Algebraic Number Theory,

a Computational Approach
William Stein

September 30, 2015

2
Contents

1 Introduction 9
1.1 Mathematical background . . . . . . . . . . . . . . . . . . . . . . . . 9
1.2 What is algebraic number theory? . . . . . . . . . . . . . . . . . . . 10
1.2.1 Topics in this book . . . . . . . . . . . . . . . . . . . . . . . . 10
1.3 Some applications of algebraic number theory . . . . . . . . . . . . . 11

I Algebraic Number Fields 13

2 Basic Commutative Algebra 15

2.1 Finitely Generated Abelian Groups . . . . . . . . . . . . . . . . . . . 15
2.2 Noetherian Rings and Modules . . . . . . . . . . . . . . . . . . . . . 21
2.2.1 The Ring Z is noetherian . . . . . . . . . . . . . . . . . . . . 25
2.3 Rings of Algebraic Integers . . . . . . . . . . . . . . . . . . . . . . . 26
2.3.1 Minimal Polynomials . . . . . . . . . . . . . . . . . . . . . . . 27
2.3.2 Number fields, rings of integers, and orders . . . . . . . . . . 31
2.3.3 Function fields . . . . . . . . . . . . . . . . . . . . . . . . . . 34
2.4 Norms and Traces . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
2.5 Recognizing Algebraic Numbers using LLL . . . . . . . . . . . . . . 37
2.5.1 LLL Reduced Basis . . . . . . . . . . . . . . . . . . . . . . . . 38
2.5.2 What LLL really means . . . . . . . . . . . . . . . . . . . . . 40
2.5.3 Applying LLL . . . . . . . . . . . . . . . . . . . . . . . . . . . 41

3 Unique Factorization of Ideals 43

3.1 Dedekind Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
3.2 Factorization of Ideals . . . . . . . . . . . . . . . . . . . . . . . . . . 46

4 Factoring Primes 51
4.1 The Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
4.1.1 Geometric Intuition . . . . . . . . . . . . . . . . . . . . . . . 52
4.1.2 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
4.2 A Method for Factoring Primes that Often Works . . . . . . . . . . 55
4.3 A General Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
4.3.1 Inessential Discriminant Divisors . . . . . . . . . . . . . . . . 58

3
4 CONTENTS

4.3.2 Remarks on Ideal Factorization in General . . . . . . . . . . . 59

4.3.3 Finding a p-Maximal Order . . . . . . . . . . . . . . . . . . . 60
4.3.4 General Factorization Algorithm of Buchman-Lenstra . . . . 60

5 The Chinese Remainder Theorem 63

5.1 The Chinese Remainder Theorem . . . . . . . . . . . . . . . . . . . . 63
5.1.1 CRT in the Integers . . . . . . . . . . . . . . . . . . . . . . . 63
5.1.2 CRT in General . . . . . . . . . . . . . . . . . . . . . . . . . . 64
5.2 Structural Applications of the CRT . . . . . . . . . . . . . . . . . . . 65
5.3 Computing Using the CRT . . . . . . . . . . . . . . . . . . . . . . . 68
5.3.1 Sage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
5.3.2 Magma . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
5.3.3 PARI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69

6 Discrimants and Norms 71

6.1 Viewing OK as a Lattice in a Real Vector Space . . . . . . . . . . . 71
6.1.1 A Determinant . . . . . . . . . . . . . . . . . . . . . . . . . . 72
6.2 Discriminants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
6.3 Norms of Ideals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76

7 Finiteness of the Class Group 79

7.1 The Class Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
7.2 Class Number 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
7.3 More About Computing Class Groups . . . . . . . . . . . . . . . . . 86

8 Dirichlet’s Unit Theorem 89

8.1 The Group of Units . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
8.2 Examples with Sage . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
8.2.1 Pell’s Equation . . . . . . . . . . . . . . . . . . . . . . . . . . 95
8.2.2 Examples with Various Signatures . . . . . . . . . . . . . . . 97

9 Decomposition and Inertia Groups 105

9.1 Galois Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
9.2 Decomposition of Primes: ef g = n . . . . . . . . . . . . . . . . . . . 107
9.2.1 Special Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
9.2.2 Definitions and Terminology . . . . . . . . . . . . . . . . . . . 110
9.3 The Decomposition Group . . . . . . . . . . . . . . . . . . . . . . . . 111
9.3.1 Galois groups of finite fields . . . . . . . . . . . . . . . . . . . 113
9.3.2 The Exact Sequence . . . . . . . . . . . . . . . . . . . . . . . 114
9.4 Frobenius Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
9.5 The Artin Conjecture . . . . . . . . . . . . . . . . . . . . . . . . . . 116
CONTENTS 5

10 Elliptic Curves and L-functions 119

10.1 Groups Attached to Elliptic Curves . . . . . . . . . . . . . . . . . . . 119
10.1.1 Abelian Groups Attached to Elliptic Curves . . . . . . . . . . 121
10.1.2 A Formula for Adding Points . . . . . . . . . . . . . . . . . . 124
10.1.3 Other Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
10.2 Galois Representations . . . . . . . . . . . . . . . . . . . . . . . . . . 125
10.2.1 Modularity of Elliptic Curves over Q . . . . . . . . . . . . . . 129

11 Galois Cohomology 131

11.1 Group Rings and Modules . . . . . . . . . . . . . . . . . . . . . . . . 131
11.2 Group Cohomology . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
11.2.1 The Main Theorem . . . . . . . . . . . . . . . . . . . . . . . . 134
11.2.2 Example Application of the Theorem . . . . . . . . . . . . . . 135
11.3 Inflation and Restriction . . . . . . . . . . . . . . . . . . . . . . . . . 136
11.4 Galois Cohomology . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138

12 The Weak Mordell-Weil Theorem 141

12.1 Kummer Theory of Number Fields . . . . . . . . . . . . . . . . . . . 141
12.2 Proof of the Weak Mordell-Weil Theorem . . . . . . . . . . . . . . . 144

II Adelic Viewpoint 147

13 Valuations 149
13.1 Valuations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
13.2 Types of Valuations . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
13.3 Examples of Valuations . . . . . . . . . . . . . . . . . . . . . . . . . 155

14 Topology and Completeness 159

14.1 Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
14.2 Completeness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
14.2.1 p-adic Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . 162
14.2.2 The Field of p-adic Numbers . . . . . . . . . . . . . . . . . . 165
14.2.3 The Topology of QN (is Weird) . . . . . . . . . . . . . . . . . 166
14.2.4 The Local-to-Global Principle of Hasse and Minkowski . . . . 167
14.3 Weak Approximation . . . . . . . . . . . . . . . . . . . . . . . . . . . 167

15 Adic Numbers: The Finite Residue Field Case 171

15.1 Finite Residue Field Case . . . . . . . . . . . . . . . . . . . . . . . . 171

16 Normed Spaces and Tensor Products 179

16.1 Normed Spaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 179
16.2 Tensor Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
6 CONTENTS

17 Extensions and Normalizations of Valuations 187

17.1 Extensions of Valuations . . . . . . . . . . . . . . . . . . . . . . . . . 187
17.2 Extensions of Normalized Valuations . . . . . . . . . . . . . . . . . . 192

18 Global Fields and Adeles 195

18.1 Global Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
18.2 Restricted Topological Products . . . . . . . . . . . . . . . . . . . . . 199
18.3 The Adele Ring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200
18.4 Strong Approximation . . . . . . . . . . . . . . . . . . . . . . . . . . 204

19 Ideles and Ideals 209

19.1 The Idele Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209
19.2 Ideals and Divisors . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
19.2.1 The Function Field Case . . . . . . . . . . . . . . . . . . . . . 214
19.2.2 Jacobians of Curves . . . . . . . . . . . . . . . . . . . . . . . 214

20 Exercises 215
Preface

This book is based on notes the author created for a one-semester undergraduate
course on Algebraic Number Theory, which the author taught at Harvard during
Spring 2004 and Spring 2005. This book was mainly inspired by the [SD01, Ch. 1]
and Cassels’s article Global Fields in [Cas67]

—————————

- Copyright: William Stein, 2005, 2007.

License: Creative Commons Attribution-Share Alike 3.0 License

Please send any typos or corrections to [email protected].

7
8 CONTENTS

Acknowledgement: This book closely builds on Swinnerton-Dyer’s book [SD01]

and Cassels’s article [Cas67]. Many of the students of Math 129 at Harvard dur-
ing Spring 2004 and 2005 made helpful comments: Jennifer Balakrishnan, Peter
Behrooz, Jonathan Bloom, David Escott Jayce Getz, Michael Hamburg, Deniz Ku-
ral, Danielle Li, Andrew Ostergaard, Gregory Price, Grant Schoenebeck, Jennifer
Sinnott, Stephen Walker, Daniel Weissman, and Inna Zakharevich in 2004; Mauro
Braunstein, Steven Byrnes, William Fithian, Frank Kelly, Alison Miller, Nizamed-
din Ordulu, Corina Patrascu, Anatoly Preygel, Emily Riehl, Gary Sivek, Steven
Sivek, Kaloyan Slavov, Gregory Valiant, and Yan Zhang in 2005. Also the course
assistants Matt Bainbridge and Andrei Jorza made many helpful comments. The
mathemtical software [S+ 11], [PAR], and [BCP97] were used in writing this book.

This material is based upon work supported by the National Science Foundation
under Grant No. 0400386.
Chapter 1

Introduction

1.1 Mathematical background

In addition to general mathematical maturity, this book assumes you have the
following background:

• Basics of finite group theory

• Commutative rings, ideals, quotient rings
• Some elementary number theory
• Basic Galois theory of fields
• Point set topology
• Basics of topological rings, groups, and measure theory

For example, if you have never worked with finite groups before, you should read
another book first. If you haven’t seen much elementary ring theory, there is still
hope, but you will have to do some additional reading and exercises. We will briefly
review the basics of the Galois theory of number fields.
Some of the homework problems involve using a computer, but there are ex-
amples which you can build on. We will not assume that you have a program-
ming background or know much about algorithms. Most of the book uses Sage
(http://sagemath.org), which is free open source mathematical software. The
following is an example Sage session:

2 + 2

k . <a > = NumberField ( x ^2 + 1); k

Number Field in a with defining polynomial x ^2 + 1

9
10 CHAPTER 1. INTRODUCTION

1.2 What is algebraic number theory?

A number field K is a finite degree algebraic extension of the rational numbers Q.
The primitive element theorem from Galois theory asserts that every such extension
can be represented as the set of all polynomials of degree at most d = [K : Q] =
dimQ K in a single root α of some polynomial with coefficients in Q:
(m )
X
n
K = Q(α) = an α : an ∈ Q .
n=0

Note that Q(α) is non-canonically isomorphic to Q[x]/(f ), where f is the min-

imal polynomial of α. The homomorphism Q[x] → Q(α) that sends x to α has
kernel (f ), hence it induces an isomorphism between Q[x]/(f ) and Q(α). It is
not canonical,
√ since
√ Q(α) could have nontrivial automorphisms.
√ √ For
√ example, if
α = 2, then Q( 2) is isomorphic as a√field to Q(− 2) via 2 7→ − 2. There are
two isomorphisms Q[x]/(x2 − 2) → Q( 2).
Algebraic number theory involves using techniques from (mostly commutative)
algebra and finite group theory to gain a deeper understanding of the arithmetic
of number fields and related objects (e.g., functions fields, elliptic curves, etc.).
The main objects that we study in this book are number fields, rings of integers of
number fields, unit groups, ideal class groups, norms, traces, discriminants, prime
ideals, Hilbert and other class fields and associated reciprocity laws, zeta and L-
functions, and algorithms for computing with each of the above.

1.2.1 Topics in this book

These are some of the main topics that are discussed in this book:

• Rings of integers of number fields

• Unique factorization of nonzero ideals in Dedekind domains
• Structure of the group of units of the ring of integers
• Finiteness of the abelian group of equivalence classes of nonzero ideals of the
ring of integers (the “class group”)
• Decomposition and inertia groups, Frobenius elements
• Ramification
• Discriminant and different
• Quadratic and biquadratic fields
• Cyclotomic fields (and applications)
• How to use a computer to compute with many of the above objects
• Valuations on fields
• Completions (p-adic fields)
• Adeles and Ideles

Note that we will not do anything nontrivial with zeta functions or L-functions.
1.3. SOME APPLICATIONS OF ALGEBRAIC NUMBER THEORY 11

1.3 Some applications of algebraic number theory

The following examples illustrate some of the power, depth and importance of al-
gebraic number theory.

1. Integer factorization using the number field sieve. The number field sieve
is the asymptotically fastest known algorithm for factoring general large in-
tegers (that don’t have too special of a form). On December 12, 2009, the
number field sieve was used to factor the RSA-768 challenge, which is a 232
digit number that is a product of two primes:

rsa768 = 1 2 3 0 1 8 6 6 8 4 5 3 0 1 1 7 7 5 5 1 3 0 4 9 4 9 5 8 3 8 4 9 6 2 7 2 0 7 7 2 8 5 3 5 6 9 5 9 5 3 3 4 7 9 \
219732245215172640050726365751874520219978646938995647494277406384592\
519255732630345373154826850791702612214291346167042921431160222124047\
9274737794080665351419597459856902143413
n = 33478071698956898786044169848212690817704794983713768568912\
431388982883793878002287614711652531743087737814467999489
m = 36746043666799590428244633799627952632279158164343087642676\
032283815739666511279233373417143396810270092798736308917
n * m == rsa768

True

This record integer factorization cracked a certain 768-bit public key cryp-
tosystem (see http://eprint.iacr.org/2010/006), thus establishing a lower
bound on one’s choice of key size:

$ man ssh - keygen # in ubuntu -12.04

...
-b bits
Specifies the number of bits in the key to create .
For RSA keys , the minimum size is 768 bits ...

2. Primality testing: Agrawal and his students Saxena and Kayal from India
found in 2002 the first ever deterministic polynomial-time (in the number
of digits) primality test. Their methods involve arithmetic in quotients of
(Z/nZ)[x], which are best understood in the context of algebraic number
theory.

3. Deeper point of view on questions in number theory:

(a) Pell’s Equation x2 −dy 2 = 1 can be reinterpreted in terms of units in real

quadratic fields, which leads to a study of unit groups of number fields.
(b) Integer factorization leads to factorization of nonzero ideals in rings of
integers of number fields.
(c) The Riemann hypothesis about the zeros of ζ(s) generalizes to zeta func-
tions of number fields.
12 CHAPTER 1. INTRODUCTION

(d) Reinterpreting Gauss’s quadratic reciprocity law in terms of the arith-

metic of cyclotomic fields Q(e2πi/n ) leads to class field theory, which in
turn leads to the Langlands program.

4. Wiles’s proof of Fermat’s Last Theorem, i.e., that the equation xn +y n = z n

has no solutions with x, y, z, n all positive integers and n ≥ 3, uses methods
from algebraic number theory extensively, in addition to many other deep tech-
niques. Attempts to prove Fermat’s Last Theorem long ago were hugely influ-
ential in the development of algebraic number theory by Dedekind, Hilbert,
Kummer, Kronecker, and others.

5. Arithmetic geometry: This is a huge field that studies solutions to polyno-

mial equations that lie in arithmetically interesting rings, such as the integers
or number fields. A famous major triumph of arithmetic geometry is Faltings’s
proof of Mordell’s Conjecture.

Theorem 1.3.1 (Faltings). Let X be a nonsingular plane algebraic curve over

a number field K. Assume that the manifold X(C) of complex solutions to
X has genus at least 2 (i.e., X(C) is topologically a donut with at least two
holes). Then the set X(K) of points on X with coordinates in K is finite.

For example, Theorem 1.3.1 implies that for any n ≥ 4 and any number
field K, there are only finitely many solutions in K to xn + y n = 1.
A major open problem in arithmetic geometry is the Birch and Swinnerton-
Dyer conjecture. An elliptic curves E is an algebraic curve with at least one
point with coordinates in K such that the set of complex points E(C) is a
topological torus. The Birch and Swinnerton-Dyer conjecture gives a criterion
for whether or not E(K) is infinite in terms of analytic properties of the L-
function L(E, s). See http://www.claymath.org/millennium/Birch_and_
Swinnerton-Dyer_Conjecture/.
 Part I

Algebraic Number Fields

13
Chapter 2

Basic Commutative Algebra

The commutative algebra in this chapter provides a foundation for understanding

the more refined number-theoretic structures associated to number fields.
First we prove the structure theorem for finitely generated abelian groups. Then
we establish the standard properties of Noetherian rings and modules, including a
proof of the Hilbert basis theorem. We also observe that finitely generated abelian
groups are Noetherian Z-modules. After establishing properties of Noetherian rings,
we consider rings of algebraic integers and discuss some of their properties.

2.1 Finitely Generated Abelian Groups

Finitely generated abelian groups arise all over algebraic number theory. For exam-
ple, they will appear in this book as class groups, unit groups, and the underlying
additive groups of rings of integers, and as Mordell-Weil groups of elliptic curves.
In this section, we prove the structure theorem for finitely generated abelian
groups, since it will be crucial for much of what we will do later.
Let Z = {0, ±1, ±2, . . .} denote the ring of (rational) integers, and for each
positive integer n, let Z/nZ denote the ring of integers modulo n, which is a cyclic
abelian group of order n under addition.

Definition 2.1.1 (Finitely Generated). A group G is finitely generated if there

exists g1 , . . . , gn ∈ G such that every element of G can be expressed as a finite
product (or sum, if we write G additively) of positive or negative powers of the gi .

For example, the group Z is finitely generated, since it is generated by 1.

Theorem 2.1.2 (Structure Theorem for Finitely Generated Abelian Groups). Let
G be a finitely generated abelian group. Then there is an isomorphism

G ≈ (Z/n1 Z) ⊕ (Z/n2 Z) ⊕ · · · ⊕ (Z/ns Z) ⊕ Zr ,

where r, s ≥ 0, n1 > 1 and n1 | n2 | · · · | ns . Furthermore, the ni and r are uniquely

determined by G.

15
16 CHAPTER 2. BASIC COMMUTATIVE ALGEBRA

Exercise 2.1.3. Quick! Guess how many abelian groups there are of order less
than 12. Use Theorem 2.1.2 to classify all abelian groups of order less than 12.
How many do you think there are? How many are there?
We will prove the theorem as follows. We first remark that any subgroup of
a finitely generated free abelian group is finitely generated. Then we see how to
represent finitely generated abelian groups as quotients of finite rank free abelian
groups, and how to reinterpret such a presentation in terms of matrices over the
integers. Next we describe how to use row and column operations over the integers
to show that every matrix over the integers is equivalent to one in a canonical
diagonal form, called the Smith normal form. We obtain a proof of the theorem by
reinterpreting the Smith normal form in terms of groups. Finally, we observe that
the representation in the theorem is necessarily unique.
Proposition 2.1.4. If H is a subgroup of a finitely generated abelian group, then
H is finitely generated.
The key reason that this is true is that G is a finitely generated module over the
principal ideal domain Z. We defer the proof of Proposition 2.1.4 to Section 2.2,
where we will give a complete proof of a beautiful generalization in the context of
Noetherian rings (the Hilbert basis theorem).
Corollary 2.1.5. Suppose G is a finitely generated abelian group. Then there
are finitely generated free abelian groups F1 and F2 and there is a homomorphism
ψ : F2 → F1 such that G ≈ F1 /ψ(F2 ).
Proof. Let x1 , . . . , xm be generators for G. Let F1 = Zm and let ϕ : F1 → G be the
homomorphism that sends the ith generator (0, 0, . . . , 1, . . . , 0) of Zm to xi . Then ϕ
is surjective, and by Proposition 2.1.4 the kernel ker(ϕ) of ϕ is a finitely generated
abelian group. Suppose there are n generators for ker(ϕ), let F2 = Zn and fix a
surjective homomorphism ψ : F2 → ker(ϕ). Then F1 /ψ(F2 ) is isomorphic to G.

An sequence of homomorphisms of abelian groups

f g
H−
→G→
− K

is exact if im(f ) = ker(g). Given a finitely generated abelian group G, Corol-

lary 2.1.5 provides an exact sequence
ψ
F2 −
→ F1 → G → 0.

Suppose G is a nonzero finitely generated abelian group. By the corollary, there

are free abelian groups F1 and F2 and there is a homomorphism ψ : F2 → F1 such
that G ≈ F1 /ψ(F2 ). Upon choosing a basis for F1 and F2 , we obtain isomorphisms
F1 ≈ Zn and F2 ≈ Zm for integers n and m. Just as in linear algebra, we view
ψ : F2 → F1 as being given by left multiplication by the n × m matrix A whose
columns are the images of the generators of F2 in Zn . We visualize this as follows:
2.1. FINITELY GENERATED ABELIAN GROUPS 17

A
Zm −
→ Zn → G → 0
The cokernel of the homomorphism defined by A is the quotient of Zn by the
image of A (i.e., the Z-span of the columns of A), and this cokernel is isomorphic
to G.
The following proposition implies that we may choose a bases for F1 and F2
such that the matrix of A only has nonzero entries along the diagonal, so that the
structure of the cokernel of A is trivial to understand.

Proposition 2.1.6 (Smith normal form). Suppose A is an n × m integer matrix.

Then there exist invertible integer matrices P and Q such that A0 = P AQ only
has nonzero entries along the diagonal, and these entries are n1 , n2 , . . . , ns , 0, . . . , 0,
where s ≥ 0, n1 ≥ 1 and n1 | n2 | · · · | ns . Here P and Q are invertible as integer
matrices, so det(P ) and det(Q) are ±1. The matrix A0 is called the Smith normal
form of A.

We will see in the proof of Theorem 2.1.2 that A0 is uniquely determined by A.

An example of a matrix in Smith normal form is
 
2 0 0 0
A = 0 6 0 0 .
0 0 0 0

Proof of Proposition 2.1.6. The matrix P will be a product of matrices that define
elementary row operations and Q will be a product corresponding to elementary
column operations. The elementary row and column operations over Z are as fol-
lows:

1. [Add multiple] Add an integer multiple of one row to another (or a multiple
of one column to another).

2. [Swap] Interchange two rows or two columns.

3. [Rescale] Multiply a row by −1.

Each of these operations is given by left or right multiplying by an invertible ma-

trix E with integer entries, where E is the result of applying the given operation
to the identity matrix, and E is invertible because each operation can be reversed
using another row or column operation over the integers.
To see that the proposition must be true, assume A 6= 0 and perform the fol-
lowing steps (compare [Art91, Pg. 459]):

1. By permuting rows and columns, move a nonzero entry of A with smallest

absolute value to the upper left corner of A. Now “attempt” (as explained in
detail below) to make all other entries in the first row and column 0 by adding
multiples of the top row or first column to other rows or columns, as follows:
18 CHAPTER 2. BASIC COMMUTATIVE ALGEBRA

Suppose ai1 is a nonzero entry in the first column, with i > 1. Using
the division algorithm, write ai1 = a11 q + r, with 0 ≤ r < a11 . Now
add −q times the first row to the ith row. If r > 0, then go to
step 1 (so that an entry with absolute value at most r is the upper
left corner).

If at any point this operation produces a nonzero entry in the matrix with
absolute value smaller than |a11 |, start the process over by permuting rows
and columns to move that entry to the upper left corner of A. Since the
integers |a11 | are a decreasing sequence of positive integers, we will not have
to move an entry to the upper left corner infinitely often, so when this step is
done the upper left entry of the matrix is nonzero, and all entries in the first
row and column are 0.

2. We may now assume that a11 is the only nonzero entry in the first row and
column. If some entry aij of A is not divisible by a11 , add the column of A
containing aij to the first column, thus producing an entry in the first column
that is nonzero. When we perform step 2, the remainder r will be greater
than 0. Permuting rows and columns results in a smaller |a11 |. Since |a11 | can
only shrink finitely many times, eventually we will get to a point where every
aij is divisible by a11 . If a11 is negative, multiple the first row by −1.

After performing the above operations, the first row and column of A are zero except
for a11 which is positive and divides all other entries of A. We repeat the above
steps for the matrix B obtained from A by deleting the first row and column. The
upper left entry of the resulting matrix will be divisible by a11 , since every entry of
B is. Repeating the argument inductively proves the proposition.

   
−1 2 1 0
Example 2.1.7. The matrix has Smith normal form , and the
−3 4 0 2
   
1 4 9 1 0 0
matrix 16 25 36 has Smith normal form 0 3 0  . As a double check,
49 64 81 0 0 72
note that the determinants of a matrix and its Smith normal form match, up to
sign. This is because

det(P AQ) = det(P ) det(A) det(Q) = ± det(A).

We compute each of the above Smith forms using Sage, along with the corre-
sponding transformation matrices. First the 2 × 2 matrix.
2.1. FINITELY GENERATED ABELIAN GROUPS 19

A = matrix ( ZZ , 2 , [ -1 ,2 , -3 ,4])
S , U , V = A . smith_form (); S

[1 0]
[0 2]

U*A*V

[1 0]
[0 2]

[ 0 1]
[ 1 -1]

[1 4]
[1 3]

The Sage matrix command takes as input the base ring, the number of rows, and
the entries. Next we compute with a 3 × 3 matrix.

A = matrix ( ZZ , 3 , [1 ,4 ,9 , 16 ,25 ,36 , 49 ,64 ,81])

S , U , V = A . smith_form (); S

[ 1 0 0]
[ 0 3 0]
[ 0 0 72]

U*A*V

[ 1 0 0]
[ 0 3 0]
[ 0 0 72]

[ 0 0 1]
[ 0 1 -1]
[ 1 -20 -17]

[ 47 74 93]
[ -79 -125 -156]
[ 34 54 67]

Finally we compute the Smith form of a matrix of rank 2:

20 CHAPTER 2. BASIC COMMUTATIVE ALGEBRA

m = matrix ( ZZ , 3 , [2..10]); m

[ 2 3 4]
[ 5 6 7]
[ 8 9 10]

m . smith_form ()[0]

[1 0 0]
[0 3 0]
[0 0 0]

Proof of Theorem 2.1.2. Suppose G is a finitely generated abelian group, which

we may assume is nonzero. As in the paragraph before Proposition 2.1.6, we use
Corollary 2.1.5 to write G as the cokernel of an n × m integer matrix A. By
Proposition 2.1.6 there are isomorphisms Q : Zm → Zm and P : Zn → Zn such
that A0 = P AQ has diagonal entries n1 , n2 , . . . , ns , 0, . . . , 0, where n1 > 1 and
n1 | n2 | . . . | ns . Then G is isomorphic to the cokernel of the diagonal matrix A0 ,
so
G∼= (Z/n1 Z) ⊕ (Z/n2 Z) ⊕ · · · ⊕ (Z/ns Z) ⊕ Zr , (2.1.1)
as claimed. The ni are determined by G, because ni is the smallest positive integer n
such that nG requires at most s + r − i generators. We see from the representation
(2.1.1) of G as a product that ni has this property and that no smaller positive
integer does.

Exercise 2.1.8. Recall Smith normal form defined in Proposition 2.1.6. With only
minor modifications, then the proposition and proof will work over any principle
ideal domain.  Find and apply
 these modifications then find the Smith normal form
1 2 3
of the matrix 0 1 + i 2.
0 1 5
[Hint: You can use Sage to verify your answer. However, you will need to make
explicitly construct the Gaussian integers in order to input the matrix. You can do
this by the following code. ]
K . <i > = Q uadratic Field ( -1)
R = K . maximal_order ()
M = matrix (R , 3 , [1 ,2 ,3 ,0 ,1+ i ,2 ,0 ,1 ,5]); show ( M )
# show ( M . smith_form ()[0]) # uncomment for the answer

 
1 2 3
Exercise 2.1.9. Let A = 4 5 6.
7 8 9
1. Find the Smith normal form of A.
2. Prove that the cokernel of the map Z3 → Z3 given by multiplication by A is
isomorphic to Z/3Z ⊕ Z.
2.2. NOETHERIAN RINGS AND MODULES 21

2.2 Noetherian Rings and Modules

A module M over a commutative ring R with unit element is much like a vector
space, but with more subtle structure. In this book, most of the modules we en-
counter will be noetherian, which is a generalization of the “finite dimensional”
property of vector spaces. This section is about properties of noetherian modules
(and rings), which are crucial to much of this book. We thus give complete proofs
of these properties, so you will have a solid foundation on which to learn algebraic
number theory.
We first define noetherian rings and modules, then introduce several equivalent
characterizations of them. We prove that when the base ring is noetherian, a module
is finitely generated if and only if it is noetherian. Next we define short exact
sequences, and prove that the middle module in a sequence is noetherian if and
only if the first and last modules are noetherian. Finally, we prove the Hilbert basis
theorem, which asserts that adjoining finitely many elements to a noetherian ring
results in a noetherian ring.
Let R be a commutative ring with unity. An R-module is an additive abelian
group M equipped with a map R × M → M such that for all r, r0 ∈ R and all
m, m0 ∈ M we have (rr0 )m = r(r0 m), (r + r0 )m = rm + r0 m, r(m + m0 ) = rm + rm0 ,
and 1m = m. A submodule of M is a subgroup of M that is preserved by the action
of R. For example, R is a module over itself, and any ideal I in R is an R-submodule
of R.
Example 2.2.1. Abelian groups are the same as Z-modules, and vector spaces over
a field K are the same as K-modules.
An R-module M is finitely generated if there are elements m1 , . . . , mn ∈ M
such that every element of M is an R-linear combination of the mi . The noetherian
property is stronger than just being finitely generated:

Definition 2.2.2 (Noetherian). An R-module M is noetherian if every submodule

of M is finitely generated. A ring R is noetherian if R is noetherian as a module
over itself, i.e., if every ideal of R is finitely generated.

Any submodule M 0 of a noetherian module M is also noetherian. Indeed, if

every submodule of M is finitely generated then so is every submodule of M 0 , since
submodules of M 0 are also submodules of M .
Example 2.2.3. Let R = M = Q[x1 , x2 , . . .] be a polynomial ring over Q in infinitely
many indeterminants xi . Then M is finitely generated as an R-module (!), since it
is generated by 1. Consider the submodule I = (x1 , x2 , . . .) of polynomials with 0
constant term, and suppose it is generated by polynomials f1 , . . . , fn . Let xi be an
indeterminant
Pn that does not appear in any fj , and suppose there are hk ∈ R such
that k=1 hk fk = xi . Setting xi = 1 and all other xj = 0 on both sides of this
equation and using that the fk all vanish (they have 0 constant term), yields 0 = 1,
a contradiction. We conclude that the ideal I is not finitely generated, hence M is
not a noetherian R-module, despite being finitely generated.
22 CHAPTER 2. BASIC COMMUTATIVE ALGEBRA

Definition 2.2.4 (Ascending chain condition). An R-module M satisfies the as-

cending chain condition if every sequence M1 ⊂ M2 ⊂ M3 ⊂ · · · of submodules of M
eventually stabilizes, i.e., there is some n such that Mn = Mn+1 = Mn+2 = · · · .
We will use the notion of maximal element below. If X is a set of subsets of a
set S, ordered by inclusion, then a maximal element A ∈ X is a set such that no
superset of A is contained in X . Note that X may contain many different maximal
elements.
Proposition 2.2.5. If M is an R-module, then the following are equivalent:
1. M is noetherian,
2. M satisfies the ascending chain condition, and
3. Every nonempty set of submodules of M contains at least one maximal ele-
ment.
Proof. 1 =⇒ 2: Suppose M1 ⊂ M2 ⊂ · · · is a sequence of submodules of M .
Then M∞ = ∪∞ n=1 Mn is a submodule of M . Since M is noetherian and M∞ is
a submodule of M , there is a finite set a1 , . . . , am of generators for M∞ . Each ai
must be contained in some Mj , so there is an n such that a1 , . . . , am ∈ Mn . But
then Mk = Mn for all k ≥ n, which proves that the chain of Mi stabilizes, so the
ascending chain condition holds for M .
2 =⇒ 3: Suppose 3 were false, so there exists a nonempty set S of submodules
of M that does not contain a maximal element. We will use S to construct an
infinite ascending chain of submodules of M that does not stabilize. Note that S is
infinite, otherwise it would contain a maximal element. Let M1 be any element of S.
Then there is an M2 in S that contains M1 , otherwise S would contain the maximal
element M1 . Continuing inductively in this way we find an M3 in S that properly
contains M2 , etc., and we produce an infinite ascending chain of submodules of M ,
which contradicts the ascending chain condition.
3 =⇒ 1: Suppose 1 is false, so there is a submodule M 0 of M that is not finitely
generated. We will show that the set S of all finitely generated submodules of
M 0 does not have a maximal element, which will be a contradiction. Suppose S
does have a maximal element L. Since L is finitely generated and L ⊂ M 0 , and
M 0 is not finitely generated, there is an a ∈ M 0 such that a 6∈ L. Then L0 =
L + Ra is an element of S that strictly contains the presumed maximal element L,
a contradiction.
A homomorphism of R-modules ϕ : M → N is an abelian group homomorphism
such that for any r ∈ R and m ∈ M we have ϕ(rm) = rϕ(m). A sequence
f g
L−
→M →
− N,
where f and g are homomorphisms of R-modules, is exact if im(f ) = ker(g). A
short exact sequence of R-modules is a sequence
f g
0→L−
→M →
− N →0
2.2. NOETHERIAN RINGS AND MODULES 23

that is exact at each point; thus f is injective, g is surjective, and im(f ) = ker(g).
Example 2.2.6. The sequence
2
0→Z→
− Z → Z/2Z → 0

is an exact sequence, where the first map sends 1 to 2, and the second is the natural
quotient map.
Lemma 2.2.7. If
f g
0→L−
→M →
− N →0
is a short exact sequence of R-modules, then M is noetherian if and only if both L
and N are noetherian.
Proof. First suppose that M is noetherian. Then L is a submodule of M , so L is
noetherian. Let N 0 be a submodule of N ; then the inverse image of N 0 in M is
a submodule of M , so it is finitely generated, hence its image N 0 is also finitely
generated. Thus N is noetherian as well.
Next assume nothing about M , but suppose that both L and N are noethe-
rian. Suppose M 0 is a submodule of M ; then M0 = f (L) ∩ M 0 is isomorphic to a
submodule of the noetherian module L, so M0 is generated by finitely many ele-
ments a1 , . . . , an . The quotient M 0 /M0 is isomorphic (via g) to a submodule of the
noetherian module N , so M 0 /M0 is generated by finitely many elements b1 , . . . , bm .
For each i ≤ m, let ci be a lift of bi to M 0 , modulo M0 . Then the elements
a1 , . . . , an , c1 , . . . , cm generate M 0 , for if x ∈ M 0 , then there is some element y ∈ M0
such that x−y is an R-linear combination of the ci , and y is an R-linear combination
of the ai .

Proposition 2.2.8. Suppose R is a noetherian ring. Then an R-module M is

noetherian if and only if it is finitely generated.
Proof. If M is noetherian then every submodule of M is finitely generated so M itself
is finitely generated. Conversely, suppose M is finitely generated, say by elements
a1 , . . . , an . Then there is a surjective homomorphism from Rn = R ⊕ · · · ⊕ R to M
that sends (0, . . . , 0, 1, 0, . . . , 0) (1 in the ith factor) to ai . Using Lemma 2.2.7 and
exact sequences of R-modules such as 0 → R → R ⊕ R → R → 0, we see inductively
that Rn is noetherian. Again by Lemma 2.2.7, homomorphic images of noetherian
modules are noetherian, so M is noetherian.

Lemma 2.2.9. Suppose ϕ : R → S is a surjective homomorphism of rings and R

is noetherian. Then S is noetherian.
Proof. The kernel of ϕ is an ideal I in R, and we have an exact sequence

0→I→R→S→0

with R noetherian. This is an exact sequence of R-modules, where S has the R-

module structure induced from ϕ (if r ∈ R and s ∈ S, then we define rs = ϕ(r)s).
24 CHAPTER 2. BASIC COMMUTATIVE ALGEBRA

By Lemma 2.2.7, it follows that S is a noetherian R-modules. Suppose J is an

ideal of S. Since J is an R-submodule of S, if we view J as an R-module, then J
is finitely generated. Since R acts on J through S, the R-generators of J are also
S-generators of J, so J is finitely generated as an ideal. Thus S is noetherian.

Theorem 2.2.10 (Hilbert Basis Theorem). If R is a noetherian ring and S is

finitely generated as a ring over R, then S is noetherian. In particular, for any n
the polynomial ring R[x1 , . . . , xn ] and any of its quotients are noetherian.

Proof. Assume first that we have already shown that for any n the polynomial ring
R[x1 , . . . , xn ] is noetherian. Suppose S is finitely generated as a ring over R, so
there are generators s1 , . . . , sn for S. Then the map xi 7→ si extends uniquely to a
surjective homomorphism π : R[x1 , . . . , xn ] → → S, and Lemma 2.2.9 implies that S
is noetherian.
The rings R[x1 , . . . , xn ] and (R[x1 , . . . , xn−1 ])[xn ] are isomorphic, so it suffices
to prove that if R is noetherian then R[x] is also noetherian. (Our proof follows
[Art91, §12.5].) Thus suppose I is an ideal of R[x] and that R is noetherian. We
will show that I is finitely generated.
Let A be the set of leading coefficients of polynomials in I. (The leading coef-
ficient of a polynomial is the coefficient of the highest degree monomial, or 0 if the
polynomial is 0; thus 3x7 + 5x2 − 4 has leading coefficient 3.) We will first show
that A is an ideal of R. Suppose a, b ∈ A are nonzero with a + b 6= 0. Then there
are polynomials f and g in I with leading coefficients a and b. If deg(f ) ≤ deg(g),
then a + b is the leading coefficient of xdeg(g)−deg(f ) f + g, so a + b ∈ A; the argument
when deg(f ) > deg(g) is analogous. Suppose r ∈ R and a ∈ A with ra 6= 0. Then
ra is the leading coefficient of rf , so ra ∈ A. Thus A is an ideal in R.
Since R is noetherian and A is an ideal of R, there exist nonzero a1 , . . . , an ∈ A
that generate A as an ideal. Since A is the set of leading coefficients of elements
of I, and the aj are in A, we can choose for each j ≤ n an element fj ∈ I with
leading coefficient aj . By multipying the fj by some power of x, we may assume
that the fj all have the same degree d ≥ 1.
Let S<d be the set of elements of I that have degree strictly less than d. This
set is closed under addition and under multiplication by elements of R, so S<d is a
module over R. The module S<d is the submodule of the R-module of polynomials of
degree less than n, which is noetherian by Proposition 2.2.8 because it is generated
by 1, x, . . . , xn−1 . Thus S<d is finitely generated, and we may choose generators
h1 , . . . , hm for S<d .
We finish by proving using induction on the degree that every g ∈ I is an R[x]-
linear combination of f1 , . . . , fn , h1 , . . . , hm . If g ∈ I has degree 0, then g ∈ S<d ,
since d ≥ 1, so g is a linear combination of h1 , . . . , hm . Next suppose g ∈ I has degree
e, and that we have proven the statement for all elements of I of degree < e. If e ≤ d,
then g ∈ S<d , so g is in the R[x]-ideal generated by h1 , . . . , hm . Next suppose that
e ≥ d. Then the leading coefficient b of g lies in the ideal A of leading coefficients
of elements of I, so there exist ri ∈ R such that b = r1 a1 + · · · + rn an . Since fi has
2.2. NOETHERIAN RINGS AND MODULES 25

leading coefficient ai , the difference g − xe−d ri fi has degree less than the degree e
of g. By induction g−xe−d ri fi is an R[x] linear combination of f1 , . . . , fn , h1 , . . . , hm ,
so g is also an R[x] linear combination of f1 , . . . , fn , h1 , . . . , hm . Since each fi and
hj lies in I, it follows that I is generated by f1 , . . . , fn , h1 , . . . , hm , so I is finitely
generated, as required.

2.2.1 The Ring Z is noetherian

The ring Z is noetherian since every ideal of Z is generated by one element.

Proposition 2.2.11. Every ideal of the ring Z is principal.

Proof. Suppose I is a nonzero ideal in Z. Let d be the least positive element of I.

Suppose that a ∈ I is any nonzero element of I. Using the division algorithm, we
write a = dq + r, where q is an integer and 0 ≤ r < d. We have r = a − dq ∈ I and
r < d, so our assumption that d is minimal implies that r = 0, hence a = dq is in
the ideal generated by d. Thus I is the principal ideal generated by d.

Example 2.2.12. Let I = (12, 18) be the ideal of Z generated by 12 and 18. If
n = 12a + 18b ∈ I, with a, b ∈ Z, then 6 | n, since 6 | 12 and 6 | 18. Also,
6 = 18 − 12 ∈ I, so I = (6).
The ring Z in Sage is ZZ, which is Noetherian.

ZZ . is_noetherian ()

True

We create the ideal I in Sage as follows, and note that it is principal:

I = ideal (12 ,18); I

Principal ideal (6) of Integer Ring

I . is_principal ()

True

We could also create I as follows:

ZZ . ideal (12 ,18)

Principal ideal (6) of Integer Ring

Propositions 2.2.8 and 2.2.11 together imply that any finitely generated abelian
group is noetherian. This means that subgroups of finitely generated abelian groups
are finitely generated, which provides the missing step in our proof of the structure
theorem for finitely generated abelian groups.
26 CHAPTER 2. BASIC COMMUTATIVE ALGEBRA

Exercise 2.2.13. There is another way to show every principle ideal domain (for
example Z) is noetherian (contrast to the proof in Section 2.2.1). Let R be a PID
and (a) an arbitrary ideal. Use the facts that (b) ⊇ (a) if and only if b | a and R is
a UFD to show that ascending chain of ideals starting with (a) must stabilize.

2.3 Rings of Algebraic Integers

In this section we introduce the central objects of this book, which are the rings
of algebraic integers. These are noetherian rings with an enormous amount of
structure. We also introduce a function field analogue of these rings.
An algebraic
√ number
√ is a root of some nonzero polynomial f (x) ∈ Q[x]. For
2 2
example, 2 and 5√are both√ algebraic numbers, being roots of x − 2 and x − 5,
respectively. But is 2 + 5 necessarily the root of some polynomial in Q[x]? This
isn’t quite so obvious.

Proposition 2.3.1. An element α of a field extension of Q is an algebraic number

if and only if the ring Q[α] generated by α is finite dimensional as a Q vector space.

Proof. Suppose α is an algebraic number, so there is a nonzero polynomial f (x) ∈

Q[x], so that f (α) = 0. The equation f (α) = 0 implies that αdeg(f ) can be written
in terms of smaller powers of α, so Q[α] is spanned by the finitely many numbers
1, α, . . . , αdeg(f )−1 , hence finite dimensional. Conversely, suppose Q[α] is finite di-
mensional. Then for some n ≥ 1, we have that αn is in the Q-vector space spanned
by 1, α, . . . , αn−1 . Thus α satisfies a polynomial f (x) ∈ Q[x] of degree n.

Proposition 2.3.2. Suppose K is a field and α, β ∈ K are two algebraic numbers.

Then αβ and α + β are also algebraic numbers.

Proof. Let f, g ∈ Q[x] be polynomials that are satisfied by α, β, respectively. The

subring Q[α, β] ⊂ K is a Q-vector space that is spanned by the numbers αi β j , where
0 ≤ i < deg(f ) and 0 ≤ j < deg(g). Thus Q[α, β] is finite dimensional, and since
α + β and αβ are both in Q[α, β], we conclude by Proposition 2.3.1 that both are
algebraic numbers.

Suppose C is a field extension of Q such that every polynomial f (x) ∈ Q[x]

factors completely in C. The algebraic closure Q of Q inside C is the field generated
by all roots in C of polynomials in Q[x]. The fundamental theorem of algebra tells
us that C = C is one choice of field C as above. There are other fields C, e.g.,
constructed using p-adic numbers. One can show that any two choices of Q are
isomorphic; however, there will be many isomorphisms between them.

Definition 2.3.3 (Algebraic Integer). An element α ∈ Q is an algebraic integer if

it is a root of some monic polynomial with coefficients in Z.
√
For example, 2 is an algebraic integer, since it is a root of the monic integral
polynomial x2 − 2. As we will see below, 1/2 is not an algebraic integer.
2.3. RINGS OF ALGEBRAIC INTEGERS 27

The following two propositions are analogous to Propositions 2.3.1–2.3.2 above,

with the proofs replacing basic facts about vector spaces with facts we proved above
about noetherian rings and modules.
Proposition 2.3.4. An element α ∈ Q is an algebraic integer if and only if Z[α]
is finitely generated as a Z-module.
Proof. Suppose α is integral and let f ∈ Z[x] be a monic integral polynomial such
that f (α) = 0. Then, as a Z-module, Z[α] is generated by 1, α, α2 , . . . , αd−1 , where d
is the degree of f . Conversely, suppose α ∈ Q is such that Z[α] is finitely generated
as a module over Z, say by elements f1 (α), . . . , fn (α). Let d be any integer
Pn bigger
than the degrees of all fi . Then there exist integers a such that α d =
Pn i i=1 i fi (α),
a
d
hence α satisfies the monic polynomial x − i=1 ai fi (x) ∈ Z[x], so α is an algebraic
integer.

The proof of the following proposition uses repeatedly that any submodule of
a finitely generated Z-module is finitely generated, which uses that Z is noetherian
and that finitely generated modules over a noetherian ring are noetherian.
Proposition 2.3.5. Suppose K is a field and α, β ∈ K are two algebraic integers.
Then αβ and α + β are also algebraic integers.
Proof. Let m, n be the degrees of monic integral polynomials that have α, β as roots,
respectively. Then we can write αm in terms of smaller powers of α and likewise
for β n , so the elements αi β j for 0 ≤ i < m and 0 ≤ j < n span the Z-module
Z[α, β]. Since Z[α + β] is a submodule of the finitely-generated Z-module Z[α, β], it
is finitely generated, so α + β is integral. Likewise, Z[αβ] is a submodule of Z[α, β],
so it is also finitely generated, and αβ is integral.

2.3.1 Minimal Polynomials

Definition 2.3.6 (Minimal Polynomial). The minimal polynomial of α ∈ Q is the
monic polynomial f ∈ Q[x] of least positive degree such that f (α) = 0.
It is a consequence of Lemma 2.3.9 below that “the” minimal polynomial of α
is unique.
√ The minimal polynomial of 1/2 is x − 1/2, and the minimal polynomial
of 3 2 is x3 − 2.
Example
√ 2.3.7. We compute the minimal polynomial of a number expressed in terms
of 4 2:
k . <a > = NumberField ( x ^4 - 2)
a ^4

( a ^2 + 3). minpoly ()

x ^2 - 6* x + 7
28 CHAPTER 2. BASIC COMMUTATIVE ALGEBRA
√ √
Exercise 2.3.8. Find the minimal polynomial of 2+ 3 by hand. Check your
result with Sage.

Lemma 2.3.9. Suppose α ∈ Q. Then the minimal polynomial of α divides any

polynomial h such that h(α) = 0.

Proof. Let f be a choice of minimal polynomial of α, as in Definition 2.3.6, and let

h be a polynomial with h(α) = 0. Use the division algorithm to write h = qf + r,
where 0 ≤ deg(r) < deg(f ). We have

r(α) = h(α) − q(α)f (α) = 0,

so α is a root of r. However, f is a polynomial of least positive degree with root α,

so r = 0.

Exercise 2.3.10. Show that the minimal polynomial of an algebraic number α ∈ Q

is unique.

Lemma 2.3.11. Suppose α ∈ Q. Then α is an algebraic integer if and only if the

minimal polynomial f of α has coefficients in Z.

Proof. (⇐=) Since f ∈ Z[x] is monic and f (α) = 0, we see immediately that α is
an algebraic integer.
(=⇒) Since α is an algebraic integer, there is some nonzero monic g ∈ Z[x] such
that g(α) = 0. By Lemma 2.3.9, we have g = f h, for some h ∈ Q[x], and h is monic
because f and g are. If f 6∈ Z[x], then some prime p divides the denominator of
some coefficient of f . Let pi be the largest power of p that divides some denominator
of some coefficient f , and likewise let pj be the largest power of p that divides some
denominator of a coefficient of h. Then pi+j g = (pi f )(pj h), and if we reduce both
sides modulo p, then the left hand side is 0 but the right hand side is a product of
two nonzero polynomials in Fp [x], hence nonzero, a contradiction.

Exercise 2.3.12. Which of the following numbers are algebraic integers?

√
1. The number (1 + 5)/2.
√
2. The number (2 + 5)/2.
P∞ 2
3. The value of the infinite sum n=1 1/n .

4. The number α/3, where α is a root of x4 + 54x + 243.

Example 2.3.13. We compute some minimal polynomials in Sage. The minimal

polynomial of 1/2:
2.3. RINGS OF ALGEBRAIC INTEGERS 29

(1/2). minpoly ()

x - 1/2

We construct a root a of x2 − 2 and compute its minimal polyno-

mial:
k . <a > = NumberField ( x ^2 - 2)
a ^2 - 2

a . minpoly ()

x ^2 - 2

√
Finally we compute the minimal polynomial of α = 2/2 + 3, which is not integral,
hence Proposition 2.3.4 implies that α is not an algebraic integer:

( a /2 + 3). minpoly ()

x ^2 - 6* x + 17/2

The only elements of Q that are algebraic integers are the usual integers Z, since
Z[1/d] is not finitely generated as a Z-module. Watch out since there are elements
of Q that seem to appear to have denominators when written down, but are still
algebraic integers. This is an artifact of how we write them down, e.g., if we wrote
our integers as a multiple of α = 2, then we would write 1 as α/2. For example,
√
1+ 5
α=
2
is an algebraic integer, since it is a root of the monic integral polynomial x2 − x − 1.
We verify this using Sage below, though of course this is easy to do by hand (you
should try much more complicated examples in Sage).

k . <a > = Qu adratic Field (5)

a ^2

alpha = (1 + a )/2
alpha . minpoly ()

x ^2 - x - 1

alpha . is_integral ()

True
30 CHAPTER 2. BASIC COMMUTATIVE ALGEBRA
√
Since 5 can be expressed in terms of radicals, we can also compute this minimal
polynomial using the symbolic functionality in Sage.

alpha = (1+ sqrt (5))/2

alpha . minpoly ()

x ^2 - x - 1

Here is a more complicated example using a similar approach:

alpha = sqrt (2) + 3^(1/4)
alpha . minpoly ()

x ^8 - 8* x ^6 + 18* x ^4 - 104* x ^2 + 1

Example 2.3.14. We illustrate an example of a sum and product of two algebraic

integers being an algebraic integer. We first make
√ the relative number field obtained
by adjoining a root of x3 − 5 to the field Q( 2):

k . <a , b > = NumberField ([ x ^2 - 2 , x ^3 - 5])

k

Number Field in a with defining polynomial x ^2 + -2 over its base field

Here a and b are roots of x2 − 2 and x3 − 5, respectively.

a ^2

b ^3

√ √
We compute the minimal polynomial of the sum and product of 3 5 and 2. The
command absolute minpoly gives the minimal polynomial of the element over the
rational numbers.

( a + b ). a b s o l u t e _ m i n p o l y ()

x ^6 - 6* x ^4 - 10* x ^3 + 12* x ^2 - 60* x + 17

( a * b ). a b s o l u t e _ m i n p o l y ()

x ^6 - 200

√ √
The minimal polynomial of the product is 3 5 2 is trivial to compute by hand. In
light of the Cayley-Hamilton theorem, we can compute the minimal polynomial of
2.3. RINGS OF ALGEBRAIC INTEGERS 31
√ √
α = 3 5 + 2 by hand by computing the determinant of the matrix given by left
multiplication by α on the basis
√ √
3
√
3
√ √ √ √
3 2 3 2
1, 2, 5, 5 2, 5 , 5 2.

The following is an alternative, more symbolic way to compute the minimal

polynomials above, though it is not provably correct. We compute α to 100 bits
precision (via the n command), then use the LLL algorithm (via the algdep com-
mand) to heuristically find a linear relation between the first 6 powers of α (see
Section 2.5 below for more about LLL).

a = 5^(1/3); b = sqrt (2)

c = a+b; c

5^(1/3) + sqrt (2)

( a + b ). n (100). algdep (6)

x ^6 - 6* x ^4 - 10* x ^3 + 12* x ^2 - 60* x + 17

( a * b ). n (100). algdep (6)

x ^6 - 200

√ √
1+ 5
Exercise 2.3.15. Let α = 2+ 2 .

1. Is α an algebraic integer?

2. Explicitly write down the minimal polynomial of α as an element of Q[x].

2.3.2 Number fields, rings of integers, and orders

Definition 2.3.16 (Number field). A number field is a field K that contains the
rational numbers Q such that the degree [K : Q] = dimQ (K) is finite.

If K is a number field, then by the primitive element theorem there is an α ∈ K

so that K = Q(α). Let f (x) ∈ Q[x] be the minimal polynomial of α. Fix a choice
of algebraic closure Q of Q. Associated to each of the deg(f ) roots α0 ∈ Q of f , we
obtain a field embedding K ,→ Q that sends α to α0 . Thus any number field can be
embedded in [K : Q] = deg(f ) distinct ways in Q.

Definition 2.3.17 (Ring of Integers). The ring of integers of a number field K is

the ring

OK = {x ∈ K : x satisfies a monic polynomial with integer coefficients}.

Proposition 2.3.5 implies that OK is a ring.

32 CHAPTER 2. BASIC COMMUTATIVE ALGEBRA

Example 2.3.18. The field Q of rational numbers is a number field of degree 1, and
the ring of integers of Q is Z. The field K = Q(i) of Gaussian integers has degree
2 and OK = Z[i].
√
Example√2.3.19. The golden ratio ϕ = (1 + 5)/2 is in the quadratic number field
K = Q( 5) = Q(ϕ); notice that ϕ satisfies x2 − x − 1, so ϕ ∈ OK . To see that
OK = Z[ϕ] directly, we proceed as follows. √ By Proposition 2.3.4, the algebraic
integers K are exactly the elements a + b √ 5 ∈ K, with a, b ∈ Q that have integral
√
minimal polynomial. The matrix of a + b 5 with respect to the basis 1, 5 for
2 − 5b2 =


K is m = ab 5b a . The characteristic polynomial of m is f = (x − a)
x2 − 2ax + a2 − 5b2 , which is in Z[x] if and only if 2a ∈ Z and a2 − 5b2 ∈ Z. Thus
a = a0 /2 with a0 ∈ Z, and (a0 /2)2 − 5b2 ∈ Z, so 5b2 ∈ 41 Z, so b ∈ 12 Z as well. If a
has a denominator of 2, then b must also have a denominator of 2 to ensure that
the difference a2 − 5b2 is an integer. This proves that OK = Z[ϕ].
√ √ √ √
Example 2.3.20. The ring of integers of K = Q( 3 9) is Z[ 3 3], where 3 3 = 13 ( 3 9)2 6∈
√3
9. As we will see, in general the problem of computing OK given K may be very
hard, since it requires factoring a certain potentially large integer.

Exercise
√ 2.3.21.
√ From basic definitions, find the rings of integers of the fields
Q( 11) and Q( −6).

Definition 2.3.22 (Order). An order in OK is any subring R of OK such that the

quotient OK /R of abelian groups is finite. (By definition R must contain 1 because
it is a ring.)

