LECTURE NOTES

FIELDS, RINGS AND MODULES

SERGEY MOZGOVOY

Contents
1. Rings 2
1.1. Basic definitions 2
1.2. Ideals and quotient rings 4
1.3. Ring homomorphisms 7
1.4. Algebras 10
2. Integral domains 14
2.1. Basic definitions 14
2.2. Unique factorization domains (UFD) 15
2.3. Principal ideal domains (PID) 17
2.4. GCD and LCM 18
2.5. Euclidean domains 20
2.6. The field of fractions 22
2.7. Factorization in polynomial rings 23
3. Fields 25
3.1. Basic definitions 25
3.2. Field extensions 27
3.3. Splitting fields, Finite fields, Algebraically closed fields 30
3.4. Constructions with compass and straightedge 33
4. Symmetric polynomials 37
4.1. Discriminant 39
5. Modules 40
5.1. Definition and examples 40
5.2. Homomorphisms and submodules 42
5.3. Simple and indecomposable modules 44
5.4. Chinese remainder theorem 47
5.5. Modules over PID 49
5.6. Noetherian modules 51
Appendix A. Cyclotomic polynomials 53
Appendix B. RSA algorithm 55

Date: January 22, 2023.

2 SERGEY MOZGOVOY

1. Rings
1.1. Basic definitions. Consider the set Z of integer numbers. It has two binary operations:
+ (addition) and · (multiplication) compatible with each other

a(b + c) = ab + ac, (b + c)a = ba + ca.

We will use this example as a motivation for a formal description of a structure, called a ring,
consisting of a set and two compatible binary operations as above.

Definition 1.1. An abelian group is a pair (A, +), where A is a set and + : A × A → A is a
+
map (we write (a, b) 7−
→ a + b) such that
(1) (Associativity) (a + b) + c = a + (b + c).
(2) (Commutativity) a + b = b + a.
(3) (Existence of zero) ∃ 0 ∈ A such that 0 + a = a + 0 = a ∀a ∈ A.
(4) (Existence of negative) For any a ∈ A there exists an element b ∈ A such that a + b = 0.
It is denoted by −a.

Example 1.2. The set of natural numbers N = {0, 1, 2, 3, . . .} has an obvious addition operation.
But it is not a group: it does not contain negatives of nonzero elements. For example −1 6∈ N.
The following are examples of abelian groups
(1) The set Z of integer numbers.
(2) The set Q of rational numbers.
(3) The set R of real numbers.
(4) The set C of complex numbers.

Definition 1.3. A ring is a triple (A, +, ·), where A is a set and + : A × A → A, · : A × A → A

·
are binary operations (we write (a, b) →
7− a · b = ab) such that
(1) (A, +) is an abelian group.
(2) (Associativity of multiplication) (a · b) · c = a · (b · c).
(3) (Existence of identity element or unity) ∃ 1 ∈ A such that 1a = a1 = a for all a ∈ A.
(4) (Distributivity) a(b + c) = ab + ac, (b + c)a = ba + ca for all a, b, c ∈ A.

Definition 1.4. A ring A is called

(1) a commutative ring if for any a, b ∈ A: ab = ba.
(2) a division ring if for any nonzero a ∈ A there exists b ∈ A such that ab = ba = 1 (the
element b is denoted by a−1 and is called the inverse of a).
(3) a field if it is a commutative ring and a division ring.

Example 1.5. We know already several examples of rings.

(1) The sets Z, Q, R, C are rings with respect to the natural operations of addition and
multiplication. All of them are commutative. The rings Q, R, C are also fields as all
their nonzero elements are invertible. In particular, for 0 6= a + bi ∈ C, we can write
1 a − bi a − bi a b
= = 2 = − i ∈ C.
a + bi (a + bi)(a − bi) a + b2 a2 + b 2 a2 + b 2
The ring Z is not a field. For example, the element 2 ∈ Z does not have the inverse in Z
as 21 6∈ Z.
(2) The sets of polynomials Z[x], Q[x], R[x], C[x] are commutative rings. They are not fields.
 FIELDS, RINGS AND MODULES 3

(3) The set Mn (R) of n × n matrices with real entries is a ring. Addition and multiplication
of matrices A = (aij ) and B = (bij ) is defined by
n
X
A + B = (cij ), cij = aij + bij , AB = (dij ), dij = aik bkj .
k=1
The zero element of this ring is the zero matrix. The identity element of this ring is the
identity matrix
1 0 ··· 0
 
0 1 · · · 0
In =  
. . . . . . . . . . . .
0 ...... 1
Similarly, the set Mn (C) of n × n matrices with complex entries is a ring. These rings
are not commutative for n ≥ 2. For example
( 00 10 )( 10 00 ) = ( 00 00 ), ( 10 00 )( 00 10 ) = ( 00 10 ).
They are also not division rings for n ≥ 2. For example, the matrix ( 10 00 ) is not invertible.
Lemma 1.6. Let A be a ring. Then
(1) The zero element is unique.
(2) The negative of any element is unique.
(3) The identity element is unique.
Proof. (1) If 00 is another zero, then 0 + 00 = 0 and 0 + 00 = 00 . Therefore 0 = 00 .
(2) Assume that an element a has two negatives b, b0 . Then
b = b + (a + b0 ) = (b + a) + b0 = 0 + b0 = b0 .
(3) If 10 is another identity then 1 · 10 = 1 = 10 . 
Lemma 1.7. Let A be a ring. Then
(1) 0a = a0 = 0.
(2) (−a)b = a(−b) = −ab.
Proof. (1) We have
0a + a = 0a + 1a = (0 + 1)a = 1a = a.
Therefore 0a = 0. Similarly a0 = 0.
(2) We have
(−a)b + ab = (−a + a)b = 0b = 0.
Therefore (−a)b = −ab. Similarly a(−b) = −ab. 
4 SERGEY MOZGOVOY

1.2. Ideals and quotient rings. Let A be a ring.

Definition 1.8. A subset I ⊆ A is called an ideal of A if

(1) I is a subgroup of (A, +), meaning that
(1) a, b ∈ I =⇒ a + b ∈ I.
(2) 0 ∈ I.
(3) a ∈ I =⇒ −a ∈ I.
(2) a ∈ A, b ∈ I =⇒ ab ∈ I, ba ∈ I

Remark 1.9. For any subsets X, Y ⊆ A, let us define

nX o
X + Y = {a + b | a ∈ X, b ∈ Y }, XY = ai bi ai ∈ X, bi ∈ Y ∀i .

Then the last condition can be written in the form AI ⊆ I and IA ⊆ I.

Remark 1.10. The subsets {0} ⊆ A and A ⊆ A are ideals of A. An ideal I ⊆ A is called
proper if it is a proper subset of A, meaning that I 6= A.

Example 1.11. Let A be a commutative ring and a ∈ A. Then the set (a) = aA = {ab | b ∈ A }
is an ideal of A. Indeed
(1) given two elements ab1 , ab2 ∈ (a), we have ab1 + ab2 = a(b1 + b2 ) ∈ (a).
(2) 0 = a0 ∈ (a).
(3) if ab ∈ (a), then −ab = a(−b) ∈ (a).
(4) A(aA) = (aA)A ⊆ aA.
Ideals of this form are called principal ideals. Note that 0A = {0} and 1A = A.

Definition 1.12. Let A be a commutative ring and let a, b ∈ A. We say that a divides b (or
that b is divisible by a, or b is a multiple of a) and we write a | b if there exists c ∈ A such that
b = ac. Note that a | b if and only if b ∈ (a) = aA.

Lemma 1.13. All ideals of Z are of the form (n) = nZ for some n ∈ Z.

Proof. Let I ⊆ Z be an ideal. If I = {0} then I = (0). Assume that I is nonzero. Let n be the
minimal positive element of I. We will prove that I = (n). Inclusion (n) ⊆ I is clear. Assume
that m ∈ I\(n). Dividing m by n with a remainder, we can write m = qn + r for some integers
q, r with 0 ≤ r < n. Actually 0 < r < n as m ∈/ (n). As m, n ∈ I, we obtain
r = m − qn ∈ I.
This contradicts to the minimality of the positive element n ∈ I. 

1.2.1. Ideal generated by a set.

T
Lemma 1.14. Let A be a ring and (It )t∈T be a collection of ideals of A. Then t∈T It is an
ideal of A.
T
Proof. Let I = t∈T It . Then
(1) 0 ∈ I as 0 ∈ It ∀t ∈ T .
(2) a, b ∈ I =⇒ a, b ∈ It ∀t ∈ T =⇒ a + b ∈ It ∀t ∈ T =⇒ a + b ∈ I.
(3) a ∈ I =⇒ a ∈ It ∀t ∈ T =⇒ −a ∈ It ∀t ∈ T =⇒ −a ∈ I.
(4) a ∈ A, b ∈ I =⇒ b ∈ It ∀t ∈ T =⇒ ab, ba ∈ It ∀t ∈ T =⇒ ab, ba ∈ I.

 FIELDS, RINGS AND MODULES 5

Definition 1.15. Let F ⊆ A be a subset. We define the ideal generated by F to be

(F ) = {a1 f1 b1 + · · · + ak fk bk | k ≥ 0, fi ∈ F, ai , bi ∈ A }.
It is the smallest ideal of A that contains F and it is equal to the intersection of all ideals that
contain F . If A is commutative, then
(F ) = {a1 f1 + · · · + ak fk | k ≥ 0, fi ∈ F, ai ∈ A}.
If F = {f1 , . . . , fn }, then we denote (F ) also by (f1 , . . . , fn ). In particular, for F = {f }, we
obtain the principal ideal (f ) ⊆ A defined earlier.
Example 1.16. The ideal generated by n ∈ Z is (n) = nZ = Zn.
1.2.2. Quotient rings. Let A be a ring and I ⊆ A be an ideal. We construct the quotient
ring A/I as follows. Consider the binary relation ∼ on A (this is a subset of A × A) defined by
the rule
a ∼ b ⇐⇒ a − b ∈ I.
This is an equivalence relation:
(1) Reflexivity: a ∼ a. Indeed, a − a = 0 ∈ I.
(2) Symmetry: a ∼ b =⇒ b ∼ a. Indeed, if a − b ∈ I then b − a = −(a − b) ∈ I.
(3) Transitivity: a ∼ b, b ∼ c =⇒ a ∼ c. Indeed, if a − b ∈ I and b − c ∈ I, then
(a − b) + (b − c) = a − c ∈ I.
The equivalence class [a] ⊆ A of an element a ∈ A is defined by
[a] = {b ∈ A | b ∼ a } = {a + b | b ∈ I } = a + I.
The set of all equivalence classes is denoted by A/I. If a ∼ b, we say that a and b are congruent
modulo I and we write a ≡ b mod I. The equivalence class of a is also called the congruence
class of a modulo I.
Theorem 1.17. The set A/I equipped with addition and multiplication operations
[a] + [b] = [a + b], [a] · [b] = [ab]
is a ring, called the quotient ring. Its zero and identity elements are 0A/I = [0] and 1A/I = [1].
Proof. First of all, we have to show that addition and multiplication are well defined. This
means that we have to show that if a ∼ a0 and b ∼ b0 then
a + b ∼ a0 + b 0 , ab ∼ a0 b0 .
For the first equivalence we note that
(a + b) − (a0 + b0 ) = (a − a0 ) + (b − b0 ) ∈ I.
For the second equivalence we note that
ab − a0 b0 = a(b − b0 ) + (a − a0 )b0 ∈ I
as b − b0 ∈ I and a − a0 ∈ I.
Let us prove now that A/I is a ring. We check first that (A/I, +) is an abelian group:
(1) ([a] + [b]) + [c] = [a + b] + [c] = [a + b + c] = [a] + [b + c] =[a]+([b]+[c]).
(2) [a] + [b] = [a + b] = [b + a] = [b] + [a].
(3) The element [0] = 0 + I = I is zero: [a] + [0] = [a + 0] = [a].
(4) For any [a] ∈ A/I there exists the negative [−a]: [a] + [−a] = [a − a] = [0].
Let us check the remaining axioms:
(1) ([a] · [b]) · [c] = [abc] = [a] · ([b] · [c]).
6 SERGEY MOZGOVOY

(2) The element [1] ∈ A/I is the identity element: [a] · [1] = [a] = [1] · [a].
(3) Distributivity: [a]([b] + [c]) = [a] · [b + c] = [ab + ac] = [ab] + [ac] = [a] · [b] + [a] · [c].
Similarly, one can prove the second distributivity property.

Example 1.18. Let us consider the ring Z and the ideal (n) = nZ, for n ≥ 2. Then we have
the quotient ring Zn = Z/nZ, called the ring of congruence classes of integers modulo n. It
consists of n elements that are congruence classes of the elements 0, 1, . . . , n − 1 in Z. Indeed, for
any m ∈ Z, we can write m = qn + r for some q, r ∈ Z with 0 ≤ r < n. Then m − r = qn ∈ (n),
hence m ∼ r and [m] = [r]. If 0 ≤ r < r0 < n, then 0 < r0 − r < n, hence r0 − r ∈ / (n). Therefore
0 0
r 6∼ r and [r ] 6= [r].
(1) In the ring Z2 = Z/2Z we have [1] + [1] = [0] and [1] · [1] = [1]. This ring is a field.
(2) In the ring Z3 = Z/3Z we have [2] · [2] = [4] = [1] (as 4 ≡ 1 mod 3). This means that [2]
is invertible in Z3 and Z3 is a field.
(3) On the other hand, in Z4 = Z/4Z we have [2] · [2] = [4] = [0] (as 4 ≡ 0 mod 4). Therefore
[2] is not invertible in Z4 and Z4 is not a field.
The difference between the above rings stems from the fact that 2 and 3 are prime numbers,
while 4 is not. The general situation is described by the following theorem.
Remark 1.19. An integer p ≥ 2 is called a prime number if a | p implies a = ±1 or a = ±p.
Remark 1.20. Let a, b ∈ A be nonzero elements such that ab = 0. Then a is not invertible.
Indeed, if a has the inverse a−1 , then b = a−1 ab = a−1 0 = 0, which contradicts to b 6= 0.
Theorem 1.21. For n ≥ 2, the ring Zn = Z/nZ is a field if and only if n is a prime number.
Proof. =⇒ : Assume that n is not prime. Then n = km for some 1 < k, m < n. Therefore
[k], [m] 6= 0, but [k][m] = [n] = 0 in Zn . This implies that [k] is not invertible, hence Zn is not a
field.
⇐= : Assume that n = p is a prime number. Let 1 ≤ k < p be a number that represents
some nonzero element [k] in Zp . Then the multiplication map
k : Zp → Zp , [m] 7→ [k] · [m] = [km],
is injective: if not, then [km] = 0 for some [m] 6= 0. But this would imply that km ∈ (p), hence
p | km and therefore p | k or p | m (see the next lemma), a contradiction. As Zp is finite,
the map k : Zp → Zp should be bijective. This implies that there exists [m] ∈ Zp such that
[k] · [m] = [1], hence [k] is invertible. Therefore Zp is a field. 
Lemma 1.22. Let p ∈ Z be a prime number and a, b ∈ Z. If p | ab, then p | a or p | b.
Proof. Let I = {n ∈ Z | p | na}. Then p, b ∈ I. The set I is an ideal in Z (exercise). Therefore
I = dZ for some d ≥ 1. As p ∈ I = dZ, we conclude that d | p and therefore d = 1 or d = p. If
d = 1, then p | da = a. If d = p then b ∈ I = pZ, hence p | b. 
 FIELDS, RINGS AND MODULES 7

1.3. Ring homomorphisms.

Definition 1.23. Let A be a ring. A subset B ⊆ A is called a subring of A if
(1) B is a subgroup of (A, +), meaning that
(1) a, b ∈ B =⇒ a + b ∈ B.
(2) a ∈ B =⇒ −a ∈ B.
(3) 0A ∈ B.
(2) a, b ∈ B =⇒ ab ∈ B.
(3) 1A ∈ B.
Note that B is also a ring with addition and multiplication inherited from A. Its zero element
is 0B = 0A and its identity element is 1B = 1A .
Remark 1.24. For example, there is a chain of subrings Z ⊆ Q ⊆ R ⊆ C. But what about the
ring Z/nZ? Is it a subring of Z? The answer is not: for example, all nonzero elements of Z/5Z
are invertible, but the only invertible elements of Z are ±1. It turns out that it works the other
way around: there is a canonical map Z → Z/nZ that preserves the ring structures. This leads
us to the following definition.
Definition 1.25. A map φ : A → B between two rings is called a ring homomorphism if
(1) φ(a + b) = φ(a) + φ(b).
(2) φ(ab) = φ(a)φ(b).
(3) φ(1A ) = 1B .
A homomorphism φ is called an isomorphism if it is bijective.
Example 1.26. If B ⊆ A is a subring, then the inclusion map
i : B → A, i(b) = b ∀b ∈ B,
is a ring homomorphism, called the canonical embedding.
Example 1.27. Let C[a, b] be the set of continuous functions f : [a, b] → R on a closed
interval [a, b]. Then C[a, b] is a ring with addition and multiplication defined pointwise:
(f + g)(x) = f (x) + g(x), (f g)(x) = f (x)g(x), ∀x ∈ [a, b]
for all f, g ∈ C[a, b]. For any x0 ∈ [a, b], we have the ring homomorphism
φ : C[a, b] → R, f 7→ f (x0 ) ∈ R,
called the evaluation map at the point x0 .
Lemma 1.28. Let A be a ring and I ⊆ A be an ideal. Then the map
π : A → A/I, a 7→ [a],
is a ring homomorphism, called the projection (or the canonical homomorphism).
Proof. We have
π(a + b) = [a + b] = [a] + [b] = π(a) + π(b).
π(ab) = [ab] = [a] · [b] = π(a)π(b).
π(1) = [1].

