) There are mutually inverse bijections

{subgroups H ≤ G} ←→ {intermediate fields F ⊂ M ⊂ E}

sending H 7→ E H , and sending M 7→ Aut(E/M ). These bijections have the following properties.

1. If H and J are subgroups of G then H ≤ J if and only if E J ⊂ E H .

2. If H ≤ J ≤ G we have [J : H] = [E H : E J ].
−1
3. If g ∈ G then E gHg = g(E H ) and if M = E H we have Aut(E/g(M )) = g Aut(E/M )g −1 .
8
Thanks to Andrew Phillips for providing this example.

36
 4. The following are equivalent:

i) The subgroup H is normal in G;

ii) the extension E H /F is Galois;
iii) G preserves E H .

When i)-iii) hold, we have an isomorphism G/H ' Aut(E H /F ), via restriction.

Proof: By Prop. 3.23, the group G is finite of order |G| = [E : F ]. Hence every subgroup H ≤ G is
finite, so Prop. 3.25 shows that Aut(E/E H ) = H. Conversely if M is an intermediate field then E/M
is Galois. Let H = Aut(E/M ). Theorem 3.26 shows that M = E H . Hence the correspondences
H 7→ E H and M 7→ Aut(E/M ) are mutually inverse bijections.

Let H and J be subgroups of G. If H ≤ J then clearly E J ⊂ E H . Conversely, if E J ⊂ E H then H

acts trivially on E J so H ≤ Aut(E/E J ) = J.

When H ≤ J and E J ⊂ E H , we have

|J| | Aut(E/E J )| [E : E J ] [E : E H ] · [E H : E J ]
[J : H] = = = = .
|H| | Aut(E/E H )| [E : E H ] [E : E H ]

In a G-action, the fixed-point sets of conjugate subgroups H, gHg −1 ≤ G are conjugate by g. This
−1
shows that E gHg = g(E H ). Then we have
−
Aut(E/g(E H )) = Aut(E/E gHg 1 ) = gHg −1 = g Aut(E/E H )g −1 .

−1
If H is normal in G then g(E H ) = E gHg = E H , so G preserves E H . If G preserves E H we have a
restriction map r : G → Aut(E H ) whose kernel is the subgroup fixing E H . This subgroup is H, so
H = ker r is normal in G. And G/H is a finite subgroup of Aut(E H /F ) with fixed-field F , so E H /F
is Galois. And if E H /F is Galois then E H is the splitting field of a separable polynomial f ∈ F [x].
Letting α1 , . . . , αs be the roots of f in E H , we have E H = F (α1 , . . . , αs ). The group G fixes f , hence
permutes the roots {αi }, so G preserves E H . This proves item 4. 

3.9 The Galois group of a polynomial

Let F be a field, let f ∈ F [x] be a separable polynomial, and let E be a splitting field of f , so that we
have the Galois group Aut(E/F ). If E 0 is another splitting field of f then we have an isomorphism
E ' E 0 over F (see Prop. 3.18), which induces an isomorphism of Galois groups Aut(E/F ) '
Aut(E 0 /F ). The isomorphism class of the group

Gf := Aut(E/F )

is therefore independent of E; the group Gf is the Galois group of f over F .

37
Note that Gf is a more refined object than Aut(E/F ). The latter group depends only on the extension
E/F , and E could be the splitting field of many different polynomials. 9 But with Gf we single out
a particular polynomial f ∈ F [x], hence a particular set of orbits of Aut(E/F ) in E, and a particular
realization of Aut(E/F ) as a group of permutations.

Suppose f has degree n, and let X be the set of roots of f in E. The group Gf permutes the roots in
X, giving a homomorphism Gf → SX ' Sn , which is injective since E is generated by X. Thus Gf
is isomorphic to a subgroup of Sn , where n = deg f .

Assume now that f is irreducible in F [x]. This occurs exactly when Gf is transitive on X. Let α ∈ X
and let Hα ≤ Gf be the stabilizer of α in Gf . Then E Hα = F (α), so Hα and F (α) are related by the
Galois correspondence. Note that [Gf : H] = [E : F (α)] = n, as it should be.

Since Gf is transitive on X, the subgroups Hα are conjugate to each other in Gf and the subfields F (α)
are permuted transitively by Gf . However, some of these subgroups and subfields could coincide. This
means we have an equivalence relation on X, via the rule:

α∼β ⇔ F (α) = F (β).

Let m
Y
X= Xi
i=1

be the partition of X into equivalence classes Xi , which we call blocks. Two roots α, β ∈ X are in the
same block Xi exactly when α is a polynomial expression in β and vice-versa. If we now choose one
root αi ∈ Xi for each 1 ≤ i ≤ m, and let Hi be the stabilizer of αi in G, we have distinct subgroups
H1 , . . . , Hm and distinct subfields F (α1 ), . . . , F (αm ), related by the following partial picture of the
Galois correspondence:

e E

H1 H2 ... Hm F (α1 ) F (α2 ) ... F (αm )

n n n n n n

Gf F
These are partial pictures of the Galois correspondence that appear for any irreducible f ∈ F [x]. The
missing part of these pictures depends on the structure of Gf .
√
9
For example, if α = 3 2 and ζ = exp(2πi/3), then E = Q(α, ζ) is the splitting field of f1 = x3 − 2, so Gf1 is
naturally a subgroup of S3 , permuting the three roots α, αζ, αζ 2 of f1 . But also Q(α, ζ) = Q(α + ζ), so E is also the
splitting field of f2 = x6 + 3x5 + 6x4 + 3x3 + 9x + 9, which is the minimal polynomial of α + ζ over Q. Now Gf2 is
naturally a subgroup of S6 , permuting the six roots of f2 , which are αζ i + ζ j for i = 0, 1, 2 and j = 1, 2.

38
3.9.1 Imprimitive group actions and Galois groups

In the above pictures, the extensions F (αi )/F will be Galois (equivalently Hi / Gf ) exactly when
m = 1. However, even if F (αi )/F is not Galois, the automorphism group Aut(F (αi )/F ) need not
be trivial. This group is is independent of i, since the subgroups Hi and subfields F (αi ) are all Gf -
conjugate, and is therefore canonically attached to Gf .

To determine Aut(F (αi )/F ) we first consider blocks in the setting of general group actions. Let G be
a finite group acting transitively on a set X and suppose there exists a partition
m
a
X= Xi
i=1

into disjoint subsets Xi permuted by G. Let k be the common cardinality |Xi | = k. The G-action on
X is called imprimitive if there exists such a partition with k > 1.
`
Various subgroups are associated to a partition X = Xi , as follows.

Ji = {g ∈ G : gXi = Xi }, Hi = {g ∈ G : gx = x ∀x ∈ Xi }.

Then Ji acts transitively on Xi and Hi acts trivially on Xi , so we have an injective homomorphisim

Ji /Hi ,→ SXi . Let Zi be the centralizer of Ji /Hi in SXi . The groups Ji , Hi , Zi are permuted by G.

Lemma 3.29 The following conditions are equivalent:

1. The Hi are distinct;

2. Ji is the full normalizer of Hi in G;

3. Xi is the full fixed-point set of Hi in X.

Proof: This is a straightforward exercise. 

Assume the conditions of Lemma 3.29 Q hold. The centralizer Z = CSX (G) preserves each Xi , and
commutes there with Ji /Hi , so Z ⊂ Zi . Let zi ∈ Zi be such that z = (z1 , . . . , zm ) ∈ Z. We will
show that all zi are determined by z1 . Choose g ∈ G such that gX1 = Xi . Pick x1 ∈ X1 and let
xi = gx1 ∈ Xi . Then
zi g · x1 = zg · x1 = gz · x1 = gz1 · x1 ,
so zi = gz1 g −1 . The element zi = gz1 g −1 ∈ Zi depends only on i and not on the choice of g. Hence
for any z1 ∈ Z1 we can define zi = gz1 g −1 for any g ∈ G sending gX1 = Xi and we have

Z = {(z1 , . . . , zm ) : z1 ∈ Z1 } ' Z1 .

We return to return to the setting of Galois groups. Let f ∈ F [x] be irreducible and separable, with
splitting field E and Galois group Gf = Aut(E/F ). Recall we have partitioned the set X of roots of

39
 `
f into equivalence classes X = Xi , via the relation α ∼ β ⇔ F (α) = F (β). Choose one root αi in
each block Xi . The field Fi = F (αi ) depends only on i and not on the choice of αi . The objects in the
abstract theory of blocks become

Ji = {g ∈ G : gFi = Fi }, Hi = Aut(E/Fi ), Ji /Hi = Aut(Fi /F ).

Proposition 3.30 For all 1 ≤ i ≤ m we have Aut(Fi /F ) ' CSX (Gf ), the centralizer of Gf in SX .

Proof: From the Galois correspondence we have Fi = E Hi . The Fi are distinct, so the subgroups Hi
are distinct. Hence the conditions of Lemma 3.29 hold, and we have CSX (G) ' Z1 .

