Algebraic number theory – index

This is a list of posts in the algebraic number theory series to date, oldest first.

———————

Cyclotomic fields, part 2

In our previous article on cyclotomic fields we were talking about why the Galois group G of ℚ(μn)/ℚ is isomorphic to (ℤ/nℤ)×, where n∈ℤ and μn is the group of nth roots of unity, the roots of xn-1=0 in some extension of ℚ. (Check here for a list of previous articles on algebraic number theory.)

So far we’ve shown that G is isomorphic to a subgroup of (ℤ/nℤ)×. We still need to show it is actually isomorphic to the whole group, or equivalently that |G|, the order of G, which is equal to the degree of the field extension, [ℚ(μn):ℚ], actually equals |(ℤ/nℤ)×|, which is φ(n), the number of positive integers less than and relatively prime to n.

The group μn is cyclic. Any generator of the group is, by definition, a primitive nth root of unity. We let ζ be an arbitrary but fixed such generator. Then ℚ(μn)=ℚ(ζ). Let f(x) be the minimal polynomial of ζ. f(x)∈ℚ[x] is irreducible over ℚ. All other elements of μn are of the form ζa for some a∈ℤ, where a is well-defined modulo n. Further, ζa is a primitive nth root of unity if and only if a is relatively prime to n, i. e. the greatest common divisor (a,n)=1. The degree of f(x) equals [ℚ(μn):ℚ] and |G|. At this point, all we know about these numbers is that they divide φ(n) (since |G| does).

The group homomorphism j:G→(ℤ/nℤ)× was defined by the relation σ(ζ)=ζj(σ), for σ∈G. We showed that j(σ) is injective and independent of the choice of ζ. Hence G is isomorphic to a subgroup of (ℤ/nℤ)×, and therefore the degree of f(x) (and [ℚ(μn):ℚ] and |G|) is ≤φ(n). G is isomorphic to a proper subgroup of (ℤ/nℤ)×, i. e. not the whole group, if j is not surjective and the degree of f(x) is strictly less than φ(n).

As we noted last time, the problem here is that we don’t yet know that all φ(n) primitive nth roots of unity are zeroes of f(x), so that |G| and the degree of f(x) equal φ(n), and hence G(ℚ(μn)/ℚ) ≅ (ℤ/nℤ)×. Stated another way, we don’t yet know that the field homomorphism on ℚ(μn) induced by mapping ζ to ζa is actually an automorphism of the field, hence an element of the Galois group. It could fail to be if, say, the minimal polynomial of ζa is different from that of ζ, which could happen if the degree of f(x) is less than φ(n) because not all primitive nth roots of unity are zeroes of f(x). In order to rule out this possibility, we will show that the degree of f(x) is ≥φ(n).

There are various ways to prove the isomorphism, and even a number of ways to prove that f(x) has φ(n) distinct roots, so its degree is ≥φ(n). Many of these proofs use machinery (such as discriminants, factorization and ramification of primes, etc.) that we haven’t extensively discussed yet, so I’ll avoid using such things in the proof. However, we’ll get to these topics eventually, and also show a way to construct the automorphisms σ∈G explicitly – after finishing the proof that G(ℚ(μn)/ℚ) ≅ (ℤ/nℤ)×.

So let’s get started. The roots of the minimal polynomial f(x)∈ℚ[x] are all conjugates σ(ζ) for σ∈G, so f(x)=Πσ∈G(x-σ(ζ)). Hence f(x) is monic (leading coefficient 1). The coefficients of f(x) are symmetric functions of all conjugates of ζ, so the coefficients are all left fixed by all σ∈G. f(x) divides xn-1, so all its roots – the conjugates of ζ – are algebraic integers. So the coefficients are also algebraic integers (sums of products of powers of algebraic integers) – members of the ring of integers Oℚ(ζ). They are also in the base field, since they’re left fixed by G. A basic fact is that Oℚ(ζ)∩ℚ = ℤ – any algebraic integer that lies in the base field is necessarily an integer of the base field. Hence f(x)∈ℤ[x].

Suppose that for any a∈ℤ relatively prime to n, i. e. (a,n)=1, ζa is also a root of f(x): f(ζa)=0. Since these ζa with 1≤a<n are distinct primitive nth roots of unity if ζ is, and there are φ(n) of them, the degree of f(x), and hence |G|, is ≥ φ(n). But we already showed |G|≤φ(n), hence |G|=φ(n). Since G is isomorphic to a subgroup of (ℤ/nℤ)×, we must actually have an isomorphism: G ≅ (ℤ/nℤ)×.

So all we have to show is f(ζa)=0 for 1≤a<n and (a,n)=1. The first thing to note is that it suffices to prove this just for primes p with (p,n)=1. For suppose we had that. For general a with (a,n)=1, let p be a prime that divides a. Then (p,n)=1. Consider ζa/p. Since (a/p,n)=1, ζa/p is a primitive nth root of unity with one fewer prime divisor in the exponent than ζa. So by induction on the number of prime divisors of the exponent f(ζa/p)=0. But if the result is true for prime powers of primitive nth roots of unity that satisfy f(x)=0, then f(ζa)=0 since ζa=(ζa/p)p. Alternatively, you can recall that (according to a theorem of Dirichlet), there are infinitely many primes p in the arithmetic progression a+nk for (a,n)=1 and k∈ℤ. Since ζn=1, ζap for all such p.

So let p be prime and (p,n)=1. Then note that f(x)p-f(xp)∈pℤ[x] for any f(x)∈ℤ[x]. This can be proved by induction on the degree of f(x). Suppose the highest degree term of f(x) is Axm, with p∤A. Then (Axm)p-Axmp∈pℤ[x] because Ap≡A (mod p), because (ℤ/pℤ)× is cyclic of order p-1 (Fermat’s theorem). So if h(x)=f(x)-Axn, then we just have to show h(x)p-h(xp)∈pℤ[x]. But that can be assumed true by induction, unless the degree of h(x) is 1. In the latter case, if h(x)=Ax+B, we need (Ax+B)p-(Axp+B)∈pℤ[x]. But all the coefficients in (Ax+B)p except the first and last contain binomial coefficients divisible by p, and the remaining terms are handled with Fermat’s theorem as before.

Finally, then, suppose the opposite of what we want to show, namely that there is a prime p with p∤n and f(ζp)≠0. By what we just showed, f(ζp) is divisible by p in Oℚ(ζ). We have f(x)=Πi∈I(x-ζi) for I={i∈ℤ: 1≤i<n and (i,n)=1}. So f(ζp) divides a product of nonzero factors ζpi. By a lemma we’ll prove in a moment, if J={(i,j): i,j∈ℤ, 0≤i,j<n, i≠j}, Π(i,j)∈Jij) = (-1)n-1nn. Hence f(ζp) divides nn and p|n, contrary to assumption. This contradiction means f(ζp)=0, as required. We’ve now shown f(x) has at least φ(n) roots, hence G(ℚ(μn)/ℚ) ≅ (ℤ/nℤ)×.

Now for the last lemma: We have xn-1=Π0≤i<n(x-ζi). Equating the constant terms gives (-1)n-10≤i<nζi. And by taking derivatives of both sides, nxn-10≤i<nΠ0≤j<n, j≠i(x-ζj). Substituting x=ζk, nζk(n-1)0≤j<n, j≠kkj). Taking products of this for 0≤k<n gives, with the set J as above, Π(i,j)∈Jij) = nn0≤k<nζk)n-1. But the last product on the right side was evaluated above, so finally we are left with (-1)n-1nn on the right (since n-1 has the same even/odd parity as its square).

