Chapter 6
The Primitive Element Theorem and
Galois Theory
6.1 General Definitions
Exercise 6.1.1∗. Prove that R[α1, . . . , αn] is indeed the smallest ring containing R and α1, . . . , αn,
in the sense that any other such ring must contain R[α1, . . . , αn]. Similarly, prove that any field
containing K and α1, . . . , αn contains K(α1, αn).
Solution
If a ring contains R and α1, . . . , αn, it contains all polynomials in α1, . . . , αn with coefficients in
R since these are obtained from multiplication and addition of elements of R and the αi. Thus,
it contains R[α1, . . . , αn]. Similarly, if a field contains K and α1, . . . , αn, it contains all rational
functions in α1, . . . , αn with coefficients in K since these are obtained from multiplication of
elements of K[α1, . . . , αn] with inverses of other elements (we have already shown that the field
must contain K[α1, . . . , αn] since a field is also a ring).
Exercise 6.1.2∗. Let α ∈ Q be an algebraic number. Prove that Q(α) = Q[α].
Solution
We wish to prove that Q[α] is closed under inversion. Let f (α) be a non-zero element of Q[α],
i.e. πα f . Then, since πα is irreducible, it is coprime with f . Thus, by Bézout’s lemma, we
have rf + sπα = 1 for some a, b ∈ Q[X]. Evaluating at α yields r(α)f (α) = 1 as wanted.
Exercise 6.1.3∗. Prove that the minimal polynomial of √ over Q(i) is X2 − i.
(i+1) 2
2
Solution
(i+1) √ 2
2
is a root of X2 − i and not in Q(i) so its minimal polynomial has degree 2 and divide
X2 − i and is therefore equal to it.
Exercise 6.1.4∗. Check that L is a K-vector space.
301
302 CHAPTER 6. THE PRIMITIVE ELEMENT THEOREM AND GALOIS THEORY
Solution
Since K ⊆ L, multiplication of elements of L (vectors) by elements of K (scalars) is well-defined
and satisfies the obvious properties since it’s just the multiplication of two elements of L!
Exercise 6.1.5∗. Prove that (uivj)i∈[m],j∈[n] is a K-basis of M .
Solution
Suppose that i,j ai,juivj = 0 for some ai,j ∈ K. Rewrite it as
ui ai,j vj = 0.
ij
This is a linear combination of the L-basis of M . Thus, by definition of a basis, j ai,jvj = 0
for each i. Again by the definition of a basis, this means that ai,j = 0 for each j and each i.
Thus this family is linearly independent. It remains to show that it generate all of M . We can
proceed exactly as we did but in the reverse direction: let α = i biui be an element of M , with
bi ∈ L (recall that ui is the L-basis of M ). Write each bi as a linear combination j ai,jvj with
ai,j ∈ K (vi is the K-basis of L). We get
α = ai,j uivj
i,j
as wanted.
Exercise 6.1.6∗. Let M/L/K be a tower of extensions and α ∈ M . Prove that the minimal
polynomial of α over L divides the minimal polynomial of α over K. In other words, its L-conjugates
are among its K-conjugates.
Solution
The minimal polynomial of α over K is also a polynomial over L since K ⊆ L. Since it vanishes
at α, this means that it is divisible by the minimal polynomial of α over L.
Exercise 6.1.7∗. Prove that finite extensions of K are exactly the fields of the form K(α1, . . . , αn)
for α1, . . . , αn algebraic elements over K, using Proposition 6.1.1.
Solution
We proceed by induction on [L : K], where L is a finite extension of K (we do not fix K). When
this is one we have L = K. For the induction step, let α ∈ L be an element which is not in K.
By the tower law,
[L : K] = [L : K(α)][K(α) : K].
Since α ∈ K, [K(α) : K] > 1 so that [L : K(α)] < [L : K]. By the induction hypothesis, this
means
L = K(α)(α1, . . . , αn) = K(α, α1, . . . , αn)
as wanted.
6.2. THE PRIMITIVE ELEMENT THEOREM AND FIELD THEORY 303
6.2 The Primitive Element Theorem and Field Theory
Exercise 6.2.1. Let K be a number field. Prove that the embeddings of K are the non-zero functions
f : K → C which are both multiplicative and additive.
Solution
This is the Cauchy equation: we shall show that any additive function is Q-linear. By induction,
we have f (nx) = nf (x) for any n ∈ Z. Thus, for 0 = m, n ∈ Z, we have
nf (xm/n) = f (xm) = mf (x)
which means f (xm/n) = f (x)m/n, i.e. f is Q-linear.
Exercise 6.2.2∗. Let L/K be a finite extension and ϕ ∈ EmbK(L) an embedding of L. Prove that
ϕ(f (α)) = f (ϕ(α)) for any f ∈ K[X] and α ∈ L.
Solution
Let f = i aiXi. Then,
ϕ aiαi = ϕ(aiαi) = ϕ(ai)ϕ(α)i = aiϕ(α)i
ii i i
since ϕ fixes K. (Note that we have used the fact the sum is finite here, it is not true in general
that embeddings commute with power series.)
Exercise 6.2.3∗. Let α ∈ L be an element and σ ∈ EmbK(L) be an embedding. Prove that σ(α) is
a conjugate of α.
Solution
Let f be the minimal polynomial of α. By Exercise 6.2.2∗, we have
0 = σ(f (α)) = f (σ(α))
so σ(α) is a conjugate of α.
Exercise 6.2.4∗. Prove that an embedding is injective.
Solution
Suppose that α = β. Then,
σ(α − β)σ 1 = σ(1) = 1
α−β
so σ(α − β) = σ(α) − σ(β) is non-zero which means that σ(α) = σ(β). (In algebraic terms,
we have shown that the kernel was trivial to prove that the morphism was injective. See Exer-
cise A.2.13∗.)
Exercise 6.2.5. Solve Problem 6.2.1 without field theory, i.e. using only the content of Chapter 1.
304 CHAPTER 6. THE PRIMITIVE ELEMENT THEOREM AND GALOIS THEORY
Solution
One could proceed as follow. Let S denote the sum of the αi. Choose an k ∈ [n], we shall prove
that αk is rational. For this, consider
αk = S − αi.
i=k
The fundamental theorem of symmetric polynomials tells us that each conjugate αk of αk has
the form S − i=k αi where αi is some conjugate of αi. Thus, we have
nn
αi = S = αi.
i=1 i=1
Since the αi are maximal among their conjugates, proceeding as in the field theory solution, we
get αi = αi for each i. But since αk was an arbitrary conjugate of αk, this means αk has only
one conjugate, i.e. αk ∈ Q. You can see that this was a lot messier than with field theory!
Exercise 6.2.6∗. Check that √√
NQ( √3 2)(a + b 3 2 + c 3 4) = a3 + 2b3 + 4c3 − 6abc.
Solution
√√
Let j be a primitive cube root of unity. The norm of a + b 3 2 + c 3 4 is
√√ √√ √√
(a + b 3 2 + c 3 4)(a + bj 3 2 + cj2 3 4)(a + bj2 3 2 + cj 3 4).
This is
√√ √√ √√
a3 + (b 3 2)3 + (c 3 4)3 + (1 + j + j2)(a(b 3 2)2 + a(c 3 4)2) + (1 + j + j2)(a2b 3 2 + a2c 3 4)
√√ √√ √√
+ (1 + j + j2)((b 3 2)2(c 3 4) + (b 3 2)(c 3 4)2) + 3(j + j2)a(b 3 2)(c 3 4)
= a3 + 2b3 + 4c3 + 0 + 0 + 0 − 3(2abc)
= a3 + 2b3 + 4c3 − 6ab.
Remark 6.2.1
It is perhaps easier to use the definition of the norm as√a deter√minant (see Remark√C.3√.5). One
can check that the matrix of the linear map x → (a + b 3 2 + c 3 4)x in the basis 1, 3 2, 3 4 is
a 2c 2b
b a 2c
cb a
which has determinant
a a2 − 2bc − 2c ba − 2c2 + 2b(b2 − ac) = a3 + 2b3 + 4c3 − 6abc.
6.3 Galois Theory
Exercise 6.3.1∗. Check that K(α1, . . . , αn)/K is Galois and prove that any Galois extension has this
form.
6.3. GALOIS THEORY 305
Solution
K(α1, . . . , αn)/K is Galois because K-embeddings send αi to some other αj so send
K(α1, . . . , αn) to itself and are thus all automorphisms. Conversely, if L/K is Galois, let α
be a primitive element for L and α1, . . . , αn its conjugates. Then,
L = K(α) = K(α1, . . . , αn)
since L/K is Galois.
Exercise 6.3.2∗. Can you write the Galois group of a quadratic extension L/K in a way that doesn’t
depend on L or K? (More specifically, show that the Galois groups of quadratic extensions are all
isomorphic.)
Solution
√
T√he embeddi√ngs of a quadratic extension K( d)/K are the identity and the conjugation a +
b d → a − b d. The Galois group is isomorphic to Z/2Z (with addition): the identity is sent
to 0 and the conjugation to 1: conjugation composed with conjugation gives the identity, i.e.
1 + 1 = 0. (Coincidentally the only group with two elements is Z/2Z so we could have directly
concluded that they were isomorphic.)
Exercise 6.3.3∗. Check that the Galois group is a group under composition. (You may assume that
each element has an inverse, this will be proven later as a corollary of Theorem 2.5.1.)
Solution
There are two things to check: that the operation is associative and that it has an identity. The
former is trivial since composition is associative, and the latter too since σ ◦ id = id ◦ σ = σ for
any embedding σ.
Exercise 6.3.4. Let L/K be Galois and K ⊆ M ⊆ L be an intermediate field. Prove that EmbK(M )
is a system of representatives of Gal(L/K)/ Gal(L/M ), where the quotient means Gal(L/K) modulo
Gal(L/M ), i.e. we say σ ≡ σ if σ−1 ◦ σ ∈ Gal(L/M ). (Our quotient A/B is more commonly though
of as the set of right-cosets of B in A, i.e. the sets Ba for a ∈ A (which we just wrote as a in our
case).) (See also Exercise A.3.14†.)
Solution
Extend any embedding σ ∈ EmbK(M ) to an embedding σ ∈ EmbK(L) = Gal(L/K). This is
a well defined map from EmbK(M ) to Gal(L/K)/ Gal(L/M ): if ϕ and ψ are equal on M , then
ψ−1 ◦ ϕ is the identity on M so is in Gal(L/M ) as wanted.
This map is clearly injective, to show that it is bijective we just follow our argument in the other
way. Let σ ∈ Gal(L/K)/ Gal(L/M ). We prove that its image on M is well defined: if σ ≡ σ
then σ and σ have the same images on M since σ−1 ◦ σ is the identity on M .
Exercise 6.3.5. Prove Proposition 6.2.4 using Exercise 6.3.4. (This is a bit technical.)
306 CHAPTER 6. THE PRIMITIVE ELEMENT THEOREM AND GALOIS THEORY
Solution
We have NM/K = σ∈EmbK(M) σ and
NL/K ◦ NM/L = ϕ ◦ ψ.
ϕ∈EmbK (L) ψ∈EmbL(M )
We would like to say that this is ϕ,ψ ϕ ◦ ψ and then show that ϕ ◦ ψ correspond to the K-
embeddings of M but there is one problem: im ψ is in general not contained in L, the domain
of ϕ. Thus, let F be the Galois closure of M , i.e., if M = K(α), then F = K(α1, . . . , αn)
where α1, . . . , αn are the conjugates of α. Using Exercise 6.3.4, we extend embeddings of L to
embeddings of F .
Let GK = Gal(F/K), GM = Gal(F/M ) and GL = Gal(F/L). By Exercise 6.3.4, we have
NM/K = σ∈GK /GM σ and
NL/K ◦ NM/L = ϕ ◦ ψ = ϕ ◦ ψ.
ϕ∈GK /GL ψ∈GM /GL ϕ∈GK /GL,ψ∈GL/GM
To conclude, we prove that if ϕi are a system of representatives of GK /GL and ψj of GL/GM ,
then ϕi ◦ ψj is a system of representatives of GK /GM . By looking at the cardinalities, it sufficies
to show that they are distinct in GK /GM . Thus, suppose that
ϕ ψ ≡ ϕψ (mod GM ) ⇐⇒ ϕ−1ϕ ψ ≡ ψ (mod GM ).
If we look at this modulo GL, we get ϕ−1ϕ = id, i.e. ϕ = ϕ . Then if we look at the remainder
modulo GM , we have ψ = ψ which shows what we wanted.
Exercise 6.3.6∗. Compute σ(0,−1) ◦ σ(1,1) and σ(1,1) ◦ σ(0,−1).
Solution
This follows from the fact that σ(a,b) ◦ σ(c,d) = σ(a+bc,bd). Indeed, σ(a,b) sends ζ to
√ σ(a,b)(ζd)b = (ζd)b = ζbd
and 3 2 to √ √√
Thus, σ(a,b)(ζc 3 2) = (ζc)b · ζa 3 2 = ζa+bc 3 2.
but σ(0,−1) ◦ σ(1,1) = σ(0−1·1,−1·1) = σ(−1,−1)
σ(1,1) ◦ σ(0,−1) = σ(1+1·0,1·(−1)) = σ(1,−1)
Exercise 6.3.7∗. Prove that ei(σ1(α), . . . , σk(α)) is fixed by H for any i.
Solution
We shall prove that any symmetric polynomial f evaluated at σi(α) is fixed by H (this is in fact
equivalent to what we need to prove by the fundamental theorem of symmetric polynomials).
For this, note that
σ(f (σ1(α), . . . , σk(α)) = f (σσ1(α), . . . , σσk(α))
6.3. GALOIS THEORY 307
by a slightly generalised version of Exercise 6.2.2∗. Since σi → σσi is a permutation of H (since
H is a group!) and f is symmetric, this is exactly equal to f (σ1(α), . . . , σk(α).
Exercise 6.3.8∗. Given two subfields A and B of a field L, define their compositum or composite
field AB as the smallest subfield of L containing both A and B (in other words, the field generated
by A and B). Let L/K be a finite Galois extension and A, B be intermediate fields. Prove that
Gal(L/AB) = Gal(L/A) ∩ Gal(L/B).
Solution
Note that any embedding which fixes both AB fixes both A and B. Hence, Gal(L/AB) ⊆
Gal(L/A) ∩ Gal(L/B). Conversely, if A = K(α) and B = K(β), then AB = K(α, β) and it is
clear that the embeddings which fix both α and β fix AB.
Exercise 6.3.9∗. Given two subgroups H1, H2 of a group H, define the subgroup they generate,
H1, H2 , as the smallest subgroup containing both H1 and H2. Let L/K be a finite Galois extension
and A, B be intermediate fields. Prove that Gal(L/A ∩ B) = Gal(L/A), Gal(L/B) .
Solution
Note that any embedding which fixes A or B fixes A ∩ B. Hence, Gal(L/A), Gal(L/B) ⊆
Gal(L/A ∩ B) (if a group contains two subgroups it also contains the subgroup generated by
them, by definition). Conversely, if Gal(L/A), Gal(L/B) fixes all of M , then M is fixed both
by the embeddings of A and by the embeddings of B, which implies that M ⊆ A ∩ B. This shows
that Gal(L/A ∩ B) ⊆ Gal(L/A), Gal(L/B) .
Exercise 6.3.10∗. Prove Proposition 6.3.2.
Solution
If H1 ⊆ H2 then LH1 is fixed by less embeddings than LH2 so has more elements (any element
fixed by the embeddings of H2 is also fixed by the embeddings of H1). Conversely, if M1 ⊆ M2,
there are more embeddings which fix M1 than M2 since any embedding which fix M2 also fix
M1.
Exercise 6.3.11∗. Let L/K be a finite Galois extension and let M be an intermediate field. Prove
that, for any σ ∈ Gal(L/K), Gal(L/σM ) = σ Gal(L/M )σ−1. Deduce that the intermediate fields
which are also Galois (over K) are M = LH where H is a normal subgroup of G = Gal(L/K),
meaning that σHσ−1 = H for any σ ∈ G. In particular, if L/K is abelian, meaning that its Galois
group is, any intermediate field is Galois over K.