Example 1.29. Applying this lemma to A = Z and I = nZ, we obtain the canonical homo-
morphism π : Z → Zn = Z/nZ.
8 SERGEY MOZGOVOY

Lemma 1.30. If φ : A → B is a ring homomorphism then

(1) φ(0) = 0.
(2) φ(−a) = −φ(a).
Proof. (1) φ(0) = φ(0 + 0) = φ(0) + φ(0). Therefore φ(0) = 0.
(2) φ(−a) + φ(a) = φ(−a + a) = φ(0) = 0. Therefore φ(−a) = −φ(a). 
Definition 1.31. Let φ : A → B be a ring homomorphism. We define
(1) the kernel of φ
Ker φ = {a ∈ A | φ(a) = 0} ⊆ A.
(2) the image of φ
Im φ = {φ(a) | a ∈ A } ⊆ B.
Lemma 1.32. Let φ : A → B be a ring homomorphism. Then
(1) Ker φ ⊆ A is an ideal of A.
(2) Im φ ⊆ B is a subring of B.
Proof. (1) We have
(1) φ(0) = 0. Therefore 0 ∈ Ker φ.
(2) For any a, b ∈ Ker φ: φ(a + b) = φ(a) + φ(b) = 0. Therefore a + b ∈ Ker φ.
(3) For any a ∈ Ker φ: φ(−a) = −φ(a) = 0. Therefore −a ∈ Ker φ.
(4) For any a ∈ Ker φ, b ∈ A: φ(ba) = φ(b)φ(a) = φ(b) · 0 = 0 and φ(ab) = φ(a)φ(b) =
0 · φ(b) = 0. Therefore ba, ab ∈ Ker φ.
Therefore Ker φ is an ideal of A.
(2) We have 1B ∈ Im φ as φ(1A ) = 1B . Given two elements φ(a), φ(b) ∈ Im φ, we have
(1) φ(a) + φ(b) = φ(a + b) ∈ Im φ.
(2) −φ(a) = φ(−a) ∈ Im φ.
(3) φ(a)φ(b) = φ(ab) ∈ Im φ.
Therefore Im φ is a subring of B. 
Lemma 1.33. A ring homomorphism φ : A → B is injective if and only if Ker φ = 0 (we denote
the zero ideal {0} by 0).
Proof. Assume that φ is injective. If φ(a) = 0 then φ(a) = φ(0) =⇒ a = 0. Therefore
Ker φ = 0. Assume that Ker φ = 0. If φ(a) = φ(b), then φ(a − b) = 0 =⇒ a − b ∈ Ker φ =⇒
a − b = 0 =⇒ a = b. Therefore φ is injective. 
Theorem 1.34 (Homomorphism Theorem). For any ring homomorphism φ : A → B, there
is a unique ring homomorphism φ̄ : A/ Ker φ → B that makes the following diagram commute
(φ = φ̄ ◦ π)
π
A A/ Ker φ

φ φ̄
B
The map φ̄ is injective and induces an isomorphism φ̄ : A/ Ker φ → Im φ.
Proof. Uniqueness. As φ = φ̄ ◦ π, we have φ(a) = φ̄π(a) = φ̄([a]) ∀a ∈ A. This means that for
any equivalence class [a], we require φ̄([a]) = φ(a) and φ̄ is uniquely determined.
Existence. For any equivalence class [a], we define φ̄([a]) = φ(a).
The map φ̄ is well-defined: if a ∼ b then a − b ∈ Ker φ =⇒ φ(a − b) = 0 =⇒ φ(a) = φ(b).
 FIELDS, RINGS AND MODULES 9

For any a ∈ A we have φ(a) = φ̄([a]) = φ̄π(a). Therefore φ = φ̄ ◦ π and the diagram commutes.
The map φ̄ is a ring homomorphism:
(1) φ̄([a] + [b]) = φ̄([a + b]) = φ(a + b) = φ(a) + φ(b) = φ̄([a]) + φ̄([b]).
(2) φ̄([a] · [b]) = φ̄([ab]) = φ(ab) = φ(a)φ(b) = φ̄([a])φ̄([b]).
(3) φ̄([1A ]) = φ(1A ) = 1B .
The map φ̄ : A/ Ker φ → B is injective: if φ̄([a]) = 0, then φ(a) = φ̄([a]) = 0 =⇒ a ∈ Ker φ
=⇒ [a] = 0 in A/ Ker φ. Therefore Ker φ̄ = 0 and φ̄ is injective.
Consider the map φ̄ : A/ Ker φ → Im φ ⊆ B. It is injective by the previous discussion. It is also
surjective: for any φ(a) ∈ Im φ, we have φ̄([a]) = φ(a). This implies that φ̄ : A/ Ker φ → Im φ is
bijective, hence is an isomorphism. 
10 SERGEY MOZGOVOY

1.4. Algebras. Let A be a commutative ring.

Definition 1.35. An algebra B over A is a ring that contains A as a subring such that
ab = ba ∀a ∈ A, b ∈ B.
Remark 1.36. Let us define the center of a ring B to be
Z(B) = {a ∈ B | ab = ba ∀b ∈ B }.
If B is an algebra over A, then A ⊆ Z(B).
Remark 1.37. If B is an algebra over a field K, then we can interpret B as a vector space over
K. Let (e1 , . . . , en ) be a basis of B over K. Then every element x ∈ B can be uniquely written
in the form x = ni=1 xi ei , where xi ∈ K. In order to define the product on B, it is enough to
P
P P
describe the products ei ej ∈ B for all i, j. Indeed, if x = xi ei and y = yi ei with xi , yi ∈ K,
then X X  X
xy = xi ei yj ej = xi y j · e i e j .
i,j

1.4.1. The algebra of matrices. Let R be a commutative ring and let Mn (R) be the set of
n × n matrices with entries in R. Then Mn (R) is a ring with respect to the usual addition and
multiplication: given matrices A = (aij ) and B = (bij ) in Mn (R), we define
n
X
A + B = (cij ), cij = aij + bij , AB = (dij ), dij = aik bkj .
k=1

The ring Mn (R) is an algebra over R. Indeed, we have an embedding (injective ring homomor-
phism)
R ,→ Mn (R), r 7→ rIn ,
where In is the identity matrix in Mn (R). In this way we can identify A with a subring of Mn (R).
The elements of A commute with all matrices
(rIn )A = A(rIn ) = rA ∀r ∈ R, A ∈ Mn (R).
The algebra Mn (R) over R is called the matrix algebra (or the matrix ring).

1.4.2. The algebra of quaternions. The algebra H of quaternions is the algebra over R having a
basis 1, i, j, k and the multiplication defined on this basis so that 1 is the identity element and
i2 = j 2 = k 2 = −1, ij = −ji = k, jk = −kj = i, ki = −ik = j.
Remark 1.38. According to a legend, this algebra was invented by William Rowan Hamilton on
October 16, 1843 while walking near the Broome Bridge, Dublin. This event is commemorated
by a stone plaque near the bridge. For a long time quaternions were a mandatory exam topic in
Trinity College Dublin.
Actually it is enough to require that
i2 = j 2 = k 2 = ijk = −1.
Indeed, i, j, k are invertible, hence ijk = k 2 implies ij = k =⇒ kj = ij 2 = −i and so on. For
any element x = a + bi + cj + dk ∈ H, we define the absolute value and the conjugate of x by
√
|x| = a2 + b2 + c2 + d2 , x̄ = a − bi − cj − dk.
Lemma 1.39. We have xx̄ = x̄x = |x|2 .
 FIELDS, RINGS AND MODULES 11

Proof. We have
xx̄ = (a + bi + cj + dk)(a − bi − ci − dk) = a2 + b2 + c2 + d2 = |x|2
and similarly x̄x = |x|2 . 
The above result implies that for any x 6= 0 we have
x̄ x̄
x · 2 = 2 · x = 1,
|x| |x|
hence x is invertible in H. This means that all nonzero elements of H are invertible, hence H is
a division ring. It is non-commutative (for example ij 6= ji).
The ring H is an algebra over R, where we embed R ⊆ H by the rule a 7→ a1 (note that the
elements of R commute with all elements of H). We can also embed C ⊆ H by the rule
a + bi 7→ a1 + bi ∈ H.
6 ji, implying
This makes C into a subring of H. But H is not an algebra over C: we have ij =
that i ∈ C does not commute with all elements of H.
1.4.3. The algebra of polynomials. Let A be a commutative ring. We define the algebra A[x] of
polynomials in one variable x with coefficients in A to be the set of sequences
f = (f0 , f1 , f2 , . . . ),
where fk ∈ A, k ≥ 0, and all but a finite number of elements fk are zero. We will write elements
f ∈ A[x] in a more customary form
X
f = f 0 + f 1 x + f 2 x2 + · · · = f k xk .
k≥0

Given two polynomials f, g ∈ A[x], we define their sum f + g ∈ A[x] and product f g ∈ A[x] by
k
!
X X X
f +g = (fk + gk )xk , fg = fi gk−i xk .
k≥0 k≥0 i=0

These operations define the structure of a commutative ring on A[x].

Remark 1.40. Note that
(1) The zero element of A[x] is the polynomial 0 = 0 + 0x + 0x2 + . . .
(2) The identity element of A[x] is the polynomial 1 = 1 + 0x + 0x2 + . . .
(3) The ring A[x] is an algebra over A, where we embed A ⊆ A[x] by the rule a 7→
a + 0x + 0x2 + . . .
Definition 1.41. Let f = f0 + f1 x + · · · ∈ A[x] be a polynomial. Then
(1) The element f0 is called the constant term of f .
(2) The number deg f = max{k ≥ 0 | fk 6= 0} is called the degree of f . If f = 0, then we
define deg f = −∞.
(3) If n = deg f , then the element fn is called the leading coefficient of f . If fn = 1 then f
is called a monic polynomial .
Definition 1.42. Let B be an algebra over a commutative ring A and let f = i≥0 fi xi ∈ A[x]
P

be a polynomial.
(1) We define the evaluation of f at b ∈ B (or the substitution of b into f ) to be
X
f (b) = fi bi ∈ B.
i≥0
12 SERGEY MOZGOVOY

(2) An element b ∈ B is called a root (or a zero) of the polynomial f if f (b) = 0.

Note that we can consider in particular B = A or the algebra of matrices B = Mn (A).

Remark 1.43. A polynomial f ∈ A[x] induces a (polynomial) map f¯: A → A, a 7→ f (a). But
this map doesn’t determine f uniquely in general. For example, the polynomial f = x2 +x ∈ Z2 [x]
induces the map f¯: Z2 → Z2 , a 7→ 0, the same map as for the zero polynomial. We will see
later that polynomials over infinite fields are uniquely determined by the corresponding maps.

Theorem 1.44 (Evaluation of polynomials). Let B be an algebra over a commutative ring A

and let b ∈ B. Then the map

φb : A[x] → B, f 7→ f (b)

is a ring homomorphism, called the evaluation map. It is a unique ring homomorphism that
satisfies
φb (a) = a ∀a ∈ A, φb (x) = b.

Proof. It is clear that φb preserves the additive structures. Concerning the product, we have

k
! ! k
!
X X X X
φb (f g) = φb fi gk−i xk = fi gk−i bk
k≥0 i=0 k≥0 i=0
! !
X X
= f i bi gj bj = φb (f )φb (g).
i≥0 j≥0

Let us prove the uniqueness. For any f ∈ A[x], we have

!
X X X X
φb (f ) = φb f k xk = φb (fk xk ) = φb (fk )φb (x)k = f k bk
k≥0 k≥0 k≥0 k≥0

and this proves that φb is uniquely determined. 

Example 1.45. Let A = ( 10 11 ) ∈ M2 (R). Then A − I = ( 00 10 ) and (A − I)2 = 0. This implies

that A is a root of the polynomial p = (x − 1)2 ∈ R[x]. Consider the evaluation map

φA : R[x] → M2 (R), f 7→ f (A).

We proved that p(A) = 0, hence p ∈ Ker φA and (p) = R[x]p ⊆ Ker φA . One can show that
actually Ker φA = (p).

Definition 1.46. For any commutative ring A, we define the algebra of polynomials in several
variables inductively by the rule

A[x1 , . . . , xn ] = (A[x1 , . . . , xn−1 ])[xn ].

Polynomials f ∈ A[x1 , . . . , xn ] can be written in the form

X
f= fi1 ...in xi11 . . . xinn ,
i1 ,...,in ≥0

where fi1 ...in ∈ A and all but a finite number of these elements are zero.
 FIELDS, RINGS AND MODULES 13

1.4.4. Group algebras.

Definition 1.47. Let G be a group and K be a field. We define the group algebra KG to have
the underlying vector space with the basis (eg )g∈G and the multiplication eg eh = egh .
Remark 1.48.
(1) If G is a monoid, one defines similarly the algebra KG, called the monoid algebra.
(2) If 1 ∈ G is the identity element, then e1 ∈ KG is the identity of the group algebra.
(3) Usually one denotes the basis element eg simply by g. Then we can write KG =
L
g∈G Kg. P
(4) An element φ ∈ KG can be written in the form g∈G φg g for some φg ∈ k. Therefore,
we can identify φ ∈ KG with the map φ : G → K, g 7→ φg , such that φg 6= 0 for finitely
many g. The product of two elements φ, ψ ∈ KG is given by
!
X X XX X X
−1
φg g · ψh h = φh ψh−1 g h(h g) = φh ψh−1 g g
g h g h g h

and corresponds to the map

X
φ ∗ ψ : G → K, (φ ∗ ψ)(g) = φ(h)ψ(h−1 g)
h∈G

called the convolution of the maps φ and ψ.

