F1.3YE2/F1.

3YK3

ALGEBRA AND ANALYSIS

Part 2: ALGEBRA.

RINGS AND FIELDS

LECTURE NOTES AND EXERCISES

Contents

1 Revision of Group Theory 3

1.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2 Binary Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3 Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.4 Cayley tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.5 Subgroups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.6 Homomorphisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.7 Quotient Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
1.8 Finitely generated abelian groups . . . . . . . . . . . . . . . . . . . . . 12

2 Rings, fields and integral domains 15

2.1 Rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
2.2 Product rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.3 Some elementary properties . . . . . . . . . . . . . . . . . . . . . . . . 18
2.4 Subrings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
2.5 Fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
2.6 Integral domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

3 Homomorphisms, ideals, and quotient rings 27

3.1 Homomorphisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.2 Ideals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3.3 Quotient Rings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
3.4 More Isomorphism Theorems . . . . . . . . . . . . . . . . . . . . . . . 33

4 Special types of ideals 37

4.1 Principal ideals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
4.2 Maximal ideals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4.3 Prime ideals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40

5 Polynomial Rings 45
5.1 Polynomials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
5.2 Polynomials with coefficients in a field . . . . . . . . . . . . . . . . . . 46
5.3 Long division and the euclidean algorithm . . . . . . . . . . . . . . . . 47

1
2 CONTENTS

5.4 Reducible and irreducible polynomials . . . . . . . . . . . . . . . . . . 49

5.5 Testing for irrecucibility . . . . . . . . . . . . . . . . . . . . . . . . . . 51

6 Field Extensions 55
6.1 Extending a given field . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
6.2 Algebraic number fields . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
6.3 Finite fields . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Chapter 1

Revision of Group Theory

1.1 Introduction
The Algebra section of this course is about certain types of algebraic structure that
generalise – and include as examples – many such structures with which we are already
familiar.
For example, given two natural numbers a, b, we can add and multiply them to get
new natural numbers a + b and ab. We can also subtract one from the other, but the
result a − b is not always a natural number. (It may be a negative integer.)
If we allow a, b to be arbitrary integers, we can add, multiply and subtract them
and the result will also be an integer. We can also divide a by b (provided b 6= 0), but
the result will not always be an integer.
If a, b are arbitrary rational numbers (or real numbers, or complex numbers) then
we can add, multiply and subtract to get a new number of the same type. We can also
divide a by b if b 6= 0.
We will be interested in properties of Z, Q, R and C with respect to the algebraic
operations of addition, subtraction, multiplication and division, but we will also be
interested in similar algebraic operations on other objects.
For example, we know that we can add or subtract two vectors in Rn to get a new
vector in Rn . If A, B are n × n matrices, we can add, subtract and multiply to get new
n × n matrices A + B, A − B and AB. These operations share many of the familiar
properties of arithmetic of numbers – but not all of them.
For example, if a, b are numbers then we know that ab = ba. But there are examples
of 2×2 matrices A, B such that AB 6= BA. We are interested in developing an abstract
theory that will apply to a wide variety of different algebraic situations.

All the above examples have a common feature: they are abelian groups with respect
to addition. The purpose of this chapter is to revise the features of group theory that
are relevant to our later studies.

3
4 CHAPTER 1. REVISION OF GROUP THEORY

1.2 Binary Operations

A binary operation ∗ on a set A is a map A × A → A, written (a, b) 7→ a ∗ b.
Examples include most of the standard arithmetic operations on the real or complex
numbers, such as addition (a + b), multiplication (a × b), subtraction (a − b). Other
examples of binary operations (on suitably defined sets) are exponentiation ab (on
the set of positive reals, for example), composition of functions, matrix addition and
multiplication, subtraction, vector addition, vector product of 3-dimensional vectors,
and so on.
Definition A binary operation ∗ on a set A is commutative if a ∗ b = b ∗ a ∀a, b ∈ A.
Addition and multiplication of numbers is commutative, as is addition of matrices or
vectors, union and intersection of sets, etc. Subtraction of numbers is not commutative,
nor is matrix multiplication.
Definition A binary operation ∗ on a set A is associative if a ∗ (b ∗ c) = (a ∗ b) ∗ c
∀a, b, c ∈ A.
Addition and multiplication (of numbers and matrices) are associative. Examples
of nonassociative binary operations are subtraction (of anything), exponentiation of
positive reals, and vector product.
Definition An identity for a binary operation ∗ on a set A is an element e ∈ A such
that e ∗ a = a = a ∗ e ∀a ∈ A.
Examples are 0 for addition of numbers, 1 for multiplication of numbers, the identity
n × n matrix for matrix multiplication. Not all binary operations have identities,
however: an example is subtraction of numbers.
Definition Let ∗ be a binary operation on a set A and let a ∈ A. An inverse for a
(with respect to ∗) is an element b ∈ A such that a ∗ b and b ∗ a are identities for ∗.
Thus for example −5 is an inverse for 5 with respect to addition of integers; 32 is an
inverse for 32 with respect to multiplication of positive real numbers. Other examples
are matrix inverses (matrix multiplication) and appropriately defined inverse functions
(function composition).

Lemma 1.1 If a binary operation on a set has an identity, then this identity is unique.

Proof. Suppose that e and f are both identities for a binary operation ∗ on a set A.
Then e = e ∗ f = f . The first equality holds because f is an identity. The second holds
because e is an identity.

Lemma 1.2 If a ∈ A has an inverse with respect to an associative binary operation ∗

on A, then the inverse is unique.

Proof. Suppose that b and c are both inverses for a. Then b = b ∗ (a ∗ c) = (b ∗ a) ∗ c = c.

The first equality holds because a ∗ c is an identity, the second because ∗ is associative,
and the third because b ∗ a is an identity.
1.3. GROUPS 5

In the last result, the associativity of ∗ is definitely used in the proof. In fact the
result is not in general true for nonassociative binary operations.

1.3 Groups

Definition A group (G, ∗) is a set G together with a binary operation ∗ on G such

that

1. ∗ is associative;

2. there is an identity e ∈ G for ∗;

3. every element of G has an inverse with respect to ∗.

If the binary operation ∗ is also commutative, then G is called a commutative, or

abelian group (after a 19th century Norwegian mathematician Niels Abel1 ).
Examples

1. Z, Q, R and C are all abelian groups with respect to addition. In each case 0 is
the identity and the inverse of x is −x.

2. Any vector space V is a group with respect to vector addition. The identity is
the zero vector, and the inverse of v ∈ V is −v.

3. The set Q∗ of nonzero rational numbers is a group with respect to multiplication.

The identity is 1, and the inverse of ab is ab . Similarly the sets R∗ and C∗ of nonzero
real and complex numbers, respectively, are groups with respect to multiplication.

4. The set S 1 = {z ∈ C : |z| = 1} of complex numbers of modulus 1 is a group with

respect to multiplication of complex numbers.

5. The set of invertible n × n matrices forms a group with respect to matrix multi-
plication. The identity element is the n × n identity matrix In .

6. Let X be a set. Then the set S(X) of all permutations of X, that is, bijective
maps X → X, forms a group with respect to composition of maps. The identity
map X → X is the identity element. This group is called the symmetric group on
X. In the particular case where X is the set {1, 2, . . . , n}, this group is denoted
Sn , and called the symmetric group of degree n.
1
http://www-history.mcs.st-andrews.ac.uk/history/Mathematicians/Abel.html
6 CHAPTER 1. REVISION OF GROUP THEORY

7. Let n > 0 be an integer, and let Zn denote the set {0, 1, . . . , n − 1}. Define a
binary operation ∗ on Zn by a ∗ b = a + b if a + b < n, and a ∗ b = a + b − n
otherwise. Then Zn is an abelian group with respect to ∗, with identity 0. The
inverse of a > 0 in Zn is n−a (the inverse of 0 is 0). This group is called the cyclic
group of order n. The binary operation ∗ is usually denoted +, and referred to
as addition modulo n.

1.4 Cayley tables

One way of describing a binary operation ∗ on a set G (provided G is not too big) is
to form a grid with rows and columns labelled by the elements of G, and enter the
element a ∗ b in the cell in row a and column b (for all a, b ∈ G). This is called a
multiplication table or a Cayley table or (in the case where (G, ∗) is a group) a group
table.
Example
+ 0 1 2 3
0 0 1 2 3
1 1 2 3 0
2 2 3 0 1
3 3 0 1 2
This is the Cayley table for Z4 , the cyclic group of order 4.
Example
∗ e a b c
e e a b c
a a e c b
b b c e a
c c b a e
This describes a binary operation on the set G = {e, a, b, c} with respect to which
G is a group.
Two groups G and H are said to be isomorphic if they have Cayley tables which
are identical, except for relabelling of the elements. For example G = {1, i, −1, −i}
is a group with respect to multiplication of complex numbers. It is isomorphic to Z4 ,
because its Cayley table
× 1 i -1 -i
1 1 i -1 -i
i i -1 -i 1
-1 -1 -i 1 i
-i -i 1 i -1
1.5. SUBGROUPS 7

is identical to that of Z4 , if we relabel elements of Z4 by the rule 0 7→ 1, 1 7→ i,

2 7→ −1, 3 7→ −i (in other words, k 7→ ik , k = 0, 1, 2, 3).
Question Is the group G = {e, a, b, c} in the second example above isomorphic to Z4 ?
If G is a group containing only two elements, then G is isomorphic to Z2 . To see
this, note that one of the elements of G is the identity e. Let g be the other element
of G. The e ∗ g = g = g ∗ e, where ∗ is the binary operation in G. What is g −1 ? Since
g −1 ∗ g = e 6= g = e ∗ g, g −1 6= e, so g −1 = g. Hence g ∗ g = e, and this determines the
Cayley table of G as

∗ e g
e e g
g g e

Clearly this is the same as that of Z2 , using the relabelling 0 7→ e, 1 7→ g.

Exercise Show that any group containing exactly three elements is isomorphic to Z3 .

1.5 Subgroups
A subgroup of a group G is a subset H ⊆ G that is also a group with respect to the
same binary operation as G. Examples include Z as a subgroup of R (with respect to
addition), R∗ and S 1 as subgroups of C∗ with respect to multiplication.
It is important to recognise when a subset of a group G is actually a subgroup of
G. The following result gives a useful criterion.

Theorem 1.3 (The subgroup test) Let G be a group with respect to a binary operation
∗, and let H be a subset of G. Then H is a subgroup of G if and only if the following
three conditions are satisfied:

1. Closure: x ∗ y ∈ H ∀x, y ∈ H.

2. Identity: eG ∈ H, where eG is the identity element of G.

3. Inverse: x−1 ∈ H ∀x ∈ H, where x−1 is the inverse of x in G (with respect to ∗).

Proof. Suppose first that H is a subgroup with respect to ∗. Then in particular ∗ is

a binary operation on H, in other words a function H × H → H. Thus x ∗ y ∈ H
whenever x, y ∈ H, giving the closure property.
Being a group, H has an identity eH , say. Thus eH ∗ eH = eH in G, so

eG = eH ∗ e−1 −1 −1
H = (eH ∗ eH ) ∗ eH = eH ∗ (eH ∗ eH ) = eH ∗ eG = eH ∈ H

(where e−1
H denotes the inverse of eH in G, and all the calculations are carried out in
G.
8 CHAPTER 1. REVISION OF GROUP THEORY

Finally, let x ∈ H and let x denote the inverse of x in H. Then

x−1 = x−1 ∗ eG = x−1 ∗ eH = x−1 ∗ (x ∗ x) = (x−1 ∗ x) ∗ x = eG ∗ x = x ∈ H.

Conversely, suppose that H is a subset of G satisfying the three listed properties.

Since eG ∈ H, H is nonempty.
By the closure property, ∗ defines a binary operation on H.
This binary operation is associative, since it is already associative on the bigger set
G:

(x ∗ y) ∗ z = x ∗ (y ∗ z) ∀ x, y, z ∈ G ⇒ (x ∗ y) ∗ z = x ∗ (y ∗ z) ∀ x, y, z ∈ H.

Finally, for any x ∈ H, since x−1 ∈ H, x has an inverse in H.

Hence (H, ∗) is a group. In other words, H is a subgroup of G.
Examples

1. Let n > 0 be an integer and let nZ = {nx : x ∈ Z}, the set of integers divisible
by n. Then nZ is a subgroup of Z with respect to addition. For the closure
property, note that nx + ny = n(x + y). The identity element is 0 = n.0 ∈ nZ.
The inverse in Z of nx ∈ nZ is −(nx) = n(−x) ∈ nZ.

2. Let G be the group of n × n invertible matrices with respect to matrix multipli-

cation, and let H be the set of matrices A ∈ G such that det(A) = 1. Then H is
a subgroup of G. The closure property follows since det(AB) = det(A) det(B);
In ∈ H since det(In ) = 1; and finally if det(A) = 1 then det(A−1 ) = 1.

3. Let G = Sn and let H = {σ ∈ G : σ(1) = 1}. Then H is a subgroup of G. To

check the closure property, if σ, τ ∈ H then σ(1) = τ (1) = 1, so (σ ◦ τ )(1) =
σ(τ (1)) = σ(1) = 1, and so σ ◦ τ ∈ H. Clearly the identity map sends 1 to 1, so
belongs to H. Finally, if σ ∈ H then σ(1) = 1, so σ −1 (1) = 1 and σ −1 ∈ H.

Definition The order of a group G is the number of elements in G (finite or infinite).

It is denoted |G|. Note that |G| ≥ 1, since every group contains at least one element,
namely the identity. The order of an element g ∈ G is the least positive integer k such
that g k is equal to the identity element of G, where g k denotes g ∗ g ∗ . . . ∗ g (k times).
If no such positive integer k exists, then g has infinite order.

Lemma 1.4 Let G be a group and g ∈ G. Then the set hgi = {g k : k ∈ Z} is a

subgroup of G, and its order is equal to that of g.

(Here g 0 = eG , g −1 is the inverse of g in G, and if k > 0 then g −k denotes (g −1 )k ,

which is the inverse of g k .)
1.6. HOMOMORPHISMS 9

Proof. The set hgi is clearly nonempty and closed under ∗. It contains eG = g 0 , and the
inverse g −k of each of its elements g k . Hence hgi is a subgroup of G, by the subgroup
test.
Suppose that there are integers j < k with g j = g k . Then g k−j = eG , so g has finite
order n ≤ k − j. It follows that the n elements g 0 = eG , g 1 = g, g 2 , . . . , g n−1 of G are
pairwise distinct elements of hgi, so |hgi| ≥ n.
On the other hand, every integer k can be expressed in the form k = an + b for
some k ∈ Z and some b = 0, 1, . . . , n − 1, so

g k = (g n )a g b = (eG )a g b = g b ∈ {g 0 , g 1 , . . . , g n−1 },

and |hgi| ≤ n.
Hence |hgi| = n.
If g j 6= g k whenever j 6= k, then in particular g k 6= eG whenever k > 0, so g has
infinite order. In this case hgi also has infinite order, since the elements g k , k ∈ Z, are
pairwise distinct.

Theorem 1.5 (Lagrange’s Theorem) Let G be a finite group and H a subgroup of G.

Then the order of H divides that of G.

Corollary 1.6 Let G be a group and g ∈ G. Then the order of g divides that of G.

Definition Let H be a subgroup of G, and g ∈ G. Then the left coset of H in G

represented by g is the subset gH = {gh, h ∈ H} of G, and the right coset of H in G
represented by g is the subset Hg = {hg, h ∈ H} of G.
Exercise Show that:
1. the left cosets form a partition of G;
2. the map h 7→ gh is a bijection from H to gH.
Hence prove Lagrange’s Theorem.
Definition A subgroup N ⊂ G is normal if each left coset is also a right coset. (That
is gN = N g for all g ∈ G.) Equivalently, gng −1 ∈ N for all g ∈ G and all n ∈ N .

1.6 Homomorphisms
Definition Let (G, ∗) and (H, †) be groups. A map f : G → H is a homomorphism if

f (x ∗ y) = f (x)†f (y) ∀ x, y ∈ G.

Example The exponential map from (R, +) to (R+ , ×) is a homomorphism (since

exp(x + y) = exp(x) exp(y)).
10 CHAPTER 1. REVISION OF GROUP THEORY

Lemma 1.7 Let f : G → H be a homomorphism. Then the image of f ,

Im(f ) := {f (x), x ∈ G} ⊂ H,

is a subgroup of H, and the kernel of f ,

Ker(f ) := {x ∈ G, f (x) = eH } ⊂ G,

is a normal subgroup of G.

Proof. I will prove the first part, and leave the second as an exercise – see the example
sheet at the end of this chapter.
We use the subgroup test to check that I := Im(f ) is a subgroup of H.
Firstly, the closure property. If x, y ∈ I, then there are elements a, b ∈ G such that
f (a) = x and f (b) = y (by definition of Im(f )). Then, since f is a homomorphism, we
have
x†y = f (a)†f (b) = f (a ∗ b) ∈ Im(f ) = I.
Next, the identity property. Let eH be the identity element of H, and eG the identity
element of G. Then
f (eG )†f (eG ) = f (eG ∗ eG ) = f (eG ),
so

f (eG ) = f (eG )−1 †f (eG ) †f (eG ) = f (eG )−1 † (f (eG )†f (eG )) = f (eG )−1 †f (eG ) = eH .

