because gcd(J, I ) = (1). ™

3.4.5 The Ideal Class Group

Let I(R) be the group of nonzero fractional ideals of a Dedekind domain R. If P (R) is

the subset of I(R) consisting of all nonzero principal fractional ideals Rx, x ∈ K, then

P (R) is a subgroup of I(R). To see this, note that (Rx)(Ry)’1 = (Rx)(Ry ’1 ) = Rxy ’1 ,

which belongs to P (R). The quotient group C(R) = I(R)/P (R) is called the ideal class

group of R. Since R is commutative, C(R) is abelian, and we will show later that C(R)

is ¬nite.

3.4. SOME ARITHMETIC IN DEDEKIND DOMAINS 9

Let us verify that C(R) is trivial if and only if R is a PID. If C(R) is trivial, then

every integral ideal I of R is a principal fractional ideal Rx, x ∈ K. But I ⊆ R, so x = 1x

must belong to R, proving that R is a PID. Conversely, if R is a PID and I is a nonzero

fractional ideal, then rI ⊆ R for some nonzero r ∈ R. By hypothesis, the integral ideal

rI must be principal, so rI = Ra for some a ∈ R. Thus I = R(a/r) with a/r ∈ K, and

we conclude that every nonzero fractional ideal of R is a principal fractional ideal.

Problems For Section 3.4

We will now go through the factorization of an ideal in a number ¬eld. In the next chapter,

we will begin to develop the necessary background, but some of the manipulations are

accessible to us now. By (2.3.11), the ring B of algebraic integers of the number ¬eld

√ √

Q( ’5) is Z[ ’5]. (Note that ’5 ≡ 3 mod 4.) If we wish to factor the ideal (2) = 2B

of B, the idea is to factor x2 + 5 mod 2, and the result √ x2 + 5 ≡ (x + 1)2 mod 2.

is

√

Identifying x with ’5, we form the ideal P2 = (2, 1 + ’5), which turns out to be

prime. The desired factorization is (2) = P2 . This technique works if B = Z[±], where

2

√

the number ¬eld L is Q( ±).

√

1. Show that 1 ’ ’5 ∈ P2 , and conclude that 6 ∈ P2 . 2

2. Show that 2 ∈ P2 , hence (2) ⊆ P2 √

2 2

.

√

3. Expand P2 = (2, 1 + ’5)(2, 1 + ’5), and conclude that P2 ⊆ (2).

2 2

4. Following the technique suggested in the above problems, factor x2 + 5 mod 3, and √

conjecture that the prime factorization of (3) in the ring of algebraic integers of Q( ’5)

is (3) = P3 P3 for appropriate P3 and P3 .

5. With P3 and P3 as found in Problem 4, verify that (3) = P3 P3 .

Chapter 4

Factoring of Prime Ideals in

Extensions

4.1 Lifting of Prime Ideals

Recall the basic AKLB setup: A is a Dedekind domain with fraction ¬eld K, L is a ¬nite,

separable extension of K of degree n, and B is the integral closure of A in L. If A = Z,

then K = Q, L is a number ¬eld, and B is the ring of algebraic integers of L.

4.1.1 De¬nitions and Comments

Let P be a nonzero prime ideal of A. The lifting (also called the extension) of P to B is

the ideal P B. Although P B need not be a prime ideal of B, we can use the fact that B

is a Dedekind domain [see (3.1.3)] and the unique factorization theorem (3.3.1) to write

g

Piei

PB =

i=1

where the Pi are distinct prime ideals of B and the ei are positive integers [see (3.3.2)].

On the other hand, we can start with a nonzero prime ideal Q of B and form a prime

ideal of A via

P = Q © A.

We say that Q lies over P , or that P is the contraction of Q to A.

Now suppose that we start with a nonzero prime ideal P of A and lift it to B. We

will show that the prime ideals P1 , . . . , Pg that appear in the prime factorization of P B

are precisely the prime ideals of B that lie over P .

4.1.2 Proposition

Let Q be a nonzero prime ideal of B. Then Q appears in the prime factorization of P B

if and only if Q © A = P .

1

2 CHAPTER 4. FACTORING OF PRIME IDEALS IN EXTENSIONS

Proof. If Q © A = P , then P ⊆ Q, hence P B ⊆ Q because Q is an ideal. By (3.3.5), Q

divides P B. Conversely, assume that Q divides, hence contains, P B. Then

P = P © A ⊆ P B © A ⊆ Q © A.

But in a Dedekind domain, every nonzero prime ideal is maximal, so P = Q © A. ™

4.1.3 Rami¬cation and Relative Degree

g

If we lift P to B and factor P B as i=1 Piei , the positive integer ei is called the rami¬cation

index of Pi over P (or over A). We say that P rami¬es in B (or in L) if ei > 1 for at

least one i. We will prove in a moment that B/Pi is a ¬nite extension of the ¬eld A/P .

The degree fi of this extension is called the relative degree (or the residue class degree, or

the inertial degree) of Pi over P (or over A).

4.1.4 Proposition

We can identify A/P with a sub¬eld of B/Pi , and B/Pi is a ¬nite extension of A/P .

Proof. The map from A/P to B/Pi given by a + P ’ a + Pi is well-de¬ned and injective,

because P = Pi © A, and it is a homomorphism by direct veri¬cation. By (3.1.2), B is a

¬nitely generated A-module, hence B/Pi is a ¬nitely generated A/P -module, that is, a

¬nite-dimensional vector space over A/P . ™

4.1.5 Remarks

The same argument, with Pi replaced by P B, shows that B/P B is a ¬nitely generated

A/P -algebra, in particular, a ¬nite-dimensional vector space over A/P . We will denote

the dimension of this vector space by [B/P B : A/P ].

The numbers ei and fi are connected by an important identity, which does not seem

to have a name in the literature. We will therefore christen it as follows.

4.1.6 Ram-Rel Identity

g

ei fi = [B/P B : A/P ] = n.

i=1

Proof. To prove the ¬rst equality, consider the chain of ideals

B ⊇ P 1 ⊇ P 1 ⊇ · · · ⊇ P1 1

e

2

⊇ P 1 1 P 2 ⊇ P 1 1 P 2 ⊇ · · · ⊇ P 1 1 P2 2

e e e e

2

⊇ · · · ⊇ P1 1 · · · Pg g = P B.

e e

By unique factorization, there can be no ideals between consecutive terms in the sequence.

(Any such ideal would contain, hence divide, P B.) Thus the quotient β/βPi of any two

4.1. LIFTING OF PRIME IDEALS 3

consecutive terms is a one-dimensional vector space over B/Pi , as there are no nontrivial

proper subspaces. (It is a vector space over this ¬eld because it is annihilated by Pi .)

But, with notation as in (4.1.5), [B/Pi : A/P ] = fi , so [β/βPi : A/P ] = fi . For each i,

we have exactly ei consecutive quotients, each of dimension fi over A/P . Consequently,

g

[B/P B : A/P ] = i=1 ei fi , as claimed.

To prove the second equality, we ¬rst assume that B is a free A-module of rank n. By

(2.3.8), this covers the case where A is a PID, in particular, when L is a number ¬eld. If

x1 , . . . , xn is a basis for B over A, we can reduce mod P B to produce a basis for B/P B

n

over A/P , and the result follows. Explicitly, suppose i=1 (ai +P )(xi +P B) = 0 in B/P B.

n

Then i=1 ai xi belongs to P B, hence can be written as j bj yj with bj ∈ B, yj ∈ P .

Since bj = k cjk xk with cjk ∈ A, we have ak = j cjk yj ∈ P for all k.

The general case is handled by localization. Let S = A\P , A = S ’1 A, B = S ’1 B. By

(1.2.6), (1.2.9), and the Dedekind property (every nonzero prime ideal of A is maximal),

it follows that A has exactly one nonzero prime ideal, namely P = P A . Moreover, P

is principal, so A is a discrete valuation ring, that is, a local PID that is not a ¬eld. [By

unique factorization, we can choose an element a ∈ P \(P )2 , so (a) ⊆ P but (a) ⊆ (P )2 .

