GALOIS THEORY
FRED DIAMOND*, KING’S COLLEGE LONDON
Galois theory is, roughly speaking, the study of symmetries of solutions of polynomial equations. The most familiar example of such
a symmetry is the interchangeability of the complex numbers i and
−i. During the semester, we will make this notion precise by defining
Galois groups, prove the Fundamental Theorem of Galois Theory, calculate examples, and deduce some consequences, including the criterion
for a polynomial to be solvable by radicals.
1. Review of rings
First we need to review some basic facts from ring theory, beginning
with the definition:
Def inition 1.1. A commutative ring is a set R equipped with two
binary operations, addition + and multiplication × such that:
(i) R is an abelian group under addition;
(ii) multiplication is commutative, associative and has an identity
element;
(iii) multiplication is distributive over addition i.e.
r × (s + t) = (r × s) + (r × t) for all r, s, t ∈ R.
We will only consider commutative rings, i.e., rings for which multiplication is commutative, so from now on, we will just say ring instead
of commutative ring. Recall that a (multiplicative) identity element is
an element 1R ∈ R such that 1R × r = r for all r ∈ R (so necessarily
r × 1R = r as well since multiplication is commutative). An easy exercise shows such an element is unique, i.e., if e × r = r for all r ∈ R,
then e = 1R . We let 0R denote the additive identity element of the ring
R; another easy exercise shows that 0R × r = r = 0R for all r ∈ R.
We usually omit the subscripts and just write 0 and 1 for the additive
and multiplicative identities. (We might sometimes include them for
emphasis, for example if more than one ring is involved.) We also
usually omit the × symbol for multiplication, and write simply rs for
r × s.
Date: Semester 2, 2016–17
*Based on prior year’s notes by David Burns, Mahesh Kakde and Payman
Kassaei.
1
2
Example 1.2. The most familiar examples of rings are Z (the integers), Q (the rational numbers), R (the real numbers) and C (the
complex numbers) equipped with their usual addition and multiplication.
Example 1.3. For a fixed positive integer n, define the ring Z/nZ of
integers modulo n as follows: first define an equivalence relation ∼ on
Z by
a ∼ b if a ≡ b mod n.
Then elements of Z/nZ are equivalence classes under this equivalence
relation, i.e. they are subsets of Z:
[a] = { b ∈ Z | a ≡ b mod n }
= {b ∈ Z | b = a + kn for some k ∈ Z }.
Addition and multiplication are defined as follows:
[a] + [b] = [a + b]
and
[a][b] = [ab].
Example 1.4. If R is a ring and X is an indeterminate we define the
ring of polynomials in X over R, denoted by R[X], to be
R[X] = { c0 X 0 +c1 X 1 +c2 X 2 +· · ·+cn X n | n ≥ 0, ci ∈ R for i = 0, . . . , n }.
We use the following familiar conventions: we may omit ci X i when
ci = 0R , write ci X i as X i when ci = 1R , write X for X 1 , and view R as
a subset of R[X] by identifying r ∈ R with rX 0 ; in particular X 0 = 1R .
We define addition and multiplication on R[X] as follows:
!
!
n
n
n
X
X
X
i
0 i
ci X +
ci X =
(ci + c0i )X i
i=0
m
X
i=0
!
ci X i
×
i=0
n
X
j=0
!
c0i X i
=
i=0
m+n
X
X
k=0
i+j=k
!
ci c0j
X k.
If f ∈ R[X] and f 6= 0, then we define the degree of f to be n if
f = c0 + c1 X + c2 X 2 + · · · + cn X n with cn 6= 0; we define deg 0 = −∞.
If Y is another indeterminate, then we define R[X, Y ] = (R[X]) [Y ]
(called the ring of polynomials in X and Y over R); one can similarly
define R[X1 , X2 , . . . , Xn ].
Def inition 1.5. If R is a ring and r ∈ R, then we say r is a unit in R
if r has a multiplicative inverse in R, i.e. rs = 1R for some s ∈ R. We
let R× denote the set of units in R; it is an abelian group under ×.
Example 1.6. We find that
(i) Z× = {±1};
(ii) Q× = Q − {0}, R× = R − {0}, C× = C − {0};
(iii) (Z/nZ)× = { [a] | gcd(a, n) = 1 };
(iv) (R[X])× = R× (see Example 1.10 below).
GALOIS THEORY
3
Def inition 1.7. We say a ring R is a field if R× = R − {0R }, i.e.
0R 6= 1R and every non-zero element of R is a unit. We say a ring R is
an integral domain if 0R 6= 1R and the following holds:
rs = 0R ,
r, s ∈ R
⇒
r = 0R or s = 0R .
Note that if R is a field, then R is necessarily an integral domain.
We sometimes just say domain instead of integral domain.
Another easy exercise show that the following “cancellation law”
holds if R is an integral domain:
rs = rt,
r, s, t ∈ R,
r 6= 0R
⇒
s = t.
Example 1.8. Q, R and C are fields; Z is an integral domain, but not
a field.
Example 1.9. Z/nZ is a field if n is a prime; otherwise it is not even an
integral domain, since if n factors as ab, then [a][b] = [ab] = [n] = [0].
(Note that if n = 1, then [0] = [1], so the requirement that 0R 6= 1R
stops this being an integral domain.)
Example 1.10. If R is an integral domain, then so is R[X]. To see
this, suppose f and g are non-zero polynomials in R[X], say of degree
m
n
X
X
i
m and n, so f =
ai X and g =
bj X j with am 6= 0 and bn 6= 0.
i=0
i=0
Since R is an integral domain, am bn 6= 0, so f g 6= 0, showing that R[X]
is an integral domain. In fact note that deg(f g) = m + n, from which
it follows that (R[X])× = R× whenever R is a domain (if f g = 1, then
m + n = 0, so m = n = 0 shows that in fact f, g ∈ R, and hence in R×
since f g = 1). Note that this can fail if R is not an integral domain,
e.g. if R = Z/4Z, then (1 + [2]X)2 = 1 in R[X], so 1 + 2[X] is a unit
in R[X].
Def inition 1.11. We say a subset S of a ring R is a subring of R
if 1R ∈ S and S is also a ring under the addition and multiplication
operations on R. (In particular, S is closed under these operations.)
Example 1.12. Each of the rings Z, Q, R, C is a subring of each of
the larger rings (and of itself). Every ring R is a subring of R[X] (and
more generally of R[X1 , X2 , . . . , Xn ]).
Example 1.13. Some “non-examples”: the subsets 2Z, N and {0} of
Z are closed under + and ×, but fail to be subrings of Z.
Def inition 1.14. If R and S are rings, then a function φ : R → S is
called a ring homomorphism if the following hold:
(i) φ(r1 + r2 ) = φ(r1 ) + φ(r2 ) for all r1 , r2 ∈ R;
(ii) φ(r1 )φ(r2 ) = φ(r1 r2 ) for all r1 , r2 ∈ R;
(iii) φ(1R ) = 1S .
4
Note that the operations on the left-hand side of the equalities in (i)
and (ii) are those of R, while those on the right-hand side are those of S.
Condition (i) means φ is a group homomorphism (viewing R and S as
abelian groups under addition), so we automatically have φ(0R ) = 0S ,
but condition (iii) is needed in order to rule out the function φ(r) = 0S ,
which always satisfies (i) and (ii), but is only a ring homomorphism if
0S = 1S , i.e., S = {0S }.
We will sometimes just say homomorphism if it’s clear from the context that we mean a ring homomorphism.
Example 1.15. The function φ : Z → Z/nZ defined by φ(a) = [a] is
a ring homomorphism.
Example 1.16. The function φ : C → C defined by φ(z) = z (complex
conjugation) is a ring homomorphism; in fact, it is a ring isomorphism,
i.e., a bijective ring homomorphism. A standard exercise shows that
if φ : R → S is a ring isomorphism, then so is its inverse function
φ−1 : S → R. (But in this example, what is φ−1 ?)
Example 1.17. The function φ : Q[X] → Q defined by φ(f ) = f (3)
is a (ring) homomorphism. In fact, for any ring R, r ∈ R and subring
S of R, the function φ(f ) = f (r), i.e.,
!
n
n
X
X
i
φ
ci X =
ci r i
i=0
i=0
defines a homomorphism φ : S[X] → R, called evaluation at r.
Example 1.18. For any ring R, there is a unique homomorphism
φ : Z → R, called the characteristic homomorphism, defined as follows:

1R + . . . + 1R
if n > 0

|
{z
}



n
−(1R + . . . + 1R ) if n < 0
φ(n) =
|
{z
}



−n

0R
if n = 0.
The composite of two homomorphisms is a homomorphism; i.e., if
φ : R → S and ψ : S → T are homomorphisms, then so is ψ ◦ φ : R →
T . The composite of two isomorphisms is an isomorphism. If there is
an isomorphism from R to S, then we say R and S are isomorphic.
If φ : R → S is a homomorphism, then φ is a group homomorphism
(for addition), so its kernel and image:
ker(φ) = { r ∈ R | φ(r) = 0S }, and
im(φ) = { s ∈ S | s = φ(r) for some r ∈ R }
are subgroups of R, respectively S, under addition. It is easy to see
that im(φ) is in fact a subring of S, but ker(φ) is not a subring of R
(unless S = {0S } so that ker(φ) = R). Instead ker(φ) is another type
of special subset of R:
GALOIS THEORY
5
Def inition 1.19. A subset I of a ring R is called an ideal of R if
(i) I is a subgroup of R under addition;
(ii) ra ∈ I for all r ∈ R, a ∈ I.
This is often denoted as I C R.
Example 1.20. If φ : R → S is a ring homomorphism, then ker(φ)
is an ideal of R. (We already know that (i) holds; for (ii) note that
if a ∈ ker(φ), then φ(a) = 0, so φ(ra) = φ(r)φ(a) = φ(r)0 = 0 shows
that ra ∈ ker(φ) for all r ∈ R.) For example, the homomorphism φ of
Example 1.15 has kernel nZ = { nk| k ∈ Z }, which is an ideal of Z.
Example 1.21. For any a ∈ R, define
aR = { ra | r ∈ R }.
This is an ideal in R, called the principal ideal generated by a. For
example, nZ is what we’ve already been calling nZ (fortunately). Note
that (−n)Z = nZ, and in general uaR = aR for any u ∈ R× .
The principal ideal generated by a is also sometimes denoted (a)
instead of aR if the ring R is understood from context.
Example 1.22. More generally, if a1 , . . . , ak are any elements of a ring
R, then
(a1 , . . . , ak )R = { r1 a1 + r2 a2 + · · · rk ak | r1 , r2 , . . . , rk ∈ R }
is an ideal, called the ideal generated by {a1 , . . . , ak } (sometimes simply
denoted (a1 , a2 , . . . , ak )). For example, the ideal of Z[X] generated by
{2, X} consists of the polynomials a0 + a1 X + · · · + an X n ∈ Z[X] such
that a0 is even.
Def inition 1.23. If a and b are elements of a ring R, then we say b is
divisible by a in R if b = ar for some r ∈ R. (We may also say a divides
b in R, or b is a multiple of a in R.) We use the notation a|b to mean
b is divisible by a in R. (Note that the reference to R is suppressed in
this notation, so must be clear from the context. Likewise, we might
just say b is divisible by a if R is clear from the context.) Note that
a|b
⇔
b ∈ aR
⇔
bR ⊂ aR.
Example 1.24. If R = Z, then divisibility has its usual meaning.
Example 1.25. For any r ∈ R, we have 1R |r, and r|0R . We also
always have that if r|s and s|t, then r|t.
Example 1.26. If r ∈ R, then 1R is divisible by r if and only if r ∈ R×
if and only if rR = R.
Proposition 1.27. A ring R is a field if and only if R has exactly two
ideals.
6
Proof. First suppose that R is a field. If I is an ideal of R, then
either I = {0R }, or there is a non-zero element a ∈ I, in which case
R = aR = I. (The first equality holds because a ∈ R× , the second
because a ∈ I ⇒ ar ∈ I for all r ∈ R since I C R.) Therefore the only
ideals of R are {0R }, and these are distinct because 1R 6= 0R .
Conversely, suppose that R is a ring with exactly two ideals. Note
that 0R 6= 1R , since if 0R = 1R , then {0R } would be the only ideal of R,.
Therefore the two ideals of R are precisely {0R } and R. In particular,
for any r ∈ R such that r 6= 0R , we must have rR = R, so r ∈ R× . Def inition 1.28. If R is a ring, then an ideal of the form aR is called
a principal ideal (see Example 1.21). We say R is a principal ideal
domain (or simply a PID) if R is an integral domain and every ideal of
R is principal.
Example 1.29. The ring Z is a PID. If I is an ideal of Z, then I is a
subgroup of Z under addition, and we know that every subgroup of Z
is of the form nZ, so I = nZ is principal.
Example 1.30. If R is a field, then R is a PID. Indeed R is an integral
domain, and by Proposition 1.27, the only ideals of R are {0R } = (0R )
and R = (1R ).
Example 1.31. If n is prime, then Z/nZ is a field, hence a PID. If
n ∈ Z is not prime, then every ideal of Z/nZ is principal (by the same
argument as in Example 1.29), but Z/nZ is not a PID since it is not
even an integral domain.
Example 1.32. If K is a field, then K[X] is a PID; this follows from
the Division Algorithm for polynomials, as we’ll recall in the next section.
Example 1.33. The ring Z[X] is an integral domain, but one can show
for instance that the ideal (2, X) (see Example 1.22) is not principal,
so Z[X] is not a PID.
Def inition 1.34. Suppose that r is an element of R is an integral
domain, and further that r 6= 0 and r 6∈ R× . We say that r is irreducible
in R if the following holds:
if r = st, s, t ∈ R, then either s ∈ R× or t ∈ R× .
Example 1.35. The integer n ∈ Z is irreducible if and only if n = ±p
for a prime number p. (Recall in the definition of irreducible element,
we assume r 6= 0, r 6∈ R× , so we rule out n = 0, ±1.)
Example 1.36. If K is a field, then for a polynomial f ∈ K[X] to be
irreducible has its usual meaning: i.e., deg(f ) > 0, and if f = gh for
some g, h ∈ K[X], then either deg(g) = 0 or deg(h) = 0. Note that
whether f is irreducible depends on the field K:√ X 2 − 2 √
is irreducible
in Q[X], but not in R[X] since X 2 − 2 = (X − 2)(X + 2) in R[X].
GALOIS THEORY
7
We leave the proof of the following as an exercise:
Proposition 1.37. Suppose that R is an integral domain, and that
r 6= 0 and r 6∈ R× . Then the following are equivalent:
(i) r is irreducible;
(ii) if s ∈ R and s|r, then s ∈ R× or r|s;
(iii) if s ∈ R and (r) ⊂ (s), then (s) = R or (s) = (r);
(iv) if I is a principal ideal containing (r), then I = R or I = (r).
We have the following notion related to irreducibility:
Def inition 1.38. If r is an element of a ring R, then we say that r is
a prime element in R if r 6∈ R× and the following holds:
if r|st, s, t ∈ R, then either r|s or r|t.
We sometimes say simply r is prime (in R).
Example 1.39. The prime elements of Z are 0 and ±p for p prime (in
the traditional sense).
Example 1.40. The element 0R is prime in R if and only if R is an
integral domain.
If R is an integral domain, then every non-zero prime element of
R is irreducible. If moreover R is a PID, then every irreducible element is prime. The proof is left as an exercise (which is easy using
Proposition 1.45 below).
Next we recall the notion of a quotient ring. If I is an ideal of R,
then I is subgroup of R under +, so we can consider the cosets (right
or left doesn’t matter since R is abelian) of I:
r + I = { r + a | a ∈ R }.
Recall that r + I = s + I if and only if r − s ∈ I, and that each element
of R is in precisely one such coset. We also write [r] for r + I if I is
clear from the context.
We then let R/I the set of cosets of I in R, i.e.,
R/I = { cosets of I in R } = { r + I | r ∈ R } = { [r] | r ∈ R }.
Since R is an abelian group under addition, the subgroup I is normal,
so R/I is a group under the operation + defined by [r] + [s] = [r + s].
The assumption that I is an ideal in R ensures that
[r] × [s] = [r × s]
is also a well-defined operation on R/I: if we choose different elements
of R to represent the cosets [r] and [s], then we still get the same result,
i.e., if [r] = [r0 ] and [s] = [s0 ], then [r ×s] = [r0 ×s0 ]. (Proof: if r0 = r +a
and s0 = s + b for some a, b ∈ I, then
(r0 s0 ) − rs = (r + a)(s + b) − rs = rb + (s + b)a ∈ I.)
8
It is easy to see that the resulting operation is commutative and associate, with identity [1R ], and distributive over + on R/I, so R/I is a
ring, called the quotient ring of R by I. We sometimes say “R mod I,”
and refer to the process as “modding out by I.”
Example 1.41. For n ∈ Z, we recover the construction of the ring
Z/nZ.
Example 1.42. For any ring, we can identify the quotient ring R/{0R }
with R itself. On the other hand, taking I = R gives R/R = {[0R ]}.
Lemma 1.43 (First isomorphism theorem for rings). Let φ : R → S
be a homomorphism of rings. Then φ induces an isomorphism of rings
φ : R/ ker(φ) → im(φ), defined by φ([r]) = φ(r).
Proof. This follows from the corresponding isomorphism theorem for
groups, which shows that φ is a well-defined isomorphism of abelian
groups. Now one just needs to check conditions (ii) and (iii) in the
definition of a ring homomorphism:
φ([r1 ][r2 ]) = φ([r1 r2 ]) = φ(r1 r2 ) = φ(r1 )φ(r2 ) = φ([r1 ])φ([r2 ]),
and φ([1R ]) = φ(1R ) = 1S = 1im(φ) .
Example 1.44. Consider the homomorphism φ : R[X] → C defined by
φ(f ) = f (i) (evaluation at i). Then φ is clearly surjective, so im(φ) =
C. We have X 2 + 1 ∈ ker(φ), so ker(φ) is an ideal containing (X 2 + 1).
Since R[X] is a PID, ker(φ) is principal, and since X 2 + 1 is irreducible,
the only principal ideals containing (X 2 + 1) are (X 2 + 1) and R[X] (by
Proposition 1.37). Clearly 1 6∈ ker(φ), so we have ker(φ) = (X 2 + 1).
The Isomorphism Theorem therefore tells us that R[X]/(X 2 + 1) is
isomorphic to C.
We will use the make the most use of the Isomorphism Theorem in
situations like the preceding example, when R = K[X] and ker(φ)
is the ideal generated by an irreducible polynomial, in which case
K[X]/ ker(φ) is a field, by the following Proposition:
Proposition 1.45. Suppose that r is an element of a ring R.
(i) Then r is prime in R if and only if R/(r) is an integral domain.
(ii) If R is a PID and r is irreducible in R, then R/(r) is a field.
Proof. First note that r|s if and only if s ∈ (r), i.e.[s] = [0].
(i) Suppose that r is prime in R. We must show that R/(r) is an
integral domain, so suppose that s, t ∈ R and [s][t] = [0] in R/(r).
Then [st] = [0], so r|st. Since r is prime, this implies that r|s or r|t,
i.e., [s] = [0] or [t] = [0]. Therefore R/(r) is an integral domain.
Suppose conversely that R/(r) is an integral domain. If r|st, then
[s][t] = [st] = [0], so [s] = [0] or [t] = [0], i.e., r|s or r|t. Therefore r is
prime.
GALOIS THEORY
9
(ii) Suppose that r is a PID and r is irreducible. In particular r 6∈ R× ,
so 1 6∈ (r), i.e., [1] 6= [0] in R/(r).
Now suppose s ∈ R and [s] 6= [0], i.e., s 6∈ (r). We must show
that [s] ∈ (R/(r))× . Consider the ideal (r, s) = { rx + sy | x, y ∈ R }
(see Example 1.22). Note that (r) ⊂ (r, s), and s ∈ (r, s) but s 6∈
(r), so (r) 6= (r, s). Since R is a PID, (r, s) is a principal ideal, so
Proposition 1.37 implies that (r, s) = R. Therefore 1 ∈ (r, s), i.e.,
1 = rx + sy for some x, y ∈ R. It follows that sy − 1 ∈ (r), so
[s][y] = [sy] = [1], and hence [s] ∈ (R/(r))× .
Remark 1.46. Part (i) is a special case of the following: R/I is a
domain if and only if I is a prime ideal, but we will not use the more
general notion of a prime ideal. Part (ii) is also a special case of a
more general fact: that R/I is a field if and only if I is a maximal ideal
(meaning I 6= R, and if J is an ideal of R containing I, then either
J = I or J = R).
2. Polynomial rings
We now focus on polynomial rings, especially over fields. Recall that
if R is a ring and f ∈ K[X], then we say that f has degree n (and
write deg f = n) if f = an X n + an−1 X n−1 + · · · + a0 with an 6= 0,
and we say f is monic if an = 1. We extend the definition of degree
to include the polynomial 0 by setting deg 0 = −∞, We always have
deg(f g) ≤ deg(f ) + deg(g) for f, g ∈ R[X], with equality if R is an
integral domain (or if f and g are monic). (Note that this holds also
if f or g is 0, with the obvious interpretation that n + (−∞) = −∞,
etc.)
Recall the following:
Theorem 2.1 (Division Algorithm). Suppose that K is a field, f, g ∈
K[X] and f 6= 0. Then there are unique elements q, r ∈ K[X] such
that the following hold:
(i) g = qf + r;
(ii) deg r < deg f .
This has the following consequences:
Theorem 2.2. If K is a field, then K[X] is a PID.
Proof. Since K is a field (hence an integral domain), we know that
K[X] is an integral domain.
We need to prove that every ideal of K[X] is principal, so suppose
that I is an ideal of K[X]. If I = {0}, then I is of course principal
(generated by 0), so suppose that I contains a non-zero element. Let
n be the minimum degree of the non-zero elements of I, and let f be
an element of I of degree n.
We claim that I = (f ) (using the notation (f ) for the ideal f K[X]).
Since f ∈ I and I is an ideal, we clearly have (f ) ⊂ I. To prove the
10
opposite inclusion, suppose g ∈ I. By the Division Algorithm, we have
g = f q + r for some q, r ∈ K[X] with deg(r) < deg(f ) = n. Since
f, g ∈ I, we have r = g − f q ∈ I, but I has no non-zero elements of
degree less than n, so r = 0. This proves that g = f q, i.e., g ∈ (f ). We
conclude that I = (f ), so I is principal.
Note that the polynomial f such that I = (f ) is unique up to
multiplication by an element of K × : If f and g are non-zero polynomials such that (f ) = (g) then f |g and g|f , so g = uf for some
u ∈ (K[X])× = K × . So for any non-zero ideal I of K[X], there is a
unique monic polynomial f such that I = (f ). (If I = {0}, then of
course the polynomial f such that I = (f ) is f = 0.)
Theorem 2.3. If K is a field and f ∈ K[X] is a non-zero polynomial,
then f = cr1 r2 · · · rk for some c ∈ K × , k ≥ 0*, and monic irreducible
polynomials r1 , . . . , rk ∈ K[X]. Moreover the expression is unique up
to reordering r1 , . . . , rk .
Proof. We prove the existence of the factorization by induction on
the degree of f . If deg f = 0, then f = c, so the statement holds with
k = 0.
Suppose now that deg f = n > 0 and that all non-zero polynomials
in K[X] of degree less than n have such a factorization.
If f = an X n + · · · + a0 is irreducible, then let c = an , k = 1, and
r1 = c−1 f .
If f is not irreducible, then f = gh for some polynomials g, h ∈
K[X] of degree less than n. By the induction hypothesis, we can write
g = ds1 · · · s` and h = et1 · · · tm for some d, e ∈ K × , `, m ≥ 0, and
irreducible polynomials s1 , . . . , s` , t1 , · · · , tm . We therefore have:
f = gh = des1 · · · s` t1 · · · tm ,
so the conclusion holds with c = de, k = ` + m, ri = si for i = 1, . . . , `
and rj+` = tj for j = 1, . . . , m.
We now prove the uniqueness assertion, again by induction on the
degree of f . If deg f = 0, then the unique such expression is clearly
f = c.
So suppose deg f = n > 0 and the uniqueness assertion holds for all
non-zero polynomials of degree less than n in K[X]. We must show
that if
f = cr1 r2 · · · rk = ds1 s2 · · · s`
×
for some c, d ∈ K , and monic irreducible r1 , . . . , rk , s1 , . . . , s` , then
c = d, k = `, and we may reorder s1 , s2 , . . . , s` so that si = ri for
i = 1, . . . , k.
Since deg f > 0, we must have k ≥ 1. Since rk is irreducible in K[X]
and K[X] is a PID, it follows that rk is a prime element in K[X]. Since
*If
k = 0, we interpret the equation with no factors r1 , . . . , rk as saying f = c.
GALOIS THEORY
11
f = ds1 · · · s` is divisible by the prime element rk , at least one of the
factors d, s1 , . . . , s` must be divisible by rk . Since d is not divisible by
rk , we may reorder the si so that s` is divisible by rk . Since both rk
and s` are monic and irreducible in K[X], we must have rk = s` , and
hence
ds1 · · · sk−1 = et1 · · · t`−1
are two factorizations of a polynomial of degree n − deg rk , which is
less than n. Therefore the induction hypothesis implies that c = d,
k − 1 = ` − 1, and we may reorder the remaining si so that ri = si for
i = 1, . . . , k − 1.
Remark 2.4. We have just proved that K[X] is a unique factorization
domain, or a UFD for short. It is true more generally that every
PID is a UFD, by an argument very similar to the one in the proof:
For the existence of factorizations, if an element is neither a unit nor
irreducible, then factor it, and iterate this process until the factors are
irreducible. However one needs to show this process terminates. We
did this for K[X] using the degree, but this is more subtle in general.
Note that the key point in proving the uniqueness of the factorization
was that irreducible elements of K[X] are prime. This property in
fact characterizes UFD’s, but in general the resulting factorizations
into irreducibles are unique up to reordering and mutliplication by
units. For K[X], we removed the ambiguity of units by requiring the
polynomials to be monic.
If f and g are non-zero polynomials in K[X], then (f, g)K[X] is a
non-zero ideal in K[X], so (f, g)K[X] = hK[X] for a unique monic
h ∈ K[X]. We call h the greatest common divisor (or gcd of f and
g, and denote it as gcd(f, g). Note that as with gcd’s of integers, we
have h|f , h|g and h = rf + sg for some r, s ∈ K[X]. We leave it as
an exercise to show that h coincides with the product of the common
irreducible factors of f and g (counting multiplicities appropriately).
Recall that if f is irreducible in K[X], then K[X]/(f ) is a field, This
turns out to be a useful way of constructing and describing fields that
contain K as a subfield. We would also like some practical ways of
determining whether a polynomial is irreducible.
If f is a polynomial in K[X] of degree 2 or 3, then either it is irreducible, or f = gh for some g, h ∈ K[X] with deg g = 1, so we can
assume g = X − a for some a ∈ K. But recall that
(X − a)|f
⇔
f (a) = 0.
(In other words, the kernel of the homomorphism φ : K[X] → K
defined by evaluation at a (i.e., φ(f ) = f (a)) is the ideal (X −a)K[X].)
So f (of degree 2 or 3) is irreducible if and only f has no roots in K;
for example X 3 − 4 is irreducible in Q[X]. But a polynomial of higher
12
degree may be reducible even if it has no roots in K; for example
X 4 − 4 = (X 2 + 2)(X 2 − 2) in Q[X], but has no roots in Q.
To establish more general criteria for irreducibility of polynomials in
Q[X], we will work with polynomials in Z[X].
Def inition 2.5. If f is a non-zero polynomial Z[X], we define the
content of f , denoted cf , to be the greatest common divisor of its coefficients; i.e., if f (X) = a0 +a1 X+· · ·+an X n , then cf = gcd(a0 , a1 , . . . , an ).
We say f is primitive if cf = 1.
Note that if f ∈ Z[X], f 6= 0, then f = cf f0 where f0 ∈ Z[X] and f0
is primitive. Moreover this is the only way to write f as cg with c ∈ Z,
c > 0 and g primitive, since if g is primitive, c ∈ Z, c > 0, then the
content of cg is c. For example, 12X 3 − 9x + 21 = 3(4X 3 − 3X + 7)
has content 3, and 4X 3 − 3X + 7 is primitive.
Lemma 2.6. If f and g are non-zero polynomials in Z[X], then cf g =
cf cg . In particular, f g is primitive if and only if f and g are both
primitive.
Proof. We first prove that if f and g are primitive, then so is f g. If f g
is not primitive, then its content is divisible by some prime number p,
and therefore f g is divisible by p in Z[X]. But p is a prime element of
Z[X] (by an exercise), so p|f or p|g, which contradicts the assumption
that f and g are primitive.