In particular, eH = f (eG ) ∈ Im(f ) = I.

Finally, the inverse property. If x = f (a) ∈ Im(f ) = I, then

x†f (a−1 ) = f (a)†f (a−1 ) = f (a ∗ a−1 ) = f (eG ) = eH ,

, so x−1 = f (a−1 ) ∈ Im(f ) = I.

Hence Im(f ) is a subgroup of H, as claimed.
Clearly, a homomorphism f : G → H is surjective iff Im(f ) = H. Less obvi-
ously (but easily checked), it is injective iff Ker(f ) = {eG }, the trivial subgroup of
G. A homomorphism that is both injective and surjective (ie bijective) is called an
isomorphism, and two groups G, H are isomorphic (denoted G ∼ = H) if there is an
isomorphism G → H.
(Exercise: understand why this is the same thing as the less formal definition of iso-
morphic groups given earlier.)
(Another exercise: check that ∼= is an equivalence relation between groups.)
Example The exponential map from (R, +) to (R+ , ×) is an isomorphism. It is a
homomorphism, and bijective (with inverse ln : R+ → R). Hence the groups (R, +)
and (R+ , ×) are isomorphic.
1.7. QUOTIENT GROUPS 11

1.7 Quotient Groups

Let G be a group, and N a normal subgroup. The quotient group (or factor group) of G
G
by N , denoted G/N or N , is defined to be the set of left cosets gN for all g ∈ G. (Since
N is normal, this is the same as the set of right cosets N g.) The binary operation on
G/N is defined by
(xN )(yN ) := (xy)N ∀ x, y ∈ G.
Of course, one needs to check some things - firstly that the definition does not depend
on the choices x, y of representatives of the two cosets, and then that the resulting
binary operation on G/N satisfies all the axioms for a group.
Let us check the first of these. The second will be an exercise: see the example
sheet at the end of the chapter.
Suppose that x0 , y 0 are different choices of coset representatives. In other words,
x N = xN and y 0 N = yN . Then x0 = xn1 and y 0 = yn2 for some n1 , n2 ∈ N . We must
0

show that (x0 y 0 )N = (xy)N .

Now

(x0 y 0 )N = xn1 yn2 N = xn1 (yN ) = xn1 (N y) = x(n1 N )y = x(N y) = x(yN ) = (xy)N.

More specifically, since n1 y ∈ N y = yN , there is an element n3 ∈ N with n1 y = yn3 .

Then
xn1 yn2 = (xy)(n3 n2 ) ∈ (xy)N.

Example The set 2Z of even integers is a normal subgroup of the group (Z, +). The
quotient group Z/2Z has two elements: 0 + 2Z = 2Z (the set of all even integers and
1 + 2Z (the set of all odd integers). The Cayley table of this group is:

+ 0 + 2Z 1 + 2Z
0 + 2Z 0 + 2Z 1 + 2Z
1 + 2Z 1 + 2Z 0 + 2Z

Note that this is just like addition modulo 2. In fact Z/2Z ∼

= Z2 . This is a special
case of an important theorem.

Theorem 1.8 (First Isomorphism Theorem) Let f : G → H be a homomorphism.

Then
G ∼
= Im(f ).
Ker(f )

Proof. Let K = Ker(f ) and I = Im(f ). We must define a map θ : G/K → I and prove
that it is an isomorphism.
There is only one natural way to define θ: namely θ(gK) := f (g) ∈ I.
12 CHAPTER 1. REVISION OF GROUP THEORY

First, we should check that this is well-defined. In other words, given a different
choice of coset representative g 0 ∈ gK, the definition gives the same element of I for
θ(g 0 K) = θ(gK). We can write g 0 = gk for some k ∈ K. Then

f (g 0 ) = f (gk) = f (g)f (k) = f (g)eH = f (g).

Hence θ is indeed well-defined.

Next, we should check that θ is a homomorphism. But

θ(g1 K.g2 K) = θ((g1 g2 )K) = f (g1 g2 ) = f (g1 )f (g2 ) = θ(g1 K)θ(g2 K).

Next, that θ is surjective. But if x ∈ I then x = f (a) for some a ∈ G. Then

x = θ(aK).
Finally, that θ is injective. Suppose that θ(gK) = θ(g 0 K). Then f (g) = f (g 0 ), so

f (g −1 g 0 ) = f (g −1 )f (g 0 ) = f (g)−1 f (g) = eH ,

so g −1 g 0 ∈ Ker(f ) = K, so g 0 K = gK.

1.8 Finitely generated abelian groups

An abelian group (A, +) is said to be generated by a finite set S = {s1 , . . . , sk } if every
element of A can be expressed as a = n1 s1 + · · · + nk sk for some integers n1 , . . . , nk .
Here, for n ∈ Z and s ∈ A, we define ns = (−n)(−s) ∈ A by induction on |n| by
0s = 0A (the identity element of A, and (n + 1)s = ns + s for n ≥ 0.
Finitely generated abelian groups are completely understood, in the sense that we
have the following structure theorem for them.

Theorem 1.9 If A is a finitely generated abelian group, there are integers r, s ≥ 0

and m(1), . . . , m(s) ≥ 2, which are uniquely determined by A, such that m(i) divides
m(i + 1) for 1 ≤ i ≤ s − 1, and

A∼
= Zr × Zm(1) × · · · × Zm(s) .

Corollary 1.10 If A is a finite abelian group, then there are integers s ≥ 0 and
m(1), . . . , m(s) ≥ 2, which are uniquely determined by A, such that m(i) divides m(i +
1) for 1 ≤ i ≤ s − 1, and
A∼= Zm(1) × · · · × Zm(s) .
1.8. FINITELY GENERATED ABELIAN GROUPS 13

Exercises on group theory

1. Define a binary operation ∗ on the set G = R \ {0} by a ∗ b = 5ab for all a, b ∈ G.
Show that (G, ∗) is a group, and determine whether or not it is an abelian group.

2. Let M = Mn (R) be the set of 3 × 3 matrices with real coefficients, and let S ⊂ M
be the set of symmetric matrices (that is, matrices A such that A = AT ). Use the
subgroup test to show that S is a subgroup of (M, +) (where + denotes matrix
addition).

3. Find all subgroups of the group Z8 .

4. Let φ: G → G0 be a homomorphism of groups. Prove that Ker(φ) is a normal

subgroup of G.

5. Let H be a normal subgroup of (G, ∗). Define an operation ⊕ on cosets by

(a ∗ H) ⊕ (b ∗ H) = (a ∗ b) ∗ H

Assuming this is well defined (as shown in the notes) show that this gives (G/H, ⊕)
the structure of a group.

6. Describe the elements in each of the following quotient groups (i.e. describe the
appropriate cosets).

(i) C/R;
(ii) Z/3Z;

Can these quotient groups be described in more familiar terms i.e. are they
isomorphic to other groups you know about?

7. Let S = {x ∈ R : x 6= −1}. If the binary operation ∗ is defined by a∗b = a+b+ab,

show that (S, ∗) is a group. Prove that (S, ∗) is isomorphic to (R \ {0}, ·).

8. Let n ∈ N. Use the First Isomorphism Theorem for Groups to show that Z/nZ ∼
=
Zn . [Hint: Define an appropriate function φ: Z → Zn ].
14 CHAPTER 1. REVISION OF GROUP THEORY
Chapter 2

Rings, fields and integral domains

2.1 Rings
Definition A ring (R, +, ·) is a set R together with two binary operations + (called
addition) and · (called multiplication) that satisfy the following axioms.

1. (R, +) is an abelian group. In other words, + is associative and commutative,

with an identity (which we denote 0 or 0R ), and each element x ∈ R has an
inverse with respect to + (which we denote −x).

2. · is associative. That is, x(yz) = (xy)z ∀ x, y, z ∈ R.

3. · is left distributive and right distributive over +. That is,

(a) x(y + z) = (xy) + (xz) ∀ x, y, z ∈ R.

(b) (y + z)x = (yx) + (zx) ∀ x, y, z ∈ R.

Remarks

1. Multiplication · need not be commutative. If it is, then we say that R is a

commutative ring. (In this case, the left and right distributive conditions are
equivalent.)

2. R need not have an identity for ·. If it does, then we often denote it by 1 or 1R .

We then say that R is a ring with identity, or ring with unity.

3. If R has an identity 1, then elements of R do not in general have inverses with

respect to multiplication. Those elements that do have inverses are called invert-
ible elements or units of R. If R is a ring with identity, then the units of R form
a group U (R).

15
16 CHAPTER 2. RINGS, FIELDS AND INTEGRAL DOMAINS

Examples

1. Z, Q, R, C are commutative rings with identity, with the usual operations of

addition and multiplication.
√
2. Let S = {m + n 2; m, n ∈ Z} ⊂ R, and let +, · be the usual addition and
multiplication of real numbers. Then (S, +, ·) is a commutative ring with identity.
To see this, note first
√ that S is closed
√ with respect to addition √ and additive
inverses: √ (m1 + n1 2) + (m2 √ + n2 2) = (m1 + m2 ) + (n1 + n2 ) 2 ∈ S and √
−(m + n 2) = (−m) + (−n) 2 ∈ S, and contains the identity 0 = 0 + 0 2
of (R, +), so is a subgroup of (R, +) by the subgroup test. Addition in S is
commutative, since it is commutative in the larger group R. Hence S is an
abelian group.
√ √
Also, S is closed under multiplication,
√ since (m 1 + n 1 2)(m 2 + n 2 2) = (m1 m2 +
2n1 n2 ) + (m1 n2 + m2 n1 ) 2 ∈ S. Hence multiplication in R gives a binary oper-
ation S × S → S on S. The associative and distributive properties of · in S hold
because they hold in the larger set R.

3. For similar reasons, the set Z[i] := {m + ni; m, n ∈ Z} ⊂ C is a ring with respect
to addition and multiplication of complex numbers, where i ∈ C denotes a square
root of −1.
The elements of Z[i] are called Gaussian integers.

4. Let n ≥ 2 be an integer. Then the set Zn = {0, 1, . . . , n − 1} is a commutative

ring with identity, with respect to addition and multiplication modulo n:
ab mod n is the integer r ∈ Zn such that ab = qn + r in Z for some q ∈ Z.

5. Let Mn (R) denote the set of all n × n matrices with real entries. Then Mn (R) is
a ring with respect to addition and multiplication of matrices. It has an identity,
namely the n × n identity matrix I = In . It is not commutative when n ≥ 2,
since, for example,
         
1 1 1 0 2 1 1 1 1 0 1 1
= 6= = .
0 1 1 1 1 1 1 2 1 1 0 1

Similarly, the sets Mn (Z), Mn (Q), Mn (C) of n × n matrices with integer, rational
and complex entries, respectively, are noncommutative rings with identity, under
addition and multiplication of matrices.

6. Let X be any set, and let RX denote the set of all functions X → R. Define
addition and multiplication pointwise on RX , that is:

(f + g)(x) := f (x) + g(x) ∀ x ∈ X; (f g)(x) := f (x)g(x) ∀ x ∈ X.

2.2. PRODUCT RINGS 17

Then RX is a commutative ring with identity. The additive identity is the con-
stant function 0, and the multiplicative identity is the constant function 1.

7. Define R[x] to be the set of all polynomials with real coefficients in the variable
x. Elements of R[x] are formal sums
m
X
p(x) = ak xk = am xm + am−1 xm−1 + · · · + a1 x + a0 ,
k=0

where m ∈ N and a0 , a1 , . . . , am ∈ R. We can also think of a polynomial p(x) as

a function p : R → R defined by the above formula.
There is a natural way to define addition and multiplication on R[x]. As functions,
p(x) + q(x) and p(x)q(x) are defined pointwise, as in the previous example. As
formal sums, we can define these as follows.
m
X n
X N
X
ak x k + bk x k = ck xk ,
k=0 k=0 k=0

where N = max(m, n), ck = ak + bk for 0 ≤ k ≤ min(m, n), ck = ak if n < k ≤ m,

and ck = bk if m < k ≤ n.
m
! n ! m+n
X X X
ak x k bk x k = dk xk ,
k=0 k=0 k=0
P
where dk = {ai bj ; 0 ≤ i ≤ m, 0 ≤ j ≤ n, i + j = k}.
A polynomial p(x) = a0 (with m = 0) is constant. The constant polynomial 0 is
an additive identity, and the constant polynomial 1 is a multiplicative identity. A
nonconstant polynomial can be uniquely written as p(x) = am xm + am−1 xm−1 +
· · · + a1 x + a0 with m > 0 and am 6= 0. The integer m is then called the degree
of the polynomial p(x). Constant polynomials have degree 0.
It is not hard to check that R[x] is a commutative ring with identity. The units
of R[x] are precisely the nonzero constant polynomials.
In a similar way, we can construct rings Z[x], Q[x], C[x] of polynomials in one
variable x with coefficients from Z, Q, C respectively.

2.2 Product rings

Suppose that R, S are two rings. We consider the set R × S of ordered pairs (r, s) with
r ∈ R and s ∈ S, and define addition and multiplication on this set coordinatewise:

(r1 , s1 ) + (r2 , s2 ) = (r1 + r2 , s1 + s2 ), (r1 , s1 )(r2 , s2 ) = (r1 r2 , s1 s2 ),

18 CHAPTER 2. RINGS, FIELDS AND INTEGRAL DOMAINS

where the operations in the first coordinate position are taking place in R and those
in the second coordinate position are taking place in S.
It is easy to check that this makes R × S into a ring. The additive identity is
(0R , 0S ).
If (a, b) ∈ R × S is a multiplicative identity, than for any (r, s) ∈ R × S we have
(ar, bs) = (a, b)(r, s) = (r, s) = (r, s)(a, b) = (ra, sb),
so ar = r = ra in R and bs = s = sb in S. In other words, a is a multiplicative
identity in R and b is a multiplicative identity in S. Conversely, if each ring R, S has
an identity, then R × S has an identity (1R , 1S ).

2.3 Some elementary properties

The following result lists some easy facts which are true in any ring.
Lemma 2.1 Let R be a ring, and let a, b, c ∈ R. Then
1. if a + b = a + c, then b = c;
2. a.0 = 0 = 0.a;
3. (−a)b = −(ab) = a(−b);
4. (−a)(−b) = ab.
Proof.
1. This follows from the fact that (R, +) is a group. In detail:
b = 0 + b = (−a + a) + b = −a + (a + b) = −a + (a + c) = (−a + a) + c = 0 + c = c.

2. 0 = 0 + 0, so
0 + 0a = 0a = (0 + 0)a = 0a + 0a.
By the previous property, 0 = 0a. Similarly 0 = a0.
3. ab + (−a)b = (a − a)b = 0b = 0, so (−a)b = −(ab). Similarly a(−b) = −(ab).
4. By the previous property, ab = −(−ab) = −(a(−b)) = (−a)(−b).

Remark The first property in the above lemma says that addition is cancellative –
we can cancel an equal term from each side of an equation involving addition. The
corresponding property is not true in general for multiplication. In other words, it is
possible that ab = ac but b 6= c. Easy examples of this come from the second property
by taking a = 0: 0b = 0 = 0c for all b, c ∈ R. But there are also more subtle examples
of this phenomenon, such as a = 2, b = 1, c = 7 in Z12 : ab = 2 = ac in Z12 , but b 6= c
in Z12 .
2.4. SUBRINGS 19

2.4 Subrings
Just as we can find many examples of groups as subgroups of other groups, many rings
naturally exist as subrings of other rings.
Definition A subring of a ring R is a subset S of R which is itself a ring with respect
to the same addition and multiplication as R.
Examples

1. Each of Z, Q, R, Z[i] is a subring of C.

2. R[x] can be thought of as a subring of RR (the ring of all functions R → R with

pointwise addition and multiplication). Here we think of polynomials as functions
R → R and note that addition and multiplication are defined pointwise.

3. Mn (Z) is a subring of Mn (R), etc.

There is an easy test for a subset of a ring to be a subring, analogous to the subgroup
test in group theory.