Since the only nonzero ideals of A are powers of P (unique factorization again), we have

(a) = P .] Now B is the integral closure of A in L, so B is the integral closure of A in

S ’1 L = L. [The idea is that we can go back and forth between an equation of integral

dependence for b ∈ B and an equation of integral dependence for b/s ∈ B either by

introducing or clearing denominators.] We have now reduced to the PID case already

analyzed, and [B /P B : A /P A ] = n.

g

Now P B = i=1 Piei , and Pi is a nonzero prime ideal of B not meeting S. [If

y ∈ Pi © S, then y ∈ Pi © A = P by (4.1.2). Thus y ∈ P © S, a contradiction.] By the

g

basic correspondence (1.2.6), we have the factorization P B = i=1 (Pi B )ei . By the PID

case,

g

n = [B /P B : A /P A ] = ei [B /Pi B : A /P A ].

i=1

We are ¬nished if we can show that B /Pi B ∼ B/Pi and A /P A ∼ A/P . The statement

= =

of the appropriate lemma, and the proof in outline form, are given in the exercises. ™

Problems For Section 4.1

We will ¬ll in the gap at the end of the proof of the ram-rel identity. Let S be a mul-

tiplicative subset of the integral domain A, and let M be a maximal ideal of A disjoint

from S. Consider the composite map A ’ S ’1 A ’ S ’1 A/MS ’1 A, where the ¬rst map

is given by a ’ a/1 and the second by a/s ’ (a/s) + MS ’1 A.

1. Show that the kernel of the map is M, so by the factor theorem, we have a monomor-

phism h : A/M ’ S ’1 A/MS ’1 A.

2. Let a/s ∈ S ’1 A. Show that for some b ∈ A we have bs ≡ 1 mod M.

3. Show that (a/s) + MS ’1 A = h(ab), so h is surjective and therefore an isomorphism.

Consequently, S ’1 A/MS ’1 A ∼ A/M, which is the result we need.

=

4 CHAPTER 4. FACTORING OF PRIME IDEALS IN EXTENSIONS

4.2 Norms of Ideals

4.2.1 De¬nitions and Comments

We are familiar with the norm of an element of a ¬eld, and we are going to extend the

idea to ideals. We assume the AKLB setup with A = Z, so that B is a number ring,

that is, the ring of algebraic integers of a number ¬eld L. If I is a nonzero ideal of B, we

de¬ne the norm of I by N (I) = |B/I|. We will show that the norm is ¬nite, so if P is a

nonzero prime ideal of B, then B/P is a ¬nite ¬eld. Also, N has a multiplicative property

analogous to the formula N (xy) = N (x)N (y) for elements. [See (2.1.3), equation (2).]

4.2.2 Proposition

Let b be any nonzero element of the ideal I of B, and let m = NL/Q (b) ∈ Z. Then m ∈ I

and |B/mB| = mn , where n = [L : Q].

Proof. By (2.1.6), m = bc where c is a product of conjugates of b. But a conjugate of an

algebraic integer is an algebraic integer. (If a monomorphism is applied to an equation

of integral dependence, the result is an equation of integral dependence.) Thus c ∈ B,

and since b ∈ I, we have m ∈ I. Now by (2.3.9), B is the direct sum of n copies of Z,

hence by the ¬rst isomorphism theorem, B/mB is the direct sum of n copies of Z/mZ.

Consequently, |B/mB| = mn . ™

4.2.3 Corollary

If I is any nonzero ideal of B, then N (I) is ¬nite. In fact, if m is as in (4.2.2), then N (I)

divides mn .

Proof. Observe that (m) ⊆ I, hence

B/(m) ∼

= I/(m). ™

B/I

4.2.4 Corollary

Every nonzero ideal I of B is a free abelian group of rank n.

Proof. By the simultaneous basis theorem, we may represent B as the direct sum of n

copies of Z, and I as the direct sum of a1 Z, . . . , ar Z, where r ¤ n and the ai are positive

integers such that ai divides ai+1 for all i. Thus B/I is the direct sum of r cyclic groups

(whose orders are a1 , . . . , ar ) and n ’ r copies of Z. If r < n, then at least one copy of Z

appears, and |B/I| cannot be ¬nite. ™

4.2.5 Computation of the Norm

Suppose that {x1 , . . . , xn } is a Z-basis for B, and {z1 , . . . , zn } is a basis for I. Each zi is

a linear combination of the xi with integer coe¬cients, in matrix form z = Cx. We claim

that the norm of I is the absolute value of the determinant of C. To verify this, ¬rst look

at the special case xi = yi and zi = ai yi , as in the proof of (4.2.4). Then C is a diagonal

4.2. NORMS OF IDEALS 5

matrix with entries ai , and the result follows. But the special case implies the general

result, because any matrix corresponding to a change of basis of B or I is unimodular, in

other words, has integer entries and determinant ±1. [See (2.3.9) and (2.3.10).]

Now with z = Cx as above, the discriminant of x is the ¬eld discriminant d, and the

discriminant of z is D(z) = (det C)2 d by (2.3.2). We have just seen that N (I) = | det C|,

so we have the following formula for computing the norm of an ideal I. If z is a Z-basis

for I, then

1/2

D(z)

N (I) = .

d

There is a natural relation between the norm of a principal ideal and the norm of the

corresponding element.

4.2.6 Proposition

If I = (a) with a = 0, then N (I) = |NL/Q (a)|.

Proof. If x is a Z-basis for B, then ax is a Z-basis for I. By (2.3.3), D(ax) is the square

of the determinant whose ij entry is σi (axj ) = σi (a)σi (xj ). By (4.2.5), the norm of I is

|σ1 (a) · · · σn (a)| = |NL/Q (a)|. ™

In the proof of (4.2.6), we cannot invoke (2.3.2) to get D(ax1 , . . . , axn ) = (an )2 D(x1 , . . . , xn ),

because we need not have a ∈ Q.

We now establish the multiplicative property of ideal norms.

4.2.7 Theorem

If I and J are nonzero ideals of B, then N (IJ) = N (I)N (J).

Proof. By unique factorization, we may assume without loss of generality that J is a

prime ideal P . By the third isomorphism theorem, |B/IP | = |B/I| |I/IP |, so we must

show that |I/IP | is the norm of P , that is, |B/P |. But this has already been done in the

¬rst part of the proof of (4.1.6). ™

4.2.8 Corollary

Let I be a nonzero ideal of B. If N (I) is prime, then I is a prime ideal.

Proof. Suppose I is the product of two ideals I1 and I2 . By (4.2.7), N (I) = N (I1 )N (I2 ),

so by hypothesis, N (I1 ) = 1 or N (I2 ) = 1. Thus either I1 or I2 is the identity element

of the ideal group, namely B. Therefore, the prime factorization of I is I itself, in other

words, I is a prime ideal. ™

4.2.9 Proposition

N (I) ∈ I, in other words, I divides N (I). [More precisely, I divides the principal ideal

generated by N (I).]

6 CHAPTER 4. FACTORING OF PRIME IDEALS IN EXTENSIONS

Proof. Let N (I) = |B/I| = r. If x ∈ B, then r(x + I) is 0 in B/I, because the order of

any element of a group divides the order of the group. Thus rx ∈ I, and in particular we

may take x = 1 to conclude that r ∈ I. ™

4.2.10 Corollary

If I is a nonzero prime ideal of B, then I divides (equivalently, contains) exactly one

rational prime p.

Proof. By (4.2.9), I divides N (I) = pm1 · · · pmt , so I divides some pi . But if I divides

t

1

two distinct primes p and q, then there exist integers u and v such that up + vq = 1. Thus

I divides 1, so I = B, a contradiction. Therefore I divides exactly one p. ™

4.2.11 The Norm of a Prime Ideal

If we can compute the norm of every nonzero prime ideal P , then by multiplicativity, we

can calculate the norm of any nonzero ideal. Let p be the unique rational prime in P , and

recall from (4.1.3) that the relative degree of P over p is f (P ) = [B/P : Z/pZ]. Therefore

N (P ) = |B/P | = pf (P ) .

Note that by (4.2.6), the norm of the principal ideal (p) is |N (p)| = pn , so N (P ) = pm

for some m ¤ n. This conclusion also follows from the above formula N (P ) = pf (P ) and

the ram-rel identity (4.1.6).

Here are two other useful ¬niteness results.

4.2.12 Proposition

A rational integer m can belong to only ¬nitely many ideals of B.

Proof. We have m ∈ I i¬ I divides (m), and by unique factorization, (m) has only ¬nitely

many divisors. ™

4.2.13 Corollary

Only ¬nitely many ideals can have a given norm.

Proof. If N (I) = m, then by (4.2.9), m ∈ I, and the result follows from (4.2.12). ™

Problems For Section 4.2

This problem set will give the proof that a rational prime p rami¬es in the number ¬eld

L if and only if p divides the ¬eld discriminant d = dL/Q .

1. Let (p) = pB have prime factorization i Piei . Show that p rami¬es if and only if the

ring B/(p) has nonzero nilpotent elements.

Now as in (2.1.1), represent elements of B by matrices with respect to an integral basis

ω1 , . . . , ωn of B. Reduction of the entries mod p gives matrices representing elements of

B/(p).