Now we prove the general statement. Write f = cf f0 and g = cg g0 ,
so f0 and g0 are primitive, and f g = (cf cg )(f0 g0 ). We have already
shown that since f0 and g0 are primitive, so is f0 g0 , and therefore the
content of f g is cf cg ; i.e., cf g = cf cg .
Finally, note that if f g is primitive, then cf cg = 1, so cf = cg = 1;
i.e., f and g are primitive.
We now return to irreducibility of polynomials.
Lemma 2.7 (Gauss’s Lemma). Suppose that f ∈ Z[X] is primitive.
Then f is irreducible in Z[X] if and only if f is irreducible in Q[X].
Proof. First suppose that f is irreducible in Q[X]. In particular, f is
not a unit in Q[X], so it is not a unit in Z[X]. Suppose that f = gh for
some g, h ∈ Z[X], necessarily also primitive. Viewing g, h ∈ Q[X], the
irreducibility of f in Q[X] means that deg g = 0 or deg h = 0. Since g
and h are primitive, it follows that g = ±1 or h = ±1, so g ∈ (Z[X])×
or h ∈ (Z[X])× . Therefore f is irreducible in Z[X].
Conversely suppose that f is irreducible in Z[X]. Note that deg f >
0, since the only primitive polynomials of degree 0 are ±1, but f 6∈
(Z[X])× . Therefore f is not a unit in Q[X]. Now suppose that f = gh
for some g, h ∈ Q[X]. Multiplying through by the denominators of
the coefficients of g and h gives polynomials g 0 = dg ∈ Z[X] and
GALOIS THEORY
13
h0 = eh ∈ Z[X], where d and e are positive integers. We now have
(de)f = g 0 h0 = cg0 ch0 g00 h00
with g00 and h00 primitive in Z[X]. Since f is primitive by assumption,
we have by Lemma 2.6 that de = cg0 h0 = cg0 ch0 , so f = g00 h00 . Since f
is irreducible in Z[X], it follows either g00 or h00 is a unit in Z[X]; in
particular one of them has degree 0, so the same is true for g = d−1 cg0 g00
or h = e−1 ch0 h00 ; i.e., either g or h is a unit in Q[X]. Therefore f is
irreducible in Q[X].
This already has the following corollary, whose proof we leave as an
exercise:
Corollary 2.8. If f (X) = a0 + a1 X + · · · + an X n ∈ Z[X] and f (r) = 0
for some r ∈ Q, then r = d/e for some d, e ∈ Z with d|a0 and e|an .
Example 2.9. By the corollary, the only possible roots of f (X) =
3X 3 + 2X − 4 in Q are r = ±1, ±2, ±4, ± 31 , ± 23 , ± 43 . One can check
that f (r) 6= 0 for each of these values of r; since f has degree 3 and no
roots in Q, f must be irreducible in Q[X].
The following sometimes gives an easy way to verify that a polynomial in Q[X] is irreducible:
Proposition 2.10 (Eisenstein’s Criterion). Suppose that p is a prime
number, and f (X) = a0 + a1 X + · · · + an X n is a polynomial in Z[X]
of positive degree such that:
(i) p - an ,
(ii) p|a0 , p|a1 , . . . p|an−1 ,
(iii) and p2 - a0 .
Then f is irreducible in Q[X].
Proof. First suppose that f is primitive. By Gauss’s Lemma, it suffices to prove that f is irreducible in Z[X]. So suppose f = gh for
some
g(X) = b0 + b1 X + · · · + bk X k ,
h(X) = c0 + c1 X + · · · + c` X `
in Z[X]. Note that n = k + `, a0 = b0 c0 and an = bk c` .
Now consider the homomorphism φ : Z[X] → (Z/pZ)[X] defined by
φ(d0 + d1 X + · · · + dm X m ) = [d0 ] + [d1 ]X + · · · + [dm ]X m ,
where [d] denotes the residue class of d mod p. By (i) and (ii), we
have φ(f ) = [an ]X n and [an ] 6= [0]. Since φ(f ) = φ(g)φ(h), it follows
from unique factorization in (Z/pZ)[X] (recall Z/pZ is a field) that
φ(g) = [bk ]X k and φ(h) = [c` ]X ` . If k and ` are both positive, then
this implies [b0 ] = [0] and [c0 ] = [0], i.e., p|b0 and p|c0 , so p2 |b0 c0 = a0 ,
contradicting (iii). Therefore k = 0 or ` = 0, and since g and h are
primitive, this implies g or h is a unit in Z[X], so f is irreducible.
14
If f is not primitive, then write f = cf f0 with f0 primitive in Z[X].
Since p - an , we have p - cf , so the coefficients of f0 also satisfy (i),
(ii) and (iii), and we have shown that f0 is therefore irreducible. Since
f = cf f0 and cf is a unit in Q[X], it follows that f is also irreducible.
Example 2.11. The polynomial f (X) = 3X 4 +6X 3 −8X +10 satisfies
Eisenstein’s Criterion with p = 2, and is therefore irreducible in Q[X].
3. Field extensions
Def inition 3.1. A field extension is a homomorphism ι : K → L,
where K and L are fields.
Recall that a homomorphism of fields is necessarily injective, so K is
isomorphic to its image ι(K), which is a subfield of L (i.e., a subring of
L that is a field). In fact in practice, K will often already be a subfield
of L, and ι will be the inclusion map, and we will simply refer to “L
over K” (further abbreviated to L/K) as a field extension, or L as a
field extension of K. Even when ι is not the obvious inclusion map,
we will sometimes identify K with ι(K), and refer to L/K as a field
extension, suppressing ι from the notation when it is clear from the
context or isn’t relevant.
Example 3.2. R is a field extension of Q, and C is a field extension
of R.
Example 3.3. For any field K, the identity map ι : K → K defines a
field extension. However there may be other homomorphisms from K
to itself; for example φ : C → C defined by φ(z) = z is different from
the identity map C → C, so these are different ways of obtaining C as a
field extension of itself. Galois theory is concerned with automorphisms
of fields; i.e., isomorphisms from a field to itself, and it will sometimes
be important to keep track of the particular map ι by which a field L
is viewed as an extension of another (or even the same) field K.
If ι : K → L is a field extension, then we make L a vector space over
K by defining the scalar multiplication of K on L by the formula:
a · b = ι(a)b.
Recall that L, being a ring, is already assumed to be an abelian group
under addition, but we must check the other vector space axioms are
satisfied; this is left as an exercise.
Def inition 3.4. For a field extension ι : K → L, we define the degree
of L over K to be dimK L; i.e., the dimension of L as a vector space
over K. We say the field extension is finite or infinite according to
whether its degree is finite or infinite. We denote the degree of L over
K by [L : K], writing [L : K] = ∞ if the degree is infinite; we will also
GALOIS THEORY
15
write [L : K] < ∞ to mean the degree is finite. (Recall that a vector
space V over a field K has infinite dimension if there is no finite basis
for V over K, or equivalently no finite subset of V spans V over K)
Remark 3.5. The degree may depend on the homomorphism ι, so
we should include it in the notation by writing, for example, [L : K]ι .
However ι will usually be clear from the context and omitted from the
notation. In any case, we always have that the degree of L over K
is the same as the same as the degree of L over ι(K), where the field
extension L/ι(K) is given by the inclusion of ι(K) as a subfield of L.
Example 3.6. We have [C : R] = 2 since {1, i} is a basis for C over
R (since every complex number can be written uniquely as a + bi with
a, b ∈ R).
Example 3.7. We have [R : Q] = ∞ since R has infinite dimension
as a vector space over Q. There are various ways to see this; for
example, any finite-dimensional vector space over Q is countable, but
R is uncountable.
Recall that if K is a field and f is an irreducible polynomial in K[X],
then K[X]/(f ) is field (by Prop. 1.45). Since the inclusion K → K[X]
is a ring homomorphism, as is the “quotient map” K[X] → K[X]/(f )
sending g to [g] = g + (f ), so is their composite ι : K → K[X]/(f ),
making K[X]/(f ) a field extension of K. The following fact about its
degree will be useful later in computing degrees of field extensions.
Proposition 3.8. Let K be a field, and let f be an irreducible polynomial in K[X]. Then the degree of K[X]/(f ) over K is the same as the
degree of the polynomial f .
Proof. Let d be the degree of f . We will show that the subset
S = { [1], [X], . . . , [X]d−1 } ⊂ K[X]/(f )
is a basis for K[X]/(f ) as a vector space over K
We first prove that S is linearly independent over K. We must prove
that if
ι(a0 ) + ι(a1 )[X] + · · · + ι(ad−1 )[X]d−1 = [0],
a0 , a1 , . . . , ad−1 ∈ K,
then a0 = a1 = · · · = 0. But note that
ι(a0 ) + ι(a1 )[X] + · · · + ι(ad−1 )[X]d−1 = [a0 ] + [a1 ][X] + · · · + [ad−1 ][X]d−1
= [a0 + a1 X + · · · + ad−1 X d−1 ],
and for this to be [0] means that a0 + a1 X + · · · + ad−1 X d−1 is in the
ideal (f ). Since this polynomial has degree at most d − 1, and f has
degree d, this implies that a0 = a1 = · · · = ad−1 = 0.
Now we prove that S spans K[X]/(f ) over K. Suppose that [g] ∈
K[X]/(f ) (so g ∈ K[X]). We must show that
[g] = ι(a0 ) + ι(a1 )[X] + · · · + ι(ad−1 )[X]d−1
16
for some a0 , a1 , . . . , ad−1 ∈ K. By the Division Algorithm, we have g =
qf +r for some q, r ∈ K[X] with deg r < d. Note that g −r = qf ∈ (f ),
so [g] = [r]. Writing r = a0 + a1 X + · · · + ad−1 X d−1 , we have
[r] = [a0 ]+[a1 ][X]+· · ·+[ad−1 ][X]d−1 = ι(a0 )+ι(a1 )[X]+· · ·+ι(ad−1 )[X]d−1 ,
so [g] = [r] is in the span of S over K.
We have now shown that S is a basis; since it has d elements, it
follows that K[X]/(f ) has dimension d over K.
We introduce some notation before giving an example. Recall that
if R is a subring of a ring S, and α ∈ S, then there is a homomorphism
R[X] → S defined by evaluation at α. We will denote it by φα , so
φα (f ) = f (α) for f ∈ R[X]. The image of φα is a subring of S,
which we will denote by R[α]. It is easy to see that it is the smallest
subring of S that contains R and α: it obviously contains R (the value
of the constant polynomial r being r) and α (the value of X), and
if T is any
of S containing R and α,Pthen T also contains
Pn subring
i
f (α) = i=0 ri α for any polynomial f (X) = ni=0 ri X i ∈ R[X]. We
call R[α] the subring of S generated over R by α. More generally for
any α1 , . . . , αn , we similarly define R[α1 , . . . , αn ], called the subring of
S generated over R by α1 , . . . , αn , to be the image of R[X1 , . . . , Xn ]
under the map sending f to f (α1 , . . . , αn ).
√
Example 3.9. Let K = Q, L = R, and α = 4 2. Then Q[α] is the
image of the homomorphism φα : Q[X] → R defined by φα (g) = g(α).
The polynomial f (X) = X 4 − 2 is evidently in the kernel of φα , so
ker(φα ) is an ideal of Q[X] containing (f ). Since f is irreducible (for
example by Eisenstein’s Criterion), the only ideals containing (f ) are
(f ) itself and Q[X], but 1 6∈ ker(φα ), so we must have ker(φα ) =
(f ). The Isomorphism Theorem therefore implies that Q[X]/(f ) is
isomorphic to Q[α]. The isomorphism is an isomorphism of Q-vector
spaces since ι(a)[g] = [ag] is sent to ag(α) for all a ∈ Q, g ∈ Q[X].
Therefore Q[X]/(f ) and Q[α] have the same dimension as vector spaces
over Q, i.e., the same degree as field extensions of Q, which is 4 by
Prop. 3.8. Recall that the proof of the proposition actually gives a
basis for Q[X]/(f ), namely {[1], [X], [X 2 ], [X 3 ]}. The image of this set
under the isomorphism, namely {1, α, α2 , α3 }, is therefore a basis for
Q[α] over Q. This shows that every element of Q[α] can be written
(uniquely) in the form
a0 + a1 α + a2 α 2 + a3 α 3 ,
with a0 , a1 , a2 , a3 ∈ Q.
(It’s not hard to see more directly that every element of Q[α] can be
written this way, by using that α4k+i = 2k αi for k ≥ 0, 0 ≤ i ≤ 3.)
We also have the following property of degrees if field extensions:
GALOIS THEORY
17
Theorem 3.10 (Tower Law). If ι : K → L and η : L → M are field
extensions, then so is η ◦ ι : K → M , and
[M : K] = [M : L][L : K].
(The formula is valid with the obvious interpretation if any of the degrees are infinite.)
Proof. To see that η ◦ ι : K → M is a field extension, just note that
since ι and η are homomorphisms, so is η ◦ ι.
For the statement about degrees, we can replace K with η(ι(K)) and
L with η(L), and so assume that K and L are subfields of M .
We first show that if [M : K] is finite, then so are [M : L] and
[L : K]. For [M : K] to be finite means that M is finite-dimensional as
a vector space over K. Since L is a subspace of M (as a vector space
over K), it must also be finite-dimensional over K, so [L : K] < ∞.
Since M is finite-dimensional over K, it is spanned over K by a finite
subset. Any subset which spans M over K certainly spans M over L,
so we also conclude that [M : L] < ∞. Therefore if either [M : L] or
[L : K] is infinite, then so is [M : K], and the formula holds. We may
therefore assume from now on that [M : L] and [L : K] are finite.
Let [L : K] = m and [M : L] = n, and choose bases {b1 , . . . , bm } for
L over K, and {c1 , . . . , cn } for M over L. We claim that
B = { bi cj | i = 1, . . . , m, j = 1, . . . , n }
is a basis for M over K.
We first show that B is linear independent. We must show that if
aij ∈ K for i = 1, . . . , m, j = 1, . . . , n are such that
X
aij (bi cj ) = 0,
i,j
then aij = 0 for all i = 1, . . . , m, j = 1, . . . , n. Rewriting the sum as a
linear combination of the cj with coefficients in L gives
!
n
m
X
X
aij bi cj = 0,
j=1
i=1
so the fact that {c1 , . . . , cn } is linear independent over L implies that
P
m
i=1 aij bi = 0 for j = 1, . . . , n. Since {b1 , . . . , bm } is linearly independent over K, it follows that aij = 0 for i = 1, . . . , m, j = 1, . . . , n, as
required.
Now we show that B spans M over K. Suppose r ∈ M . Since
{c1 , . . . , cn } spans M over L, we have
r=
n
X
j=1
s j cj
18
for some s1P
, . . . , sn ∈ L. Since {b1 , . . . , bm } spans L over K, we can
write sj as m
i=1 aij bi for some aij ∈ K, i = 1, . . . , m. It follows that
X
r=
aij (bi cj ),
i,j
so B spans M over K.
Since B has mn elements, we have shown that
[M : K] = mn = [L : K][M : L].
√
√
Example 3.11. Let K = Q, L = Q[ 2] and M = Q[ 4 2]. We have
seen that [M : Q] = 4, and a similar argument shows that [L : Q] = 2.
Therefore the Tower Law implies that [M : L] = 2.
We now give another general construction of a ring containing a given
ring R. We assume that R is an integral domain, and we will define its
field of fractions. We start by defining an equivalence relation on the
set
R × (R − {0R }) = { (r, s) | r, s ∈ R, s 6= 0R }
as follows: (r, s) ∼ (r0 , s0 ) if rs0 = sr0 . We leave it as an exercise
to check that this is in fact an equivalence relation. We denote the
r
equivalence class of (r, s) by r/s, or , so
s
0 0
0 0
r/s = { (r , s ) | r , s ∈ R, s0 6= 0R , rs0 = sr0 }.
We then define Frac(R) to be the set of equivalence classes under this
equivalence relation, so
Frac(R) = { r/s | r, s ∈ R, s 6= 0R }.
Now we define operations on Frac(R) by the formulas:
r
t
ru + st
r
t
rt
+ =
,
× = .
s u
su
s u
su
Note that su 6= 0R since s 6= 0R , u 6= 0R and R is an integral domain. However we must check that the operations are well-defined,
i.e., if we choose a different pair (r0 , s0 ) (resp. (t0 , u0 )) to represent the
equivalence class of (r, s) (resp. (t, u)), then this doesn’t change the
resulting equivalence class on the right-hand side of the formula defining each operation; i.e., if (r, s) ∼ (r0 , s0 ) and (t, u) ∼ (t0 , u0 ), then
(ru + st, su) ∼ (r0 u0 + s0 t0 , s0 u0 ) and (rt, su) ∼ (r0 t0 , s0 u0 ). We also
leave this as an exercise. Finally we claim that these operations make
Frac(R) a ring; i.e., the ring axioms are satisfied—more exercise.
In fact, Frac(R) is a field. For this we need to check that every nonzero element of Frac(R) has a multiplicative inverse, and that 0Frac(R) 6=
1Frac(R) . For the latter, as part of the verification of the ring axioms,
we get that 0Frac(R) = 0R /1R and 1Frac(R) = 1R /1R , and these are
different since 0R 6= 1R (recall we assumed R was an integral domain).
GALOIS THEORY
19
For the former, suppose r/s ∈ Frac(R) and r/s 6= 0Frac(R) . Since
0Frac(R) = 0R /1R , this just means r 6= 0R . Therefore s/r ∈ Frac(R),
and we see that
(r/s) × (s/r) = rs/rs = 1R /1R = 1Frac(R) ,
so s/r is the multiplicative of r/s.
We can identify R with a subset of Frac(R) by identifying r with
r/1R (note that r/1R = s/1R if and only if r = s), and it is immediate
from the definitions that this identification is compatible with the ring
operations (and identity element), so we may view R as a subring of
Frac(R). We call Frac(R) the field of fractions (or fraction field) of
R. It is the smallest field that contains R, in the following sense: if
R is a subring of a field K, then the inclusion of R in K extends to
an inclusion of Frac(R) into K. (If s 6= 0R , then s 6= 0K , so s has a
multiplicative inverse s−1 in K, and we identify r/s with rs−1 .) Note
that if R is a subring of S, and both are integral domains, then R is a
subring of Frac(S), which is a field, so Frac(R) is a subfield of Frac(S),
i.e., Frac(S) is a field extension of Frac(R).
Example 3.12. If R = Z, then Frac(R) = Q.
Example 3.13. If R is a field, then Frac(R) = R.
Example 3.14. If K is a field, and R = K[X], then Frac(R) is denoted K(X), and is called the field of rational functions over K (in the
variable X). Thus
K(X) = { f /g | f, g ∈ K[X], g 6= 0 }
with the usual operations of addition and multiplication. More generally, we denote Frac(K[X1 , . . . , Xn ]) by K(X1 , . . . , Xn ).
Example 3.15. Recall that if K is a subfield of L, and α ∈ L, then
we defined a subring K[α] of L. Now we define K(α) = Frac(K[α]); by
construction, it is the smallest subfield of L containing K and α. We
call√it the subfield
of L generated
over K by α. For example, we have
√
√
4
4
4
Q( 2) = Q[ 2] since Q[ 2] is already a field. On the other hand,
we’ll see later that, for example, Q(π) strictly contains Q[π].
4. Algebraicity
Def inition 4.1. Suppose that L is a field extension of K, and α ∈
L. We say that α is algebraic over K if f (α) = 0 for some non-zero
polynomial f ∈ K[X]. If α is not algebraic over K, then we say α is
transcendental over K. We say that L is algebraic over K (or that L is
an algebraic extension of K) if every element of L is algebraic over K.
√
√
Example 4.2. The element 4 2 of R is algebraic over Q since f ( 4 2) =
0 if f (X) = X 4 −2. On the other hand π is not algebraic over Q (though
this isn’t easy to prove).
20
Remark 4.3. In the above definition of algebraicity, we assumed that
K was a subfield of L; i.e., the map K → L is the inclusion of K as a
subset of L. For a general field extension ι : K → L, we say that an
element α of L is algebraic over K if it is algebraic over ι(K).
We have the following useful general fact:
Proposition 4.4. If the field extension L is finite over K, then L is
algebraic over K.
Proof. Let d = [L : K]. Suppose that α ∈ L. Then there must be
a dependence relation among the d + 1 elements: 1, α, α2 , . . . , αd , i.e.,
there exist a0 , a1 , . . . , ad ∈ K, not all zero, such that
a0 + a1 α + · · · + ad αd = 0.
Letting f (X) =
d
X
an X n , we have f (α) = 0. Therefore α is algebraic
n=0
over K.
Recall that for α ∈ L, a field extension of K, we have the evaluation
homomorphism:
φα : K[X] → L
defined by φα (f ) = f (α). We will use it to obtain the following characterization of whether or not α is algebraic over K:
Theorem 4.5. Suppose that L is a field extension of K, and α ∈ L.
(i) If α is algebraic over K, then there is a unique monic irreducible f ∈ K[X] such that f (α) = 0. Moreover the following
hold:
(a) If g ∈ K[X], then g(α) = 0 if and only if g is divisible by
f in K[X].
(b) φα induces an isomorphism K[X]/(f ) → K[α].
(c) K[α] is a field, so K[α] = K(α), and [K(α) : K] = deg f .
(ii) If α is transcendental over K, then φα defines an isomorphism
K[X] → K[α], so K[α] is not a field, and [K(α) : K] = ∞.
Proof. Note that g is in the kernel of φα if and only if φα (g) = g(α) =
0, so α is algebraic over K if and only if there is a non-zero element of
ker(φα ).
Suppose first that α is algebraic over K, so ker(φα ) 6= {0}. Since
K[X] is a PID, ker(φα ) = (f ) for a unique monic polynomial f ∈ K[X].
Since the image of φα is K[α], which is an integral domain, f is a prime
element of K[X], and hence is irreducible. We now immediately have
(a), since
g(α) = 0
⇔
g ∈ ker(φα )
⇔
g ∈ (f )
⇔
f |g.
The uniqueness of f is also immediate, since if f |g and g is also monic
irreducible, then in fact f = g. Since K[α] is defined as the image of
GALOIS THEORY
21
φα , part (b) follows from the Isomorphism Theorem. Finally, since f
is irreducible, K[X]/(f ) is a field, and by Prop. 3.8, its degree over K
is the same as the degree of f . It follows that the same holds for K[α],
as it is isomorphic to K[X]/(f ) (as a ring, and as a vector space over
K).
Now suppose that α is transcendental over K. In this case ker(φα ) =
{0}, so the Isomorphism Theorem implies that φα defines an isomorphism K[X] → K[α]. Since K[X] is not a field, neither is K[α]. Since
K(α) is not algebraic over K (since it contains α for example), it follows from Prop. 4.4 that [K(α) : K] is infinite.
Def inition 4.6. If L is a field extension of K, and α ∈ L is algebraic
over K, then the unique monic irreducible polynomial f ∈ K[X] such
that f (α) = 0 is called the minimal polynomial of α over K, and is
denoted mα,K .
Note that by part (i)(a) of Theorem 4.5, the minimal polynomial
mα,K is “minimal” in the sense that it has minimal degree among all
non-zero polynomials such that g(α) = 0. Moreover it is the unique
monic polynomial with this property.
√
Example 4.7. The minimal polynomial mα,Q of α = 4 2 over Q is
X 4 − 2. (Recall it is irreducible by Eisenstein’s Criterion.)
Note that if K ⊂ L ⊂ M , and α ∈ M is algebraic over K, then α
is also algebraic over L, but the minimal polynomials mα,K and mα,L
might not be the same. However since mα,K ∈ K[X] ⊂ L[X], part
(i)(a) of Theorem 4.5 implies that mα,K is divisible by mα,L in L[X].
√
√
4
Example 4.8. Let L = Q( 2), M = R and
α
=
2. The minimal
√
2
polynomial
of α over L is f (X)
√ = X − 2. To see this, note that
√
2
α = 2, so f (α) = 0, and 2 ∈ Q(α), so L ⊂ Q(α). Applying the
Tower Law to
Q ⊂ L ⊂ Q(α)
gives [Q(α) : Q] = [Q(α) : L][L : Q]. Since [Q(α) : Q] = 4 (the degree
of mα,Q ), and [L : Q] = 2 (since for example m√2,Q (X) = X 2 − 2), we
have [Q(α) : L] = 2, and therefore mα,L has degree 2. Since f ∈ L[X]
has the correct degree and f (α) = 0, it follows that f = mα,L . To see
explicitly that mα,Q is divisible by mα,L in L[X] in this example, note
that
√
√
X 4 − 2 = (X 2 − 2)(X 2 + 2).
We now give several consequences of Theorem 4.5.
Corollary 4.9. If L is a field extension of K and α ∈ L, then the
following are equivalent:
(i) α is algebraic over K;
(ii) K[α] = K(α);
22
(iii) K(α) is finite over K;
(iv) α ∈ E for some field extension E which is contained in L and
is finite over K.
Proof. The equivalence of (i), (ii) and (iii) is immediate from the
Theorem. If (iii) holds, then we can take E = K(α) to see that (iv)
holds. If (iv) holds, then α ∈ E and E is algebraic over K by Prop. 4.4,
so (iii) holds.
Corollary 4.10. If L is a field extension of K, then the following are
equivalent:
(i) [L : K] < ∞;
(ii) L = K(α1 , α2 , · · · , αn ) for some α1 , α2 , . . . , αn ∈ L, each of
which is algebraic over K.
Proof. Suppose that [L : K] is finite, and let n = [L : K]. Let
α1 , . . . , αn be a basis for L over K, so every element of L can be written
in the form
c1 α 1 + c2 α 2 + · · · + cn α n
for some c1 , c2 , . . . , cn ∈ K. It follows that L ⊂ K(α1 , α2 , . . . , αn ), On
the other hand, since α1 , α2 , . . . , αn ∈ L, we have K(α1 , α2 , . . . , αn ) ⊂
L, and hence the two fields are the same. Since L is finite over K, and
hence algebraic over K, and therefore so are α1 , α2 , . . . , αn .
Suppose on the other hand that L = K(α1 , α2 , · · · , αn ) for some
elements α1 , α2 , . . . , αn of L, each of which is algebraic over K. We
will prove by induction on n that [L : K] is finite.
If n = 1, then the algebraicity of α1 over K implies that L = K(α1 )
is finite over K.
Suppose that n ≥ 1 and the claim holds for n; i.e., if α1 , α2 , . . . , αn
are algebraic over K, then K(α1 , α2 , . . . , αn ) is finite over K. Suppose
that L = K(α1 , α2 , . . . , αn , αn+1 ) for some α1 , α2 , . . . , αn , αn+1 ∈ L,
each of which is algebraic over K. Let E = K(α1 , α2 , . . . , αn ). By the
induction hypothesis, E is finite over K. Since αn+1 is algebraic over
K, it is also algebraic over E, so L = E(αn+1 ) is finite over E. The
Tower Law therefore implies that L is finite over K, so the claim holds
for n + 1.
Corollary 4.11. Suppose that L is a field extension of K, and α and
β are elements of L which are algebraic over K. Then α + β and αβ
are also algebraic over K, and if α 6= 0, then α−1 is also algebraic over
K.
Proof. Since α and β are algebraic over K, Corollary 4.10 shows that
K(α, β) is finite over K, and hence algebraic over K. Since α + β, αβ
and α−1 (if α 6= 0) are elements of K(α, β), they are algebraic over
K.
GALOIS THEORY
23
√
Example 4.12. Since the elements
√2 and i of C are algebraic over
√
2. It is easy to write down a
Q, so are, for example, i + 2 and i √
non-zero polynomial in Q[X] that has i 2 as a root: X 2 + 2, which is
clearly
irreducible in Q[X] and is therefore the minimal polynomial of
√
i 2 over Q.
√
To find a non-zero polynomial in Q[X] that has α = i+ 2 as a root,
we could proceed by ad hoc methods to find a dependence√relation
among√the powers of α. We first compute that α2 = −1 + 2i 2 + 2 =
1 + 2i 2, so (α2 − 1)2 = −8, which implies that setting
f (X) = (X 2 − 1)2 + 8 = X 4 − 2X 2 + 9
gives f (α) = 0. To prove that f is the minimal polynomial of α over
Q, we could try to show that f is irreducible, or that [Q(α) : Q] = 4. If
we try to show f is irreducible, we can quickly rule out it having linear
factors, but this isn’t enough, since f could still factor as a product
of two irreducible quadratic factors. It also fails to satisfy Eisenstein’s
Criterion for any prime, so let’s change tack and try to
√ prove instead
2
that
√ [Q(α) : Q] = 4. From the equation α = 1 + 2i 2, we see that
i 2 ∈ Q(α), so we have the tower of fields:
√
Q ⊂ Q(i 2) ⊂ Q(α).