Lemma 2.2 (The Subring Test) A subset S of a ring R is a subring if and only if

1. S is a subgroup of (R, +) (which can be checked using the subgroup test);

2. S is closed under multiplication (x, y ∈ S ⇒ xy ∈ S).

Proof. Suppose that S is a subring of R. Then it is a ring with respect to the addition
and multiplication of R. In particular it is a group with respect to the addition of
R, in other words a subgroup of (R, +). It must also be closed with respect to the
multiplication of R, since multiplication on R gives a binary operation on S.
Conversely, suppose that the two conditions of the lemma hold. In particular, the
addition and multiplication of R give binary operations on S, and (S, +) is a group,
being a subgroup of (R, +). Indeed, since (R, +) is an abelian group, so is any of its
subgroups, so (S, +) is an abelian group. Multiplication on S is associative, since it is
associative on the larger set R. For the same reason, multiplication on S is both left
and right distributive over +. Hence (S, +, ·) is a ring, so S is a subring of R.
Remark If R is a commutative ring, then every subring of R is also commutative. If
R has identity, then a subring of R may have identity, but need not.
Examples

1. The set 2Z of all even integers is a subring of Z. It is a subgroup of (Z, +) which

is closed with respect to multiplication. This subring is of course commutative,
but has no identity (since, for example, 2n 6= 2 for any even integer n).
20 CHAPTER 2. RINGS, FIELDS AND INTEGRAL DOMAINS

2. The set S of 2 × 2 matrices

  
a b
S= : a, b, d ∈ R
0 d

is a subring of M2 (R). Clearly S is a subgroup of (M2 (R), +), and it is easy to

check that the product of two matrices in S also belongs to S. This ring S is
not commutative. (See this by writing down a formula for the product of two
matrices in S, for example.) It contains the identity matrix I2 , which is clearly
an identity for S also.

3. The set T of 2 × 2 matrices

  
a 0
S= : a∈R
0 0

is a commutative subring of M2 (R). It does not contain the identity matrix of

M2 (R). Nevertheless, the matrix
 
1 0
0 0

belongs to T and acts as an identity for T .

2.5 Fields
A ring is an algebraic object in which we can add, subtract, and multiply, but not
necessarily divide (since elements do not need to have inverses).
In many of our nicest rings (such as Q or C, we can divide by any element except
0, since every nonzero element has an inverse. Rings like this are called fields.
Definition A field is a commutative ring with identity element 1 6= 0, in which every
nonzero element x 6= 0 has an inverse x−1 .
Remark It is important to allow 0 to be an exceptional element with no inverse.
Suppose that R is a ring with identity, in which 0 has an inverse. Then 1 = 0.0−1 = 0,
and so, for each r ∈ R, we have r = 1.r = 0.r = 0. In other words, R = {0}, which is
a ring but not a very interesting one.
Examples

1. Q, R and C are fields with respect to the usual addition and multiplication.

2. The subring Q[i] := {a + bi ∈ C; a, b ∈ Q} of C is a field, called the field of

Gaussian rationals.
2.5. FIELDS 21

To check that it is a subring, we use the subring test: Q[i] is closed under addition
and multiplication ((a + bi) + (c + di) = (a + c) + (b + d)i ∈ Q[i], (a + bi)(c + di) =
(ac − bd) + (ad + bc)i ∈ Q[i]); contains the zero element 0 + 0i, and the additive
inverse −a − bi of each of its elements a + bi.
Q[i] is certainly commutative, being a subring of C, and it contains the identity
1 = 1 + 0i of C. Finally, if a + bi 6= 0 in Q[i], then its multiplicative inverse is
a − bi
∈ Q[i].
a2 + b 2
3. Zp is a field if p is a prime number.
We already know that Zp is a commutative ring with identity, so we need only
check that every nonzero element has an inverse. Suppose x 6= 0 in Zp . Consider
the map f : Zp → Zp given by f (k) = xk mod p. If f (j) = f (k) for some j, k
with 0 ≤ j < k < p, then x(k − j) = xk − xj = f (k) − f (j) = 0 in Zp , so the
integer x(k − j) is divisible by the prime number p, and hence one of x, k − j is
divisible by p (since p is a prime). But this is a contradiction, since 0 < x < p
and 0 < k − j < p by hypothesis.
Hence f is injective, and so by the pigeonhole principle it is also surjective. Hence
there is a (unique) y ∈ Zp with xy = f (y) = 1.
4. Let F denote the set {0, 1, x, y} of four elements, and let addition and multipli-
cation on F be defined by the Cayley tables:

+ 0 1 x y × 0 1 x y
0 0 1 x y 0 0 0 0 0
1 1 0 y x 1 0 1 x y
x x y 0 1 x 0 x y 1
y y x 1 0 y 0 y 1 x

Then (F, +, ×) is a field. (Exercise: check the field axioms for F .)

 
a b
5. Let H denote the subset of M2 (C) consisting of matrices A = where
−b a
a, b ∈ C and · denotes the complex conjugate. Then H is a subring of M2 (C)
which contains the identity matrix I2 . Moreover, if A 6= 0 in H,  then det(A)
 =
1 a −b
|a|2 + |b|2 > 0, so A is invertible, and its inverse A−1 = ∈ H.
det(A) b a
Hence every nonzero element of H has an inverse.
However, H is not a field, since it is not commutative.
The ring H is known as the Quaternions, or Hamiltonians. It is an example of
a division-ring, or skew-field – a ring which is not necessarily commutative, in
which every nonzero element is a unit.
22 CHAPTER 2. RINGS, FIELDS AND INTEGRAL DOMAINS

Remark In a field F , the group of units is U (F ) = F \ {0}. When F is finite, the

Cayley table for U (F ) can be found from the multiplication table for F by stripping
off the row and column marked 0.
For the 4-element field in the example above, the unit group is clearly isomorphic
to the cyclic group of order 3. For the field Z5 we have, for example, 22 = 4, 23 = 3,
24 = 1, so 2 has order 4 in U (Z5 ), and U (Z5 ) is isomorphic to the cyclic group of order
4.

2.6 Integral domains

Definition A zero-divisor, or divisor of zero in a ring R is an element x ∈ R such that
x 6= 0, but xy = 0 in R for some y ∈ R with y 6= 0.
Example. In Z6 we have 2 × 3 = 0 = 3 × 2, so 2 and 3 are zero-divisors.
In a field F , there are no zero-divisors. For example, if xy = 0 with x 6= 0, then
y = 1y = (x−1 x)y = x−1 (xy) = x−1 0 = 0.
It follows that the same property holds for subrings of fields. If F is a field, and R
a subring of F , then any zero-divisor in R would also be a zero-divisor in F .
In particular, Z has no zero-divisors. The notion of integral domain is intended to
mean a ring with properties resembling those of Z.
Definition An integral domain is a commutative ring with identity, in which there are
no zero-divisors.
Examples
1. Any field is an integral domain. In particular, Q, R, C are integral domains, as
is Zp for any prime number p.

2. Any subring of a field, which contains the identity, is an integral domain. In

particular the ring of integers Z and the ring of Gaussian integers Z[i] are integral
domains.

3. If R is an integral domain, then so is the ring R[x] of polynomials with coefficients

in R. Certainly R[x] is a commutative ring with identity. To see that R[x] has no
zero-divisors, suppose that p(x) = am xm + . . . and q(x) = bn xn + . . . are nonzero
polynomials in R[x] of degrees m, n respectively. Then am 6= 0 6= bn in R. Since
R is an integral domain, am bn 6= 0, so

p(x)q(x) = am bn xm+n + . . .

is a nonzero polynomial of degree m + n in R[x].

A useful property of integral domains is that multiplication by nonzero elements is

cancellative.
2.6. INTEGRAL DOMAINS 23

Lemma 2.3 Let R be an integral domain, and a, b, c ∈ R such that ac = bc and c 6= 0.

Then a = b.

Proof. By hypothesis, (a − b)c = ac − bc = 0. But c 6= 0 and R has no zero divisors, so

a − b = 0. Thus a = b as claimed.
The following result is a generalisation of the fact that Zp is a field for any prime
p. It is proved in exactly the same way.

Theorem 2.4 Every finite integral domain is a field.

Proof. Let R be a finite integral domain. Then R is a commutative ring with identity.
To prove that R is a field, we need only check that every nonzero element has an
inverse.
Suppose that x ∈ R with x 6= 0. Then, by the Lemma above, xy 6= xz whenever
y 6= z in R. Thus the map f : R → R defined by f (y) = xy is injective. Since R is
finite, the pigeonhole principle implies that f is also surjective. In particular, ∃ y ∈ R
with xy = f (y) = 1R . Hence x has an inverse, as required.
24 CHAPTER 2. RINGS, FIELDS AND INTEGRAL DOMAINS

Exercises on rings, fields and integral domains

1. Which of the following are rings?

(a) (S, +, ·), where S = {2k + 1 : k ∈ Z} ∪ {0} and + and · denote the usual
addition and multiplication of real numbers.
(b) (S, +, ·), where S denotes the family of all functions from R to R, and +
and · denote the usual (pointwise) addition and multiplication of functions:
(f + g)(x) = f (x) + g(x), (f g)(x) = f (x)g(x).
(c) (S, +, ◦), where S denotes the family of all functions from R to R, and +
denotes pointwise addition and ◦ denotes composition of functions.
(d) (S, +, ·), where S is the family of all subsets of a given set E and + and ·
are defined by

A + B = (A \ B) ∪ (B \ A) ; A·B =A∩B.

2. Find all the units in the rings Z4 , Z6 , and Z3 × Z3 .

3. In the ring Z48 , find all elements x satisfying x2 = 0, and all elements y satisfying
y 3 = 0.

4. In the ring Z7 × Z7 , find all elements x satisfying x2 = (−1, 1), and all elements
y satisfying y 3 = (1, 0).

5. Let (R, +, ·) be a ring such that x2 = x for all x ∈ R. Show that for all x, y ∈ R,
xy = −yx. [Hint: consider (x + y)2 .] Deduce that R is commutative.

6. Let S denote the set of all rational numbers of the form a/2n , where a, n ∈ Z
and n ≥ 0. Show that S is a subring of Q.

7. Show that the set R of complex numbers of the form a + 2bi, with a, b ∈ Z, is a
subring of C.

8. Which of the following are subrings of C?

(a) {z ∈ C : |z| = 1}.

(b) {0 + iy; y ∈ R}.
√
(c) {(a + ib 3); a, b ∈ Z}.
√
(d) {(a + ib 3)/2; a, b ∈ Z, a + b even}.

9. Show that (R, ⊕, ⊗) is a field where

a ⊕ b = a + b + 1; a ⊗ b = a + b + ab .
2.6. INTEGRAL DOMAINS 25

10. Let (F, +, ·) be a field and let x, y ∈ F . Is it necessarily true that x3 = y 3 implies
x = y?

11. Let p be a prime number. Find all elements in the field (Zp , +, ·) which are their
own multiplicative inverses.

12. Let R and S be two rings, each with more than one element. Show that there are
nonzero elements x and y in R × S such that xy = 0. In the case where R = Z2
and S = Z3 , find all such pairs x, y ∈ R × S.

13. Determine the units and the divisors of zero of (Z12 , +, ·). Write down the group
table of the group of units of Z12 .

14. Show that Z × Z is not an integral domain.

15. Show that a subring R 6= {0} of a field F is an integral domain if and only if
1F ∈ R.

16. Let (R, +, ·) be a commutative ring with identity. Prove that R is an integral
domain if for a, b, c ∈ R with a 6= 0 the relation ab = ac implies that b = c.
26 CHAPTER 2. RINGS, FIELDS AND INTEGRAL DOMAINS
Chapter 3

Homomorphisms, ideals, and

quotient rings

In group theory, we construct the quotient group G/N of a group G over a normal
subgroup N . The normal subgroups are precisely the kernels of homomorphisms be-
tween groups. In this chapter we follow the entirely analogous story in ring theory. As
in group theory, a ring homomorphism is a map which respects the binary operations.
The analogue of a normal subgroup is something called an ideal in a ring. Given an
ideal, we can construct a quotient ring.

3.1 Homomorphisms
Definition A homomorphism from a ring R to a ring S is a map f : R → S such that

f (x + y) = f (x) + f (y) and f (xy) = f (x)f (y) ∀ x, y ∈ R.

(In each case the operation of + or · on the left side of the equation takes place in R,
while that on the right side takes place in S.)
If the homomorphism f : R → S is bijective, then it is called an isomorphism, and
we say that the rings R and S are isomorphic (denoted R ∼ = S). The relation ∼= is an
equivalence relation between rings. We regard isomorphic rings as being ‘the same’.
If f : R → S is a homomorphism of rings, then in particular f is a homomorphism
of groups from (R, +) to (S, +). From this we have an immediate list of properties of
f:

1. f (0R ) = 0S ;

2. f (−x) = −f (x) ∀ x ∈ R;

3. Im(f ) is a subgroup of (S, +);

27
28 CHAPTER 3. HOMOMORPHISMS, IDEALS, AND QUOTIENT RINGS

4. Ker(f ) is a subgroup of (R, +). (Indeed, Ker(f ) is a normal subgroup of (R, +).
But in any case, since (R, +) is an abelian group, all its subgroups are normal.)

It is not true in general that f (1R ) = 1S , even when both rings R, S have identities.
For example, the map f : Z → Z × Z given by f (r) = (r, 0) is a homomorphism, but
f (1) 6= (1, 1). On the other hand, suppose that f : R → S is an isomorphism Then S
has an identity if and only if R has an identity, and in this case f (1R ) = 1S . To see
this, suppose that R has an identity, and let s ∈ S. Then

f (1R )s = f (1R )f (f −1 (s)) = f (1R f −1 (s)) = f (f −1 (s)) = s

and similarly sf (1R ) = s, so f (1R ) is an identity for S. Applying the same argument
to the isomorphism f −1 : S → R gives the converse.
Example The rings R and C are not isomorphic. The reason is that C contains a square
root of −1, but R does not. In detail, suppose that f : C → R is an isomorphism.
Then f (0) = 0, so f (1) 6= 0, since f is injective. But f (1) = f (12 ) = f (1)2 , so
f (1) ∈ R is a nonzero solution of the equation x2 = x. There is only one such
solution, namely x = 1, so f (1) = 1, and hence also f (−1) = −f (1) = −1. Finally,
f (i)2 = f (i2 ) = f (−1) = −1, so f (i) is a square root of −1 in R, a contradiction.
Remark This last example depends in a crucial way on the difference between the mul-
tiplicative structures of R and C. Indeed, as groups, (R, +) and (C, +) are isomorphic.
(They are vector spaces of equal infinite dimension over Q.)

Theorem 3.1 If f : R → S is a ring homomorphism, then Im(f ) = {s ∈ S : ∃ r ∈

R with f (r) = s} is a subring of S.

Proof. We have already noted that Im(f ) is a subgroup of (S, +) (since f is a group
homomorphism from (R, +) to (S, +)).
It only remains to show that Im(f ) is closed under multiplication. So suppose that
x, y ∈ Im(f ). Then there are elements a, b ∈ R such that f (a) = x and f (b) = y (by
definition of Im(f )). Since f is a homomorphism, we have

xy = f (a)f (b) = f (ab) ∈ Im(f ).

Examples

1. The map f : Z → Zn given by f (k) = k mod n is a homomorphism, by the

definition of addition and multiplication in Zn .

2. The map f : C → C given by f (z) = z (the complex conjugate of z), is a

homomorphism, since (w + z) = w + z and (wz) = w · z for all w, z ∈ C.
Moreover, since f is bijective, it is an isomorphism.
3.2. IDEALS 29

3. The map f : R → R given by f (x) = −x is not a ring homomorphism. It is

true that f (x + y) = f (x) + f (y), so f is a group homomorphism from (R, +)
to (R, +). But f (xy) = −xy, while f (x)f (y) = (−x)(−y) = xy, so if x 6= 0 6= y
then f (xy) 6= f (x)f (y).

4. If R is a ring with identity 1R ∈ R, we can define 2R := 1R +1R , 3R := 1R +1R +1R ,

etc. (Inductively, if n ∈ N and we have defined nR ∈ R, then we define (n+1)R :=
nR + 1R ∈ R.) We can also define (−n)R := −(nR ). Then f : Z → R, f (n) = nR ,
is a ring homomorphism: (m + n)R = mR + nR , (mn)R = mR nR . (These can
easily be checked by induction on |m| + |n|.)

5. If R is a ring with identity 1R ∈ R, and r ∈ R, then we can extend the ho-

momorphism Z → R, n 7→ nR , to a homomorphism φr : Z[x] → R, called the
evaluation homomorphism at r, by φr (p(x)) = p(r). Here we have to interpret
integers as belonging to R via n 7→ nR , substitute x = r in the polynomial p(x),
and evaluate
√ the result in R. For example, if p(x) = x2 + 3x − 4, R = C, and
r = i = −1, then φr (p(x)) = p(i) = i2 + 3i − 4 = −5 + 3i ∈ C.

3.2 Ideals
In this section we study ideals, which are the analogues of normal subgroups in group
theory. Thus ideals should be the objects that occur as kernels of ring homomorphisms.
Suppose then that R, S are rings, and that f : R → S is a ring homomorphism. We
know that Ker(f ) is a subgroup of (R, +). It is not difficult to see that in fact Ker(f )
is closed with respect to multiplication, so is a subring of R:

x, y ∈ Ker(f ) ⇒ f (xy) = f (x)f (y) = 0S 0S = 0S ⇒ xy ∈ Ker(f ).

