Number Theory

Andrew Kobin
Contents

I Elementary Number Theory vii

1 Introduction 1
1.1 Divisibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2 The Division Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.3 Greatest Common Divisors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2 The Prime Numbers 12

2.1 The Fundamental Theorem of Arithmetic . . . . . . . . . . . . . . . . . . . . 14
2.2 The Infinitude of Primes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.3 Special Primes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

3 Linear Congruence 21
3.1 Modular Arithmetic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.2 Linear Congruence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

4 Fermat’s and Euler’s Theorems 29

4.1 Fermat’s Little Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
4.2 Euler’s and Wilson’s Theorems . . . . . . . . . . . . . . . . . . . . . . . . . 33

5 Public Key Cryptography 37

6 Higher Order Congruence 41

6.1 Finding Roots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
6.2 Primitive Roots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
6.3 Power Residues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

7 Reciprocity 50
7.1 Quadratic Residues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
7.2 Quadratic Reciprocity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
7.3 Applications of Quadratic Reciprocity . . . . . . . . . . . . . . . . . . . . . . 59

II Analytic Number Theory 63

8 Introduction 64

i
Contents Contents

9 Preliminaries 65
9.1 Basic Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
9.2 Euler-Maclaurin Summation . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
9.3 The Bernoulli Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77

10 Euler’s Work 79
10.1 On the Sums of Series of Reciprocals . . . . . . . . . . . . . . . . . . . . . . 80
10.2 Newton’s Identities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
10.3 Euler’s Product Form . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
10.4 The Prime Number Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . 97

11 Complex Analysis 100

11.1 Arithmetic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
11.2 Functions and Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
11.3 Line Integrals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
11.4 Differentiability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
11.5 Integration in the Complex Plane . . . . . . . . . . . . . . . . . . . . . . . . 118
11.6 Singularities and the Residue Theorem . . . . . . . . . . . . . . . . . . . . . 124

12 Zeta Functions and L-Series 129

12.1 The Functional Equation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
12.2 Finding the Zeros . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
12.3 Sketch of the Prime Number Theorem . . . . . . . . . . . . . . . . . . . . . 141
12.4 Dirichlet Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143

III Algebraic Number Theory 145

13 Introduction 146
13.1 Attempting Fermat’s Last Theorem . . . . . . . . . . . . . . . . . . . . . . . 147

14 Algebraic Number Fields 150

14.1 Integral Extensions of Rings . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
14.2 Norm and Trace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
14.3 The Discriminant . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
14.4 Factorization of Ideals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160
14.5 Ramification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
14.6 Cyclotomic Fields and Quadratic Reciprocity . . . . . . . . . . . . . . . . . . 172
14.7 Lattices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 175
14.8 Norms of Ideals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
14.9 The Class Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
14.10The Unit Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190

ii
Contents Contents

15 Local Fields 196

15.1 Discrete Valuation Rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
15.2 The p-adic Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
15.3 Absolute Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
15.4 Local Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
15.5 Henselian Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217
15.6 Ramification Theory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220
15.7 Extensions of Valuations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
15.8 Galois Theory of Valuations . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
15.9 Higher Ramification Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
15.10Discriminant and Different . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243

16 Adèlic Number Theory 247

16.1 Restricted Direct Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248
16.2 Adèles and Idèles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
16.3 Idèle Class Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255

IV Class Field Theory 260

17 Global Class Field Theory 261
17.1 The Hilbert Class Field . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
17.2 Orders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
17.3 Frobenius Automorphisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
17.4 Ray Class Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283
17.5 L-series and Dirichlet Density . . . . . . . . . . . . . . . . . . . . . . . . . . 288
17.6 The Frobenius Density Theorem . . . . . . . . . . . . . . . . . . . . . . . . . 296
17.7 The Second Fundamental Inequality . . . . . . . . . . . . . . . . . . . . . . . 302
17.8 The Artin Reciprocity Theorem . . . . . . . . . . . . . . . . . . . . . . . . . 309
17.9 The Conductor Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
17.10The Existence and Classification Theorems . . . . . . . . . . . . . . . . . . . 317
17.11The Čebotarev Density Theorem . . . . . . . . . . . . . . . . . . . . . . . . 320
17.12Ring Class Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 326

18 Quadratic Forms and n-Fermat Primes 331

18.1 Binary Quadratic Forms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
18.2 The Form Class Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
18.3 n-Fermat Primes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

19 Adèlic Class Field Theory 345

19.1 Frobenius Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
19.2 Artin Reciprocity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
19.3 Kronecker-Weber Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350

iii
Contents Contents

V Elliptic Curves 353

20 Introduction 354
20.1 Geometry and Number Theory . . . . . . . . . . . . . . . . . . . . . . . . . 356
20.2 Rational Curves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359

21 Algebraic Geometry 362

21.1 Affine and Projective Space . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
21.2 Morphisms of Affine Varieties . . . . . . . . . . . . . . . . . . . . . . . . . . 370
21.3 Morphisms of Projective Varieties . . . . . . . . . . . . . . . . . . . . . . . . 374
21.4 Products of Varieties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376
21.5 Blowing Up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
21.6 Dimension of Varieties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380
21.7 Complete Varieties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382
21.8 Tangent Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
21.9 Local Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

22 Curves 390
22.1 Divisors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
22.2 Morphisms Between Curves . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
22.3 Linear Equivalence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398
22.4 Differentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400
22.5 The Riemann-Hurwitz Formula . . . . . . . . . . . . . . . . . . . . . . . . . 402
22.6 The Riemann-Roch Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
22.7 The Canonical Map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
22.8 Bézout’s Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
22.9 Rational Points of Conics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409

23 Elliptic Curves 414

23.1 Weierstrass Equations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416
23.2 Moduli Spaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418
23.3 The Group Law . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420
23.4 The Jacobian . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422

24 Rational Points on Elliptic Curves 425

24.1 Isogenies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427
24.2 The Dual Isogeny . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 431
24.3 The Weil Conjectures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434
24.4 Elliptic Curves over Local Fields . . . . . . . . . . . . . . . . . . . . . . . . . 436
24.5 Jacobians of Hyperelliptic Curves . . . . . . . . . . . . . . . . . . . . . . . . 442

25 The Mordell-Weil Theorem 443

25.1 Some Galois Cohomology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 444
25.2 Selmer and Tate-Shafarevich Groups . . . . . . . . . . . . . . . . . . . . . . 447
25.3 Twists, Covers and Homogeneous Spaces . . . . . . . . . . . . . . . . . . . . 452
25.4 Descent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 457

iv
Contents Contents

25.5 Heights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465

26 Elliptic Curves and Complex Analysis 467

26.1 Elliptic Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468
26.2 Elliptic Curves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475
26.3 The Classical Jacobian . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480
26.4 Jacobians of Higher Genus Curves . . . . . . . . . . . . . . . . . . . . . . . . 485

27 Complex Multiplication 487

27.1 Classical Complex Multiplication . . . . . . . . . . . . . . . . . . . . . . . . 488
27.2 Torsion and Rational Points . . . . . . . . . . . . . . . . . . . . . . . . . . . 491
27.3 Class Field Theory with Elliptic Curves . . . . . . . . . . . . . . . . . . . . . 495

VI L-Functions 496
28 Introduction 498

29 Locally Compact Groups 503

29.1 Topological Vector Spaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504
29.2 Banach Algebras . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507
29.3 The Gelfand Transform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
29.4 Spectral Theorems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
29.5 Unitary Representations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516

30 Duality 518
30.1 Functions of Positive Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519
30.2 Fourier Inversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524
30.3 Pontrjagin Duality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 531

31 Functional Equations 537

31.1 Local ζ-Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 538
31.2 Adèlic and Idèlic Characters . . . . . . . . . . . . . . . . . . . . . . . . . . . 547
31.3 Schwartz-Bruhat Functions and Riemann-Roch . . . . . . . . . . . . . . . . 550
31.4 Global Zeta Functions and Functional Equations . . . . . . . . . . . . . . . . 555
31.5 Hecke L-Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559

VII Modular Forms 566

32 Modular Forms 567
32.1 The Upper Half-Plane . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 568
32.2 Modular Functions and Modular Forms . . . . . . . . . . . . . . . . . . . . . 570
32.3 Modular Functions as Sections . . . . . . . . . . . . . . . . . . . . . . . . . . 574
32.4 q-Expansions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 577

v
Contents Contents

33 Hecke Operators 584

33.1 Hecke Operators on Lattices . . . . . . . . . . . . . . . . . . . . . . . . . . . 585
33.2 Hecke Operators on Modular Functions . . . . . . . . . . . . . . . . . . . . . 587
33.3 Eigenfunctions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 590
33.4 Petersson Inner Product . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 594
33.5 Theta Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596

34 Level Structure 601

34.1 Congruence Subgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
34.2 Modular Curves . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
34.3 Automorphic Forms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607

VIII Galois Cohomology 608

vi
 Part I

Elementary Number Theory

vii
Chapter 1

Introduction

The notes in Part I were compiled from a series of student-led lectures at Wake Forest
University under the advisory of Dr. Jeremy Rouse. The main source is Number Theory
Through Inquiry (Marshall, Odell and Starbird). The main topics include:

ˆ Divisibility

ˆ Prime numbers and their properties

ˆ Linear equations and modular arithmetic

ˆ Fermat’s, Euler’s and Wilson’s theorems

ˆ A brief introduction to the RSA Algorithm

ˆ Quadratic reciprocity

1
1.1. Divisibility Chapter 1. Introduction

1.1 Divisibility
Definition. The natural numbers are the counting numbers 1, 2, 3, . . ., denoted N.

Definition. The number 0 and the negative numbers extend the natural numbers to the
integers, denoted Z.

Definition. For two integers a and d, d divides a (or d | a) if there is an integer k such
that a = kd.

Definition. For two integers a and b, a and b are congruent modulo n if for some natural
number n, n | (a − b), denoted a ≡ b (mod n).

Example 1.1.1. Let n ∈ Z such that 6 | n. Prove that 3 | n.

Proof. Let 6 | n. Then there exists k ∈ Z such that n = 6k. By associativity, n = 6k = 3(2k)
and 2k ∈ Z so 3 | n.

Example 1.1.2. Let k ∈ Z such that k ≡ 7 (mod 2). Show that k ≡ 3 (mod 2).

Proof. Let k ≡ 7 (mod 2). Then 2 | (k − 7) so there exists j ∈ Z such that k − 7 = 2j. Then
k − 3 = 2j + 4 = 2(j + 2), so 2 | (k − 3) =⇒ k ≡ 3 (mod 2).

Theorem 1.1.3. Let a, b, c ∈ Z. If a | b and a | c then a | (b + c).

Proof. Let a | b and a | c. Then there exist integers j and k such that b = aj and c = ak.
Consider b + c. By substitution, b + c = aj + ak = a(j + k), so a | (b + c).

Theorem 1.1.4. Let a, b, c ∈ Z. If a | b and a | c then a | (b − c).

Proof. Let a | b and a | c. Then there exist integers j and k such that b = aj and c = ak.
Consider b − c. By substitution, b − c = aj − ak = a(j − k), so a | (b − c).

Theorem 1.1.5. Let a, b, c ∈ Z. If a | b and a | c then a | (bc).

Proof. Let a | b and a | c. Then there exist integers j and k such that b = aj and c = ak.
Consider bc = (aj)(ak) = a(jak) by association. So a | (bc).

Corollary 1.1.6. If a | b and a | c then a2 | (bc).

Proof. As above, bc = (aj)(ak) = a2 (jk) by commutativity. Thus a2 | (bc).

Corollary 1.1.7. If a | b then a | (bc).

Proof. For some integer j ∈ Z, bc = aj(c) = a(jc). Thus a | (bc).

Theorem 1.1.8. Every integer is congruent to itself. In other words, for all a, n ∈ Z with
n > 0, a ≡ a (mod n).

Proof. Let a, n ∈ Z with n > 0. Let k = 0 ∈ Z. Then 0 = nk so n | 0. And since a − a = 0,

n | (a − a). So a ≡ a (mod n) for all a ∈ Z.

2
1.1. Divisibility Chapter 1. Introduction

Theorem 1.1.9. Let a, b, n ∈ Z with n > 0. If a ≡ b (mod n) then b ≡ a (mod n).

Proof. Let a, b, n ∈ Z with n > 0 and suppose a ≡ b (mod n). Then n | (a − b) so there is
some integer k such that a − b = nk. And by commutativity, b − a = −nk so n | (b − a).
Therefore b ≡ a (mod n).
Theorem 1.1.10. Let a, b, c, n ∈ Z with n > 0. If a ≡ b (mod n) and b ≡ c (mod n) then
a ≡ c (mod n).
Proof. Let a, b, c, n ∈ Z and n > 0. Suppose a ≡ b (mod n) and b ≡ c (mod n). Then
n | (a − b) and n | (b − c) so there exist j, k ∈ Z such that a − b = nj and b − c = nk. Solving
for b, we get b = a − nj = ak + c. Then a − c = nj + nk = n(j + k) and j + k ∈ Z, so
n | (a − c). Thus a ≡ c (mod n).
Note that Theorems 1.1.8 – 1.1.10 establish an equivalence relation for congruence. In
particular, congruence is reflexive (1.1.8), symmetric (1.1.9) and transitive (1.1.10).
Theorem 1.1.11. Let a, b, c, d, n ∈ Z with n > 0. If a ≡ b (mod n) and c ≡ d (mod n)
then a + c ≡ b + d (mod n).
Proof. Let a, b, c, d, n ∈ Z with n > 0. Suppose a ≡ b (mod n) and c ≡ d (mod n). Then
n | (a − b) and n | (c − d) so there exist j, k ∈ Z such that a − b = nj and c − d = nk. Then
(a − b) + (c − d) = nj + nk
(a + c) − (b + d) = n(j + k)
and j + k ∈ Z so n | ((a + c) − (b + d)). Thus a + c ≡ b + d (mod n).
Theorem 1.1.12. Let a, b, c, d, n ∈ Z with n > 0. If a ≡ b (mod n) and c ≡ d (mod n)
then a − c ≡ b − d (mod n).
Proof. Let a, b, c, d, n ∈ Z with n > 0. Suppose a ≡ b (mod n) and c ≡ d (mod n). Then
n | (a − b) and n | (c − d) so there exist j, k ∈ Z such that a − b = nj and c − d = nk. Then
(a − b) − (c − d) = nj − nk
(a − c) − (b − d) = n(j − k).
And j − k ∈ Z so n | ((a − c) − (b − d)). Thus a − c ≡ b − d (mod n).
Theorem 1.1.13. Let a, b, c, d, n ∈ Z with n > 0. If a ≡ b (mod n) and c ≡ d (mod n)
then ac ≡ bd (mod n).
Proof. Let a, b, c, d, n ∈ Z with n > 0. Suppose a ≡ b (mod n) and c ≡ d (mod n). Then
n | (a − b) and n | (c − d) so there exist j, k ∈ Z such that a − b = nj and c − d = nk. Then
(a − b)c = njc and b(c − d) = bnk
ac − bc = njc bc − bd = nkb.
So
(ac − bc) + (bc − bd) = njc + nkb
ac − bd = n(jc + kb).
Then n | (ac − bd) by which ac ≡ bd (mod n).

3
1.1. Divisibility Chapter 1. Introduction

Does divisibility work with congruence in the same way? Counterexample: let n = 10,
a = 0, b = 2 and c = 5. Then ac ≡ bc (mod n) but a ≡ 6 b (mod n). Divisibility must be
handled differently.

Fact: If gcd(a, n) = 1 then there is some k ∈ Z+ such that ak ≡ 1 (mod n). (This makes no
claims as to what we have to choose for particular a and n.)

Example 1.1.14. Show that if a ≡ b (mod n) then a2 ≡ b2 (mod n).

Proof. Since a ≡ b (mod n), then n | (a − b) so there exists k ∈ Z such that a − b = nk.
Multiplying by a + b we get

(a + b)(a − b) = nk(a + b)
a2 − b2 = nk(a + b).

And k(a + b) ∈ Z by closure so n | (a2 − b2 ). Thus a2 ≡ b2 (mod n).

Theorem 1.1.15. If a ≡ b (mod n) then ak ≡ bk (mod n) for all k > 0.

Proof. Let a ≡ b (mod n). The base case is proven in the example above. Now suppose that
ak−1 ≡ bk−1 (mod n). Then by Theorem 1.1.13, a(ak−1 ) ≡ b(bk−1 ) (mod n) which implies
ak ≡ bk (mod n). Hence by induction on k ∈ N, if a ≡ b (mod n) then ak ≡ bk (mod n).

Lemma 1.1.16. For all k ∈ Z, 3 | (10k − 1).

Proof. The base case is 3 | 9. Suppose 3 | (10k−1 − 1). Then there is some x ∈ Z such that
10k−1 − 1 = 3x. Multiplying by 10 gives us

10k − 10 = 30x
10k − 1 − 9 = 30x
10k − 1 = 30x + 9 = 3(10x + 3).

So 3 | (10k − 1), proving the lemma.

Theorem 1.1.17. Let n ∈ N such that n = ak ak−1 · · · a1 a0 where ai is the ith digit of n (as
opposed to a factor of n). If m = ak + ak−1 + . . . + a1 + a0 then n ≡ m (mod 3).

Proof. Let n and m be as described. We can write n = 10k ak + 10k−1 ak−1 + . . . + 10a1 + a0 .
Consider n − m = (10k − 1)ak + (10k−1 − 1)ak−1 + . . . + (10 − 1)a1 . And by the Lemma,
3 | (10i − 1) for each 1 ≤ i ≤ k. So 3 | (n − m), by which n ≡ m (mod 3).

4
1.2. The Division Algorithm Chapter 1. Introduction

1.2 The Division Algorithm

The Well-Ordering Axiom: Let S be any nonempty set of natural numbers. Then S has
a smallest element.

The Division Algorithm: Let m, n ∈ N. Then

(1) There exist q, r ∈ Z such that m = nq + r and 0 ≤ r ≤ n − 1.

(2) Moreover, if nq + r = nq 0 + r0 with 0 ≤ r, r0 ≤ n − 1 then q = q 0 and r = r0 .

Proof. (1) Let m, n ∈ N and let S = {ni ∈ N | ni ≥ m}. Then by the Well-Ordering Axiom,
S has a smallest element, say nj. Then nj ≥ m but n(j − 1) < m because n(j − 1) 6∈ S. Let
q = j − 1 and r = m − nq. Since 0 ≤ r < n and m = nq + r, the existence portion holds.

(2) Let nq + r = nq 0 + r0 . Then nq − nq 0 = r − r0 =⇒ n | (r − r0 ). Since 0 ≤ r, r0 ≤ n − 1,

−n + 1 ≤ r − r0 ≤ n − 1. And since n − 1 < n, 0 is the only integer in this interval that is
divisible by n. Thus r − r0 = 0. This gives us n(q − q 0 ) = r − r0 = 0. Since n ∈ N, n 6= 0 so
q − q 0 = 0. Therefore q = q 0 and r = r0 .

Example 1.2.1. Let m = 25, n = 7. Then 25 = 7(3) + 4, so q = 3 and r = 4.

Example 1.2.2. Let m = 33, n = 11. Then 33 = 11(3) + 0, so q = 3 and r = 0.

5
1.3. Greatest Common Divisors Chapter 1. Introduction

1.3 Greatest Common Divisors

Definition. A common divisor of a and b is an integer d such that d | a and d | b.
Definition. The greatest common divisor of a and b, at least one nonzero, is the largest
d such that d | a and d | b, denoted gcd(a, b) or just (a, b).
Definition. If gcd(a, b) = 1 then a and b are relatively prime.
Example 1.3.1. Find the gcd for the following pairs:

(36, 22) = 2
(45, −15) = 15
(−296, −88) = 8
(0, 256) = 256
(15, 28) = 1, relatively prime
(1, −2436) = 1, relatively prime
Theorem 1.3.2. Let a, n, b, r, k ∈ Z. If a = nb + r, k | a and k | b then k | r.
Proof. Let a = nb + r and suppose k | a and k | b. Then there exist s, t ∈ Z such that a = sk
and b = tk. Then
sk = ntk + r
r = sk − ntk
= k(s − nt).
And s − nt ∈ Z by closure, so k | r.
Theorem 1.3.3. Let a, b, n1 , r1 ∈ Z with a or b nonzero. If a = n1 b + r1 then gcd(a, b) =
gcd(b, r1 ).
Proof. Let a = n1 b + r1 and let d = gcd(a, b). Then a = jd and b = kd for appropriate
j, k ∈ Z. So
jd = n1 kd + r1
r1 = jd − n1 kd
= (j − n1 k)d.
And j − n1 k ∈ Z by closure, so d | r1 . Now take c, a common divisor of b and r1 and suppose
c 6= d. Then b = cs and r1 = ct for appropriate s, t ∈ Z. So
a = n1 cs + ct
= c(n1 s + t)
which implies c | a. But since d = gcd(a, b), c < d. Hence d is the greatest common divisor
of b and r1 .

6
1.3. Greatest Common Divisors Chapter 1. Introduction

The Euclidean Algorithm: Let a and b be any two integers. To find gcd(a, b),

(1) If either a or b is negative, then factor out a -1 without consequence.

(2) By the Division Algorithm, there exist q1 , r1 ∈ Z such that a = bq1 + r1 , with 0 ≤ r1 < b.

(3) Continue using the Division Algorithm to find q2 , r2 ∈ Z such that b = r1 q2 + r2 ,

≤ r2 < r1 ; q3 , r3 ∈ Z such that r1 = r2 q3 + r3 , 0 ≤ r3 < r2 ; etc.

(4) Eventually we will obtain qk , rk such that rk−2 = rk−1 qk +rk and rk = 0. Then rk−1 | rk−2
and by Theorem 1.3.3, rk−1 is the gcd of a and b.

Note: This algorithm must terminate because there are a finite number of integers between
0 and r1 .

Example 1.3.4. Use the Euclidean Algorithm to compute the gcd of the following pairs:

(1) gcd(96, 112):

112 = 96(1) + 16
96 = 16(6) + 0
so gcd(96, 112) = 16.

(2) gcd(162, 31):

162 = 31(5) + 7
31 = 7(4) + 3
7 = 3(2) + 1
3 = 1(3) + 0
so gcd(162, 31) = 1 and they are relatively prime.

(3) gcd(0, 256):

256 = 0(q1 ) + 256
0 = 256(0) + 0
so gcd(0, 256) = 256.

(4) gcd(−288, −166):

-288 = -166(2) + 44
-166 = 44(-4) + 10
44 = 10(4) + 4
10 = 4(2) + 2
4 = 2(2) + 0
so gcd(−288, −166) = 2.

(5) gcd(1, −2436):

-2436 = 1(-2436) + 0
so gcd(1, −2436) = 1 and they are relatively prime.

Example 1.3.5. Find x, y ∈ Z such that 162x + 31y = 1.

7
1.3. Greatest Common Divisors Chapter 1. Introduction

gcd(162, 31) = 1 =⇒ 162 = 31(5) + 7 =⇒ 7 = 162 − 31(5)

31 = 7(4) + 3 =⇒ 3 = 31 − 7(4)
7 = 3(2) + 1 =⇒ 1 = 7 − 3(2).
Then
1 = 7 − 3(2)
= 7 − (31 − 7(4))(2)
= 7 − 31(2) + 7(8) = 7(9) − 31(2)
= (162 − 31(5))(9) − 31(2)
= 162(9) − 31(45) − 31(2)
= 162(9) − 31(47).
So let x = 9 and y = −47.
Theorem 1.3.6. Let a, b ∈ Z. Then (a, b) = 1 if and only if there exist x, y ∈ Z such that
ax + by = 1.
Proof. ( =⇒ ) Let gcd(a, b) = 1. By the Euclidean Algorithm, there are sequences of qk and
rk such that
a = bq1 + r1
b = r1 q2 + r2
..
.
rk−2 = rk−1 qk + rk
where 0 ≤ rk < rk−1 < rk−2 < . . . < r2 < r1 < b and rk = gcd(a, b) = 1. For the base case,
let k = 2. Then a = bq1 + r1 and b = r1 q2 + 1. So
1 = b − r1 q 2
= b − (a − bq1 )q2
= b − aq2 + bq1 q2
= b(1 + q1 q2 ) − aq2 .
Letting x = −q2 and y = 1 + q1 q2 gives us ax + by = 1, so the base case holds. Now suppose
for all k ≤ N the property holds. Then
1 = rN −2 − rN −1 qN
= rN −2 − (rN −3 − rN −2 qN −1 )qN = rN −2 (1 + qN qN −1 ) − rN −3
= (rN −4 − rN −3 qN −2 )(1 + qN qN −1 ) − rN −3
= rN −4 + rN −4 qN qN −1 − rN −3 qN −2 − rN −3 qN −2 qN −1 qN − rN −3
= rN −4 (1 + qN qN −1 ) − rN −3 (qN −2 + qN −2 qN −1 qN + 1)
..
.
= ax + by

8
1.3. Greatest Common Divisors Chapter 1. Introduction

where x, y ∈ Z. Suppose rN 6= 1 but rN +1 = 1. Then rN = ax + by by above, and

1 = rN −1 − rN qN +1
= rN −1 − axqN +1 − byqN +1 .

But by the inductive hypothesis, rN −1 = ax0 + by 0 for some x0 , y 0 ∈ Z. So

1 = ax0 + by 0 − axqN +1 − byqN +1

= a(x0 − xqN +1 ) + b(y 0 − yqN +1 ).

Hence for all k ∈ Z, this process yields integers x and y such that ax + by = 1.

( ⇒= ) Suppose ax + by = 1 for some x, y ∈ Z. Let k = gcd(a, b). Then a = kc and b = kd

for some c, d ∈ Z. So 1 = kcx + kdy = k(cx + dy), implying k | 1. Therefore k = 1.

Theorem 1.3.7. For any integers a and b, not both zero, there exist x, y ∈ Z such that
ax + by = gcd(a, b).

Proof. Let a, b ∈ Z with at least one nonzero. Let k = gcd(a, b). By the Euclidean Algorithm,
we have the following:

a = bq1 + r1 0 < r1 < b

b = r1 q 2 + r2 0 < r2 < r1
r1 = r2 q 3 + r3 0 < r3 < r2
.. ..
. .
rn−1 = rn qn+1 + rn+1 0 < rn+1 < rn
rn = rn+1 qn+2 + rn+2 rn+2 = gcd(a, b) = k.

Then

rn+2 = rn − rn+1 qn+2

= rn − (rn−1 − rn qn+1 )qn+2
= rn (1 + qn+1 qn+2 ) − rn−1 qn+2 .

Eventually we will reach

rn+2 = bc + r1 d for some c, d ∈ Z

= bc + (a − bq1 )d
= b(c − q1 d) + ad.

Let x = d, y = c − q1 d and recall that k = rn+2 . Then ax + by = k.

Corollary 1.3.8. If (a, b) = g then (a/g, b/g) = 1.

Proof omitted.

9
1.3. Greatest Common Divisors Chapter 1. Introduction

Theorem 1.3.9. Let a, b, c ∈ Z. If a | (bc) and (a, b) = 1 then a | c.

Proof. Let a | (bc) and (a, b) = 1. Then there exists k ∈ Z such that bc = ak. By
Theorem 1.3.6, there exist x, y ∈ Z such that ax + by = 1. Multiplying through by c, we get
c = axc + byc
= axc + (bc)y
= axc + (ak)y
= a(xc + ky).
Thus a | c.
Theorem 1.3.10. If a | n, b | n and (a, b) = 1 then (ab) | n.
Proof. Let a | n, b | n and (a, b) = 1. Then n = aj = bk for appropriate j, k ∈ Z. And by
Theorem 1.3.6, ax + by = 1 for some x, y ∈ Z. Multiyplying by n, we get
n = axn + byn
= axbk + byaj
= ab(xk + yj).
Thus (ab) | n.
Theorem 1.3.11. Let a, b, n ∈ Z. If (a, n) = 1 and (b, n) = 1 then (ab, n) = 1.
Proof. By Theorem 1.3.6, ax + ny = 1 and bz + nw = 1 for some x, y, z, w ∈ Z. Multiplying
the above equations together, we get
1 = (ax + ny)(bz + nw)
= axbz + nynw + axnw + nybz
= ab(xz) + n(nyw + axw + ybz).
So by Theorem 1.3.6 again, (ab, n) = 1.
We can now answer the division question for congruence modulo n. The following is a
partial converse to Theorem 1.1.13.
Theorem 1.3.12. If ac ≡ bc (mod n) and (c, n) = 1 then a ≡ b (mod n).
Proof. Since ac ≡ bc (mod n), there exists an integer k such that ac − bc = nk. And since
(c, n) = 1, cx + ny = 1 for some x, y ∈ Z by Theorem 1.3.6. Multiplying the first equation
through by x, we get
acx − bcx = nkx
(a − b)cx = nkx
(a − b)(1 − ny) = nkx
a − b − ny(a − b) = nkx
a − b = nkx + ny(a − b).
So n | (a − b), which implies a ≡ b (mod n) as claimed.

10
1.3. Greatest Common Divisors Chapter 1. Introduction

Theorem 1.3.13. Given a, b, c ∈ Z with a and b not both zero, there exist x, y ∈ Z such
that ax + by = c if and only if gcd(a, b) | c.

Proof omitted.

Theorem 1.3.14. Given a, b, c ∈ Z with a and b not both zero, if x0 , y0 is a solution to

ax + by = c then all solutions are of the form
kb ka
x = x0 + , y = y0 −
(a, b) (a, b)

for some k ∈ Z.

Proof omitted.

11
Chapter 2

The Prime Numbers

The study of primes is a main focus in number theory:

ˆ They are fundamental building blocks of the natural numbers.

ˆ Using multiplication, any natural number can be obtained from some prime number(s).

Definition. A natural number p > 1 is prime if p is not the product of natural numbers
less than p.

Definition. A natural number n is composite if n is a product of natural numbers less

than n.

Theorem 2.0.1. If n > 1 is a natural number then there exists a prime p dividing n.

Proof. Suppose there are some natural numbers that do not have any prime factors. Let
S = {n > 1 | @p such that p | n}. By the Well-Ordering Axiom, S has a smallest element,
say n. If n were prime, n | n by which n 6∈ S. So n must be composite. Then by definition
there is some natural number k < n such that k | n. And because n is the smallest element
of S, k 6∈ S so there exists a prime p dividing k. Then p | k and k | n imply p | n,
contradicting n ∈ S. Hence all composite numbers (and thus all natural numbers) have a
prime divisor.
√
Theorem 2.0.2. A natural number n > 1 is prime if and only if for all p ≤ n, p does not
divide n.

Proof. ( =⇒ ) Suppose
√ n > 1 is prime. By definition√n is not the product of natural numbers
less than n. Since n < n there are no primes p ≤ n < n that divide n.
√ √
( ⇒= ) Now suppose that for all p ≤ n, p - n. Let S = {q ∈ N | √ q prime and n < q < n}.
By the Well-Ordering Axiom, S has a least element q. Consider n < q < n. In particular,
√
n < q. Squaring this inequality, we obtain n < q 2 . Since q is the smallest element of S,
for any r ∈ S with q < r, n < q 2 < qr. Therefore there is no prime less than n that divides
n, so n is prime.

Example 2.0.3. 101 is prime.

12
 Chapter 2. The Prime Numbers

√
Proof. Let n = 101. Note that 10 < 101 < 11 and

2 - 101
3 - 101
5 - 101
7 - 101.

So by Theorem 2.0.2, 101 is prime.

Definition. Let π(n) be the number of primes less than or equal to n. This is known as
Euler’s totient function, or simply Euler’s function.

Note that π(n)

n
is decreasing in general. A natural question is whether the ratio π(n)
n
converges or diverges as n gets large. This is intimately related to questions about the
distribution and infinitude of the primes.
π(n)
Conjecture. limn→∞ n
exists.

π(n)
The Prime Number Theorem: lim n = 1.
n→∞
log n

One of the most important results in Number Theory, this statement originally appeared
in various forms in papers by Euler, Legendre, Gauss and others in the late 18th Century.
In Riemann’s landmark 1859 manuscript On the Number of Primes Less Than a Given
Magnitude, Riemann outlined a method by complex analysis to obtain a proof of the theorem.
The Prime Number Theorem was proven independently by Hadamard and de la Vallé-Poissin
in 1896, using Riemann’s methods from forty years earlier.

13
2.1. The Fundamental Theorem of Arithmetic Chapter 2. The Prime Numbers

2.1 The Fundamental Theorem of Arithmetic

Lemma 2.1.1. Let p and q1 , q2 , . . . , qn be primes and k ∈ N such that pk = q1 q2 · · · qn . Then
p = qi for some 1 ≤ i ≤ n.
Proof. Since pk = q1 q2 · · · qn , q1 | (pk). And since p and q1 are both prime, (p, q1 ) = 1, so by
Theorem 1.3.9, q1 | k. Then there is some l1 ∈ N such that k = l1 q1 and we can write

pk = pl1 q1 = q1 q2 · · · qn
pq1 = q2 q3 · · · qn .

Similarly, q2 | (pl1 ) which implies there is some l2 ∈ N such that l1 = l2 q2 . Then as

above, pl2 = q3 q4 · · · qn . Continuing this process, we eventually reach some prime lk by
Theorem 2.0.1. At this point we have plk = qk · · · qn , so qk | (plk ). And since qk and lk are
both prime, (qk , lk ) = 1 and qk | p. But p is also prime so we must have qk = p.
Theorem 2.1.2 (Fundamental Theorem of Arithmetic). For every natural number n > 1,
there exist distinct primes p1 , p2 , . . . , pm and natural numbers r1 , r2 , . . . , rm such that n =
pr11 pr22 · · · prmm . Moreover, the sets {p1 , p2 , . . . , pm } and {r1 , r2 , . . . , rm } are unique up to the
order of the factors.
Note: the two statements of the Fundamental Theorem of Arithmetic are known respectively
as the Existence and Uniqueness portions of the Theorem. The Existence part can be
extended to say that 1 is uniquely represented as the product of no primes, or in other
words 1 is not prime.
Proof of Existence: Let n > 1 be a natural number. If n is prime, m = 1, p1 = n and
r1 = 1. Suppose n is composite. The base case is n = 4, which has the prime factorization
4 = 22 . Now suppose inductively that all n ≤ N − 1 can be written as the product of
powers of primes, n = pr11 pr22 · · · prnn . Consider N . If N is prime, as before m = 1, p1 = N
and r1 = 1 suffice. If N is composite, by Theorem 2.0.1 there exists a prime c that divides
N . Then N = cd for some d ∈ N; note that c, d < N . In particular, by the inductive
hypothesis d = pr11 pr22 · · · prmm for primes p1 , . . . , pm and natural numbers r1 , . . . , rm . Then
N = cpr11 pr22 · · · prmm , which is a prime factorization for N . By strong induction, for all n > 1
there exist primes p1 , . . . , pm and natural numbers r1 , . . . , rm such that n = pr11 pr22 · · · prmm .

Proof of Uniqueness: Let n > 1 be a natural number and suppose that

n = pr11 pr22 · · · prmm

= q1s1 q2s2 · · · qm
sm

where the pi and qi are all distinct primes, and the ri and si are natural numbers. Setting
these expressions equal, we have pr11 pr22 · · · prmm = q1s1 q2s2 · · · qm
sm
. Then by Lemma 2.1.1, p1 = qi
for some i. And since the q factors are distinct primes, repeated application of Lemma 2.1.1
yields pr11 = qisi . Then we have
s r
pr11 · · · prmm = q1s1 · · · qi−1
i−1 r1 i+1
p1 qi+1 · · · qksk .

14
2.1. The Fundamental Theorem of Arithmetic Chapter 2. The Prime Numbers

s
Again by Lemma 2.1.1, p2 = qj for some j. By the same reasoning, pr22 = qj j , so
s r s s
i−1 r1
pr11 pr22 · · · prmm = q1s1 · · · qi−1 i+1
p1 qi+1 j−1 r2
· · · qj−1 j+1
p2 qj+1 · · · qksk .

Repeating this process, we eventually replace each qlsl with prt t . Thus for every natural
number expressed as a product of powers of primes, the factorization is unique up to the
order of the factors.
Example 2.1.3. 12! can be expressed as

12! = 2 · 3 · 4 · 5 · 6 · 7 · 8 · 9 · 10 · 11 · 12
= 2 · 3 · 22 · 5 · (2 · 3) · 7 · 23 · 32 · (2 · 5) · 11 · (22 · 3)
= 28 · 35 · 5 · 7 · 11.

Definition. If x ∈ R the floor function, denoted bxc, is the largest k ∈ Z so that k ≤ x.

∞  
X n
Remark. The power of p in the unique prime factorization of n! is given by k
.
k=1
p

Theorem 2.1.4. Let a, b > 1 have prime factorizations

a = pr11 pr22 · · · prmm

b = q1s1 q2s2 · · · qksk .

Then a | b if and only if for all i ≤ m there exists j ≤ k such that pi = qj and ri ≤ sj .
Proof. ( =⇒ ) Suppose a | b. Then there exists some n ∈ N such that b = an. By the
above prime factorizations, q1s1 q2s2 · · · qksk = pr11 pr22 · · · prmm n. But by the Fundamental Theorem
(2.1.2), n also has a prime factorization, so we can write

q1s1 q2s2 · · · qksk = tv11 tv22 · · · tvl l

where the tk are distinct primes. And since prime factorizations are unique up to order,
k = l and for each i ≤ l there exists some j ≤ k such that ti = qj and vi = sj . But
since every tvi i is a product of some pri i and a power of a prime factor of n, then pi = qj
and ri ≤ vi = sj . Therefore for every i ≤ m there is some j ≤ k such that pi = qj and ri ≤ sj .

( ⇒= ) Now suppose that for all i ≤ m there is some j ≤ k such that pi = qj and ri ≤ sj .
Then we can write

b = q1s1 · · · qksk
sm+1
= ps11 · · · psmm qm+1 · · · qksk

where qm+1 , . . . , qk are the leftover prime factors of b (if m < k). Then we can write
sm+1
b = pr11 pr22 · · · prmm · ps11 −r1 · · · psmm −rm qm+1 · · · qksk .
 

Setting n equal to the part in brackets, we have b = an. Therefore a | b.

15
2.1. The Fundamental Theorem of Arithmetic Chapter 2. The Prime Numbers

Theorem 2.1.5. If a, b ∈ N and a2 | b2 then a | b.

Proof omitted.

Example 2.1.6. Find gcd(314 · 722 · 115 · 173 , 52 · 114 · 138 · 17).

Factors in common are 114 and 171 . So gcd = 114 · 17 = 248, 897.

Definition. A rational number is a real number of the form ab , where a and b are integers
and b is nonzero. The set of rational numbers is denoted Q.

Definition. A real number that is not rational is called irrational.

Theorem 2.1.7. There are no natural numbers m, n such that 7m2 = n2 .

r
Proof. Take m, n ∈ N. By the Fundamental Theorem of Arithmetic (2.1.2), m = pr11 · · · pj j
and n = q1s1 · · · qksk for unique sets of primes {p1 , . . . , pj } and {q1 , . . . , qk }. Then m2 =
2rj
p2r
1 · · · pj
1
and n2 = q12s1 · · · qk2sk . So
2rj
7m2 = 7p2r
1 · · · pj
1

2r 2r 2r
= p12r1 · · · pi−1i−1 72ri +1 pi+1i+1 · · · pj j .

But in the factorization of n2 every factor has even exponent. And since prime factorizations
are unique up to order of factors, 7m2 6= n2 .
√
Example 2.1.8. Show that 7 is irrational.
√ √
Proof. Suppose that 7 is rational. Then there exist integers a and b such that 7 = ab and
b 6= 0. Then

a2
7=
b2
=⇒ 7b = a2 .
2

But by Theorem
√ 2.1.7 there are no natural numbers such that 7b2 = a2 , a contradiction.
Therefore 7 is irrational.

Example 2.1.9. How many d ∈ N are there such that d | 1000?

First note that 1000 = 23 · 53 . Theorem 2.1.4 says that d must be composed of some subset
of the prime divisors of 1000, with exponents less than or equal to the exponents of 2 and
5. So d = 2a · 5b where a = 0, 1, 2, 3 and b = 0, 1, 2, 3. Therefore there are 16 choices in total
for d.

16
2.2. The Infinitude of Primes Chapter 2. The Prime Numbers

2.2 The Infinitude of Primes

There are an infinite number of primes.
Theorem 2.2.1. For all natural numbers n, (n, n + 1) = 1.
Proof. Let n ∈ N. Let x = −1 and y = 1 and consider
nx + (n + 1)y = n(−1) + n + 1
= −n + n + 1
= 1.
Thus there exist x, y ∈ Z such that nx + (n + 1)y = 1. Therefore by Theorem 1.3.6,
(n, n + 1) = 1.
Theorem 2.2.2. Let k ∈ N. Then there exists a natural number n such that for all j between
1 and k, j - n.
Proof. Let k ∈ N. Then k! = 2 · 3 · · · (k − 1) · k and for all j between 1 and k, j | k!. But
by Theorem 2.2.1, (k!, k! + 1) = 1. Thus no divisor of k! can divide k! + 1. Hence for all j,
1 < j ≤ k, j - (k! + 1), and all natural numbers k have some larger natural number that is
indivisible by any natural number less than k.
This shows one way we can produce natural numbers that are specifically not divisible
by another number or numbers.
Theorem 2.2.3. Let k ∈ N. Then there exists a prime p such that p > k.
Proof. Let k ∈ N. Then by Theorem 2.2.2, there exists n ∈ N such that n > k and for all
j, 1 < j ≤ k, j - n. If n is prime then we have a prime > k. Suppose n is composite. Then
by the Fundamental Theorem of Arithmetic (2.1.2), n = pr11 pr22 · · · prmm for distinct primes
p1 , p2 , . . . , pm and natural numbers r1 , r2 , . . . , rm . Thus p1 | n. But since for all j ≤ k, j - n,
we must have p1 > k. So in all cases, there exists a prime greater than k.
Theorem 2.2.4 (The Infinitude of Primes). There are infinitely many prime numbers.
Proof. Suppose there is a greatest prime number pk . Let {p1 , p2 , . . . , pk } be the finite set
of primes, which are all ≤ pk . Let t = p1 p2 · · · pk + 1. Take some pi ∈ {p1 , . . . , pk }. Then
pi | (p1 p2 · · · pk + pi ) but pi 6= 1 since 2 is the smallest prime. Thus there is no pi that divides
t =⇒ t has no prime factors =⇒ t is prime, a contradiction. Hence there are infinite
number of primes.
Lemma 2.2.5. If r1 , r2 , . . . , rm ∈ N and for all i, ri ≡ 1 (mod 4) then r1 r2 · · · rm ≡ 1
(mod 4).
Proof. Let ri ≡ 1 (mod 4) for all i. Then 4 | (r1 − 1) for each i =⇒ ri = 4ki + 1 for some
ki ∈ Z. So
r1 r2 · · · rm = (4k1 + 1)(4k2 + 1) · · · (4km + 1)
= 4m k1 k2 · · · km + 4m−1 k1 · · · + . . . + 1
= 4x + 1
for an integer x. Thus r1 r2 · · · rm ≡ 1 (mod 4) as well.

17
2.2. The Infinitude of Primes Chapter 2. The Prime Numbers

Theorem 2.2.6. There are infinitely many primes congruent to 3 (mod 4).

Proof. Suppose there is an na ≡ 3 (mod 4) such that it is the largest prime congruent
to 3 (mod 4). Then S = {ni | ni is prime and ni = 4ki + 3, ki ∈ Z} is finite. Define
t = 4n2 · · · na + 3 and take some ni ∈ S r {3}. Then ni | (n2 n3 · · · na + ni ). But since 3 is
the smallest prime of the form 4k + 3, ni - t. Therefore t has no prime factors of the form
4k + 3. Furthermore, by the Lemma, the product of primes of the form 4k + 1 is also of the
form 4k + 1; but t is not of this form, so t must be prime, a contradiction. Hence there are
infinitely primes of the form 4k + 3.
Dirichlet’s Theorem: For any a and b such that (a, b) = 1, there are infinitely many
primes of the form ak + b.
A proof will be given in Section 17.6.

18
2.3. Special Primes Chapter 2. The Prime Numbers

2.3 Special Primes

The largest known prime is of a special type called a Mersenne prime. The discovery of new
primes centers on the study of these special types of primes.
xm − 1
Example 2.3.1. Compute .
x−1
xm−1 + xm−2 + . . . + x2 + x + 1
x−1 ) xm − 1
−xm + xm−1
xm−1 − 1
−xm−1 + xm−2
xm−2 − 1
..
.
x2 − 1
−x2 + x
x−1
xm − 1
Thus = xm−1 + xm−2 + . . . + x2 + x + 1.
x−1
Theorem 2.3.2. Let n ∈ N. If 2n − 1 is prime then n must be prime.
Proof. Let n ∈ N and suppose 2n − 1 is prime. By Theorem 2.0.1, there is some prime p
such that p | n. So for some k ∈ Z, n = pk. Then 2n − 1 = 2pk − 1 = (2p )k − 1. By the
previous exercise, consider
(2p )k − 1
p
= (2p )k−1 + . . . + 2p + 1
2 −1
by which 2p − 1 | 2n − 1. But since 2n − 1 is prime, either 2p − 1 = (2p )k − 1 or 1. If 2p − 1 = 1
then 2p = 2, or p = 1, which cannot happen. So 2p − 1 = (2p )k − 1 and k = 1. Hence n is
prime.
Note that the converse does not hold. Counterexamples include 211 −1 and 267 −1. These
are examples of Mersenne numbers.
Lemma 2.3.3. For any m > 0, (x − y) | (xm − y m ).
m−1
X
Proof. Let m > 0 and L = xi y m−1−i . Then
i=0
m−1
X m−1
X
i+1 m−1−i
(x − y)L = x y − xi y m−i
i=0 i=0
m−1
X m−1
X
= xm + xi y m−i − xi y m−i − y m
i=1 i=1
m m
=x −y .
Hence (x − y) | (xm − y m ) as claimed.

19
2.3. Special Primes Chapter 2. The Prime Numbers

Theorem 2.3.4. Let n ∈ N. If 2n + 1 is prime then n is a power of 2.

Proof. Let n ∈ N and suppose 2n + 1 is prime; note that 2n + 1 is odd. Suppose n = pq

where p is odd. Then 2n + 1 = 2pq + 1 = (2p )q + 1. Letting x = 2p and y = −1, by the
Lemma we have that (2p + 1) | (2pq + 1). So 2n + 1 is composite, a contradiction. Therefore
n has no odd factors, which means n is a power of 2.

Definition. A Mersenne prime is a prime of the form 2p − 1, where p is prime.

k
Definition. A Fermat prime is a prime of the form 22 + 1.

Theorem 2.3.5. For any natural number n, there is a string of n consecutive composite
numbers.

Proof. Take (n + 1)!. Clearly 2, . . . , n | (n + 1)! and

2 | (n + 1)! + 2
3 | (n + 1)! + 3
etc.

So if 2 ≤ a ≤ n then a | (n+1)!+a. And finally n+1 | (n+1)!+(n+1) so for all n ∈ N there is

a string of n consecutive composite numbers: (n+1)!+2, (n+1)!+3, . . . , (n+1)!+(n+1).

Definition. A Sophie Germain prime is a prime number q such that p = 2q + 1 is also

prime.

Example 2.3.6. 23 is a Sophie Germain prime, since 2 · 23 + 1 = 47 is prime.

Modern number theory has many famous questions related to the distribution of primes
among the natural numbers.

The Twin Primes Question: Are there infinitely many pairs of primes that differ from
one another by two?

Examples include 11 and 13, 29 and 31, 41 and 43, etc. The percentage of prime numbers
among the first n naturals seems to slowly decrease as n gets larger. Gauss and Legendre
n
conjectured that π(n) ≈ .
log(n)
π(n)
The Prime Number Theorem: lim n = 1.
n→∞
log(n)

Proof omitted.

The Goldbach Conjecture: Every positive, even natural number n > 2 can be written as
n = p + q, where p and q are prime.

20
Chapter 3

Linear Congruence

21
3.1. Modular Arithmetic Chapter 3. Linear Congruence

3.1 Modular Arithmetic

Example 3.1.1. Show that 41 | (220 − 1).

(1) 25 = 32 ≡ −9 (mod 41)

(2) (25 )4 ≡ (−9)4 (mod 41) by Theorem 1.1.15

(3) 220 ≡ ((−9)2 )2 ≡ 812 (mod 41)

and since 81 ≡ −1 (mod 41), by Theorem 1.1.15, 812 ≡ (−1)2 (mod 41)

(4) Thus 220 ≡ 1 (mod 41), so 41 | (220 − 1).

Example 3.1.2. Find the smallest nonnegative k such that 39453 ≡ k (mod 12).

39 ≡ 3 (mod 12) so by Theorem 1.1.15, 39453 ≡ 3453 (mod 12).

3453 ≡ 3243+2·81+27+2·9+3
5 4 3 2
≡ 33 (33 )2 33 (33 )2 33
≡ 3 · 32 · 3 · 32 · 3
≡ 33 · 33 · 3
≡ 3 · 3 · 3 ≡ 3 (mod 12).

Algorithm. Find k such that 0 ≤ k < n and ar ≡ k (mod n).

Step 1: If possible, find the smallest b > 0 such that a ≡ b (mod n) and 0 ≤ b < a. Then
by Theorem 1.1.15, ar ≡ br (mod n).

Step 2: r can be written as the sum of powers of 2. To find this sum, find the greatest power
of 2 less than r, say 2k1 , then add this to the greatest power of 2 less than r − 2k1 ,
say 2k2 . Continue adding greatest powers of 2. This will terminate since the ki are
positive integers (well-ordered). The process will yield r = 2k1 + 2k2 + . . . + 2kt ,
where k1 > k2 > · · · > kt . Note that if r is odd, kt = 0.

Step 3: Find b2 mod n.

Step 4: Next, we can write

k1 +2k2 +...+2kt
br ≡ b2
k k kt
≡ b2 1 b2 2 · · · b2
≡ (b2 )t if r is even or (b2 )t b if r is odd

Step 5: Use the value of b2 found in Step 3 and t from Step 4 to find ar mod n.

Example 3.1.3. Let f (x) = 13x49 − 27x27 + x14 − 6. Show that f (98) ≡ f (−100) (mod 99).

22
3.1. Modular Arithmetic Chapter 3. Linear Congruence

Proof. Note that 98 ≡ −100 (mod 99). Then

f (98) ≡ 13(98)49 − 27(98)27 + (98)14 − 6

≡ 13(−100)49 − 27(−100)27 + (−100)14 − 6
≡ f (−100) (mod 99).

This property is generalized in the following theorem.

Theorem 3.1.4. Let f (x) = an xn + . . . + a1 x + a0 with n > 0 and ai ∈ Z for all i. Let x1 ,
x2 and m > 0 be integers. If x1 ≡ x2 (mod m) then f (x1 ) ≡ f (x2 ) (mod m).

Proof. See Theorems 1.1.11, 1.1.13 and 1.1.15.

Corollary 3.1.5. If n = ak ak−1 · · · a1 a0 (in base 10, i.e. digits are the ai ) and m = ak +
ak−1 + . . . + a1 + a0 then 9 | n if and only if 9 | m.

Proof omitted.

Corollary 3.1.6. If n and m are as above, 3 | n if and only if 3 | m

Proof omitted.

Theorem 3.1.7. Suppose f (x) is a polynomial of degree n > 0 and an > 0. Then there is
an integer k such that if x > k then f (x) > 0.

Proof. Let f (x) = an xn + . . . + a0 for n > 0, an > 0. Then f (x) > an−1 xn−1 + . . . + a0 . Let k
be the greatest solution to an−1 xn−1 +. . .+a0 ; then an−1 k n−1 +. . .+a0 = 0. If there is no such
k, f (x) > 0 for all x. If k exists and if x > k, then f (x) > f (k) > an−1 k n−1 + . . . + a0 = 0.
Letting k 0 = dke + 1, we have an integer k 0 such that if x > k 0 , f (x) > 0.

Theorem 3.1.8. Suppose f (x) is a polynomial of degree n > 0 and an > 0. Then for any
M there is an integer k such that if x > k then f (x) > M .

Proof. Let M > 0. Consider f (x) − M = an xn + . . . + a0 − M . Since this is a polynomial

with an > 0, by Theorem 3.1.7 there is a k ∈ Z such that for all x > k, f (x) − M > 0. Thus
for all x > k, f (x) > M .

Theorem 3.1.9. If f (x) is a polynomial of degree n > 0 with integer coefficients, then f (x)
is a composite number for infinitely many integers x.

Proof. Let f (x) = an xn + an−1 xn−1 + . . . a1 x + a0 with ai ∈ Z for all i between 0 and n. Let
g(x) be a divisor of f (x), where coefficients bi are integers. If bn > 0 then by Theorem 3.1.8,
for any M there is a k such that if x > k then g(x) > M . Letting M = 1, we have that for
an infinite number of integers x > k, g(x) > 1 which means f (x) is composite for an infinite
number of integers x > k. On the other hand, if bn < 0 then let h(x) = −g(x). Then h(x)
is also a factor of f (x), with positive leading coefficient, so the result follows.

23
3.1. Modular Arithmetic Chapter 3. Linear Congruence

Theorem 3.1.10. Given a ∈ Z and n ∈ N, there exists a unique t in the set {0, 1, 2, . . . , n −
1} such that a ≡ t (mod n).

Proof. Let a ∈ Z and n ∈ N. Then by the division algorithm there exist unique q, t ∈ Z
such that a = qn + t, where 0 ≤ t ≤ n − 1. Thus t ∈ {0, 1, 2, . . . n − 1}. And a − t = qn so
a ≡ t (mod n).

Definition. The set {0, 1, 2, . . . , n − 1} is called the canonical complete residue system
modulo n.

Definition. A set {a1 , a2 , . . . , ak } of integers is a complete residue system modulo n

if every integer x ≡ ai (mod n) for some ai in the set.

Example 3.1.11. modulo 4

canonical: {0, 1, 2, 3}

other examples of complete residue systems: {−4, −3, −2, −1} and {0, 5, 10, 15}

Theorem 3.1.12. Every complete residue system mod n contains n elements.

Proof omitted.

Definition. A complete residue system mod n has one representative of each equivalence
class.

Theorem 3.1.13. For n ∈ N, any set {a1 , a2 , . . . , an } of integers for which no two are
congruent mod n is a complete residue system mod n.

Proof. Let A = {a1 , a2 , . . . , an } with ai 6≡ aj (mod n) for all i 6= j. By the Division Algo-
rithm, there exist qi , ri and qj , rj such that ai = qi n + ri , aj = qj n + rj , 0 ≤ ri , rj ≤ n − 1
and ri 6= rj . Since the n elements of A must each have n distinct corresponding rk , then
for each ak ∈ A there is some rk ∈ {0, 1, . . . , n − 1} such that ak ≡ rk (mod n). And by
Theorem 3.1.10, all integers are congruent modulo n to one of {0, 1, . . . , n − 1}. So by tran-
sitivity, every integer is congruent to some ak ∈ A. Hence A is a complete residue system
mod n.

24
3.2. Linear Congruence Chapter 3. Linear Congruence

3.2 Linear Congruence

What are the solutions, if any, to ax ≡ b (mod n)? And how do we find them?
Example 3.2.1. Find all solutions in the canonical complete residue system that satisfy the
following:

(1) 26x ≡ 14 (mod 3)

x=1

(2) 2x ≡ 3 (mod 5)
x=4

(3) 4x ≡ 7 (mod 8)
there are no solutions

(4) 24x ≡ 123 (mod 213)

x = 14

Theorem 3.2.2. Let a, b, n ∈ Z with n > 0. Then ax ≡ b (mod n) has a solution if and
only if there exist integers x, y such that ax + ny = b.
Proof. (implies) Suppose x is an integer satisfying ax ≡ b (mod n). Then ax − b = nk for
some k ∈ Z. Thus ax + (−k)n = b and by letting y = −k, we have x, y ∈ Z such that
ax + ny = b.

( ⇒= ) Now suppose there exist x, y ∈ Z such that ax + ny = b. Then ax = (−y)n + b =⇒

ax − b = (−y)n =⇒ n | (ax − b). Hence ax ≡ b (mod n).
Theorem 3.2.3. Let a, b, n ∈ Z with n > 0. Then ax ≡ b (mod n) has a solution if and
only if (a, n) | b.
Proof. ( =⇒ ) Suppose x is an integer that satisfies ax ≡ b (mod n). Then ax + ny = b for
some x, y ∈ Z by Theorem 3.2.2. Let g = (a, n). Then a = bj and n = gk for j, k ∈ Z. So
we have b = gjx + gky = g(jx + ky). Thus g | b.

( ⇒= ) Now suppose g | b, so b = gd for some d ∈ Z. By Theorem 1.3.7, there are integers

x, y such that

ax + ny = g
ax − g = −ny.

Multiplying by d, we get

axd − gd = −nyd
a(xd) − b = n(−yd).

So a(xd) ≡ b (mod n). Thus xd is a solution to ax ≡ b (mod n).

25
3.2. Linear Congruence Chapter 3. Linear Congruence

Theorem 3.2.4. Let a, b, n ∈ Z with n > 0. Then

(1) ax ≡ b (mod n) has at least one integer solution if and only if (a, n) | b (from Theo-
rem 3.2.3)
(2) Let x0 be a solution to ax ≡ b (mod n). Then all solutions are given by
 
n
x0 + ·m (mod n) for m = 0, 1, . . . , (a, n) − 1.
(a, n)

(3) If ax ≡ b (mod n) has a solution, then there are exactly (a, n) solutions in the canonical
complete residue system mod n.
Proof omitted.
Example 3.2.5. Find a solution to the following system of congruences
x ≡ 3 (mod 17)
x ≡ 10 (mod 16)
x ≡ 0 (mod 15).
First, 15 | x so x = 15c for some c ∈ Z.
Then 15c ≡ 3 (mod 17) =⇒ c = 7, 24, 41, 58, 75, 92, 109, . . . , 262
And 15c ≡ 10 (mod 16) =⇒ c = 6, 22, 38, 54, 70, 86, 102, . . . , 262
Then a solution to the above system is 15 · 262 = 3930.

Example 3.2.6. Find all solutions to 24x ≡ 123 (mod 213).

(1) Find x, y such that 24x + 213y = (24, 213) = 3
(2) Every solution to 24x + 213y = 3 has the form
   
213 24
24 x + k + 213 y − k = 3
3 3

(3) All solutions to 24x ≡ 123 (mod 213) are then given by
    
213 24
41 24 x + k + 213 y − k = 123
3 3
     
213 24
24 41 x + k + 213 41 y − k = 123.
3 3
Example 3.2.7. Find a solution to the following system of congruences
x ≡ 1 (mod 2)
x ≡ 2 (mod 3)
x ≡ 3 (mod 4)
x ≡ 4 (mod 5)
x ≡ 5 (mod 6)
x ≡ 0 (mod 7).

26
3.2. Linear Congruence Chapter 3. Linear Congruence

A solution is x = 19.

Theorem 3.2.8. Let a, b, m, n ∈ Z with m, n > 0. Then the system

x ≡ a (mod n)
x ≡ b (mod m)

has a solution if and only if (n, m) | (a − b).

Proof. ( =⇒ ) Let x be a solution to the system above. Then x = nj + a = mk + b for
j, k ∈ Z. So

nj + a = mk + b
a − b = mk − nj.

If g = (n, m) such that n = gj 0 , m = gk 0 for j 0 , k 0 ∈ Z, then we have

a − b = gk 0 k − gj 0 j
= g(k 0 k − j 0 j).

So g | (a − b).

( ⇒= ) Now suppose g | (a − b). Then a − b = gd for some d ∈ Z. By Theorem 1.3.7, there

exist y, z such that g = ny + mz. So

a − b = (ny + mz)d
= nyd + mzd
a + n(−yd) = b + m(zd).

Letting x = a + n(−yd) = b + m(zd), we have that

x ≡ a (mod n)
x ≡ b (mod m).

So x is a solution to the system of linear congruences.

Theorem 3.2.9. Let a, b, m, n ∈ Z with m, n > 0 and (m, n) = 1. Then the system

x ≡ a (mod n)
x ≡ b (mod m)

has a unique solution modulo nm.

Proof. Suppose (n, m) = 1. Since 1 | (a − b), by Theorem 3.2.8 the system above has a
solution, say x. If x0 is another solution to the same system, then

x0 ≡ x ≡ a (mod n)
x0 ≡ x ≡ b (mod m).

27
3.2. Linear Congruence Chapter 3. Linear Congruence

So

x0 − x ≡ 0 (mod n)
x0 − x ≡ 0 (mod m).

Then we have n | (x0 − x), m | (x0 − x) and (n, m) = 1 so by Theorem 1.3.10, nm | (x0 − x).
Thus x0 ≡ x (mod nm) so x is unique mod nm.

Theorem 3.2.10 (Chinese Remainder Theorem). Suppose n1 , . . . , nL are positive integers

with (ni , nj ) = 1 for all i 6= j. Then the system

x ≡ a1 (mod n1 )
x ≡ a2 (mod n2 )
..
.
x ≡ aL (mod nL )

has a unique solution modulo n1 n2 · · · nL .

Proof. The base case L = 2 is given by Theorem 3.2.9. Assume for all l ≤ L, the system has
a unique solution mod n1 · · · nl , say x. Then consider the system

x ≡ a1 (mod n1 )
..
.
x ≡ aL+1 (mod nL+1 ).

Since gcd(a1 , . . . , aL+1 ) = 1 and 1 | (ai − aL+1 ) for all 1 ≤ i ≤ L, x is also a solution to
this new system of congruences. Suppose x0 is another solution to the L + 1 system. Then
as shown in the proof of Theorem 3.2.9, ni | (x0 − x) for all 1 ≤ i ≤ L + 1. And since
gcd(n1 , . . . , nL+1 ) = 1, Theorem 1.3.10 implies that n1 n2 · · · nL nL+1 | (x0 − x). Therefore
x0 ≡ x (mod n1 n2 · · · nL nL+1 ) which means x is unique modulo n1 n2 · · · nL nL+1 .

Example 3.2.11. To solve 3x ≡ 79 (mod 163), find a number f (3) so that 3 · f (3) ≡ 1
(mod 163).

1 + 163 = 164 char55

1 + 2(163) = 327 = 3(109) char51
So f (3) = 109. Then multiply:

(109 · 3)x ≡ 109 · 79 (mod 163)

x ≡ 109 · 79 (mod 163).

Reducing 109 · 79 mod 163, we find that x = 135.

28
Chapter 4

Fermat’s and Euler’s Theorems

29
4.1. Fermat’s Little Theorem Chapter 4. Fermat’s and Euler’s Theorems

4.1 Fermat’s Little Theorem

Theorem 4.1.1. Let a, n ∈ N with (a, n) = 1. Then (aj , n) = 1 for all j ∈ N.
Proof. For the base case, let j = 2. By Theorem 1.3.11, (a, n) = 1 implies (a2 , n) = 1. Now
assume for all natural numbers j ≤ J, (aj , n) = 1. Then we have that (aJ , n) = 1 and
(a, n) = 1 so by Theorem 1.3.11 again, (aJ+1 , n) = 1. Therefore by induction, for all j ∈ N,
(aj , n) = 1.
Theorem 4.1.2. Let a, b, n ∈ Z with n > 0 and (a, n) = 1. If a ≡ b (mod n) then (b, n) = 1.
Proof omitted.
Theorem 4.1.3. Let a, n ∈ N. Then there exist i, j ∈ N, i 6= j, such that ai ≡ aj (mod n).
Proof. Suppose not. Take the first n powers of a, {a, a2 , . . . , an }. By Theorem 3.1.10 there
exists a unique ti for every 1 ≤ i ≤ n such that ti ∈ {0, 1, 2, . . . , n − 1} and ai ≡ ti (mod n).
Since we are supposing that all of the set {a, a2 , . . . , an } are pairwise incongruent, then
{t1 , t2 , . . . , tn } = {0, 1, . . . , n − 1}, i.e. there is exactly one ti for each ai in the c.c.r.s mod n.
Consider an+1 ; by Theorem 3.1.10, an+1 ≡ u (mod n) where u ∈ {0, 1, . . . , n − 1}. Therefore
there is some ai , 1 ≤ i ≤ n, such that an+1 ≡ u ≡ ai (mod n), a contradiction. Hence for
any a, n ∈ N, there exist distinct i, j ∈ N such that ai ≡ aj (mod n).
Theorem 4.1.4. Let a, n ∈ N with (a, n) = 1. There exists k ∈ N such that ak ≡ 1 (mod n).
Proof. Suppose a 6≡ 1 (mod n). Then by Theorem 3.1.10 there is a unique t ∈ {2, 3, . . . , n −
1} such that a ≡ t (mod n). And by Theorem 4.1.3 there exist distinct i, j ∈ N such that
ai ≡ aj (mod n). Assume without loss of generality that i > j. Then we have ai−j aj ≡ aj
(mod n) and by Theorem 4.1.1, (aj , n) = 1. So finally, by Theorem 1.3.12, ai−j ≡ 1 (mod n).
Letting k = i − j, we have a natural number such that ak ≡ 1 (mod n).
Definition. The smallest natural number k such that ak ≡ 1 (mod n) is called the order
of a modulo n, denoted ordn (a).
Theorem 4.1.5. Let a, n ∈ N with (a, n) = 1 and k = ordn (a). Then {a, a2 , . . . , ak } are
pairwise incongruent modulo n.
Proof. To contradict, suppose there are two powers i, j, with 1 ≤ j < i < k such that
ai ≡ aj (mod n). Then ai−j aj ≡ aj (mod n) and by Theorem 1.3.12, ai−j ≡ 1 (mod n).
But i − j < k, contradicting k being the smallest natural number such that ak ≡ 1 (mod n).
Hence by contradiction, if (a, n) = 1 and k = ordn (a) then {a, a2 , . . . , ak } are pairwise
incongruent mod n.
Theorem 4.1.6. Let a, n ∈ N with (a, n) = 1 and k = ordn (a). For any m ∈ N, am is
congruent to one of a, a2 , . . . , ak .
Proof omitted.
Theorem 4.1.7. Let a, n ∈ N with (a, n) = 1, k = ordn (a) and m any natural number.
Then am ≡ 1 (mod n) if and only if k | m.

30
4.1. Fermat’s Little Theorem Chapter 4. Fermat’s and Euler’s Theorems

Proof. Let am ≡ 1 (mod n). By the Division Algorithm, there exist q, r ∈ Z such that
m = qk + r, where 0 ≤ r < k. Then

am ≡ aqk+r
≡ aqk ar
≡ (ak )q ar
≡ 1q ar
≡ ar (mod n).

So ar ≡ 1 (mod n). But r < k and k is the smallest natural number such that ak ≡ 1
(mod n), so r = 0. Hence we have that k | m. The entire argument is reversible.

Theorem 4.1.8. Let p be prime and a ∈ Z with (a, p) = 1. Then {a, 2a, . . . , pa} is a
complete residue system modulo p.

Proof. Since p is prime, for all 1 ≤ i ≤ p − 1, (i, p) = 1. And by Theorem 1.3.11, (ia, p) = 1.
Consider ia and ja for i 6= j, 1 ≤ i, j ≤ p − 1. Since i 6≡ j (mod p), ia 6≡ ja (mod p) by
the contrapositive of Theorem 1.3.12. Thus {a, 2a, . . . , (p − 1)a, pa} are pairwise incongruent
mod p. So by Theorem 3.1.13, the set is a complete residue system.

Theorem 4.1.9. Let p be prime and (a, p) = 1. Then

a · 2a · · · (p − 1)a ≡ 1 · 2 · · · (p − 1) (mod p).

Proof. By Theorem 4.1.8, {a, 2a, . . . , (p − 1)a, pa} is a complete residue system mod p. Thus
{a, 2a, . . . , (p − 1)a, pa} ∼
= {1, 2, . . . , p − 1, 0} by congruence mod p. Since pa ≡ 0 (mod p),
for the remaining {a, 2a, . . . , (p − 1)a} we have that for each i, 1 ≤ i ≤ p − 1, there is some
j, 1 ≤ j ≤ p − 1, such that ia ≡ j (mod p). Thus by properties of congruence,

a · 2a · · · (p − 1)a ≡ 1 · 2 · · · (p − 1) (mod p).

Theorem 4.1.10 (Fermat’s Little Theorem I). If p is prime and a ∈ Z with (a, p) = 1, then
ap−1 ≡ 1 (mod p).

Proof. By Theorem 4.1.9, a · 2a · · · (p − 1)a ≡ 1 · 2 · · · (p − 1) (mod p). By commutativity,

a·2a · · · (p−1)a = 1·2 · · · (p−1)·ap−1 . And by Theorem 4.1.1, (ap−1 , p) = 1 so Theorem 1.3.12
gives us

1 · 2 · · · (p − 1) · ap−1 ≡ 1 · 2 · · · (p − 1) · 1 (mod p)
ap−1 ≡ 1 (mod p).

Theorem 4.1.11 (Fermat’s Little Theorem II). If p is prime and a is any integer, then
ap ≡ a (mod p).

31
4.1. Fermat’s Little Theorem Chapter 4. Fermat’s and Euler’s Theorems

Proof. Suppose (a, p) = 1. Then by FLT (I), ap−1 ≡ 1 (mod p) and left multiplication by a
gives us ap ≡ a (mod p). Now suppose p | a. Then a ≡ 0 (mod p) and ap ≡ 0 (mod p), so
ap ≡ a (mod p).

Theorem 4.1.12. Let p be prime and a ∈ Z. If (a, p) = 1 and k = ordp (a) then k | (p − 1).

Proof. By Fermat’s Little Theorem I (4.1.10), ap−1 ≡ 1 (mod p). And by Thm. 4.1.7,
k | (p − 1).
Primality Test: For large N , test primality by computing aN −1 mod N .

(1) If aN −1 ≡ 1 (mod N ) then N is probably prime, although there are exceptions

(2) If aN −1 6≡ 1 (mod N ) then N is definitely composite (this is the contrapositive of Fer-

mat’s Little Theorem I (4.1.10))

Example 4.1.13. N = 21048576 + 1

3N −1 6≡ 1 (mod N ) so N is composite. However there are no known prime factors of N .

1086453 − 1
Example 4.1.14. N = = 111 · · · 1}
9 | {z
86453 digits

It has been shown that aN −1 ≡ 1 (mod N ) for a = 2, 3, 5, 7, 11, 13, . . . so it is likely that
N is prime. However, this is not a proof.

Example 4.1.15. 2341 ≡ 2 (mod 341) but 341 = 11 · 31

341 is the smallest number such that 2N ≡ 2 (mod N ). But 3341 6≡ 3 (mod 341) so 341
can be shown composite anyway.

Example 4.1.16. For all a ∈ Z, a561 ≡ a (mod 561). But 561 = 3 · 11 · 17.

Conclusion: the converse of Fermat’s Little Theorem is false.

Theorem 4.1.17. Let m, n ∈ N with (m, n) = 1 and a any integer. If x ≡ a (mod m) and
x ≡ a (mod n) then x ≡ a (mod mn).

Proof. Let x ≡ a (mod m) and x ≡ a (mod n). Then m | (x − a) and n | (x − a). And since
(m, n) = 1, by Theorem 1.3.10, mn | (x − a). Hence x ≡ a (mod mn).

32
4.2. Euler’s and Wilson’s Theorems Chapter 4. Fermat’s and Euler’s Theorems

4.2 Euler’s and Wilson’s Theorems

Definition. For n ∈ N, the Euler φ-function, denoted φ(n), is equal to the number of
natural numbers less than or equal to n that are relatively prime to n.

Example 4.2.1.
n φ(n)
1 1
2 1
3 2
4 2
5 4
6 2
7 6
8 4
9 6
10 4
12 4
15 8
21 12
35 24

Theorem 4.2.2. Let a, b, n ∈ Z with n > 0. If a ≡ b (mod n) and (a, n) = 1 then (b, n) = 1.

Proof. Since a ≡ b (mod n), a = nk + b for some k ∈ Z. And since (a, n) = 1, by Theo-
rem 1.3.6 there exist x, y ∈ Z such that ax + ny = 1. Substituting for a, we get

1 = ax + ny
= (nk + b)x + ny
= nkx + bx + ny
= bx + n(kx + y).

So by Theorem 1.3.6 again, (b, n) = 1.

Theorem 4.2.3. Let n ∈ N and x1 , x2 , . . . , xφ(n) be the distinct natural numbers ≤ n such
that (xi , n) = 1. Let a be a nonzero integer with (a, n) = 1 and let i and j be distinct natural
numbers ≤ φ(n). Then axi 6≡ axj (mod n).

Proof. Suppose axi ≡ axj (mod n). Then since (a, n) = 1, by Theorem 4.1.1 xi ≡ xj
(mod n). Assume without loss of generality that xi > xj . Then xi − xj is a natural number
< n. But xi − xj ≡ 0 (mod n), so n | (xi − xj ), a contradiction. Therefore axi 6≡ axj
(mod n).

Theorem 4.2.4 (Euler). If a, n ∈ Z with n > 0 and (a, n) = 1, then aφ(n) ≡ 1 (mod n).

33
4.2. Euler’s and Wilson’s Theorems Chapter 4. Fermat’s and Euler’s Theorems

Proof. Let X = {x1 , x2 , . . . , xφ(n) } be the set of distinct natural numbers ≤ n such that for
all i, 1 ≤ i ≤ φ(n), (xi , n) = 1. Consider the quantity ax1 ·ax2 · · · axφ(n) . By Theorem 1.3.11,
for every i, 1 ≤ i ≤ φ(n), (axi , n) = 1. Thus for each i, there is some j, 1 ≤ j ≤ φ(n), such
that axi ≡ xj (mod n). And so we have (by commuting)

ax1 · ax2 · · · axφ(n) ≡ x1 · x2 · · · xφ(n) (mod n)

aφ(n) · (x1 · x2 · · · xφ(n) ) ≡ 1 · (x1 · x2 · · · xφ(n) ) (mod n)

which by Theorem 1.3.12 becomes aφ(n) ≡ 1 (mod n).

Note that if n is prime then φ(n) = n − 1. Thus Fermat’s Little Theorem (4.1.10) is a
special case of Euler’s Theorem for n prime.
Example 4.2.5. Compute 1249 mod 15.

φ(15) = 8
1249 ≡ 449 · 349 (mod 15)
449 ≡ 448 · 4
≡ (48 )6 · 4
≡ 16 · 4 by Euler’s Theorem (4.2.4)
≡ 4 (mod 15)
349 ≡ (37 )7
≡ (34 · 33 )7
≡ (81 · 33 )7 ≡ (6 · 33 )7
≡ (2 · 34 )7 ≡ (2 · 6)7 ≡ 127
≡ 37 · 47
≡ 12 · 47 by same steps above
≡ 3 · 48
≡ 3 · 1 by Euler’s Theorem (4.2.4)
≡ 3 (mod 15)

So 1249 ≡ 4 · 3 ≡ 12 (mod 15).

Example 4.2.6. Compute 139112 mod 27.

φ(27) = 18
139112 ≡ 4112
≡ 4108 · 44
≡ (418 )6 · 44
≡ 16 · 44 by Euler’s Theorem (4.2.4)
≡ 28 ≡ 25 · 23
≡ 32 · 8
≡ 5 · 8 ≡ 40 ≡ 13 (mod 27).

34
4.2. Euler’s and Wilson’s Theorems Chapter 4. Fermat’s and Euler’s Theorems

Euler’s Theorem has an important connection to abstract algebra in the proof of La-
grange’s Theorem. Let U (n) = {x1 , x2 , . . . , xφ(n) }. U (n) is closed under multiplication, has
association, an identity and inverses, so in fact U (n) is a group. Let H = {a, a2 , . . . , aordn (a) }.
It turns out that H is a subgroup of U (n), denoted H ≤ U (n). Lagrange’s Theorem says
that the order (size) of H divides the order of U (n). If we note that |H| = ordn (a) and
|U (n)| = φ(n), and recall that aφ(n) ≡ 1 (mod n) by Euler’s Theorem (4.2.4), then the result
follows from an application of Theorem 4.1.7.
Theorem 4.2.7. Let p be prime and a ∈ Z such that 1 ≤ a < p. Then there exists a unique
b ∈ N, 1 ≤ b < p, such that ab ≡ 1 (mod p).
Proof. Since a < p, (a, p) = 1. So by Fermat’s Little Theorem I (4.1.10), ap−1 ≡ 1 (mod p).
Let b = ap−2 . Then ab = ap−1 ≡ 1 (mod p). Now suppose c is another inverse of a modulo p.
Then ac ≡ 1 (mod p) so ab ≡ ac (mod p). And since (a, p) = 1, by Theorem 1.3.12, b ≡ c
(mod p). Hence the inverse of a mod p is unique.
Definition. Let p be prime and ab ≡ 1 (mod p). Then a and b are inverses modulo p.
Note that 1 and p − 1 are their own inverses mod p.
Theorem 4.2.8. Let p be prime and a, b be inverses mod p with 1 < a, b < p − 1. Then
a 6= b.
Proof. Let 1 ≤ a, b ≤ p − 1. Suppose ab ≡ 1 (mod p) and a = b. Then a2 ≡ 1 (mod p). So
p | (a2 − 1) which means either p | (a − 1) or p | (a + 1). This is equivalent to a ≡ 1 (mod p)
or a ≡ −1 (mod p), so a must be either 1 or p − 1.
Theorem 4.2.9. If p > 2 is prime then (p − 2)! ≡ 1 (mod p).
Proof. Let S = {2, 3, 4, . . . , p − 2}. By p > 2, |S| is even. And by Theorems 4.2.7 and 4.2.8,
for each a ∈ S there exists a unique b ∈ S such that ab ≡ 1 (mod p) and a 6= b. Then
(p − 2)! ≡ 2 · 3 · · · (p − 2)
≡ (2 · 2−1 ) · (3 · 3−1 ) · · · (p − 2)(p − 2)−1
≡ 1 · 1 · · · 1 ≡ 1 (mod p).

Theorem 4.2.10 (Wilson). If p is prime then (p − 1)! ≡ −1 (mod p).

Proof. If p = 2 then (p − 1)! = 1 which is certainly congruent to -1 mod 2. If p > 2 then by
Theorem 4.2.9, (p − 2)! ≡ 1 (mod p). Multiplying by p − 1, we get (p − 1)! ≡ p − 1 (mod p)
which reduces to (p − 1)! ≡ −1 (mod p).
Theorem 4.2.11 (Converse of Wilson’s Theorem). If n ∈ N such that (n − 1)! ≡ −1
(mod n) then n is prime.
Proof. Suppose (n − 1)! ≡ −1 (mod n). Let a be a prime divisor of n. Since a ≤ n − 1,
a is somewhere in the product (n − 1)! = 2 · 3 · · · a · · · (n − 1). Thus a | (n − 1)!. And by
hypothesis, n | (n − 1)! + 1 so by transitivity, a | (n − 1)! + 1. But this implies a | 1, so a
must be 1 and n has no prime divisors. Hence n is prime.

35
4.2. Euler’s and Wilson’s Theorems Chapter 4. Fermat’s and Euler’s Theorems

Question. For which primes p do the following hold?

2p−1 ≡ 1 (mod p2 )
(p − 1)! ≡ −1 (mod p2 )

The only known primes that satisfy these are p = 1093, 3511.

36
Chapter 5

Public Key Cryptography

Definition. Public key codes are codes where the encoding method is publicly known, but
the decryption method is unknown.

The most prominent example of a public key code is RSA encryption, which is based on
the idea that factoring large numbers is difficult.

Definition. RSA encryption is the public key encryption developed by Rivest, Shamir and
Adleman that consists of a large product of primes (also large), where the product is known
but the factorization is not.

The following theorems are the basis for the RSA encryption system.

Theorem 5.0.1. If p and q are distinct primes and W ∈ N with (W, pq) = 1, then

W (p−1)(q−1) ≡ 1 (mod pq).

Proof. Since p, q are prime, (W, p) = (W, q) = 1. Then Fermat’s Little Theorem I (4.1.10)
gives us

W p−1 ≡ 1 (mod p)
W q−1 ≡ 1 (mod q).

And if the W terms are raised to any integer power, this remains 1:

(W p−1 )q−1 ≡ 1 (mod p)

(W q−1 )p−1 ≡ 1 (mod q).

Finally, by Theorem 4.1.17, W (p−1)(q−1) ≡ 1 (mod pq).

Theorem 5.0.2. Let p, q be distinct primes and k, W ∈ N with W < pq. Then

W 1+k(p−1)(q−1) ≡ W (mod pq).

37
 Chapter 5. Public Key Cryptography

Proof. Suppose (W, pq) = 1. Then by Theorem 5.0.1, W (p−1)(q−1) ≡ 1 (mod pq), so (W (p−1)(q−1) )k ≡
1 (mod pq) and W 1+k(p−1)(q−1) ≡ W (mod pq). Now suppose without loss of generality that
p | W . Then W ≡ 0 (mod p) and W 1+k(p−1)(q−1) ≡ 0 (mod p), so W 1+k(p−1)(q−1) ≡ W
(mod p). Note that W and p are still relatively prime, so by Fermat’s Little Theorem I
(4.1.10),

W 1+k(p−1)(q−1) ≡ W · W k(p−1)(q−1)
≡ W · (W q−1 )k(p−1)
≡ W · 1 ≡ W (mod q).

Thus we have W 1+k(p−1)(q−1) ≡ W (mod p), W 1+k(p−1)(q−1) ≡ W (mod q) and (p, q) = 1, so

by Theorem 4.1.17, W 1+k(p−1)(q−1) ≡ W (mod pq).

Proposition 5.0.3. φ(ab) = φ(a)φ(b) if and only if (a, b) = 1.

Proof omitted. This provides a much simpler route to proving the previous two theorems
using Euler’s function.

Theorem 5.0.4. Let p, q be distinct primes and E ∈ N such that (E, (p − 1)(q − 1)) = 1.
Then there exists some D, y ∈ N such that ED = 1 + y(p − 1)(q − 1).

Proof. Since (E, (p − 1)(q − 1)) = 1, by Theorem 1.3.6 there exist natural numbers j, k
such that Ej + (p − 1)(q − 1)k = 1. Rearranging and letting D = j, y = −k, we have
ED = 1 + y(p − 1)(q − 1).

Theorem 5.0.5. Let p, q be distinct primes, W ∈ N with W < pq, and E, D, y ∈ N such
that ED = 1 + y(p − 1)(q − 1). Then W ED ≡ W (mod pq).

Proof. Since ED = 1 + y(p − 1)(q − 1) and W < pq, by Theorem 5.0.2, W ED ≡ W

(mod pq).
RSA Coding System:

(1) Choose two distinct primes p and q

(2) Compute (p − 1)(q − 1) which is equivalent to φ(pq)

(3) Choose natural numbers E and D such that (E, (p − 1)(q − 1)) = 1 and ED ≡ 1
(mod (p − 1)(q − 1)), which is possible by Theorem 5.0.4

(4) Let W be the natural number to be encrypted/decrypted, where W < pq. To encrypt,
raise W to the power E mod pq. W E is the encrypted message

(5) To decrypt, raise W E to the power D mod pq. By Theorem 5.0.5, W ED ≡ W (mod pq),
so we obtain the cleartext W .

Example 5.0.6.

(1) Let p = 11, q = 17, pq = 187

38
 Chapter 5. Public Key Cryptography

(2) (p − 1)(q − 1) = 160

(3) Choose E = 33. Compute D by finding the solution to 33D = 1 + 160y:

160 = 33(4) + 28 1 = 3 - 2(1) = 3 - (5 - 3(1))
33 = 28(1) + 5 = 3(2) - 5 = (28 - 5(5))(2) - 5
28 = 5(5) + 3 = 28(2) - 5(11) = 28(2) - (33 - 28(1))(11)
5 = 3(1) + 2 = 28(13) - 33(11) = (160 - 33(4))(13) - 33(11)
3 = 2(1) + 1 = 160(13) - 33(63)
Then D = 63

(4) Let W = 2 and encrypt:

W E = 233 ≡ 2 · 232 ≡ 2 · 416 ≡ 2 · 168 ≡ 2 · 2564

≡ 2 · 694 (after reducing mod 187)
≡ 2 · 34 · 234 ≡ 2 · 81 · 5292
≡ 162 · 5292 ≡ (−25)(−32)2 ≡ (−25)(1024)
≡ (−25)(98) ≡ −2225 ≡ 19 (mod 187)

(5) To decrypt, compute (W E )D = 1963 . . .

Example 5.0.7. n = 1537 = 29 · 53

So φ(n) = 28 · 52 = 1456. If E = 47, find a solution to 47D = 1 + 1456y:

1456 = 47(30) + 46 1 = 47 - 46
47 = 46(1) + 1 = 47 - (1456 - 47(30))
= 47(31) - 1456
so D = 31. Suppose the encrypted message is W E = 570.
Then (W E )D = 57031 ≡ W (mod 1537) by Theorem 5.0.5
Note that 570 = 2 · 3 · 5 · 19. Then

231 ≡ 2 · 230 ≡ 2 · (25 )2·3 ≡ 2 · 322·3 ≡ 2 · 10243 ≡ 2 · 1024 · 10242

≡ 2048 · 342 ≡ 511 · 342 ≡ 1081 (mod 1537)
3 ≡ 3 · 330 ≡ 3 · (35 )2·3 ≡ 2 · 2432·3 ≡ 3 · 6433 ≡ 3 · 502 ≡ 1506 (mod 1537)
31

531 ≡ 850 (mod 1537)

1931 ≡ 856 (mod 1537)
57031 ≡ 1081 · 1506 · 850 · 856
≡ 303 · 599 ≡ 131 (mod 1537)

So W = 131.

In 2009, a team factored a 768-bit number N = pq, effectively “cracking” 768-bit en-
cryption. They used the Number Field Sieve, a factoring algorithm with runtime dependent

39
 Chapter 5. Public Key Cryptography

on the size of N . Another factoring algorithm is the Elliptic Curve Factorization Method,
whose runtime depends only on the size of the 2nd largest prime factor of N .
RSA encryption is generally slower than other public key systems. Computer encryptions
generally utilize AES encryption, but the initial encryption key is encoded and sent with
RSA.

40
Chapter 6

Higher Order Congruence

In this chapter, we begin studying the general form of polynomial congruences, that is,
equations of the form f (x) ≡ 0 (mod n) for f (x) a polynomial with integer coefficients. We
saw an example in Theorem 5.0.5: manipulating the equation xQ − x ≡ 0 (mod n) is key to
wielding the RSA encryption system.

41
6.1. Finding Roots Chapter 6. Higher Order Congruence

6.1 Finding Roots

The following generalizes the Division Algorithm to polynomials with integer coefficients.
In algebraic language, the Division Algorithm makes the integers Z into what’s called a
Euclidean domain. It is not true that the set Z[x] of integer-coefficient polynomials is a
Euclidean domain. However, a Division Algorithm does hold for polynomials with leading
coefficient an = 1; such polynomials are said to be monic.
Theorem 6.1.1 (Polynomial Division Algorithm). Let f (x) and g(x) be nonzero monic
polynomials with integer coefficients such that g(x) 6= 0. Then there exist unique polynomials
q(x) and r(x) with integer coefficients such that deg r < deg g or r(x) = 0, and
f (x) = g(x)q(x) + r(x).
Proof. Similar to the proof of the ordinary Division Algorithm.
Definition. Let f (x) = an xn + an−1 xn−1 + . . . + a0 be a polynomial. A number c is a root
of f if f (c) = 0. For n ∈ Z, we say c is a root modulo n if f (c) ≡ 0 (mod n).
Theorem 6.1.2. Let f (x) be a polynomial of degree n > 0 with integer coefficients and
an 6= 0. Then an integer c is a root of f if and only if there exists a polynomial g(x) of
degree n − 1 with integer coefficients such that
f (x) = (x − c)g(x).
Proof. By Theorem 6.1.1, we may write
f (x) = (x − c)q(x) + r(x)
for integer-coefficient polynomials q(x) and r(x) with deg r < 1 or r(x) = 0. This means
r(x) = r ∈ Z is a constant. Evaluating both sides of the above equation at x = c yields
f (c) = (c − c)q(c) + r(c) = 0 + r = r.
So c is a root of f (x) ⇐⇒ f (c) = 0 ⇐⇒ r = 0 ⇐⇒ f (x) = (x − c)q(x). By degree
considerations, such a q(x) must have degree n − 1.
This has a similar statement for roots modulo a prime p.
Theorem 6.1.3. Let f (x) = an xn + an−1 xn−1 + . . . + a0 be a polynomial of degree n > 0
with integer coefficients, let c ∈ Z and fix a prime p. Then if f (c) ≡ 0 (mod p), there exists
a polynomial g(x) of degree n − 1 such that
f (x) ≡ (x − c)g(x) (mod p).
Proof. If f (c) ≡ 0 (mod p) then we can write
f (x) = f (x) − 0 ≡ f (x) − f (c) (mod p)
≡ an (xn − cn ) + an−1 (xn−1 − cn−1 ) + . . . + a1 (x − c) + a0 (1 − 1) (mod p)
≡ (x − c)[an (xn−1 + xn−2 c + . . . + xcn−2 + cn−1 ) + . . . + a1 ] (mod p).
Setting g(x) = an (xn−1 + . . . + cn−1 ) + . . . + a1 , we have f (x) ≡ (x − c)g(x) (mod p) as
desired.

42
6.1. Finding Roots Chapter 6. Higher Order Congruence

Theorem 6.1.4 (Lagrange). Let f (x) = an xn + . . . + a0 be a polynomial with integer coeffi-

cients, an 6= 0 and p a prime which doesn’t divide an . Then f (x) ≡ 0 (mod p) has at most
n distinct solutions mod p.

Proof. We induct on n = deg f . If deg f = 1, f (x) = a1 x + a2 is a linear polynomial which

has exactly one solution mod p by Theorem 3.2.4. Now assume deg f > 1. By Theorem 6.1.3,

f (x) ≡ (x − c)g(x) (mod p)

for some polynomial g(x) with integer coefficients with deg g = n − 1. Suppose a ∈ Z such
that f (a) ≡ 0 (mod p) and a 6≡ c (mod p). Then

(a − c)g(a) ≡ f (a) ≡ 0 (mod p)

but since p - (a − c) and p is prime, Theorem 1.3.9 implies p | g(a). That is, g(a) ≡ 0
(mod p). Now since deg g = n − 1, by the inductive hypothesis g(x) has at most n − 1 roots
mod p. Therefore there are only n − 1 choices for such roots a 6≡ c (mod p), and so there
are at most n roots of f (x) mod p.

Corollary 6.1.5. Let p be prime and k | (p−1). Then xk ≡ 1 (mod p) has exactly k distinct
roots mod p.

Proof. Write p − 1 = kq for q ∈ Z. Then

xp−1 − 1 = xkq − 1
= (xk − 1)(xk(q−1) + xk(q−2) + . . . + 1).

Set g(x) = xk(q−1) + xk(q−2) + . . . + 1. Then deg g = kq − k = p − 1 − k. By Fermat’s Little

Theorem I (4.1.10), there are exactly p − 1 solutions to xp−1 − 1 ≡ 0 (mod p), and each must
either be a solution of g(x) or xk − 1. However, by Theorem 6.1.4, g(x) has at most p − 1 − k
solutions mod p and xk − 1 has at most k, so to count up to p − 1 roots of xp−1 − 1, we must
have exactly p − 1 − k distinct roots of g(x) and exactly k distinct roots of xk − 1.
The following will be useful in Section 17.8.

Lemma 6.1.6. Let a, r ∈ Z such that a, r ≥ 2 and let q be prime. Then there exists a prime
p such that ordp (a) = q r .

Lemma 6.1.7. Let n be an integer with prime factorization n = pr11 · · · prss . Then for any
integer a > 1 there exist infinitely many squarefree integers m such that n | ordm (a). Fur-
thermore, there exists an integer b > 1 such that a 6≡ b (mod m) and n | ordm (b).

43
6.2. Primitive Roots Chapter 6. Higher Order Congruence

6.2 Primitive Roots

Recall that the order of a ∈ Z modulo n is the smallest natural number k such that ak ≡ 1
(mod n). Fermat’s Little Theorem (4.1.10) said that when p is prime, the order of any
integer a mod p divides p − 1.
Theorem 6.2.1. Suppose p is prime and a ∈ Z with ordp (a) = k. Then for all j ∈ N such
that (j, k) = 1, ordp (aj ) = k.
Proof. Let ` = ordp (aj ). On one hand,

(aj )k = ajk = akj = (ak )j ≡ 1j = 1 (mod p),

so by Theorem 4.1.7, ` | k. On the other hand, (j, k) = 1 implies jx + ky = 1 for some

x, y ∈ Z, by Theorem 1.3.6. Then

a` = (ajx+ky )` = ajx` aky` = ((aj )` )x (ak )y` ≡ 1x 1y` = 1 (mod p).

Therefore Theorem 4.1.7 implies k | ` and thus k = `.

Theorem 6.2.2. Let p be prime and k ∈ N. Then there are at most φ(k) integers which are
distinct mod p and have order k mod p.
Proof. By Fermat’s Little Theorem I (4.1.10), if xk ≡ 1 (mod p) has a solution at all, then
k | (p − 1). So for all those k not dividing p − 1, the theorem holds trivially. Suppose
k | (p − 1) and a ∈ Z such that ordp (a) = k. By Theorem 6.2.1, ordp (aj ) = k for each
1 ≤ j ≤ k satisfying (j, k) = 1. There are exactly φ(k) such integers j, but some of these
powers of a may not be distinct mod p, so there are at most φ(k) of them having order k.
Definition. Let p be a prime number. We call an integer g a primitive root modulo p if
ordp (g) = p − 1.
In general, Euler’s theorem (4.2.4) says that the order of a mod n must divide φ(n).
Seeing that φ(p) = p − 1 when p is prime, we can generalize the previous definition.
Definition. For any n ∈ N, we say a number g is a primitive root modulo n if ordn (g) =
φ(n).
Theorem 6.2.3. Let p be prime and g a primitive root modulo p. Then the set {0, g, g 2 , . . . , g p−1 }
is a complete residue system mod p.
Proof. By Theorem 3.1.13, it’s enough to show that no two elements of {0, g, g 2 , . . . , g p−1 }
are congruent mod p, but this follows directly from Theorem 4.1.5.
In algebraic terms, Theorem 6.2.3 says that a primitive root modulo p is a cyclic generator
of the group of units (Z/pZ)× . We next demonstrate that primitive roots exist modulo every
prime. First, we need:
Lemma 6.2.4. Let a, b ∈ Z with orders k = ordn (a) and ` = ordn (b) for some n ∈ N. If
(k, `) = 1, then ordn (ab) = k`.

44
6.2. Primitive Roots Chapter 6. Higher Order Congruence

Proof. Let r = ordn (ab). Then

(ab)k` = ak` bk` = (ak )` (b` )k ≡ 1` 1k = 1 (mod n)

which implies r | k`. On the other hand, observe that

brk = 1r brk ≡ (ak )r brk = (ab)rk ≡ 1k = 1 (mod p).

Thus ` | rk but since (k, `) = 1, so Theorem 1.3.9 gives ` | r. Repeating the argument with
a, we get k | r, so Theorem 1.3.10 implies k` | r. Hence r = k` as claimed.

Theorem 6.2.5. Let p be a prime. Then there exists a primitive root modulo p.

Proof. When p = 2, a = 1 is a primitive root mod 2 so we may assume p is odd. This allows
us to write p − 1 as a product of prime powers:

p − 1 = q1n1 · · · qknk .
ni ni −1
By Corollary 6.1.5, for each 1 ≤ i ≤ k, xqi −1 has exactly qini roots and xqi −1 has exactly
qini −1 roots, so it follows that there are qini − qini −1 = qini −1 (qi − 1) distinct elements mod p
ni ni −1
satisfying aqi ≡ 1 (mod p) and aqi 6≡ 1 (mod p). Thus, each of these a has ordp (a) = qini .
For each 1 ≤ i ≤ k, choose such an ai having order qini . Set a = a1 · · · ak . Then since the
primes qi are pairwise relatively prime, induction with Lemma 6.2.4 shows that

ordp (a) = ordp (a1 · · · ak ) = ordp (a1 ) · · · ordp (ak ) = q1n1 · · · qknk = p − 1.

Thus a is a primitive root modulo p.

Theorem 6.2.6. For a prime p, there are precisely φ(p − 1) primitive roots modulo p.

Proof. We showed in Theorem 6.2.5 that primitive roots exist so now it remains to count
them. Let g be a primitive root mod p. By Theorem 6.2.3, {0, g, g 2 , . . . , g p−1 } is a complete
p−1
residue system mod p. Moreover, it follows from Theorem 4.1.7 that ordp (g j ) = (j,p−1) , so
j
for 1 ≤ j ≤ p − 1, g is a primitive root mod p precisely when (j, p − 1) = 1. By definition
of the φ-function, there are exactly φ(p − 1) such exponents j.

Corollary 6.2.7. For any number n, if there exists a primitive root modulo n then there are
precisely φ(φ(n)) primitive roots modulo n.

Example 6.2.8. For n = 8, the set {1, 3, 5, 7} is a complete residue system mod 8. Notice
that for each a ∈ {1, 3, 5, 7}, a2 ≡ 1 (mod 8) so the order of any element in a complete
residue system mod 8 is at most 2. Therefore none can have order φ(8) = 4, so no primitive
roots mod 8 exist.

Lemma 6.2.9. Let n be odd. Then there exists a primitive root modulo n if and only if there
exists a primitive root modulo 2n.

45
6.2. Primitive Roots Chapter 6. Higher Order Congruence

Proof. Since n is odd, φ(2n) = φ(n). The proof breaks into even and odd cases. If g is odd,
g k ≡ 1 (mod 2) holds trivially for all k ≥ 1, so by the Chinese Remainder Theorem (3.2.10),
g k ≡ 1 (mod 2n) if and only if g k ≡ 1 (mod n). In particular, g is a primitive root mod 2n
exactly when g is a primitive root mod n.
On the other hand, note that ak ≡ 1 (mod 2n) is only possible if a is odd. So a primitive
root mod 2n determines a primitive root mod n, but a primitive root mod n may be even.
If a is a primitive root mod n and odd, a is also a primitive root mod 2n, while if a is even,
a + n is a primitive root mod 2n.
Lemma 6.2.10. Suppose p | n for an odd prime p. Then if a primitive root modulo n exists,
either n = pk or n = 2pk for some k ≥ 1.
Proof. Write n = pk m for k ≥ 1 and m ∈ Z such that p - m. Assume m ≥ 3. By Euler’s
Theorem (4.2.4), for any a ∈ Z such that (a, n) = 1 we have
φ(n) φ(pk ) φ(pk )
a 2 ≡ (aφ(m) ) 2 ≡1 2 =1 (mod m)
φ(n) k φ(m) φ(m)
and a 2 ≡ (aφ(p ) ) 2 ≡1 2 =1 (mod pk ).
φ(n)
So by the Chinese Remainder Theorem (3.2.10), a 2 ≡ 1 (mod n). This shows that ordn (a)
divides φ(n)
2
, so in particular a cannot have order φ(n). Therefore if a primitive root mod n
exists, m is at most 2.
Lemma 6.2.11. For k ≥ 3, there are no primitive roots modulo 2k .
Proof. For k = 3, this was shown in Example 6.2.8. We claim that for all k ≥ 3 and odd a,
k−2
a2 ≡1 (mod 2k ).

We will show this by induction. Again, the k = 3 case follows from Example 6.2.8. Now
k−2
assuming the statement holds for k, write a2 = 1 + 2k x for some x ∈ Z. Then
k−1 k−2
a2 = (a2 )2 = (1 + 2k x)2 = 1 + 2k+1 x + 22k x2 ≡ 1 (mod 2k+1 ).

Thus the claim holds, but 2k−2 is always less than φ(2k ) = 2k−1 when k ≥ 3, so no primitive
roots mod 2k can exist.
Lemma 6.2.12. Let p > 2 be prime and k ≥ 1. Then there exist a primitive root modulo
pk .
Proof. By Theorem 6.2.5, there exists a primitive root mod p; call it g. First suppose
k
g p−1 6≡ 1 (mod p2 ). We claim that g φ(p ) 6≡ 1 (mod pk+1 ) for all k ≥ 1. By Euler’s Theorem
k
(4.2.4), write g φ(p ) = 1 + pk x where by induction we may assume p - x. Then
k+1 ) k )p
g φ(p = g φ(p = (1 + pk x)p ≡ 1 + pk+1 x 6≡ 1 (mod pk+2 ).

Thus by induction the claim holds for all k ≥ 1.

Next, we inductively prove that ordpk (g) = φ(pk ). Set ` = ordpk+1 (g) so that g ` ≡ 1
(mod pk ) and therefore by induction, φ(pk ) | `. On the other hand, ` divides φ(pk+1 ) = φ(pk )p

46
6.2. Primitive Roots Chapter 6. Higher Order Congruence

so either ` = φ(pk+1 ) or ` = φ(pk ). However, the previous paragraph shows that ` = φ(pk )
is impossible, so we must have ` = ordpk+1 (g) = φ(pk+1 ). Hence g is a primitive root mod
pk+1 .
Now suppose g p−1 ≡ 1 (mod p2 ). Notice that in this case, g + p is a primitive root mod
p and satisfies

(g + p)p−1 ≡ g p−1 + (p − 1)g p−2 p ≡ 1 − g p−2 p (mod p2 ).

But p does not divide g, so 1−g p−2 g 6≡ p (mod p2 ). Therefore the argument in the proceding
paragraph can be repeated to show g + p is a primitive root mod pk for all k ≥ 1.
These lemmas imply the following characterization of numbers n for which there exist
primitive roots modulo n. Combined with Corollary 6.2.7, this fully describes primitive
roots.

Theorem 6.2.13. Let n ≥ 2. Then there exists a primitive root modulo n if and only if n
has one of the following forms:

(i) n = pk for p an odd prime and k ∈ N.

(ii) n = 2pk for p an odd prime and k ∈ N.

(iii) n = 2k for k = 1, 2.

Artin’s Conjecture. Suppose a 6= −1 is an integer which is not a perfect square. Then

there are infinitely many primes p for which a is a primitive root modulo p.

Surprisingly, Artin’s Conjecture is not known to hold for a single integer a, but it is known
that there are at most two primes for which the conjecture does not hold. For example, at
least one of 3, 5 or 7 is a primitive root modulo every other prime, but it is currently unknown
for which the statement holds.

47
6.3. Power Residues Chapter 6. Higher Order Congruence

6.3 Power Residues

Definition. Let a, m ∈ Z such that (a, m) = 1. If xn ≡ a (mod m) has a solution, we call
a an nth power residue modulo m.

Example 6.3.1. Square residues, i.e. solutions to x2 ≡ a (mod m), are called quadratic
residues. These will be fully characterized by Gauss’s beautiful quadratic reciprocity laws in
the next chapter.

Example 6.3.2. When b = 1, solutions to xn ≡ 1 (mod m) are generated by primitive

roots mod m, which are in turn described by Theorem 6.2.13 and Corollary 6.2.7.

Let g be a primitive root modulo m. By Theorem 6.2.3, {0, g, g 2 , . . . , g φ(m) } is a com-

plete residue system mod m and thus g i ≡ g j (mod m) if and only if i ≡ j (mod φ(m)).
This allows us to switch back and forth between multiplicative and additive congruences,
just as the transcendental functions ex and log x switch between multiplicative and additive
expressions in real numbers.

Discrete Logarithm Problem. Let a, x, m ∈ Z, (a, m) = (b, m) = 1 and suppose xn ≡ a

(mod m) for some n ∈ N. Find n.

In general, the discrete logarithm problem is very difficult to solve, and especially difficult
to solve quickly. It is an open problem in computer science to find a fast algorithm for solving
the discrete logarithm problem mod m. However, when m = p is prime, the problem becomes
simpler.

Example 6.3.3. Let p be prime. Then by Theorem 6.2.5 there exist a primitive root mod
p, say g, and {0, g, g 2 , . . . , g p−1 } is a complete residue system mod p. Thus any x ∈ Z can be
written x ≡ g k (mod p) for some k ≥ 1 and any power xn can be written xn ≡ (g k )n = g kn
(mod p). Similarly, a ∈ Z can be written a ≡ g b (mod p) for some b ≥ 1. Therefore the
discrete logarithm problem mod p is of the form

g kn ≡ g b (mod p).

But as we observe, this is equivalent to the linear congruence

kn ≡ b (mod p − 1)

which has solutions given by Theorem 3.2.4.

Theorem 6.3.4. Suppose p is prime and (a, p) = 1. Then xn ≡ a (mod p) has (n, p − 1)
solutions if
p−1
a (n,p−1) ≡ 1 (mod p)
and no solutions otherwise.

48
6.3. Power Residues Chapter 6. Higher Order Congruence

Example 6.3.5. Consider the discrete logarithm problem x5 ≡ 6 (mod 101). Since p = 101
is prime, Theorem 6.3.4 applies so we should first see if
100
6 5 = 620 ≡ 1 (mod 101).

Note that

620 ≡ 220 320 ≡ (210 )2 (35 )4

≡ 10242 2434
≡ 142 414
≡ 22 72 (1681)2
≡ 4 · 49 · 652
≡ 4 · 49 · 52 · 132
≡ (4 · 25) · 49 · 169
≡ 100 · 49 · 68
≡ −49 · 4 · 17
≡ −196 · 17
≡ 6 · 17 ≡ 102 ≡ 1 (mod 101).

Therefore Theorem 6.3.4 says that x5 ≡ 6 (mod 101) has 5 solutions. One can work out
that the five solutions are:

x ≡ 22, 30, 70, 85, 96 (mod 101).

Theorem 6.3.6. Suppose m = 2, 4, pk or 2pk for p an odd prime and k ≥ 1. Then for a ∈ Z
with (a, m) = 1, the equation xn ≡ a (mod m) has (n, φ(m)) solutions if
φ(m)
a (n,φ(m)) ≡ 1 (mod m)

and no solutions otherwise.

49
Chapter 7

Reciprocity

50
7.1. Quadratic Residues Chapter 7. Reciprocity

7.1 Quadratic Residues

Recall: ax ≡ b (mod n) has a solution if and only if (a, n) | b. We now seek information
about quadratic congruences, namely x2 ≡ a (mod n).

Definition. For integer a and prime p, a is called a quadratic residue modulo p if a ≡ b2

(mod p) for some integer b.

Definition. If a 6≡ b2 (mod n) for any b ∈ Z, then a is called a quadratic non-residue

modulo p.

Theorem 7.1.1. For an odd prime p, half of the numbers not congruent to 0 (mod p) in
any complete residue system are quadratic residues mod p and half are not.

Proof. Let A = {a1 , a2 , . . . , ap } be a complete residue system mod p with 0 ≡ a1 < a2 <
· · · ap ≡ p − 1 (mod p). By Theorem 3.1.10, A ∼ = C = {0, 1, . . . , p − 1}. Observe that

12 ≡ (p − 1)2 ≡ 1 (mod p)
22 ≡ (p − 2)2 ≡ 4 (mod p)
etc.

In fact, (p − j)2 = p2 − 2pj + j 2 ≡ j 2 (mod p). So for all j, 1 ≤ j ≤ p − 1, j 2 ≡ (p − j)2

(mod p). Thus there are only p−1 2
quadratic residues in {1, 2, . . . , p − 1}. So the other p−1
2
elements must be non-residues. And since A ∼ = C, this ratio holds for any complete residue
system mod p.
p−1
Theorem 7.1.2. If p is an odd prime, p - a and a is a quadratic residue mod p, then a 2 ≡1
(mod p).
p−1
Proof. Let b ∈ Z such that a ≡ b2 (mod p). By Fermat’s Little Theorem I (4.1.10), (b2 ) 2 ≡
p−1
bp−1 ≡ 1 (mod p). So a 2 ≡ 1 (mod p).

Theorem 7.1.3. If p is an odd prime, p - a and a is a quadratic non-residue mod p, then

p−1
a 2 ≡ −1 (mod p).

Proof. For each i ∈ {1, . . . , p − 1}, let i−1 denote its inverse mod p. In other words, for
each i, ii−1 ≡ 1 (mod p). So i(i−1 a) ≡ a (mod p). But since a is a quadratic non-residue,
i 6= i−1 a. Thus (p − 1)! = 1 · 2 · · · p − 1, which, as we have shown, divides up into pairs
p−1
i(i−1 a), each of which is congruent to a (mod p). And there are p−12
pairs, so (p − 1)! ≡ a 2
(mod p). Finally, by Wilson’s Theorem (4.2.10),
p−1
−1 ≡ (p − 1)! ≡ a 2 (mod p).

Corollary 7.1.4. If p is an odd prime, a ∈ Z and p - a, then x2 ≡ a (mod p) has exactly

p−1 p−1
two solutions if a 2 ≡ 1 (mod p) and no solutions if a 2 ≡ −1 (mod p).

51
7.1. Quadratic Residues Chapter 7. Reciprocity

Proof. This follows immediately from Theorem 6.3.4.

Idea: By Fermat’s Little Theorem I (4.1.10), ap−1 ≡ 1 (mod p). So ap−1 − 1 ≡ 0 (mod p), or
p−1 p−1 p−1 p−1
(a 2 −1)(a 2 +1) ≡ 0 (mod p). Either a 2 ≡ 1 or a 2 ≡ −1 (mod p), which corresponds
to whether a is a quadratic residue or not, as given by the previous two theorems.
 
Definition. For an odd prime p and a ∈ N with p - a, the Legendre symbol ap is defined
in the following way:
  (
a 1 if a is a quadratic residue mod p
=
p −1 if a is a quadratic non-residue mod p.
Theorem 7.1.5. Let p be an odd prime and a, b ∈ Z with (a, p) = (b, p) = 1. Then
 2
a
(1) =1
p
 
a p−1
(2) ≡ a 2 (mod p) (Euler’s Criterion)
p
   
a b
(3) If a ≡ b (mod p) then =
p p
    
ab a b
(4) =
p p p
Proof. (1) Since integers are 
closed,
 let
 j = a2 (by Theorem 1.3.11, (j, p) = 1). Then j is a

2
quadratic residue mod p. So ap = pj = 1.
  p−1
(2) By Thms. 7.1.2 and 7.1.3, if a is a quadratic residue mod p then ap = 1 ≡ a 2
  p−1
(mod p). And if a is a quadratic non-residue, ap = −1 ≡ a 2 (mod p).

k 2 (mod p). Then b ≡ a ≡ k 2 (mod p)

 a ≡ 
(3) Suppose a is a quadratic residue mod p,with
so b is also a quadratic residue and thus ap = pb = 1. Now suppose a is a quadratic
p−1 p−1
non-residue
  p−1
mod p. Then by Theorem 7.1.3,  a 2 ≡  b 2 ≡ −1 (mod p). And by (2),
b
p
≡ b 2 ≡ −1 (mod p). So in all cases, ap = pb .
   
(4) If ap = pb = 1, then there are integers j, k such that a ≡ j 2 and b ≡ k 2 (mod p),
    
so ab ≡ (jk)2 (mod p). Thus ab p
= 1 = a
p
b
p
. Next, without loss of generality say
   
a
p
= 1 and pb = −1. Then ab ≡ j 2 b (mod p), but there is no k such that b ≡ k 2
        
(mod p). So ab p
= −1 = a
p
b
p
. Lastly, if a
p
= pb = −1 then
p−1 p−1 p−1
(ab) 2 ≡ a 2 b 2 ≡ (−1)(−1) ≡ 1 (mod p).
    
So by (2), p = 1 = ap
ab b
p
.

52
7.1. Quadratic Residues Chapter 7. Reciprocity

Corollary 7.1.6. Suppose p is an odd prime and a, b ∈ Z with (a, p) = (b, p) = 1. Then
if both a and b are quadratic residues or both non-residues, then ab is a quadratic residue.
Otherwise, ab is a quadratic non-residue.

Proof omitted.

Theorem 7.1.7. Suppose p is an odd prime. Then

  (
−1 1 if p ≡ 1 (mod 4)
=
p −1 if p ≡ 3 (mod 4).
p−1 4k
Proof. Suppose p = 4k + 1. Consider
 (−1) 2 ≡ (−1) 2 ≡ (−1)2k ≡ 1k ≡ 1 (mod p). So
p−1 4k+2
by Theorem 7.1.5 part 2, −1p
= 1. Now suppose p = 4k + 3. Then (−1) 2 ≡ (−1) 2 ≡
 
(−1)2k+1
≡ −1 (mod p). So by Theorem 7.1.5 part 2, −1p
= −1.

The Legendre symbol can be stated in algebraic terms. Let G = (Zp , ·) and let H
be the set of quadratic residues
  modulo p. Then H is a subgroup of G. Define the map
χ : G → {1, −1} by χ(a) = ap Then χ is a group homomorphism with ker(χ) = H.

Theorem 7.1.8. Let p be an odd prime, a ∈ Z with p - a and r1 , . . . , r p−1 be the represen-
2
tatives of a, 2a, . . . , p−1
2
a in the complete residue system
 
p−1 p−1
− , . . . , −1, 0, 1, . . . , .
2 2

Then r1 r2 · · · r p−1 ≡ (−1)g p−1

2
! (mod p), where g is the number ri which are negative.
2

Proof. For each ia, let ri ∈ − p−1 , p−1

 
2 2
such that ia ≡ ri (mod p). Suppose for i 6= j,
ri ≡ rj (mod p) (without loss of generality assume i > j). Then

ia ≡ ja
ia − ja ≡ 0 (mod p)

and since (a, p) = 1, i − j ≡ 0 which is a contradiction since i 6= j and n they are in the same
o
p−1
residue system. Thus for all 1 ≤ i < j ≤ 2 , ri 6≡ rj (mod p). So |r1 |, |r2 |, . . . , |r | =
p−1
2

1, 2, . . . , p−1

2
up to order of elements. Let g = the number of negative r i . Then we have
g p−1


that r1 r2 · · · r p−1 ≡ (−1) 2
! (mod p).
2

53
7.2. Quadratic Reciprocity Chapter 7. Reciprocity

7.2 Quadratic Reciprocity

Lemma 7.2.1 (Gauss’s Lemma I). Let p be an odd prime, a ∈ Z with p - a, and g
p−1
be the number of negative representatives   ri of a, . . . , 2 a in the complete residue system
 p−1 a
− 2 , . . . , −1, 0, 1, . . . , p−1 = (−1)g .

2
. Then
p
Proof. By Theorem 7.1.8, r1 r2 · · · r p−1 ≡ (−1)g p−1


2
! (mod p). And by construction, we
p−1

2
have r1 r2 · · · r p−1 ≡ a · 2a · · · 2 a (mod p). So grouping terms, one obtains
2

   
p−1 p−1 g p−1
a 2 ! ≡ (−1) ! (mod p).
2 2
p−1
And since none of 1, 2, . . . , p−1
2
are congruent
  to p, Theorem 1.3.12 says that a 2 ≡ (−1)g
(mod p). Thus by Euler’s Criterion, ap ≡ (−1)g (mod p).

Theorem 7.2.2. Let p be an odd prime. Then

  (
2 1 if p ≡ 1 or 7 (mod 8)
=
p −1 if p ≡ 3 or 5 (mod 8).

Proof. First suppose p = 8k + 1 for some k ∈ Z, so p−1 2

= 4k. Then g is the number of
negative r values for {2, 4, . . . , 4k · 2}. Note that {2, 4, . . . , 4k} have positive r values since
4k = p−1
2
. And since {2, 4, . . . , 4k·2} are incongruent, the other elements {2(2k+1, . . . , 2·4k}
have negative r values.
  There are 2k of these latter elements, so g = 2k. Thus by Gauss’s
Lemma I (7.2.1), p2 = (−1)2k = 1.

Now suppose p = 8k + 7 and p−12

= 4k + 3. Consider {2, 4, . . . , 2(4k + 3)}. Then {2, 4, . . . , 2 ·
(2k + 1)} have positive r values and the remaining {2 · (2k + 2), . . . , 2 · (4k + 3)} have neg-
ative
  r’s, of which there are 2k + 2. So g = 2k + 2. Then by Gauss’s Lemma I (7.2.1),
2
p
= (−1)2k+2 = 1.

Next suppose p = 8k + 3 and p−1 2

= 4k + 1. Consider {2, 4, . . . , 2 · (4k + 1)}. Then
{2, 4, . . . , 2(2k)} have positive r’s and {2 · 2k + 1), . . . , 2 · (4k + 1)} have
  negative r’s, of which
there are 2k + 1. So g = 2k + 1 and by Gauss’s Lemma I (7.2.1), p2 = (−1)2k+1 = −1.

Lastly, suppose p = 8k + 5 and p−1 2

= 4k + 2. Consider {2, 4, . . . , 2 · (4k + 2)}. Then
{2, 4, . . . , 2·(2k +1)} have positive r’s and {2·(2k +2), . . . , 2·(4k +2)}have
 negative r’s, and
2
thre are 2k+1 of them. So g = 2k+1 and by Gauss’s Lemma I (7.2.1), p = (−1)2k+1 = −1.
Hence   (
2 1 if p ≡ 1 or 7 (mod 8)
=
p −1 if p ≡ 3 or 5 (mod 8).

54
7.2. Quadratic Reciprocity Chapter 7. Reciprocity

Theorem 7.2.3. Suppose p is an odd prime, a ∈ Z, (a, p) = 1, k ∈ Z with 1 ≤ k ≤j p−1 2 k

,
and let rk ∈ − 2 , . . . , p−1
 p−1
with ka ≡ rk (mod p). Then rk is positive if and only if 2ka

2 p
is even.

Proof. First suppose rk is positive. Then ka = pn + rk for some integer n. So 2ka

p
= 2n + 2rpk .
j k j k
And since rk ≤ p−12
, 2rk < p so 2rpk < 1. Thus 2ka p
= 2n + 2rpk = 2n, which is even.
j k j k
Now suppose rk is negative. By above reasoning, 2rpk > −1, so 2kap
= 2n + 2rk
p
= 2n − 1,
j k
which is odd. Hence rk > 0 if and only if 2kap
is even.

Lemma 7.2.4 (Gauss’s Lemma II). Suppose that p is an odd prime, a ∈ Z and (a, p) = 1.
p−1
  2  
a S
X 2ka
Then = (−1) , where S = .
p k=1
p
p−1 p−1
2   2
2ka j k
(−1)b c . By Theorem 7.2.3,
X Y 2ka
2ka
Proof. Let S = . Then (−1)S = p
p
is
k=1
p k=1
even if and only if rk is positive. So for each positive rk , (−1)b p c = 1. Thus (−1)S =
2ka

(−1)b p c = (−1)g , where g is the number of negative r’s. Hence by Gauss’s Lemma
Y 2ka

k:rk even
 
S g a
I (7.2.1), (−1) = (−1) = p
.
 
3
Example 7.2.5. Find a formula for .
p
By Gauss’s Lemma II (7.2.4),
P p−1
 
3
= (−1) k=1 b p c .
2 6k

p
Since 1 ≤ k ≤ p−1 2
, 6 ≤ 6k < 3p. Suppose p ≡ 1 (mod 12) =⇒ p = 12j + 1. Then
 
6k
= 1 when p ≤ 6k < 2p
p
p p
≤k<
6 3
12j + 1 12j + 1
≤k<
6 3
12j + 1 12j + 1 + 5 12j + 1 − 1 12j + 1
< ≤k≤ < .
6 6 3 3
j k
12j+1−1 12j+1+5
So g = 3
− = 4j − (2j + 1) + 1 = 2j, which is even. And if 6k = 0, 2, it is
  6 p
3
even. Hence = 1 if p ≡ 1 (mod 12) (this is a partial solution; a full solution is given
p
in Section 7.3).

55
7.2. Quadratic Reciprocity Chapter 7. Reciprocity

Lemma 7.2.6 (Gauss’s Lemma III). Suppose a ∈ Z, (a, p) = 1 and a is odd. Then
P p−1
 
a
= (−1) k=1 b p c .
2 ka

p
 
Proof. By Theorem 7.1.5, ap is multiplicative, so
       a+p 
a a+p 2 2
= =
p p p p

since a + p is even. By Gauss’s Lemma II (7.2.4),

( a+p
$ %
 a+p  P p−1
2
2k 2 )
k=1 p
2
= (−1)
p
P p−1
= (−1)
2
k=1 b ka+kp
p c
P p−1
= (−1)
2
k=1 b kap + kpp c
P p−1
= (−1)
2
k=1 b kap c+k
P p−1 P p−1
= (−1)
2
k=1 b kap c (−1) 2
k=1 k

p−1
P p−1
2
b kap c (−1) ( 2 )( p−1
2 +1)
= (−1) k=1 2

P p−1 2
= (−1)
2
k=1 b kap c (−1) p 8−1 .

p−1
2
P jkk
Take a = 1. Then 1 ≤ k < p implies p
< 1. So
k=1

P p−1
   
a 2 p2 −1
(−1) k=1 b p c
2 k
1= = (−1) 8
p p
 
2 p2 −1
1= (−1) 8 .
p
P p−1
 
a
= (−1) k=1 b p c .
2 ka
Hence
p
Definition. A lattice point is a point (x, y) ∈ R2 with x, y ∈ Z.
p−1
Theorem 7.2.7. Let p, q be distinct odd primes and 1 ≤ j ≤ 2
. Then jthe knumber of
q
lattice points (j, y) that lie above the x-axis and below the line y = px equals jqp .
j k
jq jq
Proof. Substituting j = x, we have a line y = p
and p
simply represents the number of
jq
positive integers less than p
. Hence this is the number of lattice points.

56
7.2. Quadratic Reciprocity Chapter 7. Reciprocity

q−1
Theorem 7.2.8. Let p, q be distinct odd primes and 1 ≤ k ≤ 2
. Then the
j number
k of
lattice points (x, k) that lie to the right of the y-axis and left of y = pq x equals kp
q
.

Proof. Switching the order of x and y and following the previous proof gives the desired
result.
p−1 q−1
2   2     
X jq X kp p−1 q−1
Theorem 7.2.9. + = .
j=1
p k=1
q 2 2

Proof. Consider the lattice points in the rectangle

 
p−1 q−1
(x, y) : 1 ≤ x ≤ ,1 ≤ y ≤ .
2 2

There are p−1 choices for x and q−1 choices for y, so there are p−1

q−1

2 2 2 2
total lattice points
q
in the rectangle. And if we draw the line y = p x through the rectangle, we can count the
total number of lattice points on either side of the line by the previous two theorems:
p−1 q−1
2   2     
X jq X kp p−1 q−1
+ = .
j=1
p k=1
q 2 2

Theorem 7.2.10 (Law of Quadratic Reciprocity I). If p and q are distinct primes, then
  
p q p−1 q−1
= (−1) 2 · 2 .
q p

Proof. By Gauss’s Lemma III (7.2.6),

P q−1 P p−1
  
p q
= (−1) k=1 b q c (−1) j=1 b p c
2 kp 2 jq

q p
P p−1 P q−1
= (−1)
2
j=1 b jqp c + 2
k=1 b kpq c

p−1 q−1
· 2
which by Theorem 7.2.9 is (−1) 2 .

Theorem 7.2.11 (Law of Quadratic Reciprocity II). If p and q are distinct primes, then
 
q
    if p ≡ 1 (mod 4) or q ≡ 1 (mod 4)
p 
p 
=
q q
− if p ≡ q ≡ 3 (mod 4).


p

57
7.2. Quadratic Reciprocity Chapter 7. Reciprocity

Proof. Suppose p ≡ 1 (mod 4), or p = 4k + 1, and note that no generality is lost (case is
the same for q ≡ 1 (mod 4)). By Quadratic Reciprocity I (7.2.10),
  
p q p−1 q−1 4k q−1
= (−1) 2 · 2 = (−1) 2 · 2
q p
q−1
= (−1)2· 2
= 1 since q − 1 is even.
   
So pq = pq . Now suppose p ≡ q ≡ 3 (mod 4), or p = 4k + 3, q = 4l + 3. By Quadratic
Reciprocity I (7.2.10),
  
p q p−1 q−1 4k+2 4l+2
= (−1) 2 · 2 = (−1) 2 · 2 = (−1)(2k+1)(2l+1)
q p
= (−1)4kl+2k+2l+1
= −1 since 4kl + 2k + 2l + 1 is odd.
   
So q = − pq .
p

58
7.3. Applications of Quadratic Reciprocity Chapter 7. Reciprocity

7.3 Applications of Quadratic Reciprocity

 
a
Some useful theorems for computing p
:

ˆ Quadratic Reciprocity II (7.2.11):

 
q
    if p ≡ 1 (mod 4) or q ≡ 1 (mod 4)
p 
p 
=
q q
− if p ≡ q ≡ 3 (mod 4)


p

ˆ Theorem 7.1.5 (properties of Legendre symbols):

   
(a) If a ≡ b (mod p) then ap = pb
    
(b) ab p
= ap b
p
 2
(c) ap = 1

ˆ Theorems 7.1.7 and 7.2.2:

  (
−1 1 if p ≡ 1 (mod 4)
=
p −1 if p ≡ 3 (mod 4)
  (
2 1 if p ≡ 1 or 7 (mod 8)
=
p −1 if p ≡ 3 or 5 (mod 8)

Euler’s Criterion can be used for finding interesting congruences:

 
ˆ Compute ap
p−1 p−1
ˆ Then a ≡ 1 (mod p) or a
2 2 ≡ −1 (mod p)
Example 7.3.1. Compute 103


163
.
103 163



By Quadratic Reciprocity II (7.2.11),
163 = − 103
since 163 ≡ 103 ≡ 3 (mod 4). And
163 60


since 163 ≡ 60 (mod 103), 103 = 103 . Since Legendre symbols are multiplicative,
       
60 4 15 3 5
= =1· .
103 103 103 103 103
3
=
− 103 103 1





And since 103 ≡ 3 (mod 4), 103 3
which reduces to mod 3 to − 3
= − 3
=
5 103 103 3




−1. And since 5 ≡ 1 (mod 4),
1035
= 25
which reduces mod 5 to 2
5 = 5 . And
3
again since 5 ≡ 1 (mod 4), 5 = 3 = 3 . Then by Theorem 7.1.7, 3 = −1. Putting
this together, we have
        
103 163 60 3 5
=− =− = −1 · = (−1)(−1)(−1) = −1.
163 103 103 103 103

59
7.3. Applications of Quadratic Reciprocity Chapter 7. Reciprocity

Theorem 7.3.2.   (
3 1 if p ≡ 1 or 11 (mod 12)
=
p −1 if p ≡ 5 or 7 (mod 12).

Proof. Suppose
  p= 12k + 1. Then clearly p ≡ 1 (mod 4) so by Quadratic Reciprocity II
(7.2.11), p3 = 3 , and since 12k + 1 ≡ 1 (mod 3), p3 = 31 = 1.
p

  suppose
p = 12k + 11. Then p ≡ 3 (mod 4) so by

Now Quadratic Reciprocity II (7.2.11),
p p
3
= − 3 , and since 12k + 11 ≡ −1 (mod 3), 3 = −1



p 3
, which equals -1 by Theo-
 
rem 7.1.7. So p3 = −(−1) = 1.

Next, suppose p = 12k + 5. Then p ≡ 1 (mod 4) so

       
3 p 12k + 5 2
= = = = −1
p 3 3 3
by Theorem 7.2.2.

Lastly, suppose p = 12k + 7. Then p ≡ 3 (mod 4) so

     
3 p 12k + 7 1
=− =− =− = −1.
p 3 3 3
Hence   (
3 1 if p ≡ 1 or 11 (mod 12)
=
p −1 if p ≡ 5 or 7 (mod 12).

x2 −3
Theorem 7.3.3. Suppose x > 1 is odd with 3 - x and let N = 2
. Then there is a prime
p | N so that p ≡ 11 (mod 12).
2
Proof. Let N = x 2−3 . Note that x odd implies x ≡ 1, 5, 7, 11, 13, 17, 19 or 23 (mod 24).
So x2 ≡ 1 (mod 24). Then x2 − 3 ≡ −2 ≡ 22 (mod 24) and we can divide through by
(2, 24) = 2, giving
x2 − 3
≡ 11 (mod 12).
2
2
Now suppose p| N is prime. Then N ≡ 0 (mod p) =⇒ x 2−3 ≡ 0 (mod p). So x2 ≡ 3
(mod p), or p3 = 1. By Theorem 7.3.2, either p ≡ 1 or 11 (mod 12). Suppose q is another
prime such that q | N , and both p and q are congruent to 1 mod 12. Then p = 12j + 1 and
q = 12k + 1 for integers j, k and we have

pq = (12j + 1)(12k + 1) = 144jk + 12j + 12k + 1 ≡ 1 (mod 12).

But N ≡ 11 (mod 12), so at least one prime divisor of N must be congruent to 11 mod
12.

60
7.3. Applications of Quadratic Reciprocity Chapter 7. Reciprocity

Theorem 7.3.4. There are infinitely many primes p ≡ 11 (mod 12).

Proof. Suppose p1 , . . . , pn are all primes congruent to 11 mod 12. Let x = p1 p2 · · · pn and
2
note that 2 - x and 3 - x. By Theorem 7.3.3, if N = x 2−3 then there exists a prime q | N
such that q ≡ 11 (mod 12). For all 1 ≤ i ≤ n, pi - N but clearly q | N so it is a “new” prime
congruent to 11 mod 12, a contradiction. Hence there are infinitely many primes p ≡ 11
(mod 12).
Theorem 7.3.5. Suppose p ≡ 3 (mod 4) is prime and p > 3. Then if q = 2p + 1 is prime,
q | (2p − 1).
Proof. Since p ≡ 3 (mod 4), p ≡ 3 or 7 (mod 8). If p = 8k + 3 then q ≡ 16k + 7 ≡ 7
(mod 8). And if p = 8k +7,then q ≡ 16k + 15 ≡ 7 (mod 8). Soin all cases q ≡ 7 (mod 8).
q−1
Then by Theorem 7.2.2, 2q = 1, and by Euler’s Criterion, 2q ≡ 2 2 ≡ 2p (mod q). So
2p ≡ 1 (mod q), and we conclude that q | (2p − 1).
Recall that a Sophie Germain prime is a prime q for which p = 2q + 1 is also prime. By
Euler’s Theorem (4.2.4), for any integer a relatively prime to p, ordp (a) divides p − 1. When
q is a Sophie Germain prime, p − 1 = 2q has only the factors 1, 2, q, 2q so every a relatively
prime to p has ordp (a) = 1, 2, q or 2q. Moreover, ordp (1) = 1, ordp (p − 1) = 2 and for any
other 1 < a < p − 1, ordp (a) = q or 2q.
Theorem 7.3.6. Let q be a Sophie Germain prime and set p = 2q + 1. Then for every
1 ≤ a ≤ p − 2, a is either a quadratic residue modulo p or a primitive root modulo p.
  p−1
Proof. Suppose ap = −1. Then Euler’s Criterion says that a 2 = aq ≡ −1 (mod p) so
the order of a mod p cannot be 1, 2 or q. Hence ordp (a) = 2q so by definition a is a primitive
root modulo p.
Corollary 7.3.7. Let q be an odd Sophie Germain prime and put p = 2q + 1. Then for any
1 < a < p − 1, a is a quadratic residue modulo p if and only if p − a is a primitive root
modulo p.
Proof. It is clear that if q is odd, p = 2q + 1 must be congruent to 3 (mod 4). Thus if a is a
quadratic residue,
p−1
(−a)q = (−a) 2

p−1 p−1
= (−1) 2 a 2
  
−1 a
≡ by Euler’s Criterion
p p
≡ −1 · 1 by Theorem 7.1.7
= −1.

Therefore by Theorem 7.3.6, −a is a primitive root mod p. The converse is identical.

Artin’s Conjecture. Every integer a 6= −1 which is not a perfect square is a primitive
root modulo p for infinitely many primes p.

61
7.3. Applications of Quadratic Reciprocity Chapter 7. Reciprocity

Theorem 7.3.8 (Miller). Let q be an odd Sophie Germain prime. Then for p = 2q + 1, the
complete set of primitive roots modulo p is

{−22 , −32 , . . . , −q 2 }.

In particular, −4 is a primitive root modulo every prime of the form 2q + 1.

Notice that Miller’s Theorem would imply Artin’s Conjecture is true if we knew there
are infinitely many Sophie Germain primes. Sadly, this is not the case.

62
 Part II

Analytic Number Theory

63
Chapter 8

Introduction

These notes were compiled from a semester of lectures at Wake Forest University by Dr.
∞
X 1
John Webb. The primary focus is the Riemann Zeta Function: ζ(s) =
n=1
ns
∞
X 1
Example 8.0.1. ζ(1) = , the harmonic series, is a divergent series.
n=1
n
∞
X 1 π2
Example 8.0.2. We know ζ(2) = 2
converges to , but how?
n=1
n 6

Euler’s Results
π2
ˆ Proved that ζ(2) =
6
ˆ 900+ papers over his lifetime

– Some 15 of them dealt with the Zeta Function

ˆ Riemann wrote one paper on the topic

– Revolutionized analytic number theory

x
Prime Number Theorem: π(x) ≈ , where π(x) is the number of primes less than
log(x)
or equal to x. Riemann gave a map of how to prove this theorem.
Modern Research

ˆ Riemann Hypothesis

ˆ L-functions

ˆ Calculating zeroes of the Zeta Function

64
Chapter 9

Preliminaries

65
9.1. Basic Analysis Chapter 9. Preliminaries

9.1 Basic Analysis

Definition. If f is a function, f (x) converges to L ∈ R, denoted lim f (x) = L, if for all
x→∞
ε > 0 there exists N > 0 such that for all x > N , |f (x) − L| < ε.

Definition. A function f (x) diverges (to ∞), denoted lim f (x) = ∞, if for all M > 0
x→∞
there exists some N > 0 such that for all x > N , f (x) > M .

This can be adapted for −∞ as well.

Definition. Given functions f (x) and g(x) defined on R (or Z) ≥ a, with g(x) > 0 and
monotonic on [a, ∞), we say that f (x) = O(g(x)) if for all x ≥ a there exists some constant
M > 0 such that |f (x)| ≤ M g(x), also denoted f (x) << g(x).

Definition. Given functions f and g, f (x) >> g(x) if there exists some constant m > 0
such that |f (x)| ≥ mg(x) for all x > a.

Definition. If f (x) >> g(x) and f (x) << g(x) then f and g are said to have the same
order, denoted f (x)  g(x).
X 1
Example 9.1.1. = O(log(x))
p prime
p
p≤x

Proof. What if we sum over all integers?:

x
X 1
n=1
n

x x ∞ Z ∞
X 1 X1 X
We know ≥ . Recall the integral test: f (n) and f (x) dx both converge
n=1
n p=2
p n=1 1
or both diverge (if f > 0 and f is monotone on [1, ∞)). So we have
x Z x
X 1 1
≤ dt = log(x).
n=2
n 1 t

In fact,
x
X 1
log(x) < < 2 log(x).
n=1
n
x x x
X 1 X 1 X 1
Therefore ≤ < 2 log(x) for all x > 2. Hence = O(log(x)).
p=2
p n=1 n p=2
p
x x
X 1 X 1
But is way bigger than so this is a bad approximation tool.
n=1
n p=2
p

66
9.1. Basic Analysis Chapter 9. Preliminaries

Example 9.1.2. sin(x) << 1

Let g(x) = 1, then | sin(x)| ≤ g(x) for all x ∈ R. So sin(x) << 1. But is sin(x)  1? No,
since sin(x) = 0 at infinitely many points.

Example 9.1.3. f (x) = sin(x) + x

First, f (x) << x because if M = 2, |f (x)| ≤ 2x for x > 0. And f (x) >> x because if
m = 1/2, |f (x)| ≥ 1/2x for x > 0. Thus f (x)  x.

Definition. Two functions f and g are asymptotic to each other, denoted f (x) ∼ g(x), if

f (x)
lim = 1.
x→∞ g(x)

Example 9.1.4. f (x) = sin(x) + x, g(x) = x

f (x) sin(x) + x sin(x)

lim = lim = lim +1=0+1=1
x→∞ g(x) x→∞ x x→∞ x
thus f (x) ∼ g(x).

Proposition 9.1.5. If f (x) ∼ g(x) then f (x)  g(x).

Proof omitted. Note that the converse is not true in general.

x Z x
X 1 1
Example 9.1.6. The integral test actually states that ∼ dt = log(x).
n=1
n 1 t

67
9.2. Euler-Maclaurin Summation Chapter 9. Preliminaries

9.2 Euler-Maclaurin Summation

n−1
X Z n
Let f (x) > 0 and strictly decreasing on [1, ∞). Examine dn = f (k) − f (x) dx.
k=1 1

f (x)
4

2 dn

1 2 4 6 8
n

Proposition 9.2.1. dn < f (1) for any n > 1.

n−1 Z k+1
X
Proof. Rewrite dn = (f (k) − f (x)) dx. Then
k=1 k

n−1
X
dn < (f (k) − f (k + 1)) = f (1) − f (n)
k=1

by telescoping series. And since f (n) > 0, f (1) − f (n) < f (1). Hence dn < f (1).
Let C(f ) = lim dn . We know C(f ) exists because dn is increasing but bounded. Then
n→∞
we can write n Z k+1
X
C(f ) = lim [f (k) − f (x)] dx.
n→∞ k
k=1
∞ Z
X k+1
Let Ef (n) = f (n) + dn − C(f ). Then Ef (n) > 0 since dn − C(f ) = [f (k) − f (x)] dx.
k=n k
Together, this gives us
∞
X Z ∞
f (k) = f (x) dx + C(f ) + Ef (n).
k=1 1

∞
X 1
Goal: Approximate 2
to at least 3 decimal places.
n=1
n

68
9.2. Euler-Maclaurin Summation Chapter 9. Preliminaries

1


Definition. γ = C x
is called the Euler constant.

Example 9.2.2. Let f (x) = x1 . Then

n
X Z n
f (k) = f (x) dx + γ + Ef (n)
k=1 1

Z n
1
We know that dx = log(n). To approximate the remaining terms, we will first prove
1 x
the following theorem for the general case.
Xn Z n Z n
Theorem 9.2.3. f (k) = f (x) dx + (x − bxc) f 0 (x) dx + f (1), where f has a con-
k=1 1 1
tinuous first derivative on [1, n].

Proof. We begin with

n
X Z n
f (k) = f (x) dx + dn .
k=1 1

To find dn ,
n−1 Z
X k+1
dn = [f (k) − f (x)] dx
k=1 k

which we will integrate by parts. Let

u = f (k) − f (x) dv = dx

du = −f 0 (x) dx v = x − (k + 1) ← we get to choose a constant

and integrate:
Z k+1 k+1 Z k+1
[f (k) − f (x)] dx = [f (k) − f (x)](x − (k + 1)) + (x − (k + 1))f 0 (x) dx

k k k
Z k+1
= [(f (k) − f (k + 1)) · 0 − 0(−1)] + (x − (k + 1))f 0 (x) dx
k
Z k+1 Z k+1
=0+ (x − (k + 1))f 0 (x) dx = (x − (k + 1))f 0 (x) dx.
k k

69
9.2. Euler-Maclaurin Summation Chapter 9. Preliminaries

Thus
n−1 Z
X k+1 n−1 Z
X k+1
[f (k) − f (x)] dx = (x − (k + 1))f 0 (x) dx
k=1 k k=1 k
n−1
X Z k+1
= (x − bxc − 1)f 0 (x) dx
k=1 k
n−1
X Z k+1 n−1 Z
X k+1
0
= (x − bxc)f (x) dx − f 0 (x) dx
k=1 k k=1 k
n−1
X Z k+1 Z n
= (x − bxc)f 0 (x) dx − f 0 (x) dx
k=1 k 1
n−1 Z k+1
X
= (x − bxc)f 0 (x) dx − (f (n) − f (1)).
k=1 k

This is a formula we can work with. Plugging it back into the series formula, we obtain
n
X Z n Z n
f (k) = f (x) dx + (x − bxc)f 0 (x) dx + f (1).
k=1 1 1

Note that the (x − bxc) part above bounds the integral, but we can do a little better.
The function x − bxc is a 1-periodic function. By selecting x − bxc − 1/2 instead, we still
have a 1-periodic function but one that will integrate to 0 over integer periods.

x − bxc
1

1 2 3 4

1 x − bxc − 1/2

1 2 3 4

−1

70
9.2. Euler-Maclaurin Summation Chapter 9. Preliminaries

(
x − bxc − 1/2 x 6∈ Z
So let P1 (x) =
0 x ∈ Z.
Now consider
Z n Z n
0
(x − bxc)f (x) dx = (x − bxc − 1/2 + 1/2)f 0 (x) dx
1
Z1 n Z n
0 1/2f 0 (x) dx
= P1 (x)f (x) dx +
Z1 n 1

= P1 (x)f 0 (x) dx + 1/2(f (n) − f (1)).

1

Putting this into the formula from Theorem 9.2.3 gives us the following theorem:

Theorem 9.2.4 (First Derivative Form of Euler-Mclaurin Summation Formula).

n
X Z n Z n
f (k) = f (x) dx + P1 (x)f 0 (x) dx + 1/2(f (n) + f (1))
k=1 1 1

where f has a continuous first derivative f 0 on [1, n].

n
X 1
Example 9.2.5. Approximate
k=1
k

n Z n  0
Z n  
X 1 1 1 1 1
= P1 (x)
dx + dx + +1
k=1
k 1 1x x 2 n
1 n 1
Z  
1 1
≤ log(x) + dx + +1
2 1 x2 2 n
≤ log(x) + 1.

Strategy:

(1) Add up first few terms by hand

(2) Use Euler-Maclaurin Formula to estimate the tail

Z n
(3) Bound P1 (x)f 0 (x) dx to within 3 decimals
i
∞
X Z ∞
Recall: if f (x) > 0 and f (n) converges then f (x) dx converges and lim f (n) = 0.
1 n→∞
n=1
Z ∞
Claim. |f 0 (x)| dx converges.
i

71
9.2. Euler-Maclaurin Summation Chapter 9. Preliminaries

Proof. Since f is a monotone decreasing function (from the integral test), f 0 is always neg-
ative. So
Z ∞ Z ∞
0
|f (x)| dx = − f 0 (x) dx
i i
Z n
= − lim f 0 (x) dx
n→∞ i
= lim [f (i) − f (n)]
n→∞
= f (i) − 0 since f (n) → 0
= f (i).
Z ∞
Thus |f 0 (x)| dx converges to f (i).
i

A consequence of this is:

Z ∞ Z ∞
0 1
|P1 (x)f (x)| dx ≤ |f 0 (x)| dx = 1/2f (i).
i 2 i

1
Example 9.2.6. Approximate f (x) = to 3 decimals.
x2
1 0 −2
Let f (x) = ; then f (x) = . We will find an i such that
x2 x3
Z ∞ 
 2P 1 (x) 
 ≤ 0.0005
 dx

i x3 

so that the ± gap of the error is 0.001.

1
k3

k + 1/2 k+1

k
−1
(k+1)3

2
For [k, k + 1/2] take the max value of |f 0 (x)| = .
k3

1
k3
P1 (x) max |f 0 (x)|

k k + 1/2

72
9.2. Euler-Maclaurin Summation Chapter 9. Preliminaries

Z k+1/2 Z k+1/2
2P1 (x) 2
Then − dx ≤ P1 (x) · dx.
k x3 k k3
1
area of triangle =
4k3

Likewise, for [k + 1/2, k + 1] take min |f 0 (x)| = 2

(k+1)3
.

k + 1/2 k+1

−1
(k+1)3

Z k+1 Z k+1
2P1 (x) 2
Then − dx ≥ P1 (x) · dx.
k+1/2 x3 k+1/2 (k + 1)3
1
area of triangle =
4(k+1)3
Z k+1
1 1
This gives us an estimate for the error term: P1 (x)f 0 (x) dx ≤ − . So we
k 4k 3 4(k + 1)3
have ∞ 
Z ∞ 
0
X 1 1 1
P1 (x)f (x) dx ≤ 3
− =
i k=i
4k 4(k + 1)3 4i3
1 √3
by telescoping sum. We want 3 ≤ 0.0005 ⇒ i ≥ 500 = 7.9 . . . So choose i = 8 and we
∞
4i
X 1
can estimate f (n) for f (x) = 2 to within 3 decimals:
n=1
x

∞ 7 Z ∞ 
X 1 X 1 1 1
= + dx + f (1)
n=1
n2 n=1
n2 8 x2 2
7   
X 1 1 1 1
= + +
n=1
n2 8 2 64
1 1 1 1 1 1 1 1
=1+ + + + + + + +
4 9 16 25 36 49 8 128
≈ 1.6446.

Compare this to the real value, which is 1.64493 . . .

Example 9.2.7. For 8-decimal accuracy, we want

1
≤ 0.000000005 ⇒ i ≥ 368.4 so choose i = 369.
4i3

73
9.2. Euler-Maclaurin Summation Chapter 9. Preliminaries

Given the First Derivative Form,

n Z n Z n
X 1
f (k) = f (x) dx + (f (1) + f (n)) + P1 (x)f 0 (x) dx,
k=1 1 2 1
error

we want to reduce the error term further. Note the following

Z 1
P1 (x) dx = 0 ← good cancellation.
0

We will integrate by parts on the error term. Let

u = f 0 (x) dv = P1 (x) dx

du = f 00 (x) dx v = 1/2(x2 − x) + c
Z 1
where we get to pick c. If c = 1/12 then 1/2(x2 − x) + c dx = 0. So in order to make the
0
integral periodic and have good cancellation, let v = 1/2((x − bxc)2 − (x − bxc)) + 1/12. Note
that since P1 (x) was piecewise continuous, 1/2((x − bxc)2 − (x − bxc)) + 1/12 is continuous as
well (on [0, ∞)). Now to integrate,
Z n
n
P1 (x)f 0 (x) dx = f 0 (x) 1/2((x − bxc)2 − (x − bxc)) + 1/12 1

1
Z n
1/2((x − bxc)2 − (x − bxc)) + 1/12 f 00 (x) dx
 
−
1
Z n
0 0 1/2P (x)f 00 (x) dx
= /12f (n) − /12f (1) −
1 1
2
1
Z n
2 00
where P2 (x) = (x−bxc) −(x−bxc)+ 1/6. This gives us a new error term, 1/2P
2 (x)f (x) dx.
1

Theorem 9.2.8 (Second Derivative Form of Euler-Maclaurin Summation Formula).

n
X Z n Z n
0 0
f (k) = f (x) dx + 1/2(f (1) + f (n)) + 1/12(f (n) − f (1)) − 1/2 P2 (x)f 00 (x) dx
k=1 1 1

where P2 (x) = (x − bxc)2 − (x − bxc) + 1/6 and f has continuous first and second derivatives
on [1, n].

If we want to refine further, we want

Z x
P3 (x) = 3 P2 (t) dt + c
0

74
9.2. Euler-Maclaurin Summation Chapter 9. Preliminaries

Z 1
where the coefficient 3 is chosen so P3 (x) is monic, and c is chosen such that P3 (x) dx = 0.
0
This give us P3 (x) = x3 − 3/2x2 + 1/2x + c, so
1
1
x4 x3 x2
Z
3

(x − 3/2x2 + 1/2 + c) dx = − + + cx
0 4 2 4 0
1 1 1
= − + +c=0
4 2 4

⇒ c = 0!
Z x
Thus we set P3 (x) = 3 P2 (t) dt = x3 − 3/2x2 + 1/2x. To integrate by parts again, let
0

u = f 00 (x) dv = P2 (x) dx

du = f 000 (x) dx v = 1/3P3 (x).

Then Z n Z n
1 00 1 00
P2 (x)f (x) dx = 1/6P3 (x)f (x) − P3 (x)f 000 (x) dx.
2 1 6 1

Note that from 1 to n, P3 (x) = 0. Thus we have the following theorem:

Theorem 9.2.9 (Third Derivative Form of Euler-Maclaurin Summation Formula).

n
X Z n Z n
0 0
f (k) = f (x) dx + 1/2(f (1) + f (n)) + 1/12(f (n) − f (1)) + 1/6 P3 (x)f 000 (x) dx
k=1 1 1

where P3 (x) = x3 − 3/2x2 + 1/2x and f has continuous first, second and third derivatives on
[1, n].
1
Example 9.2.10. Let’s apply this to f (x) =
x2
Z k+1 
0 2 00 6 000 24  000

Note that f (x) = − 3 , f (x) = 4 , f (x) = − 5 . Let’s look at 
 P3 (x)f (x) dx.
x x x k

k k+1

75
9.2. Euler-Maclaurin Summation Chapter 9. Preliminaries

Then we have
Z 
k+1/2
Z k+1  Z k+1

 000
 24 
  24  
P3 (x)f (x) dx ≤ 5  P3 (x) dx − P3 (x) dx
   

k x  k  (k + 1)5 
k+1/2

and Z  1/2
 1/2   4
x x3 x2  1 1 1 1
P3 (x) dx =  − +  = − + = .
  
4 2 4 0 64 16 16 64

 0 
Thus
k+1
Z     
 000
 24 1 24 1 since the integral from 0 to 1/2
 P3 (x)f (x) dx ≤ 5
 − 5 is the same as from 1/2 to 1

k k 64 (k + 1) 64
 
3 1 1
= − .
8 k 5 (k + 1)5

This becomes
Z ∞
 ∞    
 000
 3 X 1 1 3 1
 P3 (x)f (x) dx ≤ 5
− 5
=

i 8 k=i k (k + 1) 8 i5

by telescoping sum. So let’s estimate:

∞ i−1 Z ∞
1 ∞ 24P3 (x)
    Z
X 1 X 1 1 1 1 1 2
= + dx + + − dx.
n=1
n2 n=1
n2 i x2 2 i2 12 i3 6 i x5
 
1 1 1
Our error ≤ 5
so let’s get within .5 × 10−6 . Then 5 ≤ 8 × 10−6 ⇒ i5 ≥ 1.25 × 105
16 i i
which gives us i ≈ 12.

Let’s look at our error terms so far:

P1 (x) = x − bxc − 1/2

P2 (x) = (x − bxc)2 − (x − bxc) + 1/6
P3 (x) = x3 − 3/2x2 + 1/2x.
Z x Z 1
In general, Pk (x) = k Pk−1 (t) dt + bk , where bk is chosen such that Pk (x) dx = 0.
0 0

76
9.3. The Bernoulli Numbers Chapter 9. Preliminaries

9.3 The Bernoulli Numbers

For k ≥ 1, let Z x
Bk (x) = k Bk−1 (t) dt + bk
0
Z 1
where bk is chosen such that Bk (x) dx = 0. Then we have
0

B0 (x) = 1
B1 (x) = x − 1/2
B2 (x) = x2 − x + 1/6
B3 (x) = x3 − 3/2x2 + 1/2.

Bk (x) is known as the kth Bernoulli polynomial, and the sequence of bk terms are called
the Bernoulli numbers.

Proposition 9.3.1. Bk (x) = (−1)k Bk (1 − x).

Proof. If k = 1, then

B1 (1 − x) = (1 − x) − 1/2
= 1/2 − x
= −B1 (x)

so the base case holds. Now assume Bk−1 (x) = (−1)k−1 Bk−1 (1 − x). We have that
Z x
Bk (x) = k Bk−1 (t) dt + bk
0
Z x
= k (−1)k−1 Bk−1 (1 − t) dt + bk .
0

Let u = 1 − t, so that du = −dt. Then

Z 1−x
Bk (x) = k (−1)k Bk−1 (u) du + bk
Z1 1
=k (−1)k−1 Bk−1 (u) du + bk .
1−x
Z 1 Z 1−x Z 1
Note that 0 = Bk−1 (t) dt = Bk−1 (t) dt + Bk−1 (t) dt. Then we can substitute:
0 0 1−x
Z 1−x
Bk (x) = k (−1)k Bk−1 (u) du + bk = (−1)k Bk (1 − x).
0

77
9.3. The Bernoulli Numbers Chapter 9. Preliminaries

Note that Z 1
Bk (1) = k Bk−1 (t) dt + bk = k(0) + bk = bk = Bk (0)
0
so Bk (1) = Bk (0). And if k is odd, then Bk (1) = −Bk (0) = −bk , but these also equal bk ,
hence bk = 0 if k is odd.
Proposition 9.3.2. For k ≥ 2, if k is even then Bk (x) = 0 for exactly one value in [0, 1/2].
And if k is odd, Bk (x) = 0 iff x = 0, 1/2 or 1.
Proof. Let k = 2, then see graph. Now suppose k is odd and the above holds for k − 1, which
is even. We know that Bk (0) = Bk (1/2) = 0. Suppose that Bk (c) = 0 for some c ∈ (0, 1/2).
By Rolle’s Theorem, since Bk (0) = Bk (c) = Bk (1/2) there must be an a and b such that
0 < a < c < b < 1/2 and Bk0 (a) = Bk0 (b) = 0. But Bk0 (x) = kBk−1 (x) which is even. By
inductive hypothesis, there’s only value in [0, 1/2] such that Bk−1 (x) = 0, a contradiction.
Thus for k odd, Bk (x) = 0 iff x = 0, 1/2 (or 1 by extension). Now suppose k is even and the
hypothesis holds for k − 1. Suppose Bk (t1 ) = Bk (t2 ) = 0 for t1 , t2 ∈ [0, 1/2] with t1 6= t2 . By
Rolle’s Theorem, Bk0 (x) = kBk−1 (x) has a zero in (t1 , t2 ). But since k −1 is odd, Bk−1 (x) 6= 0
on the interval (0, 1/2), contradiction our choice of t1 , t2 . Hence if k is even, Bk (x) = 0 for
exactly one value between 0 and 1/2.
Properties of Bernoulli Numbers
(1) bk = 0 if k is odd

(2) The critical points of Bk (x) are x = 0, 1/2, 1 if k is even, so bk is either a max or in on
[0, 1], and Bk (1/2) is the opposite
k   k  
X k X k r
(3) bk = bk−r — in fact, Bk (x) = x bk−r
r=0
r r=0
r

(4) |bk | ≥ |Bk (x)| on the interval [0, 1] if k is even, and Bk (1/2) = −(1 − 21−k )bk for k
even, so |bk | − |Bk (1/2) | is very small

(5) |P2m+1 (x)| ≤ (2m + 1)|b2m+1 |

∞
x X xm
(6) x = bm
e − 1 m=0 m!

Theorem 9.3.3 (General Form for Euler-Maclaurin Summation). If f has 2m+1 derivatives
on [i, n],
n Z n m
X X b2r
f (2r−1) (n) − f (2r−1) (1)


f (k) = f (x) dx + /2(f (1) + f (n)) −
1

k=i i r=1
(2r)!
Z n
1
+ P2m+1 (x)f (2m+1) (x) dx
(2m + 1)! i
where P2m+1 (x) = B2m+1 (x − bxc).

78
Chapter 10

Euler’s Work

79
10.1. On the Sums of Series of Reciprocals Chapter 10. Euler’s Work

10.1 On the Sums of Series of Reciprocals

In this first section, we will follow the work of Leonhard Euler in his seminal paper On the
Sums of Series of Reciprocals, published in 1735. The main result, which we prove in detail
∞
X 1 π2
twice, is the now-famous identity = .
n=1
n2 6
We begin with some notation. Let s represent an arbitrary angle of the unit circle. Then
y = sin(s) and x = cos(s). It is known that
s3 s5 s7
y =s− + − + ...
3! 5! 7!
which corresponds to the Maclarin series for sine. Note that since sin(s) is periodic, the above
equation holds for infinite values of s. We can transform the equation into the following:
s s3 s5 s7
0=1− + − + − ...
y 3!y 5!y 7!y
Pretend this is a polynomial; then it can be written two ways:

P1 (x) = xn + an−1 xn−1 + an−2 xn−2 + . . . + a1 x + a0

= (x − b1 )(x − b2 )(x − b3 ) · · · (x − bn )

where b1 , b2 , . . . , bn are all roots of P1 (x). Suppose instead we have

P2 (x) = 1 + a1 x + a2 x2 + . . . + an xn

with roots b1 , b2 , . . . , bn .
Claim. Then we can write P2 as
    
x x x
P2 (x) = 1 − 1− ··· 1 − .
b1 b2 bn
Proof. If we evaluate P2 at one of its roots, bi , we have
    
bi bi bi
P2 (bi ) = 1 − 1− ··· 1 − · · · = 0.
b1 b2 bi
=0

So the bi ’s indeed satisfy their definition as roots. Thus our two expressions are degree n
polynomials with the same roots, so they can only differ by a factor of k. Plugging in x = 0,
we can solve for k = 1. Thus our two expressions are equivalent:

P2 (x) = 1 + a1 x + . . . + an xn
    
x x x
= 1− 1− ··· 1 − .
b1 b2 bn

80
10.1. On the Sums of Series of Reciprocals Chapter 10. Euler’s Work

As a sidenote, if f (z) and g(z) are analytic (infinitely differentiable) on a domain D ⊂ C,

f (z) = 0 ⇔ g(z) = 0 for all z ∈ D, and if this holds, f (z) = kg(z). This is a result from
complex analysis, which was not available to Euler at the time. However, his conclusion was
correct.

s s3
Now consider f (s) = 1 − + − . . . Then the roots of f (s) are all the angles
y 3!y
A, B, C, D, . . . such that

y = sin(A) = sin(B) = sin(C) = sin(D) = . . .

and we can write  s  s  s

f (s) = 1 − 1− 1− ···
A B C
Returning to our polynomial again,
  
x x
P2 (x) = 1 − 1− · · · = 1 + a1 x + . . .
b1 b2
−x
then if we want a1 , we must find all possible ways of getting x0 , e.g. a1 = b1
− x
b2
− ...
s s3  s  s  s
So for f (s) = 1 − + − ... = 1 − 1− 1− ···,
y 3!y A B C
1 1 1 1
= + + + ...
y A B C
For the second coefficient, we have
1 1 1 1
0= + + + + ...
AB AC BC AD
where the denominators are all possible products of pairs of roots of f (s). For the third
coefficient,  
1 1 1 1
=− + + + ...
3!y ABC ABD ACD
Let A be the smallest arc such that sin(A) = y. Then sin(A + 2πk) = y for all k ∈ Z. Thus
we can replace each of the roots of f (s) with A + 2πk for some k ∈ Z:
s3
  
 s s s s
1− 1− 1− ··· = 1 − + − ...
A π−A A + 2π y 3!y
Then by the above,
1 1 1 1
= + + + ...
y A π − A A + 2π
1 1 1
0= + + + ...
A(π − A) A(A + 2π) (π − A)(A + 2π)
1 −1 −1 −1
= + + + ...
3!y A(π − A)(A + 2π) A(π − A)(−A − π) (π − A)(A + 2π)(−A − π)

81
10.1. On the Sums of Series of Reciprocals Chapter 10. Euler’s Work

Now define

α = a + b + c + d + e + ...
β = ab + ac + ad + bc + bd + . . .
γ = abc + abd + acd + bcd + . . . .

