NOTES FOR NUMBER THEORY COURSE

1. Unique factorization 1.1. All the rings we consider are assumed to have multiplicative unit 1 and almost always they will be commutative. N, Z, Q, R, C will denote the natural numbers, integers, rational numbers, real numbers and complex numbers respectively. A number α ∈ C is called an algebraic number, if there exists a polynomial p(x) ∈ Q[x] with p(α) = 0. We shall let Q¯ be the set of all algebraic numbers. Fact: “C and Q¯ are algebraically closed”. IF R is a ring R[x1, ··· , xn] will denote the ring of polynomials in n variables with coeffi- cients in R. The letter k will usually denote a field. If R ⊆ S are rings, and α1, ··· , αk are elements of S, we shall let R[α1, ··· , αn] be the subring of S generated by R and α1, ··· , αn. Here are some√ examples of rings R of the type we will√ be interested in: R = Z, R = k[x], R = Z[i]( i = −1), R = Z[ω](ω = e2πi/3), R = Z[ 3], or more generally let R = Z[α], where α is an algebraic number. 1.2. First definitions: principal ideals, prime ideals... An element u ∈ R is called an unit if there exists v ∈ R such that uv = 1. Such a v is necessarily unique (Why?) and is called the inverse of u. The set of units in R will be denoted by U(R). The units in Z are 1 and −1. There are six units in Z[ω] (the sixth roots of unity). The units in k[x] are the scalars, i.e. the elements of k.

An ideal I in R is called principal if there exists a ∈ R such that I = {ar : r ∈ R}. We say that a is a generator for the principal ideal I and write I = (a) = aR. An element a generates the unit ideal R = (1) if and only if a is an unit.

Let p, q ∈ R. Say that p divides q if there exists r ∈ R such that q = pr. We shall write p | q. Note that p | q ⇐⇒ q ∈ (p) ⇐⇒ (q) ⊆ (p) In general, given two ideal P,Q in R we say P | Q if Q ⊆ P . So for principal ideals (p) | (q) iff p | q.

An ideal P ⊆ R is called a prime ideal if ab ∈ P implies a ∈ P or b ∈ P . In other words, if P | (ab) then P | (a) or P | (b). An element p ∈ R is a prime if p | ab implies p | a or p | b i.e. (p) is a prime ideal.

A ring R is called an integral domain (or simply a domain) if a, b ∈ R and ab = 0 im- plies a = 0 or b = 0. Equivalently R is a domain if and only if (0) is a prime ideal.

A non-unit x ∈ R is called irreducible if x cannot be written as a product of two non- unit elements of R i.e. x = ab implies either a is an unit or b is an unit.

Note that in a domain R, if p ∈ R is a prime then p is irreducible. 1 Proof: Suppose p = ab. Then p | ab, so p | a or p | b. Without loss suppose p | a. Then a = cp, so p = cpb, implying bc = 1 since we are in a domain, i.e. b is an unit.  1.3. Definition. Euclidean domains are rings where Euclidean algorithm for division works. A domain R is an Euclidean domain if there exists a function λ from the nonzero elements of R to Z≥0 such that if a, b ∈ R and b ≠ 0 there exists c, d ∈ R with the property a = cb + d where either d = 0 or λ(d) < λ(b). 1.4. Example. The rings Z, k[x], Z[i], Z[ω] are Euclidean domains. Proof. (1) Integer division shows that Z is an Euclidean domain with λ(n) = |n|. More precisely let a, b ∈ Z. For simplicity assume they are positive. Let c′ ≥ 1 be the smallest positive integer such that bc′ > a. Let c = c′ − 1 and d = a − bc. Then d < b since otherwise b(c + 1) would be less than a. (2) Long division of polynomials show that k[x] is a integral domain with λ(f) = deg(f) being the degree of the polynomial. For Z[i] and Z[ω] see Ireland and Rosen (p: 12-13).  1.5. Definition. A domain R is called a principal ideal domain or a PID if every ideal in R can be generated by one element, i.e. is principal. 1.6. Lemma. Any Euclidean ring is a PID. The rings Z, k[x], Z[i], Z[ω] are Euclidean, hence PID. Proof. This is basically the proof that two integers have a greatest common divisor. Let I be an ideal in the Euclidean ring R. Choose an b ∈ I such that λ(b) has smallest among all elements of I. For any a ∈ I write a = bc + d, where either d = 0 or λ(d) < λ(b). Since a, b ∈ I, so is d. Since λ(b) is the smallest among all elements of I, so d must be zero. So I = (b).  1.7. Remark. Call d the g.c.d. of a and b if d divides both a and b and any common divisor of a, b divides d. The theorem shows that any two elements a and b in a PID R has a g.c.d. d, namely, a generator of the ideal (a, b), which is unique upto a unit of R. The elements a and b are relatively prime (i.e. does not have any non-unit common factor), if and only if their g.c.d is 1. 1.8. Lemma. In a PID R, every irreducible element is a prime. (So we shall not distinguish between the concepts of irreducible and prime in a PID.) Proof. let p ∈ R be irreducible. Suppose p | ab and p - a. Since p is irreducible and p - a, the only common divisors of a and p are units, so (p, a) = (1). So (pb, ab) = (b). But ab and pb belong to (p), hence (b) ⊆ (p), i.e. p | b.  1.9. Lemma. Let R be a PID. Any increasing sequence of ideals in R stabilizes i.e. has a maximal element.

Proof. Let (a1) ⊆ (a2) ⊆ (a3) ⊆ · · · be a increasing sequence of ideals in R. Then I = ∪(ai) is an ideal, so there exists a ∈ R such that I = (a). There is a j ≥ 1 such that a ∈ (aj). It follows that (a) = (aj) = (aj+1) = ··· .  1.10. Definition. A domain R is called an unique factorization domain or an UFD if every nonzero element can be written, uniquely upto units as a product of irreducible elements. 2 1.11. Theorem. Every PID is an UFD. Proof. Fix a a ∈ R. We want to write a as a product of primes (equivalently irreducibles) and show that such a decomposition is unique upto permutation of the prime factors and upto units. Step 1: Any non-unit a is divisible by an irreducible element. Suppose not. Since a is not irreducible write a = a1b1 where a1, b1 are non-units. Since a1 | a, a1 is not irreducible, so write a1 = a2b2 where a1, b1 are non-units. Continuing this way we get a strictly increasing infinite sequence of ideals (a1) ( (a2) ( (a3) ( ··· which, is not possible by lemma ??. This proves step 1.

Step 2: Any a is a product of irreducibles and an unit. Suppose not. By step 1, write a = p1c1 where p1 is an irreducible. Then c1 is not a unit. So write c1 = p2c2 where p2 is irreducible. Continuing this way we get a sequence (c1) ( (c2) ( (c3) ( ··· which, is not possible by lemma ??. So This proves step 2.

Step 3: By step 2 we can write a = p1p2 ··· pr where pi are irreducible elements, not necessarily all distinct. Let a = p1p2 ··· pr = q1 ··· qs be two such decompositions. Each qj is a prime and qj | p1 ··· pr, hence qj | pi for some i, hence qj = ujpi for some unit uj. Similarly each pi is equal to some qj upto a unit. If there are more p’s than q’s then canceling all the q’s will yield a product of p ’s equal to an unit which is impossible. So r = s and pi and qi are same upto units and upto permutation.  1.12. Remark. The rings Z, k[x], Z[i], Z[ω] are all UFD’s. This in particular proves that every integer can be written uniquely a a product of positive primes and ±1 and that every polynomial in one variable can be written as a product of irreducible polynomials that are unique upto a scalar. ∏ ∈ e(p) Let R be an UFD and a R. We can write a = p p where the product is over distinct primes of R and almost all e(p) is zero. The numbers e(p) is uniquely determined by a and p. In fact e(p) is the largest integer n such that pn | a. This is because a′ = a/pe(p) is a ′ e(p)+1 product over primes different from p, so p - a , i.e. p - a. We write e(p) = ordp(a).

3 2. Few arithmetic functions 2.1. The prime counting∑ function: In what follows p, q etc will stand for prime numbers i.e. a sum of the form p will∑ be a sum over prime numbers. Similarly m, n etc will be natural numbers. Let π(x) = 1≤p≤n 1 be the number of primes less than or equal to n. Euler’s proof of infinitude of prime gives a trivial lower bound on the size of π. Given primes p1, ··· , pn, let pn+1 be the least prime factor of Nn = p1 ··· pn + 1 (which exists, since Z is an ··· UFD). Then pn+1 is distinct from∏ p1, , pn, which proves there are infinitely many primes Z ≤ n ≤ 2n−1 2n ≥ 2n−1 in . We have pn+1 < Nn 2 i=1 pi. It follows that pn 2 . Let 2 > x 2 . Then ≥ ≥ we get π(x) n log2 log2 x. 2.2. The Mobius inversion formula: Let A be the set of arithmetic functions, i.e. functions from from N to C. Define the Dirichlet multiplication on A by ∑ (f ∗ g)(n) = f(d)g(n/d) d|n This makes A into a commutative ring. Let 1 be the function defined by 1(1) = 1 and 1(n) = 0 for n > 1. Then 1∗f = f for all arithmetic functions f, i.e. 1 is the unit of the ring (A, ∗). − − A function f ∈ A is invertible if and only if f(1) ≠ 0. The inverse∑ is given by f 1(1) = f(1) 1 −1 − −1 −1 and for n > 1 by the inductive formula f (n) = f(1) d|n,d 1 we have ( ) ∑ ∑l ∑ ∑l l µ(d) = µ(p p ··· p ) = (−1)r = (1 − 1)l = 0 i1 i2 ir r d|n r=0 1≤i1

2.3. The Euler totient function: Let Nn = {1, 2, ··· , n}. Euler’s totient function ϕ counts the number of positive integers less than or equal to n that are relatively prime to n: ϕ(n) = #{m: 1 ≤ m ≤ n, (m, n) = 1}. We have ∑ ϕ(d) = n. d|n proof of the formula. Partition the numbers {1, 2, ··· , n} according to their g.c.d. with n, ′ i.e. let Φd = {m: 1 ≤ m ≤ n, (m, n) = d}. Let m = m/d. Then 1 ≤ m ≤ n and (m, n) = d ≤ ′ ≤ ′ N if and only if 1 m n/d ∑and (m , n/d) =∑ 1. So #Φ(d) = ϕ(n/d). Since n is the disjoint  union of Φd’s we have, n = d|n #Φ(d) = d|n ϕ(n/d). Thus (ϕ ∗ I)(n) = n. Using the mobius inversion, we now get a formula for ϕ(n). Let e1 e2 ··· el n = p1 p2 pl . By Mobius inversion, we get ∑ ∑ ∑ ∏l − − · · · − −1 ϕ(n) = µ(d)n/d = n n/pi + n/pipj = n (1 pi ) d|n i i≠ j i=1 4 ∑ ∫ x 2.4. The Chebysev function: Let θ(x) = 1≤p≤x log p = 1 log(y)dπ(y). (The integral can be treated as a Stiltje’s or a Lebesgue integral). By integration by parts we get ∫ x π(y) θ(x) = π(x) log(x) − dy (1) 1 y We shall see that the second term is of much smaller order than the first, so an estimate for θ yields an estimate for π. This is what we want to do now. We start with the observation ( ) 2n (n + 1).(n + 2). ··· 2n ∏ 22n = (1 + 1)2n > = > p n 1.2. ··· .n n log p = θ(2n) − θ(n) n θ(2k) − θ(2k−1). Summing over k we get θ(2k) < 2k+1 log 2. Taking 2k−1 ≤ x < 2k we get θ(x) ≤ θ(2k) ≤ (4 log 2)2k−1 < (4 log 2)x (2) Now we want an upper bound for θ. First we note that ∑n ∑∞ ∑∞ ordp(n!) = ordp(m) = #{m ∈ Nn : ordp(m) = r}r #{m ∈ Nn : ordp(m) ≥ r} m=1 r=1 r=1 ∑∞ = ⌊n/pr⌋ r=1

tp Let tp be the largest integer such that p ≤ 2n, i.e. tp = ⌊log 2n/ log p⌋. It follows that ( ) t 2n ∑p ord = ord (2n!) − ord (n!2) = (⌊2n/pr⌋ − 2⌊n/pr⌋) p n p p r=1 ( ) ⌊ ⌋ − ⌊ ⌋ 2n ≤ Since 2x 2 x is equal to 1 or 0 we get ordp n tp. Thus we have the following inequalities: ( ) (n + 1) (n + 2) 2n 2n ∏ 2n ≤ ··· = ≤ ptp 1 2 n n p<2n Taking logarithm yields ∑ ∑ n log 2 ≤ tp log p = ⌊log 2n/ log p⌋ log p p<2n p<2n √ 1 ⌊ ⌋ If log p > 2 log 2n, i.e. p > 2n then log 2n/ log p = 1. Thus ∑ ∑ √ n log 2 ≤ ⌊log 2n/ log p⌋ log p + log p ≤ 2n log 2n + θ(2n) √ √ p< 2n 2n n log 2− 2n log 2n. The first term is of larger order, i.e. 2n log 2n/n → 3 0. So we get an upper bound for theta, for instance, θ(2n) > n( 4 log 2). 5 x − 1 3 Taking 2n < x < 2n + 1 we get θ(x) > θ(2n) > ( 2 2 )( 4 log 2). So we have that θ has order equal to x, for instance we have the bounds 1 x(4 log 2) > θ(x) > x( log 2). 4 Remark: For the sake of completeness we have chosen to give explicit constants like 4 log 2 3 and 4 log 2 in the inequalities but their actual value here is not very important and one could probably get better constants at places by being more careful. ∫ 1 x π(y) 2.5. The prime number theorem: The trivial bound π(y)/y < 1 gives x 1 y dy < 1. From the upper bound (??) and equation (??) we get π(x) log(x)/x < 1 + 4 log(2). So we get π(x)/x → 0 as x → ∞. The equation (??) now implies θ(x)/x − π(x) log(x)/x → 0 as x → ∞ The above bounds for θ now gives the following bounds for π(x): (1/4) log 2 < π(x) log(x)/x < 4 log 2 The prime number theorem states that in fact π(x) log(x)/x → 1

6 3. Riemann’s zeta function 3.1. Functions of complex variable: Holomorphic functions: Let U be an open subset of C. A function f : U → C is differentiable at z0 ∈ U if ′ f (z0) = lim (f(z) − f(z0))/(z − z0) (3) z→z0 exists. An f that is differentiable on U is called a holomorphic function on U.

The Cauchy Riemann equations: Let f : U → C be holomorphic. Let f(z) = u(z)+iv(z) where u, v : U → R are the real and complex part of f. Let z = x + iy. We can also think of z as a point in R2, i.e. write z = (x, y) and think of u and v as real functions of two real variables: u(x, y) = u(x + iy). Let z0 = x0 + iy0 ∈ U. The Cauchy Riemann equations state that ux = vy and uy = −vx. To prove these we calculate the limit in (??) in two ways: as z → 0 along the x axis and along the y axis. For simplicity take z0 = 0. Then the general formula follows by translation. Along x axis we get

′ (u(h, 0) + iv(h, 0)) − (u(0, 0) + iv(0, 0)) f (0) = lim = ux(0, 0) + ivx(0, 0). h→0 h Along y axis (i.e. taking z = ih = (0, h) as h → 0) we get

′ (u(0, h) + iv(0, h)) − (u(0, 0) + iv(0, 0)) 1 f (0) = lim = (uy(0, 0) + ivy(0, 0)) h→0 ih i = vy(0, 0) − iuy(0, 0) Comparing the two we get the Cauchy Riemann equations.

