Galois groups over Q: a first course

Rodolfo Venerucci

Contents
1. How to compute the Galois group of an equation? 1
2. Number theory 9
3. Solutions to selected exercises 40
References 42

1. How to compute the Galois group of an equation?

Let f (T ) in Z[T ] be a polynomial with integral coefficients. Denote by G(f )
the Galois group of a splitting field of f over Q. We call G(f ) the Galois group of
f . This section presents some tools to compute G(f ). Some of these tools will be
proved in later sections, some others are beyond the scope of this course.
1.1. The fundamental theorem of algebra.
Theorem 1.1. The field C of complex numbers is algebraically closed.
Proof. Recall that
C = R[T ]/(T 2 + 1) = R(i)
is the quadratic extension of the field R of real numbers generated by a root i of
the irreducible real polynomial T 2 + 1. The proof uses the following two properties
satisfied by the field of real numbers.
(a) Each polynomial in R[T ] of odd degree has a real root.
(b) Each positive real number has a square root.
(These statements can be deduced from the mean value theorem of real analysis.)
Granting (a) and (b), we prove the theorem as follows. Let K be a finite
extension of C. We have to show that K is indeed equal to C. Enlarging L if
necessary, we can (and will) assume that K is Galois over R, so that
[K : R] = |Gal(K/R)| = 2k · n
for some integers k > 1 and n > 1 with n odd. (Note that [K : R] = 2 · [K : C] is
even.) The Sylow theorems imply that G = Gal(K/R) has a subgroup H of order
2k , which by the Galois correspondence equals Gal(K/K H ), where
K H = {x ∈ K : h(x) = x for all h ∈ H}
is the fixed field of H. The extension K H /R has degree
[K H : R] = |G|/|H| = n,
1
2 RODOLFO VENERUCCI

and by the primitive element theorem is generated by a root of an irreducible real

polynomial of degree n. Since n is odd, Property (a) implies that n = 1, id est
[K : R] = 2k and [K : C] = 2k−1 .
Assume ad absurdum k > 2, so that K is a nontrivial Galois extension of C of
degree 2k−1 . The Galois group Gal(K/C) has then order 2k−1 , hence (by the
theory of p-groups) contains a subgroup H of order 2k−2 . As above, one deduces
from the Galois correspondence that the fixed field K H of H is an extension of
C of degree 2. On the other hand, Property (b) above implies that C does not
have quadratic extensions, id est that every complex number admits a square root
(Exercise). This contradiction proves that k is equal to 1, as was to be shown. 

The previous theorem, known as the fundamental theorem of Algebra, implies

that C contains an algebraic closure of Q. More precisely, the field
[ 
Q̄ = K = x ∈ C : x is algebraic over Q
K subfield of C algebraic over Q

is an algebraic closure of Q contained in C. We call an element of Q̄ an algebraic

number, so that Q̄ is the field of algebraic numbers. A number field is a finite field
extension of Q contained in the field of algebraic numbers Q̄.
In particular, for each polynomial f (T ) in Z[T ], the subfield Q(f ) of C gener-
ated over Q by the roots of f :
Q(f ) = Q({α ∈ C : f (α) = 0})
is a splitting field of f over Q, and G(f ) ' Gal(Q(f )/Q) is isomorphic to the Galois
group of Q(f ) over Q. In the rest of this section, we will always take Q(f ) as a
distinguished splitting field for f over Q, and we will consequently identify G(f )
with the Galois group of the extension Q(f )/Q.
Given f (T ) in Q[T ], denote by Zf = Z(f ) the set of complex roots of f , so
that Q(f ) becomes a shorthand for Q(Z(f )) = Q(Zf ). Moreover denote by
Sf = S(f ) = {Group of permutations of Zf }.
The maps which sends a field automorphism σ in G(f ) to its restriction σ|Zf to Zf
yields an injective morphism of groups
G(f ) ,−→ S(f ),
under which we identify G(f ) with a subgroup of the permutation group S(f ). If
f is irreducible, then G(f ) is a transitive subgroup of S(f ), namely given two roots
α and β of f , there exists an automorphism σ in G(f ) such that σ(α) = β.
If f is separable of degree n, then Z(f ) has cardinality n, and a bijection
if : {1, . . . , n} ' Z(f ) (id est an ordering of the roots of f ) yields an isomorphism
of groups i∗f : S(f ) ' Sn (satisfying i∗f (σ)(·) = i−1 f (σ(if (·))) for each σ in S(f ) and
each · in {1, . . . , n}), which identifies G(f ) with the subgroup G(f, if ) = i∗f (G(f ))
of Sn . If i0f is a second bijection between {1, . . . , n}, then G(f, i0f ) = γ −1 ·G(f, if )·γ
with γ = i−1 0
f ◦ if , hene G(f, if ) depends on the choice of if only up to conjugation.

Terminology. Let f in Z[T ] be a separable polynomial of degree n, and let P

be a property concerning subgroups (resp., elements) of Sn , which is invariant under
conjugation. Then we say that a subgroup H (resp., an element g) of G(f ) satisfies
P if i∗f (H) (resp., i∗f (g)) satisfies P for all bijections if : {1, . . . , n} ' Z(f ). (For
example, if d = (d1 , . . . , dm ) P
is an m-tuple of positive integers satisfying di 6 di+1
m
for each 1 6 i 6 m − 1 and i=1 di = n, one says that an element g of G(f ) has
∗
cycle type d if if (g) in Sn has cycle type d for any bijection if : {1, . . . , n} ' Z(f ).)
 GALOIS GROUPS OVER Q: A FIRST COURSE 3

1.2. A theorem of Dedekind. The following result of Dedekind provides

a powerful tool to study the Galois group of a monic equation. Given a rational
prime p, fix an algebraic closure F̄p of the finite field Fp = Z/pZ with p elements.
For each f (T ) in Z[T ], denote by fp (T ) = f (T ) + pZ[T ] in Fp [T ] = Z[T ]/p · Z[T ]
the reduction of f modulo p, by Z(fp ) the set of roots of fp in F̄p , and by G(fp )
the Galois group of the splitting field Fp (fp ) = Fp (Z(fp )) of fp over Fp .
Proposition 1.2. Let f (T ) in Z[T ] be a monic polynomial with integral coef-
ficients, and let p be a rational prime such that the reduction fp (T ) of f (T ) modulo
p is separable. Then there exists a bijection
rf,p : Z(f ) ' Z(fp )
and an injective morphism of groups
Φf,p : G(fp ) ,−→ G(f )
such that, for each σ in G(fp ) and each z in Z(f ), one has


(1) rf,p Φf,p (σ)(z) = σ(rf,p (z)).
Proposition 1.2 is proved in Section 2.7 below (cf. Proposition 2.55). In the
rest of this section, we discuss some applications and examples.
Let f (T ) in Z[T ] be a monic separable polynomial of degree n > 1 with integral
coefficients, and let p be a rational prime such that fp (T ) is separable. Fix a
bijection if : {1, . . . , n} ' Z(f ), and denote by i∗f : G(f ) ,−→ Sn the corresponding
embedding of G(f ) into the symmetric group Sn (cf. Section 1.1). Let rf,p and
Φf,p be as in Proposition 1.2, let ifp : {1, . . . , n} ' Z(fp ) be the composition of
if and rf,p , and let i∗fp : G(fp ) ,−→ Sn be the injective morphism associated with
ifp . The situation is summarised by the following commutative diagram, where the
commutativity of the second triangle is a consequence of Equation (1).
(2) Z(f ) h G(f )
O
if i∗
f

w
rf,p {1, . . . , n} Sn g Φf,p

i∗
 v
ifp fp

Z(fp ) G(fp )
Since by assumption fp (T ) is separable, one has
fp = h1 · · · hg
for irreducible and distinct polynomials hi (T ) in Fp [T ]. Set di = deg(hi ), and
(reordering the polynomials hi if necessary) assume that di 6 dj if i 6 j. We set
Type(fp ) = (d1 , . . . , dg ), and we say that fp has a factorisation of type Type(fp ).
Lemma 1.3. G(fp ) is cyclic, generated by an element of cycle type Type(fp ).
Proof. By the theory of finite fields, every finite extension of Fp is (Galois
with) cyclic (Galois group), hence G(fp ) is a cyclic group (generated by the re-
striction to Fp (fp ) of the Frobenius automorphism
`g σp of F̄p ). The Galois group
G(fp ) respects the partition Z(fp ) = i=1 Z(hi ) of Z(fp ) and acts transitively
on each Z(hi ). If we identify G(fp ) with a subgroup of Sn under any bijection
if : {1, . . . , n} ' Z(f ), the generator of G(fp ) then corresponds to a permutation
`g
which respects the partition {1, . . . , n} = i=1 i−1 f (Z(hi )) and acts transitively on
each i−1
f (Z(h i )). As claimed, such a permutation have cycle type Type(fd ). 
4 RODOLFO VENERUCCI

It follows from the previous lemma and the second commutative diagram in
Equation (2) that the image of a generator of G(ff ) under the morphism Φf,p has
cycle type Type(fp ). We summarise the discussion in the following important

Corollary 1.4. Let f in Z[T ] be a monic polynomial with integer coefficients,

and let p be a rational prime such that fp is separable. Then G(f ) contains an
element of cycle type Type(fp ).

Example 1.5. We claim that the Galois group G(f ) of

f (T ) = T 7 − T − 1
over Q is (isomorphic to) the symmetric group S7 . In order to prove this, we first
observe that f7 (T ) is irreducible in F7 [T ]. Indeed, if α is a root of f7 (T ) in F̄7 , then
i 7
α7 = α + i for each i > 0, hence α is a root of the polynomial T 7 − T but not of
i n
T 7 − T for 0 6 i 6 6. Since F7n = Z(T 7 − T ) is the unique subfield of F̄7 having
degree n over F7 , this implies that α generates F77 over F7 . As a consequence,
the minimal polynomial of α over F7 has degree 7 and divides f7 , hence is equal to
f7 , which is then irreducible. The irreducibility of f7 in F7 [T ] implies that of f in
Q[T ], and together with Corollary 1.4 implies that G(f ) contains a 7-cycle. On the
other hand, the factorisation of f3 into irreducible elements of F3 [T ] is given by

f3 (T ) = (T 2 + T + 2) · (T 5 + 2 · T 4 + 2 · T 3 + 2 · T + 1),
hence Type(f3 ) = (2, 5). (We leave it as an exercise to check that the second factor
in the right hand side of the previous equation is irreducible in F3 [T ].) Since f3 is
separable, Corollary 1.4 implies that G(f ) contains an element of type (2, 5), whose
5-th power is a transposition. The claim then follows from Lemma 1.6 below.

Lemma 1.6. If p is a prime, then the symmetric group Sp is generated by any

p-cycle and any transposition.

Proof. Let H be a subgroup of Sp containing a transposition and a p-cycle.

There is then a conjugate H 0 of H containing (12) and a p-cycle σ. Some power
of σ maps 1 to 2, and is a p-cycle since p is prime. It follows that H 0 contains the
transposition (12) and a p-cycle of the form (12i3 · · · ip ), hence some conjugate H 00
of H 0 contains (12) and (12 · · · p). Since (12 · · · p)i · (12) · (12 · · · p)−i = (i + 1 i + 2)
for each 0 6 i 6 p − 1 (with the convention i + 2 = 1 if i = p − 1), and since these
transpositions generate Sp , it follows that H 00 = Sp , hence H = Sp . 

Exercise 1.7. Prove the following statement. Let f (T ) be a monic and irre-
ducible polynomial in Z[T ] of prime degree p > 2. Assume that either
• f has precisely two non-real roots; or
• there exists a prime ` such that f` is separable and has precisely two roots
which do not belong to F` .
Then the Galois group G(f ) of f over Q is isomorphic to Sp . (Hint: observe that
the prime p divides the order of the Galois group G(f ).)

Exercise 1.8. Show that the Galois group of T n − T − 1 over Q is isomorphic

to the symmetric group Sn for n = 2, 3, 4, 5.

Example 1.9. Let us compute the Galois group over Q of

f (T ) = T 4 + 8T + 12.
Looking at the reduction of f modulo small primes one finds the following table.
 GALOIS GROUPS OVER Q: A FIRST COURSE 5

p Type(fp )
5 (1,3)
7 (1,3)
11 (1,3)
13 (1,3)
17 (2,2)
Then f is irreducible in Q[T ], hence G(f ) is a transitive subgroup of S4 . Moreover,
since f5 is separable, Corollary 1.4 proves that G(f ) contains a 3-cycle, hence
3 divides the order of G(f ). The only transitive subgroups of S4 of cardinality
divisible by 3 are A4 and S4 itself. Since the discriminant of f is a square:
disc(f ) = 331776 = 212 · 34
we conclude that G(f ) is isomorphic to the alternating group A4 .
Fix a bijection if between {1, 2, 3, 4} and Z(f ), set zj = if (j), and identify
G(f ) with the subgroup A4 of S4 under the embedding i∗f associated with if . The
group A4 has a unique (nontrivial) normal subgroup, namely its 2-Sylow subgroup
V = {1, (12)(34), (13)(24), (14)(23)} ' Z/2Z × Z/2Z.
It follows by the Galois correspondence that Q(f ) has a unique (nontrivial) subfield
which is Galois over Q, given by the cubic extension
(3) Q(f )V = Q(z1 z2 + z3 z4 ).
Indeed, by construction ζ = z1 z2 + z3 z4 is fixed by V . Moreover the 3-cycle (123)
sends ζ to ξ = z2 z3 +z1 z4 . The equality ζ = ξ would imply z1 (z2 −z4 ) = z3 (z2 −z4 ),
contradicting the irreducibility of f . Then Q(ζ) is a nontrivial extension of Q
contained in the degree-3 extension Q(f )V , thus proving (3). (Exercise: show that
the minimal polynomial of z1 z2 + z3 z4 over Q is T 3 − 48 · T − 64.) The group V
contains three ciclic groups of order 2, generated respectively by (12)(34), (13)(24)
and (14)(23). Under the Galois correspondence, these groups correspond to the
degree 6 extensions of Q generated respectively by z1 + z2 , z1 + z3 and z1 + z4 .
(Note that z1 + z2 + z3 + z4 = 0. As an exercise, prove that z1 + z2 is a square
root of z1 z2 + z3 z4 and deduce that T 6 − 48 · T 2 − 64 is the minimal polynomial of
z1 + z2 over Q.) Finally the 3-Sylow subgroups of A4 are generated by the 3-cycles
(123), (124), (134) and (234), and their fixed subfields are generated over Q by z4 ,
z3 , z2 and z1 respectively.
√ √
Example 1.10. Let z = 2 + −7 in C be the sum of a square root of 2 and
square root of −7. The minimal polynomial of z over Q is
f (T ) = T 4 − 10 · T 2 + 81.
In particular f is irreducible. On the other hand, fp is reducible for every prime
p. Indeed, let p be a prime such that fp is separable (namely p 6= 2, 3, 7). If
fp were irreducible, then Corollary 1.4 would imply that G(f ) contains a 4-cycle,
contradicting the fact that G(f ) ' Z/2Z × Z/2Z does not contain an elements
of order 4. Similarly, one proves that fp has no irreducible factor of degree 3 in
Fp for all primes p. The previous discussion applies verbatim to any polynomial
of the form bm,n (T ) = T 4 − 2(n + m) · T 2 + (n + m)2 − 4nm, where n 6= 1 and
m 6= 1 are square-free relatively prime integers, is irreducible in Q[T ] and reducible
modulo p for every prime p.) The cyclotomic polynomials yield other examples
of irreducible monic polynomials in Z[T ] with reducible reduction modulo every
prime: if the m-th cyclotomic polynomial Φm is irreducible modulo a prime, then
the group G(Φm ) ' (Z/mZ)∗ contains a ϕ(m)-cycle (cf. Corollary 1.4), hence is
cyclic. This implies for example that Φ8m is reducible modulo every prime for each
m > 1. More generally, Corollary 1.4 implies that any monic polynomial f with
6 RODOLFO VENERUCCI

integral coefficients such that Q(f ) = Q(z) for some z in Z(f ) and G(f ) is not
cyclic, is reducible modulo every prime.
Example 1.11. The previous examples and exercises show the strength of
Corollary 1.4 in proving that the Galois group of an equation is large, namely
isomorphic to a symmetric or alternating group. By contrast, it often gives little
help in proving that a Galois group is small. For example, consider the Galois group
G(f ) over Q of the integral equation
f (T ) = T 5 + 15 · T + 12.
By the Eisenstein criterion, f is irreducible in Q[T ], hence G(f ) is isomorphic to a
transitive subgroup of S5 . Up to conjugation, S5 has five transitive subgroups.
• The symmetric group S5 , generated by (12345) e (12);
• The alternating group A5 , generated by (12345) and (123);
• The Frobenius group F20 generated by (12345) and (2354). It is isomor-
phic to the semidirect product Z/5Z o Z/4Z with γ · u · γ −1 = u3 , where
γ is a generator of Z/4Z and u is an element of Z/5Z.
• The dihedral group D5 generated by (12345) and (25)(34).
• The cyclic group generated by (12345).
The discriminant of f is not a square:
disc(f ) = 210 · 34 · 55 ,
hence G(f ) is not isomorphic to a subgroup of A4 . This implies that G(f ) is
either isomorphic to F20 or to S5 , and isomorphic to S5 if and only if it contains a
permutation. One can now try to use Corollary 1.4 to prove that that G(f ) contains
a permutation. On the other hand, consider the rational primes p < 104 such that
fp is separable modulo p. There are 1226 such primes, and (with the help of a
computer algebra system) one finds that Type(fp ) is equal to (1, 1, 1, 1, 1) (resp.,
(1, 2, 2), (1, 4), (5)) for 58 (resp., 308, 617, 243) of them. In particular, there is no
prime p < 104 such that Type(fp ) is equal to (1, 1, 1, 2), (1, 1, 3), hence Corollary
1.4 give no further information on the structure of G(f ).
We close this section with the following application of Proposition 1.2.
Proposition 1.12. For each positive integer n, there exists a degree n polyno-
mial with integral coefficients whose Galois group over Q is isomorphic to Sn .
Proof. Let f be a any polynomial in Z[T ] of the form
f = −15 · µ + 10 · ν + 6 · ξ,
where µ, ν and ξ are monic integral polynomials of common degree n such that
(1) µ2 is irreducible;
(2) ν3 has an irreducible factor of degree n − 1;
(3) ξ5 is the product of an irreducible quadratic polynomial and one or two
distinct irreducible polynomials of odd degree.
Since −15 + 10 + 6 = 1, the polynomial f is monic. It is irreducible in Q[T ],
since its reduction f2 = µ2 modulo 2 is irreducible in F2 [T ]. As a consequence
G(f ) is isomorphic to a transitive subgroup of Sn . According to property (3) the
reduction f3 = ν3 of f modulo 3 has type (1, n − 1). If n > 2, this implies that f3
is separable and that G(f ) contains an (n − 1)-cycle (cf. Corollary 1.4). Property
(3) finally implies that f5 = ξ5 is separable and that G(f ) contains a transposition
(cf. Corollary 1.4). To sum up, the Galois group G(f ) is isomorphic to a transitive
subgroup of Sn containing a transposition and an (n − 1)-cycle, hence G(f ) ' Sn
by Lemma 1.13 below. 
 GALOIS GROUPS OVER Q: A FIRST COURSE 7

