NOTES FOR NUMBER THEORY COURSE

1. Unique factorization

1.1. All the rings we consider are assumed to have multiplicative unit 1 and almost alwaysthey will be commutative. N, Z, Q, R, C will denote the natural numbers, integers, rationalnumbers, real numbers and complex numbers respectively. A number α ∈ C is called analgebraic number, if there exists a polynomial p(x) ∈ Q[x] with p(α) = 0. We shall let Q bethe set of all algebraic numbers. Fact: “C and Q are algebraically closed”.

IF R is a ring R[x1, · · · , xn] will denote the ring of polynomials in n variables with coeffi-cients in R. The letter k will usually denote a field. If R ⊆ S are rings, and α1, · · · , αk areelements of S, we shall let R[α1, · · · , αn] be the subring of S generated by R and α1, · · · , αn.

Here are some examples of rings R of the type we will be interested in: R = Z, R = k[x],R = Z[i] ( i =

√−1), R = Z[ω] (ω = e2πi/3), R = Z[

√3], or more generally let R = Z[α],

where α is an algebraic number.

1.2. First definitions: principal ideals, prime ideals... An element u ∈ R is called anunit if there exists v ∈ R such that uv = 1. Such a v is necessarily unique (Why?) and iscalled the inverse of u. The set of units in R will be denoted by U(R). The units in Z are1 and −1. There are six units in Z[ω] (the sixth roots of unity). The units in k[x] are thescalars, i.e. the elements of k.

An ideal I in R is called principal if there exists a ∈ R such that I = ar : r ∈ R.We say that a is a generator for the principal ideal I and write I = (a) = aR. An elementa generates the unit ideal R = (1) if and only if a is an unit.

Let p, q ∈ R. Say that p divides q if there exists r ∈ R such that q = pr. We shallwrite p | q. Note that

p | q ⇐⇒ q ∈ (p) ⇐⇒ (q) ⊆ (p)

In general, given two ideal P,Q in R we say P | Q if Q ⊆ P . So for principal ideals (p) | (q)iff p | q.

An ideal P ⊆ R is called a prime ideal if ab ∈ P implies a ∈ P or b ∈ P . In otherwords, if P | (ab) then P | (a) or P | (b). An element p ∈ R is a prime if p | ab implies p | aor p | b i.e. (p) is a prime ideal.

A ring R is called an integral domain (or simply a domain) if a, b ∈ R and ab = 0 im-plies a = 0 or b = 0. Equivalently R is a domain if and only if (0) is a prime ideal.

A non-unit x ∈ R is called irreducible if x cannot be written as a product of two non-unit elements of R i.e. x = ab implies either a is an unit or b is an unit.

Note that in a domain R, if p ∈ R is a prime then p is irreducible.1

Proof: Suppose p = ab. Then p | ab, so p | a or p | b. Without loss suppose p | a. Thena = cp, so p = cpb, implying bc = 1 since we are in a domain, i.e. b is an unit. 1.3. Definition. Euclidean domains are rings where Euclidean algorithm for division works.A domain R is an Euclidean domain if there exists a function λ from the nonzero elementsof R to Z≥0 such that if a, b ∈ R and b = 0 there exists c, d ∈ R with the property a = cb+dwhere either d = 0 or λ(d) < λ(b).

1.4. Example. The rings Z, k[x], Z[i], Z[ω] are Euclidean domains.

Proof. (1) Integer division shows that Z is an Euclidean domain with λ(n) = |n|. Moreprecisely let a, b ∈ Z. For simplicity assume they are positive. Let c′ ≥ 1 be the smallestpositive integer such that bc′ > a. Let c = c′ − 1 and d = a− bc. Then d < b since otherwiseb(c+ 1) would be less than a.

(2) Long division of polynomials show that k[x] is a integral domain with λ(f) = deg(f)being the degree of the polynomial.

For Z[i] and Z[ω] see Ireland and Rosen (p: 12-13). 1.5. Definition. A domain R is called a principal ideal domain or a PID if every ideal in Rcan be generated by one element, i.e. is principal.

1.6. Lemma. Any Euclidean ring is a PID. The rings Z, k[x], Z[i], Z[ω] are Euclidean,hence PID.

Proof. This is basically the proof that two integers have a greatest common divisor. Let Ibe an ideal in the Euclidean ring R. Choose an b ∈ I such that λ(b) has smallest among allelements of I. For any a ∈ I write a = bc + d, where either d = 0 or λ(d) < λ(b). Sincea, b ∈ I, so is d. Since λ(b) is the smallest among all elements of I, so d must be zero. SoI = (b). 1.7. Remark. Call d the g.c.d. of a and b if d divides both a and b and any common divisorof a, b divides d. The theorem shows that any two elements a and b in a PID R has a g.c.d.d, namely, a generator of the ideal (a, b), which is unique upto a unit of R. The elements aand b are relatively prime (i.e. does not have any non-unit common factor), if and only iftheir g.c.d is 1.

1.8. Lemma. In a PID R, every irreducible element is a prime. (So we shall not distinguishbetween the concepts of irreducible and prime in a PID.)

Proof. let p ∈ R be irreducible. Suppose p | ab and p - a. Since p is irreducible and p - a, theonly common divisors of a and p are units, so (p, a) = (1). So (pb, ab) = (b). But ab and pbbelong to (p), hence (b) ⊆ (p), i.e. p | b. 1.9. Lemma. Let R be a PID. Any increasing sequence of ideals in R stabilizes i.e. has amaximal element.

Proof. Let (a1) ⊆ (a2) ⊆ (a3) ⊆ · · · be a increasing sequence of ideals in R. Then I = ∪(ai)is an ideal, so there exists a ∈ R such that I = (a). There is a j ≥ 1 such that a ∈ (aj). Itfollows that (a) = (aj) = (aj+1) = · · · . 1.10. Definition. A domain R is called an unique factorization domain or an UFD if everynonzero element can be written, uniquely upto units as a product of irreducible elements.

2

1.11. Theorem. Every PID is an UFD.

Proof. Fix a a ∈ R. We want to write a as a product of primes (equivalently irreducibles)and show that such a decomposition is unique upto permutation of the prime factors andupto units.

Step 1: Any non-unit a is divisible by an irreducible element. Suppose not. Since a is notirreducible write a = a1b1 where a1, b1 are non-units. Since a1 | a, a1 is not irreducible, sowrite a1 = a2b2 where a1, b1 are non-units. Continuing this way we get a strictly increasinginfinite sequence of ideals (a1) ( (a2) ( (a3) ( · · · which, is not possible by lemma ??. Thisproves step 1.

Step 2: Any a is a product of irreducibles and an unit. Suppose not. By step 1, writea = p1c1 where p1 is an irreducible. Then c1 is not a unit. So write c1 = p2c2 where p2 isirreducible. Continuing this way we get a sequence (c1) ( (c2) ( (c3) ( · · · which, is notpossible by lemma ??. So This proves step 2.

Step 3: By step 2 we can write a = p1p2 · · · pr where pi are irreducible elements, notnecessarily all distinct. Let a = p1p2 · · · pr = q1 · · · qs be two such decompositions. Each qj isa prime and qj | p1 · · · pr, hence qj | pi for some i, hence qj = ujpi for some unit uj. Similarlyeach pi is equal to some qj upto a unit. If there are more p’s than q’s then canceling all theq’s will yield a product of p ’s equal to an unit which is impossible. So r = s and pi and qiare same upto units and upto permutation. 1.12. Remark. The rings Z, k[x], Z[i], Z[ω] are all UFD’s. This in particular proves thatevery integer can be written uniquely a a product of positive primes and ±1 and that everypolynomial in one variable can be written as a product of irreducible polynomials that areunique upto a scalar.

Let R be an UFD and a ∈ R. We can write a =∏

p pe(p) where the product is over distinct

primes of R and almost all e(p) is zero. The numbers e(p) is uniquely determined by a andp. In fact e(p) is the largest integer n such that pn | a. This is because a′ = a/pe(p) is aproduct over primes different from p, so p - a′, i.e. pe(p)+1 - a. We write e(p) = ordp(a).

3

2. Few arithmetic functions

2.1. The prime counting function: In what follows p, q etc will stand for prime numbersi.e. a sum of the form

∑p will be a sum over prime numbers. Similarly m,n etc will be

natural numbers. Let π(x) =∑

1≤p≤n 1 be the number of primes less than or equal to n.Euler’s proof of infinitude of prime gives a trivial lower bound on the size of π. Given primesp1, · · · , pn, let pn+1 be the least prime factor of Nn = p1 · · · pn +1 (which exists, since Z is anUFD). Then pn+1 is distinct from p1, · · · , pn, which proves there are infinitely many primes

in Z. We have pn+1 < Nn ≤ 2∏n

i=1 pi. It follows that pn ≤ 22n−1. Let 22n

> x ≥ 22n−1. Then

we get π(x) ≥ n ≥ log2 log2 x.

2.2. The Mobius inversion formula: Let A be the set of arithmetic functions, i.e.functions from from N to C. Define the Dirichlet multiplication on A by

(f ∗ g)(n) =∑d|n

f(d)g(n/d)

This makes A into a commutative ring. Let 1 be the function defined by 1(1) = 1 and 1(n) =0 for n > 1. Then 1∗f = f for all arithmetic functions f , i.e. 1 is the unit of the ring (A, ∗).A function f ∈ A is invertible if and only if f(1) = 0. The inverse is given by f−1(1) = f(1)−1

and for n > 1 by the inductive formula f−1(n) = −f(1)−1∑

d|n,d<n f−1(d)f(n/d)

The function I defined by I(n) = 1 for all n is thus invertible. The inverse of I is thefamous Mobius function defined by µ(n) = (−1)l if n is the product of l distinct primenumbers and is zero otherwise. Clearly µ(1) = 1 and for n = pe1

1 pe22 · · · pel

l > 1 we have∑d|n

µ(d) =l∑

r=0

∑1≤i1<i2<···<ir≤l

µ(pi1pi2 · · · pir) =l∑

r=0

(l

r

)(−1)r = (1 − 1)l = 0

This shows µ ∗ I = 1 i.e. µ = I−1. As a consequence we get the mobius inversion formula.Let F (n) =

∑d|n f(d). Then f(n) =

∑d|n F (d)µ(n/d).

Proof. F =∑

d|n f(d) = f ∗ I. So f = F ∗ I−1 = F ∗ µ.

2.3. The Euler totient function: Let Nn = 1, 2, · · · , n. Euler’s totient function ϕcounts the number of positive integers less than or equal to n that are relatively prime to n:ϕ(n) = #m : 1 ≤ m ≤ n, (m,n) = 1. We have∑

d|n

ϕ(d) = n.

proof of the formula. Partition the numbers 1, 2, · · · , n according to their g.c.d. with n,i.e. let Φd = m : 1 ≤ m ≤ n, (m,n) = d. Let m′ = m/d. Then 1 ≤ m ≤ n and (m,n) = dif and only if 1 ≤ m′ ≤ n/d and (m′, n/d) = 1. So #Φ(d) = ϕ(n/d). Since Nn is the disjointunion of Φd’s we have, n =

∑d|n #Φ(d) =

∑d|n ϕ(n/d).

Thus (ϕ ∗ I)(n) = n. Using the mobius inversion, we now get a formula for ϕ(n). Letn = pe1

1 pe22 · · · pel

l . By Mobius inversion, we get

ϕ(n) =∑d|n

µ(d)n/d = n−∑

i

n/pi +∑i=j

n/pipj − · · · = nl∏

i=1

(1 − p−1i )

4

2.4. The Chebysev function: Let θ(x) =∑

1≤p≤x log p =∫ x

1log(y)dπ(y). (The integral

can be treated as a Stiltje’s or a Lebesgue integral). By integration by parts we get

θ(x) = π(x) log(x) −∫ x

1

π(y)

ydy (1)

We shall see that the second term is of much smaller order than the first, so an estimate forθ yields an estimate for π. This is what we want to do now.

We start with the observation

22n = (1 + 1)2n >

(2n

n

)=

(n+ 1).(n+ 2). · · · 2n1.2. · · · .n

>∏

n<p<2n

p

Taking logarithm we get the bounds

2n log 2 >∑

n<p<2n

log p = θ(2n) − θ(n)

In particular 2k log 2 > θ(2k) − θ(2k−1). Summing over k we get θ(2k) < 2k+1 log 2. Taking2k−1 ≤ x < 2k we get

θ(x) ≤ θ(2k) ≤ (4 log 2)2k−1 < (4 log 2)x (2)

Now we want an upper bound for θ. First we note that

ordp(n!) =n∑

m=1

ordp(m) =∞∑

r=1

#m ∈ Nn : ordp(m) = rr∞∑

r=1

#m ∈ Nn : ordp(m) ≥ r

=∞∑

r=1

⌊n/pr⌋

Let tp be the largest integer such that ptp ≤ 2n, i.e. tp = ⌊log 2n/ log p⌋. It follows that

ordp

(2n

n

)= ordp(2n!) − ordp(n!2) =

tp∑r=1

(⌊2n/pr⌋ − 2⌊n/pr⌋)

Since ⌊2x⌋ − 2⌊x⌋ is equal to 1 or 0 we get ordp

(2nn

)≤ tp. Thus we have the following

inequalities:

2n ≤ (n+ 1)

1

(n+ 2)

2· · · 2n

n=

(2n

n

)≤

∏p<2n

ptp

Taking logarithm yields

n log 2 ≤∑p<2n

tp log p =∑p<2n

⌊log 2n/ log p⌋ log p

If log p > 12log 2n, i.e. p >

√2n then ⌊log 2n/ log p⌋ = 1. Thus

n log 2 ≤∑

p<√

2n

⌊log 2n/ log p⌋ log p+∑

√2n<p<n

log p ≤√

2n log 2n+ θ(2n)

This yields θ(2n) > n log 2−√

2n log 2n. The first term is of larger order, i.e.√

2n log 2n/n→0. So we get an upper bound for theta, for instance, θ(2n) > n(3

4log 2).

5

Taking 2n < x < 2n + 1 we get θ(x) > θ(2n) > (x2− 1

2)(3

4log 2). So we have that θ has

order equal to x, for instance we have the bounds

x(4 log 2) > θ(x) > x(1

4log 2).

Remark: For the sake of completeness we have chosen to give explicit constants like 4 log 2and 3

4log 2 in the inequalities but their actual value here is not very important and one could

probably get better constants at places by being more careful.

2.5. The prime number theorem: The trivial bound π(y)/y < 1 gives 1x

∫ x

1π(y)

ydy < 1.

From the upper bound (??) and equation (??) we get π(x) log(x)/x < 1 + 4 log(2). So weget π(x)/x→ 0 as x→ ∞. The equation (??) now implies

θ(x)/x− π(x) log(x)/x→ 0 as x→ ∞The above bounds for θ now gives the following bounds for π(x):

(1/4) log 2 < π(x) log(x)/x < 4 log 2

The prime number theorem states that in fact

π(x) log(x)/x→ 1

6

3. Riemann’s zeta function

3.1. Functions of complex variable:Holomorphic functions: Let U be an open subset of C. A function f : U → C isdifferentiable at z0 ∈ U if

f ′(z0) = limz→z0

(f(z) − f(z0))/(z − z0) (3)

exists. An f that is differentiable on U is called a holomorphic function on U .

The Cauchy Riemann equations: Let f : U → C be holomorphic. Let f(z) = u(z)+iv(z)where u, v : U → R are the real and complex part of f . Let z = x + iy. We can also thinkof z as a point in R2, i.e. write z = (x, y) and think of u and v as real functions of two realvariables: u(x, y) = u(x+ iy). Let z0 = x0 + iy0 ∈ U . The Cauchy Riemann equations statethat

ux = vy and uy = −vx.

To prove these we calculate the limit in (??) in two ways: as z → 0 along the x axis andalong the y axis. For simplicity take z0 = 0. Then the general formula follows by translation.Along x axis we get

f ′(0) = limh→0

(u(h, 0) + iv(h, 0)) − (u(0, 0) + iv(0, 0))

h= ux(0, 0) + ivx(0, 0).

Along y axis (i.e. taking z = ih = (0, h) as h→ 0) we get

f ′(0) = limh→0

(u(0, h) + iv(0, h)) − (u(0, 0) + iv(0, 0))

ih=

1

i(uy(0, 0) + ivy(0, 0))

= vy(0, 0) − iuy(0, 0)

Comparing the two we get the Cauchy Riemann equations.

Green’s theorem and Cauchy’s theorem: Let D be a simply connected domain in R2

(i.e. a open set with “no holes”. For example the inside of a square or a disc are simplyconnected as is a half space, while An annulus or C \ i is not). Let ∂D be the boundarycurve of D (oriented) and let f : D → C be a holomorphic function. Cauchy’s theoremstates that the line integral

∫∂Df is zero. More explicitly let γ(t) = x(t) + iy(t), 0 ≤ t ≤ 1

be a parametrization of the curve ∂D. Then we want to show∫

γf =

∫ 1

0f(γ(t))γ′(t)dt = 0

We shall derive the Cauchy’s formula from Green’s theorem, which states, for p, q : D →R2, one has ∫

∂D

pdx+ qdy =

∫D

(py − qx)dxdy.