So alpha is the sum of single terms, β is the sum of all possible products of two terms, and
γ is the sum of products of three terms.

Claim. a2 + b2 + c2 + . . . = α2 − 2β.

Proof. For a + b = α, ab = β and

a2 + b2 = a2 + b2 + 2ab − 2ab
= (a + b)2 − 2ab
= α2 − 2β.

The rest of the proof can be shown by induction.

Here Euler is creating symmetric polynomials.

Definition. A symmetric polynomial is a polynomial that is fixed by all possible permu-

tations on its variables.

There is only one degree-1 symmetric polynomial of n variables: x1 + x2 + x3 + . . . + xn .

Claim. a3 + b3 + c3 + . . . = α3 − 3αβ + 3γ

Proof omitted.

Claim. a4 + b4 + c4 + . . . = α4 − 4α2 β + 4αγ + 2β 2 − 4δ.

Proof omitted.

Let P = a + b + c + . . . = α
then Q = a2 + b2 + c2 + . . . = α2 − 2β = P α − 2β
R = a3 + b3 + c3 + . . . = α3 − 3αβ + 3γ = Qα − P β + 3γ
S,T, etc. follow from here.

Returning to our series in question, we have

1 1 1 1
= + + + ...
y A π − A A + 2π

82
10.1. On the Sums of Series of Reciprocals Chapter 10. Euler’s Work

where A is the least angle such that y = sin(A). But this just gives us
1
=α
y
0=β
−1
=γ
3!y
0=δ
etc.

Q 1
Since β = 0, Q = P α − 2β = P α and R = Qα + 3γ = − , and this holds for all values
y 2y
of y = sin(A). We will now choose y = 1, so A = π/2. All of our roots now come in equal
1 1 1 1
pairs: π , π , 5π , 5π , . . . Then
/2 /2 /2 /2
 
1 1 1 1 1
α= = + + + + ...
1 A π − A A − 2π −π − A
 
2 2 2 2 2 2
= + − − + + − ...
π π 3π 3π 5π 5π
 
4 1 1 1 1
= 1 − + − + − ... .
π 3 5 7 9
1 1 1 1 π
So 1 − + − + − . . . = . Note that this looks like a case of the Taylor series for
3 5 7 9 4
tan−1 (x):
∞
−1
X (−1)n x2n+1
tan (x) =
n=0
2n + 1
∞
X (−1)n π
tan−1 (1) = = .
n=0
2n + 1 4

We can then write Q as

Q = a2 + b 2 + c 2 + d 2 + . . .
 2  2  2  2  2  2
2 2 −2 −2 2 2
= + + + + + + ...
π π 3π 3π 5π 5π
 
8 1 1 1
= 2 1+ + + + ... .
π 9 25 49

This gives us our first important result:

∞
π2 1 1 1 X 1
=1+ + + + ... = .
8 9 25 49 n=0
(2n + 1)2

83
10.1. On the Sums of Series of Reciprocals Chapter 10. Euler’s Work

∞
X 1 1 1 1
Now let z = 2
= 1+ + + + . . . Then to produce all the even terms, divide by 4:
n=1
n 4 9 16

z 1 1 1 1 1
= + + + + + ...
4 4 16 36 64 100
π2
So z − z/4 just gives us back the odd terms, which we have shown equal 8
:

z π2
⇒z− =
4 8
π2
⇒z= .
6
For an alternate proof, set y = 0 at the beginning. Then the roots of our equation will be
±π, ±2π, ±3π, . . ., giving us α = 0 and β = − 1/6. Thus Q = −2β = 1/3, and we can proceed
to solve for ζ(2) as before:
 2  2  2  2
1 1 1 −1 1
Q= = + + + + ...
3 π π 2π 2π
 
2 1 1 1
= 2 1+ + + + ...
π 4 9 16
∞
π2 X 1
⇒ = .
6 n=1
n2

∞
X 1
We can solve for other identities in the same way. For example, we find that if y =
n=1
n4
∞
y X 1
then = , implying
16 n=1 (2n)4

∞
y X 1 π4
y− = =
16 n=1 (2n − 1)4 32 · 3
π4
⇒y= .
90
Although Euler did not provide a general formula for ζ(2n) in this paper, his methods here
can be extended to show that for all n,

(−1)n+1 b2n (2π)2n

ζ(2n) =
2(2n)!

where b2n is the Bernoulli number for k = 2n.

84
10.2. Newton’s Identities Chapter 10. Euler’s Work

10.2 Newton’s Identities

This section provides a brief review of Newton’s identities, which were available to Euler
at the time he wrote On the Sums of Series of Reciprocals. In this paper, Euler used the
notation seen in Section 3.1; here we will instead adopt a more modern notation for Newton’s
identities. Let k, l ≥ 1 and m, r ≥ 0 be integers. Define
∞
X
tk = xkn
n=1

X
sl = xi 1 xi 2 · · · xi l
i1 ,...,il distinct

X
u(m, r) = xm
j 0 xj 1 xj 2 · · · xj r
j0 ,j1 ,...,jr distinct

with indices ic and jd positive integers.

Lemma 10.2.1. Let k, l ≥ 2. Then tk sl = u(k + 1, l − 1) + u(k, l).

Proof. Let k, l ≥ 2. Then

∞
! !
X X
tk sl = xkn xi 1 xi 2 · · · xi l
n=1 i1 ,...,il distinct

= xk1 + xk2 + xk3 + . . . + xkl + . . . (x1 x2 · · · xl + x1 x2 · · · xl−1 xl+1 + x1 x2 · · · xl−1 xl+2 + . . .)

= xk+1 k+1
1 x2 · · · xl + x1 x2 · · · xl + . . . + x1 x2 · · · xk+1
l + . . . + xk+1
1 x2 · · · xl−1 xl+1

+ x1 xk+1
2 · · · xl−1 xl+1 + . . . + x1 x2 · · · xl−1 xkl xl+1 + . . .

= xk+1 k+1
· · · xl + . . . + xk1 x2 · · · xl xl+1 + . . .



1 x2 · · · xl + x1 x2

  !
X X
= xk+1
j0 xj1 · · · xjl−1
+ xki1 xi2 · · · xil
j0 ,...,jl−1 distinct i1 ,...il distinct

= u(k + 1, l − 1) + u(k, l).

Lemma 10.2.2. Let l ≥ 1. Then t1 sl = u(2, l − 1) + (l + 1)sl+1 .

85
10.2. Newton’s Identities Chapter 10. Euler’s Work

Proof. Consider
∞
! !
X X
t1 sl = xn xi l xi 2 · · · xi l
n=1 i1 ,...,il

= (x1 + x2 + x3 + . . .) (x1 x2 x3 · · · xl + x1 x2 x3 · · · + x2 x3 · · · xl+1 + . . .)

= x21 x2 x3 · · · xl + x22 x1 x3 · · · xl + x23 x1 x2 · · · xl + . . .

 
X
= x2j0 xj1 · · · xjl−1  + (x1 x2 x3 · · · xl+1 + x1 x2 x3 · · · xl xl+2 + . . .)
j0 ,j1 ,...,jl−1

= u(2, l − 1) + ((l + 1)(x1 x2 x3 · · · xl ) + (l + 1)(x1 x2 x3 · · · xl−1 xl+1 ) + . . .)

!
X
= u(2, l − 1) + (l + 1) xj1 xj2 · · · xjl
j1 ,j2 ,...,jl

= u(2, l − 1) + (l + 1)sl+1 .

These lemmas are used to prove the main theorem in this section, Newton’s Identities.

Theorem 10.2.3 (Newton’s Identities). Let k ≥ 1. Then

tk − tk−1 s1 + tk−2 s2 − . . . + (−1)k−1 t1 sk−1 + (−1)k ksk = 0.

Proof. First consider

∞
X
tk − tk−1 s1 = xkn − (u(k, 0) + u(k − 1, 1))
n=1
∞
X X X
= xkn − xkj0 − xk−1
j 0 xj 1
n=1 distinct j0 j0 ,j1 distinct
X∞ X∞ X
= xkn − xkn − xk−1
j 0 xj 1
n=1 n=1 j0 ,j1 distinct
X
=− xjk−1
0
xj 1
j0 ,j1 distinct

= −u(k − 1, 1).

Next,

tk − tk−1 s1 + tk−2 s2 = −u(k − 1, 1) + (u(k − 1, 1) + u(k − 2, 2)) = u(k − 2, 2).

86
10.2. Newton’s Identities Chapter 10. Euler’s Work

And

tk − tk−1 s1 + tk−2 s2 − tk−3 s3 = u(k − 2, 2) − (u(k − 2, 2) + u(k − 3, 3)) = −u(k − 3, 3)

and so forth. Eventually we will obtain

tk − tk−1 s1 + . . . + (−1)k−2 t2 sk−2 = (−1)k−2 u(2, k − 2)

+(−1)k−1 t1 sk−1 + (−1)k−1 t1 sk−1
= (−1)k−2 [u(2, k − 1) − u(2, k − 1) − ksk ]
= (−1)k−1 ksk .

Finally, putting the last term in, we obtain

tk − . . . + (−1)k−1 t1 sk−1 + (−1)k ksk = (−1)k−1 ksk + (−1)k ksk

= (−1)k−1 (ksk − ksk ) = 0.

87
10.3. Euler’s Product Form Chapter 10. Euler’s Work

10.3 Euler’s Product Form

In this section we study the important Euler’s Product Form, which is usually written
∞ Y  −1
X 1 1
= 1− s .
m=1
ms p prime p

In Euler’s paper Various Observations about Infinite Series (1737), he made use of the
following notation
1 1 1 2n 3n 5n 7n
1+ + + + . . . = · · · ··· ,
2n 3n 4n 2n − 1 3n − 1 5n − 1 7n − 1
which of course is equivalent to our more modern notation for Euler’s Product Form. We
will follow Euler’s proof below.
Theorem 10.3.1 (Euler’s Product Form).
1 1 1 2n 3n 5n 7n
1+ + + + . . . = · · · ···
2n 3n 4n 2n − 1 3n − 1 5n − 1 7n − 1
In other words,
∞ Y  −1
X 1 1
s
= 1− s .
m=1
m p prime
p

Proof. We will show that

(2n − 1)(3n − 1) · · · (pni − 1) 1 1 1
n n n
x=1+ n + n + + ...
2 3 · · · pi pi+1 pi+2 (pi+1 pi+2 )n
The base case is easy. Now assume the property holds for all primes up to pi . Then
(2n − 1)(3n − 1) · · · (pni − 1) 1 1
n n n
x = 1 + n + n + ...
2 3 · · · pi pi+1 pi+2

(2n − 1)(3n − 1) · · · (pni − 1)

 
1 1 1 1
x= + + + ...
2n 3n · · · pni pni+1 pni+1 p2n
i+1 pni+1 pni+2
Thus
(2n − 1)(3n − 1) · · · (pni − 1)
   
1 1 1
1− x = 1 + n + n + ...
2n 3n · · · pni pni+1 pi+1 pi+2
 
1 1 1
− + + n n + ...
pni+1 p2n
i+1 pi+1 pi+2

(2n − 1)(3n − 1) · · · (pni − 1)(pni+1 − 1) 1 1

n n n n
x = 1 + n + n + ...
2 3 · · · pi pi+1 pi+1 pi+2
By induction, the property holds for all p and the desired result follows.

88
10.3. Euler’s Product Form Chapter 10. Euler’s Work

An alternate proof of Euler’s Product Form is given here. The proof utilizes the Fundamental
Theorem of Arithmetic (2.1.2), which states that every natural number factors uniquely into
the product of some primes.
Proof.
−1 !
Y  1 Y 1
1− s =
p prime
p p prime
1 − p1s

Y  1 1 1

= 1 + s + 2s + 3s + . . . by geometric sum
p prime
p p p

∞
X 1
= by Fundamental Theorem of Arithmetic (2.1.2)
m=1
ms

= ζ(s).

X 1 X 1
In the next sequence, we will prove that diverges by showing >> log log(x).
p prime
p p prime
p
p≤x p≤x

Steps:
(a) f (x) ∼ g(x) ⇒ log(f (x)) ∼ log(g(x))
X1 Y  −1
1
(b) < 1−
n≤x
n p prime p

(c) − log(1 − t) ≤ 2t for t ∈ [0, 1/2]

X1 X 1
(d) Recall that ∼ log(x) to show >> log log(x)
n≤x
n p prime
p
p≤x

Proof of (a): Suppose f (x) ∼ g(x). Then

f (x)
lim =1
x→∞ g(x)
 
f (x)
lim log = log(1) = 0.
x→∞ g(x)

So lim [log(f (x)) − log(g(x))] = 0 ⇒ lim log(f (x)) = lim log(g(x)) and we conclude
x→∞ x→∞ x→∞

log(f (x))
lim = 1.
x→∞ log(g(x))

89
10.3. Euler’s Product Form Chapter 10. Euler’s Work

Hence log(f (x)) ∼ log(g(x)).

Proof of (b): Consider

−1 Y ! ∞  n
Y 1 1 Y X 1
1− = 1 = .
p≤x
p p≤x
1− p p≤x n=0
p

X1 ∞  n
1 1 Y X 1
Since = 1 + + . . . + , then contains all of the terms of the former,
n≤x
n 2 x p≤x n=0
p
plus the product of the reciprocals of all primes less than p. Therefore it must be that
X 1 Y −1
1
< 1− .
n≤x
n p≤x p

Proof of (c): See graph of functions.

X 1 Y −1
1
Proof of (d): By (b), < 1− . Thus
n≤x
n p≤x p
! −1 !
X1 Y 1
log < log 1−
n≤x
n p≤x
p

 
X 1
= − log 1 −
p≤x
p

X2 1
≤ by (c) with t =
p≤x
p p

X1
=2 .
p≤x
p
!
X1 X1 X1
So log << . And since ∼ log(x), (a) gives us
n≤x
n p≤x
p n≤x
n
!
X1
log ∼ log log(x).
n≤x
n
X1 X 1
Hence log log(x) << which is sufficient to prove that diverges.
p≤x
p p prime
p

90
10.3. Euler’s Product Form Chapter 10. Euler’s Work

Next, we provide another proof of the divergence of the sum of reciprocals of primes. The
terminology loosely follows another paper by Euler, but we also employ series and product
notation.
X 1
Theorem 10.3.2. diverges.
p prime
p

X 1 ∞
X 1
Proof. Since s
< s
which converges, then
p prime
p n=1
n

1 1 1 X 1
A= + + + . . . =
2s 3s 5s p prime
ps
1 1 1 X 1
B = 2s + 2s + 2s + . . . =
2 3 5 p prime
p2s

etc. all converge for s > 1. Next, consider

∞
! −1 !
X 1 Y  1
log = log 1− s by Euler’s Product Form
n=1
ns p prime
p

X
− log 1 − p−s



=
p prime

∞
X X p−sn
= by power series for − log(1 − x)
p prime n=1
n

X∞ X p−sn
= we can switch order of summation since
n series is absolutely convergent
n=1 p prime

∞
!
X 1 X
= p−sn
n=1
n p prime

= A + 1/2B + 1/3C + 1/4D + . . .

Also note that

!
Y  ps 
A + 1/2B + 1/3C + . . . = log
p prime
ps − 1

ps
X  
= log .
p prime
ps − 1

Claim. 1/2B + 1/3C + 1/4D + . . . converges.

91
10.3. Euler’s Product Form Chapter 10. Euler’s Work

Proof. Consider the B term first:

∞
1 X −2s 1 X −2s
1/2B = p ≤ n
2 p prime 2 n=2

Z ∞
1 1
≤ dx
2 1 x2s
 ∞
1 1 −1
= ·
2 x2s−1 2s − 1 1
 
1 1
= .
2 2s − 1
1 X −ks 1
So 1/2B converges. Likewise, p ≤ by replacing 2 with k above. Also
k p prime k(ks − 1)
1 1
note that ≤ . Then we have
k(ks − 1) (k − 1)2
∞
X X
1/2B + 1/3C + 1/4D + ... = p−ns
n=2 p prime
∞
X 1
≤
n=2
n(ns − 1)
∞
X 1
≤
n=2
(n − 1)2
∞
X 1 π2
= 2
= .
n=1
n 6

Hence 1/2B + 1/3C + . . . converges as claimed.

Now, we showed that as s → 1+ , A + 1/2B + 1/3C + . . . diverges. And since we proved that
X 1
for any s, 1/2B + 1/3C + . . . converges, it must be that A diverges. Thus diverges.
p prime
p
 
X 1 
Our next goal is to show that  − log log(x) < 15 for x sufficiently large. Recall
 

p≤x
p 
that for s > 1,
∞
!
X 1 X 1 π2
0 < log 2
− s
< < 2.
n=1
n p prime
p 6
∞
1 X 1 1
Lemma 10.3.3. For s > 1, < s
< + 1.
s−1 n=1
n s−1

92
10.3. Euler’s Product Form Chapter 10. Euler’s Work

1
Proof. Let f (x) = . Then since f is monotone decreasing, the integral test gives us
xs
Z ∞ ∞
dx X 1
s
< s
.
1 x n=1
n
We know ∞
∞
x−s+1  −1
Z
dx 1
s
= = = .
1 x −s + 1 1
 −s + 1 s−1
Likewise, we can split off the first term of the series (since we can’t integrate → 0) to obtain
∞ Z ∞
X 1 dx 1
s
< s
+1 = + 1.
n=1
n 1 x s − 1
Thus we have the desired bound:
∞
1 X 1 1
< s
< + 1.
s−1 n=1
n s − 1

Corollary 10.3.4. For s > 1, 1 < (s − 1)ζ(s) < s.

Proof. Follows from Lemma 10.3.3.
  
 X 1 1 
Lemma 10.3.5.  − log  < 2 when s ∈ (0, 1/2).

 p s+1 s 
p prime

Proof. As noted on the previous page,

∞
!
X 1 X 1
−2 < − log < 0.
p prime
ps+1 n=1
n s+1

Furthermore, Lemma 10.3.3 gives us

∞
X 1 3
1 < s s+1
< s+1 <
n=1
n 2
∞
!  
X 1 3
⇒ 0 = log(1) < log(s) + log s+1
< log < log(e) = 1.
n=1
n 2
And by adding the two inequalities together, we get
∞
! ∞
!
X 1 X 1 X 1
−2 < s+1
+ log(s) − log + log < 1
p prime
p n=1
ns n=1
ns
X 1  
1
⇒ −2 < s+1
− log < 1 < 2.
p prime
p s
  
 X 1 1 
Thus  − log  < 2.

 p s+1 s 
p prime

93
10.3. Euler’s Product Form Chapter 10. Euler’s Work

The proof of the following theorem results from Euler and the Prime Harmonic Function,
by Paul Pollack at UGA.
 
X 1 
Theorem 10.3.6.  − log log(x) < 15 for sufficiently large x.
 
 p p≤x


Proof. Let λ(t) be a bounded function on [0, 1], x > e4 ≈ 80. Define
!
X 1 1  −1 
F (λ; x) = 1 λ p log(x) .
p prime
p p log(x)

Our road map is as follows:

X1
(1) Pick λ0 such that F (λ0 ; x) =
p≤x
p

(2) Find better λ’s that bound λ0 above and below

(3) Obtain bounds on F (λ0 ; x)
First, define (
1 1
t e
≤t≤1
λ0 (t) =
0 0 ≤ t < 1e .
−1 1
We calculate where p log(x) = by
e
−1 1
p log(x) =
e
1
p log(x) =e
1
log(p) = 1
log(x)
log(p) = log(x)
p = x.
( 1
 −1
 p log(x)0<p≤x
So λ0 p log(x) = Then we have
0 x < p.
!
X 1 1  −1 
F (λ0 ; x) = 1 λ0 p log(x)
p prime
p p log(x)

! !
X 1 1  1
 X 1 1
= 1 p log(x) + 1 ·0
p≤x
p p log(x) p>x
p p log(x)

X1
= .
p≤x
p

Consider λ0 (t); we will pick linear λU and λL to bound λ0 on the interval.

94
10.3. Euler’s Product Form Chapter 10. Euler’s Work

λL

1
λ0 λU

t
1
e 1

But first we need to bound F (λ; x) when λ is linear. Suppose λ(t) = a + bt. Then
!
X 1 1  −1 
F (λ; x) = 1 λ p log(x)
p prime
p p log(x)

! !
X 1 b
= 1 a+ 1
p prime p1+ log(x) p log(x)

X 1 X 1
=a 1
1+ log(x)
+b 1+ log(x) 2 .
p prime p p prime p

1 1 2
Notice that since x > e4 , log(x)
< 4
and log(x)
< 12 . So Lemma 10.3.5 gives us
   
 X 1  1
− log log(x) < 2 letting s =
 
1
log(x)
 1+
p prime p
 log(x) 

and     
 X 1 log(x) 2
− log <2 letting s = .
 
2
2 log(x)
 1+ log(x)

p prime p 

Now we can multiply through by a and b to get

X 1
−2|a| < a 1
1+ log(x)
− a log log(x) < 2|a|
p prime p
 
X 1 log(x)
−2|b| < b 2 − b log < 2|b|.
p prime p
1+ log(x) 2

And we can add the inequalities:

 
X 1 X 1 log(x)
−2(|a| + |b|) < a 1 +b 2 − a log log(x) − b log < 2(|a| + |b|)
p prime p1+ log(x) p prime p1+ log(x) 2

−2(|a| + |b|) < F (λ; x) − (a + b) log log(x) + b log(2) < 2(|a| + |b|).

95
10.3. Euler’s Product Form Chapter 10. Euler’s Work

Thus |F (λ; x) − (a + b) log log(x)| < 2(|a| + |b|) + |b| log(2) if λ is linear. Now we will pick
e 1
λU (t) = −et + (e + 1) and λL (t) = t− by our graph on the previous page. Notice
e−1 e−1
that both lines pass through (1, 1), so λU (1) = aU + bU = 1 and λL (1) = aL + bL = 1. Thus
by the bound on linear λ’s,

|F (λU ; x) − (a + b) log log(x)| < 2(|a| + |b|) + |b| log(2)

⇒ |F (λU ; x) − log log(x)| < 2(|e + 1| + | − e|) + | − e| log(2)
< 2(2e + 1) + e log(2)
< 12.88 + 1.885 < 15
⇒ F (λU ; x) < log log(x) + 15.

Likewise, the lower bound yields

|F (λL ; x) − (a + b) log log(x)| < 2(|a| + |b|) + |b| log(2)

     
 −1   e   e 
⇒ |F (λL ; x) − log log(x)| < 2    +   +  log(2)
e − 1 e − 1 e − 1
 
e+1 e
<2 + log(2)
e−1 e−1
< 4.33 + 1.097 < 15.

Hence F (λL ; x) > log log(x) − 15. Putting this together, we have

log log(x) − 15 < F (λL ; x) ≤ F (λ0 ; x) ≤ F (λU ; x) < log log(x) + 15,
X1
so |F (λ0 ; x) − log log(x)| < 15. But we determined that F (λ0 ; x) = so we can conclude
p≤x
p
that  
X 1 
− log log(x) < 15.
 
p

 
p≤x

The main result of this theorem is

X1
∼ log log(x).
p≤x
p

96
10.4. The Prime Number Theorem Chapter 10. Euler’s Work

10.4 The Prime Number Theorem

X1
In the Section 10.3, we proved that ∼ log log(x). Now define the “indicator function”
p≤x
p
γ by (
1 n prime
γ(n) =
0 n composite
for natural numbers n. Then
X γ(n) X1
=
n≤x
n p≤x
p
X γ(n)
⇒ ∼ log log(x).
n≤x
n

A natural question we can ask is: How often is γ(n) = 1? (i.e. How often is n prime?)
Consider Z x
log log(x) = f (t) dt
2

for some function f (t). Then

Z x
d d
log log(x) = f (t) dt
dx dx 2
1
= f (x).
x log(x)
Thus we have
X γ(n) Z x
1
∼ dt
n≤x
n 2 t log(t)
X γ(n) X 1
⇒ ∼ .
n≤x
n n≤x
n log(n)

1 γ(n) 1
This suggests that EV (γ(n)) = , and the ratio will converge to as n
log(n) n n log(n)
gets big.
X
Define π(x) to be number of primes p ≤ x. Then π(x) = γ(n). Furthermore, define
Z x n≤x
dt
the logarithmic integral by Li(x) = . Gauss conjectured that π(x) = Li(x), and
2 log(t)
while this is not stricly true, his intuition was correct that π(x) grows at about the same
rate as the logarithmic integral (i.e. they are asymptotic).
x
Lemma 10.4.1. Li(x) ∼ .
log(x)

97
10.4. The Prime Number Theorem Chapter 10. Euler’s Work

Proof. We will integrate by parts. Let

1
u = v=t
log(t)

−1
du = dv = dt.
t(log(t))2
Then
Z x x Z x Z x
dt t t x 2 dt
Li(x) = = + dt = − + .
2 log(t) log(t) 2 2 t(log(t))2 log(x) log(2) 2 (log(t))2
To integrate by parts again, let
1
u = v=t
(log(t))2

−2
du = dv = dt.
t(log(t))3
Then
  x Z x
x 2 t 2t
Li(x) = − + + dt
log(x) log(2) (log(t))2 2 2 t(log(t))3
Z x
x x dt
= + +c+2
log(x) (log(x))2 2 (log(t))3

x 3x
≤ + + c.
log(x) (log(x))2
x
And clearly ≤ Li(x) so we have
log(x)
x x 3x
≤ Li(x) ≤ + +c
log(x) log(x) (log(x))2

Li(x) 3 c log(x)
⇒ 1 ≤ x ≤ 1+ + .
log(x)
log(x) x

Thus as x → ∞ this becomes

Li(x) x
1 ≤ x ≤ 1+0+0 ⇒ Li(x) ∼ .
log(x)
log(x)

The Prime Number Theorem is perhaps the most important results from analytic number
theory. The theorem was proven separately by Hadamard and de LaValle-Poussin using
Riemann’s work on the zeta function.

98
10.4. The Prime Number Theorem Chapter 10. Euler’s Work

x
Theorem 10.4.2 (Prime Number Theorem). π(x) ∼ .
log(x)
On the previous page, we showed that
x
Li(x) ∼
log(x)

so one route to proving the Prime Number Theorem would be to show that π(x) ∼ Li(x),
which is of course much harder. Simple calculus shows that
x
≤ π(x) ≤ Li(x)
log(x) ↑
closer

and it turns out that

 
 x 
log π(x) −
 ∼ 2 log |Li(x) − π(x)| .
log(x) 
x √
Modern calculations also indicate that π(x) − ≈ x.
log(x)
Define the functions

π1 (x) = #p ≤ x such that p ≡ 1 (mod 4)

π3 (x) = #p ≤ x such that p ≡ 3 (mod 4).

Notice that 1+π1 (x)+π3 (x) = π(x), so at least one of these functions must diverge as x → ∞.

Questions:

ˆ Are π1 (x) and π3 (x) both infinite?

ˆ Calculations show that π1 (x) < π3 (x) for many x. Does this hold for all x?

Dirichlet’s Theorem: Take any n, a ∈ Z with gcd(a, n) = 1. Then there are an infinite
number of primes p ≡ a (mod n). (See Section 17.6.)

Corollary 10.4.3. For any relatively prime integers a, n, πa,n (x) equals the number of primes
p ≤ x such that p ≡ a (mod n) diverges to infinity as x gets big.

A special case of this is that π1 (x) and π3 (x) both diverge.

Corollary 10.4.4. If (a, n) = 1 and (b, n) = 1, then πa,n (x) ∼ πb,n (x).

99
Chapter 11

Complex Analysis

In this chapter we survey the basic results in complex analysis that will √
be useful in number
theory applications. Recall the definition of the imaginary number i = −1.

Definition. A complex number is a number of the form z = x + iy for x, y ∈ R. The set

of all complex numbers is denoted C.

These numbers lie on what is known as the complex plane, denoted C.

y
(x, y)

In this way we can view the real part x and the imaginary part y of x + iy separately.
The set of all complex numbers is denoted C, and they form an algebraic field under the
operations

ˆ Addition: (x1 , y1 ) + (x2 , y2 ) = (x1 + x2 , y1 + y2 ).

ˆ Scaling: k(x, y) = (kx, ky) where k is a real scalar.

ˆ Multiplication: (x1 , y1 )(x2 , y2 ) = (x1 x2 − y1 y2 , x1 y2 + x2 y1 ). Note that this multiplica-

tion differs from the usual multiplication on R, as in Euclidean geometry.

100
11.1. Arithmetic Chapter 11. Complex Analysis

11.1 Arithmetic
For a complex number z = x + iy we will denote the real and imaginary parts by x = Re(z)
and y = Im(z). As a vector space, C has the following special attributes for each vector
(complex number).

Definition.
p For a complex number z = x + iy, the modulus or absolute value of z is
|z| = x + y 2 and the complex conjugate of z is z̄ = x − iy.
2

Note that |z| and |z̄| are always equal. Geometrically, the modulus represents the distance
in the complex plane from the origin (0, 0) to (x, y).

Proposition 11.1.1. For z, w ∈ C,

(i) |zw| = |z| |w|.

(ii) zw = z̄ w̄.

Since C is a field, there is also a notion of divisibility for complex numbers. In particular
if x + iy, u + iv ∈ C and u + iv 6= 0, we define

x + iy xu + yv + i(yu − xv)
= .
u + iv u2 + v 2
x+iy
One can check that this is the appropriate formula by multiplying and dividing u+iv by the
conjugate u − iv.
As in the xy-plane, there is a polar coordinate system for complex

numbers: if z = x + iy
then we set r = |z|, x = r cos θ and y = r sin θ where θ = tan−1 xy . This gives us

z = |z|(cos θ + i sin θ).

Multiplication is compatible with polar representations, for if z = |z|(cos θ + i sin θ) and

w = |w|(cos ψ + i sin ψ) we have

zw = |z| |w|(cos θ + i sin θ)(cos ψ + i sin ψ)

= |z| |w|(cos θ cos ψ − sin θ sin ψ) + i(cos θ sin ψ + sin θ cos ψ)
= |z| |w|(cos(θ + ψ) + i sin(θ + ψ)).
|z|
Likewise, wz = |w| (cos(θ − ψ) + i sin(θ − ψ)).
Taking powers of complex numbers, e.g. z n , is sometimes difficult to compute, since
multiplication isn’t quite as straightforward in the complex plane. However, there is a result
which utilizes the polar representation of a complex number to simplify the expression.

Theorem 11.1.2 (De Moivre’s Theorem). For all integers n, (cos θ + i sin θ)n = cos(nθ) +
i sin(nθ).

101
11.1. Arithmetic Chapter 11. Complex Analysis

Proof. We prove this using induction on n. For the base case n = 1, we simply have
(cos θ + i sin θ)1 = cos θ + i sin θ.
Now assume De Moivre’s Theorem holds for n. Then we have
(cos θ + i sin θ)n+1 = (cos θ + i sin θ)n (cos θ + i sin θ)
= (cos(nθ) + i sin(nθ))(cos θ + i sin θ)
= (cos(nθ) cos θ − sin(nθ) sin θ) + i(sin θ cos(nθ) + cos θ sin(nθ))
= cos((n + 1)θ) + i sin((n + 1)θ).

Definition. When we write z = |z|(cos θ + i sin θ), the angle θ is called the argument of z,
denoted arg z.
We often want to restrict our attention to a single, canonical value of θ for any z. Thus
we define the principal argument θ = Arg z, where −π ≤ θ ≤ π.
Proposition 11.1.3. Arg(zw) = Arg z + Arg w, where these may differ by a multiple of 2π.
Example 11.1.4. Let z = −1 + i and w = i. Then zw = −1 − i, Arg(zw) = − 3π
4
and
3π π 5π 3π
Arg z + Arg w = + = ≡− mod 2π.
4 2 4 4
Continuing with the geometric parallels between Euclidean space and the complex plane,
we have the important triangle inequality for complex numbers:
|z + w| ≤ |z| + |w|.
There is also a related inequality, sometimes called the reverse triangle inequality:
||z| − |w|| ≤ |z − w|.
The original purpose of complex numbers was to compute roots of all polynomials, so
it will be desirable to be able to compute roots of complex numbers. In other words, if
w = |w|(cos ψ + i sin ψ), what is w1/n ? Let z = w1/n , so that z n = w. Then using De
Moivre’s Theorem (11.1.2) we have
|w|(cos ψ + i sin ψ) = (|z|(cos θ + i sin θ))n = |z|n (cos(nθ) + i sin(nθ)).
Solving for θ, we see that
ψ + 2πk
cos ψ = cos(nθ) =⇒ nθ = ψ + 2πk =⇒ θ =
n
for some integer k. Hence our expression for w1/n is
    
1/n 1/n ψ + 2πk ψ + 2πk
z = w = |w| cos + i sin .
n n
For the nth root of w, that is w1/n , this formula gives all possible roots. In fact there are n
distinct roots; all others are repeated values. p
Recall that the equation of a circle in R2 is (x − x0 )2 + (y − y0 )2 = r for r > 0. In the
complex plane, this is expressed by |z − z0 | = r.

102
11.2. Functions and Limits Chapter 11. Complex Analysis

11.2 Functions and Limits

e functions that have values in the complex plane.
Definition. A function of a complex variable z is a map f : D → C for some subset
D ⊆ C, i.e. f assigns a complex number to each z ∈ D.
Definition. The domain of a complex-valued function f is the set of all values z for which
the function operates; this is usually denoted D. The range is all possible values of the
function, denoted Im f or f (D).
Example 11.2.1. Let f (z) = z 2 . The domain of f is all of C, while the range of f is the
closed upper half plane {z ∈ C | Im(z) ≥ 0}.
y y

f
x x

1
Example 11.2.2. f (z) = z−1
has domain D = {z ∈ C | z 6= 1} and range f (D) = {z ∈ C |
z 6= 0}.
Definition. A sequence is a complex-valued function whose domain is the set of positive
integers, written (zn ) = (z1 , z2 , z3 , . . .) where each zi is a complex number.
Definition. A sequence (zn ) is said to have a limit L if, given any ε > 0 there is some
N ∈ N such that |zn − L| < ε for all n ≥ N . In this case we write lim zn = L and say that
n→∞
(zn ) converges to L. If no such L exists, then (zn ) is said to diverge.
The definitions of sequence and limit are nearly identical to their counterparts in real
analysis. However, in the complex plane every number has a real and an imaginary part.
The following proposition helps us relate the definition of a complex limit to its real and
imaginary parts.
Proposition 11.2.3. Let zn = xn + iyn and z = x + iy. Then lim zn = z ⇐⇒ lim xn = x
n→∞ n→∞
and lim yn = y.
n→∞

Proof. ( =⇒ ) If lim zn = z then the inequalities |xn − x| ≤ |zn − z| and |yn − y| ≤ |zn − z|
n→∞
directly imply that (xn ) and (yn ) converge to x and y, respectively.
( ⇒= ) On the other hand, suppose (xn ) → x and (yn ) → y. If ε > 0 is given, we may
choose N1 and N2 such that |xn − x| < 2ε for all n ≥ N1 and |yn − y| < 2ε for all n ≥ N2 . Let
N = max{N1 , N2 }. Then for all n ≥ N the triangle inequality gives us
ε ε
|zn − z| ≤ |xn − x| + |yn − y| < + = ε.
2 2
Hence (zn ) converges to z = x + iy.

103
11.2. Functions and Limits Chapter 11. Complex Analysis

As a result, we have
Corollary 11.2.4. If zn → z then |zn | → |z|.
The converse to this is generally false. For example, the sequence |in | converges to 1
since |in | = |i|n = 1n = 1 for all n; however, in = (i, −1, −i, 1, i, −1, . . .) and this fluctuates
infinitely often between these four values, so the sequence diverges.
Proposition 11.2.5. Suppose lim zn = z. Then
n→∞

(i) For any complex scalar k 6= 0, lim kzn = kz.

n→∞

1 1
(ii) If zn 6= 0 for any n and z 6= 0, then lim = .
n→∞ zn z
Proof. (i) Let ε > 0 be given. By convergence of (zn ) there exists a positive integer N such
ε
that |zn − z| < |k| . Then for all n ≥ N ,
ε
|kzn − kz| = |k| |zn − z| < |k| = ε.
|k|

Hence (kzn ) → kz.

|z|
(ii) First we can choose an N1 such that |zn − z| < 2
for all n ≥ N1 . Note that by the
reverse triangle inequality,
|z| |z|
|zn | ≥ |z| − |zn − z| > |z| − = .
2 2
We use this to control the |zn | term in the calculations below. Next for any ε > 0 there is an
2
N2 such that for all n ≥ N2 , |zn − z| < |z|2 ε . Let N = max{N1 , N2 }. Then for any n ≥ N ,
2
   
 − 1  =  z − zn  = |zn − z| ≤ 2 1 |zn − z| < 2 |z| ε = ε.
1   
 zn z   zn z  |zn | |z| |z| |z| |z|2 2
 
Hence z1n → z1 .

This shows that limits of complex sequences behave as expected (by which we mean they
behave as their counterparts do in the real case). We also have
Theorem 11.2.6. If (zn ) converges to z and (wn ) converges to w, then the sequence (zn wn )
converges to zw.
Definition. Given a function f (z) with domain D and a point z0 either in D or in the
boundary ∂D of D, we say f has a limit at z0 if

lim f (z) = L
z→z0

for some L ∈ C. Explicitly, f (z) has limit L at z0 if for every ε > 0 there exists a δ > 0
such that 0 < |z − z0 | < δ implies |f (z) − L| < ε.

104
11.2. Functions and Limits Chapter 11. Complex Analysis

Definition. f (z) is continuous at a point z0 in its domain if lim f (z) exists and it equals
z→z0
f (z0 ). In particular, f (z) is continuous if for every ε > 0 there exists a δ > 0 such that if
|z − z0 | < δ then |f (z) − f (z0 )| < ε.
Example 11.2.7. The function f (z) = |z|2 is continuous on its domain C. For example, f (z)
has limit 4 at z0 = 2i. To see this, let ε > 0 and define δ1 = 1, δ2 = 5ε and δ = min{δ1 , δ2 }.
Note that by the reverse triangle inequality, |z| ≤ |z − 2i| + |2i| < 1 + 2 = 3; we will use this
below. Then if 0 < |z − 2i| < δ we have

|f (z) − f (2i)| = ||z|2 − 4|

= ||z| + 2| · ||z| − 2|
= (|z| + 2)|z − 2i|
ε
< (3 + 2) = ε.
5
Hence lim f (z) = 4 as claimed.
z→2i

z
Example 11.2.8. Consider the function f (z) = where z = x + iy 6= 0 and z̄ = x − iy, its
z̄
complex conjugate. Does lim f (z) exist? Well consider this limit along two different paths
z→0
in the complex plane:
0 + iy
lim f (z) = = −1
(x,y)→(0,y) 0 − iy
x + i0
lim f (z) = = 1.
(x,y)→(x,0) x − i0
z
Since these limits are different, the limit of the function must not exist. Hence is not
z̄
continuous at z0 = 0.
Definition. A function f (z) has a limit at infinity, denoted lim f (z) = L, if for any
z→∞
ε > 0 there is a (large) number M such that |f (z) − L| < ε whenever |z| ≥ M . Note that
there is no restriction on arg z; only |z| is required to be large.
Example 11.2.9. The family of functions f (z) = z1m has a limit L = 0 as z → ∞ for all
1
m = 1, 2, 3, . . .. To see this, let ε > 0 and choose M = ε1/m . Then if |z| ≥ M ,
   m  m
 1 
 = 1 ≥
1
= (ε1/m )m = ε.
 zm  |z| M
By properties of limits, we have
Proposition 11.2.10.
1) Every polynomial p(z) = a0 + a1 z + . . . + an z n is continuous on the complex plane.
p(z)
2) If p(z) and q(z) are polynomials, then their quotient q(z)
is continuous at all points such
that q(z) 6= 0.

105
11.2. Functions and Limits Chapter 11. Complex Analysis

Every complex-valued function f (z) can be written as f (z) = u(z) + iv(z), where u and
v are each real-valued functions. This allows us to view every complex function by its real
and imaginary parts. It is easy to see that all of the results on continuity for functions of
the real numbers now apply for complex-valued functions. In particular,
Proposition 11.2.11. Let f = u + iv be a complex-valued function. Then f is continuous
at z0 if and only if u and v are both continuous at z0 .
n
X
Definition. For complex numbers z1 , z2 , . . . their nth partial sum is zj = z1 + . . . + zn .
j=1

Definition. An infinite series of complex numbers is a limit of partial sums

∞
X n
X
zj = lim zj .
n→∞
j=1 j=1
n
X
Definition. We say an infinite series of partial sums sn = zj converges if s = lim sn
n→∞
j=1
exists. Otherwise, the series diverges.
In the complex case, we can write each zj = xj + iyj so every infinite series may be
written as the sum of a real and imaginary series:
∞
X ∞
X ∞
X
zj = xj + i yj .
j=1 j=1 j=1
P P P
As with functions, the series zj converges if and only if xj and yj converge. In other
words, lim sn only converges when lim xn and lim yn both exist.
n→∞ n→∞ n→∞
∞
X ∞
X ∞
X
Definition. A series zj has absolute convergence if |zj | converges. If zj con-
j=1 j=1 j=1
verges but the absolute series does not converge, we say the series converges conditionally.
X∞ ∞ X∞
P
Notice that if zj converges (absolutely) then both xj and yj converge (abso-
j=1 j=1 j=1
lutely) as well. The triangle inequality for series looks like
 
X∞  X ∞
zj  ≤ |zj |.
 

 
j=1 j=1

Recall from single-variable calculus the exponential function ex . This function has many
definitions, with the two most important being
 x t
ex = lim 1 +
t→∞ t
Xx∞ n
and ex = .
n=1
n!
In complex analysis, we define

106
11.2. Functions and Limits Chapter 11. Complex Analysis

Definition. For z = x + iy, the complex exponential function ez is defined by

ez = ex (cos y + i sin y).

The special case eit = cos t + i sin t is called Euler’s formula. Euler was the first to
realize the connection between the exponential function and sine and cosine. This amazing
identity, called “the most remarkable formula in mathematics” by Feynman, has been around
since 1748 and has far-reaching implications in many branches of mathematics and physics.
The following proposition shows that this definition captures all of the nice properties of
ex from the real case. We will see in a moment that in the complex plane, the exponential
function has even deeper properties and an essential connection to the geometry of C.

Proposition 11.2.12. For complex numbers z and w,

(a) ez+w = ez ew .

(b) 1
ez
= e−z .

(c) ez+2πi = ez , that is, the complex exponential function is periodic with period 2πi.

(d) If z = x + iy, |ez | = ex and therefore |eiy | = 1.

(e) ez 6= 0 for any z ∈ C.

Proof. (a) Let z = x + iy and w = x0 + iy 0 . Then

0 0 0
ez+w = e(x+x )+i(y+y ) = ex+x (cos(y + y 0 ) + i sin(y + y 0 ))
0
= ex ex (cos y + i sin y)(cos y 0 + i sin y 0 ) = ez ew

(the last part uses a trick similar to the one used in the proof of De Moivre’s Theorem
(11.1.2)).
(b) follows from (a) and trig properties.
(c) follows directly from the definition of ez .
(d) follows from the fact that for any θ, | cos θ + i sin θ| = 1.
(e) By part (d), |ex+iy | = ex , and x is real so ex is always nonzero. Therefore |ez | 6= 0
which implies ez 6= 0.
Note that part (c) of Proposition 11.2.12 implies that f (z) = ez is not a one-to-one
function on the complex plane. This is unfortunate, since that was one of the nice attributes
of ex in the real case, as it allowed us to define an inverse, the logarithm log x. We next
show how to construct a partial solution to this problem.
Let w = ex+iy . We seek a function F such that F (w) = x + iy and eF (x+iy) = x + iy.
Note that since |w| = ex and these are real numbers, we have x = ln |w|. This allows us to
define

Definition. The formal logarithm is written log z = ln |z| + i arg z.

107
11.2. Functions and Limits Chapter 11. Complex Analysis

This is not a function (meaning it is not well-defined), since arg z represents a set of
values which differ by 2kπ for integers k.
We remedy this by making branch cuts of the complex plane. This is done by taking
a ray from the origin, say with angle θ and defining the branch (θ, θ + 2π] so that log z is
well-defined on this domain. The most important branch is

Definition. Let Arg z denote the argument of z in the branch (−π, π]; this is called the
principal branch. Then we define the principal logarithm by

Log z = ln |z| + i Arg z.

Proposition 11.2.13. On the principal branch, Log ez = eLog z = z.

Proof. Let z = x + iy with Arg z = θ ∈ (−π, π]. Then on one hand,

Log ez = ln |ez | + i Arg ez = ln ex + iy = x + iy = z

and on the other hand,

eLog z = eln |z|+i Arg z = eln |z| (cos θ + i sin θ) = |z|(cos θ + i sin θ) = z.

Note that these require that we restrict our attention to a single branch (it may not even be
the principal branch) for the expressions to be well-defined.
Recall that f (z) = u(z) + iv(z) is continuous if and only if u and v are continuous. Well
Arg z has no limit at values along the negative real axis. Therefore Log z is not continuous at
any point Re(z) ≤ 0. However, making a different branch cut allows us to define a function
with different continuity.
As in the real case, exponentials for bases other than e are permitted. They relate to the
logarithm by
az = ez log a
where log a is defined on a fixed branch of the logarithm.
The complex trigonometric functions are defined in terms of ez .

Definition. The complex cosine and complex sine functions are defined by

cos z = 21 (eiz + e−iz ) and sin z = 1

2i
(eiz − e−iz ).

Note that the complex trig functions coincide with their real counterparts, for if x ∈ R
we have
1 ix
2
(e + e−ix ) = 12 (cos x + i sin x + cos(−x) + i sin(−x))
= 21 (cos x + i sin x + cos x − i sin x) = cos x
and 1
2i
(eix − e−ix ) = 1
2i
(cos x + i sin x − (cos(−x) + i sin(−x)))
1
= 2i
(cos x + i sin x − cos x + i sin x) = sin x.

108
11.2. Functions and Limits Chapter 11. Complex Analysis

The complex cosine and sine functions are also periodic, with period 2π like the real-valued
cosine and sine. Using the fact that ez is periodic, we can write

cos(z + 2π) = 21 (ei(z+2π) + e−i(z+2π) )

= 21 (eiz e2πi + e−iz e−2πi )
= 12 (eiz + e−iz ) = cos z
and sin(z + 2π) = 1
2i
(ei(z+2π) − e−i(z+2π) )
= 1
2i
)(eiz e2πi − e−iz e−2πi )
= 1
2i
(eiz − e−iz ) = sin z.

Many other properties of the real trig functions carry over the complex case. Just to name
a few,

(a) cos(−z) = cos z and sin(−z) = − sin z

(b) sin z + π2 = cos z and cos z + π2 = − sin z

(c) sin(z + w) = sin z cos w + cos z sin w

(d) cos(z + w) = cos z cos w − sin z sin w

(e) cos2 z + sin2 z = 1

(f) cos2 z − sin2 z = cos(2z)

(g) When we define the derivative of a complex-valued function in Section 11.4, we will
see that the derivatives of cos z and sin z are similar to the real case.

109
11.3. Line Integrals Chapter 11. Complex Analysis

11.3 Line Integrals

If f : [a, b] → C is a complex-valued function which is continuous on some interval [a, b]
where a, b ∈ R, then the integral of f over [a, b] is simply
Z b Z b Z b
f (t) dt = Re(f (t)) dt + i Im(f (t)) dt.
a a a

For functions that take on values over some region in the complex plane, we integrate over
curves.

Definition. Let f (z) be a complex-valued function which is continuous on some region D ⊆

C and let γ be a smooth curve contained in D that is parametrized by γ(t), a ≤ t ≤ b. Then
the line integral of f over γ is
Z Z b
f (z) dz = f (γ(t))γ 0 (t) dt.
γ a

a
γ(t)

Remember that a curve is smooth if its first derivative γ 0 (t) exists and is continuous on
[a, b]. Since the curves are all functions on a real interval [a, b], we need not worry about
complex derivatives yet; γ 0 (t) is just the first derivative in the normal sense. Some important
examples of parametrizations in the complex plane are

Example 11.3.1. A curve γ is simple if γ(t1 ) 6= γ(t2 ) whenever a < t1 < t2 < b. In plain
language, a simple curve does not intersect itself; it is an embedding of the interval [a, b] into
C. The easiest simple curve to parametrize is a line:

z1
z0 γ

If γ is the line between z0 and z1 , then we parametrize it by γ(t) = z0 + t(z1 − z0 ) for

0 ≤ t ≤ 1.

110
11.3. Line Integrals Chapter 11. Complex Analysis

Example 11.3.2. A curve γ is closed if γ(a) = γ(b), i.e. it starts and ends in the same
location. The canonical example of a simple closed curve is a circle:
γ

r
z0

This is parametrized by γ(t) = z0 + reit for 0 ≤ t ≤ 2π.

Z
Example 11.3.3. Let’s compute the line integral z 2 dz over the line from (0, 0) to (2, 3)
γ
in the complex plane.

z1 = 2 + 3i
γ

z0 = 0 + 0i

We parametrize the curve by γ(t) = 2t + 3it, 0 ≤ t ≤ 1. Then using the formula above, we
compute
Z Z 1 Z 1
2 2 0
z dz = γ(t) γ (t) dt = (2t + 3it)2 (2 + 3i) dt
γ 0 0
Z 1 Z 1
2 2 2
= (4t − 9t + 12it )(2 + 3i) dt = (−5t2 + 12it2 )(2 + 3i) dt
0 0
Z 1 1
46  1 46
= (−46t2 + 9it2 ) dt = − t3  + 3it3 0 = − + 3i.
0 3 0 3
Example 11.3.4. Just as reversing the order of a and b in a real integral changes the integral
by −1, one can reverse the orientation of a smooth curve γ to switch the sign of the line
integral along γ. Let −γ denote the curve γ with orientation reversed. Then
Z Z
f (z) dz = − f (z) dz.
−γ γ

Definition. The length of a curve γ is given by the integral

Z b Z bp
0
|γ (t)| dt = x0 (t)2 + y 0 (t)2 dt
a a

where γ(t) = x(t) + iy(t), a ≤ t ≤ b is a parametrization of γ.

111
11.3. Line Integrals Chapter 11. Complex Analysis

Example 11.3.5. Let γ be the unit circle, which has the parametrization γ(t) = eit , 0 ≤
t ≤ 2π. Let’s verify the circumference of the circle with the formula for the length of γ:
Z 2π Z 2π Z 2π
0 it
|γ (t)| dt = |ie | dt = dt = 2π.
0 0 0

The next proposition contains some useful properties of the line integral.

Proposition 11.3.6. Suppose γ is a smooth curve and f and g are continuous, complex-
valued functions on a domain containing γ.
Z Z Z
(a) (f (z) + g(z)) dz = f (z) dz + g(z) dz.
γ γ γ
Z Z
(b) For any c ∈ C, cf (z) dz = c f (z) dz.
γ γ

(c) If τ is a curve whose initial point is the terminal point of γ, then γτ is defined to be
the curve obtained by following γ and then τ . The integral over γτ is given by
Z Z Z
f (z) dz = f (z) dz + f (z) dz.
γτ γ τ

Z 
 
(d)  f (z) dz  ≤ max |f (z)| · length(γ).
γ z∈γ

112
11.4. Differentiability Chapter 11. Complex Analysis

11.4 Differentiability
z
Recall that the function f (z) = is not continuous at z0 = 0. This points to the fact
z̄
that complex functions are somehow different than their real brethren, and in particular the
convergence of a function in C is much stronger than convergence in R.

Definition. The derivative of a complex function f (z) at a point z0 ∈ C is defined by

f (z0 + h) − f (z0 ) f (z) − f (z0 )

f 0 (z0 ) = lim = lim .
h→0 h z→z0 z − z0
If these limits exist, we say f (z) is differentiable at z0 .

This definition is the same as in the real case, although as discussed above the notion of
a limit is much stronger in C. In the complex world, we have a further notion of differentia-
bility:

Definition. A complex function f (z) is holomorphic at z0 ∈ C if f (z) is differentiable on

some open disk centered at z0 . Functions which are holomorphic on the whole complex plane
C are called entire.

Example 11.4.1. Many familiar functions from real analysis have the same derivative in
the complex plane. For example, f (z) = z 2 has derivative 2z which may be confirmed by
computing either of the above limits. In fact this holds for all z ∈ C so z 2 is an entire
function.

Example 11.4.2. Complex conjugation is not differentiable at any z0 ∈ C since

z̄ − z̄0 z − z0 z̄
lim = lim = lim
z→z0 z − z0 z→z 0 z − z0 z→0 z
does not exist as we have seen.

Most of the nice properties of real derivatives carry over to the complex place.

Proposition 11.4.3. Let f and g be differentiable at z ∈ C.

(a) (f (z) + g(z))0 = f 0 (z) + g 0 (z).

(b) For any c ∈ C, (cf )0 (z) = cf 0 (z).

(c) (f g)0 (z) = f 0 (z)g(z) + f (z)g 0 (z).

0
f 0 (z)g(z) − f (z)g 0 (z)

f (z)
(d) If g(z) 6= 0 then = .
g(z) g(z)2
(e) (z n )0 = nz n−1 . In particular this means that polynomials are entire.

(f ) If g is differentiable at f (z) then (g(f (z)))0 = g 0 (f (z))f 0 (z).

113
11.4. Differentiability Chapter 11. Complex Analysis

The fundamental property in this section is a pair of equations called the Cauchy-
Riemann Equations, which relate the derivative f 0 (z) to the partial derivatives with respect
to the real and imaginary parts of z.
Theorem 11.4.4 (Cauchy-Riemann Equations). Let f (z) = u(x, y) + iv(x, y) be a complex
function which is continuous at z0 = x0 + iy0 . Then f (z) is differentiable at z0 if and only
if the partial derivatives ∂u , ∂u , ∂v and ∂y
∂x ∂y ∂x
∂v
exist, are continuous and satisfy

∂u ∂v ∂u ∂v
= and =−
∂x ∂y ∂y ∂x
on some neighborhood of z0 .
Proof. ( =⇒ ) If f (z) is differentiable at z0 = x0 + iy0 then

f (z0 + h) − f (z0 )
f 0 (z0 ) = lim .
h→0 h
First consider approaching z along the line (x0 + h) + iy0 :

f ((x0 + h) + iy0 ) − f (x0 + iy0 ) u(x0 + h, y0 ) + iv(x0 + h, y0 ) − u(x0 , y0 ) − iv(x0 , y0 )

lim = lim
h→0 h h→0 h
u(x0 + h, y0 ) − u(x0 , y0 ) v(x0 + h, y0 ) − v(x0 , y0 )
= lim +i
h→0 h h
∂u ∂v
= +i = f 0 (z0 ).
∂x ∂x
Next, approach along x0 + i(y0 + h):

f (x0 + i(y0 + h)) − f (x0 + iy0 ) u(x0 , y0 + h) + iv(x0 , y0 + h) − u(x0 , y0 ) − iv(x0 , y0 )

lim = lim
ih→0 ih ih→0 ih
u(x0 , y0 + h) − u(x0 , y0 ) v(x0 , y0 + h) − v(x0 , y0 )
= lim +i
h→0 ih ih
1 ∂u ∂v ∂v ∂u
= + = −i = f 0 (z0 ).
i ∂y ∂y ∂y ∂y
Setting these two expressions for f 0 (z0 ) equal gives the result, since the real and imaginary
parts of the resulting expression must be equal.
( ⇒= ) The converse requires a little more care. We will show that f (z) is differentiable
at z0 with derivative f 0 (z0 ) = ∂f (z ) = ∂u
∂x 0
∂v
(z ) + i ∂x
∂x 0
(z0 ). We first break up the difference
quotient, using h = hx + ihy :

f (z0 + h) − f (z0 ) f (z0 + h) − f (z0 + hx ) + f (z0 + hx ) − f (z0 )

=
h h
f (z0 + hx + ihy ) − f (z0 + hx ) f (z0 + hx ) − f (z0 )
= +
h h
hy f (z0 + hx + ihy ) − f (z0 + hx ) hx f (z0 + hx ) − f (z0 )
= · + · .
h hy h hx

114
11.4. Differentiability Chapter 11. Complex Analysis

Elsewhere, we have
∂f hy ∂f hx ∂f
(z0 ) = · (z0 ) + · (z0 ).
∂x h ∂y h ∂x
Now we subtract these two expressions and take a limit, which gives
  
f (z0 + h) − f (z0 ) ∂f hy f (z0 + hx + ihy ) − f (z0 + hx ) ∂f
lim − (z0 ) = lim − (z0 )
h→0 h ∂x h→0 h hy ∂y
  
hx f (z0 + hx ) − f (z0 ) ∂f
+ lim − (z0 ) .
h→0 h hx ∂x

If we can show that the limits on the right are both 0, then we’re done. The ratios hhx and
hy
h
are both bounded by the triangle inequality, so it suffices to prove the the expressions in
parentheses tend to 0. The second term goes to 0 since by definition,
∂f f (z0 + hx ) − f (z0 )
(z0 ) = lim .
∂x hx →0 hx
The other expression is more problematic, since it involves both hx and hy . However, the
Mean Value Theorem from real analysis gives us real numbers 0 < a, b < 1 such that
u(x0 + hx , y0 + hy ) − u(x0 + hx , y0 )
= uy (x0 + hx , y0 + ahy )
hy
v(x0 + hx , y0 + hy ) − v(x0 + hx , y0 )
and = vy (x0 + hx , y0 + bhy ).
hy
Substituting these expressions into the first term above gives us
f (z0 + hx + ihy ) − f (z0 + hx ) ∂f
− (z0 ) = uy (x0 + hx , y0 + ahy ) + ivy (x0 + hx , y0 + bhy )
hy ∂y
− uy (x0 , y0 ) − ivy (x0 , y0 )
= (uy (x0 + hx , y0 + ahy ) − uy (x0 , y0 ))
+ i(vy (x0 + hx , y0 + bhy ) − vy (x0 , y0 )).

Finally, these two pieces each tend to 0 since uy and vy are assumed to be continuous at
z0 = x0 + iy0 . This finishes the proof.
Example 11.4.5. Consider f (z) = Log z using the principal branch D as its domain. We
may write this as

f (z) = ln |z| + i Arg z = 21 ln(x2 + y 2 ) + i arctan xy .

So one sees that u(x, y) = 12 ln(x2 + y 2 ) and v(x, y) = arctan xy . We calculate the partials:

x y 1 −y
ux = vx = −
2 = 2
x2 + y2 2
x 1+ y x + y2
x
y 1 1 x
uy = vy = 2 = .
x2 + y 2 x 1+ y x2 + y 2


x

115
11.4. Differentiability Chapter 11. Complex Analysis

Hence ux = vy and uy = −vx so f (z) satisfies the Cauchy-Riemann equations on D, meaning

it is differentiable. Moreover, we can write its derivative as
x y x − iy z̄ 1
f 0 (z) = ux + ivx = −i 2 = 2 = 2 = .
x2 +y 2 x +y 2 x +y 2 |z| |z|
∞
X 1
Example 11.4.6. The zeta function converges absolutely for Re(s) > 1. In fact, it
n=1
ns
is holomorphic when Re(s) > 1. There is another function that is an analytic continuation
of ζ(s) on all of C r {1}.
Note: sometimes functions have “functional equations”, e.g. − sin(−z) = sin(z). Suppose
f (z) is analytic for Re(z) > a and f ∗ (z) is an analytic continuation of f (z) on C, and f ∗ (z)
has a functional equation that relates values of f ∗ (z) on Re(z) < a to values on Re(z) > a.
Then this functional equation can give us information for f (z) on “bad” domains.
Example 11.4.7. For the zeta function, we will prove that there is a function ξ(s) = g(s)ζ(s)
that is analytic on Re(s) > 1,
which has an analytic continuation
ξ ∗ (s) = ξ ∗ (1 − s).
evaluate ξ ∗ (s)
using ξ ∗ (1−s)
ξ(s) well-defined
no info

Re(s) = 1/2

Definition. A power series is an infinite series of the form

∞
X
an (z − z0 )n .
n=0

Such a series is said to be centered about z0 .

Example 11.4.8. Power series are really a generalization of a geometric series
∞
X
zn
n=0

1
centered about z0 = 0, where all the coefficients are 1. This series converges to exactly
1−r
when |z| < 1. We will see that power series behave in similar ways, and when they converge,
they converge to complex functions that we may be interested in.

116
11.4. Differentiability Chapter 11. Complex Analysis

∞
X
For a power series an (z − z0 )n we have three cases for convergence:
n=0

(1) The series only converges at z = z0 . In this case, the radius of convergence of the
series is 0.
(2) The series converges for all z in a disc of finite radius R centered at z0 .
(3) The series converges for all z ∈ C, in which case we say the series has an infinite radius
of convergence.
A power series with positive or infinite radius of convergence represents a function that is
holomorphic within the disc of convergence of the series. This is one of the most important
facts in complex analysis, so we take a moment to formalize it here.
∞
X
Theorem 11.4.9. Suppose an (z − z0 )n has a positive or infinite radius of convergence
n=0
R. Then it represents a function f (z) which is holomorphic on D = {z ∈ C : |z − z0 | < R}.
Now that we know that power series are holomorphic (differentiable) on their discs of
convergence, we can take derivatives.
∞
X
Theorem 11.4.10. Suppose an (z − z0 )n has a positive or infinite radius of convergence
n=0
R. Then its derivative is also a power series:
∞
X
0
f (z) = nan (z − z0 )n−1
n=1

which has radius of convergence R.

This can be applied repeatedly to obtain the Taylor series expansion of f (z) about z0 :
∞
X f (n) (z0 )
f (z) = (z − z0 )n .
n=0
n!

Example 11.4.11. The Taylor series for the exponential function is

∞
z
X zn
e = .
n=0
n!

Using the formulas for cos z and sin z from Section 11.2, we can derive their Taylor series as
well:
∞
X (−1)n
cos z = (z − z0 )2n
n=0
(2n)!
∞
X (−1)n
sin z = (z − z0 )2n+1 .
n=0
(2n + 1)!

117
11.5. Integration in the Complex Plane Chapter 11. Complex Analysis

11.5 Integration in the Complex Plane

We now arrive at a theorem of central importance in complex analysis. The statement of the
theorem is simple, but as we will see, this result has far-reaching implications in the complex
world.
Theorem 11.5.1 (Cauchy’s Theorem). Let f (z) be a complex function that is holomorphic
on domain D, and suppose γ is any piecewise smooth, simple, closed curve in D. Then
Z
f (z) dz = 0.
γ

Proof. By assumption f 0 (z) is continuous on D and γ has interior Ω within D. We compute

Z Z Z
f (z) dz = (u + iv)(dx + i dy) = (u dx − v dy + i(v dx + u dy))
γ
Zγ Z γ

= (u dx − v dx) + i (v dx + u dy)
ZγZ γ
ZZ
= (−vx − uy ) dxdy + i (ux − vy ) dxdy by Green’s Theorem
ZZ Ω ZZ Ω

= (−vx + vx ) dxdy + i (ux − ux ) dxdy by Cauchy-Riemann equations

Ω Ω
= 0 + i0 = 0.

Some immediate consequences of Cauchy’s Theorem are

Corollary 11.5.2 (Independence of Path). If γ1 and γ2 are curves with the same initial and
terminal points lying in a domain on which f (z) is holomorphic, then
Z Z
f (z) dz = f (z) dz.
γ1 γ2

Corollary 11.5.3 (Deformation of Path). Suppose γ1 and γ2 are two simple, closed curves
with the same orientation, with γ2 lying on the interior of γ1 .

γ2

γ1

If f (z) is holomorphic on the region between γ1 and γ2 then

Z Z
f (z) dz = f (z) dz.
γ1 γ2

118
11.5. Integration in the Complex Plane Chapter 11. Complex Analysis

Corollary 11.5.4 (Fundamental Theorem of Calculus). If f (z) is holomorphic on a simply-

connected domain D, then there is a holomorphic function F satisfying
Z
F (z) = f (z) dz
γ

for any γ lying in D. Equivalently, F satisfies F 0 (z) = f (z) on all of D.

Theorem 11.5.5 (Cauchy’s Integral Formula). Suppose f is holomorphic on a domain D

and γ is a simple closed curve on D, with positive orientation and interior Ω. Then for all
z ∈ Ω, Z
1 f (ζ)
f (z) = dζ.
2πi γ ζ − z

C D
z0

Ω
γ

Proof. Fix z ∈ Ω and let C be a circle with center z contained in Ω. Note that for any
f (ζ)
z ∈ D, is holomorphic on D r {z}. By deformation of path,
ζ −z
Z Z
1 f (ζ) 1 f (ζ)
dζ = dζ.
2πi γ ζ − z 2πi C ζ − z

We parametrize C by z + reit for 0 ≤ t ≤ 2π and write

Z 2π
f (z + reit )
Z
1 f (ζ) 1
dζ = ireit dt
2πi C ζ − z 2πi 0 reit
Z 2π
1
= f (z + reit ) dt.
2π 0

Now take the limit as r → 0. Since f (z) is continuous, we can bring the limit inside the
integral: Z 2π Z 2π
1 it 1
lim f (z + re ) dt = f (z) dt.
r→0 2π 0 2π 0
Notice that f (z) doesn’t depend on t, so we can integrate this easily and see that it equals
f (z). This proves the theorem.

119
11.5. Integration in the Complex Plane Chapter 11. Complex Analysis

The next theorem shows that Cauchy’s Integral Formula is intimately related to complex
power series.
Theorem 11.5.6. Let f be holomorphic on a domain D and suppose z0 is a point in D such
that the circle |z − z0 | < R for some real R lies in D. Let γ be a simple closed curve lying
within this circle and containing z0 on its interior. Then
∞ Z
X
k 1 f (ζ)
f (z) = ak (z − z0 ) where ak = dζ
k=0
2πi γ (ζ − z0 )k+1

Proof. Let ∆ = {z : |z − z0 | < R}. By deformation of path, it suffices to consider when γ is

a circle. For a fixed r < R, we take γ to be the positively-oriented circle γ : |z − z0 | = r. By
Cauchy’s Integral Formula (11.5.5),
Z
1 f (ζ)
f (z) = dζ
2πi γ ζ − z
for any z on the interior of γ. For any one of these z’s, let s = |z −z0 | so that s < r. Consider
1 1 1 1
= = · .
ζ −z (ζ − z0 ) − (z − z0 ) ζ − z0 1 − z−z
ζ−z0
0

|z − z0 | s
Note that = < 1. This allows us to introduce the series as a convergent geometric
|ζ − z0 | r
series: ∞  k
1 1 X z − z0
= .
ζ −z ζ − z0 k=0 ζ − z0
Using this and the expression given by Cauchy’s integral formula above, we are able to write
Z
1 f (ζ)
f (z) = dζ
2πi γ ζ − z
∞  k
f (ζ) X z − z0
Z
1
= dζ
2πi γ ζ − z0 k=0 ζ − z0
∞ Z
1 X k f (ζ)
= (z − z0 ) k+1
dζ.
2πi k=0 γ (ζ − z0 )

Corollary 11.5.7. If f (z) is holomorphic on D, f has derivatives of all orders on D and

each derivative is holomorphic on D.
Proof. By Theorem 11.5.6, f (z) can be written as a power series with positive radius of
convergence,
∞ Z
X
k 1 f (ζ)
f (z) = ak (z − z0 ) with ak = k+1
dζ,
k=0
2πi γ (ζ − z0)

for some γ about z0 . We will see below that we can differentiate (and antidifferentiate) power
series, so f (z) is infinitely differentiable on the region of convergence of the power series.

120
11.5. Integration in the Complex Plane Chapter 11. Complex Analysis

Theorem 11.5.6 suggests a powerful connection between power series and holomorphic
functions in the complex plane. In this section we prove that every power series represents
a holomorphic function on its region of convergence and every holomorphic function has a
power series representation on its domain. First, we need a converse to Cauchy’s Theorem
(11.5.1).
Theorem 11.5.8 (Morera’s Theorem). Suppose f (z) is continuous on a domain D and
Z
f (z) dz = 0
γ

for all smooth, closed curves γ in D. Then f is holomorphic on D.

Proof. We may assume D is connected; otherwise the proof
Z can be repeated on each con-
nected component of D. Fix z0 ∈ D and define F (z) = f (ζ) dζ where γ is any smooth
γ
curve connecting z0 and z. By independence of path, F (z) is well-defined for all z ∈ D. Since
all closed curves γ give F = 0 and f (z) is continuous, it follows that F 0 (z) = f (z), that is, F
is an antiderivative of f . Then F (z) is holomorphic on D, which by Corollary 11.5.7 implies
that f (z) is also holomorphic on D.
We prove the first direction of the power series-holomorphic function connection below.
∞
X
Theorem 11.5.9. Suppose f (z) = ak (z − z0 )k has a positive radius of convergence R.
k=0
Then f is a holomorphic function on the domain D = {z ∈ C : |z − z0 | < R}.
Proof. Given any closed curve γ in D,
Z X∞
ak (z − z0 )k dz = 0
γ k=0

by continuity of the power series on its region of convergence. Then Morera’s Theorem says
that f (z) is holomorphic on D.
Now we know that power series are differentiable on their region of convergence. The
next result says that we can differentiate power series term-by-term, just as in the real case.
∞
X
Theorem 11.5.10. Suppose f (z) = ak (z − z0 )k has positive radius of convergence R.
k=0
Then f (z) is differentiable with
∞
X
0
f (z) = kak (z − z0 )k−1
k=1

which also has radius of convergence R.

We can repeatedly apply Theorem 11.5.10 to subsequent derivatives of f to obtain a
statement of Taylor’s Theorem for complex functions:

121
11.5. Integration in the Complex Plane Chapter 11. Complex Analysis

∞
X
Theorem 11.5.11. Suppose f (z) = ak (z − z0 )k has a positive radius of convergence.
k=0
Then
f (k) (z0 )
ak = .
k!
We now turn to the other connection between holomorphic functions and power series.
Well actually, we have already proven (Corollary 11.5.7) that holomorphic functions have
power series representations, which we recall here.

Theorem 11.5.12. Let f be holomorphic on a domain D. Then

∞ Z
X
k 1 f (ζ)
f (z) = ak (z − z0 ) for ak = dζ
k=0
2πi γ (ζ − z0 )k+1

where z0 ∈ D and γ is a simple closed curve lying in D and containing z0 on its interior.

We immediately obtain the following generalization of Cauchy’s integral formula (11.5.5).

Corollary 11.5.13. Suppose f is holomorphic on a domain D and γ is a simple closed

curve in D, positively oriented and with interior Ω. Then for all z ∈ Ω and n ∈ N,
Z
(n) n! f (ζ)
f (z) = dζ.
2πi γ (ζ − z)n+1

We now define what it means for a function to be analytic on a certain region in the
complex plane.

Definition. A function f (z) that is continuous on a region D ⊆ C is analytic at z0 ∈ D if

f equals its Taylor series expansion about z0 and f is analytic on D if it is analytic at every
point in D.

The following theorem summarizes everything we have learned so far about holomorphic
functions in the complex plane.

Theorem 11.5.14. For a complex function f (z) which is continuous on a domain D, the
following are equivalent:

(1) f (z) is differentiable on some open disk centered at z0 ∈ D, that is, f is holomorphic
at z0 .

(2) The Taylor series expansion of f (z) about z0 converges to f (z) with positive radius of
convergence, i.e. f is analytic.

(3) f (z) satisfies the Cauchy-Riemann equations on some neighborhood of z0 .

Z
(4) f (z) dz = 0 for every simple closed curve γ inside D with z0 on its interior (Cauchy’s
γ
Theorem and Morera’s Theorem).

122
11.5. Integration in the Complex Plane Chapter 11. Complex Analysis

We conclude with a consequence of the generalized Cauchy’s integral formula to entire

functions that are bounded.

Theorem 11.5.15 (Liouville’s Theorem). If f (z) is entire and there exists a constant M
such that |f (z)| ≤ M for all z ∈ C, then f is a constant function.

Proof. Let z0 ∈ C and take Cr to be the circle centered at z0 with radius r > 0. By
Corollary 11.5.13, Z
0 1 f (ζ)
f (z0 ) = dζ.
2πi Cr (ζ − z0 )2
Parametrize the circle by Cr : z0 + reit , 0 ≤ t ≤ 2π. Then
Z 2π
0 1 f (z0 + reit ) it
f (z0 ) = ire dt
2πi 0 r2 e2it
Z 2π
1 f (z0 + reit )
= dt.
2πr 0 eit
Taking the modulus of both sides and applying the triangle inequality for integrals, we have
Z 2π 
 f (z0 + reit ) 

0 1
|f (z0 )| ≤   dt
2πr 0  eit 
Z 2π
1 |f (z0 + reit )|
= dt
2πr 0 |eit |
Z 2π
1
≤ M dt.
2πr 0

As we take r → 0, this expression tends to 0 as well, showing |f 0 (z0 )| = 0. Since z0 was

arbitrary, we have shown that f (z) is constant.

123
11.6. Singularities and the Residue Theorem Chapter 11. Complex Analysis

11.6 Singularities and the Residue Theorem

With Theorem 11.5.12, we saw that an analytic function can be written
∞ Z
X
k 1 f (ζ)
f (z) = ak (z − z0 ) where ak = dζ
k=0
2πi γ (ζ − z0 )k+1

for all z in its domain D. This is highly useful, but when f (z) is not analytic on a domain
D we still want a way of representing f as a series. This motivates the introduction and
application of Laurent series:

Definition. A Laurent series is a series expansion of a function f (z) about a point z0 not
in the domain of f in terms of two infinite power series, a positive and negative one:
∞
X ∞
X X
f (z) = ak (z − z0 )k + bk (z − z0 )−k = ck (z − z0 )k .
k=0 k=1 k∈Z

Remark. A Laurent series converges if and only if both the positive and negative series
converge. Absolute and uniform convergence are defined analagously. Notice that any Taylor
series is a Laurent series whose negative part vanishes.

We should take a moment to explicitly describe the region of convergence of a Laurent

series. Suppose
X ∞
X ∞
X
k
ck (z − z0 ) = k
ak (z − z0 ) + bk (z − z0 )−k .
k∈Z k=0 k=1

The positive series has some radius convergence R1 , that is, the series converges on the region
1
{z ∈ C : |z − z0 | < R1 }. Similarly, the negative series is just a power series in z−z 0
so it
1 1 1
has radius of convergence R2 , i.e. it converges when |z−z0 | < R2 . This can be written as the
complement of a closed disk, {z ∈ C : |z − z0 | > R2 }. Thus we see that the Laurent series
is convergent on an annular region {z ∈ C : R2 < |z − z0 | < R1 } (as long as R2 < R1 ).
By Theorem 11.5.9, the Laurent series represents an analytic function f (z) on the region
D = {z ∈ C : R2 < |z − z0 | < R1 }. This is made explicit in the next theorem.

Theorem 11.6.1. Suppose f is a holomorphic function on D = {z ∈ C : R1 < |z − z0 | <

R2 }. Then f is equal to its Laurent series expansion about z0 which can be written
∞
X ∞
X
f (z) = ak (z − z0 ) +k
bk (z − z0 )−k
k=0 k=1
Z Z
1 f (ζ) 1 f (ζ)
where ak = dζ and bk = dζ
2πi C2 (ζ − z0 )k+1 2πi C1 (ζ − z0 )−k+1

for circles C1 and C2 centered at z0 with radii R1 and R2 , respectively.

Proof. Apply Cauchy’s Theorem (11.5.1) and related results to both series.

124
11.6. Singularities and the Residue Theorem Chapter 11. Complex Analysis

Remark. By the definition of their coefficients in terms of the integrals above, Laurent
series expansions are unique.

Laurent series give us a way to deal with ‘holes’ in the domain of a function which is
otherwise holomorphic on the region. Such functions have a special name:

Definition. A complex function f (z) is meromorphic on a domain D if it is holomorphic

on D r {z1 , z2 , . . . , zr } where r is finite.

A singularity is the name we give to a ‘hole’ in the domain of a complex function. Below
we describe the three different types of singularities a function may have.

Definition. If f (z) is holomorphic on the punctured disk D = {z ∈ C : 0 < |z − z0 | < R}

for some R > 0 (R may be infinite) but not at z0 then z0 is called an isolated singularity
of f . The three types of isolated singularities are

(a) z0 is a removable singularity if there is a function g which is holomorphic on the

disk D ∪ {z0 } = {z ∈ C : |z − z0 | < R} such that f (z) = g(z) for all z ∈ D.

(b) z0 is a pole if lim |f (z)| = ∞. In particular, z0 is a pole of order m if z0 is

z→z0
1
a root of f (z) with multiplicity m. Equivalently, m is the smallest integer such that
m+1
lim (z − z0 ) f (z) = 0.
z→z0

(c) z0 is an essential singularity if it is neither removable nor a pole.

The isolated singularities of a function may be characterized in terms of Laurent series

expansions of the function.

Proposition 11.6.2. Let z0 be an isolated singularity of f (z) and suppose f (z) has a Laurent
series expansion
X∞ X∞
f (z) = n
an (z − z0 ) + bn (z − z0 )−n
n=0 n=1

in the region 0 < |z − z0 | < R.

(a) z0 is a removable singularity if and only if bn = 0 for all n and there is a function g,
(
f (z) z = 6 z0
g(z) =
a0 z = z0 ,

which is analytic in |z − z0 | < R.

(b) z0 is a pole of f (z) if and only if all but a finite number of the bn vanish. Specifically,
if bn = 0 for all n > m then z0 is a pole of order m and f can be written
∞
bm bm−1 b1 X
f (z) = + + . . . + + an (z − z0 )n .
(z − z0 )m (z − z0 )m−1 z − z0 n=0

125
11.6. Singularities and the Residue Theorem Chapter 11. Complex Analysis

(c) z0 is an essential singularity if and only if infinitely many of the bn are nonzero.

We saw there is a connection between the coefficients of the negative part of the Lau-
rent series of a function and contour integrals of the function about its singularities. The
coefficient b1 in a Laurent series is of particular importance, so much so that it has a special
name.

Definition. Let z0 be an isolated singularity of f (z). The residue of f at z0 is

Z
1
Res(f ; z0 ) := f (z) dz
2πi C

where C : |z − z0 | = r for some 0 < r < R, the radius of convergence of the Laurent series
for f . This is in turn equal to the b1 coefficient of the Laurent series.

There is a nice formula for the residues of removable singularities and poles.

Proposition 11.6.3. Suppose z0 is a nonessential singularity of f (z).

(a) If z0 is a removable singularity, Res(f ; z0 ) = 0.

(b) If z0 is a pole of order m, then

1 dm−1
Res(f ; z0 ) = lim m−1 (z − z0 )m f (z).
(m − 1)! z→z0 dz

Proof. (a) follows from Cauchy’s Theorem (11.5.1), and (b) is a simple application of Taylor’s
Theorem to the series ∞
X
(z − z0 )m f (z) = cn (z − z0 )n+m .
n=−m

The formula for Res(f ; z0 ) follows from the identification of the residue and b1 .

Proposition 11.6.4. Suppose f and g are analytic on |z − z0 | < r for some z0 ∈ C and
r > 0, and suppose g(z0 ) = 0 but g 0 (z0 ) 6= 0. Then
 
f f (z0 )
Res ; z0 = 0 .
g g (z0 )

Proof. Let g(z) have the following power series centered at z0 (by assumption the series has
no c0 coefficient):
∞
X ∞
X
k
g(z) = ck (z − z0 ) = (z − z0 ) ak (z − z0 )k
k=1 k=0

where ak = ck−1 ; call the analytic function represented by this new series h(z). Note that
h(z0 ) = c1 6= 0, so
f (z) f (z)
=
g(z) (z − z0 )h(z)

126
11.6. Singularities and the Residue Theorem Chapter 11. Complex Analysis

and fh is analytic at z0 . Using the definition of residue in terms of the Laurent series coeffi-
cients, the residue of fg is equal to the constant term of the series for fh (the n = −1 term of
the series for fg ). This is computed to be fh(z
(z0 )
0)
, but by the way we defined h, h(z0 ) = g 0 (z0 ).
Hence  
f f (z0 )
Res ; z0 = 0 .
g g (z0 )

We finally arrive at the central theorem in basic complex analysis: the Residue Theorem.

Theorem 11.6.5 (The Residue Theorem). Suppose f (z) is meromorphic on a region D; let
z1 , . . . , zn be the isolated singularties of f inside D. If γ is a piecewise smooth, positively
oriented, simple closed curve lying in D that does not pass through any of the zi then
Z n
X
f (z) dz = 2πi Res(f ; zi ).
γ i=1

Proof. Draw a positively-oriented circle Ci around each singularity zi such that zi is the only
singularity of f on its interior. The case where n = 3 is illustrated below.

z2 z1

z3

Then γ is contractible to a curve γ 0 which connects the Ci together and otherwise contains
no singularities on its interior. Such a contraction is shown in the next figure.

z2 z1
γ0

z3

127
11.6. Singularities and the Residue Theorem Chapter 11. Complex Analysis

Z Z n Z
X
Then f (z) dz = f (z) dz + f (z) dz but by construction, f (z) is holomorphic on
γ γ0 i=1 Ci
the interior of γ 0 , so by Cauchy’s Theorem (11.5.1) this part equals 0. Evaluate the remaining
terms using the definition of residue to produce the main summation formula:
Z n Z
X n
X
f (z) dz = f (z) dz = 2πi Res(f ; zi ).
γ i=1 Ci i=1

128
Chapter 12

Zeta Functions and L-Series

129
12.1. The Functional Equation Chapter 12. Zeta Functions and L-Series

12.1 The Functional Equation

Proposition 12.1.1. If ζ(s) has an analytic continuation to all of C with an isolated sin-
gularity at s = 1, then the pole at s = 1 has order 1.
∞
X 1
Proof. In the half-plane Re(s) > 1, we can define ζ(s) = s
in the usual way. Then we
n=1
n
have
Z ∞ ∞ Z ∞
1 X 1 1
s
dx ≤ s
≤ 1+ dx
1 x n=1
n 1 xs

1 1
≤ ζ(s) ≤ 1 +
s−1 s−1

1 ≤ (s − 1)ζ(s) ≤ s,

and by the Squeeze Theorem, lim+ (s − 1)ζ(s) = 1, so

s→1
s∈R

lim(s − 1)ζ(s) = lim+ (s − 1)ζ(s) = 1.

s→1 s→1
s∈C s∈R

Thus we can conclude that s = 1 is a pole of order 1.

As a result, we can calculate the residue of ζ(s) at s = 1 by
Z
1 g(z)
Res(ζ; 1) = dz = g(1) = 1
2πi γ z − 1

by the characterization of simple poles, evaluated using the formula above. So the residue
of the zeta function at s = 1 is 1.

To find an analytic continuation of ζ(s), recall the function (from homework)

Z ∞
I(s) = e−t ts dt
0

which converges absolutely for Re(s) > −1. And I(s) = P(s), which is analytic everywhere
on C except negative integers. Define the Gamma function Γ(s) = I(s − 1). Then we
substitute t = nx to obtain
Z ∞
Γ(s) = e−nx (nx)s−1 n dx
Z0 ∞
Γ(s)
= e−nx xs−1 dx.
ns 0

130
12.1. The Functional Equation Chapter 12. Zeta Functions and L-Series

Note here that ns appears, so we want to sum over all n to get our hands on the zeta function.
Doing so yields
∞ ∞ Z
X Γ(s) X ∞ −nx s−1
= e x dx.
n=1
ns n=1 0
By Fubini’s Theorem, we can switch the summation and integral if the absolute value of the
right side is finite. So consider
XN Z ∞ Z ∞
−nx s−1
|e x | dx = |e−nx xs−1 | dx since finite sums swap order
n=1 0 0

Z ∞
∞X
≤ |e−nx xs−1 | dx,
0 n=1

which we want to show exists. Look at |e−nx xs−1 | where s ∈ C with Re(s) > 0, which
becomes
|e−nx xs−1 | = |e−nx | |xs−1 |
= e−nx |xRe(s)−1 |
= e−nx xRe(s)−1 .
Then we have
∞
X ∞
X
|e−nx xs−1 | = e−nx xRe(s)−1
n=1 n=1

∞
X
=x Re(s)−1
e−nx
n=1

e−x
 
Re(s)−1
=x by geometric series
1 − e−x

xRe(s)−1
= .
ex − 1
Finally,
∞
∞X ∞
xRe(s)−1
Z Z
−nx s−1
|e x | dx = dx
0 n=1 0 ex − 1

1 ∞
xRe(s)−1 xRe(s)−1
Z Z
= dx + dx
0 ex − 1 1 ex − 1
1 ∞
xRe(s)−1
Z Z
1 Re(s)−1 −x
≤ dx + x e dx.
0 x 1 2

131
12.1. The Functional Equation Chapter 12. Zeta Functions and L-Series

ex
(The first integral is due to ex − 1 ≥ 1 for 0 ≤ x ≤ 1, and the second is because ex − 1 >
2
for x ≥ 1.) Note that this is integrable, so we can swap the integral and summation above,
giving:
Z ∞X ∞ Z ∞ s−1
−nx s−1 x
ζ(s)Γ(s) = e x dx = x−1
dx
0 n=1 0 e
by geometric series.

(−z)s dz
Z
Next, define F(s) = lim , where γε,δ is the given contour:
ε,δ→0 γε,δ ez − 1 z

II
I
δ ε

III

We can rewrite (−z)s in pieces:


−πi s
(e z)
 on part I
s
(−z) = smooth,continuous on part II
 πi s
(e z) on part III.


For part I, the parametrization z = x + iε, δ 0 ≤ x < ∞, x → ∞ makes the integral become
Z δ0 −πi Z ∞ Z ∞ s−1
(e (x + iε))s dx −πis (x + iε)s−1 ε→0 −πis x
x+iε
= −e x+iε
dx −−→ −e x
dx.
∞ e −1 x + iε δ0 e −1 δ0 e − 1

Similarly, the parametrization z = x − iε, δ 0 ≤ x < ∞, x → ∞ makes part III look like
Z ∞ πi Z ∞ Z ∞ s−1
(e (x − iε))s dx πis (x − iε)s−1 ε→0 πis x
x−iε
= e x−iε
dx −−→ e x
dx.
δ0 e − 1 x − iε δ0 e −1 δ0 e − 1

Now for part II, we want the integral to vanishe as δ → 0. The parametrization z = δeiθ ,
τ ≤ θ ≤ 2π − τ , where τ is arbitrarily small, gives us
Z 2π−τ
(−z)s dz (−δeiθ )s iδeiθ dθ
Z
=
z
II e − 1 z τ eδeiθ − 1 δeiθ
2π−τ
(−δeiθ )s
Z
=i dθ.
τ eδeiθ − 1
On the whole path, we have the following bounds:

132
12.1. The Functional Equation Chapter 12. Zeta Functions and L-Series

ˆ | − δeiθ |s = | − 1|s |δ|s |eiθ |s = δ s

ˆ
iθ
|eδe − 1| = |eσ+iκ − 1| where δeiθ = σ + iκ
≥ |e−δ − 1| since eσ+iκ is closest to 1 when θ = π, giving σ = −δ, κ = 0
δ
≥ since δ is small.
2

Then the part II integral becomes

Z 2π−τ  Z 2π−τ s
 (−δeiθ )s 

δ
i  eδeiθ − 1  dθ ≤ i dθ
 
δ
τ τ 2

Z 2π−τ
s−1
= 2iδ dθ
τ

< 4πiδ s−1 since τ > 0.

If Re(s) > 1, 4πiδ s−1 → 0 as δ → 0. Putting everything together, we have

Z ∞ s−1 Z ∞ s−1
(−z)s dz
Z  
−πis x πis x s−1
lim = lim −e dx + e dx + 4πiδ
ε,δ→0 γ
ε,δ
ez − 1 z δ→0 δ ex − 1 δ ex − 1

∞
xs−1
Z
πis −πis
= (e −e ) dx + 0
0 ex − 1

= 2i sin(πs)Γ(s − 1)ζ(s).

This holds for all Re(s) > 1. Next, solve for the zeta function:
(−z)s dz
Z
1
ζ(s) = .
2i sin(πs)Γ(s) γ ez − 1 z
πs
We proved for homework that sin(πs) = , so
P(s)P(−s)
1 P(s)P(−s) P(−s)
= =
2i sin(πs)P(s − 1) 2iπsP(s − 1) 2πi
since P(s) = sP(s − 1). Thus the functional equation for the zeta function is:
Γ(1 − s) (−z)s dz
Z
ζ(s) = z
Re(s) > 1
2πi γ e −1 z

which is an analytic continuation to the entire complex plane minus s = 1. Note that P(−s)
is defined everywhere except positive integers. But ζ(s) is defined at these points. More-
over, the functional equation for ζ(s) covers the rest of the complex plane, namely Re(s) ≤ 1,

133
12.1. The Functional Equation Chapter 12. Zeta Functions and L-Series

s 6= 1, so we have values for ζ(s) everywhere except s = 1. Since the functional equation is
analytic around s = 1, we see that s = 1 is a simple pole.

What happens to the functional equation for Re(s) < 0? P(−s) (and Γ(1 − s)) are
well-defined, so we will examine the integral part. Consider the contour Dn :

Dn

2π (n + 1/2)
poles

By the Residue Theorem,

(−z)s dz (−z)s
Z X  
= 2πi Res ;α .
Dn ez − 1 z poles α
(ez − 1)z
α∈Dn

Since we cut out z = 0, the only poles occur when ez − 1 = 0 ⇒ ez = 1 ⇒ z = 2πik for
integers 0 < |k| ≤ n. We calculate the residue at z = 2πik by

(−z)s
 
Res ; 2πik = g(2πik)
(ez − 1)z

(−z)s g(z)
where z
= . Then apply L’Hôpital’s Rule:
(e − 1)z z − 2πik
z − 2πik 1
lim = lim = 1.
z→2πik ez − 1 z→2πik ez

Thus we obtain
(−z)s

(z − 2πik) z
 z 6= 2πik
g(z) = (e − 1)z
s
(−2πik)
= −(−2πik)s−1 z = 2πik.


−2πik

134
12.1. The Functional Equation Chapter 12. Zeta Functions and L-Series

Hence the residue at z = 2πik is −(−2πik)s−1 . We can plug this into the integration formula,
which gives us
n
(−z)s
X   X
s−1 s−1
 
2πi Res ; α = −2πi (2πik) + (−2πik)
α∈D
(ez − 1)z k=1
n
n
s−1 s−1 s−1

X
= −2πi(2π) i + (−i) k s−1
k=1
 π  Xn
 1
= −2πi(2π)s−1 2 sin s 1−s
.
2 k=1
k

Consider as n → ∞,
(−z)s dz (−z)s dz (−z)s dz
Z Z Z
z
= − z
+ z
.
Dn e − 1 z γn e − 1 z |z|=2π(n+1/2) e − 1 z

(−z)s dz
Z
Claim. As n → ∞, z
−→ 0.
|z|=2π(n+1/2) e − 1 z
 
z z 1
 1 
Proof. Consider e − 1 on |z| = 2π(n + 1/2). By work in class, |e − 1| ≥ 2
⇒ z
  ≤ 2.
e − 1
Also,
 (−z)s 
 
Re(s−1)
1
 z  = (2π(n + /2))
  −→ 0 as n → ∞.

This gives us
(−z)s dz 
Z 
≤ 2π(n + 1/2)2π ·2 · (2π(n + 1/2))Re(s−1)


 z
e −1 z 
|z|=2π(n+1/2)
length of path
= 4π (2π(n + 1/2))Re(s) .

And since Re(s) < 0, lim 4π (2π(n + 1/2))Re(s) = 0.

n→∞

(−z)s dz
π  Z
s−1
Hence as n → ∞, 2πi(2π) · 2 sin s ζ(1 − s) = z
. Then the functional
2 γ e −1 z
equation for Re(s) < 0 looks like
π 
ζ(s) = P(−s)(2π)s−1 · 2 sin s ζ(1 − s).
2
Both ζ(s) and its functional equation are analytic everywhere except s = 1. Since they are
analytic continuations of each other, the functional equation will continue to match ζ(s)
everywhere (except s = 1).
To rephrase things slightly with an eye towards the functional equations derived in
Part VI, define s
−s/2
ξ(s) = π Γ ζ(s),
2
which is sometimes called the completed zeta function. We will prove:

135
12.1. The Functional Equation Chapter 12. Zeta Functions and L-Series

1
Theorem 12.1.2. ξ(s) = + g(s) for some g(s) which is analytic on C.
s(s − 1)
As above, the analytic continuation of ξ(s) to the whole complex plane follows easily.
The key idea in the proof of Theorem 12.1.2 is to study ξ(s) and Γ(s) using the Fourier
transform. Recall that for a complex-valued function f ∈ L1 (R), the Fourier transform of f
is defined by Z
ˆ
f (y) = f (x)e−2πixy dx.
R
These ideas will be critical in Part VI.

Proposition 12.1.3. If f (x) = e−πx then fˆ(y) = f (y).

2

Proof. For any y,

Z Z
−πx2 −2πixy 2 +2ixy)
fˆ(y) = e e dx = e−π(x dx
ZR R
2 2
= e−π(x+iy) e−πy dx by completing the square
R Z
−πy 2 2
=e e−π(x+iy) dx.
R

2
So it’s enough to show that R e−π(x+iy) dx = 1. Now the change of variables u = x + iy
R

gives us Z Z
−π(x+iy)2 2
e dx = e−πu du.
R iy+R
−πu2
Since e is an entire function and decays rapidly as | Re(u)| gets large, the contour integral
along the vertical pieces in the contour

iy + R

tend to 0 as they move outward, and thus the integrals along R and along iy + R are equal.
Then by a standard computation,
Z Z
−πu2 2
e du = e−πu du = 1.
iy+R R

136
12.1. The Functional Equation Chapter 12. Zeta Functions and L-Series

2
In other words, the function f (x) = e−πx is a fixed point of the Fourier transform
operator. By the same proof, we also have:

Proposition 12.1.4. For any a > 0, fa (x) = e−πx a satisfies fˆ(y) = √1a f a1 .
2

We say a function f : R → C is a Schwartz function if it decays rapidly as x → ±∞.

Explicitly, f is Schwartz if it is analytic and f (x) and each of its derivatives f (n) decay to 0
as x → ±∞ faster than any inverse power of x.

Proposition 12.1.5 (Poisson Summation). Let f be a Schwartz function. Then

X X
f (n) = fˆ(n).
n∈Z n∈Z
P
Proof. Set F (x) = n∈Z f (x+n) which converges since f (x) decays rapidly as |x| gets large.
Then F (x) is 1-periodic, so it has a Fourier series with kth Fourier coefficient given by
Z 1X
ak = f (x + n)e−2πikx dx.
0 n∈Z

Since f is Schwartz, Fubini’s theorem allows us to swap the order of integration and sum-
mation:
XZ 1 X Z n+1 Z
−2πikx −2πikx
ak = f (x + n)e dx = f (x)e dx = f (x)e−2πikx dx.
n∈Z 0 n∈Z n R

(In the last step we use periodicity.) Thus ak = fˆ(k) where fˆ is the Fourier transform of f .
Now since F is analytic (it is even Schwartz), it equals its Fourier series on R:
X X
F (x) = ak e2πikx = fˆ(k)e2πikx .
k∈Z k∈Z

Plugging in x = 0 gives the result.

Now we are prepared to prove Theorem 12.1.2.
s Z ∞
Proof. Start with Γ = ts/2−1 e−t dt. Substitute t = πn2 x to obtain
2 0

s Z ∞ 2
Γ = xs/2−1 e−πn x (πn2 )s/2 dx
2 0
Z ∞
2
= (πn )2 s/2
xs/2−1 e−πn x dx.
0

137
12.1. The Functional Equation Chapter 12. Zeta Functions and L-Series

s Z ∞
−s/2 −s 2
So π Γ n = xs/2−1 e−πn x dx. We next sum over n ∈ N to get the zeta function
2 0
involved on the left side:
s ∞ Z ∞
2
X
−s/2
π Γ ζ(s) = xs/2−1 e−πn x dx
2 n=1 0
Z ∞X ∞
2 2
= xs/2−1 e−πn x dx by Fubini’s theorem, since e−πn x is Schwartz
0 n=1
Z ∞ ∞
2
X
= x s/2−1
ω(x) dx where ω(x) = e−πn x .
0 n=1

2
Let θ(x) = n∈Z e−πn x . Then since e\ −πn2 x = √1 e−πn2 /x by Proposition 12.1.4, we have
P
x
1 1


θ(x) = x θ x by Poisson summation. Now θ(x) = 1 + 2ω(x) so we get a similar functional
√
√ √
equation for ω: for all x 6= 0, ω x1 = − 12 + 12 x + xω(x). We use this to evaluate the

above integral:
Z ∞ Z 1 Z ∞
s/2−1 s/2−1
x ω(x) dx = x ω(x) dx + xs/2−1 ω(x) dx
0
Z0 1   1
Z ∞
1−s/2 1 −1 1
= x ω 2
dx + xs/2−1 ω(x) dx after x 7→
x x x
Z∞∞   Z ∞1
1
= x−1−s/2 ω dx + xs/2−1 ω(x) dx
x
Z1 ∞  1
√ √
  
−1−s/2 1 1 s/2−1
= x − + x + xω(x) + x ω(x) dx
1 2 2
Z ∞
1 1 s−1

=− + + x− 2 ω(x) + xs/2−1 ω(x) dx
s s−1 1
Z ∞
1 1−s
 dx
= + x 2 + xs/2 ω(x) .
s(s − 1) 1 x

Since the second term is analytic, we are done.

It follows immediately that ξ(s) satisfies a simple functional equation.

Corollary 12.1.6. ξ(s) = ξ(1 − s). Moreover, ξ(s) is meromorphic with only simple poles
at s = 0, 1.

138
12.2. Finding the Zeros Chapter 12. Zeta Functions and L-Series

12.2 Finding the Zeros

The formula
(−1)n+1 b2n (2π)2n
ζ(2n) = ,
2(2n)!
where b2n is a Bernoulli number, gives values for ζ(s) at positive, even integers. It also turns
out that
(−1)n bn+1
ζ(−n) =
n+1
holds for all negative integers (which was proven for homework). The functional equation
gives us
(−1)n bn+1 π 
ζ(−n) = = P(n)(2π)−(n+1) · 2 sin (−n) ζ(1 + n).
n+1 2
And we have 
π  π   −1 n ≡ 1 (mod 4)
sin (−n) = − sin n = 0 n is even
2 2 
1 n ≡ 3 (mod 4).


When n = 0, both sides have zero factors so we can’t get any information about ζ(1 + n)
(which is good). On the other hand, we can write
n+1
(−1) 2(2π)n+1 bn+1
ζ(1 + n) =
2(n + 1)!
n+1
π


since P(n) = n! and (−1) 2 will give us the correct values of sin 2
(−n) by above.

What have we accomplished so far?

P(−s) (−z)s dz
Z
(1) We showed that ζ(s) = is analytic on C except for a simple pole
2πi γ ez − 1 z
at s = 1.
π 
s−1
(2) For Re(s) < 0, the functional equation ζ(s) = P(−s)(2π) · 2 sin s ζ(1 − s) holds
2
on the entire complex plane, except the pole at s = 1.
(3) By Euler’s Product Form, ζ(s) 6= 0 when Re(s) > 1.
(4) The functional equation tells us there are no nontrivial zeros when Re(s) < 0. (There
are zeros at the negative even integers since P(−s) is defined using Bernoulli numbers;
these are called the trivial zeros of the zeta function.)
(5) Any nontrivial zeros are found on the critical strip 0 < Re(s) < 1.
Why is knowing about the zeros of the zeta function important? Well a major implication
of Riemann’s paper is that
x
π(x) ∼ ⇔ ζ(s) 6= 0 when Re(s) = 1.
log(x)
In addition, they provide a route to proving the Prime Number Theorem (10.4.2).

139
12.2. Finding the Zeros Chapter 12. Zeta Functions and L-Series

The Riemann Hypothesis. Every nontrivial zero of ζ(s) lies on the critical line Re(s) = 12 .

Implications of the Riemann Hypothesis:

(1) This would confirm the Prime Number Theorem (10.4.2).

x √
(2) Moreover, π(x) = + O( x log(x)).
log(x)
(3) This essentially describes the possible sizes of the gap between two successive primes.

(4) Consider
1 Y
1 − p−s


=
ζ(s) p prime
X (−1)k
= where k = # primes dividing n
n square-free
ns
∞
X µ(n)
=
n=1
ns

where µ(n) is the Möbius function defined by

(
(−1)k n is square-free and k = # primes dividing n
µ(n) =
0 otherwise.

140
12.3. Sketch of the Prime Number Theorem Chapter 12. Zeta Functions and L-Series

12.3 Sketch of the Prime Number Theorem

x π(x) log(x)
Recall π(x) ∼ ⇔ lim = 1. Chebyshev introduced the function ψ(x)
log(x) x→∞ x
defined by X
ψ(x) = log(p).
pm ≤x

Note that we can rewrite this as

X  log(x)  X
ψ(x) = log(p) = Λ(n)
p≤x
log(p) n≤x

where Λ(n) is the Von Mangoldt function given by

(
log(p) if n = pm
Λ(n) =
0 otherwise.

Then we have
X  log(x)  X log(x) X
ψ(x) = log(p) ≤ log(p) = log(x) = π(x) log(x).
p≤x
log(p) p≤x
log(p) p≤x

π(x) log(x) ψ(x)

Theorem 12.3.1 (Chebyshev). lim sup = lim sup .
x→∞ x x→∞ x
Proof omitted.

ψ(x)
Therefore if lim exists and is equal to 1, we have
x→∞ x

ψ(x) π(x) log(x)

≤
x x
π(x) log(x)
from above, so lim would equal 1 as well. This is as far as Chebyshev got.
x→∞ x
Recall Euler’s Product Form:
Y  −1  
1 X 1
ζ(s) = 1− s ⇒ log(ζ(s)) = − log 1 − s
p prime
p p prime
p
∞
X X 1
=+ by Taylor series for log(1 − x).
p prime m=1
mpms

Deriving both sides gives

∞ ∞
ζ 0 (s)
 
X X 1 −m log(p) X X log(p) X Λ(n)
= = − = − .
ζ(s) p prime m=1
m pms p prime m=1
pms n≤x
ns

141
12.3. Sketch of the Prime Number Theorem Chapter 12. Zeta Functions and L-Series

∞
−ζ 0 (s)
Z
ψ(x)
Claim. =s dx.
ζ(s) 1 xs+1
Proof. Consider Λ(n) = ψ(n) − ψ(n − 1). Then
N N
X Λ(n) X ψ(n) − ψ(n − 1) ψ(1)
= +
n=1
ns n=2
ns 1
goes to 0

N −1  
ψ(N ) X 1 1
= − − s ψ(n)
Ns n=2
(n + 1) s n

N −1 Z n+1
ψ(N ) X s
= + ψ(n) dx
Ns n=2 n xs+1

Z N
ψ(N ) ψ(x)
= +s dx.
Ns 2 xs+1

ψ(N )
Chebyshev showed that ψ(x) = O(x) so −→ 0 as N → ∞ (if Re(s) > 1), and ψ(x) = 0
Ns
for 1 ≤ x ≤ 2. Thus we have proven the claim.
By Mellin Inversion,
a+i∞
−ζ 0 (s) xs
Z  
1
ψ(x) = ds for some a ∈ R, a > 1
2πi a−i∞ ζ(s) s

which Von Mangoldt evaluated to be

X xρ ζ 0 (0)
ψ(x) = x − −
ρ
ρ ζ(0)

where ρ are all the zeros of ζ(s). This is as far as Von Mangoldt got.

Now consider ρ for the trivial zeros of ζ(s):

∞ ∞
X xρ x−2n
 
X −1 X 1 1 1
=− = = log 1 − 2 −→ 0 as x → ∞.
ρ
ρ n=1
2n 2 n=1 nx2n 2 x

It turns out that for nontrivial ρ,

1 X xρ
lim =0 ⇔ Re(ρ) < 1 for all ρ.
x→∞ x ρ
ρ

Thus if the Riemann Hypothesis holds, it would give the smallest possible error term for our
ψ(x) approximation above. Once we have ψ(x) ∼ x, the PNT follows.

142
12.4. Dirichlet Series Chapter 12. Zeta Functions and L-Series

12.4 Dirichlet Series

Definition. For any positive integer m, a Dirichlet character mod m is a homomorphism
χ : (Z/mZ)× → C× . It is typical to extend a character to the entire ring of integers by
(
χ([n]) if gcd(n, m) = 1
χ(n) =
0 if gcd(n, m) 6= 1.

Note that since (Z/mZ)× is a finite group for all m ∈ Z+ , χ([n]) is a root of unity for all
congruence classes [n] ∈ (Z/mZ)× . In other words, a Dirichlet character is a multiplicative
homomorphism from (Z/mZ)× to the circle group S 1 ⊂ C.
Example 12.4.1. The trivial character mod m, which takes every [n] ∈ (Z/mZ)× to 1 (and
every other integer to 0), is called the principal Dirichlet character, denoted χ0 . For
instance, the principal character mod 3 maps
1 →
7 1 4 →
7 1
2 →7 1 5 →7 1
3 → 7 0 6 → 7 0
Definition. For a Dirichlet character χ, we define a complex-valued function
∞
X χ(n)
L(s, χ) =
n=1
ns

called a Dirichlet L-series.

Theorem 12.4.2 (Product Formula). For any Dirichlet character χ, the L-function for χ
satisfies the following product formula:
Y 1
L(s, χ) =
1 − χ(p)p−s
p-m

which may be obtained by using unique factorization of n and multiplicativity of χ.

Proof. This is basically the same proof as Euler’s product formula for the zeta function
(Theorem 10.3.1). Here, we only use the additional fact that χ is multiplicative.
Note that both expressions for L(s, χ) converge when Re(s) > 1. The most important and
probably the most thoroughly studied example of an L-series is the Riemann zeta function,
which arises as the L-series of the principal Dirichlet character for m = 1:
∞
X 1
ζ(s) = s
= L(s, χ0 ).
n=1
n

Notice that for any m > 1, L(s, χ0 ) differs from ζ(s) only by factors 1−p1 −s for p | m. Recall
from Section 12.1 that ζ(s) extends to a meromorphic function on the half-plane Re(s) > 0
and satisfies
1
ζ(s) = + g(s)
1−s

143
12.4. Dirichlet Series Chapter 12. Zeta Functions and L-Series

for some holomorphic function g(s) defined on Re(s) > 0.

As a result of the relation between L(s, χ) and ζ(s), we have the following analytic
properties of L-series.

Proposition 12.4.3. If χ is a nonprincipal Dirichlet character, then L(s, χ) converges for

all Re(s) > 0 and L(1, χ) 6= 0.

Proposition 12.4.4. For an L-series L(s, χ), define

X
s(x) = χ(n)
n≤x

and suppose there exist real numbers a, b > 0 such that |s(x)| ≤ axb for all x ≥ 1. Then

(1) For any ε, δ > 0, L(s, χ) is uniformly convergent on the domain

D = s ∈ C : Re(s) ≥ b + δ, | Arg(s − b)| ≤ π2 − ε .



(2) L(s, χ) is analytic on the half-plane Re(s) > b.

π

(3) For all s ∈ D0 = s ∈ C : Re(s) ≥ 1, | Arg(s − 1)| ≤ 2
−ε ,

s(x)
lim(s − 1)L(s, χ) = lim .
s→1 x→∞ x

Generalized Riemann Hypothesis. For any Dirichlet L-function, L(s, χ) = 0 if and only
if Re(s) = 21 or s = −2n for n ∈ Z+ .

Several implications of the Generalized Riemann Hypothesis (GRH) are:

ˆ Tells us a lot about the deep inner structure of Z∗n .

ˆ Shows that Z∗n can be generated by less than 2(log(n))2 elements.

ˆ Shows that Z∗p has a primitive root of size c(log(p))6 for some uniform constant c.

144
 Part III

Algebraic Number Theory

145
Chapter 13

Introduction

Part III follows a course on algebraic number theory taught by Dr. Andrew Obus at the
University of Virginia in Spring 2016. The main topics covered are:

ˆ Algebraic number fields (the global case)

ˆ The ideal class group

ˆ Structure of the unit group

ˆ The p-adic numbers (the local case)

ˆ Hensel’s Lemma

ˆ Ramification theory

ˆ Further topics, including adeles and ideles

The main companion for the course is Neukirch’s Algebraic Number Theory. Other great ref-
erences include Cassels and Frohlich’s Algebraic Number Theory, Janusz’s Algebraic Number
Fields, Lang’s Algebraic Number Theory, Marcus’s Number Fields and Weil’s Basic Number
Theory.

146
13.1. Attempting Fermat’s Last Theorem Chapter 13. Introduction

13.1 Attempting Fermat’s Last Theorem

Algebraic number theory was developed primarily as a set of tools for proving Fermat’s Last
Theorem. We recall the famous (infamous?) theorem here.

Fermat’s Last Theorem. The equation xn + y n = z n has no solutions in positive integers

for n ≥ 3.

In attempting to prove the theorem, we first remark that the n = 4 case is elementary;
it’s just a matter of parametrizing the Pythagorean triples (x, y, z) that solve x2 + y 2 = z 2
and noticing that not all three can be perfect squares. With this, we can reduce to the case
when n = p, an odd prime. There are two cases:

ˆ Case 1: x, y, z are all relatively prime to p.

ˆ Case 2: p divides exactly one of x, y, z.

We will show a proof for the first few primes in Case 1; the other case uses similar tech-
niques. Let ζ be a primitive pth root of unity (e.g. ζ = e2πi/p ) and assume Z[ζ] is a unique
factorization domain (UFD). This was the classical approach, but number theorists quickly
realized that Z[ζ] is not always a UFD. In fact, it is an open question whether there are an
infinite number of primes p for which Z[e2πi/p ] is a UFD.
In any case, the assumption that Z[ζ] is a UFD holds for p < 23 so we will have proven
a number of cases of Fermat’s Last Theorem with the following proof.
Proof. Suppose x, y, z are positive integers satisfying xp + y p = z p . We may assume x, y, z
are relatively prime in Z. The equation above may be factored as
p
Y
(x + ζ i y) = z p (∗)
i=1

For p = 3, the only cubes mod 9 are ±1 and 0 so there are no solutions for (*) where 3 - xyz.
So we may assume p ≥ 5. We need the following lemmas:
p−1
Y
Lemma 13.1.1. p = (1 − ζ i ).
i=1

tp −1
Proof. Consider expanding t−1
in two ways:

tp − 1
(t − ζ) · (t − ζ p−1 ) = = tp−1 + . . . + t + 1.
t−1
Then plugging in t = 1 gives the result.
Lemma 13.1.2. For any 0 ≤ i < j ≤ p − 1, the elements x + ζ i y and x + ζ j y are coprime
in Z[ζ].

147
13.1. Attempting Fermat’s Last Theorem Chapter 13. Introduction

Proof. Suppose that π ∈ Z[ζ] is a prime which divides x + ζ i y and x + ζ j y. Then π divides
ζ i y(1 − ζ j−i ). Notice that ζ i is a unit and p - y by assumption, but 1 − ζ j−i | p. So in
particular, π | y and thus π | yp. Since π is a prime, π | y or π | p. Repeating the argument
for x shows that π | x or π | p. Since x and y are coprime in Z, we cannot have π | x and
π | y simultaneously, so π | p. By assumption we have that π divides xp + y p and therefore
also z p in Z, but (p, z) = 1 so the Euclidean algorithm implies that π | 1. Therefore x + ζ i y
and x + ζ j y are relatively prime in Z[ζ].
Now, each factor x + ζ i y must be a pth power in Z[ζ], possibly multiplied by a unit.
Write x + ζy = utp for u ∈ Z[ζ]∗ and t ∈ Z[ζ].
Lemma 13.1.3. u/ū is a pth root of unity.
Proof. It is simple to show that u/ū and all of its Galois conjugates have modulus 1 in C;
this is then true for all powers of u/ū as well. Then the degree of u/ū and all of its powers
is bounded. Since all of these are algebraic integers, there are only finitely many possible
choices for their minimal polynomials. Hence the set {(u/ū)k : k ∈ N} is finite. This proves
u/ū is a root of unity in Z[ζ]. In particular, (u/ū)2p = 1 but we want to show it is a pth root
of unity. Suppose (u/ū)p = −1. Then up = −ūp . Since u ∈ Z[ζ] we may write

u = a0 + a1 ζ + a2 ζ 2 + . . . + ap−2 ζ p−2

for unique ai ∈ Z; this follows from unique factorization in Z[ζ]. Now

up ≡ ap0 + ap1 + . . . + app−2 (mod p)

≡ a0 + a1 + . . . + ap−2 (mod p) by Fermat’s Little Theorem (4.1.10).

In particular, up is conjugate to a real number mod p. Likewise, we can write −ū as −ū =
−(a0 + a1 ζ p−1 + . . . + ap−2 ζ 2 ) so

−ūp ≡ −a0 − a1 − . . . − ap−2 (mod p).

This implies a0 + a1 + . . . + ap−2 ≡ 0 (mod p) so p | up . However, this is impossible if u is a

unit. Therefore (u/ū)p = 1.
Putting these results together, we can now write

x + ζy = ζ j ūtp ≡ ζ j ūt̄p ≡ ζ j (x + ζ̄y) (mod p).

Expanding this out gives us

x + ζy − ζ j x − ζ j−1 y ≡ 0 (mod p). (∗∗)

Now Z[ζ]/(p) ∼ = Z[x]/(p, xp−1 + . . . + x + 1) ∼

= Fp [x]/(xp−1 + . . . + x + 1). Thus the images
p−2
of 1, x, . . . , x are Fp -linearly independent in this ring. This implies 1, ζ, . . . , ζ p−1 are Z-
linearly independent in Z[ζ]/(p). Since x, y ∈ Z, the only possibilities in (**) for j are
j = 0, 1, 2, p − 1. If p = 0, 2, p − 1, it is easy to simplify (**) and produce a nontrivial ζ 2
term, which is impossible. If j = 1, (**) becomes

(x − y)(1 − ζ) ≡ 0 (mod p).

148
13.1. Attempting Fermat’s Last Theorem Chapter 13. Introduction

Thus p−1 i
Q
i=2 (1 − ζ ) divides x − y but since x − y ∈ Z, it must be that p | (x − y). Rearranging
the equation xp + y p = z p to read xp + (−z)p = y p and repeating the argument so far shows
that p | (x + z) as well. Thus y ≡ x ≡ −z (mod p). But then

0 = xp + y p − z p ≡ 3xp (mod p)

which implies p | x, contradicting the assumption that p 6= 3. Therefore no solutions exist

to xp + y p = z p for p > 5 such that p - xyz.
This proof fails for general primes p in two places: as we mentioned, not every ring
2πi/p
Z[e ] is a UFD; moreover, there can be many more units than just the roots of unity in
Z[e2πi/p ]. This motivates the study of ideal class groups – which measure how far from being
a PID (and a UFD) a ring of integers is – and unit groups in algebraic number theory.

149
Chapter 14

Algebraic Number Fields

150
14.1. Integral Extensions of Rings Chapter 14. Algebraic Number Fields

14.1 Integral Extensions of Rings

Let A ⊆ B be rings.

Definition. An element x ∈ B is integral over A if it is a root of a monic polynomial with

coefficients in A. We say B is integral over A if every element of B is integral over A.

Definition. The integral closure of A in B is the set of all x ∈ B which are integral over
A. If A is equal to its integral closure in B then we say A is integrally closed in B. In
particular, if A is a domain and B is the fraction field of A then we simply say that A is
integrally closed.

Lemma 14.1.1. x ∈ B is integral over A if and only if A[x] is a finitely generated A-module.
Pn−1 i
Proof. ( =⇒ ) If xn + an−1 xn−1 + . . . + a0 for ai ∈ A then xn ∈ M := i=1 Ax which is a
m
finitely generated A-module. By induction, for all m ≥ n, x ∈ M . This implies A[x] = M ,
so in particular A[x] is finitely generated.
( ⇒= ) Suppose A[x] is generated by f1 (x), . . . , fn (x) where fi are polynomials in a single
variable over A. Let d ≥ max{deg fi }ni=1 . Then
n
X
d
x = ai fi (x)
i=1
Pn
for some choice of ai ∈ A. This shows that x is a root of the polynomial td − i=1 ai fi (t) so
x is integral over A.

Theorem 14.1.2. The integral closure of A in B is a ring.

Proof. It suffices to prove that the integral closure Ā is closed under the addition and mul-
tiplication of B. If x, y ∈ Ā, Lemma 14.1.1 shows A[x, y] is finitely generated. This implies
that the submodules A[x + y] and A[xy] are also finitely generated, so x + y, xy ∈ Ā. Hence
Ā is a ring.
Let A ⊂ B be a subring. We will make use of the following facts about integral extensions
of rings:

ˆ Every UFD is integrally closed.

ˆ If A is a domain, B is finite over A if and only if B is integral over A and B is finitely

generated as an A-module.

ˆ Suppose C ⊇ B ⊇ A are all rings. If C is integral over B and B is integral over A then
C is integral over A.

ˆ If B is integral over A then S −1 B is integral over S −1 A for any multiplicatively closed

subset S ⊂ A.

The two most important objects in global algebraic number theory are defined next.

151
14.1. Integral Extensions of Rings Chapter 14. Algebraic Number Fields

Definition. K is a number field if K is a finite field extension of Q.

Definition. For a number field K ⊃ Q, the integral closure of Z in K is called the ring of
integers of K, written OK .

Examples.

1 The ring of integers of Q is Z.

√ h √ i
2 For K = Q( −3), the ring of integers is OK = Z 1+ 2 −3 .

3 For a prime p, the cyclotomic field K = Q(ζp ) = Q(e2πi/p ) has ring of integers OK =
Z[ζp ].

It turns out that OK is always a free Z-module of rank [K : Q]. Thus we can think of
OK as a lattice embedded in the vector space K.

152
14.2. Norm and Trace Chapter 14. Algebraic Number Fields

14.2 Norm and Trace

Two important maps for understanding number fields are introduced in this section. Let
L/K be a finite field extension and fix x ∈ L.

Definition. The norm of x is the element NL/K (x) = det Tx ∈ K, where Tx : L → L is the
K-linear map Tx (`) = x`.

Definition. The trace of x is TrL/K (x) = tr Tx , where tr denotes the trace.

Note that the norm and trace are defined for any finite extension L/K, not just number
fields. We will often drop the subscript and write N (x) and Tr(x) when the extension is
understood.

Lemma 14.2.1. The norm map NL/K : L× → K × is a homomorphism of multiplicative

groups, and the trace map TrL/K : (L, +) → (K, +) is a homomorphism of abelian groups.

Theorem 14.2.2. Suppose L/K is a finite, separable extension of fields. Let σ1 , . . . , σn be

the distinct embeddings L ,→ K where K is the algebraic closure of K. Then for all x ∈ L,
n
Y n
X
NL/K (x) = σi (x) and TrL/K (x) = σi (x).
i=1 i=1

Proof. Assume σi (x) 6= σj (x) when i 6= j. A basis of L/K is 1, x, . . . , xn−1 and the matrix
for Tx in this basis is
0 ··· −a0
 
0 0
1 0 ··· 0 −a1 
.
 
0 1 .. 0 −a2 
 
. .. . . .. .. 
 .. . . . . 
0 0 ··· 1 −an−1
where f (x) = a0 + a1 x + . . . + an xn is the minimal polynomial of x over K. In this case f is
also the characteristic polynomial of x, so by linear algebra, Tr(x) is equal to the sum of the
roots of f and N (x) is equal to the product of the roots of f . This implies the result.
√
Example 14.2.3. Let K = Q( d) for d a squarefree√integer √ (this means d = ±p1 p2 · · · pr in
its prime factorization). Then an element x = a + b d ∈ Q( d) has norm N (x) = a2 − b2 d
and trace Tr(x) = 2a.

153
14.3. The Discriminant Chapter 14. Algebraic Number Fields

14.3 The Discriminant

In this section let L/K be a finite, separable extension of fields and let {α1 , . . . , αn } be a
K-basis of L, so that [L : K] = n. Also denote by σ1 , . . . , σn : L ,→ K the n distinct
K-embeddings of L into the algebraic closure of K.

Definition. The discriminant of the basis {α1 , . . . , αn } is

dL/K (α1 , . . . , αn ) = [det(σi (αj ))]2 .

Proposition 14.3.1. Let A = [TrL/K (αi αj )]. Then dL/K (α1 , . . . , αn ) = det A. In particular,
dL/K (α1 , . . . , αn ) lies in K.

Proof. By Theorem 14.2.2, TrL/K (αi αj ) = nk=1 σk (αi )σk (αj ). Thus A = BC, where
P

B = (σk (αi ))T and C = (σk (αj )).

Taking the determinant gives us det A = (det B)(det C) = (det C)2 = dL/K (α1 , . . . , αn ).
One case of interest is when L = K(α) is a simple extension and {1, α, α2 , . . . , αn−1 } is a
basis for L as a K-vector space. Then the discriminant of α is defined to be

dL/K (α) := dL/K (1, α, α2 , . . . , αn−1 ).

Llet f be the minimal polynomial of β over K, setting deg f = m. Then the discriminant
of f is
D(f ) = (−1)m(m−1)/2 NL/K (f 0 (β)).

Lemma 14.3.2. For any algebraic element α over K, dL/K (α) equals the discriminant of
the minimal polynomial of α.

Proof. Set L = K(α) and let αi = σi (α) for each embedding σi : L ,→ K. Then
 
1 α1 · · · α1n−1
1 α2 · · · αn−1 
2
dL/K (α) = det  .. .. . .
 
.. 
. . . . 
n−1
1 αn · · · αn

This is a Vandermonde determinant, which evaluates to

Y Y
dL/K (α) = (αi − αj ) = (αi − αj )2 .
1≤i,j≤n 1≤i<j≤n
i6=j

Since K(α)/K is separable, dL/K (α) 6= 0. In fact, the product formula above is precisely the
discriminant of f , the minimal polynomial of α over K.

154
14.3. The Discriminant Chapter 14. Algebraic Number Fields

Example 14.3.3. Let f (x) = xn + ax + b for some a, b ∈ K. We may assume f is irreducible

and separable over K. Let β be any root of f and set

γ = f 0 (β) = nβ n−1 + a.

To compute the norm of γ, note that

nβ −1 (β n + aβ + b) = 0
nβ n−1 + na + nbβ −1 = 0
or γ = −(n − 1)a − nbβ −1 .

Solving for β yields

−nb
β=
γ + (n − 1)a
and we can see that K(β) = K(γ), so the minimal polynomial of γ over K also has degree
n. Next let  
g(x) −nb
=f .
h(x) x + (n − 1)a
We do this because the object on the right may not be a proper polynomial, but it is rational.
g(γ)
Then h(γ) = f (β) = 0 so g(γ) = 0. Since

g(x) = (x + (n − 1)a)n − na(x + (n − 1)a)n−1 + (−1)n nn bn−1

is monic with degree n, this must be the minimal polynomial of γ. Moreover, N (γ) is just
(−1)n times the constant term of g, so N (γ) = nn bn−1 + (−1)n−1 (n − 1)n−1 an .
This suggests the following.
Proposition 14.3.4. Let f (x) = xn + ax + b with f (β) = 0 for some β ∈ K. Then

D(f ) = (−1)n(n−1)/2 (nn bn−1 + (−1)n−1 (n − 1)n−1 an ).

Proof. By the work above,

N (f 0 (β)) = N (γ) = nn bn−1 + (−1)n−1 (n − 1)n−1 an .

Apply Proposition 14.3.4 to obtain the desired formula.

Proposition 14.3.5. For any K-basis {α1 , . . . , αn } of L, dL/K (α1 , . . . , αn ) 6= 0.
Proof. Since L/K is finite and separable, L = K(θ) for some θ ∈ L by the primitive element
theorem. Then by Lemma 14.3.2, dL/K (1, θ, . . . , θn−1 ) 6= 0. Let A ∈ GLn (K) be the change
of basis matrix from {α1 , . . . , αn } to {1, θ, . . . , θn−1 }. Then for each 1 ≤ i, j ≤ n,

det(σi (αj )) = (det A)(det(σi (θj−1 )).

Both determinants on the right are nonzero, so det(σi (αj )) 6= 0 which implies finally that
dL/K (α1 , . . . , αn ) 6= 0 by the definition of disciminant.

155
14.3. The Discriminant Chapter 14. Algebraic Number Fields

The proof of Proposition 14.3.5 gives us the following useful formula: If A, B are two
K-bases for L with change of basis matrix A, then
dL/K (A) = (det A)2 dL/K (B).
√
Example 14.3.6.√Take our favourite example, K = Q( d) over Q, where d is a squarefree
integer. Then {1, d} is a basis for L, and its discriminant is
√ 2
√ √
 
1 √d
dK/Q (1, d) = det = (−2 d)2 = 4d.
1 − d
This matches the fact that the discriminant of x2 − d is 4d.
Suppose A ⊆ K is integrally closed with fraction field K. Let B be the integral closure
of A in L. Observe that if x ∈ B then all conjugates of x in K are integral over K. Thus
NL/K (x) ∈ A and TrL/K (x) ∈ A since A is integrally closed.
Lemma 14.3.7. If x ∈ B × then NL/K (x) ∈ A× .
Proof. By Lemma 14.2.1, NL/K is a homomorphism of groups.
Lemma 14.3.8. Suppose α1 , . . . , αn ∈ B form a K-basis of L. Let d = dL/K (α1 , . . . , αn ).
Then dB ⊆ Aα1 + . . . + Aαn .
Proof. Let a1 , . . . , an ∈ K such that α := ni=1 ai αi ∈ B. Then (a1 , . . . , an ) is a solution to
P
the system of linear equations
n
X
TrL/K (αi α) = TrL/K (αi αj )xj , 1 ≤ i ≤ n.
j=1

The matrix corresponding to this system has determinant d by Proposition 14.3.1. Thus
each aj can be written as d1 times an A-linear combination of Tr(αi α). Since αi , α ∈ B,
Tr(αi α) ∈ A so dαj ∈ A for each j. Thus
n
X
dα = daj αj ∈ Aα1 + . . . + Aαn .
j=1

Since α ∈ B was arbitrary, we have shown that dB ⊆ Aα1 + . . . + Aαn .

Proposition 14.3.9. If A is a PID and M ⊆ L is a finitely generated B-module, then M is
free of rank n = [L : K] as an A-module. In particular, B is free of rank n as an A-module.
Proof. Let {α1 , . . . , αn } ⊂ B be a basis for L/K. We know the rank of B, which is well-
defined over a PID, is at most n. On the other hand, since the αi are linearly independent,
the rank of B is at least n. Thus the rank of B equals n.
Now suppose M is finitely generated as a B-module, say by elements µ1 , . . . , µr . Then
there exists an a ∈ A such that aµi ∈ B for each i (by a homework problem). Thus
daµi ∈ M0 := Aα1 + . . . + Aαn by Lemma 14.3.8. So daM ⊆ M0 . By the structure theory of
modules over a PID, since M0 is free, daM is also free, so M is free of rank at most n. On
the other hand, rank M ≥ rank B = n by assumption so rank M = n. The second statement
follows from taking M = B.

156
14.3. The Discriminant Chapter 14. Algebraic Number Fields

Definition. In the situation above, an A-basis for B is called an integral basis.

The most important case of Proposition 14.3.9 is when K = Q, A = Z and B ⊂ L is the
integral closure of A in some number field L.
Proposition 14.3.10. Let {α1 , . . . , αn } and {β1 , . . . , βn } be two integral bases for B/Z.
Then
dL/Q (α1 , . . . , αn ) = dL/Q (β1 , . . . , βn ).
Proof. Let d = dL/Q (α1 , . . . , αn ) and d0 = dL/Q (β1 , . . . , βn ). Then d = (det M )2 d0 for some
M ∈ GLn (Z). Thus det M = ±1 so d = d0 .
This allows us to define:
Definition. The discriminant of a number field K/Q is
dK := dK/Q (α1 , . . . , αn )
for any Z-basis {α1 , . . . , αn } of OK .
√ √
Example 14.3.11. The quadratic field K = Q( √ 2) has integral basis {1, 2}. Then dK = 8.
In general, for a quadratic extension K = Q( d), the discriminant is given by
(
4d, d ≡ 2, 3 (mod 4)
dK =
d, d ≡ 1 (mod 4)

Example 14.3.12. Let ζ be a primitive pr th root of unity and let K = Q(ζ). We know
that [K : Q] = ϕ(pr ) = pr−1 (p − 1). Set n = ϕ(pr ). We will show that OK = Z[ζ] for every
prime power pr . First, we compute the discriminant dK = dK/Q (ζ). Let f (x) be the minimal
polynomial of ζ over Q. We may write this in two ways:
r
xp − 1 r−1 r
f (x) = pr−1 or (xp − 1)f (x) = xp − 1.
x −1
r−1 r−1 −1 r −1
Differentiating the second expression gives us f 0 (x)(xp − 1) + f (x)(pr−1 xp ) = p r xp .
Then plugging in ζ and solving for f 0 (ζ) produces
pr ζ r−1
f 0 (ζ) = .
ζ pr−1 − 1
Take the norm of this expression:
N (pr )
N (f 0 (ζ)) = ± p r−1 = ±pa for some a ∈ Z.
N (ζ − 1)
Thus by Lemma 14.3.2, dK/Q (ζ) = ±pa for some a ∈ Z, where a ≤ ϕ(pr )pr .
It turns out that it’s easier to work with 1 − ζ in this example. In general this creates
no obstacles, since dK/Q (1 − ζ) = dK/Q (ζ). In our case, we observe that
Y Y
dK/Q (1 − ζ) = (1 − σi (ζ) − (1 − σj (ζ)))2 = (σi (ζ) − σj (ζ))2 = dK/Q (ζ).
1≤i<j≤n 1≤i<j≤n

Thus dK/Q (1 − ζ) = ±pa . To proceed, we need the following generalization of Lemma 13.1.1.

157
14.3. The Discriminant Chapter 14. Algebraic Number Fields

Y
Lemma 14.3.13. (1 − ζ k ) = p.
p-k
1≤k≤pr

Proof. Consider
r
xp − 1 r−1 r−1 r−1
f (x) = pr−1 = 1 + xp + x2p + . . . + x(p−1)p .
x −1
Plugging in x = 1 gives the result.
Observe that for any two k1 , k2 ∈ N not divisible by p,

1 − ζ k1
∈ Z[ζ].
1 − ζ k2
1−ζ k1
Then by symmetry, 1−ζ k2 is a unit in Z[ζ] for all such k1 , k2 . We will now show OK = Z[1−ζ].

Consider the basis {1, 1 − ζ, (1 − ζ)2 , . . . , (1 − ζ)n−1 } for K/Q. If x ∈ OK , we can write x in
the following manner by Lemma 14.3.8:
n−1
X bi
x= a
(1 − ζ)i for bi ∈ Z,
i=0
p

using the fact that dK/Q (1 − ζ) = ±pa . If pbai ∈ Z for each i, then we’re done. If not, multiply
by some pc so that all pbai pc ∈ p1 Z but not all of them lie in Z. Note that pc x ∈ OK , so we
may replace x with pc x and write
n−1
X bi
x= (1 − ζ)i , bi ∈ Z.
i=0
p

Suppose x 6∈ Z[1 − ζ]. Subtracting off the terms where p | bi if necessary, we may assume
bi = 0 whenever p | bi . Let j be the smallest index with p - bj . Then
n−1
X bi
x= (1 − ζ)j , p - bj .
i=j
p

p n
The element (1−ζ) j+1 lies in Z[1 − ζ] since j + 1 ≤ n and (1 − ζ) | p by Lemma 14.3.13.
p
Therefore we may multiply the expression for x by (1−ζ)j+1 to obtain

bj
x= + (terms in Z[1 − ζ]).
1−ζ
bn bn
   
bj j bj
Note that N 1−ζ
= N (1−ζ)
= pj is not divisible by p, Thus N 1−ζ 6∈ Z but this con-
bj
tradicts the fact that 1−ζ
∈ OK . Hence x ∈ Z[1 − ζ] which finally proves the claim that
OK = Z[1 − ζ] = Z[ζ].

158
14.3. The Discriminant Chapter 14. Algebraic Number Fields

The following theorem allows us to generalize Example 14.3.12 to all Q(ζ) where ζ is a
primitive nth root of unity.

Theorem 14.3.14. Let A be an integrally closed integral domain with field of fractions K
and suppose L/K and M/K are finite separable extensions with ω1 , . . . , ωn an integral basis
for L with respect to A and α1 , . . . , αm an integral basis for M with respect to A. Further
suppose dL/K (ω1 , . . . , ωn ) and dM/K (α1 , . . . , αm ) are relatively prime in A. Then {ωi αj } is
an integral basis for the compositum LM over A and

dLM/K (ωi αj ) = dL/K (ωi )m dM/K (αj )n .

Corollary 14.3.15. If ζm is an mth root of unity then OQ(ζm ) = Z[ζm ].

Proof. Factor m = pa11 · · · par r . Then Q(ζm ) = Q(ζpa1 1 ) · · · Q(ζpar r ). Moreover, for distinct
Q
primes p 6= q, dQ(ζp )/Q and dQ(ζq )/Q are relatively prime. Therefore by Theorem 14.3.14, the
ring of integers of Q(ζm ) is

OQ(ζm ) = Z[ζpa1 1 , . . . , ζpar r ] = Z[ζm ].

159
14.4. Factorization of Ideals Chapter 14. Algebraic Number Fields

14.4 Factorization of Ideals

Let K be a number field. We have seen that unique factorization may fail in OK , as we
recall in the example below.
√ √
Example 14.4.1. The quadratic field K = Q( −5) has ring of integers OK = Z[ −5]. In
this ring, 6 has two different factorizations:
√ √
6 = 2 · 3 = (1 + −5)(1 − −5).
√
Therefore unique factorization fails√ in Z[ −5]. To√see that these are the only two factor-
izations of 6, observe that N (1 +√ −5) = N (1 − −5) = 6, but there are no solutions in
integers to the equation N (a + b −5) = a2 + 5b2 = 2, 3.
It is our goal in this section to in some fashion repair the failure of unique factorization
in OK , and in an arbitrary Dedekind domain A (to be defined below). Then we will further
study the problem of determining all factorizations of an element in an integral extension.
For the unique factorization
√ problem, it would be nice (even ‘ideal’) if there were some
objects p1 , p2 , p3 , p4 ∈ Z[ −5] such that
√
2 = p1 p2 1 + −5 = p1 p3
√
3 = p3 p4 1 − −5 = p2 p4 .

In fact, the exact objects we are looking for are prime ideals in OK . In order to describe a
unique factorization into prime ideals, recall that for ideals I, J ⊂ A, their ideal product is
( n )
X
IJ = xi yi : xi ∈ I, yi ∈ J .
i=1

Definition. An integral domain A is a Dedekind domain if

(1) A is integrally closed.
(2) A is Noetherian.
(3) All nonzero prime ideals of A are maximal.
The main theorem we will prove is:

Qn aiIf A is a Dedekind domain, then every nonzero ideal I ⊂ A has a factor-

Theorem 14.4.2.
ization I = i=1 pi for distinct prime ideals pi ⊂ A which are unique up to ordering.
Theorem 14.4.3. For every number field K, OK is a Dedekind domain.
Proof. (1) OK is integrally closed since by definition it is the integral closure of Z in K.
(2) We have seen (Prop. 14.3.9) that OK lies inside a finitely generated Z-module. By
commutative algebra, this is sufficient to conclude that OK is Noetherian.
(3) The property of nonzero prime ideals being maximal is alternatively known as Krull
dimension 1. It is known that finite integral extensions which are integrally closed preserve
Krull dimension, e.g. by the going up theorem.

160
14.4. Factorization of Ideals Chapter 14. Algebraic Number Fields

Since Z is Dedekind, integer unique factorization can be captured by Theorem 14.4.2 by

associating a prime
√ integer p ∈ Z with the principal prime ideal it generates: (p) ⊂ Z. For
example, in Z[ −5] we have
√ √ √ √
(6) = (2, 1 + −5)(2, 1 − −5)(3, 1 + −5)(3, 1 − −5).

Lemma 14.4.4. If A is Dedekind, every nonzero ideal I ⊂ A contains a finite product of

prime ideals.
Proof. Let M be the set of nonzero ideals of A not divisible by a finite product of primes.
Since A is Noetherian, there exists a maximal element a ∈ M. Then a must not be prime,
so there exist elements b1 , b2 ∈ A r a such that b1 b2 ∈ a. Consider the ideals a + (b1 ) and
a + (b2 ). Since a is maximal in M, each of these contains a finite product of prime ideals.
Then (a + (b1 ))(a + (b2 )) ⊆ a contains a product of primes, a contradiction. Hence M is
empty.
The classic proof of unique factorization of integers relies on being able to cancel out
primes (by dividing), so to mimic this in our proof of Theorem 14.4.2, we define an analogy
of inverses for ideals.
Definition. If J ⊂ A is an ideal, the fractional ideal generated by J is the A-module

J −1 := {x ∈ K | xJ ⊆ A}.

Lemma 14.4.5. For every ideal J ⊂ A, J −1 is an A-submodule of K.

Notice that J −1 ⊇ A so for any proper ideal J ( A, J −1 is not an ideal of A.
Lemma 14.4.6. If p ⊂ A is a prime ideal, p−1 6= A.
Proof. Let x ∈ p. Then By Lemma 14.4.4, (x) ⊇ p1 · · · pr for prime ideals pi ⊂ A. Assume r
is minimal among such products of primes contained in (x). We claim that p = pi for some
1 ≤ i ≤ r. If not, there exists an ai ∈ pi r p for each i, by maximality of prime ideals. Then
a1 · · · ar ∈ p1 · · · pr ⊆ (x) ⊆ p, a contradiction. Thus p = pi for some i. Assume p = p1 .
Then by minimality of r, we know (x) ) p2 · · · pr . Let b ∈ p2 · · · pr r (x). Then x−1 b 6∈ A,
but x−1 bp ⊆ A. So x−1 b ∈ p−1 r A.
Lemma 14.4.7. If a ⊂ A is an ideal and p ⊂ A is a prime ideal, then ap−1 ) a.
Proof. Certainly ap−1 ⊇ a since p−1 ⊃ A. Suppose ap−1 = a and let x ∈ p−1 . Then xa ⊆ a,
so in particular, left multiplication by x is an element of the A-algebra EndA (a). Since A
is Noetherian, EndA (a) is finitely generated. Clearly EndA (a) is also a faithful A-module,
so by a well-known characterization of integrality (cf. Atiyah-Macdonald), x is integral over
A. Then since A is integrally closed, x ∈ A. We have shown p−1 = A, but this contradicts
Lemma 14.4.6. Therefore ap−1 ) a.
Corollary 14.4.8. For any prime ideal p ⊂ A, pp−1 = A.
Proof. By Lemma 14.4.7, we have p ( pp−1 ⊆ A, but primes are maximal in a Dedekind
domain, so pp−1 = A.

161
14.4. Factorization of Ideals Chapter 14. Algebraic Number Fields

Corollary 14.4.9. For an ideal a ⊂ A and a prime ideal p ) a, ap−1 ( A.

Proof. If ap−1 = A then p = app−1 = a, a contradiction.
We are now prepared to prove the unique factorization theorem for nonzero ideals in a
Dedekind domain.
Proof. (of Theorem 14.4.2) Let M be the collection of nonzero, non-unital ideals in A that do
not have a factorization into prime ideals. Since A is Noetherian, M has a maximal element
a. As before, a cannot be prime so it is contained in a prime ideal p. By Lemma 14.4.7,
ap−1 ) a so ap−1 6∈ M. On the other hand, by Corollary 14.4.9 we have ap−1 6= (1) so
ap−1 = p1 · · · pr . Multiplying by p gives us a = app−1 = pp1 · · · pr which shows a has a prime
factorization. Thus M must be empty. This proves the existence part of the theorem.
For uniqueness, suppose a Q = p1 · · · pr = q1 · · · qs for prime ideals pi , qj ⊂ A. Then by the
proof of Lemma 14.4.6, p1 ⊃ j qj implies p1 = qj for some 1 ≤ j ≤ s. Multiplying both
sides by p1−1 cancels out terms, yielding shorter prime factorizations of a which are equal by
induction. The base case of this induction is easy: if a is prime then it only has the trivial
factorization a = a. This finishes the proof of unique factorization of ideals in a Dedekind
domain.
Remark. For an ideal a ⊂ A and a prime ideal p ⊂ A, we will use the expressions p ⊇ a
(‘p contains a’) and p | a (‘p divides a’) to mean the same thing: p appears in the prime
factorization of a.
If I, J ⊂ A are ideals, we will write (I, J) = 1 if I + J = (1), that is, if I and J are
relatively prime in A.
Definition. A fractional ideal of A is any finitely generated A-submodule of K.
Example 14.4.10. For any ideal J ⊂ A, J −1 is a fractional ideal.
Proposition 14.4.11. The nonzero fractional ideals of A form a group under ideal multi-
plication, with identity (1).
Proof. By Theorem 14.4.2, fractional ideals of the form pai i , with ai ∈ Z and pi ⊂ A prime,
Q
form a group which is isomorphic to a direct sum of copies of Z. Let M be any fractional
ideal. Then M is finitely generated, so there exists an element x ∈ K such that xM ⊂ A
is an ideal. Since (x) and xM have prime factorizations, so does M = (x)−1 xM . Hence all
fractional ideals form a group under multiplication. Corollary 14.4.8 shows that (1) is the
identity element in this group.
Proposition 14.4.12. If I ⊂ A is an ideal then II −1 = (1).
Proof. Suppose I = p1 · · · pr is the prime factorization of I. Then J = p−1 −1
1 · · · pr is a
−1
fractional ideal, and by Corollary 14.4.8, IJ = (1). It remains to show J = I . First, since
IJ = (1) we have J ⊆ I −1 . If x ∈ I −1 then xI ⊂ A so

xIp−1 −1 −1 −1
1 · · · pr ⊆ p1 · · · pr = J.

Thus Ax ⊆ J so x ∈ J. This proves J = I −1 as required.

162
14.4. Factorization of Ideals Chapter 14. Algebraic Number Fields

Corollary 14.4.13. If A is a Dedekind domain and a unique factorization domain, then A

is also a PID.

Definition. For a Dedekind domain A, let JA denote the group of fractional ideals of
A. The ideal class group of A is defined as the quotient group

CA = JA /PA

where PA is the subgroup of JA consisting of the principal fractional ideals of A.

Clearly |CA | = 1 if and only if A is a PID (and therefore a UFD), so the ideal class group
is a direct measure of the failure of unique factorization in A. Moreover, the ideal class group
corresponds to an exact sequence of groups

1 → A× → K × → JA → CA → 1.

We will study this further when we characterize the unit group K × in Section 14.10.

Lemma 14.4.14. Every class in CA can be represented by an ideal I ⊂ A.

Example 14.4.15. The ring A = C[x, y]/(y 2 − x3 − x) is a Dedekind domain. It turns

out that the ideal class group CA has cardinality equal to |C|, so this example shows that
ideal class groups can be particularly bad. In particular, unique factorization fails in A:
x3 − x = y 2 = x(x − 1)(x + 1).

One of the most important results in algebraic number theory is the following theorem,
which we will prove in Section 14.9.

Theorem. For a number field K, the class group CK := COK is finite.

√ √ √
Example 14.4.16. Let K = Q( −5) and recall √ that 6 = 2 · 3 = (1 + −5)(1 − −5).
What do 2 and 3 split into as ideals in OK = Z[ −5]? It turns out that
√ √ √ √
2OK = (2, 1 + −5)(2, 1 − −5) and 3OK = (3, 1 + −5)(3, 1 − −5).

The underlying principle

√ governing this splitting behavior is the fact that the minimal poly-
2
nomial x + 5 of −5 splits differently mod 2 and 3:

x2 + 5 ≡ (x + 1)2 (mod 2) and x2 + 5 ≡ (x + 1)(x − 1) (mod 3).

163
14.5. Ramification Chapter 14. Algebraic Number Fields

14.5 Ramification
In this section let L/K be a finite separable field extension, let OK be a Dedekind domain
with field of fractions K and let OL be the integral closure of OK in L. Put n = [L : K].
Lemma 14.5.1. OL is a Dedekind domain.
Proof. This is the same proof as for Theorem 14.4.3.
Lemma 14.5.2. If p ⊂ OK is a prime ideal then pOL 6= OL .
Proof. Take x ∈ p−1 r OK , which exists by Lemma 14.4.6. Then xp ⊆ OK so xpOL ⊆ OL .
If pOL = OL then we have xpOL = xOL ( OL , a contradiction. Therefore pOL 6= OL .
Now fix a nonzero prime ideal p ⊂ OK . By Theorem 14.4.2, p considered as an ideal of
OL has a unique factorization
pOL = Pe11 · · · Pegg
where the Pi ⊂ OL are distinct primes and each ei > 1. Note that for each i, OL /Pi is a
finite dimensional OK /p-vector space. (This follows from the fact that Pi ∩ OK = p.) We
say the Pi are the primes of OL lying over p. By unique factorization, these are the only
primes lying over p.
Definition. For a prime Pi in the factorization of pOL , the index fi = [OL /Pi : OK /p] is
called the inertial degree of Pi (over p) and the exponent ei is called the ramification
index of Pi (over p). We say the prime p is totally split if ei = fi = 1 for all 1 ≤ i ≤ g;
p is totally ramified if g = 1 and f1 = 1; and p is inert if g = 1 and e1 = 1.
Definition. If any ei > 1 or (OL /Pi )/(OK /p) is inseparable, we say the prime p is ramified
(in OL ). Otherwise p is unramified.
Example 14.5.3. In Z[i], (2) = (1 + i)2 so (2) ramifies with e1 = 2. By contrast, (3) is inert
in Q(i) with residue field Z[i]/(3) ∼
= F9 , and (5) = (2 + i)(2 − i) is unramified.
Qg ei
Theorem
Pg 14.5.4. For any prime p ⊂ O K with prime factorization pO L = i=1 Pi , we
have i=1 ei fi = n = [L : K].
Proof. By the Chinese remainder theorem (the version of Theorem 3.2.10 for rings), we can
write g g
ei ∼
Y M
OL /pOL = OL / Pi = OL /Pei i .
i=1 i=1

To prove the theorem, we show that [OL /pOL : OK /p] = n and [OL /Pei i : OK /p] = ei fi for
each 1 ≤ i ≤ g. For the first equality, take {ω 1 , . . . , ω m } to be a basis for OL /pOL as an
OK /p-vector space. Lift these elements to ω1 , . . . , ωm ∈ OL . Suppose

a1 ω1 + . . . + am ωm = 0 for coefficients ai ∈ OK .

Let a = (a1 , . . . , am ) ⊂ OK and let x ∈ a−1 r ap; such an element exists by Lemma 14.4.7.
Then xai ∈ OK for all i, but xai 6∈ p for some i. Replacing ai with xai and reducing mod

164
14.5. Ramification Chapter 14. Algebraic Number Fields

p gives us a linear dependence, contradicting the assumption that ω 1 , . . . , ω m are a basis of

OL /pOL . Hence ω1 , . . . , ωm must be linearly independent in OK .
To show they span OK , let M = ω1 OK + . . . + ωm OK ⊆ OL . Since the ω i generated
OL /pOL , we get M + pOL = OL . In other words, p(OL /M ) = OL /M . By Nakayama’s
Lemma, this means OL /M is killed by some x ∈ 1 + p. In particular, such an x is necessarily
nonzero so xOL ⊆ M . Thus ω1 xOK +. . .+ ωxm OK ⊇ OL . This implies that ωx1 K +. . .+ ωxm K =
L so the ωi span OL as an OK -vector space. This of course is only possible if m = n, so we
have the first equality.
Now consider the sequence
OL /Pei i ⊇ Pi /Pei i ⊇ P2i /Pei i ⊇ · · · ⊇ Pei i −1 /Pei i ⊇ 0.
Taking each quotient in the chain yields something of the form Pνi /Pν+1
i , and by unique
factorization, each of these quotients is nontrivial. Thus we can choose x ∈ Pνi r Pν+1
i .
Consider the map
ϕ : OL −→ Pνi /Pν+1
i
α 7−→ xα.
Certainly ker ϕ = Pi since Pi ⊆ ker ϕ and primes are maximal in OL . Also, ϕ is surjective
since Pν+1
i ( (x)+Pν+1
i ⊆ Pνi which implies (x)+Pν+1
i = Pνi . Therefore OL /Pi ∼
= Pνi /Pν+1
i
as OK /p-vector spaces. Adding these up gives us
ei
X
dimOK /p OL /Pei i = dimOK /p OL /Pi = ei fi .
j=1
Pg
This proves both claims, and this is of course enough to conclude that n = i=1 ei fi .

Let θ ∈ OL be a primitive element of L/K, that is, L = K(θ). It is not always guaranteed
that OK [θ] = OL . However, we have a way of measuring how far off from the whole ring OL
the submodule OK [θ] really is.
Definition. The conductor of the extension L/K is the ideal
f := {α ∈ OK | αOK ⊆ OK [θ]} ⊂ OK
where L = K(θ).
Example 14.5.5. If OK [θ] = OL , then f = (1).
√ √
Example 14.5.6. For K = Q and L = Q( −3), the conductor is f = (2, 1 + −3).
Note that f is always nonzero.
Theorem 14.5.7. Let L/K be a finite separable extension with L = K(θ). Suppose p ⊂ OK
is prime and pOL + f = (1), where f is the conductor of the extension L/K. Let ϕ(x) be the
minimal polynomial of θ over K. If ϕ(x) factors completely in (OK /p)[x] as
ϕ(x) = ϕ1 (x)e1 · · · ϕg (x)eg mod p
with deg ϕi = fi , then the factorization of p in OL is pOL = gi=1 Pei i where for each
Q
i, Pi is a prime ideal with ramification index ei and inertia degree fi , given explicitly by
Pi = ϕi (θ)OL + pOL for any lift ϕi (x) of ϕi (x) in OK [x].

165
14.5. Ramification Chapter 14. Algebraic Number Fields

Proof. Set O0 = OK [θ]. We will prove the following isomorphisms:

= O0 /pO0 ∼
OL /pOL ∼ = (OK /p)[x]/ϕ(x)

where again ϕ(x) is the minimal polynomial of θ over K. Clearly O0 ⊆ OL so we have a map
O0 /pO0 → OL /pOL . By assumption, pOL + f = OL but f ⊆ OL so we have pOL + O0 = OL .
Hence the map is surjective. On the other hand, pO0 ⊆ pOL ∩ O0 and

pOL ∩ O0 = (pOL ∩ O0 )(pOL + f) ⊆ pO0 + fpOL ⊆ pO0 .

This proves injectivity, so the first isomorphism is proven. The second isomorphism is im-
mediate from the fact that

O0 /pO0 ∼
= OK [x]/(ϕ(x), p) ∼
= (OK /p)[x]/ϕ(x).

Now by the Chinese remainder theorem, we may write

g
OL /pOL L ∼
= (OK /p)[x] ∼
M
= (OK /p)[x]/ϕ(x)ei .
i=1

The prime ideals on the right are just the idealsQ(ϕi (x)). Set R = (OK /p)[x]/ϕ(x) and
notice that [R/(ϕi (x)) : OK /p] = fi = deg ϕi and gi=1 ϕi (x)ei = 0. The primes in OL /pOL
corresponding
Qg under the above isomorphism to the ϕi (θ) are Pi := ϕi (θ)OL + pOL . Notice
ei
that i=1 Pi ⊆ pOL , but since
g g
X Y
dimOK /p OL /pOL = ei fi = dimOK /p OL / Pei i ,
i=1 i=1
Qg
we have i=1 Pei i = pOL . This proves the theorem.

Example 14.5.8. Let OK = Z[i] be the Gaussian integers. Here the conductor is f = (1).
Consider how x2 + 1 splits mod 13:

x2 + 1 ≡ (x − 5)(x + 5) (mod 13).

Then by Theorem 14.5.7, the ideal (13) splits in Z[i] in the following way:

13Z[i] = (13, 5 + i)(13, −5 + i) = (3 + 2i)(3 − 2i).

For a prime p ⊂ OK and a prime P ⊂ OL lying over p, write kp = OK /p and `P = OL /P.

Proposition 14.5.9. If p ⊂ OK is a nonzero prime such that p + f = (1) in OL , then p

is unramified if and only if p does not divide the principal ideal (dL/K (θ)) generated by the
discriminant of L/K.

Proof. We know dL/K (θ) = i<j (θi − θj )2 where θi are all the K-embeddings of θ in K.
Q
Since p + f = (1), p splits in OL based on how ϕ splits mod p, where ϕ is the minimal
polynomial of θ over K. Explicitly, Theorem 14.5.7 tells us that p is unramified if and only

166
14.5. Ramification Chapter 14. Algebraic Number Fields

if there are no repeated factors in the factorization of ϕ mod p and ϕ mod p is separable.
This is equivalent to all the roots of ϕ mod p having multiplicity 1 in k̄p , which in turn is
equivalent to θi 6= θj mod p for all i 6= j. Now consider
Y
θi 6= θj for all i 6= j ⇐⇒ (θi − θj ) is relatively prime to p in OK
i6=j

⇐⇒ p is relatively prime to each θi − θj in OM

for some normal closure M of L/K
⇐⇒ p - (dL/K (θ)) in OK .
Hence p is unramified precisely when p - (dL/K (θ)).
Example 14.5.10. In this example we provide a full characterization
√ of the splitting behav-
ior of primes in quadratic extensions. Suppose K = Q( n) where n is a squarefree integer.
Then K/Q is Galois, so for each prime p ∈ Z we have 2 = ef g by Theorem 14.5.4. There
are exactly three possibilities for e, f and g:
ˆ e = 2 and f, g = 1. In this case p ramifies in OK so pOK = P2 for some prime ideal P.
It turns out that there are only finitely many such primes since by (3) of the previous
theorem, p ramifies in K if and only if x2 + n ≡ 0 (mod p) has a multiple root. This
ties in with the idea that the discriminant of a polynomial determines its number of
roots.
ˆ f = 2 and e, g = 1. In this case p is inert, so pOK is prime. It turns out that this
happens half the time (minus the finitely many cases when a prime ramifies).
ˆ g = 2 and e, f = 1. Here p splits completely in OK , so pOK = P1 P2 for prime ideals
P1 6= P2 . This happens the other half of the time.
Example 14.5.11. Let K = Q(i) and recall that the Gaussian integers Z[i] are the ring
of integers for K. In this example we will describe the splitting behavior of primes in Z[i].
From the last few results, we claim that for an odd prime integer p (excluding p = 2) the
following are equivalent:
(i) p ≡ 1 (mod 4).
(ii) (p) splits completely in Z[i].
(iii) p = x2 + y 2 for some integers x, y.
Proof. To prove our claim, note that Z[i] is the ring of integers for K = Q(i) and α = i
has minimal polynomial x2 + 1 over Q. Thus we know that (p) splits completely in Z[i] if
and only if x2 + 1 splits modulo p. This in turn happens if and only if Fp contains a fourth
root of unity, i.e. F× ×
p contains an element of order 4. Since Fp has order p − 1, this means
4 | p − 1 and so (i) ⇐⇒ (ii) is proven.
Next suppose (p) splits in Z[i]; let (p) = p1 p2 for prime ideals p1 , p2 ∈ Z[i]. In Exam-
ple 14.9.12, we will prove that the ring of Gaussian integers Z[i] is a PID. Using this fact, we
know p1 = (x + yi) for integers x and y, but then p2 must be (x − yi). Therefore p = x2 + y 2
up to multiplication by a unit in Z[i]. However the only units are ±1, ±i so clearly p must
just be x2 + y 2 . Conversely, if p = x2 + y 2 then p = (x + yi)(x − yi) in Z[i].

167
14.5. Ramification Chapter 14. Algebraic Number Fields

Note that this solves Fermat’s theorem characterizing primes of the form x2 + y 2 . It will
be a continuing theme in these notes to fully characterize primes of the form x2 + ny 2 for all
integers n.

Example 14.5.12. Let K = Q(α) where α is a root of f (x) = x3 − x − 1. By Propo-

sition 14.3.4, this polynomial has discriminant −23 so 23 is the only integer prime which
ramifies in OK . Since [K : Q] = 3 and

x3 − x − 1 ≡ (x − 3)(x − 10)2 mod 23,

the factorization we obtain from Theorem 14.5.7 is 23OK = pq2 where p 6= q and both are
prime. In general, how do we know that q ramifies but p doesn’t? This type of information
cannot be detected by the discriminant alone. However, the different will provide an answer
(see Section 15.10).

We now discuss Hilbert’s program for ramification theory. Assume that L/K is Galois
G = Gal(L/K). Note that σ(OL ) = OL for all σ ∈ G. If p ⊂ OK is a prime and
and let Q
pOL = gi=1 Pei i , then each σ ∈ G acts on the primes lying over p: σ(Pi ) = Pj for some
1 ≤ j ≤ g. The key observation is that this action is transitive.

Proposition 14.5.13. For any prime p ⊂ OK , G = Gal(L/K) acts transitively on the set
of primes of OL lying over p.

Proof. Suppose not. Then there is some pair of primes Pi , Pj lying over p such that σPj 6=
Pi for all σ ∈ G. By the Chinese remainder theorem, pick x ∈ Pj such that x ≡ 1 (mod
Q σPi )
for all σ ∈ G. Then NL/K (x) ∈ Pj ∩ OK = p. On the other hand, NL/K (x) = σ∈G σ(x)
but σ(x) 6∈ Pi for any σ, so NL/K (x) 6∈ p. This is impossible, so there is some σ ∈ G such
that σPj = Pi .

Corollary 14.5.14. When L/K is Galois, for any prime p ⊂ OK , all ramification indices
ei and all inertia degrees fi for primes over p are equal, and therefore [L : K] = ef g, where
e = ei and f = fi for any prime Pi | p.