Well, that was a bit of work, wasn’t it? But nothing too esoteric, apart from a little Galois theory and some classic number theoretical facts. (Thanks to [1, pp 96-8] for the bulk of the proof.)

Actually, it is possible to do this without the lemma, using the theorem on primes in an arithmetic progression. Suppose f(x) is any polynomial in ℤ[x] such that f(ζ)=0 when ζ is a primitive nth root of unity. Then for any a∈ℤ with (a,n)=1, since f(x)p-f(xp)∈pℤ[x] for any prime p∈ℤ, we have 0=f(ζ)p≡f(ζp) mod pOℚ(ζ). But there are infinitely many primes p≡a mod n, and for such p, ζpa. Consequently, f(ζa) is a member of an infinite number of distinct prime ideals, which is possible only if f(ζa)=0. Hence f(x) has degree ≥φ(n), which is the crucial fact we found before.

We can now define the cyclotomic polynomial Φn(x)=Π0<i<n, (i,n)=1(x-ζi), for any primitive nth root of unity ζ. From the foregoing, we know a lot about Φn(x): its roots are precisely all the primitive nth roots of unity (in ℂ), its degree is φ(n), it is irreducible (over ℚ), its coefficients are in ℤ, and it is the minimal polynomial of ζ. The notation Φn(x) is on account of its relation to the Euler function φ(n).

We also have this factorization of xn-1 in ℤ[x]: xn-1 = Πd|nΦd(x). This holds, since the roots of each Φd(x) are precisely the roots of unity in the cyclic group μn that have exact order d for each d that divides n. (Each root has one and only one exact order d satisfying d|n.) This relation is occasionally useful, and it yields interesting facts such as Σd|nφ(d) = n (by taking degrees of polynomials on both sides).

It turns out that the irreducibility of Φn(x) is relatively easy to prove for certain n, namely those that are powers of a single prime. So let p be prime and q=pr for an integer r≥1. Let f(x)=Φq(x). The roots of f(x) are primitive qth roots of unity, namely ζ∈μq such that ζ has order q. There are φ(q) of these and φ(q)=q-q/p=q(1-1/p)=(p-1)pr-1 (because every pth element of the set {0,1,…,q-1} is divisible by p). So clearly f(x)=(xq-1)/(xq/p-1). Let g(x)=(xp-1)/(x-1) and h(x)=g(x+1)=((x+1)p-1)/x=xp-10<j<p(p j)xj-1, where (p j) is a binomial coefficient, which is divisible by p if 0<j<p. Finally, consider the polynomial h(xq/p)=g(xq/p+1).

Suppose f(x) splits in ℚ[x]. Then since f(x)=g(xq/p), the latter splits, and consequently g(xq/p+1)=h(xq/p) does too. But h(xq/p) is what’s known as an Eisenstein polynomial, because the leading coefficient is not divisible by p, the constant term is p (not divisible by p2), and all other nonzero coefficients (the binomial coefficients) are divisible by p. However, Eisenstein polynomials are irreducible over ℚ. This contradiction means f(x) must be irreducible over ℚ. QED.

The fact that Φq(x) is irreducible if q=pr, and hence G(ℚ(μq)/ℚ)≅(ℤ/qℤ)×, can be used as the basis for yet another proof of this isomorphism for arbitrary n, by considering prime power divisors q of n, the corresponding extensions ℚ(μq)/ℚ, and their Galois groups in building up the full extension ℚ(μn)/ℚ and its Galois group. But we won’t go into that now.

In the next installment, we’ll discuss many more fun facts about cyclotomic fields.

References:

[1] Goldstein, Larry Joel – Analytic Number Theory

Roots of unity and cyclotomic fields

In preparation for many good things that are to come, we need to have a talk about another important class of field extensions of ℚ – the cyclotomic extensions. (Check here for a list of previous articles on algebraic number theory.)

A cyclotomic field in general is a field that is an extension of some base field formed by adjoining all the roots of the polynomial f(x) = xn-1=0 for some specific positive n∈ℤ to the base field. Usually, though not always, this will mean roots that lie in some large field in which f(x) splits completely and that contains ℚ as the base field, such as ℂ, the complex numbers. f(x) is known as the nth cyclotomic polynomial. Mostly the same theory applies if the base field is a finite algebraic extension of ℚ, but we’ll use ℚ as the base field for simplicity.

Since f(1)=0, x-1 is one factor of f(x), and f(x)/(x-1) = xn-1 + … + x + 1 ∈ ℤ[x], with all coefficients equal to 1. If n is even, -1 is also a root of f(x). However, all other roots of f(x) in ℂ are complex numbers that are not in ℝ. Some of these roots, known as the “primitive” nth roots of unity – denoted by ζn (or just ζ if the context is clear) – have the property that all other roots are a power ζk for some integer k, 1≤k<n. So the smallest subfield of ℂ that contains ℚ and all roots of f(x) is ℚ(ζ), known as the nth cyclotomic field.

It is possible to express all the roots of f(x) in the form e2πi/n, where ez is the complex-valued exponential function, which can be defined in various ways. The most straightforward way is in terms of an infinite series, ez = Σ0≤n<∞zn/n!. The exponential function ez can also be defined as the solution of the differential equation dF(z)/dz = F(z) with initial value F(1)=e, the base of the natural logarithms. So there is the rather unusual circumstance that the roots of an algebraic equation can be expressed as special values of a transcendental function. Mathematicians long hoped that other important examples like this could be found (a problem sometimes referred to as “Kronecker’s Jugendtraum“, a special case of Hilbert’s twelfth problem), but that hope has mostly not been fulfilled.

The most well-known nontrivial root of unity is the fourth root, i=&radic(-1), which satisfies x4-1 = (x2+1)(x2-1) = 0.

All complex roots of unity have absolute value 1, i. e. |ζ|=1, since |ζ| is a positive real number such that |ζ|n=1. The set of all complex numbers with |z|=1 is simply the unit circle in the complex plane, since if z=x+iy, then |z|2 = x2+y2 = 1. (Note that the linguistic root of words like “circle”, “cyclic”, and “cyclotomic” is the Greek κύκλος (kuklos).) Since e = sin(θ) + i⋅cos(θ) for any θ, with θ=2πk/n the real and imaginary parts of a general nth root of unity ζ=e2πi⋅k/n are just Re(ζ)=sin(2πk/n) and Im(ζ)=i⋅cos(2πk/n).

There are many reasons why cyclotomic fields are important, and we’ll eventually discuss a number of them. One simple reason is that roots of algebraic equations can sometimes be expressed in terms of real-valued roots (such as cube roots, d1/3 for some d), and roots of unity. See, for example, this article, where we discussed the Galois group of the splitting field of f(x)=x3-2.

The set of all complex nth roots of unity forms a group under multiplication, denoted by μn. This group is cyclic, of order n, generated by any primitive nth roots of unity. (Any finite subgroup of the multiplicative group of a field is cyclic.) As such, it is isomorphic to the additive group ℤn = ℤ/nℤ, the group of integers modulo n. Because of this, many of the group properties of μn are just restatements of number theoretic properties of ℤn. For instance, each element of order n in μn is a generator of the whole group – one of the primitive nth roots of unity. Since μn⊆ℚ(ζn), adjoining all of μn gives the same extension ℚ(ζn) = ℚ(μn).

Now, ℤ/nℤ is a ring, and its elements that are not divisors of zero are invertible, i. e they are units of the ring. They form a group under ring multiplication, which in this case is written as (ℤ/nℤ)× (sometimes Un for short). An integer m is invertible in ℤ/nℤ if and only if it is prime to n, i. e. (m,n)=1 (because of the Euclidean algorithm). The number of such distinct integers modulo n is a function of n, written φ(n). This number is important enough to have its own symbol, because it was studied by Euler as fundamental to the arithmetic of ℤ/nℤ. Thus φ(n) is also the order of the group (ℤ/nℤ)×.