Now we can compute∫γ

f =

∫ 1

0

f(γ(t))γ′(t)dt =

∫ 1

0

(u+ iv)(x′ + iy′)dt =

∫ 1

0

(ux′ − vy′)dt+ i

∫ 1

0

(uy′ + vx′)dt

=

∫γ

(udx− vdy) + i

∫γ

(vdx+ udy)

By Green’s theorem the last expression equals∫

D(uy + vx)dxdy + i

∫D(vy − ux)dxdy which

is equal to zero by the Cauchy Riemann equations.7

Cauchy integral formula Let U be an open set in C and f : U → C a holomorphicfunction. Let Γ : [0, 1] → U be a simple closed curve in U , i.e. Γ(0) = Γ(1) and Γ(t) = Γ(s)for all 0 ≤ s < t < 1, meaning that Γ does not cross itself. Suppose Let D1 be the simplyconnected domain, such that Γ = ∂D1. Fix a point w ∈ D and let Γϵ be the circle of Radiusϵ around w. Assume ϵ is small so that Γϵ ⊆ D1. Let D be the region between Γ and Γϵ, i.e.D = D1 \ z : |z − w| ≤ ϵ. Then ∂D = Γ − Γϵ. (In our convention anticlockwise orientedcurves get positive orientation and its negative is the same curve with the clockwise orien-tation). Note that F (z) = (f(z) − f(w))/(z − w) is holomorphic on D. Applying Cauchy’stheorem to F on D we get

∫Γ−Γϵ

F = 0, i.e.∫ΓF =

∫ΓϵF . When ϵ is small the values of F

on Γϵ are close to f ′(w). Thus, as ϵ → 0 the values of F on Γϵ remains bounded while thelength of the circle goes to zero, implying

∫ΓϵF → 0. But then

∫ΓF = 0, which gives∫

Γ

f(z)

z − w= f(w)

∫Γ

1

z − w

Repeating the same arguement we get∫

Γ1

z−w=

∫Γϵ

1z−w

for ϵ sufficiently small. Parametrize

the circle Γϵ by Γϵ(t) = w + ϵe2πit, 0 ≤ t ≤ 1.∫Γϵ

1

z − w=

∫ 1

0

1

Γϵ(t) − wΓ′

ϵ(t)dt

∫ 1

0

1

ϵe2πit2πiϵe2πitdt = 2πi

This gives us the Cauchy integral formula

2πif(w) =

∫Γ

f(z)

z − w

Local power series expansion for holomorphic functions: In the Cauchy integralformula, by differentiating under integral sign n times with respect to w one gets

f (n)(w) =n!

2πi

∫Γ

f(z)

(z − w)n+1

Hence f is infinitely differentiable! Now let Γ be a circle of radius r contained in U . If |f |is bounded by M on Γ then the integral |f (n)(w)| is bounded by n!M

2πrn+1 length(Γ) = n!Mrn . So

the taylor series∑

n f(n)(w)(u−w)n/n! converges absolutely for |u−w| < r. Now calculate

the Taylor series for f as follows: (need to justify the interchange of integral and sum)∑n

f (n)(w)(u− w)n

n!=

1

2πi

∫Γ

f(z)

z − w

∑n

(u− w)n

(z − w)n=

1

2πi

∫Γ

f(z)

(z − w)(1 − u−wz−w

)

=1

2πi

∫Γ

f(z)

z − u= f(u)

Suppose f : U → C is holomorphic and f(w) = 0 for some w ∈ U . We have a local powerseries expansion f =

∑n cn(z − w)n valid in a neighborhood V of w. If all the co-efficients

are zero then f identically zero. Else let m ≥ 0 be the smallest integer such that cm isnon-zero. Then we can write f(z) = (z − w)mg(z) where g(z) =

∑k cm+k(x − w)k. Since

lim sup|cm+k|1/k = lim sup|ck|1/k the power series for g and f has same radius of convergence.So g converge absolutely and uniformly on a neighbourhood of w and hence is continuous

8

at w. Since g(0) = cm = 0 there is a neighborhood W of w such that g(z) does not vanishon W . So f vanishes on W if and only if (z − w)m vanish. This proves that there existsan open set W around w such that w is that only zero of f in that open set. So,if f is anon-zero holomorphic function on U then the zeroes of f cannot have any limit point in U .It follows that if f, g are two holomorphic functions on U and they agree on a set S whichhas a limit point in U then f = g on U .

3.2. The Poisson summation formula: Let f : R → R be a rapidly decreasing function,e.g. suppose f(t)xn → 0, as x → ∞ for all n ≥ 1. Define the periodic function F (t) =∑

n∈Z f(t+ n). Write the Fourier series for F :

F (t) =∑m∈Z

Fme2πimt (4)

where

Fm =

∫ 1

0

F (t)e−2πimtdt =∑n∈Z

∫ 1

0

f(t+ n)e−2πimtdt =∑n∈Z

∫ n+1

n

f(y)e−2πimydy

=

∫Rf(y)e−2πimtdt = fm(−t)

Putting t = 0 in equation (??) and substituting the expression for Fm we get the Poissonsummation formula ∑

n∈Z

f(n) =∑m∈Z

∫Rf(y)e−2πimydy

3.3. The theta function: Let H be the set of complex numbers of the form x + iy withy > 0. Define θ : H → C by the infinite series

θ(τ) =∑n∈Z

exp(πin2τ)

The series is absolutely convergent and uniformly convergent on compact sets in H. Clearlyθ(τ + 1) = θ(τ). We shall show that θ(−1/τ) = exp(πi/4)τ 1/2θ(τ). (A function satisfyingthese kind of transformation properties are called modular forms). It is a fact that twoholomorphic functions that agree on a line segment agree everywhere. So it is enough toshow

θ(−/it) =√tθ(t) for t ∈ (0,∞). (5)

Using Poisson summation formula in the series for θ we get

θ(it) =∑n∈Z

e−πn2t =∑m∈Z

∫R

exp(−πy2t− 2πimy)dy

Completing squares give

θ(it) =∑m∈Z

∫R

exp(−πt(y + imt

)2) exp(−πm2

t)dy =

∑m∈Z

exp(−πm2

t)

∫R− im

t

exp(−πy2t)dy

The integral over the line R − im/t is the limit of the integral over the interval [−im/t −N, im/t+N ]. Consider the rectangle with vertices −im/t−N , im/t+N , N and −N . Theintegrand being holomorphic the integral over the boundary of the rectangle is zero. Theintegral over the vertical edges tend to zero as N → ∞ because the integrand tends to zero

9

and the length of the curve is finite ( equal to m/t ). So the integral over the two horizontaledges are equal. taking limit as N → ∞ we see

∫R−im/t

exp(−πy2t)dy =∫

R exp (−πy2t)dy.

So

θ(it) =∑m∈Z

exp(−πm2

t)

∫R

exp(−πy2t)dy =1√tθ(i/t)

3.4. Theta and Zeta: The Riemann zeta function ζ(s) =∑∞

n=1 n−s converges absolutely

on the set ℜ(s) > 1. The unique factorization of integers into prime powers is encoded inEuler’s generating function formula ζ(s) =

∏p(1 + p−s + p−2s + · · · ) =

∏p 1/(1 − p−s).

Consider the function θ1(t) = (θ(it)− 1)/2 =∑∞

n=1 exp(−πn2t). Taking the Mellin trans-form M(f)(s) =

∫ ∞0f(s)ts dt

tof this function and interchanging summation and integration

relates the theta function to the zeta:

M(θ1)(s) =∞∑

n=1

∫ ∞

0

exp(−πn2t)tsdt

t=

∞∑n=1

(πn2)−s

∫ ∞

0

e−yysdy

y= π−sΓ(s)ζ(2s)

Under the Mellin transform the the modular property theta θ(i/t) =√tθ(t) gives the func-

tional equation for zeta. We have

π−s/2Γ(s/2)ζ(s) =

∫ ∞

0

1

2(θ(it) − 1)ts/2dt

t

Break up the integral from zero to one and then from 1 to infinity. The second integral isregular because theta decays rapidly as t → ∞. On the integral from zero to 1 we use thetransformation property of θ:∫ 1

0

1

2(θ(it) − 1)ts/2dt

t=

∫ 1

0

1

2(

1√tθ(i/t) − 1)ts/2dt

t

=

∫ 1

∞

1

2(√uθ(iu) − 1)u−s/2 (−du)

u

=

∫ ∞

1

1

2(θ(iu) − 1)u(1−s)/2du

u−

∫ ∞

1

1

2u−s/2du

u+

∫ ∞

1

1

2u(1−s)/2du

u

= −1

s− 1

1 − s+

∫ ∞

1

1

2(θ(iu) − 1)u(1−s)/2du

uif ℜ(s) > 1

Define the completed zeta function by ξ(s) = π−s/2Γ(s/2)ζ(s). From the above we get

ξ(s) = −s−1 − (1 − s)−1 +

∫ ∞

1

1

2(θ(iu) − 1)(us/2 + u(1−s)/2)

du

u(6)

The right hand side of (??) is regular except for a simple pole at 0 and 1. Hence this formulaextends ξ as a function on C with only simple poles at 0 and 1. Since Γ has simple polesat 0,−1,−2, · · · we find the ζ is regular except for a simple pole at 1 and has zeroes at−1,−2, · · · . The right hand side of (??) is invariant under the substitution s→ 1− s. Thisgives the functional equation

ξ(s) = ξ(1 − s)

10

4. Linear congruence and finite cyclic groups

4.1. Let

p1(x1, · · · , xn) = 0, · · · , pr(x1, · · · , xn) = 0 (7)

be a system of r polynomial equations in n variables with integer co-efficients. We want tofind all integer solutions to this system. Even to decide if the system has a solution is hard(in fact it can be shown that there is no general algorithm to solve this problem).

Instead we might reduce the co-efficients modulo some integer n and try to find x1, · · · , xn

in Z/nZ that solves this reduced system. Since Z/nZ is finite this is an easier question, andat least it gives a necessary condition for existence of solutions to the original equations (??).For example, the equation x2 + y2 = 100003 does not have a integer solution since x2 + y2 isnever congruent to 3 modulo 4. The equation x(x + 1)(x + 2) = c can have a solution onlyif c ≡ 0 mod 6.

Notation: Given x ∈ Z/nZ, let x denote any integer such that x ≡ x mod n. We say thatx is a lift of x to Z. Given y ∈ Z, its image in Z/nZ is denoted by y and called the reductionof y modulo n. However often, one omits the bar and the tilde to make the notation cleanand it does not cause any major confusion.

4.2. Linear congruence: Let a, b, n be integers and consider the congruence equation

ax ≡ b mod n (8)

Let d = gcd(a, n). If the equation (??) has a solution then b is a integer linear combinationof a and n, so b ∈ (a, n) = (d), i.e. d must divide b. Since gcd(a, n) = d there exists integersr and s such that ar + ns = d, i.e. ar ≡ d mod n. Let x0 = r(b/d). Then

ax0 = ar(b/d) ≡ d(b/d) ≡ b mod n

So (??) has a solution if and only if gcd(a, n) | b.In group theoretic terms we are saying the following: Let a = da1 and n = dn1. Since a1

and n1 are relatively prime a1 is invertible in Z/n1Z and r is the inverse of a1. Then ax = bholds in Z/nZ if and only if a1x = b1 holds in Z/n1Z and rb1 is a solution to a1x = b1 inZ/n1Z.

If x0 and x1 are two solutions then we have a(x0−x1) ≡ 0 mod n. Multiplying by r we getd(x0 −x1) ≡ 0 mod n. So x1 −x0 is in the subgroup generated by n1. So the set of solutionsto (??) in G = Z/nZ is equal to the coset x0 + n1G = x0, x0 + n1, · · · , x0 + (d− 1)n1.

4.3. Relatively prime ideals Let R be a commutative ring and mi and mj are ideals. Notethat m1m2 ⊆ m1 ∩ m2. Suppose (m1,m2) = (1) (two such ideals are called relatively primeor Co-maximal). There exists elements m1 in m1 and m2 ∈ m2 such that m1 + m2 = 1. Ifx ∈ m1 ∩ m2 then x = xm1 + xm2 ∈ m1m2. Thus we have(1) If m1 and m2 are co-maximal then m1m2 = m1 ∩ m2.Suppose m1, · · · ,mn are pairwise co-maximal, i.e. (mi,mj) = (1) for all i = j. For eachj = i find aj ∈ mi and bj ∈ mj such that aj + bj = 1. Let b =

∏j =i bj ∈ ni. Then

b =∏

(1 − aj) = 1 − a for some a ∈ mi. So(2) If m1, · · · ,mn are pairwise co-maximal and ni =

∏j =i mj then mi and ni are co-maximal.

By (2) m1 and∏r

j=2 mj are relatively prime. So by claim 1, m1(m2 · · ·mr) = m1∩(m2 · · ·mr).By induction on r we get(3) Suppose m1, · · · ,mr are pairwise co-maximal ideals. Then ∩r

i=1mi =∏r

i=1 mi.11

Now we can prove theChinese remainder theorem. Let R be a commutative ring. Let m1, · · · ,mr be ideals in Rand m = m1m2 · · ·mr be their product ideal. Suppose, for all I = j, we have (mi,mj) = (1),Then The map

ψ : R/m → R/m1 ×R/m2 × · · · ×R/mr

given by ψ(x) = (x mod m1, · · · , x mod mr) is an isomorphism.

Proof. Suppose x is in the kernel of ψ. Then x ≡ 0 mod mi for i = 1, · · · , r. So x ∈ ∩ri=1mi =∏r

i=1 mi = m. Hence x = 0 ∈ R/m. So ψ is injective.Since mi and ni =

∏j =i mj are co-maximal we can choose ei ∈ ni and mi ∈ mi such

that mi + ei = 1. Hence ei ≡ 1 mod mi and ei ≡ 0 mod mj for all j = i. Now, given

(b1, · · · , br) ∈ R/m1×· · ·×R/mr. take any lift (b1, · · · , br) in Rr and let b =∑

r biei mod m.Then ψ(b) ≡ bi mod mi for each i, hence ψ is onto. 4.4. Simultaneous linear congruences : Supposem1, · · · ,mr are relatively prime integersand m is the product of m1, · · · ,mr. So the ideals (mi) and (mj) are co-maximal for all i = j.From the Chinese remainder theorem we get that Z/mZ ≃ Z/m1Z×Z/m2Z×· · ·×Z/mrZ. Sogiven bi ∈ Z/m1Z for i = 1, · · · r, there exists unique x0 ∈ Z/mZ such that x0 ≡ bi mod mi.So the system of equations x ≡ bi mod mi with relatively prime moduli m1, · · · ,mr canalways be solved and the set of integer solutions are x0 +mZ where x0 is any solution.

Example: Suppose want to solve

6x ≡ 2 mod 8, 3x ≡ 1 mod 20, 8x ≡ 1 mod 15. (9)

Canceling common factors and multiplying in the units in Z/nZ we get the equivalent system

x ≡ 3−1 mod 4, x ≡ 3−1 mod 20, x ≡ 8−1 mod 15.

(e.g 8−1 ≡ 2 mod 15 ). Applying Chinese remainder theorem We can break them up into asystem of relatively prime modulus:

x ≡ 3−1 mod 4, x ≡ 3−1 mod 4, x ≡ 3−1 mod 5, x ≡ 8−1 mod 3, x ≡ 8−1 mod 5.

Note: 3 ≡ 8 mod 5 so these equations are consistent. Combining these and using 3−1 ≡3 mod 4, 3−1 ≡ 2 mod 5 and 8−1 ≡ 2 mod 3 the above system becomes

x ≡ 3 mod 4, x ≡ 2 mod 5, x ≡ 2 mod 3

Let (m1,m2,m3) = (4, 5, 3). As in the proof of the Chinese remainder theorem we can nowchoose (e1, e2, e3) to be

(e1, e2, e3) = ( ˜(15−1 mod 4).15, ˜(12−1 mod 5).12, ˜(20−1 mod 3).20))

= ( ˜(3−1 mod 4).15, ˜(2−1 mod 5).12, ˜(2−1 mod 3).20) = (3.15, 3.12, 2.20).

So a solution to (??) is given by x0 = 3.45 + 2.36 + 2.40 ≡ 47 mod 60 and all solutions are47 + 60Z.