However, a stronger property holds. In the above equation, in order for f (x)f (y)
to be 0 in S, we do not need both f (x), f (y) to be 0. It is sufficient for any one of
them to be 0 in S.
This suggests the following definition.
Definition An ideal in a ring R is a subset I ⊂ R such that

1. I is a subgroup of (R, +)

2. (∀ x ∈ I) (∀ r ∈ R) xr ∈ I and rx ∈ I.

Thus to check that a given subset I ⊂ R is an ideal of R, we check the above two
properties. For the first, we can use the subgroup test, or we may already know for
other reasons that I is a subgroup of (R, +). The key property to check is usually the
second property rx, xr ∈ I, which I will refer to as the ideal property. In practice, most
30 CHAPTER 3. HOMOMORPHISMS, IDEALS, AND QUOTIENT RINGS

of the rings that we consider will be commutative, in which case the two statements
xr ∈ I and rx ∈ I are equivalent (since rx = xr), so we need only check one of them.
Examples

1. For n ∈ N, the set nZ = {nk; k ∈ Z} is an ideal of Z.

We already know that nZ is a subgroup of (Z, +). To check the ideal property,
suppose that x = nk ∈ nZ and r ∈ Z. Then rx = xr = (nk)r = n(kr) ∈ nZ.

2. The set I = {p(x) ∈ R[x]; p(0) = 0} of polynomials with constant term 0 is an

ideal in R[x].
We first check that I is a subgroup of (R[x], +), using the subgroup test. If
p(x), q(x) ∈ I then p(0)+q(0) = 0+0 = 0, so p(x)+q(x) ∈ I; and −p(0) = −0 = 0
so −p(x) ∈ I. Clearly 0 ∈ I, so I is a subgroup of (R[x], +), as required.
Now if p(x) ∈ I and r(x) ∈ R[x], then p(0)r(0) = 0r(0) = 0, so p(x)r(x) ∈ I.
Since R[x] is commutative, we also have r(x)p(x) = p(x)r(x) ∈ I.

3. In any ring R, the sets {0} and R are ideals in R.

These are clearly subgroups of (R, +). The ideal property rx, xr ∈ I for all x ∈ I
and r ∈ R is trivially true for I = R, and for I = {0} it reduces to the property
we observed earlier, that 0r = 0 = r0 for all r ∈ R.

4. If f : R → S is a ring homomorphism, then Ker(f ) is an ideal in R.

Since f is a group isomorphism from (R, +) to (S, +), Ker(f ) is a subgroup of
(R, +). For the ideal property, suppose that x ∈ Ker(f ) and r ∈ R. Then

f (rx) = f (r)f (x) = f (r)0 = 0 = 0f (r) = f (x)f (r) = f (xr),

so rx, xr ∈ Ker(f ), as required.

5. If R is a commutative ring, and x ∈ R, then the set xR = {xr; r ∈ R} is an

ideal in R, called the principal ideal generated by x.
This generalises the example of nZ ⊂ Z above, and can be checked in a similar
way. Specifically, we show that xR is a subgroup of (R, +) using the subgroup
test: xr + xs = x(r + s) ∈ xR by the distributive law, 0 = x0 ∈ xR and −xr =
x(−r) ∈ xR. For the ideal property, if r, s ∈ R then s(xr) = (xr)s = x(rs) ∈ xR.

6. If R and S are rings, I is an ideal in R and J is an ideal in S, then I × J is an

ideal in R × S.
Suppose that w, x ∈ I, y, z ∈ J, r ∈ R and s ∈ S. Then (w, y) + (x, z) =
(w + x, y + z) ∈ I × J, (0, 0) ∈ I × J, −(x, z) = (−x, −z) ∈ I × J, (r, s)(x, z) =
(rx, sz) ∈ I × J, and (x, z)(r, s) = (xr, zs) ∈ I × J.
3.3. QUOTIENT RINGS 31

7. If F is a field, then the only ideals in F are {0} and F .

Suppose that I 6= {0} is an ideal in F . Since 0 ∈ I, there must be a nonzero
element x 6= 0 in I. If x is the inverse of x in F , and y ∈ F , then y = 1y =
(xx)y = x(xy) ∈ I. Hence I = F .

3.3 Quotient Rings

Let R be a ring and I an ideal of R. Then in particular I is a subgroup of (R, +).
Since + is commutative, I is in fact a normal subgroup of (R, +), so we can form the
quotient group R/I. The elements of R/I are the cosets r + I for r ∈ R. We will
denote the binary operation in this group as +, and we recall that this is defined by
the rule (r + I) + (s + I) := (r + s) + I.
We would like to make (R/I, +) into a ring, so we need to define a multiplication
on R/I. We do so in the obvious way, namely: (r + I) × (s + I) := (rs) + I.

Lemma 3.2 With + and × defined as above, (R/I, +, ×) is a ring.

Proof. We already know that (R/I, +) is a group. Indeed, it is an abelian group since
+ is commutative in R:

(r + I) + (s + I) = (r + s) + I = (s + r) + I = (s + I) + (r + I).

We need to check that × is well-defined on R/I. Suppose that r0 ∈ r + I and

s0 ∈ s + I. Say r0 = r + x, s0 = s + y, with x, y ∈ I. Then r0 s0 = (r + x)(s + y) = rs + z,
where z = xs + ry + xy. But xs, ry, xy ∈ I since x, y ∈ I and r, s ∈ R, by the
definition of ideal. Hence also z = xs + ry + xy ∈ I, by the definition of ideal. Thus
(r0 s0 ) + I = (rs) + I, so × is indeed well-defined on R/I.
We need to check that × is associative on R/I. But

(r + I)[(s + I)(t + I)] = (r + I)(st + I) = r(st) + I

= (rs)t + I = (rs + I)(t + I) = [(r + I)(s + I)](t + I),

using the fact that multiplication in R is associative.
We need to check that × is distributive over + in R/I. But

(r + I)[(s + I) + (t + I)] = (r + I)(s + t + I) = r(s + t) + I = (rs + rt) + I

= (rs + I) + (rt + I) = (r + I)(s + I) + (r + I)(t + I),

using the fact that multiplication in R is (left) distributive over +. Thus × is left
distributive over + in R/I. The right distributive property is verified in a similar way.
We have checked all the ring axioms for (R/I, +, ×), so the proof is complete.
32 CHAPTER 3. HOMOMORPHISMS, IDEALS, AND QUOTIENT RINGS

Examples
1. The quotient ring Z/nZ has n elements 0 + nZ, 1 + nZ, . . . (n − 1) + nZ. The sum
or product of two cosets a + nZ and b + nZ is the coset containing a + b or ab,
respectively. Thus addition and multiplication in Z/nZ are the same as in the
ring Zn , if we identify k ∈ Zn with the coset k + nZ in Z/nZ. In other words the
quotient ring Z/nZ is isomorphic to Zn .
2. Let I be the principal ideal (x2 + 1)R[x] in R[x]. Then for any m ≥ 2 the coset
xm +I is the same as the coset −xm−2 +I, since xm −(−xm−2 ) = (x2 +1)xm−2 ∈ I.
If p(x) = am xm + . . . + a1 x + a0 , then
p(x) + I = (am xm + I) + . . . + (a1 x + I) + (a0 + I) = (a + bx) + I,
where a = a0 − a2 + a4 − . . . and b = a1 − a3 + a5 − . . .. Hence every element of
R[x]/I can be (uniquely) expressed in the form (a + bx) + I with a, b ∈ R.
Addition and multiplication in R[x]/I are defined by
(a + bx + I) + (c + dx + I) = (a + c) + (b + d)x + I,
and
(a + bx + I)(c + dx + I) = ac + (ad + bc)x + bdx2 + I = (ac − bd) + (ad + bc)x + I.
These are similar to the rules for adding and multiplying complex numbers, and
indeed the quotient ring R[x]/I is isomorphic to C via the map (a+bx)+I 7→ a+bi.
3. Let I ⊂ R[x] be the principal ideal x2 R[x]. As in the previous example, each
coset in R[x]/I can be uniquely expressed as a + bx + I with a, b ∈ R. As
an additive group, R[x]/I ∼ = R2 ∼ = C, but the multiplication rule in R[x]/I
is different from that in C. We can regard R[x]/I as R2 with multiplication
given by (a, b)(c, d) = (ac, ad + bc). Note that (0, 1)2 = (0, 0) – or, equivalently,
(x + I)2 = x2 + I = I, so that R[x]/I has zero-divisors, and so cannot be a field.

Theorem 3.3 (First Isomorphism Theorem for Rings)

Let f : R → S be a ring homomorphism. Then
R ∼
= Im(f ).
Ker(f )
Proof. We must exhibit an isomorphism from R/K to S, where K = Ker(f ) and
S = Im(f ). Define θ : R/K → S by θ(r + K) = f (r). The proof of the First
Isomorphism Theorem for groups shows that θ is a well-defined isomorphism of groups.
In particular it is bijective. In order to show that it is a ring isomorphism, we need
only check that it preserves multiplication. But
θ((r + K)(s + K)) = θ((rs) + K) = f (rs) = f (r)f (s) = θ(r + K)θ(s + K),
3.4. MORE ISOMORPHISM THEOREMS 33

as required.
Examples

1. Define f : Z → Zn by f (k) = k mod n. Then f is a surjective homomorphism of

rings, and Ker(f ) = nZ, confirming that Z/nZ ∼
= Im(f ) = Zn .

2. Let f : R[x] → C be the evaluation homomorphism f (p(x)) := p(i). Let K =

Ker(f ). Then x2 + 1 ∈ K, since f (x2 + 1) = i2 + 1 = 0. By the ideal property,
(x2 + 1)p(x) ∈ K for every polynomial p(x) ∈ R[x], so K contains the principal
ideal I = (x2 + 1)R[x]. As described in a previous example, every coset in R[x]/I
can be uniquely expressed as a + bx + I for a, b ∈ R. But f (a + bx) = a + bi = 0
only if a = b = 0, so the only coset of I contained in K is I itself, from which it
follows that K = I = (x2 + 1)R[x]. The homomorphism f is clearly surjective:
given z = a+bi ∈ C, we have z = f (a+bx). This confirms our earlier observation
that R[x]/I ∼= C.

3. Let f : R[x] → R be the evaluation homomorphism f (p(x)) = p(0). Then f is

surjective, since for any a ∈ R we have f (a) = a. The kernel of f is the set of
polynomials with constant term 0. But am xm +. . .+a2 x2 +a1 x+0 = x(am xm−1 +
. . . + a2 x + a1 ), so Ker(f ) is the principal ideal xR[x]. Hence R[x]/xR[x] ∼
= R.

4. Suppose α ∈ C. Let f : Q[x] → C be the evaluation homomorphism f (p(x)) =

p(α) ∈ C. We write Q[i] for Im(f ). This is a subring of C containing Q and
α, and indeed it is the smallest such subring. The First Isomorphism Theorem
shows that Q[α] ∼ = Q[x]/I for some ideal I ⊂ Q[x]. For example, when α = i we
get the field Q[i] of Gaussian rationals, and I turns out to be the principal ideal
generated by x2 + 1. If, on the other hand, we take α = cos(π/5) + i sin(π/5),
then Q[α] turns out to be a subfield of C, and I turns out to be the principal
ideal generated by x4 − x3 + x2 − x + 1. We will learn more about examples like
this later in the course.

3.4 More Isomorphism Theorems

The First Isomorphism Theorem has two easy corollaries, known as the Second and
Third Isomorphism Theorems.

Theorem 3.4 (Second Isomorphism Theorem for Rings)

Let R be a ring, S a subring of R, and I an ideal of R. Then the set S + I =
{s + x; s ∈ S, x ∈ I} is a subring of R that contains I, S ∩ I is an ideal of S, and

S ∼ S+I
= .
S∩I I
34 CHAPTER 3. HOMOMORPHISMS, IDEALS, AND QUOTIENT RINGS

Proof. It is not difficult to check that S + I is a subring of R.

Define a ring homomorphism f : S → R/I by f (s) = s + I. Then clearly Im(f ) =
(S + I)/I, while Ker(f ) = S ∩ I. The result follows from the First Isomorphism
Theorem.
Example Let R = R[x], S = Z[x], and let I be the principal ideal xR[x] in R[x] – in
other words, the ideal consisting of all polynomials with real coefficients and constant
term zero. Then S + I is the set of polynomials in R[x] whose constant term is an
integer. Using the subring test, we can easily check that this is a subring of R[x].
The ideal S ∩ I of S = Z[x] consists of all polynomials with integer coefficients, whose
constant term is zero. Hence S ∩ I is the principal ideal xZ[x]. Finally

Z[x] + xR[x] ∼ ∼ Z[x] Z[x]

=Z= = .
xR[x] xZ[x] Z[x] ∩ xR[x]

Theorem 3.5 (Third Isomorphism Theorem for Rings)

Let R be a ring, and I, J ideals of R such that J ⊂ I. then I/J is an ideal in R/J ,
and
R/J ∼ R
= .
I/J I

Proof. Define a ring homomorphism f : R/J → R/I by f (r + J) = r + I, and apply

the First Isomorphism Theorem.
Example In Z4 the set I = {0, 2} is the prinicpal ideal 2Z4 . But Z4 ∼
= Z/4Z, and this
ideal I corresponds to the ideal 2Z/4Z in Z/4Z. Thus

Z4 ∼ Z/4Z ∼ Z ∼
= = = Z2 .
I 2Z/4Z 2Z
3.4. MORE ISOMORPHISM THEOREMS 35

Exercises on homomorphisms, ideals and quotient

rings
1. Show that φ : C → M2 (R) given by
 
a b
φ(a + ib) =
−b a
is a ring homomorphism.
2. Show that φ : C → R defined by φ(a + ib) = a is not a ring homomorphism.
3. Which of the following are ring homomorphisms?
(a) f : Z → Z, f (n) = 2n for all n ∈ Z.
(b) f : Z → M2 (R), f (n) = nI2 for all n ∈ Z.
(c) f : M2 (R) → R, f (A) = det(A) for all A ∈ M2 (R).
(d) f : R[x] → C, f (p(x)) = p(1 + i) for all p(x) ∈ R[x].
4. Let R be a ring with identity and let S be an ideal of R. Prove that
(i) if 1R ∈ S, then S = R;
(ii) if S contains a unit u of R, then S = R.
5. Let R be a ring and let N1 and N2 be ideals of R. Prove that N1 ∩ N2 is an ideal
of R.
6. Let R, S be rings with 1. Show that every ideal A of the product ring R × S has
the form I × J for some ideals I of R and J of S.
(Hint: define I to be {r ∈ R : (r, 0) ∈ A}.)
7. Show that f : Z → Z × Z, defined by f (n) = (n, n), is a ring homomorphism.
Hence find a subring of Z × Z which is not an ideal.
8. List the elements in the quotient ring 2Z/8Z. Are 2Z/8Z and Z4 isomorphic
rings?
9. Let S2 denote the ideal in Z[x] consisting of all polynomials in which both the
constant term and the x term equal zero: S2 := {p(x) ∈ Z[x]; p(0) = p0 (0) = 0},
where p0 (x) is the derivative of p(x). By using the First Isomorphism Theorem
show that Z[x]/S2 is isomorphic to the ring of matrices
  
a b
: a, b ∈ Z .
0 a
36 CHAPTER 3. HOMOMORPHISMS, IDEALS, AND QUOTIENT RINGS
Chapter 4

Special types of ideals

Throughout this chapter, and indeed for the rest of the course, we will restirct our
attention to rings which are commutative and contain an identity.
In this chapter we study three special kinds of ideals in such rings.

4.1 Principal ideals

Let R be a commutative ring with identity. As defined in the previous chapter, an
ideal I ⊂ R is principal, with generator x ∈ R if I = xR = {xr : r ∈ R}.
Examples

1. The ideals nZ of Z are principal.

2. The ideal (x2 + 1)R[x] of R[x] is principal, with generator x2 + 1.

3. Let I = {p(x) ∈ Z[x]; p(0) ∈ 2Z}. Then I is an ideal in Z[x] – for example
since it is the kernel of the evaluation homomorphism f : Z[x] → Z2 , f (p(x)) =
p(0) mod 2. But I is not principal. To see this, we must show that I 6= p(x)Z[x]
for any p(x) ∈ Z[x]. Suppose first that p(x) is the constant polynomial a0 for
some a0 ∈ Z. Then a0 = p(0) ∈ 2Z, so I = a0 Z[x] ⊂ 2Z[x], which is impossible
since for example x ∈ I but x ∈ / 2Z[x]. On the other hand, if p(x) has degree
m > 0, then p(x)q(x) has degree m or greater for any nonzero polynomial q(x), so
there are no nonzero constant polynomials in I = p(x)Z[x]. But this contradicts
the fact that 2 ∈ Z[x].

The following result is a useful characterisation of the principal ideal xR of a ring

R.

Lemma 4.1 Let R be a commutative ring with identity, and let x ∈ R. Then the
principal ideal xR is the smallest ideal in R that contains x.