Let ζ=e(2πi)m/n, for 0≤m<n, be an element of μn. The correspondence m↔e(2πi)m/n establishes a group isomorphism between the additive cyclic group ℤ/nℤ and the multiplicative group μn. Modulo n, m generates ℤ/nℤ additively if and only if (m,n)=1, which is if and only if the corresponding ζ generates μn. So the number of generators of μn – which is the number of primitive nth roots of unity – is the same as the order of (ℤ/nℤ)×, i. e. φ(n).

One has to be careful, because the multiplicative structure of μn parallels the additive structure of ℤ/nℤ, not the multiplicative structure of (ℤ/nℤ)×. (Because if ζM and ζN are typical elements of μn then ζM×ζNM+N.) Hence even though there are φ(n) generators of μn, these generators do not form a group by themselves (a product of generators isn’t in general a generator), so the set of them isn’t isomorphic to (ℤ/nℤ)×, even though the latter also has φ(n) elements. Give this a little thought if it seems confusing.

Moreover, the group (ℤ/nℤ)× is not necessarily cyclic. It is cyclic if n is 1, 2, 4, pe, or 2pe for odd prime p, but not otherwise. Confusingly, if the group does happen to be cyclic then integers modulo n that generate the whole group are called “primitive roots” for the integer n. If (ℤ/nℤ)× happens to be cyclic, then only those m∈(ℤ/nℤ)× having order φ(n) are “primitive roots” that generate the group, while all m∈(ℤ/nℤ)× have the property that if ζ∈μn has order n and generates the latter group, then so does ζm, as we showed above. Got that straight, now? This needs to be understood when working in detail with roots of unity.

Another reason for the importance of cyclotomic fields is that the Galois group of the extension [ℚ(ζn):ℚ] is especially easy to describe. Indeed, it is isomorphic to the group of order φ(n) we’ve just discussed: (ℤ/nℤ)×. There’s a little work in proving this isomorphism, but let’s first note what it implies. Let G=G(ℚ(ζ)/ℚ) be the Galois group. It is an abelian group of order φ(n) since it’s isomorphic to (ℤ/nℤ)×. Further, any subgroup of G′ of G is abelian and by Galois theory determines an abelian extension (i. e., an extension that is Galois with an abelian Galois group) of ℚ as the fixed field of G′. Conversely, it can be shown (not easily) that every abelian extension of ℚ is contained in some cyclotomic field. (This is the Kronecker-Weber theorem.)

Half of the proof of the isomorphism is easy. Pick one generator ζ of μn, i. e. a primitive nth root of unity. We’ll see that it doesn’t matter which of the φ(n) possibilities we use. Suppose σ∈G is an automorphism in the Galois group. Since σ is an automorphism and ζ generates the field extension, all we need to know is how σ acts on ζ. Since σ is an automorphism, σ(ζ) has the same order as ζ, so it’s also a primitive nth root of unity. Therefore &sigma(ζ) = ζm for some m, 1≤m<n. As we saw above, m is uniquely determined and has to be a unit of ℤ/nℤ, with (m,n)=1, in order for ζm to be, like ζ, a generator of the cyclic multiplicative group μn. Hence m∈(ℤ/nℤ)×. Call this map from G to (ℤ/nℤ)× j, so that σ(ζ)=ζj(σ). To see that it’s a group homomorphism, suppose σ12∈G, with j(σ1)=r, j(σ2)=s. Then σ21(ζ)) = σ2r) = (ζs)r = ζsr, hence j(σ2σ1) = j(σ2)j(σ1). j is clearly injective since j(σ)=1 means σ(ζ)=ζ, so σ is the identity element of G. Finally, to see that j doesn’t depend on the choice of primitive nth root of unity, suppose ζm with m∈(ℤ/nℤ)× is another one. Then σ(ζm) = σ(ζ)m = (ζj(σ))m = (ζm)j(σ).

Thus G is isomorphic to a subgroup of (ℤ/nℤ)×. That’s enough to show G is abelian, so the extension ℚ(ζ)/ℚ is abelian. To complete the proof of an isomorphism G≅(ℤ/nℤ)× we would need to show that the injective homomorphism j is also surjective, i. e. every m∈(ℤ/nℤ)× determines some σ∈G such that m=j(σ). We can certainly define a function from ℚ(ζ) to ℚ(ζ) by σ(ζ)=ζm for a generator ζ of the field ℚ(ζ). One might naively think that’s enough, but the problem is that one has to show that σ is a field automorphism of ℚ(ζ).

The map σ defined that way certainly permutes the nth roots of unity in μn, the roots of the polynomial f(x)=xn-1. However, not all permutations of elements of μn, of which there are n!, yield automorphisms of ℚ(ζ). The problem here is that if z(x) is the minimal polynomial of some ζ, i. e. the irreducible polynomial of smallest degree in ℤ[x] such that z(ζ)=0, then by Galois theory the order |G| of the Galois group G is the degree of the field extension, which is the degree of z(x). Since G is isomorphic to a subgroup of the group (ℤ/nℤ)×, and the latter has order φ(n), all we know is that |G| divides φ(n). It could be that other primitive nth roots of unity have minimal polynomials in ℤ[x] that are not the same as z(x), though they have the same degree |G|. For σ to be an automorphism, σ(ζ) needs to have the same minimal polynomial as ζ, and we don’t know that immediately from the relation σ(ζ)=ζm.

We will defer discussion of the rest of the proof that G(ℚ(μn)/ℚ)≅(ℤ/nℤ)× for the next installment, since some new and important concepts will be introduced.

Splitting of prime ideals in algebraic number fields

*.overline {text-decoration: overline;}

Our series of articles on algebraic number theory is back again. Maybe this time it won’t be so sporadic. Stranger things have happened. The previous installment, of which this is a direct continuation, is here. All previous installments are listed here.

When we left off, we were talking about how to determine the way a prime ideal factors in the ring of integers of a quadratic extension of ℚ. Such a field is of the form ℚ(√d) for some square-free d∈ℤ. We were using very simple elementary reasoning with congruences, and we found a fairly simple rule, namely:

If p∈ℤ is an odd prime (i. e., not 2), and K=ℚ(√d) is a quadratic extension of ℚ (where d is not divisible by a square) then

1. p splits completely in K if and only if p∤d and d is a square modulo p.
2. p is prime (i. e. inert) in K if and only if d is not a square modulo p.
3. p is ramified in K if and only if p|d.

The prime 2 behaves a little more weirdly, but the result is that 2 ramifies if and only if d≡2 or 3 (mod 4); 2 is inert if and only if d≡5 (mod 8); 2 splits if and only if d≡1 (mod 8).

One limitation was that our simple reasoning made it necessary to assume that OK, the ring of integers of K, was a PID (principal ideal domain).

Let’s review what we were trying to do. We were investigating the factorization of a prime ideal (p)=pOℚ(√d) in Oℚ(√d). If Oℚ(√d) is a PID, then there is a simple approach to investigate how p splits. If p splits then (p)=P1⋅P2, where Pi=(αi), i=1,2. Any quadratic extension is Galois, and the Galois group permutes the prime ideal factors of (p). The factors are conjugate, so if α1=a+b√d we can assume α21*=a-b√d. Hence (p)=(α1)⋅(α1*)= (α1α1*)= (a2-db2).

Taking norms (to eliminate possible units ε∈Oℚ(√d)) reduces the problem to a Diophantine equation of the form ±p=a2-db2. With the problem thus reduced, a necessary condition for (p) to split (or ramify) is that the equation can be solved for a,b∈ℤ. A sufficient condition to show that (p) is inert, i. e. doesn’t split or ramify, is to show that the equation can’t be solved.