Green’s theorem and Cauchy’s theorem: Let D be a simply connected domain in R2 (i.e. a open set with “no holes”. For example the inside of a square or a disc are simply connected as is a half space, while An annulus or C \{i} is not). Let ∂D be the boundary curve of D (oriented) and let∫ f : D → C be a holomorphic function. Cauchy’s theorem states that the line integral f is zero. More explicitly let γ(t) = x(t) + iy(t), 0 ≤ t ≤ 1 ∂D ∫ ∫ 1 ′ be a parametrization of the curve ∂D. Then we want to show γ f = 0 f(γ(t))γ (t)dt = 0 We shall derive the Cauchy’s formula from Green’s theorem, which states, for p, q : D → R2, one has ∫ ∫

pdx + qdy = (py − qx)dxdy. ∂D D Now we can compute ∫ ∫ ∫ ∫ ∫ 1 1 1 1 f = f(γ(t))γ′(t)dt = (u + iv)(x′ + iy′)dt = (ux′ − vy′)dt + i (uy′ + vx′)dt γ 0 0 ∫0 ∫ 0 = (udx − vdy) + i (vdx + udy) ∫ γ ∫ γ − By Green’s theorem the last expression equals D(uy + vx)dxdy + i D(vy ux)dxdy which is equal to zero by the Cauchy Riemann equations. 7 Cauchy integral formula Let U be an open set in C and f : U → C a holomorphic function. Let Γ : [0, 1] → U be a simple closed curve in U, i.e. Γ(0) = Γ(1) and Γ(t) ≠ Γ(s) for all 0 ≤ s < t < 1, meaning that Γ does not cross itself. Suppose Let D1 be the simply connected domain, such that Γ = ∂D1. Fix a point w ∈ D and let Γϵ be the circle of Radius ϵ around w. Assume ϵ is small so that Γϵ ⊆ D1. Let D be the region between Γ and Γϵ, i.e. D = D1 \{z : |z − w| ≤ ϵ}. Then ∂D = Γ − Γϵ. (In our convention anticlockwise oriented curves get positive orientation and its negative is the same curve with the clockwise orien- tation). Note that F (z) = (∫f(z) − f(w))/(z −∫ w) is∫ holomorphic on D. Applying Cauchy’s theorem to F on D we get Γ−Γ F = 0, i.e. Γ F = Γ F . When ϵ is small the values of F ′ ϵ ϵ on Γϵ are close to f (w). Thus, as ϵ → 0 the∫ values of F on Γϵ ∫remains bounded while the length of the circle goes to zero, implying F → 0. But then F = 0, which gives ∫ Γϵ ∫ Γ f(z) 1 = f(w) z − w z − w Γ ∫ ∫ Γ Repeating the same arguement we get 1 = 1 for ϵ sufficiently small. Parametrize Γ z−w Γϵ z−w 2πit the circle Γϵ by Γϵ(t) = w + ϵe , 0 ≤ t ≤ 1. ∫ ∫ ∫ 1 1 1 1 1 = Γ′ (t)dt 2πiϵe2πitdt = 2πi − − ϵ 2πit Γϵ z w 0 Γϵ(t) w 0 ϵe This gives us the Cauchy integral formula ∫ f(z) 2πif(w) = − Γ z w

Local power series expansion for holomorphic functions: In the Cauchy integral formula, by differentiating under integral sign n times with respect to w one gets ∫ n! f(z) f (n)(w) = − n+1 2πi Γ (z w) Hence f is infinitely differentiable! Now let Γ be a circle of radius r contained in U. If |f| | (n) | n!M n!M is bounded by M∑on Γ then the integral f (w) is bounded by 2πrn+1 length(Γ) = rn . So (n) − n | − | the taylor series n f (w)(u w) /n! converges absolutely for u w < r. Now calculate the Taylor series for f as follows: (need to justify the interchange of integral and sum) ∫ ∫ ∑ f (n)(w)(u − w)n 1 f(z) ∑ (u − w)n 1 f(z) = = n! 2πi z − w (z − w)n 2πi (z − w)(1 − u−w ) n Γ n ∫Γ z−w 1 f(z) = − = f(u) 2πi Γ z u Suppose f : U → C is∑ holomorphic and f(w) = 0 for some w ∈ U. We have a local power − n series expansion f = n cn(z w) valid in a neighborhood V of w. If all the co-efficients ≥ are zero then f identically zero. Else let m 0 be the smallest∑ integer such that cm is − m − k non-zero. Then we can write f(z) = (z w) g(z) where g(z) = k cm+k(x w) . Since 1/k 1/k lim sup|cm+k| = lim sup|ck| the power series for g and f has same radius of convergence. So g converge absolutely and uniformly on a neighbourhood of w and hence is continuous 8 at w. Since g(0) = cm ≠ 0 there is a neighborhood W of w such that g(z) does not vanish on W . So f vanishes on W if and only if (z − w)m vanish. This proves that there exists an open set W around w such that w is that only zero of f in that open set. So,if f is a non-zero holomorphic function on U then the zeroes of f cannot have any limit point in U. It follows that if f, g are two holomorphic functions on U and they agree on a set S which has a limit point in U then f = g on U. 3.2. The Poisson summation formula: Let f : R → R be a rapidly decreasing function, e.g.∑ suppose f(t)xn → 0, as x → ∞ for all n ≥ 1. Define the periodic function F (t) = f(t + n). Write the Fourier series for F : n∈Z ∑ ˆ 2πimt F (t) = Fme (4) m∈Z where ∫ ∫ ∫ 1 ∑ 1 ∑ n+1 ˆ −2πimt −2πimt −2πimy Fm = F (t)e dt = f(t + n)e dt = f(y)e dy 0 n∈Z 0 ∫n∈Z n −2πimt ˆ = f(y)e dt = fm(−t) R ˆ Putting t = 0 in equation (??) and substituting the expression for Fm we get the Poisson summation formula ∑ ∑ ∫ f(n) = f(y)e−2πimydy R n∈Z m∈Z 3.3. The theta function: Let H be the set of complex numbers of the form x + iy with y > 0. Define θ : H → C by the infinite series ∑ θ(τ) = exp(πin2τ) n∈Z The series is absolutely convergent and uniformly convergent on compact sets in H. Clearly θ(τ + 1) = θ(τ). We shall show that θ(−1/τ) = exp(πi/4)τ 1/2θ(τ). (A function satisfying these kind of transformation properties are called modular forms). It is a fact that two holomorphic functions that agree on a line segment agree everywhere. So it is enough to show √ θ(−/it) = tθ(t) for t ∈ (0, ∞). (5) Using Poisson summation formula in the series for θ we get ∑ ∑ ∫ θ(it) = e−πn2t = exp(−πy2t − 2πimy)dy R n∈Z m∈Z Completing squares give ∑ ∫ ∑ ∫ − im 2 − πm2 − πm2 − 2 θ(it) = exp( πt(y + t ) ) exp( t )dy = exp( t ) exp( πy t)dy R R− im m∈Z m∈Z t The integral over the line R − im/t is the limit of the integral over the interval [−im/t − N, im/t + N]. Consider the rectangle with vertices −im/t − N, im/t + N, N and −N. The integrand being holomorphic the integral over the boundary of the rectangle is zero. The integral over the vertical edges tend to zero as N → ∞ because the integrand tends to zero 9 and the length of the curve is finite ( equal to m/t∫ ). So the integral over the∫ two horizontal → ∞ − 2 − 2 edges are equal. taking limit as N we see R−im/t exp( πy t)dy = R exp ( πy t)dy. So ∫ ∑ πm2 1 θ(it) = exp(− ) exp(−πy2t)dy = √ θ(i/t) t R m∈Z t ∑ ∞ −s 3.4. Theta and Zeta: The Riemann zeta function ζ(s) = n=1 n converges absolutely on the set ℜ(s) > 1. The unique factorization∏ of integers into prime powers∏ is encoded in −s −2s ··· − −s Euler’s generating function formula ζ(s) = p(1∑ + p + p + ) = p 1/(1 p ). − ∞ − 2 Consider the function∫ θ1(t) = (θ(it) 1)/2 = n=1 exp( πn t). Taking the Mellin trans- ∞ s dt form M(f)(s) = 0 f(s)t t of this function and interchanging summation and integration relates the theta function to the zeta: ∫ ∫ ∑∞ ∞ ∑∞ ∞ 2 s dt 2 −s −y s dy −s M(θ1)(s) = exp(−πn t)t = (πn ) e y = π Γ(s)ζ(2s) 0 t 0 y n=1 n=1 √ Under the Mellin transform the the modular property theta θ(i/t) = tθ(t) gives the func- tional equation for zeta. We have ∫ ∞ 1 dt π−s/2Γ(s/2)ζ(s) = (θ(it) − 1)ts/2 0 2 t Break up the integral from zero to one and then from 1 to infinity. The second integral is regular because theta decays rapidly as t → ∞. On the integral from zero to 1 we use the transformation property of θ: ∫ ∫ 1 1 dt 1 1 1 dt (θ(it) − 1)ts/2 = (√ θ(i/t) − 1)ts/2 2 t 2 t 0 ∫0 t 1 1 √ (−du) = ( uθ(iu) − 1)u−s/2 ∫∞ 2 u ∫ ∫ ∞ 1 du ∞ 1 du ∞ 1 du = (θ(iu) − 1)u(1−s)/2 − u−s/2 + u(1−s)/2 1 2 ∫ u 1 2 u 1 2 u 1 1 ∞ 1 du − − − (1−s)/2 ℜ = − + (θ(iu) 1)u if (s) > 1 s 1 s 1 2 u Define the completed zeta function by ξ(s) = π−s/2Γ(s/2)ζ(s). From the above we get ∫ ∞ 1 du ξ(s) = −s−1 − (1 − s)−1 + (θ(iu) − 1)(us/2 + u(1−s)/2) (6) 1 2 u The right hand side of (??) is regular except for a simple pole at 0 and 1. Hence this formula extends ξ as a function on C with only simple poles at 0 and 1. Since Γ has simple poles at 0, −1, −2, ··· we find the ζ is regular except for a simple pole at 1 and has zeroes at −1, −2, ··· . The right hand side of (??) is invariant under the substitution s → 1 − s. This gives the functional equation ξ(s) = ξ(1 − s)

10 4. Linear congruence and finite cyclic groups 4.1. Let

p1(x1, ··· , xn) = 0, ··· , pr(x1, ··· , xn) = 0 (7) be a system of r polynomial equations in n variables with integer co-efficients. We want to find all integer solutions to this system. Even to decide if the system has a solution is hard (in fact it can be shown that there is no general algorithm to solve this problem). Instead we might reduce the co-efficients modulo some integer n and try to find x1, ··· , xn in Z/nZ that solves this reduced system. Since Z/nZ is finite this is an easier question, and at least it gives a necessary condition for existence of solutions to the original equations (??). For example, the equation x2 + y2 = 100003 does not have a integer solution since x2 + y2 is never congruent to 3 modulo 4. The equation x(x + 1)(x + 2) = c can have a solution only if c ≡ 0 mod 6. Notation: Given x ∈ Z/nZ, letx ˜ denote any integer such thatx ˜ ≡ x mod n. We say that x˜ is a lift of x to Z. Given y ∈ Z, its image in Z/nZ is denoted byy ¯ and called the reduction of y modulo n. However often, one omits the bar and the tilde to make the notation clean and it does not cause any major confusion. 4.2. Linear congruence: Let a, b, n be integers and consider the congruence equation ax ≡ b mod n (8) Let d = gcd(a, n). If the equation (??) has a solution then b is a integer linear combination of a and n, so b ∈ (a, n) = (d), i.e. d must divide b. Since gcd(a, n) = d there exists integers r and s such that ar + ns = d, i.e. ar ≡ d mod n. Let x0 = r(b/d). Then

ax0 = ar(b/d) ≡ d(b/d) ≡ b mod n So (??) has a solution if and only if gcd(a, n) | b. In group theoretic terms we are saying the following: Let a = da1 and n = dn1. Since a1 and n1 are relatively prime a1 is invertible in Z/n1Z and r is the inverse of a1. Then ax = b holds in Z/nZ if and only if a1x = b1 holds in Z/n1Z and rb1 is a solution to a1x = b1 in Z/n1Z. If x0 and x1 are two solutions then we have a(x0 −x1) ≡ 0 mod n. Multiplying by r we get d(x0 − x1) ≡ 0 mod n. So x1 − x0 is in the subgroup generated by n1. So the set of solutions to (??) in G = Z/nZ is equal to the coset x0 + n1G = {x0, x0 + n1, ··· , x0 + (d − 1)n1}.

4.3. Relatively prime ideals Let R be a commutative ring and mi and mj are ideals. Note that m1m2 ⊆ m1 ∩ m2. Suppose (m1, m2) = (1) (two such ideals are called relatively prime or Co-maximal). There exists elements m1 in m1 and m2 ∈ m2 such that m1 + m2 = 1. If x ∈ m1 ∩ m2 then x = xm1 + xm2 ∈ m1m2. Thus we have (1) If m1 and m2 are co-maximal then m1m2 = m1 ∩ m2. ··· ̸ Suppose m1, , mn are pairwise co-maximal, i.e. (mi, mj) = (1) for∏ all i = j. For each ̸ ∈ ∈ ∈ j =∏i find aj mi and bj mj such that aj + bj = 1. Let b = j≠ i bj ni. Then − − ∈ b = (1 aj) = 1 a for some a mi. So ∏ ··· (2) If m1, , m∏n are pairwise co-maximal and ni = j≠ i mj then mi and ni are co-maximal. r ··· ∩ ··· By (2) m1 and j=2 mj are relatively prime. So by claim 1, m1(m2 mr) = m1 (m2 mr). By induction on r we get ∏ ··· ∩r r (3) Suppose m1, , mr are pairwise co-maximal ideals. Then i=1mi = i=1 mi. 11 Now we can prove the Chinese remainder theorem. Let R be a commutative ring. Let m1, ··· , mr be ideals in R and m = m1m2 ··· mr be their product ideal. Suppose, for all I ≠ j, we have (mi, mj) = (1), Then The map

ψ : R/m → R/m1 × R/m2 × · · · × R/mr

given by ψ(x) = (x mod m1, ··· , x mod mr) is an isomorphism. ≡ ··· ∈ ∩r ∏Proof. Suppose x is in the kernel of ψ. Then x 0 mod mi for i = 1, , r. So x i=1mi = r ∈ i=1 mi = m. Hence x∏= 0 R/m. So ψ is injective. ∈ ∈ Since mi and ni = j≠ i mj are co-maximal we can choose ei ni and mi mi such ≡ ≡ ̸ that mi + ei = 1. Hence ei 1 mod mi and ei 0 mod mj for all j = ∑i. Now, given ··· ∈ × · · · × ˜ ··· ˜ r ˜ (b1, , br) R/m1 R/mr. take any lift (b1, , br) in R and let b = r biei mod m. Then ψ(b) ≡ bi mod mi for each i, hence ψ is onto. 

4.4. Simultaneous linear congruences : Suppose m1, ··· , mr are relatively prime integers and m is the product of m1, ··· , mr. So the ideals (mi) and (mj) are co-maximal for all i ≠ j. From the Chinese remainder theorem we get that Z/mZ ≃ Z/m1Z×Z/m2Z×· · ·×Z/mrZ. So given bi ∈ Z/m1Z for i = 1, ··· r, there exists unique x0 ∈ Z/mZ such that x0 ≡ bi mod mi. So the system of equations x ≡ bi mod mi with relatively prime moduli m1, ··· , mr can always be solved and the set of integer solutions are x0 + mZ where x0 is any solution.

Example: Suppose want to solve 6x ≡ 2 mod 8, 3x ≡ 1 mod 20, 8x ≡ 1 mod 15. (9) Canceling common factors and multiplying in the units in Z/nZ we get the equivalent system x ≡ 3−1 mod 4, x ≡ 3−1 mod 20, x ≡ 8−1 mod 15. (e.g 8−1 ≡ 2 mod 15 ). Applying Chinese remainder theorem We can break them up into a system of relatively prime modulus: x ≡ 3−1 mod 4, x ≡ 3−1 mod 4, x ≡ 3−1 mod 5, x ≡ 8−1 mod 3, x ≡ 8−1 mod 5. Note: 3 ≡ 8 mod 5 so these equations are consistent. Combining these and using 3−1 ≡ 3 mod 4, 3−1 ≡ 2 mod 5 and 8−1 ≡ 2 mod 3 the above system becomes x ≡ 3 mod 4, x ≡ 2 mod 5, x ≡ 2 mod 3

Let (m1, m2, m3) = (4, 5, 3). As in the proof of the Chinese remainder theorem we can now choose (e1, e2, e3) to be

−^1 −^1 −^1 (e1, e2, e3) = ((15 mod 4).15, (12 mod 5).12, (20 mod 3).20)) = ((3−^1 mod 4).15, (2−^1 mod 5).12, (2−^1 mod 3).20) = (3.15, 3.12, 2.20).