37
38 CHAPTER 4. SPECIAL TYPES OF IDEALS

Proof. We have already seen that xR is an ideal. Since R has an identity, we see that
x = x1R ∈ xR.
Conversely, suppose that I is an ideal in R and that x ∈ R. Then the ideal property
says that xr ∈ I for all r ∈ R, and so xR ⊂ I.
Definition A principal ideal domain (or PID) is an integral domain in which every
ideal is principal.
Examples
1. The polynomial ideal Z[x] is an integral domain, but is not a principal ideal
domain, since it contains an ideal which is not principal. (See the example above.)

2. Z is a principal ideal domain. We already know that Z is an integral domain.

Suppose that I ⊂ Z is an ideal. We need to show that I = nZ for some n ∈ Z.
If I = {0} then I = 0Z, so we can suppose that I 6= {0}. Since 0 ∈ I, there must
be some k ∈ I with k 6= 0. Since I is an additive subgroup of Z, we also have
−k ∈ I, and so I contains a positive integer.
Let n be the least positive integer in I. Then n ∈ I so nZ ⊂ I. We will see that,
in fact, I = nZ. To see this, let us suppose the statement is false, and derive a
contradiction.
If I 6= nZ, then there is an integer k ∈ I with k ∈ / nZ. Then −k ∈ I with
−k ∈/ nZ, so there is a positive integer in I \ nZ.
Let m be the least such positive integer. Then m > n by choice of n as the least
positive integer in I. Then m − n ∈ I since m ∈ I and −n ∈ nZ ⊂ I. But
0 < m − n < m, and so by choice of m as the least positive integer in I \ nZ we
must have m − n ∈ nZ. But then m = (m − n) + n ∈ nZ, since m − n ∈ nZ and
n ∈ nZ. This contradicts our choice of m ∈ / nZ.
Hence I = nZ as claimed.

3. Every field is a principal ideal domain. The only two ideals in a field F are
{0} = 0F and F = 1F . Each of these is principal.

4. If F is a field, then the polynomial ring F [x] is a principal ideal domain. The
proof is similar to the case of Z. We already know that F [x] is an integral domain.
The ideal {0} = 0F [x] is principal, so we suppose I 6= {0} is an ideal and show
that it must be principal.
Choose a nonzero polynomial p(x) ∈ I of least degree (m, say). Then p(x)F [x] ⊂
I. We will show that I = p(x)F [x].
If I 6= p(x)F [x], let q(x) be a polynomial in I \ p(x)F [x] of least degree (n, say).
Then n ≥ m, by choice of p(x). Suppose that the leading coefficient of p(x) is
am , while that of q(x) is bn . Let r(x) = am q(x) − bn xn−m p(x). Then r(x) ∈ I
by the ideal properties, since p(x), q(x) ∈ I. Moreover, r(x) has degree at most
4.2. MAXIMAL IDEALS 39

n − 1, since the coeficient of xn in r(x) is am bn − bn am = 0. Hence r(x) ∈

p(x)F [x], by choice of q(x). But then q(x) = a−1
m (r(x) + bn x
n−m
p(x)) ∈ p(x)F [x],
a contradiction.
Hence I = p(x)F [x] as claimed.

5. The ring Z[i] of Gaussian integers is a principal ideal domain. Certainly Z[i] is
an integral domain, since it is a subring of the field C that contains the identity
of C. The ideal {0} = 0Z[i] is principal. Suppose that I 6= {0} is an ideal. We
must show that I is principal.
Choose a nonzero element z = a + ib ∈ I such that |z|2 = a2 + b2 ∈ N is
least possible. Clearly zZ[i] ⊂ I. We will show that I = zZ[i]. Suppose that
w = c + id ∈ I. Then v = (w/z) = x + iy ∈ C is a complex number. If we let e, f
be the integers closest to x, y respectively, then u = e + if ∈ Z[i], and |u − v|2 =
|x − e|2 + |y − f |2 ≤ 12 . Now zu − w ∈ I, and |zu − w|2 = |z|2 |u − v|2 ≤ 12 |z|2 . By
choice of z, we must have zu − w = 0, so w = zu ∈ zZ[i], as required.

4.2 Maximal ideals

In a given ring R, we can compare ideals using the partial order ⊂. If I ⊂ J then we
regard J as ‘bigger than’ I. In this context, the unique ‘smallest’ ideal is {0} and the
unique ‘biggest’ ideal is R itself. An ideal I ⊂ R is said to be a proper ideal if I 6= R.
In this section we consider proper ideals which are maximal with respect to the partial
order ⊂.
Definition An ideal I ⊂ R is maximal if I 6= R, and for any ideal J ⊂ R with
I ⊂ J ⊂ R, either J = I or J = R.
Examples
1. In Z, the ideal 4Z is not maximal, since 4Z ⊂ 2Z ⊂ Z, but 4Z 6= 2Z 6= Z.
However, 2Z is maximal.
To see this, suppose that 2Z ⊂ I ⊂ Z for some ideal I. If I 6= 2Z then there
exists an odd integer k ∈ I. Then (k + 1) is even, so (k + 1) ∈ 2Z ⊂ I. Since I
is an ideal, we can deduce that 1 = (k + 1) − k ∈ I, so y = 1y ∈ I for all y ∈ Z.
In other words, I = Z.

2. If F is a field, then {0} is a maximal ideal, since the only other ideal of F is F
itself.

3. In R[x], the principal ideal M = (x2 + 1)R[x] is maximal.

To see this, suppose that M ⊂ I for some ideal I of R[x]. If I 6= M then there
exists a polynomial p(x) ∈ I with p(x) ∈/ M . In particular p(x) 6= 0. Among
all such p(x), choose one with the least possible degree, d say. Write p(x) =
40 CHAPTER 4. SPECIAL TYPES OF IDEALS

ad xd +· · ·+a1 x+a0 . If d > 1 then put q(x) = p(x)−ad xd−2 (x2 +1) ∈ I. Then q(x)
has degree less than d, so q(x) ∈ M . But then p(x) = q(x) + ad xd−2 (x2 + 1) ∈ M ,
contradicting the choice of p(x). We must therefore have d ≤ 1, say p(x) = ax+b,
with (a, b) 6= (0, 0) since p(x) 6= 0 in R[x].
Then a2 + b2 = a2 (x2 + 1) − (ax − b)p(x) ∈ I. Since a, b ∈ R with (a, b) 6= (0, 0),
c = a2 + b2 > 0, and c is a unit in R[x]. Since I contains a unit, it must be the
whole ring. (In other words, p(x) = c(c−1 p(x)) ∈ I for all p(x) ∈ R[x].)

The most important property of maximal ideals relates to the corresponding quo-
tient rings.

Theorem 4.2 Let R be a commutative ring with identity, and let M be an ideal in R.
Then M is a maximal ideal if and only if the quotient ring R/M is a field.

Proof. Suppose first that M is maximal. The ring R/M is commutative, since R is
commutative. ((x + M )(y + M ) = xy + M = yx + M = (y + M )(x + M ).) It also has
an identity 1R/M = 1R + M . Moreover, 1R/M 6= 0R/M since 1R ∈ / M . (If 1R ∈ M , then
M = R, contadicting the definition of maximal ideal.)
To show that R/M is a field, it remains to prove that every nonzero element x + M
in R/M has an inverse. Now x ∈ / M , since x + M 6= 0 + M . We will show that
I = M + xR = {m + xr; m ∈ M, r ∈ R} is an ideal in R. Clearly M ⊂ I, and M 6= I
since x ∈ I and x ∈/ M . Since M is maximal, it follows that I = R, and in particular
1R ∈ I – say 1R = m + xy with m ∈ M and y ∈ R. Then (x + M )(y + M ) = xy + M =
(1R − m) + M = 1R + M , so x + M has an inverse in R/M , as required.
We still have to check that I is an ideal. Let m1 , m2 ∈ M and r1 , r2 , s ∈ R.
Then (m1 + xr1 ) + (m2 + xr2 ) = (m1 + m2 ) + x(r1 + r2 ) ∈ I, 0 = 0 + x0 ∈ I,
−(m1 +xr1 ) = (−m1 )+x(−r1 ) ∈ I, and s(m1 +xr1 ) = (m1 +xr1 )s = m1 s+x(r1 s) ∈ I.
Hence I is an ideal, as claimed.
Conversely, suppose that R/M is a field. Then M 6= R, since otherwise 0 = 1 in
R/M , contrary to the definition of a field. Suppose I is an ideal of R with M ⊂ I ⊂ R.
By the third isomorphism theorem, I/M is an ideal in the field F = R/M . But a
field F has only two ideals F and {0}. If I/M = F = R/M then I = R, while if
I/M = {0} = M/M then I = M . Hence M is maximal, as required.

4.3 Prime ideals

Ideals were originally introduced in number theory, in a (failed) attempt to prove
Fermat’s Last Theorem, that xn + y n = z n has no nontrivial integer solutions when
n > 2. The meaning was something like ‘ideal number’. One should think of an
arbitrary ideal as a generalisation of the principal ideals nZ of Z, which correspond to
the natural numbers n.
4.3. PRIME IDEALS 41

In this context, the concept of a prime ideal is a generalisation of prime number.

Properties of prime numbers are defined in terms of divisibility of natural numbers. If
(say) n divides x, then x = ny for some y, so x ∈ nZ. Thus divisibility of numbers
corresponds to membership of ideals. This prompts the following definition.
Definition An ideal P of a ring R is prime if P 6= R and, whenever x, y ∈ R such that
xy ∈ P , then at least one of x ∈ P , y ∈ P holds.
Examples
1. If p is a prime number, then pZ is a prime ideal in Z.
Clearly pZ 6= Z, since p ≥ 2. Suppose that x, y ∈ Z and that xy ∈ pZ. Then the
prime number p divides xy, so by the properties of prime numbers, p divides at
least one of x, y. In other words, at least one of x, y belongs to pZ.

2. Let R be a commutative ring with identity. Then every maximal ideal of R is

prime.
If M is a maximal ideal of R then M 6= R. Moreover, the quotient ring R/M is a
field. If x, y ∈ R with xy ∈ M , then (x + M )(y + M ) = 0 + M in the field R/M ,
which is possible only if one of the elements x + M, y + M is zero in R/M . But,
for example, x + M = 0 + M if and only if x ∈ M .

3. The ideal xZ[x] is prime, but not maximal, in Z[x].

Certainly, xZ[x] is not maximal, since the quotient ring Z[x]/xZ[x] ∼
= Z is not a
field. Also xZ[x] 6= Z[x].
Note that p(x) ∈ xZ[x] if and only if p(0) = 0. If p(x), q(x) ∈ Z[x] with p(x)q(x) ∈
xZ[x], then p(0)q(0) = 0, so either p(0) = 0 or q(0) = 0 (or both). But p(0) = 0
if and only if p(x) ∈ xZ[x], and similarly for q(x).
We characterised maximal ideals in a commutative ring with identity as those for
which the corresponding quotient ring is a field. There is a similar characterisation of
prime ideals.

Theorem 4.3 Let R be a commutative ring with identity, and let P be an ideal in R.
Then P is a prime ideal if and only if the quotient ring R/P is a non-zero integral
domain.

Proof. Suppose first that P is a prime ideal. Then P 6= R, so 1R ∈ / P , and R/P is a

commutative ring with identity 1 6= 0.
To show that R/P has no zero-divisors, suppose that x, y ∈ R such that (x+P )(y +
P ) = (0 + P ) = P . Then xy ∈ P . Since P is prime, at least one of x, y belongs to P ,
so at least one of x + P , y + P is the zero element 0 + P of R/P .
Conversely, suppose that R/P is a non-zero integral domain. Then P 6= R since
R/P 6= {0}. To show that P is prime, suppose that x, y ∈ R with xy ∈ P . Then
42 CHAPTER 4. SPECIAL TYPES OF IDEALS

(x + P )(y + P ) = xy + P = P = 0 + P in R/P . But R/P has no zero-divisors, so at

least one of x + P , y + P is equal to 0 + P . In other words, at least one of x, y belongs
to P . Hence P is prime, as claimed.
4.3. PRIME IDEALS 43

Exercises on principal ideals, maximal ideals and

prime ideals
1. Let m, n be non-negative integers. In the product ring Z × Z, show that the ideal
mZ × nZ is principal, with generator (m, n). Deduce that every ideal in Z × Z is
principal. Why is Z × Z not a principal ideal domain?

2. If φ : R → S is a ring homomorphism, and I is an ideal in S, show that

φ−1 (I) = {r ∈ R; φ(r) ∈ I}

is an ideal in R. Deduce that every ideal in Zn is principal.

3. In the ring Z × Z show that

(a) Z × 2Z is a maximal ideal;

(b) Z × {0} is a prime ideal which is not a maximal ideal;
(c) 2Z × 2Z is not a prime ideal.

4. Find all the maximal ideals in Z12 .

5. Determine whether or not 3Z × 5Z × 7Z is a prime ideal in Z × Z × Z.

6. Apply the first isomorphism theorem to the evaluation homomorphism Z[x] → Z,

p(x) 7→ p(1), to show that the ideal J := {p(x) ∈ Z[x]; p(1) = 0} of the ring Z[x]
is not maximal. Is J prime?

7. Let R be a finite commutative ring with identity. Show that every prime ideal of
R is a maximal ideal.
44 CHAPTER 4. SPECIAL TYPES OF IDEALS
Chapter 5

Polynomial Rings

In this chapter we will study rings of the form R[x], the ring of polynomials in one
variable x with coefficients from the ring R.
In practice, we will mainly be interested in the case where R is a field, or at least
an integral domain. But the definition makes sense for any commutative ring R.

5.1 Polynomials
Let R be a commutative ring, and let n ≥ 0 be an integer. A polynomial in x of degree
n with coefficients from R is a formal expression

p(x) = an xn + an−1 xn−1 + · · · + a1 x + a0 ,

where a0 , . . . , an ∈ R. If d > 0 then we insist that the leading coefficient an is nonzero.

If R has an identity 1R , and the leading coefficient of p(x) is 1R , then p(x) is said
to be a monic polynomial.
The collection of all polynomials with coefficients from R forms a commutative ring
R[x], with addition and multiplication defined just as for polynomials with coefficients
in familiar rings such as Z or R.
In earlier chapters, we have already noted some properties of polynomials and
polynomial rings. The following have either been proved earlier or are easy to check.

Lemma 5.1 1. If p(x), q(x) ∈ R[x] have degrees m, n respectively, and m 6= n, then
p(x) + q(x) has degree max(m, n). (If m = n, then the degree of p(x) + q(x) is at
most n.)

2. If p(x) ∈ R[x] has degree n, then so does −p(x).

3. If p(x), q(x) ∈ R[x] have degrees m, n respectively, then the degree of p(x)q(x) is
at most m + n. If R is an integral domain and p(x) 6= 0 6= q(x), then the degree
of p(x)q(x) is exactly m + n.

45
46 CHAPTER 5. POLYNOMIAL RINGS

4. If R is an integral domain, then so is R[x].

5. If F is a field, then F [x] is a principal ideal domain.

If S is a ring containing R, α ∈ S, and p(x) ∈ R[x], then R[x] ⊂ S[x], so we

can think of p(x) as having coefficients in S. We can also substitute α for x in the
expression
p(x) = an xn + an−1 xn−1 + · · · + a1 x + a0
for p(x) to get an expression

p(α) = an αn + an−1 αn−1 + · · · + a1 α + a0 ,

which we can evaluate in S.

This gives rise to an evaluation homomorphism φα : R[x] → S, φα (p(x)) := p(α).
One can also consider polynomial rings in two or more variables, with appropriate
definitions. One way to think of such a ring R[x1 , . . . , xd ] is as an iterated polynomial
ring R[x1 ][x2 ] · · · [xd ]. In other words, R[x1 , . . . , xd ] is the ring of polynomials in xd
with coefficients from R[x1 , . . . , xd−1 ], which is itself the ring of polynomials in xd−1
with coefficients from R[x1 , . . . , xd−2 ], etc.
This allows us to use inductive arguments, to prove results such as:

Theorem 5.2 If R is an integral domain, and d > 0, then R[x1 , . . . , xd ] is also an

integral domain.

In this course, we will however concentrate on polynomial rings in one variable only.

5.2 Polynomials with coefficients in a field

Suppose that F is a field. Then we have seen that the polynomial ring F [x] is a
principal ideal domain. So we can associate, to every ideal, a generator p(x) of that
ideal. Suppose that I = p(x)F [x] and J = q(x)F [x] are two ideals in F [x]. Then we
can translate properties of the ideals into properties of their generators.
For example, J ⊂ I if and only if q(x) ∈ I, since J is the smallest ideal containing
q(x). But q(x) ∈ I = p(x)F [x] if and only if q(x) = p(x)a(x) for some polynomial
a(x) ∈ F [x]. If this happens, we say that q(x) is a multiple of p(x), or that p(x) divides
q(x), or that p(x) is a factor of q(x).
One obvious question to ask is when two different polynomials generate the same
ideal. (We cannot expect, in general, that the generator of an ideal will be unique.)