Let’s look at how that might work. For example, let d=3. Looking at the equations modulo 3, we have ±p≡a2 (mod 3). That is, either p or -p is a square modulo 3. Say p=5. The only nonzero square mod 3 is 1, and 5≢1 (mod 3). However -5≡1 (mod 3), so could we have -5=a2-3b2? Suppose there were some a,b∈ℤ such that -5=a2-3b2. Then instead of looking at the equation modulo 3, we could look at it modulo 5, and find that then a2≡3b2 (mod 5). If 5 divides either a or b, it divides both, and so 25 divides a2-3b2, which is impossible since 25∤5. Therefore 5∤b. ℤ/(5) is a field, so b must have an inverse c such that cb≡1 (mod 5). Therefore, (ac)2 ≡ 3(bc)2 ≡ 3 (mod 5), and so 3 is a square mod 5. But that can’t be, since only 1 and 4 are squares modulo 5. The contradiction implies -5=a2-3b2 has no solution for a,b∈ℤ.

All that does show 5 doesn’t split or ramify in ℚ(√3), hence it must be intert, but this approach is messy and still requires knowing that the integers of ℚ(√3) form a PID. We need to find a better way. Fortunately, there is one. But first let’s observe that this elementary discussion shows there is a fairly complicated interrelationship among:

1. Factorization of (prime) ideals in extension fields,
2. Whether a given ring of integers is a PID,
3. Whether an integer prime can be represented as the norm of an integer in an extension field,
4. Whether an integer can be represented by an expression of the form a2+db2 for a,b∈ℤ (in the case of quadratic extensions),
5. Whether, for primes p,q∈ℤ, p is a square modulo q and/or q is a square modulo p.

The problem of representing an integer by an expression like a2+db2 is a question of solving a Diophantine equation, and more specifically is of the type known as representing a number by the value of a quadratic form. This question was studied extensively by Gauss, who proved a remarkable and very important result, known as the law of quadratic reciprocity, which relates p being a square modulo q to q being a square modulo p, for primes p,q.

We will take up quadratic reciprocity soon (and eventually much more general “reciprocity laws”), but right now, let’s attack head on the issue of determining how a prime of a base field splits in the ring of integers of an extension field. We will use abstract algebra instead of simple arithmetic to deal with this question. For simplicity, we’ll assume here that the base field is ℚ, even though many results can be stated, and are often valid, for more arbitrary base fields.

Chinese Remainder Theorem

The first piece of abstract algebra we’ll need is the Chinese Remainder Theorem (CRT). Although it’s been known since antiquity to hold for the ring ℤ, generalizations are actually true for any commutative ring.

Let R be a commutative ring, and suppose you have a collection of ideals Ij, for j in some index set, j∈J. Suppose that the ideals are relatively prime in pairs. In general that means that Ii+Ij=R if i≠j, and further, the product of ideals, Ii⋅Ij, is Ii∩Ij when i≠j. If R is Dedekind, then each ideal has a unique factorization into prime ideals, and they are relatively prime if Ii and Ij have no prime ideal factors in common when i≠j. Let I be the product of all Ij for j∈J, which is also the intersection of all Ij for j∈J, since the ideals are coprime in pairs.

The direct product of rings Ri for 1≤i≤k is defined to be the set of all ordered k-tuples (r1, … ,rk), for ri∈Ri, with ring structure given by element-wise addition and multiplication. The direct product is written as R1×…×Rk, or &Pi1≤i≤kRi.

Given all that, the CRT says the quotient ring R/I is isomorphic to the direct product of quotient rings Π1≤i≤k(R/Ii) via the ring homomorphism f(x)=(x+I1, … ,x+Ik) for all x∈R.

The CRT is very straightforward, since f is obviously a surjective ring homomorphism, and the kernel is I, since it’s the intersection of all Ii. (It’s straightforward, at least, if you’re used to concepts like “surjective” and “kernel”.)

Now we’ll apply the CRT in two different situations. First let R be the ring of integers OK of a finite extension K/ℚ, and Ii=Pi, 1≤i≤g, be the set of all distinct prime ideals of OK that divide (p)=pOK for some prime p∈ℤ. Then (p)=P1e1 ⋅⋅⋅ Pgeg, where ei are the ramification indices of each prime factor of (p). An application of CRT then shows that OK/(p) ≅ Π1≤i≤g(OK/Piei). Recall that for each i, OK/Pi is isomorphic to the finite field 𝔽qi, where qi=pfi for some fi, known as the degree of inertia of Pi. (This field is the extension of degree fi of 𝔽p=ℤ/pℤ.) Further, Σ1≤i≤geifi=[K:ℚ], the degree of the extension. Check here if you need to review these facts. Specifying how (p) splits in OK amounts to determination of the Pi and the numbers ei, fi, and g.

The second situation where we apply CRT involves the ring of polynomials in one variable over the finite field 𝔽p=ℤ/pℤ, denoted by 𝔽p[x]. Let f(x) be a monic irreducible polynomial with integer coefficients, i. e. an element of ℤ[x]. Let f(x) be f(x) with all coefficients reduced modulo p, an element of 𝔽p[x]. f(x) will not, in general, be irreducible in 𝔽p[x], so it will be a product of powers of irreducible factors: Π1≤i≤g(fi(x)ei), where fi(x)∈𝔽p[x]. Each quotient ring 𝔽p[x]/(fi(x)) is a finite field that is an extension of 𝔽p of some degree fi. In general, ei, fi, and g will be different, of course, from the same numbers in the preceding paragraph. But the CRT gives us an isomorphism 𝔽p[x]/(f(x)) ≅ Π1≤i≤g(𝔽p[x]/(fi(x)ei)).

Now, here’s the good news. For many field extensions K/ℚ, there exists an appropriate choice of f(x)∈ℤ[x] such that for most primes (depending on K and f(x)), the numbers ei, fi, and g will be the same for both applications of the CRT. Consequently, we will have OK/(p) ≅ 𝔽p[x]/(f(x)), because for corresponding factors of the direct product of rings, OK/Piei ≅ 𝔽p[x]/(fi(x)ei). As it happens, most primes don’t ramify for given choices of K and f(x), so that things are even simpler, since all ei=1, and all factors of the direct products are fields.

We can’t go into all of the details now as to how to choose f(x) and what the limitations on this result are. However, here are the basics. Any finite algebraic extension of ℚ (and indeed of any base field that is a finite algebraic extension of ℚ) can be generated by a single algebraic number θ: K=ℚ(θ), called a “primitive element”. In fact, &theta can be chosen to be an integer of K. Then the ring of integers of K, OK, is a finitely generated module over ℤ. (A module is like a vector space, except that all coefficients belong to a ring rather than a field.) The number of generators is the index [OK:ℤ[θ]]. (ℤ[θ] is just all polynomials in θ with coefficients in ℤ.) If p∈ℤ is any prime that does not divide [OK:ℤ[θ]], then the result of the preceding paragraph holds. If for some p and some choice of θ p does divide the index, then there may be another choice of θ for which p doesn’t divide the index. Unfortunately, there are some fields (even of degree 3 over ℚ) where this isn’t possible for some choices of p.

The situation is especially nice in the case of quadratic fields, K=ℚ(√d), square-free d∈ℤ. If d≢1 (mod 4); we can take θ=√d and f(x)=x2-d, since OK=ℤ[√d]. If d≡1 (mod 4), then the index [OK:ℤ[√d]]=2, and there’s a possible problem only for p=2. However, we still have OK/(p) ≅ 𝔽p[x]/(x2d) for all p≠2. From that it’s obvious that, except for p=2, (p) ramifies if p|d, (p) splits if d is a square modulo p, or else (p) is inert. That is exactly the conclusion we began with at the beginning of this article, on the basis of elementary considerations. Only now we need not assume that OK is a PID.