So a solution to (??) is given by x0 = 3.45 + 2.36 + 2.40 ≡ 47 mod 60 and all solutions are 47 + 60Z. 4.5. The group of units in Z/nZ: A number 1 ≤ a ≤ n is invertible as an element of Z/nZ if and only if (a, n) = 1. So the group of units U(Z/nZ) has order ϕ(n). Suppose gcd(a, n) = 1. Since the order of an element in a group divides the order of the group we have 12 Euler’s theorem aϕ(n) ≡ 1 mod n. As a special case one gets the Little Fermat’s theorem: if − p is a prime that∏ does not divide a then ap 1 ≡ 1 mod p. r ei Now let n = i=1 pi where pi are distinct primes. By Chinese remainder theorem we Z Z ≃ Z e1 Z × Z e2 Z × · · · × Z er Z have /n /p1 /p2 /pr . So Z Z ≃ Z e1 Z × Z e2 Z × · · · × Z er Z U( /n ) U( /p1 ) U( /p2 ) U( /pr ) Z eZ Thus it is enough to describe the multiplicative group U( /p1 ) where p is a prime. First a lemma from group theory: 4.6. Lemma. Suppose H is a group of order n. Assume the for all d dividing n the set {x ∈ H : xd = 1} has at most d elements. Then H is cyclic. Proof. Let d | n. IF there exists and element y ∈ H of order d then the ⟨y⟩ = {1, y, ··· , yd−1} is a cyclic subgroup of order d and each of its elements satisfy the equation xd = 1. So these must be all the elements satisfying the equation. So the elements of order d in the group are precisely the generators of the cyclic group ⟨y⟩ and there are ϕ(d) of these. So the elements of order d in H are either 0 or ϕ(d). If this number∑ was zero for some d | n, then the total number of elements in the group is strictly less than d|n ϕ(d) = n which is not possible. So there must be an element of order d for each d | n, in particular one of order n.  4.7. Corollary. The multiplicative group of a finite field is cyclic. Proof. If F is a finite field F ∗ = F \{0} satisfies the condition of the lemma, since a polynomial of degree d in can have at most d solutions in a field.  Definition: Let a and n be relatively prime integers. We say that a has order d modulo n if a has order d in the group U(Z/nZ), i.e. r is the smallest positive integer such that ar ≡ 1 mod n. An integer a is called a primitive root modulo n if a generates U(Z/nZ), i.e. it has order ϕ(n) modulo n U(Z/pZ) is a cyclic group of order p − 1. So primitive roots modulo p exist. 4.8. Theorem. (a) Let p be an odd prime. Then The group U(Z/prZ) is cyclic. (b) The group U(Z/2rZ) is the direct product of the group {1, −1} of order 2 with a cyclic group of order 2r−2 which can generated by 5. Proof. (a) Let g be a primitive root modulo p. We claim that either g and g +p is a primitive root modulo p2. Both g and g + p have order divisible by (p − 1) in U(Z/p2Z). Since both of them have order p − 1 in U(Z/pZ). Now (g + p)p−1 − gp−1 ≡ (p − 1)pgp−2 which is not divisible by p2 Since both p − 1 and gp−2 are relatively prime to p. So both g and g + p cannot have order p − 1, hence one of them must have order p(p − 1) (Note: Since ϕ(p2) = p(p − 1) the only possible orders are 1, p − 1, p or p(p − 1)). Thus either g or g + p is a primitive root modulo p2. Suppose g is a primitive root modulo p2. We claim that it is also a primitive root modulo pr for all r. Note that the order of g in U(Z/prZ) is divisible by p(p − 1) and is a factor of pr−1(p − 1), i.e. it the order is equal to pd(p − 1) of some d ≥ 1. Let a = gp−1. By little Fermat gp−1 ≡ 1 mod p, while, since g is a primitive root modulo p2, p2 - gp−1 − 1. So ordp(a − 1) = 1. We claim that pm op(a − 1) = 1 =⇒ op(a − 1) = m + 1 (10) 13 We complete the proof assuming the above equation. Recall g has order pd(p − 1) for some d in U(Z/prZ) and a = gp−1. So pr | apd − 1. But then, equation (??) implies r ≤ d + 1. So the order of g in is U(Z/prZ) is pd(p − 1) ≥ pr−1(p − 1) which is the size of the group U(Z/prZ). We conclude that g is a primitive root modulo pr. It remains to prove formula (??). This is done by induction on m. First we need to prove p p op(a − 1) = 2. For this, write a − 1 = (a − 1)s1 where ∑p−1 j s1 = p + (a − 1) = p + (a − 1)s2 j=1 where 2 p−2 s2 = 1 + (1 + a) + (1 + a + a ) + ··· + (1 + a + ··· + a ) = (p − 1) + (p − 2)a + (p − 3)a2 + ··· + ap−2 = p(p − 1)/2 + (p − 2)(a − 1) + (p − 3)(a2 − 1) + ··· + (ap−2 − 1) 2 p So p | s2, hence p | (a − 1)s2. It follows that op(s1) = 1 which in turn gives op(a − 1) = 2. For d ≥ 1 we have apd+1 − 1 = (apd − 1)b where ∑p−1 ∑p−1 b = (apd )r = p + ((apd )r − 1) = p + (apd − 1)s (11) r=0 r=1 for some s. If d ≥ 1 then by induction hypothesis p2 | (apd − 1), so equation (??) shows pd+1 pd pd+1 pd op(b) = 1. Since a − 1 = (a − 1)b, we have op(a − 1) = op(a − 1) + op(b) = pd op(a − 1) + 1. This completes the proof by induction. 2d (b) We claim that o2(5 − 1) = d + 2 for all d. For d = 0, 1 this is clear. For d ≥ 2 this − − follows by induction from 52d − 1 = (52d 1 − 1)(52d 1 + 1) Since the second term has order 1 modulo 2. The group U(Z/2rZ) has order 2r−1. Suppose order of 5 in U(Z/2rZ) is 2d. Then 2r | 52d − 1 which forces r ≤ d + 2. So the order of 5 in U(Z/2rZ) is at least 2r−2, so the multiplicative group group generated by 5 is equal to {1, 5, 9, ··· , 2r − 3}. 

14 5. Some generalities on field extensions 5.1. Field extensions: In what follows, let K and L be fields and K ⊆ L. We say L/K is a field extension and L is an extension of K. We shall use the same language if L contains a subfield isomorphic to K. Let K be contained in a ring R and m be a maximal ideal of R. Then L = R/m is a field. Since K ∩ m = 0, we see that the composition K → R → R/m is injective, hence L/K is a field extension. If L/K is a field extension L is a vector space over K. The dimension of this vector space is called the degree of the extension and denoted by [L : K]. We say an L/K is a finite extension if [L : K] is finite. Let K ⊆ L and L ⊆ M be finite extensions. If a1, a2, ··· , am is a basis for L as a K vector space and b1, ··· , bn is a basis for M as a L vector space then aibj, for i = 1, ··· , m and j = 1, ··· , n is a basis for M as a K vector space. So K ⊆ M is finite and [M : K] = [M : L][L : K]. 5.2. Algebraic extensions An element a ∈ L called algebraic over K if there exists p ∈ K[x] such that p(a) = 0. Call L/K an algebraic extension if each element of L is algebraic over K. If L/K is finite then for each a ∈ L, the elements 1, a, a2, ··· cannot be all linearly independent over K, so a must satisfy a polynomial over K. Thus finite extensions are algebraic. 5.3. Minimal polynomial: Suppose L/K is an algebraic extension and a ∈ L. Let K[a] and K(a) be respectively the subring and subfield of L generated by K and a. Let ϕ : K[x] → K[a] be the surjective homomorphism obtained by sending x to a. Since K[x] is a PID ker(ϕ) = (p) for some polynomial p. Since a is algebraic over K the kernel of ϕ is non-zero, and since K[a] is an integral domain, ker(ϕ) is a prime. So ker(ϕ) = (p) is a maximal ideal in K[X] and hence K[α] ≃ K[x]/(p) is a field. So we have K[x]/(p) ≃ K[a] = K(a) The polynomial p, obtained as a generator for the kernel of the homomorphism from K[x] to K(a) is unique upto multiplication by nonzero elements of K and is the polynomial of minimal degree such that p(a) = 0. We call p the minimal polynomial of a. If p has degree d then 1, a, a2, ··· , ad−1 forms a basis of K(a) as a K vector space. Hence [K(a): K] = d. Conversely we have the following 5.4. Proposition. Let p be an irreducible polynomial of degree d in K[x]. Then there exists a extension L/K of degree d and a ∈ L such that p(a) = 0 and L = K(a). Proof. Let L = K[x]/(p). Let ϕ : K[x] → K[x]/(p) be the surjection. The composition K → K[x] → L = K[x]/(p) is injective showing that L/K is a field extension. Let a = ϕ(x). Then L = K[a] and p(a) = 0 holds in L.  5.5. Construction of an algebraic closure (Following Artin) Let F be a field. we say that F if F does not have any proper algebraic extension, i.e. every polynomial in F [x] splits into linear factors. 5.6. Proposition. (a) Let K be a field. There exists an algebraic extension K¯ ⊇ K such that F is algebraically closed. We call K¯ an algebraic closure of K. (b) If M ⊇ K is any algebraic extension then there exists an embedding σ : M → K¯ such that σ resticted to K is identity. (c) It follows from (a) and (b) that algebraic closure of K is unique upto isomorphism. 15 Proof. Let K0 = K. We shall construct a sequence of fields K0 ⊆ K1 ⊆ K2 ⊆ · · · where the later ones are obtained by adjoining roots to the irreducible polynomials in the previous ones. Let {fi : i ∈ I} be the set of all monic (i.e. leading coefficient equal to 1) irreducible polynomials in K[x]. For each such polynomial introduce a variable xi and consider the polynomial ring R = K0[xi : i ∈ I]. Let P be ideal in R generated by {fi(xi): i ∈ I}. The ideal P is a proper (Why?). Let m be a maximal ideal containing P . Let K1 = K[xi : i ∈ I]/m. Now repeat the process with K1 instead of K0, and inductively we have a sequence of ⊆ ⊆ ⊆ · · · ¯ ∪∞ fields K0 K1 K2 . Let K = i=1Ki. By construction, each irreducible polynomial ¯ in Ki[x] has a root in Ki+1. Given any p ∈ K[x] there exists n such that all the coefficients ¯ of p are in Kn, so p has a root in Kn+1, i.e. in K. This proves part (a) Given M ⊇ K algebraic let L = {(L, σ): M ⊇ L ⊇ K, σ : L → K¯ }. Define a partial ′ ′ ′ ′ order on L by defining (L, σ) ≤ (L , σ ) if L ⊆ L and σ |L = σ. The set L is nonempty ∗ since (K, id) belongs to it. Given any chain (L1, σ1) ≤ (L2, σ2) ≤ · · · in L let L = ∪Li and ∗ ∗ → ¯ | ∗ ∗ let σ : L K be defined by σ Li = σi. Then (L , σ ) is an upper bound of the chain in L. So there exists a maximal element in L, say (L0, σ0). We claim that L0 = M. If not pick an element a ∈ M \ L0. Since M/L0 is algebraic L0(a)/L0 is a finite extension. Let ′ ¯ p ∈ L0[x] be the minimal polynomial of a. Pick a root a of σ0(p) in K (which exists since K¯ is algebraically closed). Now one can check that sending a to a′ gives an embedding of ¯ L0(a) into K which extends σ0. This proves part (b).  5.7. Remark. An automorphism of a field L is a map σ : L → L that preserves addition, multiplication and inverse and is one to one and onto. Let L/K be a field extension. Let G be a group of automorphisms of L that fix K pointwise, (i.e. g(x) = x for all x ∈ K and g ∈ G. Then the elements of L fixed by G, denoted by LG, forms a subfield of L containing K, called the fixed field of G. In particular, if σ is an automorphism of L that fix K, the elements of L fixes by σ is denoted by Lσ.

6. Finite fields 6.1. Let F be a field. The smallest natural number n, such that n.1 equals zero in F , is called the characteristic of F . If no such number exists then F is said to be of characteristic zero. If F has finite characteristic then the characteristic must be a prime number. Let p is a prime number and 1 ≤ d ≤ p − 1. The map (e 7→ de mod p) from {1, 2, ··· , p − 1} to itself is one to one, so there is an e such that de ≡ 1 mod p. Thus the set of natural numbers modulo p is a finite field that we shall denote by Fp. The multiplicative grop of Fp is cyclic p of order p − 1, so every x ∈ X satisfies x = x. So, if F is any field that contain Fp then σ : F → F defined by σ(x) = xp is an automorphism of F that fix Fp. Let F be a finite field having q elements, q being a natural number. Then F must have n finite characteristic, say p and hence F contains Fp. Let [F : Fp] = n. Then q = p . Recall that the multiplicative group of F is cyclic of order q − 1. So every x ∈ F satisfies the equation xq − x = 0.

6.2. Lemma. Let Fd be the product∏ of all the monic irreducible polynomials of degree d in F pn − p[x]. Then we have x x = d|n Fd(x). 16 pn Proof. Since Fp[x] is an UFD, x − x can be written uniquely as a product of monic ir- d pn − − reducible polynomials which are all distinct, since the derivative of dx (x x) = 1 is non-zero. So, it is enough to show that an irreducible polynomial f of degree d divides xpn − x if and only if d | n. d Let K = Fp[x]/(f) = K(a) where a ≠ 0 is a root of f in K. Since K has order p , the element a must satisfy the equation xpd−1 − 1 = 0, Since f, is minimal polynomial of a over pd−1 Fp, one has f | x − 1. Suppose d | n. Then xpd−1 − 1 | xpn−1 − 1, so f is an irreducible factor of xpn−1 − 1. Conversely, suppose f | xpn − x. Since f(a) = 0, one has apn = a, i.e. a is fixed by the automorphism σn : K → K. Since a generates the extension K, the automorphism σn fixes all of K, i.e. bpn = b for all b ∈ K. Let u be a generator for the multiplicative group of K. Then u has order pd − 1. But upn−1 = 1 too. So pd − 1 | pn − 1 and hence d | n. 

6.3. Proposition. There exists an irreducible polynomial in Fp[x] of any given degree d ≥ 1. F Proof. Let Nd be the number of monic irreducible polynomials of degree d in∑ p[x]. Then n counting degrees in the formula proved in∑ the previous lemma we have p = d|n dNd. By d Mobius inversion, it follows that nNn = d|n µ(n/d)p . The right hand side has atleast one nonzero term pn and is a sum of distinct powers of p with co-efficient ±1, so it cannot be zero.  6.4. Theorem. Let p be any prime number, n be any natural number and q = pn. (a) There exists a finite field of order q. ¯ (b) Let Ω = Fp be a fixed algebraic closure of Fp. Then there is a unique subfield Fq of Ω of order q. It is the set of roots of the polynomial xq − x = 0. n (c) All finite fields of with q = p elements are isomorphic to Fp.

Proof. By previous proposition, there exists an irreducible polynomial f of degree n in Fp[x], n so Fp[x]/(f) is a finite field of order p . This proves (a). Alternatively let Fq be the set of solutions of the polynomial xq − x in Ω. As already noted, the derivative of xq − x is n q nonzero in Fp[x], so it has distinct roots. So Fq has q elements. Note that σ : x 7→ x is an pn n automorphism of Ω and a − a = 0 is equivalent to σ (a) = a, i.e. Fq is a field, namely the fixed field the automorphism σn. This gives another proof of (a). Let F is any subfield of Ω with q elements. Since the multiplicative group of F is cyclic q of order q − 1, every element of F satisfies x = x, thus belongs to Fq. Since both Fq and F have q elements, one has F = Fq. This proves (b). n Any field with p elements contains Fp, hence is an algebraic extension of it, consequently can be embedded in Ω. The image of this embedding, being a subfield of Ω with q elements, must equal Fq. This proves (c) 

17 7. Two proof of quadratic reciprocity (From Serre: Course in arithmetic) Let q = pn be a power of a prime number p.

7.1. Lemma. (a) If p = 2 then all elements of Fq are squares. ̸ F∗ (b) If p = 2 then the squares form a subgroup of order 2 in q, namely the kernel of the 7→ (p−1)/2 F∗ {± } homomorphism x x from p to 1 .