Lemma 5.3 Let F be a field and p(x), q(x) ∈ F [x]. Then p(x)F [x] = q(x)F [x] if and
only if q(x) = ap(x) for some nonzero constant a ∈ F .
5.3. LONG DIVISION AND THE EUCLIDEAN ALGORITHM 47

Proof. Now p(x)F [x] = q(x)F [x] if and only if there are polynomials a(x) and b(x)
such that q(x) = p(x)a(x) and p(x) = q(x)b(x). This is true if and only if p(x)(1 −
a(x)b(x)) = 0 = q(x)(1 − b(x)a(x)). Since F [x] is an integral domain, this means either
p(x) = 0 = q(x) or a(x)b(x) = 1.
In the second case, the degrees of a(x) and b(x) are both 0, since the product
a(x)b(x) has degree 0, so a is a nonzero constant in F , with inverse b.
Conversely, if q(x) = ap(x) ∈ p(x)F [x] with a a nonzero constant, then a is a
unit in F , so has an inverse, b ∈ F say, and then p(x) = bq(x) ∈ q(x)F [x], and so
p(x)F [x] = q(x)F [x].

Corollary 5.4 Every nonzero ideal I in F [x] has the form p(x) for a monic polynomial
p(x). Moreover, this choice of monic polynomial is uniquely determined by I.

Proof. Certainly I is principal, so I = q(x)F [x] for some nonzero polynomial q(x). Since
q(x) 6= 0, the leading coefficient an (say) of q(x) is nonzero. Define p(x) = a−1 n q(x).
−1
Then p(x) has leading coefficient an an = 1, so is monic. Also, by the lemma, we have
p(x)F [x] = q(x)F [x] = I.
If r(x) is another monic polynomial that generates I, then the lemma says that
r(x) = ap(x) for some constant a 6= 0. Comparing leading coefficients, we see that
1 = a.1, so a = 1 and r(x) = p(x), as claimed.

5.3 Long division and the euclidean algorithm

If we are given an ideal I 6= {0} in F [x] in some abstract way, how can we find its
(monic) generator polynomial? Have another look at the proof that F [x] is a PID to
get a hint. I = p(x)F [x] where p(x) is the unique monic polynomial of least degree
in I. (This makes sense: suppose that p(x), q(x) ∈ I are monic polynomials of least
possible degree d, then either p(x) = q(x) or p(x) − q(x) ∈ I is a nonzero polynomial
of degree less than d. Some multiple of this will be monic, giving a contradiction.)
Here is a specific example. Suppose that I = p(x)F [x] and J = q(x)F [x] are two
nonzero ideals in F [x]. Then the set I + J := {x + y; x ∈ I, y ∈ J} is an ideal in F [x]
that contains both I and J. Hence I + J = h(x)F [x] for some polynomial h(x) that
divides both p(x) and q(x). Can we find h(x)?
Before solving this problem, let us consider the analogous problem in a more familiar
PID, namely Z. Given positive integers m, n, the ideal mZ+nZ has the form hZ where
h is a common factor of m and n. Indeed h is the highest common factor of m, n. There
is a well-known method of finding h called the Euclidean algorithm: interchange m, n
if necessary so that m ≤ n. Divide n by m to get a remainder r with 0 ≤ r < m ≤ n.
If r = 0 then m is the highest common factor; otherwise replace the pair (m, n) by
(r, m) and continue.
48 CHAPTER 5. POLYNOMIAL RINGS

Example Find the highest common factor of 63 and 96.

96 = 1 × 63 + 33.
63 = 1 × 33 + 30.
33 = 1 × 30 + 3.
30 = 10 × 3 + 0.

The last remainder is zero, so the previous remainder, 3 is the highest common factor.
It turns out that the same algorithm works for polynomials with coefficients from a
field F , where the measurement we use for the size of a polynomial is its degree. The
individual division steps of the algorithm work because of the following result.

Lemma 5.5 Let F be a field and a(x), b(x) ∈ F [x] \ {0}. Then there are unique
polynomials q(x), r(x) ∈ F [x] such that

1. b(x) = a(x)q(x) + r(x); and

2. either r(x) = 0 or the degree of r(x) is less than that of a(x).

Proof. Let I be the principal ideal a(x)F [x]. If b(x) ∈ I, then we have b(x) = a(x)q(x)
for some q(x) ∈ F [x] (which is unique, since F [x] is an integral domain), and the result
is true with r(x) = 0.
Otherwise, choose r(x) to be a polynomial of least possible degree in the coset
b(x) + I. This degree is less than that of a(x), as the following argument shows.
Suppose that a(x) has degree m and leading coefficient α, whereas r(x) has degree
n ≥ m and leading coefficient ρ. Then r(x) − α−1 ρxn−m a(x) ∈ r(x) + I = b(x) + I has
degree less than n, contrary to the choice of r(x).
It follows that the choice of r(x) is unique – if r0 (x) ∈ r(x) + I also has smaller
degree than a(x), then r(x) − r0 (x) ∈ I = a(x)F [x] is a multiple of a(x) but has degree
less than that of a(x), so must be zero.
Finally, b(x) − r(x) ∈ I = a(x)F [x], so b(x) − r(x) = a(x)q(x) for a (unique)
polynomial q(x).

To perform a division of polynomials – that is, to find q(x) and r(x) in the notation
of the lemma – we can proceed in stages corresponding to the terms of b(x). Suppose
that b(x) has degree k and leading coefficient β, while a(x) has degree m ≤ k and
leading coefficient α, as in the lemma. Then b1 (x) = b(x) − α−1 βxk−m a(x) has degree
less than k. Iterate this process. If b1 (x) = a(x)q1 (x)+r(x), then b(x) = a(x)q(x)+r(x),
where q(x) = α−1 βxk−m + q1 (x).
We can lay this calculation out as a long division. For example:
5.4. REDUCIBLE AND IRREDUCIBLE POLYNOMIALS 49

x2 + 2x + 11
x2 + x + 1)x4 + 3x3 + 14x2 − 7x − 5
x4 + x3 + x2
2x3 + 13x2
2x3 + 2x2 + 2x
11x2 − 9x
11x2 + 11x + 11
− 20x − 16

giving x4 + 3x3 + 14x2 − 7x − 5 = (x2 + x + 1))(x2 + 2x + 11) + (−20x − 16).

Example
Find the highest common factor of x3 − 3x2 + x + 2 and x2 − 4x + 4. A long division
shows that x3 − 3x2 + x + 2 = (x2 − 4x + 4)(x + 1) + (x − 2).
A second long division shows that x2 − 4x + 4 = (x − 2)(x − 2) + 0. The remainder
is 0, so the previous remainder, x − 2 is the highest common divisor.

5.4 Reducible and irreducible polynomials

Given an ideal I in F [x], we know that the quotient ring F [x]/I will be a field if I is
maximal, and an integral domain if I is prime. But we also know that I is principal,
I = p(x)F [x] for some p(x). (Indeed, we know that we can choose p(x) to be either
monic or the zero polynomial.)
Given p(x), can we decide whether or not I = p(x)F [x] is prime or maximal? There
is a criterion that we can use.
Definition A polynomial p(x) ∈ F [x] is reducible if it can be expressed as a product
of polynomials of lower degrees. A polynomial is irreducible if it is not constant and
not reducible.

Theorem 5.6 Let F be a field, and let p(x) be a non-constant polynomial in F [x]. Let
I denote the principal ideal I = p(x)F [x]. Then the following are equivalent:

(i) I is maximal;

(ii) I is prime;

(iii) p(x) is irreducible.

Proof. (i)⇒(ii). If I is maximal, then it is prime.

50 CHAPTER 5. POLYNOMIAL RINGS

(ii)⇒(iii). If p(x) is reducible, say p(x) = a(x)b(x) where a(x) and b(x) each has
degree less than that of p(x), then a(x), b(x) ∈ / p(x)F [x] = I, but a(x)b(x) = p(x) ∈ I,
so I is not prime.
(iii)⇒(i). It remains to show that, if p(x) is irreducible, then I is maximal. Suppose
than that I ⊂ J ⊂ F [x] for some ideal J of F [x]. Since F [x] is a PID, J(x) = a(x)F [x]
for some a(x). Now p(x) ∈ I ⊂ J = a(x)F [x], so p(x) = a(x)b(x) for some b(x).
Since p(x) is irreducible, it is not possible that both a(x) and b(x) have degrees less
than p(x). Hence one of a(x), b(x) has degree equal to that of p(x), and the other is a
nonzero constant (and hence a unit in F [x]).
There are two cases to consider. If a(x) has the same degree as p(x), then b = b(x)
is a unit. Then a(x) = b−1 p(x) ∈ I, so J ⊂ I and hence in fact I = J. If, on the other
hand, a = a(x) is a unit, then J = aF [x] = F [x]. We have therefore shown that I is
maximal.

Remark Whether or not a given polynomial is irreducible may depend on the field of
coefficients in which we are working, as the following examples show.

Examples

1. x2 − 1 is reducible in F [x] for any field F , since x2 − 1 = (x − 1)(x + 1).

2. x2 +1 is irreducible in R[x]. Suppose that x2 +1 is the product of two polynomials

of degree less than 2 - necessarily each of degree 1. In other words, x2 + 1 =
(ax + b)(cx + d). Then comparing coefficients gives ac = bd = 1 and ad + bc = 0.
Hence
0 = ab(ad + bc) = a2 (bd) + b2 (ac) = a2 + b2 ,

so a = b = 0 and 1 = ac = 0c = 0, a contradiction.

3. x2 + 1 is reducible in C[x]: x2 + 1 = (x + i)(x − i).

The ring of polynomials over a field resembles in many ways the ring of integers,
with irreducible polynomials playing the part of prime numbers. In particular, there
is the following anaologue of the Fundamental Theorem of Arithmetic, whose proof we
will omit.

Theorem 5.7 Let F be a field, and p(x) ∈ F [x] a nonconstant polynomial. Then
there is a unique constant c and a list α1 (x), . . . , αk (x) (unique up to order) of monic
irreducible polynomials, such that

p(x) = cα1 (x) · . . . · αk (x).

5.5. TESTING FOR IRRECUCIBILITY 51

5.5 Testing for irrecucibility

Given a (nonconstant) polynomial p(x) ∈ F [x], how can we tell whether p(x) is re-
ducible or irreducible?
This partly depends on the field F , but there are some general rules based on the
observation that, if p(x) = a(x)b(x), then deg(p(x)) = deg(a(x)) + deg(b(x)), so that
at least one of the factors a(x), b(x) has degree less than or equal to 12 deg(p(x)).
Further insight about reducibility comes from the following observation. Suppose
that p(x) ∈ F and a ∈ F . Consider the evaluation homomorphism φa : F [x] → F ,
φa (p(x)) := p(a). Clearly the linear polynomial x − a belongs to the kernel of φa . But
x − a is irreducible, since it cannot be expressed as a product of constant polynomials.
Hence (x − a)F [x] is maximal, and (x − a)F [x] ⊂ Ker(φa ) ⊂ F [x]. But Ker(φa ) 6= F [x],
since for example φa (1) = 1 6= 0. Hence Ker(φa ) = (x − a)F [x]. This proves the
following result.
Lemma 5.8 Let F be a field, a ∈ F and p(x) ∈ F [x]. Then x − a is a factor of p(x)
if and only if a is a root of p(x) (that is, p(a) = 0, or p(x) ∈ Ker(φa )).

Tests for irreducibility

1. Linear (i.e. degree 1) polynomials ax + b (with a 6= 0) are always irreducible.
2. A quadratic (degree 2) or cubic (degree 3) polynomial p(x) ∈ F [x] is reducible if
and only if p(x) has a root in F .
3. A polynomial p(x) of degree 4 or 5 in F [x] is reducible if and only if p(x) either
has a root in F or a quadratic factor.
As mentioned above, questions of irreducibility vary according to the field F . In
particular, when F = C, everything is completely explained by the remarkable theorem
of Gauss:
Theorem 5.9 (Fundamental Theorem of Algebra) Let p(x) ∈ C[x] be a nonconstant
polynomial. then p(x) has a root in C.
Corollary 5.10 A polynomial p(x) ∈ C[x] is irreducible if and only if p(x) is linear.
Corollary 5.11 Every poynomial in R[x] of degree greater than 2 is reducible.
Proof. Let p(x) ∈ R[x] ⊂ C[x] be a polynomial of degree greater than 2. Then p(x) has
a root a ∈ C. If a ∈ R then x − a is a factor of p(x) in R[x]. Otherwise, the complex
conjugate a is also a root of p(x), so x − a and x − a are both factors of p(x) (in C[x]).
Hence so is (x − a)(x − a) = x2 − (2Re(a))x + |a|2 ∈ R[x]. Hence p(x) has a factor of
degree at most 2 in R[x], so is reducible.
In a (small) finite field, it is easy to check for roots (and hence linear factors) of a
polynomial by direct calculation.
Examples
52 CHAPTER 5. POLYNOMIAL RINGS

1. x3 + 2 has no roots in Z7 , and so is irreducible:

x 0 1 2 3 4 5 6
x3 + 2 2 3 3 1 3 1 1

2. x4 + x + 1 has no roots in Z2 :

x 0 1
4
x +x+1 1 1

Since x4 + x + 1 has degree 4, this does not necessarily mean that x4 + x + 1 is

irreducible. We need to check also that x4 + x + +1 has no quadratic factors. In
fact, it is enough to check for irreducible quadratic factors, since if a polynomial
has a reducible quadratic factor, it has a linear factor and hence a root. But of
the four quadratic polyomials x2 + ax + b ∈ Z2 [x], only one is irreducible, namely
x2 + x + 1. Since (x2 + x + 1)2 = x4 + x2 + 1 6= x4 + x + 1, it follows that x4 + x + 1
is indeed irreducible in Z2 [x].
We can also do computations in Q easily to show that certain polynomials are
irredcucible.
Example x3 + x + 1 is irreducible in Q[x].
Otherwise, there would be a root m/n in Q, so an equation

m3 m
+ + 1 = 0.
n3 n
Multiplying both sides by n3 6= 0, we get m3 + mn2 + n2 = 0. Form this equation, we
see that, if m has a prime factor p, then n3 = 0 mod p, so p is also a prime factor of
n. Similarly, if q is a prime factor of n, then m3 = 0 mod q, so q is also a prime factor
of m. But we can choose m, n to have no common factors, so the only possibility is
m = ±n = ±1. By direct evaluation, neither 1 nor −1 is a root of x3 + x = 1, so
x3 + x = 1 has no rational roots, and so is irreducible.
There are two other results which help us decide questions of reducibility in Q[x]:

Theorem 5.12 (Gauss’ Lemma) Let p(x) ∈ Z[x]. Then p(x) is reducible in Q[x] if
and only if it is reducible in Z[x].

Theorem 5.13 (Eisenstein’s criterion) Let α(x) = an xn + · · · + a1 x + a0 ∈ Z[x].

Suppose that p is a prime number such that p divides a0 , a1 , . . . , an−1 but does not
divide an , and that p2 does not divide a0 . Then α(x) is irreducible in Q[x].

Examples
1. x300 − 17 is irreducible in Q[x] (by Eisenstein’s criterion with p = 17).
5.5. TESTING FOR IRRECUCIBILITY 53

2. x4 + x + 1 is irreducible in Q[x]. For otherwise it is reducible in Z[x] by Gauss’

lemma. If it has a linear factor, x4 + x + 1 = (ax + b)(cx3 + dx2 + ex + f ) in
Z[x], then equating coefficients gives ac = bf = 1, so a = ±b = ±1. This is
impossible since ±1 are not roots of x4 + x + 1. If there are two quadratic factors:
x4 + x + 1 = (ax2 + bx + c)(dx2 + ex + f ), then again equating coefficients gives
ad = cf = 1, and also 0 = ae + bd = ±(e + b), and 1 = bf + ce = ±(b + e). This
gives a contradiction.
54 CHAPTER 5. POLYNOMIAL RINGS

Exercises on polynomial rings

1. Determine whether or not the following polynomials are irreducible in the given
polynomial rings:

(a) x2 + x + 1 in Z2 [x];
(b) x3 + x2 + 3x + 5 in Z7 [x];
(c) x2 + 5x − 3 in R[x];
(d) x3 − 17x2 + 24x − 1 in R[x];
(e) x345 − 53x77 + 1234567x22 − 2x + 1 in C[x].
(f) x2 + x − 5 in Q[x];
(g) x5 + x2 + x in Z2 [x].

2. In the field Z5 , show that a5 = a for every a ∈ Z5 . Deduce that

x5 − x = x(x − 1)(x − 2)(x − 3)(x − 4)

in Z5 [x].

3. Let F be a field and I 6= F [x] an ideal in F [x]. Let g(x) ∈ F [x] be an irreducible
polynomial such that g(x) ∈ I. Show that I = g(x)F [x].

4. Use Gauss’ Lemma to show that p(x) = x4 + x3 + x2 + x + 1 is irreducible in Q[x].

5. Find all the roots of x6 + 1 in C, and hence factorise x6 + 1 as a product of three

irreducible quadratics in R[x].