Lemma 1.13. For each positive integer n, a transitive subgroup of Sn containing

a transposition and an (n − 1)-cycle is equal to Sn .
Proof. Let H be a transitive subgroup of Sn containing a transposition and
an (n−1)-cycle. Then a conjugate H 0 of H contains the (n−1)-cycle (1 · · · n−1) and
a transposition (ij). Since H 0 is transitive, it contains an element h sending j to n,
hence contains the transposition h·(ij)·h−1 = (kn), where k = h(i). The conjugates
of (kn) by the powers of (1 · · · n−1) are the transpositions (1n), . . . , (n−1 n), which
clearly generate Sn , hence H = H 0 = Sn . 
Exercise 1.14. Prove that the Galois group of T n − T − 1 is isomorphic to the
symmetric group Sn for each positive integer n less or equal than 10.
Exercise 1.15. Let f in Z[T ] be a monic degree-4 polynomial with Galois
group isomorphic to A4 . Show that fp is reducible for each rational prime p.
1.3. A theorem of Frobenius (cf. [3]).
Example 1.16. Let f (T ) = T 4 + 8 · T + 12 be the polynomial considered
in Example 1.9, where we proved that G(f ) is isomorphic to A4 . It then follows
from Exercise 1.15 that the reduction of f modulo p is reducible for every prime
p. In addition, there is no prime p such that Type(fp ) = (1, 1, 2). (Indeed, by
Corollary 1.4, the existence of such a prime would imply that G(f ) ' A4 contains
a transposition, cf. Example 1.9.) With the help of the computer algebra system
SageMath, one can perform an interesting numerical experiment: there are 9592
primes less that 105 , and the reduction of f has type (1, 3), (2, 2) and (1, 1, 1, 1)
6399
modulo 6399, 2406 and 785 of them respectively. The fractions 9592 ≈ 0, 667,
2406 785 8 3 1
9592 ≈ 0, 250 and 9592 ≈ 0, 081 are equal to 12 , 12 and 12 up to the second decimal
digit. Note that G(f ) ' A4 has cardinality 12, and it contains precisely 8 elements
of type (1, 3) and 4 elements of type (2, 2). This numerical experiment then suggests
that the fraction of rational primes at which the reduction of f has a given type is
proportional to the number of element of that type in the Galois group G(f ), and
that the constant of proportionality is the inverse of the cardinality of G(f ).
Example 1.17. The reduction of f (T ) = T 4 +2 has type (4), (2, 2), (1, 1, 2) and
(1, 1, 1, 1) modulo 2399, 3601, 2409 and 1182 respectively of the 9592 primes less
2399
than 105 . The fractions 9592 ≈ 0, 250, 3601 2409 1182
9592 ≈ 0, 375, 9592 ≈ 0, 251 and 9592 ≈ 0, 123
2 3 2 1
are equal respectively to 8 , 8 , 8 and 8 up to the second decimal digit. Since G(f )
is isomorphic to the dihedral subgroup D8 = h(1234), (13)i of S4 , this suggests once
1
again that the fraction of primes at which f has a given type equals |G(f )| times
the number of elements of G(f ) of that type.
A subset S of the set P of rational primes has natural density δ(S) in R if

# p∈S:p6X
δ(S) = lim  .
X→∞ # p ∈ P : p 6 X

The following result, which in particular yields a converse to Corollary 1.4, is due
to Frobenius and Hecke. Its proof is beyond the scope of these notes.
Theorem 1.18. Let f be a monic polynomial with integral coefficients. Then
the set of primes p such that fp has type (d1 , . . . , dg ) has natural density equal to

# g ∈ G(f ) : g has type (d1 , . . . , dg )
.
#G(f )
In particular, if G(f ) contains an element of type (d1 , . . . , dg ), then there are infin-
itely many primes p such that the reduction of f modulo p has type (d1 , . . . , dg ).
8 RODOLFO VENERUCCI

Example 1.19. In practice, Corollary 1.4 and Theorem 1.18 allow to predict
(if not compute) which is the structure of the Galois group of an equation. For
example, Example 1.11 shows that the Galois group of f (T ) = T 5 + 15 · T + 12
is either isomorphic to the symmetric group S5 or to its Frobenius subgroup F20 .
According to Theorem 1.18, the cardinality of G(f ) is equal to the inverse of the
density of the set of primes p such that fp has type 1 = (1, 1, 1, 1, 1). One checks
numerically that fp has type 1 for 3892 of 78498 primes p less than 106 , hence #G(f )
should be approximately 78498
3892 = 20, 169..., suggesting that G(f ) is isomorphic to
F20 . This is in agreement with other numerical computations mentioned in Example
1.11 (e.g. there is no prime p < 104 such that fp has type (1, 1, 1, 2) or (1, 1, 3)).
Exercise 1.20. Show that a prime p divides the order of the Galois group of a
monic separable polynomial f with integral coefficients if and only if there is a prime
` such that the reduction of f modulo ` is separable of type (1, . . . , 1, p, . . . , p).
 GALOIS GROUPS OVER Q: A FIRST COURSE 9

2. Number theory
2.1. Algebraic integers.
Proposition 2.1. Let α be a complex number. Then the following properties
properties are equivalent.
(I1 ) α is a root of a monic integral polynomial.
(I01 ) α is algebraic over Q and its minimal polynomial has integral coefficients.
(I2 ) The sub-ring of C generated by α is a finitely generated abelian group.
(I3 ) There exists a non-zero finitely generated subgroup M of C such that α·M
is contained in M .
Proof. If α is a root of a monic integral polynomial f , then α is algebraic
and its minimal polynomial fα over Q divides f . Since both f and fα are monic,
it follows from the Gauß Lemma that fα has integral coefficients. This proves the
equivalence between (I1 ) and (I01 ).
Assume that α is a root of the monic polynomial
T n + an−1 T n−1 + · · · + a0 ∈ Z[T ],
Pm+n−1
for some n > 1. For each positive integer m, denote by Mm = i=0 Z · αi the
subgroup of C generated by 1, α, . . . , αn+m−1 . The identity
αn+m = −an−1 · αm+n−1 − · · · − a0 · αm
shows that Mm+1 is contained in Mm , hence by induction Mm = M0 for each
m > 0. It follows that the subring Z[α] of C generated by α is equal to the finitely
generated abelian group M0 , thus proving that (I1 ) implies (I2 ).
Clearly (I2 ) implies (I3 ) (just take M = Z[α]). Assume then there exists a
non-zero finitely generated subgroup M of C preserved by multiplication by α. Let
{mi }16i6r be a set of generators for M over Z. Then
α·m=a·m
for an r × r matrix a = (aij ) with integral coefficients, where m is the transpose
of (m1 · · · mr ). Set c = α · 1r − a, where 1r = (δij ) is r × r identity matrix.
The previous equation can then be rewritten as c · m = 0, which implies that the
determinant of c is zero. It follows that α is a root of the monic integral polynomial
det(T · 1r − a) ∈ Z[T ],
thus proving that (I3 ) implies (I1 ). 
An algebraic integer is a complex number satisfying the equivalent properties
(I1 ), (I01 ), (I2 ) and (I3 ) of Proposition 2.1. If α is a algebraic integer, then every
monic integral polynomial f satisfying f (α) = 0 is called an integral equation for
α. For each subfield k of C define

Ok = α ∈ k : α is and algebraic integer .
The following corollary of Proposition 2.1 proves that Ok is a ring, called the ring
of algebraic integers of k.
Proposition 2.2. Ok is a subring of C for each subfield k of C.
Proof. It is sufficient to prove that α · β and α ± β are algebraic integers if α
and β are. By (I2 ), the subrings Z[α] and Z[β] of C are finitely generated groups,
say generated by α1 , . . . , αm and β1 , . . . , βn respectively. It follows that the abelian
group underlying the subring Z[α, β] of C generated by α and β is generated by
the products {αi · βj }i,j . Since the elements α · β and α ± β belong to Z[α, β], it
then follows from (I3 ) that they are algebraic integers, as was to be shown. 
10 RODOLFO VENERUCCI

Remark 2.3. Let k be a subfield of C and let α be an element of the ring of

integers of k. Then σ(α) is an algebraic integer (id est an element of Oσ(k) ) for
each field embedding σ of k into C. Indeed, an integral equation for α is also an
integral equation for σ. (Alternatively, σ(α) is a root of the irreducible polynomial
of α, which has integral coefficients.) In particular, if k is a Galois extension of Q,
then the Galois group Gal(k/Q) acts via ring isomorphisms on Ok .
Example 2.4. One has OQ = Z (by property (I01 ) in Proposition 2.1).
√
Example 2.5. Let d be a square root of a square-free integer d 6= 1. Define
√ √
1+ d
ωd = d if d is congruent to 2 or 3 modulo 4, and define ωd = 2 if d is congruent
√
to 1 modulo 4. Then the ring of integers of Q( d) is given by
(4) OQ(√d) = Z[ωd ].

We prove this statement assuming d ≡ 1 (mod 4) (leaving

√ the other easier cases as
an exercise). Let σ be the non-trivial element Gal(Q( d)/Q). Then
1−d
ωd + σ(ωd ) = 1 and ωd · σ(ωd ) = ,
4
hence the minimal polynomial of ωd over Q is T 2 − T + 1−d4 , which belongs to Z[T ]
under the current assumption on d. It follows that ωd is an algebraic integer,
√ hence
√
the ring OQ(√d) contains Z[ωd ]. Conversely, assume that α = x + y · d in Q( d)
is an algebraic integer. Then the minimal polynomial
fα (T ) = T 2 − 2x · T + x2 − dy 2
of α over Q has integral coefficients, id est 2x and x2 − dy 2 are integers. If x is an
integer, then 4x2 is divisible by 4, hence 4dy 2 is an integer divisible by 4. Since d
is odd and square-free, this implies that y is an integer, hence α belongs to Z[ωd ].
If x is not an integer, then 2x = m is an odd integer, hence 4x2 ≡ 1 (mod 4). It
follows that 4dy 2 is an integer congruent to 1 modulo 4, hence √ 2y =m−n
n is an odd
integer since d ≡ 1 (mod 4). As a consequence α = m 2 + n
2 · d = 2 + n · ωd
belongs to Z[ωd ] also in this case, thus proving Equation (4).
2.2. Traces and norms. Let A be a (commutative unitary) ring. A finite free
A-algebra is an A-algebra B which is finitely generated and free as an A-modulo,
viz. isomorphic to An for some n > 0 as an A-modules. In this case, we denote
by [B : A] the rank n of the A-module B, and we call it the rank, or degree of the
A-algebra B. An A-basis of B is a [B : A]-tuple ω = {ω1 , . . . , ω[B:A] } of B such
that B = ⊕j A · ωj , namely each element of B can be written uniquely as linear
combination of the elements of ω with coefficients in A. The A-bases of B are in
bijections with the isomorphisms of A-modules from A[B:A] onto B.
Example 2.6.
1. If A is a field, any finite field extension B of A (of degree n > 1) is a finite
free A-algebra (of degree [B : A] = n).
2. Let A be a ring and let f in A[T ] be a monic polynomial with coefficients
in A. Then B = A[T ]/f · A[T ] is a finite free A-algebra of rank deg(f ).
If t denotes the residue class of T modulo f · A[T ], then the elements
1, t, . . . , tdeg(f )−1 form an A-basis of B.
3. If B is a finite free A-algebra, then B/IB is a finite free A/I-algebra of
rank n for any ideal I of A. Moreover one has [B : A] = [B/IB : A/I].
4. The ring Z[T ]/(n · T + 1) · Z[T ] is not finite free over Z for each integer n
different from 1 or −1.
 GALOIS GROUPS OVER Q: A FIRST COURSE 11

5. If B is a finite free A-algebra of rank m, and C is a finite free B-algebra

of rank n, then C is a finite free A-algebra of rank mn. Indeed, if
{ω1 , . . . , ωm } is an A-basis of B and {η1 , . . . , ηn } is a B-basis of C, then
the set {ωi · ηj : 1 6 i 6 m, 1 6 j 6 n} is an A-basis of C.
6. Proposition 2.15 below proves that the ring of integers Ok of a number
field k is a finite free Z-algebra of rank [k : Q].
Let B be a finite free A-algebra. For each b in B, multiplication by b defines a
morphism of A-modules mb : B −→ B. Let ω = {ωi }16i6n be an A-basis of B and
define mb = mω,b to be the n × n matrix with coefficients in A representing the
endomorphism mb in the basis ω. (In other wordsPn mb is the transpose of the matrix
(aij ) characterised by the identities b · ωi = j=0 aij · ωj for each 1 6 i 6 n.) The
matrix mb depends on the choice of the A-basis ω of M only up to conjugation by
an element of GLn (A), hence the formulae
TrB/A (b) = trace(mb ) and NB/A (b) = det(mb )
define maps
TrB/A : B −→ A and NB/A : B −→ A,
called respectively the trace and the norm of the of the A-algebra B.
Since one has mb+b0 = mb + mb0 for each b and b0 in B, and since the trace
is additive on matrices is additive and A-linear, the map TrB/A is a morphism of
A-modules. In particular TrB/A (a) = [B : A] · a for each a in A, where [B : A]
is the rank of the A-module B. Similarly, since mbb0 = mb ◦ mb0 and since the
determinant is multiplicative on matrices, the norm map NB/A is a multiplicative
function, satisfying NB/A (a) = a[B:A] for each a in A.
Proposition 2.7. (Transitivity relations) Let B be a finite free A-algebra, and
let C be a finite free B-algebra. Then C is a finite free A-algebra and one has
TrC/A = TrB/A ◦ TrC/B and NC/A = NB/A ◦ NC/B .
Proof. The transitivity relation for the trace is easy and left as an exercise to
the reader. The transitivity of the norm is more difficult to prove, and we refer the
reader to Section 9.4 of Chapter III of [2] for the details. The rest of these notes
uses the transitivity of the norm only for towers of finite separable extensions. This
particular case is much easier to prove (cf. Exercise 2.59 below). 

