Lecture Notes for Math 627B

Modern Algebra
Groups, Fields, and Galois Theory
Michael E. OSullivan
[email protected]
www-rohan.sdsu.edu/ mosulliv
February 18, 2012
The principle objects of study in algebra are groups, rings and elds. This
course will focus on Galois theory, which involves the interplay between eld theory
and group theory. We will need a small amount of ring theory.
In the rst part of the course, Im going to dene all three algebraic structures,
and briey discuss their most basic properties. The presentation will start abstract,
but we will develop lots of examples to illustrate the core concepts. The purpose is
to set the context for this course, and to establish some fundamental terminology.
My goal is that at the end of three weeks I can explain several core problems that
Galois theory solves.
For each type of algebraic structure, we are interested in subsets that have the
same algebraic structure: subgroups, subrings, subelds. We are also interested
in functions that respect the operations for that structure. Such functions are
called homomorphisms.
The rst three weeks are therefore devoted to developing uency with groups,
subgroups and group homomorphisms, and elds, subelds and eld homomor-
phisms. We will also discuss polynomial rings over a eld since these are used to
construct new elds.
The second part of the course will be a thorough treatment of group theory,
primarily following Ashs Algebra Chapters 1 and 5. I suggest having a good under-
graduate text to supplement the graduate text by Ash, such as those by Hungerford
or Gallian, or the free text by Judson (updated by Beezer) http://abstract.ups.edu/.
The core topics are normal subgroups and quotient groups, the isomorphism and
correspondence theorems, classication of abelian groups, groups actions and the
orbit-stabilizer theorem, the Sylow theorems.
The third part of the course will focus on eld theory leading to climax of
the course Galoiss main theorem: Chapters 3 and 6 of Ash. We will then apply
Galois theory to as many examples as we have time to cover. In particular: solu-
tion of equations by radicals, cyclotomic extensions, nite elds, and constructible
numbers.
1
1 Groups, Subgroups, and Homomorphisms
Denition 1.1. A group is a set G with an operation satisfying the following
properties.
(1) Associativity of : for all a, b, c G, (a b) c = a (b c).
(2) Identity for : There is an element, usually denoted e, such that e a = a =
a e for all a G.
(3) Inverses for : For each a G there is an element, usually denoted a
1
such
that a a
1
= e = a
1
a.
A group which also satises a b = b a is called commutative or abelian (after
the mathematician Abel).
The most basic properties are contained in the following proposition. The
proofs of all of these are simple card tricks. Its worthwhile reviewing them, but
I leave them as exercises (see any text book).
Proposition 1.2. Let G, be a group. Then
(1) The identity element is unique.
(2) The inverse of any element is unique.
(3) The cancellation law holds: a b = a c implies b = c (and similarly for
cancellation on the right).
(4) If a g = g for some g G, then a = e
G
.
(5) (a b)
1
= b
1
a
1
.
(6) (a
1
)
1
= a.
When there is risk of confusion we will use
G
for the operation on the group G.
Denition 1.3. A subset H of a group G is a subgroup, when H is a group using
the operation
G
on G.
If H is a subgroup of G then it must have an identity element, and Proposi-
tion 1.2 (item 4) shows that it must be e
G
. Each h H must have an inverse, but
the inverse in G is uniquely determined. Thus we must have h
1
H. Finally
G
must be an operation on H, so for h, h

H, we must have h
G
h

H.
2
Proposition 1.4. If H is a nonempty subset of G that is closed under inversion
and closed under
G
then H is a subgroup of G (i.e. it also contains e
G
).
If H is a nonempty subset of G such that h

G
h
1
H for all h, h

H then
H is a subgroup of G.
Proof. Since H is nonempty, it contains some element h. Since H is closed under
inversion, h
1
H. Since H is closed under
G
, h
G
h
1
= e
G
H.
To prove the second statement, suppose h H. Letting h

= h in the assumed
property gives h
G
h
1
= e
G
H. Letting h

= e
G
gives e
G
h
1
= h
1
H,
so H is closed under inversion. Now for any h

, h H we know h
1
H, so
h

G
(h
1
)
1
= h

G
h H. This shows H is closed under multiplication.
Denition 1.5. For groups G, H a function : G H is a homomorphism i
(1) (g
1

G
g
2
) = (g
1
)
H
(g
2
) for all g
1
, g
2
G, and
(2) (e
G
) = e
H
, and
(3) (g
1
) = ((g))
1
for all g G.
A homomorphism that is also a bijection (one-to-one and onto) is called an
isomorphism.
It is fairly easy to show that the rst item in the denition of homomorphism
implies the other two. The following three results are a worthwhile exercise.
Proposition 1.6. If : G H is a function such that (g
1

G
g
2
) = (g
1
)
H
(g
2
) then is a homomorphism.
If : G H and : H K are group homomorphisms then the composi-
tion is also a group homomorphism.
If is an isomorphism, then the inverse function
1
is also an isomorphism.
If there is an isomorphism between A and B then A and B have the same
algebraic structure, so we consider them equivalent.
Example 1.7. The integers, Z, the rational numbers, Q, the real numbers R and
the complex numbers C are all abelian groups under addition. We sometimes write
Z, + to emphasize that we are are ignoring multiplication, and just considering the
additive properties of Z.
Exercises 1.8.
(a) Check that the function : Z Z such that (a) = a is an isomorphism
from Z to Z.
(b) Identify all homomorphisms from Z to Z.
3
Example 1.9. The set of integers modulo n forms a group under addition. This
group is called the cyclic group of order n and written Z
n
, + or C
n
(I will just use
Z
n
).
Exercises 1.10.
(a) Show that for each a Z
n
there is a unique homomorphism

a
: Z
n
Z
n
such that
a
(1) = a.
(b) Under what conditions on a is
a
an isomorphism?
(c) Identify all subgroups of Z
n
.
Example 1.11. The dihedral group of order 2n is the group of symmetries of a
regular n-gon. Some sources, including Hungerford, write this group as D
n
. The
group has 2n elements: the identity, n 1 non-trivial rotations, and n reections.
Consequently, some authors, including Ash, write this group as D
2n
. I will use
D
n
.
Exercises 1.12.
(a) There is a natural injective homomorphism from Z
n
into D
n
taking 1 to
rotation by 2/n.
(b) Identify all subgroups of D
n
for n = 3, 4, 5, 6. Draw a diagram showing
containment of subgroups (Ill explain in class).
Example 1.13. Let S be any set. Lets show that the set Bij(S) of bijections from
S to itself forms a group using composition of functions as the operation. The
identity map id
S
is the identity element of Bij(S). If : S S is a bijection,
there is an inverse function to , written
1
, and
1
= id
S
. Finally, the
composition of two bijections is also a bijection.
The most important special case is the symmetric group on n elements, S
n
,
which is the set of bijections on 1, . . . , n. The next section is devoted to an
extensive study of the symmetric group and subgroups of it.
The following result is a straightforward exercise, but well worth doing care-
fully.
Proposition 1.14. Let G be a group, show that the set of all isomorphisms from G
to itself is a group. This new group is called Aut(G), the group of automorphisms
of G.
Exercises 1.15.
(a) Show that Aut(Z) has two elements and Aut(Z)

= Z
2
.
(b) Compute Aut(Z
n
) for n = 2, 3, 4, 5, 6. [In each case the answer is a cyclic
group.]
4
Notation 1.16. Let G be a group. Unless there is some reason to be very clear
(as there is in the next example), we rarely write the group operation: g
1
g
2
means
g
1

G
g
2
. For a positive integer n, g
n
is shorthand for gg g
. .
n factors
and g
n
is shorthand
for g
1
g
1
g
1
. .
n factors
. It is straightforward to check that the usual rules for exponents
apply.
For an additive group, g +g + +g
. .
n terms
is written ng. Think of this as repeated
addition, not as multiplication: the group just has one operation, and n is an
integer, not necessarily an element of the group.
Example 1.17. Let G and H be groups. The Cartesian product of the sets G
and H, G H, can be made into a group by using componentwise inversion and
multiplication.
(g, h)
1
= (g
1
, h
1
)
(g
1
, h
1
)
GH
(g
2
, h
2
) = (g
1

G
g
2
, h
1

H
h
2
)
The identity element is of course (e
G
, e
H
).
Exercises 1.18.
(a) Check that the above denition does, indeed, make GH a group.
(b) The associative law holds: G
1
(G
2
G
3
)