Proof. An ideal Pνi divides pOL if and only if σPνi divides pOL for all σ ∈ G, which by
Proposition 14.5.13 is equivalent to Pνj dividing pOL for all 1 ≤ j ≤ g. Therefore the
ramification indices are all equal; let e denote any one of them. Now given 1 ≤ i, j ≤ g,
suppose σ ∈ G is a permutation taking Pj to Pi , that is, Pi = σPj . Then σ determines an
isomorphism OL /Pj → OL /Pi . Therefore fi = fj . Let
Pg f denote any of the inertial degrees.
Then finally, by Theorem 14.5.4 we have [L : K] = i=1 ef = ef g.
Fix a prime P ⊂ OL lying over p.

Definition. The subgroup DP = {σ ∈ G | σ(P) = P} of G is called the decomposition

group of P.

Clearly by the orbit-stabilizer theorem, |DP | = ef where e and f are the ramification
index and inertia degree of p, respectively. By Galois theory, there is a field extension ZP /K
corresponding to the subgroup DP ≤ G, which is explicitly the fixed field ZP = LDP .

168
14.5. Ramification Chapter 14. Algebraic Number Fields

Definition. For a prime P | p, the field ZP is called the decomposition field of P.

L
DP
ZP G

Lemma 14.5.15. If σP = P0 for two primes P, P0 lying over p, then DP0 = σDP σ −1 for
some σ ∈ G.

Proof. This is a more general fact about the stabilizers of a transitive group action. Note
that for σ, τ ∈ Gal(L/K),

τ −1 στ ∈ DP ⇐⇒ τ −1 στ P = P ⇐⇒ στ P = τ P ⇐⇒ σ ∈ Dτ P

which implies that σ ∈ DP ⇐⇒ τ στ −1 ∈ DP . Hence τ DP τ −1 = Dτ P .

The ramification index and inertia degree are transitive in any tower of Galois field
extensions:

Lemma 14.5.16. For a Galois tower of number fields M ⊃ L ⊃ K and a prime p ⊂ OK ,

let Q ⊂ OM be a prime lying over p and set P = Q ∩ L. Then e(Q | p) = e(Q | P)e(P | p)
and f (Q | p) = f (Q | P)f (P | p).

Proof. Clearly P is a prime lying over p in OL , so e(P | p) and f (P | p) are defined.

Then e(Q | p) = e(Q | P)e(P | p) is immediate by unique factorization in Dedekind
domains, and f (Q | p) = f (Q | P)f (P | p) follows from Corollary 14.5.14 and the fact that
[M : K] = [M : L][L : K].
The decomposition field is characterized by the following proposition.

Proposition 14.5.17. Let a = P ∩ ZP be a prime below P in ZP . Then

(1) P is the only prime in OL lying over a.

(2) If e = e(P | p) and f = f (P | p) then e(P | a) = e, f (P | a) = f and e(a | p) = 1 =

f (a | p).

L P
e f
ZP a
1 1
K p

169
14.5. Ramification Chapter 14. Algebraic Number Fields

Proof. (1) For all σ ∈ DP = Gal(L/ZP ), σP = P. By Proposition 14.5.13, DP acts

transitively on the primes over a, so P must be the unique one.
(2) Since |DP | = ef , e(P | a)f (P | a) = ef but by Lemma 14.5.16, e(P | a) divides e
and f (P | a) divides f . Therefore e(P | a) = e and f (P | a) = f , and the others are 1 by
Lemma 14.5.16.

Remark. Every σ ∈ DP induces an automorphism ϕσ : OL /P → OL /P which fixes kp =

OK /p ⊆ `P = OL /P. Thus we get a map

ϕ : DP −→ Aut(`P /kp )
σ 7−→ ϕσ .

Proposition 14.5.18. ϕ : DP → Aut(`P /kp ) is surjective and `P /kp is a normal extension.

Proof. By Proposition 14.5.17, ka = kp for any prime ideal a in the ring of integers of the
decomposition field, so we can replace K with Z = ZP and G with DP . Thus P is the
only prime lying over p. Take θ̄ ∈ `P and let θ ∈ OL be any lift, with minimal polynomials
ḡ(x) ∈ kp [x] and f (x) ∈ K[x], respectively. Certainly f¯(θ̄) = 0 mod p so ḡ | f¯ in kp [x].
Since L/K is normal (it is a Galois extension), f splits over L. This implies f¯ splits over `P ,
so ḡ splits as well. This proves `P /kp is a normal extension.
Now choose θ̄ generating the separable closure of kp in `P . Let σ̄ ∈ Aut(`P /kp ). Then
σ̄ θ̄ is a root of ḡ and thus of f¯. Since f splits in L, there exists a root α ∈ L of f such
that ᾱ = σ̄ θ̄ in `P . Choose σ ∈ G = DP such that σθ = α, which is possible since L/K is
normal. Then ϕ(σ) = σ̄ because θ̄ generates the separable closure of kp in `P . This proves
ϕ is surjective.

Definition. The kernel IP = ker ϕ ≤ DP is called the inertia group of P. Explicitly,

IP = {σ ∈ G | σ(x) ≡ x mod P for all x ∈ OL }.

Definition. The fixed field TP = LIP is called the inertia field of P (over p).

Corollary 14.5.19. If L/K is a Galois extension, the sequence

1 → IP → DP → Gal(`P /kp ) → 1

is exact. Moreover, |IP | = e and |DP | = ef , where e and f are the ramification index and
inertial degree, respectively, for L/K.

Proposition 14.5.20. Let b = P ∩ TP and a = P ∩ ZP = b ∩ ZP be prime ideals in the

inertia and decomposition fields, respectively. Set e = e(P | p) and f = f (P | p). Then
e(P | b) = e, f (b | a) = f and e(b | a) = f (P | b) = 1.

170
14.5. Ramification Chapter 14. Algebraic Number Fields

L P
e 1
TP b
1 f
ZP a
1 1
K p

Proof. Let Z = ZP and T = TP . In light of Proposition 14.5.17, it’s enough to show

`P = OT /b and |DP /IP | = f . By the exact sequence 1 → IP → DP → Gal(`P /kp ) → 1,
DP /IP ∼
= Gal(`P /kp ) so if `P = OT /b, then

|DP /IP | = | Gal((OT /b)/kp )| = | Gal((OT /b)/(OZ /a))| = f.

Therefore it suffices to prove the former statement, that is, `P = OT /b. The decomposi-
tion/inertia group exact sequence for the extension L/T is

1 → IP → IP → Gal(`P /(OT /b)) → 1

which implies `P = OT /b as claimed.

171
14.6. Cyclotomic Fields and Quadratic Reciprocity Chapter 14. Algebraic Number Fields

14.6 Cyclotomic Fields and Quadratic Reciprocity

Recall that when ζm is a primitive mth root of unity and K = Q(ζm ), the ring of integers of
this cyclotomic number field is OK = Z[ζm ]. This was proven in Corollary 14.3.15. In this
section, we further elaborate on the properties of Q(ζm ) and Z[ζm ] and use algebraic number
theory to prove Gauss’s celebrated quadratic reciprocity law (already seen in Theorems 7.2.10
and 7.2.11). Recall the following definition from elementary number theory.
Definition. If p is an odd prime and a ∈ Z, the Legendre symbol of a mod p is

  
a 1 p - a and a is a square (mod p)
= −1 a is not a square (mod p)
p 
0 p | a.

 
Proposition 14.6.1. Suppose a, p ∈ Z with p prime and (2a, p) = 1. Then ap = 1 if and
only if the prime ideal (p) splits completely in OQ(√a) .
√ √
√ The conductor f a divides 2, so 2(p) splitting in OQ( a) is equivalent to (p) splitting in2
Proof.
Z[ a]. This, in turn, is equivalent to x − a splitting mod p, by Theorem 14.5.7, i.e. a ≡ x
(mod p) for some x ∈ Z. Hence (p) splits in OQ(√a) if and only if a is a square mod p.
 
Remark. Since F× p is cyclic, it’s easy to show that a
p
≡ a(p−1)/2 (mod p) for any a ∈ Z
— this is called Euler’s criterion. In particular, for a = −1 we have
  (
−1 1, p ≡ 1 (mod 4)
=
p −1, p ≡ −1 (mod 4).
Most elementary proofs of quadratic reciprocity (see Theorems 7.2.10 and 7.2.11) exploit
this characterization of the Legendre symbol in some fashion. Here we prove the reciprocity
law by considering the factorization of (p) in the ring Z[ζq ].
Theorem 14.6.2 (Quadratic Reciprocity). Let p and q be distinct, odd primes. Then
   
p q
= (−1)(p−1)(q−1)/4 .
q p
 ∗  
First, set q ∗ = (−1)(q−1)/2 q so that qp = pq (−1)(p−1)(q−1)/4 by Euler’s criterion. The
   ∗
statement we must then prove is that pq = qp .
Example 14.6.3. The beauty of the quadratic reciprocity law is that it allows for fast
computations of the Legendre symbol. For example, is 15 a square mod 37? Rather than
trying to compute all squares mod 37, or trying to factor x2 −37 in F37 , we can use reciprocity.
Since 37 ≡ 1 (mod 4), we have:
          
15 5 3 37 37 2 1
= = = = (−1)(1) = −1.
37 37 37 5 3 5 3
So 15 is not a square mod 37.

172
14.6. Cyclotomic Fields and Quadratic Reciprocity Chapter 14. Algebraic Number Fields

Lemma 14.6.4. Suppose n ≥ 2 is an integer with prime factorization n = pν(p) , where

Q
the product is over all primes p and ν(p) ≥ 0 for all p. For each prime p, let fp be the
ν(p)
multiplicative order of p mod n/pν(p) . Then in R = Z[ζn ] we have pR = (p1 · · · pr )ϕ(p ) for
distinct prime ideals p1 , . . . , pr ⊂ R such that f (pi | p) = fp for each 1 ≤ i ≤ r.

Proof. Fix a prime p and set m = n/pν(p) so that n = pν(p) m. Consider the number field
K = Q(ζn ). We know the conductor of ζn in OK is f = 1. Let γn be the nth cyclotomic
polynomial and let {αi } be the primitive pν(p) th roots of unity and {βj } be the primitive
mth roots of unity. Then by the Chinese remainder theorem,

(Z/nZ)× ∼
= (Z/pν(p) Z)× × (Z/mZ)×

so we can write Y
γn (x) = (x − αi βj ).
i,j

Note that all the αi are 1 in any field of characteristic p. Thus, modulo p,
ν(p) ν(p)
Y
γn (x) ≡ (x − βj )ϕ(p ) = γm (x)ϕ(p ) .
j

This allows us to reduce to the case when m = n, that is, the case when pν(p) = 1. Let γ̄m (x)
denote the factorization of γm (x) mod p. Since xm − 1 is separable over Fp (m is relatively
prime to p) and γ̄m (x) | xm − 1, we have that γ̄m (x) is also separable over Fp . The smallest
extension of Fp containing a primitive mth root of unity (and thus all of them) is Fpfp . Thus
γ̄m splits over Fpfp and each irreducible factor of γ̄m over Fp is the minimal polynomial of
some primitive mth root of unity, each of which having degree fp . This implies γ̄m is a
product of degree fp irreducible polynomials over Fp . By Theorem 14.5.7, we have
ν(p) )
pR = (p1 · · · pr )ϕ(p .

ϕ(n)
Remark. In general, Theorem 14.5.14 implies that r = .
ϕ(pν(p) )fp
Corollary 14.6.5. An odd prime integer p is ramified in Q(ζn )/Q if and only if p | n, and
p = 2 is ramified if and only if 4 | n.
p
Lemma 14.6.6. If q is an odd prime integer, then (−1)(q−1)/2 q ∈ Q(ζq ).

Proof. Set  
X a
τ= ζqa .
×
q
a∈(Z/qZ)

Then τ ∈ Q(ζq ) and τ 2 = (−1)(q−1)/2 q.

We are now able to prove quadratic reciprocity (Theorem 14.6.2).

173
14.6. Cyclotomic Fields and Quadratic Reciprocity Chapter 14. Algebraic Number Fields

Proof. Let p and q be distinct odd primes and set q ∗ = (−1)(q−1)/2 q. Consider the tower of
√
number fields Q(ζq ) ⊃ Q( q ∗ ) ⊃ Q, with Galois groups as shown:
Q(ζq )
Z/((q − 1)/2)Z
√ ∗
Z/(q − 1)Z Q( q )
Z/2Z
Q
 ∗
q
Then we determine the reciprocity law for p
as follows:

q∗ √
 
= 1 ⇐⇒ (p) splits in Q( q ∗ ) by Proposition 14.6.1
p
√
⇐⇒ Q( q ∗ ) ⊆ ZP , the decomposition field for any prime P over (p)
⇐⇒ there exist an even number of primes in Z[ζq ] lying over (p)
q−1
⇐⇒ is even, where fp is the multiplicative order of p mod q
fp
q−1
⇐⇒ fp divides
2
q−1
⇐⇒ p 2 ≡ 1 (mod q)
 
p
⇐⇒ = 1.
q

Thus quadratic reciprocity is proven.

Corollary 14.6.7. If q is an odd prime, then

  (
2 1, q ≡ 1, 7 (mod 8)
=
q −1, q ≡ 3, 5 (mod 8).
q−1
Proof. Set q ∗ = (−1) 2 q, so that q ∗ ≡ 1 (mod 4). Then
√ 
1 + q∗
  
2 √
= 1 ⇐⇒ (2) splits in OQ( q∗ ) = Z
q 2
∗
1−q
⇐⇒ f (x) = x2 − x + splits mod 2
4
⇐⇒ q ∗ ≡ 1 (mod 8)
⇐⇒ q = 1, 7 (mod 8).

174
14.7. Lattices Chapter 14. Algebraic Number Fields

14.7 Lattices
One perspective on rings of algebraic integers is to view them as lattices. For example, Z[i]
is very clearly a lattice in C spanned by the vectors 1 and i. We will show that any ring
of integers OK in a number field K/Q is a lattice in some Rn . This is the beginning of
Minkowski’s so-called theory of geometry of numbers.
Definition. A Z-module Γ ⊆ Rn is a lattice of rank m if Γ = Zv1 + ldots + Zvm for
R-linearly independent vectors v1 , . . . , vm . If m = n then we say Γ is a complete lattice,
or has full rank in Rn .
Definition. For a lattice Γ ⊆ Rn , the set

Φ = {x1 v1 + . . . + xm vm | 0 ≤ xi < 1}

is called the fundamental domain of Γ, also sometimes called the fundamental paral-
lelopiped.
Observe that Γ is a complete lattice in Rn if and only if Γ + Φ = Rn .
Definition. A subgroup W ⊆ Rn is said to be discrete if every point in W is open in
the topology on Rn , that is, if every point x ∈ W has a neighborhood U in Rn such that
U ∩ W = {x}.
Proposition 14.7.1. If Γ ⊆ Rn is a subgroup, then Γ is discrete if and only if Γ is a lattice.
Proposition 14.7.2. If Γ ⊆ Rn is a lattice, then Γ is complete if and only if there exists a
bounded set M such that Γ + M = Rn .
Proof. ( =⇒ ) When Γ is complete, M = Φ works.
( ⇒= ) If Γ is not complete, let V ( Rn be the R-span of Γ. Then V lies in some
hyperplane H in Rn . Choose d > 0. Then for any bounded set of diameter diam(M ) < d,
all points further than d from H do not lie in Γ + M ⊆ H + M . Hence Γ + M 6= Rn .
Definition. If Γ = Zv1 + . . . Zvn is a complete lattice in Rn , we define the volume of Γ to
be the volume of the parallelopiped spanned by v1 , . . . , vn :
 
| |
vol(Γ) := vol(Φ) = | det A| where A = v1 · · · vn  .
| |

Note that since det(AT A) = (det A)2 , we can write the volume formula as
q
vol(Γ) = det(vi vj ).

Definition. A region Ω ⊆ Rn is centrally-symmetric if x ∈ Ω implies −x ∈ Ω.

Minkowski’s theorem is the key result in the geometry of numbers which allows us to
describe lattices like OK and UK , the ring of integers and unit group, respectively, in a
number field K/Q.

175
14.7. Lattices Chapter 14. Algebraic Number Fields

Theorem 14.7.3 (Minkowski). If Γ is a complete lattice in Rn and X is a centrally-

symmetric, convex region of Rn such that vol(X) > 2n vol(Γ), then X contains a nonzero
point of Γ.

Proof. By a linear change of variables, we may assume Γ =
Zn . Then vol(Γ) = det(I) = 1.

Suppose X is as described, with vol(X) > 2n .
Then vol( 21
> 1. We claim that there

exist
1 1 1
lattice points γ1 6= γ2 in
Γ such that 2 X + γ1 ∩ 2 X + γ2 6= ∅. If not, 2 X + γ1 ∩ Φ is
disjoint from 12 X + γ2 ∩ Φ for all distinct γ1 , γ2 ∈ Γ. Thus

1 = vol(Γ)
X
1



≥ vol 2
X +γ ∩Φ
γ∈Γ
X
vol (Φ − γ) ∩ 21 X


=
γ∈Γ
1
since Φ + Γ = Rn


= vol 2
X
> 1,
1 1



a contradiction. Therefore there exist such γ1 , γ2 ∈ Γ. Now take x ∈ 2
X + γ1 ∩ 2
X + γ2 .
Then for some x1 , x2 ∈ X, we have

x = 12 x1 + γ1 = 12 x2 + γ2 =⇒ γ1 − γ2 = 21 (x2 − x1 ),

which is just the midpoint of the line between x2 and −x1 . By convexity and central-
symmetry, this implies γ1 − γ2 ∈ X, but since γ1 =
6 γ2 we have found a nonzero lattice point
in X.

Remark. Note that the inequality in Minkowski’s theorem must be sharp, for if Γ = Zn ,
then vol(Γ) = 1, whereas the centrally-symmetric, convex set

X = {(x1 , . . . , xn ) | −1 < xi < 1}

has volume 2n but contains no nonzero lattice points.

The four squares theorem is a famous result in number theory which was proven by
Lagrange in 1770, well over 100 years before Minkowski’s theorem was discovered. Here we
provide a neat proof of the four squares theorem using Minkowski’s geometry of numbers
arguments.

Theorem 14.7.4 (Four Squares). Every positive integer is the sum of the squares of four
integers.

Proof. It suffices to prove this for primes p, since

(a2 + b2 + c2 + d2 )(e2 + f 2 + g 2 + h2 ) = (ae + bf + cg + dh)2 + (af − be + ch − dg)2

+ (ag − ce + df − bh)2 + (ah − de + bg − cf )2 .

176
14.7. Lattices Chapter 14. Algebraic Number Fields

(This is due to Euler.) Also note that 2 = 12 + 12 + 02 + 02 so we may assume p is an odd

prime. Consider the congruence

x2 + y 2 + 1 ≡ 0 (mod p).

As x runs through 0, 1, . . . , p − 1, x2 takes on exactly p+1

2
distinct values mod p. Similarly,
p+1
−1 − y takes on 2 distinct values, so together x and −1 − y 2 take on p + 1 values, which
2 2

implies one of them must be shared. This shows x2 + y 2 + 1 ≡ 0 (mod p) has a solution in
integers.
Fix one of these solutions, say (x, y), and consider the lattice Λ ⊂ Z4 consisting of
(a, b, c, d) such that
c ≡ ax + by and d ≡ bx − ay (mod p).
Then Z4 ⊃ Λ ⊃ pZ4 and Λ/pZ4 is a two-dimensional subspace of F4p since once we pick
a and b, the c and d are determined. Thus Λ has index p2 in Z4 so µ(D) = p2 for D a
fundamental parallelopiped for Λ. Let T be a closed ball about the origin with radius r.
Then µ(T ) = 21 π 2 r4 so we may choose r such that

2p > r2 > 1.9p.

This gives us µ(T ) > 16µ(D) so by Minkowski’s theorem there exists a nonzero point
(a, b, c, d) in T ∩ (Λ r {0}). This means

a2 + b2 + c2 + d2 ≡ a2 + b2 + (ax + by)2 + (bx − ay)2

≡ a2 + b2 + a2 x2 + 2abxy + b2 y 2 + b2 x2 − 2abxy + a2 y 2
≡ a2 (1 + x2 + y 2 ) + b2 (1 + x2 + y 2 )
≡ 0 (mod p).

Moreover, since (a, b, c, d) ∈ T we have

a2 + b2 + c2 + d2 < 2p.

But since a2 + b2 + c2 + d2 is a positive integer and p is prime, p = a2 + b2 + c2 + d2 .

177
14.8. Norms of Ideals Chapter 14. Algebraic Number Fields

14.8 Norms of Ideals

In this section we define the norm of an ideal in an extension L/K of number fields. As in
previous sections, all of these definitions and results generalize to any Dedekind domain A
with integral closure B.
Let IK and IL denote the groups of fractional ideals of OK and OL , respectively. We
want to define a group homomorphism N : IL → IK . Since IL is the free abelian group on
the set of prime ideals in OL , we only have to define N for p prime.
Let p be a prime ideal of OL and factor
Y
pOL = Pei i

for Pi prime. Suppose p = (π) is principal. Then we should have

N (pOL ) = N (πOL ) = N (π)OK = (π)m = pm

where m = [L : K]. We also want N to be a homomorphism, so we must have

Y  Y
N (pOL ) = N Pei i = N (Pi )ei .
X
Recall that m = ei fi , so the correct definition for N is

Definition. For a prime P ⊂ OL lying over p ⊂ OK , the norm of P is defined to be

N (P) = pf

where f = [OL /P : OK /p].

To distinguish this norm from a similar norm to be defined shortly, we will sometimes
refer to N as the ideal norm. If the norm is taken with respective to an extension L/K, we
write NL/K but when the context is clear we will often drop the decoration.

Remark. By the properties of inertial degree f , it is easy to see that for a tower M ⊃ L ⊃ K,

NL/K (NM/L (a)) = NM/K (a).

Next we check that the properties discussed above hold for the norm we have defined.

Proposition 14.8.1. Let L/K, OK and OL be as above.

(a) For any nonzero ideal a ⊂ OK , N (aOL ) = am where m = [L : K].

(b) If L/K is Galois and P ⊂ OL is any nonzero prime ideal with p = P ∩ OK and
pOL = (P1 · · · Pg )e , then
Y
N (P) = (P1 · · · Pg )ef = σ(P).
σ∈Gal(L/K)

178
14.8. Norms of Ideals Chapter 14. Algebraic Number Fields

(c) For any nonzero element β ∈ OL , N (β)OK = N (βOL ), where N denotes the regular
field norm.
Proof. (a) It suffices to prove this for prime ideals, for which we have
Y  P
N (pOL ) = N Pei i = p ei fi = pm
using Theorem 14.5.4.
(b) Since N (Pi ) = pf for any prime Pi in the prime factorization of pOL , the left equality
is clear. Recall that G = Gal(L/K) acts transitively on the set Spec(p) = {P1 , . . . , Pg }.
Then by the Orbit-Stabilizer Theorem, each Pi occurs
| Gal(L/K)| m
= = ef
|Spec(p)| g
times in the collection {σ(P) | σ ∈ G}, which implies the right equality.
(c) First suppose L/K is Galois. Denote βOL by b. The map IK → IL given by
a 7→ aOL is injective since IK and IL are free on nonzero prime ideals, so it suffices to show
that N (β)OL = N (b). But by (b),
!
Y Y Y
N (b) = σ(b) = (σ(β)OL ) = σ(β) OL = N (β)OL .
σ∈G σ∈G σ∈G

In the general case, let E be a finite Galois extension of K containing L, with d = [E : L]

and OE the integral closure of OL in E. Then we have
NL/K (βOL )d = NE/K (βOE ) by the remark
= NE/K (β)OK by the Galois case
= NL/K (β)d OK .
Lastly since IK is torsion-free, the above implies that NL/K (βOL ) = NL/K (β)OK for all
nonzero β ∈ OL .
For a Galois extension K/Q, we define a different norm taking ideals of OK to integers.
We will see that the definition below coincides with the ideal norm.
Definition. Let a ⊂ OK be a nonzero ideal. The numerical norm of a is its index in the
lattice of integers: N(a) = [OK : a].
In order to justify this definition, we need to check that [OK : a] is always finite.
Proposition 14.8.2. Every nonzero ideal a in OK has finite index in the lattice OK .
Proof. Let a be a nonzero OK -ideal. Take a nonzero element α ∈ p, let f (x) = xn +
an−1 xn−1 + . . . + a0 be its minimal polynomial and consider
f (α) = αn + an−1 αn−1 + . . . + a1 α + a0 = 0.
Then a0 = −αn −an−1 αn−1 −. . .−a1 α ∈ p, so a0 ∈ Z∩p is a nonzero integer. Set m = a0 and
consider the map ϕ : OK /mOK → OK /a, which is clearly surjective. By Proposition 14.3.9,
OK ∼ Zn
OK is a free Z-module of rank n = [K : Q]. This means that = is a finite
mOK mZn
quotient of order mn . Since ϕ is surjective, it follows that |OK /a| ≤ mn < ∞.

179
14.8. Norms of Ideals Chapter 14. Algebraic Number Fields

Notice that the ideal norm is defined for any extension L/K and outputs an ideal of OK .
On the other hand, the numerical norm is defined on K/Q and outputs an integer in Z. The
connection between the two norms is described in the next proposition.

Proposition 14.8.3. Let K be any number field.

(a) For any ideal a ⊂ OK , NK/Q (a) = (N(a)) and therefore N(ab) = N(a)N(b).

(b) For any fractional ideals b ⊂ a of OK , [a : b] = N(a−1 b).

Y
Proof. (a) Write a = pei i and let fi = f (pi | pi ) where (pi ) = Z ∩ pi . Then N (pi ) = (pi )fi .
By the Chinese remainder theorem, OK /a ∼
Y
= OK /pei and thus
i

Y
[OK : a] = [OK : pei i ].
Y ef
We previously proved that [OK : pei i ] = piei fi , thus [OK : a] = (pi i i ) = NK/Q (a). When
we identify the set of nonzero ideals of Z with the set of positive integer generators, N and
N are seen to coincide, and multiplicativity of N follows from the same property of the ideal
norm.
(b) We can multiply by some integer d to make a and b integral ideals. Then part (a)
gives us
[OK : db] N(db)
[a : b] = [da : db] = = = N(a−1 b).
[OK : da] N(da)

180
14.9. The Class Group Chapter 14. Algebraic Number Fields

14.9 The Class Group

Let K be a number field of degree n = [K : Q] and let T be the set of all field embeddings
τ : K ,→ C. Define subsets TR ⊆ T , consisting of all real embeddings of K, and TC ⊆ T ,
consisting of all complex embeddings of K, and set r = |TR | and 2s = |TC |. Since the
complex embeddings come in pairs τ, τ̄ ∈ TC , the 2s makes sense. There is an isomorphism
of vector spaces
Y
K ⊗Q C −→ C =: KC
τ ∈T
x ⊗ y 7−→ (τ (x)y)τ .
Further, there is a canonical embedding
∼
=
j : K K ⊗Q C KC

x x⊗1 (τ (x))τ .

There is an involution F on K ⊗Q C given by F (x⊗y) = x⊗ ȳ, which corresponds to complex

conjugation F ((xτ )τ ) = (x̄τ̄ )τ in KC . Therefore the following diagram commutes:
∼
=
K ⊗Q C KC

F F
∼
=
K ⊗Q C KC

The fixed points under the involution F are the subset

KR = {(xτ )τ | xτ ∈ R for τ ∈ TR and xτ = x̄τ̄ for τ ∈ TC }.
This subset KR ⊆ KC corresponds to the field K ⊗Q R ∼
= KR . Note that j(K) ⊆ KR . The
trace map also respects the inclusion KR ⊆ KC :
Tr : KC −→ C
KR −→ R
X
(xτ )τ 7−→ xτ .
τ ∈T

Observe that Tr ◦j : K → R is just equal to the field trace, TrK/Q , as defined in Section 14.2.
Likewise, the norm map
N : KC −→ C
KR −→ R
Y
(xτ )τ 7−→ xτ
τ ∈T

181
14.9. The Class Group Chapter 14. Algebraic Number Fields

respects KR ⊆ KC and satisfies N ◦ j = NK/Q : K → R.

Recall that r = |TR | and 2s = |TC |, so that r + 2s = |T | = n = [K : Q]. There is an
isomorphism

f : KR −→ Rr+2s = Rn
(x1 , . . . , xr , y1 , ȳ1 , . . . , ys , ȳs ) 7−→ (x1 , . . . , xr , Re(y1 ), Im(y1 ), . . . , Re(ys ), Im(ys )).

It is sometimes more useful to think of KR as Rr+2s in this way. There is a standard Hermitian
inner product on KC , which restricts to an inner product on KR called the Minkowski inner
product. In Rn , this corresponds to the canonical real inner product:

if ~u = (u1 , . . . , ur , z1 , z10 , . . . , zs , zs0 )

and ~v = (v1 , . . . , vr , w1 , w10 , . . . , ws , ws0 )
r
X X s
then h~u, ~v i = ui vi + 2 (wi zi + wi0 zi0 ).
i=1 i=1

For K a number field with ring of integers OK , let JK = JOK be the group of fractional
ideals, PK = POK the subgroup of principal fractional ideals and let CK = JK /PK be the
class group. Our goal is to prove that CK is a finite group.

Lemma 14.9.1. Ideal norm is multiplicative. That is, for any nonzero ideals a, b ⊂ OK ,
N (ab) = N (a)N (b).

Proof. If a and b are relatively prime, this follows from the Chinese remainder theorem.
Thus it suffices to show that N (pa ) = N (p)a for every prime p ⊂ OK and exponent a ≥ 0.
By considering the filtration of OK by powers of p, we have

[OK : pa ] = [OK : p][p : p2 ] · · · [pa−1 : pa ].

For each 0 ≤ j ≤ a − 1, pj /pj+1 is a simple OK /p-module and thus a 1-dimensional vector

space, so [pj : pj+1 ] = |OK /p|. It follows that [OK : pa ] = [OK : p]a .
By Proposition 14.8.3, we can extend the ideal norm N to fractional ideals of K by:

N (a−1 ) = [OK : a]−1 .

This determines a homomorphism N : JK → Q× .

Lemma 14.9.2. Given any constant c > 0, there exist only finitely many ideals a ⊂ OK
with norm N (a) < c.

Proof. By Lemma 14.9.1, it suffices to prove this statement for prime ideals. For each prime
integer p ∈ Z, Theorem 14.4.2 implies that there are only finitely many prime ideals p ⊂ OK
lying over (p). For each of these p, we have N (p) = pf for some f – in fact, this f is the
residue degree of p/(p) as defined in Section 14.5. Therefore any prime ideal p with N (p) < c
must lie above a prime p ∈ Z such that pf < c. There are only finitely many of these, so we
are done.

182
14.9. The Class Group Chapter 14. Algebraic Number Fields

Proposition 14.9.3. If a ⊂ pOK is a nonzero ideal, then Γ = j(a) ⊆ KR ∼

= Rn is a complete
lattice with volume vol(Γ) = |dK |N (a).

Proof. It is routine to prove that j(a) is a lattice – in fact, it suffices to show OK is a lattice
since a is a discrete subgroup. Now if α1 , . . . , αn is a Z-basis for a and T = {τ1 , . . . , τn } is
the set of embeddings K ,→ C, then

|dK |N (a)2 = |dK/Q (α1 , . . . , αn )| = | det(τi (αk ))|2 .

On the other hand,

vol(Γ)2 = | det(hj(αi ), j(αk )iik )|

 n
! 
 X 
= det τ` (αi )τ` (αk )
 

 
`=1 ik
∗
= | det(AA )| where A = (τi (αk ))ik
= | det A|2 .

This implies the formula and in particular vol(Γ) > 0 so j(a) must be a complete lattice.

Lemma 14.9.4. For any nonzero ideal a ⊂ OK , let cτ > 0 for each τ ∈ T be such that
 s
Y 2 p
cτ > |dK |N (a).
τ ∈T
π

Then there exists some α ∈ a r {0} such that |τ (α)| < cτ for all τ ∈ T .

Proof. Define X = {(zτ )τ ∈ KR : |zτ | < cτ for each τ ∈ T }. Then it is easy to verify that X
is centrally-symmetric and convex. Viewing X in Rn via the isomorphism f : KR → Rn , we
see that its image is

f (X) = {(xτ )τ ∈ Rn : |xτ | < cτ for τ ∈ TR and x2τ + x2τ̄ < c2τ for τ ∈ TC }

which has volume

! s
!
Y Y
vol(f (X)) = 2r cτ 2πc2τi
τ ∈TR i=1
Y
r+s s
=2 π cτ
τ ∈T
p
> 2r+2s |dK |N (a)
= 2n vol(j(a)).

Therefore by Minkowski’s theorem (14.7.3), f (X) contains a nonzero lattice point of j(a).
Let α be the corresponding nonzero point in a. Then it is clear α satisfies the desired
condition.

183
14.9. The Class Group Chapter 14. Algebraic Number Fields

Theorem 14.9.5. For any nonzero ideal a ⊂ OK , there exists a nonzero element α ∈ a
such that  s
2 p
|NK/Q (α)| ≤ |dK |N (a).
π
Proof. By Theorem 14.2.2, for any α ∈ OK we have
Y
|NK/Q (α)| = |τ (α)|.
τ ∈T

For ε > 0, if τ ∈ T such that cτ > 0 and

 s
Y 2 p
cτ = |dK |N (a) + ε,
τ ∈T
π

then by Lemma 14.9.4, there exists a nonzero α ∈ a such that |τ (α)| < cτ for all τ . That is,
 s
Y 2 p
|τ (α)| < |dK |N (a) + ε.
τ ∈T
π

Letting ε → 0, the fact that |NK/Q (α)| ∈ N0 implies that α ∈ a may be chosen such that
 s
2 p
|NK/Q (α)| ≤ |dK |N (a).
π

Corollary 14.9.6. For any number field K/Q, the class group CK is finite.

s p
Proof. It suffices to show every ideal class in CK contains an ideal of norm at most π2 |dK |,
since then Lemma 14.9.2 says there are a finite number of these. Fix a class C ∈ CK and
pick fractional ideal a ∈ C such that a−1 ⊂ OK is an ideal. By Theorem 14.9.5, there exists
α ∈ a−1 such that  s
2 p
N ((α)) = |NK/Q (α)| < |dK |N (a−1 ).
π
Note that αa−1 ⊆ OK . Since norm is multiplicative (Lemma 14.9.1), we have

N (αa) = N ((α))N (a)

 s
2 p
< |dK |N (a−1 )N (a)
π
 s
2 p
= |dK |.
π
Then the ideal αa is in C and satisfies the desired norm bound. This completes the proof.
Let us now derive several important consequences.
Theorem 14.9.7. For any fixed d, N > 0, there exist only finite many number fields K/Q
with discriminant dK and degree n = [K : Q] satisfying |dK | ≤ d and n ≤ N .

184
14.9. The Class Group Chapter 14. Algebraic Number Fields

Proof. First note that if K/Q has discriminant dK satisfying |dK | ≤ d and n = [K : Q] ≤ N ,
then K(i)/Q has discriminant |dK(i) | ≤ (4d)n and [K(i) : Q] ≤ 2N , so we are free to assume
i ∈ K. In particular, we may assume all embeddings of K into C are complex. Fix one
of these, τ0 : K ,→ C. Let X ⊆ KR be the set of all (zτ ) ∈ KR satisfying the following
conditions:
√
ˆ Im(zτ0 ) < C d for some constant C;

ˆ Re(zτ0 ) < 1;

ˆ |zτ | < 1 for all τ 6∈ {τ0 , τ̄0 }.

It is clear that X is centrally-symmetric

√ and convex. If C is chosen large enough, we can
n
guarantee that vol(X) > 2 d. Then by Minkowski’s theorem √ (14.7.3), X contains a lattice
∗
point j(α) for some α ∈ OK . In particular, Im(τ0 (α)) < C d, Re(τ0 (α)) < 1 and for any
τ 6= τ0 , τ̄0 , |τ (α)| < 1.
It now suffices to show K = Q(α) since these conditions impose a bound on the degree
of the minimal polynomial of α over Q, and hence on the number of such K. On one
hand, |NK/Q (α)| ≥ 1, but |τ (α)| < 1 for all τ 6= τ0 , τ̄0 , so we must have |τ0 (α)| > 1. Thus
Im(τ0 (α)) > 0 so τ0 (α) 6= τ̄0 (α). Also, τ0 (α) 6= τ (α) for all τ 6= τ0 , τ̄0 so α has distinct images
under all embeddings K ,→ C. This implies K = Q(α) so we are done.

Proposition 14.9.8. If K is a number field with discriminant dK and degree n = [K : Q],

then
p nn  π n/2
|dK | ≥ .
n! 4
Proof. By Theorem 14.9.5, there is some α ∈ OK with
 s
n! 4 p
1 ≤ |NK/Q (α)| ≤ n |dK |
n π

where s is the number of pairs of complex embeddings K ,→ C. Rearranging this, we get

p nn  π s nn  π n/2
|dK | ≥ ≥
n! 4 n! 4
since 2s ≤ n.

Corollary 14.9.9. For any d > 0, there are finitely many number fields K/Q of discriminant
|dK | ≤ d.
n
n/2
Proof. Define the sequence an = nn! π4 . Then
 n
an+1  π 1/2 1  π 1/2
= 1+ −→ e > 1 as n → ∞
an 4 n 4

so the sequence (an ) increases geometrically. But by Proposition 14.9.8, |dK | ≥ an so there
can only be finitely many number fields K of bounded discriminant.

185
14.9. The Class Group Chapter 14. Algebraic Number Fields

Corollary 14.9.10. The only number field K with discriminant dK = ±1 is K = Q.

Proof. Let (an ) be the sequence defined in the proof of Corollary 14.9.9. For all n ≥ 2,
an > 1 so |dK | > 1 by Proposition 14.9.8.

Corollary 14.9.11. There are no unramified extensions of Q.

Definition. For a number field K, the finite number hK = |CK | is called the class number
of K.

The preferred setting for algebraic number theory is obviously when the class number is
1, since then OK is a PID and thus a UFD. However, having class number 1 is a substantial
restriction on number fields. For example,
√ Heegner (and others later) proved that the only
imaginary quadratic number fields Q( d), where d < 0 is squarefree, with class number 1
are for
d = −1, −2, −3, −7, −11, −19, −43, −67, −163.
For real quadratic number fields, the situation is wide open. It is conjectured that there are
infinitely many real quadratic fields of class number 1, but this remains unsolved.

Example 14.9.12. Let K = Q(i). Then n = 2, s = 1 and |dK | = 4 so the Minkowski bound
is  1
2! 4 √ 4
2
4 = < 2.
2 π π
Thus every fractional ideal is equivalent to an ideal of norm 1. Since the only ideal of norm
1 is (1), every ideal is principal. Hence hK = 1, which reflects the fact that Z[i] is a PID.
√
Example 14.9.13. We will compute the class group of K = Q( −5). Here, dK = −20
since −5 ≡ −1 (mod 4) so the Minkowski bound in Corollary 14.9.6 becomes
 1
2 √
N (a) ≤ 20 ≈ 2.84 < 3.
π

In particular every ideal class in CK has an ideal with norm 1 or 2. Thus any nonprincipal
class contains some ideal lying over (2). Notice that x2 + 5 ≡ (x + 1)2 (mod 2), so by
Theorem 14.5.7, √
(2) = (2, 1 + −5)2 = p2 .
√ √
Further, p = (2, 1 + −5) is not principal because there is no element α = a + b −5 with
norm N (α) = a2 + 5b2 = 2. So we deduce that CK = h[p]i ∼ = Z/2Z.
√ √
Example 14.9.14. Let K = Q( 10) with OK = Z[ 10]. Then n = 2, s = 0 and |dK | = 40,
so the Minkowski bound is
 0
2! 4 √ 1 √ √
40 = · 2 10 = 10 < 4.
22 π 2

The proof of Corollary 14.9.6 implies that every ideal class has an integral representative
with norm 1, 2 or 3. We will use the techniques in Section 14.5 to compute the class group.

186
14.9. The Class Group Chapter 14. Algebraic Number Fields

√
The ideal 2OK is ramified in OK and we see that 2OK √ = (2, 10)2 . If this were a
principal ideal, we would have 2OK = (α) for some α = a + b 10 which would have norm
±2. Equivalently the equation a2 − 10b2 = ±2 would have an integer solution. However, √ 0
2 2
and ±1 are the only squares mod 5 so a −10b = ±2 has no integer solutions. Thus (2, 10)
is a nontrivial element in the class group and has order 2 since its square is the principal
ideal 2OK . This shows that 2 | hK .
Next we find integral ideals with norm 3. By Proposition 14.5.9, 3OK splits and we
compute its factorization to be
√ √
3OK = (3, 2 + 10)(3, 4 + 10).
If either of these prime divisors were principal, then x2 − 10y 2 √
= ±3 would have √ integer
solutions. Since it doesn’t for the same reasons as above, (3, 2 + 10) and (3, 4 + 10) are
both nontrivial elements of the class group.
Finally we must√ decide if any√ of these prime ideals belong to the same ideal class in
4+√10 1
C(OK ). Let u = 2+ 10 = 3 (1 + 10). Then
√ √ √ √ √
(3, 2 + 10) · u = (3u, 4 + 10) = (1 + 10, 4 + 10) = (3, 4 + 10)
so the classes with norm 3 are equal. We have shown that everything in C(OK ) is equivalent
to one of √ √
(1) (2, 10) or (3, 2 + 10).
Thus the class group has order ≤ 3 and contains an element of order 2. This implies
|C(OK )| = 2.
√
Example 14.9.15. Let K = Q( −6). Note that n = 2, r = 0, s = 1 and dK = −24 so
 1
2! 4 √
BK = 2 24 ≈ 3.1.
2 π
√
Thus C(OK ) is generated by the√prime ideals lying over 2 and 3. Note that OK = Z[ −6]
and the minimal polynomial of −6 over Q is x2 + 6. Factoring this mod 2 and 3, we see
that √ √
p2 = (2, −6) and p3 = (3, −6)
generate the class group. Also, 2 and 3 ramify so 2OK = p22 and 3OK = p23 so each of these
prime ideals has order at most 2 in C(O√K ).
Suppose p2 = (α) for some α = a + b −6 ∈ OK . Then
2 = N(p2 ) = |N (α)| = a2 + 6b2 ,
but a2 + 6b2 = 2 has no integer solutions. Thus p2 is not principal. By a similar argument,
p3 is not principal either. Hence p2 and p3 both belong to classes of order 2 in C(OK ).
Furthermore, observe that
√ √ √ √ √
p2 p3 = (2, −6)(3, −6) = (6, 2 −6, 3 −6) ⊂ ( −6)
√ √ √
but the norms of (6, 2 −6, 3 −6) and ( −6) are both 6, so they must be the same ideal.
Hence p2 p3 is principal so C(OK ) = hp2 i and hK = 2.

187
14.9. The Class Group Chapter 14. Algebraic Number Fields

√ √
Example 14.9.16. Let K = Q( −19) with ring of integers OK = Z[(1 + −19)/2]. Since
n = 2, r = 0, s = 1 and dK = −19, the Minkowski bound for K is
 1
2! 4 √
BK = 2 19 ≈ 2.775.
2 π

So every class in C(OK ) is represented by a prime ideal with norm either 1 or 2.

√ The ideal
2OK is unramified in K since 2 - d
K . The minimal polynomial of α = (1 + −19)/2 is
f (x) = x2 − x + 5, so because −192
= −1 and f has no roots mod 2, Theorem 14.5.7 tells
us that 2OK is inert and thus prime in K. Clearly this is principal,
√ so the class group is
trivial. By previous comments h(−19) = 1 implies that Z[(1 + −19)/2] is a PID.
√ √
Example 14.9.17. Let K = Q( −2) with OK = Z[ −2]. Note that n = 2, r = 0, s = 1
and dK = −8 so the Minkowski bound is calculated to be
 1
2! 4 √
BK = 2 8 ≈ 1.801.
2 π
√ √
It easily follows that C(OK ) is trivial and hence Z[ −2] is a PID. In particular, Z[ −2]
has unique factorization. We will use this fact to deduce a famous theorem of Fermat whose
proof was first discovered by Euler.
Theorem 14.9.18 (Fermat). The only integer solutions to x3 = y 2 + 2 are (3, ±5).
√
Proof. First suppose ab = u3 in Z[ −2] where a and b are relatively prime. We willY
show
√ √
that a and b must be cubes in Z[ −2]. Since Z[ −2] is a UFD, we may write u = γ pei i
√
for primes pi ∈ Z[ −2], integers ei and some unit γ. Then
 Y 3 Y
3
ab = u = γ pei i = γ 3 p3e
i .
i

Since a and b are relatively prime, each pi appears in exactly one of the factorizations for a
and b. So by the above equality, a and b each factor into products of primes whose exponents
are all 3ei . We have not worried about
√ the unit γ yet, but that is because the units in K are
±1, each of√which is a cube in Z[ −2] anyways. Thus we conclude that a and b are both
cubes in Z[ −2]. √ √
Now suppose √ (x, y) is an integer
√ solution to x3 = y 2 + 2 = (y + −2)(y − −2). If d
divides both y + −2 and y − −2, then it divides their difference:
√ √ √
(y + −2) − (y − −2) = 2 −2.
√ √
However −2 is prime in Z[ −2] (norm is multiplicative), so d must divide 2. Suppose x
were even. Then we would have y 2 + 2 ≡ x3 ≡ 0 (mod 8), or y 2 ≡ −2 (mod 8). Of course
−2 is not a square mod 8, so x must√be odd. This √ forces y to be odd as well, so d | y 2 + 2
implies that d must be 1. Hence y + √−2 and y − √−2 are relatively prime. √
By the first part of the proof, y + −2 and y − −2 are both cubes in Z[ −2]. Write
√ √ √
y + −2 = (a + b −2)3 = (a3 − 6ab2 ) + (3a2 b − 2b3 ) −2.

188
14.9. The Class Group Chapter 14. Algebraic Number Fields

We now solve for a and b to show that (3, ±5) are the only valid choices for (x, y). From the
above, we see that 1 = 3a2 b − 2b3 = b(3a2 − 2b2 ). Since a and b are integers, this implies
b = ±1. If b = −1, the other factor is 3a2 + 2 = 1, which can be written 3a2 = −1. This
of course is impossible. So b = 1 and this means 3a2 − 2 = 1 which has solutions a = ±1.
Plugging these values in above, we see that y = ±5 and x = 3.

189
14.10. The Unit Theorem Chapter 14. Algebraic Number Fields

14.10 The Unit Theorem

Let K be a number field of degree n = [K : Q] with ring of integers OK . As in Section 14.9,
let

T = Hom(K, C) = {τ1 , . . . , τr , σ1 , σ̄1 , . . . , σs , σ̄s }

Y
KC = C, KRF ⊆ KC and j : K ,→ KR .
τ ∈T

Also set KC× = τ ∈T C× and KR× = KC× ∩ KR . In fact we have an embedding j : K × ,→ KR× .
Q
Let µ(K) be the set of roots of unity in K, i.e. µ(K) = {x ∈ K | xa = 1 for some a ∈ N}.
Define the map

L : KR× −→ Rr+s
(xτ1 , . . . , xτr , xσ1 , x̄σ1 , . . . , xσs , x̄σs ) 7−→ (log |xτ1 |, . . . , log |xτr |, log |xσ1 |2 , . . . , log |xσs |2 ).

Then L is a homomorphism of groups which takes multiplication in KR× to addition in Rr+s .

Lemma 14.10.1. The diagram

j L
K× KR× Rr+s

NK/Q N Tr
log | · |
Q× R× R

commutes.

Proof. This follows from the definitions of the norm and trace maps in Section 14.2 and their
extensions to KC (and KR ) in Section 14.9.
We will prove:

Theorem 14.10.2 (Dirichlet’s Unit Theorem). Let K be a number field of degree n = r +2s.
× ∼ r+s−1
Then OK =Z × µ(K).

To start, define the sets

S = {x ∈ KR× | N (x) = ±1}

H = L(S) = {x ∈ Rr+s | Tr(x) = 0}
×
Γ = L ◦ j(OK ) ⊆ H.

Our strategy for proving the unit theorem is to show that Γ is a complete lattice in the
hyperplane H with ker(L ◦ j) = µ(K). The unit theorem will then follow from the theory of
finitely generated modules over Z.

190
14.10. The Unit Theorem Chapter 14. Algebraic Number Fields

Proposition 14.10.3. There is a short exact sequence of groups

× L◦j
1 → µ(K) → OK −−→ Γ → 1.

Proof. Clearly µ(K) ⊆ ker(L ◦ j). Thus it suffices to show that if |τ (x)| = 1 for all τ ∈ T ,
then x ∈ µ(K). First, there exists a bounded domain in KR× containing all the j(x) for
x ∈ OK for which |τ (x)| = 1 for all τ ∈ T . From Proposition 14.9.3, we know that j(OK ) is
a lattice in KR so there can only be finitely many x ∈ OK with |τ (x)| = 1 for all τ . Further,
since for any such x ∈ OK , x, x2 , x3 , . . . all have this property as well, there must be some
m ∈ N such that xm = 1. Therefore x ∈ µ(K).
The proof of Dirichlet’s unit theorem now comes down to showing that Γ ∼
= Zr+s−1 . To
do this, we show that Γ is a complete lattice inside H ∼
= Rr+s−1 .
×
Lemma 14.10.4. Given a ∈ Z, up to multiplication by elements of OK , there are only
finitely many α ∈ OK with NK/Q (α) = a.

Proof. An equivalent statement is that each coset of OK /aOK has at most one element of
of norm a, up to a unit. Suppose α, β ∈ OK are two such elements; that is, β = α + aγ for
some γ ∈ OK . Then
β a N (α)
=1+ γ =1+ γ ∈ OK
α α α
× ×
since N (α)/α ∈ OK . Similarly, αβ ∈ OK so αβ ∈ OK . Thus for some u ∈ OK , α = uβ,
proving the lemma.
Now we prove Theorem 14.10.2.
Proof. We first demonstrate that Γ is a lattice. By Proposition 14.7.1, it’s equivalent to
show that Γ is discrete and to do this, we show the point 0 ∈ Γ is an isolated point, i.e.
every bounded set in H containing 0 contains only finitely many points in Γ. Let X ⊆ H
be such a bounded set. Then L−1 (X) ⊆ S is also bounded, so L−1 (X) is bounded in K R .
Since j(OK ) is a lattice in KR (follows from Proposition 14.9.3), j(OK ) ∩ L−1 (X) is finite.
Applying L, we get that Γ ∩ X is finite, which implies 0 is isolated and hence Γ is a discrete
subgroup. S
To prove Γ is complete, we exhibit a bounded set M ⊆ H such that H = γ∈Γ (M + γ)
and apply Proposition 14.7.2. Since L : SS→ H is surjective, it will be enough to construct
a bounded set B ⊆ S such that S = ε∈O× Bj(ε), where Bj(ε) the translate of B by
K
j(ε). There is a subtlety here: if B ⊆ S is bounded, so is L(B) ⊆ H but only because the
logarithms of the elements in B stay away from 0. Now S ⊆ KR , so for all τ ∈ T , pick cτ > 0
such that cτ̄ = cτ and  s
Y 2
C := cτ > sqrt|dK |,
τ ∈T
π
Q
Note that for all y ∈ S, τ ∈T |τ (y)|cτ = C by definition of S. This means that if y = (yτ ) ∈ S
and
Xy = {xy | x ∈ X} = {(zτ )τ ∈ KR : |zτ | < cτ |yτ |}

191
14.10. The Unit Theorem Chapter 14. Algebraic Number Fields

then Xy contains some j(α) for α ∈ OK r {0} by Lemma 14.9.4. Now by Lemma 14.10.4,
there exist elements α1 , . . . , αN ∈ OK such that any α ∈ OK with j(α) ∈ Xy is of the form
×
αi ε for some 1 ≤ i ≤ N, ε ∈ OK . Define
N
[
B=S∩ Xj(αi )−1 .
i=1

It is immediate from the definition of the αi that |NK/Q (αi )| < C, and since X is bounded,
we get that B is bounded. Moreover, if y ∈ S the above shows that Xy −1 contains some j(α)
for α ∈ OK such that |NK/Q (α)| < C. Thus there exists x ∈ X such that xy −1 = j(α), and
hence y = xj(α)−1 so S is covered by these bounded sets B. Hence by the initial comments,
Proposition 14.7.2 implies Γ is a complete lattice.
Finally, by the theory of finitely generated modules over Z, we have OK ∼ = Zr+s−1 ×
(OK )tors , but it is clear by Proposition 14.10.3 that the torsion part of OK is precisely µ(K).
Hence OK ∼ = Zr+s−1 × µ(K) as required.
√ √
Example 14.10.5. Let d > 0 be a squarefree integer, K = Q( d) and take α = a + b d ∈
OK . That is, a, b ∈ Z when d 6≡ 1 (mod 4) and a, b ∈ 21 Z when d ≡ 1 (mod 4). Then
√ ×
√
a + b d ∈ OK ⇐⇒ NK/Q (a + b d) = ±1 ⇐⇒ a2 − b2 d = ±1.

In a real quadratic number field, r = 2, s = 0 and µ(K) = {±1} so Theorem 14.10.2 gives us
×
OK = {±εm | m ∈ Z}
×
for some εOK . (Such an ε is called a fundamental unit of K.) The equation a2 − b2 = ±1 is
known as Pell’s equation, so the unit theorem says that the solutions to Pell’s equation over
Z form a rank 1 abelian group. √ √ √
×
For example, when d = 6 and OK = Z[ 6], 5 + 2 6 is a unit √ in O K with inverse 5 − 2 6.
2 2
√ that 5 − 6 · 2 · 6 = 1 and one can check that 5 + 2 6 is a√fundamental unit for
Notice
Q( 6). Therefore all solutions to a2 − 6b2 = 1 are of the form (5 + 2 6)k for k ∈ Z.
×
Definition. A set of units ε1 , . . . , εr+s−1 ∈ OK such that all units in OK are of the form
ν1 ν r+s−1
ζε1 · · · εr+s−1 for ζ ∈ µ(K) and νi ∈ Z is called a system of fundamental units in K.
×
Definition. For Γ ⊆ H, the complete lattice image of OK under L ◦ j, the volume vol(Γ) is
called the regulator of K.
×
Corollary 14.10.6. If ε1 , . . . , εr+s−1 is a system of fundamental units in OK , then the
regulator of K is √
vol(Γ) = r + s det((L ◦ j(εi ))k )ik .

We next work out an example with cubic fields of negative discriminant, combining
techniques from the last few sections to fully describe the class group of such a field. First
note that since the sign of dK is (−1)s , which implies in this case that r = s = 1, the unit
group consists of all elements of the form ±εm for some fundamental unit ε.

192
14.10. The Unit Theorem Chapter 14. Algebraic Number Fields

Lemma 14.10.7. Let K be a cubic number field with dK < 0 and let ε be the fundamental
unit in UK with ε > 1. Then |dK | < 4ε3 + 24.
Proof. Since ε 6∈ Q we must have K = Q(ε). The two other conjugates must be complex
conjugates, and the product of all three must be +1. Write ε = u2 for u ∈ R, u > 1. Then
the other conjugates of ε can be written as

u−1 eiθ and u−1 e−iθ for some 0 ≤ θ ≤ π.

Let D = D(1, ε, ε2 ) be the discriminant of the minimal polynomial for ε. Then

√
D = (u2 − u−1 eiθ )(u2 − u−1 e−iθ )(u−1 eiθ − u−1 e−iθ ) = 2i(u3 + u−3 − 2 cos θ) sin θ.
p
If we set 2ξ = u3 + u−3 then |D| = 4(ξ − cos θ) sin θ. For a given u, this equation has a
maximum where its derivative is 0:

ξ cos θ − cos2 θ + sin2 θ = 0.

Set g(x) = −ξx + 2x2 − 1. We are thus seeking a root
of3 g with |x| < 1. Note that since
3 −3
−6
u > 1 and ξ = u +u 2
, g(1) = 1 − ξ < 0 and g − 1
2u3
= 4
(u − 1) < 0. Then it appears
that g(x) has one root greater than 1, and that the desired root is less than 2u1 3 .
If x0 is this root, consider
1
x20 > =⇒ u−6 − 4x20 < 0 =⇒ u−6 − 4x−2 −4
0 − 4x0 < 0.
4u6
This yields |D| ≤ 16(ξ 2 − 2ξx0 + x20 )(1 − x20 ). Also note that by the above, we may write

ξx0 = 2x20 − 1 =⇒ ξ 2 x20 = 4x40 − 4x20 + 1.

Then

|D| ≤ 16(ξ 2 + 1 − x20 − x40 )

= 4u6 + 24 + 4(u−6 − 4x20 − 4x40 )
< 4u6 + 24
= 4e3 + 24.

Finally since D = dK · m2 for some m ∈ Z, we have proven the lemma.

Let’s apply this to a couple examples.
Example 14.10.8. Let K = Q(α) where α is a real root of f (x) = x3 + 10x + 1. One may
calculate dK = −4027 so by Lemma 14.10.7
r
3 4027 − 24
ε> > 10
4
where ε is the fundamental unit in UK with ε > 1. Note that N (α) = −1 so α is a unit.
Explicitly, α = −0.099903 . . . and −α−1 = 10.00993 . . . which means we must have ε = −α−1
and UK = {±αm | m ∈ Z}.

193
14.10. The Unit Theorem Chapter 14. Algebraic Number Fields

Once we know ε it’s easier to compute the class group. It turns out that p = (2, 1 + α)
3
generates the class group, and it’s easy to check that p6 is generated by (α−1)
α+2
so it suffices
2 3
to show that p and p are not principal.
3
First suppose p3 = (γ) for some γ ∈ OK . Then γ 2 = ±αm (α−1)α+2
for some m ∈ Z. This
implies that at least one of the numbers below is a square:
α−1 α−1 α−1 α−1
− α −α .
α+2 α+2 α+2 α+2
Let β be the one that’s a square. If β ∈ OK /q for some prime ideal q, then we should find
that β is still a square mod q. First let q = (29, α − 2). We have

x3 + 10x + 1 ≡ (x + 5)(x − 3)(x − 2) mod 29.

The residue field is OK /q = F29 and under the evaluation homomorphism Z[α] → F29 , α 7→ 2
(mod 29), we see that
α − 1 7→ 1 (α + 2)−1 7→ 22
α + 2 7→ 4 − 1 7→ −1.
α−1
Now 1, 4 and −1 are all squares mod 29, but 22 is not; hence m must be 0. Since α+2 < 0 it
α−1
can’t be a square (in fact it’s non-real) so the only possibility is β = − α+2 . However, if we
look at r = (7, α + 3) and the residue field OK /r = F7 , under the map Z[α] → F7 we have

α 7→ −3 ≡ 4 (mod 7)
α−1 3 1
− 7−→ − = − ≡ −4 ≡ 3 (mod 7).
α+2 6 2
Then 3 is not a square mod 7, so we have eliminated all choices for β and shown that p3 in
fact cannot be principal. By a similar argument, p2 is not principal. After establishing this,
it follows that C(OK ) = Z/6Z.
√
Example 14.10.9. Let K = Q(θ) where θ = 3 11. Then Z[θ] ⊆ OK – in fact Z[θ] is the
whole ring of integers but we won’t need that here. We can compute the discriminant to be

D = D(1, θ, θ2 ) = −33 113 = −3267.

Then dK | D so we will use D in the Minkowski bound:

3! 4 √
 
BK = 3267 ≈ 16.17.
27 π

Thus C(OK ) is generated by the ideal classes with representatives p such that N(p) < 17;
then it suffices to consider the primes lying over p = 2, 3, 5, 7, 11 and 13. Using the techniques
from Section 14.5, we see that
ˆ x3 − 11 ≡ (x − 1)(x2 + x + 1) mod 2 so 2OK = p2 p02 with N(p2 ) = 2 and N(p02 ) = 4.

ˆ x3 − 11 ≡ (x − 1)(x2 + x + 1) mod 5 as well, so 5OK = p5 p05 with N(p5 ) = 5 and

N(p05 ) = 25.

194
14.10. The Unit Theorem Chapter 14. Algebraic Number Fields

ˆ x3 − 11 is irreducible mod 7, so 7OK = p7 is prime and N(p7 ) = 343.

ˆ x3 − 11 is also irreducible mod 13, so 13OK = p13 is prime as well and N(p13 ) = 2197.

ˆ 11 is ramified since it divides the discriminant. Then N (θ) = 11 so 11OK = p311 , where
p11 = θOK .

ˆ 3 is also ramified so 3OK = p3 , prime.

Note that for any k ∈ Z, θ + k has minimal polynomial (x − k)3 − 11 and so N (θ + k) =

k 3 + 11. This fact will be useful in several calculations below. In particular, N (θ − 2) = 3
so p3 = (θ − 2)OK is prime. It follows that 3OK = p33 .
We can immediately throw out p3 , p7 , p11 and p13 since they are all principal. Further,
p2 p2 and p5 p05 are each principal, so C(OK ) is generated by p2 and p5 . Also, by the fact
0

above N (θ − 1) = 10 = 2 · 5 so (θ − 1)OK is the product of primes with norm 2 and 5. This

must be p2 and p5 so we conclude that p2 is the sole generator of C(OK ).
To use the power of the Unit Theorem, note that r = s = 1 and so UK = {±um } for
a fundamental unit u. It turns out that u = 89 + 40θ + 18θ2 . Now suppose p2 = αOK for
some α ∈ OK . By a similar trick as above, N (θ2 + k) = k 3 + 121 for any k ∈ Z, and so
N (θ2 − 5) = −4, showing N((θ2 − 5)OK ) = 4. It turns out that (θ2 − 5)OK 6= p02 , so we
must have (θ2 − 5)OK = p22 . Then p22 = α2 OK = (θ2 − 5)OK which means α2 = (θ2 − 5)w
for some unit w ∈ UK . For any prime ideal p, it must be that

±ud (θ2 − 5) ≡ β mod p

where β is a square mod p, the sign is fixed and d = 0, 1 (since w = ±um ). First consider
p3 = (θ − 2)OK . The map OK → OK /p3 is given by θ 7→ 2. Then

β ≡ ±(89 + 40(2) + 18(4))d (4 − 5) ≡ ±(1)d (−1) (mod 3).

Since −1 is not a square mod 3, the sign must be negative. Next, the trick allows us to
calculate
N (θ + 9) = 740 = 22 · 5 · 37
so (θ + 9)OK is divisible by a prime p37 with norm 37 and residue degree 1. In OK /p37 ∼
= F37 ,
we map θ 7→ −9 and compute

β ≡ −(89 − 40(9) + 18(81))d (81 − 5) ≡ −(3)d (2) (mod 37).

However, note that

     
3 −1 2
=1 = 1 and = −1
37 37 37
   d    
β 3 −1 2
so = = −1 which shows β is not a square mod 37. Hence p2 is
37 37 37 37
not principal, and we have proven that h(K) = |C(OK )| = 2.

195
Chapter 15

Local Fields

196
15.1. Discrete Valuation Rings Chapter 15. Local Fields

15.1 Discrete Valuation Rings

Definition. A local Dedekind domain A is called a discrete valuation ring (DVR for
short). Its residue field is, as with any local ring, the quotient k = A/m where m is the
unique maximal ideal of A.

The following definition and proposition explain the where the term discrete valuation
ring comes from.

Definition. Let A be a ring. Then a valuation on A is a function v : A r {0} → Z≥0

satisfying:

(i) v(xy) = v(x) + v(y) for all x, y ∈ A r {0}.

(ii) v(x + y) ≥ min{v(x), v(y)} for all x, y ∈ A r {0}.

(iii) v(x) = 0 if and only if x ∈ A× .

A valuation v is a discrete valuation if it is surjective.

Proposition 15.1.1. For an integral domain A, the following are equivalent:

(1) A is a DVR.

(2) There is a discrete valuation v on A.

Proof. (i) =⇒ (ii) Since A is a DVR, it is a PID by commutative algebra so each x ∈ A can
be written uniquely as x = uπ n for π generating the maximal ideal m ⊂ A. Define v(x) = n.
Then one verifies v is a discrete valuation on A.
(ii) =⇒ (i) The maximal ideal is m = {x ∈ A | v(x) > 0}. It’s easy to check that A is
local, integrally closed and therefore a DVR.
It is common to
extend a valuation v on A to the field of fractions K of A by setting
v(0) = ∞ and v ab = v(a) − v(b) to get a function v : K → Z ∪ {∞}.

Example 15.1.2. Let p be a prime and consider the localization of Z at the prime ideal
(p):
Z(p) = ab ∈ Q : a, b ∈ Z, p - b .


0
Then Z(p) is a DVR with valuation v ab = r if we can write ab = pr ab0 for integers a0 , b0 not

divisible by p.

Example 15.1.3. Let k be a field and consider the polynomial ring k[t]. Localizing at the
maximal ideal (t), we get a discrete valuation ring
n o
C[t](t) = pq ∈ k(t) : p, q ∈ k[t], t - q ,
  0
p p
where, much like Example 15.1.2, the valuation is v q
= r if we can write q
= tr pq0 for
polynomials p0 , q 0 ∈ k[t] not divisible by t.

197
15.1. Discrete Valuation Rings Chapter 15. Local Fields

Example 15.1.4. Let k be a field and consider the power series ring k[[t]] with maximal
ideal (t). Then the local ring k[[t]](t) is a DVR with valuation
∞
!
X
v ai ti = min{i ≥ 0 | ai 6= 0}.
i=0

Example 15.1.5. Let Fq be a finite field with q elements and consider the function field
k = Fq (t) in one variable. Then the discrete valuations on k are parametrized by the set of
irreducible monic polynomials f ∈ Fq [t], together with a point at ∞ which corresponds to
the degree valuation:
v∞ hg = deg h − deg g.

Lemma 15.1.6. Let QrA bevi a Dedekind domain and take a nonzero element α ∈ A with
factorization (α) = i=1 pi , with pj prime ideals and vi ≥ 1. Then for any pj ,
v
xApj = pj j Apj

while for any prime ideal p not dividing (x), xAp = Ap .

Proof. This just comes from the commutative algebra correspondence between ideals in Ap
and ideals in A contained in p.
Theorem 15.1.7. Let A be a Dedekind domain with field of fractions K. Then there are
bijective correspondences
     
nonzero prime ideals discrete valuation rings discrete valuations
←→ ←→ .
p⊂A R⊂K v : K → Z ∪ {∞}

Proof. A prime ideal p determines a local ring Ap which is a discrete valuation ring with
valuation (
vj , if p = pj for (x) = ri=1 pvi i
Q
v(x) =
0, if p - (x).
It follows from Lemma 15.1.6 that v is a discrete valuation. Proposition 15.1.1 shows that
DVRs and discrete valuations are in bijection. Finally, if s : A → K is the canonical
embedding and R ⊂ K is a DVR with maximal ideal mR , then s−1 (mR ) is a nonzero prime
of A.
Definition. Let A be a Dedekind domain with field of fractionsS K and suppose S ⊆ Spec A
contains all but finitely many prime ideals of A. Set U = p∈S p and define the “semi-
localization” n o
AS = U −1 A = fg ∈ K : f, g ∈ A, g 6∈ p for any p ∈ S .

Lemma 15.1.8. AS is a Dedekind domain.

Proof. It is a standard fact from commutative algebra that the localization of a Dedekind
domain at any multiplicative set is also Dedekind.
Let CA and CAS denote the class groups of the Dedekind domains A and AS , respectively.

198
15.1. Discrete Valuation Rings Chapter 15. Local Fields

Proposition 15.1.9. Let A be a Dedekind domain and S ⊆ Spec A a set of primes excluding
only finitely many of the primes of A. Then there is an exact sequence
M
1 → A× → A× S → K × /A×p → CA → CAS → 1.
p6∈S

Proof. First, A× ,→ A× S is a natural inclusion (by the universal property of localization),

while the direct sum of the natural inclusions A× × ×
S ,→ K /Ap for p 6∈ S give the map
M
A×
S → K × /A×
p.
p6∈S

For each DVR Ap ⊂ K, the associated valuation vp : K × → Z is surjective with kernel A×

p
so we get an isomorphism
∼
M M
K × /A×p = Z.
p6∈S p6∈S

The map CA → CAS is given by [I] 7→ [IAS ], and the middle map comes from
M
Z −→ CA
p6∈S
" #
Y
(ap )p6∈S 7−→ pap .
p6∈S

One can check that all of these maps are well-defined.

Now exactness at A× is trivial: this map is an embedding by the universal property of
localization. For CA → CAS , it is a commutative algebra fact again that every ideal of AS is
an extended ideal of A so we have surjectivity.
For exactness at A× × × × × ×
L
S , let f : AS → p6∈S K /Ap . Then clearly im(A ,→ AS ) ⊆ ker f .
On the other hand, if x ∈ ker f , consider the prime factorization of Ax. Since x ∈ A×S , no p
outside S appears in the prime factorization of xA, while if p ∈ S, then x = fg with g 6∈ p so
p occurs in the factorization of xA with nonnegative exponent. The same holds for x−1 = fg :
if p occurs in the factorization of x−1 A, it occurs with nonnegative exponent. Hence the
exponent must be zero,
L so x ×has ×trivial prime factorization and thus x ∈ A× .
×
For exactness at p6∈S K /Ap , take x ∈ AS and suppose that
Y
xA = pvq
p∈Spec A
L
for vq ≥ 0. Then x maps to (vp )p6∈S in p6∈S Z, and all primes p ⊂ A with vp 6= 0 lie outside
S by the previous paragraph. Thus
Y
xA = pvq
p6∈S
Q vp
so (vp )p6∈S maps to [ p ] = [xA] = 1 in the class group of A. This proves the sequence is a
complex at p6∈S K × /A×
L
p.

199
15.1. Discrete Valuation Rings Chapter 15. Local Fields

Conversely, if p6∈S pvp = xA is principal, we just need to show that x ∈ A×

Q
S . We know
that x ∈ K . Further, observe that for any p 6∈ S, all elements of p andSof p−1 lie in
×

AS : if y ∈ p−1 then pp−1 = A allows us to write xy ∈ A for some z ∈ p r q∈S q so that

×
y = zy vp
Q
z
∈ A S . Therefore any element of p6∈S p lies in AS , so x ∈ AS . This proves exactness
at the middle term.
Finally, the sequence is a complex at CA because for any p 6∈ S, [pAS ] = 1. On the other
hand, suppose I is a fractional ideal of A such that IASQ= xAS for some x ∈ K × ; without
loss of generality we may assume IAS = AS . Write I = p pvp . Notice that if vq > 0 for any
q ∈ S, then Y
IAS = (pAS )vp ⊆ qAS 6= AS ,
p

contradicting IAS =L AS . Therefore none of the p in the factorization of IAS lie in S, so IAS
lies in the image of p6∈S Z. Hence the entire sequence is exact.

Corollary 15.1.10. Let A be a Dedekind domain and S ⊆ Spec A a set of primes excluding
finitely many primes of A. Then if the class number |CA | is finite, so is |CAS |.
×
Definition. For a number field K and a cofinite set of primes S of OK , OK,S is called the
group of S-units of K and CK,S = COK,S the S-class group of K.

Corollary 15.1.11 (Dirichlet’s S-Unit Theorem). If A = OK is the ring of integers in an

algebraic number field of degree n = r + 2s, then
×
OK,S ∼
= Zr+s−1+N × µ(K)

where N is the finite number of primes excluded from S.

×
Proof. By the ordinary unit theorem (14.10.2), it is enough to show that the rank of OK,S
is r + s − 1 + N . By Corollaries 14.9.6 and 15.1.10, CK and CK,S are finite so taking the
×
alternating sum of ranks on the exact sequence in Proposition 15.1.9, we get rank(OK,S )=
×
rank(OK ) + N .

Corollary 15.1.12. For any number field K, there exists a cofinite set S of prime ideals of
OK such that CK,S = 1.

Proof. Let a1 , . . . , am be representatives of the class group CK and take T to be

Lthe set of all
prime divisors of any aj . Then S = Spec(OK ) r T is the desired set: the map p6∈S Z → CK
in Proposition 15.1.9 is surjective, so by exactness, CK,S = 1.

200
15.2. The p-adic Numbers Chapter 15. Local Fields

15.2 The p-adic Numbers

In this section we define and explore some basic properties of the p-adic numbers, first dis-
covered by Kurt Hensel. His original inspiration for defining such numbers was the ubiquity
of power series expansions in analysis and their potential utility in number theory.
Let K be a field and take some polynomial f (x) ∈ K[x]. Given a ∈ K, we can write
n
X
f (x) = ai (x − a)i for some ai ∈ K.
i=0

Observe that the coefficients ai are related to derivatives f (i) (a), as in Taylor’s theorem. If
g(x)
instead we have a rational function f (x) = h(x) ∈ K[x](x−a) for g, h ∈ K[x] where h(a) 6= 0,
then we can still write a formal power series expansion of f (x) about x = a:
∞
f (x) X
≈ ai (x − a)i for ai ∈ K.
g(x) i=0

This is the beginning of a fruitful dictionary between the integers Z and polynomial rings
over a field:
Z K[x]
prime ideal (p) maximal ideal (x − a)
reduction of a mod p evaluation f (a)
reduction of a mod pn+1 nth derivative f (n) (a)

Running with this idea, given a positive integer x ∈ Z, we can write

n
X
x= ai p i for ai ∈ {0, 1, . . . , p − 1}.
i=0

If x ∈ Z(p) , the
Plocalization at (p) (see Example 15.1.2), then we would like to write a formal
power series ∞ a
i=0 i p i
with ai ∈ {0, 1, . . . , p − 1} that represents x.

Example 15.2.1. Take p = 5 and x = 233. Then the 5-adic expansion gives a “power
series” for 233:
233 = 3 · 1 + 1 · 5 + 4 · 52 + 1 · 53 + 0 · 54 + . . .

Definition. For a prime p, a p-adic integer is a formal infinite sum ∞ i

P
i=0 ai p for ai ∈
{0, 1, . . . , p − 1}. The set of all p-adic integers is denoted Zp .

Notice that every p-adic integer has a well-defined residue class modulo pn for each n ≥ 0.
On the other hand, every element ofPthe local ring Z(p) has a well-defined residue class mod
pn . For x ∈ Z(p) , we will write x = ∞ i
i=0 ai p if both of these objects have the same residue
mod pn for all n ≥ 0. In other words, we Phave a map Z(p) → Zp . To see that the map is
∞
injective, suppose x, y ∈ Z(p) with x = i=0 ai pi = y. Then x − y ≡ 0 (mod pn ) for all
n ≥ 0, so we must have x = y.

201
15.2. The p-adic Numbers Chapter 15. Local Fields

Example 15.2.2. Beware that these “p-power series” expansions do not always behave as
they do in the analytic case. For example, take x = −1. Then for each n ≥ 0,
n−1
X
(p − 1)pi = pn − 1 ≡ −1 (mod pn ).
i=0
P∞
Thus −1 has p-adic expansion i=0 (p − 1)pi for any prime p. When p = 2, this gives the
famous “identity”
−1 = 1 + 2 + 4 + 8 + 16 + . . .
In ordinary integers, such a sum does not converge, but in 2-adic land it does! Alternatively,
the power series
1
= 1 + x + x2 + x3 + . . .
1−x
does not converge for x = 2, but it does converge in 2-adic numbers! In general, the above
shows that
1
= 1 + p + p2 + p3 + . . .
1−p
is valid in Zp .

In the polynomial ring case, we have strict containments of rings K[x] ( K[x](x−a) (
K[[x − a]]. Similarly, we have containments of sets Z ( Z(p) ( Zp for any prime p. Our next
goal is to give Zp the structure of a ring.
Informally, we can think of a p-adic integer as a sequence of residue classes in Z/pZ, Z/p2 Z, Z/p3 Z, . . .
which are compatible with the sequence of homomorphisms
λ λ λ
3
· · · −→ Z/p3 Z −→
2
Z/p2 Z −→
1
Z/pZ.

(In commutative algebra, this system of abelian groups and homomorphisms is called an
inverse system and such a sequence of residue classes is called a coherent sequence.) Then
we can view Zp as a (proper) subset of Z/pZ × Z/p2 Z × Z/p3 Z × · · · :

Zp = {x = (xi )∞ i
i=1 | xi ∈ Z/p Z and λi (xi+1 ) = xi for all i ∈ N}.

In other words, Zp is an inverse limit, Zp = lim Z/pi Z.

←−

Lemma 15.2.3. If x = (xi ) and y = (yi ) are coherent sequences of residue classes in
i
(Z/p
Q∞ Z)i∈N then so are x + y = (xi + yi ) and xy = (xi yi ). That is, Zp is a subring of
i
i=1 Z/p Z.

Further, Zp is the completion of the DVR Z(p) with respect to a certain metric topology
called the p-adic topology, which we will discuss further in Section 15.3. One important fact
is that Z(p) is a dense subring of Zp .

Lemma 15.2.4. Let p be prime. Then

(1) The image of (p)Z(p) in Zp is a maximal ideal, also denoted by (p).

202
15.2. The p-adic Numbers Chapter 15. Local Fields

(2) Zp is a DVR with discrete valuation vp (x) = n if x ∈ (pn ) but x 6∈ (pn+1 ).

h i
(3) The field of fractions of Zp is Zp p1 .

Definition. The field of fractions of Zp is called the field of p-adic numbers, written Qp .
By definition any element of Qp can be written as p−m x for some x ∈ Zp and m ≥ 0:
m m m
X 1 X
m−i −m −m
X
bi = b i p p = p bi pm−i .
i=0
pi i=1 i=0

Addition in Qp is given by p−m x + p−r y = p−m (x + pm−r y) if m ≥ r, while multiplication is

simply (p−m x)(p−r y) = p−(m+r) xy. Note that Qp is a field of characteristic 0, so it contains Q
as a subfield. More formally, there is a canonical embedding Q ,→ Qp making the following
diagram commute:

Q Qp

Z(p) Zp

Concretely, elements of Qp may be thought of as p-adic Laurent series ∞ i

P
i=−m ai p with
ai ∈ {0, 1, . . . , p − 1}. By analogy, the field of fractions of K[[x − a]] is K((x − a)), the field
of Laurent series over K.
Definition. For every prime integer p ∈ Z, the p-adic valuation on Q is the valuation
vp : Q → Z ∪ {∞} defined by vp (x) = m if x = pm ab for a, b ∈ Z with p - ab, and vp (0) = ∞.
Definition. A valuation v on a ring A is called nonarchimedean if for every x, y ∈ A,
v(x + y) ≥ min{v(x), v(y)} with equality if and only if v(x) 6= v(y).
Lemma 15.2.5. Every p-adic valuation on Q is nonarchimedean.
Definition. For a prime p, the (normalized) p-adic absolute value on Q is defined by
|x|p = p−vp (x) for x =
6 0 and |0|p = 0.
Lemma 15.2.6. The p-adic absolute value is a norm on Q for all primes p.
Thus every p-adic valuation gives rise to a metric topology on Q: dp (x, y) = |x − y|p .
This topology is called the p-adic topology on Q. For the standard absolute value inducing
the (Euclidean) metric topology on Q, we will write | · |∞ .
Lemma 15.2.7 (Product Formula). Let x ∈ Q be nonzero. Then
Y
|x|p = 1,
p

where the product is over all primes p plus the “infinite prime” p = ∞.

203
15.2. The p-adic Numbers Chapter 15. Local Fields

Proof. Since norms are multiplicative, it’s enough to check the product formula when x is
prime and x = −1. When x = −1, | − 1|p = 1 for all primes p and | − 1|∞ = 1 so the product
formula holds trivially. If x = q is prime, we have

q, p = ∞

|q|p = 1q , p = q

1, p 6= q, ∞.


Thus the product formula holds in this case as well.

The following lemma demonstrates one of the curious aspects of topologies defined by
nonarchimedean absolute values.
Lemma 15.2.8. For p prime and a ∈ Q, define the p-adic ball around a of radius r:

Bp (a, r) = {c ∈ Q : |c − a|p < r}.

Then every point b ∈ Bp (a, r) is in fact the center of the ball. The same holds for any closed
ball B p (a, r).
Proof. Suppose c ∈ Bp (a, r) is any other point in the ball, so that |a − c|p < r. Since
b ∈ Bp (a, r), we have

|b − c|p = |b − a + a − c|p ≤ max{|b − a|p , |a − c|p } < r.

Hence c ∈ Bp (b, r), so Bp (a, r) ⊆ Bp (b, r). Reversing the roles of a and b gives Bp (a, r) =
Bp (b, r).
It is not hard to show Q is not complete with respect to | · |p for any prime p, and we
know from real analysis that | · |∞ does not define a complete topology on Q either. Thus we
can complete Q with respect to any of these topologies by constructing the ring of Cauchy
sequences and taking the quotient by the ideal of sequences whose limit is 0.
Lemma 15.2.9. The completion of Q with respect to any valuation | · |p , for p prime or
p = ∞, is a topological field. Moreover, this completion is precisely Qp if p is prime and R
if p = ∞. Finally, when p is prime, Zp = {x ∈ Qp : |x|p ≤ 1}.
Proof. (Sketch) The p = ∞ case is dealt with in a basic
P∞real analysis course, so assume p is
i
a finite prime. We may identify any p-adic number i=−m ai p with the Cauchy sequence
(sn ) defined by
Xn
sn = ai pi ∈ Q.
i=−m

On the other hand, for any n, any Cauchy sequence is eventually constant mod pn . Thus we
may associate such a sequence (sn ) to a sum
n−1
X
ai p i
i=−m

204
15.2. The p-adic Numbers Chapter 15. Local Fields

P∞
for each n ∈ N. Given this identification, we can treat i=−m ai pi as a convergent power
series in Qp . We know that  
X∞ 
ai p i  = p m
 

 
i=−m p

by the ultrametric property, so

∞
X
y= ai pi ∈ {x ∈ Qp : |x|p ≤ 1} ⇐⇒ m ≤ 0 ⇐⇒ y ∈ Zp .
i=−m

Therefore the p-adic integers are as described.

We now have three different interpretations of the field of p-adic numbers Qp :

ˆ Formal power series (an analytic interpretation);

ˆ The fraction field of Zp (an algebraic interpretation);

ˆ The completion of Q with respect to a norm | · |p (a topological interpretation).

Proposition 15.2.10. For any prime p, Zp is the closure of Z in Qp .

P∞ i
Proof.PIf x ∈ Zp , write x = i=0 ai p . Then x is the convergent limit of the sequence
n i
sn = i=0 ai ∈ Z. On the other hand, if x 6∈ Zp then |x|p > 1 but no sequence (yn ) ⊆ Z can
converge to x because |yn |p ≤ 1 for all n. Therefore Zp = Z.
Notice that Z×
p = {x ∈ Zp : |x|p = 1}. This description of units will become useful in
later results.

Theorem 15.2.11. For any prime p, Zp ∼

= Z[[x]]/(x − p) as rings.
Proof. Consider the map

ϕ : Z[[x]] −→ Zp
X∞ ∞
X
ai xi 7−→ ai p i ,
i=0 i=0

where the power series on the right is treated as a convergent power series per previous
remarks. Clearly ϕ is surjective by the definition of Zp . Moreover,
P∞ iti is a ring homomorphism
by construction and (x−p) ⊆ ker ϕ. If y ∈ ker ϕ, then y = i=0 ai x such that ni=0 ai pi ≡ 0
P
1
(mod pn+1 ) for all n ≥ 0. For each n, let bn = − pn+1 (a0 + a1 p + . . . + an pn ). Then

(b0 + b1 x + b2 x2 + . . .)(x − p) = (a0 + a1 p + a2 p2 + . . .)

so y ∈ (x − p) and hence ker ϕ = (x − p). Now apply the first isomorphism theorem.

205
15.3. Absolute Values Chapter 15. Local Fields

15.3 Absolute Values

In this section we generalize the notion of the p-adic valuation, absolute value and metric
topology to any field K.
Definition. Let K be a field. An absolute value on K is a function | · | : K → R such that
(1) |x| ≥ 0 for all x ∈ K, with |x| = 0 if and only if x = 0.
(2) |xy| = |x| |y| for all x, y ∈ K.
(3) |x + y| ≤ |x| + |y| for all x, y ∈ K.
Remark. Axiom (3) implies that |ζ| = 1 for any root of unity ζ ∈ K such that ζ n = 1.
Definition. An absolute value | · | : K → R≥0 is called nonarchimedean if |x + y| ≤
max{|x|, |y|} for any x, y ∈ K. Otherwise | · | is called archimedean.
Example 15.3.1. The trivial absolute value is defined for any field K:
(
1, x 6= 0
|x|0 =
0, x = 0.
Example 15.3.2. The standard absolute value
(
x, x≥0
|x| =
−x, x < 0
is an archimedean absolute value on Q.
Example 15.3.3. For any prime number p ∈ Z, the p-adic absolute value defined in Sec-
tion 15.2 is a nonarchimedean absolute value on Q.
The following result establishes an easy condition to check for when an absolute value is
nonarchimedean.
Lemma 15.3.4. An absolute value | · | : K → R≥0 is nonarchimedean if and only if |x| ≤ 1
for all x ∈ {n1K : n ∈ Z}.
Proof. ( =⇒ ) is immediate from the definition of nonarchimedean.
( ⇒= ) Suppose |x| ≥ |y| for x, y ∈ K. Then |x|ν |y|n−ν ≤ |x|n for any 0 ≤ ν ≤ n so we
have
|x + y|n = |(x + y)n |
 n   
X n 
ν n−ν 
= x y  by the binomial theorem


ν=0
ν 
n   
X  n  ν n−ν
≤  ν  |x| |y|
  by the triangle inequality
ν=0
n  
X
n n
≤ |x| since ∈Z
ν=0
ν
= (n + 1)|x|n .

206
15.3. Absolute Values Chapter 15. Local Fields

√
So |x + y| ≤ n n + 1|x|. Taking n → ∞, (n + 1)1/n approaches 1 so we get |x + y| ≤ |x|.
Hence | · | is nonarchimedean.

Corollary 15.3.5. If char K = p > 0, then every absolute value on K is nonarchimedean.

Definition. Two absolute values | · |1 and | · |2 on K are said to be equivalent, written

| · |1 ∼ | · |2 , if they induce the same metric topology on K, i.e. if there are constants r, s > 0
such that for every x, y ∈ K,

|x − y|2 ≤ |x − y|r1 and |x − y|1 ≤ |x − y|s2 .

Proposition 15.3.6. If | · |1 and | · |2 are two nontrivial, equivalent absolute values on K

then there exists a constant s > 0 such that |x|1 = |x|s2 for all x ∈ K.

Proof. Notice that if | · |1 ∼ | · |2 then xn → 0 in | · |1 if and only if xn → 0 in | · |2 . This

implies that |x|1 < 1 if and only if |x|2 < 1. Now let y ∈ K satisfy |y|1 > 1 and take x ∈ K ×
so that |x|1 = |y|α1 for α ∈ R. If mi , ni ∈ Z are sequences of integers such that each ni > 0
m /n
and m i
ni
converges from above to α but m ni
i
6= α for any i, then |x|1 = |y|α1 < |y|1 i i for all i.
Thus  n   n 
x i 
 < 1 =⇒  x  < 1 =⇒ |x|2 < |y|m
 i i /ni

 y mi   y mi  2 .
1 2

Taking i → ∞ so that mni

i
→ α, we get |x|2 ≤ |y|α2 . If we take such a sequence mi
ni
converging
to α from below, we get |x|2 ≥ |y|α2 , so |x|2 = |y|α2 . Thus

log |x|1 log |y|1

= for all x ∈ K × .
log |x|2 log |y|2
log |x|1
This shows that the function s = log |x|2
is a constant function. Hence it follows that |x|1 =
|x|s2 for all x ∈ K.

Corollary 15.3.7. Each equivalent class of absolute values on a field K is characterized

uniquely by the set {x ∈ K : |x| < 1} for any | · | in the class.

Theorem 15.3.8 (Ostrowski). Every nontrivial absolute value | · | on Q is equivalent to | · |p

for some prime p if | · | is nonarchimedean and | · |∞ if | · | is archimedean.

Proof. First suppose | · | : Q → R≥0 is nonarchimedean. Let p ∈ N be minimal such that

|p| < 1, which exists since | · | is nontrivial and multiplicative; the latter even implies p can
be chosen prime. Set
I = {x ∈ Z : |x| < 1}.
Then I is an ideal of Z by the nonarchimedean property and Lemma 15.3.4. We certainly
have I ⊇ (p) but since (p) is a maximal ideal, we must have I = (p). Thus if a ∈ Z and
p - a, |a| = 1. So for any m ∈ Z such that p - m, we have

|pn m| = |p|n |m| = |p|n .

207
15.3. Absolute Values Chapter 15. Local Fields

 s
This shows that | · | = where s is the unique positive number satisfying |p| = p1 . Thus
| · |sp
all nonarchimedean absolute values on Q are equivalent to a p-adic absolute value. (We call
the absolute value with s = 1 above the normalized p-adic absolute value, as in Section 15.2.)
Now assume |·| is archimedean. Suppose that for all m, n ∈ Z with m, n > 1, the absolute
value satisfies the following property: |m|1/ log m = |n|1/ log n (∗). Then for s > 0 such that
es = |n|1/ log n (for any n > 1), we have

log m
|m| = |n|1/ log n = es log m = ms = |m|s .

Therefore |m| = |m|s∞ and this holds for all m ∈ Q by multiplicativity. Thus it suffices to
check that any archimedean absolute value satisfies property (∗).
Fix m, n ∈ Z with m, n > 1 and write m in base n:

m = a0 + a1 n + . . . + ar n r for 0 ≤ ai < n.
log m
Note that r ≤ log n
. Then

|m| = |a0 + a1 n + . . . + ar nr |
X r
≤ |ai | |n|i by the triangle inequality
i=0
 
log m
≤ 1+ |n| · |n|log m/ log n
log n
 
log m
= 1+ |n|1+log m/ log n .
log n

Replacing m with mk for k > 1, we get

 
k k log m
|m| ≤ 1 + n1+k log m/ log n
log n
 1/k
k log m
=⇒ |m| ≤ 1 + |n|1/k+log m/ log n .
log n

Letting k → ∞, we then obtain |m| ≤ |n|log m/ log n , or |m|1 log m ≤ |n|1/ log n . Reversing the
roles of m and n gives the other inequality, establishing property (∗) and completing the
proof.
The following theorem may be seen as a certain generalization of the Chinese remainder
theorem.

Theorem 15.3.9 (Weak Approximation). Suppose | · |1 , . . . , | · |n are inequivalent absolute

values on K and choose a1 , . . . , an ∈ K. Then for all ε > 0, there exists an x ∈ K such that
|x − ai |i < ε.

Proof. For n = 1 this is trivial, so assume n ≥ 2. Since | · |1 and | · |n are not equivalent,
we know there exists α ∈ K such that |α|1 < 1 but |α|n ≥ 1. Likewise, there exists β ∈ K

208
15.3. Absolute Values Chapter 15. Local Fields

such that |β|1 ≥ 1 and |β|n < 1. Let y = αβ so that |y|1 > 1 and |y|n < 1. We will show that
there exists some z ∈ K such that |z|1 > 1 but |z|j < 1 for all 2 ≤ j ≤ n. The base case
of this statement was just proven, so to induct, pick z ∈ K such that |z|1 > 1 and |z|j < 1
for 2 ≤ j ≤ n − 1. If |z|n < 1 then we are done. If |z|n = 1 then z m y will work for some
zm
sufficiently large m. Finally, if |z|n > 1 then let tm = 1+z m so that as m → ∞, |tm |1 → 1,

|tm |n → 1 and |tm |j → 0 for all 2 ≤ j ≤ n − 1. Then tm y will work for sufficiently large m.
Now given z ∈ K such that |z|1 > 1 and |z|j < 1 for 2 ≤ j ≤ n, consider the same
zm
sequence tm = 1+z m . As m → ∞, we have

 m   
 z   1 
|tm |1 =  m
 = 1 −
m
 −→ 1
1+z 1   1 + z 1
 m 
 z 
|tm |j =   ≤ |z|m
j −→ 0 for all 2 ≤ j ≤ n.
m
1 + z j

Therefore one can find z1 such that |z1 − 1|1 < ε and |z1 |j < ε for 2 ≤ j ≤ n. Repeat
the process to pick z2 , . . . , zn with |zj − 1|j < ε and |zj |` < ε for ` 6= j. Then setting
x = a1 z1 + . . . an zn gives an element satisfying the desired norm conditions.
There exists a generalization, naturally called the strong approximation theorem, which
we will prove in Chapter 16.

Theorem 15.3.10 (Strong Approximation). Let S be a set of equivalence classes of absolute

valuations on a field K such that S does not contain at least one absolute value on K. Then
for any nonequivalent | · |1 , . . . , | · |n ∈ S, elements a1 , . . . , an ∈ K and ε > 0, there exists an
x ∈ K such that |x − ai |i < ε for each 1 ≤ i ≤ n and |x| < 1 for all | · | ∈ S r {| · |1 , . . . , | · |n }.

Proposition 15.3.11. The only fields that are complete with respect to an archimedean
absolute value are (R, | · |∞ ) and (C, | · |∞ ).

We now connect the theory of nonarchimedean absolute values with discrete valuations
on K (Section 15.1).

Proposition 15.3.12. Given a nonarchimedean absolute value | · | on K, setting v(x) =

− log |x| for all x ∈ K × and v(0) = ∞ defines a discrete valuation v : K → R ∪ {∞}.

Proof. For all x, y ∈ K, we have |xy| = |x| |y| which implies v(xy) = v(x) + v(y). Likewise,
|x + y| = max{|x|, |y|} implies v(x + y) ≥ min{v(x), v(y)}.

Definition. For a nonarchimedean absolute value | · | on a field K, define

O := {x ∈ K × | v(x) ≥ 0} ∪ {0} = {x ∈ K × : |x| ≤ 1} ∪ {0}

O× := {x ∈ K | v(x) = 0} = {x ∈ K : |x| = 1}
m := {x ∈ K | v(x) > 0} = {x ∈ K : |x| < 1}
κ := O/m,

called respectively the valuation ring, group of units, valuation ideal and residue field
of | · |.

209
15.3. Absolute Values Chapter 15. Local Fields

Example 15.3.13. The analogy between p-adic numbers and power series is borne out by
these concepts:
(K, | · |) (Qp , | · |p ) (C((t)), | · |t
O Zp C[[t]]
O× Zp ×
C[[t]]×
m pZp (t)
κ Fp C
Definition. If K is a field with a nonarchimedean absolute value and associated discrete
valuation, we will call the triple (K, | · |, v) a discretely valued field.

If (K, | · |, v) is a discretely valued field, then we have filtrations

O ⊃ m ⊇ m2 ⊇ m3 ⊇ · · · (of ideals)
O× ⊇ U (1) ⊇ U (2) ⊇ U (3) ⊇ · · · (of subgroups)

where U (n) = {x ∈ O× | x ≡ 1 mod mn } = {x ∈ O× | v(x) ≥ n}.

Proposition 15.3.14. Let (K, | · |, v) be discretely valued. Then for any n,

(1) O× /U (n) ∼
= (O/mn )× .
(2) U (n) /U (n+1) ∼
= O/m = κ.
Proof. (1) It is clear that the natural map O× → (O/mn )× is surjective with kernel U (n) .
(2) Pick a generator π of m. Then the map

U (n) −→ O/m
1 + π n a 7−→ a mod m

is surjective with kernel U (n+1) .

If v is a discrete valuation on K, we can form the completion Kb of K with respect to the
absolute value | · | = | · |v . Similar to Lemma 15.2.9, we have:

Lemma 15.3.15. For any valuation v on K,

b with respect to | · | is a field.
(a) The completion K

(b) | · | extends uniquely to an absolute value on K.

b

(c) K embeds as a dense subset of K.

b

We will also denote by | · | the unique extension of | · | to K.

b Define the completions of
the valuation ring and valuation ideal of | · | in K:
b

O b × : |x| ≤ 1} ∪ {0}
b = {x ∈ K
b × : |x| < 1}.
b = {x ∈ K
m

210
15.3. Absolute Values Chapter 15. Local Fields

Lemma 15.3.16. For any absolute value | · | on K, O/

b mb = O/m.

Let R ⊆ O be a system of representatives of O/m such that 0 is one of the representatives.

Then all elements of K
b can be written uniquely in the form

π m (a0 + a1 π + a2 π 2 + . . .)

with all ai ∈ R and m ≤ 0. This generalizes the construction of Qp in Section 15.2.

Example 15.3.17. If K = k(t), there is an absolute value | · | on K defined by |f | = e−m

where f = tm ab for t - a, b. Then Kb = k((t)) and Ob = k[[t]]. Thus it is natural to view
completions of discretely valued fields as “power series in π”, justifying in particular the
analogy in Example 15.3.13.

Proposition 15.3.18. For any discretely valued field (K, | · |, v), the completions of the
valuation ring and group of units are inverse limits:
b = lim O/mn
O
←−
b× = lim(O/mn )× = lim O× /U (n) .
O
←− ←−

For the rest of the section, assume K is a field which is complete with respect to a
discrete, nonarchimedean absolute value | · |.

Theorem 15.3.19 (Hensel’s Lemma). Suppose f (x) ∈ O[x] is a monic polynomial of degree
n and f¯(x) ∈ κ[x] admits a factorization

f¯(x) = ḡ(x)h̄(x)

for ḡ, h̄ relatively prime, monic polynomials over κ of degrees r and n − r, respectively. Then

f (x) = g(x)h(x)

for g(x), h(x) ∈ O[x] with deg g = r, deg h = n − r, ḡ(x) = g(x) mod m and h̄(x) = h(x)
mod m.

Proof. The idea is to find gk , hk ∈ O[x] inductively such that gk hk − f ∈ mk for all k ∈ N,
satisfying the conditions deg gk = r, deg hk = n − r, ḡ ≡ gk mod m and h̄ ≡ hk mod m.
For k = 1, let g1 and h1 be any monic lifts of ḡ, h̄ to O[x] with the correct degrees. To
induct, assume gk , hk have been constructed. By hypothesis, (ḡ) + (h̄) = (1) in κ[x] so for
all q̄ ∈ κ[x], there exist ā, b̄ ∈ κ[x] such that āḡ + b̄h̄ = q̄. If deg q̄ < n, then we can take
deg ā < n − r and deg b̄ < r. Let m = (π) and write gk hk − f = qπ k for some q ∈ O[x]
with deg q < n. Now let ā, b̄ ∈ κ[x] be as above for q̄, the reduction of this q mod m. Let
a, b ∈ O[x] be lifts of ā, b̄ with the same degrees and set

gk+1 = gk − π k b and hk+1 = hk − π k a.

211
15.3. Absolute Values Chapter 15. Local Fields

Then we have

gk+1 hk+1 = (gk − π k b)(hk − π k a)

= gk hk − π k bhk − π k agk + π 2k ab
≡ gk hk − π k (agk + bhk ) (mod π k+1 )
≡ gk hk − π k q (mod π k+1 )
≡f (mod π k+1 ) by induction.

Therefore gk+1 , hk+1 are constructed.

Now note that the coefficients of the sequences (gk ) and (hk ) form Cauchy sequences in
K. Since K is assume to be complete, each sequence of coefficients converges so we can
define the pointwise limits g = limk→∞ gk and h = limk→∞ hk which exist in O[x]. It is
routine to verify that these g, h are the functions we seek.
We recover the following result, which is sometimes known as Hensel’s lemma but is really
only a special case.
Corollary 15.3.20. If f (x) ∈ O[x] such that f¯(x) ∈ κ[x] has a simple root in κ then f (x)
has a simple root in O.
Proof. Apply Theorem 15.3.19 with r = 1.
Example 15.3.21. Consider f (x) = x2 − 14 in Z5 . Then the residue field is F5 and

x2 − 14 = (x − 2)(x + 2) (mod 5).

√
Thus by Hensel’s Lemma, x2 −14 = (x−α)(x+α) for some α ∈ Z5 . In particular, 14 ∈ Z5 .
Corollary 15.3.22. For each prime p, all (p − 1)st roots of unity lie in Zp .
Proof. Consider the polynomial f (x) = xp−1 − 1. Then f (x) splits completely in Fp and in
particular there are no multiple roots of f . Thus, xp−1 − 1 splits completely in Zp by Hensel’s
Lemma so all (p − 1)st roots are in Zp .
Definition. A function f ∈ O[x] is said to be primitive if some coefficient of f is a unit
in O.
The following version of Hensel’s Lemma will be useful.
Theorem 15.3.23 (Hensel’s Lemma II). Suppose f (x) ∈ O[x] is a primitive polynomial
such that f¯(x) = ḡ(x)h̄(x) in κ[x], with ḡ, h̄ coprime. Then f (x) = g(x)h(x) in O[x] for
g, h ∈ O[x] such that deg g = deg ḡ, deg h = deg h̄, g ≡ ḡ mod m and h ≡ h̄ mod m.
Example 15.3.24. Let K = Q5 and consider the polynomial f (x) = 5x2 + 8x + 5. Then
f¯(x) = 8x is a coprime factorization in F5 so there exist g, h ∈ Z5 [x], each of degree 1, such
that f (x) = g(x)h(x).
Corollary 15.3.25. If K is a complete nonarchimedean field and f (x) = ni=0 ai xi ∈ K[x]
P
is an irreducible, monic polynomial with a0 ∈ O, then every ai ∈ O.

212
15.3. Absolute Values Chapter 15. Local Fields

Proof. Scale f so that it is primitive in O[x]. Let r be the minimal integer such that ar ∈ O× .
Then
f¯(x) ≡ xr (ar + . . . + xn−r ) mod m.
If 0 < r < n, this contradicts Theorem 15.3.23 and the irreducibility of f . If r = 0, then a0
is a unit after scaling, or in other words, no scaling took place. Likewise, if r = n, no scaling
took place. In all cases, f must be primitive to begin with, so all coefficients lie in O.

213
15.4. Local Fields Chapter 15. Local Fields

15.4 Local Fields

Definition. A local field is a complete, discretely valued field with finite residue field.

Example 15.4.1. For any prime integer p, the p-adic field Qp and the field of Laurent series
Fp ((t)) are both local fields.

Remark. Elsewhere in the literature, it is sometimes required that a discretely valued field
has a perfect residue field to be local. Other times, the residue field is allowed to be arbitrary.
Many times R and C are included in the definition of local field, as they bear similarities to
the prototypical examples of local fields Qp and Fp ((t)).

Lemma 15.4.2. A field K is a local field if and only if K admits a discrete, nonarchimedean
valuation with respect to which K is locally compact.

Proof. ( =⇒ ) Since K is a topological field, it’s enough to show that K has a compact open
neighborhood of 0. Notice that OK is an open neighborhood of 0. If mK is the maximal
ideal of OK , then Proposition 15.3.18 gives us

OK ∼
= lim OK /mn
←−

OK /mn . By Tychonoff’s theorem, OK /mn is compact

Q Q
which is closed in the
Qproductn
and therefore OK ⊂ OK /m is compact.
( ⇒= ) For exercise.
Note that K itself is not compact, as

K = OK ∪ m−1 −2
K OK ∪ mK OK ∪ · · ·

is an open cover with no finite subcover.

Theorem 15.4.3. Every local field is a finite extension of Qp or Fp ((t)) for some prime
integer p.

Proof. Let K, OK , mK , πK , κ, v be as usual and let char κ = p. If char K = 0, certainly

K ⊇ Q so p ∈ mK , which means that v|Q must be equal to the p-adic valuation vp on
Q. Since K is complete, we have K ⊇ Qp . It will follow from the fundamental equality
(Proposition 15.6.1) that [K : Qp ] = ef , where e = [v(K × ) : vp (Q× p )] < ∞ because K
is discretely valued and f = [κ : Fp ] < ∞ because κ is a finite field of characteristic p.
Therefore K/Qp is a finite extension.
On the other hand, suppose char K = p. Then κ = Fp (α) for some α algebraic over Fp
which has minimal polynomial f ∈ Fp [t]. Then f is separable because Fp is perfect, so by
Hensel’s Lemma (Theorem 15.3.19), f splits completely over K (viewed as a polynomial with
coefficients in K ⊇ Fp ). Thus κ is isomorphic to a subfield of K; assume
P∞ κ ⊆ iK. Since K
is complete and discretely valued, all elements of K are of the form i=−N ai πK for ai ∈ κ.
This implies K = κ((πK )) ∼ = κ((t)). Finally, since κ/Fp is a finite extension, κ((t))/Fp ((t))
is a finite extension and thus so is K/Fp ((t)). This completes the proof.

214
15.4. Local Fields Chapter 15. Local Fields

Let K be a local field with residue field κ. Then char κ = p > 0 for some prime p. When
char K = 0, we call this the mixed characteristic case, whereas char K = p is called the equal
characteristic case.

Corollary 15.4.4. The only locally compact fields are R, C and finite extensions of Qp and
Fp ((t)) for p prime.

Let K be a local field, with OK , mK , πK , κ and v as usual and set q = |OK /mK | = |κ|.
We now describe the group structure of K × .

Proposition 15.4.5. For any local field K,

K× ∼
= Z × Z/(q − 1)Z × U (1)

where U (1) = {1 + x ∈ OK | x ∈ mnK }.

×
Proof. If α ∈ K × then α = πK n
u for a unique unit u ∈ OK and n ∈ Z. Now by Corol-
× ∼
lary 15.3.22, µq−1 ⊆ K and it is easy then to see that Fq = µq−1 . So u factors uniquely as
u = xv, where ū = x ∈ µq−1 and v̄ = 1. Thus α = πK n
xv uniquely. Identifying hπK i ∼
= Z and
µq−1 ∈ Z/(q − 1)Z, we get the desired isomorphism.
Let K be a characteristic 0 local field, with char κ = p. We next define analogues of the
logarithmic and exponential functions for K.

Proposition 15.4.6. There exists a unique homomorphism log : K × → K satisfying

(1) log(p) = 0.
x2 x3
(2) For all 1 + x ∈ U (1) , log(1 + x) = x − + − ...
2 3
2 3
Proof. If v(x) > 0 then the infinite sum x − x2 + x3 − . . . converges so this power series
is well-defined on U (1) . Note also that if such a log function is defined, it must necessarily
satisfy log(ω) = 0 for any root of unity ω, since

0 = log(1) = log(ω n ) = n log(ω) =⇒ log(ω) = 0.

e
By Proposition 15.4.6, we may write p = πK ω(p)u(p) for unique e ∈ Z, ω(p) ∈ µq−1 and
(1) 1
u(p) ∈ U . Define log(πK ) = − e log(u(p)). This is well-defined since the decomposition of p
is unique. Now for any α ∈ K × , use Proposition 15.4.6 to write α = πK
n
ωu for n ∈ Z, ω ∈ µp−1
(1) ×
and u ∈ U . Extend the definition of log to K by log(x) = n log(πK ) + log(u). This
converges and log(p) = 0 by construction. Further, it’s immediate by the definition that
log is a homomorphism on hπK i and µq−1 . One can check that the power series expansion
converges on U (1) by computing valuations. Moreover, by the power series identity,

log((1 + x)(1 + y)) = log(1 + x + y + xy)

for all 1 + x, 1 + y ∈ U (1) , so log is indeed a homomorphism.

215
15.4. Local Fields Chapter 15. Local Fields

This defines the formal logarithm on K. Next, define the exponential function

x2 x3
exp(x) = 1 + x + + + ...
2! 3!
e
Lemma 15.4.7. exp(x) converges on mnK whenever n > p−1
, where e = eK/Qp = v(p).
22 23
Example 15.4.8. In K = Q2 , exp(2) = 1 + 2 + 2!
+ 2!
+ . . . does not converge. This is
1
reflected by the fact that v(2) = 1 6> 2−1 = 1.

Proposition 15.4.9. For any local field K of characteristic 0, exp : mn → K × is a homo-

e
morphism with images in U (n) whenever n > p−1 .

Lemma 15.4.10. The functions exp and log are continuous on their domains.
e
Theorem 15.4.11. When n > p−1 , exp : mn → U (n) and log : U (n) → mn are inverse
isomorphisms of topological groups.

Now K × ∼= Z × Z/(q − 1)Z × U (1) (Proposition 15.4.6) and one can show that U (1) is a
Zp -module via the action x · u = ux for all u ∈ U (1) and x ∈ Zp . One also computes the
torsion part of U (1) to be U (1) ∩ µ∞ , where µ∞ is the set of all roots of unity in K. For any
n ≥ 1, the rank of the Zp -submodule U (n) is rankZp U (n) = rankZp mn = rankZp OK . Putting
everything together, we get:

Theorem 15.4.12. If K is a characteristic 0 local field of degree d = [K : Qp ], then

K× ∼
= Z × (K ∩ µ∞ ) × Zdp .

216
15.5. Henselian Fields Chapter 15. Local Fields

15.5 Henselian Fields

Many useful number theoretic properties of a field may be derived solely from the lifting
property in Hensel’s Lemma, so we may weaken the completeness assumptions at the end of
Section 15.3 as follows.

Definition. A field K is Henselian if there exists a nonarchimedean absolute value | · |

on K with valuation ring O such that Hensel’s Lemma (either Theorem 15.3.19 or 15.3.23)
holds for irreducible polynomials in O[x].

Example 15.5.1. By Hensel’s Lemma, complete, discretely valued fields are Henselian.

Suppose (K, | · |, v) is a nonarchimedean field. Taking its completion K,

b we can consider
the subextension K ⊆ K h ⊆ K b defined by

K h = {α ∈ K
b | α is separable over K}.

b (Lemma 15.3.15); denote their restrictions to K h ⊆ K

Then v and | · | extend uniquely to K b
h h
also by v and |·|. This makes K into a nonarchimedean field with valuation ring O := OK h .
Note that O ⊆ Oh ⊆ O. b Since the value groups and residue fields of K and K
b are the same
(Lemma 15.3.16), the value group and residue field of Oh must coincide with these as well.

Lemma 15.5.2. K h is Henselian.

Proof. Factoring a monic polynomial f (x) ∈ K[x] can be done over the algebraic closure K
of K if it can be done over any extension of K. Thus Hensel’s Lemma holds for K ∩ K b =
sep h
K ∩K =K .
b

Definition. For a nonarchimedean field (K, |·|, v), the field K h ⊆ K

b is called the Henseliza-
tion of K.

Theorem 15.5.3. If (K, | · |) is a Henselian field and L/K is an algebraic extension, then
there is a unique absolute value | · |L on L extending | · |. Further, if L/K is finite of degree
n then q
|x|L = n |NL/K (x)|
and L is complete with respect to | · |L if K is complete with respect to | · |.
p
Proof. (Sketch) Let |x|L = n0 |NL0 /K (x)| for some finite extension L0 /K containng x, where
n0 = [L0 : K]. One can show that |x|L is independent of the choice of L0 , so it’s enough
to prove the theorem when L/K itself is finite. We now demonstrate that | · |L is a nonar-
chimedean absolute value on L.
For any x, y ∈ L, |xy|L = |x|L |y|L follows from multiplicativity of the norm (Lemma 14.2.1).
Moreover, |x|L = 0 if and only if NL/K (x) = 0 if and only if x = 0. Finally, for α, β ∈ L with
|α| ≤ |β|, we have
    
α
 + 1 ≤ max  α  , 1 = 1 if and only if |x| ≤ 1 implies |x + 1| ≤ 1 for all x ∈ L.
  
β  β 

217
15.5. Henselian Fields Chapter 15. Local Fields

Thus it’s enough to show that OL = {x ∈ L : |x|L ≤ 1} is a ring and is the integral closure
of O in L. For x ∈ L, we have that

x is integral over O ⇐⇒ xd + . . . + a1 x + a0 = 0 for an irred. polynomial with ai ∈ O

⇐⇒ xd + . . . + a1 x + a0 = 0 irred., with ai ∈ K, a0 ∈ O, by Cor. 15.3.25
⇐⇒ NL/K (x) ∈ O
⇐⇒ |NL/K (x)| ≤ 1
⇐⇒ |x|L ≤ 1.

It follows that OL is the integral closure of O in L. Now |x| ≤ 1 ⇐⇒ |x + 1| ≤ 1 for all

x ∈ L follows immediately, so | · |L is an absolute value on L.
To prove uniqueness, suppose | · |0L also extends | · | to L. Let OL0 = {x ∈ L : |x|0L ≤ 1}. If
x ∈ OL , x 6= 0, then f (x) = 0 for some irreducible, monic polynomial f (t) = td +. . .+a1 t+a0
with coefficients ai ∈ O. Dividing out by xd , we get 1 + . . . + a1 x1−d + a0 x−d = 0, which can
in turn be written
1 = −ad−1 x−1 − . . . − a1 x1−d − a0 x−d .
By the nonarchimedean property, |ai |0L ≤ 1 for all i, so if |x|0L > 1 then we would have
|x−1 |0L < 1 and therefore the above equation would imply |1|0L < 1, a contradiction. Thus
|x|0L ≤ 1 which means x ∈ OL0 . It follows that | · |L and | · |0L are in fact equivalent, for if not,
the weak approximation theorem (15.3.9) would give an element y ∈ L such that |y|0L > 1
but |y|L < 1, which we just showed was impossible. Finally, the two absolute values are
in fact equal since they agree on K. For the statement about completeness, see Neukirch
II.4.9.

Example 15.5.4. Theorem 15.5.3 need not hold if K is not Henselian. For instance, K = Q
with the 5-adic absolute value | · | = | · |5 is not Henselian. If L = Q(i) then one can define
two distinct absolute values on L:
a a
|x|1 = 5−m if x = (1 + 2i)m and |x|2 = 5−m if x = (1 − 2i)m .
b b
Both of these extend | · |5 to L, but they are clearly inequivalent.

The converse of Theorem 15.5.3 is true, that is, the property of unique extension of
absolute values characterizes Henselian fields.

Theorem 15.5.5. Suppose (K, |·|, v) is a nonarchimedean field such that |·| extends uniquely
to any algebraic extension L/K. Then K is Henselian.

Proof. We will prove that K satisfies the first version of Hensel’s Lemma (Theorem 15.3.19)
for monic polynomials. Let f ∈ O[x] be monic with nonzero constant term, i.e. f (x) =
a0 + a1 x + . . . + xn . (If a0 = 0, we may divide out by x and apply the proof to the remaining
factor.) First, if f is irreducible, let L/K be a splitting field of f . By hypothesis, | · | extends
uniquely to L so OL , mL , πL and λ := OL /mL are all defined for this field. Observe that any
σ ∈ Gal(L/K) preserve | · |, since otherwise |x|0 = |σ(x)| is a distinct absolute value on L

218
15.5. Henselian Fields Chapter 15. Local Fields

extendingQ| · |. So Gal(L/K) acts on OL , mL and λ. If α ∈ L is a root of f (x), then a0 is a

power of σ∈Gal(L/K) σ(α) and so
Y
|α0 | = |σ(α)|µ = |α|µ
σ∈Gal(L/K)

for some µ. Since |a0 | ≤ 1, we must also have |α| ≤ 1, so α ∈ OL . Thus α has an image ᾱ
in λ = OL /mL . Since each σ(α) lies in OL and as σ ranges over Gal(L/K) these constitute
all roots of f , all roots of f¯ in λ must be of the form σ̄(ᾱ) where σ ∈ Gal(L/K) and σ̄ is the
automorphism in Gal(λ/κ) induced by σ (as in Proposition 14.5.18). Then all roots of f¯ in
λ are Galois conjugate in λ/κ. The only possibility is that f¯(x) = ϕ(x)m for some m ∈ N
and some irreducible polynomial ϕ ∈ κ[x]. (In fact, it’s not too hard to see that ϕ must be
equal to the minimal polynomial of ᾱ over κ.)
Now let f ∈ O[x] be monic but not necessarily irreducible. Write f = f1 · · · fr for monic,
irreducible polynomials fj ∈ O[x]. Then f¯ = f¯1 · · · f¯r in κ[x] so by the irreducible case above,
each f¯j is a power of an irreducible polynomial. If f¯ = ḡ h̄ is a coprime, monic factorization
in κ[x], then Y Y
ḡ = f¯j and h̄ = f¯j
j∈J j6∈J
Q Q
for some subset J ⊆ {1, . . . , r}. Letting g = j∈J fj and h = j6∈J fj , we get that f = gh
in O. So K is Henselian.

Corollary 15.5.6. Every algebraic extension of a Henselian field is Henselian. In particular,

every finite extension of a Henselian field is also Henselian.

Corollary 15.5.7. Let (K, | · |) be a complete nonarchimedean field and L/K an algebraic
extension. Then
p there is a unique absolute value | · |L on L which extends | · | and is of the
form |x|L = |NL/K (x)| if L/K is finite of degree [L : K] = n. Moreover, L is complete
n

with respect to this | · |L .

219
15.6. Ramification Theory Chapter 15. Local Fields

15.6 Ramification Theory

Let (K, |·|, v) be a nonarchimedean field and L/K an algebraic extension. Then the extension
of absolute values to L induces an extended valuation

w : L× −→ R
α 7−→ v(NL/K (α)).

Moreover, by Theorem 15.5.3, if K is Henselian then w is the unique such valuation on L

extending v.

Definition. For a Henselian field (K, | · |, v) and an algebraic extension (L, | · |L , w), the
ramification index is e = eL/K = [w(L× ) : v(K × )] and the inertial degree is f = fL/K =
[λ : κ].

Notice that if v is a discrete valuation and w is its extension to L/K, we have

w(πLe ) = ew(πL ) = v(πK ) = w(πK ),

so (πLe ) = (πK ) in OL , i.e. meL = mK OL . In particular, this is consistent with the ramification
theory in the global case (à la Section 14.5; after all, a DVR is a Dedekind domain). In fact,
in the local case, it turns out that ramification behavior is much nicer: a prime only ramifies
or remains inert, never splits.

Proposition 15.6.1. Let K be Henselian, L/K a finite extension and e = eL/K and f =
fL/K the ramification index and inertial degree, respectively. Then [L : K] ≥ ef with equality
if and only if v is a discrete valuation and L/K is separable.

Proof. Pick elements ω1 , . . . , ωf ∈ OL which reduce modulo mK to a basis of λ/κ. Also pick
π0 , π1 , . . . , πe−1 ∈ L× such that w(π0 ), w(π1 ), . . . , w(πe−1 ) are representatives of w(L× )/v(K × ).
It then suffices to prove the products ωi πj are linearly independent over K. Suppose
P
i,j aij ωi πj = 0 where aij ∈ K are not all 0. Collecting the terms of minimal valuation
in this sum, it will be enough to show that the sum of these lowest-valuation terms has the
same valuation as each individually. Observe that all these terms must share the same index
j, because
w(aij ωi πj ) = w(aij ) + w(πj ) ≡ w(πj ) mod w(K × ),
so different j correspond to different valuations. Fix this j and consider
X
aij ωj πj
i∈I

where I ⊆ {1, . . . , f } corresponds to the subset of terms of minimal valuation. Then w(aij )
is constant over i ∈ I, say w(aij ) = a, so aij = εbij for some ε ∈ K × and bij satisfying
w(bij ) = 0. Thus X
επj bij ωj 6≡ 0 mod mL
i∈I

220
15.6. Ramification Theory Chapter 15. Local Fields

since ω̄1 , . . . , ω̄f are a basis for λ/κ. So

!
X
w aij ωi πj = w(επj ) = w(aij ) = a
i∈I

and the linear independence is proved.

Now assume v is discrete and L/K is separable. Then each πj = πLj . Define the OL -
submodules
X X
M= O K ω i πj = OK ωi πLj
i,j i,j
X
N= OK ω i .
i

Then M = N + πL N + . . . + πLe−1 N . We will show M = OL . Write

OL = N + πL OL
= N + πL (N + πL OL )
= N + πL (N + πL (N + πL OL ))
= N + πL N + πL2 N + . . . + πLe−1 N + πLe OL after e expansions
= M + πLe OL = M + πK OL .

Now OK is a local ring (it’s a DVR) and since L/K is separable, OL is a finitely generated
OK -module. Therefore by Nakayama’s Lemma, OL = M . Hence [L : K] = ef .
Remark. For complete fields with discrete valuations, the ‘fundamental equality’ in Propo-
sition 15.6.1 holds even without the separable assumption.
Let K be a Henselian field with OK , mK , κ and v as usual, and let L/K be an algebraic
extension with extensions OL , mL , λ and w of the objects for the corresponding objects for
K.
Definition. We say a finite extension L/K is unramified if fL/K = [L : K] and λ/κ is
separable. If L/K is infinite, we say the extension is unramified if it is the union of finite
unramified extensions. In all other cases L/K is ramified.
Notice that for a finite extension, fL/K = [L : K] implies eL/K = 1.
Proposition 15.6.2. Suppose L/K is an unramified extension, K 0 /K is an algebraic ex-
tension and L0 = LK 0 is the compositum inside a fixed algebraic closure K/K. Then L0 /K 0
is an unramified extension.

L L0

ur

K K0
alg.

221
15.6. Ramification Theory Chapter 15. Local Fields

Proof. We may assume L/K and K 0 /K are finite. By hypothesis, λ/κ is separable so
λ = κ(ᾱ) for some ᾱ ∈ λ by the primitive element theorem. Lift ᾱ to some α ∈ L. Then

[L : K] = fL/K = [λ : κ] = deg(ᾱ) ≤ deg(α) ≤ [L : K]

implies deg(α) = [L : K], so L = K(α). This means L0 = K 0 (α). Let g be the minimal
polynomial of α over K 0 and f be the minimal polynomial of α over K. Since f¯ is separable
and g divides f , ḡ is also separable. If ḡ were reducible, g would be reducible by Hensel’s
Lemma (Theorem 15.3.19), but this is impossible since g is a minimal polynomial. Thus ḡ
is irreducible over κ0 = OK 0 /mK 0 and separable. If λ0 is the residue field of L0 , then

[λ0 : κ0 ] ≥ deg ḡ = deg g = [L0 : K 0 ].

On the other hand, Proposition 15.6.1 gives us [λ0 : κ0 ] ≤ [L0 : K 0 ] so we have equality.
Further, λ0 is the splitting field over κ0 of ḡ, so λ0 /κ0 is separable and hence L0 /K 0 is unram-
ified.

Corollary 15.6.3. Let K be a local field, L, L0 unramified, algebraic extensions of K and

LL0 ⊆ K their compositum inside an algebraic closure K. Then LL0 /K is unramified.

LL0

L ur L0
ur ur
K

Proof. Assume all extensions are finite. By Proposition 15.6.2, LL0 /L and LL0 /L0 are un-
ramified. Further, towers of separable extensions are separable and f is multiplicative in
towers (Lemma 14.5.16), so it follows that

fLL0 /K = fL/K fLL0 /L = [L : K][LL0 : L] = [LL0 : K].

Therefore LL0 /K is unramified.

Corollary 15.6.4. If L/K is an algebraic extension, there exists a maximal unramified

subfield K ⊆ T ⊆ L.

Proof. By Corollary 15.6.3, we may take T to be the compositum inside an algebraic closure
K/K of all unramified extensions L/K.

Definition. The maximal unramified extension of a Henselian field K is the maximal

unramified intermediate extension of K/K, denoted K ur .

222
15.6. Ramification Theory Chapter 15. Local Fields

Lemma 15.6.5. For an algebraic extension L/K with maximal unramified subextension
K ⊆ T ⊆ L, the residue field τ of T is equal to the separable closure of κ in λ.

Proof. Let κsep be the separable closure of κ in λ and let τ be the residue field of T . Clearly
τ ⊆ κsep ∩ λ. On the other hand, given ᾱ ∈ κsep ∩ λ with minimal polynomial f¯ over
κ, we know f¯ is separable. Lift f¯ to a monic polynomial f in L[x]. By Hensel’s Lemma
(Theorem 15.3.19), f has a root α ∈ L lifting ᾱ. Then K(α)/K is unramified since

[K(α) : K] ≤ deg f = deg f¯ = [κ(ᾱ) : κ]

and κ(ᾱ)/κ is separable. Hence K(α) ⊆ T , so ᾱ ∈ τ .

Corollary 15.6.6. For any Henselian field K with residue field κ, K ur ∼

= κsep .

Definition. Let K be Henselian, char κ = p and L/K an algebraic extension. If L/K is

finite, the extension is called tamely ramified if λ/κ is separable and p - [L : T ], where
T is the maximal unramified subextension of L/K. If L/K is infinite, we say it is tamely
ramified if every finite subextension T ⊆ M ⊆ L is tamely ramified.

If K is any discretely valued field of characteristic 0 with perfect residue field κ of char-
acteristic 0, then saying L/K is tamely ramified is equivalent to saying p - eL/K .

Lemma 15.6.7. If L/K is a tame extension and eL/K = fL/K = 1, then L = K.

Proof. Suppose α ∈ L r K. Let m = deg(α) and note that p - m because L/K is tame. Set
β = α − m1 TrL/K (α). Then

1
Tr(β) = Tr(α) − m Tr(α) = 0.
m
Since eL/K = 1, there exists b ∈ K × with v(b) = w(β). Set ε = β/b. Thus Tr(ε) = 0 = w(ε).
Further, fL/K = 1 implies TrL/K (ε) = mε̄ because all conjugates of ε in a normal closure of
L/K have the same image in λ = κ. But Tr(ε) = 0 implies mε̄ = 0, but this contradicts
w(ε) = 0. Hence L = K as claimed.
We have the following characterization of tame extensions (tamely ramified extensions)
of a Henselian field.

Theorem 15.6.8. Suppose L/K is a finite extension, with maximal unramified subfield T .
Then L/K is tame if and only if L/T is generated by prime-to-p roots of elements of T .

Proof. (Sketch) By definition of T , L/K is tamely ramified if and only if L/T is tamely
ramified so we may assume K = T .
( ⇒=√ ) Adjoining one prime-to-p root at a time and applying induction, we may assume
L = K( m a) for a ∈ K and p - m. If m - v(a) in v(K × ), then eL/K = m so [L : K] = m.
Since p - m, this means fL/K = 1 so L/K is tame. On the other hand, if m | v(a) then we
can multiply a by
√ an mth power of an element of K to get v(a) = 0. Then ā is an mth power
in κ, or else κ( ā) is an inseparable extension of κ, contradicting K = T . But ā ∈ (κ× )m
m

223
15.6. Ramification Theory Chapter 15. Local Fields

√
implies a ∈ (κ× )m by Hensel’s Lemma (Corollary 15.3.20). Hence L = K( m a) = K, so in
all cases L/K is tame.
( =⇒ ) Suppose L/K is tame and set n = [L : K]. Then p - n. Since for any α ∈ L,
w(α) = n1 v(NL/K (α)) by Theorem 15.5.3, we have p - [w(L× ) : v(K × )] = eL/K . Pick γ ∈ L
such that w(γ) 6∈ v(K × ). (If w(L× ) = v(K × ), skip this step.) Let m be the order of w(γ
in w(L× )/v(K × ). Then p - m so we can write γ m = cε for c ∈ K and ε ∈ L such that
w(ε) = 0. Since λ = κ, we can assume ε̄ = 1 in λ. By Hensel’s Lemma
(Theorem 15.3.19),
m
ε is then an mth power in L; √write ε = (ε0 )m for ε0 ∈ L. Hence εγ0 = c ∈ K × . Now
replace K with K εγ0 = K( m c) and repeat the procedure until w(L× ) = v(K × ). This

shows eL/K = 1 = fL/K so L = K by Lemma 15.6.7 and we are done.

Corollary 15.6.9. The fundamental equality [L : K] = ef holds for all finite tame extensions
L/K.

Corollary 15.6.10. Given a tame extension L/K and algebraic extension K 0 /K and their
compositum L0 = LK 0 ⊆ K, L0 /K is also tame.

L L0

tame

K K0
alg.

Proof. By Corollary 15.6.4, there is a maximal unramified subfield K ⊆ T ⊆ L. Then by

Proposition 15.6.2, T K 0 /K 0 is also unramified. Let T 0 be the maximal unramified subfield
of the extension L0 /K 0 , so that we have the following diagram of fields
L L0

T0

T T K0

ur ur

K K0
alg.

By Theorem 15.6.8, L/T is generated by mth roots, so L0 /T K 0 is generated by mth roots

and in turn L0 /T 0 is generated by mth roots. This proves, once again by Theorem 15.6.8,
that L0 /K 0 is tame.

224
15.6. Ramification Theory Chapter 15. Local Fields

Corollary 15.6.11. Let L, L0 be two tamely ramified, algebraic extensions of K. Then their
compositum LL0 ⊆ K is tamely ramified.

Proof. Same as the proof of Corollary 15.6.3.

Corollary 15.6.12. If L/K is an algebraic extension, there exists a maximal tamely ramified
subfield K ⊆ V ⊆ L.

Definition. The maximal tame extension of a Henselian field K is the maximal tamely
ramified extension of K/K, denoted K tame .

In analogy with the decomposition/inertia field tower in the global case (Proposition 14.5.20),
we have the following tower of Henselian fields, along with corresponding residue fields and
value groups.

L λ w(L× )

V ν = κsep ∩ λ w(V × ) = w(L× )(p)

T τ = κsep ∩ λ w(T × )

K κ v(K × )

Definition. Let L/K be an algebraic extension of Henselian fields with maximal unramified
and maximal tame extensions K ⊆ T ⊆ V ⊆ L. We say L/K is totally ramified if T = K
and wildly ramified if V 6= L.

Remark. When L/K is a finite extension, we can write eL/K = pa e for some p - e, which is
in fact the ramification indices of V /K and V /T : eV /K = e = eV /T . Therefore [V : T ] = e.

Example 15.6.13. Let K be a local field and consider the cyclotomic extension K(ζn )/K
for ζn a primitive nth root of unity. By Theorem 15.4.3, K is a finite extension of either
Qp or Fp ((t)) for some prime p. Suppose that p - n; set κ = Fq where p | q. If f = ordn q,
i.e. q f ≡ 1 (mod n), then we will show K(ζn )/K is uramified of degree f . Note that Fqf /Fq
is the smallest extension of Fq containing an nth root of unity. Let g(x) be the minimal
polynomial of ζn over K. Then g is separable and ḡ is irreducible in Fq [x] – if not, g has
multiple roots, but all nth roots of unity have distinct reductions in Fqf , so this is impossible.
Thus deg ḡ = f so deg g = f and hence K(ζn )/K is unramified of degree f .

Lemma 15.6.14. For any n ≥ 1, OK(ζn ) = OK [ζn ].

225
15.6. Ramification Theory Chapter 15. Local Fields

Proof. Let L = K(ζn ). Then OL = OK [ζn ] + mL OL but since OL and OK are local rings,
Nakayama’s Lemma implies OL = OK [ζn ].
(Compare this to the global case in Corollary 14.3.15.)
Now suppose p | n. To simplify things, we will assume now that K = Qp and n = pm for
some m ≥ 1.

Lemma 15.6.15. The extension Qp (ζn )/Qp is totally ramified, with Gal(Qp (ζn )/Qp ) ∼
=
m ×
(Z/p Z) , OQp (ζn ) = Zp [ζn ] and mQp (ζn ) = (1 − ζn ), where |N (1 − ζn )| = p.

Proof. Let
m
(x + 1)n − 1 (x + 1)p − 1
h(x) = =
(x + 1)n/p − 1 (x + 1)pm−1 − 1
m−1 m−1
= 1 + (x + 1)p + . . . + (x + 1)(p−1)p

be the minimal polynomial of 1 − ζn over Qp . Then h(x) is an Eisenstein polynomial whose

constant coefficient is p. Thus h(x) is irreducible, so
m−1 m−1
h(x) = 1 + (x + 1)p + . . . + (x + 1)(p−1)p
m−1 m−1 m−1
= 1 + (xp + 1) + (xp + 1)2 + . . . + (xp + 1)p−1 + A where A is divisible by p
m−1
= x(p−1)p + p + A0 where A0 is divisible by p.

This implies Gal(Qp (ζn )/Qp ) ,→ (Z/pm Z)× but both groups have order ϕ(pm ) = (p−1)pm−1 ,
so the map is an isomorphism. Next, 1−ζn is a prime element of Qp (ζn ), so it is a uniformizer.
Moreover, Y
N (1 − ζn ) = (1 − σ(ζn )) = h(1) = ±p.
σ∈(Z/pm Z)×

Let w be the unique extension of v = vp from Qp to Qp (ζn ). Then

1 1 1 1
w(1 − ζn ) = v(N (1 − ζn )) = · v(p) = = .
ϕ(n) ϕ(n) ϕ(n) [Qp (ζn ) : Qp ]

It follows that eQp (ζn )/Qp = [Qp (ζn ) : Qp ] so this extension is totally ramified.
For the general case, let n = pm n0 where p - n0 . Then we still have OQp (ζn ) = Zp [ζn ] by
Lemma 15.6.14, and the following tower gives the full ramification theory for Qp (ζn )/Qp :

226
15.6. Ramification Theory Chapter 15. Local Fields

L = Qp (ζn )

V = Qp (ζpn0 ) = T (ζp )

T = Qp (ζn0 )

K = Qp

227
15.7. Extensions of Valuations Chapter 15. Local Fields

15.7 Extensions of Valuations

Let K be any field with an absolute value | · |v and fix an algebraic extension L/K. We will
see that there is a correspondence between extensions of | · |v to L and embeddings of L into
the completion K v . From one perspective, this will generalize and simplify Galois theory for
fields with an absolute value, completely subsuming the ramification theory of Section 14.5.
Let Kv denote the completion of K with respect to |·|v . There exist embeddings L ,→ K v
since L embeds into K be classic Galois theory. Given such an embedding τ : L ,→ K v , we
know by Theorem 15.5.3 that | · |v on Kv extends uniquely to a valuation | · |v̄ on K v such
that for any finite extension Kv ⊆ M ⊆ K v , the valuation is given by

|x|v̄ = |NM/Kv (x)|v1/[M :Kv ] .

Define w on L by |x|w = |τ (x)|v̄ for this fixed embedding τ . We will write w | v, read “w
extends v”. Now let Lw be the closure of τ (L) in K v with respect to the topology induced
by w. Abstractly, assuming L/K is finite, Lw = Lw , the completion of L with respect to | · |w
in K v . If L/K is infinite, then Lw is the union of the completions of all finite intermediate
extensions of L/K with respect to | · |w . Note that | · |w extends to Lw by restricting | · |v̄ to
Lw ⊆ K v .

Lemma 15.7.1. For L/K and w | v as above, Lw = τ (L)Kv ⊆ K v .

Proof. Suppose L/K is finite. Then τ (L)Kv ⊆ Lw . On the other hand, Theorem 15.5.3
implies τ (L)Kv is complete with respect to | · |w and therefore Lw ⊆ τ (L)Kv . Generalizing
to the infinite case is straightforward.
From now on we will write Lw = LKv = τ (L)Kv . There is a diagram of field extensions
in K v

L Lw

K Kv

sometimes called the “local-to-global principle” for algebraic extensions. This terminology is
reflected in the example of a function field K = k(t): one may pass from extensions L/k(t) of
function fields to extensions Lw /k((t)) of fields of power series, that is, from global functions
to local functions.

Lemma 15.7.2. Every extension of valuations w | v on L arises from an embedding τ :

L ,→ K v as w = v̄ ◦ τ .

Proof. Define Lw ⊆ K v as above. Then Lw /Kv is algebraic and w is the unique extension of
v on Kv to Lw . Thus for any embedding τ̄ : Lw ,→ K v , we must have v̄ ◦ τ̄ = w. Restricting
τ̄ to L defines an embedding τ : L ,→ K v satisfying v̄ ◦ τ = w.

228
15.7. Extensions of Valuations Chapter 15. Local Fields

Lemma 15.7.3. Two embeddings τ1 , τ2 : L ,→ K v give rise to the same absolute value on L
if and only if τ2 = σ ◦ τ1 for some σ ∈ Aut(L/K).

Proof. ( ⇒= ) is clear by the uniqueness of | · |v̄ on K v .

( =⇒ ) Suppose |τ1 (x)|v̄ = |τ2 (x)|v̄ for all x ∈ L. Define σ 00 : τ1 (L) → τ2 (L) by σ 00 =
τ2 ◦ τ1−1 and use continuity to extend to a map σ 0 : τ1 (L)Kv → τ2 (L)Kv . (Note that σ 00 is
continuous on τ1 (L) precisely because |τ1 (x)|v̄ = |τ2 (x)|v̄ .) Then σ 0 is a Kv -isomorphism of
algebraic extensions of Kv , so by classic Galois theory, σ 0 extends to a Kv̄ -automorphism σ
which necessarily satisfies τ2 = σ ◦ τ1 .

Theorem 15.7.4. For any absolutely valued field (K, | · |v , v), there is a one-to-one corre-
spondence
   
extensions of valuations Galois orbits of embeddings
←→ .
w | v to L L ,→ K v

Proof. An extension of valuations w | v determines an embedding τ : L ,→ K v by Lemma 15.7.2.

The correspondence is bijective up to Galois conjugacy by Lemma 15.7.3.
Now let L/K be finite, L = K(α) for some α ∈ L and let f be the minimal polynomial
of α over K. Factor f into irreducible polynomials f = f1m1 · · · frmr over Kv . Then the
K-embeddings L ,→ K v are precisely determined by which root of some fi is the image of
α. Two embeddings are conjugate if and only if they take α to two roots of the same fi .
Therefore Theorem 15.7.4 implies:

Corollary 15.7.5. For a simple extension L = K(α) with minimal polynomial f ∈ K[x],
the embeddings L ,→ K v are in one-to-one correspondence with the irreducible factors of f .

Explicitly, an irreducible factor fi | f determines a valuation wi | v by |x|wi = |τi (x)|v̄ ,

where τi ; L ,→ K v is the embedding where τi (α) = αi is a root of fi .
√
Example 15.7.6. Let K = Q, L = Q( 14), f (x) = x2 − 14 and v = v5 the 5-adic valuation.
Then over Q5 , f splits as
f (x) = x2 − 14 = (x − b)(x + b)
for some b ≡ 2 (mod 5) such that b2 = 14. There are two embeddings of this quadratic
number field into the 5-adic number field:
√
Q( 14) −→ Q5
√
τ1 : 14 7−→ b
√
τ2 : 14 7−→ −b.
√ √
These give√rise to two different extensions of v to Q( 14), say w1 and w2 , with w1 ( 14−2) >
0 and w2 ( 14 + 2) > 0 for example. So they are indeed distinct. Notice that
√ √
5OQ(√14) = (5, 14 − 2)(5, 14 + 2)

so the valuation theory completely captures the ramification theory in Section 14.5.

229
15.7. Extensions of Valuations Chapter 15. Local Fields

More generally, suppose L/K is a finite extension of number fields and fix a prime ideal
p ⊂ OK with factorization
pOL = Pe11 · · · Perr
for distinct prime ideals Pi ⊂ OL and ei > 0. Let v be the p-adic valuation on K, i.e.
v(x) = n if and only if x ∈ pn r pn+1 . In this case, we get r different extensions of v to
L: v1 , . . . , vr , where vi = e1i vPi , the normalization of the Pi -adic valuation on L by the
ramification index ei . To see this, assume OL = OK [α] and p is unramified in OL (there
are only finitely many ramified primes anyway). Then each ei = 1, so we have the following
equivalences:

prime factors of pOL ←→ irreducible factors of f (x) mod p by Theorem 14.5.7

←→ irreducible factors of f (x) in Kv by Hensel’s Lemma
←→ embeddings L ,→ K v by Corollary 15.7.5
←→ extensions of valuations w | v to L by Theorem 15.7.4.

Assume L/K is finite and consider the map

Y
ϕ : L ⊗K Kv −→ Lw
w|v

a ⊗ b 7−→ (ab)w

where ab is viewed in LKv ∼

= Lw .
Proposition 15.7.7. If L/K is separable, then ϕ is an isomorphism.

Proof. Write L = K(α) and let f be the minimal polynomial of α over K. Then f factors
over Kv as Y
f= fw
w|v

with no repeated factors since f is separable. For each w | v, view Lw inside K v and let αw
be the image of α in K v under an embedding corresponding to w. Then Lw = Kv (αw ) and
fw is the minimal polynomial of αw over Kv . This corresponds to the commutative diagram
Y
Kv [x]/f Kv [x]/fw
w|v

∼
= ∼
=

ϕ
Y
L ⊗K Kv Lw
w|v

where the top row is by the Chinese remainder theorem, the left isomorphism is x 7→ α ⊗ 1
and the right isomorphism is x 7→ (αw )w . Therefore ϕ is an isomorphism.

230
15.7. Extensions of Valuations Chapter 15. Local Fields

Corollary 15.7.8. If L/K is separable, then

X
[L : K] = e(w | v)f (w | v)
w|v

where e(w | v) = [w(L× ) : v(K × )] and f (w | v) = [λw : κv ].

Proof. First note that [L : K] = [L ⊗K Kv : Kv ] by basic algebra. Then

X
[L ⊗K Kv : Kv ] = [Lw : Kv ] by Proposition 15.7.7
w|v
X
= e(w | v)f (w | v) by Corollary 15.6.9.
w|v

P
Therefore [L : K] = w|v e(w | v)f (w | v) as claimed.

Definition. For L/K a separable extension with extension of valuations w | v, e(w | v) =

[w(L× ) : v(K × )] is called the ramification index of w | v and f (w | v) = [λw : κv ] is called
the inertial degree of w | v.

Example 15.7.9. Let K = Q and let L be any number field. Then the archimedean
absolute value | · |∞ completes to the reals: Q∞ = R, and the corresponding base change
from Proposition 15.7.7 is
L ⊗Q R ∼
Y
= Lw
w|∞

where Lw ∼= R or C. For example, if L is imaginary quadratic, L ⊗Q R ∼

= C, whereas if L is
∼ ∼ r s
real quadratic, L ⊗Q R = R × R. In general, L ⊗Q R = R ⊗ C , where [L : Q] = r + 2s as
in Section 14.9.

231
15.8. Galois Theory of Valuations Chapter 15. Local Fields

15.8 Galois Theory of Valuations

Assume L/K is a Galois extension with Galois group G = Gal(L/K). Then G acts on the
set of extensions | · |w of | · |v to L by σ(| · |w )(x) = |σ(x)|w for all x ∈ L.

Proposition 15.8.1. For L/K finite Galois, G acts transitively on the set of extensions of
| · |v to L.

Proof. If not, there exist disjoint G-orbits of absolute value extensions. Since all extensions
of | · |v agree on K, any nonequivalent extensions must be distinct. Thus there exists some
x ∈ L with |σ(x)|w < 1 but |σ(x)|w0 > 1 for some w, w0 from distinct G-orbits and for all
σ ∈ G, by the weak approximation theorem (15.3.9). Let
Y
α= σ(x).
σ∈G

Then α ∈ K but |α|v < 1 and |α|v > 1 simultaneously, a contradiction. Hence G acts
transitively.
Let L/K be a Galois extension, w | v an extension of valuations and set

OL,w = {x ∈ L : |x|w ≤ 1} (the valuation ring for w)

PL,w = {x ∈ L : |x|w < 1} (the valuation ideal for w).

Definition. For an arbitrary extension of valuations w | v, we define the decomposition

group for w by
Gw = {σ ∈ G : |σ(x)|w = |x|w for all x ∈ L}.
If w and v are nonarchimedean valuations, we also define the inertia group and ramifi-
cation group for w respectively by

Iw = {σ ∈ Gw : σ(x) ≡ x mod PL,w for all x ∈ OL,w }

 
σ(x) ×
Rw = σ ∈ Gw : ≡ 1 mod PL,w for all x ∈ L .
x

Notice that for any w | v, we have Rw ≤ Iw ≤ Gw ≤ G. If the extension is to be

emphasized, we will write Gw (L/K), Iw (L/K) and Rw (L/K).

Lemma 15.8.2. The subgroups Gw , Iw and Rw are closed subgroups of G = Gal(L/K).

Proof. We prove Gw ≤ G is closed and remark that the proofs for Iw and Rw are similar.
Let σ ∈ G be in the closure of Gw and let K ⊆ M ⊆ L such that M/K is finite Galois. Then
there exists σM ∈ Gw ∩ σ Gal(L/M ), so σM |M = σ|M . Further, σM ∈ Gw implies w ◦ σM = w
and so w ◦ σ|M = w ◦ σM |M = w, or σ ∈ Gw . Therefore Gw is closed in G.
Suppose L/K and K 0 /K are Galois extensions and set L0 = LK 0 ⊆ K:

232
15.8. Galois Theory of Valuations Chapter 15. Local Fields

τ
L L0

τ
K K0

Set G = Gal(L/K) and G0 = Gal(L0 /K 0 ). Then any embedding τ : K ,→ K 0 induces a

homomorphism

τ ∗ : G0 −→ G
σ 7−→ τ ∗ (σ)(x) := τ −1 στ (x).

Now let w0 a valuation on L0 , v 0 = w0 |K 0 , w = w0 ◦ τ and v = w|K .

Proposition 15.8.3. The induced map τ ∗ : G0 → G induces homomorphisms

Gw0 (L0 /K 0 ) −→ Gw (L/K)

Iw0 (L0 /K 0 ) −→ Iw (L/K)
Rw0 (L0 /K 0 ) −→ Rw (L/K).

Proof. Suppose σ 0 ∈ Gw0 = Gw0 (L0 /K 0 ) and σ = τ ∗ (σ 0 ) ∈ G. Then

w(σ(x)) = w(τ ∗ (σ 0 )(x)) = w(τ −1 σ 0 τ (x))

= w0 (σ 0 (τ )(x))
= w0 (σ 0 (x)) since σ 0 ∈ Gw0
= w(x).

Therefore τ ∗ (σ 0 ) = σ ∈ Gw . The proof is similar for the maps on inertia and ramification
groups.
The most important case of this proposition is for the “local-to-global principle” of
Section 15.7, i.e. when K 0 = Kv is the completion of K at v and L0 = Lw = LKv by
Lemma 15.7.1.
τ
L Lw

K Kv

Lemma 15.8.4. Let σ ∈ G. Then σ ∈ Gw if and only if σ is continuous with respect to | · |w

Proof. ( =⇒ ) is clear since |x|w = |σ(x)|w for all x ∈ L implies continuity.

( ⇒= ) If σ is continuous, then |x|w < 1 if and only if |σ(x)|w < 1, but then Corol-
lary 15.3.7 implies | · |w and σ(| · |w ) are equivalent. Hence σ ∈ Gw .

233
15.8. Galois Theory of Valuations Chapter 15. Local Fields

Proposition 15.8.5. If τ : L ,→ Lw is an embedding, then the maps

∼
=
Gw (L/K) −
→ G(Lw /Kv )
∼
=
Iw (L/K) −
→ I(Lw /Kv )
∼
=
Rw (L/K) −
→ R(Lw /Kv )

induced by τ are isomorphisms.

Proof. Note that τ (L) is dense in Lw with respect to | · |w , so there can’t be two different
elements of Aut(Lw ) with the same restriction to τ (L). This implies τ ∗ is injective. On the
other hand, if σ ∈ Gw then σ is continuous with respect to | · |w by Lemma 15.8.4, so σ
extends to an automorphism of Lw respecting the topology generated by | · |w . Hence τ ∗ is
also surjective.
So up to restriction to a decomposition group, the Galois theory of L/K is the same in
the global case as it is in the local case.
Definition. For a Galois extension L/K and a fixed extension w | v of valuations, define
the decomposition field Zw = LGw , the inertia field Tw = LIw and the ramification
field Vw = LRw .
We have a tower of fields and valuations:
K Zw Tw Vw L

v wZ wT wV w

Proposition 15.8.6. Let L/K be a Galois extension and fix w | v. Then

(1) w is the only extension of wZ to L.

(2) Zw = L ∩ Kv .

(3) e(wZ | v) = f (wZ | v) = 1.

(4) There is a short exact sequence

1 → Iw → Gw → Gal(λ/κ) → 1

where κ and λ are the residue fields of Kv and Lw , respectively.

(5) Tw is the maximal unramified extension of Zw in L.

Proof. (1) Gw = Gal(L/Zw ) acts transitively on such extensions, but by definition Zw is the
subfield of L/K fixed by this group.
(2) By Proposition 15.8.5, Gw ∼
= Gal(Lw /Kv ) and Zw = LGw , so we must have Zw ⊆ Kv .
It follows that Zw = L ∩ Kv . (Really, this is all taking place in Kv after applying some
embedding τ : L ,→ Lw .)

234
15.8. Galois Theory of Valuations Chapter 15. Local Fields

(3) follows from (2).

(4) Exactly the same as Proposition 14.5.18.
(5) We may assume K = Zw . Further, Proposition 15.8.5 allows us to assume K = Kv is
complete. Let λs be the separable closure of κ in λ. Then certainly λs /κ is Galois. Let T /K
be the maximal unramified subextension of L/K; by Lemma 15.6.5, we know T /K is Galois
with residue field λs . Thus there is a homomorphism ϕ : Gal(T /K) → Gal(λs /κ) which is
surjective by (4). Further, since T /K is unramified, [T : K] = [λs : κ] which implies ϕ is
injective and hence an isomorphism. This means any σ ∈ Gw acts trivially on λs if and only
if σ ∈ Gal(L/T ). In other words, Iw = Gal(L/T ) so by Galois theory, Tw = T .
The inertia subgroup Iw ≤ Gw is characterized as the kernel of the map Gw → Gal(λ/κ).
We now describe a similar characterization for the ramification subgroup Rw ≤ Iw . Write
χ(L/K) = Hom(w(L× )/v(K × ), λ× ). Given σ ∈ Iw and δ ∈ w(L× )/v(K × ), choose x ∈ L
such that w(x) = δ. This defines a map

ψ : Iw −→ χ(L/K)
 
σ(x)
σ 7−→ δ 7→ mod PL,w .
x
 
|σ(x)|w
Note that  σ(x) = = 1 so indeed δ ∈ χ(L/K). Also, if x0 = xau for |u|w = 1 and
 
x  |x|w
w
a ∈ K, then
σ(xau) σ(x) σ(u) σ(x)
ψ(σ)(x0 ) = = · ≡ mod PL,w
xau x u x
since σ ∈ Iw . Thus the homomorphism ψ is well-defined. It is now clear that Rw = ker ψ by
the definition of the ramification group.

Proposition 15.8.7. Let char κ = p. If p > 0 then Rw is the unique Sylow p-subgroup of
Iw , and if p = 0, then Rw = 1.

Proof. As before, we may assume K = Tw and K = Kv is complete. Also assume L/K is

finite (the infinite case follows from taking limits). Let char κ = p > 0. We first show Rw
contains all Sylow p-subgroups of Iw . Since w(L× )/v(K × ) is finite, any homomorphism into
λ× takes values in the roots of unity of λ× , none of which have p-power order, so p does
not divide |χ(L/K)|. Thus Iw /Rw has no elements of p-power order, so Rw must contain all
Sylow p-subgroups of Iw as claimed.
Next, we show every element of Rw has p-power order. Suppose to the contrary that there
exists a σ ∈ Rw with prime order `, for p 6= `. Take K 0 = Ghσi with residue field κ0 . Then
(5) of Proposition 15.8.6, together with Lemma 15.6.5, implies λ/κ is purely inseparable
(assuming K = Tw ), so λ/κ0 is purely inseparable. Suppose L/K 0 is not tame. Then λ/κ0 is
not separable. Take ᾱ ∈ λ r κ0 and lift to some α ∈ L. Then L = K 0 (α) and α has a minimal
polynomial f (x) over K 0 . By Hensel’s Lemma, f¯(x) = ḡ(x)m for some ḡ(x) ∈ κ0 [x] so we
must have ḡ(ᾱ) = 0. Hence deg ḡ | deg f¯ | `, contradicting pure inseparability.
√ Hence L/K 0
is a tame extension. This implies by Theorem 15.6.8 that L = K ( a) for some a ∈ K 0 .
0 `

Since L/K 0 is Galois, we have √ √

σ( ` a) = ζ ` a

235
15.8. Galois Theory of Valuations Chapter 15. Local Fields

for an `th root of unity ζ ∈ L not equal to 1. This means

√
σ( ` a)
√ = ζ 6≡ 1 mod PL,w .
`
a

This contradicts σ ∈ Rw , so every element in Rw has p-power order. Combined with the
first paragraph, this says that Rw is itself a Sylow p-subgroup and since it is the kernel of ψ
and thus normal, Rw is the unique one.

Corollary 15.8.8. Vw is the maximal tamely ramified extension of Zw in L.

Corollary 15.8.9. There is an exact sequence

1 → Rw → Iw → χ(L/K) → 1.

236
15.9. Higher Ramification Groups Chapter 15. Local Fields

15.9 Higher Ramification Groups

In Section 15.8, we constructed a sequence of subgroups Rw ≤ Iw ≤ Gw ≤ G. This is really
the beginning of a filtration of subgroups for G = Gal(L/K), which we construct in this
section.
Assume (K, v) is Henselian, where v is a discrete, normalized valuation. Let OK , mK , πK
and κ be as usual. For a finite Galois extension L/K with Galois group G = Gal(L/K), let
w be the extension of v to L (unique by Theorem 15.5.3) and define the normalized extension
of v to L by vL = eL/K w. Let OL , mL , πL and λ be as usual. Finally, assume λ/κ is separable
and char κ = p.
Definition. For each s ∈ [−1, ∞), define the sth higher ramification group
Gs = {σ ∈ G | vL (σ(a) − a) ≥ s + 1 for all a ∈ OL }.
(These may also be referred to as the ramification groups of G for the lower numbering.)
Example 15.9.1. Clearly G−1 = G and G0 = I = IvL is the inertia group. Moreover, if
R = RvL is the ramification group of G, we have
 
σ(a)
σ ∈ R ⇐⇒ vL − 1 ≥ 1 for all a ∈ OL
a
 
σ(a) − a
⇐⇒ vL ≥ 1 for all a ∈ OL .
a
 
If a ∈ mL , then vL σ(a)−a
a
= vL (σ(a) − a) − vL (a) so vL (σ(a) − a) ≥ vL (a) + 1 ≥ 2. Likewise
for a ∈ OL× , so G1 = R is the ramification group.
Lemma 15.9.2. Gs is a normal subgroup of G for all s ≥ 0.
Proof. Take τ ∈ Gs , σ ∈ G and a ∈ L. Then
vL (στ σ −1 (a) − a) = vL (τ (σ −1 (a)) − σ −1 (a))
so if vL (τ (x) − x) ≥ s + 1 for all x ∈ OL , then vL (στ σ −1 (x) − x) ≥ s + 1 for all x ∈ OL and
vice verse, since σ acts on G by automorphisms.
The higher ramification groups Gs form a filtration of G:
G = G−1 ⊇ G0 ⊇ G1 ⊇ G2 ⊇ · · ·
Moreover, the quotients in this filtration are described by the following proposition. For each
(s)
s ≥ 0, let UL = {x ∈ OL× : vL (x − 1) ≥ s}.
Proposition 15.9.3. For all s ≥ 0, the map
(s) (s+1)
Gs /Gs+1 −→ UL /UL
σ(πL )
σ 7−→
πL
is an injective homomorphism of groups.

237
15.9. Higher Ramification Groups Chapter 15. Local Fields

 
σ(πL )
Proof. If σ ∈ Gs+1 then vL (σ(πL ) − πL ) ≥ s + 2 which implies vL πL
− 1 ≥ s + 1, i.e.
σ(πL ) (s+1)
πL
∈ UL . Therefore the map is well-defined. To see that it is a homomorphism, take
σ, τ ∈ Gs and consider:
στ (πL ) στ (πL ) τ (πL )
= ·
πL τ (πL ) πL
σ(uπL ) τ (πL )
= · for some u ∈ OL×
uπL πL
σ(u) σ(πL ) τ (πL )
= · cdot .
u πL πL
 
(s+1)
Since σ ∈ Gs , vL (σ(u) − u) ≥ s + 1, so vL σ(u) u
− 1 ≥ s + 1 and thus σ(u)
u
≡ 1 in UL .
στ (πL ) σ(πL ) τ (πL ) (s) (s+1)
Hence πL
= πL
· πL
in UL /UL .
 
σ(πL )
Finally, suppose σ ∈ Gs+1 . Then vL (σ(πL ) − πL ) = s + 1 so vL πL
− 1 = s and in
σ(πL ) (s) (s+1)
particular πL
6= 1 in UL /UL . Hence the map is injective.
Corollary 15.9.4. For any L/K with Galois group G,
(1) There is an embedding G0 /G1 ,→ λ× . In particular, G0 /G1 ∼
= µ` , the group of `th
roots of unity in λ, for some p - `.
(2) For each s ≥ 1, there is an embedding Gs /Gs+1 ,→ (λ, +). In particular, Gs /Gs+1 ∼
=
a
(Z/pZ) for some a.
Proof. Apply Proposition 15.3.14.
Example 15.9.5. The corollary implies G1 is the unique Sylow p-subgroup of G0 = I, so
by Proposition 15.8.7, G1 = R, the ramification group. This confirms Example 15.9.1.
Higher ramification groups give us an idea about the general shape of the Galois group
of an extension L/K.
Lemma 15.9.6. G0 is isomorphic to a semidirect product P o Z/mZ where P is a p-group
and m ∈ Z, p - m.
Proof. Apply the Schur-Zassenhaus theorem.
Corollary 15.9.7. G0 is solvable.
Corollary 15.9.8. If L/K is totally ramified and Galois, then Gal(L/K) is solvable.
Example 15.9.9. Consider the local function field K = Fp ((t)). Then any finite Galois
extension L/K is totally ramified and hence has solvable Galois group. In particular, the
inverse Galois problem does not hold for K.
Example 15.9.10. Let K = C((t)) be the global function field over k = C. Then one can
prove GK := Gal(C((t))/C((t))) ∼ = Z,b the profinite completion of the integers. Since C is
algebraically closed of characteristic zero, for any finite Galois extension L/C((t)) we get
G0 = G and G1 = {1}.

238
15.9. Higher Ramification Groups Chapter 15. Local Fields

Fix a tower of Galois field extensions L ⊃ L0 ⊃ K with G = Gal(L/K) and H =

Gal(L/L0 ). Compare the filtrations

G−1 ⊇ G0 ⊇ G1 ⊇ G2 ⊇ · · ·
and H−1 ⊇ H0 ⊇ H1 ⊇ H2 ⊇ · · ·

One can see that by the definitions of these higher ramification groups, for each s ≥ −1,
Hs = Gs ∩ H. On the other hand, if G0 = Gal(L0 /K) ∼ = G/H, it is not clear that the
filtrations

G−1 ⊇ G0 ⊇ G1 ⊇ G2 ⊇ · · ·
and G0−1 ⊇ G00 ⊇ G01 ⊇ G02 ⊇ · · ·

are even related at all.

Lemma 15.9.11. If L/K is Galois and the residue extension λ/κ is separable, there exists
x ∈ OL such that OL = OK [x].