Example 1.49. Consider the quaternion group Q = {±1, ±i, ±j, ±k} with the same multipli-
cation rule as in the algebra of quaternions. The group algebra RQ has dimension 8. One can
obtain the algebra of quaternions as the quotient
H ' RQ/he1 + e−1 , ei + e−i , ej + e−j , ek + e−k i.
Example 1.50. Consider the monoid N = {0, 1, 2, . . .} with the addition operation. The
monoid algebra KN can be identified with the algebra of polynomials K[x]
φ : KN −∼
→ K[x], en 7→ xn , n ≥ 0.
Note that φ(em en ) = φ(em+n ) = xm+n = φ(em )φ(en ), hence φ is a homomorphism of alge-
bras. Similarly, we can identify the group algebra KZ with the algebra K[x, x−1 ] of Laurent
polynomials.
14 SERGEY MOZGOVOY

2. Integral domains
2.1. Basic definitions.
Remark 2.1. There is the following chain of commutative ring classes

Fields ⊆ Euclidean domains ⊆ Principal ideal domains

⊆ Unique factorization domains ⊆ Integral domains ⊆ Commutative rings
We introduced already commutative rings and fields. Our goal will be to fill the gap. From now
on all rings are assumed to be commutative.
Definition 2.2. Let A be a commutative ring.
(1) A is called an integral domain if ab = 0 implies a = 0 or b = 0 for a, b ∈ A.
(2) An element a ∈ A is called a zero divisor if there exists nonzero b ∈ A such that ab = 0.
An element that is not a zero divisor is called a non-zero-divisor .
(3) An element a ∈ A is called an invertible element (or a unit) if there exists b ∈ A such
that ab = 1. The set of all units of A is denoted by A× (it is actually a group).
(4) Two elements a, b ∈ A are called associates (we write a ∼ b) if a = ub for some u ∈ A× .
Remark 2.3. A commutative ring A is an integral domain ⇐⇒ all nonzero elements of A are
non-zero-divisors.
Example 2.4. The ring Z is an integral domain. The only invertible elements of Z are ±1.
Example 2.5. Any field is an integral domain. For any field Kthe ring of polynomials K[x] is
an integral domain.
Remark 2.6 (Cancellation). Assume that A is an integral domain and a ∈ A is nonzero. If
ab = ac for some b, c ∈ A then b = c. Indeed, a(b − c) = 0 and as a is not a zero divisor, we
conclude that b − c = 0. Therefore b = c.
Lemma 2.7. Let A be an integral domain. Then two elements a, b ∈ A are associates if and
only if (a) = (b) (if and only if a | b and b | a).
Proof. If b = ua with u ∈ A× , then b ∈ (a) and (b) ⊆ (a). Similarly, from a = u−1 b we conclude
(a) ⊆ (b) and therefore (a) = (b).
Conversely, if (a) = (b) then b = ua, a = vb for some u, v ∈ A. Therefore a = vb = uva =⇒
a(1 − uv) = 0 =⇒ a = 0 or uv = 1. If a = 0, then b = ua = 0 = a. If uv = 1 then u is
invertible and a, b are associates. 
 FIELDS, RINGS AND MODULES 15

2.2. Unique factorization domains (UFD).

Definition 2.8. Let A be an integral domain.
/ A× t {0} and if p = ab implies a ∈ A× or
(1) An element p ∈ A is called irreducible if p ∈
b ∈ A× (we say that p can be factorized only in a trivial way).
(2) An element p ∈ A is called prime if p ∈/ A× t {0} and if p | ab implies p | a or p | b.
Remark 2.9. An irreducible element in K[x] is called an irreducible polynomial.
Example 2.10. A positive integer is irreducible if and only if it is a prime number (in the usual
sense).
Lemma 2.11. A prime element of an integral domain is irreducible.
Proof. Let p ∈ A be prime and p = ab. Then p | ab =⇒ p | a or p | b. Without loss of generality
p | b. Then b = cp for some c ∈ A, hence p = ab = acp and ac = 1. Therefore a ∈ A× . 
We will see later that there exist rings having irreducible elements that are not prime.
Definition 2.12. An integral domain A is called a unique factorization domain if
(1) Any a ∈ A\{0} can be written as a product of a unit and irreducible elements, that is,
a = up1 . . . pk
where u ∈ A× and pi are irreducible.
(2) The above factorization is unique up to units and a permutation of factors. That is, if
a = vq1 . . . ql
is another factorization into a product of a unit and irreducible elements, then l = k and
there exist a permutation σ ∈ Sk and elements ui ∈ A× such that qi = ui pσi for all i.
An integral domain satisfying just the first axiom is called a factorization domain.
Example 2.13.
(1) The ring Z is a UFD.
(2) Any field is a UFD for trivial reasons (all nonzero elements are invertible).
(3) If K is a field, then K[x] is a UFD as we will see later.
Example 2.14. Let us consider a ring which is not a unique factorization domain. Let
√ n √ o
A = Z[ −5] = a + b 5i a, b ∈ Z ⊆ C.
We claim that the element 6 has two different factorizations into irreducible factors
√ √
6 = 2 · 3 = (1 + 5i)(1 − 5i).
√
For any element z = a + b 5i ∈ A we have
|z|2 = a2 + 5b2 ∈ Z
and if z = z1 z2 then |z|2 = |z1 |2 |z2 |2 . Therefore if z ∈ A is invertible, then |z|2 ∈ Z is
√ implies |z| = 1 and z = ±1. ×Assuming that we can
invertible. This write some of the elements
z = 2, 3, 1 ± −5 as z = z1 z2 with z1 , z2 6∈ A , we obtain that |z| = 4, 9, 6 is equal to |z1 |2 · |z2 |2
2

and therefore
√ |zi |2 are equal to 2 or 3. But there are no such elements in A. This implies that
2, 3, 1 ± −5 are irreducible. They are not associates of each other as A× = {±1}. This implies
that the above factorizations are not equivalent.
Equality √ √
2 · 3 = 6 = (1 + −5)(1 − −5)
16 SERGEY MOZGOVOY
√ √ √
implies that 2 | (1 + √ −5)(1 − −5). But 2 does not divide 1 ± −5. This means that 2 is not
prime in the ring Z[ −5], although we have seen that 2 is irreducible.
Theorem 2.15. Let A be a factorization domain (satisfies just the first axiom of a UFD). Then
A is a UFD if and only if every irreducible element of A is prime.
Proof. ⇒. Let A be a UFD, p ∈ A be irreducible and p | ab, that is, ab = pc for some a, b, c ∈ A.
We want to show that p | a or p | b. Let
Y Y Y
a= ai , b= bi , c= ci
be factorizations into irreducible elements. Then the element ab = pc has two factorizations
Y Y Y
ai bi = p ci .
From the uniqueness of factorizations we conclude that p equals (up to a unit) to one of ai or bj .
This means that p divides a or b.
⇐. Assume that an element a has two decompositions into irreducibles
m
Y Yn
a= pi = qi .
i=1 i=1

By assumption all elements pi are prime. Let p = pm . Then p should divide one of qi (we can
assume that it is qn ). But qn is irreducible, therefore qn = up for some u ∈ A× . Dividing both
sides by p we obtain m−1
Q Qn−1
i=1 pi = u i=1 qi . By induction on m, these factorizations are the same
up to the permutation of factors and multiplications by units. 
 FIELDS, RINGS AND MODULES 17

2.3. Principal ideal domains (PID).

Definition 2.16. Let A be a commutative ring.
(1) An ideal I ⊆ A is called principal if it can be generated by one element, that is ∃a ∈ A
such that I = (a) = Aa.
(2) A is called a principal ideal domain if it is an integral domain and every ideal of A is a
principal ideal.
Example 2.17. We have seen that every ideal of Z has a form nZ for some n ∈ Z. This implies
that Z is a principal ideal domain.
Lemma 2.18. Let A be a principal ideal domain. Then every irreducible element in A is prime.
Proof. Let p ∈ A be irreducible and let p | ab. Assume that p - a. The ideal (p, a) is a principal
ideal, therefore (p, a) = (d) for some d ∈ A. In particular p ∈ (d) and p = cd for some c ∈ A.
As p is irreducible, we have c ∈ A× or d ∈ A× . If c ∈ A× , then (p) = (d) 3 a and p | a, a
contradiction. If d ∈ A× , then (a, p) = (d) = A. Therefore 1 = ax + py for some x, y ∈ A =⇒
b = abx + bpy =⇒ p | b. 
Theorem 2.19. Every PID is a UFD.
Proof. We have to show that a PID A is a factorization domain. The fact that A is a UFD
will follow then from Theorem 2.15 and the fact that every irreducible element in A is prime
according to the previous lemma.
Assume that a can not be represented as a product of irreducible elements (up to a unit).
Then a is not a unit and not irreducible. Therefore we can decompose it as a = a1 b1 with
a1 , b1 ∈/ A× . Without loss of generality we can assume that a1 can not be factorized into a
product of irreducible elements. Continuing this argument, we obtain a sequence of elements
/ A× satisfying ai = ai+1 bi+1 and therefore (strict inclusions here)
ai , bi ∈
(a) ⊂ (a1 ) ⊂ (a2 ) ⊂ . . .
The union of these ideals is again an ideal. As A is a PID, this ideal has the form (c) for some
c ∈ A. We have c ∈ (an ) for some n ≥ 1. Therefore (an ) = (c). This implies that (an ) = (an+1 ),
a contradiction. This proves the existence of a decomposition. 
18 SERGEY MOZGOVOY

2.4. GCD and LCM. Let A be an integral domain.

Definition 2.20. The greatest common divisor of two elements a, b ∈ A is an element d ∈ A
(denoted by gcd(a, b)) such that
(1) d | a, d | b.
(2) If c | a, c | b =⇒ c | d.
The elements a, b are called coprime if gcd(a, b) = 1.
Remark 2.21. A GCD of two elements does not exist in all rings, but we will see later that it
exists in UFD. If d is a GCD of a, b then any its associate (that is, an element of the form ud
for some u ∈ A× ) is also a GCD of a, b. Conversely, if c, d are two GCD of a, b then d | c and
c | d. This means that c, d are associates. We denote by gcd(a, b) any of these associates.
√
Example 2.22. Consider the ring A = Z[ −5] and an equation
√ √
(1 + −5)(1 − −5) = 2 · 3 = 6
in A. Consider the elements
√
a = (1 + −5) · 2, b = 6.
√
Then d = 1 + −5 is a common divisor of a and b and also c = 2 is a common divisor of a
and b. We also know that they are irreducible. However, neither of them is a greatest common
divisor of a, b as d 6| c and c 6| d.
Definition 2.23. The least common multiple of two elements a, b ∈ A is an element m ∈ A
(denoted by lcm(a, b)) such that
(1) a | m, b | m.
(2) If a | c, b | c then m | c.
Remark 2.24. Again we can show that a LCM of two elements a, b is determined only up to a
unit. Any of them is denoted by lcm(a, b).
Lemma 2.25. Let A be a principal ideal domain and a, b ∈ A. Then
(1) d = gcd(a, b) if and only if (a, b) = (d).
(2) m = lcm(a, b) if and only if (a) ∩ (b) = (m).
In particular GCD and LCM exist in principal ideal domains.
Proof. Let us prove just the first statement. Assume that (d) = (a, b). Then a, b ∈ (d) =⇒
d | a and d | b. If c | a and c | b then a, b ∈ (c) and this implies (d) = (a, b) ⊆ (c) and therefore
c | d. This means that d = gcd(a, b). Conversely, if d0 is a GCD of a, b then d0 and d are
associates and therefore (d0 ) = (d) = (a, b). 
Lemma 2.26. Let A be a principal ideal domain. Then a, b ∈ A are coprime if and only if
there exist x, y ∈ A such that ax + by = 1.
Proof. Condition that a, b are coprime means that gcd(a, b) = 1. The condition that there
∃x, y ∈ A: ax + by = 1 means that (a, b) = A = (1). Now we apply the previous lemma. 
Theorem 2.27. GCD and LCM exist in unique factorization domains.
Proof. Any two elements a, b can be written in the form
Yn Yn
ki
a=u pi , b=v plii ,
i=1 i=1
 FIELDS, RINGS AND MODULES 19

where u, v ∈ A× , p1 , . . . , pn are distinct prime elements (not associate to each other) and
ki , li ≥ 0. Define
n
Y Yn
si
d= pi , si = min{ki , li }, m= ptii , ti = max{ki , li }.
i=1 i=1

We claim that d = gcd(a, b) and m = lcm(a, b). Let is show this just for d. It is clear that d | a
and d | b. Assume that c | a and c | b. Up to a unit, we can write c = ni=1 pri i , where ri ≤ ki
Q

and ri ≤ li . This implies ri ≤ si and c | d. 

20 SERGEY MOZGOVOY

2.5. Euclidean domains. Euclidean domains are rings where an analogue of the Euclidean
division of integers (that is, division with a remainder) is possible.

Definition 2.28. An integral domain A is called a Euclidean domain if there exists a function
δ : R\{0} → N = {0, 1, 2, . . .}
(called a Euclidean function or a degree function) such that for any a, b ∈ A\{0} there exist
elements q, r ∈ A (quotient and remainder) such that a = bq + r and either r = 0 or δ(r) < δ(b).

Example 2.29. The ring Z with the degree function δ(n) = |n| is a Euclidean domain.

Example 2.30. For any field K, the algebra of polynomials K[x] with the degree function
δ(f ) = deg(f ) is a Euclidean domain. This follows from the following result.

Theorem 2.31. Let A be a commutative ring and let f, g ∈ A[x] be polynomials such that g
is monic of degree d, meaning that g(x) = xd + gd−1 xd−1 + · · · + g0 . Then there exist unique
polynomials q, r ∈ A[x] such that f = gq + r and deg r < d.

Proof. Let us choose a polynomial q ∈ A[x] such that the polynomial r := f − gq has the
minimal possible degree. Assume that r = re xe + · · · + r0 has degree e ≥ d. Then
e−1
X d−1
X
e−d e−d i
f − g(q + re x ) = r − re gx = ri x − re gi xe−d+i
i=0 i=0

has degree < e, a contradiction.

To prove the uniqueness, assume that f = gq 0 + r0 with deg r0 < d. Then g(q − q 0 ) = r − r0 .
If q 6= q 0 then deg(g(q − q 0 )) ≥ deg g = d and deg(r − r0 ) < d, a contradiction. Therefore q = q 0 ,
hence also r = r0 . 

Corollary 2.32. An element a ∈ A is a root of a polynomial f ∈ A[x] (that is, f (a) = 0) if

and only if (x − a) divides f .

Proof. We can divide with a remainder f = (x − a)q + r, where deg r < deg(x − a) = 1. This
means that r ∈ A. If a is a root of f then r = f (a) = 0. Therefore (x − a) divides f . Conversely,
if (x − a) divides f then clearly f (a) = 0. 

Remark 2.33. If A is an integral domain, then a polynomial f ∈ A[x] has at most deg f roots.
Indeed, if a ∈ A is a root of f , then we can write f = (x − a)q with deg q = deg f − 1. Any root
of f different from a is a root of q. By induction on degree, q has at most deg q = deg f − 1
roots. Therefore f has at most deg f roots. If A is not an integral domain, then f ∈ A[x] can
have more than deg f roots. For example, the polynomial x2 − 1 in Z8 [x] has four roots.
Note that if K is an infinite field and f, g ∈ K[x] are polynomials such that f (a) = g(a) for
all a ∈ K, then f − g has infinitely many roots, hence f − g = 0.

Example 2.34. The ring Z[i] = {x + yi | x, y ∈ Z} ⊆ C is called the ring of Gaussian integers.
It is a Euclidean domain with a degree function δ(x + yi) = |x + yi|2 = x2 + y 2 . Such degrees
are precisely those natural numbers that can be written as a sum of two squares.

Lemma 2.35. The ring Z[i] of Gaussian integers is Euclidean.

Proof. Let a, b ∈ Z[i]\{0}. Consider the element ab−1 = x + yi ∈ C. There exist m, n ∈ Z such
that |x − m| ≤ 21 and |y − n| ≤ 21 . Let q = m + ni and
r = a − bq = b(ab−1 − q) = b((x − m) + (y − n)i).
 FIELDS, RINGS AND MODULES 21

We have
δ(r) = |r|2 = |b|2 · ((x − m)2 + (y − n)2 ) ≤ |b|2 · (1/4 + 1/4) < |b|2 = δ(b).