We are especially interested in the trace and the norm of a finite separable field
extension.
Proposition 2.8. Let k be a field, let E be a finite separable extension of k,
and let α be an element of E. Let k̄ be an algebraically closed field containing k,
and denote by Σ(E/k) the set of k-algebra embeddings of E into k̄. Then
X Y
TrE/k (α) = σ(α) and NE/k (α) = σ(α).
σ∈Σ(E/k) σ∈Σ(E/k)

Proof. We first prove the proposition for E = k(α). Let m = [k(α) : k] and
let fα = T m + am−1 T m−1 + · · · + a0 in k[T ] be the minimal polynomial of α over k.
The matrix representing mα : k(α) −→ k(α) in the k-basis α = {1, α, . . . , αm−1 } is
 t
0
 .. 
 .
 1m−1 

 0 
−a0 −a1 ··· −am−1
12 RODOLFO VENERUCCI

(where the superscript t denotes transposition), hence

Trk(α)/k (α) = −am−1 and Nk(α)/k (α) = (−1)m · a0 .
On the other hand, since by assumption fα is separable, one has
Y
fα (T ) = T − σ(α),
σ∈Σ(k(α)/k)

so that −am−1 = σ σ(α) and (−1)m · a0 = σ σ(α) as claimed.

P Q
In the general case, since by assumption E is separable, there are precisely
[E : k(α)] elements of Σ(E/k) extending a given σ in Σ(k(α)/k), hence
X X
σ(α) = [E : k(α)] · σ(α) = [E : k(α)] · Trk(α)/k (α)
σ∈Σ(E/k) σ∈Σ(k(α)/k)

and Y Y
σ(α) = σ(α)[E:k(α)] = Nk(α)/k (α)[E:k(α)] .
σ∈Σ(E/k) σ∈Σ(k(α)/k)
It then remains to show that
(5) TrE/k (α) = [E : k(α)] · Trk(α)/k (α) and NE/k (α) = Nk(α)/k (α)[E:k(α)] .
This is a very special case of the transitivity of traces and norms stated in Propo-
sition 2.7. Since the proof of loco citato was omitted, we give here a direct proof.
To compute TrE/k (α) and NE/k (α), choose a k(α)-basis ω = {ω1 , . . . , ωr } of E and
consider the k-basis α · ω = {αi · ωj : 0 6 1 6 m − 1, 0 6 j 6 r} of E. Consider
also the partition of α · ω given by the subsets α · ωj = {αi · ωj : 0 6 i 6 m − 1} (for
1 6 j 6 r), and denote by Ej the k-vector subspace of E generated by the elements
of α ·Lωj . Multiplication by α restricts to a k-linear endomorphism of Ej . Since
r
E = j=1 Ej , it follows that the matrix mα representing multiplication by α in
the k-basis α·ω is a block-diagonal matrix of the form mα = diag(mα,1 , . . . , mα,r ),
where mα,j is the matrix representing multiplication by α on Ej in the basis α · ωj .
In addition, by construction the matrix mα,j is equal to the matrix representing
mα : k(α) −→ k(α) with respect to the k-basis α of k(α), hence
r
X r
X
TrE/k (α) = trace(mα ) = trace(mα,j ) = Trk(α)/k (α)
j=1 j=1

and similarly
r
Y r
Y
NE/k (α) = det(mα ) = det(mα,j ) = Nk(α)/k (α).
j=1 j=1

Since r = [E : k(α)], this proves Equation (5), and with it the proposition. 
While not needed in the rest of this notes, the following proposition describes
the norm and the trace associated with an inseparable field extension.
Proposition 2.9. Let k be a field of positive characteristic p and let E be a
finite extension of k. Let Σ(E/k) be the set of k-algebra embeddings of E into an
algebraic closure of k, so that [E : k] = pi ·|Σ(E/k)| for some integer i > 0. Assume
that i is positive, id est that E is not separable over k. Then
TrE/k = 0
and for each α in E one has
Y i
NE/k (α) = σ(α)p .
σ∈Σ(E/k)

Proof. We divide the argument into four steps.

 GALOIS GROUPS OVER Q: A FIRST COURSE 13

1. Let k be a field and let f = T m + am−1 · T m−1 + · · · + a0 be a monic

irreducible polynomial in k[T ] of degree m. Let α be a root of f in an
algebraic closure k̄ of k. Independently of whether f is separable or not,
the first part of the proof of Proposition 2.8 shows that
(6) Trk(α)/k (α) = −am−1 and Nk(α)/k (α) = (−1)m · a0 .
2. Let E be a finite extension of k. Equation (5) in the proof of Proposition
2.8 (whose proof does not uses the separability assumption) shows that
(7) TrE/k (α) = [E : k(α)] · Trk(α)/k (α) and NE/k (α) = Nk(α)/k (α)[E:k(α)] .
for each element α of E
3. Let k, E and α be as in the statement. Set m = [K(α) : k]. Since by
assumption pi divides [E : k] for some i > 1, either p divides [E : k(α)]
or p divides m. In the first case TrE/k (α) = 0 by Equation (7). In the
second case one has m = pk n for some k > 1 and some integer n > 1
not divisible by p, and the minimal polynomial of α over k is of the form
k
g(T p ) for a separable polynomial g in k[T ] of degree n. The coefficient
k k
of T m−1 = T p n−1 in g(T p ) is zero, hence Trk(α)/k (α) = 0 by Equation
(6). Equation (7) then implies that TrE/k (α) = 0 also in this case. We
have proved that TrE/k is the zero map if E/k is not separable.
4. Let k, E and α be as in the statement. For each finite field extension M/L,
denote by [M : L]s and [M : L]i the separable and inseparable degrees
of M/L respectively. (With these notations, one has [E : k]s = |Σ(E/k)|
and [k(α) : k]s = |Σ(k(α)/k)|.) The minimal polynomial fα of α over k
then splits in an algebraic closure of k as
Y
fα = (T − σ(α))[k(α):k]i ,
σ∈Σ(k(α)/k)

hence Equations (6) and (7) yield

Y
NE/k (α) = σ(α)[k(α):k]i ·[E:k(α)] .
σ∈Σ(k(α)/k)

On the other hand, there are precisely [E : k(α)]s elements of Σ(E/k)

extending a given σ in Σ(k(α)/k), so that
Y Y
σ(α)[k(α):k]i ·[E:k(α)] = σ(α)[E:k]i .
σ∈Σ(k(α)/k) σ∈Σ(E/k)

The proposition follows from step 3 and the last two equations in step 4. 
2.3. Discriminants. Let B be a finite free A-algebra of rank n = [B : A].
For each n-tuple ω = {ω1 , . . . , ωn } of elements of B define


DB/A (ω) = det TrB/A (ωi · ωj )
to be the determinant of the n×n matrix with coefficients in A having TrB/A (ωi ·ωj )
as (i, j)-th entry. It is called the discriminant of ω.
Let ω = {ω1 , . . . , ωn } and ω 0 = {ω10 , . . . , ωn0 } be two n-tuples of elements of
B. Assume that there Pn exists a square matrix c =P(cij )16i,j6n with coefficients in
A such that ωi0 = j=1 cij · ωj . Then ωi0 · ωj0 = r,s (cir · cjs ) · (ωr · ωs ), and by
the linearity of the trace TrB/A (ωi0 · ωj0 ) = r,s (cir · cjs ) · TrB/A (ωr · ωs ). In other
P

words, if ct is the transpose of c, one has

TrB/A (ωi0 · ωj0 ) 16i,j6n = c · TrB/A (ωi · ωj ) 16i,j6n · ct ,

hence
(8) DB/A (ω 0 ) = det(c)2 · DB/A (ω).
14 RODOLFO VENERUCCI

If ω and ω 0 are A-bases of B, then the matrix c is invertible, hence DB/A (ω) and
DB/A (ω 0 ) differ by the square of a unit in A∗ . In particular DB/A (ω) and DB/A (ω 0 )
generate the same principal ideal of A. This ideal is called the discriminant ideal
of the finite free A-algebra B, an denoted by DB/A :
DB/A = DB/A (ω) · A,
where ω is any A-basis of B.
Example 2.10. Let B = A[T ]/f · A[T ], where f = T 2 + a · T + b. Denote by
ω the class of T modulo f , so that 1 and ω give an A-basis of B. One has
0 1


TrB/A (1) = [B : A] = 2, TrB/A (ω) = trace −b −a = −a

and
TrB/A (ω 2 ) = −b · TrB/A (1) − a · TrB/A (ω) = −2b + a2 ,
hence (cf. Proposition 2.12)
 
2 −a
DB/A (1, ω) = det −a a2 −2b
= a2 − 4b.

Example 2.11. Let B = A[T ]/f · A[T ], where f = T 3 + a · T + b. Denote by

ω in B the class of T modulo f · A[T ], so that the elements 1, ω and ω 2 form an
A-basis of B. Clearly TrB/A (1) = [B : A] = 3, and a simple computation gives
 0 1 0  0 0 2 
TrB/A (ω) = trace 0 0 1 = 0 and TrB/A (ω 2 ) = trace −b −a 0 = −2a.
−b −a 0 0 −b −a

Moreover
TrB/A (ω 3 ) = −b · TrB/A (1) − a · TrB/A (ω) = −3b
and
TrB/A (ω 4 ) = −b · TrB/A (ω) − a · TrB/A (ω 2 ) = 2a2 .
It follows that (cf. Proposition 2.12)
 
3 0 −2a
DB/A (1, ω, ω 2 ) = det 0 −2a −3b = −4a3 − 27b2 .
−2a −3b 2a2

Let k be a field and let f be a monic polynomial with coefficients in k. Set

Y
disc(f ) = (zj − zi )2 ,
j>i

where z1 , . . . , zn are the roots of f into an algebraic closure of k, and the product
is over the pairs (i, j) satisfying 1 6 i, j 6 n and i < j. It is an element of k (since
it is fixed by any element of the Galois group of the splitting field k(z1 , . . . , zn ) of
f over k), non-zero precisely if f is separable, and called the discriminant of f .
Proposition 2.12. Let k be a field, and let E be a finite separable field exten-
sion of k of degree n. Let σ1 , . . . , σn be the distinct k-algebra embeddings of E into
an algebraic closure of k, and let ω1 , . . . , ωn be elements of E. Then

2
DE/k (ω1 , . . . , ωn ) = det (σi (ωj ))16i,j6n ,
and for each α in E one has
Dk(α)/k (1, α, . . . , αm−1 ) = disc(fα ),
where fα is the minimal polynomial of α over k. In particular, the trace map TrE/k
is non-zero (cf. Proposition 2.9) and DE/k is non-zero (namely DE/k (ω) is non-zero
for each k-basis ω of E).
 GALOIS GROUPS OVER Q: A FIRST COURSE 15

Proof. According to Proposition 2.8 one has

n
X
TrE/k (ωi · ωj ) = σk (ωi ) · σk (ωj ).
k=1

After setting A = (σr (ωs ))16r,s6n , the right hand side of the previous equation is
equal to the entry (i, j) of the matrix At · A, hence DE/k (ω1 , . . . , ωn ) is equal to
the square of the determinant of A, thus proving the first assertion.
Taking E = k(α) and (ω1 , . . . , ωn ) = (1, α, . . . , αm−1 ) one gets
2
1 z1 · · · z1m−1

1 z2 · · · z m−1 
m−1 2
Dk(α)/k (1, α, . . . , α ) = det  . ..  ,
 
..
 .. . . 
m−1
1 zm · · · zm
where {z1 , . . . , zm } = {σ1 (α), . . . , σm (α)} are the roots of fα in an algebraically
closed field k̄ containing k. Let k̄[T ]6m−1 denote the k̄-vector space of polynomial
of degree at most m−1 with coefficients in k̄. Then the matrix V (for Vandermonde)
which appears in the right hand side of the previous equation is the one representing
the morphism of k̄-vector spaces
ϕ : k̄[T ]6m−1 −→ k̄ m
defined by
ϕ(P ) = (P (z1 ), . . . , P (zm ))
with respect to the k̄-basis {1, T, . . . , T m−1 } of k̄[T ]6m−1 and the canonical k̄-basis
of k̄ m . Consider the elements b1 , . . . , bm of k̄[T ]6m−1 defined respectively by
1, (T − z1 ), (T − z1 ) · (T − z2 ), . . . , (T − z1 ) · (T − z2 ) · · · (T − zm−1 ),
and let U be the square matrix of order m and coefficients in k̄ defined by the
identity (1 T · · · T m−1 ) · U = (b1 · · · bm ). Since bi is a monic polynomial of degree
i − 1, the matrix U is upper triangular with diagonal entries all equal to one. In
particular det(U ) = 1, hence det(V ) equals the determinant of the matrix
1 0 0 ··· 0 
1 z2 −z1 0 ··· 0
1 z3 −z1 (z3 −z1 )(z3 −z2 ) ··· 0 
. .. .. .. 
.. . . .
1 zm −z1 (zm −z1 )(zm −z2 ) ··· (zm −z1 )(zm −z2 )···(zm −zm−1 )

representing ϕ in the k-basis {b1 , . . . , bm } of k̄[T ]6m−1 and the canonical k̄-basis of
k̄ m . The second assertion in the statement of the proposition follows.
Since by assumption fα is separable, its discriminant D(fα ) is non-zero, hence
so is Dk(α)/k (1, α, . . . , αm−1 ). This implies that TrE/k is non-zero. Moreover, by
the primitive element theorem, the separable extension E = k(α) is generated by
some element α, hence DE/k = Dk(α)/k (1, α, . . . , αn ) · k is non-zero. 
Corollary 2.13. With the notations and assumptions of Proposition 2.12,
one has
m(m−1)
Dk(α)/k (1, α, . . . , αm−1 ) = (−1) 2 · Nk(α)/k (fα0 (α)),
where fα0 in k[T ] is the derivative of the minimal polynomial fα of α over k.
Proof. Let α = α1 , . .Q
. , αm be the roots of fα in an algebraic closure of k.
Deriving the identity fα = i (T − αi ) (using the Leibniz formula) one gets
m Y
X
fα0 = (T − αi ),
k=1 i6=k
16 RODOLFO VENERUCCI

hence Y
fα0 (αj ) = (αj − αi ).
i6=j
Proposition 2.8 then gives
Y m
Y m Y
Y
Nk(α)/k (fα0 (α)) = σ(fα0 (α)) = fα0 (αj ) = (αj − αi ).
σ∈Σ(k(α)/k) j=1 j=1 i6=j

The last expression is the product of the factors −(αj − αi )2 , indexed over the

m(m−1)
subsets {i, j} of {1, . . . , m} consisting of two elements. As there are m
2 = 2
such subsets, one can rewrite the previous identity as
m(m−1)
Nk(α)/k (fα0 (α)) = (−1) 2 D(fα ).
The corollary then follows from the second statement of Proposition 2.12. 
Example 2.14. Let p be an odd rational prime, let Φp = T p−1 + · · · + T + 1
in Z[T ] be the p-th cyclotomic polynomial, and set ζp = e2πi/p . Then
p−1
DQ(ζp )/Q (1, ζp , . . . , ζpp−2 ) = (−1) 2 · pp−2 .
Indeed, the identity (T − 1) · Φp = T p − 1 yields Φp + (T − 1) · Φ0p = p · T p−1 , hence
p · ζpp−1 p
Φ0p (ζp ) = = .
ζp − 1 ζp (ζp − 1)
Since the norm N = NQ(ζp )/Q is multiplicative, Corollary 2.13 then yields
p−1 N(p)
DQ(ζp )/Q (1, ζp , . . . , ζpp−2 ) = (−1) 2 · .
N(ζp ) · N(ζp − 1)
The norm of p is equal to p[Q(ζp ):Q] = pp−1 (by the irreducibility of Φp ), and the
norm of ζp is equal to (−1)p−1 times the constant coefficient of Φp (cf. proof of
Proposition 2.8), hence N(ζp ) = 1. Finally one has (by Proposition 2.8)
p−1
Y
N(ζp − 1) = N(1 − ζp ) = (1 − ζpi ) = Φp (1) = p,
i=1
thus concluding the proof of the claim.
2.4. The additive structure of Ok .
Proposition 2.15. For each number field k of degree n over Q, the ring of
integers Ok of k is a finite free Z-algebra of rank n.
Proof. Let Bk be the set of Q-bases of k whose elements belong to Ok . This
is a non-empty set. Indeed, for each ω in k there exists an integer nω such that
nω · ω belongs to Ok . (If ω satisfies the polynomial am · T m + am−1 · T m−1 + · · · + a0
in Z[T ], one can take nQω = am−1 m .) As a consequence, if ω = {ω1 , . . . , ωn } is a
Q-basis of k and nω = i nωi , then {nω · ω1 , . . . , nω · ωn } is an element of Bk .
For each ω in Bk , the discriminant Dk/Q (ω) is a non-zero integer by Proposition
2.12 and Exercise 2.60. It follows that
Dk = {|Dk/Q (ω)| : ω ∈ Bk }
is a non-empty subset of Z>1 , hence has a minimum Dk > 1. Let b = {b1 , . . . , bn }
be an element of Bk such that |Dk/Q (b)| = Dk . We claim that b is a Z-basis of Ok .
Since by assumption the elements of b are linearly independent over k, hence
over Ok , it is sufficient to prove that Ok is generated by b1 , . . . , bn . Assume ad
absurdumP that this is false: there exists α in Ok which does not belong to the
subgroup i Z · bi . Since b is a Q-basis of k, there are rational numbers q1 , . . . , qn
 GALOIS GROUPS OVER Q: A FIRST COURSE 17

P
such that α = i qi · bi . Let J be the set of indices i such that qi does not belong
to Z. By assumption J is non-empty, and reordering the elements of b if necessary
we can assume that 1 belongs to J. If i belongs to J, define nj to be the smallest
integer less than qj ; if i does not belong to J, set ni = qi . Then
X
b01 = (qj − nj ) · bj
j∈J

is an element of Ok and b0 = {b01 , b2 , . . . , bn } belongs to Bk . Moreover, the matrix

C = (cij ) in GLm (Q) defined by the identity b · C = b0 is upper triangular with
c11 = (q1 − n1 ) and cii = 1 for 2 6 i 6 m, hence (cf. Equation (8))
|Dk/Q (b0 )| = (q1 − n1 )2 · |Dk/Q (b)|.
On the other hand 0 < q1 −n1 < 1 since 1 belongs to J, contradicting the minimality
of the absolute value of the discriminant of b. 