√
Since [Q(i 2) : Q] = 2, and [Q(α) : Q] ≤ 4 (as deg f = 4), the Tower
Law shows that either [Q(α)
√ : Q] = 4, or [Q(α) : Q] = 2. If the latter
holds, then Q(α)
= Q(i 2), so to rule it √
out, we just need to show
√
√
of
Q(i
2)
is
of
the
form
a
+
bi
2
that α 6∈ Q(i 2). But every element
√
√
for √
some a, b ∈ √Q, so if α = i + 2 were in Q(i 2), we would have
i + 2 = a + bi 2√for some a, b ∈√Q. Since a and b are real, we would
have to have a = 2 and b = 1/ 2, which contradicts their being in
Q. Therefore [Q(α) : Q] = 4, and f is indeed the minimal polynomial
of α over Q.
The following is immediate from Corollary 4.11:
Corollary 4.13. Suppose that L is a field extension of K. Then the
set
{ α ∈ L | α is algebraic over K }
is a subfield of L.
The subfield in the corollary is called the algebraic closure of K in
L. Note that it contains K, and it is the largest subfield of L which is
algebraic over K.
Example 4.14. The algebraic closure of Q in C:
A = { α ∈ C | α is algebraic over Q }
is called the field of algebraic numbers. Note that A is algebraic
over
√
Q, but is not finite over Q (since for example A contains Q( n 2) for all
24
√
n ≥ 1, and Q( n 2) has degree n over Q, and so A must have degree
at least n). We saw that every finite extension is algebraic, but this
example shows that the converse is false.
We now introduce the notion of a splitting field of a polynomial.
Def inition 4.15. Suppose that L is a field extension of K, and that
f ∈ K[X]. We say that f splits completely over L if there exist
c, α1 , α2 , . . . , αn ∈ L such that
f (X) = c(X − α1 )(X − α2 ) · · · (X − αn )
in L[X]. If moreover L = K(α1 , α2 , . . . , αn ), then we call L a splitting
field of f (over K).*
2
Example 4.16. The polynomial f (X)
√ = X −√2 ∈ Q[X] splits com2
pletely over R, since X − 2 = (X − 2)(X + 2) in R[X], but R is
not a splitting field of f over Q. (Note that a splitting field over K of
a polynomial in K[X] √
is always
√ a finite extension of K.) The
√ splitting
field of f over Q is Q( 2, − 2), which is the same as Q( 2).
Example 4.17. Consider the polynomial f (X) = X 4 − X 2 − 2. Note
that f is √
not irreducible since it factors as (X 2 + 1)(X 2 − 2). We see
that Q(i, 2) is a splitting field of f since
√
√
(X 2 + 1)(X 2 − 2) = (X − i)(X + i)(X − 2)(X + 2)
√
√
splits completely over Q(i, 2), and Q(i, 2) is generated over Q by
the roots of f .
Example 4.18. Consider
the polynomial f (X) = X 4 −2 ∈ Q[X]. The
√
4
polynomial has α = 2 as a root, and we find that f factors as
(X − α)(X 3 + αX 2 + α2 X + α3 )
as polynomials in Q(α)[X]. To decide if f splits completely over Q(α),
we need to determine whether the other roots of f are in Q(α). But
the other roots of f are iα, −α, −iα (so that
f (X) = (X − α)(X − iα)(X + α)(X + iα))
and of these only −α is in Q(α). For a splitting field of f , we can
take L = Q(α, iα, −α, −iα), and this is the same as Q(α, i): since
±iα ∈ Q(α, i), we have L ⊂ Q(α, i), and since i = iα/α ∈ L, we have
Q(α, i) ⊂ L.
Example 4.19. The Fundamental Theorem of Algebra (which we
won’t prove) states that every non-constant polynomial in C[X] has
a root in C, from which it follows, by induction on the degree, that
every polynomial in C[X] splits completely over C.
*We
view a constant polynomial f (X) = c as splitting completely by taking
n = 0, and its splitting field is K itself.
GALOIS THEORY
25
Finally we prove that every polynomial has a splitting field.
Proposition 4.20. Let K be a field, and f ∈ K[X]. Then there exists
a field extension L of K which is a splitting field of f .
Proof. It suffices to prove that there is a field M over which f splits
completely: writing
f (X) = c(X − α1 )(X − α2 ) · · · (X − αn ),
with α1 , α2 , . . . , αn ∈ M , we obtain a splitting field for f as L =
K(α1 , α2 , . . . , αn ).
We prove the existence of M by induction on the degree of f . There
is nothing to prove if f = c, so we may assume n = deg f ≥ 1. If n = 1,
then f (X) = a0 + a1 X with a1 6= 0, so f (X) = c(X − α) with c = a1
and α = −a0 /a1 , so f splits completely over K, and K = K(α) is a
splitting field of f .
Suppose now that n ≥ 1, and the assertion holds for polynomials of
degree n (i.e., for every polynomial of degree n over any field, there
is a field extension over which it splits completely), and let f be a
polynomial of degree n + 1. Let g be any irreducible factor of f , so
f = gh for some g, h ∈ K[X] with g irreducible. Let E = K[X]/(g),
a field extension of K since g is irreducible. Let α denote the element
[X] = X + (g) ∈ E. Writing g(X) = a0 + a1 X + · · · + am X m , we have
g(α) = g([X]) = a0 + a1 [X] + · · · + am [X]m
= [a0 + a1 X + · · · + am X m ] = [g(X)],
which is [0] since g ∈ (g). Therefore α is a root of g in E, so g factors
as (X − α)g0 for some g0 ∈ E[X]. Therefore f = gh = (X − α)g0 h =
(X −α)f0 where f0 = g0 h ∈ E[X]. Since f0 has degree n, the induction
hypothesis says that there is a field extension M of E over which f0
splits completely; i.e.,
f0 (X) = c(X − α1 )(X − α2 ) · · · (X − αn )
for some c, α1 , α2 , . . . , αn ∈ M . It follows that
f (X) = c(X − α)(X − α1 )(X − α2 ) · · · (X − αn )
splits completely over M .
5. Field embeddings
Def inition 5.1. Let K be a field, and L1 and L2 be two field extensions
of K. A K-embedding (from L1 to L2 ) is a homomorphism σ : L1 → L2
such that σ(r) = r for all r ∈ K. We say that σ is a K-isomorphism
if, in addition, σ is an isomorphism. (Recall that a homomorphism of
fields is always injective, so it is an isomorphism if it is also surjective.)
Example 5.2. If L is any field of characteristic zero, then there is a
unique homomorphism Q → L (extending the characteristic homomorphism of Example 1.18), allowing us to view L as an extension of Q. If
26
L1 and L2 are any two such fields, then any homomorphism σ : L1 → L2
satisfies σ(r) = r for all r ∈ Q, and is therefore a Q-embedding, and
we will usually just say “embedding” in this context.
Example 5.3. Let K = Q(i) and L1 = L2 = C, and let σ : C → C be
complex conjugation, so σ(x + iy) = x − iy for x, y ∈ R. Then σ is a
Q-embedding, in fact an R-embedding, but it is not a Q(i)-embedding
since σ does not restrict to the identity map on Q(i) (for example,
σ(i) = −i).
Remark 5.4. Recall that in the definition of a field extension (Definition 3.1), we didn’t assume that the map ι : K → L was the identity
on K, but we usually identified K with the subfield ι(K) of L. We
even did this implicitly in the definition above of a field extension. If
we are given two field extensions of K in the sense of Definition 3.1, say
ι1 : K → L1 and ι2 : K → L2 , then a K-embedding is a homomorphism
σ : L1 → L2 such that σ(ι1 (r)) = ι2 (r) for all r ∈ K; i.e., σ ◦ ι1 = ι2 .
We will see a lot more examples of K-embeddings later, after some
preparation that will give us a general way to construct them.
Recall from the exercises that if σ : R → S is any ring homomorphism, then we get a ring homomorphism σ̃ : R[X] → S[X] defined by
applying σ to the coefficients of polynomials, so:
σ̃(r0 + r1 X + · · · + rd X d ) = σ(r0 ) + σ(r1 )X + · · · + σ(rd )X d .
P
Note that for α ∈ R and f (X) = dn=0 rn X n ∈ R[X], the value of σ̃(f )
at σ(α) ∈ S is:
!
d
d
X
X
(σ̃(f ))(σ(α)) =
σ(rn )σ(α)n = σ
rn αn = σ(f (α)).
n=0
n=0
In particular, if α is a root of f (i.e., f (α) = 0), then σ(α) is a root
of σ̃(f ). Moreover if σ is injective, as is the case if R and S are fields,
then the converse holds: if (σ̃(f ))(σ(α) = σ(f (α)) = 0, then f (α) = 0.
Note that if R and S are fields and σ̃(f ) is irreducible, then so is f .
(Proof: if f = gh, then σ̃(f ) = σ̃(g)σ̃(h) implies that one of σ̃(g) or
σ̃(h) has degree 0; since σ̃ preserves degrees, it follows that one of g or
h has degree 0.) Furthermore if σ is an isomorphism, then so is σ̃, so if
f is irreducible, then so is σ̃(f ). We summarize the above observations
in the case where σ is a homomorphism of fields:
Lemma 5.5. Suppose that σ : K → L is a homomorphism of fields,
f ∈ K[X] and α ∈ K.
(i) α is a root of f if and only if σ(α) is a root of σ̃(f ).
(ii) If σ̃(f ) is irreducible, then f is irreducible.
(iii) If σ is an isomorphism, then f is irreducible if and only if σ̃(f )
is irreducible.
GALOIS THEORY
27
The following will be useful for constructing and keeping track of
field embeddings:
Theorem 5.6 (Artin’s Extension Theorem). Let σ : K1 → K2 be an
isomorphism of fields, L1 a field extension of K1 , L2 a field of extension
of K2 and f ∈ K1 [X] an irreducible polynomial. Suppose that α ∈ L1
is a root of f , and β ∈ L2 is a root of σ̃(f ) in L2 . Then there exists a
unique isomorphism of fields
τ : K1 (α) → K2 (β),
such that τ (α) = β and τ (r) = σ(r) for all r ∈ K1 . Moreover τ defines
an isomorphism from K1 (α) to K2 (β).
Proof. We are given an isomorphism from K1 to K2 that we want to
extend to an isomorphism from K1 (α) to K2 (β), as summarized by the
following diagram:
L1
∪
L2
∪
?
K1 (α) −−→ K2 (β)
∪
∪
∼
K1
−−−−→ K2 .
We will do this via the isomorphisms of K1 (α) and K2 (β) with quotients
of polynomial rings. Recall from Theorem 4.5 that f must be the minimal polynomial of α, and the evaluation homomorphism φα : K1 [X] →
L1 induces an isomorphism K1 [X]/(f ) → K1 (α), which we will denote
φ̄α . Similarly, since β is a root of the polynomial σ̃(f ) (irreducible by
Lemma 5.5), we have an isomorphism K2 [X]/(σ̃(f )) → K2 (β). Finally,
note that under the isomorphism σ̃ : K1 [X] → K2 [X], the image of the
ideal (f ) is the ideal (σ̃(f )), so we obtain an isomorphism of the quotient rings: K1 [X]/(f ) → K2 [X]/(σ̃(f )). Now we simply combine this
isomorphism with φ̄β and φ̄−1
α to obtain the isomorphism τ :
K1 (α) −→ K1 [X]/(f ) −→ K2 [X]/(σ̃(f )) −→
K2 (β)
g(α) ←→
[g]
←→
[σ̃(g)]
←→ (σ̃(g))(β),
where the description of the maps in the second row (for g ∈ K1 [X])
follows directly from the definitions of the isomorphisms.
To see that τ has the desired properties, first note that if r ∈ K1 ,
then taking the constant polynomial g = r gives τ (r) = σ̃(r) = σ(r).
To see that τ (α) = β, take the polynomial g(X) = X, so that g(α) = α
and (σ̃(g))(β) = β (since (σ̃(g))X = X).
To see that τ is the unique homomorphism with these properties,
recall that every element of K1 (α) is of the form g(α) for some polynomial g ∈ K1 [X]. So if τ 0 : K1 (α) → L2 is such that τ 0 (α) = β and
τ 0 (r) = σ(r) for all r ∈ K1 , then τ̃ 0 (g) = σ̃(g), so
τ 0 (g(α)) = (τ̃ 0 (g))(τ 0 (α)) = (σ̃(g))(β),
28
and hence τ 0 must be the same as the map τ defined above.
Finally, we see from the construction of τ that it defines an isomorphism from K1 (α) to K2 (β).
Applying the theorem in the case where K1 = K2 and σ is the
identity map, the condition that τ (r) = r for r ∈ K1 means that τ is a
K1 -embedding K1 (α) → L2 . More generally, for any σ : K1 → K2 , we
σ
can view L2 as an extension of K1 via the composite K1 → K2 → L2 ,
and again view the conclusion as being about K1 -embeddings K1 (α) →
L2 . Indeed for τ to be a K1 -embedding simply means that τ (r) = σ(r),
for all r ∈ K1 , i.e., τ |K1 = σ (where τ |K1 means the restriction of τ of
K1 ). We will also sometimes say in this case that “τ is an extension of
σ” to K1 (α).
Before giving examples, we state a slight variant as a corollary:
Corollary 5.7. Suppose that K is a field, L1 is a field extension of K
such that L1 = K(α) for some α algebraic over K, and that σ : K → L2
is any field extension. Then the homomorphisms τ : L1 → L2 such that
τ (r) = σ(r) for all r ∈ K (i.e., the K-embeddings τ : L1 → L2 ) are in
bijection with the roots of σ̃(mα,K ) in L2 (where mα,K is the minimal
polynomial of α over K). The bijection is defined by τ ↔ τ (α).
Proof. If τ : L1 → L2 is such that τ (r) = σ(r) for all r ∈ K, then τ (α)
is a root of τ̃ (mα,K ) = σ̃(mα,K ). On the other hand if β is a root of
τ̃ (mα,K ), then we can apply Theorem 5.6 with L1 = K(α), K2 = σ(K)
and f = mα,K to obtain a unique homomorphism τ : L1 → L2 such
that τ (α) = β and τ |K = σ.
√
Example 5.8. Let K = Q and α = 3 2, so mα,Q (X) = X 3 − 2 (which
is irreducible by Eisenstein’s Criterion, for example). Then by Corollary 5.7 the embeddings Q(α) → L2 correspond to roots of X 3 − 2 in
L2 .
If L2 = R, then the only such root is α itself, so there is only one
embedding Q(α) → R, the inclusion map.
Taking L2 = C, the polynomial X 3 − 2 has three roots in C, namely
α, ζα and ζ 2 α where ζ = e2πi/3 . We therefore have three embeddings
Q(α) → C. One of these is the inclusion; the other two can be described
explicitly as τ1 and τ2 , where
τj (r0 + r1 α + r2 α2 ) = r0 + ζ j r1 α + ζ 2j r2 α
for r0 , r1 , r2 ∈ Q.
For another example take L2 = Q. Since X 3 − 2 has no roots in Q,
there are no embeddings Q(α) → Q.
√
Example 5.9. Let K = Q and α = 4 2, so mα,Q (X) = X 4 − 2. Taking
L2 = C, we see there are four embeddings Q(α) → C, corresponding
to the four complex roots ±α, ±iα of X 4 − 2. Call them τ1 , τ2 , τ3 , τ4 ,
GALOIS THEORY
29
where
τ1 (α) = α,
τ2 (α) = −α,
τ3 (α) = iα and τ4 (α) = −iα.
We can describe the effect of any of these embeddings on an arbitrary
element of Q(α) as in the preceding example.
Taking instead L2 = Q(α), we see that X 4 − 2 has two roots in L2 ,
namely ±α. So we have two embeddings from L2 to itself, which are the
isomorphisms obtained from the above embeddings τ1 , τ2 :√
Q(α) → C.
Now return to considering L2 = C, but take K = Q( 2) instead
of Q (and let σ : K → C be the inclusion). Note that K(α) = Q(α)
√
since K ⊂ Q(α). Recall from √
Example 4.18 that mα,K (X) = X 2 − 2
(so also σ̃(mα,K )(X) = X 2 − 2). It has two roots in C, namely ±α,
so there are two K-embeddings Q(α) → C, namely τ1 and τ2 again.
These are the embeddings (i.e., Q-embeddings) whose restriction to K
is the identity. To see this explicitly, note that if τ (α) = ±α, then
√
√
τ ( 2) = τ (α2 ) = τ (α)2 = (±α)2 = α2 = 2,
√
√
√
√
and hence τ (r0 +r1 2) = r0 +r1 2 for all elements
r
+r
2
of
Q(
2).
0
1
√
√
On the other hand, if τ (α) = ±iα, then τ ( 2) = − 2, so τ is not a
K-embedding.
√
Now let’s continue to consider K = Q( √
2) and L2 = C, but instead
of letting σ be the inclusion,√let σ : K = Q( 2) → C be the embedding
corresponding to the root − 2 of the minimal polynomial m√2,Q (X) =
√
√
√
X 2 − 2, so that σ( 2) = − 2. So now σ̃(mα,K )(X) = X 2 + 2, which
has the roots ±iα ∈ C. We √
thus obtain two embeddings Q(α) → C
whose restriction to K = Q( 2) is σ. We see these are precisely the
embeddings τ3 and τ4 defined above.
Recall that [K(α) : K] = deg mα,K if α is algebraic over K. Since
the number of roots in L2 of mα,K is at most its degree, an immediate consequence of Corollary 5.7 is that the number of K-embeddings
K(α) → L is at most [K(α) : K]. We saw in the examples that there
may be fewer embeddings than this (or indeed none). We will use this
observation to obtain the following more general consequence of Artin’s
Extension Theorem:
Corollary 5.10. If K is a field, L1 is a field extension of K such that
[L1 : K] is finite, and σ : K → L2 is a homomorphism of fields, then
there are at most [L1 : K] homomorphisms τ : L1 → L2 such that
τ |K = σ (i.e., K-embeddings L1 → L2 , where L2 is viewed as a field
extension of K via σ).
Proof. We prove this by induction on the degree n = [L1 : K].
If n = 1, then L1 = K (since for example L1 is spanned over K by
1K ), so the only possible τ is σ itself.
Now suppose that n = [L1 : K] > 1 and that the corollary is true
whenever the degree of the finite extension is less than n; i.e., if K 0 is
30
a field, L01 is a field extension of K 0 such that m = [L01 : K 0 ] < n, and
σ 0 : K 0 → L02 is a homomorphism of fields, then there are at most m
homomorphisms τ : L01 → L02 such that τ 0 |K 0 = σ 0 .
Since n > 1, there is an element α of L1 which is not in K. Let
K 0 = L1 (α), and let d = [K 0 : K], so d > 1. By Corollary 5.10, there
are at most d homomorphisms K 0 → L2 whose restriction to K is σ.
Let k be the number of such homomorphisms, so k ≤ d, and call them
σ1 , . . . , σk (if k ≥ 1; note that k might be 0).
Note that if τ : L1 → L2 is a homomorphism whose restriction to K
is σ, then τ |K 0 is a homomorphism from K 0 to L2 whose restriction to
K is σ, so τ |K 0 must be one of the σj . We will therefore consider the
number of possible τ restricting to σj for each j.
Letting m = [L1 : K 0 ], we have m = n/d by the Tower Law. Since
d > 1, m < n, and the induction hypothesis applies with σ 0 = σj to
show that for each j = 1, . . . , k, there are at most m homomorphisms
τ : L1 → L2 such τ |K 0 = σj . It follows that there at most km ≤ dm = n
homomorphisms τ : L1 → L2 whose restriction to K is σ.
Note that the corollary applies when K is a subfield of L2 and σ is
the inclusion map, but the flexibility provided by allowing arbitrary σ
is critical in the induction argument. This is also the case for the next
result, another general consequence of Artin’s Extension Theorem; it
states (in the case where σ is the identity) that any two splitting fields
over K of the same polynomial are K-isomorphic.
Theorem 5.11. Let σ : K1 → K2 be an isomorphism of fields, f
a polynomial in K1 [X], and L1 a splitting field over K1 of f . If L2
is a splitting field over K2 of the polynomial σ̃(f ), then there is an
isomorphism τ : L1 → L2 such that τ |K1 = σ.
Proof. We proceed by induction on n = deg f .
If n = 1, then f splits completely over K1 , so L1 = K1 , and similarly
L2 = K2 , so may take τ = σ.
Now suppose that n > 1 and that the theorem holds if the given
polynomial has degree less than n; i.e., if σ 0 : K10 → K20 is an isomorphism of fields, g is a polynomial in K10 [X] of degree less than n, L01
is a splitting field over K10 of g, and L02 is a splitting field over K20 of
σ̃ 0 (g), then there is an isomorphism from L01 → L02 whose restriction to
K20 is σ 0 .
Since f splits completely over L1 , we may choose a root α of f in L1 .
Since f (α) = 0, we know that f is divisible by mα,K1 in K1 [X], and
it follows that σ̃(f ) is divisible by σ̃(mα,K1 ) in K2 [X], hence in L2 [X].
Since σ̃(f ) splits completely over L2 , we have
σ̃(f ) = c(X − β1 )(X − β2 ) · · · (X − βn )
for some c, β1 , β2 , . . . , βn ∈ L2 . By unique factorization in L2 [X], it
follows that σ̃(mα,K1 ) also splits completely over L2 . In particular
GALOIS THEORY
31
σ̃(mα,K1 ) has a root β ∈ L2 . Now we can apply Artin’s Extension
Theorem to conclude that there is an isomorphism σ 0 : K1 (α) → K2 (β)
such that σ 0 (α) = β and σ 0 |K1 = σ.
Now let K10 = K1 (α) and K20 = K2 (β). Sine α is a root of f in K10 ,
we have f = (X − α)g for some g ∈ K10 [X]. Since f splits completely
over L1 , it follows from unique factorization in L1 [X] that g also splits
completely over L1 . Moreover since L1 is a splitting field for f =
(X − α)g, we have L1 = K1 (α, α1 , . . . , αn−1 ) = K10 (α1 , . . . , αn−1 ) where
α1 , . . . , αn−1 are the (not necessarily distinct) roots of g. Therefore L1
is a splitting field over K10 for g. Note also that
σ̃(f ) = σ̃ 0 (f ) = (X − σ 0 (α))σ̃ 0 (g) = (X − β)σ̃ 0 (g)
in K20 [X], and since L2 is a splitting field over K2 for σ̃(f ), we similarly
deduce that L2 is also a splitting field over K20 for σ̃ 0 (g).
We are now in a position to apply the induction hypothesis. Since
deg g = n − 1, we conclude that there is an isomorphism τ : L1 → L2
whose restriction to K10 is σ 0 . Since the restriction of σ 0 to K1 is σ, it
follows that the restriction of τ to K1 is σ.
6. Separability
Later on, we will be focussing on the situation where L is the splitting
field of a polynomial in K[X] and considering the set of K-isomorphisms
from L to itself (i.e., K-automorphisms of L). By Corollary 5.10 (with
L1 = L2 = L), the number of such isomorphisms is at most [L : K]. We
will mainly be interested in the case where equality holds, i.e., there
are exactly [L : K] such isomorphisms. The reason equality can fail
is that there is a situation in which irreducible polynomials can have
repeated roots. In order to understand this phenomenon, we introduce
the notion of separability.
Def inition 6.1. Let K be a field, and f ∈ K[X] a polynomial of
degree d. We say f is separable if it has d distinct roots in its splitting
field over K, i.e. if
f (X) = c(X − α1 )(X − α2 ) · · · (X − αd )
for some c ∈ K, and distinct elements α1 , α2 , . . . , αd ∈ L. Otherwise
we say f is inseparable.
Note that by Theorem 5.11, any two splitting fields of f over K are
K-isomorphic, so the criterion is independent of the splitting field: if
σ : L → L0 is a K-isomorphism between two splitting fields of f , then
f (X) = σ̃(f )(X) = c(X − σ(α1 ))(X − σ(α2 )) · · · (X − σ(αd ))
has d distinct roots σ(α1 ), σ(α2 ), . . . , σ(αd ) in L0 .
Example 6.2. f (X) = (X − 1)2 is not separable (as a polynomial in
Q[X], or indeed K[X] for any field K) since it has degree 2, but its
only root is 1 (which occurs as a “repeated root”).
32
Example 6.3. f (X) = X 2 − 1 = (X − 1)(X + 1) ∈ K[X] is separable,
as long as 1K 6= −1K , or equivalently, 2K 6= 0K , i.e., the characteristic
of K is not 2.
Def inition 6.4. Let K be a field, L an extension of K, and α ∈ L.
We say α is separable over K if α is algebraic over K and its minimal
polynomial mα,K ∈ K[X] is separable; otherwise we say α is inseparable
over K. We say L is separable over K if every element α ∈ L is separable
over K.
Recall from calculus that a way to determine if the root of a polynomial in R[X] is repeated is to check whether it is also a root of the
derivative of the polynomial: if f (α), then α is a repeated root of f
if and only f 0 (α) = 0. It turns out that, working purely algebraically,
the derivative makes sense for polynomials over any field K, and gives
a useful criterion for determining whether a polynomial in K[X] is
separable.
Def inition 6.5. Suppose that K is a field and f (X) = a0 + a1 X +
· · ·+an X n is a polynomial in K[X]. We define the derivative of f (with
respect to X) to be the polynomial
f 0 (X) = a1 + 2a2 X + · · · + nan X n−1 .
We leave it as an exercise to verify that the derivative satisfies the
familiar formulas from calculus:
Proposition 6.6. If K is a field and f, g ∈ K[X], then
(i) (f + g)0 = f 0 + g 0 ;
(ii) (f g)0 = f 0 g + f g 0 ;
(iii) if h(X) = f (g(X)), then h0 (X) = f 0 (g(X))g 0 (X).
Lemma 6.7. Suppose that f ∈ L[X] and α ∈ L. Then α is a repeated
root of f if and only if f (α) = f 0 (α) = 0.
Proof. We may assume α is a root of f , so (X − α)|f . Write f (X) =
(X − α)m g(X) for some integer m ≥ 1, chosen as large as possible, so
g(α) 6= 0. Then α is a repeated root of f if and only if m > 1.
By Proposition 6.6(iii), the derivative of (X − α)m is m(X − α)m−1 ,
so part (ii) gives:
f 0 (X) = m(X − α)m−1 g(X) + (X − α)m g(X).
So if m = 1, then f 0 (α) = g(α) 6= 0, and if m > 1, then f 0 (α) = 0.
Since f (α) = 0 if and only if f is divisible by X − α, the lemma says
that α is a repeated root of f if and only if both f and f 0 are divisible
by X − α, or equivalently, the gcd of f and f 0 is divisible by X − α.
Since the definition of separability is in terms of the roots of f , not in
K, but a splitting field of f , we need to take care with the notion of
“gcd” and observe that it behaves well when polynomials in K[X] are
GALOIS THEORY
33
viewed as polynomials in L[X] for an extension L of K. Recall that if
f, g ∈ K[X], then the gcd of f and g is the unique monic polynomial
h ∈ K[X] such that the ideal (f, g)K[X] is generated by h. If L is
an extension field of K, then the equality (f, g)K[X] = hK[X] implies
that:
• h is in (f, g)K[X] ⊂ (f, g)L[X], so hL[X] ⊂ (f, g)L[X],
• and f and g are in hK[X] ⊂ hL[X], so (f, g)L[X] ⊂ hL[X].
Therefore (f, g)L[X] = hL[X], so h is also the gcd of f and g viewed
as polynomials in L[X]. We will therefore write gcd(f, g) without reference to the field K.
Proposition 6.8. Suppose K is a field and f is a non-zero polynomial
in K[X]. Then:
(i) f is separable if and only if gcd(f, f 0 ) = 1.
(ii) If L is an extension field of K, then f is separable as a polynomial in K[X] if and only if f is separable as a polynomial
in L[X].
(iii) If f is irreducible in K[X], then f is separable if and only if
f 0 6= 0.
(iv) If f is irreducible in K[X] and K has characteristic 0, then f
is separable.
Proof. (i) Let h = gcd(f, f 0 ), and let L be a splitting field of f over
K. Since h|f and f splits completely over L, it follows that h splits
completely over L. Therefore
h 6= 1 ⇔ h has a root in L
⇔ f has a repeated root in L
⇔ f is inseparable
(where the second equivalence is by Lemma 6.7).
(ii) is immediate from (i) since the condition gcd(f, f 0 ) = 1 does not
depend on L.
(iii) Suppose that f is irreducible and inseparable, and let h =
gcd(f, f 0 ). Since h is a monic polynomial dividing f , and f is irreducible, we must have either h = 1 or h = f , so by (i), we have
h = f , and therefore f |f 0 . But by the definition of f 0 , we have
deg(f 0 ) < deg(f ), so f 0 = 0.
(iv) Suppose that K has characteristic 0 and f is irreducible, and let
n = deg(f ). Then n > 0, and f 0 has degree n − 1 since the coefficient
of X n−1 is nan 6= 0. Therefore f 0 6= 0 and it follows from (iii) that f is
separable.