2. Show that a nilpotent element (or matrix) has zero trace.

4.3. A PRACTICAL FACTORIZATION THEOREM 7

Suppose that A(β), the matrix representing the element β, is nilpotent mod p. Then

A(βωi ) will be nilpotent mod p for all i, because βωi is nilpotent mod p.

3. By expressing β in terms of the ωi and computing the trace of A(βωj ), show that if β

is nilpotent mod p and β ∈ (p), then d ≡ 0 mod p, hence p divides d.

/

Now assume that p does not ramify.

4. Show that B/(p) is isomorphic to a ¬nite product of ¬nite ¬elds Fi of characteristic p.

Let πi : B ’ B/(p) ’ Fi be the composition of the canonical map from B onto B/(p)

and the projection from B/(p) onto Fi .

5. Show that the trace form Ti (x, y) = TFi /Fp (πi (x)πi (y)) is nondegenerate, and conclude

that i Ti is also nondegenerate.

We have d = det T (ωi ωj ), in other words, the determinant of the matrix of the bilinear

form T (x, y) on B, with respect to the basis {ω1 , . . . , ωn }. Reducing the matrix entries

mod p, we get the matrix of the reduced bilinear form T0 on the Fp -vector space B/(p).

6. Show that T0 coincides with i Ti , hence T0 is nondegenerate. Therefore d = 0 mod p,

so p does not divide d.

As a corollary, it follows that only ¬nitely many primes can ramify in L.

4.3 A Practical Factorization Theorem

The following result, usually credited to Kummer but sometimes attributed to Dedekind,

allows, under certain conditions, an e¬cient factorization of a rational prime in a number

¬eld.

4.3.1 Theorem

Let L be a number ¬eld of degree n over Q, and assume that the ring B of algebraic

integers of L is Z[θ] for some θ ∈ B. Thus 1, θ, θ2 , . . . , θn’1 form an integral basis of B.

Let p be a rational prime, and let f be the minimal polynomial of θ over Q. Reduce the

coe¬cients of f modulo p to obtain f ∈ Z[X]. Suppose that the factorization of f into

irreducible polynomials over Fp is given by

f = h e1 · · · h e r .

r

1

Let fi be any polynomial in Z[X] whose reduction mod p is hi . Then the ideal

Pi = (p, fi (θ))

is prime, and the prime factorization of (p) in B is

(p) = P1 1 · · · Pr r .

e e

Proof. Adjoin a root θi of hi to produce the ¬eld Fp [θi ] ∼ Fp [X]/hi (X). The assignment

=

θ ’ θi extends by linearity (and reduction of coe¬cients mod p) to an epimorphism

»i : Z[θ] ’ Fp [θi ]. Since Fp [θi ] is a ¬eld, the kernel of »i is a maximal, hence prime,

ideal of Z[θ] = B. Since »i maps fi (θ) to hi (θi ) = 0 and also maps p to 0, it follows that

Pi ⊆ ker »i . We claim that Pi = ker »i . To prove this, assume g(θ) ∈ ker »i . With a

8 CHAPTER 4. FACTORING OF PRIME IDEALS IN EXTENSIONS

subscript 0 indicating reduction of coe¬cients mod p, we have g0 (θi ) = 0, hence hi , the

minimal polynomial of θi , divides g0 . If g0 = q0 hi , then g ’ qfi ≡ 0 mod p. Therefore

g(θ) = [g(θ) ’ q(θ)fi (θ)] + q(θ)fi (θ)

so g(θ) is the sum of an element of (p) and an element of (fi (θ)). Thus ker »i ⊆ Pi , so

Pi = ker »i , a prime ideal.

We now show that (p) divides P1 1 · · · Pr r . We use the identity (I+I1 )(I+I2 ) ⊆ I+I1 I2 ,

e e

where I, I1 and I2 are ideals. We begin with P1 = (p) + (f1 (θ)), and compute

P1 ⊆ (p) + (f1 (θ))2 , . . . , P1 1 · · · Pr r ⊆ (p) + (f1 (θ))e1 · · · (fr (θ))er .

e

2 e

r

But the product of the fi (θ)ei coincides mod p with hi (θ) = f (θ) = 0. We conclude

i=1

r

that i=1 Piei ⊆ (p), as asserted.

We now know that (p) = P1 1 · · · Pr r with 0 ¤ ki ¤ ei . (Actually, ki > 0 since

k k

p ∈ ker »i = Pi , so Pi divides (p). But we will not need this re¬nement.) By hypothesis,

B/Pi = Z[θ]/Pi , which is isomorphic to Fp [θi ], as observed at the beginning of the proof.

Thus the norm of Pi is |Fp [θi ]| = pdi , where di is the degree of hi . By (4.2.6), (4.2.7) and

equation (3) of (2.1.3),

r r

n ki

pdi ki

p = N ((p)) = N (Pi ) =

i=1 i=1

hence n = d1 k1 + · · · + dr kr . But n is the degree of the monic polynomial f , which is the

same as deg f = d1 e1 + · · · + dr er . Since ki ¤ ei for every i, we have ki = ei for all i, and

the result follows. ™

4.3.2 Prime Factorization in Quadratic Fields

√

We consider L = Q( m), where m is a square-free integer, and factor the ideal (p) in

the ring B of algebraic integers of L. By the ram-rel identity (4.1.6), there will be three

cases:

(1) g = 2, e1 = e2 = f1 = f2 = 1. Then (p) is the product of two distinct prime ideals P1

and P2 , and we say that p splits in L.

(2) g = 1, e1 = 1, f1 = 2. Then (p) is a prime ideal of B, and we say that p remains prime

in L or that p is inert.

2

(3) g = 1, e1 = 2, f1 = 1. Then (p) = P1 for some prime ideal P1 , and we say that p

rami¬es in L.

We will examine all possibilities systematically.

(a) Assume p is an odd prime not dividing m. Then p does not divide the discriminant,

so p does not ramify.

(a1) If m is a quadratic residue mod p, then p splits. Say m ≡ n2 mod p. Then x2 ’ m

√ √

factors mod p as (x + n)(x ’ n), so (p) = (p, n + m) (p, n ’ m).

(a2) If m is not a quadratic residue mod p, then x2 ’ m cannot be the product of two

linear factors, hence x2 ’ m is irreducible mod p and p remains prime.

4.3. A PRACTICAL FACTORIZATION THEOREM 9

(b) Let p be any prime dividing m. Then p divides the discriminant, hence p rami¬es.

√

Since x2 ’ m ≡ x2 = xx mod p, we have (p) = (p, m)2 .

This takes care of all odd primes, and also p = 2 with m even.

(c) Assume p = 2, m odd.

(c1) Let m ≡ 3 mod 4. Then 2 divides the √

discriminant D = 4m, so 2 rami¬es. We have

x ’ m ≡ (x + 1) mod 2, so (2) = (2, 1 + m)2 .

2 2

√

(c2) Let m ≡ 1 mod 8, hence m ≡ 1 mod 4. An integral basis is {1, (1 + m)/2}, and

the discriminant is D = m. Thus 2 does not divide D, so 2 does not ramify. We claim

√ √

that (2) = (2, (1 + m)/2) (2, (1 ’ m)/2). To verify this note that the right side is

√ √

(2, 1 ’ m, 1 + √ m, (1 ’ m)/4). This coincides with (2) because (1 ’ m)/4 is an even

√

integer and 1 ’ m + 1 + m = 2.

If m ≡ 3 or 7 mod 8, then m ≡ 3 mod 4, so there is only one remaining case.

(c3) Let m ≡ 5 mod 8, hence m ≡ 1 mod 4, so D = m and 2 does not ramify. Consider

f (x) = x2 ’ x + (1 ’ m)/4 over B/P , where P is any prime ideal lying over (2). The roots

√

of f are (1 ± m)/2, so f has a root in B, hence in B/P . But there is no root in F2 ,

because (1 ’ m)/4 ≡ 1 mod 2. Thus B/P and F2 cannot be isomorphic. If (2) factors as

Q1 Q2 , then the norm of (2) is 4, so Q1 and Q2 have norm 2, so the B/Qi are isomorphic

to F2 , which contradicts the argument just given. Therefore 2 remains prime.

You probably noticed something suspicious in cases (a) and (b). In order to apply

√

(4.3.1), 1 and m must form an integral basis, so m ≡ 1 mod 4, as in (2.3.11). But we

can repair the damage. In (a1), verify directly that the factorization of (p) is as given. The

√ √ √ √

key point is that the ideal (p, n + m) (p, n ’ m) contains p(n + m + n ’ m) = 2np,

and if p divides n, then p divides (m ’ n2 ) + n2 = m, contradicting the assumption of

case (a). Thus the greatest common divisor of p2 and 2np is p, so p belongs to the ideal.