As noted above, Z[i] is the ring of integers of Q(i). For every nonzero integer n,
the subring Z+niZ of Z[i] is an order. The subring Z of Z[i] is not an order, because
Z does not have finite index in Z[i]. Also the subgroup 2Z + iZ of Z[i] is not an
order because it is not a ring.

Exercise 2.3.23. Let K be a quadratic extension of Q and R be any order in OK .

Show that OK /R is cyclic as an abelian group and that there is a bijection between
orders of OK containing R and divisors of [OK : R].

Remark 2.3.24. Exercise 2.3.23 is used in elliptic curve cryptography to measure

the number of isogenies, see [?, §11.2] for an example.
We define the number field Q(i) and compute its ring of integers.

K . <i > = NumberField ( x ^2 + 1)

OK = K . r i n g _ o f _ i n t e g e r s (); OK

Order with module basis 1 , i in Number Field in i with

defining polynomial x ^2 + 1

Next we compute the order Z + 3iZ.

2.3. RINGS OF ALGEBRAIC INTEGERS 33

O3 = K . order (3* i ); O3

Order with module basis 1 , 3* i in Number Field in i with

defining polynomial x ^2 + 1

O3 . gens ()

[1 , 3* i ]

We test whether certain elements are in the order.

5 + 9* i in O3

True

1 + 2* i in O3

False

We will frequently consider orders because they are often much easier to write
down explicitly than OK . For example, if K = Q(α) and α is an algebraic integer,
then Z[α] is an order in OK , but frequently Z[α] 6= OK .
Example 2.3.25. In this example [OK : Z[a]] = 2197. First we define the number
field K = Q(a) where a is a root of x3 − 15x2 − 94x − 3674, then we compute the
order Z[a] generated by a.

K . <a > = NumberField ( x ^3 - 15* x ^2 - 94* x - 3674)

Oa = K . order ( a ); Oa

Order with module basis 1 , a , a ^2 in Number Field in a with defining

polynomial x ^3 - 15* x ^2 - 94* x - 3674

Oa . basis ()

[1 , a , a ^2]

Next we compute a Z-basis for the maximal order OK of K, and compute that the
index of Z[a] in OK is 2197 = 133 .

OK = K . maximal_order ()
OK . basis ()

[25/169* a ^2 + 10/169* a + 1/169 , 5/13* a ^2 + 1/13* a , a ^2]

Oa . index_in ( OK )

2197
34 CHAPTER 2. BASIC COMMUTATIVE ALGEBRA

Lemma 2.3.26. Let OK be the ring of integers of a number field. Then OK ∩Q = Z

and QOK = K.
Proof. Suppose α ∈ OK ∩ Q with α = a/b ∈ Q in lowest terms and b > 0. Since α
is integral, Z[a/b] is finitely generated as a module, so b = 1.
To prove that QOK = K, suppose α ∈ K, and let f (x) ∈ Q[x] be the minimal
monic polynomial of α. For any positive integer d, the minimal monic polynomial
of dα is ddeg(f ) f (x/d), i.e., the polynomial obtained from f (x) by multiplying the
coefficient of xdeg(f ) by 1, multiplying the coefficient of xdeg(f )−1 by d, multiplying
the coefficient of xdeg(f )−2 by d2 , etc. If d is the least common multiple of the
denominators of the coefficients of f , then the minimal monic polynomial of dα has
integer coefficients, so dα is integral and dα ∈ OK . This proves that QOK = K.
Exercise 2.3.27. Which are the following rings are orders in the given number
field, i.e. orders in the ring of integers of the given number field.
1. The ring R = Z[i] in the number field Q(i).
2. The ring R = Z[i/2] in the number field Q(i).
3. The ring R = Z[17i] in the number field Q(i).
√
4. The ring R = Z[i] in the number field Q( 4 −1).

2.3.3 Function fields

Let k be any field. We can also make the same definitions, but with Q replaced by
the field k(t) of rational functions in an indeterminate t, and Z replaced by k[t]. The
analogue of a number field is called a function field; it is a finite algebraic extension
field K of k(t). Elements of K have a unique minimal polynomial as above, and the
ring of integers of K consists of those elements whose monic minimal polynomial
has coefficients in the polynomial ring k[t].
Geometrically, if F (x, t) = 0 is an affine equation that defines (via projective
closure) a nonsingular projective curve C, then K = k(t)[x]/(F (x, t)) is a function
field. We view the field K as the field of all rational functions on the projective
closure of the curve C. The ring of integers OK is the subring of rational functions
that have no poles on the affine curve F (x, t) = 0, though they may have poles at
infinity, i.e., at the extra points we introduce when passing to the projective closure
C. The algebraic arguments we gave above prove that OK is a ring. This is also
geometrically intuitive, since the sum and product of two functions with no poles
also have no poles.
Exercise 2.3.28. Let k = Fp be the finite field with p elements where p is some
prime. Find all automorphisms of k(t). Note that an automorphism is completely
characterized by its value on t. How many such automorphisms are there?
[Hint: For some people, it is easier to think about the equivalent question:
What rational functions f ∈ k(t) is the map k(t) → k(t) given by t 7→ f (t) an
automorphism? ]
2.4. NORMS AND TRACES 35

2.4 Norms and Traces

In this section we develop some basic properties of norms, traces, and discriminants,
and give more properties of rings of integers in the general context of Dedekind
domains.
Before discussing norms and traces we introduce some notation for field exten-
sions. If K ⊂ L are number fields, we let [L : K] denote the dimension of L viewed
as a K-vector space. If K is a number field and a ∈ Q, let K(a) be the extension
of K generated by a, which is the smallest number field that contains both K and a.
If a ∈ Q then a has a minimal polynomial f (x) ∈ Q[x], and the Galois conjugates
of a are the roots of f . These are called the Galois conjugates because they are the
orbit of a under the action of Gal(Q/Q).
√
Example 2.4.1.√ The element
√ 2√has minimal polynomial √ x2 − 2 and the Galois
conjugates of 2 are 2 and − √ 2. The√ cube√root 3 2 has minimial polynomial
3
x − 2 and three Galois conjugates √ 3
2, ζ3 3 2, ζ32 3 2, where ζ3 is a cube root of unity.
3
We create the extension Q(ζ3 )( 2) in Sage.

L . < cuberoot2 > = Cy cl ot o mi cF ie l d (3). extension ( x ^3 - 2)

cuberoot2 ^3

√
3
Then we list the Galois conjugates of 2.

cuberoot2 . g a l o i s _ c o n j u g a t e s ( L )

[ cuberoot2 , ( - zeta3 - 1)* cuberoot2 , zeta3 * cuberoot2 ]

Note that ζ32 = −ζ3 − 1:

zeta3 = L . base_field ().0

zeta3 ^2

- zeta3 - 1

Suppose K ⊂ L is an inclusion of number fields and let a ∈ L. Then left multi-

plication by a defines a K-linear transformation `a : L → L. (The transformation
`a is K-linear because L is commutative.)
Definition 2.4.2 (Norm and Trace). The norm and trace of a from L to K are

NormL/K (a) = det(`a ) and trL/K (a) = tr(`a ).

We know from linear algebra that determinants are multiplicative and traces
are additive, so for a, b ∈ L we have

NormL/K (ab) = NormL/K (a) · NormL/K (b)

36 CHAPTER 2. BASIC COMMUTATIVE ALGEBRA

and
trL/K (a + b) = trL/K (a) + trL/K (b).
Note that if f ∈ Q[x] is the characteristic polynomial of `a , then the constant
term of f is (−1)deg(f ) det(`a ), and the coefficient of xdeg(f )−1 is − tr(`a ).
Proposition 2.4.3. Let a ∈ L and let σ1 , . . . , σd , where d = [L : K], be the distinct
field embeddings L ,→ Q that fix every element of K. Then
d
Y d
X
NormL/K (a) = σi (a) and trL/K (a) = σi (a).
i=1 i=1

Proof. We prove the proposition by computing the characteristic polynomial of a.

Let f ∈ K[x] be the minimal polynomial of a over K, and note that f has distinct
roots and is irreducible, since it is the polynomial in K[x] of least degree that is
satisfied by a and K has characteristic 0. Since f is irreducible, we have K(a) ∼ =
K[x]/(f ), so [K(a) : K] = deg(f ). Also a satisfies a polynomial if and only if `a
does, so the characteristic polynomial of `a acting on K(a) is f . Let b1 , . . . , bn
be a basis for L over K(a) and note that 1, . . . , am is a basis for K(a)/K, where
m = deg(f ) − 1. Then ai bj is a basis for L over K, and left multiplication by a acts
the same way on the span of bj , abj , . . . , am bj as on the span of bk , abk , . . . , am bk , for
any pair j, k ≤ n. Thus the matrix of `a on L is a block direct sum of copies of the
matrix of `a acting on K(a), so the characteristic polynomial of `a on L is f [L:K(a)] .
The proposition follows because the roots of f [L:K(a)] are exactly the images σi (a),
with multiplicity [L : K(a)], since each embedding of K(a) into Q extends in exactly
[L : K(a)] ways to L.

It is important in Proposition 2.4.3 that the product and sum be over all the
images σi (a), not over just the distinct images. For example, if a = 1 ∈ L, then
TrL/K (a) = [L : K], whereas the sum of the distinct conjugates of a is 1.
The following corollary asserts that the norm and trace behave well in towers.
Corollary 2.4.4. Suppose K ⊂ L ⊂ M is a tower of number fields, and let a ∈ M .
Then

NormM/K (a) = NormL/K (NormM/L (a)) and trM/K (a) = trL/K (trM/L (a)).

Proof. The proof uses that every embedding L ,→ Q extends in exactly [M : L]

way to an embedding M ,→ Q. This is clear if we view M as L[x]/(h(x)) for some
irreducicble polynomial h(x) ∈ L[x] of degree [M : L], and note that the extensions
of L ,→ Q to M correspond to the roots of h, of which there are deg(h), since Q is
algebraically closed.
For the first equation, both sides are the product of σi (a), where σi runs through
the embeddings of M into Q that fix K. To see this, suppose σ : L → Q fixes K.
If σ 0 is an extension of σ to M , and τ1 , . . . , τd are the embeddings of M into Q
that fix L, then σ 0 τ1 , . . . , σ 0 τd are exactly the extensions of σ to M . For the second
statement, both sides are the sum of the σi (a).
2.5. RECOGNIZING ALGEBRAIC NUMBERS USING LLL 37

Let K ⊂ L ⊂ M be as in Corollary 2.4.4. If α ∈ M , then the formula of

Proposition 2.4.3 implies that the norm and trace down to L of α is an element
of OL , because the sum and product of algebraic integers is an algebraic integer.
Proposition 2.4.5. Let K be a number field. The ring of integers OK is a lattice
in K, i.e., QOK = K and OK is an abelian group of rank [K : Q].
Proof. We saw in Lemma 2.3.26 that QOK = K. Thus Pthere exists a basis a1 , . . . , an
for K, where each ai is in OK . Suppose that as x = ni=1 ci ai ∈ OK varies over all
elements of OK the denominators of the coefficients ci are not all uniformly bounded.
Then subtracting off integer multiples of the ai , we see that as x = ni=1 ci ai ∈ OK
P
varies over elements of OK with ci between 0 and 1, the denominators of the ci are
also arbitrarily large. This implies that there are infinitely many elements of OK in
the bounded subset

S = {c1 a1 + · · · + cn an : ci ∈ Q, 0 ≤ ci ≤ 1} ⊂ K.

Thus for any ε > 0, there are elements a, b ∈ OK such that the coefficients of a − b
are all less than ε (otherwise the elements of OK would all be a “distance” of least ε
from each other, so only finitely many of them would fit in S).
As mentioned above, the norms of elements of OK are integers. Since the norm
of an element is the determinant of left multiplication by that element, the norm is
a homogenous polynomial of degree n in the indeterminate coefficients ci , which is
0 only on the element 0, so the constant term of this polynomial is 0. If the ci get
arbitrarily small for elements of OK , then the values of the norm polynomial get
arbitrarily small, which would imply that there are elements of OK with positive
norm too small to be in Z, a contradiction. So the set S contains only finitely many
elements of OK . Thus the denominators of the ci are bounded, so for some d, we
have that OK has finite index in A = d1 Za1 + · · · + d1 Zan . Since A is isomorphic to
Zn , it follows from the structure theorem for finitely generated abelian groups that
OK is isomorphic as a Z-module to Zn , as claimed.

Corollary 2.4.6. The ring of integers OK of a number field is noetherian.

Proof. By Proposition 2.4.5, the ring OK is finitely generated as a module over Z,
so it is certainly finitely generated as a ring over Z. By Theorem 2.2.10, OK is
noetherian.

2.5 Recognizing Algebraic Numbers using LLL

Suppose we somehow compute a decimal approximation α to some rational number
β ∈ Q and from this wish to recover β. For concreteness, say

β = 22/389 = 0.05655526992287917737789203084832904884318766066838046 . . .

and we compute
α = 0.056555.
38 CHAPTER 2. BASIC COMMUTATIVE ALGEBRA

Now suppose given only α that you would like to recover β. A standard technique is
to use continued fractions, which yields a sequence of good rational approximations
for α; by truncating right before a surprisingly big partial quotient, we obtain β:

v = c o n t i n u e d _ f r a c t i o n (0.056555)
c o n t i n u e d _ f r a c t i o n (0.056555)

[0 , 17 , 1 , 2 , 6 , 1 , 23 , 1 , 1 , 1 , 1 , 1 , 2]

convergents ([0 , 17 , 1 , 2 , 6 , 1])

[0 , 1/17 , 1/18 , 3/53 , 19/336 , 22/389]

Generalizing this, suppose next that somehow you numerically approximate an

algebraic number, e.g., by evaluating a special function and get a decimal approxi-
√
mation α ∈ C to an algebraic number β ∈ Q. For concreteness, suppose β = 13 + 4 3:

N (1/3 + 3^(1/4) , digits =50)

1.64940734628582579415255223513033238849340192353916

Now suppose you very much want to find the (rescaled) minimal polynomial f (x) ∈
Z[x] of β just given this numerical approximation α. This is of great value even
without proof, since often in practice once you know a potential minimal polynomial
you can verify that it is in fact right. Exactly this situation arises in the explicit
construction of class fields (a more advanced topic in number theory) and in the
construction of Heegner points on elliptic curves. As we will see, the LLL algo-
rithm provides a polynomial time way to solve this problem, assuming α has been
computed to sufficient precision.

2.5.1 LLL Reduced Basis

Given a basis b1 , . . . , bn for Rn , the Gramm-Schmidt orthogonalization process pro-
duces an orthogonal basis b∗1 , . . . , b∗n for Rn as follows. Define inductively
X
b∗i = bi − µi,j b∗j
j<i

where
bi · b∗j
µi,j = ∗ ∗.
bj · bj

Example 2.5.1. We compute the Gramm-Schmidt orthogonal basis of the rows of a

matrix. Note that no square roots are introduced in the process; there would be
square roots if we constructed an orthonormal basis.
2.5. RECOGNIZING ALGEBRAIC NUMBERS USING LLL 39

A = matrix ( ZZ , 2 , [1 ,2 , 3 ,4]); A

[1 2]
[3 4]

Bstar , mu = A . gramm_schmidt ()

The rows of the matrix B ∗ are obtained from the rows of A by the Gramm-Schmidt
procedure.

Bstar

[ 1 2]
[ 4/5 -2/5]

mu

[ 0 0]
[11/5 0]

A lattice L ⊂ Rn is a subgroup that is free of rank n such that RL = Rn .

Definition 2.5.2 (LLL-reduced basis). The basis b1 , . . . , bn for a lattice L ⊂ Rn is

LLL reduced if for all i, j,
1
|µi,j | ≤
2
and for each i ≥ 2,  
∗ 2 3
|bi | ≥ − µi,i−1 |b∗i−1 |2
2
4
For example, the basis b1 = (1, 2), b2 = (3, 4) for a lattice L is not LLL reduced
because b∗1 = b1 and
b2 · b∗ 11 1
µ2,1 = ∗ 1∗ = > .
b1 · b1 5 2
However, the basis b1 = (1, 0), b2 = (0, 2) for L is LLL reduced, since

b2 · b∗1
µ2,1 = = 0,
b∗1 · b∗1

and
22 ≥ (3/4) · 12 .

A = matrix ( ZZ , 2 , [1 ,2 , 3 ,4])
A . LLL ()

[1 0]
[0 2]
40 CHAPTER 2. BASIC COMMUTATIVE ALGEBRA

2.5.2 What LLL really means

The following theorem is not too difficult to prove.
Let b1 , . . . , bn be an LLL reduced basis for a lattice L ⊂ Rn . Let d(L) denote the
absolute value of the determinant of any matrix whose rows are basis for L. Then
the vectors bi are “nearly orthogonal” and “short” in the sense of the following
theorem:
Theorem 2.5.3. We have
1. d(L) ≤ ni=1 |bi | ≤ 2n(n−1)/4 d(L).
Q

2. For 1 ≤ j ≤ i ≤ n, we have
|bj | ≤ 2(i−1)/2 |b∗i |.

3. The vector b1 is very short in the sense that

|b1 | ≤ 2(n−1)/4 d(L)1/n
and for every nonzero x ∈ L we have
|b1 | ≤ 2(n−1)/2 |x|.

4. More generally, for any linearly independent x1 , . . . , xt ∈ L, we have

|bj | ≤ 2(n−1)/2 max(|x1 |, . . . , |xt |)
for 1 ≤ j ≤ t.
Perhaps the most amazing thing about the idea of an LLL reduced basis is that
there is an algorithm (in fact many) that given a basis for a lattice L produce an
LLL reduced basis for L, and do so quickly, i.e., in polynomial time in the number
of digits of the input. The current optimal implementation (and practically optimal
algorithms) for computing LLL reduced basis are due to Damien Stehle, and are
included standard in Magma in Sage. Stehle’s code is amazing – it can LLL reduce
a random lattice in Rn for n < 1000 in a matter of minutes!
A = random_matrix ( ZZ , 200)
t = cputime ()
B = A . LLL ()
cputime ( t ) # random output

3.0494159999999999

There is even a very fast variant of Stehle’s implementation that computes a basis
for L that is very likely LLL reduced but may in rare cases fail to be LLL reduced.
t = cputime ()
B = A . LLL ( algorithm = " fpLLL : fast " ) # not tested
cputime ( t ) # random output

0.96842699999999837
2.5. RECOGNIZING ALGEBRAIC NUMBERS USING LLL 41

2.5.3 Applying LLL

The LLL definition and algorithm has many application in number theory, e.g., to
cracking lattice-based cryptosystems, to enumerating all short vectors in a lattice, to
finding relations between decimal approximations to complex numbers, to very fast
univariate polynomial factorization in Z[x] and more generally in K[x] where K is
a number fields, and to computation of kernels and images of integer matrices. LLL
can also be used to solve the problem of recognizing algebraic numbers mentioned
at the beginning of Section 2.5.
Suppose as above that α is a decimal approximation to some algebraic number
β, and to for simplicity assume that α ∈ R (the general case of α ∈ C is described in
[Coh93]). We finish by explaining how to use LLL to find a polynomial f (x) ∈ Z[x]
such that f (α) is small, hence has a shot at being the minimal polynomial of β.
Given a real number decimal approximation α, an integer d (the degree), and
an integer K (a function of the precision to which α is known), the following steps
produce a polynomial f (x) ∈ Z[x] of degree at most d such that f (α) is small.

1. Form the lattice in Rd+2 with basis the rows of the matrix A whose first
(d + 1) × (d + 1) part is the identity matrix, and whose last column has entries

K, bKαc, bKα2 c, . . . , bKαd c. (2.5.1)

(Note this matrix is (d + 1) × (d + 2) so the lattice is not of full rank in
Rd+2 , which isn’t a problem, since the LLL definition also makes sense for less
vectors.)

2. Compute an LLL reduced basis for the Z-span of the rows of A, and let B be
the corresponding matrix. Let b1 = (a0 , a1 , . . . , ad+1 ) be the first row of B and
notice that B is obtained from A by left multiplication by an invertible integer
matrix. Thus a0 , . . . , ad are the linear combination of the (2.5.1) that equals
ad+1 . Moreover, since B is LLL reduced we expect that ad+1 is relatively
small.

3. Output f (x) = a0 + a1 x + · · · + ad xd . We have that f (α) ∼ ad+1 /K, which is

small. Thus f (x) may be a very good candidate for the minimal polynomial
of β (the algebraic number we are approximating), assuming d was chosen
minimally and α was computed to sufficient precision.

The following is a complete implementation of the above algorithm in Sage:

def myalgdep (a , d , K =10^6):

aa = [ floor ( K * a ^ i ) for i in range ( d +1)]
A = i de nt it y _m at ri x ( ZZ , d +1)
B = matrix ( ZZ , d +1 , 1 , aa )
A = A . augment ( B )
L = A . LLL ()
v = L [0][: -1]. list ()
return ZZ [ ’x ’ ]( v )
42 CHAPTER 2. BASIC COMMUTATIVE ALGEBRA

Here is an example of using it:

R . <x > = RDF []

f = 2* x ^3 - 3* x ^2 + 10* x - 4
a = f . roots ()[0][0]; a
myalgdep (a , 3 , 10^6) # not tested

2* x ^3 - 3* x ^2 + 10* x - 4
Chapter 3

Unique Factorization of Ideals

Unique factorization into irreducible elements frequently fails for rings of integers of
number fields. In this chapter we will deduce a central property of the ring of integers
OK of an algebraic number field, namely that every nonzero ideal factors uniquely
as a products of prime ideals. Along the way, we will introduce fractional ideals
and prove that they form a free abelian group under multiplication. Factorization
of elements of OK (and much more!) is governed by the class group of OK , which is
the quotient of the group of fractional ideals by the principal fractional ideals (see
Chapter 7).

3.1 Dedekind Domains

Recall (Corollary 2.4.6) that we proved that the ring of integers OK of a number
field is noetherian as follows. As we saw before using norms, the ring OK is finitely
generated as a module over Z, so it is certainly finitely generated as a ring over Z.
By the Hilbert Basis Theorem (Theorem 2.2.10), OK is noetherian.
If R is an integral domain, the field of fractions Frac(R) of R is the field of all
equivalence classes of formal quotients a/b, where a, b ∈ R with b 6= 0, and a/b ∼ c/d
if ad = bc. For example, the field √of fractions of
√ Z is (canonically isomorphic to) Q
and the field of fractions of Z[(1 + 5)/2] is Q( 5). The field of fractions of the ring
OK of integers of a number field K is just the number field K (see Lemma 2.3.26).

Example 3.1.1. We compute the fraction fields mentioned above.

Frac ( ZZ )

Rational Field

In Sage the Frac command usually returns a field canonically isomorphic to the
fraction field (not a formal construction).

43
44 CHAPTER 3. UNIQUE FACTORIZATION OF IDEALS

K . <a > = Q uadratic Field (5)

OK = K . r i n g _ o f _ i n t e g e r s (); OK

Maximal Order in Number Field in a with defining polynomial x ^2 - 5

OK . basis ()

[1/2* a + 1/2 , a ]

Frac ( OK )

Number Field in a with defining polynomial x ^2 - 5

Remark 3.1.2. Note that in computers 1/2 * x means the same as (1/2)*x. For
more information about the order of operations in programming see http://en.
wikipedia.org/wiki/Order_of_operations. In Sage the ^ symbol is replaced
with python’s exponentiation ** at execution.1
The fraction field of an order – i.e., a subring of OK of finite index – is also the
number field again.

O2 = K . order (2* a ); O2

Order in Number Field in a with defining polynomial x ^2 - 5

Frac ( O2 )

Number Field in a with defining polynomial x ^2 - 5

Definition 3.1.3 (Integrally Closed). An integral domain R is integrally closed in

its field of fractions if whenever α is in the field of fractions of R and α satisfies a
monic polynomial f ∈ R[x], then α ∈ R.

For example, every field√is integrally closed in its field of fractions, as is the ring
Z of √
integers. However, Z[ 5] is not integrally √ closed in its field√of fractions, since
(1 + 5)/2 is integrally over Z and lies in Q( 5), but not in Z[ 5]

Proposition 3.1.4. If K is any number field, then OK is integrally closed. Also,

the ring Z of all algebraic integers (in a fixed choice of Q) is integrally closed.

Proof. We first prove that Z is integrally closed. Suppose α ∈ Q is integral

over Z, so there is a monic polynomial f (x) = xn + an−1 xn−1 + · · · + a1 x + a0
with ai ∈ Z and f (α) = 0. The ai all lie in the ring of integers OK of the num-
ber field K = Q(a0 , a1 , . . . an−1 ), and OK is finitely generated as a Z-module, so
Z[a0 , . . . , an−1 ] is finitely generated as a Z-module. Since f (α) = 0, we can write αn
1
Another source for order of operations specific to python is https://docs.python.org/2/
reference/expressions.html#operator-precedence.
3.1. DEDEKIND DOMAINS 45

as a Z[a0 , . . . , an−1 ]-linear combination of αi for i < n, so the ring Z[a0 , . . . , an−1 , α]
is also finitely generated as a Z-module. Thus Z[α] is finitely generated as a Z-
module because it is a submodule of a finitely generated Z-module, which implies
that α is integral over Z.
Without loss we may assume that K ⊂ Q, so that OK = Z ∩ K. Suppose α ∈ K
is integral over OK . Then since Z is integrally closed, α is an element of Z, so
α ∈ K ∩ Z = OK , as required.

Exercise 3.1.5. Prove that Z is not noetherian.

[Hint: Consider an ideal generated by fractional powers of a prime. ]
Definition 3.1.6 (Dedekind Domain). An integral domain R is a Dedekind domain
if it is noetherian, integrally closed in its field of fractions, and every nonzero prime
ideal of R is maximal.
Exercise 3.1.7. Let K be a field.
(a) Prove that the polynomial ring K[x] is a Dedekind domain.
(b) Is Z[x] a Dedekind domain?
The ring√Z ⊕ Z is not a Dedekind domain because it is not an integral domain.
The ring Z[ 5] is not a Dedekind domain because it is not integrally closed in its
field of fractions. The ring Z is a Dedekind domain, as is any ring of integers OK
of a number field, as we will see below. Also, any field K is a Dedekind domain,
since it is an integral domain, it is trivially integrally closed in itself, and there are
no nonzero prime ideals so the condition that they be maximal is empty.
Exercise 3.1.8. In Proposition 3.1.4 we showed that Z is integrally closed in its field
of fractions. Prove that and every nonzero prime ideal of Z is maximal. Together
with Exercise 3.1.5, this shows Z is not a Dedekind domain only because it is not
noetherian.
Exercise* 3.1.9. Show that Dedekind domains are closed under localization. This
means the following: given any non-zero prime p in R, the localization Rp of R at
p is the ring formed by inverting all elements of R not contained in p. Thus Rp is
a subring of the field of fractions K of R which contains R. For example, Z(2) is
the localization of Z at the prime ideal (2). Note Z(2) contains 31 but not 12 . This
exercise will show Rp is again a Dedekind domain. In general, any element of Rp
can be written as a quotient ab for some a ∈ R and b ∈ R \ p.
[Hint: It is a standard fact of localizations that set of prime ideals in Rp is in
bijection with the set of prime ideals of R contained in P . Use this to show Rp
is noetherian and all prime ideals of Rp are maximal. It remains to show Rp is
integrally closed. Let α ∈ K satisfy a monic polynomial with coefficients in Rp . By
clearing denominators show that sα ∈ R for some s ∈ R \ p. ]
Proposition 3.1.10. The ring of integers OK of a number field is a Dedekind
domain.
46 CHAPTER 3. UNIQUE FACTORIZATION OF IDEALS

Proof. By Proposition 3.1.4, the ring OK is integrally closed, and by Proposi-

tion 2.4.6 it is noetherian. Suppose that p is a nonzero prime ideal of OK . Let
α ∈ p be a nonzero element, and let f (x) ∈ Z[x] be the minimal polynomial of α.
Then
f (α) = αn + an−1 αn−1 + · · · + a1 α + a0 = 0,
so a0 = −(αn + an−1 αn−1 + · · · + a1 α) ∈ p. Since f is irreducible, a0 is a nonzero
element of Z that lies in p. Every element of the finitely generated abelian group
OK /p is killed by a0 , so OK /p is a finite set. Since p is prime, OK /p is an integral
domain. Every finite integral domain is a field (see Exercise 2), so p is maximal,
which completes the proof.

3.2 Factorization of Ideals

If I and J are ideals in a ring R, the product IJ is the ideal generated by all products
of elements in I with elements in J:
IJ = (ab : a ∈ I, b ∈ J) ⊂ R.
Note that the set of all products ab, with a ∈ I and b ∈ J, need not be an ideal, so
it is important to take the ideal generated by that set (see Exercise 3).
Definition 3.2.1 (Fractional Ideal). A fractional ideal is a nonzero OK -submodule I
of K that is finitely generated as an OK -module.
We will sometimes call a genuine ideal I ⊂ OK an integral ideal. The notion of
fractional ideal makes sense for an arbitrary Dedekind domain R – it is an R-module
I ⊂ K = Frac(R) that is finitely generated as an R-module.
Example 3.2.2. We multiply two fractional ideals in Sage:
K . <a > = NumberField ( x ^2 + 23)
I = K . f r a c t i o n a l_ i d e a l (2 , 1/2* a - 1/2)
J = I ^2
I

Fractional ideal (2 , 1/2* a - 1/2)

Fractional ideal (4 , 1/2* a + 3/2)

I*J

Fractional ideal (1/2* a + 3/2)

Since fractional ideals I are finitely generated, we can clear denominators of a

generating set to see that there exists some nonzero α ∈ K such that
αI = J ⊂ OK ,
3.2. FACTORIZATION OF IDEALS 47

with J an integral ideal. Thus dividing by α, we see that every fractional ideal is
of the form
aJ = {ab : b ∈ J}
for some a ∈ K and integral ideal J ⊂ OK .
For example, the set 12 Z of rational numbers with denominator 1 or 2 is a
fractional ideal of Z.

Theorem 3.2.3. The set of fractional ideals of a Dedekind domain R is an abelian

group under ideal multiplication with identity element R.

Note that fractional ideals are nonzero by definition, so it is not necessary to

write “nonzero fractional ideals” in the statement of the theorem. We will only
prove Theorem 3.2.3 in the case when R = OK is the ring of integers of a number
field K. The general case can be found in many algebraic number theory books
such as [Mar77, Ch. 3]. Before proving Theorem 3.2.3 we prove a lemma. For the
rest of this section OK is the ring of integers of a number field K.

Definition 3.2.4 (Divides for Ideals). Suppose that I, J are ideals of OK . Then
we say that I divides J if I ⊃ J.

To see that this notion of divides is sensible, suppose K = Q, so OK = Z.

Then I = (n) and J = (m) for some integer n and m, and I divides J means that
(n) ⊃ (m), i.e., that there exists an integer c such that m = cn, which exactly
means that n divides m, as expected.

Lemma 3.2.5. Suppose I is a nonzero ideal of OK . Then there exist prime ideals
p1 , . . . , pn such that p1 · p2 · · · pn ⊂ I, i.e., I divides a product of prime ideals.

Proof. Let S be the set of nonzero ideals of OK that do not satisfy the conclusion
of the lemma. The key idea is to use that OK is noetherian to show that S is the
empty set. If S is nonempty, then since OK is noetherian, there is an ideal I ∈ S
that is maximal as an element of S. If I were prime, then I would trivially contain
a product of primes, so we may assume that I is not prime. Thus there exists
a, b ∈ OK such that ab ∈ I but a 6∈ I and b 6∈ I. Let J1 = I + (a) and J2 = I + (b).
Then neither J1 nor J2 is in S, since I is maximal, so both J1 and J2 contain a
product of prime ideals, say p1 · · · pr ⊂ J1 and q1 · · · qs ⊂ J2 . Then

p1 · · · pr · q1 · · · qs ⊂ J1 J2 = I 2 + I(b) + (a)I + (ab) ⊂ I,

so I contains a product of primes. This is a contradiction, since we assumed I ∈ S.

Thus S is empty, which completes the proof.

We are now ready to prove the theorem.

Proof of Theorem 3.2.3. Note that we will only prove Theorem 3.2.3 in the case
when R = OK is the ring of integers of a number field K.
48 CHAPTER 3. UNIQUE FACTORIZATION OF IDEALS

The product of two fractional ideals is again finitely generated, so it is a frac-

tional ideal, and IOK = I for any ideal I, so to prove that the set of fractional
ideals under multiplication is a group it suffices to show the existence of inverses.
We will first prove that if p is a prime ideal, then p has an inverse, then we will
prove that all nonzero integral ideals have inverses, and finally observe that every
fractional ideal has an inverse. (Note: Once we know that the set of fractional ideals
is a group, it will follows that inverses are unique; until then we will be careful to
write “an” instead of “the”.)
Suppose p is a nonzero prime ideal of OK . We will show that the OK -module

I = {a ∈ K : ap ⊂ OK }

is a fractional ideal of OK such that Ip = OK , so that I is an inverse of p.

For the rest of the proof, fix a nonzero element b ∈ p. Since I is an OK -module,
bI ⊂ OK is an OK ideal, hence I is a fractional ideal. Since OK ⊂ I we have
p ⊂ Ip ⊂ OK , hence since p is maximal, either p = Ip or Ip = OK . If Ip = OK , we
are done since then I is an inverse of p. Thus suppose that Ip = p. Our strategy
is to show that there is some d ∈ I, with d 6∈ OK . Since Ip = p, such a d would
leave p invariant, i.e., dp ⊂ p. Since p is a finitely generated OK -module we will see
that it will follow that d ∈ OK , a contradiction.
By Lemma 3.2.5, we can choose a product p1 , . . . , pm , with m minimal, with

p1 p2 · · · pm ⊂ (b) ⊂ p.

If no pi isQcontained in p, then we can choose for each i an ai ∈ pi with ai 6∈ p;

but then ai ∈ p, which contradicts that p is a prime ideal. Thus some pi , say
p1 , is contained in p, which implies that p1 = p since every nonzero prime ideal
is maximal. Because m is minimal, p2 · · · pm is not a subset of (b), so there exists
c ∈ p2 · · · pm that does not lie in (b). Then p(c) ⊂ (b), so by definition of I we have
d = c/b ∈ I. However, d 6∈ OK , since if it were then c would be in (b). We have
thus found our element d ∈ I that does not lie in OK .
To finish the proof that p has an inverse, we observe that d preserves the finitely
generated OK -module p, and is hence in OK , a contradiction. More precisely, if
b1 , . . . , bn is a basis for p as a Z-module, then the action of d on p is given by
a matrix with entries in Z, so the minimal polynomial of d has coefficients in Z
(because d satisfies the minimal polynomial of `d , by the Cayley-Hamilton theorem
– here we also use that Q ⊗ p = K, since OK /p is a finite set). This implies that d
is integral over Z, so d ∈ OK , since OK is integrally closed by Proposition 3.1.4.
(Note how this argument depends strongly on the fact that OK is integrally closed!)
So far we have proved that if p is a prime ideal of OK , then

p−1 = {a ∈ K : ap ⊂ OK }

is the inverse of p in the monoid of nonzero fractional ideals of OK . As mentioned

after Definition 3.2.1, every nonzero fractional ideal is of the form aI for a ∈ K
3.2. FACTORIZATION OF IDEALS 49

and I an integral ideal, so since (a) has inverse (1/a), it suffices to show that every
integral ideal I has an inverse. If not, then there is a nonzero integral ideal I that
is maximal among all nonzero integral ideals that do not have an inverse. Every
ideal is contained in a maximal ideal, so there is a nonzero prime ideal p such that
I ⊂ p. Multiplying both sides of this inclusion by p−1 and using that OK ⊂ p−1 ,
we see that
I ⊂ p−1 I ⊂ p−1 p = OK .
If I = p−1 I, then arguing as in the proof that p−1 is an inverse of p, we see
that each element of p−1 preserves the finitely generated Z-module I and is hence
integral. But then p−1 ⊂ OK , which, upon multiplying both sides by p, implies that
OK = pp−1 ⊂ p, a contradiction. Thus I 6= p−1 I. Because I is maximal among
ideals that do not have an inverse, the ideal p−1 I does have an inverse J. Then
p−1 J is an inverse of I, since (Jp−1 )I = J(p−1 I) = OK .

We can finally deduce the crucial Theorem 3.2.6, which will allow us to show
that any nonzero ideal of a Dedekind domain can be expressed uniquely as a product
of primes (up to order). Thus unique factorization holds for ideals in a Dedekind
domain, and it is this unique factorization that initially motivated the introduction
of ideals to mathematics over a century ago.

Theorem 3.2.6. Suppose I is a nonzero integral ideal of OK . Then I can be written

as a product
I = p1 · · · pn
of prime ideals of OK , and this representation is unique up to order.

Proof. Suppose I is an ideal that is maximal among the set of all ideals in OK that
cannot be written as a product of primes. Every ideal is contained in a maximal
ideal, so I is contained in a nonzero prime ideal p. If Ip−1 = I, then by Theo-
rem 3.2.3 we can cancel I from both sides of this equation to see that p−1 = OK , a
contradiction. Since OK ⊂ p−1 , we have I ⊂ Ip−1 , and by the above observation I is
strictly contained in Ip−1 . By our maximality assumption on I, there are maximal
ideals p1 , . . . , pn such that Ip−1 = p1 · · · pn . Then I = p · p1 · · · pn , a contradiction.
Thus every ideal can be written as a product of primes.
Suppose p1 · · · pn = q1 · · · qm . If no qi is contained in p1 , then for each i there
is an ai ∈ qi such that ai 6∈ p1 . But the product of the ai is in p1 · · · pn , which is a
subset of p1 , which contradicts that p1 is a prime ideal. Thus qi = p1 for some i.
We can thus cancel qi and p1 from both sides of the equation by multiplying both
sides by the inverse. Repeating this argument finishes the proof of uniqueness.

Theorem 3.2.7. If I is a fractional ideal of OK then there exists prime ideals

p1 , . . . , pn and q1 , . . . , qm , unique up to order, such that

I = (p1 · · · pn )(q1 · · · qm )−1 .

50 CHAPTER 3. UNIQUE FACTORIZATION OF IDEALS

Proof. We have I = (a/b)J for some a, b ∈ OK and integral ideal J. Applying

Theorem 3.2.6 to (a), (b), and J gives an expression as claimed. For uniqueness, if
one has two such product expressions, multiply through by the denominators and
use the uniqueness part of Theorem 3.2.6
√ √
Example 3.2.8. The ring of integers of K = Q( −6) is OK = Z[ −6]. We have
√ √
6 = − −6 −6 = 2 · 3.
√
If ab = −6, with a, b ∈ OK and neither a unit, then Norm(a) √ Norm(b) = 6, so
without loss Norm(a) = 2 and Norm(b) = 3. If a = c + d −6, then Norm(a) =
c2 + 6d2 ; since the equation c2 + 6d2√= 2 has no solution with√c, d ∈ Z, there is
no element in OK with norm 2, so −6 is irreducible. Also, −6 is not a unit
times 2 or times 3, since again the norms would not match up. Thus 6 cannot
be written uniquely as a product of irreducibles in OK . Theorem 3.2.7, however,
implies that the principal ideal (6) can, however, be written uniquely as a product
of prime ideals. An explicit decomposition is
√ √
(6) = (2, 2 + −6)2 · (3, 3 + −6)2 , (3.2.1)
√ √
where each of the ideals (2, 2 + −6) and (3, 3 + −6) is prime. We will discuss
algorithms for computing such a decomposition in detail in Chapter 4. The first
idea is to write (6) = (2)(3), and hence reduce to the case of writing the (p), for
p ∈ Z prime, as a product of primes. Next one decomposes the finite (as a set) ring
OK /pOK .
The factorization (3.2.1) can be compute using Sage as follows:

K . <a > = NumberField ( x ^2 + 6); K

Number Field in a with defining polynomial x ^2 + 6

K . factor (6)

( Fractional ideal (2 , a ))^2 * \

( Fractional ideal (3 , a ))^2
Chapter 4

Factoring Primes

Let p be a prime and OK the ring of integers of a number field. This chapter is about
how to write pOK as a product of prime ideals of OK . Paradoxically, computing
the explicit prime ideal factorization of pOK is easier than computing OK .

4.1 The Problem

A diagram from [LL93].

“The obvious mathematical breakthrough would be develop-

ment of an easy way to factor large prime numbers.”
– Bill Gates, The Road Ahead, 1st ed., pg 265

51
52 CHAPTER 4. FACTORING PRIMES

Bill Gates meant1 factoring products of two primes, which would break the
RSA cryptosystem (see e.g. [Ste09, §3.2]). However, perhaps Gates is an algebraic
number theorist, and he really meant what he said: then we might imagine that he
meant factorization of primes of Z in rings of integers of number fields. For example,
216 + 1 = 65537 is a “large” prime, and in Z[i] we have
(65537) = (65537, 28 + i) · (65537, 28 − i).

4.1.1 Geometric Intuition

Let K = Q(α) be a number field, and let OK be the ring of integers of K. To
employ our geometric intuition, as the Lenstras did on the cover of [LL93], it is
helpful to view OK as a 1-dimensional scheme
X = Spec(OK ) = {all prime ideals of OK }
over
Y = Spec(Z) = {(0)} ∪ {pZ : p ∈ Z>0 is prime}.
There is a natural map π : X → Y that sends a prime ideal p ∈ X to p ∩ Z ∈ Y .
For example, if
p = (65537, 28 + i) ⊂ Z[i],
then p ∩ Z = (65537). For more on this viewpoint, see [Har77] and [EH00, Ch. 2].
If p ∈ QZ is a prime number, then the ideal pOK of OK factors uniquely as
a product pei i , where the pi are maximal ideals of OK . We may imagine the
decomposition of pOK into prime ideals geometrically as the fiber π −1 (pZ), where
the exponents ei are the multiplicities of the fibers. Notice that the elements of
π −1 (pZ) are the prime ideals of OK that contain p, i.e., the primes that divide
pOK . This chapter is about how to compute the pi and ei .
Remark 4.1.1. More technically, in algebraic geometry one defines the inverse im-
age of the point pZ to be the spectrum of the tensor product OK ⊗Z Z/pZ; by a
generalization of the Chinese Remainder Theorem, we have
OK ⊗Z (Z/pZ) ∼ e
= ⊕OK /pi i .

4.1.2 Examples
The following Sage session shows the commands needed to compute the factorization
of pOK for K the number field defined by a root of x5 + 7x4 + 3x2 − x + 1 and p = 2
and 5. We first create an element f ∈ Q[x] in Sage:
1
This quote is on page 265 of the first edition. In the second edition, on page 303, this sentence is
changed to “The obvious mathematical breakthrough that would defeat our public key encryption
would be the development of an easy way to factor large numbers.” This is less nonsensical;
however, fast factoring is not known to break all commonly used public-key cryptosystem. For
example, there are cryptosystems based on the difficulty of computing discrete logarithms in F∗p
and on elliptic curves over Fp , which (presumably) would not be broken even if one could factor
large numbers quickly.
4.1. THE PROBLEM 53

R . <x > = QQ []
f = x ^5 + 7* x ^4 + 3* x ^2 - x + 1

Then we create the corresponding number field obtained by adjoining a root of f ,

and find its ring of integers.
K . <a > = NumberField ( f )
OK = K . r i n g _ o f _ i n t e g e r s ()
OK . basis ()

[1 , a , a ^2 , a ^3 , a ^4]

We define the ideal 2OK and factor – it turns out to be prime.

I = K . f r a c t i o na l _ i d e a l (2); I

Fractional ideal (2)

I . factor ()

Fractional ideal (2)

I . is_prime ()

True

Finally we factor 5OK , which factors as a product of three primes.

I = K . f r a c t i o na l _ i d e a l (5); I

Fractional ideal (5)

I . factor ()

( Fractional ideal (5 , -2* a ^4 - 13* a ^3 + 7* a ^2 - 6* a + 2)) * \

( Fractional ideal (5 , a ^4 + 7* a ^3 + 3* a + 1)) * \
( Fractional ideal (5 , a ^4 + 7* a ^3 + 3* a - 3))^2

Notice that the polynomial f factors in a similar way:

f . factor_mod (5)

( x + 2) * ( x + 3)^2 * ( x ^2 + 4* x + 2)

Thus 2OK is already a prime ideal, and

5OK = (5, 2 + a) · (5, 3 + a)2 · (5, 2 + 4a + a2 ).

Notice that in this example OK = Z[a]. (Warning: There are examples of OK

such that OK 6= Z[a] for any a ∈ OK , as Example 4.3.2 below illustrates.) When
54 CHAPTER 4. FACTORING PRIMES

p1
•

•p 2

q1
p3
•
zero

q
• • p
zero r • s• •t

Figure 4.1.1: Diagram of Spec(OK ) → Spec(Z)

OK = Z[a] it is relatively easy to factor pOK , at least assuming one can factor
polynomials in Fp [x]. The following factorization gives a hint as to why:

x5 + 7x4 + 3x2 − x + 1 ≡ (x + 2) · (x + 3)2 · (x2 + 4x + 2) (mod 5).

The exponent 2 of (5, 3 + a)2 in the factorization of 5OK above suggests “rami-
fication”, in the sense that the cover X → Y has less points (counting their “size”,
i.e., their residue class degree) in its fiber over 5 than it has generically. See Fig-
ure 4.1.1.
4.2. A METHOD FOR FACTORING PRIMES THAT OFTEN WORKS 55

4.2 A Method for Factoring Primes that Often Works

Suppose a ∈ OK is such that K = Q(a), and let f (x) ∈ Z[x] be the minimal
polynomial of a. Then Z[a] ⊂ OK , and we have a diagram of schemes

Spec(OK /pei i )  / Spec(OK )
[

 

Spec(Fp [x]/(f i i ))  / Spec(Z[a])
[ e

  
Spec(Fp )  / Spec(Z)

Q e
where f = i f i i is the factorization of the image of f in Fp [x], and pOK = pei i is
Q
the factorization of pOK in terms of prime ideals of OK . On the level of rings, the
bottom horizontal map is the quotient map Z → Z/pZ ∼ = Fp . The middle horizontal
map is induced by M e
Z[x] → Fp [x]/(f i i ),
i
and the top horizontal map is induced by

OK → OK /pOK ∼
M
= OK /pei i ,

where the isomorphism is by the Chinese Remainder Theorem, which is Theo-

rem 5.1.4 below. The left vertical maps come from the inclusions
e
Fp ,→ Fp [x]/(f i i ) ,→ OK /pei i ,

and the right from the inclusions Z ,→ Z[a] ,→ OK .

The cover π : Spec(Z[a]) → Spec(Z) is easy to understand because it is defined
by the single equation f (x), in the sense that Z[a] ∼
= Z[x]/(f (x)). To give a maximal
ideal p of Z[a] such that π(p) = pZ is the same as giving a homomorphism ϕ :
Z[x]/(f ) → Fp up to automorphisms of the image, which is in turn the same as
giving a root of f in Fp up to automorphism, which is the same as giving an
irreducible factor of the reduction of f modulo p.
Lemma 4.2.1. Suppose the index of Z[a] in OK is coprime to p. Then the primes pi
in the factorization of pZ[a] do not decompose further going from Z[a] to OK , so
finding the prime ideals of Z[a] that contain p yields the primes that appear in the
factorization of pOK .
Proof. Fix a basis for OK and for Z[a] as Z-modules. Form the matrix A whose
columns express each basis element of Z[a] as a Z-linear combination of the basis
for OK . Then
det(A) = ±[OK : Z[a]]
56 CHAPTER 4. FACTORING PRIMES

is coprime to p, by hypothesis. Thus the reduction of A modulo p is invertible, so

it defines an isomorphism Z[a]/pZ[a] ∼ = OK /pOK .
Let Fp denote a fixed algebraic closure of Fp ; thus Fp is an algebraically closed
field of characteristic p, over which all polynomials in Fp [x] factor into linear fac-
tors. Any homomorphism OK → Fp sends p to 0, so is the composition of a
homomorphism OK → OK /pOK with a homomorphism OK /pOK → Fp . Since
OK /pOK ∼ = Z[a]/pZ[a], the homomorphisms OK → Fp are in bijection with the
homomorphisms Z[a] → Fp . The homomorphisms Z[a] → Fp are in bijection with
the roots of the reduction modulo p of the minimal polynomial of a in Fp .

Remark 4.2.2. Here is a “high-brow” proof of Lemma 4.2.1. By hypothesis we have

an exact sequence of abelian groups

0 → Z[a] → OK → H → 0,

where H is a finite abelian group of order coprime to p. Tensor product is right

exact, and there is an exact sequence

Tor1 (H, Fp ) → Z[a] ⊗ Fp → OK ⊗ Fp → H ⊗ Fp → 0,

and Tor1 (H, Fp ) = 0 (since H has no p-torsion), so Z[a] ⊗ Fp ∼

= OK ⊗ F p .
As suggested in the proof of the lemma, we find all homomorphisms OK → Fp
by finding all homomorphism Z[a] → Fp . In terms of ideals, if p = (f (a), p)Z[a] is a
maximal ideal of Z[a], then the ideal p0 = (f (a), p)OK of OK is also maximal, since

OK /p0 ∼
= (OK /pOK )/(f (ã)) ∼
= (Z[a]/pZ[a])/(f (ã)) ⊂ Fp ,

where ã denotes the image of a in OK /pOK .

We formalize the above discussion in the following theorem (note: we will not
prove that the powers are ei here):
Theorem 4.2.3. Let f ∈ Z[x] be the minimal polynomial of a over Z. Suppose
that p - [OK : Z[a]] is a prime. Let
t
Y e
f= f i i ∈ Fp [x]
i=1

where the f i are distinct monic irreducible polynomials. Let pi = (p, fi (a)) where
fi ∈ Z[x] is a lift of f i in Fp [x]. Then
t
Y
pOK = pei i .
i=1

We return to the example from above, in which K = Q(a), where a is a root of

f = x5 + 7x4 + 3x2 − x + 1. The ring of integers OK has discriminant 2945785 =
5 · 353 · 1669, as the following Sage code shows.
4.2. A METHOD FOR FACTORING PRIMES THAT OFTEN WORKS 57

K . <a > = NumberField ( x ^5 + 7* x ^4 + 3* x ^2 - x + 1)

D = K . discriminant (); D

2945785

factor ( D )

5 * 353 * 1669

The order Z[a] has the same discriminant as f (x), which is the same as the discrim-
inant of OK , so Z[a] = OK and we can apply the above theorem. (Here we use that
the index of Z[a] in OK is the square of the quotient of their discriminants, a fact
we will prove later in Section 6.2.)
R . <x > = QQ []
discriminant ( x ^5 + 7* x ^4 + 3* x ^2 - x + 1)

2945785

We have
x5 + 7x4 + 3x2 − x + 1 ≡ (x + 2) · (x + 3)2 · (x2 + 4x + 2) (mod 5),
which yields the factorization of 5OK given before the theorem.
If we replace a by b = 7a, then the index of Z[b] in OK will be a power of 7,
which is coprime to 5, so the above method will still work.
K . <a > = NumberField ( x ^5 + 7* x ^4 + 3* x ^2 - x + 1)
f = (7* a ). minpoly ( ’x ’)
f

x ^5 + 49* x ^4 + 1029* x ^2 - 2401* x + 16807

f . disc ()

235050861175510968365785

factor ( f . disc () / K . disc ())

7^20

f . factor_mod (5)

( x + 4) * ( x + 1)^2 * ( x ^2 + 3* x + 3)

Thus 5 factors in OK as
5OK = (5, 7a + 1)2 · (5, 7a + 4) · (5, (7a)2 + 3(7a) + 3).
If we replace a by b = 5a and try the above algorithm with Z[b], then the method
fails because the index of Z[b] in OK is divisible by 5.
58 CHAPTER 4. FACTORING PRIMES

K . <a > = NumberField ( x ^5 + 7* x ^4 + 3* x ^2 - x + 1)

f = (5* a ). minpoly ( ’x ’)
f

x ^5 + 35* x ^4 + 375* x ^2 - 625* x + 3125

f . factor_mod (5)

x ^5

4.3 A General Method

There are numbers fields K such that OK is not of the form Z[a] for any a ∈ K.
Even worse, Dedekind found a field K such that 2 | [OK : Z[a]] for all a ∈ OK , so
there is no choice of a such that Theorem 4.2.3 can be used to factor 2 for K (see
Example 4.3.2 below).

4.3.1 Inessential Discriminant Divisors

Definition 4.3.1. A prime p is an inessential discriminant divisor if p | [OK : Z[a]]
for every a ∈ OK .

See Example 6.2.7 below for why it is called an inessential “discriminant divisor”
instead of an inessential “index divisor”.
Since [OK : Z[a]]2 is the absolute value of Disc(f (x))/ Disc(OK ), where f (x) is
the characteristic polynomial of f (x), an inessential discriminant divisor divides the
discriminant of the characteristic polynomial of any element of OK .
Example 4.3.2 (Dedekind). Let K = Q(a) be the cubic field defined by a root a
of the polynomial f = x3 + x2 − 2x + 8. We will use Sage to show that 2 is an
inessential discriminant divisor for K.

K . <a > = NumberField ( x ^3 + x ^2 - 2* x + 8); K

Number Field in a with defining polynomial x ^3 + x ^2 - 2* x + 8

K . factor (2)

( Fractional ideal (1/2* a ^2 - 1/2* a + 1)) * \

( Fractional ideal ( - a ^2 + 2* a - 3)) * \
( Fractional ideal ( -3/2* a ^2 + 5/2* a - 4))

Thus 2OK = p1 p2 p3 , with the pi distinct, and one sees directly from the above
expressions that OK /pi ∼= F2 for each i. If OK = Z[a] for some a ∈ OK with
minimal polynomial f , then f (x) ∈ F2 [x] must be a product of three distinct linear
factors, which is impossible, since the only linear polynomials in F2 [x] are x and
x + 1.
4.3. A GENERAL METHOD 59

4.3.2 Remarks on Ideal Factorization in General

Recall (from Definition 2.3.22) that an order in OK is a subring O of OK that has
finite index in OK . For example, if OK = Z[i], then O = Z + 5Z[i] is an order in
OK , and as an abelian group OK /O is cyclic of order 5.
Most algebraic number theory books do not describe an algorithm for decom-
posing primes in the general case. Fortunately, Cohen’s book [Coh93, Ch. 6] does
describe how to solve the general problem, in more than one way. The algorithms
are nontrivial, and occupy a substantial part of Chapter 6 of Cohen’s book. Our
goal for the rest of this section is to give a hint as to what goes into them.
The general solutions to prime ideal factorization are somewhat surprising,
since the algorithms are much more sophisticated than the one suggested by Theo-
rem 4.2.3. However, these complicated algorithms all run very quickly in practice,
even without assuming the maximal order is already known. In fact, they avoid
computing OK altogether, and instead compute only an order O that is p-maximal,
i.e., is such that p - [OK : O].
For simplicity we consider the following slightly easier problem whose solution
illustrates the key ideas needed in the general case.

Problem 4.3.3. Let O be any order in OK and let p be a prime of Z. Find the
prime ideals of O that contain p.