Theorem 2.36. A Euclidean domain is a principal ideal domain and therefore also a unique
factorization domain.
Proof. Let A be a Euclidean domain with a degree function δ : A\{0} → N and let I ⊆ A be a
nonzero ideal. Let b ∈ I\{0} have a minimal possible value δ(b). Then (b) ⊆ I and we claim
that I = (b). If a ∈ I\(b), then we can write a = bq + r with r = 0 or δ(r) < δ(b). If r = 0, then
a = bq and a ∈ (b), a contradiction. If r 6= 0 then δ(r) < δ(b) and r = a − bq ∈ I, contradicting
to the minimality of δ(b). This implies that I = (b). 
Example 2.37. This theorem implies in particular, that any polynomial ring K[x] over a field K
is a principal ideal domain, hence a unique factorization domain. Therefore one has GCD and
LCM in this ring. For example, the polynomials x2 + 1, x + 1 over Q have gcd = 1. On the other
hand, the same polynomials over Z2 have gcd = x + 1 (note that x2 + 1 = x2 − 1 = (x − 1)(x + 1)).
Remark 2.38 (Euclidean algorithm). As we have seen, any Euclidean domain A is a UFD and
therefore its elements have the greatest common divisors. There is an algorithm, called the
Euclidean algorithm, that allows one to find gcd(a, b) for any a, b ∈ A. It is a generalization
of a similar algorithm for integers. Namely, we apply the following sequence of division with
remainders, until we obtain the zero remainder:
a = bq1 + r1 , δ(r1 ) < δ(b),
b = r1 q2 + r2 , δ(r2 ) < δ(r1 ),
r1 = r2 q3 + r3 , δ(r3 ) < δ(r2 ),
................
rk−2 = rk−1 qk + rk , δ(rk ) < δ(rk−1 ),
rk−1 = rk qk+1 , δ(rk+1 ) = 0.
Then
gcd(a, b) = gcd(b, r1 ) = gcd(r1 , r2 ) = · · · = gcd(rk−1 , rk ) = rk ,
where we use the fact that if a = bq + r, then gcd(a, b) = gcd(b, r). This algorithm can also be
used in order to find x, y ∈ A such that xa + yb = gcd(a, b) = rk . Indeed, first we can write
r1 = a − q1 b.
Then
r2 = b − q2 r1 = b − q2 (a − q1 b) = −q2 a + (1 + q1 q2 )b.
Continuing this process, we obtain an expression of rk as a linear combination of a and b.
22 SERGEY MOZGOVOY

2.6. The field of fractions.

Remark 2.39. The ring Z of integers has non-invertible elements. If we allow to invert nonzero
elements then we will end up with a field Q of rational numbers. Our goal is to formalize this
construction for arbitrary integral domains.
Let A be an integral domain and let S = A\{0} (it is not a subring, but it is closed with
respect to multiplication). Define a binary relation on A × S by the rule
(a, s) ∼ (b, t) ⇐⇒ at = bs.
(We think of a pair (a, s) as a fraction a/s). This is an equivalence relation:
(1) Reflexivity: (a, s) ∼ (a, s).
(2) Symmetry: (a, s) ∼ (b, t) =⇒ (b, t) ∼ (a, s).
(3) Transitivity: (a, s) ∼ (b, t) (b, t) ∼ (c, v) =⇒ (a, s) ∼ (c, v). Indeed, we have at = bs
and bv = ct. This implies atv = bsv = cts and therefore av = cs, that is, (a, s) ∼ (c, v).
We denote the set of equivalence classes of such pairs by F(A) and denote the equivalence class
of a pair (a, s) by as . We define addition and multiplication on F(A) by the rules
a b at + bs a b ab
+ = , · = .
s t st s t st
One can verify that these operations are well-defined and they equip F(A) with a ring structure.
The zero element of F(A) is 01 and the identity element is 11 .
Theorem 2.40. Let A be an integral domain. Then the ring F(A) is a field, called the field of
fractions of A. The canonical map i : A → F(A), a 7→ a1 , is an injective ring homomorphism.
For any injective ring homomorphism f : A → K to a field K, there exists a unique ring
homomorphism f¯: F(A) → K that makes the following diagram commute (f = f¯i)
A i
F(A)

f f¯
K
Proof. Let as ∈ F(A) be a nonzero element. Then as 6= 01 , that is, a = 6 0. This implies that
a
s
∈ F(A). We have s · a = 1 and this means that s is invertible. Therefore F(A) is a field.
a s 1 a

The map i : A → F(A) is obviously a ring homomorphism. For example, for a, b ∈ A

a b a·1+b·1 a+b
i(a) + i(b) = + = = = i(a + b).
1 1 1·1 1
To show that it is injective, assume that a ∈ Ker i. Then a1 = 01 . Then a = 0 and therefore
Ker i = 0.
Uniqueness of f¯. For any a ∈ A we have f¯( a1 ) = f¯(i(a)) = f (a). If s ∈ A\{0} then
f¯( 1s )f¯( 1s ) = f¯( 11 ) = f (1) = 1 and f¯( 1s ) = f (s). Therefore f¯( 1s ) = 1/f (s). This implies
f¯( as ) = f¯( a1 )f¯( 1s ) = f (a)/f (s) and uniqueness follows.
Existence of f¯. We define f¯( as ) = f (a)/f (s). One verifies easily that this map is well defined
and is a ring homomorphism. The composition (f¯i)(a) = f¯( a1 ) = f (a)/f (1) = f (a). Therefore
f = f¯i. 
Example 2.41. Consider the algebra of polynomials K[x] over a field K. The field of fractions
F(K[x]) is denoted by K(x) and is called the field of rational functions over K. Its elements
are fractions fg(x)
(x)
, where f, g are polynomials over K and g 6= 0.
 FIELDS, RINGS AND MODULES 23

2.7. Factorization in polynomial rings. We know that if K is a field, then K[x] is a UFD.
However, this is not enough to show that K[x1 , . . . , xn ] is a UFD. Our goal will be to show that
if A is a UFD, then also A[x] is a UFD. This implies that A[x1 , . . . , xn ] is a UFD by induction.
To show that A[x] is a UFD, we will consider the field of fractions K = F(A) and embed A[x]
into K[x]. Then we use the fact that K[x] is a UFD in order to prove the same for A[x].
We have seen earlier that for any two elements a, b of a UFD A, there exists their greatest
common divisor gcd(a, b). Similarly, there exists the greatest common divisor of several elements
a1 , . . . , an ∈ A which we denote by gcd(a1 , . . . , an ).
Pn i
Definition 2.42. Given a polynomial f = i=0 fi x ∈ A[x], we define its content to be
d(f ) = gcd(f0 , . . . , fn ). We say that f is primitive if d(f ) = 1 (up to a unit). Note that we can
always write f = d(f ) · f ∗ , where f ∗ ∈ A[x] is primitive.

Lemma 2.43 (Gauss’s lemma). Let A be a UFD and f, g ∈ A[x]. Then

(1) If f, g are primitive then f g is primitive.
(2) d(f g) = d(f )d(g) (up to a unit).

Proof. (1) Assume that f g is not primitive. Then there exists a prime element p ∈ A such that
all coefficients of f g are divisible by p. The ring Ā = A/(p) is an integral domain. Indeed, if
a, b ∈ A are such that [a][b] = 0 in Ā, then ab ∈ (p) =⇒ p | ab =⇒ p | a or p | b =⇒ [a] = 0
or [b] = 0 in Ā. This implies that Ā[x] is also an integral domain.
For any polynomial h ∈ A[x], we denote its image in Ā[x] by h. Then f g = 0 in Ā[x]. From
f · g = f g = 0 we obtain that f = 0 or g = 0. This means that p divides all coefficients of f or
all coefficients of g, that is, either f or g is not primitive, a contradiction.
(2) Let a = d(f ) and b = d(g). Then f = af ∗ and g = bg ∗ for primitive f ∗ , g ∗ ∈ A[x]. Therefore

d(f g) = d(abf ∗ g ∗ ) = ab · d(f ∗ g ∗ ) = ab = d(f )d(g),

where d(f ∗ g ∗ ) = 1 as f ∗ g ∗ is primitive by the first part. 

Remark 2.44. Given a polynomial f ∈ F(A)[x], we can write it in the form f = ab f ∗ , where
a, b ∈ A and f ∗ ∈ A[x] is primitive. If f is irreducible in F(A)[x], then f ∗ is irreducible in A[x].

Corollary 2.45. Let A be a UFD and f ∈ A[x] be a primitive non-constant polynomial. Then
f is irreducible in A[x] if and only if f is irreducible in F(A)[x].

Proof. Assume that f is irreducible in F(A)[x] and f = gh, where g, h ∈ A[x] are not invertible.
If deg g > 0 and deg h > 0, then f is also reducible in F(A), a contradiction. If deg g = 0, then
g ∈ A and g | d(f ). But d(f ) = 1, hence g is invertible in A and A[x], a contradiction. Similarly
for deg h = 0.
Assume that f is irreducible in A[x] and f = gh, where g, h ∈ F(A)[x] have positive degrees.
We can write
a c
g = g∗, h = h∗ ,
b d
∗ ∗
where a, b, c, d ∈ A and g , h ∈ A[x] are primitive. Then f = gh = ac bd
g ∗ h∗ , hence

bd · d(f ) = ac · d(g ∗ h∗ ) = ac.

ac ∗ ∗
This implies that d(f ) = ac
bd
and f = bd
g h = d(f )g ∗ h∗ . This contradicts to the irreducibility
of f in A[x]. 

Corollary 2.46. Let f, g, h ∈ Q[x] be monic and f = gh. If f ∈ Z[x], then g, h ∈ Z[x].
24 SERGEY MOZGOVOY

Proof. Let g = ab g ∗ , h = dc h∗ , where a, b, c, d ∈ Z and g ∗ , h∗ ∈ Z[x] are primitive. Then

f = ac
bd
g ∗ h∗ and, comparing contents, we get ac bd
= 1 (f is monic, hence primitive). Comparing
∗
the leading coefficients in g = a g, we obtain ab ∈ Z and similarly dc ∈ Z. From ac
b bd
= 1 we
b d ∗ ∗
conclude a = c = 1 (up to a sign). This implies g = g ∈ Z[x] and h = h ∈ Z[x]. 
Theorem 2.47. If A is a UFD then A[x] is a UFD. The irreducible elements of A[x] are
(1) Irreducible elements of A.
(2) Primitive polynomials in A[x] that are irreducible in F(A)[x].
Proof. Let K = F(A) be the field of fractions of A and let us consider the embedding of A[x] into
K[x]. We know that K[x] is a UFD. Let us show that the elements described in the statement
of the theorem are irreducible in A[x]. All irreducible elements in A are also irreducible in A[x].
Also any primitive p ∈ A[x] that is irreducible in K[x] is irreducible in A[x]: it can not be
written as product of two polynomials having positive degree, and if it is equal to cf for c ∈ A
and f ∈ A[x] then d(p) = 1 = d(c)d(f ) = cd(f ) =⇒ c ∈ A× =⇒ p is irreducible.
Let us show that every polynomial in A[x] can be factorized into a product of irreducibles in
Q
A[x]. Given f ∈ A[x], we can factorize it as a product f = qi of irreducible polynomials in
K[x]. We can write qi = ci pi , where ci ∈ K and pi ∈ A[x] is a primitive polynomial irreducible
in K[x]. Then Y
f =c pi ,
Q Q
where c = ci ∈ K. The product pi is a primitive polynomial in R[x] by the Gauss’s lemma.
If c = ab with a, b ∈ A, then we can write bf = a pi and comparing the GCD of coefficients on
Q

both sides we obtain b | a, hence c = ab ∈ A. Now we decompose c into a product of irreducible

elements in A. We have seen that polynomials pi are irreducible in A[x]. This proves the
existence of a factorization of f into irreducibles. This also shows that every irreducible element
in A[x] is of the form described in the statement of the theorem.
To show the uniqueness, we have to prove that any irreducible polynomial p ∈ A[x] is prime.
This is clear if p ∈ A. If deg p > 0 then p is a primitive polynomial, irreducible in K[x]. Assume
that p | f g in A[x]. As p is irreducible in K[x], it is also prime in K[x]. Therefore p | f or p | g
in K[x]. Without loss of generality p | f in K[x]. Then there exist a, b ∈ A\0 and primitive
h ∈ A[x] such that f = ab hp. Then bf = ahp and d(bf ) = a · d(hp) = a (as h and p are primitive).
This implies that ab = d(f ) ∈ A and ab h ∈ A[x], hence p | f in A[x]. Therefore p is prime in A[x]
and this finishes the proof of the uniqueness of factorizations. 
Pn
Theorem 2.48 (Eisenstein’s criterion). Let f = i=0 fn xn ∈ Z[x] be a degree n polynomial
and p be a prime number such that
(1) p | f0 , . . . , fn−1 ,
(2) p - fn ,
(3) p2 - f0 .
Then f is irreducible in Q[x].
Proof. We can assume that f is primitive (divide f by its content, if necessary). By the previous
theorem it is enough to show that f is irreducible in Z[x]. Assuming the converse, we can write
f = gh, for some non-constant g, h ∈ Z[x]. Then, modulo p, we obtain f = gh in Zp [x]. By
our assumption f i = 0 for 0 ≤ i < n, hence f = f n xn , where f n 6= 0 in Zp . Therefore g = bxk ,
h = cxl , where k = deg g > 0, l = deg h > 0 and b̄, c̄ ∈ Zp are nonzero. This implies that the
constant terms of g, h are divisible by p, hence f0 is divisible by p2 . A contradiction. 
 FIELDS, RINGS AND MODULES 25

3. Fields
3.1. Basic definitions. Recall that a field is a commutative ring such that all of its nonzero
elements are invertible. We know the fields Q, R, C. We also know that, for any prime integer p,
the quotient ring Fp = Z/pZ is a field. The next lemma gives an important source of new fields.
Lemma 3.1. Let K be a field and p ∈ K[x] be irreducible. Then K[x]/(p) is a field.
Proof. Note that A = K[x] is a PID. We will prove generally that if A is a PID and p ∈ A
is irreducible, then A/(p) is a field. Let f ∈ A be such that [f ] 6= 0 in A/(p). We can write
(f, p) = (d) for some d ∈ A. Then d | p, hence d = p or d = 1 (up to a unit) as p is irreducible. If
d = p then p | f =⇒ f ∈ (p) =⇒ [f ] = 0, a contradiction. If d = 1, then there exist u, v ∈ A
such that f u + pv = 1. This implies that [f ] · [u] = 1 in A/(p). Therefore [f ] is invertible and
A/(p) is a field. 
Definition 3.2. Let L be a field. A subring K ⊆ L is called a subfield if K is a field (equipped
with the induced ring structure). The field L is called a field extension of K. We write L/K in
this case.
T
Lemma 3.3. Let (Ki )i∈I be a collection of subfields of a field L. Then i∈I Ki is a subfield
of L.
T
Proof. Let K = i∈I Ki . It is clear that 0, 1 ∈ K. For any a, b ∈ K we have a, b ∈ Ki ∀i ∈ I.
Therefore a + b, ab ∈ Ki ∀i ∈ I. This implies a + b, ab ∈ K. Therefore K ⊆ L is a subring.
Finally, if a ∈ K is nonzero, then a−1 ∈ Ki ∀i ∈ I. Therefore a−1 ∈ K. This means that K ⊆ L
is a subfield. 
Definition 3.4. Given a field K and a subset S ⊆ K, we define the subfield generated by S to
be the intersection of all subfields of K that contain S. It is the minimal subfield that contains S.
The subfield of K generated by ∅ (or by {0, 1}) is called the prime subfield of K. It is the
minimal subfield contained in K.
Given a field K and n ∈ Z, a ∈ K, we define
n·a=a
| + ·{z
· · + a} ∈ K
n summands

if n ≥ 0 and n · a = −((−n) · a) if n < 0.

Definition 3.5. We define the characteristic char K of a field K to be the minimal integer
p ≥ 2 such that p · 1K = 0 if such p exists and zero otherwise.
Theorem 3.6. The characteristic of a field K is either zero or a prime number. The prime
subfield of K is
(1) Q if char K = 0.
(2) Fp if p = char K is prime.
Proof. Consider the map f : Z → K, n 7→ n · 1K . This is a ring homomorphism. Indeed, for any
m, n ≥ 0, we have
f (m + n) = (m + n) · 1K = m · 1K + n · 1K = f (m) + f (n),
f (mn) = |1 + ·{z
· · + 1} = (1| + ·{z
· · + 1}) · (1| + ·{z
· · + 1}) = f (m) · f (n)
mn m n
and similarly for any m, n ∈ Z. The ideal Ker f ⊆ Z can be written as Ker f = (p) for some
p ≥ 0.
26 SERGEY MOZGOVOY

If p = 0, then f is injective and therefore n · 1K 6= 0 for all n > 0. This means that char K = 0.
The injective map f : Z → K can be extended to f : Q → K. We obtain a subfield Q ⊆ K
generated by 0, 1. This implies that Q is the prime subfield of K.
If p > 0, then p is the minimal positive integer such that p · 1 = 0 in K. Therefore char K = p.
Moreover, there is an injective ring homomorphism Z/(p) = Z/ Ker f → K. Therefore Z/(p) is
an integral domain. If p is not prime, then there exist 1 < a, b < p such that ab = p. Then the
corresponding congruence classes a, b ∈ Z/(p) are nonzero and ab = 0. This contradicts to the
fact that Z/(p) is an integral domain. We conclude that p is prime and therefore Z/(p) is a
field. It is a subfield of K generated by 0, 1. Therefore it is the prime subfield of K. 
 FIELDS, RINGS AND MODULES 27

3.2. Field extensions.

Definition 3.7. Let L/K be a field extension and a1 , . . . , an ∈ L. We define K[a1 , . . . , an ] ⊆ L
to be the subring of L generated by K and a1 , . . . , an :
nX o
bi1 ,...,in ai11 . . . ainn bi1 ,...,in ∈ K ∀i1 , . . . , in ≥ 0 .
We define K(a1 , . . . , an ) ⊆ L to be the subfield of L generated by K and a1 , . . . , an . It is the
field of fractions of K[a1 , . . . , an ]. An extension L/K is called simple if there exists an element
a ∈ L such that L = K(a).
Example 3.8.
(1) Consider the field extension C/R. Then R(i) = R[i] = C.
(2) Let K be a field and L = K(x) be the field of rational functions over K. Then the ring
generated by K and x is the ring of polynomials K[x]. The field generated by K and x
is K(x) = L. √ √ √ √
(3) Let us show that Q[√ 2] is a field and therefore Q( 2) = Q[ 2]. Any element of Q[ 2]
is of the form a + b 2, where a, b ∈ Q. It’s inverse is
√
1 a−b 2 a b √
√ = 2 = − 2 ∈ Q[2].
a+b 2 a + 2b2 a2 + 2b2 a2 + 2b2
√ √
Therefore all nonzero elements of Q[ 2] are invertible in Q[ 2] and it is a field.
Definition 3.9. Let L/K be a field extension.
(1) We can consider L as a vector space over K: it is an abelian group and the scalar
multiplication K × L → L can be defined using multiplication in L. We define the degree
of a field extension L/K
[L : K] = dimK L ∈ N ∪ {∞}.
(2) A field extension L/K is called finite if [L : K] < ∞.
√
Example 3.10. We have [C : R] = 2, [Q[ 2] : Q] = 2, [K(x) : K] = ∞, [R : Q] = ∞.
Remark 3.11. Let K be a finite field and let p = char K. We know that Fp ⊆ K. Let
n = [K : Fp ] and (e1 , . . . , en ) be a basis of K over Fp . Then every element in K can be uniquely
written in the form
b1 e1 + · · · + bn en
for some b1 , . . . , bn ∈ Fp . Therefore the number of elements of K equals pn . This means that
the number of elements of a finite field is always a power of a prime number. We will see later
that for every n ≥ 1 there exists a unique (up to an isomorphism) field having pn elements. It is
denoted by Fpn .
Definition 3.12. Let L/K be a field extension. An element a ∈ L is called algebraic over
K if there exists a nonzero polynomial f ∈ K[x] such that f (a) = 0. Otherwise a is called
transcendental .
Example 3.13.
algebraic over R. It is a root of the polynomial x2 + 1 ∈ R[x].
i ∈ C is √
(1) The element √
(2) The element 2 ∈ Q[ 2] is algebraic over Q. It is a root of the polynomial x2 − 2 ∈ Q[x].
(3) The element x ∈ K(x) is transcendental over K.
(4) The element π ∈ R is transcendental over Q (Lindemann, 1882).
Theorem 3.14. Let L/K be a field extension and a ∈ L be algebraic over K. Then
28 SERGEY MOZGOVOY

(1) Among all monic polynomials in K[x] that have a root a, there exists a unique polyno-
mial p having minimal degree. It is called the minimal polynomial of a over K.
(2) The minimal polynomial p ∈ K[x] of a is irreducible. If a is a root of f ∈ K[x], then
p | f.
(3) There is an isomorphism of fields

K[x]/(p) → K[a] = K(a), f 7→ f (a).