Solution
If ϕ fixes M , σϕ fixes sends M to σM and thus σϕσ−1 sends σM to itself as wanted (this
is of course reversible). M is Galois over K iff it is fixed under conjugation, i.e. σM = M
for any σ ∈ Gal(L/K). By the fundamental theorem of Galois theory, this is equivalent to
Gal(L/M ) = Gal(L/σM ) = σ Gal(L/M )σ−1. This proves the second part. For the third, simply
note that σHσ−1 = σσ−1H = H when G is abelian.
308 CHAPTER 6. THE PRIMITIVE ELEMENT THEOREM AND GALOIS THEORY
Exercise 6.3.12∗. Fill in the details of this proof of the quadratic reciprocity law.
Solution
Here is a ssuamy m√aqr∗y=of the proof. First, we prove that √q∗ ∈ Q(ωq) where ωq is a primitive qth root
of unity, f (ωq). Then, we assume that f∈ Z(p) [X ], where Z(p) denote the rational
numbers with non-negative p-adic valuation. This follows for instance from Exercise 3.5.26†.
After that, we apply the Frobenius morphism on both sides to get
√ = f (ωqp) ≡ √ )p,
σp( q∗) ( q∗
i.e. p √ (√q∗)p
q∗
q ≡
since the Galois group of Q(ωq )/Q(√q∗ ) is {σk | k = 1}, i.e. these embeddings fix √q∗ and
the others negate it. To see that this is q the Galois group of Q(ωq)/Q(√q∗), notice
necessarily
that the only subgroup of cardinality q−1 of Z/(q − 1)Z is 2Z/(q − 1)Z, which corresponds to the
2
quadratic residue once we raise a primitive root to these powers (since primitive roots are what
give us an isomorphism Z/(q − 1)Z (Z/qZ)×).
Now that we have this equality, we can rewrite it as
p p−1
q−1 2 (mod p),
q ≡ (−1) 2 q
i.e. p q ≡ (−1) p−1 · q−1
as wanted. 2 2
qp
Exercise 6.3.13∗. Convince yourself of this solution.
Solution
Here is the proof written in the correct order. We pick a primitive element r of Q(ω)H , say
r = h∈H u − ωh for some u ∈ Z by ??, and consider its minimal polynomial f . Then, let p be
any prime not dividing n and consider an element ζ ∈ Fp of order n. If p (mod n) ∈ H, then
ρk = u − ζkh
h∈H
is in Fp since
ρkp = u − ζkhp = ρk
h∈H
as h → hp is a permutation of H since p (mod n) ∈ H. By the fundamental theorem of symmetric
polynomials,
X − f (ρh) ≡ X − f (σh(r)) = Xϕ(n) (mod p)
h∈H h∈H
so f has all its roots ρh in Fp as asserted.
Now, suppose for the sake of a contradiction that infinitely many p ≡ m (mod n) are such that
f has a root in Fp. Since the roots of f are still the ρh, this means that, for some h ∈ H, ρh ∈ Fp
for infinitely many p ≡ m (mod n). Since ρh ∈ Fp is equivalent to ρph = ρh and ρph = ρhp = ρhm,
6.4. SPLITTING OF POLYNOMIALS 309
we get
ρhm − ρh = 0
for infinitely many p. As a consequence, the product
ρghm − ρgh ≡ σghm(r) − σgh (mod p)
g ∈(Z/nZ)× /H g ∈(Z/nZ)× /H
is divisible by infinitely many primes p by the fundamental theorem of symmetric polynomials.
This implies that σghm(r) = σgh for some g, i.e. ghm and gh are in the same coset, which is
false since m ∈ H. (We can also assume that g = 1 by replacing ω by ωg.)
Exercise 6.3.14∗. Prove that the identity of a group is unique.
Solution
If e and e are two identities than e = ee = e so they are equal.
Exercise 6.3.15∗. Prove the following refinement of Theorem 2.5.1: if G is a finite group and H a
subgroup of G, |H| divides |G|. Why does it imply Theorem 2.5.1?
Solution
Partition G into left-cosets aH, a ∈ G. Each coset has cardinality |H|, and two distinct cosets
are disjoint so this is indeed a partition: if ag = bh with g, h ∈ H, then a = bhg−1 so aH = bH.
Thus, the cardinality of a coset divides the cardinality of the union, i.e. |H| divides |G|. When
H is the subgroup generated by an element g, this means that the order of g divides the order
of G.
6.4 Splitting of Polynomials
Exercise 6.4.1. Does there exist an a ≡ 1 (mod n) such that any non-constant f ∈ Z[X] has infinitely
many prime factors congruent to a modulo n?
Solution
No, a counterexample is f = Φn.
6.5 Exercises
Field and Galois Theory
Exercise 6.5.1†. Let L/K be a finite separable extension of prime degree p. If f ∈ K[X] has prime
degree q and is irreducible over K but reducible over L, then p = q.
310 CHAPTER 6. THE PRIMITIVE ELEMENT THEOREM AND GALOIS THEORY
Solution
Let α be a root of f . On the one hand, [L(α) : K] = [L(α) : K(α)][K(α) : K] is divisible by q.
On the other hand,
[L(α) : K] = [L(α) : L][L : K].
The first factor is smaller than q so not divisible by q, and the second is p. Thus, q | p, i.e.
p = q.
Exercise 6.5.2†. Let L/K be a finite Galois extension and M/K be a finite extension. Prove that
Gal(LM : M ) Gal(L : L ∩ M ). In particular, [LM : L] = [L : L ∩ M ]. Conclude that, if L/K and
M/K are Galois, we have
[LM : K][L ∩ M : K] = [L : K][M : K].
Solution
For the first part, let L = K(α). Consider the restriction ϕ from Gal(LM/M ) → Gal(L/K)
(an element of Gal(LM/M ) is a function σ : LM → LM fixing M , which can be restricted to a
function σ : L → L fixing K). This is injective, since σ ∈ Gal(LM/M ) is determined by its value
as α, and the same goes for σ ∈ Gal(L/K). We wish to show that the image of this restriction is
Gal(L/L ∩ M ) (thus corresponding to an isomorphism between Gal(LM/M ) and Gal(L/L ∩ M )
as wanted).
Notice for this that
Lϕ Gal(LM/M) = {x ∈ L | σ(x) = x ∀ σ ∈ ϕ Gal(LM/M )}
= {x ∈ L | σ(x) = x ∀ σ ∈ Gal(LM/M )}
=M ∩L
since Gal(LM/M ) fixes exactly M but here we restrict it to L.
For the second part, we have [LM : K] = [LM : L][L : K] by the tower law and [LM : L] =
[M : L ∩ M] by the first part. Now, [M : L ∩ M] = [M :K] by the tower law again. Thus, we
[L∩M :K]
conclude that
[LM : K] = [LM : L][L : K] = [M : L ∩ M ][L : K] = [L : K][M : K]
L∩M : K]
as wanted.
Exercise 6.5.3†. Prove that, for any n, there is a finite Galois extension K/Q such that Gal(K/Q)
Z/nZ.
Solution
Pick a prime p ≡ 1 (mod n), let ω be a primitive pth root of unity, and set K = Q(ω). Note
that, since K has abelian Galois group, every subfield of K is also Galois over Q. We wish
to find a subfield L such that Gal(L/Q) Z/nZ. By Exercise 6.3.4, we have Gal(L/Q)
Gal(K/Q)/ Gal(K/L), so we want to find a subgroup H of Z/(p − 1)Z such that
Z/(p − 1)Z /H Z/nZ.
Now, note that the subgroups of Z/(p − 1)Z have the form d · Z/(p − 1)Z Z/ p−1 Z, and that
d
6.5. EXERCISES 311
(e.g. by Exercise A.3.15†)
Z/(p − 1)Z d · Z/(p − 1)Z Z/dZ.
Thus, if H is the subgroup of Gal(K/Q) corresponding to n · Z/(p − 1)Z, we get Gal(KH /Q)
Z/nZ as wanted.
Remark 6.5.1
If we combine the structure of units from Exercise 3.5.18† with the structure of finite abelian
groups from Exercise A.3.19†, we get that every finite abelian group is a Galois group Gal(K/Q)
for some number field K.
Exercise 6.5.4† (Cayley’s Theorem). Let G be a finite group. Prove that it is a subgroup of Sn for
some n. Conclude that there is a finite Galois extension L/K of number fields such that G Gal(L/K).
(This is part of the inverse Galois problem. So far, it has only been conjectured that we can choose
K = Q.)
Solution
We claim that G ⊆ S|G|. Indeed, left-multiplication by g defines a permutation sg of G, and it
is clear that this is an isomorphism: sg ◦ sg−1 = id and
sg ◦ sh = x → hx → ghx = sgh.
For the second part, we can consider an L such that Gal(L/Q) S|G| and then take K = LG
since G is a subgroup of S|G| by Cayley’s theorem. To prove that such an L exists without
invoking Exercise 6.5.22†, one can consider a prime number p ≥ n and a subgroup S Sn of Sp.
By Exercise 6.5.21†, there exists a number field M Galois over Q such that Gal(M/Q) Sp.
Indeed, it is clear that there exists a polynomial of degree p with real coefficients and exactly
two non-real roots. We can then refine it to an irreducible polynomial with rational coefficients
by replacing its coefficients by close rational numbers of p-adic valuation 1, except for its leading
coefficient which we replace by a close rational number of p-adic valuation 1. This gives us a
polynomial irreducible over Q by Eisenstein’s criterion. Finally, we pick L = M S.
Exercise 6.5.5† (Dedekind’s Lemma). Let L/K be a finite separable extension in characteristic 0.
Prove that the K-embeddings of L are linearly independent.
Solution
Suppose for the sake of a contradiction that a non-zero linear combination annihilates the em-
beddings:
a1σ1 + . . . + akσk = 0
and pick k to be minimal. Pick an element a ∈ L such that σ1(a) = σk(a). Then,
a1σ1(ax) + . . . + akσk(ax) = 0
for all x ∈ L by assumption, but this is also
a1σ1(a)σ1(x) + . . . + akσk(a)σk(x)
312 CHAPTER 6. THE PRIMITIVE ELEMENT THEOREM AND GALOIS THEORY
so we conclude that
a1 1 − σ1(a) σ1 + . . . + ak−1 1 − σk−1(a) σk−1 = 0,
σk (a) σk (a)
contradicting the minimality of k.
Exercise 6.5.6† (Hilbert’s Theorem 90). Suppose L/K is a cyclic extension in characteristic 0, mean-
ing its Galois group Gal(L/K) (Z/nZ, +) for some n (like Gal(Fpn /Fp)) or Gal(Q(exp(2iπ/p))/Q)).
Prove that α ∈ L has norm 1 if and only if it can be written as β/σ(β) for some β ∈ L, where σ is a
generator of the Galois group (element of order n).
Solution
It is clear that β/σ(β) has norm 1 for any β. Now suppose α has norm 1 and let σ ∈ Gal(L/K)
be a generator. By Exercise 6.5.5†, pick a γ such that
n−1 k−1
β = σk(γ) σi(α)
k=0 i=0
is non-zero. Then,
n−1 k−1
ασ(β) = σk+1(γ) σi+1(α)
k=0 i=0
n−1 k−1
= σn(γ)ασ(α) · . . . · σn−1(α) + σk(γ) σi(α)
k=1 i=0
n−1 k−1
= γNL/K (α) + σk(γ) σi(α)
k=1 i=0
=β
since NL/K (α) = 1 by assumption. Thus, α = β/σ(β) as wanted.
Remark 6.5.2
This the√orem gaai−+vbbe√√sddu=s vaae22r−+yddibbn22 t+ereas2t2−iandbgb2 c√orollaries such as Exercise 7.5.11†: x+y √ d has norm 1
iff x + y d = d.
Exercise 6.5.8† (Lüroth’s Theorem). Let K be a field and L a field between K and K(T ). Prove
that there exists a rational functions f ∈ K(T ) such that L = K(f ).
Solution
The proof given here is taken from Bergman [3]. Without loss of generality, suppose that L = K.
Given an element h ∈ K(T )[X] express it as h = f (T, X)/g(T ) with coprime f, g ∈ K[T, X] (g
is constant in X) and define its height ht(h) as max(degT (f ), degT (g)). Now, pick any element
of minimal height u = f (T )/g(T ) ∈ L. We will prove that
f (X) − ug(X)
is the minimal polynomial of T both over L and K(u). This implies that [K(T ) : K(u)] = [K(T ) :
6.5. EXERCISES 313
L] and K(u) ⊆ L(u), i.e. L = K(u) as desired.
Without loss of generality, we may assume that deg f = deg g, by replacing u by u + t where
t ∈ K is such that f +tg has degree less than deg f if deg f +deg g. Similarly, we can assume that
deg f > deg g by replacing u by 1/u if necessary. Finally, by multiplying u by a constant, we can
suppose that f and g are monic. That way, the polynomial f (X)−ug(X) is monic in X of degree
deg f . Note that, when c = a(T, X)/b(T ) is monic in X, b(T ) divides the leading coefficient of X
of a so degT a ≥ degT b which implies that ht(c) = degT (a). In particular, ht(cd) = ht(c) + ht(d)
for polynomials c, d monic in X.
Suppose now that f (X) − ug(X) is divisible by another monic polynomial π = i uiXi ∈ L[X].
We have
ht(π(X)) ≥ ht(uk) ≥ ht(u) = ht(f (X) − ug(X))
where k is chosen so that uk is non-constant. Hence, we conclude that, if f (X) − ug(X) =
π(X)τ (X), we have ht(τ ) = 0, i.e. τ = h(X) ∈ K[X]. This h divides both f and g: indeed, 1
and u are linearly independent since u ∈ K so f /h + ug/h ∈ K(T )[X] implies that f /h and g/h
are in K[X]. This is of course impossible if τ is non-constant since f and g are coprime. Hence,
f (X) − ug(X) is the minimal polynomial of T over L.
The second part is a lot easier. Suppose that π = i fi(X)ui ∈ K[u][X] with fi ∈ K[X] vanishes
at X = T . We will prove that degX π ≤ ht(u) = deg f , thus showing that f (X)ug(X) is the
minimal polynomial of T over K(u). Let m = degu π. We have
m−1
0 = g(T )m−1π(T ) = fm(T )f (T )m/g(T ) + fi(X)f (T )igm−1−t.
i=0
Note that every term in the second sum is a polynomial, hence fm(T )f (T )m/g(T ) is too: g(T )
divides fm(T ) since f and g are coprime so
degX π ≥ deg fm ≥ deg f = ht u
as claimed.
nth Roots
Exercise 6.5.9†. Let K be a field, p a prime number, and α an element of K. Prove that Xp − α is
irreducible over K if and only if it has no root.
Solution
Suppose that Xp − α is reducible for some α = 0. We will show that α is a pth power in K. Let
f be a non-trivial factor of Xp − α, say of degree k ∈ [p − 1]. Its constant term has the form
ωαk/p by Vieta’s formula (we are working in a field extension where Xp − α splits here), where
ω is a pth root of unity. Thus, αk := βp is a pth power. If m is the inverse of k modulo p, say
mk = np + 1, we get βmk p
αmk
α = αnp = αn
as wanted.
Exercise 6.5.10†. Let f ∈ K[X] be a monic irreducible polynomial and p a rational prime. Suppose
that (−1)deg f f (0) is not a pth power in K. Prove that f (Xp) is also irreducible.
314 CHAPTER 6. THE PRIMITIVE ELEMENT THEOREM AND GALOIS THEORY
Solution
Suppose that f (Xp) is reducible and let α be a root of f . By Lemma 6.1.1, Xp − α is reducible
over K(ω), where ω is a primitive pth root of unity. By Exercise 6.5.9†, α is a pth power in K(ω),
say g(α)p. Let α1, . . . , αn be the conjugates of α. Then, by Vieta’s formulas,
nn np
(−1)nf (0) = αk = g(αk)p = g (αk )
k=1 k=1 k=1
is a pth power.
Exercise 6.5.11† (Vahlen, Capelli, Redei). Let K be a field and α ∈ K. When is Xn − α irreducible
over K?