Given a prime p that we wish to factor in OK , we first find a p-maximal order O.

We then use a solution to Problem 4.3.3 to find the prime ideals p of O that contain
p. Second, we find the exponents e such that pe exactly divides pO. The resulting
factorization in O completely determines the factorization of pOK .
A p-maximal order can be found reasonably quickly in practice using algorithms
called “round 2” and “round 4”. To compute OK , given an order Z[α] ⊂ OK , one
takes a sum of p-maximal orders, one for every p such that p2 divides Disc(Z[α]).
The time-consuming part of this computation is finding the primes p such that
p2 | Disc(Z[α]), not finding the p-maximal orders. This example illustrates that a
fast algorithm for factoring integers would not only break the RSA cryptosystems,
but would massively speed up computation of the ring of integers of a number field.
Remark 4.3.4. The MathSciNet review of [BL94] by J. Buhler contains the following:

A result of Chistov says that finding the ring of integers OK in an

algebraic number field K is equivalent, under certain polynomial time
reductions, to the problem of finding the largest squarefree divisor of a
positive integer. No feasible (i.e., polynomial time) algorithm is known
for the latter problem, and it is possible that it is no easier than the
more general problem of factoring integers.

Thus it appears that computing the ring OK is quite hard.

60 CHAPTER 4. FACTORING PRIMES

4.3.3 Finding a p-Maximal Order

Before describing the general factorization algorithm, we sketch some of the theory
behind the general algorithms for computing a p-maximal order O in OK . The main
input is the following theorem:
Theorem 4.3.5 (Pohst-Zassenhaus). Let O be an order in the the ring of integers
OK of a number field, let p ∈ Z be a prime, and let

Ip = {x ∈ O : xm ∈ pO for some m ≥ 1} ⊂ O

be the radical of pO, which is an ideal of O. Let

O0 = {x ∈ K : xIp ⊂ Ip }.

Then O0 is an order and either O0 = O, in which case O is p-maximal, or O ⊂ O0

and p divides [O0 : O].
Proof. We prove here only that [O0 : O] | pn , where n is the degree of K. We have
p ∈ Ip , so if x ∈ O0 , then xp ∈ Ip ⊂ O, which implies that x ∈ p1 O. Since ( p1 O)/O
is of order pn , the claim follows.
To complete the proof, we would show that if O0 = O, then O is already p-
maximal. See [Coh93, §6.1.1] for the rest if this proof.

After deciding on how to represent elements of K and orders and ideals in K,

one can give an efficient algorithm to compute the O0 of the theorem. The algorithm
mainly involves linear algebra over finite fields. It is complicated to describe, but
efficient in practice, and is conceptually simple—just compute O0 . The trick for
reducing the computation of O0 to linear algebra is the following lemma:
Lemma 4.3.6. Define a homomorphism ψ : O ,→ End(Ip /pIp ) given by sending
α ∈ O to left multiplication by the reduction of α modulo p. Then
1
O0 = Ker(ψ).
p
Proof. If x ∈ O0 , then xIp ⊂ IP , so ψ(x) is the 0 endomorphism. Conversely, if
ψ(x) acts as 0 on Ip /pIp , then clearly xIp ⊂ Ip .

Note that to give an algorithm one must also figure out how to explicitly compute
Ip /pIp and the kernel of this map (see the next section for more details).

4.3.4 General Factorization Algorithm of Buchman-Lenstra

We finally give an algorithm to factor pOK in general. This is a summary of the
algorithm described in more detail in [Coh93, §6.2].
Algorithm 4.3.7 (Factoring a Finite Separable Algebra). Let A be a finite sep-
arable algebra over Fp . This algorithm either shows that A is a field or finds a
nontrivial idempotent in A, i.e., an ε ∈ A such that ε2 = ε with ε 6= 0 and ε 6= 1.
4.3. A GENERAL METHOD 61

1. The dimension of the kernel V of the map x 7→ xp − x is equal to k. This is

because abstractly we have that A ≈ A1 × · · · × Ak , with each Ai a finite field
extension of Fp .

2. If k = 1 we are done. Terminate.

3. Otherwise, choose α ∈ V with α 6∈ Fp . (Think of Fp as the diagonal embedding

of Fp in A1 ×· · ·×Ak ). Compute powers of α and find the minimal polynomial
m(X) of α.

4. Since V ≈ Fp × · · · × Fp (k factors), the polynomial m(X) is a square-free

product of linear factors, that has degree > 1 since α 6∈ Fp . Thus we can
compute a splitting m(X) = m1 (X) · m2 (X), where both mi (X) have positive
degree.

5. Use the Euclidean algorithm in Fp [X] to find U1 (X) and U2 (X) such that

U1 m1 + U2 m2 = 1.

6. Let ε = (U1 m1 )(α). Then we have

U1 m1 U1 m1 + U2 m2 U1 m1 = U1 m1 ,

so since (m1 m2 )(α) = m(α) = 01, we have ε2 = ε. Also, since gcd(U1 , m2 ) =

gcd(U2 , m1 ) = 1, we have ε 6= 0 and ε 6= 1.
Given Algorithm 4.3.7, we compute an idempotent ε ∈ A, and observe that

A∼
= Ker(1 − ε) ⊕ Ker(ε).

Since (1 − ε) + ε = 1, we see that (1 − ε)v + εv = v, so that the sum of the two

kernels equals A. Also, if v is in the intersection of the two kernels, then ε(v) = 0
and (1 − ε)(v) = 0, so 0 = (1 − ε)(v) = v − ε(v) = v, so the sum is direct.
Remark 4.3.8. The beginning of [Coh93, §6.2.4] suggests that one can just randomly
find an α ∈ A such that A ∼ = Fp [x]/(m(x)) where m is the minimal polynomial of α.
This is usually the case, but is wrong in general, since there need not be an α ∈ A
such that A ∼= Fp [α]. For example, let p = 2 and K be as in Example 4.3.2. Then
A∼ = F2 × F2 × F2 , which as a ring is not generated by a single element, since there
are only 2 distinct linear polynomials over F2 [x].
Algorithm 4.3.9 (Factoring a General Prime Ideal). Let K = Q(a) be a number
field given by an algebraic integer a as a root of its minimal monic polynomial f
of degree n. We assume that an order O has been given by a basis w1 , . . . , wn and
that O that contains Z[a]. For any prime p ∈ Z, the following algorithm computes
the set of maximal ideals of O that contain p.
1. [Check if easy] If p - disc(Z[a])/ disc(O) (so p - [O : Z[a]]), then using Theo-
rem 4.2.3 we factor pO.
62 CHAPTER 4. FACTORING PRIMES

2. [Compute radical] Let I be the radical of pO, which is the ideal of elements
x ∈ O such that xm ∈ pO for some positive integer m. Note that pO ⊂ I, i.e.,
I | pO; also I is the product of the primes that divide p, without multiplicity.
Using linear algebra over the finite field Fp , we compute a basis for I/pO
by computing the abelian subgroup of O/pO of all nilpotent elements. This
computes I, since pO ⊂ I.

3. [Compute quotient by radical] Compute an Fp basis for

A = O/I = (O/pO)/(I/pO).

The second equality comes from the fact that pO ⊂ I. Note that O/pO is
obtained by simply reducing the basis w1 , . . . , wn modulo p. Thus this step
entirely involves linear algebra modulo p.

4. [Decompose quotient] The ring A is isomorphic to the quotient of O by a

radical ideal, so it decomposes as a product A ∼
= A1 × · · · × Ak of finite fields.
We find such a decomposition explicitly using Algorithm 4.3.7.

5. [Compute the maximal ideals over p] Each maximal ideal pi lying over p is
the kernel of one of the compositions

O → A ≈ A1 × · · · × Ak → Ai .

Algorithm 4.3.9 finds all primes of O that contain the radical I of pO. Every
such prime clearly contains p, so to see that the algorithm is correct, we prove that
the primes p of O that contain p also contain I. If p is a prime of O that contains p,
then pO ⊂ p. If x ∈ I then xm ∈ pO for some m, so xm ∈ p which implies that
x ∈ p by the primality of p. Thus p contains I, as required. Note that we do not
find the powers of primes that divide p in Algorithm 4.3.9; that’s left to another
algorithm that we will not discuss in this book.
Algorithm 4.3.9 was invented by J. Buchmann and H. W. Lenstra, though their
paper seems to have never been published; however, the algorithm is described in
detail in [Coh93, §6.2.5]. Incidentally, this chapter is based on Chapters 4 and 6 of
[Coh93], which is highly recommended, and goes into much more detail about these
algorithms.
Chapter 5

The Chinese Remainder

Theorem

In this chapter, we prove the Chinese Remainder Theorem (CRT) for arbitrary com-
mutative rings, then apply CRT to prove that every ideal in a Dedekind domain R is
generated by at most two elements. We also prove that pn /pn+1 is (noncanonically)
isomorphic to R/p as an R-module, for any nonzero prime ideal p of R. The tools
we develop in this chapter will be used frequently to prove other results later.

5.1 The Chinese Remainder Theorem

5.1.1 CRT in the Integers
The classical CRT asserts that if n1 , . . . , nr are integers that are coprime in pairs,
and a1 , . . . , ar are integers, then there exists an integer a such that a ≡ ai (mod ni )
for each i = 1, . . . , r. Here “coprime in pairs” means that gcd(ni , nj ) = 1 whenever
i 6= j; it does not mean that gcd(n1 , . . . , nr ) = 1, though it implies this. In terms
of rings, CRT asserts that the natural map

Z/(n1 · · · nr )Z → (Z/n1 Z) ⊕ · · · ⊕ (Z/nr Z) (5.1.1)

that sends a ∈ Z to its reduction modulo each ni , is an isomorphism.

This map is never an isomorphism if the ni are not coprime. Indeed, the cardi-
nality of the image of the left hand side of (5.1.1) is lcm(n1 , . . . , nr ), since it is the
image of a cyclic group and lcm(n1 , . . . , nr ) is the largest order of an element of the
right hand side, whereas the cardinality of the right hand side is n1 · · · nr .
The isomorphism (5.1.1) can alternatively be viewed as asserting that any system
of linear congruences

x ≡ a1 (mod n1 ), x ≡ a2 (mod n2 ), ..., x ≡ ar (mod nr )

with pairwise coprime moduli has a unique solution modulo n1 · · · nr .

63
64 CHAPTER 5. THE CHINESE REMAINDER THEOREM

Before proving the CRT in more generality, we prove (5.1.1). There is a natural
map
φ : Z → (Z/n1 Z) ⊕ · · · ⊕ (Z/nr Z)
given by projection onto each factor. Its kernel is

n1 Z ∩ · · · ∩ nr Z.

If n and m are integers, then nZ ∩ mZ is the set of multiples of both n and m, so

nZ ∩ mZ = lcm(n, m)Z. Since the ni are coprime,

n1 Z ∩ · · · ∩ nr Z = n1 · · · nr Z.

Thus we have proved there is an inclusion

i : Z/(n1 · · · nr )Z ,→ (Z/n1 Z) ⊕ · · · ⊕ (Z/nr Z). (5.1.2)

This is half of the CRT; the other half is to prove that this map is surjective. In
this case, it is clear that i is also surjective, because i is an injective map between
finite sets of the same cardinality. We will, however, give a proof of surjectivity that
doesn’t use finiteness of the above two sets.
To prove surjectivity of i, note that since the ni are coprime in pairs,

gcd(n1 , n2 · · · nr ) = 1,

so there exists integers x, y such that

xn1 + yn2 · · · nr = 1.

To complete the proof, observe that yn2 · · · nr = 1 − xn1 is congruent to 1 modulo

n1 and 0 modulo n2 · · · nr . Thus (1, 0, . . . , 0) = i(yn2 · · · nr ) is in the image of i. By
a similar argument, we see that (0, 1, . . . , 0) and the other similar elements are all
in the image of i, so i is surjective, which proves CRT.

5.1.2 CRT in General

Recall that all rings in this book are commutative with unity. Let R be such a ring.
Definition 5.1.1 (Coprime). Ideals I and J of R are coprime if I + J = (1).
For example, if I and J are nonzero ideals in a Dedekind domain, then they are
coprime precisely when the prime ideals that appear in their two (unique) factor-
izations are disjoint.
Lemma 5.1.2. If I and J are coprime ideals in a ring R, then I ∩ J = IJ.
Proof. Choose x ∈ I and y ∈ J such that x + y = 1. If c ∈ I ∩ J then

c = c · 1 = c · (x + y) = cx + cy ∈ IJ + IJ = IJ,

so I ∩ J ⊂ IJ. The other inclusion is obvious by the definition of an ideal.

5.2. STRUCTURAL APPLICATIONS OF THE CRT 65

Lemma 5.1.3. Suppose I1 , . . . , Is are pairwise coprime ideals. Then I1 is coprime

to the product I2 · · · Is .

Proof. In the special case of a Dedekind domain, we could easily prove this lemma
using unique factorization of ideals as products of primes (Theorem 3.2.6); instead,
we give a direct general argument.
It suffices to prove the lemma in the case s = 3, since the general case then follows
from induction. By assumption, there are x1 ∈ I1 , y2 ∈ I2 and a1 ∈ I1 , b3 ∈ I3 such

x1 + y2 = 1 and a1 + b3 = 1.

Multiplying these two relations yields

x1 a1 + x1 b3 + y2 a1 + y2 b3 = 1 · 1 = 1.

The first three terms are in I1 and the last term is in I2 I3 = I2 ∩I3 (by Lemma 5.1.2),
so I1 is coprime to I2 I3 .

Next we prove the general Chinese Remainder Theorem. We will apply this
result with R = OK in the rest of this chapter.

Theorem 5.1.4 (Chinese Remainder Theorem). Suppose I1 , . . . , Ir are nonzero

L Im and In are coprime for any m 6= n. Then the natural
ideals of a ring R such
homomorphism R → rn=1 R/In induces an isomorphism
r
Y r
M
ψ : R/ In → R/In .
n=1 n=1

Thus given any an ∈ R, for n = 1, . . . , r, there exists some Qra ∈ R such that a ≡ an
(mod In ) for n = 1, . . . , r; moreover, a is unique modulo n=1 In .

Proof. Let ϕ : R → rn=1 R/In be the natural map induced by reduction modulo
L
the In . An inductive
Qr application of Lemma 5.1.2 implies that the kernel ∩rn=1 In
of ϕ is equal to n=1 In , so the map ψ of the theorem is injective.
Each projection R → R/In is surjective, so to prove that ψ is surjective, it
suffices to show that (1, 0, . . . , Q
0) is in the image of ϕ, and similarly for the other
factors. By Lemma 5.1.3, J = rn=2 In is coprime to I1 , so there exists x ∈ I1 and
y ∈ J such that x + y = 1. Then y = 1 − x maps to 1 in R/I1 and to 0 in R/J,
hence to 0 in R/In for each n ≥ 2, since J ⊂ In .

5.2 Structural Applications of the CRT

Let OK be the ring of integers of some number field K, and suppose I is a nonzero
ideal of OK . As an abelian group OK is free of rank [K : Q], and I is of finite
index in OK , so I is generated by [K : Q] generators as an abelian group, so as
an R-ideal I requires at most [K : Q] generators. The main result of this section
66 CHAPTER 5. THE CHINESE REMAINDER THEOREM

asserts something better, namely that I can be generated as an ideal by at most

two elements. Moreover, our result is more general, since it applies to an arbitrary
Dedekind domain R. Thus, for the rest of this section, R is any Dedekind domain,
e.g., the ring of integers of either a number field or function field. We use CRT to
prove that every ideal of R can be generated by two elements.
Remark 5.2.1. Caution – If we replace R by an order in a Dedekind domain, i.e.,
by a subring of finite index,then there may be ideals that require far more than 2
generators.
Suppose that I is a nonzero integral ideal of R. If a ∈ I, then (a) ⊂ I, so I
divides (a) and the quotient (a)I −1 is an integral ideal. The following lemma asserts
that (a) can be chosen so the quotient (a)I −1 is coprime to any given ideal.

Lemma 5.2.2. If I and J are nonzero integral ideals in R, then there exists an
a ∈ I such that the integral ideal (a)I −1 is coprime to J.

Before we give the proof in general, note that the lemma is trivial when I is
principal, since if I = (b), just take a = b, and then (a)I −1 = (a)(a−1 ) = (1) is
coprime to every ideal.

Proof. Let p1 , . . . , pr be the prime divisors of J. For each n, let vn be the largest
power of pn that divides I. Since pvnn 6= pvnn +1 , we can choose an element an ∈ pvnn
that is not in pnvn +1 . By Theorem 5.1.4 applied to the r + 1 coprime integral ideals
Y −1
pv11 +1 , . . . , pvrr +1 , I · pvnn ,

there exists a ∈ R such that

a ≡ an (mod pvnn +1 )

for all n = 1, . . . , r and also

 Y −1 
a≡0 mod I · pvnn .

To complete the proof we show that (a)I −1 is not divisible by any pn , or equiva-
lently, that each pvnn exactly divides (a). First we show that pvnn divides (a). Because
a ≡ an (mod pvnn +1 ), there exists b ∈ pvnn +1 such that a = an +b. Since an ∈ pvnn and
b ∈ pnvn +1 ⊂ pvnn , it follows that a ∈ pvnn , so pvnn divides (a). Now assume for the sake
of contradiction that pvnn +1 divides (a); then an = a − b ∈ pvnn +1 , which contradicts
that we chose an 6∈ pvnn +1 . Thus pvnn +1 does not divide (a), as claimed.

Proposition 5.2.3. Suppose I is a fractional ideal in a Dedekind domain R. Then

there exist a, b ∈ K such that I = (a, b) = {αa + βb : α, β ∈ R}.
5.2. STRUCTURAL APPLICATIONS OF THE CRT 67

Proof. If I = (0), then I is generated by 1 element and we are done. If I is not

an integral ideal, then there is an x ∈ K such that xI is an integral ideal, and the
number of generators of xI is the same as the number of generators of I, so we may
assume that I is an integral ideal.
Let a be any nonzero element of the integral ideal I. We will show that there
is some b ∈ I such that I = (a, b). Let J = (a). By Lemma 5.2.2, there exists b ∈ I
such that (b)I −1 is coprime to (a). Since a, b ∈ I, we have I | (a) and I | (b), so
I | (a, b). Suppose pn | (a, b) with p prime and n ≥ 1. Then pn | (a) and pn | (b),
so p - (b)I −1 , since (b)I −1 is coprime to (a). We have pn | (b) = I · (b)I −1 and
p - (b)I −1 , so pn | I. Thus by unique factorization of ideals in R we have that
(a, b) | I. Since I | (a, b) we conclude that I = (a, b), as claimed.

We can also use Theorem 5.1.4 to determine the R-module structure of pn /pn+1 .
Proposition 5.2.4. Let p be a nonzero prime ideal of R, and let n ≥ 0 be an
integer. Then pn /pn+1 ∼
= R/p as R-modules.
Proof 1 . Since pn 6= pn+1 , by unique factorization, there is an element b ∈ pn
such that b 6∈ pn+1 . Let ϕ : R → pn /pn+1 be the R-module morphism defined
by ϕ(a) = ab. The kernel of ϕ is p since clearly ϕ(p) = 0 and if ϕ(a) = 0 then
ab ∈ pn+1 , so pn+1 | (a)(b), so p | (a), since pn+1 does not divide (b). Thus ϕ induces
an injective R-module homomorphism R/p ,→ pn /pn+1 .
It remains to show that ϕ is surjective, and this is where we will use Theo-
rem 5.1.4. Suppose c ∈ pn . By Theorem 5.1.4 there exists d ∈ R such that

d ≡ c (mod pn+1 ) and d≡0 (mod (b)/pn ).

We have pn | (d) since d ∈ pn and (b)/pn | (d) by the second displayed condition, so
since p - (b)/pn , we have (b) = pn · (b)/pn | (d), hence d/b ∈ R. Finally
 
d d
ϕ ≡ · b (mod pn+1 ) ≡ d (mod pn+1 ) ≡ c (mod pn+1 ),
b b
so ϕ is surjective.

Exercise 5.2.5. (See [Mar77, Thm. 22(a)]) Let R be a Dedekind domain and p a
nonzero prime ideal in R. Show that #(R/pm ) = #(R/p)m .
Note: #(R/p) is not finite in general! For example, The ring of formal power
series k[[t]] for some field k is a Dedekind domain and the residue field at the prime
(t) is k.
[Hint: Consider the exact sequence

0 → p/pm → R/pm → R/pm−1 → 0

and the chain

pm ⊆ pm−1 ⊆ · · · ⊆ p2 ⊆ p.
]
68 CHAPTER 5. THE CHINESE REMAINDER THEOREM

Remark 5.2.6. There is one special case of the previous exercise that you probably
have seen before: the size of Z/4Z is the same as (Z/2Z)2 . In fact you might have
seen a proof of the fact that Z/nm Z has the same cardinality as (Z/nZ)m in a
standard group theory or abstract algebra course.

5.3 Computing Using the CRT

In order to explicitly compute an a as given by Theorem 5.1.4, usually one first
precomputes elements v1 , . . . , vr ∈ R such that v1 7→ (1, 0, . . . , 0), v2 7→ (0, 1, . . . , 0),
etc. Then given any an ∈ R, for n = 1, . . . , r, we obtain an a ∈ R with an ≡ a
(mod In ) by taking
a = a1 v1 + · · · + ar vr .
How to compute the vi depends on the ring R. It reduces to the following problem:
Given coprimes ideals I, J ⊂ R, find x ∈ I and y ∈ J such that x + y = 1. If
R is torsion free and of finite rank as a Z-module, so R ≈ Zn , then I, J can be
represented by giving a basis in terms of a basis for R, and finding x, y such that
x + y = 1 can then be reduced to a problem in linear algebra over Z. More precisely,
let A be the matrix whose columns are the concatenation of a basis for I with a
basis for J. Suppose v ∈ Zn corresponds to 1 ∈ Zn . Then finding x, y such that
x + y = 1 is equivalent to finding a solution z ∈ Zn to the matrix equation Az = v.
This latter linear algebra problem can be solved using Hermite normal form (see
[Coh93, §4.7.1]), which is a generalization over Z of reduced row echelon form.

5.3.1 Sage
[[TODO]]

5.3.2 Magma
The Magma command ChineseRemainderTheorem implements the algorithm sug-
gested by Theorem 5.1.4. In the following example,√ we compute a prime over (3)
and a prime over (5)√of the ring of integers of Q( 3 2), and find an element of OK
that is congruent to 3 2 modulo one prime and 1 modulo the other.

> R<x> := PolynomialRing(RationalField());

> K<a> := NumberField(x^3-2);
> OK := RingOfIntegers(K);
> I := Factorization(3*OK)[1][1];
> J := Factorization(5*OK)[1][1];
> I;
Prime Ideal of OK
Two element generators:
[3, 0, 0]
[4, 1, 0]
5.3. COMPUTING USING THE CRT 69

> J;
Prime Ideal of OK
Two element generators:
[5, 0, 0]
[7, 1, 0]
> b := ChineseRemainderTheorem(I, J, OK!a, OK!1);
> K!b;
-4
> b - a in I;
true
> b - 1 in J;
true

5.3.3 PARI
There is also a CRT algorithm
√ for number fields in PARI, but it is more cumbersome
to use. First we defined Q( 3 2) and factor the ideals (3) and (5).
? f = x^3 - 2;
? k = nfinit(f);
? i = idealfactor(k,3);
? j = idealfactor(k,5);
Next we form matrix whose rows correspond to a product of two primes, one
dividing 3 and one dividing 5:
? m = matrix(2,2);
? m[1,] = i[1,];
? m[1,2] = 1;
? m[2,] = j[1,];
Note that we set m[1,2] = 1, so the exponent is 1 instead of 3. We apply the CRT
to obtain a lift in terms of the basis for OK .
? ?idealchinese
idealchinese(nf,x,y): x being a prime ideal factorization and y
a vector of elements, gives an element b such that
v_p(b-y_p)>=v_p(x) for all prime ideals p dividing x,
and v_p(b)>=0 for all other p.
? idealchinese(k, m, [x,1])
[0, 0, -1]~
? nfbasis(f)
[1, x, x^2]
√
Thus PARI finds the lift −( 3 2)2 , and we finish by verifying that this lift is correct.
I couldn’t figure out how to test for ideal membership in PARI, so here we just
check that the prime ideal plus the element is not the unit ideal, which since the
ideal is prime, implies membership.
70 CHAPTER 5. THE CHINESE REMAINDER THEOREM

? idealadd(k, i[1,1], -x^2 - x)

[3 1 2]
[0 1 0]
[0 0 1]
? idealadd(k, j[1,1], -x^2-1)
[5 2 1]
[0 1 0]
[0 0 1]
Chapter 6

Discrimants and Norms

In this chapter we give a geometric interpretation of the discriminant of an order in

a number field. We also define norms of ideals and prove that the norm function is
multiplicative. Discriminants of orders and norms of ideals will play a crucial role
in our proof of finiteness of the class group in the next chapter.

6.1 Viewing OK as a Lattice in a Real Vector Space

Let K be a number field of degree n. By the primitive element theorem, K = Q(α)
for some α, so we can write K ∼= Q[x]/(f ), where f ∈ Q[x] is the minimal polynomial
of α. Because C is algebraically closed and f is irreducible, it has exactly n = [K : Q]
complex roots. Each of these roots z ∈ C induces a homomorphism Q[x] → C
given by x 7→ z, whose kernel is the ideal (f ). Thus we obtain n embeddings of
K∼ = Q[x]/(f ) into C:
σ1 , . . . , σn : K ,→ C.
√
Example 6.1.1. We compute the embeddings listed above for K = Q( 3 2).

K = QQ [2^(1/3)]; K

Number Field in a with defining polynomial x ^3 - 2

K . c o m p l e x _ e m b e d d i n g s ()

[ Ring morphism : ...

Defn : a | - - > -0.629960524947 - 1. 0911236 3597* I ,
Ring morphism : ...
Defn : a | - - > -0.629960524947 + 1. 0911236 3597* I ,
Ring morphism : ...
Defn : a | - - > 1.259 92104989 ]

Let σ : K ,→ Cn be the map a 7→ (σ1 (a), . . . , σn (a)), and let V = Rσ(K) be the
R-span of the image σ(K) of K inside Cn .

71
72 CHAPTER 6. DISCRIMANTS AND NORMS

Lemma 6.1.2. Suppose L ⊂ Rn is a subgroup of the vector space Rn . Then the

induced topology on L is discrete if and only if for every H > 0 the set

XH = {v ∈ L : max{|v1 |, . . . , |vn |} ≤ H}

is finite.

Proof. If L is not discrete, then there is a point x ∈ L such that for every ε > 0
there is y ∈ L such that 0 < |x − y| < ε. By choosing smaller and smaller ε, we
find infinitely many elements x − y ∈ L all of whose coordinates are smaller than 1.
The set X1 is thus not finite. Thus if the sets XH are all finite, L must be discrete.
Next assume that L is discrete and let H > 0 be any positive number. Then
for every x ∈ XH there is an open ball Bx that contains x but no other element
of L. Since XH is closed and bounded, the Heine-Borel theorem implies that XH is
compact, so the open covering ∪Bx of XH has a finite subcover, which implies that
XH is finite, as claimed.

Lemma 6.1.3. If L if a free abelian group that is discrete in a finite-dimensional

real vector space V and RL = V , then the rank of L equals the dimension of V .

Proof. Let x1 , . . . , xm ∈ L be an R-vector space basis for RL, and consider the
Z-submodule M = Zx1 + · · · + Zxm of L. If the quotient L/M is infinite, then
there are infinitely many distinct elements of L that all lie in a fundamental domain
for M , so Lemma 6.1.2 implies that L is not discrete. This is a contradiction, so
L/M is finite, and the rank of L is m = dim(RL), as claimed.

Proposition 6.1.4. The R-vector space V = Rσ(K) spanned by the image σ(K)
of K has dimension n.

Proof. We prove this by showing that the image σ(OK ) is discrete. If σ(OK ) were
not discrete it would contain elements all of whose coordinates are simultaneously
arbitrarily small. The norm of an element a ∈ OK is the product of the entries of
σ(a), so the norms of nonzero elements of OK would go to 0. This is a contradiction,
since the norms of nonzero elements of OK are nonzero integers.
Since σ(OK ) is discrete in Cn , Lemma 6.1.3 implies that dim(V ) equals the
rank of σ(OK ). Since σ is injective, dim(V ) is the rank of OK , which equals n by
Proposition 2.4.5.

6.1.1 A Determinant
Suppose w1 , . . . , wn is a basis for OK , and let A be the matrix whose ith row is
σ(wi ). Consider the determinant det(A).
Example 6.1.5. The ring OK = Z[i] of integers of K = Q(i) has Z-basis w1 = 1,
w2 = i. The map σ : K → C2 is given by

σ(a + bi) = (a + bi, a − bi) ∈ C2 .

6.2. DISCRIMINANTS 73

The image σ(OK ) is spanned by (1, 1) and (i, −i). The determinant is
 
 1 1 
 i −i  = −2i.
 

√ √
Let OK = Z[ 2] be the ring of integers of K = Q( 2). The map σ is
√ √ √
σ(a + b 2) = (a + b 2, a − b 2) ∈ R2 ,

and  
A= √1 1
√ ,
2 − 2
√
which has determinant −2 2.
As the above example illustrates, the determinant det(A) most certainly need
not be an integer. However, as we will see, it’s square is an integer that does not
depend on our choice of basis for OK .

6.2 Discriminants
Suppose w1 , . . . , wn is a basis for OK as a Z-module, which we view as a Q-vector
space. Let σ : K ,→ Cn be the embedding σ(a) = (σ1 (a), . . . , σn (a)), where
σ1 , . . . , σn are the distinct embeddings of K into C. Let A be the matrix whose
rows are σ(w1 ), . . . , σ(wn ).
Changing our choice of basis for OK is the same as left multiplying A by an
integer matrix U of determinant ±1, which changes det(A) by ±1. This leads us to
consider det(A)2 instead, which does not depend on the choice of basis; moreover,
as we will see, det(A)2 is an integer. Note that

det(A)2 = det(AA) = det(A) det(A) = det(A) det(At ) = det(AAt )

   
X X
= det  σk (wi )σk (wj ) = det  σk (wi wj )
k=1,...,n k=1,...,n

= det(Tr(wi wj )1≤i,j≤n ),

so det(A)2 can be defined purely in terms of the trace without mentioning the
embeddings σi . Moreover, if we change basis hence multiplying A by some U with
determinant ±1, then det(U A)2 = det(U )2 det(A)2 = det(A)2 . Because det(A) is
an algebraic integer and Tr(wi wj ) ∈ Q, it follows that det(A)2 is an algebraic integer
in Q. Thus det(A)2 ∈ Z is well defined as a quantity associated to OK .
If we view K as a Q-vector space, then (x, y) 7→ Tr(xy) defines a bilinear pairing
K × K → Q on K, which we call the trace pairing. The following lemma asserts
that this pairing is nondegenerate, so det(Tr(wi wj )) 6= 0 hence det(A) 6= 0.

Lemma 6.2.1. The trace pairing is nondegenerate.

74 CHAPTER 6. DISCRIMANTS AND NORMS

Proof. If the trace pairing is degenerate, then there exists 0 6= a ∈ K such that
for every b ∈ K we have Tr(ab) = 0. In particularly, taking b = a−1 we see that
0 = Tr(aa−1 ) = Tr(1) = [K : Q] > 0, which is absurd.

Definition 6.2.2 (Discriminant). Suppose a1 , . . . , an is any Q-basis of K. The

discriminant of a1 , . . . , an is

Disc(a1 , . . . , an ) = det(Tr(ai aj )1≤i,j≤n ) ∈ Q.

The discriminant Disc(O) of an order O in OK is the discriminant of any Z-basis

for O. The discriminant dK = Disc(K) of the number field K is the discriminant
of OK . Note that these discriminants are all nonzero by Lemma 6.2.1.

Remark 6.2.3. It is also standard to define the discriminant of a monic polynomial

to be the product of the differences of the roots. If α ∈ OK with Z[α] of finite index
in OK , and f is the minimal polynomial of α, then Disc(f ) = Disc(Z[α]). To see
this, note that if we choose the basis 1, α, . . . , αn−1 for Z[α], then both discriminants
are the square of the same Vandermonde determinant.
Remark 6.2.4. If S/R is an extension of Dedekind domains, with S a free R module
of finite rank, then the above definition of a relative discriminant of S/R does not
make sense in general. The problem is that R may have more units than {±1},
in which case det(A2 ) is not well defined. To generalize the notion of discriminant
to arbitrary finite extensions of Dedekind domains, one must instead introduce a
discriminant ideal.
Example 6.2.5. In Sage, we compute the discriminant of a number field or order
using the discriminant command:

K . <a > = NumberField ( x ^2 - 5)

K . discriminant ()

This also works for orders (notice the square factor below, which will be explained
by Proposition 6.2.6):

R = K . order ([7* a ]); R

Order in Number Field in a with defining polynomial x ^2 - 5

factor ( R . discriminant ())

2^2 * 5 * 7^2

Warning: In Magma Disc(K) is defined to be the discriminant of the polynomial

you happened to use to define K.
6.2. DISCRIMINANTS 75

> K := NumberField ( x ˆ2 −5);

> D i s c r i m i n a n t (K) ;
20

This is an intentional choice done for efficiency reasons, since computing the maxi-
mal order can take a long time. Nonetheless, it conflicts with standard mathematical
usage, so beware.
The following proposition asserts that the discriminant of an order O in OK is
bigger than disc(OK ) by a factor of the square of the index.
Proposition 6.2.6. Suppose O is an order in OK . Then
Disc(O) = Disc(OK ) · [OK : O]2 .
Proof. Let A be a matrix whose rows are the images via σ of a basis for OK ,
and let B be a matrix whose rows are the images via σ of a basis for O. Since
O ⊂ OK has finite index, there is an integer matrix C such that CA = B, and
|det(C)| = [OK : O]. Then
Disc(O) = det(B)2 = det(CA)2 = det(C)2 det(A)2 = [OK : O]2 · Disc(OK ).

Example 6.2.7. Let K be a number field and consider the quantity

D(K) = gcd{Disc(α) : α ∈ OK and [OK : Z[α]] < ∞}.
One might hope that D(K) is equal to the discriminant Disc(OK ) of K, but this is
not the case in general. Recall Example 4.3.2, in which we considered the field K
generated by a root of f = x3 + x2 − 2x + 8. In that example, the discriminant of
OK is −503 with 503 prime:
K . <a > = NumberField ( x ^3 + x ^2 - 2* x + 8)
factor ( K . discriminant ())

-1 * 503

For every α ∈ OK , we have 2 | [OK : Z[α]], since OK fails to be monogenic at 2. By

Proposition 6.2.6, the discriminant of Z[α] is divisible by 4 for all α, so Disc(α) is
also divisible by 4. This is why 2 is called an “inessential discriminant divisor”.
Proposition 6.2.6 gives an algorithm for computing OK , albeit a slow one.
Given K, find some order O ⊂ K, and compute d = Disc(O). Factor d, and use
the factorization to write d = s · f 2 , where f 2 is the largest square that divides d.
Then the index of O in OK is a divisor of f , and we (tediously) can enumerate
all rings R with O ⊂ R ⊂ K and [R : O] | f , until we find the largest one all of
whose elements are integral. A much better algorithm is to proceed exactly as just
described, except use the ideas of Section 4.3.3 to find a p-maximal order for each
prime divisor of f , then add these p-maximal orders together.
76 CHAPTER 6. DISCRIMANTS AND NORMS
√ √
Example 6.2.8. Consider the ring OK = √ Z[(1 + 5)/2] of integers of K = Q( 5).
The discriminant of the basis 1, a = (1 + 5)/2 is
 
 2 1 
Disc(OK ) =    = 5.
1 3 
√ √ √
Let O = Z[ 5] be the order generated by 5. Then O has basis 1, 5, so
 
 2 0 
Disc(O) =   = 20 = [OK : O]2 · 5,
0 10 

hence [OK : O] = 2.
√ √
Example 6.2.9. Consider √ the√cubic field K = Q( 3 2), and let O be the order Z[ 3 2].
Relative to the base 1, 3 2, ( 3 2)2 for O, the matrix of the trace pairing is
 
3 0 0
A = 0 0 6  .
0 6 0

Thus
disc(O) = det(A) = 108 = 22 · 33 .
Suppose we do not know that the ring of integers OK is equal to O. By Proposi-
tion 6.2.6, we have
Disc(OK ) · [OK : O]2 = 22 · 33 ,
so 3 | disc(OK ), and [OK : O] | 6. Thus to prove O = OK it suffices to prove
that O is 2-maximal and 3-maximal, which could be accomplished as described in
Section 4.3.3.

6.3 Norms of Ideals

In this section we extend the notion of norm to ideals. This will be helpful in
the next chapter, where we will prove that the group of fractional ideals modulo
principal fractional ideals of a number field is finite by showing that every ideal is
equivalent to an ideal with norm at most some bound. This is enough, because as
we will see below there are only finitely many ideals of bounded norm.
Definition 6.3.1 (Lattice Index). If L and M are two lattices in a vector space V ,
then the lattice index [L : M ] is by definition the absolute value of the determinant
of any linear automorphism A of V such that A(L) = M .
For example, if L = 2Z and M = 10Z, then

[L : M ] = [2Z : 10Z] = det([5]) = 5,

since 5 multiplies 2Z onto 10Z.

The lattice index has the following properties:
6.3. NORMS OF IDEALS 77

• If M ⊂ L, then [L : M ] = #(L/M ).
• If M, L, N are any lattices in V , then
[L : N ] = [L : M ] · [M : N ].

Definition 6.3.2 (Norm of Fractional Ideal). Suppose I is a fractional ideal of OK .

The norm of I is the lattice index
Norm(I) = [OK : I] ∈ Q≥0 ,
or 0 if I = 0.
Note that if I is an integral ideal, then Norm(I) = #(OK /I).
Lemma 6.3.3. Suppose a ∈ K and I is an integral ideal. Then
 
Norm(aI) = NormK/Q (a) Norm(I).
Proof. By properties of the lattice index mentioned above we have
 
[OK : aI] = [OK : I] · [I : aI] = Norm(I) · NormK/Q (a) .
 
Here we have used that [I : aI] = NormK/Q (a), which is because left multiplication
`a by a is an automorphism of K that sends I onto aI, so
 
[I : aI] = |det(`a )| = NormK/Q (a) .

Proposition 6.3.4. If I and J are fractional ideals, then

Norm(IJ) = Norm(I) · Norm(J).
Proof. By Lemma 6.3.3, it suffices to prove this when I and J are integral ideals. If
I and J are coprime, then Theorem 5.1.4 (the Chinese Remainder Theorem) implies
that Norm(IJ) = Norm(I) · Norm(J). Thus we reduce to the case when I = pm
and J = pk for some prime ideal p and integers m, k. By Proposition 5.2.4, which is
a consequence of CRT, the filtration of OK /pn given by powers of p has successive
quotients isomorphic to OK /p. Thus we see that #(OK /pn ) = #(OK /p)n , which
proves that Norm(pn ) = Norm(p)n .
Example 6.3.5. We compute some ideal norms using Sage.
K . <a > = NumberField ( x ^2 - 5)
I = K . f r a c t i o na l _ i d e a l ( a )
I . norm ()

J = K . f r a c t i o na l _ i d e a l (17)
J . norm ()

289
78 CHAPTER 6. DISCRIMANTS AND NORMS

We can also use functional notation:

norm ( I * J )

1445

We will use the following proposition in the next chapter when we prove finite-
ness of class groups.

Proposition 6.3.6. Fix a number field K. Let B be a positive integer. There are
only finitely many integral ideals I of OK with norm at most B.

Proof. An integral ideal I is a subgroup of OK of index equal to the norm of I. If G

is any finitely generated abelian group, then there are only finitely many subgroups
of G of index at most B. This is because the subgroups of index dividing an integer
n are all subgroups of G that contain nG, and the group G/nG is finite.
Chapter 7

Finiteness of the Class Group

Frequently OK is not a principal ideal domain. This chapter is about a way to

understand how badly OK fails to be a principal ideal domain. The class group of
OK measures this failure. As one sees in a course on Class Field Theory, the class
group and its generalizations also yield deep insight into the extensions of K that
are Galois with abelian Galois group.
In Section 7.1, we define the class group and state the main theorem of this
chapter.
√ We then illustrate the implications of this theorem in detail for the field
Q( 10), proving that it has class group of order 2. Next, we prove several geometric
lemmas, building very heavily on ours results from Chapter 6. Finally, we close the
section by giving a complete proof of finiteness of the class group, but leave an
explicit upper bound as an exercise in calculus. In Section 7.2 we very briefly
discuss how often number fields have class number 1. Finally, in Section 7.3 we
further discuss how to compute class groups, though nothing we do in this book
begins to approach the state of the art regarding such computations – for that, see
Cohen’s books.

7.1 The Class Group

Definition 7.1.1 (Class Group). Let OK be the ring of integers of a number field K.
The class group CK of K is the group of fractional ideals modulo the sugroup of
principal fractional ideals (a), for a ∈ K.

Note that if we let Div(OK ) denote the group of fractional ideals, then we have
an exact sequence

∗
0 → OK → K ∗ → Div(OK ) → CK → 0.

That the class group CK is finite follows from the first part of the following theo-
rem and that there are only finitely many ideals of norm less than a given integer
(Proposition 6.3.6).

79
80 CHAPTER 7. FINITENESS OF THE CLASS GROUP

Theorem 7.1.2 (Finiteness of the Class Group). Let K be a number field. There
is a constant Cr,s that depends only on the number r, s of real and pairs of complex
conjugate embeddings of K p such that every ideal class of OK contains an integral
ideal of norm at most Cr,s |dK |, where dK = Disc(OK ). Thus by Proposition 6.3.6
the class group CK of K is finite. In fact, one can take
 s
4 n!
Cr,s = .
π nn
The explicit bound in the theorem
 s
4 n! p
MK = · |dK |
π nn
is called the Minkowski bound. There are other better bounds, but they depend on
unproven conjectures.
The following two examples illustrate how to apply Theorem 7.1.2 to compute
CK in simple cases.
Example 7.1.3. Let K = Q[i]. Then n = 2, s = 1, and |dK | = 4, so the Minkowski
bound is  1
√ 4 2! 4
4· 2
= < 2.
π 2 π
Thus every fractional ideal is equivalent to an ideal of norm 1. Since (1) is the only
ideal of norm 1, every ideal is principal, so CK is trivial.
√ √
Example 7.1.4. Let K = Q( 10). We have OK = Z[ 10], so n = 2, s = 0,
|dK | = 40, and the Minkowski bound is
 0
√ 4 2! √ 1 √
40 · · 2 = 2 · 10 · = 10 = 3.162277 . . . .
π 2 2
We compute the Minkowski bound in Sage as follows:
K = QQ [ sqrt (10)]; K

Number Field in sqrt10 with defining polynomial x ^2 - 10

B = K . m i nk ow sk i _b ou nd (); B

sqrt (10)

B . n ()

3 . 1 6 2 2 7 7 6 6 0 1 6 8 38

Theorem 7.1.2 implies that every ideal class has a representative that is an integral
ideal of norm 1, 2, or 3. The ideal 2OK is ramified in OK , so
√
2OK = (2, 10)2 .
7.1. THE CLASS GROUP 81
√ √
If (2, 10) were principal, say (α), then α = a + b 10 would have norm ±2. Then
the equation
x2 − 10y 2 = ±2, (7.1.1)

√ solution. But the squares mod 5 are 0, ±1, so (7.1.1) has no

would have an integer
solutions. Thus (2, 10) defines a nontrivial element of the class group, and it has
order 2 since its square is the principal ideal 2OK . Thus 2 | #CK .
To find the integral ideals of norm 3, we factor x2 − 10 modulo 3, and see that
√ √
3OK = (3, 2 + 10) · (3, 4 + 10).
If either of the prime divisors of 3OK were principal, then the equation x2 − 10y 2 =
±3 would have an integer solution. Since it does not have one mod 5, the prime
divisors of 3OK are both nontrivial elements of the class group. Let
√
4 + 10 1 √
α= √ = · (1 + 10).
2 + 10 3
Then
√ √ √ √ √
(3, 2 + 10) · (α) = (3α, 4 + 10) = (1 + 10, 4 + 10) = (3, 4 + 10),
so the classes over 3 are equal.
In summary, we now know that every element of CK is equivalent to one of
√ √
(1), (2, 10), or (3, 2 + 10).
Thus the class group is a group of order at most 3 that contains an element of
order 2. Thus it must
√ have order 2. We verify this in Sage below, where we also
check that (3, 2 + 10) generates the class group.
K . < sqrt10 > = QQ [ sqrt (10)]; K

Number Field in sqrt10 with defining polynomial x ^2 - 10

G = K . class_group (); G

Class group of order 2 with structure C2 of Number Field ...

G .0

Fractional ideal class (3 , sqrt10 + 1)

G .0^2

Trivial principal fractional ideal class

G .0 == G ( (3 , 2 + sqrt10 ) )

True
82 CHAPTER 7. FINITENESS OF THE CLASS GROUP

Before proving Theorem 7.1.2, we prove a few lemmas. The strategy of the
proof is to start with any nonzero ideal I, and prove that there is some nonzero
a ∈ K having very small norm, such that aI is an integral ideal. Then Norm(aI) =
NormK/Q (a) Norm(I) will be small, since NormK/Q (a) is small. The trick is to
determine precisely how small an a we can choose subject to the condition that aI
is an integral ideal, i.e., that a ∈ I −1 .
Let S be a subset of V = Rn . Then S is convex if whenever x, y ∈ S then the
line connecting x and y lies entirely in S. We say that S is symmetric about the
origin if whenever x ∈ S then −x ∈ S also. If L is a lattice in the real vector space
V = Rn , then the volume of V /L is the volume of the compact real manifold V /L,
which is the same thing as the absolute value of the determinant of any matrix
whose rows form a basis for L.
Lemma 7.1.5 (Blichfeld). Let L be a lattice in V = Rn , and let S be a bounded
closed convex subset of V that is symmetric about the origin. If Vol(S) ≥ 2n Vol(V /L),
then S contains a nonzero element of L.
1
Proof. First assume that Vol(S) > 2n Vol(V /L). If the map π : 2S → V /L is
injective, then  
1 1
n
Vol(S) = Vol S ≤ Vol(V /L),
2 2
a contradiction. Thus π is not injective, so there exist P1 6= P2 ∈ 21 S such that
P1 − P2 ∈ L. Because S is symmetric about the origin, −P2 ∈ 21 S. By convexity,
the average 12 (P1 − P2 ) of P1 and −P2 is also in 21 S. Thus 0 6= P1 − P2 ∈ S ∩ L, as
claimed.
Next assume that Vol(S) = 2n · Vol(V /L). Then for all ε > 0 there is 0 6= Qε ∈
L ∩ (1 + ε)S, since Vol((1 + ε)S) > Vol(S) = 2n · Vol(V /L). If ε < 1 then the Qε
are all in L ∩ 2S, which is finite since 2S is bounded and L is discrete. Hence there
exists nonzero Q = Qε ∈ L ∩ (1 + ε)S for arbitrarily small ε. Since S is closed,
Q ∈ L ∩ S.
Lemma 7.1.6. If L1 and L2 are lattices in V , then
Vol(V /L2 ) = Vol(V /L1 ) · [L1 : L2 ].
Proof. Let A be an automorphism of V such that A(L1 ) = L2 . Then A defines an
isomorphism of real manifolds V /L1 → V /L2 that changes volume by a factor of
|det(A)| = [L1 : L2 ]. The claimed formula then follows, since [L1 : L2 ] = |det(A)|,
by definition.
Fix a number field K with ring of integers OK . Let σ1 , . . . , σr be the real
embeddings of K and σr+1 , . . . , σr+s be half the complex embeddings of K, with one
representative of each pair of complex conjugate embeddings. Let σ : K → V = Rn
be the embedding
σ(x) = σ1 (x), σ2 (x), . . . , σr (x),


Re(σr+1 (x)), . . . , Re(σr+s (x)), Im(σr+1 (x)), . . . , Im(σr+s (x)) ,
7.1. THE CLASS GROUP 83

Warning 7.1.7. Note that this σ is not exactly the same as the one at the beginning
of Section 6.2 if s > 0.

Lemma 7.1.8. Let σ be the map described above. Then

Vol(V /σ(OK )) = 2−s |dK |.

p

Proof. Let L = σ(OK ). From a basis w1 , . . . , wn for OK we obtain a matrix A

whose ith row is

(σ1 (wi ), · · · , σr (wi ), Re(σr+1 (wi )), . . . , Re(σr+s (wi )), Im(σr+1 (wi )), . . . , Im(σr+s (wi )))

and whose determinant has absolute value equal to the volume of V /L. By doing
the following three column operations, we obtain a matrix whose rows are exactly
the images of the wi under all embeddings of K into C, which is the matrix that
came up when we defined dK = Disc(OK ) in Section 6.2.
√
1. Add i = −1 times each column with entries Im(σr+j (wi )) to the column
with entries Re(σr+j (wi )).

2. Multiply all columns with entries Im(σr+j (wi )) by −2i, thus changing the
determinant by (−2i)s .

3. Add each column that now has entries Re(σr+j (wi )) + iIm(σr+j (wi )) to the
the column with entries −2iIm(σr+j (wi )) to obtain columns Re(σr+j (wi )) −
iIm(σr+j (wi )).

Recalling the definition of discriminant, we see that

 if B is the matrix constructed
by doing the above three operations to A, then det(B)2  = |dK |. Thus

Vol(V /L) = |det(A)| = (−2i)−s · det(B) = 2−s |dK |.

  p

Lemma 7.1.9. If I is a fractional OK -ideal, then σ(I) is a lattice in V and

Vol(V /σ(I)) = 2−s |dK | · Norm(I).

p

Proof. Since σ(OK ) has rank n as an abelian group, and Lemma 7.1.8 implies that
σ(OK ) also spans V , it follows that σ(OK ) is a lattice in V . For some nonzero
1
integer m we have mOK ⊂ I ⊂ m OK , so σ(I) is also a lattice in V . To prove the
displayed volume formula, combine Lemmas 7.1.6 and 7.1.8 to get

Vol(V /σ(I)) = Vol(V /σ(OK )) · [OK : I] = 2−s |dK | Norm(I).

p
84 CHAPTER 7. FINITENESS OF THE CLASS GROUP

Proof of Theorem 7.1.2. Let K be a number field with ring of integers OK , let
σ : K ,→ V ∼
= Rn be as above, and let f : V → R be the function defined by

f (x1 , . . . , xn ) = |x1 · · · xr · (x2r+1 + x2(r+1)+s ) · · · (x2r+s + x2n )|.

Notice that if x ∈ K then f (σ(x)) = | NormK/Q (x)|, and for any a ∈ R,

f (ax1 , . . . , axn ) = |a|n f (x1 , . . . , xn ).

Let S ⊂ V be any fixed choice of closed, bounded, convex, subset with positive
volume that is symmetric with respect to the origin. Since S is closed and bounded,

M = max{f (x) : x ∈ S}

exists.
Suppose I is any fractional ideal of OK . Our goal is to prove that there is
an integral ideal aI with small norm. We will do this by finding an appropriate
a ∈ I −1 . By Lemma 7.1.9,

2−s |dK |
p
−1 −s −1
p
c = Vol(V /σ(I )) = 2 |dK | · Norm(I) = .
Norm(I)
c 1/n


Let λ = 2 · v , where v = Vol(S). Then
c
Vol(λS) = λn Vol(S) = 2n · · v = 2n · c = 2n Vol(V /σ(I −1 )),
v
so by Lemma 7.1.5 there exists 0 6= b ∈ σ(I −1 ) ∩ λS. Let a ∈ I −1 be such that
σ(a) = b. Since M is the largest norm of an element of S, the largest norm of an
element of σ(I −1 ) ∩ λS is at most λn M , so
NormK/Q (a) ≤ λn M.
 

Since a ∈ I −1 , we have aI ⊂ OK , so aI is an integral ideal of OK that is equivalent

to I, and
 
Norm(aI) = NormK/Q (a) · Norm(I)
≤ λn M · Norm(I)
c
≤ 2n M · Norm(I)
v
= 2n · 2−s |dK | · M · v −1
p

= 2r+s |dK | · M · v −1 .
p

Notice that the right hand side is independent of I. It depends only on r, s, |dK |, and
our choice of S. This completes the proof of the theorem, except for the assertion
that S can be chosen to give the claim at the end of the theorem which is shown in
Exercise 7.1.10.
7.2. CLASS NUMBER 1 85

Exercise 7.1.10. Show that in the proof of Theorem 7.1.2, S can be chosen so
that the final bound matches the statement of the theorem. This means S can be
chosen so that  s
4 n! p
Norm(aI) ≤ |dK |.
π nn
[Hint: Consider the subset S of Rn defined by
q q 
|x1 | + · · · + |xr | + 2 x2r+1 + x2(r+1)+s + · · · + x2r+s + x2(r+s)+s ≤ 1.

Suppose a ∈ OK such that σ(a) ∈ S. What can you say about NormK/Q (a)? What
is Vol(S)? ]

Corollary 7.1.11. Suppose that K 6= Q is a number field. Then |dK | > 1.

Proof. Applying Theorem 7.1.2 to the unit ideal, we get the bound
 s
p 4 n!
1 ≤ |dK | · .
π nn

Thus
p  π s n n
|dK | ≥ ,
4 n!
and the right hand quantity is strictly bigger than 1 for any s ≤ n/2 and any n > 1,
see Exercise 7.1.12.

Exercise 7.1.12. Prove the statement at the end of the

proof for Corollary 7.1.11,
n π s nn
i.e. suppose n > 1 and s ≤ 2 as above. Show that 4 n! > 1.

A prime p ramifies in OK if and only if d | dK , so the corollary implies that

every nontrivial extension of Q is ramified at some prime.

7.2 Class Number 1

The fields of class number 1 are exactly the fields for which OK is a principal ideal
domain. How many such number fields are there? We still don’t know.