(4) We have [K(a) : K] = deg p. If d = deg p, then (1, a, . . . , ad−1 ) is a basis of K(a) over K.

Proof. (1) Consider the ring homomorphism φa : K[x] → L given by f 7→ f (a). As a is algebraic,
the kernel Ker φa ⊆ K[x] is a non-trivial prinicipal ideal. Let p ∈ K[x] be the monic polynomial
such that Ker φa = (p). If f ∈ K[x] is another monic polynomial that has a root a, then f ∈ (p)
and p | f . This implies that deg p ≤ deg f and if deg p = deg f then p = f .
(2) We have K[x]/(p) ⊆ L, hence K[x]/(p) is an integral domain. This implies that p is
irreducible. Indeed, if p = f g then f g = 0 in K[x]/(p) =⇒ f = 0 or g = 0 =⇒ p | f or p | g
and this means that p = f or p = g up to a unit. We have seen already that if f ∈ K[x] has
root a then p | f .
(3) The kernel of the map φa : K[x] → L is (p) and its image is K[a]. This implies that
K[x]/(p) ' K[a]. We know that K[x]/(p) is a field as p is irreducible. Therefore K[a] is a field
and K(a) = K[a].
(4) The basis of K[x]/(p) is given by (1, x, . . . , xd−1 ). Therefore the basis of K[a] = K(a) is
given by (1, a, . . . , ad−1 ). 

Lemma 3.15. Let L/K be a finite field extension. Then any element a ∈ L is algebraic over K.

Proof. Let n = [L : K] = dimK L. Then the n + 1 elements 1, a, . . . , an are linearly dependent

over K. Therefore there exist elements f0 , . . . , fn ∈ K not all of which are zero such that

f0 + f1 a + · · · + fn an = 0.
Pn
Let f = i=0 fi xi ∈ K[x]. Then f 6= 0 and f (a) = 0. 

Example 3.16. This lemma implies that any complex number a ∈ C is algebraic over R.
Moreover, the elements 1, a, a2 are linearly dependent over R, hence there exists a nonzero
polynomial
f = f2 x2 + f1 x + f0 ∈ R[x]
such that f (a) = 0. This means that every complex number a is a root of a quadratic polynomial
with real coefficients.

Lemma 3.17. Let L/K be a field extension and a ∈ L be transcendental. Then K(a) ' K(x).

Proof. Consider a ring homomorphism φ : K[x] → L, f 7→ f (a). This map is injective as a as

otherwise a would be algebraic. All nonzero elements in K[x] are mapped to the invertible
elements in L, therefore we can extend φ to a ring homomorphism K(x) = Q(K[x]) → L.
This map is injective and its image is a field generated by K and a, that is, K(a). Therefore
K(x) ' K(a). 

Theorem 3.18. Consider finite field extensions K ⊆ L ⊆ M . Then

[M : K] = [M : L] · [L : K].
 FIELDS, RINGS AND MODULES 29

Proof. Let r = [L : K], s = [M : L], let l1 , . . . , lr be a basis of L/K and let m1 , . . . , ms be a basis
of M/L. We claim that the products li mj form a basis of M/K. Given x ∈ M we can write
X
x= yj mj , yj ∈ L
j=1

and we can write X

yj = xij li , xij ∈ K.
Therefore X X
x= yj mj = xij li mj
i,j
and this means that li mj generate M/K. To prove that they are linearly independent assume that
P
we have elements xij ∈ K such that i,j xij li mj = 0. As m1 , . . . , ms are linearly independent
P
over L, we conclude that ij xij li = 0 for every j. As li are linearly independent over K, we
conclude that xij = 0 for all i, j. This implies that
{li mj | 1 ≤ i ≤ r, 1 ≤ j ≤ s}
is a basis of M/K and therefore [M : K] = rs. 
30 SERGEY MOZGOVOY

3.3. Splitting fields, Finite fields, Algebraically closed fields.

Definition 3.19. A field K is called algebraically closed if every non-constant polynomial in
K[x] has at least one root over K. Equivalently, any polynomial in K[x] splits over K, that is,
it is a product of linear polynomials.
Theorem 3.20 (Fundamental Theorem of Algebra). The field C of complex numbers is alge-
braically closed.
Remark 3.21. If K is an algebraically closed field and L/K is a finite field extension then
L = K. Indeed, we know that every a ∈ L is algebraic over K. Let p ∈ K[x] be the minimal
polynomial of a. Then p is a product of linear polynomials with coefficients in K, hence a ∈ K.
We conclude that L = K.
Definition 3.22. Let K be a field.
(1) We say that a nonconstant polynomial f ∈ K[x] splits over a field extension L/K if
there exist a ∈ K and c1 , . . . , cn ∈ L such that
f (x) = a(x − c1 ) . . . (x − cn ).
(2) A field extension L/K is called a splitting field of f ∈ K[x] if f splits over L and
L = K(c1 , . . . , cn ), where c1 , . . . , cn ∈ L are the roots of f .
Theorem 3.23. Let K be a field and f ∈ K[x] be a polynomial of degree n ≥ 1. Then there
exists a (unique up to an isomorphism) splitting field L of f over K. Moreover, [L : K] ≤ n!.
Proof. We will only prove existence. Let p = di=0 pi xi be an irreducible divisor of f . Let
P

L0 = K[x]/(p), I = (p), and a = x + I ∈ L0 . Then

p(a) = p0 + p1 (x + I) + · · · + pd (x + I)d = (p0 + p1 x + · · · + pd xd ) + I = p(x) + I = I.
Therefore p(a) = 0 in L0 . This implies that f (a) = 0 and we can write
f (x) = (x − a)g(x)
for some polynomial g ∈ L0 [x] of degree n − 1. By induction on n, there exists a splitting field
L of g over L0 of degree [L : L0 ] ≤ (n − 1)!. This is also a splitting field of f over K. Note that
[L0 : K] = deg p ≤ deg f = n.
Therefore
[L : K] = [L : L0 ] · [L0 : K] ≤ (n − 1)! · n = n!.

Theorem 3.24. Every finite field has pn elements, for some prime p and integer n ≥ 1. For
every prime p and integer n ≥ 1, there exists a (unique up to an isomorphism) field with pn
elements. It is denoted by Fpn .
Proof. Let K be a finite field of characteristic p. Then p is prime and K contains a prime
subfield Fp = Z/pZ. If n = [K : Fp ], then #K = pn .
Let K be a field with q = pn elements. Then the set K × = K\{0} of invertible elements is
a group with respect to multiplication. It has q − 1 elements, hence aq−1 = 1 for all a ∈ K × .
This implies that aq = a for all a ∈ K. Therefore all elements of K are roots of the polynomial
xq − x, hence xq − x = a∈K (x − a). This implies that K is a splitting field of xq − x over Fp ,
Q

hence is unique.
Let us prove existence of a field with q = pn elements. Let K be the splitting field of xq − x
over Fp . We claim that K is the set of q distinct roots of xq − x, hence contains q elements. Let
L ⊆ K be the set of all roots of f (x) = xq − x. Then L is a subfield of K:
 FIELDS, RINGS AND MODULES 31

(1) 0, 1 ∈ L as 0q = 0 and 1q = 1.
(2) If a, b ∈ L, then aq = a, bq = b =⇒ (ab)q = aq bq = ab =⇒ ab ∈ L.
(3) If 0 6= a ∈ L, then aq = a =⇒ (a−1 )q = a−q = a−1 =⇒ a−1 ∈ L.

(4) Let a, b ∈ L. We have (a + b)q = aq + bq (binomial coefficients kq are divisible by p if
0 < k < q). This implies (a + b)q = aq + bq = a + b =⇒ a + b ∈ L.
As L is a field containing all roots of xq − x (and nothing else), it is the splitting field of this
polynomial, hence K = L. We only need to show that f (x) = xq − x does not have multiple
roots. Indeed, assume that f (x) = (x − a)2 · g(x) for some g ∈ K[x] and a ∈ K. We can formally
define a derivative of polynomials. Then f 0 (x) = 2(x − a)g(x) + (x − a)2 g 0 (x) and f 0 (a) = 0.
But f 0 (x) = qxq−1 − 1 = −1 as q = pn = 0 in K. A contradiction. We conclude that all roots of
xq − x are distinct, hence #K = #L = q. 

Lemma 3.25. Let K be a field. The following conditions are equivalent.

(1) Any non-constant polynomial in K[x] has at least one root over K.
(2) Any polynomial in K[x] splits over K, that is, it is a product of linear polynomials.
(3) Any irreducible polynomial over K is linear.
(4) Any algebraic element over K is contained in K.
(5) If L/K is a finite field extension, then L = K.
A field K satisfying these properties is called an algebraically closed field.

Proof. 1 =⇒ 2. Let f ∈ K[x] have degree n and c ∈ K be its root. Then f (x) = (x − c)g(x)
for some polynomial g ∈ K[x] of degree n − 1. By induction on n, we can write g(x) =
a(x − c1 ) . . . (x − cn−1 ). Therefore
f (x) = a(x − c)(x − c1 ) . . . (x − cn−1 ).
2 =⇒ 3. Let p ∈ K[x] be an irreducible polynomial. By assumption it is a product of linear
polynomials. Therefore p is linear.
3 =⇒ 4. Let L/K be a field extension and a ∈ L be algebraic over K. Then the minimal
polynomial of a over K is irreducible. By assumption it is linear. This implies that a ∈ K.
4 =⇒ 5. Let L/K be a finite field extension. Then any element a ∈ L is algebraic. By
assumption a ∈ K. This implies that L = K.
5 =⇒ 1. We can assume that f ∈ K[x] is irreducible. Then the field K[x]/(f ) is finite over K.
By assumption L = K[x]/(f ) = K and therefore
deg f = [L : K] = 1,
that is, f is linear. 

Theorem 3.26 (Fundamental Theorem of Algebra). The field C of complex numbers is alge-
braically closed.

Proof. Let
f (z) = z n + fn−1 z n−1 + · · · + f0
be a non-constant polynomial over C that does not have roots over C. There exist r > 0 such
that for all z ∈ C with |z| > r, we have
|f (z)| > |f (0)| .
Let Dr = {z ∈ C | |z| ≤ r }. Then
inf |f (z)| = inf |f (z)| = |f (z0 )| > 0
z∈C z∈Dr
32 SERGEY MOZGOVOY

for some z0 ∈ Dr (as Dr is compact). If f (z) 6= 0 for all z ∈ C, then 1/f (z) is holomorphic and
bounded over C:
1 1
|f (z)| ≥ |f (z0 )| =⇒ ≤ < +∞.
|f (z)| |f (z0 )|
By the Liouville’s Theorem such function should be constant. Therefore f (z) is constant. A
contradiction. 
 FIELDS, RINGS AND MODULES 33

3.4. Constructions with compass and straightedge. In this section we discuss construc-
tions on the plane R2 using a compass and a straightedge. We will usually identify R2 with C.
Our goal is to understand the set K ⊆ C of points that can be constructed using a compass and
a straightedge starting from the points 0 and 1. The following problems were studied already in
Ancient Greece:
(1) Duplication of a cube (construct a > 0 such that a3 = 2 · 13 = 2).
(2) Trisection of an arbitrary angle (given an angle φ ∈ [0, 2π] construct an angle φ/3, that
is, given a point eiφ ∈ C, construct a point eiφ/3 ).
(3) Quadrature of a circle (construct a > 0 such that a square with sides of length a has an
area of a radius one circle, that is, a2 = π)
We will show that these constructions are not possible with a compass and a straighedge.
Definition 3.27. Let K ⊆ C be a subset.
(1) A line through two distinct points in K is called an elementary K-constructible line.
(2) A circle that has some point in K and a center in K is called an elementary K-
constructible circle.
(3) All elementary K-constructible lines and circles are called elementary K-constructible
objects.
(4) A point in the intersection of two different elementary K-constructible objects is called
an elementary K-constructible point.
Lemma 3.28. Let L/K be a field extension and char K 6= 2. Then the following conditions are
equivalent
(1) [L : K] = 2.
(2) L = K[a] for some a ∈ L\K such that a2 ∈ K.
Such fields extension is called quadratic.
Proof. 1 =⇒ 2. Let b ∈ L\K. Its minimal polynomial has degree 2 and can be written in the
form
p(x) = x2 + cx + d = (x + c/2)2 + (d − c2 /4), c, d ∈ K.
From p(b) = 0 we obtain
(b + c/2)2 = c2 /4 − d.
Therefore the element a = b + c/2 ∈ L\K satisfies
a2 = c2 /4 − d ∈ K
and we have L = K[a].
2 =⇒ 1. The minimal polynomial of a over K is p(x) = x2 − a2 . Therefore
[L : K] = [K[a] : K] = deg p = 2.

Theorem 3.29. The following subsets of C coincide
(1) The smallest subset K ⊆ C that contains 0, 1 and all its elementary constructible points.
(2) The minimal subfield L ⊆ C that contains all its square roots.
Proof. L ⊆ K: To prove this we need to show that K is a field closed under taking square roots.
Then L ⊆ K as L is the minimal field with this property. Let us show first that K is a field.
Given z, w ∈ C, one can construct a parallelogram with vertices 0, z, w, z + w. Therefore one can
construct z + w. It is easy to construct −z. To construct zw or z/w, we represent z = aeiφ and
34 SERGEY MOZGOVOY

w = aeiψ , where a, b ∈ R are the lengths of z, w and φ, ψ ∈ [0, 2π] are the angles between z, w
and the x-axis. Then zw = abei(φ+ψ) and similarly for z/w. One can easily add and subtract
angles. Therefore we just have to multiply and divide real positive numbers. In the following
picture the lines AC and BD are parallel and therefore a1 = cb , that is, c = ab. This implies that
if we know real a, b > 0, then we can construct c = ab. And if we know real b, c > 0, then we
can construct a = cb . This implies that K is a field.