Solution
Suppose that Xm − α and Xn − α are irreducible over K. Then, so is Xmn − α. Indeed,
suppose that β is a root of Xmn − α. Then, [K(β) : K] is divisible by [K(βm) : K] = n and
[K(βn) : K] = m, which implies that it’s divisible by mn as well since they are coprime. Thus,
[K(β) : K] = mn as wanted since it’s clearly at most mn.
Hence, it suffices to study the case where n = pk is a prime power. First, suppose that p is odd.
Then, we prove by induction that Xpk − α is irreducible if and only if α is not a pth power, the
base case being Exercise 6.5.9†. For the induction step, by Exercise 6.5.10†, if f = Xpk+1 − α is
reducible, then (−1)pk+1 f (0) = α is a pth power. For p = 2 we get −α which could be a square
while α isn’t, except if K has characteristic 2 since we then α = −α. Thus, we are already done
if char K = 2 so we may now suppose that char K = 2.
Finally, it remains to study X2k − α. We claim that, for k ≥ 2, this is irreducible iff α is a square
or −4 times a fourth power. One implication is Sophie Germain’s identity: if α = −4β4, then
X2 + 4β4 = (X2 + 2βX + 2β2)(X2 − 2βX + 2β2).
It remains to prove that X2k − α is irreducible if α is not a square or −4 times a fourth power.
Suppose that X2k+1 − α is reducible. Then, α = −β2 for some β by Exercise 6.5.10†. Since α
is not a square, −1 isn’t as well. Let γ be a root of X2k+1 − α. We have γ2k = iβ for some
i2 = −1 ∈ K. We will prove that X2r − iβ is irreducible over K(i), thus showing that
[K(γ) : K] = [K(γ) : K(i)][K(i) : K] = 2k · 2 = 2k+1
as wanted. If it were reducible, iβ would have the form −(u + vi)2 = (v + ui)2 for some u, v ∈ K.
This gives us u2 − v2 = 0 and β = 2uv so
α = −β2 = −4u4
as wanted.
We can summarise the previous discussion as follows.
• Xn − α is irreducible iff α is not a pth power for any p | n, and not −4 times a fourth power
in the case that 4 | n and char K = 2.
• As a corollary,√if α is not −4√times a fourth power or 4 n or char K = 2, the minimal
polynomial of n α is X n/d − n αd where d | n is the greatest integer such that αd is an nth
power.
6.5. EXERCISES 315
Exercise 6.√5.12†. Let n ≥ 1 be an integer and ζ a primitive nth root of unity. What is the Galois
group of Q( n 2, ζ) over Q?
Solution
√√
Knowing the embeddings of Gal(ζ, n 2) is equivalent to knowing the conjugates of n 2√over
Gal(ζ). √By Ex√ercise 6.5.11† and Problem 6.3.3, we know that the minimal polynomial of n 2 is
Xn/2 − 2 if 2 ∈ Gal(ζ) and 2 | n, and Xn − 2 otherwise. The embeddings are thus
σ(a,b) : ζ√2 → ζ2a √
n 2 → ζb n 2
for independent a ∈ Z/ n × and b ∈ Z/nZ in the first case, and
2
Z
σ(a,b) : ζ√→ ζa √
n 2 → ζb n 2
for independent a ∈ (Z/nZ)× and b ∈ Z/nZ in the√second case. (One may note that neither of
these Galois groups are abelian for n ≥ 3.) Since 2 is in Q(ζ) iff 8 | n by Exercise 6.5.27, we
are done.
Exercise 6.5.13†. Let n ≥ 1 be an integer and p1, . . . , pm rational primes. Prove that
[Q( √ . . . , √ : Q] = nm.
n p1, n pm)
(This is a generalisation of Exercise 4.6.24†.)
Solution
Suppose that the degree is strictly smaller than nm, i.e. a non-trivial linear combination of
powers is zero:
k√
bi n ai = 0
i=1
for non-zero rational numbers b1, . . . , bk and distinct nth-powers-free positive integers a1, . . . , ak.
By mulyiplying this equation by n an1 −1, we may assume that a1 = 1. We will prove that b1 = 0,
√
thus reaching a contradiction. Let K be a Galois extension of Q containing all n ai with Galois
group G. Take the sum of the equations
k√
biσ( n ai) = 0,
i=1
over σ ∈ G. Exercise 6.5.11† shows that the sum of the conjugates of √ is zero for i = 1. Since
n ai
the action o√f Gal(K/Q) on Q(α) restricts to multiple copies of Emb(Q(α)) for any α ∈ Q, the
sum σ∈G n ai is zero for any i = 1. Thus, we are left with the same
b1σ(1) = b1|G|,
σ∈G
which means b1 = 0 as wanted.
Exercise 6.5.14† (Kummer Theory). Let L/K be a finite Galois extension in characteristic 0. Suppose
that Gal(L/K) ∼ Z/nZ. If K contains a primitive nth root of unity, prove that L = K(α) for some
αn ∈ K.
316 CHAPTER 6. THE PRIMITIVE ELEMENT THEOREM AND GALOIS THEORY
Solution
Let σ be a generator of Gal(L/K) and let ω ∈ K be a primitive nth root of unity. If we find a
non-zero α ∈ L such that σ(α) = ωα, we are done, since, by iterating σ, we get σk(α) = ωkα,
i.e. L is generated by the nth root α of some element of Ki+1 (as can be seen from considering
its norm for instance). For this, consider
f = Xn − 1 = Xn−1 + ωXn−2 + . . . + ωn−1.
X −ω
We have 0 = σn − id = (σ − ωid) ◦ (f (σ)), hence, α = f (σ)(β) works for any β. We only need
to ensure that α = 0, and this follows from the linear independence of the embeddings from
Exercise 6.5.5†.
Exercise 6.5.15† (Artin-Schreier Theorem). Let L/K be a finite extension such that L is algebraically
closed. Prove that [L : K] ≤ 2.
Solution
First, we prove that [L : K] is a power of 2. Suppose otherwise. Using Cauchy’s theorem and the
fundamental theorem of Galois theory, we can find an intermediate field M such that [L : M ] = p
where p | [L : K] is an odd prime. Thus, suppose without loss of generality that [L : K] = p.
Consider a primitive pth root of unity ω ∈ L. Since ω has degree at most p − 1 over K, its
degree is not divisible by p which means that ω must be in K. Then, Kummer theory from
Exercise 6.5.14† implies that L = K(α) for some β = αp ∈ K. Since α is not in K, β is not a pth
power in K. This implies that the polynomial Xp2 − β is irreducible over K by Exercise 6.5.11†.
This is a contradiction since any element algebraic over K has degree at most p by assumption.
Thus, [L : K] = 2k for some k. In particular, any polynomial of odd degree has a root in K.
Indeed, group the roots of a polynomial f ∈ K[X] in disjoint orbits of the form
σ1,i(αi), . . . , σki,i(αi)
where αi is a root of f and σ1,i, . . . , σki,i form a set of representatives of
Gal(L/K)/ Gal(L/K(αi)). In other words, we are simply asking that, for a fixed i, σj,i(αi) go
through every conjugate of αi exactly once. Then, if αi ∈ K,
ki = | Gal(L/K)/ Gal(L/K(αi))| = 2k/| Gal(L/K(αi))|
is even since Gal(L/K(αi)) < 2k. If this is the case for all i, then f has an even number of roots,
contradicting the assumption that its degree is odd. (This is a generalisation of the fact that
non-real roots always come by pair of complex conjugates.)
Accordingly, any polynomial of odd degree has a root in K. We will prove that any element
α ∈ K is such that α is a square of −α is. Assuming this, notice that these are exactly the
assumptions we used in our proof that C = R(i) is closed, in Section B.3. Hence, L = K(i)
where i2 = −1, which means in particular that [L : K] ≤ 2 as wanted.
It remains to show this claim. For this, notice that X2k+1 − α is reducible over K since L/K has
degree 2k. By Exercise 6.5.11†, this implies that α is a square, or −4 times a fourth power, and
thus minus a square.
Constructibility and Solvability
Exercise 6.5.16†. Given two points, you are allowed to draw the line between them, as well as the
circle of center one of the points going through the other. Initially, you may start with the points (0, 0)
6.5. EXERCISES 317
and (0, 1) and define additional points that way. We say a real number r is constructible if the point
(0, r) is constructible. Prove that, if x and y are constructible, so are x + y, xy, −x, |x|, and 1 if
x
x = 0.
Solution
Exercise 6.5.17†. Prove that a real number is constructible if and only if it is algebraic and the
degree of its splitting field, meaning the field generated by its conjugates, is a power of 2. Deduce that,
using only a (non-graded) ruler and a compass,
1. A regular n-gon is constructible if and only if ϕ(n) is a power of 2.
2. It is not always possible to trisect an angle.
3. Given a square with area A, it is not possible to construct a square with area 2A.
Solution
Note that α = cos 2 n is constructible iff its degree ϕ(n)/2 (for n ≥ 2) is a power of 2. In
π
that case, we can construct the point (cos(2kπ/n), 0) and the point (0, sin(2kπ/n)), and hence
the point (cos(2kπ/n), sin(2kπ/n)) as well. Similarly, if we are able to trisect an angle of α,
by intersecting with a vertical line we are able to construct cos(α/3) (and this is equivalent).
However, for α = 2π , we get cos(2π/9) which has degree 3 and is thus not constructible.
3
It remains to prove the characterisation of the constructible numbers. One direction is easy:
when we intersect a line with a line, the field generated by the coordinates does not change, and
when we intersect a line with a circle, the field generated by the coordinates becomes a quadratic
extension of itself or does not change. Thus, the degree over Q gets multiplied by 1 or by 2
each time, and must thus be a power of 2. It is also clear that this is Galois: each time we
take a square root, we could also take the other square root (this amounts to considering the
other intersection with the circle). The other direction is almost given by Exercise 6.5.16†. To
finish, we proceed by induction on [K : Q] = 2k where K is the splitting field of α. By Cauchy’s
theorem 6.3.3, Gal(K/Q) has an element of order 2, and thus, K has a subfield of index 2 by the
Galois correspondence, say [K : L] = 2. By assumption, the points of L are constructible since
[L : Q] = 2k−1, and if K = Q(α), we can recover α from L using the quadratic formula so α is
also constructible by Exercise 6.5.16†.
Exercise 6.5.18†. We say a finite Galois extension L/K in characteristic 0 is solvable by radicals if
there is a tower of extensions
K = K0 ⊂ K1 ⊂ . . . ⊂ Km ⊇ L
such that Ki+1 is obtained from Ki by adjoining an nth root of some element of Ki to Ki, for some
n. We also say a group G is s6o.l3v.a1b1l∗e)ifanthdeGrei+is1/aGcihiasincy0cl=ic.GP0r⊂ovGe 1th⊂at. .. ⊂ Gm = G such that Gi is
normal in Gi+1 (see Exercise L/K is solvable by radicals if
and only if its Galois group is. (When L is the field generated by the roots of a polynomial f ∈ K[X],
L/K being solvable by radicals means that the roots of f can be written with radicals, which explains
the name.)
Solution
First, suppose that G is solvable. Consider the tower of fields Ki = LGi . Each Ki+1/Ki is
Galois by Exercise 6.3.11∗, with Galois group isomorphic to Gi+1/Gi by Exercise 6.3.4. We
318 CHAPTER 6. THE PRIMITIVE ELEMENT THEOREM AND GALOIS THEORY
wish to conclude that Ki+1 is generated from Ki by adding the nth root of an element. The
problem is that this is almost always false, since then Ki+1/Ki wouldn’t be Galois extension!
Hence, we shall to consider the tower of fields Ki(ω), where ω be a primitive |G|th root of unity
(since |Gi+1/Gi| | |G| by Lagrange). By Exercise 6.5.2†, the Galois group of Ki+1(ω)/Ki(ω) is
isomorphic to the subgroup Gal(Ki+1/Ki(ω) ∩ Ki+1) of Gal(Ki+1/Ki), and hence cyclic as well,
say of order n. Then, Kummer theory from Exercise 6.5.14† states that Ki+1(ω) is Ki(ω)(αi)
for some αin ∈ Ki(ε). This gives us that L/K is solvable as wanted since we have the tower
K ⊆ K(ω) ⊆ K(ω)(α1) ⊆ . . . K(ω)(αm) = L(ω) ⊇ L.
Now, we need to prove that G is solvable if L/K is. Note that, if G is solvable, then so is G/H
for any normal subgroup H. Indeed, if 0 = G0 ⊆ . . . ⊆ Gm = G, then H = G0H/H ⊆ . . . ⊆
GmH/H = G/H and
(Gi+1H/H)/(GiH/H) Gi+1H/GiH
by Exercise A.3.15†, and this is cyclic, since if gGi generates Gi+1/Gi, then gGi+1H generates
Gi+1 H/Gi H .
Set M = Km(ω), where ω is a root of unity chosen so that Ki+1(ω)/K is Galois for each i (and
in particular M/K is). Since Gal(L/K) Gal(M/K)/ Gal(M/L) is a quotient of Gal(M/K), it
suffices to prove that Gal(M/K) is solvable. There is only one thing left to do now: add ω to all
Ki so that Ki+1/Ki becomes Galois and we can simply take its Galois group. This gives us that
Gal(M/K(ω)) is solvable, but we what we want is for Gal(M/K) to be. However,
Gal(M/K)/ Gal(M/K(ω)) Gal(K(ω)/K)
is cyclic, so we can add to a chain 0 = G0 ⊆ . . . ⊆ Gm = Gal(M/K(ω)) ⊆ Gal(M/K) to conclude
that Gal(M/K) is solvable as wanted!
We shall however explain a bit more why taking Galois groups gives us cyclic extensions. Let
us write Mi = Ki(ω) = Mi−1(αi) for some αini ∈ Mi. Then, Gal(Mi+1/Mi) is cyclic since its
embeddings have the form σ(αi) = ωkα for some k, so they form a subgroup of Z/nZ where n is
the order of ω, which is thus cyclic. If we let Gi = Gal(M/Mi), we have
0 = Gal(M/M ) = Gm ⊆ . . . ⊆ G0 = Gal(M/K(ω))
and Gal(Mi/Mi+1)
Gi/Gi+1 = Gal(M/Mi)/ Gal(M/Mi+1)
by Exercise 6.3.4 which is cyclic as wanted.
Exercise 6.5.19†. Let n ≥ 1 be an integer. Prove that Sn is not solvable for n ≥ 5. Conclude
from Exercise 6.5.21† that some polynomial equations are not solvable by radicals.1 (This is quite
technical.)
Solution
The usual proof proves a lot more than just the non-solvability of Sn: it completely characterise
all its descending chains of normal subgroups. More precisely, the normal subgroups of Sn are
the symmetric group Sn, the alternating group of even permutations (Definition C.3.2) An, as
well as the trivial group 0 = {id}, while the only strict normal subgroup of An is 0 (we say it’s
simple). However, this demands a lot of work, and since this is a number theory book and not
an algebra one, we will not prove this. See Weinstraub [31], appendix A, section 3 for an account
of the more general result.
1If one only wants to show that there is no general formula, one doesn’t need to do the first part since the general
polynomial n X − Ai ∈ Q(A1, . . . , An)[X] already has Galois group Sn (where A1, . . . , An are formal variables).
i=1
6.5. EXERCISES 319
Note that if G is solvable, so is any of its subgroups H: 0 = G0 ⊆ . . . ⊆ Gm = G becomes
0 = G0 ∩ H ⊆ . . . ⊆ Gm ∩ H = G
and Gi+1 ∩ H (H ∩ Gi+1) ∩ Gi
Gi ∩ H Gi
=
by the second isomorphism theorem (see Exercise A.3.15†). This is a subgroup of Gi+1/Gi, which
is cyclic, so it’s cyclic itself. Hence, to show that Sn is not solvable for n ≥ 5, it suffices to prove
that S5 is not solvable. This can be done using a computer for instance, as there are only 120
elements. However, we will still present a somewhat more satisfactory proof.