= (G
1
G
2
) G
3
.
(c) The construction can be generalized to the direct product of any set of groups
G
i
: i I indexed by some set I.
(d) If A and B are abelian groups show that A B is also abelian.
(e) If G

is a subgroup of G and H

is a subgroup of H then G

is a subgroup
of GH.
(f ) Not all subgroups of G H are direct products of subgroups of G and H.
Illustrate with some examples: Z
2
Z
2
, Z
4
Z
4
.
Denition 1.19. The order of a nite group Gwritten [G[ or #Gis the num-
ber of elements of G.
For g G the order of the element g is the smallest positive integer n such
that g
n
= e, if such an n exists. If no such n exists then g has innite order. We
use [g[ or ord(g) for the order of g.
The exponent of A is the least common multiple of the orders of the elements
of A, if such an integer exists. We write exp(A) = lcmord(a) : a A.
Only the identity element of a group has order 1. Every nonzero element of Z
has innite order. In Z
n
some elements have order n, but others may a dierent
5
order. For any nite group there is a well dened exponent, but an innite group
may not have one.
If g G has order n then the set of powers of g is
_
g
0
= e
G
, g, g
2
, . . . , g
n1
_
(any other power of g is one of these). This set is a subgroup of G of order n. It
is called the cyclic subgroup generated by g and is written g.
Exercises 1.20.
(a) If g has order m and h has order n, nd the order of (g, h) GH.
(b) Suppose that a, b G commute (that is ab = ba). If ord(a) and ord(b) are
coprime nd the order of ab.
(c) Let A be an abelian group. Show that there is some a A such that
ord(a) = exp(A).
(d) Show that S
4
has no element with order equal to exp(S
4
).
Theorem 1.21 (Order Theorem: A. 1.1.5, H 7.8). Let g be an element of the
group G.
(1) If g has innite order then elements g
t
for t Z are all distinct. The function
below is an injective homomorphism.
: Z G
t g
t
(2) If g has order n then
(a) g
i
= g
j
i i j mod n;
(b) ord(g
r
) =
n
gcd r,n
.
(c) The function below is an injective homomorphism.
: Z
n
G
t g
t
Proof. See Hungerford.
Exercises 1.22.
(a) If : G H is a homomorphism, then ord((g)) divides ord(g).
(b) If : G H is an isomorphism, then ord((g)) = ord(g).
The previous exercises give important restrictions on homomorphisms. If you
want to create a homomorphism from G to H, each element g in G must go to an
element of H that has order dividing ord(g).
6
Exercises 1.23.
(a) Show that there is a nontrivial homomorphism from D
3
to Z
2
but that any
homomorphism from D
3
to Z
3
is trivial.
The next proposition is a key result about the relationship between homomor-
phims and subgroups. Recall that for an arbitrary function f : X Y , we dene
f(X

) = f(x) : x X

. In general f
1
may not be a function, but for a subset
Y

of Y we dene f
1
(Y ) to be x X : f(x) Y

.
Proposition 1.24. Let : G H be a homomorphism.
If G

is a subgroup of G then (G

) is a subgroup of H.
If H

is a subgroup of H then
1
(H

) is a subgroup of G.
Denition 1.25. Let : G H be a homomorphism. The kernel of is
g G : (g) = e
H
. Since e
H
is a subgroup of H, ker() is a subgroup of G by
the previous proposition.
Proposition 1.26. Let : G H be a homomorphism of groups. The kernel
of is trivial (just e
G
) i is injective.
Proof. Suppoe is injective. Then only one element of G has image e
H
, but we
already know that (e
G
) = e
H
, so ker() = e
G
.
Conversely, assume ker() = e
G
. Suppose that (g) = (a). Then
e
H
= (g) (a)
1
= (ga
1
)
using the properties of homomorphisms. By assumption ga
1
= e
G
, so g = a.
This shows is injective.
An injective homomorphism : G H gives a bijection from G to (G),
which by proposition 1.24 is a subgroup of H. Thus : G G is an isomorphism.
We will often call an injective homomorphism an embedding since the image is a
copy of G inside of H.
Proposition 1.27. Let H
1
, . . . , H
t
be subgroups of G. The intersection

t
i=1
H
i
is a subgroup of G.
More generally if 1 is a set of subgroups of G then

HH
H is a subgroup of
G.
Let S be an arbitrary subset of a group G. Let 1 be the set of all subgroups
of G containing S. Then

HH
H is a group of G, and it contains S, since each
H 1 contains S. Furthermore, any subgroup K of G containing S is in 1 so

HH
H K. This argument justies the following denition.
7
Denition 1.28. Let G be a group and let S be a subset of G. By S we mean
the smallest subgroup of G containing S. It is the intersection of all subgroups of
G containing S.
We are often interested in nding a minimal size set that generates a group.
For example the elements 1 and 1 both generate Z. The element 1 generates Z
n
as does any a Z
n
that is coprime to n.
If a group G is generated by a single element, say a G, then G =
_
a
i
: i Z
_
so G is equal to the cyclic subgroup generated by a. We call G a cyclic group. It is
isomorphic to Z if a has innite order, or to Z
n
if a has order n. So, cyclic groups
are not that complicated.
Groups generated by two elements can be quite complicated. We will see that
D
n
and S
n
are each generated by two elements.
2 Permutation Groups
For n an integer, the symmetric group S
n
is the set of all bijections on 1, . . . , n.
These are also called permutations of 1, . . . , n. The number of elements in S
n
is n!. Informally, we may justify this by noting that there are n possible images
for the number 1. Once the image for 1 is chosen, there are n 1 choices for the
number 2. Continuing in this manner we count n! bijections from 1, . . . , n to
itself. We can give a more formal inductive proof later.
We will sometimes write an element of S
n
in tabular form with i in the top
row and (i) in the bottom row.
Exercises 2.1.
(a) Here are two elements of S
5
:
=
_
1 2 3 4 5
3 5 1 2 4
_
and =
_
1 2 3 4 5
1 3 4 2 5
_
.
(b) Compute the inverse of each.
(c) Compute the products and , using the usual convention for composi-
tions: ()(i) = ((i)). You should see that the results are not equal.
Let n = 3, and enumerate the vertices of a triangle clockwise as 1, 2, 3. Each
element of D
3
gives rise to a permutation of 1, 2, 3.
Let r be rotation clockwise by 2/3. Then
r =
_
1 2 3
2 1 3
_
and r
2
=
_
1 2 3
3 1 2
_
.
8
There are three reections, each xes one element of 1, 2, 3 and transposes the
other two
u
1
=
_
1 2 3
1 3 2
_
u
2
=
_
1 2 3
3 2 1
_
u
3
=
_
1 2 3
2 1 3
_
.
This exhausts all permutations of 1, 2, 3 so by enumerating the vertices of the
triangle we have established a bijection between D
3
and S
3
. This is actually an
isomorphism since the operation for D
3
is composition, as it is for S
n
.
Exercises 2.2.
(a) How many ways are there to embed Z
4
in S
4
?
(b) How many ways are there to embed D
4
in S
4
?
Denition 2.3. Let a
1
, a
2
, . . . , a
t
be distinct elements of 1, . . . , n. We use the
notation (a
1
, a
2
, . . . , a
t
) to dene an element of S
n
called a t-cycle. This permuta-
tion takes a
i
to a
i+1
, for i = 1, 2, 3 . . . , t 1 and it takes a
t
to a
1
. Every element
of 1, . . . , n a
1
, . . . , a
t
is xed (i.e. taken to itself) by the cycle (a
1
, a
2
, . . . , a
t
).
We will call the set a
1
, . . . , a
t
the support of the cycle (a
1
, a
2
, . . . , a
t
).
A two-cycle is often called a transposition.
Two cycles are called disjoint when there supports are disjoint sets.
Let S
n
. A cycle decomposition for is a product of disjoint cycles that is
equal to .
Exercises 2.4.
(a) A t-cycle has order t.
(b) The cycles (a
1
, . . . , a
s
) and (b
1
, b
2
, . . . , b
t
) commute if their support is dis-
joint.
Proposition 2.5. Every permutation has a unique cycle decomposition.
Denition 2.6. We will call the list of cycle lengths, in decreasing order, the
signature of the permutation.
We will include one-cycles in the denition of the cycle decomposition, although
we will not write them unless it is needed for clarity. For example, the permutation
in S
5
from Exercise 1 has cycle decomposition = (1, 3)(2, 5, 4) and signature
3, 2. If we consider as an element of S
6
, we have = (1, 3)(2, 5, 4)(6) and the
signature is 3, 2, 1.
Exercises 2.7.
(a) For S
n
, the sum of the signature list is n.
(b) The order of is the lcm of the signature list.
9
There is a another factorization that is important.
Proposition 2.8. Every permutation can be written as a product of transpositions.
Proof. Since every permutation is a product of cycles, it is enough to show that
every cycle is a product of transpositions. This is shown by verifying that
(a
1
, a
2
, . . . , a
t
) = (a
1
, a
2
) (a
2
, a
3
) (a
t2
, a
t1
) (a
t1
, a
t
)
We may interpret the previous result as saying that S
n
is generated by trans-
positions. That is somewhat good news: there are n! elements of S
n
but we only
need
_
n
2
_
elements to generate S
n
. In fact we can do much better!
Exercises 2.9.
(a) Show that S
n
is generated by the n 1 elements (1, k) for k = 2, . . . , n.
[Show that you can get an arbitrary transposition by conjugating (1, k) by
some (1, j).]
(b) Show that S
n
is generated by 2 elements: (1, 2) and (1, 2, 3, . . . , n 1, n).
[Show that you can get all (1, k) from these two.]
We know from the previous proposition that a permutation can be written
as a product of transpositions. This factorization is not unique, for example
id = (1, 2)(2, 1) = (1, 3)(3, 1), but the parity of the factorization is.
Proposition 2.10. The identity element of S
n
cannot be written as the product
of an odd number of transpositions.
Consequently, any permutation can be written as a product of an even number
of transpositions, or an odd number of transpositions, but not both.
Proof. I refer you to the standard texts for the proof of the rst part of this result.
Suppose that is the product of transpositions in two ways: =
1