C
b

O 1 A a B

Let us show that K is stable under taking square roots. We have to prove that given z = aeiφ ,
√
we can also construct aeiφ/2 . It is easy to construct a bisector of an angle. Therefore we can
√
construct an angle φ/2. To construct a, consider the following picture, where we start with
intervals OA and AB, construct a circle with the diameter OB, and raise a perpendicular to
OB at the point A. The angle OCB is right.
C

O 1 A a B

We have
(12 + h2 ) + (a2 + h2 ) = OC 2 + BC 2 = OB 2 = (1 + a)2
√
which implies h2 = a, that is, h = a.
K ⊆ L: To prove this we will show that L 3 0, 1 is closed under elementary constructions.
Then K ⊆ L as K is the minimal set with this property. First, we claim that z ∈ L if and only
if <z, Im z ∈ L ∩ R. If L ⊆ C is closed under taking square roots, then so is its conjugate L and
the intersection L ∩ L (if x2 = a for a ∈ L ∩ L then x ∈ L ∩ L). From the minimality of L, we
obtain L = L ∩ L =⇒ L = L. This implies that if z = x + iy ∈ L =⇒ z = x − iy ∈ L =⇒
x = 12 (z + z) ∈ L and iy = 12 (z − z) ∈ L. Note that i ∈ L as i2 = −1 ∈ L. Therefore y ∈ L.
Conversely, if x, y ∈ L ∩ R then also x + iy ∈ L.
An elementary L-constructible circle consists of points x + iy satisfying
(x − a)2 + (y − b)2 = c2
for some a, b, c ∈ L ∩ R. An elementary L-constructible line through the points x1 + iy1 ∈ L
and x2 + iy2 ∈ L (with x1 6= x2 , y1 6= y2 ) has an equation
x − x1 y − y1
= .
x2 − x1 y2 − y1
It can be written in the form
ax + by + c = 0,
 FIELDS, RINGS AND MODULES 35

where a = y2 − y1 ∈ L ∩ R, b = x1 − x2 ∈ L ∩ R and c = ax1 + by1 ∈ L ∩ R. Intersection points

of L-constructible circles and lines have coordinates (x, y), where x, y are solutions of linear and
quadratic equations with coefficients in L ∩ R. By assumption, L is closed under taking square
roots and therefore under taking quadratic extensions or taking roots of quadratic equations.
This implies that x, y ∈ L and therefore x + iy ∈ L. Therefore L is closed under elementary
constructions and K ⊆ L. 
Remark 3.30. The points of K = L from the previous theorem are called constructible points.
The angle φ ∈ [0, 2π] is called constructible if the point eiφ on the unit circle is constructible.
Corollary 3.31. If a ∈ C is constructible, then it is algebraic over Q and its minimal polynomial
has degree 2k for some k ≥ 0.
Proof. By the previous theorem, there exists a chain of field extensions
Q = K0 ⊆ K 1 ⊆ . . . ⊆ Kn
such that a ∈ Kn and [Ki : Ki−1 ] = 2 for 1 ≤ i ≤ n. Then
n
Y
[Kn : Q] = [Ki : Ki−1 ] = 2n .
i=1

This implies that Kn is a finite field extension of Q. Therefore a is algebraic over Q. If p ∈ Q[x]
is the minimal polynomial of a, then
deg p = [Q[a] : Q]
is a divisor of [Kn : Q] = 2n as
[Kn : Q] = [Kn : Q[a]] · [Q[a] : Q].
Therefore deg p is a power of 2. 
Corollary 3.32. The following constructions are impossible with a compass and a straightedge
(1) Duplication of a cube.
(2) Trisection of an arbitrary angle.
(3) Quadrature of a circle.
Proof. 1. Assume that we can construct a > 0 such that a3 = 2. The minimal polynomial
of a = 21/3 over Q is x3 − 2. Its degree is 3 which is not a power of 2. Therefore a is not
constructible.
2. Assume that we can trisect an arbitrary angle. One can construct angles π/3 and φ = 2π/3.
Therefore the point eiφ = e2πi/3 is constructible. We will show that the angle φ/3 is not
constructible, that is, the point z = eiφ/3 = e2πi/9 is not constructible. We have
z 9 = e9·2πi/9 = e2πi = 1.
Therefore z is a root of the polynomial
x9 − 1 = (x3 − 1)(x6 + x3 + 1).
It is clear that z 3 6= 1. Therefore z is a root of the polynomial p(x) = x6 + x3 + 1. This
polynomial is irreducible. To see this we apply the Eisenstein’s criterion to the polynomial
p(x + 1) = (x + 1)6 + (x + 1)3 + 1 = x6 + 6x5 + 15x4 + 21x3 + 18x2 + 9x + 3
with prime 3. The irreducibility of p implies that p is a minimal polynomial of z. Its degree is 6
which is not a power of 2. Therefore z is not constructible.
36 SERGEY MOZGOVOY

3. If the quadrature of the circle is possible, then the value a > 0 satisfying a2 = π is
algebraic. This implies that a2 is also algebraic. But by the theorem of Lindemann (1882) π is
not algebraic. 
 FIELDS, RINGS AND MODULES 37

4. Symmetric polynomials
Let Kbe a field. For every permutation σ ∈ Sn , define a map

σ : K[x1 , . . . , xn ] → K[x1 , . . . , xn ], f 7→ σf = f (xσ1 , . . . , xσn ).

This defines an action of the group Sn on the algebra K[x1 , . . . , xn ]. A polynomial f ∈

K[x1 , . . . , xn ] is called symmetric if σf = f for all σ ∈ Sn . The set

Λn = K[x1 , . . . , xn ]Sn

of all symmetric polynomials is a subalgebra of K[x1 , . . . , xn ].

Example 4.1.
(1) For every 1 ≤ k ≤ n, the polynomial
X
ek = xi1 . . . xik
1≤i1 <···<ik ≤n

is a symmetric polynomial (of degree k) in Λn , called an elementary symmetric polynomial.

For example,
e1 = x1 + x2 + · · · + xn ,

e2 = x1 x2 + x1 x3 + x2 x3 + · · · + xn−1 xn ,

en = x1 . . . xn .
We can write
n
Y
(x − xi ) = xn − e1 xn−1 + e2 xn−2 + · · · + (−1n )en .
i=1

(2) For every k ≥ 1, the polynomial

X
hk = x i 1 . . . xi k
1≤i1 ≤···≤ik ≤n

is a symmetric polynomial (of degree k) in Λn , called a complete symmetric polynomial.

For example,
h1 = x1 + x2 + · · · + xn ,

h2 = x21 + x1 x2 + x22 + x1 x3 + · · · + xn−1 xn + x2n .

(3) For every k ≥ 1, the polynomial

pk = xk1 + · · · + xkn

is a symmetric polynomial (of degree k) in Λn , called a power sum.

Theorem 4.2. The elements e1 , . . . , en generate Λn over Kand are algebraically independent.
This means that every element in Λn is a polynomial in e1 , . . . en and if
X
f (e1 , . . . , en ) = fi1 ,...,in ei11 . . . einn = 0, fi1 ,...,in ∈ K,
i1 ,...,in ≥0

then f = 0.
38 SERGEY MOZGOVOY

Proof. Consider the lexicographic order on Nn :

(i1 , . . . , in ) > (j1 , . . . , jn ) ⇐⇒ ∃k ≥ 1 : il = jl ∀l < k, ik > jk .
Let f be a symmetric polynomial and let xi11 . . . xinn be the highest monomial in f (with a
non-zero coefficient) with respect to lexicographic order. Then i1 ≥ i2 ≥ · · · ≥ in (as otherwise
we can exchange some of ik and get a higher monomial). The highest monomial in
ei11 −i2 ei22 −i3 . . . einn (1)
is
xi11 −i2 (x1 x2 )i2 −i3 . . . (x1 . . . xn )in = xi11 xi22 . . . xinn .
We can subtract (1) from f (with an appropriate coefficient) in order to kill the highest
monomial. The highest monomial of the new polynomial has a smaller degree (with respect
to the lexicographic order) and we can assume by induction that the new polynomial can be
expressed as a polynomial of e1 , . . . , en .
Let us show that e1 , . . . , en are algebraically independent. The highest monomial of ek11 . . . eknn
is P P
k1 k2 kn i≥1 ki ki
x1 (x1 x2 ) . . . (x1 . . . xn ) = x1 x2 i≥2 . . .
This implies that if ek11 . . . eknn 6= el11 . . . elnn , then the corresponding highest monomials are
different. Given a non-trivial linear combination of products ek11 . . . eknn over K, consider the
highest monomials of all ek11 . . . eknn (having non-zero coefficients). The highest of them appears
only once, hence has a non-zero coefficient and the whole linear combination is nonzero. This
implies that the products ek11 . . . eknn are linearly independent and the elements e1 , . . . , en are
algebraically independent. 
Remark 4.3. In the same way we can show that h1 , . . . , hn generate Λn and are algebraically
independent. Similarly (if Khas characteristic zero) p1 , . . . , pn generate Λn and are algebraically
independent.
Example 4.4. In Λ2 we have e1 = h1 = p1 = x1 + x2 and
e2 = x1 x2 , h2 = x21 + x1 x2 + x22 , p2 = x21 + x22 .
This implies
1
h2 = e21 − e2 = (p21 + p2 ), p2 = e21 − 2e2 .
2
Remark 4.5. Consider the generating functions
X Y n
E(t) = ek tk = (1 + xi t),
k≥0 i=1
n n
X
k
Y Y 1
H(t) = hk t = (1 + xi t + x2i t2 + ...) = .
k≥0 i=1 i=1
1 − xi t
Then
H(t)E(−t) = 1.
n n X k k
X 1 X xi t X pk
log H(t) = log = = tk .
i=1
1 − xi t i=1 k≥1
k k≥1
k
 FIELDS, RINGS AND MODULES 39
Qn
4.1. Discriminant. Let f ∈ K[x] and L/K be its splitting field, so that f (x) = a i=1 (x − xi ),
where xi ∈ L are the roots of f . We define the discriminant of f
Y
∆ = a2n−2 (xi − xj )2
i<j

which is symmetric in x1 , . . . , xn . Note that ∆ is zero if and only if f has a multiple root. Let
us show that ∆ ∈ K. We can assume that a = 1. By the previous results ∆ is a polynomial in
e1 , . . . , en , where
f (x) = xn − e1 xn−1 + e2 xn−2 + · · · + (−1)n en .
This means that ∆ is a polynomial in the coefficients of f , hence ∆ ∈ K.
Let n = 2 and f = x2 − e1 x + e2 = x2 + bx + c. Then we get the usual discriminant
∆ = (x1 − x2 )2 = e21 − 4e2 = b2 − 4c.
Let n = 3 and assume for simplicity that
f = x3 − e1 x2 + e2 x − e3 = x3 + bx + c,
implying that e1 = x1 + x2 + x3 = 0. As ∆ has degree 6, we have
∆ = ue23 + ve32 ,
for some u, v ∈ Z.
(1) If x1 = 1 = −x2 and x3 = 0, then ∆ = 4 = ve32 = −v, hence v = −4.
(2) If x1 = x2 = 1 and x3 = −2, then ∆ = 0 = 4u − 4(1 − 2 − 2)3 , hence u = −27.
We conclude that
∆ = −27e23 − 4e32 = −27c2 − 4b3 .
Example 4.6. Let us compute the discriminant of xn − 1. Let ξ = e2πi/n . Then
n−1
n n
(ξ − ξ ) = (−1)( 2 ) (ξ − ξ ) = (−1)( 2 )
Y Y YY
i j 2 i j
∆= ξ i (1 − ξ j−i )
0≤i<j<n i6=j i=0 j6=i
n−1
n n n n
= (−1)( 2 ) (1 − ξ k ) = (−1)( 2 ) ξ ( 2 ) nn = (−1)( 2 ) eπi(n−1) nn = ±nn .
Y Y
ξi
i=0 k6=0
−1 n
where we used the fact that k6=0 (x − ξ k ) = xx−1 = 1 + x + · · · + xn−1 and substituted x = 1.
Q

A discriminant of f is a polynomial in the coefficients of f . This implies that the discriminant

of xn − 1 is still ±nn if we consider xn − 1 as a polynomial in Fp [x]. In particular, if p | n,
then ∆ = 0 and xn − 1 has multiple roots over Fp . If p - n, then ∆ 6= 0 and xn − 1 does not
have multiple roots over Fp . The last statement also follows from the fact that xn − 1 and its
derivative nxn−1 are non-zero and coprime, hence xn − 1 can not have multiple factors (and in
particular multiple roots).
40 SERGEY MOZGOVOY

5. Modules
5.1. Definition and examples. Modules over rings generalize the notion of a vector space
over a field.

Definition 5.1. A module over a ring A (or an A-module) is an abelian group (M, +) together
with a map
A × M → M, (a, m) 7→ a · m = am,
called a multiplication, such that for all a, b ∈ A and m, n ∈ M
(1) a(bm) = (ab)m,
(2) 1m = m,
(3) a(m + n) = am + an,
(4) (a + b)m = am + bm.

Remark 5.2. If A is a field, then an A-module is usually called an A-vector space or a vector
space over A.

Example 5.3. Any ring A is a module over itself. More generally, for any n ≥ 1, the product
An is an A-module with the multiplication defined by a(x1 , . . . , xn ) = (ax1 , . . . , axn ).

Example 5.4. Let I ⊆ A be an ideal. Then I is a module over A with the multiplication
A × I 3 (a, b) 7→ ab ∈ I.

Example 5.5. Let f : A → B be a ring homomorphism and M be a B-module. Then M can

be considered also as an A-module. The multiplication is given by

a · m = f (a) · m, a ∈ A, m ∈ M.

We say that the A-module structure on M is obtained by restriction of scalars. In particular,

B is a module over A with the multiplication given by

a · b = f (a) · b, a ∈ A, b ∈ B.

If I ⊆ A is an ideal, then there is a canonical ring homomorphism π : A → A/I. Therefore A/I

is an A-module, with the multiplication given by a · [b] = [ab].

Remark 5.6. Let M be an A-module, 0A be the zero element of A and 0M be the zero element
of M . Then
(1) 0A m = 0M for any m ∈ M .
(2) (−1)m = −m for any m ∈ M .
(3) a0M = 0M for any a ∈ A.
Indeed,
0A m + 0A m = (0A + 0A )m = 0A m.
Therefore 0A m = 0M . Similarly,

(−1)m + m = (−1 + 1)m = 0A m = 0M .

Therefore (−1)m = −m. Finally

a0M + a0M = a(0M + 0M ) = a0M .

Therefore a0M = 0M .
 FIELDS, RINGS AND MODULES 41

Example 5.7. Let M be an abelian group. Then M is automatically a Z-module. Indeed, for
any k ≥ 0 and m ∈ M , we define
k·m=m
| + ·{z
· · + m}
k summands

and (−k)m = −km. Note that this is a unique possible structure of a Z-module on M because
we should have 1 · m = m, 2 · m = (1 + 1)m = m + m and generally (k + 1)m = km + m.
42 SERGEY MOZGOVOY

5.2. Homomorphisms and submodules.

Definition 5.8. Let A be a ring and M, N be A-modules.
(1) A map f : M → N is called a homomorphism of A-modules (or A-linear) if
(1) f (m + m0 ) = f (m) + f (m0 ) for any m, m0 ∈ M .
(2) f (am) = af (m) for any a ∈ A, m ∈ M .
(2) A bijective homomorphism f : M → N is called an isomorphism.
(3) A homomorphism f : M → M is called an endomorphism. A bijective endomorphism
f : M → M is called an automorphism.
(4) The set of all A-module homomorphism f : M → N is denoted by HomA (M, N ).
(5) The set of all A-module endomorphisms f : M → M is denoted by EndA (M ) =
HomA (M, M ).
Lemma 5.9. Let M, N be two A-modules. Then
(1) HomA (M, N ) is an abelian group, with an addition defined by
(f + g)m = f (m) + g(m), f, g ∈ HomA (M, N ), m ∈ M.
(2) EndA (M ) = Hom(M, M ) is a ring, with an addition defined as above and a multiplication
defined by composition
(f g)m = f (g(m)), f, g ∈ HomA (M, N ), m ∈ M.
Example 5.10. Let K be a field and V = K n be a vector space of dimension n. Given a matrix
A = (aij ) ∈ Mn (K), we can associate with it a linear map
!t
X X
fA : V → V, x = (x1 , . . . , xn )t 7→ Ax = a1j xj , . . . , anj xj .
j j

The map
Mn (K) → EndK (V ), A 7→ fA
is an isomorphism of rings. Given a linear map f : V → V , one reconstructs the matrix
P
A = (aij ) ∈ Mn (K) by the rule f ej = i aij ei , where (e1 , . . . , en ) is the standard basis of
V = K n . We will often identify A ∈ Mn (K) and fA ∈ EndK (V ).
Remark 5.11. If M is an abelian group, then the ring EndZ (M ) is denoted by End(M ). If M
is an A-module, then there is a ring homomorphism
φ : R → End(M ), φ(a)(m) = am, a ∈ A, m ∈ M.
For example
φ(ab)m = (ab)m = a(bm) = φ(a)(bm) = φ(a)(φ(b)m)
and therefore φ(ab) = φ(a) ◦ φ(b). Conversely, given an abelian group M and a ring homomor-
phism φ : R → End(M ), we can equip M with an A-module structure
a · m = φ(a)(m) ∈ M, a ∈ A, m ∈ M.
Example 5.12. Let V be a vector space over a field K. Given a K-linear map A ∈ EndK (V ),
the evaluation map
K[x] → EndK (V ), f 7→ f (A)
is a ring homomorphism, hence V gets a structure of a K[x]-module
f · v = f (A)(v), f ∈ K[x], v ∈ V.
Conversely, if V is a K[x]-module (extending the K-vector space structure on V ), then multipli-
cation by x induces a K-linear map A : V → V .
 FIELDS, RINGS AND MODULES 43

Definition 5.13. Let M be an A-module. A subset N ⊆ M is called a submodule if N is a

subgroup and for any a ∈ A, m ∈ N we have am ∈ N (that is, RN ⊆ N ).
Example 5.14. Let A be a commutative ring. Then the submodules of A are precisely the
ideals of A.
Lemma 5.15. Let f : M → N be a homomorphism of A-modules. Then
(1) The set Ker f = {m ∈ M | f (m) = 0} is a submodule of M .
(2) The set Im f = {f (m) | m ∈ M } is a submodule of N .
(3) f is injective if and only if Ker f = 0.
Remark 5.16. Given an A-module M and a submodule N ⊆ M , one can define the quotient
M/N of abelian groups (similar to the construction of the quotient ring A/I for an ideal I ⊆ A).
We define an equivalence relation on M by
m ∼ m0 ⇐⇒ m − m0 ∈ N.
The equivalence class of m ∈ M is
[m] = {m0 ∈ M | m0 ∼ m} = m + N = {m + n | n ∈ N }.
The set of equivalence classes is denoted by M/N . It has a structure of an abelian group defined
by
[m] + [m0 ] = [m + m0 ].
Theorem 5.17. Let M be an A-module and N ⊆ M be a submodule. Then
(1) The quotient group M/N has a structure of an A-module defined by
a · [m] = [am], a ∈ A, m ∈ M.
(2) The natural map π : M → M/N , m 7→ [m], is a homomorphism of A-modules.
(3) If f : M → M 0 is a homomorphism of A-modules, then there exists a unique homomor-
phism f¯: M/ Ker f → M 0 that makes the following diagram commute (f¯ ◦ π = f )
π
M M/ Ker f

f f¯
0
M
∼
The map f¯ induces an isomorphism f¯: M/ Ker f −
→ Im f .
44 SERGEY MOZGOVOY

5.3. Simple and indecomposable modules.

Definition 5.18. Let A be a ring and M be a nonzero A-module.