Conjecture 7.2.1. There are infinitely many number fields K such that the class
group of K has order 1.
√
For example, if we consider real quadratic fields K = Q( d), with d positive and
square free, many class numbers are probably 1, as suggested by the Sage output
below. It looks like 1’s will keep appearing infinitely often, and indeed Cohen and
Lenstra conjecture that they do ([CL84]).
86 CHAPTER 7. FINITENESS OF THE CLASS GROUP

for d in [2..1000]:
if i s _ f u n d a m e n t a l _ d i s c r i m i n a n t ( d ):
h = Q uadrati cField (d , ’a ’ ). class_number ()
if h == 1:
print d ,

5 8 12 13 17 21 24 28 29 33 37 41 44 53 56 57 61 69
73 76 77 88 89 92 93 97 101 109 113 124 129 133 137
141 149 152 157 161 172 173 177 181 184 188 193 197
201 209 213 217 233 236 237 241 248 249 253 268 269
277 281 284 293 301 309 313 317 329 332 337 341 344
349 353 373 376 381 389 393 397 409 412 413 417 421
428 433 437 449 453 457 461 472 489 497 501 508 509
517 521 524 536 537 541 553 556 557 569 573 581 589
593 597 601 604 613 617 632 633 641 649 652 653 661
664 668 669 673 677 681 701 709 713 716 717 721 737
749 753 757 764 769 773 781 789 796 797 809 813 821
824 829 844 849 853 856 857 869 877 881 889 893 908
913 917 921 929 933 937 941 953 956 973 977 989 997

In contrast, if we look at class numbers of quadratic imaginary fields, only a few at

the beginning have class number 1.

for d in [ -1 , -2.. -1000]:

if i s _ f u n d a m e n t a l _ d i s c r i m i n a n t ( d ):
h = Q uadrati cField (d , ’a ’ ). class_number ()
if h == 1:
print d

-3 -4 -7 -8 -11 -19 -43 -67 -163

It is a theorem that was proved independently and in different ways by Heegner,

Stark, and Baker that the above list of 9 fields is the complete list with class
number 1. More generally, it is possible, using deep work of Gross, Zagier, and
Goldfeld involving zeta functions and elliptic curves, to enumerate all quadratic
number fields with a given class number (Mark Watkins has done very substantial
work in this direction).

7.3 More About Computing Class Groups

If p is a prime of OK , then the intersection p ∩ Z = pZ is a prime ideal of Z. We
say that p lies over p ∈ Z. Note p lies over p ∈ Z if and only if p is one of the
prime factors in the factorization of the ideal pOK . Geometrically, p is a point of
Spec(OK ) that lies over the point pZ of Spec(Z) under the map induced by the
inclusion Z ,→ OK as described in Section 4.1.1.

Lemma 7.3.1. Let K be a number field with ring of integers OK . Then the class

s by the prime ideals p of OK lying over primes p ∈ Z with
group Cl(K)pis generated
p ≤ BK = |dK | · π4 · nn!n , where s is the number of complex conjugate pairs of
embeddings K ,→ C.
7.3. MORE ABOUT COMPUTING CLASS GROUPS 87

Proof. Theorem 7.1.2 asserts that every ideal Qmclassei in Cl(K) is represented by an
ideal I with Norm(I) ≤ BK . Write I = i=1 pi , with each ei ≥ 1. Then by
multiplicativity of the norm, each pi also satisfies Norm(pi ) ≤ BK . If pi ∩ Z = pZ,
then p | Norm(pi ), since p is the residue characteristic of OK /p, so p ≤ BK . Thus I
is a product of primes p that satisfies the norm bound of the lemma.

This is a sketch of how to compute Cl(K):

1. Use the algorithms of Chapter 4 to list all prime ideals p of OK that appear
in the factorization of a prime p ∈ Z with p ≤ BK .

2. Find the group generated by the ideal classes [p], where the p are the prime
ideals found in step 1. (In general, this step can become fairly complicated.)
√
The following
√ three examples illustrate computation of Cl(K) for K = Q(i), Q( 5)
and Q( −6).
Example 7.3.2. We compute the class group of K = Q(i). We have

n = 2, r = 0, s = 1, dK = −4,

so  1  
√ 4 2! 8
BK = 4· · = < 3.
π 22 π
Thus Cl(K) is generated by the prime divisors of 2. We have

2OK = (1 + i)2 ,

so Cl(K) is generated by the principal prime ideal p = (1 + i). Thus Cl(K) = 0 is

trivial.
√
Example 7.3.3. We compute the class group of K = Q( 5). We have

n = 2, r = 2, s = 0, dK = 5,

so  0  
√ 4 2!
B= 5· · < 3.
π 22
Thus Cl(K)
√
is generated by the primes that divide 2. We have OK = Z[γ], where
1+ 5
γ = 2 satisfies x2 − x − 1. The polynomial x2 − x − 1 is irreducible mod 2, so
2OK is prime. Since it is principal, we see that Cl(K) = 1 is trivial.
√
Example 7.3.4. In this example, we compute the class group of K = Q( −6). We
have
n = 2, r = 0, s = 1, dK = −24,
so
√
 
4 2!
B= 24 · · ∼ 3.1.
π 22
88 CHAPTER 7. FINITENESS OF THE CLASS GROUP

Thus
√ Cl(K) is √ generated by 2the prime ideals lying2 over 2 and 3. We have OK =
Z[ −6], and −6 satisfies x + 6 = 0. Factoring x + 6 modulo 2 and 3 we see that
the class group is generated by the prime ideals
√ √
p2 = (2, −6) and p3 = (3, −6).

Also, p22 = 2OK and p23 = 3OK , so p2 and p3 define elements of order dividing 2 in
Cl(K).
Is either p2 or p3 principal? Fortunately, there√is an easier norm trick that allows
us to decide. Suppose p2 = (α), where α = a + b −6. Then
√ √
2 = Norm(p2 ) = |Norm(α)| = (a + b −6)(a − b −6) = a2 + 6b2 .

Trying the first few values of a, b ∈ Z, we see that this equation has no solutions,
so p2 can not be principal. By a similar argument, we see that p3 is not principal
either. Thus p2 and p3 define elements of order 2 in Cl(K).
Does the class of p2 equal the class of p3 ? Since p2 and p3 define classes of
order 2, we can decide this by finding the class of p2 · p3 . We have
√ √ √ √ √
p2 · p3 = (2, −6) · (3, −6) = (6, 2 −6, 3 −6) ⊂ ( −6).

The ideals on both sides of the inclusion have norm√

6, so by multiplicativity of the
norm, they must be the same ideal. Thus p2 · p3 = ( −6) is principal, which shows
p3 is the inverse of p2 in Cl(K). But p2 had order 2, so p2 and p3 represent the
same element of Cl(K). We conclude that

Cl(K) = hp2 i = Z/2Z.

Chapter 8

Dirichlet’s Unit Theorem

In this chapter we will prove Dirichlet’s unit theorem, which is a structure theorem
for the group of units of the ring of integers of a number field. The answer is
remarkably simple: if K has r real and s pairs of complex conjugate embeddings,
then
∗
OK ≈ Zr+s−1 × T,

where T is a finite cyclic group.

Many questions can be encoded as questions about the structure of the group
of units. For example, Dirichlet’s unit theorem explains the structure of the integer
solutions (x, y) to Pell’s equation x2 − dy 2 = 1 (see Section 8.2.1).

8.1 The Group of Units

Definition 8.1.1 (Unit Group). The group of units UK associated to a number

field K is the group of elements of OK that have an inverse in OK .

Theorem 8.1.2 (Dirichlet). The group UK is the product of a finite cyclic group
of roots of unity with a free abelian group of rank r + s − 1, where r is the number of
real embeddings of K and s is the number of complex conjugate pairs of embeddings.

(Note that we will prove a generalization of Theorem 8.1.2 in Section 12.1 below.)
We prove the theorem by defining a map ϕ : UK → Rr+s , and showing that the
kernel of ϕ is finite and the image of ϕ is a lattice in a hyperplane in Rr+s . The
trickiest part of the proof is showing that the image of ϕ spans a hyperplane, and
we do this by a clever application of Blichfeld’s Lemma 7.1.5.

89
90 CHAPTER 8. DIRICHLET’S UNIT THEOREM

Remark 8.1.3. Theorem 8.1.2 is due to Dirichlet who lived 1805–1859. Thomas
Hirst described Dirichlet thus:

He is a rather tall, lanky-looking man, with moustache and beard about

to turn grey with a somewhat harsh voice and rather deaf. He was un-
washed, with his cup of coffee and cigar. One of his failings is forgetting
time, he pulls his watch out, finds it past three, and runs out without
even finishing the sentence.

Koch wrote that:

... important parts of mathematics were influenced by Dirichlet. His

proofs characteristically started with surprisingly simple observations,
followed by extremely sharp analysis of the remaining problem.

I think Koch’s observation nicely describes the proof we will give of Theorem 8.1.2.
Units have a simple characterization in terms of their norm.

Proposition 8.1.4. An element a ∈ OK is a unit if and only if NormK/Q (a) = ±1.

Proof. Write Norm = NormK/Q . If a is a unit, then a−1 is also a unit, and 1 =
Norm(a) Norm(a−1 ). Since both Norm(a) and Norm(a−1 ) are integers, it follows
that Norm(a) = ±1. Conversely, if a ∈ OK and Norm(a) = ±1, then the equation
aa−1 = 1 = ± Norm(a) implies that a−1 = ± Norm(a)/a. But Norm(a) is the
product of the images of a in C by all embeddings of K into C, so Norm(a)/a is
also a product of images of a in C, hence a product of algebraic integers, hence an
algebraic integer. Thus a−1 ∈ K ∩ Z = OK , which proves that a is a unit.

Remark 8.1.5. Proposition 8.1.4 is false if we replace OK by K. For example, if

α is a root of x2 − 12 x + 1, then α has norm ±1, but α is not a unit of OK , since
α 6∈ OK . To general Proposition 8.1.4 to an arbitrary finite extension R/S of
Dedekind domains, we replace ±1 by “an element of S ∗ ”.
8.1. THE GROUP OF UNITS 91

Let r be the number of real and s the number of complex conjugate embeddings
of K into C, so n = [K : Q] = r + 2s. Define the log map

ϕ : UK → Rr+s

by
ϕ(a) = (log |σ1 (a)|, . . . , log |σr+s (a)|).
p
Here |z| is the usual absolute value of z = x + iy ∈ C (so |z| = x2 + y 2 ), and the
maps σi are the same as those described in Lemma 7.1.8. In particular, σ1 , . . . , σr
represent all real embeddings K → R and σr+1 , . . . , σr+s represent half of the com-
plex embeddings K → C, with one representative for each pair of complex conjugate
embeddings.

Lemma 8.1.6. The image of ϕ lies in the hyperplane

H = {(x1 , . . . , xr+s ) ∈ Rr+s : x1 + · · · + xr + 2xr+1 + · · · + 2xr+s = 0}. (8.1.1)

Proof. If a ∈ UK , then by Proposition 8.1.4,

r r+s
! !
Y Y
2
 
|σi (a)| · |σi (a)| = NormK/Q (a) = 1.
i=1 i=r+1

Taking logs of both sides proves the lemma.

Lemma 8.1.7. The kernel of ϕ is finite.

Proof. We have

Ker(ϕ) ⊂ {a ∈ OK : |σi (a)| = 1 for i = 1, . . . , r + s}

σ(Ker(ϕ)) ⊂ σ(OK ) ∩ X

where σ : OK → Cr+s is given by σ(a) = (σ1 (a), . . . , σr+s (a)) and X is the set
{(z1 , . . . , zr+s ) ∈ Cr+s : |zi | ≤ 1}. Since σ(OK ) is a lattice (see Proposition 2.4.5)
and X is compact, the intersection σ(OK ) ∩ X is finite. This implies Ker(ϕ) is
finite.

Lemma 8.1.8. The kernel of ϕ is a finite cyclic group.

Proof. Lemma 8.1.7 implies that ker(ϕ) is a finite group. It is a general fact that
any finite subgroup G of the multiplicative group K ∗ of a field is cyclic (see Exer-
cise 8.1.9).

Exercise 8.1.9. Finish the proof of Lemma 8.1.8 by showing that for a field K,
every finite subgroup G of the multiplicative group K ∗ is cyclic.
[Hint: Every element in G satisfies a polynomial of the form xn − 1. Recall that
a polynomial of degree n over a field has at most n distinct roots. Now consider
the orders of the elements of G. ]
92 CHAPTER 8. DIRICHLET’S UNIT THEOREM

To prove Theorem 8.1.2, it suffices to prove that Im(ϕ) is a lattice in the hyper-
plane H of (8.1.1), which we view as a vector space of dimension r + s − 1.
Define an embedding
σ : K ,→ Rn (8.1.2)
given by σ(x) = (σ1 (x), . . . , σr+s (x)), where we view C ∼
= R × R via a + bi 7→ (a, b).
Thus this is the embedding

x 7→ σ1 (x), σ2 (x), . . . , σr (x),

Re(σr+1 (x)), Im(σr+1 (x)), . . . , Re(σr+s (x)), Im(σr+s (x)) .

Lemma 8.1.10. The image ϕ : UK → Rr+s is discrete.

Proof. Let X be a bounded subset of Rr+s . We will show that the intersection
ϕ(UK ) ∩ X is finite. Since X is bounded, for any u ∈ Y = ϕ−1 (X) ⊂ UK the
coordinates of σ(u) are bounded, since | log(x)| is bounded on bounded subsets of
[1, ∞). Thus σ(Y ) is a bounded subset of Rn . Since σ(Y ) ⊂ σ(OK ), and σ(OK ) is
a lattice in Rn , it follows that σ(Y ) is finite; moreover, σ is injective, so Y is finite.
Thus ϕ(UK ) ∩ X ⊂ ϕ(Y ) ∩ X is finite.

We will use the following lemma in our proof of Theorem 8.1.2.

Lemma 8.1.11. Let n ≥ 2 be an integer, suppose w1 , . . . , wn ∈ R are not all equal,
and suppose A, B ∈ R are positive. Then there exist d1 , . . . , dn ∈ R>0 such that

|w1 log(d1 ) + · · · + wn log(dn )| > B

and d1 · · · dn = A.
Proof. Order the wi so that w1 6= 0. By hypothesis there exists a wj such that
wj 6= w1 , and again re-ordering we may assume that j = 2. Set d3 = · · · = dr+s = 1.
Suppose d1 , d2 are any positive real numbers with d1 d2 = A. Since log(1) = 0,
 
Xn 
wi log(di ) = |w1 log(d1 ) + w2 log(d2 )|
 

 
i=1
= |w1 log(d1 ) + w2 log(A/d1 )|
= |(w1 − w2 ) log(d1 ) + w2 log(A)|

Since w1 6= w2 , we have |(w1 − w2 ) log(d1 ) + w2 log(A)| → ∞ as d1 → ∞. It is thus

possible to choose the di as in the lemma.

Proof of Theorem 8.1.2. By Lemma 8.1.10, the image ϕ(UK ) is discrete, so it re-
mains to show that ϕ(UK ) spans H. Let W be the R-span of the image ϕ(UK ),
and note that W is a subspace of H, by Lemma 8.1.6. We will show that W = H
indirectly by showing that if v 6∈ H ⊥ , where ⊥ is the orthogonal complement with
respect to the dot product on Rr+s , then v 6∈ W ⊥ . This will show that W ⊥ ⊂ H ⊥ ,
hence that H ⊂ W , as required.
8.1. THE GROUP OF UNITS 93

Thus suppose z = (z1 , . . . , zr+s ) 6∈ H ⊥ . Define a function f : K ∗ → R by

f (x) = z1 log |σ1 (x)| + · · · + zr+s log |σr+s (x)|. (8.1.3)

Note that f (UK ) = {0} if and only if z ∈ W ⊥ , so to show that z 6∈ W ⊥ we show

that there exists some u ∈ UK with f (u) 6= 0.
Let  s
p 2
A = |dK | · ∈ R>0 .
π
Choose any positive real numbers c1 , . . . , cr+s ∈ R>0 such that

c1 · · · cr · (cr+1 · · · cr+s )2 = A.

Let

S = {(x1 , . . . , xn ) ∈ Rn :
|xi | ≤ ci for 1 ≤ i ≤ r,
|x2i + x2i+s | ≤ c2i for r < i ≤ r + s} ⊂ Rn .

Then S is closed, bounded, convex, symmetric with respect to the origin, and of
dimension r + 2s, since S is a product of r intervals and s discs, each of which has
these properties. Viewing S as a product of intervals and discs, we see that the
volume of S is
r
Y s
Y
(2ci ) · (πc2i ) = 2r · π s · A = 2r+s |dK | = 2n · 2−s |dK |.
p p
Vol(S) =
i=1 i=1

Recall Blichfeldt’s Lemma 7.1.5, which asserts that if L is a lattice and S is

closed, bounded, etc., and has volume at least 2n · Vol(V /L), then S ∩ L contains a
nonzero element. To apply this lemma, we take L = σ(OK ) ⊂ Rn , where σ is as in
(8.1.2). By Lemma 7.1.8, we have Vol(Rn /L) = 2−s |dK |. To check the hypothesis
p

of Blichfeld’s lemma, note that

Vol(S) = 2n · 2−s |dK | = 2n Vol(Rn /L).

p

Thus there exists a nonzero element x in S ∩ σ(OK ). Let a ∈ OK with σ(a) = x,

then σ(a) ∈ S, so |σi (a)| ≤ ci for 1 ≤ i ≤ r + s. We then have
 
  r+2s
Y 
NormK/Q (a) =  σi (a)

 
i=1
r
Y s
Y
= |σi (a)| · |σi (a)|2
i=1 i=r+1
≤ c1 · · · cr · (cr+1 · · · cr+s )2 = A.
94 CHAPTER 8. DIRICHLET’S UNIT THEOREM

Since a ∈ OK is nonzero, we also have

 
NormK/Q (a) ≥ 1.
ci
Moreover, if for any i ≤ r, we have |σi (a)| < A, then
ci A
1 ≤ NormK/Q (a) < c1 · · · · · · cr · (cr+1 · · · cr+s )2 =
 
= 1,
A A
c2
a contradiction, so |σi (a)| ≥ cAi for i = 1, . . . , r. Likewise, |σi (a)|2 ≥ Ai , for i =
r + 1, . . . , r + s. Rewriting this we have
 2
ci ci
≤ A for i ≤ r and ≤ A for i = r + 1, . . . , r + s. (8.1.4)
|σi (a)| |σi (a)|
Recall that our overall strategy is to use an appropriately chosen a to construct
a unit u ∈ UK such f (u) 6= 0. First, let b1 , . . . , bm be representative generators
for
 the finitely  many nonzero principal ideals of OK of norm at most A. Since
NormK/Q (a) ≤ A, we have (a) = (bj ), for some j, so there is a unit u ∈ OK such
that a = ubj .
Let
t = tc1 ,...,cr+s = z1 log(c1 ) + · · · + zr+s log(cr+s ),
and recall f : K ∗ → R defined in (8.1.3) above. We have

|f (u) − t| = |f (a) − f (bj ) − t|

≤ |f (bj )| + |t − f (a)|
= |f (bj )| + |z1 (log(c1 ) − log(|σ1 (a)|)) + · · · + zr+s (log(cr+s ) − log(|σr+s (a)|))|
zr+s
= |f (bj )| + |z1 · log(c1 /|σ1 (a)|) + · · · + · log((cr+s /|σr+s (a)|)2 )|
2 !
r s
X 1 X def
≤ |f (bj )| + log(A) · |zi | + · |zi | = Bj .
2
i=1 i=r+1

In the last step we use (8.1.4).

Let B = maxj Bj , and note that B does not depend on the choice of the ci ; in
fact, it only depends our fixed choice of z and on the field K. Moreover, for any
choice of the ci as above, we have

|f (u) − t| ≤ B.

If we can choose positive real numbers ci such that

c1 · · · cr · (cr+1 · · · cr+s )2 = A
|tc1 ,...,cr+s | > B,

then the fact that |f (u) − t| ≤ B would then imply that |f (u)| > 0, which is exactly
what we aimed to prove.
8.2. EXAMPLES WITH SAGE 95

If r + s = 1, then we are trying to prove that ϕ(UK ) is a lattice in R0 = Rr+s−1 ,

which is automatically true, so assume r + s > 1. To finish the proof, we explain
how to use Lemma 8.1.11 to choose ci such that |t| > B. We have

t = z1 log(c1 ) + · · · + zr+s log(cr+s )

1 1
= z1 log(c1 ) + · · · + zr log(cr ) + · zr+1 log(c2r+1 ) + · · · + · zr+s log(c2r+s )
2 2
= w1 log(d1 ) + · · · + wr log(dr ) + wr+1 log(dr+1 ) + · · · + ·wr+s log(dr+s ),

where wi = zi and di = ci for i ≤ r, and wi = 21 zi and di = c2i for r < i ≤ r + s.

The condition that z 6∈ H ⊥ is that the wi are not all the same, and in our new
Pr+s
coordinates the lemma is
Qr+s equivalent to showing that | i=1 wi log(di )| > B, subject
to the condition that i=1 di = A. But this is exactly what Lemma 8.1.11 shows. It
is thus possible to find a unit u such that |f (u)| > 0. Thus z 6∈ W ⊥ , so W ⊥ ⊂ H ⊥ ,
whence H ⊂ W , which finishes the proof of Theorem 8.1.2.

8.2 Examples with Sage

8.2.1 Pell’s Equation
The so-called “Pell’s equation” is x2 − dy 2 = 1√with d > 0 square
√ free, and we seek
integer solutions x, y to this equation. If x + y d ∈ K = Q( d), then
√ √ √
Norm(x + y d) = (x + y d)(x − y d) = x2 − dy 2 .
√
Thus if (x, y) are integers such that x2 − dy 2 = 1, then α = x + dy ∈ OK has
norm 1, so by Proposition 8.1.4 we have α ∈ UK . The integer solutions to Pell’s
equation thus√form a finite-index subgroup of the group of units in the ring of
integers of Q( d). Dirichlet’s unit theorem implies that for any d the solutions to
Pell’s equation with x, y not both negative forms an infinite cyclic group, which is a
fact that takes substantial work to prove using only elementary number theory (for
example, using continued fractions).
We first solve Pell’s equation
√ x2 − 5y 2 = 1 with d = 5 by finding the units of
the ring of integers of Q( 5)√using Sage. Recall from Example 2.3.19 that the ring
√
of integers of Q( 5) is Z[ 1+2 5 ]

K . < sqrt5 > = Qua draticF ield (5)

G = K . unit_group (); G

Unit group with structure C2 x Z of Number Field in sqrt5 with

defining polynomial x ^2 - 5

u = G .1. value (); v = G .0. value (); (u , v )

(1/2* sqrt5 + 1/2 , -1)

96 CHAPTER 8. DIRICHLET’S UNIT THEOREM

The subgroup of cubes of u gives us the units with integer x, y (not both nega-
tive).

[ u ^(3* i ) for i in [0..9]]

[1 , sqrt5 + 2 , 4* sqrt5 + 9 , 17* sqrt5 + 38 , 72* sqrt5 + 161 , \

305* sqrt5 + 682 , 1292* sqrt5 + 2889 , 5473* sqrt5 + 12238 , \
23184* sqrt5 + 51841 , 98209* sqrt5 + 219602]

√
However, the norm of u = 1+2 5 is −1. So the 6th powers of u will generate
solutions to Pell’s Equation. We can also list the coefficients for these powers as
follows.
[ list ( u ^(6* i )) for i in [0..7]]

[[1 , 0] , [9 , 4] , [161 , 72] , [2889 , 1292] , [51841 , 23184] , \

[930249 , 416020] , [16692641 , 7465176] , [299537289 , 133957148]]

Remark 8.2.1. A great article about Pell’s equation is [Len02]. The MathSciNet
review begins: “This wonderful article begins with history and some elementary
facts and proceeds to greater and greater depth about the existence of solutions
to Pell equations and then later the algorithmic issues of finding those solutions.
The cattle problem is discussed, as are modern smooth number methods for solving
Pell equations and the algorithmic issues of representing very large solutions in a
reasonable way.”
The simplest solutions to Pell’s equation can be huge, even when d is quite small.
Read Lenstra’s paper for some examples from over two thousand years ago. Here
is one example for d = 10000019.

K . <a > = Q uadratic Field ( next_prime (10^7))

G = K . unit_group (); G .1. value ()

163580259880346328225592238121094625499142677693142915506747253000\
340064100365767872890438816249271266423998175030309436575610631639\
272377601680603795883791477817611974184075445702823789975945910042\
8895693238165048098039* a - \
517286692885814967470170672368346798303629034373575202975075605058\
714958080893991274427903448098643836512878351227856269086856679078\
304979321047765031073345259902622712059164969008633603603640331175\
6634562204182936222240930

√
Exercise 8.2.2. Let U be the group of units of the ring of integers of K = Q( 5).
√
(a) Prove that the set S of units x + y 5 ∈ U with x, y ∈ Z is a subgroup of U .
(The main point is to show that the inverse of a unit with x, y ∈ Z again has
coefficients in Z.)
(b) Let U 3 denote the subgroup of cubes of elements of U . Prove that S = U 3 by
showing that U 3 ⊂ S ( U and that there are no groups H with U 3 ( H ( U .
8.2. EXAMPLES WITH SAGE 97

8.2.2 Examples with Various Signatures

In this section we give examples for various (r, s) pairs. First we consider K = Q(i).

K . <a > = Qu adratic Field ( -1)

K . signature ()

(0 , 1)

U = K . unit_group (); U

Unit group with structure C4 of Number Field in a with

defining polynomial x ^2 + 1

U .0. value ()

The signature method returns the number of real and complex conjugate em-
beddings of K into C. The unit_group method, which we used above, returns the
unit group UK as an abstract abelian group and a homomorphism UK → OK .
√
Next we consider K = Q( 3 2).

K . <a > = NumberField ( x ^3 - 2)

K . signature ()

(1 , 1)

U = K . unit_group (); U

Unit group with structure C2 x Z of Number Field in a with

defining polynomial x ^3 - 2

[ u . value () for u in U . gens ()]

[ -1 , a - 1]

u = U .1. value (); u

a - 1

Below we use the places command, which returns the real embeddings and
representatives for the complex conjugate embeddings. We use the places to define
the log map ϕ, which plays such a big role in this chapter.
98 CHAPTER 8. DIRICHLET’S UNIT THEOREM

S = K . places ( prec =53); S

[ Ring morphism :
From : Number Field in a with defining polynomial x ^3 - 2
To : Real Double Field
Defn : a | - - > 1.25992104989 , \
Ring morphism :
From : Number Field in a with defining polynomial x ^3 - 2
To : Complex Double Field
Defn : a | - - > -0.629960524947 + 1. 09112363 597* I ]

def phi ( z ):
return [ log ( abs ( sigma ( z ))) for sigma in S ]
phi ( u )

[ -1.3473773483293832 , 0 . 6 7 3 6 8 8 6 7 4 1 6 4 6 9 2 ]

phi ( K ( -1))

[0.0 , 0.0]

Note that ϕ : UK → R2 , and the image lands in the 1-dimensional subspace of

(x1 , x2 ) such that x1 + 2x2 = 0. Also, note that ϕ(−1) = (0, 0).

Let’s try a field such that r + s − 1 = 2. First, one with r = 0 and s = 3:

8.2. EXAMPLES WITH SAGE 99

K . <a > = NumberField ( x ^6 + x + 1)

K . signature ()

(0 , 3)

U = K . unit_group (); U

Unit group with structure C2 x Z x Z of Number Field in a with

defining polynomial x ^6 + x + 1

u1 = U .1. value (); u1

u2 = U .2. value (); u2

a ^3 + a

S = K . places ( prec =53)

def phi ( z ):
return [ log ( abs ( sigma ( z ))) for sigma in S ]
phi ( u1 )

[ -0.16741548328589614 , 0.04864390975267338 , 0 . 1 1 8 7 7 1 5 7 3 5 3 3 2 2 2 9 8 ]

phi ( u2 )

[0.30678570892329504 , -1.0725146505489758 , 0 . 7 6 5 7 2 8 9 4 1 6 2 5 6 8 0 3 ]

phi ( K ( -1))

[0.0 , 0.0 , 0.0]

sum ( phi ( u1 ))

2 . 2 2 0 4 4 6 0 4 9 2 5 0 3 1 3 e -16

sum ( phi ( u2 ))

-4.440892098500626 e -16

Notice that the log image of u1 is clearly not a real multiple of the log image
of u2 (e.g., the scalar would have to be positive because of the first coefficient, but
negative because of the second). This illustrates the fact that the log images of u1
and u2 span a two-dimensional space.
Next we compute a field with r = 3 and s = 0. (A field with s = 0 is called
totally real.)
100 CHAPTER 8. DIRICHLET’S UNIT THEOREM

K . <a > = NumberField ( x ^3 + x ^2 - 5* x - 1)

K . signature ()

(3 , 0)

U = K . unit_group (); U

Unit group with structure C2 x Z x Z of Number Field in a with

defining polynomial x ^3 + x ^2 - 5* x - 1

u1 = U .1. value (); u1

1/2* a ^2 + a - 1/2

u2 = U .2. value (); u2

S = K . places ( prec =53)

def phi ( z ):
return [ log ( abs ( sigma ( z ))) for sigma in S ]
phi ( u1 )

[ -0.7747670223461895 , -0.3928487245813982 , 1 . 1 6 7 6 1 5 7 4 6 9 2 7 5 8 8 7 ]

phi ( u2 )

[0.9966812040934553 , -1.6402241503223172 , 0 . 6 4 3 5 4 2 9 4 6 2 2 8 8 6 2 7 ]

A field with r = 0 is called totally complex. For example, the cyclotomic fields
Q(ζn ) are totally complex, where ζn is a primitive nth root of unity. The degree of
Q(ζn ) over Q is ϕ(n) and r = 0, so s = ϕ(n)/2 (assuming n > 2). Here ϕ is the
Euler Totient function which on n is defined as the number of integers k such that
0 < k ≤ n and gcd(k, n) = 1.
8.2. EXAMPLES WITH SAGE 101

K . <a > = Cy c lo to mi c Fi el d (11); K

Cyclotomic Field of order 11 and degree 10

K . signature ()

(0 , 5)

U = K . unit_group (); U

Unit group with structure C22 x Z x Z x Z x Z of \

Cyclotomic Field of order 11 and degree 10

u = U .1. value (); u

a ^7 + a ^6

S = K . places ( prec =20)

def phi ( z ):
return [ log ( abs ( sigma ( z ))) for sigma in S ]
phi ( u )

[ -1.2566 , -0.18533 , 0.26982 , 0.52028 , 0.65180]

for u in U . gens ():

print phi ( u . value ())

[0.00000 , 0.00000 , 0.00000 , -9.5367 e -7 , 0.00000]

[ -1.2566 , -0.18533 , 0.26982 , 0.52028 , 0.65180]
[ -0.26981 , -0.52028 , 0.18533 , -0.65180 , 1.2566]
[0.65180 , 0.26981 , -1.2566 , -0.18533 , 0.52029]
[ -0.084486 , -1.1721 , -0.33496 , 0.60477 , 0.98675]

How far can we go computing unit groups of cyclotomic fields directly with
Sage?
102 CHAPTER 8. DIRICHLET’S UNIT THEOREM

% time U = Cy cl ot o mi cF ie l d (11). unit_group ()

CPU time : 0.01 s , Wall time : 0.01 s

% time U = Cy cl ot o mi cF ie l d (13). unit_group ()

CPU time : 0.30 s , Wall time : 0.30 s

% time U = Cy cl ot o mi cF ie l d (17). unit_group ()

CPU time : 1.13 s , Wall time : 1.31 s

% time U = Cy cl ot o mi cF ie l d (23). unit_group ()

.... I waited a few minutes and gave up ....

However, if you are willing to assume some conjectures (something related to

the Generalized Riemann Hypothesis), you can go further:

proof . number_field ( False )

% time U = Cy cl ot o mi cF ie l d (11). unit_group ()

CPU time : 0.07 s , Wall time : 0.07 s

% time U = Cy cl ot o mi cF ie l d (13). unit_group ()

CPU time : 0.03 s , Wall time : 0.03 s

% time U = Cy cl ot o mi cF ie l d (17). unit_group ()

CPU time : 0.06 s , Wall time : 0.06 s

% time U = Cy cl ot o mi cF ie l d (23). unit_group ()

CPU time : 0.26 s , Wall time : 0.31 s

% time U = Cy cl ot o mi cF ie l d (29). unit_group ()

CPU time : 0.60 s , Wall time : 0.62 s

8.2. EXAMPLES WITH SAGE 103

The generators of the units for Q(ζ29 ) are

3
u0 = −ζ29
26 25 22 21 19 18 15 14 11 8 7 4 3
u1 = ζ29 + ζ29 + ζ29 + ζ29 + ζ29 + ζ29 + ζ29 + ζ29 + ζ29 + ζ29 + ζ29 + ζ29 + ζ29 + ζ29 + 1
14 3
u2 = ζ29 + ζ29
3
u3 = ζ29 +1
26 20 3
u4 = ζ29 + ζ29 + ζ29
22 11 2
u5 = ζ29 + ζ29 + ζ29
10 9 8
u6 = ζ29 + ζ29 + ζ29
23
u7 = ζ29 + ζ29
17 11
u8 = ζ29 + ζ29
22 3
u9 = ζ29 + ζ29
24 19 5
u10 = ζ29 + ζ29 + ζ29 +1
19 6
u11 = ζ29 + ζ29
27 19 11 6 3
u12 = ζ29 + ζ29 + ζ29 + ζ29 + ζ29
26 15 4
u13 = ζ29 + ζ29 + ζ29 .

There are better ways to compute units in cyclotomic fields than to just use
general purpose software. For example, there are explicit cyclotomic units that
can be written down and generate a finite subgroup of UK . See [Was97, Ch. 8],
which would be a great book to read now that you’ve gone this far in the present
book. Also, using ideas explained in that book, it is probably possible to make the
unit_group command in Sage for cyclotomic fields extremely fast, which would be
an interesting project for a reader who also likes to code.
104 CHAPTER 8. DIRICHLET’S UNIT THEOREM
Chapter 9

Decomposition and Inertia

Groups

In this chapter we will study extra structure in the case when K is Galois over Q.
We will learn about Frobenius elements, the Artin symbol, decomposition groups,
and how the Galois group of K is related to Galois groups of residue class fields.
These are the basic structures needed to attach L-function to representations of
Gal(Q/Q), which will play a central role in the next few chapters.

9.1 Galois Extensions

In this section we give a survey (no proofs) of the basic facts about Galois extensions
of Q that will be needed in the rest of this chapter.

Definition 9.1.1 (Galois). An extension K/L of number fields is Galois if

# Aut(K/L) = [K : L],

where Aut(K/L) is the group of automorphisms of K that fix L. We write

Gal(K/L) = Aut(K/L).

For example, if K ⊂ C is a number field embedded in the complex numbers, then

K is Galois over Q if every field homomorphism K → C has image K. As another
example, any quadratic extension K/L is Galois over L, since it is of the form
√ √ √
L( a), for some a ∈ L, and the nontrivial automorphism is induced by a 7→ − a,
so there is always one nontrivial automorphism. If f ∈ L[x] is an irreducible cubic
polynomial, and a is a root of f , then one proves in a course on Galois theory that
L(a) is Galois over L if and only if the discriminant of f is a perfect square in L.
“Random” number fields of degree bigger than 2 are rarely Galois.
If K ⊂ C is a number field, then the Galois closure K gc of K in C is the field
generated by all images of K under all embeddings in C (more generally, if K/L

105
106 CHAPTER 9. DECOMPOSITION AND INERTIA GROUPS

is an extension, the Galois closure of K over L is the field generated by images of

embeddings K → C that are the identity map on L). If K = Q(a), then K gc is
the field generated by all of the conjugates of a, and is hence Galois over Q, since
the image under an embedding of any polynomial in the conjugates of a is again a
polynomial in conjugates of a.
How much bigger can the degree of K gc be as compared to the degree of K =
Q(a)? There is an embedding of Gal(K gc /Q) into the group of permutations of the
conjugates of a. If a has n conjugates, then this is an embedding Gal(K gc /Q) ,→ Sn ,
where Sn is the symmetric group on n symbols, which has order n!. Thus the degree
of the K gc over Q is a divisor of n!. Also Gal(K gc /Q) is a transitive subgroup of
Sn , which constrains the possibilities further. When n = 2, we recover the fact that
quadratic extensions are Galois. When n = 3, we see that the Galois closure of a
cubic extension is either the cubic extension or a quadratic extension of the cubic
extension. One can show that the Galois closure of a cubic extension is obtained
by adjoining the square root of the discriminant, which is why an irreducible cubic
defines a Galois extension if and only if the discriminant is a perfect square.
For an extension K of Q of degree 5, it is “frequently” the case that the Galois
closure has degree 120, and in fact it is an interesting problem to enumerate exam-
ples of degree 5 extension in which the Galois closure has degree smaller than 120.
For example, the only possibilities for the order of a transitive proper subgroup of
S5 are 5, 10, 20, and 60; there are also proper subgroups of S5 order 2, 3, 4, 6, 8, 12,
and 24, but none are transitive.
Let n be a positive integer. Consider the field K = Q(ζn ), where ζn = e2πi/n is
a primitive nth root of unity. If σ : K → C is an embedding, then σ(ζn ) is also an
nth root of unity, and the group of nth roots of unity is cyclic, so σ(ζn ) = ζnm for
some m which is invertible modulo n. Thus K is Galois and Gal(K/Q) ,→ (Z/nZ)∗ .
However, [K : Q] = ϕ(n), so this map is an isomorphism. (Remark: Taking a
limit using the maps Gal(Q/Q) → Gal(Q(ζpr )/Q), we obtain a homomorphism
Gal(Q/Q) → Z∗p , which is called the p-adic cyclotomic character.)
Compositums
√ √ of Galois extensions are Galois. For example, the biquadratic field
K = Q( 5, −1) is a Galois √ extension√of Q of degree 4, which is the compositum
of the Galois extensions Q( 5) and Q( −1) of Q.
Fix a number field K that is Galois over a subfield L. Then the Galois group
G = Gal(K/L) acts on many of the object that we have associated to K.

Exercise 9.1.2. Describe the natural action of G on the following objects:

• The ring of integers OK

• The group units UK

• The set of ideals of OK

• The group of fractional ideals of OK

• The class group Cl(K)

9.2. DECOMPOSITION OF PRIMES: EF G = N 107

• The set Sp of prime ideals lying over a given nonzero prime ideal p of OL , i.e.,
the prime divisors of pOK

In the next section we will be concerned with the action of Gal(K/L) on Sp ,

though actions on each of the other objects, especially Cl(K), are also of great
interest. Understanding the action of Gal(K/L) on Sp will enable us to asso-
ciate, in a natural way, a holomorphic L-function to any complex representation
Gal(K/L) → GLn (C).

9.2 Decomposition of Primes: ef g = n

If I ⊂ OK is any ideal in the ring of integers of a Galois extension K of Q and
σ ∈ Gal(K/Q), then
σ(I) = {σ(x) : x ∈ I}
is also an ideal of OK .
e
Fix a prime p ⊂ OK and write pOK = Pe11 · · · Pgg , so Sp = {P1 , . . . , Pg }.

Definition 9.2.1 (Residue class degree). Suppose P is a prime of OK lying over

p. Then the residue class degree of P is

fP/p = [OK /P : OL /p],

i.e., the degree of the extension of residue class fields.

If M/K/L is a tower of field extensions and q is a prime of M over P, then

fq/p = [OM /q : OL /p] = [OM /q : OK /P] · [OK /P : OL /p] = fq/P · fP/p ,

so the residue class degree is multiplicative in towers.

Note that if σ ∈ Gal(K/L) and P ∈ Sp , then σ induces an isomorphism of finite
fields OK /P → OK /σ(P) that fixes the common subfield OL /p. Thus the residue
class degrees of P and σ(P) are the same. In fact, much more is true.

Theorem 9.2.2. Suppose K/LQis a Galois extension of number fields, and let p be
a prime of OL . Write pOK = gi=1 Pei i , and let fi = fPi /p . Then G = Gal(K/L)
acts transitively on the set Sp of primes Pi , and

e1 = · · · = eg , f1 = · · · = fg .

Morever, if we let e be the common value of the ei , f the common value of the fi ,
and n = [K : L], then
ef g = n.

Proof. For simplicity, we will give the proof only in the case L = Q, but the proof
e
works in general. Suppose p ∈ Z and pOK = pe11 · · · pgg , and S = {p1 , . . . , pg }.
We will first prove that G acts transitively on S. Let p = pi for some i. Recall
108 CHAPTER 9. DECOMPOSITION AND INERTIA GROUPS

Lemma 5.2.2 which we proved long ago using the Chinese Remainder Theorem
(Theorem 5.1.4). It showed there exists a ∈ p such that (a)/p is an integral ideal
that is coprime to pOK . The product

Y Y (σ(a))OK (NormK/Q (a))OK

I= σ((a)/p) = = Y (9.2.1)
σ(p) σ(p)
σ∈G σ∈G
σ∈G

is a nonzero integral OK ideal since it is a product of nonzero integral OK ideals.

Since a ∈ p we have that NormK/Q (a) ∈ p ∩ Z = pZ. Thus the numerator of the
rightmost expression in (9.2.1) is divisible by pOK . Also, because (a)/p is coprime
to pOK , each σ((a)/p) is coprime to pOK as well. Thus I is coprime to pOK . This
means the denominator of the rightmost expression in (9.2.1) must also be divisible
by pOK in order to cancel the pOK in the numerator. Thus we have shown that for
any i,
g  Y
e
Y
pj j = pOK  σ(pi ).

j=1 σ∈G

By unique factorization, since every pj appears in the left hand side, we must have
that for each j there is a σ with σ(pi ) = pj , i.e., G acts transitively on S.
Choose some j and suppose that k 6= j is another index. Because G acts
transitively,
Qg there exists σ ∈ G such that σ(pk ) = pj . Applying σ to the factorization
ei
pOK = i=1 pi , we see that

g
Y g
Y
pei i = σ(pi )ei .
i=1 i=1

Using unique factorization, we get ej = ek . Thus e1 = e2 = · · · = eg .

As was mentioned right before the statement of the theorem, for any σ ∈ G
we have OK /pi ∼ = OK /σ(pi ). Since G acts transitively it follows that f1 = f2 =
· · · = fg . We have, upon applying the Chinese Remainder Theorem and noting
#(OK /(pm )) = #(OK /p)m (see Exercise 5.2.5), that

[K : Q] = dimZ OK = dimFp OK /pOK

g g
!
M ei
X
= dimFp OK /pi = ei fi = ef g,
i=1 i=1

which completes the proof.

The rest of this section illustrates the theorem for quadratic fields and a cubic
field and its Galois closure.
9.2. DECOMPOSITION OF PRIMES: EF G = N 109

9.2.1 Special Cases

Quadratic Extensions
Suppose K/Q is a quadratic field. Then K is Galois, so for each prime p ∈ Z we
have 2 = ef g. There are exactly three possibilities:

Ramified: e = 2, f = g = 1: The prime p ramifies in OK , which means pOK = p2 .

Let α be a generator for OK and h ∈ Z[x] a minimal polynomial for α. By
Theorem 4.2.3 a prime p is ramified in OK if and only if h has a double root
modulo p, which is equivalent to p dividing the discriminant of h. This shows
there are only finitely many ramified primes. More generally, the ramified
primes are exactly the ones that divide the discriminant (see [Mar77, Thm. 24]
or [?, Cor. III.2.12]).

Inert: e = 1, f = 2, g = 1: The prime p is inert in OK , which means pOK = p

is prime. It is a nontrivial theorem that this happens half of the time, as we
will see illustrated below for a particular example.

Split: e = f = 1, g = 2: The prime p splits in OK , which means pOK = p1 p2 with

p1 6= p2 . This happens the other half of the time.
√ √
Example 9.2.3. Let K = Q( √ 25), so OK = Z[γ], where γ = (1√+ 5)/2. Then p = 5
is ramified, since 5OK = ( 5) . More generally, the order Z[ 5] has index 2 in OK ,
so for any prime p 6= 2 we can determine the factorization of p in OK by finding
the factorization of the polynomial x2 − 5 ∈ Fp [x]. The polynomial x2 − 5 splits as
a product of two distinct factors in Fp [x] if and only if e = f = 
1 and g = 2. For

p 6= 2, 5 this is the case if and only if 5 is a square in Fp , i.e., if p5 = 1, where 5
p
is +1 if 5 is a square mod p and −1 if 5 is not. By quadratic reciprocity,
  (
5 5−1 p−1
p p +1 if p ≡ ±1 (mod 5)
= (−1) 2 · 2 · = =
p 5 5 −1 if p ≡ ±2 (mod 5).

Thus whether p splits or is inert in OK is determined by the residue class of p modulo

5. It is a theorem of Dirichlet, which was massively generalized by Chebotarev, that
p ≡ ±1 half the time and p ≡ ±2 the other half the time.1

The Cube Root of Two

Suppose K/Q is not Galois. Then ei , fi , and g are defined for each prime p ∈ Z,
Pg we need not have e1 = · · · = eg or f1 = · · · = fg . We do still have that
but
i=1 ei fi = n, by the Chinese Remainder Theorem. For a proof of this identity,
see [Mar77, Thm. 21], or, for a slightly √
more general version, [?, Prop. I.8.2]
√
3 3
Consider
√ the case where K = Q( 2). We know that O K = Z[ 2]. Thus
2OK = ( 3 2)3 , so for 2 we have e = 3 and f = g = 1.
1
For a technical statement and proof of this theorem, see [?] Theorem VII.13.4.
110 CHAPTER 9. DECOMPOSITION AND INERTIA GROUPS

Working modulo 5 we have

x3 − 2 = (x + 2)(x2 + 3x + 4) ∈ F5 [x],

and the quadratic factor is irreducible. Thus

√
3
√
3 2
√
3
5OK = (5, 2 + 2) · (5, 2 + 3 2 + 4).

Thus here g = 2, e1 = e2 = 1, f1 = 1, and f2 = 2. Thus when K is not Galois we

need not have that the fi are all equal.

9.2.2 Definitions and Terminology

In the previous sections we used words like “ramify”, “inert”, and “split” to de-
scribe the decomposition of a prime in an extension. This section will define the
generalizations of these concepts which will be used in later sections.
Let K/L be an extension of number fields. Let OK , OL denote the respective
ring of integers and q a prime in OL . By Theorem 3.2.6 we know that the ideal
qOK factors uniquely into a product of primes pi in OK given by
e
qOK = pe11 · · · pgg .

Let fi be the degree of the extension of residue fields, i.e.,

fi = [OK /pi : OL /q].

Definition 9.2.4. The prime q ramifies in L if ei > 1 for some 1 ≤ i ≤ g. Otherwise

q is unramified. If q is ramified and moreover fi = 1 for all i, then q is totally ramified.
Definition 9.2.5. The prime p is inert in L if pOL is prime. In this case we have
g = 1, q1 = pOL , and e1 = 1.
Definition 9.2.6. The prime p is split in L if g > 1. If moreover g = [L : K], then
p splits completely or is totally split.
It will sometimes be helpful to emphasize which prime we are referring to. To
do this we will use the notation e(p/q) to represent the power of p appearing in
the factorization of qOK . The number e(p/q) isQcalled the ramification index of p
over q. In this notation we could write qOK = pe(p/q) where the product ranges
over all primes p in OK . We will similarly denote f (p/q) to be the degree of the
extension of residue fields [OK /p : OL /q]. The number f (p/q) is called the inertia
degree of p/q. Because the number of primes over q depends on the field K, we
sometimes denote g by gK (q).
Exercise 9.2.7. The following are some basic properties of decompositions. For
each one, compare the result with previous examples we have seen such as Exam-
ple 9.2.3.
Let K/L/Q be a tower of number fields. Let p be a prime in Z, q a prime in OL
lying over p, and p a prime in OK lying over q.
9.3. THE DECOMPOSITION GROUP 111

(a) Show that e is multiplicative, that is e(p/p) = e(p/q) · e(q/p).

(b) Show that f is multiplicative, that is f (p/p) = f (p/q) · f (q/p).

gL (p) be the number of primes of OL lying over p. Show that gK (p) =

(c) LetP
gL (q).
q lies over p

Exercise 9.2.8 (See [Mar77, Ch. 4, Exercise 24]). Continue the notation from the
previous exercise.
(a) If p it totally ramified in K then it is totally ramified in L.

(b) Let K 0 be another extension of L. If p is totally ramified in K and unramified

in K 0 then K ∩ K 0 = L.

9.3 The Decomposition Group

Suppose K is a number field that is Galois over Q with group G = Gal(K/Q). Fix
a prime p ⊂ OK lying over p ∈ Z.
Definition 9.3.1 (Decomposition group). The decomposition group of p is the sub-
group
Dp = {σ ∈ G : σ(p) = p} ⊂ G.
Note that Dp is the stabilizer of p for the action of G on the set of primes lying
over p.
It also makes sense to define decomposition groups for relative extensions K/L,
but for simplicity and to fix ideas in this section we only define decomposition groups
for a Galois extension K/Q.
Let kp = OK /p denote the residue class field of p. In this section we will prove
that there is an exact sequence

1 → Ip → Dp → Gal(kp /Fp ) → 1,

where Ip is the inertia subgroup of Dp , and #Ip = e = e(p/p). The most interesting
part of the proof is showing that the natural map Dp → Gal(kp /Fp ) is surjective.
We will also discuss the structure of Dp and introduce Frobenius elements, which
play a crucial role in understanding Galois representations.
Recall from Theorem 9.2.2 that G acts transitively on the set of primes p lying
over p. The orbit-stabilizer theorem implies that [G : Dp ] equals the cardinality of
the orbit of p, which by Theorem 9.2.2 equals the number g of primes lying over p,
so [G : Dp ] = g.
Lemma 9.3.2. The decomposition subgroups Dp corresponding to primes p lying
over a given p are all conjugate as subgroups of G.
Proof. See Exercise 9.3.3.
112 CHAPTER 9. DECOMPOSITION AND INERTIA GROUPS

Exercise 9.3.3. Prove Lemma 9.3.2.

[Hint: For σ, τ ∈ G you need to show τ Dp τ −1 = Dτ p . Start by writing down
what it means for σ ∈ Dp and τ στ −1 ∈ Dτ p . ]
The decomposition group is useful because it allows us to refine the extension
K/Q into a tower of extensions, such that at each step in the tower we understand
the splitting behavior of the primes lying over p.
Recall the correspondence between subgroups of the Galois group G and sub-
fields of K. The fixed fields corresponding to the decomposition and inertia sub-
groups have an important description in terms of the splitting behavior of the prime
p. We characterize the fixed field of D = Dp as follows.
Proposition 9.3.4. The fixed field

K D = {a ∈ K : σ(a) = a for all σ ∈ D}

of D is the smallest subfield L ⊂ K such that the prime ideal q = p ∩ OL has

gK (q) = 1, i.e., there is a unique prime of OK lying over q.
Proof. First suppose L = K D , and note that by Galois theory Gal(K/L) ∼ = D, and
by Theorem 9.2.2, the group D acts transitively on the primes of K lying over q.
One of these primes is p, and D fixes p by definition, so there is only one prime
of K lying over q, that is g = 1. Conversely, if L ⊂ K is such that q has g = 1,
then Gal(K/L) fixes p (since it is the only prime over q), so Gal(K/L) ⊂ D, hence
K D ⊂ L.

Thus p does not split in going from K D to K—it does some combination of
ramifying and staying inert. To fill in more of the picture, the following proposition
asserts that p splits completely and does not ramify in K D /Q.
Proposition 9.3.5. Fix a finite Galois extension K of Q, let p be a prime lying
over p with decomposition group D, and set L = K D and q = p ∩ OL . Then
e(q/p) = f (q/p) = 1, gL (p) = [L : Q], e(p/p) = e(p/q) and f (p/p) = f (p/q).
Proof. As mentioned right after Definition 9.3.1, the orbit-stabilizer theorem implies
that gK (p) = [G : D], and by Galois theory [G : D] = [L : Q], so gK (p) = [L : Q].
By Proposition 9.3.4, we have gK (q) = 1 so by Theorem 9.2.2,

[K : Q]
e(p/q) · f (p/q) = [K : L] =
[L : Q]
e(p/p) · f (p/p) · gK (p)
=
[L : Q]
= e(p/p) · f (p/p).

Now e(p/q) ≤ e(p/p) and f (p/q) ≤ f (p/p), so we must have e(p/q) = e(p/p) and
f (p/q) = f (p/p). Since from Exercise 9.2.7 we have e(p/p) = e(p/q) · e(q/p) and
f (p/q) = f (p/q) · f (q/p), it follows that e(q/p) = f (q/p) = 1.
9.3. THE DECOMPOSITION GROUP 113

We summarize the results of the decomposition of a prime in the tower K ⊇ L =

K D ⊇ Q in Table 9.3.1. This table shows the ramification indices, inertia degrees,
and the number of primes at each step of the tower.

Ramification (e) Inertia (f ) Splitting (g) Primes Fields

p K
e(p/p) f (p/p) 1 | |
q L
1 1 [L : Q] | |
p Q

Table 9.3.1: Decomposition in the fixed field L = K D .

9.3.1 Galois groups of finite fields

Each σ ∈ D = Dp acts in a well-defined way on the finite field kp = OK /p, so we
obtain a homomorphism
ϕ : Dp → Aut(kp /Fp ).
We pause for a moment and review a few basic properties of extensions of finite
fields. In particular, they turn out to be Galois so the map ϕ above is actually
a map Dp → Gal(kp /Fp ). The properties in this section are general properties of
Galois groups for finite fields.

Definition 9.3.6. Let k be any field of characteristic p. Define Frobp : k → k to

be the homomorphism given by a 7→ ap . The map Frobp is called the Frobenius
homomorphism.

Exercise 9.3.7.

(a) Show the map Frobp is in fact a field homomorphism, that is Frobp (a + b) =
Frobp (a) + Frobp (b) and Frobp (ab) = Frobp (a) Frobp (b).

(b) Suppose k = Fp . Then show Frobp = id, i.e., ap = a for any a ∈ Fp .

(c) Suppose k = Fq where q = pf for some f ≥ 1. Show that Frobp : k → k is an

automorphism.

(d) Continuing part (c), note that by Exercise 8.1.9 k ∗ is cyclic. Let a ∈ k be a
generator for k ∗ , so a has multiplicative order pf − 1 and k = Fp (a). Show
that
n
Frobnp (a) = ap = a ⇔ (pf − 1) | pn − 1 ⇔ f | n

Remark 9.3.8. Exercise 9.3.7 shows that all finite fields are perfect. For more on
perfect fields see a standard abstract algebra text such as [?].
114 CHAPTER 9. DECOMPOSITION AND INERTIA GROUPS

By Exercise 9.3.7(b,c) the map Frobp is an automorphism of kp fixing Fp and

hence defines an element in Gal(kp /Fp ). Let f = fp/p be the residue degree of p, i.e.,
f = [kp : Fp ]. Exercise 9.3.7(d) shows the order of Frobp is f . Since the order of the
automorphism group of a field extension is at most the degree of the extension, we
conclude that Aut(kp /Fp ) is generated by Frobp . This shows Aut(kp /Fp ) has order
equal to the degree [kp /Fp ] so we conclude that kp /Fp is Galois. We summarize the
discussion into the following theorem.

Theorem 9.3.9. The extension kp /Fp is Galois and moreover, Gal(kp /Fp ) is gen-
erated by the Frobenius map Frobp defined by a 7→ ap .

Exercise 9.3.10. Prove that up to isomorphism there is exactly one finite field of
each degree.
[Hint: By Theorem 9.3.9 all elements in a finite field satisfy an equation of the
f
form xp − 1 where p is the characteristic and f is the degree over the field Fp . ]

9.3.2 The Exact Sequence

Because Dp preserves p, there is a natural reduction homomorphism

ϕ : Dp → Gal(kp /Fp ).

Theorem 9.3.11. The homomorphism ϕ is surjective.