But more is true: An automorphism σ ∈ Aut(Fi /F ) is completely determined by its effect on αi . And
Aut(Fi /F ) acts transitively on Xi by the extension theorem. Hence Ji /Hi ' Aut(Fi /F ) acts freely
and transitively on Xi , so the action of Ji /Hi on Xi is isomorphic to the left regular representation of
Ji /Hi . For any group, the centralizer of the left regular representation is the right regular representation.
Hence Zi is the image of the right regular representation of Ji /Hi , so Zi ' Ji /Hi . We conclude that
CSX (G) ' Aut(Fi /F ) for all 1 ≤ i ≤ m. 

3.9.2 The Primitive Element Theorem

We have seen, in the example Q(11/3 , 21/3 ) = Q(11/3 + 21/3 ) that a field given by two generators may
be generated by a single element. We saw this also with finite fields, whose multiplicative groups are
cyclic. Galois used this result heavily (see next section) so we will prove it now.

Theorem 3.31 (Primitive Element Theorem) Let E/F be a finite separable extension. Then there
exists γ ∈ E such that E = F (γ).

Proof: (From Milne [FG].) Since we know the result when F is finite, assume F is infinite. We may
also assume by induction that E = F (α, β). We will find an element c ∈ F such that E = F (α + cβ).
Let f, g be the minimal polynomials of α, β over F . Since E/F is separable, these have distinct roots,
α = α1 , . . . , αs and β = β1 , . . . , βt in some field L ⊃ E. Since F is infinite, there exists c ∈ F such
that
αi − α
c 6=
β − βj
for all j 6= 1. We set γ = α + cβ, and claim that F (α, β) = F (γ). The polynomials g(x) and f (γ − cx)
have coefficients in F (γ). Our choice of c ensures that they have only one root in common, namely
β. Hence the ideal they generate in F (γ)[x] is generated by a polynomial h with coefficients in F (γ)
having β as its unique root. Hence h splits in F (γ)[x] and β ∈ F (γ). And then α = γ − cβ ∈ F (γ) as
well, so F (α, β) = F (γ). 

Example: Let E ⊂ C be the splitting field over Q of x3 − 2. We know that E = Q(α, ζ), where α is
the real root of x3 − 2 and ζ = e2πi/3 . I claim that

E = Q(α + ζ).

40
This follows from the proof above, once we check that none of

α − α, αζ − α, αζ 2 − α

are equal to ζ − ζ 2 . The minimal polynomial of α + ζ is

f = x6 + 3x5 + 6x4 + 3x3 + 9x + 9,

whose discriminant is −24 · 317 .

3.9.3 Galois’ view of Galois groups

10
Speaking from the grave, Galois introduced mankind to Galois groups with the following statement.

THÉORÈME. - Soit une équation donnée, dont a,b,c,... sont les m racines. Il y aura
toujours un groupe de permutations des lettres a,b,c,... qui jouira de la propriété suivante:

1o Que toute fonction des racines, invariable par les substitutions de ce groupe, soit
rationnellement connue;
2o Réciproquement, que toute fonction des racines, déterminable rationnellement, soit
invariable par les substitutions.

Here is a literal translation:

THEOREM.- Let an equation be given, where a, b, c, . . . are the m roots. There will always
be a group of permutations of the letters a, b, c, . . . which will enjoy the following property:

1. That any function of the roots, invariant by the substitutions of this group, be ratio-
nally known;
2. Conversely, that any function of the roots, rationally determinable, be invariant by
the substitutions.

In a footnote, Galois clarifies that by “invariant by the substitutions” he means the values of a function
at the roots are invariant, not just the function itself. And “rationally known” means the values are
expressible in terms of the coefficients of the given equation, along with some “adjoined quantities”
(I’m not sure what Galois means by the latter).

Here is a mathematical translation. We are given an equation f (x) = 0, where f ∈ F [x] is a polyno-
mial, and α1 , . . . , αm are the m roots of this equation in some splitting field E. Let R = F [x1 , . . . , xm ]
be the ring of polynomials in variables x1 , . . . , xm . For r ∈ R, write r(α) = r(α1 , . . . , αm ) for the
value of r at the roots, so that E = {r(α) : r ∈ R}. These values r(α) are Galois’ “functions of
10
“Mémoire sur les conditions de résolubilité des équations par radicaux”, published in 1846. Galois died in 1832. Note
that he uses the future tense.

41
the roots”, and to be “rationally known” means that r(α) ∈ F . Recall the group Sm acts on R by
(σ, r) 7→ σ r, where
σ
r(x1 , . . . , xm ) = r(xσ1 , . . . , xσm ).

With this notation, Galois’ theorem becomes

Theorem 3.32 There is a subgroup G ≤ Sm characterized by the following property:

[σ r(α) = r(α) for all σ ∈ G] ⇔ r(α) ∈ F. (20)

Let us first verify that our Galois group Gf = Aut(E/F ), viewed as subgroup of Sm via its action on
the roots {αi }, is the same as Galois’ Galois group G.

If σ ∈ Gf then for all r ∈ R we have σ(r(α)) = r(σ(α)) = σ r(α). Since E Gf = F , we have

r(α) ∈ F iff σ r(α) = r(α) for all σ ∈ Gf . Hence the elements of Gf satisfy the property (20), so we
have Gf ≤ G.

For the other containment, let Iα = {r ∈ R : r(α) = 0} be the kernel of the ring homomorphism
R → E, sending r 7→ r(α). This gives an isomorphism R/Iα ' E. Suppose now that σ ∈ G.
For all r ∈ Iα we have r(α) = 0 ∈ F , so σ r(α) = r(α) = 0. Thus, G preserves Iα and we get
a homomorphism G → Aut(R/Iα ) ' Aut(E). Since Sm acts trivially on F ⊂ R, the image of
this homomorphism lies in Aut(E/F ) = Gf . Finally the homomorphism is injective because G acts
faithfully on the roots {αi }. Thus we have an injection G ,→ Gf , so G = Gf . 

We now give Galois’ proof of his theorem, using the language of Thm. 3.32, and filling in the details.

The first step is to construct the permutation group G. Let E be a field containing the roots α1 , . . . , αm
of f . By the Primitive Element Theorem 3.31, 11 there exists γ in E such that E = F (γ). Hence there
are polynomials h1 , . . . , hm ∈ F [x] such that

αi = hi (γ), 1 ≤ i ≤ m.

Let g ∈ F [x] be the minimal polynomial of γ over F and let γ = γ1 , . . . , γn be the roots of g, where
n = deg g = [E : F ]. Galois proves 12 that for any i, j the value hi (γj ) is also a root of f . To see this,
note that for any i we have f (hi (γ)) = f (αi ) = 0, so the polynomial f ◦ hi is divisible by the minimal
polynomial g of γ, so f (hi (γj )) = 0 for all j. It follows that for each i, j we have

hi (γj ) = σj αi (21)

for some permutation σj of {α1 , . . . , αm }. The group G is then

G = {σj : 1 ≤ j ≤ n}.
11
In Lemme II of [op. cit.] Galois states the Primitive Element Theorem without proof but he is careful to assume f is
separable, and he remarks that we may take γ to be an F -linear combination of the αi ’s, as we see from the proof of Thm.
3.31.
12
See Lemme IV of op. cit.

42
We now prove that if σj ∈ G and r ∈ F [x1 , . . . , xm ] satisfies σj r(α) = r(α), then r(α) ∈ F . Let rh ∈
F [x] be the polynomial rh (x) = r(h1 (x), h2 (x), . . . , hm (x)). Then rh (γ) = r(α) and the equations
(21) become
rh (γj ) = rh (γ), 1 ≤ j ≤ n.
These equations imply that r(α) ∈ F . To see this, note that the polynomial
n
Y
(x − r(α))n = (x − rh (γj )) (22)
j=1

has coefficients given in terms of the elementary symmetric polynomials: sk (rh (γ1 ), . . . , rh (γn )). But
the polynomials sk (rh (x1 ), . . . , rh (xn )) are themselves symmetric, hence they lie in F [s1 , . . . , sn ], by
the Symmetric Polynomial Theorem. And the values sk (γ1 , . . . , γn ) are the coefficients of g(x), hence
they lie in F , so sk (rh (γ1 ), . . . , rh (γn )) ∈ F for each k. Now differentiating (x − r(α))n , we get
r(α) ∈ F , as claimed.

Conversely, if r(α) ∈ F , then the polynomial rh −r(α) belongs to F [x]. Since rh (γ) = r(α), it follows
that rh − r(α) is divisible by the minimal polynomial g of γ. Hence each γj is a root of rh − r(α), so
for each j we have σj r(α) = rh (γj ) = r(α). 