4.5. The group of units in Z/nZ: A number 1 ≤ a ≤ n is invertible as an element ofZ/nZ if and only if (a, n) = 1. So the group of units U(Z/nZ) has order ϕ(n). Supposegcd(a, n) = 1. Since the order of an element in a group divides the order of the group we have

12

Euler’s theorem aϕ(n) ≡ 1 mod n. As a special case one gets the Little Fermat’s theorem: ifp is a prime that does not divide a then ap−1 ≡ 1 mod p.

Now let n =∏r

i=1 peii where pi are distinct primes. By Chinese remainder theorem we

have Z/nZ ≃ Z/pe11 Z × Z/pe2

2 Z × · · · × Z/perr Z. So

U(Z/nZ) ≃ U(Z/pe11 Z) × U(Z/pe2

2 Z) × · · · × U(Z/perr Z)

Thus it is enough to describe the multiplicative group U(Z/pe1Z) where p is a prime.

First a lemma from group theory:

4.6. Lemma. Suppose H is a group of order n. Assume the for all d dividing n the setx ∈ H : xd = 1 has at most d elements. Then H is cyclic.

Proof. Let d | n. IF there exists and element y ∈ H of order d then the ⟨y⟩ = 1, y, · · · , yd−1is a cyclic subgroup of order d and each of its elements satisfy the equation xd = 1. So thesemust be all the elements satisfying the equation. So the elements of order d in the group areprecisely the generators of the cyclic group ⟨y⟩ and there are ϕ(d) of these. So the elementsof order d in H are either 0 or ϕ(d). If this number was zero for some d | n, then the totalnumber of elements in the group is strictly less than

∑d|n ϕ(d) = n which is not possible. So

there must be an element of order d for each d | n, in particular one of order n. 4.7. Corollary. The multiplicative group of a finite field is cyclic.

Proof. If F is a finite field F ∗ = F \ 0 satisfies the condition of the lemma, since apolynomial of degree d in can have at most d solutions in a field.

Definition: Let a and n be relatively prime integers. We say that a has order d modulon if a has order d in the group U(Z/nZ), i.e. r is the smallest positive integer such thatar ≡ 1 mod n. An integer a is called a primitive root modulo n if a generates U(Z/nZ), i.e.it has order ϕ(n) modulo n U(Z/pZ) is a cyclic group of order p − 1. So primitive rootsmodulo p exist.

4.8. Theorem. (a) Let p be an odd prime. Then The group U(Z/prZ) is cyclic.(b) The group U(Z/2rZ) is the direct product of the group 1,−1 of order 2 with a cyclicgroup of order 2r−2 which can generated by 5.

Proof. (a) Let g be a primitive root modulo p. We claim that either g and g+p is a primitiveroot modulo p2. Both g and g + p have order divisible by (p− 1) in U(Z/p2Z). Since bothof them have order p− 1 in U(Z/pZ). Now

(g + p)p−1 − gp−1 ≡ (p− 1)pgp−2

which is not divisible by p2 Since both p − 1 and gp−2 are relatively prime to p. So both gand g+ p cannot have order p− 1, hence one of them must have order p(p− 1) (Note: Sinceϕ(p2) = p(p− 1) the only possible orders are 1, p− 1, p or p(p− 1)). Thus either g or g + pis a primitive root modulo p2.

Suppose g is a primitive root modulo p2. We claim that it is also a primitive root modulopr for all r. Note that the order of g in U(Z/prZ) is divisible by p(p − 1) and is a factorof pr−1(p − 1), i.e. it the order is equal to pd(p − 1) of some d ≥ 1. Let a = gp−1. Bylittle Fermat gp−1 ≡ 1 mod p, while, since g is a primitive root modulo p2, p2 - gp−1 − 1. Soordp(a− 1) = 1. We claim that

op(a− 1) = 1 =⇒ op(apm − 1) = m+ 1 (10)

13

We complete the proof assuming the above equation. Recall g has order pd(p− 1) for some

d in U(Z/prZ) and a = gp−1. So pr | apd − 1. But then, equation (??) implies r ≤ d + 1.So the order of g in is U(Z/prZ) is pd(p − 1) ≥ pr−1(p − 1) which is the size of the groupU(Z/prZ). We conclude that g is a primitive root modulo pr.

It remains to prove formula (??). This is done by induction on m. First we need to proveop(a

p − 1) = 2. For this, write ap − 1 = (a− 1)s1 where

s1 = p+

p−1∑j=1

(aj − 1) = p+ (a− 1)s2

where

s2 = 1 + (1 + a) + (1 + a+ a2) + · · · + (1 + a+ · · · + ap−2)

= (p− 1) + (p− 2)a+ (p− 3)a2 + · · · + ap−2

= p(p− 1)/2 + (p− 2)(a− 1) + (p− 3)(a2 − 1) + · · · + (ap−2 − 1)

So p | s2, hence p2 | (a− 1)s2. It follows that op(s1) = 1 which in turn gives op(ap − 1) = 2.

For d ≥ 1 we have apd+1 − 1 = (apd − 1)b where

b =

p−1∑r=0

(apd

)r = p+

p−1∑r=1

((apd

)r − 1) = p+ (apd − 1)s (11)

for some s. If d ≥ 1 then by induction hypothesis p2 | (apd − 1), so equation (??) shows

op(b) = 1. Since apd+1 − 1 = (apd − 1)b, we have op(apd+1 − 1) = op(a

pd − 1) + op(b) =

op(apd − 1) + 1. This completes the proof by induction.

(b) We claim that o2(52d − 1) = d + 2 for all d. For d = 0, 1 this is clear. For d ≥ 2 this

follows by induction from 52d − 1 = (52d−1 − 1)(52d−1+ 1) Since the second term has order 1

modulo 2. The group U(Z/2rZ) has order 2r−1. Suppose order of 5 in U(Z/2rZ) is 2d. Then

2r | 52d − 1 which forces r ≤ d + 2. So the order of 5 in U(Z/2rZ) is at least 2r−2, so themultiplicative group group generated by 5 is equal to 1, 5, 9, · · · , 2r − 3.

14

5. Some generalities on field extensions

5.1. Field extensions: In what follows, let K and L be fields and K ⊆ L. We say L/K isa field extension and L is an extension of K. We shall use the same language if L containsa subfield isomorphic to K. Let K be contained in a ring R and m be a maximal ideal of R.Then L = R/m is a field. Since K ∩ m = 0, we see that the composition K → R → R/m isinjective, hence L/K is a field extension. If L/K is a field extension L is a vector space overK. The dimension of this vector space is called the degree of the extension and denoted by[L : K].

We say an L/K is a finite extension if [L : K] is finite. Let K ⊆ L and L ⊆ M be finiteextensions. If a1, a2, · · · , am is a basis for L as a K vector space and b1, · · · , bn is a basis forM as a L vector space then aibj, for i = 1, · · · ,m and j = 1, · · · , n is a basis for M as a Kvector space. So K ⊆M is finite and [M : K] = [M : L][L : K].

5.2. Algebraic extensions An element a ∈ L called algebraic overK if there exists p ∈ K[x]such that p(a) = 0. Call L/K an algebraic extension if each element of L is algebraic overK. If L/K is finite then for each a ∈ L, the elements 1, a, a2, · · · cannot be all linearlyindependent over K, so a must satisfy a polynomial over K. Thus finite extensions arealgebraic.

5.3. Minimal polynomial: Suppose L/K is an algebraic extension and a ∈ L. LetK[a] and K(a) be respectively the subring and subfield of L generated by K and a. Letϕ : K[x] → K[a] be the surjective homomorphism obtained by sending x to a. Since K[x]is a PID ker(ϕ) = (p) for some polynomial p. Since a is algebraic over K the kernel of ϕis non-zero, and since K[a] is an integral domain, ker(ϕ) is a prime. So ker(ϕ) = (p) is amaximal ideal in K[X] and hence K[α] ≃ K[x]/(p) is a field. So we have

K[x]/(p) ≃ K[a] = K(a)

The polynomial p, obtained as a generator for the kernel of the homomorphism from K[x]to K(a) is unique upto multiplication by nonzero elements of K and is the polynomial ofminimal degree such that p(a) = 0. We call p the minimal polynomial of a. If p has degreed then 1, a, a2, · · · , ad−1 forms a basis of K(a) as a K vector space. Hence [K(a) : K] = d.Conversely we have the following

5.4. Proposition. Let p be an irreducible polynomial of degree d in K[x]. Then there existsa extension L/K of degree d and a ∈ L such that p(a) = 0 and L = K(a).

Proof. Let L = K[x]/(p). Let ϕ : K[x] → K[x]/(p) be the surjection. The compositionK → K[x] → L = K[x]/(p) is injective showing that L/K is a field extension. Let a = ϕ(x).Then L = K[a] and p(a) = 0 holds in L. 5.5. Construction of an algebraic closure (Following Artin) Let F be a field. we saythat F if F does not have any proper algebraic extension, i.e. every polynomial in F [x] splitsinto linear factors.

5.6. Proposition. (a) Let K be a field. There exists an algebraic extension K ⊇ K suchthat F is algebraically closed. We call K an algebraic closure of K.(b) If M ⊇ K is any algebraic extension then there exists an embedding σ : M → K suchthat σ resticted to K is identity.

(c) It follows from (a) and (b) that algebraic closure of K is unique upto isomorphism.15

Proof. Let K0 = K. We shall construct a sequence of fields K0 ⊆ K1 ⊆ K2 ⊆ · · · wherethe later ones are obtained by adjoining roots to the irreducible polynomials in the previousones.

Let fi : i ∈ I be the set of all monic (i.e. leading coefficient equal to 1) irreduciblepolynomials in K[x]. For each such polynomial introduce a variable xi and consider thepolynomial ring R = K0[xi : i ∈ I]. Let P be ideal in R generated by fi(xi) : i ∈ I. Theideal P is a proper (Why?). Let m be a maximal ideal containing P . Let K1 = K[xi : i ∈I]/m. Now repeat the process with K1 instead of K0, and inductively we have a sequence offields K0 ⊆ K1 ⊆ K2 ⊆ · · · . Let K = ∪∞

i=1Ki. By construction, each irreducible polynomialin Ki[x] has a root in Ki+1. Given any p ∈ K[x] there exists n such that all the coefficientsof p are in Kn, so p has a root in Kn+1, i.e. in K. This proves part (a)

Given M ⊇ K algebraic let L = (L, σ) : M ⊇ L ⊇ K,σ : L → K. Define a partialorder on L by defining (L, σ) ≤ (L′, σ′) if L ⊆ L′ and σ′|L = σ. The set L is nonemptysince (K, id) belongs to it. Given any chain (L1, σ1) ≤ (L2, σ2) ≤ · · · in L let L∗ = ∪Li andlet σ∗ : L∗ → K be defined by σ|Li

= σi. Then (L∗, σ∗) is an upper bound of the chain inL. So there exists a maximal element in L, say (L0, σ0). We claim that L0 = M . If notpick an element a ∈ M \ L0. Since M/L0 is algebraic L0(a)/L0 is a finite extension. Letp ∈ L0[x] be the minimal polynomial of a. Pick a root a′ of σ0(p) in K (which exists sinceK is algebraically closed). Now one can check that sending a to a′ gives an embedding ofL0(a) into K which extends σ0. This proves part (b). 5.7. Remark. An automorphism of a field L is a map σ : L → L that preserves addition,multiplication and inverse and is one to one and onto. Let L/K be a field extension. Let Gbe a group of automorphisms of L that fix K pointwise, (i.e. g(x) = x for all x ∈ K andg ∈ G. Then the elements of L fixed by G, denoted by LG, forms a subfield of L containingK, called the fixed field of G. In particular, if σ is an automorphism of L that fix K, theelements of L fixes by σ is denoted by Lσ.

6. Finite fields

6.1. Let F be a field. The smallest natural number n, such that n.1 equals zero in F , iscalled the characteristic of F . If no such number exists then F is said to be of characteristiczero. If F has finite characteristic then the characteristic must be a prime number. Let pis a prime number and 1 ≤ d ≤ p − 1. The map (e 7→ de mod p) from 1, 2, · · · , p − 1 toitself is one to one, so there is an e such that de ≡ 1 mod p. Thus the set of natural numbersmodulo p is a finite field that we shall denote by Fp. The multiplicative grop of Fp is cyclicof order p − 1, so every x ∈ X satisfies xp = x. So, if F is any field that contain Fp thenσ : F → F defined by

σ(x) = xp

is an automorphism of F that fix Fp.Let F be a finite field having q elements, q being a natural number. Then F must have

finite characteristic, say p and hence F contains Fp. Let [F : Fp] = n. Then q = pn. Recallthat the multiplicative group of F is cyclic of order q − 1. So every x ∈ F satisfies theequation xq − x = 0.

6.2. Lemma. Let Fd be the product of all the monic irreducible polynomials of degree d inFp[x]. Then we have xpn − x =

∏d|n Fd(x).

16

Proof. Since Fp[x] is an UFD, xpn − x can be written uniquely as a product of monic ir-reducible polynomials which are all distinct, since the derivative of d

dx(xpn − x) = −1 is

non-zero. So, it is enough to show that an irreducible polynomial f of degree d dividesxpn − x if and only if d | n.

Let K = Fp[x]/(f) = K(a) where a = 0 is a root of f in K. Since K has order pd, the

element a must satisfy the equation xpd−1 − 1 = 0, Since f , is minimal polynomial of a overFp, one has f | xpd−1 − 1.

Suppose d | n. Then xpd−1 − 1 | xpn−1 − 1, so f is an irreducible factor of xpn−1 − 1.Conversely, suppose f | xpn − x. Since f(a) = 0, one has apn

= a, i.e. a is fixed by theautomorphism σn : K → K. Since a generates the extension K, the automorphism σn fixesall of K, i.e. bp

n= b for all b ∈ K. Let u be a generator for the multiplicative group of K.

Then u has order pd − 1. But upn−1 = 1 too. So pd − 1 | pn − 1 and hence d | n. 6.3. Proposition. There exists an irreducible polynomial in Fp[x] of any given degree d ≥ 1.

Proof. Let Nd be the number of monic irreducible polynomials of degree d in Fp[x]. Thencounting degrees in the formula proved in the previous lemma we have pn =

∑d|n dNd. By

Mobius inversion, it follows that nNn =∑

d|n µ(n/d)pd. The right hand side has atleast onenonzero term pn and is a sum of distinct powers of p with co-efficient ±1, so it cannot bezero. 6.4. Theorem. Let p be any prime number, n be any natural number and q = pn.(a) There exists a finite field of order q.(b) Let Ω = Fp be a fixed algebraic closure of Fp. Then there is a unique subfield Fq of Ω oforder q. It is the set of roots of the polynomial xq − x = 0.(c) All finite fields of with q = pn elements are isomorphic to Fp.

Proof. By previous proposition, there exists an irreducible polynomial f of degree n in Fp[x],so Fp[x]/(f) is a finite field of order pn. This proves (a). Alternatively let Fq be the setof solutions of the polynomial xq − x in Ω. As already noted, the derivative of xq − x isnonzero in Fp[x], so it has distinct roots. So Fq has q elements. Note that σn : x 7→ xq is anautomorphism of Ω and apn − a = 0 is equivalent to σn(a) = a, i.e. Fq is a field, namely thefixed field the automorphism σn. This gives another proof of (a).

Let F is any subfield of Ω with q elements. Since the multiplicative group of F is cyclicof order q − 1, every element of F satisfies xq = x, thus belongs to Fq. Since both Fq and Fhave q elements, one has F = Fq. This proves (b).

Any field with pn elements contains Fp, hence is an algebraic extension of it, consequentlycan be embedded in Ω. The image of this embedding, being a subfield of Ω with q elements,must equal Fq. This proves (c)

17

7. Two proof of quadratic reciprocity (From Serre: Course in arithmetic)

Let q = pn be a power of a prime number p.

7.1. Lemma. (a) If p = 2 then all elements of Fq are squares.(b) If p = 2 then the squares form a subgroup of order 2 in F∗

q, namely the kernel of the

homomorphism x 7→ x(p−1)/2 from F∗p to ±1.

Proof. Case (a) follows from the fact that x 7→ x2 is an automorphism of F2n . In case (b),let Ω be the algebraic closure of Fq. Given x ∈ F∗

q let y ∈ Ω such that y2 = x. We have

yq−1 = x(q−1)/2 = ±1 since xq−1 = 1. It follows x is a square if and only if y ∈ Fq i.e.yq−1 = 1. Hence (F∗

q)2 is the kernel of x 7→ x(q−1)/2. Since F∗

q is cyclic of order q − 1 thekernel is of index 2.

7.2 The Legendre symbol

Let p be prime number not equal to 2 and x ∈ F∗p. Define the Legendre symbol

(xp

)to be

equal to one if x is a square in F∗p and equal to −1 otherwise , in other words

(xp

)= x(p−1)/2.