There are four important lessons to take away from this discussion.

First, there is a very close relationship between the arithmetic of algebraic number fields and the arithmetic of polynomials over a finite field. Not only do we have the isomorphism discussed above, but it turns out that a number of similar powerful theorems are true for both algebraic number fields and the field of quotients of polynomial rings over a finite field.

Second, a lot of the arithmetic of algebraic number fields can be analyzed in terms of what happens “locally” with the prime ideals of the ring of integers of the field.

Third, many of the results of algebraic number theory are fairly simple if the rings of integers are PIDs (or, equivalently, have unique factorization). Such results often remain true when the rings aren’t PIDs, though they can be a lot harder to prove. Often the path to proving such results involves considering the degree to which a given ring of integers departs from being a PID.

Fourth, and perhaps most importantly, abstract algebra is a very powerful tool for understanding algebraic number fields – and it is much easier to work with and understand than trying to use “elementary” methods with explicit calculations involving polynomials and their roots.

We will see these lessons validated time and again as we get deeper into the subject.

So where do we go from here? There are a lot of directions we could take, so we’ll probably jump around among a variety of topics.

Splitting of prime ideals in quadratic extensions of ℚ, part 1

Our discussion of algebraic number theory returns by popular demand. Way back last April we presented some generalities on factorization of prime ideals in extension fields. (For explanation of what that means, including other necessary concepts, you’ll have to review earlier installments of this series, which can be found here.)

If this is all Greek to you, I apologize, but that’s unavoidable at this stage of a rather technical subject. You may want to go back to the earliest parts of the series to see how the subject got its start and why it may be interesting.

The discussion in the previous installment probably seems rather dry and abstract, but when we look at simple examples, such as quadratic extensions, why it’s interesting becomes clearer.

Because of how the ramification indexes and inertial degrees are related, for any prime ideal (p) of ℤ there are only three different possibilities for how the ideal factors in the ring of integers of a quadratic extension:

1. (p)=P1⋅P2, so (p) splits completely. (e=f=1, g=2)
2. (p)=P is a prime ideal in ℚ(√d), so p is inert. (e=g=1, f=2)
3. (p)=P2 where P is prime, and p is ramified. (f=g=1, e=2)

It turns out that there are simple criteria for each of these cases. But figuring out what the criteria are is tricky.

Recall that in ℚ(√3) we found (13)=(4+√3)⋅(4-√3) and (-11)=(8+5√3)⋅(8-5√3), so both (11) and (13) split completely. Clearly, (3)=(√3)2, so (3) is an example of a prime ideal if ℚ that is ramified. How about an example of a prime ideal that is inert in the extension? This is a little harder for a couple of reasons. (p) will be inert just in case it neither splits nor is ramified, but we don’t yet have simple criteria to rule out those cases.

So let’s back up a little and look at the details. We found examples where (p) splits in the integers of ℚ(√3) by solving the equation ±p=a2-3b2, because that gave elements a±b√3 whose norm was ±p. Being able to find such elements guaranteed that the prime split. But ℚ(√d) with d=3 is a special case, since here d≡3 (mod 4). In that case, and also if d≡2 (mod 4), the integers of the extension have the form a+b√d with a,b∈ℚ.

If d≡1 (mod 4), integers can also have the form (a+b√d)/2, with a,b∈ℚ, and we might have a factorization like (p) = ((a+b√d)/2)⋅((a-b√d)/2), so we would have also to consider solvability of ±4p=a2-3b2. If we were to look at solvability of the approriate equation, according as to whether or not d≡1 (mod 4), the solvability would be a sufficient condition for (p) to split (or ramify if a=0). Notice that this sufficient condition for (p) to split holds regardless of whether or not ℚ(√d) is a PID.

Now we need to find a convenient necessary condition for (p) to split. Unfortunately, solvability of one simple equation is not a necessary condition in general. It would be, as we’ll see in a minute, if the ring of integers of ℚ(√d) happens to be a PID, as is true when d=3. However, in quadratic extensions where the ring of integers isn’t a PID, being unable to solve the applicable equation doesn’t guarantee (p) cannot split, because there might be non-principal ideals that are factors of (p).

So let’s ignore that problem for a moment and just focus on the case where the ring of integers of ℚ(√d) is a PID. Can we then find a necessary condition on p for (p) to split or ramify, i. e. for (p) to not be a prime ideal of the integers of ℚ(√d)? That is, what must be true about p if (p) splits or ramifies?

If (p) splits or ramifies, then (p)=P1⋅P2 for nontrivial ideals Pi. (The ideals are the same or distinct according as (p) ramifies or splits.) Assuming ℚ(√d) is a PID, then P1 is generated by a+b√d where both a,b∈ℚ, if d≡2 or 3 (mod 4), or else by (a+b√d)/2 with a,b∈ℚ, if d≡1 (mod 4). Likewise, the conjugate ideal P2 is generated by a-b√d or (a-b√d)/2. Since p∈P1⋅P2, by definition of a product of ideals, p is of the form p = ε(a+b√d)(a-b√d) = ε(a2-db2) or p = ε(a+b√d)(a-b√d)/4 = ε(a2-db2)/4 for some integer ε of ℚ(√d).

Recall that the norm of an element of a Galois extension field is the product of all conjugates of the element. So for an element that is also in the base field, the norm (with respect to a quadratic extension, which is always Galois) is the square of the element. Taking norms of both sides of the possible equations, then either p2 = N(ε)(a2-db2)2 or 16p2 = N(ε)(a2-db2)2. For simplicity, consider just the first case. Then N(ε) is a positive integer that has to be 1, p, or p2. If N(ε)≠1 then N(a±b√d) = a2-db2 must be ±1, so a±b√d must be a unit, and both Pi must be non-proper ideals (i. e. equal to the whole ring). Hence N(ε)=1. This will be true also in the other case (when d≡1 (mod 4)), so ±p=a2-db2 or ±4p=a2-db2. Consequently, solvability of the appropriate equation (depending on d mod 4), is a necessary condition for (p) to split or ramify.

So we have a necessary and sufficient condition for (p) to split or ramify in ℚ(√d), in terms of solvability of Diophantine equations, provided Oℚ(√d) is a PID. Since the only other possibility is for (p) to be inert, we also have a necessary and sufficient condition for that.

However, still assuming that Oℚ(√d) is a PID, we can find a further necessary condition for (p) to split or ramify. Take those equations we just found and reduce them modulo p. Then both equations become a2≡db2 (mod p). Since p is prime, ℤ/pℤ is a field. Assume first that b≢0 (mod p). Then b has an inverse in the finite field. So we have d≡(a/b)2 (mod p). In other words, d is a square mod p. This is the additional necessary condition we were looking for on p in order for (p) to split or ramify. Since it’s a necessary condition, if d is not a square mod p, then (p) must not split or ramify, and thus p is inert. And so, for d to be a non-square mod p is a sufficient condition for p to be inert.

(What if b≡0 (mod p)? Then b=b1p. So ±p = a2 – (b1p)2d or else ±4p = a2 – (b1p)2d. Either way, p∣a, hence p2 divides the right side of either equation, and hence the left side also. But that’s not possible unless p=2 – which is always a special case.)