Proof. Let D = Dp and ã ∈ kp be an element such that kp = Fp (ã). Lift ã to an

algebraic integer a ∈ OK , and let h = σ∈D (x − σ(a)) ∈ K D [x]. Let h̃ be the
Q

reduction of h modulo p. Note that h(a) = 0 so h̃(ã) = 0.

Note that the coefficients of h lie in OK D . By Proposition 9.3.5, the residue field
of OK D is Fp so h̃ ∈ Fp [x]. Therefore h̃ is a multiple of the minimal polynomial
of ã over Fp . In particular, Frobp (ã) must also be a root of h̃. Since the roots of
h̃ are of the form σ(a)
g this shows that σ(a) g = Frob(ã) for some σ ∈ D. Hence
ϕ(σ)(ã) = Frob(ã). Since elements of Gal(Kp /Fp ) are determined by their action
on ã by choice of ã, it follows that ϕ(σ) = Frob and hence ϕ is surjective because
Frobp generates Gal(kp /Fp ).

Definition 9.3.12 (Inertia Group). The inertia group associated to p is the kernel
Ip of Dp → Gal(kp /Fp ).

We have an exact sequence of groups

1 → Ip → Dp → Gal(kp /Fp ) → 1. (9.3.1)

The inertia group is a measure of how p ramifies in K.

Corollary 9.3.13. We have #Ip = e = e(p/p).

9.4. FROBENIUS ELEMENTS 115

Proof. The exact sequence (9.3.1) implies that #Ip = #Dp /f where f = f (p/p) =
[kp : Fp ]. Applying Propositions 9.3.4 and 9.3.5, we have

[K : Q] ef g
#Dp = [K : L] = = = ef.
g g
Dividing both sides by f proves the corollary.

We have the following characterization of Ip .

Proposition 9.3.14. Let K/Q be a Galois extension with group G, and let p be a
prime of OK lying over a prime p. Then

Ip = {σ ∈ G : σ(a) ≡ a (mod p) for all a ∈ OK }.

Proof. By definition Ip = {σ ∈ Dp : σ(a) ≡ a (mod p) for all a ∈ OK }, so it suffices

to show that if σ 6∈ Dp , then there exists a ∈ OK such that σ(a) 6≡ a (mod p). If
σ 6∈ Dp , then σ −1 6∈ Dp , so σ −1 (p) 6= p. Since both are maximal ideals, there exists
a ∈ p with a 6∈ σ −1 (p), i.e., σ(a) 6∈ p. Thus σ(a) 6≡ a (mod p).

9.4 Frobenius Elements

Suppose that K/Q is a finite Galois extension with group G and p is a prime such
that e = 1 (i.e., an unramified prime). Then I = Ip = 1 for any p | p, so the map ϕ of
Theorem 9.3.11 is a canonical isomorphism Dp ∼ = Gal(kp /Fp ). By Section 9.3.1, the
group Gal(kp /Fp ) is cyclic with canonical generator Frobp . The Frobenius element
corresponding to p is Frobp ∈ Dp . It is the unique (see Exercise 9.4.1) element of G
such that for all a ∈ OK we have

Frobp (a) ≡ ap (mod p).

Exercise 9.4.1. With the notation above, prove that Frobp is unique. That is, if
σ satisfies σ(a) ≡ ap (mod p) for all a ∈ OK then σ = Frobp .
[Hint: First show σ ∈ Dp , then argue as in the proof of Proposition 9.3.14. ]

Just as the primes p and decomposition groups Dp are all conjugate, the Frobe-
nius elements corresponding to primes p | p are all conjugate as elements of G.

Proposition 9.4.2. For each σ ∈ G, we have

Frobσp = σ Frobp σ −1 .

In particular, the Frobenius elements lying over a given prime are all conjugate.

Proof. Fix σ ∈ G. For any a ∈ OK we have Frobp (σ −1 (a)) − σ −1 (a)p ∈ p. Ap-

plying σ to both sides, we see that σ Frobp (σ −1 (a)) − ap ∈ σp, so σ Frobp σ −1 =
Frobσp .
116 CHAPTER 9. DECOMPOSITION AND INERTIA GROUPS

Thus the conjugacy class of Frobp in G is a well-defined function of p. For

example, if G is abelian, then Frobp does
 not
 depend on the choice of p lying over p
and we obtain a well defined symbol K/Q p = Frobp ∈ G called the Artin symbol.
It extends to a homomorphism from the free abelian group on unramified primes p
to G. Class field theory (for Q) sets up a natural bijection between abelian Galois
extensions of Q and certain maps from certain subgroups of the group of fractional
ideals for Z (i.e., Q∗ ). We have just described one direction of this bijection, which
associates to an abelian extension the Artin symbol (which is a homomorphism).
The Kronecker-Weber theorem asserts that the abelian extensions of Q are exactly
the subfields of the fields Q(ζn ), as n varies over all positive integers. By Galois
theory there is a correspondence between the subfields of the field Q(ζn ), which
has Galois group (Z/nZ)∗ , and the subgroups of (Z/nZ)∗ . If H ⊆ (Z/nZ)∗is the 
subgroup corresponding to K ⊂ Q(ζn ) then the Artin reciprocity map p 7→ K/Q p
is given by p 7→ [p] ∈ (Z/nZ)∗ /H.
Remark 9.4.3. Notice above that the n used is not unique. That is, if K is an abelian
extension of Q then it lies in some Q(ζn ). But then it also lies inside of Q(ζdn ) for
any positive integer d. However, a different choice of n would mean a different
choice of H. Note that the quotient (Z/nZ)∗ /H used is not dependent on n since
it is isomorphic to the Galois group of K/Q.

9.5 The Artin Conjecture

The Galois group Gal(Q/Q) is an object of central importance in number theory,
and we can interpret much of number theory as the study of this group. A good
way to study a group is to study how it acts on various objects, that is, to study
its representations.
Endow Gal(Q/Q) with the topology which has as a basis of open neighborhoods
of the origin the subgroups Gal(Q/K), where K varies over finite Galois extensions
of Q. Fix a positive integer n and let GLn (C) be the group of n × n invertible
matrices over C with the discrete topology.

Warning 9.5.1. The topology on Gal(Q/Q) is not the topology induced by taking
as a basis of open neighborhoods around the origin the collection of finite-index
normal subgroups of Gal(Q/Q), see [?, Ch. 7] or Exercise 9.5.5. In particular,
there exist nonopen normal subgroups of finite index which do not correspond to
subgroups Gal(Q/K) for some finite Galois extension K/Q.

Definition 9.5.2. A complex n-dimensional representation of Gal(Q/Q) is a con-

tinuous homomorphism
ρ : Gal(Q/Q) → GLn (C).

For ρ to be continuous means that if K is the fixed field of Ker(ρ), then K/Q is
9.5. THE ARTIN CONJECTURE 117

a finite Galois extension. We have a diagram

ρ
Gal(Q/Q) / GLn (C)
8

' + ρ0
Gal(K/Q)

Exercise 9.5.3. Suppose ρ : Gal(Q/Q) → GLn (C) is continuous. Show that the
image is finite.

Remark 9.5.4. The converse to Exercise 9.5.3 is false in general (see Exercise 9.5.5).
This is essentially the same warning as Warning 9.5.1, however it is worth pointing
out to avoid mistakes.2

Exercise 9.5.5. Find a nonopen subgroup of index 2 in Gal(Q/Q). Note this is

also an example of a non-continuous homomorphism Gal(Q/Q) → GLn (C) with
finite image.
[Hint: Use Zorn’s lemma to show that there are homomorphisms Gal(Q/Q) →
{±1} with finite image that are not continuous, since they do not factor through
the Galois group of any finite√Galois extension. ]
∗ ∗ 2
Q extension Q( d, d ∈ Q /(Q ) ) is an extension of Q with Galois
[Hint: The
group X ≈ F2 . The index-two open subgroups of X correspond to the quadratic
extensions of Q. However, Zorn’s lemma implies that X contains many index-two
subgroups that do not correspond to quadratic extensions of Q. ]

Fix a Galois representation ρ and let K be the fixed field of ker(ρ), so ρ factors
through Gal(K/Q). For each prime p ∈ Z that is not ramified in K, there is an
element Frobp ∈ Gal(K/Q) that is well-defined up to conjugation by elements of
Gal(K/Q). This means that ρ0 (Frobp ) ∈ GLn (C) is well-defined up to conjuga-
tion. Thus the characteristic polynomial Fp (x) ∈ C[x] of ρ0 (Frobp ) is a well-defined
invariant of p and ρ. Let

Rp (x) = xdeg(Fp ) · Fp (1/x) = 1 + · · · + det(Frobp ) · xdeg(Fp )

be the polynomial obtain by reversing the order of the coefficients of Fp . Following

E. Artin [Art23, Art30], set
Y 1
L(ρ, s) = . (9.5.1)
Rp (p−s )
p unramified

We view L(ρ, s) as a function of a single complex variable s. One can prove that
L(ρ, s) is holomorphic on some right half plane, and extends to a meromorphic
function on all C.
2
See [?, Pg. 1].
118 CHAPTER 9. DECOMPOSITION AND INERTIA GROUPS

Conjecture 9.5.6 (Artin). The L-function of any continuous representation

Gal(Q/Q) → GLn (C)

is an entire function on all C, except possibly at 1.

This conjecture asserts that there is some way to analytically continue L(ρ, s)
to the whole complex plane, except possibly at 1. (A standard fact from complex
analysis is that this analytic continuation must be unique.) The simple pole at
s = 1 corresponds to the trivial representation (the Riemann zeta function), and if
n ≥ 2 and ρ is irreducible, then the conjecture is that ρ extends to a holomorphic
function on all C.
The conjecture is known when n = 1. Assume for the rest of this paragraph
that ρ is odd, i.e., if c ∈ Gal(Q/Q) is complex conjugation, then det(ρ(c)) = −1.
When n = 2 and the image of ρ in PGL2 (C) is a solvable group, the conjecture is
known, and is a deep theorem of Langlands and others (see [Lan80]), which played a
crucial roll in Wiles’s proof of Fermat’s Last Theorem. When n = 2 and the image
of ρ in PGL2 (C) is not solvable, the only possibility is that the projective image is
isomorphic to the alternating group A5 . Because A5 is the symmetry group of the
icosahedron, these representations are called icosahedral. In this case, Joe Buhler’s
Harvard Ph.D. thesis [Buh78] gave the first example in which ρ was shown to satisfy
Conjecture 9.5.6. There is a book [Fre94], which proves Artin’s conjecture for 7
icosahedral representation (none of which are twists of each other). Kevin Buzzard
and the author proved the conjecture for 8 more examples [BS02]. Subsequently,
Richard Taylor, Kevin Buzzard, Nick Shepherd-Barron, and Mark Dickinson proved
the conjecture for an infinite class of icosahedral Galois representations (disjoint
from the examples) [BDSBT01]. The general problem for n = 2 is in fact now
completely solved, due to recent work of Khare and Wintenberger [KW08] that
proves Serre’s conjecture.
Chapter 10

Elliptic Curves, Galois

Representations, and
L-functions

This chapter is about elliptic curves and the central role they play in algebraic
number theory. Our approach will be less systematic and more a survey than most
of the rest of this book. The goal is to give you a glimpse of the forefront of research
by assuming many basic facts that can be found in other books (see, e.g., [Sil92]).

10.1 Groups Attached to Elliptic Curves

Definition 10.1.1 (Elliptic Curve). An elliptic curve over a field K is a genus one
curve E defined over K equipped with a distinguished point O ∈ E(K). Here E(K)
is the set of all points on E defined over K.

We will not define genus in this book, except to note that a nonsingular curve
over K has genus one if and only if over K it can be realized as a nonsingular
plane cubic curve.1 Moreover, one can show (using the Riemann-Roch formula)
that over any field a genus one curve with a rational point can always be defined
by a projective cubic equation of the form

Y 2 Z + a1 XY Z + a3 Y Z 2 = X 3 + a2 X 2 Z + a4 XZ 2 + a6 Z 3 .

In this form the distinguished point O is (X : Y : Z) = (0 : 1 : 0). Note that O is

the only point on the curve with Z = 0. So we can consider the rest of the curve
in the affine coordinates by projecting onto the affine plane defined by Z 6= 0. This
gives the equation

y 2 + a1 xy + a3 y = x3 + a2 x2 + a4 x + a6 . (10.1.1)
1
For a detailed and technical explanation of genus see [Har77, Ch. II.8] or [?, Ch. 7.3]

119
120 CHAPTER 10. ELLIPTIC CURVES AND L-FUNCTIONS

Thus one often presents an elliptic curve by giving a Weierstrass equation (10.1.1),
though there are significant computational advantages to other equations for curves
(e.g., Edwards coordinates – see work of Bernstein and Lange in [?]).
Using Sage we plot an elliptic curve over the finite field F7 and an elliptic curve
curve defined over Q.

E = EllipticCurve ( GF (7) , [1 ,0])

E

Elliptic Curve defined by y ^2 = x ^3 + x over

Finite Field of size 7

E . plot ( pointsize =60 , gridlines = True )

1 2 3 4 5

E = EllipticCurve ([1 ,0])

E

Elliptic Curve defined by y ^2 = x ^3 + x over

Rational Field

E . plot ()

1.5

0.5

0.2 0.4 0.6 0.8 1 1.2

-0.5

-1

-1.5
10.1. GROUPS ATTACHED TO ELLIPTIC CURVES 121

Note that both plots above are of the affine equation y 2 = x3 + x, and do not
include the distinguished point O, which lies at infinity.

Remark 10.1.2. The command EllipticCurve in Sage can take as input a list
[a4,a6] of coefficients and returns an elliptic curve given by a Weirstrass equation
with a1 = a2 = a3 = 0 and a4 , a6 as specified.

10.1.1 Abelian Groups Attached to Elliptic Curves

If E is an elliptic curve over K, then we give the set E(K) of all K-rational points
on E the structure of abelian group with identity element O.2 If we embed E in the
projective plane, then this group is determined by the condition that three points
sum to the zero element O if and only if they lie on a common line (some care
needs to be taken when the points are not distinct). In our affine picture, a line will
intersect the point at infinity if it is vertical, or equivalently if it of the form x = a
for some fixed a ∈ K.

Example 10.1.3. On the curve y 2 = x3 − 5x + 4, we have (0, 2) + (1, 0) = (3, 4). This
is because (0, 2), (1, 0), and (3, −4) are on a common line (given by the equation
y = 2 − 2x) hence they sum to zero:

(0, 2) + (1, 0) + (3, −4) = O.

Notice (3, 4), (3, −4), and O (the point at infinity on the curve) are also on a
common line (given by x = 3), so (3, 4) = −(3, −4). We can illustration this in
Sage:

E = EllipticCurve ([ -5 ,4])
E (0 ,2) + E (1 ,0)

(3 : 4 : 1)

2
As a reminder, we will not give rigorous proofs of any facts in this section. For a more detailed
and technical explanation of the group structure for elliptic curves see [Sil92, Ch. III.2].
122 CHAPTER 10. ELLIPTIC CURVES AND L-FUNCTIONS

G = E . plot ()
G += points ([(0 ,2) , (1 ,0) , (3 ,4) , (3 , -4)] ,
pointsize =90 , color = ’ red ’ , zorder =10)
G += line ([( -1 ,4) , (4 , -6)] , color = ’ black ’)
G += line ([(3 , -6) , (3 ,6)] , color = ’ black ’)
G . show ()

-2 -1 1 2 3 4

-2

-4

-6

Iterating the group operation often leads quickly to very complicated points:

7* E (0 ,2)

(14100601873051200/48437552041038241 :
-17087004418706677845235922/10660394576906522772066289 :
1)

Remark 10.1.4. In the previous example we saw that iterating the group operation
led to points which used a lot of digits to write down. This notion can be made
formal and is called the height of the point. The height function is used to prove
the general Mordell-Weil theorem, see [Sil92, Ch. VIII.4]
Exercise 10.1.5. Let E be an elliptic curve given by a Weirstrass equation such
as (10.1.1). Show that the points of order two are exactly the points on E with
y-coordinate equal to 0.
[Hint: Recall that a point P has order 2 if P + P + O = O, which means the
tangent line at P goes through the point at infinity. ]
That the above condition—three points on a line sum to zero—defines an abelian
group structure on E(K) is not obvious. Depending on your perspective, the trick-
iest part is seeing that the operation satisfies the associative axiom. The best way
to understand the group operation on E(K) is to view E(K) as being related to a
class group. As a first observation, note that the ring

R = K[x, y]/(y 2 + a1 xy + a3 y − (x3 + a2 x2 + a4 x + a6 ))

is a Dedekind domain, so Cl(R) is defined, and every nonzero fractional ideal can
be written uniquely in terms of prime ideals. When K is a perfect field, the prime
10.1. GROUPS ATTACHED TO ELLIPTIC CURVES 123

ideals correspond to the Galois orbits of affine points of E(K). Note that these do
not include the point at infinity.
Let Div(E/K) be the free abelian group on the Galois orbits of points of E(K),
which as explained above is analogous to the group of fractional ideals of a number
field (here we do include the point at infinity). We call the elements of Div(E/K)
divisors. Let Pic(E/K) be the quotient of Div(E/K) by the principal divisors, i.e.,
the divisors associated to rational functions f ∈ K(E)∗ via
X
f 7→ (f ) = ordP (f )[P ].
P

Here K(E) is the fraction field of the ring R defined above. Note that the principal
divisor associated to f is analogous to the principal fractional ideal associated to a
nonzero element of a number field. The definition of ordP (f ) is analogous to the
“power of P that divides the principal ideal generated by f ”. Define the class group
Pic(E/K) to be the quotient of the divisors by the principal divisors, so we have
an exact sequence:

1 → K(E)∗ /K ∗ → Div(E/K) → Pic(E/K) → 0.

A key difference between elliptic curves and algebraic number fields is that the
principal divisors in the context of elliptic curves all have degree 0, i.e., the sum
of the coefficients of the divisor (f ) is always 0. This might be a familiar fact to
you: the number of zeros of a nonzero rational function on a projective curve equals
the number of poles, counted with multiplicity. If we let Div0 (E/K) denote the
subgroup of divisors of degree 0, then we have an exact sequence

1 → K(E)∗ /K ∗ → Div0 (E/K) → Pic0 (E/K) → 0.

To connect this with the group law on E(K), note that there is a natural map

E(K) → Pic0 (E/K), P 7→ [P − O].

Using the Riemann-Roch theorem, one can prove that this map is a bijection, which
is moreover an isomorphism of abelian groups. Thus really when we discuss the
group of K-rational points on an E, we are talking about the class group Pic0 (E/K).
Recall that we proved (Theorem 7.1.2) that the class group Cl(OK ) of a number
field is finite. The group Pic0 (E/K) = E(K) of an elliptic curve can be either finite
(e.g., for y 2 + y = x3 − x + 1) or infinite (e.g., for y 2 + y = x3 − x), and determining
which is the case for any particular curve is one of the central unsolved problems
in number theory.
The Mordell-Weil theorem (see Chapter 12) asserts that if E is an elliptic curve
over a number field K, then there is a nonnegative integer r, referred to as the
algebraic rank of E, such that

E(Q) ≈ Zr ⊕ T, (10.1.2)
124 CHAPTER 10. ELLIPTIC CURVES AND L-FUNCTIONS

where T is a finite group. This is similar to Dirichlet’s unit theorem, which gives
the structure of the unit group of the ring of integers of a number field. The main
difference is that T need not be cyclic, and computing r appears to be much more
difficult than just finding the number of real and complex roots of a polynomial!
Example 10.1.6. Sage has algorithms which can compute this rank for us. For
example we can compute the ranks of the curves y 2 +y = x3 −x+1 and y 2 +y = x3 −x
respectively.
EllipticCurve ([0 ,0 ,1 , -1 ,1]). rank ()

EllipticCurve ([0 ,0 ,1 , -1 ,0]). rank ()

Also, if L/K is an arbitrary extension of fields, and E is an elliptic curve over K,

then there is a natural inclusion homomorphism E(K) ,→ E(L). Thus instead of
just obtaining one group attached to an elliptic curve, we obtain a whole collection,
one for each extension of L. Even more generally, if S/K is an arbitrary scheme,
then E(S) is a group, and the association S 7→ E(S) defines a functor from the
category of schemes to the category of groups. Thus each elliptic curve gives rise to
map:
{Schemes over K} −→ {Abelian Groups}
Remark 10.1.7. Elliptic curves are not the only objects that induce a functor from
schemes to groups. Abelian varieties are a larger class of schemes, which includes
elliptic curves, that also induce such a functor. For more on Abelian varieties see
[?].

10.1.2 A Formula for Adding Points

We close this section with an explicit formula for adding two points in E(K). If E
is an elliptic curve over a field K, given by an equation y 2 = x3 + ax + b, then we
can compute the group addition using the following algorithm.
Algorithm 10.1.8 (Elliptic Curve Group Law). Given P1 , P2 ∈ E(K), this algo-
rithm computes the sum R = P1 + P2 ∈ E(K).
1. [One Point O] If P1 = O set R = P2 or if P2 = O set R = P1 and terminate.
Otherwise write Pi = (xi , yi ).

2. [Negatives] If x1 = x2 and y1 = −y2 , set R = O and terminate.

(
(3x21 + a)/(2y1 ) if P1 = P2 ,
3. [Compute λ] Set λ =
(y1 − y2 )/(x1 − x2 ) otherwise.
Note: If y1 = 0 and P1 = P2 , output O and terminate.
10.2. GALOIS REPRESENTATIONS 125

4. [Compute Sum] Then R = λ2 − x1 − x2 , −λx3 − ν , where ν = y1 −λx1 and x3

is the x coordinate of R.

10.1.3 Other Groups

There are other abelian groups attached to elliptic curves, such as the torsion sub-
group E(K)tor of elements of E(K) of finite order. The torsion subgroup is (iso-
morphic to) the group T that appeared in Equation (10.1.2) above). When K is
a number field, there is a group called the Shafarevich-Tate group X(E/K) at-
tached to E, which plays a role similar to that of the class group of a number field
(though it is an open problem to prove that X(E/K) is finite in general). The
definition of X(E/K) involves Galois cohomology, so we wait until Chapter 11 to
define it. There are also component groups attached to E, one for each prime of
OK . These groups all come together in the Birch and Swinnerton-Dyer conjecture
(see http://wstein.org/books/bsd/).

10.2 Galois Representations Attached to Elliptic Curves

Let E be an elliptic curve over a number field K. In this section we attach represen-
tations of GK = Gal(K/K) to E, and use them to define an L-function L(E, s). This
L-function is yet another generalization of the Riemann Zeta function, that is differ-
ent from the L-functions attached to complex representations Gal(Q/Q) → GLn (C),
which we encountered before in Section 9.5.
There is a natural action of GK on the points of E(K). Given a point P =
(a, b) ∈ E(K) we define σ(P ) to be the point (σ(a), σ(b)). Since E is defined over K
the point σ(P ) will again lie on E so the action is well defined. Note that the group
structure on E is defined by algebraic formulas with coefficients in K. It follows that
the action commutes with point addition meaning that σ(P + Q) = σ(P ) + σ(Q).
Now fix an integer n. From what we have seen, the subgroup

E[n] = {P ∈ E(K) : nP = O}

is invariant under the action of GK . We thus obtain a homomorphism

ρE,n : GK → Aut(E[n]).

Warning 10.2.1. Though the action of GK leaves the group E[n] fixed, it may act
non-trivially on individual elements! Otherwise ρE,n would not be very interesting.
For any positive integer n, the group E[n] is isomorphic as an abstract abelian
group to (Z/nZ)2 . There are various related ways to see why this is true. One is to
use the Weierstrass ℘-theory to parametrize E(C) by the the complex numbers, i.e.,
to find an isomorphism C/Λ ∼ = E(C), where Λ is a lattice in C and the isomorphism
is given by z 7→ (℘(z), ℘0 (z)) with respect to an appropriate choice of coordinates on
E(C). It is then an easy exercise to verify that (C/Λ)[n] ∼ = (Z/nZ)2 . For a detailed
and rigorous walk through of this method see [?, Ch. 1.4].
126 CHAPTER 10. ELLIPTIC CURVES AND L-FUNCTIONS

Another way to understand E[n] is to use the fact that E(C)tor is isomorphic
to the quotient
H1 (E(C), Q)/ H1 (E(C), Z)

of homology groups and that the homology of a curve of genus g is isomorphic to

Z2g . Then we have a non-canonical isomorphism

E[n] ≈ (Q/Z)2 [n] = (Z/nZ)2 .

Technically the previous arguments have shown E(C)[n] ≈ (Z/nZ)2 . How-

ever, our definition of E[n] used points in E(K). So we need to show the points
E(C)[n] are actually defined over K. Note that E(C)[n] is finite and invariant under
Aut(C/K) for the same reason as E[n] was invariant under Gal(K/K) (point addi-
tion is defined by algebraic formulas with coefficients in K). It follows that E(C)[n]
is indeed defined over E(K) so the arguments above show that E[n] ≈ (Z/nZ)2 .

Remark 10.2.2. Notice that the arguments above used many analytic facts about
geometry over C (e.g. homology, analytic structure) in order to prove algebraic
facts (e.g. the number of torsion points) about E(K). This is part of a more
general concept called the Lefschetz principle which generally relates geometry over
an algebraically closed field of characteristic 0 to geometry over C. For more on
this see [Sil92, Ch. VI.6].

Remark 10.2.3. In fact, if p is a prime that does not divide n then E[n] ≈ (Z/nZ)2
over fields of characteristic p. However, the methods we used above do not apply to
the case of positive characteristic. Another method is to show the multiplication by
n map is separable and has degree n2 . For a detailed proof see [Sil92, Cor. III.6.4].

Exercise 10.2.4. Let E be an elliptic curve defined over a number field K. Fix an
integer n and consider the extension of K given by

K(E[n]) = K({a, b : (a, b) ∈ E[n]}).

Show that K(E[n])/K is a finite Galois extension.

Hint: By the arguments above #E[n] = n2 which shows the extension is finite.
Next recall that E[n] is left invariant by the action of Gal(K/K). What can you
say about the embeddings from K(E[n]) into K which leave K fixed?

Example 10.2.5. Consider the case when n = 2. From Exercise 10.1.5 we know that
the points in E[2] are exactly the points with y-coordinate 0. Let E be the elliptic
curve given by E : y 2 = x3 +x+1. If y = 0 then x has to be a root of the polynomial
x3 + x + 1, so the points in E[2] are defined over the splitting field of x3 + x + 1.
We can compute these points in Sage.
10.2. GALOIS REPRESENTATIONS 127

E = EllipticCurve ([1 ,1]); E

Elliptic Curve defined by y ^2 = x ^3 + x + 1 over

Rational Field

R . <x > = QQ []; R

Univariate Polynomial Ring in x over Rational Field

f = x ^3 + x + 1
K . <a > = NumberField ( f )
M . <b > = K . galois _closure (); M

Number Field in b with defining polynomial

x ^6 + 6* x ^4 + 9* x ^2 + 31

F = E . change_ring ( M )
T = F . t o r s i o n _s u b g r o u p (); T

Torsion Subgroup isomorphic to Z /2 + Z /2 associated

to the Elliptic Curve defined by y ^2 = x ^3 + x + 1
over Number Field in b with defining polynomial
x ^6 + 6* x ^4 + 9* x ^2 + 31

T . gens ()

((1/18* b ^4 + 5/18* b ^2 + 1/2* b + 2/9 : 0 : 1) ,

(1/18* b ^4 + 5/18* b ^2 - 1/2* b + 2/9 : 0 : 1))

Note that this matches with what we expected: we computed two generators for
E[2] (the output of the last cell) corresponding to two generators of (Z/2Z)2 .
If n = p is a prime, then upon chosing a basis for the two-dimensional Fp -vector
space E[p], we obtain an isomorphism Aut(E[p]) ∼ = GL2 (Fp ). We thus obtain a
mod p Galois representation

ρE,p : GK → GL2 (Fp ).

This representation ρE,p is continuous if GL2 (Fp ) is endowed with the discrete topol-
ogy, because the field K(E[p]) is a Galois extension of K of finite degree by Exer-
cise 10.2.4.
In order to attach an L-function to E, one could try to embed GL2 (Fp ) into
GL2 (C) and use the construction of Artin L-functions from Section 9.5. Unfor-
tunately, this approach is doomed in general, since GL2 (Fp ) frequently does not
embed in GL2 (C). The following Sage session shows that for p = 5, 7, there are no
2-dimensional irreducible representations of GL2 (Fp ), so GL2 (Fp ) does not embed in
GL2 (C). The notation in the output below is [degree of rep, number of times
it occurs].
128 CHAPTER 10. ELLIPTIC CURVES AND L-FUNCTIONS

GL (2 , GF (2)). gap (). Cha racterTa ble (). C h a ra c t e r D e g r e e s ()

[ [ 1, 2 ], [ 2, 1 ] ]

GL (2 , GF (3)). gap (). Cha racterTa ble (). C h a ra c t e r D e g r e e s ()

[ [ 1, 2 ], [ 2, 3 ], [ 3, 2 ], [ 4, 1 ] ]

GL (2 , GF (5)). gap (). Cha racterTa ble (). C h a ra c t e r D e g r e e s ()

[ [ 1 , 4 ] , [ 4 , 10 ] , [ 5 , 4 ] , [ 6 , 6 ] ]

GL (2 , GF (7)). gap (). Cha racterTa ble (). C h a ra c t e r D e g r e e s ()

[ [ 1 , 6 ] , [ 6 , 21 ] , [ 7 , 6 ] , [ 8 , 15 ] ]

Instead of using the complex numbers, we use the p-adic numbers 3 , as follows.
For each power pm of p, we have defined a homomorphism

ρE,pm : GK → Aut(E[pm ]) ≈ GL2 (Z/pm Z).

We combine together all of these representations (for all m ≥ 1) using the inverse
limit. Recall that the p-adic numbers are

Zp = lim Z/pm Z,
←−
which is the set of all compatible choices of integers modulo pm for all m. We obtain
a (continuous) homomorphism

ρE,p : GK → Aut(lim E[pm ]) ∼

= GL2 (Zp ),
←−
where Zp is the ring of p-adic integers. The composition of this homomorphism with
the reduction map GL2 (Zp ) → GL2 (Fp ) is the representation ρE,p , which we defined
above, which is why we denoted it by ρE,p . We next try to mimic the construction
of L(ρ, s) from Section 9.5 in the context of a p-adic Galois representation ρE,p .

Definition 10.2.6 (Tate module). The p-adic Tate module of E is

Tp (E) = lim E[pn ].

←−
Let M be the fixed field of ker(ρE,p ). The image of ρE,p is infinite, so M
is an infinite extension of K. Fortunately, one can prove that M is ramified at
only finitely many primes (the primes of bad reduction for E and p—see [ST68]).
If ` is a prime of K, let D` be a choice of decomposition group for some prime p
of M lying over `, and let I` be the inertia group. We haven’t defined inertia and
decomposition groups for infinite Galois extensions, but the definitions are almost
3
For a review of p-adic numbers and p-adic analysis see [?].
10.2. GALOIS REPRESENTATIONS 129

the same: choose a prime of OM over `, and let D` be the subgroup of Gal(M/K)
that leaves p invariant. Then the submodule Tp (E)I` of inertia invariants is a module
for D` and the characteristic polynomial F` (x) of Frob` on Tp (E)I` is well defined
(since inertia acts trivially). Let R` (x) be the polynomial obtained by reversing the
coefficients of F` (x). One can prove that R` (x) ∈ Z[x] and that R` (x), for ` 6= p
does not depend on the choice of p. Define R` (x) for ` = p using a different prime
q 6= p, so the definition of R` (x) does not depend on the choice of p.

Definition 10.2.7. The L-series of E is

Y 1
L(E, s) = .
R` (`−s )
`

A prime p of OK is a prime of good reduction for E if there is an equation

for E such that E mod p is an elliptic curve over the field OK /p. If K = Q
and ` is a prime of good reduction for E, then one can show that that R` (`−s ) =
1 − a` `−s + `1−2s , where a` = ` + 1 − #Ẽ(F` ) and Ẽ is the reduction of a local
minimal model for E modulo `. (There is a similar statement for K 6= Q.)
One can prove using fairly general techniques that the product expression for
L(E, s) defines a holomorphic function in some right half plane of C, i.e., the product
converges for all s with Re(s) > α, for some real number α.
Recall that the Artin L-function from Section 9.5 (see Equation 9.5.1) extended
to meromorphic function on the entire complex plane and Artin conjectured that the
L-function of any continuous representation of Gal(Q/Q) → GLn (C) also extends to
a meromorphic function on C. We could ask the same question for the L-functions
attached to elliptic curves. However, we will instead ask for something stronger:

Does the L-function L(E, s) attached to an elliptic curve E extends to a

holomorphic function on C?

This question was one of the central topics in number theory in the late 1990s
and early 2000s. An amazing fact is that the question has been answered in the
affirmative.

Theorem 10.2.8. The function L(E, s) extends to a holomorphic function on all C.

This is a corollary to the modularity theorem described in the next section, see
Corollary 10.2.10.

10.2.1 Modularity of Elliptic Curves over Q

Fix an elliptic curve E over Q. In this section we will explain what it means for E
to be modular, and note the connection with Conjecture 10.2.8 from the previous
section.
First, we give the general definition of modular form (of weight 2). The complex
upper half plane is h = {z ∈ C : Im(z) > 0}. A cuspidal modular form f of level N
130 CHAPTER 10. ELLIPTIC CURVES AND L-FUNCTIONS

(of weight 2) is a holomorphic

a b

function f : h → C such that limz→i∞ f (z) = 0 and
for every integer matrix c d with determinant 1 and c ≡ 0 (mod N ), we have
 
az + b
f = (cz + d)−2 f (z).
cz + d

For each prime number ` of good reduction, let a` = ` + 1 − #Ẽ(F` ). If ` is a

prime of bad reduction let a` = 0, 1, −1, depending on how singular the reduction Ẽ
of E is over F` . If Ẽ has a cusp, then a` = 0, and a` = 1 or −1 if Ẽ has a node; in
particular, let a` = 1 if and only if the tangents at the cusp are defined over F` .
Extend the definition of the a` to an for all positive integers n as follows. If
gcd(n, m) = 1 let anm = an · am . If pr is a power of a prime p of good reduction, let

apr = apr−1 · ap − p · apr−2 .

If p is a prime of bad reduction let apr = (ap )r .

Attach to E the function
∞
X
fE (z) = an e2πiz .
n=1

It is an extremely deep theorem that fE (z) is actually a cuspidal modular form,

and not just some random function.
The following theorem is called the modularity theorem for elliptic curves over Q.
Before it was proved it was known as the Taniyama-Shimura-Weil conjecture.

Theorem 10.2.9 (Wiles, Brueil, Conrad, Diamond, Taylor). Every elliptic curve
over Q is modular, i.e, the function fE (z) is a cuspidal modular form.

Corollary 10.2.10 (Hecke). If E is an elliptic curve over Q, then the L-function

L(E, s) has an analytic continuous to the whole complex plane.
Chapter 11

Galois Cohomology

Let G be a group and suppose G acts on an abelian group A (defined below).

In this chapter we will study abelian groups attached to the action of G on A.
These are called cohomology groups and denoted by Hn (G, A). The theory of these
groups is referred to as group cohomology. In the later sections G will represent the
Galois group of a field extension. This is called Galois cohomology. Studying Galois
cohomology helps us understand the structure of Galois groups such as Gal(Q/Q).

11.1 Group Rings and Modules

In this section we define group modules, which are analogous to modules over a
ring. For a review of the theory of modules over a ring see [?, Ch. 10].
Definition 11.1.1. Let G be any group. The group ring Z[G] of G is the free
abelian group (equivalently the free Z-module) on the elements of G equipped with
multiplication given by the group structure on G. Note that Z[G] is a commutative
ring if and only if G is abelian.
Example 11.1.2. For example, the group ring of the cyclic group Cn = hai of order n
is the free Z-module on 1, a, . . . , an−1 , and the multiplication is induced by ai aj =
ai+j = ai+j (mod n) extended linearly. For example, in Z[C3 ] we have

(1 + 2a)(1 − a2 ) = 1 − a2 + 2a − 2a3 = 1 + 2a − a2 − 2 = −1 + 2a − a2 .

Since a3 = 1 you might think that Z[C3 ] is isomorphic to the ring Z[ζ3 ] of integers
of Q(ζ3 ), but you would be wrong, since the ring of integers is isomorphic to Z2 as
an abelian group, but Z[C3 ] is isomorphic to Z3 as abelian group. Note that Q(ζ3 )
is a quadratic extension of Q.
Exercise 11.1.3. Is Z[ζ3 ] isomorphic to the group ring of some group?
Hint: Note that the rank of the group ring as a Z-module is equal to the size of
the group. If Z[ζ3 ] was a group ring then it would have to be isomorphic to Z[C2 ].
Exercise 11.1.4.

131
132 CHAPTER 11. GALOIS COHOMOLOGY

(a) Write down an two elements of Z[Z] and multiply them. This is not hard, but
is good practice with the concept of a group ring.

(b) Show Z[Z] is isomorphic to Z x, x1 .

 

Definition 11.1.5. Let G be a finite group. A G-module is an abelian group A

equipped with a left action of G, i.e., a group homomorphism G → Aut(A), where
Aut(A) denotes the group of group isomorphisms A → A with the operation of
function composition.

Exercise 11.1.6. Fix an abelian group A. Show the following are equivalent sets
of data. Specifically, given any one of the following objects, there is a natural way
to construct another.

(a) A group homomorphism G → Aut(A).

(b) A map ρ : G × A → A such that for all g, h ∈ G and a, b ∈ A,

(i) ρ(g, a + b) = ρ(g, a) + ρ(g, b)

(ii) ρ(e, a) = a where e is the identity in G.
(iii) ρ(gh, a) = ρ(g, ρ(h, a))

(c) A ring homomorphism Z[G] → End(A).

(d) A map ρ : Z[G] × A → A with the same properties listed in (b).

Remark 11.1.7. In Exercise 11.1.6, part (a) is our definition of a G-module and
parts (c) and (d) are the data of a Z[G]-module. This shows that a G-module in
the above sense is the same as a Z[G]-module in the usual module sense.
Example 11.1.8. If G is any finite group and A any abelian group then we can always
make A into a G-module by giving it the trivial action. In particular, Z with the
trivial action is a module over any group G, as is Z/mZ for any positive integer m.
Another example is G = (Z/nZ)∗ , which acts via multiplication on A = Z/nZ.
Remark 11.1.9. The construction Z[G] from G is natural, in the sense that it defines
a functor between categories. Moreover, Z[G] is the most natural way to construct
a ring from a group in the sense that the group ring functor is a left adjoint to the
forgetful functor from rings to groups. These types of functors are sometimes called
“free” functors. If you are interested in free objects, see if you can come up with a
natural way to add structure to other objects. Could you make a set into a group?
How about a vector space?

11.2 Group Cohomology

Let G be a finite group and A a G-module. For each integer n ≥ 0 there is an
abelian group Hn (G, A) called the nth cohomology group of G acting on A. The
11.2. GROUP COHOMOLOGY 133

general definition is somewhat complicated, but the definition for n ≤ 1 is fairly

concrete. For example, the 0th cohomology group

H0 (G, A) = {x ∈ A : σx = x for all σ ∈ G} = GA

is the subgroup of elements of A that are fixed by every element of G.

The first cohomology group

H1 (G, A) = C 1 (G, A)/B 1 (G, A)

is the group C 1 of 1-cocycles modulo the group B 1 of 1-coboundaries, where

C 1 (G, A) = {f : G → A such that f (στ ) = f (σ) + σf (τ )}

where the maps f : G → A range over all set-theoretic maps. If we let fa : G → A

denote the set-theoretic map fa (σ) = σ(a) − a, then

B 1 (G, A) = {fa : a ∈ A}.

There are also explicit, and increasingly complicated, definitions of Hn (G, A) for
each n ≥ 2 in terms of crossed homomorphisms, which are certain maps G×· · ·×G →
A modulo a subgroup. We will not need these maps, but for more information about
them see [Cp86, Ch. IV.2].

Exercise 11.2.1. Suppose G acts trivially on A. Show that B 1 (G, A) = 0 and

C 1 (G, A) ∼
= Hom(G, A). In particular, this shows H1 (G, Z) ∼
= Hom(G, A). Deduce
that if A = Z then H1 (G, Z) = 0.
Hint: For any σ ∈ G we have fa (σ) = σ(a) − a = a − a = 0. Also for any finite
group G, show that Hom(G, Z) = 0.

Example 11.2.2. The groups H n (G, Z) and H n (G, Z/pZ) (where p is a prime) are
computable in Sage. For example we can compute H 10 (A5 , Z) and H 7 (A5 , Z/5Z)
where A5 is the alternating group of order 120 and Z/5Z is given the trivial A5 -
module structure.

G = A l t e r n a t i n g G r o u p (5); G

Alternating group of order 5!/2 as a permutation group

G . cohomology (10)

Mult iplicati ve Abelian group isomorphic to C2 x C2

G . cohomology (7 ,5)

Mult iplicati ve Abelian group isomorphic to C5

134 CHAPTER 11. GALOIS COHOMOLOGY

11.2.1 The Main Theorem

Definition 11.2.3. If X is any abelian group, then A = Hom(Z[G], X) is a G-
module. We call a module constructed in this way coinduced.

The following theorem gives three properties of group cohomology, which uniquely
determine group cohomology.

Theorem 11.2.4. Suppose G is a finite group. Then

1. We have H0 (G, A) = AG .

2. If A is a coinduced G-module, then Hn (G, A) = 0 for all n ≥ 1.

3. If 0 → A → B → C → 0 is any exact sequence of G-modules, then there is a

long exact sequence

0 H0 (G, A) H0 (G, B) H0 (G, C)

H1 (G, A) H1 (G, B) H1 (G, C)

···

Hn (G, A) Hn (G, B) Hn (G, C)

Hn+1 (G, A) Hn+1 (G, B) Hn+1 (G, C) ···

Moreover, the functor Hn (G, −) is uniquely determined by these three properties.

We will not prove this theorem. For proofs see [Cp86, Atiyah-Wall] and [Ser79,
Ch. 7]. The properties of the theorem uniquely determine group cohomology, so
one should in theory be able to use them to deduce anything that can be deduced
about cohomology groups. Indeed, in practice one frequently proves results about
higher cohomology groups Hn (G, A) by writing down appropriate exact sequences,
using explicit knowledge of H0 , and chasing diagrams.
Remark 11.2.5. Alternatively, we could view the defining properties of the theorem
as the definition of group cohomology, and could state a theorem that asserts that
group cohomology exists.
Remark 11.2.6. For those familiar with commutative and homological algebra, we
have
Hn (G, A) = ExtnZ[G] (Z, A),
where Z is the trivial G-module.
11.2. GROUP COHOMOLOGY 135

Remark 11.2.7. One can interpret H2 (G, A) as the group of equivalence classes of
extensions of G by A, where an extension is an exact sequence

0→A→M →G→1

such that the induced conjugation action of G on A is the given action of G on A.

(Note that G acts by conjugation, as A is a normal subgroup since it is the kernel
of a homomorphism.)

11.2.2 Example Application of the Theorem

For example, let’s see what we get from the exact sequence
m
0 → Z −→ Z → Z/mZ → 0,

where m is a positive integer, and Z has the structure of trivial G module. By

definition we have H0 (G, Z) = Z and H0 (G, Z/mZ) = Z/mZ. The long exact
sequence begins

m
0 Z Z Z/mZ

[m]
H1 (G, Z) H1 (G, Z) H1 (G, Z/mZ)

[m]
H2 (G, Z) H2 (G, Z) H2 (G, Z/mZ) ···

From the first few terms of the sequence and the fact that Z surjects onto Z/mZ,
we see that [m] : H1 (G, Z) → H1 (G, Z) is injective. This is consistent with Exer-
cise 11.2.1 above that showed H1 (G, Z) = 0. Using this vanishing and the right side
of the exact sequence we obtain an isomorphism

H1 (G, Z/mZ) ∼
= H2 (G, Z)[m]

where H2 (G, Z)[m] is the kernel of the map [m] : H2 (G, Z) → H2 (G, Z). By Exer-
cise 11.2.1, when a group acts trivially the H1 is Hom, so

H2 (G, Z)[m] ∼
= Hom(G, Z/mZ). (11.2.1)

One can prove that for any n > 0 and any module A that the group Hn (G, A)
has order dividing #G (see Remark 11.3.5). Thus (11.2.1) allows us to understand
H2 (G, Z), and this comprehension arose naturally from the properties in Theo-
rem 11.2.4 that determine the cohomology groups Hn .
136 CHAPTER 11. GALOIS COHOMOLOGY

11.3 Inflation and Restriction

Suppose H is a subgroup of a finite group G and A is a G-module.
For each n ≥ 0, there is a natural map

resH : Hn (G, A) → Hn (H, A)

called restriction. Elements of Hn (G, A) can be viewed as classes of n-cocycles,

which are certain maps G × · · · × G → A. From this perspective resH takes a map
to its restriction H × · · · × H → A. This is equivalent to precomposing with the
natural inclusion H × · · · × H → G × · · · × G.
If H is a normal subgroup of G, there is also an inflation map

inf H : Hn (G/H, AH ) → Hn (G, A),

given by taking a cocycle f : G/H × · · · × G/H → AH and precomposing with the

quotient map G → G/H to obtain a cocycle for G.

Exercise 11.3.1. Show that if A is a G-module then AH is naturally a G/H-

module for any normal subgroup H. Convince yourself that G/H does not in
general naturally act on all of A.

The following proposition will be useful when proving the weak Mordell-Weil
theorem (see Theorem 12.2.3).

Proposition 11.3.2. Suppose H is a normal subgroup of G. Then there is an exact

sequence
inf res
0 → H1 (G/H, AH ) −−−H
→ H1 (G, A) −−−H
→ H1 (H, A).

Proof. Our proof follows [Ser79, Pg. 117] closely.

We see that res ◦ inf = 0 since on cocycles the composition is defined by pre-
composing with H → G → G/H, which gives the trivial map. It remains to prove
that inf H is injective and that the image of inf H contains the kernel of resH .

1. (That inf H is injective): Suppose f : G/H → AH is a cocycle whose image

in H1 (G, A) is equivalent to 0 modulo coboundaries. Then there is an a ∈ A
such that f (σ) = σa − a, where we identify f with the map G → A that is
constant on the costs of H. But f depends only on the coset of σ modulo H,
so σa − a = στ a − a for all τ ∈ H, i.e., τ a = a (as we see by adding a to
both sides and multiplying by σ −1 ). Thus a ∈ AH , so f is equivalent to 0 in
H1 (G/H, AH ).

2. (The image of inf H contains the kernel of resH ): Suppose f : G → A is a

cocycle whose restriction to H is a coboundary, i.e., there is a ∈ A such that
f (τ ) = τ a − a for all τ ∈ H. Subtracting the coboundary g(σ) = σa − a for
σ ∈ G from f , we may assume f (τ ) = 0 for all τ ∈ H. Examing the equation
11.3. INFLATION AND RESTRICTION 137

f (στ ) = f (σ) + σf (τ ) with τ ∈ H shows that f is constant on the cosets of H.

Again using this formula, but with σ ∈ H and τ ∈ G, we see that
f (τ ) = f (στ ) = f (σ) + σf (τ ) = σf (τ ),
so the image of f is contained in AH . Thus f defines a cocycle G/H → AH , i.e.,
is in the image of inf H .

Example 11.3.3. The sequence of Proposition 11.3.2 need not be surjective on

the right. For example, suppose H = A3 ⊂ S3 , and let S3 act trivially on the
group Z/3Z. Using the Hom interpretation of H1 , we see that H1 (S3 /A3 , Z/3Z) =
H1 (S3 , Z/3Z) = 0, but H1 (A3 , Z/3Z) has order 3. We can compute this example in
Sage as follows.
S3 = Symm etricGro up (3); S3

Symmetric group of order 3! as a permutation group

S3 . cohomology (1 ,3)

Trivial Abelian group

A3 = A l t e r n a t i n gG r o u p (3); A3

Alternating group of order 3!/2 as a permutation group

A3 . cohomology (1 ,3)

Mult iplicati ve Abelian group isomorphic to C3

Remark 11.3.4. One generalization of Proposition 11.3.2 is to a more complicated

exact sequence involving the “transgression map” tr:
inf res tr
0 → H1 (G/H, AH ) −−−H
→ H1 (G, A) −−−H
→ H1 (H, A)G/H −
→ H2 (G/H, AH ) → H2 (G, A).
Another generalization of Proposition 11.3.2 is that if Hm (H, A) = 0 for 1 ≤ m < n,
then there is an exact sequence
inf res
0 → Hn (G/H, AH ) −−−H
→ Hn (G, A) −−−H
→ Hn (H, A).
For more information see [Ser79, Ch. VII.6].
Remark 11.3.5. If H is a not-necessarily-normal subgroup of G, there are also maps
coresH : Hn (H, A) → Hn (G, A)
P
for each n. For n = 0 this is the trace map a 7→ σ∈G/H σa, but the definition for
n ≥ 1 is more involved. One has coresH ◦ resH = [#(G/H)]. Taking H = 1 this
implies that for each n ≥ 1 the group Hn (G, A) is annihilated by [#G].
138 CHAPTER 11. GALOIS COHOMOLOGY

11.4 Galois Cohomology

Suppose L/K is a finite Galois extension of fields (recall that Galois here means is
normal and separable), and A is a Gal(L/K)-module. Put

Hn (L/K, A) = Hn (Gal(L/K), A).

Following Section 9.5, we can put a topology on Gal(K sep /K) by taking as a
basis of the origin, subgroups of the form Gal(K sep /L) where L/K is a finite Galois
extension.
Exercise 11.4.1. Let H be a subgroup of G = Gal(K sep /K). Show that H is
open if and only if H is closed and has finite index in G. [Hint: If H is open then
it contains a basis element N . By definition of the basis described above, N is
finite index in G. What does this say about the index of H in G? What about the
compliment of H? ]
Definition 11.4.2. Let A be a Gal(K sep /K)-module. We say that A is a continuous
Gal(K sep /K)-module if the map Gal(K sep /K) × A → A (see Exercise 11.1.6) is
continuous when A has the discrete topology.
Exercise 11.4.3. Let G = Gal(K sep /K) and A be a G-module. Show that A is a
continuous G-module if and only if the subgroup Ga = {σ ∈ G : σ(a) = a} is open
for every a ∈ A.
Now let A be a continuous Gal(K sep /K)-module. Let
sep /L)
A(L) = AGal(K = {x ∈ A : σ(x) = x for all σ ∈ Gal(K sep /L)}.

and define
Hn (K, A) = lim Hn (L/K, A(L)),
−→
L/K

where the limit is taken over all finite Galois extensions L/K.
It is not obvious that the groups Hn (K, A) are actually cohomology groups, i.e.
they satisfy the conclusion of Theorem 11.2.4. However one can show they have
analogous properties, see [Ser79, Ch. X.3] for references.
Remark 11.4.4. Those familiar with algebraic geometry should compare the groups
Hn (K, A) with the Čech cohomology groups on the étale site over Spec K. One can
show that Čech cohomology agrees with the derived functor groups of A 7→ AG , see
[?, Ch. 10]. Therefore Hn (K, A) do indeed define a cohomology theory.
Example 11.4.5. The following are examples of continuous Gal(Q/Q)-modules:
∗ ∗
Q, Q , Z, Z , E(Q), E(Q)[n], Tate` (E),

where E is an elliptic curve over Q. Can you identify the action for each module
A? What about A(L) for any finite Galois extension L/Q. It is important to notice
∗
Q (L) = L∗ .
11.4. GALOIS COHOMOLOGY 139

∗
Theorem 11.4.6 (Hilbert 90). We have H1 (K, K ) = 0.

Proof. Our proof follows [Ser79, Pg. 150] closely.

∗
Because H1 (K, K ) = limL/K H1 (L/K, L∗ ) It suffices to prove H1 (L/K, L∗ ) = 0
−→
for every finite Galois extension L/K. Let G = Gal(L/K) and f be a 1-cocycle
so that f : G → L∗ such that f (στ ) = f (σ) · σ(f (τ )). Here “ · ” represents
multiplication in L∗ . A standard fact from Galois theory is that the elements of G
are L linearly independent. Hence we can find some c ∈ L such that
X
b= f (τ ) · τ (c) 6= 0.
τ ∈G

Now apply σ to both sides to get

X
σ(b) = σ(f (τ )) · στ (c)
τ ∈G
X
= f (σ)−1 · f (στ ) · στ (c)
τ ∈G
X
= f (σ)−1 · f (στ ) · (στ )(c)
τ ∈G
= f (σ)−1 · b.

This shows f is a coboundary. Specifically, it shows f = fb−1 in the notation we

used to define coboundaries above.
140 CHAPTER 11. GALOIS COHOMOLOGY
Chapter 12

The Weak Mordell-Weil

Theorem

12.1 Kummer Theory of Number Fields

Suppose K is a number field and fix a positive integer n. Let µn denote the nth
roots of unity in K as a group under multiplication. Consider the exact sequence
∗ n ∗
1 → µn → K −
→K →1

where n denotes the map a 7→ an .

The corresponding long exact sequence from Theorem 11.2.4 is
n ∗
1 → µn (K) → K ∗ −
→ K ∗ → H1 (K, µn ) → H1 (K, K ) = 0,

where µn (K) is the nth roots of unity contained in K. The last equality follows
from Theorem 11.4.6.
Assume now that the group µn is contained in K. Using Galois cohomology we
obtain a relatively simple classification of all abelian extensions of K with cyclic
Galois group of order dividing n. Moreover, since the action of Gal(K/K) on µn is
trivial, by our hypothesis that µn ⊂ K, Exercise 11.2.1 implies

H1 (K, µn ) = Hom(Gal(K/K), µn ).

Thus we obtain an exact sequence

n
1 → µn → K ∗ −
→ K ∗ → Hom(Gal(K/K), µn ) → 1,

or equivalently, an isomorphism

K ∗ /(K ∗ )n ∼
= Hom(Gal(K/K), µn ).

By Galois theory, homomorphisms Gal(K/K) → µn (up to automorphisms of µn )

correspond to cyclic abelian extensions of K with Galois group a subgroup of the

141
142 CHAPTER 12. THE WEAK MORDELL-WEIL THEOREM

cyclic group µn . Unwinding the definitions, this says that every cyclic abelian
extension of K of degree dividing n is of the form K(a1/n ) for some element a ∈ K.
One can prove via calculations that K(a1/n ) is unramified outside n and the
primes that divide Norm(a). Moreover, and this is a much bigger result, one can
combine this with facts about class groups and unit groups to prove the following
theorem:

Theorem 12.1.1. Suppose K is a number field with µn ⊂ K, where n is a positive

integer. Let L be the maximal extension of K such that

(i) Gal(L/K) is abelian,

(ii) n · Gal(L/K) = 0, and

(iii) L is unramified outside a finite set S of primes.

Then L/K is of finite degree.