2
. . .
m
=

2
. . .
k
. Then id =
1

2
. . .
m

1
1

1
2
. . .
1
k
. So m + k is even and m and k
must have the same parity.
We now have an important and easy consequence.
Theorem 2.11. The set of even parity permutations forms a subgroup of S
n
. This
is called the alternating group and is denoted A
n
.
Exercises 2.12.
(a) Show that there is a homomorphism from S
n
to Z
2
. The preimage of 0 Z
2
is A
n
.
(b) Find all subgroups of A
4
.
(c) What is the intersection of A
4
and D
4
?
10
3 Cosets and Conjugates
The following bit of notation is useful.
Notation 3.1. Let S and T be subsets of a group G.
ST = st : s S, t T
We may use analogous notation for the set of all products from 3 or more sets.
Similarly, gS = gs : s S .
Notice that ST and TS are not necessarily equal when a a group is not abelian.
It is sometimes useful to have notation that says that H is a subgroup of G.
Notation 3.2. Henceforth, H G means H is a subgroup of G and H < G
means H is a proper subgroup of G.
The rst use of this notation is to dene a coset of a group H in a group G
containing H.
Denition 3.3. Let H G and let g G. Then gH is called a left coset of H in
G. and Hg is called a right coset of H in G.
We will prove several results for left cosets. There are analogous results for
right cosets.
Lemma 3.4. The function

g
: H gH
h gh
is a bijection.
Proof. It is a surjection by denition of gH. Suppose gh = gh

, multiplying on the
left by g
1
gives h = h

, so
g
is injective.
Lemma 3.5. If gH aH ,= then gH = aH.
Proof. First we show that if g aH then gH aH. For g aH, we have g = ak
for some k H. Now for any h H, any gh = akh aH. This shows gH aH.
Suppose x gH aH. Then there are h, k H such that x = gh = ak.
Then g = akh
1
aH and similarly a = ghk
1
gH. By the previous paragraph
aH = gH.
Proposition 3.6. For any H G the set of cosets of H partition H.
11
Proof. Any g G is in some coset, namely gH, so the cosets cover G. The previous
lemma shows that any two unequal cosets are disjoint. Thus the cosets partition
G.
Proposition 3.7 (Lagrange). If G is a nite group with subgroup G then the order
of H divides the order G. In particular the order of any element of G divides [G[.
Proof. By the previous proposition the cosets of H partition G, say Gis the disjoint
union of a
1
H, a
2
H, . . . , a
t
H. The cosets of H all have the same number of elements
by Lemma 3.4. Thus [G[ =

t
i=1
[a
i
H[ = t[H[. Thus the number of elements of G
is a multiple of [H[.
For any a G the number of elements in the subgroup a is ord a. So orda
divides [G[.
Denition 3.8. Let H G. The index of H in G, written [G : H], is [G[/[H[. It
is an integer by the previous proposition.
Now we consider conjugation.
Denition 3.9. Let a G and g G. The element aga
1
is called the conjugation
of g by a. If S is a subset of G, we dene aSa
1
to be
_
asa
1
: s S
_
. It is the
conjugation of S by a.
Exercises 3.10.
(a) Let a G. For H a subgroup of G show that aHa
1
is a subgroup of G.
(b) Dene a function
a
: G G by (g) = aga
1
. Show that
a
is an
automorphism of G.
(c) Show that aHa
1
has the same number of elements as H.
(d) Show that
a
: a G is a subgroup of Aut(G). It is called Inn(G), the
group of inner automorphisms of G.
Proposition 3.11. Let S
n
. For any S
n
, the signature of and the
signature of
1
are the same.
One proof is contained in the following exercise.
Problems 3.12.
(1) Consider rst the case where is a t-cycle and is a transposition. Show
that
1
is a t-cycle. [You will have to consider 3 cases based on supp()
supp().]
(2) Extend to arbitrary by noting that every permutation is the product of
transpositions.
12
(3) Extend to arbitrary by writing as the product of disjoint cycles and
using the fact that conjugation by respects products.
Problems 3.13.
(1) Show that A
n
is invariant under conjugation: for any S
n
, A
n

1
= A
n
.
(2) Now consider D
n
as a subset of S
n
by enumerating the vertices of an n-gon
clockwise 1, 2, . . . , n. Show that the n-cycle (1, 2, . . . , n) and any reection
generate D
n
.
13
4 Rings and Unit Groups
Denition 4.1. A ring is a set R, with two operations + and satisfying the
properties
(1) Associativity of + and .
(2) Commutativity of +.
(3) Identities for + and : Usually denoted 0 and 1, respectively.
(4) Inverses for +: The inverse of r R is usually written r.
(5) Distributivity of over +: For all a, b, c R, a (b +c) = a b +a c.
[Strictly speaking this is a ring with identity; among those who study such rings
it is usual to just call them rings.]
A commutative ring is a ring in which multiplication is commutative.
One may also say that a ring R is an abelian group under + and a monoid
(look it up!) under , with the additional property that distributes over +.
Denition 4.2. An element u of a ring R is a unit when there is another element
v such that uv = vu = 1. An element a of a ring R is a zero divisor when a ,= 0
and there is some b ,= 0 in R such that ab = 0 or ba = 0.
Exercises 4.3.
(a) Show that the identity for multiplication in a ring R is unique. If x satises
xa = ax = a for all a R then x = 1.
(b) The inverse of a unit is unique.
(c) The inverse of a unit is also a unit.
(d) A unit cannot be a zero divisor.
Proposition 4.4. Let R be a ring (not necessarily commutative). The set U(R)
of units in R forms a group.
Proof. The main thing we have to prove is that multiplication is an operation on
U(R). We need to show the product of two units is a unit. But this is clear. If u, v
U(R) then (uv) is also a unit, with inverse v
1
u
1
since v
1
u
1
uv = v
1
v = 1
and uvv
1
u
1
= uu
1
= 1. By the denition of ring, multiplication is associative.
So we have an operation that is associativite, an identity element, 1, and each
element has an inverse, by the denition of U(R) and the previous exercise.
14
Denition 4.5. A division ring is a ring in which each nonzero element is a unit.
A eld is a commutative division ring.
Exercises 4.6.
(a) Let D be a division ring. Show that D0, which we denote D

, is a group
under .
(b) Show that a division ring has no zero divisors. That is: if ar = 0 for some
a, r R
Of particular interest are the following groups derived from rings.
U
n
the unit group of Z
n
.
The set of nonzero elements of a eld is a group under multiplication. We de-
note it with a , for example: Q

, R

, C

. In addition we have the subgroups

Q

and R

consisting of the positive eld elements.