Extend the definition by letting(

0p

)= 0. If x is an integer which has image x′ in Fp one

writes(

xp

)=

(x′

p

). One has

(xyp

)=

(xp

)(yp

). If x ∈ F∗

p has a square root y in the algebraic

closure Ω of Fp then(

xp

)= yp−1.

7.3. Lemma. One has, −1 is a square modulo p if and only if p ≡ 1 mod 4 and −2 is asquare modulo p if and only if p ≡ ±1 mod 8. In other words(−1

p

)= (−1)(p−1)/2 and

(2p

)= (−1)(p2−1)/8.

Proof. The equation x2 = −1 holds in F∗p if and only if x has order 4 in the multiplicative

group (F∗q)

2 ≃ Z/(p− 1)Z. Such an x exists if and only if 4 | p− 1. This proves (a).

Let α be a primitive 8-th root of unity in an algebraic closure Ω of Fq. Since α4 − 1 = 0,we have α4 +1 = 0 and hence α2 +α−2 = 0. It follows that the element y = α+α−1 satisfiesy2 = 2. We have

yp = αp + α−p (12)

If p ≡ ±1 mod 8 equation (??) implies yp = y, so(

2p

)= yp−1 = 1. If p ≡ ±5 mod 8 then

yp = α5 + α−5 = −(α+ α−1) = −y, so(

2p

)= yp−1 = −1.

7.4. Gauss sums

Fix a primitive l-th root of unity w in a algebraic closure of Fp. If x ∈ Fl the element wx

is well defined since wl = 1. Define the quadratic Gauss sum

y =∑x∈Fl

(xl

)wx

We shall need two formulas involving Gauss sums. First we claim that in Fp the followingequation holds:

y2 = (−1)(l−1)/2l. (13)18

proof of (??). We have

y2 =∑x,z

(xzl

)wx+z =

∑u∈Fl

wu∑t∈Fl

(t(u−t)

l

)where Cu =

∑t∈F∗

l

( t(u−t)l

). If t = 0 we have(

t(u−t)l

)=

(−t2

l

)(1−ut−1

l

)= (−1)(l−1)/2

(1−ut−1

l

)Letting Cu =

∑t∈F∗

l

(t(u−t)

l

), it follows that (−1)(l−1)/2y2 =

∑u∈Fl

Cuwu. If u = 0, then

C0 =∑

t∈F∗l

(1l

)= l − 1; otherwise s = 1 − ut−1 runs over Fl \ 1 as t runs over F∗

l . So

Cu = −(

1l

)+

∑s∈Fl

(sl

)= −

(1l

)= −1

since Fl has equal number of squares and non-squares. Hence∑

u∈FlCuw

u = l − 1 −∑u∈F∗

lwu = l − (1 + w + w2 + · · · + wl−1) = l.

Next, since Ω has characteristic p we have

yp =∑x∈Fl

(xl

)wxp =

∑z∈Fl

(zp−1

l

)wz =

(p−1

l

)y =

(pl

)y

It follows that

yp−1 =(

pl

)(14)

7.5. Theorem (Gauss’ quadratic reciprocity law). Let l and p be distinct odd primes. Then(lp

)= (−1)(p−1)(l−1)/4

(pl

).

Proof. Equation (??) says that y is a square root of (−1)(l−1)/2l in the algebraic closure

Ω. Hence( (−1)(l−1)/2l

p

)is equal to yp−1, which, from equation (??) is equal to

(pl

). But(

(−1)(l−1)/2

p

)= (−1)

l−12

p−12 . Hence(

pl

)= yp−1 =

( (−1)(l−1)/2lp

)= (−1)

l−12

p−12

(lp

)

7.6 Gauss’ lemma and Eisenstein’s proof of Quadratic reciprocity

Let p be an odd prime and let S be a subset of F∗p such that F∗

P is a disjoint union of S

and −S. Here we shall take S = 1, 2, · · · , s−12. If s ∈ S and a ∈ F∗

p we can write as is theform as = es(a)sa where es(a) ∈ ±1 and sa ∈ S. Gauss’s lemma states that(

ap

)=

∏s∈S

es(a) (15)

proof of equation (??). Is s and s′ are two distinct element of S then sa = s′a (for otherwises = ±s′ contrary to the choice of S). This shows that s → sa is a bijection from S ontoitself. Multiplying the equalities as = es(a)sa, we obtain,

a(p−1)/2∏s∈S

s =∏s∈S

es(a)∏s∈S

sa =∏s∈S

es(a)∏s∈S

s

19

Hence a(p−1)/2 =∏

s∈S es(a) which proves the formula (??) on account of the fact that(ap

)= a(p−1)/2.

7.7. Example. Using Gauss’ lemma with a = 2 and S = 1, 2, · · · , p−12 we can prove(

2p

)= (−1)(p2−1)/8.

We have es(2) = 1 if 2s < (s − 1)/2 and es(2) = −1 otherwise. From this we get(

2p

)=

(−1)n(p) where n(p) is the number of integers s such that (p− 1)/4 < s ≤ (p− 1)/2. If p isof the form 4k + 1 or 4k − 1 then n(p) = k. From this we recover the fact that

(2p

)= 1 if

p ≡ ±1 mod 8 and equal to −1 if p ≡ ±5 mod 8.

To prove the quadratic reciprocity law we shall use the following trigonometric formula:for an odd positive integer m, one has

sinmx

sin x= (−4)(m−1)/2

(m−1)/2∏j=1

(sin2 x− sin2(2πj/m)). (16)

proof of equation (??). Let t = eix. We have

sinmx

sin x=tm − t−m

t− t−1= tm−1 + tm−3 + · · · + t−(m−3) + t−(m−1) =

(m−1)/2∑j=1

(t2j + t−2j)

Using the binomial expansion of (t2 + t−2)j we can prove by an easy induction that each(t2j + t−2j) is a polynomial of degree j in t2 + t−2. Since sin2 x = −(t2 + t−2 − 2)/4 wefind that sinmx/ sinx is a polynomial of degree (m − 1)/2 in sin2 x. Now note that thispolynomial has (m − 1)/2 distinct roots sin(2πj/m). The factor (−4)m−1 is obtained bycomparing coefficients of ei(m−1)x on both sides. 7.8 Completion of the proof of quadratic reciprocity

Proof. Let l and p be distinct odd primes. As before, let S = 1, 2, · · · , p−12 and T =

1, 2, · · · , l−12. From Gauss’ lemma (??) we get

(lp

)=

∏s∈S es(l). Now the equality ls =

es(l)sl shows that sin(2πls/p) = es(l) sin(2πsl/p). Multiplying these together and using thefact that s 7→ sl is a bijection we obtain(

lp

)=

∏s∈S

es(l) =∏s∈S

sin(2πls/p)

sin(2πs/p)

Now, using the trigonometric formula (??) for m = l we get(lp

)=

∏s∈S

(−4)(m−1)/2∏t∈T

(sin2(2πsp

) − sin2(2πtl

)) = (−4)l−12

p−12

∏s∈S,t∈T

(sin2(2πsp

) − sin2(2πtl

))

Interchanging l and p in the last expression sends each factor in the product to its negative.Since there are (l − 1)(p− 1)/4 terms in the product we have

(lp

)(pl

)= (−1)(l−1)(p−1)/4.

20

8. Gauss sums and Jacobi sums

8.1. Characters of F∗p: Recall that G = F∗

p is cyclic group of order p−1. Fix a generator gof G. A (multiplicative) character of G is a homomorphism χ : G→ C∗. Clearly the values ofsuch a χ are contained in the set of p−1 roots of unity, χ(1) = 1 and χ(x−1) = χ(x)−1 = ¯χ(x).Let ϵ be the trivial character : ϵ(x) = 1 for all x ∈ Fp. We shall extend the domain of thecharacters to Fp by defining χ(0) = 0 if χ = ϵ and ϵ(0) = 1.

If χ and η are characters, let (χη)(x) = χ(x)η(x). Then the set of characters, denoted G∨

becomes a group with identity element ϵ and χ−1(x) = χ(x)−1. This is called the dual groupof G. Note that ∑

a∈F∗P

χ(a) =

p− 1 if χ = ϵ

0 otherwise(17)

8.2. Lemma. The group of characters of F∗P is again a cyclic group of order p− 1. If a = 1

then there is a character χ such that χ(a) = 1.

Proof. A character χ is determined by its value on g. If χ(g) = exp(2πir/(p−1)) then χ 7→ ris an isomorphism from the group (F∗

p)∨ to Z/(p−1)Z. The character ξ(g) = exp(2πi/(p−1))

is a generator of the group of characters. (Actually we just showed that for any m ∈ N, Thedual of Z/mZ is isomorphic to Z/mZ.)

If a = 1 then a = gr for some proper divisor of p− 1, so ξ(a) = exp(2πir/(p− 1)) = 1. 8.3. For each a ∈ G, the function ea(χ) = χ(a) defines a character of the dual group G∨,hence we have a homomorphism e : G→ G∨∨. If η = χ are two characters then there existsan a such that (ηχ−1)(a) = 1, i.e. χ(a) = η(a); hence the above map e is injective. Sincedual of G∨ is again isomorphic to Z?(p−1)Z, so it again has p−1 elements. Hence e definesa canonical isomorphism G → G∨∨. THe formula (??) now applied to the character ea ofthe group G∨ now gives ∑

χ∈(F∗p)∨

χ(a) =

p− 1 if a = 1

0 otherwise(18)

The following lemma shows that characters can be useful in studying solutions of equationsover finite fields. For a ∈ Fp, let N(f(x1, · · · , xn) = a) denote the number to solutions ofthe equation f(x1, · · · , xn) = a where xi ∈ Fp.

8.4. Lemma. We have N(xn = a) =∑

χ:χn=ϵ χ(a).

Proof. If a = 0 the formula is obvious. Assume a = 0. From (??) it follows that, for eachx ∈ F∗

p we have ∑χ

χ(x−na) =

p− 1 if xn = a

0 otherwise

Adding these over all x ∈ F∗p we get

(p− 1)N(xn = a) =∑x,χ

χ(x−na) =∑

χ

χ(a)∑

x

χ(x−n) =∑

χ

χ(a)∑

x

χn(x)

From (??) it follows that∑

x χn(x) is equal to p−1 whenever χn = ϵ and equal to 0 otherwise.

Hence (p− 1)N(xn = a) = (p− 1)∑

χ:χn=ϵ χ(a). 21

8.5. Gauss Sums: Let ζ = e2πi/p be a primitive p-th root of unity. Let χ be a characterof F∗

p and a ∈ F∗p. Define the Gauss sum

ga(χ) =∑t∈Fp

χ(t)ζat

Since ζ is a p-th root of unity ζa makes sense for a ∈ Fp.

8.6. Lemma. Let a ∈ F∗p and χ = ϵ. Then

g0(ϵ) = p g0(χ) = 0

ga(ϵ) = 0 ga(χ) = χ(a−1)g1(χ)

Proof. The first two equations follow from (??). For the third note that S =∑

t∈Fpζat =

ζa∑

t∈Fpζa(t−1) = ζaS since, as t varies over Fp, so does t − 1. Since ζa = 1, we must have

S = 0.For the final equation substitute u = at to get ga(χ) =

∑u∈Fp

χ(ua−1)ζu =

χ(a−1)∑

u∈Fpχ(u)ζu = χ(a−1)g1(χ).

From now on we shall write g(χ) = g1(χ).

8.7. Lemma. If χ = ϵ then |g(χ)| =√p.

Proof. We calculate the sum S =∑

a∈Fpga(χ)ga(χ) in two different ways. Using the last

equation from the above lemma, we have

S =∑a =0

χ(a−1)g(χ)χ(a−1)g(χ) = (p− 1)|g(χ)|2

On the other hand

S =∑

a

∑x,y

χ(x)χ(y)ζa(x−y) =∑x,y

χ(x)χ(y)∑

a

ζa(x−y)

The inner sum over a is equal to 0 whenever x = y and is equal to p otherwise. HenceS = p

∑x χ(x)χ(x) = p(p− 1). Comparing the two expressions for S the result follows.

8.8. Quadratic Gauss Sum: Since the character group of Fp is cyclic there is a uniquecharacter of order 2, the quadratic character given by Legendre symbol: χ(a) =

(ap

). Let

ga(χ) =∑

t

(ap

)ζat be the quadratic Gauss sum Then

ga(χ) =∑

t

(tp

)ζ−at =

∑s

(−sp

)ζst =

(1

p

)ga = (−1)(p−1)/2ga(χ)

It follows thatg(χ)2 = (−1)(p−1)/2p

Hence g(χ) = ±√p if p ≡ 1 mod 4 and is g(χ) = ±i√p if p ≡ −1 mod 4. Infact one can

show that the positive sign always holds.

8.9. Jacobi sums: Let χ and λ be two characters of Fp. Define the Jacobi sum

J(χ, λ) =∑a∈Fp

χ(a)λ(1 − a)

22

We shall state a lemma about calculating these sums and then discuss a couple of applica-tions.

8.10. Lemma. Let χ and λ be two differenet non-trivial characters. One has J(ϵ, ϵ) = p,J(ϵ, χ) = 0, J(χ, χ−1) = −χ(−1) and

J(χ, λ) = g(χ)g(λ)/g(χλ)

Proof. The proofs of the first equation is obvious. The second one is a restatement of (??).Next we calculate J(χ, χ−1):

J(χ, χ−1) =∑a =0

χ(a)χ−1(1 − a) =∑a =0

χ−1(a−1 − 1) =∑t=−1

χ−1(t) = −χ−1(−1)

For the final equation, note

g(χ)g(λ) =∑x,y

χ(x)λ(y)ζx+y =∑

t

ζt∑

x+y=t

χ(x)λ(y)

If t = 0 the sum∑

x+y=t χ(x)λ(y) is equal to∑

x χ(x)λ(−x) = λ(−1)∑

x(χλ)(x) = 0, sinceχλ = ϵ. If t = 0 then∑

x+y=t

χ(x)λ(y) =∑

x

χ(x)λ(t− x) = λ(t)∑

x

χ(x)λ(1 − t−1x)

= λ(t)∑

u

χ(ut)λ(1 − u) = (χλ)(t)J(χ, λ).

The last equation now follows. 8.11. Since the character group is cyclic the only characters χ such that χ2 = ϵ are the trivialand the quadratic character. So, given a ∈ Fp by lemma ?? says N(x2 = a) = 1+

(ap

), which

just says that x2 = a has two solution if(

ap

)= 1 and no solution otherwise.

Next we try to calculate N(x2 + y2 = 1). Note that N(x2 + y2 = 1) =∑

a+b=1N(x2 =

a)N(y2 = b) =∑

a(1 +(

ap

)+

(1−a

p

)+

(ap

)(1−a

p

). Since

∑a

(ap

)=

∑a

(1−a

p

)= 0

N(x2 + y2 = 1) = p+∑a∈Fp

(ap

)(1−a

p

)= p+ J(χ, χ)

where χ denotes the quadratic character. Since χ2 = ϵ, we have |J(χ, χ)| = |g(χ)g(χ)/g(ϵ)| =1. So N(x2 + y2 = 1) is equal to p+ 1 or p− 1.

Next consider the equation x3 + y3 = 1. If p ∼= 2 mod 3 then there are no nontrivialcharacters of order 3 (since gcd(3, p − 1) = 1), so N(x3 = a) = 1 for all a. In this caseN(x3 + y3 = a) =

∑a+b=1N(x3 = a)N(y3 = b) = p.

If p ∼= 1 mod 3 then let χ be a non-trivial character of order 3, then 1, χ and χ2 = χ−1 = χare the characters such that χ3 = ϵ. So, from lemma ?? we get N(x3 = a) = 1+χ(a)+χ2(a).Hence

N(x3 + y3 = a) =∑

a+b=1

N(x3 = a)N(y3 = b) =∑

a+b=1

(1 + χ(a) + χ2(a))(1 + χ(b) + χ2(b))

= p+ 2J(χ, χ) + J(χ, χ) + J(χ, χ)

= p− 2 + 2 Re(J(χ, χ))

23

Since J(χ, χ) = −χ(−1) = −χ3(−1) = −1. Now, J(χ, χ) = g(χ)2/g(χ2), so |J(χ, χ)| =√p.

It follows that|N(x3 + y3 = 1) − (p− 2)| =

√p

8.12. Theorem. Let p be an odd prime. (a) The equation a2 + b2 = p has a integer solutionif and only if p ≡ 1 mod 4. (b) The equation a2 − ab + b2 = p has integer solution if andonly if p ≡ 1 mod 3.

Proof. The square of an integer is 0 or 1 modulo 4. So a2 + b2 is 0, 1 or 2 modulo 4. So,if a2 + b2 = p has a solution then one must have p ≡ 1 mod 4. If p ≡ 1 mod 4, the orderof the character group of F∗

p is divisible by 4. Let χ be a character of F∗p of order 4. Since

χ4 = ϵ, the values of χ are ±1 or ±i, Hence J(χ, χ) = a+ bi ∈ Z[i]. Now Since χ and χ2 isnontrivial g(χ) and g(χ2) has absolute value

√p. So p = |J(χ, χ)|2 = a2 + b2.