Since every generator of the ideal is a multiple of p, the result follows. In (a2), suppose

(p) = Q1 Q2√Since the norm of p is p2 , each Qi has norm p, so B/Qi must be isomorphic

.

to Fp . But m ∈ B, so m has a square root in B/Qi [see (4.1.4)]. But case (a2) assumes

that there is no square root of m in Fp , a contradiction. Finally, case (b) is similar to

case (a1). We have p|m, but p2 does not divide the square-free integer m, so the greatest

common divisor of p2 and m is p.

Problems For Section 4.3

1. In the exercises for Section 3.4, we factored (2) and (3) in the ring B of algebraic

√

integers of L = Q( ’5), using ad hoc techniques. Using the results of this section, derive

the results rigorously.

2. Continuing √ Problem 1, factor (5), (7) and (11). √

3. Let L = Q( 3 2), and assume as known that the ring of algebraic integers is B = Z[ 3 2].

Find the prime factorization of (5).

Chapter 5

The Ideal Class Group

We will use Minkowski theory, which belongs to the general area of geometry of numbers,

to gain insight into the ideal class group of a number ¬eld. We have already mentioned

the ideal class group brie¬‚y in (3.4.5); it measures how close a Dedekind domain is to a

principal ideal domain.

5.1 Lattices

5.1.1 De¬nitions and Comments

Let e1 , . . . , en ∈ Rn , with the ei linearly independent over R. Thus the ei form a basis

for Rn as a vector space over R. The ei also form a basis for a free Z-module of rank n,

namely

H = Ze1 + · · · + Zen .

A set H constructed in this way is said to be a lattice in Rn . The fundamental domain

of H is given by

n

T = {x ∈ R : x = ai ei , 0 ¤ ai < 1}.

n

i=1

In the most familiar case, e1 and e2 are linearly independent vectors in the plane, and T is

the parallelogram generated by the ei . In general, every point of Rn is congruent modulo

H to a unique point of T , so Rn is the disjoint union of the sets h + T, h ∈ H. If µ is

Lebesgue measure, then the volume µ(T ) of the fundamental domain T will be denoted by

v(H). If we generate H using a di¬erent Z-basis, the volume of the fundamental domain

is unchanged. (The change of variables matrix between Z-bases is unimodular, hence has

determinant ±1. The result follows from the change of variables formula for multiple

integrals.)

1

2 CHAPTER 5. THE IDEAL CLASS GROUP

5.1.2 Lemma

Let S be a Lebesgue measurable subset of Rn with µ(S) > v(H). Then there exist distinct

points x, y ∈ S such that x ’ y ∈ H.

Proof. As we observed in (5.1.1), the sets h + T, h ∈ H, are (pairwise) disjoint and cover

Rn . Thus the sets S © (h + T ), h ∈ H, are disjoint and cover S. Consequently,

µ(S © (h + T )).

µ(S) =

h∈H

By translation-invariance of Lebesgue measure, µ(S © (h + T )) = µ((’h + S) © T ). Now

if S © (h1 + T ) and S © (h2 + T ) are disjoint, it does not follow that (’h1 + S) © T and

(’h2 + S) © T are disjoint, as we are not subtracting the same vector from each set. In

fact, if the sets (’h + S) © T, h ∈ H, were disjoint, we would reach a contradiction via

v(H) = µ(T ) ≥ µ((’h + S) © T ) = µ(S).

h∈H

Thus there are distinct elements h1 , h2 ∈ H such that (’h1 +S)©(’h2 +S)©T = …. Choose

(necessarily distinct) x, y ∈ S such that ’h1 + x = ’h2 + y. Then x ’ y = h1 ’ h2 ∈ H,

as desired. ™

5.1.3 Minkowski™s Convex Body Theorem

Let H be a lattice in Rn , and assume that S is a Lebesgue measurable subset of Rn that

is symmetric about the origin and convex. If

(a) µ(S) > 2n v(H), or

(b) µ(S) ≥ 2n v(H) and S is compact,

then S © (H \ {0}) = ….

Proof.

(a) Let S = 1 S. Then µ(S ) = 2’n µ(S) > v(H) by hypothesis, so by (5.1.2), there exist

2

distinct elements y, z ∈ S such that y ’ z ∈ H. But y ’ z = 1 (2y + (’2z)), a convex

2

combination of 2y and ’2z. But y ∈ S ’ 2y ∈ S, and z ∈ S ’ 2z ∈ S ’ ’2z ∈ S by

symmetry about the origin. Thus y ’ z ∈ S and since y and z are distinct, y ’ z ∈ H \ {0}.

(b) We apply (a) to (1+1/m)S, m = 1, 2, . . . . Since S, hence (1+1/m)S, is a bounded set,

it contains only ¬nitely many points of the lattice H. Consequently, for every positive

integer m, Sm = (1 + 1/m)S © (H \ {0}) is a nonempty ¬nite, hence compact, subset

of Rn . Since Sm+1 ⊆ Sm for all m, the sets Sm form a nested sequence, and therefore

©∞ Sm = …. If x ∈ ©∞ Sm , then x ∈ H \ {0} and x/(1 + 1/m) ∈ S for every m. Since

m=1 m=1

S is closed, we may let m ’ ∞ to conclude that x ∈ S. ™

5.1.4 Example

With n = 2, take e1 = (1, 0) and e2 = (0, 1). The fundamental domain is the unit square,

closed at the bottom and on the left, and open at the top and on the right. Let S be the

set of all a1 e1 + a2 e2 with ’1 < ai < 1, i = 1, 2. Then µ(S) = 4v(H), but S contains no

nonzero lattice points. Thus compactness is a necessary hypothesis in part (b).

5.2. A VOLUME CALCULATION 3

5.2 A Volume Calculation

We will use n-dimensional integration technique to derive a result that will be needed in

the proof that the ideal class group is ¬nite. We will work in Rn , realized as the product

of r1 copies of R and r2 copies of C, where r1 + 2r2 = n. Our interest is in the set

r1 r2

Bt = {(y1 , . . . , yr1 , z1 , . . . , zr2 ) ∈ R —C |yi | + 2 |zj | ¤ t}, t ≥ 0.

r1 r2

:

i=1 j=1

We will show that the volume of Bt is given by

π r2 t n

r1

V (r1 , r2 , t) = 2 () .

2 n!

The proof is by double induction on r1 and r2 . If r1 = 1 and r2 = 0, hence n = 1, we

are calculating the length of the interval [’t, t], which is 2t, as predicted. If r1 = 0 and

r2 = 1, hence n = 2, we are calculating the area of {z1 : 2|z1 | ¤ t}, a disk of radius t/2.

The result is πt2 /4, again as predicted. Now assume that the formula holds for r1 , r2 , and

all t. Then V (r1 + 1, r2 , t) is the volume of the set described by

r1 r2

|y| + |yi | + 2 |zj | ¤ t

i=1 j=1

or equivalently by

r1 r2

|yi | + 2 |zj | ¤ t ’ |y|.

i=1 j=1

Now if |y| > t, then Bt is empty. For smaller values of |y|, suppose we change y to y + dy.

This creates a box in (n + 1)-space with dy as one of the dimensions. The volume of the

box is V (r1 , r2 , t ’ y)dy. Thus

t

V (r1 , r2 , t ’ |y|)dy

V (r1 + 1, r2 , t) =

’t

t

which by the induction hypothesis is 2 0 2r1 (π/2)r2 [(t ’ y)n /n!] dy. Evaluating the inte-

gral, we obtain 2r+1 (π/2)r2 tn+1 /(n + 1)!, as desired.

Finally, V (r1 , r2 + 1, t) is the volume of the set described by

r1 r2

|yi | + 2 |zj | + 2|z| ¤ t.

i=1 j=1

As above,

V (r1 , r2 , t ’ 2|z|)dµ(z)

V (r1 , r2 + 1, t) =

|z|¤t/2

4 CHAPTER 5. THE IDEAL CLASS GROUP

where µ is Lebesgue measure on C. In polar coordinates, the integral becomes

π r2 (t ’ 2r)n

2π t/2

2r1 ( ) r dr dθ

2 n!

θ=0 r=0

t/2

which reduces to 2r1 (π/2)r2 (2π/n!) r=0 (t ’ 2r)n r dr. We may write the integrand as

(t ’ 2r)n r dr = ’rd(t ’ 2r)n+1 /2(n + 1). Integration by parts yields (for the moment

ignoring the constant factors preceding the integral)

t/2

’(t ’ 2r)n+2

t/2

tn+2

(t ’ 2r)

n+1

dr/2(n + 1) = = .