Corollary 6.9. If K is a field of characteristic 0, then every algebraic
field extension of K is separable over K.
Proof. If L is an algebraic extension of K and α ∈ L, then α is
algebraic over K. Its minimal polynomial mα,K is irreducible in K[X],
34
and hence separable by Proposition 6.8(iv). Therefore every element
α ∈ L is separable over K, so L is separable over K.
Example 6.10. From the corollary, we see that to find an example
of an inseparable algebraic extension, we need to work with fields of
characteristic p. One of the exercises shows that if K is a field of
characteristic p (for example K = Z/pZ) and L = K(Y ) is the field
of rational functions over K in the variable Y , then the polynomial
X p − Y ∈ L[X] is irreducible and inseparable. Now let M = K(Z) be
the field of rational functions in the variable Z, define ι : L → M by
ι(Y ) = Z p , and identify L with the subfield ι(L) = K(Z p ) of M . Then
M = L(α), where α = Z has minimal polynomial X p − Y over L, so
α, and hence M , are inseparable over L.
We now give equivalent conditions for a finite extension to be separable.
Theorem 6.11. Suppose that σ : K1 → K2 is a homomorphism of
fields and L1 is a finite extension of K1 . Then the following are equivalent:
(i) L1 is separable over K1 .
(ii) L1 = K1 (α1 , α2 , . . . , αm ) for some α1 , α2 , . . . , αm ∈ L1 , each of
which is separable over K1 .
(iii) L1 = K1 (α1 , α2 , . . . , αm ) for some α1 , α2 , . . . , αm ∈ L1 with α1
separable over K1 and αi separable over K1 (α1 , α2 , . . . , αi−1 )
for i = 2, . . . , m.
(iv) There is an extension L2 of K2 such that there are [L1 : K1 ]
distinct homomorphisms τ : L1 → L2 whose restriction to K1
is σ.
Proof. We will prove (i) ⇒ (ii) ⇒ (iii) ⇒ (iv) ⇒ (i).
(i) ⇒ (ii): Since L1 is finite over K1 , we have L1 = K1 (α1 , α2 , . . . , αm )
for some α1 , α2 , . . . , αm ∈ L1 . If L1 is separable over K1 , then each αi
is separable over K1 .
(ii) ⇒ (iii): It suffices to prove that if αi is separable over K1 , then
it is separable over E = K1 (α1 , α2 , . . . , αi−1 ). For αi to be separable
over K1 means that mαi ,K is separable. Since mαi ,E divides mαi ,K1 (in
E[X]), it follows that mαi ,E is also separable (by an exercise), so αi is
separable over E.
(iii) ⇒ (iv): We will prove this by induction on m.
Suppose first that m = 1, so L = K1 (α) for some α = α1 ∈ L1 .
Let f = mα,K1 , and let L2 be a splitting field over K2 for σ̃(f ). Since
f is separable, so is σ̃(f ), so σ̃(f ) has d distinct roots in L2 , where
d = deg σ̃(f ) = deg f = [L1 : K1 ]. By Corollary 5.7, we have d distinct
τ : L1 → L2 such that τ |K1 = σ, as required.
Now suppose that m > 1 and the implication (iii) ⇒ (iv) holds
with m replaced by m − 1. So letting K10 = K1 (α1 , α2 , . . . , αm−1 )
GALOIS THEORY
35
and e = [K10 : K1 ], there is an extension K20 of K2 with e distinct
homomorphisms σ1 , σ2 , . . . , σe : K10 → K20 such that σi |K1 = σ for
i = 1, . . . , e.
Now L1 = K10 (α) where α = αm is separable over K10 . Then f =
mα,K10 is a separable polynomial of degree d = [L1 : K10 ] in K10 [X], and
therefore so are the polynomials σ̃i (f ) ∈ K20 [X] for i = 1, . . . , e. Now
let L2 be the splitting field over K20 of σ̃1 (f )σ̃2 (f ) · · · σ̃e (f ). Then each
σ̃i (f ), being separable of degree d, has d distinct roots in L2 . Therefore
by Corollary 5.7, there are d distinct homomorphisms τ : L1 → L2 such
that τ |K10 = σi . Since any homomorphisms τ with different restrictions
σi to K10 are distinct, we obtain de distinct homomorphisms τ in this
way, all satisfying τ |K1 = σ. Note that by the Tower Law, we have
de = [L1 : K10 ][K10 : K1 ] = [L1 : K1 ], so this completes the proof that
(iii) ⇒ (iv).
(iv) ⇒ (i): Suppose that (iv) is satisfied. We need to prove that if
α ∈ L1 , then α is separable over K1 ; i.e., that f = mα,K1 is separable.
Let d = [K1 (α) : K1 ], and e = [L1 : K1 (α)], so [L1 : K1 ] = de, and
there is an extension L2 of K2 with de homomorphisms τ : L1 → L2
such that τ |K1 = σ. Let k be the number of roots of σ̃(f ) in L2 , so
by Corollary 5.7, there are exactly k homomorphisms σ1 , σ2 , . . . , σk :
K10 → L2 such that σi |K1 = σ. Corollary 5.10 implies that for each
i = 1, 2, . . . , k, there are at most e homomorphisms τ : L1 → L2 such
that τ |K10 = σi . Note that if τ |K1 = σ, then its restriction to K10 must be
one of the σi , so it follows that there are at most ke such τ all together,
and therefore de ≤ ke. On the other hand deg σ̃(f ) = deg f = d,
so σ̃(f ) has at most d roots in L2 ; i.e., k ≤ d. Putting together the
inequalities, it follows that k = d, and therefore σ̃(f ) is separable, and
therefore so is f .
We note the following corollary:
Corollary 6.12. Suppose that L is a field extension of K. Then
{ α ∈ L | α is separable over K }
is a subfield of L.
Proof. Denoting the subset by E, we have K ⊂ E, so in particular
1K ∈ E. We just need to prove that if α, β are in E, then α + β
and αβ are in E, as is α−1 if α 6= 0K . Since α and β are separable
over K, they are algebraic over K, so K(α, β) is a finite extension of
K satisfying condition (ii) of Theorem 6.11. Therefore K(α, β) is a
separable extension of K, and it follows that α + β, αβ and α−1 (if
α 6= 0K ) are separable over K.
Below we will prove the Primitive Element,Theorem which states
that every finite separable extension of a field K is of the form K(α),
so in fact one can take m to be 1 in the statement of Theorem 6.11.
First though, we need the following result about finite fields to handle a
36
special case. (By a finite field, we mean a field with only finitely many
elements, such as Z/pZ; recall from the exercises that the number of
elements in any finite field is of the form pr for some prime p and integer
r ≥ 1.)
Lemma 6.13. If K is a finite field, then the group K × is cyclic.
Proof. Suppose that K has q elements, so K × is a group of order q −1.
For each divisor d of q − 1, the polynomial X d − 1 has at most d roots
in K, so there are at most d elements α ∈ K × such that αd = 1, i.e.,
of order dividing d. By a lemma from group theory, it follows that K ×
is cyclic.
Example 6.14. The preceding lemma should already be familiar in
the case K = Z/pZ, so let’s take another example. Consider the
polynomial f (X) = X 2 + 1 ∈ (Z/3Z)[X]. (We will omit the [·] denoting congruence classes mod 3, and just write the elements of Z/3Z
as 0, 1 and −1.) Since f (0) = 1 and f (1) = f (−1) = −1, we see
that f has no roots in Z/3Z; since it has degree 3, it must therefore be irreducible, and the quotient ring K = (Z/3Z)[X]/(f ) is a
field. Since [K : Z/3Z] = deg f = 2, K is a two-dimensional vector
space over Z/3Z, so K has 9 elements, and K × has order 8. Letting
α = [X] = X + (f ) ∈ K (so α2 = −1), we can explicitly list the 9
elements as follows:
K = {0, 1, −1, α, α + 1, α − 1, −α, −α + 1, α − 1 }.
Of course 1 is the identity in K × , −1 has order 2, and ±α have order
4 since (±α)2 = −1. This leaves the 4 elements of the form ±α ± 1,
which one can check directly have order 8. (For example (α + 1)2 = −α
has order 4, so α + 1 must have order 8.)
Theorem 6.15 (Primitive Element Theorem). Suppose that L is a
finite, separable extension of a field K. Then L = K(α) for some
α ∈ L.
Proof. Suppose first that K is a finite field. Since L is a finite extension of K, then L is also a finite field, so by Lemma 6.13, L× is cyclic.
Let α be a generator for L× . Then L = K(α) since every non-zero
element of L is of the form αi for some i ∈ Z, and hence is in K(α).
Now suppose that K is an infinite field. Since L is a finite extension
of K, we have L = K(α1 , α2 , . . . , αm ) for some α1 , α2 , · · · , αm ∈ L,
separable over K. It suffices to prove the case of m = 2, since this will
0
0
imply that K(αm−1 , αm ) = K(αm−1
) for some αm−1
∈ L, so that L =
0
K(α1 , α2 , . . . , αm−1 , αm−1 ). We can then keep iterating the argument
until we conclude that L = K(α1 , α20 ) = K(α) for some α ∈ L.
So suppose L = K(α1 , α2 ) for some α1 , α2 ∈ L, and let d = [L : K].
We will prove that L = K(rα1 + α2 ) for some choice of r ∈ K. Since
K(rα1 + α2 ) ⊂ L, it suffices to prove that [K(rα1 + α2 ) : K] ≥ d.
GALOIS THEORY
37
Since L is separable, we have by Theorem 6.11 (with K1 = K2 = K,
L1 = L and σ the identity) that there is an extension M of K admitting
d distinct K-embeddings σ1 , σ2 , . . . , σd : L → M . Since K has infinitely
many elements, we can choose r ∈ K so that r is not in the finite set:
σi (α2 ) − σj (α2 ) −
i, j ∈ {1, . . . , d}, σi (α1 ) 6= σj (α1 ) .
σi (α1 ) − σj (α1 ) We claim that for such an r, the elements σi (rα1 + α2 ) for i = 1, . . . , d
are distinct. To see this, suppose that σi (rα1 + α2 ) = σj (rα1 + α2 ).
Since σi and σj are K-embeddings, this implies that
r(σi (α1 ) − σj (α1 )) = −(σi (α2 ) − σj (α2 )).
This formula contradicts our choice of r if σi (α1 ) 6= σj (α1 ), so σi (α1 ) =
σj (α1 ), in which case the formula implies further that σi (α2 ) = σj (α2 ).
Since L = K(α1 , α2 ), it follows that σi = σj , and hence i = j.
Since σi (rα1 + α2 ) are distinct for i = 1, . . . , d, the restrictions of the
σi to K(rα1 + α2 ) are distinct, and it follows from Corollary 5.10 that
[K(rα1 + α2 ) : K] ≥ d.
If K ⊂ L is a field extension, then we say L is a simple extension
of K if L = K(α) for some α ∈ L which is algebraic over K. The
Primitive Element Theorem says that every finite separable extension
is simple. Combined with Corollary 6.9, this shows that every finite
extension of fields of characteristic 0 is simple.
√
Example 6.16. Consider the extension
L
=
Q(i,
2) of Q. Since
√ the
√
irreducible in Q( 2)[X],
polynomial X 2 + 1 has no roots in Q( 2) it is √
so it is√the minimal polynomial
√ of i over Q( 2). We therefore have
[L : Q( 2)] = 2, and since [Q( 2) : Q] = 2, the Tower Law gives that
[L : Q] = 4.
√
Recall that in Example 4.12, we saw that for α = i + 2, we have
[Q(α) : Q] = 4. Since α ∈ L, it follows that L = Q(α), which explicitly
expresses L as a simple extension of Q
To tie this in with the preceding proof, let us find the four embeddings of L into some field M and show that their values at α are
distinct. To find the embeddings, we’ll take M = C and proceed as
in the proof of (iii) ⇒ √
(iv) of Theorem 6.11. First we
the two
√ have √
embeddings
σ
,
σ
:
Q(
2)
→
M
determined
by
σ
(
2)
=
2 and
1
√
√1 2
σ2 ( 2) = − 2. Then there will be two ways to extend each of these
to √
embeddings L → M . There are two embeddings restricting to σ1 on
Q( 2), say τ1 , τ2 , determined by τ1 (i) = i and τ2 (i) = −i. Similarly
there are two embeddings, say τ3 , τ4 , restricting to σ2 , and again determined by τ3 (i) = i and τ4 (i) = −i. Putting the values in a table, we
38
have:
τ1
τ2
τ√
τ√
3
4
√
√
2
2
2
− 2
− 2
i√
i√
−i√
i√
−i√
i + 2 i + 2 −i + 2 i − 2 −i − 2.
Note that the values of the τi (α) are distinct, which recovers the fact
that L = Q(α). Note also that the values must be roots of mα,Q , which
we can therefore find by computing:
√
4
Y
√
√
√
√
(X − τi (α)) = (X − i − 2)(X + i − 2)(X − i + 2)(X + i + 2)
i=1
√
√
= (X 2 − 2 2X + 3)(X 2 + 2 2X + 3)
= X 4 − 2X 2 + 9,
which agrees with the result of Example 4.12.
Example 6.17. Note that the converse of Theorem 6.15 is false since
an inseparable extension can be simple, as in Example 6.10. One has
to work a little harder to construct a finite extension that isn’t simple.
Let K be a field of characteristic p, and consider the field L of rational
functions in two variables, say Y1 , Y2 , over K, so L = K(Y1 , Y2 ). It is
left as an exercise to show that the extension M = L(α1 , α2 ), where
α1p = Y1 and α2p = Y2 , is not simple.
Finally, we record the result of combining Theorems 6.11 and 6.15
in the case where K1 = K2 and σ is the identity map.
Corollary 6.18. Suppose that L is a finite extension of a field K.
Then the following are equivalent:
(i) L is separable over K.
(ii) L = K(α) for some α ∈ L separable over K.
(iii) L = K(α1 , α2 , . . . , αm ) for some α1 , α2 , . . . , αm ∈ L, each of
which is separable over K.
(iv) L = K(α1 , α2 , . . . , αm ) for some α1 , α2 , . . . , αm ∈ L with α1 is
separable over K and αi separable over K(α1 , α2 , . . . , αi−1 ) for
i = 2, . . . , m.
(v) There is an extension L0 of K such that there are [L : K]
distinct K-embeddings τ : L → L0 .
Proof. We already proved the equivalence of (i), (iii), (iv) and (v) in
Theorem 6.11. The Primitive Element Theorem says that (i) ⇒ (ii),
and it is obvious that (ii) ⇒ (iii).
7. Galois extensions
We now focus on splitting fields, i.e., extensions obtained by adjoining all the roots of a polynomial. First we define a more general notion
that makes sense also for infinite extensions.
GALOIS THEORY
39
Def inition 7.1. A field extension K ⊂ L is normal if L is algebriac
over K, and for all extensions M of L and K-embeddings σ : L → M ,
we have σ(L) ⊂ L.
√
Example 7.2. L = Q( 2) is normal over Q; in fact every quadratic
(i.e., degree 2) extension is normal. (This is left as an exercise.)
√
for
Example 7.3. L = Q( 4 2) is not normal over Q since, taking
√
4
example
M
=
C,
we
can
define
an
embedding
σ
:
L
→
C
with
σ(
2)
=
√
√
4
4
6∈ L.
i 2 (by Artin’s Extension Theorem), and i 2 √
On the other hand, L is normal over K = Q( 2) as it is a quadratic
extension,
or more
explicitly, note that any K-embedding
L → M
√
√
√
4
4
2
√
sends 2 to ± 2 (the roots of m 4 2,K (X) = X − 2), and therefore
has image contained in L.
We will give some equivalent conditions for a finite extension of fields
to be normal, but first we need the following lemma, which is similar
to (iii) ⇒ (iv) of Theorem 6.11 (but easier since we just have to prove
the existence of a single embedding instead of counting them).
Lemma 7.4. Suppose that L1 is a finite extension of K and σ : K →
L2 is a homomorphism. Then there is an extension M of L2 and a
homomorphism τ : L1 → M such that τ |K = σ.
Proof. Since L1 is finite over K, we can write L1 = K[α1 , α2 , . . . , αm ]
for some α1 , α2 , . . . , αm ∈ L1 , algebraic over K. We will prove the
lemma by induction on m.
If m = 1, then L1 = K(α1 ), and we let M be a splitting field for the
polynomial σ̃(mα1 ,K ) over L2 . Since σ̃(mα1 ,K ) has a root in M , Artin’s
Extension Theorem, yields a homomorphism τ : K(α1 ) → M such that
τ |K = σ.
Now suppose that m > 1 and the lemma holds for extensions of K
generated by m − 1 elements, so in particular for K(α1 , α2 , . . . , αm−1 ).
This means that, setting L01 = K(α1 , α2 , . . . , αm−1 ), there is an extension M 0 of L2 and a homomorphism τ 0 : L01 → M 0 such that τ 0 |K = σ.
Now let M be a splitting field of τ̃ 0 (mαm ,L01 ) over M 0 . Then τ̃ 0 (mαm ,L01 )
has a root in M , so by Artin’s Extension Theorem there is a homomorphism τ : L1 = L01 (αm ) → M such that τ |L01 = τ 0 , and hence
τ |K = τ 0 |K = σ.
Proposition 7.5. Let L be a finite extension of K. Then the following
are equivalent:
(i) L is normal over K;
(ii) for all α ∈ L, the minimal polynomial mα,K splits completely
over L;
(iii) L is a splitting field of some polynomial f ∈ K[X].
40
Proof. (i) ⇒ (ii): Suppose that L is normal over K, and α ∈ L. Let
L2 be a splitting field of mα,K over L, so
mα,K (X) = (X − β1 )(X − β2 ) · · · (X − βd )
for some β1 , β2 , . . . , βd ∈ L2 . We will show that if β ∈ L2 is a root of
mα,K , then in fact β ∈ L. This will show that β1 , β2 , . . . , βd ∈ L, so
mα,K splits completely over L.
Since β is a root of mα,K in L2 , Artin’s Extension Theorem implies
there is a K-embedding σ : K(α) → L2 such that σ(α) = β. By
Lemma 7.4 (applied with L1 = L and K(α) in place of K), there is
an extension M of L2 and a homomorphism τ : L → M such that
τ |K(α) = σ. Since L is normal over K, we have τ (L) ⊂ L, and therefore
β = σ(α) = τ (α) ∈ L, as required.
(ii) ⇒ (iii): Since L is finite over K, we have L = K(α1 , α2 , . . . , αm )
for some α1 , α2 , . . . , αm ∈ L, algebraic over K. Let
f = mα1 ,K mα2 ,K · · · mαm ,K
be the product of their minimal polynomials over K. If (ii) holds, then
each mαi ,K splits completely over L, and therefore so does f . Since
L = K(α1 , α2 , . . . , αm ) is generated over K by (some of) the roots of
f , L is a splitting field of f over K.
(iii) ⇒ (i): Suppose that L is a splitting field over K for the polynomial f ∈ K[X], so L = K(α1 , α2 , . . . , αd ), where α1 , α2 , . . . , αd ∈ L
and
f (X) = (X − α1 )(X − α2 ) · · · (X − αd ).
Let M be an extension of L and σ : L → M a K-embedding. Since
f ∈ K[X], we have σ̃(f ) = f . For each i = 1, 2, . . . , d, αi is a root of
f , so σ(αi ) is a root of σ̃(f ) = f , and therefore σ(αi ) = αj for some j.
Therefore σ(αi ) ∈ L for i = 1, 2, . . . , d. Since σ is a K-embedding and
L is generated over K by α1 , α2 , . . . , αd , it follows that
σ(L) = K(σ(α1 ), σ(α2 ), . . . , σ(αd )) ⊂ L.
Therefore L is normal over K.
Example 7.6. If p is prime and α = e2πi/p , then L = Q(α) is a splitting
field over Q for the polynomial X p−1 + X p−2 + · · · + 1 (by an exercise),
so L is normal over Q.
√
Example 7.7. From Example 4.18, we know that L = Q(i, 4 2) is a
splitting field for X 4 − 2 over Q, so L is normal over Q.
It is immediate from the definition of a normal extension that if
K ⊂ E ⊂ L is a tower of field extensions and L is normal over K,
then L is also normal over E (since every E-embedding L → M is
also a K-embedding). However the preceding example (together with
GALOIS THEORY
41
Example 7.3) shows that in this situation, it does not follow that E is
necessarily normal over K. Indeed in the tower:
√
√
4
4
Q ⊂ Q( 2) ⊂ Q(i, 2),
√
√
we have Q(i, 4 2) normal over Q, but Q( 4 2) is not normal over Q.
Note also that for a tower of extensions K ⊂ E ⊂ L with L normal
over E and E normal over K, it is not necessarily the case that L is
normal over K. Take for example
√
√
4
Q ⊂ Q( 2) ⊂ Q( 2);
√
√
√
4
we know that
Q(
2)
is
normal
over
Q(
2),
and
Q(
2) is normal over
√
4
Q, but Q( 2) is not normal over Q.
We are now ready to define the notion of a Galois extension:
Def inition 7.8. Suppose that K ⊂ L is an extension of fields. We say
that L is Galois over K if L is both separable and normal over K.
Recall that if K has characteristic 0, then every extension K is separable, so the extension is Galois if and only if it is normal. Applying
this to earlier examples:
√
√
4
2πi/p
Example 7.9.
Q(e
),
Q(
2)
and
Q(i,
2) are all Galois extension
√
4
of Q, but Q( 2) is not Galois over Q since it is not normal over Q.
Example 7.10. Let K be a field of characteristic p, K(Z) is the field of
rational functions over K in the variable Z, and let Y = Z p . Then the
extension K(Y ) ⊂ K(Z) is normal (since for example it is the splitting
field of f (X) = X p − Y over K(Y )), but inseparable, and therefore not
Galois.
Example 7.11. Let A be the field of algebraic numbers in C, defined
in Example 4.14. Suppose that M is an extension of A and σ : A → M
is a homomorphism. If α ∈ A, then α is a root of some polynomial
f ∈ Q[X], and therefore so is σ(α). Since all the roots of f are in A,
it follows that σ(α) ∈ A, so σ(A) ⊂ A. This proves that A is normal,
hence Galois, over Q. This gives an example of a Galois extension of
infinite degree.
Proposition 7.12. If K ⊂ E ⊂ L is a tower of field extensions, and
L is Galois over K, then L is Galois over E.
Proof. If L is Galois over K, then L is normal over K, so L is normal
over E. Similarly L is separable over K, so every element of L is
separable over K, hence also separable over E, so L is separable over
E. Therefore L is Galois over E.
Note that in the situation of Proposition 7.12, it does not follow that
E is Galois over K, since, although the separability of L over K implies
that of E over K, we saw above that E may fail to be normal over K.
Similarly if we have a tower of extensions K ⊂ E ⊂ L with L Galois
42
over E and E Galois over K, the separability property carries over to
L over K (by an exercise), but L may fail to be normal over K, so L
is not necessarily Galois over K.
Def inition 7.13. Suppose that K ⊂ L is a field extension. A Kautomorphism of L is a K-isomorphism σ : L → L; i.e., a K-isomorphism
from L to itself. The set of K-automorphisms of L is a group under
composition, denoted AutK (L).
The fact that AutK (L) is a group under composition amounts to the
easily verified assertions that the identity on L is a K-isomorphism, the
composite of two K-isomorphisms is a K-isomorphism, and the inverse
of a K-isomorphism is a K-isomorphism.
Recall from Corollary 5.7 that if L = K(α) for some α algebraic over
K, then to give a K-embedding σ : L → L2 is equivalent to giving a
root β ∈ L2 of mα,K . Applying this in the case L2 = L, this means
that to give a K-embedding from L to itself is equivalent to giving a
root β ∈ L of mα,K . Since [L : K] is finite and [σ(L) : K] = [L : K], it
follows that σ(L) = L, so σ is surjective, and hence a K-automorphism.
Therefore to give an element of AutK (L) is equivalent to giving a root
β ∈ L of mα,K , with the root α itself corresponding to the identity.
√
Example 7.14. Let L = Q( 2). The roots of m√2,Q (X) = X 2 − 2 in
√
L are ± 2, so AutQ (L) is a group of order 2,
element
√
√the non-identity
being the automorphism of L defined by a+b 2 7→ a−b 2 for a, b ∈ Q.
√
Example 7.15. Let L = Q( 4 2). The only roots of m√2,Q (X) = X 4 −2
√
in L are ± 4 2, so again AutQ (L) has order 2, the
non-identity
element
√
√
4
4
being the unique automorphism of L sending 2 to − 2.
Example 7.16. Let L be the field (Z/pZ)(Z) of rational functions
over Z/pZ in the variable Z, and let Y = Z p and K = (Z/pZ)(Y ).
Then L = K(α) where α = Z has minimal polynomial X p − Y over K.
Since X p − Y = (X − α)p in L[X], the only root of mα,K in L is α, so
AutK (L) consists of only the identity element.
Example 7.17. We will focus on the case where [L : K] is finite, but
just to give an indication of what can happen if [L : K] is infinite,
consider the case where
L = K(X) is the field of rational functions
a b
over X. Let
be a non-singular matrix with entries in K, and
c d
consider the element r(X) = (aX + b)/(cX + d) ∈ L. We can then
define a function σ : L → L by σ(s) = s ◦ r, i.e., (σ(s))(X) = s(r(X)).
We leave it as an exercise to verify that σ ∈ AutK (L).
Suppose now that [L : K] is finite. Then by Corollary 5.10, we
know that the order of AutK (L), being the number of K-embeddings
σ : L → L, is at most [L : K]. The next proposition says that equality
holds precisely when L is Galois over K.
GALOIS THEORY
43
Proposition 7.18. Suppose that L is a finite extension of K. Then
the following are equivalent:
(i) L is Galois over K;
(ii) for all α ∈ L, the minimal polynomial mα,K has deg mα,K distinct roots in K;
(iii) #AutK (L) = [L : K].
Proof. (i) ⇒ (ii): Suppose that L is Galois over K and α ∈ L. Since L
is normal over K, Proposition 7.5 tells us that mα,K splits completely
over L, i.e.. that
mα,K = (X − α1 )(X − α2 ) · · · (X − αd )
for some α1 , α2 , . . . , αd ∈ L, where d = deg mα,K . Since L is separable
over K, α is separable over K, so mα,K has no repeated roots in any
extension of K, and therefore the roots α1 , α2 , . . . , αd are distinct.
(ii) ⇒ (iii): The condition in (ii) says in particular that mα,K is
separable for all α ∈ L, so L is separable over K. Therefore by the
Primitive Element Theorem, L = K(α) for some α ∈ L. Note that we
have [L : K] = deg mα,K , so (ii) implies that mα,K has [L : K] distinct
roots in L, and therefore #AutK (L) = [L : K].
(iii) ⇒ (i): Suppose now that #AutK (L) = [L : K]. Then L satisfies
condition (v) in Corollary 6.18 (with L0 = L), so L is separable over K.
Applying the Primitive Element Theorem again, we have L = K(α)
for some α ∈ L. Since #AutK (L) is the number of distinct roots of
mα,K in L, and by assumption #AutK (L) = [L : K] = deg mα,K , we
see that mα,K splits completely over L. Since L = K(α) is generated
by (one of) the roots of mα,K , it follows that L is a splitting field of
mα,K over K, and is therefore normal over K by Proposition 7.5. Def inition 7.19. If L is a Galois extension of K, we call AutK (L) the
Galois group of L over K, and denote it by Gal(L/K).
Example 7.20. The Galois group of C over R is Gal(C/R) = {e, σ}
where e is the identity and σ is complex conjugation, i.e., σ(z) = z.
√
Example 7.21. Let L = Q(i, α), where α = 4 2. Since L is a splitting
field of X 4 − 2 over Q, it is Galois over Q. From the tower of extensions
Q ⊂ Q(α) ⊂ L for example, we know that
[L : Q] = [L : Q(α)][Q(α) : Q] = 2 · 4 = 8.
Therefore Gal(L/Q) has order [L : Q] = 8.
We can describe the elements explicitly as follows: if σ ∈ Gal(L/Q),
then σ(α) must be a root of X 4 − 2 in L, for which there are 4 possibilities: ±α and ±iα, and σ(i) must be a root of X 2 + 1, for which
the only possibilities are ±i. Since L is generated over Q by α and i,
any automorphism σ of L is determined by σ(α) and σ(i). Since there
44
are precisely 8 elements of Gal(L/Q), we see that each pair of possibilities for σ(α) and σ(i) occurs. The 8 elements of the Galois group can
therefore be described as follows:
σ
σ1 σ2 σ3 σ4 σ5 σ6 σ7 σ8
σ(α) α iα −α −iα α iα −α −iα
σ(i) i i
i
i
−i −i −i −i
Note that σ1 = e (the identity element), and letting ρ = σ2 and τ = σ5 ,
we have ρ4 = τ 2 = e. Moreover the above list of elements of the Galois
group can be rewritten as:
Gal(L/Q) = { e, ρ, ρ2 , ρ3 , τ, ρτ, ρ2 τ, ρ3 τ }.