Note that a2 − ab + b2 = (a − b)2 + 3ab and a square is always 0 or 1 modulo 3, henceso is a2 − ab + b2. Now, given p ≡ 1 mod 3 there exists a character of F∗

p of order 3 whose

possible values are 1, ω and ω2. So the Jacobi sum J(χ, χ) = a + bω. It follows thatp = |J(χ, χ)|2 = a2 − ab+ b2.

24

9. Some more field theory: Seperable and Galios extensions

9.1. Notaions and definitions: Let L/K be a field extension. Fix an algebraic closureK of K. Let a ∈ L and let p(x) ∈ K[x] be a minimal polynomial of a. A root of p in Kis called a conjugate of a. So a has atmost d = degp many conjugates. Say that a is anseperable element (over K) if the minimal polynomial p has d distinct roots, i.e. a has dconjugates. Call the extension L/K seperable if each x ∈ L is seperable.

Let L ⊇ K be an extension with [L : K] = n. Let [L : K]s be the number of embeddingsσ : L → K fixing K (i.e. σ restricted to K is identity). This number is called the seperabledegree of L/K.

9.2. An extension M/K is called a simple extension if M can be generated by one element,i.e. M = K(a) for some a ∈ M . Let a1, a2, · · · , ar be the distinct conjugates of a, i.e. theroots of the minimal polynomial p. An embedding σ : M → K sends a to a conjugate of ai

since p(a) = 0 implies p(σ(a)) = 0. Conversely for each conjugate ai one gets an embeddingof M → K by sending a to ai. So the seperable degree of K(a)/K is equal to the number ofconjugates of a, i.e. r. Thus, for a simple extension, one has [M : K]s ≤ deg(p) = [M : K].If M/K is seperable then p must have deg p many distinct roots, so [M : K]s = [M : K].

9.3. Lemma. Let L/K be an algebraic extension and let M be a field such that L ⊇M ⊇ K.(a) Then one has [L : K]s = [L : M ]s[M : K]s.(b) L/K is seperable if and only if L/M and M/K are seperable.(c) One has [L : K]s ≤ [L : K] and equality holds if and only if L/K is seperable.

Proof. Fix an algebraic closure M ⊇ M . Let τ : M → K be an embedding fixing K. Byuniqueness of algebraic closure upto isomorphism there exists an isomorphism µ : M → Kwhose restriction to M is τ . Choose an embedding λ : L → M fixing M . then σ = µ λ isan embedding of L→ K that extend τ . The number of such σ is the same as the number ofλ : L → M which is [L : M ]s. In other words, each embedding M → K can be extended toan embedding L → K in [L : M ]s ways. conversely each embedding σ : L → K arises thisway, as an extension of the embedding σ|M : M → K. This proves part (a).

Suppose L/K is seperable. Since each x ∈ M is also an element of L the minimalpolynomial of x must have distinct roots, so M/K is seperable. Now let y ∈ K. Theminimal polynomial of y over M is a factor of its minimal polynomial over K, so must havedistinct roots, whence L/M is seperable too. This proves one implication of (b).

Pick a ∈ L \K and let M = K(a). By the paragraph preceeding the Theorem we have[M : K]s ≤ [M : K]. Since [L : M ] < [L : K], by induction we may assume [L : M ]s ≤ [L :M ]. Using part (a) we now get [L : K]s = [L : M ]s[M : K]s ≤ [L : M ][M : K] = [L : K]. IfL/K is seperable, then [L : K] = [L : K]s follows by similar induction.

Conversely, suppose [L : K] = [L : K]s. To finish the proof of (c) we have to showthat, for each a ∈ L, the minimal polynomial p(x) of a has deg(p) many distinct roots. LetM = K(a). From our assumption that [L : K] = [L : K]s we get [L : M ][M : K] = [L :M ]s[M : K]s. Since the seperable degree is always less than equal to the degree, one musthave [M : K] = [M : K]s. So the minimal polynomial p of a must have [M : K] = deg pmany distinct roots. This finishes part (c).

If L/M and M/K are seperable, then [L : M ]s = [L : M ] and [M : K]s = [M : K], so[L : K]s = [L : K] which, now implies L/K is seperable, thus proving the other implicationof (b).

25

9.4. Example. Let K be a field of characteristic zero. Then any algebraic extension L/Kis seperable. proof: Let p(x) be the monic minimal polynomial of a. Then the derivativep′(x) = 0. If p has a repeated root in K then p and p′ would have a a common factor, whichimplies, p | p′ since p is irreducible, hence a prime. But this is impossible since p′(x) is anonzero polynomial of degree less than p(x).

Any algebraic extension K/Fq is also seperable. For a ∈ K, the field Fq(a) is again a finitefield, so Fq(a) ≃ Fqn for some n. So a satisfies the polynomial xqn − x, which, as we knowhas all distinct roots.

standard example of nonsep. extn is Fp(t) ⊆ Fp(t1/p)).

9.5. Theorem (Primitive element theorem). If L/K is seperable. Then there is an γ suchthat L = K(γ).

Proof. If K is finite then we know this from the structure theorem for finite fields. So assumethat K is infinite. Let L = K(α, β) be a seperable extension of degree n. Then there aren distinct embeddings σ1, · · · , σn of L in K. We want to produce an element γ ∈ Lwhich has n distinct conjugates because then K(γ) = L. The trick is to look at the nonzeropolynomial P (x) =

∏i=j(σiα − σjα + X(σiβ − σjβ)). There is a c in K such that P (c) is

nonzero which implies that γ = (α+cβ) has n distict images under the σi, i.e. has n distinctconjugates. 9.6. Lemma. If E is an algebraic seperable extension of k such that every element of E hasdegree less than of equal to n then [E : k] ≤ n.

Proof. Pick α so that [k(α) : k] = m is maximal. If β is E but not in k(α) then k(α, β) haslarger degree. But by primitive element theorem this extension is also simple with degreelarger than m contradicting maximality of m. So E = k(α).

An extension L/K is normal if any irred. poly. in K splits in L into linear factors;equivalently if any embedding of L in Kalg over K is an automorphism of L.(example of notnormal extension: Q ⊆ Q(21/3)) An extension L/K is Galois if its normal and seperable.G = gal(L/K) is the Galois group: the group of automorphisms of L over K. Since theseperable degree is less than or equal to the degree n of the field extension the size of theGalois group is also bounded by the same number n. For a field F with K ⊆ F ⊆ L its easyto see that L/F is both normal and seperable while F/K is seperable.

9.7. Theorem (Fundamental theorem of Galois theory). The map F 7→ gal(L/F ) = Hsets up a inclusion reversing bijection (the Galois correspondence) from the subfields of Lcontaining K and the subgroups of G, with inverse given by H 7→ LH : the fixed field of H.The extension L/F is Galois with galois group H. The extension F/K is normal (Galois)iff H is normal in G and in that case gal(F/K) = G/H.

Claim: First we show that for a Galois extension K/k with Galois group G, one has KG = k.

proof of the claim. Let α ∈ KG and σ be any embedding of k(α) in kalg fixing k. Then σinduces an automorphism of K and so fixes α. Thus the seperable degree of k(α) over k isone showing that they are equal. Hence the claim.

Coming to the proof of the fundamental theorem, the extension L/F is clearly Galois.If H is the Galois group then F = LH by the above claim. Hence the injectivity of the

26

corresopndence F 7→ gal(L/F ). (note that this part of the theorem holds even for infiniteextensions). The surjectivity follows from Artin’s theorem:

9.8. Theorem (Artin’s theorem). Let G is a finite group of automorphisms of L of order nand k = LG be the fixed field. Then L/k is Galois of degree n with Galois group G.

Proof. Let α in L and σ1, · · · , σr be a maximal set of elements of G with distinct images ofα. Then every element of G permutes the set σ1α, · · · , σrα. So the polynomial f(x) =∏r

i=1(x − σiα) has α has coefficients in k and has α as a root. f splits in L into distinctlinear factors implying L/k is Galois. By the Lemma following Primitive element theoremwe have [L : k] ≤ n. The Galois group of L/k contains G, but the size of the Galois groupis bounded by the degree of the extension we get that G must be the full Galois group.

Now we prove the last part of the fundamental theorem. Let F/K be a normal extension.Then σ 7→ σ|F is a homomorphism from G = gal(L/K) to gal(F/K) with kernel H =gal(L/F ). So H normal subgroup of G. Furthermore any automorphism of F over Kextends to an embedding and hence an automorphism of L showing that G 7→ gal(F/K) isonto proving gal(F/K) = G/H. Conversely if F is not a normal extension then there is anembedding λ of F into L over K such that λF = F . Then gal(F/λK) = λgal(F/K)λ−1 andgal(F/k) are conjugate and belong to distinct subfields F and λF , so they are not equal,showing that gal(F/K) is not normal. This completes the proof of the main theorem.

The normal basis theorem: If L/K is a finite Galois extension and then there is anelement w in L such that its images under gal(L/K) form a basis of L/K.

Proof. For a infinite field K look at the polynomial det(σ−1i σj) as a polynomial function of

the automorphisms σ1, · · · , σn in gal(L/K). This polynomial is nonzero, so find an w in Lwith det(σ−1

i σj(w)) = 0. Now a relation a1σ1(w) + · · · + anσn(w) = 0 with ai in K impliesn linear equations by applying σ−1

i to it. Since ((σ−1i σj(w))) is invertible ai must all be

zero.

27

10. Ring of integers in number field-Trace, Norm, Discriminant andintegral basis

A complex number a is called an algebraic integer if a satisfies a monic polynomial withinteger coefficients.

10.1. Lemma. Let f(x) be the monic minimal polynomial of a over Q. Then a is an algebraicinteger if and only if the coefficients of f(x) are integers.

Proof. Let f be the monic polynomial of minimal degree with integer coefficients such thatf(a) = 0. We claim that f is irredecible in Q[x] i.e. it is the monic minimal polynomial of a.If f(x) is not irreducible, let f = gh is a factorization in Q[x], with g and h monic. Let mand n be the least integers such that the coefficients of mg and nh are integers. If mn > 1let p be any prime dividing it. Reducing the coefficients modulo p in (mn)f = (mg)(nh) weget the equation 0 = ¯(mg) ¯(nh) in Fp[x]. Since Fp[x] is a domain, either mg or nh is zero,which means either all the coefficients of mg are divisible by p or all the coefficients of nhare. But this contradicts the minimality of m or n.

10.2. Proposition. For a complex number a, the following are equivalent.(a) The number a is an algebraic integer.(b) The additive subgroup Z[a] is finitely generated.(c) There is a finitely generated abelian group A ⊆ C such that aA ⊆ A.

Proof. If a is integral, there is some n such that an can be written as a integer linearcombination of ai for i < n. So 1, a, · · · , an−1 generates the additive group Z[x]. Thisproves (a) =⇒ (b). For (b) =⇒ (c) take A = Z[x]. The implication (c) =⇒ (a)requires a trick. Assume (c). Suppose the additive group A is generated by v1, · · · , vn.Then avi =

∑j mijvj for some mij ∈ Z. These n linear equations are equivalent to the

matrix equation (aI −M)v = 0 where v is the column vector with entries v1, · · · , vn andM = ((mij)). So the matrix aI −M is not invertible, and f(a) = det(aI −M) = 0, f beinga monic polynomial in Z[x].

10.3. Corollary. The set of algebraic integers forms a ring.

Proof. Suppose a and b are two algebraic integers. If u1, · · · , un generate Z[a] and v1, · · · , vm

generate Z[b] then the mn numbers uivj generate A = Z[a, b]. Thus A is a finitely generatedadditive subgroup of C such that (a± b)A ⊆ A and (ab)A ⊆ A. This proves (a± b) and abare algebraic integers too.

10.4. Definition. Let A denote set of algebraic integers. A finite extension K of Q is calledan (algebraic) number field. The set of algebraic integers in K, i.e. K ∩ A forms a subringof K called the ring of integers in K, and denoted by OK . This ring is going to be our mainobject of study for a while.

10.5. Definition. Let L/K be an extension of number fields, i.e. Q ⊆ K ⊆ L ⊆ Q,[L : K] = n. Since L/K is seperable there are n distinct embeddings σ1, · · · , σn of L into Cfixing K.

For a ∈ L, define the norm and trace of L relative to K to be NLK(a) =

∏ni=1 σi(a) and

TrLK(a) =

∑ni=1 σi(a) respectively. If K = Q we drop the super and subscripts.

28

10.6. Lemma. Suppose L ⊇M ⊇ K, Let [M : K] = d, [L : M ] = m and n = md.(a) We have NL

K = NMK NL

M and TrLK = TrM

K TrLM .

(b) For a ∈ L, the values NLK(a) and TL

K(a) belong to K. If a is an algebraic integer then sois the norm and trace.

Proof. Let λ1, · · · , λd be the embeddings of M fixing K and τ1, · · · , τm be the embeddings ofL fixing M . Let S be the normal extension containing L (e.g. take an u such that L = Q(u)and let S be the splitting field of the minimal polynomial of u). Each λi and τi extendto an automorphism of S which we denote by the same letter. So we can compose themas automorphism of S. Suppose the automorphisms λi τj and λi′ τj′|L are equal whenrestricted to L. Then, in particular they are equal when applied to b ∈M . But τ ’s restrictedto M are identity. So λi(b) = λi′(b) for all b ∈ M , whence i = i′. It follows that j = j′

too. Thus we see that the compositions λi τj to L are all distinct and thus gives all the nembeddings σ1 · · · , σn of L fixing K. Part (a) now follows.

For a ∈ L, let M = K(a). By part (a) it is enough to show that NLK(a) = (NM

K (a))m

and TrLK(a) = mTrM

K (a), where m = [L : M ]. So it is enough to show NMK (a) and TrM

K (a)are in K. This is true, for, if p(x) = xn + ad−1x

d−1 + · · · + a0 is the minimal polynomial ofa in K[x], then TrM

K (a) = −ad−1 and NMK (a) = (−1)da0. (recall: in the splitting field the

polynomial p splits as p(x) =∏

i(x− λi(a))). 10.7. Definition. Suppose K/Q be an extension of degree n. Let σ1, · · · , σn be the n distinctembeddings of K in C. The discriminant of an n tuple a1, · · · , an is defined as

∆(a1, · · · an) = det(σi(aj))2 = det(Tr(aiaj)).

The last two expressions are equal, since, if M is the matrix ((σi(aj))), then Tr(aiaj) =∑k σk(ai)σk(aj) is equal ij th entry of M ′M . Suppose

( b1...

bn

)= T

( a1

...an

)for some matrix T .

Applying the embedding σj one gets ((σi(bj))) = T ((σi(aj))) and hence

∆(b1, · · · , bn) = det(T )2∆(a1, · · · , an)

10.8. Proposition. The discriminant ∆(a1, · · · , an) is zero if and only if a1, · · · , an arelinearly dependent.

Proof. If∑

j cjaj = 0 be a non-trivial linear dependence relation then one has∑

j cjσi(aj) = 0

for all i. Hence c is in the kernel of the matrix ((σi(aj))) and its determinant is zero, i.e. thediscriminant is zero.

Conversely, if the discriminant is zero, let cM = 0, where M = ((Tr(aiaj))) and c is notthe zero vector. Suppose, if possible a1, · · · , an are linearly independent. Then a =

∑i ciai

is a nonzero vector such that Tr(aaj) =∑

i ciTr(aiaj) = 0 for j = 1, · · · , n. But sincea1, · · · , an are linearly independent over Q, so is aa1, · · · , aan, hence they form a basis forK/Q. Writing elements of K in the basis aa1, · · · , aan it follows that Tr(b) = 0 for all b ∈ Kwhich is absurd. 10.9. Proposition. Suppose L = K[a] and let σ1(a) = a1, · · · , σn(a) = an be the conjugatesof a over K. Then

∆(1, a, · · · , an−1) =∏

1≤r<s≤n

(ar − as)2 = (−1)n(n−1)/2N(f ′(a))

where f is the monic irreducible polynomial for a over K.29

Proof. The first equation follows from the formula for the Vandermonte determinant.

∆(1, a, · · · , an−1) = det((σj(ai))) = det((ai

j)) =( ∏1≤r<s≤n

(ar − as))2

One can rewrite the first equation as

∆(1, a, · · · , an−1) = (−1)(n(n−1)/2∏i=j

(ai − aj)

Note that f(x) =∏n

i=1(x− ai), so f ′(aj) =∏

i:i =j(aj − ai), i.e. σj(f′(a)) =

∏i:i=j(aj − ai).