2(n + 1)2(n + 2) 4(n + 1)(n + 2)

0 0

Therefore V (r1 , r2 + 1, t) = 2r1 (π/2)r2 (2π/n!)tn+2 /4(n + 1)(n + 2), which simpli¬es to

2r1 (π/2)r2 +1 tn+2 /(n + 2)!, completing the induction. Note that n + 2 (rather than n + 1)

is correct, because r1 + 2(r2 + 1) = r1 + 2r2 + 2 = n + 2.

5.3 The Canonical Embedding

5.3.1 De¬nitions and Comments

Let L be a number ¬eld of degree n over Q, and let σ1 , . . . , σn be the Q-monomorphisms

of L into C. If σi maps entirely into R, we say that σi is a real embedding; otherwise it

is a complex embedding. Since the complex conjugate of a Q-monomorphism is also a Q-

monomorphism, we can renumber the σi so that the real embeddings are σ1 , . . . , σr1 and

the complex embeddings are σr1 +1 , . . . , σn , with σr1 +j paired with its complex conjugate

σr1 +r2 +j , j = 1, . . . , r2 . Thus there are 2r2 complex embeddings, and r1 + 2r2 = n.

The canonical embedding σ : L ’ Rr1 — Cr2 = Rn is the injective ring homomorhism

given by

σ(x) = (σ1 (x), . . . , σr1 +r2 (x)).

5.3.2 Some Matrix Manipulations

Let x1 , . . . , xn ∈ L be linearly dependent over Z (hence the xi form a basis for L over Q).

Let C be the matrix whose k th column (k = 1, . . . , n) is

σ1 (xk ), . . . , σr1 (xk ), Re σr1 +1 (xk ), Im σr1 +1 (xk ), . . . , Re σr1 +r2 (xk ), Im σr1 +r2 (xk ).

The determinant of C looks something like a discriminant, and we can be more precise

with the aid of elementary row operations. Suppose that

σj (xk ) x + iy

= .

x ’ iy

σ j (xk )

We are ¬xing j and allowing k to range from 1 to n, so we have two rows of an n by

n matrix. Add the second row to the ¬rst, so that the entries on the right become 2x

5.3. THE CANONICAL EMBEDDING 5

and x ’ iy. Then add ’1/2 times row 1 to row 2, and the entries become 2x and ’iy.

Factoring out 2 and ’i, we get

x Re σj (xk )

’2i = ’2i .

y Im σj (xk )

Do this for each j = 1, . . . , r2 . In the above calculation, σ j appears immediately under

σj , but in the original ordering they are separated by r2 , which introduces a factor of

(’1)r2 when we calculate a determinant. To summarize, we have

det C = (2i)’r2 det(σj (xk ))

Note that j and k range from 1 to n; no operations are needed for the ¬rst r1 rows.

Now let M be the free Z-module generated by the xi , so that σ(M ) is a free Z-module

with basis σ(xi ), i = 1, . . . , n, hence a lattice in Rn . The fundamental domain is a

parallelotope whose sides are the σ(xi ), and the volume of the fundamental domain is the

absolute value of the determinant whose rows (or columns) are the σ(xi ). Consequently

[see (5.1.1) for notation],

v(σ(M )) = | det C| = 2’r2 | det σj (xk )|.

We apply this result in an algebraic number theory setting.

5.3.3 Proposition

Let B be the ring of algebraic integers of a number ¬eld L, and let I be a nonzero integral

ideal of B, so that by (4.2.4) and (5.3.2), σ(I) is a lattice in Rn . Then the volume of the

fundamental domain of this lattice is

v(σ(I)) = 2’r2 |d|1/2 N (I),

in particular, v(σ(B)) = 2’r2 |d|1/2 , where d is the ¬eld discriminant.

Proof. The result for I = B follows from (5.3.2) and (2.3.3), taking the xk as an integral

basis for B. To establish the general result, observe that the fundamental domain for σ(I)

can be assembled by taking the disjoint union of N (I) copies of the fundamental domain

of σ(B). To convince yourself of this, let e1 and e2 be basis vectors in the plane. The

lattice H generated by 2e1 and 3e2 is a subgroup of the lattice H generated by e1 and

e2 , but the fundamental domain T of H is larger than the fundamental domain T of H.

In fact, exactly 6 copies of T will ¬t inside T . ™

5.3.4 Minkowski Bound on Element Norms

If I is a nonzero integral ideal of B, then I contains a nonzero element x such that

|NL/Q (x)| ¤ (4/π)r2 (n!/nn )|d|1/2 N (I).

Proof. The set Bt of Section 5.2 is compact, convex and symmetric about the origin.

The volume of Bt is µ(Bt ) = 2r1 (π/2)r2 tn /n!, with µ indicating Lebesgue measure. We

6 CHAPTER 5. THE IDEAL CLASS GROUP

choose t so that µ(Bt ) = 2n v(σ(I)), which by (5.3.3) is 2n’r2 |d|1/2 N (I). Equating the

two expressions for µ(Bt ), we get

tn = 2n’r1 π ’r2 n! |d|1/2 N (I).

Apply (5.1.3b) with H = σ(I) and S = Bt . By our choice of t, the hypothesis of (5.1.3b)

is satis¬ed, and we have S © (H \ {0}) = …. Thus there is a nonzero element x ∈ I such

that σ(x) ∈ Bt . Now by (2.1.6), the norm of x is the product of the positive numbers

ai = |σi (x)|, i = 1, . . . , n. To estimate N (x), we invoke the inequality of the arithmetic

and geometric means, which states that (a1 · · · an )1/n ¤ (a1 + · · · + an )/n. It follows that

n

a1 · · · an ¤ ( i=1 ai /n)n . With our ai ™s, we have

r +r2

r1

21

1

|N (x)| ¤ [ |σi (x)| + |σi (x)| ]n .

n n j=r

1 +1

i=1

Since σ(x) ∈ Bt , we have |N (x)| ¤ tn /nn . By choice of t,

|N (x)| ¤ (1/nn )2n’r1 π ’r2 n! |d|1/2 N (I).

But n ’ r1 = 2r2 , so 2n’r1 π ’r2 = 22r2 π ’r2 = (4/π)r2 , and the result follows. ™

5.3.5 Minkowski Bound on Ideal Norms

Every ideal class [see (3.4.5)] of L contains an integral ideal I such that

N (I) ¤ (4/π)r2 (n!/nn ) |d|1/2 .

Proof. Let J be a fractional ideal in the given class. We can multiply by a principal

ideal of B without changing the ideal class, so we can assume with loss of generality that

J = (J )’1 is an integral ideal. Choose a nonzero element x ∈ J such that x satis¬es the

norm inequality of (5.3.4). Our candidate is I = xJ .

First note that I is an integral ideal because x ∈ J and JJ = B. Now (x) = IJ, so

by (4.2.6) and (5.3.4),

N (I)N (J) = N (x) ¤ (4/π)r2 (n!/nn ) |d|1/2 N (J).

Cancel N (J) to get the desired result. ™

5.3.6 Corollary

The ideal class group is ¬nite.

Proof. By (4.2.13), there are only ¬nitely many integral ideals with a given norm. By

(5.3.5), we can associate with each ideal class an integral ideal whose norm is bounded

above by a ¬xed constant. If the ideal class group were in¬nite, we would eventually use

the same integral ideal in two di¬erent ideal classes, which is impossible. ™

5.3. THE CANONICAL EMBEDDING 7

5.3.7 Applications

Suppose that a number ¬eld L has a Minkowski bound on ideal norms that is less than 2.

Since the only ideal of norm 1 is the trivial ideal (1) = B, every ideal class must contain

(1). Thus there can be only one ideal class, and the class number of L, that is, the order

of the ideal class group, is hL = 1. By (3.4.5), B is a PID, equivalently, by (3.2.8), a

UFD.

If the Minkowski bound is greater than 2 but less than 3, we must examine ideals

whose norm is 2. If I is such an ideal, then by (4.2.9), I divides (2). Thus the prime

factorization of (2) will give useful information about the class number.

In the exercises, we will look at several explicit examples.

Problems For Section 5.3

1. Calculate the Minkowski bound on ideal norms for an imaginary quadratic ¬eld, in

√

terms of the ¬eld discriminant d. Use the result to show that Q( m) has class number 1

for m = ’1, ’3, ’7.