To see the structure of the group, note that τ ρ = ρ3 τ since
τ ρ(α) = τ (ρ(α)) = τ (iα) = τ (i)τ (α) = −iα
and τ ρ(i) = τ (ρ(i)) = τ (i) = −i. The group is therefore isomorphic to
a dihedral group of order 8, i.e., the group of symmetries of a square,
with ρ corresponding to a 90◦ rotation and τ to a reflection.
8. Fundamental Theorem of Galois Theory
We will now formulate and prove the Fundamental Theorem of Galois Theory, also called the Galois Correspondence, for extensions of
finite degree. For a finite Galois extension L of K, the theorem relates
the subgroups of the Galois group of L over K to the subfields of L
containing K.
Recall (Proposition 7.12) that if K ⊂ E ⊂ L is a tower of field
extensions and L is Galois over K, then L is also Galois over E. Since
every E-automorphism of L is automatically also a K-automorphism
of L, it follows from the definitions that Gal(L/E) is a subgroup of
Gal(L/K). On the other hand if H is a subgroup of Gal(L/K), then
LH = { α ∈ L | σα = αfor all σ ∈ H }
is a subfield of L containing K (an exercise), called the fixed field of H.
Theorem 8.1 (The Fundamental Theorem of Galois Theory). Suppose that K ⊂ L be a finite* Galois extension of fields, and let G =
Gal(L/K). Then
(i) The maps E 7→ Gal(L/E) and H 7→ LH define mutually inverse, inclusion-reversing bijections between the sets:
intermediate fields E,
←→ subgroups H of G .
K⊂E⊂L
*There
is a version of the theorem that applies also to infinite Galois extensions,
but we will only consider the case of finite Galois extensions.
GALOIS THEORY
45
(ii) An intermediate field E, K ⊂ E ⊂ L, is Galois over K if and
only if the corresponding subgroup H = Gal(L/E) is normal
in G, in which case the restriction map σ 7→ σ|E induces an
isomorphism of groups
∼
G/H −→ Gal(E/K).
Proof. (i) Let us call the two maps φ and ψ, so if E is a field such
that K ⊂ E ⊂ L, then φ(E) denotes the subgroup Gal(L/E) of G =
Gal(L/K), and if H is a subgroup of G, then ψ(H) denotes the field
LH (which clearly satisfies K ⊂ LH ⊂ L).
The statement that φ and ψ are “mutually inverse bijections” means
that φ◦ψ and ψ ◦φ are the identity maps*; i.e., if H is a subgroup of G,
then φ(ψ(H)) = H, and if E is an intermediate field, K ⊂ E ⊂ L, then
ψ(φ(E)) = E. Unravelling what each of these means: since φ(ψ(H)) =
φ(LH ) = Gal(L/LH ) and ψ(φ(E)) = ψ(Gal(L/E)) = LGal(L/E) , we
need to prove:
(1) if H is a subgroup of G, then H = Gal(L/LH ).
(2) if E is a field such that K ⊂ E ⊂ L, then E = LGal(L/E) ;
Before we prove this, let us take care of the assertion that the maps are
inclusion-reversing, since we’ll use this in the proof of (1) and (2). The
meaning of “inclusion-reversing” is that if E1 ⊂ E2 are intermediate
extensions, then Gal(L/E2 ) ⊂ Gal(L/E1 ), and that if H1 ⊂ H2 are
subgroups of G, then LH2 ⊂ LH2 . Both of these are immediate from
the definitions. (If E1 ⊂ E2 and σ ∈ Gal(L/E2 ), then σ(α) = α for all
α ∈ E2 , so σ(α) = α for all α ∈ E1 , and therefore σ ∈ Gal(L/E1 ); if
H 1 ⊂ H 2 and α ∈ LH2 , then σ(α) = α for all σ ∈ H2 , so σ(α) = α for
all σ ∈ H1 , and therefore α ∈ LH1 .)
We now prove (1). First note that if σ ∈ H, then σ(α) = α for all
α ∈ LH , so σ ∈ Gal(L/LH ). Therefore H ⊂ Gal(L/LH ). Since the
groups are finite, it suffices to prove that #H ≥ #Gal(L/LH ). By
the Primitive Element Theorem, we can choose some α ∈ L so that
L = LH (α) (since L is a finite separable extension of LH ), and we let
Y
f (X) =
(X − σ(α)) ∈ L[X].
σ∈H
If τ ∈ H, then { τ σ | σ ∈ H } = H, so
Y
(τ̃ (f ))(X) =
(X − τ (σ(α)))
σ∈H
Y
Y
=
(X − (τ σ)(α)) =
(X − σ(α)) = f (X).
σ∈H
σ∈H
Pd
n
This shows that if f (X) =
n=0 an X , then τ (an ) = an for n =
H
0, . . . , d and all τ ∈ H, so an ∈ L for all n = 0, . . . , d; i.e., f (X) ∈
*Recall
that if the two maps are each other’s inverses, then they are both necessarily bijections.
46
LH [X]. Since e ∈ H, f (α) = 0, so f is divisible by mα,LH [X] in
LH [X]. Now note that deg mα,LH = [L : LH ] = #Gal(L/LH ) (the
latter equality by Proposition 7.18), and deg(f ) = #H. Since f is
divisible by mα,LH , we have #Gal(L/LH ) ≥ #H, and it follows that
Gal(L/LH ) = H.
We now prove (2). First note that if α ∈ E, then σ(α) = α for all
σ ∈ Gal(L/E), so we have E ⊂ LGal(L/E) ⊂ L. Therefore it suffices
to prove that [L : E] = [L : LGal(L/E) ] (since the Tower Law then
implies [LGal(L/E) : E] = 1). But in the course of proving (1) we
showed that [L : LH ] = #H for all subgroups H of G; applying this to
H = Gal(L/E), we see that indeed
[L : LGal(L/E) ] = #Gal(L/E) = [L : E].
This completes the proof of (2), and therefore of part (i) of the theorem.
(ii) Suppose that E and H correspond under the bijections of (i), so
E = LH and H = Gal(L/E).
We first suppose that E is Galois over K. We need to prove that H
is a normal subgroup of G; i.e., if τ ∈ G and σ ∈ H, then τ −1 στ ∈ H.
Since E is a normal extension K, we have τ (E) ⊂ E. Therefore if
α ∈ E, then τ (α) ∈ E, so σ(τ (α)) = τ (α), and hence
(τ −1 στ )(α) = τ −1 (σ(τ (α))) = τ −1 (τ (α)) = α.
This proves that τ −1 στ ∈ Gal(L/E) = H, as required.
Now we suppose instead that H is a normal subgroup of G and
prove that E is Galois over K. If τ ∈ G and σ ∈ H, then τ −1 στ ∈ H,
so (τ −1 στ )(α) = α for all α ∈ E. So if τ ∈ G and α ∈ E, then
σ(τ (α)) = τ (α) for all σ ∈ H, which implies that τ (α) ∈ LH = E.
Therefore the restriction τ |E defines an automorphism of E, which is
evidently a K-automorphism (since τ is the identity on K), i.e., an
element of AutK (E). Since τ |E ◦ τ 0 |E = (τ ◦ τ 0 )|E , the map
φ : G → AutK (E)
τ 7→
τ |E
is a group homomorphism. The kernel of φ is, by definition,
{ τ ∈ G | τ (α) = α for all α ∈ E } = Gal(L/E),
which equals H by assumption. The isomorphism theorem for groups
therefore tells us that φ induces an isomorphism from G/H to a subgroup of AutK (E), namely the image of φ. In particular, we have
#G/#H = #(G/H) ≤ #AutK (E). Combining this with the fact that
[E : K] = [L : K]/[L : E] = #Gal(L/K)/#Gal(L/E) = #G/#H,
we see that [E : K] ≤ #AutK (E). Since it is always the case that
#AutK (E) ≤ [E : K], it follows that equality holds, and hence E is
Galois over K (by Proposition 7.18). This equality also shows that
φ : G → AutK (E) = Gal(E/K) is surjective, and hence that φ induces
GALOIS THEORY
47
an isomorphism G/H → Gal(E/K), thus completing the proof of (ii).
√
Example 8.2. Let L = Q(α, ζ) where α = 3 2 and ζ = e2πi/3 . Then
L is the splitting field over Q for the polynomial X 3 − 2, so L is Galois
over Q (normal over Q since it is a splitting field, separable over Q
since it has characteristic 0).
Since ζ is a root of X 2 +X+1 = (X−ζ)(X−ζ 2 ), which has no roots in
Q(α) and is therefore irreducible in Q(α)[X], we have [L : Q(α)] = 2,
so [L : Q] = 6. Therefore G = Gal(L/Q) has order 6. By Artin’s
Extension Therorem, there is a Q(α)-automorphism τ : L → L such
that τ (ζ) = ζ 2 . Since [L : Q(ζ)] = 3, we see that X 3 − 2 is the minimal
polynomial of α over Q(ζ), so there is similarly a Q(ζ)-automorphism σ
of L such that σ(α) = ζα. We therefore have elements σ, τ ∈ Gal(L/Q)
whose effect on α and ζ is given in the table:
σ τ
α ζα α
ζ ζ ζ 2.
Note that σ(ζα) = σ(ζ)σ(α) = (ζ)(ζα) = ζ 2 α, and similarly σ(ζ 2 α) =
ζ 3 α = α. Therefore σ 3 (α) = σ 2 (ζα) = σ(ζ 2 α) = α. Since σ 3 (ζ) = ζ, it
follows that σ 3 = e (the identity). Similarly τ 2 = e.
We thus obtain 6, and therefore all, elements of the Galois group:
G = { e, σ, σ 2 , τ, τ σ, τ σ 2 }.
Note that τ σ(α) = τ (ζα) = ζ 2 α = σ 2 τ (α), and τ σ(ζ) = ζ 2 = σ 2 τ (ζ),
so τ σ = σ 2 τ . Therefore G is a non-abelian group of order 6, so it is
isomorphic to the permutation group S3 . The elements σ and σ 2 have
order 6, and the elements τ , τ σ and τ σ 2 have order 2.
The possible orders of subgroups of G are 1, 2, 3 and 6. In particular
all the subgroups, other than G itself, are cyclic, so it is easy to list
them all. (Recall that hgi denotes the subgroup generated by g.)
•
•
•
•
order
order
order
order
1:
2:
3:
6:
{e};
hτ i, hτ σi and hτ σ 2 i;
hσi (note that hσi = {e, σ, σ 2 } = hσ 2 i);
G.
48
The following diagram shows all the subgroups, with lines indicating
when one is contained in another:
{e}
hτ i
hτ σi
hτ σ 2 i
hσi
G
We now identify the subfield corresponding to each under the bijection
in part (i) of the Fundamental Theorem of Galois Theory. We clearly
have L{e} = L so {e} ↔ L, and G = Gal(L/Q) so G ↔ Q. Since σ(ζ) =
ζ, we have ζ ∈ Lhσi , so Q(ζ) ⊂ Lhσi . Moreover [L : Lhσi ] = #hσi = 3,
so [Lhσi : Q] = 6/3 = 2, and it follows that Q(ζ) = Lhσi , so hσi ↔ Q(ζ).
Similarly Q(α) ⊂ Lhτ i , and each has degree 3 = 6/2 over Q, so equality
holds, i.e., hτ i ↔ Q(α). We also find that τ σ(ζα) = ζα, so the same
argument shows that hτ σi ↔ Q(ζα), and similarly hτ σ 2 i ↔ Q(ζ 2 α).
We thus obtain the diagram of subfields of L corresponding to the one
above for subgroups:
L
Q(α)
Q(ζα)
Q(ζ 2 α)
Q(ζ)
Q
Finally note that the subgroups of G which are normal are precisely
{e}, hσi and G. These correspond to the subfields of L that are Galois
over Q, namely L, Q(ζ) and Q.
9. Galois groups of polynomials
We essentially saw the following in the course of the proof of Proposition 7.18, but let’s record it here for reference:
Proposition 9.1. Suppose L is a finite extension of a field K. Then
the following are equivalent:
(i) L is Galois over K;
GALOIS THEORY
49
(ii) L is a splitting field over K of some separable polynomial f ∈
K[X];
(iii) L is a splitting field over K of some separable irreducible polynomial f ∈ K[X].
Proof. (i) ⇒ (iii): If L is Galois over K, then L is separable over K,
so L = K(α) for some α ∈ L by the Primitive Element Theorem. Let
f ∈ K[X] be the minimal polynomial of α over K. Then f is separable
(since α is separable over K) and irreducible. Furthermore f splits
completely over L (by Proposition 7.5 or 7.18). Since L is generated
over K by (one of) the roots of f , we conclude that L is a splitting
field for f over K.
(iii) ⇒ (ii) is obvious.
(ii) ⇒ (i): If L is a splitting field over K of a polynomial f ∈ K[X],
then L is normal over K by Proposition 7.5. Since L is generated over
K by the roots of f , which are separable over K if f is, it follows from
Theorem 6.11 that L is separable over K, so L is Galois over K.
Suppose now that f is a separable polynomial in K[X], and let Lf
denote a splitting field for f over K. Then Lf is Galois over K by the
preceding proposition, so we can consider the Galois group Gal(Lf /K).
Def inition 9.2. If f is a separable polynomial in K[X], then we let
Lf denote a splitting field over K of f , and we call Gal(Lf /K) the
Galois group of f over K.
Strictly speaking Gal(Lf /K) depends on the choice of splitting field
Lf , but recall from Theorem 5.11 that any two splitting fields for f
over K are K-isomorphic; i.e., if L0f is another splitting field for f
over K, then there is a K-isomorphism τ : Lf → L0f . It follows that
Gal(Lf /K) and Gal(L0f /K) are isomorphic groups: if σ ∈ Gal(Lf /K),
then the composite τ ◦ σ ◦ τ −1
τ −1
σ
τ
L0f −→ Lf −→ Lf −→ L0f
is a K-automorphism of L0f , and the resulting map
Gal(Lf /K) → Gal(L0f /K)
σ
7→ τ ◦ σ ◦ τ −1
is easily seen to be an isomorphism. It follows that the Galois group
Gal(Lf /K) (or more precisely its isomorphism class) depends only on
the polynomial f , not on the chosen splitting field Lf . We will typically
refer to any group isomorphic to Gal(Lf /K) as “the Galois group of f
over K.”
√
Example 9.3. Consider f (X) = X 3 −2 ∈ Q[X], so Lf = Q( 3 2, e2πi/3 ),
and we saw in Example 8.2 that Gal(Lf /Q) is isomorphic to the permutation group S3 . Therefore the Galois group over Q of the polynomial
X 3 − 2 is (isomorphic to) S3 .
50
Next we show how to interpret the Galois group of a polynomial in
terms of permutations of its roots.
Proposition 9.4. If f ∈ K[X] is a separable polynomial of degree n,
then its Galois group Gal(Lf /K) is isomorphic to a subgroup of Sn .
Proof. Since f is separable, it has n distinct roots, say α1 , α2 , . . . , αn ,
in its splitting field Lf = K(α1 , α2 , . . . , αn ). If σ ∈ Gal(Lf /K), then
for each root αi of f , we have that σ(αi ) is a root of σ̃(f ) = f , so
σ(αi ) = αj for some j ∈ {1, 2, . . . , n}. Moreover αi 7→ σ(αi ) defines a
bijection
{ α1 , α2 , . . . , αn } −→ { α1 , α2 , . . . , αn }
since it has an inverse map defined by σ −1 . We thus obtain a permutation of the set {α1 , α2 , . . . , αn }, or equivalently of {1, 2, . . . , n},
which we denote πσ ; so πσ : {1, 2, . . . , n} → {1, 2, . . . , n} is defined by
σ(αi ) = απσ (i) .
The function Gal(Lf /K) → Sn defined by σ 7→ πσ is a homomorphism since
απσ◦τ (i) = σ(τ (αi )) = σ(απτ (i) ) = απσ (πτ (i))
shows that πσ◦τ = πσ ◦ πτ . The homomorphism is injective since
for πσ to be the identity means that σ(αi ) = αi for i = 1, 2, . . . , n;
since σ is the identity on K, it follows that σ is the identity on Lf =
K(α1 , α2 , . . . , αn ).
Example 9.5. Returning to Example 8.2 with
f (X) = X 3 −2 ∈ Q[X],
√
3
the roots of f , so Lf = Q(α, ζ) with α = 2 and ζ = e2πi/3 , the roots
of f are α1 = α, α2 = ζα and α3 = ζ 2 α. According to Proposition 9.4,
G = Gal(Lf /Q) is isomorphic to a subgroup of S3 ; since G has order [Lf : Q] = 6, it follows immediately that G is isomorphic to S3 .
Recall that we already saw this from the explicit description of G is
Example 8.2 as
{ e, σ, σ 2 , τ, τ σ, τ σ 2 }
where σ(α) = ζα, σ(ζ) = ζ, τ (α) = α and τ (ζ) = ζ 2 . To see explicitly
the isomorphism between G and S3 provided by Proposition 9.4, let’s
tabulate the effect of each element ρ ∈ G on the roots α1 , α2 and α3 ,
and express the resulting permutation πρ using cycle notation:
ρ
e
σ
σ2
τ
τ σ τ σ2
ρ(α1 ) α1 α2
α3
α1
α3
α2
ρ(α2 ) α2 α3
α1
α3
α2
α1
ρ(α3 ) α3 α1
α2
α2
α1
α3
πρ
e (123) (132) (23) (13) (12)
To get the entries for the column τ σ for example, note that
τ σ(α1 ) = τ (σ(α)) = τ (ζα) = ζ 2 α = α3 ,
τ σ(α2 ) = τ (σ(ζα)) = τ (ζ 2 α) = ζα = α2 ,
τ σ(α3 ) = τ (σ(ζ 2 α)) = τ (α) = α = α1 ,
GALOIS THEORY
51
so the corresponding permutation π = πτ σ is defined by π(1) = 3,
π(2) = 2 and π(3) = 1, which is expressed in cycle notation as (13).
Example 9.6. Let f (X) = (X 2 −√2)(X 2 + 1) ∈ Q[X], so the splitting
field over Q is the field L = Q( 2, i) √
considered in Examples 4.12
and 6.16.
The roots
√ of f in L are ± 2 and ±i; let’s label them
√
α1 = 2, α2 = − 2, α3 = i, α4 = −i. The embeddings τj : L → C,
j = 1, 2, 3, 4, computed in Example 6.16 have image in L (necessarily
so since L is normal over Q), so these are in fact the four elements of
Gal(L/Q). Their effect on the roots is already shown in the table in
Example 6.16, from which we can read off the corresponding permutations in S4 :
πτ1 = e,
πτ2 = (34),
πτ3 = (12) and πτ4 = (12)(34)
(in cycle notation). The Galois group of f is therefore (isomorphic to)
{e, (34), (12), (12)(34)}.
Note that ordering the roots differently from the start in defining
the isomorphism of Proposition 9.4, say relabelling each αi as βφ(i) for
some permutation φ of {1, 2, . . . , n}, we end up replacing πσ by φπσ φ−1
since if j = φ(i), then
σ(βj ) = σ(αi ) = απσ (i) = βφ(πσ (i)) = βφπσ φ−1 (j) .
So the new homomorphism Gal(Lf /K) → Sn is the original σ 7→ πσ
composed with conjugation by the element φ ∈ Sn . Recall that the
effect of conjugation by φ on a d-cycle is simply to replace each i with
φ(i); i.e., if π = (a1 a2 · · · ad ) ∈ Sn , then φπφ−1 = (φ(a1 )φ(a2 ) · · · φ(ad )).
2
2
So if we relabelled
√ the roots
√ of (X − 2)(X + 1) in the Example 9.6 as
β1 = −i, β2 = 2, β3 = − 2, β4 = i, then the resulting permutations
associated to the elements of the Galois group would be:
πτ1 = e,
πτ2 = (14),
πτ3 = (23) and πτ4 = (23)(14),
which are just the conjugates by φ = (1234) of the ones computed
above.
We know by Proposition 9.1 that every finite Galois extension L over
K is a splitting field of a separable polynomial f ∈ K[X], but there are
many polynomials to choose from—in fact infinitely many. So in order
to obtain a homomorphism Gal(L/K) → Sn as in Proposition 9.4, not
only are we free to choose an ordering of the roots as just described,
but we could also choose other polynomials f such that L = Lf ; the
degrees may even be different, giving isomorphisms from Gal(L/K) to
subgroup of Sn for different n. In particular, we can always choose n
to be [L : K] (see the exercises).
√
Example 9.7. Recall
from Example 6.16 that L = Q( 2, i) = Q(α),
√
where α = i + 2 has minimal polynomial f (X) = X 4 − 2X 2 + 9.
Since Q(α) is Galois over Q, it contains all the roots of f , and is
52
therefore a splitting field of f . We can therefore use the polynomial
f to construct an isomorphism from Gal(L/Q) to a subgroup of S4 .
We already determined the roots of f in Example 6.16, and let’s label
them as:
√
√
√
√
α1 = i + 2, α2 = −i + 2, α3 = i − 2, α4 = −i − 2.
Denoting the elements of the Galois group τ1 , τ2 , τ3 , τ4 as in Example 9.6, we find the resulting permutations of the roots are given by:
σ
σ(α1 )
σ(α2 )
σ(α3 )
σ(α4 )
πσ
τ1
τ2
τ3
τ4
α1
α2
α3
α4
α2
α1
α4
α3
α3
α4
α1
α2
α4
α3
α2
α1
e (12)(34) (13)(24) (14)(23)
Note the Galois extension L over Q is the same in Examples 9.6 and
9.7, but we chose different polynomials for which L is a splitting field
and got different isomorphisms to subgroups of S4 . The two resulting
subgroups:
{e, (12), (34), (12)(34)} and {e, (12)(34), (13)(24), (14)(23)}
are of course isomorphic (each being isomorphic to Gal(L/Q), or more
concretely, to Z/2Z × Z/2Z), but they are not conjugate in S4 (as
they would be if we used different orderings of the roots of a single
polynomial f ). In fact, there is an essential difference between the
two subgroups of S4 resulting from the following difference between
the two polynomials used: (X 2 − 2)(X 2 + 1) is reducible in Q[X], and
X 2 − 2X 2 + 9 is irreducible in Q[X].
Def inition 9.8. A subgroup G of Sn is transitive if for every i, j ∈
{1, 2, . . . , n}, there exists π ∈ G such that π(i) = j.
Remark 9.9. Transitivity can also be defined using the notion of “orbits”: if G is a subgroup of Sn , then for each i ∈ {1, 2, . . . , n}, define the
orbit of i under (the action of) G to be G · i = { π(i) | π ∈ G }. Then it
is easy to see that {1, 2, . . . , n} is partitioned into disjoint orbits, and
G is transitive if there is just one orbit. For example, the orbits in
{1, 2, 3, 4} under the subgroup {e, (12), (34), (12)(34)} are {1, 2} and
{3, 4}, but there is only a single orbit {1, 2, 3, 4} under the transitive
subgroup {e, (12)(34), (13)(24), (14)(23)}.
We will prove that the subgroup of Sn obtained from Proposition 9.4
is transitive whenever f is irreducible. First we prove a lemma we’ll
use again later:
Lemma 9.10. If L is a finite Galois extension of K and α ∈ L, then
the set of roots in L of the minimal polynomial mα,K is:
{ σ(α) | σ ∈ Gal(L/K)}.
GALOIS THEORY
53
Proof. Let f = mα,K , so f is an irreducible polynomial in K[X] and
α is a root of f .
Note that if σ ∈ Gal(L/K), then σ(α) is a root of σ̃(f ) = f . (Recall
that σ̃ is the homomorphism L[X] → L[X] defined by applying σ to the
coefficients of the polynomial, and σ is a K-automorphism, meaning
that its restriction to K is the identity.)
Suppose on the other hand that β is a root of f . We need to prove
there is an element σ ∈ Gal(L/K) such that σ(α) = β. By Artin’s
Extension Theorem, there is a K-embedding τ : K(α) → L such that
τ (α) = β. By Lemma 7.4, there is an extension M of L and a homomorphism σ : L → M such that σ|K(α) = τ ; in particular σ is a
K-embedding and σ(α) = β. Since L is normal over K, we must have
σ(L) ⊂ L, so σ is in fact a K-automorphism of L, i.e., an element of
Gal(L/K).
Proposition 9.11. If f ∈ K[X] is a separable irreducible polynomial
of degree n, then its Galois group G = Gal(Lf /K) is isomorphic to a
transitive subgroup of Sn , and G has order divisible by n.
Proof. From the proof of Proposition 9.4, we see that to prove G is
transitive, it suffices to prove that for any roots αi and αj of f , there is
an element σ ∈ Gal(Lf /K) such that σ(αi ) = αj . Since f is irreducible,
we know that f = cmαi ,K for some c ∈ K × , so f and mαi ,K have the
same roots, and it follows from Lemma 9.10 that σ(αi ) = αj for some
σ ∈ G. Therefore πσ (i) = j in the notation of Proposition 9.4, and the
corresponding subgroup of Sn is transitive.
To see that G has order divisible by n, recall that #G = [Lf : K].
Since K(αi ) ⊂ Lf and [K(αi ) : K] = deg(f ) = n, it follows from the
Tower Law that #G is divisible by n.
Recall from Proposition 9.1 that when writing a finite Galois extension L over K as a splitting field of a separable polynomial f ∈ K[X],
we can in fact choose f to be irreducible, so that Proposition 9.11
applies. Note that the polynomials in Examples 9.5 and 9.7 were irreducible, and the resulting subgroups of Sn were transitive. On the
other hand, the polynomial in Example 9.6 was reducible, and the corresponding subgroup was not transitive.
Returning now to Lemma 9.10, note that under its hypotheses, there
can be repetition among the σ(α); for example if α ∈ K, then σ(α) = α
for all σ ∈ Gal(L/K). Note also that since α is separable over K, there
are no repeated roots of mα,K , so mα,K is the product of the distinct
linear factors X − σ(α).
Example 9.12. Let L be the splitting field of f (X) = X 3 − 2 over
Q as in Example
8.2 and 9.5. Applying the 6 elements of Gal(L/Q)
√
3
to α = 2, we obtain the three roots of mα,Q (X) = X 3 − 2 (each
54
appearing twice):
e(α) = τ (α) = α,
σ(α) = τ σ 2 (α) = ζα,
σ 2 (α) = τ σ(α) = ζ 2 α.
Applying the elements of Gal(L/Q) to ζ we get:
e(ζ) = σ(ζ) = σ 2 (ζ) = ζ,
τ (ζ) = τ σ(ζ) = τ σ 2 (ζ) = ζ 2 ,
which are the two roots of the minimal polynomial
mζ,Q (X) = (X − ζ)(X − ζ 2 ) = X 2 + X + 1.
For an example where we didn’t already know the minimal polynomial, consider β = ζ + α. Applying the elements of Gal(L/K) to β
gives:
ζ + α, ζ + ζα, ζ + ζ 2 α, ζ 2 + α, ζ 2 + ζ 2 α, ζ 2 + ζα.
It’s easy to see these are distinct, so (omitting some tedious computation) we find
mβ,Q = (X − ζ − α)(X − ζ − ζα)(X − ζ − ζ 2 α)
×(X − ζ 2 − α)(X − ζ 2 − ζα)(X − ζ 2 − ζ 2 α)
= f (X − ζ)f (X − ζ 2 )
= ((X − ζ)3 − 2)((X − ζ 2 )3 − 2)
= ((X − ζ)(X − ζ 2 ))3 − 2((X − ζ)3 + (X − ζ 2 )3 ) + 4
= (X 2 + X + 1)3 − 2(2X 3 + 3X 2 − 3X − 2) + 4
= X 6 + 3X 5 + 6X 4 + 3X 3 + 9X + 9.
10. Polynomials of low degree
We now analyze the possible Galois groups of polynomials in K[X] of
low degree. The case of linear polyomials (i.e., degree 1) is trivial: the
splitting field is the field K itself, so the Galois group consists of only
the identity element. We’ll see the case of quadratic polynomials (i.e.,
degree 2) is easy and familiar. Cubic polynomials (degree 3) get more
interesting, and we’ll give a method for determining the Galois group
(at least if the characteristic of K isn’t 2 or 3). For quartic polynomials
(degree 4), the algorithms and possibilities get more complicated, so
we’ll just discuss some special cases and examples instead of giving a
complete analysis.
Suppose now that f ∈ K[X] is a quadratic polynomial. We can
divide by the leading coefficient of f in order to assume f is monic
(this doesn’t change the roots of f , so it doesn’t change the splitting
field or the Galois group). So suppose
f (X) = X 2 + bX + c,
using b and c for consistency with the usual notation in the Quadratic
Formula, which says the roots of f are
α1 =
−b + δ
,
2
α2 =
−b − δ
2
GALOIS THEORY
55
where δ 2 = b2 − 4c. Note that the division by 2 requires that the characteristic of K be different from 2; the case where K has characteristic
2 is considered in an exercise.