The second equation follows by taking product over j. 10.10. Definition. Let K be a number field, [K : Q] = n. We shall show now, that anynon-zero ideal A in OK , (in particular OK itself) is a free abelian group of rank n. A basisof this abelian group is called an integral basis of A.

10.11. Lemma. Any non-zero ideal A in OK contains a basis for K over Q.

Proof. Note that, for any a ∈ K there exists an integer m such that ma is an algebraicinteger. (for example we can take m to be the leading coefficient of a polynomial in Z[x]having a as a root). Thus, there exists algebraic integers a1, · · · , an that form a basis for Kas a Q-vector space. If a is a non-zero element of the ideal A then aa1, · · · , aan are elementsof A which also form a basis for K as Q vector space. 10.12. Proposition. Let A be an non-zero ideal in OK. Let a1, · · · , an be elements of A thatform a Q-basis of K.(a) Let d = ∆(a1, · · · , an). Then every a ∈ A can be written uniquely as a linear combinationa = (m1a1 + · · · +mnan)/d where d | m2

j for all j.(b) If a1, · · · , an are chosen such that |∆(a1, · · · , an)| is minimum then A = Za1 + · · ·+Zan.Both part (a) and part (b) show that A is a free abelian group of rank n = [K : Q].

Proof. (a) As before let σ1, · · · , σn be the embeddings of K in C, σ1 = id. Write a =∑

j cjaj

with cj ∈ Q. Applying σi one gets

σi(a) =∑

j

cjσi(aj)

Let M = ((σi(aj))) and m = det(M). Solving these linear equations for cj by Cramer’s rulewe get cj = gj/m, where gj = det(Gj) where Gj is the matrix obtained by replacing the j-thcolumn of M by (σ1(a), · · · , σn(a))′. Since a and aj are all algebraic integers, so are gj andm. Since the enties of the first rows of M and Gj belong A, so does m and gj. One alsohas m2 = d. It follows that dcj = mgj is an algebraic integer but also a rational number, sodcj = mj ∈ Z. Further, m2

j/d = m2g2j/d = g2

j ∈ A ∩ Q = Z.(b) Suppose there exists a ∈ A such that a = (c1a1 + · · · + cnan)/r with ci and r areintegers such that r does not divide ci for some i. Without loss assume r does not dividec1 and write c1/r = s + f where s is an integer and 0 < f < 1 is a proper fraction. Defineb1 = a− sa1 = fa1 + c2

ra2 + · · ·+ cn

ran, and bi = ai for i = 2, · · ·n. Then b1, · · · , bn is another

Q basis of A and the matrix taking aj’s to bj’s is upper triangular with diagonal entries equal

to (f, 1, · · · , 1), so has determinant f . This implies ∆(b) = |f |2∆(a), which contradicts theminimality of ∆(a).

30

10.13. Corollary/Definition: If a1, · · · , an and b1, · · · , bn are two integral bases of A,

one has a = Mb for some integrer matrix M . It follows that ∆(a) = det(M)2∆(b). So

∆(b) | ∆(a). Reversing the roles of a and b one gets ∆(a) | ∆(b). Thus det(M) must equal

±1, and ∆(a) = ∆(b).In other words, the discriminant of an integral basis of OK is an invariant of the number

field K (or the ring OK). This rational integer is called the discriminant of K and denotedby ∆K .

Let K and L be two number fields, [K : Q] = m and [L : Q] = n. Assume that Kand L are disjoint extensions of Q, i.e. K ∩ L = Q, and let KL be the composite. Then[KL : Q] = mn. We shall end this sectiono with a result relating the ring of integers of thecomposite KL in terms of those of K and L. The discriminant plays a prominent role in it.

10.14. Proposition. With the above setup, suppose d = gcd(∆K ,∆L). Then the ring ofintegers of KL is contained in 1

dOkOL.

Proof. We shall need the following fact from field theory:Given embeddings σ : K → C and τ : L → C, there exists and embedding of KL into Cwhose restriction to K and L is σ and τ respectively.Let a1, · · · , am and b1, · · · , bn be integral basis for OK and OL respectively. Then the mnnumbers aibj forms an Z-basis for OKOL and also a Q basis for KL. Write an algebraicinteger a of KL in the form

a =∑ij

mij

raibj

where mij, r ∈ Z such that there is no common prime factor of these mn + 1 numbers. Weneed to show r | d, i.e. that r divides δK and ∆L. By the field theory fact, each automorphismσj : K → C extends to an automorphism of KL fixing L. Applying the automorphisms σk tothe above equations one gets σk(a) =

∑i ciσk(ai) where ci =

∑j

mij

rbj. Solving the equations

for ci by Cramer’s rule we have c=γj/δ where γj and δ are algebraic integers and δ2 = ∆K .It follows that

γjδ = ∆Kcj =∑

j

∆Kmij

rbj

In the above equations the first expression is an algebraic integer while the third is in L.So ∆Kcj is in OL. But b1, · · · , bn forms an integral basis for OL. It follows that r | ∆Kmij

for all i, j. Since there are no common factor between r and mij we must have r | ∆K .Interchaning the role of K and L one gets r | ∆L. proof of the field theory fact. Since [KL : K] = n the automorphism σ : K → C has ndistinct extensions to KL. Let τ1, · · · , τn be the restriction of these embeddings to L. Thenτj are all distinct. On the other hand, since [L : Q] = n there are a total of n embeddings ofL into C, so τ1, · · · , τn are all the embeddings. So τj = τ for some j.

CALCULATIONS FOR CYCLOTOMIC EXTENSIONS

Let d be a natural number and ζd = e2πi/d. The monic irreductible polynomial of ζd iscalled the d’th cyclotomic polynoial and denoted by Φd(x). Since ζd satisfies xd − 1 (a monic

31

polynomial in Z[x]), ζd is an algebraic integer, so Φd(x) ∈ Z[x]. The fields Q(ζd) are calledcyclotomic fields.

10.15. Lemma. (a) For any natural number n one has xn − 1 =∏

d|n Φd(x).

(b) One has [Q(ζd) : Q] = deg(Φd(x)) = ϕ(d). The ϕ(d) primitive roots of unity are the rootsof Φd(x), so they are conjugates.

Proof. A root of Φd, i.e. a conjugate of ζd is again a primitive d’th root of unity, hence hasthe form e2πir/d where 1 ≤ r < d and gcd(r, d) = 1. So deg(Φd) ≤ ϕ(d).

If Φd | xn − 1 then ζnd = 1, so d | n. All the roots of xn − 1 are roots of unity so

each irreducible factor of xn − 1 in Q[x] must be a cyclotomic polynomial, i.e. it must beΦd for some d | n. Since xn − 1 has no repeated roots, none of these irreducible factorscan be repeated. Thus we have xn − 1 =

∏ri=1 Φdi

(x) for distinct divisors d1, · · · , dr ofn. But recall that deg(Φdi

) ≤ ϕ(di). and we know n =∑

d|n ϕ(d). So the only way the

equation n =∑r

i=1 deg(Φdi) can be true is if d1, · · · , dr are all the divisors of n and moreover

deg(Φd) = ϕ(d) for each d | n. This proves both part (a) and (b). If K = Q[a] is a number field of degree d, let us denote ∆(1, a, a2, · · · , ad−1) by ∆(a).

10.16. Lemma. One has ∆(ζd) | dϕ(d).

Proof. We can write xd − 1 = Φd(x)g(x) for some monic polynomial g(x) ∈ Z[x]. Differ-entiating the equation and substituting x = ζd, we get d = ζΦ′

d(ζd)g(ζd). The lemma nowfollows by taking norm and noting that N(Φ′

d(ζd)) = ±∆(ζd) and N(ζdg(ζd)) ∈ Z. 10.17. Theorem. The ring of integers of Q[ζd] is equal to Z[ζd].

Proof. Let R be the ring of integers of Q[ζd]. We shall first prove the theorem when d isa prime power, d = pr. Let ζ = ζpr . First we need a bit of groundwork. Since xpr − 1 =∏r

t=0 Φpt(x), for all r, we get

Φpr(x) = (xpr − 1)/(xpr−1 − 1) =r−1∑s=0

xs.pr−1

But Φpr(x) =∏

k∈(Z/prZ)∗(x− ζk). Substituting x = 1 one gets

N(1 − ζ) =∏

k∈(Z/prZ)∗

(1 − ζk) = p (19)

Coming to the proof proper, let n = ϕ(pr), and d = ∆(ζ) = ∆(1 − ζ). By ?? we can writeany a ∈ R as a = 1

d

∑n−1i=1 mj(1 − ζ)j. If R = Z[1 − ζ], there exists b ∈ R of the form

b =1

p

n−1∑j=i−1

mj(1 − ζ)j (20)

such that p - mi. The equation (??) implies that p/(1 − ζ)n ∈ Z[ζ]. In the equation (??)above, i ≤ n, so pb/(1 − ζ)i ∈ R. But then (??) implies mi−1/(1 − ζ) ∈ R. Taking norm weget p = N(1 − ζ) | N(mi−1) contradicting p - mi−1. This proves the theorem for m equal toa prime power. The general case now follows from ?? and ??.

32

11. Primes in rings of integers

11.1. Lemma. Let K be an extension of Q of degree n.(a) Each non-zero ideal A of OK contains a nonzero integer.(b) Each nonzero ideal A of OK has finite index in OK.

Proof. The norm of any nonzero element of A is an integer that belong to A. If r is a naturalnumber belonging to A, then OK/rOk surjects onto OK/A. But Ok as an additive group isjust Zn, so OK/rOK has rn elements. So OK/A has fewer.

11.2. Definition. The index of an ideal A, i.e. |OK/A| is called the norm of the ideal A anddenoted by ||A||.

11.3. Definition. Let R be a commutative domain and K be its fraction field. The ring Ris called a Dedekind domain if it has the following three properties.

(1) R is Noetherian, i.e. the ideals of R are finitely generated or equivalently any non-empty collection of ideals has a maximal element or equivalently any increasing chainof ideals I1 ⊆ I2 ⊆ · · · in R stabilizes, i.e. there is an n such that In = In+1 = · · · .

(2) every non-zero prime in R is maximal.(3) R is integrally closed, i.e. any element x ∈ K that is integral over R belongs to R.

11.4. Theorem. The ring of integers in OK in a number field is a Dedekind domain.

Proof. The ring of integers OK is Noetherian because every non-zero ideal has finite indexin R, thus can have only finitely many proper ideal containing it. If P is a non-zero primeideal then R/P is a finite integral domain, hence a field, so P is maximal. If a ∈ K satisfiesa monic polynomial in Ok[x], then A = OK [a] is additively finitely generated over OK . SinceOK itself is finitely generated over Z, A is finitely generated additive group over Z. ButaA ⊆ A, implying a is an algebraic integer in K, i.e. that a ∈ OK .

Now, we shall study the structure of ideals in a Dedekind domain. Because of the theoremabove, all these results hold, in particular, for Ok.

11.5. Definition. For any ideal A in R define A−1 = x ∈ K : xA ⊆ R.

11.6. Theorem. Let P be a nonzero prime ideal in R. then PP−1 = R.

We shall need a couple of lemmas.

11.7. Lemma. Let A be any nonzero ideal in R. Then A contains a product of nonzeroprime ideals.

Proof. Suppose the lemma is not ture. Among the nonzero ideals that does not contain aproduct of primes, chose a maximal member A, (by Noetherian property). In particular Ais not a prime, so there exists a, b /∈ A such that ab ∈ A. Since A + (a) and A + (b) arestrictly bigger ideal than A, they contains a product of primes. Suppose

∏ri=1 Pi ⊆ A+ (a)

and∏s

i=1Qi ⊆ A + (b). But then P1 · · ·PrQ1 · · ·Qs ⊆ (A + (a))(A + (b)) = A which is acontradiction.

11.8. Lemma. For any nonzero proper prime ideal P one has P−1 ) R.33

Proof. Pick a nonzero element a ∈ P . Using the above lemma pick non-zero prime idealsP1, · · · , Pr such that P1 · · ·Pr ⊆ (a) and r is minimal. Then P | P1 · · ·Pr, so P | Pi

for some i, i.e. P = Pi for some i. Without loss, assume that P = P1. Now we havePP2 · · ·Pr ⊆ (a) ⊆ P . Since r was minimal P2 · · ·Pr * (a). So we can pick b ∈ P2 · · ·Pr \(a).Then a−1bP ⊆ a−1PP2 · · ·Pr ⊆ a−1(a) = R, so x = a−1b ∈ P−1. But since b /∈ (a),x /∈ R. proof of the equation PP−1 = R : Suppose not. Then PP−1 is a proper ideal containing P .Since each nonzero prime is maximal, one gets P = PP−1. So for each x ∈ P−1 we havexP ⊆ P . This implies x is integral over R (the determinant trick). But R is integrallyclosed, so x ∈ R, i.e. P ⊆ R, contradicting the lemma above.

Now we can prove

11.9. Theorem. Any nonzero ideal A in a dedekind domain R can be uniquely writtenas a product A = P1 · · ·Pr, where Pi are not necessarily distinct, non-zero prime ideals.Uniqueness of the decomposition means that if A = P1 · · ·Pr = A1 · · ·Qs are two suchdecomposition, then r = s and the list of ideals P1, · · · , Pr are Q1, · · · , Qr are same uptopermutation.

Proof. If P1 · · ·Pr = Q1 · · ·Qs, then Pi | Q1 · · ·Qs. Since P1 is a prime P1 must divideQj for some j, so P1 = Qj for some 1 ≤ j ≤ s. Multiplying by P−1

1 we get P2 · · ·Pr =Q1 · · ·Qj−1Qj+1 · · ·Qn. The uniqueness follows by repeating the arguement.

Let A be any non-zero ideal. Using lemma ??, choose a minimal set of primes P1, · · ·Pr

such that∏Pi ⊆ A. Since A is proper there is a maximal ideal Q ⊇ A. Then Q is one of the

Pi’s, without loss, say Q = P1. Then P2 · · ·Pr ⊆ P−11 A ⊆ P−1

1 P1 = R. Since r was minimalP−1

1 A = R, so is a proper ideal. By repeating the argument with AP−11 instead of A we get

P3 · · ·Pr ⊆ AP−11 P−1

2 ⊆ R. Again, since r was minimal AP−11 P−1

2 = R. By induction onegets R ⊆ AP−1

1 · · ·P−1r ⊆ R, i.e. R = AP−1

1 · · ·P−1r .

11.10. Corollary. Let A,B and C be ideals in a Dedekind domain. (a) If AB = AC, thenB = C.(b) If A ⊆ B then there is an ideal D such that A = BD, i.e. B | A.

Proof. Part (a) follows by writing A = P1 · · ·Pr and multiplying both sides by each P−1i

successively. For part (b) let A = P1 · · ·Pr and B = Q1 · · ·Qs. Since A ⊆ B, Q1 | P1 · · ·Pr,so Q1 is equal to one of the Pi. Cancelling them successively we get the result. 11.11. Corollary. (a) Let A be any non-zero proper ideal with factorization A = P1 · · ·Pr.Then A−1 = P−1

1 · · ·P−1r . One also has AA−1 = R and A−1 ) R.

(b) Further, let a be any non-zero element of A and B = y ∈ R : yA ⊆ R. Then B is anideal in R such that 1

aB = A−1 and AB = (a).

Proof. Ler B = P−11 · · ·P−1

r . Since PP−1 = R for all primes, we have AB = R. ClearlyB ⊆ A−1. Conversely, if x ∈ A−1, then xA ⊆ R, then xAB ⊆ B. But AB = R, so x ∈ B. SoA = B−1 and AA−1 = R. Since A is contained in some prime P , A−1 ⊇ P−1. But alreadyP−1 ) R. This proves part (a)

Clearly 1aB ⊆ A−1. Conversely, if x ∈ A−1, then ax ∈ R and axA ⊆ (a). So ax ∈ B which

implies A−1 ⊆ 1aB. Part (b) now follows.

34

11.12. Lemma. For ideals I and J in OK one has ||I||.||J || = ||IJ ||.

Proof. If I and J are relatively prime then the result follows from R/IJ ≃ R/I ×R/J , i.e.the Chinese remainder theorem.

By unique factorization into powers of prime ideals, it is enough to prove the lemmafor I = P e where P is a prime. In this case |R/P e| = |R/P ||P/P 2| · · · |P e−1/P e|. HereR/P is a finite field and each P r/P r+1 is a vector space over it. If x ∈ P r \ P r+1 thenP r+1 ( (x) + P r+1 ⊆ P r. Since (x) + P r+1 has a unique factorization into prime ideals, onemust have (x) + P r+1 = P r. It follows that P r/P r+1 is a one dimensional vector space overR/P so |R/P | = |P r/P r+1| for each r. The result follows. 11.13. Definition. Let I and J be non-zero ideals in OK . Define an equivalence relation ∼on the set of non-zero ideals of OK by letting I ∼ J if there are nonzero elements a, b ∈ OK

such that aI = bJ . The equivalence classes are called the ideal classes. The above resultsshow that the set of ideal classes form a group, the class of principal ideals being the identityelement. This group, denoted Cl(K), is called the class group of K. We shall soon see thatthis is a finite group. This is one of the most important invariant of the number field K.