Sketch of Proof. Note that we may enlarge S as needed. To see this, choose a finite
set S 0 ⊇ S and let L0 the maximal extension with respect to S 0 as in the statement
of the theorem. Because L is unramified outside of S, it is certainly unramified
outside of S 0 . By maximality of L0 this implies L0 ⊆ L. Therefore it’s sufficient to
show the larger extension L0 /K is finite.
We first argue that we can enlarge S so that the ring

OK,S = {a ∈ K ∗ : ordp (aOK ) ≥ 0 for all p 6∈ S} ∪ {0}

is a principal ideal domain. One can show that for any S, the ring OK,S is a
Dedekind domain. The condition ordp (aOK ) ≥ 0 means that in the prime ideal
factorization of the fractional ideal aOK , we have that p occurs to a nonnegative
power. Thus we are allowing denominators at the primes in S. Since the class group
of OK is finite, there are primes p1 , . . . , pr that generate the class group as a group
(for example, take all primes with norm up to the Minkowski bound). Enlarge S to
contain the primes pi .
Note that we have used the class group of OK is finite.
Next we want to show pi OK,S is the unit ideal. To see this, let m be the order
of pi in the class group of OK so that pm i = (α) for some α ∈ OK . Note the
factorization of α1 OK is p−m
i so by construction 1
α ∈ OK,S . Since α ∈ (pi OK,S )
m

this shows (pi OK,S )m is the unit ideal. It follows from the unique factorization of
ideals in the Dedekind domain OK,S that pi OK,S is the unit ideal.
Now we can show OK,S is a principal ideal domain. Let P be a prime ideal
of OK,S . Since the pi generate the class group of OK , the restriction of P to OK
is equivalent modulo a principal ideal to a product of the primes pi . Therefore P
is equivalent modulo a principal ideal to a product of ideals of the form pi OK,S .
Because we showed pi OK,S was the unit ideal, this means P is principal.
12.1. KUMMER THEORY OF NUMBER FIELDS 143

Next enlarge S so that all primes over nOK are in S. Note that OK,S is still a
PID. Let
K(S, n) = {a ∈ K ∗ /(K ∗ )n : n | ordp (a) for all p 6∈ S}.

Then a refinement of the arguments at the beginning of this section show that L is
generated by all nth roots of the elements of K(S, n) (specifically, their representa-
tives in K). Thus it suffices to prove that K(S, n) is finite.
∗
If a ∈ OK,S then ordp (a) = 0 for all p ∈
/ S. So there is a natural map

∗
φ : OK,S → K(S, n)

sending a to it’s residue class in K ∗ /(K ∗ )n . Suppose a ∈ K ∗ is a representative of

an element in K(S, n). The ideal aOK,S has a factorization which is a product of
nth powers, so it is an nth power of an ideal. Since OK,S is a PID, there is b ∈ OK,S
∗
and u ∈ OK,S such that
a = bn · u.

Thus u ∈ OK,S∗ maps to [a] ∈ K(S, n). This shows φ is surjective.

Recall Dirichlet’s unit theorem (Theorem 8.1.2), which asserts that the group
OK∗ is a finitely generated abelian group of rank r + s − 1. More generally, we now

show that OK,S∗ is a finitely generated abelian group of rank r + s + #S − 1. This

result with above would imply K(S, n) is a torsion group which is a quotient of a
finitely generated group and hence finite, thus proving the theorem.
∗
The fact that OK,S has rank r +s−1+#S is sometimes referred to as the S-unit
theorem or the Dirichlet S-unit theorem. To prove this theorem, let p1 , . . . , pm be
the primes in S and define a map φ : OK,S ∗ → Zm by

φ(u) = (ordp1 (u), . . . , ordpm (u)).

First we show that Ker(φ) = OK ∗ . We have that u ∈ Ker(φ) if and only if u ∈ O ∗

K,S
and ordpi (u) = 0 for all i; but the latter condition implies that u is a unit at each
prime in S. But u ∈ OK,S ∗ implies ordp (u) = 0 for all p ∈/ S, so it follows that
∗
ordp (u) = 0 for all primes p in OK and therefore u ∈ OK . Thus we have an exact
sequence
∗ ∗ φ
1 → OK → OK,S → Zm .
−

Next we show that the image of φ has finite index in Zm . Let h be the class number
∗
of OK . For each i there exists αi ∈ OK such that phi = (αi ). But αi ∈ OK,S since
ordp (αi ) = 0 for all p 6∈ S (by unique factorization). Then

φ(αi ) = (0, . . . , 0, h, 0, . . . , 0).

It follows that (hZ)m ⊂ Im(φ), so the image of φ has finite index in Zm . It follows
∗
that OK,S has rank equal to r + s − 1 + #S.
144 CHAPTER 12. THE WEAK MORDELL-WEIL THEOREM

12.2 Proof of the Weak Mordell-Weil Theorem

Suppose E is an elliptic curve over a number field K, and fix a positive integer n.
Just as with number fields, we have an exact sequence
n
0 → E[n] → E −
→ E → 0.

Then we have an exact sequence

n
→ E(K) → H1 (K, E[n]) → H1 (K, E)[n] → 0.
0 → E[n](K) → E(K) −

Note the last term comes from replacing the codomain of H1 (K, E[n]) → H1 (K, E)
n
by the kernel of H1 (K, E) −
→ H1 (K, E). From this we obtain a short exact sequence

0 → E(K)/nE(K) → H1 (K, E[n]) → H1 (K, E)[n] → 0. (12.2.1)

Now assume, in analogy with Section 12.1, that E[n] ⊂ E(K), i.e., all n-torsion
points are defined over K. Then the Galois action on E[n] is trivial so by exer-
cise 11.2.1 we have

H1 (K, E[n]) = Hom(Gal(K/K), E[n]) ∼

= Hom(Gal(K/K), (Z/nZ)2 ),

and the sequence (12.2.1) induces an inclusion

E(K)/nE(K) ,→ Hom(Gal(K/K), (Z/nZ)2 ). (12.2.2)

Explicitly, this homomorphism sends a point P to the homomorphism defined

as follows: Choose Q ∈ E(K) such that nQ = P ; then send each σ ∈ Gal(K/K) to
σ(Q) − Q ∈ E[n].

Exercise 12.2.1. Consider the map E(K) → Hom(Gal(K/K), E[n]) defined above.
First show this map is well defined, i.e., σ(Q) − Q ∈ E[n]. Then show it does not
depend on the choice of P modulo nE(K) so it in fact descends to a homomorphism
on E(K)/nE(K).

Because E[n] ∼= (Z/nZ)2 , given a point P ∈ E(K), we obtain a homomorphism

ϕ : Gal(K/K) → (Z/nZ)2 , whose kernel defines an abelian extension L of K that
has exponent n. The amazing fact is that L can be ramified only at the primes of
bad reduction for E and the primes that divide n. Thus we can apply theorem 12.1.1
to see that there are only finitely many such L.

Theorem 12.2.2. If P ∈ E(K) is a point, then the field L obtained by adjoining to

K all coordinates of all choices of Q = n1 P is unramified outside n and the primes
of bad reduction for E.

Sketch of Proof. First one proves that if p - n is a prime of good reduction for E,
then the natural reduction map π : E(K)[n] → Ẽ(OK /p) is injective. The argument
that π is injective uses formal groups, whose development is outside the scope of
12.2. PROOF OF THE WEAK MORDELL-WEIL THEOREM 145

this course.1 Next fix any Q as in the statement of the theorem. Above we saw
σ(Q) − Q ∈ E[n] for all σ ∈ Gal(K/K). Let Ip ⊂ Gal(L/K) be the inertia group
at p. By definition of interia group, Ip acts trivially on Ẽ(OK /p). Thus for each
σ ∈ Ip we have

π(σ(Q) − Q) = σ(π(Q)) − π(Q) = π(Q) − π(Q) = 0.

Since π is injective, it follows that σ(Q) = Q for σ ∈ Ip , i.e., that Q is fixed under
all Ip . Repeating for all Q this shows Ip = 1 so L is unramified at p.
Note that we technically only defined π on E(K)[n] and σ(Q) − Q may not lie
in E(K). However, given a finite extension K 0 /K and prime p0 lying over p, E
the reduction map E(K 0 ) → Ẽ(OK 0 /p0 ) is still injective. So we could apply the
argument to the field K 0 given by adjoining the coordinates of Q to K.

Theorem 12.2.3 (Weak Mordell-Weil). Let E be an elliptic curve over a number

field K, and let n be any positive integer. Then E(K)/nE(K) is finitely generated.
Proof. First suppose all elements of E[n] have coordinates in K. Then the homo-
morphism (12.2.2) provides an injection of E(K)/nE(K) into

Hom(Gal(K/K), (Z/nZ)2 ).

By Theorem 12.2.2, the image consists of homomorphisms whose kernels cut out
an abelian extension of K unramified outside n and primes of bad reduction for E.
Since this is a finite set of primes, Theorem 12.1.1 implies that the homomorphisms
all factor through a finite quotient Gal(L/K) of Gal(Q/K). Thus there can be only
finitely many such homomorphisms, so the image of E(K)/nE(K) is finite. Thus
E(K)/nE(K) itself is finite, which proves the theorem in this case.
Next suppose E is an elliptic curve over a number field, but do not make the
hypothesis that the elements of E[n] have coordinates in K. Since the group E[n](C)
is finite and its elements are defined over Q, the extension L of K got by adjoining
to K all coordinates of elements of E[n](C) is a finite extension. It is also Galois,
as we saw when constructing Galois representations attached to elliptic curves. By
Proposition 11.3.2, we have an exact sequence

0 → H1 (L/K, E[n](L)) → H1 (K, E[n]) → H1 (L, E[n]).

The kernel of the restriction map H1 (K, E[n]) → H1 (L, E[n]) is finite, since it is
isomorphic to the finite cohomology group H1 (L/K, E[n](L)). By the argument of
the previous paragraph, the image of E(K)/nE(K) in H1 (L, E[n]) under
res
E(K)/nE(K) ,→ H1 (K, E[n]) −−→ H1 (L, E[n])

is finite, since it is contained in the image of E(L)/nE(L). Thus E(K)/nE(K) is

finite, since we just proved the kernel of res is finite.

1
For an introduction to formal groups of elliptic curves see [Sil92, Ch. IV].
146 CHAPTER 12. THE WEAK MORDELL-WEIL THEOREM
 Part II

Adelic Viewpoint

147
Chapter 13

Valuations

The rest of this book is a partial rewrite of [Cas67] meant to make it more accessible.
I have attempted to add examples and details of the implicit exercises and remarks
that are left to the reader.

13.1 Valuations
Definition 13.1.1 (Valuation). A valuation | · | on a field K is a function defined
on K with values in R≥0 satisfying the following axioms:

(1) |a| = 0 if and only if a = 0,

(2) |ab| = |a| |b|, and

(3) there is a constant C ≥ 1 such that |1 + a| ≤ C whenever |a| ≤ 1.

The trivial valuation is the valuation for which |a| = 1 for all a 6= 0. We will
often tacitly exclude the trivial valuation from consideration.
From (2) we have
|1| = |1| · |1| ,

so |1| = 1 by (1). If w ∈ K and wn = 1, then |w| = 1 by (2). In particular, the

only valuation of a finite field is the trivial one. The same argument shows that
| − 1| = |1|, so
| − a| = |a| all a ∈ K.

Definition 13.1.2 (Equivalent). Two valuations | · | 1 and | · | 2 on the same field

are equivalent if there exists c > 0 such that

|a|2 = |a|c1

for all a ∈ K.

149
150 CHAPTER 13. VALUATIONS

Note that if | · | 1 is a valuation, then | · | 2 = | · | c1 is also a valuation. Also,

equivalence of valuations is an equivalence relation.
If | · | is a valuation and C > 1 is the constant from Axiom (3), then there is a
c > 0 such that C c = 2 (i.e., c = log(2)/ log(C)). Then we can take 2 as constant
for the equivalent valuation | · | c . Thus every valuation is equivalent to a valuation
with C = 2. Note that if C = 1, e.g., if | · | is the trivial valuation, then we could
simply take C = 2 in Axiom (3).
Proposition 13.1.3. Suppose | · | is a valuation with C = 2. Then for all a, b ∈ K
we have
|a + b| ≤ |a| + |b| (triangle inequality). (13.1.1)
Proof. Suppose a1 , a2 ∈ K with |a1 | ≥ |a2 |. Then a = a2 /a1 satisfies |a| ≤ 1. By
Axiom (3) we have |1 + a| ≤ 2, so multiplying by a1 we see that

|a1 + a2 | ≤ 2|a1 | = 2 · max{|a1 |, |a2 |}.

Also we have

|a1 + a2 + a3 + a4 | ≤ 2 · max{|a1 + a2 |, |a3 + a4 |} ≤ 4 · max{|a1 |, |a2 |, |a3 |, |a4 |},

and inductively we have for any r > 0 that

|a1 + a2 + · · · + a2r | ≤ 2r · max |aj |.

If n is any positive integer, let r be such that 2r−1 ≤ n ≤ 2r . Thenn

|a1 + a2 + · · · + an | ≤ 2r · max{|aj |} ≤ 2n · max{|aj |},

since 2r ≤ 2n. In particular,

|n| ≤ 2n · |1| = 2n (for n > 0). (13.1.2)

 
 n 
Applying (13.1.2) to   and using the binomial expansion, we have for any
j 
a, b ∈ K that
 
X n   
n
 n j n−j 
|a + b| =   a b 
 j=0 j 
  
 n  j n−j
≤ 2(n + 1) max    |a| |b|
j j 
   
n
≤ 2(n + 1) max 2 |a|j |b|n−j
j j
  
n j n−j
≤ 4(n + 1) max |a| |b|
j j
≤ 4(n + 1)(|a| + |b|)n .
13.2. TYPES OF VALUATIONS 151

Now take nth roots of both sides to obtain

p
n
|a + b| ≤ 4(n + 1) · (|a| + |b|).

We have by elementary calculus that

p
n
lim 4(n + 1) = 1,
n→∞
√
so |a + b| ≤ |a| + |b|. (The “elementary calculus”: We instead prove that n n → 1,
since the argument is the same and the notation is simpler. First, for any n ≥ 1 we
√
have n n ≥ 1, since upon taking nth powers this is equivalent to n ≥ 1n , which is
√
true by hypothesis. Second, suppose there is an ε > 0 such that n n ≥ 1 + ε for all
n ≥ 1. Then taking logs of boths sides we see that n1 log(n) ≥ log(1 + ε) > 0. But
√
log(n)/n → 0, so there is no such ε. Thus n n → 1 as n → ∞.)

Note that Axioms (1), (2) and Equation (13.1.1) imply Axiom (3) with C = 2.
We take Axiom (3) instead of Equation (13.1.1) for the technical reason that we will
want to call the square of the absolute value of the complex numbers a valuation.

Lemma 13.1.4. Suppose a, b ∈ K, and | · | is a valuation on K with C ≤ 2. Then

 
|a| − |b| ≤ |a − b| .
 

(Here the big absolute value on the outside of the left-hand side of the inequality
is the usual absolute value on real numbers, but the other absolute values are a
valuation on an arbitrary field K.)

Proof. We have
|a| = |b + (a − b)| ≤ |b| + |a − b|,

so |a| − |b| ≤ |a − b|. The same argument with a and b swapped implies that
|b| − |a| ≤ |a − b|, which proves the lemma.

13.2 Types of Valuations

We define two important properties of valuations, both of which apply to equivalence
classes of valuations (i.e., the property holds for | · | if and only if it holds for a
valuation equivalent to | · | ).

Definition 13.2.1 (Discrete). A valuation | · | is discrete if there is a δ > 0 such

that for any a ∈ K
1 − δ < |a| < 1 + δ =⇒ |a| = 1.

Thus the absolute values are bounded away from 1.

152 CHAPTER 13. VALUATIONS

To say that | · | is discrete is the same as saying that the set


G = log |a| : a ∈ K, a 6= 0 ⊂ R

forms a discrete subgroup of the reals under addition (because the elements of the
group G are bounded away from 0).

Proposition 13.2.2. A nonzero discrete subgroup G of R is free on one generator.

Proof. Since G is discrete there is a positive m ∈ G such that for any positive x ∈ G
we have m ≤ x. Suppose x ∈ G is an arbitrary positive element. By subtracting off
integer multiples of m, we find that there is a unique n such that

0 ≤ x − nm < m.

Since x − nm ∈ G and 0 < x − nm < m, it follows that x − nm = 0, so x is a

multiple of m.

By Proposition 13.2.2, the set of log |a| for nonzero a ∈ K is free on one gen-
erator, so there is a c < 1 such that |a|, for a 6= 0, runs precisely through the
set
cZ = {cm : m ∈ Z}
(Note: we can replace c by c−1 to see that we can assume that c < 1).

Definition 13.2.3 (Order). If |a| = cm , we call m = ord(a) the order of a.

Axiom (2) of valuations translates into

ord(ab) = ord(a) + ord(b).

Definition 13.2.4 (Non-archimedean). A valuation | · | is non-archimedean if we

can take C = 1 in Axiom (3), i.e., if

|a + b| ≤ max |a|, |b| . (13.2.1)

If | · | is not non-archimedean then it is archimedean.

Note that if we can take C = 1 for | · | then we can take C = 1 for any valuation
equivalent to | · | . To see that (13.2.1) is equivalent to Axiom (3) with C = 1,
suppose |b| ≤ |a|. Then |b/a| ≤ 1, so Axiom (3) asserts that |1 + b/a| ≤ 1, which
implies that |a + b| ≤ |a| = max{|a|, |b|}, and conversely.
We note at once the following consequence:

Lemma 13.2.5. Suppose | · | is a non-archimedean valuation. If a, b ∈ K with

|b| < |a|, then |a + b| = |a|.
13.2. TYPES OF VALUATIONS 153

Proof. Note that |a + b| ≤ max{|a|, |b|} = |a|, which is true even if |b| = |a|. Also,

|a| = |(a + b) − b| ≤ max{|a + b|, |b|} = |a + b|,

where for the last equality we have used that |b| < |a| (if max{|a + b|, |b|} = |b|,
then |a| ≤ |b|, a contradiction).

Definition 13.2.6 (Ring of Integers). Suppose | · | is a non-archimedean absolute

value on a field K. Then
O = {a ∈ K : |a| ≤ 1}

is a ring called the ring of integers of K with respect to | · | .

Lemma 13.2.7. Two non-archimedean valuations | · | 1 and | · | 2 are equivalent if

and only if they give the same O.

We will prove this modulo the claim (to be proved later in Section 14.1) that
valuations are equivalent if (and only if) they induce the same topology.

Proof. Suppose suppose | · | 1 is equivalent to | · | 2 , so | · | 1 = | · | c2 , for some c > 0.

Then |c|1 ≤ 1 if and only if |c|c2 ≤ 1, i.e., if |c|2 ≤ 11/c = 1. Thus O1 = O2 .
Conversely, suppose O1 = O2 . Then |a|1 < |b|1 if and only if a/b ∈ O1 and
b/a 6∈ O1 , so
|a|1 < |b|1 ⇐⇒ |a|2 < |b|2 . (13.2.2)

The topology induced by | |1 has as basis of open neighborhoods the set of open
balls
B1 (z, r) = {x ∈ K : |x − z|1 < r},

for r > 0, and likewise for | |2 . Since the absolute values |b|1 get arbitrarily close to
0, the set U of open balls B1 (z, |b|1 ) also forms a basis of the topology induced by
| |1 (and similarly for | |2 ). By (13.2.2) we have

B1 (z, |b|1 ) = B2 (z, |b|2 ),

so the two topologies both have U as a basis, hence are equal. That equal topologies
imply equivalence of the corresponding valuations will be proved in Section 14.1.

The set of a ∈ O with |a| < 1 forms an ideal p in O. The ideal p is maximal,
since if a ∈ O and a 6∈ p then |a| = 1, so |1/a| = 1/|a| = 1, hence 1/a ∈ O, so a is a
unit.

Lemma 13.2.8. A non-archimedean valuation | · | is discrete if and only if p is a

principal ideal.
154 CHAPTER 13. VALUATIONS

Proof. First suppose that | · | is discrete. Choose π ∈ p with |π| maximal, which we
can do since
S = {log |a| : a ∈ p} ⊂ (−∞, 1],
so the discrete set S is bounded above. Suppose a ∈ p. Then
 a  |a|
 = ≤ 1,
 
π |π|
so a/π ∈ O. Thus
a
a=π· ∈ πO.
π
Conversely, suppose p = (π) is principal. For any a ∈ p we have a = πb with
b ∈ O. Thus
|a| = |π| · |b| ≤ |π| < 1.
Thus {|a| : |a| < 1} is bounded away from 1, which is exactly the definition of
discrete.
Example 13.2.9. For any prime p, define the p-adic valuation | · | p : Q → R as
follows. Write a nonzero α ∈ K as pn · ab , where gcd(a, p) = gcd(b, p) = 1. Then
 n
 n a 1
 
−n
p ·  := p = .
b p p
This valuation is both discrete and non-archimedean. The ring O is the local ring
na o
Z(p) = ∈Q:p-b ,
b
which has maximal ideal generated by p. Note that ord(pn · ab ) = pn .
We will using the following lemma later (e.g., in the proof of Corollary 14.2.4
and Theorem 13.3.2).
Lemma 13.2.10. A valuation | · | is non-archimedean if and only if |n| ≤ 1 for all
n in the ring generated by 1 in K.
Note that we cannot identify the ring generated by 1 with Z in general, be-
cause K might have characteristic p > 0.
Proof. If | · | is non-archimedean, then |1| ≤ 1, so by Axiom (3) with a = 1, we have
|1 + 1| ≤ 1. By induction it follows that |n| ≤ 1.
Conversely, suppose |n| ≤ 1 for all integer multiples n of 1. This condition is
also true if we replace | · | by any equivalent valuation, so replace | · | by one with
C ≤ 2, so that the triangle inequality holds. Suppose a ∈ K with |a| ≤ 1. Then by
the triangle inequality,
|1 + a|n = |(1 + a)n |
n  
X  n 
≤  j  |a|
 
j=0

≤1 + 1 + · · · + 1 = n.
13.3. EXAMPLES OF VALUATIONS 155

Now take nth roots of both sides to get

√
n
|1 + a| ≤ n,

and take the limit as n → ∞ to see that |1 + a| ≤ 1. This proves that one can take
C = 1 in Axiom (3), hence that | · | is non-archimedean.

13.3 Examples of Valuations

The archetypal example of an archimedean valuation is the absolute value on the
complex numbers. It is essentially the only one:

Theorem 13.3.1 (Gelfand-Tornheim). Any field K with an archimedean valuation

is isomorphic to a subfield of C, the valuation being equivalent to that induced by
the usual absolute value on C.

We do not prove this here as we do not need it. For a proof, see [Art59, pg. 45,
67].
There are many non-archimedean valuations. On the rationals Q there is one
for every prime p > 0, the p-adic valuation, as in Example 13.2.9.

Theorem 13.3.2 (Ostrowski). The nontrivial valuations on Q are those equivalent

to | · |p , for some prime p, and the usual absolute value | · |∞ .

Remark 13.3.3. Before giving the proof, we pause with a brief remark about Os-
trowski. According to

http://www-gap.dcs.st-and.ac.uk/~history/Mathematicians/Ostrowski.html

Ostrowski was a Ukrainian mathematician who lived 1893–1986. Gautschi writes

about Ostrowski as follows: “... you are able, on the one hand, to emphasise the
abstract and axiomatic side of mathematics, as for example in your theory of general
norms, or, on the other hand, to concentrate on the concrete and constructive
aspects of mathematics, as in your study of numerical methods, and to do both
with equal ease. You delight in finding short and succinct proofs, of which you have
given many examples ...” [italics mine]
We will now give an example of one of these short and succinct proofs.

Proof. Suppose | · | is a nontrivial valuation on Q.

Nonarchimedean case: Suppose |c| ≤ 1 for all c ∈ Z, so by Lemma 13.2.10, | · |
is nonarchimedean. Since | · | is nontrivial, the set

p = {a ∈ Z : |a| < 1}

is nonzero. Also p is an ideal and if |ab| < 1, then |a| |b| = |ab| < 1, so |a| < 1 or
|b| < 1, so p is a prime ideal of Z. Thus p = pZ, for some prime number p. Since
every element of Z has valuation at most 1, if u ∈ Z with gcd(u, p) = 1, then u 6∈ p,
156 CHAPTER 13. VALUATIONS

so |u| = 1. Let α = log|p| p1 , so |p|α = 1

p. Then for any r and any u ∈ Z with
gcd(u, p) = 1, we have
|upr |α = |u|α |p|αr = |p|αr = p−r = |upr |p .
Thus | · |α = | · |p on Z, hence on Q by multiplicativity, so | · | is equivalent to | · |p ,
as claimed.
Archimedean case: By replacing | · | by a power of | · |, we may assume without
loss that | · | satisfies the triangle inequality. We first make some general remarks
about any valuation that satisfies the triangle inequality. Suppose a ∈ Z is greater
than 1. Consider, for any b ∈ Z the base-a expansion of b:
b = bm am + bm−1 am−1 + · · · + b0 ,
where
0 ≤ bj < a (0 ≤ j ≤ m),
and bm 6= 0. Since am ≤ b, taking logs we see that m log(a) ≤ log(b), so
log(b)
m≤ .
log(a)
Let M = max |d|. Then by the triangle inequality for | · |, we have
1≤d<a

|b| ≤ |bm | am + · · · + |b1 | |a| + |b0 |

≤ M · (|a|m + · · · + |a| + 1)
≤ M · (m + 1) · max(1, |a|m )
 
log(b)  
≤M· + 1 · max 1, |a|log(b)/ log(a) ,
log(a)
log(b)
where in the last step we use that m ≤ log(a) . Setting b = cn , for c ∈ Z, in the
above inequality and taking nth roots, we have
1/n
log(cn )
  
log(cn )/ log(a)
|c| ≤ M · + 1 · max(1, |a| )
log(a)
1/n
log(cn )
  1/n
n
=M 1/n
· +1 · max 1, |a|log(c )/ log(a) .
log(a)
The first factor M 1/n converges to 1 as n → ∞, since M ≥ 1 (because |1| = 1). The
second factor is 1/n  1/n
log(cn )

log(c)
+1 = n· +1
log(a) log(a)
which also converges to 1, for the same reason that n1/n → 1 (because log(n1/n ) =
1
n log(n) → 0 as n → ∞). The third factor is
(
 n
1/n 1 if |a| < 1,
max 1, |a|log(c )/ log(a) = log(c)/ log(a)
|a| if |a| ≥ 1.
13.3. EXAMPLES OF VALUATIONS 157

Putting this all together, we see that

 
log(c)
|c| ≤ max 1, |a| log(a) .

Our assumption that | · | is nonarchimedean implies that there is c ∈ Z with

c > 1 and |c| > 1. Then for all a ∈ Z with a > 1 we have
 
log(c)
1 < |c| ≤ max 1, |a| log(a) , (13.3.1)

so 1 < |a|log(c)/ log(a) , so 1 < |a| as well (i.e., any a ∈ Z with a > 1 automatically
satisfies |a| > 1). Also, taking the 1/ log(c) power on both sides of (13.3.1) we see
that 1 1
|c| log(c) ≤ |a| log(a) . (13.3.2)
Because, as mentioned above, |a| > 1, we can interchange the roll of a and c to
obtain the reverse inequality of (13.3.2). We thus have
log(c)
|c| = |a| log(a) .

Letting α = log(2) · log|2| (e) and setting a = 2, we have

α
 log(c)
·log(c)
|c|α = |2| log(2) = |2|log|2| (e) = elog(c) = c = |c|∞ .

Thus for all integers c ∈ Z with c > 1 we have |c|α = |c|∞ , which implies that | · | is
equivalent to | · |∞ .

Let k be any field and let K = k(t), where t is transcendental. Fix a real number
c > 1. If p = p(t) is an irreducible polynomial in the ring k[t], we define a valuation
by
 a u
 
p ·  = c− deg(p)·a , (13.3.3)
v p
where a ∈ Z and u, v ∈ k[t] with p - u and p - v.
Remark 13.3.4. This definition differs from the one page 46 of [Cassels-Frohlich,
Ch. 2] in two ways. First, we assume that c > 1 instead of c < 1, since otherwise
| · |p does not satisfy Axiom 3 of a valuation. Also, we write c− deg(p)·a instead of
c−a , so that the product formula will hold. (For more about the product formula,
see Section 18.1.)
In addition there is a a non-archimedean valuation | · |∞ defined by
u
  = cdeg(u)−deg(v) . (13.3.4)
 
v ∞
This definition differs from the one in [Cas67, pg. 46] in two ways. First, we
assume that c > 1 instead of c < 1, since otherwise | · |p does not satisfy Axiom 3
158 CHAPTER 13. VALUATIONS

of a valuation. Here’s why: Recall that Axiom 3 for a non-archimedean valuation

on K asserts that whenever a ∈ K and |a| ≤ 1, then |a + 1| ≤ 1. Set a = p − 1,
where p = p(t) ∈ K[t] is an irreducible polynomial. Then |a| = c0 = 1, since
ordp (p − 1) = 0. However, |a + 1| = |p − 1 + 1| = |p| = c1 < 1, since ordp (p) = 1. If
we take c > 1 instead of c < 1, as I propose, then |p| = c1 > 1, as required.
Note the (albeit imperfect) analogy between K = k(t) and Q. If s = t−1 , so
k(t) = k(s), the valuation | · |∞ is of the type (13.3.3) belonging to the irreducible
polynomial p(s) = s.
The reader is urged to prove the following lemma as a homework problem.

Lemma 13.3.5. The only nontrivial valuations on k(t) which are trivial on k are
equivalent to the valuation (13.3.3) or (13.3.4).

For example, if k is a finite field, there are no nontrivial valuations on k, so the

only nontrivial valuations on k(t) are equivalent to (13.3.3) or (13.3.4).
Chapter 14

Topology and Completeness

14.1 Topology
A valuation | · | on a field K induces a topology in which a basis for the neighbor-
hoods of a are the open balls

B(a, d) = {x ∈ K : |x − a| < d}

for d > 0.

Lemma 14.1.1. Equivalent valuations induce the same topology.

Proof. If | · |1 = | · |r2 , then |x − a|1 < d if and only if |x − a|r2 < d if and only if
|x − a|2 < d1/r so B1 (a, d) = B2 (a, d1/r ). Thus the basis of open neighborhoods of
a for | · |1 and | · |2 are identical.

A valuation satisfying the triangle inequality gives a metric for the topology on
defining the distance from a to b to be |a − b|. Assume for the rest of this section
that we only consider valuations that satisfy the triangle inequality.

Lemma 14.1.2. A field with the topology induced by a valuation is a topological

field, i.e., the operations sum, product, and reciprocal are continuous.

Proof. For example (product) the triangle inequality implies that

|(a + ε)(b + δ) − ab| ≤ |ε| |δ| + |a| |δ| + |b| |ε|

is small when |ε| and |δ| are small (for fixed a, b).

Lemma 14.1.3. Suppose two valuations | · |1 and | · |2 on the same field K induce
the same topology. Then for any sequence {xn } in K we have

|xn |1 → 0 ⇐⇒ |xn |2 → 0.

159
160 CHAPTER 14. TOPOLOGY AND COMPLETENESS

Proof. It suffices to prove that if |xn |1 → 0 then |xn |2 → 0, since the proof of
the other implication is the same. Let ε > 0. The topologies induced by the two
absolute values are the same, so B2 (0, ε) can be covered by open balls B1 (ai , ri ).
One of these open balls B1 (a, r) contains 0. There is ε0 > 0 such that

B1 (0, ε0 ) ⊂ B1 (a, r) ⊂ B2 (0, ε).

Since |xn |1 → 0, there exists N such that for n ≥ N we have |xn |1 < ε0 . For such n,
we have xn ∈ B1 (0, ε0 ), so xn ∈ B2 (0, ε), so |xn |2 < ε. Thus |xn |2 → 0.

Proposition 14.1.4. If two valuations | · |1 and | · |2 on the same field induce the
same topology, then they are equivalent in the sense that there is a positive real α
such that | · |1 = | · |α2 .

Proof. If x ∈ K and i = 1, 2, then |xn |i → 0 if and only if |x|ni → 0, which is the

case if and only if |x|i < 1. Thus Lemma 14.1.3 implies that |x|1 < 1 if and only
if |x|2 < 1. On taking reciprocals we see that |x|1 > 1 if and only if |x|2 > 1, so
finally |x|1 = 1 if and only if |x|2 = 1.
Let now w, z ∈ K be nonzero elements with |w|i 6= 1 and |z|i 6= 1. On applying
the foregoing to
x = wm z n (m, n ∈ Z)

we see that
m log |w|1 + n log |z|1 ≥ 0

if and only if
m log |w|2 + n log |z|2 ≥ 0.

Dividing through by log |z|i , and rearranging, we see that for every rational number
α = −n/m,
log |w|1 log |w|2
≥ α ⇐⇒ ≥ α.
log |z|1 log |z|2

Thus
log |w|1 log |w|2
= ,
log |z|1 log |z|2
so
log |w|1 log |z|1
= .
log |w|2 log |z|2

Since this equality does not depend on the choice of z, we see that there is a
constant c (= log |z|1 / log |z|2 ) such that log |w|1 / log |w|2 = c for all w. Thus
log |w|1 = c·log |w|2 , so |w|1 = |w|c2 , which implies that | · |1 is equivalent to | · |2 .
14.2. COMPLETENESS 161

14.2 Completeness
We recall the definition of metric on a set X.

Definition 14.2.1 (Metric). A metric on a set X is a map

d:X ×X →R

such that for all x, y, z ∈ X,

1. d(x, y) ≥ 0 and d(x, y) = 0 if and only if x = y,

2. d(x, y) = d(y, x), and

3. d(x, z) ≤ d(x, y) + d(y, z).

A Cauchy sequence is a sequence (xn ) in X such that for all ε > 0 there exists M
such that for all n, m > M we have d(xn , xm ) < ε. The completion of X is the set of
Cauchy sequences (xn ) in X modulo the equivalence relation in which two Cauchy
sequences (xn ) and (yn ) are equivalent if limn→∞ d(xn , yn ) = 0. A metric space is
complete if every Cauchy sequence converges, and one can show that the completion
of X with respect to a metric is complete.
For example, d(x, y) = |x − y| (usual archimedean absolute value) defines a
metric on Q. The completion of Q with respect to this metric is the field R of real
numbers. More generally, whenever | · | is a valuation on a field K that satisfies the
triangle inequality, then d(x, y) = |x − y| defines a metric on K. Consider for the
rest of this section only valuations that satisfy the triangle inequality.

Definition 14.2.2 (Complete). A field K is complete with respect to a valuation

| · | if given any Cauchy sequence an , (n = 1, 2, . . .), i.e., one for which

|am − an | → 0 (m, n → ∞, ∞),

there is an a∗ ∈ K such that

an → a∗ w.r.t. | · |

(i.e., |an − a∗ | → 0).

Theorem 14.2.3. Every field K with valuation v = | · | can be embedded in a

complete field Kv with a valuation | · | extending the original one in such a way that
Kv is the closure of K with respect to | · | . Further Kv is unique up to a unique
isomorphism fixing K.

Proof. Define Kv to be the completion of K with respect to the metric defined by | · |.

Thus Kv is the set of equivalence classes of Cauchy sequences, and there is a natural
injective map from K to Kv sending an element a ∈ K to the constant Cauchy
162 CHAPTER 14. TOPOLOGY AND COMPLETENESS

sequence (a). Because the field operations on K are continuous, they induce well-
defined field operations on equivalence classes of Cauchy sequences componentwise.
Also, define a valuation on Kv by

|(an )∞
n=1 | = lim |an | ,
n→∞

and note that this is well defined and extends the valuation on K.
To see that Kv is unique up to a unique isomorphism fixing K, we observe that
there are no nontrivial continuous automorphisms Kv → Kv that fix K. This is
because, by denseness, a continuous automorphism σ : Kv → Kv is determined by
what it does to K, and by assumption σ is the identity map on K. More precisely,
suppose a ∈ Kv and n is a positive integer. Then by continuity there is δ > 0 (with
δ < 1/n) such that if an ∈ Kv and |a − an | < δ then |σ(a) − σ(an )| < 1/n. Since
K is dense in Kv , we can choose the an above to be an element of K. Then by
hypothesis σ(an ) = an , so |σ(a) − an | < 1/n. Thus σ(a) = limn→∞ an = a.

Corollary 14.2.4. The valuation | · | is non-archimedean on Kv if and only if it is

so on K. If | · | is non-archimedean, then the set of values taken by | · | on K and
Kv are the same.
Proof. The first part follows from Lemma 13.2.10 which asserts that a valuation is
non-archimedean if and only if |n| < 1 for all integers n. Since the valuation on Kv
extends the valuation on K, and all n are in K, the first statement follows.
For the second, suppose that | · | is non-archimedean (but not necessarily dis-
crete). Suppose b ∈ Kv with b 6= 0. First I claim that there is c ∈ K such that
|b − c| < |b|. To see this, let c0 = b − ab , where a is some element of Kv with |a| > 1,
note that |b − c0 | =  ab  < |b|, and choose c ∈ K such that |c − c0 | < |b − c0 |, so


|b − c| = b − c0 − (c − c0 ) ≤ max b − c0  , c − c0  = b − c0  < |b| .

     
 

Since | · | is non-archimedean, we have

|b| = |(b − c) + c| ≤ max (|b − c| , |c|) = |c| ,

where in the last equality we use that |b − c| < |b|. Also,

|c| = |b + (c − b)| ≤ max (|b| , |c − b|) = |b| ,

so |b| = |c|, which is in the set of values of | · | on K.

14.2.1 p-adic Numbers

This section is about the p-adic numbers Qp , which are the completion of Q with
respect to the p-adic valuation. Alternatively, to give a p-adic integer in Zp is the
same as giving for every prime power pr an element ar ∈ Z/pr Z such that if s ≤ r
then as is the reduction of ar modulo ps . The field Qp is then the field of fractions
of Zp .
14.2. COMPLETENESS 163

We begin with the definition of the N -adic numbers for any positive integer N .
Section 14.2.1 is about the N -adics in the special case N = 10; these are fun because
they can be represented as decimal expansions that go off infinitely far to the left.
Section 14.2.3 is about how the topology of QN is nothing like the topology of R.
Finally, in Section 14.2.4 we state the Hasse-Minkowski theorem, which shows how
to use p-adic numbers to decide whether or not a quadratic equation in n variables
has a rational zero.

The N -adic Numbers

Lemma 14.2.5. Let N be a positive integer. Then for any nonzero rational num-
ber α there exists a unique e ∈ Z and integers a, b, with b positive, such that
α = N e · ab with N - a, gcd(a, b) = 1, and gcd(N, b) = 1.
Proof. Write α = c/d with c, d ∈ Z and d > 0. First suppose d is exactly divisible
by a power of N , so for some r we have N r | d but gcd(N, d/N r ) = 1. Then
c c
= N −r .
d d/N r
If N s is the largest power of N that divides c, then e = s − r, a = c/N s , b = d/N r
satisfy the conclusion of the lemma.
By unique factorization of integers, there is a smallest multiple f of d such that
f d is exactly divisible by N . Now apply the above argument with c and d replaced
by cf and df .

Definition 14.2.6 (N -adic valuation). Let N be a positive integer. For any positive
α ∈ Q, the N -adic valuation of α is e, where e is as in Lemma 14.2.5. The N -adic
valuation of 0 is ∞.
We denote the N -adic valuation of α by ordN (α). (Note: Here we are using
“valuation” in a different way than in the rest of the text. This valuation is not an
absolute value, but the logarithm of one.)
Definition 14.2.7 (N -adic metric). For x, y ∈ Q the N -adic distance between x
and y is
dN (x, y) = N − ordN (x−y) .
We let dN (x, x) = 0, since ordN (x − x) = ordN (0) = ∞.
For example, x, y ∈ Z are close in the N -adic metric if their difference is divisible
by a large power of N . E.g., if N = 10 then 93427 and 13427 are close because their
difference is 80000, which is divisible by a large power of 10.
Proposition 14.2.8. The distance dN on Q defined above is a metric. Moreover,
for all x, y, z ∈ Q we have
d(x, z) ≤ max(d(x, y), d(y, z)).
(This is the “nonarchimedean” triangle inequality.)
164 CHAPTER 14. TOPOLOGY AND COMPLETENESS

Proof. The first two properties of Definition 14.2.1 are immediate. For the third,
we first prove that if α, β ∈ Q then
ordN (α + β) ≥ min(ordN (α), ordN (β)).
Assume, without loss, that ordN (α) ≤ ordN (β) and that both α and β are nonzero.
Using Lemma 14.2.5 write α = N e (a/b) and β = N f (c/d) with a or c possibly
negative. Then
ad + bcN f −e
a  
c
α + β = Ne + N f −e = Ne .
b d bd
Since gcd(N, bd) = 1 it follows that ordN (α + β) ≥ e. Now suppose x, y, z ∈ Q.
Then
x − z = (x − y) + (y − z),
so
ordN (x − z) ≥ min(ordN (x − y), ordN (y − z)),
hence dN (x, z) ≤ max(dN (x, y), dN (y, z)).
We can finally define the N -adic numbers.
Definition 14.2.9 (The N -adic Numbers). The set of N -adic numbers, denoted
QN , is the completion of Q with respect to the metric dN .
The set QN is a ring, but it need not be a field as you will show in Exercises 11
and 12. It is a field if and only if N is prime. Also, QN has a “bizarre” topology,
as we will see in Section 14.2.3.

The 10-adic Numbers

It’s a familiar fact that every real number can be written in the form
dn . . . d1 d0 .d−1 d−2 . . . = dn 10n + · · · + d1 10 + d0 + d−1 10−1 + d−2 10−2 + · · ·
where each digit di is between 0 and 9, and the sequence can continue indefinitely
to the right.
The 10-adic numbers also have decimal expansions, but everything is backward!
To get a feeling for why this might be the case, we consider Euler’s nonsensical
series
X∞
(−1)n+1 n! = 1! − 2! + 3! − 4! + 5! − 6! + · · · .
n=1
One can prove (see Exercise 9) that this series converges in Q10 to some element
α ∈ Q10 .
What is α? How can we write it down? First note that for all M ≥ 5, the terms
of the sum are divisible by 10, so the difference between α and 1! − 2! + 3! − 4! is
divisible by 10. Thus we can compute α modulo 10 by computing 1! − 2! + 3! − 4!
modulo 10. Likewise, we can compute α modulo 100 by compute 1!−2!+· · ·+9!−10!,
etc. We obtain the following table:
14.2. COMPLETENESS 165

α mod 10r
1 mod 10
81 mod 102
981 mod 103
2981 mod 104
22981 mod 105
422981 mod 106

Continuing we see that

1! − 2! + 3! − 4! + · · · = . . . 637838364422981 in Q10 !

Here’s another example. Reducing 1/7 modulo larger and larger powers of 10
we see that
1
= . . . 857142857143 in Q10 .
7
Here’s another example, but with a decimal point.

1 1 1
= · = . . . 85714285714.3
70 10 7
We have
1 1 10
+ = . . . 66667 + . . . 57143 = = . . . 23810,
3 7 21
which illustrates that addition with carrying works as usual.

Fermat’s Last Theorem in Z10

An amusing observation, which people often argued about on USENET news back
in the 1990s, is that Fermat’s last theorem is false in Z10 . For example, x3 + y 3 = z 3
has a nontrivial solution, namely x = 1, y = 2, and z = . . . 60569. Here z is a cube
root of 9 in Z10 . Note that it takes some work to prove that there is a cube root of
9 in Z10 (see Exercise 10).

14.2.2 The Field of p-adic Numbers

The ring Q10 of 10-adic numbers is isomorphic to Q 2 × Q 5 (see Exercise 12), so it is
not a field. For example, the element . . . 8212890625 corresponding to (1, 0) under
this isomorphism has no inverse. (To compute n digits of (1, 0) use the Chinese
remainder theorem to find a number that is 1 modulo 2n and 0 modulo 5n .)
If p is prime then Qp is a field (see Exercise 11). Since p 6= 10 it is a little more
complicated to write p-adic numbers down. People typically write p-adic numbers
in the form
a−d a−1
d
+ ··· + + a0 + a1 p + a2 p2 + a3 p3 + · · ·
p p
where 0 ≤ ai < p for each i.
166 CHAPTER 14. TOPOLOGY AND COMPLETENESS

14.2.3 The Topology of QN (is Weird)

Definition 14.2.10 (Connected). Let X be a topological space. A subset S of X
is disconnected if there exist open subsets U1 , U2 ⊂ X with U1 ∩ U2 ∩ S = ∅ and
S = (S ∩ U1 ) ∪ (S ∩ U2 ) with S ∩ U1 and S ∩ U2 nonempty. If S is not disconnected
it is connected.

The topology on QN is induced by dN , so every open set is a union of open balls

B(x, r) = {y ∈ QN : dN (x, y) < r}.

Recall Proposition 14.2.8, which asserts that for all x, y, z,

d(x, z) ≤ max(d(x, y), d(y, z)).

This translates into the following shocking and bizarre lemma:

Lemma 14.2.11. Suppose x ∈ QN and r > 0. If y ∈ QN and dN (x, y) ≥ r, then

B(x, r) ∩ B(y, r) = ∅.

Proof. Suppose z ∈ B(x, r) and z ∈ B(y, r). Then

r ≤ dN (x, y) ≤ max(dN (x, z), dN (z, y)) < r,

a contradiction.

You should draw a picture to illustrates Lemma 14.2.11.

Lemma 14.2.12. The open ball B(x, r) is also closed.

Proof. Suppose y 6∈ B(x, r). Then r ≤ d(x, y) so

B(y, d(x, y)) ∩ B(x, r) ⊂ B(y, d(x, y)) ∩ B(x, d(x, y)) = ∅.

Thus the complement of B(x, r) is a union of open balls.

The lemmas imply that QN is totally disconnected, in the following sense.

Proposition 14.2.13. The only connected subsets of QN are the singleton sets {x}
for x ∈ QN and the empty set.

Proof. Suppose S ⊂ QN is a nonempty connected set and x, y are distinct elements

of S. Let r = dN (x, y) > 0. Let U1 = B(x, r) and U2 be the complement of
U1 , which is open by Lemma 14.2.12. Then U1 and U2 satisfies the conditions of
Definition 14.2.10, so S is not connected, a contradiction.
14.3. WEAK APPROXIMATION 167

14.2.4 The Local-to-Global Principle of Hasse and Minkowski

Section 14.2.3 might have convinced you that QN is a bizarre pathology. In fact,
QN is omnipresent in number theory, as the following two fundamental examples
illustrate.
In the statement of the following theorem, a nontrivial solution to a homogeneous
polynomial equation is a solution where not all indeterminates are 0.
Theorem 14.2.14 (Hasse-Minkowski). The quadratic equation

a1 x21 + a2 x22 + · · · + an x2n = 0, (14.2.1)

with ai ∈ Q× , has a nontrivial solution with x1 , . . . , xn in Q if and only if (14.2.1)

has a solution in R and in Qp for all primes p.
This theorem is very useful in practice because the p-adic condition turns out to
be easy to check. For more details, including a complete proof, see [Ser73, IV.3.2].
The analogue of Theorem 14.2.14 for cubic equations is false. For example,
Selmer proved that the cubic

3x3 + 4y 3 + 5z 3 = 0

has a solution other than (0, 0, 0) in R and in Qp for all primes p but has no solution
other than (0, 0, 0) in Q (for a proof see [Cas91, §18]).
Open Problem. Give an algorithm that decides whether or not a cubic

ax3 + by 3 + cz 3 = 0

has a nontrivial solution in Q.

This open problem is closely related to the Birch and Swinnerton-Dyer Conjec-
ture for elliptic curves. The truth of the conjecture would follow if we knew that
“Shafarevich-Tate Groups” of certain elliptic curves are finite.

14.3 Weak Approximation

The following theorem asserts that inequivalent valuations are in fact almost totally
independent. For our purposes it will be superseded by the strong approximation
theorem (Theorem 18.4.4).
Theorem 14.3.1 (Weak Approximation). Let | · |n , for 1 ≤ n ≤ N , be inequivalent
nontrivial valuations of a field K. For each n, let Kn be the topological space
consisting of the set of elements of K with the topology induced by | · |n . Let ∆ be
the image of K in the topological product
Y
A= Kn
1≤n≤N

equipped with the product topology. Then ∆ is dense in A.

168 CHAPTER 14. TOPOLOGY AND COMPLETENESS

The conclusion of the theorem may be expressed in a less topological manner as

follows: given any an ∈ K, for 1 ≤ n ≤ N , and real ε > 0, there is an b ∈ K such
that simultaneously
|an − b|n < ε (1 ≤ n ≤ N ).
If K = Q and the | · | are p-adic valuations, Theorem 14.3.1 is related to the Chi-
nese Remainder Theorem (Theorem 5.1.4), but the strong approximation theorem
(Theorem 18.4.4) is the real generalization.

Proof. We note first that it will be enough to find, for each n, an element cn ∈ K
such that
|cn |n > 1 and |cn |m < 1 for n 6= m,
where 1 ≤ n, m ≤ N . For then as r → +∞, we have
(
crn 1 1 with respect to | · |n and
r
=  r →
1 + cn 1+ 1 0 with respect to | · |m , for m 6= n.
cn

It is then enough to take

N
X crn
b= · an
1 + crn
n=1
By symmetry it is enough to show the existence of c = c1 with

|c|1 > 1 and |c|n < 1 for 2 ≤ n ≤ N.

We will do this by induction on N .

First suppose N = 2. Since | · |1 and | · |2 are inequivalent (and all absolute
values are assumed nontrivial) there is an a ∈ K such that

|a|1 < 1 and |a|2 ≥ 1 (14.3.1)

and similarly a b such that

|b|1 ≥ 1 and |b|2 < 1.

b
Then c = will do.
a
Remark 14.3.2. It is not completely clear that one can choose an a such that (14.3.1)
is satisfied. Suppose it were impossible. Then because the valuations are nontrivial,
we would have that for any a ∈ K if |a|1 < 1 then |a|2 < 1. This implies the
converse statement: if a ∈ K and |a|2 < 1 then |a|1 < 1. To see this, suppose there
is an a ∈ K such that |a|2 < 1 and |a|1 ≥ 1. Choose y ∈ K such that |y|1 < 1.
Then for any integer n > 0 we have |y/an |1 < 1, so by hypothesis |y/an |2 < 1. Thus
|y|2 < |a|n2 < 1 for all n. Since |a|2 < 1 we have |a|n2 → 0 as n → ∞, so |y|2 = 0, a
contradiction since y 6= 0. Thus |a|1 < 1 if and only if |a|2 < 1, and we have proved
before that this implies that | · |1 is equivalent to | · |2 .
14.3. WEAK APPROXIMATION 169

Next suppose N ≥ 3. By the case N − 1, there is an a ∈ K such that

|a|1 > 1 and |a|n < 1 for 2 ≤ n ≤ N − 1.

By the case for N = 2 there is a b ∈ K such that

|b|1 > 1 and |b|N < 1.

Then put 

a if |a|N < 1

r
c = a · rb if |a|N = 1
 a
· b if |a|N > 1


1 + ar
where r ∈ Z is sufficiently large so that |c|1 > 1 and |c|n < 1 for 2 ≤ n ≤ N .

Example 14.3.3. Suppose K = Q, let | · |1 be the archimedean absolute value and

let | · |2 be the 2-adic absolute value. Let a1 = −1, a2 = 8, and ε = 1/10, as in
the remark right after Theorem 14.3.1. Then the theorem implies that there is an
element b ∈ Q such that
1 1
|−1 − b|1 < and |8 − b|2 < .
10 10
As in the proof of the theorem, we can find such a b by finding a c1 , c2 ∈ Q such
that |c1 |1 > 1 and |c1 |2 < 1, and a |c2 |1 < 1 and |c2 |2 > 1. For example, c1 = 2
and c2 = 1/2 works, since |2|1 = 2 and |2|2 = 1/2 and |1/2|1 = 1/2 and |1/2|2 = 2.
Again following the proof, we see that for sufficiently large r we can take
cr1 cr2
br = r · a1 + · a2
1 + c1 1 + cr2
2r (1/2)r
= · (−1) + · 8.
1 + 2r 1 + (1/2)r

We have b1 = 2, b2 = 4/5, b3 = 0, b4 = −8/17, b5 = −8/11, b6 = −56/55. None of

the bi work for i < 6, but b6 works.
170 CHAPTER 14. TOPOLOGY AND COMPLETENESS
Chapter 15

Adic Numbers: The Finite

Residue Field Case

15.1 Finite Residue Field Case

Let K be a field with a non-archimedean valuation v = | · |. Recall that the set of
a ∈ K with |a| ≤ 1 forms a ring O, the ring of integers for v. The set of u ∈ K
with |u| = 1 are a group U under multiplication, the group of units for v. Finally,
the set of a ∈ K with |a| < 1 is a maximal ideal p, so the quotient ring O/p is a
field. In this section we consider the case when O/p is a finite field of order a prime
power q. For example, K could be Q and | · | could be a p-adic valuation, or K
could be a number field and | · | could be the valuation corresponding to a maximal
ideal of the ring of integers. Among other things, we will discuss in more depth the
topological and measure-theoretic nature of the completion of K at v.
Suppose further for the rest of this section that | · | is discrete. Then by
Lemma 13.2.8, the ideal p is a principal ideal (π), say, and every a ∈ K is of
the form a = π n ε, where n ∈ Z and ε ∈ U is a unit. We call

n = ord(a) = ordπ (a) = ordp (a) = ordv (a)

the ord of a at v. (Some authors, including me (!) also call this integer the valuation
of a with respect to v.) If p = (π 0 ), then π/π 0 is a unit, and conversely, so ord(a) is
independent of the choice of π.
Let Ov and pv be defined with respect to the completion Kv of K at v.

Lemma 15.1.1. There is a natural isomorphism

ϕ : Ov /pv → O/p,

and pv = (π) as an Ov -ideal.

Proof. We may view Ov as the set of equivalence classes of Cauchy sequences (an )
in K such that an ∈ O for n sufficiently large. For any ε, given such a sequence

171
172 CHAPTER 15. ADIC NUMBERS: THE FINITE RESIDUE FIELD CASE

(an ), there is N such that for n, m ≥ N , we have |an − am | < ε. In particular, we

can choose N such that n, m ≥ N implies that an ≡ am (mod p). Let ϕ((an )) =
aN (mod p), which is well-defined. The map ϕ is surjective because the constant
sequences are in Ov . Its kernel is the set of Cauchy sequences whose elements are
eventually all in p, which is exactly pv . This proves the first part of the lemma. The
second part is true because any element of pv is a sequence all of whose terms are
eventually in p, hence all a multiple of π (we can set to 0 a finite number of terms
of the sequence without changing the equivalence class of the sequence).

Assume for the rest of this section that K is complete with respect to | · |.

Lemma 15.1.2. Then ring O is precisely the set of infinite sums

∞
X
a= aj · π j (15.1.1)
j=0

where the aj run independently through some set R of representatives of O in O/p.

By (15.1.1) is meant the limit of the Cauchy sequence nj=0 aj · π j as j → ∞.