6. (a) Explain why Q[x]/(x2 + 3)Q[x] is a field.

√ √
(b) Let Q[ −3] = {a + b −3 ∈ C | a, b ∈ Q}. This is a ring under addition
and multiplication of complex numbers. Show that there is an isomorphism
of rings √
Q[x]/(x2 + 3)Q[x] ∼
= Q[ −3]

7. We have seen in lectures that, if F is a field, then F [x] is a principal ideal domain.
The converse is also true: if R is a commutative ring such that R[x] is a principal
ideal domain, then R is a field. Prove this in steps as follows:

(a) If R[x] has an identity, then so does R.

(b) If R has zero-divisors, then so does R[x].
(c) If R is an integral domain and r ∈ R r {0} has no inverse, then I := {p(x) ∈
R[x]; p(0) ∈ rR} is a non-principal ideal in R[x]. (Compare the example of
Z[x] in the lecture notes.)
Chapter 6

Field Extensions

6.1 Extending a given field

The techniques we have learnt in previous chapters can be put together to construct
new examples of fields. The basic idea is the following. Start from a familiar field
F (such as Q or Zp for some prime number p). Find a monic irreducible polynomial
p(x) ∈ F [x]. Then the principal ideal I = p(x)F [x] is maximal, and so the quotient
ring K = F [x]/I is a field.
Examples

1. Let F = R, and let p(x) = x2 + 1, which has no root in R and so is irreducible

in R[x]. As we have already seen, the resulting field K = R[x]/(x2 + 1)R[x] is
isomorphic to the field C of complex numbers.

2. Let F = Q, and let p(x) = x2 + 1, which is irreducible in Q[x]. Then the quotient
field Q[x]/(x2 + 1)Q[x] is isomorphic to the field Q[i] of Gaussian rationals.

3. Let F = Z2 , and let p(x) = x2 +x+1 (the only irreducible quadratic polynomial in
Z2 [x]. Then the resulting field Z2 [x]/(x2 +x+1)Z2 [x] has four elements 0 = 0+I,
1 = 1 + I, a = x + I, b = (x + 1) + I, where I = (x2 + x + 1)Z − 2[x]. The addition
and multiplication tables can be deduced from the rule that (x2 +x+1)+I = 0+I:
for example, a2 = x2 + I = x + 1 + I = b in this field. In fact, it is easy to check
that this field is isomorphic to the field of four elements we saw in an earlier
chapter.

In each of these examples, the first field F is (isomorphic to) a subfield of the
resulting field K. Indeed, this is a general feature of our construction. To see this, recall
that the units in the polynomial ring F [x] are just the nonzero constant polynomials,
in other words the units of F . Since the maximal ideal I = p(x)F [x] is not the whole
ring, it cannot contain any units, so the homomorphism f : F → K, f (r) = r + I, is
injective. (Here we are regarding r ∈ F as a constant polynomial in F [x].)

55
56 CHAPTER 6. FIELD EXTENSIONS

It follows from the first isomorphism theorem that Im(f ) is isomorphic to F . We

we will always identify the subfield Im(f ) of K with F via the isomorphism f . We
have thus constructed a field K containing F as a subfield. Furthermore, the larger
field K contains an element α = x + I such that p(α) = p(x) + I = 0 + I. In other
words, α is a root of p(x) in K.
This is a special case of the following result.

Theorem 6.1 (Kronecker’s Theorem) Let F be a field, and p(x) a non-constant poly-
nomial in F [x]. Then there exists a field K, containing F as a subfield, such that p(x)
has a root in K.

Proof. If p(x) is irreducible, then the construction described above produces the desired
field K. If p(x) is reducible, then it has at least one irreducible factor, q(x) say. Our
construction produces a field K ⊃ F such that K contains a root α of q(x). Since p(x)
is a multiple of q(x), α is also a root of p(x).
Let us take a closer look at the field K = F [x]/I that we have constructed, where
I = p(x)F [x] and p(x) is a monic irreducible polynomial in F [x]. We know that F ⊂ K
and that K contains a root α = x + I of p(x). What are the other elements of K? Of
course, each element of K is a coset a(x) + I = a(α) for some a(x) ∈ F [x]. The element
a(x) is not unique, but if two elements a(x), b(x) ∈ F [x] define the same element of K,
then a(x) − b(x) ∈ I = p(x)F [x]. Given a(x) ∈ F [x], there is a unique representation
a(x) = q(x)p(x) + r(x) with r(x) = 0 or deg(r(x)) < deg(p(x)). In other words, there
is a unique representative r(x) ∈ a(x) + I with r(x) = 0 or deg(r(x)) < deg(p(x)).
If deg(p(x)) = 1, then this says that every coset of I is represented by an element
of F , so the map f : F → F/I = K is an isomorphism.
If deg(p(x)) = n > 1, then p(x) = xn − c(x) for some c(x) 6= 0 with deg(c(x)) < n.
The elements of K correspond to the polynomials of degree less than n in F [x]. These
form an n-dimensional vector space over F , with basis B = {1, α, α2 , . . . , αn−1 }. A
typical element has the form

d(α) = λ0 + λ1 α + · · · + λn−1 αn−1 = d(x) + I,

where λ0 , . . . , λn−1 ∈ F , so d(x) = λ0 + λ1 x + · · · + λn−1 xn−1 is a polynomial in F [x]

of degree at most n − 1.
The rule (d(x) + I) + (e(x) + I) = (d(x) + e(x)) + I for adding in K = F [x]/I tells
us that we add two such expressions simply by adding the corresponding coefficients of
powers of α. Hence the additive group (K, +) is isomorphic to the vector space (F n , +)
of dimension n over F .
How do we multiply elements of K together? Again, the rule (d(x) + I)(e(x) + I) =
(d(x)e(x)) + I tells us. However, the polynomial d(x)e(x) may have degree greater
than n − 1. We can correct that by using the rule p(α) = 0 (or αn = c(α)) to replace
high powers of α by F -linear combinations of lower powers.
6.1. EXTENDING A GIVEN FIELD 57

Examples

1. In C = R[x]/(x2 + 1)R[x], we write every element (uniquely) in the form a + bi,

where i ∈ C is a root of x2 + 1. The elements 1, i form a basis of C as a vector
space over R, giving the familiar rule for adding complex numbers:

(a + bi) + (c + di) = (a + c) + (b + d)i.

Multiplying two complex numbers (a + bi), (c + di) together yields ac + (ad +

bc)i + bdi2 . To get this into the canonical form, we need to apply the rule i2 = −1
to get the familiar multiplicaiton rule:

(a + bi)(c + di) = (ac − bd) + (ad + bc)i.

√
2. Consider the complex number ω = − 21 + 23 i. This is a cube root of√unity in
C. It is easy to show that ω 2 is the complex conjugate ω = − 12 − 23 i of ω,
and ω 3 = 1. Indeed, ω 2 + ω + 1 = 0 in C, so ω is a root of the irreducible
polynomial x2 + x + 1 ∈ Q[x]. Hence the set Q[ω] of all complex numbers of
the form a + bω, a, b ∈ Q forms a subfield of C isomorphic to the quotient field
Q[x]/(x2 + x + 1)Q[x].
The elements of Q[x] have the form a + bω and addition rule

(a + bω) + (c + dω) = (a + c) + (b + d)ω.

The multiplication rule in Q[ω] is derived in the same way as that for C, but
using the rule that ω 2 + ω + 1 = 0, or alternatively, ω 2 = −1 − ω. Hence

(a + bω) + (c + dω) = (ac − bd) + (ad + bc − bd)ω.

3. The polynomial p(x) = x3 + x + 1 ∈ Z2 [x] has no roots in Z2 , since an easy

calculation shows that p(0) = p(1) = 1. Hence p(x) is irreducible in Z2 [x], so
the ideal I = p(x)Z2 [x] is maximal, and the quotient ring K = Z2 [x]/I is a field.
Since p(x) has degree 3, the field K has precisely 23 = 8 elements: a + bx + cx2 ,
a, b, c ∈ Z2 .
Different elements are added by adding the coefficients of 1, x and x2 modulo
2. For example (1 + x) + (1 + x2 ) = x + x2 . Elements of K are multiplied by
expanding brackets and using the rule x3 = 1 + x to eliminate higher powers of
x. For example

(1 + x2 )(x + x2 ) = x + x2 + x3 + x4 = x + x2 + (1 + x) + (x + x2 ) = 1 + x.
58 CHAPTER 6. FIELD EXTENSIONS

6.2 Algebraic number fields

A complex number α is said to be √ algebraic if it is1 a root
√ of some nonzero polynomial
3
p(x) ∈ Q[x]. Thus, for example, 2, i, 1 + i, and 2 + 2 i are algebraic numbers, being
roots of x2 − 2, x2 + 1, x4 + 4 and x3 + 1 respectively.

Theorem 6.2 Let α ∈ C be an algebraic number. Then there is a unique monic

irreducible polynomial m(x) ∈ Q[x] such that m(α) = 0 in C. The smallest subfield of
C containing α is then isomorphic to Q[x]/m(x)Q[x].

Proof. Let φ = φα : Q[x] → C be the evaluation homomorphism, φ(p(x)) = p(α). Then

K = Im(φ) is a subring of C containing φ(1) = 1, so K is an integral domain. By
the First Isomorphism Theorem, K ∼ = Q[x]/I, where I = Ker(φ). Hence I is a prime
ideal. Now I 6= {0}, since by definition α is the root of at least one nonzero polynomial
in Q[x]. Hence I = p(x)Q[x] for some irreducible polynomial p(x) ∈ Q[x]. We have
seen earlier that p(x) is not unique, but that p(x)Q[x] = I = q(x)Q[x] if and only if
q(x) = ap(x) for some a ∈ Q r {0}. There is a unique choice of a (namely the inverse
of the leading coefficent of p(x), such that m(x) = ap(x) is monic, and hence a unique
monic irreducible polynomial m(x) ∈ Q[x] such that I = m(x)Q[x]. It follows from
this that I is maximal, and hence that K is a field.
By definition, m(α) = φ(m(x)) = 0, since m(x) ∈ I = Ker(φ). If n(x) is another
monic irreducible polynomial such that n(α) = 0, then n(x) ∈ I = m(x)Q[x], so n(x) is
a multiple of m(x). Since n(x) is irreducible, n(x) = am(x) for some nonzero constant
a ∈ Q. But m(x) and n(x) are both monic, so a = 1 and n(x) = m(x). Hence m(x) is
the unique monic irreducible polynomial in Q[x] for which α is a root.
We have also seen that K is a subfield of C that is isomorphic to Q[x]/I =
Q[x]/m(x)Q[x]. It is also clear that K contains φ(x) = α, and that, for any a ∈ Q, K
contains φ(a) = a.
Now suppose that L is another subfield of C containing α. Then 0, 1 ∈ L, and an
easy inductive argument shows that n ∈ L for any non-negative integer n. If m, n are
nonnegative integers with n 6= 0, then m, n ∈ L, so n−1 ∈ L, so ±mn−1 ∈ L. Hence
Q ⊂ L. Since also α ∈ L, it follows that φ(p(x)) = p(α) ∈ L for any p(x) ∈ Q[x], so
K = Im(φ) ⊂ L.
Hence K is the smallest subfield of C containing α, as claimed.
Remarks The monic irreducible polynomial m(x) in this theorem is called the minimal
polynomial of α.
The subfield K = Im(φα ) is usually denoted Q[α]. An example is the field Q[i] of
Gaussian rationals: the minimal polynomial of i is x2 + 1, and we have already seen
that Q[i] ∼
= Q[x]/(x2 + 1)Q[x].
A subfield of C of the form Q[α] for some algebraic number α is called an algebraic
number field. The study of these fields, there elements and subrings, is a branch of
number theory known as algebraic number theory.
6.2. ALGEBRAIC NUMBER FIELDS 59

Not every complex number is algebraic. Indeed, most complex numbers are not
algebraic, in the following sense. The set of algebraic numbers can be shown to be
countable, that is, there is a bijection between that set and the set N of natural numbers.
On the other hand, the set C of complex numbers can be shown to be uncountable,
which means that it is strictly bigger than any countable set. Complex numbers that are
not algebraic are called transcendental. Familiar examples of transcendental numbers
are π and the base e of the natural logarithms.
Examples

1. Let α = cos(2π/5) + i sin(2π/5). Then α5 = 1, so α is a root of the polynomial

x5 − 1 ∈ Q[x], and so it is an algebraic number. However, the polynomial x5 − 1
is not the minimal polynomial of α, because it is reducible. Indeed 1 is a root of
x5 − 1, so x − 1 is a factor of x5 − 1.
If we divide x5 − 1 by x − 1 (for example, using long division), we find that
x5 − 1 = (x − 1)(x4 + x3 + x2 + x + 1). Since α is not a root of x − 1, it must be
a root of the other factor, x4 + x3 + x2 + x + 1.
It is not difficult to check that x4 + x3 + x2 + x + 1 is irreducble in Z[x], and hence
also in Q[x] by Gauss’ Lemma. (A linear factor of x4 + x3 + x2 + x + 1 in Z[x]
would have to be of the form ±x ± 1, but ±1 are not roots of x4 + x3 + x2 + x + 1.
Similarly, a quadratic factor would have to be of the form ±x2 + ax ± 1 for some
a ∈ Z, and comparing coefficients shows that x4 + x3 + x2 + x + 1 is not the
product of two such quadratic factors.)
It follows that m(x) = x4 + x3 + x2 + x + 1 is the minimal polynomial of α, and
so Q[α] ∼= Q[x]/I, where I is the principal ideal generated by m(x).
The elements of Q[α] can all be expressed as Q-linear combinations of 1, α, α2
and α3 , and added as a Q-vector space. The multiplication table is derived from
the rule α4 = −1 − α − α2 − α3 .

2. Consider the polynomial √ p(x) = x2 − x − 1 ∈ Q[x]. By the quadratic formulae,

the roots of p(x) are (1 ± 5)/2, neither of which is rational. (One of these roots
is the golden ratio, the limit of the sequence of ratios of successive Fibonacci
numbers: 21 , 23 , 35 , . . ..)
It follows that p(x) is irreducible, so the minimal polynomial of either of its roots.
If α is one of these roots, then the resulting field Q[α] ⊂ R is isomorphic to the
quotient ring Q[x]/(x2 − x − 1)Q[x]. The elements of Q[α] have the form a + bα
for a, b ∈ Q. Addition is defined in the obvious way, and multiplication is defined
using the rule α2 = α + 1.
This example differs from the previous example, since the algebraic number α
is not a root of unity. Indeed, |α| 6= 1, so the powers αn of α either increase
unboundedly as n → ∞, or converge to 0 (depending on which root of p(x)
60 CHAPTER 6. FIELD EXTENSIONS

is chosen for α). However, all these powers belong to Q[α], and they can be
computed in the form a + bα using the rule α2 = 1 + α:
α2 = 1+α, α3 = α +α2 = 1+2α, α4 = α +2α2 = 2+3α, α5 = 2α +3α2 = 3+5α,
and so on. Can you spot a pattern?
Similarly, we can compute the negative powers of α. To do this, divide the
equation α2 = 1 + α by α and rearrange to get α−1 = −1 + α. Then iterate:
α−2 = −α−1 + 1 = 2 − α, α−3 = 2α−1 − 1 = −3 + 2α, α−4 = −3α−1 + 2 = 5 − 3α,
and so on. Can you spot another pattern?

3. Let α be a cube root of 2 in C. Then α is a root of x3 − 2 ∈ Q[x], and so is

an algebraic number. However, there is no root of x3 − 2 in Q, so x3 − 2 is a
monic irreducible, and is therefore the minimal polynomial of α. Hence Q[α] =
{a+bα+cα2 ; a, b, c ∈ Q} is a subfield of C that is isomorphic to Q[x]/(x3 −2)Q[x].
Addition in Q[x] is defined in the obvious way, and multiplication is defined using
the rule that α3 = 2.
Notice that in this example there are three different choices for α, since there are
three distinct cube roots of 2 in C. One of these is real, so the resulting field
Q[α] is contained in R. For the other two choices, Q[α] 6⊂ R since α ∈ / R. Thus
we get three distinct subfields F1 , F2 and F3 of C. While these subfields are not
equal, they are isomorphic to each other: F1 ∼= F2 ∼= F3 , since each is isomorphic
3
to Q[x]/(x − 2)Q[x].