Proof. By the fundamental equality (Proposition 15.6.1), eL/K fL/K = [L : K]. Since we are
assuming λ/κ is separable, we may choose x̄ ∈ λ such that λ = κ(x̄). Let f¯(t) be the minimal
polynomial of x̄ over κ. Then by Hensel’s Lemma, there is a lift f (t) ∈ OK [t] of f¯(t). Lift
x̄ to an element x ∈ OL . We know vL (f (x)) > 0. If vL (f (x)) = 1, the elements f (x)i xj for
0 ≤ i < eL/K and 0 ≤ j < fL/K generate OL as an OK -module since the number of these
is [L : K]. In this case, it is clear that OK [x] = OL . On the other hand, if vL (f (x)) > 1,
replace x with x + πL , so that

f (x + πL ) = f (x) + πL f 0 (x) + O(πL2 ).

Then f 0 (x) ∈ OL× since f¯ is separable and f¯0 (x̄) 6= 0. Also, vL (f (x)) > 1 implies that
vL (f (x + πL )) = 1. So in all cases, OL is generated by some x ∈ OL as an OK -module.
Let x ∈ OL such that OL = OK [x]. For each nontrivial σ ∈ G = Gal(L/K), write
iL/K (σ) = vL (σ(x) − x) and also set iL/K (1) = ∞. In fact, iL/K (σ) = miny∈OL {vL (σ(y) − y)}
since for any y ∈ OL , we may write

y = a0 + a1 x + . . . + an xn

for n ∈ N, ai ∈ OK and have σ(y) − y = a1 (σ(x) − x) + . . . + an (σ(xn ) − xn ). By a

binomial expansion, each σ(xk ) − xk is divisible by σ(x) − x so it follows that vL (σ(y) − y) ≥
vL (σ(x) − x). In particular, this implies usefully that the definition of iL/K (σ) is independent
of any generator chosen for OL . The higher ramification groups can thus be written

Gs (L/K) = {σ ∈ G | iL/K (σ) ≥ s + 1}.

Now return to the situation where L ⊃ L0 ⊃ K and L0 /K is Galois.

239
15.9. Higher Ramification Groups Chapter 15. Local Fields

Lemma 15.9.12 (Tate). For any σ 0 ∈ G0 = Gal(L0 /K),

1 X
iL0 /K (σ 0 ) = iL/K (σ).
eL/L0 σ∈G
σ|L0 =σ 0

Proof. If σ 0 = 1 then both sides are infinite so the equality holds. Assume σ 0 6= 1. By
Lemma 15.9.11, OL0 = OK [y] for some y ∈ OL0 ; as above, let OL = OK [x]. Then
1
iL0 /K (σ 0 ) = vL0 (σ 0 (y) − y) = vL (σ 0 (y) − y)
eL/L0
which we will rewrite as eL0 /L iL0 /K (σ 0 ) = vL (σ 0 (y) − y). It therefore suffices to show
X
vL (σ 0 (y) − y) = iL/K (σ).
σ|L0 =σ 0

Immediately, we have that

X Y
iL/K (σ) = vL (στ (x) − x)
σ|L0 =σ 0 τ ∈H

Set a = σ 0 (y) − y and b = τ ∈H (στ (x) − x). If f (t) ∈ OK [t] is the minimal polynomial of x
Q
over K, then
Y Y
f (t) = (t − τ x) =⇒ (σf )(t) = (t − στ x)
τ ∈H τ ∈H
Y
=⇒ (σf )(x) = (x − στ x)
τ ∈H

=⇒ (σf )(x) − f (x) = (−1)|H| b since f (x) = 0.

But the coefficients of σf − f lie in OL0 , so they are all divisible by σ 0 (y) − y = a. This shows
a | b. On the other hand, let g(t) ∈ OK [t] be any polynomial and set y = g(x). Then x is
a root of the polynomial g(t) − y ∈ OL [t] so g(t) − y = f˜(t)h(t) where f˜(t) is the minimal
polynomial of x over L0 . Then
a = σ 0 (y) − y = σ(g(t) − y) − (g(t) − y)
= (σ f˜)(t)(σh)(t) − f˜(t)h(t).
Evaluating this at t = x, we get
a = (σ f˜)(x)(σh)(x) = (−1)|H| b(σh)(x)
as above. Thus b divides a, so we have a = b and thus vL (a) = vL (b) as required.
Define the function
ϕL/K : [−1, ∞) −→ [−1, ∞)
Z s
dx
s 7−→
0 [G0 : Gs ]

240
15.9. Higher Ramification Groups Chapter 15. Local Fields

where formally we set [G0 : G−1 ] = [G : G0 ]−1 . Then ϕL/K is piecewise-linear, nondecreasing
and if gs = |Gs |, then we can explicitly write
1
ϕL/K (s) = (g1 + . . . + gm + (s − m)gm+1 )
g0
for any m ∈ N such that 0 < m ≤ s ≤ m + 1. Also, ϕL/K (s) = s for −1 ≤ s ≤ 0. By this
reformulation, we can see that the slope of ϕL/K (s) is gm+1
g0
for all s, where m < s < m + 1,
gs−1
but when s ∈ Z, the slope is g0 . This implies:
1 X
Lemma 15.9.13. For any s ≥ −1, ϕL/K (s) = min{iL/K (σ), s + 1} − 1.
g0 σ∈G

Theorem 15.9.14 (Herbrand). Let L0 /K be a Galois extension and H = Gal(L/L0 ) and

G0 = Gal(L0 /K).Then for any s ≥ −1,

Gs (L/K)H/H = Gt (L0 /K)

where t = ϕL/L0 (s).

Proof. Fix σ 0 ∈ G0 and pick σ ∈ G such that σ|L0 = σ 0 and iL/K (σ) is maximal among all such
σ ∈ G restricting to σ 0 on L0 . We claim iL0 /K (σ 0 ) − 1 = ϕL/L0 (iL/K (σ) − 1). Set m = iL/K (σ)
and fix τ ∈ H. Then if τ ∈ Hm−1 , we have iL/K (τ ) ≥ m by the above description of the
higher ramification groups, as well as

vL (στ (x) − x) = vL (στ (x) − τ (x) + τ (x) − x)

≥ max{vL (στ (x) − τ (x)), vL (τ (x) − x)}
= max{m, m} = m.

But by maximality, this implies vL (στ (x) − x) = m. On the other hand, if τ ∈ Hm−1 , then
iL/K (τ ) < m so vL (στ (x)−x) = iL/K (τ ). Thus iL/K (στ ) = vL (στ (x)−x) = min{m, iL/K (τ )}.
By Lemma 15.9.12,
1 X
iL0 /K (σ 0 ) = iL/K (σ)
eL/L0 τ ∈H
1 X
= min{m, iL/K (τ )}
h0 τ ∈H
= ϕL/L0 (iL/K (σ) − 1) + 1 by Lemma 15.9.13.

So the claim holds. Now for σ 0 ∈ G0 = G/H,

σ 0 ∈ Gs (L/K)H/H ⇐⇒ iL/K (σ) − 1 ≥ s

⇐⇒ ϕL/L0 (iL/K (σ) − 1) ≥ ϕL/L0 (s) = t
⇐⇒ iL0 /K (σ 0 ) − 1 ≥ t
⇐⇒ σ 0 ∈ Gt (L0 /K).

Hence Gs (L/K)H/H = Gt (L0 /K).

241
15.9. Higher Ramification Groups Chapter 15. Local Fields

Definition. Let L/K be a Galois extension. Then the subgroups Gt := Gs for t = ϕL/K (s)
are called the higher ramification groups for the upper numbering of G.

Since ϕL/K (s) is monotone in s, it has an inverse function ψL/K : [−1, ∞) → [−1, ∞).

Lemma 15.9.15. For a tower L ⊃ L0 ⊃ K of Galois extensions,

ϕL/K = ϕL0 /K ◦ ϕL/L0 and ψL/K = ψL/L0 ◦ ψL0 /K .

Proof. We prove the statement for the ϕ maps; the other statement follows from the fact
that each ψ = ϕ−1 . By Theorem 15.9.14, we know that if t = ϕL/L0 (s) then Gs (L/K)/Hs =
Gs H/H ∼ = (G/H)t . Thus |Gs | = |Hs | |(G/H)t | and comparing the derivatives of ϕL/K (s)
and ϕL0 /K ◦ ϕL/L0 (s), we see that

1
ϕ0L/K (s) = |Gs |
eL/K
1
= |Hs | |(G/H)t | as in Lemma 14.5.16
eL/L0 eL0 /K
1 1
= |Hs | |(G/H)t |
eL/L0 eL0 /K
= ϕ0L/L0 (s)ϕ0L0 /K (t) for s 6∈ Z
= (ϕL0 /K ◦ ϕL/L0 )0 (s) by the chain rule.

Thus ϕL/K (s) and ϕL0 /K ◦ ϕL/L0 (s) differ by a constant away from s ∈ Z, but since both are
continuous and equal to 0 at s = 0, they must be equal.

Theorem 15.9.16. For all t ≥ −1, Gt (L/K)H/H = Gt (L0 /K).

Proof. Let t ≥ −1. Then

Gt (L/K)H/H = GψL/K (t) (L/K)H/H by definition of the upper numbering

= GϕL/L0 ◦ψL/K (t) (L0 /K)
= GϕL/L0 ◦ψL/L0 ◦ψL0 /K (t) (L0 /K) by Lemma 15.9.15
= GψL0 /K (t) (L0 /K)
= Gt (L0 /K).

This shows the advantage of the ramification groups of upper numbering: they are in-
variant under passage to a Galois subextension L0 /K of L/K. By construction, the “jumps”
in the filtration Gs can only occur at integers. However, this is not necessarily true of the
ramification groups of upper numbering Gt . However, we have:

Theorem 15.9.17 (Hasse-Arf). If L/K is an abelian extension and Gt is a jump in the

upper filtration of G = Gal(L/K), then t ∈ Z.

242
15.10. Discriminant and Different Chapter 15. Local Fields

15.10 Discriminant and Different

We conclude the chapter by giving an application to the ramification theory of number fields,
generalizing the criterion for ramification given in Proposition 14.5.9. The first few results
apply to general Dedekind domains, so let A be a Dedekind domain with field of fractions
K, take a finite separable extension L/K and let B be the integral closure of A in L. We
will assume all residue field extensions are separable.
The trace form of L/K is the K-bilinear map
T : L × L −→ K
(x, y) 7−→ TrL/K (xy).
Definition. Let J be a fractional ideal of A. Then the dual of J is
J ∗ = {x ∈ L | T (x, y) ∈ A for all y ∈ J}.
Lemma 15.10.1. For any fractional ideal J of A, J ∗ is a fractional ideal.
Example 15.10.2. B is a fractional ideal of A, so the dual B ∗ is defined. It is clear that
B ∗ ⊇ B.
Definition. The different of the ring extension B/A is defined as the inverse of the dual
of B:
DB/A = (B ∗ )−1 .
Notice that the different DB/A is an actual ideal of B.
Proposition 15.10.3. Let A be a Dedekind domain, K its field of fractions, L/K a finite
separable extension and B the integral closure of A in L. Then
(i) If K ⊆ L ⊆ M with C the integral closure of A in M , then DC/A = DC/B DB/A .
(ii) If S ⊆ A is any multiplicatively closed subset, then DS −1 B/S −1 A = S −1 DB/A .
(iii) If p ⊂ A is a prime ideal and q ⊂ B is any prime lying over p, then
DB/A B
bq = D b b
Bq /Ap

where B bq (resp. A bp ) is the valuation ring of the completion of L (resp. K) at the

place | · |q (resp. | · |p ).
Proof. (i) Suppose I is a fractional ideal of M . Then
I ⊆ D−1
C/B ⇐⇒ TrM/L (I) ⊆ B

⇐⇒ D−1 −1 −1
B/A TrM/L (I) ⊆ DB/A B = DB/A

⇐⇒ TrL/K (D−1
B/A TrM/L (I)) ⊆ A

⇐⇒ TrL/K (TrM/L (D−1 −1

B/A I)) ⊆ A since DB/A ⊆ B

⇐⇒ TrM/K (D−1
B/A I) ⊆ OK by transitivity of trace
⇐⇒ D−1 −1
B/A I ⊆ DC/A

⇐⇒ I ⊆ D−1
C/A DB/A .

243
15.10. Discriminant and Different Chapter 15. Local Fields

Therefore by unique factorization of fractional ideals (Theorem 14.4.2), D−1 −1

C/B = DC/A DB/A
so by inverting, we get DC/A = DC/B DB/A .
(ii) is easy.
(iii) We may assume A is in fact a DVR. Then the property is shown by proving that B ∗
is dense in B bq∗ , where B
bq∗ is the dual of the fractional ideal B
bq .

The following is an example of a so-called ‘local-to-global principle’ in number theory.

Corollary 15.10.4. For any A, K, L, B, p, q as above, the different may be computed locally:
Y
DB/A = (DBbq /Abp ∩ B)
q|p

where the product is taken over all primes p ⊂ A and all q ⊂ B lying over p.

Let L/K be an extension of number fields, with rings of integers OK and OL . We will
write DL/K to denote the different DOL /OK . We may assume OL = OK [α] for α ∈ L with
minimal polynomial f (x) over K.

Example 15.10.5. For K = Q(i) with OK = Z[i], T r(a + bi) ∈ Z precisely when 2a ∈ Z,
so we see that Z[i]∨ = 12 Z[i]. Thus the different of K is 2Z[i]. This can be verified with the
next lemma.

Lemma 15.10.6. If L/K is a field extension with OL = OK [α], then DL/K = (f 0 (α)).

Proof. Write f (x) = a0 + a1 x + . . . + an−1 xn−1 + xn ∈ OK [x]. Then

f (x)
= b0 + b1 x + . . . + bn−1 xn−1
x−α
. We show the odual basis of {1, α, α2 , . . . , αn−1 } with respect to the trace form
for bi ∈ OK n
is precisely f 0b(α)
0
, . . . , fbn−1
0 (α) . To see this, let α1 , . . . , αn be the distinct roots of f (x). Then
the polynomial
r
X f (x) αr
r
g(x) = x − · 0 i
i=1
x − αi f (αi )
is monic of degree strictly less than n, but α1 , . . . , αn are all roots of g. This implies g = 0,
so n
X f (x) αr
· 0 i = xr
i=1
x − αi f (αi )
 
f (x) αri f (x)
for each 0 ≤ r ≤ n − 1. Thus TrL/K x−α i
· f 0 (αi )
= xr for 0 ≤ r ≤ n − 1, but x−α =
b0 + b1 x + . . . + bn−1 xn−1 so comparing degrees, we get

bi α j
 
TrL/K = δij .
f 0 (α)

Thus the dual basis is as claimed.

244
15.10. Discriminant and Different Chapter 15. Local Fields

Now notice that the bi satisfy recursive equations: bn−1 = 1, bn−2 − αbn−1 = an−1 , and so
on. Solving this yields the identity

bn−i = αi−1 + an−1 αi−2 + . . . + an−i+1

which shows that b0 , . . . , bn−1 generate OL . This implies DL/K = (f 0 (α)).

The different has an important relationship with the discriminant of a field extension,
which further relates it to ramification theory.
Theorem 15.10.7. Let L/K be an extension of discretely valued fields and q ⊂ OL a prime
ideal. Then
(i) q is ramified in OL if and only if q divides the different DL/K .
(ii) If s is the maximal exponent such that qs | DL/K , p = q ∩ OK and e = e(q | p), then
s = e − 1 when q | p is tamely ramified and e ≤ s ≤ vq (e) + e − 1 when q | p is wildly
ramified.
(iii) If L/K is Galois with Galois group G = Gal(L/K), then
∞
X
s= (|Hi | − 1)
i=0

where H = Dq is the decomposition group of q and Hi are the higher ramification

groups.
Proof. By Proposition 15.10.3(iii), we may assume OL and OK are complete DVRs. Write
OL = OK [α] and let f be the minimal polynomial of α over K. Then by Lemma 15.10.6,
DL/K = (f 0 (α)). Under the assumption of completeness, we have unique prime ideals p =
mK ⊂ OK and q = mL ⊂ OL .
(i) If L/K is unramified, then ᾱ is a simple root of f¯ = f mod q because ᾱ must
generate a separable extension of residue fields of degree deg f . Thus f¯0 (ᾱ) 6= 0 and thus
DL/K = (f 0 (α)) = (1). The converse will follow directly from (ii).
(ii) By Proposition 15.10.3(i), we may assume L/K is totally ramified. Write

f (x) = xe + a1 xe−1 + . . . + ae−1 x + ae

where ai ∈ OK and e = eL/K . Then f (x) is Eisenstein since α may be taken to be a

uniformizer of OL . In particular,

f 0 (α) = eαe−1 + (e − 1)a1 αe−2 + . . . + ae−1 .

Since all ai ∈ OK , e | vL (ai ) for each ai and vL (α) = 1, so each term in f 0 (α) has a different
valuation. Thus vL (f 0 (α)) = e − 1 when p - e (the tame case) and vL (f 0 (α)) ≤ vL (e) + e − 1
(the wild case) since OL is a DVR.
(iii) Now suppose L/K is Galois. Then
Y
f 0 (α) = (α − σ(α)).
σ∈Gr{1}

245
15.10. Discriminant and Different Chapter 15. Local Fields

By Proposition 15.8.5, H = Dq = Gal(L/K) = G and by the above,

X
s = vL (f 0 (α)) = iL/K (σ)
σ∈Gr{1}

= #{(σ, i) | σ ∈ Gi r {1}, i ≥ 0}
∞
X
= (|Gi | − 1).
i=0

Let L/K be an extension of number fields. Recall from Section 14.3 the definition of the
discriminant dL/K (α1 , . . . , αn ) for a K-basis {α1 , . . . , αn } of L:

dL/K (α1 , . . . , αn ) = [det(σi (αj ))]2 .

As in Proposition 14.5.9, define the discriminant ideal DL/K = (dL/K (α1 , . . . , αn )) for any
such basis.
Theorem 15.10.8. For an extension L/K, the discriminant ideal is the ideal norm of the
different:
DL/K = NL/K (DL/K ).
Proof. Again, we may assume OK and OL are DVRs by Proposition 15.10.3(iii). In par-
ticular, OK is a PID (Proposition 15.1.1) so OL admits an integral basis α1 , . . . , αn by
Proposition 14.3.9. Then DL/K = (dL/K (α1 , . . . , αn )) by definition. On the other hand,
OL is also a PID so D−1 −1 ∗
L/K = βOL for some β ∈ L. By definition, DL/K = (α1 , . . . , αn )
∗

where {α1∗ , . . . , αn∗ } is the dual basis to {α1 , . . . , αn } with respect to the trace form. Then
D−1
L/K = (α1 β, . . . , αn β), so we have

dL/K (α1∗ , . . . , αn∗ ) = dL/K (βα1 , . . . , βαn ) = NL/K (β)2 dL/K (α1 , . . . , αn ).

This implies (dL/K (α1∗ , . . . , αn∗ )) = NL/K (D−2

L/K )DL/K . Now using the pairing Tr(αi αj ) = δij ,
∗

we obtain [σi (αj )]T [σi (αj∗ )] = In so dL/K (α1 , . . . , αn ) = dL/K (α1∗ , . . . , αn∗ )−1 . It follows that
2
DL/K = NL/K (D2L/K ) but since the norm is multiplicative, we obtain the desired expression.

Corollary 15.10.9. For a finite separable extension of discretely valued fields,

Y
DL/K = (DLq /Kp ∩ OK ).
q|p

where the product is taken over all primes p ⊂ OK and all q ⊂ OL lying over p.
We also obtain a strengthening of Proposition 14.5.9:
Corollary 15.10.10. Let L/K be a finite separable extension. Then a prime p ⊂ OK is
ramified in OL if and only if p divides the discriminant DL/K .
Proof. This is immediate from Theorems 15.10.7(i) and 15.10.8.

246
Chapter 16

Adèlic Number Theory

In order to study harmonic analysis on a global field K in Part VI, we introduce two locally
compact abelian groups:

ˆ The group of adèles AK , which will in fact be a topological ring.

ˆ The group of idèles IK , which will be the group of invertible elements in AK .

In ordinary harmonic analysis, recall that Z is a discrete group with dual Hom(Z, R/Z) =
R/Z. Then Z embeds into its universal cover R as a discrete subspace. Moreover, the circle
R/Z ∼= S 1 is compact; thus we say the embedding Z ,→ R is co-compact.
The adèle group will play the role of R here, and we will construct a discrete, co-compact
embedding K ,→ AK . In the case of K = Q, there will be a canonical surjection AQ → R
that induces a cover AQ /Q → R/Z. This mimics the role of the universal cover R → S 1 in
the ordinary version of the theory. Concretely, AK will be a certain ‘restricted’ product of
the completions Kv of K at its places v; likewise, IK will be the ‘restricted’ product of the
unit groups Kv× . We give the construction of this restricted product in the next section, as
well as topological motivation for why we prefer to work with it for analysis.

247
16.1. Restricted Direct Products Chapter 16. Adèlic Number Theory

16.1 Restricted Direct Products

Let J = {v} be an arbitrary set of indices and fix a finite subset J∞ ⊆ J. For each v ∈ J,
suppose Gv is a locally compact topological group and that for each v 6∈ J∞ , there is a
specified compact open subgroup Hv ⊆ Gv .

Definition. The restricted direct product of the collection {Gv }v∈J with respect to
{Hv }v6∈J∞ is defined by
Y
0
Gv := {(xv ) : xv ∈ Gv and xv ∈ Hv for all but finitely many v} .
v∈J

Lemma 16.1.1. The restricted direct product is a group.

Proof. It’s clear that 0v∈J Gv is closed under the product group operation on v∈J Gv .
Q Q

Let G = 0v∈J Gv be a restricted direct product. We give G the structure of a topological

Q
group by specifying a basis of neighborhoods at the identity element:
( )
Y
Nv : Nv ⊆ Gv is a neighborhood of 1v ∈ Gv and Nv = Hv for all but finitely many v .
v∈J

Remark. The topology on the Q restricted direct product is not the subspace topology in-
herited from the direct product v∈J Gv . In fact, the restricted direct product topology is
strictly finer than the product topology on the given product. We note that the restricted
direct product topology is preferred because it makes G into a locally compact group.

For a finite subset S ⊆ J containing J∞ , define the subgroup

Y Y
GS := Gv × Hv .
v∈S v6∈S

Lemma 16.1.2.
Q0 For any such S, GS is a locally compact subgroup of the restricted direct
product G = v∈J Gv .

Proof. That GS is a subgroup is clear. Note that in the product topology, GS is a product
of finitely many locally compact groups along withQ a product of compact groups, so it is
locally compact (again, in the product topology) in v∈J Gv . However, by definition of the
restricted direct topology on G, it is clear that the subspace topology of GS inherited from
G is precisely the product topology. Hence GS is locally compact in G.

Theorem 16.1.3. Let G = 0v∈J Gv be the restricted direct product of a collection of locally
Q
compact groups {Gv }v∈J with respect to {Hv }v6∈J∞ . Then

(1) G is a locally compact topological group.

Q
(2) A set Y ⊆ G has compact closure if and only if Y is contained in v∈J Cv for some
family of compact subsetes Cv ⊆ Gv with Cv = Hv for all but finitely many v.

248
16.1. Restricted Direct Products Chapter 16. Adèlic Number Theory

Proof. (1) Each x ∈ G lies in GS for some finite set S ⊆ J, so the GS cover G. It follows
from Lemma 16.1.2 that G is locally compact. Q
(2) Suppose Y is contained in such a product v∈J Cv . Then Y is as well, and this
product is compact by Tychonoff’s theorem, so Y is a closed subset of a compact set, hence
compact. Conversely, suppose Y is compact. Since the subgroups GS form an open cover of
G, finitely many of the GS cover Y . But the union of this finite subcover is contained in some
GS0 , so Y ⊆ GS0 . Now note that since the topology on G is finer than the direct product
topology, all of the projections ρv : G → Gv are continuous. Thus since Y ⊆ G is compact,
each ρv (Y ) is compact in Gv . Further, since Y ⊆ GS0 , we have that ρv (Y ) ⊆ Hv for all but
finitely many v. Hence Y is contained in the product of these Hv together with ρv (Y ) for
the remaining v, so indeed Y ⊆ Y is contained in a product of the desired form.
We next construct measures on restricted direct products. Since G is locally compact by
Theorem 16.1.3, there exist Haar measures on G. The trick will be to choose the right one
to agree with the normalized Haar measures on each locally compact group Gv .
Proposition 16.1.4. Let {Gv }v∈J be a collection of locally compact groups, {Hv }v6∈J∞ a
collection of subgroups for almost all v ∈ J and suppose dgv is a Haar measure on Gv which
is normalized so that Z
dgv = 1
Hv

for almost all v 6∈ J∞ . Then there exists a unique Haar measure dg on G such that for every
finite subset S ⊆ J containing J∞ , the restriction of dg to GS coincides with the product
measure on GS .
Q
Proof. For such a set S, let dgS = v∈J dgv be the product measure, restricted to S. Since
the dgv have been normalized Q so that finitely many of the volumes of the Hv are different
from
Q 1, the infinite
Q product v6∈S Hv has finite volume (with respect to the product measure
v6∈S dgv on v6∈S Gv ⊆ GS ). One can then show that dgS is a Haar measure on GS (using
the preceding statement to show that compact sets have finite measure).
Now since G is locally compact (Theorem 16.1.3), there is a Haar measure dg on G and
it restricts to a Haar measure on any GS , so dg is equal to dgS up to a constant. We declare
that dg is the unique Haar measure on G that restricts to dgS on some finite set S ⊆ J
containing J∞ , and proceed to show that this definition of dg does not depend on S.
Suppose S ⊆ T are finite subsets containing J∞ . Consider the set E ⊆ GT defined by
Y Y Y
E= Gv × Hv × Hv .
v∈S v∈T rS v6∈T

Then the volume

Z YZ Y Z YZ
dgT = dgv × dgv × dgv
E v∈S Gv v∈T rS Hv v6∈T Hv

is finite by the first paragraph, and GS ⊆ E ⊆ GT , so dgS coincides with the restriction of
dgT to GS . Finally, since the GS cover G, any two GS , GS 0 are contained in a common GT
where T = S ∪ S 0 and our normalized Haar measure is compatible on all of these.

249
16.1. Restricted Direct Products Chapter 16. Adèlic Number Theory

Proposition 16.1.5. Let G be the restricted direct product of {Gv }v∈J with respect to
{Hv }v6∈J∞ . Then

(1) For any integrable function f on G,

Z Z
f dg = lim f dgS ,
G S GS

where the limit is over all finite subsets S ⊆ J containing J∞ .

R
(2) Suppose S0 is a finite subset containing J∞ and all v for which Hv dgv 6= 1. Suppose
also that for each v ∈ J, fv is a continuous, integrable function
Q on Gv such that
fv |Hv = 1 for all v 6∈ S0 . For g = (gv ) ∈ G, define f (g) = v∈J fv (gv ). Then f is a
well-defined, continuous function on G and for all finite sets S ⊆ J containing S0 ,
Z YZ
f dgs = f dgv .
GS v∈S Gv

Moreover, Z YZ
f dg = f dgv
G v∈J Gv

1
Q R
and f ∈ L (G) if v Gv
|fv | dgv is finite.

250
16.2. Adèles and Idèles Chapter 16. Adèlic Number Theory

16.2 Adèles and Idèles

Let K be a global field. For each place v of K, let Kv denote the completion at v. Then Kv
is a locally compact topological field, and in particular a locally compact group. For each
finite place v, let Ov denote the ring of integers in Kv , which is an abelian subgroup.

Definition. The adèle group of K is the restricted direct product

Y
0
AK = Kv
v

with respect to the subgroups Ov . Here J is the set of all places v of K and J∞ is the set of
all infinite/archimedean places.

Lemma 16.2.1. AK is a topological ring.

Consequently, we will refer to AK as the adèle ring of K.

Lemma 16.2.2. The map K → AK , x 7→ (x, x, x, . . .) is an injective ring homomorphism.

Let R× denote the multiplicative group of units in any ring R. Then Kv× is a locally
compact group for each place v of K and for every finite place, Ov× ⊂ Kv× .

Definition. The idèle group of K is the restricted direct product

Y
0
IK = Kv×
v

with respect to the subgroups Ov× for all finite places v.

As in Lemma 16.2.2, there is a natural inclusion of groups K × ,→ IK , x 7→ (x, x, x, . . .).

Proposition 16.2.3. IK ∼
= A×
K , the group of units in the adèle ring.

Fix a global field K and let S∞ be the set of infinite places of K. Using the notation of
the subgroups in Lemma 16.1.2, define
Y Y
A∞ := (AK )S∞ = Kv × Ov .
v∈S∞ v6∈S∞

Theorem 16.2.4 (Strong Approximation). For any global field K, AK = K + A∞ and

K ∩ A∞ = OK .

Proof. Identify K with its image under the embedding K ,→ AK . To prove AK = K + A∞ ,

we must show that for all x = (xv ) ∈ AK , there exists some u = (u, u, . . .) ∈ K such
that xv − u ∈ Ov for any finite place v. We prove the case when K = Q, but the proof
in the generalQcase is essentially the same. In this case, for (xv ) ∈ AQ there exists some
r
integer m = nj=1 pj j , with pj distinct primes, such that mxv ∈ Ov for all finite places

251
16.2. Adèles and Idèles Chapter 16. Adèlic Number Theory

v – that is,
Qnm clears the denominators of x. By the Chinese remainder theorem (3.2.10),
∼ rj
Z/mZ = j=1 Z/pj Z so there exists some λ ∈ Z so that
r
mxj ≡ λ mod pj j for each 1 ≤ j ≤ n,
λ
where xj is the component of x at vpj . Set u = m . Then x − u = m−1 (mx − λ). At the places
corresponding to the primes pj , we have |x − u|pj ≤ 1. At any other place v, |m−1 |v = 0 so
again |x − u|v = |mx − λ|v ≤ 1 since (mx − λ)v ∈ Ov . Hence xv − u ∈ Ov for all finite v.
For the second statement, note that all elements of K ∩ AK have the form (x, x, x, . . .)
for x ∈ K, so x ∈ Ov for every place v and hence x ∈ OK .
Corollary 16.2.5. AQ = Q + (R × Z) b and Q ∩ A∞ = Z.
Q b = Q Zp .
Proof. Follows from the identifications A∞ = R × p Zp and Z p

Next, we investigate the geometry of the quotient AK /K for any global field K.
Lemma 16.2.6. Let E/K be a finite extension of global fields and fix a K-basis {u1 , . . . , un }
of E. Then the map
n
Y
AK −→ AE
j=1
n
X
((xv,1 )v , (xv,2 )v , . . .) 7−→ uj (xv,j )v
j=1

is an isomorphism of topological groups.

Q
Proof. At each place v of K, the product Ev = w|v Ew (over all places w extending v)
Q a Kv -vector space. Further, Ev admits {u1 , . . . , un } as a Kv -basis. Similarly, if OEv =
is
w|v OEw then from the theory of local fields, we have topological isomorphisms

∼ ∼
Y Y
Kv −
→ Ev and Ov −
→ OEv .
v v

Suppose S is a finite set of places of K containing the infinite places and consider the
associated subgroup ASK := (AK )S . Set
Y Y
ASE := Ev × OEv .
v∈S v6∈S
Qn
Then the ASE cover AE (just as in the proof of Theorem 16.1.3), so the isomorphism j=1 AK →
AE can be defined locally using the above isomorphisms.
Theorem 16.2.7. K is a discrete, cocompact subgroup of AK .
Proof. Let K0 denote Q or Fp (t) according to whether char K = 0 or p, respectively. Put
n = [K : K0 ]. Then by Lemma 16.2.6, we have a commutative diagram with isomorphisms
along the rows:

252
16.2. Adèles and Idèles Chapter 16. Adèlic Number Theory

n
AK0 ∼ AK
Y

j=1

n
Y
K0 ∼
K
j=1

Therefore it suffices to show K0 is discrete in AK0 and AK0 /K0 is compact. So we may reduce
to K = K0 . For simplicity, we take K = K0 = Q, but the proof is even easier in the Fp (t)
case.
Define the subset
 
1
C = x ∈ AK : |x∞ |∞ ≤ and |xv |v ≤ 1 for all finite v ⊆ AK .
2
Q
Notice that C lies in A∞ = R × v6=∞ Ov and as we observed in Lemma 16.1.2, this set has
the product topology so it follows that C, being the product of compact sets, is compact in
AK . We claim that AK = K + C and K ∩ C = {0}. In fact, the latter is obvious since we
are taking K = K0 . For the former claim, take y = (yv ) ∈ AK . By the strong approximation
theorem (16.2.4), there exist some δ ∈ K such that yv − δ ∈ Ov for all finite places v. At
v = ∞, let δ 0 be the nearest integer to y∞ − δ (in the Fp (t), one may just wipe out the
constant term of the polynomial y − δ). Then |y∞ − δ − δ 0 |∞ ≤ 12 and for any finite place v,
δ 0 ∈ Ov which implies |yv − δ − δ 0 |v ≤ 1. Hence AK ⊆ K + C as required.
This proves the existence of a surjective, continuous map C → AK/K, so because C is
compact, AK /K is compact as well. Further, since 0 lies in the open set x ∈ C : |x∞ |∞ < 21 ,
0 is an isolated point of K ⊆ AK . Then since K ,→ AK is a group homomorphism, this
implies every point of K is isolated. Hence K is discrete.

Theorem 16.2.8. There is an isomorphism of topological groups

AQ /Q −→ lim R/nZ
←−

where the limit is over all n ≥ 1.

Proof. (Sketch) For n ≥ 1, define

Cn = {x ∈ AQ | x∞ = 0, xp ∈ pordp (n) Zp }

(that is, the set of ‘adèles divisible by n’). It is clear that ∞

T
n=1 Cn = {0}. This yields an
isomorphism

lim AQ /C n −→ AQ
←−
 
((xp,n )p )n 7−→ lim xp,n .
n→∞ p

253
16.2. Adèles and Idèles Chapter 16. Adèlic Number Theory

∼
In turn, this gives an isomorphism AQ /Q −
→ lim AQ /(Q + Cn ). Consider the map
←−

R/nZ −→ AQ /(Q + Cn )
x 7−→ (x, 0, 0, . . .)

where x∞ = x and xv = 0 for all finite places v of Q. This map is well-defined, since for any
a ∈ Z, na maps to (na, 0, 0, . . .) = (na, na, na, . . .) + (0, −na, −na, . . .) ∈ Q + Cn . The
Q map
is also injective by observation. Finally, Corollary 16.2.5 gives us AQ = Q + (R × Zp ) so
any adèle x ∈ AQ can be written x = (a + s, a + x2 , a + x3 , . . .) for some a ∈ Q, s ∈ R and
xp ∈ Zp . Then the approximation theorem allows us to write x = (r, 0, 0, . . .) + (b, b, b, . . .) +
(0, y2 , y3 , . . .) for b ∈ Q, r ∈ R and certain yp ∈ Zp for each prime p. Then r 7→ (r, 0, 0, . . .)
which is the image of x in the quotient AQ /(Q + Cn ). Putting these maps together for each
n ≥ 1, we get the desired isomorphism.

Remark. One should regard lim R/nZ as the profinite completion of the universal cover of
←−
the circle R/Z, so Theorem 16.2.8 says that AQ /Q is the ‘algebraic universal cover’ of R/Z.
The Galois group of this cover is Z,
b which is in fact the algebraic fundamental group of
R/Z ∼= S 1.

254
16.3. Idèle Class Group Chapter 16. Adèlic Number Theory

16.3 Idèle Class Group

Recall from Theorem 16.2.7 that K embeds as a discrete subgroup of AK . Likewise, K × ,→
IK = A× K as a discrete subgroup.

Definition. The idèle class group of a global field K is CK = IK /K × .

Remark. In contrast to Theorem 16.2.7, the quotient IK /K × is no longer compact. To see
this, it is sufficient to note that the x ∈ IK such that |x|K = 1 (defined below) form an open
subgroup of infinite index in CK .
Definition. Suppose k is a local field. The normalized absolute value of k is the function
| · |k : k × → R>0 defined as follows:
ˆ If k = R, |x|R = |x| is the usual absolute value.

ˆ If k = C, |z|C = z z̄ = |z|2 , the square of the modulus.

ˆ If k is nonarchimedean with uniformizer π, then | · |k is defined on π by |π|k = 1q , where

q = |Ok /πOk |, and extended to all k × .
Lemma 16.3.1. Let `/k be a finite extension of local fields. Then for any x ∈ `,

|x|` = |N`/k (x)|k .

Proof. In the archimedean cases, this is clear from the above definitions. So suppose k and
` are nonarchimedean, π` is a uniformizer of ` and n = [` : k]. If e is the ramification index
of `/k, then πk = π`e is a uniformizer of k and by algebraic number theory, n = ef where f
is the degree of the residue field extensions, so |O` /π` O` | = q f . Now consider
 e
e n 1 1 1
|N`/k (π` )|k = |N`/k (πk )|k = |πk |k = n = ef = = |π` |e` .
q q qf

Since norm is multiplicative, take the eth root to get |N`/k (π` )|k = |π` |` . Since π` is a
uniformizer, this also holds for any x ∈ `.
Now let K be a global field and for each place v of K, let Kv be the complete local field
at v.
Definition. The absolute value of the idèle group IK is the map

| · |K : IK −→ R>0
Y
(xv ) 7−→ |xv |v .
v

The following generalizes the product formula for completions of Q (Lemma 15.2.7).
Theorem 16.3.2. Let K be a global field with group of idèles IK . Then
(1) (Artin’s Product Formula) For all x ∈ K × , |x|K = 1.

255
16.3. Idèle Class Group Chapter 16. Adèlic Number Theory

(2) | · |K is surjective onto R>0 when char K = 0 and has image {pm0 n | n ∈ Z} for some
m0 ∈ Z when char K = p > 0.

Proof. First suppose E/K is a finite, separable extension. Let PK (resp. PE ) denote the set
of places of K (resp. E). Then for any x ∈ E × ,
Y Y
|x|E = |x|v
u∈PK v∈PE
v|u
Y Y
= |NEv /Ku (x)|u
u∈PK v∈PE
v|u

by the isomorphism E ⊗K Ku ∼
Y Y
= |NE/K (x)|u = Ev
u∈PK v|u

= |NE/K (x)|K .

Therefore if (1) and (2) hold for K, they also hold for E so we may reduce to the case when
K = Q or K = Fp (t).
(1) If K = Q and p ∈ Z is prime, for each place v we have

p, v = ∞

|p|Qv = p1 , v = p

1, otherwise.


This implies that |p|Q = 1 and since norm is multiplicative, this shows |x|Q = 1 for all
x ∈ Q× . The proof is similar for K = Fp (t).
(2) For K = Q, this is obvious. When K = Fp (t), suppose v is the place where the
residue field is Fp and πv is the uniformizer. Then |πv |v = p1 and taking powers shows that
the image of | · |v is pm0 Z .

Definition. The group of norm 1 idèles of K is the kernel of the normalized absolute
value on K, written
I1K = {x ∈ IK : |x|K = 1}.
1
We also define the norm 1 class group to be CK = I1K /K × .

Note that by Theorem 16.3.2, K × ,→ I1K so the quotient CK 1

is well-defined. In fact, if
V (IK ) is the image of | · |K in R>0 , then we have a short exact sequence of groups
1
1 → CK → CK → V (IK ) → 1.
1
Theorem 16.3.3. For any global field K, CK is compact.

Proof. Recall the set C defined in the proof of Theorem 16.2.7 by

 
1
C = x ∈ AK : |x∞ |∞ ≤ for all ∞ ∈ J∞ and |xv |v ≤ 1 for all v 6∈ J∞ .
2

256
16.3. Idèle Class Group Chapter 16. Adèlic Number Theory

In that proof we saw that C is compact in AK and AK = K + C. If µ is the Haar measure on

AK , then µ(C) < ∞. Now choose a compact subset Z ⊆ AK having µ(Z) > µ(C). Define
subsets

Z1 = {z1 − z2 | z1 , z2 ∈ Z}
and Z2 = {z1 z2 | z1 , z2 ∈ Z1 }.

Since addition and multiplication are continuous on AK , we see that Z1 and Z2 are compact
subsets of AK . By Theorem 16.2.7, K embeds as a discrete subgroup of AK , so K × Z2 is
finite, say K × ∩ Z2 = {y1 , y2 , . . . , yr }. Let δ : IK ,→ AK × AK be the natural inclusion
x 7→ (x, x−1 ). Define the set
r
[
δ −1 {(u, yj−1 v) : u, v ∈ Z1 } .


Ψ=
j=1

It is easy to check that Ψ ⊆ IK is compact (indeed, δ is a homeomorphism onto its image in

AK × AK ).
Now to finish, it’s enough to show that I1K ⊆ K × Ψ, since then I1K /K × ⊆ K × Ψ/K × ∼ =
Ψ/(K × ∩ Ψ) which is compact. Take x ∈ I1K . Then since the Haar measure µ is translation-
invariant and |x|K = 1, the µ-volumes of Z, xZ and x−1 Z are the same. Since µ(Z) > µ(C),
one can show that there exist elements z1 , z2 , z3 , z4 ∈ Z such that α = x(z1 − z2 ) and
β = x−1 (z3 − z4 ) both lie in K × . Then αβ = (z1 − z2 )(z3 − z4 ) ∈ K × ∩ Z2 so αβ = yj for
some 1 ≤ j ≤ r. Finally,

δ(xβ) = δ(z3 − z4 ) = (z3 − z4 , (z3 − z4 )−1 )

= (z3 − z4 , yj−1 (z1 − z2 )) ∈ Z1 × yj−1 Z1

so it follows that xβ ∈ Ψ and hence x ∈ K × Ψ as required.

Fix a finite set S of places of K which contains the infinite places.

Definition. The S-idèle group of K is

Y Y
IK,S := (IK )S = Kv× × Ov× .
v∈S v6∈S

Proposition 16.3.4. For any finite set S containing the infinite primes of K (if they exist),
IK,S is an open subgroup of IK which is compact if and only if S = ∅.

Proof. Lemma 16.1.2 gives us that IK,S is a (locally compact) subgroup, and it is clear that it
is an open subgroup since the topology induced on IK,S is equivalent to the product topology.
Second, the fact that IK,S is compact if and only if S is empty follows from the observation
that for any place v, Kv× is not compact in Kv .

Definition. For any finite set S containing the infinite primes of K, define the norm 1
S-idèles by I1K,S = I1K ∩ IK,S and the ring of S-integers of K by RS = K ∩ ASK .

257
16.3. Idèle Class Group Chapter 16. Adèlic Number Theory

Remark. If K is a number field and S∞ is the set of infinite primes of K, then RS∞ = OK ,
the ring of algebraic integers in K. If K is a function field and S∞ denotes the archimedean
places of K, then RS∞ = OK is the algebraic closure of Fq [t] in K.
Lemma 16.3.5. An element x ∈ K × is a root of unity in K if and only if |x|v = 1 for every
place v of K.
The following generalizes Dirichlet’s unit theorem for number fields (Corollary 15.1.11).
Proposition 16.3.6. For any global field K,
(1) I1K,S /RS× is compact.
(2) There is an isomorphism
RS× ∼
= µ(K) × Zr(S)
where µ(K) is the set of roots of unity in K and r(S) = |S| − 1.
Proof. (1) By Proposition 16.2.3, we have RS× = K × ∩ IK,S = K × ∩ I1K,S . Then since I1K,S is
an open subgroup of I1K , I1K,S /RS× is both an open and closed subgroup in I1K /K × , which is
compact by Theorem 16.3.3. Therefore I1K,S /RS× is compact. Q
(2) For each place v of K, let Cv = {xv ∈ Kv : |xv |v = 1} and put C = v Cv . Then since
each Cv is compact in Kv× and the subspace topology on IK,S ⊆ IK is the product topology,
we see that C is compact. Consider the short exact sequence
Y
1 → C → IK,S → (Kv× /Cv ) → 1.
v∈S

For each place v, Kv× /Cv is isomorphic to the value group of v, so in particular by Theo-
rem 16.3.2, (
R>0 ∼
= R, v is archimedean
Kv× /Cv ∼= mZ ∼
p = Z, v is nonarchimedean.
Write |S| = r = r1 + r2 where r1 , r2 are the numbers of archimedean and nonarchimedean
valuations in S, respectively. Then the above short exact sequence yields
1 → C → I1K,S → Rr1 × Zr2 → 1.
Next, Lemma 16.3.5 implies that C ∩ K × = µ(K). Given this and the fact that I1K,S ∩ K × =
RS× , the short exact sequence becomes
1 → µ(K) → RS× → L → 1
and one can show that L ∼
= Zr .
Definition. For a finite set S containing J∞ , the S-class group of K is CK,S = IK /K × IK,S .
Note that I1K ,→ IK induces an inclusion
I1K /K × I1K,S ,−→ IK /K × IK,S
which is an isomorphism whenever S 6= ∅ and has cokernel Z by (2) of Theorem 16.3.2 when
S = ∅ (because in this case char K > 0).

258
16.3. Idèle Class Group Chapter 16. Adèlic Number Theory

Theorem 16.3.7. Suppose S is a finite set containing J∞ . Then

(1) If S 6= ∅, then CK,S is a finite group.

(2) If S = ∅, then CK,S is the direct product of Z with a finite group.

Proof. We know I1K,S is open in I1K and by Theorem 16.3.3, I1K /K × is compact. Thus there
is a finite open cover of I1K,S in I1K , so I1K /K × I1K,S is finite. This proves (1). In the S = ∅
case, char K > 0 and the cokernel of the injection

I1K /K × I1K,S ,−→ IK /K × IK,S

is Z by the above, so the cokernel sequence

I1K /K × I1K,S → IK /K × IK,S → Z

is split exact and hence CK,S ∼

= I1K /K × I1K,S ⊕ Z.
We now compare the idèle class group to the ideal class group of the ring of integers R
of K. Recall that for a number field K, R is defined as the integral closure of Z in K, while
for a function field K, after an explicit presentation of K as an extension of Fq (t), R is the
integral closure of Fq [t] in K. From algebraic number theory, R is a Dedekind domain with
field of fractions K. A fractional ideal of R is a nonzero, finitely generated R-submodule of
K, a special case of which is a principal fractional ideal Rα for α ∈ K × . Let JK (resp. PK )
be the set of fractional ideals (resp. principal fractional ideals) of R. Then the class group
of K is defined to be the quotient Cl(K) = JK /PK .

Theorem 16.3.8. For any global field K, Cl(K) ∼

= CK,S∞ , where S∞ is the set of infinite
(archimedean) places of K.

Proof. The isomorphism is induced by the map

α : IK −→ Cl(K)
" #
Y
x 7−→ pvp (xp )
p∈Spec R

where vp is the valuation at the place of K corresponding to the prime p ⊂ R. By properties

of valuations, it is clear that α is a group homomorphism. Note that x ∈ K × implies
α(x) = 1 by Lemma 16.3.5. Thus x ∈ ker α, so K × ⊆ ker α. On the other hand, for any
v (a)
fractional ideal a of R, [a] = α(x) where x = (xp ) ∈ IK is defined by x = πp p for πp ∈ Op
a uniformizer at each prime. Thus α is surjective.
Finally, if α(x) = 1 then α(x) is represented by a principal fractional ideal Ry for some
y ∈ K × . For all primes p, we have vp (y) = vp (xp ), so we may choose u =Q(up ) ∈ IK with
up ∈ Op× and (xu)p = y for all p. Then xu and y differ by an element of v∈S∞ Kv× , so it
follows that x and y differ by an element of IK,S∞ . This shows that x lies in K × IK,S∞ so α
induces an isomorphism IK /K × IK,S∞ → Cl(K).

259
 Part IV

Class Field Theory

260
Chapter 17

Global Class Field Theory

The contents of Chapters 17 and 18 are a product of research in class field theory as part of
my Master’s thesis at Wake Forest University. The main topics covered are:

ˆ The Hilbert class field

ˆ Ray class groups

ˆ Dirichlet L-series, Dirichlet density and the proof of Dirichlet’s theorem on primes in
arithmetic progression

ˆ The main theorems of global class field theory:

– Artin reciprocity
– The Conductor Theorem
– The fundamental equality
– The Existence and Classification Theorems

ˆ An extended discussion of Frobenius’ and Čebotarev’s density theorems

ˆ Ring class fields and orders

ˆ Applications to quadratic forms and n-Fermat primes

A primary motivation for studying these topics is to fully answer the question, described
in Cox’s Primes of the Form x2 + ny 2 , “Given a positive integer n, when can a prime number
be written in the form x2 + ny 2 ?” The reader will see that although the question has a
rather elementary statement, it requires the depth and power of class field theory to fully
understand. After describing the answer to this first question, we will turn our attention to
the much more difficult, and unanswered question, “Given a positive integer n, if x2 + ny 2
is prime, when is y 2 + nx2 also prime?”

261
17.1. The Hilbert Class Field Chapter 17. Global Class Field Theory

17.1 The Hilbert Class Field

Prime ideals p ⊂ OK are often referred to as finite primes to distinguish them from infinite
primes, which are defined as
Definition. A real infinite prime of a number field K is an embedding σ : K ,→ R, while
a complex infinite prime is a pair of conjugate embeddings σ, σ̄ : K ,→ C.
Definition. Given an extension L/K, an infinite prime σ of K is said to ramify in L if σ
is real and has an extension to L which is complex.
√
Example
√ 17.1.1. The infinite prime σ : Q ,→ R is unramified in Q( 2) but σ is ramified
in Q( −2).
Definition. We say an extension of number fields L/K is unramified if every prime in
K, finite or infinite, is unramified in L.
A number field may have unramified extensions of arbitrary degree – the work of Golod
and Shafarevich in the 1960s was famous for its rather complicated examples. However, if
we restrict our focus to unramified abelian extensions, the theory becomes more tractable.
Theorem. For every number field K, there exists a finite Galois extension L ⊃ K such that
L is an unramified abelian extension of K, and L contains every other unramified abelian
extension of K.
Proof. This will follow from a more general result established in Section 17.10.
Definition. The Hilbert class field of a number field K is the maximal unramified abelian
extension of K.
For now we will assume the existence of the Hilbert class field and further develop the
connections between Hilbert class fields and algebraic number theory. The main tool in
describing this relationship is the Artin symbol, whose existence is proved in the following
lemma.
Lemma 17.1.2. Let L/K be a Galois extension, p ⊂ OK an unramified prime and P a
prime of OL lying over p. Then there is a unique element σ ∈ Gal(L/K) such that for all
α ∈ OL ,
σ(α) ≡ αN(p) mod P
where N(p) = [OK : p] is the norm of p.
Proof. Let D = DP and I = IP be the decomposition and inertia groups of P ⊃ p. Let
` = OL /P and k = OK /p, with G e = Gal(`/k). Recall from Proposition 14.5.18 that each
σ ∈ D maps via ϕ to an element σ̃ ∈ G. e Since p is unramified in L, |I| = e(P | p) = 1
and since ker ϕ = I by Corollary 14.5.19, ϕ is an isomorphism. Let q = N(p) = |OK /p|. It
is well known that Ge is a cyclic group generated by the Frobenius automorphism x 7→ xq .
Thus there is a unique σ ∈ G which maps to the Frobenius automorphism. Finally, since
q = N(p), this σ satisfies the lemma.

262
17.1. The Hilbert Class Field Chapter 17. Global Class Field Theory

P ⊂
Definition. For a given prime OL , the unique element σ ∈ DP described above is called
L/K
the Artin symbol, denoted . It satisfies
P
 
L/K
(α) ≡ αN(p) mod P
P
 
L/K
for all α ∈ OL , where p = P ∩ OK . If p = OK ∩ P then is called a Frobenius
P
element for p.
We will describe Frobenius automorphisms in greater detail in Section 17.3 but for now
we will focus on their relation to the Hilbert class field.
Proposition 17.1.3. For a Galois extension L/K, an unramified prime p ⊂ OK and a
prime P ⊃ p, the Artin symbol has the following properties.
   
L/K L/K
(i) For all σ ∈ Gal(L/K), =σ σ −1 .
σ(P) P
 
L/K
(ii) The order of in DP is the inertial degree f = f (P | p).
P
 
L/K
(iii) p splits completely in L ⇐⇒ = 1.
P
 
L/K
Proof. (i) follows from the uniqueness of and Proposition 14.5.13.
P
(ii) From Lemma 17.1.2, DP ∼ =G e = Gal(`/k) and the order of G e is [OL /P : OK /p] = f .
 
L/K
By definition, the Artin symbol maps to a generator of G so the order of
e is f .
P
(iii) Recall that p splits completely if and only
 if e = f = 1. Then e = 1 since we are
L/K
assuming p is unramified in L, and f = 1 ⇐⇒ = 1 follows from part (ii).
P
Since L/K is abelian, the Artin symbol only depends on the underlying prime p: if P
and P0 are both primes of OL containing p, then P0 = σ(P) for some σ ∈ Gal(L/K) as we
have already shown. Thus (i) of the proposition implies
         
L/K L/K L/K −1 −1 L/K L/K
= =σ σ = σσ = .
P0 σ(P) P P P
 
L/K
We will write the Artin symbol as to indicate that it is determined by the underlying
p
prime p ⊂ OK .
The Artin symbol is the first step in establishing a powerful tool in class field theory called
Artin reciprocity (Section 17.8). The name comes from the fact that it is a generalization
of more elementary reciprocity laws, such as quadratic, cubic and biquadratic reciprocities
established by Euler, Legendre and Gauss. The next example shows that the Artin symbol
properly encapsulates cubic reciprocity.

263
17.1. The Hilbert Class Field Chapter 17. Global Class Field Theory

√ √
Example
√
17.1.4. Let K = Q( −3) and L = K( 3 2). Here OK = Z[ω] where ω = e2πi/3 =
−1+ −3
2
. Note that for the extension K/Q, we have n = 2, r = 0, s = 1 and dK = −3 so the
Minkowski bound for K is  1
2! 4 √
BK = 2 3 ≈ 1.103.
2 π
As we have seen before, this shows that K has class number 1, which is equivalent to Z[ω]
being a PID.
Knowing that the ring of integers is a PID is important, since any prime ideal can be
written πZ[ω] for some prime element π ∈ Z[ω]. One can  calculate
 that Gal(L/K) ∼ = Z/3Z
L/K
but the important part is that Gal(L/K) is abelian, so is defined. In fact the entire
√ π
automorphism is determined by its action on 3 2:
L/K √ 2 √
   
3 3
( 2) = 2
π π 3
 
2
where is the cubic Legendre symbol, defined to be the unique cubic root of unity to
π 3
which 2(N(π)−1)/3 is congruent mod π. Specifically, let P be a prime of OL lying over π. Then
by definition,
L/K √ √ 2 √
   
3 (N(π)−1)/3 3 3
( 2) ≡ 2 · 2≡ 2 mod P.
π π 3
Hence the Artin symbol generalizes the cubic Legendre symbol!
When L/K is an unramified abelian extension, things are especially nice. Let
Y IK be the
group of fractional ideals of OK . For any a ∈ IK with prime factorization a = pri i we can
define the Artin symbol on a by
  Y r
L/K L/K i
= .
a pi
Definition. The Artin map for an extension L/K is the homomorphism
 
L/K
: IK −→ Gal(L/K).
·
Notice that if L/K is ramified at any primes, the Artin map is not defined for all of IK .
Likewise if Gal(L/K) is not abelian, the Artin symbol may not be uniquely defined for all
p ∈ IK . For this reason many of the main theorems in class field theory are complicated to
state, as we will see in subsequent sections. However when L is the Hilbert class field of K
we have the following characterization of the Artin map.
Theorem 17.1.5 (Artin Reciprocity for the Hilbert Class Field). If L is the Hilbert class
field of a number field K, the Artin map
 
L/K
: IK −→ Gal(L/K)
·
is surjective and its kernel is PK . Therefore the Artin map induces an isomorphism C(OK ) ∼
=
Gal(L/K) where C(OK ) = IK /PK is the ideal class group.

264
17.1. The Hilbert Class Field Chapter 17. Global Class Field Theory

Proof. This will follow from the full Artin reciprocity theorem in Section 17.8.
Using Galois theory, we have the following classification of unramified abelian extensions
of K.

Corollary 17.1.6. For a number field K, there is a one-to-one correspondence

   
unramified abelian extensions subgroups
←→ .
M ⊃K H ≤ C(OK )

Furthermore, if the extension M/K corresponds to the subgroup H, then the Artin map
induces an isomorphism C(OK )/H ∼= Gal(M/K).
Proof. This too will be proven in a more general setting in Section 17.10.
This is a good example of the general strategy employed in class field theory: describe a
certain type of extensions of K – in this case unramified abelian extensions – using informa-
tion encoded in K itself, e.g. subgroups of the class group.

Corollary 17.1.7. Let L be the Hilbert class field of a number field K and let p ⊂ OK be a
prime ideal. Then p splits completely in L ⇐⇒ p is a principal ideal.
 
L/K
Proof. By (iii) of Proposition 17.1.3, p splits completely if and only if = 1. Since the
p
Artin map ∼
  induces C(OK ) = Gal(L/K) by the Artin reciprocity theorem (Theorem 17.1.5),
L/K
= 1 ⇐⇒ [p] is trivial in the class group, which is equivalent to p being a principal
p
ideal.
The Hilbert class field has an important application to the study of primes of the form
p = x2 + ny 2 .

Theorem 17.1.8. Let n > 0 be a squarefree integer such that n 6≡ 3 (mod 4). Then there
√ irreducible polynomial fn (x) ∈ Z[x] of degree h(−4n) – the class number of
is a monic
K = Q( −n) – such that if p is an odd prime that does not divide n or the discriminant of
fn , then
 
2 2 −n
p = x + ny ⇐⇒ = 1 and fn (x) ≡ 0 (mod p) has an integer solution.
p

Furthermore, any choice of fn (x) will be the minimal polynomial of a real algebraic integer
α for which L = K(α) is the Hilbert class field of K.

We devote the rest of this section to the proof of Theorem 17.1.8 and its applications.
The first step is to relate p = x2 + ny 2 to the splitting behavior of p in the Hilbert class field.
√
Theorem 17.1.9. Let L be the Hilbert √ class field of K = Q( −n), where n > 0 is squarefree
and n 6≡ 3 (mod 4), so that OK = Z[ −n]. If p is an odd prime not dividing n, then

p = x2 + ny 2 ⇐⇒ p splits completely in L.

265
17.1. The Hilbert Class Field Chapter 17. Global Class Field Theory

Proof. We will prove

√
dK = −4n ⇐⇒ OK = Z[ −n] ⇐⇒ n is squarefree and n 6≡ 3 (mod 4)
in the next section. For now, assume the conditions on n imply that dK = −4n. Let p be
an odd prime not dividing n, so that p - dK . By Corollary 15.10.10 this means that p is
unramified in K. To prove the theorem, we will prove
(i) p = x2 + ny 2 ⇐⇒ pOK = pq where p 6= q and p is principal in OK (ii)
⇐⇒ pOK = pq, p 6= q and p splits completely in L (iii)
⇐⇒ p splits completely in L. (iv)
√ √ √
(i) ⇐⇒ (ii) Suppose p = x2 + ny 2 = (x + y −n)(x − y −n). Let p = (x + y √−n)OK .
Then pOK = pq must be the prime factorization of pOK , where q = p̄ = (x − y −n)OK .
Since p is unramified, p 6= q. This entire argument is reversible, so we have proved the first
equivalence.
(ii) ⇐⇒ (iii) follows from Corollary 17.1.7.
(iii) ⇐⇒ (iv) First we prove that L is Galois over Q. To do this, let τ denote complex
conjugation. It is easy to see that τ (L) is an unramified abelian extension of τ (K) = K.
Then since [τ (L) : K] = [L : K] and L is the maximal unramified abelian extension of K by
definition, we must have τ (L) = L. Hence τ ∈ Gal(L/K) and this implies L/Q is Galois by
conventional Galois theory arguments.
To finish the final equivalence, note that condition (iii) says that p splits in K and some
prime lying over p splits in L. Since L/Q is Galois, this is the same as p splitting in L.
Hence p = x2 + ny 2 if and only if p splits completely in L.
The next step is to further describe the criteria for when p splits in L.
Theorem 17.1.10. Let K be an imaginary quadratic field and L be a finite extension of K
that is Galois over Q. Then
(1) There exists a real algebraic integer α such that L = K(α).
(2) Let f denote the minimal polynomial of α over Q, with f (x) ∈ Z[x]. If p is an odd
prime not dividing the discriminant of f (x), then
 
dK
p splits in L ⇐⇒ = 1 and f (x) ≡ 0 (mod p) has an integer solution.
p

Proof. (1) By hypothesis, L/Q is Galois so [L ∩ R : Q] = [L : K] since L ∩ R is the fixed field

of complex conjugation. Then for any α ∈ L ∩ R, L ∩ R = Q(α) precisely when L = K(α).
Hence if α ∈ OL ∩ R such that L ∩ R = Q(α) then α is a real algebraic integer generating
the extension L/K. Such an element exists by the primitive element theorem.
(2) Now let f be the minimal polynomial of α over Q. By the first part, [L ∩ R : Q] =
[L : K] so f is also the minimal polynomial of α over K. Let p be a prime not dividing the
discriminant of f (x). Then f (x) is separable mod p, so by Theorem 14.5.7,
 
dK
pOK = pp̄ where p 6= p̄ ⇐⇒ = 1.
p

266
17.1. The Hilbert Class Field Chapter 17. Global Class Field Theory

We may assume p splits completely in K, so that Z/pZ ∼ = OK /p. Since f (x) is separable
over Z/pZ, it is separable over OK /p. Then Theorem 14.5.7 gives us
p splits completely in L ⇐⇒ f (x) ≡ 0 mod p is solvable in OK
⇐⇒ f (x) ≡ 0 mod p is solvable in Z.
Finally (2) is proven using (iii) ⇐⇒ (iv) from the previous proof.
We are now ready to prove Theorem 17.1.8.
√
Proof. Since the Hilbert class field L of K = Q( −n) is Galois over Q, Theorem 17.1.10 says
there is a real algebraic integer α which is a primitive element of the extension L/K. Let fn
be its minimal polynomial and let p be a prime that does not divide n or the discriminant
of fn . Then the previous two theorems show that
p = x2 + ny 2 ⇐⇒ p splits completely in L
 
−n
⇐⇒ = 1 and fn (x) ≡ 0 mod p is solvable in Z.
p
As discussed in the proof of Theorem 17.1.9, the hypotheses imply that dK = −4n so
   
dK −n
= .
p p
It remains to show that deg fn = h(−4n), but by√Artin reciprocity, [L : K] = | Gal(L/K)| =
|C(OK )|, and h(−4n) = |C(OK )| when K = Q( −n), so the theorem is proved.
The polynomial fn (x) is not unique since L/K has infinitely many primitive elements.
We can at least use this theorem to predict deg fn , and later we will see that fn (x) completely
describes the Hilbert class field – quite an amazing result indeed!
The Hilbert class field also allows us to relate the ideal class group C(OK ) to the form
class group C(dK ) for binary quadratic forms. In Section 18.2 we prove
Theorem. Let K be an imaginary quadratic field of discriminant dK = −4n, n ≥ 1.
(1) If f (x, y) = ax2 + bxy + cy 2 is a primitive positive definite quadratic form of discrim-
inant dK , then
p p
[a, (−b + dK )/2] = {ma + n(−b + dK )/2 | m, n ∈ Z}
is an ideal of OK .
√
(2) The map f (x, y) 7→ [a, (−b + dK )/2] is an isomorphism between C(OK ) ∼ = C(dK )
and hence |C(OK )| = h(dK ) which is the number of reduced forms of discriminant dK .
√
Example 17.1.11. Let K = Q( −14). Here dK = −56 and the reduced forms of discrimi-
nant −56 are:
x2 + 14y 2
2x2 + 7y 2
3x2 ± 2xy + 5y 2 .

267
17.1. The Hilbert Class Field Chapter 17. Global Class Field Theory

Moreover, only x2 + 14y 2 and 2x2 + 7y 2 belong to classes of order at most 2. Thus C(−56) ∼
=
∼
Z/4Z and by the above theorem C(OK ) = Z/4Z.
We know from Theorem 17.1.8 that there is a polynomial f14 (x) such that
 
2 2 −14
p = x + 14y ⇐⇒ = 1 and f14 (x) ≡ 0 mod p has an integer solution.
p

We determined above that h(−56) = sopdeg f14 = 4, but we don’t yet know how to find this
√
polynomial. Let L = K(α) where α = 2 2 − 1. We claim that L is the Hilbert class field
of K. To check this, we need the following lemma.
√
Lemma 17.1.12. Let L = K( β) for some β ∈ OK and let p ⊂ OK be a prime ideal. Then
p is unramified in L if either of the following two conditions are met:
(i) 2β 6∈ p, or

(ii) 2 ∈ p, β 6∈ p and β = b2 − 4c for some b, c ∈ OK .

Proof. (i) Since the discriminant of x2 − β is 4β 6∈ p, x2 − β is separable mod p and hence p
is unramified by Theorem 14.5.7. √
(ii) Note that L = K(γ) as well, where γ = −b+2 β is a root of x2 +bx+c. The discriminant
of x2 + bx + c is b2 − 4c 6∈ p so by Theorem 14.5.7 again, p is unramified.
√
Now we can prove the claim about the Hilbert class field H of K = Q( −14). The
reciprocity theorem tells us that [H : K] = h(−56) = 4 and H is unique, so it suffices to
prove that L = K(α) is an unramified abelian extension of degree 4 over K. It’s easy to see
that [L : K] = 4 by standard arguments, and this means L/K is guaranteed to be abelian,
so the only thing we must check is that L/K is unramified at√every prime.
Note that every infinite
√ prime is unramified,
√ since K = Q( −14) is imaginary quadratic.
2
Observe that α = 2 2 − 1 implies that 2 ∈ L, so we have a tower
√
K ⊂ K( 2) ⊂ L.
√ √
The result will follow if we show that K( 2)/K and L/K( √ 2) are both unramified.
First suppose p ⊂ OK is prime (and finite). Let E = K( 2). √ By (i) of Lemma
√ 17.1.12,
p is unramified
√ in E when 2 6∈ p so√ let us assume 2 ∈ p. Since −14 ∈ K and 2 ∈ E, we
also have −7 ∈ E, i.e. E = K( −7). Then −7 6∈ p and −7 = 12 − 4 · 2 imply by (ii) of
the Lemma that p is unramified in E. √ √
0
Now consider the other extension √ L/E. If we let µ = 2 2 − 1 and µ = −2 2 − 1, it’s
√
easy to see that L = E( µ) = E( µ0 ). Let p ⊂ OE be prime. If 2 6∈ p then µ + µ0 = −2
implies that either µ 6∈ p or µ0 6∈ p. By (i) of Lemma 17.1.12, this shows√ that p is unramified
in L. On√the other hand, if 2 ∈ p we see that µ 6∈ p since µ = 2 2 − 1. Also note that
2
p+√ 2) − 4 so (ii) of the Lemma proves p is unramified
µ = (1
√
in L. Hence L = K(α), where
α = 2 2 − 1, is the Hilbert class field of K = Q( −14).
This example allows us to prove the following characterization for primes p = x2 + 14y 2 .
Note that this is our first big application of class field theory to the main question of when
primes have the form x2 + ny 2 .

268
17.1. The Hilbert Class Field Chapter 17. Global Class Field Theory

Theorem 17.1.13. Let p 6= 7 be an odd prime. Then

 
2 2 −14
p = x + 14y ⇐⇒ = 1 and (x2 + 1)2 ≡ 8 mod p for some x ∈ Z.
p
p √ √
Proof. As above, let α = 2 2 − 1 and K = Q( −14), so that L = K(α) is the Hilbert
class field of K. It can be shown that f14 (x) = x4 + 2x2 − 7 = (x2 + 1)2 − 8 is the minimal
polynomial of α by basic root analysis. The discriminant of f14 is −214 · 7 which explains
why we exclude p = 2, 7. Then by the main result, Theorem 17.1.8,
 
2 2 −14
p = x + 14y ⇐⇒ = 1 and f14 (x) ≡ 0 mod p.
p

Since f14 (x) = (x2 + 1)2 − 8, the theorem follows immediately.

√
Example 17.1.14. Let K = Q( −17). We will repeat the steps of the last example and
prove a result for primes of the form p = x2 + 17y 2 similar to Theorem 17.1.13. Note that
n = 2, r = 0, s = 1 and dK = −68 so the Minkowski bound is computed as
 1
2! 4 √
BK = 2 68 ≈ 5.250.
2 π

Thus the class group C(OK ) is generated by prime ideals with norm ≤ 5. These correspond
to ideals pOK for p = 2, 3 and 5. Corollary 15.10.10 tells us that of these, only 2 ramifies,
so we have the following factorizations:
ˆ 2OK = p22 where p2 is prime.

ˆ Using quadratic reciprocity, we calculate

       
−17 −1 17 −1 2
= = = −1 · −1 = 1.
3 3 3 3 3

Thus by Proposition 14.6.1, 3 splits in K and we write 3OK = p3 p03 for prime ideals
p3 6= p03 .

ˆ Likewise, for 5 we have

       
−17 −1 17 −1 2
= = = 1 · −1 = −1.
5 5 5 5 5
So 5 is inert, i.e. 5OK is prime.
0
This shows that C(OK ) may be generated by [p2 ] and [p3 ],
√since p3 p3 is principal.2
Suppose p2 is principal, say p2 = αOK for α = a + b −17. Then 2OK = p2 = α2 OK
so we must have 4 = N (2OK ) = N (α)2 , or N (α) = ±2. However a2 + 17b2 = ±2 has no
integer solutions, so p2 must not be principal. Thus its ideal class is an element of order
2 in the class group. Similar arguments shows that p3 is not principal, and that p23 = p2 .
Therefore |C(OK )| = 4.

269
17.1. The Hilbert Class Field Chapter 17. Global Class Field Theory

q √
We claim that the Hilbert class field of K is L = K(α), where α = (1 + 17)/2,
following a suggestion in Cox. The work above shows the Hilbert class field is a degree 4
extension of K, so it suffices to show that L = K(α) is an unramified abelian extension of
degree 4 over K, from which it will follow from the uniqueness of the Hilbert class
√ field.
2 2
It’s easy to verify, using the minimal polynomial x − x − 4 for α = (1 + 17)/2, that
the minimal polynomial for α is f (x) = x4 − x2 − 4 which splits in L. This shows that L/K
is Galois, so [L : K] = 4. Of course every group of order 4 is abelian, so L/K is an abelian
extension. It remains to check that L/K is ramified at every √ prime of OK .
Of course any infinite prime is unramified since K = Q( −17) is imaginary quadratic and
thus has√no real embeddings. We will use Lemma 17.1.12 to show that E/K and L/E, where
E = K( 17), are both unramified √ extensions and it√will follow that L/K
√ is unramified. As
a sidenote, observe that α2 = (1 + 17)/2 implies 17 ∈ L, so K ⊂ K( 17) ⊂ L and thus
it makes sense to define the extensions E/K and L/E.
Let p be a prime ideal of OK . Since (i) of Lemma 17.1.12 tells us that p is unramified in
E whenever 2 6∈ p, let us assume 2 ∈ p. Note that 17 6∈ p and 17 can be written

17 = 12 − 4(−4)

and 1, −4 ∈ Z ⊂ OK so (ii) of the lemma tells us that p is unramified in E. Thus E/K is

an unramified extension. √ √
0
Now we turn our√ 0 attention to L/E. Let µ = (1 + 17)/2 and µ = (1 − 17)/2, so that
√
L = E( µ) = E( µ ). Suppose p ⊂ OE is a prime ideal; we may assume 2 ∈ p by (i), and
furthermore 1 6∈ p, else it’s the whole ring of integers. Notice that µ + µ0 = 1 6∈ p, so that
either µ 6∈ p or µ0 6∈ p. But these each satisfy x = x2 − 4 so (ii) of the lemma tells us that p
is unramified.
We have shown L/K to be an unramified abelian extension of degree 4, so by uniqueness
it is the Hilbert class field. We now use this to prove a theorem for primes of the form
x2 + 17y 2 as we did before for n = −14.

Theorem 17.1.15. Let p 6= 17 be an odd prime. Then

 
2 2 −17
p = x + 17y ⇐⇒ = 1 and x2 (x2 − 1) ≡ 4 mod p has an integer solution.
p
√
Proof. Let K = Q( −17). We proved that the Hilbert class field of K is L = K(α) where
q √
α = (1 + 17)/2. We also know that the minimal polynomial for α is f17 (x) = x4 −x2 −4 =
x2 (x2 − 1) − 4. Note that the discriminant of f17 is −216 · 172 which explains why we remove
p = 2 and 17 from consideration. The result follows from Theorem 17.1.8.
It is clear that even when K is only quadratic, the Hilbert class field is nontrivial to
compute.

270
17.2. Orders Chapter 17. Global Class Field Theory

17.2 Orders
In the previous section we were able to prove a full characterization of when a prime is of
the form p = x2 + ny 2 given certain restrictions on n. We have thus described the main
question for infinitely many
√ n, but what about the rest?
In general, if K = Q( n) we have the following characterization of the ring of integers:
( √
Z[h n] i if n 6≡ 1 (mod 4)
OK = √
Z 1+2 n if n ≡ 1 (mod 4).

Recall that for a quadratic extension, the field discriminant is given by

(
n if n ≡ 1 (mod 4)
dK =
4n otherwise.

Using this allows us to write the ring of integers more succinctly:

 √ 
dK + dK
OK = Z .
2

The
√ important thing is that when n does not satisfy
√ the criteria in Section 17.1, i.e. when
Z[ −n] is √ not the full ring of integers for Q( −n), we still have a characterization that
involves Z[ −n]. We will make some headway on the x2 + ny 2 question towards the end of
this section, but a full characterization of primes of the form x2 + ny 2 will not be possible
until we have the
√ theorems of class field theory at our disposal.
The ring Z[ −n] is an example of an order.

Definition. Let K be a number field. Then a subring O ⊂ K is an order if

ˆ 1K ∈ O

ˆ O is finitely generated as a Z-module

ˆ O contains a Q-basis of K.

There is a more general notion of an order in an arbitrary ring R, but the behavior is
quite different even when R is not a field. We will primarily make use of orders in quadratic
fields.

Proposition 17.2.1. Let O be an order in a quadratic number field K. Then

(1) O is a free Z-module of rank 2.

(2) K is the field of fractions of O.

(3) OK is an order in K containing every other order. In other words OK is the maximal
order in K.

271
17.2. Orders Chapter 17. Global Class Field Theory

Proof. (1) Clearly O is torsion free, so since it is a Z-module it is free. Also, since O contains
a Q-basis of a quadratic field, O is at least rank 2, so it must be exactly rank 2.
(2) follows from the fact that O contains a Q-basis for K.
(3) Since 1K ∈ OK and OK is a Z-module of rank [K : Q] = 2 by Proposition 14.3.9,
it suffices to show that OK contains a√ basis for K/Q. But this follows from the discussion
above: OK is generated by 1 and dK +2 dK .
Now let O be any order in K. Since O is a free Z-module, it is noetherian. Let α ∈ O
and consider the chain of Z-submodules I0 ⊂ I1 ⊂ I2 ⊂ · · · where I0 = Z and for n ≥ 1,
In = Z + αZ + α2 Z + . . . + αn Z.
By the noetherian condition, there is some n such that for all m ≥ n, Im = In . So for all
such m we have Z + αZ + . . . + αm Z = Z + αZ + . . . + αn Z. This implies αm = αi for some
1 ≤ i ≤ n and thus the powers of α are finite. This shows that Z[α] is finitely generated as
a Z-module, so Lemma 14.1.1 shows α ∈ OK . Thus O ⊂ OK .
Example 17.2.2. For K = Q(α) where α is an algebraic integer, Z[α] is an order in OK
but in general Z[α] 6= OK .
Example 17.2.3. For K = Q(i), the subring Z + niZ ⊂ Z[i] is an order for every nonzero
n ∈ Z. However, Z ⊂ Z[i] is not an order since Z does not have finite index in Z[i].
The next lemma shows that this is essentially the form of every order in a quadratic field.
Lemma 17.2.4. Let O be an order in a quadratic field K with discriminant dK and ring of
integers OK . Then f = [OK : O] is finite and O = Z + f OK .
Proof. The finiteness of f is a result of the fact that O and OK are both free Z-modules of
rank 2. On one hand, since f = [OK : O] we have
f OK ⊂ O =⇒ Z + f OK ⊂ O.
On the other hand, our description of OK at the beginning of the section allows us to write
Z + f OK = [1, f wK ], where √
dK + dK
wK = .
2
Clearly [1, f wK ] has index f in [1, wK ] = OK , which proves the result.
Definition. The index f = [OK : O] is called the conductor of the order.
This is not to be confused with the conductor of an extension in class field theory, which
will be discussed in Section 17.9. To add to the clutter, each order has an associated value
called the discriminant which is distinct from, although related to, the field discriminant.
Definition. For an order [α, β], its discriminant is defined to be
  2
α β
D = det 0 0
α β
where α0 and β 0 denote the respective images of α and β under the nontrivial automorphism
of K/Q.

272
17.2. Orders Chapter 17. Global Class Field Theory

 
α β
The discriminant of an order is independent of the basis chosen, since if A = 0 0 then
α β
changing basis is done by conjugating A by some invertible matrix B, but this doesn’t change
the determinant calculation above. Therefore we can let O = [1, f wK ] as in Lemma 17.2.4
and have D = f 2 dK . This shows that an order is determined by its conductor. Moreover,
the maximal order OK has conductor 1 which shows that the discriminant of OK is dK .
√By our description of dK for quadratic
√ fields, we see that D ≡ 0, 1 (mod 4). Let K =
Q( −n) for any integer n. Then Z[ −n] is an order in K with discriminant −4n. By the
comments
√ above, −4n = f 2 dK which makes it relatively easy to compute the conductor of
Z[ −n].
In fact, if D ≡ 0 or 1 (mod 4) there will be an in order in a quadratic field whose
discriminant is D. For D ≡ 0 (mod √ 4), we may write D = 4n and see that the maximal
order OK = [1, wK ] in K = Q( n) has discriminant dK =h 4n =i D. On the other hand,
√ √
if D ≡ 1 (mod 4), Q( D) has ring of integers OK = Z 1+2 D which has discriminant
dK = D.
Recall that OK is a Dedekind domain and has unique factorization of ideals. Unfortu-
nately this is not true in general for an order O ( OK so our description of the ideals of O
requires a bit more care. It turns out that we can still define a class group C(O) by restrict-
ing to certain types of ideals. One should view the subsequent construction as a precursor
to the types of constructions used in class field theory in the following sections.

Proposition 17.2.5. Let a be a nonzero ideal in an order O of K. Then the quotient O/a
is finite.

Proof. By Proposition 14.8.2, every nonzero ideal a of the maximal order OK has finite index
in OK . If b is a nonzero ideal in an order O of K, Proposition 17.2.1 tells us that O ⊂ OK
so that b ⊂ OK . Then [OK : b] = [OK : O][O : b] and the left side is finite, so [O : b] must
also be finite.
This allows us to define

Definition. For an order O, the norm of an O-ideal a is N(a) = [O : a].

For any nonzero ideal a ⊂ O, O ⊆ {β ∈ K : βa ⊂ a}, but equality may not always hold.
The ideals for which equality does hold have a special name.

Definition. An ideal a of an order O is a proper ideal if O = {β ∈ K : βa ⊂ a}.

Notice that principal ideals are always proper. Also, every ideal of the maximal order
OK is proper. From this definition we proceed with our construction of a class group for O
by defining an analog of fractional ideals.

Definition. For an order O, a fractional O-ideal is a subset of K which is finitely gener-

ated as an O-module. We say a fractional O-ideal b is proper if O = {β ∈ K : βb ⊂ b}.

Proposition 17.2.6. Every fractional O-ideal is of the form αa for some nonzero α ∈ K
and ideal a ⊂ O.

273
17.2. Orders Chapter 17. Global Class Field Theory

Proof. This is identical to the property for fractional ideals of a Dedekind domain.
Lemma 17.2.7. Let K = Q(α) be a quadratic field and suppose ax2 + bx + c is the minimal
polynomial for α – we may assume (a, b, c) = 1. Then [1, α] is a proper fractional ideal of
the order [1, aα] in K.
Proof. First, [1, aα] is an order by Lemma 17.2.4 since [1, aα] = Z + aαOK and aα is an
algebraic integer. Now suppose β ∈ K such that β[1, α] ⊂ [1, α]. This is equivalent to
β · 1 ∈ [1, α] and β · α ∈ [1, α].
The first of these gives us β = j + kα for j, k ∈ Z, so we can write the second as
 
2 k ck bk
β · α = (j + kα)α = jα + kα = jα + (−bα − c) = − + − + j α.
a a a
By hypothesis (a, b, c) = 1 so the above shows β · α ∈ [1, α] if and only if a | k. This implies
{β ∈ K : β[1, α] ⊂ [1, α]} = [1, aα]
proving [1, α] is a proper fractional ideal of [1, aα].
For orders in a quadratic field, we have a nice characterization of their fractional ideals.
Proposition 17.2.8. A fractional O-ideal a is proper if and only if a is invertible.
Proof. ( ⇒= ) If a is invertible, there exists some fractional O-ideal b such that ab = O.
Suppose β ∈ K such that βa ⊂ a. Then
βO = β(ab) = (βa)b ⊂ ab = O.
This implies β ∈ O so a is a proper fractional O-ideal.
( =⇒ ) Suppose a ⊂ O is a proper fractional ideal. Since K is quadratic, a is a free
Z-module of rank 2, so a = [β, γ] for some β, γ ∈ K. Let α = βγ ; then a = β[1, α] and
Lemma 17.2.7 implies that O = [1, aα] where ax2 + bx + c is the minimal polynomial of α
over Q. Let z 7→ z 0 be the nontrivial automorphism in Gal(K/Q). Since α0 is also a root
of ax2 + bx + c, Lemma 17.2.7 also shows that a0 = β 0 [1, α0 ] is a fractional O-ideal. We will
show that aaa0 = N(β)O. Note that
aaa0 = aββ 0 [1, α][1, α0 ] = N(β)[a, aα, aα0 , aαα0 ].
Also observe that α + α0 = − ab and αα0 = ac , so
aaa0 = N(β)[a, aα, −b, c] = N(β)[1, aα] = N(β)O
since (a, b, c) = 1. This proves the claim, and it follows that a is invertible.
√ √
Example 17.2.9.√ O = Z[ −3] is an order of conductor 2 in K = Q( −3). Consider the
ideal [2, 1 + −3] in O. It’s easy to see that
√ √
O ( {β ∈ K : β[2, 1 + −3] ⊂ [2, 1 + −3]} = OK .
√ √ √ √
Further, 2, 1+ −3 and 1− −3 are all irreducible in O, but 4 = 2·2 = (1+ −3)(1− −3)
showing that unique factorization fails in O.

274
17.2. Orders Chapter 17. Global Class Field Theory

In the next theorem we construct a class group C(O) for an order in a quadratic number
field. As with the class group in Section 14.9, we take a quotient of a fractional ideal group
by some principal fractional ideals, but in this context we must restrict our consideration to
proper fractional ideals in O.

Theorem 17.2.10. Given an order O in a quadratic number field, the set I(O) of proper
fractional O-ideals forms a group under ideal multiplication. Moreover, the set P (O) of
principal O-ideals is a subgroup of I(O) and hence the ideal class group C(O) = I(O)/P (O)
is defined.

Proof. Let a and b be proper fractional ideals of the order O. By Proposition 17.2.8, it is
equivalent to consider invertible ideals. First note that O is clearly the identity in I(O).
Since a is invertible, there is some fractional O-ideal which we will denote a−1 , such that
aa−1 = O. This shows that a−1 is also invertible and hence proper, so I(O) has inverses.
Now consider the product (ab)c, where we set c = b−1 a−1 . Then

(ab)c = abb−1 a−1 = aOa−1 = aa−1 = O

so we see that ab is invertible and hence proper. This proves that I(O) is a group. Clearly
P (O) is a subgroup of I(O) since every principal ideal is proper, and the product of principal
ideals is again principal. C(O) = I(O)/P (O) is a quotient of abelian groups, so it is a group.
This completes the proof of the theorem.
In order to make our work on orders in quadratic fields more compatible with the rest of
class field theory, it will be advantageous to translate O-ideals into the language of OK -ideals.

Definition. Given an order O of conductor f , we say that a nonzero O-ideal a is prime

to f if a + f O = O.

Lemma 17.2.11. Let O be an order of conductor f .

(1) An O-ideal a is prime to f ⇐⇒ N(a) is relatively prime to f .

(2) Every O-ideal that is prime to f is proper.

Proof. (1) Define the map ϕf : O/a → O/a to be multiplication by f . Note that

a + f O = O ⇐⇒ ϕf is surjective
⇐⇒ ϕf is an isomorphism
⇐⇒ f and |O/a| are relatively prime

where the last equivalence comes from the fundamental theorem of finite abelian groups.
Then by definition of numerical norm, |O/a| = N(a) so (1) is proved.
(2) Suppose a is prime to the conductor. Let β ∈ K and suppose βa ⊂ a. Then

βO = β(a + f O) = βa + βf O ⊂ a + f OK .

But f OK ⊂ O so βO ⊂ O which proves β ∈ O. Hence a is proper.

275
17.2. Orders Chapter 17. Global Class Field Theory

Note that since norm is multiplicative, (1) can be used to show that the set of O-ideals
prime to the conductor forms a subgroup I(O, f ) ≤ I(O). Moreover, the set

P (O, f ) = {αO | α ∈ O, (N(α), f ) = 1}

is a subgroup of I(O, f ). The next proposition describes the class group C(O) in terms of
O-ideals prime to the conductor.

Proposition 17.2.12. I(O, f )/P (O, f ) ∼

= I(O)/P (O) = C(O).

Proof. A result in Section 18.2 will imply that every ideal class in C(O) contains a proper
O-ideal whose norm is prime to a fixed M ∈ Z. Thus the map I(O, f ) → C(O) is surjective
with kernel I(O, f ) ∩ P (O), so it suffices to show P (O, f ) = I(O, f ) ∩ P (O).
On one hand, P (O, f ) ⊂ I(O, f ) ∩ P (O) is clear from the definitions of these subgroups.
On the other hand, every element of I(O, f ) ∩ P (O) is a fractional ideal of the form αO =
ab−1 , where α ∈ K and a, b are O-ideals prime to f . Let m = N(b). Then mO = bb̄ ∈
P (O, f ) and mb−1 = b̄ which implies

mαO = mab−1 = a(mb−1 ) = ab̄ ⊂ O.

So mαO ∈ P (O, f ). It follows that αO = (mαO)(mO)−1 ∈ P (O, f ) and hence the kernel is
equal to P (O, f ).
Given any positive integer m, an OK -ideal a is prime to m provided that a + mOK = OK .
By Lemma 17.2.11, this is equivalent to (N(a), m) = 1. This implies that for every ring of
integers OK , inside the group of fractional OK -ideals we have a subgroup IK (m) ≤ IK . In
Section 17.4 we will generalize this construction using class field theory, but for now we have

Theorem 17.2.13. Let O be the order of conductor f in an imaginary quadratic field K.

(1) If a is an OK -ideal prime to f , then a ∩ O is an O-ideal prime to f and N(a ∩ O) =

N(a), where the first norm is taken with respect to O and the second with respect to
OK .

(2) If b is an O-ideal prime to f , then bOK is an OK -ideal prime to f with the same
norm.

(3) IK (f ) ∼
= I(O, f ).

Proof. (1) Let a be an OK -ideal prime to f . By the natural injection ν : O/(a∩O) ,→ OK /a,
(N(a), f ) = 1 implies (N(a ∩ O), f ) = 1 as well. This shows a ∩ O is prime to f . As in
Lemma 17.2.11, the map ϕf is an automorphism of OK /a, but f OK ⊂ O so the injection ν
is also a surjection. Hence the norms are equal.
(2) and (3) Let b be an O-ideal prime to f . Then

bOK + f OK = (b + f O)OK = OOK = OK

276
17.2. Orders Chapter 17. Global Class Field Theory

which shows that bOK is an OK -ideal prime to f . In a moment we will show the norms are
equal, but first consider

bOK ∩ O = (bOK ∩ O)O

= (bOK ∩ O)(b + f O)
⊂ b + f (bOK ∩ O)
⊂ b + b(f OK ).

Since f OK ⊂ O this proves bOK ∩ O ⊂ b. The other containment, b ⊂ bOK ∩ O, is clear so

we have bOK ∩ O = b.
On the other hand, suppose a is an OK -ideal prime to f . Then

a = aO = a(a ∩ O + f O) ⊂ (a ∩ O)OK + f a,

but f a ⊂ f OK ⊂ O so f a ⊂ a ∩ O ⊂ (a ∩ O)OK and it follows that a ⊂ (a ∩ O)OK .

Again the other inclusion is obvious, so we have (a ∩ O)OK = a. These two identities for
O- and OK -ideals, along with (1), prove the equality of norms in (2). Furthermore we have
established a bijection

IK (f ) ←→ I(O, f )
a 7−→ a ∩ O
bOK →−7 b.

To show this is an isomorphism, we must simply check that it is multiplicative:

(aa0 )OK = (aOK )(a0 OK )

and we have proven the theorem.

Using unique factorization of ideals in OK , we have

Corollary 17.2.14. Every O-ideal prime to the conductor has a unique decomposition as a
product of prime O-ideals which are prime to the conductor.

Finally we describe C(O) in terms of the maximal order.

Theorem 17.2.15. Let O be the conductor of order f in an imaginary quadratic field K

and define PK,Z (f ) of IK (f ) by

PK,Z (f ) = {αOK | α ∈ OK and α ≡ a mod f OK for some a ∈ Z, (a, f ) = 1}.

Then C(O) ∼
= IK (f )/PK,Z (f ).
Proof. We have proven that C(O) ∼ = I(O, f )/P (O, f ). In the proof of Theorem 17.2.13
we saw that I(O, f ) ∼
= IK (f ), so it suffices to show that the image of P (O, f ) under this
isomorphism is PK,Z (f ). To do so, we will prove that for α ∈ OK ,

α ≡ a mod f OK , a ∈ Z, (a, f ) = 1 ⇐⇒ α ∈ O, (N(α), f ) = 1.

277
17.2. Orders Chapter 17. Global Class Field Theory

( =⇒ ) Assume α ≡ a mod f OK where a ∈ Z is relatively prime to f . By definition

of the numerical norm in a quadratic field, N(α) ≡ a2 (mod f ) which implies (N(α), f ) =
(a2 , f ) = 1. Since f OK ⊂ O we see that α ∈ O.
( ⇒= ) Conversely, suppose α ∈ O = [1, f wK ] with (N(α), f ) = 1. We may write
α = a + bf wK for a, b ∈ Z, so α ≡ a mod f OK . Since (N(α), f ) = 1, N(α) ≡ a2 (mod f )
again implies (a, f ) = 1. This proves the stated equivalence.
Now by definition P (O, f ) is generated by ideals αO, where α ∈ O and (N(α), f ) = 1.
∼
=
Thus we see that the image of P (O, f ) under the isomorphism I(O, f ) −
→ IK (f ) is generated
by the corresponding ideals αOK . By the equivalence proven above, this proves the image
is precisely PK,Z (f ).
We are by no means finished working with orders. In Section 17.12 we will realize
PK,Z (f ) as a congruence subgroup for the conductor, and show that there is a corresponding
field extension L/K with the special property that Gal(L/K) ∼ = IK (f )/PK,Z (f ). This will
allow us to provide a full solution to the question of when a prime is of the form p = x2 +ny 2 ,
which we have only answered partially as of Section 17.1.

278
17.3. Frobenius Automorphisms Chapter 17. Global Class Field Theory

17.3 Frobenius Automorphisms

Fix a Galois extension L of a number field K and let G be the Galois group of this extension.
Recall from Section 17.1 that for an unramified prime P ⊂ OL , there is an automorphism
q
σ ∈ G called the Artin symbol such that σ(α) = α for allα ∈ OL /P, where q = |OK /p|
L/K
if p = P ∩ OK . Cox denotes the Artin symbol by since it is used to define the
  P
L/K
Artin map : IK → G in the abelian case. On the other hand, Janusz and many
·
other authors refer to this element as the Frobenius automorphism, denoted FrobL/K (P).
We will use these names and notations interchangeably, since each has its uses in particular
contexts and neither is really preferred in the literature. There should be no confusion.
We’ve already proven the existence and uniqueness of the Frobenius automorphism
(Lemma 17.1.2) and in Proposition 17.1.3 we gave some nice properties, which we recall
here:
   
L/K L/K
(i) For all σ ∈ G, =σ σ −1 .
σ(P) P
(ii) FrobL/K (P) has order f = [OL /P : OK /p] in G.
 
L/K
(iii) p splits completely in L ⇐⇒ = 1 for any prime P lying over p.
P
Note that (i) means that in general, the set {FrobL/K (P) | P ⊂ OL divides p} is a conjugacy
class
 inG. If L/K is abelian, this represents a single element of G which we denote with
L/K
or FrobL/K (p).
p
It will be useful to know how the Frobenius automorphism behaves in towers. Suppose
L ⊃ E ⊃ K and denote P ∩ E by pE . If p = P ∩ K is unramified in L, pE is clearly
also unramified in L so there is a Frobenius automorphism FrobL/E (P) which relates to
FrobL/K (P) by the next few results.
 f  
L/K 0 L/E
Proposition 17.3.1. Let f0 = f (pE | p). Then = .
P P
Proof. The residue fields are related in the following way:

OL /P ⊃ OE /pE ⊃ OK /p

and they have orders q f , q f0 and q, respectively. Consider G0 = Gal(`/ε), where ` = OL /P

f
and ε = OE /pE . This group is generated by the automorphism x 7→ xq 0 which is the f0 th
power of the generator of Gal(`/k). The proposition then follows from the definitions of the
Frobenius automorphisms.
Proposition 17.3.2. Suppose L ⊃ E ⊃ K is a tower of fields so that L/K is abelian and
E/K is normal. Let m be a modulus on K and let mE denote the modulus of E defined by
the primes lying over each p | m. Then the following diagram commutes:

279
17.3. Frobenius Automorphisms Chapter 17. Global Class Field Theory

FrobL/K (·)
m
IK Gal(L/K)
σ

σ|E
IEmE Gal(E/K)
FrobE/K (·)

Proof. Let P ∈ OL and set pE = P ∩ E. Since E/K is normal, FrobE/K (pE ) is defined. To
show the diagram commutes, it suffices to prove that the restriction of FrobL/K (P) to E is
exactly FrobE/K (pE ). For any α ∈ OE , σ(α) ≡ αq mod P if and only if σ(α) ≡ αq mod pE
since pE = P ∩ E is fixed by all of G when E/K is normal. Therefore

FrobL/K (P)E = FrobE/K (pE ).

Corollary 17.3.3. Suppose E1 and E2 are normal extensions of K and L = E1 E2 . Define

p1 = P ∩ E1 and p2 = P ∩ E2 so that their Frobenius elements are all defined. Then the
homomorphism

Gal(L/K) −→ Gal(E1 /K) × Gal(E2 /K)

σ 7−→ (σ |E1 , σ |E2 )

is one-to-one and therefore

     
L/K E1 /K E2 /K
= × .
P p1 p2
Proof. The previous proposition shows that the map is a well-defined homomorphism. Then
the fact that p splits completely in L ⇐⇒ p splits completely in E1 and E2 proves the map
is one-to-one.
Let’s take a look at Frobenius automorphisms in our favourite example.
Example
  17.3.4. Let K = Q(i) and take any prime integer p. Since K/Q is abelian,
K/Q
represents a single element. We claim that
p
  (
K/Q complex conjugation if p ≡ 3 (mod 4)
=
p 1 if p ≡ 1 (mod 4).

To prove this, first let p ≡ 3 (mod 4). Then p remains prime in Q(i) and the residue fields
are given by
` = Z[i]/pZ[i] = Fp2 and k = Z/pZ = Fp .
The Frobenius element for p in `/k must be x 7→ xp :

(a + bi)p = ap + bp ip ≡ a − bi (mod p).

280
17.3. Frobenius Automorphisms Chapter 17. Global Class Field Theory

So the Frobenius element of any prime p ≡ 3 (mod 4) is complex conjugation.

On the other hand, recall that if p ≡ 1 (mod 4), (p) splits completely in Q(i). If pZ[i] =
p1 p2 , these prime ideals must be complex conjugates. Then we have

Z[i]/p1 = Z[i]/p2 = Fp and Z/pZ = Fp

so the Frobenius automorphism is the identity.

Next we describe Frobenius automorphisms in general cyclotomic extensions.
Example 17.3.5. Let K = Q(ζn ) where ζn = e2πi/n for some n ≥ 2. Then Gal(L/K) ∼ =
(Z/nZ)× via the automorphism identifying [k] ∈ (Z/nZ)× with the map ζn 7→ ζnk . For a
prime p - n, this implies that
 
K/Q
= (ζn 7→ ζnp ) ←→ p (mod n).
p

In particular, this implies that (p) splits completely in Q(ζn ) if and only if p ≡ 1 (mod n).
For the rest of the section, we focus on setting up the right conditions for a generalization
of the Artin map. The definition is simpler when it is a map on unramified primes of OK so
we need a way to restrict to these primes.
Definition. For a number field K, let IK be the group of fractional OK -ideals and let S be
S
a finite set of primes in OK . Then IK is defined to be the subgroup of IK generated by those
prime ideals which are not in S.
In practice we will take S to be the set of primes that ramify in an extension L/K. For
this choice of S, we define
Definition. Suppose L/K is abelian and let S = {primes p ⊂ OK | p ramifies in L} so
S
that IK is generated by the unramified primes in OK . Define the Artin map to be the
homomorphism
S
ϕL/K : IK −→ G = Gal(L/K)
Y  L/K ei
a 7−→
p
pi
i

pei i .
Q
where a is a fractional ideal with prime factorization a =
Since L/K is abelian, this map is well-defined. We will later (Section 17.11) generalize the
Artin map to non-abelian extensions.
Suppose E is a finite extension of K. Then EL/E is an abelian extension whose Galois
group, say H, is a subgroup of Gal(L/K) when we restrict elements of H to L. Let IES denote
the subgroup of IE generated by primes in OE that do not lie over any prime in S. Note
that this is equivalent to saying IES is generated by the primes of OE which have norm in IK
S
.
Proposition 17.3.6. Let G = Gal(L/K) and H = Gal(EL/E). Then restricting H to L
gives us ϕEL/E = ϕL/K NE/K on IES .

281
17.3. Frobenius Automorphisms Chapter 17. Global Class Field Theory

Proof. Let P ⊂ OEL be prime and let PE = P ∩ E, PL = P ∩ L and p = P ∩ K. Then

q := NK/Q (p) is a prime power and NE/K (PE ) = pf . Let σ = FrobEL/E (PE ). Then for
f
each α ∈ OEL we have σ(α) ≡ αq mod P. Recall that σ(P) = P and σ(PL ) = PL . Let
τ = FrobL/K (p). Then when α ∈ OL we have
f
τ (α) ≡ αq mod PL =⇒ τ f (α) ≡ αq mod PL

Since the Frobenius automorphism is unique, τ f = σ on L. This proves the property for all
primes in IES and since they generate IES we’re done.

Corollary 17.3.7. Let ϕ be the Artin map in an extension L/K. Then NL/K (ILS ) ⊆ ker ϕ.

Proof. Let E = L and apply Proposition 17.3.6 to obtain ϕL/K NL/K = ϕL/L = 1.
From this we obtain a nice description of ϕ for any abelian extension K of Q.

Theorem 17.3.8. Let K/Q and let S be the set of prime ideals containing (m) for some
positive integer m. Then the Artin map ϕ : IQS → Gal(K/Q) is surjective with
n a o
ker ϕ = fractional ideals : a ≡ b (mod m) .
b
Proof. See III.3.3 of Janusz. Surjectivity of ϕ will follow from the Frobenius Density Theorem
in Section 17.6.
When L/K is not an abelian extension, a description of the Artin map becomes more
difficult. For this reason many theorems in class field theory are complicated to state. It is
our goal in the next few sections to provide a glimpse of some of the constructions required
to prove a more general description of the Artin map.

282
17.4. Ray Class Groups Chapter 17. Global Class Field Theory

17.4 Ray Class Groups

In this section we generalize the class group from Chapter 14.
Definition. A modulus m is a formal product of places of K:
Y
m= pn(p) .
p

This product is taken over all places of K, and the n(p) are nonnegative integers subject to
the following conditions:
(1) If p is finite then n(p) ≥ 0 and only finitely many of these are nonzero.

(2) If p is a real infinite prime, n(p) = 0 or 1.

(3) If p is a complex infinite prime, n(p) = 0.

It is common to write a modulus as m = m0 m∞ where m0 denotes the product of all finite
primes with positive exponent and m∞ denotes the product of the real primes in m. In this
way m0 may be realized as an integral ideal in OK .
Fix a place p of K and take α ∈ K ∗ . If p is a real infinite place, we say α ≡ 1 mod p
if αp > 0. Otherwise α 6≡ 1 mod p. If p is finite, we say α ≡ 1 mod pn(p) if α is in the
valuation ring corresponding to p and α − 1 ∈ pn(p) . We can extend this notion of congruence
for elements of K ∗ to any modulus m by α ≡ 1 mod m if and only if α ≡ 1 mod pn(p) for
all primes with n(p) > 0.
Definition. For a modulus m of a number field K, define the following subgroups of K ∗ :

Km = ab | a, b ∈ OK and aOK , bOK are relatively prime to m0



Km,1 = {α ∈ Km | α ≡ 1 mod m}.

S S
Let IK be as in the last section; that is, for any set of primes S, IK is the subgroup of
IK generated by primes outside S. We define a special case of this for moduli of K.
Definition. Let S be the set of primes dividing m0 for some modulus m. Then we denote
S
the subgroup IK ≤ IK by I m .
There is a natural inclusion i : K ∗ → IK given by α 7→ (α); we denote the image of Km,1
under this map by PK (m, 1) := i(Km,1 ). This allows us to define
Definition. The ray class group of a modulus m is CK (m) = I m /PK (m, 1). The cosets of
PK (m, 1) in this quotient are referred to as ray classes mod m.
Example 17.4.1. If m = 1 then PK (m, 1) is just the subgroup of principal ideals and thus
CK (m) is the full ideal class group C(OK ).
Y
Example 17.4.2. If m = ν then CK (m) = IK /{(a) : |a|ν > 0 for all real ν} is called
ν real
the narrow class group of K.

283
17.4. Ray Class Groups Chapter 17. Global Class Field Theory

Example 17.4.3. Let m = (2)3 (17)2 (19) · ∞, a modulus of Q. Then m0 = (2)3 (17)2 (19) so
Qm,1 consists of all x ∈ Q satisfying
x>0
x≡1 mod 23
x≡1 mod 172
x≡1 mod 19.
For example, if x = ab for a, b ∈ Z and b 6= 0 then the condition at the place 2 tells us a
and b are odd and ab−1 ≡ 1 mod 8. This looks similar to the Chinese remainder theorem
(3.2.10), but in fact we’ve seen this before in the weak approximation theorem (15.3.9).
Remark. When  p is an infinite place of K, the statement |α − β|p < ε for small ε > 0 is
equivalent to αβ > 0, i.e. α ≡ β mod p. When p is a finite place, recall that |α|p = cv(α)
p
for some real number c, 0 < c < 1. Then we see that |α − β|p < ε is equivalent to
  ε
=: ε0 .
α
 β − 1 <

p |β|p
 
In turn when ε0 is small, say ε0 < cn for some n, then v αβ − 1 > 1 which means αβ − 1
is in the valuation ring for p. Recall that this is the same as saying α ≡ β mod pn . So in
general we see that |α − β|p < ε is equivalent to α ≡ β mod pn for a sufficiently large n. As
suggested in Example 17.4.3, the reformulation of the weak approximation theorem in terms
of congruences allows us to view it as a generalization of the Chinese remainder theorem.
The weak approximation theorem and this remark allow us to prove
Theorem 17.4.4. For every modulus m of K, there is an exact sequence
0 → UK /Um,1 → Km /Km,1 → CK (m) → C(OK ) → 0
and isomorphisms

Km /Km,1 ∼ (OK /pn(p) )× ∼

Y Y Y
= {±1} × = {±1} × (OK /m0 )×
p real p|m0 p real
p|m p|m

where Um,1 = UK ∩ Km,1 .

Proof. First, the inclusion I m ,→ IK induces a homomorphism CK (m) → C(OK ). Consider
the sequence
0 → UK → Km → I m → C(OK ) → 0.
We will show that it is exact. In particular, to show I m → C(OK ) is surjective, we must
prove that every ideal class is represented by an ideal in I m . Let a be a fractional ideal; we
may write a = bc−1 where b and c are integral ideals. For any c ∈ c, a · (c) = bc−1 (c) is
integral so we may assume a is integral in the first place. Write
Y
a= pn(p) b
p|m

284
17.4. Ray Class Groups Chapter 17. Global Class Field Theory

where b ∈ I m . For each p | m, choose πp ∈ p r p2 such that πp ≡ 1 mod p. By the weak

n(p)
approximation theorem (15.3.9), there is some a ∈ OK so that a ≡ πp mod pn(p)+1 for all
p | m. This means we can write
Y
(a) = pn(p) b0 where b0 ∈ I m
p|m

but then a−1 a ∈ I m and this belongs to the same ideal class as a. Hence I m → C(OK ) is
surjective. Next, if a ∈ I m maps to the trivial class in C(OK ) then a = (α) for some α ∈ Km
and this α is uniquely determined up to multiplication by a unit u ∈ UK . This implies
exactness of the rest of the sequence.
f g
Now consider the maps Km,1 → − Km → − I m . By the work above, ker g = UK and coker g =
C(OK ). By definition, coker(g ◦ f ) = CK (m) and ker(g ◦ f ) = Km,1 ∩ UK = Um,1 . Finally,
f is injective by the definitions of Km and Km,1 . Hence by the Snake Lemma, we have an
exact sequence
0 → Um,1 → UK → Km /Km,1 → CK (m) → C(OK ) → 0.
Next we prove the isomorphisms. Let p | m. If p is an infinite prime we map α ∈ Km to
the sign (+ or −) of the image of α under the embedding (·)p : K ,→ C. If p is finite, we
map α to [a][b]−1 ∈ (OK /pn(p) )× where a, b ∈ OK such that a ≡ b ≡ 1 mod m0 . Since a and
b are in particular relatively prime to p, it makes sense to define their equivalence classes
and take inverses in (OK /pn(p) )× . Consider the map we have defined:
Y Y
ϕ : Km −→ {±} × (OK /pn(p) )× .
p real p|m0

By the weak approximation theorem and the above remark, ϕ is surjective. Moreover, its
kernel is Km,1 by the way this subroup is defined. This shows the first isomorphism, and the
second is easily concluded from the Chinese remainder theorem.
Corollary 17.4.5. The ray class group CK (m) for any modulus m is a finite group of order
hK 2r0 N(m0 ) Y
 
1
hm = 1−
[UK : Um,1 ] N(p)
p|m0

where r0 is the number of real primes dividing m.

Proof. First, OK /pn is a local ring with maximal ideal p/pn ; this can be seen by the cor-
respondence between its ideals and the ideals of OK containing p. Moreover, the units
in OK /pn are precisely those elements not in p/pn . It follows that (OK /pn )× has order
q n−1 (q − 1) where q = N(p) = [OK : p]. Then by Theorem 17.4.4,
|CK (m)| = |(Km /Km,1 )/(UK /Um,1 )| · |C(OK )|
 
 
Y Y
n(p) × 
(OK /p )  [UK : Um,1 ]−1 · hK
 
= {±1} ×
p real p|m0 
Y
= hK 2r0 [UK : Um,1 ]−1 N(p)n(p)−1 (N(p) − 1).
p|m0

285
17.4. Ray Class Groups Chapter 17. Global Class Field Theory

Furthermore, this expression is equal to the desired one when we factor out N(m0 ) from the
product on the right, using that N is multiplicative.
The most important implication of Corollary 17.4.5 is that every ray class group CK (m)
is finite. Let’s take a look at some examples.

Example 17.4.6. For K = Q, the narrow class group is trivial.

√
Example 17.4.7. Let K = Q( n) for n > 0. Here there are two real primes and UK =
{±εm } ∼
= Z/2Z × Z for a fundamental unit ε. Let ε̄ be the conjugate of ε. Then
(
2hK if ε, ε̄ have the same sign
hm =
hK otherwise.

Also note that N(ε) = −1 if and only if ε and ε̄ have different signs. For the first few values
of n we have
n hK ε√ N(ε)
2 1 1 + √2 −1
3 1 2 +√ 3 1
5 1 (1 + √5)/2 −1
6 1 5+2 6 1
√ √
so we see that the narrow class numbers for Q( 3) and Q( 6) are 2, whereas the others
have narrow class number 1.

Example 17.4.8. Let’s look at the important example of cyclotomic extensions. Let L =
Q(ζm ) where ζm = e2πi/m for m > 2. Define the modulus m = (m)∞ on L. We claim that
all ramified primes of L divide m. The minimal polynomial of ζm over Q is well known:
it is the mth cyclotomic polynomial Φm (x). These polynomials are constructed by setting
Φ1 (x) = x − 1 and recursively defining
xm − 1
Φm (x) = Y .
Φd (x)
d|m
d<m

The relevant property we will use is that Φm (x) is a factor of xm − 1. For a prime p,
consider xm − 1 over the finite field Fp . Since the formal derivative of xm − 1 is mxm−1 , these
polynomials are relatively prime unless m = 0 in Fp , i.e. p | m. In particular this shows that
if p - m, xm − 1 is separable mod p and so are all of its irreducible factors, namely Φm (x).
Hence by Theorem 14.5.7, p is unramified in L. This allows us to consider the Artin map
ϕL/Q : IQm → Gal(L/Q) ∼ = (Z/mZ)× .
We know from Section 17.3 that in any abelian extension L/K, the Artin map takes a
prime p ∈ IK m
to the Frobenius automorphism x 7→ xq where q = |OK /p|. In this example
K = Q and L = Q(ζm ) so OK = Z and p = (p) for a prime integer p. The isomorphism

286
17.4. Ray Class Groups Chapter 17. Global Class Field Theory

Gal(L/Q) ∼= (Z/mZ)× is exhibited by (σ : Q ζm 7→ ζmk

) 7→ [k].
Q Using this description, we can
sp tr
extend ϕL/Q to all fractional ideals. If a = p and b = r then we should have
  −1
Y Y
ϕL/Q ab Z =  ϕL/Q (pZ)sp   ϕL/Q (rZ)tr 

p|a r|b
  −1
Y Y
= |Z/pZ|sp   |Z/rZ|tr 
p|a r|b
  −1
Y Y
= ps p   rtr  = [a][b]−1 .
p|a r|b

It’s easy to see that the kernel of the Artin map is precisely PQ (m, 1) since by definition,

PQ (m, 1) = {(α) ∈ IQ | α ≡ 1 mod m}

= {(a/b)Z | a, b ∈ Z and a ≡ b mod m}
= {(a/b)Z | [a][b]−1 = 1 ∈ (Z/mZ)× }.

Moreover, the Artin map in this case is clearly surjective (this will be proven in general
in Section 17.6). This implies that the ray class group for m = (m)∞ is isomorphic to
(Z/mZ)× .
We can use Corollary 17.4.5 to get even more information out of this example. For
m = (m)∞, the above shows that |CQ (m)| = φ(m). Plugging this into the ray class formula,
we have
hK 2r0 N(m0 ) Y
 
1
φ(m) = 1− .
[UK : Um,1 ] N(p)
p|m0

Notice that the numerical norm on Q just evaluates to the integer itself, so we can multiply
N(m0 ) = m back into the product on the right to obtain
hK 2r0 Y n(p)−1
φ(m) = p (p − 1)
[UK : Um,1 ]
p|m

where n(p) is the exponent of p in the prime factorization of m. This product is now easily
recognized as φ(m), so we can cancel this from both sides and rearrange:

[UK : Um,1 ] = hK 2r0 .

In general it is a very hard problem to compute the class number of a cyclotomic field so
we end the discussion here. The study of the cyclotomic fields is closely related to 20th
Century pursuits of a proof of Fermat’s Last Theorem. For example, in Section 13.1 unique
factorization was used to prove FLT when Q(ζm ) has class number 1 but this fails for
m as small as 23. To worsen matters, the class number of Q(ζm ) is not even known for
sure for m > 70, and even assuming the Generalized Riemann Hypothesis only allows for
computations up to m = 163.

287
17.5. L-series and Dirichlet Density Chapter 17. Global Class Field Theory

17.5 L-series and Dirichlet Density

In these next two sections we delve into the connections between analytic and algebraic
number theory in the form of Dirichlet series. At the end of Section 17.6 we will be able
to prove Dirichlet’s theorem on primes in arithmetic progression, one of the cornerstones of
early analytic number theory.
Recall the following definitions from Section 12.4.
Definition. For any positive integer m, a Dirichlet character mod m is a homomorphism
χ : (Z/mZ)× → C× . It is typical to extend a character to the entire ring of integers by
(
χ([n]) if gcd(n, m) = 1
χ(n) =
0 if gcd(n, m) 6= 1.

The trivial character mod m, which takes every [n] ∈ (Z/mZ)× to 1 (and every other
integer to 0), is called the principal Dirichlet character, denoted χ0 .
Definition. For a Dirichlet character χ, the complex-valued function
∞
X χ(n)
L(s, χ) =
n=1
ns

is called a Dirichlet L-series.

The product formula (Theorem 12.4.2) for L-series is
Y 1
L(s, χ) =
1 − χ(p)p−s
p-m

Recall that both expressions for L(s, χ) converge when Re(s) > 1.
We can extend the idea of Riemann’s zeta function to an arbitrary algebraic number field
in the following way.
Definition. Let K be an algebraic number field and for any nonzero ideal a ⊂ OK , let N(a)
denote its numerical norm. Then the Dedekind zeta function for K is the complex-valued
function
X 1
ζK (s) = s
.
a⊂O
N(a)
K

Notice that when K = Q, the zeta function is simply the Riemann zeta function. An
even further generalization of ζK (s) is obtained by taking a modulus m of K and letting k
be a class in the ray class group CK (m), and defining
X 1
ζ(s, k) = .
a∈k
N(a)s
X
In particular when m = 1, ζK (s) = ζ(s, k).
k∈C(OK )

288
17.5. L-series and Dirichlet Density Chapter 17. Global Class Field Theory

We are interested in computing the limit of (s − 1)ζ(s, k) as s → 1. If we write

X χ(a)
ζ(s, k) =
a⊂O
N(a)s
K

where χ(a) = 1 if a ∈ k and 0 otherwise, then s(x) simply counts the number of ideals of
OK with norm less than or equal to x. By Proposition 12.4.4,

s(x)
lim(s − 1)ζ(s, k) = lim .
s→1 x→∞ x

To evaluate the limit on the right, we require a bit more machinery.

For a lattice L in an n-dimensional vector space V (as in Section 14.9), and any bounded
region D ⊂ V , let T (γ) denote the number of points of γLv in D, where γ > 0 is real and
Lv := v + L for some vector v ∈ V . Define the function M (t) = T (t−1 ). Then the Euclidean
volume (or Lebesgue measure) of D can be computed as

M (t)
vol(D) = lim .
t→∞ tn

s(x) M (t)
The plan is to identify x
with tn
for suitably chosen L, D and M (t). First we observe
the following.

Lemma 17.5.1. Each ray class k ∈ CK (m) contains an integral ideal.

Proof. Since CK (m) is finite, each prime not dividing m has some power in the trivial class.
If a = a1 a2−1 is an ideal in the class k, where a1 and a2 are integral ideals, then at2 is trivial
for some t > 1. Thus aat2 is an integral ideal in k = kat2 .
Now suppose a is an integral ideal in k with N(a) ≤ n for a fixed n ∈ N. Then for
any integral ideal b ∈ k −1 , ab = 0 in CK (m) so ab = (α) for some α ∈ b ∩ Km,1 with
N(α) ≤ nN(b). On the other hand, if we have such an α, then a = (α)b−1 ∈ k has norm
less than or equal to n. We summarize this in the following lemma.

Lemma 17.5.2. For any n, the value s(n) is the number of principal ideals (α) such that
α ∈ b ∩ Km,1 and N(α) ≤ nN(b). Furthermore, there is some α0 ∈ K satisfying

α0 ≡ 1 mod m0 and α0 ≡ 0 mod b

such that α ≡ α0 mod m0 b for every α counted by s(n).

The existence of such an α0 is guaranteed by the weak approximation theorem (Sec-

tion 17.4) and the fact that b ∈ I m implies b - m.
Now let β1 , . . . , βn be a basis for the ideal m0 b, where n = [K : Q]. Then we may write
any α from Lemma 17.5.2 in the form
n
X
α = α0 + ai βi .
i=1

289
17.5. L-series and Dirichlet Density Chapter 17. Global Class Field Theory

P
Moreover, α0 = hi βi for some hi ∈ Q. To connect ideals with lattices once again, let L be
the lattice in R of points with integer coordinates, i.e. L = Zn . Take v = (hi ) and recall
n

the notation Lv = v + L. Then the map

Lv −→ K ∗
X
(xi ) 7−→ xi βi

gives a one-to-one correspondence between points in Lv and elements α ∈ K ∗ which satisfy

Lemma 17.5.2. We also need

Lemma 17.5.3. Let wm denote the number of roots of unity in Um,1 . Then there are exactly
wm · s(n) points (x1 , . . . , xn ) ∈ Lv which satisfy
n
X
(1) α = xi βi .
i=1

(2) α ≡ 1 mod m∞ .

(3) 0 < N(α) ≤ nN(b).

n r s
X z }| { z }| {
(4) L(α) = c0 w̄0 + ci w̄i , where 0 ≤ ci < 1, w̄0 = (1, . . . , 1, 2, . . . , 2) and w̄i = L(ui ),
i=1
the images of the generators of the unit group Um,1 .

Proof sketch. We know there are s(n) principal ideals (α) satisfying (2) and (3) by Lemma 17.5.2.
Each ideal (α) may be generated by any α0 = uα, where u ∈ Um,1 . Out of all these elements,
exactly wm satisfy (4). Finally, the map L : UK → Rr+s restricted to Um,1 provides the
connection between these ideals and points in Lv .

Now let D be the set of all points (x1 , . . . , xn ) ∈ Rn satisfying Lemma 17.5.3 such that
each xi ≥ 0. We skip straight to the statement of the volume; see section IV.2 of Janusz to
see how it is derived.

Proposition 17.5.4. As before, let r0 be the number of real primes dividing a modulus m.
For D defined above,
2r−r0 reg(m)(2π)s
vol(D) = p
N(m0 b) |dK |
where reg(m) is the regulator for Um,1 .

Recall (Section 14.10) that reg(m) is the determinant of the matrix whose ith row is
L(ui ). Above we defined r0 to be the number of real primes dividing m∞ . We can extend
the norm to any modulus by setting N(m∞ ) = 2r0 , so that N(m) = 2r0 N(m0 ). This leads to
the main result.

290
17.5. L-series and Dirichlet Density Chapter 17. Global Class Field Theory

Theorem 17.5.5. Let K be a number field, m a modulus of K and k a class of ideals in

CK (m). Then
2r (2π)s reg(m)
lim(s − 1)ζ(s, k) = p
s→1 N(m)wm |dK |
where r is the number of real primes of K, s is the number of pairs of complex primes of K
and wm is the number of roots of unity in Um,1 .

Corollary 17.5.6. Let ζK (s) be the Dedekind zeta function for a number field K. Then

2r (2π)s reg(K)
lim(s − 1)ζK (s) = p hK
s→1 wK |dK |

where wK = |µ(K)| and hK is the class number.

Proof. Remember that ζK (s) coincides with the sum of all the ζ(s, k) for m = 1, i.e. k are
the distinct ideal classes in C(OK ). Taking the sum of the formula in Theorem 17.5.5 over
all k ∈ C(OK ) gives the result.

Example 17.5.7. In the case when K = Q, the Riemann zeta function has a simple pole
at s = 1 since by Corollary 17.5.6,

lim(s − 1)ζ(s) = 1.
s→1

We proved this in Section 12.1; however our work on ζK (s) gives us a much simpler proof.
What’s more, the Dedekind zeta function for any number field can be analytically continued
to the whole complex plane except for a simple pole at s = 1.

Next we extend L-series to arbitrary number fields in a similar fashion to what we did
with zeta functions. Let m be a modulus of K and let χ be any multiplicative function
χ : CK (m) → C× . We extend χ to a character on all of I m be defining χ(a) for an ideal
a ∈ I m to be the value of χ at the ideal class [a] in CK (m).

Definition. The L-series for χ is

X χ(a)
L(s, χ) =
a
N(a)s

where the sum is taken over all a ∈ I m , i.e. all integral ideals relatively prime to m.

Note that since χ(a) only depends on k = [a], we may express L(s, χ) in terms of zeta
functions as we did with the Dedekind zeta function:
X
L(s, χ) = χ(k)ζ(s, k).
k∈CK (m)

The following generalizes Theorem 12.4.2:

291
17.5. L-series and Dirichlet Density Chapter 17. Global Class Field Theory

Proposition 17.5.8 (Product Formula). Fix a modulus m of a number field K. For all
s ∈ C with Re(s) > 1 and for any character χ : I m → C× , L(s, χ) may be expressed as the
uniform limit of the product
Y −1
χ(p)
L(s, χ) = 1− .
N(p)s
p-m

Proof. Let p be any prime ideal in OK . Then the series

−1
χ(p2 ) χ(p3 )

χ(p) χ(p)
1− = 1 + + + + ...
N(p)s N(p)s N(p2 )s N(p3 )s

converges absolutely. Suppose p1 , . . . , pr are all the primes in I m with norm at most n – by
Lemma 14.9.2 there are finitely many of these. Then
r  −1 X
Y χ(pi ) χ(pa11 · · · par r ) X χ(a)
1− = = .
i=1
N(pi )s N(pa11 · · · par r )s m
N(a)s
a∈I
N(a)≤n

Rearranging the terms of the L-series, we see that

   
   −1   

L(s, χ) −
Y χ(p)   X χ(a) 
1− ≤ .
 N(p)s   N(a)s 
 N(p)≤n   N(a)>n

L(s, χ) converges for all Re(s) > 1 (in fact for all Re(s) > 0 as with L-series over Q) so the
remainder term on the right must tend to 0 as n → ∞. Hence for all Re(s) > 1,
Y −1
χ(p)
L(s, χ) = 1− .
N(p)s
p-m

Proposition 17.5.9. Let hm = |CK (m)| and define the quantity

2r (2π)s reg(m)
gm = p
N(m)wm |dK |

where the terms are as in Theorem 17.5.5. Then

(
0 if χ 6= χ0
lim(s − 1)L(s, χ) =
s→1 hm gm if χ = χ0

where χ0 is the principal character mod m.

292
17.5. L-series and Dirichlet Density Chapter 17. Global Class Field Theory

Recall the function log z from complex analysis (Section 11.2). One typically restricts its
π π


domain to − 2 , 2 for Re(z) > 0 – called the principal branch of the logarithm – and writes
its series expansion as
∞
z2 z3 X zn
− log(1 − z) = z + + + ... = .
2 3 n=1
n

It is also known that every L-series satisfies

X χ(p)
log L(s, χ) = s
+ gχ (s)
p∈I m
N(p)

for some function gχ which is bounded on a neighborhood of s = 1. (Details can be found

in Janusz and Serre.)

Example 17.5.10. Suppose there are only a finite number of primes p ∈ Z. Then ζ(s) =
ζQ (s) would have to be bounded near s = 1. Recall that lim(s−1)ζ(s) = 1 by Example 17.5.7.
s→1
Then (s − 1)ζ(s) is also bounded near s = 1. This means

log(s − 1) = log((s − 1)ζ(s)) − log ζ(s)

is bounded near s = 1, which of course is impossible since log(s − 1) → −∞ as s → 1. This

is a rather neat proof that there are an infinite number of rational primes using the Riemann
zeta function. Moreover, we showed that

log ζ(s) ∼ − log(s − 1)

where f (z) ∼ g(z) as usual means

lim |f (z) − g(z)| < ∞.

z→1

This generalizes in an important way.

Definition. Let K be an algebraic number field and S a set of prime ideals in OK . If there
exists a real number δ such that
X 1
s
∼ −δ log(s − 1)
p∈S
N(p)

then S is said to have Dirichlet density δ, denoted δ(S) = δ.

Example 17.5.10 shows that the set of rational primes has Dirichlet density δ = 1. In
general, establishing that a set has nonzero density is important for the following reason.

Proposition 17.5.11. For any set S whose Dirichlet density δ(S) is defined, 0 ≤ δ(S) ≤ 1,
and if δ(S) 6= 0 then S is an infinite set.

293
17.5. L-series and Dirichlet Density Chapter 17. Global Class Field Theory

Proof. The first statement comes from the more general fact that if T ⊆ S then δ(T ) ≤ δ(S).
X 1
This in turn is a result of the fact that s
cannot be negative for s ∈ R sufficiently
p∈S
N(p)
close to s = 1. The prove the second statement, consider the contrapositive: if S is finite
then X 1
s
∼ 0.
p∈S
N(p)

This is true by definition of ∼ and the desired statement follows.

Consider the set S of primes p ⊂ OK having inertial degree f = 1. We call S the set
of degree 1 primes of K. In the following lemma we prove that there are infinitely many of
these primes in any number field.

Lemma 17.5.12. The set S of degree 1 primes of a number field K is an infinite set.

Proof. Since there are only a finite number of primes that ramify in K, we may assume S
excludes these. Then S consists of precisely those primes p ∈ OK whose norm N(p) is a
prime integer. Then
X 1
log ζK (s) ∼
p⊂O
N(p)s
K

where the p are all primes in OK . For p 6∈ S (again excluding ramified primes, since the
sum above is bounded at s = 1 for finite sums), N(p) = pf ≥ p2 , where p = p ∩ Z. At most
[K : Q] of these p have their norms equal to a power of the same prime. Therefore we bound
the sum by  
X 1  X 1
≤ [K : .
 
s
Q] 2s
N(p) p
 

p6∈S p prime

The sum on the right is bounded at s = 1, so therefore

X 1
log ζK (s) ∼ .
p∈S
N(p)s

Lemma 17.5.6 now tells us that log(s − 1)ζK (s) is bounded at s = 1, but since log(s − 1) is
clearly not bounded at s = 1, we must have
X 1
∼ log ζK (s) ∼ − log(s − 1).
p∈S
N(p)s

This shows that S is an infinite set; in fact, we have shown that δ(S) = 1. This will be
important in Section 17.6.
We will need the next theorem in the course of proving Dirichlet’s theorem on arithmetic
progressions in Section 17.6.

Theorem 17.5.13. Let m be a modulus of K and take H to be a subgroup PK (m, 1) ≤ H ≤

I m , setting h = [I m : H]. If S is a set of primes in H with density δ(S), then δ(S) ≤ h1 .

294
17.5. L-series and Dirichlet Density Chapter 17. Global Class Field Theory

Proof. First note that Corollary 17.4.5 ensures that the index h will be finite. Let χ be
a character defined on I m /H; we may view χ as a homomorphism I m → C whose kernel
contains H. Then by previous remarks,
X χ(p)
log L(s, χ) = + gχ (s)
N(p)s
p-m

X
for gχ (s) convergent on Re(s) > 0 and bounded at s = 1. For any p ∈ I m , the sum χ(p)
χ
taken over all characters χ of I m /H is either h if p ∈ H or 0 otherwise. Then we see that
X h X
= (log L(s, χ) − gχ (s)) + log(s − 1)L(s, χ0 ) − log(s − 1) − gχ0 (s).
p∈H
N(p)s χ6=χ
0

We also have that X 1

= −δ(S) log(s − 1) + g(s)
p∈S
N(p)s

for some g(s) bounded at s = 1. Since S ⊆ H, Proposition 17.5.11 implies that

X 1 X 1
− ≥0
p∈H
N(p)s p∈S N(p)s

for all real s > 1. Hence for all such s,

X
− h1 − δ(S) log(s − 1) +


(log L(s, χ) − gχ (s)) + log(s − 1)L(s, χ0 ) − gχ0 (s) − g(s) > 0.
χ6=χ0

Each of the log L(s, χ) terms are bounded at s = 1 unless L(1, χ) = 0, in which case the
terms become negatively infinite at s = 1. However since we are assuming that s is real and
s > 1, log(s − 1) is negative near s = 1. Hence for the above expression to be positive, we
must have h1 − δ(S) ≥ 0, which impies δ(S) ≤ h1 as claimed.
Our proof implies that if δ(S) = h1 then L(1, χ) 6= 0 for any nonprincipal character χ of
I /H. In Section 17.11 we will see that the condition δ(S) = [I m1:H] holds when S is the set
m

of splitting primes and use this to prove a generalization of the Frobenius density theorem
for non-abelian extensions.

295
17.6. The Frobenius Density Theorem Chapter 17. Global Class Field Theory

17.6 The Frobenius Density Theorem

In this section we prove the first main density theorem used in class field theory. In some ways
the Frobenius density theorem has been rendered obsolete by the more powerful Čebotarev
density theorem (Section 17.11), but we felt it is important to see Frobenius’ earlier result
which was intimately related to Dirichlet’s study of primes in arithmetic progression. At the
end of the section, we present a proof of Dirichlet’s Theorem using the Frobenius density
theorem.
For this section, fix a number field K, a Galois extension L/K and let G = Gal(L/K).

Definition. Let σ ∈ G be an element of order n. The division of σ is the set of all elements
of G which are conjugate to some σ m where m ∈ Z is relatively prime to n. Equivalently, the
division of σ is the union of conjugacy classes of all generators of the cyclic subgroup hσi.

Lemma 17.6.1. Let σ ∈ G, H = hσi and t the number of elements in the division of σ.
Then t = φ(n)[G : NG (H)] where φ is Euler’s function and NG (H) denotes the normalizer
of H.

Proof. For all m relatively prime to n = |σ|, ZG (σ m ) = ZG (σ), where ZG denotes the
conjugacy class of an element. Thus as m ranges over the integers relatively prime to n,
we count φ(n)[G : ZG (σ)] conjugates. However, some of these need not be distinct. An
element is counted q times if it is conjugate to q distinct powers of q. Equivalently, q counts
the number of conjugates of σ m which are also powers of σ, i.e. q is the number of distinct
automorphisms of H induced under the conjugation action of G. Thus q = [NG (H) : ZG (σ)].
Putting this together,

φ(n)[G : ZG (σ)]
t= = φ(n)[G : NG (H)].
[NG (H) : ZG (H)]

We now state and prove the Frobenius density theorem.

Theorem 17.6.2 (Frobenius Density). Let σ ∈ G = Gal(L/K), let t denote the number of
elements in the division of σ and let S be the set of primes p ⊂ OK such that there is some
prime P ⊂ OL whose Frobenius automorphism FrobL/K (P) is in the division of σ. Then

t
δ(S) = .
|G|

Proof. We induct on n = |hσi|. For the base case, n = 1 means σ is the identity and S is the
set of primes of K which split completely in L. Let S ∗ denote the set of primes of p ⊂ OL
dividing some prime in S. For each p ∈ S, there are exactly |G| = [L : K] primes in S ∗
dividing p, each of which has norm equal to p. Then
X 1 X 1 X 1
s
= s
= |G| .
P∈S ∗
NL/Q (P) P∈S ∗
NK/Q (NL/K (P)) p∈S
NK/Q (p)s

296
17.6. The Frobenius Density Theorem Chapter 17. Global Class Field Theory

Let T be the set of degree 1 primes of L (those having inertial degree f = 1 over Q). Recall
that in the proof Lemma 17.5.12 we showed that δ(T ) = 1. By properties of Dirichlet density,
T ⊆ S ∗ implies that δ(S ∗ ) ≥ δ(T ) = 1, so δ(S ∗ ) = 1. This combines with the above work to
give us
X 1 1
s
∼ (− log(s − 1))
p∈S
N (p) |G|
1
and hence δ(S) = |G| , proving the base case.
Now assume that n = |hσi| > 1. Let H = hσi and E = LH , the subfield of L fixed by
H. The primes p ⊂ OK which have at least one degree 1 prime factor in OE are exactly
those divisible by a prime P ⊂ OL such that FrobL/K (P) is conjugate to some power of σ.
In other words p ∈ Sd for some d | n.
For each d | n, let td denote the size of the division of σ d . Let Sd denote the set of
OK -primes containing an OL -prime whose Frobenius automorphism lies in the division of
td
σ d . By induction, we have δ(Sd ) = |G| when d 6= 1.
Let SE denote the primes of E having inertial degree 1 over K. For each p ∈ Sd let n(p)
denote the number of primes in SE dividing p. Then each p ∈ Sd is the norm of exactly n(p)
distinct primes in SE . As in the base case, SE contains all the degree 1 primes of E (over
Q), so δ(SE ) = 1. Therefore
X 1 X X n(p)
− log(s − 1) ∼ s
= s
.
P∈S
NK/Q (NE/K (P)) p∈S
N(p)
E d|n d

Note that for any p ∈ Sd , n(p) is exactly the number of distinct cosets Hτi such that
Hτi σ d = Hτi . This coset equivalence occurs if and only if τi σ d τi−1 ∈ H, but since H is
cyclic, this can only happen if τi ∈ NG (hσ d i). Thus n(p) = [NG (hσ d i) : H] and using the
inductive hypothesis, we write
 
X 1  X [NG (hσ d i) : H]td 
[NG (H) : H] ∼ −1 +  log(s − 1).
p∈S
N(p)s  |G| 
d|n
d6=1

By Lemma 17.6.1, the coefficient on the right becomes

X φ n [G : NG (hσ d i)] [NG (hσ d i) : H]


X n
d
−1 + = −1 + φ |H|
|G| d
d|n d|n
d6=1 d6=1
X 1 n
= −1 + φ
n d
d|n
d6=1
φ(n) 1 X  n 
= −1 − + φ .
n n d
d|n

A well-known property of Euler’s function states that

X n
φ =n
d
d|n

297
17.6. The Frobenius Density Theorem Chapter 17. Global Class Field Theory

φ(n)
so the whole coefficient is −1 − n
+ 1
n
· n = − φ(n)
n
. Finally, this implies
X 1 φ(n) t
s
∼− log(s − 1) = − log(s − 1)
p∈S
N(p) [NG (H) : H] n |G|

t
using Lemma 17.6.1 again. Hence δ(S) = |G|
.
Now we can prove an important property of the Artin map that we have thus far neglected.
Corollary 17.6.3. Let L/K be an abelian extension of number fields and suppose S is a
finite set of primes of K that contains all the primes that ramify in L. Then the Artin map
S
ϕL/K : IK −→ Gal(L/K)

is surjective.
Proof. Let G = Gal(L/K) and take σ ∈ G. Since G is abelian, the division of σ is precisely
the set of generators of the cyclic group hσi. By the Frobenius density theorem, there exist
infinitely many primes P ⊂ OL such that FrobL/K (P) generates hσi and so one can certainly
be found outside the finite set S. Recall that when L/K is abelian, ϕL/K is well-defined on
the ideals of OK . Thus we can find p ⊂ OK such that ϕL/K (p) = σ 0 , a generator of hσi.
Since σ ∈ G was arbitrary, ϕL/K is onto.
Corollary 17.6.4. Let L1 and L2 be Galois extensions of a number field K and let S1 and
S2 be the sets of primes of K which split completely in L1 and L2 , respectively. Then S1 ⊆ S2
if and only if L2 ⊆ L1 .
Another important result we can prove now that we have the Frobenius density the-
orem is known as the first fundamental inequality of class field theory. Recall the map
i : K ∗ → IK that takes α 7→ (α). In Section 17.4 we denoted the image of Km,1 under this
map by PK (m, 1); it is also common in the literature to write i(Km,1 ) so we will use them
interchangeably.
Theorem 17.6.5 (First Inequality). Let L/K be a Galois extension of number fields, let m
be a modulus of K and let ILm denote the subgroup of IL generated by all primes P ⊂ OL for
m
which P ∩ K lies in IK . Then
m
[IK : NL/K (ILm )i(Km,1 )] ≤ [L : K].

Proof. With finitely many exceptions, the primes that split completely in L lie in NL/K (ILm ).
By the Frobenius density theorem, the density of the set of these primes is
1 1
=
|G| [L : K]
since it is the set of primes p such that FrobL/K (pOL ) = 1 ∈ G. Then by properties of
Frobenius density,
1 1
≤ m
[L : K] [IK : NL/K (ILm )i(Km,1 )]
which implies the first fundamental inequality.

298
17.6. The Frobenius Density Theorem Chapter 17. Global Class Field Theory

Under certain conditions the reverse inequality holds. This is called, as one might expect,
the second fundamental inequality of class field theory and will be discussed in the next
section.
We conclude the section with a proof of Dirichlet’s famous theorem on the infinitude of
primes in arithmetic progression. We first use the Frobenius density theorem to prove a nice
fact that is often hard to come by: the cyclotomic polynomials are irreducible.
Proposition 17.6.6. Let ζm denote a primitive mth root of unity. Then [Q(ζm ) : Q] = φ(m).
Proof. For m ∈ Z+ , let m = (m)∞ which is a modulus of Q. Set H = i(Qm,1 ) ≤ IQm . Then
by Example 17.4.8, the set of primes in Q that split completely in K = Q(ζm ) is precisely
1
the primes in H. The Frobenius density theorem says that the density of this set is [K:Q] .
Therefore by properties of Dirichlet density, this is at most
1 1
=
[IQm : H] φ(m)
which implies [K : Q] ≥ φ(m). On the other hand, the minimal polynomial of ζm over
Q, which is by definition the mth cyclotomic polynomial, has degree ≤ φ(m) since |G| =
|(Z/mZ)× | = φ(m). Hence we conclude that [K : Q] = φ(m).
Corollary 17.6.7. For any nonprincipal character χ of the ray class group CQ (m), where
m = (m)∞ as above, L(1, χ) 6= 0.
Proof. Apply Theorem 17.5.13 and Proposition 17.6.6 to see that
X
(log L(s, χ) − gχ (s)) + log(s − 1)L(s, χ0 ) − gχ0 (s) − g(s) > 0
χ6=χ0

since the log(s−1) term from the proof of Theorem 17.5.13 vanishes. The terms in the expres-
sion above are either all bounded at s = 1, or become negatively infinite when L(1, χ) = 0.
Since the expression must be positive, L(1, χ) must be nonzero.
The next result is the main step towards proving Dirichlet’s theorem. It is an interesting
result in its own right, since it unites the theories of L-series, Dirichlet density and ray class
groups we have studied so far.
Theorem 17.6.8. Let k0 be any ray class in CQ (m), where m = (m)∞. The set of primes
1
in k0 has density φ(m) .
Proof. For any character χ of CQ (m) we have
X χ(p) X X 1
log(s, χ) ∼ = χ(k) .
p prime
ps p∈k
ps
k∈CQ (m)

Multiplying by χ(k0−1 ) and summing over all characters of CQ (m) yields

X XX X 1
log L(s, χ0 ) + χ(k0−1 ) log L(s, χ) = χ(k0−1 k) .
χ6=χ k χ p∈k
ps
0

Note the following orthogonality relations for a finite abelian group A:

299
17.6. The Frobenius Density Theorem Chapter 17. Global Class Field Theory

(1) For χ1 , χ2 characters on A,

(
X 0 6 χ−1
if χ1 = 2
χ1 (a)χ2 (a) =
a∈A
|A| if χ1 = χ−1
2 .

(2) For any a, b ∈ A, (

X 0 if ab 6= 1
χ(a)χ(b) =
χ
|A| if ab = 1.

(For details, see section IV.3 of Janusz.) These imply

(
X 0 if k 6= k0
χ(k0−1 k) =
χ
φ(m) if k = k0

where the sum is over all characters χ of CQ (m). Moreover, Corollary 17.6.7 implies that
the sum over nonprincipal characters is bounded at s = 1 since L(1, χ) 6= 0 for χ 6= χ0 .
Therefore X 1
log L(s, χ0 ) ∼ φ(m) s
.
p∈k
p
0

Recall from Section 12.4 that L(s, χ0 ) differs from the Riemann zeta function ζ(s) only by
finitely many terms, so log L(s, χ0 ) ∼ log ζ(s) ∼ − log(s − 1). Finally this shows that
X 1 1
s
∼− log(s − 1).
p∈k
p φ(m)
0

By definition this means the Dirichlet density of the set of primes in any k0 in the ray class
1
group CQ (m) is φ(m) .
Now we are prepared to state and prove the famous result.

Theorem 17.6.9 (Dirichlet). For each positive integer m and each integer a relatively prime
to m, there are infinitely many primes p = mb + a.

Proof. To access our work with the Dirichlet density, we turn the problem into one involving
ray classes. Suppose p is a prime in the arithmetic progression mb + a, where b ∈ Z. Then
mb + a ≡ a (mod m) implies mb+a a
∈ Qm,1 , where m = (m)∞ as before. This means p lies
in the coset aQm,1 . On the other hand, if p ∈ aQm,1 then p = ax y
with x ≡ y (mod m). It
follows that x ≡ mq + y and so p = mb + a for some b. Hence the primes congruent to a
mod m generate a prime ideal in a fixed coset of i(Qm,1 ), which is a ray class in the ray class
1
group CQ (m). By Theorem 17.6.8, the density of such primes is φ(m) so in particular there
are infinitely many of these primes.
Remarkably, Dirichlet proved his theorem several years before Frobenius had a proof of
the density theorem. We discuss the history of these theorems at greater length in Sec-
tion 17.11 and relate everything to Čebotarev’s density theorem.

300
17.6. The Frobenius Density Theorem Chapter 17. Global Class Field Theory

Dirichlet’s theorem has an important generalization to classes of ideals in generalized ideal

class groups which we will examine in Section 17.11. The proof of that result depends on the
condition that L(1, χ) 6= 0 for any nonprincipal character χ of the class group in question.
One should note that such results are highly nontrivial, as the nonvanishing of L-series in
all cases is only guaranteed by a positive proof of the Generalized Riemann Hypothesis.

301
17.7. The Second Fundamental Inequality Chapter 17. Global Class Field Theory

17.7 The Second Fundamental Inequality

In Section 17.6, we proved that NL/K (ILm )i(Km,1 ) has index less than or equal to [L : K] in
m
IK for any modulus m of K (the first fundamental inequality). We have also seen (courtesy
of Corollary 17.6.3) that the Artin map is surjective onto Gal(L/K), so ker ϕL/K has index
m
[L : K] in IK . We want to show ker ϕL/K = NL/K (ILm )i(Km,1 ) for all abelian extensions L/K
precisely when m is divisible by all ramified primes of K. This is obtained via the second
fundamental inequality of class field theory:
Theorem 17.7.1 (Second Inequality). For an abelian extension L/K, if m is divisible by
the primes of K which ramify in L, then
m
[IK : NL/K (ILm )i(Km,1 )] ≥ [L : K].

In his formulation of the main theorems of class field theory, Takagi proved the general
form of the fundamental equality. Since our approach to the Artin reciprocity theorem in
Section 17.8 requires and later generalizes the cyclic case, it will suffice the prove the second
fundamental inequality for cyclic extensions L/K.
Let L/K be a Galois extension with cyclic Galois group G = hσi. Suppose m is a modulus
of K divisible by all primes that ramify in L. We first compute some cohomology groups,
for which we recall the following results (these hold for any cyclic group G).
Definition. For a left G-module A, we define the nth group cohomology of A by

H n (G; A) := ExtnZG (Z, A).

Lemma 17.7.2 (Exact Hexagon). Given an exact sequence 0 → A → B → C → 0 of

G-modules, the long exact sequence in cohomology is an exact hexagon:

H 0 (G; A) H 0 (G; B)

H 1 (G; C) H 0 (G; C)

H 1 (G; B) H 1 (G; A)

Proof. The exact hexagon is just the long exact sequence in cohomology when G is cyclic
and the cohomologies are 2-periodic after the 0th homological degree.
Definition. Let A be a G-module. The Herbrand quotient of A is
|H 1 (A)|
q(A) =
|H 0 (A)|
which is defined whenever the cohomology groups of A are finite.

302
17.7. The Second Fundamental Inequality Chapter 17. Global Class Field Theory

Lemma 17.7.3. Let 0 → A → B → C → 0 be an exact sequence of G-modules. If any two

of q(A), q(B), q(C) are defined then so is the third, and q(A)q(C) = q(B).

Proof. Apply the exact hexagon.

Corollary 17.7.4. If A ⊂ B are G-modules and C = B/A is a finite quotient, then q(A) =
q(B) whenever either of these are defined.

Proof. If C is finite, we have

[ker N : im(t − 1)] | ker N | | im(t − 1)| |C|
q(C) = = = = 1.
[ker(t − 1) : im N ] | ker(t − 1)| | ker N | |C|
Then apply Lemma 17.7.3.
There is a special case of cyclic cohomology for finite, Galois extensions L/K, famously
listed as Theorem 90 in Hilbert’s The Theory of Algebraic Number Fields.

Theorem 17.7.5 (Hilbert’s Theorem 90). If G = Gal(L/K) is the Galois group for L/K, a
finite, Galois extension of number fields then H 1 (G; L∗ ) = 1 where L∗ denotes the invertible
elements of L.

Proposition 17.7.6. Let L, K and m be as above. Then

(i) H 0 (ILm ) = IK
m
/N (ILm ).

(ii) H 1 (ILm ) = 1.

(iii) H 0 (L∗ ) = K ∗ /N (L∗ ).

(iv) H 1 (L∗ ) = 1.

Proof. (i) Let a = Pai i be a fractional ideal in ILm which is fixed by σ, i.e. a ∈ ker(σ − 1).
Q
Since σ(a) = a, the distinct conjugates σ j (Pi ) of the primes over a appear with the same
exponent. If we denote p = Pi ∩ K, then
g−1
Y
pOL = σ j (Pi )
j=0

where g is the smallest positive integer such that σ j (Pi ) = Pi . This demonstrates that the
Pi contribute precisely the factor pai to the decomposition of a, and since Pi was arbitrary,
m m
we conclude that a ∈ IK . Therefore IK is the subgroup of ILm fixed by G, so

H 0 (ILm ) = (ILm )G = IK
m
/N (ILm ).

(ii) Now suppose a ∈ ker N , so N (a) = OK . Let P0 ⊂ OL be a prime in the factorization

of a which has g distinct images under the G-action. For 0 ≤ i ≤ g − 1, let Pi = σ i (P0 ) and
g−2
Y
as above, let ai be the exponent of Pi in a. Let B = Pci i where for each i, ci = a0 +. . .+ai .
i=0

303
17.7. The Second Fundamental Inequality Chapter 17. Global Class Field Theory

a −c
Then we have (σ − 1)B = Pa00 Pa11 · · · Pg−2
g−2
Pg−1g−2 . Let pf = N (P0 ). Since N (a) = 1, we
see that
g−1
!
Y
N Pai i = pf (a0 +...+ag−1 ) = 1.
i=0

Since f ≥ 1, this shows that a0 + . . . + ag−1 = 0, i.e. −cg−2 = ag−1 . Thus (σ − 1)B is
precisely the part of a contributed by the Pi . Since Pi was arbitrary, a ∈ im(σ − 1) so
ker N = im(σ − 1). By definition, this proves H 1 (ILm ) = 1.
(iii) comes from the fact that ker(σ − 1) L∗ = K ∗ .
(iv) is just Hilbert’s Theorem 90 (Theorem 17.7.5).
Definition. For a modulus m of K divisible by the primes ramifying in L, we define a
G-module homomorphism jm : IL → ILm by
(
P if P - m
jm (P) =
1 if P | m.

We further define a homomorphism fm : L∗ → ILm as the composite fm = jm ◦ i, where

i : L∗ → IL is the inclusion α 7→ (α).
Let S be the set of primes dividing m and set LS = ker fm . Then we see that

LS = {α ∈ L∗ | i(α) is divisible only by primes in S}.

The following relates the Herbrand quotients of LS , UL and ker jm .

Lemma 17.7.7. If q(UL ) and q(ker jm ) are defined then q(LS ) = q(UL ) q(ker jm ).
Proof. Since fm (LS ) = jm ◦ i(LS ) = 1, we get an exact sequence

1 → i(LS ) → ker jm → C → 1

for some G-module C satisfying

∼ ker jm ∼ ker jm ∼ i(L∗ ) ker jm

C= = = .
i(LS ) i(L∗ ) ∩ ker jm i(L∗ )
Notice that C is itself a subgroup of C(OL ) and since the class group is finite by Corol-
lary 17.4.5, so C is finite as well. Therefore by Corollary 17.7.4, q(i(LS )) = q(ker jm ).
Finally, the exact sequence
1 → UL → LS → i(LS ) → 1
and Corollary 17.7.4 can similarly be used to conclude

q(LS ) = q(UL ) q(i(LS )) = q(UL ) q(ker jm ).

This lemma shows that computing q(LS ) comes down to finding q(UL ) and q(ker jm ).
One can obtain the following results using local class field theory (see Janusz) or ideles (see
Milne).

304
17.7. The Second Fundamental Inequality Chapter 17. Global Class Field Theory

Theorem 17.7.8. Let r0 be the number of infinite primes ramifying in the extension L/K.
[L : K]
Then q(UL ) = .
2r0
Theorem 17.7.9. Let jm : IL → ILm be the homomorphism defined above for a modulus m
of K containing every prime that ramifies in L. Then
1
q(ker jm ) = Q
p|m0 e p fp

where the product is over all primes p dividing m0 the finite part of m, and ep and fp denote
respectively the ramification index and inertial degree of p.

Corollary 17.7.10. Let S be the set of primes which divide m, a modulus of K containing
all ramified primes of the extension L/K. Then the Herbrand quotient of LS is

[L : K]
q(LS ) = Q .
p|m ep fp

Theorem 17.7.11. For a cyclic extension L/K, suppose m is a modulus of K divisible by

sufficiently high powers of the ramified primes in L/K. Then
Y
a(m) := [K ∗ : N (L∗ )Km,1 ] = e p fp .
p|m

Denote the main index in the fundamental inequality by

m
hm (L/K) = [IK : NL/K (ILm )i(Km,1 )].

To prove Theorem 17.7.1, we will prove hm (L/K) = [L : K] under certain conditions on a

cyclic extension L/K.
For the set S of primes dividing m, the map fm = jm ◦ i gives us an exact sequence
fm
1 → LS → L∗ −→ ILm → V → 1

for some group V . Looking closer, this sequence contains two short exact sequences:
γ α
1 → LS → → fm (L∗ ) → 1
− L∗ − (17.1)
β
and 1 → fm (L∗ ) →
− ILm → V → 1. (17.2)

It is from these two sequences (and their cohomologies) that we derive the ingredients for
the second fundamental inequality. Define

P = {α ∈ K ∗ | fm (α) ∈ N (ILm )}
and Q = {α ∈ K ∗ | jm (α) ∈ N (ILm )i(Km,1 )}.

Consider the following commutative diagram, which is constructed using the sequences (16.1)
and (16.2) above.

305
17.7. The Second Fundamental Inequality Chapter 17. Global Class Field Theory

N (L∗ )Km,1 f0∗ N (ILm )i(Km,1 ) p∗

X 1
N (L∗ ) N (ILm )

P K∗ f0 IKm p
coker f0 1
N (L∗ ) N (L∗ ) N (ILm )

Q K∗ g IKm p0
coker g 1
N (L∗ )Km,1 N (L∗ )Km,1 N (ILm )i(Km,1 )

1 1 1

Set n(m) = [Km ∩ i−1 (N (ILm )) : Km,1 ∩ N (L∗ )]. A standard diagram chase (cf section V.4 in
Janusz) shows that coker f0 ∼= coker g and | ker f0 | = | ker g| · n(m). Note that
P Q
ker f0 = and ker g = .
N (L∗ ) N (L∗ )Km,1
Next we relate ker f0 and coker f0 to q(LS ). Recall from Proposition 17.7.6 that H 1 (L∗ ) and
H 1 (ILm ) are trivial. Then the exact sequences (1) and (2) from above give us exact hexagons
(see Lemma 17.7.2) which may be laid flat:
δ1 γ0 α0 δ2
1 H 1 (fm (L∗ )) H 0 (LS ) H 0 (L∗ ) H 0 (fm (L∗ )) H 1 (LS ) 1
f0

δ3 β0 γ0 δ4
1 H 1 (V ) H 0 (fm (L∗ )) H 0 (ILm ) H 0 (V ) H 1 (fm (L∗ )) 1

The dashed arrow is the identity map on H 0 (fm (L∗ )), and correspondingly the vertical arrow
is f0 = β0 α0 . Then
| coker f0 | = [H 0 (ILm ) : im β0 α0 ] = [H 0 (ILm ) : im β0 ] [im β0 : im β0 α0 ]
[H 0 (fm (L∗ )) : im α0 ]
= [H 0 (ILm ) : im β0 ] by isomorphism theorems
[ker β0 : ker β0 ∩ im α0 ]
| coker α0 |
= | coker β0 |
[ker β0 : ker β0 ∩ im α0 ]
| im δ2 |
= | im γ0 | by exactness
[ker β0 : ker β0 ∩ im α0 ]
|H 1 (LS )|
= | im γ0 | .
[ker β0 : ker β0 ∩ im α0 ]

306
17.7. The Second Fundamental Inequality Chapter 17. Global Class Field Theory

Also note that |H 0 (V )| = | im γ0 | |H 1 (fm (L∗ ))| by the second exact hexagon, so

|H 0 (V )| |H 1 (LS )|
| coker f0 | = .
|H 1 (fm (L∗ ))| [ker β0 : ker β0 ∩ im α0 ]

In a similar fashion, we use the exact hexagons to compute | ker f0 |:

| ker f0 | = | ker β0 α0 |
= | ker β0 ∩ im α0 | | ker α0 |
= | ker β0 ∩ im α0 | | im γ0 |
|H 0 (LS )|
= | ker β0 ∩ im α0 | .
|H 1 (fm (LS ))|

| coker f0 |
Lemma 17.7.12. q(LS ) = .
| ker f0 |
Proof. By the computations above,

| coker f0 | |H 0 (V )| |H 1 (LS )| |H 1 (fm (LS ))|

= ·
| ker f0 | |H 1 (fm (L∗ ))| [ker β0 : ker β0 ∩ im α0 ] | ker β0 ∩ im α0 | |H 0 (LS )|
|H 1 (LS )| |H 0 (V )|
= ·
|H 0 (LS )| | ker β0 |
|H 1 (LS )| |H 0 (V )| q(LS )
= · = .
|H 0 (LS )| |H 1 (V )| q(V )

Now, notice that since V is a quotient of the class group of L, which by Corollary 17.4.5
is finite, V is also finite. Then applying Corollary 17.7.4 shows that q(V ) = 1. The result
follows.
We now focus on the bottom row of the big commutative diagram from above,
K∗ g IKm
p0
1 −→ ker g −→ −
− − → −−−→ coker g −→ 1.
N (L∗ )Km,1 N (ILm )i(Km,1 )

Using this and Theorem 17.7.11, we know that when m is divisible by sufficiently high powers
of the ramified primes in L/K,

| im g| | coker g|
hm (L/K) = = a(m) .
| coker g| | ker g|

Then by Lemma 17.7.12, this can be written

| coker f0 |
hm (L/K) = a(m)n(m) = a(m)n(m)q(LS ).
| ker f0 |

We are now ready to prove the second inequality for cyclic extensions.

307
17.7. The Second Fundamental Inequality Chapter 17. Global Class Field Theory

Theorem 17.7.13 (Second Inequality for Cyclic Extensions). For L/K a cyclic extension
of number fields and m a modulus of K divisible by sufficiently high powers of the ramified
primes of the extension,
m
hm (L/K) = [IK : N (ILm )i(Km,1 )] ≥ [L : K].

Proof. By the work directly preceding the theorem, hm (L/K) = a(m)n(m)q(LS ). The hy-
potheses allow us to apply Corollary 17.7.10 and Theorem 17.7.11, which say

[L : K] Y
q(LS ) = Q and a(m) = e p fp .
p|m ep fp p|m

Putting these together with the expression for hm (L/K) yields

hm (L/K) = n(m)[L : K]

so in particular hm (L/K) ≥ [L : K]. This proves the second inequality.

Finally, combining the results from Theorems 17.6.5 and 17.7.13 gives us the fundamental
equality for cyclic extensions.

Corollary 17.7.14 (Fundamental Equality for Cyclic Extensions). Let L/K be a Galois
extension of number fields such that Gal(L/K) is cyclic. If m is a modulus of K that is
divisible by sufficiently high powers of every prime ramifying in L, then
m
[IK : N (ILm )i(Km,1 )] = [L : K].

308
17.8. The Artin Reciprocity Theorem Chapter 17. Global Class Field Theory

17.8 The Artin Reciprocity Theorem

m
Recall the subgroup PK (m, 1) ≤ IK for a modulus m of K. In Section 17.4 it was used to
m
define the ray class group CK (m) = IK /PK (m, 1), and Corollary 17.4.5 showed that PK (m, 1)
m
has finite index in IK .

Definition. Let K be a number field. A subgroup H of group of fractional ideals prime to

m
a modulus m of K is a congruence subgroup for m if PK (m, 1) ≤ H ≤ IK . The quotient
m
IK /H is called a generalized ideal class group for m.
m
Corollary 17.4.5 implies that every congruence subgroup has finite index in IK .
m
Example 17.8.1. Let m = 1 so that IK is the full group of fractional ideals IK . Then
PK = PK (m, 1) is a congruence subgroup for m. This shows that generalized ideal class
groups properly encompass the class group.
√
Example 17.8.2. Let O be the order of conductor f in K = Q( −n) for n ∈ N. We proved
in Proposition 17.2.12 that the ideal class group for O can be written C(O) ∼ = IK (f )/PK,Z (f )
where PK,Z (f ) is the subgroup generated by principal fractional ideals αOK with generators
satisfying α ≡ a mod f OK , a ∈ Z and (a, f ) = 1. Since f OK is a modulus,

PK (f OK , 1) ≤ PK,Z (f ) ≤ IK (f )

so C(O) is a generalized ideal class group for f OK .