2 Proof. Case (a) follows from the fact that x 7→ x is an automorphism of F2n . In case (b), F ∈ F∗ ∈ 2 let Ω be the algebraic closure of q. Given x q let y Ω such that y = x. We have q−1 (q−1)/2 q−1 y = x = ±1 since x = 1. It follows x is a square if and only if y ∈ Fq i.e. q−1 F∗ 2 7→ (q−1)/2 F∗ − y = 1. Hence ( q) is the kernel of x x . Since q is cyclic of order q 1 the kernel is of index 2.  7.2 The Legendre symbol ( ) Let p be prime number not equal to 2 and x ∈ F∗. Define the Legendre symbol x to be p ( ) p equal to one if x is a square in F∗ and equal to −1 otherwise , in other words x = x(p−1)/2. p ( ) p 0 ′ F Extend the definition by letting p = 0. If x is an integer which has image x in p one ( ) ( ′ ) ( ) ( )( ) writes x = x . One has xy = x y . If x ∈ F∗ has a square root y in the algebraic p p ( ) p p p p F x p−1 closure Ω of p then p = y . 7.3. Lemma. One has, −1 is a square modulo p if and only if p ≡ 1 mod 4 and −2 is a square modulo p if and only if p ≡ ±1 mod 8. In other words ( ) ( ) −1 − (p−1)/2 2 − (p2−1)/8 p = ( 1) and p = ( 1) . 2 − F∗ Proof. The equation x = 1 holds in p if and only if x has order 4 in the multiplicative F∗ 2 ≃ Z − Z | − group ( q) /(p 1) . Such an x exists if and only if 4 p 1. This proves (a). 4 Let α be a primitive 8-th root of unity in an algebraic closure Ω of Fq. Since α − 1 ≠ 0, we have α4 + 1 = 0 and hence α2 + α−2 = 0. It follows that the element y = α + α−1 satisfies y2 = 2. We have yp = αp + α−p (12) ( ) If p ≡ ±1 mod 8 equation (??) implies yp = y, so 2 = yp−1 = 1. If p ≡ ±5 mod 8 then ( ) p p 5 −5 − −1 − 2 p−1 −  y = α + α = (α + α ) = y, so p = y = 1. 7.4. Gauss sums

x Fix a primitive l-th root of unity w in a algebraic closure of Fp. If x ∈ Fl the element w is well defined since wl = 1. Define the quadratic Gauss sum ∑( ) x x y = l w x∈Fl

We shall need two formulas involving Gauss sums. First we claim that in Fp the following equation holds: y2 = (−1)(l−1)/2l. (13) 18 proof of (??). We have ∑( ) ∑ ∑( ) 2 xz x+z u t(u−t) y = l w = w l x,z u∈Fl t∈Fl ∑ ( ) t(u−t) ̸ where Cu = t∈F∗ l . If t = 0 we have l ( ) ( )( ) ( ) t(u−t) −t2 1−ut−1 − (l−1)/2 1−ut−1 l = l l = ( 1) l ∑ ( ) ∑ t(u−t) (l−1)/2 2 u Letting Cu = ∈F∗ , it follows that (−1) y = ∈F Cuw . If u = 0, then ∑ ( ) t l l u l 1 − − −1 F \{ } F∗ C0 = t∈F∗ l = l 1; otherwise s = 1 ut runs over l 1 as t runs over l . So l ( ) ∑( ) ( ) − 1 s − 1 − Cu = l + l = l = 1 s∈F l ∑ u since Fl has equal number of squares and non-squares. Hence Cuw = l − 1 − ∑ u∈Fl u 2 l−1 ∈F∗ w = l − (1 + w + w + ··· + w ) = l.  u l Next, since Ω has characteristic p we have ∑( ) ∑( ) ( ) ( ) p x xp zp−1 z p−1 p y = l w = l w = l y = l y x∈Fl z∈Fl It follows that ( ) p−1 p y = l (14) (7.5.) Theorem (Gauss’( ) quadratic reciprocity law). Let l and p be distinct odd primes. Then l − (p−1)(l−1)/4 p p = ( 1) l . − (l−1)/2 Proof. Equation( (??)) says that y is a square root of ( 1) l in the algebraic( ) closure − (l−1)/2 Ω. Hence ( 1) l is equal to yp−1, which, from equation (??) is equal to p . But ( ) p l (−1)(l−1)/2 l−1 p−1 − 2 2 p = ( 1) . Hence ( ) ( − ) − ( ) p p−1 (−1)(l 1)/2l l−1 p 1 − 2 2 l l = y = p = ( 1) p 

7.6 Gauss’ lemma and Eisenstein’s proof of Quadratic reciprocity F∗ F∗ Let p be an odd prime and let S be a subset of p such that P is a disjoint union of S − { ··· s−1 } ∈ ∈ F∗ and S. Here we shall take S = 1, 2, , 2 . If s S and a p we can write as is the form as = es(a)sa where es(a) ∈ {±1} and sa ∈ S. Gauss’s lemma states that ( ) ∏ a p = es(a) (15) s∈S ′ ̸ ′ proof of equation (??). Is s and s are two distinct element of S then sa = sa (for otherwise ′ s = ±s contrary to the choice of S). This shows that s → sa is a bijection from S onto itself. Multiplying the equalities as = es(a)sa, we obtain, ∏ ∏ ∏ ∏ ∏ (p−1)/2 a s = es(a) sa = es(a) s s∈S s∈S s∈S s∈S s∈S 19 ∏ (p−1)/2 (Hence) a = s∈S es(a) which proves the formula (??) on account of the fact that a (p−1)/2  p = a . 7.7. Example. Using Gauss’ lemma with a = 2 and S = {1, 2, ··· , p−1 } we can prove ( ) 2 2 = (−1)(p2−1)/8. p ( ) − − 2 We have es(2) = 1 if 2s < (s 1)/2 and es(2) = 1 otherwise. From this we get p = (−1)n(p) where n(p) is the number of integers s such that (p − 1)/4 < s ≤ (p − 1)(/2.) If p is − 2 of the form 4k + 1 or 4k 1 then n(p) = k. From this we recover the fact that p = 1 if p ≡ ±1 mod 8 and equal to −1 if p ≡ ±5 mod 8. To prove the quadratic reciprocity law we shall use the following trigonometric formula: for an odd positive integer m, one has (m−1)/2 sin mx ∏ = (−4)(m−1)/2 (sin2 x − sin2(2πj/m)). (16) sin x j=1 proof of equation (??). Let t = eix. We have (m−1)/2 sin mx tm − t−m ∑ = = tm−1 + tm−3 + ··· + t−(m−3) + t−(m−1) = (t2j + t−2j) sin x t − t−1 j=1 Using the binomial expansion of (t2 + t−2)j we can prove by an easy induction that each (t2j + t−2j) is a polynomial of degree j in t2 + t−2. Since sin2 x = −(t2 + t−2 − 2)/4 we find that sin mx/ sin x is a polynomial of degree (m − 1)/2 in sin2 x. Now note that this polynomial has (m − 1)/2 distinct roots sin(2πj/m). The factor (−4)m−1 is obtained by comparing coefficients of ei(m−1)x on both sides.  7.8 Completion of the proof of quadratic reciprocity { ··· p−1 } Proof. Let l and p be distinct odd primes. As before,( ) ∏ let S = 1, 2, , 2 and T = { ··· l−1 } l 1, 2, , 2 . From Gauss’ lemma (??) we get p = s∈S es(l). Now the equality ls = es(l)sl shows that sin(2πls/p) = es(l) sin(2πsl/p). Multiplying these together and using the fact that s 7→ sl is a bijection we obtain ( ) ∏ ∏ sin(2πls/p) l = e (l) = p s sin(2πs/p) s∈S s∈S Now, using the trigonometric formula (??) for m = l we get ( ) ∏ ∏ − ∏ (m−1)/2 2 2 l−1 p 1 2 2 l − 2πs − 2πt − 2 2 2πs − 2πt p = ( 4) (sin ( p ) sin ( l )) = ( 4) (sin ( p ) sin ( l )) s∈S t∈T s∈S,t∈T Interchanging l and p in the last expression sends each factor in( the)( ) product to its negative. − − l p − (l−1)(p−1)/4  Since there are (l 1)(p 1)/4 terms in the product we have p l = ( 1) .

20 8. Gauss sums and Jacobi sums F∗ F∗ − 8.1. Characters of p: Recall that G = p is cyclic group of order p 1. Fix a generator g of G. A (multiplicative) character of G is a homomorphism χ : G → C∗. Clearly the values of such a χ are contained in the set of p−1 roots of unity, χ(1) = 1 and χ(x−1) = χ(x)−1 = χ(¯x). Let ϵ be the trivial character : ϵ(x) = 1 for all x ∈ Fp. We shall extend the domain of the characters to Fp by defining χ(0) = 0 if χ ≠ ϵ and ϵ(0) = 1. If χ and η are characters, let (χη)(x) = χ(x)η(x). Then the set of characters, denoted G∨ becomes a group with identity element ϵ and χ−1(x) = χ(x)−1. This is called the dual group of G. Note that { ∑ p − 1 if χ = ϵ χ(a) = (17) ∈F∗ 0 otherwise a P F∗ − ̸ 8.2. Lemma. The group of characters of P is again a cyclic group of order p 1. If a = 1 then there is a character χ such that χ(a) ≠ 1. Proof. A character χ is determined by its value on g. If χ(g) = exp(2πir/(p−1)) then χ 7→ r F∗ ∨ Z − Z − is an isomorphism from the group ( p) to /(p 1) . The character ξ(g) = exp(2πi/(p 1)) is a generator of the group of characters. (Actually we just showed that for any m ∈ N, The dual of Z/mZ is isomorphic to Z/mZ.) If a ≠ 1 then a = gr for some proper divisor of p − 1, so ξ(a) = exp(2πir/(p − 1)) ≠ 1.  ∨ 8.3. For each a ∈ G, the function ea(χ) = χ(a) defines a character of the dual group G , hence we have a homomorphism e : G → G∨∨. If η ≠ χ are two characters then there exists an a such that (ηχ−1)(a) ≠ 1, i.e. χ(a) ≠ η(a); hence the above map e is injective. Since dual of G∨ is again isomorphic to Z?(p − 1)Z, so it again has p − 1 elements. Hence e defines ∨∨ a canonical isomorphism G → G . THe formula (??) now applied to the character ea of ∨ the group G now gives { ∑ p − 1 if a = 1 χ(a) = (18) ∈ F∗ ∨ 0 otherwise χ ( p) The following lemma shows that characters can be useful in studying solutions of equations over finite fields. For a ∈ Fp, let N(f(x1, ··· , xn) = a) denote the number to solutions of the equation f(x1, ··· , xn) = a where xi ∈ Fp. ∑ n 8.4. Lemma. We have N(x = a) = χ:χn=ϵ χ(a). Proof. If a = 0 the formula is obvious. Assume a ≠ 0. From (??) it follows that, for each ∈ F∗ x p we have { ∑ p − 1 if xn = a χ(x−na) = 0 otherwise χ Adding these over all x ∈ F∗ we get p∑ ∑ ∑ ∑ ∑ (p − 1)N(xn = a) = χ(x−na) = χ(a) χ(x−n) = χ(a) χn(x) ∑ x,χ χ x χ x n − n From (??) it follows that x χ (x)∑ is equal to p 1 whenever χ = ϵ and equal to 0 otherwise. − n −  Hence (p 1)N(x = a) = (p 1) χ:χn=ϵ χ(a). 21 8.5. Gauss Sums: Let ζ = e2πi/p be a primitive p-th root of unity. Let χ be a character of F∗ and a ∈ F∗. Define the Gauss sum p p ∑ at ga(χ) = χ(t)ζ

t∈Fp a Since ζ is a p-th root of unity ζ makes sense for a ∈ Fp. ∈ F∗ ̸ 8.6. Lemma. Let a p and χ = ϵ. Then

g0(ϵ) = p g0(χ) = 0 −1 ga(ϵ) = 0 ga(χ) = χ(a )g1(χ) ∑ at Proof. The first two equations follow from (??). For the third note that S = ∈F ζ = ∑ t p ζa ζa(t−1) = ζaS since, as t varies over F , so does t − 1. Since ζa ≠ 1, we must have t∈Fp p S = 0. ∑ −1 u For the final equation substitute u = at to get ga(χ) = χ(ua )ζ = ∑ u∈Fp χ(a−1) χ(u)ζu = χ(a−1)g (χ).  u∈Fp 1

From now on we shall write g(χ) = g1(χ). √ 8.7. Lemma. If χ ≠ ϵ then |g(χ)| = p. ∑ Proof. We calculate the sum S = g (χ)g (χ) in two different ways. Using the last a∈Fp a a equation from the above lemma, we have ∑ S = χ(a−1)g(χ)χ(a−1)g(χ) = (p − 1)|g(χ)|2 a=0̸

On the other hand ∑ ∑ ∑ ∑ S = χ(x)χ(y)ζa(x−y) = χ(x)χ(y) ζa(x−y) a x,y x,y a The inner∑ sum over a is equal to 0 whenever x ≠ y and is equal to p otherwise. Hence −  S = p x χ(x)χ(x) = p(p 1). Comparing the two expressions for S the result follows. F 8.8. Quadratic Gauss Sum: Since the character group of p is cyclic there is( a unique) character of order 2, the quadratic character given by Legendre symbol: χ(a) = a . Let ∑ ( ) p a at ga(χ) = t p ζ be the quadratic Gauss sum Then ∑( ) ∑( ) ( ) − − − t at s st 1 − (p 1)/2 ga(χ) = p ζ = p ζ = p ga = ( 1) ga(χ) t s It follows that g(χ)2 = (−1)(p−1)/2p √ √ Hence g(χ) = ± p if p ≡ 1 mod 4 and is g(χ) = ±i p if p ≡ −1 mod 4. Infact one can show that the positive sign always holds. 8.9. Jacobi sums: Let χ and λ be two characters of F . Define the Jacobi sum ∑ p J(χ, λ) = χ(a)λ(1 − a)

a∈Fp 22 We shall state a lemma about calculating these sums and then discuss a couple of applica- tions. 8.10. Lemma. Let χ and λ be two differenet non-trivial characters. One has J(ϵ, ϵ) = p, J(ϵ, χ) = 0, J(χ, χ−1) = −χ(−1) and J(χ, λ) = g(χ)g(λ)/g(χλ) Proof. The proofs of the first equation is obvious. The second one is a restatement of (??). Next we calculate J(χ, χ−1): ∑ ∑ ∑ J(χ, χ−1) = χ(a)χ−1(1 − a) = χ−1(a−1 − 1) = χ−1(t) = −χ−1(−1) a=0̸ a=0̸ t≠ −1 For the final equation, note ∑ ∑ ∑ g(χ)g(λ) = χ(x)λ(y)ζx+y = ζt χ(x)λ(y) x,y t x+y=t ∑ ∑ ∑ − − If t = 0 the sum x+y=t χ(x)λ(y) is equal to x χ(x)λ( x) = λ( 1) x(χλ)(x) = 0, since χλ ≠ ϵ. If t ≠ 0 then ∑ ∑ ∑ χ(x)λ(y) = χ(x)λ(t − x) = λ(t) χ(x)λ(1 − t−1x) x+y=t x ∑x = λ(t) χ(ut)λ(1 − u) = (χλ)(t)J(χ, λ). u The last equation now follows.  8.11. Since the character group is cyclic the only characters χ such that χ2 = ϵ are( the) trivial and the quadratic character. So, given a ∈ F by lemma ?? says N(x2 = a) = 1+ a , which ( )p p just says that x2 = a has two solution if a = 1 and no solution otherwise. p ∑ 2 2 2 2 2 Next we try∑ to calculate( ) N((x +) y (=)( 1). Note) that∑N(x) + y∑=( 1)) = a+b=1 N(x = 2 a 1−a a 1−a a 1−a a)N(y = b) = a(1 + p + p + p p . Since a p = a p = 0 ∑( )( ) 2 2 a 1−a N(x + y = 1) = p + p p = p + J(χ, χ) a∈Fp where χ denotes the quadratic character. Since χ2 = ϵ, we have |J(χ, χ)| = |g(χ)g(χ)/g(ϵ)| = 1. So N(x2 + y2 = 1) is equal to p + 1 or p − 1. ∼ Next consider the equation x3 + y3 = 1. If p = 2 mod 3 then there are no nontrivial characters of order∑ 3 (since gcd(3, p − 1) = 1), so N(x3 = a) = 1 for all a. In this case 3 3 3 3 N(x + y = a) = a+b=1 N(x = a)N(y = b) = p. ∼ − If p = 1 mod 3 then let χ be a non-trivial character of order 3, then 1, χ and χ2 = χ 1 =χ ¯ are the characters such that χ3 = ϵ. So, from lemma ?? we get N(x3 = a) = 1+χ(a)+χ2(a). Hence ∑ ∑ N(x3 + y3 = a) = N(x3 = a)N(y3 = b) = (1 + χ(a) + χ2(a))(1 + χ(b) + χ2(b)) a+b=1 a+b=1 = p + 2J(χ, χ¯) + J(χ, χ) + J(¯χ, χ¯) = p − 2 + 2 Re(J(χ, χ)) 23 √ Since J(χ, χ¯) = −χ(−1) = −χ3(−1) = −1. Now, J(χ, χ) = g(χ)2/g(χ2), so |J(χ, χ)| = p. It follows that √ |N(x3 + y3 = 1) − (p − 2)| = p 8.12. Theorem. Let p be an odd prime. (a) The equation a2 + b2 = p has a integer solution if and only if p ≡ 1 mod 4. (b) The equation a2 − ab + b2 = p has integer solution if and only if p ≡ 1 mod 3. Proof. The square of an integer is 0 or 1 modulo 4. So a2 + b2 is 0, 1 or 2 modulo 4. So, if a2 + b2 = p has a solution then one must have p ≡ 1 mod 4. If p ≡ 1 mod 4, the order F∗ F∗ of the character group of p is divisible by 4. Let χ be a character of p of order 4. Since 4 ± ± ∈ Z 2 χ = ϵ, the values of χ are 1 or i, Hence J√(χ, χ) = a + bi [i]. Now Since χ and χ is nontrivial g(χ) and g(χ2) has absolute value p. So p = |J(χ, χ)|2 = a2 + b2. Note that a2 − ab + b2 = (a − b)2 + 3ab and a square is always 0 or 1 modulo 3, hence 2 − 2 ≡ F∗ so is a ab + b . Now, given p 1 mod 3 there exists a character of p of order 3 whose possible values are 1, ω and ω2. So the Jacobi sum J(χ, χ) = a + bω. It follows that p = |J(χ, χ)|2 = a2 − ab + b2. 