To summarize, then, let p≠2 be prime and d square-free and not 0 or 1. Then the solvability of ±tp=a2-db2 (where t is 4 or 1 according as d≡1 (mod 4) or not), is sufficient for (p) to split or ramify. And if the integers of ℚ(√d) are a PID, then solvability of the appropriate equation provides a necessary and sufficient condition for (p) to split or ramify. Further, in that case, d being a square mod p is necessary for (p) to split or ramify.

Remarkably, d being a square mod p is a necessary and sufficient condition for (p) to split or ramify, even if the integers of ℚ(√d) aren’t a PID, but that’s harder to prove. Since solvability of Diophantine equations is generally not obvious by inspection, it’s very convenient to have a necessary and sufficient conditions for (p) to split or ramify simply in terms of the properties of d mod p.

In the next installment, which hopefully will not be as long in coming as this one, we’ll show a much cleaner way to state necessary and sufficient conditions for (p) to split, ramify, or remain inert, in the case of any quadratic extension of ℚ, whether or not the ring of integers is a PID. This will be done in terms of what has long been called a “reciprocity law”.

However, that will be only the beginning. It turns out that there are far more general kinds of reciprocity laws for many other types of field extensions. That’s what “class field theory” is all about, and why the whole subject is so appealing, once you get the basic ideas.

Factorization of prime ideals in extension fields

In this installment of our series on algebraic number theory, we’re going to do two things. First, we’ll look at how a prime ideal of one ring of algebraic integers factors into multiple prime ideals in the ring of integers of a larger field. This is an absolutely central concern of the theory. We’ll look at some simple examples. Second, we’ll make some general definitions that are used to describe this factorization. These definitions will be needed in most of what follows.

In order to understand what’s discussed here, you’ll need to recall a great deal of what’s been discussed before. You can find a list of all previous installments here if you need to review.

Suppose E⊇F is a field extension and OE, OF are the corresponding rings of integers. We have OF ⊆ OE, and if I is any ideal of OF then of course I ⊆ OE. I isn’t an ideal of OE, because it isn’t closed under multiplication by elements of OE, but I⋅OE is an ideal of OE.

If P is a prime ideal of OF, we have no good reason to expect that P⋅OE is prime in OE, and in fact it generally is not. For example, let’s look at quadratic extensions of ℚ. So suppose F=ℚ, d is a square-free integer, positive or negative, and d ≠ 0 or 1. Let p∈ℤ be a positive prime. We can ask whether (the ideal corresponding to) p is still a prime ideal of the ring of integers of E=ℚ(√d). That is, we can ask what happens to the prime, principal ideal (p) in Oℚ(√d). (With principal ideals, we can usually get away without specifying what ring they are contained in.)

Consider the Diophantine equation ±p=a2-b2d. If we can solve it by finding a,b∈ℤ that make the equation true, then we can verify that we have a factorization of the ideal (p) in Oℚ(√d) expressed by the equation of principal ideals (p)=(a+b√d)(a-b√d). (Proof: p∈(a+b√d)(a-b√d) since ±p=a2-b2d, so (p)⊆(a+b√d)(a-b√d). But by the definition of a product of ideals, all members of (a+b√d)(a-b√d) are a product of an element of Oℚ(√d) and the number [a+b√d][a-b√d]=±p, and so (a+b√d)(a-b√d)⊆(p).)

So solutions of a certain Diophantine equation tell us about how an ideal (p) of ℤ factors in the integers of a quadratic extension. And in fact, if the equation can be solved, then the prime ideal (p) of ℤ is not also a prime ideal of Oℚ(√d). Is there a converse, that is, can we infer solutions of a Diophantine equation from how ideals factor in extensions? Unfortunately, the situation is more complicated. For instance, if Oℚ(√d) is not a PID, then it is possible for (p) to not be a prime ideal of Oℚ(√d), yet there may be no solutions of ±p=a2-b2d. One of the reasons that algebraic number theory is useful and interesting is that it helps get a handle on the complications, as we shall see.

For simplicity, suppose d≡3 (mod 4). Then we have remarked that the integers of ℚ(√d) are given by Oℚ(√d) = {a+b√d | a,b∈ℤ}. Suppose we could find some integer α∈ℚ(√d) such that the norm Nℚ(√d)/ℚα = ±p. (For short, write Nα for the norm.) So if α=a+b√d with a,b∈ℤ, we have ±p=Nα=a2-b2d. When this happens, we can write ±p=(a+b√d)(a-b√d). Since Nα is a prime (in ℤ), α=a+b√d must be a prime of Oℚ(√d) – and p is not a prime in that ring. To make things really easy for showing examples, let d=3. Trying a few values for a and b, let α=4+√3, so Nα=13=(4+√3)(4-√3). Or if α=8+5√3, then Nα=-11=(8+5√3)(8-5√3). So both 11 and 13 are not primes in Oℚ(√3).

This translates directly to a factorization of the principal ideal (13) in Oℚ(√d), namely (13)=(4+√3)(4-√3). Clearly (13) isn’t a prime ideal, since it has two distinct nontrivial prime factors. (11)=(-11) is likewise not a prime ideal. (ℚ(√3) happens to be a PID, but that isn’t crucial here.) In general, then, if p∈ℤ is a prime, the principal ideal (p) is a prime ideal of ℤ, but for any square-free d∈ℤ (with d≠0,1), (p) splits into the product of two distinct ideals in the integers of the quadratic extension ℚ(√d) if we can find a,b∈ℤ, with a≠0, such that ±p = N(a±b√d) = a2-b2q. In that case, we have a factorization of (p) in Oℚ(√d) into principal ideals such that (p)=(a+b√d)(a-b√d), and the factors are prime ideals. If a≠0, these will be distinct ideals. (Since p is assumed to be prime in ℤ, if a=0, we must have b=±1, and the two ideals will be the same. In this special case, one actually says that p “ramifies” in the extension field.)

Conversely, what if, for the given d, there are no integers a,b∈ℤ that satisfy the equation ±p = a2-b2d – can we conclude that p doesn’t split in Oℚ(√d)? Actually, no, we can’t in general. We could if Oℚ(√d) happens to be a PID, since, because d≡3 (mod 4), the factor ideals would have to have the form (a±b√d) for some a,b∈ℤ, which would yield a solution of the equation, contrary to supposition. (And remember, by the general theory of Dedekind rings, the same is true if Oℚ(√d) has unique factorization, since a ring of integers of a field is a Dedekind ring, and therefore is a PID, if and only if it has unique factorization.)

However, and this is a major “however”, if Oℚ(√d) isn’t a PID, or equivalently if it doesn’t have unique factorization of elements, then we could have a factorization of ideals where (p)=AB into prime ideals that are not principal. (The prime ideal factors themselves are uniquely determined, which, do not forget, is always true in Dedekind rings.) In that case, the factorization doesn’t necessary give us a solution of ±p = a2-b2q. Thus it’s possible to have primes p where (p) splits in Oℚ(√d) even if the equation has no integer solutions. We might even have A=B, in which case (p) ramifies.

So one key thing this discussion illustrates is that there is a close, though not entirely simple, connection between solving simple Diophantine equations (like ±p=a2-b2q) and determining how prime ideals of a subfield split into prime ideals in an extension field. Further, these equations arise from asking what numbers can occur as norms of some integer of an extension field. But the situation is more complicated if the ring of integers of the extension field doesn’t have unique factorization (or equivalently, if it’s not a principal ideal domain). This is another reason uniqueness of factorization (or the lack of it) is rather important.

To give some idea of where this leads, we’ll just say that class field theory, which we will be coming to shortly, originated in trying to deal with such questions, in the form of saying someting about how prime ideals split in extension fields, and also about when nonprincipal ideals can become principal ideals in extension fields. It helps us deal with the complexities that result from failure of unique factorization of numbers, and from the equalivalent untidiness of having ideals that are not principal ideals.