2. Calculate the Minkowski bound on ideal norms or a real quadratic ¬eld, in terms

√

of the ¬eld discriminant d. Use the result to show that Q( m) has class number 1 for

m = 2, 3, 5, 13. √

3. Show that in the ring of algebraic integers of Q( ’5), there is only one ideal whose

norm is 2. Then use the Minkowski bound to prove that the class number is 2.

√

4. Repeat Problem 3 for Q( 6). √

5. Show that the only prime ideals of norm 2 in the ring of algebraic integers of Q( 17)

are principal. Conclude that the√class number is 1.

6. Find the class number of Q( 14). (It will be necessary to determine the number of

ideals of norm 3 as well as norm 2.)

Problems 7-10 consider bounds on the ¬eld discriminant.

7. Let L be a number ¬eld of degree n over Q, with ¬eld discriminant d. Show that

|d| ≥ an = (π/4)n n2n /(n!)2 .

8. Show that a2 = π 2 /4 and an+1 /an ≥ 3π/4. From this, derive the lower bound

|d| ≥ (π/3)(3π/4)n’1 for n ≥ 2.

9. Show that n/ log |d| is bounded above by a constant that is independent of the

particular number ¬eld.

10. Show that if L = Q, then |d| > 1, hence in any nontrivial extension of Q, at least one

prime must ramify.

Chapter 6

The Dirichlet Unit Theorem

As usual, we will be working in the ring B of algebraic integers of a number ¬eld L. Two

factorizations of an element of B are regarded as essentially the same if one is obtained

from the other by multiplication by a unit. Our experience with the integers, where

the only units are ±1, and the Gaussian integers, where the only units are ±1 and ±i,

suggests that units are not very complicated, but this is misleading. The Dirichlet unit

theorem gives a complete description of the structure of the multiplicative group of units

in a number ¬eld.

6.1 Preliminary Results

6.1.1 Lemma

Let B — be the group of units of B. An element x ∈ B belongs to B — if and only if

N (x) = ±1.

Proof. If xx’1 = 1, then 1 = N (1) = N (xx’1 ) = N (x)N (x’1 ), so the integer N (x) must

be ±1. Conversely, if the norm of x is ±1, then the characteristic equation of x has the

form xn + an’1 xn’1 + · · · + a1 x ± 1 = 0, with the ai ∈ Z [see (2.1.3) and (2.2.2)]. Thus

x(xn’1 + an’1 xn’2 + · · · + a2 x + a1 ) = “ 1. ™

6.1.2 The Logarithmic Embedding

Let σ : L ’ Rr1 — Cr2 = Rn be the canonical embedding de¬ned in (5.3.1). The

logarithmic embedding is the mapping » : L— ’ Rr1 +r2 given by

»(x) = (log |σ1 (x)|, . . . , log |σr1 +r2 (x)|).

Since the σi are monomorphisms, »(xy) = »(x) + »(y), so » is a homomorphism from the

multiplicative group of L— to the additive group of Rr1 +r2 .

1

2 CHAPTER 6. THE DIRICHLET UNIT THEOREM

6.1.3 Lemma

Let C be a bounded subset of Rr1 +r2 , and let C = {x ∈ B — : »(x) ∈ C}. Then C is a

¬nite set.

Proof. Since C is bounded, all the numbers |σi (x)|, x ∈ B — , i = 1, . . . , n, will be con¬ned

to some interval [a’1 , a] with a > 1. Thus the elementary symmetric functions of the

σi (x) will also lie in some interval of this type. But by (2.1.6), the elementary symmetric

functions are the coe¬cients of the characteristic polynomial of x, and by (2.2.2), these

coe¬cients are integers. Thus there are only ¬nitely many possible characteristic polyno-

mials of elements x ∈ C , hence by (2.1.5), only ¬nitely many possible roots of minimal

polynomials of elements x ∈ C . We conclude that x can belong to C for only ¬nitely

many x. ™

6.1.4 Corollary

The kernel G of the homomorphism » restricted to B — is a ¬nite group.

Proof. Take C = {0} in (6.1.3). ™

The following result gives additional information about G.

6.1.5 Proposition

Let H be a ¬nite subgroup of K — , where K is an arbitrary ¬eld. Then H consists of roots

of unity and is cyclic.

Proof. Let z be an element of H whose order n is the exponent of H, that is, the least

common multiple of the orders of all the elements of H. Then y n = 1 for every y ∈ H, so

H consists of roots of unity. Since the polynomial X n ’ 1 has at most n distinct roots,

we have |H| ¤ n. But 1, z, . . . , z n’1 are distinct elements of H, because z has order n.

Thus H is cyclic. ™

For our group G, even more is true.

6.1.6 Proposition

The group G consists exactly of all the roots of unity in the ¬eld L.

Proof. By (6.1.5), every element of G is a root of unity. Conversely, suppose xm = 1.

Then x is an algebraic integer (it satis¬es X m ’ 1 = 0) and for every i,

|σi (x)|m = |σi (xm )| = |1| = 1.

Thus |σi (x)| = 1 for all i, so log |σi (x)| = 0 and x ∈ G. ™

6.1.7 Proposition

B — is a ¬nitely generated abelian group, isomorphic to G — Zs where s ¤ r1 + r2 .

Proof. By (6.1.3), »(B — ) is a discrete subgroup of Rr1 +r2 . [“Discrete” means that any

bounded subset of Rr1 +r2 contains only ¬nitely many points of »(B — ).] It follows that

6.1. PRELIMINARY RESULTS 3

»(B — ) is a lattice in Rs , hence a free Z-module of rank s, for some s ¤ r1 + r2 . The proof

of this is outlined in the exercises. Now by the ¬rst isomorphism theorem, »(B — ) ∼ B — /G,

=

with »(x) corresponding to the coset xG. If x1 G, . . . , xs G form a basis for B — /G and

x ∈ B — , then xG is a ¬nite product of powers of the xi G, so x is an element of G times a

¬nite product of powers of the xi . Since the »(xi ) are linearly independent, so are the xi ,

provided we translate the notion of linear independence to a multiplicative setting. The

result follows. ™

We can improve the estimate of s.

6.1.8 Proposition

In (6.1.7), we have s ¤ r1 + r2 ’ 1.

Proof. If x ∈ B — , then by (6.1.1) and (2.1.6),

r1 +r2

r1

n

±1 = N (x) = σi (x) = σi (x) σj (x)σj (x).

j=r1 +1

i=1 i=1

Take absolute values and apply the logarithmic embedding to conclude that »(x) =

(y1 , . . . , yr1 +r2 ) lies in the hyperplane W whose equation is

r1 +r2

r1

yi + 2 yj = 0.

j=r1 +1

i=1

The hyperplane has dimension r1 + r2 ’ 1, so as in the proof of (6.1.7), »(B — ) is a free

Z-module of rank s ¤ r1 + r2 ’ 1. ™

In the next section, we will prove the Dirichlet unit theorem, which says that s actually

equals r1 + r2 ’ 1.

Problems For Section 6.1

We will show that if H is a discrete subgroup of Rn , in other words, for every bounded set

C ⊆ Rn , H © C is ¬nite, then H is a lattice in Rr for some r ¤ n. Choose e1 , . . . , er ∈ H

such that the ei are linearly independent over R and r is as large as possible. Let T

be the closure of the fundamental domain determined by the ei , that is, the set of all

r

x = i=1 ai ei , with 0 ¤ ai ¤ 1. Since H is discrete, H © T is a ¬nite set.

r

Now let x be any element of H. By choice of r we have x = i=1 bi ei with bi ∈ R.

r

1. If j is any integer, set xj = jx ’ i=1 jbi ei , where y is the maximum of all integers

z ¤ y. Show that xj ∈ H © T .

2. By examining the above formula for xj with j = 1, show that H is a ¬nitely generated

Z-module.

3. Show that the bi are rational numbers.

4. Show that for some nonzero integer d, dH is a free Z-module of rank at most r.

5. Show that H is a lattice in Rr .

4 CHAPTER 6. THE DIRICHLET UNIT THEOREM

6.2 Statement and Proof of Dirichlet™s Unit Theorem

6.2.1 Theorem

The group B — of units of a number ¬eld L is isomorphic to G — Zs , where G is a ¬nite

cyclic group consisting of all the roots of unity in L, and s = r1 + r2 ’ 1.

Proof. In view of (6.1.4)-(6.1.8), it su¬ces to prove that s ≥ r1 + r2 ’ 1. Equivalently,

by the proof of (6.1.7), the real vector space V = »(B — ) contains r1 + r2 ’ 1 linearly

independent vectors. Now by the proof of (6.1.8), V is a subspace of the (r1 + r2 ’ 1)-

dimensional hyperplane W , so we must prove that V = W . To put it another way, every

linear form f that vanishes on V must vanish on W . This is equivalent to saying that if

f does not vanish on W , then it cannot vanish on V , that is, for some unit u ∈ B — we

have f (»(u)) = 0.