4 Computing Galois groups of polynomials

Let F be a field, and let f ∈ F [x] be a separable irreducible polynomial of degree n, with splitting
field E = F (α1 , . . . , αn ), where α1 , . . . , αn are the roots of F in E. What can we say about the Galois
group Gf ? 13

4.1 Transitive subgroups

Since f is irreducible, Gf is a transitive subgroup of Sn , via its permutations of the roots αi . The
lattices of transitive subgroups of Sn for some small values of n are as follows. 14
13
For tables of number fields of small degree, see http://hobbes.la.asu.edu/courses/low-grd/
14
For more group tables, see http://math.asu.edu/ jj/Groups/.

43
S3 S4 S5 S7 S11
2 2 2
2 2

A3 3 A4 = L2 (3) 6 A5 = L2 (5) A7 A11

120 1
15 7!
2

D4 3 F20 6
L2 (7) 9! M11
2
2 12
2
C4 D2 D5 F42 8 L2 (11)
2
2

C5 3 F21 F110 12
2

D7 3 5 F55
2

C7 D11
2

C11

Here the groups Sn , An , Dn , Cn are as usual the symmetric, alternating, dihedral (of order 2n) and
cyclic groups. The other groups are as follows.

L2 (p) = PSL2 (p) acting via its exceptional permutation representation of degree p. These were dis-
covered by Galois, who noted they only exist for p = 3, 5, 7, 11.

Fp(p−1) = Fp o F×p is the ax + b group over Fp , which has subgroups Fph = Fp o H, for each divisor
h | (p − 1), where H ≤ F× p is the unique subgroup of order h.

M11 is the Mathieu group of order 8 · 9 · 10 · 11 = 7920, the smallest simple sporadic group.

44
 S6 720

A6 360

S5∗ = PGL2 (5) 120

S32 · 2 72

A∗5 = PSL2 (5) 60

B3 48

S32 F36 36

S4− S4+ S4∗ 24

(S32 )+ 18

D6 A∗4 12

C6 S3 6

4.2 Invariant Theory and Resolvents

Let F be a field, and recall that the symmetric group Sn acts on the ring R = F [t1 , . . . , tn ] by
σ
r(t1 , . . . , tn ) = r(tσ1 , . . . , tσn ), and that the symmetric polynomials RSn = {r ∈ R : σ r = r}

RSn = F [s1 , . . . , sn ],
P
where sk (t1 , . . . , tn ) = ti1 . . . tik , summed over all 1 ≤ i1 < · · · < ik ≤ n, is the elementary
symmetric polynomial of degree k.

45
4.2.1 The discriminant

From now on we assume that char(F ) 6= 2. The polynomial d ∈ R = F [t1 , . . . , tn ] given by

Y
d= ti − tj ,
i<j

has square equal to the discriminant polynomial

D = d2 ∈ RSn .

For all σ ∈ Sn we have

σ
d = sgn(σ) · d,
so d ∈ RAn is invariant under the alternating group An .

Let f ∈ F [x] be a polynomial of degree n, with distinct roots α1 , . . . , αn . Then

n
X
f= (−1)k sk (α)xn−k ,
k=0

so the values sk (α) lie in F . Since D ∈ RSn is a polynomial in the sk ’s, its value D(α) is that same
polynomial evaluated at the coefficients of f , which are known. We write this value as
Y
Df = D(α) = d(α)2 = (αi − αj )2 ∈ F.
i<j

Since f has distinct roots, we have Df 6= 0.

The Galois group of Gf is a subgroup of Sn via its permutations of the roots, so we can ask when
Gf ≤ An . The answer is as follows.

Proposition 4.1 We have Gf ≤ An if and only if Df ∈ F ×2 is a nonzero square in F .

Proof: If Gf ≤ An then d is invariant under Gf so we have σ(d(α)) = σ d(α) = d(α) for all σ ∈ Gf .
Hence d(α) ∈ F × so Df = d(α)2 ∈ F ×2 . Conversely, if Df ∈ F ×2 then reversing the previous
argument shows that d(α) = σ d(α) = sgn(σ) · d(α) for all σ ∈ Gf . Since d(α) 6= 0, this implies
Gf ≤ An . 

The explicit formula for Df in terms of the coefficients of f is complicated, as we have seen in section
3.1. You can call it up in Mathematica by the command Discriminant[poly, x]. One can simplify
the formulas for Df (at least if the characteristic of k does not divide n) by replacing f (x) = xn +
axn−1 +. . . by f (x−a/n) = xn +0xn−1 +. . . , which does not change Gf . Thus, we have the formulas

f = x3 + bx + c : Df = −4b3 − 27c2
f = x4 + bx2 + cx + d : Df = −4b3 c2 − 27c4 + 16b4 d + 144bc2 d − 128b2 d2 + 256d3
f = x5 + bx3 + e : Df = 22 33 b5 e2 + 55 e4
f = x5 + cx2 + e : Df = 22 33 c5 e + 55 e4
f = x5 + dx + e : Df = 44 d5 + 55 e4

46
It can be shown that f = xn + rx + s has discriminant

Df = an sn−1 + an−1 rn , an = (−1)n(n−1)/2 nn .

Invariant theory is the study of polynomials invariant under an action of a group G on a polynomial
ring R = F [t1 , . . . , tn ]. These invariants form a subring

RG := {r ∈ R : g r = r} ⊂ R.

For example, we have seen that when G = Sn acts on R by σ r(t1 , . . . , tn ) = r(tσ1 , . . . , tσn ), the
invariants Now let G = Gf be the Galois group of our polynomial f , viewed as a subgroup of Sn by
permuting the roots α1 , . . . , αn of f in a splitting field E. For r ∈ R, we abbreviate

r(α) = r(α1 , . . . , αn ) ∈ E.

One can use Invariant theory to move down the lattice of transitive subgroups as follows. Suppose that
we have subgroups H ≤ J ⊂ Sn and that Gf ⊂ J. 15 We want to decide if Gf is contained in some
conjugate of H. For subgroups B, C of a group A, let us write B ≤A C if there exists a ∈ A such that
B ≤ C a . So we want to decide if Gf ≤J H.

Let r ∈ R be a polynomial whose stabilizer in J is H:

H = {σ ∈ J : σ r = r}.

The data {J, H, r} combine to give a resolvent polynomial:

Y
ResJ/H (t, x) = (x − σ r) ∈ RJ [x].
σ∈J/H

Note that ResJ/H (t, x) is a polynomial in x whose coefficients in R are polynomials in t1 , . . . , tn . It

makes sense to take the product over the cosets J/H because H fixes r, and since J permutes the
cosets, the coefficients of ResJ/H (t, x) in fact lie in RJ , as claimed.

If we now specialize t 7→ α, we get a polynomial

Y
ResJ/H (α, x) = (x − σ r(α)) ∈ F [x].
σ∈J/H

At first glance it may seem only that ResJ/H ∈ E[x]. However, if c(t) ∈ RJ is some coefficient of
ResJ/H (t, x), then since Gf ≤ J we have τ (c(α)) = τ c(α) = c(α) for all τ ∈ Gf , so in fact c(α) ∈ F
and ResJ/H (α, x) lies in F [x] as claimed.

The polynomial ResJ/H (α, x) contains the following information about Gf .

Proposition 4.2 If Gf ≤J H then ResJ/H (α, x) has a root in F . And if ResJ/H (α, x) has a simple
root in F , then Gf ≤J H.
15
For example, we could have J = Sn , or perhaps J < Sn and by previous work we have found that Gf ≤ J.

47
Proof: Suppose Gf ≤ σHσ −1 for some σ ∈ J. We know that σ r(α) is a root of ResJ/H (α, x), and
for all τ ∈ Gf we have
−1
τ (σ r(α)) = τ σ r(α) = σ·σ τ σ r(α) == σ r(α),
since σ −1 τ σ ∈ H fixes r.

Conversely, if ResJ/H (α, x) has a simple root in F , then this root is σ r(α) for some σ ∈ J. Now for
all τ ∈ Gf we have
σ
r(α) = τ (σ r(α)) = τ σ r(α).
Since the root is simple, we must have σ r = τ σ r, so σ −1 τ σ fixes r. Since τ ∈ Gf was arbitrary, this
means σ −1 Gf σ ≤ H, or Gf ≤ σHσ −1 , as claimed. 

4.2.2 Cubic Polynomials

Recall our assumption that char(F ) 6= 2 Let f = x3 + ax2 + bx + c be an irreducible cubic polynomial
over F with distinct roots α, β, γ generating a splitting field E. The discriminant

Df = (α − β)(β − γ)(γ − α) = a2 b2 − 4b3 − 4a3 c + 18abc − 27c2 ∈ F × .

If Df ∈ F ×2 then Gf = A3 has no proper subgroups. Hence there are no proper intermediate fields,
we have F (α) = F (β) = F (γ). This means that each root is a polynomial expression in the others.

Example 1: Let F = Q. The polynomial f = x3 + x2 − 2x − 1 ∈ Q[x] has Df = 49 and roots

α = 2 cos(2π/7), 2 cos(4π/7), 2 cos(6π/7),

satisfying the relations β = α2 − 2, γ = −α2 − α + 1.