We first prove that the only strict subgroup G of Sn such that Sn/G is abelian is An. Let H be
such a subgroup. Note that, in cycle notation, we have
(1, 2, 4)(1, 4, 2) = id
(1, 3, 5)(1, 5, 3) = id
(1, 2, 3) = (1, 2, 4)(1, 3, 5)(1, 4, 2)(1, 5, 3).
Hence, if we let f ((1, 2, 4)) = x and f ((1, 3, 5)) = y, we get
f ((1, 2, 3)) = f ((1, 2, 4)(1, 3, 5)(1, 4, 2)(1, 5, 3)) = xyx−1y−1 = id
in Sn/G which is abelian by assumption. By symmetry, G contains all 3-cycles. It remains to
prove that the 3-cycles generate An. Since An is generated by the products of two transpositions,
it suffices to prove that 3-cycles generate all products of two transpositions. This follows from
the following equalities
(i, k, j) = (i, j)(i, k)
(i, k, j)(i, k, ) = (i, j)(k, )
for distinct i, j, k, .
Now, we need to prove that G = A5 has no non-trivial normal subgroup. For this, we shall find
the conjugacy classes Cg = {hgh−1 | h ∈ G}. We can check that there are 5 such conjugacy
classes, of respective size 1, corresponding to the identity, 15, 20, 12 and 12. Assume we have
proven this. Since a normal subgroup H is a union of conjugacy classes by definition, it must
contain the trivial class of size 1, corresponding to the identity. But then, it is easy to see that
its cardinality 6o.n3l.y15d∗i,vHidems u|Ast5|b=e 60 for H = A5 or H = {id}. Thus, by Lagrange’s theorem
from Exercise A5 or {id} as wanted. But A5/{id} A5 is not cyclic so we
are done.
To prove that these are the cardinalities of the conjugacy classes, recall Remark 6.5.3:if γ =
(i1, . . . , ik) is a cycle, we have σγσ−1 = (σ(i1), . . . , σ(ik)).
This means that the conjugates of 3-cycles are all 3-cycles, thus forming the class of size 20 (it is
not hard to see that we can pick an even σ). Similarly, there are two pairs of conjugacy classes
of 5-cycles of size 12, because this time our σ will not be even. It only remains to prove that all
15 products of two transpositions (i, j)(k, ) with i, j, k, distinct are conjugate. This is not very
hard:
σ(i, j)(k, )σ−1 = (σ(i), σ(j))(σ(k), σ( )).
Hence, if (i , j )(k , ) is another product of two transpositions, we pick σ(i) = i , σ(j) = j ,
σ(k) = k and σ( ) = . If this has even signature we are done, otherwise exchange i and j .
Finally, to conclude that some algebraic numbers are not expressible by radicals, we only need to
prove that there exist polynomials of prime degree with exactly two non-real roots. One example
is X2 − 4X − 2 (irreducible by Eisenstein’s criterion).
320 CHAPTER 6. THE PRIMITIVE ELEMENT THEOREM AND GALOIS THEORY
Exercise 6.5.20†. We say a finite Galois extension L/K of real fields, i.e. L ⊆ R, is solvable by real
radicals if there is a tower of extensions
K = K0 ⊂ K1 ⊂ . . . ⊂ Km ⊇ L
such that Ki+1 is obtained from Ki by adjoining the nth root of some positive element of Ki to Ki.
Prove that L/K is solvable by real radicals if and only if [L : K] is a power of 2.
Solution
Without loss of generality, by adding more intermediate fields, we can suppose that Ki+1 =
Ki(αi), where αip ∈ K for some prime p. The key point is that, if [L : K] is equal to an odd
prime q, then [L(α) : K(α)] is also equal to q for any αp ∈ K. Let’s see first how this implies
our result: if [L : K] is not a power of 2, say is divisible by an odd prime q, Gal(L/K) has an
element of order q by Cauchy’s theorem 6.3.3, and hence L has a subfield of index q by the Galois
correspondence, say [L : M ] = q. Then, L/M is also solvable by real radicals, but
[L : M ] = [L(α1) : K(α1)] = [L(α1, α2) : K(α1, α2)] = . . . ,
i.e. [LKi : M Ki] = [L : M ] by our lemma. This is a contradiction for i = m: we get [L : L] =
[L : M ]. Conversely, if [L : K] is a power of 2, say L = K(α), L has a subfield M of index 2,
i.e. [L : M ] = 2. Then, α can be obtained by real radicals from M using the quadratic formula.
Repeating this process yields that [L : K] is solvable by square roots as well.
Hence, it suffices to show that, when [L : K] = q, [L(α) : K(α)] = q as well. Note that
Gal(L(α)/K(α)) is a subgroup of Gal(L/K), as we saw in Exercise 6.5.2†. In particular, [L(α) :
K(α)] divides q so must be 1 or q. Suppose for the sake of a contradiction that it is 1 (in
particular α ∈ K). This gives L ⊆ K(α), so q divides [K(α) : K], which is p by Exercise 6.5.9†.
Hence, p = q and L = K(α). But this is impossible, since the conjugates of α are not in L as
primitive qth roots of unity are not real since q ≥ 3.
Exercise 6.5.21†. Let p be a prime number and G ⊆ Sp a subgroup containing a transposition τ
(see the paragraph after Definition C.3.2) and an element γ of order p. Prove that G = Sp. Deduce
that, if f ∈ Q[X] is an irreducible polynomial of degree p with precisely two non-real complex roots,
then the Galois group of the field generated by its roots (called its splitting field , because it is a field
where it splits) over Q is Sp.
Solution
Suppose without loss of generality that τ is 1 ↔ 2 (which we usually denote in cycle notation
τ = (1, 2)). A power of γ, say γk sends 1 to 2. Suppose without loss of generality that γ. By
symmetry between 3, 4, . . . ,, we can in fact suppose that γ is the cycle (1, 2, . . . , p) which sends
1 → 2 → . . . → p → 1. We will prove that G contains all transpositions and thus must be Sp
since transpositions generate the symmetric group by Exercise C.3.12∗. Notice that γτ γ−1 is the
transposition (2, 3) since it goes 2 → 1 → 2 → 3 and 3 → 2 → 1 → 2 and must is the identity
else where since τ is. Similarly, γkτ γ−k is the transposition (k + 1, k + 2). Since
(1, k) = (1, k − 1)(k − 1, k)(1, k − 1),
a straightforward induction tells us that (1, k) ∈ G for all k. Finally, (1, i)(1, j)(1, i) = (i, j) so
G contains all transpositions as wanted.
Now, suppose f is an irreducible polynomial of degree p with only two non-real roots. Since its
degree divides the degree of its splitting field, its Galois group G has an element of order p by
Cauchy’s theorem 6.3.3. Moreover, it contains the transposition corresponding to the complex
conjugation, which exchanges the two non-real roots.
6.5. EXERCISES 321
Exercise 6.5.22†. Let n be a positive integer. Prove that there is a number field K, Galois over
Q, such that Gal(K/Q) Sn. (You may assume the following result of Dedekind: if f ∈ Z[X] is a
polynomial, for any prime number p not dividing the discriminant ∆ of f , the Galois group of f over
Fp is a subgroup of the Galois group of f over Q.2)
Solution
Let’s look at what the injection of GalFp (f ) in GalQ(f ) gives us. We use the cycle notation
σ1 · . . . · σk to mean the permutation σ which decomposes into the disjoint cycles σ1, . . . , σk. A
cycle
σ : i1 → i2 → . . . → ik → i1
will be denoted (i1, . . . , ik) (it is the identity on other elements).
We know from Chapter 4 that GalFp (f ) is generated by the Frobenius morphism. Write f ≡
f1 ·. . .·fk (mod p) with distinct irreducible polynomials fi ∈ Fp[X] of respective degrees ni (there
is no repeated root since p doesn’t divide the discriminant). Then, the Frobenius morphism acts
as a cycle on the roots of each fi, of length ni. Hence, Frob can be written in cycle notation as
σ1 · . . . · σk with σi a cycle of length ni. This implies, by assumption, that GalQ(f ) also has an
element of the form.
We have a lot of freedom on the factorisation of f modulo primes, so let’s put aside the question
of ensuring that the primes we choose do not divide the discriminant of f for the moment and
focus on the rest of the proof. Suppose that G = GalQ(f ) has an n-cycle σ, a transposition τ ,
and an (n − 1)-cycle ψ. Without loss of generality, by symmetry, suppose that ψ = (2, 3, . . . , n).
By consdering σmτ σ−m for an appropriate m, we can assume that τ is the transposition (1, k) for
some k. Indeed, by symmetry, if σ = (1, 2, . . . , n) and τ = (i, j), we have σmτ σ−m = (i+m, j+m).
Since
ψ = (k, k + 1, . . . , n, 2, 3, . . . , k − 1),
we can, again by symmetry, suppose that in fact k = 2. To conclude, we will prove that (1, 2)
and (2, 3, . . . , n) generate Sn, thus implying that G = Sn as desired. By Exercise C.3.12∗,
it suffices to prove that they generate all transpositions. Since ϕ := τ ψ = (1, 2, . . . , n) ∈ G,
we can proceed as we did in Exercise 6.5.21†: (m + 1, m + 2) = ϕmτ ϕ−m ∈ G, and since
(1, m) = (1, m − 1)(m − 1, m)(1, m − 1), we have (1, m) ∈ G for all m by induction. Finally, since
(i, j) = (1, i)(1, j)(1, i), we have all transpositions and we are done: G = Sn.
It remains to prove that we can ensure that the Galois group contains an n-cycle, a transposition,
and an n − 1 cycle. For this, pick three primes p, q, r. Then, choose a polynomial f ∈ Z[X], using
the Chinese remainder theorem, such that
• f is irreducible modulo p,
• f factorises as a product of a polynomial of degree 1 and an irreducible polynomial of
degree n − 1 modulo q, and
• f factorises as a product of an irreducible polynomial of degree 2 and n − 2 polynomials of
degree of degree 1 modulo r (choose r sufficiently large so that there is no common root).
Then, GalFp (f ) contains an n-cycle, GalFq (f ) a transposition, and GalFp (f ) an (n − 1)-cycle. In
addition, the discriminant of f is not divisible by p, q, r since f has no repeated factor modulo
these primes. Hence, by Dedekind’s result and our previous observation, GalQ(f ) = Sn as
desired.
2The Galois group of a polynomial f over a field F is defined as the Galois group of its splitting field over F , i.e. as
Gal(F (α1, . . . , αk)/F ), where α1, . . . , αk are the roots of f .
322 CHAPTER 6. THE PRIMITIVE ELEMENT THEOREM AND GALOIS THEORY
Remark 6.5.3
If γ = (i1, . . . , ik) is a cycle, then it is straightforward to see that σγσ−1 = (σ(i1), . . . , σ(ik)).
This explains how we found our relations.
Cyclotomic Fields
Exercise 6.5.23†. Let ω be a primitive nth root of unity. When is Φm irreducible over Q(ω)?
Solution
Let ζ be a primitive mth root of unity and let ξ be a primitive lcm(m, n)th root of unity. Φm is
irreducible over Q(ω) if and only if ζ has degree ϕ(m) over Q(ω). We have, by Problem 6.3.2,
[Q(ζ, ω) : Q(ω)] = [Q(ξ) : Q(ω)] = [Q(ξ) : Q] = ϕ(lcm(m, n))
[Q(ω) : Q] .
ϕ(n)
Thus, Φm is irreducible over Q(ω) if and only if ϕ(lcm(m, n)) = ϕ(m)ϕ(n). Finally, note that
we always have
ϕ(m)ϕ(n) = pvp(m)−1(p − 1) qvq(n)−1(q − 1)
p|m q|n
= pmin(vp(m),vp(n))−1(p − 1) qmax(vp(m),vp(n))−1(q − 1)
p|m,n q|mn
= ϕ(lcm(m, n))ϕ(gcd(m, n))
since the p − 1 factor is repeated twice when p | m, n and only once otherwise, with exponent
vp(m) + vp(n) − 2 = min(vp(m), vp(n)) − 1 + max(vp(m), vp(n)) − 1 in the first case and exponent
max(vp(m), vp(n)) − 1 in the second. Thus, Φn is irreducible over Q(ω) iff ϕ(gcd(m, n)) = 1, i.e.
iff gcd(m, n) = 1 or 2.
Exercise 6.5.25†. Let n be an integer and m ∈ Z/nZ be such that m2 ≡ 1 (mod n). Prove that
there exist infinitely many primes congruent to m modulo n, provided that there exists at least one
which is greater than n2. (It is also true that our Euclidean approach to special cases of Dirichlet’s
theorem only works for m2 ≡ 1 (mod n), see ??.)
Solution
Suppose that p > n2 is a prime congruent to m (mod n). We have already done the case m = 1
in Exercise 3.3.8∗ and the case m = −1 in Theorem 4.4.1, so suppose m = ±1. Let ω be a
primitive nth root of unity, and let H = {1, m}. Let also σk denote the embedding ω → ωk.
Consider g = (X − ω)(X − ωm). For large k, we have Q(g(N )) = Q(ω)H by Remark 6.3.2.
Now, let f be the minimal polynomial of g(N ), where N is an integer that we will choose later.
Consider discriminant
∆ = ± f (σi(g(N )))
i
by Exercise 3.2.2∗. This is a polynomial of degree ϕ(n)(ϕ(n) − 1) < n2 in N , which can’t always
be divisible by p since p > n2 by assumption. Hence, there is some N such that this is not
divisible by p. Choose this N to also be divisible by n, using CRT.
We are now ready to finish. Suppose for the sake of a contradiction that there are a finite number
of such primes p1 = p, p2, . . . , pk. Let Q be the product of the possible exceptions, i.e. the prime
divisors of f which are not congruent to 1 or m modulo p. Pick an M congruent to g(N ) or
g(N ) + p modulo p2, so that vp(f (M )) = 1 using Corollary 5.3.1. Pick also M to be divisible by
6.5. EXERCISES 323
np2 · . . . · pkQ. Since
f (0) = ±Φn(N ) ≡ Φn(0) = ±1 (mod n)
, we know that the prime factors of f (0) are all congruent to 1 modulo n. Thus, the prime factors
of f (M ) ≡ f (0) (mod np2 · . . . · pkQ) are all congruent to 1 or m modulo n since we don’t run
in an exception. Since, by assumption, the only primes congruent to m modulo n are the pi,
this means that f (N ) is divisible only by primes congruent to 1 modulo n, and potentially by p
too. Since we also have vp(N ) = 1, we get f (N ) ≡ ±m (mod n) depending on its sign. This is
a contradiction if m = ±1 since we have f (N ) ≡ f (0) ≡ ±1 (mod n).
Exercise 6.5.26† (Mann). Suppose that ω1, . . . , ωn are roots of unity such that n aiωi = 0 for
i=1
some ai ∈ Q and i∈I aiωi = 0 for any non-empty strict subset I ⊆ [n]. Prove that ωim = ωjm for any
i, j ∈ [n] where m is the product of primes at most n.
Solution
Suppose without loss of generality that ω1 = 1, by dividing everything by ω1. Next, let m the
smallest integer such that ωim = 1 for all m, let p be a prime factor of m and write m = pkr
for some p s. We will prove that p ≤ n and r ≤ 1, thus yielding the wanted result. Let
ω = exp 2iπ be a primitive pkth root of unity, and write ωi = ζti ωsi for some si ≤ p − 1, where
pk
ζ = exp 2iπ is a primitive m/pth root of unity. Inded, if ωi = exp 2 iπ , we have
m/p m
ζti ωsi = exp tip + sir
m
and it suffices to choose sir ≡ (mod p). The equation
n
aiωi = 0
i=1
thus becomes f (ω) = 0 for some f ∈ Q(ζ) of degree at most p − 1, which is non-zero by
assumption. Let’s compute the degree of ω over Q(ζ):
[Q(ω, ζ) : Q(ζ )] = [Q(ω, ζ) : Q] = ϕ(pk r) = p − 1 if k = 1 .
[Q(ζ) : Q] ϕ(pk−1r) p if k ≥ 2
Thus, we already reach a contradiction if k ≥ 2 since f has degree less than p. Hence, k = 1 and
we must have
f = α(1 + X + . . . + Xp−1).