Step 1. We apply Minkowski™s convex body theorem (5.1.3b) to the set

S = {(y1 , . . . , yr1 , z1 , . . . , zr2 ) ∈ Rr1 — Cr2 : |yi | ¤ ai , |zj | ¤ ar1 +j }

where i ranges from 1 to r1 and j from 1 to r2 . We specify the ai as follows. Fix

the positive real number b ≥ 2n’r1 (1/2π)r2 |d|1/2 . Given arbitrary positive real numbers

a1 , . . . , ar , where r = r1 + r2 ’ 1, we choose the positive real number ar+1 such that

r1 +r2

r1

a2 = b.

ai j

j=r1 +1

i=1

The set S is compact, convex, and symmetric about the origin, and its volume is

r1 +r2

r1

πa2 = 2r1 π r2 b ≥ 2n’r2 |d|1/2 .

2ai j

j=r1 +1

i=1

We apply (5.1.3b) with S as above and H = σ(B) [see (5.3.3)], to get S © (H \ {0}) = ….

Thus there is a nonzero algebraic integer x = xa , a = (a1 , . . . , ar ), such that σ(xa ) ∈ S,

and consequently,

|σi (xa )| ¤ ai , i = 1, . . . , n,

where we set aj+r2 = aj , j = r1 + 1, . . . , r1 + r2 .

Step 2. We will show that the norms of the xa are bounded by b in absolute value, and

0 ¤ log ai ’ log |σi (xa )| ¤ log b.

Using step 1, along with (2.1.6) and the fact that the norm of an algebraic integer is a

rational integer [see (2.2.2)], we ¬nd

r1 +r2

r1

n

1 ¤ |N (xa )| = |σi (xa )| ¤ a2 = b.

ai j

j=r1 +1

i=1 i=1

6.2. STATEMENT AND PROOF OF DIRICHLET™S UNIT THEOREM 5

But for any i,

a’1 = ai b’1 .

|σj (xa )|’1 ≥

|σi (xa )| = |N (xa )| j

j=i j=i

Thus ai b’1 ¤ |σi (xa )| ¤ ai for all i, so 1 ¤ ai /|σi (xa )| ¤ b. Take logarithms to obtain

the desired chain of inequalities.

Step 3. Completion of the proof. In the equation of the hyperplane W , y1 , . . . , yr can be

speci¬ed arbitrarily and we can solve for yr+1 . Thus if f is a nonzero linear form on W ,

then f can be expressed as f (y1 , . . . , yr+1 ) = c1 y1 + · · · + cr yr with not all ci ™s zero. By

r

de¬nition of the logarithmic embedding [see (6.1.2)], f (»(xa )) = i=1 ci log |σi (xa )|, so if

we multiply the inequality of Step 2 by ci and sum over i, we get

r r r

| ci log ai ’ f (»(xa ))| = | ci (log ai ’ log |σi (xa )|)| ¤ |ci | log b.

i=1 i=1 i=1

Choose a positive real number t greater than the right side of this equation, and for every

r

positive integer h, choose positive real numbers aih , i = 1, . . . , r, such that i=1 ci log aih

coincides with 2th. (This is possible because not all ci ™s are zero.) Let a(h) = (a1h , . . . , arh ),

and let xh be the corresponding algebraic integer xa(h) . Then by the displayed equation

above and the choice of t to exceed the right side, we have |f (»(xh )) ’ 2th| < t, so

(2h ’ 1)t < f (»(xh )) < (2h + 1)t.

Since the open intervals ((2h ’ 1)t, (2h + 1)t) are (pairwise) disjoint, it follows that the

f (»(xh )), h = 1, 2, . . . , are all distinct. But by Step 2, the norms of the xh are all bounded

in absolute value by the same positive constant, and by (4.2.13), only ¬nitely many ideals

can have a given norm. By (4.2.6), there are only ¬nitely many distinct ideals of the

form Bxh , so there are distinct h and k such that Bxh = Bxk . But then xh and xk are

associates, hence for some unit u we have xh = uxk , hence »(xh ) = »(u) + »(xk ). By

linearity of f and the fact that f (»(xh )) = f (»(xk )), we have f (»(u)) = 0. ™

6.2.2 Remarks

The unit theorem implies that there are r = r1 + r2 ’ 1 units u1 , . . . , ur in B such that

every unit of B can be expressed uniquely as

u = z u n 1 · · · u nr

r

1

where the ui are algebraic integers and z is a root of unity in L. We call {u1 , . . . , ur } a

fundamental system of units for the number ¬eld L.

As an example, consider the cyclotomic extension L = Q(z), where z is a primitive

p root of unity, p an odd prime. The degree of the extension is •(p) = p ’ 1, and an

th

embedding σj maps z to z j , j = 1, . . . , p ’ 1. Since these z j ™s are never real, we have

r1 = 0 and 2r2 = p ’ 1. Therefore r = r1 + r2 ’ 1 = (p ’ 3)/2.

6 CHAPTER 6. THE DIRICHLET UNIT THEOREM

6.3 Units in Quadratic Fields

6.3.1 Imaginary Quadratic Fields

√

First, we look at number ¬elds L = Q( m), where m is a square-free negative integer.

There are no real embeddings, so r1 = 0 and 2r2 = n = 2, hence r2 = 1. But then

r1 + r2 ’ 1 = 0, so the only units in B are the roots of unity in L. We will use (6.1.1) to

determine the units.

√

Case 1. Assume m ≡ 1 mod 4. By (2.3.11), an algebraic integer has the form x = a+b m

for integers a and b. By (6.1.1) and (2.1.10), x is a unit i¬ N (x) = a2 ’ mb2 = ±1. Thus

if m ¤ ’2, then b = 0 and a = ±1. If m = ’1, we have the additional possibility

a = 0, b = ±1.

√

Case 2. Assume m ≡ 1 mod 4. By (2.3.11), x = a + b(1 + m)/2, and by (2.1.10),

N (x) = (a + b/2)2 ’ mb2 /4 = [(2a + b)2 ’ mb2 ]/4. Thus x is a unit if and only if

(2a + b)2 ’ mb2 = 4. We must examine m = ’3, ’7, ’11, ’15, . . . . If m ¤ ’7, then

b = 0, a = ±1. If m = ’3, we have the additional possibilities b = ±1, (2a ± b)2 = 1, that

is, a = 0, b = ±1; a = 1, b = ’1; a = ’1, b = 1.

To summarize, if B is the ring of algebraic integers of an imaginary quadratic ¬eld,

then the group G of units of B is {1, ’1}, except in the following two cases:

1. If L = Q(i), then G = {1, i, ’1, ’i}, the group of 4th roots of unity in L.

√ √

2. If L = Q( ’3), then G = {[(1 + ’3)/2]j , j = 0, 1,√ 3, 4, 5}, the group of 6th roots

2,

of unity in L. We may list the elements x = a + b/2 + b ’3/2 ∈ G as follows:

j = 0 ’ x = 1 (a = 1, b = 0)

√

j = 1 ’ x = (1 + √ ’3)/2 (a = 0, b = 1)

j = 2 ’ x = (’1 + ’3)/2 (a = ’1, b = 1)

j = 3 ’ x = ’1 (a = ’1, b = 0)

√

j = 4 ’ x = ’(1 + ’3)/2 (a = 0, b = ’1)

√

j = 5 ’ x = (1 ’ ’3)/2 (a = 1, b = ’1).

6.3.2 Remarks

Note that G, a ¬nite cyclic group, has a generator, necessarily a primitive root of unity.

Thus G will consist of all tth roots of unity for some t, and the ¬eld L will contain only

¬nitely many roots of unity. This is a general observation, not restricted to the quadratic

case.

6.3.3 Real Quadratic Fields

√

Now we examine L = Q( m), where m is a square-free positive integer. Since the

√ √

Q-automorphisms of L are the identity and a + b m ’ a ’ b m, there are two real

embeddings and no complex embeddings. Thus r1 = 2, r2 = 0, and r1 + r2 ’ 1 = 1. The

only roots of unity in R are ±1, so by (6.2.1) or (6.2.2), the group of units in the ring of

algebraic integers is isomorphic to {’1, 1} — Z. If u is a unit and 0 < u < 1, then 1/u

is a unit and 1/u > 1. Thus the units greater than 1 are hn , n = 1, 2, . . . , where h, the

unique generator greater than 1, is called the fundamental unit of L.