For each number field k of degree n = [k : Q] over Q, define the discriminant

dk = DOk /Z (ω1 , . . . , ωn )
of k to be the discriminant of any Z-basis ω = {ω1 , . . . , ωn } of the ring of integers
Ok of k (which exists by Proposition 2.15). Since the units of Z are 1 and −1, it
follows from Equation (8) that dk is independent of the choice of the Z-basis ω of
Ok , and generates the discriminant ideal DOk /Z of the finite free Z-algebra Ok .
Remarks 2.16. Let k be a number field of degree n over Q.
1. The proof of Proposition 2.15 shows that k is the fraction field of Ok .
2. If α is an element of Ok , then Trk/Q (α) = TrOk /Z (α) (as any Z-basis of
Ok is a Q-basis of k). In particular Dk/Q (ω) is equal to DOk /Z (ω) for
each subset ω = {ω1 , . . . , ωn } of Ok .
3. A subset ω = {ω1 , . . . , ωn } of Ok is a Z-basis if and only if Dk/Q (ω) = dk .
If this is the case, then the absolute value of Dk/Q (ω) minimises the
discriminants of the Q-bases of k whose elements are algebraic integers.
Example 2.17. Let α be a complex root of the polynomial T 3 +T +1. According
to Example 2.11 and Proposition 2.12 one has
DQ(α)/Q (1, α, α2 ) = −31.
Since this is a square-free integer, one deduces that
dQ(α) = −31 and OQ(α) = Z[α].
Indeed, since Z[α] is contained in Ok , for each Z-basis {ω1 , ω2 , ω3 } of Ok one has
(ω1 ω2 ω3 ) · C = (1 α α2 ) for some 3 × 3 matrix C with integral coefficients. It
then follows from Equation (8) that DQ(α)/Q (1, α, α3 ) = det(C)2 · dQ(α) , hence
det(C) = ±1 since DQ(α)/Q (1, α, α2 ) is square-free. As a consequence dQ(α) = −31
and OQ(α) = Z[α] by Remark 2.16(3).
Example 2.18. Let α be a complex root of f = T 5 − T + 1. We claim that
dQ(α) = 19 · 151 and OQ(α) = Z[α].
As in Example 2.17, to prove the claim it is sufficient to show that the discriminant
DQ(α)/Q (α) of α = {1, α, · · · , α4 } is equal to the square-free integer 19 · 151. Note
first that the reduction of f modulo 5 is irreducible (Exercise), hence f = fα is the
minimal polynomial of α over Q and (cf. Corollary 2.13)
DQ(α)/Q (α) = NQ(α)/Q (f 0 (α)) = NQ(α)/Q (5α4 − 1).
18 RODOLFO VENERUCCI

As (5α4 − 1)αi = 4αi − 5αi−1 for each positive integer i, the matrix representing
multiplication by 5α4 − 1 on Q(α) in the Q-basis α is
−1 0 0 0 5 !t
−5 4 0 0 0
m5α4 −1 = 0 −5 4 0 0 ,
0 0 −5 4 0
0 0 0 −5 4
so that
NQ(α)/Q (5α4 − 1) = det(m5α4 −1 ) = 55 − 28 = 19 · 151,
thus proving the claim. (A slight generalisation of the above computation shows
that the discriminant of the quintic polynomial T 5 + a · T + b in Q[T ] is 28 a5 + 55 b4 .)
The previous two examples are special cases of the following proposition. Let
M be a subgroup of Ok , which is a free Z-module of rank n. It follows from
Equation (8) that Dk/Q (ω) = Dk/Q (ω 0 ) for any Q-bases ω and ω 0 of M. We call
this common value the discriminant of M, and we denote it by disc(M). With
these notations dk = disc(Ok ).
Proposition 2.19. Let k be a number field and let M be a subgroup of Ok
containing a Q-basis of k. Then M is a free abelian group of rank n = [k : Q].
Moreover, the quotient group Ok /M is finite, and if [Ok : M] denotes its cardinality
–called the index of M in Ok – one has
disc(M) = [Ok : M]2 · dk .
In particular, if a prime p divides exactly disc(M), then it does not divide [Ok : M].
Proof. This is a consequence of the elementary divisors theorem: let M be
a free abelian group of rank r, and let N be a subgroup of M . Then N is free of
rank s 6 r, and there exist a Z-basis Ls{η1 , . . . , ηr } of M and an s-tuple (n1 , . . . , ns )
of positive integers such that N = i=1 ni Z · ηi and ni |ni+1 for each 1 6 i 6 s − 1.
We apply the elementary divisor theorem with M = Ok , which is a finite free
Z-algebra of rank n = [k/Q] by Proposition 2.15, and N = M. Then M is a free
abelian group, and since it contains a Q-basis of k, its rank is equal to n. There exist
then a Z-basis {αL1n, . . . , αn } of Ok and an n-tuple (c1 , . . . , cn )Qof positive integers
n
such that M = i=1 ci Z · αi , hence [Ok : M] is equal to c = i=1 ci and
disc(M) = Dk/Q ((ci · ωi )i ) = c2 · Dk/Q ((ωi )i ) = c2 · dk
by Equation (8) (cf. Remark 2.16), as was to be shown. 
The previous Proposition 2.19 shows that OQ(α) = Z[α] for each algebraic in-
teger α such that disc(Z[α]) = DQ(α)/Q (1, α, . . . , α[Q(α):Q]−1 ) is square-free. When
disc(Z[α]) is not square-free, the following proposition often allows to exclude the
possibility that a rational prime p divides the index of Z[α] in Ok .
Proposition 2.20. Let α be an algebraic integer, and let k = Q(α) be the
number field generated α. If the minimal polynomial of α over Q is Eisenstein at
a prime p, then p does not divide the index [Ok : Z[α]] of Z[α] in Ok .
Before proving Proposition 2.20 we illustrate its utility in a couple of examples
(the first of which is Problem 21 in Section 2 of Chapter 2 of [1]).
Example 2.21. Let α, β and γ be complex roots of the polynomials
f = T 3 − 18 · T − 6, g = T 3 − 36 · T − 78 and h = T 3 − 54 · T − 150
respectively. These polynomials are all Eisenstein at the primes 2 and 3, and all
have discriminant 23 · 35 · 23 (cf. Example 2.11). On the one hand, this implies
disc(Z[ξ]) = 22 · 35 · 23
 GALOIS GROUPS OVER Q: A FIRST COURSE 19

for ξ = α, β, γ (cf. Proposition 2.12). On the other hand, according to Proposition

2.20, this implies that the primes 2 and 3 do not divide the index of Z[ξ] in OQ(ξ) .
Moreover 23 does not divide the same index by Proposition 2.19, hence
dQ(ξ) = 22 · 35 · 23 and OQ(ξ) = Z[ξ]
for ξ = α, β, γ. We will prove later that any two of the cubic fields Q(α), Q(β) and
Q(γ) are not isomorphic (cf. Example 2.41).
Example 2.22. Let p be a rational prime and let m be a positive integer. Let
ζpm be a complex primitive m-th root of 1. We claim that the ring of integers of
the pm -th cyclotomic field Q(ζpm ) is generated by ζpm , namely
OQ(ζpm ) = Z[ζpm ].
m−1
Indeed, set Y = T p and define
Yp−1 m−1 m−1
Φpm (T ) = = Tp (p−1)
+ Tp (p−2)
+ · · · + T + 1.
Y −1
Observe that the monic polynomial f = Φpm (T + 1) is Eisenstein at p, since its
constant term is f (0) = Φpm (1) = p and its reduction modulo p is
(Y + 1)p − 1 m−1
fp = = Y p−1 = T p (p−1)
∈ Fp [T ].
Y
It follows that Φpm is the minimal polynomial of ζpm over Q, and that f is the
minimal polynomial of ζpm − 1 over Q. It then follows from Proposition 2.20 that
the prime p does not divide the index of Z[ζpm ] = Z[ζpm − 1] in OQ(ζpm ) . On the
other hand the absolute value of the discriminant of Z[ζpm ] is equal to a power
of p (cf. Example 2.14): differentiating the identity (Y − 1) · Φpm = Y p − 1 with
respect to T and evaluating at ζpm one gets ζpm (ζp − 1) · Φ0pm (ζpm ) = pm , and
since ζpm (ζp − 1) is an algebraic integer, one deduces from Corollary 2.13 that
m−1
|disc(Z[ζpm ])| = |NQ(ζpm )/Q (ζpm )| divides pp (p−1)m
. The claim then follows
from Proposition 2.19. (Theorem 2.24 shows that OQ(ζn ) = Z[ζn ] for each positive
integer n and each complex primitive n-th root of unit ζn .)
Proof of Proposition 2.20. Let f = fα in Z[T ] be the irreducible polyno-
mial of α over Q and set k = Q(α). By assumption f is Eisenstein at the prime p,
and we want to show that p does not divide the index [Ok : Z[α]] of Z[α] in Ok .
Assume ad absurdum that p divides [Ok : Z[α]], id est that the cardinality of
the quotient group Ok /Z[α] is divisible by p. There exists then an algebraic integer
β in Ok which does not belongs to Z[α] and such that p · β belongs to Z[α]. Since
{1, α, . . . , αn−1 } (where n is the degree of k over Q) is a Q-basis of k, one can write
c0 c1 cn−1
β= + · α + ··· + · αn−1
d0 d1 dn−1
with integers (ci )i and (di )i such that di 6= 0 and (ci , di ) = 1 for each 0 6 i 6 n − 1.
Since p · β belongs to Z[α], we can assume that di is either equal to 1 or to p.
Moreover, since β does not belong to Z[α], the set Jβ = {i : di = p} is non-empty.
Let jo be the minimum of Jβ . Because β is an algebraic integer, the element p · β
belongs to p · Ok , hence by construction
X
cj · αj ∈ p · Ok ,
j∈Jβ

and p does not divide cj for each j in Jβ . In particular

X X
cjo · αn−1 + αn · cj · αj−jo −1 = αn−1−jo · cj · αj ∈ p · Ok .
j∈Jβ , j>jo j∈Jβ
20 RODOLFO VENERUCCI

On the other hand αn = αn − f (α) belongs to p · Ok since f is Eisenstein at p, so

that the previous equation implies that
cjo · αn−1 = p · γ
for some algebraic integer γ in Ok . Applying the norm from k to Q yields
cnjo · (−1)n f (0)n−1 = pn · Nk/Q (γ) ∈ pn · Z
(cf. Exercise 2.60 and Proposition 2.8). Since f is Eisenstein at p, its constant term
f (0) is divisible by p but not by p2 , hence the previous equation implies that p
divides cjo , contradicting the fact jo belongs to Jβ . 
The following proposition provides another useful tool to compute the ring of
algebraic integers of a number field.
Proposition 2.23. If k and k 0 are number fields such that
[k · k 0 : Q] = [k : Q] · [k 0 : Q],
then
mcd(dk , dk0 ) · Ok·k0 ⊂ Ok · Ok0 .
In particular, if the discriminants of k and k 0 are coprime, then Ok·k0 = Ok · Ok0 .
Proof. To ease notation, set K = k · k 0 , n = [k : Q] and n0 = [k 0 : Q]. Fix
Z-bases ω = {ω1 , . . . , ωn } and ω 0 = {ω10 , . . . , ωn0 0 } of Ok and Ok0 respectively.
Let α in OK be an algebraic integer of K. The assumption [K : Q] = nn0
implies that {ωi · ωj0 : 1 6 i 6 n and 1 6 j 6 n0 } is a Z-basis of Ok · Ok0 and a
Q-basis of K. In particular one has
X aij
α= · ωi ωj0
i,j
b

with integers (aij )ij and b 6= 0 such that (b, (aij )ij )·Z = Z. To prove the proposition
it is sufficient to show that b = bα divides dk .
The assumption [K : Q] = nn0 implies that any (field) embedding σ : k ,−→ C
extends uniquely to an embedding σ̃ : K ,−→ C which restricts to the identity
on k 0 . Indeed in the present characteristic zero setting, the degree of a finite field
extension agrees with its separable degree, namely the cardinality of the set of its
embeddings into C. Then (by assumption) σ extends precisely to [K : k] = n0
fields embeddings of K into C, and the restriction of these extensions to k 0 are all
distinct, thus giving all the embeddings of k 0 into C.
For each embedding σ : k −→ C one has
X aij X
σ̃(α) = · σ(ωi )ωj0 = βi · σ(ωi ),
i,j
b i

where for each 1 6 i 6 n one defines βi to be the element

X aij
βi = · ωj0
j
b

of k 0 . By Cramer’s rule one has then

det(A) · βi = det(Bi ),
where A = (σ(ωi ))σ,i and Bi is the matrix obtained by replacing the i-th column
of A with the transpose of (σ̃(α))σ . Since A and Bi have coefficients in OC , their
determinants belong to OC . Moreover det(A)2 = dk (cf. Proposition 2.12). The
previous equation then implies
X dk · aij
· ωj0 = dk · βi ∈ OC ∩ k 0 = Ok0 .
j
b
 GALOIS GROUPS OVER Q: A FIRST COURSE 21

d ·a
Since ω 0 is a Z-basis of Ok0 , the previous equation implies that k b ij is an integer
for each 1 6 i 6 n and 1 6 j 6 n0 . Recalling that (by construction) b and mcd(aij )
are coprime, we finally deduces that b divides dk , as was to be shown. 
As an application of Proposition 2.23 we prove the following
Theorem 2.24. Let n be a positive integer and set ζn = e2πi/n . Then the ring
of integers of the n-th cyclotomic field Q(ζn ) is equal to Z[ζn ].
Proof. Set ϕ(n) = [Q(ζn ) : Q], On = OQ(ζn ) and dn = dQ(ζn ) .
We claim that dn divides a power of n. In particular: dn and dm are coprime
if n and m are. To prove the claim, denote by Φn the minimal polynomial of ζn
over Q. It then follows from the Gauß Lemma that
T n − 1 = Φn · g
for some polynomial g with integral coefficients. Deriving this identity and evalu-
ating at ζn , one gets
n = g(ζn )ζn · Φ0n (ζn ).
Because the polynomial g has integral coefficients, g(ζn )ζn is an algebraic integer,
hence |disc(Z[ζn ])| = |NQ(ζn )/Q (ζn0 )| (cf. Corollary 2.13) divides nϕ(n) . Since the
discriminant dn of On divides disc(Z[ζn ]) (cf. Proposition 2.19), the claim follows.
If n is a prime power, then Example 2.22 proves that On is equal to Z[ζn ].
In general, write n = pr · n0 with n0 coprime to p and r > 0. By induction on
the number of prime divisors of n, assume that On0 is equal to Z[ζn0 ]. By the
above discussion, Opr = [ζpr ] and (dn0 , dpr ) · Z = Z. Moreover Qn = Qpr · Qn0
0 r
(because ζnn = ζpr , ζnp = ζn0 , and ζn = ζpbr · ζna0 if a and b are integers such that
apr + bn0 = 1), and since Gal(Qm /Q) is isomorphic to (Z/mZ)∗ for each positive
integer m, one has ϕ(n) = ϕ(n0 ) · ϕ(pr ). We can then apply Proposition 2.23 to
deduce that On = Opr · On0 = Z[ζpr ] · Z[ζn0 ] = Z[ζn ], concluding the proof. 
√ √
Example 2.25. The ring of integers of K = Q( 2, 5) is given by
√ √ √
1+ 5 √ 2 + 10
OK = Z ⊕ Z · ⊕Z· 2⊕Z· .
2 2
√ √
Indeed, set k = Q( 5) and k 0 = Q( 2). Then (cf. Example 2.5)
√ √
Ok = Z[(1 + 5)/2] and Ok0 = Z[ 2],
hence (cf. Proposition 2.12)
√ !2
1+ 5
 √ 2
1 1 √2
dk = det 2√ = 5 and dk0 = det = 23 .
1 1− 5
2
1 − 2
Proposition 2.23 then gives OK = Ok · Ok0 , proving the claim.
Example 2.26. Let k = Q(α) be the number field generated a complex root
α of f = T 3 − 10. The polynomial f is Eisenstein at 2 and 5, and its discriminant
is equal to −22 · 33 · 52 (cf. Example 2.11), hence (cf. Proposition (2.12))
disc(Z[α]) = −22 · 33 · 52 .
According to Proposition 2.20 the primes 2 and 5 do not divide the index of Z[α]
in Ok , hence Proposition 2.19 shows that either Ok is equal to Z[α] or [Ok : Z[α]]
is equal to 3. If β = a + b · α + c · α2 is an algebraic integer of k (with a, b and c
rational numbers), then Trk/Q (β) = 3 · a and
 
a b c
Nk/Q (β) = det 10c a b  = a3 + 10 · b3 + 100 · c3 − 30 · abc
10b 10c a
22 RODOLFO VENERUCCI

are integers. These necessary conditions conditions are fulfilled by

1 + α + α2
ω= ,
3
which indeed satisfies Trk/Q (ω) = 1 and Nk/Q (ω) = 3. Moreover, after setting
ω1 = ω, ω2 = (1 + α · ζ3 + α2 · ζ32 ) and ω3 = (1 + α · ζ 2 + α2 · ζ3 ), so that {ωi } are
the roots of the minimal polynomial fω of ω over Q, a direct computation (using
the relations ζ32 + ζ3 + 1 = 0 and α3 = 10) gives
ω1 · ω2 + ω1 · ω3 + ω2 · ω3 = −3.
It follows that fω = T − T 2 − 3 · T − 3, hence ω belongs to Ok . Since Z[α] is
3

contained in the free abelian group generated by 1, α and ω, and since ω does not
belong to Z[α], one deduces from the previous discussion Ok = Z ⊕ Zα ⊕ Zω and
dk = −22 · 3 · 52 . Note that ω 2 = 2 + α + ω, hence
     