Example 2: 16 The polynomial f (x) = x3 − tx2 + (t − 3)x + 1 ∈ Q(t)[x] has discriminant Df =

(t2 − 3t + 9)2 , hence has Galois group A3 over Q(t). Specializing t to any value in Q such that
t2 − 3t + 9 6= 0, we get a cubic in Q[x] with Galois group A3 over Q.

If f ∈ F [x] has Df ∈ F × − F ×2 then Gf = S3 and the correspondence between subgroups and

intermediate fields is given by

{e} E

h(12)i h(23)i h(13)i F (γ) F (α) F (β)

p
A3 F ( Df )

Gf = S3 F
16
Serre, “Topics in Galois Theory”, p. 1

48
4.2.3 Quartic Polynomials

Let f = x4 + ax3 + bx2 + cx + d be an irreducible separable quartic polynomial over F with roots
α1 , α2 , α3 , α4 . The polynomials

A = t1 t3 + t2 t4
B = t1 t2 + t3 t4 (23)
C = t1 t4 + t2 t3

Form an S4 -orbit in R; the stabilizer of any one of A, B, C is a D4 , while the stabilizer of all three is
K4 . One checks that Y
(A − B)(B − C)(A − C) = (ti − tj ). (24)
1≤i<j≤4

Letting
J = CS4 ((1 3)(2 4)) = StabS4 (A) ' D4 ,
we get the generic resolvent

ResS4 /D4 (t, x) = (x − A)(x − B)(x − C) = x3 − s2 x2 + (s3 s1 − 4s4)x + (4s4 s2 − s4 s21 − s23 ).

This specializes to the cubic resolvent

g = ResS4 /J (α, x) = x3 − bx2 + (ac − 4d)x + (4bd − a2 d − c2 ),

whose roots are

α = α1 α3 + α2 α4
β = α1 α2 + α3 α4 (25)
γ = α1 α4 + α2 α3 .

Under this same specialization, equation (24) becomes the equality of discriminants

Dg = Df . (26)

In particular, since f has distinct roots, so does g. Let L = F (α, β, γ) be the splitting field of g in E.
Then L is Galois over F so L = E H for some normal subgroup H / Gf , and there is an exact sequence

1 −→ H −→ Gf −→ Gf /H −→ 1. (27)
Aut(E/L) Aut(Gf /F ) Aut(L/F )

Since K4 fixes the polynomials A, B, C, it fixes their specializations α, β, γ, so we have K4 ≤ H.

We again assume char(F ) 6= 2.

Case 1: Df ∈ / F ×2 and g has no root in F . Then Gf is not contained in A4 or D4 , so we must have

Gf = S4 . The exact sequence (27) becomes

1 −→ K4 −→ S4 −→ S3 −→ 1.

49
Since most polynomials do not have rational roots, almost all quartics f have Gf = S4 .

Case 2: Df ∈ F ×2 and g has no root in F . Then Gf is contained in A4 but not in D4 , so we must

have Gf = A4 . Since Dg = Df ∈ F ×2 , the extension L/F has degree three with Galois group A3 .
The exact sequence (27) becomes

1 −→ K4 −→ A4 −→ A3 −→ 1.

Let Hi ' C3 be the stabilizer of αi in Gf , and let Ji = h(1 i)(jk)i be the stabilizer of the root α1 αi
of the irreducible quadratic equation x2 − (α1 αi + αj αk )x + d over L. The correspondence between
subgroups and intermediate fields is given by

{e}

J2 J3 J4

H1 H2 H3 H4

K4

Gf = A4

F (α1 α2 ) F (α1 α3 ) F (α1 α4 )

F (α1 ) F (α2 ) F (α3 ) F (α4 )

F (α, β, γ) = L

Examples of quartics f ∈ Q[x] with Gf = A4 include:

quarticf discriminant Df resolvent cubic g

4 12 4
x + 8x + 12 2 ·3 x3 − 48x − 64
x4 + 9x2 + 13x + 30 36 · 72 · 132 x3 − 9x2 − 120x + 911
4 2 8 2
x + 18x − 4x + 82 2 · 109 x3 − 18x2 − 328x + 5888

50
Case 3: Df ∈ F ×2 and g has a root in F . Then Gf ≤ A4 ∩ D4 = K4 acts trivially on {α, β, γ} so g
splits over F . The exact sequence (27) becomes

1 −→ K4 −→ K4 −→ 1 −→ 1.

Since [E : F ] = 4, each root αi generates E over F . Since α = α1 α3 + α2 α4 ∈ F the polynomial

x2 − αx + d lies in F [x] and has roots α1 α3 , α2 α4 in E. Similarly for β and γ. Hence for i =
2, 3, 4 we have subfields F (α1 αi ) ⊂ E quadratic over F . The correspondence between subgroups and
intermediate fields is given by

{e} E

J2 J3 J4 F (α1 α2 ) F (α1 α3 ) F (α1 α4 )

Gf = K4 F

Examples of quartics f ∈ Q[x] with Gf = K4 include:

quarticf discriminant Df resolvent cubic g

x4 + 1 44 x(x2 − 4)
x4 + x2 + 1 24 · 32 (x − 1)(x2 − 4)
4 2 14 2
x − 10x + 1 2 ·3 (x + 10)(x2 − 4).
√ √
These are the minimal polynomials of eπi/4 , eπi/6 , 2 + 3, respectively.

/ F ×2 and g has a root in F then either Gf = D4 or Gf = C4 .

Case 3: If Df ∈

The next proposition addresses this ambiguity.

/ F ×2 and the cubic resolvent g has a root α ∈ F . Then

Proposition 4.3 Assume that Df ∈
p
1. Gf ' C4 if and only if f is reducible over the subfield M = F ( Df ).

2. α is the unique root of g in F .

3. Gf ' C4 if and only if α2 − 4d and a2 + 4(α − b) are both squares in M . 17

Proof: We have g = (x − α)h(x), where h(x) ∈ F [x]. Let β, γ be the roots of h. Then h(x) =
x2 − (β + γ)x + γβ, so β + γ and βγ lie in F . Since

/ F ×2 ,
Df = Dg = (α − β)2 (α − γ)2 (β − γ)2 = h(α)2 (β − γ)2 ∈

we cannot have β − γ ∈ F , so α is the unique root of g in F . From this we also see that β, γ ∈ M , so
M is the splitting field of g over F .
17
L.C. Kappe, B. Warren, Amer. Math. Monthly 1989

51
Under the Galois correspondence, we have M = E G∩A4 / G, and G ∩ A4 = Aut(E/M ) Since G ≤ D4
we have (
K4 if G ' D4
G ∩ A 4 = G ∩ K4 = 2
hτ i if G = hτ i ' C4 .
Now f is irreducible in M [x] iff G ∩ A4 = Aut(E/M ) is transitive on the roots of f , which happens
exactly when G ' D4 . Otherwise, if f is reducible in M [x] then G ∩ A4 cannot be transitive on the
roots of f , which happens exactly when G ' C4 .

The last assertion is equivalent to the polynomial

h(x) = (x2 − αx + d)(x2 + ax + b − α) (28)

splitting in M . We may number the roots of f as α1 , α2 , α3 , α4 of f so that α = α1 α3 + α2 α4 . In this

labelling G ≤ CS4 ((1 3)(2 4)) ' D4 . The two factors of h have roots α1 α3 , α2 α4 and α1 +α3 , α2 +α4 ,
respectively, so h splits in E.

If G ' C4 then E/F contains only one quadratic subfield, namely M . Hence every quadratic polyno-
mial splitting in E must split in M , so h splits in M .

Conversely, suppose h splits in M . Then α1 α3 , α2 α4 , α1 + α3 , α2 + α4 ∈ M , so the polynomial

k(x) := (x2 − (α1 + α3 )x + α1 α3 = (x − α1 )(x − α3 ) ∈ M [x].

Let L be the splitting field of k over M . Then α1 , α3 ∈ L and also α, β, γ ∈ M ⊂ L, since g splits in
M . Hence α2 + α4 = −a − (α1 + α3 ) ∈ L.

One checks that (α1 − α2 )(α1 − α4 )(α2 − α3 )(α3 − α4 ) is invariant under CS4 ((1 3)(1 4)), hence under
G, so it lies in F × . From Df = Dg we get

(α1 − α3 )(α2 − α4 ) ∈ F × · (β − γ).

Since α1 , α3 , β, γ ∈ L it follows that α2 − α4 ∈ L.

We have now shown that α1 , α2 , α3 , α4 ∈ L, so L = E. Since deg k = 2, this shows that [E : M ] ≤ 2,

so [E : F ] ≤ 4 and G = h(1 2 3 4)i ' C4 . 