For F a eld, we may form the ring /(n, F) of n n matrices over F. A
matrix is invertible if and only if its determinant is nonzero. So the unit
group of /(n, F) is the set of matrices with nonzero determinant. It is
called the general linear group and is written Gl(n, F).
There are many interesting subgroups of the general linear group.
Exercises 4.7.
(a) Show that the general linear group has these subgroups:
The diagonal matrices with nonzero entries.
The upper triangular matrices.
The special linear group Sl(n, F) is the group of matrices with determi-
nant 1.
The orthogonal group O(n, F) is the group of matrices Q such that Q
1
is the transpose of Q.
(b) Show that det is a homomorphism from Gl(n, F) to F

.
(c) For any subgroup H of F

the set of all matrices with determinant in H is

a subgroup of Gl(n, F).
Example 4.8. In Gl(2, C) consider the matrices
1 =
_
1 0
0 1
_
i =
_
i 0
0 i
_
j =
_
0 1
1 0
_
k =
_
0 i
i 0
_
The set of matrices Q = 1, i, j, k is a group called the Quaternions.
15
Exercises 4.9.
(a) Show that the quaternions are indeed a group.
(b) Find the order of each element of Q.
(c) Show that no two of the groups Z
2
Z
2
Z
2
, Z
4
Z
2
, Z
8
, D
4
, and Q are
isomorphic. [Investigate the number of elements of order 4.]
Problems 4.10.
(1) Show that the subgroup of upper triangular 2 2 matrices is conjugate to
the group of lower triangular matrices. [Hint:
_
0 1
1 0
_
.]
(2)
(3) Show that the set of matrices with nonzero determinant of the form
_
0 a
b c
_
is a coset of the upper triangular matrices.
Denition 4.11. For rings R, S a function : R S is a homomorphism i
(1) is a homomorphism of the groups R, +
R
and S, +
S
, and
(2) (r
1

R
r
2
) = (r
1
)
S
(r
2
) for all r
1
, r
2
R, and
(3) (1
R
) = (1
S
).
16
5 The Polynomial Ring F[x] and Irreducibility
Henceforth we are primarily interested in commutative rings. Indeed, our objective
is to study elds, and the main interest in rings is the properties of the polyno-
mial ring F[x] for F a eld. Please see the material on polynomial rings in the
prerequisite notes from last semester. That material is extremely important.
A key issue for us will be indentifying when some f(x) F[x] is irreducible.
We summarize a number of results in this section. I think we proved all of these
last semester. In any case we accept them now without proof. We start with some
general properties of polynomial rings.
Notation 5.1. We will often use simplifying notation when working with polyno-
mials. We will write f F[x], and use f(x) when we need to be very clear. I will
always use f
i
for the coecients of f, and I will write f =

i
f
i
x
i
. The sum is
implicitly for i = 0 to , but only a nite number of terms are nonzero.
Here is an additional result about polynomial rings that will be useful.
Proposition 5.2 (Universal property of polynomial rings). Let R, S be rings and
let : R S be a ring homomorphism. For any s S there is a unique
homomorphism from R[x] to S that agrees with on R and takes x to s, namely
: R[x] S
_

i
r
i
x
i
_

i
(r
i
)s
i
Proof. If there is a homomorphism taking x to s and agreeing with on R then
we must have

i
r
i
x
i
_
=

i
(r
i
x
i
) =

i
(r
i
)(x)
i
=

i
(r
i
)s
i
To show this function is a homomorphism we check that it respects the operations.
I leave sums to you. Notice that
(

i
a
i
x
i
)(

i
r
i
x
i
) =

j
a
i
r
j
x
i+j
Set k = i +j and gather terms in x
k
,
=

k
x
k
k

i=0
(a
i
r
ki
)
17
A similar derivation shows that for b
i
, t
i
S
(

i
b
i
s
i
)(

i
t
i
s
i
) =

k
s
k
k

i=0
b
i
t
ki
Thus we have

__

i
a
i
x
i
__

i
r
i
x
i
__
=
_

k
x
k
_
k

i=0
a
i
r
ki
__
=

k
s
k
_
k

i=0
(a
i
r
ki
)
_
=
_

i
(a
i
)s
i
__

j
(r
j
)s
j
_
=
_

i
a
i
x
i
_

i
r
i
x
i
_
This shows respects products
Here is a fundamental application of the universal property. In the proposition
we are extending the identity map on F.
Proposition 5.3. Let g(x) F[x]. There is a homomorphism F[x] F[x]
taking f(x) to f(g(x)). This map is an isomorphism i g(x) has degree 1.
One more consequence of the universal property follows. This result is similar
to the order theorem, following the general theme that the of the analogies between
results for Z and for polynomial rings over a eld.
Proposition 5.4. Let R be a ring and containing a eld F. For any r R there
is a unique homomorphism from F[x] to R that is the identity on F and takes
x to r. If the kernel of is not just 0 then there is some polynomial m(x) such
that every element of the kernel is a multiple of m(x).
Proof. The existence of the homomorphism is guaranteed by the universal prop-
erty. Suppose that the kernel is non-trivial and let m(x) be a nonzero polyno-
mial of minimal degree in the kernel. For any f(x) in the kernel, write f(x) =
q(x)m(x) + r(x) with deg(r(x)) < deg(m(x). Then r(x) = f(x) q(x)m(x) is
also in the kernel, so (r(x)) = 0. Since m(x) was chosen to have minimal degree,
r(x) = 0, and f(x) is a multiple of r(x).
18
The proposition may be proven more quickly by noting that the kernel is an
ideal in F[x] and all ideals in F[x] are principal.
Denition 5.5. In the situation of the previous proposition, the polynomial m(x),
when it exists, is called the minimal polynomial of r. If m(x) = x
d
+m
d1
x
d1
+
m
1
x +m
0
then applying we have r
d
+m
d1
r
d1
+m
1
r +m
0
= 0 in R. We say
r is a root of m(x) and that r is algebraic of degree d over F. If the kernel of is
trivial r is said to be transcendental over F.
Now to the question of irreducibility. It is not always easy to check whether
a polynomial is irreducible, but here is one easy case: If a polynomial of degree 2
or 3 factors, then one of the factors must be linear. The linear factor then has a
root, which is also a root of the original polynomial. Thus, we have:
Proposition 5.6. Let f(x) F[x] have degree 2 or 3. If f(x) has no roots then
it is irreducible.
Proposition 5.7. Let f(x) F[x] have degree n. If f(x) is not divisible by any
irreducible polynomial of degree d for all d n/2 then f(x) is irreducible.
Proposition 5.8. Let f(x) F[x] and a F. Then f(x) is irreducible i f(xa)
is irreducible.
Proof. There is an isomorphism from F[x] to itself taking x to x a. If f(x)
factors then (f) = f(x a) also factors, and conversely.
Denition 5.9. Let f Z[x]. The gcd of the coecients of f is called the content
of f: gcd f
i
: i N
0
= c(f). A polynomial whose content is 1 is called primitive,
but we will use that term for a dierent meaning later, so we just say content 1.
We can factor any f Z[x] as c(f)f

where f

has content 1.
These denitions and the following results may be extended to any unique
factorization domain D and its eld of quotients K(D).
Proposition 5.10. Let f = f
0
+f
1
x+ +f
d
x
d
Z[x] have degree d and content 1.
If r/s Q is a root of f then r [ f
0
and s [ f
d
.
Proposition 5.11. Let f Z[x] have content 1. f is irreducible in Z[x] i f is
irreducible in Q[x].
There is a natural homomorphism Z Z/n and from Z/n to Z/n[x]. Conse-
quently, Proposition 5.2 tells us there is a homomorphism, Z[x] Z/n[x] taking
x to x. This map is simply reducing the coecients modulo n. For n a prime, we
will write F
p
instead of Z/p to emphasize that it is a eld.
19
Proposition 5.12. Let f Z[x] have degree d and content 1. Let

f be the image
of f in F
p
[x] for some prime p that doesnt divide f
d
. If

f is irreducible in F
p
[x]
then f is irreducible in Z[x] and also in Q[x].
Proposition 5.13 (Eisensteins criterion). Let f Z[x] had degree d 1 and
content 1. If there is a be a prime number p such that
p a
d
[ a
i
for i < d
p
2
a
0
then f is irreducible.
Problems 5.14.
(1) Let p be prime. It is clear that (x
p
1) is not irreducible since it has a
root, 1. Show that
x
p
1
x1
= x
p1
+ x
p2
+ + 1 is irreducible. Use the
isomorphism x (x + 1) and Eisensteins criterion.
(2) Test whether the following polynomials are irreducible.
3x
2
7x 5
2x
3
x 6
x
3
9x 9
(3) Show that x
4
10x + 1 is irreducible as follows.
Show it has no roots.
Try to factor it as a product of quadratics and derive a contradiction.
(4) Quadratic elds over F
3
.
Find all monic irreducibles of degree 2 over F
3
.
Let be the class of x in the eld F
3
[x]/(x
2
2x 2). Show that the
powers of give all nonzero element of this eld.
Show that all the monic irreducibles found earlier have two roots in this
eld.
(5) A eld with 32 elements.
Using arguments similar to what we did in class, nd all irreducible
polynomials of degree 5 over F
2
.
Let m(x) be one of the polynomials you found. Use sage to create the
eld F
2
[x]/m(x). Let a be the class of x.
20
Explain why the powers of a give all elements of this eld.
Use sage to show that all the irreducibles of degree 5 have 5 roots in
this new eld.
21
6 First Fields and Automorphisms
There are a few elds that should be familiar to you. We are going to start the
semester by enlarging our collection of elds and by studying their automorphisms.
The elds you should know are:
The rational numbers Q. This is the smallest eld that contains the integers.
The prime elds F
p
for each prime number p. A fundamental result from
modular arithmetic is that each nonzero element in the ring of integers mod-
ulo p, Z
p
, is invertible. You can compute the inverse using the extended
Euclidean algorithm. This shows that Z
p
is a eld. When studying elds we
will write F
p
instead of Z
p
.
The real eld, R.
The eld of complex numbers C. The complex numbers is a vector space of
dimension 2 over R with basis 1, i where i =