However, f has at most k non-zero coefficients, which implies p ≤ k as wanted.
Exercise 6.5.27. Which quadratic subfields does a cyclotomic field contain?
Solution
Given a positive integer m, we let ωm denote a primitive mth root of unity. We have seen that,
when p is odd, −1 p ∈ Q(ωp). Hence, −1 p ∈ Q(ωn) whenever p | n. This implies that
p p
−1 ∈ Q(ω√n) whenever m|n is odd, and −1 is the Jacobi symbol. In Problem 6.3.3, we
m √ m √
also saw that 2 ∈ Q(ω8) so 2 ∈ Q(ωn) when 8 | n. Also, we of course have −1 ∈ Q(ω4) so
324 CHAPTER 6. THE PRIMITIVE ELEMENT THEOREM AND GALOIS THEORY
√
−1 ∈ Q(ωn) when 4 | n. To summarise the above discussion, Q(ωn) contains all the quadratic
subfields of the form
• Q( −1 ) when m is a squarefree positive odd divisor of n
m
√
• Q( ±m) when m is a squarefree odd divisor of n and 4 | n
√
• Q( ±2m) when 8 | n and m is a squarefree odd divisor of n.
√
We claim that these are all the subfields of Q(ωn). Suppose that Q(ωn) contains Q( m) with
minimal m not of the wanted form. Then, Q(ωn) and Q(ω4m) have a non-trivial intersection so
n and 4m have gcd at least 3 by ??. First suppose that they have a common odd prime divisor
p. Then Q(ωn) contains Q( −1 m/p) which contradicts the minimality of m. Otherwise, if
p
the gcd is exactly 4, the intersection is Q(i) so m = −1 which is in√our list of described subfields.
Otherwise, the gcd is at least 8 which means that m is odd and 2 ∈ Q(ωn) so Q(ωn) contains
Q( m/2) which contradicts the minimality of m again.
Exercise 6.5.28†. Prove the Gauss and Lucas formulas: given an odd squarefree integer n > 1, there
exist polynomials An, Bn, Cn, Dn ∈ Z[X] such that
4Φn = A2n − n−1 nBn2 = Cn2 − (−1) n−1 nX Dn2 .
2
(−1) 2
Deduce that, given any non-zero rational number r, there are infinitely many pairs of distinct rational
prime (p, q) such that r has the same order modulo p and modulo q.
Solution
Let ω be a primitive nth root of unity an√d set n∗ = −1 n = (−1) n−1 n. Notice that the
n 2
exp√ression A2 − n∗B2 is a norm in Q[X]( n∗). Exercise 6.5.27 tells us that Q(ω) contains
Q( n∗√), so we just need to write Φn√in the form U V where U, V are polynomials conjugate in
Q[X]( n∗). This is easy: in Q(ω)/Q( n∗), we can see that the conjugates of ω are ωk for k =
σk :→ ωk fixes √p∗ iff n
an√even number of √p∗,
1. Indeed, k = 1 and negates it otherwise. Since k = p|n k ,
σk negates p √ √p∗ iff = 1. n p
i.e. fixes n∗ = p|n k This means that
n
Gal(Q(ω)/Q( n∗)) = {σk | k = 1}. Thus, we can write
n
Φn = X − ωk X − ωk
( k )=1 ( k )=−1
n n
√ √ so the coefficients of A and B
as wanted. Note that the ring of integers of Q( n∗) is Z 1+ n∗
2
are in 1 Z which gives us the factor of 4 on the left as wanted. We also have the formula
2
√ X − ωk,
An + Bn n∗ =
( k )=1
n
which can be used to derive the explicit formulas
2An = X − ωk + X − ωk
( k )=1 ( k )=−1
n n
and √ X − ωk − X − ωk.
2Bn n∗ =
( k )=1 ( k )=−1
n n
6.5. EXERCISES 325
For Lucas’s formula, we wish to have
Φn(X)Φn(−X)Φn(X2) = Cn(X2)2 − n∗(XDn(X2))2.
For this consider the equality
√√ √
Un + Vn n∗ = (An(X) + Bn(X) n∗)(An(−X) − Bn(−X√) n∗)
= (An(X)An(−X) − n∗Bn(X)Bn(−X)) + n∗(An(−X)Bn(X) − An(X)Bn(−X)).
Note that Un(−X) = Un(X) so Un = Cn(X2) for some Cn while Vn(−X) = −Vn(X) so Vn =
XDn(X2) for some Dn. These Cn and Dn are the ones we were looking for.
Finally, we prove that, for any non-zero r = a/b ∈ Q, there are infinitely many integers n such
that (the numerator of) Φn(a, b) has at least two distinct prime factors, unless r = ±1 but these
r have the same order modulo any odd prime. One piece of notation: by multiplying the equality
4Φn(X/Y ) = Cn(X/Y )2 − X/Y Dn(X/Y )2, we get an equality of the form
4Φn(X, Y ) = Cn(X, Y )2 − XY Dn(X)2.
Without loss of generality, a and b are coprime and b > 0. First, we treat the case where ab has
even dyadic valuation. If we restrict ourselves to odd n, we can also assume that a is positive,
since we then have Φ2n(a, b) = Φn(−a, b). Thus, suppose that a and b are positive and coprime
and let m be the squarefree part of ab. Suppose that m = 1. Then, if p is a prime factor of m,
we have 4Φpkm(a, b) = 4Φm(apk , bpk ) = Cm(apk , bpk )2 − m(ab)pk Dm(apk , bpk )2.
Here is the magic: m(ab)pk is a perfect square so this is a difference of two squares which
factorises! It remains to prove that the two factors are not both of the form 2q for some prime
q. Indeed, we can ensure that all prime factors q of Φpkm(a, b) are such that a/b has order pkm
modulo q: the only other possible prime factors are common divisors of a and b, of which there
are none, and prime factors of m | ab, which also implies that they are common divisors of a and
b. Finally, since deg Cn > deg Dn, the two factors are asymptotically equivalent (the quotient
goes to 1), so if they both had the form 2q , they would need to be equal for large p. This is of
course impossible. When m = 1, we can consider the equation Φ3 = X2 + X + 1 = (X + 1)2 − X
to get a difference of squares in the same way (replace p by 3) and the same conclusion applies.
It only remains to treat the case where ab has odd dyadic valuation. In that case, we shall derive
a formula of the form
Φ2n = Cn(X)2 − nXDn(X)2
for any squarefree even n. It is clear that the above argument will work as before as long as
the squarefree part m of ab has an odd prime factor p, i.e. is not equal to 2 since it’s even by
assumption. We can simply consider Φ12 = X4 − X2 + 1 = (X2 + X + 1)2 − 2X(X + 1)2 in that
case (and raise X to the power 3k for large k).
Hence, it suffices to show that there exist such polynomials Cn and Dn for even squarefree n.
Without loss of generality, we can assume that n is positive since Φ2n(X) = Φn(X2) = Φ2n(−X).
Our formula is equivalent to Φ4n(X) = Cn(X2)2 − n(XDn(X2))2. We wil√l now proceed as
before. Let ω be a primitive nth root. By Exercise 6.5.27, Q(ω) contains Q( n) and we have
√ 1}, by definition of the Kronecker symbol
Gal(Q(ω)/Q( n) = {σk | k = k = k k ,
n n n/2 2
√
where k = (−1) k2 −1 . Indeed, it is easy to see that σk fixes 2 iff k = 1, and the rest follows
2 8 2
from a parity argument as before. Thus,
√ X − ωk
Un + nVn =
( k )=1
n
326 CHAPTER 6. THE PRIMITIVE ELEMENT THEOREM AND GALOIS THEORY
satisfty Φ4n = Un2 − nVn2. We wish to show that Un is a polynomial in X2 and Vn is X times a
polynomial in X2, i.e. that Un is even and Vn odd. This follows from the equalities
2Un = X − ωk + X − ωk
( k )=1 ( k )=−1
n n
and √ X − ωk − X − ωk.
Indeed, we have 2 nVn =
( k )=1 ( k )=−1
n n
−X − ωk = X + ωk
( k )=±1 ( k )=±1
n n
= X − ωk+2n
( k )=±1
n
= X − ωk
( k )=∓1
n
since k+2n = k for any odd prime p but k+2n =− k as 2n ≡ 4 (mod 8). This concludes
p p 2 2
the proof.
Remark 6.5.4
Schinzel has generalised our identities to give a wide class of cyclotomic polynomials with at least
two distinct prime factors. See [25].
Miscellaneous
Exercise 6.5.30†. Let f ∈ Q[X] be an irreducible polynomial with exactly one real root of degree at
least 2. Prove that the real parts of its non-real roots are all irrational.
Solution
Let α be the real root and let β be any non-real root. Suppose for the sake of a contradiction
that 2 (β) = β + olβ is rational. Let σ be an embedding of Q(β) sending β to α. Then,
α + σ(β) = 2 (β) since 2 (β) is rational so fixed by σ, which implies that σ(β) is real. Since
α is the only real root by assumption, we get σ(β) = α which implies that α = (β) is rational
and is a contradiction.
Remark 6.5.5
It is not√true at all in general that√embed√dings commute wit√h comple√x conjug√ation. F√or instance,
over Q( 3 2, j), the embedding σ : 3 2 → 3 2j, j → j2 sends 3 2j2 to 3 2, and 3 2j to 3 2j2, which
are not complex conjugate.
Exercise 6.5.31†. Let K be a number field of degree n. Prove that there are elements α1, . . . , αn of
K such that
OK ⊆ α1Z + . . . + αnZ.
By showing that any submodule of a Z-module generated by n elements is also generated by n elements,
deduce that OK has an integral basis, i.e. elements β1, . . . , βn such that
OK = β1Z + . . . + βnZ.
6.5. EXERCISES 327
Solution
Let α ∈ OK be a primitive element for K. Suppose that n−1 aiαi ∈ Z for some ai ∈ Q. We
i=0
will prove that the denominator of the ai are bounded. Set Emb(K) = {σ1, . . . , σn}. Consider
the following system of equations:
a0 + a1σ1(α) + . . . + an−1σ1(α)n−1 = A1
+ a1σ2(α) + . . . + an−1σ2(α)n−1 = A2 .
a0
.......................................
+ a1σn(α) + . . . + an−1σn(α)n−1 = An
a0
for some A1, . . . , An ∈ Z. This can be written in matrix form as
1 σ1(α) · · · σ1(α)n a1 A1
1 σ2(α) · · · σ2(α)n a2 A2
= .
... ... ... ... ... ...
1 σn(α) · · · σn(α)n an An
Write this equation as M a = A ⇐⇒ a = AM −1. Then, by Exercise C.3.18∗, we know that the
ai are linear combinations of algebraic integers divided by det M . However,
D := det(M )2 = ± σi(α) − σj(α) ∈ Z
i=j
by Vandermonde, so that Dai ∈ Z for any i, i.e. Dai ∈ Z since Dai ∈ Q. (This is the application
of the exact value of the Vandermonde determinant promised in Remark C.3.2!) This shows that
OK ⊆ 1 + ... + 1 αn−1Z
DZ D
as wanted.
It remains to prove the second part. We proceed by induction on the number of generators n (it
is trivial when n = 0). Suppose that M= n αi Z and N ⊆ M is a submodule. Define M as
N as N ∩ M . Using i=1 = β2Z + . . . + βnZ. Now,
n
i=2 αiZ, and the induction hypothesis, set N
consider the S set of rational integers k such that kα1 + β ∈ N for some β ∈ N . Since N is
a Z-module, A is an additive subgroup of Z which thus has the form b1Z for some b. (Indeed,
pick the smallest positive element b1 ∈ A and consider the remainder of the Euclidean division
of k ∈ A by b1 to show that b1 | k, as otherwise A would contain a smaller positive element.)
Set
β1 = b1α1 + b2α2 + . . . + bnαn ∈ N
for some b2, . . . , bn. If α = n aiαi is an element of N, we have a1 ∈ A so a1 = kb1 for some
i=1
k and thus α − kβ ∈ N . Hence,
N = β1Z + N = β1Z + β2Z + . . . + βnZ
as wanted.
Exercise 6.5.32†. Let f ∈ Q[X] be an irreducible polynomial of prime degree p and denote its roots
by α0, . . . , αp−1. Suppose that
λ0α0 + . . . + λp−1αp−1 ∈ Q
for some rational λi. Prove that λ0 = . . . = λp−1.
328 CHAPTER 6. THE PRIMITIVE ELEMENT THEOREM AND GALOIS THEORY
Solution
Let K = Q(α0, . . . , αp−1). Since p = [Q(α0) : Q] divides [K : Q] = | Gal(K/Q), Gal(K/Q) has
an element σ of order p by Cauchy’s theorem 6.3.3. By relabelling the αi, suppose without loss
p−1
of generality that σ sends αk to αk+1. Let S = i=0 λiαi ∈ Q. Then, by applying σ to the
equation p−1 λiαi multiple times, we get the following system of equations in the αi
i=0
λ0α0 + . . . + λp−1αp−1 = S
λ0α1 + . . . + λp−1α0 = S
. . . . . . . . . . . . . . . . . . . . . . . . . . .
λ0αp−1 + . . . + λp−1αp−2 = S.
Since this system has a non-trivial solution (the trivial one being α0 = . . . = αp−1), its determi-
nant must be zero. By Exercise C.5.6, this circulant determinant is
g(ω)g(ω2) · . . . · g(ωp−1)
where ω is a primitive pth root of unity and g = p−1 λiX i . Thus, g(ωk) = 0 for some
i=0
k ∈ [p − 1]. Since p is prime, the ωk for k ∈ [p − 1] are all conjugate with minimal polynomial
Φp = 1 + . . . + Xp−1. Thus, Φp | g. Since deg Φp ≥ deg g, we have g = λΦp for some λ ∈ Q.
This yields λ0 = . . . = λp−1 = λ as wanted. (Conversely, all such λi work since the sum of the
conjugates of an algebraic number is rational.)
Exercise 6.5.33† (TFJM 2019). Let N be an odd integer. Prove that there exist infinitely many
rational primes p ≡ 1 (mod N) such that x → xn+1 +x is a bijection of Fp, where n = p−1 .
N
Solution
The idea is that, if ω + 1 is an N th power in Fp for all N th roots of unity ω ∈ Fp, then
f is a bijection. Indeed, this means that (ω + 1)n = p−1 = 1 for any k. Then, if
(ω + 1) N
xn+1 +x = yn+1 + y, by raising the equation to the n = p−1 th power, since xn and yn are N th
N
roots of unity, we get
xn = yn
as (xn + 1)n = (yn + 1)n = 1. But then, our original equation becomes
x(1 + xn) = y(1 + yn)
so x = y or xn = −1. However, the latter implies (−1)N = xp−1 = 1 which is impossible since
N is odd by assumption.
, Thus, we are done if we find infinitely many p such that ω + 1 is an N th power in Fp for any
N th root ω ∈ Fp. Let ζ ∈ C be a complex primitive N th root of unity. Consider the polynomial
f = X − ζi N ζj + 1,
i,j
which has integer coefficients by the fundamental theorem of symmetr√ic polynomials. Then, any
p ∈ Psplit(f ) which doesn’t divide N nor f (0) works (the idea is that N ω + 1 will exist in Fp for
such a p). Let p be such a prime, and let α1, . . . , αm be the roots of f in Fp. We will prove that,
for any root N th root of unity ω ∈ Fp, ω + 1 is the N th power of an element of Fp (in particular,
ω + 1 ∈ Fp). Note that ω + 1 = 0 since p f (0). By the fundamental theorem of symmetric
polynomials, we have
ω + 1 − αkn = ζk − (ζi N ζj + 1)n = 0
ωk k i,j
as wanted.
6.5. EXERCISES 329
Exercise 6.5.34†. Let f ∈ C(X) be a rational function, and suppose f sends rational integers
algebraic integers to algebraic integers. Prove that f is a polynomial.