One can also approach this using resolvents. Let J = CS4 ((1 3)(1 4)) and let H ≤ J be the subgroup

H = h(1 2 3 4)i = StabJ (t1 t22 + t2 t23 + t3 t24 + t4 t21 ) ' C4 .

The D4 /C4 -resolvent is

ResD4 /C4 (t, x) = [x − (t1 t22 + t2 t23 + t3 t24 + t4 t21 )][x − (t21 t2 + t22 t3 + t23 t4 + t24 t1 ] ∈ RJ [x],

52
which specializes to the quadratic resolvent 18

q(x) =x2 − (2c − ab + aα)x + a2 d − 4bd + 2b3 + 2a3 c − 10abc + 11c2

1


2
(29)
+ ac − 2a2 b + 2b2 + 4d α + 2a2 − b α2 − 3α3 ,

whose roots are

η = α1 α22 + α2 α32 + α3 α42 + α4 α12
(30)
ξ = α12 α2 + α22 α3 + α32 α4 + α42 α1 .

and whose discriminant Dq = (η − ξ)2 is given rationally by

Dq = a2 b2 −4b3 +2a2 bα−4b2 α−3a2 α2 +2bα2 +6α3 −4a3 c+16abc+2aαc−18c2 −2a2 d+8bd−8αd.
Assume Dq 6= 0. Then we have G ≤ C4 iff Dq ∈ F ×2 , by Prop. 4.2. Unfortunately, Dq is often zero,
meaning that the quadratic resolvent has one root of multiplicity two, so Prop. 4.2 does not apply in
these cases. However, when Dq 6= 0 its square-class gives independent confirmation of the decision of
whether Gf ≤ C4 .

Examples of quartics f ∈ Q[x] with Gf = D4 include:

quarticf discriminant Df resolvent cubic g Dq
4 11 2
x + 4x + 2 2 (x − 4)(x − 8) 0
x4 + d (d 6= ) 4 4 · d3 x(x2 − 4d) 0
x4 + ax3 + (b − 2)x2 + ax + 1 (a2 − 4b + 16)2 (b2 − 4a2 ) (x − 2)(x2 + (4 − b)x + a2 − 2b + 4) Df

In the last line we assume b2 − 4a2 6= .

Examples of quartics f ∈ Q[x] with Gf = C4 include:

quarticf discriminant Df resolvent cubic g Dq
4 3 2 3 2
x +x +x +x+1 5 (x − 2)(x + x − 1) 52
4 3 2 2 3 2
x + x + 2x − 4x + 3 3 · 13 (x − 5)(x + 3x − 1) 132
x4 + x3 − 6x2 − x + 1 22 · 173 (x + 2)(x2 − 4x − 12) 22 · 172
4 3 2 2 3
x + x + 4x + 20x + 23 7 · 29 (x + 2)(x2 − 4x − 12) 22 · 292
x4 − 2ax2 + a2 − b2 d 44 · b4 d2 (a2 − b2 d) x(x2 − 4d) 0
2 2
(a − b d =  · d 6= )

The first four examples are the quartic subfields of Q(e2πi/p ) for p = 5,
p13, 17,√29 (see section 1.7). In
4 2 2 2
the last example, f = x − 2ax + a − b d has splitting√field E = Q( a + b d). The polynomial in
(28) is (x2 + 2ax + a2 − b2 d) · x2 , which splits over Q( d), giving Gf = C4 .
18
To compute this specialization, we have to express the two coefficients of ResD4 /C4 (t, x) in terms of the J-invariant
polynomial T := t1 t3 + t2 t4 and symmetric polynomials. The hardest coefficient is the constant term ResD4 /C4 (t, 0).
Since it has degree six, we set
(t1 t22 + t2 t23 + t3 t24 + t4 t21 )(t21 t2 + t22 t3 + t23 t4 + t24 t1 ) = S6 + S4 T + S2 T 2 + S0 T,
where Sk are unknown symmetric polynomials of degree k. One can use the SymmetricReduction command in
Mathematica to find S4 , S2 , S0 such that T − (S4 T + S2 T 2 + S0 T ) is symmetric, which gives S6 .

53
4.2.4 Constructible numbers revisited

Recall the field K of constructible numbers, from section 3.6.2. These are the numbers in α ∈ C such
that Q(α) is at the top of a tower of fields
Q = F0 ⊂ F1 ⊂ · · · ⊂ Fn = Q(α) (31)
such that [Fi : Fi−1 ] = 2 for each 1 ≤ i ≤ n. As we have seen in Prop. 3.17, this implies that the
minimal polynomial fα of every element α ∈ K over Q has degree a power of 2. We can now see why
this degree condition is not sufficient to guarantee that α ∈ K.

For suppose such a tower (31) exists. Since quadratic extensions are always Galois, and Galois ex-
tensions are preserved under towers (see Prop. ??), having α ∈ K forces Q(α) to be Galois over Q,
and the Galois group Aut(Q(α)) must be a 2-group. But if we take any irreducible quartic polynomial
f ∈ Q[x] with Gf = A4 , then the subfields Q(αi ) generated by the roots of f are quartic non-Galois
extensions of Q. Hence the numbers αi are not constructible. Note that the quartic fields Q(αi ) have
no quadratic subfields, corresponding to A4 having no subgroups of index two. Thus, the failure of the
converse of Prop. 3.17 corresponds to the failure of the converse to Lagrange’s theorem.

However, if Q(α)/Q is Galois of degree 2n over Q, then the Galois group G = Aut(Q(α)) has order
2n and from group theory we know there is a chain of subgroups
{e} = Gn < Gn−1 < · · · < G0 = G,
with |Gi | = 2n−i for each i. The Galois correspondence then gives a tower of fields as in (31), where
Fi is the fixed-field of Gi in Fn = Q(α). Thus we have proved:

Theorem 4.4 3.17 A number α ∈ C is constructible if and only if Q(α) is Galois over Q with degree
a power of 2.

5 Galois groups and prime ideals

Let f ∈ Z[x] be a monic polynomial with Galois group Gf over Q. For each prime p in Z we can
reduce the coefficients of f modulo p and get a polynomial f¯ ∈ Fp [x]. Thus we have another Galois
group Gf¯, this time over Fp . The permutation group Gf¯ is completely determined by the factorization
of f¯ in Fp [x], hence can be calculated explicitly for any given prime p. The remarkable fact is that Gf¯
is a subquotient of Gf , and is even a subgroup of Gf for all but finitely many primes p. The origin of
this fact is the relation between primes in Z and prime ideals in the ring of integers in the splitting field
of f over Q.

5.1 The ring of integers in a number field

A number field is a field E ⊃ Q for which E is a finite dimensional Q-vector space. The ring of
integers in E is the subring R of elements in E which are integral over Z. We have seen that R is a
ring. In this section we consider the structure of the additive group of R.

54
An abelian group A is free of rank n if A ' Zn . Equivalently there exists a subset {α1 , . . . , αn } ⊂ A,
called a basis, which generates A and is linearly independent over Z. We have A ' Zα1 ⊕ · · · ⊕ Zαn
and every element of A can be written uniquely as a Z-linear combination of elements of the basis
{α1 , . . . , αn }. Note that for any prime p we have A/pA ' (Z/pZ)n , so the rank n depends only on A
and not on the choice of basis.

Lemma 5.1 Let B be a free abelian group of rank n ≥ 1 and let A be a subgroup of B. Then A is free
abelian of rank ≤ n.

Proof: Let {β1 , . . . , βn } be a basis of B. For 1 ≤ r ≤ n we set

r
M
Br = Zβi , Ar = A ∩ Br ,
i=1

so that An = A. We prove by induction on r that Ar has rank ≤ r for all r.

At the first step, A1 = A ∩ Zβ1 is a subgroup of Zβ1 ' Z, so there is a ∈ Z such that A1 = Zaβ1 is
zero if a = 0 and is free of rank 1 ≤ n if a 6= 0.

Assume that Ar−1 is free of rank s ≤ r − 1, and let {α1 , . . . , αs } be a basis of Ar−1 . Let π : Br → Zβr
be the map sending
b1 β1 + · · · + br βr 7→ br βr .
Then π(Ar ) is a subgroup of Zβr ' Z. Let α ∈ Ar be any element such that π(α) generates π(Ar ).
It is easy to check that {α1 , . . . , αs , α} spans Ar . If π(α) = 0 then {α1 , . . . , αs } is also a basis of Ar
and we’re done. Assume π(α) 6= 0 and suppose c1 α1 + · · · + cs αs + cα = 0, with all ci , c ∈ Z. Then
cα ∈ Ar−1 ⊂ ker π, so cπ(α) = 0, forcing c = 0. Now the remaining ci = 0 by linear indpendence of
{α1 , . . . , αs , α}. Hence {α1 , . . . , αs , α} is a basis of Ar and the proof is complete. 

Lemma 5.2 Let A ≤ B be free abelian groups of rank n and let C be an intermediate group: A ≤
C ≤ B. Then C is free abelian of rank n.