1. That is, every element

of C may be written in a unique way as a +bi for a, b R.
Denition 6.1. For elds (or division rings) F and K, a function : F K is
a homomorphism i
(1) is a homomorphims of the groups F, +
F
and K, +
K
, and
(2) is a homomorphism of the groups F

,
F
and K

,
K
.
Applying Proposition 1.6, : F K is a homomorphism of elds if it
respects addition and multiplication: (a
1
+a
2
) = (a
1
) +(a
2
) and (a
1
a
2
) =
(a
1
) (a
2
). Note: In the last two equations the addition and multiplication
on the left is done in F and the addition and multiplication on the right is in K.
Henceforth Im going to follow standard practice and not write the subscripts on
the operation signs to make the equations more legible. BUT, dont forget the
disctinction! We will also usually not write the multiplication sign, unless there is
some important reason to use it.
It turns out that a homomorphisms of elds is always injective!
Proposition 6.2. Let : F K be a homomorphism of elds. Then (a) =
(b) implies a = b.
Proof. Let : F K be a homomorphism. Let a be a nonzero element of F.
Since aa
1
= 1
F
, applying we get (a)(a
1
) = 1
K
. Since 0
K
does not have a
multiplicative inverse, (a) cannot be 0
K
. Thus a ,= 0
F
implies (a) ,= 0
K
.
Now suppose (a) = (b). Then (ab) = 0
K
, and the contrapositive of what
we showed in the previous paragraph gives a b = 0, so a = b.
22
Of particular interest is the set of all isomorphisms from a eld F to itself. The
following proposition is another very worthwhile exercise.
Proposition 6.3.
(1) The composition of two eld homomorphisms is a eld homomorphism.
(2) The composition of two isomorphisms of elds is an isomorphism of elds.
(3) Let : F K be an isomorphism of elds. The inverse function
1
:
K F is also an isomorphism of elds.
And now the culmination of this section!
Denition 6.4. Let F be a eld. The automorphism group of F is the set of all
isomorphisms from F to itself, with the operation of composition. It is written
Aut(F).
Proposition 6.5. For F a eld, Aut(F) is indeed a group.
What can we say about automorphisms of the elds introduced above? First
note that any automorphism has to take 1 to itself. Consider an automorphism
of Q. We must have (1) = 1. Since respects addition,
(1 + + 1
. .
b terms
) = 1 + + 1
. .
b terms
which shows that (b) = b for each positive integer b. Since also respects
additive inverses, (b) = b for positive integers b, so is the identity map on
the integers. Since respects multiplicative inverses, (1/b) = 1/b for any integer
b, and since respects products (a/b) = (a)(1/b) = a/b. Thus we have shown
that the only automorphism of Q is the identity map. A similar (shorter argument)
shows that the only automorphism of F
p
is the identity map.
Notice also that there can be no homomorphism from Q to F
p
since any ho-
momorphism must be injective.
The reals are vastly more complicated, so lets consider automorphims of C
that x R. By x we mean that the automorphism of C is the identity map on
the reals, (r) = r for r R. We know that ii = 1 so (i)(i) = (1) = 1.
Thus there are only two possibilities, (i) is either i itself or i. In the rst case
has to be the identity map, (a + bi) = (a) + (b)(i) = a + bi since xes
the reals. In the second case is the conjugation map: (a +bi) = a bi.
This simple example is the model for our work this semester. For a eld K
containing another eld F, we seek to understand the automorphisms of K that
x F, and to use that knowledge to better understand the eld K.
23
7 Constructing Fields: Quadratic Fields
We have two main tools for constructing new elds.
Construction I: The rst method is to work inside a known eld, usually the
complex numbers, and nd the smallest eld containing some specied elements.
Construction II: The second method is based on the following proposition
that is analogous to the result that Z/p is a eld.
Proposition 7.1. Let F be a eld and let p(x) be an irreducible polynomial in
F[x]. The ring F[x]/p(x) is a eld.
Lets start with Construction I.
Example 7.2. Consider the smallest eld inside the complex numbers that contains
Q and i. I claim this is F = a +bi : a, b Q. Certainly this set is a small as
possible, since any eld in C must contain Q and any eld containing i must
contain a + bi for any rationals a, b. To show this set is a eld we have to show
that it satises the eld axioms.
Associativity and commutativity of +, (and distributivity of over +) are
immediate, since they hold in C.
The additive indentity 0 +0i and the multiplicative identity 1 +0i are in F.
For a +bi F, the additive inverse of a +bi is (a) +(b)i, which is also in
F. The multiplicative inverse of a +bi is
a
a
2
+b
2
+
b
a
2
+b
2
i, which is also in F.
We must also check that + and operations on F. This means that we must
check closure: for a + bi and r + si in F their sum and their product must
be in F.
(a +bi) + (r +si) = (a +r) + (b +s)i
(a +bi) (r +si) = (ar bs) + (as +br)i
These are in F since a +r and b +s and ar bs and as +br are all rational.
This eld is called the Gaussian integers and is usually written Q[i]. We can show
that Aut(Q[i]) just has two elementsthe identity map, and the map taking a+bi
to a bi. The argument is exactly the same as used above for the automorphisms
of the complex numbers that x the reals.
Now lets consider Construction II.
24
Example 7.3. The polynomial x
2
+ 1 is irreducible as an element of Q[x] since
it has no roots. Thus Q[x]/(x
2
+ 1) is a eld. The rule for addition is simple
(a +bx) +(r +sx) = (a +r) + (b +s)x. The rule for multiplication of a +bx and
r +sx is: compute the product, then take the remainder after division by x
2
+ 1.
We get (a +bx)(r +sx) = ar +(as +br)x +bsx
2
, and dividing by x
2
+1 gives the
remainder (ar bs) + (as +br)x.
I leave it to you to check that there is an isomorphism
Q[x]
x
2
+ 1
Q[i]
a +bx a +bi
Show this functions respects + and respects .
More generally, we have the following, which you should prove. The main issue
in (1) is to show that the set given is closed under multiplication and (multiplica-
tive) inversion.
Proposition 7.4. Let D be a rational number that is not a perfect square.
(1) The set
_
a +b

D : a, b Q
_
is a eld (it is denoted Q[

D]).
(2) The polynomial x
2
D is irreducible.
(3) The eld Q[x]/(x
2
D) is isomorphic to Q[

D].
(4) The eld Q[

D] is isomorphic to Q[

a] for some square free integer a.