It turns out that the generalized ideal class groups are exactly the Galois groups of all
abelian extensions of K. This correspondence is encoded in the Artin map
m
ϕL/K : IK −→ Gal(L/K)

where m is chosen so that it is divisible by every ramified prime of K. We have seen (courtesy
of Corollary 17.6.3) that the Artin map is surjective onto Gal(L/K), so ker ϕL/K has index
m
[L : K] in IK .
The main result in this section is one of central importance in class field theory:

Theorem (Artin Reciprocity). Let L/K be an abelian extension of number fields with G =
Gal(L/K). If m is a modulus divisible by sufficiently high powers of every prime in K that
ramifies in L, then the Artin map
m
ϕL/K : IK −→ G

is surjective and ker ϕL/K = NL/K (ILm )i(Km,1 ). In particular, G is a generalized ideal class
group for m.

We now focus on developing the tools to prove Artin reciprocity.

Definition. Let L/K be an abelian extension of number fields and take m a modulus of K.
We say the reciprocity law holds for the triple (L, K, m) provided i(Km,1 ) ⊆ ker ϕL/K .

309
17.8. The Artin Reciprocity Theorem Chapter 17. Global Class Field Theory

The reciprocity law is important to the proof of Artin reciprocity for the following reason.

Lemma 17.8.3. If m is divisible by all primes ramifying in L and the reciprocity law holds
for (L, K, m) then ker ϕL/K = NL/K (ILm )i(Km,1 ).

Proof. By Corollary 17.3.7 we know NL/K (ILm ) ⊆ ker ϕL/K and so NL/K (ILm )i(Km,1 ) ⊆
ker ϕL/K as long as the reciprocity law holds. The first fundamental inequality says that
m
[IK : NL/K (ILm )i(Km,1 )] ≤ [L : K],
m
but since [IK : ker ϕL/K ] = | Gal(L/K)| = [L : K] by surjectivity, we must have

NL/K (ILm )i(Km,1 ) = ker ϕL/K .

Example 17.8.4. We have previously shown (Example 17.4.8) that for a primitive mth root
of unity ζm and the modulus m = (m)∞, the reciprocity law holds for (Q(ζm ), Q, m) – in
fact we proved that i(Qm,1 ) = ker ϕQ(ζm )/Q .

Remark. By properties of the Artin map (Section 17.3), one can easily prove that

ˆ If the reciprocity law holds for (L, K, m) and E is any finite extension of K, then the
reciprocity law holds for (LE, E, m).

ˆ If the reciprocity law holds for (L, K, m), then it holds for (L, K, mn) where n is any
modulus of K.

ˆ Combining these with the previous example, we see that for any primitive mth root of
unity ζm and any modulus m of K divisible by (m)∞, reciprocity holds for (K(ζm ), K, m).

It is clear that creating certain cyclotomic extensions of number fields is critical to pre-
serving the reciprocity law. This connection runs deep throughout this section, culminating
in the Kronecker-Weber Theorem at the end.
Let L/K be an abelian extension of number fields.

Proposition 17.8.5. Let n = [L : K] and suppose s is a positive integer. Take a prime

p ⊂ OK which is unramified in L. Then there exists a primitive mth root of unity ζm , with
E = K(ζm ), such that m is relatively prime to p and s, and the following conditions are met:

(i) L ∩ E = K.

(ii) The element ϕE/K (p) in Gal(E/K) has order divisible by n.

(iii) There is some element σ ∈ Gal(E/K) whose order is divisible by n that satisfies
hσi ∩ hϕE/K (p)i = {1}.

310
17.8. The Artin Reciprocity Theorem Chapter 17. Global Class Field Theory

Proof. (i) We apply Lemma 6.1.7 to a = N(p). Since L only has finitely many subfields,
there is some M such that Q(e2πi/M ) contains every cyclotomic subfield of L. Lemma 6.1.7
allows us to select m with no prime divisors less than M · s. Then Q(e2πi/M ) ∩ Q(ζm ) = Q
and L ∩ Q(ζm ) = Q. Taking E = K(ζm ) it follows that L ∩ E = K.
(ii) Let τ = ϕE/K (p) ∈ Gal(E/K). By definition ϕE/K (p) is a Frobenius automorphism
N(p) a
satisfying τ (ζm ) = ζm = ζm . Thus τ has order divisible by n.
(iii) Finally, choose b ∈ Z according to Lemma 6.1.7 and define σ ∈ Gal(E/K) on the
b
primitive element of E/K by σ(ζm ) = ζm . Then σ has order divisible by n. Since (a, b) = 1,
it is clear that hσi ∩ hτ i = {1} as desired.
Lemma 17.8.6 (Artin). Let L/K be a cyclic extension and p ⊂ OK a prime that is unram-
ified in L. Then there exists an mth root of unity ζm and an extension F/K such that
(1) L ∩ F = K.

(2) L ∩ K(ζm ) = K.

(3) L(ζm ) = F (ζm ).

(4) p splits completely in F .

Proof. Choose m and ζ = ζm as in Proposition 17.8.5. Then L(ζ) = LE and L ∩ E = K (so
(2) is done). This means that Gal(L(ζ)/K) ∼ = Gal(L/K) × Gal(E/K). Let σ be a generator
of Gal(L/K) and choose τ ∈ Gal(E/K) according to (iii) of Proposition 17.8.5. Define H
to be the subgroup of Gal(L(ζ)/K) generated by (σ, τ ) and (ϕL/K (p), ϕE/K (p)). We claim
that F = (LE)H is the desired field extension of K.
By Corollary 17.3.3, ϕLE/K (p) = (ϕL/K (p), ϕE/K (p)) which generates the decomposition
group of (a prime lying over) p in Gal(LE/K), so in particular the decomposition group
is contained in H. Since LE is abelian, it follows that p splits completely in F = (LE)H ,
proving (4).
Next, note that F (ζ) = F E is the fixed field of H ∩ (Gal(L/K) × {1}). Suppose we
have an element (σ, τ )a (ϕL/K (p), ϕE/K (p))b of H that lies in Gal(L/K) ∩ {1}. Then τ a ∈
hϕE/K (p)i so τ a = 1 since hτ i ∩ hϕE/K (p)i = 1 by (iii) of Proposition 17.8.5. This implies
n = [L : K] divides a, and since the order of σ is n we have σ a = 1. This further shows that
ϕE/K (p)b = 1 and n | b by Proposition 17.8.5. Thus ϕL/K (p)b = 1. All of this shows that
H ∩ (Gal(L/K) × {1}) = {1} so F (ζ) = LE = L(ζ), proving (3).
Finally, observe that L ∩ F is the subfield of L fixed by H. Since (σ, τ ) ∈ H, L ∩ F is
really the subfield fixed by σ, which is K. This proves (1) and we’re finished.
We next prove an intermediate result for cyclic extensions which we will use to prove the
Artin Reciprocity Theorem for all abelian extensions.
Theorem 17.8.7. Let L/K be a cyclic extension, G = Gal(L/K), m a modulus of K
divisible by all ramified (in L) primes of OK . Then the reciprocity law holds for (L, K, m).
Proof. By Corollary 17.7.14, the fundamental equality holds for the cyclic extension L/K,
so it suffices to prove ker ϕL/K ⊆ NL/K (ILm )i(Km,1 ). Take an ideal a ∈ ker ϕL/K and write
its prime factorization a = pa11 · · · par r . The pi are all unramified in L since a ∈ IK
m
and m is

311
17.8. The Artin Reciprocity Theorem Chapter 17. Global Class Field Theory

assumed to contain all the ramified primes. For each pi we may use Artin’s Lemma to select
a root of unity ζmi such that (mi , mj ) = 1 for all i 6= j, i, j = 1, . . . , r. By Proposition 17.8.5,
we can also force K ∩ Q(ζmi ) = Q for each i. Define Gi := Gal(K(ζmi )/K). Then Gi ∼ =
Gal(Q(ζmi )/Q) and the automorphism group of L(ζm1 , . . . , ζmr )/K is G × G1 × · · · × Gr .
Suppose G = hσi. For each i let τi be the element in Gi chosen via (iii) of Proposi-
tion 17.8.5. Let Hi be the subgroup of G × Gi generated by the elements
(σ, τi ) (ϕL/K (pi ), ϕK(ζmi )/K (pi )).
and
Y
Furthermore, let Fi be the fixed field of Hi × Gj and set F = F1 · · · Fr . We take a moment
j6=i
to verify that L ∩ F = K and Gal(L/K) = Gal(LF/F ). Note that the intersection of all the
Gal(LF/Fi ) fixes F and contains (σ, τ1 , . . . , τr ). The field L ∩ F is also fixed by this element
and by (1, τ1 , . . . , τr ) so L ∩ F is fixed by σ and therefore L ∩ F = K.
Now let ϕL/K (pai i ) = σ di where di ≥ 0. Then 1 = ϕL/K (a) = σ d where d = d1 + . . . + dr
and [L : K] | d. For a sufficiently large modulus m0 , the Artin map
0
ϕLF/F : IFm −→ Gal(LF/F )
is surjective so there is an ideal b0 relatively prime to m and all the mi such that ϕLF/F (b0 ) =
m
σ. Let b = NF/K (b0 ) ∈ IK . By properties of the Artin map in extensions (Proposi-
tion 17.3.6), we see that ϕL/K (b) = σ. For each i, pi splits completely so there exists
an ideal ci relatively prime to m and each mj such that NFi /K (ci ) = pai i b−di . By our choice
of di ,
ϕLFi /Fi (ci ) = ϕL/K (NFi /K (ci )) = 1.
By properties of the reciprocity law, Fi ⊂ LFi ⊂ Fi (ζmi ) and so the reciprocity law holds for
(LFi , Fi , m0 ) as long as m0 is divisible by (mi )∞.
0
We chose ci prime to the mi so we may select m0 so that ci ∈ IFmi . Then there exist
m0
γi ∈ Fi , γi ≡ 1 mod m0 and an ideal di ∈ ILF i
such that ci = (γi )NLFi /Fi (di ). Taking
K-norms yields
pai i b−di = (NFi /K (γi ))NLFi /K (di ).
Selecting m0 so that m | m0 ensures that αi := NFi /K (γi ) lies in Km,1 . Now taking products
of the above pieces over all i gives us
r
Y r
Y r
Y
−d
ab = pai i b−di = αi NLFi /K (di ).
i=1 i=1 i=1

Write d0i = NLFi /L (di ). Then a = bd (α1 · · · αr )NL/K (d01 · · · d0r ). Above we saw that [L : K]
divides d, so bd is a norm on L/K. Hence we have shown that a ∈ NL/K (ILm )i(Km,1 ) and the
theorem is proved.
A small bit of work remains to prove the main result, which we restate here.
Theorem 17.8.8 (Artin Reciprocity). Let L/K be an abelian extension with G = Gal(L/K).
Suppose m is a modulus of K divisible by all primes in K which ramify in L and assume
their exponents are sufficiently large. Then the Artin map
m
ϕL/K : IK −→ G

312
17.8. The Artin Reciprocity Theorem Chapter 17. Global Class Field Theory

is surjective with ker ϕL/K = NL/K (ILm )i(Km,1 ).

Proof. Surjectivity was proven in Corollary 17.6.3. By the fundamental theorem of finite
abelian groups we can express G as the product of cyclic groups:
G = C1 × · · · × Gs .
Y
Set Hj = Ci so that G = Ci × Hi for any i. Let Ei denote the subfield of L fixed by
i6=j
Hi . Then Ei /K is a cyclic extension with Galois group Ci and by Theorem 17.8.7 there is a
modulus mi such that the reciprocity law holds for (Ei , K, mi ). We may choose each mi so
that mi | m, meaning the reciprocity law also holds for (Ei , K, m) and thus
s
\
i(Km,1 ) ⊆ ker ϕEi /K .
i=1

By properties of the Frobenius automorphism (Proposition 17.3.6), we have ϕL/K (a)|Ei =

ϕEi /K (a) for any fractional ideal a of OK . In particular, if a ∈ i(Km,1 ) then ϕL/K (a)|Ei = 1
\
for all i. But E1 · · · Es = L because the group that fixes all the Ei is Hi = {1}. Thus any
automorphism acting trivially on all the Ei is the identity on L, which gives us i(Km,1 ) ⊆
ker ϕL/K . The theorem follows at once from Lemma 17.8.3.
We have therefore also proven Theorem 17.1.5 which was instrumental in constructing the
connection between the Hilbert class field and the class group C(OK ). Here we have proven
a much stronger connection between Artin maps for a large class of moduli and generalized
ideal class groups. The full picture will become clear in Section 17.10 when we show that
the finite abelian extensions of K and generalized ideal class groups are in correspondence.
Corollary 17.8.9. Let L/K be abelian and suppose m is a modulus of K such that the
reciprocity law holds for (L, K, m). If E is a normal extension of K such that
NE/K (IEm ) ⊆ NL/K (ILm )i(Km,1 )
then L ⊂ E.
We use this corollary to prove another important result in class field theory. One has
probably noticed by now that the roots of unity are an important tool in describing Artin
reciprocity for abelian extensions. The famous Kronecker-Weber Theorem characterizes
every abelian extension of Q as a subfield of some cyclotomic field.
Theorem 17.8.10 (Kronecker-Weber). Every abelian extension K of Q is contained in
Q(ζm ) for some primitive mth root of unity ζm .
Proof. Our proof of the Artin Reciprocity Theorem (19.2.2) shows that the reciprocity law
holds for (K, Q, m) for some modulus m. We may write m = (m)∞ where m is a positive
integer. Let ζm = e2πi/m , a primitive mth root of unity, and consider L = Q(ζm ). In
Example 17.4.8 we computed the kernel of ϕL/Q to be i(Qm,1 ), so we have
i(Qm,1 ) = NL/Q (ILm )i(Qm,1 ) ⊆ NK/Q (IK
m
)i(Qm,1 ) = ker ϕK/Q .
By Corollary 17.8.9, we conclude that K ⊂ L = Q(ζm ).

313
17.8. The Artin Reciprocity Theorem Chapter 17. Global Class Field Theory

This completes our discussion of Artin reciprocity and the Kronecker-Weber Theorem for
now, although these concepts continue to crop up in future discussions as they are integral
to class field theory as a whole.

314
17.9. The Conductor Theorem Chapter 17. Global Class Field Theory

17.9 The Conductor Theorem

For an abelian extension L/K, the Artin reciprocity theorem and its corollary (17.8.9) imply
that Gal(L/K) is a generalized ideal class group for an infinite number of moduli m, namely
those divisible by the primes of K that ramify in L. There is in fact a ‘best’ modulus for a
particular extension L/K, called the conductor, which is divisible by only those primes that
ramify.
Fix a prime p ⊂ OK and take m to be any modulus divisible by p. Theorem 17.4.4 gives
us an exact sequence
ϕL/K
0 → (OK /pm(p) )× → Km /Km,1 → CK (m) −−−→ C(OK ) → 0,

where ϕL/K is the Artin map for m. There is a smallest integer f (p) ≤ m(p) such that this
sequence factors through (OK /pf (p) )× .

Definition. Let f (p) beQ

as above and let m∞ be the modulus of all infinite primes of K. The
modulus f(L/K) = m∞ pf (p) is called the conductor of the extension of L/K. It is the
smallest modulus f such that the Artin map ϕL/K factors through CK (f).

Proposition 17.9.1. If the reciprocity law holds for (L, K, m) then f(L/K) | m.

Proof. Obvious.
So far we do not know if the reciprocity law holds for f(L/K); of particular concern is
that some ramified primes might not divide the conductor. The Conductor Theorem states
that this does not happen.

Theorem 17.9.2 (Conductor Theorem). Let L/K be abelian with conductor f = f(L/K).
Then a prime of K (finite or infinite) ramifies in L if and only if it divides f. Moreover, a
modulus m is divisible by f if and only if ker ϕL/K is a congruence subgroup for m.

The proof of the conductor theorem is rather interesting, as it makes extensive use of
the local Artin map and thus establishes one of the powerful local-global connections in class
field theory. For details, consult sections V.11–12 of Janusz.

Proposition 17.9.3. Let L = Q(ζm ) where ζm is a primitive mth root of unity. The
conductor of L/Q is determined by

1
 m≤2
f(L/Q) = (n)∞ m = 2n where n > 1 is odd

(m)∞ otherwise.


Proof. The conductor theorem says that f(L/Q) is the modulus of L divisible by exactly
those primes, finite and infinite, which ramify in L. Every modulus of L/Q is of the form
(n)∞ for some integer n, so write f = (n)∞. When m = 1, 2 the conductor is clearly 1 since
Q(ζm ) = Q in both cases. When m > 2, Example 17.4.8 tells us that all ramified primes
divide the modulus m = (m)∞, so by definition the conductor divides (n)∞, that is, n | m.

315
17.9. The Conductor Theorem Chapter 17. Global Class Field Theory

What’s more, m is a modulus on L that is divisible by every ramified prime of both L

and M = Q(ζn ). This implies that ker ϕM/K (m) is a subgroup of ker ϕL/K (m), which by
Corollary 17.8.9 shows that L ⊂ M . Since both extensions are Galois, we must have that
| Gal(M/Q)| divides | Gal(L/Q)|, that is, φ(m) | φ(n). It is well known that n | m always
implies φ(n) | φ(m) so in this case we see that φ(n) = φ(m). Now, under the condition
n | m, this can only happen when m and n are equal or differ by a single factor of 2. Notice
that this corresponds precisely with the second and third lines of the formula for f(L/Q)
given above, so we are done.
√
Example 17.9.4. Let K = Q( D) for a squarefree integer D. Using the definition of
conductor we have (
(|dK |) D>0
f(K/Q) =
(|dK |)∞ D < 0.

316
17.10. The Existence and Classification Theorems Chapter 17. Global Class Field Theory

17.10 The Existence and Classification Theorems

Definition. Suppose L/K is an abelian extension and m is a modulus of K. If H is a
congruence subgroup for m then L is said to be a class field of H.

The goal of class field theory is then to classify all abelian extensions by their class groups.
We will prove

Theorem. Let m be a modulus of K and let H be a congruence subgroup for m. Then there
exists an abelian extension L ⊃ K, all of whose ramified primes divide m, such that H is the
m
kernel of the Artin map ϕL/K : IK −→ Gal(L/K), that is, L is a class field of H.

Constructing a class field for H is hard to do directly, so the usual approach in class field
theory texts is to construct enough extensions to force the existence of L.

Lemma 17.10.1. Let m be divisible by all primes of K ramifying in L and suppose there is
a chain of subgroups
i(Km,1 ) ≤ H0 ≤ H1 ≤ I m
such that H0 is a congruence subgroup for an abelian extension L/K. Then H1 is a congru-
ence subgroup for the subfield of L fixed by the subgroup ϕL/K (H1 ) ≤ Gal(L/K).

Proof. Let G1 = ϕL/K (H1 ) and let E be the subfield of L fixed by G1 . Let r : Gal(L/K) →
Gal(E/K) be the natural restriction, so that r(G1 ) = 1. For any a ∈ I m , ϕE/K (a) =
(r ◦ ϕL/K )(a) so in particular ϕE/K (a) = 1 when a ∈ H1 . Thus H1 ⊂ ker ϕE/K .
On the other hand, since H1 is a congruence subgroup the reciprocity law holds for
(E, K, m) and so
[I m : ker ϕE/K ] = [Gal(L/K) : G1 ] = [I m : H1 ].
This proves H1 = ker ϕE/K and the Artin reciprocity theorem (19.2.2) implies the rest.

Lemma 17.10.2. Let H be a congruence subgroup of K for the modulus m. To show there
exists a class field L of H, it suffices to prove this when K contains a primitive nth root of
unity, where n = [I m : H].

Proof. We create a tower

K = K (1) ⊂ K (2) ⊂ · · · ⊂ K (r) = K(ζn )

where each subextension K (i+1) /K (i) is cyclic. Now apply Lemma 17.10.1 and Proposition
V.7.2 from Janusz.
This allows us to assume K contains the nth roots of unity. Let S1 be a finite set of
primes of K and let Y
m1 = pm1 (p)
p∈S1

for sufficiently high powers m1 (p). Define S2 and m2 in the same way and suppose S1 ∩S2 = ∅
and that S1 ∪ S2 contains all primes p satisfying

317
17.10. The Existence and Classification Theorems Chapter 17. Global Class Field Theory

(i) p | n;

(ii) p | ∞;

(iii) and p | ai where {ai } is a finite set of OK -ideals whose images cover C(OK ).

Then any ideal a can be expressed as a = ai (α) for some α ∈ K and ai only divisible by
primes in S := S1 ∪ S2 . Define the congruence subgroups

H1 = i(Km1 ,1 )(I m1 )n I(S2 )

and H2 = i(Km2 ,1 )(I m2 )n I(S1 )

where I(Sj ) denotes the group generated by finite primes in Sj . (These are congruence
subgroups since S1 ∩ S2 = ∅ implies H1 ⊆ I m1 and H2 ⊆ I m2 .) Next we define two subgroups
of K ∗ :

W1 = K S K n ∩ Km2 ,1
and W2 = K S K n ∩ Km1 ,1 .
√ √
We claim that L1 = K( n W1 ) and L2 = K( n W2 ) are the respective class fields over K for
H1 and H2 . This is proven in detail in section V.9 of Janusz. We will end the discussion
here, since our goal is to explore the consequences of the existence theorem. In any case, the
construction of such a class field L1 for H1 allows us to prove

Theorem 17.10.3 (Existence Theorem). Every congruence subgroup H of K has a class

field L/K.

We consolidate the proof here.

Proof. Take a congruence subgroup H and set [I m : H] = n. Lemma 17.10.2 says that we
may assume K contains the nth roots of unity. Let S1 be a finite set of primes containing
all primes dividing m and satisfying (i) – (iii) above. Let S2 = ∅ so that S = S1 ∪ S2 = S1 .
Define m1 as above so that m | m1 . Then H1 = H ∩ I m1 and by the above work there is an
abelian extension L1 with H1 = ker ϕL1 /K . Finally, by Lemma 17.10.1 there is a subfield L
of L1 which is class field for H ⊆ H1 .
An important corollary is the classification theorem of class field theory, which bears a
resemblance to the fundamental theorem of Galois theory. Such classification theorems are
a primary tool in many areas of modern mathematics. First, we need

Lemma 17.10.4. Suppose n and m are moduli of K such that n | m. If H n is a congruence

subgroup for n and H m = H n ∩ IK
m n
then the class groups IK /H n and IK
m
/H m are isomorphic.

Proof. Since H n is a congruence subgroup for n, IK

n m n
= IK H , so by isomorphism theorems,
m m m n n
IK IK ∼ IK H IK
= m = = .
Hm IK ∩ Hn Hn Hn

318
17.10. The Existence and Classification Theorems Chapter 17. Global Class Field Theory

Corollary 17.10.5 (Classification Theorem). Let K be a number field. There is a one-to-

one, inclusion-reversing correspondence
   
finite abelian generalized ideal
←→ .
extensions L/K class groups of K

Proof. The existence theorem shows that every congruence subgroup corresponds to an
abelian extension. Conversely, let L and M be abelian extensions of K. Consider the
f(L/K) f(M/K)
Artin maps ϕL/K : IK → Gal(L/K) and ϕM/K : IK → Gal(M/K), where f de-
notes the conductor of each extension. By the conductor theorem (17.9.2), ker ϕL/K and
ker ϕM/K are both congruence subgroups for K and by Lemma 17.10.4 it suffices to prove
the correspondence for these congruence subgroups. On one hand, Corollary 17.8.9 shows
that if ker ϕL/K ⊆ ker ϕM/K then M ⊂ L. On the other hand, M ⊂ L implies that
ker ϕL/K ⊂ ker ϕM/K and so the correspondence is indeed one-to-one.
At this point we return to the defining property of the Hilbert class field which we have
so far neglected to justify. Take the modulus m = 1 on K and the congruence subgroup
m
PK = PK (m, 1) ≤ IK = IK . By the existence theorem, there is a unique abelian extension
L/K such that the Artin map induces the isomorphism

C(OK ) = IK /PK ∼
= Gal(L/K).

Using this, we may now prove

Theorem 17.10.6. For a number field K, the Hilbert class field L/K is the maximal un-
ramified abelian extension of K.

Proof. Since m = 1, it follows that L is unramified. Let M be another unramified abelian

extension of K. By the conductor theorem (17.9.2), the primes of K dividing the conductor
f(M/K) are exactly those which ramify in M . There are none of these, so f(M/K) = 1. The
conductor theorem also tells us that ker ϕM/K is a congruence subgroup for m = 1. Then
PK ⊂ ker ϕM/K , but for the Hilbert class field L, PK = ker ϕL/K . Thus ker ϕL/K ⊂ ker ϕM/K .
Finally Corollary 17.8.9 shows that M ⊂ L.
We have now proven in greater generality all of the main theorems from Section 17.1.
Finally, we briefly mention a nice property of the Hilbert class field which was conjectured
by Hilbert and proven by Artin and Furtwängler using the transfer map in group theory.

Theorem 17.10.7 (Principal Ideal Theorem). If L is the Hilbert class field of K, then every
ideal a ⊂ OK becomes principal in OL .

319
17.11. The Čebotarev Density Theorem Chapter 17. Global Class Field Theory

17.11 The Čebotarev Density Theorem

In understanding the connections between the density theorems of Frobenius and Čebotarev,
it is important to study how they fit in with other related results. Frobenius proved his
theorem in 1880 (and finally published the result 16 years later), but this came several decades
after Dirichlet’s more famous theorem on primes in arithmetic progression (Theorem 17.6.9).
Although his original proof did not refer to the idea of density, Dirichlet’s result essentially
showed that for any m ∈ Z, the density of the set

S = {p prime | p ≡ a (mod m), (a, m) = 1}

1
is δ(S) = ϕ(m) . Frobenius successfully generalized this result to describe the splitting behav-
ior of monic polynomials f over Fp , where p is a prime not dividing the discriminant D(f ).
In loose terms, Frobenius’ result (Theorem 17.6.2) showed that the number of primes p such
that f has a given decomposition over Fp is proportional to the number of automorphisms
σ ∈ Gal(K/Q) with the same cycle type as this decomposition, where K is a splitting field
of f over the rationals. We illustrate this with an example.
Example 17.11.1. Let f = x4 − x − 1. Some decomposition patterns of f over finite fields
are shown below.

f ≡ (x3 + 3x2 + 2x + 5)(x + 4) (mod 7)

f ≡ x4 − x − 1 (mod 47)
f ≡ (x2 + 34x + 24)(x2 + 67x + 21) (mod 101).

(These factorizations are easy to produce with MAGMA.) It turns out that f factors into the
different decompositions (partitions of n = 4) with the following approximate frequencies:

decomposition proportion of primes

1
4 4
1
3,1 3
1
2,2 8
1
2,1,1 4
1
1,1,1,1 24

For example, the prime 7 falls into the set C1,3 = {p prime | f = gh3 (mod p)}, while
47 ∈ C4 and 101 ∈ C2,2 . Correspondingly, Frobenius’ theorem says that the number of
automorphisms σ ∈ G = Gal(K/Q) with cycle type 4 is |G|4
; likewise, the number of σ with
|G| |G|
cycle type 1,3 is 3 ; the number with cycle type 2,2 is 8 ; and so forth. In every case,
the identity automorphism is the only element of G with cycle type 1,1,1,1, which tells us
that |G| = 24 and we can go back and compute the number of elements of each cycle type
accordingly.
So far we have seen that for a field K/Q, classes of primes are in a certain correspondence
with the various cycle types of elements of the Galois group of this extension. The natural

320
17.11. The Čebotarev Density Theorem Chapter 17. Global Class Field Theory

question arising from this discussion is: given a polynomial f and a prime p that doesn’t
divide D(f ), is it possible to find, in some canonical way, an element in G with the same cycle
type as the decomposition of f over Fp ? This would successfully generalize both Dirichlet’s
and Frobenius’ results, and indeed Frobenius conjectured that it was possible. The solution
was finally found by Čebotarev after 42 years in the form of his density theorem.
For the next few theorems, we will assume K is a number field and E is a normal, not
necessarily abelian, extension of K, with Galois group G = Gal(E/K).
Let m be a modulus divisible by sufficiently high powers of all the primes of K which
ramify in E. Then the group H m (E/K) := NE/K (IEm )i(Km,1 ) is a congruence subgroup for
m and so the Existence Theorem tells us there is a (unique) abelian extension L/K that is
class field for H m (E/K). We may ‘enlarge’ m by forming a modulus n such that m | n and
NE/K (IEn ) ⊆ H n (L/K). By Corollary 17.8.9, L ⊂ E so we may as well use m after all. This
tells us that H m (E/K) = H m (L/K) and moreover,
m
IK /H m (E/K) = IK
m
/H m (L/K) ∼
= Gal(L/K).

To identify H m (E/K) with Gal(E/K), we prove the following theorem which also serves
to generalize the Artin map to the non-abelian case.

Theorem 17.11.2. L is the largest abelian subfield of E and therefore Gal(L/K) ∼

= G/G0
where G0 denotes the commutator subgroup of G.

Proof. First suppose L ⊂ M ⊂ E where M/K is abelian. By norm properties,

NE/K (IEm )i(Km,1 ) ⊆ NM/K (IM

m
)i(Km,1 ) ⊆ NL/K (ILm )i(Km,1 )

but we showed that the first and last are equal, so it follows that L = M since both are
abelian. Now this tells us by the classification theorem (17.10.5) that Gal(L/K) is the
largest possible quotient of G that is abelian. By definition this is the abelianization of G,
so Gal(L/K) ∼ = G/G0 .
To describe the isomorphism, let P be a prime in IEm and let p = P ∩ K. By Propo-
sition 14.5.13, the primes lying over p are Galois conjugates under the action of G and
therefore p determines a conjugacy class of the Frobenius automorphism FrobE/K (P). This
means that p determines a single element in G/G0 . We define the Artin map for non-abelian
extensions to be  
E/K
ϕE/K (p) := G0 .
P
By the work above, this extends to a homomorphism IK m
→ G/G0 .
To complete the description of ϕE/K , we compute its kernel. By Proposition 17.3.2,
   
E/K  L/K
 = PL where PL = P ∩ L.
P L

Thus ϕE/K (p) = ϕL/K (p)G0 so ker ϕL/K ≤ ker ϕE/K . But ker ϕL/K = H m (E/K) which was
shown to have index [G : G0 ] in IK
m
. Hence ker ϕE/K = H m (E/K) and our description is
complete.

321
17.11. The Čebotarev Density Theorem Chapter 17. Global Class Field Theory

Remark. The above proof and discussion shows that [IK m

: H m (E/K)] = [G : G0 ]. In
particular, this means that for a non-abelian extension of number fields the first fundamental
inequality (Theorem 17.6.5) is strict.
As another consequence of the classification theorem, we have the following generalization
of Corollary 17.6.7.
Proposition 17.11.3. Let χ be a nontrivial character of the ray class group CK (m) =
m
IK /PK (m, 1). Then L(1, χ) 6= 0.
Proof. Let H = PK (m, 1). Then there is an abelian extension L/K that is the class field of H
– this is called the ray class field for the modulus m. Note that, except for a finite number,
all the primes of K which split in L are contained in H. Thus by the Frobenius density
1
theorem (17.6.2) the density of this set of primes is [L:K] . By the Artin reciprocity theorem
1
(19.2.2), this is equal to [I m :H] . Finally, apply the comments following Theorem 17.5.13 to
K
m
conclude that L(1, χ) 6= 0 for any nontrivial character of IK /H.
This can be used to prove the following generalization of Dirichlet’s Theorem.
Theorem 17.11.4 (Dirichlet’s Theorem for Number Fields). Let H be a congruence subgroup
m
for a modulus m. Then any coset of H in IK contains infinitely many primes and the density
1
of this set of primes is m .
[IK : H]
We are now ready to state and prove the main theorem of this section.
Theorem 17.11.5 (Čebotarev’s Density Theorem). Let L/K be a Galois extension of num-
ber fields and suppose an element σ ∈ G = Gal(L/K) belongs to a conjugacy class C. Then
the set S of all primes p ⊂ OK divisible by a prime P ⊂ OL such that FrobL/K (P) ∈ C has
density
|C|
δ(S) = .
[L : K]
Proof. Let E be the subfield of L fixed by the cyclic subgroup hσi. Then since Gal(L/E) =
hσi, the extension L/E is abelian. Let T 0 be the set of primes P ⊂ OE with FrobL/E (P) = σ.
By Theorem 17.11.4, δ(T 0 ) = |hσi|
1
. Recall that Lemma 17.5.12 says we may restrict our
attention to the set T of primes in T 0 with inertial degree f (E/K) = 1, since δ(T ) = δ(T 0 ).
For any P ∈ T with p = P ∩ K, we will count the number of Pi ∈ T dividing p.
Take Q ⊂ OL lying over P such that FrobL/E (Q) = σ. Let {τi } be a transversal of hσi
in Gal(L/K); one will recall that this means hσiτi are all the distinct cosets of hσi. By
transitivity of the G-action on primes over P, the primes in L dividing p are τi (Q) and these
are distinct. Likewise the primes of E dividing p are Pj := τj (Q) ∩ E. It is a property of
the Frobenius automorphism that
Pj ∈ T ⇐⇒ hσiτj σ = hσiτj .
So in particular,
   
L/E L/E
FrobL/E (Pj ) = = τj τj−1 = τj στj−1 .
τj (Q) Q

322
17.11. The Čebotarev Density Theorem Chapter 17. Global Class Field Theory

It follows that Pj ∈ T ⇐⇒ τj στj−1 = σ. Since the τj and therefore the Pj are distinct
(remember that {τj } is a transversal of hσi), the number of primes in T dividing p is equal
to [ZG (σ) : hσi] where ZG (σ) is the centralizer of σ in G = Gal(L/K).
Now let S denote the set of OK -primes divisible by a prime in T and choose some p ∈ S.
There are precisely [ZG (σ) : hσi] primes P ∈ T for which NE/K (P) = p. This implies that
1
[ZG (σ) : hσi] · δ(S) = δ(T ) = |hσi| . Finally, we conclude that

1 1 |C| |C|
δ(S) = = = = .
|hσi| · [ZG (σ) : hσi] |ZG (σ)| |G| [L : K]

The Čebotarev density theorem immediately gives us the following result for abelian
extensions.

Corollary 17.11.6. Let L/K be abelian, m a modulus of K divisible by all primes
 that
L/K
ramify in L, and σ ∈ Gal(L/K). Then the set S of primes p - m such that = σ has
p
density
1
δ(S) =
[L : K]
and in particular S is infinite.

This corollary is similar to the conclusion in the proof of Theorem 17.6.5, and both
density theorems imply the surjectivity of the Artin map (this was originally proven in
Corollary 17.6.3). However, Čebotarev’s result implies surjectivity in a much stronger sense,
in that the density of primes in L is uniformly distributed across the collection of sets S
corresponding to conjugacy classes in G. Recall that with Frobenius’ theorem, this density
was only uniformly distributed across divisions, a much less intuitive object to work with in
the group-theoretic sense.
The Čebotarev density theorem is undoubtedly one of the most useful tools in modern
algebraic number theory, and is beginning to have practical application in algebraic geometry.
One important result for our purposes answers a question posed back in Section 14.5.

Proposition 17.11.7. For any Galois extension L/K, there are infinitely many primes of
K that split completely in L.

Proof. Apply the Čebotarev density theorem

 to the conjugacy class of 1 ∈ Gal(L/K) to

L/K 1
see that the primes p ⊂ OK such that = 1 have density . Then Proposi-
p [L : K]
tion 17.1.3 says that
 
L/K
= 1 ⇐⇒ p splits completely in L.
p

This implies the result.

323
17.11. The Čebotarev Density Theorem Chapter 17. Global Class Field Theory

Q(ζ117 )

Q(ζ9 ) Q(ζ13 )

M = Q(α, β)
3 3

K = Q(α) 9 L = Q(β)

3 3

Example 17.11.8. To illustrate the differences between conjugacy class, division and cycle
type and their associated densities, consider the group G = Z/3Z×Z/3Z. The reason is that
these three types of partitions are all distinct for G, as we will see in a moment. To apply
the density theorems to G we must find a Galois extension M/Q such that G = Gal(M/Q).
We provide two computational methods of constructing such an extension below.
The hard way is to find two extensions K/Q and L/Q of degree 3 and take their com-
positum. By field theory, if K and L are Galois extensions of Q and K ∩ L = Q then the
Galois group of their compositum is a direct product Gal(KL/Q) ∼ = Gal(K/Q) × Gal(L/Q).
There are two concerns: we want M/Q to be Galois with Gal(M/Q) ∼ = Z/3Z × Z/3Z and
we also want K and L to be normal subfields of M .
By the Kronecker-Weber Theorem (17.8.10), we can find all of these abelian exten-
sions within cyclotomic fields. It is a fact that if gcd(m, n) = 1 then Gal(Q(ζmn )/Z) ∼ =
Gal(Q(ζm )/Q) × Gal(Q(ζn )/Z) where ζj denotes a primitive jth root of unity. For our pur-
poses we want an integer k = mn such that gcd(m, n) = 1 and 3 divides ϕ(m) and ϕ(n);
this way we can find subfields of degree 3.
Along these lines, we chose m = 9 and n = 13. We found subfields K = Q(α) and
L = Q(β), where α = ζ9 + ζ98 and β = ζ13 + ζ13 5 8
+ ζ13 12
+ ζ13 . The previous paragraphs ensure
that M = Q(α, β) is a Galois extension of Q with Galois group Gal(M/Q) ∼ = Z/3Z × Z/3Z.
The minimal polynomial of M/Q is

h(x) = x9 + 3x8 − 18x7 − 38x6 + 93x5 + 147x4 − 161x3 − 201x2 + 57x + 53.

All of this can be verified with Magma

Consider G = Z/3Z × Z/3Z. Since G is abelian, there are nine singleton conjugacy
classes in G. On the other hand, there are five different divisions and two cycle types in G.
The cycle types are (1) for the identity and (3, 3, 3) for the remaining elements.
Now the next three tables display the distributions of primes p ≤ 10, 000 whose Frobenius
elements occur among the different divisions, cycle types and conjugacy classes of G, where
G is identified with Gal(M/Q) for M defined above. (These tables were generated with
Magma.)

324
17.11. The Čebotarev Density Theorem Chapter 17. Global Class Field Theory

division # of primes cycle type # of primes conjugacy class # of primes

identity 272 (19 ) 126 identity 126
(1 5 6)(2 3 8)(4 7 9) 277 (3, 3, 3) 1099 (1 5 6)(2 3 8)(4 7 9) 135
(1 3 7)(2 4 6)(5 8 9) 273 (1 6 5)(2 8 3)(4 9 7) 137
(1 2 9)(3 4 5)(6 8 7) 277 (1 2 9)(3 4 5)(6 8 7) 137
(1 8 4)(2 7 5)(3 9 6) (1 9 2)(3 5 4)(6 7 8) 136
(1 3 7)(2 4 6)(5 8 9) 139
(1 7 3)(2 6 4)(5 9 8) 138
(1 8 4)(2 7 5)(3 9 6) 143
(1 4 8)(2 5 7)(3 6 9) 134

Notice that the distribution is essentially uniform across each of the three types of partitions
of G; that is, the distribution of primes in an element of a given partition is proportional to
the size of the element of the partition.

325
17.12. Ring Class Fields Chapter 17. Global Class Field Theory

17.12 Ring Class Fields

In the final section of Chapter 17, we will utilize class field theory to construct an extension
of an imaginary quadratic field that corresponds to an order O, generalizing the Hilbert class
field from Section 17.1. We will use this extension to prove a characterization theorem for
when a prime has the form x2 + ny 2 , finally answering our motivating question.
Let K be a number field. An ideal m ⊂ OK can be viewed as a modulus of K. We will
usually be working with principal ideals αOK , in which case we will denote the group of
fractional ideals derived from the modulus (α) by IK (α), with principal subgroup PK (α, 1).
From Theorem 17.2.15, we know the class group for an order O is

C(O) = I(O)/P (O) ∼

= IK (f )/PK,Z (f )

where f is the conductor of O in OK . Then clearly PK,Z (α) is a congruence subgroup:

PK (α, 1) ≤ PK,Z (α) ≤ IK (f )

so C(O) is a generalized ideal class group for K corresponding to the modulus f OK . The
existence theorem (Section 17.10) then says that there is a unique abelian extension L/K
such that Gal(L/K) ∼= C(O).
Definition. For an order O in a number field K, the unique abelian extension L ⊃ K
satisfying Gal(L/K) ∼
= C(O) is called the ring class field of the order O.
Some authors denote a ring class field by KO . It is clear from the classification theorem
that the ring class field of the maximal order OK is precisely the Hilbert class field of K.
We will see that ring class fields are a useful generalization of the Hilbert class field in many
ways.
On the group theory side of things, we have the following characterization of the Galois
group of a ring class field.

Lemma 17.12.1. Let L be the ring class field of the order O in an imaginary quadratic field
K. Then L/Q is Galois and its Galois group can be written as a semidirect product

Gal(L/Q) ∼
= Gal(L/K) o (Z/2Z),

where the nontrivial element in Z/2Z acts on Gal(L/K) via σ 7→ σ −1 .

As we did with the Hilbert class field, we√begin by relating a prime p = x2 + ny 2 to its
splitting behavior in the ring class field of Z[ −n].
√
Theorem √ 17.12.2. Fix n ∈ N, let K = Q( −n) and let L be the ring class field of the
order Z[ −n] in K. If p is an odd prime not dividing n, then

p = x2 + ny 2 ⇐⇒ p splits completely in L.

326
17.12. Ring Class Fields Chapter 17. Global Class Field Theory

√
Proof. Let O = Z[ −n] and denote its conductor by f . The discriminant of O is D = −4n,
so we know from Section 17.2 that −4n = f 2 dK , where dK is the discriminant of K. If p - n
is an odd prime, then of course p - f 2 dK and so by Corollary 15.10.10, p is unramified in K.
As with the analogous Theorem 17.1.9, we prove the equivalence of the following statements:

(i) p = x2 + ny 2 ⇐⇒ pOK = pp̄, p 6= p̄ and p = αOK for some α ∈ O (ii)

⇐⇒ pOK = pp̄, p 6= p̄ and p ∈ PK,Z (f ) (iii)
 
L/K
⇐⇒ pOK = p 6= p̄ and =1 (iv)
p
⇐⇒ pOK = p 6= p̄ and p splits in L (v)
⇐⇒ p splits in L. (vi)
√ √ √
(i) ⇐⇒ (ii) Suppose p = x2 + ny 2 = (x + −ny)(x − −ny). Let p = (x + −ny)OK ,
factorization of p in OK . Since p is unramified in K, p 6= p̄.
so that pOK = pp̄ is√the prime √
Also note that x + −ny ∈ Z[ −n]. This entire argument is reversible, as in the proof of
Theorem 17.1.9.
(ii) ⇐⇒ (iii) follows from Theorem 17.2.15.
(iii) ⇐⇒ (iv) ⇐⇒ (v) Note that

IK (f )/PK,Z (f ) = C(O) ∼
= Gal(L/K)

where
 the
 isomorphism is the Artin map ϕL/K . This shows  thatp ∈ PK,Z (f ) if and only if
L/K L/K
= 1, and Proposition 17.1.3 further implies that = 1 if and only if p splits
p p
completely in L.
(v) ⇐⇒ (vi) Finally, Lemma 17.12.1 shows that L is Galois over Q and so as in the
proof of Theorem 17.1.9, p splits in L if and only p splits in K and some prime lying over p
(e.g. p) splits in L. This proves all equivalences and hence the theorem.
We finally arrive at the main characterization theorem for primes of the form x2 + ny 2 .
Theorem 17.12.3. For every integer n > 0, there is a monic irreducible polynomial fn (x)
of degree h(−4n) with integer coefficients such that for all odd primes dividing neither n nor
the discriminant of fn ,
 
2 2 −n
p = x + ny ⇐⇒ = 1 and fn (x) ≡ 0 (mod p) for some x ∈ Z.
p
Furthermore, any such choice of fn (x) will be the minimal polynomial
√ of a real algebraic
√
integer α for which L = K(α) is the ring class field of the order Z[ −n] in K = Q( −n).
Proof. As in the proof of Theorem 17.1.8, knowing L/Q is Galois allows us to pick a real
algebraic integer α that generates L/K, that is L = K(α). Let fn (x) be the minimal
polynomial of α over K. By definition such a polynomial is monic, irreducible and has
integer coefficients. Moreover, fn must have degree [L : K] = h(O) = h(−4n).
Let p be a prime not dividing n or the
 discriminant
 of fn . Then fn is separable mod p, so
−n
p splits completely in K if and only if p = 1. We may assume p splits completely in K,

327
17.12. Ring Class Fields Chapter 17. Global Class Field Theory

which means OK /p ∼ = Z/pZ for an OK -primes p such that p = p ∩ Z. Since fn is separable

over Z/pZ, it is also separable over OK /p. Hence Theorem 14.5.7 shows that

p splits completely in L ⇐⇒ fn (x) ≡ 0 mod p has a solution in OK

⇐⇒ fn (x) ≡ 0 mod p has a solution in Z.

The main equivalence follows from Theorem 17.12.2.

To address fn (x), note that there are infinitely many choices of such a polynomial since
there are infinitely many primitive elements of the extension L/K. We want to prove that the
possible fn (x)’s that arise are exactly those which are the minimal polynomials of primitive
elements of L/K. Let f be a monic integral polynomial of degree h(−4n) satisfying the main
equivalence of the theorem. Let g ∈ K[x] be an irreducible factor of f (x) and let M = K(α)
where α is a root of g. Note that if we knew L ⊂ M , then

h(−4n) = [L : K] ≤ [M : K] = deg g ≤ deg f = h(−4n).

Therefore if L ⊂ M then we would be able to conclude that L = K(α) and f is the minimal
polynomial of α over K. To verify L ⊂ M we need the next lemma which, once established,
will allows us to finish the proof of Theorem 17.12.3.
·
Given two sets S and T , we will write S ⊂ T if S is contained in T except for a finite
number of elements. We will apply this in the next lemma to the set

SL/K = {p ⊂ OK | p is prime and splits completely in L}.

Lemma 17.12.4. Let L and M be Galois extensions of a number field K and define

S = SL/Q = {p ∈ Z prime | p splits completely in L}

and T = {p ∈ Z prime | p is unramified in L, f (p | p) = 1 for some p ⊂ OM }.
·
Then L ⊂ M ⇐⇒ T ⊂ S.
·
Proof. First, if L ⊂ M then T is clearly a subset of S. Conversely, suppose T ⊂ S. Let
N be a Galois extension of K containing both L and M as subfields. By the fundamental
theorem of Galois theory, it will suffice to show that Gal(N/M ) ≤ Gal(N/L).
Take any σ ∈ Gal(N/M ); we will show that σ restricts to the identity on L. By the
Čebotarevdensitytheorem (17.11.5), there exists an OK -prime p that is unramified in N
N/K
for which is the conjugacy class of σ – recall from Section 17.11 that when N/K
p
is non-abelian, the Artin symbol
 describes
 a conjugacy class of the Galois group. Thus for
N/K
some P ⊂ ON lying over p, = σ. Define Q = P ∩ OM . Then for any α ∈ OM ,
P

α ≡ σ(α) ≡ αN (p) mod Q

by definition of the Artin map (and the fact that σ ∈ Gal(N/M )). This shows that OM /Q ∼
=
OK /p so f (Q | p) = 1, which further implies that p ∈ T . In fact, the Čebotarev density

328
17.12. Ring Class Fields Chapter 17. Global Class Field Theory

theorem guarantees that there are infinitely many of these primes p and since we assumed
·
T
 ⊂ S,we may therefore assume p is one of the primes of T which lies in S. Now this means
L/K
= 1 and by Proposition 17.3.2,
p
   
L/K N/K 
1= =  = σ|L .
p P L

Hence σ ∈ Gal(N/L) and the lemma is proved.

To finish the proof of Theorem 17.12.3, let L, M and K be as described previously. Define
S = SL/Q and T as in Lemma 17.12.4. By Theorem 17.12.2, S is exactly the set of primes
p = x2 + ny 2 . Since f is assumed to satisfy the main equivalence in Theorem 17.12.3, S
contains, with finitely many exceptions, the primes p which split completely in K and for
which f (x) ≡ 0 is solvable mod p. If p ∈ T , there is some prime P ∈ OM such that
f (P | p) = 1. Let p = P ∩ OK so that by properties of inertial degree,
1 = f (P | p) = f (P | p)f (p | p) =⇒ f (p | p) = 1.
Thus p splits completely in K.
Let α ∈ OM be the algebraic integer for f from the theorem. Then since g(α) = f (α) = 0,
f (x) ≡ 0 mod P has a solution. However, f (P | p) = 1 implies that Z/pZ ∼ = OM /P and so
f (x) ≡ 0 has solution in integers. By definition this means p ∈ S which proves S contains
T with finitely many exceptions. Applying Lemma 17.12.4 shows that L ⊂ M and therefore
we have finished checking everything in the proof of Theorem 17.12.3.

Let’s pause for a moment to see how far we have come. Beginning with Example 14.5.11,
where we proved Fermat’s theorem on primes of the form x2 + y 2 , we utilized a number of
tools in algebraic number theory to characterize primes of the form x2 + ny 2 for infinitely
many n – this was Theorem 17.1.8. In order to answer the x2 + ny 2 question for all integer
n, we needed the full force of class field theory, notably Čebotarev’s density theorem, and
this resulted in the characterization proven above. However, both theorems have the same
weakness: they do √ not provide a method for producing the primitive element α of the ring
class field L for Q( −n).
It turns out that there is an element j(O), called the j-invariant of the order O, that
generates L/K where L is the ring class field of K. Its defining characteristics are described
in the so-called First Fundamental Theorem of Complex Multiplication:
Theorem 17.12.5. Let O be an order in an imaginary quadratic field K.
(1) For any proper fractional O-ideal a, j(a) is an algebraic integer.
(2) For any proper fractional O-ideal a, K(j(a)) is the ring class field of K.
(3) For any two proper fractional ideals a, b ⊂ O, j(a) and j(b) are conjugate and therefore
they are all roots of a single irreducible polynomial HO (x) ∈ Q[x] which satisfies
h(O)
Y
HO (x) = (x − j(ai )),
i=1

329
17.12. Ring Class Fields Chapter 17. Global Class Field Theory

where h(O) is the class number of O and ai are distinct representatives of the class
group for O.

(4) The equation HO (x) = 0 is called the class equation for O and there exists an algorithm
for computing the class equation.

The First Fundamental Theorem of CM usually refers to (1) and (2). We will prove
this in Chapter 27. In practice, it is rather difficult to compute HO (x) but there have been
significant results in recent years that make it easier to compute in special cases.

330
Chapter 18

Quadratic Forms and n-Fermat

Primes

The main focus in the previous chapter was on developing the tools necessary for answering
the question “Given a natural number n and a prime p, when does p = x2 + ny 2 have a
solution in integers x and y?” The object x2 + ny 2 is an example of a quadratic form. In this
chapter we will further explore the theory of quadratic forms and then prove several results
about the special case x2 + ny 2 . Finally, in Section 18.3 we define a symmetric n-Fermat
prime to be a prime x2 + ny 2 such that y 2 + nx2 is also prime and describe the distribution
of such primes for various values of n.

331
18.1. Binary Quadratic Forms Chapter 18. Quadratic Forms and n-Fermat Primes

18.1 Binary Quadratic Forms

There is a rich history of the study of quadratic forms dating back at least to Fermat.
Some of the greatest mathematical minds, from Euler and Gauss to Legendre and Lagrange,
contributed to the theory which we survey here.
Definition. A binary quadratic form is a function f (x, y) = ax2 + bxy + cy 2 where a, b
and c are integers.
Fermat was one of the earliest mathematicians to study binary quadratic forms. His
motivation was the study and proof of such theorems as
Theorem 18.1.1 (Fermat). Let p be an odd prime.
(i) p = x2 + y 2 , x, y ∈ Z ⇐⇒ p ≡ 1 (mod 4).
(ii) p = x2 + 2y 2 , x, y ∈ Z ⇐⇒ p ≡ 1, 3 (mod 8).
(iii) p = x2 + 3y 2 , x, y ∈ Z ⇐⇒ p = 3 or p ≡ 1 (mod 3).
Euler was able to prove more complicated formulas of this flavor using his two-step
Descent-Reciprocity method which ultimately evolved into Gauss’s cherished quadratic reci-
procity. We have proven (i) ourselves in Example 14.5.11 and (ii) and (iii) are easy conse-
quences of Theorem 17.12.3 so we have already done a lot of work on the easiest types of
these problems.
Definition. A form f (x, y) = ax2 + bxy + cy 2 is primitive if gcd(a, b, c) = 1.
Since any binary quadratic form is a multiple of a primitive one, we will implicitly assume
any form we are working with is primitive.
Definition. A form f (x, y) represents an integer k is there exist integers x and y such
that f (x, y) = k. Further, f (x, y) properly represents k if x and y may be chosen such
that gcd(x, y) = 1.
In the theory of quadratic forms, there is a crucial idea of equivalence called proper
equivalence, which we define here:
Definition. Two forms f (x, y) and g(x, y) are properly equivalent if there is an invertible
matrix P ∈ SL2 (Z) such that f (x̄) = g(P x̄).
It is easy to see that proper equivalence is an equivalence relation on the set of binary
quadratic forms and furthermore, that properly equivalent forms represent the same integers.
2 2
Example 18.1.2.
  Let f (x, y) = ax + bxy + cy and take any integer n. Note that the
1 n
matrix T = has determinant 1 and therefore T ∈ SL2 (Z). Consider
0 1
f (T x̄) = f (x + ny, y)
= a(x2 + 2ny + n2 y 2 ) + b(x + ny)y + cy 2
= ax2 + (b + 2an)xy + (an2 + bn + c)y 2 .
Therefore f (x, y) is properly equivalent to ax2 + (b + 2an)xy + (an2 + bn + c)y 2 for any n ∈ Z.

332
18.1. Binary Quadratic Forms Chapter 18. Quadratic Forms and n-Fermat Primes

Lemma 18.1.3. A form f (x, y) properly represents k ∈ Z if and only if f (x, y) is properly
equivalent to kx2 + b0 xy + c0 y 2 for some b0 , c0 ∈ Z.
Proof. ( =⇒ ) Let f (x, y) = ax2 + bxy + cy 2 and suppose k = f (p, q) for relatively
 prime
p q
integers p, q. Then there exist integers r, s such that ps − qr = 1. Set P = and notice
r s
that det P = ps − qr = 1 so P ∈ SL2 (Z). Then writing x̄T = (x y) we have

f (P x̄) = f (px + qy, rx + sy)

= a(px + qy)2 + b(px + qy)(rx + sy) + c(rx + sy)2
= f (p, q)x2 + (2apr + bps + brq + 2cqs)xy + f (r, s)y 2

which is of the form kx2 + b0 xy + c0 y 2 .

( ⇒= ) If f is properly equivalent to g(x, y) = kx2 + b0 xy + c0 y 2 then they represent the
same integers. Notice that g(1, 0) = k so g properly represents k and therefore so does f .
Definition. The discriminant of a binary quadratic form ax2 + bxy + cy 2 is D = b2 − 4ac.
This is not to be confused with the discriminant of an ideal or an order. We will see in
Section 18.2 that there is a close connection between quadratic forms and orders in imaginary
quadratic fields and the multiple notions of discriminant will actually coincide in the end.
It’s easy to prove that properly equivalent forms have the same discriminant. Moreover,
the second half of the proof of Lemma 18.1.3 actually shows that every integer is properly
represented by some quadratic form, so the proper equivalence on forms corresponds to a
partition of Z.
If D > 0 is the discriminant of f (x, y) then f represents some positive and negative
integers, but if D < 0, the integers represented by f are either all positive or all negative.
Accordingly, we define
Definition. Let f (x, y) be a binary quadratic form of discriminant D. If D < 0 we say f is
positive definite or negative definite according to the sign of the integers f represents.
If D > 0 we say f is indefinite.
Proposition 18.1.4. Let f (x, y) = ax2 + bxy + cy 2 be a primitive form.
(i) For every prime p, one of f (1, 0), f (0, 1), f (1, 1) is relatively prime to p.

(ii) For every integer M , f (x, y) properly represents an integer relatively prime to M .
Proof. (i) If p divides f (1, 0) and f (0, 1), this implies p | a and p | c, so f (1, 1) = pa0 + b + pc0
where a = pa0 and c = pc0 . Since f (x, y) is primitive, gcd(a, b, c) = 1 so p cannot divide b
and therefore p - f (1, 1). Similarly, if p divides f (1, 0) and f (1, 1), p must divide a and a + b
which implies p | b as well. Then f (0, 1) = c but since gcd(a, b, c) = 1, p cannot divide c.
Thus p - f (0, 1). The third case is identical to the second.
(ii) Let M be given. For each prime pi in the prime factorization of M , part (i) says
that one of f (1, 0), f (0, 1), f (1, 1) represents a number that is relatively prime to pi . We will
prove the case where M = p1 p2 and then induction on the number of prime factors will finish
the proof of (ii).

333
18.1. Binary Quadratic Forms Chapter 18. Quadratic Forms and n-Fermat Primes

Let k1 and k2 be integers such that p1 - k1 and p2 - k2 . By (i), we may suppose f (x, y)
represents k1 (mod p1 ) via f (x1 , y1 ) and it represents k2 (mod p2 ) via f (x2 , y2 ) for some
x1 , x2 , y1 , y2 ∈ Z. By the Chinese remainder theorem (3.2.10), let K be the unique integer
modulo p1 p2 satisfying

K ≡ k1 (mod p1 )
K ≡ k2 (mod p2 ).

Also using the Chinese remainder theorem (3.2.10), define A and B to be the unique solutions,
modulo p1 p2 , to

A ≡ 1 (mod p1 ) B≡1 (mod p2 )

A ≡ 0 (mod p2 ) B≡0 (mod p1 ).

Then we can write K = Ak1 + Bk2 . In other words, K is the inverse image of (k1 , k2 ) under
the isomorphism given by the primary decomposition of M :

Z/(M ) ∼
= Z/(p1 ) × Z/(p2 )
Ai + Bj →−7 (i, j).

We use these ingredients to show that f (x, y) properly represents K modulo p1 p2 . Consider

f (Ax1 + Bx2 , Ay1 + By2 ) = a(A2 x21 + ABx1 x2 + B 2 x22 )

+ b(A2 x1 y1 + ABx2 y1 + ABx1 y2 + B 2 x2 y2 )
+ c(A2 y12 + ABy1 y2 + B 2 y22 ).

Reducing mod p1 , the Bs are all 0 so we have

f (Ax1 + Bx2 , Ay1 + By2 ) ≡ ax21 + bx1 y1 + cy12 ≡ k1 (mod p1 ).

On the other hand, reducing mod p2 yields

f (Ax1 + Bx2 , Ay1 + By2 ) ≡ ax22 + bx2 y2 + cy22 ≡ k2 (mod p2 ).

By our choice of K, this shows that f (Ax1 + Bx2 , Ay1 + By2 ) is congruent to K (mod p1 p2 ).
Therefore f (x, y) represents K, which is relatively prime to M by construction.

Example 18.1.5. To illustrate Proposition 18.1.4, consider f (x, y) = 2x2 + 3xy + 6y 2 . Let
p1 = 11 and p2 = 13, whereby M = p1 p2 = 143. By (i) of the proposition, we can represent
k1 = 2 using f (1, 0) and k2 = 6 using f (0, 1). Calculations show that A = 78 and B = 66
(e.g. using a computer algorithm for the Chinese remainder theorem) which gives us

K = Ak1 + Bk2 = 78(2) + 66(6) ≡ 123 (mod 143).

Note that K and M are coprime, so we can show that f (x, y) represents K in order to
demonstrate the conclusion in Proposition 18.1.4(ii). Letting (x1 , y1 ) = (1, 0) and (x2 , y2 ) =

334
18.1. Binary Quadratic Forms Chapter 18. Quadratic Forms and n-Fermat Primes

(0, 1), we compute

f (Ax1 + Bx2 , Ay1 + By2 ) = f (A, B)

= 2A2 + 3AB + 6B 2
= 2(78)2 + 3(78)(66) + 6(66)2
= 12168 + 15444 + 26136 = 53748
≡ 123 (mod 143).

So f (A, B) represents K which is relatively prime to M .

Lemma 18.1.6. Let D be an integer and suppose k is an odd integer such that gcd(D, k) = 1.
(i) D ≡ 0, 1 (mod 4) if D is the discriminant of a binary quadratic form.
(ii) k is properly represented by a primitive form of discriminant D if and only if D is a
quadratic residue mod k.
Proof. (i) If D is the discriminant of f (x, y) = ax2 + bxy + cy 2 then D = b2 − 4ac which
means D ≡ b2 (mod 4). The only squares mod 4 are 0 and 1 so D ≡ 0, 1 (mod 4).
(ii) If k is properly represented by some form f (x, y) of discriminant D, Lemma 18.1.3
allows us to assume f (x, y) = kx2 + bxy + cy 2 for b, c ∈ Z. Then D = b2 − 4kc so D ≡ b2
(mod k), that is, D is a quadratic residue mod k. On the other hand, if D ≡ b2 (mod k) then
D ≡ 0, 1 (mod 4) implies D = b2 − 4kc for some c ∈ Z. The form g(x, y) = kx2 + bxy + cy 2
properly represents k and since gcd(D, k) = 1, gcd(k, b, c) = 1 so g(x, y) is primitive.
 
−n
Corollary 18.1.7. Let n ∈ Z and p be a prime not dividing n. Then = 1 if and
p
only if p is represented by a primitive form of discriminant −4n.
   
−4n −n
Proof. Note that −4n is a quadratic residue mod p ⇐⇒ = = 1. Apply
p p
part (ii) of the lemma.
Definition. A positive definite form ax2 +bxy +cy 2 is reduced if it is primitive, |b| ≤ a ≤ c
and if either |b| = a or a = c then b ≥ 0.
There is a powerful characterization of primitive, positive definite (p.p.d.) forms in terms
of reduced forms:
Theorem 18.1.8. Every proper equivalence class of primitive, positive definite forms con-
tains a unique reduced form.
Example 18.1.9. For any n ∈ N, x2 + ny 2 is a reduced, primitive, positive definite form of
discriminant −4n. For this reason, Corollary 18.1.7 explains one of the conditions for p to
be represented by x2 + ny 2 in Theorems 17.1.8 and 17.12.3.
√
−D
Lemma 18.1.10. For every reduced form ax2 + bxy + cy 2 of discriminant D < 0, a ≤ 3
.
Proof. Let f (x, y) = ax2 + bxy + cy 2 . Since f (x, y) is reduced, b2 ≤ a2 and a ≤ c. Thus
−D = 4ac − b2 ≥ 4a2 − a2 = 3a2 which implies the result.

335
18.1. Binary Quadratic Forms Chapter 18. Quadratic Forms and n-Fermat Primes

Definition. For a fixed D < 0, the number h(D) of equivalence classes of primitive, positive
definite forms of discriminant D is called the class number of D.

Theorem 18.1.11. For every D < 0, the class number h(D) is finite.

Proof. By Theorem 18.1.8, h(D) is the number of distinct reduced forms of discriminant
D. For a reduced form ax2 + bxy + cy 2 of discriminant D, there are only a finite number of
choices for a and b since |b| ≤ a ≤ −D
3
by Lemma 18.1.10. Moreover, D = b2 −4ac shows that
the choices of D, a and b determine c. Therefore there are only a finite number of reduced
forms of discriminant D, so h(D) is finite.

336
18.2. The Form Class Group Chapter 18. Quadratic Forms and n-Fermat Primes

18.2 The Form Class Group

Our first goal in this section is to justify the word group in the following definition.
Definition. For a negative integer D ≡ 0, 1 (mod 4), the set of equivalence classes of primi-
tive, positive definite forms of discriminant D is called the form class group for D, denoted
C(D). We will sometimes abuse notation and write f (x, y) ∈ C(D) for a single form f .
Note that |C(D)| = h(D) which is equal to the number of reduced forms of discriminant
D. To prove C(D) is a group, we need to define a law of composition on classes of quadratic
forms. Legendre realized that since each class in C(D) has a unique representative that
is reduced, the composition may be defined on reduced forms. However, his method was
cumbersome to work with, so instead we follow Dirichlet’s method of form composition.
Lemma 18.2.1. Suppose f and g are p.p.d. forms of discriminant
D, where f (x, y) =
2 2 0 2 0 0 2 0 b+b0
ax + bxy + cy and g(x, y) = a x + b xy + c y . If gcd a, a , 2 = 1 then there is an
integer B, unique modulo 2aa0 , satisfying
B ≡ b (mod 2a)
B ≡ b0 (mod 2a0 )
B 2 ≡ D (mod 4aa0 ).
Definition. Given two p.p.d. forms f (x, y) =
ax2 +bxy +cy 2 and g(x, y) = a0 x2 +b0 xy +c0 y 2
0
of discriminant D which satisfy gcd a, a0 , b+b
2
= 1, their Dirichlet composition is
B2 − D 2
(f ∗ g)(x, y) = aa0 x2 + Bxy + y ,
4aa0
where B is the unique integer modulo 2aa0 chosen in Lemma 18.2.1.
Lemma 18.2.2. For any primitive, positive definite forms f and g of discriminant D, if
f ∗ g is defined, it is a primitive, positive definite form of discriminant D.
Proof. Suppose f (x, y) = ax2 +bxy+cy 2 and g(x, y) = a0 x2 +b0 xy+c0 y 2 satisfy the conditions
B 2 −D
of Lemma 18.2.1.
 Set
 C = 4aa0
and F (x, y) = aa0 x2 + Bxy + Cy 2 . The discriminant of F
2 −D
is B 2 − 4aa0 B4aa 0 = D so F (x, y) is positive definite. Suppose m is a number dividing
all the coefficients of F . By Lemma 18.1.3, f and g are properly equivalent to the quadratic
forms ax2 + Bxy + a0 Cy 2 and a0 x2 + Bxy + aCy 2 , respectively. Notice that
f (x, y)g(x, y) ∼ (ax2 + Bxy + a0 Cy 2 )(a0 x2 + Bxy + aCy 2 )
= aa0 x4 + aBx3 y + a2 Cx2 y 2 + a0 Bx3 y + B 2 x2 y 2 + aBCxy 3
+ (a0 )2 Cx2 y 2 + a0 BCxy 3 + aa0 C 2 y 4
= aa0 (x4 + C 2 y 4 ) + B(ax3 y + a0 x3 y + Bx2 y 2 + aCxy 3 + a0 Cxy 3 )
+ C(a2 x2 y 2 + aBxy 3 + (a0 )2 x2 y 2 + aa0 Cy 4 + a0 Bxy 3 )
= aa0 (x2 − Cy 2 )2 + B(x2 − Cy 2 )(axy + a0 xy + By 2 )
+ C(axy + a0 xy + By 2 )2
= aa0 z 2 + Bzw + Cw2 .

337
18.2. The Form Class Group Chapter 18. Quadratic Forms and n-Fermat Primes

So the product f (x, y)g(x, y) is properly equivalent to F (x, y). This means m divides every
number represented by f (x, y)g(x, y) but by Proposition 18.1.4, f and g represent some
numbers relatively prime to m. Therefore m = 1 so F (x, y) is primitive.

Definition. Let D ≡ 0, 1 (mod 4) be a negative integer. The principal form of discrimi-

nant D is defined to be
(
x2 − D4 y 2 , D ≡ 0 (mod 4)
FD (x, y) = 2 1−D 2
x + xy + 4 y , D ≡ 1 (mod 4).

Notice that when D = −4n for an integer n ≥ 1, the principal form is x2 + ny 2 . We now
prove the main theorem for the form class group.

Theorem 18.2.3. Let D ≡ 0, 1 (mod 4) be a negative integer. The set C(D) is a finite
abelian group under Dirichlet composition. Moreover, the identity element is the class con-
taining the principal form and the inverse of the class containing ax2 + bxy + cy 2 is the class
containing ax2 − bxy + cy 2 .

Proof. First, Theorem 18.1.11 says that |C(D)| = h(D) is finite. If f (x, y) = ax2 + bxy + cy 2
and g(x, y) are p.p.d. forms of discriminant D then Proposition 18.1.4(ii) shows we can
replace g with a properly equivalent form g 0 (x, y) = a0 x2 + b0 xy + c0 y 2 with gcd(a, a0 ) =
1. Therefore Dirichlet composition is well-defined on classes of p.p.d. quadratic forms.
Moreover, Dirichlet composition is clearly abelian, so it suffices to check the identity and
inverses.
Let f (x, y) = ax2 + bxy + cy 2 ∈ C(D). Note that for the principal form FD (x, y), a0 = 1
so gcd(a, a0 ) = 1 and Dirichlet composition is well-defined for f and FD . The integer B that
satisfies Lemma 18.2.1 is precisely b, so

b2 − D 2
FD ∗ f (x, y) = aa0 x2 + bxy + y
4aa0
4ac 2
= ax2 + bxy + y
4a
= ax2 + bxy + cy 2 = f (x, y).

Hence FD is the identity.

Next, note that Dirichlet composition is not defined on the forms f (x, y) and f 0 (x, y) =
ax2 − bxy + cy 2 but by proper equivalence we can replace
 f 0 (x, y) with g(x, y) = f 0 (−y, x) =

0 −1
cx2 + bxy + ay 2 — the transformation matrix S = has determinant 1. Since f (x, y)
1 0
is primitive, gcd(a, b, c) = 1 so f ∗ g(x, y) is defined. Again, B = b satisfies Lemma 18.2.1 so

b2 − D 2
f ∗ g(x, y) = acx2 + bxy + y = acx2 + bxy + y 2 .
4ac
To finish, we show that F (x, y) = acx2 + bxy + y 2 is properly equivalent to FD (x, y). Using
the matrix S again, F (x, y) is properly equivalent to F (−y, x) and by Example 18.1.2 we

338
18.2. The Form Class Group Chapter 18. Quadratic Forms and n-Fermat Primes

can replace F (−y, x) = x2 − bxy + acy 2 with x2 + (−b + 2n)xy + (n2 − bn + ac)y 2 for any
n ∈ Z. If D ≡ 0 (mod 4), b must be even so let n = 2b . Then
 2
b2

2 2 2 2 b
x + (−b + 2n)xy + (n − bn + ac)y = x + (−b + b)xy + − + ac y 2
4 2
 
−b + 4ac
= x2 + y2
4
D
= x2 − y 2 = FD (x, y).
4
b+1
On the other hand, if D ≡ 1 (mod 4), b is odd so let n = 2
. Then

x2 + (−b + 2n)xy + (n2 − bn + ac)y 2

 2
b + 2b + 1 b2 − b

2
= x + (−b + b + 1)xy + − + ac y 2
4 2
2
 
1 − b + 4ac
= x2 + xy + y2
4
1−D 2
= x2 + xy + y = FD (x, y).
4
In both cases, F (x, y) is properly equivalent to the principal form so the inverse of the class
containing ax2 + bxy + cy 2 is the class containing ax2 − bxy + cy 2 . This completes the proof
that C(D) is a finite abelian group.
We now return to a statement in Section 17.1 regarding the relationship between C(dK )
and the ideal class group C(OK ). In fact, we will prove a more general relation between
C(D) and C(O) where O is an order in an imaginary quadratic field.

Theorem 18.2.4. Let K be an imaginary quadratic number field, let D ≡ 0, 1 (mod 4) be

a negative integer and let O be the order of discriminant D in K.
h √ i
(1) If f (x, y) = ax2 + bxy + cy 2 is a p.p.d. form of discriminant D then a, −b+2 D is a
proper ideal of O.
h √ i
(2) There is an isomorphism Ψ : C(D) → C(O) defined by f (x, y) 7→ a, −b+2 D and
therefore |C(O)| = h(D).

(3) A positive integer m is represented by a form f (x, y) ∈ C(D) if and only if m = N(a)
for some proper ideal a ∈ Ψ(f (x, y)).

Proof. We will prove (1) and (2). The details of (3) can be found in Cox. √
(1) Let f (x, y) = ax2 + bxy + cy 2 be p.p.d. of discriminant D. Then α = −b+2a D is a root
of the polynomial f (x, 1) = ax2 + bx + c so byhLemma 17.2.7, a[1, α] is a proper ideal of the
√ i
−b+ D
order [1, aα]. Notice that a[1, α] = [a, aα] = a, 2 so it suffices to show [1, aα] = O.

339
18.2. The Form Class Group Chapter 18. Quadratic Forms and n-Fermat Primes

Let f be the conductor of O. Then we showed in Section 17.2 that D = f 2 dK where dK is

the field discriminant, so
√ √
−b + D −b + f dK
aα = =
2 2√
−b + f dK dK + dK
= +f
2 2
−b + f dK
= + f wK
2
where wK is defined as in Section 17.2. Since D = b2 − 4ac = f 2 dK , f dK and b have the
same parity which means that −b+f 2
dK
is an integer. Therefore [1, aα] = [1, f wK ] by the
above work and since every order is determined by its conductor, this shows [1, aα] = O.
(2) Let f (x, y) and g(x, y) be p.p.d. forms of discriminant D. Let α, β ∈ C∗ be the roots
of f (x, 1) and g(x, 1), respectively, with positive imaginary parts. First, we show

aα + b
f (x, y) and g(x, y) are properly equivalent ⇐⇒ β = for a, b, c, d ∈ Z, ad − bc = 1
cα + d
⇐⇒ [1, α] = λ[1, β] for some λ ∈ K ∗ .
 
a b
Suppose f (x̄) = g(Ax̄) where A = ∈ SL2 (Z). Then since α is a root of f (x, 1),
c d
 
2 aα + b
0 = f (α, 1) = g(aα + b, cα + d) = (cα + d) g ,1 .
cα + d
aα+b
Thus cα+d
is a root of g(x, 1) and it is easy to verify that it has positive imaginary part, so
 
aα+b aα+b a b
β = cα+d . On the other hand, the equation above shows that if β = cα+d for A = in
c d
SL2 (Z) then f (x, 1) and g(A(x, 1)) have the same root. It follows that f (x̄) = g(Ax̄) so the
forms are properly equivalent. This proves the first of the equivalences above.
Next, suppose β = aα+b
cα+d
where ad − bc = 1. Then cα + d ∈ K ∗ so set λ = cα + d. This
implies  
aα + b
λ[1, β] = (cα + d) 1, = [cα + d, aα + b]
cα + d
but since ad − bc = 1, [cα + d, aα + b] = [1, α]. On the other hand, if [1, α] = λ[1, β] = [λ, λβ]
for some λ ∈ K ∗ then

λβ = eα + f
and λ = gα + h
 
e f eα+f eα+f
for some e, f, g, h such that ∈ GL2 (Z). Then β = λ
=and since α and β
gα+h
g h  
e f
both have positive imaginary parts, we must have eh − f g = 1, that is ∈ SL2 (Z).
g h

340
18.2. The Form Class Group Chapter 18. Quadratic Forms and n-Fermat Primes

Therefore f and g are properly equivalent if and only if [1, α] = λ[1, β] for some λ ∈ K ∗ .
This establishes an injection

Ψ : C(D) −→ C(O)
" √ #
−b + D
f (x, y) 7−→ a[1, α] = a, .
2

We next show that Ψ is surjective. Let a be a fractional O-ideal which, by the proof of
Proposition 17.2.8, can be written a = [α, β] for some α, β ∈ K. Without loss of generality
assume αβ has positive imaginary part. Set γ = αβ and let ax2 + bx + c be the minimal
polynomial of γ over Q – we may rescale the coefficients to ensure gcd(a, b, c) = 1 and a > 0.
Let f (x, y) = ax2 + bxy + cy 2 which is then a p.p.d. quadratic form. We next check that
f (x, y) has discriminant D = disc(O). Writing O = [1, aγ] we compute the discriminant by

1 aγ 2
 
D =   = a2 (γ̄ − γ)2 = 4a2 im(γ)2 .
1 aγ̄ 

The roots of ax2 + bx + c are γ and γ̄ which are solutions to the quadratic formula:
√ √
−b + b2 − 4ac −b − b2 − 4ac
γ= and γ̄ = .
2a 2a
√ √ 2
2 −4ac 2 −4ac
So im(γ) = b 2a and hence D = 4a2 b 2a = b2 − 4ac. This is precisely the discrim-
inant of f (x, y). Therefore f (x, y) is a primitive, positive definite form of discriminant D
which maps to a[1, γ] ∼ α[1, γ] = a in C(O). Hence Ψ is surjective.
Now we show that Ψ preserves the group structure of C(D). If f and g are p.p.d.
forms of discriminant D, denote their Dirichlet composition by F (x, y). In the proof of
Theorem 18.2.3, we saw that B = b satisfies the conditions of Lemma 18.2.1 for f and g, so
we can write the images of f, g and F under Ψ as:
 √ 
−b + f dK
Ψ([f ]) = a, = [a, ∆];
2
 0
√ 
0 −b + f dK
Ψ([g]) = a , = [a0 , ∆];
2
 √  √
0 −B + f dK 0 −b + f dK
and Ψ([F ]) = aa , = [aa , ∆] where ∆ = .
2 2
We want to show [a, ∆][a0 , ∆] = [aa0 , ∆] in C(O). Note that the conditions on B from
Lemma 18.2.1 give us ∆2 ≡ −B∆ mod aa0 so we have

[a, ∆][a0 , ∆] = [aa0 , a∆, a0 ∆, ∆2 ] = [aa0 , a∆, a0 ∆, −B∆].

Since f, g and F are all primitive, the conditions on B also force gcd(a, a0 , B) = 1 so
[a, ∆][a0 , ∆] = [aa0 , a∆, a0 ∆, −B∆] = [aa0 , ∆] as desired. Hence Ψ : C(D) → C(O) is an
isomorphism.

341
18.3. n-Fermat Primes Chapter 18. Quadratic Forms and n-Fermat Primes

18.3 n-Fermat Primes

In the final section of this chapter, we pursue an answer to the motivating research question:

Question. If p = x2 + ny 2 is prime, when is q = y 2 + nx2 also prime?

The following definitions are not standard in the literature. We have introduced them in
order to facilitate our discussion of Theorem 17.12.3 and Question 18.3.

Definition. Let n ≥ 1 be an integer. A number of the form x2 + ny 2 , where x, y ∈ Z, is

called an n-Fermat number. If p = x2 +ny 2 is prime, p is said to be an n-Fermat prime.

Definition. An n-Fermat prime p = x2 + ny 2 is a symmetric n-Fermat prime provided

q = y 2 + nx2 is also prime.

Question 18.3 can therefore be restated: When is an n-Fermat prime symmetric? The
question is stated rather broadly for a reason, as there are several ways we could answer this.
In this language, Theorems 17.12.3 and 17.12.5 together say the√following: √Let f (x) be
the minimal polynomial of the j-invariant j(O) for the order O = Z[  −n]  in Q( −n). Then
−n
a prime p not dividing disc(f ) is an n-Fermat prime if and only if p = 1 and f (x) ≡ 0
(mod p) has an integer solution. In other words, n-Fermat primes are characterized by
congruence conditions in all but finitely many cases. The best possible situation would
therefore be a positive answer to the following question:

Question. For an integer n ≥ 1, are there congruence conditions that determine when an
n-Fermat prime is a symmetric n-Fermat prime?

There is fortunately a case when the answer to Question 18.3 is quite trivial. When n = 1,
an n-Fermat prime is always symmetric. This is certainly the only case when the ratio of
symmetric n-Fermat primes to total n-Fermat primes is 1, as the next example shows.

Example 18.3.1. Let n = 2. The first few symmetric 2-Fermat primes are: p = 3, 11,
19, 43, 59, 67, 83, 107, 139, 163, 179, . . . For small primes it appears that p is a symmetric
2-Fermat prime if and only if p ≡ 3 (mod 8). However, 131 is a 2-Fermat prime since it can
be written 131 = 92 + 2 · 52 , but 52 + 2 · 92 = 187 = 11 · 17 is not prime. Therefore the
condition p ≡ 3 (mod 8) breaks early on.
Using Magma, we generated data to estimate the proportion of symmetric 2-Fermat
primes to the expected number of symmetric 2-Fermat primes with x, y ≤ 1, 000. Empirically,
it appears that the ratio of symmetric 2-Fermat primes to total 2-Fermat primes is about
0.1143; that is, about 11.43% of 2-Fermat primes are symmetric. On the other hand, the
data shows that the ratio of the number of symmetric 2-Fermat primes to the expected
number of 2-Fermat primes, under the assumptions of our Prime Number Theorem heuristic
below, is about 0.9587. That is, there are slightly less symmetric 2-Fermat primes than we
expect. Something interesting is going on here.

For an integer n ≥ 1, let πsym,n (M ) denote the number of primes y 2 + nx2 such that
x2 + ny 2 is prime and x, y ≤ M . Notice that if x2 + ny 2 is prime and x and y are both

342
18.3. n-Fermat Primes Chapter 18. Quadratic Forms and n-Fermat Primes

relatively prime to n, then y 2 + nx2 is necessarily odd. Of course a number has twice the
probability of being prime given that it is odd so the Prime Number Theorem (10.4.2)
heuristically says that for each n ≥ 1, there is a nonnegative real number αn such that
X 1
πsym,n (M ) ∼ 2αn ,
q≤M
log q

where log is the natural logarithm and the sum is over n-Fermat numbers q = y 2 + nx2 ,
x, y ≤ M , for which x2 + ny 2 is prime. For example, the data in Example 18.3.1 shows that
α2 is close to 0.9328. We posit several conjectures related to αn and the asymptotic behavior
of πsym,n (M ) below, along with empirical results that lead us to believe they might hold.
Conjecture. For all n ≥ 1, αn > 0.
Theorem 17.12.3 characterizes primes of the form x2 + ny 2 up to solvability conditions
of fn (x) ≡ 0 (mod p). Moreover, Cox gives a general formula for the Dirichlet density δ(f )
of primes represented by a p.p.d. quadratic form f of discriminant D < 0:
(
1
if f is properly equivalent to its opposite
δ(f ) = h(D)
1
2h(D)
otherwise.
Therefore there are infinitely many n-Fermat primes for any n ≥ 1. In other words, the sum
1
P
q≤M log q over n-Fermat numbers q obtained by switching solutions for n-Fermat primes
diverges as M → ∞, so Conjecture 18.3 would imply that there are infinitely many symmetric
n-Fermat primes for every n ≥ 1. To test this conjecture, we turned Magma loose on some
computations with large search spaces. Through the first 40,000 values for n, and with
search parameters x, y ≤ 1, 000, Conjecture 18.3 is seen to hold. There were several other
interesting observations made, which are discussed via the next two conjectures.
Conjecture. The average value of αn over all n ≥ 1 is equal to 1.
Informally, Conjecture 18.3 means that, on average, n-Fermat primes are about as likely
to be symmetric as the Prime Number Theorem predicts. This is supported by the statistical
analysis of the data we generated.
This describes a global property of the natural numbers, which reinforces the predictions
of the Prime Number Theorem. This shouldn’t be a surprise, as the PNT makes a strong,
global statement about the natural numbers and subsets thereof. However, we know from
experience that the integers often behave more erratically from a local perspective. To this
end, we used Magma to locate the values of n such that αn exceeds a certain threshold r. For
example, there are a handful of numbers n in the first 40,000 such that αn > 2, including:
2277, 12699, 13629, 14540, 15091, 16615, 22576, 24089,
27250, 29127, 29798, 31927, 33060, 34159, 35814.
These n have the apparent property that there are more than twice the number of symmetric
n-Fermat primes than expected. We studied similar data for n values such that αn is less
than a threshold r. In the future we hope to be able to discern why certain numbers have
higher or lower densities of symmetric n-Fermat primes than predicted, but if one is to
believe that the values of αn follow any sort of recognizable distribution, then such outliers
are to be expected in larger and larger data sets.

343
18.3. n-Fermat Primes Chapter 18. Quadratic Forms and n-Fermat Primes

Conjecture. The set of αn is bounded. That is, there are positive constants ε and M such
that for all n, ε ≤ αn ≤ M .

This conjecture is offered solely based on the observations made for large parameter
searches for symmetric n-Fermat primes. It appears so far that 0.4 ≤ αn ≤ 2.1.
Finally, a question lingering on the edge of this discussion is

Question. If p is an n-Fermat prime, is there an algorithm for finding solutions x, y ∈ Z

to p = x2 + ny 2 ? And if so, how many solutions (x, y) are there?

Question 18.3 is unsolved and it would be difficult at this time to implement a method of
solving p = x2 + ny 2 even for small n. However, there is clear motivation for answering such
a question, as there are important implications to the theory of quadratic partitions and
cryptography.
In a related sense, the characterization (Example 14.5.11) of primes of the form x2 + y 2 ,
that is 1-Fermat primes, forms the basis of a primality test discovered by Euler: m = x2 + y 2
has a single solution (x, y) in positive integers when m is prime. In the future, the complexity
of n-Fermat primes and symmetric n-Fermat primes may contribute to the rise of more secure
cryptosystems and faster primality test algorithms.

344
Chapter 19

Adèlic Class Field Theory

In this chapter we reframe the main results in global class field theory using the adèlic
language of Chapter 16, including:

ˆ Definition of the Artin map (Section 17.3)

ˆ Artin reciprocity theorem (Section 17.8)

ˆ Kronecker-Weber theorem (Theorem 17.8.10).

We will give proofs of most results, excluding the difficult Artin reciprocity theorem.

345
19.1. Frobenius Elements Chapter 19. Adèlic Class Field Theory

19.1 Frobenius Elements

Let K be a number field with ring of integers OK and let L/K be a finite extension with
automorphism group G, with OL /OK the corresponding ring extension. Fix a prime P ⊂ OL
and set p = P ∩ K. By the results of Section 15.8, there is a tower of fields (shown with the
primes below P and the corresponding inertia degrees):

L P |OL /P| = q d

L
e P
e e = qd
|OLe /P|

K
e p
e |OKe /e
p| = q

K p |OK /p| = q

(Here, P e = P∩L e and e p = P ∩ K.)

e For the moment we will focus on the case when P = P, e
i.e. P is unramified over p. The extension L/K e has a single prime P lying over e p, so this is
best understood in terms of local fields.
Let LP and K eep be the completions of L at P and K
e at e
p, respectively. Then Gal(LP /K eep ) ∼
=
q
Gal(Fqd /Fq ) = hαi where α is the automorphism x 7→ x . The corresponding generator of
Gal(LP /K eep ) is called the local Frobenius element of P over e p, written FrobLP /Keep . The re-
striction of Frob e to L ,→ LP is then an element Frob e (P | e
p) ∈ Gal(L/K), e called
LP /Kep L/K
the Frobenius element of P over e
p. The key property that it satisfies is

p) : x + P 7−→ xq + P on OL /P.
FrobL/Ke (P | e

In general, p ⊂ OK may split in K,e say p = e p1 · · · e

pr for (not necessarily distinct) primes
pi ⊂ OKe . Let Pi be the prime in L corresponding to e
e pi for each 1 ≤ i ≤ r. Then each
FrobL/Ke (Pi | pi ) ∈ Gal(L/K) can be lifted to G,
e e

FrobL/K (Pi | p) := FrobL/Ke (Pi | e

pi ) ∈ Gal(L/K)
e = DP ≤ G
i

where DPi ≤ G is the decomposition group of Pi | p. If Pi 6= Pj , then there is some

σ ∈ G such that σ(Pi ) = Pj . Using this, it’s easy to show that σ FrobL/K (Pi | p)σ −1 =
FrobL/K (Pj | p), i.e. all the Frobenius elements over p are conjugate, and that in fact any
Frobenius elements over p arises this way.
Now suppose K e = L, that is, p splits completely in L. Then e p = P and OL /P = OKe /e p
p = P and OL /P = OKe /e
and in fact the converse is true as well: if e p then p splits completely.
To see this, one uses the fact that p splits completely if and only if FrobL/Ke (P | e
p) = 1 ∈ DP
for any P | p, and it even suffices to check this for any single prime P | p since the Frobenius
elements are conjugate in G.

346
19.1. Frobenius Elements Chapter 19. Adèlic Class Field Theory

Let L/K be an abelian extension, i.e. G = Gal(L/K) is an abelian group. Then

FrobL/K (P | p) is a well-defined element of G independent of the prime lying over p (since
conjugacy classes are singletons), so we write it as FrobL/K (p) and call it the Frobenius
element of p.

Proposition 19.1.1. Let K be a number field and p a prime ideal of OK . Then

(1) If L1 /K and L2 /K are abelian extensions with L1 ∩ L2 = K, then

Gal(L1 L2 /K) ∼
= Gal(L1 /K) × Gal(L2 /K)

and under this isomorphism, FrobL1 L2 /K (p) corresponds to (FrobL1 /K (p), FrobL2 /K (p)).

(2) Suppose M ⊇ L ⊇ K are abelian extensions. Then FrobM/K (p)|L = FrobL/K (p).

Proof. Easy from the definition of the Frobenius elements.

Using these properties, we can extend the Frobenius element for p to the maximal exten-
sion of K which is unramified at p, denoted K nr (p). This element FrobK nr (p)/K (p) will be
denoted Frob(p) if the context is clear.

Remark. In the abelian case, Frobenius elements may also be written as Artin symbols:

FrobL/K (p) = (p, L/K).

So for example, on the maximal extension unramified at p, (p, K nr (p)/K) = Frob(p).

When L/K is not necessarily an abelian extension, FrobK/F (p) is only a conjugacy class in
Gal(K/F ). One may ask whether every conjugacy class in Gal(K/F ) arises as the Frobenius
class for some prime p. The answer was provided by Čebotarev’s theorem (17.11.5).

347
19.2. Artin Reciprocity Chapter 19. Adèlic Class Field Theory

19.2 Artin Reciprocity

For a field F , let CF denote either F × if F is a local field, or IF /F × if F is a global field.
Then CF is a locally compact abelian group (Theorem 16.1.3 in the global case). Fix an
algebraic closure F of F . For each finite extension K/F , there is a certain map

θK : CK −→ Gab
K

called the Artin map, where GK := Gal(F /K). When F is a global field and K is unramified
at p, θK will be defined on classes [(xv )] ∈ CK , where xv = πp if v = p and xv = 1 otherwise,
by θK [(xv )] = (p, K/F ). When F is a local field, θK will be given by a certain power of a
generator of the Galois group Gal(K/F ).
The celebrated Artin reciprocity theorem shows that each of these θK is an isomorphism
and moreover, if L/K is unramified at p, then there is a commutative diagram

θL
CL Gab
L

NL/K
θK
CK Gab
K

This will determine a short exact sequence of groups

1 → NL/K (CL ) → CK → Gal(L/K)ab → 1.

In the other direction, there is a map VL/K : Gab ab

K → GL which corresponds, in the sense
of the diagram above, to extension of idèles CK → CL . We define VL/K , which is called the
transfer map, using group theory as follows.
Suppose G is a group, H ≤ G is a subgroup and s : H\G → G is a section of the natural
action on right cosets G → H\G. Define the map

h : G × H\G −→ G
(x, Hy) 7−→ s(Hy)xs(Hyx)−1 .

Informally, we might regard h as measuring how far s is from being a homomorphism. Define
for each x ∈ G an element in the abelianization of H, Ve (x) ∈ H ab = H/[H, H] by
Y
Ve (x) = h(x, Hy) mod [H, H].
Hy∈H\G

This gives a map Ve : G → H ab .

Lemma 19.2.1. For any subgroup H ≤ G,
(a) Ve is independent of the choice of section s : H\G → G.

(b) Ve : G → H ab is a homomorphism.

348
19.2. Artin Reciprocity Chapter 19. Adèlic Class Field Theory

(c) There is a factorization

Ve
G H ab
VG/H

Gab

Definition. The homomorphism VG/H : Gab → H ab is called the transfer map for H ≤ G,
or in German, the Verlagerung.

Theorem 19.2.2 (Artin Reciprocity). Let F be a local or global field. Then there exists a
map
θF : CF −→ Gab F

such that
F θ
(1) For every finite abelian extension K/F , the map θK/F : CF −→ Gab
F → Gal(K/F ) is
surjective with kernel ker θK/F = NK/F (CK ).

(2) Conversely, for any finite index open subgroup N ⊆ CF , there exists a finite abelian
extension K/F for which N = ker θK/F . In this case, CF /N ∼
= Gal(K/F ).

(3) If K/F is a finite unramified abelian extension of local fields, then the map θK/F is
given by θK/F (x) = ϕv(x) for any x ∈ F × , where v is the nonarchimedean valuation
on F and ϕ generates Gal(K/F ).

(4) If K/F is a finite abelian extension of global fields and p is a prime of F which is
unramified in K, then
θK/F (x) = (p, K/F )
where x ∈ CF is the class represented by (xv ), with xv = 1 if v 6= p and xp = πp is a
uniformizer at p.

Moreover, the Artin map is functorial in the following sense. If K/F is any finite separable
extension, then there are commutative diagrams

θK θK
CK Gab
K CK Gab
K

NK/F and jK/F VK/F

θF θF
CF Gab
F CF Gab
F

where jK/F : CF → CK is extension of idèles.

349
19.3. Kronecker-Weber Theorem Chapter 19. Adèlic Class Field Theory

19.3 Kronecker-Weber Theorem

In this section, we develop class field theory in the special case of cyclotomic extensions. Let
F be a field and let F ab be the maximal abelian extension of F . Such a field exists since
for any K1 , K2 /F , Gal(K1 K2 /F ) ∼= Gal(K1 /F ) × Gal(K2 /F ) by Proposition 19.1.1 and so
if K1 /F and K2 /F are abelian extensions, so is their compositum K1 K2 /F .
An important example of an abelian extension of any field F is the maximal cyclotomic
extension, F cyc = F (ζ | ζ m = 1 for some m ≥ 1).

Lemma 19.3.1. F cyc ⊆ F ab .

Proof. It suffices to prove this for F = Q and Fq . For F = Q, this follows from the
identification Gal(Q(ζpr )/Q) ∼
= (Z/pr Z)× for any prime power pr and the fact that every
cyclotomic extension can be written as a compositum of prime power cyclotomic extensions.
The proof for F = Fq is similar.

Remark. When F is a local field with maximal unramified extension F nr , we have:

F ⊆ F nr ⊆ F cyc ⊆ F ab .

We will prove that the converse holds, i.e. F cyc = F ab ; when F = Q, this is the famous
Kronecker-Weber theorem.

Theorem 19.3.2. Let K/Qp be a cyclic extension of degree q r , where q 6= p is a prime.

Then K ⊆ Qp (ζm ) for some mth root of unity ζm .

Proof. Consider the tower Qp ⊆ F ⊆ K where F is the maximal unramified subextension

of K/Qp , so that K/F is totally ramified. Note that K is tamely ramified over F (since
[K : Qp ] is prime to p), so K = F (π 1/e ) for a uniformizer π ∈ OF and e = [K : F ]. Then π
factors as π = pα uβ where vp (u) = 0 and α, β ∈ Z, so that F (π 1/e ) ⊆ F (pα/e )(uβ/e ). Adjoing
uβ/e always yields an unramified extension of F , so this part is contained in a cyclotomic
extension by the Remark.
So it remains to deal with the case of F (p1/e ) where (e, p) = 1. In this case, F (p1/e ) is
contained in the compositum Qp (p1/e )F , so it’s enough to show Qp (p1/e ) ⊆ Qcyc p , since (again
by the Remark) unramified extensions of local fields are always contained in cyclotomic
extensions. We know that Qp (p1/e ) is generated by an Eisenstein polynomial, so it contains
ζe . Now Qp (ζe ) is unramified over Qp , i.e. Qp (ζe ) = Qp , so e must divide p − 1. This implies
Qp (p1/e ) ⊆ Qp (p1/(p−1) ). Finally, Qp (p1/(p−1) ) = Qp (ζp ) so we are done.
Next, we have:

Theorem 19.3.3. Let K/Qp be a cyclic extension of degree pr . Then K ⊆ Qp (ζm ) for some
root of unity ζm .

Proof. We show that K is contained in one of the following: (1) Qp (ζppr −1 ); (2) the index
p − 1 subfield of Qp (ζpr+1 ); and (3) K = Qp (ζmr ) := Qp (ζppr −1 )(ζpr+1 ); all three of which are
cyclotomic, so this would prove the theorem. We now show any K is contained in one of

350
19.3. Kronecker-Weber Theorem Chapter 19. Adèlic Class Field Theory

these extensions. Suppose the contrary. Then for any m = mr as above, K(ζm ) is Galois
over Qp with Galois group

H = {(σ1 , σ2 ) ∈ Gal(Qp (ζm )/Qp ) × Gal(K/Qp ) | σ1 |K∩Qp (ζm ) = σ2 |K∩Qp (ζm ) },

with H ⊆ Z/pr Z × (Z/pr Z × Z/(p − 1)Z) × Z/pr Z. Since we assumed K 6⊆ Qp (ζm ), the final
factor of Z/pr is nontrivial, so that Gal(K(ζm )/Qp ) has a (Z/pZ)3 -quotient. It is a fact that
if p > 2, no extension of Qp has Galois group (Z/pZ)3 , a contradiction. (There is a similar
proof when p = 2, though we will not show it.)
The global case is given by the Kronecker-Weber theorem.

Theorem 19.3.4 (Kronecker-Weber). For any abelian extension K/Q, K ⊆ Q(ζm ) for some
root of unity ζm .

If L/K is an abelian extension of number fields, we have defined the Artin map θL/K :
IL → GL where IL is the idèle group of L and GL is the absolute Galois group of L. As
in Artin’s reciprocity theorem (19.2.2), consider the composition ϕL/K : IL → IK → GK →
Gal(L/K). Then ker ϕL/K = NL/K (IL ).

Definition. For a finite extension L/K, we define Spl(L/K) to be the set of primes of K
that split completely in L with relative degree 1 over Q.

Theorem 19.3.5. Let K be a global field with finite extensions L/K and M/K, where M/K
is Galois. Then L ⊆ M if and only if Spl(M/K) ⊆ Spl(L/K) ∪ Σ for some finite set of
primes Σ.

Proof. ( =⇒ ) is straightforward.
( ⇒= ) Let F ⊇ LM and take σ ∈ Gal(F/K) with F ) F σ ⊇ M . We may choose a ∈ OL
with σ(a) − a 6= 0. Then by Čebotarev’s density theorem (17.11.5), for every σ ∈ Gal(L/K),
there exist infinitely many primes p ⊂ OK with FrobL/K (p) = σ. Choose any of these p and
also pick P ⊂ OL with FrobL/K (P | p) = σ, so taht P - σ(a) − a and p 6∈ Σ. Since σ fixes
M , p splits completely in M but σ does not fix L, so p does not split completely in L, a
contradiction.
In general, Theorem 19.3.5 implies that identifying an abelian extension K/Q comes
down to identifying Spl(K/Q). Let ϕK/Q : IQ → Gal(K/Q) Q be the Artin map and let
U = ker ϕK/Q . By Proposition 19.3.6 below, IQ ∼ = Q× × R+ × p Q Z×p . Since U is an open
subgroup of IQ , we may identify it with an open subgroup of R+ × p Z× p but since R+ has
no nontrivial open subgroups, we must have U = R+ × U for an open subgroup U ⊆ p Z×
Q
p.
By the Chinese remainder theorem (3.2.10) and Artin reciprocity (19.2.2), we can find an
integer m such that U ⊇ Um where Um is the unique open subgroup of CQ corresponding to
Gal(K(ζm )/K). Then if some prime p is equivalent to 1 mod m, it must be in Spl(K/Q).
Hence by Theorem 19.3.5, K ⊆ Q(ζm ). This proves the Kronecker-Weber theorem.

Proposition 19.3.6. IQ ∼ = Q× × R+ × p Z×
Q
p.

351
19.3. Kronecker-Weber Theorem Chapter 19. Adèlic Class Field Theory

Proof. There is a short exact sequence

0 → N → IQ → Q× → 0

where (xv ) ∈ IQ maps to sign(x∞ ) p |xp |−1

Q
p , and N is the kernel of this map. The sequence
is split by the natural inclusion Q ,→ IQ , so we have IQ ∼
×
= Q× ×N . Since IQ ∼= Q×
Q ×
∞× p Qp ,
N will be a product of open subgroups of the Qp . If (xv ) ∈ N , then x∞ > 0 and xp ∈ Z×
×
p
for each finite prime p. These conditions Q are also sufficient for an element to lie in N , so it
follows that IQ ∼= Q× × N = Q× × R+ × p Z× p.

352
 Part V

Elliptic Curves

353
Chapter 20

Introduction

The notes in Part V come from a course in algebraic geometry and elliptic curves taught by
Dr. Lloyd West at the University of Virginia in Fall 2016. The first part of the notes are a
survey of the main concepts in algebraic geometry, with an emphasis on curves (i.e. varieties
of dimension 1). Key topics include:

ˆ Affine and projective varieties

ˆ Dimension

ˆ Singular and nonsingular points and tangent spaces

ˆ Morphisms between varieties

ˆ Intersection theory

ˆ Divisors

ˆ Genus

ˆ The Riemann-Hurwitz theorem and Riemann-Roch theorem

ˆ Jacobian of a curve

The main algebraic geometry reference used is Shafarevich’s Basic Algebraic Geometry 1.
The second part of the course covers the basic results in the arithmetic geometry of
elliptic curves, including:

ˆ Abelian varieties and isogenies

ˆ Models over local and global fields

ˆ Moduli

ˆ Reduction mod p

ˆ Zeta functions

354
 Chapter 20. Introduction

ˆ Statement of the Weil conjectures for curves

ˆ Heights

ˆ Descent (à la Fermat)

ˆ Hasse’s local-global principle

ˆ Torsors and Galois actions

ˆ Galois cohomology in degrees 0, 1 and 2

ˆ Selmer and Tate-Shafarevich groups

Additional topics include the application of elliptic curves to cryptography, higher genus
curves and L-functions. The main text used is Silverman’s Arithmetic of Elliptic Curves.

355
20.1. Geometry and Number Theory Chapter 20. Introduction

20.1 Geometry and Number Theory

Consider the following questions:

Question. Describe the set of all right triangles with integer sides.

Question. A rational number n is said to be congruent if there exists a rational right triangle
with area n. Which rational numbers n are congruent?

We will see that Question 1 is easy to answer, while Question 2 is still unsolved. The
fundamental difference lies in the geometry of each situation.

Definition. We say (a, b, c) ∈ Z3 is a pythagorean triple if a2 + b2 = c2 .

For example, (3, 4, 5) and (5, 12, 13) are pythagorean triples. Notice that multiplying
any pythagorean triple by an integer n ∈ Z yields another pythagorean triple (in particular,
there are infinitely many pythagorean triples), so we may assume a, b, c are coprime. Such a
triple is called a primitive pythagorean triple.

Theorem 20.1.1. Denote the set of all primitive pythagorean triples by Π. Then there is a
bijection Π ↔ {(x, y) ∈ Q2 | x2 + y 2 = 1}.

Proof. It is easy to check that the assignments

 
a b
(a, b, c) 7−→ ,
c c
 
a b
(a, b, c) →−7 (x, y) = , with a, b, c coprime
c c

exhibit the desired bijection.

Thus the problem of rational triangles and pythagorean triples reduces to studying the
rational points of the unit circle in the xy-plane.

Definition. Let k be a field and fix a polynomial f ∈ k[x, y] which is irreducible over the
algebraic closure k̄. Then the curve associated to f is a functor C = Cf given by

C : Fieldsk −→ Sets
K/k 7−→ Ck (K) := {(x, y) ∈ K 2 | f (x, y) = 0}.

For a field extension K/k, the set C(K) is called the K-rational points of the curve C.

In this language, Question 1 reads, “What is #Cf (Q) when f = x2 + y 2 − 1”?

Example 20.1.2. Let f = x2 + y 2 − 1 and consider the geometric objects defined by

C(K) = Cf (K) for K = R and K = Q.

356
20.1. Geometry and Number Theory Chapter 20. Introduction

C(R) = S 1 ⊆ R2 C(C), the Riemann sphere in C2

Also note that since f ∈ Q[x, y], we can view f as a polynomial with coefficients in any
finite field Fq , and consequently the Fq -rational points C(Fq ) are defined.
Next, fix the point (−1, 0) on C(K) for any field K and consider the line L : x = 0.

slope = t

(−1, 0)

Theorem 20.1.3. Let k be any field and C = Cf the curve defined by f = x2 + y 2 − 1. Then
there is a bijection

C(k) r {(−1, 0)} −→ L(k)

(x, y) 7−→ (0, χ(x, y))
(ψ(t), φ(t)) →−7 t

where χ, ψ and φ are rational functions, i.e. χ ∈ k(x, y) and ψ, φ ∈ k(t).

Proof. The rational functions

y 1 − t2 2t
χ(x, y) = , ψ(t) = and φ(t) =
x+1 1 + t2 1 + t2
exhibit the bijection.
Theorems 20.1.1 and 20.1.3 answer Question 1: the set of all primitive pythagorean triples
is completely described by the line L given by x = 0, and this description holds over any
field k.
For Question 2, we must understand the set of congruent numbers over a field k. For
n ∈ Q, define the set

Cn (k) = (a, b, c) ∈ k 3 : a2 + b2 = c2 and 12 ab = n .



Definition. We say n is congruent over k if Cn (k) is nonempty.

357
20.1. Geometry and Number Theory Chapter 20. Introduction

In particular, Question 2 reduces to deciding when Cn (Q) is nonempty. Notice that we

may assume n is a squarefree integer. Above, we parametrized the circle S 1 by a line L.
Here, we parametrize Cn (k) with a zero set of a different polynomial. Define a bijection

Cn (k) −→ En (k) := {(x, y) ∈ k 2 | y 2 = x3 − nx, y 6= 0}

2n2
 
nb
(a, b, c) 7−→ ,
c−a c−a
 2
x − n2 2nx x2 + n2

, , →−7 (x, y).
y y y

The set En (k) is an example of an elliptic curve over k.

Example 20.1.4. The elliptic curve defined by y 2 = x3 − 25x over R is shown below, with
some points of En (Q) highlighted.

358
20.2. Rational Curves Chapter 20. Introduction

20.2 Rational Curves

Let C be a plane curve defined by an irreducible polynomial f ∈ k[x, y].
Definition. We say C is unirational over k if there exist nonconstant rational functions
ψ, φ ∈ k(t) such that f (ψ(t), φ(t)) = 0 for all t.
Definition. We say C is rational over k if it is unirational and there exists a rational
function χ ∈ k(x, y) such that ψ(χ(x, y)) = x and φ(χ(x, y)) = y for all x, y ∈ k, with the
possible exception of finitely many points.
Example 20.2.1. By Theorem 20.1.3, the circle S 1 = Cf for f = x2 +y 2 −1 is rational over Q.
This example illustrates the idea that a curve is rational if it has a ‘rational parametrization’
by a line.
In general, the notions of unirationality and rationality are equivalent for curves (this is
not true for higher dimensional varieties):
Theorem 20.2.2 (Lüroth). A curve C over k is unirational if and only if it is rational.
To prove Lüroth’s theorem, we formulate the statement in terms of field theory.
Definition. Let f ∈ k[x, y] be an irreducible polynomial over k̄ and let C = Cf be the
associated plane curve. Then a rational function on C is an equivalence class of functions
u(x, y) ∈ k(x, y), with u = pq , p, q ∈ k[x, y] and f - q over k̄, where we say u1 = pq11 and
u2 = pq22 are equivalent if f divides p1 q2 − p2 q1 .

Example 20.2.3. On the circle S 1 = Cf , f = x2 + y 2 − 1, the functions

y 1−x
u1 (x, y) = and u2 =
1+x y
are equivalent, so they define a common rational function on C.
Definition. The set of rational functions on C with coefficients in k is called the function
field of C, denoted k(C).
Lemma 20.2.4. k(C) is a field.
Proof. Routine.
Proposition 20.2.5. A curve C is unirational over k if and only if k(C) ⊆ k(t).
Proof. ( =⇒ ) is clear.
( ⇒= ) k(C) ⊆ k(t) implies that the functions x, y ∈ k(t), so x = ψ(t) and y = φ(t)
for some rational functions ψ, φ ∈ k(t). Since f (x, y) = 0, we have f (ψ, φ) ≡ 0 so C is
unirational by definition.
Proposition 20.2.6. A curve C is rational over k if and only if k(C) = k(t).
Proof. Similar to Lemma 20.2.5.

359
20.2. Rational Curves Chapter 20. Introduction

Then Lüroth’s theorem is proven using the fact that tr degk k(C) = 1 when C is a curve,
which means k(C) ⊆ k(t) if and only if k(C) = k(t).
The situation for S 1 , i.e. that existence of rational points is determined by rational
parametrization by a line, in fact holds for all curves defined by a degree 2 polynomial.
(Such a curve is called a quadratic curve or conic.)

Proposition 20.2.7. Let f ∈ k[x, y] be an irreducible quadratic polynomial. Then the curve
C = Cf is rational over k if and only if C(k) is nonempty.

Proof. (Sketch) Fix a point (x0 , y0 ) ∈ C(k) and construct the line ` of slope t through (x0 , y0 )
in the plane k 2 , calling the intersection with C(k)r{(x0 , y0 )} (x, y). Then f (x, t(x−x0 )+y0 )
is the quadratic polynomial defining x coordinates of ` ∩ C, and the polynomial

f (x, t(x − x0 ) + y0 )
ψ(t) =
x − x0
is linear with coefficients in k. A similar parametrization of y coordinates gives a rational
function φ(t) which, together with ψ(t), shows that C is unirational over k. Hence by
Lüroth’s theorem, C is rational over k.
Thus the theory of conics reduces to the problem of finding if a conic curve has a rational
point over a given field.

Example 20.2.8. For the quadratic polynomial f = x2 + y 2 + 1, Cf (R) is empty and so of

course Cf (Q) is empty. Thus by Proposition 20.2.7, f is not rational over Q.

Example 20.2.9. Consider the quadratic polynomial f = x2 + y 2 − 3 and its associated

conic C = Cf . We will show C(Q) = ∅. Suppose there exist a, b ∈ Q such that f (a, b) = 0.
Write a = xz and b = yz for x, y, z ∈ Z coprime, z 6= 0 (this step is called homogenization
of the quadratic polynomial, corresponding to viewing C inside its projective closure). This
gives us an equation
3z 2 = x2 + y 2 . (∗)
We study roots of this equation by reducing modulo different primes. In the finite field F3 ,
the only squares are x2 , y 2 , z 2 ≡ 0 or 1 (mod 3), so the only possible solutions are (0, 0, z).
Since z 6= 0, we must have z 2 ≡ 1 (mod 3). Next, in Z/9Z we have 3z 2 ≡ 1 (mod 9) since
z ≡ 1 (mod 3). However, the only squares mod 9 are x2 , y 2 ≡ 1, 4, 7 (mod 9) so we see that
there are no solutions to (*) mod 9, and thus no solutions to (*) in integers. Hence x2 +y 2 −3
is not rational over Q.

The strategy of studying roots mod primes p to understand the structure of solutions
in Z illustrates Hasse’s so-called ‘local-global principle’. In Section 22.9, we will use p-adic
analysis (introduced in Section 15.2) to prove:

Theorem. For an irreducible quadratic polynomial f ∈ Q[x, y], if Cf (Qp ) 6= ∅ for all primes
p and Cf (R) 6= ∅, then Cf (Q) 6= ∅.

The following corollary to Hensel’s Lemma (Theorem 15.3.19) will be of use.

360
20.2. Rational Curves Chapter 20. Introduction

Corollary 20.2.10. Let β ∈ Z× 2 2

p . Then x = β has a solution in Zp if and only if x ≡ β
mod pε has a solution, where ε = 3 when p = 2 and ε = 1 otherwise.

Proof. Let f (x) = x2 − β ∈ Z[x] so that f 0 (x) = 2x. Suppose α0 ∈ Zp is a solution to

f (x) ≡ 0 mod pε , i.e. v(f (α0 )) ≥ ε. Then α02 ≡ β 6= 0 mod p so since Zp is a DVR, α0
must be a unit, i.e. v(α0 ) = 0. Now we have

2vp (f 0 (α0 )) = 2vp (2a0 ) = 2(vp (a0 ) + vp (2))

(
2, p = 2
= 2vp (2) =
0, p 6= 2
< v(f (α0 )) in all cases.

Therefore Hensel’s Lemma applies.

361
Chapter 21

Algebraic Geometry

362
21.1. Affine and Projective Space Chapter 21. Algebraic Geometry

21.1 Affine and Projective Space

Let k be a field and let k̄ denote its algebraic closure.
Definition. For each n ∈ N, we define affine n-space over k to be

An = Ank = {(x1 , . . . , xn ) | xi ∈ k}.

As sets, An = k n , but the new notation carries with it the implication that An is viewed
geometrically.
Remark. Alternatively, for any field k ⊆ K ⊆ k̄, one can define Ank (K) to be the fixed points
of Ank under the action of the Galois group Gal(k̄/K). In particular, Ank = Ank (k) = (k̄ n )Gk
where Gk = Gal(k̄/k) is the absolute Galois group of the field k.
We will let A denote the polynomial ring k[t1 , . . . , tn ].
Definition. For a polynomial f ∈ A, define its zero set (or zero locus) to be

Z(f ) = {P ∈ An | f (P ) = 0}.

We extend the definition of zero set to sets of polynomials f1 , . . . , fr ∈ A by

r
\
Z(f1 , . . . , fr ) = Z(fi ).
i=1

The definition of zero set can be extended to arbitrary subsets F ⊆ A by

\
Z(F) = Z(f ).
f ∈F

Notice that if I = (F) is the ideal of A generated by F, then Z(F) = Z(I). By Hilbert’s
basis theorem, there exists a finite subset {f1 , . . . , fr } ⊆ F such that Z(F) = Z(f1 , . . . , fr ).
Definition. A subset X ⊆ An is called an algebraic set if X = Z(F) for a set F ⊆ A,
that is, X is algebraic if it is the zero set of some collection of polynomials in k[t1 , . . . , tn ].
By the remark, it is equivalent to say X is a zero set if X = Z(I) for some ideal I ⊂ A.
Thus the operation Z(·) takes a subset of a ring and assigns to it a geometric space. There
is a dual notion:
Definition. For any subset X ⊆ An , we define the vanishing ideal of X to be

J(X) = {f ∈ A | f (P ) = 0 for all P ∈ X}.

Lemma 21.1.1. For all X ⊆ An , J(X) is a radical ideal of A.

Proof. Take f, g ∈ J(X) and r ∈ A. Then for any P ∈ X, (f − g)(P ) = f (P ) − g(P ) = 0
and (rf )(P ) = r(P )f (P ) = 0 so f + g, rf ∈ J(X) and thus J(X) is an ideal. Moreover, for
any m ∈ N, f m (P ) = 0 if and only if f (P ) = 0 so we see that r(J(X)) = J(X).

363
21.1. Affine and Projective Space Chapter 21. Algebraic Geometry

Examples.

1 ∅ = Z(A) and An = Z(0) are both algebraic sets.

2 If U ⊆ An is an affine subspace, i.e. U = P0 + V for a point P0 ∈ An and a linear

subspace V ⊆ k n , then U = Z(L1 , . . . , Ln−d ) where d = dimk V and L1 , . . . , Ln−d are
linear polynomials in A.

3 For any point P = (a1 , . . . , an ) ∈ An , {P } = Z(t1 − a1 , . . . , tn − an ). Consider the

maximal ideal mP = (t1 − a1 , . . . , tn − an ) ⊂ A. Then {P } = Z(mP ). When k is
algebraically closed, points of Ank are in one-to-one correspondence with the maximal
ideals of A via the association P ↔ mP .

4 In A2 , an example of an algebraic curve is C = {(T 2 − 1, T (T 2 − 1))} = Z(x2 + x3 − y 2 ):

5 The algebraic set Z(y, y − x2 ) = Z(x, y) consists of just the point (0, 0) in A2k :

Z(y − x2 )

Z(y)

Z(y, y − x2 )

Definition. If X = Z(S) ⊆ Ank (k̄) is an algebraic set and K is a field such that k ⊆ K ⊆ k̄,
define the K-points of X by X(K) := X ∩ Ank (K) = X GK , where GK = Gal(k̄/K).
Moreover, we say X is defined over K if J(X) has a generating set consisting of elements
of K[t1 , . . . , tn ].

Lemma 21.1.2. Let X, Y ⊆ An be sets and I, I1 , I2 and I` ⊂ A be ideals, with ` ∈ L some

indexing set. Then

364
21.1. Affine and Projective Space Chapter 21. Algebraic Geometry

(a) If Y ⊆ X then J(Y ) ⊇ J(X).

(b) If I2 ⊆ I1 then Z(I2 ) ⊇ Z(I1 ).

(c) Z(J(X)) ⊇ X.

(d) J(Z(I)) ⊇ I.

(e) Z(J(Z(I))) = Z(I).

(f ) J(Z(J(X))) = J(X).

(g) Z(I1 ) ∪ Z(I2 ) = Z(I1 ∩ I2 ) = Z(I1 I2 ).

! !
\ [ X
(h) Z(I` ) = Z I` = Z I` .
`∈L `∈L `∈L

Proof. (a) – (d) are obvious from the definitions of Z and J.

(e) By (c), Z(I) ⊆ Z(J(Z(I))) so it remains to prove the reverse containment. However,
we have that I ⊆ J(Z(I)) by (d) so then applying Z gives Z(I) ⊇ Z(J(Z(I))) by (b).
(f) is similar to (e). Here, (d) gives us J(X) ⊆ J(Z(J(X))). On the other hand, we have
X ⊆ Z(J(X)) by (c), so applying J yields J(X) ⊇ J(Z(J(X))) by (a).
(g) We get Z(I1 ) ∪ Z(I2 ) ⊆ Z(I1 ∩ I2 ) ⊆ Z(I1 I2 ) immediately from the containments
I1 ⊇ I1 ∩ I2 ⊇ I1 I2 and I2 ⊇ I1 ∩ I2 ⊇ I1 I2 , using (b). Suppose P ∈ Z(I1 I2 ) and P 6∈ Z(I1 ).
Then there is some f ∈ I1 such that f (P ) 6= 0, but for any g ∈ I2 , we have (f g)(P ) =
f (P )g(P ) = 0. Since A = k[t1 , . . . , tn ] is a domain and f (P ) 6= 0, we must have g(P ) = 0.
This shows P ∈ Z(I2 ). Hence Z(I1 ) ∪ Z(I2 ) ⊇ Z(I1 I2 ) so we have established all three
equalities. S P S
P

(h) The containments I` ⊆ `∈L I` ⊆T `∈L I` give us Z(I S ` ) ⊇
Z `∈L
P I` ⊇ Z

`∈L I`

T ` ∈ L, by (b), and therefore `∈L Z(I` ) ⊇ Z

for each `∈L I` ⊇ Z `∈L I` .PSuppose
P
P ∈ `∈L Z(I ` ). Then for every f ` ∈ I ` , f ` (P ) = 0. In particular,
P
for any fT= `∈L f` ∈
P I` , f`
(P ) = 0 for each ` so f (P ) = 0. Thus P ∈ Z
`∈L `∈L I` . This shows `∈L Z(I` ) ⊆
Z `∈L I` , so we have all three equalities.

In particular, these properties demonstrate that the algebraic subsets of An form the
closed sets of a topology on An .

Definition. The topology on An having as its closed sets all algebraic subsets of An is called
the Zariski topology on An .

In (c) and (d), we see that Z and J are not quite inverse operations.

Lemma 21.1.3. If X ⊆ An is any subset and X is the Zariski-closure of X in An , then

(a) J(X) = J(X).

(b) Z(J(X)) = X.

365
21.1. Affine and Projective Space Chapter 21. Algebraic Geometry

Proof. (a) Since X ⊆ X, we immediately get J(X) ⊇ J(X) by Lemma 21.1.2(a). On the
other hand, if f ∈ J(X), f (P ) = 0 for all P ∈ X. In other words, X ⊆ Z(f ) but Z(f ) is
closed by definition, so Z(f ) ⊇ X. Thus f ∈ J(X).
(b) X is algebraic by definition so there exists some ideal I ⊂ A such that Z(I) = X. Now
by (a), Z(J(X)) = Z(J(X)) = Z(J(Z(I))) which by Lemma 21.1.2(e) equals Z(I) = X. So
Z(J(X)) = X as required.
The key development so far is that J and Z establish a correspondence, though not always
bijective, between the ideals of A and the closed subsets of An . Hilbert’s Nullstellensatz says
that when k is algebraically closed, there is a bijective correspondence between algebraic sets
in Ank and radical ideals of A = k[t1 , . . . , tn ].
Theorem 21.1.4 (Hilbert’s Nullstellensatz). If k is algebraically closed, then J(Z(I)) = r(I)
for every ideal I ⊂ A.
Next, we introduce projective space and projective algebraic setes in a manner parallel
to the presentation of affine algebraic sets.
Definition. For n ∈ N, we define projective n-space over k to be the quotient space
Pn = Pnk = An+1 r{0}/ ∼ where (a0 , . . . , an ) ∼ (b0 , . . . , bn ) if and only if there is some λ ∈ k ∗
such that (b0 , . . . , bn ) = (λa0 , . . . , λan ). The coordinates of Pn are written [a0 , . . . , an ], called
homogeneous coordinates.
As in the affine case, for k ⊆ K ⊆ k̄ we can define Pnk (K) = {[a0 , . . . , an ] : ai ∈ K}.
Lemma 21.1.5. For any k ⊆ K ⊆ k̄, Pnk (K) = (Pnk (k̄))GK , where GK = Gal(k̄/K).
Proof. Apply Hilbert’s Theorem 90 (Theorem 17.7.5).
Definition. For a point P = [a0 , . . . , an] ∈ Pnk (k̄), the minimal field of definition for P
over k is the field k(P ) = k aa0i , . . . , aani where ai 6= 0. Alternatively, k(P ) = k̄ G(P ) where
G(P ) = {σ ∈ Gk | σ(P ) = P } ≤ Gk .
√ √ √
Example 21.1.6. The point P = ( 2, 2, 2) ∈ P3Q (Q) has minimal field of definition
Q(P ) = Q since scaling by √12 gives (1, 1, 1) ∈ A3Q .
Let S = k[t0 , . . . , tn ] be the polynomial ring in n + 1 indeterminates. Recall that S is a
graded ring with graded pieces given by total degree:
∞
M
S= Sd where Sd = {f ∈ S | deg f = d}.
d=0

An arbitrary polynomial in S does not have a well-defined vanishing set in Pn . However,

homogeneous polynomials do have vanishing sets:
Definition. For f ∈ Sd , define the zero set of f to be
Z(f ) = {P ∈ Pn | f (P ) = 0},
where f (P ) = f (p0 , . . . , pn ) if P = [p0 , . . . , pn ]. This set is well-defined, since f ∈ Sd implies
f (λa0 , . . . , λan ) = λd f (a0 , . . . , an ) for all λ ∈ k ∗ .

366
21.1. Affine and Projective Space Chapter 21. Algebraic Geometry

Set S h = ∞ of homogeneous polynomials F ⊆ S h , define the zero

S
d=0 Sd . For a collection
T
set of this collection by Z(F) = f ∈F Z(f ).

L∞ Let S = k[t0 , . . . , tn ] and suppose I ⊂ S is an ideal. Then S is homogeneous

Definition.
if I = d=0 Id where Id = I ∩ Sd for each d ∈ N0 .

Definition. Let X ⊆ Pn be any subset. The (homogeneous) vanishing ideal of X is

defined to be
J(X) = {f ∈ S h | f (P ) = 0 for all P ∈ X}.
X is called a (projective) algebraic subset if X = Z(I) for some homogeneous ideal
I ⊂ S.

Lemma 21.1.7. Let I be an ideal of S and X ⊆ Pn a subset. Then

(a) If I = (f1 , . . . , fm ) then Z(I) = m

T
i=1 Z(fi ).

(b) J(X) is a homogeneous, radical ideal of S.

Proof. Similar to the proof of Lemma 21.1.1.

As in the affine case, the sets Z(I) form the closed sets in the Zariski topology on Pn .

Theorem 21.1.8 (Hilbert’s Nullstellensatz, Projective Version). Let k be an algebraically

closed field and set S = k[t0 , . . . , tn ]. Then for any homogeneous ideal I ⊂ S,

(a) J(Z(I)) = r(I) if Z(I) 6= ∅.

(b) Z(I) = ∅ if and only if I = S or r(I) = (t0 , . . . , tn ).

Definition. A nonempty topological space X is said to be irreducible if for any two closed
subsets X1 , X2 ⊆ X such that X1 ∪ X2 = X, we have X = X1 or X = X2 .

Definition. An affine algebraic variety over k is an irreducible algebraic subset of An .

A quasi-affine variety is a nonempty, open subset of an affine variety.

Definition. A projective variety is an irreducible closed subset of Pn . A quasi-projective

variety is a nonempty, open subset of a projective variety. A quasi-projective variety is
a nonempty, open subset of a projective variety.

Definition. If X is an irreducible algebraic set in Ank (k̄) or Pnk (k̄), then X is called geo-
metrically irreducible.

Lemma 21.1.9. Let Y be a subspace of a topological space X. Then Y is irreducible if and

only if for any closed sets X1 , X2 ⊆ X such that Y ⊆ X1 ∪ X2 , we have Y ⊆ X1 or Y ⊆ X2 .

Proof. Obvious.

Lemma 21.1.10. A set X ⊆ An is irreducible if and only if J(X) is a prime ideal of A.

367
21.1. Affine and Projective Space Chapter 21. Algebraic Geometry

Proof. ( =⇒ ) Assume f, g ∈ A such that f g ∈ J(X). Then X ⊆ X(f g) = Z(f ) ∪ Z(g) by

Lemma 21.1.2(g), so we can write X = (Z(f ) ∩ X) ∪ (Z(g) ∩ X) – note that each of these
sets is closed in X. If X is irreducible, then we must have X = Z(f ) ∩ X or X = Z(g) ∩ X.
In particular, X ⊆ Z(f ) or X ⊆ Z(g), so f ∈ J(X) or g ∈ J(X). Hence J(X) is prime.
( ⇒= ) Given that J(X) is prime, suppose X ⊆ X1 ∪ X2 for two closed sets X1 , X2 ⊆
An . Then there exist ideals I1 , I2 ⊂ A such that Z(I1 ) = X1 and Z(I2 ) = X2 . By
Lemma 21.1.2(g), X ⊆ Z(I1 ) ∪ Z(I2 ) = Z(I1 I2 ) so applying J, we get J(X) ⊇ J(Z(I1 I2 )) ⊇
I1 I2 by Lemma 21.1.2(a) and (d). Since J(X) is prime, we must have J(X) ⊇ I1 or
J(X) ⊇ I2 , but then X ⊆ Z(J(X)) ⊆ Z(I1 ) = X1 or X ⊆ Z(J(X)) ⊆ Z(I2 ) = X2 .
By Lemma 21.1.9 we are done.
Definition. A subset Y of a noetherian space X is called an irreducible component of
X if Y is a maximal irreducible subspace of X.
Example 21.1.11. Consider the affine plane A2 . Take f = xy in k[x, y]. Then V(f ) is the
union of the x and y axes, each of which is an irreducible subspace of A2 :

y A2

Example 21.1.12. Take an irreducible polynomial f ∈ k[x, y]. Since k[x, y] is a UFD, (f ) is
a prime ideal so C := Z(f ) is irreducible by Lemma 21.1.10. C is called the (affine) algebraic
curve defined by f , sometimes written f (x, y) = 0. In general, an irreducible polynomial in
k[x1 , . . . , xn ] corresponds to an affine variety Y = Z(f ) ⊆ An , called an (affine) algebraic
hypersurface.
Proposition 21.1.13. If X is a nonempty S algebraic set, then it has finitely many irreducible
components X1 , . . . , Xm such that X = m
i=1 Xi .

Definition. Given a polynomial f ∈ k[t1 , . . . , tn ] of degree d, we obtain a homogeneous

form fh ∈ k[t0 , . . . , tn ] by defining
 
d x1 xn
fh (x0 , . . . , xn ) = x0 f ,..., ,
x0 x0
called the homogenization of f .
Conversely, a homogeneous polynomial F ∈ k[t0 , . . . , tn ] determines a polynomial F(i) ∈
k[t1 , . . . , tn ] for each 0 ≤ i ≤ n given by

F(i) (x1 , . . . , xn ) = F (x1 , . . . , xi−1 , 1, xi , . . . , xn ),

called the ith dehomogenization of F .

368
21.1. Affine and Projective Space Chapter 21. Algebraic Geometry

Definition. For an ideal I ⊆ k[t1 , . . . , tn ], define the homogenization of I by

Ih = {fh | f ∈ I} ⊆ k[t0 , . . . , tn ].

Likewise, for an ideal J ⊆ k[t0 , . . . , tn ], the ith dehomogenization of J is

J(i) = {F(i) | F ∈ J} ⊆ k[t1 , . . . , tn ].

Define the ith projective hyperplane

Sn by Hi = Z(ti ) ⊂ Pn for 0 ≤ i ≤ n. Set Ui = Pn r Hi ,
n n
an open set in P . Then P = i=0 Ui , that is, the complements of the coordinate hyperplanes
are an open cover of Pn .

Proposition 21.1.14. Each Ui is homeomorphic to An . That is, Pn is locally affine.

 
n a0 ai−1 ai+1 an
Proof. Define ϕi : Ui → A by ϕi [a0 , . . . , an ] = ai , . . . , ai , ai , . . . , ai . This is Zariski-
continuous and has a continuous inverse given by ψi (b1 , . . . , bn ) = [b1 , . . . , bi , 1, bi+1 , . . . , bn ].
Therefore ϕi is a Zariski-homeomorphism for each 0 ≤ i ≤ n.

Corollary 21.1.15. If Y ⊆ Pn is a projective variety, then Y = ni=0 (Y ∩ Ui ). In particu-

S
lar, every projective variety may be covered by open sets which are homeomorphic to affine
varieties in An .

For a projective algebraic set Y ⊂ Pnk , where Y = Z(J) for an ideal J ⊆ k[t0 , . . . , tn ],
we get n + 1 affine algebraic sets Yi = ϕ−1i (Y ∩ Ui ) = Z(J(i) ). These are called the deho-
mogenizations of Y . Conversely, for an affine algebraic set X ⊆ Akn , with X = Z(I), the
projective closure of X in Pnk is the Zariski closure in Pnk of ϕ0 (X), denoted X. Note that
X = Z(I(ϕ0 (X))) = Z(Ih ).

Lemma 21.1.16. The map ϕ0 |X : X → X ∩ ϕ0 (X) is a homeomorphism.

369
21.2. Morphisms of Affine Varieties Chapter 21. Algebraic Geometry

21.2 Morphisms of Affine Varieties

Definition. We call a topological space X a ringed space (over a field k) if it possesses a
sheaf of k-valued functions, that is, an assignment U 7→ OX (U ) to each open set U ⊆ X
a k-algebra OX (U ) of functions U → k, such that
S
(a) If U = α Uα for open sets Uα ⊆ X, then f ∈ OX (U ) if and only if f ∈ OX (Uα ) for
every Uα .

(b) If f ∈ OX (U ), the set D(f ) = {P ∈ U | f (P ) 6= 0} is an open set in U and

1
f
∈ OX (D(f )).
Definition. A morphism between ringed spaces is a map ϕ : X → Y such that for any
open set V ⊆ Y and regular function f ∈ OY (V ), the pullback

ϕ∗ f : x 7→ f ◦ ϕ(x)

is a regular function on ϕ−1 (V ), i.e. ϕ∗ f ∈ OX (ϕ−1 (V )).

A morphism ϕ : X → Y determines a k-algebra homomorphism ϕ∗ : OY (V ) → OX (ϕ−1 (V ))
for every open set V ⊆ Y .
Definition. An isomorphism of ringed spaces is an invertible morphism ϕ : X → Y
such that ϕ−1 is also a morphism.
Example 21.2.1. Consider the varieties X and Y defined by X = A1k (the affine line) and
Y = Z(y 2 − x3 ) ⊆ A2k . Then the map

ϕ : X −→ Y
t 7−→ (t2 , t3 )

is both invertible and a morphism, but its inverse is not a morphism so ϕ is not an isomor-
phism of ringed spaces.
Definition. For an algebraic set X ⊆ Ank , we define the coordinate ring of X to be the
quotient ring k[X] := k[t1 , . . . , tn ]/J(X). For any intermediate field k ⊆ K ⊆ k̄, if X is
defined over K we also set K[X] = K[t1 , . . . , tn ]/JK (X). The coordinate ring is defined
similarly for X ⊆ Pnk .
Proposition 21.2.2. Suppose k is algebraically closed and X is an affine variety over k.
Then
(a) OX (X) = k[X], that is, the coordinate ring of X consists of regular k-valued functions
X → k.

(b) For any f ∈ k[X] r {0}, OX (D(f )) = k[X]f , the localization of k[X] at the element
f.
Notice that by Lemma 21.1.10, X ⊆ Ank is a variety if and only if k[X] is an integral
domain.

370
21.2. Morphisms of Affine Varieties Chapter 21. Algebraic Geometry

Definition. For an affine algebraic variety X ⊆ Ank , the function field of X over k is the
fraction field k(X) := Frac k[X]. An element of k(X) is called a rational function on X.
If X is defined over some k ⊆ K ⊆ k̄, then the field K(X) := Frac K[X] is called the field
of K-rational functions on X.

Lemma 21.2.3. For any tower k ⊆ K ⊆ k̄ over which X is defined, K[X] = k̄[X]GK and
K(X) = k̄(X)GK .

Remark. Let X be an algebraic variety. By Hilbert’s Nullstellensatz, there are one-to-one

correspondences
 
closed subvarieties
←→ Spec k̄[X]
Y ⊆X
Y 7−→ I(Y )
Z(p) →−7 p
{points P ∈ X} ←→ MaxSpec k̄[X]
P 7−→ mP := {f ∈ k̄[X] | f (P ) = 0}.

For any field k we call elements of MaxSpec k[X] the closed points of X over k.

Theorem 21.2.4. The closed points of X over a field k are in bijective correspondence with
the orbits of Gk on MaxSpec k̄[X].

Example 21.2.5. Let X ⊆ A1Q be the algebraic variety defined by the irreducible polynomial
√
f = x3701 − 2. Then Q[X] = Q[x]/(x3701 − 2) ∼
= Q(
3701
2) is a field, so MaxSpec Q[X] consists
of a single point. On the other hand, MaxSpec Q[X] contains 3701 points.

Fix a variety X over k. The embedding i : k[X] ,→ k̄[X] induces a map on maximal
ideals
i∗ : MaxSpec k̄[X] −→ MaxSpec k[X]
with the following properties:

ˆ For every maximal ideal m ∈ MaxSpec k[X], the fibre α(m) := (i∗ )−1 (m) is finite and
nonempty.

ˆ The absolute Galois group Gk acts transitively on each fibre α(m), and

MaxSpec k[X] = (MaxSpec k̄[X])/Gk .

In other words, we can view i∗ as a covering space.

ˆ If k is a perfect field, #α(m) = [k(P ) : k] for any point P ∈ α(m).

ˆ The k-points of X are in correspondence with the orbits of size one of this action.

ˆ Elements of MaxSpec k[X] are called irreducible 1-cycles. For curves, these irreducible
1-cycles are also called irreducible divisors.

371
21.2. Morphisms of Affine Varieties Chapter 21. Algebraic Geometry

Let X/k̄ be an affine algebraic set. Then X is a ringed space whose structure sheaf
OX : U 7→ OX (U ) is defined on open sets U ⊆ X by
 there exists a cover U = Uα such that f |Uα = gα
  S 
OX (U ) = f : U → k̄  hα
for gα , hα ∈ k̄[X] with hα (P ) 6= 0 for all P ∈ Uα

Proposition 21.2.6. Let X be an affine algebraic set defined over k̄. Then
(a) OX (X) = k̄[X].
h i
1
(b) For any f ∈ k̄[X], OX (D(f )) = k̄[X]f = k̄[X] f
, the localization of k̄[X] at powers
of f .
(c) For any prime ideal p ⊆ k̄[X], OX (X r Z(p)) = k̄[X]p .
Definition. For a point P ∈ X, the local ring of X at P is
n o
OX,P = fg : f, g ∈ k̄x, g(P ) 6= 0 .

Remark. For any P ∈ X, the local ring at P can alternatively be characterized by a

localization or a direct limit:
OX,P = k̄[X]mP = lim OX (U ).
−→
U 3P

Then indeed OX,P is a local ring with maximal ideal mP k̄[X]mP ; by abuse of notation, we
will also denote this maximal ideal by mP . Also note that the residue field κ(P ) := OX,P /mP
is isomorphic to k̄. We will prove that when X is a curve,
\
k̄[X] = OX,P .
P ∈X

We can now define morphisms between affine varieties.

Definition. A morphism of affine varieties is a map ϕ : X → Y that is a morphism of
ringed spaces, that is, for any open set V ⊆ Y and regular function f ∈ OY (V ), the pullback
ϕ∗ f is a regular function in OX (ϕ−1 (V )). Such a map is also sometimes called regular.
There is a more useful equivalent definition that we introduce now. Suppose X ⊆ An with
k[X] = k[t1 , . . . , tn ]/J(X) and Y ⊆ Am with k[Y ] = k[t1 , . . . , tm ]/J(Y ). Then a morphism
of varieties ϕ : X → Y induces a k-algebra homomorphism
ϕ∗ : k[Y ] −→ k[X].
For each 1 ≤ j ≤ m, we get ϕj := ϕ∗ (tj ) ∈ k[t1 , . . . , tn ]/J(X) so we can view ϕj as a
polynomial in t1 , . . . , tn .
Lemma 21.2.7. A morphism ϕ : X → Y is given by polynomials
ϕ(P ) = (ϕ1 (P ), . . . , ϕm (P )) for P ∈ X,
where ϕ1 , . . . , ϕm ∈ k[t1 , . . . , tn ] such that f (ϕ1 , . . . , ϕm ) ≡ 0 for any f ∈ J(Y ).

372
21.2. Morphisms of Affine Varieties Chapter 21. Algebraic Geometry

Remark. Suppose k ⊆ K ⊆ k̄ and X and Y are defined over K. If ϕ = (ϕ1 , . . . , ϕm ) : X →

Y is a morphism such that each ϕi ∈ K[t1 , . . . , tn ], we say the morphism is defined over K. In
particular, any ϕ : X → Y induces a morphism of K-rational points, ϕK : X(K) → Y (K),
that is defined over K.
Theorem 21.2.8. For any affine varieties X and Y , there is an isomorphism
HomAffk (X, Y ) ∼
= Homk-alg (k̄[Y ], k̄[X]).
In particular, there is an equivalence of categories between Affk , the affine varieties over k
together with variety morphisms, and (k-alg)op , the opposite category of finitely generated
k-algebras together with k-algebra homomorphisms.
Definition. A rational map between affine varieties over a field k is a partial morphism
ϕ : X 99K Y consisting of a pair of open sets U ⊆ X and V ⊆ Y and a morphism of
quasi-affine varieties U → Y .
By Lemma 21.2.7, a rational map ϕ : X 99K Y is given by polynomials ϕ = (ϕ1 , . . . , ϕm ) :
A → Am such that ϕi ∈ OX (U ) for each 1 ≤ i ≤ m. A rational map ϕ defines a homomor-
n

phism of k-algebras
ϕ∗ : k[Y ] −→ k(X)
f 7−→ f ◦ ϕ.
Note that if ϕ(U ) is dense in Y , the induced homomorphism extends to an inclusion of
function fields:
ϕ∗ : k(Y ) ,−→ k(X)
f ϕ∗ (f )
7−→ ∗ .
g ϕ (g)
This property is so important that such morphisms are given a name.
Definition. A morphism ϕ : X → Y is said to be dominant if ϕ(X) is dense in Y .
Definition. Let X and Y be affine varieties over k. If there exists a rational ϕ : X 99K Y
which has a rational inverse, that is a rational map ψ : Y 99K X such that ϕ ◦ ψ and ψ ◦ ϕ
are equal to the identity where they are defined, then X and Y are said to be birationally
equivalent over k.
Lemma 21.2.9. X and Y are birationally equivalent over k if and only if k(X) ∼
= k(Y ) as
k-algebras.
A major area of interest in algebraic geometry is the classification of varieties up to
birational equivalence. For curves, there is a canonical invariant called the genus which
completely classifices curves up to birational equivalence over the algebraic closure k̄ of a
field k.
Definition. A rational variety is a variety X over k which is birationally equivalent to
An for some n.

373
21.3. Morphisms of Projective Varieties Chapter 21. Algebraic Geometry

21.3 Morphisms of Projective Varieties

Using the affine patches Ui as charts on Pn , we can define regular functions and morphisms
on projective varieties as follows. Let Ui be the ith affine patch of projective n-space, as
defined at the end of Section 21.1.
Definition. A function on X ⊆ Pnk is regular if it pulls back along Ui ,→ Pnk (i.e. restricts)
to a regular function on each affine patch Xi = Ui ∩ X.
Definition. Let X ⊆ Pnk be a projective variety. A rational function on X is an equiva-
lence class of quotients of homogeneous forms of the same degree,
F (x0 , . . . , xn )
f=
G(x0 , . . . , xn )
F1 F2
for F, G ∈ k[t0 , . . . , tn ], G 6∈ J(X), where we say f = G1
and g = G2
are equivalent if
F1 G2 − F2 G1 ∈ J(X).
Definition. The function field of X ⊆ Pnk is the set of rational functions on X, denoted
k(X).
Lemma 21.3.1. For each affine patch Xi = X ∩ Ui , k(X) ∼
= k(Xi ) as k-algebras.
In particular, if Y ⊆ Ank is an affine variety, then k(Y ) ∼
= k(Y ), where Y is the projective
closure of Y .
F
Definition. A function f ∈ k(X) is regular at a point P ∈ X if f can be written f = G
for homogeneous forms F, G ∈ k[t0 , . . . , tn ] such that G(P ) 6= 0.
Proposition 21.3.2. A projective variety X ⊆ Pnk is a ringed space with structure sheaf
OX : U 7→ OX (U ) defined on open sets U ⊆ X by

OX (U ) = {f ∈ k(X) | f is regular at P for all P ∈ U }.

We can now define morphisms between projective varieties using this ringed space struc-
ture.
Definition. A morphism of (quasi-)projective varieties is a map ϕ : X → Y that is a
morphism of the ringed spaces.
The definition of rational maps between affine varieties extends to projective varieties in
the following way.
Definition. For projective varieties X ⊆ Pnk and Y ⊆ Pm k , a rational map ϕ : X 99K Y is
a pair of open sets U ⊆ X and V ⊆ Y and a morphism ϕ = (ϕ0 , . . . , ϕm ) : U → V , such
that each ϕi ∈ k[t0 , . . . , tm ] is a homogeneous polynomial, ϕ(P ) ∈ Y for each P ∈ X and
some ϕi 6∈ J(X).
Definition. A map ϕ : X → Y is regular at a point P ∈ X if at least one ϕi (P ) 6= 0.
We say ϕ is a regular map if it is regular at every P ∈ X.

374
21.3. Morphisms of Projective Varieties Chapter 21. Algebraic Geometry

Lemma 21.3.3. A map ϕ : X → Y is regular if and only if it is a morphism of varieties.

Note that a quasi-projective set with the Zariski topology is not Hausdorff in general.
Indeed, if X is irreducible, then any nonempty open set is dense. Thus we need a notion to
replace the Hausdorff condition for algebraic sets.

Proposition 21.3.4. A quasi-projective set is T1.

Proof. If P = [α0 , . . . , αn ] ∈ X is a point then P = Z((αi tj − αj ti )i,j ) = Z(mP ). Thus points

are closed in the Zariski topology.

Corollary 21.3.5. If U ⊆ X is open, P, Q ∈ X and f (P ) = f (Q) for all f ∈ OX (U ), then

P = Q.

Corollary 21.3.6. Let X and Y be quasi-projective sets and ϕ, ψ : X → Y two morphisms.

Then if the set Uϕ,ψ := {P ∈ X | ϕ(P ) = ψ(P )} contains an open dense set, we have ϕ = ψ.

Definition. For a function f ∈ k[X], define the principal open subset of f by D(f ) :=
{P ∈ X | f (P ) 6= 0}.

Lemma 21.3.7. If X is a quasi-projective variety, then the collection {D(f ) | f ∈ k[X]} is

a basis for the Zariski topology on X.

375
21.4. Products of Varieties Chapter 21. Algebraic Geometry

21.4 Products of Varieties

Consider two ringed spaces X and Y . We may take their set-theoretic product X × Y and,
if each space is a topological space, endow X × Y with the product topology. Unfortunately,
in the category of algebraic varieties, this operation does not preserve the structure of two
varieties X and Y ; that is, the product topology arising from the spaces’ Zariski topologies
does not suffice to do algebraic geometry.
Instead, consider the projections πX : X × Y → X and πY : X × Y → Y . For any ringed
space Z, we must have a bijection

Hom(Z, X × Y ) ←→ Hom(Z, X) × Hom(Z, Y )

ϕ 7−→ (ϕ ◦ πX , ϕ ◦ πY ).

We thus make X × Y into a ringed space with OX×Y (U × V ) defined for all open sets
U ⊆ X, V ⊆ Y by stipulating that anything of the form
X
∗
f= (πX gi )(πY∗ hi ), for gi ∈ OX (U ) and hi ∈ OY (V ),
∗
is regular on U × V . If g ∈ OX (U ), we must have πX g ∈ OX×Y (U × V ) and likewise, if
∗
h ∈ OY (V ), then πY h ∈ OX×Y (U × V ). Thus for such an f as above, D(f ) is an open subset
of X × Y that would not be open in the usual product topology.
Example 21.4.1. Under the above description of products of affine varieties, An × Am ∼
=
n+m 2
A for any n, m ∈ N. Note that even for n = m = 1, the Zariski topology on A is not
equivalent to the product topology on A1 × A1 .
Lemma 21.4.2. If X and Y are affine varieties, then
(a) X × Y is an affine variety.

(b) k[X × Y ] = k[X] ⊗k k[Y ].

To define products of projective varieties requires a little more care.
Proposition 21.4.3 (Segre Embedding). For any n, m ∈ N, there is an embedding

σn,m : Pn × Pm −→ P(n+1)(m+1)−1
([x0 , . . . , xn ], [y0 , . . . , ym ]) 7−→ [xi yj ]i,j

such that the image Σn,m := σn,m (Pn × Pm ) has the structure of an algebraic subset that
coincides with the Zariski topology of the product Pn × Pm .
Proof. (Sketch) Viewing P(n+1)(m+1)−1 as a space of (n + 1) × (m + 1) matrices, we have that

Σn,m = {[zij ]i,j | all 2 × 2 minors of (zij ) vanish}.

Then clearly Σn,m = Z((zij zk` − zkj zi` )i,j,k,` ), so Σn,m is an algebraic set. The fact that σn,m
is a bijection is obvious. One can now verify that the induced topology corresponds to the
topology on Pn × Pm .

376
21.4. Products of Varieties Chapter 21. Algebraic Geometry

Definition. Let V be a vector space over k. The set of lines, i.e. 1-dimensional subspaces,
of V is called the projective space over V , denoted P(V ).

Example 21.4.4. If V = k n is finite dimensional, then P(V ) can be identified with Pnk .

Lemma 21.4.5. If V and W are k-vector spaces, then P(V ) × P(W ) ∼

= P(V ⊗k W ).
Now if X ⊆ Pn and Y ⊆ Pm are projective algebraic sets, we can realize X × Y as a
subset of P(n+1)(m+1)−1 by identifying it with the embedded image σn,m (X × Y ). Setting

OX×Y (U × V ) := OP(n+1)(m+1)−1 (σn,m (U × V ))

gives X × Y the structure of a ringed space which coincides with the previous description of
the product of two varieties.

Proposition 21.4.6. Subvarieties of Pn × Pm are zero sets of polynomials of the form

G(x0 , . . . , xn , y0 , . . . , ym ),

where G is homogeneous in the xi of degree d and homogeneous in the yj of degree e.

Proof. Without loss of generality, suppose d ≥ e. Then G(x0 , . . . , ym ) = 0 if and only if

yid−e G(x0 , . . . , ym ) = 0 and the latter polynomial is homogeneous of a single degree. Viewing
Pn × Pm as the embedded image Σn,m ⊆ P(n+1)(m+1)−1 gives the result.

Example 21.4.7. Consider the Segre embedding P1k × P1k ,→ P3k and set Q = Σ1,1 =
Z(z00 z11 − z01 z10 ). The polynomial z00 z11 − z01 z10 is called a quadric and the embedded
image Q is called a quadric surface. For each α, β ∈ P1k , one gets lines on the quadric surface
realized by {α} × P1k ,→ Q and P1k × {β} ,→ Q. Note that lines of these forms cover Q, for
which reason Q is called a ruled surface.

377
21.5. Blowing Up Chapter 21. Algebraic Geometry

21.5 Blowing Up
We now have a working notion of products of varieties, so consider the space An × Pn−1 .
Coordinates in this space are (P, [`]), where P ∈ An is a point and [`] ∈ Pn−1 is the class of
some line through the origin ` in An . Consider the set B ⊆ An × Pn−1 defined by

B = {(P, [`]) | P ∈ `}.

Then B is an algebraic subset: B = Z((xi yj − xj yi )i,j ) if An = {(x1 , . . . , xn )} and Pn−1 =

{[Y1 , . . . , Yn ]}.
In dimension n = 2, notice that for any point P = (u, v) and line [`] = [α, β], we have
u α
P ∈ ` ⇐⇒ = ⇐⇒ uβ − vα = 0.
v β

This explains why we can write B = Z(x1 Y2 − x2 Y1 ) ⊆ A2 × P1 .

Now let π : An × Pn−1 → An be the canonical projection. If P 6= 0 in An , then π −1 (P ) =
(P, [`P ]) is defined, where `P is the unique line through the origin containing P . Therefore
π is an isomorphism on an open subset of B:

π : B r {(P, [`]) | P = 0} −→ An r {0}.

On the other hand, if P = 0, the set π −1 (0) = {(0, [`]) ∈ An × Pn−1 } is isomorphic to Pn−1 .
In the dimension 2 case, B is covered by the following affine patches:

U1 = {((x, y), [Y1 , Y2 ]) | Y1 6= 0} ∩ B and U2 = {((x, y), [Y1 , Y2 ]) | Y2 6= 0} ∩ B

On U1 , set t = YY12 so that in local coordinates (x, y, t), U1 = Z(xt − y) ∼

= A2 . Likewise, for
U2 , set s = YY21 so that in the coordinates (x, y, s), U2 = Z(x − ys) ∼
= A2 . Thus we see that
each affine patch Ui is a quadric surface. Effectively, we have replace a point (0, 0) in A2 with
a copy of P1 so that every line through the origin in A2 , all of which are indistinguishable in
P1 to begin with, now corresponds to a unique line on one of the affine quadric surfaces.

Definition. The set B is called the blowup of An at the point 0, denoted B = Bl0 An . The
set E0 An := π −1 (0) ∼
= Pn−1 is called the exceptional divisor of the blowup.

Definition. Let X ⊆ An be an affine variety and π : An × Pn−1 → An the canonical

projection. The pullback π −1 (X) is called the total transform of X, while the proper (or
strict) transform of X is defined as

Bl0 X := π −1 (X r {0}).

As the notation suggests, this set is also called the blowup of X at 0. The set

E0 X := Bl0 X ∩ E0 An

is called the exceptional divisor of the blowup of X.

378
21.5. Blowing Up Chapter 21. Algebraic Geometry

Remark. More generally, for any subvariety Z ⊆ X, one can define the blowup of X along
Z, a variety BlZ X that is birationally equivalent to X, such that Z is a codimension 1
subvariety of BlZ X.

Example 21.5.1. Consider the plane curve X = Z(y 2 − x2 (x + 1)) ⊆ A2 .

Note that this variety has a singularity at the point (0, 0). Using the blowup of A2 defined
above, Bl0 A2 , we can blowup X to ‘remove the singularity’ at 0. Let U1 be the first affine
patch and ϕ : U1 → A2 the standard isomorphism. We make the substitution y = xt, so
that ϕ(π −1 (X)) = Z(x2 (t2 − x − 1)). The x2 factor of this polynomial corresponds to the
exceptional divisor E0 X under this blowup, so the proper transform of X at 0 looks like

ϕ(Bl0 (X)) = Z(t2 − x − 1)

on the affine patch U1 . Note also that

E0 X = Bl0 X ∩ E0 A2 = Z(t2 − x − 1) ∩ Z(x) = Z(t2 − 1) = {±1},

so the exceptional set of X consists of two points.

Lemma 21.5.2. The projection π : Bl0 X 99K X is a birational equivalence.

Blowing up allows us to replace singular curves (or more generally, varieties) with non-
singular curves by a sequence of blowups, such that in each step the birational equivalence
class of the curve is preserved. The problem of finding such a nonsingular blowup is known
as resolution of singularities. Much progress has been made on this problem (e.g. Hironaka’s
theorem says that nonsingular blowups exist for any finite dimensional variety over a field
of characteristic zero), but there is still much to be done (e.g. in finite characteristic cases).

379
21.6. Dimension of Varieties Chapter 21. Algebraic Geometry

21.6 Dimension of Varieties

In this section we explore various notions of dimension in commutative algebra and geometry
and see how they coincide for algebraic varieties.

Definition. If X is a topological space, the dimension of X is defined by

  
there exists a chain of closed, irreducible subsets
dim X = sup ` ∈ N0  .
Y0 ( Y1 ( · · · ( Y` with Yi ⊆ X

On the algebraic side, we have a similar notion of dimension due to Krull.

Definition. If A is a ring and p ⊂ A is prime, the height of p is defined as

ht(p) = sup{` ≥ 0 | there is a chain of prime ideals p0 ( p1 ( · · · ( p`−1 ( p}.

The Krull dimension of A is then defined by

dim A = sup{ht(p) | p ⊂ A is prime}.

Proposition 21.6.1. Let X ⊆ Ank be an affine variety. Then

(a) dim X ≤ dim k[X].

(b) If k is algebraically closed, then dim X = dim k[X].

Proof. (a) If Y0 ( Y1 ( · · · ( Y` is a chain of closed, irreducible subsets of X, then J(X0 ) )

J(Y1 ) ) · · · ) J(Y` ) is a chain of prime ideals in k[X], by Lemma 21.1.10. (The inclusions are
strict since Z(J(Yi )) = Yi for each 0 ≤ i ≤ `, by Lemma 21.1.3(b).) Thus dim X ≤ dim k[X].
(b) Assume k is algebraically closed and let p0 ( p1 ( · · · ( pm be a strictly ascending
chain of prime ideals in k[X]. For each i, pi = p0i /J(X) for some prime ideal p0i ⊂ A =
k[t1 , . . . , tn ] containing J(X). Thus by Hilbert’s Nullstellensatz, J(Z(p0i )) = p0i for each i,
which gives us
Z(p00 ) ) Z(p01 ) ) · · · ) Z(p0m ),
a strictly descending chain of affine subsets of An . Since each p0i contains J(X), this is a
chain of closed, irreducible subsets of X. Hence dim k[X] ≤ dim X so we have equality.

Corollary 21.6.2. Suppose k is algebraically closed and X ⊆ An is an affine variety. Then

dim X = tr degk k(X), the transcendence degree of the function field of X.

Proof. It is well known from commutative algebra that dim k[X] = tr degk k(X). Apply
Proposition 21.6.1.

Proposition 21.6.3. For an affine variety X with projective closure X, k(X) = k(X).

We extend the notion of dimension to projective and quasi-projective varieties by using

the transcendence degree definition. Proposition 21.6.3 says that this definition agrees with
the topological definition of dimension.

380
21.6. Dimension of Varieties Chapter 21. Algebraic Geometry

Definition. For any quasi-projective variety X, the dimension of X is defined by

dim X := tr degk k(X).

The following is a classic result due to Krull, which is proven by an algebraic statement
about height of prime ideals in k[t1 , . . . , tn ].

Theorem 21.6.4 (Krull’s Hauptidealsatz). Suppose k is algebraically closed. Then

(a) If I = (f1 , . . . , fs ) is an ideal of A = k[t1 , . . . , tn ], then dim Z(I) ≥ n − s.

(b) If X ⊆ An is any algebraic subset with irreducible components X1 , . . . , Xm ⊆ X, then

dim Xi = n − 1 for all 1 ≤ i ≤ m if and only if there exists an f ∈ A r k with
X = Z(f ).

Corollary 21.6.5. A variety X ⊆ Ank̄ has codimension 1 if and only if X = Z(f ) for a
nonconstant, irreducible polynomial f ∈ k[t1 , . . . , tn ].

Example 21.6.6. For affine space, dim Ank̄ = dim k̄[t1 , . . . , tn ] = n.

Example 21.6.7. If f ∈ k[x, y] is an irreducible polynomial, then Corollary 21.6.5 says

dim Z(f ) = 1. This gives meaning to the name curve for zero sets of irreducible polynomials
in A2 : they are the codimension 1 subvarieties, as we would like.

Corollary 21.6.8. If X is an affine variety with dimension n and r ≤ n, then any polyno-
mials f1 , . . . , fr ∈ k[X] have a common zero.

Corollary 21.6.9. In P2 , for any forms F and G defining curves C1 = Z(F ) and C2 =
Z(G), we have C1 ∩ C2 6= ∅.

381
21.7. Complete Varieties Chapter 21. Algebraic Geometry

21.7 Complete Varieties

Definition. A variety X is complete if for any variety Y , the projection map X × Y →
Y, (x, y) 7→ y, is a closed map.
Proposition 21.7.1. Let X be a complete variety. Then
(1) Any closed subvariety of X is complete.

(2) If Y is complete then X × Y is also complete.

(3) For every morphism ϕ : X → Y , ϕ(X) is closed in Y and complete.

(4) If X ⊆ Y as a subvariety, then X is closed.

Proof. (1) Let X 0 ⊆ X be a closed subvariety and Y any variety, and consider π 0 : X 0 × Y →
Y . Suppose Z ⊆ X 0 × Y is a closed subset. In general {x0 } × Y is closed in X × Y so the
diagram
i
Z ⊆ X0 × Y X ×Y

π0 π

commutes and thus the image of Z is closed.