(1) A module M is called simple (or irreducible) if it does not contain any submodules
except zero and itself.
(2) A module M is called indecomposable if it can not be written as an (internal) direct
sum of nonzero submodules, that is, there are no nonzero submodules N, N 0 ⊆ M such
that N ∩ N 0 = 0 and N + N 0 = M .
(3) A submodule N ( M is called maximal, if there are no submodules N ( L ( M .

Remark 5.19. Any simple module is indecomposable.

Remark 5.20. Given two A-modules N, N 0 , define a new A-module N ⊕N 0 , called an (external)
direct sum of N and N 0 , to be the product of abelian groups N ×N 0 equipped with a multiplication
a(n, n0 ) = (an, an0 ), a ∈ A, n ∈ N, n0 ∈ N 0 .
A module M is indecomposable if and only if it is not isomorphic to a direct sum N ⊕ N 0 for
some nonzero modules N, N 0 .

Example 5.21. If K is a field, then K is a simple module over itself.

Example 5.22. Let A be a PID and p ∈ A be irreducible. Then

(1) The module (p) ⊆ A is maximal: if (p) ⊆ (a) ⊆ A =⇒ a | p =⇒ a = 1 or a = p (up to
a unit) =⇒ (a) = A or (a) = (p). The quotient A/(p) is a field and is a simple module
over A/(p) and over A.
(2) The module M = A/(p2 ) is not simple. It has a submodule N = (p)/(p2 ). The quotient
M/N is isomorphic to A/(p). Note that N = (p)/(p2 ) is also isomorphic to A/(p):
A/(p) → (p)/(p2 ), a 7→ ap.
(3) The module M = A/(p2 ) is indecomposable. Indeed, for any submodule N ⊆ M , there
exists an ideal (p2 ) ⊆ (a) ⊆ R such that N = (a)/(p2 ). We obtain from a | p2 that
a = 1, p or p2 (up to a unit). Therefore the only submodules of M = A/(p2 ) are
0 = (p2 )/(p2 ) ⊆ (p)/(p2 ) ⊆ (1)/(p2 ) = M . If N1 ⊕ N2 = M then N1 ⊆ N2 or N2 ⊆ N1 .
Assuming the former without loss of generality, we obtain N1 = N1 ∩ N2 = 0, hence M
is indecomposable.
(4) Let p, q ∈ A be coprime. Then M = A/(pq) is an (internal) direct sum of N1 =
(p)/(pq) ⊆ M and N2 = (q)/(pq): let a ∈ A be such that [a] ∈ N1 ∩ N2 . Then p | a and
q | a =⇒ pq | a =⇒ [a] = 0 in A/(pq). Therefore N1 ∩ N2 = 0. There exist u, v ∈ A
such that 1 = up + vq =⇒ 1 ∈ N1 + N2 =⇒ N1 + N2 = A/(pq) = M .
This proves that M = A/(pq) is not indecomposable. Note that A/(q) ' (p)/(pq) =
N1 , [a]q 7→ [ap]pq and similarly A/(p) ' (q)/(pq) = N2 . This implies that A/(pq) '
A/(p) ⊕ A/(q) (external direct sum).

Lemma 5.23 (Schur’s lemma). For any simple A-module M , the endomorphism ring EndA (M )
is a division ring, that is, any endomorphism M → M is either zero or invertible.

Proof. Assume that f : M → M is nonzero. Then Ker f ⊆ M is a submodule not equal to M .

Therefore Ker f = 0 and f is injective. On the other hand Im f ⊆ M is a submodule no equal
to zero. Therefore Im f = M and f is surjective. This implies that f is bijective and therefore
invertible. 
 FIELDS, RINGS AND MODULES 45

Corollary 5.24. Let A be an algebra over an algebraically-closed field K. If M is a simple

A-module, finite-dimensional over K, then EndA (M ) = K.
Proof. We know that S = EndA (M ) is a division ring. As M is f.d., EndK (M ) is also f.d. For
every a ∈ S, the elements 1, a, . . . , an ∈ S ⊆ EndK (M ) are linearly dependent over K for large
n. Therefore there exists monic f ∈ K[x] with f (a) = 0. As K is algebraically closed, we can
Q Q
write f = i (x − ci ) with ci ∈ K. Then f (a) = i (a − ci ) = 0. The ring S is an integral
domain and a − ci ∈ S for all i. Therefore a − ci = 0 for some i, hence a = ci ∈ K.
Alternative proof: Let f : M → M be an A-homomorphism. As a linear operator on a
K-vector space, f admits an eigenvector v ∈ M with an eigenvalue λ ∈ K (as K is algebraically
closed). Then f 0 = f − λ id ∈ EndA (M ), f 0 (v) = f (v) − λv = 0 =⇒ Ker f 0 6= 0. But
Ker f 0 ⊆ M is a submodule and M is simple, hence Ker f 0 = M =⇒ f 0 = 0. This implies
f = λ id. 
Lemma 5.25. Let M be an A-module and N ⊆ M be a submodule. Then N ⊆ M is maximal
if and only if M/N is simple.
Proof. Consider a canonical homomorphism π : M → M/N . There is a bijection between the
submodules N ⊆ L ⊆ M and the submodules of M/N given by L 7→ π(L) = L/N ⊆ M/N .
The inverse is given by
M/N ⊃ L0 7→ π −1 (L0 ) ⊆ M.
The submodule N ⊆ M is maximal ⇐⇒ N and M are the only submodules N ⊆ L ⊆ M
⇐⇒ 0 and M/N are the only submodules of M/N ⇐⇒ M/N is simple. 
Lemma 5.26. Let A be a commutative ring and M be a simple A-module. Then there exists a
maximal ideal I ⊆ R such that M ' A/I.
Proof. Let m ∈ M be a nonzero element. Consider a homomorphism of A-modules
f : A → M, f (a) = am.
Then Im f ⊆ M is a nonzero submodule and therefore Im f = M . Let I = Ker f . Then I is a
submodule and therefore an ideal of A. There is an isomorphism
A/I ' Im f = M.
As M is simple, we obtain by the previous lemma that I ⊆ A is a maximal submodule and a
maximal ideal. 
Definition 5.27. Let A be a ring and M be an A-module. A composition series of a module
M is a chain of submodules
0 = M0 ⊆ M1 ⊆ . . . ⊆ Mn = M
such that the modules Mi /Mi−1 are simple for 1 ≤ i ≤ n. The modules Mi /Mi−1 are called the
subquotients of the composition series. The number n is called the length of the composition
series.
Theorem 5.28 (Jordan-Hölder Theorem). Let M be an A-module that has at least one compo-
sition series. Then any two composition series of M have the same length and have isomorphic
subquotients (up to a permutation). The length of a composition series is called the length of M .
Example 5.29. Let A be a PID and p, q ∈ A be two irreducible elements, not associate to each
other. Then M = A/(pq) ' A/(p) ⊕ A/(q) has the following filtrations:
M0 = 0, M1 = A/(p), M2 = M,
46 SERGEY MOZGOVOY

M00 = 0, M10 = A/(q), M20 = M.

The corresponding subquotients are
M1 /M0 ' A/(p), M2 /M1 ' A/(q),
M10 /M00 ' A/(q), M20 /M10 ' A/(p).
The tuples of subquotients are the same up to a permutation.
 FIELDS, RINGS AND MODULES 47

5.4. Chinese remainder theorem. We have seen that given a PID A and coprime elements
p, q ∈ A, we have
A/(pq) ' A/(p) ⊕ A/(q).
We will generalize this statement by proving the Chinese Remainder Theorem. In its classical
form, formulated in the 3rd century AD by Sunzi (not to be confused with Sun Tzu, the author
of “The art of war”) it is
Theorem 5.30. Let n1 , . . . , nk be positive, pairwise coprime integers. Then for any integers
a1 , . . . , ak , there exists an integer a such that
a ≡ ai (mod ni ), ∀i = 1, . . . , k.
There exists a unique such integer with 0 ≤ a < n = n1 . . . nk .
This theorem can be also formulated as a statement that the map
Z/nZ → Z/n1 Z × . . . × Z/nk Z, a + nZ 7→ (a + n1 Z, . . . , a + nk Z)
is an isomorphism (of rings or of abelian groups).
Proof. The above map is injective. Indeed, if [a] = a + nZ is mapped to zero, then ni | a for
Q
all i, hence n = i ni | a as the elements ni are pairwise coprime. This implies that [a] = 0.
Injectivity of the map implies bijectivity as the groups on both sides have the same number of
elements. 
We can generalize the above result to arbitrary PID.
Theorem 5.31. Let A be a PID and n1 , . . . , nk be pairwise coprime elements (this means that
gcd(ni , nj ) = 1 for i 6= j). Then the map
A/(n) → A/(n1 ) × . . . × A/(nk ), a + (n) 7→ (a + (n1 ), . . . , a + (nk )),
is an isomorphism of rings (or A-modules), where n = n1 . . . nk .
Remark 5.32. In particular, we see that for any coprime p, q ∈ A, we have an isomorphism
A/(pq) ' A/(p) ⊕ A/(q) of A-modules.
This statement, in its own right, can be generalized as follows
Theorem 5.33. Let A be a commutative ring and I1 , . . . , Ik be ideals of A that are pairwise
coprime: Ii + Ij = A, i 6= j. Then the map
φ : A/I → A/I1 × . . . × A/Ik , a + I 7→ (a + I1 , . . . , a + Ik ),
T
is an isomorphism of rings (or A-modules), where I = i Ii . Moreover I = I1 I2 . . . Ik .
Proof. The kernel of the map
A → A/I1 × . . . × A/Ik
T
is i Ii = I. This implies injectivity of φ. Let us prove surjectivity. For any i 6= j, we can find
eij ∈ Ii and eji ∈ Ij such that 1 = eij + eji . Then, for any i, we have
Y Y
1= (eij + eji ) ∈ Ii + eji .
j6=i j6=i
Q Q
Let ei ∈ Ii and fi = j6=i eji ∈ j6=i Ij be such that 1 = ei + fi . Given elements [ai ] ∈ A/Ii for
P
all i, we claim that a = j fj aj satisfies a ≡ ai (mod Ii ) for all i. Indeed,
X
a − ai = a − (ei + fi )ai = fj aj − ei ai ∈ Ii
j6=i
48 SERGEY MOZGOVOY

as ei ∈ Ii and fj ∈ Ii for j 6= i. Therefore a ≡ ai (mod Ii ) for all i and the map φ is surjective.
T Q Q T
We also have to show that i Ii = i Ii . Inclusion i Ii ⊆ i Ii is trivial. On the other hand,
T
let a ∈ i Ii . Then by induction a ∈ J = I1 . . . Ik−1 . Therefore
Y
a = a(ek + fk ) ∈ JIk + Ik J = Ii
i
Q T Q
as ek ∈ Ik , fk ∈ j6=k Ij = J and a ∈ Ik . This proves that i Ii ⊆ i Ii . 
 FIELDS, RINGS AND MODULES 49

5.5. Modules over PID. Consider the following two fundamental results of linear algebra and
the theory of finite abelian groups. In linear algebra one proves that every square matrix over C
is conjugate to its Jordan canonical form which is a direct sum of Jordan blocks
 
λ 1 0 ...... 0
0 λ 1 . . . . . . 0
 
0 0 λ . . . . . . 0
 
Jn,λ =  λ ∈ C, n ≥ 1.
. . . . . . . . . . . . . . . . . . . 

 
0 0 0 . . . λ 1
0 0 0 ... 0 λ
The fundamental theorem of finitely generated abelian groups states that every such group is
isomorphic to a direct sum
Zk ⊕ Z/(pn1 1 ) ⊕ · · · ⊕ Z/(pnr r ),
where k ≥ 0, pi ∈ Z are prime numbers and ni ≥ 1. In particular, every finite abelian group is
isomorphic to
Z/(pn1 1 ) ⊕ · · · ⊕ Z/(pnr r ).
We will see that these two results are essentially equivalent, if seen from an appropriate point of
view, and then we will give a general unified proof.
Given a vector space V = K n over a field K and a linear operator A ∈ EndK (V ) = Mn (K),
we can equip V with a structure of a K[x]-module (we denote it by VA )
f · v = f (A)(v), f ∈ K[x], v ∈ V.
Conversely, if V is a K[x]-module, then it is a K-vector space and we can define
A ∈ EndK (V ), A(v) = x · v, v ∈ V.
Example 5.34. Consider the K[x]-module V = K[x]/(x − λ)n , where λ ∈ K and n ≥ 1.
Choose the basis (x − λ)n−1 , . . . , (x − λ)2 , (x − λ), 1 of V . In this basis we have
A(x − λ)k = x(x − λ)k = (x − λ)k+1 + λ(x − λ)k
for k < n − 1 and A(x − λ)n−1 ≡ λ(x − λ)n−1 (mod (x − λ)n ). Therefore the matrix of A in
this basis is exactly the Jordan block Jn,λ .
Let W be another K-vector space, B ∈ EndK (W ) and WB be the corresponding K[x]-
module. Then an isomorphism g : VA → WB of K[x]-modules can be identified with a K-linear
isomorphism g : V → W such that gA = Bg:
gA(v) = g(x · v) = x · g(v) = Bg(v), v ∈ V.
This means that B = gAg −1 and the corresponding matrices are conjugate if V = W = K n .
The statement that a matrix A ∈ Mn (K) (with K = C) is conjugate to a direct sum of Jordan
blocks Jn1 ,λ1 , . . . , Jnr ,λr can be translated now to the statement that the K[x]-module VA is
isomorphic to a direct sum of K[x]-modules
K[x]/(x − λ1 )n1 ⊕ · · · ⊕ K[x]/(x − λr )nr .
The polynomials (x − λ)n are powers of irreducible polynomials x − λ ∈ K[x] and these are the
only irreducible (or prime) elements in K[x] (up to a unit) if K = C or K is algebraically closed.
In the same way for abelian groups we had summands Z/(pn ), where p is prime. This shows
that both statements are essentially equivalent, with the first statement being about modules
over K[x] and the second statement about modules over Z (that is, abelian groups). Both of
them follow from the general result we will prove next.
50 SERGEY MOZGOVOY

Definition 5.35. A module M over a ring A is called finitely generated if there exists a finite
family (m1 , . . . , mk ) of elements in M (called generators of M ) such that every element of M
can be written in the form ki=1 ai mi for some ai ∈ A.
P

Theorem 5.36. Let A be a PID. Then evry finitely generated A-module is isomorphic to a
direct sum
Ak ⊕ A/(pn1 1 ) ⊕ · · · ⊕ A/(pnr r ),
where k ≥ 0, pi ∈ A are prime and ni ≥ 1. The modules A and A/(pn ) are indecomposable.
Proof. Let M be a finitely generated A-module with generators x1 , . . . , xm . Then there is a
surjective homomorphism ψ : Am → M (where Am 3 ei 7→ xi ). The kernel Ker ψ ⊆ Am is
finitely generated (see below). Therefore there is a surjective homomorphism φ : An → Ker ψ
and we obtain a sequence of maps
φ ψ
An →
− Am − → M,
where Im φ = Ker ψ so that
Coker φ := Am / Im φ = Am / Ker ψ ' M.
We can represent φ as an m × n matrix with entries in A. By changing the bases of Am and An
we can put this matrix to the form, called a Smith normal form,
 
a1 0 0 . . . . . 0
 0 a2 0 . . . . . 0
 
 0 0 . . . . . . . . 0
 
 
 . . . . . . . . . . ar . . . . 
 