Now we fix some notation for the rest of this section.

11.14. Definition. Let L/K is an extension of number fields of rank n, let OK = R andOL = S, R ⊆ S. If Q is a prime ideal in S, then P = Q ∩ R is a prime ideal in R. We saythat Q lies over P .

11.15. Lemma. Given a non-zero prime ideal P ∈ R is a proper ideal of S. So, for eachproper prime ideal P , there is atleast one prime Q of S such that Q lies above S.

Proof. We claim that 1 /∈ PS. To see this, pick a ∈ P−1 \ R, then aPS ⊆ S. If PS didcontain 1, we would have a ∈ S, implying a is an algebraic integer. But a is not an algebraicinteger, since a ∈ K \R.

Now, the proper ideal PS can be decomposed into primes in S as PS = Q1 · · ·Qs. Foreach i, one has Qi ∩ R is a proper ideal containing P , hence Qi ∩ R = P . So each prime Pof R lies under atleast one prime of S. 11.16. Definition. Suppose P is a proper prime ideal of R which factorizes in S as

PS = Qe11 · · ·Qer

r

where Qi are distinct primes of S and ei = ordQi(PS) is the highest power of Qi dividing

PS. The set of primes Q1, · · · , Qr as well as the integers ei are uniquely determined byunique factorization. The number ei is called the ramification index of Qi over P . We saythat the prime P ramifies in S if ei > 1 for some i.

The quotients λi = S/Qi and κ = R/P are finite integral domains, hence finite fields.Moreover κ is a subfield of λi, since Qi ∩ R = P . The degree of the extension fi = [λi : κ]is called the local degree (or inertial degree) of Qi over P . We also write ei = e(Qi|P ) andfi = f(Qi|P ). Clearly e(Q|P ) and f(Q|P ) are multiplicative in towers, i.e. if K ⊆ L ⊆ Mare extensions and P ⊆ Q ⊆ T are primes in the corresponding number rings then f(T |P ) =f(T |Q)f(Q|P ) and e(T |P ) = e(T |Q)e(Q|P )

With these notations we have the following fundamental formulae governing how theprimes might split.

35

11.17. Theorem. One has∑r

i=1 eifi = n.

Proof. Note that, since S/Qi is a vector space of dimension fi over R/P , one has ||Qi|| =||P ||fi . Taking norm on both sides of the equation, PS = Qe1

1 · · ·Qerr and using the multi-

plicativity of the norm of ideals we get

||PS|| =r∏

i=1

||Qi||ei =r∏

i=1

(||P ||fi)ei = ||P ||P

i eifi .

Now the theorem follows from the following proposition.

11.18. Proposition. One has ||PS|| = ||P ||n.

Proof. Note that S/PS is a vector space over κ = R/P . We want to show thatdimκ(S/PS) = n. Given w ∈ S, let w denote its reduction modulo PS. Pick elementsw1, · · · , wm of S such that w1, · · · , wm form a basis of S/PS over R/P . We shall show thatw1, · · · , wm infact forms a basis of L/K. This will prove what we want.

First we show linear independence. If possible, suppose there exists a1, · · · , am ∈ K,atelast one of them non-zero, such that we have a non-trivial dependence relation

∑i aiwi =

0. Then we shall show that there is a dependence relation∑biwi = 0 where all bi ∈ R but

atleast one bi /∈ P . Reducing coefficients modulo PS this would lead to a contradiction,since the wi are linearly independent over R/P .

By cleaing denominator, if necessary, we may assume that each ai ∈ OK . Let A bethe ideal generated by a1, · · · , am. We are done if some ai /∈ P . Otherwise A ⊆ P . Butthen, we choose b ∈ A−1 \ A−1P and observe that each bai ∈ R, but some bai /∈ PS. Then∑

(bai)wi = 0 is a dependence relation of the desired form.One can show that w1, · · · , wm generates L/K by a standard commutative algebra tool,

called Nakayama’s lemma. Let

M = Rw1 + · · · +Rwm ⊆ S.

Since S is finitely generated, even over Z we can write S = M +Rz1 + · · ·+Rzk for finitelymany elements zi ∈ S. Since w1, · · · , wm generate S/PS over R/P , we have S = M + PS.Thus we can write each zi as

zi =∑

j

tijzj +mi

for some tij ∈ P and mi ∈ M . In other words, the entries of the matrix ((I − tij))z arein M . Multiplying by the adjoint of the matrix ((I − tij)) we get that dzi ∈ M whered = det((I − tij)) ∈ R. Since tij ∈ P , we have d ≡ 1 mod P , so d = 0. So each zi canbe written as a linear combination of wi’s with coefficients from K. Given y ∈ L, there isan integer h ∈ Z such that hy ∈ S. We can write hy as a linear combination of wi’s withcoefficients from K, so the same can be done for y. This proves that w1, · · · , wm generateL/K.

Now we collect the properties of the norm of an ideal.

11.19. Theorem. (a) Let I and J be ideals in OK. Then ||I||||J || = ||IJ ||.(b) Let [L : K] = n and I be an ideal in OK. Then ||IOL|| = ||I||n.(c) For a ∈ OK, one has ||aOK || = N(a).

36

Proof. (a) has already been proved. We proved (b) above for prime ideals, the general casefollows by unique factorization into primes. It remains to prove (c). Let S be a normalextension of Q containing K. Let T be the ring of integers of S. Let d = [M : K]. For eachembedding σ : K → C we have ||σ(a)T || = ||aT ||. (Since σ extends to an automorphismof T ). Let m = NK

Q (a). Since ||·|| is multiplicative, we have mnd = |mT | =∏

σ||σ(a)T || =

||aT ||n = (||aR||d)n. The result follows. Let K be a algebraic number field and R = OK . Let a be an algebraic integer with

minimal irreducible polynomial g ∈ R[x]. Let L = K[a] = F [x]/(g) and S = OL. Thefollowing theorem gives a way to compute the splitting of all but finitely many primes of Kin L.

11.20. Theorem. Let P be a prime ideal in R and let κ = R/P . Given a polynomial f ∈ R[x]let f denote its image in κ[x] obtained by reducing coefficients modulo P . Suppose gi aremonic polynomials in R[x] such that g(x) factors in κ[x] as

g = ge11 · · · ger

r

where gi are distinct monic irreducible factors. Let (p) = P ∩ Z and suppose p - |S/R[a]|.Then the prime factorization of PS is given by PS = Qe1

1 · · ·Qerr where Qi = PS + (gi(a)).

Further f(Qi|P ) = deg(gi).

Proof. Let R/P = κ ≃ Fq and fi = deg(gi). We shall show:(1) Either Qi = S or S/Qi ≃ Fqfi , so Qi are primes above P and f(Qi|P ) = fi.(2) One has Qi +Qj = S if i = j.(3) One has Qe1

1 · · ·Qerr ⊆ PS.

First we finish the proof assuming (1), (2) and (3). By renaming the indices if necessarysuppose Q1, · · ·Qs are the proper primes, s ≤ r and Qs+1 = · · · = Qr = S. By (2) the primesQ1, · · ·Qs are distinct. Now (3) implies PS | Qe1

1 · · ·Qess , so PS has a prime factorization

of the form PS = Qd11 · · ·Qds

s for some s ≤ r and di ≤ ei and f(Qi|P ) = fi. Then one has∑si=1 difi = n. On the other hand equating degrees on both sides of g = ge1

1 · · · gerr we get∑s

i=1 eifi = n. This forces r = s and di = ei. (note that g, gi are monic, so degree does notchange when one reduces coefficients modulo p). Now we prove (1), (2) and (3).

(1) On one hand we have the isomorphisms

R[x]/(P, gi) ≃ κ[x]/(gi) ≃ Fqfi

So (P, gi) is a maximal ideal in R[x]. On the other hand we have a homomorphism

ψ : R[x] → S/Qi

defined by ψ(x) = a mod Qi. From the definition of Qi we see that ker(ψ) contains (P, gi).Now note that ψ is onto because R[a] + Qi = S. (Infact one already has R[a] + pS = S,since the index |S/(R[a] + pS)| divides both |S/R[a]| and |S/pS|. But as p - |S/R[a]| byour assumption, the |S/R[a]| and |S/pS| = p[L:Q] are relatively prime.) So either Qi = S orker(ψ) is a proper ideal, hence equal to (Pi, g). This proves (1).

(2) Since gi are distinct irreducible polynomials in κ[x], there exists h, k ∈ R[x] such thatgih + gj k = 1 in κ[x]. In other words the coefficients of gi(x)h(x) + gj(x)k(x) − 1 are in P ,so gi(a)h(a) + gj(a)k(a) ≡ 1 mod PS. Thus 1 ∈ (P, gi(a), gj(a)) = Qi +Qj, proving (2).

(3) The polynomial∏

i geii (x) − g(x) has coefficients in P , so

∏i g

eii (a) − g(a) ∈ PS. But

g(a) = 0. So∏

i geii (a) ∈ PS. One has Qe1

1 · · ·Qerr ⊆ PS + (ge1

1 (a) · · · gerr (a)) ⊆ PS.

37

Now assume that L/K is a normal extension, i.e. each embedding of L into C fixing Kis an automorphism of L. The group of automorphisms of L fixing K is called the Galoisgroup L/K and is denoted by Gal(L/K) The order of the group Gal(L/K) is the same asthe seperable degree and hence the degree of the extension.

11.21. Proposition. Suppose L/K is a normal extension of degree n. Let G = Gal(L/K).(a) Let P be a prime in OK and let Q,Q′ be two primes in OL lying over P . Then thereexists an element σ ∈ G such that σ(Q) = Q′

(b) Thus the ramification indices and local degrees of each Q lying over P is the same. Inother words, there exists positive integers r, e and f such that the prime factorization ofthe ideal PS in OL has the form PS = (Q1 · · ·Qr)

e, for primes Q1, · · · , Qr in OL and[OL/Qi : OK/P ] = f for each i and ref = n.

Proof. Suppose Q′ = σ(Q) for all σ ∈ G. By chinese remainder theorem we can find an asuch that a ≡ 0 mod Q′ and a ≡ 1 mod σ(Q) for each σ ∈ G. Then σ−1(a) /∈ Q, for eachσ ∈ G. So NL

K(a) =∏

σ∈G σ−1(a) /∈ Q too. So N(a) /∈ Q. But NL

K(a) ∈ Q′ ∩ OK = P ⊆ Qwhich is a contradiction. (Recall:

∏σ∈G σ(a) ∈ Q′ because

∏σ =1 σ(a) = a−1 ∈ L ∩ A = OL

and a ∈ Q′ ). Part (b) follows from part (a).

11.22. Let G = Gal(L/K) be the Galois group of the normal extension L/K of numberfields. Let R = OK and S = OL. Let P be a prime in R and fix a prime Q of S above R.Let κ = R/P and λ = S/Q be the residue fields. Each prime of S above P have the localdegree, equal to f = [λ : κ]. One has P = (Q1 · · ·Qr)

e where Q1, · · · , Qr are all the primesabove P and ref = n = [L : K]. The Galois group G acts on the primes above P . Thestabilizer of Q is called the decomposition group of Q/P .

D = σ ∈ G : σ(Q) = Q

Since G acts transitively on the primes Q = Q1, · · · , Qr, |D| = |G|/r = ef . Let LD bethe fixed field of D and SD be its ring of integers. The extension L/LD is Galois withGalois group D. Let QD = Q ∩ SD be a prime in SD below Q. Then D should acttransitively on the primes above QD, but D fixes Q. So Q is the only prime of S aboveQD. So e(Q|QD)f(Q|QD) = [L : LD] = ef . On the other hand, by multiplicativity of theramification index and local degree in towers one has e(Q|QD) ≤ e and f(Q|QD) ≤ f , soequality must hold in both places. Using the multiplicativity of the ramification index andlocal degree again, one gets, e(QD|P ) = f(QD|P ) = 1.

We have a homomorphism

η : D → Gal(λ/κ)

defined by σ(x) = x mod Q, where x is any lift of x in S (The map is well defined sinceσ(Q) = Q). The kernel E = ker(η) is a normal subgroup of D, called the inertia group of Qover P . Clearly

E = σ ∈ G : σ(x) ≡ x mod Q for all x ∈ S.Let SE be the ring of integers of LE and QE = Q ∩ SE. Given θ ∈ S/Q pick a lift α in Sand consider the polynomial

f(x) =∏σ∈E

(x− σ(α)).

38

The polynomial is fixed by the Galois group E of L/LE and hence has coefficients in SE.Reducing coefficients modulo Q one sees that

f(x) ≡ (x− θ)|E| ∈ SE/QE[x].

Thus any element of the Galois group of S/Q over SE/QE fixes f , so takes θ to a root of f .But the only root of f is θ. So the Galois group of S/Q over SE/QE is equal to the identity,i.e. S/Q ≃ SE/QE. So f(Q/QE) = 1.

Note that, since E is a normal subgroup of D, LE is a Galois extension of LD with Galoisgroup D/E. From multiplicativity of f it follows that f(QE/QD) = f , so |D/E| = [LE :LD] ≥ f . On the other hand D/E injects into Gal(λ/κ) which has order f . This forces[LD : LE] = f and D/E ≃ Gal(λ/κ), i.e. the map η : D → Gal(λ/κ) is onto with kernelequal to E. Summarizing we have the following picture:

degree : r f e

K ⊆ LD ⊆ LE ⊆ L

R ⊆ SD ⊆ SE ⊆ S

P ⊆ QD ⊆ QE ⊆ Q

e(QD|P ) = 1 e(QE|QD) = 1 e(Q|QE) = e

f(QD|P ) = 1 f(QE|QD) = f f(Q|QE) = 1

Suppose P is an prime in R that does not ramify in S, i.e. the inertia group E = (id).Then D ≃ Gal(λ/κ). Let q = ||P ||. Then κ ≃ Fq and λ ≃ Fqf . The Galois group ofλ/κ is the cyclic group of order f generated by the automorphism x 7→ xq. The preimageof this automorphism in D is called the frobenius automorphism of Q/P . It is the uniqueautomorphism ϕ of L/K such that

ϕ(a) ≡ a||P || mod Q

for all a ∈ S.

SPLITTING OF RATIONAL PRIMES IN QUADRATIC EXTENSIONS OF QLet d be a squarefree integer and F = Q[

√d]. Let R be the ring of integers of F . Recall

that if d ≡ 1 mod 4 then R = Z[1+√

d2

] and δF = d. If d ≡ 2 or 3 mod 4 then R = Z[√d]

and δF = 4d. The extension F/Q is normal with a Galois group of order 2 generated by

σ : a+ b√d 7→ a− b

√d.

11.23. Theorem. Let p be a prime number in Z and P be a prime of R lying over p.(a) If p - δF then p is not ramified. So One has only the following two possiblities:(i) One has pR = P if either p is odd and

(dp

)= 1 or if p = 2 and d ≡ 1 mod 8.

(ii) One has pR = Pσ(P ), with P = σ(P ) if either p is odd and(

dp

)= −1 or if p = 2 and

d ≡ 5 mod 8.(b) If p | δF then p is ramified in F , i.e. pR = P 2.

39

SPLITTING OF RATIONAL PRIMES IN CYCLOTOMIC EXTENSIONSLet m be a positive integer and ζm = e2πi/m. Let F = Q[ζm] and R be its ring of integers.

Recall that ζm has ϕ(m) conjugates, namely e2πir/m, with r ∈ (Z/mZ)∗. An embedding ofF into C is specified by sending ζm to one of its conjugates, which is again in F . Thus F/Qis a normal extension of degree ϕ(m), and its Galois group is isomorphic to (Z/mZ)∗. Anisomorphism is given by sending the automorphism ζm 7→ ζr

m to r mod m.Fix a prime number p ∈ Z. We want to describe how p splits in F .

11.24. Lemma. Suppose p - m. Then there is an automorphism σp of F = Q[ζ] that satisfiesσp(w) = wp mod pR for all w ∈ R. The order of the automorphism σp is equal to the orderof p in Z/mZ, i.e. it is the smallest positive integer f such that pf ≡ 1 mod n.

Proof. Define σp by σp(ζm) = ζpm. Recall that R = Z[ζm] So any w ∈ R can be written as

w =∑aiζ

im with ai ∈ Z. Since ap ≡ 1 mod p for each a ∈ Z, one has

σ(w) =∑

aiζipm ≡

∑ap

i ζipm ≡ (

∑aiζ

im)p mod pR

Next, observe that the order of the automorphism σp is the smallest number f such that

ζpf

m = ζm, i.e. the smallest positive integer f such that pf ≡ 1 mod m. 11.25. Theorem. Suppose p - m. Then pR factors into a product of r distinct primeseach with local degree f , and f is the smallest positive integer such that pf ≡ 1 mod m andr = ϕ(m)/f .