Proof: Applying Lemma 5.1 to the containment C ≤ B we have C free of rank m ≤ n. From the
containment A ≤ C we have A free of rank ≤ m. But since A has rank n we must have m = n. 

Proposition 5.3 Let E be a number field, of degree n over Q. Then the ring of integers R of E is a
free abelian group of rank n.

We first assume that E/Q is Galois. From Prop. 3.12 we have QR = E. It follows that E has a
Q-basis {α1 , . . . , αn } contained in R. Note that {α1 , . . . , αn } need not be a Z-basis of R. Let A
be the subgroup of R generated by {α1 , . . . , αn }. Since linear independence over Q implies linear
indendence over Z, the set {α1 , . . . , αn } is a basis of A, so A is free of rank n. We will find r ∈ Q
such that R ⊂ rA. Since rA is also free of rank n, the Proposition will then follow from Lemma 5.2.

55
The group G = Aut(E) has order n; list its elements as G = {σ1 , . . . , σn }, and set αij = σj (αi ),
obtaining an n × n matrix [αij ]. If we apply some σ ∈ G to each entry αij the columns of the matrix
are permuted, so the determinant δ := det[αij ] will change by at most a sign ±. Hence the number
D := δ 2 is invariant under G and we have D ∈ R ∩ Q = Z.

Let β ∈ R and write β = c−1

0 (c1 α1 + · · · + cn αn ), with ci ∈ Z. Then

n
X ci
σj (β) = αij ,
i=1
c 0

so we have    
c1 /c0 σ1 (β)
[αij ]  ...  =  ...  .
   
cn /c0 σn (β)
From the formula for the inverse of a matrix, it follows that δ·[αij ]−1 has entries in R, so that δ·(ci /c0 ) ∈
R for each i, and then D · (ci /c0 ) ∈ R ∩ Q = Z, so that D · β ∈ A and β ∈ D−1 · A. Therefore
R ⊂ D−1 · A and the proposition is proved when E/Q is Galois.

Now let E/Q be an arbitrary finite extension. Choose a Galois extension L/Q containing E and let S
be the ring of integers of L. By what we just proved, S is free of rank [L : Q]. Now R = S ∩ E, so
R is free of some rank m ≤ [L : Q], by Lemma 5.1. Since a Z-basis of R is a Q-basis of E, we must
have m = n, so R is free of rank n, as claimed. .

Remark: The number D appearing in the proof is discriminant of E/Q, usually denoted DE/Q :

DE/Q = det[αij ]2 . (32)

It is related to discriminants of polynomials as follows. If E = Q(α) where α ∈ R has monic minimal

polynomial f ∈ Z[x] then
Df = [R : Z[α]]2 · DE/Q .

Proposition 5.4 Let E be a number field, of degree n over Q, let R be the ring of integers in E, let p
be a prime in Z and let P be a prime ideal of R containing p. Then R/P is a finite field of cardinality
dividing pn .

Proof: From Prop. 3.3, we have that P is a maximal ideal in R, so R/P is a field. Let n = [E : Q].
From Lemma 5.3, we have R ' Zn , as abelian groups. Hence R/pR ' (Z/pZ)n . Since p ∈ P , we
have a surjective map R/pR → R/P , and the proposition follows. 

For each prime p in Z, the subset

Spec(R/pR) = {P ∈ Spec(R) : p ∈ P } = {P ∈ Spec(R) : P ∩ Z = pZ}

is the set of prime ideals in R containing p. In more geometric terms, Spec(R/pR) is the fiber over pZ
of the map Spec(R) → Spec(Z) induced by the canonical homomorphism  : Z → R.

56
Remark: Assume 19 that R = Z[α] is generated by a single element α with minimal monic polynomial
f ∈ Z[x]. Then Spec(R) = Spec(Z[x]/f Z[x]) is the closure of the point f Z[x] in Spec(Z[x]) and
Spec(Fp [x]) = Spec(Z[x]/pZ[x]) is the fiber of Spec(Z[x]) over pZ ∈ Spec(Z). Then Spec(R/pR) is
the intersection of these two sub-schemes of Spec(Z[x]):

Spec(R/pR) = Spec(Z[x]/f Z[x]) ∩ Spec(Z[x]/pZ[x]).

Now
`
Y
R/pR ' Fp [x]/(f¯) ' Fp [x]/(f¯iei ),
i=1

where f¯ = f¯1e1 · · · f`e` and the f¯i are distinct and irreducible in Fp [x]. Each factor is a local ring with
maximal ideal Pi = (p, f¯i ) and we have Spec(R/pR) = {(p, fi ) : i = 1, . . . , `}.

5.2 Decomposition and inertia groups

Now let E/Q be a Galois extension with ring of integers R and Galois group G = Aut(E). The action
of G on E preserves R and permutes the prime ideals of R, so we have a G-action on Spec(R). Since
G fixes each prime p in Z, it follows that G acts on each fiber Spec(R/pR) of Spec(R) over Spec(Z).

Proposition 5.5 The group G acts transitively on Spec(R/pR), for each prime p ∈ Z.

Proof: Suppose G does not act transitively on Spec(R/pR) for some prime p ∈ Z. Then there are
P, Q ∈ Xp such that Q 6= σP for all σ ∈ G. Since primes in R are maximal, we can apply the Chinese
Remainder Theorem: There exists α ∈ R such that

α≡0 mod Q, and α ≡ 1 mod σP ∀ σ ∈ G.

The product Y Y
N (α) := σ(α) = α · σ(α)
σ∈G σ6=e

lies in Q because α ∈ Q and Q is an ideal. On the other hand N (α) is G-invariant, hence lies in
Q ∩ R = Z. Thus, N (α) ∈ Q ∩ Z = pZ. But pZ = P ∩ Z, so we also have N (α) ∈ P . Since P is
prime we must have τ (α) ∈ P for some τ ∈ G, so α ∈ τ −1 P , contradicting the congruence α ≡ 1
mod σP for σ = τ −1 . 

It follows that the G-orbits in Spec(R) are precisely the fibers Spec(R/pR) and the map Spec(R) →
Spec(Z) induces a bijection
∼
G\ Spec(R) −→ Spec(Z).
The stabilizer of a prime P ∈ Spec(R) is the decomposition group

GP = {σ ∈ G : σP = P }.
19
If we replace Z by Zp we can avoid this assumption.

57
From Prop. 5.5 we have [G : GP ] = | Spec(R/pR)|, and if P, Q ∈ Spec(R/pR) the subgroups GP
and GQ are conjugate in G.

Let us now fix P ∈ Spec(R/pR). For each α ∈ R let ᾱ = α + P be the image of α in the finite
field R/P . The decomposition group GP preserves P , hence it acts on R/P , so we have a canonical
homomorphism

π : GP −→ Aut(R/P ) σ 7→ πσ , given by πσ (ᾱ) = σ(α).

The group Aut(R/P ) ' Cr is cyclic of order r = [R/P : Fp ], generated by the Frobenius automor-
phism φp ∈ Aut(R/P ) given by φp (x) = xp for all x ∈ R/P .

Proposition 5.6 The canonical homomorphism π : GP → Aut(R/P ) is surjective.

Proof: If R/P = Fp then Aut(R/P ) is trivial, and so is the result. We may therefore assume
R/P 6= Fp . Choose β ∈ R such that R/P = Fp (β̄). For example we could take β̄ to be a generator of
(R/P )× . Note that β̄ ∈/ Fp since R/P 6= Fp . Let g ∈ Z[x] be the monic minimal polynomial of the
algebraic integer β. Since G has a root in E, namely β, and E/Q is Galois, the polynomial g splits in
E[x] and all of the roots of g in E actually lie in R. These roots β = β1 , . . . , βm ∈ R are permuted
transitively by G, since g is irreducible in Q[x]. The roots of ḡ in R/P are β̄ = β̄1 , . . . , β̄m , and these
are permuted, not necessarily transitively, by Aut(R/P ) = hφp i. Hence we have β̄ p = β̄i for some
1 ≤ i ≤ m. Since G is transitive on {β1 , . . . , βm } there exists σ ∈ G such that σ(β) = βi .

I claim that σ ∈ GP . Suppose not. Then we have distinct maximal ideals P 6= σP . By the Chinese
Remainder Theorem, there exists α ∈ R such that

α≡β mod P, and α ≡ 1 mod σP.

We then get two congruences in R/P :

αp ≡ β p mod P, and σ −1 (α) ≡ 1 mod P,

which imply
β = σ −1 (βi ) ≡ σ −1 (β p ) ≡ σ −1 (αp ) = 1 mod P.
This forces β̄ = 1 ∈ Fp , a contradiction.

Therefore σ ∈ GP , and we have

πσ (β̄) = σ(β) = β̄i = β̄ p = φp (β̄).

Since β̄ generates R/P , it follows that πσ = φp generates Aut(R/P ), so π is surjective. 