Solution
By linear algebra, f has coefficients in a number field K (which we will assume without loss of
generality to be Galois). Indeed, consider the system of linear equations in the coefficients of its
numerator g and denominator g
g(n1) = α1h(n1), . . . , g(nk) = αkh(nk)
for n1, . . . , nk ∈ Z and α1, . . . , αn ∈ Z. It has in solution in some finite-dimensional K :=
Q(α1, . . . , αk)-vector space V (the one generated by the coefficients), and thus also in K, for
instance by considering a basis 1, v1, . . . , vm of V and looking at the coefficient of 1. Next,
notice that for k > deg g + deg h, these conditions completely determine f: if g(n) = u(n) for
h(n) v(n)
deg g + deg h + 1 values of n and some polynomials u and v of same degrees as g and h, the
polynomial gu − hv has more roots than its degree so must be identically zero.
Now, consider its conjugates
(f1, . . . , fk) = (σ1(f ), . . . , σk(f )),
where {σ1, . . . , σk} = Gal(K/Q). By assumption, for any i,
ei(f1, . . . , fk)
takes infinitely many values which are rational integers at rational integers. Thus, it is a poly-
nomial by Exercise 5.5.1†. This implies that f is integral over the ring of polynomials C[X]: it’s
a root of the monic polynomial
(Y − f1) · . . . · (Y − fk) ∈ C[X][Y ].
However, it is also rational over C[X] since it is in C(X). Thus, an analogue of Proposition 1.1.1
shows that it must be in C[X], as a rational integral (over C[X]) element of C(X) (C[X] is a
UFD so the same proof as Proposition 1.1.1 works).
Chapter 7
Units in Quadratic Fields and Pell’s
Equation
7.1 Fundamental Unit
Exercise 7.1.1∗. Prove that α is invertible if and only if its norm is ±1.
Solution
If α is invertible than so are its conjugate σi(α) since αβ = 1 transforms into σi(α)σi(β) = 1.
Thus, so is the product of its conjugates, i.e. its norm. But we have seen that the only invertible
rational integers are ±1. Conversely, if N(α) = ±1 then α times ± the product of its other
conjugates is 1 so α is invertible.
7.2 Pell-Type Equations
Exercise 7.1.2∗. Prove Proposition 7.1.1.
Solution
We ha√ve already shown that these√were the only units of Q(i) and Q(√j) in Chapter 2. The units
of Q( −d) are the elements a + b −d of OQ(√−d) satisfying N (a + b −d) = a2 + db2 = 1 since
the norm is p√ositive so cannot be −1. For d = 2, there are only the trivial solutions ±1 since
OQ(√−2) = Z[ −2] and |b| ≥ 1 implies a2 + 2b2 ≥ 2 while |a| ≥ 2 implies a2 + 2b2 ≥ 4.
If d ≥ 5 (d = 4 is not squarefree), a and b are both half integers so a2 + db2 ≥ 5 > 1 if |b| ≥ 1
4
which implies b = 0 from which we get a = ±1, corresponding to the units ±1.
Exercise 7.2.1∗. Prove that OQ(√u)/βOQ(√u) is finite if β = 0.
Solution
Let α be such that O := OQ(√u) = Z[α] (see Proposition 2.1.1). Note that, when β = m is a
rational integer, this has exactly m2 = N (m) elements since m | a + bα iff m | a, b (by definition
c + dα is an algebraic integer for rational c, d iff c and d are integers).
330
7.3. STØRMER’S THEOREM 331
For the general case, note that O/βO ⊆ O/N (β)O since β | N (β) so the former has a finite
number of elements too.
7.3 Størmer’s Theorem
Exercise 7.3.1∗. Prove that ym | yn iff m | n.
Solution
This is exactly the same as Exercise 4.3.1∗ but in number fields. Write yn = αn√−βn with
2d
α, β ∈ OQ(√d). Note that ym | yn iff αm − βm | αn − βn which is equivalent to α/β = α2 having
order dividing n modulo αm − βm. Since its order is exactly m, this is equivalent to m | n.
Remark 7.3.1
This solution also works for the more general problem where α, β are in any number field K, but
the difficulty lies in showing that OK mod γ is finite for any non-zero γ ∈ OK, so that talking
about the order makes sense. This follows for instance from Exercise 6.5.31†.
7.4 Units in Complex Cubic Fields and Kobayashi’s Theorem
Exercise 7.4.1. Why does looking at the (2k)2 Pell-type equations ax2 − by2 = k for squarefree
integral S-units a, b not prove that u − v = k has finitely many integral S-units solutions?
Solution
It doesn’t work because there are no reason for it to work, we were simply lucky before. Indeed,
the solutions of Proposition 7.2.4 are very messy: they have the form αkβi f√or some α and
elements β1, . . . , βn. The problem is the additional factor: if we look as the d part we get
something of the form
yn = a n xn−2k−1y2kdk + b n xn−2ky2kdk
2k + 1 2k
k
k
which has too many terms to work with. In particular, we can’t even restrict ourselves to the
n = p prime case since we do not necessarily jave yn | ym when n | m.
Exercise 7.4.2∗. Prove Theorem 7.4.2 in the case where a/b is a rational cube.
Solution
Write au3 = bv3 = c with non-zero u, v ∈ Z. Then, ax3 + by3 = k becomes
(xv)3 + (yu)3 = ku3v3/c
so it suffices to consider the case where a = b = 1. We have x + y | x3 + y3 = k, say x + y = d.
It suffices to show that there are finitely many solutions for a fixed d since k has finitely many
332 CHAPTER 7. UNITS IN QUADRATIC FIELDS AND PELL’S EQUATION
divisors. In fact we will prove that there is at most one solution for a fixed d. We have
x2 − xy + y2 = k k
= := d .
x+y d
Thus, 3xy = (x + y)2 − (x2 − xy + y2) = d2 − d . Hence, x and y are roots of
X2 − d2 − d X + d
3
by Vieta’s formulas which implies that there is at most one (unordered) pair of solutions as
wanted.
Exercise 7.4.3∗. Prove that the only roots of unity of √ are ±1, ±j and ±j2.
Q( 3 d, j)
Solution
Note that 2iπ 2iπ 2iπ
Q exp n , exp m = Q exp lcm(m, n)
since the RHS clearly contains the LHS, and exp 2iπ = exp 2iπ a exp 2iπ b where am +
lcm(m,n) n m
bn = gc√d(m, n) by Bézout. Thus, if n is the greatest order of a root of unity ω contained in
K = Q( 3 d, j), then 6 | n since −j has order 6.
By Chapter 3, ω has degree ϕ(n), and since K has degree 6 we get ϕ(n) | 6. This implies
n ∈ {6, 12, 18}. n = 6 is what we want, so we need to show that the other two cases are
impossible. For this, note that ϕ(12) = ϕ(18) = 6, so if it were the case then we would have
K = Q(ω).
To finish, we shall imitate the solution of Problem 6.3.1 to show that this is impossible, i.e. that
the Galois group of K is not abelian. Note that the embeddings of K are
σ(a,b) : √√
3 d → ja 3 d
j → jb
for a ∈ Z/3Z and b ∈ (Z/3Z)×. Moreover, by Exercise 6.3.6∗, we have
σ(0,−1) ◦ σ(1,1) = σ(−1,−1)
and
σ(1,1) ◦ σ(0,−1) = σ(1,−1)
so σ(0,−1) and σ(1,1) do not commute which means that Galois group of K is not abelian as
wanted.
Exercise 7.4.4∗. Prove that θ/σ(θ) ∈ {±j, ±j2} is also impossible.
Solution
• θ/σ(θ) = ±j yields
√√ √√
x + y 3 d + z 3 d2 = ±j(x + yj 3 d + zj2 3 d2)
which means x = 0 since there’s no j term on the left and y = 0 since there’s no j2 term
7.5. EXERCISES 333
√√
on the left. Thus θ = z 3 d2 which is impossible since the norm of z 3 d2 is z3d2 which can’t
be 1.
• θ/σ(θ) = ±j2 yields
√√ √√
x + y 3 d + z 3 d2 = ±j2(x + yj 3 d + zj2 3 d2)
which means x = 0 since√there’s no j2 term on the left and z = 0 s√ince there’s no j term
on the left. Thus θ = y 3 d which is impossible since the norm of y 3 d is y3d which can’t
be 1.
7.5 Exercises
Diophantine Equations
Exercise 7.5.1† (ISL 1990). Find all positive rational integers n such that 12 +...+n2 is a perfect
n
square.
Solution
Note that 12 + . . . + n2 (n + 1)(2n + 1)
=.
n6
Thus, this is equal to k2 is and only if
2n2 + 3n + 1 = (n + 1)(2n + 1) = 6k2,
i.e.
(4n + 3)2 − 48k2 = 1.
Thus, we xw=ant(7+to√s4o8)lnv+e2 (t7h−e√P48enl)l equation x2 − 48y2 = 1 with x ≡ 3 (mod 4). The solutions are
given by and it is easy to see that this is congruent to 3 modulo 4 when
n is odd. Indeed, modulo 4 it is congruent to
√√
(7n + n7n−1 48) + (7n − n7n−1 48) = 7n ≡ (−1)n.
2
√
Exercise 7.5.2† (BMO 1 2006). Let n be a rational integer. Prove that, if 2 + 2 1 + 12n2 is a
rational integer, then it is a perfect square.
Solution
The solutions to the equation x2 − 3y2 = 1 are given by xm = αm +βm , ym = αm −β m , where α
√ 2 2(α−β)
and β are the conjugate fundamental units 2 ± 3). Since y1 = 1 and y2 = 4, y√m is even iff n is.
Thus, by assumption, since 1 + 3(2n)2 is an integer, we have 2n = y2m and 1 + 12n2 = x2m
for some m, i.e.
2+ 1+ 12n2 = 2+ 2· α2m + β2m = 2αmβm + α2m + β2m = (αm + βm)2 = (2xm)2.
2
334 CHAPTER 7. UNITS IN QUADRATIC FIELDS AND PELL’S EQUATION
Exercise 7.5.4† (RMM 2011). Let Ω(·) denote the number of prime factors counted with multiplicity
of a rational integer, and define λ(·) = (−1)Ω(·). Prove that there are infinitely many rational integers n
such that λ(n) = λ(n + 1) = 1 and infinitely many rational integers n such that λ(n) = λ(n + 1) = −1.
Solution
For the first part, let (x, y) be a solution to the Pell equation x2 − 6y2 = 1. Then, n = 6y2 has
an even number of prime factors and so does n + 1 = x2.
For the second part, let (x, y) be a solution to the Pell-type equation 3x2−2y2 = 1. Then, n = 3y2
has an odd number of prime factors, and so does n+1 = 2x2. Note that this e=qu(a3t+i2o√n2h)na+2s (i2n−fi2n√it2e)nly,
many solutions. Indeed, the Pell equation z2 − 2y2 = 1 has the solutions z
and this is divisible by 3 iff n is odd.
Exercise 7.5.5†. Let k be a rational integer. Prove that there are infinitely positive integers n such
that n2 + k | n!.
Solution
By Proposition 7.2.3, the equation x2 − dy2 = −k has infinitely many solutions if it has at least
one and d isn’t a perfect square. Thus, pick an r such that r2 + k = d is not a perfect square (this
is true for sufficiently large m since gaps between consecutive perfect squares are increasing) and
consider any solution n to the equation n2 − dm2 = −k, which has infinitely many solutions since
(n, m) = (r, 1) is one. Finally, note that
n2 + k = dy2 = y · dy | (dy2 − k)! = n!
for sufficiently large y.
Pell-Type Equations
Exercise 7.5.11†. Let d be a rational integer. Solve the equation x2 − dy2 = 1 over Q.
Solution
We will solve this geometrically! The idea is that we (almost) get a correspondence between the
rational points of our conic (the curve x2 + dy2 = 1), and the rational points of the horizontal
line y = 0. Indeed, if we have a rational point p on the conic, we get a rational point on the
horizontal line by intersecting it with the line going through p and (1, 0). Conversely, if we have
a rational point q on the horizontal line and intersect the conic with the line going through q and
(1, 0), we get a rational point on the conic.
Let’s make this more explicit. Let (0, t) be a rational point on the horizontal line. Then, the line
joining (0, t) with (1, 0) is y = t(1 − x). When we intersect this with the conic, we get
x2 + dt2(1 − x)2 = 1 ⇐⇒ x + 1 + dt2(1 − x) = 0 ⇐⇒ x= dt2 + 1
dt2 − 1 .
7.5. EXERCISES 335
From this, we get y = 2t . Thus, the solutions are
dt2 −1
dt2 + 1 2t t ∈ Q ∪ {(1, 0)}.
,
dt2 − 1 dt2 − 1
Exercise 7.5.13†. Prove that the equation x2 − 34y2 = −1 has no non-trivial solution in Z despite
−1 being a square modulo 34.
Solution
√√
The fundamental unit of Q( −34) is 35 + 6 34 which has norm 1.
Fundamental Units
Exercise 7.5.15†. a+b √√
Let√d ≡ 1 (mod 4) be a squa√refree integer, and suppose η = 2 d ∈ Z[ d] is the
fundamental unit of Q( d). Prove that ηn ∈ Z[ d] if and only if 3 | n.
Solution
Let’s look at Z[η] = OQ(√d) modulo 2: there are four elements since a+bη ∈ Z[η] iff a , b ∈ Z.
2 2 2
Out of these four, three are invertible modulo 2 and the last isn’t (it’s 0): 1 · 1 ≡ 1, η · η ≡ 1, and
η + 1 ≡ η which is invertible by the previous equality. Indeed, by assumption η − η ≡ η + η ≡ 1
(mod 2).
In other words, 2 is prime in Z[η], since an element√is either invertible modulo 2 or divisible by 2
(note that this relies on the assumption that η ∈ Z[ d], in general, for d ≡ 1 (mod 4), 2 is prime
iff d ≡ 5 (mod 8)). Thus, by Fermat’s little theorem in Z[η]/2Z[η] (this is a finite field with 4
elements, see Theorem 4.2.1), the order of η modulo 2 divides 3. Since η ≡ 1, its order must be
exactly 3. Finally, we have
√ ⇐⇒ ηn − η−n ∈ Z ⇐⇒ 2 | η2n − 1 ⇐⇒ 3 | 2n ⇐⇒ 3|n
ηn ∈ Z[ d] 2
as wanted.
Exercise 7.5.16†. Let d = 1 be a square√free rational integer, and suppos√e that 22n + 1 = dm2 for
some integers n, m ≥ 0. Show that 2n + m d is the fundamental unit of Q( d), provided that d = 5.
Solution
√
Clearly, m√is odd. Suppose fo√r the sake of a contradiction that 2n + m √d is not the fundamental
unit of Q( d). Then, 2n + m d is the mth power of an element η ∈ Q( d) for some m. Without
loss of generality, we may assume that m =√p is pr√ime (by replacing η by αm/p). First, suppose
that p is odd. Suppose also that η = u + v d ∈ Z[ d], where u and v are positive. Then,
√√
2n + m d = (u + v d)p
336 CHAPTER 7. UNITS IN QUADRATIC FIELDS AND PELL’S EQUATION
gives us
2n = p up−2kv2kdk = u p up−2k−1v2kdk.
2k 2k
k
k
Thus, u | 2n. Notice that the second factor is congruent to pvp−1 d p−1 modulo u and that this is
2
coprime with u as p and d are odd and u, v are coprime since 2n and m are. Thus, either u = 1
or u = 2n. The former is impossible since the unit is non-trivial, and the latter as well since the
second factor is at least pvp−1 d p−1 > 1.
2
u+v √ d for some odd u, v.
2
Now, suppose that η = Then, we get exactly the same equation as
before, but with n replaced by n + p:
2n+p = p up−2kv2kdk = u p up−2k−1v2kdk.
2k 2k
k
k
(We distinguished the two cases because we want u and v to be coprime for the two factors to
be as well.) As before, u = 1 or u = 2n+p: the latter is still impossible as the second factor is
at least pvp−1 d p−1 > 1, but now the former could be possible since the unit is non-trivial (the
2
rational part is now 1 and not 1). However, it gives dv2 ∈ {5, −3}: the first case is ruled out by
2
the hypothesis and the latter is impossible.
√√
It only remains to settle the case p = 2 now. In that case, suppose first that η = u+v d ∈ Z[ d].