24 9. Some more field theory: Seperable and Galios extensions 9.1. Notaions and definitions: Let L/K be a field extension. Fix an algebraic closure K¯ of K. Let a ∈ L and let p(x) ∈ K[x] be a minimal polynomial of a. A root of p in K¯ is called a conjugate of a. So a has atmost d = degp many conjugates. Say that a is an seperable element (over K) if the minimal polynomial p has d distinct roots, i.e. a has d conjugates. Call the extension L/K seperable if each x ∈ L is seperable. Let L ⊇ K be an extension with [L : K] = n. Let [L : K]s be the number of embeddings σ : L → K¯ fixing K (i.e. σ restricted to K is identity). This number is called the seperable degree of L/K. 9.2. An extension M/K is called a simple extension if M can be generated by one element, i.e. M = K(a) for some a ∈ M. Let a1, a2, ··· , ar be the distinct conjugates of a, i.e. the ¯ roots of the minimal polynomial p. An embedding σ : M → K sends a to a conjugate of ai since p(a) = 0 implies p(σ(a)) = 0. Conversely for each conjugate ai one gets an embedding ¯ of M → K by sending a to ai. So the seperable degree of K(a)/K is equal to the number of conjugates of a, i.e. r. Thus, for a simple extension, one has [M : K]s ≤ deg(p) = [M : K]. If M/K is seperable then p must have deg p many distinct roots, so [M : K]s = [M : K]. 9.3. Lemma. Let L/K be an algebraic extension and let M be a field such that L ⊇ M ⊇ K. (a) Then one has [L : K]s = [L : M]s[M : K]s. (b) L/K is seperable if and only if L/M and M/K are seperable. (c) One has [L : K]s ≤ [L : K] and equality holds if and only if L/K is seperable. Proof. Fix an algebraic closure M¯ ⊇ M. Let τ : M → K¯ be an embedding fixing K. By uniqueness of algebraic closure upto isomorphism there exists an isomorphism µ : M¯ → K¯ whose restriction to M is τ. Choose an embedding λ : L → M¯ fixing M. then σ = µ ◦ λ is an embedding of L → K¯ that extend τ. The number of such σ is the same as the number of ¯ ¯ λ : L → M which is [L : M]s. In other words, each embedding M → K can be extended to ¯ ¯ an embedding L → K in [L : M]s ways. conversely each embedding σ : L → K arises this ¯ way, as an extension of the embedding σ|M : M → K. This proves part (a). Suppose L/K is seperable. Since each x ∈ M is also an element of L the minimal polynomial of x must have distinct roots, so M/K is seperable. Now let y ∈ K. The minimal polynomial of y over M is a factor of its minimal polynomial over K, so must have distinct roots, whence L/M is seperable too. This proves one implication of (b). Pick a ∈ L \ K and let M = K(a). By the paragraph preceeding the Theorem we have [M : K]s ≤ [M : K]. Since [L : M] < [L : K], by induction we may assume [L : M]s ≤ [L : M]. Using part (a) we now get [L : K]s = [L : M]s[M : K]s ≤ [L : M][M : K] = [L : K]. If L/K is seperable, then [L : K] = [L : K]s follows by similar induction. Conversely, suppose [L : K] = [L : K]s. To finish the proof of (c) we have to show that, for each a ∈ L, the minimal polynomial p(x) of a has deg(p) many distinct roots. Let M = K(a). From our assumption that [L : K] = [L : K]s we get [L : M][M : K] = [L : M]s[M : K]s. Since the seperable degree is always less than equal to the degree, one must have [M : K] = [M : K]s. So the minimal polynomial p of a must have [M : K] = deg p many distinct roots. This finishes part (c). If L/M and M/K are seperable, then [L : M]s = [L : M] and [M : K]s = [M : K], so [L : K]s = [L : K] which, now implies L/K is seperable, thus proving the other implication of (b).  25 9.4. Example. Let K be a field of characteristic zero. Then any algebraic extension L/K is seperable. proof: Let p(x) be the monic minimal polynomial of a. Then the derivative p′(x) ≠ 0. If p has a repeated root in K¯ then p and p′ would have a a common factor, which implies, p | p′ since p is irreducible, hence a prime. But this is impossible since p′(x) is a nonzero polynomial of degree less than p(x). Any algebraic extension K/Fq is also seperable. For a ∈ K, the field Fq(a) is again a finite qn field, so Fq(a) ≃ Fqn for some n. So a satisfies the polynomial x − x, which, as we know has all distinct roots. 1/p standard example of nonsep. extn is Fp(t) ⊆ Fp(t )). 9.5. Theorem (Primitive element theorem). If L/K is seperable. Then there is an γ such that L = K(γ). Proof. If K is finite then we know this from the structure theorem for finite fields. So assume that K is infinite. Let L = K(α, β) be a seperable extension of degree n. Then there are ¯ n distinct embeddings {σ1, ··· , σn} of L in K. We want to produce an element γ ∈ L which has n distinct∏ conjugates because then K(γ) = L. The trick is to look at the nonzero − − polynomial P (x) = i≠ j(σiα σjα + X(σiβ σjβ)). There is a c in K such that P (c) is nonzero which implies that γ = (α+cβ) has n distict images under the σi, i.e. has n distinct conjugates.  9.6. Lemma. If E is an algebraic seperable extension of k such that every element of E has degree less than of equal to n then [E : k] ≤ n. Proof. Pick α so that [k(α): k] = m is maximal. If β is E but not in k(α) then k(α, β) has larger degree. But by primitive element theorem this extension is also simple with degree larger than m contradicting maximality of m. So E = k(α).  An extension L/K is normal if any irred. poly. in K splits in L into linear factors; equivalently if any embedding of L in Kalg over K is an automorphism of L.(example of not normal extension: Q ⊆ Q(21/3)) An extension L/K is Galois if its normal and seperable. G = gal(L/K) is the Galois group: the group of automorphisms of L over K. Since the seperable degree is less than or equal to the degree n of the field extension the size of the Galois group is also bounded by the same number n. For a field F with K ⊆ F ⊆ L its easy to see that L/F is both normal and seperable while F/K is seperable. 9.7. Theorem (Fundamental theorem of Galois theory). The map F 7→ gal(L/F ) = H sets up a inclusion reversing bijection (the Galois correspondence) from the subfields of L containing K and the subgroups of G, with inverse given by H 7→ LH : the fixed field of H. The extension L/F is Galois with galois group H. The extension F/K is normal (Galois) iff H is normal in G and in that case gal(F/K) = G/H. Claim: First we show that for a Galois extension K/k with Galois group G, one has KG = k. proof of the claim. Let α ∈ KG and σ be any embedding of k(α) in kalg fixing k. Then σ induces an automorphism of K and so fixes α. Thus the seperable degree of k(α) over k is one showing that they are equal. Hence the claim.  Coming to the proof of the fundamental theorem, the extension L/F is clearly Galois. If H is the Galois group then F = LH by the above claim. Hence the injectivity of the 26 corresopndence F 7→ gal(L/F ). (note that this part of the theorem holds even for infinite extensions). The surjectivity follows from Artin’s theorem: 9.8. Theorem (Artin’s theorem). Let G is a finite group of automorphisms of L of order n and k = LG be the fixed field. Then L/k is Galois of degree n with Galois group G.

Proof. Let α in L and σ1, ··· , σr be a maximal set of elements of G with distinct images of { ··· } α∏. Then every element of G permutes the set σ1α, , σrα . So the polynomial f(x) = r − i=1(x σiα) has α has coefficients in k and has α as a root. f splits in L into distinct linear factors implying L/k is Galois. By the Lemma following Primitive element theorem we have [L : k] ≤ n. The Galois group of L/k contains G, but the size of the Galois group is bounded by the degree of the extension we get that G must be the full Galois group.  Now we prove the last part of the fundamental theorem. Let F/K be a normal extension. Then σ 7→ σ|F is a homomorphism from G = gal(L/K) to gal(F/K) with kernel H = gal(L/F ). So H normal subgroup of G. Furthermore any automorphism of F over K extends to an embedding and hence an automorphism of L showing that G 7→ gal(F/K) is onto proving gal(F/K) = G/H. Conversely if F is not a normal extension then there is an embedding λ of F into L over K such that λF ≠ F . Then gal(F/λK) = λgal(F/K)λ−1 and gal(F/k) are conjugate and belong to distinct subfields F and λF , so they are not equal, showing that gal(F/K) is not normal. This completes the proof of the main theorem. The normal basis theorem: If L/K is a finite Galois extension and then there is an element w in L such that its images under gal(L/K) form a basis of L/K. −1 Proof. For a infinite field K look at the polynomial det(σi σj) as a polynomial function of the automorphisms σ1, ··· , σn in gal(L/K). This polynomial is nonzero, so find an w in L −1 ̸ ··· with det(σi σj(w)) = 0. Now a relation a1σ1(w) + + anσn(w) = 0 with ai in K implies −1 −1 n linear equations by applying σi to it. Since ((σi σj(w))) is invertible ai must all be zero. 

27 10. Ring of integers in number field-Trace, Norm, Discriminant and integral basis A complex number a is called an algebraic integer if a satisfies a monic polynomial with integer coefficients. 10.1. Lemma. Let f(x) be the monic minimal polynomial of a over Q. Then a is an algebraic integer if and only if the coefficients of f(x) are integers. Proof. Let f be the monic polynomial of minimal degree with integer coefficients such that f(a) = 0. We claim that f is irredecible in Q[x] i.e. it is the monic minimal polynomial of a. If f(x) is not irreducible, let f = gh is a factorization in Q[x], with g and h monic. Let m and n be the least integers such that the coefficients of mg and nh are integers. If mn > 1 let p be any prime dividing it. Reducing the coefficients modulo p in (mn)f = (mg)(nh) we ¯ ¯ ¯ get the equation 0 = (mg)(nh) in Fp[x]. Since Fp[x] is a domain, eithermg ¯ or nh is zero, which means either all the coefficients of mg are divisible by p or all the coefficients of nh are. But this contradicts the minimality of m or n.  10.2. Proposition. For a complex number a, the following are equivalent. (a) The number a is an algebraic integer. (b) The additive subgroup Z[a] is finitely generated. (c) There is a finitely generated abelian group A ⊆ C such that aA ⊆ A. Proof. If a is integral, there is some n such that an can be written as a integer linear combination of ai for i < n. So 1, a, ··· , an−1 generates the additive group Z[x]. This proves (a) =⇒ (b). For (b) =⇒ (c) take A = Z[x]. The implication (c) =⇒ (a) ··· requires a trick.∑ Assume (c). Suppose the additive group A is generated by v1, , vn. ∈ Z Then avi = j mijvj for some mij . These n linear equations are equivalent to the matrix equation (aI − M)v = 0 where v is the column vector with entries v1, ··· , vn and M = ((mij)). So the matrix aI − M is not invertible, and f(a) = det(aI − M) = 0, f being a monic polynomial in Z[x].  10.3. Corollary. The set of algebraic integers forms a ring.

Proof. Suppose a and b are two algebraic integers. If u1, ··· , un generate Z[a] and v1, ··· , vm generate Z[b] then the mn numbers uivj generate A = Z[a, b]. Thus A is a finitely generated additive subgroup of C such that (a ± b)A ⊆ A and (ab)A ⊆ A. This proves (a ± b) and ab are algebraic integers too.  10.4. Definition. Let A denote set of algebraic integers. A finite extension K of Q is called an (algebraic) number field. The set of algebraic integers in K, i.e. K ∩ A forms a subring of K called the ring of integers in K, and denoted by OK . This ring is going to be our main object of study for a while. 10.5. Definition. Let L/K be an extension of number fields, i.e. Q ⊆ K ⊆ L ⊆ Q¯ , [L : K] = n. Since L/K is seperable there are n distinct embeddings σ1, ··· , σn of L into C fixing K. ∏ ∈ L n For a ∑L, define the norm and trace of L relative to K to be NK (a) = i=1 σi(a) and L n Q T rK (a) = i=1 σi(a) respectively. If K = we drop the super and subscripts. 28 10.6. Lemma. Suppose L ⊇ M ⊇ K, Let [M : K] = d, [L : M] = m and n = md. L M ◦ L L M ◦ L (a) We have NK = NK NM and T rK = T rK T rM . ∈ L L (b) For a L, the values NK (a) and TK (a) belong to K. If a is an algebraic integer then so is the norm and trace.

Proof. Let λ1, ··· , λd be the embeddings of M fixing K and τ1, ··· , τm be the embeddings of L fixing M. Let S be the normal extension containing L (e.g. take an u such that L = Q(u) and let S be the splitting field of the minimal polynomial of u). Each λi and τi extend to an automorphism of S which we denote by the same letter. So we can compose them as automorphism of S. Suppose the automorphisms λi ◦ τj and λi′ ◦ τj′ |L are equal when restricted to L. Then, in particular they are equal when applied to b ∈ M. But τ’s restricted ′ ′ to M are identity. So λi(b) = λi′ (b) for all b ∈ M, whence i = i . It follows that j = j too. Thus we see that the compositions λi ◦ τj to L are all distinct and thus gives all the n embeddings σ1 ··· , σn of L fixing K. Part (a) now follows. ∈ L M m For a L, let M = K(a). By part (a) it is enough to show that NK (a) = (NK (a)) L M M M and T rK (a) = mT rK (a), where m = [L : M]. So it is enough to show NK (a) and T rK (a) n d−1 are in K. This is true, for, if p(x) = x + ad−1x + ··· + a0 is the minimal polynomial of M − M − d a in K[x], then T rK (a) = a∏d−1 and NK (a) = ( 1) a0. (recall: in the splitting field the −  polynomial p splits as p(x) = i(x λi(a))).

10.7. Definition. Suppose K/Q be an extension of degree n. Let σ1, ··· , σn be the n distinct embeddings of K in C. The discriminant of an n tuple a1, ··· , an is defined as 2 ∆(a1, ··· an) = det(σi(aj)) = det(T r(aiaj)). The last two expressions are equal, since, if M is the matrix ((σ (a ))), then T r(a a ) = ( ) (i j) i j ∑ b1 a1 ′ . . k σk(ai)σk(aj) is equal ij th entry of M M. Suppose . = T . for some matrix T . bn an Applying the embedding σj one gets ((σi(bj))) = T ((σi(aj))) and hence 2 ∆(b1, ··· , bn) = det(T ) ∆(a1, ··· , an)

10.8. Proposition. The discriminant ∆(a1, ··· , an) is zero if and only if a1, ··· , an are linearly dependent. ∑ ∑ Proof. If j cjaj = 0 be a non-trivial linear dependence relation then one has j cjσi(aj) = 0 for all i. Hence c is in the kernel of the matrix ((σi(aj))) and its determinant is zero, i.e. the discriminant is zero. Conversely, if the discriminant is zero, let cM = 0, where M = ((T r(aiaj))) and c∑is not ··· the zero vector. Suppose, if possible a1, ∑, an are linearly independent. Then a = i ciai ··· is a nonzero vector such that T r(aaj) = i ciT r(aiaj) = 0 for j = 1, , n. But since a1, ··· , an are linearly independent over Q, so is aa1, ··· , aan, hence they form a basis for K/Q. Writing elements of K in the basis aa1, ··· , aan it follows that T r(b) = 0 for all b ∈ K which is absurd. 

10.9. Proposition. Suppose L = K[a] and let σ1(a) = a1, ··· , σn(a) = an be the conjugates of a over K. Then ∏ n−1 2 n(n−1)/2 ′ ∆(1, a, ··· , a ) = (ar − as) = (−1) N(f (a)) 1≤r

10.11. Lemma. Any non-zero ideal A in OK contains a basis for K over Q. Proof. Note that, for any a ∈ K there exists an integer m such that ma is an algebraic integer. (for example we can take m to be the leading coefficient of a polynomial in Z[x] having a as a root). Thus, there exists algebraic integers a1, ··· , an that form a basis for K as a Q-vector space. If a is a non-zero element of the ideal A then aa1, ··· , aan are elements of A which also form a basis for K as Q vector space. 