The inertia group IP is the kernel of the canonical surjection π : GP → Aut(R/P ). It fits into the
exact sequence
π
1 −→ IP −→ GP −→ Aut(R/P ) −→ 1.

58
If P, Q ∈ Spec(R)p and σ ∈ G is such that σP = Q then σGP σ −1 = GQ and σIP σ −1 = IQ . Hence
the degree r of R/P over Fp and the order e of IP depend only on p and we have
|G| = e · r · s,
where
e = |IP |, r = [GP : IP ], s = [G : GP ] = | Spec(R)p |.
The number e is called the ramification degree of p. We say that p is ramified in E if e > 1 and
unramified in E if e = 1. Equivalently, p is unramified in E exactly when the canonical surjection
π : GP → Aut(G/P ) is an isomorphism. In this case, we have a unique element σP ∈ GP such that
π(σP ) = φp is the Frobenius automorphism of R/P . One can check that τ σP τ −1 = στ (P ) for any
τ ∈ G. Thus for each unramified prime p ∈ Z we have a conjugacy class Frobp ⊂ G given by
Frobp = {σP : p ∈ P }.
We will see that only a finite number of primes are ramified. As p varies among the all-but-finitely
many unramified primes in Z, the conjugacy class Frobp varies among the conjugacy classes in G. The
Chebotarev Density Theorem asserts that, statistically, each conjugacy class in G is visited by its fair
share of primes.

Theorem 5.7 (Chebotarev Density Theorem) Let E/Q be a Galois extension and let C be a conju-
gacy class in the Galois group G = Aut(E). Then we have
|{primes p ≤ N : Frobp = C}| |C|
lim = .
N →∞ |{all primes p ≤ N }| |G|

Proof: See [Neukirch, Algebraic Number Theory ,VII.13]. 

Dedekind proved that that the ramified primes are exactly those which divide the discriminant DE/Q ,
defined in (32). 20 In the next section we will prove a weaker result with DE/Q replaced by a polynomial
discriminant Df .

5.3 Frobenius classes in the Galois group of a polynomial

Let f ∈ Z[x] be a monic polynomial with deg f = d. Let E be the splitting field of f over Q and let R
be the ring of integers in E. Let p ∈ Z be a prime not dividing the discriminant Df , let f¯ ∈ Fp [x] be
the reduction of f modulo p, and let P be a prime ideal in R containing p.

Since p - Df , and Df = Df¯ because Df is an integral polynomial in the coefficients of f , it follows

that both f and f¯ have d-distinct roots in R and R/P respectively. If α1 , . . . , αd are the distinct roots
of f in R, then their images ᾱ1 , . . . , ᾱd in R/P are the distinct roots of f¯ in R/P . Thus, we have
homomorphisms
GP ,→ Sd ←− Aut(G/P ),
where the left-hand map is the restriction of the injection G ,→ Sd .
20
See for example, Neukirch Algebraic Number Theory III.2.

59
Proposition 5.8 Assume that p does not divide the discriminant Df . Then p is unramified in E. More
precisely, the map π : GP → Aut(R/P ) is an isomorphism making the following diagram commute:

GP
π / Aut(R/P )

y
Sd

In particular, Frobp and φp belong to the same conjugacy class in Sd .

Proof: Take σ ∈ GP and 1 ≤ i ≤ n. Suppose σ(αi ) = αj Then πσ (ᾱi ) = σ(αi ) = ᾱj , so σ and πσ
induce the same permutation in Sd . 

Proposition 5.9 Assume p - Df . If f¯ = f¯1 . . . f¯` , with f¯i irreducible in Fp [x], then the elements of
Frobp have cycle type [d1 , d2 , . . . , d` ] in Sd , where d¯i = deg f¯i .

For example, Frobp consists of d-cycles if and only if f is irreducible modulo p.

To apply Prop. 5.9, it is useful to have

Proposition 5.10 [Jordan’s Lemma] Let G be a finite group and let H ≤ G be a subgroup of G such
that H ∩ C is nonempty for every conjugacy class C in G. Then H = G.

Proof: We have
 
 [ 
−1
 
|G| =  gHg  ≤ 1 + [G : H](|H| − 1) = |G| − ([G : H] − 1),
g∈G/H 

so [G : H] = 1. 

Example: Suppose f ∈ Z[x] is irreducible of degree five. Below we tabulate the transitive subgroups
G ≤ S5 and the number of each cycle type in G.

G [5] [41] [32] [311] [221] [2111] [15 ]

S5 24 30 32 20 15 10 1
A5 24 0 0 20 15 0 1
F20 4 10 0 0 5 0 1
D5 4 0 0 0 5 0 1
C5 4 0 0 0 0 0 1

If there exists a prime p such that Frobp has type [32] then G = S5 , since no proper transitive subgroup
of S5 contains such a cycle type. Similarly, if Frobp is of type [311] for some p then Gf is either S5 or
A5 , which can be decided by a discriminant calculation.

60
Example: (Exercise in Lang) Let f = x6 + 22x5 − 9x4 + 12x3 − 37x2 − 29x − 15. Reducing modulo
2, 3, 5 we find cycle types [6], [51], [214 ] in Gf , which implies that Gf = S6 .

Example: Let f = x6 − 10x3 + 15x2 − 6x + 1. One can check that (1 − x)6 f (1/(1 − x)) = f (x).
Hence if α is a root of f , so are α0 = 1/(1 − α) and α00 = 1 − (1/α). One checks that f is irreducible
modulo 17, so α, α0 , α00 are distinct. It follows that Gf centralizes a [33]-cycle in S6 . The centralizer
H = CS6 ([33]) has structure (C3 × C3 ) o C2 , with C2 acting by permuting the factors and contains
only elements of cycle types [6], [3111], [33], [222], [16 ]. To show Gf = H, it suffices to find elements
in Gf of each of these cycle types.

class: [6] [3111] [33] [222] [16 ]

smallest p : 17 11 5 13 127
This proves that Gf = H.

6 Cyclotomic extensions and abelian numbers

Fix an integer n ≥ 2 and let µn = {α ∈ C× : αn = 1} be the group of nth -roots of unity in C× . These
are the roots of xn − 1 and are generated by the complex number ζ = e2πi/n . The primitive nth roots
of unity are the generators of µn ; these are the powers ζ k for k in the unit group U (n) := (Z/nZ)× .

Since all of the roots of xn − 1 are powers of ζ, the field Q(ζ) is the splitting field of xn − 1, so it is
Galois over Q. Let G = Aut(Q(ζ)) be the Galois group. Each σ ∈ G is determined by its effect on ζ
and σ(ζ) must be another primitive nth root of unity. Hence we have an injective homomorphism

κ : G −→ U (n), given by σ(ζ) = ζ κ(σ) .

The nth cyclotomic polynomial Y

Φn (x) := (x − ζ k )
k∈U (n)

has for roots exactly the primitive nth roots of unity. As these are permuted by G, it follows that Φn is
G-invariant, and hence has coefficients in Z ∩ Q = Z.

Proposition 6.1 Φn (x) is irreducible over Q.

Proof: Let f be the minimal polynomial of ζ over Q. Since ζ ∈ Z̄ we have f monic in Z[x] and
f | xn − 1, so we may factor xn − 1 = f g in Z[x].

Let p be any prime not dividing n. Then ζ p is another root of xn − 1 so either f (ζ p ) = 0 or g(ζ p ) = 0.
Suppose g(ζ p ) = 0. Let h(x) = g(xp ). Then h(ζ) = 0 so h = f q for some q ∈ Z[x]. In Fp [x] we have

f¯ · q̄ = h̄ = ḡ p .

It follows that f¯ and ḡ have a common factor. But xn − 1 has distinct roots modulo p, since p - n. This
contradiction shows that g(ζp ) 6= 0, so we must have f (ζ p ) = 0.

61
This holds for all primes p not dividing n, hence f (ζ k ) = 0 for all k ∈ U (n). It follows that f = Φn .

Recall that the order of U (n) is given by the Euler function φ(n) = |U (n)|.

Corollary 6.2 We have [Q(ζ) : Q] = φ(n) and the map κ : G → U (n) is an isomorphism.

We now compute the classes Frobp ⊂ G for each p not dividing n. Since G is abelian, each class Frobp
consists of a single element:
Frobp = {σp }.

Proposition 6.3 For any prime p not dividing n, the element κ(σp ) ∈ U (n) is given by κ(σp ) ≡ p
mod n.

Proof: Let R be the ring of integers of Q(ζ) and let P be a prime ideal of R containing p. Since p - n,
the reduction Y
Φ̄n = (x − ζ̄ k )
k∈U (n)

has distinct roots ζ̄ k ∈ R/P .

If σ, τ ∈ G are such that σ(ζ) = σ(τ ), we have κ(σ) = κ(τ ), so σ = τ by the injectivity of κ. By the
surjectivity of κ there is an element τp ∈ G such that κ(τp ) = p. That is, τp (ζ) = ζ p . But

τp (ζ) = ζ̄ p = σp (ζ),

so in fact τp = σp as we wished to show. 