Then, we get √√ √
2n + m d = (u + v d)2 = (u2 + dv2) + 2uv d
u+v √ d for some odd u, v, we get
2
and this is impossible since m is odd. Finally, if η =
√√ √
2n+2 + 4m d = (u + v d)2 = (u2 + dv2) + 2uv d
which is impossible since 2uv is not divisible by 4.
Remark 7.5.1
We could have also used Carmichael’s theorem from Exercise 4.6.33†: we have
2n = αm + βm
,
2
√
with√m odd (since 2n + y d is not a square), where α and β are the conjugate fundamental units
of Z[ d]. Since m is odd, we do not have to consider any exceptions, and we get that αm − (−β)m
has a primitive prime factor p which does not divide α + β. Since α + β is even (it’s twice the
rational part of α), √this implies that p is odd, which√is a contradiction since 2n has no odd prime
factor√. Thus, 2n +y d is the fundamental unit of Z[ d], but√it might not be the fundamental unit
of Q( d). √The last case we need to consider is when 2n + y d = η3, where η is the fundamental
unit of Q( d), by Exercise 7.5.15†.
Exercise 7.5.17†. Suppose that d = a2 ± 1 is squarefree, where a ≥ 1 is some rational integer and
let k ≥ 0 be a rational integer. Suppose that the equation x2 − dy2 = m has a solution in Z for some
|m| < ka. For sufficiently large d, prove that |m|, d + m or d − m is a square.
Solution
√
No√te that, the assumption that d = a2 ± 1 gives us that θ =√ a + d is the fundamental unit of
Q( d). Indeed, if x2 − dy2 = ±1 for some y = 0, then x ≥ d − 1 so x ≥ a.
√
Suppose (x, y) is a positive solution to x2 − dy2 = m. By dividing x + y d by a suitable power
7.5. EXERCISES 337
of θ (this √may change the sign of m but doesn’t change its absolute value), we may assume that
1 ≤ x + y d < θ. Then,
√ ≤ |x + √ + |x − √ < θ + |m| < 2a + k + o(1).
|2y d| y d| y d|
θ
Thus, |y| < 1 + o(1). For sufficiently large a, our inequality forces |y| = 1 or y = 0. If |y| = 1, we
get that m + d is a perfect square, and if y = 0 we get that m is a perfect square as wanted.
Remark 7.5.2
The argument used in Remark 5.5.1 can be slightly modified to show that, for any choice of ±1,
there exist infinitely many squarefree numbers of the form a2 ± 1.
Exercise 7.5.18†. Solve completely the equation x3 + 2y3 + 4z3 = 6xyz + 1 which was seen in
Problem 6.2.2.
Solution
√√
Since the norm o√f x + y 3 2 + z 3 4 is x3 + 2y3 + 4z3 − 6xyz (see √Problem 6.2.2),√we w√ish to find
units in K = Q( 3 2). We claim that the fundamental unit of Q( 3 2√) is θ =√1 + 3 2 +√3 4. T√hus,
the solutions will be the one considered in√Problem 6.2.2, i.e. x + y 3 2 + z 3 4 = (1 + 3 2 + 3 4)n
for some n (the only roots of unity of Q( 3 2) are ±1 and −1 has norm −1 so does not work).
We need to show that this unit has minimal abs√olute va√lue (among the ones greater than 1).
Suppose that there is a unit greater than 1 a + b 3 2 + c 3 4 := ε < θ < 4. Let σ be a complex
embedding of K. Then, |σ(ε)|2 = 1 ∈ 1 , 1 . Hence, the minimal polynomial X3 + uX2 + vX ± 1
ε 2
of ε satisfies 0 < −u = ε + σ(ε) + σ(ε) < ε + √2 < 5
ε
and √ 1
2 ε+
|v| = ε(σ(ε) + σ(ε)) + |σ(ε)|2 ≤ ε < 5.
Thus, u ∈ [−4, −1] and v ∈ [−4, 4]. However, we also have u = −3a and v = 3(a2 − 2bc). Thus,
u = −3 and v = ±3, which yield a = 1, and b = c = 1 or b = 0 or c = 0. If b = 0, then
a3 + 2b3 + 4c3 − 6abc = 1 + 4c3 so c must also be 0, and if c = 0 then a3 + 2b3 − 6abc = 1 + 2b3
so b = 0 or b = −1.
√√ √√
Thus, we conclude that ε = 1 + 3 2 + 3 4 as wanted, or ε = 1 − 3 2. H√owever, 1 − 3 2 < 1 so we
must be in the first case, as asserted. (In fact, it turns out that 1 − 3 2 = − 1+ √3 21+ √3 4 , which is
perhaps a neater choice of fundamental unit.)
Exercise 7.5.19† (Weak Dirichlet’s Unit Theorem). Let K be a number field with r real embeddings
and s pairs of complex embeddings. Prove that there exist units ε1, . . . , εk with k ≤ r + s − 1 such
that any unit of K can be written uniquely in the form
ζε1n1 · . . . · εknk
for some integers ni and a root of unity ζ.
338 CHAPTER 7. UNITS IN QUADRATIC FIELDS AND PELL’S EQUATION
Solution
Let σ1, . . . , σr be the real embeddings of K, and σr+1, σr+1, . . . , σr+s, σr+s its pairs of complex
embeddings and let U be the group of units of K. We look at the logarithms of the embeddings
of units:
L = {(log |σ1(ε)|, . . . , log |σr+s−1(ε)|) | ε ∈ U } ⊆ Rr+s−1.
We claim that this set is a discrete additive subgroup of Rr+s−1, meaning that it’s closed under
addition and subtraction, and, for any x ∈ Rr+s−1, there is no sequence of distinct elements of
L tending to x. To show this, we will prove that, for any A, B > 0, there are finitely many units
such that A < |σi(ε)| < B for i = 1, . . . , r + s − 1. Notice that such a number also satisfies
11
Br+s−1 < |σr+s−1| < Ar+s−1
since it is a unit (so the product of |σi(ε)| is 1). Thus, all the conjugates of ε have bounded
absolute value, which implies that its minimal polynomial has bounded coefficients. This shows
that there are a finite number of such ε.
Next, we show that any discrete additive subgroup Γ of Rm is a lattice, i.e. admits a linearly
independent basis as a Z-module, or in other words, there are α1, . . . , αk such that any element
k
of Γ can be written in a unique way as i=1 ni αi with ni ∈ Z. Since Rm has dimension m as a
R-vector space, this implies that k ≤ m by Proposition C.1.2. To show this, pick any maximal
set of linearly independent elements β1, . . . , βk ∈ Γ and let Γ = β1Z + . . . + βkZ. We will prove
that there are a finite numbers of elements in Γ modulo Γ , i.e. that Γ/Γ is finite, say has N
elements. Then, Lagrange’s theorem 2.5.1 implies that N α ∈ Γ for any α ∈ Γ, i.e.
Γ⊆ 1 = β1 Z + . . . + βk Z.
Γ N N
N
We can then conclude with Exercise 6.5.31† (so many intermediate results!) that Γ also has
a Z-basis. Thus, it remains to prove that Γ/Γ is finite. For this, note that it suffices to
prove that β1[0, 1] + . . . + βk[0, 1] contains finitely many elements of Γ, as this is a system
of representatives of Rm/Γ . If there were infinitely many elements of Γ there, Γ would have
a convergent subsequence by the Bolzano-Weierstrass theorem from 8.7.10†, contradicting its
discreteness (we do not actually need BW since we actually directly showed that there were a
finite number of elements of L in any interval).
Finally, the previous discussion implies that L has a basis corresponding to the image of ε1, . . . , εk
under the logarithmic embedding, for some k ≤ r + s − 1. Thus, by raising everything to the
exponential, we get that, for every unit ε, there are unique integers n1, . . . , nk such that the
number ε
ε1n1 · . . . · εknk
has all its conjugates on the unit circle. By Exercise 1.5.27†, this implies that it is a (unique)
root of unity ζ as wanted.
Remark 7.5.3
There is nothing particularly deep about the logarithm in this proof, apart from the fact that
it transforms multiplication into addition and that we feel more comfortable working with addi-
tion. We could of course transform our additive proof into a multiplicative one by removing the
logarithms and turning addition into multiplication.
Exercise 7.5.20† (Gabriel Dospinescu). Find all monic polynomials f ∈ Q[X] such that f (Xn) is
reducible in Q[X] for all n ≥ 2 but f is irreducible.
7.5. EXERCISES 339
Solution
Let α be a root of f and let K be the splitting field of f , i.e. Q(α1, . . . , αk) where αi are the roots
of f (the conjugates of α). Note that the statement is equivalent to f (Xp) being reducible for
any prime p. In fact we only need this assumption for infinitely many primes. By Lemma 6.1.1,
f (Xp) is reducible over Q if and only if Xp − α is reducible over Q(α), and by Exercise 6.5.9†,
this is equivalent to α being a pth power in Q(α), and thus in K too.
By looking at the norm of α in K, we see that α must have norm 1 or 0 since its norm is a
pth power in Q for infinitely many p. If α = 0, then f = X since it is irreducible, which works.
Otherwise, α must be a unit. By Exercise 7.5.19†, there are multiplicatively independent units
ε1, . . . , εk ∈ K and integers n1, . . . , nk as well as root of unity ζ such that
α = ζε1n1 · . . . · εknk .
Since ε1, . . . , εk are multiplicatively independent, the fact that α is a pth power means that p | ni
for every i. For sufficiently large p, we find n1 = . . . = nk = 0. Thus, α is a root of unity.
However, since a primitive mth root of unity has degree ϕ(m) over Q, K contains finitely many
roots of unity (ϕ(m) is greater than [K : Q] for sufficiently large m), which implies ζ = 1 since
it’s a pth power for infinitely many primes p. Thus, we conclude that α = 1. The two solutions
are hence f = X and f = X − 1, which indeed work.
Miscellaneous
Exercise 7.5.21† (Liouville’s Theorem). Let α be an algebraic number of degree n. Prove that there
exists a constant C > 0 such that
α− p C
q > qn
for any p, q ∈ Z (with q > 0).
Solution
Let α1, . . . , αn be the conjugates of α. We have
n p n
q
qn − αi = p − qαi ≥ 1
i=1 i=1
since it’s a non-zero integer. If p − α < 1, then p − α < 1 + |α − α | for any conjugate α = α.
q q
Thus, in this case we have
n1
|p − qα| 1 + |α − αi| ≥ qn
i=1
as wanted (C = n 1 | ). Otherwise, we have p − α ≥ 1 > C too.
i=1 1+|α−αi q qn
Exercise 7.5.22†. Prove that 5n2 ± 4 is a perfect square for some choice of ± if and only if n is a
Fibonacci number.
Solution
1+ √√
Simply note that 2 5 is the fundamental unit of Q( 5), and that the solutions to the equation
x2 − 5y2 = ±1 for x ≡ y (mod 1) half-integers, i.e. the rational integers solutions to the equation
340 CHAPTER 7. UNITS IN QUADRATIC FIELDS AND PELL’S EQUATION
(2x)2 − 5(2y)2 = ±4 are thus
2y = √ n √ n
1+ 5 1− 5
− = Fn.
2 2
√
5
Exercise 7.5.23† (ELMO 2020). Suppose n is a Fibonacci number modulo every rational prime.
Must it follow that n is a Fibonacci number?
Solution
By Exercise 7.5.22†, the statement means that, for every p, 5n2 + 4 or 5n2 − 4 is a quadratic
residue (or zero). This implies that 5n2 + 4 or 5n2 − 4 is a perfect square by an argument similar
to Exercise 4.6.20†, i.e. n is a Fibonacci number too. Indeed, if, modulo sufficiently large primes,
one of a and b is a quadratic residue, then one of them must be a square (this is not true anymore
with 3 numbers, see Exercise 4.6.22†). By Exercise 4.6.20†, we may assume that a = b.
Suppose without loss of generality that a and b are squarefree. Write a = ε2rp1 · . . . · pk and
b = η2sq1 · . . . · qm with ε, η ∈ {−1, 1}, r, s ∈ {0, 1}, and p1, . . . , pk, q1, . . . , qm odd primes. Let t
be a quadratic non-residue modulo p1 (if k ≥ 1). If a and b are both divisible by an odd prime,
say p1 = q1, then pick a large prime
p ≡ 1 (mod 8p2 · . . . · pkq2 · . . . · qm)
and p ≡ t (mod p1). Then, quadratic reciprocity gives us a = b = −1 which is a contra-
p p
diction.
Suppose for the sake of a contradiction that k, m ≥ 1. Then, pick a large prime
p ≡ 1 (mod 8p2 · . . . · pkq2 · . . . · qm),
p ≡ t (mod p1) and p ≡ t (mod q1) where t is a quadratic non-residue modulo q1 to get
a = b = −1. Thus, suppose without loss of generality that m = 0. If k ≥ 1, pick a large
p p
prime p ≡ 8 (mod p1 · . . . · pk) and p ≡ t (mod p1) to get a = b = −1 again.
p p
Finally, we have k = m = 0 so {a, b} ∈ {1, −1, 2, −2}. It remains to show that {a, b} = {2, −2},
{a, b} = {−1, −2} and {a, b} = {−1, 2} are all impossible. For the first, note that they are both
quadratic non-residues modulo p ≡ 5 (mod 8), for the second, note that they are both quadratic
non-residues modulo p ≡ −1 (mod 8), and for the last note that they are both quadratic non-
residues modulo p ≡ 3 (mod 8).
As a final remark, as in Exercise 4.6.20†, we may avoid Dirichlet’s theorem on primes in arithmetic
progressions with Jacobi’s quadratic reciprocity law (by picking any rational integer p ≡ u
(mod v) with sufficiently large prime factors instead of a prime).
Exercise 7.5.24† (Nagell, Ko-Chao, Chein). Let p be an odd rational prime. Suppose that x, y ∈ Z
are rational integers such that x2 − yp = 1. Prove that 2 | y and p | x. Deduce that this equation has
no solution for p ≥ 5. (The case p = 3 is Exercise 8.7.19†.)
7.5. EXERCISES 341
Solution
If y is odd, then the two factors of yp = (x − 1)(x + 1) are coprime so x − 1 and x + 1 are pth
powers. This is impossible, as there are no pth power distant by 2: (m + 1)p − mp ≥ p + 1. Now,
suppose for the sake of a contradiction that p x. Then, the two factors of x2 = (y + 1) · y p +1
y+1
are coprime. Indeed, this is a product of cyclotomic polynomials, but it can also be seen more
y p +1
elementarily: y+1 ≡p (mod y + 1). This implies that y + 1 = a2 and yp + 1 = b2. Now consider
the Pell equation u2 − yv2 = 1. We have two solutions: p−1
(u, v) = (a, 1) and (u, v) = (b, y 2 ).
Notice that, for both of them, v is a y-unit. By Størmer’s theorem, this implies that they are
both the fundamental solution, which is impossible.
Thus, p | x and 2 | y. Without loss of generality, suppose that x + 1 = 2p−1ap and x − 1 = 2bp
(by replacing x by −x if necessary). Since |x| > 1, a and b have the same sign, and |a| < |b|.
The key (magical?) point is that
b2p + (2a)p = x−1 2 x−3 2
+ 2(x + 1) = .
22
For p = 3, this is not divisible by p since p | x, so b2 + 2a and b2p +(2a)p are perfect square.
b2 +2a
However,
b2 < b2 + 2a < (b + 1)2
if a and b are positive, and
(b − 1)2 < b2 + 2a < b2
if a and b are negative. In all cases, we have reached a contradiction.
Exercise 7.5.25†. Prove that there are at most 3|S| pairs of S-units distant by 2.
Solution
If u − v = 2, then (v + 1)2 − uv = 1. We let rad(uv) | d be minimal such that uv/d is a square.
There are 3|S| possible d. As before, any u − v = 2 give rise to a solution to the Pell equation
x2 −dy2 = 1 for some d-unit number y, which must thus be the minimal unit by Proposition 7.3.1.
Thus, there are also at most 3|S| pairs of S-units distant by 2.
Exercise 7.5.26†. Assuming the finiteness of rational solutions to the S-unit equation u + v = 1 for
any finite S, determine all functions f : Z → Z such that m − n | f (m) − f (n) for any m, n and f is a
bijection modulo sufficiently large primes.