1 1 0 0 1
 ω  = 0 0 1 · α .
ω2 2 1 1 ω
The matrix which appears in the previous equation has determinant −1, hence
Ok = Z[ω] and dk = −22 · 3 · 55 .
2.5. Dedekind domains. A Dedekind domain is an integral domain A satis-
fying the following properties (D1 ), (D2 ) and (D2 ).
(D1 ) A is a Noetherian ring, viz. every ideal of A is finitely generated.
(D2 ) Every non-zero prime ideal of A is maximal.
(D3 ) A is integrally closed, viz. if an element of the fraction field of A satisfies
a monic equation with coefficients in A, then it belongs to A.
Proposition 2.27. The ring of integers of a number field is a Dedekind do-
main.
Proof. Let k be a number field of rank n and set A = Ok . Then A is an
integral domain with field of fractions k (cf. Remark 2.16). Since any ideal of A is
a free Z-module of rank n (cf. Exercise 2.66), property (D1 ) is satisfied. Let I be a
non-zero prime ideal of A. Then A/I is a finite domain (cf. Exercise 2.65) hence a
field, proving that (D2 ) holds. Finally, let α be an element of k satisfying a monic
Pm−1
equation of degree m with coefficients in A, and set M = i=0 A · αi . Since A
is a finite free Z-algebra (cf. Proposition 2.15), M is a finitely generated subgroup
of k preserved by multiplication by α. It then follows from Proposition 2.1 that α
belongs to k ∩ OC = A, hence (D3 ) is satisfied. 

The interest in Dedekind domains rests on the following important result.

Theorem 2.28. Let A be a Dedekind domain, let PA be the set of non-zero
prime ideals of A, and let a be a non-zero ideal of A. Then
Y
(9) a= pvp (a)
p∈PA

for a uniquely determined collection {vp (a) : p ∈ PA } of nonnegative integers, such

that vp (a) is equal to zero for all but finitely many p in PA .
We recall that the product a · b of two ideals a and b of A is defined as the ideal
of A generated by the products a · b with a in a and b in b. By convention p0 = A
for each p in PA (hence the right hand side of the identity (9) is a finite product).
 GALOIS GROUPS OVER Q: A FIRST COURSE 23

Example 2.29. Let α be a complex square root of −17 and consider the identity
2 · 3 · 3 = (1 + α) · (1 − α)
in the ring of integers Ok = Z[α] of the quadratic field k = Q(α) (cf. Example 2.4).
Set β = 1 + α and let σ denote complex conjugation, so that σ(β) = 1 − α and
18 = Nk/Q (β). As easily checked, the elements 2, 3, β and σ(β) are all irreducible
in Ok , hence Ok is not a unique factorisation domain. One has a ring isomorphism
Ok /(2) ' Z[T ]/(T 2 + 17, 2) ' F2 [T ]/(T 2 + 1) ' F2 [T ]/(T 2 ),
mapping the class of m + n · α to that of m − n + n · T , hence
p = (2, β) · Ok = σ(p)
is the unique prime ideal of Ok containing 2 (cf. Exercise 2.75). Moreover, one has
2 · Ok = p2 ,
as follows from the identities β 2 = −16 + 2 · α ∈ 2 · Ok and 2 = Nk/Q (β) − 24 ∈ p2 .
Similarly one has a ring isomorphism
Ok /(3) ' F3 [T ]/(T 2 + 2) ' F3 × F3
sending the class of m + n · α to (m + n, m − n), hence
q = (3, β) · Ok and σ(q) = (3, σ(β)) · Ok
are the primes of Ok containing 3. In addition
3 · Ok = q · σ(q),
as a simple consequence of the identity 3 = 32 − 3 · β − 3 · σ(β) ∈ q · σ(q). Theorem
2.28 and the factorisation 18 · Ok = p2 · q2 · σ(q)2 proved above easily give
β · O k = p · q2 and σ(β) · Ok = p · σ(q)2 .
Of course, this can be proved directly as follows. By the above discussion, it is
sufficient to prove the first identity. Note first that 2 · β 2 and 3 · β 2 belong to
I = p · q2 , hence −β 2 = 16 − 2 · α belongs to I. Moreover 9 · β and 6 · β belong to
I, hence so does 3 · β. Finally 18 belongs to I, hence
β = 3 · β − β 2 − 18 ∈ I.
Conversely, as 18 = Nk/Q (β) belongs to β · Ok , the ideal I is contained in β · Ok .
In the rest of this section A denotes a Dedekind domain with field of fractions
k = Frac(A). A fractional ideal of A is a non-zero finitely generated A-submodule
of k. Equivalently (cf. property (D1 )), a fractional ideal of A is an A-submodule a
of k such that c · a is a non-zero ideal of A for some element c of A. The product
a · b of two fractional ideals a and b of A is the A-submodule of k generated by
the elements of the form a · b, with a in a and b in b. Denote by I(A) the set of
fractional ideals of A. We prove Theorem 2.28 together with the following
Theorem 2.30. The set I(A), together with the product of fractional ideals, is
a group with identity A. For each a in I(A) one has a−1 = {x ∈ k : x · a ⊂ A}.
Proofs of Theorems 2.28 and 2.30. We divide the proof into nine steps.
Step 0. The product of fractional ideals makes I(A) a monoid with identity A.
def
Moreover a−1 = {x ∈ k : x · a ⊂ A} is a fractional ideal of A for each
fractional ideal a of A.
Proof. Exercise. 
Step 1. Let a be a fractional ideal of A and let x be a non-zero element of k such
that x · a ⊂ a. Then x belongs to A.
24 RODOLFO VENERUCCI

Proof. By definition a is a non-zero finitely generated A-module, say

generated by ω1 , . . . , ωn . It follows that x·(ω1 · · · ωn )t = M ·(ω1 · · · ωn )t for
some n×n matrix M with coefficients in A. Then (cf. proof of Proposition
2.1) x is a root of the monic polynomial det(T · 1n − M ) in A[T ], where
1n is the identity n × n matrix. Since A is integrally closed (cf. property
(D3 )), this implies that x belongs to A. 
Step 2. Every non-zero ideal of A contains a product of non-zero prime ideals.
Proof. Let I be the set of non-zero ideals of A which do not contain
a product of non-zero prime ideals. Suppose ad absurdum that I is not
empty. Then, since A is Noetherian (id est satisfies property (D1 )), the
set I contains a maximal element a (cf. Exercise 2.73). By construction
the ideal a is not prime, hence there exist elements a and a0 in A−a whose
product belongs to a. Since a + (a) and a + (a0 ) strictly contain I (they
do not belong to I, id est) they both contain a product of non-zero prime
ideals of A, hence so does (a + (a)) · (a + (a0 )), which is contained in a.
This is a contradiction. 
Step 3. Let a be a non-zero proper ideal of A. Then there exists an element x of
k − A such that x · a is contained in A. (In other words a−1 6= A.)
Proof. Let a be a nonzero element of a. According to Step 1 there
exist r > 1 and non-zero prime ideals p1 , . . . , pr of A such that
p1 · · · pr ⊂ a · A.
Assume that r is minimal with respect to this property.
Since by assumption a is proper, the Zorn Lemma guarantees the
existence of a maximal ideal p of A containing a · A, hence the product
p1 · · · pr . This implies that one the non-zero primes pi , say p1 , is contained
in p, hence equal to it by the property (D2 ). To sum up one has
p1 · · · pr ⊂ a · A ⊂ p1 .
As a is not a unit, it follows from the minimality of r that there exists an
element
b ∈ p2 · · · pr − a · A
(where the expression p2 · · · pr means A when r = 1). We claim that
x = b/a in k satisfies the required properties. Indeed, x does not belong
to A (otherwise b would belong to a · A). Moreover one has
b · a ⊂ b · p1 ⊂ p1 · · · pr ⊂ a · A,
thus proving that x · a is contained in A, as was to be shown. 
Step 4. Let p be a non-zero prime ideal of A. Then p · p−1 = A.
Proof. One has p ⊂ p·p−1 ⊂ A, hence either p·p−1 = p or p·p−1 = A
by property (D2 ). On the other hand p−1 is not contained in A by Step
3, hence the first case cannot occur by Step 1. 
Step 5 Each non-zero ideal of A is invertible in I(A).
Proof. Let J be the set of non-zero ideals of A which are not invert-
ible in I(A). We have to prove that J is empty. If not, J has a maximal
element a. By Step 4 a is not maximal, hence a ( p for some non-zero
prime ideal p of A (by the Zorn Lemma). Since A is contained in p−1 ,
one has a ⊂ a · p−1 . Moreover a 6= a · p−1 , since otherwise p−1 would be
contained in A by Step 1, contradicting Step 3. The maximality of a then
 GALOIS GROUPS OVER Q: A FIRST COURSE 25

implies that a · p−1 is invertible, viz. a · (p−1 · b) = (a · p−1 ) · b = A for

some b in I(A). This contradiction proves that J is the empty set. 

Step 6. One has a · a−1 = A for each fractional ideal a of A.

Proof. Let c be a non-zero element of A such that c · a is contained

in A. B Step 5 there exists b in I(A) such that a · cb = A. On the other
hand, by the definition of a−1 , one has cb ⊂ a−1 and a−1 = a−1 ·a·cb ⊂ cb,
concluding the proof. 

Step 7. Every proper ideal of A is a product of prime ideals.

Proof. We have to prove that the set J of proper ideals of A which

are not a product of prime ideals is empty. If not, J has a maximal
element a. Clearly a is not a prime, hence is contained in a maximal
ideal p (by Zorn’s Lemma). Then ap−1 is an ideal of A containing a.
Moreover a 6= ap−1 (resp., ap−1 6= A), since otherwise Step 6 would
give p−1 = a−1 ap−1 = a−1 a = A, id est p = A (resp., a = p). By
the maximality of a in J , it follows that the proper ideal ap−1 , hence
a = ap−1 p, is a product of prime ideals, which is absurd. 
Qs Qr
Step 8. If i=1 pi = i=1 qi for non-zero prime ideals p1 , . . . , pr , q1 , . . . , qs of A,
then r = s and {p1 , . . . , pr } is equal to {q1 , . . . , qs }.
Qs Qr
Proof. Since i=1 qi = i=1 pi is contained in the prime ideal pr , it follows
that qj is contained in p1 for some 1 6 j 6 s. We can assume j = s, so that
qs ⊂ pr , hence qs = pr by property (D2 ). By Step 6, multiplying both sides of the
Qr−1 Qs−1
previous identity by p−1
r one gets i=1 pi = i=1 qi . The statement then follows
by induction on r. 

Theorem 2.28 follows from Step 7 and Step 8. Theorem 2.30 follows from Step
0 and Step 6. 

Remarks 2.31. Let A be a Dedekind domain, let p be a non-zero prime ideal

of A, and let a and b be ideals of A. If a is not the zero ideal, one calls vp (a) (cf.
Theorem 2.28) the p-adic valuation of a. Set vp (0) = ∞.
1. The following conditions are equivalent.
• a ⊂ b;
• a = b · c for an ideal c of A;
• vp (a) > vp (b) for each p in PA .
One says that b divides a, and writes b|a, if these condition are satisfied.
2. The p-adic valuation satisfies the following properties.
• vp (a · b) = vp (a) + vp (b).
• vp (a + b) = min{vp (a), vp (b)}.
• vp (a ∩ b) = max{vp (a), vp (b)}.
3. The above remark suggests the following definitions:

gcd(a, b) = a + b and lcm(a, b) = a ∩ b.

The following familiar relation then holds:

a · b = gcd(a, b) · lcm(a, b).

26 RODOLFO VENERUCCI

2.6. Splitting of primes in number fields. Let k be a number field. We

call a non-zero prime ideal (id est a maximal ideal) p of Ok a prime of k. We denote
by Fp the quotient field Ok /p, and call it the residue field of k at p.
Lemma 2.32. Let E/k be an extension of number fields.
1. For each proper ideal a of Ok , the ideal a · OE of OE generated by a is
proper. In particular a · OE is contained in a prime of E.
2. For each non-zero ideal A of OE , the ideal A ∩ Ok of Ok is non-zero. In
particular P ∩ Ok is a prime of k for each prime P of E.
Proof. Step 3 in the proof of Theorem 2.28 shows that there exists α in k−Ok
such that α · a ⊂ Ok . This implies that a · OE does not contains the identity (since
otherwise α = α · 1 would belong to α · a · OE ∩ k ⊂ OE ∩ k = Ok ), proving Part 1.
We now prove Part 2. Let α be a non-zero element of A. Since OE is integral
over Z, the element α satisfies a monic equation
αn + a1 · αn−1 + · · · + an = 0
with coefficients ai in Z, such that an 6= 0. Then an = −α · (αn−1 + · · · + an−1 ) is
a non-zero element of A ∩ Z, hence a fortiori a non-zero element of A ∩ Ok . 
Let E/k be an extension of number fields and let p be a prime of k. According
to Theorem 2.28 and Lemma 2.32, one has
pOE = Pe11 · · · Pegg ,
for uniquely determined primes P1 , . . . , Pg of E and positive integers e1 , . . . , eg .
We say that the prime Pi of E divides, or lies above, the prime p of k, and that
p lies below the prime Pi of E. In light of Remark 2.31.1, the primes {Pi }i are
precisely the primes of E containing p. Moreover
(10) Pi ∩ Ok = p,
since Pi ∩Ok is a prime of k by Lemma 2.32. The integer ei is called the ramification
index of Pi over p, and denoted by e(Pi |p). The prime p of k ramifies in E if ei > 2
for some 1 6 i 6 g, and is unramified in E if ei = 1 for each 1 6 i 6 g. The residue
fields Fp and FPi are finite fields of characteristic p, where pZ = p ∩ Z is the
prime of Q lying below p. The degree [FP : Fp ] of the finite extension FPi /Fp (cf.
Equation (10)) is called the inertia degree of Pi over p, and denoted by f (Pi |p). If
k = Q, one sets e(Pi |p) = e(Pi |p · Z) and f (Pi |p) = f (Pi |p · Z).
The ramification index and inertia degree are multiplicative in towers:
Lemma 2.33. Let E/k and L/E be extensions of number fields, let p be a prime
of k, let P be a prime of E dividing p, and let Q be a prime of L dividing P. Then
e(Q|p) = e(Q|P) · e(P|p) and f (Q|p) = f (Q|P) · f (P|p).
Proof. The statement for the inertia degrees follows from the multiplicativity
of the degree of finite extensions. The statement for the ramification index follows
easily from the definitions. We leave it to the reader to fill in the details. 
Example 2.34. Let k√= Q(α) be the imaginary quadratic field generated by a
complex square root α = −17 of −17. Example 2.29 proves the factorisations
2 · Ok = p2 and 3 · Ok = q · σ(q)
with p = (2, 1 + α) · Ok , q = (3, 1 + α) · Ok and σ(q) = (3, 1 − α) · Ok primes of
k. It follows that 2 ramifies in k with e(p|2) = 2, and that 3 is unramified in k.
Moreover f (p|2) = f (q|3) = f (σ(q)|3) = 1 (cf. loco citato). The reduction modulo
17 of the minimal polynomial T 2 + 17 of α over Q is equal to T 2 , hence Ok /17 · Ok
 GALOIS GROUPS OVER Q: A FIRST COURSE 27

is isomorphic to F17 [T ]/(T )2 . It follows that there exists a unique prime l of k lying
above 17. The prime l = α · Ok is principal, generated by α, hence
17 · Ok = l2 .
Then 17 is ramified and e(l|17) = 2. (Note that dk = 22 · 17.) The reduction of
T 2 + 17 modulo 5 is irreducible, hence Ok /5 · Ok is field, id est 5 · Ok = r is a prime
of k. It follows that 5 is unramified in k and f (r|5) = 2.
The following proposition is due to Dedekind.
Proposition 2.35. Let k be a number field, let p be a prime of k, and let
E = k(α) be the finite extension of k generated by an algebraic integer α. Let
f = fk,α in Ok [T ] be the minimal polynomial of α over k, let fp in Fp [T ] be the
reduction of f modulo p, and let
g
Y
ei
fp = fp,i
i=1

be the irreducible factorisation of fp in Fp [T ]. For each 1 6 i 6 g denote by fi in

Ok [T ] any lift of fp,i under reduction modulo p. If
OE = Ok [α],
then
1. the ideals
Pi = p · OE + fi (α) · OE ,
for 1 6 i 6 g, are precisely the primes of E dividing p;
2. for each 1 6 i 6 g, one has
e(Pi |p) = ei and f (Pi |p) = deg(fp,i );
3. the prime p ramifies in E if and only if it contains disc(f ).
Proof. Consider the ring isomorphism
g
Y
ψ : OE /p · OE ' Ok [T ]/(p, f ) ' Fp [T ]/(fp ) ' Fp [T ]/(fp,i )ei ,
i=1

where the first isomorphism arises from the assumption OE = Ok [α] ' Ok [T ]/(f )
and the last isomorphism follows from the Chinese remainder theorem. Define
ψ Y
ϕi : OE −→ OE /p · OE −→ Fp [T ]/(fp,i )ei −→ Fp [T ]/(fp,i )ei ,
i
where the first and the last maps are the natural projections. It follows from
Exercise 2.75 and Remark 2.31.1 that the primes of E dividing p are given by
Pi = ϕ−1 ei
i ((fp,i ) + (fp,i ) ) = p · Ok + fi (α) · OE ,

for 1 6 i 6 g. This proves Part 1 of the proposition.