P

Proof. There is a uniquely defined a0 ∈ R such that |a − a0 | < 1. Then a0 =

π −1 · (a − a0 ) ∈ O. Now define a1 ∈ R by |a0 − a1 | < 1. And so on.

Example 15.1.3. Suppose K = Q and | · | = | · |p is the p-adic valuation, for some

prime p. We can take R = {0, 1, . . . , p − 1}. The lemma asserts that
 
X ∞ 
O = Zp = an pn : 0 ≤ an ≤ p − 1 .
 
j=0

Notice that O is uncountable since there are p choices for each p-adic “digit”. We
can do arithmetic with elements of Zp , which can be thought of “backwards” as
numbers in base p. For example, with p = 3 we have

(1 + 2 · 3 + 32 + · · · ) + (2 + 2 · 3 + 32 + · · · )
= 3 + 4 · 3 + 2 · 32 + · · · not in canonical form
2
= 0 + 2 · 3 + 3 · 3 + 2 · 3 + ··· still not canonical
2
= 0 + 2 · 3 + 0 · 3 + ···

Here is an example of doing basic arithmetic with p-adic numbers in Sage:

sage : a = 1 + 2∗3 + 3ˆ2 + O( 3 ˆ 3 )
sage : b = 2 + 2∗3 + 3ˆ2 + O( 3 ˆ 3 )
sage : a + b
2∗3 + O( 3 ˆ 3 )
sage : sqrt (a)
15.1. FINITE RESIDUE FIELD CASE 173

1 + 3 + O( 3 ˆ 3 )
sage : s q r t ( a )ˆ2
1 + 2∗3 + 3ˆ2 + O( 3 ˆ 3 )
sage : a ∗ b
2 + O( 3 ˆ 3 )
Type Zp? and Qp? in Sage for much more information about the various computer
models of p-adic arithmetic that are available.

Theorem 15.1.4. Under the conditions of the preceding lemma, O is compact with
respect to the | · | -topology.

Proof. Let Vλ , for λ running through some index set Λ, be some family of open sets
that cover O. We must show that there is a finite subcover. We suppose not.
Let R be a set of representatives for O/p. Then O is the union of the finite
number of cosets a + πO, for a ∈ R. Hence for at lest one a0 ∈ R the set a0 + πO
is not covered by finitely many of the Vλ . Then similarly there is an a1 ∈ R such
that a0 + a1 π + π 2 O is not finitely covered. And so on. Let

a = a0 + a1 π + a2 π 2 + · · · ∈ O.

Then a ∈ Vλ0 for some λ0 ∈ Λ. Since Vλ0 is an open set, a + π J · O ⊂ Vλ0 for some J
(since those are exactly the open balls that form a basis for the topology). This is
a contradiction because we constructed a so that none of the sets a + π n · O, for
each n, are not covered by any finite subset of the Vλ .

Definition 15.1.5 (Locally compact). A topological space X is locally compact at

a point x if there is some compact subset C of X that contains a neighborhood of x.
The space X is locally compact if it is locally compact at each point in X.

Corollary 15.1.6. The complete local field K is locally compact.

Proof. If x ∈ K, then x ∈ C = x + O, and C is a compact subset of K by

Theorem 15.1.4. Also C contains the neighborhood x + πO = B(x, 1) of x. Thus
K is locally compact at x.

Remark 15.1.7. The converse is also true. If K is locally compact with respect to a
non-archimedean valuation | · | , then

1. K is complete,

2. the residue field is finite, and

3. the valuation is discrete.

For there is a compact neighbourhood C of 0. Let π be any nonzero with |π| < 1.
Then π n · O ⊂ C for sufficiently large n, so π n · O is compact, being closed. Hence O
is compact. Since | · | is a metric, O is sequentially compact, i.e., every fundamental
174 CHAPTER 15. ADIC NUMBERS: THE FINITE RESIDUE FIELD CASE

sequence in O has a limit, which implies (1). Let aλ (for λ ∈ Λ) be a set of

representatives in O of O/p. Then Oλ = {z : |z − aλ | < 1} is an open covering of
O. Thus (2) holds since O is compact. Finally, p is compact, being a closed subset
of O. Let Sn be the set of a ∈ K with |a| < 1 − 1/n. Then Sn (for 1 ≤ n < ∞) is
an open covering of p, so p = Sn for some n, i.e., (3) is true.
If we allow | · | to be archimedean the only further possibilities are k = R and
k = C with | · | equivalent to the usual absolute value.
We denote by K + the commutative topological group whose points are the
elements of K, whose group law is addition and whose topology is that induced by
| · |. General theory tells us that there is an invariant Haar measure defined on K +
and that this measure is unique up to a multiplicative constant.

Definition 15.1.8 (Haar Measure). A Haar measure on a locally compact topo-

logical group G is a translation invariant measure such that every open set can be
covered by open sets with finite measure.

Lemma 15.1.9. Haar measure of any compact subset C of G is finite.

Proof. The whole group G is open, so there is a covering Uα of G by open sets each
of which has finite measure. Since C is compact, there is a finite subset of the Uα
that covers C. The measure of C is at most the sum of the measures of these finitely
many Uα , hence finite.

Remark 15.1.10. Usually one defined Haar measure to be a translation invariant

measure such that the measure of compact sets is finite. Because of local com-
pactness, this definition is equivalent to Definition 15.1.8. We take this alternative
viewpoint because Haar measure is constructed naturally on the topological groups
we will consider by defining the measure on each member of a basis of open sets for
the topology.
We now deduce what any such measure µ on G = K + must be. Since O
is compact (Theorem 15.1.4), the measure of O is finite. Since µ is translation
invariant,
µn = µ(a + π n O)
is independent of a. Further,
[
a + πnO = a + π n aj + π n+1 O, (disjoint union)
1≤j≤q

where aj (for 1 ≤ j ≤ q) is a set of representatives of O/p. Hence

µn = q · µn+1 .

If we normalize µ by putting
µ(O) = 1
15.1. FINITE RESIDUE FIELD CASE 175

we have µ0 = 1, hence µ1 = q, and in general

µn = q −n .

Conversely, without the theory of Haar measure, we could define µ to be the

necessarily unique measure on K + such that µ(O) = 1 that is translation invariant.
This would have to be the µ we just found above.
Everything so far in this section has depended not on the valuation | · | but only
on its equivalence class. The above considerations now single out one valuation in
the equivalence class as particularly important.
Definition 15.1.11 (Normalized valuation). Let K be a field equipped with a
discrete valuation | · | and residue class field with q < ∞ elements. We say that | · |
is normalized if
1
|π| = ,
q
where p = (π) is the maximal ideal of O.
Example 15.1.12. The normalized valuation on the p-adic numbers Qp is |u · pn | =
p−n , where u is a rational number whose numerator and denominator are coprime
to p.
√
Next suppose K = Qp ( p). Then the p-adic valuation on Qp extends uniquely
√ 2 √
to one on K such that  p = |p| = 1/p. Since π = p for K, this valuation is
√
not normalized. (Note that the ord of π = p is 1/2.) The normalized valuation is
v = | · |0 = | · |2 . Note that | · |0 p = 1/p2 , or ordv (p) = 2 instead of 1.
√
Finally suppose that K = Qp ( q) where x2 − q has not root mod p. Then the
√ 
residue class field degree is 2, and the normalized valuation must satisfy q = 1/p2 .

The following proposition makes clear why this is the best choice of normaliza-
tion.
Theorem 15.1.13. Suppose further that K is complete with respect to the normal-
ized valuation | · | . Then
µ(a + bO) = |b| ,
where µ is the Haar measure on K + normalized so that µ(O) = 1.
Proof. Since µ is translation invariant, µ(a + bO) = µ(bO). Write b = u · π n , where
u is a unit. Then since u · O = O, we have

µ(bO) = µ(u · π n · O) = µ(π n · u · O) = µ(π n · O) = q −n = |π n | = |b| .

Here we have µ(π n · O) = q −n by the discussion before Definition 15.1.11.

We can express the result of the theorem in a more suggestive way. Let b ∈ K
with b 6= 0, and let µ be a Haar measure on K + (not necessarily normalized as
in the theorem). Then we can define a new Haar measure µb on K + by putting
µb (E) = µ(bE) for E ⊂ K + . But Haar measure is unique up to a multiplicative
176 CHAPTER 15. ADIC NUMBERS: THE FINITE RESIDUE FIELD CASE

constant and so µb (E) = µ(bE) = c · µ(E) for all measurable sets E, where the
factor c depends only on b. Putting E = O, shows that the theorem implies that c
is just |b|, when | · | is the normalized valuation.
Remark 15.1.14. The theory of locally compact topological groups leads to the
consideration of the dual (character) group of K + . It turns out that it is isomorphic
to K + . We do not need this fact for class field theory, so do not prove it here. For
a proof and applications see Tate’s thesis or Lang’s Algebraic Numbers, and for
generalizations see Weil’s Adeles and Algebraic Groups and Godement’s Bourbaki
seminars 171 and 176. The determination of the character group of K ∗ is local class
field theory.
The set of nonzero elements of K is a group K ∗ under multiplication. Multipli-
cation and inverses are continuous with respect to the topology induced on K ∗ as
a subset of K, so K ∗ is a topological group with this topology. We have

U1 ⊂ U ⊂ K ∗

where U is the group of units of O ⊂ K and U1 is the group of 1-units, i.e., those
units ε ∈ U with |ε − 1| < 1, so

U1 = 1 + πO.

The set U is the open ball about 0 of radius 1, so is open, and because the metric
is nonarchimedean U is also closed. Likewise, U1 is both open and closed.
The quotient K ∗ /U = {π n · U : n ∈ Z} is isomorphic to the additive group Z+
of integers with the discrete topology, where the map is

π n · U 7→ n for n ∈ Z.

The quotient U/U1 is isomorphic to the multiplicative group F∗ of the nonzero

elements of the residue class field, where the finite gorup F∗ has the discrete topology.
Note that F∗ is cyclic of order q − 1, and Hensel’s lemma implies that K ∗ contains
a primitive (q − 1)th root of unity ζ. Thus K ∗ has the following structure:

K ∗ = {π n ζ m ε : n ∈ Z, m ∈ Z/(q − 1)Z, ε ∈ U1 } ∼
= Z × Z/(q − 1)Z × U1 .

(How to apply Hensel’s lemma: Let f (x) = xq−1 − 1 and let a ∈ O be such that a
mod p generates K ∗ . Then |f (a)| < 1 and |f 0 (a)| = 1. By Hensel’s lemma there is
a ζ ∈ K such that f (ζ) = 0 and ζ ≡ a (mod p).)
Since U is compact and the cosets of U cover K, we see that K ∗ is locally
compact.

Lemma 15.1.15. The additive Haar measure µ on K + , when restricted to U1 gives

a measure on U1 that is also invariant under multiplication, so gives a Haar measure
on U1 .
15.1. FINITE RESIDUE FIELD CASE 177

Proof. It suffices to show that

µ(1 + π n O) = µ(u · (1 + π n O)),

for any u ∈ U1 and n > 0. Write u = 1 + a1 π + a2 π 2 + · · · . We have

u · (1 + π n O) = (1 + a1 π + a2 π 2 + · · · ) · (1 + π n O)
= 1 + a1 π + a2 π 2 + · · · + π n O
= a1 π + a2 π 2 + · · · + (1 + π n O),

which is an additive translate of 1 + π n O, hence has the same measure.

Thus µ gives a Haar measure on K ∗ by translating U1 around to cover K ∗ .

Lemma 15.1.16. The topological spaces K + and K ∗ are totally disconnected (the
only connected sets are points).

Proof. The proof is the same as that of Proposition 14.2.13. The point is that the
non-archimedean triangle inequality forces the complement an open disc to be open,
hence any set with at least two distinct elements “falls apart” into a disjoint union
of two disjoint open subsets.

Remark 15.1.17. Note that K ∗ and K + are locally isomorphic if K has character-
istic 0. We have the exponential map
∞
X an
a 7→ exp(a) =
n!
n=0

defined for all sufficiently small a with its inverse

∞
X (−1)n−1 (a − 1)n
log(a) = ,
n
n=1

which is defined for all a sufficiently close to 1.

178 CHAPTER 15. ADIC NUMBERS: THE FINITE RESIDUE FIELD CASE
Chapter 16

Normed Spaces and Tensor

Products

Much of this chapter is preparation for what we will do later when we will prove
that if K is complete with respect to a valuation (and locally compact) and L is
a finite extension of K, then there is a unique valuation on L that extends the
valuation on K. Also, if K is a number field, v = | · | is a valuation on K, Kv is
the completion of K with respect to v, and L is a finite extension of K, we’ll prove
that
MJ
Kv ⊗K L = Lj ,
j=1

where the Lj are the completions of L with respect to the equivalence classes of
extensions of v to L. In particular, if L is a number field defined by a root of
f (x) ∈ Q[x], then
MJ
Qp ⊗Q L = Lj ,
j=1

where the Lj correspond to the irreducible factors of the polynomial f (x) ∈ Qp [x]
(hence the extensions of | · |p correspond to irreducible factors of f (x) over Qp [x]).
In preparation for this clean view of the local nature of number fields, we will
prove that the norms on a finite-dimensional vector space over a complete field are
all equivalent. We will also explicitly construct tensor products of fields and deduce
some of their properties.

16.1 Normed Spaces

Definition 16.1.1 (Norm). Let K be a field with valuation | · | and let V be a
vector space over K. A real-valued function k · k on V is called a norm if

1. kvk > 0 for all nonzero v ∈ V (positivity).

179
180 CHAPTER 16. NORMED SPACES AND TENSOR PRODUCTS

2. kv + wk ≤ kvk + kwk for all v, w ∈ V (triangle inequality).

3. kavk = |a| kvk for all a ∈ K and v ∈ V (homogeneity).

Note that setting kvk = 1 for all v 6= 0 does not define a norm unless the absolute
value on K is trivial, as 1 = kavk = |a| kvk = |a|. We assume for the rest of this
section that | · | is not trivial.

Definition 16.1.2 (Equivalent). Two norms k · k1 and k · k2 on the same vector

space V are equivalent if there exists positive real numbers c1 and c2 such that for
all v ∈ V
kvk1 ≤ c1 kvk2 and kvk2 ≤ c2 kvk1 .

Lemma 16.1.3. Suppose that K is a field that is complete with respect to a valua-
tion | · | and that V is a finite dimensional K vector space. Continue to assume, as
mentioned above, that K is complete with respect to | · | . Then any two norms on
V are equivalent.

Remark 16.1.4. As we shall see soon (see Theorem 17.1.8), the lemma is usually
false if we do not assume that K is complete. For example, when K = Q and | · |p is
the p-adic valuation, and V is a number field, then there may be several extensions
of | · |p to inequivalent norms on V .
If two norms are equivalent then the corresponding topologies on V are equal,
since very open ball for k · k1 is contained in an open ball for k · k2 , and conversely.
(The converse is also true, since, as we will show, all norms on V are equivalent.)

Proof. Let v1 , . . . , vN be a basis for V . Define the max norm k · k0 by

N
X
an vn = max {|an | : n = 1, . . . , N } .



n=1 0

It is enough to show that any norm k · k is equivalent to k · k0 . We have

N N
X X
an vn ≤ |an | kvn k



n=1 n=1
XN
≤ max |an | kvn k
n=1
N
X
= c1 · an vn ,


n=1 0

where c1 = N
P
n=1 kvn k.
To finish the proof, we show that there is a c2 ∈ R such that for all v ∈ V ,

kvk0 ≤ c2 · kvk .
16.2. TENSOR PRODUCTS 181

We will only prove this in the case when K is not just merely complete with respect
to | · | but also locally compact. This will be the case of primary interest to us. For
a proof in the general case, see the original article by Cassels (page 53).
By what we have already shown, the function kvk is continuous in the k · k0 -
topology, so by local compactness it attains its lower bound δ on the unit circle
{v ∈ V : kvk0 = 1}. (Why is the unit circle compact? With respect to k · k0 , the
topology on V is the same as that of a product of copies of K. If the valuation
is archimedean then K ∼ = R or C with the standard topology and the unit circle
is compact. If the valuation is non-archimedean, then we saw (see Remark 15.1.7)
that if K is locally compact, then the valuation is discrete, in which case we showed
that the unit disc is compact, hence the unit circle is also compact since it is closed.)
Note that δ > 0 by part 1 of Definition 16.1.1. Also, by definition of k · k0 , for any
v ∈ V there exists a ∈ K such that kvk0 = |a| (just take the max coefficient in
our basis). Thus we can write any v ∈ V as a · w where a ∈ K and w ∈ V with
kwk0 = 1. We then have

kvk0 kawk0 |a| kwk0 1 1

= = = ≤ .
kvk kawk |a| kwk kwk δ

Thus for all v we have

kvk0 ≤ c2 · kvk ,
where c2 = 1/δ, which proves the theorem.

16.2 Tensor Products

We need only a special case of the tensor product construction. Let A and B be
commutative rings containing a field K and suppose that B is of finite dimension N
over K, say, with basis
1 = w1 , w2 , . . . , wN .
Then B is determined up to isomorphism as a ring over K by the multiplication
table (ci,j,n ) defined by
N
X
wi · wj = ci,j,n · wn .
n=1

We define a new ring C containing K whose elements are the set of all expressions
N
X
an w n
n=1

where the wn have the same multiplication rule

N
X
wi · wj = ci,j,n · wn
n=1
182 CHAPTER 16. NORMED SPACES AND TENSOR PRODUCTS

as the wn .
There are injective ring homomorphisms

i : A ,→ C, i(a) = aw1 (note that w1 = 1)

and
N N
!
X X
j : B ,→ C, j cn wn = cn wn .
n=1 n=1

Moreover C is defined, up to isomorphism, by A and B and is independent of the

particular choice of basis wn of B (i.e., a change of basis of B induces a canonical
isomorphism of the C defined by the first basis to the C defined by the second
basis). We write
C = A ⊗K B
since C is, in fact, a special case of the ring tensor product.
Let us now suppose, further, that A is a topological ring, i.e., has a topology
with respect to which addition and multiplication are continuous. Then the map
N
X
C → A ⊕ · · · ⊕ A, am wm 7→ (a1 , . . . , aN )
m=1

defines a bijection between C and the product of N copies of A (considered as

sets). We give C the product topology. It is readily verified that this topology is
independent of the choice of basis w1 , . . . , wN and that multiplication and addition
on C are continuous, so C is a topological ring. We call this topology on C the
tensor product topology.
Now drop our assumption that A and B have a topology, but suppose that A
and B are not merely rings but fields. Recall that a finite extension L/K of fields
is separable if the number of embeddings L ,→ K that fix K equals the degree of L
over K, where K is an algebraic closure of K. The primitive element theorem from
Galois theory asserts that any such extension is generated by a single element, i.e.,
L = K(a) for some a ∈ L.

Lemma 16.2.1. Let A and B be fields containing the field K and suppose that B is
a separable extension of finite degree N = [B : K]. Then C = A ⊗K B is the direct
sum of a finite number of fields Kj , each containing an isomorphic image of A and
an isomorphic image of B.

Proof. By the primitive element theorem, we have B = K(b), where b is a root of

some separable irreducible polynomial f (x) ∈ K[x] of degree N . Then 1, b, . . . , bN −1
is a basis for B over K, so

A ⊗K B = A[b] ∼
= A[x]/(f (x))

where 1, b, b2 , . . . , bN −1 are linearly independent over A and b satisfies f (b) = 0.

16.2. TENSOR PRODUCTS 183

Although the polynomial f (x) is irreducible as an element of K[x], it need not

be irreducible in A[x]. Since A is a field, we have a factorization
J
Y
f (x) = gj (x)
j=1

where gj (x) ∈ A[x] is irreducible. The gj (x) are distinct because f (x) is separable
(i.e., has distinct roots in any algebraic closure).
For each j, let bj ∈ A be a root of gj (x), where A is a fixed algebraic closure of
the field A. Let Kj = A(bj ). Then the map

ϕj : A ⊗K B → Kj (16.2.1)

given by sending any polynomial h(b) in b (where h ∈ A[x]) to h(bj ) is a ring

homomorphism, because the image of b satisfies the polynomial f (x), and A⊗K B ∼
=
A[x]/(f (x)).
By the Chinese Remainder Theorem, the maps from (16.2.1) combine to define
a ring isomorphism
J J
A ⊗K B ∼
= A[x]/(f (x)) ∼ A[x]/(gj (x)) ∼
M M
= = Kj .
j=1 j=1

Each Kj is of the form A[x]/(gj (x)), so contains an isomorphic image of A. It

thus remains to show that the ring homomorphisms
b 7→1⊗b ϕj
λj : B −−−−→ A ⊗K B −→ Kj

are injections. Since B and Kj are both fields, λj is either the 0 map or injective.
However, λj is not the 0 map since λj (1) = 1 ∈ Kj .

Example 16.2.2. If A and B are finite extensions of Q, then A ⊗Q B is an algebra

of degree [A : Q] · [B : Q]. For example, suppose A is generated by a root of
x2 + 1 and B is generated by a root of x3 − 2. We can view A ⊗Q B as either
A[x]/(x3 − 2) or B[x]/(x2 + 1). The polynomial x2 + 1 is irreducible over Q, and if
it factored over the cubic field B, then there would be a root of x2 + 1 in√ B, i.e., the
quadratic field A = Q(i) would be a subfield of the cubic field B = Q( 3 2), √ which
2
is impossible. Thus x + 1 is irreducible over B, so A ⊗Q B = A.B = Q(i, 2) is 3

a degree 6 extension of Q. Notice that A.B contains a copy A and a copy of B.

By the primitive element theorem the composite field A.B can be generated by √ the
3
root of a single polynomial. For example, the √ minimal polynomial of i + 2 is
x6 + 3x4 − 4x3 + 3x2 + 12x + 5, hence Q(i + 3 2) = A.B.
Example 16.2.3. The case A ∼ = B is even more exciting. For example, suppose
A = B = Q(i). Using the Chinese Remainder Theorem we have that

Q(i) ⊗Q Q(i) ∼
= Q(i)[x]/(x2 + 1) ∼
= Q(i)[x]/((x − i)(x + i)) ∼
= Q(i) ⊕ Q(i),
184 CHAPTER 16. NORMED SPACES AND TENSOR PRODUCTS

since (x − i) and (x + i) are coprime. The last isomorphism sends a + bx, with
a, b ∈ Q(i), to (a + bi, a − bi). Since Q(i) ⊕ Q(i) has zero divisors, the tensor product
Q(i) ⊗Q Q(i) must also have zero divisors. For example, (1, 0) and (0, 1) is a zero
divisor pair on the right hand side, and we can trace back to the elements of the
tensor product that they define. First, by solving the system

a + bi = 1 and a − bi = 0

we see that (1, 0) corresponds to a = 1/2 and b = −i/2, i.e., to the element
1 i
− x ∈ Q(i)[x]/(x2 + 1).
2 2
This element in turn corresponds to
1 i
⊗ 1 − ⊗ i ∈ Q(i) ⊗Q Q(i).
2 2
Similarly the other element (0, 1) corresponds to
1 i
⊗ 1 + ⊗ i ∈ Q(i) ⊗Q Q(i).
2 2
As a double check, observe that

i2
   
1 i 1 i 1 i i
⊗1− ⊗i · ⊗1+ ⊗i = ⊗1+ ⊗ i − ⊗ i − ⊗ i2
2 2 2 2 4 4 4 4
1 1
= ⊗1− ⊗ 1 = 0 ∈ Q(i) ⊗Q Q(i).
4 4
Clearing the denominator of 2 and writing 1⊗1 = 1, we have (1−i⊗i)(1+i⊗i) = 0,
so i ⊗ i is a root of the polynomimal x2 − 1, and i ⊗ i is not ±1, so x2 − 1 has more
than 2 roots.
In general, to understand A ⊗K B explicitly is the same as factoring either the
defining polynomial of B over the field A, or factoring the defining polynomial of A
over B.

Corollary 16.2.4. Let a ∈ B be any element and let f (x) ∈ K[x] be the char-
acteristic polynomials of a over K and let gj (x) ∈ A[x] (for 1 ≤ j ≤ J) be the
characteristic polynomials of the images of a under B → A ⊗K B → Kj over A,
respectively. Then
J
Y
f (x) = gj (X). (16.2.2)
j=1

Proof. We show that both sides of (16.2.2) are the characteristic polynomial T (x) of
the image of a in A ⊗K B over A. That f (x) = T (x) follows at once by computing
the characteristic polynomial in terms of a basis w1 , . . . , wN of A ⊗K B, where
w1 , . . . , wN is a basis for B over K (this is because the matrix of left multiplication
16.2. TENSOR PRODUCTS 185

by b on A ⊗K B is exactly the same as the matrix of left multiplication

Q on B, so the
characteristic polynomial doesn’t change). To see that T (X) = gj (X), compute
the action of the image of a in A ⊗K B with respect to a basis of
J
A ⊗K B ∼
M
= Kj (16.2.3)
j=1

composed of basis of the individual extensions Kj of A. The resulting matrix will

be a block direct sum of submatrices, each of whose characteristic polynomials is
one of the gj (X). Taking the product gives the claimed identity (16.2.2).

Corollary 16.2.5. For a ∈ B we have

J
Y
NormB/K (a) = NormKj /A (a),
j=1

and
J
X
TrB/K (a) = TrKj /A (a),
j=1

Proof. This follows from Corollary 16.2.4. First, the norm is ± the constant term of
the characteristic polynomial, and the constant term of the product of polynomials is
the product of the constant terms (and one sees that the sign matches up correctly).
Second, the trace is minus the second coefficient of the characteristic polynomial,
and second coefficients add when one multiplies polynomials:

(xn +an−1 xn−1 +· · · )·(xm +am−1 xm−1 +· · · ) = xn+m +xn+m−1 (am−1 +an−1 )+· · · .

One could also see both the statements by considering a matrix of left multiplication
by a first with respect to the basis of wn and second with respect to the basis coming
from the left side of (16.2.3).
186 CHAPTER 16. NORMED SPACES AND TENSOR PRODUCTS
Chapter 17

Extensions and Normalizations

of Valuations

17.1 Extensions of Valuations

In this section we continue to tacitly assume that all valuations are nontrivial. We
do not assume all our valuations satisfy the triangle
Suppose K ⊂ L is a finite extension of fields, and that | · | and k · k are valuations
on K and L, respectively.
Definition 17.1.1 (Extends). We say that k · k extends | · | if |a| = kak for all
a ∈ K.
Theorem 17.1.2. Suppose that K is a field that is complete with respect to | · | and
that L is a finite extension of K of degree N = [L : K]. Then there is precisely one
extension of | · | to K, namely
 1/N
kak = NormL/K (a) , (17.1.1)

where the N th root is the non-negative real N th root of the nonnegative real number
NormL/K (a).

Proof. We may assume that | · | is normalized so as to satisfy the triangle inequality.

Otherwise, normalize | · | so that it does, prove the theorem for the normalized
valuation | · |c , then raise both sides of (17.1.1) to the power 1/c. In the uniqueness
proof, by the same argument we may assume that k · k also satisfies the triangle
inequality.
Uniqueness. View L as a finite-dimensional vector space over K. Then k · k is a
norm in the sense defined earlier (Definition 16.1.1). Hence any two extensions k · k1
and k · k2 of | · | are equivalent as norms, so induce the same topology on K. But as
we have seen (Proposition 14.1.4), two valuations which induce the same topology
are equivalent valuations, i.e., k · k1 = k · kc2 , for some positive real c. Finally c = 1
since kak1 = |a| = kak2 for all a ∈ K.

187
188CHAPTER 17. EXTENSIONS AND NORMALIZATIONS OF VALUATIONS

Existence. We do not give a proof of existence in the general case. Instead we give
a proof, which was suggested by Dr. Geyer at the conference out of which [Cas67]
arose. It is valid when K is locally compact, which is the only case we will use later.
We see at once that the function defined in (17.1.1) satisfies the condition (i)
that kak ≥ 0 with equality only for a = 0, and (ii) kabk = kak · kbk for all a, b ∈ L.
The difficult part of the proof is to show that there is a constant C > 0 such that

kak ≤ 1 =⇒ k1 + ak ≤ C.

Note that we do not know (and will not show) that k · k as defined by (17.1.1) is a
norm as in Definition 16.1.1, since showing that k · k is a norm would entail showing
that it satisfies the triangle inequality, which is not obvious.
Choose a basis b1 , . . . , bN for L over K. Let k · k0 be the max norm on L, so for
a= N
P
i=1 ci bi with ci ∈ K we have

XN
kak0 = ci bi = max{|ci | : i = 1, . . . , N }.


i=1 0

(Note: in Cassels’s original article he let k · k0 be any norm, but we don’t because
the rest of the proof does not work, since we can’t use homogeneity as he claims
to do. This is because it need not be possible to find, for any nonzero a ∈ L some
element c ∈ K such that kack0 = 1. This would fail, e.g., if kak0 6= |c| for any
c ∈ K.) The rest of the argument is very similar to our proof from Lemma 16.1.3
of uniqueness of norms on vector spaces over complete fields.
With respect to the k · k0 -topology, L has the product topology as a product of
copies of K. The function a 7→ kak is a composition of continuous functions on L
with respect to this topology (e.g., NormL/K is the determinant, hence polynomial),
hence k · k defines nonzero continuous function on the compact set

S = {a ∈ L : kak0 = 1}.

By compactness, there are real numbers δ, ∆ ∈ R>0 such that

0 < δ ≤ kak ≤ ∆ for all a ∈ S.

For any nonzero a ∈ L there exists c ∈ K such that kak0 = |c|; to see this take c to
be a ci in the expression a = N
P
i=1 ci bi with |ci | ≥ |cj | for any j. Hence ka/ck0 = 1,
so a/c ∈ S and
ka/ck
0≤δ≤ ≤ ∆.
ka/ck0
Then by homogeneity
kak
0≤δ≤ ≤ ∆.
kak0
17.1. EXTENSIONS OF VALUATIONS 189

Suppose now that kak ≤ 1. Then kak0 ≤ δ −1 , so

k1 + ak ≤ ∆ · k1 + ak0
≤ ∆ · (k1k0 + kak0 )
≤ ∆ · k1k0 + δ −1

=C (say),

as required.

Example 17.1.3. Consider the extension C of R equipped with the archimedean

valuation. The unique extension is the ordinary absolute value on C:

1/2
kx + iyk = x2 + y 2 .
√
Example 17.1.4. Consider the extension Q2 ( 2) of Q2 equipped with the 2-adic
absolute value. Since x2 − √
2 is irreducible
√ over Q2 we can do some computations by
working in the subfield Q( 2) of Q2 ( 2).
s a g e : K.<a> = NumberField ( x ˆ2 − 2 ) ; K
Number F i e l d i n a with d e f i n i n g p o l y n o m i a l x ˆ2 − 2
s a g e : norm = lambda z : math . s q r t (2ˆ( − z . norm ( ) . v a l u a t i o n ( 2 ) ) )
s a g e : norm ( 1 + a )
1.0
s a g e : norm ( 1 + a + 1 )
0.70710678118654757
s a g e : z = 3 + 2∗ a
s a g e : norm ( z )
1.0
s a g e : norm ( z + 1 )
0.35355339059327379

Remark 17.1.5. Geyer’s existence proof gives (17.1.1). But it is perhaps worth
noting that in any case (17.1.1) is a consequence of unique existence, as follows.
Suppose L/K is as above. Suppose M is a finite Galois extension of K that con-
tains L. Then by assumption there is a unique extension of | · | to M , which we
shall also denote by k · k. If σ ∈ Gal(M/K), then

kakσ := kσ(a)k

is also an extension of | · | to M , so k · kσ = k · k, i.e.,

kσ(a)k = kak for all a ∈ M .

But now
NormL/K (a) = σ1 (a) · σ2 (a) · · · σN (a)
190CHAPTER 17. EXTENSIONS AND NORMALIZATIONS OF VALUATIONS

for a ∈ K, where σ1 , . . . , σN ∈ Gal(M/K) extend the embeddings of L into M .

Hence
 
NormL/K (a) = NormL/K (a)
Y
= kσn (a)k
1≤n≤N
N
= kak ,

as required.

Corollary 17.1.6. Let w1 , . . . , wN be a basis for L over K. Then there are positive
constants c1 and c2 such that

XN
bn wn



n=1
c1 ≤ ≤ c2
max{|bn | : n = 1, . . . , N }

for any b1 , . . . , bN ∈ K not all 0.

P 
Proof. For  N n=1 n n  and max |bn | are two norms on L considered as a vector
b w
 
space over K.
I don’t believe this proof, which I copied from Cassels’s article. My problem
with it is that the proof of Theorem 17.1.2 does not give that C ≤ 2, i.e., that the
triangle inequality holds for k · k. By changing the basis for L/K one can make any
nonzero vector a ∈ L have kak0 = 1, so if we choose a such that |a| is very large,
then the ∆ in the proof will also be very large. One way to fix the corollary is to
only claim that there are positive constants c1 , c2 , c3 , c4 such that
c3
X N
b w

n n

n=1
c1 ≤ ≤ c2 .
max{|bn |c4 : n = 1, . . . , N }

Then choose c3 , c4 such that k · kc3 and | · |c4 satisfies the triangle inequality, and
prove the modified corollary using the proof suggested by Cassels.

Corollary 17.1.7. A finite extension of a completely valued field K is complete

with respect to the extended valuation.

Proof. By the proceeding corollary it has the topology of a finite-dimensional vector

space over K. (The problem with the proof of the previous corollary is not an issue,
because we can replace the extended valuation by an inequivalent one that satisfies
the triangle inequality and induces the same topology.)

When K is no longer complete under | · | the position is more complicated:

17.1. EXTENSIONS OF VALUATIONS 191

Theorem 17.1.8. Let L be a separable extension of K of finite degree N = [L : K].

Then there are at most N extensions of a valuation | · | on K to L, say k · kj , for
1 ≤ j ≤ J. Let Kv be the completion of K with respect to | · |, and for each j let Lj
be the completion of L with respect to k · kj . Then

Kv ⊗K L ∼
M
= Lj (17.1.2)
1≤j≤J

algebraically and topologically, where the right hand side is given the product topol-
ogy.

Proof. We already know (Lemma 16.2.1) that Kv ⊗K L is of the shape (17.1.2),

where the Lj are finite extensions of Kv . Hence there is a unique extension | · |∗j
of | · | to the Lj , and by Corollary 17.1.7 the Lj are complete with respect to the
extended valuation. Further, the ring homomorphisms

λj : L → Kv ⊗K L → Lj

are injections. Hence we get an extension k · kj of | · | to L by putting

kbkj = |λj (b)|∗j .

Further, L ∼ = λj (L) is dense in Lj with respect to k · kj because L = K ⊗K L is

dense in Kv ⊗K L (since K is dense in Kv ). Hence Lj is exactly the completion of
L.
It remains to show that the k · kj are distinct and that they are the only exten-
sions of | · | to L.
Suppose k · k is any valuation of L that extends | · |. Then k · k extends by
continuity to a real-valued function on Kv ⊗K L, which we also denote by k · k.
(We are again using that L is dense in Kv ⊗K L.) By continuity we have for all
a, b ∈ Kv ⊗K L,
kabk = kak · kbk
and if C is the constant in axiom (iii) for L and k · k, then

kak ≤ 1 =⇒ k1 + ak ≤ C.

(In Cassels, he inexplicable assume that C = 1 at this point in the proof.)

We consider the restriction of k · k to one of the Lj . If kak =
6 0 for some a ∈ Lj ,
−1

then kak = kbk · ab for every b 6= 0 in Lj so kbk = 6 0. Hence either k · k is
identically 0 on Lj or it induces a valuation on Lj .
Further, k · k cannot induce a valuation on two of the Lj . For

(a1 , 0, . . . , 0) · (0, a2 , 0, . . . , 0) = (0, 0, 0, . . . , 0),

so for any a1 ∈ L1 , a2 ∈ L2 ,
ka1 k · ka2 k = 0.
192CHAPTER 17. EXTENSIONS AND NORMALIZATIONS OF VALUATIONS

Hence k · k induces a valuation in precisely one of the Lj , and it extends the given
valuation | · | of Kv . Hence k · k = k · kj for precisely one j.
It remains only to show that (17.1.2) is a topological homomorphism. For

(b1 , . . . , bJ ) ∈ L1 ⊕ · · · ⊕ LJ

put
k(b1 , . . . , bJ )k0 = max kbj kj .
1≤j≤J

Then k · k0 is a norm on the right hand side of (17.1.2), considered as a vector space
over Kv and it induces the product topology. On the other hand, any two norms
are equivalent, since Kv is complete, so k · k0 induces the tensor product topology
on the left hand side of (17.1.2).

Corollary 17.1.9. Suppose L = K(a), and let f (x) ∈ K[x] be the minimal polyno-
mial of a. Suppose that Y
f (x) = gj (x)
1≤j≤J

in Kv [x], where the gj are irreducible. Then Lj = Kv (bj ), where bj is a root of gj .

17.2 Extensions of Normalized Valuations

Let K be a complete field with valuation | · |. We consider the following three cases:
(1) | · | is discrete non-archimedean and the residue class field is finite.

(2i) The completion of K with respect to | · | is R.

(2ii) The completion of K with respect to | · | is C.

(Alternatively, these cases can be subsumed by the hypothesis that the completion
of K is locally compact.)
In case (1) we defined the normalized valuation to be the one such that if Haar
measure of the ring of integers O is 1, then µ(aO) = |a| (see Definition 15.1.11). In
case (2i) we say that | · | is normalized if it is the ordinary absolute value, and in
(2ii) if it is the square of the ordinary absolute value:

|x + iy| = x2 + y 2 (normalized).

In every case, for every a ∈ K, the map

a : x 7→ ax

on K + multiplies any choice of Haar measure by |a|, and this characterizes the
normalized valuations among equivalent ones.
We have already verified the above characterization for non-archimedean valua-
tions, and it is clear for the ordinary absolute value on R, so it remains to verify it
17.2. EXTENSIONS OF NORMALIZED VALUATIONS 193

for C. The additive group C+ is topologically isomorphic to R+ ⊕ R+ , so a choice

of Haar measure of C+ is the usual area measure on the Euclidean plane. Multi-
plication
p by x + iy ∈ C is the same as rotation followed by scaling by a factor of
2 2
x + y , so if we rescale a region by
p a factor of x + iy, the area of the region
changes by a factor of the square of x2 + y 2 . This explains why the normalized
valuation on C is the square of the usual absolute value. Note that the normalized
valuation on C does not satisfy the triangle inequality:

|1 + (1 + i)| = |2 + i| = 22 + 12 = 5 6≤ 3 = 12 + (12 + 12 ) = |1| + |1 + i| .

The constant C in axiom (3) of a valuation for the ordinary absolute value on C is
2, so the constant for the normalized valuation | · | is C ≤ 4:

|x + iy| ≤ 1 =⇒ |x + iy + 1| ≤ 4.

Note that x2 + y 2 ≤ 1 implies

(x + 1)2 + y 2 = x2 + 2x + 1 + y 2 ≤ 1 + 2x + 1 ≤ 4

since x ≤ 1.
Lemma 17.2.1. Suppose K is a field that is complete with respect to a normalized
valuation | · | and let L be a finite extension of K of degree N = [L : K]. Then the
normalized valuation k · k on L which is equivalent to the unique extension of | · |
to L is given by the formula
 
kak = NormL/K (a) all a ∈ L. (17.2.1)

Proof. Let k · k be the normalized valuation on L that extends | · |. Our goal is to

identify k · k, and in particular to show that it is given by (17.2.1).
By the preceding section there is a positive real number c such that for all a ∈ L
we have  c
kak = NormL/K (a) .
Thus all we have to do is prove that c = 1. In case 2 the only
 2 nontrivial
 situation
is L = C and K = R, in which case NormC/R (x + iy) = x + y , which is the
   2 
normalized valuation on C defined above.
One can argue in a unified way in all cases as follows. Let w1 , . . . , wN be a basis
for L/K. Then the map
N
M X
ϕ : L+ → K +, an wn 7→ (a1 , . . . , aN )
n=1

is an isomorphism between the additive group L+ and the direct sum ⊕N +

n=1 K ,
and this is a homeomorphism if the right hand side is given the product topology.
In particular, the Haar measures on L+ and on ⊕N n=1 K
+ are the same up to a
∗
multiplicative constant in Q .
194CHAPTER 17. EXTENSIONS AND NORMALIZATIONS OF VALUATIONS

Let b ∈ K. Then the left-multiplication-by-b map

X X
b: an wn 7→ ban wn

on L+ is the same as the map

(a1 , . . . , aN ) 7→ (ba1 , . . . , baN )
N
on ⊕N +
n=1 K , so it multiplies the Haar measure by |b| , since | · | on K is assumed
normalized (the measure of each factor is multiplied by |b|, so the measure on the
product is multiplied by |b|N ). Since k · k is assumed normalized, so multiplication
by b rescales by kbk, we have
kbk = |b|N .
But b ∈ K, so NormL/K (b) = bN . Since | · | is nontrivial and for a ∈ K we have

kak = |a|N = aN  = NormL/K (a) ,

   

so we must have c = 1 in (17.2.1), as claimed.

In the case when K need not be complete with respect to the valuation | · | on K,
we have the following theorem.
Theorem 17.2.2. Suppose | · | is a (nontrivial as always) normalized valuation of
a field K and let L be a finite extension of K. Then for any a ∈ L,
Y  
kakj = NormL/K (a)
1≤j≤J

where the k · kj are the normalized valuations equivalent to the extensions of | · |

to K.
Proof. Let Kv denote the completion of K with respect to | · |. Write
M
Kv ⊗K L = Lj .
1≤j≤J

Then Theorem 17.2.2 asserts that

Y
NormL/K (a) = NormLj /Kv (a). (17.2.2)
1≤j≤J

By Theorem 17.1.8, the k · kj are exactly the normalizations of the extensions of | · |

to the Lj (i.e., the Lj are in bijection with the extensions of valuations, so there are
no other valuations missed). By Lemma 17.1.1, the normalized valuation k · kj on
 
Lj is |a| = NormLJ /Kv (a). The theorem now follows by taking absolute values of
both sides of (17.2.2).

What next?! We’ll building up to giving a new proof of finiteness of the class
group that uses that the class group naturally has the discrete topology and is the
continuous image of a compact group.
Chapter 18

Global Fields and Adeles

18.1 Global Fields

Definition 18.1.1 (Global Field). A global field is a number field or a finite sepa-
rable extension of F(t), where F is a finite field, and t is transcendental over F.

In this chapter, we will focus attention on number fields, and leave the function
field case to the reader.
The following lemma essentially says that the denominator of an element of a
global field is only “nontrivial” at a finite number of valuations.

Lemma 18.1.2. Let a ∈ K be a nonzero element of a global field K. Then there

are only finitely many inequivalent valuations | · | of K for which

|a| > 1.

Proof. If K = Q or F(t) then the lemma follows by Ostrowski’s classification of all

the valuations on K (see Theorem 13.3.2). For example, when a = nd ∈ Q, with
n, d ∈ Z, then the valuations where we could have |a| > 1 are the archimedean one,
or the p-adic valuations | · |p for which p | d.
Suppose now that K is a finite extension of Q, so a satisfies a monic polynomial

an + cn−1 an−1 + · · · + c0 = 0,

for some n and c0 , . . . , cn−1 ∈ Q. If | · | is a non-archimedean valuation on K, we

have

|a|n = −(cn−1 an−1 + · · · + c0 )

 

≤ max(1, |a|n−1 ) · max(|c0 | , . . . , |cn−1 |).

Dividing each side by |a|n−1 , we have that

|a| ≤ max(|c0 | , . . . , |cn−1 |),

195
196 CHAPTER 18. GLOBAL FIELDS AND ADELES

so in all cases we have

|a| ≤ max(1, |c0 | , . . . , |cn−1 |)1/(n−1) . (18.1.1)

We know the lemma for Q, so there are only finitely many valuations | · | on Q such
that the right hand side of (18.1.1) is bigger than 1. Since each valuation of Q
has finitely many extensions to K, and there are only finitely many archimedean
valuations, it follows that there are only finitely many valuations on K such that
|a| > 1.

Any valuation on a global field is either archimedean, or discrete non-archimedean

with finite residue class field, since this is true of Q and F(t) and is a property pre-
served by extending a valuation to a finite extension of the base field. Hence it
makes sense to talk of normalized valuations. Recall that the normalized p-adic
valuation on Q is |x|p = p− ordp (x) , and if v is a valuation on a number field K
equivalent to an extension of | · |p , then the normalization of v is the composite of
the sequence of maps
Norm | · |p
K ,→ Kv −−−→ Qp −−→ R,
where Kv is the completion of K at v.
√ √
Example 18.1.3. Let K = Q( 2), and let p = 2.√Because 2 6∈ Q2 , there is exactly
one extension of | · |2 to K, and it sends a = 1/ 2 to
 √ 1/2 √
NormQ2 (√2)/Q2 (1/ 2) = 2.

2

Thus the normalized valuation of a is 2. √ √

There are two extensions of | · |7 to Q( 2), since
√ Q( 2) ⊗Q Q7 ∼ = Q7 ⊕ Q7 , as
x2 − 2 = (x − 3)(x − 4) (mod 7). The image of 2 under √ each embedding into Q7
is a unit in Z7 , so the normalized valuation of a = 1/ 2 is, in both cases, equal
to 1. More generally, for any valuation of K of characteristic an odd prime p, the
normalized valuation
√ of a is 1.
Since K = Q( 2) ,→ R in two ways, there are exactly √two normalized archimedean
valuations on K, and both of their values on a equal 1/ 2. Notice that the product
of the absolute values of a with respect to all normalized valuations is
1 1
2 · √ · √ · 1 · 1 · 1 · · · = 1.
2 2
This “product formula” holds in much more generality, as we will now see.

Theorem 18.1.4 (Product Formula). Let a ∈ K be a nonzero element of a global

field K. Let | · |v run through the normalized valuations of K. Then |a|v = 1 for
almost all v, and Y
|a|v = 1 (the product formula).
all v
18.1. GLOBAL FIELDS 197

We will later give a more conceptual proof of this using Haar measure (see
Remark 18.3.9).

Proof. By Lemma 18.1.2, we have |a|v ≤ 1 for almost all v. Likewise, 1/ |a|v =
|1/a|v ≤ 1 for almost all v, so |a|v = 1 for almost all v.
Let w run through all normalized valuations of Q (or of F(t)), and write v | w if
the restriction of v to Q is equivalent to w. Then by Theorem 17.2.2,
 
Y Y Y Y 
|a|v =  |a|  =
v
NormK/Q (a) ,
w
v w v|w w

so it suffices to prove the theorem for K = Q.

By multiplicativity of valuations, if the theorem is true for b and c then it is
true for the product bc and quotient b/c (when c 6= 0). The theorem is clearly true
for −1, which has valuation 1 at all valuations. Thus to prove the theorem for Q
it suffices to prove it when a = p is a prime number. Then we have |p|∞ = p,
|p|p = 1/p, and for primes q 6= p that |p|q = 1. Thus
Y 1
|p|v = p · · 1 · 1 · 1 · · · = 1,
v
p

as claimed.

If v is a valuation on a field K, recall that we let Kv denote the completion of

K with respect to v. Also when v is non-archimedean, let

Ov = OK,v = {x ∈ Kv : |x| ≤ 1}

be the ring of integers of the completion.

Definition 18.1.5 (Almost All). We say a condition holds for almost all elements
of a set if it holds for all but finitely many elements.

We will use the following lemma later (see Lemma 18.3.3) to prove that formation
of the adeles of a global field is compatible with base change.

Lemma 18.1.6. Let ω1 , . . . , ωn be a basis for L/K, where L is a finite separable

extension of the global field K of degree n. Then for almost all normalized non-
archimedean valuations v on K we have

ω1 Ov ⊕ · · · ⊕ ωn Ov = Ow1 ⊕ · · · ⊕ Owg ⊂ Kv ⊗K L, (18.1.2)

where w1 , . . . , wg are the extensions of v to L. Here we have identified a ∈ L with

its canonical image in Kv ⊗K L, and the direct sum on the left is the sum taken
inside the tensor product (so directness means that the intersections are trivial).
198 CHAPTER 18. GLOBAL FIELDS AND ADELES

Proof. The proof proceeds in two steps. First we deduce easily from Lemma 18.1.2
that for almost all v the left hand side of (18.1.2) is contained in the right hand
side. Then we use a trick involving discriminants to show the opposite inclusion for
all but finitely many primes.
Since Ov ⊂ Owi for all i, the left hand side of (18.1.2) is contained in the right
hand side if |ωi |wj ≤ 1 for 1 ≤ i ≤ n and 1 ≤ j ≤ g. Thus by Lemma 18.1.2, for all
but finitely many v the left hand side of (18.1.2) is contained in the right hand side.
We have just eliminated the finitely many primes corresponding to “denominators”
of some ωi , and now only consider v such that ω1 , . . . , ωn ∈ Ow for all w | v.
For any elements a1 , . . . , an ∈ Kv ⊗K L, consider the discriminant

D(a1 , . . . , an ) = det(Tr(ai aj )) ∈ Kv ,

where the trace is induced from the L/K trace. Since each ωi is in each Ow , for
w | v, the traces lie in Ov , so

d = D(ω1 , . . . , ωn ) ∈ Ov .

Also note that d ∈ K since each ωi is in L. Now suppose that

n
X
α= ai ωi ∈ Ow1 ⊕ · · · ⊕ Owg ,
i=1

with ai ∈ Kv . Then by properties of determinants for any m with 1 ≤ m ≤ n, we

have
D(ω1 , . . . , ωm−1 , α, ωm+1 , . . . , ωn ) = a2m D(ω1 , . . . , ωn ). (18.1.3)
The left hand side of (18.1.3) is in Ov , so the right hand side is well, i.e.,

a2m · d ∈ Ov , (for m = 1, . . . , n),

where d ∈ K. Since ω1 , . . . , ωn are a basis for L over K and the trace pairing is
nondegenerate, we have d 6= 0, so by Theorem 18.1.4 we have |d|v = 1 for all but
finitely many v. Then for all but finitely many v we have that a2m ∈ Ov . For these
v, that a2m ∈ Ov implies am ∈ Ov since am ∈ Kv , i.e., α is in the left hand side of
(18.1.2).
√ √
Example 18.1.7. Let K = Q and L = Q( 2). Let ω1 = 1/3 and ω2 = 2 2. In the
first stage of the above proof we would eliminate | · |3 because ω2 is not integral at
3. The discriminant is
1 √
  2 
9 0 32
d=D , 2 2 = det = .
3 0 16 9

As explained in the second part of the proof, as long as v 6= 2, 3, we have equality

of the left and right hand sides in (18.1.2).
18.2. RESTRICTED TOPOLOGICAL PRODUCTS 199

18.2 Restricted Topological Products

In this section we describe a topological tool, which we need in order to define adeles
(see Definition 18.3.1).

Definition 18.2.1 (Restricted Topological Products). Let Xλ , for λ ∈ Λ, be a

family of topological spaces, and for almost all λ let Yλ ⊂ Xλ be an open subset
of Xλ . Consider the space X whose elements are sequences x = {xλ }λ∈Λ , where
xλ ∈ Xλ for every λ, and xλ ∈ Q Yλ for almost all λ. We give X a topology by taking
as a basis of open sets the sets Uλ , where Uλ ⊂ Xλ is open for all λ, and Uλ = Yλ
for almost all λ. We call X with this topology the restricted topological product of
the Xλ with respect to the Yλ .

Corollary 18.2.2. Let S be a finite subset of Λ, and let XS be the set of x ∈ X

with xλ ∈ Yλ for all λ 6∈ S, i.e.,
Y Y
XS = Xλ × Yλ ⊂ X.
λ∈S λ6∈S

Then XS is an open subset of X, and the topology induced on XS as a subset of X

is the same as the product topology.

The restricted topological product depends on the totality of the Yλ , but not on
the individual Yλ :

Lemma 18.2.3. Let Yλ0 ⊂ Xλ be open subsets, and suppose that Yλ = Yλ0 for
almost all λ. Then the restricted topological product of the Xλ with respect to the
Yλ0 is canonically isomorphic to the restricted topological product with respect to the
Yλ .

Lemma 18.2.4. Suppose that the Xλ are locally compact and that the Yλ are com-
pact. Then the restricted topological product X of the Xλ is locally compact.

Proof. For any finite subset S of Λ, the open subset XS ⊂ X is locally compact,
because by Lemma 18.2.2 it is a product of finitely many locally compact sets with
an infinite product of compact sets. (Here we are using Tychonoff’s theorem from
topology, which asserts that an arbitrary product of compact topological spaces is
compact (see Munkres’s Topology, a first course, chapter 5).) Since X = ∪S XS ,
and the XS are open in X, the result follows.

The following measure will be extremely important in deducing topological prop-

erties of the ideles, which will be used in proving finiteness of class groups. See, e.g.,
the proof of Lemma 18.4.1, which is a key input to the proof of strong approximation
(Theorem 18.4.4).
200 CHAPTER 18. GLOBAL FIELDS AND ADELES

Definition 18.2.5 (Product Measure). For all λ ∈ Λ, suppose µλ is a measure on

Xλ with µλ (Yλ ) = 1 when Yλ is defined. We define the product measure µ on X to
be that for which a basis of measurable sets is
Y
Mλ
λ

where each Mλ ⊂ Xλ has finite µλ -measure and Mλ = Yλ for almost all λ, and
where !
Y Y
µ Mλ = µλ (Mλ ).
λ λ

18.3 The Adele Ring

Let K be a global field. For each normalized valuation | · |v of K, let Kv denote the
completion of K. If | · |v is non-archimedean, let Ov denote the ring of integers of
Kv .

Definition 18.3.1 (Adele Ring). The adele ring AK of K is the topological ring
whose underlying topological space is the restricted topological product of the Kv
with respect to the Ov , and where addition and multiplication are defined compo-
nentwise:

(xy)v = xv yv (x + y)v = xv + yv for x, y ∈ AK . (18.3.1)

It is readily verified that (i) this definition makes sense, i.e., if x, y ∈ AK ,

then xy and x + y, whose components are given by (18.3.1), are also in AK , and
(ii) that addition and multiplication are continuous in the AK -topology, so AK
is a topological ring, as asserted. Also, Lemma 18.2.4 implies that AK is locally
compact because the Kv are locally compact (Corollary 15.1.6), and the Ov are
compact (Theorem 15.1.4).
There is a natural continuous ring inclusion

K ,→ AK (18.3.2)

that sends x ∈ K to the adele every one of whose components is x. This is an adele
because x ∈ Ov for almost all v, by Lemma 18.1.2. The map is injective because
each map K → Kv is an inclusion.

Definition 18.3.2 (Principal Adeles). The image of (18.3.2) is the ring of principal
adeles.

It will cause no trouble to identify K with the principal adeles, so we shall speak
of K as a subring of AK .
Formation of the adeles is compatibility with base change, in the following sense.
18.3. THE ADELE RING 201

Lemma 18.3.3. Suppose L is a finite (separable) extension of the global field K.