Solution
Let S be the set of primes p for which f is not a bijection modulo p or p = 2. By assumption,
f (n + 1) − f (n), f (n + 2) − f (n + 1), and f (n + 2) − f (n) are all S-units. Thus, we have a solution
(f (n + 2) − f (n + 1)) + (f (n + 1) − f (n)) = f (n + 2) − f (n)
to the S-unit equation. There are a finite number of solutions to this equation (up to scaling),
so we get that f (n+2)−f (n+1) is in a finite set U. Now, pick a large prime p ∈ S such that
f (n+1)−f (n)
|U (mod p)| = |U | and let a ∈ Z. Since f (n+2)−f (n+1) and f (n+ap+2)−f (n+ap+1) are congruent
f (n+1)−f (n) f (n+1+ap)−f (n+ap)
modulo p and in U , they must be equal. By picking another sufficiently large prime q = p and
342 CHAPTER 7. UNITS IN QUADRATIC FIELDS AND PELL’S EQUATION
b ∈ Z such that ap + bq = 1, we get
f (n + 2) − f (n+!) f (n + ap + bq + 2) − f (n + ap + bq + 1) f (n + 3) − f (n + 2)
f (n + 1) − f (n) = f (n + 1 + ap + bq) − f (n + ap + bq) = f (n + 2) − f (n + 1)
which means that the quotient f (n+2)−f (n+1) is in fact constant, say equal to r. Then, f satisfies
f (n+1)−f (n)
the following linear recurrence: f (n + 2) = f (n + 1) + r(f (n + 1) − f (n)) = sf (n + 1) − f (n)
which, unless s = 2 which implies that the characteristic polynomial has a double root, reduces
to f (n) = uαn + vβn for some conjugate quadratic integers α, β. But then, if p = 2 is such that
the characteristic polynomial X2 − sX + 1 splits modulo p, we get
f (n) ≡ upαpn + vpβpn (mod p)
for some up, vp, αp, βp ∈ Fp, so that f (p − 1) = up + vp = f (1). This is a contradiction. Thus,
s = 2, which gives f (n) = un + v for some u, v ∈ Z. Conversely, it is clear that arithmetic
progressions work.
7.5. EXERCISES 343
Remark 7.5.4
If f is taken to be |g|p for some g, which is usually how the theorem is used in p-adica analysis,
there is in fact a simpler argument. Since the distance of Qp is almost discrete, i.e. the values
that it reaches 0, . . . , 1/p2, 1/p, 1, p, p2, . . . are all isolated except 0, we get the stronger conclusion
that f has a maximum if and only if it is bounded above, and it has a minimum if 0 ∈ im f or if
it is bounded below by a positive number.
Chapter 8
p-adic Analysis
8.1 p-adic Integers and Numbers
Exercise 8.1.1∗. Check that Zp is an integral domain. What is its characteristic?
Solution
ab = 0 means aibi = 0 for all i, where a = (a1, a2, a3, . . .) and b = (b1, b2, b3, . . .). Suppose that
a is non-zero, and let k be such that ak = 0. Then, vp(ai) = vp(ak) for i ≥ k since ai ≡ ak
(mod pk). Thus, for i ≥ k, we have vp(bi) ≥ i−vp(k). Hence, the coordinates of b have arbitrarily
large p-adic valuation which means that they are all zero by compatibility: if vp(bi) ≥ N and
i ≥ N , then bN ≡ bi ≡ 0 (mod pN ).
Zp has characteristic zero since (n, n, n, . . .) is zero only when n = 0, otherwise n has a non-zero
vp and it thus a non-zero coordinate too.
Exercise 8.1.2∗. Check that a → (a (mod p), a (mod p2), a (mod p3), . . .) is indeed an embedding
of Z(p) into Zp, i.e. that it’s injective.
Solution
It is clearly additive and multiplicative, and it is injective since the kernel is trivial: if a is
non-zero then it has a non-zero vp so a non-zero component under this embedding too.
Exercise 8.2.1∗. Convince yourself of this proof.
Solution
Another way to write this proof is to define bk as
∞ |ai |<p−k
ai (mod pk) ≡ ai.
i=0 k=0
This sequence is Cauchy since |bi − bj| < p− min(i,j) by the strong triangle inequality and clearly
∞
converges to i=0 ai by the strong triangle inequality again.
344
8.2. P -ADIC ABSOLUTE VALUE 345
8.2 p-adic Absolute Value
Exercise 8.2.2∗. Prove that the strong triangle inequality also holds for series: if ai → 0 then
| i ai|p ≤ maxi |ai|p with equality if the maximum is achieved only once.
Solution
We have n
ai ≤ max |ai|p ≤ max |ai|p
1≤i≤n i
i=1
for all n and this yields the wanted inequality by taking the limit as n → ∞. For the equality
part, just note when the maximum is achieved only once, we have equality when n is sufficiently
large so taking the limit yields the equality again.
Exercise 8.2.3∗. Prove the product formula.
Solution
This is a consequence of the prime factorisation:
|x|p = p−vp(x) = 1
.
|x|∞
p p
8.3 Binomial Series
Exercise 8.3.1∗. Prove that Q is dense in Qp.
Solution
This is a consequence of the density of Z in Zp: if α is an element of Qp then write α = pka with
a ∈ Zp. There is a sequence of rational integers approaching a, and multiplying this sequence by
pk yields a sequence of rational numbers approaching α.
Exercise 8.3.2∗. Let f ∈ Qp[X] be a polynomial. Prove that f is continuous on Qp.
Solution
The proof is the same as in R: if ε is very small then
n k εk−1xn−k
n
(x + ε)n − xn = ε
k=1
is also very small by the triangular inequality (it is in fact even neater in Qp since we have the
strong triangle inequality to bound the second factor).
Exercise 8.3.3∗. Let f : Zp → Qp be a continuous function. If |f (x)|p ≤ 1 for any n in a dense
subset (in Zp), prove that |f (x)|p ≤ 1 for any x ∈ Zp.
346 CHAPTER 8. P -ADIC ANALYSIS
Solution
Let x ∈ Zp be a p-adic integer and let a1, a2, . . . be sequence of elements of that dense subset
approaching x. By the triangular inequality, we have
|f (x)|p − 1 ≤ |f (x)|p − |f (an)|p ≤ |f (x) − f (an)|p → 0
which means that |f (x)|p ≤ 1 as wanted.
Exercise 8.3.4∗. Prove that, if p > 5 is a rational prime, p2 | p−1 1 and p | p−1 1 .
k=1 k3 k=1 k4
Solution
Note that k3 + (p − k)3 − 3k2p
(p(p − k))3 (k(p − k))3
1 + 1 = ≡ (mod p2)
k3 (p − k)3
so we need to prove that p | .p−1 k2 Since p is odd and k2 3 ≡ (p−k)2 , this is
equivalent to 2 (k(p−k)) ((p−k)k)3
k=1 (k(p−k))3
p−1 k2
p | (k(p − k))3 .
k=1
Since k2 k2
(k(p − k))3 (−k2)3
≡ ≡ −k−4,
we need to show that p−1 k−4 ≡ 0 (mod p). Let ω be a primitive root modulo p. Then,
k=1
p−1 ≡ p−1 ≡ ω−4(p−1) − 1 ≡ 0
ω−4 − 1
k−4 ω−4k
k=1 k=1
since the numerator is zero and the denominator is non-zero as p > 5. Note that this is also the
second claim.
Exercise 8.3.5∗. Prove Proposition 8.3.4.
Solution
If we consider only the nth coordinate of these series, then, since ai,j → 0, the series become
finite sums (the nth coordinate of ai,j is zero for sufficiently large i + j). In particular, both sides
are equal. Letting n go to infinity, this shows both that the series converge and that they are
equal.
Exercise 8.3.6∗. Let n ∈ N be a positive rational integer and p be a prime number. Prove that
∞n
vp(n)! = pk .
k=1
8.4. ANALYTIC FUNCTIONS 347
Solution
There are n numbers in [n] which are divisible by p, which explains this term in the sum.
p
However, their contribution to the total p-adic valuation might not always be one: some of these
numbers are divisible by p2 too. Hence we add n to account for them too (combining with
p2
n this constitutes a contribution of 2 for the multiples of p2). Then we take in account the
p
contribution of multiples of p3 with n , then the multiples of p4, etc.
p3
Exercise 8.3.7∗. Prove Corollary 8.3.1.
Solution
Since (1 + u)x = k x uk , we need to prove that uk /k! → 0 for |u|p < p−1/(p−1) by Proposi-
k
tion 8.3.3. Proposition 8.3.5 gives us |k!|p ≥ p−k/(p−1) so that
|uk/k!|p = |u|kp/|k!|p ≥ |u|p k
p−1/(p−1)
→ 0.
8.4 Analytic Functions
Exercise 8.4.1∗. Prove that locally analytic functions are continuous.
Solution
Let α ∈ Zp be a p-adic integer. We prove that, if f is analytic at α, it is continuous at α. Write
∞
f (x) = i=0 ai(x − α)i around α. Then,
∞
|f (x) − f (α)|p = ai(x − α)i ≤ max ai(x − α)i p ≤ C|x − α|p
i=1 p i≥1
for |x − α|p sufficiently small and some constant C. Indeed, the series converge when |x − α|p ≤ ε
for some ε > 0 so aiεi → 0 which implies
max ai(x − α)i = max aiεi x−α i ≤ max x − α |aiεi|p
ε ε
i p i≥1 i≥1
p
Thus, when x → α we also have f (x) → f (α) as wanted.
Exercise 8.4.2∗. Prove that the sum and product of two locally analytic functions is again a locally
analytic function.
Solution
It is clear that the sum of two analytic functions is analytic, thus we need to prove that the
product of two analytic functions is also analytic. Let f and g be two analytic at α ∈ Zp
348 CHAPTER 8. P -ADIC ANALYSIS
functions. Write f (x) = ∞ ai(x − α)i and g(x) = ∞ bj (x − α)j for |x − α|p ≤ ε. Then,
i=1 j=1
∞∞
f (x)g(x) = ai(x − α)i bj(x − α)j = aibj(x − α)k.
i=1 j=1 i+j=k
We already allowed to do this expansion by Proposition 8.3.4 since
|aibj (x − α)i+j |p ≤ max(|ai|p, |bj |p)εi+j → 0
when i + j → ∞.
Exercise 8.4.3∗. Prove that polynomials are locally analytic (everywhere).
Solution
This is Proposition 5.3.1.
Exercise 8.4.4∗. Prove Proposition 8.4.2.
Solution
Since |αkxnak+n|p ≤ max(|α|, |x|)k+n|ak+n|p → 0 when x ∈ Zp, Proposition 8.3.4 gives us
f (x) = ak(α + (x − α))k
=
= k
=
= ak n αk−n(x − α)n
= k
kn
ak n αk−n(x − α)n
k
nk
(z − α)n ak n αk−n
k
nk
(x − α)n ak+n n αk−n
k
nk
(x − α)n f (n)(α)
n!
n
as wanted.
8.5 The Skolem-Mahler-Lech Theorem
Exercise 8.5.1∗. Convince yourself of this proof.
Solution
Not much I can say here.
Exercise 8.5.2∗. Do you think this proof could be formulated without appealing to p-adic analysis?
8.6. STRASSMANN’S THEOREM 349
Solution
As said before, there is no known proof which doesn’t use p-adic ideas. However, one could
phrase the proof without mentionning p-adic numbers by looking at partial sums of our analytic
functions modulo powers of p. See Block ?? for an example.
Exercise 8.5.3∗. Prove that any number field has a finite number N of roots of unity, and that
ωN = 1 for any root of unity ω of K. (In other words, the roots of unity of K are exactly the N th
roots of unity.)
Solution
Since ϕ(n) → ∞ and a primitive nth root of unity has degree ϕ(n) over Q, contains finitely many
roots of unity.
One way to finish from this is to say that the roots of unity of K form a subgroup of the
multiplicative group of nth roots of unity for some n. Since this is a cyclic group, any of its
subgroup is also cyclic, and in particular the group of roots of unity of K.
Another way to finish from the first observation is to pick a root of unity ω ∈ K of maximal
order N . Then, if ζ is another root of unity of K, say of order n, Q(ω, ζ) ⊆ K contains a root of
unity of order lcm(N, n) by Problem 6.3.2 which implies that n divides N by maximality of N .
8.6 Strassmann’s Theorem
Exercise 8.6.1. √ is norm-Euclidean. (This is also Exercise 2.6.4†.)
Prove that Q( −7)
Solution
Let α, β ∈ OQ(√−7) = Z √ be quadratic integers with β = 0. Write α =x+y √ −7 with
1+ −7 β
2
x, y ∈ Q. Pick a half-integer n such that |y − m| ≤ 1 , and a half integer m ≡ n (mod 1) such
Then, 4
|x − n| ≤ 1
that 2 .
√ 1 2 1 2 15
|N ((x − m) + (y − n) −7)| ≤ + 7 = < 1.
2 4 16
√
Thus, the remainder τ = β(((x − m) + (y − n√) −7) works since it has norm less than |N (β)| by
the previous computation and α = β(m + n −7) + τ .
√ √ n−2
Prove that, if x2 + 7 = 2n, then x± −7 1+ −7
Exercise 8.6.2. 2 = for some choice of ±.
2
Solution
By the uniqueness of the prime factorisation √ (Exercise 8.6.1), we have √ = αk β m .
in Q( −7) x+ −7
2
Since the LHS is not divisible by 2, this means min(k, m) = 0 as otherwise 2 = αβ divides the
LHS.
350 CHAPTER 8. P -ADIC ANALYSIS
Exercise 8.6.3∗. Compute the Strassmann bounds for the function s → (α − β)(us+10r ± 1), for each
r ∈ {0, 1, . . . , 9}. (If you do not want to do it all by hand, you may use a computer. In any case, it is
better to do it to have a feel for why it works because it’s very cool.)
Solution
Modulo 11, we can see that
αr − βr ± (α − β) ≡ 5r − 7r ∓ 2 (mod 11)
can be zero only for r ∈ {1, 2, 3, 5}, which means that in the other cases the Strassmann bound
is 0. Now, let’s study the second coefficient:
aαr − bβr ≡ 99 · 5r − 77 · 7r.
When r = 1, this is
99 · 16 − 77 · 7 ≡ 77 (mod 112)
so the Strassmann bound is 1 since all other coefficients are divisible by 112. Similarly, when
r = 2 this is 33 ≡ 0, and when r = 5 this is 55 ≡ 0.
Finally, we need to treat the case r = 3. This time, the second coefficient is divisible by 112 so
we need to consider the third one:
(α − β)(ur+10s ± 1) = αr(1 + a)s − βr(1 + b)s ± (α − β)
= αr s as − βr s bs ± (α − β)
kk
kk
≡ αr 1 + as + a2 s(s − 1) − βr 1 + bs + b2 s(s − 1) ± (α − β) (mod 113).
22
The coefficient of s2 is .a2αr −b2β3 Since we are now working modulo 113, we need to compute a
2
and b modulo 113. For this, we also need to compute α and β modulo 113, but afterwards we
can return to their values modulo 11 since 112x ≡ 112y (mod 113) if and only if x ≡ y (mod 11).
With the help of Hensel’s lemma, we find α ≡ 137 and β ≡ 1195. This yields a ≡ 1188 and
b ≡ 198. Finally, a2αr − b2β3 is
11882 · 53 − 1982 · 73 ≡ 726 ≡ 0 (mod 113)
so the Strassmann bound is 3 as claimed.
Exercise 8.6.4. Prove that 3, 4, 5, 7, 15 are indeed solutions to the given equation. (You may use a
computer for n = 15.)
Solution
We have
• 12 + 7 = 8 = 23.
• 32 + 7 = 16 = 24.
• 52 + 7 = 32 = 25.
• 112 + 7 = 128 = 27.
• 1812 + 7 = 32768 = 215.
The words you are searching are inside this book. To get more targeted content, please make full-text search by clicking here.
ANT-intro
Discover the best professional documents and content resources in AnyFlip Document Base.
Search