(5) There are two automorphisms of Q[

D]. The nontrivial one takes

D to

D.
The quadratic formula
There is a relationship between the quadratic formula and eld extensions.
Consider a quadratic m(x) = ax
2
+ bx + c with a, b, c Q. The roots of this
polynomial are r = b/2a +

b
2
4ac/2a and r = b/2a

b
2
4ac/2a. Let
D = b
2
4ac be the discriminant of m(x) and suppose D is not a perfect square
(Then

D is irrational).
I claim that Q[r] = a +br : a, b Q and Q[

D], are the same (not just

isomorphic, they include the same elements from C). One inclusion is easy, r is
evidently in Q[

D] since r is the sum of a rational number, b/2a, and a rational

multiple of

D. Consequently any s +tr with s, t Q is also in Q[

D].
25
To prove the reverse inclusion, note that b + 2ar =

D so

D Q[r]. Then
s + t

D = s + t(2ar + b) = (s + tb) + (2at)r will also be in Q[r]. Thus the two

elds are equal.
Since m(x) has no rational roots, it is irreducible. Consider the eld Q[x]/m(x).
It is a straightforward calculation to show that it is isomorphic to Q[r]. We now
know that Q[x]/m(x) is isomorphic to Q[r] that Q[r] is isomorphic to Q[

D] and
by Proposition 7.4 that Q[

D] is isomorphic to Q[

a] for some square free integer

a. Furthermore the automorphism group of Q[x]/m(x) has just two elements.
26
8 Cubic Extensions of the Rationals
In this section we take what may seem a modest step forward. We look at ex-
tending Q by the cube root of a rational number, and we consider Q[x] modulo an
irreducible cubic. The story is more subtle than you might expect!
Lets start by studying the smallest eld in C that contains
3

2.
Example 8.1. Let Q[
3

2] denote the smallest eld in C that contains

3

2. Clearly,
Q[
3

2] must also contain (

3

2)
2
=
3

4. I claim that
Q[
3

2] =
_
a +b
3

2 +c
3

2 : a, b, c Q
_
.
As in the discussion of Q[

i], several eld properties are immediate: associa-

tivity, commutativity, distributivity hold because they hold in C and the identity
elements 0 and 1 are clearly in Q[
3

2]. The only thing we need to check is that

addition and multiplication are indeed operations on Q[
3

2] (in other words Q[

3

2]
is closed under + and ) and that Q[
3

2] is closed under taking inverses (additive

and multiplicative). Closure under addition and taking additive inverses is clear.
(a +b
3

2 +c
3

4) + (r +s
3

2 +t
3

4) = (a +r) + (b +s)
3

2 + (c +t)
3

4
(a +b
3

2 +c
3

4) = a + (b)
3

2 + (c)
3

2
Closure under multiplication, and the formula for computing products follows.
(a +b
3

2 +c
3

4)(r +s
3

2 +t
3

4)
= (ar) + (as +br)
3

2 + (at +bs +cr)

3

4 + (bt +cs)
3

8 +ct
3

16
= (ar + 2bt + 2cs) + (as +br + 2ct)
3

2 + (at +bs +cr)

3

4
To establish closure under the multiplicative inverse, consider a, b, c as given
and r, s, t as unkowns in the previous equation. We need to solve
(ar + 2bt + 2cs) + (as +br + 2ct)
3

2 + (at +bs +cr)

3

4 = 1 + 0
3

2 + 0
3

4
This gives three equations in the three unkowns.
_
_
a 2c 2b
b a 2c
c b a
_
_
_
_
r
s
t
_
_
=
_
_
1
0
0
_
_
There is a unique solution provided the determinant is nonzero. The determinant
is a
3
+ 2b
3
+ 4c
3
+ 8abc.
27
We need to modify the question. It should be clear that if I can invert a +
b
3

2+c
3

4 then I can invert any rational multiple of it. This allows us to reduce to
the case a+b
3

2 +c
3

4 for mutually coprime integers a, b, c. One of these integers

must be odd.
If a is odd, then a
3
+ 2b
3
+ 4c
3
+ 8abc is odd, and is therefore nonzero.
If a is even, and b is odd then a
3
is a multiple of 8, and a
3
+2b
3
+4c
3
+8abc =
2(a
3
/2 +b
2
+ 2c
2
+ 4abc) is divisible by 2 but not 4, so it cannot be 0.
If a and b are both even and c is odd, then a
3
+2b
3
+4c
3
+8abc is a multiple
of 4, but not of 8, so it is nonzero.
Thus we have shown that a+b
3

2+c
3

4 has an inverse in Q[
3

2], which completes

the proof that Q[
3

2] is a eld.
Now lets consider automorphisms of Q[
3

2]. Reect for a minute to guess how

many automorphisms there are.
Let be an automorphism of Q[
3

2]. Since (
3

2)
3
= 2, it must be the case
that
_
(
3

2)
_
3
= 2. You can try setting (
3

2) = a + b
3

2 + c
3

4, then cubing
setting the result equal to 2, and solving for a, b, c. Alternatively, lets think: we
are working in the complex numbers, and we know that there are 3 cube roots of
2the others are
3

2 and
3

2
2
where = e
2i/3
=
1
2
+

3
2
i. Since Q[
3

2] is
contained in R, these other square rootswhich are not realare not in Q[
3

2].
Thus the only possible value for (
3

2) is
3

2 and must be the identity map.

Finally, we note that there is an isomorphism:
Q[x]/(x
3
2) Q[
3

2]
a +bx +cx
2
a +b
3

2 +c
3

4
Check that this maps respects addition (easy) and multiplication.
More generally, we have the following.
Proposition 8.2. Let B be a rational number that is not a perfect cube.
(1) The set
_
a +b 3

+c
3

B
2
: a, b, c Q
_
is a eld (it is denoted Q[
3

B]).
(2) The polynomial x
3
B is irreducible.
(3) The eld Q[x]/(x
3
B) is isomorphic to Q[
3

B].
(4) The eld Q[
3

B] is isomorphic to Q[
3

a] for some cube free integer a.

(5) identity map is the only automorphism of Q[
3

B].
28
The solution of a cubic polynomial
In the 16
th
and 17
th
centuries, there was a great deal of interest in deriving for-
mulas, like the one for quadratics, for the solution of arbitrary cubic, quartic and
higher degree equations. Several solutions of the cubic equation were discovered.
Im presenting one that is on the Wolfram MathWorld site and attributed to Vieta.
Consider the general cubic equation
x
3
+ax
2
+bx +c = 0
Substitute x = y
a
3
, to get
0 = (y
a
3
)
3
+a(y
a
3
)
2
+b(y
a
3
) +c
= y
3
ay
2
+
a
2
3
y
a
3
27
+ay
2
2a
a
3
y +a
a
2
9
+by b
a
3
+c
= y
3
+
_

a
2
3
+b
_
y +
2a
3
27

ab
3
+c
Setting p =
a
2
3
+b and q =
2a
3
27

ab
3
+c, we can write the last equation as y
3
+py+q.
It should be clear that a solution to this equation ( y(p, q) an expression for y in
terms of p and q), can be transformed to a solution to the original equation by a
number of substitutions.
x = y(p, w)
a
3
= y(
a
2
3
+b,
2a
3
27

ab
3
+c)
a
3
We proceed now to the solution of
y
3
+py +q
This is somewhat easier than the general equation since there is no y
2
term. We
may assume p and q are both nonzero since q = 0 gives solutions y = 0 and
y =

p and p = 0 is the case dealt with in Proposition 8.2. The trick here is to
substitute
y = z
p
3z
This may seem odd, but notice that clearing fractions gives z
2
3yz p = 0. Thus
for each y the quadratic formula gives two values of z such that y = z
p
3z
unless
9y
2
+ 4p = 0 in which case there is a single value of z. Note that this value of z
cannot be zero since p ,= 0.
We have
y
3
= z
3
3z
2
p
3z
+ 3z
p
2
9z
2

p
3
27z
3
29
so substituting y = z
p
3z
in y
3
+py +q gives
y
3
+py +q = z
3
pz +
p
2
3z

p
3
27z
3
+pz p
p
3z
+q
= z
3

p
3
27z
3
+q
Multiplying by z
3
and setting the expression equal to 0 gives
0 = z
6
+qz
3

p
3
27
Now, as if by magic, we can use the quadratic formula to get two solutions for z
3
.
R =
1
2
_
q +
_
q
2
+
4p
3
27
_
S =
1
2
_
q
_
q
2
+
4p
3
27
_
Lets call the discriminant of the quadratic B = q
2
+
4p
3
27
. The solutions for z are
now
z = R
1
3
, R
1
3
, R
1
3