Then
AK ⊗K L ∼ = AL (18.3.3)
both algebraically and topologically. Under this isomorphism,

L∼
= K ⊗K L ⊂ AK ⊗K L

maps isomorphically onto L ⊂ AL .

Proof. Let ω1 , . . . , ωn be a basis for L/K and let v run through the normalized
valuations on K. The left hand side of (18.3.3), with the tensor product topology,
is the restricted product of the tensor products

Kv ⊗K L ∼
= Kv · ω1 ⊕ · · · ⊕ Kv · ωn

with respect to the integers

Ov · ω1 ⊕ · · · ⊕ Ov · ωn . (18.3.4)
P
(An element of the left hand side is a finite linear combination xi ⊗ ai of adeles
xi ∈ AK and coefficients ai ∈ L, and there is a natural isomorphism from the ring
of such formal sums to the restricted product of the Kv ⊗K L.)
We proved before (Theorem 17.1.8) that

Kv ⊗K L ∼
= Lw1 ⊕ · · · ⊕ Lwg ,

where w1 , . . . , wg are the normalizations of the extensions of v to L. Furthermore, as

we proved using discriminants (see Lemma 18.1.6), the above identification identifies
(18.3.4) with
OLw1 ⊕ · · · ⊕ OLwg ,
for almost all v. Thus the left hand side of (18.3.3) is the restricted product of
the Lw1 ⊕ · · · ⊕ Lwg with respect to the OLw1 ⊕ · · · ⊕ OLwg . But this is canonically
isomorphic to the restricted product of all completions Lw with respect to Ow , which
is the right hand side of (18.3.3). This establishes an isomorphism between the two
sides of (18.3.3) as topological spaces. The map is also a ring homomorphism, so
the two sides are algebraically isomorphic, as claimed.

Corollary 18.3.4. Let A+ K denote the topological group obtained from the additive
structure on AK . Suppose L is a finite seperable extension of K. Then

A+ + +
L = AK ⊕ · · · ⊕ AK , ([L : K] summands).

In this isomorphism the additive group L+ ⊂ A+

L of the principal adeles is mapped
isomorphically onto K + ⊕ · · · ⊕ K + .
202 CHAPTER 18. GLOBAL FIELDS AND ADELES

Proof. For any nonzero ω ∈ L, the subgroup ω · A+ +

K of AL is isomorphic as a topo-
logical group to A+
K (the isomorphism is multiplication by 1/ω). By Lemma 18.3.3,
we have isomorphisms

A+ + ∼ + + ∼ + +
L = AK ⊗K L = ω1 · AK ⊕ · · · ⊕ ωn · AK = AK ⊕ · · · ⊕ AK .
P
If a ∈ L, write a = bi ωi , with bi ∈ K. Then a maps via the above map to

x = (ω1 · {b1 }, . . . , ωn · {bn }),

where {bi } denotes the principal adele defined by bi . Under the final map, x maps
to the tuple
(b1 , . . . , bn ) ∈ K ⊕ · · · ⊕ K ⊂ A+ +
K ⊕ · · · ⊕ AK .
The dimensions of L and of K ⊕ · · · ⊕ K over K are the same, so this proves the
final claim of the corollary.

Theorem 18.3.5. The global field K is discrete in AK and the quotient A+

K /K
+

of additive groups is compact in the quotient topology.

At this point Cassels remarks
“It is impossible to conceive of any other uniquely defined topology on
K. This metamathematical reason is more persuasive than the argument
that follows!”
Proof. Corollary 18.3.4, with K for L and Q or F(t) for K, shows that it is enough
to verify the theorem for Q or F(t), and we shall do it here for Q.
To show that Q+ is discrete in A+ Q it is enough, because of the group structure,
to find an open set U that contains 0 ∈ A+ Q , but which contains no other elements
of Q+ . (If α ∈ Q+ , then U + α is an open subset of A+ Q whose intersection with Q
+

is {α}.) We take for U the set of x = {xv }v ∈ A+ Q with

|x∞ |∞ < 1 and |xp |p ≤ 1 (all p),

where | · |p and | · |∞ are respectively the p-adic and the usual archimedean absolute
values on Q. If b ∈ Q ∩ U , then in the first place b ∈ Z because |b|p ≤ 1 for all
p, and then b = 0 because |b|∞ < 1. This proves that K + is discrete in A+ Q . (If
we leave out one valuation, as we will see later (Theorem 18.4.4), this theorem is
false—what goes wrong with the proof just given?)
Next we prove that the quotient A+ + +
Q /Q is compact. Let W ⊂ AQ consist of
+
the x = {xv }v ∈ AQ with

1
|x∞ |∞ ≤ and |xp |p ≤ 1 for all primes p.
2
We show that every adele y = {yv }v is of the form

y = a + x, a ∈ Q, x ∈ W,
18.3. THE ADELE RING 203

which will imply that the compact set W maps surjectively onto A+ +
Q /Q . Fix an
adele y = {yv } ∈ A+
Q . Since y is an adele, for each prime p we can find a rational
number
zp
rp = np with zp ∈ Z and np ∈ Z≥0
p
such that
|yp − rp |p ≤ 1,
and
rp = 0 almost all p.
More precisely, for the finitely many p such that
X
yp = an pn 6∈ Zp ,
n≥−|s|

choose rp to be a rational number that is the value of an appropriate truncation P of

the p-adic expansion of yp , and when yp ∈ Zp just choose rp = 0. Hence r = p rp ∈
Q is well defined. The rq for q 6= p do not mess up the inequality |yp − r|p ≤ 1
since the valuation | · |p is non-archimedean and the rq do not have any p in their
denominator:
     
 X  X 
   
|yp − r|p = yp − rp − rq  ≤ max |yp − rp |p ,  rq   ≤ max(1, 1) = 1.
 q6=p   q6=p 
p p

Now choose s ∈ Z such that

1
|b∞ − r − s| ≤ .
2
Then a = r + s and x = y − a do what is required, since y − a = y − r − s has the
desired property (since s ∈ Z and the p-adic valuations are non-archimedean).
Hence the continuous map W → A+ +
Q /Q induced by the quotient map AQ →
+

A+Q /Q
+ is surjective. But W is compact (being the topological product of the

compact spaces |x∞ |∞ ≤ 1/2 and the Zp for all p), hence A+ +
Q /Q is also compact.

Corollary 18.3.6. There is a subset W of AK defined by inequalities of the type

|xv |v ≤ δv , where δv = 1 for almost all v, such that every y ∈ AK can be put in the
form
y = a + x, a ∈ K, x ∈ W,
i.e., AK = K + W .

Proof. We constructed such a set for K = Q when proving Theorem 18.3.5. For
general K the W coming from the proof determines compenent-wise a subset of
A+ ∼ + +
K = AQ ⊕ · · · ⊕ AQ that is a subset of a set with the properties claimed by the
corollary.
204 CHAPTER 18. GLOBAL FIELDS AND ADELES

As already remarked, A+ K is a locally compact group, so it has an invariant

Haar measure. In fact one choice of this Haar measure is the product of the Haar
measures on the Kv , in the sense of Definition 18.2.5.

Corollary 18.3.7. The quotient A+ +

K /K has finite measure in the quotient measure
+
induced by the Haar measure on AK .

Remark 18.3.8. This statement is independent of the particular choice of the multi-
plicative constant in the Haar measure on A+
K . We do not here go into the question
+ +
of finding the measure AK /K in terms of our explicitly given Haar measure. (See
Tate’s thesis, [Cp86, Chapter XV].)

Proof. This can be reduced similarly to the case of Q or F(t) which is immediate,
e.g., the W defined above has measure 1 for our Haar measure.
Alternatively, finite measure follows from compactness. To see this, cover AK /K +
with the translates of U , where U is a nonempty open set with finite measure. The
existence of a finite subcover implies finite measure.
Q
Remark 18.3.9. We give an alternative proof of the product formula |a|v = 1
for nonzero a ∈ K. We have seen that if xv ∈ Kv , then multiplication by xv
magnifies the Haar measure in Kv+ by a factor of |xv |v . Hence ifQx = {xv } ∈ AK ,
then multiplication by x magnifies the Haar measure in A+ K by |xv |v . But now
multiplication by a ∈ K takes K + ⊂ A+ K into K + , so gives a well-defined bijection
+ + onto A+ /K + which magnifies the measure by the factor
Q
of
Q KA /K K |a|v . Hence
+ +
|a|Q
v = 1 Corollary 18.3.7. (The point is that if µ Qis the measure of A K /K , then
µ = |a|v · µ, so because µ is finite we must have |a|v = 1.)

18.4 Strong Approximation

We first prove a technical lemma and corollary, then use them to deduce the strong
approximation theorem, which is an extreme generalization of the Chinese Remain-
der Theorem; it asserts that K + is dense in the analogue of the adeles with one
valuation removed.
The proof of Lemma 18.4.1 below will use in a crucial way the normalized Haar
measure on AK and the induced measure on the compact quotient A+ +
K /K . Since
I am not formally developing Haar measure on locally compact groups, and since I
didn’t explain induced measures on quotients well in the last chapter, hopefully the
following discussion will help clarify what is going on.
The real numbers R+ under addition is a locally compact topological group.
Normalized Haar measure µ has the property that µ([a, b]) = b − a, where a ≤ b
are real numbers and [a, b] is the closed interval from a to b. The subset Z+ of R+
is discrete, and the quotient S 1 = R+ /Z+ is a compact topological group, which
thus has a Haar measure. Let µ be the Haar measure on S 1 normalized so that the
natural quotient π : R+ → S 1 preserves the measure, in the sense that if X ⊂ R+
is a measurable set that maps injectively into S 1 , then µ(X) = µ(π(X)). This
18.4. STRONG APPROXIMATION 205

determine µ and we have µ(S 1 ) = 1 since X = [0, 1) is a measurable set that maps
bijectively onto S 1 and has measure 1. The situation for the map AK → AK /K +
is pretty much the same.
Lemma 18.4.1. There is a constant C > 0 that depends only on the global field K
with the following property:
Whenever x = {xv }v ∈ AK is such that
Y
|xv |v > C, (18.4.1)
v

then there is a nonzero principal adele a ∈ K ⊂ AK such that

|a|v ≤ |xv |v for all v.
Proof. This proof is modelled on Blichfeldt’s proof of Minkowski’s Theorem in the
Geometry of Numbers, and works in quite general circumstances.
First we show that (18.4.1) implies that |xv |v = 1 for almost all v. Because x is
an adele, we have |xv |v ≤ 1 for almost all v. If |xv |v < 1 for infinitely many v, then
the product in (18.4.1) would have to be 0. (We prove this only when K is a finite
extension of Q.) Excluding archimedean valuations, this is because the normalized
valuation |xv |v = |Norm(xv )|p , which if less than 1 is necessarily ≤ 1/p. Any infinite
product of numbers 1/pi must be 0, whenever pi is a sequence of primes.
Let c0 be the Haar measure of A+ +
K /K induced from normalized Haar measure
on A+ +
K , and let c1 be the Haar measure of the set of y = {yv }v ∈ AK that satisfy

1
|yv |v ≤ if v is real archimedean,
2
1
|yv |v ≤ if v is complex archimedean,
2
|yv |v ≤ 1 if v is non-archimedean.
(As we will see, any positive real number ≤ 1/2 would suffice in the definition of
c1 above. For example, in Cassels’s article he uses the mysterious 1/10. He also
doesn’t discuss the subtleties of the complex archimedean case separately.)
Then 0 < c0 < ∞ since AK /K + is compact, and 0 < c1 < ∞ because the
number of archimedean valuations v is finite. We show that
c0
C=
c1
will do. Thus suppose x is as in (18.4.1).
The set T of t = {tv }v ∈ A+
K such that

1
|tv |v ≤ |xv |v if v is real archimedean,
2
1
q
|tv |v ≤ |xv |v if v is complex archimedean,
2
|tv |v ≤ |xv |v if v is non-archimedean
206 CHAPTER 18. GLOBAL FIELDS AND ADELES

has measure Y
c1 · |xv |v > c1 · C = c0 . (18.4.2)
v

(Note: If there are complex valuations, then the some of the |xv |v ’s in the product
must be squared.)
Because of (18.4.2), in the quotient map A+ + +
K → AK /K there must be a pair of
+ +
distinct points of T that have the same image in AK /K , say

t0 = {t0v }v ∈ T and t00 = {t00v }v ∈ T

and
a = t0 − t00 ∈ K +
is nonzero. Then
(
|t0v | + |t00v | ≤ 2 · 21 |xv |v ≤ |xv |v if v is real archimedean, or
|a|v = t0v − t00v v ≤
 
max(|t0v | , |t00v |) ≤ |xv |v if v is non-archimedean,

for all v. In the case of complex archimedean v, we must be careful because the
normalized valuation | · |v is the square of the usual archimedean complex valuation
| · |∞ on C, so e.g., it does not satisfy the triangle inequality. In particular, the
quantity |t0v − t00v |v is at most the square of the maximum distance between two
1
p
points in the disc in C of radius 2 |xv |v , where by distance we mean the usual
distance. This maximum distance in such a disc is at most |xv |v , so |t0v − t00v |v is
p

at most |xv |v , as required. Thus a satisfies the requirements of the lemma.

Corollary 18.4.2. Let v0 be a normalized valuation and let δv > 0 be given for all
v 6= v0 with δv = 1 for almost all v. Then there is a nonzero a ∈ K with

|a|v ≤ δv (all v 6= v0 ).

Proof. This is just a degenerate case of Lemma 18.4.1. Choose xv ∈ Kv with

0 < |xv |v ≤ δv and |xv |v = 1 if δv = 1. We can then choose xv0 ∈ Kv0 so that
Y
|xv |v > C.
all v including v0

Then Lemma 18.4.1 does what is required.

Remark 18.4.3. The character group of the locally compact group A+K is isomorphic
+ +
to AK and K plays a special role. See Chapter XV of [Cp86], Lang’s [Lan64],
Weil’s [Wei82], and Godement’s Bourbaki seminars 171 and 176. This duality lies
behind the functional equation of ζ and L-functions. Iwasawa has shown [Iwa53]
that the rings of adeles are characterized by certain general topologico-algebraic
properties.
We proved before that K is discrete in AK . If one valuation is removed, the
situation is much different.
18.4. STRONG APPROXIMATION 207

Theorem 18.4.4 (Strong Approximation). Let v0 be any normalized nontrivial

valuation of the global field K. Let AK,v0 be the restricted topological product of the
Kv with respect to the Ov , where v runs through all normalized valuations v 6= v0 .
Then K is dense in AK,v0 .

Proof. This proof was suggested by Prof. Kneser at the Cassels-Frohlich conference.
Recall that if x = {xv }v ∈ AK,v0 then a basis of open sets about x is the
collection of products Y Y
B(xv , εv ) × Ov ,
v∈S v6∈S, v6=v0

where B(xv , εv ) is an open ball in Kv about xv , and S runs through finite sets of
normalized valuations (not including v0 ). Thus denseness of K in AK,v0 is equivalent
to the following statement about elements. Suppose we are given (i) a finite set S
of valuations v 6= v0 , (ii) elements xv ∈ Kv for all v ∈ S, and (iii) an ε > 0. Then
there is an element b ∈ K such that |b − xv |v < ε for all v ∈ S and |b|v ≤ 1 for all
v 6∈ S with v 6= v0 .
By the corollary to our proof that A+ +
K /K is compact (Corollary 18.3.6), there
is a W ⊂ AK that is defined by inequalities of the form |yv |v ≤ δv (where δv = 1 for
almost all v) such that ever z ∈ AK is of the form

z = y + c, y ∈ W, c ∈ K. (18.4.3)

By Corollary 18.4.2, there is a nonzero a ∈ K such that

1
|a|v < ·ε for v ∈ S,
δv
1
|a|v ≤ for v 6∈ S, v 6= v0 .
δv
1
Hence on putting z = a · x in (18.4.3) and multiplying by a, we see that every
x ∈ AK is of the shape

x = w + b, w ∈ a · W, b ∈ K,

where a · W is the set of ay for y ∈ W . If now we let x have components the given
xv at v ∈ S, and (say) 0 elsewhere, then b = x − w has the properties required.

Remark 18.4.5. The proof gives a quantitative form of the theorem (i.e., with a
bound for |b|v0 ). For an alternative approach, see [Mah64].
In the next chapter we’ll introduce the ideles A∗K . Finally, we’ll relate ideles to
ideals, and use everything so far to give a new interpretation of class groups and
their finiteness.
208 CHAPTER 18. GLOBAL FIELDS AND ADELES
Chapter 19

Ideles and Ideals

In this chapter, we introduce the ideles IK , and relate ideles to ideals, and use what
we’ve done so far to give an alternative interpretation of class groups and their
finiteness, thus linking the adelic point of view with the classical point of view of
the first part of this course.

19.1 The Idele Group

The invertible elements of any commutative topological ring R are a group R∗ under
multiplication. In general R∗ is not a topological group if it is endowed with the
subset topology because inversion need not be continuous (only multiplication and
addition on R are required to be continuous). It is usual therefore to give R∗ the
following topology. There is an injection
 
1
x 7→ x, (19.1.1)
x
of R∗ into the topological product R × R. We give R∗ the corresponding subset
topology. Then R∗ with this topology is a topological group and the inclusion map
R∗ ,→ R is continous. To see continuity of inclusion, note that this topology is finer
(has at least as many open sets) than the subset topology induced by R∗ ⊂ R, since
the projection maps R × R → R are continuous.
Example 19.1.1. This is a “non-example”. The inverse map on Z∗p is continuous
with respect to the p-adic topology. If a, b ∈ Z∗p , then |a| = |b| = 1, so if |a − b| < ε,
then    
 1 1   b − a  |b − a| ε
 − =
 a b   ab  = |ab| < 1 = ε.


Definition 19.1.2 (Idele Group). The idele group IK of K is the group A∗K of
invertible elements of the adele ring AK .

We shall usually speak of IK as a subset of AK , and will have to distinguish

between the IK and AK -topologies.

209
210 CHAPTER 19. IDELES AND IDEALS

Example 19.1.3. For a rational prime p, let xp ∈ AQ be the adele whose pth compo-
nent is p and whose vth component, for v 6= p, is 1. Then xp → 1 as p → ∞ in AQ ,
for the following reason. We must show that if U is a basic open set that contains
the adele 1 = {1}v , the xp for all sufficiently large p are contained in U . Since U
contains 1 and is a basic open set, it is of the form
Y Y
Uv × Zv ,
v∈S v6∈S

where S if a finite set, and the Uv , for v ∈ S, are arbitrary open subsets of Qv that
contain 1. If q is a prime larger than any prime in S, then xp for p ≥ q, is in U . This
proves convergence. If the inverse map were continuous on IK , then the sequence
of x−1
p would converge to 1
−1 = 1. However, if U is an open set as above about 1,

then for sufficiently large p, none of the adeles xp are contained in U .

Lemma 19.1.4. The group of ideles IK is the restricted topological project of the
Kv∗ with respect to the units Uv = Ov∗ ⊂ Kv , with the restricted product topology.
We omit the proof of Lemma 19.1.4, which is a matter of thinking carefully
about the definitions. The main point is that inversion is continuous on Ov∗ for
each v. (See Example 19.1.1.)
We have seen that K is naturally embedded in AK , so K ∗ is naturally embedded
in IK .
Definition 19.1.5 (Principal Ideles). We call K ∗ , considered as a subgroup of IK ,
the principal ideles.
Lemma 19.1.6. The principal ideles K ∗ are discrete as a subgroup of IK .
Proof. For K is discrete in AK , so K ∗ is embedded in AK × AK by (19.1.1) as
a discrete subset. (Alternatively, the subgroup topology on IK is finer than the
topology coming from IK being a subset of AK , and K is already discrete in AK .)

Definition 19.1.7 (Content of an Idele). The content of x = {xv }v ∈ IK is

Y
c(x) = |xv |v ∈ R>0 .
all v

Lemma 19.1.8. The map x → c(x) is a continuous homomorphism of the topolog-

ical group IK into R>0 , where we view R>0 as a topological group under multiplica-
tion. If K is a number field, then c is surjective.
Proof. That the content map c satisfies the axioms of a homomorphisms follows
from the multiplicative nature of the defining formula for c. For continuity, suppose
(a, b) is an open interval in R>0 . Suppose x ∈ IK is such that c(x) ∈ (a, b). By
considering small intervals about each non-unit component of x, we find an open
neighborhood U ⊂ IK of x such that c(U ) ⊂ (a, b). It follows the c−1 ((a, b)) is open.
For surjectivity, use that each archimedean valuation is surjective, and choose
an idele that is 1 at all but one archimedean valuation.
19.1. THE IDELE GROUP 211

Remark 19.1.9. Note also that the IK -topology is that appropriate to a group of
operators on A+ +
K : a basis of open sets is the S(C, U ), where C, U ⊂ AK are, re-
spectively, AK -compact and AK -open, and S consists of the x ∈ IJ such that
(1 − x)C ⊂ U and (1 − x−1 )C ⊂ U .

Definition 19.1.10 (1-Ideles). The subgroup I1K of 1-ideles is the subgroup of

ideles x = {xv } such that c(x) = 1. Thus I1K is the kernel of c, so we have an exact
sequence
c
1 → I1K → IK →− R>0 → 1,

where the surjectivity on the right is only if K is a number field.

Lemma 19.1.11. The subset I1K of AK is closed as a subset, and the AK -subset
topology on I1K coincides with the IK -subset topology on I1K .

Proof. Let x ∈ AK with x 6∈ I1K . To prove that I1K is closed in AK , we find an

AK -neighborhood W of x that does not meet I1K .
Q
1st Case. Suppose that v |xv |v < 1 (possibly = 0). Then there is a finite set S
of v such that

1. S contains all the v with |xv |v > 1, and

Q
2. v∈S |xv |v < 1.

Then the set W can be defined by

|wv − xv |v < ε v∈S

|wv |v ≤ 1 v 6∈ S

for sufficiently small ε.

Q
2nd Case. Suppose that C := v |xv |v > 1. Then there is a finite set S of v
such that

1. S contains all the v with |xv |v > 1, and

1
2. if v 6∈ S an inequality |wv |v < 1 implies |wv |v < 2C . (This is because for a non-
archimedean valuation, the largest absolute value less than 1 is 1/p, where p
is the residue characteristic. Also, the upper bound in Cassels’s article is 12 C
1
instead of 2C , but I think he got it wrong.)
Q
We can choose ε so small that |wv − xv |v < ε (for v ∈ S) implies 1 < v∈S |wv |v <
2C. Then W may be defined by

|wv − xv |v < ε v∈S

|wv |v ≤ 1 v 6∈ S.
212 CHAPTER 19. IDELES AND IDEALS

This works because if w ∈ W , then either |wv |v = 1 for all v 6∈ S, in which case
1 < c(w) < 2c, so w 6∈ I1K , or |wv0 |v0 < 1 for some v0 6∈ S, in which case
!
Y 1
c(w) = |wv |v · |wv0 | · · · < 2C · · · · < 1,
2C
v∈S

so again w 6∈ I1K .
We next show that the IK - and AK -topologies on I1K are the same. If x ∈ I1K ,
we must show that every AK -neighborhood of x contains an AK -neighborhood and
vice-versa.
Let W ⊂ I1K be an AK -neighborhood of x. Then it contains an AK -neighborhood
of the type

|wv − xv |v < ε v∈S (19.1.2)

|wv |v ≤ 1 v 6∈ S (19.1.3)

where S is a finite set of valuations v. This contains the IK -neighborhood in which

≤ in (19.1.2) is replaced by =.
Next let H ⊂ I1K be an IK -neighborhood. Then it contains an IK -neighborhood
of the form

|wv − xv |v < ε v∈S (19.1.4)

|wv |v = 1 v 6∈ S, (19.1.5)

where the finite set S containsQat least all archimedean valuations v and all valua-
tions v with |xv |v 6= 1. Since |xv |v = 1, we may also suppose that ε is so small
that (19.1.4) implies Y
|wv |v < 2.
v

Then the intersection of (19.1.4) with I1K is the same as that of (19.1.2) with I1K ,
i.e., (19.1.4) defines an AK -neighborhood.

By the product formula we have that K ∗ ⊂ I1K . The following result is of vital
importance in class field theory.

Theorem 19.1.12. The quotient I1K /K ∗ with the quotient topology is compact.

Proof. After the preceeding lemma, it is enough to find an AK -compact set W ⊂ AK

such that the map
W ∩ I1K → I1K /K ∗
is surjective. We take for W the set of w = {wv }v with

|wv |v ≤ |xv |v ,

where x = {xv }v is any idele of content greater than the C of Lemma 18.4.1.
19.2. IDEALS AND DIVISORS 213

Let y = {yv }v ∈ I1K . Then the content of x/y equals the content of x, so by
Lemma 18.4.1 there is an a ∈ K ∗ such that
 
 xv 
|a|v ≤   all v.
yv v

Then ay ∈ W , as required.

Remark 19.1.13. The quotient I1K /K ∗ is totally disconnected in the function field
case. For the structure of its connected component in the number field case, see
papers of Artin and Weil in the “Proceedings of the Tokyo Symposium on Algebraic
Number Theory, 1955” (Science Council of Japan) or [AT90]. The determination
of the character group of IK /K ∗ is global class field theory.

19.2 Ideals and Divisors

Suppose that K is a finite extension of Q. Let FK be the the free abelian group on
a set of symbols in bijection with the non-archimedean valuation v of K. Thus an
element of FK is a formal linear combination
X
nv · v
v non arch.

where nv ∈ Z and all but finitely many nv are 0.

Lemma 19.2.1. There is a natural bijection between FK and the group of nonzero
fractional ideals of OK . The correspondence is induced by

v 7→ ℘v = {x ∈ OK : v(x) < 1},

where v is a non-archimedean valuation.

Endow FK with the discrete topology. Then there is a natural continuous map
π : IK → FK given by X
x = {xv }v 7→ ordv (xv ) · v.
v

This map is continuous since the inverse image of a valuation v (a point) is the
product Y Y
π −1 (v) = πOv∗ × Kw∗ × Ow∗
,
w archimedean w6=v non-arch.

which is an open set in the restricted product topology on IK . Moreover, the image
of K ∗ in FK is the group of nonzero principal fractional ideals.
Recall that the class group CK of the number field K is by definition the quotient
of FK by the image of K ∗ .

Theorem 19.2.2. The class group CK of a number field K is finite.

214 CHAPTER 19. IDELES AND IDEALS

Proof. We first prove that the map I1K → FK is surjective. Let ∞ be an archimedean
valuation on K. If v is a non-archimedean valuation, let x ∈ I1K be a 1-idele such that
xw = 1 at ever valuation w except v and ∞. At v, choose xv = π to be a generator
Q ideal of Ov , and choose x∞ to be such that |x∞ |∞ = 1/ |xv |v . Then
for the maximal
x ∈ IK and w |xw |w = 1, so x ∈ I1K . Also x maps to v ∈ FK .
Thus the group of ideal classes is the continuous image of the compact group
IK /K ∗ (see Theorem 19.1.12), hence compact. But a compact discrete group is
1

finite.

19.2.1 The Function Field Case

When K is a finite separable extension of F(t), we define the divisor group DK
of K to be the free abelian group on all the valuations v. For each v the number
of elements of the residue class field Fv = Ov /℘v of v is a power, say q nv ,Pof the
number q of elements in Fv . WePcall nv the degree of v, and similarly define nv dv
to be the degree of the divisor nv · v. The divisors of degree 0 form a group DK 0 .

As before, the principal divisor attached to a ∈ K ∗ is

P
ordv (a) · v ∈ DK . The
following theorem is proved in the same way as Theorem 19.2.2.
0 modulo the principal divisors is a finite
Theorem 19.2.3. The quotient of DK
group.

19.2.2 Jacobians of Curves

For those familiar with algebraic geometry and algebraic curves, one can prove
Theorem 19.2.3 from an alternative point of view. There is a bijection between
nonsingular geometrically irreducible projective curves over F and function fields K
over F (which we assume are finite separable extensions of F(t) such that F∩K = F).
Let X be the curve corresponding to K. The group DK 0 is in bijection with the

divisors of degree 0 on X, a group typically denoted Div0 (X). The quotient of

Div0 (X) by principal divisors is denoted Pic0 (X). The Jacobian of X is an abelian
variety J = Jac(X) over the finite field F whose dimension is equal to the genus
of X. Moreover, assuming X has an F-rational point, the elements of Pic0 (X)
are in natural bijection with the F-rational points on J. In particular, with these
hypothesis, the class group of K, which is isomorphic to Pic0 (X), is in bijection
with the group of F-rational points on an algebraic variety over a finite field. This
gives an alternative more complicated proof of finiteness of the degree 0 class group
of a function field.
Without the degree 0 condition, the divisor class group won’t be finite. It is an
extension of Z by a finite group.
deg
0 → Pic0 (X) → Pic(X) −−→ nZ → 0,

where n is the greatest common divisor of the degrees of elements of Pic(X), which
is 1 when X has a rational point.
Chapter 20

Exercises

1. Which of the following rings have infinitely many prime ideals?

(a) The integers Z.

(b) The ring Z[x] of polynomials over Z.
(c) The quotient ring C[x]/(x2005 − 1).
(d) The ring (Z/6Z)[x] of polynomials over the ring Z/6Z.
(e) The quotient ring Z/nZ, for a fixed positive integer n.
(f) The rational numbers Q.
(g) The polynomial ring Q[x, y, z] in three variables.

2. Prove that every finite integral domain is a field.

3. (a) Give an example of two ideals I, J in a commutative ring R whose product

is not equal to the set {ab : a ∈ I, b ∈ J}.
(b) Suppose R is a principal ideal domain. Is it always the case that

IJ = {ab : a ∈ I, b ∈ J}

for all ideals I, J in R?

4. Is the set Z[ 12 ] of rational numbers with denominator a power of 2 a fractional

ideal?

5. Suppose you had the choice of the following two jobs1 :

Job 1 Starting with an annual salary of $1000, and a $200 increase every year.
Job 2 Starting with a semiannual salary of $500, and an increase of $50 every
6 months.
1
From The Education of T.C. MITS (1942).

215
216 CHAPTER 20. EXERCISES

In all other respects, the two jobs are exactly alike. Which is the better offer
(after the first year)? Write a Sage program that creates a table showing how
much money you will receive at the end of each year for each job. (Of course
you could easily do this by hand – the point is to get familiar with Sage.)

6. Let OK be the ring of integers of a number field. Let FK denote the abelian
group of fractional ideals of OK .

(a) Prove that FK is torsion free.

(b) Prove that FK is not finitely generated.
(c) Prove that FK is countable.
(d) Conclude that if K and L are number fields, then there exists some
(non-canonical) isomorphism of groups FK ≈ FL .

7. In this problem, you will give an example to√illustrate the failure of unique
factorization in the ring OK of integers of Q( −6).

(a) Give an element α ∈ OK that factors in two distinct ways into irreducible
elements.
(b) Observe explicitly that the (α) factors uniquely, i.e., the two distinct
factorization in the previous part of this problem do not lead to two
distinct factorization of the ideal (α) into prime ideals.
√
8. Factor the ideal (10) as a product of primes in the ring of integers of Q( 11).
You’re allowed to use a computer, as long as you show the commands you use.

9. Let OK be the ring of integers of a number field K, and let p ∈ Z be a prime

number. What is the cardinality of OK /(p) in terms of p and [K : Q], where
(p) is the ideal of OK generated by p?

10. Give an example of each of the following, with proof:

(a) A non-principal ideal in a ring.

(b) A module that is not finitely generated.
(c) The ring of integers of a number field of degree 3.
(d) An order in the ring of integers of a number field of degree 5.
(e) The matrix on K of left multiplication by an element of K, where K is
a degree 3 number field.
(f) An integral domain that is not integrally closed in its field of fractions.
(g) A Dedekind domain with finite cardinality.
(h) A fractional ideal of the ring of integers of a number field that is not an
integral ideal.

11. Let ϕ : R → S be a homomorphism of (commutative) rings.

 217

(a) Prove that if I ⊂ S is an ideal, then ϕ−1 (I) is an ideal of R.

(b) Prove moreover that if I is prime, then ϕ−1 (I) is also prime.

12. Let OK be the ring of integers of a number field. The Zariski topology on the
set X = Spec(OK ) of all prime ideals of OK has closed sets the sets of the
form
V (I) = {p ∈ X : p | I},
where I varies through all ideals of OK , and p | I means that I ⊂ p.

(a) Prove that the collection of closed sets of the form V (I) is a topology on
X.
(b) Let Y be the subset of nonzero prime ideals of OK , with the induced
topology. Use unique factorization of ideals to prove that the closed
subsets of Y are exactly the finite subsets of Y along with the set Y .
(c) Prove that the conclusion of (a) is still true if OK is replaced by an order
in OK , i.e., a subring that has finite index in OK as a Z-module.

13. Explicitly factor

√ the ideals generated by each of 2, 3, and 5 in the ring of
integers of Q( 3 2). (Thus you’ll factor 3 separate ideals √
as products
√ of prime
ideals.) You may assume that the ring of integers of Q( 3 2) is Z[ 3 2], but do
not simply use a computer command to do the factorizations.

14. Let K = Q(ζ13 ),where ζ13 is a primitive 13th root of unity. Note that K has
ring of integers OK = Z[ζ13 ].

(a) Factor 2, 3, 5, 7, 11, and 13 in the ring of integers OK . You may use a
computer.
(b) For p 6= 13, find a conjectural relationship between the number of prime
ideal factors of pOK and the order of the reduction of p in (Z/13Z)∗ .
(c) Compute the minimal polynomial f (x) ∈ Z[x] of ζ13 . Reinterpret your
conjecture as a conjecture that relates the degrees of the irreducible fac-
tors of f (x) (mod p) to the order of p modulo 13. Does your conjecture
remind you of quadratic reciprocity?

15. (a) Find by hand √and with proof the ring of integers of each of the following
two fields: Q( 5), Q(i).
(b) Find the ring of integers of Q(a), where a5 +7a+1 = 0 using a computer.

16. Let p be a prime. Let OK be the ring of integers of a number field K, and
suppose a ∈ OK is such that [OK : Z[a]] is finite and coprime to p. Let f (x)
be the minimal polynomial of a. We proved in class that if the reduction
f ∈ Fp [x] of f factors as
Y e
f= gi i ,
218 CHAPTER 20. EXERCISES

where the gi are distinct irreducible polynomials in Fp [x], then the primes
appearing in the factorization of pOK are the ideals (p, gi (a)). In class, we
did not prove that the exponents of these primes in the factorization of pOK
are the ei . Prove this.

17. Let a1 = 1 + i, a2 = 3 + 2i, and a3 = 3 + 4i as elements of Z[i].

(a) Prove that the ideals I1 = (a1 ), I2 = (a2 ), and I3 = (a3 ) are coprime in
pairs.
(b) Compute #Z[i]/(I1 I2 I3 ).
(c) Find a single element in Z[i] that is congruent to n modulo In , for each
n ≤ 3.

18. Find an example of a field K of degree at least 4 such that the ring OK of
integers of K is not of the form Z[a] for any a ∈ OK .

19. Let p be a prime ideal of OK , and suppose that OK /p is a finite field of

characteristic p ∈ Z. Prove that there is an element α ∈ OK such that
p = (p, α). This justifies why we can represent prime ideals of OK as pairs
(p, α), as is done in Sage. (More generally, if I is an ideal of OK , we can
choose one of the elements of I to be any nonzero element of I.)

20. (*) Give an example of an order O in the ring of integers of a number field
and an ideal I such that I cannot be generated by 2 elements as an ideal.
Does the Chinese Remainder Theorem hold in O? [The (*) means that this
problem is more difficult than usual.]

21. For each of the following three fields, determining if there is an order of dis-
criminant 20 contained in its ring of integers:
√ √
3
K = Q( 5), K = Q( 2), and . . .

K any extension of Q of degree 2005. [Hint: for the last one, apply the exact
form of our theorem about finiteness of class groups to the unit ideal to show
that the discriminant of a degree 2005 field must be large.]

22. Prove that the quantity
Cr,s in our theorem about finiteness of the class group
s
can be taken to be π4 nn!n , as follows (adapted from [SD01, pg. 19]): Let S
be the set of elements (x1 , . . . , xn ) ∈ Rn such that
r+s q
X
|x1 | + · · · |xr | + 2 x2v + x2v+s ≤ 1.
v=r+1

(a) Prove that S is convex and that M = n−n , where

M = max{|x1 · · · xr ·(x2r+1 +x2(r+1)+s ) · · · (x2r+s +x2n )| : (x1 , . . . , xn ) ∈ S}.

 219

[Hint: For convexity, use the triangle inequality and that for 0 ≤ λ ≤ 1,
we have
q q
λ x21 + y12 + (1 − λ) x22 + y22
p
≥ (λx1 + (1 − λ)x2 )2 + (λy1 + (1 − λ)y2 )2

for 0 ≤ λ ≤ 1. In polar coordinates this last inequality is

q
λr1 + (1 − λ)r2 ≥ λ2 r12 + 2λ(1 − λ)r1 r2 cos(θ1 − θ2 ) + (1 − λ)2 r22 ,

which is trivial. That M ≤ n−n follows from the inequality between the
arithmetic and geometric means.
(b) Transforming pairs xv , xv+s from Cartesian to polar coordinates, show
also that v = 2r (2π)s Dr,s (1), where
Z Z
D`,m (t) = · · · y1 · · · ym dx1 · · · dx` dy1 · · · dym
R`,m (t)

and R`,m (t) is given by xρ ≥ 0 (1 ≤ ρ ≤ `), yρ ≥ 0 (1 ≤ ρ ≤ m) and

x1 + · · · + x` + 2(y1 + · · · + ym ) ≤ t.

(c) Prove that

Z t Z t/2
D`,m (t) = D`−1,m (t − x)dx = D`,m−1 (t − 2y)ydy
0 0

and deduce by induction that

4−m t`+2m
D`,m (t) =
(` + 2m)!

23. Let K vary through all number fields. What torsion subgroups (UK )tor actu-
ally occur?

24. If UK ≈ Zn × (UK )tor , we say that UK has rank n. Let K vary through all
number fields. What ranks actually occur?

25. Let K vary through all number fields such that the group UK of units of K is
a finite group. What finite groups UK actually occur?

26. Let K = Q(ζ5 ).

(a) Show that r = 0 and s = 2.

(b) Find explicit generators for the group of units UK .
220 CHAPTER 20. EXERCISES

(c) Draw an illustration of the log map ϕ : UK → R2 , including the hyper-

plane x1 + x2 = 0 and the lattice in the hyperplane spanned by the image
of UK .

27. Let K be a number field. Prove that p | dK if and only if p ramifies in K.

(Note: This fact is proved in many books.)

28. (a) Give an example of a finite nontrivial Galois extension K of Q and a

prime ideal p such that Dp = Gal(K/Q).
(b) Give an example of a finite nontrivial Galois extension K of Q and a
prime ideal p such that Dp has order 1.
(c) Give an example of a finite Galois extension K of Q and a prime ideal p
such that Dp is not a normal subgroup of Gal(K/Q).
(d) Give an example of a finite Galois extension K of Q and a prime ideal p
such that Ip is not a normal subgroup of Gal(K/Q).

29. Let S3 by the symmetric group on three symbols, which has order 6.

(a) Observe that S3 ∼= D3 , where D3 is the dihedral group of order 6, which

is the group of symmetries of an equilateral triangle.
(b) Use (29a) to write down an explicit embedding S3 ,→ GL2 (C).
√
(c) Let K be the number field Q( 3 2, ω), where ω 3 = 1 is a nontrivial cube
root of unity. Show that K is a Galois extension with Galois group
isomorphic to S3 .
(d) We thus obtain a 2-dimensional irreducible complex Galois representation

ρ : Gal(Q/Q) → Gal(K/Q) ∼
= S3 ⊂ GL2 (C).

Compute a representative matrix of Frobp and the characteristic polyno-

mial of Frobp for p = 5, 7, 11, 13.

30. Look up the Riemann-Roch theorem in a book on algebraic curves.

(a) Write it down in your own words.

(b) Let E be an elliptic curve over a field K. Use the Riemann-Roch theorem
to deduce that the natural map

E(K) → Pic0 (E/K)

is an isomorphism.

31. Suppose G is a finite group and A is a finite G-module. Prove that for any q,
the group Hq (G, A) is a torsion abelian group of exponent dividing the order
#A of A.
 221
√
32. Let K = Q( 5) and let A = UK be the group of units of K, which is a module
over the group G = Gal(K/Q). Compute the cohomology groups H0 (G, A)
and H1 (G, A). (You shouldn’t use a computer, except maybe to determine
UK .)
√ √
33. Let K = Q( −23) and let C be the class group of Q( −23), which is a module
over the Galois group G = Gal(K/Q). Determine H0 (G, C) and H1 (G, C).

34. Let E be the elliptic curve y 2 = x3 + x + 1. Let E[2] be the group of points
of order dividing 2 on E. Let

ρE,2 : Gal(Q/Q) → Aut(E[2])

be the mod 2 Galois representation associated to E.

(a) Find the fixed field K of ker(ρE,2 ).

(b) Is ρE,2 surjective?
(c) Find the group Gal(K/Q).
(d) Which primes are ramified in K?
(e) Let I be an inertia group above 2, which is one of the ramified primes.
Determine E[2]I explicitly for your choice of I. What is the characteristic
polynomial of Frob2 acting on E[2]I .
(f) What is the characteristic polynomial of Frob3 acting on E[2]?
(g) Let K be a number field. Prove that there is a finite set S of primes of K
such that

OK,S = {a ∈ K ∗ : ordp (aOK ) ≥ 0 all p 6∈ S} ∪ {0}

is a prinicipal ideal domain. The condition ordp (aOK ) ≥ 0 means that in

the prime ideal factorization of the fractional ideal aOK , we have that p
occurs to a nonnegative power.
(h) Let a ∈ K and n a positive integer. Prove that L = K(a1/n ) is unramified
outside the primes that divide n and the norm of a. This means that if p
is a prime of OK , and p is coprime to n NormL/K (a)OK , then the prime
factorization of pOL involves no primes with exponent bigger than 1.
(i) Write down a proof of Hilbert’s Theorem 90, formulated as the statement
that for any number field K, we have
∗
H1 (K, K ) = 0.
222 CHAPTER 20. EXERCISES

1. Let k be any field. Prove that the only nontrivial valuations on k(t) which are
trivial on k are equivalent to the valuation (13.3.3) or (13.3.4) of page 157.

2. A field with the topology induced by a valuation is a topological field, i.e., the
operations sum, product, and reciprocal are continuous.

3. Give an example of a non-archimedean valuation on a field that is not discrete.

4. Prove that the field Qp of p-adic numbers is uncountable.

5. Prove that the polynomial f (x) = x3 − 3x2 + 2x + 5 has all its roots in Q5 ,
and find the 5-adic valuations of each of these roots. (You might need to use
Hensel’s lemma, which we don’t discuss in detail in this book. See [Cas67,
App. C].)

6. In this problem you will compute an example of weak approximation, like I

did in the Example 14.3.3. Let K = Q, let | · |7 be the 7-adic absolute value,
let | · |11 be the 11-adic absolute value, and let | · |∞ be the usual archimedean
1
absolute value. Find an element b ∈ Q such that |b − ai |i < 10 , where a7 = 1,
a11 = 2, and a∞ = −2004.

7. Prove that −9 has a cube root in Q10 using the following strategy (this is a
special case of Hensel’s Lemma, which you can read about in an appendix to
Cassel’s article).

(a) Show that there is an element α ∈ Z such that α3 ≡ 9 (mod 103 ).

(b) Suppose n ≥ 3. Use induction to show that if α1 ∈ Z and α3 ≡ 9
(mod 10n ), then there exists α2 ∈ Z such that α23 ≡ 9 (mod 10n+1 ).
(Hint: Show that there is an integer b such that (α1 + b · 10n )3 ≡ 9
(mod 10n+1 ).)
(c) Conclude that 9 has a cube root in Q10 .

8. Compute the first 5 digits of the 10-adic expansions of the following rational
numbers:
13 1 17
, , , the 4 square roots of 41.
2 389 19
9. Let N > 1 be an integer. Prove that the series
∞
X
(−1)n+1 n! = 1! − 2! + 3! − 4! + 5! − 6! + · · · .
n=1

converges in QN .

10. Prove that −9 has a cube root in Q10 using the following strategy (this is a
special case of “Hensel’s Lemma”).
 223

(a) Show that there is α ∈ Z such that α3 ≡ 9 (mod 103 ).

(b) Suppose n ≥ 3. Use induction to show that if α1 ∈ Z and α3 ≡ 9
(mod 10n ), then there exists α2 ∈ Z such that α23 ≡ 9 (mod 10n+1 ).
(Hint: Show that there is an integer b such that (α1 + b10n )3 ≡ 9
(mod 10n+1 ).)
(c) Conclude that 9 has a cube root in Q10 .

11. Let N > 1 be an integer.

(a) Prove that QN is equipped with a natural ring structure.

(b) If N is prime, prove that QN is a field.

12. (a) Let p and q be distinct primes. Prove that Qpq ∼

= Qp × Qq .
(b) Is Qp2 isomorphic to either of Qp × Qp or Qp ?

13. Prove that every finite extension of Qp “comes from” an extension of Q, in

the following sense. Given an irreducible polynomial f ∈ Qp [x] there exists an
irreducible polynomial g ∈ Q[x] such that the fields Qp [x]/(f ) and Qp [x]/(g)
are isomorphic. [Hint: Choose each coefficient of g to be sufficiently close to
the corresponding coefficient of f , then use Hensel’s lemma to show that g
has a root in Qp [x]/(f ).]

14. Find the 3-adic expansion to precision 4 of each root of the following polyno-
mial over Q3 :
f = x3 − 3x2 + 2x + 3 ∈ Q3 [x].
Your solution should conclude with three expressions of the form

a0 + a1 · 3 + a2 · 32 + a3 · 33 + O(34 ).

15. (a) Find the normalized Haar measure of the following subset of Q+
7:
   
1 1
U = B 28, = x ∈ Q7 : |x − 28| < .
50 50

(b) Find the normalized Haar measure of the subset Z∗7 of Q∗7 .

16. Suppose that K is a finite extension of Qp and L is a finite extension of Qq ,

with p 6= q and assume that K and L have the same degree. Prove that there
is a polynomial g ∈ Q[x] such that Qp [x]/(g) ∼
= K and Qq [x]/(g) ∼
= L. [Hint:
Combine your solution to 13 with the weak approximation theorem.]

17. Prove that the ring C defined in Section 9 really is the tensor product of A
and B, i.e., that it satisfies the defining universal mapping property for tensor
products. Part of this problem is for you to look up a functorial definition of
tensor product.
224 CHAPTER 20. EXERCISES
√ √
18. Find a zero divisor pair in Q( 5) ⊗Q Q( 5).
√ √
19. (a) Is Q( 5) ⊗Q Q( −5) a field?
√ √ √
(b) Is Q( 4 5) ⊗Q Q( 4 −5) ⊗Q Q( −1) a field?

20. Suppose ζ5 denotes a primitive 5th root of unity. For any prime p, consider
the tensor product Qp ⊗Q Q(ζ5 ) = K1 ⊕ · · · ⊕ Kn(p) . Find a simple formula
for the number n(p) of fields appearing in the decomposition of the tensor
product Qp ⊗Q Q(ζ5 ). To get full credit on this problem your formula must
be correct, but you do not have to prove that it is correct.

21. Suppose k · k1 and k · k2 are equivalent norms on a finite-dimensional vector

space V over a field K (with valuation | · |). Carefully prove that the topology
induced by k · k1 is the same as that induced by k · k2 .

22. Suppose K and L are number fields (i.e., finite extensions of Q). Is it possible
for the tensor product K ⊗Q L to contain a nilpotent element? (A nonzero
element a in a ring R is nilpotent if there exists n > 1 such that an = 0.)
√
23. Let K be the number field Q( 5 2).

(a) In how many ways does the 2-adic valuation | · |2 on Q extend to a valu-
ation on K?
(b) Let v = | · | be a valuation on K that extends | · |2 . Let Kv be the
completion of K with respect to v. What is the residue class field F of
Kv ?

24. Prove that the product formula holds for F(t) similar to the proof we gave
in class using Ostrowski’s theorem for Q. You may use the analogue of Os-
trowski’s theorem for F(t), which you had on a previous homework assignment.
(Don’t give a measure-theoretic proof.)

25. Prove Theorem 18.3.5, that “The global field K is discrete in AK and the
quotient A+ +
K /K of additive groups is compact in the quotient topology.” in
the case when K is a finite extension of F(t), where F is a finite field.
Bibliography

[Art23] E. Artin, Über eine neue Art von L-reihen, Abh. Math. Sem. Univ.
Hamburg 3 (1923), 89–108.

[Art30] E Artin, Zur Theorie der L-Reihen mit allgemeinen Gruppencharak-

teren, Abh. math. Semin. Univ. Hamburg 8 (1930), 292–306.

[Art59] E. Artin, Theory of algebraic numbers, Notes by Gerhard Würges from

lectures held at the Mathematisches Institut, Göttingen, Germany,
in the Winter Semester, vol. 1956/7, George Striker, Schildweg 12,
Göttingen, 1959. MR 24 #A1884

[Art91] M. Artin, Algebra, Prentice Hall Inc., Englewood Cliffs, NJ, 1991. MR
92g:00001

[AT90] E. Artin and J. Tate, Class field theory, second ed., Advanced Book
Classics, Addison-Wesley Publishing Company Advanced Book Pro-
gram, Redwood City, CA, 1990. MR 91b:11129

[BCP97] W. Bosma, J. Cannon, and C. Playoust, The Magma algebra system. I.

The user language, J. Symbolic Comput. 24 (1997), no. 3–4, 235–265,
Computational algebra and number theory (London, 1993). MR 1 484
478

[BDSBT01] Kevin Buzzard, Mark Dickinson, Nick Shepherd-Barron, and Richard

Taylor, On icosahedral Artin representations, Duke Math. J. 109
(2001), no. 2, 283–318. MR 1845181 (2002k:11078)

[BL94] J. A. Buchmann and H. W. Lenstra, Jr., Approximating rings of in-

tegers in number fields, J. Théor. Nombres Bordeaux 6 (1994), no. 2,
221–260. MR 1360644 (96m:11092)

[BS02] K. Buzzard and W. A. Stein, A mod five approach to modularity of

icosahedral Galois representations, Pacific J. Math. 203 (2002), no. 2,
265–282. MR 2003c:11052

[Buh78] J. P. Buhler, Icosahedral Galois representations, Springer-Verlag,

Berlin, 1978, Lecture Notes in Mathematics, Vol. 654.

225
226 BIBLIOGRAPHY

[Cas67] J. W. S. Cassels, Global fields, Algebraic Number Theory (Proc. In-

structional Conf., Brighton, 1965), Thompson, Washington, D.C.,
1967, pp. 42–84.

[Cas91] , Lectures on elliptic curves, London Mathematical Society Stu-

dent Texts, vol. 24, Cambridge University Press, Cambridge, 1991. MR
92k:11058

[CL84] H. Cohen and H. W. Lenstra, Jr., Heuristics on class groups of number

fields, Number theory, Noordwijkerhout 1983 (Noordwijkerhout, 1983),
Lecture Notes in Math., vol. 1068, Springer, Berlin, 1984, pp. 33–62.
MR 756082 (85j:11144)

[Coh93] H. Cohen, A course in computational algebraic number theory,

Springer-Verlag, Berlin, 1993. MR 94i:11105

[Cp86] J. W. S. Cassels and A. Fröhlich (eds.), Algebraic number theory, Lon-

don, Academic Press Inc. [Harcourt Brace Jovanovich Publishers],
1986, Reprint of the 1967 original.

[EH00] D. Eisenbud and J. Harris, The geometry of schemes, Springer-Verlag,

New York, 2000. MR 2001d:14002

[Fre94] G. Frey (ed.), On Artin’s conjecture for odd 2-dimensional representa-

tions, Springer-Verlag, Berlin, 1994, 1585. MR 95i:11001

[Har77] R. Hartshorne, Algebraic Geometry, Springer-Verlag, New York, 1977,

Graduate Texts in Mathematics, No. 52.

[Iwa53] K. Iwasawa, On the rings of valuation vectors, Ann. of Math. (2) 57

(1953), 331–356. MR 14,849a

[KW08] C. Khare and J.-P. Wintenberger, Serre’s modularity conjecture (i),

Preprint (2008).

[Lan64] S. Lang, Algebraic numbers, Addison-Wesley Publishing Co., Inc.,

Reading, Mass.-Palo Alto-London, 1964. MR 28 #3974

[Lan80] R. P. Langlands, Base change for GL(2), Princeton University Press,

Princeton, N.J., 1980.

[Len02] H. W. Lenstra, Jr., Solving the Pell equation, Notices Amer. Math. Soc.
49 (2002), no. 2, 182–192. MR 2002i:11028

[LL93] A. K. Lenstra and H. W. Lenstra, Jr. (eds.), The development of the

number field sieve, Springer-Verlag, Berlin, 1993. MR 96m:11116

[Mah64] K. Mahler, Inequalities for ideal bases in algebraic number fields, J.

Austral. Math. Soc. 4 (1964), 425–448. MR 31 #1243
BIBLIOGRAPHY 227

[Mar77] Daniel A. Marcus, Number fields, Universitext (1979), Springer, 1977.

[PAR] PARI, A computer algebra system designed for fast computations in

number theory, http://pari.math.u-bordeaux.fr/.

[S+ 11] W. A. Stein et al., Sage Mathematics Software (Version 4.6.2), The
Sage Development Team, 2011, http://www.sagemath.org.

[SD01] H. P. F. Swinnerton-Dyer, A brief guide to algebraic number theory,

London Mathematical Society Student Texts, vol. 50, Cambridge Uni-
versity Press, Cambridge, 2001. MR 2002a:11117

[Ser73] J-P. Serre, A Course in Arithmetic, Springer-Verlag, New York, 1973,

Translated from the French, Graduate Texts in Mathematics, No. 7.

[Ser79] , Local fields, Springer-Verlag, New York, 1979, Translated from

the French by Marvin Jay Greenberg.

[Sil92] J. H. Silverman, The arithmetic of elliptic curves, Springer-Verlag, New

York, 1992, Corrected reprint of the 1986 original.

[ST68] J-P. Serre and J. T. Tate, Good reduction of abelian varieties, Ann.
of Math. (2) 88 (1968), 492–517, http://wstein.org/papers/bib/
Serre-Tate-Good_Reduction_of_Abelian_Varieties.pdf.

[Ste09] William Stein, Elementary number theory: primes, congruences, and

secrets, Undergraduate Texts in Mathematics, Springer, New York,
2009, A computational approach. MR 2464052 (2009i:11002)

[Was97] Lawrence C. Washington, Introduction to cyclotomic fields, second ed.,

Graduate Texts in Mathematics, vol. 83, Springer-Verlag, New York,
1997. MR 1421575 (97h:11130)

[Wei82] A. Weil, Adeles and algebraic groups, Progress in Mathematics, vol. 23,
Birkhäuser Boston, Mass., 1982, With appendices by M. Demazure and
Takashi Ono. MR 83m:10032