(2) Assume Y is complete and let Z be an arbitrary variety. We can factor the map
X × Y × Z → Z as
X ×Y ×Z →Y ×Z →Z
but both of these maps are closed since X and Y are each complete. The composition of
closed maps is closed, so X × Y is complete.
(3) Let Γ = {(x, ϕ(x)) | x ∈ X} ⊆ X × Y be the graph of ϕ.. Then Γ is closed, so ϕ(X)
is the projection of Γ = X × ϕ(X) onto Y , and since X is complete, ϕ(X) is closed. For
completeness, use (1).
(4) follows from applying (3) to the inclusion i : X → Y .
Theorem 21.7.2. Every projective variety is complete.
Proof. We proved that every closed subvariety of a complete variety is complete, so it suffices
to prove Pn is complete for all n ≥ 1. In other words we will show that if π : Pn × Y → Y
is the projection map and C ⊂ Pn × Y is closed then π(C) ⊆ Y is closed. Set A = k[Y ] and
B = A[T0 , T1 , . . . , Tn ]. Then B is a ring of k-valued functions on k n+1 × Y . For every proper
homogeneous ideal I ⊂ B, define

Z ∗ (I) = {(x∗ , y) | f (x, y) = 0 for all f ∈ I} ⊆ Pn × Y.

Then the Z ∗ (I) are the closed subsets of Pn × Y so it suffices to prove π(Z ∗ (I)) is closed for
all proper homogeneous ideals I ⊂ B. We may assume Z ∗ (I) is irreducible, i.e. I is prime.

382
21.7. Complete Varieties Chapter 21. Algebraic Geometry

We may also assume π|Z ∗ (I) is dominant (changing the target to π(Z ∗ (I)) if necessary). Then
we must show for every y ∈ Y , there exists x∗ ∈ Pn so that (x∗ , y) ∈ Z ∗ (I), since then we
will have π(Z ∗ (I)) = π(Z ∗ (I)).
Take M ⊂ A to be the maximal ideal that vanishes at y. Then J = M B + I is a
homogeneous ideal so Z ∗ (J) is defined, and if we show Z ∗ (J) is nonempty, we’ll be done.
Assume to the contrary that Z ∗ (J) = ∅. Then there is a k > 0 such that Tik ∈ J for each Ti .
Equivalently, there is an m > 0 so that Bm , the set of all degree m homogeneous polynomials
in B, is contained in J. Set N = Bm /(Bm ∩ I). This is a finitely generated A-module in the
obvious way. Moreover, notice that M N = N . Then by Nakayama’s Lemma, this implies
N = 0. But then Bm = Bm ∩ I so it follows that Z ∗ (I) = ∅, which is impossible for a proper
ideal I ⊂ B. Hence Z ∗ (J) 6= ∅ so the theorem is proved.

Example 21.7.3. Consider the variety X = Z(xy − 1) ⊆ A2 . Then under the projection
A2 → A1 , the image of X is A1 r {0} which is not a closed set, so X is not complete. We
will see below that affine varieties are not complete in general.

Corollary 21.7.4. Let X be a connected complete variety. Then OX (X) = k. That is,
every regular k-valued function on X is constant.

Proof. Take f ∈ OX (X). Then f is a map f : X → k = A1 . Extend this to a map

g : X → A1 ,→ P1 ,

so g is not surjective onto P1 . By completeness of X, g(X) is closed in P1 , but the only

proper closed subsets of P1 are point-sets. Since X is connected, we must have g(X) = {x0 },
or in other words, g is constant. This implies f is constant.
This fact is analagous to the theorem in complex analysis that every holomorphic function
on a connected compact domain is constant.

Corollary 21.7.5. Let X be a projective variety. Then any morphism X → Y into an

irreducible, projective curve Y is either surjective or constant.

Corollary 21.7.6. Nontrivial affine varieties are not projective.

Proof. Let X be an affine variety of dimension at least 1. View X as a proper subset of affine
n-space An , which has coordinate algebra k[T1 , . . . , Tn ]. Then some coordinate function Ti
does not vanish on X, so Ti ∈ OX (X) is a nonconstant regular function on X.

383
21.8. Tangent Space Chapter 21. Algebraic Geometry

21.8 Tangent Space

Suppose k is algebraically closed and X ⊆ AN is an affine variety over k. For a point
P = (α1 , . . . , αN ) ∈ X, take a line through P , Lα = {αt + P | t ∈ k} for some α ∈ k N r {0}.
Then if J(X) = (f1 , . . . , fm ), we see that X ∩Lα = Z(g1 , . . . , gm ), where gi (t) = fi (αt) ∈ k[t].
For Lα to be tangent to X at P , we need these gi to vanish ‘to a higher multiplicity’, as in
complex analysis.

Lα
P

Definition. If L is a line and P ∈ X ∩ L, the multiplicity of X ∩ L at P is defined to be

the multiplicity of t = 0 as a root of the polynomial

fα (t) := gcd(f1 (αt), . . . , fm (αt)).

(Formally, we say that the multiplicity of any t as a root of the zero polynomial is ∞.) Then
L is tangent to X at P if the multiplicity of X ∩ L at P is at least 2.

Definition. The tangent space to X at P is a linear subspace TP X of AN consisting of

all lines through the origin Lα = {αt | t ∈ k} such that the affine line LPα = {αt + P | t ∈ k}
is tangent to X at P .

Proposition 21.8.1. For any P ∈ X, TP X is a well-defined vector subspace of AN .

Proof. If J(X) = (f1 , . . . , fm ), write

∞
X (`)
fi = fi
`=1

(`) (0)
where fi is the homogeneous part of fi of degree `. If P ∈ X, then fi (P ) = 0. Thus
(1) (2) (1)
fi (αt) = tfi (α) + t2 fi (α) + . . . This shows that Lα ⊆ TP X if and only if fi (α) which is
a linear condition. Thus TP X is a linear subspace of AN as claimed.
Examples.

1 For any P ∈ AN , TP AN = AN .

384
21.8. Tangent Space Chapter 21. Algebraic Geometry

2 If X = Z(f ) ⊆ AN is a hypersurface defined by an irreducible polynomial f ∈

k[t1 , . . . , tN ], then for any P ∈ X, TP X = Z(f (1) ). Notice that
N
(1)
X ∂f
f (t1 , . . . , tN ) = (ti − αi )
i=1
∂ti
 
∂f
so it is immediate that TP X is equal to the kernel of the 1 × N matrix ∂xj
.
1≤j≤N
We see once again that TP X is a vector
 space since it is the kernel of a linear map. In
∂f
particular, dim TP X = N − rank ∂tj .
 
∂fi
3 More generally, if J(X) = (f1 , . . . , fm ), then ∂tj
is an m × N matrix and
 
∂fi
TP X = ker .
∂tj
 
∂fi
This shows that dim TP X = N − rank ∂tj
.

We can use this notion of tangency to formalize the property of “singularity” at a point
of a variety.

Definition. For an affine variety X, write sX = min{dim TP X | P ∈ X}. Then a point

P ∈ X is nonsingular (or, X is nonsingular at P ) if dim TP X = sX . Otherwise, P is said
to be singular.

Proposition 21.8.2. The subset Sing X = {P ∈ X | P is singular} is a proper, Zariski-

closed subset of X. In particular, X has a dense, open subset of nonsingular points.

TP X= ` is equivalent to the nonvanishing of the (N − `) ×

Proof. The condition that dim 
∂fi
(N − `) minors of the matrix ∂x j
. These minors are polynomials over k, so their zero
locus, Sing X, is closed.
The next theorem connects the dimension of the tangent space to the topological dimen-
sion of the space X. By Proposition 21.6.1, this also relates the dimension of the tangent
space to the Krull dimension of the coordinate ring of X.

Theorem 21.8.3. If P ∈ X is a nonsingular point of an affine variety X, then dim TP X =

dim X.

Proof. Let ϕ : X → Y be an isomorphism of varieties. This determines an isomorphism of

vector spaces TP X → Tϕ(P ) Y . By the proof of Proposition 21.8.2, dim TP X = ` is an open
condition, so it suffices to consider any variety that is birationally equivalent to X. It is
a general fact that any affine variety is birationally equivalent to a hypersurface; thus we
may assume X ⊆ AN is a hypersurface, with J(X) = (f ) for some irreducible polynomial
f ∈ k[t1 , . . . , tN ].

385
21.8. Tangent Space Chapter 21. Algebraic Geometry

We need to show that sX = dim X = N − 1. Note that

N
!
X ∂f
TP X = Z (P )(xi − αi ) .
i=1
∂x i

Since X is a hypersurface, dim TP X ≥ N − 1. However, the only way for us to have

∂f
dim TP X = N is if each partial derivative ∂x i
is identically zero on X. If char k = 0, this
is only true for f = 0 so we are done. If char k = p > 0, the above condition holds if and
only if f = g(xp1 , . . . , xpN ) = [g(x1 ), . . . , xN )]p for some g ∈ k[t1 , . . . , tN ]. But J(X) is radical,
which implies g ∈ J(X), so (f ) 6= J(X). This a contradiction of course, so in all cases,
dim TP X = N − 1. as required.

Definition. Let f ∈ k[t1 , . . . , tN ] and P = (α1 , . . . , αN ) ∈ AN . The linear term in the

homogeneous expansion of f at P ,
N
X ∂f
dP f := (P )(xi − αi ),
i=1
∂x i

is called the differential of f at P .

Lemma 21.8.4. For any P ∈ AN , the differential dP is a derivation:

(a) dP (f + g) = dP f + dP g.

(b) dP (f g) = (dP f )g + f (dP g).

Corollary 21.8.5. If X ⊆ AN is a variety with J(X) = (f1 , . . . , fm ) and P ∈ X, then

TP X = Z(dP f1 , . . . , dP fm ).

Remark. For g ∈ k[X], we can represent g by a form G ∈ k[t1 , . . . , tN ], so that g = G+J(X).

Set dP g := dP G. This is only well-defined up to elements of the form dP f for f ∈ J(X).
Thus, if G0 = G + f for f ∈ J(X), then dP G0 = dP G + dP f but since TP X = Z(f1 , . . . , fm )
and f ∈ (f1 , . . . , fm ), the differential of f disappears. Thus we can define dP g by

dP g = dP G|TP X

for any lift G ∈ k[t1 , . . . , tN ] such that g = G + J(X).

The differential dP induces a map into the dual of the tangent space:

k[X] −→ (TP X)∗

g 7−→ dP G where g = G + J(X).

Theorem 21.8.6. Let X ⊆ AN be an affine variety and P ∈ X. Then the differential dP

induces an isomorphism mP /m2P → (TP X)∗ .

386
21.8. Tangent Space Chapter 21. Algebraic Geometry

Proof. Restricting dP to mP gives a map dP : mP → (TP X)∗ , which is linear since dP is a

derivation. Now any linear form λ on TP X is induced by a linear function ` on AN with
`(P ) = 0. Then dP ` = λ, so dP is surjective.
Next, suppose g ∈ mP withP G ∈ k[t1 , . . . , tN ] with G|X = g. Then
dP g = 0 and take a liftP
0 = dP g = dP G|TP X , so if g = i=1 ai fi then dP G = m
m
i=1 ai dP fi . Then

m
X
0
G := G − ai f i
i=1

has no linear term by construction and thus G0 ∈ (t1 − α1 , . . . , tN − αN ). On the other hand,
G0 |X = G|X = g so if G0 ∈ (t1 − α1 , . . . , tN − αN )2 then we must have g ∈ m2P . This shows
that ker dP ⊆ m2P . The reverse inclusion is shown similarly, so by the first isomorphism
theorem, mP /m2P ∼= (TP X)∗ .
Corollary 21.8.7. For any affine variety X over an algebraically closed field k, dim X =
dimk mP /m2P for any nonsingular point P ∈ X.

Proof. Apply Theorems 21.8.3 and 21.8.6.

Definition. The vector space mP /m2P is called the cotangent space to X at P . It is the
dual of the tangent space by Theorem 21.8.6.

Definition. If ϕ : X → Y is a morphism of varieties, the induced map ϕ∗ : k[Y ] → k[X]

determines a linear map mϕ(P ) /m2ϕ(P ) → mP /m2P . The dual of this map,

dP ϕ : TP X −→ Tϕ(P ) Y,

is called the differential of ϕ at P ∈ X.

Theorem 21.8.8. If ϕ : X → Y is an isomorphism of varieties, then the differential

dP ϕ : TP X → Tϕ(P ) Y is a linear isomorphism for all P ∈ X.

Remark. The above description shows that TP X is an ‘intrinsic object’ to X; that is, it
only depends on the isomorphism class of X. The next result says that the tangent space is
also a local object.

Theorem 21.8.9. For any P ∈ X, (TP X)∗ ∼

= mP OX,P /(mP OX,P )2 .
Proof. We can extend dP : k[X] → (TP X)∗ to a map dP : OX,P → (TP X)∗ by:
 
f gdP f − f dP g
dP = .
g g2

Then the proof of Theorem 21.8.6 goes through with appropriate modifications.

Definition. For any quasi-projective variety X and point P ∈ X, we define the tangent
space to X at P by
TP X = (mP OX,P /(mP OX,P )2 )∗ .

387
21.8. Tangent Space Chapter 21. Algebraic Geometry

By Theorem 21.8.9, this description agrees with TP (X ∩ Ui ) for any affine patch Ui (i.e.
the tangent spaces are isomorphic).

Definition. For a projective variety X ⊆ PN such that J(X) = (F1 , . . . , Fm ), and a point
P ∈ X ∩ Ui , we define the projective tangent space to X at P to be

TP X = Tϕ−1
i (P )
(ϕ−1
i (X ∩ Ui )).

Lemma 21.8.10. TP X is a linear subvariety of PN .

Proof. This follows from the fact that

( N )!
X ∂Fi
TP X = Z :1≤j≤m .
i=0
∂X i

As with affine tangent spaces, we have

 
∂Fi
dim TP X = dim TP X = N − rank (P ) .
∂Xj

Definition. A quasi-projective variety X is nonsingular at a point P ∈ X if

 
∂Fi
dim X = N − rank (P ) .
∂Xj
∂F
Example 21.8.11. A hypersurface X = Z(F ) is nonsingular at P if and only if ∂Xi
(P ) 6= 0
for some 1 ≤ i ≤ N .

388
21.9. Local Parameters Chapter 21. Algebraic Geometry

21.9 Local Parameters

Definition. Let X be a nonsingular variety of dimension n. We say t1 , . . . , tn ∈ OX,P are
local parameters at P if

(1) ti (P ) = 0 for each i; that is, ti ∈ mP .

(2) t̄1 , . . . , t̄n form a basis of the vector space mP /m2P .

Proposition 21.9.1. Local parameters generate the maximal ideal at P .

Proof. This follows from Nakayama’s Lemma.

Definition. Let A be a local ring with maximal ideal m and residue field k = A/m. Then A
is said to be a regular ring if dim A = dimk m/m2 .

Proposition 21.9.1 shows that P ∈ X is nonsingular if and only if the local ring OX,P is
a regular ring.

Remark. For a nonsingular point P ∈ X, the topological completion of OX,P at mP , de-

noted O bX,P , is isomorphic to the power series ring k[[t1 , . . . , tn ]], where t1 , . . . , tn are local
parameters at P . This can be used, for example, to show that OX,P is a UFD, since power
series rings are UFDs in general. In the next chapter, we will prove directly that the local
rings of X are UFDs when X is a curve.

389
Chapter 22

Curves

In this chapter we further study the geometry of algebraic varieties of dimension 1.

Definition. An irreducible, projective algebraic variety X of dimension dim X = 1 is called

an algebraic curve.

For the rest of the chapter, X will denote an algebraic curve. The first important result
is that the local rings OX,P of a nonsingular curve are discrete valuation rings.

Theorem 22.0.1. Let X be an algebraic curve and P ∈ X a nonsingular point. Then OX,P
is a DVR.

Proof. Fix P ∈ X and let OP = OX,P be the local ring at P , with maximal ideal mP and
residue field κ(P ) = OP /mP . Then by Proposition 21.9.1, OP is a regular local ring. Thus
Corollary 21.8.7 gives us dimκ(P ) (mP /m2P ) = dim X = 1. Let t ∈ mP such that dP t 6= 0; that
is, t is a local parameter at P . Then for f ∈ k̄(X) with f (P ) = 0, we have f = tr u in OP ,
for some u ∈ OP× . Define a map

ordP : OP −→ Z
f 7−→ ordP (f ) = max{d ∈ Z | f ∈ mdP }.

Explicitly, if f = tr u where u is a unit, then ordP (f ) = r. Formally, we also set ordP (f ) = 0

if f (P ) 6= 0, to get a map on all of k̄(X). One then shows that ordP is a discrete valuation
with OP as its valuation ring.

Corollary 22.0.2. For any nonsingular point P ∈ X, OP is a PID and therefore a UFD.

Proof. By the above, every ideal of OP is of the form (tr ) where t ∈ mP is a local parameter.

Definition. A local parameter t ∈ mP is called a uniformizer at P .

Definition. Fix a rational function f ∈ k(X) and an integer r > 0. We say f has a pole
of order r at P if ordP (f ) = −r, and a zero of order r at P if ordP (f ) = r.

Remark. A rational function f ∈ k(X) is regular at P if and only if ordP (f ) ≥ 0.

390
 Chapter 22. Curves

Proposition 22.0.3. Every nonconstant, rational function f ∈ k̄(X) has at least one pole.

Proof. A rational function f ∈ k̄(X) with no poles is regular everywhere on X, and therefore
constant by Corollary 21.7.4, since X is projective.

Remark. Each f ∈ k̄(X) has only finitely many zeroes and poles, or none at all.

391
22.1. Divisors Chapter 22. Curves

22.1 Divisors
Definition. Let X be a variety. An irreducible divisor on X is a closed, irreducible
k-subvariety x of X of codimension 1.
When X is a curve over k, an irreducible divisor is a closed point of MaxSpec k[X ∩ Ui ]
for some affine patch Ui , or alternatively, a Gk -orbit of points in X(k̄).
Definition. The degree of an irreducible divisor x on X is the size of the Gk -orbit in X(k̄)
corresponding to x, i.e. deg(x) = [κ(P ) : k] for any P ∈ x.
Example 22.1.1. Let X = P1 . On an affine patch A1 ,→ Ui ⊆ P1 , the irreducible divisors
correspond to irreducible polynomials in k[A1 ] = k[t].
Definition. Let X be a curve over k. The divisor group on X, Div(X), is the free abelian
group on the set of irreducible divisors on X:
( )
X
Div(X) = D = nx x : nx ∈ Z, nx 6= 0 for finitely many x .
x∈X
P
The elements of Div(X) are called
P divisors on X. For a divisor D = x∈X nx x ∈ Div(X),
the degree of D is deg(D) = x∈X nx deg(x).
Example 22.1.2. If k is algebraically closed, then the irreducibleP
divisors are the points of
X, so each D ∈ Div(X) is a weighted sum of points of P X: D = x∈X nx x. The degree of
such a divisor is just the sum of the weights: deg(D) = x∈X nx .
∗
P Now assume X is a nonsingular curve. For f ∈ k(X) , we can define a divisor D(f ) =
x∈X ordx (f )x, called the principal divisor of f . This defines a map

D : k(X)∗ −→ Div(X)
whose image is denoted PDiv(X), the group of principal divisors on X.
Definition. The Picard group, or divisor class group, of X is the quotient group
Pic(X) = Div(X)/ PDiv(X).
This defines an equivalence relation on divisors: D1 ∼ D2 if D1 = D2 + D(f ) for some
f ∈ k(X)∗ .
Example 22.1.3. Consider the variety E = Z(y 2 − x3 − 3x2 − 2x). This is the elliptic curve
defined by y 2 = f (x) where f = x3 + 3x2 + 2x = x(x + 1)(x + 2). The projective closure of
E is E = Z(fh ), where
fh = ZY 2 − X 3 − 3X 2 Z − 2XZ 2 .
Y
Setting y = Z
, we can compute its divisor on E:
X
D(y) = ordP (y)P.
P ∈X

On the affine part, there are only zeroes of y, and they occur precisely at P = (−2, 0), (−1, 0)
and (0, 0).

392
22.1. Divisors Chapter 22. Curves

Note that t ∈ OE,P is a uniformizer whenever dP t 6= 0. Viewing t ∈ k[x, y], i.e. as a lift of
[t] ∈ OE,P , we have that
∂f
ˆ t = x is a uniformizer as long as dP x = x|TP E 6= 0, which is equivalent to (P ) 6= 0.
∂y
∂f
ˆ t = y is a uniformizer as long as dP y = y|TP E 6= 0, that is, (P ) 6= 0.
∂x
In particular, we can always find a uniformizer! For P = (−2, 0), (−1, 0) and (0, 0), t = y is
a uniformizer. It follows that ordP (y) = 1 at each of these points, and ordQ (y) = 0 for any
other point Q ∈ E. Thus the divisor for y is

(y) = (−2, 0) + (−1, 0) + (0, 0) + ord∞ (y)∞.

The point at infinity is where Z = 0, so by the defining equation for E, X = 0 and, in

projective space, Y = 1. Set P = ∞ = [0, 1, 0]. On a different affine patch
  containing P , we
Z
have coordinates ζ = Y and ξ = Y . Then y = ζ so ordP (Y ) = ordP ζ1 = − ordP (ζ). In
X 1

these coordinates, the defining equation for E becomes

g = ζ − (ξ 3 + 3ξ 2 ζ + 2ξζ 2 ).
∂g
Notice that ∂ζ
(0, 0) = 1, so ξ is a uniformizer on this patch. Now

ordP (ζ) = ordP (ξ 3 + 3ξ 2 ζ + 2ξζ 2 ) ≥ min{ordP (ξ 3 ), ordP (3ξ 2 ζ), ordP (2ξζ 2 )}.

393
22.1. Divisors Chapter 22. Curves

We have ordP (ξ 3 ) = 3 and ordP (3ξ 2 ζ), ordP (2ξζ 2 ) ≥ 3. If all three orders are equal to 3, then
by the ultrametric inequality ordP (ζ) must be strictly greater than the minimum, which is
3 in this case. But then ordP (3ξ 2 ζ) = ordP (ξ 2 ) + ordP (ζ) > 2 + 3 > 3, so in fact we cannot
have all three orders equal to 3. Hence ordP (ζ) = 3. We have thus calculated the divisor of
y on the elliptic curve E:

(y) = (−2, 0) + (−1, 0) + (0, 0) − 3∞.

394
22.2. Morphisms Between Curves Chapter 22. Curves

22.2 Morphisms Between Curves

Proposition 22.2.1. Let C be an algebraic curve and X a projective variety, and suppose
ϕ : C 99K X is a rational map. If P ∈ C is a nonsingular point then ϕ is regular at P .

Proof. A more general result is that if Y is a normal variety, i.e. the local rings OY,P are
normal rings, then the locus of nondeterminacy of such a rational map ϕ : Y 99K X is a
subvariety of codimension at least 2. For Y = C a curve, this means there are no points
where ϕ fails to be regular.
A nonconstant rational map ϕ : C1 99K C2 between curves induces a field extension
k(C2 ) ,→ k(C1 ). Since both function fields have transcendence degree 1, this is in fact a
finite field extension.

Definition. For curves C1 and C2 and a rational map ϕ : C1 99K C2 , define the degree
of ϕ by deg ϕ = [k(C1 ) : k(C2 )]; the separable degree of ϕ by degs ϕ = [k(C1 ) : k(C2 )]s ;
and the inseparable degree of ϕ by degi ϕ = [k(C1 ) : k(C2 )]i . We say ϕ is separable if
k(C1 ) ⊇ k(C2 ) is a separable extension.

Definition. Any finitely generated field extension of k with transcendence degree 1 over k
is called a function field of degree 1 over k.

Proposition 22.2.2. There is an equivalence of categories

   
nonsingular curves over k function fields of deg. 1 over k
←→ .
with nonconstant, rational maps with k-homomorphisms

Proof. (Sketch) The assignment X 7→ k(X) determines one direction: we have seen that
k(X) is indeed a function field over k. Conversely, for a function field K/k, we associate
an abstract algebraic curve XK to K by putting a Zariski topology on theTmaximal ideals
of the valuation rings O ⊂ K. The structure sheaf is given by OXK (U ) = P ∈U OP where
U ⊆ XK is open and OP is the valuation ring corresponding to P . This determines the
reverse assignment K 7→ XK . One now checks that these assignments are inverse and
preserve categorical structure.
Now fix nonsingular curves X and Y over k and a morphism ϕ : X → Y defined over k.
Then an irreducible divisor y ∈ Div(Y ) corresponds to a maximal ideal mY (on some affine
patch) with uniformizer ty ∈ k(Y ).

Definition. The pullback of ϕ is a map ϕ∗ : Div(Y ) → Div(X) defined on irreducible

divisors by X
ϕ∗ y = ordX (ϕ∗ ty )x,
x∈X

where ty is a uniformizer at y, and extended linearly.

Example 22.2.3. Let X be the plane curve defined by y 2 − x and Y = P1 the projective
line, and let ϕ : X → Y be the x-coordinate projection.

395
22.2. Morphisms Between Curves Chapter 22. Curves

x2
X

x0

x1

Y
y0 y1

Then ϕ∗ y0 = 2x0 + ord∞ (ϕ∗ ty0 )∞ and ϕ∗ y1 = x1 + x2 + ord∞ (ϕ∗ ty1 )∞.

Definition. Let ϕ : X → Y be a morphism, x ∈ X and y = ϕ(x) ∈ Y . The number

eϕ (x) = ordx (ϕ∗ ty ) is called the ramification index of ϕ at x. If eϕ (x) = 1 and the residue
field extension κ(x)/κ(y) is separable, we say ϕ is unramified at x. Otherwise, we say ϕ
is ramified at x, and y is called a branch point of ϕ.

Proposition 22.2.4. Fix a morphism ϕ : X → Y , x ∈ X and y = ϕ(x) ∈ Y . Then

(1) eϕ (x) does not depend on the choice of uniformizer ty .

P
(2) For any Q ∈ Y , P ∈ϕ−1 (Q) eϕ (P ) = deg ϕ.

(3) All but finitely many Q ∈ Y have #ϕ−1 (Q) = degs ϕ.

(4) If ψ : Y → Z is a morphism then eψϕ (x) = eϕ (x)eψ (y).

Definition. Given a morphism ϕ : X → Y , the pushforward of ϕ is a map ϕ∗ : Div(X) →

Div(Y ) defined on irreducible divisors x ∈ X by

ϕ∗ x = [κ(x) : κ(ϕ(x))]ϕ(x)

and extended linearly.

Proposition 22.2.5. Let ϕ : X → Y be a morphism and D ∈ Div(Y ) and D0 ∈ Div(X)

divisors. Then

(1) deg(ϕ∗ D) = (deg ϕ)(deg D).

(2) ϕ∗ (f ) = (ϕ∗ f ) for any function f ∈ k(Y ).

(3) deg(ϕ∗ D0 ) = deg(D0 ).

396
22.2. Morphisms Between Curves Chapter 22. Curves

(4) ϕ∗ ϕ∗ D = (deg ϕ)D.

Corollary 22.2.6. For any function f ∈ k(X) on a curve X, deg(f ) = 0.

Proof. View f as a function X → P1 . Then deg(f ) = deg(ϕ∗ (0) − ϕ∗ (∞)) = 0.

Let Div0 (X) be the subgroup of Div(X) consisting of divisors of degree zero. Then
Corollary 22.2.6 shows that PDiv(X) ⊆ Div0 (X). Set

Pic0 (X) := Div0 (X)/ PDiv(X).

Then the degree map determines an exact sequence

D
0 → k × → k(X)× −
→ Div0 (X) → Pic0 (X) → 0.

If X is defined over the algebraic closure k̄, write Pic(X/k̄) for Pic(X(k̄)). Consider Div(X/k̄)Gk .
Then we have an embedding

Pic0 (X/k) ,→ Pic0 (X/k̄)Gk .

Unfortunately, this map is not surjective in general.

397
22.3. Linear Equivalence Chapter 22. Curves

22.3 Linear Equivalence

Definition. The classes [D] = {D + (f ) : f ∈ k(X)× } in the Picard group of X determines
a linear equivalence: D ∼ D0 if there exists an f ∈ k(X)× such that D + (f ) = D0 .
Lemma 22.3.1. For two divisors D, D0 ∈ Div(X), D ∼ D0 if and only if deg(D) = deg(D0 ).
Therefore the degree map descends to a map on the Picard group,

deg : Pic(X) −→ Z.
P
Definition. A divisor D = nx x on X is called effective if nx ≥ 0 for all x ∈ X. In this
case we will write D ≥ 0. Also, if D1 , D2 ∈ Div(X) and D1 − D2 is an effective divisor, we
write D1 ≥ D2 . This defines an ordering on Div(X).
Definition. Let D be an effective divisor on X. Then the Riemann-Roch space associated
to D is the k-vector space

L(D) = {f ∈ k(X)× | D + (f ) ≥ 0} ∪ {0}.

We denote its dimension by `(D) = dimk L(D).

P
The condition that D + (f ) ≥ 0 can be restated as (f ) ≥ −D, or if D = nx x then
ordx f ≥ −nx for all x ∈ X.
Example 22.3.2. Let x ∈ X and n > 0. For the divisor D = nx, the space L(D) consists
of all f ∈ k(X)× with no poles except possibly at x of order at most n.
Definition. Fix a divisor D ∈ Div(X). The projective space

|D| := {D0 ∈ Div(X) : [D0 ] = [D] and D0 ≥ 0} ∼

= P(L(D))

is called the complete linear system of D on X. Any projective subspace of |D| is called
a linear system of D on X.
Note that D is linearly equivalent to an effective divisor if and only if L(D) 6= 0.
Theorem 22.3.3. For any D ∈ Div(X), L(D) is finite dimensional.
Lemma 22.3.4. If D1 , D2 ∈ Div(X) are linearly equivalent, say D1 − D2 = (g) for some
g ∈ k(X)× , then there is an isomorphism

L(D1 ) −→ L(D2 )
f 7−→ gf.

In particular, `(D) is a well-defined invariant of each class [D] ∈ Pic(X).

Remark. If X is defined over an extension k ⊆ K ⊆ k̄, write LK (D) and `K (D) for the
Riemann-Roch space of D on X(K) and its dimension. Then Lk̄ (D) has a basis consisting
of functions f ∈ k(X)× , so `k̄ (D) = `k (D). Thus we are justified in writing `(D) for any of
these.

398
22.3. Linear Equivalence Chapter 22. Curves

Proposition 22.3.5. Let D, D1 , D2 ∈ Div(X). Then

(1) `(D) ≤ deg(D) + 1 if D ≥ 0.
(2) If D1 ≤ D2 then L(D1 ) ⊆ L(D2 ).
Example 22.3.6. For X = P1 , any divisor D is linearly equivalent to d∞ for some d ∈ Z.
Then L(D) ∼ = L(d∞) = {f ∈ k[t] : deg f ≤ d} which has dimension exactly d + 1. Thus the
equality `(D) = deg(D) + 1 holds for any divisor on P1 .
Example 22.3.7. If X 6= P1 and D is an effective divisor, then `(D) ≤ deg(D). In partic-
ular, if deg(D) ≤ 0 then `(D) = 0.
Next, we explore how much less than deg(D) + 1 the dimension `(D) can be. This
culminates with the Riemann-Roch theorem in Section 22.6. Set γ(D) = deg(D) + 1 − `(D).
Theorem 22.3.8 (Riemann Inequality). For an nonsingular algebraic curve X, there is a
bound γX such that γ(D) ≤ γX and 1 + deg(D) − γX < `(D) for all divisors D ∈ Div(X).
The Riemann-Roch spaces are useful for constructing maps X → PN and in particular
embeddings into projective space. Given a rational map ϕ = (ϕ0 , . . . , ϕN ) : X 99K PN with
ϕi ∈ k(X), define the divisor of ϕ to be

Dϕ = gcd{(ϕ0 ), . . . , (ϕN )}.

Then for each ϕi , (ϕi ) − Dϕ ≥ 0 so ϕi ∈ L(−Dϕ ). Set D = Dϕ . Let M be the subspace of

L(−D) spanned by (ϕ0 ), . . . , (ϕN ). We may assume that these (ϕi ) are linearly independent,
lowering N if necessary. Then dim M = N + 1. Next, δ = {(g) − D | g ∈ M } is a linear
system of dimension N , i.e. a subspace of | − D|. Thus every rational map X 99K PN
determines a linear system of D, and it turns out the converse is also true.
Given δ ≤ |D| a linear subspace of |D| ⊆ PN of dimension N , define the base locus of δ
by n X o
B(δ) = P ∈ X : nP 6= 0 for all D0 = nP P ∈ δ .
Choose a basis f0 , . . . , fN of functions for L(D) corresponding to δ. Then ϕδ = (f0 , . . . , fN ) :
X 99K PN is a rational map that restricts to a morphism on X r B(δ). This is in fact unique
up to automorphism of PN – corresponding to a choice of basis.
Definition. A linear system δ ≤ |D| is called basepoint-free if B(δ) = ∅.
A basepoint-free linear system δ determines a regular map ϕδ : X → PN .
Definition. If the complete linear system |D| is basepoint-free and the morphism ϕ|D| : X →
PN is an embedding, we say |D| is very ample. If for some m > 0, the complete linear
system |mD| is very ample, then we say |D| is ample.
P
Theorem 22.3.9. Let X be a curve and D = nx x an effective divisor on X. Then
(1) D is basepoint-free if and only if for all x ∈ X such that nx 6= 0, `(D − x) < `(D).
(2) |D| is very ample if and only if `(D − P − Q) < `(D − P ) < `(D) for all P, Q ∈ X.

399
22.4. Differentials Chapter 22. Curves

22.4 Differentials
Definition. For a curve X, the space of meromorphic differentials on X is the k(X)-
vector space ΩX consisting of formal differentials df for each f ∈ k(X)× satisfying

ˆ d(f + g) = df + dg,

ˆ dα = 0 if α ∈ k,

ˆ d(f g) = f dg + g df .

If ϕ : X → Y is a morphism of curves, we get a map of fields ϕ∗ : k(Y ) → k(Y ). Define

the induced map on meromorphic differentials by

ϕ∗ : ΩY −→ ΩX
X  X
ϕ∗ fi dti 7−→ ϕ∗ fi d(ϕ∗ ti ).

Lemma 22.4.1. For any algebraic curve X, dimk(X) ΩX = dim X = 1.

Proposition 22.4.2. For any f ∈ k(X), the following are equivalent:

(i) df 6= 0.

(ii) df is a basis for ΩX .

(iii) k(X)/k(f ) is finite and separable.

(iv) f 6∈ k if char k = 0, or f 6∈ k(X)p if char k = p > 0.

Lemma 22.4.3. A nonconstant morphism ϕ : X → Y is separable if and only if the induced

map ϕ∗ : ΩY → ΩX is nonzero.

For a point P ∈ X, choose a uniformizer t = tP in OX,P . Then ΩX is generated by dt.

Hence for any ω ∈ ΩX , there exists g ∈ k(X) such that ω = g dt.

Definition. Define the order of ω at P ∈ X to be ordP (ω) = ordP (g), where ω = g dt. The
principal divisor associated to ω is then defined to be
X
(ω) = ordP (ω)P.
P ∈X

Proposition 22.4.4. Let X be a curve, P ∈ X, f ∈ k(X) and ω ∈ ΩX . Then

(1) If f is regular at P then df = f dt for t = tP a local uniformizer.

(2) For any s ∈ k(X) such that s(P ) = 0, ordP (f ds) = ordP (f ) + ordP (s) − 1 if p -
ordP (s), and ordP (f ds) ≥ ordP (f ) + ordP (s) if p | ordP (s).

(3) ordP (ω) = 0 for all but finitely many P ∈ X.

400
22.4. Differentials Chapter 22. Curves

Definition. The canonical class on a curve X is the class KX = [(ω)] in Pic(X) for any
nonzero differential ω ∈ ΩX .

Lemma 22.4.5. The canonical class is well-defined, i.e. does not depend on the choice of
ω ∈ ΩX .

Proof. For nonzero ω1 , ω2 ∈ ΩX , write ω1 = f ω2 for some f ∈ k(X)× . Then (ω1 ) = (f ω2 ) =

(f ) + (ω2 ). Thus [(ω1 )] = [(ω2 )].

Definition. We say ω ∈ ΩX is a holomorphic (or regular) differential on X if ordP (ω) ≥

0 for all P ∈ X. We denote the space of holomorphic differentials on X by Ω[X].

Note that Ω[X] is a k-vector space but need not be a k(X)-vector space.

Definition. The geometric genus of X is defined as g(X) := `(KX ), the dimension of the
Riemann-Roch space L(KX ) of the canonical class.

Lemma 22.4.6. There is an isomorphism L(KX ) → Ω[X].

Proof. The map is f 7→ f ω for any fixed ω ∈ Ω[X] defining the canonical class.

Corollary 22.4.7. For any curve X, g(X) = dimk Ω[X].

Remark. For any divisor D ∈ Div(X), `k (D) = `k̄ (D) implies g(X(k)) = g(X(k̄)), so the
geometric genus is unchanged when passing to the algebraic closure k̄. Moreover, g(X) is a
birational invariant of X.

Example 22.4.8. Let X = P1 and let t be a coordinate function on some affine patch U of
P1 . We claim that (dt) = −2∞. Indeed, for any α ∈ U ∼ = A1 , t − α is a local uniformizer at
α. Thus ordα
(dt) = ordα (d(t − α)) = 0. At infinity, 1t is a local uniformizer so we can write
dt = −t2 d 1t . Hence

ord∞ (dt) = ord∞ −t2 d 1t = ord∞ − t−2 1

+ ord∞ d 1t = −2 + 0 = −2.

So (dt) = −2∞ as claimed. Now for any ω ∈ ΩP1 , deg(ω) = −2 so we see that `(KP1 ) =
`(−2∞) = 0. Hence the genus of the projective line is g(P1 ) = 0.

Corollary 22.4.9. There are no holomorphic differentials on P1 .

Proof. By Corollary 22.4.7, g(P1 ) = dimk Ω[P1 ] but by the calculations above, the genus of
P1 is zero.

401
22.5. The Riemann-Hurwitz Formula Chapter 22. Curves

22.5 The Riemann-Hurwitz Formula

Let ϕ : X → Y be a nonconstant morphism of curves and fix P ∈ X. Then eϕ (P ) =
ordP (ϕ∗ tϕ(P ) ) where tϕ(P ) is a local uniformizer. We would like to see what happens to the
canonical class KX under a morphism. Take t to be a uniformizer at Q = ϕ(P ) and set
eϕ (P ) = e. Then ϕ∗ (dt) = d(ϕ∗ t). Moreover, if s is a uniformizer on X at P , then ϕ∗ t = use
for some unit u ∈ OP× . Now d(ϕ∗ t) = d(use ) = se du + uese−1 ds. Write du = g ds for a
regular function g ∈ OP ; this is possible by (1) of Proposition 22.4.4. Then

d(ϕ∗ t) = se g ds + euse−1 ds
=⇒ ordP (d(ϕ∗ t)) = ordP (se g + euse−1 )
= min{ordP (se g), ordP (euse−1 )}.

If char k - e, then this minimum is e − 1; otherwise, when char k | e the minimum is at least
e.
Definition. If ϕ is ramified and char k - eϕ (P ) for all P ∈ X, we say ϕ is tamely ramified.
Otherwise ϕ is wildly ramified.
Remark. If ϕ is tamely ramified, then ordP (d(ϕ∗ t)) = eϕ(P ) − 1 for each P . If ϕ is wildly
ramified at P , then ordP (d(ϕ∗ t)) ≥ eϕ (P ).
Definition. For a morphism ϕ : X → Y , define the ramification divisor
X
Rϕ = ordP (d(ϕ∗ t))P.
P ∈X

Now for ω ∈ ΩY , the canonical classes on X and Y can be defined by KY = [(ω)] and
KX = [(ϕ∗ ω)]. On the other hand, the pullback defines a divisor ϕ∗ KY ∈ Div(X). We want
to determine the relation between these three divisors.
Lemma 22.5.1. If ϕ : X → Y is a morphism of curves, then KX = ϕ∗ KY + [Rϕ ], where
Rϕ is the ramification divisor of ϕ.
Proof. If ω = f dt ∈ ΩY , then

ordP (ϕ∗ ω) = ordP (ϕ∗ f d(ϕ∗ t)) = ordP (ϕ∗ f ) + ordP (d(ϕ∗ t)),

so we see that ordP (ϕ∗ ω) gives the coefficient in KX , ordP (ϕ∗ f ) gives the coefficient in
ϕ∗ KY and ordP (d(ϕ∗ t)) gives the coefficient in Rϕ . Summing over P ∈ X gives the desired
equality.
P
Taking ϕ to be tamely ramified, Rϕ = P ∈X (eϕ (P ) − 1)P so the degree function applied
to the equation in Lemma 22.5.1 gives
X
deg(KX ) = deg(ϕ∗ KY ) + (eϕ (P ) − 1).
P ∈X

We will show in Section 22.6 that deg(KX ) = 2g(X) − 2. This proves:

402
22.5. The Riemann-Hurwitz Formula Chapter 22. Curves

Theorem 22.5.2 (Riemann-Hurwitz Formula). For any morphism ϕ : X → Y ,

X
2g(X) − 2 = (deg ϕ)(2g(Y ) − 2) + (eϕ (P ) − 1).
P ∈X

Corollary 22.5.3. For any morphism ϕ : X → Y , g(X) ≥ g(Y ).

403
22.6. The Riemann-Roch Theorem Chapter 22. Curves

22.6 The Riemann-Roch Theorem

Recall from Theorem 22.3.8 that `(D) ≥ 1 + deg(D) − γX . The classic Riemann-Roch
theorem gives a precise value for γX in terms of the dimensions of the Riemann-Roch spaces
of X and the genus.
Theorem 22.6.1 (Riemann-Roch). For an algebraic curve X with genus g = g(X), γX = g
satisfies the Riemann Inequality. Moreover,

`(D) − `(K − D) = 1 − g + deg(D),

where K = KX is the canonical divisor of X.

Remark. One typically proves the Riemann-Roch theorem using sheaf cohomology – the
vector spaces L(D) form a sheaf on X – as well as Serre duality. See Hartshorne for details.
Corollary 22.6.2. If KX is the canonical divisor on X, then deg(KX ) = 2g − 2.
Proof. Set D = K = KX . Then the Riemann-Roch theorem says that

`(K) − `(0) = deg(K) + 1 − g

but `(K) = g by definition and `(0) = 1. Solving for deg(K) we get deg(K) = 2g − 2.
Corollary 22.6.3. Suppose deg(D) > 2g − 2 for some divisor D ∈ Div(X). Then `(D) =
deg(D) + 1 − g.
The genus is a discrete invariant of nonsingular curves. There are two natural questions
that arise:
(1) What are the curves with genus g for a particular g ∈ N0 ?

(2) How do we describe the structure of the collection of all genus g curves?
We will see that one can put the structure of a variety on the collection of genus g curves.
Lemma 22.6.4. Let X be an algebraic curve. Then X ∼ = P1 if and only if there is some
divisor D ∈ Div(X) such that deg(D) = 1 and `(D) ≥ 2.
Proof. ( =⇒ ) If X ∼
= P1 then g(X) = g(P1 ) = 0 by Example 22.4.8. Take a point P ∈ X
and set D = P ∈ Div(X); of course deg(D) = 1. Then by the Riemann-Roch theorem,

`(D) = 1 − g + deg(D) + `(K − D) = 1 − 0 + 1 + `(K − D) = 2 + `(K − D) ≥ 2.

( ⇒= ) Since `(D) ≥ 2, there exists a nonconstant function g ∈ L(D). Then D ∼ D +

(g) ≥ 0 so we may assume D is effective. The only way for deg(D) = 1 is for D = P for some
point P ∈ X(k). Now g determines a map g : X → P1 , under which g ∗ ∞ = ord∞ (g) = P ,
so we must have deg(g) = 1. Hence g is an isomorphism of curves.
Proposition 22.6.5. For an algebraic curve X with genus g = g(X), the following are
equivalent:

404
22.6. The Riemann-Roch Theorem Chapter 22. Curves

(1) X ∼
= P1 .
(2) g = 0 and there exists a divisor D ∈ Div(X) with deg(D) = 1.

(3) g = 0 and X(k) 6= ∅.

Proof. (1) =⇒ (2) follows immediately from Lemma 22.6.4.

(2) =⇒ (1) Since the genus is 0, deg(D) > 2g − 2 = −2 is certainly true. By Corol-
lary 22.6.3, `(D) = deg(D) + 1 − g = 1 + 1 − 0 = 2, so Lemma 22.6.4 once again applies.
(2) =⇒ (3) follows from the proof of Lemma 22.6.4.
(3) =⇒ (2) Any rational point P ∈ X(k) is a divisor on X of degree 1.
This shows that the main interest for curves of genus 0 is in finding rational points
P ∈ X(k). Moreover, when g(X) = 0, the complete linear system |KX | is very ample by
Theorem 22.3.9 and the Riemann-Roch theorem, and the embedding ϕ|KX | : X ,→ P2 realizes
X as a plane conic.

Remark. If ϕ : P1 → X is a morphism, Corollary 22.5.3 says that g(X) = 0. Further, when

k is algebraically closed or we consider the k̄-points X(k̄), one has X ∼
= P1 . Notice that this
gives another proof of Lüroth’s theorem (20.2.2).

405
22.7. The Canonical Map Chapter 22. Curves

22.7 The Canonical Map

We saw in the last section that the theory of genus 0 curves for the most part reduces to
studying whether X has rational points and describing the embedding ϕ|KX | : K ,→ P2 .
What about higher genus curves?

Proposition 22.7.1. Let X be a nonsingular algebraic curve over k of genus g ≥ 1. If KX

is the canonical divisor of X then the complete linear system |KX | is basepoint-free.

Proof. This follows from the Riemann-Roch theorem and Theorem 22.3.9, taking D = KX .

Thus |KX | determines a regular map into projective space.

Definition. The canonical map of a genus g ≥ 1 curve X is the map ϕ|KX | : X → Pg−1 .

Definition. A hyperelliptic curve is a smooth curve X together with a separable, degree

2 map X → P1 .

Example 22.7.2. When char k 6= 2, a hyperelliptic curve is of the form X = Z(y 2 − f (x))
for a polynomial f ∈ k[x]. More generally, the minimal degree of a nonconstant morphism
X → P1 is called the gonality of X. Thus, a hyperelliptic curve is a curve of gonality 2.

Proposition 22.7.3. If X is not hyperelliptic and g ≥ 2, the canonical map ϕ|KX | : X →

Pg−1 is an embedding.

Proposition 22.7.4. If X is a nonsingular algebraic curve of genus g and D ∈ Div(X),

then

(1) If deg(D) ≥ 2g then |D| is basepoint-free.

(2) If deg(D) ≥ 2g + 1 then |D| is very ample.

Corollary 22.7.5. If g ≥ 2 then ϕ|3KX | : X → P5g−6 is an embedding.

Definition. The map ϕ|3KX | is called the tricanonical map of a curve X.

Theorem 22.7.6 (Faltings). If X is a curve of genus g ≥ 2 then #X(Q) is finite.

We have for the most part dealt completely with the cases of curves of genus g = 0 and
g ≥ 2, so the most interesting work remains to be done for curves of genus g = 1.

406
22.8. Bézout’s Theorem Chapter 22. Curves

22.8 Bézout’s Theorem

For this section let k be algebraically closed, fix X ⊆ PN a projective curve and Y ⊆ PN
a hypersurface defined by Y = Z(F ) for some F ∈ k[X0 , . . . , XN ]. Further suppose that
X 6⊂ Y , i.e. that F 6∈ J(X). Then by counting codimensions, X ∩Y must be some dimension
0 variety in PN , i.e. X and Y intersect in some discrete set of points. We want to count
these points, including some notion of multiplicity, in a rigorous way.

Definition. The intersection multiplicity of X and Y = Z(F ) at a point P ∈ X ∩ Y ,

denoted (X · F )P , is defined as follows. Let G ∈ k[X0 , . . . , XN ] be any form of the same
degree as F such that G(P ) 6= 0. Then F/G ∈ k(X) so the intersection multiplicity at P is
defined: (X · F )P := ordP (F/G). Further, the intersection divisor of F on X is
X
divX (F ) = (X · F )P P,
P ∈X∩Y
P
and its order (X · F ) := P ∈X∩Y (X · F )P is called the intersection number of X and Y .

Q
P

If L is the linear form representing the line in the figure, then (X · L)P = 1, (X · L)Q = 2 and the
intersection number is (X · L) = 1 + 2 = 3.

Proposition 22.8.1. If F1 ∈ k[X0 , . . . , XN ] r J(X) is another form with deg F1 = deg F ,

then (X · F ) = (X · F1 ).

Proof. Set f = F/F1 ∈ k(X). Then divX (F ) ∼ divX (F1 ), so deg(divX (F )) = deg(divX (F1 )),
and thus the intersection number is well-defined.

Corollary 22.8.2. If deg F = m and L is any linear form such that L 6∈ J(X), then
(X · F ) = m(X · L).

Proof. Since intersection multiplicity at a point is multiplicative, this formula is clear.

Lemma 22.8.3. For any form F 6∈ J(X) and any point P ∈ X ∩ Z(F ), (X · F )P = 1 if
and only if F (P ) = 0 and TP X 6⊂ TP Z(F ).

Stated another way, Lemma 22.8.3 says that the intersection multiplicity at P is 1 if and
only if X and Z(F ) meet transversely.

Lemma 22.8.4. For any smooth curve X, there exists a linear form L such that (X ·L)P ≤ 1
for all P ∈ X ∩ Z(L).

407
22.8. Bézout’s Theorem Chapter 22. Curves

Definition. The degree of a projective curve X ⊆ PN is defined to be

degPN X := max{#(X ∩ H) : H is a hyperplane and X 6⊂ H}.

Corollary 22.8.5. Let X be a projective curve in PN . Then degPN X = (X · L) for any

linear form L.

Theorem 22.8.6 (Bézout). Let X ⊂ PN be a projective curve and F ∈ k[X0 , . . . , XN ] a

form such that F 6∈ J(X). Then (X · F ) = (degPN X)(deg F ).

Example 22.8.7. If X ⊂ P2 is a planar curve given by a form G = 0, then degP2 X = deg G

so we can count intersection multiplicities in the plane by:

(X · F ) = (deg G)(deg F )

for any F ∈ k[X0 , X1 , X2 ] r J(X).

408
22.9. Rational Points of Conics Chapter 22. Curves

22.9 Rational Points of Conics

Given a plane conic C over a field of characteristic char k 6= 2, say

C : ax2 + 2bxy + 2cx + dy 2 + 2ey + f = 0

in A2k , we can homogenize to get a curve in P2k :

C : F (X, Y, Z) = aX 2 + 2bXY + 2cXZ + dY 2 + 2cY Z + f Z 2 = 0.

Then F is a quadratic form on the vector space V = k 3 .

Definition. For a k-vector space V , a function q : V → k is a quadratic form if

(a) q(λv) = λ2 v for all λ ∈ k and v ∈ V .

(b) The pairing bq (v, w) = 12 (q(v + w) − q(v) − q(w)) is symmetric and k-bilinear.

A quadratic form q is said to be nondegenerate if bq induces an isomorphism V ∼

= V ∗.
Otherwise q is degenerate.

If F (X, Y, Z) is a quadratic form on V = k 3 , then there is a matrix

 
a b c
MF = d e f 
g h i

such that F (X, Y, Z) = (X Y Z)MF (X Y Z)t . The determinant deg MF is called the
discriminant of F .

Lemma 22.9.1. A quadratic form F (X, Y, Z) is nondegenerate if and only if deg MF 6= 0.

Since MF is symmetric when F is quadratic, we may transform it by some invertible

matrix T ∈ GL3 (k) to a diagonal form DF = T t MF T . In these coordinates of k 3 , we have
3
X
F = ai Xi2 .
i=1

Further, if k = Q, we may assume the ai ∈ Z are squarefree and relatively prime.

Definition. A quadratic form F represented by a diagonal matrix M with squarefree, co-

prime integer entries is called a primitive quadratic form.

The crucial Hasse-Minkowski theorem says that a plane conic having a Q-rational point
is equivalent to the conic having a rational point over every completion of Q.

Theorem 22.9.2 (Hasse-Minkowski). Let F ∈ Q[X0 , . . . , Xn ] be a primitive quadratic form

and let X = Z(F ) ⊆ PnQ . Then X(Q) 6= ∅ if and only if X(Qv ) 6= ∅ for all places v of Q.

409
22.9. Rational Points of Conics Chapter 22. Curves

This theorem is the classic example of Hasse’s “local-to-global principle”: points over the
local fields Qv determine points over Q. Note that the Hasse-Minkowski theorem does not
hold for general varieties X, nor for general fields k.

Example 22.9.3. For a conic X, X(R) 6= ∅ if and only if there is a change of sign among
the coefficients ai in the form F defining X. This condition is easily checked as long as one
can diagonalize MF .

Thus to find rational points of a conic, we need only ask if there is an algorithm for
checking whether X has points over each p-adic field Qp .

Example 22.9.4. Let X = Pn . Then Pn (Q) = Pn (Z) and for any prime p, Pn (Qp ) = Pn (Zp ),
so it’s enough to look for integer solutions. If P = [α0 , . . . , αn ] ∈ Pn (Qp ), then we can clear
denominators so that P = [β0 , . . . , βn ] for βi ∈ Zp and some βj ∈ Z× p . The reduction mod p
n
of P is then given by P = [β̄0 , . . . , β̄n ] ∈ P (Fp ).
e

It turns out that quadratic forms always have points over finite fields. To prove this, we
will need the following counting lemma.

Lemma 22.9.5. For a sum s = α∈Fnq α1k1 · · · αnkn , where α = (α1 , . . . , αn ) and ki ∈ Z≥0 , if
P

at least one ki is not a positive integer multiple of q − 1, then s = 0.

Proof. Write  
X n
Y X
s= α1k1 · · · αnkn =  aki  .
α∈Fn
q i=1 a∈Fq

If any ki = 0 then a∈Fq aki = a∈Fq 1 = q ≡ 0 so we may assume all ki 6= 0. Let φ be a

P P

generator of the cyclic group F× ki

q and write ψ = φ . If ki is not a positive multiple of q − 1,
then ψ 6= 1. Now we have
q−2
X X X
ki ki
a = a = (φm )ki
a∈Fq a∈F×
q
m=0

q−2
X 1 − ψ q−1 1−1
= ψm = ≡ = 0.
m=0
1−ψ 1−ψ

Therefore s = 0.

Theorem 22.9.6 (Chevalley-Warning). Let Fq be a finite Pr field of characteristic p and let

f0 , . . . , fr ∈ Fq [X1 , . . . , Xn ] be polynomials satisfying n > j=1 deg fj . Set X = Z(f0 , . . . , fr ) ⊆
AnFq . Then

(a) #X(Fq ) ≡ 0 (mod p).

(b) If (0, . . . , 0) ∈ X(Fq ) is a point on the curve then #X(Fq ) ≥ p.

410
22.9. Rational Points of Conics Chapter 22. Curves

Proof. Define the indicator function for X(Fq ):

r
Y
P (X1 , . . . , Xn ) = (1 − fj (X1 , . . . , Xn )q−1 ).
j=1

Notice that P (α) = 1 if α ∈ X(Fq ) and 0 otherwise. Then

X
#X(Fq ) = P (α) mod p.
α∈Fq

Now we have r n
X X
deg P = deg fi (q − 1) < n(q − 1)
i=1 i=1

by hypothesis. So for each monomial term X1k1 · · · Xnkn in P (X1 , . . . , Pn ), k1 + . . . + kn <

n(q − 1), so at least one ki must be less than q − 1. Hence by Lemma 22.9.5,
X
#X(Fq ) = P (α) = 0 mod p.
α∈Fn
q

This proves (a), and (b) follows trivially.

Corollary 22.9.7. Every quadratic form in at least three variables has a point over each
finite field.

The theory of Hasse-Minkowski extends more generally to number fields K/Q, with
similar local-global principles at work.
We next determine when solutions to quadratic equations F = 0 over finite fields lift to
solutions in Zp , similar to Hensel’s Lemma. To do so, we introduce the notion of an integral
model for a variety over Q.

Definition. For a projective variety X ⊆ PN Q , an integral model for X is a choice of

homogenous forms F1 , . . . , Fm ∈ Z[X0 , . . . , Xn ] such that X = Z(F1 , . . . , Fm ). Denote these
forms {F1 , . . . , Fm } by X .

Note that we may assume the set of all coefficients of an integral model X = {F1 , . . . , Fm }
is coprime.

Definition. Let X = {F1 , . . . , Fm } be an integral model of X over Q. For a prime p, the

reduction of X mod p is the variety

XFp = Z(F 1 , . . . , F m ) ⊆ PN
Fp ,

where F i = Fi mod p. We say XFp is geometrically reduced if the ideal (F 1 , . . . , F m ) is

radical in Fp [X0 , . . . , XN ].

Notice that XFp depends on the integral model X chosen for X.

411
22.9. Rational Points of Conics Chapter 22. Curves

Definition. We say an integral model X has good reduction mod p if XFp is geometrically
reduced and nonsingular, and bad reduction mod p otherwise.

Lemma 22.9.8. An integral model X = {F1 , . . . , Fm } has good reduction mod p if and only
if Z[X0 , . . . , XN ]/(F1 , . . . , Fm ) ⊗ Fp is a regular ring.

Example 22.9.9. If X ⊆ P2Q is a plane conic and X is an integral model of X over Q given
by a primitive quadratic form F ∈ Z[X0 , X1 , X2 ], then X has bad reduction at a prime p if
and only if p divides the discriminant ∆(F ).

Corollary 22.9.10. A primitive quadratic form F ∈ Z[X0 , X1 , X2 ] has bad reduction at only
finitely many primes.

The following is a stronger version of Hensel’s Lemma (Theorem 15.3.19) that we will
need for lifting solutions of quadratic forms.

Theorem 22.9.11. Let (R, v) be a complete DVR, f ∈ R[x1 , . . . , xN ] and suppose (a1 , . . . , aN ) ∈
RN such that  
∂f
v(f (a1 , . . . , aN )) > 2v (a1 , . . . , aN )
∂xi
for some 1 ≤ i ≤ N . Then f has a root in RN .

Corollary 22.9.12. If X = Z(F ) is an integral model over Zp and P is a smooth point of

X (Fp ), then P lifts to a point of X (Zp ).

This leaves the question of lifting singular points.

Pn 2
Theorem 22.9.13. Let F = i=0 ai Xi be a primitive quadratic form over Zp and set
2
X = Z(F ) ⊆ PQp . Suppose β0 , . . . , βn ∈ Zp such that ordp (βj ) = 0 for some 0 ≤ j ≤ n, with
F (β0 , . . . , βn ) = 0 mod pε+1 , where
(
1, p 6= 2
ε=
3, p = 2.

Then there exists a nontrivial root of F in Zp , that is, α = (α0 , . . . , αn ) ∈ Znp , with α` 6= 0
for some 0 ≤ ` ≤ n, and F (α0 , . . . , αn ) = 0.

Proof. Since F is primitive, ai , βj ∈ Z× p for some 0 ≤ i, j ≤ n. If i = j, then the point

P = (β̄0 , . . . , β̄n ) is a smooth point of XFp . By Theorem 22.9.11, P lifts to a solution in
Zp . On the other hand, assume without loss of generality that β0 ∈ Z× ×
p and a0 6∈ Zp . Then
a0 = pa00 for some a00 ∈ Z× 2 2 0 2
p . Set c = a1 β1 +. . .+an βn . Then pa0 β +c ≡ 0 (mod p
ε+1
) so p | c;
0 0 2 0 0 × 0
write c = pc . Then pa0 β0 + c ≡ 0 (mod p ). This implies c ∈ Zp – in fact, c ∈ 1 + pε Op
ε
0 0 0
– so ac0 ∈ Z× p . In particular, − ac0 is a square in Zp by Corollary 20.2.10. Write − ac0 = θ2 for
0 0 0
θ ∈ Zp . Then α = (θ, β1 , . . . , βn ) is a solution to F (α) = 0 over Zp as required.
We have proven the following theorem characterizing rational points of quadratic forms
(conics) over Q.

412
22.9. Rational Points of Conics Chapter 22. Curves

Theorem 22.9.14. Let F be a nondegenerate, primitive quadratic form over Z and let
X = Z(F ) be the corresponding conic over Q. Then X(Q) 6= ∅ if and only if

(1) There is a sign change in the coefficients – i.e. X(R) 6= ∅.

(2) F = 0 has a primitive solution mod 16 – i.e. X(Q2 ) 6= ∅.

(3) F = 0 has a primitive solution mod p2 for all primes p > 2 – i.e. X(Qp ) 6= ∅.

In practice, one need only check (2) and (3) for primes at which X has bad reduction,
and by Corollary 22.9.10 there are only finitely many of these.

413
Chapter 23

Elliptic Curves

If X is a nonsingular algebraic curve of genus g = 1, then the canonical divisor K = KX has

degree 0 by Corollary 22.6.2, so there is no good canonical map of X into projective space.
However, we have:
Proposition 23.0.1. Suppose X is a curve with g(X) = 1 and there exists a rational point
O ∈ X(k). Then the complete linear system |3O| gives an embedding ϕ|3O| : X → P2 .
Proof. Set D = 3O. Then deg(D) = 3 so by the Riemann-Roch theorem, `(D) = 3.
Choose a basis {1, α} for L(2O). Then since L(2O) ⊆ L(3O), this extends to a basis
{1, α, β} of L(D). The map ϕ = ϕ|D| is given by ϕ : P 7→ [α(P ), β(P ), 1]. Notice that
1, α, β, α2 , αβ, α3 , β 2 ∈ L(6O), but L(6O) = 6 so there is some linear relation

Aβ 2 + Bαβ + Cβ = Dα3 + Eα2 + F α + G.

Since 1, α, β, α2 , αβ all have different orders at O, we must have A 6= 0 and D 6= 0. Replace

α with ADα, β with AD3 β and divide by A3 D4 to obtain:

y 2 + a1 xy + a3 y = x3 + a2 x2 + a4 x + a6 .

This defines a curve E ⊂ P2 , and under the map ϕ, we get X ∼

= E.
Definition. A curve of genus 1 with a choice of rational point O ∈ X(k) is called an elliptic
curve over k. An equation

y 2 + a1 xy + a3 y = x3 + a2 x2 + a4 x + a6

defining X in P2 is called a Weierstrass equation of X.

Choosing different α0 , β 0 ∈ L(3O) gives an alternate Weierstrass equation:

(y 0 )2 + a01 x0 y 0 + a03 y 0 = (x0 )3 + a03 (x0 )2 + a04 x0 + a06 .

Moreover, since Span{1, α} = Span{1, α0 } = L(2O), we must have α = u1 α0 + r for some

u1 ∈ k × and r ∈ k. Similarly, β = u2 β 0 + s2 α0 + t for u2 ∈ k × and s2 , t ∈ k. Substituting
these into the original Weierstrass equation in x, y gives the relation u22 = u31 . Set u = uu12

414
 Chapter 23. Elliptic Curves

and s = us22 . Then the transformation of coordinates between the two Weierstrass equations
has the form
x = u2 x0 + r, y = u3 y 0 + su2 x0 + t.
Since every elliptic curve has a Weierstrass equation, the above can be taken as the general
form of an isomorphism between elliptic curves.

415
23.1. Weierstrass Equations Chapter 23. Elliptic Curves

23.1 Weierstrass Equations

Let y 2 + a1 xy + a3 y = x3 + a2 x2 + a4 x + a6 be the Weierstrass equation of an elliptic curve
E over k. If char k 6= 2, one can complete the square on the left side of the equation by
substituting y 7→ 12 (y − a1 x − a3 ) to get a simpler expression
y 2 = 4x3 + b2 x2 + 2b4 x + b6
x−3b2 y


where b2 , b4 , b6 ∈ Z[ai ]. Moreover, if char k 6= 3 as well, the substitution (x, y) 7→ 36
, 108
givves
y 2 = x3 − 27c4 x − 54c6
for c4 , c6 ∈ Z[bi ]. Typically we set A = −27c4 and B = −54c6 to get an equation
y 2 = x3 + Ax + B.
Definition. An equation of the form y 2 = x3 + Ax + B is called a short Weierstrass form
for E.
The transformations preserving a short Weierstrass form are of the form
x = u2 x0 and y = u3 y 0 for u ∈ k × .
c3 (c0 )3
Under such a transformation, c4 = u4 c04 and c6 = u6 c06 so we immediately see that c24 = (c40 )2 .
6 6
Thus this ratio is an isomorphism invariant of E.
Conversely, we may ask the question, ‘When does a Weierstrass equation define an elliptic
curve over k?’
Definition. Let y 2 = x3 + Ax + B be a short Weierstrass form. Then the number ∆ =
−16(4A3 + 27B 2 ) is called the discriminant of the Weierstrass equation.
Note that if two Weierstrass forms describe the same curve, then their discriminants are
related by ∆ = u12 ∆0 for some u ∈ k × .
Proposition 23.1.1. The curve defined by a Weierstrass equation is nonsingular if and only
if ∆ 6= 0.
Proof. To study nonsingularity, we compute the Jacobian criteria for the curve X defined
by y 2 = x3 + Ax + B:
ˆ The point at infinity is always a nonsingular point of such an equation.
ˆ On an affine patch, X is defined by the vanishing of f (x, y) = y 2 − x3 − Ax − B. Thus
∂f
∂x
= −3x2 − A and ∂f∂y
= 2y.
Then X is singular at P ∈ A2k if and only if f (P ) = ∂f
∂x
(P ) = ∂f
∂y
(P ) = 0, but these conditions
are equivalent to (
−x3 − Ax − B = 0,
−3x2 − A = 0.
That is, X is singular at P if and only if the cubic −x3 − Ax − B and its derivative vanish,
but this is governed by the discriminant of the cubic, D(−x3 − Ax − b) = −4A3 − 27B 2 .
Thus f being nonsingular at P is equivalent to ∆ = 16D(−x3 − Ax − B) 6= 0.

416
23.1. Weierstrass Equations Chapter 23. Elliptic Curves

Proposition 23.1.2. A Weierstrass equation defines

(1) A nonsingular curve if ∆ 6= 0;
(2) A nodal curve if ∆ = 0 and c4 6= 0;
(3) A cuspidal curve if ∆ = 0 and c4 = 0.

nodal cuspidal

Definition. The invariant differential of a Weierstrass equation y 2 + a1 xy + a3 y = x3 +

a2 x2 + a4 x + a6 is the meromorphic differential ω = 2y+adx
1 x+a3
.
Proposition 23.1.3. The invariant differential ω of a Weierstrass equation for an elliptic
curve E is regular and nonvanishing. In particular, deg(ω) = 0.
Example 23.1.4. Let X be a curve over k of genus g = 1 and let D ∈ Div(X) be a divisor
of minimal degree. In many cases this minimal degree determines important properties of
the curve:
ˆ If deg(D) = 1, D is linearly equivalent to a point O ∈ X(k) and therefore X is an
elliptic curve defined over k. As we saw in Proposition 23.0.1, |3O| determines an
embedding X ,→ P2 as a Weierstrass equation.
ˆ If deg(D) = 2, `(D) = 2 by Riemann-Roch (Corollary 22.6.3), so we get a map
ϕ = ϕ|D| : X → P1 . By the Riemann-Hurwitz formula (Theorem 22.5.2), ϕ is branched
at exactly 4 points. It is known that such a curve is of the form Y 2 Z = U (X, Z)
for a quartic U . When one of the branch points is rational, dehomogenizing gives a
Weierstrass equation y 2 = u(x) where u is a cubic in x.
ˆ If deg(D) = 3, `(D) = 3 by Corollary 22.6.3, so ϕ = ϕ|D| is an embedding X ,→ P2 .
The image of X is defined by U (X, Y, Z) = 0 for some ternary cubic U . In this case,
U (X, Y, Z) = 0 is a Weierstrass equation if and only if there is only one point at infinity,
which in turn means D = 3P for some point P ∈ X(k).
ˆ When deg(D) = 4, Riemann-Roch gives `(D) = 4 and the canonical map is an em-
bedding ϕ : X ,→ P3 . In this case, the elements of L(2D)/L(D) are quadratic forms
on P3 . The space of all quadratic forms on P3 has dimension 6, while `(2D) = 8 by
Riemann-Roch, so dim L(2D)/L(D) = 4. Thus there are two linearly independent
quadratic forms on P3 that vanish on X, and in fact these forms define ϕ(X) as an
algebraic subset of P3 .

417
23.2. Moduli Spaces Chapter 23. Elliptic Curves

23.2 Moduli Spaces

Recall that if E1 and E2 are isomorphic elliptic curves defined by Weierstrass equations

y 2 = x3 − 27c4 (Ej )x − 54c6 (Ej ), j = 1, 2,

c4 (Ej )3
then the ratio c6 (Ej )2
is the same for j = 1, 2.

Definition. The j-invariant of an elliptic curve defined by the Weierstrass equation y 2 =

x3 − 27c4 x − 54c6 is the number
c34 −1728(4A)3
j(E) = = ,
∆ ∆
where ∆ = 4A3 − 27B 2 .
Proposition 23.2.1. Let E1 and E2 be elliptic curves over k. If E1 is isomorphic to E2
then j(E1 ) = j(E2 ). Conversely, if E1 and E2 are defined over k̄ then j(E1 ) = j(E2 ) implies
E1 and E2 are isomorphic over k̄.
Proof. The first statement follows from the definition of the j-invariant, together with the
c3
fact that the ratio c24 is an isomorphism invariant. On the other hand, let E1 and E2 be
6
defined by short Weierstrass equations

E1 : y 2 = x3 + Ax + B and E2 : y 2 = x3 + A0 x + B 0 .

Then j(E1 ) = j(E2 ) implies

(4A)3 (4A0 )3
= =⇒ A3 (B 0 )2 = (A0 )3 B 2 .
4A3 − 27B 2 4(A0 )3 − 27(B 0 )2
 1/4  1/6
A B
If AB 6= 0, i.e. j(E) 6= 0, 1728, then set u = = ∈ k̄. Then u is the
A0 B0
transformation of P2 realizing the isomorphism E1 → E2 . The cases j(E) = 0 and 1728 are
similar.
The j-invariant gives a map
 
isomorphism classes of j
−−−−→ A1 (k̄).
elliptic curves over k̄
Moduli spaces allow us to understand when this mapping is a bijection.
Proposition 23.2.2. Let j ∈ A1 (k̄) and let Ej be the curve in P2 (k̄) defined by

2 3 36 1
y + xy = x − j−1728 x − j−1728 , j 6= 0, 1728

y 2 + y = x3 , j=0

 2 3
y = x + x, j = 1728.

Then Ej is an elliptic curve with j-invariant equal to j.

418
23.2. Moduli Spaces Chapter 23. Elliptic Curves

Corollary 23.2.3. The j-invariant is a bijection between isomorphism classes of elliptic

curves over k̄ and A1 (k̄).

This bijection does not hold in general with classes of elliptic curves over a non-algebraically
closed field. However, Proposition 23.2.2 shows that j is a surjection in general; that is, it is
possible to construct an elliptic curve of any prescribed j-invariant.

Example 23.2.4. If E is given by the short Weierstrass form y 2 = x3 + Ax + B, then for

any d ∈ k × /(k × )2 , the twist Ed : dy 2 = x3 + Ax + B is not isomorphic to E. Further, when
j 6= 0, 1728 we will see that Aut(E) = Z/2Z. One can then construct these twists of E using
cocycles in the Galois cohomology group H 1 (k, Aut(E)).

Definition. Let C be a collection of objects in a category. If there is a space M such that the
isomorphism classes of objects in C are in bijection with the points of M , then M is called a
moduli space for C.

Example 23.2.5. The projective space Pnk is a moduli space for the collection of lines
through the origin in k n+1 . Likewise, the Grassmannian Gr(k, n) is a moduli space for the
k-dimensional subspaces of a vector space V .

Corollary 23.2.3 says that M1 (k̄) = A1 (k̄) is a moduli space for the collection of elliptic
curves E defined over the algebraic closure k̄. There are more complicated moduli spaces
Mg (k̄) that parametrize the curves of genus g up to isomorphism, for g ≥ 2.

419
23.3. The Group Law Chapter 23. Elliptic Curves

23.3 The Group Law

By studying the arc length of an ellipse and related shapes, giving rise to elliptic functions,
mathematicians such as Abel, Jacobi and Weierstrass discovered that the points on an elliptic
curve can be “added” in a certain way so as to define a group structure. Geometrically, this
group structure may be realized as the so-called “chord-and-tangent method”.
Let E be an elliptic curve over k, let O ∈ E(k) be the point at infinity and fix two points
P, Q ∈ E(k). In the plane P2 , there is a unique line containing P and Q; call it L. (If P = Q,
then take L = TP E.) Then by Bézout’s theorem (22.8.6), E ∩ L = {P, Q, R} for some third
point R ∈ E(k), which may not be distinct from P and Q if multiplicity is counted. Let L0
be the line through R and O and call its third point R0 .

Q
P

P +Q

Definition. Addition of two points P, Q ∈ E(k) is defined by P + Q = R0 , where R0 is the

unique point lying on the line through R and O. If R = O, we set R0 = O.

Proposition 23.3.1. Let E be an elliptic curve with O ∈ E(k). Then

(a) If L is a line in P2 such that E ∩ L = {P, Q, R}, then (P + Q) + R = O.

(b) For all P ∈ E(k), P + O = P .

(c) For all P, Q ∈ E(k), P + Q = Q + P .

(d) For all P ∈ E(k), there exists a point −P ∈ E(k) satisfying P + (−P ) = O.

(e) For all P, Q, R ∈ E(k), (P + Q) + R = P + (Q + R).

Together, (b) – (e) say that chord-and-tangent addition of points defines an associative,
commutative group law on E(k). The proofs of (a) – (d) are rather routine using the
definition of this addition law, whereas verifying associativity is notoriously difficult. We
will obtain all of these facts as a consequence of the relation between E(k) and Pic0 (X) in
Section 23.4.

420
23.3. The Group Law Chapter 23. Elliptic Curves

Proposition 23.3.2. Suppose E is an elliptic curve given by Weierstrass equation

y 2 + a1 xy + a3 y = x3 + a2 x2 + a4 x + a6 .

Let P = (x, y) and Pi = (xi , yi ), i = 1, 2, 3, be points in E(k) such that P1 + P2 = P3 . Then

(a) −P = (x, −(y + a1 x + a3 ).

(b) If x1 = x2 and y1 + y2 + a1 x + a3 = 0, then P1 + P2 = O.

(c) If x1 = x2 and y1 + y2 + a1 x + a3 6= 0, then

2
3x21 + 2a2 x1 + a4 − a1 y1 3x2 + 2a2 x1 + a4 − a1 y1

x3 = + a1 1 − a2 − 2x1
2y1 + a1 x1 + a3 2y1 + a1 x1 + a3
 2
−x31 + a4 x1 + 2a6 − a3 y1

3x1 + 2a2 x1 + a4 − a1 y1
and y3 = − + a1 x 3 − − a3 .
2y1 + a1 x1 + a3 2y1 + a1 x1 + a3

(d) Otherwise, if x1 6= x2 , then

 2
y2 − y1 y2 − y1
x3 = + a1 − a2 − x 1 − x 2
x2 − x1 x2 − x1
 
y2 − y1 y 1 x2 − y 2 x 1
and y3 = − + a1 x 3 − − a3 .
x2 − x1 x2 − x1

421
23.4. The Jacobian Chapter 23. Elliptic Curves

23.4 The Jacobian

For a smooth algebraic curve X over k of genus g, the quotient Pic0 (X) = Div0 (X)/ PDiv(X)
has the structure of a group. Remarkably, we can also give this object the structure of an
algebraic variety in a way that is compatible with the group structure, such that its dimension
as a variety is g.

Definition. An algebraic group over a field k is a variety G over k together with mor-
phisms µ : G × G → G and i : G → G such that µ(a, b) = ab and i(a) = a−1 define a group
structure on G, with identity element e ∈ G(k).

Remark. For any extension K ⊃ k, the variety G(K) is also an algebraic group. The termi-
nology from Chapter 21 carries over to algebraic groups with appropriate modifications, e.g.
an algebraic group is defined over k if it is defined over k as a variety and the multiplication
and inversion morphisms are defined over k.

Example 23.4.1. For any field k, the additive group Ga = A1k is an algebraic group under
addition µ(a, b) = a + b. The multiplicative group Gm = A1k r {0} is also an algebraic group
under multiplication µ(a, b) = ab.

We will prove that the k-rational points on an elliptic curve form an algebraic group.
One can show that these are essentially all of the dimension 1 algebraic groups:

Theorem 23.4.2. Any connected algebraic group of dimension 1 is isomorphic over k̄ to

Ga , Gm or an elliptic curve E.

Definition. An abelian variety is an irreducible, projective algebraic group.

Example 23.4.3. For any n ≥ 1, GLn (k) is an algebraic group defined as a variety by
the nonvanishing of the polynomial det(xij ). Thus GLn (k) is an affine – not a projective –
variety.

Theorem 23.4.4. Every abelian variety is a commutative group.

An important construction in algebraic geometry is that of the Jacobian of a variety X,

which is an abelian variety into which X embeds. A special case of this for curves is given
by the following theorem, which we prove later in the section.

Theorem 23.4.5. Let X be a nonsingular algebraic curve of genus g which is geometrically

connected. Then there exists an abelian variety J(X) defined over k of dimension g with
compatible group isomorphisms JK (X) ∼ = Pic0 (X/K) for any field extension K ⊃ k for
which X(K) 6= ∅. In particular, J(X) ∼= Pic0 (X).
Definition. The abelian variety J(X) is called the Jacobian of X.

When E is an elliptic curve, we will prove that J(E) ∼= E as curves. To do this, we first
0
construct a bijection Pic (E) ↔ E(k) to get a group structure on E(k). We then show that
this determines the structure of an abelian variety on E.

422
23.4. The Jacobian Chapter 23. Elliptic Curves

Lemma 23.4.6. Suppose X is a curve of genus g = 1. Then for any P, Q ∈ X(k), [P ] ∼ [Q]
if and only if P = Q.

Proof. ( ⇒= ) is trivial. For ( =⇒ ), write P = Q + (f ) for some f ∈ k(X)× . Then

f ∈ L(Q) but since `(Q) = 1 by Riemann-Roch and L(Q) contains the constants, f itself
must be constant. Therefore 0 = (f ) = P − Q so P = Q.

Lemma 23.4.7. Let E be an elliptic curve with fixed point O ∈ E(k). For all D ∈ Div0 (E),
there exists a unique point P ∈ E such that D ∼ P − O. Moreover, the map

ξO := Div0 (E) −→ E(k)

D 7−→ P

is surjective, and if D1 , D2 ∈ Div0 (E), then ξO (D1 ) = ξO (D2 ) if and only if D1 ∼ D2 .

Proof. For D ∈ Div0 (E), we have `(D + O) = 1 by Riemann-Roch, so take f ∈ L(D + O)

with f 6= 0 and (f ) + D + O ≥ 0. Since deg(f ) = 0, (f ) = (−D − O) + P for some point
P ∈ E(k). Thus D ∼ P − O. To see that P is unique, suppose D ∼ P 0 − O for another point
P ∈ E(k). Then P ∼ D − O ∼ P 0 , or P ∼ P 0 by transitivity, so P = P 0 by Lemma 23.4.6.
This defines the map ξO : D 7→ P on the divisors of degree 0. It is clear that ξO is
surjective: if P ∈ E(k), D = P − O is a degree 0 divisor and ξO (P − O) = P . Finally, set
ξO (D1 ) = P1 and ξO (D2 ) = P2 . Then if D1 ∼ P1 −O and D2 ∼ P2 −O then D1 −D2 ∼ P1 −P2 .
So

ξO (D1 ) = ξO (D2 ) ⇐⇒ P1 = P2
⇐⇒ P1 − P2 ∼ O by Lemma 23.4.6
⇐⇒ D1 − D2 ∼ O
⇐⇒ D1 ∼ D2 .

Theorem 23.4.8. There is a bijection Pic0 (E) ∼

= E(k) given by

Pic0 (E) ←→ E(k)

D 7−→ P where D ∼ P − O
[P − O] →−7 P.

Definition. The inverse of ξO is the map κ : E(k) → Pic0 (E), P 7→ [P − O], called the
Abel-Jacobi map.

For points P, Q ∈ E(k), the Abel-Jacobi map defines an abelian group law by P + Q :=
ξO (κ(P ) + κ(Q)), with κ(P ) + κ(Q) taking place in Pic0 (E). We now show that this group
law matches the chord-and-tangent operation from Section 23.3.

Lemma 23.4.9. The chord-and-tangent and Abel-Jacobi operations on E(k) are the same.

423
23.4. The Jacobian Chapter 23. Elliptic Curves

Proof. Fix the points P, Q, R, R0 ∈ E(k) and lines L, L0 be as in Section 23.3. Then L is
a line given by some linear form f (X1 , X2 , X3 ) = αX1 + βX2 + γX3 . Note that Xf3 defines
 
a rational function on E, and divE (f ) = Xf3 = P + Q + R − 3O – we can deduce that
 
ordO (f ) = 3 since the divisor Xf3 must have degree 0. On the other hand, L0 is given by
 0
some other linear form f 0 (X1 , X2 , X3 ), for which we have divE (f 0 ) = Xf 3 = R+O+R0 −3O.
Subtracting these equations gives:
 
R0 − P − Q + O = divE (f ) − divE (f 0 ) = ff0 ∼ 0.
Adding and subtracting O, we get
(R − O0 ) − ((P − O) + (Q − O)) ∼ O =⇒ κ(R0 ) − (κ(P ) + κ(Q)) = 0 in Pic0 (E)
=⇒ κ(R0 ) = κ(P ) + κ(Q).
Finally, since ξO is a bijection, ξO (κ(P ) + κ(Q)) = R0 = P + Q as required.
Corollary 23.4.10. The chord-and-tangent law is an associative group law on E(k).
Theorem 23.4.11. The operation µ : (P, Q) 7→ P + Q is a morphism on E(k).
Proof. Suppose E is given by a short Weierstrass form y 2 = x3 + Ax + B and fix points
P = (x1 , y1 ), Q = (x2 , y2 ) ∈ E(k). Then −P = (x1 , −y1 ). The line L through P and Q is
explicitly given by the linear form
y2 − y1
f : y − y1 = λ(x − x1 ) where λ = .
x2 − x1
Substituting this into the the Weierstrass equation, we get
(y1 + λ(x − x1 ))2 = x3 + Ax + B
=⇒ 0 = x3 − λ2 x2 + (2λy1 − A)x + (y12 − 2λy1 x1 − 2λx1 + λ2 x21 − B).
This cubic equation has three solutions, two of which are known already: x1 and x2 . Further,
if P + Q + R = 0 for R = (x3 , y3 ), then the trace of the cubic polynomial is given by
λ2 = x1 + x2 + x3 when P and Q are distinct. Therefore we get the following formula for R:
R = (x3 , y3 ) = (λ2 − x1 − x2 , λ(x3 − x1 ) + y1 ).
(Compare this to the formulas in Proposition 23.3.2.) Similarly, for P = Q we get
2 !
3x1 + A2
 2
−x31 + Ax1 + 2B
 
3x1 + A
R = (x3 , y3 ) = − 2x1 , − x3 − .
2y1 2y1 2y1
In both cases, the map (P, Q) 7→ −R = P + Q is given by rational functions on the affine
patch of E(k) away from the point at ∞, and the argument at ∞ is similar.
Corollary 23.4.12. E(k) is an abelian variety, and therefore so is the Jacobian J(E)
Remark. In cryptography, it is vital to be able to compute nP quickly, say over a finite
field Fq . To do this efficiently, one writes n as a binary sequence and employs a fast adding-
and-doubling formula for the coordinates of a point. For example, 10P = 2(2(2P ) + P ) can
be computed in a small number of steps. An alternative is to use different coordinates for
an elliptic curve, such as the Jacobian-Edwards coordinates.

424
Chapter 24

Rational Points on Elliptic Curves

Let E be an elliptic curve defined over a field k with point O ∈ E(k). We saw in Chapter 23
that the rational points E(k) form an abelian group, and in fact an abelian variety over k.
In this chapter we will describe the structure of this group.

Definition. The n-torsion points of E(k) form a subset

En (k) = {P ∈ E(k) | nP = O}

of E(k). The torsion subgroup of E(k) is the union of all of these subgroups:
∞
[
Etors (k) = En (k).
n=0

Lemma 24.0.1. For each n ≥ 0, En (k) is a subgroup of E(k).

Proof. A consequence of Theorem 23.4.11 is that for any n, the map [n] : E → E, P 7→ nP
is regular. Clearly the kernel of this map is En (k).
We will prove:

Theorem 24.0.2. Let [n] : E → E be the multiplication by n map, P 7→ nP , suppose

char k = 0. Then

(1) [n] is unramified at O.

(2) deg[n] = n2 and for every d | n, the set of d-torsion points of En (k) has size
#En (k)[d] = d2 .

(3) En (k) ∼
= Z/nZ × Z/nZ.
Ultimately, our goal is to characterize Q-rational points of an elliptic curve. The classic
result in this direction is the Mordell-Weil theorem:

Theorem 24.0.3 (Mordell-Weil). For any elliptic curve E, E(Q) is finitely generated.

425
 Chapter 24. Rational Points on Elliptic Curves

As a consequence, we can write E(Q) = Etors (Q) ⊕ Zr where r is called the rank of
E. Then Theorem 24.0.2 and its analogues in characteristic p give a characterization of
the torsion part of E(k). It turns out that Etors (Q) can be effectively computed from the
Weierstrass equation for E. There are countless other interesting results about this group of
rational points, such as Mazur’s suprising theorem:

Theorem 24.0.4 (Mazur). For any elliptic curve E, #Etors (Q) ≤ 16.

Thus the mystery lies in the rank of E. There is a method for finding the generators of
the free part of E(k), known as descent. To understand this here and in Chapter 25, we will
study isogenies, height functions and the Selmer and Tate-Shafarevich groups.

426
24.1. Isogenies Chapter 24. Rational Points on Elliptic Curves

24.1 Isogenies
The class of elliptic curves E over k with specified point O ∈ E(k) form a category, and the
morphisms in this category are called isogenies.
Definition. An isogeny between two elliptic curves (E1 , O1 ) and (E2 , O2 ) is a nonconstant
morphism ϕ : E1 → E2 such that ϕ(O1 ) = O2 .
Example 24.1.1. For the purpose of studying the group E(k), an important isogeny is the
multiplication map [n] : E → E, P 7→ nP . This is regular by Theorem 23.4.11.
Proposition 24.1.2. An isogeny is a morphism of algebraic groups.
Proof. The pushforward map ϕ∗ : Div(E1 ) → Div(E2 ) descends to the Picard group, induc-
ing a commutative diagram
ϕ∗
Pic0 (E1 ) Pic0 (E2 )

κ κ

E1 E2
ϕ

Here, the vertical arrows are the Abel-Jacobi maps, which are isomorphisms by Theo-
rem 23.4.8. Assuming ϕ(O1 ) = O2 , the diagram shows ϕ(P + Q) = ϕ(P ) + ϕ(Q) so the
group structure is preserved.
Remark. Let P ∈ E be a point on an elliptic curve and define a morphism τP : E → E
by Q 7→ Q + P . Then for any regular map α : E1 → E2 , the composition τ−α(O1 ) ◦ α is an
isogeny. That is, every regular map is an isogeny up to translation.
Definition. For two elliptic curves E1 , E2 over k, define the k-morphisms

Homk (E1 , E2 ) = {isogenies E1 → E2 defined over k} ∪ {[0]}.

For any elliptic curve E over k, we also define the endomorphisms and automorphisms
of E by:
Endk (E) = Homk (E, E) and Aut(E) = Endk (E)× .
Lemma 24.1.3. Homk (E1 , E2 ) is an abelian group under pointwise addition: (ϕ + ψ)(P ) =
ϕ(P ) + ψ(P ). Further, Endk (E) is a ring under function composition.
Proof. Obvious.
Proposition 24.1.4. (a) For any elliptic curve E, the multiplication map [m] : E → E
is an isogeny for all nonzero m ∈ Z.

(b) Homk (E1 , E2 ) is torsion-free.

(c) Endk (E) is an integral domain of characteristic 0.

427
24.1. Isogenies Chapter 24. Rational Points on Elliptic Curves

Proof. Silverman III.4.2.

Remark. For any elliptic curve E, Proposition 24.1.4(c) implies that there is an embedding
Z ,→ Endk (E) given by m 7→ [m]. When char k = 0, Endk (E) = Z for almost all elliptic
curves, but in some exceptional cases Endk (E) is an order in an imaginary quadratic number
field. Such an elliptic curve is said to have complex multiplication (see Chapter 27).
Example 24.1.5. Consider the elliptic curve E : y 2 = x3 − x. Then Z[i] ,→ Endk (E) by
mapping i 7→ [i], where [i] is the isogeny (x, y) 7→ (−x, iy).
We have seen that [m] : P 7→ mP are an important family of isogenies on an elliptic
curve. We can come up with many more isogenies by recalling that morphisms of curves
correspond bijectively to embeddings of function fields (Proposition 22.2.2). For an elliptic
curve E, the field k(E) is sometimes referred to as the “field of elliptic functions” defined
by E. This terminology has roots in the study of elliptic functions over Riemann surfaces,
which was the original motivation for understanding elliptic curves.
Example 24.1.6. If k = C, elliptic curves are canonically identified with complex tori
E∼= C/Λ. Therefore if E1 = C/Λ1 and E2 = C/Λ2 are complex tori, then HomC (E1 , E2 ) =
{α ∈ C : αΛ1 ⊆ Λ2 }. The field of elliptic functions C(E) is generated as a function field over
C by special functions ℘(z) and ℘0 (z), where ℘(z) is called the Weierstrass ℘-function.
Theorem 24.1.7. Let ϕ : E1 → E2 be an isogeny over the algebraic closure k̄. Then
(1) #ϕ−1 (Q) = degs ϕ for all Q ∈ E2 . Therefore eϕ (Q) = degi ϕ.

(2) The map

ker ϕ −→ Aut(k(E1 )/ϕ∗ k(E2 ))

P 7−→ τP∗

is an isomorphism.
Proof. (1) degs ϕ = #ϕ−1 (Q) for all but finitely many Q ∈ E2 . Fix such a Q and let Q0 ∈ E2
and R ∈ E1 such that ϕ(R) = Q0 − Q. Then τR : ϕ−1 (Q) → ϕ−1 (Q0 ) is a bijection, so all
points in E2 have the same number of preimages.
It is clear that τP∗ induces an automorphism of k(E1 ) so we need only check it fixes ϕ∗ k(E2 ).
For P ∈ ker ϕ, ϕ ◦ τP = ϕ since ϕ(P ) = O. Thus for f ∈ k(E2 ),

τP∗ (ϕ∗ f ) = (τP ◦ ϕ)∗ f = ϕ∗ f

so ϕ∗ k(E2 ) is fixed. Also, it is clear that P 7→ τP∗ is a group homomorphism by definition of

the τP . From (1), we know that # ker ϕ = degs ϕ, but

# Aut(k(E1 )/ϕ∗ k(E2 )) ≤ degs ϕ.

Thus it’s enough to show the map is injective. If τP∗ is the identity field automorphism, then
τP∗ fixes k(E1 ), so f ◦ τP = f for all f ∈ k(E1 ). In particular, f (P ) = f (O1 ) for all f ∈ k(E1 ),
but by Corollary 21.3.5, this implies P = O1 .

428
24.1. Isogenies Chapter 24. Rational Points on Elliptic Curves

If k is not algebraically closed, then each P ∈ ker ϕ may not be defined over k. However,
if this condition is satisfied, we would still have ker ϕ ∼
= Aut(k(E1 )/ϕ∗ k(E2 )).
Remark. In the language of Grothendieck’s algebraic geometry, (1) says that “separable
isogenies are étale covers”, while (2) says that “separable isogenies are Galois covers”. Thus
we see the connections between Galois theory, covering space theory and isogenies between
elliptic curves begin to emerge.

Corollary 24.1.8. Suppose ϕ : E1 → E2 and ψ : E1 → E3 are isogenies, where ϕ is

separable and ker ϕ ⊆ ker ψ. Then there is a unique isogeny λ making the following diagram
commute:
ϕ
E1 E2

ψ
λ
E3

Proof. Set G = Gal(k(E1 )/ϕ∗ k(E2 )); we may use this notation since by hypothesis the field
extension is Galois. Then G ∼ = ker ϕ ⊆ ψ ∼ = Aut(k(E1 )/ψ ∗ k(E3 )), so in particular G fixes
ψ k(E3 ). Since k(E1 )/ϕ k(E2 ) is Galois, we have inclusions of fields ψ ∗ k(E3 ) ⊆ ϕ∗ k(E2 ) ⊆
∗ ∗

k(E1 ), so by Proposition 22.2.2, we get a regular map λ : E2 → E3 . (Finish: show λ is an

isogeny and is unique.)

Proposition 24.1.9. Let Φ ⊂ E be a finite, Gk -invariant subgroup of E. Then there exists

a unique choice of elliptic curve E 0 and isogeny ϕ : E → E 0 such that ker ϕ = Φ.

Proof. (Sketch) There is an embedding Φ ,→ Aut(k(E)/k) given by P 7→ τP∗ . This induces

an action of Φ on k(E), so consider the subfield k(E)Φ ⊆ k(E). By Proposition 22.2.2, there
is a curve E 0 /k with k(E 0 ) = k(E)Φ and an isogeny ϕ : E → E 0 corresponding to the field
embedding k(E 0 ) ,→ k(E). Using the Riemann-Hurwitz formula (Theorem 22.5.2), one now
shows that ϕ is unramified and E 0 is an elliptic curve.
In particular, quotients of elliptic curves by kernels of isogenies again give elliptic curves.

Remark. Suppose E1 and E2 are elliptic curves in short Weierstrass form. Then for any
isogeny ϕ : E1 → E2 over k, we can write
 
u(x) s(x)
ϕ(x, y) = , y for u, v, s, t ∈ k[x].
v(x) t(x)

In this case deg ϕ = max{deg u, deg v}, and ϕ is inseparable if and only if u = f (xp ) and
v = g(xp ) for f, g ∈ k[x], where p = char k.

Differentials (Section 22.4) are useful for characterizing separability of isogenies.

Theorem 24.1.10. An isogeny ϕ : E1 → E2 is separable if and only if the induced map

ϕ∗ : ΩE2 → ΩE1 is nonzero.

429
24.1. Isogenies Chapter 24. Rational Points on Elliptic Curves

Recall that the invariant differential of an elliptic curve in Weierstrass form is the mero-
morphic differential ω = 2y+adx1 x+a3
∈ ΩE . By Lemma 22.4.1, dimk(E) ΩE = 1 so ω is a
generator. The following proposition explains the name of the invariant differential.

Proposition 24.1.11. For every point P ∈ E, τP∗ ω = ω.

Theorem 24.1.12. If ϕ, ψ : E1 → E2 are isogenies and ω ∈ ΩE2 is the invariant differential

on E2 , then (ϕ + ψ)∗ ω = ϕ∗ ω + ψ ∗ ω.

Corollary 24.1.13. Let E be an elliptic curve, ω ∈ ΩE the invariant differential on E, and

for m ∈ Z, let [m] : E → E be the multiplication by m map. Then [m]∗ ω = mω. Therefore
[m] is separable if and only if char k - m.

Proof. The first property is clear for m = 0, 1. Now induct on m, using Theorem 24.1.12 on
[m + 1]∗ ω = [m]∗ ω + ω.

Corollary 24.1.14. If k = Fq is a finite field, E is an elliptic curve over k and πq : E → E

is the qth power Frobenius map, then the map [n] + [m]πq : E → E is separable if and only
if q - n.

Example 24.1.15. An important application is that the map [1] − π is always separable.
Notice that [1] − π : E(Fq ) → E(F q ) has kernel E(Fq ).

430
24.2. The Dual Isogeny Chapter 24. Rational Points on Elliptic Curves

24.2 The Dual Isogeny

In this section we introduce the notion of a dual isogeny, which is vital for calculating degrees
of isogenies.

Theorem 24.2.1 (Dual Isogeny). Let ϕ : E1 → E2 be an isogeny. Then there exists a

b : E2 → E1 satisfying ϕ
unique isogeny ϕ b ◦ ϕ = [deg ϕ] ∈ Endk (E1 ).

Proof. For the construction, recall the Abel-Jacobi map and its inverse from Theorem 23.4.8:

κ : E2 −→ Div0 (E2 ) and ξO1 : Div0 (E1 ) −→ E1

X X
P 7−→ P − O2 nQ Q 7−→ [nQ ]Q.

Then the dual isogeny may be defined as the following composition:

κ ϕ∗ ξO
− Div0 (E2 ) −→ Div0 (E1 ) −−→
b : E2 →
ϕ 1
E1 .

(See Silverman for the rest of the details.)

Proposition 24.2.2. The dual isogeny satisfies the following properties:

(1) If ϕ : E1 → E2 is separable, then the dual isogeny ϕ

b is also separable.
ψ ϕ
◦ ψ = ψb ◦ ϕ
(2) ϕ[ b for any isogenies E1 −
→ E2 −
→ E3 .
\
(3) ϕ b + ψb for any ϕ, ψ : E1 → E2 .
+ψ =ϕ
c = [m]. In particular, deg[m] = m2 when
(4) For m ∈ Z and the isogeny [m] : E → E, [m]
char k - m.

(5) deg ϕ
b = deg ϕ.

(6) ϕ
b = ϕ.
b

Proposition 24.2.3. For any pair of elliptic curves E1 , E2 , degree map deg : Hom(E1 , E2 ) →
Z is a positive definite quadratic form, meaning for all ϕ, ψ ∈ Hom(E1 , E2 ),

(1) deg(−ϕ) = deg(ϕ);

(2) deg ϕ ≥ 0 and deg ϕ = 0 if and only if ϕ = 0.

(3) The pairing hϕ, ψi = deg(ϕ + ψ) − deg ϕ − deg ψ is bilinear.

Definition. The trace of an endomorphism ψ ∈ Endk (E) is the endomorphism tr ψ = ψ+ψ.

b

Lemma 24.2.4. For any endomorphism ψ ∈ Endk (E), the trace is equal to

tr ψ = 1 + [deg ψ] − [deg(1 − ψ)].

431
24.2. The Dual Isogeny Chapter 24. Rational Points on Elliptic Curves

Proof. Using Proposition 24.2.3, we have

[deg(1 − ψ)] = (1\

− ψ) ◦ (1 − ψ) = (1 − ψ)b ◦ (1 − ψ)
= 1 − ψ − ψb + ψb ◦ ψ = 1 − tr ψ + [deg ψ].

Rearranging gives the desired expression for tr ψ.

Definition. The characteristic polynomial of an endomorphism ψ ∈ Endk (E) is cψ (x) =
x2 − (tr ψ)x + deg ψ.
Remark. As with linear endomorphisms and the Cayley-Hamilton theorem in linear algebra,
an endomorphism ψ : E → E satisfies its own characteristic polynomial:

cψ (ψ) = ψ ◦ ψ − (tr ψ) ◦ ψ + [deg ψ]

= ψ ◦ ψ − (ψ + ψ)
b ◦ ψ + [deg ψ]
= ψ ◦ ψ − ψ ◦ ψ − ψb ◦ ψ + [deg ψ] = 0.

Theorem 24.2.5 (Cauchy-Hasse).

√ For all endomorphisms ψ ∈ Endk (E) and r ∈ Q, cψ (r) ≥
0. Therefore | tr ψ| ≤ 2 deg ψ.
m
Proof. Let r = n
∈ Q with m, n ∈ Z and n 6= 0. Then

n2 cψ (r) = m2 + mn(tr ψ) + n2 (deg ψ)

= (m + nψ) ◦ (m + nψ)
b

= (m + nψ) ◦ (m\
+ nψ)
= deg(m + nψ) ≥ 0.

Since n2 ≥ 0, we get cψ (r) ≥ 0. In particular, the discriminant of cψ (x) is nonpositive, but

disc(cψ ) = (tr ψ)2 − 4 deg ψ ≥ 0 so this implies the second statement.
Corollary 24.2.6 (Hasse Bound). Let E be an elliptic curve over a finite field Fq and
πq : E → E the qth power Frobenius map. Then #E(Fq ) = q + 1 − tr πq . Moreover,
√
| tr πq | ≤ 2 q.
Proof. The map πq : E → E is given by (x, y) 7→ (xq , y q ) on the affine piece of E. Then
(x, y) ∈ E(Fq ) if and only if πq (x, y) = (x, y). Thus

#E(Fq ) = #{fixed points of πq } = # ker(1 − πq )

= degs (1 − πq ) by Example 24.1.15
= deg(1 − πq ) since 1 − πq is separable by Corollary 24.1.14
= (1\ − πq ) ◦ (1 − πq )
= (1 − πbq ) ◦ (1 − πq )
= 1 − (πq + π bq ◦ πq
bq ) + π
= 1 − tr πq + deg πq = q + 1 − tr πq .
√
The inequality | tr πq | ≤ 2 q now follows from the Cauchy-Hasse theorem.

432
24.2. The Dual Isogeny Chapter 24. Rational Points on Elliptic Curves

Proposition 24.2.7. Let E be an elliptic curve over k and m ∈ Z. Then

(1) If char k - m then Em (k) = Z/mZ × Z/mZ.

(2) If char k = p > 0, then for any e ≥ 1, either Epe (k) = 0 or Epe (k) = Z/pe Z.

Proof. (1) follows from (4) of Proposition 24.2.3.

(2) For any e ≥ 1, let π : E → E be the pth power Frobenius map, which is inseparable
by Corollary 24.1.14. Then

#Epe (k) = degs [pe ] by (1) of Theorem 24.1.7

π ◦ π)e )
= degs ((b
πe ◦ πe)
= degs (b
π e ) degs (π e )
= degs (b
πe)
= degs (b

π e ) = 1 when π
since π is inseparable. Now degs (b b is inseparable and pe when π
b is separable,
so the two cases follow.

Definition. An elliptic curve E over a field k of characteristic p > 0 is called supersingular

if Epe (k) = 0 for any e ≥ 1. Otherwise if Epe (k) = Z/pe Z for all e ≥ 1, E is said to be
ordinary.

By the proof of Proposition 24.2.7, E is supersingular exactly when π

b is inseparable,
where π : E → E is the Frobenius map.

433
24.3. The Weil Conjectures Chapter 24. Rational Points on Elliptic Curves

24.3 The Weil Conjectures

Suppose X is a smooth projective variety over a finite field Fq .

Definition. The zeta function of X over Fq is the formal power series

∞
!
X tr
Z(X/Fq , t) = exp Nr
r=1
r

where Nr = #X(Fqr ) for each r ≥ 1.

The zeta functions of curves have many parallels to Dedekind zeta functions of number
fields in algebraic number theory (see Section 17.5).

Example 24.3.1. For X = P1 , the projective line, we have Nr = q r + 1 for every r. In

particular, one can show that
1
Z(P1 /Fq , t) = .
(1 − t)(1 − qt)

In particular, Z(P1 , t) is a rational function!

The following statements were conjectured by Weil and proven in the 20th century by
Weil (for curves), Artin, Grothendieck and Deligne.

Theorem 24.3.2 (Weil Conjectures). Let X be a smooth projective variety over Fq of di-
mension n. Then

(a) (Rationality) The zeta function Z(X/Fq ; t) is rational.

(b) (Functional Equation) There is an integer e = e(X), called the Euler characteristic of
X, for which the zeta function satisfies

Z(X/Fq , 1/q n t) = ±q ne/2 te Z(X/Fq , t).

(c) (Riemann Hypothesis) The zeta function may be written

p1 (t)p3 (t) · · · p2n−1 (t)

Z(X/Fq , t) =
p0 (t)p2 (t) · · · p2n (t)
Qbi
with p0 (t) = 1 − t, p2n (t) = 1 − q n t and for each 0 ≤ i ≤ 2n, pi (t) = j=1 (1 − αij t)
for αij ∈ C satisfying |αij | = q 1/2 .

Recall that Nr is the number of fixed points of π r , where π = πq : X → X is the qth

power Frobenius map. In topology, one studies fixed points using Lefschetz’s fixed point
theorem, which requires knowing the trace of maps on cohomology groups. In algebraic
geometry, topological (singular) cohomology theory does not suffice to give such a description.

434
24.3. The Weil Conjectures Chapter 24. Rational Points on Elliptic Curves

However, Artin, Grothendieck and others were able to devise a cohomology theory called
étale cohomology for which the following fixed point property holds:
∞
X
r
#{fixed points of π } = (−1)i tr((π r )∗ : H i (X, Q` ) → H i (X, Q` )),
i=0

where H i (X, Q` ) is the `th étale cohomology group of X. As a sidenote, the étale cohomology
groups satisfy H i (X, Q` ) ⊗ C ∼ = H i (X(C); C), where the latter is the topological (singular)
cohomology of X with coefficients in C.

Remark. Setting t = q −s , the zeta function of a variety X/Fq can be written

ζX/FQ (s) := Z(X/Fq , q −s ).

Then the functional equation has a nice form: ζX/Fq (1 − s) = ζX/Fq (s), as with Dedekind
zeta functions (see Sections 12.1, 12.4 and 17.5). Also, the Riemann hypothesis says that
√
ζX/Fq (s) = 0 for s ∈ C satisfying |q s | = q, i.e. Re(s) = 12 .

Example 24.3.3. For an elliptic curve E/Fq , one can prove that

(1 − αt)(1 − βt) 1 − tr π + qt2

Z(E/Fq , t) = = .
(1 − t)(1 − qt) (1 − t)(1 − qt)

Then by the Hasse bound (Corollary 24.2.6), (tr π)2 − 4q ≥ 0, so the roots t = α1 and β1 are
complex conjugates. Thus |α| = |β|, but since αβ = q, we get |α| = q 1/2 . Thus the Riemann
hypothesis holds for elliptic curves.

435
24.4. Elliptic Curves over Local Fields Chapter 24. Rational Points on Elliptic Curves

24.4 Elliptic Curves over Local Fields

Let K be a local field (e.g. K = Qp ) with valuation ring R, valuation ideal m ⊂ R, residue
field k = R/m and valuation v. Our goal is to understand when an elliptic curve has points
over K. To do this, we introduce the notion of minimal models, imitating the use of integral
models for conics over Q in Section 22.9.
Definition. For an elliptic curve E over K, a model for E over R is a polynomial f =
y 2 − x3 − Ax − B, where A, B ∈ R, such that E(K) = Z(f ).
Given a Weierstrass equation for E over K, we may always change coordinates by A =
u A0 and B = u6 B 0 so that the Weierstrass equation becomes a model for E over R. Such a
4

change in coordinates changes the discriminant of the Weierstrass equation by ∆ = u12 ∆0 .

Definition. A minimal model for E over R is a model such that v(∆) is minimal among
the discriminants of all models for E over R.
Example 24.4.1. When char k 6= 2, 3, a model is minimal if and only if v(∆) < 12, or
equivalently, v(c4 ) < 4 where c4 is the coefficient in the long Weierstrass equation. There
is a more sophisticated algorithm to determine minimal models, due to Tate, in the case
char k = 2, 3.
Suppose f = y 2 − x3 − Ax − B is a minimal model for E over R. Denote the reduction
of E over k = R/m by
Ee = Z(y 2 − x3 − Ax − B) ⊆ A2 .
k

Then Ee is a curve over k.

Lemma 24.4.2. A minimal (long) Weierstrass equation is unique up to a change of coor-

dinates of the form
x = u 2 x0 + r y = u3 y 0 + u2 sx0 + t
for u ∈ R× and r, s, t ∈ R.
Corollary 24.4.3. The reduction E
e is unique up to a change of Weierstrass equation over
k.
In particular, the isomorphism class of E e over k is well-defined. By clearing denominators,
P2K (R) = PK (K), so one can write the reduction of a point P = [α0 , α1 , α2 ] ∈ P2K (K) as
2

Pe = [ᾱ0 , ᾱ1 , ᾱ2 ] ∈ P2k , where ᾱi = αi + m ∈ k = R/m.

Definition. Let E be an elliptic curve over a local field K, with reduction E
e over k, and
define the following sets:
Ee ns = {P ∈ E
e : P is nonsingular}
E (0) (K) = {P ∈ E(K) : Pe ∈ E e ns (k)}
E (1) (K) = {P ∈ E(K) : Pe = O}.
e

Then Ee ns is called the nonsingular locus of the reduction; E (0) (K) the points of non-
singular reduction; and E (1) (K) the kernel of reduction.

436
24.4. Elliptic Curves over Local Fields Chapter 24. Rational Points on Elliptic Curves

Notice that E (1) (K) ⊆ E (0) (K).

Proposition 24.4.4. Let E be an elliptic curve over a local field K with reduction E.
e Then

(a) E
e is a curve over k with at most one singular point.

e ns is a connected algebraic group.

(b) E

(c) If ∆ 6 0, then E
e = e is nonsingular, and hence an elliptic curve over k.

(d) If ∆
e = 0 and A e 6= 0, then E
e has a nodal singular point. Moreover, if y = a1 x + β1
and y = a2 x + β2 are the equations of the two tangent lines at the nodal point of E,
e
then there is an isomorphism of algebraic groups
e ns −→ Gm = A1k r {0}
E
y − α1 x − β1
(x, y) 7−→ .
y − a2 x − β 2

(e) If ∆
e = 0 and A e = 0, then Ee has a cuspidal singular point. Moreover, if y = αx + β is
the tangent line at this cusp (x0 , y0 ), then there is an isomorphism of algebraic groups

e ns −→ Ga = A1
E k
x − x0
(x, y) 7−→ .
y − αx − β

Definition. The reduction scenarios in (c) – (e) are given names:

ˆ If ∆
e 6= 0, E is said to have good reduction. Otherwise, E has bad reduction.

ˆ If ∆ e 6= 0, then E is said to have multiplicative reduction.

e = 0 and A

ˆ If ∆
e = 0 and A
e = 0, then E is said to have additive reduction.

Proposition 24.4.5. There is a short exact sequence of groups

0 → E (1) (K) → E (0) (K) → E

e ns (k) → 0.

e ns (k).
This gives us the beginning of a filtration of E

Lemma 24.4.6. Suppose P = [X, Y, Z] ∈ E(K). Then P ∈ E (0) (K) if and only if for some
N ≥ 1, v(X) = 2N , v(Y ) = 0 and v(Z) = 3N .

Definition. For a point P = [X, Y, Z] ∈ E(K), the N satisfying Lemma 24.4.6 is called the
level of P . We formally define the level of O to be ∞. For each N ≥ 1, define

E (N ) (K) = {P ∈ E (0) (K) : the level of P is N }.

Theorem 24.4.7. Let E be an elliptic curve over K. Then

437
24.4. Elliptic Curves over Local Fields Chapter 24. Rational Points on Elliptic Curves

(1) For each N ≥ 1, E (N ) (K) is a subgroup of E(K).

(2) E (0) (K)/E (1) (K) ∼

=Ee ns (k).

(3) For each N ≥ 1, E (N ) (K)/E (N +1) (K) ∼

= Ga (k).
Proof. (1) easy.
(2) in Silverman.
(3) Assume K = Qp and put XN = p2N X, YN = Y and ZN = p3N Z for N ≥ 1. Then if
E is given by the homogeneous form

E : Y 2 Z = X 3 + AXZ 2 + BZ 3

over K, then the curve EN defined by

EN : YN2 ZN = XN3 + p4N AXN ZN2 + p6N BZN3

eN is given by Y 2 Z N = X 3 which is a
is also a curve over K. Moreover, the reduction E N N
(N ) (0)
cuspidal curve, so EN has additive reduction. Also observe that E (K) = EN (K) and
e
(1)
E (N +1) (K) = EN (K) for any N ≥ 1. Applying the short exact sequence from Proposi-
tion 24.4.5 to these groups gives isomorphisms

E (N ) (K)/E (N +1) (K) = EN (K)/EN (K) ∼ e ns (k) ∼

(0) (1)
=E = Ga (k)

by Proposition 24.4.4(e). Hence each intermediate quotient is Ga (k) as claimed.

This gives us important information about torsion points over local fields. We will lever-
age this to embed certain torsion parts of E(K) into the reduction E(k).
e

Corollary 24.4.8. Suppose the residue field k has characteristic p > 0. If P ∈ E (1) (K) is
a torsion point then its order is pr for some r ≥ 1.

Proof. Suppose nP = O for n ∈ Z. Write n = pr m where p - m. Set Q = pr P so that

mQ = nP = O. Suppose Q 6= O. Then Q ∈ E (N ) (K) but Q 6∈ E (N +1) (K) for some N ≥ 1,
since the E (N ) (K) are a filtration of E (1) (K). With k = Fq a finite field of characteristic p,
(3) of Theorem 24.4.7 gives

E (N ) (K)/E (N +1) (K) ∼

= Ga (k) = Fq

which means pQ ∈ E (N +1) (K). Thus mQ, pQ ∈ E (N +1) (K), but p and m are relatively
prime, so it follows that Q ∈ E (N +1) (K), a contradiction. Hence pr P = Q = O.

Theorem 24.4.9. Suppose K = Qp and p - m. Then

(1) E (1) (K)[m] = 0.

(2) If E has good reduction then there is an embedding E(K)[m] ,→ E(k).

e

438
24.4. Elliptic Curves over Local Fields Chapter 24. Rational Points on Elliptic Curves

Proof. (1) follows directly from Corollary 24.4.8.

(2) Consider the exact sequence from Proposition 24.4.5:

0 → E (1) (K) → E (0) (K) → E(k)

e → 0.
Then by (1), E (1) (K) has no m-torsion and by good reduction, E (0) (K) = E(K). Therefore
E(K)[m] → E(k)
e is an injection.
Theorem 24.4.10. Assume E has a minimal model in short Weierstrass form. Then
E (1) (K) is torsion-free.
For K = Qp , this says that all torsion points in E(Qp ) have coordinates in Zp .
For any point P ∈ E(K), define the element
(
x
, P = (x, y)
u(P ) = y
0, P = O.

Then |u(P )| = p−N where N is the level of P . To prove Theorem 24.4.10, we need two
lemmas.
Lemma 24.4.11. Take P1 , P2 ∈ E (1) (K) and suppose none of P1 , P2 , P1 + P2 are O. Then
|u(P1 + P2 ) − u(P1 ) − u(P2 )| ≤ max{|u(P1 )|5 , |u(P2 )|5 }.
Proof. Without loss of generality we may assume |u(P1 )| ≥ |u(P2 )|. Let N be the level of
P1 , and set XN = p2N X, YN = Y and ZN = p3N Z, defining the curve EN as in the proof of
Theorem 24.4.7. Then EN has additive reduction with singular point (0, 0). Further, since
P1 , P2 ∈ E (1) (K) ⊆ E (0) (K), neither of these reduces to the singular point. Now the line
between Pe1 and Pe2 does not pass through (0, 0), so before reduction, the line between P1
and P2 has the form
ZN = `XN + mYN for l, m ∈ Z, |`| ≤ 1, |m| ≤ 1.
The third point of intersection between this line and EN is calculated by:
0 = −YN (`XN + mYN ) + XN3 + p4N AXN (`XN + mYN )2 + p6N B(`XN + mYN )3
= c3 XN3 + c2 XN2 YN + c1 XN YN2 + c0 YN3 . (∗)
Rearranging, we get the following relations:
c3 = 1 + p4N A`3 + p6N B`3 (24.1)
4N 6N 2
c2 = 2p A`m + 3p Bm` . (24.2)
Then (1) implies |c3 | = 1, while (2) implies |c2 | ≤ p−4N . On the other hand, dehomogenizing
(∗), we find that the roots of the equation are p−N u(P1 ), p−N u(P2 ) and p−N u(P1 + P2 ). The
sum of the roots must be −c c3
2
, so combining all of this information gives us

|u(P1 + P2 ) − u(P1 ) − u(P2 )| ≤ max{|u(P1 )|5 , |u(P2 )|5 }.

439
24.4. Elliptic Curves over Local Fields Chapter 24. Rational Points on Elliptic Curves

Lemma 24.4.12. For all P ∈ E (1) (Qp ) and m ∈ Z, |u([m]P )| = |m| |u(P )|.
Proof. This is trivial when m = 0. For m > 0, Lemma 24.4.11 implies |u(mP ) − mu(P )| ≤
|u(P )|5 . When p - m, |u(mP )| = p−N and |mu(P )| = p−L for some N ≥ L > 1. If L 6= N ,
then |u(mP ) − mu(P )| = p−L > |u(P )|5 by the ultrametric inequality, but this contradicts
Lemma 24.4.11. Thus L = N , so |u(mP )| = |m| |u(P )|. A similar proof works for the case
p = m. Finally, if p | m, the equality is verified by induction on the power of p dividing
m.
We now give the proof of Theorem 24.4.10.
Proof. If P ∈ E (1) (Qp ) is a nontrivial torsion point, then [m]P = O for some m ∈ Z.
However, by Lemma 24.4.12, 0 = |u(O)| = |u([m]P )| = |m| |u(P )| = 6 0, a contradiction.
(1)
Hence E (Qp ) has no nontrivial torsion.
Remark. If E is not in short Weierstrass form, e.g. if p = 2, the theorem may be false.
However, in that case the same proof shows that E (2) (Qp ) is torsion-free.
Corollary 24.4.13. If E is an elliptic curve with good reduction over K, then there is an
embedding Etors (K) ,→ E(k).
e

Proof. By Proposition 24.4.5, there is a short exact sequence

0 → E (1) (K) → E (0) (K) → E

e ns (k) → 0.

Then E (1) (K) is torsion-free by Theorem 24.4.10, and by hypothesis E

e ns (k) = E(k)
e and
(0)
therefore E (K) = E(K). Hence Etors (K) ,→ E(k) is an embedding.
e

Corollary 24.4.14. If E is an elliptic curve with good reduction over K, then Etors (K) is
a finite group.
Suppose E is an elliptic curve over Q with good reduction mod p. Then there are
embeddings Etors (Q) ,→ Etors (Qp ) ,→ E(F
e p ). This proves:

Corollary 24.4.15. For any elliptic curve E/Q, Etors (Q) is finite.
Example 24.4.16. Consider the elliptic curve

E : y 2 + y = x3 − x + 1.

Then ∆E = −611 = −13·47 so E has good reduction mod 2. One can see that E(F
e 2 ) = {O},
so it follows that E(Q) is torsion-free.
Example 24.4.17. Consider the elliptic curve

E : y 2 = x3 + 3.

Here ∆E = −3888 = −24 · 35 , so E has good reduction mod p for all primes p ≥ 5. Using the
methods described, one can check that #E(Fe 5 ) = 6, while #E(F
e 7 ) = 13, so it follows that
E(Q) has no torsion. Notice that (1, 2) ∈ E(Q) is a rational point. Then (1, 2) has infinite
order, a completely nontrivial fact.

440
24.4. Elliptic Curves over Local Fields Chapter 24. Rational Points on Elliptic Curves

Example 24.4.18. Let E be the elliptic curve given by

E : y 2 = x3 + x.

Then its discriminant is ∆E = −64. One checks that (0, 0) is a point of order 2 in E(Q), and
that #E(F
e 3 ) = 4, #E(F
e 5 ) = 4 and #E(F
e 7 ) = 8. So the trick in the previous two examples
will not work here. However, one can further show that
e 3 ) = {O, (0, 0), (2, 1), (2, 2)} ∼
E(F = Z/4Z,
e 5 ) = {O, (0, 0), (2, 0), (3, 0)} ∼
while E(F = Z/2Z × Z/2Z.

So Etors (Q) can only consist of {O, (0, 0)}.

Theorem 24.4.19. Let (K, R) be an arbitrary local field whose residue field k has char-
acteristic p > 0. Consider an elliptic curve E over K and a point P = (x, y) ∈ E(K).
Then

(1) If P ∈ E(K)[m] for p - m, then x, y ∈ R.

 
n 2r 3r v(p)
(2) If P ∈ E(K)[p ] for n ≥ 1, then π x, π y ∈ R where r = n−1 .
p (p − 1)
Theorem 24.4.20 (Lutz-Nagell). Let E : y 2 = x3 + Ax + B be an elliptic curve with integral
coefficients and take P = (x, y) ∈ Etors (Q). Then x, y ∈ Z, and either y = 0, in which case
2P = O, or y 2 | 4A3 + 27B 2 .

Proof. For any prime p at which E has good reduction, there is an embedding Etors (Q) ,→
Etors (Qp ), but we know by Theorem 24.4.10 that x, y ∈ Zp . Since Zp ∩ Q = Z, it follows
that x, y ∈ Z.
Next, it is clear that [2]P = O if and only if y = 0, so suppose [2]P = (x2 , y2 ). Since P is
torsion, [2]P is also torsion, so x2 , y2 ∈ Z by the first paragraph. From the addition formula
(Proposition 23.3.2), we see that
2
3x2 + A

x2 = + 2x,
2y

but since x2 , 2x ∈ Z, we must have y 2 | (3x2 + A)2 . On the other hand,

(3x2 + 4A)(3x2 + A)2 ≡ 4A3 + 27B 2 (mod x3 + Ax + B)

and y 2 = x3 + Ax + B, so we see that 4A3 + 27B 2 ≡ 0 mod y 2 . This proves the result.

Theorem 24.4.21. A point P ∈ E(Q) is non-torsion if and only if there exists some n ∈ Z
such that [n]P has non-integral coordinates.

This statement is proven by Siegel’s result that an elliptic curve over Q has at most
finitely many integral points.

441
24.5. Jacobians of Hyperelliptic Curves Chapter 24. Rational Points on Elliptic Curves

24.5 Jacobians of Hyperelliptic Curves

Take a curve C of genus 1, perhaps with no k-rational points. That is, C is a hyperelliptic
curve. Then E = J(C) is an elliptic curve and there is an isomorphism C 99K E defined
over k̄; that is, E is a twist of C (see Section 25.3). Taking a divisor D ∈ Div(C) of degree
deg(D) = n, we get a map

αD : C −→ E = J(C)
P 7−→ [n]P − D.

This endows C with the structure of an [n]-cover of E (again, see Section 25.3). For example,
a divisor D ∈ Div(C) of degree n = 2 determines a map ϕD : C → P1 whose image is a
variety given by the equation Y 2 Z 2 = U (X, Z), where U is a quartic in X, Z. There is an
SL2 (k) action on the set of all quartic forms:
 
α β
· U (X, Z) = U (αX + βZ, γX + δZ).
γ δ

In particular, SL2 (k) acts on k[a1 , . . . , a5 ], and it turns out that the invariant subring is of
the form k[a1 , . . . , a5 ]SL2 (k) ∼
= k[I, J] for two invariant generators I, J. If V is the space of
all quartic forms, these define maps I, J : V → k which are equivariant:

I(U g ) = I(U )g and J(U g ) = J(U )g for all g ∈ SL2 (k).

This shows that V is a 5-dimensional representation of SL2 (k).

There are particular forms g(X, Z) and h(X, Z) such that the SL2 (k)-covariance of V is
given by
Cov(V ) ∼
= k[U, I, J, g, h]/(h2 − (4g 3 − Igu2 − JU 3 )).
Further, one can show that the embedding C ,→ E = J(C) is given by
 
g(X, Z) h(X, Z)
[X, Y, Z] 7→ , .
Y 2Z 2 Y 3Z 3

Under this embedding, E is an elliptic curve given by the Weierstrass form

E : y 2 = 4x3 − Ix − J,

J2
with j-invariant j(E) = .
I3

442
Chapter 25

The Mordell-Weil Theorem

Now that we understand Etors (Q), our goal is to prove Mordell’s theorem that E(Q) is finitely
generated. Our strategy is as follows, and will take the entirety of Chapter 5 to describe.

(1) (Weak Mordell-Weil Theorem) Show that E(Q)/mE(Q) is finitely generated for m > 1.
This is achieved by constructing a certain short exact sequence

0 → E(Q)/mE(Q) → Sel(m) (E/Q) → X(E/Q)[m] → 0,

where Sel(m) (E/Q) is a finite group called the Selmer group and X(E/Q) is the Tate-
Shafarevich group.

(2) Use height functions to construct a function ĥ : E(Q) → R≥0 which satisfies

(i) For all B > 0, the set {P ∈ E(Q) : ĥ(P ) < B} is finite.
(ii) ĥ([m]P ) = m2 ĥ(P ) for all m ∈ Z.
(iii) ĥ is a quadratic form, and thus there is a pairing

hP, Qi = 21 (ĥ(P + Q) − ĥ(P ) − ĥ(Q))

which is symmetric and bilinear.

(3) Combining the weak Mordell-Weil theorem and height functions gives a proof that E(Q)
is finitely generated.

443
25.1. Some Galois Cohomology Chapter 25. The Mordell-Weil Theorem

25.1 Some Galois Cohomology

To introduce the Selmer and Tate-Shafarevich groups, we first need to review some basic
results in Galois cohomology. Let G be a profinite group, i.e. an inverse limit G = lim Gi
←−
of some inverse system {Gi } of finite groups. For example, the p-adic integers are profinite
group: Zp = lim Z/pn Z (see Section 15.2). The primary example we will be interested in is
←−
the absolute Galois group of a field k, defined as

Gk = Gal(k̄/k) := lim Gal(L/k)

←−

where the inverse limit is over all finite extensions L/k. Let A be an abelian group with the
discrete topology and suppose G acts on A continuously. Specifically, for each σ ∈ G there
is a map A → A, a 7→ aσ , which satisfies
(i) a1 = a for all a ∈ A.

(ii) (a + b)σ = aσ + bσ for all a, b ∈ A.

(iii) If σ, τ ∈ G then (aσ )τ = aστ .

(iv) For each a ∈ A, StabG (a) = {σ ∈ G : aσ = a} is a subgroup of finite index in G.

Notice that (i) – (iii) are the axioms for a right group action of G on A, while (iv) says that
the action is continuous.
Definition. For a continuous action of G on A, the set of G-invariants of A is

AG := {a ∈ A : aσ = a for all σ ∈ G}.

Example 25.1.1. The key situation for our purposes is when G = Gk is the absolute Galois
group of a field k and A = E(k̄) is the points of an elliptic curve over the algebraic closure,
with the continuous action described in Section 21.1 (for any variety). In particular, for any
P ∈ E(k̄), StabG (P ) = Gal(k̄/k(P )) is a finite index subgroup, where k(P ) is the field of
definition of P . In this situation, the fixed points of the Galois action are just the k-rational
points of E: E(k̄)G = E(k).
In general, the assignment A 7→ AG is a functor from the category of G-modules to the
category of abelian groups, called the invariant functor.
Lemma 25.1.2. A 7→ AG is a left exact functor, meaning for every short exact sequence of
G-modules 0 → A → B → C → 0, there is an exact sequence 0 → AG → B G → C G .
[m]
Example 25.1.3. Consider the short exact sequence 0 → E[m] → E −−→ E → 0. Then
applying the invariant functor (−)G , where G = Gk , fails to preserve exactness on the right.
Definition. The ith group cohomology of G with coefficients in a G-module A is the ith
right derived functor of the invariant functor:

H i (G, A) := Ri (−)G (A).

444
25.1. Some Galois Cohomology Chapter 25. The Mordell-Weil Theorem

Theorem 25.1.4. Let G be a profinite group. Then

(1) H 0 (G, A) = AG for any G-module A.

(2) For any short exact sequence of G-modules 0 → A0 → A → A00 → 0, there is a long
exact sequence in cohomology

0 → H 0 (G, A0 ) → H 0 (G, A) → H 0 (G, A00 ) → H 1 (G, A0 ) → H 1 (G, A) → H 1 (G, A00 ) → · · ·

which is functorial in each of A0 , A, A00 .

Definition. When G = Gk = Gal(k̄/k), the group cohomology functors are called Galois
cohomology, written
H i (k, A) := H i (Gal(k̄/k), A).
Example 25.1.5. If a profinite group G acts trivially on A, then H 0 (G, A) = A and
H 1 (G, A) = Homcts (G, A), the group of continuous homomorphisms G → A.
Group cohomology can also be constructed as the homology of a certain cochain complex:

H i (G, A) = Z i (G, A)/B i (G, A),

where Z i (G, A) are the i-cocycles, or maps G×· · ·×G → A satisfying a certain combinatorial
condition (e.g. for ξ : G → A, the cocycle condition is that ξστ = (ξσ )τ +ξτ for any σ, τ ∈ G),
and B i (G, A) are the i-coboundaries, i.e. the cocycles of the form ξ : σ 7→ aσ − a for some
a ∈ A.
For a closed subgroup H ≤ G, any G-module A is also an H-module by restricting the
G-action to H. This determines a map called restriction:

Res : H i (G, A) −→ H i (H, A).

On 0th cohomology, this is just given by AG ,→ AH . On the other hand, for a normal,
finite-index subgroup H ≤ G, the quotient G/H is a finite group and AH has the structure
of a G/H-module. This allows one to define an induced map called inflation:

Inf : H i (G/H, AH ) −→ H i (G, A).

Theorem 25.1.6 (Inflation-Restriction Sequence). For a profinite group G, a normal finite-

index subgroup H and a G-module A, there is an exact sequence
Inf Res
0 → H 1 (G/H, AH ) −→ H 1 (G, A) −−→ H 1 (H, A).

Example 25.1.7. If K is a number field, v is a place on K and Kv is the completion of K

at v, then the Galois group Gv := Gal(K v /Kv ) is a subgroup of G = Gal(K/K). In this
case, there is a local restriction sequence at v:
Res
Resv : H 1 (K, A) −−→ H 1 (Kv , A) → H 1 (Kv , A(K v )).

(for any Galois module A).

445
25.1. Some Galois Cohomology Chapter 25. The Mordell-Weil Theorem

Proposition 25.1.8. For any field K, H 1 (K, Ga ) = 0 and H 1 (K, Gm ) = 1. Further, if

char K = 0 or char K - m, then there is an isomorphism H 1 (K, µm ) ∼
= K × /(K × )m , where
µm is the group of mth roots of unity lying in K.

Proof. The first statement is Hilbert’s Theorem 90 (Theorem 17.7.5). For the second state-
ment, consider the short exact sequence
[m]
1 → µm → Gm −−→ Gm → 0.

Applying Galois cohomology gives a sequence

m
1 → µm (K) → K × −
→ K × → H 1 (K, µm ) → H 1 (K, Gm ) = 0.

Taking the quotient gives the result.

446
25.2. Selmer and Tate-Shafarevich Groups Chapter 25. The Mordell-Weil Theorem

25.2 Selmer and Tate-Shafarevich Groups

In this section we introduce the Selmer and Tate-Shafarevich groups of an isogeny between
elliptic curves. Let ϕ : A → B be such an isogeny over a field K. Set A[ϕ] = ker ϕ, we have
a short exact sequence in the category of elliptic curves:
ϕ
0 → A[ϕ] → A −
→ B → 0.

Applying Galois cohomology gives a long exact sequence

ϕ δ ϕ
0 → A[ϕ](K) → A(K) − − H 1 (K, A[ϕ]) → H 1 (K, A) −
→ B(K) → → H 1 (K, B) → · · ·

We isolate part of this sequence as a short exact sequence:

δ
− H 1 (K, A[ϕ]) → H 1 (K, A)[ϕ] → 0.
0 → B(K)/ϕA(K) →

We will construct the Selmer group as a subgroup of H 1 (K, A[ϕ]), avoiding the obstacles of
working with the infinite group H 1 (K, A[ϕ]). Notice that when A = B = E and ϕ = [m],
the first term in this sequence is E(K)/mE(K), sometimes called the weak Mordell-Weil
group.
If P ∈ B(K), choose Q ∈ A(K) with ϕ(Q) = P . Then the image of P under δ :
B(K)/ϕA(K) → H 1 (K, A[ϕ]) is the cocycle ξ = δ(P ) : σ 7→ ξσ = Qσ − Q.

Example 25.2.1. In the case A = B = E, suppose ϕ = [m] where E[m] ⊆ E(K). Then by
Proposition 24.2.7 and Proposition 25.1.8,

H 1 (K, E[m]) = Homcts (GK , E[m]) = Homcts (GK , Z/mZ×Z/mZ) ∼

= K × /(K × )m ×K × /(K × )m .

Lemma 25.2.2. Let K be a number field and v a place of K. Then for any isogeny of
elliptic curves ϕ : A → B over K, there is a commutative diagram

0 B(K)/ϕA(K) H 1 (K, A[ϕ]) H 1 (K, A)[ϕ] 0

Resv

0 B(Kv )/ϕA(Kv ) H 1 (Kv , A[ϕ]) H 1 (Kv , A)[ϕ] 0

Since we have such a diagram for every place of K, we can take the product over all
places of K to obtain a commutative diagram

δ
0 B(K)/ϕA(K) H 1 (K, A[ϕ]) H 1 (K, A)[ϕ] 0
α
Y Y Y
0 B(Kv )/ϕA(Kv ) H 1 (Kv , A[ϕ]) H 1 (Kv , A)[ϕ] 0
v v v

447
25.2. Selmer and Tate-Shafarevich Groups Chapter 25. The Mordell-Weil Theorem

Here the vertical arrow in the middle is given by a product of local restrictions: ξ 7→ (ξv )v .
Let ξ ∈ δ(B(K)). Then ξv must lie in δ(B(Kv )) for each place v. This puts a condition on
the cocycles in the image of δ; define

Lv := {ξ ∈ H 1 (K, A[ϕ]) : ξv ∈ δ(B(Kv ))}

and set HL1 (K, A[ϕ]) = v Lv . Then we see that δ(B(Kv )) ⊆ HL1 (K, A[α]).
T

Definition. The Selmer group of ϕ : A → B is the group

Sel(ϕ) (A/K) := HL1 (K, A[ϕ]) = ker α,

where α : H 1 (K, A[α]) → v H 1 (Kv , A)[ϕ] is the product of the local restriction maps.
Q

The key observation is that im δ ⊆ Sel(ϕ) (A/K), so in order to prove the weak Mordell-
Weil theorem, it will be enough to show that the Selmer group is finite. The cokernel of the
map δ : B(K)/ϕA(K) → Sel(ϕ) (A/K) has an important role as well.
Definition. The Tate-Shafarevich group of ϕ : A → B is the group
!
Y
1 1
X(A/K) := ker Res : H (K, A) → H (Kv , A) .
v

Proposition 25.2.3. For any isogeny ϕ : A → B, there is a short exact sequence

0 → B(K)/ϕA(K) → Sel(ϕ) (A/K) → X(A/K)[ϕ] → 0.

Proof. Consider the diagram

B(K)/ϕA(K) Sel(ϕ) (A/K) X(A/K)[ϕ]

0 B(K)/ϕA(K) H 1 (K, A[ϕ]) H 1 (K, A)[ϕ] 0

α
Y ∼ Y 1
0 0 H 1 (Kv , A)[ϕ] = H (Kv , A) 0
v v

Applying the Snake Lemma gives the desired short exact sequence.
Fix a place v of K and let Kvur be the maximal unramified extension of the completion
Kv , so that Gal(K v /Kvur ) = Iv , the inertia group of Kv . Set Gv = Gal(K v /Kv ). For any
Gv -module A, we have a map
Res
H 1 (Kv , A) −−→
v
H 1 (Kvur , A) ∼
= H 1 (Iv , A).
1 1
Denote by Hur (Kv , A) the kernel of this map. Elements of Hur (Kv , A) are called unramified
1 1
cocycles; for an element ξ ∈ H (K, A), we say ξ is unramified at v if ξv ∈ Hur (Kv , A).

448
25.2. Selmer and Tate-Shafarevich Groups Chapter 25. The Mordell-Weil Theorem

Definition. For a finite set of places S on K, we define

HS1 (K, A) = {ξ ∈ H 1 (K, A) | ξ is unramified at all places v 6∈ S}.

Proposition 25.2.4. Let K be a number field, A an elliptic curve over K and ϕ : A → B

an isogeny defined over K. Let S the finite set consisting of all archimedean places of K,
places at which A has bad reduction and places dividing m = deg ϕ. Then Sel(ϕ) (A/K) is a
subset of HS1 (K, A[ϕ]).

Proof. Let ξ ∈ Sel(ϕ) (A/K) and fix a place v 6∈ S. By definition of the Selmer group,
ξv = 1 in H 1 (Kv , A)[ϕ], so by the exact sequence in Lemma 25.2.2, ξv = δ(P ) for some
point P ∈ B(Kv ). Explicitly, δ(P ) = ξ, where ξ : σ 7→ Qσ − Q for some Q ∈ A(Kv ) with
ϕ(Q) = P . Since v 6∈ S, A has good reduction at v, so in the residue field kv = Ov /mv , the
reduction of ξσ = Qσ − Q for any σ ∈ Iv is give by

ξ¯σ = Qσ − Q = Qσ − Q = (Q)σ − Q = Q − Q = 0

since σ ∈ Iv acts trivially on kv . This shows that ξσ ∈ A(1) (Kv )[ϕ] ⊆ A(1) (Kv )[m], where
deg ϕ = m. Further, since A has good reduction at v and v - m, then by Theorem 24.4.9,
e v ) is an injection. Hence ξ¯v = 0 in A(k
A(Kv )[m] ,→ A(k e v ) implies ξσ = 0 in A(Kv ). Thus
we have shown ξσ is trivial for all σ ∈ Iv , i.e. ξ is unramified at every v 6∈ S. Hence
Sel(ϕ) (A/K) ⊆ HS1 (K, A[ϕ]).

Proposition 25.2.5. Let S be a finite set of places of K and let M be any finite abelian
GK -module. Then HS1 (K, M ) is finite.

Proof. Since M is finite and GK acts continuously on m, there exists an open subgroup of
finite index in GK that fixes every element of M . Such a subgroup corresponds, by infinite
Galois theory, to an extension K 0 /K. For this extension, we have an inflation-restriction
sequence (Theorem 25.1.6):

0 → HS1 (K 0 , M GK 0 ) → HS1 (K, M ) → HS1 (K 0 , M ).

Since M is finite, HS1 (K 0 , M GK 0 ) is finite, so it’s enough to show HS1 (K 0 , M ) is finite to imply
that HS1 (K, M ) is finite.
By definition, K 0 is the extension of K for which GK 0 acts trivially on M , so after replacing
K with K 0 , we may assume M is in fact a trivial GK -module. Also assume µn ⊆ K for some
n. Since GK acts trivially on M , we have that HS1 (K, M ) = HomScts (GK , M ). However,
such homomorphisms are in correspondence with abelian extensions of K of exponent m
which are unramified outside S. By Lemma 25.2.6 below, there are finitely many of these,
so HS1 (K, M ) is finite.

Lemma 25.2.6. Let K be a number field and M a finite abelian GK -module. If m is the
exponent of M (i.e. the smallest integer such that mx = 0 for all x ∈ M ), and L/K is
the maximal abelian extension of exponent m which is unramified outside S, then [L : K] is
finite.

449
25.2. Selmer and Tate-Shafarevich Groups Chapter 25. The Mordell-Weil Theorem

n
Proof. Assume µn ⊆ K. By Kummer theory, the short exact sequence 1 → µn → K × →
−
×
K → 0 induces a long exact sequence
n
0 → µn → K × →
− K × → H 1 (K, µn ) → H 1 (K, K × ) = 0

(the last term is 0 by Theorem 17.7.5). Thus there is an isomorphism

δ : K × /(K × )n −→ H 1 (K, µn )
 
σ(β)
α 7−→ ξ : σ 7→ β where β n = α.

In particular, this exhibits a Galois correspondence

   
cyclic subgroups of cyclic extensions of L/K
←→
K × /(K × )n with Gal(L/K) = Z/nZ
√
hαi 7−→ K( n α)/K.

Let OS be the ring of S-integers in K, i.e.

OS = {x ∈ K : |x|v ≤ 1 for all v 6∈ S}.

By algebraic number theory, there are finitely many degree d extensions L/K unramified
outside S for any given d > 0. Further, by Dirichlet’s S-unit theorem, OS× is a finitely
generated abelian group of rank r(S) = r + s − 1 + #S, where r and s are, respectively, the
numbers of real and complex embeddings of Q in K. By class field theory, the class group
C(OS ) is finite and generated by some fractional ideals a1 , . . . , an . Adding all the primes
dividing the aj to S, we get a finite set of places S 0 for which C(OS 0 ) = 1. Therefore we may
assume from the start that OS is a PID.
With these reductions, we will now prove L/K is finite. In fact, we will show
(1) L = K(α1/m | α ∈ OS× )

(2) Gal(L/K) ∼
= (Z/mZ)r(S)+1 .
By Kummer theory, the maximal abelian extension of K with exponent m is K(α1/m | α ∈
K × ). Thus L ⊆ K(α1/m | α ∈ K × ). Let L0 = K(α1/m | α ∈ OS× ). We want to show L0 = L.
First, for any α ∈ K × and place v for which v(m) = 0, we claim v is unramified in K(α1/m )
if and only if ordv (α) ≡ 0 mod m. Indeed, if ordv (α) ≡ 0 mod m, then α = uπvrm for
some u ∈ Ov× and r ∈ Z. Then Kv (α1/m ) = Kv (u1/m ) so u1/m satisfies xm − u = 0. This
polynomial has discriminant ∆ = mm um−1 , so in particular v(∆) = 0 and thus v is unramified
in K(α1/m ). Conversely, if v is unramified in K(α1/m ) then v(K(α1/m )× ) = v(K × ) = Z. So
if α = uπvr then m | r and hence ordv (α) = r ≡ 0 (mod m). Thus the claim holds.
The paragraph above shows that L is the compositum of all K(α1/m ) for α ∈ K × with
ordv (α) ≡ 0 mod m for all v 6∈ S. That is, for all v 6∈ S, ordv (α) = rv m for some rv ∈ Z.
Take such an α ∈ K × and v 6∈ S and let pv be the corresponding prime of OS . By our
reductions, OS is a PID, so Y
prvv = (β)
v6∈S

450
25.2. Selmer and Tate-Shafarevich Groups Chapter 25. The Mordell-Weil Theorem

for some β ∈ K. Then α0 = αβ −m ∈ OS× and K(α1/m ) = K((α0 )1/m ) ⊆ L0 . This holds for
all α ∈ K × , so L ⊆ L0 . On the other hand, L0 ⊆ L is obvious so we get L0 = L and (1) is
proven.
For (2), apply Dirichlet’s S-unit theorem to get

Gal(L/K) = OS× /(OS× )m = (Z/mZ)r(S)+1

where the extra copy of Z/mZ comes from the torsion part since µm ⊆ K.

Remark. Consider the situation when M = A[m] and A[m] ⊆ A(K). As in the proof of
Lemma 25.2.6, we may assume µm ⊆ K and that OS is a PID. Then

HS1 (K, A[m]) = Homcts (Gal(L/K), A[m]) = Homcts ((Z/mZ)1+r(S) , (Z/mZ)2 )

so |HS1 (K, A[m])| = m2(1+r(S)) . On the other hand, #A(K)/[m]A(K) = m2(1+r(A)) and since
there is an embedding A(K)/[m]A(K) ,→ HS1 (K, A[m]), we get a bound on the rank of the
elliptic curve A:
r(A) ≤ 2r(S) = 2(r + s − 1 + #S).

Corollary 25.2.7. For any isogeny of elliptic curves ϕ : A → B over a number field K, the
Selmer group Sel(ϕ) (A/K) is a finite group.

Corollary 25.2.8 (Weak Mordell-Weil Theorem). For any elliptic curve E over Q, E(Q)/mE(Q)
is finite for all m ≥ 2.

Remark. Let ϕ : E → E 0 be an isogeny over Q. There is a bilinear, alternating pairing

X(E/Q) × X(E 0 /Q) −→ Q/Z

called Cassel’s pairing, whose kernel consists of divisible elements. As a result, one obtains
the following useful fact:

Theorem 25.2.9. For any elliptic curve E, the order of X(E/Q) is divisible by 2.

451
25.3. Twists, Covers and Homogeneous Spaces Chapter 25. The Mordell-Weil Theorem

25.3 Twists, Covers and Homogeneous Spaces

Before making the leap from the weak Mordell-Weil theorem to the full Mordell-Weil theo-
rem, we take a couple sections to describe the Selmer and Tate-Shafarevich groups explicitly.
This allows one to write down explicit generators for E(K)/ϕE(K) which ultimately lead
to an effective proof of Mordell-Weil.
Definition. Let X be an algebro-geometric object over a field k. Then a twist of X is an
element of the set

Twist(X/k) = {objects Y of the same category | Y ∼

= X over k̄}.

Example 25.3.1. By Proposition 20.2.7 (or 22.6.5), every conic in P2 is isomorphic over k̄
to P1 , but is only isomorphic over k if it has a k-point. Therefore Twist(P1 /k) is the set of
conics in P2 .
The next result is a sort of “meta-proposition” about twists of algebro-geometric objects.
One can repeat the proof in any specific category of algebro-geometric objects to obtain a
bijection between the twists and the given cohomology set.
Proposition 25.3.2. Let X be an algebro-geometric object over a field k. Then there is a
bijection H 1 (k, Autk̄ (X)) ∼
= Twist(X/k).
Proof. Given Y ∈ Twist(X/k), there is an isomorphism ϕ : Y → X defined over k̄. Then
each σ ∈ Gk acts on ϕ in the natural way, and

ξ : σ 7→ ϕσ ◦ ϕ−1 ∈ Autk̄ (X)

is a 1-cocycle in H 1 (k, Autk̄ (X)).

Conversely, for ξ : σ 7→ ξσ in H 1 (k, Autk̄ (X)), we may view ξ as a continuous map
Gk → Autk̄ (X). Since Autk̄ (X) has the discrete topology, ker ξ is an open normal subgroup
of Gk , so by Galois theory, there is an extension L/k with ker ξ = Gal(L/k). We define a
twisted action of Gal(L/k) on X(L) by

Gal(L/k) × X(L) −→ X(L)

(σ, P ) 7−→ ξσ (P σ ).

Then the coset space Y := X(L)/ Gal(L/k) is an object defined over k of the same type as
X that is isomorphic to X over k̄, hence a twist of X over k. It is easy to check that the
assignments are inverses of each other.
Definition. Let A be an algebraic group over a field k. A principal homogeneous space
(or PHS) for A is a variety X over k equipped with a simply transitive action of A as an
algebraic group action over k. In other words, there is a morphism

µ : X × A −→ X, (x, P ) 7→ x
P

satisfying

452
25.3. Twists, Covers and Homogeneous Spaces Chapter 25. The Mordell-Weil Theorem

(1) x
0 = x for all x ∈ X.

(2) x
(P + Q) = (x
P )
Q for all P, Q ∈ A and x ∈ X.

(3) For any x0 ∈ X, the map

θx0 : A −→ X, P 7→ x0
P

is an isomorphism defined over over any field L such that x0 ∈ X(L).

In particular, (3) says that X is a twist of A. Notice that if x0 ∈ X(k), then X ∼ =A

over k, i.e. X is a trivial twist of A, and vice versa. In this case, we will say X is a trivial
principal homogeneous space of A.

Lemma 25.3.3. Every twist of A over k is a principal homogeneous space.

Proof. Let X be a twist of A, with isomorphism θ = θx0 : A → X defined over k̄. Then for
any x ∈ X and P ∈ A,

θ(θ−1 (x) + P ) = x0
(θ−1 (x) + P ) = (x0
θ−1 (x))
P = x
P.

Therefore the action µ : X × A → X can be written µ(x, P ) = θ(θ−1 (x) + P ).

Lemma 25.3.4. Given an isomorphism θ = θx0 : A → X over k̄, there is a subtraction map

ν : X × X −→ A, (x, y) 7→ x  y = θ−1 (x) − θ−1 (y)

which is defined over k.

Definition. Two principal homogeneous spaces (X, µ) and (X 0 , µ0 ) of A over k are isomor-
phic over k if there exists an isomorphism i : X → X 0 defined over k such that the following
diagram commutes:
µ
X ×A X

i×1 i

X0 × A X0
µ0

There is a related notion of a “torsor” for A, which turns out to be equivalent to the
definition of a PHS of A.

Definition. A torsor for A over k is a pair (X, θ) where X is an algebraic variety over k
and θ : A → X is an isomorphism defined over k̄.

Definition. Two torsors (X, θ) and (X 0 , θ0 ) for A over k are isomorphic as torsors if
there exists an isomorphism of varieties i : X → X 0 defined over k and a point P ∈ A such
that the following diagram commutes:

453
25.3. Twists, Covers and Homogeneous Spaces Chapter 25. The Mordell-Weil Theorem

θ
A X

τP i

A X0
θ0

Proposition 25.3.5. The equivalence classes of principal homogeneous spaces of A over k

are in bijection (as pointed sets) with the equivalence classes of torsors for A over k.

Proof. Let X be a PHS and pick x0 ∈ X. Then θ = θx0 : A → X is an isomorphism, so

(X, θ) is a torsor. For a different choice of point y0 ∈ X, we get an isomorphic torsor (X, θy0 ),
where the isomorphism is given by the diagram
θx0
A X

τP id

A X
θy0

(Here, P = x0  y0 .) Conversely, a torsor (X, θ) determines a PHS (X, µ) of A by µ(x, P ) =

θ(θ−1 (x) + P ).

Definition. The set of equivalence classes of principal homogeneous spaces of A over k, or

equivalently the equivalence classes of torsors for A over k, is called the Weil-Châtelet
group of A, denoted W C(A/k).

Remark. Let A be an algebraic group over k.

1 Given a twist X ∈ Twist(A/k), then up to isomorphism of torsors, there are | Aut(A)|

different torsor structures we can put on X. For an elliptic curve E, the typical case
is that Aut(E) = Z/2Z, so there are two torsor structures on each twist of E.

2 The automorphism group of A as a torsor for A is isomorphic to A itself. Hence by

Proposition 25.3.2,

W C(A/k) −→ H 1 (k, A)
(X, µ) 7−→ (ξ : σ 7→ xσ0  x0 )

is a bijection. Viewing W C(A/k) as an equivalence class of torsors, the isomorphism is

given by (X, θ) 7→ (ξ : σ 7→ Pσ ), where Pσ is the point such that (θσ )−1 ◦ θ(Q) = Q + Pσ
in A.

Recall that when A is an elliptic curve over a number field K, X(A/K) ⊆ H 1 (K, A) and
elements of X(A/K) are those cocycles ξ ∈ H 1 (K, A) such that ξv ∈ H 1 (Kv , A) is trivial

454
25.3. Twists, Covers and Homogeneous Spaces Chapter 25. The Mordell-Weil Theorem

for each place v of K. Interpreting each H 1 (Kv , A) as W C(A/Kv ), the restriction map is
given by
Y
W C(A/K) −→ W C(A/Kv )
v
Y
X/K −
7 → (X/Kv ).
v

Lemma 25.3.6. A torsor X for A is trivial in W C(A/K) if and only if X(K) 6= ∅.

Theorem 25.3.7. Let ϕ : A → B be an isogeny of elliptic curves over a number field K.

Then X(A/K) is the set of equivalence classes of PHSs for A over K having a point over
Kv for every place v of K.

On the other hand, recall that Sel(ϕ) (A/K) ⊆ H 1 (K, A[ϕ]). By Proposition 25.3.2,
H 1 (K, A[ϕ]) can be viewed as the set of twists of A with automorphism group isomorphic
to A[ϕ]. This naturally leads to the idea of twists of an isogeny, also known as ϕ-covers.

Definition. Let ϕ : A → B be an isogeny. Then a ϕ-cover is a curve C and a covering

map π : C → B defined over K such that there exists an isomorphism α : C → A defined
over K making the following diagram commute:
π
C B

α id

A ϕ B

If π : C → B is a ϕ-cover, then C is a torsor for A over K, so C ∈ W C(A/K). Note that

if α0 : C → A is another isomorphism over K then it differs from α by τP for some P ∈ A[ϕ];
thus [(C, α)] = [(C, α0 )] in W C(A/K).

Definition. Let ϕ : A → B be an isogeny. An isomorphism of ϕ-covers (C, π) → (C 0 , π 0 )

is an isomorphism of curves i : C → C 0 making the following diagram commute:
π
C B

i id

C0 B
π0

Remark. For any isogeny ϕ, Twist(ϕ/K) is the set of ϕ-covers up to isomorphism of ϕ-

covers. This is a pointed set with trivial element ϕ : A → B itself. Moreover, the automor-
phism group of ϕ as a ϕ-cover is in correspondence with A[ϕ], since any ϕ-cover isomorphism
ϕ → ϕ must be of the form τP for some P ∈ A[ϕ].

455
25.3. Twists, Covers and Homogeneous Spaces Chapter 25. The Mordell-Weil Theorem

Proposition 25.3.8. For any isogeny ϕ : A → B, there is a bijection

{equivalence classes of ϕ-covers} ←→ H 1 (K, A[ϕ]).

The Selmer-Tate-Shafarevich sequence (Proposition 25.2.3) can now be written:

δ
0 B(K)/ϕA(K) H 1 (K, A[ϕ]) W C(A/K) 0
π
[C →
− B] [C]

π π
Proposition 25.3.9. If C → − B is a ϕ-cover and there is a point x ∈ C(K), then [C →
−
B] = δ(P ) for P = π(x) ∈ B(K).

Proof. For any P ∈ B(K), δ(P ) : σ 7→ xσ − x. In particular, if P = ϕ ◦ α(x) = π(x), then

δ(P )(σ) = (ϕ ◦ α(x))(σ)

= [α(x)]σ − α(x)
= ασ (xσ ) − α(x)
= τPσ ◦ α(xσ ) − α(x) since τPσ = ασ ◦ α−1
= α(xσ ) + ξσ − α(x)
= α(x) + ξσ − α(x) = ξσ
π
where ξ is the cocycle in H 1 (K, A[ϕ]) corresponding (via Proposition 25.3.8) to C →
− B.
π
Thus δ(P ) = [C →
− B].
Now viewing Sel(ϕ) (A/K) as a subset of H 1 (K, A[ϕ]), the Selmer group consists of those
ϕ-covers (up to isomorphism) which are everywhere locally trivial, that is, have a point over
Kv for all completions Kv of K. Moreover, the map Sel(ϕ) (A/K) → X(A/K)[ϕ] takes a
π
ϕ-cover C →− B to the space C as a PHS of A.
In order to compute B(K)/ϕA(K), and in particular the weak Mordell-Weil groups
E(Q)/mE(Q), one constructs principal homogeneous spaces C ∈ X(A/K)[ϕ] which have
points in every Kv and use the Selmer-Tate-Shafarevich sequence (Proposition 25.2.3) to
pull C back to a generator of B(K)/ϕA(K). This strategy is known as descent.

456
25.4. Descent Chapter 25. The Mordell-Weil Theorem

25.4 Descent
The goal of descent is to construct torsion elements of the Tate-Shafarevich group X(A/K)
and lift them to generators of B(K)/ϕA(K). We will describe this construction in the
relatively tractable case of 2-torsion elements of an elliptic curve. The general procedure can
be found in Silverman and in Cremona’s “Higher Descent on Elliptic Curves”.
Let E be an elliptic curve with a rational 2-torsion point P ∈ E(K); then hP i is a
subgroup of order 2 in E(K). We can construct a 2-isogeny of E as follows. Change
coordinates of E to move P to the point (0, 0). Then E is given by the Weierstrass form

E : y 2 = x(x2 + ax + b).

If we set a0 = −2a, b0 = a2 − 4b and assume bb0 6= 0, then

E 0 : y 2 = x(x2 + a0 x + b0 )

is an elliptic curve and there is an isogeny

ϕ : E −→ E 0
 2
y y(b − x2 )

(x, y) 7−→ , .
x2 x2
Lemma 25.4.1. If ϕ : E → E 0 is an isogeny, then E and E 0 have good/bad reduction at the
same primes.
Proof. (Move?) Silverman VII.7.2.
Let S be the set of primes of bad reduction for E and E 0 ; that is,

S = {archimedean primes} ∪ {primes dividing ∆E 0 = 16(b0 )2 ((a0 )2 − 4b0 )}.

Set
K(S, 2) = {β ∈ K × /(K × )2 : ordv (β) ≡ 0 mod 2 for all v 6∈ S}.
Then E[ϕ] = {(0, 0), O} ∼
= µ2 as a Galois module, so by Kummer theory, there is a bijection

K(S, 2) −→ HS1 (K, E)

( √ √
0, if ( β)σ = β
β−
7 → ξ(β) : σ →
7 √ √
P, if ( β)σ = − β.
π
We use this correspondence to construct a ϕ-cover C →
− B corresponding to ξ(β). Consider
the field K(E)ξ defined as the set K(E) with twisted Galois action

Z : K(E) −→ K(E)ξ
f 7−→ Z(f )

such that Z(f )σ = Z(f σ ◦ τξ(β)σ ). Then K(E)G

ξ , the fixed field of K(E)ξ under the Galois
K

action of GK defined above, is a function field. Let Cβ be the corresponding curve (by

457
25.4. Descent Chapter 25. The Mordell-Weil Theorem

Proposition 22.2.2). Looking at the addition formula (Proposition 23.3.2) for E, one can
compute the translation map τP = τ(0,0) to be
 
b by
τP (x, y) = ,− .
x x2
√ √ √
Let L = K( β), so that GL/K = hσi where σ : β 7→ − β. Then L(E)ξ = L(x, y)/(y 2 −
x(x2 + ax + b)) with
p p b by
( β)σ = − β, xσ = and y σ = − .
x x2
√
βx √
 2
Observe that z = y
and w = β x − xb xy are GL/K -invariant and satisfy the equation

Y : βw2 = β 2 − 2aβz 2 + (a2 − 4b)z 4 .

In fact, Y is a nonsingular (since b(a2 − 4b) 6= 0 by nonsingularity of E) hyperelliptic curve

of genus 1. We claim that Y = Cβ .
Over L, there is a bijection

θ : E r {(0, 0), O} −→ Cβ
√    2 !
βx p b x
(x, y) 7−→ (z, w) = , β x− .
y x y
x xy y
Since y
= y2
= x2 +ax+b
,
this can be extended to all points Q ∈ E by
 √ √
β(x2 − b)

βy
 x2 + ax + b , x2 + ax + b , Q 6= (0, 0), O



θ(Q) = √
(0, − β), Q = (0, 0)
(0, √β),



Q = O.

One can also compute the inverse α = θ−1 explicitly:

α : Cβ −→ E
√ √ 
βw − az 2 + β βw − a βz 2 + β β
√
(z, w) 7−→ , .
2z 2 2z 3
Thus θ and α are isomorphisms.
Now consider the diagram
π
Cβ E0

α id

E ϕ E0

458
25.4. Descent Chapter 25. The Mordell-Weil Theorem

 
β βw
where π is given by (z, w) 7→ 2
, − 3 . Then π = ϕ ◦ α so π : Cβ → E 0 is a ϕ-cover.
z z
π
− E 0 is ξ(β).
Lemma 25.4.2. The cocycle associated to Cβ →

Now recall that the connecting morphism δ : E 0 (K)/ϕE(K) → Sel(ϕ) (E/K) is given by
δ(P 0 ) : σ 7→ Qσ − Q where ϕ(Q) = P 0 . Note that ϕ(O) = O, so when P 0 = O, δ(O) : σ 7→ O
and thus 1 ∈ K(S, 2). If P 0 = P= (0, 0), the2-torsion point, then Q must have y = 0 and
√
2
x a root of x2 + ax + b, so Q = −a± 2a −4b , 0 . This implies
( √
σ O, if σ acts trivially on a2 − 4b
ξ(β)ξ = Q − Q =
(0, 0), otherwise.