But before proceeding, let’s establish some general conventions and terminology. The terminology will be used to keep the upcoming discussion succinct, so unfortunately you’ll need to memorize the details or else plan to refer back here if you want to follow beyond this point. As a reward, we’ll be able to state some fairly simple rules for when primes of ℤ do or do not split in extension fields of ℚ.

Let’s set out the terminology to describe the general possibilities for how prime ideals split in arbitrary extension fields. We continue to suppose E⊇F is a finite extension, of degree n=[E:F], not necessarily Galois. Let P be a prime ideal of OF. P⋅OE is an ideal of OE, so it factors in a unique way as a product of powers of distinct ideals that are prime in OE:

P⋅OE = ∏1≤j≤g Qjej

We say that each Qj is a prime lying above P in E. Since every Qj divides P, each one contains P: Qj⊇P. In fact, P=Qj∩OF for each j.

If we start with a prime ideal P of the integers of an extension of ℚ, then P∩ℤ is a prime ideal (p) of ℤ for some rational prime p, and P lies above (p). Given the factorization of P shown above, each Qj also lies above (p). By general commutative ring theory, since Qj is a prime of OE, the quotient ring OE/Qj is a finite field 𝔽q where q is some power of p. (In Dedekind domains, any prime ideal is a maximal ideal, and for any commutative ring R with identity, the quotient of R by a maximal ideal is a field.) Likewise, since P is prime in OF, OF/P is a finite field 𝔽q′ where q′ is also a power of p (and divides q). Each field OE/Qj is a finite extension of the field OF/P, and we denote its degree by fj. Finally, it turns out that P⋅OE is a vector space of degree n=[E:F] over the field OF/P.

These facts allow one to make the following definitions. The exponent ej is called the ramification index of Qj (relative to the given extension). The degree fj is the inertial degree of Qj. And g is called the decomposition number. All of these numbers are specific to how the prime P of OF splits (or decomposes) in OE. These numbers are the key data one wants to have for each prime P for any given extension E⊇F. A prime P is said to be ramified unless all exponents ej=1, in which case it is unramified. Primes that ramify tend to make life more complicated, but fortunately there are only finitely many for any particular extension. All these numbers are related as follows:

n = [E:F] = ∑1≤j≤g ejfj

If P is unramified and all inertial degrees are 1, then we must have g=n, and one says that P splits completely. This is a fairly unusual circumstance. Although only finitely many primes are ramified, most have some inertia.

If E⊇F is a Galois extension, things are much simpler. In that case, all ej have the same value, say e, and all fk have the same value, say f. (This is because the Galois group G(E/F) acts on the various Qj and permutes them among themselves. Since each σ∈G(E/F) is an automorphism, these ideals are all essentially alike.) Hence [E:F]=efg. So there are exactly g primes lying above P in E, and each has the same ramification index and inertial degree.

In the next installment we’ll, look at more examples involving quadratic extensions of ℤ, and state the rules for how primes split. The rules will turn out to be based on the classical law of “quadratic reciprocity”.

More concepts from ring theory

We are at an important juncture in our discussion of algebraic number theory. From here on out, the path starts to go uphill more steeply, with quite a bit more abstraction and technical complexity. I hope you’ll follow along anyhow. Don’t feel like you need to grasp all the fine points immediately.

We’re now going to cover some concepts of ring theory that are essential for talking about rings of algebraic integers. We introduced algebraic integers themselves here. The previous discussion of rings is here. Mathematics being what it is, you sort of need to have some exposure to these preliminaries in order to go further. All preceding installments in this series are listed here.

In the previous three installments we spent of lot of time on the concept of “unique factorization”. What we are about to do is formalize the concept in terms of ideals of commutative rings. This discussion needs to be somewhat lengthy, but at the end we will be able to state some general properties that rings of algebraic integers have, and some conditions that are equivalent to uniqueness of factorization. Don’t get too stressed by this. Detailed proofs won’t be given. The level of difficulty here is comparable to what’s in an introductory college course in abstract algebra or linear algebra.

Because of the importance of unique factorization, an integral domain which has unique factorization is called a unique factorization domain, or UFD. A little more precisely, an integral domain R is a UFD if there is a set P of irreducible elements such that every nonzero element α of R can be written in a unique way as a finite product α=u∏1≤k≤n pkek, where u is a unit, n is a nonnegative integer, pk are distinct elements of P, and exponents ek are nonnegative integers (all of which depend on α).

The defining property of a UFD is pretty clear and understandable, but it is not expressed in the language of ideals. As we shall see, a great deal of what we want to know about algebraic numbers can be expressed in terms of ideals, so we’d like to know how unique factorization fits in. To this end, we have this centrally important concept: An integral domain R is called a principal ideal domain (PID for short) in case every ideal I⊆R is equal to an ideal of the form (α)=αR for some α∈R.

It is a fact, which is not difficult to prove, but not immediately obvious either, that every principal ideal domain is a unique factorization domain. So if we want to show that a given integral domain R has unique factorization, it is sufficient to show that R is a PID. Unfortunately, among all integral domains there are some which are UFDs but not PIDs. So R can be a UFD even if it is not a PID – being a PID is not a necessary condition. The class of UFDs contains the class of PIDs, but is strictly larger. For instance, if F is a field, the ring of polynomials in one variable F[x] is a PID (and a UFD). (The reason this is true will be mentioned in a moment.) However, the ring of polynomials in two variables F[x,y] is a UFD but not a PID.

Obviously, it would be convenient to have a simple criterion to determine whether a domain R is a PID (and hence a UFD). It turns out that the the process of division-with-remainder that can be performed in ℤ and in polynomial rings in one variable fills the bill. All that’s needed is an integer valued function on the domain R with certain properties. For a∈R, let this function be written as |a| (since it is much like an absolute value). This function should have three properties:

1. |a|≥0 for all a∈R, and |a|=0 if and only if a=0
2. |ab| = |a|⋅|b| for all a,b∈R
3. if a,b∈R and b≠0, then there exist q,r∈R such that a=qb+r, with 0≤|r|<|b|

A domain R with such a function is called a Euclidean domain, because one has a Euclidean algorithm that works just as it does in ℤ. If I⊆R is a nonzero ideal, it has an element b∈I, with b≠0, of smallest nonzero “norm” |b|. If a∈I we can write a=qb+r for q,r∈R, and |r|<|b|. Yet r=a-qb is in I, so by the assumption of minimality of |b| we have |r|=0 and therefore r=0. Hence a=qb, I⊆(b), and finally I=(b) is principal. In other words, every Euclidean domain is a PID, and therefore a UFD.

Unfortunately, even among rings of integers of quadratic fields, only finitely many are known to be Eucldean. If F=ℚ(√d) and OF is the ring of integers, it is known that for d<0 the ring is Euclidean only when d=-1, -2, -3, -7, or -11. If d>0, the number of rings which are Euclidean is larger. What is known is that only a finite number of these are Euclidean using the norm function. At least one other is Euclidean using a function other than the norm function, but so far it’s not known whether there are only a finite number like that.

This may seem rather disappointing, but in fact the quadratic fields where OF is a PID are also quite scarce. If d<0, then in addition to the Euclidean cases, the only other values are d=-19, -43, -67, and -163. The proof that this is a complete list for d<0 is quite difficult and was not satisfactorily done until 1966.

The situation with d>0 is even more difficult. It is not actually known whether there are only finitely many d>0 such that Oℚ(√d) is a PID. Gauss himself conjectured that there are infinitely many, but this is still an important open question.