Since ϕi is surjective, one has FPi = OE /Pi ' Fp [T ]/(fp,i ), hence the inertia
degree f (Pi |p) = [FPi : Fp ] of Pi over p is equal to degree of fp,i . We now show
that the ramification index e(Pi |p) of Pi over p is equal to ei . By construction
Q ei T
i P i is contained in i ker(ϕi ) = p · OE , hence
Y
ej = vPj ( Pei i ) > vPj (p · OE ) = e(Pi |p)
i
for each 1 6 j 6 g by Remark 2.31.1. On the other hand, the element
Y
β = fi (α)ei −1 · fj (α)ej
j6=i
28 RODOLFO VENERUCCI

e
of OE belongs to the ideal b = Piei −1 ·
Q
j6=i Pj j but not to p · OE , since
e
Y
ei −1 j ei
ϕi (β) = fp,i · fp,j + fp,i · Fp [T ]
j6=i
ei
is non-zero (in the quotient of Fp [T ] by the ideal generated by fp,i ). In particular
b is not contained in p · OE , and since vP (b) > vP (p · OE ) for each prime P 6= Pi
of E, Remark 2.31.1 yields ei − 1 < e(Pi |p). This proves Part 2 of the proposition.
In order to prove Part 3, set A = OE /p · OE and Ai = Fp [T ]/(fp,i )ei , so that
ψ gives an an isomorphism of Fp -algebras
g
Y
A' Ai .
i=1

Proposition 2.12 and Exercise 2.61 then yield the identities

g
Y
disc(f ) · Fp = DOE /Ok · Fp = DA/Fp = DAi /Fp
i=1

(of ideals of Fp ). In other words the prime p (divides, id est) contains the discrimi-
nant of f if and only if DAi /Fp is equal to zero for some 1 6 i 6 g. In light of Part
2, it then remains to prove that DAi /Fp = 0 if and only if ei > 2.
If ei = 1, then Ai is a finite separable extension of Fp , so that DAi /Fp is
non-zero by Proposition 2.12. Conversely, if ei > 2, then ω1 = fp,i + (fp,i )ei is a
non-zero nilpotent element of Ai . Complete ω1 to an Fp -basis ω = {ω1 , . . . , ωn } of
Ai . Then ω1 · ωj is a non-zero nilpotent element of Ai for each 1 6 j 6 g, hence the
matrix representing multiplication by ω1 · ωj is a nilpotent matrix with coefficients
in Fp for each 1 6 j 6 g. Since the trace of a nilpotent matrix is zero, one deduces
TrAi /Fp (ω1 · ωj ) = 0 for each 1 6 j 6 g, hence DAi /Fp = DAi /Fp (ω) · Fp = 0. This
concludes the proof of Part 3 of the proposition. 

Proposition 2.36. Let E/k be an extension of number fields, and let p be a

prime of k. Then one has the fundamental identity
X
e(P|p) · f (P|p) = [E : k],
P|p

where P varies through the primes of E dividing p.

Proof. If OE = Ok [α] for some algebraic integer α (which is not always the
case, cf. Example 2.53), this is a direct consequence of Proposition 2.35. In the
general case, the proof is explained in Exercise 2.79. 

The fundamental identity prompts the following definitions: let E/k be an

extension of number fields, and let p be a prime of k. One says that p splits
completely in E if there are [E : k] distinct primes of E dividing p. One says that
p is inert (resp., totally ramified ) in E if there is only one prime P of E dividing p
and f (P|p) = [E : k] (resp., e(P|p) = [E : k]).
The following slight refinement of Proposition 2.35 (stated for simplicity when
k = Q) is often very useful.
Proposition 2.37. With the notations of Proposition 2.35, assume that k = Q
and let p be the rational prime generating p. If
p - [OE : Z[α]],
then the conclusions of Proposition 2.35 hold.
 GALOIS GROUPS OVER Q: A FIRST COURSE 29

Proof. It is sufficient to prove that the map

 : Z[α]/(p) −→ OE /(p)
induced by the inclusion Z[α] ,−→ OE is an isomorphism. Indeed, once this is
proved, the proofs of Parts 1 and 2 of Proposition 2.35 work verbatim also in the
present setting, and the proof of Part 3 works in the present setting after replacing
OE with the finite free Z-algebra Z[T ]/f · Z[T ] of rank deg(f ).
The assumption p - [OE : Z[α]] means that multiplication by p is an automor-
phism of the finite group OE /Z[α]. Then Z[α] ∩ p · OE = p · Z[α], so that  is
injective. Moreover, for each x in OE one has x − p · y ∈ Z[α] for some y ∈ OE ,
hence (x − p · y + p · Z[α]) = x + p · OE , proving that  is surjective. 
Remark 2.38. It follows from Propositions 2.12 and 2.19 that the assump-
tion p - [OE : Z[α]] in Proposition 2.37 is satisfied when p2 does not divide the
discriminant disc(f ) = DE/Q (1, α, . . . , αdeg(f )−1 ) of f .
√
Example 2.39. Let d 6= 1 be a square-free integer and let k = Q( d) be the
number field generated by a square root √
of d. If d is congruent to 1 modulo 4, then
the ring Ok is generated by ωd = 1+2 d . The minimal polynomial of ωd over Q is
fω = T 2 − T + 1−d4 , which has discriminant disc(fω ) = dk = d. It then follows from
Proposition 2.35 that the rational primes which ramify in k are the √ prime divisors
of d. Similarly, if d ≡ 2, 3 (mod 4), then Ok = Z[ωd ] with ωd = d. The minimal
polynomial of ωd over Q is fω = T 2 −d, which has discriminant disc(fω ) = dk = 4d,
hence the rational primes which ramify in k are 2 and the prime divisors of d.
Example 2.40. Let p be an odd prime number and let r > 1 be a positive
integer. We study the ramification of rational primes in the pr -th cyclotomic field
p r−1
−1
Q(ζpr ). Let Φpr = YY −1 be the pr -th cyclotomic polynomial, where Y = T p .
r r
Since T p − 1 = (T − 1)p in Fp [T ], the reduction of Φpr nodulo p is equal to
r
(T − 1)φ(p ) (where φ(pr ) = pr−1 (p − 1)). Since OQ(ζpr ) = Z[ζpr ] by Theorem 2.24,
it follows from Proposition 2.35 that
r
p · OQ(ζpr ) = pφ(p ) ,
where p is the prime of Q(ζpr ) dividing p generated by p and ζpr − 1. On the other
hand Nk/Q (1 − ζpr ) = Φpr (1) = p, so that
p = (1 − ζpr ) · OQ(ζpr )
is the principal ideal of OQ(ζpr ) generated by 1 − ζpr . (Recall that the discriminant
of k is a positive power of p, cf. Example 2.14 and Theorem 2.24. As in Example
2.34, we then find that the prime divisors of dk ramify in k.)
Example 2.41. Let Q(α), Q(β) and Q(γ) be the cubic fields considered in Ex-
ample 2.21, generated respectively by complex roots α, β and γ of the polynomials
f = T 3 − 18 · T − 6, g = T 3 − 36 · T − 78 and h = T 3 − 54 · T − 150.
Loco citato proves that dQ(ξ) = 22 ·35 ·23 and that OQ(ξ) = Z[ξ] for ξ equal to one of
α, β and γ. It is also possible to show that Z[ξ] is a principal ideal domain for each
ξ. One may then suspect that these cubic fields are isomorphic. This is not the case:
no two of the fields Q(α), Q(β) and Q(γ) are isomorphic. Indeed, the polynomials
g11 and h11 are both irreducible in F11 [T ], while f11 = (T + 1) · (T + 2) · (T + 8)
splits completely. Since OQ(ξ) = Z[ξ], Proposition 2.35 implies that 11 · OQ(β) and
11 · OQ(γ) are primes of Q(β) and Q(γ) respectively, while 11 · OQ(α) is the product
of three distinct primes of Q(α). It follows that Q(α) is not isomorphic to Q(β)
and Q(γ). Similarly, f5 and g5 are irreducible, but h5 = T · (T + 2) · (T + 3), from
which it follows as above that Q(γ) is not isomorphic to Q(β).
30 RODOLFO VENERUCCI

Example 2.42. Let α be a complex root of the polynomial f = T 3 − 10, and

let k = Q(α). Example 2.26 shows that dk = −22 · 3 · 52 and that
[Ok : Z[α]] = 3.
The reduction of f modulo 7 is irreducible, hence 7·Ok is a prime of k by Proposition
2.37. The irreducible factorisation of f modulo 11 is
f11 = (T + 1) · (T 2 + 10 · T + 1),
hence by Proposition 2.37 the prime factorisation of 11 in k is given by
11 · Ok = (11, α + 1) · (11, α2 + 10 · α + 1),
and that the inertia degrees of the primes (11, α + 1) and (11, α2 + 10 · α + 1) are
1 and 2 respectively. Moreover The reduction of f modulo 37 splits completely as
f37 = (T + 3) · (T + 4) · (T − 7),
hence loc. cit. shows that 37 · Ok is the product of three distinct primes:
37 · Ok = (37, α + 3) · (37, α + 4) · (37, α − 7).
We now consider the prime divisors of dk . One has f2 = T 3 and f5 = T 3 , so that
2 · Ok = (2, α)3 and 5 · Ok = (5, α)3
are (totally) ramified. One has f3 = (T − 1)3 , but since 3 divides [Ok : Z[α]], we
cannot apply Proposition 2.37 to conclude that 3 · Ok is the cube of a prime of k.
2
On the other hand, Example 2.26 shows that Ok = Z[ω] with ω = 1+α+α 3 , and
3 2
that the minimal polynomial of fω of ω over Q is given by T − T − 3 · T − 3.
Since the reduction of fω modulo 3 is T 3 − T 2 = T 2 (T − 1), Proposition 2.37 shows
3 ramified in k and gives the prime factorisation
3 · Ok = (3, α)2 · (3, α − 1).
√ √
Example 2.43. Let E = √ Q( 2,√ 5) be the biquadratic field generated √ over
Q by complex square roots 2 and 5 of 2 and 5 respectively. Set k = Q( 5),
0
√ √
1+ 5
√
k = Q( 2), α = 2 and β = 2, so that Ok = Z[α], Ok0 = Z[β] and
OE = Ok · Ok0 = Ok [β]
by Example 2.25. The minimal polynomial f = fα,Q and g = fβ,k of α over Q and
β over k are f = T 2 − T − 1 and g = T 2 − 2 respectively. Since dk = disc(f ) = 5,
Proposition 2.35.3 implies that 5 is the only rational prime which ramifies in k. In
particular 5 ramifies in E. Since disc(g) = 23 , loco citato also shows that a prime of
k ramifies in E precisely if it contains 2. One concludes that 2 and 5 are precisely
the rational primes which ramify in E. The reduction of f modulo 2 is irreducible,
hence 2 · Ok = p is a prime of k, and gp = T 2 in Fp [T ] ' F4 [T ], hence
2 · OE = P2
√
where P = β · OE is the prime of E generated β = 2. One has f5 = (T + 2)2 ,
hence 5 · Ok = q2 with q = (5, α + 2) · Ok = (α + 2) · Ok and Fq = F5 . Moreover
gp is irreducible in Fq [T ], hence Q = (α + 2) · OE is a prime of E and
5 · OE = Q2
is the square of Q. Let us consider now the splitting type in E of the rational
primes 3 and 31. The reduction of f modulo 3 is irreducible, hence 3 · Ok = l is a
prime of k with residue field Fl isomorphic to F9 . It follows that gl splits as the
product of two linear factors (why?), hence l · OE = L1 · L2 is the product of two
distinct primes L1 and L2 of E satisfying FLi ' Fl for i = 1, 2. It follows that
3 · OE = L1 · L2
 GALOIS GROUPS OVER Q: A FIRST COURSE 31

is the product of two distinct primes of E, such that f (Li |3) = 2 for i = 1, 2. One
has f31 = (T + 12) · (T + 18), hence 31 · Ok = p1 · p2 with Fpi ' F31 for i = 1, 2.
Moreover, gpi = T 2 − 2 = (T + 8) · (T + 23), hence pi · OE = Pi · P0i for two distinct
primes Pi and P0i of E and i = 1, 2. We deduce that
31 · OE = P1 · P01 · P2 · P02
is the product of 4 = [E : Q] distinct primes of E (id est 31 splits completely in E).
(Exercise: let p 6= 2, 3, 5 be a rational prime and set h = T 4 − 14 · T 2 + 9. Prove
that either p splits completely in E or p · OE is the product of two distinct primes
of E. Prove that either Type(hp ) = (1, 1, 1, 1) or Type(hp ) = (2, 2).)
In the special case k = Q, the following proposition removes any assumption
from Part 3 of Propositions 2.35 and 2.37.
Proposition 2.44. A rational prime ramifies in a number field k if and only
if it divides the discriminant dk of k.
Proof. Let p be a rational prime and let
g
Y
p · Ok = pei i
i=1
be its prime factorisation in Ok . By Exercise 2.76 one has
g
Y
Ok /(p) ' Ok /pei i ,
i=1

hence, after setting Ā = Ok /(p) and Ai = Ok /pei i , one has (cf. Exercise 2.61)
g
Y
dk · Fp = DOk /Z · Fp = DA/Fp = DAi /Fp .
i=1
In other words p divides dk if and only if the discriminant of one of the Fp -algebras
Ai is zero. We then have to show that DAi /Fp is zero precisely if ei > 2.
If ei is equal to 1, then Ai is a finite (separable) field extension of Fp , hence
DAi /Fp 6= 0 by Proposition 2.12. Conversely, ei > 2 implies that Ai contains a
non-zero nilpotent element ω1 . Complete ω1 to an Fp -basis {ω1 , . . . , ωn } of Ai .
Then TrAi /Fp (ω1 · ωj ) = 0 for each 1 6 j 6 n, because multiplication by ω1 · ωj is
a nilpotent endomorphism of Ai . As a consequence DAi /Fp = 0. 
We state without proof the following important result of Minkowski.
Theorem 2.45. One has |dk | > 1 for each number field k different from Q.
2.7. Spitting of primes in Galois extensions. If E/k is a Galois extension
of number fields, then each σ in Gal(E/k) restricts to an Ok -algebra automorphism
of OE . In particular, if p is a prime of k then Gal(E/k) acts on the set {P|p} of
primes of E dividing p by sending P to σ(P).
Proposition 2.46. Let E/k be a Galois extension of number fields, let p be a
prime of k, and let P and Q be primes of E dividing p. Then σ(P) = Q for some
σ in Gal(E/k). (In other words Gal(E/k) acts transitively on the set of primes of
E dividing p). Moreover one has
e(P|p) = e(Q|p) and f (P|p) = f (Q|p).
Proof. Assume ad absurdum σ(P) 6= Q for each σ in Gal(E/k). By the
Chinese remainder Theorem (cf. Exercise 2.76) there exists then α in OE such that
(11) α ∈ Q and σ(α) 6∈ P for each σ ∈ Gal(E/k).
32 RODOLFO VENERUCCI