10.12. Proposition. Let A be an non-zero ideal in OK . Let a1, ··· , an be elements of A that form a Q-basis of K. (a) Let d = ∆(a1, ··· , an). Then every a ∈ A can be written uniquely as a linear combination ··· | 2 a = (m1a1 + + mnan)/d where d mj for all j. (b) If a1, ··· , an are chosen such that |∆(a1, ··· , an)| is minimum then A = Za1 + ··· + Zan. Both part (a) and part (b) show that A is a free abelian group of rank n = [K : Q]. ∑ ··· C Proof. (a) As before let σ1, , σn be the embeddings of K in , σ1 = id. Write a = j cjaj with cj ∈ Q. Applying σi one gets ∑ σi(a) = cjσi(aj) j

Let M = ((σi(aj))) and m = det(M). Solving these linear equations for cj by Cramer’s rule we get cj = gj/m, where gj = det(Gj) where Gj is the matrix obtained by replacing the j-th ′ column of M by (σ1(a), ··· , σn(a)) . Since a and aj are all algebraic integers, so are gj and m. Since the enties of the first rows of M and Gj belong A, so does m and gj. One also 2 has m = d. It follows that dcj = mgj is an algebraic integer but also a rational number, so ∈ Z 2 2 2 2 ∈ A ∩ Q Z dcj = mj . Further, mj /d = m gj /d = gj = . (b) Suppose there exists a ∈ A such that a = (c1a1 + ··· + cnan)/r with ci and r are integers such that r does not divide ci for some i. Without loss assume r does not divide c1 and write c1/r = s + f where s is an integer and 0 < f < 1 is a proper fraction. Define − c2 ··· cn ··· ··· b1 = a sa1 = fa1 + r a2 + + r an, and bi = ai for i = 2, n. Then b1, , bn is another Q basis of A and the matrix taking aj’s to bj’s is upper triangular with diagonal entries equal to (f, 1, ··· , 1), so has determinant f. This implies ∆(⃗b) = |f|2∆(⃗a), which contradicts the minimality of ∆(⃗a).  30 10.13. Corollary/Definition: If a1, ··· , an and b1, ··· , bn are two integral bases of A, one has a = Mb for some integrer matrix M. It follows that ∆(⃗a) = det(M)2∆(⃗b). So ∆(⃗b) | ∆(⃗a). Reversing the roles of ⃗a and ⃗b one gets ∆(⃗a) | ∆(⃗b). Thus det(M) must equal ±1, and ∆(⃗a) = ∆(⃗b). In other words, the discriminant of an integral basis of OK is an invariant of the number field K (or the ring OK ). This rational integer is called the discriminant of K and denoted by ∆K . Let K and L be two number fields, [K : Q] = m and [L : Q] = n. Assume that K and L are disjoint extensions of Q, i.e. K ∩ L = Q, and let KL be the composite. Then [KL : Q] = mn. We shall end this sectiono with a result relating the ring of integers of the composite KL in terms of those of K and L. The discriminant plays a prominent role in it.

10.14. Proposition. With the above setup, suppose d = gcd(∆K , ∆L). Then the ring of 1 O O integers of KL is contained in d k L. Proof. We shall need the following fact from field theory: Given embeddings σ : K → C and τ : L → C, there exists and embedding of KL into C whose restriction to K and L is σ and τ respectively. Let a1, ··· , am and b1, ··· , bn be integral basis for OK and OL respectively. Then the mn numbers aibj forms an Z-basis for OK OL and also a Q basis for KL. Write an algebraic integer a of KL in the form ∑ m a = ij a b r i j ij where mij, r ∈ Z such that there is no common prime factor of these mn + 1 numbers. We need to show r | d, i.e. that r divides δK and ∆L. By the field theory fact, each automorphism → C σj : K extends to an automorphism∑ of KL fixing L. Applying∑ the automorphisms σk to mij the above equations one gets σk(a) = i ciσk(ai) where ci = j r bj. Solving the equations 2 for ci by Cramer’s rule we have c=γj/δ where γj and δ are algebraic integers and δ = ∆K . It follows that ∑ ∆ m γ δ = ∆ c = K ij b j K j r j j In the above equations the first expression is an algebraic integer while the third is in L. So ∆K cj is in OL. But b1, ··· , bn forms an integral basis for OL. It follows that r | ∆K mij for all i, j. Since there are no common factor between r and mij we must have r | ∆K . Interchaning the role of K and L one gets r | ∆L.  proof of the field theory fact. Since [KL : K] = n the automorphism σ : K → C has n distinct extensions to KL. Let τ1, ··· , τn be the restriction of these embeddings to L. Then τj are all distinct. On the other hand, since [L : Q] = n there are a total of n embeddings of L into C, so τ1, ··· , τn are all the embeddings. So τj = τ for some j.  CALCULATIONS FOR CYCLOTOMIC EXTENSIONS

2πi/d Let d be a natural number and ζd = e . The monic irreductible polynomial of ζd is d called the d’th cyclotomic polynoial and denoted by Φd(x). Since ζd satisfies x − 1 (a monic 31 polynomial in Z[x]), ζd is an algebraic integer, so Φd(x) ∈ Z[x]. The fields Q(ζd) are called cyclotomic fields. ∏ n − 10.15. Lemma. (a) For any natural number n one has x 1 = d|n Φd(x). (b) One has [Q(ζd): Q] = deg(Φd(x)) = ϕ(d). The ϕ(d) primitive roots of unity are the roots of Φd(x), so they are conjugates.

Proof. A root of Φd, i.e. a conjugate of ζd is again a primitive d’th root of unity, hence has 2πir/d the form e where 1 ≤ r < d and gcd(r, d) = 1. So deg(Φd) ≤ ϕ(d). | n − n | n − If Φd x 1 then ζd = 1, so d n. All the roots of x 1 are roots of unity so each irreducible factor of xn − 1 in Q[x] must be a cyclotomic polynomial, i.e. it must be | n − Φd for some d n. Since x 1 has no repeated∏ roots, none of these irreducible factors n − r ··· can be repeated. Thus we have x 1 = i=1 Φdi (x) for∑ distinct divisors d1, , dr of n. But recall that deg(Φ ) ≤ ϕ(d ). and we know n = ϕ(d). So the only way the ∑ di i d|n r ··· equation n = i=1 deg(Φdi ) can be true is if d1, , dr are all the divisors of n and moreover deg(Φd) = ϕ(d) for each d | n. This proves both part (a) and (b).  If K = Q[a] is a number field of degree d, let us denote ∆(1, a, a2, ··· , ad−1) by ∆(a).

ϕ(d) 10.16. Lemma. One has ∆(ζd) | d . d Proof. We can write x − 1 = Φd(x)g(x) for some monic polynomial g(x) ∈ Z[x]. Differ- ′ entiating the equation and substituting x = ζd, we get d = ζΦd(ζd)g(ζd). The lemma now ′ ± ∈ Z  follows by taking norm and noting that N(Φd(ζd)) = ∆(ζd) and N(ζdg(ζd)) .

10.17. Theorem. The ring of integers of Q[ζd] is equal to Z[ζd].

Proof. Let R be the ring of integers of Q[ζd]. We shall first prove the theorem when d is r pr − ∏a prime power, d = p . Let ζ = ζpr . First we need a bit of groundwork. Since x 1 = r t=0 Φpt (x), for all r, we get ∑r−1 pr pr−1 s.pr−1 Φpr (x) = (x − 1)/(x − 1) = x ∏ s=0 k But Φpr (x) = ∈ Z rZ ∗ (x − ζ ). Substituting x = 1 one gets k ( /p ) ∏ N(1 − ζ) = (1 − ζk) = p (19) k∈(Z/prZ)∗ r Coming to the proof∑ proper, let n = ϕ(p ), and d = ∆(ζ) = ∆(1 − ζ). By ?? we can write ∈ 1 n−1 − j ̸ Z − ∈ any a R as a = d i=1 mj(1 ζ) . If R = [1 ζ], there exists b R of the form − 1 ∑n 1 b = m (1 − ζ)j (20) p j j=i−1 n such that p - mi. The equation (??) implies that p/(1 − ζ) ∈ Z[ζ]. In the equation (??) i above, i ≤ n, so pb/(1 − ζ) ∈ R. But then (??) implies mi−1/(1 − ζ) ∈ R. Taking norm we get p = N(1 − ζ) | N(mi−1) contradicting p - mi−1. This proves the theorem for m equal to a prime power. The general case now follows from ?? and ??. 

32 11. Primes in rings of integers 11.1. Lemma. Let K be an extension of Q of degree n. (a) Each non-zero ideal A of OK contains a nonzero integer. (b) Each nonzero ideal A of OK has finite index in OK . Proof. The norm of any nonzero element of A is an integer that belong to A. If r is a natural number belonging to A, then OK /rOk surjects onto OK /A. But Ok as an additive group is n n just Z , so OK /rOK has r elements. So OK /A has fewer. 

11.2. Definition. The index of an ideal A, i.e. |OK /A| is called the norm of the ideal A and denoted by ||A||. 11.3. Definition. Let R be a commutative domain and K be its fraction field. The ring R is called a Dedekind domain if it has the following three properties. (1) R is Noetherian, i.e. the ideals of R are finitely generated or equivalently any non- empty collection of ideals has a maximal element or equivalently any increasing chain of ideals I1 ⊆ I2 ⊆ · · · in R stabilizes, i.e. there is an n such that In = In+1 = ··· . (2) every non-zero prime in R is maximal. (3) R is integrally closed, i.e. any element x ∈ K that is integral over R belongs to R.

11.4. Theorem. The ring of integers in OK in a number field is a Dedekind domain.

Proof. The ring of integers OK is Noetherian because every non-zero ideal has finite index in R, thus can have only finitely many proper ideal containing it. If P is a non-zero prime ideal then R/P is a finite integral domain, hence a field, so P is maximal. If a ∈ K satisfies a monic polynomial in Ok[x], then A = OK [a] is additively finitely generated over OK . Since OK itself is finitely generated over Z, A is finitely generated additive group over Z. But aA ⊆ A, implying a is an algebraic integer in K, i.e. that a ∈ OK .  Now, we shall study the structure of ideals in a Dedekind domain. Because of the theorem above, all these results hold, in particular, for Ok. 11.5. Definition. For any ideal A in R define A−1 = {x ∈ K : xA ⊆ R}. 11.6. Theorem. Let P be a nonzero prime ideal in R. then PP −1 = R. We shall need a couple of lemmas. 11.7. Lemma. Let A be any nonzero ideal in R. Then A contains a product of nonzero prime ideals. Proof. Suppose the lemma is not ture. Among the nonzero ideals that does not contain a product of primes, chose a maximal member A, (by Noetherian property). In particular A is not a prime, so there exists a, b∈ / A such that ab ∈ A. Since A + (a∏) and A + (b) are r ⊆ strictly∏ bigger ideal than A, they contains a product of primes. Suppose i=1 Pi A + (a) s ⊆ ··· ··· ⊆ and i=1 Qi A + (b). But then P1 PrQ1 Qs (A + (a))(A + (b)) = A which is a contradiction.  11.8. Lemma. For any nonzero proper prime ideal P one has P −1 ) R. 33 Proof. Pick a nonzero element a ∈ P . Using the above lemma pick non-zero prime ideals P1, ··· ,Pr such that P1 ··· Pr ⊆ (a) and r is minimal. Then P | P1 ··· Pr, so P | Pi for some i, i.e. P = Pi for some i. Without loss, assume that P = P1. Now we have PP2 ··· Pr ⊆ (a) ⊆ P . Since r was minimal P2 ··· Pr * (a). So we can pick b ∈ P2 ··· Pr \(a). −1 −1 −1 −1 −1 Then a bP ⊆ a PP2 ··· Pr ⊆ a (a) = R, so x = a b ∈ P . But since b∈ / (a), x∈ / R.  proof of the equation PP −1 = R : Suppose not. Then PP −1 is a proper ideal containing P . Since each nonzero prime is maximal, one gets P = PP −1. So for each x ∈ P −1 we have xP ⊆ P . This implies x is integral over R (the determinant trick). But R is integrally closed, so x ∈ R, i.e. P ⊆ R, contradicting the lemma above.  Now we can prove 11.9. Theorem. Any nonzero ideal A in a dedekind domain R can be uniquely written as a product A = P1 ··· Pr, where Pi are not necessarily distinct, non-zero prime ideals. Uniqueness of the decomposition means that if A = P1 ··· Pr = A1 ··· Qs are two such decomposition, then r = s and the list of ideals P1, ··· ,Pr are Q1, ··· ,Qr are same upto permutation.

Proof. If P1 ··· Pr = Q1 ··· Qs, then Pi | Q1 ··· Qs. Since P1 is a prime P1 must divide ≤ ≤ −1 ··· Qj for some j, so P1 = Qj for some 1 j s. Multiplying by P1 we get P2 Pr = Q1 ··· Qj−1Qj+1 ··· Qn. The uniqueness follows by repeating the arguement. ··· Let A be∏ any non-zero ideal. Using lemma ??, choose a minimal set of primes P1, Pr such that Pi ⊆ A. Since A is proper there is a maximal ideal Q ⊇ A. Then Q is one of the ··· ⊆ −1 ⊆ −1 Pi’s, without loss, say Q = P1. Then P2 Pr P1 A P1 P1 = R. Since r was minimal −1 ̸ −1 P1 A = R, so is a proper ideal. By repeating the argument with AP1 instead of A we get ··· ⊆ −1 −1 ⊆ −1 −1 ̸ P3 Pr AP1 P2 R. Again, since r was minimal AP1 P2 = R. By induction one ⊆ −1 ··· −1 ⊆ −1 ··· −1  gets R AP1 Pr R, i.e. R = AP1 Pr . 11.10. Corollary. Let A, B and C be ideals in a Dedekind domain. (a) If AB = AC, then B = C. (b) If A ⊆ B then there is an ideal D such that A = BD, i.e. B | A. ··· −1 Proof. Part (a) follows by writing A = P1 Pr and multiplying both sides by each Pi successively. For part (b) let A = P1 ··· Pr and B = Q1 ··· Qs. Since A ⊆ B, Q1 | P1 ··· Pr, so Q1 is equal to one of the Pi. Cancelling them successively we get the result. 

11.11. Corollary. (a) Let A be any non-zero proper ideal with factorization A = P1 ··· Pr. −1 −1 ··· −1 −1 −1 ) Then A = P1 Pr . One also has AA = R and A R. (b) Further, let a be any non-zero element of A and B = {y ∈ R: yA ⊆ R}. Then B is an 1 −1 ideal in R such that a B = A and AB = (a). −1 ··· −1 −1 Proof. Ler B = P1 Pr . Since PP = R for all primes, we have AB = R. Clearly B ⊆ A−1. Conversely, if x ∈ A−1, then xA ⊆ R, then xAB ⊆ B. But AB = R, so x ∈ B. So A = B−1 and AA−1 = R. Since A is contained in some prime P , A−1 ⊇ P −1. But already P −1 ) R. This proves part (a) 1 ⊆ −1 ∈ −1 ∈ ⊆ ∈ Clearly a B A . Conversely, if x A , then ax R and axA (a). So ax B which −1 ⊆ 1  implies A a B. Part (b) now follows. 34 11.12. Lemma. For ideals I and J in OK one has ||I||.||J|| = ||IJ||. Proof. If I and J are relatively prime then the result follows from R/IJ ≃ R/I × R/J , i.e. the Chinese remainder theorem. By unique factorization into powers of prime ideals, it is enough to prove the lemma for I = P e where P is a prime. In this case |R/P e| = |R/P ||P/P 2| · · · |P e−1/P e|. Here R/P is a finite field and each P r/P r+1 is a vector space over it. If x ∈ P r \ P r+1 then P r+1 ( (x) + P r+1 ⊆ P r. Since (x) + P r+1 has a unique factorization into prime ideals, one must have (x) + P r+1 = P r. It follows that P r/P r+1 is a one dimensional vector space over R/P so |R/P | = |P r/P r+1| for each r. The result follows. 

11.13. Definition. Let I and J be non-zero ideals in OK . Define an equivalence relation ∼ on the set of non-zero ideals of OK by letting I ∼ J if there are nonzero elements a, b ∈ OK such that aI = bJ. The equivalence classes are called the ideal classes. The above results show that the set of ideal classes form a group, the class of principal ideals being the identity element. This group, denoted Cl(K), is called the class group of K. We shall soon see that this is a finite group. This is one of the most important invariant of the number field K. Now we fix some notation for the rest of this section.