The expression b2 − 4c is called the discriminant of f and denoted
∆f . Note that δ = α1 − α2 , so ∆f = (α1 − α2 )2 , and K(δ) is a splitting
field of f . We see that f is separable if and only if ∆f 6= 0, and f is
irreducible if and only if ∆f is not a square in K. If ∆f is a square
in K, then f splits completely over K, so Gal(Lf /K) = {e}. On the
other hand if ∆f is not a square* in K, then Gal(Lf /K) has order 2;
its non-identity element σ must exchange α1 and α2 , or equivalently δ
and −δ, so is given by the formula
σ(r + sδ) = r − sδ
for r, s ∈ K. As a permutation group, we can view Gal(Lf /K) as
S2 = {e, (12)} in this case. For a familiar example, take K = R and
f (X) = X 2 + 1, so ∆f = −4 is not a square in R. Then we can take
δ = 2i, α1 = i, α2 = −i, so Gal(C/R) = {e, σ} where σ is complex
conjugation.
Now consider the case of a cubic polynomial f ∈ K[X], which we
can again suppose is monic, say f (X) = X 3 + aX 2 + bX + c.
If f is reducible, then it has a root α ∈ K, so f (X) = (X − α)g(X)
for some quadratic polynomial g ∈ K[X]. Then f and g have the same
splitting fields, so the Galois group of f over K is determined as above
by ∆g : if ∆g is a square in K, then f splits completely over K and
has trivial Galois group, and if ∆g is not a square in K, then f factors
as the product of a linear and an irreducible quadratic polynomial in
K[X] and its Galois group has order 2.
Now suppose f is irreducible. Let us assume that the characteristic
of K is not 3, so f is separable (since f is irreducible and f 0 6= 0) and
its splitting field Lf is Galois over K. By Proposition 9.11, the Galois
group of f is a transitive subgroup of S3 ; as it has order divisible by 3,
the only possibilities are S3 itself, and
A3 = { e, (123), (132) }.
The following proposition determines which of these it is, assuming the
characteristic of K isn’t 2 or 3.
Proposition 10.1. Suppose K is a field of characteristic not 2 or 3
and f is a monic, cubic, irreducible polynomial in K[X]. Let Lf be a
splitting field of f , so Lf = K(α1 , α2 , α3 ) where α1 , α2 , α3 are the roots
of f . Let δ = (α1 − α2 )(α2 − α3 )(α3 − α1 ) and let ∆ = δ 2 . Then
(i) ∆ ∈ K × ;
(ii) if δ ∈ K, then Gal(Lf /K) is isomorphic to A3 ;
(iii) if δ 6∈ K, then Gal(Lf /K) is isomorphic to S3 .
*In
particular, ∆f 6= 0, so f is separable over K and Lf is Galois over K
56
Proof. Suppose that σ ∈ Gal(Lf /Q), and let πσ denote the corresponding permutation in S3 . We claim that
• if πσ ∈ A3 , then σ(δ) = δ;
• if πσ 6∈ A3 , then σ(δ) = −δ.
For the first bullet point, note that if πσ = (123), then
σ(δ) = (α2 − α3 )(α3 − α1 )(α1 − α2 ) = δ,
and similarly if πσ = (132). For the second, note that if πσ = (12),
then
σ(δ) = (α2 − α1 )(α1 − α3 )(α3 − α2 ) = −δ,
and similarly if πσ = (13) or (23).
Since ∆ = δ 2 and σ(δ) = ±δ for all σ ∈ Gal(Lf /K), it follows
that, σ(∆) = σ(δ)2 = (±δ)2 = ∆ for all σ ∈ Gal(Lf /K). Therefore
Gal(Lf /K)
∆ ∈ Lf
= K, proving (i).
For (ii) and (iii), it suffices to prove that Gal(Lf /K) is isomorphic
to S3 if and only if δ ∈ K (since A3 and S3 are the only possible Galois
groups).
Suppose first that δ 6∈ K. Since ∆ = δ 2 ∈ K, we have mδ,K (X) =
2
X − ∆, so [K(δ) : K] = 2. Since K ⊂ K(δ) ⊂ Lf , it follows that
[Lf : K] = #Gal(Lf /K) is even. Therefore #Gal(Lf /K) is isomorphic
to S3 .
Conversely, suppose that #Gal(Lf /K) is isomorphic to S3 . Then
there is an element σ ∈ Gal(Lf /K) such that πσ = (12), which implies
that σ(δ) = −δ 6= δ (since we assumed the characteristic of K isn’t 2),
and therefore δ 6∈ K.
For f as in the proposition, the element ∆ ∈ K is called the discriminant of f , and denoted ∆f (if we wish to make reference to f ).
To express ∆f in terms of the coefficients of f , it is convenient to make
a change of variable: If we write f (X) = X 3 + rX 2 + sX + t with
r, s, t ∈ K, and lett g(X) = f (X − (r/3)), then
g(X) = (X − 3r )3 + r(X − 3r )2 + s(X − 3r ) + t
2
2
r3
= X 3 − rX 2 + r3 X − 27
+ rX 2 − 2r3 X +
= X 3 + aX + b,
2
r3
9
+ sX −
rs
3
+t
3
− rs
+ t. Since ∆f = ∆g (an exercise),
where a = s − r3 and b = 2r
27
3
we can reduce to the case where f has the form X 3 + aX + b for the
purpose of finding the discriminant and hence the Galois group of f .
In this case, we find that ∆f = −4a3 − 27b2 (more exercise).
Example 10.2. Let us revisit Example 8.2 again in light of Proposition 10.1. The polynomial f (X) = X 3 − 2 has the form X 3 + aX + b
with a = 0, b = −2, so ∆f = −4a3 − 27b2 = −22 · 33 , which is not a
square in Q. So we recover that Gal(Lf /Q) is isomorphic to S3 as a
consequence of the proposition.
GALOIS THEORY
57
For an easy example where the Galois group is A√
3 , take the same
3
polynomial f (X) = X − 2, but now with K = Q(i 3) = Q(e2πi/3 ).
Note that f has no roots in K (since [Q(α) : Q] = 3 for any root α of
f ), so it is irreducible
√ in K[X] and the Proposition still applies. Now
however ∆f = (6i 3)2 is a square in K, so we recover the fact that the
Galois group of f over K is cyclic of order 3.
Now let’s consider the diagrams of subgroups and subfields in each
case of Proposition 10.1. We use the same notation as in the proposition, so α1 , α2 , α3 are the roots of f and ∆ = δ 2 is the discriminant.
If Gal(Lf /K) is isomorphic to S3 (i.e., ∆ is not a square in K), then
the list of subgroups (viewed in S3 ) is:
•
•
•
•
order
order
order
order
1:
2:
3:
6:
{e};
h(12)i, h(13)i and h(23)i;
A3 = h(123)i;
S3 .
The diagram showing inclusions is:
{e}
h(12)i
h(13)i
h(23)i
hA3 i
S3
Note that if πσ = (12), then σ(α3 ) = α3 , so α3 ∈ LH
f if H = h(12)i.
H
Since [Lf : K] = [G : H] = 3 = [K(α3 ) : K], it follows that
LH
f = K(α3 ). Similarly we find that the field corresponding to h(13)i
is K(α2 ) and the field corresponding to h(23) is K(α1 ). From the proof
of Proposition 10.1, we see that if H = A3 , then δ ∈ LH
f , and it follows
H
that Lf = K(δ). The diagram of subfields of L corresponding to the
58
one of subgroups is therefore:
Lf
K(α3 )
K(α2 )
K(α1 )
K(δ)
K
Since the only normal subgroup of S3 (besides {e} and S3 itself) is A3 ,
the only subfield of Lf Galois over K (besides K and Lf themselves)
is K(δ).
If Gal(Lf /K) is isomorphic to A3 , then the only subgroups are {e}
and A3 itself. In this case there are no intermediate fields, other than
K and Lf themselves. Note in particular that Lf = K(α1 ) = K(α2 ) =
K(α3 ).
Example 10.3. Let K = Q and f (X) = X 3 + 3X 2 − X − 2. By
Gauss’s Lemma, the only possible roots in Q are ±1, ±2. Computing the corresponding values of f shows none of these are roots, so f
is irreducible. To compute the discriminant, we change variables to
eliminate the X 2 term, and let
g(X) = f (X − 1) = (X − 1)3 + 3(X − 1)2 − (X − 1) − 2 = X 3 − 4X + 1.
Then ∆f = ∆g = −4(−4)3 − 27 = 229, which is not a square in Q.
Therefore the Galois group of f over Q is S3 .
Letting
α1 , α2 , α3 denote the roots of f , the subfields of Lf are Lf ,
√
Q( 229), Q and Q(αi ) for i = 1, 2, 3. The first√3 are Galois over Q,
and the Q(αi ) are not. Note also that Lf = Q( 229, α) for any root
α = αi of f .
Example 10.4. Let K = Z/7Z, and let f (X) = X 3 − 2 ∈ K[X]
(as usual omitting [ ] and just writing 2 for the element [2] ∈ Z/7Z).
Since 2 is not a cube in K (the only cubes are 0, ±1), we see that
f has no roots in K, and is therefore irreducible. The Proposition
applies since K has characteristic 7 (not 2 or 3), and we find that
∆f = −27(−2)2 = 4, a square in K. Therefore the Galois group of f
over K is cyclic of order 3. (We’ll see this is a special case of a much
more general fact: if K ⊂ L is an extension of finite fields, then L is
Galois over K and Gal(L/K) is cyclic.)
Now consider a quartic polynomial f ∈ K[X], which we again assume is monic. If f is reducible, then the problem of determining the
Galois group reduces to ones we’ve already considered (but note the
GALOIS THEORY
59
possibility that f factors as the product of two irreducible quadratic
polynomials as in Example 9.6), so let’s assume f is irreducible. Assume also that f is separable (which holds automatically if K does not
have characteristic 2), so Lf is Galois. By Proposition 9.11, the Galois
group of f is isomorphic to a transitive subgroup of S4 (necessarily
of order divisible by 4). It is straightforward to check that any such
subgroup is conjugate in S4 to one of the following:
•
•
•
•
•
order
order
order
order
order
4 (cyclic): h(1234)i;
4 (non-cyclic): {e, (12)(34), (13)(24), (14)(23)};
8 (dihedral): h(1234), (13)i;
12 (alternating): A4 ;
24 (symmetric): S4 .
Each of these possibilities can occur (for example if K = Q), but
determining which of these is the Galois group of a given quartic polynomial f is much more complicated than determining which of the two
possibilities is the Galois group of an irreducible cubic. We will not give
a systematic treatment but instead focus on some specific examples and
situations. In fact we’ve already seen several examples:
Example 10.5. Recall from exercises that if p is prime, then the polynomial X p−1 + X p−2 + · · · + X + 1 is irreducible in Q[X], and a splitting
field over Q is given by Q(ζ) where ζ = e2πi/p . In particular if p = 5,
then f (X) = X 4 + X 3 + X 2 + X + 1 is an irreducible quartic in Q[X],
with splitting field Lf = Q(ζ) where ζ = e2πi/5 . Therefore Gal(Lf /Q)
has order [Q(ζ) : Q] = 4.
Note that
f (X) = (X − ζ)(X − ζ 2 )(X − ζ 3 )(X − ζ 4 ),
so the elements of Gal(Lf /Q) are defined by ζ 7→ ζ i for i = 1, 2, 3, 4. Labelling the roots αi = ζ i for i = 1, 2, 3, 4, we see that if σ ∈ Gal(Lf /Q)
is defined by σ(ζ) = ζ 2 , i.e., σ(α1 ) = α2 , then σ(α2 ) = σ(ζ 2 ) = (ζ 2 )2 =
ζ 4 , and similarly σ(α3 ) = α1 and σ(α4 ) = α3 . Therefore the corresponding permutation πσ in S4 is (1243), and it follows that Gal(Lf /Q)
is a cyclic group of order 4 generated by σ. (It’s not hard to see that
for any p, the Galois group of X p−1 + X p−2 + · · · + X + 1 is cyclic of
order p − 1. We’ll revisit this later.)
Besides {e} and hσi, the only subgroup of hσi is the subgroup H =
2
hσ i = h(14)(23)i of order 2. To find the corresponding subfield of Lf ,
note that ζ + ζ 4 and ζ 2 + ζ 3 are fixed by σ 2 , and are therefore elements
of LH
f . To see what they are, note that the polynomial
g(X) = (X − (ζ + ζ 4 ))(X − (ζ 2 + ζ 3 ))
60
satisfies σ̃(g) = g, and is therefore in Q[X]. Expanding the expression
for g gives:
g(X) = (X 2 − (ζ + ζ 2 + ζ 3 + ζ 4 )X + (ζ + ζ 4 )(ζ 2 + ζ 3 )
= X 2 − (ζ + ζ 2 + ζ 3 + ζ 4 )X + (ζ + ζ 2 + ζ 3 + ζ 4 )
= X 2 + X − 1,
(using that 1 + ζ + ζ 2 + ζ 3 + ζ 4 =√0). Since ζ + ζ 4 and
ζ 2 + ζ 3 are roots
√
of g, it follows that they are (1 ± 5)/2, so LH
f = Q( 5). The diagram
of subgroups and corresponding subfields is therefore:
{e}
Q(ζ)
hσ 2 i
√
Q( 5)
hσi
Q
4
2
Example 10.6. Recall from Example 9.7
√ that f (X) = X − 2X + 9
is the √
minimal polynomial
over Q of i + 2. Its splitting field is Lf =
√
Q(i + 2) = Q(i, 2), and Gal(Lf /Q) is a non-cyclic group of order 4,
isomorphic to the transitive subgroup { e, (12)(34), (13)(24), (14)(23) }
of S4 . Labelling the elements of G = Gal(Lf /Q) as τ1 , τ2 , τ3 , τ4 , as
before, we see that the only subgroups of G (besides {e} and G) are
the√three √
subgroups of order 2√generated
√ by τi for i = 2, 3, 4. Since
τ2 ( 2) = 2, τ3 (i) = i and τ4 (i 2) = i 2, it follows that the diagram
of subgroups and corresponding subfields is:
√
Q(i, 2)
{e}
hτ2 i
hτ3 i
hτ4 i
√
Q( 2)
G
Q(i)
√
Q(i 2)
Q
Example 10.7. Now let’s revisit the polynomial f (X) = X 4 − 2 ∈
Q[X] whose Galois group over Q is determined
in Example 7.21. Recall
√
the splitting field is Q(i, α) where α = 4 2. The Galois group G in this
case has order [Lf : Q] = 8, generated by ρ and τ where ρ(α) = iα,
ρ(i) = i, τ (α) = α and τ (α) = −α. Labelling the roots α1 = α,
α2 = iα, α3 = −α and α4 = −iα, the corresponding permutations
are πρ = (1234) and πτ = (24). The corresponding subgroup of S4 is
therefore
{ e (1234), (13)(24), (1423), (24), (12)(34), (13), (13)(24) }.
Besides {e} and G, the subgroups are:
GALOIS THEORY
61
• 5 subgroups of order 2: hρ2 i, hτ i, hρτ i, hρ2 τ i, hρ3 τ i;
• 3 subgroups of order 4: hρi, hρ2 , τ i, hρ2 , ρτ i.
The diagram of subgroups showing inclusions is:
{e}
hτ i
hρ2 τ i
hρ2 i
hρτ i
hρ2 , τ i
hρi
hρ2 , ρτ i
hρ3 τ i
G
The subgroups of order 4 (hence index 2) are all normal, but a subgroup
hσi of order 2 is normal if and only if σ commutes with every element
of G, and the only such element of order 2 is ρ2 . Therefore the only
normal subgroup of order 2 is hρ2 i.
{e}
For the corresponding subfields, we of course have Lf = Lf and
LG
f = Q. Since τ (α) = α and [Q(α) : Q] = 4, we have [Lf : Q(α)] = 2 =
hτ i
#hτ i, and it follows that Lf = Q(α). Similarly since ρ2 τ (iα) = iα,
√
√
√
hρ2 τ i
we have Lf
= Q(iα). Since ρ2 (i) = i, ρ2 ( 2) = 2 (note that 2 =
√
√
hρ2 i
α2 ), and [Q(i, 2) : Q] = 4, we see that Lf = Q(i, 2). The subfields
√
of Q(i, 2) are given in√the preceding
example; to match
√
√ them
√ with
subgroups, note that τ ( 2) = 2, ρ(i) = i, and ρτ (i 2) = i 2, so
√
√
hρ2 ,τ i
hρi
hρ2 ,ρτ i
we conclude that Lf
= Q( 2), Lf = Q(i) and Lf
= Q(i 2).
hρτ i
The only missing fields now are Lf
hρ3 τ i
and Lf
. Since ρτ (α) = iα and
hρτ i
ρτ (iα) = α, we have ρτ (α + iα) = α + iα, so (1 + i)α ∈ Lf , Note
√
√
hρτ i
that ((1 + i)α)2 = 2i 2, so ((1 + i)α)4 = −8. Since i 2 ∈ Lf , we
√
√
can replace (1 + i)α by the more convenient β = (1+i)α
= (1−i)α
, which
i 2
2
4
4
satisfies β = −2. Since X + 2 is irreducible in Q[X], it follows that
hρτ i
hρ3 τ i
[Q(β) : Q] = 4 and Lf = Q(β). Similarly we find that Lf
= Q(iβ).
We therefore have the diagram of subfields of Q(i, α) corresponding to
62
the one for subgroups:
Q(i, α)
Q(α)
Q(iα)
√
Q(i, 2)
Q(β)
√
Q( 2)
Q(i)
√
Q(i 2)
Q(iβ)
G
The extensions of degree 1, 2 and 8 in the diagram
are all Galois over
√
Q. Of the extensions of degree 4, only Q(i, 2) is Galois over Q since
it is the only one corresponding to a normal subgroup of G.
Quartic polynomials of the form f (X) = X 4 + bX 2 + c are easier to
analyze than more general quartics, and there are several examples of
this type in the exercises. Note that if α is a root of f , then α2 is a
root of the quadratic polynomial X 2 + bX + c, to which we can apply
the Quadratic Formula. In particular, if α is a root of f , then so is −α,
so f factors over E = Q(α) as (X − α)(X + α)g(X) for some quadratic
g ∈ E[X]. Since Lf is a splitting field over E for g, it has degree 1
or 2 over E (according to whether g has roots in E or is irreducible in
E[X]). Assuming f is irreducible in K[X], we have [E : K] = 4, so
[Lf : K], and hence the order of Gal(Lf /K) is either 4 or 8 accordingly.
The examples so far have had Galois groups of order 4 or 8. The
other two possible Galois groups have order divisible by 3 (namely
12 or 24). A general method for determining whether an irreducible
separable quartic polynomial has Galois group of order divisible by 3
is to consider its cubic resolvent, defined as follows: If α1 , α2 , α3 , α4 are
the roots of f in Lf , then define
β1 = α1 α2 + α3 α4 ,
β2 = α1 α3 + α2 α4 ,
β3 = α1 α4 + α2 α3 .
Note that β1 , β2 , β3 ∈ Lf , and if σ ∈ Gal(Lf /Q), then for each i we
have σ(βi ) = βj for some j, so σ defines a permutation of {β1 , β2 , β3 }.
It follows that the polynomial
g(X) = (X − β1 )(X − β2 )(X − β3 ),
called the cubic resolvent of f , satisfies σ̃(g) = g for all σ ∈ Gal(Lf /K),
so in fact g ∈ K[X]. By some easy but tedious manipulation, one
can express the coefficients of g in terms of those of f : If f (X) =
X 4 + aX 3 + bX 2 + cX + d, then writing the coefficients of f and g in
terms of the αi , one finds that
g(X) = X 3 − bX 2 + (ac − 4d)X + (4bd − a2 d − c2 ).
GALOIS THEORY
63
Note that one can eliminate a term of f as in the cubic case, but now
using f (X − a4 ) and assuming K isn’t of characteristic of 2. This reduces
to the case a = 0, for which g(X) = X 3 − bX 2 − 4dX + (4bd − c2 ).
Note that g has splitting field Lg = K(β1 , β2 , β3 ) ⊂ Lf ; being a
splitting field (and separable over K since Lf is), Lg is Galois over K.
Now consider the composite homomorphism
ψ : Gal(Lf /K) → Gal(Lg /K) → S3 ,
where the first map is σ 7→ σ|Lg and the second is defined by applying Proposition 9.4 to g. Recall that the first map is surjective
(by the second part of the Fundamental Theorem of Galois Theory),
and the second is injective. Let’s denote the resulting permutation
ψ(σ) ∈ S3 by πσ0 to distinguish it from the permutation πσ given by
applying Proposition 9.4 to f . Thus πσ is given by the permutation of
{α1 , α2 , α3 , α4 } defined by σ, and πσ0 is given by the the permutation of
{β1 , β2 , β3 } defined by σ. It is easy to see that πσ0 is trivial if and only
if πσ ∈ {e, (12)(34), (13)(24), (14)(23)}. It follows that Gal(Lf /K) has
order divisible by 3 if and only if its image in S3 does. But this is equivalent to Gal(Lg /K) having order divisible by 3, which in turn is equivalent to g being irreducible. It follows that in this case the Galois group
of f is A4 or S4 , hence contains H = {e, (12)(34), (13)(24), (14)(23)}
as a normal subgroup, and the fixed field LH
f is precisely Lg . We can
therefore use ∆g to distinguish between the two remaining possibilities.
Example 10.8. Let f (X) = X 4 − X + 1 ∈ Q[X]. By an exercise
X 4 − X + 1 is irreducible as a polynomial in (Z/2Z)[X], so it follows
from Gauss’s Lemma that f is irreducible. Applying the formula for
the cubic resolvent, with a = b = 0, c = −1, d = 1, we get g(X) = X 3 −
4X + 1, which we saw in Example 10.3 is irreducible with Galois group
S3 . It follows that f has Galois group S4 . We will not try
√ to construct
H
the whole Galois diagram, but note that Lf = Lg = Q( 229, β) where
√
4
β is a root of g, and LA
=
Q(
229).
f
Example 10.9. Let f (X) = X 4 − 6X 2 − 8X + 28 ∈ Q[X]. We see
that f is irreducible by Eisenstein’s Criterion with p = 2. Its cubic
resolvent is g(X) = X 3 + 6X 2 − 112X − 736. A change of variable gives
g(X − 2) = X 3 − 124X + 496, and then substituting 2X for X gives
g(2X − 2) = 8(X 3 − 31X + 62), so h(X) = X 3 − 31X + 62 has the
same splitting field as g. We find that ∆h = 42 · 312 , so Lh = Lg has
Galois group A3 , and it follows that Lf has Galois group A4 .
As a final remark, we describe how the notion of the discriminant
of a polynomial, considered for quadratics and cubics, generalizes not
just to quartics, but to polynomials of any degree. Let f (X) ∈ K[X]
be any polynomial of degree n ≥ 1 and let Lf be a splitting field of f
over K. Assume f is monic, so
f (X) = (X − α1 )(X − α2 ) · · · (X − αn )
64
and Lf = K(α1 , α2 , . . . , αn ). Let
Y
δ=
(αi − αj ),
and
∆ = ∆f = δ 2 .
1≤i<j≤n
First note that f is separable if and only if δ 6= 0 if and only if ∆ 6= 0.
Assume this is the case, so Lf is Galois over K, and let σ ∈ Gal(Lf /K).
Then
Y
Y
σ(δ) =
(σ(αi ) − σ(αj )) =
(απσ (i) − απσ (j) ),
1≤i<j≤n
1≤i<j≤n
has the same factors as in the definition of δ, but with possibly different
signs, σ(δ) = ±δ. In fact, the number of sign changes is even or
odd according to whether πσ is an even or odd permutation. To see
this, recall that Sn is generated by the transpositions (12), (23), . . . ,
(n − 1, n), and each such transposition only changes the sign of a single
factor. Since πσ is even or odd according to whether it can be expressed
as an even or odd number of such transpositions, it follows σ(δ) = δ if
πσ ∈ An , and σ(δ) = −δ if πσ ∈ Sn . Since in either case πσ (∆) = ∆, we
Gal(Lf /K)
see that ∆ ∈ Lf
= K. Moreover, assuming the characteristic
of K isn’t 2, we see exactly as in the cubic case that the image of
Gal(Lf /K) in Sn is contained in An if and only if δ ∈ K, i.e., if and
only if ∆ is a square in K. The discriminant can be expressed directly
in terms of the coefficients of f , but the expressions get long and messy.
11. Finite fields
Recall that if K is a finite field, then the characteristic of K is a prime
number p, (i.e., K contains Z/pZ), and #K = pr where r = [K : Z/pZ].
Letting q = pr , we know that K × is a group of order q −1 (in fact cyclic
by Lemma 6.13). Therefore every element of α ∈ K × satisfies αq−1 = 1,
so every element of K (including 0) satisfies αq = α. This means that
every element of K is a root of the polynomial f (X) = X q − X. Since
f has at most q roots, and there are q elements of K, we see that f
splits completely over K as
Y
(X − α).
f (X) = X q − X =
α∈K
What we don’t know yet is whether for a given power q = pr , there
is in fact a field with q elements. The next theorem takes care of this,
and in fact says there is a unique such field (up to isomorphism) and
determines its Galois group over Z/pZ.
Theorem 11.1. Suppose that p is a prime and r is a positive integer. Let q = pr , and let Fq denote the splitting field over Z/pZ of the
polynomial f (X) = X q − X. Then:
(i) #Fq = q;
GALOIS THEORY
65
(ii) if K is any field such that #K = q, then K is isomorphic to
Fq ;
(iii) Fq is Galois over Fp = Z/pZ, and Gal(Fq /Fp ) is a cyclic group
order r generated by the element φ : Fq → Fq defined by φ(α) =
αp .
Proof. (i) Let L = { α ∈ Fq | αq = α }, i.e., the set of roots of f
in Fq . Since f 0 = −1, we have gcd(f, f 0 ) = 1, so f is separable by
Proposition 6.8. Therefore f has q distinct roots in its splitting field
Fq , i.e., #L = q.
Recall that if α, β ∈ Fq (or indeed any field of characteristic p), then
(α + β)p = αp + β p . It follows by induction on n that
(α + β)p
n
n−1
n−1
n−1
= ((α + β)p )p = (αp + β p )p
n−1
n−1
n
n
= (αp )p + (αp )p = αp + β p
for all n ≥ 1. In particular (α + β)q = αq + β q . Therefore if α, β ∈ L,
then (α + β)q = αq + β q = α + β, so α + β ∈ L. Note also that if
α, β ∈ L, then αβ ∈ L and α−1 ∈ L (if α 6= 0), so L is a subfield of Fq .
Since Fq is generated by L, we must have Fq = L, so #Fq = q.
(ii) If #K = q, then K contains q distinct roots of f (X) = X q − X
(and is obviously generated by them over Z/pZ), so K is as splitting
field of f over Z/pZ. It follows from Theorem 5.11 that K is isomorphic
to Fq .
(iii) Note that Fp = Z/pZ since X p −X splits completely over Z/pZ,*
and that Fq is Galois over Fp since it is a splitting field of a separable
polynomial, namely f . The function φ : Fq → Fq defined by φ(α) = αp
is a homomorphism since 1p = 1, (α + β)p = αp + β p and (αβ)p =
αp β p . Note also that φ is the identity on Fp , and it is an isomorphism
since it is injective, and hence surjective since Fq is finite. Therefore
φ ∈ Gal(Fq /Fp ).
Since #Gal(Fq /Fp ) = [Fq : Fp ] = r, all that is left to prove is that
s
φ has order (at least) r. Note that φs (α) = αp for all s ≥ 1 (by
s
induction on s), so φs = e if and only if αp = α for all α ∈ Fq . But the
s
polynomial X p − X has at most ps roots, so we must have s ≥ r. Example 11.2. Recall from Example 10.4 that the splitting field of
X 3 − 2 over F7 is a Galois extension of F7 with cyclic Galois group
of order 3. From the theorem, we see more generally that for any
prime p ≡ 1 mod 3, if α ∈ Fp is not a cube, then the Galois group of
X 3 − α over Fp must be cyclic of order 3. Therefore by Theorem 10.1,
∆ = −27α2 is a square in Fp , or equivalently −3 is a square mod
p (a fact which might be familiar, for example from the Quadratic
Reciprocity Law). On the other hand if p ≡ −1 mod 3, then β 7→ β 3
3
defines an automorphism of the multiplicative group F×
p , so X − α has
*For
brevity and consistency with the notation Fq , I’ll write Fp from now on for
the field with p elements.
66
a unique root in Fp for any α; this holds in particular for X 3 − 1 =
(X − 1)(X 2 + X + 1), so X 2 + X + 1 is irreducible, and therefore its
discriminant −3 is not a square mod p.