(For example, let α be a solution of the system of congruences x ≡ 0 mod Q and

α ≡ 1 mod σ(P), for σ in Gal(E/k).) Then
Y
NE/k (α) = σ(α)
σ∈Gal(E/k)

belongs to α · OE ∩ k ⊂ Q ∩ k = p and does not belong to P by Equation (11). This

is absurd, since p = P ∩ k. The first statement follows.
Let σ(P) = Q for some σ in Gal(E/k). Then σ induces an Fp -algebra isomor-
phism between FP = OE /P andQ FQ = OE /Q = σ(OE )/σ(P), Q hence f (P|p) is
equal to f (Q|p). Finally, one has R|p ReR = pOE = σ(pOE ) = R|p σ(R)eR for
each σ in Gal(E/k), where R runs the set of primes of E dividing p and eR is a
shorthand for e(R|p). Since σ(P) = Q, one deduces from the unique factorisation
eP = eQ , thus completing the proof of the proposition. 
Remark 2.47. Let E/k be a Galois extension of number fields, and let p
be a prime of k. Denote by Sp (E) the set of primes of E dividing p and by
gp (E) = |Sp (E)| its cardinality. Fix an element P of Sp (E) (cf. Lemma 2.32) and
set ep (E) = e(P|p) and fp (E) = e(P|p). Proposition 2.46 proves that ep (E) and
fp (E) are independent of the choice of P, and Proposition 2.36 yields
[E : k] = gp (E) · ep (E) · fp (E).
Example
√
2.48. Let α be a complex root of f = fα,Q = T 3 + T + 1, and let
1+ −31
β= 2 be a complex root of g = fβ,Q = T 2 − T + 8. Set k = Q(α), k 0 = Q(β)
and E = k · k 0 . Since disc(f ) = −31 is square-free and congruent to 1 modulo 4,
one deduces dk = −31 = dk0 , Ok = Z[α], Ok0 = Z[β] and E = Q(f ) (the splitting
field of f over Q). We study the factorisation of some rational prime in E. Since 3
is a simple root of f31 in F31 , one has 31 · Ok = p · q2 for two distinct prime ideals
p and q of k, both having inertia degree 1 over 31. Since
31 · OE = (p · OE ) · (q · OE )2 ,
it follows from Remark 2.47 that p is ramified in E, id est p · OE = P2 for a prime
P of E, and that q · OE = Q · Q0 is the product of two distinct primes Q· of E:
31 · OE = (P · Q · Q0 )2 .
With the notations introduced in Remark 2.47, one has g31 (E) > 2, e31 (E) > 2 and
f31 (E) = 1. We consider now the rational prime 2. The polynomial f2 is irreducible
in F2 [T ], and g2 = T · (T − 1) in F2 [T ], hence 2 · Ok = m is a prime of k and 2 · Ok0
is the product of two distinct primes of k 0 . It follows that f2 (E) is divisible by 3
and g2 (E) > 2, hence g2 (E) = 2, e2 (E) = 1 and f2 (E) = 3 by Remark 2.47:
2 · O k = M · M0
for two distinct primes M· of E, both having inertia degree 3 over 2 (and 1 over
m). We now study the factorisation of 3 in E. The reduction of f modulo 3 splits
as the product of T − 1 and a degree-2 irreducible polynomial. This implies that
3 · Ok = y · y0 is the product of two distinct primes of k satisfying f (y|3) = 1 and
f (y0 |3) = 2. In particular f3 (E) is divisible by 2 and g3 (E) > 2, hence e3 (E) = 1,
f3 (E) = 2 and g3 (E) = 3 by Remark 2.47. In other words y · OE = Y0 is a prime
of E (with inertia degree 2 over y), y · OE = Y · Y00 is the product of two distinct
primes of E with inertia degree 1 over y, and
3 · OE = Y · Y0 · Y00
is the product of three distinct primes of E, having common inertia degree 2 over
3. The pair ξp (E) = (gp (E), fp (E)) is equal to ξ2 (E) = (2, 3) for p = 5, 7, 19, 41,
and to ξ3 (E)(3, 2) for p = 11, 13, 17, 23, 29, 37, 43 (Exercise). We finally consider
 GALOIS GROUPS OVER Q: A FIRST COURSE 33

the splitting of 47 in E. Both the reductions of f and g modulo 47 split completely

in F47 [T ], which implies that 47 · Ok and 47 · Ok0 are the product of 3 and 2 distinct
primes of k and k 0 respectively. Together with Remark 2.47 this implies e47 (E) = 1,
g47 (E) > 3 and g47 (E) · f47 (E) = 6. Since E/k 0 is cyclic of degree 3, fi (E) equals
either 1 or 3 for each prime i of k 0 dividing 47 (by Remark 2.47). The second
case would imply 6 = f47 (E) · g47 (E) > 9, hence fi (E) = 1. Since 47, hence i, is
unramified in E, we deduce gi (E) = 3, hence g47 (E) = 6. In other words 47 splits
completely in E, viz. 47 · OE is the product of [E : Q] distinct primes of E. We
leave it as an exercise to show that 31 is the only prime of Q which ramifies in E.
Let E/k be a Galois extension of number fields with Galois group G = Gal(E/k).
Let p be a prime of k, and let P and Q be a primes of E dividing p. Define
G(P|p) = {σ ∈ G : σ(P) = P}
to be the stabiliser of P under the action of G on the set of primes of E dividing P.
This is a subgroup of G, called the decomposition group of P over p. If Q = σ(P)
for some σ in G, then
G(Q|p) = σ · G(P|p) · σ −1 .
Each σ in G(P|p) gives rise to an element redP (σ) of Gal(FP /Fp ), defined by
redP (σ)(α + P) = σ(α) + P
for each α in OE . The map sending σ to redP (σ) gives a morphism of groups
redP : G(P|p) −→ Gal(FP /Fp ),
called the reduction map associated with P. Its kernel
I(P|p) = {σ ∈ G(P|p) : σ(α) − α ∈ P for each α in OE }
is called the inertia subgroup of P|p. If Q = σ(P) for some σ in G, then
I(Q|p) = σ · I(P|p) · σ −1 .
Proposition 2.49. Let E/k be a Galois extension of number fields, and let p
be a prime of k. Then the map redP : G(P|p) −→ Gal(FP /Fp ) is surjective for
each prime P of E dividing p. Moreover one has
|I(P|p)| = e(P|p) and |G(P|p)| = e(P|p) · f (P|p).
Proof. Fix a prime P of E dividing p. For each x in OE denote by x̄ = x + P
the reduction of x modulo P.
One has FP = Fp (µ) for some µ in FP . Let ν be a root of the minimal
polynomial fµ,Fp of µ over Fp . We have to prove that
(12) redP (σ)(µ) = ν
for some σ = σµ,ν in the Galois group of E over k. Of course, we can assume that
ν is different from µ, hence that both µ and ν are non-zero.
Fix an element α of OE such that
(13) ᾱ = µ and α ∈ Q
for each prime Q of E dividing p and different from P. (Such an α exists by Exercise
2.76.) Let f = fα,k in Ok [T ] be the minimal polynomial of α over k, and let fp be
the reduction of f modulo p. Since E if Galois over k, one has
Y
f= T − τ (α) ∈ OE [T ]
τ ∈H

for some subset H of Gal(E/k). Moreover 0 = f (α) = fp (µ), hence fµ,Fp divides
fp . It follows that ν is the reduction of some root of f , so that
ν = σ(α)
34 RODOLFO VENERUCCI

for some σ = σµ,ν in Gal(E/k). Since ν 6= 0, the previous equation implies that
σ(α) does not belong to P, hence σ −1 (P) = P by Equation (13). In other words
σ belongs to the decomposition group G(P|p), so that σ(α) is equal to redP (σ)(µ)
and the previous equation is precisely (12). This proves the first statement.
Proposition 2.46 and the fundamental identity (cf. Proposition 2.36) give
e(P|p) · f (P|p) · gp = [E : k] = |G(P|p)| · gp ,
where gp is the number of primes of E dividing p. The second statement of the
proposition follows from the previous equation and the first statement. 
Let E/k be a Galois extension of number fields, let p be a prime of k, and let
P be a prime of E dividing p. According to Proposition 2.49 the reduction map
redP yields a group isomorphism
redP : G(P|p)/I(P|p) ' Gal(FP /Fp ).
Moreover, p is unramified in E precisely if the inertia subgroup I(P|p) is trivial.
In this case the reduction map redP then gives a group isomorphism
(14) redP : G(P|p) ' Gal(FP /Fp ).
If p is the rational prime lying below p, then Fp has cardinality Np = pf (p|p) and
the Galois group of FP over Fp is cyclic, generated by the f (p|p)-th power of the
Frobenius automorphism of FP . Assuming that p is unramified in E, it then follows
from Equation (14) that there exists a unique automorphism
σP|p ∈ Gal(E/k),
called the Frobenius of P over p, such that
σP|p (α) ≡ αNp (mod P)
for each α in OE . If Q is a prime of E dividing p, then Q = γ(P) for some γ in
Gal(E/k) (cf. Proposition 2.46) and one readily checks that
σQ|p = γ · σP|p · γ −1 .
It follows that the conjugacy class [p, E/k] of σP|p in Gal(E/k) depends only on
the prime p. An element of [p, E/k] is called a Frobenius element of E/k at p. In
particular, if E is an abelian extension of k (id est Gal(E/k) is an abelian group),
then [p, E/k] is the unique element of Gal(E/k) satisfying
[p, E/k](α) ≡ αNp (mod p · OE )
for each α in OE , and is called the Frobenius element of E/k at p. If k = Q and
p = pZ, one write [p, E/Q] as a shorthand for [pZ, E/Q].
Example 2.50. Let n be a positive integer and let k = Q(ζn ) be the n-th
cyclotomic field. Let ` be a rational prime which does not divide n. Since the
absolute value of dk is a power of n (cf. the proof of Theorem 2.24), the prime `
is unramified in k by Proposition 2.44. Since the Galois group Gal(Q(ζn )/Q) is
abelian, one can consider the Frobenius element [`, Q(ζn )/Q] at `. We claim that
(15) [`, Q(ζn )/Q](ζn ) = ζn` .
Indeed, if [`, Q(ζn )/Q](ζn ) = ζnb for some integer b coprime to n, one has
(16) ζnb−` = [`, Q(ζn )/Q](ζn ) · ζn−` ≡ 1 (mod ` · OQ(ζn ) )
by the characterising property of the Frobenius element [`, Q(ζn )/Q]. Evaluating
Qn−1
at 1 both sides of the identity 1 + T + · · · + T n−1 = a=1 (T − ζna ) yields
n−1
Y
n= (1 − ζna ).
a=1
 GALOIS GROUPS OVER Q: A FIRST COURSE 35

Since ` does not divide n, this implies that ζna is not congruent to 1 modulo `·OQ(ζn )
for each 1 6 a 6 n − 1, hence the claim (15) follows from Equation (16). As a
consequence, the order f` of [`, Q(ζn )/Q] in Gal(Q(ζn )/Q) ' (Z/nZ)∗ is equal to
that of ` in the group (Z/nZ)∗ , id est is the smallest positive integer such that
`f` ≡ 1 (mod n). On the other hand, by construction the order of the Frobenius
element [`, Q(ζn )/Q] is equal to the inertia degree of any prime of Q(ζn ) dividing
`, hence Proposition 2.46 and the fundamental identity Proposition 2.36 prove that
` · OQ(ζn ) = L1 · · · Lg`
is the product of g` = φ(n)/f` distinct primes of Q(ζn ), each of which has inertia
degree f (Li |`) = f` over `. In particular, ` splits completely in Q(ζn ) (id est
g` = [Q(ζn ) : Q]) if and only if ` ≡ 1 (mod n), and ` is a prime element of OQ(ζn )
precisely if the group (Z/nZ)∗ is cyclic generated by `. (For example, 3 is a prime
element of OQ(ζ31 ) = Z[ζ31 ], the ideal 61 · OQ(ζ31 ) is the product of 2 distinct primes
of Q(ζ31 ) and 311 · OQ(ζ31 ) is the product of 30 distinct primes of Q(ζ31 ).)
Example 2.51. Let n be a positive integer and let p be a prime dividing n,
say n = pr · m with r > 1 and p - m. Let f = fp (n) be the order of p in the group
(Z/mZ)∗ and set g = gp (n) = φ(m)/f . We claim that there are g distinct primes
{Pi }gi=1 of Q(ζn ) dividing p, each of which has inertia degree f and ramification
index φ(pr ) over p. In particular one has (cf. Theorem 2.24)
r
p · Z[ζn ] = (P1 · · · Pg )φ(p ) .
Indeed, Example 2.40 proves that there exists a unique prime p = (1 − ζpr ) · Z[ζpr ]
of Q(ζpr ) dividing p, such that e(p|p) = φ(pr ) and f (p|p) = 1. Moreover Example
2.50 shows that p is unramified in Q(ζm ), and that there are precisely g distinct
primes p1 , . . . , pg of Q(ζm ) dividing p, having inertia degree f . For each 1 6 i 6 g,
there exists a prime Pi of Q(ζn ) dividing pi (cf. Lemma 2.32), which necessarily
divides p. For each 1 6 i 6 g one has then
e(Pi |p) = e(Pi |p) · e(p|p) > φ(pr ) and f (Pi |p) = f (Pi |pi ) · f (pi |p) > f
by Lemma 2.33, hence
e(Pi |p) · f (Pi |p) · g > φ(pr ) · φ(m) = [Q(ζn ) : Q].
The claim follows from the previous equation and Remark 2.47.
We summarise Examples 2.40, 2.50 and 2.51 in the following theorem.
Theorem 2.52. Let n be a positive integer and let p be a rational prime. Write
n = pr ·m with r > 0 and p - m, let fp (n) be the order of p in the group (Z/mZ)∗ and
gp (n)
set gp (n) = φ(m)/fp (n). Then there are precisely gp (n) distinct primes {pi }i=1 of
r
Q(ζn ) dividing p, having ramification index φ(p ) and inertia degree fp (n) over p:
r
p · Z[ζn ] = (p1 · · · pgp (n) )φ(p ) .
In particular p ramifies in Q(ζn ) precisely if p divides n.
Example 2.53 (Hensel). Let p be a rational prime such that p ≡ 1 (mod 3)
and 2 is a cube in Fp∗ (e.g. p = 31). Let k be the unique cubic subfield of Q(ζp ).
We claim that Ok 6= Z[α] for each α in Ok . Indeed, assume ad absurdum that Ok is
generated by an algebraic integer α, and let f be the minimal polynomial of α over
Q. Since 2 is a cube in F∗p , the Frobenius element [2, Q(ζp )/Q] is also a cube in
Gal(Q(ζp )/Q) ' F∗p (cf. Example 2.50), hence it restricts to the identity on k. On
the other hand (by construction) the restriction of [2, Q(ζp )/Q] to k is equal to the
Frobenius [2, k/Q] of k/Q at 2, hence [2, k/Q] = idk . This means that each prime
of k dividing 2 has inertia degree 1, so that 2·Ok is a product of 3 distinct primes of
k by Proposition 2.36. It then follows from Proposition 2.35 that the reduction f2
36 RODOLFO VENERUCCI

of f modulo 2 splits in F2 [T ] as the product of three distinct degree-one irreducible

factors. This is absurd, because the polynomial f2 has degree three and there are
only two irreducible degree-one polynomials in F2 [T ].
Example 2.54. Example 2.48 shows that no rational prime p 6 47 is a prime
element of the ring of integers of the splitting field E of f = T 3 + T + 1 over Q.
We claim that no rational prime p can generate a prime ideal of E. Indeed, if
p · OE = p were a prime of E, then the Galois group G = Gal(E/Q) of f over Q
would be isomorphic to the Galois group of Fp over Fp by Proposition 2.49. This
is impossible, since G is isomorphic to the symmetric group S3 , which is not cyclic.
2.7.1. Proof of Proposition 1.2. The following proposition, due to Dedekind, is
a more precise version of Proposition 1.2 stated in Section 1.2.
Proposition 2.55. Let f be a monic polynomial with integral coefficients, and
let p be a rational prime such that the reduction fp of f modulo p is separable. Let
p be a prime of the splitting field Q(f ) of f over Q dividing p. Denote by Z(f ) the
set of complex roots of f , and by Z(fp ) the set of roots of fp in Fp .
• The residue field Fp of k at p is a splitting field of fp over Fp .
• Reduction modulo p yields a bijection between Z(f ) and Z(fp ).
• The reduction map redp : G(p|p) −→ Gal(Fp /Fp ) is an isomorphism.