11.14. Definition. Let L/K is an extension of number fields of rank n, let OK = R and OL = S, R ⊆ S. If Q is a prime ideal in S, then P = Q ∩ R is a prime ideal in R. We say that Q lies over P . 11.15. Lemma. Given a non-zero prime ideal P ∈ R is a proper ideal of S. So, for each proper prime ideal P , there is atleast one prime Q of S such that Q lies above S. Proof. We claim that 1 ∈/ PS. To see this, pick a ∈ P −1 \ R, then aP S ⊆ S. If PS did contain 1, we would have a ∈ S, implying a is an algebraic integer. But a is not an algebraic integer, since a ∈ K \ R. Now, the proper ideal PS can be decomposed into primes in S as PS = Q1 ··· Qs. For each i, one has Qi ∩ R is a proper ideal containing P , hence Qi ∩ R = P . So each prime P of R lies under atleast one prime of S.  11.16. Definition. Suppose P is a proper prime ideal of R which factorizes in S as e1 ··· er PS = Q1 Qr

where Qi are distinct primes of S and ei = ordQi (PS) is the highest power of Qi dividing PS. The set of primes Q1, ··· ,Qr as well as the integers ei are uniquely determined by unique factorization. The number ei is called the ramification index of Qi over P . We say that the prime P ramifies in S if ei > 1 for some i. The quotients λi = S/Qi and κ = R/P are finite integral domains, hence finite fields. Moreover κ is a subfield of λi, since Qi ∩ R = P . The degree of the extension fi = [λi : κ] is called the local degree (or inertial degree) of Qi over P . We also write ei = e(Qi|P ) and fi = f(Qi|P ). Clearly e(Q|P ) and f(Q|P ) are multiplicative in towers, i.e. if K ⊆ L ⊆ M are extensions and P ⊆ Q ⊆ T are primes in the corresponding number rings then f(T |P ) = f(T |Q)f(Q|P ) and e(T |P ) = e(T |Q)e(Q|P ) With these notations we have the following fundamental formulae governing how the primes might split. 35 ∑ r 11.17. Theorem. One has i=1 eifi = n.

Proof. Note that, since S/Qi is a vector space of dimension fi over R/P , one has ||Qi|| = || ||fi e1 ··· er P . Taking norm on both sides of the equation, PS = Q1 Qr and using the multi- plicativity of the norm of ideals we get ∏r ∏r ei fi ei P eifi ||PS|| = ||Qi|| = (||P || ) = ||P || i . i=1 i=1 Now the theorem follows from the following proposition.  11.18. Proposition. One has ||PS|| = ||P ||n. Proof. Note that S/P S is a vector space over κ = R/P . We want to show that dimκ(S/P S) = n. Given w ∈ S, letw ¯ denote its reduction modulo PS. Pick elements w1, ··· , wm of S such thatw ¯1, ··· , w¯m form a basis of S/P S over R/P . We shall show that w1, ··· , wm infact forms a basis of L/K. This will prove what we want. ··· ∈ First we show linear independence. If possible, suppose there exists a1, ,∑ am K, atelast one of them non-zero, such that we have a non-trivial∑ dependence relation i aiwi = 0. Then we shall show that there is a dependence relation biwi = 0 where all bi ∈ R but atleast one bi ∈/ P . Reducing coefficients modulo PS this would lead to a contradiction, since thew ¯i are linearly independent over R/P . By cleaing denominator, if necessary, we may assume that each ai ∈ OK . Let A be the ideal generated by a1, ··· , am. We are done if some ai ∈/ P . Otherwise A ⊆ P . But ∈ −1 \ −1 ∈ ∈ then,∑ we choose b A A P and observe that each bai R, but some bai / PS. Then (bai)wi = 0 is a dependence relation of the desired form. One can show that w1, ··· , wm generates L/K by a standard commutative algebra tool, called Nakayama’s lemma. Let

M = Rw1 + ··· + Rwm ⊆ S.

Since S is finitely generated, even over Z we can write S = M + Rz1 + ··· + Rzk for finitely many elements zi ∈ S. Since w1, ··· , wm generate S/P S over R/P , we have S = M + PS. Thus we can write each zi as ∑ zi = tijzj + mi j

for some tij ∈ P and mi ∈ M. In other words, the entries of the matrix ((I − tij))⃗z are in M. Multiplying by the adjoint of the matrix ((I − tij)) we get that dzi ∈ M where d = det((I − tij)) ∈ R. Since tij ∈ P , we have d ≡ 1 mod P , so d ≠ 0. So each zi can be written as a linear combination of wi’s with coefficients from K. Given y ∈ L, there is an integer h ∈ Z such that hy ∈ S. We can write hy as a linear combination of wi’s with coefficients from K, so the same can be done for y. This proves that w1, ··· , wm generate L/K.  Now we collect the properties of the norm of an ideal.

11.19. Theorem. (a) Let I and J be ideals in OK . Then ||I||||J|| = ||IJ||. n (b) Let [L : K] = n and I be an ideal in OK . Then ||IOL|| = ||I|| . (c) For a ∈ OK , one has ||aOK || = N(a). 36 Proof. (a) has already been proved. We proved (b) above for prime ideals, the general case follows by unique factorization into primes. It remains to prove (c). Let S be a normal extension of Q containing K. Let T be the ring of integers of S. Let d = [M : K]. For each embedding σ : K → C we have ||σ(a)T || = ||aT ||. (Since σ extends to an∏ automorphism K ||·|| nd | | || || of T ). Let m = NQ (a). Since is multiplicative, we have m = mT = σ σ(a)T = ||aT ||n = (||aR||d)n. The result follows. 

Let K be a algebraic number field and R = OK . Let a be an algebraic integer with minimal irreducible polynomial g ∈ R[x]. Let L = K[a] = F [x]/(g) and S = OL. The following theorem gives a way to compute the splitting of all but finitely many primes of K in L. 11.20. Theorem. Let P be a prime ideal in R and let κ = R/P . Given a polynomial f ∈ R[x] ¯ let f denote its image in κ[x] obtained by reducing coefficients modulo P . Suppose gi are monic polynomials in R[x] such that g¯(x) factors in κ[x] as e1 ··· er g¯ =g ¯1 g¯r

where g¯i are distinct monic irreducible factors. Let (p) = P ∩ Z and suppose p - |S/R[a]|. e1 ··· er Then the prime factorization of PS is given by PS = Q1 Qr where Qi = PS + (gi(a)). Further f(Qi|P ) = deg(gi).

Proof. Let R/P = κ ≃ Fq and fi = deg(gi). We shall show: ≃ F | (1) Either Qi = S or S/Qi qfi , so Qi are primes above P and f(Qi P ) = fi. (2) One has Qi + Qj = S if i ≠ j. e1 ··· er ⊆ (3) One has Q1 Qr PS. First we finish the proof assuming (1), (2) and (3). By renaming the indices if necessary suppose Q1, ··· Qs are the proper primes, s ≤ r and Qs+1 = ··· = Qr = S. By (2) the primes ··· | e1 ··· es Q1, Qs are distinct. Now (3) implies PS Q1 Qs , so PS has a prime factorization d1 ··· ds ≤ ≤ | ∑of the form PS = Q1 Qs for some s r and di ei and f(Qi P ) = fi. Then one has s e1 ··· er ∑i=1 difi = n. On the other hand equating degrees on both sides ofg ¯ =g ¯1 g¯r we get s i=1 eifi = n. This forces r = s and di = ei. (note that g, gi are monic, so degree does not change when one reduces coefficients modulo p). Now we prove (1), (2) and (3). (1) On one hand we have the isomorphisms ≃ ≃ F R[x]/(P, gi) κ[x]/(g ¯i) qfi

So (P, gi) is a maximal ideal in R[x]. On the other hand we have a homomorphism

ψ : R[x] → S/Qi defined by ψ(x) = a mod Qi. From the definition of Qi we see that ker(ψ) contains (P, gi). Now note that ψ is onto because R[a] + Qi = S. (Infact one already has R[a] + pS = S, since the index |S/(R[a] + pS)| divides both |S/R[a]| and |S/pS|. But as p - |S/R[a]| by [L:Q] our assumption, the |S/R[a]| and |S/pS| = p are relatively prime.) So either Qi = S or ker(ψ) is a proper ideal, hence equal to (Pi, g). This proves (1). (2) Sinceg ¯i are distinct irreducible polynomials in κ[x], there exists h, k ∈ R[x] such that ¯ ¯ g¯ih +g ¯jk = 1 in κ[x]. In other words the coefficients of gi(x)h(x) + gj(x)k(x) − 1 are in P , ≡ ∈ so gi(a)h(a) + gj(a)k(a∏) 1 mod PS. Thus 1 (P, gi(a), gj(a))∏ = Qi + Qj, proving (2). ei − ei − ∈ (3) The polynomial∏ i gi (x) g(x) has coefficients in P , so i gi (a) g(a) PS. But ei ∈ e1 ··· er ⊆ e1 ··· er ⊆  g(a) = 0. So i gi (a) PS. One has Q1 Qr PS + (g1 (a) gr (a)) PS. 37 Now assume that L/K is a normal extension, i.e. each embedding of L into C fixing K is an automorphism of L. The group of automorphisms of L fixing K is called the Galois group L/K and is denoted by Gal(L/K) The order of the group Gal(L/K) is the same as the seperable degree and hence the degree of the extension. 11.21. Proposition. Suppose L/K is a normal extension of degree n. Let G = Gal(L/K). ′ (a) Let P be a prime in OK and let Q, Q be two primes in OL lying over P . Then there exists an element σ ∈ G such that σ(Q) = Q′ (b) Thus the ramification indices and local degrees of each Q lying over P is the same. In other words, there exists positive integers r, e and f such that the prime factorization of e the ideal PS in OL has the form PS = (Q1 ··· Qr) , for primes Q1, ··· ,Qr in OL and [OL/Qi : OK /P ] = f for each i and ref = n. Proof. Suppose Q′ ≠ σ(Q) for all σ ∈ G. By chinese remainder theorem we can find an a ′ − such that a ≡ 0 mod∏Q and a ≡ 1 mod σ(Q) for each σ ∈ G. Then σ 1(a) ∈/ Q, for each ∈ L −1 ∈ ∈ L ∈ ′ ∩ O ⊆ σ G. So NK (a) = σ∈G σ (a) /∏Q too. So N(a) / Q. But∏ NK (a) Q K = P Q ∈ ′ −1 ∈ ∩ A O which is a contradiction. (Recall: σ∈G σ(a) Q because σ=1̸ σ(a) = a L = L and a ∈ Q′ ). Part (b) follows from part (a).  11.22. Let G = Gal(L/K) be the Galois group of the normal extension L/K of number fields. Let R = OK and S = OL. Let P be a prime in R and fix a prime Q of S above R. Let κ = R/P and λ = S/Q be the residue fields. Each prime of S above P have the local e degree, equal to f = [λ : κ]. One has P = (Q1 ··· Qr) where Q1, ··· ,Qr are all the primes above P and ref = n = [L : K]. The Galois group G acts on the primes above P . The stabilizer of Q is called the decomposition group of Q/P . D = {σ ∈ G: σ(Q) = Q}

D Since G acts transitively on the primes Q = Q1, ··· ,Qr, |D| = |G|/r = ef. Let L be D the fixed field of D and SD be its ring of integers. The extension L/L is Galois with Galois group D. Let QD = Q ∩ SD be a prime in SD below Q. Then D should act transitively on the primes above QD, but D fixes Q. So Q is the only prime of S above D QD. So e(Q|QD)f(Q|QD) = [L : L ] = ef. On the other hand, by multiplicativity of the ramification index and local degree in towers one has e(Q|QD) ≤ e and f(Q|QD) ≤ f, so equality must hold in both places. Using the multiplicativity of the ramification index and local degree again, one gets, e(QD|P ) = f(QD|P ) = 1. We have a homomorphism η : D → Gal(λ/κ) defined by σ(x) =x ˜ mod Q, wherex ˜ is any lift of x in S (The map is well defined since σ(Q) = Q). The kernel E = ker(η) is a normal subgroup of D, called the inertia group of Q over P . Clearly E = {σ ∈ G: σ(x) ≡ x mod Q for all x ∈ S}. E Let SE be the ring of integers of L and QE = Q ∩ SE. Given θ ∈ S/Q pick a lift α in S and consider the polynomial ∏ f(x) = (x − σ(α)). σ∈E 38 E The polynomial is fixed by the Galois group E of L/L and hence has coefficients in SE. Reducing coefficients modulo Q one sees that ¯ |E| f(x) ≡ (x − θ) ∈ SE/QE[x]. ¯ ¯ Thus any element of the Galois group of S/Q over SE/QE fixes f, so takes θ to a root of f. ¯ But the only root of f is θ. So the Galois group of S/Q over SE/QE is equal to the identity, i.e. S/Q ≃ SE/QE. So f(Q/QE) = 1. Note that, since E is a normal subgroup of D, LE is a Galois extension of LD with Galois E group D/E. From multiplicativity of f it follows that f(QE/QD) = f, so |D/E| = [L : LD] ≥ f. On the other hand D/E injects into Gal(λ/κ) which has order f. This forces [LD : LE] = f and D/E ≃ Gal(λ/κ), i.e. the map η : D → Gal(λ/κ) is onto with kernel equal to E. Summarizing we have the following picture:

degree : r f e

K ⊆ LD ⊆ LE ⊆ L

R ⊆ SD ⊆ SE ⊆ S

P ⊆ QD ⊆ QE ⊆ Q

e(QD|P ) = 1 e(QE|QD) = 1 e(Q|QE) = e

f(QD|P ) = 1 f(QE|QD) = f f(Q|QE) = 1

Suppose P is an prime in R that does not ramify in S, i.e. the inertia group E = (id). Then D ≃ Gal(λ/κ). Let q = ||P ||. Then κ ≃ Fq and λ ≃ Fqf . The Galois group of λ/κ is the cyclic group of order f generated by the automorphism x 7→ xq. The preimage of this automorphism in D is called the frobenius automorphism of Q/P . It is the unique automorphism ϕ of L/K such that ϕ(a) ≡ a||P || mod Q for all a ∈ S. SPLITTING OF RATIONAL PRIMES√ IN QUADRATIC EXTENSIONS OF Q Q Let d be a squarefree integer and√F = [ d]. Let R be the ring of integers of F . Recall√ ≡ Z 1+ d ≡ Z that if d 1 mod 4 then R = [ 2 ] and δF = d. If d 2 or 3 mod 4 then R = [ d] Q and δF =√ 4d. The extension√ F/ is normal with a Galois group of order 2 generated by σ : a + b d 7→ a − b d. 11.23. Theorem. Let p be a prime number in Z and P be a prime of R lying over p. (a) If p - δF then p is not ramified. So One( has) only the following two possiblities: (i) One has pR = P if either p is odd and d = 1 or if p = 2 and d ≡ 1 mod 8. p ( ) ̸ d − (ii) One has pR = P σ(P ), with P = σ(P ) if either p is odd and p = 1 or if p = 2 and d ≡ 5 mod 8. 2 (b) If p | δF then p is ramified in F , i.e. pR = P . 39 SPLITTING OF RATIONAL PRIMES IN CYCLOTOMIC EXTENSIONS 2πi/m Let m be a positive integer and ζm = e . Let F = Q[ζm] and R be its ring of integers. 2πir/m ∗ Recall that ζm has ϕ(m) conjugates, namely e , with r ∈ (Z/mZ) . An embedding of F into C is specified by sending ζm to one of its conjugates, which is again in F . Thus F/Q is a normal extension of degree ϕ(m), and its Galois group is isomorphic to (Z/mZ)∗. An 7→ r isomorphism is given by sending the automorphism ζm ζm to r mod m. Fix a prime number p ∈ Z. We want to describe how p splits in F .