Remark 11.3. The automorphism φ of Fq appearing in Theorem 11.1
is called the Frobenius automorphism of Fq . Note that for any field
K of characteristic p, the formula φ(α) = αp defines an Fp -embedding
φ : K → K, but it might not be an isomorphism if K is infinite. For
example if K = Fp (X), then the image of φ is the subfield Fp (X p ).
We give a few corollaries of Theorem 11.1:
Corollary 11.4. If K ⊂ L is any extension of finite fields, then L
is Galois over K, and Gal(L/K) is cyclic, generated by the element
σ : L → L defined by σ(α) = α#K .
Proof. Let p be the characteristic of K, so we have Fp ⊂ K ⊂ L.
Let r = [K : Fp ] and s = [L : K], so #K = pr and #L = prs . By
Theorem 11.1, L is isomorphic to Fprs , and is therefore Galois over Fp
with Gal(L/Fp ) = hφi cyclic of order rs, where φ : L → L is defined
by φ(α) = αp . It follows that L is Galois over K and Gal(L/K) is a
subgroup of Gal(L/Fp ) of order s. The only such subgroup is hφr i, and
r
note that φr (α) = αp = α#K .
Corollary 11.5. Let q = pr , where p is prime and r ≥ 1. Then
the polynomial f (X) = X q − X ∈ Fp [X] is the product of all monic
irreducible polynomials in Fp [X] of degree dividing r.
Proof. We have f = g1 g2 · · · gt where g1 , g2 , . . . , gt are monic irreducible polynomials in Fp [X]. Since f is separable, there is no repetition among the gi . So suppose that g is a monic irreducible polynomial
in Fp [X]; we have to prove that g|f if and only if (deg g)|r.
Suppose first that g|f . Since f splits completely over Fq , so does g.
In particular, g has a root α ∈ Fq . Since g is the minimal polynomial
of α over Fp , it follows that deg g = [Fp (α) : Fp ] divides [Fq : Fp ] = r.
Suppose on the other hand that r is divisible by s = deg(g). Let
α be a root of g in some extension of Fp . Then [Fp (α) : Fp ] = s, so
#(Fp (α)) = ps . Since φs = e on Fp (α) and r is a multiple of s, we have
r
φr = e on Fp (α), so αq = αp = φr (α) = α. Therefore α is a root of
f (X) = X q − X. Since g is the minimal polynomial of α over Fp , we
have g|f .
Example 11.6. Consider the polynomial f (X) = X 16 − X ∈ F2 [X].
By Corollary 11.5, f is the product of all (monic) irreducible polynomials in F2 [X] of degree dividing 4, i.e., of degree 1, 2 or 4. The polynomials of degree 1 are X and X +1. The only irreducible quadratic polynomial is X 2 + X + 1. The remaining irreducible factors therefore have
degree 4; comparing degrees we see there must be three such factors.
To find them, note if a polynomial g of degree 4 in F2 [X] is reducible,
GALOIS THEORY
67
then either g has a root in F2 , or g(X) = (X 2 + X + 1)2 = X 4 + X 2 + 1.
But g(0) = 0 if and only if its constant term is 0, and g(1) = 0 if and
only if it has an even number of terms. Running through the possibilities, this leaves X 4 + X + 1, X 4 + X 3 + 1 and X 4 + X 3 + X 2 + X + 1.
Therefore X 16 − X factors as:
X(X +1)(X 2 +X +1)(X 4 +X +1)(X 4 +X 3 +1)(X 4 +X 3 +X 2 +X +1).
The roots of f are precisely the elements of F16 . Note that the product
of the first three factors is X 4 − X, whose roots are precisely the elements of F4 , viewed as a subfield of F16 . The Galois group Gal(F16 /F2 )
is cyclic of order 4, generated by φ (where φ(α) = α2 ). To see an example of Corollary 11.4 (where K is a field other than Fp ), note that
Gal(F16 /F4 ) = {e, φ2 }.
12. Solvability by radicals
In the last few sections we address the question of determining whether
the roots of a given polynomial f ∈ K[X] can be expressed in terms
of elements of K via the operations of addition, multiplication, division and taking nth roots. For example, if f (X) = X 2 + bX + c (and
the characteristic of K isn’t 2), then the Quadratic Formula says the
roots of f are (−b ± δ)/2 where δ is a square root of b2 − 4c. Other
examples we’ve
seen are√X 3 − 2 ∈ Q[X],
√
√ whose roots are the cube roots
3
2πi/3 3
−2πi/3 3
of 2, namely 2, e
2 and e
2, and polynomials of the form
4
2
X + bx + c, whose roots are square roots of those of the quadratic
polynomial X 2 + bX + c (see the exercises).
For simplicity, we will assume that the field K, and hence its extensions, have characteristic 0 unless indicated otherwise. We will see
that in fact whenever deg f ≤ 4, then f can be “solved” in the sense
described above, but not necessarily if deg f ≥ 5. To make this more
precise, we make the following definition:
Def inition 12.1. Let L be an extension of K. We say L is a radical
extension of K (or radical over K) if L = K(α) for some α ∈ L such
that αn ∈ K for some n ≥ 1. We say L is solvable by radicals over K
if there is a finite tower of extensions
K = L0 ⊂ L1 ⊂ L2 ⊂ · · · ⊂ Lm−1 ⊂ Lm
such that* L ⊂ Lm and for each i = 1, 2, . . . , m, Li is a radical extension
of Li−1 , i.e., Li = Li−1 (αi ) where αini ∈ Li−1 for some ni ≥ 1. (Note
that a radical extension is necessarily a finite extension, hence so is any
extension which is solvable by radicals.)
*Prior
years’ notes also required the extension Lm to be Galois over K; we’ll see
that the definitions are equivalent.
68
Example 12.2. Every quadratic extension L of K is of the form K(α)
for some α such that α2 ∈ K, so L is radical over K, and therefore
solvable by radicals over K.
√
Example 12.3. Let L = Q( 2 3, e2πi/3 ), so
√ L is a splitting field over Q
of X 3 − 2. Then letting L0 = Q, L1 = Q( 2 3), L2 = L, we have that L1
is a radical extension of L0 and L2 = L1 (e2πi/3 ) is a radical extension of
L1 , so L is solvable by radicals over Q. Note that there may be choices
for the extensions in the tower: since Q(e2πi/3 ) is a radical extension of
Q, we could have used this as our L1 . Note also that there are choices
for the elements αi showing the extensions√are radical: we could also
have written L2 = L1 (α2 ) with α2 = e2πi/3 3 2.
Example 12.4. Generalizing Example 12.3, let K be any field (of
characteristic 0), a ∈ K, n ≥ 1, and L a splitting field over K of
X n − a. Then L = K(α1 , α2 , . . . , αn ) where αin = a for i = 1, 2, . . . , n,
so the tower of extensions:
K = L0 ⊂ L1 ⊂ L2 ⊂ · · · ⊂ Ln−1 ⊂ Ln = L,
with Li = L0 (α1 , . . . , αi ) = Li−1 (αi ) for i = 1, 2, . . . , n shows that L is
solvable by radicals over K.
p
√
√
√
5
Example 12.5. Let L = Q(α) where α = 2 + 7 − 3 2 + 7 3.
Then L is solvable by radicals over Q since we have the tower of radical
extensions:
Q = L0 ⊂ L1 ⊂ L2 ⊂ L3 ,
√
where L1 = Q(α1 ), p
L2 = L1 (α2 ) and L3 = L2 (α3 ), with α1 = 2,
√
√
√
5
α2 = 7 3 and α3 = 7 − 3 2 + 7 3. (Note that α35 ∈ L2 , and that
α ∈ L3 so L ⊂ L3 ).
The next lemma shows that we can always extend the tower of radical extensions so that the top extension is Galois over the bottom.
Therefore in the definition of “solvable by radicals,” we could have
required Lm to be Galois over K.
Proposition 12.6. Suppose that
K = L0 ⊂ L1 ⊂ L2 ⊂ · · · ⊂ Lm−1 ⊂ Lm
is a tower of extensions such that Li is radical over Li−1 for i =
1, 2, . . . , m. Then there is a tower of extensions
K = L0 ⊂ L1 ⊂ · · · ⊂ Lm ⊂ Lm+1 ⊂ Lm+2 ⊂ · · · ⊂ LM −1 ⊂ LM
such that Li is radical over Li−1 for i = 1, 2, . . . , M and LM is Galois
over K.
Proof. For i = 1, . . . , m, we have Li = Li−1 (αi ) where αi ∈ Li is such
that αini ∈ Li−1 for some ni ≥ 1. Note that Lm = K(α1 , α2 , . . . , αm ),
and each αi is algebraic over K.
GALOIS THEORY
69
For each i, let fi ∈ K[X] be the minimal polynomial of αi over K,
and let f = f1 f2 · · · fm . Let Lf be a splitting field of f over Lm ; since
Lm is generated over K by roots of f , and Lf is generated over Lm
by roots of f , it follows that Lf is generated over K by roots of f , so
Lm is also a splitting field of f over K. Therefore Lf is Galois over
K, and we can write Gal(Lf /K) = {σ0 , σ1 , . . . , σn−1 } where σ0 = e is
the identity element of Gal(Lf /K) and n = [Lf : K]. By Lemma 9.10,
the roots of fi = mαi ,K are precisely αi = σ0 (αi ), σ1 (αi ), . . . , σn−1 (αi )
(possibly with repetitions) for i = 1, 2, . . . , m. Therefore the splitting
field Lf of f is generated over K by the σj (αi ) for j = 0, 1, . . . , n − 1,
i = 1, 2, . . . , m, i.e.,
K(α1 , . . . , αm , σ1 (α1 ), . . . , σ1 (αm ), . . . , σn−1 (α1 ), . . . , σn−1 (αm )).
Now consider the tower of extensions:
K = L0 ⊂
L1
⊂
L2
⊂
Lm+1
⊂
Lm+2
..
..
.
.
⊂ L(n−1)m+1 ⊂ L(n−1)m+2
⊂ · · · ⊂ Lm−1 ⊂ Lm
⊂ · · · ⊂ L2m−1 ⊂ L2m
..
..
.
.
⊂ · · · ⊂ Lnm−1 ⊂ Lnm
where Ljm+i = Ljm+i−1 (σj (αi )) for j = 0, 1, . . . , n − 1, i = 1, 2, . . . , m.
Note that jm+i runs through the values 1, 2, . . . , mn for these values of
i and j, Li = K(α1 , α2 , . . . , αi ) is consistent with the previous notation
for i = 1, 2, . . . , m, and that Lmn = Lf is Galois over K. Since αini ∈
Li−1 = K(α1 , α2 , . . . , αi−1 ), we have σj (αi )ni ∈ K if i = 1, and
σj (αi )ni = σj (αini ) ∈ σj (Li−1 ),
which is K ⊂ Ljm if i = 1, and is
K(σj (α1 ), . . . , σj (αi−1 )) ⊂ Ljm (σj (α1 ), . . . , σj (αi−1 )) = Ljm+i−1
if i = 2, . . . , m. So in either case Lk is a radical extension of Lk−1 for
k = jm + i = 1, 2, . . . , M − 1, M , where M = mn.
Example 12.7. If L = K(α) where α is such that αn ∈ K for some
n ≥ 1, then L is a radical extension of K, so it is solvable by radicals
over K, taking m = 1 and L1 = L, but L1 might not be Galois over
K. Letting a = αn , we see from the construction in Example 12.4 that
there is a tower of radical extensions ending with the splitting field over
K of X n − a, which is of course Galois over K.
We will show that a tower of extensions that are solvable by radicals is again solvable by radicals. For this we will use the notion of
composite extensions.
Def inition 12.8. Suppose that M is an extension of K, and that K 0
and L are intermediate extensions, so K ⊂ K 0 ⊂ M and K ⊂ L ⊂ M .
Suppose that L is a finite extension of K, so L = K(α1 , . . . , αn ) for
some α1 , . . . , αn ∈ L. We define the composite extension of K 0 and L
(over K) to be K 0 L = K 0 (α1 , . . . , αn ). Thus K 0 L is the smallest subfield
70
of M containing K 0 and {α1 , . . . , αn }, or equivalently, the smallest
subfield of M containing K 0 and L. (In particular if both K 0 and L are
finite over K, then the definition is symmetric in K 0 and L.)
Remark 12.9. For the preceding definition, we do not need to assume
K has characteristic 0. For simplicity, we assumed that one of the
extensions was finite.
√
√
2πi/3 3
Example 12.10. If K √
= Q, K 0√= Q( 3 2),
L
=
Q(e
2) and
√
M = C, then K 0 L = Q( 3 2, e2πi/3 3 2) = Q( 3 2, e2πi/3 ). Note that K 0
and L need to subfields of a common extension M for the definition of
their composite to make sense. In this example K 0 and L happen to
be isomorphic, so there is an embedding τ : K 0 → M whose image is
L, and the composite of τ (K 0 ) and L (over Q) is simply L.
Lemma 12.11. Suppose that M is an extension of K, and K 0 and L
are intermediate extensions of K in M . If L is solvable by radicals over
K, then K 0 L is solvable by radicals over K 0 .
Proof. If L is solvable by radicals over K, then there are extensions:
K = L0 ⊂ L1 ⊂ L2 ⊂ · · · ⊂ Lm−1 ⊂ Lm
such that L ⊂ Lm , and Li is radical over Li−1 for i = 1, 2, . . . , m. Thus
Li = Li−1 (αi ) for some αi such that αini ∈ Li−1 for some ni ≥ 1. Note
that Lm is finite over K, so Lm is finite over L and L is finite over K.
(In particular, Definition 12.8 applies to define the composite K 0 L.)
We now wish to construct a tower of radical extensions of K 0 by
taking the composite of K 0 with each Li , but for this we need to view
K 0 and Li as embedded in a common extension. By Lemma 7.4, there
is an extension M 0 of K 0 L and an L-embedding Lm → M 0 (applying the
lemma with Lm as L1 , L as K and K 0 L as L2 ). We thus view K 0 and Lm
as common subfields of M 0 , and define L0i as the composite extension
K 0 Li for i = 1, 2 . . . , m.. Note that L00 = K 0 K = K 0 , L0i = L0i−1 (αi ) is a
radical extension of L0i−1 for i = 1, 2, . . . , m, and L0m = K 0 Lm contains
K 0 L, so we have the tower:
K 0 = L00 ⊂ L01 ⊂ L02 ⊂ · · · ⊂ L0m−1 ⊂ L0m
showing that K 0 L is solvable by radicals over K 0 .
Lemma 12.12. Suppose that K ⊂ E ⊂ L. Then L is solvable by
radicals over K if and only if L is solvable by radical over E and E is
solvable by radicals over K.
Proof. Suppose first that L is solvable by radicals over K, so there is
a tower of extensions
K = L0 ⊂ L1 ⊂ L2 ⊂ · · · ⊂ Lm−1 ⊂ Lm
with L ⊂ Lm and Li is radical over Li−1 for i = 1, 2, . . . , m. Since
E ⊂ Lm , this immediately shows E is solvable by radicals over K.
GALOIS THEORY
71
Note that since E ⊂ L, the composite EL is L, so Lemma 12.11 with
K 0 = E shows that L is solvable by radicals over E.
Suppose now that E is solvable by radicals over K and that L is
solvable by radicals over E. Since E is solvable by radicals over K,
there is a tower of extensions
K = E0 ⊂ E1 ⊂ E2 ⊂ · · · ⊂ Em−1 ⊂ Em
such that E ⊂ Em and Ei is radical over Ei−1 for i = 1, 2, . . . , m.
By Lemma 7.4, there is an extension M of L and an E-embedding
Em → M , so we can view L and Em as subfields of M and form the
composite Em L. Since L is solvable by radicals over E, Lemma 12.11
with K 0 = Em shows that Em L is solvable by radicals over Em . Hence
there is tower of extensions
Em = L0 ⊂ L1 ⊂ L2 ⊂ · · · ⊂ Ln−1 ⊂ Ln
such that Em L ⊂ Ln and Li is radical over Li−1 for i = 1, 2, . . . , n.
Putting the towers together gives a tower of radical extensions
K = E0 ⊂ E1 ⊂ · · · ⊂ Em = L0 ⊂ L1 ⊂ · · · Ln−1 ⊂ Ln
such that L ⊂ Em L ⊂ Ln , so L is solvable by radicals over K.
13. Solvability
The main theorem of the section will give a criterion in terms of
Galois theory that determines whether an extension is solvable by radicals. To formulate the criterion, we need the following notion from
group theory:
Def inition 13.1. Let G be a finite group. We say that G is solvable
if there is a chain of subgroups:
G = G0 ⊃ G1 ⊃ G2 ⊃ · · · ⊃ Gm−1 ⊃ Gm = {e}
such that for i = 1, 2, . . . , m, Gi is a normal subgroup of Gi−1 and
Gi−1 /Gi is cyclic.
Example 13.2. A finite cyclic group is clearly solvable: just take
G1 = {e}. We will see more generally that every finite abelian group
is solvable.
Example 13.3. The following chain of subgroups shows that S4 is
solvable:
S4 ⊃ A4 ⊃ V4 ⊃ h(12)(34)i ⊃ {e},
where V4 = {e, (12)(34), (13)(24), (14)(23)}. Each subgroup is a normal subgroup of the preceding one, with index either 2 or 3, so each
successive quotient is cyclic.
Lemma 13.4. Let G be a finite group, and let H be a subgroup of G.
(i) If G is solvable, then H is solvable.
72
(ii) Suppose that H is normal in G. Then G is solvable if and only
if H and G/H are both solvable.
(iii) If G is abelian, then G is solvable.
Proof. (i) If G is solvable, then we have a chain of subgroups:
G = G0 ⊃ G1 ⊃ G2 ⊃ · · · ⊃ Gm−1 ⊃ Gm = {e}
such that each Gi is normal in Gi−1 and Gi−1 /Gi is cyclic. Let Hi =
H ∩ Gi for i = 0, . . . , m. This gives a chain of subgroups
H = H0 ⊃ H1 ⊃ H2 ⊃ · · · ⊃ Hm−1 ⊃ Hm = {e}.
Note that the restriction to Hi−1 of the quotient map Gi−1 → Gi−1 /Gi
(defined by g 7→ gGi ) has kernel Hi−1 ∩ Gi = Hi , so Hi is a normal
subgroup of Hi−1 and Hi−1 /Hi is isomorphic to a subgroup of Gi−1 /Gi ,
and is therefore cyclic (since every subgroup of a cyclic group is cyclic).
This shows that H is solvable.
(ii) Suppose first that G is solvable. Part (i) shows that H is also
solvable. Let G = G/H, and write g for the coset gH ∈ G. To see that
G is solvable, again consider a chain of subgroups
G = G0 ⊃ G1 ⊃ G2 ⊃ · · · ⊃ Gm−1 ⊃ Gm = {e}
such that each Gi is normal in Gi−1 and Gi−1 /Gi is cyclic. For i =
0, 1, . . . , m, let Gi = { g | g ∈ Gi } be the image of Gi under the quotient
map G → G. This gives a chain of subgroups
G = G0 ⊃ G1 ⊃ G2 ⊃ · · · ⊃ Gm−1 ⊃ Gm = {e}.
Note that Gi is normal in Gi−1 since if g ∈ Gi−1 and k ∈ Gi , then
gkg −1 = gkg −1 ∈ Gi . Moreover Gi is contained in the kernel of the
composite of the quotient maps:
Gi−1 → Gi−1 → Gi−1 /Gi ,
so gGi 7→ gGi is a well-defined surjective homomorphism Gi−1 /Gi →
Gi−1 /Gi . Since Gi−1 /Gi is cyclic, it follows that so is Gi−1 /Gi . This
proves that G is solvable.
Suppose conversely that H and G = G/H are solvable. So there is
a chain of subgroups:
G = G0 ⊃ G1 ⊃ G2 ⊃ · · · ⊃ Gm−1 ⊃ Gm = {e}
such that each Gi is normal in Gi−1 and Gi−1 /Gi is cyclic, and a chain
of subgroups
H = H0 ⊃ H1 ⊃ H2 ⊃ · · · ⊃ Hn−1 ⊃ Hn = {e}
such that each Hj is normal in Hj−1 and Hj−1 /Hj is cyclic. For i =
0, 1, . . . , m, let Gi = { g ∈ G | g ∈ Gi } be the preimage of Gi in G.
Note that G0 = G and Gm = H, so this gives a chain of subgroups
G = G0 ⊃ G1 ⊃ G2 ⊃ · · · ⊃ Gm−1 ⊃ Gm = H.
GALOIS THEORY
73
The composite of the quotient maps Gi−1 → Gi−1 → Gi−1 /Gi is surjective and has kernel Gi , so Gi−1 /Gi is isomorphic to Gi−1 /Gi , and
is therefore cyclic. Combining this with the chain of subgroups of H
gives:
G = G0 ⊃ G1 ⊃ · · · ⊃ Gm−1 ⊃ H ⊃ H1 ⊃ · · · ⊃ Hn−1 ⊃ Hn = {e},
showing that G is solvable.
(iii) We will prove that every abelian group G is solvable, by induction on the order of G. If G has order 1, then G is cyclic, so G is
solvable. Suppose then that G has order n > 1, and that every abelian
group of order less than n is solvable. Let g be any element of G other
than e. Then hgi is cyclic of some order d > 1, so hgi is solvable. Since
G is abelian, hgi is a normal subgroup of G and G/hgi is abelian of
order n/d < n, so the induction hypothesis implies that G/hgi is solvable. Part (ii) therefore shows that G is solvable.
Example 13.5. If G and G0 are groups, then the product group G×G0
has H = {e} × G0 a normal subgroup, and the quotient group G/H
is isomorphic to G0 . So part (ii) of the lemma shows that G × G0 is
solvable if and only if G and G0 are both solvable.
Example 13.6. We will see later that A5 has no normal subgroups
other than {e} and A5 itself, so A5 is not solvable. Part (i) of the lemma
therefore implies that any group containing a subgroup isomorphic to
A5 is not solvable. This applies in particular to Sn for all n ≥ 5.
We now define what it means for an extension of fields to be solvable.
Def inition 13.7. We say that a finite extension L of K is solvable (or
that L is solvable over K) if there is a finite extension M of L such
that M is Galois over K and Gal(M/K) is solvable.
Example 13.8. Suppose that L = K(α) where α is a root of a polynomial f ∈ K[X] of degree at most 4. Let M be a splitting field of f
over L. Then M is also a splitting field of f over K, so M is Galois
over K, and Gal(M/K) is isomorphic to a subgroup of Sn for some
n ≤ 4, so in fact Gal(M/K) is isomorphic to a subgroup of S4 . Since
S4 is solvable (see Example 13.3), it follows from Lemma 13.4 (i) that
Gal(M/K) is solvable, and therefore L is solvable over K.
Using the Fundamental Theorem of Galois Theory, we can reinterpret the definition of solvability so that it resembles the definition of
solvability by radicals.
Lemma 13.9. An extension L of K is solvable if and only if there is
a finite tower of extensions
K = L0 ⊂ L1 ⊂ L2 ⊂ · · · ⊂ Lm−1 ⊂ Lm
such that L ⊂ Lm , Lm is Galois over K, and for each i = 1, 2, . . . , m,
Li is Galois over Li−1 and Gal(Li /Li−1 ) is cyclic.
74
Proof. Suppose first that L is solvable over K, and let M be an extension of L such that M is Galois over K and Gal(M/K) is solvable.
Let G = Gal(M/K); since G is solvable, there is a chain of subgroups:
G = G0 ⊃ G1 ⊃ G2 ⊃ · · · ⊃ Gm−1 ⊃ Gm = {e}
such that Gi is normal in Gi−1 and Gi−1 /Gi is cyclic for i = 1, 2, . . . , m.
Let Li = M Gi ; i.e., Li is the intermediate extension K ⊂ Li ⊂ M
corresponding to the subgroup Gi of G by the Fundamental Theorem of
Galois Theory. Since L0 = M G = K, Lm = M {e} = M and the Galois
correspondence is inclusion-reversing, this gives a tower of extensions
K = L0 ⊂ L1 ⊂ L2 ⊂ · · · ⊂ Lm−1 ⊂ Lm = M ;
furthermore Gi = Gal(M/Li ) for i = 0, . . . , m. Now apply part (ii) of
the Fundamental Theorem of Galois Theory to the extension M over
Li−1 for i = 1, . . . , m: since Gi = Gal(M/Li ) is normal in Gi−1 =
Gal(M/Li−1 ), we have that Li is Galois over Li−1 and Gal(Li /Li−1 ) is
isomorphic to Gi−1 /Gi , which is cyclic.
Conversely, suppose that
K = L0 ⊂ L1 ⊂ L2 ⊂ · · · ⊂ Lm−1 ⊂ Lm
is a tower of extensions such that L ⊂ Lm , Lm is Galois over K, and for
each i = 1, 2, . . . , m, Li is Galois over Li−1 and Gal(Li /Li−1 ) is cyclic.
Let G = Gal(Lm /K), and let Gi = Gal(Lm /Li ) for i = 0, 1, . . . , m; i.e.,
Gi is the subgroup of G corresponding to the intermediate extension
K ⊂ Li ⊂ Lm by the Fundamental Theorem of Galois Theory. Since
G0 = Gal(Lm /K) = G, Gm = Gal(Lm /Lm ) = {e}, and the Galois
correspondence is inclusion-reversing, this gives a chain of subgroups
G = G0 ⊂ G1 ⊂ G2 ⊂ · · · ⊂ Gm−1 ⊂ Gm = {e}.
Now apply part (ii) of the Fundamental Theorem of Galois Theory to
the extension Lm over Li−1 for i = 1, . . . , m: since Li is Galois over
Li−1 , we have that Gi = Gal(Lm /Li ) is normal in Gi−1 = Gal(Lm /Li−1 )
and Gi−1 /Gi is isomorphic to Gal(Li /Li−1 ) , which is cyclic. Therefore
G = Gal(Lm /K) is solvable, and since L ⊂ Lm , it follows that L is
solvable over K.
We now have very similar descriptions of what it means for an extension to be “solvable” and what it means for it to be “solvable by
radicals” (especially bearing in mind Proposition 12.6, which shows we
can assume Lm is Galois over K in the latter case). The difference
is that the successive extensions required for “solvability” are Galois
with cyclic Galois group (or just “cyclic extensions” for short), and for
“solvability by radicals,” they are radical extensions. We will prove
that an extension is solvable if and only if it is solvable by radicals.
To do this we need to make a connection between radical extensions
and cyclic extensions. We will see that under certain hypotheses, the
two properties (radical and cyclic) turn out to be equivalent, but not
GALOIS THEORY
75
in general. The idea for proving the equivalence between solvability
and solvability by radicals is to show that (i) radical extensions are
solvable, and (ii) cyclic extensions are solvable by radicals.
√
Example 13.10. The field Q( 3 2) is a radical extension of Q, but is
not a cyclic extension — it is√not even Galois over Q. On the other
over Q with
hand it is contained M = Q( 3 2, e2πi/3 ), which is Galois
√
3
∼
Gal(M/Q) = S3 , a solvable group. Therefore Q( 2) is a solvable
extension of Q. A tower of cyclic extensions as in Lemma 13.9 is
Q ⊂ Q(e2πi/3 ) ⊂ M.
To see that radical extensions are solvable, we undertake a general
analysis of the Galois group of a polynomial of the form f (X) = X n −a
for a ∈ K × . For this, we do not require that K have characteristic 0,
but only that the characteristic does not divide the exponent n. Note
that this implies that f is separable (since the only root of f 0 (X) =
nX n−1 is then 0, which is not a root of f ).
First we consider the case a = 1, and let L be the splitting field over
K of the polynomial f (X) = X n − 1. Let µn be the set of roots of f ;
i.e., µn = { α ∈ L | αn = 1 }. Note that µn is a subgroup of L× ; in fact
µn is the kernel of the homomorphism L× → L× defined by β 7→ β n .
Since L is a splitting field of f , and f is separable, µn contains exactly
n elements. For each d|n, the polynomial X d − 1 ∈ L[X] has at most
d roots in L, so there are at most d elements of µn of order dividing d.
A standard lemma from group theory then implies that µn is cyclic.
Def inition 13.11. A generator of µn , i.e., an element of order n in
L× , is called a primitive nth root of unity (in L).
Remark 13.12. Note that if L ⊂ C, then the primitive nth roots of
unity in L are precisely the complex numbers of the form e2πia/n where
gcd(a, n) = 1. This is the setting we will mainly be concerned with,
but we will work in greater generailty since it makes no difference to
the theory, and allows us to include the case where the characteristic
of K is prime.
Now let ζ be a primitive nth root of unity in L (for example e2πi/n if
L ⊂ C). Since the roots of f (X) = X n − 1 are 1, ζ, ζ 2 , . . . , ζ n−1 , and
these are all elements of K(ζ), it follows that K(ζ) is a splitting field
of f over K, i.e., L = K(ζ).