2
, and S
1
3
, S
1
3
, S
1
3

2
Returning to the original question, solutions to y
3
+ py + q = 0, there is a bit of
a puzzle nowwe seem to have 6 roots, y = z
p
3z
for the 6 dierent values of z
above.
Some observations
There is ambiguity in the notation R
1
3
. If R is real then this means the
real cubic root, but if R is not real then there is not clear way to identify a
particular cube root.
RS = p
3
/27 since the product of the roots of a quadratic is the constant
term of the quadratic.
If R is real (and therefore S is also real) then R
1
3
S
1
3
= p/3 the unique real
root of p
3
/27.
If R is not real then we can still choose R
1
3
and S
1
3
so that their product is
p/3.
Then we get three solutions for y
R
1
3

p
3R
1
3
= R
1
3
+S
1
3
= S
1
3

p
3S
1
3
R
1
3

p
3R
1
3

= R
1
3
+S
1
3

2
= S
1
3

p
3S
1
3

2
R
1
3

p
3R
1
3

2
= R
1
3

2
+S
1
3
= S
1
3

p
3S
1
3

30
The following problems treat each of the possibilities for a cubic polynomial
with distinct roots: three rational roots, one rational and two complex roots,
one rational and two irrational roots, one irrational and two complex roots, three
irrational roots (there are actually two subcases here). Note: by irrational I mean
irrational real, and by complex I mean complex nonreal.
Problems 8.3.
(1) Consider x
3
7x + 6 = (x 1)(x 2)(x 3). Use the cubic formula to nd
the roots. Explain why you are surprised.
(2) Find the roots of x
3
15x 4 using the cubic formula. [Hint: compute
(2 +i)
3
.]
(3) Find the roots of
(4) Consider m(x) = x
3
3x + 1 Q[x].
Show x
3
3x + 1 is irreducible.
Find the roots using the cubic formula (they involve 9th roots of unity).
For any particular root, conclude that m(x) splits in Q[]. [Hint: For
each root show that
2
2 is also a root.]
If is one root,
2
1 is another. Find the third root in terms of .
(5) Let m(x) = x
3
6x 6.
Find the roots of m(x) using the cubic formula and show that exactly
one root is real.
Let be the real root. Show the other roots are not contained in Q[].
For this real root show that Q[] = Q[
3

2].
(6) Let m(x) = x
3
15x 10.
Find the roots of m(x) using the cubic formula and show they are all
real.
31
9 Finite Fields
We have already seen that Z/p is a eld for p a prime. We will write this eld
as F
p
to emphasize that it is a eld. In this section we characterize nite elds
completely by proving the following theorem.
Theorem 9.1. Let F be a eld with a nite number of elements.
1) F has p
n
elements where p is a prime.
2) There is an element F whose powers
1
,
2
, . . . ,
p
n
1
= 1 give all the
nonzero elements of F. Consequently, F

is cyclic of order p
n
1.
3) F is isomorphic to F
p
[x]/m(x) for some irreducible polynomial m(x) of de-
gree n over F
p
.
For any prime p and any positive integer n:
4) There exists a eld with p
n
elements.
5) Any two elds with p
n
elements are isomorphic.
We use F
p
n to denote the unique eld with p
n
elements. The automorphism group
of F
p
n satises:
(6) Aut(F
p
n) is generated by the Frobenius map, () =
p
.
(7) Aut(F
p
n)

= Z/n.
As a rst step we prove
Proposition 9.2. A nite eld is a vector space over F
p
for some prime p. Con-
sequently, the number of elements of F is a power of p.
Proof. Suppose that F is a nite eld. Consider the additive subgroup generated
by 1, i.e. 1, 1 + 1, 1 + 1 + 1. Let m be the smallest positive integer such that the
sum of m 1s is 0. If m where composite, m = ab, then we would have
0 = 1 + 1 + 1 + + 1 + 1
. .
m terms
= (1 + 1 + + 1
. .
a terms
)(1 + 1 + + 1
. .
b terms
)
The two factors on the right would then be zero-divisors, contradicting the as-
sumption that F is a eld. Thus m is in fact a prime, which we will now call
p.
32
The set of elements 1 + 1 + + 1
. .
a terms
for 0 a < p is a subset of F that is closed
under addition and multiplication, and it is routine to check that it is isomorphic
to F
p
. So, we will think of F as containing F
p
.
From the eld axioms we see immediately that F satises the axioms for a
vector space over F
p
. For example: if a F
p
and , F then a( + ) =
a +a follows from the distributive law, but may be also considered as property
concerning scalar multiplication (by ) of a sum of vectors, +. If the dimension
of F over F
p
is n then F has a basis u
1
, . . . , u
n
and the elements of F are a
1
u
1
+
. . . , a
n
u
n
for a
i
F
p
. Thus F must have p
n
elements.
Denition 9.3. The prime p in the theorem is called the characteristic of the
eld.
Suppose that q = p
n
is the number of elements in F. By the eld axioms,
the set of nonzero elements of F is a group under multiplication. This group is
denoted F

. Recall that the order of an element in a group G is the smallest

positive integer r such that
r
is the identity, or innity, if no such r exists. As
an exercise, review the following properties:
Lemma 9.4. Let be an element of order r in a group G.
1)
i
=
j
i i j mod r.
2) The order of
i
is r/d where d = gcd(i, r).
3) Let G be abelian. Let G have order s, coprime to r = ord(). Then
ord() = rs.
4) Let G be abelian. If
1
, . . . ,
n
have orders r
1
, . . . , r
n
where the r
i
are pairwise
coprime, then ord(

n
i=1

i
) =

n
i=1
r
i
.
Now we can establish item 2) of the Theorem.
Proposition 9.5. The multiplicative group of a nite eld is cyclic.
Proof. Let F have p
n
elements and let the prime factorization of p
n
1 be

r
i=1
q
a
i
i
.
We will show that for each i = 1 . . . , r there is an element b
i
F

of order q
a
i
i
. Since
the q
a
i
i
are Lemma 9.4 shows that the order of b =

r
i=1
b
i
is

r
i=1
q
a
i
i
= p
n
1.
Thus b generates the multiplicative group of F.
Let q
a
[[(p
n
1). Let t = (p
n
1)/q
a
and consider the set S =
t
: F

.
For any S the polynomial x
t
has at most t roots so there can be at most
33
t elements of F whose tth power is . Therefore the cardinality of S is at least
(p
n
1)/t = q
a
. On the other hand, everything in S is a root of x
q
a
1 since
(
t
)
q
a
=
p
n
1
= 1
There can be only q
a
roots of x
q
a
1, so S has at most q
a
elements. This shows
[S[ = q
a
. Similarly, at most q
a1
of the elements in S can be roots of x
q
a1
1 so
there must be at least q
a
q
a1
elements of S whose order in F is q
a
. This shows
what we wanted: there is some element of F of order q
a
.
Denition 9.6. An element of a nite eld whose powers generate the nonzero
elements of the eld is called primitive.
The theorem says that every nite eld has a primitive element. Furthermore,
from the lemma, if is primitive in a eld of p
n
elements then
k
is also primitive
whenever k is coprime to p
n
1. Thus there are (p
n
1) primitive elements,
where is the Euler totient function ((n) is the number of positive integers less
than n and coprime to n).
I will state the next result as a corollary, but it is really a more basic result
derived from Lagranges theorem. F

has p
n
1 elements, the order of any given
element has to divide p
n
1. Thinking of this in terms of roots of polynomials,
we have the following.
Corollary 9.7. If F is a eld with p
n
elements then
x
p
n
1
1 =

(x ) and,
x
p
n
x =

F
(x )
According to the following denition, the corollary shows that a eld F of order
p
n
is a splitting eld for x
p
n
1
1 and for x
p
n
x over F
p
.
Denition 9.8. Let F be a eld and let f(x) F[x]. A splitting eld for f(x) is
a eld K containing F such that
f(x) factors into linear factors in K[x].
Every element of K can be written as a polynomial in the roots of f(x).
To prove item 3) of the Theorem we need to use the minimal polynomial of a
primitive element (see Denition 5.5).
34
Proposition 9.9. Let F be a nite eld of p
n
elements. Let be any primitive el-
ement of F and let M(x) be its minimal polynomial over F
p
. Then F is isomorphic
to F
p
[x]/M(x). In particular deg M(x) = n.
Proof. Let M(x) = x
r
+a
r1
x
r1
+ +a
1
x+a
0
with a
i
F
p
. We will show that
1, , . . . ,
r1
is a basis for F over F
p
. We rst observe that 1, , . . . ,
r1
must
be linearly independent over F
p
. Suppose on the contrary that some nontrivial
linear combination is 0, b
r1

r1
+ +b
1
+b
0
= 0. Let k be the largest positive
integer such that b
k
,= 0. Then

k
+
b
k1
b
k
+
b
1
b
k
+
b
0
b
0
= 0
This shows that is a root of a polynomial over F
p
of degree less than deg M(x),
contradicting the minimality of M(x).
Next we show that any power of can be written as a linear combination of
1, ,
2
, . . . ,
r1
. This is true trivially for
i
for i = 0, . . . , r 1. Assume that
for some k r, each a
i
for i < k can be written as a linear.combination as stated.
Since M() = 0,
r
= a
r1