11.24. Lemma. Suppose p - m. Then there is an automorphism σp of F = Q[ζ] that satisfies p σp(w) = w mod pR for all w ∈ R. The order of the automorphism σp is equal to the order of p in Z/mZ, i.e. it is the smallest positive integer f such that pf ≡ 1 mod n. p Z ∈ Proof.∑Define σp by σp(ζm) = ζm. Recall that R = [ζm] So any w R can be written as w = a ζi with a ∈ Z. Since ap ≡ 1 mod p for each a ∈ Z, one has i m i ∑ ∑ ∑ ip ≡ p ip ≡ i p σ(w) = aiζm ai ζm ( aiζm) mod pR

Next, observe that the order of the automorphism σp is the smallest number f such that pf f ≡  ζm = ζm, i.e. the smallest positive integer f such that p 1 mod m. 11.25. Theorem. Suppose p - m. Then pR factors into a product of r distinct primes each with local degree f, and f is the smallest positive integer such that pf ≡ 1 mod m and r = ϕ(m)/f. ϕm Proof. Recall that ∆F is a factor of m , so is relatively prime to p. So p does not ramify in F . Let Q1, ··· ,Qr be the primes in R lying over p. Since the extension F/Q is normal each Qi has the same local degree, say f1 and we have rf1 = ϕ(m). Thus we have to f1 show that f = f1. Note that R/Q1 is a finite field of order p . So each w ∈ R satisfies pf1 w ≡ w mod Q1, and f1 is the smallest number with this property. On the other hand, f ≡ pf ∈ ≤ since f is the order of σp, one has w = σ (w) w mod pR∏, for all w R. So f1 f. − i - For the other inequality, we start with the equation m = 1≤i≤m−1(1 ζm). Since p m ∩Z Z ∈ − i ∈ ≤ ≤ − and Q1 = p , one has m / Q1. But then 1 ζm / Q1 for 1 i m 1, which implies that 2 ··· m−1 pf1 ≡ the cosets of 1, ζm, ζm, , ζm in R/Q1 are distinct. But we have ζm ζm mod Q1. It f1 follows that p ≡ 1 mod m. But f is the smallest integer with this property, so f ≤ f1.  k Next we consider the case m = p , and describe how p factorizes in F = Q[ζpr ].

ϕ(pk) 11.26. Theorem. (1 − ζpk ) generates a prime ideal in R and pR = ((1 − ζpk )R) . (One says that p is totally ramified.) ∏ − j − Proof. Recall that p = ∈ Z rZ ∗ (1 ζpr ). Factoring out (1 ζpk ) from each factor one gets, j ( /p ) ∏ − ϕ(pk) ··· j−1 p = (1 ζpk ) (1 + ζpr + + ζpr ) j∈(Z/prZ)∗ ··· j−1 −1 − j − k Let uj = (1 + ζpk + + ζpk ). One has Uj = (ζpk 1)/(ζpk 1). Since (p , j) = 1, there ≡ k −1 jh − j − ∈ Z is a positive integer h such that jh 1 mod p , so uj = (ζpk 1)/(ζpk 1) [ζpk ]. Thus − ϕ(pk) each uj is an unit in R and we have∑ p = u(1 ζpk ) . But then the degree of the extension Q k r − F/ is ϕ(p ), so the equation i=1 eifi = n implies that (1 ζpk ) cannot have a further proper prime factorization, i.e. that it is a prime.  40 k Now, in the general case, let m = p n where p - n. Let F = Q[ζm] and R be its ring of integers. Then one has e k 11.27. Theorem. The prime p factorizes in R as pR = (Q1 ··· Qr) where e = ϕ(p ). Each f Qi/p has local degree f where f is the smallest positive integer such that p ≡ 1 mod n. Furthermore r = ϕ(n)/f. e′ Proof. Let pZ[ζm] = (Q1 ··· Qr′ ) be the prime factorization of p in Q[ζm] and each Qi has ′ local degree f over p. Note that Q[ζpk ] and Q[ζn] are subfields of Q[ζm] whose compositum is Q[ζm] and we know how p factorizes in these two subfields. Now Qi ∩ Z[ζpr ] is a prime above p and the only such prime is (1 − ζpk ). Since p is already k a ϕ(p )-th power of the prime (1 − ζpk ) in the subfield Q[ζpk ], and the ramification index ′ is multiplicative in towers,one must have e ≥ e. Again, each Qi ∩ Z[ζn] is is a prime lying above p, which has local degree f. Since the local degree is also multiplicative in towers ′ f ≥ f. Moreover, in Z[ζn], there are r primes lying over p, and each of them have atleast Z ′ ≥ one∑ prime above them in [ζm], r r. Combining these with the fundamental equation eifi = n we find ϕ(m) = e′f ′r′ ≥ efr = ϕ(pk)ϕ(n) = ϕ(m) The last equality is true because gcd(n, pk) = 1. But then all the inequalities must be equality, i.e. e = e′, f = f ′ and r = r′.  √ AN EXAMPLE OF PRIME SPLITTING Let a = 3 19 and ω = e2πi/3. The splitting field of x3 − 19 is L = Q[a, ω]. It is a Galois extension with Galois group S3. We describe how 3 splits in subfields of L. L = Q(a, ω) Q2Q2Q2 o PP u 1 2 3LL ooo PPP uu LL 2oo P3P uu LL oo PP uu LLL ooo PP uu L Q Q 2 − 2 F = (aO) M = (ω) P Q J (1 ω) OOO nnn JJ qq OOO nnn JJ qqq OO nn JJJ qq 3 OOO nnn 2 JJ qq OO nnn J qqq Q 3 The element b = (1 + a + a2)/3 has minimal polynomial g(x) = x3 − x2 − 6x − 12, so 2 2 b ∈ OF . (Infact {1, a, b} is an integral basis of OF and ∆F = −3.19 . Also ∆(1, b, b ) = 2 2 −2 .3.19 , so 3 - |OF /Z[b]| = 2.) So the factorization of 3OF can be calculated using 2 g(x) ≡ x (x − 1) mod 3. Consider the ideals P = (3, b) and Q = (3, b − 1) of OF . 2 One can check by direct calculation that 3OF = P Q. It is easy to see that P and Q are proper ideals. (If P = (1), then 3 | b − 1 in OF , but N((b − 1)/3) ∈/ Z. If Q = (1), then 2 3OF = P , so P is proper and each prime in OF above 3 have even ramification index, which is not possible as [F : Q] = 3). Also note that P + Q = (1). It follows that P and Q are 2 distinct primes and 3OF = P Q is prime decomposition of 3 in OF . Now let Q1, ··· ,Qr be the primes above 3 in OL. Each Qi lie above (1 − ω) and have same ramification index and local degree, say e and f. We have r ≥ 2 and ref = 3, implying O 2 2 2 | | r = 3. So 3 L = Q1Q2Q3 is the prime factorization and e(Qi 3) = 2, f(Qi 3) = 1. Suppose Q3 ∩ OF = Q. Then e(Q3|Q) = 2, so Q3 is the only prime in OL above Q. It follows Q1 ∩OF = Q2 ∩OF = P . So P must factor in OL as P OL = Q1Q2. Since Gal(L/F ) = Z/2Z acts transitively on the primes above P and on primes above Q, it fixes Q3 and interchanges D Q1 and Q2. So D = D(Q3|P ) ⊇ Gal(L/F ). But |D| = 2, so F = L . 41 12. Minkowski theory and Dirichlet’s unit theorem A subgroup of Rn generated by a basis∑ of Rn will be called a lattice. Let Λ be a lattice in Rn. ··· { ≤ } If v1, , vn is a basis of Λ, then F = i civi : 0 ci < 1 is a fundamental parallelopiped of Λ. One has Rn/Λ ≃ F , i.e. the vector space Rn is disjoint union of the translates x+F , for x ∈ Λ. For a lattice Λ, let vol(Λ) be the Euclidean volume of a fundamental parallelopiped F of Λ. If Γ is a sublattice of Λ then one has Vol(Γ) = |Λ/Γ|. Vol(Λ). The basic trick of the trade is the following result, called Minkowski’s lattice point theorem. 12.1. Lemma (Minkowski’s lattice point theorem). Let Λ be a lattice in Rn. Suppose E is a measurable, convex, centrally symmetric subset of Rn such that vol(E) > 2n vol(Λ). Then E contains a non-zero point of Λ. Further, if E is compact, we can weaken the assumption to vol(E) ≥ 2n vol(Λ)

1 1 Proof. Let F be a fundamental parallelopiped of Λ. Look at 2 E, vol( 2 E) > vol(F ). If we 1 translate the intersections of 2 E with the parallelopipeds x + F back to F (by subtracting x), the volumes of these pieces add upto vol(E), which is more than vol(F ). So there must ∼ 1 → Rn → Rn −→ be some overlap. (More precisely the composite map 2 E /Λ F cannot be ∈ 1 − ∈ ∈ injective.) So, there must exist distinct elements x, y 2 E with x y Λ. Since 2y E and − ∈ − ∈ 1 − ∈ E is centrally symmetric, 2y E. Since 2x, 2y E, and E is convex 2 (2x + ( 2y)) E too. Thus we get 0 ≠ x − y ∈ E ∩ Λ.  12.2. Let K be a number field, [K : Q] = n. Suppose K has r real and 2s complex embeddings. Let τ1, ··· , τr be the real embeddings, and τr+1, ··· , τr+2s be the complex embeddings, where (τr+2j−1, τr+2j) are complex conjugate pairs. Let KC be the n dimensional complex vector space whose co-ordinates are indexed by τ ∈ Hom(K, C). We shall write a ··· vector of KC in co-ordinates as (xτ ) = (xτ1 , , xτn ). Let KR be the real n dimensional real subspace of KC consisting of those vectors (xτ ) such thatx ¯τ = xτ¯ for each embedding τ. Using the embeddings we define a map j : K → KR, written as a 7→ j(a) = (aτ ), where aτ = τ(a). Let R be the ring of integers of K. Fix an integral basis a1, ··· , an of R Since Λ is an additive homomorphism j(R) = j(a )Z + ··· + j(a )Z √ 1 n One has |det(j(a1), ··· , j(an))| = |∆K |. Thus j(a1), ··· , j(an) is a basis of KR. 12.3. Definition. Thus as an additive group, the ring of integers R is isomorphic to the lattice j(R) in the vector space KR. An ideal I of R gives a sublattice of j(R) of index ||I||. n We can identify KR with the standard euclidean space R by

(x1, ··· , xr, z1, z¯1, ··· , zs, z¯s) 7→ (x1, ··· , xr, Re(z1), Im(z1), ··· , Re(zs), Im(zs)). (21) n When we speak of volume in KR we mean√ the standard Euclidean volume in R via the 1 | | || || above identification. We have vol(j(R)) = 2s ∆K and vol(j(I)) = I vol(j(R)). Define a norm on KR by ∏ N(xτ ) = |xτ | τ K It is immidiate that, for a ∈ K, one has N(j(a)) = |NQ (a)|. The following is a easy corollary of Minkowski’s lattice point theorem. 42 12.4. Corollary. Suppose there is a compact, convex, centrally symmetric set A with vol(A) > 0 such that a ∈ A implies N(a) ≤ 1. Then every n dimensional lattice contains a non-zero point x with |N(x)| ≤ 2n vol(Λ)/ vol(A). n n vol(Λ)  Proof. Apply Minkowski’s lattice point theorem with E = tA where t = 2 vol(A) . Applying this corollary to the right kind of A we get the following theorem. For our purpose, this is the main consequence of the lattice point theorem.

12.5. Theorem. There exists an absolute constant c, such that all lattice Λ in KR contains a non-zero element x with ≤ N(x) c. vol(Λ). ( ) s n! 8 s One can easily show that c = (4/π) works. A better constant is given by c = nn π . n Proof. For this lemma we identify KR with R via the identification in equation (??) and work in Rn. Take A ⊆ Rn to be defined by the product of segments and circles defined by the inequalities | | ≤ ··· | | ≤ 2 2 ≤ ··· 2 2 ≤ x1 1, , xr 1, (xr+1 + xr+2) 1, , (xn−1 + xn) 1 Then vol(A) = 2rπs. From the lemma ?? one gets that every lattice Λ contains a x ≠ 0 with | | ≤ 4 s N(x) ( π ) vol(Λ). ( ) The refined constant c = n! 8 s is obtained by taking A defined by the single inequality nn π √ √ | | ··· | | 2 2 ··· 2 2 ≤ x1 + + xr + 2( xr+1 + xr+2 + + xn−1 + xn) n. The fact that elements of A has norm less than or equal to 1 is a consequence of the inequality stating that arithmetic mean is greater than the geometric mean. The result follows by computing the volume of A, which is an exercise in multiple integration. 

12.6.( ) Corollary.√ (a) Every non-zero ideal in R contains a ≠ 0 with |N(a)| ≤ n! 4 s | ||| || nn π ∆K I . ( ) √ || || ≤ n! 4 s | | (b) Every ideal class of R contains an ideal J with J nn π ∆K . Proof. (Part) (a) follows from applying the theorem above to the lattice j(I) ∈ KR with c = n! 8 s and recalling that nn π √ s vol(j(I)) = |j(R)/j(I)| vol(j(R)) = ||I|| |∆K |/2 .

(b) Let C be any ideal class. Fix an ideal√ I in the inverse class of C. By part (a), there ∈ ≤ c | ||| || ⊆ exists an element a I with N(x) 2s ∆K I . Since aR I, there exists an ideal J with IJ = aR. Necessarily J ∈ C and N(a) = ||aR|| = ||I||||J||. Part (b) follows. 

12.7. Lemma. Given a constant λ there are only finitely many ideals I in OK with ||I|| ≤ λ. Proof. If I is an ideal with ||I|| = m then I ⊇ mR, and already the number of abelian groups between R and mR is finite.  Since each ideal class contains an ideal with norm less than a fixed constant, and there are only finitely many ideals in OK with norm less than any given constant, one has 12.8. Theorem. The ideal class group Cl(K) is finite. 43 12.9. Remark.√ Notice that we have shown,√ each ideal class contains an ideal J with ||J|| ≤ n! 4 s nn ( π ) ∆K . The constant in front of ∆R, called Minkowski’s constant, gets small quickly as n increases. Thus if we are looking for ideals generating the class group, the inequality lets us restrict our search to ideals of small norms, which sometimes lets one to determine the class group.

12.10. Next we shall prove the Dirichlet’s unit theorem. If x = (xτ ), y = (yτ ) ∈ KR let x.y denote the element of K with co-ordinates (x.y)τ = (xτ yτ ). The point of the definition is, that if x, y ∈ K, then Λ(xy) = Λ(x).Λ(y). For ease of notation we shall from now on identify K with its image in the vector space KR, consequently R with the lattice ΛR, etc. Let U denote the set of units in R. Let S be the subset of the vector space KR consisting of elements x with N(x) = ±1. Under the identification K → KR, one has U ⊆ S. We define r+s a map KR to R . ··· ··· | | ··· | | | |2 ··· | |2 l(x1, , xr; z1, z¯1, , zs, z¯s) = (log x1 , , log xr ; log( z 1), , log( z s)). For a, b ∈∑KR one has l(ab) = l(a) + l(b). Note that l(S) is contained in the hyperplane r+s r+s−1 H = {y : yi = 0} of R , i.e. H ≃ R . 12.11. Lemma. The kernel of l : U → H is a finite cyclic group consisting of the roots of unity in K. (Follows from the Kornecker’s theorem proved in Homework). We shall show that the image of U under l is a lattice in H. More precisely, one has,

12.12. Theorem (Dirichlet’s unit theorem). The group of units in OK is a direct product of the finite cyclic group consisting of the roots of K and a free abelian group of rank r + s − 1. Proof. Step 1: We claim that every bounded region containing a neighbourhood of the origin in H contains (the image of) a finitely many units. It follows that l(U) is discrete in H. Let X be any such region. If the co-ordinates of points of X are within [−t, t] then the the preimage l−1(X) is contained in a disc of radius et around origin, i.e. is bounded, so it contains finitely many points of R, in particular of U. So l(U) = Zu1 + ··· + Zum for some m ≤ r + s − 1. The main task is to show that m = r + s − 1. This follows from the following claim: Step 2: H is covered by the translates of a bounded region by the (image∏ of) units.√ For 2 s | | each τ Choose positive real numbers cτ such that cτ¯ = cτ and C = cτ > ( π ) ∆K . Let X be the subset of KR defined by the inequalities |xτ | ≤ cτ for all τ. Then vol(X) = r s n 2 π C > 2 vol(ΛR). Let z ∈ S. Consider the set Xz = {z.x: x ∈ X}. Then Xz is defined by inequalities ′ | | similar to x, with cτ replaced by cτ = cτ zτ . It follows that vol(Xz) = vol(X)N(z)∏ = vol(X). ∈ ≤ Thus Xz contains a nonzero element a of ΛR. Since a Xz, one has N(a) = τ τ(a) CN(z) = C. Let a1, ··· , ak be the generators for principal ideals of norm upto C. Then − − ∈ −1 ∈ ai 1 ∪k 1 aR = aiR for some R. Now a Xz if and only if z a Xai . Letting Y = i=1Xai , we −1 ∈ ai −1 ∈ ∩ have z a Y . In other words, we have l(z ) l(ai/a) + l(Y S) where ai/a is an unit and Y ∩ S is a bounded set of H. Now the proof is complete once we note that z−1 varies over S as z varies over S. (Or simply start with x−1 instead of z and repeat the argument). So the image of l is isomorphic to Zr+s−1 and the kernel is a finite cyclic group. The result now follows from structure theorem for finitely generated abelian groups. 

44