Suppose that σ ∈ Gal(L/K). Then σ(ζ) is again a root of f , so
σ(ζ) = ζ c for some c ∈ Z. Moreover σ(ζ) has the same order as ζ
in L× , namely n, so n/ gcd(c, n) = n, i.e., gcd(c, n) = 1. Note also
that ζ c = ζ d if and only if c ≡ d mod n, so σ determines an element
[c] ∈ (Z/nZ)× . We will show that the map
ψ : Gal(L/K) → (Z/nZ)×
76
defined by ψ(σ) = [c] is an injective homomorphism. Suppose σ, τ ∈
Gal(L/K), and let ψ(σ) = [c], ψ(τ ) = [d]. This means that σ(ζ) = ζ c
and τ (ζ) = ζ d , so
(στ )(ζ) = σ(τ (ζ)) = σ(ζ d ) = (σ(ζ))d = (ζ c )d = ζ cd ,
and therefore ψ(στ ) = [cd] = [c][d] = ψ(σ)ψ(τ ). We have now shown
that ψ is a homomorphism. To prove that ψ is injective, it suffices to
prove ker(ψ) = {e}; to see this note that if ψ(σ) = [1], then σ(ζ) = ζ,
which implies that σ is the identity.
We have now proved:
Proposition 13.13. Suppose that n ≥ 1 and K is a field of characteristic not dividing n. Let L be the splitting field of X n − 1. Then
Gal(L/K) is isomorphic to a subgroup of (Z/nZ)× .
Remark 13.14. If K = Q, then the homomorphism ψ is actually an
isomorphism. In the case where n is a prime p, this follows from the
fact that [Q(e2πi/p ) : Q] = p − 1 (an exercise).
Now consider the polynomial f (X) = X n − a where a is an arbitrary
element of K × . We continue to assume that n is not divisible by
the characteristic of K, and now assume further that X n − 1 splits
completely over K, i.e., that K contains a primitive nth root of unity,
say ζ. Let L be a splitting field of f , and let α ∈ L be a root of f , so
αn = a. Then (ζ i α)n = αn = a for any i ∈ Z, so the distinct roots of
f are ζ i α for i = 0, 1, 2, . . . , n − 1. As these are all elements of K(α),
it follows that K(α) is a splitting field of f over K, i.e., L = K(α).
Suppose that σ ∈ Gal(L/K). Then σ(α) is a root of f , so σ(α) = ζ c α
for some c ∈ Z. Note that ζ c α = ζ d α if and only if c ≡ d mod n, so so
σ determines an element [c] ∈ Z/nZ. We will show that the map
θ : Gal(L/K) → Z/nZ
defined by ψ(σ) = [c] is an injective homomorphism. (Note that now
it is the additive group Z/nZ that appears, whereas above it was the
multiplicative group (Z/nZ)× .) Suppose σ, τ ∈ Gal(L/K), and let
θ(σ) = [c], θ(τ ) = [d]. This means that σ(α) = ζ c α and τ (ζ) = ζ d α
(στ )(ζ) = σ(τ (α)) = σ(ζ d α) = σ(ζ)d σ(α) = ζ d ζ c α = ζ c+d α,
where we used that σ(ζ) = ζ since ζ ∈ K by assumption. Therefore
θ(στ ) = [c + d] = [c] + [d] = θ(σ) + θ(τ ). We have now shown that θ
is a homomorphism. To prove that θ is injective, it suffices to prove
ker(θ) = {e}; to see this note that if θ(σ) = [0], then σ(α) = α, which
implies that σ is the identity.
We have now proved:
Proposition 13.15. Suppose that n ≥ 1, K is a field of characteristic
not dividing n, K contains a primitive nth root of unity, and a ∈ K × .
GALOIS THEORY
77
Let L be the splitting field of X n − a. Then Gal(L/K) is isomorphic to
a subgroup of Z/nZ.
Now let us continue to consider the polynomial f (X) = X n − a, but
drop the assumption that X n − 1 splits completely over K. Now let L
be a splitting field of X n − a over K, so L = K(α1 , α2 , . . . , αn ) where
α = α1 , α2 , . . . , αn are the distinct roots of f . Since αin = αn = a, we
have (αi /α)n = 1 for i = 1, 2, . . . , n, so the αi /α1 are n distinct roots
of X n − 1 in L. Thus X n − 1 splits completely over L, which therefore
contains a primitive nth root of unity ζ. Moreover each αi is an element
of K(ζ, α), so L = K(ζ, α). Now consider the tower of extensions:
K ⊂ K(ζ) ⊂ L,
and let G = Gal(L/K) and H = Gal(L/K(ζ)). Since K(ζ) is Galois
over K, we have that H is normal in G and G/H is isomorphic to
Gal(K(ζ)/K). By Proposition 13.13, Gal(K(ζ)/K) is isomorphic to a
subgroup of (Z/nZ)× , and is therefore abelian, and therefore solvable
by Lemma 13.4(iii). By Proposition 13.15, we have that Gal(L/K(ζ)
is isomorphic to a subgroup of Z/nZ, and is therefore also solvable. It
is left as an exercise to obtain more information about the structure
of G, but note that it already follows from Lemma 13.4(ii) that G is
solvable.
Since we have only defined the notion of solvability for fields of characteristic 0, we return to that setting to conclude:
Proposition 13.16. Suppose that a ∈ K, and let f (X) = X n − a, and
let L be a splitting field of f over K. Then L is a solvable extension of
K. In particular, every radical extension of K is solvable.
Proof. If a = 0, then L = K, so L is solvable over K. If a ∈ K × ,
then the discussion just preceding the statement shows that Gal(L/K)
is solvable; therefore L is a solvable extension of K.
A radical extension of K is an extension of the form K(α) where α
is such that αn ∈ K for some n ≥ 1. Letting L be the splitting field
of X n − αn ∈ K[X], we have K(α) ⊂ L and Gal(L/K) is solvable.
Therefore K(α) is solvable over K.
The key to proving results in the other direction, such as the fact
that cyclic extensions are solvable by radicals, is the following version
of “Hilbert’s Theorem 90.” We can again relax the assumption that K
has characteristic 0.
Theorem 13.17. Suppose that n ≥ 1, and K is a field of characteristic
not dividing n in which X n − 1 splits completely. Suppose that L is a
Galois extension of K such that Gal(L/K) is cyclic of order n. Then
L = K(α) for some α such that αn ∈ K.
Proof. Let σ be a generator of Gal(L/K), so Gal(L/K) = hσi and
σ has order n. Since σ : L → L is a K-isomorphism, it is a K-linear
78
transformation when L is viewed as vector space over K (i.e., σ(cα) =
cσ(α) for c ∈ K, α ∈ L). Recall that [L : K] = #Gal(L/K) = n, so L
has dimension n as a vector space over K.
Let mσ be the minimal polynomial of the K-linear transformation
σ, let pσ be its characteristic polynomial. Let f (X) = X n − 1, and let
ζ be a primitive nth root of unity in K, so
f (X) = (X − λ1 )(X − λ2 ) · · · (X − λn )
i
where λi = ζ for i = 1, 2, . . . , n are the roots of f . Since σ n = e, the
linear transformation σ satisfies f (σ) = 0, so mσ divides f . Since f
splits completely in K and has no repeated roots, it follows that the
same is true for mσ , and therefore σ is diagonalizable.* Since σ is diagonalizable and its eigenvalues are contained in the set {λ1 , λ2 , . . . , λn },
its characteristic polynomial is
pσ (X) = (X − λ1 )m1 (X − λ2 )m2 · · · (X − λn )mn
where mi is the nullity of σ − λi I (which may be 0, since at this point
we don’t know whether every λi is an eigenvalue).
We claim that if λi is an eigenvalue of σ, then mi = 1. To see this,
suppose that α, β ∈ L× are eigenvectors of σ with eigenvalue λi , i.e.,
σ(α) = λi α and σ(β) = λi β. Then
σ(β/α) = σ(β)/σ(α) = λi β/λi α = β/α.
Since Gal(L/K) is generated by σ, it follows that τ (β/α) = β/α for all
τ ∈ Gal(L/K), which implies that β/α ∈ LGal(/K) = K, so β = cα for
some c ∈ K. Therefore every eigenvector of σ with eigenvalue λi is in
the span of α, so mi = 1.
Since pσ has degree n, and mi ≤ 1 for i = 1, 2, . . . , n, it follows that
mi = 1 for all i. In particular λ1 = ζ is an eigenvalue of σ. Therefore
σ(α) = ζα for some α ∈ L× . Since σ(αn ) = σ(α)n = (ζα)n = αn , it
follows that αn ∈ LGal(L/K) = K. Furthermore, by induction on i we
see that σ i (α) = ζ i α for i = 0, . . . , n − 1 so each ζ i α is a root of the
minimal polynomial of α over K (by Lemma 9.10). This implies that
[K(α) : K] = n, and therefore that L = K(α).
The theorem says that cyclic extensions of degree n are radical, provided field K to contain a primitive nth root of unity ζ. So in order
to apply Theorem 13.17 starting with a more general cyclic extension
L of K, we will replace K by K(ζ) and L by L(ζ). (Note that K(ζ)
is radical over K, so if we show L(ζ) is radical over K(ζ), then it will
follow from 12.12 that L(ζ), and hence L, are solvable by radicals over
K.) However we need to make sure the hypotheses of Theorem 13.17
are satisfied when we replace K by K(ζ) and L by L(ζ): if L is a cyclic
extension of K of degree n, then L(ζ) is a cyclic extension of K(ζ), not
*Here
we are freely using standard results from linear algebra, all of which apply
in the setting of K-vector spaces and K-linear maps for arbitrary fields K.
GALOIS THEORY
79
necessarily of degree n, but a divisor of n. This in fact follows from
a more general property of composite extensions (which holds with no
assumption on the characteristic of K):
Proposition 13.18. Let L and K 0 be extensions of K contained in M .
Suppose that L is a finite Galois extension of K. Then
(i) the composite extension K 0 L is Galois over K 0 , there is an
injective homomorphism
ψ : Gal(K 0 L/K 0 ) → Gal(L/K)
defined by ψ(σ) = σ|L , and the image of ψ is Gal(L/(K 0 ∩ L));
(ii) if K 0 is Galois over K, then K 0 L is Galois over K, and there
is an injective homomorphism
Gal(K 0 L/K) → Gal(K 0 /K) × Gal(L/K)
defined by σ 7→ (σ|K 0 , σ|L ).
Proof. (i) Since L is a finite Galois extension of K, we can write
L = K(α1 , α2 , . . . , αn ) where α1 , α2 , . . . , αn are the roots of a separable
polynomial f ∈ K[X]. So K 0 L = K 0 (α1 , α2 , . . . , αn ) is the splitting
field over K 0 of f , and is therefore a Galois extension of K 0 .
If σ is a K 0 -automorphism of K 0 L, then σ|L is a K-embedding of L
into K 0 L (since σ(α) = α for all α ∈ K ⊂ K 0 ). Since L is Galois over
K, it follows that σ(L) ⊂ L. Since L is finite over K, it follows that
σ|L is a K-automorphism of L, i.e., σ|L ∈ Gal(L/K).
The map defined by ψ(σ) = σ|L is clearly a homomorphism, since if
σ, τ ∈ Gal(K 0 L/K 0 ), then σ|L ◦ τ |L = (σ ◦ τ )|L .
To see that ψ is injective, suppose that σ|L = e. Then σ is the
identity on both K 0 and L, and therefore on K 0 L, so σ = e. Therefore
ker(ψ) = {e}, so ψ is injective.
Finally, let H be the image of ψ. Then by the Fundamental Theorem
of Galois Theory, H = Gal(L/E), where E = LH is the fixed field of
H, and note that
LH = { α ∈ L | τ (α) = α for all τ ∈ H }
= { α ∈ L | σ(α) = α for all σ ∈ Gal(K 0 L/K 0 ) }
since τ ∈ H if and only if τ = σ|L for some σ ∈ Gal(K 0 L/K 0 ). But
0
0
σ(α) = α for all σ ∈ Gal(K 0 L/K 0 ) if and only if α ∈ (K 0 L)Gal(K L/K ) =
K 0 (by the Fundamental Theorem again), so E = LH = K 0 ∩ L. Therefore H = Gal(L/(K 0 ∩ L)).
(ii) Since K 0 is separable over K and K 0 L is separable over K 0 , it
follows that K 0 L is separable over K.
If M 0 is an extension of K 0 L and σ : K 0 L → M 0 is any K-embedding,
then σ(K 0 ) ⊂ K 0 and σ(L) ⊂ L, so σ(K 0 L) ⊂ K 0 L, so K 0 L is normal
over K. Therefore K 0 L is Galois over K.
As in (i), we see that if σ ∈ Gal(K 0 L/K), then σ|K 0 ∈ Gal(K 0 /K),
σ|L ∈ Gal(L/K) and σ 7→ (σ|K 0 , σ|L ) is a homomorphism. Finally if
80
σ is the identity on K 0 and on L, then σ is the idenity on K 0 L, so
σ = e.
We are now ready to prove the main theorem relating the two notions
of solvability.
Theorem 13.19. Let L be a finite extension of K (a field of characteristic 0). Then L is solvable over K if and only if L is solvable by
radicals over K.
Proof. Suppose first that L is solvable over K, so there is a finite
extension M of L such that M is Galois over K and G = Gal(M/K)
is solvable. Let n be the order of G and let M 0 be a splitting field
of X n − 1 over M , so M 0 = M (ζ) = K 0 M where ζ is a primitive nth
root of unity and K 0 = K(ζ). By Proposition 13.18, Gal(M 0 /K 0 ) is
isomorphic to a subgroup of G, so by Lemma 13.4(i), Gal(M 0 /K 0 ) is a
solvable group of order dividing n. As in the proof of Lemma 13.9, it
follows that there is a tower of extensions
K ⊂ K 0 = L0 ⊂ L1 ⊂ · · · ⊂ Lm−1 ⊂ Lm = M 0
such that Li is Galois over Li−1 and Gal(Li /Li−1 ) is cyclic for i =
1, 2, . . . , m. Moreover ni = [Li /Li−1 ] divides [M 0 : K 0 ], which in turn
divides n. Since K 0 contains a primitive nth root of unity, it contains a
primitive nth
i root of unity, and therefore so does Li−1 . Theorem 13.17
therefore implies that Li is a radical extension of Li−1 . Since K 0 = L0 is
a radical extension of K, every step in the tower is a radical extension,
so L is solvable by radicals over K.
Now suppose that L is solvable by radicals over K. So there is a
tower of extensions
K = L0 ⊂ L1 ⊂ · · · ⊂ Lm−1 ⊂ Lm = M
such that L ⊂ M and Li is a radical extension of Li−1 for i = 1, 2, . . . , m;
i.e., Li = Li−1 (αi ) where αi is such that αini ∈ Li−1 for some ni ≥ 1.
Moreover by Proposition 12.6 we can assume M is Galois over K.
Note that if we let n be the least common multiple of the ni , we have
αin ∈ Li for all i. Letting M 0 be a splitting field over M of X n − 1, we
again have M 0 = M (ζ) = K 0 M where K 0 = K(ζ); since K 0 and M are
Galois over L, Proposition 13.18(ii) implies that K 0 M is Galois over
K. In order to prove that L is solvable over K, it suffices to prove that
G = Gal(M 0 /K) is solvable. Letting H = Gal(M 0 /K 0 ), we have that
H is normal in G (since K 0 is Galois over K) and G/H is isomorphic
to Gal(K 0 /K). By Proposition 13.13, Gal(K 0 /K) is isomorphic to a
subgroup of (Z/nZ)× , and is therefore solvable, so by Lemma 13.4(ii),
it suffices to prove that H is solvable. Now consider the tower of extensions
K 0 = L00 ⊂ L01 ⊂ · · · ⊂ L0m−1 ⊂ L0m = M 0
GALOIS THEORY
81
where L0i = Li (ζ). Since L0i = L0i−1 (αi ), αin ∈ L0i−1 and ζ ∈ L0i−1 ,
Proposition 13.15 implies that L0i is Galois over L0i−1 with cyclic Galois
group. Therefore letting Hi = Gal(M 0 /L0i ) gives a chain of subgroups
H = H0 ⊃ H1 ⊃ · · · ⊃ Hm−1 ⊂ Hm = {e}
such that Hi is normal in Hi−1 and Hi−1 /Hi ∼
= Gal(Li /Li−1 ) is cyclic
for i = 1, 2, . . . , m. Therefore H is solvable.
As an immediate consequence, note that we can replace “solvable
by radicals” by “solvable” in the statement of Lemma 12.12. This
means we can also drop the assumption that Lm is Galois over K in
Lemma 13.9:
Corollary 13.20. An extension L of K is solvable (or equivalently
solvable by radicals) if and only if there is a finite tower of extensions
K = L0 ⊂ L1 ⊂ L2 ⊂ · · · ⊂ Lm−1 ⊂ Lm
such that L ⊂ Lm , and for each i = 1, 2, . . . , m, Li is Galois over Li−1
and Gal(Li /Li−1 ) is cyclic.
Corollary 13.21. Suppose that α ∈ L is algebraic over K, let f be the
minimal polynomial of α. Then K(α) is solvable (by radicals) over K
if and only if Gal(Lf /K) is solvable (where Lf is a splitting field of f ).
Proof. Since there is a K-embedding K(α) → Lf , we can assume
K(α) is contained in Lf . So if Gal(Lf /K) is solvable, then K(α) is
solvable (or equivalently solvable by radicals) over K.
Suppose on the other hand that K(α) is solvable. Then there is a
finite Galois extension M of K such that K(α) ⊂ M and Gal(M/K)
is solvable. Since α ∈ M and M is Galois over K, it follows that
f splits completely over K, so M contains a splitting field Lf of f .
Since Gal(Lf /K) is a quotient group of Gal(M/K), it follows from
Lemma 13.4(ii) that Gal(Lf /K) is solvable.
Corollary 13.22. If f ∈ K[X], f 6= 0 and deg(f ) ≤ 4, then the
splitting field Lf is solvable (by radicals) over K.
Proof. This is immediate from the fact that Gal(Lf /K) is isomorphic
to a subgroup of S4 , and is therefore solvable (see Example 13.3). Corollary 13.23. If [L : K] ≥ 4, then L is solvable (by radicals) over
K.
Proof. We have L = K(α) for some α whose minimal polynomial f
over K has degree at most 4, so Lf is solvable over K, and therefore
so is L.
Recall that we know (from the Quadratic Formula) that a quadratic
polynomial f ∈ K[X] is “solvable by radicals” in the sense that the
roots lie in such an extension of K. Corollary 13.22 tells us that the
same is true of cubic and quartic polynomials. There is in fact a “Cubic
82
Formula” that expresses the roots of a cubic f (in terms of the coefficients of f ) using the operations of addition, multiplication, division,
and taking square and cube roots.*
So suppose that f has degree 3. In order to find the roots of f , we
can assume f is monic and make a substitution of the form X + r for
X in order to reduce to the case where f (X) = X 3 + aX + b for some
a, b ∈ K. Recall that the discriminant of f is then ∆ = −4a3 − 27b2 .
If ∆ = 0, then either f (X) = X 3 and its only root is 0, or a and
b are non-zero and using the fact that f has a root in common with
2
3b 2
) (X + 4a
); in
its derivative, one easily finds that f (X) = (X + 2a
9b
particular the roots of f are in K. So suppose ∆ 6= 0. If a = 0, then
the roots of f are the cube roots of −b, so suppose also that a 6= 0.
In this case (the typical, but most interesting and complicated one),
the expression for the roots in terms of radicals is as follows: Let α1
be a square root of −3∆, and α2 a cube root of (3α1 + 27b)/2. Then
K(α1 , α2 ) is solvable by radicals over K, and we leave it as an exercise
to show that
1
3a
β=−
α2 −
3
α2
is a root of f .
There is also a “Quartic Formula,” which we won’t give here, but
the idea is as follows: Recall that for a quartic polynomial f ∈ K[X],
we defined a cubic resolvent g ∈ K[X], with the property that its
splitting field Lg was contained in Lf , and Gal(Lf /Lg ) has Galois group
isomorphic to a subgroup of {e, (12)(34), (13)(24), (14)(23)} ⊂ A4 . The
above procedure for cubics describes Lg as a tower of radical extensions
of K, then Lf can be obtained as (at most) a composite of two quadratic
(hence radical) extensions of Lg , and there are explicit expressions in
terms of the coefficients of f for the roots of f in Lf .
14. A non-solvable quintic
We will say that a polynomial f ∈ K[X] is solvable (or equivalently
solvable by radicals) if its splitting field Lf is solvable over K (or equivalently Gal(Lf /K) is solvable). So we have seen that every polynomial
of degree at most 4 is solvable. We have also seen some (irreducible)
solvable polynomials of higher degree,
for example X 5 − 2 ∈ Q[X] is
√
5
irreducible and has splitting field Q( 2, e2πi/5 ), which is clearly solvable by radicals, but we have yet to see a non-solvable polynomial. For
this, we need a little group theory.
To begin with, we need to prove that A5 is not solvable. In fact, we
will prove the only normal subgroups of A5 are {e} and A5 . Note that
the elements of A5 have the following forms:
*This
only requires that K have characteristic other than 2 or 3.
GALOIS THEORY
83
• 5-cycles (abcde), of which there are 24 (since we can assume
a = 1, and then there are 4! possibilities for the rest);
5
• 3-cycles (abc), of which there are 20 (since there are 3 = 10
choices for {a, b, c}, and two possible 3-cycles for each choice);
• products of two disjoint
2-cycles (ab)(cd), of which there are
15 (since there are
5
2
= 10 choices for (ab), 3 choices for
(cd) among the remaining numbers, and we’ve counted each
element twice since (ab)(cd) = (cd)(ab));
• the identity element e.
Note also that all elements of order 3 are conjugate to each other
in A5 . (Recall that two elements h, h0 of a group G are conjugate if
ghg −1 = h0 for some g ∈ G.) To prove this, it suffices to prove that
each is conjugate to (123). Let d, e be the elements of {1, 2, 3, 4, 5} not
appearing in the 3-cycle (abc) and let g be the permutation defined by
1 7→ a, 2 7→ b, 3 7→ c, 4 7→ d, 5 7→ e. Then one finds that
g(45)(123)(45)−1 g −1 = g(123)g −1 = (abc),
and either g or g(45) is an even permutation.
Similarly all the elements of the form (ab)(cd) (i.e., the elements of
order 2) are conjugate to each other: the same g as above now gives
g(12)(12)(34)(12)−1 g −1 = g(12)(34)g −1 = (ab)(cd),
and either g or g(12) is even, so (ab)(cd) is conjugate to (12)(34).
Now let H be a normal subgroup of A5 . If H contains an element h
order 3, then since H is normal, it contains all conjugates of h, so H
contains all elements of order 3. Therefore it also contains (123)(234) =
(12)(34), so it similarly contains all the elements of order 2. This means
H has at least 20 + 15 + 1 = 36 elements. Since #H has to divide
#G = 60, it follows that H = A5 .
Similarly if H has an element of order 2, then it contains all elements
of order 2, but (12)(34)(12)(45) = (345), so H also contains all elements
of order 3, and it follows as above that H = A5 .
Therefore either H = A5 , or the only non-identity elements of H
have order 5. In the latter case, we see that for any two elements
h, h0 ∈ H of order 5, we either have hhi = hh0 i, or hhi ∩ hh0 i = {e}.
Since each subgroup of H of order 5 has 4 elements of order 5, it follows
that the number of non-identity elements of H is divisible by 4, i.e.,
that #H ≡ 1 mod 4. Considering that #H divides 60, we must have
#H = 1 or 5, But the subgroups of A5 of order 5 are not normal, so
we conclude that #H = 1.
We have now proved:
Theorem 14.1. The group G = A5 is simple, i.e. its only normal
subgroups are {e} and G.
84
In particular A5 is not solvable. Therefore by Lemma 13.4, any group
with a subgroup isomorphic to A5 is not solvable.
Corollary 14.2. If n ≥ 5, then Sn is not solvable.
Therefore a polynomial with Galois group isomorphic to Sn for any
n ≥ 5 will not be solvable. We will construct a quintic (i.e. degree 5)
polynomial in Q[X] with Galois group S5 . For this we need a little
more group theory.
Recall that if f ∈ K[X] is irreducible of degree n, then its Galois
group over K has order dividing n. So if f is an irreducible quintic,
then its Galois group is a subgroup of S5 of order divisible by 5. It
is a general fact from group theory that if a prime p divides the order
of a finite group G, then G has an element of order p, but we can see
this by an elementary argument in the case where p = 5 and G is a
subgroup of S5 using some of the work we did proving Theorem 14.1.
Lemma 14.3. Suppose G is a subgroup of S5 of order divisible by 5.
Then G contains a 5-cycle.
Proof. First note that we have an injective map G/(G∩A5 ) → S5 /A5 ,
so [G : G ∩ A5 ] ≤ 2. Therefore G ∩ A5 also has order divisible by 5, so
we can replace G by G ∩ A5 and hence assume G ⊂ A5 .
Since #G|60, the possible orders of G are 5, 10, 15, 20, 30 and 60.
If #G = 5 or 60, then obviously G has an element of order 5.
If #G = 10 or 20, then G has no elements of order 3. If G had no
elements of order 5, then every non-identity element of G would have
order 2, which would imply that G is abelian. But the only elements of
A5 that commute with an element of the form (ab)(cd) are e, (ab)(cd),
(ac)(bd) and (ad)(bc), contradicting that #G ≥ 10 > 4.
If #G = 15, then G has no elements of order 2. If G had no elements
of order 5, then all its non-identity elements would have order 3. In
particular G would have to contain two elements of order 3 which are
not in the same cyclic subgroup. Such elements would either have to
be of the form (abc) and (cde) (with a, b, c, d, e distinct), or of the form
(abc) and (bcd) (with a, b, c, d distinct, and replacing one of the 3-cycles
by its inverse if necessary). But then H contains either (abc)(cde) =
(abcde), or (abc)(bcd) = (ab)(cd), in either case contradicting that all
non-identity elements of G have order 3.
Finally if #G = 30, then [A5 : G] = 2 implies G is normal in A5 ,
contradicting Theorem 14.1.
Next we show that S5 is generated by any 5-cycle and any transposition (i.e. 2-cycle).
Lemma 14.4. If G is a subgroup of S5 containing a 5-cycle and a
transposition, then G = S5 .
Proof. Suppose that σ, τ ∈ G, where σ = (abcde) is a 5-cycle and
τ = (xy) is a transposition. Since (abcde) = (bcdea) = · · · , we can
GALOIS THEORY
85
assume a = x and y is one of b, c, d, e. So replacing σ by σ i for some
i = 1, 2, 3, 4, we can assume b = y.
Since it suffices to prove gG−1 = S5 , we can replace σ and τ by gσg −1
and gτ g −1 and so assume σ = (12345) and τ = (12) (taking g to be
a 7→ 1, b 7→ 2, etc.). Next note that σ(12)σ −1 = (23), σ(23)σ −1 = (34)
and σ(34)σ −1 = (45), and that these generate S5 (since for any n, every
element of Sn can be written as a composite of transpositions swapping
adjacent elements of {1, 2, . . . , n}). Therefore G = S5 .
So to construct a non-solvable polynoimal in Q[X], it suffices to find
an irreducible quintic whose Galois group (as a subgroup of S5 ) contains
a transposition. The idea is to use complex conjugation to produce a
transposition.
Example 14.5. Let f (X) = X 5 − 10X + 5 ∈ Q[X]. Then f is irreducible by Eisenstein’s Criterion.
Now note that f 0 (X) = 5X 4 − 10
√
2, and
we see that f is increasing
on
has exactly
two real roots: ± 4√
√
√
√
4
4
4
4
(−∞, − 2),
decreasing√ on (− 2, 2), and√ increasing on √
( 2, ∞).
√
4
4
4
Since f (± 2) = 5 ∓ 8 2, we see that f (− 2) > 0 and f ( 4 2) < 0.
Considering the behavior of f (X) as X → ±∞, it follows that
f
√
4
has√exactly
one
√
√ real root in each of the three intervals (−∞, − 2),
(− 4 2, 4 2), ( 4 2, ∞). Therefore f has exactly 3 real roots, say α1 , α2 , α3 ,
and we have
f (X) = (X − α1 )(X − α2 )(X − α3 )g(X),
where g(X) is a quadratic in R[X] with roots α4 and α5 = α4 . Let
Lf = Q(α1 , α2 , α3 , α4 , α5 ) be the splitting field of f . Then complex
conjugation defines an element of G = Gal(Lf /Q) corresponding to
the element (45) ∈ S5 . Since G has order divisible by 5, it follows from
Lemmas 14.3 and Lemma 14.4 that G is isomorphic to S5 , and then
from Corollary 14.2 that G is not solvable. Therefore f is not solvable
by radicals.