Proof. Set Of = OQ Q(f ) , and denote by x̄ = x + p in Fp Qthe reduction of x in

Of modulo p. Then f = α∈Z(f ) (T −α)mα in Of [T ] and fp = α∈Z(f ) (T − ᾱ)mα in
Fp [T ], where mα > 1 is the multiplicity of the root α of f . Since by assumption fp is
separable, it follows that (f is separable and that) the map sending α to its reduction
ᾱ modulo p is a bijection between Z(f ) and Z(fp ). If σ is an element of G(p|p) such
that σ̄ = redp (σ) restricts to the identity on Fp (Z(fp )), then ᾱ = σ̄(ᾱ) = σ(α),
hence α = σ(α), for each α in Z(f ). This implies that the composition
G(p|p) −→ Gal(Fp /Fp ) − Gal(Fp (Z(fp ))/Fp )
of redp with restriction to Fp (Z(fp )) is injective. Since redp is surjective by Propo-
sition 2.49, the statement follows. 
With the notations and assumptions of Proposition 2.55, set
Φf,p = red−1
p : G(fp ) ,−→ G(f ),

where G(fp ) = Gal(Fp /Fp ), and define

rf,p : Z(f ) ' Z(fp )
to be the reduction modulo p map. Then
rf,p (Φf,p (τ )(α)) = rf,p (σ(α)) = τ (rf,p (α))
for any σ in G(p|p) and α in Z(f ), where τ = redp (σ). This proves Proposition 1.2.

2.8. Exercises.
Exercise 2.56. Let A be a ring, let B be a ring containing A, and let b be an
element of B. Show that the following properties are equivalent.
• b satisfies a monic equation with coefficients in A.
• The sub-ring A[b] of B is a finitely generated A-module.
• There exists a faithful A[b]-module which is a finitely generated A-module.
(Recall that a module M over a ring R is faithful if r · M is non-zero for each non-
zero element r of R.) One says that b is integral over A if it satisfies the previous
equivalent conditions.
 GALOIS GROUPS OVER Q: A FIRST COURSE 37

Exercise 2.57. With the notations of Exercise 2.56, prove that the set of
elements of B which are integral over A is an A-sub-algebra of B, called the integral
closure of A in B.
Exercise 2.58. Let B be a finite free A-algebra of rank n, let I be an ideal
of A, and set Ā = A/I and B̄ = B/IB. Prove that B̄ is a finite free Ā-algebra of
rank n, and that TrB̄/Ā (b + IB) = TrB/A (b) + I and NB̄/Ā (b + IB) = NB/A (b) + I
for each b in B.
Exercise 2.59. Use Proposition 2.8 to prove Proposition 2.7 (namely the tran-
sitivity of the trace and the norm) in the special case where A is a field and B and
C are finite separable extensions of A.
Exercise 2.60. For an extension E/k of number fields, prove that
• the trace TrE/k and the norm NE/k map OE into Ok ;
• the norm NE/k (α) of an algebraic integer α of E belongs to α · OE ;
• an algebraic integer α of E is invertible in OE if and only if its norm
NE/k (α) is invertible in Ok .
Exercise 2.61. Let B and B 0 be finite free A-algebras, and let I be an ideal
of A. Set Ā = A/I and B̄ = B/IB. Prove that
DB×B 0 /A = DB/A · DB 0 /A and DB̄/Ā = DB/A ,
where DB/A is the image of DB/A under the natural projection A −→ Ā.
Exercise 2.62. Generalise Example 2.14 by proving that
φ(pm )−1
m−1
DQ(ζpm )/Q 1, ζpm , . . . , ζpm = ε · pp (pm−m−1)

for each rational prime p and each positive integer m, where ε = −1 if either pm = 4
or p is congruent to 3 modulo 4, and ε = 1 otherwise. (Here as usual ζpm denotes
m
the pm -th primitive complex root of unit e2πi/p .)
Exercise 2.63. Let p be an odd rational prime, let m be a positive integer,
p−1 √
and set p∗ = (−1) 2 · p. Prove that Q( p∗ ) is the the unique quadratic subfield
of the pm -th cyclotomic field Q(ζpm ).
Exercise 2.64. Describe the quadratic subfields of Q(ζ2m ) for each m > 2.
Exercise 2.65. Let k be a number field. Prove that the quotient ring Ok /I is
finite for each non-zero ideal I of Ok . (Hint: prove first that Nk/Q (I) is contained in
I, deduce then that I ∩ Z is non-zero, and finally use Proposition 2.15 to conclude.)
Exercise 2.66. Let k be a number field, and let I be a non-zero ideal of Ok .
Show that I is a free abelian group of rank [k : Q]. (Hint: use Exercise 2.65).
√
Exercise 2.67. Let d 6= 1 be a square-free integer, and let d be a complex
square root of d. Show that dQ(√d) = d if d is congruent to 1 modulo 4, and that
dQ(√d) = 4d if d is congruent to 2 or 3 modulo 4.
Exercise 2.68. Let d 6= 1 and d0 be square-free integers such that d ≡ 1
(mod 4) and d0 ≡ 2, 3 (mod 4). Set m = dd0 /(d, d0 )2 and prove that
√ √ √
1+ d √ d0 + m
Ok·k0 = Z · ⊕ Z · 0
⊕Z· d ⊕Z· .
2 2
Exercise 2.69. Show that the discriminant dk of a number field k is either
divisible by 4 or congruent to 1 modulo 4. (Hint: let {σi }i6n be the distinct
embeddings of k into C, let {ωi }i6n be a Z-basis of P Ok , and set aij = σi (ωj ).
Then dk = (P − N )2 = (P + N )2 − 4P N with P = τ ∈Sn+ a1τ (1) · · · a1τ (n) and
N = τ ∈Sn− a1τ (1) · · · a1τ (n) , where Sn± = {τ ∈ Sn : sign(τ ) = ±1}.)
P
38 RODOLFO VENERUCCI

Exercise 2.70. Prove that, if k and k 0 are number fields such that
[kk 0 : Q] = [k : Q] · [k 0 : Q],
then
[k0 :Q] [k:Q]
dkk0 = dk · dk0 .
Exercise 2.71. Show that for each positive integer n one has
nϕ(n)
dQ(ζn ) = (−1)ϕ(n)/2 · Q ϕ(n)/(p−1)
,
p|n p

where the product runs over the prime divisors of n.

Exercise 2.72. Let n be a positive integer. Show that Q(ζn + ζn−1 ) is the
maximal real subfield of Q(ζn ), and that its ring of integers is generated by ζn +ζn−1 :
OQ(ζn +ζn−1 ) = Z[ζn + ζn−1 ].
Exercise 2.73. Let Γ = (Γ, 6) be a partially order set. One says that Γ
satisfies the ascending chain condition (acc for short) if any ascending sequence
γ1 6 γ2 6 · · · of elements of Γ stabilises (id est there exists N = N (γi ) > 1 such
that γN = γN +i for all i > 0). Show that the following properties are equivalent.
1. The partially ordered set Γ satisfies the acc.
2. Each non-empty subset of Γ has a maximal element.
Moreover, prove that a ring A is Noetherian if and only if the set of ideals of A
(partially ordered by inclusion) satisfies the acc.
Exercise 2.74. Prove that a unique factorisation domain is integrally closed.
Exercise 2.75. Let A be a ring, let I be an ideal of A, set Ā = A/I and let
π : A −→ Ā be the natural projection. Show that the map
π : {Ideals of A containing I} −→ {Ideals of Ā}
sending an ideal J of A containing I to π(J) is a bijection preserving inclusions and
such that π −1 (π(J)) = J. Moreover, show that π(J) is a prime ideal of Ā if and
only if J is a prime of A.
Exercise 2.76. Let g be a positive integer, let I1 , . . . , Ig be ideals of a ring
A such that Ii + Ij = A for each i 6= j, let e1 , . . . , eg be positive integers and set
e e
I = I1e1 · · · Ig g . Show that Iiei + Ij j = A for each i 6= j, and that the natural map
Qg
A −→ i A/Iiei yields a ring isomorphism A/I ' i=1 A/Iiei .
Q

Exercise 2.77. Let k be a number field. Define the norm N(a) of a non-zero
ideal a of Ok as the cardinality of Ok /a. Prove the following statements.
• One has N(a · b) = N(a) · N(b) for each non-zero ideals a and b of Ok .
• For each α in Ok one has N(α · OK ) = |Nk/Q (α)|.
(Hint. Let p be a prime of k, and let πp be an element in p − p2 . Prove that, for
each positive integer r, multiplication by πpr induces an isomorphism of Fp -vector
spaces between Fp = O/p and pr /pr+1 . Deduce that N(p)r = N(p)r , and then use
Exercise 2.76 to prove the first statement. To prove the second statement, use the
elementary divisor theorem and the definition of the norm.)
Exercise 2.78.
Exercise 2.79. Let E/k be an extension of number fields and let p be a prime
of k. Let P1 , . . . , Pg be the primes of E dividing p, and for each 1 6 i 6 g set
ei = e(Pi |p) and fi = f (Pi |p). Prove the following statements.
1. The Fp -vector space OE /p · OE has dimension [E : k].
 GALOIS GROUPS OVER Q: A FIRST COURSE 39

ei
PgOE /Pi has dimension ei · fi .
2. The Fp -vector space
3. One has [E : k] = i=1 ei · fi .
(Hint. Prove first the statements in the special case k = Q.)
40 RODOLFO VENERUCCI

3. Solutions to selected exercises

√
Solution
√ to Exercise 2.68.√ By Example
√ 2.5 one has Ok = Z[(1 + d)/2] and
√ d
Ok0 = Z[ d0 ]. Note that m · d = r · d0 with r = ± (d,d 0 ) . Moreover, since by

assumption d is odd, r − 1 is even. It follows that

√ √ √
√ 1+ d r−1 √ 0 d0 + m
m· − · d =
2 2 2
belongs to Ok · Ok0 ⊂ Ok·k0 . As a consequence the group
√ √ √
1+ d √ d0 + m
O =Z⊕Z· 0
⊕Z· d ⊕Z·
2 2
is √
contained
√ in Ok·k0 . Conversely, let α be an algebraic integer in k · k 0 . Since
√
1, d, d and m form a Q-basis of k · k 0 , one has
0
√ √ √
α = x0 + x1 · d + x2 · d0 + x3 · m
for (unique) rational numbers xi . After setting K = k · k 0 , one has
√
TrK/k0 (α) = 2x0 + 2x2 · d0 ∈ Ok0 ,
n0 n2
hence x0 = 2 and x2 = 2 for some integers n0 and n1 . Similarly
√ √
TrK/k (α) − n0 = 2x1 · d ∈ OC and TrK/Q(√m) (α) − n0 = 2x3 · m ∈ OC ,
n1
which implies that x1 = and x3 = n23 for integers n1 and n3 (why?). Then
2
1 √ √ √

α = n0 + n1 · d + n2 · d0 + n3 · m .
2
for each algebraic integer α in OK . On the other hand, if t = mcd(d, d0 ), then
√
α(1 − d) 1 √ √ √
= n0 − dn1 + (n1 − n0 ) d + (n2 − n3 d/t) d0 + (n3 − n2 t) m
2 4
is an element of OK , so that (since d and t are odd)
n0 − n1 n2 − n3
l0 = and l1 =
2 2
are integers. As a consequence
√ √ √
1+ d √ d0 + m
α = l0 + n 1 · 0
+ l1 · d + n3 ·
2 2
belongs to O, as was to be shown.
Solution to Exercise 2.77. We prove the first statement (id est the multiplica-
tivity of N). According to Exercise 2.76 it is sufficient to show that N(pr ) = N(p)r
for each prime p of k and each positive integer r. The identity on Ok induces a
surjective morphism Ok /pr+1 −→ Ok /pr with kernel pr /pr+1 . By induction on r,
it is then sufficient to prove that pr /pr+1 and Fp = Ok /p have the same cardinality,
for each positive integer r. In order to show this, let α be an element of pr − pr+1 .
We claim that multiplication by α on Ok induces an isomorphism
mα : Ok /p ' pr /pr+1 .
Indeed one has α · Ok + pr+1 = mcd(α · Ok , pr+1 ) = pr , hence mα is surjective. If
mα (β + p) = 0, then α · β belongs to α · Ok ∩ pr = lcm(α · Ok , pr+1 ) = pr+1 , hence
β belongs to p. This shows that mα is injective, thus proving the claim.
We prove the second statement. Quite generally, let M and N be two free Z-
modules of rank n > 1, and let γ : M −→ N be an injective morphism of groups. By
the elementary divisor theorem there exist Ln a Z-basis ω = {ω1 , . . . , ωn } and positive
integers d1 , . . . , dn such that γ(M ) = i=1 di Z · ωi . Define ηi = ηi (ω) in M by
the identity γ(ηi ) = di · ω. Then η = {η1 , · · · ηn } is a Z-basis of M and the matrix
 GALOIS GROUPS OVER Q: A FIRST COURSE 41

mηω (γ) representing γ in the Z-bases η and ω is the diagonal matrix with diagonal
entries d1 , . . . , dn . In particular one has |N/γ(M )| = det(mηω (γ)). If b and b0 are
any Z-bases of M and N respectively, and if mbb0 (γ) is the matrix representing γ in
these bases, then det(mbb0 (γ)) = ± det(mηω0 (γ)), hence |N/γ(N )| = | det(mbb0 (γ))|.
Taking M = N = Ok (cf. Proposition 2.15), γ equal to multiplication by α and
b = b0 any Z-basis of Ok , one gets
N(α · Ok ) = |Ok /α · Ok | = |NOk /Z (α)| = |Nk/Q (α)|
(by the definitions of NOk /Z and Nk/Q ), concluding the proof.

Solution to Exercise 2.79. We first prove 2. According to Exercise 2.77

|OE /Pri | = N(Pri ) = N(Pi )r = |FPi |r = |Fp |fi ·r ,
hence
dimFp OE /Pei i = r · fi ,
for each positive integer r. Taking r = ei proves 2.
In light of Exercise 2.76 and the previous equation, one has
g
X
(17) dimFp OE /p · OE = e i · fi .
i=1

It then remains to prove 1, namely that OE /p · OE has dimension [E : k] over Fp .

We first prove 1 when k = Q. In this case p = pZ is the ideal of Z generated
by a rational prime p. Since OE is a free Z-module of rank [E : Q], the quotient
group OE /p · OE is a free Fp -module of rank [E : Q], id est an Fp -vector space of
dimension [E : Q], thus proving 1 when k = Q. In particular we have proved the
fundamental identity 3 in the special case k = Q.
We now show that the dimension of OE /p · OE over Fp is bounded above by
the degree n = [E : k] of the extension E/k:
(18) dimFp OE /p · OE 6 [E : k].
Indeed, let β1 , . . . , βn+1 be elements of OE , and denote by x̄ = x + p · OE the image
in OE /p·OE of an element x of OE . We have to show that the elements β̄1 , . . . , β̄n+1
are linearly dependent over Fp . Since β1 , . . . , βn+1 are linearly dependent over k,
they are linearly dependent over Ok (why?), hence there exist elements α1 , . . . , αn+1
Pn+1 Pn+1
of Ok , not all equal to zero, such that i=1 αi · βi = 0. Set a = i=1 αi · Ok .
Since a is non-zero and Pn+1 p 6= Ok = a · a−1 , there exists γ in k ∗ such that γ · a ⊂ Ok
and γ · a 6⊂ p. Then i=1 γ · αi · β̄i = 0 is an Fp -linear dependence relation among
the elements β̄1 , . . . , β̄n+1 . Equation (18) follows.
We now conclude the proof of 1 in the general case. Let p be the rational prime
lying below p, let p1 = p, . . . , ps be the primes of k dividing p, and let ni be the
dimension of OE /pi · OE over Fpi . One has
s
Y P
p[E:Q]
= N(p · OE ) = N(pi · OE )e(pi |p) = p i ni ·f (pi |p)·e(pi |p)
,
i=1

where the first equality follows from the special case of 1 proved above and the
second from Exercise 2.77. By the special case of 3 proved above, one has
X
[k : Q] = f (pi |p) · e(pi |p).
i

The previous two equations give

X
([E : k] − ni ) · f (pi |p) · e(pi |p) = 0,
i
42 RODOLFO VENERUCCI

and since [E : k] > ni for each i by Equation (18), one deduces [E : k] = ni for
each i. In particular [E : k] = n1 , thus proving 1 in the general case.

Acknowledgements. I thank Giacomo Franceschina for sending me comments

and corrections.

References
[1] A. I. Borevich and I. R. Shafarevich, Number theory, Translated from the Russian by
Newcomb Greenleaf. Pure and Applied Mathematics, Vol. 20, Academic Press, New York-
London, 1966. 18
[2] N. Bourbaki, Éléments de mathématique. Algèbre. Chapitres 1 à 3, Hermann, Paris, 1970.
11
[3] P. Stevenhagen and H. W. Lenstra, Jr., Chebotarëv and his density theorem, Math.
Intelligencer, 18 (1996), pp. 26–37. 7

Rodolfo Venerucci: Università degli Studi di Milano

Email address: [email protected]