 0 0 . . . . . . 0 0
0 0 ...... 0 0
with nonzero a1 | a2 | · · · | ar and r ≤ m, n. The elements ai are unique (up to a unit). The
algorithm is somewhat involved for general PID, but in the case of Euclidean domains one can
use the usual Gaussian elimination on rows and columns to get the required form. I omit the
details. We obtain then
M ' Am / Im φ = A/(a1 ) ⊕ · · · ⊕ A/(ar ) ⊕ Am−r .
If a ∈ A is nonzero and a = i pki i is a factorization into irreducible (distinct) factors, then
Q

A/(a) ' A/(pk11 ) ⊕ A/(pk22 ) ⊕ . . .

by the Chinese Remainder theorem. We obtain the required decomposition of the module M .
Let us verify that A is indecomposable. If N1 = (a) ⊆ A, N2 = (b) ⊆ A and N1 , N2 6= 0, then
0 6= ab ∈ N1 ∩ N2 , hence N1 ∩ N2 6= 0 and A =6 N1 ⊕ N2 . Similarly, one can show that A/(pn ) is
indecomposable. 
 FIELDS, RINGS AND MODULES 51

5.6. Noetherian modules. In the proof of the previous theorem we used the fact that a
submodule of An is finitely generated if A is a PID. Let us discuss this in more detail.
Definition 5.37. Let A be a ring.
(1) An A-module M is called Noetherian if every submodule of M is finitely generated.
(2) The ring A is called Noetherian if it is Noetherian as a (left) A-module over itself.
Example 5.38. A PID A is Noetherian. Indeed, every submodule of A is an ideal, hence a
principal ideal, generated by one element.
Lemma 5.39. Let A be a ring and M be an A-module. The following conditions are equivalent
(1) Every submodule of M is finitely generated.
(2) Every increasing chain of submodules
M1 ⊆ M2 ⊆ . . . ⊆ M
stabilizes, that is, Mn = Mn+1 = . . . for n  0.
Proof. 1 =⇒ 2. Consider an increasing chain
M1 ⊆ M2 ⊆ . . . ⊆ M
and let N = ∪n≥1 Mn ⊆ M . Then N is a submodule of M and by assumption it is finitely
generates. Let x1 , . . . , xk be generators of N . Then xi ∈ Mni for some ni ≥ 1. Taking
n = maxi ni , we obtain xi ∈ Mn for all i, hence N ⊆ Mn and Mn = Mn+1 = . . . .
2 =⇒ 1. Let N ⊆ M be a submodule and let x0 = 0 ∈ N . Assuming that elements x0 , . . . , xk
in N are constructed, let Mk ⊆ N be the module generated by them. If Mk = N then N is
finitely generated and we are done. If Mk 6= N , let xk+1 ∈ N \Mk and continue the procedure.
In this way we obtain a chain of modules
M1 ⊆ M2 ⊆ . . . ⊆ N ⊆ M
with Mk 6= Mk+1 for all k ≥ 1. A contradiction. 
Lemma 5.40. Let M be an A-module and N ⊆ M be a submodule. Then M is Noetherian
⇐⇒ N and M/N are Noetherian.
Proof. Let M be Noetherian. If L ⊆ N is a submodule, then L ⊆ M , hence L is finitely
generated and N is Noetherian. Let L ⊆ M/N be a submodule and let π : M → M/N be the
projection. The module L0 = π −1 (L) ⊆ M is finitely generated, hence also L = π(L0 ) is finitely
generated and M/N is Noetherian.
Assume that N and M/N are Noetherian and let L ⊆ M . Then L ∩ N ⊆ N is finitely
generated and L/(L ∩ N ) ' (L + N )/N ⊆ M/N is finitely generated. This implies that L is
also finitely generated. 
Corollary 5.41. If M, N are Noetherian A-modules, then M ⊕ N is also Noetherian.
Proof. Let M 0 = M ⊕ N . Then N ⊆ M 0 and M 0 /N ' M are Noetherian. We conclude that
M 0 is Noetherian. 
Corollary 5.42. If A is a Noetherian ring, then the module An is Noetherian for all n ≥ 1.
Proof. The module An is a direct sum of copies of A. 
Corollary 5.43. If A is a PID, then every submodule of An is finitely generated.
Proof. We have seen that A is Noetherian. Therefore An is also Noetherian. This means that
every submodule of An is finitely generated. 
52 SERGEY MOZGOVOY

Lemma 5.44. Let M be a Noetherian module over a ring A and f : M → M be a surjective

homomorphism. Then f is an isomorphism.

Proof. Consider the chain of modules Ker f ⊆ Ker f 2 ⊆ . . . ⊆ M . As M is Noetherian,

this chain stabilizes =⇒ ∃n ≥ 1, Ker f n = Ker f 2n =⇒ Im f n ∩ Ker f n = 0. Indeed, if
f n (x) ∈ Ker f n =⇒ f 2n (x) = 0 =⇒ x ∈ Ker f 2n = Ker f n =⇒ f n (x) = 0. As f is surjective:
Im f n = M =⇒ Ker f n = Im f n ∩ Ker f n = 0 =⇒ Ker f = 0 =⇒ f is injective. 
 FIELDS, RINGS AND MODULES 53

Appendix A. Cyclotomic polynomials

Definition A.1.
(1) An element ξ ∈ C is called a root of unity if ξ n = 1 for some n ≥ 1. In this case
ξ = e2πik/n for some 0 ≤ k < n.
(2) Given n ≥ 1, an element ξ ∈ C is called an n-th root of unity if ξ n = 1.
(3) For any root of unity ξ, define ord ξ = min{n ≥ 1 | ξ n = 1}.
(4) An element ξ is called a primitive n-th root of unity if ξ n = 1 and ξ k =
6 1 for 1 ≤ k < n.
Equivalently, ord ξ = n.

Remark A.2. An element ξ = e2πik/n is an n-th primitive root of unity if and only if gcd(k, n) =
1. Indeed, if d = gcd(k, n) > 1, then ξ n/d = e2πik/d = 1 as k/d ∈ Z. This implies that ord ξ < n.
Conversely, if gcd(k, n) = 1 and ξ m = 1 for some 1 ≤ m < n, then n | km =⇒ n | m, a
contradiction.

Remark A.3. Let ξ be a d-th primitive root of unity. Then ξ n = 1 if and only if d | n. Indeed,
ξ = e2πik/d with gcd(k, d) = 1. Therefore 1 = ξ n = e2πikn/d =⇒ d | kn =⇒ d | n. Every n-th
root of unity is a primitive root for a unique d | n.

Let Y
Φd (x) = (x − ξ).
ord ξ=d

By the previous discussion

Y Y Y Y
xn − 1 = (x − ξ) = (x − ξ) = Φd (x).
ξ n =1 d|n ord ξ=d d|n

We obtain by induction (and Gauss lemma) that Φd (x) ∈ Z[x]. This polynomial is called a d-th
cyclotomic polynomial.

Example A.4. We have Φ1 (x) = x − 1. For any prime p, we have d | p if and only if d = 1 or
d = p. This implies
xp − 1 = (x − 1)Φp (x),
hence
Φp (x) = xp−1 + · · · + x + 1.
We have
x4 − 1 = Φ1 (x)Φ2 (x)Φ4 (x),
hence Φ4 (x) = x2 + 1.
x6 − 1 = Φ1 (x)Φ2 (x)Φ3 (x)Φ6 (x),
hence
(x3 − 1)(x3 + 1) x3 + 1
Φ6 (x) = = = x2 − x + 1.
(x3 − 1)Φ2 (x) x+1
Theorem A.5 (Kronecker). The polynomial Φd (x) is irreducible for every d ≥ 1.

Let us prove first a simpler version.

Lemma A.6 (Gauss). For every prime p, the polynomial

Φp (x) = xp−1 + · · · + x + 1
is irreducible.
54 SERGEY MOZGOVOY

Proof (Eisenstein). Applying the substitution x = y + 1, we obtain

(y + 1)p − 1 (y + 1)p − 1
Φp (y + 1) = = .
y+1−1 y
The coefficient of y p−1 is
one. The coefficient of y k−1 is kp for 1 ≤ k < p and is divisible by p.

The coefficient of y 0 is p1 = p is not divisible by p2 . By Eisenstein criterium our polynomial is

irreducible. 
Proof of Theorem A.5 (Dedekind). Let ξ ∈ C be a root of Φn (x) (that is, primitive n-th root of
1) and f | Φn be an irreducible polynomial such that f (ξ) = 0. It has integer coefficients by
Gauss’s lemma. We will prove that if p is prime and (p, n) = 1, then f (ξ p ) = 0. This implies by
induction that if (m, n) = 1, then f (ξ m ) = 0. Therefore all primitive n-th roots of 1 are roots of
f , hence Φn = f and Φn is irreducible.
For any two polynomials f, g ∈ Z[x], we have
p  
p
X p i p−i
(f + g) = fg ≡ f p + g p (mod p).
i=0
i

Applying this to a sum of monomials f = di=0 fi xi ∈ Z[x], we obtain

P

d
X d
X
p
f (x) ≡ fip xip ≡ fi xip = f (xp ) (mod p),
i=0 i=0
p
where we used a ≡ a (mod p) for a ∈ Z (Fermat’s little theorem).
By assumption (p, n) = 1 =⇒ ξ p is a primitive n-th root of 1 =⇒ Φn (ξ p ) = 0. Let g | Φn
be an irreducible polynomial such that g(ξ p ) = 0. If f = g, then we are done, hence we assume
that f =6 g. As f and g are irreducible and divide Φn (and xn − 1), we obtain that f g | xn − 1.
As ξ is a root of g(xp ), we obtain that f (x) divides g(xp ). Therefore, modulo p, f¯(x) ∈ Fp [x]
divides ḡ(xp ) = ḡ(x)p . Hence f¯(x), ḡ(x) have a non-trivial common factor h̄(x). This implies
that h̄2 divides f¯ḡ and xn − 1 in Fp [x]. But xn − 1 ∈ Fp [x] does not have multiple factors (if
a polynomial has a multiple factor, then this polynomial and its derivative have a non-trivial
common factor; however xn − 1 and its derivative nxn−1 are coprime in Fp [x]). A contradiction.

 FIELDS, RINGS AND MODULES 55

Appendix B. RSA algorithm

A public key cryptography (or asymmetric cryptography) is a cryptosystem that uses a pair
of keys: a public key (known to everybody) and a private key (known only to the owner A). It
solves the following two problems:
(1) Encryption: B can encrypt a message (using the public key provided by A) so that
only the owner A of the private key can decrypt it (using the private key).
(2) Authentication: the owner A of the private key can prove his identity to B by
decrypting a message that was encrypted by B (with a public key) and sending this
message back to B.
For safety reasons one requires that the derivation of the private key from the public key
is a computationally difficult, costly, and time consuming problem. The RSA algorithm is an
example of a public key cryptography. One chooses three numbers n, e, d such that
(ae )d = ade ≡ a (mod n) ∀a ∈ Z (2)
and takes (n, e) to be the public key and d to be the private key. One considers elements a ∈ Zn
as messages and defines the encryption function as
E : Zn → Zn , a 7→ ae
and the decryption function as
D : Zn → Zn , a 7→ ad
which satisfy D ◦ E = id. The numbers n, e, d are chosen in the following way (RSA algorithm
due to Rivest, Shamir, Adleman, 1978):
(1) Choose two large distinct prime numbers p, q and let n = pq.
(2) Choose e > 1 coprime with φ = (p − 1)(q − 1) (usually one chooses e = 216 + 1).
(3) Find d > 1 satisfying de ≡ 1 (mod φ): use the Euclidean algorithm to find d, u ∈ Z such
that de + uφ = gcd(e, φ) = 1; then de ≡ 1 (mod φ).
Let us show that (2) is satisfied. By our assumption k = de ≡ 1 (mod φ).
Lemma B.1. Let p, q be distinct prime numbers, n = pq, and φ = (p − 1)(q − 1). For any
k ≡ 1 (mod φ), we have
ak ≡ a (mod n) ∀a ∈ Z.
Proof. We have to show that p | ak − a and q | ak − a. By assumption
k = 1 + s(p − 1)(q − 1) = 1 + t(p − 1)
for some s, t ∈ Z. If p | a, then obviously p | ak − a. Otherwise, ap−1 ≡ 1 (mod p) by Fermat’s
little theorem, hence
ak = a1+t(p−1) = a · (ap−1 )t ≡ a · 1t = a (mod p).
Similarly one can prove that ak ≡ a (mod q). 
Remark B.2 (Safety of RSA). The safety of the RSA algorithm is based on the (empirical)
fact that from the knowledge of n it is extremely difficult to get the factorization n = p · q into
the product of primes (if p, q are large enough, for example > 2100 , but this boundary increases
over time with an increase of computer performance). Therefore it is difficult to determine the
number φ = (p − 1)(q − 1): knowing n = pq and φ = (p − 1)(q − 1) one could find p, q by solving
a quadratic equation. Finally, from the knowledge of (n, e), but without the knowledge of φ one
can not determine the private key d which satisfies (2).
56 SERGEY MOZGOVOY

Let us generalize the above lemma.

Theorem B.3 (Euler’s theorem). Given a number n ≥ 1, define
Y 1

φ(n) = n 1− ∈ Z,
p
p|n

where the product runs over all prime divisors of n (φ is called Euler’s totient function). Then,
for every a ∈ Z coprime with n, we have
aφ(n) ≡ 1 (mod n).
Proof. Let Z× n denote the multiplicative group of invertible elements in Zn . Let us show that
Qr ki
the number of elements in Z×n equals φ(n). If n = p
i=1 i (where pi are prime and pi 6= pj for
Qr
i 6= j), then Zn ' i=1 Zpki by the Chinese remainder theorem. An element in Zn is invertible
i
if and only if the corresponding components in Zpki are invertible. The only non-invertible
i
elements in Zpk (where p is prime) are multiples of p and there are pk−1 of them. Therefore
the number of invertible elements in Zpk equals pk − pk−1 . This implies that the number of
invertible elements in Zn equals
Y r r
Y Y
ki ki −1
(p − p )= pki (1 − 1/pi ) = n (1 − 1/p) = φ(n).
i=1 i=1 p|n

If a ∈ Z is coprime with n, then

 the corresponding element [a] ∈ Zn is invertible. If k is the
×
order of [a] in Zn , then H = 1, [a], . . . , [a] k−1
is a subgroup of Z× n . By the Lagrange theorem
× k φ(n)
k = |H| divides φ(n) = |Zn |. As [a] = 1, we obtain that [a] = 1 in Zn , hence aφ(n) ≡ 1
(mod n). 
Remark B.4. If n = p is prime, then φ(p) = p − 1 and we obtain for any a ∈ Z coprime with
p: ap−1 ≡ 1 (mod p), which is Fermat’s little theorem. If n = pq with distinct primes p, q, then
φ(n) = (p − 1)(q − 1) and we obtain for k ≡ 1 (mod φ(n)) and any a ∈ Z coprime with n:
ak = a1+sφ(n) ≡ a · 1 (mod n), where k = 1 + sφ(n). We proved earlier that the same congruence
is true for all a ∈ Z.
Remark B.5. Is it not true in general that ak ≡ a (mod n) for any a ∈ Z and k ≡ 1
(mod φ(n)), although this is true if n is a product of distinct prime numbers. Let n = pm and
a = pl b with l ≥ 0 and b coprime with p. If l = 0, then aφ(n) ≡ 1 (mod n), hence ak ≡ a
(mod n). If l ≥ 1, then aφ(n) ≡ plφ(n) ≡ 0 (mod n) as
lφ(n) ≥ φ(n) = pm−1 (p − 1) ≥ 2m−1 ≥ m.
This implies that aφ(n)+1 − a ≡ −a 6≡ 0 (mod n) if l < m.