r1
a
1
a
0
. Multiplying by
kr
we can
write
k
as a linear combination of lower powers of . By the induction hypothesis
these are all linear combinations of 1, , . . . ,
r1
, so
k
is also. Since every nonzero
element of F is a power of , we have shown that 1, , . . . ,
r1
span F as claimed.
Since F has p
n
elements r = n. Furthermore the arithmetic on F is completely
determined by its structure as a vector space and
n
= a
n1

n1
a
1
a
0
.
This is exactly the same structure that F
p
[x]/M(x) has. In other words the map
from F
p
[x]/M(x) to F taking the class of x to is an isomorphism.
We can now prove existence and uniqueness for elds of prime power order.
We will need the Freshmans dream:
Proposition 9.10. Let , be elements of a eld of characteristic p. Then ( +
)
p
=
p
+
p
.
Proof. Expand ( +)
p
using the binomial theorem and we get terms like
_
p
k
_

pk
The binomial coecient really means 1 added to itself
_
p
k
_
times. Since p divides
the binomial coecient when 1 < k < p the coecient is 0 unless k = 0 or k = p.
That gives the result.
Proposition 9.11. For any prime power there exists a unique eld of that order.
35
Proof. Uniqueness: Let F and F

be two elds with p

n
elements. Let be a
primitive element in F and let M(x) be its minimal polynomial over F
p
. Since
is a root of x
p
n
x, Lemma 5.4 says that M(x) divides x
p
n
x. By Corollary 9.7,
x
p
n
x factors into distinct linear factors in both F and F

so there must be a root

of M(x) in F

. By Proposition 9.9, both F and F

are isomorphic to F
p
[x]/M(x)
so they are isomorphic to each other.
Existence: By successively factoring x
p
n
x and adjoining roots of a nonlinear
irreducible factor, we can, after a nite number of steps, arrive at a eld in which
x
p
n
x factors completely. I claim that the roots of x
p
n
x form a eld. Since
the derivative of x
p
n
x is 1, x
p
n
x does not have multiple roots, so by the
roots-factors theorem it has exactly p
n
roots. Thus we have a eld of p
n
elements.
We need to show that the sum of two roots is a root, that the additive inverse of
a root is a root, that the product of two roots is a root and that the multiplicative
inverse of a root is a root. These are all trivial except for the case of the sum of
two roots, which can be proved using the Freshmans dream.
The following example shows that there are many ways to construct a given
eld.
Example 9.12. Let p = 3. We can construct the eld F
3
2 by adjoining to F
3
a
root of the irreducible polynomial x
2
+2x +2. You can check by hand that is
primitive in this eld. If we had used x
2
+ 1, which is also irreducible, we would
get still get a eld with 9 elements. But the root of x
2
+ 1 will only have order 4
since
2
= 1 implies
4
= 1.
Denition 9.13. Let F be a nite eld and let p(x) be a polynomial over F. If
p(x) is irreducible and the class of x is primitive in F[x]/p(x), then we say p(x) is
a primitive polynomial.
Example 9.14. We can construct F
3
6 by adjoining to the eld of the previous
example a root of the primitive polynomial (veried using Magma) x
3
+ x
2
+
x +
3
over F
3
2. Elements of F
3
6 are uniquely represented as polynomials in
and whose degree in is at most 1, and whose degree in is at most 2.
We could also construct F
3
6 by rst constructing F
3
3 by adjoining a root

of
the primitive polynomial x
3
+2x +1 and then adjoining a root

of the primitive
polynomial (veried using Magma) x
2
+x + (

)
7
over F
3
3.
Finally we could construct F
3
6 directly by adjoining a root of the primitive
polynomial x
6
+ 2x
4
+x
2
+ 2x + 2.
In each of these elds you can nd a root of any one of the polynomials, and
thereby dene isomorphisms between the elds.
Now we consider the automorphism group of a nite eld. Recall that any
automorphism has to take 1 to itself, and must therefore x the subeld F
p
.
36
Lemma 9.15. Let Aut(F
p
n). Let F
p
n have minimum polynomial m(x).
Then () is also a root of m(x).
Proof. Let m(x) = x
d
+m
d1
x
d1
+ +m
0
be the mimimum polynomial for .
Each m
i
F
p
so

_
m()
_
=
n

i=1
(m
i
)
=
n

i=1
m
i
()
= m(())
Since m() = 0 we have m(()) is also 0.
Proposition 9.16. The automorphism group of F
p
n is cyclic of order n, generated
by the Frobenius map :
p
.
Proof. The Frobenius map respects addition, by the Freshmans dream, and it
clearly respects multiplication: () = ()
p
=
p

p
= ()(). Thus is a
homomorphism of elds. Since a homomorphism of elds must be injective, and
since an injective function on a nite set is also surjective, we conclude that is
an automorphism.
Repeatedly composing the Frobenius with itself gives other automorphims and
one can inductively establish the formula:
t
() =
p
t
. Since F

p
n has order p
n
1
we have for ,= 0,
n
() =
p
n
=
p
n
1
= . Thus
n
is the identity map.
I claim no lower power of is the identity map. Suppose that
r
is the identity
automorphism and let be primitive in F
p
n. Then =
r
() =
p
r
, so
p
r
1
= 1.
Since is primitive it has order p
n
1, so we see r n as claimed.
We need to show that there are no other automorphisms of F
p
n. Let be
primitive, and let m(x) = x
n
+m
n1
x
n1
+ +m
0
be its mimimum polynomial.
The lemma showed that
r
() =
p
r
is another root of m(x). Since is primitive,
, . . . ,
p
n1
are all distinct and they form the complete set of roots of m(x). Any
automorphims must take to one of these other roots of m(x). Since the action
of on determines completely, if () =
p
r
then =
r
.
In conclusion Aut(F
p
n) is cyclic of order n, and is generated by .
Problems 9.17.
(1) Factor x
15
1 over F
2
. Construct F
16
in three ways as a degree 4 extension
of F
2
and show isomorphisms between the three representations.
(2) Here is some Sage code to use to study the eld F
81
.
37
F3 = FiniteField(3)
P.<x> = PolynomialRing(F3)
p = x^81 -x
p.factor()
m = x^4+x+2
F81.<a> = FiniteField(81,modulus=x^4+x+2)
The polynomials x
2
+ 2x + 1 and x
2
+ x + 2 are both irreducible over
F
3
. Can you construct F
81
by using one of these polynomials and then
the other?
Using Sage, use m(x) = x
4
+x+2 and r(x) = x
4
+2x
2
+2 to construct
two versions of F
81
in Sage. Using a brute force search, nd a root of
m(x) in the second eld and a root of r(x) in the rst eld. These give
isomorphisms between the two elds. Check that the composition is
the identity.
Factor x
80
1 over F
3
. Find the roots of each of the irreducibles in
F
3
[x]/m(x).
(3) The eld of 64 elements.
The polynomials m(x) = x
6
+x+1 and r(x) = x
6
+x
5
+x
4
+x+1 are
both irreducible over F
2
. Using Sage, use m(x) and r(x) to construct
two versions of F
64
in Sage. Using a brute force search, nd a root of
m(x) in the second eld and a root of r(x) in the rst eld. These give
isomorphisms between the two elds. Check that the composition is
the identity.
Factor x
63
1 over F
2
. Find the roots of each of the irreducibles in
F
2
[x]/m(x). Use Sage, but also use your understanding of the theory.
L= (x^63-1).factor()
[l[0] for l in L if l[0].is_primitive()]
The eld F
64
can also be constructed as an extension of F
4
. Construct
F
4
, factor x
63
1. Choose one of the factors to construct of degree 3 to
construct F
64
. The following code will show how Sage treats elements
of this new object. It appears that there is no way in Sage to create a
eld, the code below only creates a ring. In particular FF.list() will
not work.
FF.<b> = F4.extension(x^3+a)
[b^i for i in [1..64] ]
38
Now create F
8
using an irreducible polynomial of degree 3 over F
2
, then
factor x
63
1, then creat F
64
using an irreducible polynomial of degree
2 over F
8
.
(4) Make a table showing the possible orders and the number of elements of each
order for F
64
, F
128
, and F
256
.
(5) Prove that if r[n then F
q
r is a subeld of F
q
n.
(6) For a given prime p, let I(d) be the set of irreducible polynomials of degree
d over F
p
. Show that for n > 0,

d|n

fI(d)
f = x
p
n
x
(7) Show that for any F
q
,
1 + +
2
+
3
+ +
q2
=
_

_
1 if = 0
1 if = 1
0 otherwise
39