6.3 Finite fields

We have seen that Zp is a field for any prime number p. Given any (monic) irreducible
polynomial m(x) ∈ Zp [x], Kronecker’s Theorem gives an extension of Zp in which m(x)
has a root - specifically K = Zp [x]/m(x)Zp [x]. As we have seen, the elements of this
field can be naturally expressed in the form

a0 + a1 x + · · · + ad−1 xd−1 ,

where d = deg(m(x)) and each ai ∈ Zp . There are p possible values for each ai , and
hence pd elements in K.
Indeed, the additive group (K, +) is isomorphic to Zdp , the d-dimensional vector
space over the field Zp .
Examples

1. m(x) = x2 +x+1 has no roots in Z2 , so it is irreducible in Z2 [x], so Z2 [x]/m(x)Z2 [x]

is a field of order 4. Its elements are 0, 1, x, 1+x, with addition and multiplication
tables
6.3. FINITE FIELDS 61

+ 0 1 x 1+x × 0 1 x 1+x
0 0 1 x 1+x 0 0 0 0 0
1 1 0 1+x x 1 0 1 x 1+x
x x 1+x 0 1 x 0 x 1+x 1
1+x 1+x x 1 0 1+x 0 1+x 1 x

2. Similarly, m(x) = x2 + x + 1 has no roots in Z5 , as we can easily calculate:

x 0 1 2 3 4
m(x) 1 3 2 3 1

Hence m(x) is irreducible in Z5 [x], and Z5 [x]/m(x)Z5 [x] is a field of order 52 = 25.
Its elements have the form a = bx, a, b ∈ Z5 , with addition defined modulo 5,
and multiplication defined modulo 5 using the rule x2 = −1 − x = 4 + 4x. Thus,
for example, we could compute

(1 + 2x)(2 + 3x) = 1 + 7x + 6x2 = 1 + 2x + x2 = 1 + 2x + (4 + 4x) = 5 + 6x = x.

3. m(x) = x3 +x+1 has no roots in Z2 , so is irreducible in Z2 [x]. Hence Z2 [x]/m(x)Z2 [x]

is a field of order 23 = 8. Its elements have the form a + bx + cx2 , a, b, c ∈ Z2 ,
with addition and multiplication defined modulo 2 using the rule x3 = 1 + x. For
example, we can comupte the inverse of x in this field by multiplying both sides
of the equation x3 = 1 + x by x−1 and rearranging, to get x−1 = 1 + x2 . To
double-check:
(1 + x2 )x = x + x3 = x + (1 + x) = 1.

We refer to the number of elements in a finite field F as its order, denoted |F |.

Thus the exmaples that we can construct using Kronecker’s Theorem each have order
of the form pd , a prime power. It turns out that this is no acident.

Theorem 6.3 Let F be a finite field. Then there exist a prime number p and a positive
integer d such that F has a subfield isomorphic to Zp , and F has order pd .

Proof. Consider the ring homomorphism f : Z → F defined inductively by f (0) = 0F ,

f (n + 1) = f (n) + 1F and f (−n) = −f (n). The image of this homomorphism is a
subring of F containing 1F , so it is a finite integral domain. But finite integral domains
are fields, so K = Im(f ) is a subfield of F .
By the First Isomorphism Theorem, K ∼ = Z/Ker(f ), so Ker(f ) is a maximal ideal
of Z, and so of the form pZ for some prime number p. Thus

K = Im(f ) ∼
= Z/pZ ∼
= Zp .
62 CHAPTER 6. FIELD EXTENSIONS

Note also that the additive group of F is a vector space of dimension 1 over F ,
where we define scalar multiplication to be the multiplication of F . The rules for
scalar multiplication in a vector space are satisfied because of the associativity and
distributivity of multiplication in F :

x(yz) = (xy)z; x(y + z) = xy + xz.

Since K is a subfield of F , (F, +) is also a vector space over K. Since F is finite, it

must be finite-dimensional over K, of dimension d, say. If B = {x1 , . . . , xd } is a K-basis
for F , then the elements of F can be uniquely expressed in the form a1 x1 + · · · + ad xd
with a1 , . . . , ad ∈ K. Since K has order p, there are p possible values for each ai , so pd
different elements in F . Hence |F | = pd , as required.
The converse of this theorem is also true, in a surprisingly strong form.

Theorem 6.4 Let p be a prime number, and d a positive integer. Then there exists a
field of order pd . Moreover, this field is unique up to isomorphism: if F1 and F2 are
fields of order pd , then F1 ∼
= F2 .

I will omit the proof of this theorem, but you can probably imagine how it goes. To
prove existence, we do a counting argument to show that there is at least one monic
irreducible polynomial in Zp of degree d. (For example, in the case d = 2 there are p2
monic quadratics x2 + ax + b, of which p(p + 1)/2 are products (x + c)(x + d) of two
linears.)
To prove uniqueness, we check that (i) every field of order pd contains an element
whose minimal polynomial in Zp [x] has degree d; and (ii) if m(x), n(x) ∈ Zp [x] are
irreducibles of degree d, then Zp [x]/m(x)Zp [x] ∼
= Zp [x]/n(x)Zp [x].
Example Consider the field Z3 . Of the three elements in Z3 , only two of them, 0 and
1, are squares. Thus x2 + 1 has no root in Z3 , so is irreducible. Let I = (x2 + 1)Z3 [x]
and let K = Z3 [x]/I be the field of order 9. Let us denote the element x + I of K by
α. Then the elements of K are a + bα for a, b ∈ Z3 . The addition and multiplication
tables in K are given by

+ 0 1 2 α 1+α 2+α 2α 1 + 2α 2 + 2α
0 0 1 2 α 1+α 2+α 2α 1 + 2α 2 + 2α
1 1 2 0 1+α 2+α α 1 + 2α 2 + 2α 2α
2 2 0 1 2+α α 1+α 2 + 2α 2α 1 + 2α
α α 1+α 2+α 2α 1 + 2α 2 + 2α 0 1 2
1+α 1+α 2+α α 1 + 2α 2 + 2α 2α 1 2 0
2+α 2+α α 1+α 2 + 2α 2α 1 + 2α 2 0 1
2α 2α 1 + 2α 2 + 2α 0 1 2 α 1+α 2+α
1 + 2α 1 + 2α 2 + 2α 2α 1 2 0 1+α 2+α α
2 + 2α 2 + 2α 2α 1 + 2α 2 0 1 2+α α 1+α
6.3. FINITE FIELDS 63

and

× 0 1 2 α 1+α 2+α 2α 1 + 2α 2 + 2α
0 0 0 0 0 0 0 0 0 0
1 0 1 2 α 1+α 2+α 2α 1 + 2α 2 + 2α
2 0 2 1 2α 2 + 2α 1 + 2α α 2+α 1+α
α 0 α 2α 2 2+α 2 + 2α 1 1+α 1 + 2α
1+α 0 1+α 2 + 2α 2+α 2α 1 1 + 2α 2 α
2+α 0 2+α 1 + 2α 2 + 2α 1 α 1+α 2α 2
2α 0 2α α 1 1 + 2α 1+α 2 2 + 2α 2+α
1 + 2α 0 1 + 2α 2+α 1+α 2 2α 2 + 2α α 1
2 + 2α 0 2 + 2α 1+α 1 + 2α α 2 2+α 1 2α

respectively. The addition table is self-explanatory, while the multiplication table is

calculated using the rule α2 = 2.
Now x2 + 2 is not the only (monic) irreducible quadratic in Z3 [x]. For example,
x2 + x + 2 is another monic quadratic with no roots in Z3 , so is also irreducible.
Therefore F = Z3 [x]/(x2 + x + 2)Z3 [x] is another example of a field of order 9, and
F contains a root β of x2 + x + 2. The theorem classifying finite fields says that F is
isomorphic to K. Can we find an explicit isomorphism?
2
One way to do this is to find a root of x√ + x + 2 in K. The quadratic
√ formula tells
us that the roots of x2 + x + 2 are (−1 ± 12 − 4.1.2)/2, or 1 ± 2 2 modulo 3. The
square roots of 2 in K are precisely ±α, so for example 1 + α = 1 − 2α is a root of
x2 + x + 2.
If we consider the evaluation homomorphism φ1+α : Z3 [x] → K, defined by

φ1+α (p(x)) = p(1 + α),

then Ker(φ1+α ) is precisely the principal ideal (x2 + x + 2)Z3 [x], so φ1+α induces an
isomorphism from F = Z3 [x]/(x2 + x + 2)Z3 [x] to K, defined by a + bβ 7→ (a + b) + bα.
In a similar way, 2 + β is a square root of 2 in F : (2 + β)2 = 1 + β + β 2 = 2, so the
inverse isomorphism K → F is defined by a + bα 7→ (a + 2b) + bβ.
In F ∼ = K, the group U (F ) = F \ {0} has order 9 − 1 = 8. The multiplication
table for K tells us that the element β (= 1 + α) has order 8, so that the group U (F )
consists precisely of the powers of β: F = {1, β, β 2 , β 3 , β 4 , β 5 , β 6 , β 7 }, with β 8 = 1, so
U (F ) is isomorphic to the cyclic group of order 8: (U (F ), ×) ∼ = (Z8 , +). This is not an
accident!

Theorem 6.5 Let F be a finite field of order N = pd . Then U (F ) is a cyclic group of

order N − 1.
64 CHAPTER 6. FIELD EXTENSIONS

Proof. The group U (F ) is a finite abelian group. There is a classification theorem for
finite abelian groups which says that any such group is isomorphic to a direct product
of cylic groups Zm(1) × Zm(2) × · · · × Zm(k) for some k ≥ 1 and positive integers m(i)
such that m(i + 1) is a muplitple of m(i) for each i.
In particular, if q is a prime number dividing m(1), and k > 1, then there are at
least q 2 elements of order dividing q in this group: (am(1)/q, bm(2)/q, 0, . . . , 0), where
0 ≤ a ≤ q − 1, 0 ≤ b ≤ q − 1.
But if α1 , . . . , αq2 are q-th roots of 1 in F , then xq − 1 has q 2 distinct linear factors
x − αi in F [x], and so is divisible by the degree q 2 polynomial

(x − α1 )(x − α2 ) · · · (x − αq2 ).

But this contradicts the rules for the degree of a product in F [x], so is impossible.
Hence k = 1, and U (F ) ∼ = Zm(1) is a cylic group. Its order is N − 1, since every
element of F except for 0 is a unit in F .

Corollary 6.6 Let F be a finite field of order N = pd . Then there exists an element
α ∈ U (F ) = F \ {0} which has order N − 1 in U (F ).

Definition Let F be a finite field, and α ∈ F \{0}. The order of α in the multiplicative
group U (F ) is called the multiplicative order of α. If the multiplicative order of α is
the order N − 1 of U (F ), then we say that α is a primitive element of F . In this
case, the units of F are all powers of α. Indeed, we can list all the elements of F as
F = {0, 1, α, α2 , . . . , αN −2 }.
Examples

1. The polynomial x2 + x + 2 has no roots in Z5 , so is irreducible in Z5 [x]. Hence

K = Z5 [x]/(x2 + x + 2)Z5 [x] is a field of order 52 = 25.
The unit group U (K) has order 25 − 1 = 24, so its elements have orders dividing
24, by Lagrange’s Theorem.
We can compute various powers of x using the rule x2 = 3 + 4x, to find the
multiplicative order of x.
x3 = x(3 + 4x) = 3x + 4x2 = 3x + (2 + x) = 2 + 4x.
x4 = x(2 + 4x) = 2x + 4x2 = 2x + (2 + x) = 2 + 3x.
x6 = (2 + 4x)2 = 4 + x + x2 = 4 + x + (3 + 4x) = 2.
x8 = (2 + 3x)2 = 4 + 2x + 4x2 = 4 + 2x + (2 + x) = 1 + 3x.
x12 = 22 = 4.
Since xk 6= 1 in K for any divisor of 24 less than 24 itself, the multiplicative order
of x is 24, so x is primitive.
6.3. FINITE FIELDS 65

2. In Z7 , the third power of any element is either 0 or ±1. In particular, 2 has

no cube roots in Z7 , so x3 + 5 is irreducible in Z7 [x]. The resulting field K =
Z7 [x]/(x3 + 5)Z7 [x] has order 73 = 343, and so its unit group U (K) has order
342 = 2 × 9 × 19.
The element x of K cannot be primitive, since by construction x3 = 2 in K, so
x9 = 23 = 1. Hence x has multiplicative order 9 in K. If we want to find a
primitive element, we could try some other elements of K. Note that elements
of Z7 have orders dividing 6, so cannot be primitive in K. Hence also elements
of the form ax or ax2 , with a ∈ Z7 , have orders dividing 18. (For example,
(ax)18 = a18 x18 = 1, since a6 = x9 = 1.)
In fact, there can be at most 18 18-th roots of 1 in K, so the 18 elements axb ,
a ∈ U (Z7 ), b = 0, 1, 2, are the only elements of U (K) of orders dividing 18. The
other elements have orders which are multiples of 19.
The next simplest element to try is y = 1 + x. We can compute powers of y using
x3 = 2:
y 3 = 1 + 3x + 3x2 + x3 = 3(1 + x + x2 ),
y 6 = 2(1 + x + x2 )2 = 2(1 + 2x + 3x2 + 2x3 + x4 ) = 2(5 + 4x + 3x2 ),
y 9 = 6(1 + x + x2 )(5 + 4x + 3x2 ) = 6(5 + 2x + 5x2 + 3x4 ) = 6(5 + x + 5x2 ),
y 18 = (5 + x + 5x2 )2 = 4 + 3x + 2x2 + 3x3 + 4x4 = 3 + 4x + 2x2 ,
y 19 = (1 + x)(3 + 4x + 2x2 ) = 3 + 6x2 + 2x3 = 6x2 .
Now 6x2 has order dividing 18 but not dividing 6 (since 6x2 ∈
/ Z7 ).
(6x2 )9 = 69 x18 = 6, so 6x2 has order 18, and hence y has order 18 × 19 = 342.
Thus y is a primitive element in K.

Remark The unit groups of finite fields are widely used in cryptography - particularly
in the construction of error-correcting codes. The most commonly used fields are those
of characteristic 2, that is, fields Z2 [x]/p(x)Z2 [x] for some irreducible p(x) of degree d.
This enables the elements of the field to be stored efficiently on a computer, as binary
strings of length d, and the Hamming metric gives a natural distance function between
field elements. Messages are encoded using a subset of the field, and messages with
errors are corrected to the nearest element of this subset.
All this requires efficient computation in the finite field under consideration. To
achieve this, one needs to find a primitive element y of the field, and set up a ‘discrete
logarithm table’

a 0 1 · · · pd − 2
ya 1 y ··· y −1
66 CHAPTER 6. FIELD EXTENSIONS

To multiply two field elements α, β quickly, one locates them on the second row
of the table, and identifies their logarithms a, b from the first row of the table. (This
means that α = y a and β = y b .) One then adds a + b (modulo pd − 1) and uses the
table to find the antilogarithm y a+b , which is the desired product y a+b = y a y b = αβ.
Similarly, the discrete logarithm table can be used to carry out fast exponentiation
in the finite field: (y a )b = y ab , so to raise an element to its b-th power one finds its
logarithm, multiplies by b modulo pd −1, and then finds the antilogarithm of the result.
6.3. FINITE FIELDS 67

Exercises on field extensions

1. Let F be the field Q[x]/(x3 + x + 1)Q[x]. Express each of the following elements
of F as Q-linear combinations of 1, x, x2 :

(a) x4 ; [(b)] x6 ; [(c)] x−2 ; [(d)] (1 + x2 )(2 − x − x2 ).

2. In the field F = Q[x]/(x4 + x3 + x2 + x + 1)Q[x], find expressions for each of x−1 ,

x5 and x43 of the form a + bx + cx2 + dx3 , a, b, c, d ∈ Q.

3. Let F be the field Z5 [x]/(x2 + x + 1)Z5 [x]. Express each of the following elements
of F as Z5 -linear combinations of 1, x:

(a) x3 ; [(b)] x322 ; [(c)] (1 + x)2 ; [(d)] (1 + 2x)(2 + 3x).

4. Let F be the field Z2 [x]/(x6 + x + 1)Z2 [x] of order 26 = 64. Calculate x7 , x9 ,

x14 (= (x7 )2 ) and x21 (= (x7 )3 ) in F as Z2 -linear combinations of 1, . . . , x5 . Hence
find the order of x in the group of units of F .

5. In the field F = Z2 [x]/(x4 +x+1)Z2 [x] of order 16, show that x has multiplicative
order 15, and hence find all elements of multiplicative order 3 (expressed as Z2 -
linear combinations of 1, x, x2 , x3 ).

6. In the field F = Z7 [x]/(x2 + x + 3)Z7 [x] of order 49, find the multiplicative order
of x. Find an element of multiplicative order 8 in F .

7. If F is a field, and n ≥ 2 an integer, such that the polynomial pn (x) = xn−1 +

xn−2 + . . . + x + 1 is irreducible in F [x], show that n is a prime number. [Hint:
find a factor for pn (x) if n is composite.]

8. Use the Euclidean Algorithm to find a greatest common divisor of the given
elements in the integral domains indicated

(a) 49349 and 15555 in Z;

(b) 2x3 + x2 + 2x + 1 and 2x2 + 7x + 3 in R[x];

9. Find the minimal polynomials (in Q[x]) of the following complex numbers:

(a) 1 + i
p √
(b) 1 + 2
1 i
(c) √ − √
2 2