For a given k ∈ U (n) we have κ(σp ) = k if and only if p ∈ k + nZ. Thus, Chebotarev’s Theorem 5.7
reduces to Dirichlet’s Theorem on primes in an arithmetic progression. 21

Theorem 6.4 (Dirichlet’s Theorem)

|{p ≤ N : p ∈ k + nZ}| 1
lim = .
N →∞ |{p < N }| φ(n)

6.1 Gauss and Cyclotomy

In his Disquisitiones chapter VII, Gauss proposes to find the “Equations defining sections of a circle”.
Fix a prime p ≥ 3 and cut the unit circle |z| = 1 into p equal parts, starting at z = 1. The cut points
21
Historically Dirichlet’s Theorem came first and inspired Chebotarev. See Serre’s Course in Arithmetic for a direct
proof of Dirichlet’s Theorem.

62
ζ, ζ 2 , . . . , ζ p−1 = ζ̄ all have minimal polynomial Φp = 1 + x + x2 + · · · + xp−1 and generate the field
Q(ζ).

The x-coordinates of the cut points, doubled, are ζ + ζ̄, ζ 2 + ζ̄ 2 , . . . . These have minimal polynomial
Ψp given in equation (14) and generate the unique subfield Q(ζ + ζ̄) of degree (p − 1)/2.
√
At the other extreme, the quadratic subfield of Q(ζ) is generated by p, where  ∈ {±1} is given by
p ≡  mod 4. We can see this as follows. The cyclic group F× p has a unique subgroup of index two,
namely F×2p , so there is a unique nontrivial homomorphism
 
·
: F×
p −→ {±1},
p

called the Legendre symbol, given by

  (
k +1 if k ∈ F×2
p
=
p −1 / F×2
if k ∈ p .

It can be shown 22 that the sum

X k 
ζk
×
p
k∈Fp
 
−1
squares to p
p = p.

More generally, the subfields of Q(ζ) are in bijection with subgroups of Aut(Q(ζ)), and we have an
isomorphism
∼
F×p −→ Aut(Q(ζ)), given by k 7→ σk ,
where σk is the automorphism of Q(ζ) determined on the generator by σk (ζ) = ζ k .

The group F× p is cyclic of order p − 1, so its subgroups correspond to divisors of p − 1. Fix a divisor
d | (p − 1) and let Hd be the unique subgroup of index d in F× p . Then Q(ζ)
Hd
is the unique subfield of
Q(ζ) of degree d over Q. This field has a canonical generator, as follows.

Lemma 6.5 We have Q(ζ)Hd = Q(αd ), where

X
αd = ζ h.
h∈Hd

Proof: By the Galois correspondence, Q(αd ) = Q(ζ)J for a unique subgroup J ≤ F× p . Since αd is
J Hd
clearly Hd -invariant, we have Q(ζ) ⊂ Q(ζ) , so Hd ≤ J. It suffices to show that J ≤ Hd . Given
s ∈ J, we have X X
ζ h = αd = σs (αd ) = ζ hs .
h∈Hd h∈Hd

22
Lang, VI.3

63
Since {ζ k : k ∈ F×
p } is a basis of Q(ζ), it follows that ζ = ζ
hs
for some h ∈ Hd , so hs = 1 and this
shows s ∈ Hd . 

From Lemma 6.5, it follows that

[Q(αd ) : Q] = [F×
p : Hd ] = d.

Gauss’ problem becomes that of finding the minimal polynomial of αd .

The polynomial Y
fd (x) := (x − σk (αd ))
k∈F×
p /Hd

is invariant under Aut(Q(ζ)), has αd as a root, and has degree d, so fd (x) ∈ Z[x] is the minimal monic
polynomial of αd . It remains to find the coefficients of fd .

Choose a generator g of F× 0 d 2
p and let d = (p − 1)/d. Then Hd = hg i and {1, g, g , . . . , g
d−1
} is a set of
coset representatives for F×p /Hd . The choice of g gives an isomorphism
∼
F×
p −→ Z/(p − 1)Z, g j 7→ j mod (p − 1)

sending Hd → hdi. The partition of F×

p into cosets of Hd corresponds to the partition

d−1
a
Z/(p − 1)Z = Cd (i),
i=0

where Cd (i) = {dk + i : 0 ≤ k ≤ d0 }. We have

d0
dk
X
αd = ζg ,
k=1

d−1
Y
fd (x) = (x − σgi (αd )),
i=0

and
`
X
σgi (αd ) = ζg . (33)
`∈Cd (i)

The sums in (33) are called Gauss periods; they are the roots of fd .

For explicit computations, we can make the periods into polynomials and treat them symbolically.
Thus, we replace each g ` mod p by a representative 1 ≤ g ` ≤ p − 1 and define polynomials
`
X
Ai (t) = z g ∈ Z[t],
`∈Cd (i)

and
d−1
Y
Fd (t, x) = (x − Ai (t)) ∈ R[x],
i=0

64
where R = Z[t]. Now fd (x) is the polynomial remainder of Fd (t) modulo Φp (t), taken in R[t].

Example: Take p = 13, d = 4 and g = 2 as generator of F× ×

13 . The the partition of F13 into cosets of
H4 and the periods are given by
mod 13
{24 , 28 , 212 } ≡ {3, 9, 1} α4 = ζ + ζ 3 + ζ 9
{21+4 , 21+8 , 21+12 } ≡ {6, 5, 2} σ2 (α4 ) = ζ 6 + ζ 5 + ζ 2
{22+4 , 22+8 , 22+12 } ≡ {12, 10, 4} σ4 (α4 ) = ζ 12 + ζ 10 + ζ 4
{23+4 , 23+8 , 23+12 } ≡ {11, 7, 8} σ8 (α4 ) = ζ 11 + ζ 7 + ζ 8 .

We have

F4 (t, x) = (x − t − t3 − t9 )(x − t6 − t5 − t2 )(x − t12 − t10 − t4 )(x − t11 − t7 − t8 ),

whose remainder modulo Φ13 (t) is

f4 (x) = x4 + x3 + 2x2 − 4x + 3.

We can check this result using our analysis of quartic polynomials (cf. section 4.2.3), for the quartic
f = f4 . Let’s see if we get Gf = C4 .

The discriminant is Df = 32 · 133 so Gf 6≤ A4 .

The cubic resolvent is x3 − 2x2 − 16x + 5 = (x − 5)(x2 + 3x − 1), so Gf ≤ D4 .

2
The quadratic √ (see (29)) has discriminant 13 , so Gf ≤ C4 , as it should be. And the quadratic
p resolvent
subfield is Df = 13, again as it should be.

This method computes the minimal polynomial fd of the canonical generator of the degree d- subfield
of Q(ζ) for any given p and d | p−1. Gauss found a general formula for f3 , in the following remarkable
result.

Theorem 6.6 (Gauss) 23

Let p = 1 + 3k be a prime ≡ 1 mod 3 and let ζ = e2πi/p . Then

1. There are unique integers A, B such that 4p = A2 + 27B 2 and A ≡ 1 mod 3.

2. The generator α3 of the cubic subfield of Q(ζ) has minimal polynomial

p(A + 3) − 1
f3 = x3 + x2 − kx −
27
of discriminant Df3 = (pB)2 .

3. The number of points in P2 (Fp ) lying on the curve X 3 + Y 3 + Z 3 = 0 is equal to p + 1 + A.

23
See Gauss Disquisitiones Art. 358, as well as Silverman-Tate Rational points on elliptic curves IV.2.

65
6.2 The Kronecker-Weber theorem and abelian numbers

A Galois extension E/F is abelian if the Galois group Aut(E/F ) is abelian.

Theorem 6.7 (Kronecker-Weber) Every abelian extension of Q is a subfield of Q(e2πi/n ), for some
positive integer n.

The minimal such n is called the conductor of the abelian extension E/Q. In the Disquisitiones, Gauss
found the abelian extensions of Q of prime conductor.

In terms of polynomials, Kronecker-Weber asserts that if f ∈ Q[x] is a polynomial with abelian Galois
group Gf , then the roots of f are polynomial expressions in e2πi/n for some n. I like to call such roots
abelian numbers. The set Qab of all abelian numbers is a subfield of C and is an algebraic extension
of Q. Kronecker-Weber gives an explicit description of Qab , as the union of all cyclotomic fields:
[
Qab = Q(e2πi/n ).
n≥1

In group-theoretic terms, the Kronecker-Weber theorem says that every finite abelian quotient of
Aut(Q) factors through Aut(Q(e2πi/n )), for some n. Today, the Kronecker-Weber theorem is regarded
as a corollary of Class-Field Theory, which describes abelian extensions of a number field F in terms
of the arithmetic of F . 24

24
See, for example, Neukirch Algebraic Number Theory.

66