Proof. Recall that ∆F is a factor of mϕm, so is relatively prime to p. So p does not ramifyin F . Let Q1, · · · , Qr be the primes in R lying over p. Since the extension F/Q is normaleach Qi has the same local degree, say f1 and we have rf1 = ϕ(m). Thus we have toshow that f = f1. Note that R/Q1 is a finite field of order pf1 . So each w ∈ R satisfies

wpf1 ≡ w mod Q1, and f1 is the smallest number with this property. On the other hand,since f is the order of σp, one has w = σf (w) ≡ wpf

mod pR, for all w ∈ R. So f1 ≤ f .For the other inequality, we start with the equation m =

∏1≤i≤m−1(1 − ζ i

m). Since p - mand Q1∩Z = pZ, one hasm /∈ Q1. But then 1−ζ i

m /∈ Q1 for 1 ≤ i ≤ m−1, which implies that

the cosets of 1, ζm, ζ2m, · · · , ζm−1

m in R/Q1 are distinct. But we have ζpf1

m ≡ ζm mod Q1. Itfollows that pf1 ≡ 1 mod m. But f is the smallest integer with this property, so f ≤ f1.

Next we consider the case m = pk, and describe how p factorizes in F = Q[ζpr ].

11.26. Theorem. (1 − ζpk) generates a prime ideal in R and pR = ((1 − ζpk)R)ϕ(pk). (Onesays that p is totally ramified.)

Proof. Recall that p =∏

j∈(Z/prZ)∗(1−ζjpr). Factoring out (1−ζpk) from each factor one gets,

p = (1 − ζpk)ϕ(pk)∏

j∈(Z/prZ)∗

(1 + ζpr + · · · + ζj−1pr )

Let uj = (1 + ζpk + · · · + ζj−1pk ). One has U−1

j = (ζpk − 1)/(ζjpk − 1). Since (pk, j) = 1, there

is a positive integer h such that jh ≡ 1 mod pk, so u−1j = (ζjh

pk − 1)/(ζjpk − 1) ∈ Z[ζpk ]. Thus

each uj is an unit in R and we have p = u(1− ζpk)ϕ(pk). But then the degree of the extensionF/Q is ϕ(pk), so the equation

∑ri=1 eifi = n implies that (1 − ζpk) cannot have a further

proper prime factorization, i.e. that it is a prime. 40

Now, in the general case, let m = pkn where p - n. Let F = Q[ζm] and R be its ring ofintegers. Then one has

11.27. Theorem. The prime p factorizes in R as pR = (Q1 · · ·Qr)e where e = ϕ(pk). Each

Qi/p has local degree f where f is the smallest positive integer such that pf ≡ 1 mod n.Furthermore r = ϕ(n)/f .

Proof. Let pZ[ζm] = (Q1 · · ·Qr′)e′ be the prime factorization of p in Q[ζm] and each Qi has

local degree f ′ over p. Note that Q[ζpk ] and Q[ζn] are subfields of Q[ζm] whose compositumis Q[ζm] and we know how p factorizes in these two subfields.

Now Qi ∩Z[ζpr ] is a prime above p and the only such prime is (1− ζpk). Since p is alreadya ϕ(pk)-th power of the prime (1 − ζpk) in the subfield Q[ζpk ], and the ramification indexis multiplicative in towers,one must have e′ ≥ e. Again, each Qi ∩ Z[ζn] is is a prime lyingabove p, which has local degree f . Since the local degree is also multiplicative in towersf ′ ≥ f . Moreover, in Z[ζn], there are r primes lying over p, and each of them have atleastone prime above them in Z[ζm], r′ ≥ r. Combining these with the fundamental equation∑eifi = n we find

ϕ(m) = e′f ′r′ ≥ efr = ϕ(pk)ϕ(n) = ϕ(m)

The last equality is true because gcd(n, pk) = 1. But then all the inequalities must beequality, i.e. e = e′, f = f ′ and r = r′.

AN EXAMPLE OF PRIME SPLITTINGLet a = 3

√19 and ω = e2πi/3. The splitting field of x3 − 19 is L = Q[a, ω]. It is a Galois

extension with Galois group S3. We describe how 3 splits in subfields of L.

L = Q(a, ω)

F = Q(a)

2ooooooooooo

3OOOOOOOOOOOOOO

M = Q(ω)

3PPPPPPPPPPP

2nnnnnnnnnnnnnn

Q

Q21Q

22Q

23

P 2Q

uuuuuuuuu

JJJJJJJJJJJ(1 − ω)2

LLLLLLLLLL

qqqqqqqqqqqq

3

The element b = (1 + a + a2)/3 has minimal polynomial g(x) = x3 − x2 − 6x − 12, sob ∈ OF . (Infact 1, a, b is an integral basis of OF and ∆F = −3.192. Also ∆(1, b, b2) =−22.3.192, so 3 - |OF/Z[b]| = 2.) So the factorization of 3OF can be calculated usingg(x) ≡ x2(x− 1) mod 3. Consider the ideals P = (3, b) and Q = (3, b− 1) of OF .

One can check by direct calculation that 3OF = P 2Q. It is easy to see that P and Q areproper ideals. (If P = (1), then 3 | b − 1 in OF , but N((b − 1)/3) /∈ Z. If Q = (1), then3OF = P 2, so P is proper and each prime in OF above 3 have even ramification index, whichis not possible as [F : Q] = 3). Also note that P + Q = (1). It follows that P and Q aredistinct primes and 3OF = P 2Q is prime decomposition of 3 in OF .

Now let Q1, · · · , Qr be the primes above 3 in OL. Each Qi lie above (1 − ω) and havesame ramification index and local degree, say e and f . We have r ≥ 2 and ref = 3, implyingr = 3. So 3OL = Q2

1Q22Q

23 is the prime factorization and e(Qi|3) = 2, f(Qi|3) = 1. Suppose

Q3 ∩ OF = Q. Then e(Q3|Q) = 2, so Q3 is the only prime in OL above Q. It followsQ1∩OF = Q2∩OF = P . So P must factor in OL as POL = Q1Q2. Since Gal(L/F ) = Z/2Zacts transitively on the primes above P and on primes above Q, it fixes Q3 and interchangesQ1 and Q2. So D = D(Q3|P ) ⊇ Gal(L/F ). But |D| = 2, so F = LD.

41

12. Minkowski theory and Dirichlet’s unit theorem

A subgroup of Rn generated by a basis of Rn will be called a lattice. Let Λ be a lattice in Rn.If v1, · · · , vn is a basis of Λ, then F =

∑i civi : 0 ≤ ci < 1 is a fundamental parallelopiped

of Λ. One has Rn/Λ ≃ F , i.e. the vector space Rn is disjoint union of the translates x+F , forx ∈ Λ. For a lattice Λ, let vol(Λ) be the Euclidean volume of a fundamental parallelopipedF of Λ. If Γ is a sublattice of Λ then one has Vol(Γ) = |Λ/Γ|.Vol(Λ). The basic trick of thetrade is the following result, called Minkowski’s lattice point theorem.

12.1. Lemma (Minkowski’s lattice point theorem). Let Λ be a lattice in Rn. Suppose E isa measurable, convex, centrally symmetric subset of Rn such that vol(E) > 2n vol(Λ). ThenE contains a non-zero point of Λ. Further, if E is compact, we can weaken the assumptionto vol(E) ≥ 2n vol(Λ)

Proof. Let F be a fundamental parallelopiped of Λ. Look at 12E, vol(1

2E) > vol(F ). If we

translate the intersections of 12E with the parallelopipeds x + F back to F (by subtracting

x), the volumes of these pieces add upto vol(E), which is more than vol(F ). So there must

be some overlap. (More precisely the composite map 12E → Rn → Rn/Λ

∼−→ F cannot be

injective.) So, there must exist distinct elements x, y ∈ 12E with x−y ∈ Λ. Since 2y ∈ E and

E is centrally symmetric, −2y ∈ E. Since 2x,−2y ∈ E, and E is convex 12(2x+ (−2y)) ∈ E

too. Thus we get 0 = x− y ∈ E ∩ Λ. 12.2. Let K be a number field, [K : Q] = n. Suppose K has r real and 2s complexembeddings. Let τ1, · · · , τr be the real embeddings, and τr+1, · · · , τr+2s be the complexembeddings, where (τr+2j−1, τr+2j) are complex conjugate pairs. Let KC be the n dimensionalcomplex vector space whose co-ordinates are indexed by τ ∈ Hom(K,C). We shall write avector of KC in co-ordinates as (xτ ) = (xτ1 , · · · , xτn). Let KR be the real n dimensional realsubspace of KC consisting of those vectors (xτ ) such that xτ = xτ for each embedding τ .

Using the embeddings we define a map j : K → KR, written as a 7→ j(a) = (aτ ), whereaτ = τ(a). Let R be the ring of integers of K. Fix an integral basis a1, · · · , an of R Since Λis an additive homomorphism

j(R) = j(a1)Z + · · · + j(an)Z

One has |det(j(a1), · · · , j(an))| =√|∆K |. Thus j(a1), · · · , j(an) is a basis of KR.

12.3. Definition. Thus as an additive group, the ring of integers R is isomorphic to thelattice j(R) in the vector space KR. An ideal I of R gives a sublattice of j(R) of index ||I||.We can identify KR with the standard euclidean space Rn by

(x1, · · · , xr, z1, z1, · · · , zs, zs) 7→ (x1, · · · , xr,Re(z1), Im(z1), · · · ,Re(zs), Im(zs)). (21)

When we speak of volume in KR we mean the standard Euclidean volume in Rn via theabove identification. We have vol(j(R)) = 1

2s

√|∆K | and vol(j(I)) = ||I|| vol(j(R)).

Define a norm on KR by

N(xτ ) =∏τ

|xτ |

It is immidiate that, for a ∈ K, one has N(j(a)) = |NKQ (a)|.

The following is a easy corollary of Minkowski’s lattice point theorem.42

12.4. Corollary. Suppose there is a compact, convex, centrally symmetric set A withvol(A) > 0 such that a ∈ A implies N(a) ≤ 1. Then every n dimensional lattice contains anon-zero point x with |N(x)| ≤ 2n vol(Λ)/ vol(A).

Proof. Apply Minkowski’s lattice point theorem with E = tA where tn = 2n vol(Λ)vol(A)

. Applying this corollary to the right kind of A we get the following theorem. For our

purpose, this is the main consequence of the lattice point theorem.

12.5. Theorem. There exists an absolute constant c, such that all lattice Λ in KR containsa non-zero element x with

N(x) ≤ c. vol(Λ).

One can easily show that c = (4/π)s works. A better constant is given by c = n!nn

(8π

)s.

Proof. For this lemma we identify KR with Rn via the identification in equation (??) andwork in Rn. Take A ⊆ Rn to be defined by the product of segments and circles defined bythe inequalities

|x1| ≤ 1, · · · , |xr| ≤ 1, (x2r+1 + x2

r+2) ≤ 1, · · · , (x2n−1 + x2

n) ≤ 1

Then vol(A) = 2rπs. From the lemma ?? one gets that every lattice Λ contains a x = 0 with|N(x)| ≤ ( 4

π)s vol(Λ).

The refined constant c = n!nn

(8π

)sis obtained by taking A defined by the single inequality

|x1| + · · · + |xr| + 2(√x2

r+1 + x2r+2 + · · · +

√x2

n−1 + x2n) ≤ n.

The fact that elements of A has norm less than or equal to 1 is a consequence of theinequality stating that arithmetic mean is greater than the geometric mean. The resultfollows by computing the volume of A, which is an exercise in multiple integration. 12.6. Corollary. (a) Every non-zero ideal in R contains a = 0 with |N(a)| ≤n!nn

(4π

)s√|∆K |||I||.(b) Every ideal class of R contains an ideal J with ||J || ≤ n!

nn

(4π

)s√|∆K |.

Proof. Part (a) follows from applying the theorem above to the lattice j(I) ∈ KR withc = n!

nn

(8π

)sand recalling that

vol(j(I)) = |j(R)/j(I)| vol(j(R)) = ||I||√

|∆K |/2s.

(b) Let C be any ideal class. Fix an ideal I in the inverse class of C. By part (a), there

exists an element a ∈ I with N(x) ≤ c2s

√|∆K |||I||. Since aR ⊆ I, there exists an ideal J

with IJ = aR. Necessarily J ∈ C and N(a) = ||aR|| = ||I||||J ||. Part (b) follows. 12.7. Lemma. Given a constant λ there are only finitely many ideals I in OK with ||I|| ≤ λ.

Proof. If I is an ideal with ||I|| = m then I ⊇ mR, and already the number of abelian groupsbetween R and mR is finite.

Since each ideal class contains an ideal with norm less than a fixed constant, and thereare only finitely many ideals in OK with norm less than any given constant, one has

12.8. Theorem. The ideal class group Cl(K) is finite.43

12.9. Remark. Notice that we have shown, each ideal class contains an ideal J with ||J || ≤n!nn ( 4

π)s√

∆K . The constant in front of√

∆R, called Minkowski’s constant, gets small quicklyas n increases. Thus if we are looking for ideals generating the class group, the inequalitylets us restrict our search to ideals of small norms, which sometimes lets one to determinethe class group.

12.10. Next we shall prove the Dirichlet’s unit theorem. If x = (xτ ), y = (yτ ) ∈ KR letx.y denote the element of K with co-ordinates (x.y)τ = (xτyτ ). The point of the definitionis, that if x, y ∈ K, then Λ(xy) = Λ(x).Λ(y). For ease of notation we shall from now onidentify K with its image in the vector space KR, consequently R with the lattice ΛR, etc.Let U denote the set of units in R. Let S be the subset of the vector space KR consisting ofelements x with N(x) = ±1. Under the identification K → KR, one has U ⊆ S. We definea map KR to Rr+s.

l(x1, · · · , xr; z1, z1, · · · , zs, zs) = (log|x1|, · · · , log|xr|; log(|z|21), · · · , log(|z|2s)).For a, b ∈ KR one has l(ab) = l(a) + l(b). Note that l(S) is contained in the hyperplaneH = y :

∑yi = 0 of Rr+s, i.e. H ≃ Rr+s−1.

12.11. Lemma. The kernel of l : U → H is a finite cyclic group consisting of the roots ofunity in K. (Follows from the Kornecker’s theorem proved in Homework).

We shall show that the image of U under l is a lattice in H. More precisely, one has,

12.12. Theorem (Dirichlet’s unit theorem). The group of units in OK is a direct product ofthe finite cyclic group consisting of the roots of K and a free abelian group of rank r+ s− 1.

Proof. Step 1: We claim that every bounded region containing a neighbourhood of the originin H contains (the image of) a finitely many units. It follows that l(U) is discrete in H.Let X be any such region. If the co-ordinates of points of X are within [−t, t] then thethe preimage l−1(X) is contained in a disc of radius et around origin, i.e. is bounded, so itcontains finitely many points of R, in particular of U . So l(U) = Zu1 + · · · + Zum for somem ≤ r+ s− 1. The main task is to show that m = r+ s− 1. This follows from the followingclaim:

Step 2: H is covered by the translates of a bounded region by the (image of) units. For

each τ Choose positive real numbers cτ such that cτ = cτ and C =∏cτ > ( 2

π)s

√|∆K |.

Let X be the subset of KR defined by the inequalities |xτ | ≤ cτ for all τ . Then vol(X) =2rπsC > 2n vol(ΛR).

Let z ∈ S. Consider the set Xz = z.x : x ∈ X. Then Xz is defined by inequalitiessimilar to x, with cτ replaced by c′τ = cτ |zτ |. It follows that vol(Xz) = vol(X)N(z) = vol(X).Thus Xz contains a nonzero element a of ΛR. Since a ∈ Xz, one has N(a) =

∏τ τ(a) ≤

CN(z) = C. Let a1, · · · , ak be the generators for principal ideals of norm upto C. ThenaR = aiR for some R. Now a ∈ Xz if and only if z−1 ∈ ai

aXa−1

i . Letting Y = ∪ki=1Xa

−1i , we

have z−1 ∈ ai

aY . In other words, we have l(z−1) ∈ l(ai/a) + l(Y ∩ S) where ai/a is an unit

and Y ∩ S is a bounded set of H. Now the proof is complete once we note that z−1 variesover S as z varies over S. (Or simply start with x−1 instead of z and repeat the argument).

So the image of l is isomorphic to Zr+s−1 and the kernel is a finite cyclic group. The resultnow follows from structure theorem for finitely generated abelian groups.

44