From this, we see that β = a2 − 4b, so δ(P ) = β ∈ K(S, 2). Finally, for P 0 = (x, y) 6= (0, 0),
π
one can show that δ(P 0 ) = δ(x, y) = x. These explicit ϕ-covers Cβ → − E 0 allow us to pull
back to generators of E 0 (K)/ϕE(K), as demonstrated in the next examples.

Example 25.4.3. Let E be the elliptic curve over Q defined by

E : y 2 = x3 − 6x2 + 17x.

Our goal is to compute E(Q)/2E(Q). First, ∆ = −147968 = −29 · 172 , so S = {∞, 2, 17}
and Q(S, 2) = {±1, ±2, ±17, ±34}. The above formulas for E 0 and the ϕ-covers Cβ give the
following curves:

E 0 : y 2 = x3 + 12x2 − 32x
Cβ : βw2 = β 2 + 12βz 2 − 32z 4 , β ∈ Q(S, 2).

Notice that δ(0, 0) = a2 − 4b = −32 ≡ −2 mod (Q× )2 so the ϕ-cover C−2 is the image
under δ of (0, 0). Hence [C−2 ] is trivial in X(E/Q)[ϕ]. (In particular, this shows that E has
a point over Q!)
For β = 2, we get the ϕ-cover

C2 : 2w2 = 4 + 24z 2 − 32z 4 .

Setting t = 2z, we can write this as

C2 : w2 = 2 + 3t2 − t4 .
1


Notice that (t, w) = (1, 2) is a point on C 2 , corresponds to a point (z, w) = 2
, 2 on E, and
1 0


hence π 2 , 2 = (8, −32) ∈ E (Q). Once again, by Proposition 25.3.9, [C2 ] is trivial in the
Tate-Shafarevich group.
Next, let β = 17. The corresponding ϕ-cover is

C17 : 17w2 = 172 + 12 · 17z 2 − 32z 4 .

459
25.4. Descent Chapter 25. The Mordell-Weil Theorem

Here we show that [C17 ] 6∈ Sel(ϕ) (E/Q). Suppose to the contrary that there exists a point
(z, w) ∈ C17 (Q17 ). Then ord17 (17w2 ) is odd and ord17 (32z 4 ) is even, which implies that
ord17 (172 + 12 · 17z 2 − 32z 4 ) 6= ord17 (32z 4 ) = 4 ord17 (z). On the other hand,

ord17 (172 + 12 · 17z 2 − 32z 4 ) ≥ min{2, 1 + 2 ord17 (z), 4 ord17 (z)}

and the only way this is possible is if ord17 (z) > 0. However, this contradicts the defining
equation for C17 . Hence C17 (Q17 ) = ∅, so by Theorem 25.3.7, [C17 ] 6∈ Sel(ϕ) (E/Q). Further,
since Sel(ϕ) (E/Q) is a group, we must have [C−17 ], [C34 ], [C−34 ] 6∈ Sel(ϕ) (E/Q) as well. We
have therefore shown that

Sel(ϕ) (E/Q) = {C1 , C−1 , C2 , C−2 } ∼

= {±1, ±2}.

Further, X(E/Q)[ϕ] = 0 so we have an isomorphism E 0 (Q)/ϕE(Q) ∼ = Sel(ϕ) (E/Q) ∼

=
Z/2Z × Z/2Z.
b : E 0 → E. Here, we still have Q(S, 2) = {±1, ±2, ±17, ±34}
Now consider the dual isogeny ϕ
and one can determine the following formulas for ϕ-covers:
b

Cβ0 : βw2 = β 2 − 24βz 2 + 272w4 , β ∈ Q(S, 2).

Observe that if β < 0, Cβ0 (R) = ∅ since the signs don’t alternate. Also, δ(0, 0) = 272 =
24 · 17 ≡ 17 mod (Q× )2 so C170
is the image of (0, 0) ∈ E 0 (Q)/ϕE(Q)
b under δ. Lastly, for
β = 2, we have
C20 : 2w2 = 4 − 12t + 17t4
(with t = 2z). A similar proof as above shows that C20 (Q2 ) = ∅, so [C20 ] 6∈ Sel(ϕ)
b
(E 0 /Q). In
all, this shows that
Sel(ϕ)
b
(E 0 /Q) = {C1 , C17 } ∼
= {1, 17},
but C1 and C17 are images under δ of the points O and (0, 0), respectively, so X(E 0 /Q)[ϕ]b =0
in this case.
Let’s put this together to determine the weak Mordell-Weil group E(Q)/2E(Q). From
above, E 0 (Q)/ϕE(Q) ∼ = Z/2Z × Z/2Z, where the generators are (0, 0) and (8, −32). On
the other hand, the previous paragraph implies that E(Q)/ϕE b 0 (Q) ∼
= Sel(ϕ)b
(E 0 /Q) ∼
= Z/2Z,
with explicit generator (0, 0). The composition ϕ ◦ ϕ
b = [2] gives us an exact sequence

E 0 (Q)[ϕ] E(Q) E(Q) E 0 (Q)

0→ → → → → 0.
b
ϕ(E(Q)[ϕ]) b 0 (Q)
ϕE 2E(Q) ϕE(Q)
Inserting the terms we know, this becomes
E(Q)
0 → Z/2Z → Z/2Z → → Z/2Z × Z/2Z → 0.
2E(Q)

Hence by exactness, E(Q)/2E(Q) = h(0, 0), (8, −32)i ∼

= Z/2Z × Z/2Z. Furthermore, since
Etors (Q) = E(Q)[2] ∼
= Z/2Z = h(0, 0)i, we deduce that (8, −32) is a point of infinite order
on E(Q). This implies the final result:

E(Q) = h(0, 0), (8, −32)i ∼

= Z/2Z × Z.

460
25.4. Descent Chapter 25. The Mordell-Weil Theorem

In the above example, we were able to determine X(E/Q)[ϕ] = 0 and X(E 0 /Q)[ϕ] b =0
and use this to deduce E(Q)/2E(Q), and ultimately E(Q). However, sometimes one may
discover a ϕ-cover Cβ not mapping to the trivial class in X(E/Q)[ϕ]. In such a situation,
one may require a method known as ‘second descent’ (cf. Cremona’s paper entitled “Higher
Descents on Elliptic Curves”). Let ϕ : A → B and ϕ b : B → A be dual isogenies such that
ϕ◦ϕ b = [m]. Then we have a commutative diagram with exact rows and columns:

0 0 0 0

0 H A(Q)/ϕB(Q)
b B(Q)/mB(Q) B(Q)/ϕA(Q) 0

0 H Sel(ϕ)
b
(B/Q) Sel(m) (B/Q) Sel(ϕ) (A/Q) 0

0 X(B/Q)[ϕ]
b X(B/Q)[m] X(A/Q)[ϕ] 0

0 0 0

(Here, H = B(Q)[ϕ]/ϕ(A(Q)[ϕ]).)
b Take C ∈ Sel(ϕ) (A/Q) and use exactness of the middle
row to find a lift D ∈ Sel(m) (B/Q); then these are ϕ- and ϕ-covers,
b respectively:
$ π
D C B
∼
= ∼
= id
B A ϕ B
ϕ
b

Such a D is called a descendant of C. The key insight is that a point on D (over any field,
but in particular over local fields) gives a point on C via $. In general, points on D will
have smaller height than those on C (see Section 25.5), so it will be easier in theory to find
points on D.
If points cannot be found on D, replace ϕ with [m], ϕ b with [m] and m = deg ϕ with
m2 = deg[m] and repeat the argument. In principle, this can be repeated indefinitely.
However, each step yields an exact sequence:

0 → B(Q)/ϕA(Q) → Sel(ϕ,j) (A/Q) → mj X(A/Q)[mj ] → 0

j
where, for j ≥ 2, Sel(ϕ,j) (A/Q) denotes the elements of Sel(ϕ) (A/Q) coming from Sel(m ) (A/Q).
Eventually, the last term in these sequences becomes 0 as long as the Tate-Shafarevich group

461
25.4. Descent Chapter 25. The Mordell-Weil Theorem

X(A/Q) is not infinitely m-divisible. It is conjectured that this is true for all elliptic curves,
but has not been proven. Thus it is believed that the descent procedure always terminates
in a finite number of steps. (In fact, the Birch-Swinnerton-Dyer Conjecture would imply
that the Tate-Shafarevich group is always finite, in which case descent always terminates.)

Example 25.4.4. For D ∈ Z, let

E : y 2 = x3 + Dx

be the congruent number elliptic curve (see Section 20.1). For simplicity, we will assume
D = p, a prime number congruent to 1 mod 8. Then ∆E = −4p3 and S = {∞, 2, p}, so
Q(S, 2) = {±1, ±2, ±p, ±2p}. One can show using normal means that Etors (Q) = h(0, 0)i ∼ =
Z/2Z. Further, we have the following formulas for the ϕ- and ϕ-covers
b in the Selmer groups:

Cβ : βw2 = β 2 − 4pz 4 in Sel(ϕ) (E/Q)

Cβ0 : βw2 = β 2 + pz 4 in Sel(ϕ)
b
(E 0 Q).

For the 2-torsion point P = (0, 0), notice that δ(P ) = −4p3 ≡ −p mod (Q× )2 and δ(P
b )≡p
× 2 (ϕ) 0 (ϕ) 0
mod (Q ) . So C−p ∈ Sel (E/Q) and Cp ∈ Sel (E /Q). Also, if β < 0, the coefficients in
b

the second equation above fail to alternate, so Cβ0 (R) = ∅. Consider the ϕ-cover
b for β = 2:

C20 : 2w2 = 4 + pz 4 .

Over Q2 , any point (z, w) must then satisfy 1 + 2 ord2 (w) ≥ min{2, 4 ord2 (z)}, but 2 and
4 ord2 (z) are both even and never equal, so the inequality is an equality. However, 1 +
2 ord2 (w) is odd, so this is impossible. Hence C20 (Q2 ) = ∅, and thus C20 6∈ Sel(ϕ)
b
(E 0 /Q). We
have now shown that Sel(ϕ) b
(E 0 /Q) = {1, p}.
(ϕ)
To finish computing Sel (E/Q), we have

C−1 : −w2 = 1 − 4pz 4 , or w2 + 1 = 4pz 4 .

Over Fp , the reduction C e−1 (Fp ) is given by w2 + 1 = 0, and since we assumed p ≡ 1

(mod 8), there is a solution by quadratic reciprocity. Check that this point is nonsingular
on the reduction, so that
it lifts to a point of C−1 (Qp ). Now over Q2 , make the change of
z w
variables (z, w) 7→ 4 , 8 so that the ϕ-cover C−1 is given by

C−1 : w2 + 64 = pz 4 .

Then (1, 1) is a solution mod 8 and satisfies Hensel’s criterion, so C−1 (Q2 ) 6= ∅. This proves
C−1 ∈ Sel(ϕ) (E/Q).
Now for β = −2, the cover is given by

C−2 : −2w2 = 4 − 4pz 4 , or w2 + 2 = 2pz 4 .

Over Fp , the equation becomes w2 + 2 = 0 which again has a solution since p ≡ 1 (mod 8).
As above, one can check that the point is nonsingular and then lift it to a point of C−2 (Qp ).
Likewise, the proof that C−2 (Q2 ) is nonempty is similar.

462
25.4. Descent Chapter 25. The Mordell-Weil Theorem

The above work shows that Sel(ϕ) (E/Q) = {±1, ±2, ±p, ±2p}. Now consider the se-
quences
E 0 (Q)[ϕ] E 0 (Q) E(Q) E(Q)
0→ → → → →0
b
(A)
ϕ(E(Q)[ϕ]) ϕE(Q) 2E(Q) b 0 (Q)
ϕE
E 0 (Q)
0→ → Sel(ϕ) (E/Q) → X(E/Q)[ϕ] → 0 (B)
ϕE(Q)
0 → X(E/Q)[ϕ] → X(E/Q)[2] → X(E 0 /Q)[ϕ] b → 0. (C)
The terms in all three sequences are F2 -vector spaces, so we can add dimensions as follows:
 0     0   
E (Q)[ϕ]b E(Q) E (Q) E(Q)
dim + dim = dim + dim
ϕ(E(Q)[2]) 2E(Q) ϕE(Q) b 0 (Q)
ϕE
= dim Sel(ϕ) (E/Q) − dim X(E/Q)[ϕ]
+ dim Sel(ϕ)
b
(E 0 /Q) − dim X(E 0 /Q)[ϕ]
b
(where dim = dimF2 ). On the other hand, E(Q)/2E(Q) = (Z/2Z)1+rank(E) , by the proof
of Lemma 25.2.6, and since Etors (Q) = Z/2Z, we must have Z/2Z ⊆ E(Q)/ϕE b 0 (Q). By
(ϕ)
b 0 (Q) injects into Sel (E 0 /Q) = {1, p}, so we must have
sequence (B) however, E(Q)/ϕE b

b (Q) = Z/2Z. This further implies that X(E 0 /Q)[ϕ]

E(Q)/ϕE 0
b = 0 in sequence (B). Finally,
sequence (C) gives us dim X(E/Q)[ϕ] = dim X(E/Q)[2]. Putting these together with the
dimension formula, we get
1 + (1 + rank(E)) = dim Sel(ϕ) (E/Q) + dim Sel(ϕ)
b
(E 0 /Q) − dim X(E/Q)[2]
= 3 + 1 − dim X(E/Q)[2].
So dim X(E/Q)[2] + rank(E) = 2. By Cassel’s pairing (Theorem 25.2.9), dim X(E/Q)[2]
is even, so each of {dim X(E/Q)[2], rank(E)} can be either 0 or 2. In fact, both situations
occur. For example, the congruent number curve
E : y 2 = x3 + 73x
9 411


has rank 2 and has rational points 16 , 64 and (36, 222) which generate E(Q).
To find an example which has rank(E) = 0, assume 2 is a quartic non-residue mod p
(e.g. p = 17 will work). Consider the β = ±2 covers:
C±2 : ±w2 = 2 − 2pz 4 .
r 2s


Suppose (z, w) ∈ C±2 (Q). Writing z in lowest terms, we may assume (z, w) = ,
t t2
, where
r, s, t ∈ Z are coprime integers satisfying
±2s2 = t4 − pr4 . (∗)
 
Let q be an odd prime factor of s. Then reducing (∗) mod p shows that pq = 1. On the
 
other hand, since p ≡ 1 (mod 8), quadratic reciprocity implies pq = 1 as well. Reciprocity
 
also implies p2 = 1, so if s = 2e0 q1e1 · · · qnen for distinct primes q1 , . . . , qn , then we can write
   e0  e2  en
s 2 q1 qn
= ··· = 1 · 1 · · · 1 = 1.
p p p p

463
25.4. Descent Chapter 25. The Mordell-Weil Theorem

quadratic residue mod p, which means s2 is a quartic

Hence s is a    residue mod p. From (∗),
±2s2
we get p
= 1, but Gauss’s quartic reciprocity implies −1
p
= 1 when p ≡ 1 (mod 8).
4  4
So this means p2 = 1 by multiplicativity of the 4th power Legendre symbol. Thus in the
4
case when 2 is not a quartic residue mod p (as with p = 17), we must have C±2 (Q) = ∅.
This is exactly the condition that C±2 are nontrivial in X(E/Q)[2], so we have found an
entire class of elliptic curves for which X(E/Q)[2] is nontrivial. In particular, we find that
E has rank 0.
We can similarly show that C−1 is nontrivial in the Tate-Shafarevich group. Write

C−1 : −w2 = 1 − 4pz 4 .

r
, s


Suppose (z, w) ∈ C−1 (Q) and rewrite this as (z, w) = 2t 2t2
for r, s, t ∈ Z coprime such
that
s2 + 4t2 = pr4 . (∗∗)
Write p = a2 + b2 for a = 1 (mod 2) and b ≡ 0 (mod 2); this is possible by Fermat’s theorem
on primes of the form p = x2 + y 2 , since p ≡ 1 (mod 4). Using Gauss’s composition formulas
for quadratic forms, one can write

(pr2 + 2bt2 )2 = p(br2 + 2t2 )2 + a2 s2

=⇒ (pr + 2bt2 − as)(pr + 2bt2 + as) = p(br2 + 2t2 )2 .

These together imply that for some u, v ∈ Z,


2 2
br + 2t = uv or 2uv

pr2 + 2bt2 ± as = pu2 or 2pu2

 2
pr + 2bt2 ∓ as = v 2 or 2v 2 .

The second and third lines combine to give us

(
2pr2 + 4bt2 = pu2 + v 2
(†) =
br2 + 2t2 = uv.
   
2 2
By quartic reciprocity, p
= (−1)ab/4 , but by assumption p
6= 1, so 8 - b. Thus b ≡ 0
4 4
(mod 2) implies that b ≡ 4 (mod 8). Reducing (†) mod 8 yields
(
2r2 = u2 + v 2
4r2 + 2t2 = uv.

These imply u and v are both even, so r is even and therefore so is t. But this contradicts
the assumption that r and t are coprime. Hence C−1 (Q) = ∅.

464
25.5. Heights Chapter 25. The Mordell-Weil Theorem

25.5 Heights
Fix an elliptic curve in short Weierstrass form

E : y 2 = x3 + Ax + B, A, B ∈ Z.

Definition. For any t ∈ Q, write t = pq for coprime integers p, q ∈ Z. The height of t is

defined by H(t) = max{|p|, |q|}. Next, for a point P = [x0 , . . . , xN ] ∈ PNQ , we may assume
gcd(x0 , . . . , xN ) = 1. Then the height function H : PN
Q → R ≥0 is defined by

H(P ) = max{|xi | : 0 ≤ i ≤ N }

for all P = [x0 , . . . , xN ] ∈ PN

Q , and H(∞) = 1.

Setting h(P ) = log H(P ) defines a function

h : PN
Q −→ R≥0 .

This can be extended to any field extension K/Q by

1 X
h(P ) = log max{|xi |v : 0 ≤ i ≤ N }
[K : Q] v

for any P = [x0 , . . . , xN ] ∈ PN (K), where the sum is over all valuations v on K and |x|v =
(#OK /pv )− ordv (x) is the normalized pv -adic valuation on K.

Proposition 25.5.1. Let E be an elliptic curve over Q and fix P0 ∈ E(Q). Then

(1) There is some constant C1 , which depends on P0 , A and B, such that h(P + P0 ) ≤
2h(P ) + C1 for all P ∈ E(Q).

(2) There is some constant C2 , which depends only on A and B, such that h([2]P ) ≥
4h(P ) − C2 for all P ∈ E(Q).

(3) {P ∈ E(Q) : h(P ) < B} is a finite set for all B > 0.

Proof. Silverman.

Remark. More generally, any projective embedding X ,→ PN k of a variety gives a height

function. Recall (Section 22.3) that such embeddings arise from very ample divisors. The
whole theory of heights can be derived from this perspective (see Diophantine Geometry by
Hindry-Silverman).

Definition. The canonical height function for any extension K/Q is defined for a point
P ∈ PN
Q (K) by
1
ĥ(P ) := lim n h([2n ]P ).
n→∞ 4

Proposition 25.5.2. The canonical height function for any elliptic curve E satisfies

465
25.5. Heights Chapter 25. The Mordell-Weil Theorem

(i) For all B > 0, the set {P ∈ E(Q) : ĥ(P ) < B} is finite.

(ii) For each m ∈ Z and each point P ∈ E(Q), ĥ([m]P ) = m2 ĥ(P ).

(iii) The pairing hP, Qi = 21 (ĥ(P + Q) − ĥ(P ) − ĥ(Q)) is symmetric and bilinear.

Proof. Silverman.
We are now prepared to give the proof the full Mordell-Weil theorem using the weak
version (Corollary 25.2.8) and heights.

Theorem 25.5.3 (Mordell-Weil). For every elliptic curve E over Q, the group E(Q) is
finitely generated.

Proof. Fix m ∈ Z. By Corollary 25.2.8, the weak Mordell-Weil group E(Q)/mE(Q) is

finitely generated, soqpick generators P1 , . . . , Ps ∈ E(Q)/mE(Q). Set c0 = max{|Pi | : 1 ≤
i ≤ s}, where |P | = ĥ(P ) for any P ∈ E(Q). By Proposition 25.5.2(i), it’s enough to show
that S := {P ∈ E(Q) : |P | ≤ c0 } generates E(Q), since this set is finite. The proof follows
Fermat’s strategy of ‘descent’.
Suppose Q0 ∈ E(Q). If Q0 6∈ S, then |Q0 | > c0 . Since E(Q)/mE(Q) is finitely generated,
we may write Q0 = Pi1 + mQ1 for some Pi1 , Q1 ∈ E(Q). Now
q q
m|Q1 | = m ĥ(Q1 ) = m2 ĥ(Q1 )
q
= ĥ(mQ1 ) = |mQ1 | by Proposition 25.5.2(ii)
= |Q0 − Pi1 | ≤ |Q0 | + |Pi1 | from Proposition 25.5.2(iii)
< 2|Q0 | since |Q0 | > c0 ≥ |Pi1 |.

So |Q1 | ≤ |Q0 |. Now repeat: either Q1 ∈ S or |Q1 | > c0 . In the latter case, Q1 = Pi2 + mQ2
for Pi2 , Q2 ∈ E(Q) satisfying |Q2 | ≤ |Q1 | ≤ |Q0 |. Now, by Proposition 25.5.2(i), the set
{P ∈ E(Q) : |P | ≤ |Q0 |} is finite, so this descent process must terminate. This shows that
Q0 is a sum of elements of S, so S generates E(Q) and the theorem is proven.

466
Chapter 26

Elliptic Curves and Complex Analysis

In this chapter we review the classical theory of complex algebraic curves, starting with the
construction and basic properties of elliptic functions, their connection to elliptic curves and
their Jacobians, and then describing the construction in arbitrary dimension.

467
26.1. Elliptic Functions Chapter 26. Elliptic Curves and Complex Analysis

26.1 Elliptic Functions

Let Λ ⊆ C be a lattice, i.e. a free abelian subgroup of rank 2. Then Λ can be written
ω1
Λ = Zω1 + Zω2 for some ω1 , ω2 ∈ C such that 6∈ R.
ω2
Definition. A function f : C → C ∪ {∞} is doubly periodic with lattice of periods Λ
if f (z + `) = f (z) for all ` ∈ Λ and z ∈ C.
Definition. An elliptic function is a function f : C → C ∪ {∞} that is meromorphic and
doubly periodic.
It is not obvious that doubly periodic functions even exist! We will prove this shortly.
Definition. Let Λ ⊆ C be a lattice. The set

Π = Π(ω1 , ω2 ) = {t1 ω1 + t2 ω2 | 0 ≤ ti < 1}

is called the fundamental parallelogram, or fundamental domain, of Λ. We say a

subset Φ ⊆ C is fundamental for Λ if the quotient map C → C/Λ restricts to a bijection
on Φ.

ω1

ω2
Π

Lemma 26.1.1. For any choice of basis [ω1 , ω2 ] of Λ, Π(ω1 , ω2 ) is fundamental for Λ.
Lemma 26.1.2. Let Λ be a lattice. Then
(a) If Π is the fundamental domain of Λ, then for any α ∈ C, Πα := Π + α is fundamental
for Λ.
[
(b) If Φ is fundamental for Λ, then C = Φ + `.
`∈Λ

Corollary 26.1.3. Suppose f is an elliptic function with lattice of periods Λ and Φ funda-
mental for Λ. Then f (C) = f (Φ).

468
26.1. Elliptic Functions Chapter 26. Elliptic Curves and Complex Analysis

Proposition 26.1.4. A holomorphic elliptic function is constant.

Proof. Let f be such an elliptic function and let Φ be the fundamental domain for its lattice
of periods. Then Π is compact and hence f (Π) is as well. In particular, f (C) = f (Π) ⊆ f (Π)
is bounded, so by Liouville’s theorem, f is constant.
The prominence of tools from complex analysis (e.g. Liouville’s theorem in the above
proof) is obvious in the study of elliptic functions. Another important result for computations
is the residue theorem:
Theorem (Residue Theorem). For any meromorphic function f on a region R ⊆ C, with
isolated singularities z1 , . . . , zk ∈ R. Then if ∆ = ∂R,
Z k
X
f (z) dz = 2πi Res(f ; zi ).
∆ i=1

Proposition 26.1.5. Let f be an elliptic function. If α ∈ C is a complex number such that

∂Πα does not contain any of the poles of f , then the sum of the residues of f inside ∂Πα
equals 0.
Proof.R Fix a basis [ω1 , ω2 ] of Λ and set ∆ = ∂Πα . By the residue theorem, it’s enough to
show ∆ f (z) dz = 0. We parametrize the boundary of Π as follows:
γ1 = α + tω1
γ2 = α + ω1 + tω2
γ3 = α + (1 − t)ω1 + ω2
γ4 = α + (1 − t)ω2 .
γ3

γ4 Πα γ2

γ1
α

R R R R
We show that γ1 f (z) dz+ γ3 f (z) dz = 0 and leave the proof that γ2 f (z) dz+ γ2 f (z) dz = 0
for exercise. Consider
Z Z Z 1 Z 1
f (z) dz + f (z) dz = f (α + tω1 )(ω1 dt) + f (α + (1 − t)ω1 + ω2 )(−ω1 dt)
γ1 γ3 0 0
Z 1 Z 0
= ω1 f (α + tω1 ) dt + ω1 f (α + sω1 ) ds since f is elliptic
0 1
Z 1 Z 1 
= ω1 f (α + tω1 ) dt − f (α + sω1 ) ds = 0.
0 0

Hence the sum of the residues equals 0.

469
26.1. Elliptic Functions Chapter 26. Elliptic Curves and Complex Analysis

Corollary 26.1.6. Any elliptic function has either a pole of order at least 2 or two poles on
the fundamental domain of its lattice of periods.
Proposition 26.1.7. Suppose f is an elliptic function with fundamental domain Π and
n
α ∈ C such that ∆ = ∂Πα does not contain any zeroes or poles of f . LetPn {aj }j=1 be a finite
set of zeroes and poles in Πα , with mj the order of the pole aj . Then j=1 mj = 0.
Proof. For a pole z0 , we can write f (z) = (z − z0 )m g(z) for some holomorphic function g(z),
with g(z0 ) 6= 0. Then
f 0 (z) g 0 (z)
 
−1
= (z − z0 ) m + (z − z0 ) .
f (z) g(z)
 0 
Hence Res ff ; z0 = m. Then the statement follows from Proposition 26.1.5.

Proposition 26.1.7 may be viewed as a complex-geometric analogue of the statement for

algebraic curves in Corollary 22.2.6: the divisor of a rational function on an algebraic curve
has degree zero.
Continuing in the complex setting, let f be an elliptic function and let a1 , . . . , ar be the
poles and zeroes of f in the fundamental domain of Λ. Write ordai fP= mi if ai is a pole
of order −mi or if ai is a zero of multiplicity mi . The sum ord(f ) = ri=1 mi is called the
order of f . Then Corollary 26.1.6 says that there are no elliptic functions of order 1. We
will show that the field of elliptic functions with period lattice Λ is generated by an order 2
and an order 3 function.
Let f be elliptic and z0 ∈ C with ordz0 f = m. Then for any ` ∈ Λ, ordz0 +` f = m as
well. Indeed, if z0 is a zero then
0 = f (z0 ) = f (z0 ) = . . . = f (m−1) (z0 )
but f (k) (z) is also elliptic for all k ≥ 1. If z0 is a pole of f , the same result can be obtained
using f1 instead of f .
If Φ1 and Φ2 are any two fundamental domains for Λ, then for all a1 ∈ Φ1 , there is a
unique a2 ∈ Φ2 such that a2 = a1 + ` for some ` ∈ Λ. Thus Propositions 26.1.5 and 26.1.7
hold for any fundamental domain of Λ, so it follows that ord(f ) is well-defined on the quotient
C/Λ.
Now given any meromorphic function f (z) on C, we would like to construct an elliptic
function F (z) with lattice Λ. Put
X
F (z) = f (z + `).
`∈Λ

There are obvious problems of convergence and (in a related sense) the order of summation.
It turns out we can do this construction with f (z) = z1m , m ≥ 3 though. First, we need the
following result from complex analysis, which can be proven using Cauchy’s integral formula
and Morera’s theorem.
Lemma 26.1.8. Let U ⊆ C be an open set and suppose (fn ) is a sequence of holomorphic
functions on U such that fn → f uniformly on every compact subset of U . Then f is
holomorphic on U and fn0 → f 0 uniformly on every compact subset of U .

470
26.1. Elliptic Functions Chapter 26. Elliptic Curves and Complex Analysis

Proposition 26.1.9. Let Λ be a lattice with basis [ω1 , ω2 ]. Then the sum
X 1
|ω|s
ω∈Λr{0}

converges for all s > 2.

Proof. Extend the fundamental domain by translation by the vectors ω1 , ω2 and ω1 + ω2 ,

and call the boundary of the resulting region ∆:

Λ Λ
∆

Λ Λ

Then ∆ is compact, so there exists c > 0 such that |z| ≥ c for all z ∈ ∆. We claim that for
all m, n ∈ Z,
|mω1 + nω2 | ≥ c · max{|m|, |n|}.
The cases when m = 0 or n = 0 are trivial, so without loss of generality assume m ≥ n > 0.
Then  n 
|mω1 + nω2 | = |m| ω1 + ω2  ≥ |m|c.

m
Hence the claim holds. Set M = max{|m|, |n|} and arrange the sum in question so that the
1
|ω|s
are added in order of increasing M values. Then the sum can be estimated by
∞ ∞
X 1 X 8M X 1
s
≤ s s
∼ .
|ω| M =1
cM M =1
M s−1
ω∈Λr{0}

This converges for s > 2 by p-series.

Proposition 26.1.10. Let n ≥ 3 and define

X 1
Fn (z) = .
ω∈Λ
(z − ω)n

Then Fn (z) is holomorphic on C r Λ and has poles of order n at the points of Λ. Moreover,
Fn is doubly periodic and hence elliptic.

Proof. Fix r > 0 and let Br = Br (0) be the open complex r-ball centered at the origin in C.
Let Λr = Λ ∩ B r be the lattice points contained in the closed r-ball. Then the function
X 1
Fn,r (z) =
ω∈ΛrΛr
(z − ω)n

471
26.1. Elliptic Functions Chapter 26. Elliptic Curves and Complex Analysis

1 C
is holomorphic on Br . To see this, one has |z−ω| n ≤ |ω|n for some constant C and for all

z ∈ Br , ω ∈ Λ r Λr . Then |ω|Cn converges by Proposition 26.1.9, so by the Weierstrass M -test,

1
|z−ω|n
converges uniformly and hence Fn,r (z) is holomorphic. It follows from the definition
that Fn has a pole of order n at each ω ∈ Λ. Finally, for ` ∈ Λ, we have
X 1 X 1
Fn (z + `) = n
= n
= Fn (z)
ω∈Λ
(z + ` − ω) η∈Λ
(z − η)

since the series is absolutely convergent and we can rearrange the terms.
This shows that elliptic functions exist and more specifically that for each n ≥ 3, there
is at least one elliptic function of order n. Unfortunately the previous proof won’t work
to construct an elliptic function of order 3. However, Weierstrass discovered the following
elliptic function.
Definition. The Weierstrass ℘-function for a lattice Λ is defined by
1 X  1 1

℘(z) = 2 + − .
z (z − w)2 ω 2
ω∈Λr{0}

Theorem 26.1.11. For any lattice Λ, ℘(z) is an elliptic function with poles of order 2 at
the points of Λ and no other poles. Moreover, ℘(−z) = ℘(z) and ℘0 (z) = −2F3 (z).
Proof. (Sketch) To show ℘(z) is meromorphic, one estimates the summands by
 
 1 1  D
 (z − ω)2 − ω 2  ≤ |ω|3


for some constant D and all z ∈ Br , ω ∈ Λ r Λr as in the previous proof.

Next, ℘(z) can be differentiated term-by-term to obtain the expression ℘0 (z) = −2F3 (z).
And proving that ℘(z) is odd is straightforward:
1 X  1 1

℘(−z) = + −
(−z)2 (−z − ω)2 ω 2
ω∈Λr{0}
 
1 X 1 1
= 2+ − = ℘(z)
z (z − (−ω))2 (−ω)2
−ω∈Λr{0}

after switching the order of summation.

Finally, proving ℘(z) is doubly periodic is difficult since we don’t necessarily have absolute
convergence. However, one can reduce to proving ℘(z + ω1 ) = ℘(z) = ℘(z + ω2 ). Then using
the formula for ℘0 (z), we have
d
[℘(z + ω1 ) − ℘(z)] = −2F3 (z + ω1 ) + 2F3 (z)
dz
= −2F3 (z) + 2F3 (z) = 0
since F3 (z) is elliptic by Proposition 26.1.10.
Hence ℘(z
+ ω1 ) − ℘(z) = c is constant.
Evaluating at z = − ω21 , we see that c = ℘ ω21 − ℘ − ω21 = 0 since ℘(z) is odd. Hence
c = 0, so it follows that ℘(z) is doubly periodic and therefore elliptic.

472
26.1. Elliptic Functions Chapter 26. Elliptic Curves and Complex Analysis

Lemma 26.1.12. Let ℘(z) be the Weierstrass ℘-function for a lattice Λ ⊆ C and let Π be
the fundamental domain of Λ. Then

(1) For any u ∈ C, the function ℘(z) − u has either two simple roots or one double root
in Π.

(2) The zeroes of ℘0 (z) in Π are simple and they only occur at ω21 , ω22 and ω1 +ω
2
2
.

(3) The numbers u1 = ℘ ω21 , u2 = ℘ ω22 and u3 = ℘ ω1 +ω

2
2
are precisely those u for
which ℘(z) − u has a double root.

Proof. (1) follows from Corollary 26.1.6.

(2) By Theorem 26.1.11, deg ℘0 (z) = 3 so it suffices to show that ω21 , ω22 and ω1 +ω2
2
are all
roots. For z = ω21 , we have
ω   ω  ω  ω 
1 1 1 1
℘0 = −℘0 − = −℘0 − ω1 = −℘0
2 2 2 2
since ℘0 (z) is elliptic. Thus ℘0 ω21 = 0. The others are similar.

(3) The double roots occur exactly when ℘0 (u) = 0, so use (2).
We now prove that any elliptic function can be written in terms of ℘(z) and ℘0 (z).

Theorem 26.1.13. Fix a lattice Λ ⊆ C and let E(Λ) be the field of all elliptic functions with
lattice of periods Λ. Then E(Λ) = C(℘, ℘0 ).

Proof. Take f (z) ∈ E(Λ). Then f (−z) ∈ E(Λ) as well and thus we can write f (z) as the
sum of an even and an odd elliptic function:

f (z) + f (−z) f (z) − f (−z)

f (z) = feven (z) + fodd (z) = + .
2 2
We will prove that every even elliptic function is rational in ℘(z), but this will imply the
theorem, since then feven (z) = ϕ(℘(z)) and f℘odd (z)
0 (z) = ψ(℘(z)) for some ϕ, ψ ∈ C(℘(z)) and
0
we can then write f (z) = ϕ(℘(z)) + ℘ (z)ψ(℘(z)).
Assume f (z) is an even elliptic function. It’s enough to construct ϕ(℘(z)) such that
f (z)
ϕ(℘(z))
only has (potential) zeroes and poles at z = 0 in the fundamental parallelogram for
f (z)
Λ, since then by Corollary 26.1.6, ϕ(℘(z)) is holomorphic and then by Proposition 26.1.4
it is constant. Suppose f (a)

= 0 for a some zero of order m. Consider ℘(z) = u. If
ω1 ω2 ω1 +ω2



u 6= ℘ 2 , ℘ 2 , ℘ 2
then ℘(z) = u has precisely two solutions in the fundamental
parallelogram, z = a and z = a∗ where

ω1 + ω2 − a if a ∈ Int(Π)

∗
a = ω1 − a if a is parallel to ω1

ω2 − a if a is parallel to ω2 .


(Notice that since f is even, f (a) = 0 implies f (a∗ ) = 0 as well.) Moreover, if orda f = 0 then
orda∗ f = m. Note that a = a∗ holds precisely when a is in the set Θ := 0, ω21 , ω22 , ω1 +ω

2
2
.

473
26.1. Elliptic Functions Chapter 26. Elliptic Curves and Complex Analysis

Let Z (resp. P ) be the set of zeroes (resp. poles) of f (z) in Π. Then the assignment
a 7→ a∗ is in fact an involution on Z and P , so we can write

Z = Z10 ∪ · · · ∪ Zr0 ∪ Z100 ∪ · · · ∪ Zs00

P = P10 ∪ · · · ∪ Pu0 ∪ P100 ∪ · · · ∪ Pv00

where the Zi0 and Pi0 are the 2-element orbits of the involution and the Zj00 and Pj00 are the
1-element orbits. Of course then s, v ≤ 3. For a0i ∈ Zi0 , set orda0i f = m0i and for a00j ∈ Zj00 ,
set orda00i f = m00i , which is even. Likewise, for b0i ∈ Pi0 , set ordb0i f = n0i and for b00j ∈ Pj00 , set
ordb00i f = n00i which is even. Then we define ϕ(℘(z)) by

0 m0i 00 m00
Qr Qs
j /2
i=1 (℘(z) − ℘(ai )) j=1 (℘(z) − ℘(aj ))
ϕ(℘(z)) = Qu 0 n0i
Qv 00 nj
.
i=1 (℘(z) − ℘(bi )) j=1 (℘(z) − ℘(bj ))

Then ϕ(℘(z)) has only potential zeroes/poles at z = 0 in the fundamental parallelogram, so

we are done.

474
26.2. Elliptic Curves Chapter 26. Elliptic Curves and Complex Analysis

26.2 Elliptic Curves

Let Λ ⊆ C be a lattice. There is a canonical way to associate to the complex torus C/Λ
an elliptic curve E such that C/Λ ∼ = E(C). We would also like to reverse this process, i.e.
given an elliptic curve E, define a lattice Λ ⊆ C such that C/Λ ∼ = E(C). This procedure
generalizes for a curve C of genus g > 1 and produces its Jacobian, C ,→ Cg /Λ = J(C).
We need the following lemma from complex analysis.

Lemma 26.2.1. Suppose f0 , f1 , f2 , . . . is a sequence of analytic functions on the ball Br (z0 )

with Taylor expansions
X∞
(n)
fn (z) = ak (z − z0 )k .
k=0
P∞
Then if F (z) = n=0 fn (z) converges uniformly on Bρ (z0 ) for all ρ < r, each series Ak =
P∞ (n)
n=0 ak converges and F (z) has Taylor expansion
∞
X
F (z) = Ak (z − z0k ).
k=0

Let ℘(z) be the Weierstrass ℘-function for Λ. Then ℘0 (z)2 is an even elliptic function, so
by Theorem 26.1.13, ℘0 (z)2 ∈ C(℘). On a small enough neighborhood around z0 = 0,

1 X  1 1

℘(z) − 2 = −
z (z − ω)2 ω 2
ω∈Λr{0}

is analytic. Moreover, for each ω ∈ Λ r {0} we have

1 1 2z 3z 2
= + + 4 + ...
(z − ω)2 ω2 ω3 ω
2
1 1 2z 3z
=⇒ − = + 4 + ...
(z − ω)2 ω 2 ω2 ω

which is uniformly convergent. Hence Lemma 26.2.1 shows that

∞ ∞
1 X X k+1 k X
℘(z) − = z = (k + 1)Gk+2 z k
z2 k=1
ω k+2
k=1
ω∈Λr{0}

1
P
where Gm = Gm (Λ) := ω∈Λr{0} ω m . These Gm are examples of modular forms (see Sec-
tion 32.2).
1
P
Definition. The series Gm (Λ) = ω∈Λr{0} ω m is called the Eisenstein series for Λ of
weight m.

475
26.2. Elliptic Curves Chapter 26. Elliptic Curves and Complex Analysis

From the above work, we obtain the following formulas:

1
℘(z) = + 3G4 z 2 + 5G6 z 4 + 7G8 z 6 + . . .
z2
1
℘(z)2 = 4 + 6G4 + . . .
z
1 9G4
℘(z)3 = 6 + 2 + 15G6 + . . .
z z
2
℘0 (z) = − 3 + 6G4 z + . . .
z
4 24G4
℘0 (z)2 = 6 − 2 − 80G6 − . . .
z z
This implies:
Proposition 26.2.2. The functions ℘ and ℘0 satisfy the following relation:
℘0 (z)2 = 4℘(z)3 − g2 ℘(z) − g3
where g2 = 60G4 and g3 = 140G6 .
Consider the polynomial p(x) = 4x3 − g2 x − g3 , where the gn are defined for the lattice
Λ ⊆ C.
Proposition
26.2.3. p(x) = 4(x − u1 )(x − u2 )(x − u3 ) where u1 = ℘ ω21 , u2 = ℘ ω22 and

u3 = ℘ ω1 +ω
2
2
are distinct roots.
Thus (x, y) = (℘(z), ℘0 (z)) determine an equation y 2 = 4x3 −g2 x−g3 which is the defining
equation for an elliptic curve E0 over C. Let E = E0 ∪ {[0, 1, 0]} ⊆ P2 be the projective
closure of E0 . Denote the point [0, 1, 0] by ∞.
Theorem 26.2.4. The map
ϕ : C/Λ −→ E(C)
(
[℘(z), ℘0 (z), 1], z ∈
6 Λ
z + Λ 7−→ ϕ(z + Λ) =
[0, 1, 0], z∈Λ
is a bijective, biholomorphic map.
Proof. Assume z1 , z2 ∈ C are such that z1 + Λ 6= z2 + Λ. Without loss of generality we may
assume z1 , z2 ∈ Π, the fundamental domain of Λ (otherwise, translate). If ℘(z1 ) = ℘(z2 ) and
℘0 (z1 ) = ℘0 (z2 ), then
 with the notation of Theorem 26.1.13, we must have z2 = z1∗ 6= z1 and
thus z1 , z2 6∈ Θ = 0, ω21 , ω22 , ω1 +ω . Since ℘0 (z) is odd, we get ℘0 (z1 ) = ℘0 (z2 ) = −℘0 (−z2 ) =

2
2
−℘0 (z1 ), but this implies ℘(z1 ) = 0, contradicting z1 6∈ Θ. Therefore ϕ is one-to-one.
Next, we must show that for any (x0 , y0 ) ∈ E(C), x0 = ℘(z) and y0 = ℘0 (z) for some
z ∈ C. If ℘(z1 ) = x0 , then it’s clear that ℘0 (z1 ) = y0 or −y0 . Now one shows as in the
previous paragraph that we must have ℘0 (z1 ) = y0 .
Now consider F (x, y) = y 2 − p(x), where p(x) = 4x3 − g2 x − g3 . If (x0 , y0 ) satisfies
F (x0 , y0 ) = 0 and y0 6= 0, then ∂F ∂y
(x0 , y0 ) 6= 0 and thus the assignment (x, y) 7→ x is a local
chart about (x0 , y0 ). Likewise, (x, y) 7→ y defines a local chart about (x0 , y0 ) when x0 6= 0.
Finally, we conclude by observing that a locally biholomorphic map is biholomorphic.

476
26.2. Elliptic Curves Chapter 26. Elliptic Curves and Complex Analysis

Recall from Chapter 23 that an elliptic curve can be defined by a Weierstrass equation
E : y 2 = f (x) = ax3 + bx2 + cx + d.
X Y
This embeds into projective space via (x, y) 7→ [x, y, 1]. Setting x = Z
and y = Z
, we also
obtain a homogeneous equation for the curve:
E : ZY 2 = aX 3 + bX 2 Z + cXZ 2 + dZ 3 .
The single point at infinity, [0, 1, 0], can be studied by dehomogenizing via the coordinates
z̃ = YZ and x̃ = X
Y
, which yield
E : z̃ = ax̃3 + bx̃2 z̃ + ax̃z̃ 2 + dz̃ 3 .
We have shown that a lattice Λ ⊆ C determines elliptic functions ℘(z) and ℘0 (z) that satisfy
℘0 (z)2 = 4℘(z)3 − g2 ℘(z) − g3 and that this polynomial expression has no multiple roots.
Therefore the mapping z 7→ (℘(z), ℘0 (z)) determines a bijective correspondence C/Λr{0} →
E(C) r {∞} which can be extended to all of C/Λ → E(C) (this is Theorem 26.2.4). There
is a natural group structure on C/Λ induced from C, but what is not so obvious is that this
coincides precisely with the “chord-and-tangent” group law on E(C) from Section 23.3.
Theorem 26.2.5. The map ϕ : C/Λ → E(C) is an isomorphism of abelian groups.
Proof. Consider the diagram
ϕ×ϕ
C/Λ × C/Λ E(C) × E(C)

α β

C/Λ E(C)
ϕ

where α and β are the respective group operations. Since C/Λ × C/Λ is a topological group,
it’s enough to show the diagram commutes on a dense subset of C/Λ × C/Λ. Consider
e = {(u1 , u2 ) ∈ C2 | u1 , u2 , u1 ± u2 , 2u1 + u2 , u1 + 2u2 6∈ Λ}.
X
Then X e ∼
= C2 so X = X e mod Λ × Λ is dense in C/Λ × C/Λ. Take (u1 + Λ, u2 + Λ) ∈ X
and set u3 = −(u1 + u2 ). Then u1 + u2 + u3 = 0 in C/Λ. Set P = ϕ(u1 ), Q = ϕ(u2 ) and
R = ϕ(u3 ) ∈ E(C). By the assumptions on X, the points P, Q, R are distinct. We want to
show ϕ(u1 + u2 ) = ϕ(u1 ) + ϕ(u2 ) = P + Q. Since ℘(z) is even and ℘0 (z) is odd, we see that
ϕ(−z) = −ϕ(z) for all z ∈ C/Λ. Thus ϕ(u1 + u2 ) = −ϕ(−(u1 + u2 )) = −R so we need to
show P + Q + R = O, i.e. P, Q, R are colinear. Since u1 6= u2 , the line P Q is not vertical,
so there exist a, b such that ℘0 (ui ) = a℘(ui ) + b for i = 1, 2. Consider the elliptic function
f (z) = ℘0 (z) − (a℘(z) + b).
Then on the fundamental domain Π, f only has a pole at 0, so ord0 f = −3. Also, u1 and u2
are distinct zeroes of f , so there is a third point ω ∈ Π such that deg(f ) = u1 +u2 +ω−3·0 = 0,
i.e. u1 + u2 + ω = 0. Solving for ω, we get ω = −(u1 + u2 ) = u3 . It follows that R = ϕ(u3 )
is on the same line as P and Q, so we are done.

477
26.2. Elliptic Curves Chapter 26. Elliptic Curves and Complex Analysis

The compatibility of the group operations of C/Λ and E(C) is highly useful. For example,
fix N ∈ N and let
E[N ] = {P ∈ E(C) | [N ]P = O},
be the N -torsion points of E. For N = 2, the points P such that P = −P are exactly the
intersection points of E with the x-axis along with O = [0, 1, 0]:

Theorem 24.0.2 said that #E[N ] = N 2 . This is hard to see from the geometric picture,
but working with the isomorphism E(C) ∼ = C/Λ from Theorem 26.2.5, we see that since
C/Λ = R/Z×R/Z as an abelian group, the N -torsion is given by (C/Λ)[N ] = N1 Z/Z× N1 Z/Z.
This is a group of order N 2 , so we have proven (3) of Theorem 24.0.2. The other statements
of the theorem are straightforward to prove.
Recall that morphism in the category of elliptic curves is called an isogeny. Explicitly,
ϕ : E1 → E2 is an isogeny between two elliptic curves if it is a (nonconstant) morphism of
schemes that takes the basepoint O1 ∈ E1 to the basepoint O2 ∈ E2 .

Proposition 26.2.6. Suppose Λ1 , Λ2 ⊆ C are lattices and f : C/Λ1 → C/Λ2 is a holomor-

phic map. Then there exist a, b ∈ C such that aΛ1 ⊆ Λ2 and

f (z mod Λ1 ) = az + b mod Λ2 .

Proof. As topological spaces, C/Λ1 and C/Λ2 are complex tori with the same universal
covering space C, so any f : C/Λ1 → C/Λ2 lifts to F : C → C making the diagram
commute:
F
C C

π1 π2

C/Λ1 C/Λ2
f

478
26.2. Elliptic Curves Chapter 26. Elliptic Curves and Complex Analysis

Since covers are local homeomorphisms, it follows that F is holomorphic as well. Thus for
any z ∈ C, ` ∈ Λ1 ,

π2 (F (z + `) − F (z)) = f (π1 (z + `) − π1 (z)) = f (π1 (z) − π1 (z)) = f (0) = 0.

So F (z + `) − F (z) ∈ Λ1 for any ` ∈ Λ1 and the function L(z) = F (z + `) − F (z) is constant.

It follows that F 0 (z + `) = F 0 (z), so F 0 is holomorphic and elliptic, but this means by
Proposition 26.1.4 that F 0 (z) = a for some constant a. Hence F (z) = az + b as claimed.

Corollary 26.2.7. For two lattices Λ1 , Λ2 , the elliptic curves C/Λ1 and C/Λ2 are isomorphic
if and only if there exists an a ∈ C such that Λ1 = aΛ2 .

Definition. Two lattices Λ1 and Λ2 are said to be homothetic if Λ1 = aΛ2 for some a ∈ C.

Thus the set of homothety classes of lattices is naturally identified with the set of iso-
morphisms of complex elliptic curves.

Corollary 26.2.8. Any holomorphic map f : C/Λ1 → C/Λ2 is, up to translation, a group
homomorphism. In particular, if f (0) = 0 then f is a homomorphism.

Corollary 26.2.9. For any elliptic curve E, the group of endomorphisms End(E) has rank
at most 2.

Proof. Viewing E(C) = C/Λ for some Λ = Z + Zτ , we get

End(E) = {f : E → E | f is an isogeny}
= {f : C/Λ → C/Λ | f is holomorphic and f (0) = 0} by Corollary 26.2.8
= {z ∈ C | zΛ ⊆ Λ}
= {z ∈ C | z(Z + Zτ ) ⊆ (Z + Zτ )}
⊆ Z + Zτ.

Hence rank End(E) ≤ 2.

It turns out that there are two possible cases for the structure of End(E):

ˆ End(E) = Z.

ˆ End(E) is an order O in some imaginary quadratic number field K/Q (for the defini-
tion, see Section 17.2). In this case, E is said to have complex multiplication.

479
26.3. The Classical Jacobian Chapter 26. Elliptic Curves and Complex Analysis

26.3 The Classical Jacobian

For the isomorphism ϕ : C/Λ → E(C) in Theorem 26.2.5, let ψ = ϕ−1 : E(C) → C/Λ be
the inverse map. To understand this map explicitly, we will show how to construct a torus
for every elliptic curve, i.e. find a lattice Λ ⊆ C such that C/Λ ∼
= E(C).
Lemma 26.3.1. Any lattice Λ ⊆ C can be written
Z P 
Λ= dz : P ∈ Λ .
0

Notice that each differential form dz on C satisfies d(z + `) = dz for all ` ∈ Λ by

Lemma 26.3.1. Thus dz descends to a differential form on C/Λ, which by abuse of notation
we will also denote by dz. Formally, this is the pushforward of dz along the quotient π :
C → C/Λ. This implies:

Lemma 26.3.2. Any lattice Λ ⊆ C can be written

Z 
Λ= dz : γ is a closed curve in C/Λ passing through 0 .
γ

For an elliptic curve E defined by the equation y 2 = f (x), fix a holomorphic differential
form ω on E(C). (In general, the space of holomorphic differential forms on a curve has
dimension equal to the genus of the curve, so in the elliptic curve case, there is exactly one
such ω, up to scaling.)

Definition. The lattice of periods for an elliptic curve E is

Z 
Λ= ω : γ is a closed curve in E passing through P
γ

where P ∈ E(C) is fixed.

Example 26.3.3. Under the map ϕ : C/Λ → E(C), z 7→ (x, y) = (℘(z), ℘0 (z)), we see that

dx = ℘0 (z) dz = y dz

so ω = dx
y
is a differential form on E(C). In fact, ω = f dx 2
0 (x) , where E is defined by y = f (x),

is holomorphic because f 0 (x) 6≡ 0. This differential form is also holomorphic at O = [0, 1, 0],
so up to scaling, this is the unique holomorphic form on E.

Historically, mathematicians were interested in studying solutions to elliptic integrals, or

integrals of the form Z
dx
√ .
3
ax + bx + c
When f (x) = ax3 + bx + c, the expression ω = √ax3dx +bx+c
is precisely the holomorphic
differential form defining the lattice of periods of the elliptic curve E : y 2 = f (x).

480
26.3. The Classical Jacobian Chapter 26. Elliptic Curves and Complex Analysis

For a more functorial description, let VE = Γ(E, ΩE ) be the space of all holomorphic
differential forms on E. If γ is a curve in E(C), there is an associated linear functional
ϕγ ∈ VE∗ defined by

ϕγ : VE −→ C
Z
ω 7−→ ω.
γ

Fixing the basepoint O ∈ E(C), the lattice of periods for E can be written

Λ = {ϕγ : γ ∈ π1 (E(C), O)}.

In other words, this defines a map π1 (E(C), O) → VE∗ , γ 7→ ϕγ .

Definition. The Jacobian of an elliptic curve E is the quotient J(E) = VE∗ /Λ.

For each point P ∈ E(C), the coset ϕγ + Λ is an element of the Jacobian, where γ is a
path from O to P . This defines an injective map i : E ,→ J(E).

Proposition 26.3.4. Suppose σ : E1 → E2 is an isogeny between elliptic curves, so that

σ(O1 ) = O2 . Then there is a map τ : J(E1 ) → J(E2 ) making the following diagram commute:
σ
E1 E2

i1 i2

J(E1 ) J(E2 )
τ

Proof. The pullback gives a contravariant map σ ∗ : VE2 → VE1 , ω 7→ σ ∗ ω = ω ◦ σ. Taking

the dual of this gives a linear map σ ∗∗ : VE∗1 → VE∗2 defined by (σ ∗∗ ρ)(ω) = ρ(σ ∗ ω) for any
ρ ∈ VE∗1 and ω ∈ VE2 . Taking ρ = ϕγ1 for a path γ1 in E1 gives
Z Z
∗ ∗ ∗
ρ(σ ω) = ϕγ1 (σ ω) = σ ω= ω = ϕσ(γ1 ) ω.
γ1 σ(γ1 )

Thus σ ∗∗ ϕγ1 = ϕσ(γ1 ) . If γ1 is a closed curve through O1 , then σ(γ1 ) is a closed curve passing
through O2 = σ(O1 ). Hence if ΛE1 , ΛE2 are the lattices of periods for E1 , E2 , respectively,
we have σ ∗∗ (λE1 ) ⊆ ΛE2 . So σ ∗∗ factors through the quotients, defining τ :

τ = σ ∗∗ : VE∗1 /ΛE1 −→ VE∗2 /ΛE2 .

It is immediate the diagram commutes.

Lemma 26.3.5. For any elliptic curve E, the inclusion i : E ,→ J(E) induces an isomor-
phism
i∗ : π1 (E, O) −→ π1 (J(E), i(O)).

481
26.3. The Classical Jacobian Chapter 26. Elliptic Curves and Complex Analysis

Unfortunately, the construction of the Jacobian given so far is not algebraic so it would
be hard to carry over to curves over an arbitrary ground field. To construct Jacobians
algebraically, we will prove Abel’s theorem:

Theorem 26.3.6 (Abel). Suppose Λ ⊆ C is a lattice with fundamentalP domainPΠ and take
any set {ai } ⊂ Π such that there are integers mi ∈ Z satisfying mi = 0 and mi ai ∈ Λ.
Then there exists an elliptic function f (z) whose set of zeroes and poles is {ai } and whose
orders of vanishing/poles are ordai f = mi .

Given a lattice Λ ⊆ C, we may assume Λ = Z + Zτ for some τ ∈ C with im τ > 0.

Definition. The theta function for a lattice Λ is

∞
2 τ +2nz)
X
θ(z, τ ) = eπi(n .
n=−∞

2 2
One has |eπi(n τ +2nz) | = e−π(n im τ +2n im z)
for any z ∈ C, which implies that the above
series converges absolutely.

Proposition 26.3.7. Fix a theta function θ(z) = θ(z, τ ). Then

(1) θ(z) = θ(−z).

(2) θ(z + 1) = θ(z).

(3) θ(z + τ ) = e−πi(τ +2z) θ(z).

Properties (2) and (3) together say that θ(z) is what’s known as a semielliptic function.
For our purposes, this will be good enough. Notice that for z = 1+τ 2
, we have
   
1+τ 1+τ
θ =θ − + (1 + τ )
2 2
 
πi(τ +2(− 1+τ )) 1+τ
=e 2 θ −
2
   
πi 1+τ 1+τ
=e θ − = −θ .
2 2
1+τ
Thus z = 2
is a zero of θ(z).

Lemma 26.3.8. All zeroes of θ(z, t) are simple and are of the form 1+τ
2
+ ` for ` ∈ Λ.

Lemma 26.3.9. For x ∈ C, set θ(x) (z, τ ) = θ z − 1+τ

2
− x . Then θ(x) (z) = θ(x) (z, τ )
satisfies:

(1) θ(x) (z + 1) = θ(x) (z).

(2) θ(x) (z + τ ) = e−πi(2(z−x)−1) θ(x) (z).

We now prove Abel’s theorem (26.3.6).

482
26.3. The Classical Jacobian Chapter 26. Elliptic Curves and Complex Analysis

Proof. Given such a set {ai } ⊂ Π, let x1 , . . . , xn be the list of all ai with mi > 0, listed with
repetitions corresponding to the number mi . For example, if m1 = 2 then x1 = x2 = a1 .
Likewise, letPy1 , . . . , yn be the list of all ai with mi < 0, once again with repetitions. By the
hypothesis mi = 0, there are indeed an equal number of each. Set
Qn (xi )
θ (z)
f (z) = Qi=1
n (yi ) (z)
.
i=1 θ

Then by Lemma 26.3.9, f (z + 1) = f (z). On the other hand, the lemma also gives
Qn (xi )
i=1 θ (z + τ )
f (z + τ ) = Q n (y i ) (z)
i=1 θ
Pn Pn
= e2πi( i=1 xi − i=1 yi ) f (z)
P
= e2πi mi ai
f (z)
X
= f (z) since mi ai = 0.
Therefore f (z) is elliptic.
Note that θ(z) is a meromorphic function, so by complex analysis, the integral
θ0 (z)
Z
1
dz
2πi ∂Π θ(z)
counts the number of zeroes of θ(z) in the fundamental domain Π, up to multiplicity. To
ensure no zeroes lying on ∂Π are missed, we may shift Π → Πα for an appropriate α ∈ C.
Parametrize ∂Π as in Proposition 26.1.5. Then once again the integrals along γ2 and γ4
cancel since θ(z + 1) = θ(z). On the other hand,
θ(z + τ ) = e−πi(τ +2z) θ(z)
=⇒ θ0 (z + τ ) = e−πi(τ +2z) (−2πiθ(z) + θ0 (z))
θ0 (z + τ ) θ0 (z)
=⇒ = −2πi + .
θ(z + τ ) θ(z)
This implies
θ0 (z) θ0 (z) θ0 (z) θ0 (z) θ0 (z)
Z Z Z Z Z
dz = dz + dz + dz + dz
∂Π θ(z) γ1 θ(z) γ2 θ(z) γ3 θ(z) γ4 θ(z)
θ0 (z) θ0 (z) θ0 (z) θ0 (z)
Z Z  Z Z 
= dz + dz + dz + dz
γ1 θ(z) γ3 θ(z) γ2 θ(z) γ4 θ(z)
θ0 (z) θ0 (z)
Z Z 
= dz − dz + 2πi + 0
γ1 θ(z) γ1 θ(z)
= 2πi.
It follows that θ(z) has exactly one zero in Π, and it must be z = 1+τ
2
.
The inverse map ψ : E → C/Λ extends to the group of divisors on E:
Ψ : Div(E) −→ C/Λ
X X
nP P 7−→ nP ψ(P ).

483
26.3. The Classical Jacobian Chapter 26. Elliptic Curves and Complex Analysis

Definition. The map Ψ : Div(E) → C/Λ is called the Abel-Jacobi map.

R
Recall that ψ : P 7→ γP ω + Λ ∈ C/Λ where ω is a fixed holomorphic differential form
on E and γP is a path connecting O ∈ E(C) to P . If O0 is another basepoint and ψ 0 is the
corresponding map, we have ψ(P ) = ψ(O0 ) + ψ 0 (P ) for all P ∈ E. So it appears that
P Ψ is
not well-defined. However, this issue vanishes when we restrict Ψ to Div0 (E): if D = nP P
is a degree 0 divisor, then
X
Ψ(D) = nP ψ(P )
X
= nP (ψ(O0 ) + ψ 0 (P ))
X X
= ψ(O0 ) nP + nP ψ 0 (P )
X
=0+ nP ψ 0 (P ) = Ψ0 (D).

Corollary 26.3.10. The map Ψ : Div0 (E) → C/Λ induces an isomorphism Pic0 (E) ∼
= C/Λ.
Proof. One can prove that Ψ is a surjective group homomorphism. Moreover, Abel’s theorem
(26.3.6) implies that ker Ψ = PDiv(E).
Consider the map iO : E → Div0 (E) that sends P 7→ P −O. This fits into a commutative
diagram:

Div0 (E)
Ψ

iO C/Λ

ψO
E

On the level of the Picard group, this diagram looks like

Pic0 (E)
Ψ

iO C/Λ

ψO
E

and every arrow is a bijection.

484
26.4. Jacobians of Higher Genus CurvesChapter 26. Elliptic Curves and Complex Analysis

26.4 Jacobians of Higher Genus Curves

Let C be a complex curve of genus g ≥ 2 and let V = Γ(C, ΩC ) be the vector space of
holomorphic differential forms on C. Then dimC V =R g, so V ∗ ∼ = Cg . As in the previous
section, for any path ω in C the assignment ϕγ : ω 7→ γ ω defines a functional ϕγ ∈ V ∗ . As
for elliptic curves, we define:
Definition. The lattice of periods for C is

Λ = {ϕγ ∈ V ∗ | γ is a closed curve in C}.

Lemma 26.4.1. Λ is a lattice in V ∗ .

Definition. The Jacobian of C is the quotient space J(C) = V ∗ /Λ.
As with elliptic curves, we have a map ψ : C → J(C) called the Abel-Jacobi map, which
sends P 7→ ϕγP + Λ, where γP is a curve through P . Also, ψ extends to the divisor group of
C as a map
Ψ : Div(C) −→ J(C)
which is canonical when restricted to Div0 (C). The Abel-Jacobi theorem generalizes Theo-
rem 26.3.6 and Corollary 26.3.10.
Theorem 26.4.2. Let C be a curve of genus g > 0 and let Ψ : Div0 (C) → J(C) be the
Abel-Jacobi map. Then
(1) (Abel) ker Ψ = PDiv(C).

(2) (Jacobi) Ψ is surjective.

Therefore Ψ induces an isomorphism Pic0 (C) ∼
= J(C).
Just as with elliptic curves, if we fix a basepoint O ∈ C, the map iO : C → Div0 (C), P 7→
P − O determines a commutative diagram

Pic0 (C)
Ψ

iO J(C)

ψO
C

However, this time not every map is a bijection. In particular, dim C = 1 < g = dim J(C).
To remedy this, let C g be the g-fold product of C and consider the map

ψ g : C g −→ J(C)
(P1 , . . . , Pg ) 7−→ ψ(P1 ) + . . . + ψ(Pg )

where + denotes the group law on J(C).

485
26.4. Jacobians of Higher Genus CurvesChapter 26. Elliptic Curves and Complex Analysis

Theorem 26.4.3 (Jacobi). ψ g : C g −→ J(C) is surjective.

There is still work to do to show that the natural map C g → Pic0 (C) is surjective.
It turns out that J(C) is birationally equivalent to the symmetric power C (g) = C g / ∼,
where (P1 , . . . , Pg ) ∼ (Pσ(1) , . . . , Pσ(g) ) for any permutation σ ∈ Sg . Jacobi proved that this
birational equivalence is enough to endow Pic0 (C) ∼ = J(C) with the structure of an algebraic
group.

Theorem 26.4.4. J(C) is an abelian variety.

486
Chapter 27

Complex Multiplication

We saw in Section 24.1 that many endomorphisms of an elliptic curve are of the form [m] :
P 7→ mP for m ∈ Z. In fact, for most elliptic curves, these are the only endomorphisms,
but a special class of curves admit extra endomorphisms which are the starting place for a
beautiful theory of complex multiplication in number theory.
In class field theory (Part IV), we classified all abelian extensions of a number field K by
studying complex roots of unity, i.e. torsion points of the group scheme Gm (C), and using
them to construct cyclotomic extensions of K – by the Kronecker-Weber theorem (17.8.10),
all abelian extensions are subfields of such cyclotomic fields. In a completely analogous way,
the theory of complex multiplication allows one to construct, for an elliptic curve E for which
End(E) has extra elements coming from a number field K, abelian extensions of K. Namely,
torsion points of E along with the j-invariant will generate all such fields.

487
27.1. Classical Complex Multiplication Chapter 27. Complex Multiplication

27.1 Classical Complex Multiplication

For an elliptic curve E/C, let Λ ⊂ C be the lattice associated to E by Theorem 26.2.5. Write
Λ = [ω1 , ω2 ] for ω1 , ω2 ∈ C.
Proposition 27.1.1. For a complex elliptic curve E = C/Λ, where Λ = [ω1 , ω2 ], either
(1) End(E) ∼
= Z; or
 
ω2
(2) End(E) is an order in the imaginary quadratic field Q ω1
.

Proof. We may assume ω1 = 1 and ω2 = τ ∈ C r R. As we saw in the proof of Corol-

lary 26.2.9,
End(E) = {z ∈ C | zΛ ⊆ Λ}.
So for any z ∈ End(E), we can find integers a, b, c and d such that z = a+bτ and τ z = c+dτ .
Solving for τ in each and combining the equations, we obtain

z 2 − (a + d)z + (ad − bc) = 0,

so in particular z is an algebraic integer. This shows End(E) is an integral extension of Z.

If End(E) 6= Z, take z ∈ End(E) r Z. Then b 6= 0 and we can solve for z in each of the
equations above to produce
bτ 2 − (a − d)τ − c = 0.
Since b 6= 0, this means τ is a complex root of a quadratic polynomial, so Q(τ ) is an imaginary
quadratic field. Further, End(E) is contained in Q(τ ) and is an integral extension of Z, so
it is therefore an order.
Definition. An elliptic curve E over the complex numbers has complex multiplication,
abbreviated CM, if End(E) is an order in an imaginary quadratic field.
Proposition 27.1.2. Let E/C be an elliptic curve with complex multiplication via an order
O ⊂ K. Then there is a unique isomorphism of abelian groups [·] : O → End(E) such that
for any invariant differential ω ∈ ΩE , we have [α]∗ ω = αω for all α ∈ O.
∼
Proof. Fix an isomorphism ϕ : C/Λ − → E for a lattice Λ and for each α ∈ O, define
[α] ∈ End(E) by the following commutative diagram:
mα
C/Λ C/Λ

ϕ ϕ
[α]
E E

where mα denotes multiplication by α. Let ω ∈ ΩE be an invariant differential on E. By

Lemma 22.4.1, ω ∈ ΩE and dz ∈ ΩC/Λ are each unique up to scaling, so ϕ∗ ω = a dz for
some a ∈ C. By commutativity, we get ϕ∗ [α]∗ ω = m∗α ϕ∗ ω = mα a dz = αa dz which implies
[α]∗ ω = αω as desired.

488
27.1. Classical Complex Multiplication Chapter 27. Complex Multiplication

Corollary 27.1.3. Suppose ϕ : E1 → E2 is an isogeny between elliptic curves with complex

∼ ∼
multiplication via the same order O. Write [·]1 : O −
→ End(E1 ) and [·]2 : O −
→ End(E2 ).
Then for all α ∈ O, ϕ ◦ [α]1 = [α]2 ◦ ϕ.

Proof. Take ω ∈ ΩE2 . Then by Proposition 27.1.2,

(ϕ ◦ [α]1 )∗ ω = [α]∗1 ϕ∗ ω = αϕ∗ ω = ϕ∗ (αω) = ϕ∗ [α]∗2 ω = ([α]2 ◦ ϕ)∗ ω.

Therefore (ϕ ◦ [α]1 )∗ = ([α]2 ◦ ϕ)∗ , but since ϕ∗ is nonzero by Theorem 24.1.10, we must have
(ϕ ◦ [α]1 = [α]2 ◦ ϕ.
For an order O in an imaginary quadratic field K, let Ell(O) denote the set of isomorphism
classes of elliptic curves E/C with End(E) ∼= O.
Theorem 27.1.4. Let K be a number field with ring of integers OK , class group CK and
nonzero fractional ideals a, b ⊂ K. Then for any lattice Λ ⊂ C with associated elliptic curve
E = C/Λ,

(a) aΛ and bΛ are lattices.

(b) If Ea = C/aΛ, then End(Ea ) ∼

= OK .
(c) Ea ∼
= Eb if and only if [a] = [b] in CK .
(d) CK acts simply transitively on Ell(OK ).

(e) In particular, # Ell(OK ) = hK , the class number of K.

Proof. (a) follows from the proof of Proposition 14.8.2, with OK replaced by Λ.
(b) For all α ∈ C, αaΛ ⊆ Λ is equivalent to αΛ ⊆ Λ, after multiplying through by a−1 .
This shows that

End(Ea ) = {α ∈ C | αaΛ ⊆ aΛ} = {α ∈ C | αΛ ⊆ Λ} = End(E) = OK

by Corollary 26.2.9.
(c) By Corollary 26.2.7, Ea ∼
= Eb if and only if the lattices aΛ and bΛ are homothetic,
i.e. aΛ = cbΛ for some c ∈ C. So

Ea ∼
= Eb ⇐⇒ aΛ = cbΛ for some c ∈ C
⇐⇒ Λ = ca−1 bΛ and Λ = c−1 ab−1 Λ for some c ∈ C
⇐⇒ ca−1 b, c−1 ab−1 ⊆ OK for some c ∈ C
⇐⇒ ca−1 b = OK = c−1 ab−1 for some c ∈ C
⇐⇒ a = cb for some c ∈ K
⇐⇒ [a] = [b] in CK .

(d) Define the action of CK on Ell(OK ) by [a] · E = Ea−1 . Fix E1 , E2 ∈ Ell(OK ) with
E1 = C/Λ1 and E2 = C/Λ2 . For j = 1, 2, choose λj ∈ Λj and set aj = λ−1 j Λj . By the proof

489
27.1. Classical Complex Multiplication Chapter 27. Complex Multiplication

of Proposition 27.1.1, aj ⊂ K and it is a finitely generated abelian group since Λj is, so aj

is a fractional ideal of K. Set a = a2−1 a1 . Then Λ2 = λ−1 −1
1 λ2 a1 a2 Λ1 so we have

[a] · E1 = Ea−1 = C/a−1 Λ1 = C/λ−1 ∼

1 λ2 Λ2 = C/Λ2 = E2 .

Thus the action is transitive. To see that it is simply transitive, note that by (c), if [a] · E =
[b] · E then [a] = [b]. Then (e) follows immediately.

Example 27.1.5. For the lattice Λ = Z[i], the Gaussian integers, set E = C/Λ. Then
End(E) ∼ = Z[i] so E has complex multiplication. Moreover, Aut(E) = {±1, ±i} ∼ = Z/4Z
and j(E) = 1728 by analysis of the Weierstrass equation, so E is isomorphic to the elliptic
curve given by y 2 = x3 + x. To see this explicitly, note that iΛ = Λ implies g3 (Λ) = g3 (iΛ) =
i6 g3 (Λ) = −g3 (Λ), where g3 (Λ) is the normalized Eisenstein series for Λ (see Section 26.2).
Thus g3 (Λ) = 0 so by Theorem 26.2.4, E has Weierstrass equation

E : y 2 = 4x3 − g2 (Λ)x.

This also confirms that j(E) = 1728. Note that although E is isomorphic to a rational
elliptic curve, e.g. y 2 = x3 + x, the above Weierstrass equation is not rational. In fact,
Z 1 4
dt
g2 (Λ) = 64 √ .
0 1 − t4

Example 27.1.6. Similarly, consider the lattice Λ = Z[ρ] where ρ = e2πi/3 is a primitive
third root of unity. Then for E = C/Λ, we have End(E) = Z[ρ] so once again, E has complex
multiplication. Let us describe E explicitly as in the previous example. First, ρΛ = Λ implies
g2 (Λ) = g2 (ρΛ) = ρ4 g2 (Λ) = ρg2 (Λ), so g2 (Λ) = 0. By Theorem 26.2.4, E is given by the
Weierstrass equation
E : y 2 = 4x3 − g3 (Λ)
so j(E) = 0. Moreover, Aut(E) = {±1, ±ρ, ±ρ2 } ∼ = Z/6Z and E is isomorphic to the
2 3
rational elliptic curve y = x + 1.

490
27.2. Torsion and Rational Points Chapter 27. Complex Multiplication

27.2 Torsion and Rational Points

Elliptic curves with complex multiplication possess richer structure than those without CM,
in several way. In this section we will study how the group of torsion points on a CM curve
change. Then we will see how rational points can be studied systematically.
We begin by generalizing the torsion subgroup E[m] = Em introduced in Chapter 24.
Suppose E ∈ Ell(OK ) for an imaginary quadratic field K. For each ideal a ⊂ OK , define

E[a] = {P ∈ E | [α]P = O for all α ∈ a}

∼
where [·] is the isomorphism OK −
→ End(E) defined in Proposition 27.1.2.

Proposition 27.2.1. For any OK -ideal a, there is an isogeny ϕa : E → [a] · E such that

(a) ker ϕa = E[a].

(b) E[a] is a free module over OK /a of rank 1.

Proof. The isogeny is given by ϕa : C/Λ → C/a−1 Λ, z 7→ z which is well-defined since

Λ ⊆ a−1 Λ when a is an (integral) ideal of OK . Then (a) is easily verified and (b) can be proven
using the Chinese remainder theorem – see Silverman’s Advanced Topics for details.

Corollary 27.2.2. Let N = NK/Q be the ideal norm of the extension K/Q. Then

(a) For any ideal a ⊂ OK , the isogeny ϕa : E → [a] · E has degree Na.

(b) In particular, for all α ∈ OK , the isogeny [α] : E → E has degree |N α| where
N = NK/Q is the field norm.

Proof. (a) By Proposition 27.2.1, deg ϕa = #E[a] = Na.

(b) This follows from the fact that if a = (α), then [a] = [α], the image of α in End(E)
under the isomorphism in Proposition 27.1.2. In this case, we have deg[α] = N(α) = |NK/Q α|
by part (a).
Next, we turn to a discussion of rational points of elliptic curves with complex multiplica-
tion. Note that for any complex elliptic curve E, there is an isomorphism End(E σ ) ∼= End(E)
for any automorphism σ : C → C.

Proposition 27.2.3. Let K be an imaginary quadratic field. Then

(a) For any elliptic curve E/C with complex multiplication by OK , j(E) ∈ Q.

(b) Ell(OK ) is equal to the set of Q-isomorphism classes of elliptic curves defined over Q
with End(E) ∼ = OK .

Proof. (a) Set L = Q(j(E)); we must show that [L : Q] < ∞. For any σ ∈ Aut(C), E σ
is the curve obtained by letting σ act on the Weierstrass equation for E, so by definition
j(E σ ) = j(E)σ . Since End(E σ ) ∼
= OK for each σ, there are only finitely many C-isomorphism
σ
classes that E can take on. By Proposition 23.2.1, elliptic curves over C are in bijective

491
27.2. Torsion and Rational Points Chapter 27. Complex Multiplication

correspondence with j-invariants, so {j(E)σ | σ ∈ Aut(C)} is a finite set. Hence [L : Q] < ∞

as desired.
(b) For each subfield L ⊆ C, let EllL (OK ) denote the set of L-isomorphism classes of
elliptic curves defined over L with End(E) ∼ = OK . Any fixed embedding Q ,→ C induces
a map EllQ (OK ) → EllC (OK ). To show this is a bijection, first take E ∈ EllC (OK ). Then
by (a), j(E) ∈ Q and by Propositions 23.2.1 and 23.2.2, there exists an elliptic curve E 0
defined over Q(j(E)) with j(E 0 ) = j(E) and E 0 ∼= E over C. Thus EllQ (OK ) → EllC (OK ) is
surjective. Injectivity follows from Proposition 23.2.1.
We will later show that in the above situation, j(E) ∈ Z. To lay the groundwork for this,
we next find the field of definition for each isogeny [α] : E → E from Proposition 27.1.2.
Theorem 27.2.4. Let E be an elliptic curve with complex multiplication via some order
O ⊂ C. Then
(1) For all α ∈ O and σ ∈ Aut(C), [α]σE = [σα]E σ .
(2) Suppose E is defined over a subfield L ⊆ C and O ⊆ K for an imaginary quadratic
field K. Then every element of End(E) is defined over LK.
(3) If, in addition, E 0 is an elliptic curve defined over L, then every isogeny E → E 0 is
defined over some finite extension M/L.
Proof. (1) For any ω ∈ ΩE , σ · ω ∈ ΩE σ so by Proposition 27.1.2,

[σα]∗E σ (σ · ω) = σα(σ · ω) = σ · (αω) = σ · [α]∗E ω = ([α]∗E )σ (σ · ω).

Hence [σα]∗E σ = ([α]∗E )σ so Theorem 24.1.10 implies [σα]E σ = [α]σE since we are in character-
istic 0.
(2) Take σ ∈ Aut(C/L). Then E σ = E so by (a), we have [α]σE = [σα]E σ = [σα]E for
all α ∈ O. Given that O ⊆ K, if σ also fixes K then σα = α. Thus [α]σE = [α]E for all
σ ∈ Aut(C/LK), meaning [α] = [α]E is defined over LK. But by Proposition 27.1.2, these
are all the elements of End(E).
(3) Fix an isogeny ϕ : E → E 0 and suppose σ ∈ Aut(C/L). Then ϕσ is an isogeny E → E 0
as well, since the Weierstrass equations of E, E 0 are fixed under σ. By Proposition 24.1.9, ϕ
is determined by its kernel which is a finite subgroup of E(C). There are only finitely many
finite subgroups of E(C), so we see that there are only finitely many isogenies E → E 0 of a
given degree. Therefore {ϕσ | σ ∈ Aut(C), σ fixes L} is a finite set (noting that deg ϕσ =
deg ϕ) which implies ϕ is defined over a finite extension of L. Repeating the argument for
any ϕ gives an extension M/L, but since Hom(E, E 0 ) is finitely generated, we may take M/L
to be a finite extension.
Corollary 27.2.5. If E is an elliptic curve with complex multiplication via OK where K is
an imaginary quadratic field, then [Q(j(E)) : Q] ≤ hK , the class number of K.
We will later show that [Q(j(E)) : Q] = hK , so in particular j(E) is rational if and only if
K is an imaginary quadratic field with class number 1. As there are only a finite number of
such number fields, it follows that only a finite number of Q-isomorphism classes of elliptic
curves have complex multiplication.

492
27.2. Torsion and Rational Points Chapter 27. Complex Multiplication

Example 27.2.6. Consider the elliptic curve E defined by y 2 = x3 + x, which admits an

isomorphism [·] : Z[i] → End(E) by Proposition 27.1.2. Explicitly, [·] is determined by
[i] : (x, y) 7→ (−x, iy) since if τ ∈ Aut(C) is complex conjugation, then

([i](x, y))τ = (−x, iy)τ = (−τ · x, τ · (iy)) = (−τ · x, −i(τ · x)) = [−i](τ · x, τ · y) = [i]τ (x, y)τ .

Thus [i]τ = [τ · i], which confirms (2) of Theorem 27.2.4.

Theorem 27.2.7. Let E be a complex elliptic curve with complex multiplication by OK and
let L = K(j(E), Etors ) be the field extension generated by j(E) along with all torsion points
of E. Then L is an abelian extension of K(j(E)).

Proof. Set L0 = K(j(E)) and for each m ≥ 1, let LmS= L0 (E[m]) be the extension of L0
generated by the m-torsion points of E. Then L = m≥1 Lm so it suffices to show each
Lm /L0 is abelian. For each σ ∈ Gal(Lm /L0 ), P ∈ E[m] and α ∈ OK , Theorem 27.2.4 gives
us
([α]P )σ = [α](P σ )
so the actions of Gal(Lm /L0 ) and OK on E[m] commute. This induces a group homomor-
phism
ρ : Gal(K/L0 ) −→ AutOK /mOK (E[m])
where K is an algebraic closure of K, which descends to an injective homomorphism

Gal(Lm /L0 ) ,→ AutOK /mOK (E[m])

but by Proposition 27.2.1(b), E[m] is a free OK /mOK -module of rank 1. Thus AutOK /mOK (E[m]) ∼
=
(OK /mOK )× which is abelian, so Gal(Lm /L0 ) is abelian as required.
Let K be an imaginary quadratic field with ring of integers OK and define

F : Gal(K/K) −→ CK

by sending σ to the unique element F (σ) = [a] ∈ CK such that [a] · E = E σ for all elliptic
curves E ∈ Ell(OK ). (Existence and uniqueness of this element follow from Theorem ??).
The following results highlight an interesting fact: F converts the algebraic information of
the absolute Galois group of K into the analytic information of elliptic curves over Q, via
their j-invariants.

Lemma 27.2.8. For all σ ∈ Gal(K/K) and all elliptic curves E ∈ Ell(OK ),

j(E)σ = j(EF (σ) ).

Proposition 27.2.9. The map F : Gal(K/K) → CK is a group homomorphism.

Proof. For all σ, τ ∈ Gal(K/K) and E ∈ Ell(OK ), we have

F (στ ) · E = E στ = (E τ )σ = (F (τ ) · E)σ = F (σ)F (τ ) · E

so by definition, F (στ ) = F (σ)F (τ ).

493
27.2. Torsion and Rational Points Chapter 27. Complex Multiplication

Proposition 27.2.10. For all elliptic curves E ∈ Ell(OK ), classes [a] ∈ CK and automor-
phisms σ ∈ Gal(Q/Q), ([a] · E)σ = [a]σ · E σ .

Proof. By Proposition 27.2.3 we may assume E is defined over Q, so E σ makes sense. Choose
a lattice Λ ⊂ C so that E ∼
= C/Λ. Also, since a is a finitely generated OK -module, we have
an exact sequence
m n
OK → OK →a→0
for some m, n ∈ N. Note that for any OK -module M , the map

a−1 M −→ HomOK (a, M )

x 7−→ (α 7→ αx)

is an isomorphism of OK -modules. In particular, HomOK (a, Λ) ∼

= a−1 Λ and HomOK (a, C) ∼
=
C. Now applying HomOK (a, −) to the exact sequence

0→Λ→C→E→0

yields the top row in the following commutative diagram:

0 0 0

0 a−1 Λ C Hom(a, E)

0 Λn Cn En 0

0 Λm Cm Em 0
m n
(The other rows come from applying Hom(OK , −) and Hom(OK , −) to the same sequence.)
Applying the Snake Lemma to the bottom rows gives an exact sequence

0 → a−1 Λ → C → ker(E n → E m ) → coker(Λn → Λm ).

This identifies the C-points of the variety [a] · E = C/a−1 Λ with the identity component of
ker(E n → E m ). The same argument shows that the C-points of [a]σ · E σ may be identified
with the identity component of ker((E σ )n → (E σ )m ), but the latter is precisely ker(E n →
E m )σ , so we conclude that [a]σ · E σ = ([a] · E)σ .

494
27.3. Class Field Theory with Elliptic Curves Chapter 27. Complex Multiplication

27.3 Class Field Theory with Elliptic Curves

495
 Part VI

L-Functions

496
 These notes in Part VI come from the 2017-2018 Galois-Grothendieck Seminar at the
University of Virginia. The topic for most of the year was Tate’s thesis on Fourier analysis
over number fields. Tate’s work is a natural jumping off point for the study of L-functions,
modular forms and the beginnings of the Langlands program.

497
Chapter 28

Introduction

The Riemann zeta function is a very basic example of an L-function, an analytic object with
important ties to many branches of mathematics. (In Section 12.4, we saw an example of
an L-function associated to a Dirichlet character.) Many L-functions have Euler products
and functional equations, among other amazing properties, but for certain L-functions of
interest these properties remain conjectures. A particular class of L-functions called Hecke
L-functions have fundamental ties to number theory. In his doctoral thesis, Tate established
a remarkably useful and general framework for studying functional equations for these Hecke
L-functions.
In this introduction we give an overview of some of the types of L-functions that are out
there, as well as their properties and how they connect to each other. By an L-series, we
mean a particular series representation of a function on a subset of C, and when such a series
has meromorphic continuation to C, this continuation is called an L-function. Often we will
use the terms interchangeably though.
(1) The first example of an L-function is the Riemann zeta function, given in series form
∞
X 1
by ζ(s) = . By Theorem 10.3.1, ζ(s) has an Euler product
n=1
ns
Y
ζ(s) = (1 − p−s )−1
p

(with the product being taken over all prime integers p). The zeta function also has mero-
morphic continuation and
−s/2 s

a functional equation coming from the expression ξ(s) = ξ(1 − s),
where ξ(s) = π Γ 2 ζ(s) (this was Theorem 12.1.2). The zeta function has many im-
portant connections to number theory; for instance, certain special values of ζ(s) encode
number-theoretic properties of Z (see Section 12.2):
π4
ˆ ζ(2) = π
6
and ζ(4) = 90
were proven by Euler. More generally,
(2π)2n b2n (−1)n+1
ζ(2n) =
2(2n)!
where bk is the kth Bernoulli number (the odd Bernoulli numbers are zero). In contrast,
the values of ζ(s) at odd positive integers are rather mysterious: while ζ(3) is known

498
 Chapter 28. Introduction

to be irrational, it is still not known whether it is transcendental, and ζ(5), ζ(7), . . .

are not even known to be irrational.

ˆ The functional equation implies ζ(−2n) = 0 for all integer n ≥ 1. The negative even
integers are known as the trivial zeroes of ζ(s).

ˆ The Riemann hypothesis states that all nontrivial zeroes of ζ(s) lie on the line Re(s) =
1
2
in the complex plane. This statement, while still not proven (or disproven), encodes
amazing information about the distribution of prime numbers, among other things.

(2) Let χ : Z → C× be a Dirichlet character modulo m, i.e. a multiplicative homomor-

phism (Z/mZ)× → C× extended to Z by setting χ(r) = 0 if (r, m) > 1. Then the Dirichlet
L-function for χ is given by the series
∞
X χ(n)
L(s, χ) = .
n=1
ns

Since χ is fully multiplicative, that is χ(ab) = χ(a)χ(b) for all a, b ∈ Z, there is an Euler
product for its Dirichlet L-function:
Y
L(s, χ) = (1 − χ(p)p−s )−1
p

where, as usual, the product is taken over all prime integers p. There is also a functional
equation and meromorphic continuation for L(s, χ) in terms of the Γ function and a certain
Xm
analogue χ(n)e2πin/m of the Fourier transform, called a Gauss sum. The Riemann hy-
n=1
pothesis also makes sense to state for Dirichlet L-functions, though it too remains unsolved.
(3) Let K/Q be a number field. As in Section 17.5, the Dedekind zeta function for K is
X 1
ζK (s) =
a⊂OK
N (a)s

where the sum is over all nonzero ideals a of the ring of integers OK and N = NK/Q is the
ideal norm of the extension. Since norm is a multiplicative function and every ideal factors
uniquely in OK into a product of prime ideals, there is an Euler product
Y
ζK (s) = (1 − N (p)−s )−1
p∈Spec OK

where the product is over all nonzero prime ideals p ⊂ OK . Perhaps not
surprisingly at
this point, there is a functional equation for ζK (s). Let ΓR (s) = π −s/2 Γ 2s and ΓC (s) =
2(2π)−s Γ(s). Then the completed Dedekind zeta function for K is

ΛK (s) = |∆K |s/2 ΓR (s)r1 ΓC (s)r2 ζK (s)

499
 Chapter 28. Introduction

where ∆K is the discriminant of K/Q, r1 is the number of real embeddings K ,→ C and

r2 is the number of pairs of complex embeddings K ,→ C (so that r1 + r2 = n). Then one
proves that this function satisfies the functional equation ΛK (s) = ΛK (1 − s). As before,
this also gives a meromorphic continuation of ζK (s) to C. Finally, there is an analogue of
the Riemann hypothesis (sometimes called the generalized Riemann hypothesis, though this
term may refer to several related hypotheses) for Dedekind zeta functions.
Example 28.0.1. Let K = Q(i) be the Gaussian rationals. Then by Example 14.5.11, we
can write
Y
ζK (s) = (1 − N (p)−s )−1
p∈Spec Z[i]
Y Y
= (1 − 2−s )−1 (1 − p−2s )−1 (1 − p−s )−2
p≡3 (mod 4) p≡1 (mod 4)

= ζQ (s)L(s, χ),
where ζQ (s) = ζ(s) is the ordinary Riemann zeta function and χ is the nontrivial Dirichlet
character mod 4: 
1,
 r ≡ 1 (mod 4)
χ(r) = −1, r ≡ 3 (mod 4)

0, r is even.


(4) Let K/Q be a number field with absolute Galois group GK = Gal(K/K), where K
is a fixed algebraic closure of K. A Galois representation of K is a continuous morphism of
topological groups ρ : GK → GL(V ) for V a finite dimensional C-vector space. Note that
ρ being continuous is equivalent to it having finite image in GL(V ). Therefore any such
morphism factors through Gal(L/K) → GL(V ) for some finite extension L/K; we will also
denote this by ρ. For each (nonzero) prime ideal p ⊂ OK , there is a decomposition subgroup
DL/K,p and an inertia subgroup IL/K,p C DL/K,p ⊆ Gal(L/K), each of which is well-defined
up to conjugacy. Further, there exists a Frobenius element FrobL/K (p) ∈ DL/K,p /IL/K,p which
is also well-defined up to conjugacy. For each p, let Vp = V IL/K,p be the subspace of V fixed
by the action of the inertia group. Set np = dim Vp and write ρp = ρ|Vp . Then the local Artin
L-function at p is defined by
Lp (s, ρ) = det[Inp − ρp (FrobL/K (p))NK/Q (p)−s ]−1
where Inp is the identity operator on Vp . Stitching these together, we also define the (global)
Artin L-function for K: Y
L(s, ρ) = Lp (s, ρ).
p∈Spec OK
×
Observe that if ρ : GK → GL1 (C) = C is the trivial representation, then L(s, ρ) = ζK (s)
is the Dedekind zeta function for K. Moreover, one can prove that if ρ factors through
the regular representation Gal(L/K) → GL(V ) for some finite L/K, then L(s, ρ) is the
Dedekind zeta function for L. As with previous L-functions, there is a functional equation
for Artin L-functions that relates L(s, ρ) to L(1 − s, ρ̄), where ρ̄ is the complex conjugate
representation.

500
 Chapter 28. Introduction

Example 28.0.2. Let L = Q(i) and K = Q and consider the nontrivial Galois representa-
tion
ρ : Gal(Q(i)/Q) −→ C× , (z 7→ z̄) −
7 → −1.
Then as in Example 28.0.1, we can compute the Artin L-function using the splitting behavior
of primes in Z[i]. If p ∈ Z splits or ramifies in Z[i], then for any p | p, N (p) = p, the Frobenius
element is trivial, and so Lp (s, ρ) = (1 − p−s )−1 . However, when p is inert, the Frobenius
element is complex conjugation, so we get Lp(s,ρ) = (1 + p−s )−1 . Putting this together, we
have
Y Y ζQ(i) (s)
L(s, ρ) = (1 − 2−s )−1 (1 − p−s )−1 (1 + p−s )−1 = (1 − 2−s )−1 .
ζQ (s)
p≡1 (mod 4) p≡3 (mod 4)

Computing Artin L-functions is clearly expedited by knowing the splitting behavior of

primes in an extension L/K. We will see that this knowledge can be obtained for abelian
extensions by using class field theory. One consequence will be that Artin L-functions are
always “built” out of Dirichlet L-functions in the abelian case, as seen above.
One interesting conjecture about Artin L-functions is that any L(s, ρ) is holomorphic on
C whenever ρ is irreducible and nontrivial. This conjecture is known to be true in some
cases, e.g. when Gal(L/K) is supersolvable.
(5) Hecke L-functions are a mutual generalization of Dirichlet, Dedekind and Artin L-
functions that are defined using a generalization of Dirichlet characters called Hecke charac-
ters. These L-functions are of the form
X χ(a)
L(s, χ) =
a⊂OK
N (a)s
(a,m)=1

but they are better understood as sums of idèle class characters. Tate’s thesis focused on
proving a functional equation for Hecke L-functions, which we will outline in Chapter 31.
(6) Let X be a smooth projective algebraic variety over a finite field Fq . Then the
Hasse-Weil zeta function of X is defined as
∞
!
X sr
Z(X/Fq , s) = exp Nr
r=1
r

where Nr = #X(Fqr ) for each r ≥ 1. The Weil conjectures are a set of essential statements
about Z(X/Fq , s) that were formulated in the 1940s by André Weil and later proven by
Dwork, Grothendieck and Deligne. They assert that:
p1 (s) · · · p2n−1 (s)
ˆ (Rationality) Z(X/Fq , s) is rational: Z(X/Fq , s) = for polynomials
p0 (s) · · · p2n (s)
pi (s) over Z.

ˆ (Functional equation) There is a functional equation Z(X/Fq , n−s) = ±q nE/2−Es Z(X/Fq , s)

where E is the Euler characteristic of X.

501
 Chapter 28. Introduction

ˆ (Riemann hypothesis) The zeroes α of each pj (s), 1 ≤ j ≤ 2n − 1 satisfy |α| = q 1/2 .

(7) Let K/Q be a number field and X a smooth projective variety over K. The (global)
zeta function for X is the following product of the Hasse-Weil zeta functions for X/Fq :
Y
Z(X, s) = Z(X/Fp , p−s )
p∗

(* the product is over all but finitely many primes).

(8) Automorphic L-functions are a vast generalization of Hecke L-functions. These typ-
ically come from automorphic representations of an algebraic group, but the Modularity
Theorem (formerly the Taniyama-Shimura conjecture until it was proven by Wiles in a spe-
cial case and Taylor, et al in full) states that the L-series attached to an elliptic curve over
Q is modular, i.e. that it coincides with an automorphic L-function.

502
Chapter 29

Locally Compact Groups

503
29.1. Topological Vector Spaces Chapter 29. Locally Compact Groups

29.1 Topological Vector Spaces

Definition. A topological field is a field k with a topology with respect to which the
addition, multiplication and inversion maps + : k × k → k, · : k × k → k and (−)−1 : k → k
are continuous, where k × k has the product topology.

Definition. For a topological field k, a topological vector space over k is a k-vector

space V with a topology such that V is a topological abelian group and the structure map
k × V → V is continuous.

Example 29.1.1. Let k be a topological field. Then any abstract k-vector space V is
∼ L
isomorphic to a direct sum of copies of k, ϕ : V −→ Ω k, indexed
L byQsome set Ω. Then V
inherits a topology by pulling back the subspace topology on Ω k ⊆ Ω k along ϕ and this
makes V into a topological vector space.

Example 29.1.2. If V is a Banach space (a complete normed linear space) over R or C,

then V is a topological vector space with respect to the norm topology.

We will assume for the rest of these notes that all topological vector spaces are T1
(and therefore Hausdorff by homogeneity). For a topological vector space V /k, let Aut(V )
denote the k-automorphisms of V and let Auttop (V ) denote the subspace of continuous k-
automorphisms of V having continuous inverses.
For a real or complex vector space V and a subset S ⊆ V , we say S is convex if for all
x, y ∈ S, tx + (1 − t)y ∈ S for every value t ∈ [0, 1]. We say V is locally convex if there exists
a topological basis of V consisting of convex sets.

Example 29.1.3. When V is a Banach space, the metric balls {B(0, ε) | ε > 0} form a
system of convex neighborhoods around 0, so by homogeneity V is locally convex.

Definition. Suppose G is a locally compact topological group and V is a locally convex topo-
logical vector space over C. A topological representation of G is a group representation
ρ : G → Aut(V ) such that the associated map

G × V −→ V
(g, v) 7−→ ρg (v)

is continuous (with respect to the product topology on G × V ).

Note that if ρ is a topological representation of G, then ρ(G) ⊆ Auttop (V ). The converse

is not immediately true, but in a moment we will give conditions under which this does hold.

Definition. Let X be a topological space, V a topological vector space and let Map(X, V ) be
the space of set maps X → V . A set F ∈ Map(X, V ) is said to be equicontinuous if for
all x ∈ X and every neighborhood U ⊆ V of 0, there exists a neighborhood W ⊆ X such that
f (y) ∈ U + f (x) for every y ∈ W and f ∈ F .

Proposition 29.1.4. Suppose ρ : G → Aut(V ) is a representation of a locally compact

group. Then ρ is a topological representation if and only if the following conditions are met:

504
29.1. Topological Vector Spaces Chapter 29. Locally Compact Groups

(1) For every compact set K ⊆ G, ρ(K) is equicontinuous.

(2) For all v ∈ V , the map G → V, g 7→ ρg (v) is continuous.

Proof. ( =⇒ ) Suppose ρ is a topological representation. Then for all v ∈ V , the map

G → V, g 7→ ρg (v) factors as a composition G → G × V → V , where G → G × V is the
first coordinate inclusion (hence continuous), and G × V → V is (g, x) 7→ ρg (x), which is
continuous by hypothesis. Hence (2) holds.
For (1), fix a compact set K ⊆ G. It will suffice to show equicontinuity about 0 ∈ V , i.e.
for all neighborhoods U ⊆ V of 0, there exists a neighborhood W ⊆ V of 0 such that for all
y ∈ W and g ∈ K, ρg (y) ∈ U . We know G × V → V is continuous, so for each g ∈ G, there
exists a neighborhood Hg ⊆ G of g and a neighborhood Wg ⊆ V of 0 for which ρh (Wg ) ⊆ U
for allSh ∈ Hg . Since K is Tcompact and covered by the Hg , there exist g1 , . . . , gn such that
K ⊆ i=1 Hgi . Set W = ni=1 Wgi , which is then a neighborhood of 0 in V . Then for all
n

g ∈ K and w ∈ W , we have ρg (w) ∈ W by construction. Hence ρ(K) is equicontinuous.

( ⇒= ) Given (1) and (2), we want to show that G × V → V is continuous, i.e. for fixed
(g, x) ∈ G × V and for any neighborhood U ⊆ V of 0, there exist neighborhoods H ⊆ G
of g and W ⊆ V of 0 such that ρh (x + w) − ρg (x) ∈ U for all h ∈ H, w ∈ W . Since V is
locally convex, we can find a convex neighborhood of 0 contained in U , so we may assume
U itself is convex. Also, since G is locally compact, there exists a compact neighborhood of
g, say K ⊆ G. Now by (1), ρ(K) is equicontinuous so there exists a neighborhood W ⊆ V
of 0 such that ρh (w) ∈ 21 U for all h ∈ K, w ∈ W . And by (2), there exists a neighborhood
H ⊆ G of g such that ρh (x) − ρg (x) ∈ 12 U for all h ∈ H. We may assume that H ⊆ K. Now
we have that for all h ∈ H, w ∈ W ,

ρh (x + w) − ρg (x) = ρh (w) + ρh (x) − ρg (x) ∈ 12 U + 12 U

but since U is convex, 21 U + 12 U = U and hence ρh (x + w) − ρg (x) ∈ U . Hence ρ is a

topological representation.

Example 29.1.5.Q If V is a Banach space, we mayQtopologize Aut(V ) as follows. Note that

∼
Map(V, V ) = v∈V V so the product topology on v∈V V induces a topology on Map(V, V )
and in turn a subspace topology on Aut(V ) ⊆ Map(V, V ) (this also induces a topology
on Auttop (V )). In fact, this topology on Aut(V ) is equivalent to the topology of pointwise
convergence. Under this topology, every abstract representation ρ : G → Aut(V ) of a locally
compact group is continuous. In particular, if K ⊆ G is a compact set then ρ(K) is always
compact in Aut(V ). This allows us to cut down the conditions in Proposition 29.1.4.

Corollary 29.1.6. Suppose V is a Banach space and G is a locally compact group. Then
a group representation ρ : G → Aut(V ) is a topological representation if and only if for all
x ∈ V , the map G → V, g 7→ ρg (x) is continuous.

Let ρ : G → Aut(V ) be a representation.

Definition. A G-invariant subspace of V is a subspace W ⊆ V such that ρg (W ) ⊆ W

for all g ∈ G.

505
29.1. Topological Vector Spaces Chapter 29. Locally Compact Groups

Definition. A representation ρ : G → Aut(V ) is said to be algebraically irreducible if

V has no proper G-invariant subspaces, i.e. V is simple as a C[G]-module. We say ρ is
topologically irreducible if V has no proper, closed G-invariant subspaces.

Definition. An equivalence of G-representations (ρ, V ) ∼ (ρ0 , V 0 ) is a homeomorphism

T : V → V 0 such that the diagram

T
V V0

ρg ρ0g
T
V V0

commutes for every g ∈ G, or equivalently T is a C[G]-module homomorphism.

506
29.2. Banach Algebras Chapter 29. Locally Compact Groups

29.2 Banach Algebras

Suppose A and B are complex vector spaces and Hom(A, B) is the set of continuous (or
equivalently, bounded) linear maps A → B. Then Hom(A, B) is a Banach space with
respect to the operator norm
||T a||B
||T ||op = sup .
a∈A ||a||A

When A = B, we write End(A) = Hom(A, A).

Definition. A Banach algebra is a C-algebra A with 1A ∈ A (and possibly noncommuta-
tive) that admits the structure of a complex Banach space which is submultiplicative, i.e.
||ab|| ≤ ||a|| ||b|| for all a, b ∈ A, and is normalized so that ||1A || = 1.
Let A be a Banach algebra. Each a ∈ A defines a linear map

ρa : A −→ A
b 7−→ ab.

Then ρa ∈ End(A) and it follows from ||1A || = 1 that ||ρa ||op = ||a|| for all a ∈ A. This
determines an embedding ρ : A ,→ End(A). Let A× be the units of A and observe that, by
submultiplicativity,
P∞ n if a ∈ A such that ||a|| < 1, then 1 − a ∈ A× (this follows from the fact
that n=1 a converges in A).
Proposition 29.2.1. Let A be a Banach algebra. Then A× ⊆ A is an open subset and
A× → A× , a 7→ a−1 is a homeomorphism.
Proof. Let a ∈ A× and take b ∈ B(a, ||a−1 ||−1 ). (Since || · || is only submultiplicative,
||a−1 ||−1 ≤ ||a|| but not necessarily equal.) Then ||a − b|| < ||a−1 ||−1 so multiplying by a−1 ,
we get
||a−1 (a − b)|| ≤ ||a−1 || ||a − b|| < 1
which by the remark above implies 1 − a−1 (a − b) ∈ A× . Multiplying by a gives b =
a − (a − b) ∈ A× , so we have an open neighborhood around a in A× . The second statement
is an easy consequence.
Definition. Let A be a Banach algebra and a ∈ A. The spectrum of a is

sp(a) = {λ ∈ C | λ1A − a 6∈ A× }.

The spectral radius of a is r(a) = sup{|λ| : λ ∈ sp(a)} and the complement C r sp(a) is
called the resolvent set of a.
Lemma 29.2.2. For all a ∈ A, r(a) ≤ ||a||.
Proof. Suppose λ ∈ C r {0} such that |λ| > ||a||. Then

||λ−1 a|| < 1 =⇒ 1A − λ−1 a ∈ A× =⇒ λ1A − a ∈ A×

so λ 6∈ sp(A).

507
29.2. Banach Algebras Chapter 29. Locally Compact Groups

Theorem 29.2.3. Let A be a Banach algebra and a ∈ A. Then

(1) sp(a) is a nonempty, compact subset of C.

(2) lim ||an ||1/n = r(a).

n→∞

Proof. (1) Define ϕa : C → A by λ 7→ λ1A − a. Then ϕa is continuous and ϕ−1 ×

a (A ) =
C r sp(a), so the resolvent set is open by Proposition 29.2.1, so sp(a) is closed. Since sp(a)
is also bounded, it is compact.
(2) omitted.

Corollary 29.2.4 (Gelfand-Mazur Theorem). If A is a Banach algebra which is a division

ring, then A ∼
= C.
Proof. Take a ∈ A. By assumption A× = A r {0}, so if λ1A − a 6∈ A× for some λ ∈ C then
a = λ1A . By (1) of Theorem 29.2.3, sp(a) 6= ∅ so such a λ ∈ C exists. Define A → C by
mapping a 7→ λ. This gives the desired isomorphism.
Suppose J ⊆ A is a two-sided ideal. Then A/J is an algebra admitting a seminorm

||a + J|| = inf ||a − x||.

x∈J

Proposition 29.2.5. Suppose J ⊆ A is a closed, two-sided ideal. Then

(1) || · || is a norm on A/J.

(2) A/J is a Banach space with respect to this norm.

Proof. (1) If (xn ) is a sequence in J converging to a ∈ A, then a ∈ J since J is closed. Hence

whenever ||a + J|| = 0, we have a ∈ J, so || · || is a nondegenerate. Further, suppose a, b ∈ A.
Then

||a + J|| ||b + J|| = inf ||a − x|| inf ||b − y||
x∈J y∈J

≥ inf ||a − x|| ||b − y||

x,y∈J

≥ inf ||(a − x)(b − y)|| by submultiplicativity

x,y∈J

= inf ||ab − xb − ay + xy||

x,y∈J

= inf ||ab − (xb + ay − xy)||

x,y∈J

≥ ||ab + J|| since xb + ay − xy ∈ J.

Hence || · || is a norm.
(2) is straightforward.

Remark. It is useful to note that for any two-sided ideal of A, the topological closure J is
also a two-sided ideal of A, by submultiplicativity.

508
29.3. The Gelfand Transform Chapter 29. Locally Compact Groups

29.3 The Gelfand Transform

Suppose A is a commutative Banach algebra.

Definition. A character of A is a C-algebra homomorphism χ : A → C. The set of

characters of A is denoted A.
b

Note that any character χ : A → C is surjective.

Proposition 29.3.1. Let A be a commutative Banach algebra. Then

(1) If J ⊆ A is a maximal ideal, then J is closed.

(2) The map

b −→ MaxSpec(A)
A
χ 7−→ ker χ

is a bijection.

(3) Every character χ ∈ A

b is continuous.

(4) For all a ∈ A, sp(a) = {χ(a) | χ ∈ A}.

b

Proof. (1) By Proposition 29.2.1, A× is open in A so an ideal J is proper if and only if J is

proper. This implies that maximal ideals are closed.
(2) Given a character χ ∈ A,
b there is a factorization through the quotient:
χ
A C
p χ

A/ ker χ

Since χ is surjective, χ is surjective, so A/ ker χ is a field and thus ker χ is a maximal ideal.
On the other hand, for any m ∈ MaxSpec(A), the Gelfand-Mazur theorem (Corollary 29.2.4)
implies

χm : A/m −→ C
λ1A 7−→ λ

is the unique C-algebra isomorphism A/m ∼

= C. Hence m defines a character χm := χm ◦p ∈ A:
b
χm
A C
p χm

A/m

509
29.3. The Gelfand Transform Chapter 29. Locally Compact Groups

p χ
(3) Any χ ∈ A − A/ ker χ →
b factors as χ : A → − C as above, and both maps are continuous.
(4) Let a ∈ A. Then

λ ∈ sp(a) ⇐⇒ λ1A − a 6∈ A×
⇐⇒ λ1A − a ∈ m for some maximal ideal m
⇐⇒ χ(λ1A − a) = 0 for some χ ∈ A
b by (2)
⇐⇒ λ = χ(a) for some χ ∈ A.
b

Thus sp(a) = {χ(a) | χ ∈ A}.

b

b as a subring of A∗ = Homtop (A, C), the topological dual of A.

This allows us to view A
We could equip A∗ with the norm topology, but this turns out to be too strong of a topology
for our purposes.

Definition. The weak topology on A∗ is the topology generated by all maps A∗ → C in

A∗∗ . The weak∗ topology on A∗ is the toplogy generated by all of the evaluation maps
eva ∈ A∗∗ for a ∈ A, defined by

eva : A∗ −→ C
ϕ 7−→ ϕ(a).

We endow A b with the subspace topology induced by the weak∗ topology on A∗ ; this is
called the Gelfand topology on A.
b

Lemma 29.3.2. The weak∗ topology makes A∗ into a locally convex topological vector space.

The following theorem is standard in a functional analysis course.

Theorem 29.3.3 (Alaoglu). Let B ∗ = {f ∈ A∗ : ||f ||op ≤ 1} be the unit ball in A∗ . Then
B ∗ is compact in the weak∗ topology.

Lemma 29.3.4. For any commutative Banach algebra A,

b ⊆ B∗.
(1) A

(2) A
b is compact and Hausdorff in the Gelfand topology.

Proof. (1) For all a ∈ A and χ ∈ A,

b χ(a) ∈ sp(a) by (4) of Theorem 29.3.1, so

|χ(a)| ≤ r(a) ≤ ||a||

by Lemma 29.2.2. Hence ||χ|| ≤ 1.

(2) Since A∗ is Hausdorff (this is easy to prove), the subspace A b is Hausdorff. To show A
b
is compact, it suffices by (1) to show that A b is closed in A∗ . Suppose (χn ) is a sequence in
Ab converging to χ ∈ A∗ . Convergence in the weak∗ topology means that for all a ∈ A, the
sequence (χn (a)) converges, say to χ(a). This defines χ : A → C. Further, since each χn is
a C-algebra homomorphism, so is χ. Hence χ ∈ A, b so A b is closed.

510
29.3. The Gelfand Transform Chapter 29. Locally Compact Groups

For all a ∈ A, let the evaluation map A

b → C, χ 7→ χ(a) be denoted by â. Let C(A)b be
the C-algebra of continuous maps A b → C, which is a Banach space with respect to the sup
norm ||f ||∞ supχ∈Ab |f (χ)|.

Definition. The Gelfand transform of a commutative Banach algebra A is the map

Γ : A −→ C(A) b
a 7−→ â.

Theorem 29.3.5. For any commutative Banach algebra A,

(1) Γ is a C-algebra homomorphism which decreases in norm.

(2) The image Γ(A) ⊆ C(A)

b separates points.

(3) For all a ∈ A, â(A)

b = sp(a) and ||â||∞ = r(a).

(4) ker Γ = r(A), the Jacobson radical of A.

(5) Γ is injective if and only if A is semisimple as a ring.

Proof. The proofs of all five properties are straightforward from the definitions.

511
29.4. Spectral Theorems Chapter 29. Locally Compact Groups

29.4 Spectral Theorems

Suppose A is a complex vector space of complex-valued functions on some space X.

Definition. A complex function space A is self-adjoint if A is closed under complex con-

jugation, that is, for all T ∈ A, the function T : X → C, x 7→ T x := T x is also in A.

Remark. Let AR = A ∩ C(X, R) be the subspace of real-valued functions in A. Then A is

self-adjoint if and only A can be written A = AR + iAR .

Now suppose X is a compact Hausdorff space. Set C(X) = C(X, C) to distinguish from
C(X, R). The Stone-Weierstrass theorem is an important result from functional analysis
which in some ways gives a function space analogue of Hilbert’s Nullstellensatz.

Theorem 29.4.1 (Stone-Weierstrass). If A ⊆ C(X, R) is a closed subalgebra that separates

points in X, then either

(1) A = C(X, R), or

(2) A = {f ∈ C(X, R) | f (x) = 0} for some x ∈ X.

Further, if A is a unital algebra, then only (1) is possible.

The following is a complex analogue of the Stone-Weierstrass theorem.

Corollary 29.4.2. Let A be a self-adjoint, unital subalgebra of C(X) that separates points
in X. Then A is dense in C(X).

Proof. By the remark, we may write A = AR + iAR . Since A separates points, so does AR , so
by the Stone-Weierstrass theorem for this real function space, we get AR = C(X, R). Hence
A = AR + iAR = C(X, R) + iC(X, R) = C(X).

Definition. A pre-Hilbert space is a complex vector space H endowed with a positive

p h·, ·i : H × H → C. Such a Hermitian form defines a norm || · ||
definite Hermitian form
on H given by ||v|| = hv, vi. When H is complete with respect to this norm, H is called a
Hilbert space.

Let H be a Hilbert space and consider End(H), the space of continuous (bounded) linear
maps H → H. Then End(H) is a Banach algebra. For each T ∈ End(H), there is a unique
adjoint operator T ∗ ∈ End(H) satisfying

hT x, yi = hx, T ∗ yi for all x, y ∈ H.

This defines an involution End(H) → End(H), T 7→ T ∗ . The following properties of the

adjoint are standard and easy to verify.

Lemma 29.4.3. For any S, T ∈ End(H) and λ1 , λ2 ∈ C,

(i) T ∗∗ = T .

512
29.4. Spectral Theorems Chapter 29. Locally Compact Groups

(ii) (λ1 S + λ2 T )∗ = λ̄1 S ∗ + λ̄2 T ∗ .

(iii) (ST )∗ = T ∗ S ∗ .

(iv) ||T ∗ || = ||T ||.

(v) ||T T ∗ || = ||T ||2 = ||T ∗ T ||.

Definition. An operator T ∈ End(H) is

ˆ self-adjoint if T = T ∗ ;

ˆ unitary if T −1 = T ∗ ;

ˆ normal if T T ∗ = T ∗ T .

Proposition 29.4.4. If T ∈ End(H) is normal then ||T || = r(T ), the spectral radius of T .

Proof. On one hand, we have r(T ) ≤ ||T || by Lemma 29.2.2. Note that when T is normal,
the operator T T ∗ is self-adjoint. This allows us to write the following for any n ≥ 1:
n
2n−1
||T ||2 = ||T ||2
n−1
= ||T T ∗ ||2 by Lemma 29.4.3(v)
2n
= ||(T T ∗ ) ||1/2 since T T ∗ is self-adjoint
n n
= ||T 2 (T ∗ )2 ||1/2 since T is normal
2n 2n ∗ 1/2
= ||T (T ) ||
n
1/2
= ||T 2 ||2 by Lemma 29.4.3(v) again
n
= ||T 2 ||.

Recall from (2) of Theorem 29.2.3 that r(T ) = limn→∞ ||T n ||1/n . Then the above shows that
n −n
r(T ) ≥ limn→∞ ||T 2 ||2 = limn→∞ ||T || = ||T || so we conclude that r(T ) = ||T ||.

Proposition 29.4.5. Let T ∈ End(H). Then

(a) If T is unitary, then sp(T ) ⊆ S 1 .

(b) If T is self-adjoint, then sp(T ) ⊆ R.

Proof. (a) Note that in general, λ ∈ sp(T ) if and only if λ−1 ∈ sp(T −1 ). So if T is unitary,
meaning T T ∗ = 1, then it follows from Lemma 29.4.3(iv) that ||T || = ||T −1 || = 1. Thus
if λ ∈ sp(T ), then |λ| ≤ 1, but at the same time λ−1 ∈ sp(T −1 ) implies |λ−1 | ≤ 1. Hence
|λ| = 1, or λ ∈ S 1 .
(b) The operator
∞
X (iT )n
exp(iT ) =
n=0
n!

513
29.4. Spectral Theorems Chapter 29. Locally Compact Groups

is well-defined (the sum converges) and we have

∞ ∞
∗
X ((iT )∗ )n X (−iT )n
(exp(iT )) = = = exp(−iT ).
n=0
n! n=0
n!

Therefore exp(iT ) is unitary, so for λ ∈ sp(T ), exp(iλ) ∈ sp(exp(iT )) ⊆ S 1 by part (a), so

we must have | exp(iλ)| = 1 and therefore λ ∈ R.
Suppose A and B are complex Banach algebras, each with an involution ∗ that is
conjugate-linear, anti-multiplicative and satisfies ||xx∗ || = ||x||2 for all x ∈ A (resp. x ∈ B).
Such an algebra is called a C ∗ -algebra and a ∗-morphism is an algebra homomorphism
ϕ : A → B such that ϕ(x∗ ) = (ϕ(x))∗ for all x ∈ A.
Proposition 29.4.6. Let A be a self-adjoint, unital, closed, commutative subalgebra of
End(H). Then the Gelfand transform Γ : A → C(A) b is an isometry and a ∗-isomorphism of
C-algebras with respect to the adjoint on A and complex conjutation on C(A).
b

Proof. Since A is commutative and self-adjoint, any T ∈ A is normal. Thus by Proposi-

tion 29.4.4 and Theorem 29.3.5, ||T || = r(T ) = ||Tb||, so Γ is an isometry. It remains to show
Γ is surjective and is a ∗-morphism.
Notice that if T ∈ A is self-adjoint, then for any γ ∈ A, b Tb(γ) = γ(T ) ∈ sp(T ) ⊆ R
by Proposition 29.4.5(b). More generally, any T ∈ A can be written T = T0 + iT1 for the
∗ ∗
self-adjoint operators T0 = T +T
2
and T1 = T −T
2i
. Then Γ(T0 ), Γ(T1 ) ∈ C(A, R), so

Γ(T ∗ ) = Γ((T0 + iT1 )∗ )

= Γ(T0∗ − iT1∗ ) by Lemma 29.4.3(ii)
= Γ(T0 − iT1 ) by self-adjointness
= Γ(T0 ) − iΓ(T1 ) by Theorem 29.3.5
= Γ(T0 ) + iΓ(T1 ) since Γ(T0 ), Γ(T1 ) ∈ R
= Γ(T ).

Hence Γ respects the involutions on A and C(A). b

For surjectivity, recall from Theorem 29.3.5 that Γ(A) separates points and is unital.
Further, Γ(A) is self-adjoint since Γ is a ∗-morphism. Finally, A is isometric and isomorphic
as a complex algebra to Γ(A) ⊆ C(A), b but A ⊆ End(H) is closed which implies that Γ(A) ⊆
C(A)
b is also closed. Hence by Corollary 29.4.2, Γ(A) = C(A)b so Γ is surjective.

For a normal operator T ∈ End(H), let AT denote the smallest subalgebra of End(H)
containing T which is self-adjoint, unital, closed and commutative. Equivalently, AT is the
subalgebra of End(H) generated by {1, T, T ∗ }.
Theorem 29.4.7 (First Spectral Theorem). Let T ∈ End(H) be a normal operator. Then
there is a map
Φ : C(sp(T )) −→ AT
which is an isometry and a ∗-isomorphism of unitary C-algebras. Further, if iT : sp(T ) ,→ C
is the natural inclusion, then Φ(iT ) = T .

514
29.4. Spectral Theorems Chapter 29. Locally Compact Groups

Proof. Consider the map Ψ : C(sp(T )) → C(A bT ) which sends f 7→ f ◦ Tb, which is well-defined
since im Tb = spAT (T ), the spectrum of T in the subalgebra AT . Then to prove the theorem,
we will show Ψ is an isometry and a ∗-isomorphism and spAT (T ) = sp(T ), so that we can
define Φ by
Ψ
C(sp(T )) C(A
bT )

Γ
Φ
AT

since Γ is an isometry and a ∗-isomorphism by Proposition 29.4.6.

To show spAT (T ) = sp(T ), note that sp(T ) ⊆ spAT (T ) always holds. On the other
hand, for λ ∈ spAT (T ), the Hahn-Banach theorem implies that there exists a function f ∈
C(spAT (T )) satisfying f (λ) = 1, ||f || = 1 and f ≡ 0 outside an ε-neighborhood of λ, i.e.
for some ε > 0, f (µ) = 0 whenever |µ − λ| ≥ ε. Set P = Φ(f ). Then for the inclusion
i : spAT (T ) ,→ C, we have

||(T − λ1H )P || = ||Φ−1 ((T − λ1H )P )|| = ||(i − λ)f || ≤ ε

since for any µ, ((i − λ)f )(µ) = (µ − λ)f (µ). If T − λ1H had an inverse in End(H), we would
have
1 = ||P || = ||(T − λ1H )−1 (T − λ1H )P || ≤ ||(T − λ1H )−1 ||ε
by submultiplicativity of || · ||, but this would imply
1
≤ ||(T − λ1H )−1 ||
ε
for all ε > 0, which is impossible. Hence T − λ1H is not a unit in End(H), so λ ∈ sp(T ),
which proves spAT (T ) ⊆ sp(T ).
Now to show Ψ is an isometry and a ∗-isomorphism, note that Tb : A bT → spA (T ) =
T

sp(T ) is surjective and continuous by Proposition 29.3.1. Moreover, if Tb(γ1 ) = Tb(γ2 ) for
γ1 , γ2 ∈ A
bT , then γ1 (T ) = γ2 (T ), which is equivalent to

γ1 (T ∗ ) = γ1 (T ) = γ2 (T ) = γ2 (T ∗ )

since Γ is a ∗-morphism. By definition AT is generated by {1, T, T ∗ }, so this implies that

γ1 = γ2 on AT , but since AT is closed, γ1 = γ2 identically. Thus Tb is injective, hence a
continuous bijection. By Lemma 29.3.4, A bT is compact, so Tb is also a closed map and hence
a homeomorphism. We have thus proven that Ψ is an isomorphism (and it’s not to hard to
show it preserves adjoints), so finally, notice that f and f ◦ Tb each take on the same values
in C. Therefore ||f || = ||f ◦ Tb||, so Ψ is an isometry.

515
29.5. Unitary Representations Chapter 29. Locally Compact Groups

29.5 Unitary Representations

Definition. Let G be a locally compact group and ρ : G → Aut(H) be a topological repre-
sentation, where H is a Hilbert space. Then ρ is unitary if for all g ∈ G, ρg is unitary, i.e.
ρ∗g = ρ−1
g .

Notice that when ρ is a unitary representation, we have hx, yi = hρg (x), ρg (y)i for all
g ∈ G and x, y ∈ H.

Proposition 29.5.1. Let H be a Hilbert space and T ∈ End(H) be a normal operator. Then
the following are equivalent:

(1) sp(T ) is a singleton.

(2) AT ∼
= C as C ∗ -algebras.
(3) T = λ1H for some λ ∈ C.

Proof. (1) =⇒ (2) If sp(T ) = ∗, then C(sp(T )) ∼

= C so the spectral theorem (29.4.7) implies
∼
that AT = C.
(2) =⇒ (3) If AT ∼ = C, then T may be viewed as λ1H ∈ AT for some λ ∈ C.
(3) =⇒ (1) For any µ ∈ sp(T ), (µ − λ)1H = µ1H − λ1H 6∈ End(H)× , but this is only
possible when µ − λ = 0, i.e. µ = λ. Therefore λ is the only element of sp(T ).
Recall Schur’s Lemma from representation theory.

Theorem 29.5.2 (Schur’s Lemma). Let G be an abstract group and suppose ρ : G → Aut(V )
and ρ0 : G → Aut(V 0 ) are irreducible representations. Then any T ∈ HomG (V, V 0 ) is either
trivial or a k-vector space isomorphism.

This generalizes to the case of topological representations of locally compact groups as

follows.

Theorem 29.5.3. Suppose G is a locally compact group, H is a Hilbert space and ρ : G →

Aut(H) is a topological representation that is topologically irreducible and unitary. Then any
normal operator T ∈ EndG (H) is of the form T = λ1H for some λ ∈ C. In particular, for
every operator T , T T ∗ = λ1H for some λ ∈ C.

Proof. For any T ∈ EndG (H), let T ∗ be the adjoint. Then for all g ∈ G and x, y ∈ H,

hρg (x), T ∗ ρg (y)i = hT ρg (x), ρg (y)i

= hρg (T x), ρg (y)i since T is G-equivariant
= hT x, yi since ρ is unitary
= hx, T ∗ yi by adjunction
= hρg (x), ρg (T ∗ y)i by unitary again.

In particular, for x = 1H , this gives h1, T ∗ ρg (y)i = h1, ρg (T y)i, but h1, ·i is injective, so this
implies T ∗ ρg = ρg T ∗ for all g ∈ G. Hence T ∗ is G-equivariant. Since AT is generated as a

516
29.5. Unitary Representations Chapter 29. Locally Compact Groups

subalgebra of End(H) by {1, T, T ∗ } and all of these are now G-equivariant, it follows that
AT ⊆ EndG (H).
Now take T to be normal and suppose λ1 , λ2 ∈ sp(T ) are distinct. Since sp(T ) is Haus-
dorff, there are disjoint neighborhoods U1 , U2 ⊆ sp(T ) of λ1 and λ2 , respectively. Choose
functions f1 , f2 ∈ C(sp(T )) such that for i = 1, 2, fi (sp(T ) r {Ui }) = 0 and fi (λi ) = 1,
again using the Hahn-Banach theorem for example. Then f1 , f2 6= 0 but since U1 ∩ U2 = ∅,
f1 f2 = 0. Let Φ : C(sp(T )) → AT be the isomorphism from the spectral theorem (29.4.7).
Then since f1 6= 0, Φ(f1 )(H) is nonzero. On the other hand, Φ(f1 ) ∈ AT ⊆ EndG (H)
by the first paragraph, so Φ(f1 )(H) is a nonzero, G-equivariant subspace of EndG (H) and
by the same argument, so is its closure. Since ρ is topologically irreducible, this means
Φ(f1 )(H) = H. Applying this again for Φ(f2 ), we conclude that Φ(f2 )Φ(f1 )(H) = H, but
Φ(f2 f1 )(H) = Φ(0)(H) = {0}, contradicting the fact that Φ is an algebra homomorphism.
Hence sp(T ) can only consist of one point, so Proposition 29.5.1 shows that T = λ1H for
some λ ∈ C.

Corollary 29.5.4. Suppose G is a locally compact abelian group, H is a Hilbert space and
ρ : G → Aut(H) is a unitary, irreducible topological representation. Then dimC (H) = 1.

Proof. Because ρ is unitary, every g ∈ G acts by a unitary normal operator ρg ∈ End(H),

so Theorem 29.5.3 shows that ρg = χ(g)1H for some χ(g) ∈ C. In fact, χ(g) ∈ S 1 by
Proposition 29.4.5(a). Then for any x ∈ H, Cx is a G-invariant, closed subspace of H so by
irreducibility of ρ, H = Cx.

517
Chapter 30

Duality

Let G be a topological abelian group and let S 1 be the unit circle in C. The multiplicative
group of characters
b = {f : G → S 1 | f is a continuous homomorphism}
G

is called the Pontrjagin dual of G. Endowed with the compact-open topology, G

b becomes a
topological group and one can prove the following properties:

Proposition 30.0.1. For a topological abelian group G with Pontrjagin dual G,

b

(1) If G is discrete, G
b is compact.

(2) If G is compact, G
b is discrete.

(3) If G is locally compact then so is G.

b

The Pontrjagin dual is the key ingredient in establishing the Fourier transform and prov-
ing the Pontrjagin duality theorem for locally compact groups.

518
30.1. Functions of Positive Type Chapter 30. Duality

30.1 Functions of Positive Type

Assume G is a locally compact abelian group with (left) Haar measure ds and set

Cc (G) = {f : G → C | f is continuous with compact support}.

Then Cc (G) is dense in Lp (G) for all 1 ≤ p ≤ ∞.

Definition. A Haar measurable function ϕ ∈ L∞ (G) is of positive type if for all f ∈

Cc (G), ZZ
ϕ(s−1 t)f (s) ds f (t) dt ≥ 0.
G×G

Let ϕ be a function of positive type. Then

ZZ
hf1 , f2 iϕ = ϕ(s−1 t)f1 (s) ds f2 (t) dt
G×G

defines a sesquilinear form on Cc (G). Set Wϕ = {f ∈ Cc (G) | hf, f iϕ = 0}.

Lemma 30.1.1. For all functions ϕ of positive type on G, Wϕ is a vector subspace of Cc (G)
and h·, ·iϕ descends to a positive definite, Hermitian form on the the quotient Cc (G)/Wϕ .

Let Vϕ be the completion of the normed space (Cc (G)/Wϕ , h·, ·iϕ ). By abuse of notation
we will also denote the extension of h·, ·iϕ to this completion by h·, ·iϕ .

Proposition 30.1.2. For every function ϕ of positive type on G, Vϕ is a Hilbert space.

Now for f : G → C and s ∈ G, define the function Ls f : G → C by Ls f (t) = f (s−1 t).

Lemma 30.1.3. For any f : G → C and s ∈ G,

(a) If f ∈ Cc (G) then Ls f ∈ Cc (G).

(b) If ϕ is a function of positive type and f ∈ Cc (G), then hLs f, Ls f iϕ = hf, f iϕ .

(c) The assignment G → Cc (G), s 7→ Ls f is continuous for each f ∈ Cc (G).

Proof. (a) and (c) are routine. For (b), we have

ZZ
hLs f, Ls f iϕ = ϕ(t−1 u)f (s−1 t) dt f (s−1 u) du
Z ZG×G
= ϕ((s−1 t)−1 (s−1 u))f (s−1 t) dt f (s−1 u) du
Z ZG×G
= ϕ(t−1 u)f (t) dt f (u) du by left-invariance of Haar measure
G×G
= hf, f iϕ .

519
30.1. Functions of Positive Type Chapter 30. Duality

Theorem 30.1.4. Let G be a locally compact group and ϕ a function of positive type on G.
Then s 7→ Ls induces a unitary representation of G on Vϕ .

Proof. Lemma 30.1.3 implies that s 7→ Ls is a unitary representation of G abstractly, so

it will suffice to show it is also a topological representation. By Corollary 29.1.6, it’s even
enough to show that for each f ∈ Cc (G), s 7→ Ls f is continuous, but this can be shown by
normal analytical methods (see Ramakrishnan-Valenza for the proof).

Definition. Let f and g be complex-valued Borel functions on a locally compact topological

group G, equipped with a (left) Haar measure ds. Then the convolution of f and g is the
function Z Z
f ∗ g(t) := g(s t)f (s) ds = g(s−1 )f (ts) ds.
−1
G g

Proposition 30.1.5. Let G be a locally compact abelian group. Then

(i) If f ∗ g(x) exists for some x ∈ G, then g ∗ f (x) exists and f ∗ g(x) = g ∗ f (x).

(ii) If f, g ∈ L1 (G) then f ∗ g(x) exists for almost all x ∈ G. Moreover, ||f ∗ g||1 ≤
||f ||1 ||g||1 so in particular f ∗ g ∈ L1 (G).

(iii) For f, g, h ∈ L1 (G), (f ∗ g) ∗ h = f ∗ (g ∗ h).

Proof. Straightforward from the definitions.

Corollary 30.1.6. L1 (G) is a Banach algebra with respect to ∗.

We will mainly be interested in convolutions of functions f ∈ Cc (G) and ϕ ∈ L∞ (G) of

positive type. In this case, f ∗ ϕ exists everywhere and is continuous.

Theorem 30.1.7. Let ϕ be a function of positive type on G. Then there exists xϕ ∈ Vϕ such
that ϕ(s) = hxϕ , Ls xϕ iϕ for almost all s ∈ G.
T
Proof. Let {Uα } be a system of open neighborhoods of e ∈ G. Since G is Hausdorff, α Uα =
{e}. The index set {α} is a directed set under the partial ordering defined by α ≤ β
if Uβ ⊆ Uα . By Urysohn’s lemma for locally compact spaces, for each α there exists a
continuous
R function gα : G → R+ such that the support of gα is a compact subset of Uα and
g (s) ds = 1. This defines a net {gα ds}α of positive linear functionals on Cc (G); explicitly,
G αR
f 7→ G f (s)gα (s) ds. These functionals weakly converge to the Dirac measure δe : f 7→ f (e).
Let f ∈ Cc (G). Then for any α, Fubini’s theorem gives
ZZ Z
−1
ϕ(s t)f (s) ds gα (t) dt = (f ∗ ϕ)(t)gα (t) dt
G×G G

which exists because f ∗ ϕ is continuous and gα has compact support. Define

Z
Φ(f ) := limhf, gα iϕ = lim (f ∗ ϕ)(t)gα (t) dt.
α α G

520
30.1. Functions of Positive Type Chapter 30. Duality

This determines a linear form Φ on Vϕ which, after replacing f ∗ ϕ by (f ∗ ϕ)h for a function
h with compact support and such that h ≡ 1 on a neighborhood eventually containing the
support of gα , is of the form
Z
Φ(f ) = (f ∗ ϕ)(e) = ϕ(s−1 )f (s) ds. (30.1)
G

Since Vϕ is a Hilbert space, it is reflexive (i.e. self-dual), meaning there is some xϕ ∈ Vϕ

such that Φ(ξ) = hξ, xϕ iϕ for all ξ ∈ Vϕ . Then {gα } converges weakly to xϕ in Vα , so for any
ξ ∈ Vϕ and s ∈ G we have
hξ, Ls xϕ iϕ = limhξ, Ls xϕ iϕ
α
ZZ
= lim ϕ(t−1 u)ξ(t) dt gα (s−1 u) du
α G×G
Z
= ϕ(t−1 s)ξ(t) dt by (1).
G

On the other hand,

hLs xϕ , ξi = limhLs gα , ξiϕ
α
ZZ
= lim ϕ(t−1 u)gα (s−1 t) dt ξ(u) du
α G×G
Z
= ϕ(s−1 u)ξ(u) du by (1).
G

Combining these we get

Z Z
−1
hξ, Ls xϕ iϕ = ϕ(t s)ξ(t) dt = ϕ(s−1 t)ξ(t) dt (30.2)
G G

and in particular for s = e,

Z
hξ, xϕ iϕ = ϕ(t)ξ(t) dt. (30.3)
G

Now for any h ∈ Cc (G), consider

ZZ
hξ, hiϕ = ϕ(s−1 t)ξ(s) ds h(t) dt
G×G
Z
= hξ, Lt xϕ iϕ h(t) dt by (2).
G

Extend this by continuity to all of Vϕ and consider the CG-submodule V 0 of Vϕ generated by

xϕ . If ξ ∈ V 0 for some ξ ∈ Vϕ , then the above shows hξ, Lt xϕ iϕ = 0 for all t ∈ G, so ξ ≡ 0.
Hence V 0 = Vϕ . Now taking ξ = xϕ in (3) shows that for all ψ ∈ Vϕ ,
Z Z
ϕ(s)ψ(s) ds = hxϕ , ψiϕ = hxϕ , Ls xϕ iϕ ψ(s) ds.
G G

Hence ϕ(s) = hxϕ , Ls xϕ iϕ for almost all s ∈ G.

521
30.1. Functions of Positive Type Chapter 30. Duality

Corollary 30.1.8. Let ϕ be a function of positive type on G. Then ϕ is equal almost every-
where to a continuous function of positive type on G. If, moreover, ϕ is itself continuous,
then

(i) ϕ(e) ≥ 0, where e ∈ G is the identity.

(ii) ϕ(e) = sup |ϕ(s)|.

s∈G

(iii) For all s ∈ G, ϕ(s−1 ) = ϕ(s).

Proof. By Theorem 30.1.7, ϕ(s) = hxϕ , Ls xϕ iϕ a.e. for some xϕ ∈ Vϕ , but the latter is
continuous by real analysis. Now assume ϕ is continuous.
(i) Since h·, ·iϕ is positive definite on Vϕ , ϕ(e) = hxϕ , Le xϕ iϕ = hxϕ , xϕ iϕ ≥ 0.
(ii) For any s ∈ G, consider

|ϕ(s)|2 = |hxϕ , Ls xϕ iϕ |2
≤ |hxϕ , xϕ iϕ | |hLs xϕ , Ls xϕ iϕ | by Cauchy-Schwarz
= hxϕ , xϕ iϕ hxϕ , xϕ iϕ by Lemma 30.1.3(b)
= (hxϕ , xϕ iϕ )2 = ϕ(e)2 .

Taking the square root of both sides, we get ϕ(e) = sup |ϕ(s)|.
s∈G
(iii) For s ∈ G,

ϕ(s−1 ) = hxϕ , Ls−1 xϕ iϕ

= hLs xϕ , xϕ iϕ by Theorem 30.1.4
= hxϕ , Ls xϕ iϕ by Hermitian property
= ϕ(s).

Set P(G) = {ϕ : G → C | ϕ is continuous, of positive type and ||ϕ||∞ ≤ 1}. Observe

that for any ϕ of positive type, if ||ϕ||∞ ≤ 1 then ϕ(e) ≤ 1 by Corollary 30.1.8(ii).

Definition. We say a function ϕ ∈ P(G) is elementary if ϕ(e) = 1 and for any decomposi-
tion ϕ = ϕ1 + ϕ2 , with ϕ1 , ϕ2 ∈ P(G), there exist scalars λ1 , λ2 ∈ R≥0 satisfying λ1 + λ2 = 1,
ϕ1 = λ1 ϕ and ϕ2 = λ2 ϕ. Let E(G) be the set of all elementary functions on G, together with
the zero map.

Theorem 30.1.9. Let ϕ be a continuous function of positive type on G satisfying ϕ(e) = 1.

Then ϕ ∈ E(G) if and only if the unitary representation s 7→ Ls of G into Vϕ is irreducible.

Theorem 30.1.10. Let G be a locally compact abelian group. Then the elementary functions
of positive type on G are precisely the continuous characters of G, i.e. E(G) r {0} = G.
b

Proof. Given ϕ of positive type on G such that ϕ(e) = 1, consider the following two condi-
tions:

522
30.1. Functions of Positive Type Chapter 30. Duality

(i) The unitary representation of G on Vϕ given by s 7→ Ls is irreducible.

(ii) ϕ is a character of G.

By Theorem 30.1.10, showing that (i) and (ii) are equivalent will imply the statement of this
theorem.
(ii) =⇒ (i) Take ϕ ∈ G
b and f ∈ Cc (G). Then
ZZ
hf, f iϕ = ϕ(s−1 t)f (s) ds f (t) dt
G×G
Z 2
 
=  ϕ(s)f (s) ds
G

by Fubini’s theorem, which shows that Wϕ has codimension 1 in Cc (G) and hence dim Vϕ = 1.
Since G is abelian, Vϕ is an irreducible G-module.
(i) =⇒ (ii) By Corollary 29.5.4, if the unitary representation s 7→ Ls is irreducible, it is
one-dimensional. So for all ξ ∈ Vϕ , Ls (ξ) = λ(s)ξ for λ a continuous function of s. Since Ls
is unitary, Proposition 29.4.5 shows that ||Ls || = 1, which implies |λ(s)| = 1, and thus λ is
a character of G. Finally, for all s ∈ G,

ϕ(s) = hxϕ , Ls xϕ iϕ
= λ(s)hxϕ , xϕ iϕ
= λ(s)ϕ(e) = λ(s).

Hence ϕ(s) is a character of G.

523
30.2. Fourier Inversion Chapter 30. Duality

30.2 Fourier Inversion

Let G be a locally compact abelian group with (bi-invariant) Haar measure dx and character
group G.
b

Definition. The Fourier transform of a function f ∈ L1 (G) is the function fˆ : G

b→C
defined by Z
ˆ
f (χ) = f (y)χ(y) dy
G

for all χ ∈ G.
b

Note that |fˆ(χ)| ≤ ||f ||1 for all χ ∈ G.

b

Example 30.2.1. Let G = R. Then each t ∈ R may be identified with a group character
s 7→ eist . Then the Fourier transform of any f ∈ L1 (R) is the standard Fourier transform:
Z
fˆ(t) = f (s)e−ist ds.
R

Let V (G) denote the space of continuous functions of positive type in Cc (G) and set
V 1 (G) = V (G) ∩ L1 (G). The goal of this section is to prove the Fourier inversion formula:

Theorem 30.2.2 (Fourier Inversion Formula). Let G be a locally compact abelian group with
Haar measure dx. Then there exists a Haar measure dχ on G b which satisfies
Z
f (y) = fˆ(χ)χ(y) dχ
G
b

for all f ∈ V 1 (G). Moreover, the assignment f 7→ fˆ defines a bijection V 1 (G) ∼

= V 1 (G).
b

Definition. The measure dχ on G

b is called the dual measure to dx.

To prepare for the proof of the Fourier inversion formula, we relate the Fourier and
Gelfand transforms by the following result. Let B = L1 (G) and let B b = HomC (B, C)× be
the space of complex characters of B. For χ ∈ G b and f ∈ L1 (G), define
Z
ˆ
ν̂χ (f ) := f (χ) = f (y)χ(y) dy.
G

Proposition 30.2.3. For each χ ∈ G,

b ν̂χ ∈ B
b and the assignment

b −→ B
G b
χ 7−→ ν̂χ

is a bijection.

Definition. The ring of Fourier transforms of G is A(G)

b = {fˆ | f ∈ L1 (G)}.

524
30.2. Fourier Inversion Chapter 30. Duality

By Proposition 30.2.3, each Fourier transform fˆ ∈ A

b = A(G)
b can be viewed as the
Gelfand transform of f . Explicitly,

fˆ(ν̂χ ) := fˆ(χ) = ν̂χ (f ).

Let Gb have the transform topology induced by A, b i.e. the weakest topology with respect to
which each fˆ ∈ Ab is continuous. Also, let C0 (G)
b denote the C-algebra of rapidly-decaying
maps on G, or equivalently, the space of continuous functions on the one-point compactifi-
cation of G
b which are 0 at the point at infinity.

Proposition 30.2.4. The ring of Fourier transforms A

b = A(G)
b separates points and is a
self-adjoint, dense subalgebra of C0 (G).
b

Moving towards the proof of Theorem 30.2.2, we now discuss Fourier transforms of char-
acter measures. For a locally compact group G with character group G, b let µ̂ be a Radon
measure on G b < ∞. A standard analysis result is:
b with finite total mass, that is, µ̂(G)

Lemma 30.2.5. On a locally compact, Hausdorff space X, there

R is a bijective correspondence
between finite Radon measures µ and linear functionals f 7→ X f dµ on C0 (X).

Definition. For a finite Radon measure µ̂ on G,b the Fourier transform of µ̂ is the function
Tµ̂ : G → C defined for each y ∈ G by
Z
Tµ̂ (y) := χ(y) dµ̂(χ).
G
b

Lemma 30.2.6. For any finite Radon measure µ̂,

(a) The Fourier transform Tµ̂ is continuous and bounded on G.

(b) For all f ∈ L1 (G), Z Z

fˆ(χ) dµ̂(χ) = f (y)Tµ̂ (y) dy.
G
b G

Proof. (a) Continuity is clear. Boundedness follows from the fact that Tµ̂ (y) ≤ µ̂(G)
b for all
y ∈ G.
(b) By Fubini’s theorem and the definitions of fˆ and Tµ̂ ,
Z ZZ
ˆ
f (χ) dµ̂(χ) = f (y)χ(y) dy dµ̂(χ)
G
b G×Gb
ZZ
= f (y)χ(y) dµ̂(χ) dy
G×G
b
Z
= f (y)Tµ̂ (y) dy.
G

Proposition 30.2.7. Let µ̂ be a finite Radon measure on G. b If Tµ̂ (y) = 0 for all y ∈ G,
then µ̂ = 0. That is, µ̂ is completely determined by its Fourier transform.

525
30.2. Fourier Inversion Chapter 30. Duality

Proof. Suppose Tµ̂ (y) = 0 for all y ∈ G. Then by Lemma 30.2.6(b),

Z Z
fˆ(χ) dµ̂(χ) = f (y)Tµ̂ (y) dy = 0
G
b G

for all f ∈ L1 (G). Since the ring of Fourier transforms A

b = A(G)
b is dense in C0 (G) by
Proposition 30.2.4, this implies that
Z
g(χ)dµ̂(χ) = 0
G
b

b → C with compact support. Finally, Lemma 30.2.5 shows

for all continuous functions g : G
that µ̂ = 0.
As in Section 30.1, let P(G) be the set of continuous functions of positive type on G with
norm at most 1.

Theorem 30.2.8 (Bochner). Let G be a locally compact abelian group. The functions in
P(G) are precisely the Fourier transforms of Radon measures µ̂ on G
b with finite total mass
b ≤ 1.
µ̂(G)

Proof. (Sketch) Let Mc = {µ̂ | µ̂ is a Radon measure on G, b ≤ 1}. If µ̂ ∈ M

b µ̂(G) c is a point-
measure of total mass 1 concentrated at some χ ∈ G, b then for any y ∈ G, the Fourier
transform of µ̂ can be written
Z
Tµ̂ (y) = χ(y) dµ̂(χ) = χ(y).
G

Thus the Fourier transform of µ̂ is the character χ which is a function of positive type on
G such that ||χ||∞ ≤ 1, by Theorem 30.1.10. The general case is obtained by taking weakly
convergent limits of point-measures of total mass 1.
Conversely, by Lemma 30.2.6(a), the Fourier transform is a continuous map M c → P(G).
Then the same argument using weakly convergent limits of point-measures can be used to
show that the image of M c is (weakly) compact, hence closed in P(G). Finally, one observes
c in P(G) is convex and contains G∪{0},
that the image of M b and then the characterization of
elementary functions as extreme points of P(G), together with Theorem 30.1.10, will imply
that this image is all of P(G).
Let G be a locally compact abelian group and set V = V (G), the complex vector space of
continuous functions of positive type on G. Then Corollary 30.1.8(ii) implies the functions
of V are bounded. Put V 1 = V 1 (G) = V ∩ L1 (G).

Corollary 30.2.9. Each function f ∈ V uniquely determines a Radon measure µ̂f of finite
total mass on G
b such that f is the Fourier transform of µ̂f .

Proof. Existence is given by Bochner’s theorem, while uniqueness is guaranteed by Proposi-

tion 30.2.7.

526
30.2. Fourier Inversion Chapter 30. Duality

Z
As a result, we may view any function f ∈ V as f (y) = χ(y) dµ̂f (χ).
G
b

Lemma 30.2.10. There exists a net of functions {f } on V 1 = V 1 (G) such that the associated
sequence of Fourier transforms {fˆ} converges uniformly to the constant function 1 on all
compact subsets of G.
b

Lemma 30.2.11. Let f, g ∈ V 1 . Then ĝ dµ̂f = fˆ dµ̂g as measures on G.

b

Proof. By Proposition 30.2.7, it’s enough to show the equality on the corresponding Fourier
transforms. For any y ∈ G, consider
Z ZZ
Tĝ dµ̂f (y) = χ(y)ĝ(χ) dµ̂f (χ) = χ(y)g(z)χ(z) dz dµ̂f (χ) by definition of ĝ
Gb G×Gb
ZZ
= χ(y)g(z)χ(z) dµ̂f (χ) dz by Fubini’s theorem
G×G
b
ZZ
= χ(z −1 y)g(z) dµ̂f (χ) dz after a change of variables
Z G×G
b

= f (z −1 y)g(z) dz by Corollary 30.2.9

G

but this equals f ∗ g, the convolution of f and g. Since f ∗ g is symmetric with respect to f
and g, this implies Tĝ dµ̂f = Tfˆdµ̂g .

Let F be the set of bounded continuous functions ϕ : G b → C for which there exists a
Radon measure ν̂ϕ on Gb with finite total mass that satisfies ϕ dµ̂f = fˆ dν̂ϕ for all f ∈ V 1 .
Then Lemma 30.2.11 shows that the Fourier transforms of the functions in V 1 lie in F. In
particular, F is nonempty.
Lemma 30.2.12. Let ϕ ∈ F. Then
(i) The associated measure ν̂ϕ is unique.

(ii) If ϕ = fˆ for some f ∈ L1 (G), then ν̂ϕ = µ̂f , where µ̂f is the unique Radon measure
corresponding to f in Corollary 30.2.9.

(iii) If ϕ is positive, then ν̂ϕ is positive.

(iv) Let CB (G) b Then F is a CB (G)-

b be the ring of bounded continuous functions on G. b
module and the map ϕ 7→ ν̂ϕ gives a module homomorphism of F into the space of
complex Radon measures on G b of finite total mass.

(v) Every translation of ϕ lies in F.

Proof. (i) Let {f } be as in Lemma 30.2.10. Then

dν̂ϕ = lim ϕ dµ̂f

f

and the µ̂f are unique by Corollary 30.2.9, so this implies ν̂ϕ is unique.

527
30.2. Fourier Inversion Chapter 30. Duality

(ii) This already holds for f ∈ V 1 by the paragraph proceeding this lemma, and now (i)
implies the property for all f ∈ L1 (G).
(iii) This uses the same argument as in (i).
(iv) Again, use Lemma 30.2.10 and the fact that limits are linear.
(v) For any measure µ, element z ∈ G b and subset E ⊆ G, b set µz (E) = µ(z −1 E). To
prove the statement fix χ0 ∈ G b and suppose ψ(χ) = ϕ(χ−1 0 χ). Then for all h ∈ Cc (G) and
1
f ∈ L (G),
Z Z Z
−1 χ−1
h(χ)ψ(χ) dµ̂f (χ) = h(χ)ϕ(χ0 χ) dµ̂f (χ) = h(χ0 χ)ϕ(χ) dµ̂f 0 (χ)
G
b G
b G
b

χ−1
by a change of variables. We claim that dµ̂f 0 = dµ̂χ−1 0 f
. Indeed, by Bochner’s theorem
(30.2.8),
Z Z
f (y) = χ(y) dµ̂f (χ) = (χ0 χ)(y) dµ̂f (χ0 χ)
ZGb Gb
−1
χ
so χ−1 0 f (y) = χ(y) dµ̂f 0 (χ)
G
b

χ−1
but by uniqueness of µ̂χ−1
0 f
, this proves dµ̂χ−10 f
= dµ̂f 0 . Now continuing with the above
computation, we have
Z Z
h(χ)ψ(χ) dµ̂f (χ) = h(χ0 χ)ϕ(χ) dµ̂χ−1 0 f
(χ)
Gb
ZG
b

= h(χ0 χ)(χ0 fˆ)(χ)dν̂ϕ (χ) by ϕ ∈ F

ZGb

= h(χ0 χ)fˆ(χ0 χ) dν̂ϕ (χ) by definition of fˆ

ZG
b

= h(χ)fˆ(χ) dν̂ϕχ0 (χ) by a change of variables.

G
b

Hence ψ dµ̂f = fˆ dν̂ϕχ0 for all f ∈ L1 (G), but dν̂ϕχ0 = dν̂ψ , so we get ψ ∈ F as desired.
We now prove the main statement in the Fourier inversion formula (Theorem 30.2.2).
Theorem 30.2.13. Let G be a locally compact abelian group. Then there exists a Haar
b such that for all f ∈ V 1 (G),
measure dχ on G
Z
f (y) = fˆ(y)χ(y) dχ.
G
b

Proof. By Corollary 30.2.9, any f ∈ V 1 = V 1 (G) can be written

Z
f (y) = χ(y) dµ̂f (χ)
G
b

so it will suffice to show dµ̂f = fˆ dχ as measures on G.

b

528
30.2. Fourier Inversion Chapter 30. Duality

We first show that Cc (G)

b ⊆ F. Take ψ ∈ Cc (G) b and let K ⊆ G b be a compact set
containing the support of ψ. Using Lemma 30.2.10, one can construct a function f ∈ V 1
such that fˆ is bounded away from 0 on K. Then a = ψfˆ is a bounded, continuous function
b by setting a ≡ 0 on the complement of K. Then a ∈ CB (G),
on K. Extend a to all of G b and
ˆ ˆ
f ∈ F from before, so by Lemma 30.2.12(iv), ψ = f a ∈ F. Thus Cc (G)
b ⊆ F.
Next, define a map
η : Cc (G)
b −→ C
Z
ϕ 7−→ 1 dν̂ϕ (χ).
G
b

Since any ϕ ∈ Cc (G) b is also in F, this is well-defined. We claim η is a nonzero linear

functional. If f ∈ V 1 is not identically zero, then Corollary 30.2.9 implies µ̂f is a nonzero
measure. Thus there exists some a ∈ CB (G) b such that a dµ̂f 6= 0. Take ψ = afˆ, so that by
the Radon-Nikodym derivative formula, dν̂ψ = a dµ̂f . Then by the preceding observation,
dν̂ψ 6= 0, so η is nonzero. Linearity of η is given by Lemma 30.2.12(iv).
Now, the correspondence between Radon measures and linear functionals in Lemma 30.2.5
shows that η determines a Radon measure dχ of finite total mass on G. b Moreover, since ν̂ϕ
is positive for all functions ϕ of positive type (by Lemma 30.2.12(iii)), it follows that dχ is a
positive Radon measure. To show dχ is in fact a Haar measure on G, b it will suffice to show
η is left-invariant. For any χ0 ∈ G, b let Lχ0 be the left-translation operator ψ 7→ χ0 ψ. Then
we have
Z
η(Lχ0 ψ) = 1 dν̂Lχ0 ψ (χ)
ZGb

= 1 dν̂ψχ0 (χ) by Lemma 30.2.12(v)

ZG
b

= Lχ−1
0
dν̂ψ (χ) by a change of variables
ZGb

= 1 dν̂ψ (χ) since Lχ−10

is a homeomorphism
G
b

= η(ψ).
Hence η is left-invariant, so it follows that dχ is a Haar measure. Explicitly, this satisfies
Z Z
ψ(χ) dχ = 1 dν̂ψ (χ)
G
b G
b

for all ψ ∈ Cc (G).

b
Finally, we show the Fourier inversion formula. For ϕ ∈ F and a ∈ Cc (G),
b Lemma 30.2.12(iv)
shows that Z Z Z
a(χ)ϕ(χ) dχ = 1 dν̂aϕ (χ) = a(χ) dν̂ϕ (χ).
G
b G
b G
b

Hence ϕ dχ = dν̂ϕ for all ϕ ∈ F. In particular, for f ∈ V we know fˆ ∈ F from before, and
1

fˆ dχ = dµ̂f by Lemma 30.2.12(ii), so we get

Z
f (y) = χ(y) dµ̂f (χ),
G
b

529
30.2. Fourier Inversion Chapter 30. Duality

proving the formula.

Corollary 30.2.14. For f ∈ L1 (G),

(1) If f is continuous and of positive type, then fˆ is nonnegative.

R
(2) G f (y) dy is nonnegative.

(3) If f is nonnegative then fˆ is a function of positive type on G.

b

Finally, we obtain half of the second statement in Theorem 30.2.2, namely, that any
function in V 1 can be recovered from its Fourier transform.
b f 7→ fˆ, is injective.
Corollary 30.2.15. The map V 1 (G) → V 1 (G),

Proof. Suppose fˆ = ĝ. Then by Theorem 30.2.13,

Z Z
f (y) = ˆ
f (y)χ(y) dχ = ĝ(y)χ(y) dχ = g(y).
G
b G
b

It remains to show f 7→ fˆ is surjective. This will be proven using Pontrjagin duality in

the next section.

530
30.3. Pontrjagin Duality Chapter 30. Duality

30.3 Pontrjagin Duality

Let G be a topological abelian group, S 1 ⊆ C the complex unit circle and Gb = Homcts (G, S 1 )
the Pontrjagin dual of G. An element χ ∈ G b is called a (complex) character of G. We endow
G
b with the compact-open topology, namely the topology generated by open sets of the form
W (K, V ) where K ⊆ G is compact, V ⊆ S 1 is open and W (K, V ) contains the trivial
character 1 : G → S 1 , g 7→ 1.
Lemma 30.3.1. G
b is a topological abelian group with respect to the compact-open topology.

Our goal in this section is to prove:

Theorem 30.3.2 (Pontrjagin Duality). Let G be a locally compact, Hausdorff abelian group.
Then the map

α : G −→ G
bb

y 7−→ (ey : χ 7→ χ(y))

is an isomorphism of topological abelian groups.
For each y ∈ G, the map α(y) = ey is called the evaluation map at y. Fix χ ∈ G, b y∈G
1
and take an open neighborhood U ⊆ S of χ(y). Since G is locally compact, we can
choose a sufficiently small compact neighborhood K ⊆ G of y such that χ ∈ W (K, U )
and ey (W (K, U )) ⊆ U . This shows that α is continuous at ey (χ) = χ(y), so ey is continuous
and hence α is well-defined. Now let us show that α is injective.
Lemma 30.3.3. Let G be a locally compact, Hausdorff abelian group. For f ∈ Cc (G), set
f˜(y) := f (y −1 ). Then
(i) For every f ∈ Cc (G), f ∗ f˜ is a continuous function of positive type on G.
(ii) For any neighborhood V ⊆ G containing the identity e, there is a continuous function
of positive type g on G such that V contains the support of g and g(e) = 1.

Lemma 30.3.4. The map α : G → G, y 7→ ey is injective.

bb

Proof. This amounts to saying that G b separates points in G. Suppose z ∈ G r {e}. We must
produce a character χ ∈ Gb for which χ(z) 6= χ(e). Assume to the contrary that χ(z) = 1 for
b Then for all f ∈ L1 (G),
all χ ∈ G.
Z Z
Lz f (χ) =
d f (zy)χ(y) dy = f (zy)χ(zy) dy = fˆ(χ)
G G

so fˆ = Lz f . By Corollary 30.2.15, we know the Fourier transform is injective, so f = Lz f

holds for all f ∈ V 1 (G). Now since G is Hausdorff, there exists a neighborhood U ⊆ G of e
such that z −1 U ∩ U = ∅. By Lemma 30.3.3(ii), there exists a continuous, nonzero function
f of positive type, with compact support contained in U , such that f (e) = 1. Now f = Lz f
is impossible since z −1 U is disjoint from U and therefore cannot intersect the support of f .
Hence χ(z) 6= 1 for some character χ.

531
30.3. Pontrjagin Duality Chapter 30. Duality

Let 1 ∈ G
b be the trivial character. Then the sets

b V ) = {ψ ∈ G
W (K,
bb
| ψ(χ) ∈ V for all χ ∈ K},
b

where Kb is a compact neighborhood of 1 ∈ G b and V is an open neighborhood of 1 ∈ S 1 ,

b ∈ G.
form a neighborhood basis of the trivial element 1
bb
Define
b V ) = α−1 (W (K,
WG (K, b V )) = {y ∈ G | χ(y) ∈ V for all χ ∈ K}.
b

Proposition 30.3.5. The subsets WG (K, b V ), where K

b ranges over all compact neighbor-
hoods of 1 ∈ G b and V ranges over all open neighborhoods of 1 ∈ S 1 , form a neighborhood
basis for the topology on G.