Returning to concepts, we recall that among all integral domains, the class of PIDs is strictly smaller than the class of UFDs. It turns out that there is a subclass of all integral domains in which the notions of UFD and PID are equivalent. In fact, this is an important class, because it includes all rings of algebraic integers. This class itself can be defined by a number of equivalent conditions. But to explain this, we need to discuss the group of fractional ideals of an integral domain.

Fractional ideals

If A and B are ideals of any commutative ring R, it’s easy to define the product of two ideals as a set of finite sums: A⋅B = {∑1≤k≤n akbk | ak∈A, bk∈B, n∈ℤ, n>0}. By definition of an ideal, A⋅B⊆A and A⋅B⊆B, hence A⋅B⊆A∩B. If R has a unit (as we usually assume), then clearly A⋅R=A. So in the set of ideals of R there is a commutative binary operation of multiplication, and it has an identity. Multiplication of ideals is associative since R multiplication in R is associative. (A set with an associative multiplication is called a semigroup, and if an identity exists, it’s a monoid. In neither case is multiplication necessarily commutative.)

In a situation like this, it’s natural (for a mathematician anyhow) to wonder what conditions on R would make the set of its ideals into a full group — that is, how the inverse of an ideal might be defined. It turns out that for integral domains the conditions are beautiful and everything one could hope for.

To get an idea of where to start, consider the principal ideal domain ℤ. For any nonzero n∈ℤ, the obvious thing to consider is (1/n) = {m/n | m∈ℤ}. That’s sort of like an ideal, since it’s a commutative group under addition, and m(1/n)⊆(1/n) for all m∈ℤ. Also, under the obvious definition, (n)(1/n) = ℤ (since the product contains 1). So (1/n) surely acts like the “inverse” of the ideal (n) of ℤ for any n.

Suppose R is any commutative ring with an identity and M is any set at all (not necessarily related directly to R) where one can define an operation of multiplication rm=mr for r∈R and m∈M. Suppose further that:

1. M is a commutative group under addition.
2. rm∈M for all r∈R and m∈M.
3. 1m = m for all m∈M.
4. r(m1 + m2) = rm1 + rm2 for all r∈R, m1,m2∈M.

Then M is said to be an R-module. (If R isn’t commutative, one can define R-modules by being a little more picky about the definition.) So from the example above, (1/n) is a ℤ-module, and also any ideal of a ring R is an R-module.

Given all that, if R is an integral domain, whatever a fractional ideal of R might be, it certainly should be an R-module. Indeed, we can formally define a fractional ideal of R as an R-module M such that:

1. M⊆F, if F is the field of quotients of R.
2. The multiplication rm for r∈R and m∈M is just the normal multiplication in F.
3. There is some nonzero r∈R such that rM⊆R.

(As a reminder, the field of quotients of an integral domain R is defined as follows. Consider the set of pairs (m,n), with m,n∈R, n≠0 Consider two pairs (m,n) and (m′,n′) to be equivalent just in case mn′=m′n. (Think of this as fractions, where m/n = m′/n&prime when mn′=m′n.) The underlying set of the field of quotients is the set of equivalence classes of pairs under this relation. Define addition on this set by (m,n)+(m′,n′) = (mn′+m′n,nn′) and multiplication by (m,n)(m′,n′) = (mm′,nn′). Then it can be shown that addition and multiplication are well-defined, and the set of equivalence classes of pairs is indeed a field.)

Multiplication of fractional ideals is defined just like multiplication of ideals: M⋅M′= {∑1≤k≤n mkm′k | mk∈M, m′k∈M′, n∈ℤ, n>0}. With this definition, the set of fractional ideals of R is a monoid. The question is: what conditions on R will guarantee that fractional ideals form a group? This is not just a matter of idle curiosity, because it turns out that for rings with the right properties, one has unique factorization in the group of fractional ideals, and in the set of integral (i. e. ordinary) ideals as well. For rings of algebraic integers, which just happen to have the right properties, this unique factorization of ideals is almost as good, for many purposes, as having unique factorization of ring elements themselves.

We need just a few more concepts before we can state the necessary conditions. A proper ideal of R is an ideal I that is not equal to R, i. e. a proper subset. One writes I⊂R. A prime ideal P is a proper ideal such that for all a,b∈R, ab∈P only if either a∈P or b∈P (or both). In ℤ, for example, (6) isn’t a prime ideal, since 2⋅3∈(6), but 2∉(6) and 3∉(6). A maximal ideal is a proper ideal P that is not properly contained in some other proper ideal P′. The integral domain R, with field of fractions F, is said to be integrally closed if every α∈F that is integral (i. e. an algebraic integer of F) over R is actually an element of R. For example, if R=ℤ, then F=ℚ, and to say α∈R is integral over F means f(α)=0 for some monic polynomial f(x) with coefficients in R, i. e. f(x)∈ℤ[x]. If α=a/b for a,b∈ℤ, then when you “clear fractions” in f(a/b)=0, you find b|a. This argument applies in any UFD, so in fact any UFD is integrally closed.

Lastly, we need a type of finiteness condition. An ideal I is said to be finitely generated if it has the form I = {∑x∈S axx | ax∈R for all x∈S}, where S⊆R is a finte set of generators. It is much like a principal ideal, except for having n=#(S) generators instead of 1. If all ideals of a ring are finitely generated, the ring is said to be Noetherian, after Emmy Noether (1882-1935). There are several equivalent characterizations of Noetherian rings. For instance, R is Noetherian if and only if every nonempty family of ideals of R has a maximal element (which contains all the other members of the family) with respect to inclusion.

Finally we can state the crucial result: If R is an integral domain, then the following are equivalent:

1. R is Noetherian, integrally closed, and every nonzero prime ideal is maximal.
2. Every nonzero ideal of R is uniquely expressible as a product of prime ideals.
3. Every nonzero ideal of R is a product of prime ideals.
4. The set of nonzero fractional ideals of R forms a group under multiplication.

The first item on this list characterizes R in terms of several ring-theoretic properties. The second item is unique factorization into prime ideals, and it is in fact equivalent to the apparently weaker third item. The fourth item is the key fact, which answers our earlier quesion about when the fractional ideals of R form a group.

Any integral domain R that has one of these properties has all of them, and is called a Dedekind domain, after Richard Dedekind (1831-1916). It isn’t hard to show that if F⊇ℚ is a finite field extension, then the ring OF of algebraic integers of F has the properties listed in the first item, and so OF is a Dedekind domain and has the other properties also.

As rings, Dedekind domains have some very nice properties. For example, if R is a Dedekind domain:

1. P is a prime ideal of R if and only if it is indecomposable, i. e. P ≠ I⋅I′ where I and I′ are ideals other than P or R.
2. If P is a prime ideal and P divides the product I⋅I′ of two ideals (P|I⋅I′), then P|I or P|I′.
3. Divisibility between fractional ideals is equivalent to inclusion, i. e. if M and M′ are nonzero fractional ideals, then M divides M′ if and only if M⊇M′. (Multiplication of ideals yields a result that is smaller.)
4. If R is a unique factorization domain, it is a principal ideal domain.
5. Every fractional ideal M of R can be generated by at most two elements, and one of these elements of M can be chosen arbitrarily.

Dedekind, Emmy Noether, and a few others were the main developers of ideal theory in this form, and Dedekind was a leading figure in the theory of algebraic numbers in general. Ernst Kummer (1810-1893) somewhat earlier had a more primitive theory of “ideal numbers” which provided a kind of unique factorization of algebraic numbers, but Dedekind made the theory much simpler and more general.

In the next installment we’ll look at simple examples of how ideals that are prime in a ring of integers may split into factors in the ring of integers of an extension field. This is a very key issue in the overall theory. Eventually we will see how this abstract point of view generalizes some important ideas, called “reciprocity laws” from classical number theory.