Proof. Let U ⊆ G be an open neighborhood of the identity e. By Lemma 30.3.3(ii), there

exists a continuous function g of positive type on G, with compact support contained in U ,
satisfying g(e) = 1. Then by Corollary 30.2.14, ĝ ≥ 0, so Fourier inversion (Theorem 30.2.13)
gives us Z
1 = g(e) = ĝ(χ) dχ.
G
b

Note that ĝ dχ is a finite, positive Radon measure so in particular

R it is inner regular. Thus
for all ε > 0, there exists a compact set K ⊆ G such that Kb ĝ(χ) dχ ≥ 1 − ε. By Fourier
b b
inversion again, we can write g(y) for any y ∈ G as
Z Z
g(y) = ĝ(χ)χ(y) dχ + ĝ(χ)χ(y) dχ.
K
b bc
K

Taking V to be a sufficiently small open neighborhood of 1 ∈ S 1 , we get

 Z 
 
1 − ĝ(χ)χ(y) dχ < ε
 b K

for all y ∈ WG (K,

b V ). On the other hand,
Z 
 

 ĝ(χ)χ(y) dχ < ε
bc
K

always holds. Thus |g(y)| ≥ 1 − 2ε for all y ∈ WG (K,

b V ) so in particular WG (K,
b V ) is
b V ) ⊆ U.
contained in the support of g, hence WG (K,

Corollary 30.3.6. α : G → G is a homeomorphism onto its image.

bb

Proof. According to Proposition 30.3.5, α induces a bijection on neighborhood bases of G

and α(G) ⊆ G.
bb

Corollary 30.3.7. α(G) is closed in G.

bb

532
30.3. Pontrjagin Duality Chapter 30. Duality

Proof. Since α(G) is a locally compact, dense subset of α(G), general topology says that it
is also open in α(G). But in a topological group, open subgroups are also closed, so this
implies α(G) is closed in α(G), hence α(G) = α(G).

Thus to prove Pontrjagin duality, we only need to show that α(G) is dense in G. This
bb
requires an important sequence of results culminating in Plancherel’s theorem.
For f ∈ L1 (G), let f˜(y) = f (y −1 ) as in Lemma 30.3.3.

b fˆ˜(χ) = fˆ(χ).
Lemma 30.3.8. For any f ∈ L1 (G) and χ ∈ G,

Proof. By Lemma 30.3.3, we have

Z Z
ˆ
˜
f (χ) = ˜
f (y)χ(y) dy = f (y −1 )χ(y −1 ) dy
G G
Z Z
= f (y)χ(y) dy = f (y)χ(y) dy = fˆ(χ).
G G

Lemma 30.3.9. If f ∈ L1 (G) ∩ L2 (G), then ||f ||2 = ||fˆ||2 .

Proof. For any f ∈ L1 (G)∩L2 (G), set g = f ∗f˜. Then by the same logic as in Lemma 30.3.3(i),
g is of positive type. Consider
Z Z Z
2
|f (y)| dy = f (y) f (y) dy = f (y −1 ) f (y −1 ) dy by a change of variables
G
ZG G
Z
−1 ˜
= f (y )f (y) dy = g(e) = ĝ(χ) dχ by Fourier inversion
ZG Z G
b

= ˆ ˜
f (χ)f (χ) dχ = fˆ(χ)fˆ˜(χ) dχ by Lemma 30.3.8
ZG ZG
b b

= fˆ(χ)fˆ(χ) dχ = |fˆ(χ)|2 dχ.

G
b G
b

Taking the square root of both sides, we get ||f ||2 = ||fˆ||2 .

Corollary 30.3.10. The Fourier transform defines an isometric embedding

L1 (G) ∩ L2 (G) ,→ L2 (G).

b

Let A
b = A(G)
b be the ring of Fourier transforms of L1 (G) and set

b1 = {fˆ | f ∈ L1 (G) ∩ L2 (G)} ⊆ A.

A b

Lemma 30.3.11. A
b1 is an α(G)-invariant subspace of A.
b

533
30.3. Pontrjagin Duality Chapter 30. Duality

Proof. For any y0 ∈ G, f ∈ L1 (G) ∩ L2 (G) and χ ∈ G, b

Z
(α(y0 )fˆ)(χ) = χ(y0 ) f (y)χ(y) dy
Z G

= f (y)χ(y0−1 ) χ(y) dy
ZG
= f (y)χ(y0−1 y) dy since χ is a character
ZG
= f (y0 y)χ(y) dy by a change of variables
G
[
=Ly0 f (χ).

Clearly Ly0 f ∈ L1 (G) ∩ L2 (G), so we see that α(y0 )f ∈ A

b1 .

b1 is dense in L2 (G).
Lemma 30.3.12. A b

Proof. First, L2 (G)

b is a Hilbert space, hence self-dual, which means that L2 (G) b can be
2 b ∗ 2 b
identified with its dual space of linear functionals L (G) = {h·, χi | χ ∈ L (G)}. By the
Hahn-Banach theorem, if A b1 is not dense in L2 (G)
b then there exists a nonzero g ∈ L2 (G) b
that is orthogonal to all of A
b1 . Since α(G)Ab1 ⊆ A b1 by Lemma 30.3.11, we see that for all
−1
f ∈ A1 and y ∈ G, α(y )f ∈ A1 and so
b b
Z Z
g(χ)f (χ)χ(y) dχ = g(χ)(α(y −1 )f )(χ) dχ = hg, α(y −1 f )i = 0.
G
b G

Thus the Fourier transform of the measure g f¯ dχ is trivial. Moreover, g f¯ ∈ L1 (G) b and
dχ is a finite Radon measure, which means g f¯ dχ is also a finite Radon measure, so that
g f¯ dχ = 0 implies g f¯ = 0 a.e. by Proposition 30.2.7. Note that for any χ ∈ G b and h ∈ L1 (G),
c = Lχ ĥ. Therefore if f ∈ A
χh b1 is nonzero and continuous, then for every χ ∈ G,
b there exist a
continuous element of A b1 , namely a translate of f , that is nonzero at χ. By Lemma 30.3.11,
such an f is guaranteed to exist, so g f¯ = 0 a.e. then implies that g = 0 a.e., that is, g = 0
in L2 (G).
b This contradicts our initial assumption, so A b1 is dense in L2 (G).
b

This proves:

Theorem 30.3.13 (Plancherel). Let G be a locally compact, Hausdorff abelian group. Then
b f 7→ fˆ extends by continuity to a map
the Fourier transform L1 (G) ∩ L2 (G) → L2 (G),

F : L2 (G) −→ L2 (G)
b

which is an isomorphism of Hilbert spaces – in particular, an isometry.

The map F is called the Plancherel transform of G. We will denote the Plancherel
transform of a function f ∈ L2 (G) by fˆ, even though technically this is an extension of the
Fourier transform.

534
30.3. Pontrjagin Duality Chapter 30. Duality

Corollary 30.3.14 (Parseval’s Identity). For all f, g ∈ L2 (G),

Z Z
f (y)g(y) dy = fˆ(χ)ĝ(χ) dχ.
G G
b

The Plancherel transform also gives us a converse to the reciprocity formula of Lemma 30.2.11.
Corollary 30.3.15. Let f, g ∈ L2 (G), h ∈ L1 (G) and suppose h = f g pointwise. Then
ĥ = fˆ ∗ ĝ.
Proof. For any χ0 ∈ G,
b we have
Z
ĥ(χ0 ) = f (y)g(y)χ0 (y) dy
ZG

= f (y)g(y)χ0 (y) dy
ZG
= fˆ(χ)(ḡd
χ0 )(χ) dχ
ZGb

= fˆ(χ)ĝ(χ−1 χ0 ) dχ
G
b

= (fˆ ∗ ĝ)(χ0 ).
Therefore ĥ = fˆ ∗ ĝ.
b = {f ∗ g | f, g ∈ L2 (G)}.
Corollary 30.3.16. Set C2 (G) b b = C2 (G).
Then A b
Proof. Take h ∈ L1 (G). Then h can be written as a product of L2 (G) functions, e.g. as
h = r · |r| where 
 ph(y) , h(y) 6= 0

r(y) = |h(y)|

0, h(y) = 0.
Then ĥ = fˆ ∗ ĝ by Corollary 30.3.15, so A
b ⊆ C2 (G).
b Conversely, Plancherel’s theorem gives
a bijection L2 (G) ↔ L2 (G) b corresponds to fˆ ∗ ĝ = fˆg ∈ A.
b so any element f ∗ g ∈ C2 (G) b
This shows that C2 (G)b ⊆ A.b

Proposition 30.3.17. If U ⊆ G b is a nonempty open set, then there exists a nonzero Fourier
transform fˆ ∈ A
b with support contained in U .
Proof. Since U is nonempty and open, it has (finite) positive measure so by inner regularity,
there exists a compact set K ⊆ U with vol(K) > 0. For all x ∈ K, we can find an open
neighborhood Vx ⊆ G b containing 1 and an open neighborhood Ux ⊆ G b containing x such
that Ux Vx ⊆ U . Since K is compact, there is a compact neighborhood V ⊆ G b containing
1 such that vol(V ) > 0 and KV ⊆ U . Define fˆ = χK ∗ χV where χK , χV ∈ L2 (G) b are the
characteristic functions on K, V , respectively. Then by Corollary 30.3.16, fˆ ∈ A.
b Finally,
ˆ
the support of f by definition is KV ⊆ U , and we have
Z
fˆ(χ) dχ = vol(K) vol(V ) > 0,
G
b

so fˆ is nonzero.

535
30.3. Pontrjagin Duality Chapter 30. Duality

We are now prepared to prove Pontrjagin duality.

Proof of Theorem 30.3.2. In light of Corollaries 30.3.6 and 30.3.7, it remains to show that
c
α(G) is dense in G. Suppose to the contrary that α(G) is not dense. Then α(G) is a
bb

nonempty open set in G, so by Proposition 30.3.17, there exists a nonzero function ϕ ∈ L1 (G)
bb b
such that ϕ̂|α(G) = 0. This implies that for any y ∈ G,
Z
ϕ(χ)χ(y −1 ) dχ = ϕ̂(α(y)) = 0,
G
b

so ϕ dχ = 0. By Lemma 30.2.6, ϕ = 0 a.e., contradicting our assumption that ϕ was nonzero

in L1 (G).
b Hence α(G) is dense in G as claimed.

Corollary 30.3.18. For any locally compact abelian group G, the Fourier transform induces
a bijection V 1 (G) ↔ V 1 (G).
b

Proof. By Corollary 30.2.15, the map is injective so it remains to show surjectivity. Take
F ∈ V 1 (G)
b and define a function f : G → C by
Z Z
f (y) = F (χ)χ(y) dχ = F (χ)α(y −1 )(χ) dχ = Fb(α(y −1 )).
G
b G
b

By Pontrjagin duality (Theorem 30.3.2), we can identify Fb(α(y −1 )) = Fb(y −1 ), which is a

continuous function of positive type on G = G. Then Corollary 30.2.14 says that f ∈ V 1 (G).
bb
Finally, by Theorem 30.2.13, we have
Z Z
F (χ) = F (y)χ(y) dy =
b f (y −1 )χ(y) dy
ZG G

= f (y)χ(y) dy = fˆ(χ).
G

Hence the Fourier transform V 1 (G) → V 1 (G)

b is surjective, so it is a bijection.

536
Chapter 31

Functional Equations

Recall the main ingredients in our proof of the analytic continuation and functional equation
∞
X 1
of ζ(s) = in Section 12.1. We defined the extended zeta function
n=1
ns
s
ξ(s) = π −s/2 Γ ζ(s)
2
and showed (Theorem 12.1.2) that ξ(s) has meromorphic continuation to all of C. Further,
the Poisson summation formula (Proposition 12.1.5)
X X
f (n) = fˆ(n)
n∈Z n∈Z

applied to the theta function

2z
X
θ(z) = e2πin
n∈Z

produced a functional equation for ξ(s) and hence for ζ(s).

In his doctoral thesis, Tate’s insight was the apply Fourier inversion to functions of the
form Z
Z(χ, ϕ) = f (x)χ(x) dx
R

where R is a topological ring (in our case Qp , R, C or the adèle ring AK for a global field K),
χ is a character on R× and f is an Panalogue of a Schwartz function. When R = Fp is a finite
field, this also makes sense for f = cψ ψ where ψ runs over the elements of Homcts (Fp , C× ),
and in this case the zeta function is
p−1
X X
Z(χ, f ) = cψ χ(a)e2πab/p for some b = b(ψ) ∈ Z.
a=1

537
31.1. Local ζ-Functions Chapter 31. Functional Equations

31.1 Local ζ-Functions

Let F be a local field with absolute value | · |, let dx be a Haar measure on F and define a
Haar measure
dx
d∗ x := c
|x|
on F × , where c ∈ R>0 . Since Haar measures are unique up to scaling, we may choose any c
we like; in particular, we will always choose c = 1 when F is archimedean. Recall that F ×
decomposes as the product of the unit group UF and the valuation group VF , where
(
UF × R× >0 , F is archimedean
F × = UF × VF ∼ = ×
OF × q ,
Z
F is nonarchimedean with residue field Fq .

Let X(F × ) = Homcts (F × , C× ) be the space of complex characters on F × (sometimes called

quasi-characters, though we will not adopt that nomenclature here) and call χ ∈ X(F × )
unitary if χ(F × ) ⊆ S 1 ⊂ C.

Lemma 31.1.1. Every χ ∈ X(F × ) is of the form χ(x) = µ(x)|x|s for some unitary character
µ on UF and some s ∈ C.

Proof. Write F × = UF × VF . Since UF is compact, its characters are all unitary. On the
other hand, by the above, VF is either R×
>0 or q , and in both cases the characters are of the
Z
s
form t 7→ t for some s ∈ C.
For χ = µ| · |s ∈ X(F × ), call Re(s) the exponent of χ; it is uniquely determined by χ.
Also call χ unramified if χ|UF = 1, that is, if µ is the trivial character. Otherwise, χ is said
to be ramified.

Definition. Define the local L-factor L(χ) for a character χ ∈ X(F × ) as follows. If F is
nonarchimedean with uniformizer πF , set
(
(1 − χ(πF ))−1 , χ is unramified
L(χ) =
1, χ is ramified.

For F = C, UF = S 1 and Homcts (S 1 , S 1 ) ∼

= Z, so every χ is of the form χ = χs,n : reiθ 7→
s inθ
r e for some s ∈ C and n ∈ Z. Set
   
|n| |n|
−(s+ 2 ) |n|
L(χs,n ) = ΓC s + := (2π) Γ s+ .
2 2
x
Finally, for F = R with UF = {±1}, let sgn : x 7→ |x| be the sign character of UF , which is
−s/2
Γ 2s and define


the only nontrivial unitary character. Set ΓR (s) = π
(
ΓR (s), µ=1
L(χ) =
ΓR (s + 1), µ = sgn .

538
31.1. Local ζ-Functions Chapter 31. Functional Equations

Note that for any local field F and character χ ∈ X(F × ), the assignment s 7→ χ| · |s
determines a local L-function L(s, χ) := L(χ| · |s ). Setting χ∨ = χ−1 | · |, called the dual of
χ, we have that
L((χ| · |s )∨ ) = L(1 − s, χ−1 ).
So we start to see a form of duality on the L-factors arise.

Proposition 31.1.2. For a local field F with additive characters Fb = Homcts (F, S 1 ), fix a
nontrivial ψ ∈ Fb and for each a ∈ F , write ψa (x) = ψ(ax). Then every character in Fb is of
the form ψa for some a ∈ F , and the map

Φ : F −→ Fb
a 7−→ ψa

is an isomorphism of topological groups.

Proof. It’s easy to see that each ψa is a character F → S 1 . Moreover, for any a, b, x ∈ F ,
observe that
ψ((a + b)x) = ψ(ax + bx) = ψ(ax)ψ(bx)
so ψa+b = ψa ψb and hence Φ is a group homomorphism. Since ψ is nontrivial, ψa is also
nontrivial unless a = 0, meaning Φ is injective. We next show im Φ is dense in Fb. Set
H = im Φ and suppose H 6= Fb, so that Fb/H 6= {1} and there exists a nontrivial ψb ∈ Fb
b
such that ψ|b = 0. By Pontrjagin duality (Theorem 30.3.2), ψb is of the form ψ(χ)
H
b = χ(a)
for some a ∈ F . Since ψ|H = 0, ψ(ax) = ψa (x) = 0, but by injectivity, this means a = 0.
b
However, χ(0) = 1 for any χ ∈ Fb, so ψb = 0 on Fb, contradicting nontriviality. Hence H = Fb.
To finish, we show that Φ and Φ−1 are continuous, which will imply that H = im Φ is
closed and hence im Φ = Fb. Consider a closed set Ar = {x ∈ F : |x| ≤ r} for some r > 0.
If a sequence a → 0 in F , then the sequence aAr converges to {0} and ψa (Ar ) converges
to {1} in C. This shows that ψa converges to the trivial character 1 ∈ Fb in the compact-
open topology. On the other hand, suppose a0 ∈ F × such that ψ(a0 ) 6= 1. As ψa → 1
in Fb, eventually ψa (Ar ) must be closer to 1 ∈ C than ψ(a0 ), so a0 6∈ aAr , which can only
happen when a is small. In other words, as ψa → 1 in Fb, a → 0 in F . Hence Φ and Φ−1
are continuous, so H = im Φ is locally compact and in particular closed. This finishes the
proof.

Definition. A Haar measure dx on F is self-dual if dx identifies with its dual measure dχ,
in the sense of Fourier inversion, via the isomorphism F ∼
= Fb.
Definition. A function f : F → C is smooth if F is archimedean and f is analytic, or if
F is nonarchimedean and f is locally constant. A smooth function f is called a Schwartz-
Bruhat function if either:

(1) F is archimedean and p(x)f (x) → 0 pointwise on F for all polynomials p ∈ F [x] (that
is, f decays rapidly); or

(2) F is nonarchimedean and f has compact support.

539
31.1. Local ζ-Functions Chapter 31. Functional Equations

Let SB(F ) denote the space of all Schwartz-Bruhat functions on F .

Definition. Fix an (additive) character ψ ∈ Fb. For each f ∈ SB(F ), define the Fourier
transform of f by Z
ˆ
f (y) = f (x)ψ(xy) dx.
F

Note that fˆ ∈ SB(F ).

Definition. For f ∈ SB(F ) and χ ∈ X(F × ), the local ζ-function for (f, χ) is:
Z
Z(f, χ) := f (x)χ(x) d∗ x.
F×

The main result we will prove is the following theorem.

Theorem 31.1.3. For any f ∈ SB(F ) and χ = µ| · |s ∈ X(F × ), with σ = Re(s),

(i) Z(f, χ) is absolutely convergent for σ > 0.

(ii) If 0 < σ < 1, there exists a meromorphic function of s, γ = γ(χ, ψ, dx), such that
ˆ χ∨ ) = γZ(f, χ).
Z(f,

(iii) There exists ε = ε(χ, ψ, dx) ∈ C× such that

γL(χ) = εL(χ∨ ).

Corollary 31.1.4. For any f ∈ SB(F ) and χ ∈ Fb,

(a) Z(f, χ) has meromorphic continuation to C.

(b) The poles of Z(f, χ) are of no higher order than the poles of L(χ). Consequently, for
each χ ∈ Fb, the poles of any Z(f, χ) are uniformly bounded.
ˆ χ∨ ) converges absolutely for σ < 1, so Theorem 31.1.3(iii) gives a meromor-
Proof. (a) Z(f,
phic continuation for Z(f, χ).
(b) By Theorem 31.1.3(ii), we can write
ˆ χ∨ ) = εL(χ∨ )Z(f, χ),
L(χ)Z(f,

with ε nonzero and Z(f, ˆ χ∨ ) absolutely convergent for σ < 1. Therefore since the L-factors
have no zeroes, the orders of the poles of Z(f, χ) are bounded by those of L(χ) as claimed.
Proof of Theorem 31.1.3(i). Let χ = µ|·|s with σ = Re(s). The cases when F is archimedean
are routine computations in Fourier analysis, so we will focus on the nonarchimedean case.
Thus our f ∈ SB(F ) is locally constant with compact support. If m = (πF ) is the unique
prime ideal of OF , this means that f factors through mm /mn for some integers m ≤ n. Thus

540
31.1. Local ζ-Functions Chapter 31. Functional Equations

it will be enough to check the case f = 1mk for arbitrary k ∈ Z,

S∞wherej 1K here denotes the
k j+1
indicator function on a subset K ⊆ F . Note that m r {0} = j=k (m r m ), so
Z Z ∞ Z
X
∗ ∗
|f (x)| |χ(x)| d x = σ
|f (x)| |x| d x = |x|σ d∗ x
F× mk r{0} j=k mj rmj+1
∞
q −kσ
Z X
= d∗ x q −jσ = vol(OF× , d∗ x)
mk r{0} j=k
1 − q −σ

where in the last step, vol(mk r {0}, d∗ x) is invariant for all k, so we may choose k = 0 to
get vol(OF× , d∗ x), and the rational expression is the limit of a convergent geometric series (it
is convergent since σ < 1). Since this number is finite, the integral converges.

For (ii), we need the following.

Lemma 31.1.5. For all χ ∈ Fb with 0 < σ < 1 and all f, g ∈ SB(F ),
ˆ χ∨ )Z(g, χ).
Z(f, χ)Z(ĝ, χ∨ ) = Z(f,

Proof. Consider
ZZ
∨
Z(f, χ)Z(ĝ, χ ) = f (x)ĝ(y)χ(xy −1 )|y| d∗ x d∗ y
F × ×F ×
ZZ
= f (x)ĝ(xy)χ(y −1 )|xy| d∗ x d∗ y by translation
F × ×F × ×F ×
Z Z
−1
= χ(y )|y| f (x)ĝ(xy)|x| d∗ x d∗ y.
F× F×

Isolating just the inner integral, we have

Z ZZ
∗
f (x)ĝ(xy)|x| d x = f (x)g(z)ψ(xyz)c dz dx by definition of ĝ
F× F ×F
Z
= g(z)fˆ(yz)c dz by Fubini’s theorem and definition of fˆ
F
Z
= g(z)fˆ(yz)|z| d∗ z.
F×

So this integral is symmetric with respect to f and g, and hence the lemma follows.
Fix f ∈ SB(F ) and define
ˆ χ∨ )
Z(f,
γ = γ(χ, ψ, dx) := .
Z(f, χ)

By Lemma 31.1.5, γ is independent of f . Moreover, by construction we have Z(f, ˆ χ∨ ) =

ˆ χ∨ )) is holomorphic for σ > 0 (resp. σ < 1), the proof
γZ(f, χ) and since Z(f, χ) (resp. Z(f,
of Theorem 31.1.3(ii) comes down to showing γ is meromorphic. This will follow from our

541
31.1. Local ζ-Functions Chapter 31. Functional Equations

proof of (iii) below.

Proof of Theorem 31.1.3(iii). For different F , we will choose f ∈ SB(F ) and construct an
entire function h = h(f, χ, ψ, dx) such that

Z(f, χ) = h(f, χ, ψ, dx)L(χ) and ˆ χ∨ ) = h(f,

Z(f, ˆ χ∨ , ψ, dx)L(χ∨ ).

Then by the formula in (ii),

ˆ χ∨ )
Z(f, ˆ χ∨ , ψ, dx)L(χ∨ )
h(f,
γ= =
Z(f, χ) h(f, χ, ψ, dx)L(χ)
and all parts on the right are meromorphic, so it will follow that γ too is meromorphic.
Additionally, since γ is independent of f , we can take
ˆ χ∨ , ψ, dx)
h(f,
ε = ε(χ, ψ, dx) :=
h(f, χ, ψ, dx)
to finish the proof of (iii). In the following, we sketch the construction of h, γ and ε for the
cases when F = R, C, give the full proof when F is a finite extension of Qp and omit the
proof when F is a finite extension of Fq ((t)).
When F = R, take dx to be the standard Lebesgue measure on R and define ψ(x) =
−2πix b will act as our standard additive character on R. For χ = µ| · |s ∈ R,
e . Then ψ ∈ R b
−πx2
either µ is trivial or the sign character sgn. If µ = 1, choose f (x) = e ∈ SB(R). Now
one can easily check that h = 1, ε = 1 work for the equations in (ii) and (iii). If µ = sgn,
2
instead use f (x) = xeπx and ε = i.
When F = C, let dx be the Haar measure dz dz̄ = 2dx0 dy 0 , where dx0 , dy 0 are the standard
Lebesgue measure. Define ψ ∈ Fb by ψ(z) = e−2πi(z+z̄) and for each n ∈ Z, let
(
1 n −2πz z̄
z̄ e , n≥0
fn (z) = 2π 1 −n −2πz z̄
2π
z e , n < 0.

Then one can show that fˆn (z) = 2π 1 |n|

i f−n (z), so ε = i|n| works in the formula in (iii).
For F a finite extension of Fq ((t)), Exercise 5 in Chapter 7 of Ramakrishnan-Valenza
constructs the standard character ψ on F . The rest of the proof of Theorem 31.1.3(iii) in
this case is similar to the mixed characteristic case below.
Let F be a finite extension of Qp . We first construct the standard character ψ for Qp
and then extend it to a character of F . For x ∈ Qp , we may write x = ap−r + b for some
a ∈ Z, b ∈ Zp and r ≥ 0. Set λ(x) = ap−r + Z ∈ Q/Z ⊆ R/Z = S 1 . Then setting
ψp (x) = e2πiλ(x) defines a locally constant function ψp : Qp → S 1 . Now for F/Qp , define

ψ(x) = ψp (tr(x)) where tr is the trace of F/Qp .

Notice that ψ|OF = 1.

Definition. For any nontrivial character χ ∈ Fb, the conductor of χ is mn where

n = inf{r ∈ Z : χ|mr = 1}.

542
31.1. Local ζ-Functions Chapter 31. Functional Equations

Similarly, for a multiplicative character χ ∈ Fb× , the conductor is mn where

n = inf{r ∈ Z | χ|Ur = 1}.

(Recall that Ur = 1 + mr .)

Now every character on Fb× is of the form

 
s x
χs,n (x) = |x| ω
|x|

for some unitary character ω of F × . Let mm be the conductor of the standard character ψ,
mn be the conductor of this unitary character ω and define f : F → C by
(
ψ(x), x ∈ mm−n
f (x) =
0, otherwise.

When n = 0, we have
Z Z
∗
Z(f, χs,0 ) = f (x)χs,0 (x) d x = ψ(x)|x|s d∗ x
F× mm r{0}
Z
= |x|s d∗ x since ψ has conductor mm
mm r{0}
∞
X
= vol(OF× , d∗ x) q −js as in the proof of (i)
j=m
−ms
q
= vol(OF× , d∗ x)
1 − q −s
= q −ms vol(OF× , d∗ x)L(χs,0 )

by definition of the L-factor for χs,0 . When n > 0, we likewise get

∞
X Z
−js
Z(f, χs,n ) = q ψ(π j u)ω(u) d∗ u.
×
j=m−n OF

For arbitrary ω ∈ Fb× , λ ∈ Fb, we define their Gauss sum by

Z
g(ω, λ) := λ(u)ω(u) d∗ u,
×
OF

so that the above can be written

∞
X
Z(f, χs,n ) = q −js g(ω, ψπj ).
j=m−n

The following result is easy to verify from the definition of the Gauss sum.

543
31.1. Local ζ-Functions Chapter 31. Functional Equations

Lemma 31.1.6. Let ω ∈ Fb× be a character of conductor mn and λ ∈ Fb a character of

conductor mk . Then g(ω, λ) satisfies

0, k<n


|g(ω, λ)|2 = c · vol(OF , dx) hvol(Un , d∗ x), i k=n
c · vol(OF , dx) vol(Un , d∗ x) − 1 vol(Uk−1 , d∗ x) ,


q
k > n.

As a result, our computation becomes

Z(f, χs,n ) = q −(m−n)s g(ω, ψπm−n )

and since ω and ψπm−n both have conductor mn , Lemma 31.1.6 also implies that g(ω, ψπm−n ) 6=
0. Moreover, L(χs,n ) = 1 for n > 0 (since χs,n is ramified in this case) so setting g(ω, λ) =
vol(OF× , d∗ x) when both ω, λ have conductor OF = m0 , we can summarize our zeta function
calculations as:
Z(f, χs,n ) = q −(m−n)s g(ω, ψπm−n )L(χs,n ).
ˆ χ∨ ). To do so, we need the following calculation.
Now we compute Z(f, s,n

Lemma 31.1.7. For f = 1mm−n ψ defined above, f ∈ SB(F ) and its Fourier transform is
given by fˆ(y) = vol(mm−n , dx)1mn −1 .

Proof. When n = 0 and m0 = OF , since the conductor of ψ is mm , we have fˆ|F rOF = 0 (by
orthogonality of characters) and fˆ|OF = vol(mm , dx). When n > 0, first suppose y 6∈ mn − 1.
Then vF (y + 1) ≤ n − 1 so x(y + 1) 6∈ mm for any x ∈ mm−n . Hence ψy+1 is a nontrivial
character on mm−n , so we get
Z Z Z
fˆ(y) = f (x)ψ(xy) dx = ψ(x(y + 1)) dx = ψy+1 (x) dx = 0.
F mm−n mm−n

On the other hand, if y ∈ mn − 1, then

Z
fˆ(y) = ψ(x) dx = vol(mm , dx),
mm

so in both cases the formula for fˆ holds.

ˆ χ∨ ). As above, we split this into the
We use this to compute the local ζ-function for (f, s,n

544
31.1. Local ζ-Functions Chapter 31. Functional Equations

n = 0 and n > 0 cases, which require slightly different computations. When n = 0,

Z
ˆ ∨
Z(f, χs,0 ) = fˆ(y)χ∨s,0 (y) d∗ y
×
ZF  
|y|
= m
vol(m , dx)|y| ω 1−s
d∗ y by Lemma 31.1.7
×
OF −1 y
Z
m
= vol(m , dx) |y|1−s d∗ y since ω has conductor OF
×
OF
∞
X Z
−j(1−s)
m
= vol(m , dx) q d∗ y as above
×
j=0 OF

1
= vol(mm , dx) vol(OF× , d∗ x)
1 − q −(1−s)
= vol(mm , dx) vol(OF× , d∗ x)L(χ∨s,0 ).
Putting this together with the computation of Z(f, χs,0 ) from above, we get
ˆ χ∨ )
Z(f, vol(mm , dx) vol(OF× , d∗ x)L(χ∨s,0 ) L(χ∨s,0 )
s,0 ms m
γ= = = q vol(m , dx) .
Z(f, χs,0 ) q −ms vol(OF× , d∗ x)L(χs,0 ) L(χs,0 )
This implies h(f, χ, ψ, dx) = q −ms vol(OF× , d∗ x), h(f, ˆ χ∨ , ψ, dx) = vol(mm , dx) vol(O× , d∗ x)
F
and therefore ε(χ, ψ, dx) = q ms vol(mm , dx). As these functions are entire, we have proven
all of (iii) in the case that n = 0.
When n > 0, we similarly compute
Z
ˆ ∨
Z(f, χs,n ) = fˆ(y)χ∨s,n (y)d∗ y
×
ZF  
|y|
= vol(m m−n
, dx)ω d∗ y by Lemma 31.1.7
n
m −1 y
Z
= vol(m m−n
, dx) ω(u) d∗ u
n
Zm −1
= vol(mm−n , dx) ω(−u) d∗ u
1+mn
= vol(m m−n
, dx) vol(Un , d∗ x)ω(−1)
using the fact that ω̄ also has conductor mn . Consider the conjugate of the Gauss sum
g(ω, ψπm−n ):
Z
g(ω, ψπm−n ) = ω(u)ψ(π m−n u) d∗ u
×
O
Z F
= ω(u)ψ(−π m−n u) d∗ u
×
OF
Z
= ω(−1) ω(u)ψ(π m−n u) d∗ u
×
OF

= ω(−1)g(ω̄, ψπm−n ).

545
31.1. Local ζ-Functions Chapter 31. Functional Equations

Notice that ω and ψπm−n have the same conductor mn . Now we have

Z(f,ˆ χ∨ ) vol(mm−n , dx) vol(Un , d∗ x)ω(−1)

s,n
γ= =
Z(f, χs,n ) q −(m−n)s g(ω, ψπm−n )L(χs,n )
1 1
= q (m−n)(s−1) g(ω̄, ψπm−n ) by Lemma 31.1.6
c L(χs,n )
1 L(χ∨s,n )
= q (m−n)(s−1) g(ω̄, ψπm−n ) since χ∨s,n is ramified.
c L(χs,n )

ˆ χ∨ , ψ, dx) = vol(mm−n ) vol(Un )ω(−1)

This shows that h(f, χ, ψ, dx) = q −(m−n)s g(ω, ψπm−n ), h(f,
and therefore ε(χ, ψ, dx) = q (m−n)(s−1) 1c g(ω̄, ψπm−n ). This finishes the proof of all parts of
Theorem 31.1.3.

Remark. Let D be the different of the extension F/Qp . Then D = m−d for some d ∈ Z and
if ψ is the standard character on F constructed above, one can show that the conductor of
ψ is md . (This is at least believable since ψ = ψp ◦ tr and the different is defined in terms of
the trace!)

546
31.2. Adèlic and Idèlic Characters Chapter 31. Functional Equations

31.2 Adèlic and Idèlic Characters

In this section we give a brief description of characters on the topological ring AK and the
multiplicative group IK = A× K . Once again, adopt the notation of Chapter 16: J = {v} is
an index set, J∞ ⊆ J is a finite subset, {Gv }v∈J is a collection of locally compact, Hausdorff
groups with compact open subgroups Hv ⊆ Gv specified for each v 6∈ J∞ and G = v 0 Gv is
Q
the restricted direct product with respect to this data. To each finite subset J∞ ⊆ S ⊆ J,
we associated a subgroup Y Y
GS = Gv × Hv ⊆ G,
v∈S v6∈S

which has the product topology, and the restricted direct product topology on G is the
weakest topology such that every inclusion GS ,→ G is an open embedding of topological
groups.
In particular, when K is a global field, we defined the adèle ring AK of K and the idèle
group IK of K as restricted direct products for J = {v}, the set of places of K with infinite
places J∞ , by
Y
0
AK = Kv with respect to Hv = Ov for finite v
v
Y
0
IK = Kv× with respect to Hv = Ov× for finite v.
v

Note that IK identifies with the units A×

K in the adèle ring as a set, but not as a topological
subspace of AK . Indeed, the sequence of adèles

(1, 2, 1, 1, . . .), (1, 1, 3, 1, . . .), (1, 1, 1, 5, . . .), . . .

converges to (1, 1, 1, 1, . . .) in AQ but notQ

in IQ .
For any restricted direct product G = v 0 Gv , each group Gv embeds as a closed subgroup
of G via

Gv ,→ G{v} ⊆ G
Y
g 7−→ {g} × 1.
u6=v

b = Homcts (G, S 1 ) be the set of continuous characters of G, that is, the Pontrjagin dual.
Let G

Lemma 31.2.1. Let χ ∈ G b be a character. Then χ|Hv = 1 for all but finitely many v ∈ J
Q
and for all y = (yv ) ∈ G, χ(y) = v χ(yv ).

Proof. Choose a small enough open neighborhood U ⊆ S 1 of 1 such that U contains no

1
Q
nontrivial subgroups of S . Let N = v Nv ⊆ G be an open neighborhood of Q 1 ∈ G such
that χ(N ) ⊆ U and Nv = Hv for all v 6∈ S where J∞ ⊆ S ⊆ J is finite. Then v6∈S Hv ⊆ N
Q  Q 
1
and χ v6∈S Hv is a subgroup of S contained in U , so χ v6∈S Hv = {1}. The second
statement follows immediately.

547
31.2. Adèlic and Idèlic Characters Chapter 31. Functional Equations

Lemma 31.2.2. Suppose for all v ∈ J, χv is Q a continuous character on Gv such that

χv |Hv = 1 for all but finitely many v. Then χ := v χv is a well-defined element of G.
b

Proof. Let S ⊆ J be the finite set such that χv |Hv = 1 for all v 6∈ S and set m = |S|. Let
U ⊆ S 1 be an open neighborhood of 1 and choose a neighborhood V ⊆ S 1 containing 1 such
that V m ⊆ U . For v ∈ S, choose a neighborhood Nv of 1 ∈ Gv such that χv (Nv ) ⊆ V . Then
Y Y
N := Nv × Hv
v∈S v6∈S

is an open subset of G and χ(N ) ⊆ V m ⊆ U by construction. This shows that χ is

continuous.
For each v ∈ J, let Gbv = Homcts (Gv , S 1 ) be the Pontrjagin dual of Gv . We will show
that the dual group Gb of the restricted direct product G can be identified with the restricted
direct product of the G
bv with respect to the following subgroups. Define

Hv∗ = {χv ∈ G
bv | χv |Hv = 1}.

Then for a sufficiently small neighborhood U ⊆ S 1 containing 1,

Hv∗ = W (Hv , U ) = {χv ∈ G

bv | χv (Hv ) ⊆ U }.

Hence each Hv∗ is an open subgroup of G

bv . In fact, by taking U small enough we may ensure
∗
Hv is compact.

Proposition 31.2.3. For any restricted direct product G = v 0 Gv , the map

Q

Y
0 b
ϕ: Gv −→ G b
v
Y
(χv ) 7−→ χv
v

0
Q
is an isomorphism of topological groups, where the restricted direct product v G
bv is with
respect to the compact subgroups Hv∗ , v 6∈ J∞ .

Proof. Lemmas 31.2.1 and 31.2.2 show that ϕ is a bijection, so it remains to show ϕ and
ϕ−1 are continuous. For ϕ, let W (K, U ) Q
be a neighborhood of the trivial character 1 ∈ G.
b
Without loss of generality, assume K = v Kv for Kv ⊆ Gv compact Q and Kv = Hv for all
but finitely many v. Then χ ∈ W (K, U ) is equivalent to χ(K) = v χ(Kv ) ⊆ U . As above,
choose a finite set S ⊆ J such that χ|Kv = 1 for all v 6∈ S and set m = |S|. There is a
neighborhood V ⊆ S 1 containing 1 such that m m
Q 0 V ⊆ U , and we have χ(N ) ⊆ V ⊆ U where
N is the neighborhood of the identity in v Gv given by
Y
N= W (Kv , V ).
v

548
31.2. Adèlic and Idèlic Characters Chapter 31. Functional Equations

Q
On the other hand, sets of the form N = v W (Kv , U ), with Kv = Hv for all but finitely
many v, form a neighborhood basis of the identity in v 0 G
Q b
v , so for any such N ,
!
Y
W Kv , U ⊆ ϕ(N ).
v

This shows ϕ is an open map, hence a homeomorphism.

Recall (Proposition 16.1.5) that if dgv is a Haar measure on each Gv chosen so that for
all but finitely many v 6∈ J∞ , dgv is normalized to give
Z
dgv = 1,
Hv

then there is a unique Haar measure dg on G = v 0 Gv such that for any finite set J∞ ⊆
Q
S ⊆ J, Y Y
dgS := dg|GS = dgv × dgv |Hv .
v∈S v6∈S

b∼
Then by Proposition 31.2.3, we can consider a dual measure on G = v0 G
Q b
v.

Proposition 31.2.4. If for each v ∈ J, fv is a continuous, integrable function on Gv with

fv |Hv = 1Hv , the characteristic function on Hv , for all v 6∈ S0 , then f := v fv ∈ L1 (G) and
Q
its Fourier transform is Y
fˆ = fˆv .
v

Now for each v ∈ J, let dχv be the dual measure to dgv on G bv . By orthogonality of
characters on a compact group, we have
(
vol(Hv ), χv |Hv = 1
Z
1
bHv (χv ) = χv dgv =
Hv 0, otherwise.
Thus by Fourier inversion (Theorem 30.2.2),
Z
1 = 1Hv (1) = bHv dχv
1
Gbv
Z
= bHv dχv = vol(Hv ) vol(Hv∗ )
1
Hv∗

which implies Hv∗ has volume 1 with respect to dχv for all but finitely many v. Hence
Y
dχ := dχv
v

is a well-defined Haar measure on Gb which restricts to the product measure on each G bS for
J∞ ⊆ S ⊆ J finite.
Corollary 31.2.5. dχ is equal to the dual measure of dg on G, b that is, for all f ∈ V 1 (G),
Z
f (g) = fˆ(χ)χ(g) dχ.
G
b

549
31.3. Schwartz-Bruhat Functions and Riemann-Roch Chapter 31. Functional Equations

31.3 Schwartz-Bruhat Functions and Riemann-Roch

To prove the global version of the functional equation, we will need a generalization of the
classic Riemann-Roch theorem from algebraic geometry. Let K be a global field, i.e. a finite
extension of either Q (the number field case) or Fq (t) (the global function field case). For
each place v of K, let SB(Kv ) be the space of Schwartz-Bruhat functions on the completion
Kv . Define the space of adèlic Schwartz-Bruhat functions on K by
( )
M
S(AK ) := (fv ) ∈ SB(Kv ) : fv |Ov = 1 for all but finitely many v .
v
Q
For any f ∈ S(AK ) and x = (xv ) ∈ AK , write f (x) = v fv (xv ). Let dx be the Haar measure
on AK given by Proposition 16.1.5.

Lemma 31.3.1. S(AK ) is dense in L2 (AK , dx).

Proof. This can be found in Wawrzynczyk’s “On tempered distributions and Bochner-
Schwartz theorem on arbitrary locally compact abelian groups”.

Lemma 31.3.2. For any global field K, there exists a nontrivial unitary character ψ : AK →
S 1 satisfying ψ|K = 1.
Q
Proof. For K/Q, let ψ(x) = v ψv (xv ) where ψv is the standard nontrivial character on Kv
from Section 31.1. Then by construction ψ ∈ AcK and ψ|K = 1 since ψv |Ov = 1 for all finite
places v.

Definition. The Fourier transform of a Schwartz-Bruhat function f ∈ S(AK ) is defined

by Z
ˆ
f (y) = f (x)ψ(xy) dx.
AK

Proposition 31.3.3. The assignment f 7→ fˆ defines a bijection S(AK ) → S(AK ) which

extends to an isometry L2 (AK ) → L2 (AK ).

Proof. For any f = (fv ) ∈ S(AK ), fˆ = (fˆv ) and each fˆv ∈ SB(Kv ). By the remark at the
end of Section 31.1, the conductor of ψv is Dv−1 = mdv , where Dv is the different of Kv , and
for all but finitely many v, Dv−1 = Ov . Also, fv |Ov = 1 for all but finitely many v, and for
those v we have
Z Z
fˆv (yv ) = fv (xv )ψv (xv yv ) dxv = ψv (xv yv ) dxv
Kv Ov
(
1, yv ∈ Ov
=
0, yv 6∈ Ov .

Thus fˆv |Ov = 1 for all but finitely many v, so it follows that fˆ = v fˆv ∈ S(AK ).
Q

550
31.3. Schwartz-Bruhat Functions and Riemann-Roch Chapter 31. Functional Equations

Now fix f = (fv ) ∈ S(AK ) and consider

Z Z Z
2
|f (x)| dx = f (x)f (x) dx = f (x)f (−(−x)) dx
AK AK AK
Z Z
= f (x) fˆ(y)ψ(y(−x)) dy by Fourier inversion (30.2.2), self-duality
AK AK
Z Z
= f (x) fˆ(y)ψ(−xy) dy
AK AK
Z Z
¯
= f (x) fˆ(y)ψ(xy) dy
ZAK AK
Z
ˆ¯ˆ ¯
= f (x)f (x) dx = f (x)ĥ(x) dx where h = fˆ
ZAK Z AK

= f (x) h(y)ψ(xy) dy dx
AK AK
Z Z
= h(y) f (x)ψ(xy) dx dy by Fubini’s theorem
AK AK
Z Z
= ˆ
h(y)f (y) dy = fˆ(y)fˆ(y) dy
ZAK AK

= |fˆ(x)| dx.
AK

Hence f 7→ fˆ is an isometry. Since S(AK ) is dense in the Hilbert space L2 (AK ) by

Lemma 31.3.1, this extends to an isometry of the entire space L2 (AK ).
Theorem 31.3.4 (Poisson Summation). For a global field K,
X X
f (x + a) = fˆ(x + a).
a∈K a∈K

Proof. Let ϕ : AK → C be a function satisfying ϕ|K = 1. Then ϕ descends to a function on

AK /K and we can define ϕ̂ : K → C by
Z
ϕ̂(y) = ϕ(x)ψ(xy)dx
AK /K

where dx ¯ is the measure on AK /K induced by dx. For y ∈ K, ψ(xy) = ψ((a + x)y) holds
for all x ∈ AK /K, a ∈ K. Thus
Z Z X
ˆ
f (y) = f (x)ψ(xy) dx = f (a + x)ψ((a + x)z) dx = Fb(y)
AK AK /K a∈K

P
where F (y) = a∈K f (a + x). Note that F is defined for all y ∈ AK and by Pontrjagin
duality (Theorem 30.3.2) applied to AK /K and K, we get
X
Fb(y) = Fb(a)ψ(ay)
a∈K

551
31.3. Schwartz-Bruhat Functions and Riemann-Roch Chapter 31. Functional Equations

for y ∈ K. In particular, we may take y = 0 to get

X X X X
f (a) = F (0) = Fb(a)ψ(0) = Fb(a) = fˆ(a).
a∈K a∈K a∈K a∈K

Translating by x ∈ AK gives the full Poisson summation formula.

The multiplicative version of this formula for idèles is given by the ‘analytic version’ of
the Riemann-Roch theorem from algebraic geometry. We will make the connection to the
classical theorem explicit after proving this adèlic version.
Theorem 31.3.5 (Riemann-Roch). Let K be a global field and f ∈ S(AK ). Then
X 1 X ˆ −1
f (ax) = f (ax )
a∈K
|x| a∈K

for any x ∈ IK .
Proof. Fix x ∈ IK and consider the function h(y) = f (xy) defined for y ∈ AK . Then by
Poisson summation,
X X
h(a) = ĥ(a)
a∈K a∈K
XZ
= f (xy)ψ(ay) dy
a∈K AK
X 1 Z
= f (y)ψ(ayx−1 ) dx by y 7→ yx−1
a∈K
|x| AK

1 X
= fˆ(ax−1 ).
|x| a∈K

In the case when K is a finite extension of Fq (t), K uniquely determines an algebraic

curve X over Fq that covers P1Fq . Under this identification, the points of X are in bijection
with the places of K. Recall the following definitions from Chapter 22, rephrased for the
field K:
ˆ A divisor on K is a Z-linear combination D = v nv v. The set of divisors forms an
P
abelian group Div(K).

ˆ The degree of a divisor D =

P P
v nv v ∈ Div(K) is deg(D) = v nv deg(v) where
deg(v) = [Fqv : Fq ]. This defines a map deg : Div(K) → Z whose kernel is denoted
Div0 (K).

ˆ The principal divisor defined by an element f ∈ K × is (f ) = v v(f )v. This forms a

P
subgroup div(K ∗ ) ⊆ Div(K).

ˆ The Picard group is the quotient group Pic(K) = Div(K)/ div(K ∗ ).

552
31.3. Schwartz-Bruhat Functions and Riemann-Roch Chapter 31. Functional Equations

Lemma 31.3.6. Every principal divisor has degree 0.

Proof. This was proven in Corollary 22.2.6, but in our context this follows directly from
Artin’s product formula (Theorem 16.3.2).
Set Pic0 (K) = Div0 (K)/ div(K × ). Then there is an exact sequence of groups
div
1 → F× × 0 0
q → K −→ Div (K) → Pic (K) → 0.

Let L(D) = {f ∈ K × | (f ) ≥ −D} ∪ {0} be the Riemann-Roch space associated to a divisor

D ∈ Div(K). Then L(D) is an Fq -vector space. We denotes its dimension by `(D). The
adèlic perspective affords us a nice proof of an important fact: Riemann-Roch spaces are all
finite dimensional (our unproven Theorem 22.3.3).
Proposition 31.3.7. For all D ∈ Div(K), `(D) < ∞.
Proof. We can extend the map div : K × → Div(K) to the idèles by:

div : IK −→ Div(K)
X
(xv ) 7−→ v(xv )v.
v

Then this map is surjective and we have

ker(div) = IK,∅ , div(I1K ) = Div0 (K), IK /K × IK,∅ = Pic(K),

I1K /K × IK,∅ = Pic0 (K).
P
Let f ∈ S(AK ) be the product of the characteristic functions 1Ov . For D = v nv v ∈
×
Div(K), choose xD = (xv ) ∈ IK such that v(xv ) = nv for all v. Then for any a ∈ K ,
(
1, v(axv ) ≥ 0 for all v
f (axD ) =
0, otherwise.

Thus f (axD ) 6= 0 is equivalent to a ∈ L(D) r {0}. Since f ∈ S(AK ),

X
q `(D) = f (axD )
a∈K

converges, so `(D) must be finite.

Corollary 31.3.8 (Riemann-Roch for Curves). Let K be a finite extension of Fq (t) with
genus g. Then there exists a canonical divisor K ∈ Div(K) such that deg(K) = 2g − 2 and
for all D ∈ Div(K),
`(D) − `(K − D) = deg(D) − g + 1.

Proof. Fix a nontrivial character ψ ∈ A

cK such that ψ|K = 1; such a character exists by
Lemma 31.3.2. Let mv be the maximal ideal at each place v of K and let mdvv denote the
conductor of ψv on Kv . Set X
K=− dv v.
v

553
31.3. Schwartz-Bruhat Functions and Riemann-Roch Chapter 31. Functional Equations

Since mdvv may be identified with the inverse different Dv−1 of Kv and Dv−1 = Ov for all but
finitely many v, we have dv = 0 for all but finitely many v. Thus K ∈ Div(K). Since ψ
Q (see Proposition 31.4.1(i) below), the class [K] ∈ Pic(K) is uniquely
is unique up to scaling
defined. Take f = v 1Ov ∈ S(AK ) so that by the proof of Proposition 31.3.7,
X
q `(D) = f (axD )
a∈K
P
for any D = v mv v with mv = v((xD )v ). On the other hand,

1 Y P
= qvmv = q v mv deg(v) = q deg(D) .
|xD | v

In particular, deg(K) = 2g − 2. Now by Theorem 31.3.5, it suffices to show

X
fˆ(ax−1
D ) = q
`(K−D)−g+1
.
a∈K

n /2
For all places v, we have fˆv = (1mnv v )1/2 = qv v = q deg(v)nv /2 . Taking the product over all v,
we get Y Y
fˆv =
P
q deg(v)nv /2 = q v deg(v)nv /2 = q − deg(K)/2 = q 1−g .
v v

Thus (
q 1−g , v(a) ≥ mv + nv
fˆ(ax−1
D ) =
0, v(a) < mv + nv .
These of course are the conditions defining membership in L(D), so we conclude that
X X
fˆ(ax−1
D ) = q −g+1 = q `(K−D)−g+1 .
a∈K a∈K
v(a)≥mv +nv

554
31.4. Global Zeta Functions and Functional Equations Chapter 31. Functional Equations

31.4 Global Zeta Functions and Functional Equations

∨ −1
Let K be a global field with ring of integers OK and different D = (OK ) . Fix a non-
trivial character ψ ∈ AK such that ψ|K = 1, such as the standard character constructed in
c
Lemma 31.3.2. As in Section 31.1, we write ψa (x) = ψ(ax) for all a, x ∈ AK .

Proposition 31.4.1. For any nontrivial ψ ∈ A

cK ,

(i) The map AK → A

cK , y 7→ ψy is an isomorphism of topological groups.

(ii) There is an isomorphism K → A\

K /K.
Q b ∼
Proof. (i) follows from the local case (Proposition 31.1.2) and from the identification v 0 K v =
AK in Proposition 31.2.3.
b
(ii) Since ψ is trivial on K, it induces a character on AK /K which we will still write as ψ.
Then the map K → A\ K /K, y 7→ ψy is again an isomorphism, but K is discrete and AK /K
is compact (Theorem 16.2.7), so by Proposition 30.0.1, A\ K /K is also discrete. Thus y 7→ ψy
is a homeomorphism, hence an isomorphism of topological groups.
Let X(IK ) denote the set of complex characters on the idèle group and define the space
of idèle class characters
Ch(IK ) = {χ ∈ X(IK ) : χ|K × = 1}.
Any χ ∈ Ch(IK ) induces a character on the idèle class group CK . By Theorem 16.3.2,
CK ∼= CK 1
× V (IK ) where V (IK ) ⊆ R>0 is the image of the norm | · |K on IK . It follows, as
in Lemma 31.1.1, that every χ ∈ Ch(IK ) is of the form χ = µ| · |s for µ a unitary character
on CK1
and s ∈ C. Set χ∨ = χ−1 | · |.
For each place v, let dxv denote the Haar measure on Kv and d∗ xv the induced Haar
measure on Kv× , so that |xv |v d∗ xv = cv dxv . We will usually take cv = qvq−1v
so that by
−d /2
the remark at the end vol(Ov× , d∗ xv ) = qv v where Dv = mdvv is the local
Q of Section ∗31.1,Q
different. Let dx = v dxv and d x = v d∗ xv , so that by Corollary 31.2.5, AK is self-dual
with respect to dx.
Definition. For f ∈ S(AK ) and χ ∈ Ch(IK ), the global zeta function for (f, χ) is
Z
Z(f, χ) = f (x)χ(x) d∗ x.
IK

The main goal of this chapter is to prove:

Theorem 31.4.2 (Global Functional Equation). For any f ∈ S(AK ) and χ ∈ Ch(IK ), with
χ = µ| · |s and σ = Re(s),
(i) Z(f, χ) is holomorphic for σ > 1.

(ii) Z(f, χ) has a meromorphic continuation to the whole complex plane.

ˆ χ∨ ).
(iii) Z(f, χ) = Z(f,

555
31.4. Global Zeta Functions and Functional Equations Chapter 31. Functional Equations

(iv) The only poles of Z(f, χ) occur when χ = | · |σ+iτ for τ ∈ R, in which case the poles
are at s = iτ, 1 + iτ and have residues
1 1 ˆ
Res(Z(f, χ); iτ ) = − vol(CK )f (0) and Res(Z(f, χ); 1 + iτ ) = vol(CK )f (0).

Proof of (i). Let S be the finite set of places v for which fv |Ov 6= 1. We may write f as a
linear combination of characteristic functions on these finitely many Ov . Consider
Z Y Z
∗
|f (x)| |χ(x)| d x = cv |fv (xv )| |xv |σ−1
v dxv
IK v Kv×
Y Z Y Z Y Z
= cv |xv |σ−1
v dxv × |fv (xv )| |xv |σ−1
v dxv × cv |xv |σ−1
v dxv .
v∈S mm v
v r{0} v∈S∞ Kv× v6∈S∪S∞ Ov×

R
For v ∈ S∞ , we remarked in the proof of Theorem 31.1.3(i) that Kv× |fv (xv )| |xv |σ−1 v dxv
converges for σ > 0 by routine calculations. Since S∞ is a finite set, the second factor above
is finite for σ > 0. For v 6∈ S∞ , our computations in the proof of Theorem 31.1.3(iii) showed
that for each v, f |Ov = 1mm v
v for some mv ≥ 0, and we have

q −mv σ
Z
cv |xv |σ−1
v dxv = vol(Ov× , d∗ xv ) v −σ
mm v
v r{0}
1 − qv

for σ > 0. Thus the first factor above corresponding to v ∈ S is a finite product of finite
integrals, so it too converges. Finally, since cv = qvq−1
v
, the third factor becomes
Y 1
vol(Ov× , d∗ xv ).
v6∈S∪S∞
1 − qv−σ

The product v6∈S∪S∞ 1−q1−σ now converges for σ > 1 by a similar proof to that of Theo-
Q
v
rem 10.3.1. Hence all three factors converge, so Z(f, χ) converges absolutely when σ > 1.
Now assume K is a number field. For f ∈ S(AK ) and χ ∈ Ch(IK ) with σ > 1, the
decomposition IK ∼
= I1K × R>0 (from Theorem 16.3.2) allows us to write
Z Z Z
∗ dt
Z(f, χ) = f (x)χ(x) d x = f (tx)χ(tx) d∗ x .
IK R>0 I1K t

For each t ∈ R>0 , set Z

Zt (f, χ) = f (tx)χ(tx) d∗ x.
I1K

Proposition 31.4.3. For all t ∈ R>0 , f ∈ S(AK ) and χ ∈ Ch(IK ) with σ > 1,
Z Z
Zt (f, χ) + f (0) ∗ ˆ ∨ ˆ
χ(tx) d x = Zt−1 (f, χ ) + f (0) χ∨ (t−1 x) d∗ x.
1
CK 1
CK

556
31.4. Global Zeta Functions and Functional Equations Chapter 31. Functional Equations

1
Proof. By definition, CK = I1K /K × so we can write
Z Z ! Z
X
∗ ∗
Zt (f, χ) + f (0) χ(tx) d x = χ(tx) f (atx) d x + f (0) χ(tx) d∗ x
1
CK 1
CK 1
CK
a∈K ×
Z !
X
= χ(tx) f (atx) d∗ x
1
CK a∈K
Z !
1 X ˆ −1 −1
= χ(tx) f (at x ) d∗ x by Riemann-Roch (31.3.5)
1
CK |tx| a∈K
Z !
X
= |t−1 x|χ(t−1 x) fˆ(at−1 x) d∗ x by x 7→ x−1
1
CK a∈K
Z ! Z
X
= −1
|t x|χ(t x) −1
fˆ(at−1 x) d x + fˆ(0)
∗
χ∨ (t−1 x) d∗ x
1
CK 1
CK
×
Z a∈K
ˆ χ∨ ) + fˆ(0)
= Zt−1 (f, χ∨ (t−1 x) d∗ x.
1
CK

Proof of Theorem 31.4.2(ii) – (iv). We give the proof when K is a number field and leave
the function field case as an exercise. In this case, IK = I1K × R>0 and we have
Z ∞
dt
Z(f, χ) = Zt (f, χ)
t
Z0 1 Z ∞
dt dt
= Zt (f, χ) + Zt (f, χ)
t t
Z0 1 Z1
dt
= Zt (f, χ) + f (x)χ(x) d∗ x
0 t C

where C = {x ∈ IK : |x| ≥ 1}. Note that since f ∈ S(AK ), the second integral converges for
all s. For the first term, Proposition 31.4.3 allows us to write
Z 1 Z 1
dt ˆ χ∨ ) dt + E
Zt (f, χ) = Zt−1 (f,
0 t 0 t
where
!
Z 1 Z Z
dt
E = E(f, χ) = fˆ(0)χ∨ (t−1 ) χ∨ (x) d∗ x − f (0)χ(t) χ(x) d∗ x .
0 1
CK 1
CK t

Applying the transformation t 7→ t−1 yields

Z 1 Z ∞
ˆχ )
∨ dt ˆ χ∨ ) dt ,
Zt−1 (f, = Zt (f,
0 t 1 t

557
31.4. Global Zeta Functions and Functional Equations Chapter 31. Functional Equations

so since fˆ ∈ S(AK ) and χ∨ ∈ Ch(IK ), this integral converges by the work above. Thus the
meromorphic continuation of Z(f, χ) is proven once we show that E is meromorphic. We
analyze two cases below.
If χ is nontrivial on I1K , then by orthogonality of characters, the integrals
Z Z
∗
χ(x) d x and χ∨ (x) d∗ x
1
CK 1
CK

are both zero, so E = 0 (which is holomorphic). The interesting case is when χ is trivial on
I1K . In this case, it must be of the form χ = | · |s = | · |σ+iτ for τ ∈ R, and E looks like
Z 1  
E= fˆ(0)tσ−1 vol(CK
1
) − f (0)tσ vol(CK
1
)
0
!
ˆ(0)
f f (0)
1
= vol(CK ) −
σ−1 σ

which is meromorphic. Therefore E is meromorphic in all cases, proving (ii). Also notice
that E(f, χ) = E(f,ˆ χ∨ ). Moreover, the only poles of Z(f, χ) occur when χ = | · |σ+iτ and
these occur at σ = 0, 1 and the residues of Z(f, χ) at s = iτ, 1 + iτ are as claimed in (iv).
Finally, our computations above give us
Z ∞ Z ∞
dt ˆ χ∨ ) dt + E(f, χ)
Z(f, χ) = Zt (f, χ) + Zt (f,
t t
Z1 ∞ Z 1
Z ∞Z
dt dt
= f (tx)χ(tx) d∗ x + fˆ(tx)χ∨ (tx) d∗ x + E(f, χ).
1 IK t 1 IK t

Meanwhile,
Z ∞ Z ∞
ˆ χ∨ ) = ˆ ∨ dt ˆ χ∨ ) dt + E(f,ˆ χ∨ )
Z(f, Zt (f, χ ) + Zt (f,
t t
Z1 ∞ Z 1
Z ∞Z
ˆ ∨ ∗ dt dt ˆ χ∨ )
= f (tx)χ (tx) d x + f (−tx)χ(tx) d∗ x + E(f,
t t
Z1 ∞ ZIK Z1 ∞ ZIK
dt dt
= fˆ(tx)χ∨ (tx) d∗ x + f (tx)χ(tx) d∗ x + E(f, χ) by x 7→ −x.
1 IK t 1 IK t

ˆ χ∨ ) = Z(f, χ), finishing the proof of Theorem 31.4.2.

Therefore Z(f,

558
31.5. Hecke L-Functions Chapter 31. Functional Equations

31.5 Hecke L-Functions

Let K be a global field and fix an idèle class character χ = µ| · |s with σ = Re(s). At each
place v of K, we get a local character χv : Kv× → C× . Let L(χv ) be the local L-factor defined
in Section 31.1.
Definition. The global L-function of a character χ ∈ Ch(IK ) is defined as
Y
L(χ) = L(χv )
v

wherever this product converges.

Lemma 31.5.1. L(χ) is absolutely convergent and nonzero for σ > 1.
Proof. Let S be the set of places v for which χv is unramified. Write µv for the restriction
of µ to Kv× . Then
Y Y Y 1
|L(χv )| = |L(χv )| = −s |
.
v v∈S v∈S
|1 − µ v (π v )q v

To show this converges, take the logarithm:

! ∞
!
Y 1 XX µv (πv )m qv−ms
log = Re .
v∈S
|1 − µv (πv )qv−s | v∈S m=1
m

qv−ms
Since each µv is unitary, the entire sum is dominated by the sum of the m
terms, which
we analyze as follows:
∞ ∞
XX qv−ms X X X qv−ms
=
v∈S m=1
m p m=1
m
v|p

where p runs over all prime integers and v runs over the places of K lying over p. Since the
number of v lying over p is bounded by n = [K : Q] and qv is a pth power for each of these
v, we get
∞ ∞
XXX qv−ms XX p−mσ
≤n
p m=1
m p m=1
m
v|p
!
Y 1
= n log .
p
1 − ps

This converges for σ > 1 since it is the Euler product of the Riemann zeta function (see
Theorem 10.3.1), so L(χ) converges for σ > 1.
Definition. For χ ∈ Ch(IK ), the function

L(s, χ) := L(χ| · |s )

is called the Hecke L-function for χ.

559
31.5. Hecke L-Functions Chapter 31. Functional Equations

Theorem 31.5.2. Let χ = µ| · |s be an idèle class character taking values in S 1 ⊂ C× . Then

(i) L(s, χ) has a meromorphic continuation to the whole complex plane.
∨
(ii) The Hecke L-function
Q for χ satisfies the functional equation L(1−s, χ ) = ε(s, χ)L(s, χ)
where ε(s, χ) = v ε(χv , ψv , dxv ) for the local functions ε(χv , ψv , dxv ) from Theo-
rem 31.1.3.

(iii) The meromorphic continuation of L(s, χ) is holomorphic unless χ = | · |s , in which

1
case it has poles at s = iτ, 1+iτ of respective residues − vol(CK ) and |N (D)|−1/2 vol(CK
1
),
where N (D) is the norm of the different of K.
Proof. (ii) It follows from Propositions 31.2.3 and 31.2.4 that
Y Y
Z(f, χ) = Z(fv , χ∨v ) and Z(f,ˆ χ∨ ) = Z(fˆv , χ∨v ).
v v

Then by Theorem 31.4.2(iii),

ˆ χ∨ ) Y Z(fˆv , χ∨ )
Z(f, v
1= = ∨)
Z(f, χ) v
Z(f v , χv
Y
= γ(χv , ψv , dxv ) by Theorem 31.1.3(ii)
v
Y L(χ∨v )
= ε(χv , ψv , dxv ) by Theorem 31.1.3(iii)
v
L(χv )
L(1 − s, χ∨ )
= ε(s, χ) .
L(s, χ)
(i) In the proof of Theorem 31.1.3, we constructed an entire function hv = hv (fv , χv , ψv , dxv )
on each local field Kv for a particular choice of fv ∈ SB(Kv ) which satisfied

Z(fv , χv | · |sv ) = hv L(s, χv ).

When v was archimedean, we even had Z(fv , χv | · |sv ) = L(s, χv ). For v nonarchimedean with
standard character ψv on Kv , we set fv ≡ ψv on mvmv −nv where mm v was the conductor of ψv
v

and mnv v was the conductor of χv . This choice gave

(
−m (s−1/2)
s qv v L(s, χv ), nv = 0
Z(fv , χv | · |v ) = −(mv −nv )s
qv g(χv , ψmmv
v −nv )L(s, χv ), nv 6= 0

where g(−, −) was

Q the Gauss sum. In the global case, mv = nv = 0 for all but finitely many
places v, so f = v fv is defined and f ∈ S(AK ). In addition, the product
Y
h(f, χ) = hv
v

is meromorphic and satisfies Z(f, χ| · |s ) = h(f, χ)L(s, χ), proving the meromorphic contin-
uation.

560
31.5. Hecke L-Functions Chapter 31. Functional Equations

(iii) Let f = v fv be as above. From Theorem 31.4.2(iv), we know the poles of Z(f, χ|·|s )
Q
occur exactly when χ = | · |−iτ for τ ∈ R, and the poles are s = iτ, 1 + iτ with residues
1 1 ˆ
− vol(CK )f (0) and vol(CK )f (0), respectively. By construction, f (0) = 1 and
Y Y Y
fˆ(0) = fˆv (0) = vol(Ov× , d∗ xv ) = |N (Dv )|−1/2 = |N (DK )|−1/2 .
v v6∈S∞ v6∈S∞

This proves the claimed residue formulas.

1
To further understand the residues of L(s, χ), we will next compute vol(CK ). Let S be a
finite set of places of K and recall the group IK,S of S-idèles and its subgroup IK,S = I1K ∩IK,S
1

of norm 1 S-idèles. Let CK,S = I1K /K × I1K,S , which is a finite group of order hS when S 6= ∅
(called the S-class number) by Theorem 16.3.7. Then from the same theorem, we get an
exact sequence
1 → I1K,S /(K × ∩ I1K,S ) → CK
1
→ CK,S → 1.
This implies
1
vol(CK ) = hS vol(I1K,S /(K × ∩ I1K,S )).
Assume K is now a number field and S = S∞ , the set of archimedean places of K. We
may write |S∞ | = r1 + r2 where r1 is the number of real embeddings of K and r2 is the
number of pairs of complex conjugate embeddings of K. Define the logarithmic map

λ : I1K,S∞ −→ Rr1 +r2

(xv ) 7−→ (log |xv |v )v∈S∞ .

Also let H be the hyperplane in Rr1 +r2 = {(tv )v∈S∞ } defined by the equation
X X
tv + 2 tv = 0.
v real v complex

Lemma 31.5.3. For every number field K, im λ = H and ker λ = I1K,∅ = IK,∅ .
Q
Proof. Since v∈S∞ |xv |v = 1, we have
!
Y X X X
0 = log |xv |v = log |xv |v = log |xv | + 2 log |xv |.
v∈S∞ v∈S∞ v real v complex

Thus im λ ⊆ H. On the other hand, for (tv )v∈S∞ ∈ H, we may choose an idèle (xv ) ∈ I1K,S∞
with xv = 1 for all finite v and |xv |v = etv for all infinite v. This shows that im λ ⊇ H, so
they are equal. The identification ker λ = I1K,∅ is trivial.
Definition. The restriction of λ to K × ∩ I1K,S∞ is called the regulator map of K, written
reg : I1K,S∞ → Rr1 +r2 .
By Lemma 31.5.3, ker(reg) = K × ∩I1K,∅ = µ(K), the set of roots of unity in K. Moreover,
× ×
since OK = K × ∩ I1K,∅ by definition, it makes sense to define L = reg(OK ) ⊂ H. Since
1 1 ×
CK = IK /K is compact (Theorem 16.3.3), the quotient H/L is compact, or in other words,
L is a complete lattice in H.

561
31.5. Hecke L-Functions Chapter 31. Functional Equations

Definition. The volume RK = vol(H/L) is called the regulator of K.

For each place v, write Uv = {xv ∈ Kv : |xv |v = 1}. Then we may write
Y Y Y
I1K,∅ = Uv × Uv × Uv .
v real v complex v finite

This allows us to define a Haar measure ν = νreal × νcomplex × νf inite on I1K,∅ by:
ˆ for v real, Uv = {±1} so we take νreal to be the counting measure;
ˆ for v complex, Uv = S 1 so we take νcomplex to be the standard Lebesgue measure on
S 1 ⊂ C;
ˆ for finite v, we take νf inite to be the product of the d∗ xv over all finite v.
Thus the volume of each Uv is given by

2,
 v real
vol(Uv , ν) = 2π, v complex
 −1/2
N (Dv ) , v finite.


This implies the following formula:

vol(I1K,∅ , ν) = 2r1 (2π)r2 |dK |−1/2
where dK is the discriminant of K.
Theorem 31.5.4. Let K be a number field with class number hK = |CK |, discriminant dK ,
regulator RK = vol(H/L) and |S∞ | = r1 + r2 . Then
1 2r1 (2π)r2 hK RK
vol(CK )= p .
|µ(K)| |dK |
Proof. Consider the commutative diagram with exact rows and columns
1 1 0

×
reg
1 µ(K) OK L 0

λ
1 I1K,∅ I1K,S∞ H 0

×
1 I1K,∅ /µ(K) I1K,S∞ /OK H/L 0

1 1 0

562
31.5. Hecke L-Functions Chapter 31. Functional Equations

Using the left column and the measure ν, we have

2r1 (2π)r2 |dK |−1/2 = vol(I1K,∅ ) = |µ(K)| vol(I1K,∅ /µ(K)).

On the other hand, using the bottom row and the induced measures on each quotient, we
get
1
vol(CK ) × 2r1 (2π)r2 RK
= vol(I1K,S∞ /OK ) = vol(I1K,∅ /µ(K)) vol(H/L) = p .
hK |µ(K)| |dK |
1
Solving for vol(CK ) gives the desired formula.

Corollary 31.5.5 (Class Number Formula). Let ζK (s) be the Dedekind zeta function of a
number field K. Then
2r1 (2π)r2 hK RK
Res(ζK ; 1) = p .
|µ(K)| |dK
1
Proof. By the proof of Theorem 31.5.2, ζK (s) = L(s, 1f ) = h(s) Z(f, 1f ) where h(s) =
Q
v hv (s) is the product of the local hv functions
(
m (s−1/2)
qv v , nv = 0
hv (s) = −(mv −nv )s
qv g(χv , ψmvmv −nv ), nv 6= 0.

Note that h(1) = N (D)−1/2 , so that by Theorem 31.5.2(iii),

1
Res(ζK ; 1) = Res(Z(f, 1f ); 1) = N (D)1/2 N (D)−1/2 vol(CK
1 1
) = vol(CK ).
h(1)
Now apply the volume formula in Theorem 31.5.4
Note that this gives another proof of Corollary 17.5.6.

Example 31.5.6. Let ζ(s) = L(s, 1f ) be the Riemann zeta function (the L-function for
the finite part of the trivial character χ = 1 on K = Q). The only archimedean place of
Q corresponds to the usual absolute value with completion R, so by the definition of the
L-factors in Section 31.1,
s
L(s, 1) = L(s, χ∞ )L(s, 1f ) = π −s/2 Γ ζ(s),
2
which is the completed zeta function ξ(s) defined in Section 12.1. On the other hand,
 
∨ ∨ ∨ −(1−s)/2 1−s
L(1 − s, 1 ) = L(1 − s, χ∞ )L(1 − s, 1f ) = π Γ ζ(1 − s),
2

and by Theorem 31.5.2, L(s, 1) = L(1 − s, 1∨ ) so this proves ξ(s) = ξ(1 − s), as we saw in
Corollary 12.1.6. Moreover, Theorem 31.5.2 also shows that the only poles of L(s, 1) are at
s = 0, 1. Theorem 31.5.4 shows that L(s, 1) in fact has simple poles at s = 0, 1. At s = 0,
s


we know Γ
2 has a simple pole, so this implies ζ(s) is holomorphic at s = 0. On the other
hand, Γ 2s is holomorphic at s = 1, so it follows that ζ(s) has a simple pole at s = 1.

563
31.5. Hecke L-Functions Chapter 31. Functional Equations

Proposition 31.5.7. Fix m ≥ 3 and let Fm = Q(e2π/m ) be the mth cyclotomic extension of
Q. Then Y
ζFm (s) = L(s, χ)
χ

where the product runs over all Dirichlet characters χ mod m.

Proof. We will show that the local factors of the left and right sides of the equation are the
same for each prime integer p, which is equivalent to showing
Y Y
(1 − (p−s )fv ) = (1 − χ(p)p−s )
v|p χ

for all p. Fix p and set t = p−s . Since the factor 1 − χ(p)t is trivial when χ is ramified, we
may assume the product on the right is taken over all unramified characters χ. Now Fm /Q
is Galois, so by Corollary 14.5.14, f = fv is constant on the set of places v | p. Let g be the
number of such places, so that
Y Y
(1 − tfv ) = (1 − tf )g = (1 − zt)g .
v|p z f =1

Thus it suffices to show that for each f th root of unity z, there are exactly g characters χ
\ × of Dirichlet
with χ(p) = z. To see this is true, define a homomorphism on the set (Z/mZ)
characters mod m by

\ × −→ µf
evp : (Z/mZ)
χ 7−→ χ(p).

\ × | = ϕ(m) = f g, |µf | = f and

As p - m, this map is well-defined. Note that |(Z/mZ)
one can show using Artin reciprocity (Theorem 19.2.2) that ϕ is also surjective. Therefore
| ker(evp )| = g, proving the claim.
Q
Over Fm , the factor in χ L(s, χ) corresponding to the trivial character is just the Rie-
mann zeta function ζ(s) which by Example 31.5.6 has residue 1 at s = 1. Therefore by
Corollary 31.5.5,
Y (2π)ϕ(m)/2 hm Rm p
= |dm |
χ6=1
|µ m|

where hm , Rm , µm and dm are, respectively, the class number, regulator, group of roots of
unity and discriminant of Fm .
Now for any finite abelian extension K/Q, the Kronecker-Weber theorem (17.8.10) says
that K ⊆ Fm for some m. Set G = Gal(K/Q) and Gm = Gal(Fm /Q) so that G is a quotient
of Gm . Taking duals, we then have that Gb is a subgroup of G
bm .

Proposition 31.5.8. For any finite abelian extension K/Q with Galois group G,
Y
ζK (s) = L(s, χ).
χ∈G
b

564
31.5. Hecke L-Functions Chapter 31. Functional Equations

Corollary 31.5.9. For any finite abelian extension K/Q with Galois group G,
Y 2r1 (2π)r2 hK RK
L(1, χ) = p .
|µ(K)| |dK |
χ∈Gr{1}
b

In particular, L(1, χ) 6= 0 for all nontrivial characters χ ∈ G.

b

One can further compute each of these L-factors to be

−g(χ) X
L(1, χ) = χ(a) log(1 − e−2πia/m )
m a mod m

where g(χ) is the Gauss sum

X
g(χ) := g(χ, e2πiz ) = χ(a)e2πia/m .
a mod m

565
 Part VII

Modular Forms

566
Chapter 32

Modular Forms

This chapter gives an overview of the theory of modular forms from a number theoretic
perspective. Good resources for this introductory material are Serre’s A Course in Arith-
metic, Diamond-Shurman’s A First Course in Modular Forms and Koblitz’s Introduction to
Elliptic Curves and Modular Forms. More advanced material, including the connections be-
tween modular forms and algebraic geometry, can be found in Iwaniec’s Topics in Classical
Automorphic Forms and Milne’s Modular Functions and Modular Forms.
Modular forms are functions on the upper half-plane in C which have certain delicate
properties allowing for the systematic study of the complex structure on this upper half-
plane. It turns out that a large class of Riemann surfaces have as their universal cover the
upper half-plane, and modular functions then allow one to describe all holomorphic functions
on these Riemann surfaces. In particular, modular forms have such a name because they
arise as sections of line bundles on various moduli spaces of these Riemann surfaces. In our
setting, we will examine the forms coming from moduli spaces of elliptic curves.

567
32.1. The Upper Half-Plane Chapter 32. Modular Forms

32.1 The Upper Half-Plane

Let SL2 (R) be the special linear group and consider the discrete subgroup SL2 (Z) ≤ SL2 (R)
of special linear matrices with integer entries.
Definition. The upper half-plane in the complex plane C is the open half-plane
h = {z ∈ C | Im(z) > 0}
equipped with the subspace topology. The completed upper half-plane is the set
h∗ = h ∪ {∞} ∪ Q
equipped with the topology coming from taking open sets about ∞ (identified as i∞) to be
half-planes {z ∈ C | Im(z) > y0 > 0} and viewing Q as a subset of the real axis in C.
The group SL2 (R) acts on C by fractional linear transformations:
 
a b az + b
z= .
c d cz + d
Note that   
a b Im(z)
Im z = .
c d |cz + d|2
 
−1 0
This shows that SL2 (R) acts on h. We also see that −I = acts trivially on h, so
0 −1
there is an induced action of the projective special linear group P SL2 (R) = SL2 (R)/h−Ii
on h (in fact, this group acts faithfully on h). Similarly, SL2 (Z) acts on h and its quotient
P SL2 (Z) even acts on h∗ by
   
a b m a b a
· = ma + nb, ·∞= .
c d n c d c
Definition. The group Γ = P SL2 (Z) is called the modular group.
We now describe a fundamental domain for the action of the modular group on h. Con-
sider the region D = z ∈ h : |z| ≥ 1, | Re(z)| ≤ 12 :

ρ −ρ̄
i

Re(z)
−1 − 12 1
2 1

Im(z)

568
32.1. The Upper Half-Plane Chapter 32. Modular Forms

We specify three points on the boundary of D: the fourth root of unity i = eiπ , the third
root of unity ρ = e2πi/3 and its negative conjugate, the sixth root of unity −ρ̄ = eπi/3 . Define
two matrices S, T ∈ SL2 (Z) by
   
0 −1 1 1
S= and T =
1 0 0 1

which act on z ∈ h by S(z) = − z1 and T (z) = z + 1. Also let S, T denote the images of these
matrices in Γ = P SL2 (Z).
Theorem 32.1.1. For Γ = P SL2 (Z), D ⊂ h and S, T ∈ Γ as above,
(1) D is the fundamental domain for the action of Γ on h.

(2) The only nontrivial stabilizers of this action are

Γ(i) = hSi, Γ(ρ) = hST i, Γ(−ρ̄) = hT Si

which are finite groups of respective orders 2, 3 and 3.

(3) Γ is generated by S and T .

Proof. (1) Let Γ0 = hS, T i be the subgroup of Γ generated by S and T . For any z ∈  h, there

0 a b
is some element g ∈ Γ for which Im(gz) is maximal, i.e. this is the element g =
c d
0
minimizing |cz + d|. By applying a power of T , we may assume g ∈ Γ is such that Im(gz) is
maximal and | Re(gz)| ≤ 21 . Then gz ∈ D or else one could increase Im(gz) by applying S.
This shows that for any z ∈ h, gz ∈ D for some g ∈ Γ0 . To show D is a fundamental domain,
we must
 show  that for any z ∈ D and each nontrivial element g ∈ Γ, gz 6∈ D. Suppose
a b
g= and without loss of generality assume Im(gz) ≥ Im(z). Then |cz + d| ≤ 1 which
c d  
1 b
means either c = 0 or c = ±1. If c = 0, g = and gz = z + b with b ∈ Z, so gz 6∈ D.
0 1
If c = −1, we may multiply by −I to get to the c = 1 case. Finally, for c = 1, |z + d| > 1
holds unless d = 0 or z = ρ, −ρ̄, in which case z ∈ ∂D. Hence D is a fundamental domain
for Γ.
(2) follows from the calculations above.
(3) Suppose z ∈ Int(D) and g ∈ Γ. Then by the proof of (1), there exists g 0 ∈ Γ0 such
that g 0 gz ∈ D, but by (2), g 0 gz ∈ Int(D) only if g 0 g = I, i.e. only if g 0 = g −1 ∈ Γ0 . This
proves Γ0 = Γ.
Remark. (1) Topologically, h/D is homeomorphic to a sphere with a point deleted, and
(h/D) ∪ {∞} is precisely that sphere.
(2) Building on Theorem 32.1.1(2), one can even show that Γ has presentation

hS, T | S 2 , (ST )3 i,

which shows that Γ is isomorphic to the free product Z/2Z ∗ Z/3Z.

569
32.2. Modular Functions and Modular Forms Chapter 32. Modular Forms

32.2 Modular Functions and Modular Forms

Definition. Let k ∈ Z. A holomorphic
  function f : h → C is a weakly modular function
a b
of weight 2k if for all g = ∈ SL2 (Z),
c d

f (z) = (cz + d)−2k f (gz).

Note that if f is weakly modular of weight 2k, then

 
d d az + b a(cz + d) − c(az + b) 1
(gz) = = 2
= ,
dz dz cz + d (cz + d) (cz + d)2
which can be rewritten as
f (gz) d(gz)k = f (z) dz k .
That is, the differential form of weight k f dz ⊗k is invariant under the SL2 (Z)-action. (Thus
we begin to see the connection to line bundles of differential forms alluded to in the intro-
duction.) In particular, since Γ is generated by S and T (Theorem 32.1.1), f (z) is weakly
modular of weight 2k if and only if f dz ⊗k is invariant under S and T , or in other words:
Lemma 32.2.1. A holomorphic function f : h → C is weakly modular of weight 2k if and
only if  
1
f (z + 1) = f (z) and f − = z 2k f (z)
z
for all z ∈ h.
As a consequence of the first relation, a weakly modular function f (z) has a Fourier series
expansion in the variable q = e2πiz :
∞
X
f (q) = an q n .
n=−∞

Identifying z = i∞ with q = 0, we can think of this as a power series expansion of f about

the point at infinity.
an q n . If
P
Definition. Let f (z) be a holomorphic function on C with q-expansion f =
an = 0 for all n << 0, then f is said to be meromorphic at ∞. If an = 0 for all n < 0,
then f is said to be holomorphic at ∞.
Definition. A weakly modular function f (of weight 2k) is a modular function (of weight
2k) if it is meromorphic at ∞ and a modular form (of weight 2k) if it is holomorphic at
∞. Further, if a0 = 0 in its q-expansion, then f is called a cusp form.
For each k ∈ Z, let Mk be the complex vector space of modular forms of weight 2k. Then
if f ∈ Mk and g ∈ M` , it is easy to see that f g ∈ Mk+` , so these spaces form a graded ring
of modular forms M
M= Mk .
k∈Z

570
32.2. Modular Functions and Modular Forms Chapter 32. Modular Forms

For each k, let Sk be the space of cusp forms of weight 2k. We will show that M ∼
= C[G4 , G6 ]
is a polynomial ring in two distinguished modular forms G4 , G6 .
We next discuss the connection between lattices and modular forms. Set
M = {(ω1 , ω2 ) ∈ C× | Im(ω1 /ω2 ) > 0}.
Then each point (ω1 , ω2 ) ∈ M defines a lattice Λ = Zω1 ⊕ Zω2 ⊂ C, though not a unique
one. Each element of SL2 (Z) acts on M by
 
a b
(ω1 , ω2 ) = (aω1 + bω2 , cω1 + dω2 ).
c d
Then the quotient M/SL2 (Z) naturally identifies with the set of all lattices in C. Further,
two lattices (ω1 , ω2 ) and (η1 , η2 ) are called homothetic if there exists some λ ∈ C× such that
ωi = ληi for i = 1, 2. The set of homothety classes of lattices in C naturally identifies with
the set of complex elliptic curves E/C via
Λ = (ω1 , ω2 ) ←→ E = C/Λ.
(See Section 26.2.) Let R be the set of all lattices in C.
Definition. A function F : R → C is called a modular lattice function of weight 2k if
for all Λ ∈ R and λ ∈ C× , we have
F (λΛ) = λ−2k F (Λ).
For short, we will write F (ω1 , ω2 ) = F (Zω1 ⊕ Zω2 ). Notice that for any lattice function
F of weight 2k, the value ω22k F (ω1 , ω2 ) depends only on the ratio ωω21 . We can use this to
build modular functions out of lattice functions.
Lemma 32.2.2. For a lattice function F : R → C of weight 2k, the function f : h → C
defined by  
ω1
f = ω22k F (ω1 , ω2 )
ω2
 
−2k a b
satisfies the weight 2k modular condition f (z) = (cz + d) f (gz) for any g = ∈
c d
SL2 (Z). Thus if f is holomorphic, it is a weakly modular function of weight 2k.
Proof. Take ω1 , ω2 ∈ C× and consider
   
ω1 aω1 + bω2
f g· =f = (cω1 + dω2 )2k F (aω1 + bω2 , cω1 + dω2 )
ω2 cω1 + dω2
    
2k ω1 ω1
= (cω1 + dω2 ) F ω2 a + b , ω2 c + d
ω ω2
 2 
2k −2k ω1 ω1
= (cω1 + dω2 ) ω2 F a + b, c + d since F has weight 2k
ω2 ω2
 2k  
ω1 ω1
= c +d F ,1 since F is SL2 (Z)-invariant
ω2 ω2
 2k  
ω1 ω1
= c +d f .
ω2 ω2

571
32.2. Modular Functions and Modular Forms Chapter 32. Modular Forms

 
Conversely, the formula f ωω12 = ω22k F (ω1 , ω2 ) defines a modular lattice function F
of weight 2k for every (weakly) modular function of the same weight, so we can identify
all (weakly) modular functions with some subset of the set of modular lattice functions.
In particular, this identification is useful for producing examples of modular functions and
forms.

Example 32.2.3. (Eisenstein series) From complex analysis, we know that if Λ ⊂ C is a

lattice then the sum X 1
|γ|σ
γ∈Λr{0}

converges for all σ ∈ C with Re(σ) > 2. Using this, for each k ≥ 2 we can define a lattice
function Gk : R → C by
X 1
Gk (Λ) = .
γ 2k
γ∈Λr{0}

By construction, Gk is a lattice modular function of weight 2k, so by Lemma 32.2.2, we

should get a weakly modular form from Gk of weight 2k. Notice that for Λ = [ω1 , ω2 ], we
can write X 1
Gk (ω1 , ω2 ) = .
2
(mω1 + nω2 )2k
(m,n)∈Z
(m,n)6=(0,0)

Then the function X 1

Gk (z) =
(mz + n)2k
(m,n)∈Z2
(m,n)6=(0,0)

is a weakly modular function of weight 2k. (To see that Gk converges uniformly on h, first
observe that it converges uniformly on the fundamental domain D since for any z ∈ D,
|mz + n| is bounded below by |mρ − n|. Now extend this convergence to all of h by applying
the action of SL2 (Z) and the modular condition on the lattice function Gk .)
What happens at infinity? Viewing ∞ = i∞, it is enough to consider the limit of Gk (z)
as z → ∞ within D, but since the series Gk converges uniformly on D, we may take the
limit term-by-term to get
X 1
Gk (∞) = lim Gk (z) = = 2ζ(2k).
Im(z)→∞ n2k
n∈Zr{0}

This shows that Gk is holomorphic at ∞, so Gk is in fact a holomorphic form of weight 2k.

Note that when k = 1, the sum
X 1
G1 (z) =
(mz + n)2
(m,n)6=(0,0)

converges conditionally but not uniformly on h, so G1 is not a modular form.

572
32.2. Modular Functions and Modular Forms Chapter 32. Modular Forms

Example 32.2.4. (Modular discriminant) Note that G2 ∈ M4 and G3 ∈ M6 imply that

G32 , G23 ∈ M12 , so we can define a modular form

∆ = (60G2 )3 − 27(140G3 )2

called the modular discriminant. (Note the resemblance to the discriminant formula for an
elliptic curve; see Section 23.1.) It is common to write g2 = 60G2 and g3 = 140G3 , so that

∆ = g23 − 27g32 .
π4 2π 6
By Example 32.2.3, G2 (∞) = 2ζ(4) = 45
and G3 (∞) = 2ζ(6) = 945
, so we have
3 2
4π 4 8π 6 64π 12 64π 12
 
∆(∞) = − 27 = − = 0.
3 27 27 27

So ∆ is a cusp form of weight 12. It turns out that ∆ has q-expansion

∞
X
2 3
∆(q) = q − 24q + 252q + . . . = τ (n)q n
n=1

where τ (n) is Ramanujan’s τ -function.

Example 32.2.5. Let Λ ⊂ C be a lattice and define the Weierstrass ℘-function as in

Section 26.1:
X  1 1

℘(u) = − .
(u − γ)2 γ 2
γ∈Λr{0}

Then ℘0 (u) = 4℘(u)3 − g2 ℘(u) − g3 , so there is a well-defined map

C/Λ −→ C2 ∪ {∞}
u 6= 0 7−→ (℘(u), ℘0 (u))
0 7−→ ∞

which realizes the elliptic curve E = C/Λ as a complex planar curve. This illustrates one of
the important connections between modular forms and elliptic curves.

573
32.3. Modular Functions as Sections Chapter 32. Modular Forms

32.3 Modular Functions as Sections

Let h∗ be the completed upper half-plane, Γ = P SL2 (Z) the modular group and consider
the quotient X = h∗ /Γ. Topologically, X ∼ = P1C but this homeomorphism is even compatible
with the standard complex structure on P1C , so X is concretely the complex projective curve
P1C . The goal of this section is to show how modular forms arise as sections of certain line
bundles on X.
For a geometric motivation, let B = {z ∈ C : |z| ≤ 1} be the unit complex disk and
consider the covering map

pn : B −→ B
z 7−→ z n

for n ≥ 1. Let k ≥ 1 and let Ω⊗k be the kth tensor power of the sheaf of meromorphic
differentials Ω = ΩB/C on B (see Section 22.4). Then for a section ω ∈ Γ(B, Ω⊗k ), we may
write ω = f dz k for some rational function f on B. Pulling this back under pn , we have

p∗n ω = f (z n ) d(z n )k = f (z n )(nz n−1 )k dz k ,

which shows that ord0 (p∗n ω) = k(n − 1) + n ord0 (ω). This construction passes to the curve
X as follows.
Note that the map p : h∗ → h∗ /Γ = X is a local homeomorphism except at the Γ-orbits of
the points i, ρ and ∞, so p is a branched cover with these points as branch points. Locally at
i, the cover is given by z 7→ z 2 , while at ρ, it is given by z 7→ z 3 . Thus the orders of vanishing
at these points of any differential form may be computed using the computations above. At
∞, we know q = e2πiz is a local parameter, so if ω = g(q) dq k for some q holomorphic at ∞,
then
p∗ ω = (2πi)k g(q)q k dz k
and so ord∞ (p∗ ω) = k + ordq=0 (ω). Now let f be a modular function of weight 2k and set
ω = f dz k ∈ Γ(X, Ω⊗k ), where Ω = ΩX/C . Then we have proven:

Lemma 32.3.1. Let z0 ∈ h∗ with p(z0 ) = x ∈ X. Then

(a) When z0 = i, ordi (f ) = k + 2 ordi (ω).

(b) When z0 = ρ, ordρ (f ) = 2k + 3 ordρ (ω).

(c) When z0 = ∞, ord∞ (f ) = k + ord∞ (ω).

(d) Otherwise, ordz0 (f ) = ordx (ω).

Lemma 32.3.2. For any f ∈ M2k , ω = f dz k ∈ Γ(X, Ω⊗k ) and the principal divisor (ω)
has degree −2k.

Proof. Since f is modular, ω descends to the quotient X = h∗ /Γ. Since the total degree of
each form in ΩP1C is −2 by Corollary 22.6.2, it follows that (ω) has degree −2k.

574
32.3. Modular Functions as Sections Chapter 32. Modular Forms

The degree of (ω) is by definition

X X
ord(ω) = ordx (ω) = ord∞ (ω) + ordi (ω) + ordρ (ω) + ordx (ω).
x∈X x6=i,ρ,∞

Using Lemma 32.3.1, this can be written

1 1 X
ord(ω) = (ord∞ (f ) − k) + (ordi (f ) − k) + (ordρ (f ) − 2k) + ordx (f ).
2 3 x∈D
x6=i,ρ

Since ord(ω) = −2k by Lemma 32.3.2, this becomes:

Lemma 32.3.3. For any modular function f of weight 2k,

1 1 X k
ord∞ (f ) + ordi (f ) + ordρ (f ) + ordx (f ) = .
2 3 x∈D
6
x6=i,ρ

Corollary 32.3.4. Let k ∈ Z and let ∆ ∈ S6 be the cusp form ∆ = (60G2 )3 − 27(140G3 )2 .
Then

(a) For k < 0 and k = 1, Mk = 0.

(b) ∆ 6= 0.

(c) Multiplication by ∆ gives an isomorphism Mk → Sk+6 for all k ∈ Z.

(d) For k = 0, 2, 3, 4, 5, dimk Mk = 1. Explicitly, M0 = C[1] and for k = 2, 3, 4, 5,

Mk = C[Gk ].

Proof. (a) Every f ∈ Mk is holomorphic, so for k < 0 there is no way for the order formula
in Lemma 32.3.3 to be satisfied unless f ≡ 0. Likewise, when k = 1 the right-hand side of
the formula is 16 and there are no positive integers a, b, c, d satisfying a + 12 b + 13 c + d = 61 .
Hence M1 = 0.
(b) Since G2 ∈ M2 , the formula in Lemma 32.3.3 has 13 on the right, so ordi (G2 ) =
0, ordρ (G2 ) = 1 and hence G2 (i) 6= 0 and G2 (ρ) = 0. Similarly for G3 ∈ M3 , we have
ordi (G3 ) = 1, ordρ (G3 ) = 0 and therefore G3 (i) = 0 and G3 (ρ) 6= 0. Since ∆ is a linear
combination of G32 and G23 , this shows that ∆(i) and ∆(ρ) are both nonzero. In particular,
∆ is nontrivial.
(c) The order formula also shows that ∆ has a simple zero at ∞. If f ∈ Sk+6 is a cusp
f f
form, then f (∞) = 0 so ∆ is holomorphic and hence ∆ ∈ Mk . As ∆ 6= 0, this clearly
establishes the isomorphism Mk → Sk+6 , g 7→ g∆.
(d) In general, if k − 6 < 0 then by (a), Mk−6 = 0. By (c), this implies Sk = 0, so there
are no cusp forms in Mk . In other words, the map Mk → C sending f 7→ f (∞) is injective,
so it follows that for k < 6, dim Mk ≤ 1. Since Eisenstein series exist and are nontrivial for
k = 2, 3, 4, 5, we therefore have dim Mk = 1 for each of these k and dim Mk = C[Gk ].

575
32.3. Modular Functions as Sections Chapter 32. Modular Forms

Remark. In fact, when k ≥ 0, we have the following dimension formula:

 
k

 , k ≡ 1 (mod 6)
 6

dim Mk =  

 k

 + 1, k 6≡ 1 (mod 6).
6
For k ≥ 2, we also have Mk ∼
= C[Gk ] ⊕ Sk .
Corollary 32.3.5. Let M = k∈Z Mk be the ring of modular forms. Then M ∼
L
= C[G2 , G3 ].
Proof. We will show that Mk is generated by the set {Ga2 Gb3 | a, b ≥ 0 and 2a + 3b = k}
for all k ≥ 0. When k ≤ 3, this follows from Corollary 32.3.4(d). Let k > 3 and induct.
For a, b ≥ 0 such that 2a + 3b = k, the modular form Ga2 Gb3 is not a cusp form, but for any
f ∈ Mk , the form
f (∞)
h=f− Ga Gb
G2 (∞)a G3 (∞)b 2 3
is a cusp form, so by Corollary 32.3.4(c), h = g∆ for some g ∈ Mk−6 . By induction,
0 0
g = Ga2 Gb3 for 2a0 + 3b0 = k − 6, but ∆ is also a linear combination of powers of G2 and G3 ,
so f is as well.
G3
Finally, these Ga2 Gb3 form a basis for M since if not, the function 22 would satisfy
G3
an algebraic equation over C and hence be a scalar. But this is impossible, since by the
proof of Corollary 32.3.4(b), G2 (i) 6= 0, G2 (ρ) = 0, G3 (i) = 0 and G3 (ρ) 6= 0. Therefore
{Ga2 Gb3 | a, b ≥ 0, 2a + 3b = k} is a basis for Mk .
Example 32.3.6. The j-invariant is a modular function
1728g23
j=
∆
of weight 0 with only a pole at ∞ by Corollary 32.3.4(b). This j-invariant corresponds to
the classical j-invariant of an elliptic curve (see Section 23.2) via
j(z) ←→ C/[1, z].
We will prove:
Proposition 32.3.7. Let j be the j-invariant. Then
(1) j : h/Γ → C is a bijection.
(2) Any modular function of weight 0 is a rational function in j.
(3) The q-expansion of j is
1
j(q) = + 744 + 196884q + 21493760q 2 + . . .
q
Remark. Incredibly, the coefficients in the q-expansion of j encode important information
about representations of a large sporadic simple group called the monster group (see moon-
shine theory for more details).

576
32.4. q-Expansions Chapter 32. Modular Forms

32.4 q-Expansions
In this section we further study the coefficients an in the q-expansion
∞
X
f (q) = an q n
n=0

of a modular form f ∈ M. First, recall that the kth even Bernoulli number Bk can be
defined as the kth coefficient in the Laurent series expansion
∞ 2k
x x X k+1 Bk x
= 1 − + (−1) .
ex − 1 2 k=1 (2k)!

(The lower case Bernoulli numbers are given by b2k = (−1)k+1 Bk .)

Example 32.4.1. One can compute B1 = 61 , B2 = 1
30
, B3 = 1
42
, B4 = 1
30
, etc. In general, Bk
is a rational number for all k ≥ 1.
Proposition 32.4.2. For all k ≥ 1,
(2π)2k
ζ(2k) = Bk .
2(2k)!
2i
Proof. The complex cotangent function may be written cot z = i + 2iz , so evaluating
e −1
x
the series expansion of x at x = 2iz, we obtain the formula
e −1
∞
X (2z)2k
z cot z = 1 − Bk .
k=1
(2k)!

Consider the well-known identity

∞ 
z2
Y 
sin z = z 1− 2 2 .
n=1
nπ

Upon taking the logarithmic derivative of both sides, we recover

∞
X z 2 /n2 π 2
z cot z = 1 +
n=1
(z 2 − n2 π 2 )/n2 π 2
∞ X ∞
X z 2k
=1+
n=1 k=1
n2k π 2k
∞ ∞
X z 2k X 1
=1+
k=1
π 2k n=1 n2k
∞
X z 2k
=1+ ζ(2k).
k=1
π 2k

Comparing the coefficients of z 2k in both expressions of z cot z gives the desired formula.

577
32.4. q-Expansions Chapter 32. Modular Forms

Example 32.4.3. Proposition 32.4.2 gives the well-known values of the zeta function ζ(2) =
π2 4
6
and ζ(4) = π90 .
Note that in the proof of Proposition 32.4.2, z cot z may alternatively be expressed as
∞
X z2
z cot z = 1 + 2 .
n=1
z 2 − n2 π 2

Evaluating at πz and dividing out by z, we have two equivalent expressions for π cot(πz):
∞  
1 X 1 1
π cot(πz) = + +
z m=1 z + m z − m
∞
2πi X
and π cot(πz) = πi − = πi − 2πi qn.
1 − e2πiz n=0

Equating these two expressions and taking the kth derivative with respect to z yields the
following formula:
Lemma 32.4.4. For all k ≥ 2,
∞
X 1 (−2πi)k X k−1 d
= d q .
m∈Z
(m + z)k (k − 1)! d=1

Define the generalized divisor sum function σk (n) by

X
σk (n) = dk .
d|n

Then the q-expansion of the kth Eisenstein series Gk (z) (Example 32.2.3) may be written in
terms of these σk (n) as follows.
Proposition 32.4.5. For all k ≥ 2,
∞
2(2πi)2k X
Gk (z) = 2ζ(2k) + σ2k−1 (n)q n .
(2k − 1)! n=1

Proof. By definition,
∞ X
X 1 X 1
Gk (z) = = 2ζ(2k) + 2 .
(mz + n)2k m=1 n∈Z
(mz + n)2k
(m,n)6=(0,0)

Applying Lemma 32.4.4 with mz in place of z, we get

∞ ∞
2(−2πi)2k X X 2k−1 md
Gk (z) = 2ζ(2k) + d q
(2k − 1)! m=1 d=1
∞
2(2πi)2k X
= 2ζ(2k) + σ2k−1 (m)q m .
(2k − 1)! m=1

(Now replace m with n.)

578
32.4. q-Expansions Chapter 32. Modular Forms

Example 32.4.6. The weight 2 Eisenstein series G1 (z) (see Example 32.2.3) may not be a
modular form, but the proof of Proposition 32.4.5 still goes through, so we have
∞
X
G1 (z) = 2ζ(2) − 8π 2 σ1 (n)q n .
n=1

Definition. For k ≥ 2, define the completed Eisenstein series of weight 2k by

∞
1 k 4k
X
Ek (z) = Gk (z) = 1 + (−1) σ2k−1 (n)q n .
2ζ(2k) Bk n=1
Example 32.4.7. The first two completed Eisenstein series are:
∞
X
E2 (z) = 1 + 240 σ3 (n)q n = 1 + 240q + 2160q 2 + 67200q 3 + . . .
n=1
∞
X
E3 (z) = 1 − 504 σ5 (n)q n = 1 − 504q − 16632q 2 − 122976q 3 − . . . .
n=1

By Corollary 32.3.4, Mk has dimension 1 for k = 2, 3, 4, 5 so there are relations among the
Ek (z) for small values of k. In fact, we have
E22 = E4 , E2 E3 = E5 , E2 E5 = E7 , E3 E4 = E7 .
Comparing the q-expansions of these identities, we obtain the following interesting relations
among the generalized divisor sum functions:
n−1
X
σ7 (n) = σ3 (n) + 120 σ3 (n)σ3 (n − m)
m=1
n−1
X
11σ9 (n) = 21σ5 (n) − 10σ3 (n) + 5040 σ3 (n)σ5 (n − m).
m=1

Let f (z) = ∞ n
P
n=0 an q be any modular form of weight 2k. In the next few results, we
give bounds on the growth of an .
Proposition 32.4.8. For the Eisenstein series f (z) = Gk (z), there exist constants A, B > 0
such that
An2k−1 ≤ |an | ≤ Bn2k−1
for all n ≥ 0. That is, |an | grows at the same rate as n2k−1 .
Proof. By Proposition 32.4.5, there is a positive number A such that an = (−1)k Aσ2k−1 (n),
so we certainly have
|an | = Aσ2k−1 (n) ≥ An2k−1 .
on the other hand,
∞
|an | Aσ2k−1 (n) X 1 X 1
= = A ≤ A = Aζ(2k − 1).
n2k−1 n2k−1 d2k−1 d=1
d 2k−1
d|n

Setting B = Aζ(2k − 1) gives the result.

579
32.4. q-Expansions Chapter 32. Modular Forms

Theorem 32.4.9 (Hecke). If f (z) is a cusp form of weight 2k, then an = O(nk ), i.e. |annk | is
bounded as n → ∞.

Proof. Since f is a cusp form, we may write f (z) = q ∞ n−1

P
n=1 an q |f (z)| = O(q) =
sothat 
a b
O(e−2πy ), where z = x + iy. Define Φ(z) = |f (z)|y k . Then for g = ∈ SL2 (Z), we
c d
have
yk
Φ(gz) = |f (gz)|(im(gz))k = |f (gz)| = |f (z)|y k
|cz + d|2k
since f is modular of weight 2k. Hence Φ is SL2 (Z)-invariant. In addition, Φ is continuous on
the fundamental domain D and Φ → 0 as y → ∞ since |f (z)| = O(e−2πy ), so Φ is bounded.
Thus there is some M > 0 such that |f (z)| ≤ M y −k for any z ∈ h. Fixing y = im(z) and
allowing x to vary on [0, 1], the values of q = e2πiz vary around a circle Cy centered at 0. By
the residue theorem,
Z Z
1 −n−1
an = f (z)q dq = f (x + iy)q −n dx.
2πi Cy Cy

This shows that |an | ≤ M y −k e2πny which works for all y > 0, so we can pick y = 1
n
to get
|an | ≤ M e2π nk .

Corollary 32.4.10. If f (z) is any noncuspidal modular form of weight 2k, then an =
O(n2k−1 ).

Proof. By Corollary 32.3.4(b), we may write f (z) as a linear combination of cusp forms and
Eisenstein series, so Proposition 32.4.8 and Theorem 32.4.9 give the result.

Remark. Deligne showed the following improved bound on an for cusp forms:

an = O(nk−1/2 σ0 (n)).

Further, we can show that σ0 (n) = O(nε ) for any ε > 0, so as a result, we get

an = O(nk−1/2+ε )

for all ε > 0.

Let ∆ = g23 − 27g32 be the modular discriminant from Example 32.2.4.

Theorem 32.4.11 (Jacobi). The cusp form ∆(z) ∈ S12 has q-expansion
∞
Y
12
∆(z) = (2π) q (1 − q n )24 .
n=1
Q∞
Proof. Set f (z) = q n=1 (1 − q n )24 . It then suffices to show f ∈ S6 since by Corollary 32.3.4,
dim S6 = 1 and clearly ∆(z) and (2π)12 f (z) match in degree 1. Since f is given in terms of
a q-expansion, f (z + 1) = f (z) is guaranteed. Moreover, f is holomorphic and f (∞) = 0

580
32.4. q-Expansions Chapter 32. Modular Forms

by construction, so by Lemma 32.2.1, we need only show f − z1 = z 12 f (z). Consider the

conditionally convergent series

X X 1 X X 1
G1 (z) = 2
, G(z) = 2
,
n∈Z m∈Z
(mz + n) m∈Z n∈Z
(mz + n)
(m,n)6=(0,0) (m,n)6=(0,0)
X X 1
H1 (z) = ,
n∈Z m∈Z
(m − 1 + nz)(m + nz)
(m,n)6=(0,0),(1,0)
X X 1
H(z) = .
m∈Z n∈Z
(m − 1 + nz)(m + nz)
(m,n)6=(0,0),(1,0)

We will suppress the indices on each summation from now on, but they are understood to
be the sums over all (m, n) ∈ Z2 in a prescribed order, with (m, n) = (0, 0) or (m, n) =
(0, 0), (1, 0) omitted as appropriate. For fixed (m, n) 6= (0, 0), (1, 0), we have
1 1 1
= −
(m − 1 + nz)(m + nz) m − 1 + nz m + nz
so by telescoping series, the terms in H1 (z) become
X 1 1

− = 0 when n 6= 0
m∈Z
m − 1 + nz m + nz
X  1 1

and − = 2 when n = 0.
m6=0,1
m−1 m

Thus H1 (z) = 2. On the other hand, for H(z) we have

XX 1
H(z) =
m n
(m − 1 + nz)(m + nz)
M X 
X 1 1
= lim −
M →∞
m=−M +1 n
m − 1 + nz m + nz
M   !
X X 1 1 2(M − 1)
= lim − + .
M →∞
n6=0 m=−M +1
m − 1 + nz m + nz M

Again, using the formula

∞  
1 X 1 1
π cot(πz) = + +
z m=1 z+m z−m
which precedes Lemma 32.4.4, we can rewrite the n 6= 0 terms of this expression to obtain:
M   !
X X 1/z 1/z 2(M − 1)
H(z) = lim m−1 − m +
M →∞
n6=0 m=−M +1 z
+n z
+n M
   
1 π(M + 1) 2(M − 1) 2πi
= lim − · 2π cot + =− + 2.
M →∞ z z M z

581
32.4. q-Expansions Chapter 32. Modular Forms

So we have H1 (z) = 2 and H(z) = 2 − 2πiz

. (In particular, these two conditionally convergent
series converge to different values!)
Now consider the absolutely convergent series
XX 1 XX 1 1

= − .
m n
(m + nz)2 (m − 1 + nz) m n
(m − 1 + nz)(m + nz)2 (m + nz)2

(Again, the inner sums are over all n ∈ Z such that (m, n) 6= (0, 0), (1, 0).) Notice that
the right side of the expression can be written as both G1 − H1 and G − H, using absolute
convergence. This shows that G1 − H1 = G − H, so by the work above on H and H1 , we
have G1 − G = H1 − H = 2πi z
. Therefore
  XX
1 1 2 2
G1 − =
= z G(z) = z G1 (z) − 2πiz.
z n 2
n m m− z

Returning to f (z), we can compute its logarithmic derivative by:

" ∞
#
f 0 (z) d d X
n
= ln(f (z)) = ln(q) + 24 ln(1 − q )
f (z) dz dz n=1
∞ ∞
dq X −nq n X nm
= + 24 q dq
q n=1
q m=0
∞ X ∞
!
dq X
= 1 − 24 nq nm
q n=1 m=1
∞
!
dq X
= 1 − 24 σ1 (n)q n .
q n=1

Comparing this to the formula for G1 (z) in Example 32.4.6, we see that

f 0 (z) 6i
= G1 (z) dz.
f (z) π

Evaluating this at − z1 yields

f 0 − z1


f 0 (z)
 
6i 1 dz 6i 2 dz dz
1

= G 1 − 2
= (z G1 (z) − 2πiz) 2
= + 12 .
f −z π z z π z f (z) z

Thus ln f − z1



and ln(z 12 f (z)) differ by a constant, which in turn implies
 
1
f − = Cz 12 f (z)
z

for some constant C. But evaluating at z = i shows that C = 1, so f (z) is weakly modular
and hence a cusp form of weight 12.

582
32.4. q-Expansions Chapter 32. Modular Forms

For each n ∈ N, let τ (n) be the nth coefficient in the q-expansion of the function f (z)
from above: ∞ ∞
Y X
n 24
f (z) = q (1 − q ) = τ (n)q n .
n=1 n=1

Note that τ (n) ∈ Z for all n ≥ 1.

Definition. The function τ : N → Z is called the Ramanujan τ -function.

Example 32.4.12. As mentioned in Example 32.2.4, the first few values of τ (n) are τ (1) =
1, τ (2) = −24, τ (3) = 252, etc. Therefore, the q-expansion of f (z) is

f (z) = q − 24q 2 + 252q 3 + . . .

Remark. The following properties of Ramanujan’s function are known:

(a) τ (n) = O(n6 ) from Hecke’s theorem (32.4.9), but Deligne’s estimate gives τ (n) =
O(n11/2+ε ) for any ε > 0.

(b) τ is multiplicative: for all m ∈ N with (m, n) = 1, τ (mn) = τ (m)τ (n).

(c) For all primes p and k ≥ 1, τ (pn+1 ) = τ (p)τ (pn ) − p11 τ (pn−1 ).

Properties (b) and (c) allow one to associate an L-function to τ that has an Euler product:
∞
X τ (n) Y 1
Lτ (s) = = .
n=1
ns p prime
1− τ (p)p−s + p11−2s

In particular, since τ is multiplicative, Lτ (s) is a Dirichlet L-series. Hecke showed that Lτ (s)
extends to an entire function on C and there is a functional equation

(2π)−(12−s) Γ(12 − s)Lτ (12 − s) = (2π)−s Γ(s)Lτ (s).

Example 32.4.13. Ramanujan’s function has many interesting arithmetic properties other
than multiplicativity, such as:

τ (n) ≡ n2 σ7 (n) mod 27

τ (n) ≡ nσ3 (n) mod 7
τ (n) ≡ σ11 (n) mod 691.

Amazingly however, the following conjecture is still open, although is has been shown nu-
merically for n ≤ 1015 .

Conjecture (Lehmer). τ (n) 6= 0 for all n ≥ 1.

583
Chapter 33

Hecke Operators

The Hecke operators are a set of powerful algebraic tools that encode the number theoretic
properties of the coefficients in a q-expansion of a modular form. For example, they give
a proof that Ramanujan’s function τ (n) satisfies the multiplicativity conditions seen at the
end of Section 32.4:

ˆ τ (mn) = τ (m)τ (n) if (m, n) = 1 and

ˆ τ (pn+1 ) = τ (p)τ (pn ) − p11 τ (pn−1 ) for p prime, n ≥ 1.

584
33.1. Hecke Operators on Lattices Chapter 33. Hecke Operators

33.1 Hecke Operators on Lattices

We first define Hecke operators abstractly as certain functions on lattices. Let E be a set
and let XE be the free abelian group generated by the elements of E.

Definition. A correspondence
P on E is an abelian group homomorphism T : XE → XE .
This can be written T (x) = y∈E ny (x)y for ny (x) ∈ Z such that all but finitely many ny (x)
nonzero.

Let F : E → C be any function. Then by linearity, F induces a function XE → C which

we will also denote by F .

Definition. The transform of F by a connection T is the function

T F : XE −→ C
X
x 7−→ (T F )(x) := (F ◦ T )(x) = ny (x)F (y).
y∈E

Let R be the set of lattices in C and for any fixed Λ ∈ R, let RΛ be the set of all lattices
contained in Λ.

Definition. For n ≥ 1, the connection

Tn : XR −→ XR
X
Λ 7−→ Tn Λ := Λ0
Λ0 ∈RΛ
[Λ:Λ0 ]=n

is called the nth (lattice) Hecke operator.

Remark. Notice that any sublattice Λ0 ⊂ Λ of index n must contain nΛ, and since Λ/nΛ ∼ =
(Z/nZ)2 , the number of such Λ0 is equal to the number of subgroups of (Z/nZ)2 of order n.
In particular, when n = p is prime, (Z/pZ)2 has exactly p + 1 subgroups of order p.

Definition. For each λ ∈ C× , we define a homothety operator Rλ : XR → XR by

Rλ Λ = λΛ and extend by linearity.

Proposition 33.1.1. For all m, n ∈ N and λ, µ ∈ C× ,

(a) Rλ Rµ = Rλµ = Rµ Rλ .

(b) Rλ Tn = Tn Rλ .

(c) Tm Tn = Tmn if (m, n) = 1.

(d) Tpn Tp = Tpn+1 + pTpn−1 Rp if p is prime.

585
33.1. Hecke Operators on Lattices Chapter 33. Hecke Operators

Proof. (a) and (b) are immediate from the definitions of the Hecke and homothety operators.
(c) Fix Λ ∈ R and suppose Λ00 is a sublattice of Λ of index mn. If (m, n) = 1, then
the canonical isomorphism Z/mnZ ∼ = Z/nZ ⊕ Z/mZ implies there is a unique sublattice Λ0
with Λ00 ⊂ Λ0 ⊂ Λ and such that [Λ : Λ0 ] = n and [Λ0 : Λ00 ] = m. By definition this means
Tn Tm = Tnm .
(d) Note that for any Λ ∈ R, Tpn Tp Λ, Tpn+1 Λ and Tpn−1 Rp Λ are all linear combinations of
sublattices of index pn+1 in Λ. Let Γ be such a lattice occuring with coefficient a in Tpn Tp ,
coefficient b in Tpn+1 Λ and coefficient c in Tpn−1 Rp Λ. Our goal is then to show that a = b+pc.
Note that by the remark above, b = 1 is automatic. First suppose that Γ 6⊂ pΛ. Then
X
Tpn−1 Rp Λ = Tpn−1 pΛ = Λ00
[Λ00 :pΛ]=pn−1

shows that c = 0 so we want a = 1 in this case. By definition,

X X X
Tpn Tp Λ = Tpn Λ0 = Λ00
[Λ:Λ0 ]=p [Λ:Λ0 ]=p [Λ0 :Λ00 ]=pn

so a is equal to the number of lattices Λ0 such that Γ ⊂ Λ0 ⊂ Λ having [Λ : Λ0 ] = p. Then

each of these Λ0 contains pΛ and the image of Λ0 in Λ/pΛ is of order p, hence also of index
p since |Λ/pΛ| = p2 . It follows that Λ0 is the unique sublattice of Λ of index p containing Γ,
i.e. a = 1. On the other hand, if Γ ⊆ pΛ, we have c = 1 so we must show a = 1 + p. For
any Λ0 ⊂ Λ of index p, we have Λ0 ⊃ pΛ ⊇ Γ and by the remark, there are precisely p + 1
such Λ0 . Hence a = p + 1 are we are done.

Corollary 33.1.2. Each Tpn is a polynomial in the operators Tp and Rp .

Proof. Induct on n and use Proposition 33.1.1(d).

Corollary 33.1.3. The algebra generated by the Rλ and Tp for λ ∈ C× and p prime is
commutative and contains Tn for every n ≥ 1.

586
33.2. Hecke Operators on Modular Functions Chapter 33. Hecke Operators

33.2 Hecke Operators on Modular Functions

Let F : R → C be a lattice function of weight 2k and let F also denote its extension to XR .
Notice that for each λ ∈ C× , the transform Rλ F satisfies
(Rλ F )(Λ) = λ−2k F (Λ)
for all Λ ∈ R. Further, by Proposition 33.1.1(b),
(Rλ Tn F )(Λ) = (Tn Rλ F )(Λ) = λ−2k (Tn F )(Λ)
so Tn F is a lattice function of weight 2k as well. Applying Proposition 33.1.1(c) and (d) in
this context, we can prove:
Lemma 33.2.1. For all m, n ∈ Z and lattice functions F : XR → C,
(a) Tn Tm F = Tm Tn F if (m, n) = 1.
(b) Tp Tpn F = Tpn+1 F + p1−2k Tpn−1 F if p is prime.
For n ≥ 1, define
  
a b
Sn = ∈ GL2 (Z) : ad = n, a ≥ 1, 0 ≤ b < d .
0 d
 
a b
For a lattice Λ = [ω1 , ω2 ] ∈ R and for each σ = ∈ Sn , let Λσ denote the sublattice
0 d
of Λ with basis σ · {ω1 , ω2 } = {aω1 + bω2 , dω2 }.
Proposition 33.2.2. Let Λ = [ω1 , ω2 ] be a complex lattice and fix n ≥ 1. Then the map
Sn −→ Λ(n) := {Λ0 ⊆ Λ | [Λ : Λ0 ] = n}
σ 7−→ Λσ
is a bijection.
 
a b
Proof. Fix σ = ∈ Sn . Then det(σ) = n so clearly Λσ ∈ Λ(n). For a given lattice
0 d
Λ0 ∈ Λ(n), define
Y1 = Λ/(Λ0 + Zω2 ) and Y2 = Zω2 /(Λ0 ∩ Zω2 ).
Then Y1 and Y2 are cyclic groups generated by the images of ω1 and ω2 , respectively. Say
the order of Y1 is a and the order of Y2 is d. Then we have an exact sequence of abelian
groups
0 → Y2 → Λ/Λ0 → Y1 → 0
which shows that ad = n. Moreover, if ω20 = dω2 , then ω20 ∈ Λ0 . On the other hand, by
exactness there must exist ω10 ∈ Λ0 with ω10 ≡ aω1 mod Zω2 . It follows that Λ0 = [ω10 , ω20 ]
and ω10 = aω1 + bω2 for some b ∈ Z which isuniquely
 determined modulo d. So choose the
a b
unique b satisfying 0 ≤ b < d and set σ = . Then it’s easy to see that σ ∈ Sn and
0 d
Λσ = Λ0 .

587
33.2. Hecke Operators on Modular Functions Chapter 33. Hecke Operators

Example 33.2.3. Suppose p is prime. We saw that [Λ : Λ0 ] = p is always satisfied by exactly

p + 1 sublattices Λ0 ⊂ Λ, but to see this from a fresh perspective, notice that Sp consists
precisely of the matrices
   
p 0 1 b
and for 0 ≤ b < p.
0 1 0 p

Thus #Sp = p + 1 so by Proposition 33.2.2, #Λ(p) = p + 1 as well.

Next, we pass from lattice functions to modular functions. Let f (z) be a weakly modular
function on h of weight 2k. By Lemma 32.2.2, f corresponds to a lattice function F : R → C
of weight 2k satisfying  
−2k ω1
F (ω1 , ω2 ) = ω2 f
ω2
for all ω1 , ω2 ∈ h.

Definition. For n ≥ 1, the Hecke transform of a weakly modular function f (z) of weight
2k is the function
(Tn f )(z) = n2k−1 (Tn F )(z, 1)
where F is the lattice function associated to f .

Lemma 33.2.4. For all n ≥ 1 and weakly modular functions f (z) of weight 2k,
X
(Tn f )(z) = n2k−1 f (σz).
σ∈Sn

Proof. Follows from Proposition 33.2.2.

Proposition 33.2.5. Let f (z) be a weakly modular function of weight 2k and let m, n ≥ 1.
Then

(a) (Tn f )(z) is weakly modular of weight 2k.

(b) Tm Tn f = Tn Tm f if (m, n) = 1.

(c) Tp Tpn f = Tpn+1 f + p2k−1 Tpn−1 f if p is prime.

(d) If f = m∈Z cm q m , then Tn f = m∈Z γ(m)q m where

P P

X
γ(m) = a2k−1 cmn/a2 .
a|(m,n)

(e) If f (z) is a modular function/modular form/cusp form, then so is (Tn f )(z).

Proof. (a) is obvious from the definition of the Hecke transform Tn f .

(b) follows immediately from Lemma 33.2.1(a).
(c) also follows from Lemma 33.2.1(b) after multiplying through by p(n+1)(2k−1) .

588
33.2. Hecke Operators on Modular Functions Chapter 33. Hecke Operators

(d) By definition,
   
2k−1
X
2k−1
X
−2k az + b a b
(Tn f )(z) = n f (σz) = n d f where σ = ∈ Sn
d 0 d
σ∈Sn
X X
= n2k−1 d−2k cm e2πim(az+b)/d
σ∈Sn m∈Z
X 0 m
= n2k−1 d−2k · dcm0 q am where m0 =
σ,m0
d
 
X X  n 2k−1 0
=  cm0 d/a  q m
σ,m0
d
a|(n,m0 )
0
X
= γ(m0 )q m .
m0 ∈Z

(e) is an easy consequence of (d).

P∞
Corollary 33.2.6. For n ≥ 1, let (Tn f )(z) = m=0 γ(m)q m as above. Then

(a) γ(0) = σ2k−1 (n)c0 .

(b) γ(1) = cn .

(c) If n = p is prime, then

(
cpm , if p - m
γ(m) =
cpm + p2k−1 cm/p , if p | m.

589
33.3. Eigenfunctions Chapter 33. Hecke Operators

33.3 Eigenfunctions
Let f (z) = ∞ m
P
m=0 cm q be a modular form of weight 2k. By Proposition 33.2.5(e), each
Hecke operator Tn is an operator on the spaces Mk and Sk of modular forms and cusp
forms. In this section, we study functions which are eigenvectors simultaneously for all Tn .

Definition. A nonconstant modular form f (z) is an eigenform (for all n ≥ 1) provided it

is an eigenvector for each Tn , that is, there exist λ(n) ∈ C such that Tn f = λ(n)f for each
n ≥ 1. We say an eigenform f is normalized if c1 = 1.

Theorem 33.3.1. Let f (z) = ∞ m

P
m=0 cm q be an eigenform. Then

(a) c1 6= 0.

(b) If f is normalized, then cn = λ(n) for all n ≥ 1.

Proof. By Corollary 33.2.6(b), the coefficient of q in Tn f is precisely cn , but if f is an

eigenform for Tn , then cn = λ(n)c1 . If c1 = 0, this implies we would have cn = 0 for all
n ≥ 1, but then f is constant, a contradiction. Hence c1 6= 0. Statement (b) is immediate.

Corollary 33.3.2. Two modular forms of weight 2k which are eigenfunctions for all n ≥ 1
and have the same eigenvalues λ(n) are equal.

Corollary 33.3.3. Suppose f = ∞ m

P
m=0 cm q ∈ Mk is a normalized eigenform. Then

(a) cm cn = cmn if (m, n) = 1.

(b) cp cpn = cpn+1 + p2k−1 cpn−1 if p is prime.

P∞ m
Definition. For a modular form f (z) = m=0 cm q of weight 2k, define the Dirichlet
series attached to f by
∞
X cn
L(f, s) = s
.
n=1
n

It follows from Theorem 32.4.9 and Corollary 32.4.10 that L(f, s) converges for Re(s) >
2k. In fact, Deligne’s improved bounds on the coefficients of the Fourier expansion of f imply
that when f is a cusp form, L(f, s) converges for Re(s) > k + 21 . When f is an eigenform,
L(f, s) has an Euler product, similar to other L-functions we have encountered.

Corollary 33.3.4. For a normalized eigenform f (z) = ∞ m

P
m=0 cm q of weight 2k,
Y 1
L(f, s) = .
p
1 − cp p−s + p2k−1−2s

Proof. By Corollary 33.3.3, the function n 7→ cn is multiplicative, so we can write

∞
YX
L(f, s) = cpn p−ns .
p n=0

590
33.3. Eigenfunctions Chapter 33. Hecke Operators

Putting T = p−s and Φp (T ) = 1 − cp T + p2k−1 T 2 , we must show that

∞
1 X
= cp n T n .
Φp (T ) n=0

Consider the product

∞
! ∞
!
X X
Ψ(T ) = cpn T n Φp (T ) = cpn T n (1 − cp T + p2k−1 T 2 ).
n=0 n=0

The coefficient of T in Ψ is cp − cp = 0, and by Corollary 33.3.3(b), the coefficient of T n+1

for n ≥ 1 is equal to cpn+1 − cp cpn + p2k−1 cpn−1 = 0. Thus Ψ(T ) is equal to its constant term,
which is c1 = 1 since f is normalized. Hence Ψ(T ) = 1 and the result follows.
Remark. Define the completed L-function X(f, s) = (2π)−s Γ(s)L(f, s). Then Hecke proved
that when f is a cuspidal eigenform of weight 2k, X(f, s) satisfies the functional equation
X(f, s) = (−1)k X(f, 2k − s)
This can also be obtained from the results in Chapter 31 by taking the Mellin transform of
f,
∞
Z ∞ Z ∞ X !
dy dy
f (iy)y s = cn e−2πny y 2
0 y 0 n=1
y
∞ Z ∞
X dy
= cn e−2πny y s
n=1 0 y
∞ Z ∞
X cn −s dy
= s
(2π) e−y y s
n=1
n 0 y
= L(f, s)(2π)−s Γ(s) = X(f, s),
and applying the modularity condition on f . Convergence and meromorphic continuation
also follow from results in Chapter 31.
Let us turn our attention to the main examples of modular forms studied so far: Gk (z)
and ∆(z).
Proposition 33.3.5. For k ≥ 2, the Eisenstein series Gk (z) is an eigenform with eigenval-
ues λ(n) = σ2k−1 (n) for all n ≥ 1 and normalization
∞
k Bk k Bk
X
(−1) Ek (z) = (−1) + σ2k−1 (n)q n .
4k 4k n=1

Proof. We first prove this for n = p prime. Let Gk (Λ) denote the Eisenstein series as a
lattice function (see Example 32.2.3). Then
X X 1
(Tp Gk )(Λ) = .
0 0
γ 2k
[Λ:Λ ]=p γ∈Λ r{0}

591
33.3. Eigenfunctions Chapter 33. Hecke Operators

Let γ ∈ Λ. If γ ∈ pΛ, then γ lies in each of the p + 1 sublattices of Λ of index p; if γ 6∈ pΛ,

then it belongs to exactly one of these sublattices. So we can write
X 1
(Tp Gk )(Λ) = Gk (Λ) + p 2k
= Gk (Λ) + pGk (pΛ)
γ∈pΛ
γ
= Gk (Λ) + p1−2k Gk (Λ) since Gk is modular of weight 2k
= (1 + p1−2k )Gk (Λ).

Then by definition the modular function Gk (z) on h satisfies

(Tp Gk )(z) = p2k−1 (1 + p1−2k )Gk (z) = (1 + p2k−1 )Gk (z).

Since σ2k−1 (p) = 1 + p2k−1 , we are finished with the proof for Tp . But by Corollary 33.1.3,
this is enough to show Gk (z) is an eigenform for all Tn , n ≥ 1. Moreover, our proof shows
that λ(p) = σ2k−1 (p). The relation σ2k−1 (pn )σ2k−1 (p) = σ2k−1 (pn+1 ) + pσ2k−1 (pn−1 ) is easy
to verify, and implies λ(pn ) = σ2k−1 (pn ) for all n ≥ 2. Finally, since Tn and Tm commute
when (m, n) = 1, we conclude that Gk (z) is an eigenform for all n ≥ 1 with eigenvalues as
claimed.
To describe the normalized eigenform, recall that by definition,
∞
4k X
k
Ek (z) = 1 + (−1) σ2k−1 (n)q n .
Bk n=1

Then the linear term of (−1)k B4kk Ek (z) has coefficient 1, so it is normalized. By the work
above, it is also an eigenform.
Corollary 33.3.6. The Dirichlet series attached to the normalized eigenform F (z) = (−1)k B4kk Ek (z)
is
L(F, s) = ζ(s)ζ(s − 2k + 1).
Proof. By Proposition 33.3.5, the Dirichlet series attached to F is
∞ X a2k−1 X ∞ ∞
X σ2k−1 (n) 1 X 1
L(F, s) = = =
n=1
ns a,d≥1
s
ad s
d=1
s
d a=1 a s−2k+1

which is precisely ζ(s)ζ(s − 2k + 1).

Next, we prove the modular discriminant ∆(z) is also an eigenform.
Proposition 33.3.7. ∆(z) is an eigenform of weight 12 with eigenvalues λ(n) = τ (n) for
all n ≥ 1 and normalization
∞
Y ∞
X
(2π)−12 ∆(z) = q (1 − q n )24 = τ (n)q n .
n=1 n=1

Proof. The space S6 of cusp forms of weight 12 has dimension 1 by Corollary 32.3.4 and is
stable under each Tn by Proposition 33.2.5(e), so ∆(z) is indeed an eigenform. The other
statements follow immediately.

592
33.3. Eigenfunctions Chapter 33. Hecke Operators

We can now deduce the arithmetic properties of Ramanujan’s τ -function at the end of
Section 32.4.

Corollary 33.3.8. The τ -function satisfies:

(a) τ (m)τ (n) = τ (mn) if (m, n) = 1.

(b) τ (p)τ (pn ) = τ (pn+1 ) + p11 τ (pn−1 ) if p is prime.

Remark. There are similar results for the spaces Sk of dimension 1. By Corollary 32.3.4,
this happens when k = 6, 8, 9, 10, 11, 13 and the bases of these spaces are, respectively,
∆, ∆G2 , ∆G3 , ∆G4 , ∆G5 , ∆G7 .

593
33.4. Petersson Inner Product Chapter 33. Hecke Operators

33.4 Petersson Inner Product

Let Γ = P SL2 (Z) be the modular group.

Lemma 33.4.1. If f and g are two cusp forms of weight 2k, then
dy
µ(f, g) := f (z)g(z)y 2k dx ,
y2
where z = x + iy, is a Γ-invariant measure on h which is bounded on h/Γ.

Proof. It is clear
 that µ is a measure.
 To see that it is Γ-invariant, it is enough to check
0 −1 1 1
this for S = and T = by Theorem 32.1.1; these calculations are routine.
1 0 0 1
Finally, boundedness follows from the fact that f and g are cusp forms, so they decay rapidly
as iy → ∞.

Definition. The Petersson inner product of two cusp forms f, g ∈ Sk is defined by

Z Z
hf, gi := µ(f, g) = f (z)g(z)y 2k−2 dx dy
h/Γ D

where z = x + iy and D is a fundamental domain for Γ.

Lemma 33.4.2. For all k ≥ 1, h·, ·i is a positive, nondegenerate, Hermitian inner product
on Sk .

Proof. Straightforward.

Proposition 33.4.3. For any f, g ∈ Sk and n ≥ 1, hTn f, gi = hf, Tn gi.

Proof. First note that both sides of the equation are well-defined since Tn acts on the space
of cusp forms Sk for each k ≥ 1. By Corollary 33.1.3, it suffices to prove the statement for
n = p prime. In this case we have
X
hTp f, gi = p2k−1 hf (σz), gi by Lemma 33.2.4
σ∈Sp
XZ
2k−1
=p f (σz)g(z)y 2k−2 dx dy
σ∈Sp D
XZ
= p2k−1 f (z)g(σ −1 z)y 2k−2 dx dy using modularity and z 7→ σ −1 z
σ∈Sp σ −1 D
X
= p2k−1 hf, g(σ −1 z)i
σ∈Sp
X
= p2k−1 hf, g(σz)i = hf, Tp gi.
σ∈Sp

594
33.4. Petersson Inner Product Chapter 33. Hecke Operators

Corollary 33.4.4. For each k ≥ 1, there exists a basis for Sk consisting of eigenforms which
are orthogonal with respect to the Petersson inner product and have eigenvalues which are
real numbers.

Proof. Since the Petersson inner product is Hermitian, hTn f, gi = hf, Tn gi implies each
Tn is self-adjoint. Moreover, the Tn commute by Corollary 33.1.3. Thus spectral theory,
in particular Proposition 29.4.5(b), shows that the Tn can be simultaneously diagonalized,
giving an orthogonal basis of eigenforms for Sk with real eigenvalues.
For a cusp form f (z) = ∞ m
P
m=1 cm q of weight 2k which is a normalized eigenform (i.e.
c1 = 1), define
Φf,p (T ) = 1 − cp T + p2k−1 T 2
for each prime p. This is a quadratic in T which factors as

Φf,p (T ) = (1 − αp T )(1 − αp0 T )

for αp , αp0 ∈ C satisfying αp +αp0 = cp and αp αp0 = p2k−1 . The following result was a conjecture
of Ramanujan and Petersson until 1973, when it was proven by Deligne using his proof of
part of the Weil Conjectures.

Theorem 33.4.5 (Deligne). For a cuspidal normalized eigenform f (z) = ∞ m

P
m=1 cm q , the
following equivalent statements are true:

(a) αp and αp0 are complex conjugates for all p.

(b) |αp | = |αp0 | = pk−1/2 for all p.

(c) |cp | ≤ 2pk−1/2 for all p.

(d) |cn | ≤ nk−1/2 σ0 (n) for all n ≥ 1.

(That the statements in the conjecture are all equivalent is easy to prove. Deligne proved
the deep fact that |αp | = |αp0 | = pk−1/2 using the Riemann hypothesis for curves over a finite
field; see Theorem 24.3.2.)

Remark. For k = 6, the statement |τ (p)| ≤ 2p11/2 is known as Ramanujan’s conjecture.

This was subsumed by Deligne’s proof of the more general Ramanujan-Petersson conjecture.

595
33.5. Theta Series Chapter 33. Hecke Operators

33.5 Theta Series

Let V be a real vector space of dimension n with fixed Haar measure µ. Suppose h·, ·i is a
positive, definite inner product on V and let V 0 denote the dual of V with respect to this
inner product. For any lattice Λ ⊂ V , let Λ0 ⊂ V 0 denote its dual lattice. We will assume
hx, yi ∈ Z for all x, y ∈ Λ.
As in Section 31.1, we will let f : V → C be a Schwartz function, i.e. a smooth function
on V that decays rapidly at ∞. Denote by fˆ : V 0 → C its Fourier transform, which is
explicitly given by Z
ˆ
f (y) = e−2πihx,yi f (x) dµ(x).
V

(Note that fˆ is also a Schwartz function on V 0 .) We have the following Poisson summation
formula (see Proposition 12.1.5 and Theorem 31.3.4) over V .

Proposition 33.5.1. For a lattice Λ ⊂ V , set v = µ(V /Λ). Then for any Schwartz function
f : V → C,
X 1X ˆ
f (x) = f (y).
x∈Λ
v y∈Λ0

Proof. After normalizing µ so that v = 1, fˆ becomes v1 fˆ, so proving the v = 1 case proves
the general case. Choose a Z-basis {e1 , . . . , en } for Λ, so that the isomorphism V ∼ = Rn
induces Λ ∼
= Zn . Then µ on V corresponds to dx1 · · · dxn on Rn , so pulling back the classical
Poisson summation formula (Proposition 12.1.5) on Zn ⊂ Rn to Λ ⊂ V gives the result.

Definition. For a lattice Λ ⊂ V , the lattice theta series of Λ is a function ΘΛ : (0, ∞) →

(0, ∞) defined by X
ΘΛ (t) = e−πthx,xi .
x∈Λ

Let {e1 , . . . , en } be an orthonormal basis for V with respect to the inner product h·, ·i
and let Φ be the fundamental parallelopiped spanned by the ei . We may normalize µ so that
µ(Φ) = 1.

Proposition 33.5.2. For any lattice Λ ⊂ V with covolume v = µ(V /Λ),

1
ΘΛ (t) = ΘΛ0 (t−1 ).
vtn/2
Proof. Set f (x) = e−πhx,xi , so that f is a Schwartz function on V . Choosing an orthonormal
basis {e1 , . . . , en } for V , we may identify V with Rn via ei 7→ xi , the ith standard basis
vector, under which the following are identified:

ˆ µ with the product measure dx1 · · · dxn ;

ˆ h·, ·i with the vector dot product on Rn ;

2 2 2
ˆ f (x) with the function e−π|x| = e−π(x1 +...+xn ) .

596
33.5. Theta Series Chapter 33. Hecke Operators

Then by Proposition 12.1.3, f (x) = fˆ(x). Applying Proposition 33.5.1 to the lattice Λ
e =
e 0 = t−1/2 Λ0 , we get
t1/2 Λ, which has dual Λ
X X
ΘΛ (t) = e−πthx,xi = f (x)
x∈Λ x∈Λ
e
1 X
= f (y)
µ(V /Λ)
e
e0
y∈Λ
1 X 1
= n/2 e−πhx,xi/t = n/2 ΘΛ0 (t−1 ).
vt y∈Λ0 vt

Fix a Z-basis {e1 , . . . , en } of Λ and let A = (aij ) be the corresponding positive, symmetric
matrix defined by aij = hei , ej i. Then for an orthonormal basis {ε1 , . . . , εn i of V , let Q be
the change-of-basis matrix from {ei } to {εi }, so that A = Qt Q. Let Φ (resp. Φ0 ) be the
fundamental parallelopiped spanned by the ei (resp. the εi ). Then we have
Z Z
v = µ(V /Λ) = dµ = | det(Q)| dµ = | det(Q)| = | det(A)|1/2 .
Φ Φ0
Pn
If B = (bij ) = A−1 , then e0i = j=1 bij ej defines the dual basis {e01 , . . . , e0n } to {e1 , . . . , en }
with respect to h·, ·i. Thus by the same argument as above,
1
v 0 := µ(V /Λ0 ) = | det(B)|1/2 = | det(A)|−1/2 = .
v
Thus vv 0 = 1. The lattices satisfying v = v 0 = 1 are given a special name.
Definition. A lattice Λ ⊂ V is called unimodular if Λ = Λ0 , or equivalently, if det(A) = 1
for any positive, symmetric matrix A representing a basis for Λ. Further, Λ is even if
hx, xi = 0 mod 2 for all x ∈ Λ.
Definition. For an even, unimodular lattice Λ ⊂ V and each integer m ≥ 0, define rΛ (m) =
#{x ∈ Λ | hx, xi = 2m}. The theta function (or theta series) of Λ is the function
θΛ : h → C defined by
∞
X
θΛ (z) = rΛ (m)q m where q = e2πiz .
m=0

Lemma 33.5.3. For any even, unimodular lattice Λ,

(a) θΛ (z) is holomorphic on h.

(b) For all z ∈ h, θΛ − z1 = (−iz)n/2 θΛ (z).

Proof. (a) It is easy to show that rΛ (m) = O(mn/2 ) if Λ has rank n. Thus the q-expansion
of θΛ (z) converges absolutely on h.
(b) Both sides of the expression are analytic, so it suffices to test equality on a subset of
h containing an accumulation point. For example, on the set z = it, t ∈ (0, ∞), the formula

597
33.5. Theta Series Chapter 33. Hecke Operators

to prove is θΛ (it) = t−n/2 θΛ − it1 . Notice that by definition of the lattice theta series ΘΛ ,

we have
∞
X ∞
X X X
θΛ (it) = rΛ (m)q m = e−2πthx,xi/2 = e−πthx,xi
m=0 m=0 x∈Λ x∈Λ
hx,xi=2m

= ΘΛ (t) = t−n/2 ΘΛ (t−1 ) by Proposition 33.5.2 and Λ = Λ0

= t−n/2 θΛ − it1


by the same argument.

Theorem 33.5.4. Let Λ be an even, unimodular lattice of rank n. Then

(a) n ≡ 0 mod 8.
(b) θΛ (z) is a modular form of weight n2 .
Proof. (a) Suppose n 6≡ 0 mod 8. Then, after replacing Λ with either Λ⊕2 or Λ⊕4 , we can
assume n ≡ 4 mod 8. Consider the differential form ω = θΛ (z) dz n/4 and the matrices
S, T ∈ P SL2 (Z). Since θΛ is defined by a q-expansion, T · ω = ω. On the other hand, S acts
on ω by


n/4 
S · ω = θΛ − z1 d − z1
= (−iz)n/2 θΛ (z)z n/2 dz n/4 by Lemma 33.5.3(b)
n/2 n/2 n/4
= −z θΛ (z)z dz = −θΛ (z) dz n/4 = −ω.

Thus (ST ) · ω = −ω, which implies (ST )3 · ω = −ω, but this contradicts (ST )3 = 1 from
Theorem 32.1.1. Thus n ≡ 0 mod 8.
(b) now follows from (a) and Lemmas 32.2.1 and 33.5.3.
Corollary 33.5.5. For each even, unimodular lattice Λ of rank n, there exists a cusp form
fΛ (z) of weight n2 such that θΛ (z) = En/4 (z) + fΛ (z).
Proof. Both θΛ (z) and En/4 (z) have constant term 1, so their difference is a cusp form of
weight n2 .
(−1)n/4
Corollary 33.5.6. For all m ∈ N, rΛ (m) = σn/2−1 (m) + O(mn/4 ).
Bn/4
Proof. This follows from applying Theorem 32.4.9 to the cusp form fΛ (z).
Remark. As the last corollary shows, we can view the cusp form fΛ (z) like an “error term”
for the theta series θΛ (z). This cusp form is usually nonzero; however, Siegel proved that
the weighted mean of all the fΛ (z) is 0. Explicitly, for each n ≡ 0 mod 8 let Cn be the set
of isomorphism classes of rank n unimodular lattices and for each Λ ∈ Cn , let gΛ be the size
of the isomorphism class of Λ, which is always finite. Then Siegel showed that
X 1
fΛ (z) = 0.
Λ∈C
gΛ
n

598
33.5. Theta Series Chapter 33. Hecke Operators

1
P
Setting mn = Λ∈Cn gΛ , this says that
X 1
θΛ (z) = mn En/4 (z).
Λ∈C
gΛ
n

By Proposition 33.3.5, Ek (z) is an eigenform for the Hecke operators with eigenvalues
σ2k−1 (n), so this weighted mean of the θΛ (z) is also an eigenform with eigenvalues mn .

Example 33.5.7. Let n = 8. Then by Corollary 32.3.4, there are no cusp forms of weight
n
2
= 4, so there is a single rank 8 unimodular lattice Λ8 ∈ C8 for which

θΛ8 (z) = E2 (z).

Using Example 32.4.7, we obtain rΛ8 (m) = 240σ3 (m) for all m ≥ 1.

Example 33.5.8. Similarly, when n = 16, any Λ ∈ C16 has theta series

θΛ (z) = E4 (z).

In particular, Λ = Λ8 ⊕ Λ8 is a unimodular lattice of rank 16 and we have

m
X
rΛ (m) = rΛ8 (`)rΛ8 (m − `).
`=0

This shows θΛ8 ⊕Λ8 (z) = (θΛ8 (z))2 , so we recover the formula
∞
!2 ∞
X X
m
1 + 240 σ3 (m)q = 1 + 480 σ7 (m)q m
m=1 m=1

from Example 32.4.7. There is another rank 16 lattice Λ16 which is not isomorphic to E8 ⊕E8 ,
but by the above it has the same theta series.

Example 33.5.9. When n = 24, things get interesting since by Corollary 32.3.4, S12 6= 0.
Explicitly, M12 can be generated by E6 (z) and F (z) = (2π)−12 ∆(z) (this is the normalization
of the modular discriminant ∆(z) by Proposition 33.3.7). If Λ is a unimodular lattice of rank
24, then by Corollary 33.5.5, its theta series can be written

θΛ (z) = E6 (z) + cΛ F (z)

for some cΛ ∈ C. In fact, since the coefficients of the q-expansions of θΛ , E6 and F are all
rational, cΛ ∈ Q. Comparing these coefficients, we get the following identity for all m ≥ 1:
65520
rΛ (m) = σ11 (m) + cΛ τ (m).
691
65520
In particular, since τ (1) = 1, cΛ = rΛ (1) − 691
. It turns out that there are 24 different
unimodular lattices of rank 24, including:

599
33.5. Theta Series Chapter 33. Hecke Operators

ˆ Λ83 = Λ8 ⊕ Λ8 ⊕ Λ8 with rΛ83 (1) = 720 and cΛ83 = 423000

691
. This is one of 23 Niemeier
lattices, which, together with the Leech lattice below, comprise C24 .

ˆ The Leech lattice Λ24 , with rΛ24 = 0 and cΛ24 = − 65520691

. It turns out that many of
the sporadic finite simple groups arise as symmetry groups of certain subsets of the
Leech lattice. In a related fashion, Λ24 is used to construct a vertex algebra having the
monster group as its automorphism group. There are many other deep connections
between modular forms and the theory of finite simple groups, some of which bear the
name ‘monstrous moonshine’.

600
Chapter 34

Level Structure

601
34.1. Congruence Subgroups Chapter 34. Level Structure

34.1 Congruence Subgroups

We saw in Section 32.3 how modular forms can be realized as P SL2 (Z)-invariant differential
forms on h, or equivalently, as differential forms on the algebraic curve X = h∗ /P SL2 (Z)
via the j-invariant. There is a class of subgroups Γ ≤ SL2 (Z) whose quotients h∗ /Γ are
projective curves giving rise to an interesting theory of modular forms.

Definition. Fix an integer N ≥ 1. Then the level N modular group is the subgroup
Γ(N ) ≤ SL2 (Z) defined by
      
a b a b 1 0
Γ(N ) = SL2 (Z) : ≡ mod N .
c d c d 0 1

A subgroup Γ ≤ SL2 (Z) is a congruence subgroup of level N if Γ(N ) ≤ Γ.

Example 34.1.1. When N = 1, Γ(1) = Γ0 (1) = Γ1 (1) = SL2 (Z).

Example 34.1.2. For each N ≥ 1, we distinguish two Hecke subgroups of level N :

      
a b a b a b
Γ0 (N ) = SL2 (Z) : ≡ mod N
c d c d 0 d
      
a b a b 1 b
and Γ1 (N ) = SL2 (Z) : ≡ mod N .
c d c d 0 1

Note that Γ1 (N ) ≤ Γ0 (N ). One can think of Γ0 (N ) as the subgroup of “upper triangular

matrices mod N ” and Γ1 (N ) as the “unipotent matrices mod N ”.

Definition. The set of cusps for a congruence subgroup Γ ≤ SL2 (Z) is the set of Γ-orbits
of P1 (Q) = Q ∪ ∞ in h∗ .

Definition. Let f : h → C be a holomorphic function and Γ ≤ SL2 (Z) a congruence

subgroup. Then f is a modular form of weight 2k for Γ if
 
2k a b
(1) f (z) is weakly modular for Γ, i.e. f (γz) = (cz + d) f (z) for all γ = ∈ Γ.
c d

(2) f (z) is holomorphic at the cusps of Γ, i.e. for all γ ∈ Γ taking ∞ to a cusp
z0 = γ∞ ∈ h∗ , f (γz) is holomorphic at ∞.

A cusp form of weight 2k for Γ is a modular form which vanishes at every cusp z0 = γ∞
of Γ. Write Mk (Γ) and Sk (Γ) for the spaces of modular forms and cusp forms, respectively,
of weight 2k for Γ.

Definition. When Γ = Γ0 (N ), we write Mk (N ) and Sk (N ) for the spaces of modular forms

and cusp forms, respectively, of weight 2k for Γ0 (N ). Such an f (z) ∈ Mk (N ) (resp. Sk (N ))
is called a modular form (resp. cusp form) of level N .

602
34.1. Congruence Subgroups Chapter 34. Level Structure

Example 34.1.3. The congruence subgroup Γ0 (2) has index [SL2 (Z) : Γ0 (2)] = 3 with coset
representatives      
1 0 0 −1 0 −1
I= , A= , B= .
0 1 1 0 1 1
(Note that A = S, a generator of P SL2 (Z).) Thus a fundamental domain D(Γ0 (2)) may be
obtained as a union of translates of the fundamental domain D for P SL2 (Z):

ρ −ρ̄
i
AD
BD

Re(z)
−1 − 12 1
2 1

Im(z)

Then D(Γ0 (2)) = D ∪ AD ∪ BD has two Γ0 (2)-equivalence classes of cusps represented by

∞ and 0. That is, the modular curve X0 (2) := h∗ /Γ0 (2) has only two cusps. A holomorphic
function f (z) which is weakly modular for Γ0 (2) necessarily satisfies f (z + 1) = f (z) since
S = A ∈ Γ0 (2), so every such f (z) has a q-expansion:
∞
X
f (z) = an q n .
n=−∞

Thus, f (z) is holomorphic at ∞ if an = 0 for all n < 0, and f (z) is holomorphic at 0 if

an = 0 whenever 2 - n. Thus the q-expansion of any modular form for Γ0 (2) looks like
∞
X
f (z) = an q n/2 ,
n=0

with cusp forms having a0 = 0.

Example 34.1.4. More generally, a modular form f (z) of level N , i.e. a modular form for
the congruence subgroup Γ0 (N ), has q-expansion
∞
X
f (z) = an q n/N .
n=0

603
34.1. Congruence Subgroups Chapter 34. Level Structure

Definition. Let N ≥ 1, let Γ ≤ SL2 (Z) be a level N subgroup and let χ : (Z/N Z)× → C×
be a Dirichlet character mod N . A modular form of weight 2k for Γ with nebentypus χ is
a holomorphic function f : h → C such that
 
2k a b
f (γz) = (cz + d) χ(d)f (z) for all γ = ∈Γ
c d

and f (z) is holomorphic at the cusps of Γ. We write Mk (Γ, χ) and Sk (Γ, χ) for the spaces
of modular and cusp forms with nebentypus χ, and in the special case Γ = Γ0 (N ), we write
these as Mk (N, χ) and Sk (N, χ).

Remark. With level structure and nontrivial characters χ, we can have modular forms of
odd weight, i.e. holomorphic f (z) such that f (γz) = (cz + d)k χ(d)f (z).

604
34.2. Modular Curves Chapter 34. Level Structure

34.2 Modular Curves

Let Γ be a congruence subgroup of SL2 (Z).

Theorem 34.2.1. h/Γ admits the structure of an open Riemann surface, that is, a sur-
face Y (Γ) of genus g with some number of punctures. Moreover, the action of Γ on the
extended half-plane h∗ = h ∪ P1 (Q) defines a compact Riemann surface X(Γ) = h∗ /Γ which
topologically is the compact surface of genus g underlying Y (Γ).

In other words, X(Γ) is the compactification of Y (Γ) obtained by filling in the cusps. For
the congruence subgroups Γ(N ), Γ0 (N ), Γ(1), we let the open and compact Riemann surfaces
Y (Γ) and X(Γ) be denoted Y (N ), Y0 (N ), Y1 (N ) and X(N ), X0 (N ), X1 (N ), respectively. For
Γ0 (N ), we have the following important interpretation.

Theorem 34.2.2. The complex points of Y0 (N ) are in bijection with the isomorphism classes
of pairs (E, C), where E is an elliptic curve and C ⊆ E(C) is a cyclic subgroup of order N .
Explicitly, [τ ] ∈ Y0 (N ) corresponds to (E, C) where
  
1
E = C/(Z + τ Z) and C= Z + τ Z /(Z + τ Z) .
N

Similarly, for Γ1 (N ), we have:

Theorem 34.2.3. The complex points of Y1 (N ) are in bijection with the isomorphism classes
of pairs (E, P ), where E is an elliptic curve, P ∈ E(C) is a torsion point of order N and
(E, P ) ∼= (E 0 , P 0 ) if there exists an isomorphism E → E 0 mapping P 7→ P 0 . Explicitly,
[τ ] ∈ Y1 (N ) corresponds to (E, P ) where
 
1
E = C/(Z + τ Z) and P = Z + τ Z /(Z + τ Z).
N

Example 34.2.4. When N = 1, Γ(1) = Γ0 (1) = Γ1 (1) = SL2 (Z) and Y (1) is equal to the
j-line A1j ∼= C from Proposition 32.3.7. Then A1j is a moduli space for isomorphism classes
of all elliptic curves, with j ∈ A1j corresponding to the unique isomorphism class of elliptic
curves E with j-invariant j(E) = j (see Section 23.2).

The Modularity Theorem (formerly the Taniyama-Shimura-Weil Conjecture until it was

proven by Wiles and Breuil-Conrad-Diamond-Taylor) states that every elliptic curve with
rational j-invariant is a modular curve. The technical statement is given below.

Theorem 34.2.5 (Modularity). If E is a complex elliptic curve with j(E) ∈ Q, then there
exists a cover of compact Riemann surfaces X0 (N ) → E for some N ≥ 1.

For the remainder of the section, we focus on modular forms of level N , i.e. modular
forms for Γ0 (N ). The following result gives us two ways of constructing modular forms of
higher levels.

Proposition 34.2.6. Let N, a ≥ 1. Then

605
34.2. Modular Curves Chapter 34. Level Structure

(1) Mk (N ) ⊆ Mk (aN ) for all k.

(2) If f (z) ∈ Mk (N ), then f (az) ∈ Mk (aN ).

Proof. (1) is trivial.  

a 0
(2) Note that if α = then
0 1

Γ0 (aN ) = (α−1 Γ0 (N )α) ∩ Γ0 (N ).

Take f (z) ∈ Mk (N ). We can extend the action of SL2 (Z) on f (z) to an action of GL+
2 (Q)
– the positive determinant 2 × 2 invertible matrices over Q – by
 
k −2k a b
γ · f (z) = (det γ) (cz + d) f (γz) for γ = ∈ GL+2 (Q).
c d

Then f (az) is fixed under the action of α−1 Γ0 (N )α, so f (az) is weakly modular for Γ0 (aN ).
It is routine to check holomorphicity at the cusps, which gives f (az) ∈ Mk (aN ).

Definition. Let M ≥ 1. An oldform of level M is a modular form f (z) ∈ Mk (M ) such

that f (z) ∈ Mk (N ) or f (z) = g(az) for some g(z) ∈ Mk (N ), where M = aN . A newform
of level M is an element of the orthogonal complement of the space of oldforms in Mk (M )
with respect to the Petersson inner product.

Example 34.2.7. For k = 1 and N = p prime, there are no oldforms of weight 2 and level
p. Thus M1 (p) consists entirely of newforms. To produce such a modular form, we look
for differential forms on the modular curve X0 (p) = h∗ /Γ0 (p). Note that the genus of this
curve is g(X0 (p)) = dim S1 (Γ0 (p)). It turns out that p = 11 is the smallest prime for which
g(X0 (p)) > 0, so it is the first prime for which we have cusp forms of weight 2 and level p.
Explicitly, X0 (11) is an elliptic curve which is the smooth projective completion of the affine
equation
y 2 + y = x3 − x2 − 10x − 20.
One can use this to show that Mk (11) = Sk (11) is the one-dimensional space spanned by
the cusp form
f (z) = q − 2q 2 − q 3 + 2q 4 + q 5 + 2q 6 + . . .
As mentioned above, this f is necessarily a newform of level 11.

606
34.3. Automorphic Forms Chapter 34. Level Structure

34.3 Automorphic Forms

For a broader perspective on modular forms, we turn to the theory of automorphic forms.
Observe that GL+ 2 (R) acts on h in the usual way and under this action, the stabilizer of i is
SO2 (R) × R>0 , where SO2 (R) is the special orthogonal group. In fact, we can view h as a
homogeneous space
h = GL+ 2 (R)/(SO2 (R) × R>0 ).

Then modular forms can be viewed as the class of functions on GL+

2 (R) which are SO2 (R) ×
R>0 -invariant and satisfy the usual modularity and holomorphicity conditions. To relate
modular forms to automorphic forms, we pull things back to GL2 (AQ ), where AQ is the ring
of adèles of Q (Section 16), using the following theorem.

Theorem 34.3.1 (Weak Approximation). For every N ≥ 1,

GL2 (AQ ) = GL2 (Q) × GL+

2 (R) × K0 (N ),

where K0 (N ) is the subgroup of GL2 (AQ ) consisting of all finite adèles

     
a b Y ap b p ∼ ap b p
∈ GL2 (Zp ) such that = mod N
c d cp d p 0 dp
p prime

in GL2 (Zp ) for all p | N .

Given a modular form f ∈ Mk (N ) and an adèle g ∈ GL2 (AQ ), write g = γh∞ κ for
γ ∈ GL2 (Q), h∞ ∈ GL+ 2 (R) and κ ∈ K0 (N ). Then we define a function ϕf : GL2 (AQ ) → C
by  
−k 2k a b
ϕf (g) = (det h∞ ) (ci + d) f (h∞ i) if h∞ = .
c d

Lemma 34.3.2. For each f (z) ∈ Mk (N ), ϕf is well-defined and independent of the decom-
position g = γh∞ κ.

The function ϕf is an example of an automorphic form on GL2 (AQ ).

607
 Part VIII

Galois Cohomology

608