6.3. UNITS IN QUADRATIC FIELDS 7

√

Case 1. Assume m ≡ 1 mod 4. The algebraic integers are of the form x = a + b m

with a, b ∈ Z. Thus we are looking for solutions for N (x) =√ 2 ’ mb2 = ±1. Note that

a

√

if x = a + b m is a solution, then the four numbers ±a ± b m are x, ’x, x’1 , ’x’1 in

some order. Since a number and its inverse cannot both be greater than 1, and similarly

for a number and its negative, it follows that exactly one of the four numbers is greater

than one, namely the number with a and b positive. The fundamental unit, which is the

smallest unit greater than 1, can be found as follows. Compute mb2 for b = 1, 2, 3, √ . ,

..

and stop at the ¬rst number mb1 that di¬ers from a square a1 by ±1. Then a1 + b1 m

2 2

is the fundamental unit.

There is a more e¬cient computational technique using the continued fraction expan-

√

sion of m. Details are given in many texts on elementary number theory.

Case 2. Assume m ≡ 1 mod 4. It follows from (2.2.6) that the algebraic integers are of

√

the form x = 1 (a+b m), where a and b are integers of the same parity, both even or both

2

odd. Since the norm of x is 1 (a2 ’ mb2 ), x is a unit i¬ a2 ’ mb2 = ±4. Moreover, if a and

4

integers satisfying a2 ’ mb2 = ±4, then a and b must have the same parity, hence

b are √

a + b m is an algebraic integer and therefore a unit of B. To calculate the fundamental

unit, compute mb2 , b = 1, 2, 3, . . . , and stop at the ¬rst number mb2 that di¬ers from a

√ 1

square a1 by ±4. The fundamental unit is 2 (a1 + b1 m).

1

2

Problems For Section 6.3

√

1. Calculate the fundamental unit of Q( m) for m = 2, 3, 5, 6, 7, 10, 11, 13, 14, 15, 17.

In Problems 2-5, we assume m ≡ 1 mod 4. Suppose that we look for solutions to

a ’ mb2 = ±1 (rather than a2 ’ mb2 = ±4). We get units belonging to a subring

2

√

B0 = Z[ m] of the ring B of algebraic integers, and √ positive units of B0 form a

the

1

subgroup H of the positive units of B. Let u = 2 (a + b m) be the fundamental unit of

the number ¬eld L.

2. If a and b are both even, for example when m = 17, show that H consists of the powers

of u, in other words, B0 = B — .

—

3. If a and b are both odd, show that u3 ∈ B0 .

4. Continuing Problem 3, show that u2 ∈ B0 , so H consists of the powers of u3 .

/

5. Verify the conclusions of Problems 3 and 4 when m = 5 and m = 13.

Chapter 7

Cyclotomic Extensions

A cyclotomic extension Q(ζn ) of the rationals is formed by adjoining a primitive nth

root of unity ζn . In this chapter, we will ¬nd an integral basis and calculate the ¬eld

discriminant.

7.1 Some Preliminary Calculations

7.1.1 The Cyclotomic Polynomial

Recall that the cyclotomic polynomial ¦n (X) is de¬ned as the product of the terms X ’ζ,

where ζ ranges over all primitive nth roots of unity in C. Now an nth root of unity is

a primitive dth root of unity for some divisor d of n, so X n ’ 1 is the product of all

cyclotomic polynomials ¦d (X) with d a divisor of n. In particular, let n = pr be a prime

power. Since a divisor of pr is either pr or a divisor of pr’1 , we have

r

Xp ’ 1 tp ’ 1

= 1 + t + · · · + tp’1

¦pr (X) = pr’1 =

t’1

’1

X

r’1

where t = X p . If X = 1 then t = 1, and it follows that ¦pr (1) = p.

Until otherwise speci¬ed, we assume that n is a prime power pr .

7.1.2 Lemma

Let ζ and ζ be primitive (pr )th roots of unity. Then u = (1 ’ ζ )/(1 ’ ζ) is a unit in Z[ζ],

hence in the ring of algebraic integers.

Proof. Since ζ is primitive, ζ = ζ s for some s (not a multiple of p). It follows that

u = (1’ζ s )/(1’ζ) = 1+ζ+· · ·+ζ s’1 ∈ Z[ζ]. By symmetry, (1’ζ))/(1’ζ ) ∈ Z[ζ ] = Z[ζ],

and the result follows. ™

7.1.3 Lemma

Let π = 1 ’ ζ and e = •(pr ) = pr’1 (p ’ 1), where • is the Euler phi function. Then the

principal ideals (p) and (π)e coincide.

1

2 CHAPTER 7. CYCLOTOMIC EXTENSIONS

Proof. By (7.1.1) and (7.1.2),

1’ζ r

(1 ’ ζ ) = )(1 ’ ζ) = v(1 ’ ζ)•(p )

p = ¦pr (1) = (

1’ζ

ζ ζ

where v is a unit in Z[ζ]. The result follows. ™

We can now give a short proof of a basic result, but remember that we are operating

under the restriction that n = pr .

7.1.4 Proposition

The degree of the extension Q(ζ)/Q equals the degree of the cyclotomic polynomial,

namely •(pr ). Therefore the cyclotomic polynomial is irreducible over Q.

Proof. By (7.1.3), (p) has at least e = •(pr ) prime factors (not necessarily distinct) in

the ring of algebraic integers of Q(ζ). By the ram-rel identity (4.1.6), e ¤ [Q(ζ) : Q]. But

[Q(ζ) : Q] cannot exceed the degree of a polynomial having ζ as a root, so [Q(ζ) : Q] ¤ e.

If ζ were a root of an irreducible factor of ¦pr , then the degree of the cyclotomic extension

would be less than •(pr ), contradicting what we have just proved. ™

7.1.5 Lemma

Let B be the ring of algebraic integers of Q(ζ). Then (π) is a prime ideal (equivalently,

π is a prime element) of B. The relative degree f of (π) over (p) is 1, hence the injection

Z/(p) ’ B/(π) is an isomorphism.

Proof. If (π) were not prime, (p) would have more than •(pr ) prime ideal factors, which

is impossible, in view of the ram-rel identity. This identity also gives f = 1. ™

We will need to do several discriminant computations, and to prepare for this, we do

some calculations of norms. The symbol N with no subscript will mean the norm in the

extension Q(ζ)/Q.

7.1.6 Proposition

s s

N (1 ’ ζ) = ±p, and more generally, N (1 ’ ζ p ) = ±pp , 0 ¤ s < r.

Proof. The minimal polynomial of 1’ζ is ¦pr (1’X), which has constant term ¦pr (1’0) =

s

p by (7.1.1). This proves the ¬rst assertion. If 0 < s < r, then ζ p is a primitive (pr’s )th

root of unity, so by the above calculation with r replaced by r ’ s,

s

N1 (1 ’ ζ p ) = ±p

s

where N1 is the norm in the extension Q(ζ p )/Q. By transitivity of norms [see (2.1.7)]

s

applied to the chain Q(ζ), Q(ζ p ), Q, and the formula in (2.1.3) for the norm of an element

of the base ¬eld, we get

s s

N (1 ’ ζ p ) = N1 ((1 ’ ζ p )b )

s s

where b = [Q(ζ) : Q(ζ p )] = •(pr )/•(pr’s ) = ps . Thus N (1 ’ ζ p ) = ±pb , and the result

follows. ™

In (7.1.6), the sign is (’1)•(n) ; see (2.1.3).

7.1. SOME PRELIMINARY CALCULATIONS 3

7.1.7 Proposition

r

. Then D = ±pc , where c =

)’1

Let D be the discriminant of the basis 1, ζ, . . . , ζ •(p

pr’1 (pr ’ r ’ 1).

Proof. By (2.3.6), D = ±N (¦pr (ζ)). Di¬erentiate the equation

r’1 r

’ 1)¦pr (X) = X p ’ 1

(X p

to get

’1 ’1

r’1 r’1 r

’ 1)¦pr (X) + pr’1 X p

(X p ¦pr (X) = pr X p .

Setting X = ζ and noting that ζ is a root of ¦pr , we have

’1 ’1

r r

’ 1)¦pr (ζ) + 0 = pr ζ p

(ζ p .

Thus

pr ζ p ’1

r

¦pr (ζ) = pr’1 .

’1

ζ

The norm of the denominator has been computed in (7.1.6). The norm of ζ is ±1, as

r r’1

ζ is a root of unity. The norm of pr is pr•(p ) = prp (p’1) . By (2.1.3), the norm is

multiplicative, so the norm of ¦pr (ζ) is ±pc , where

c = r(p ’ 1)pr’1 ’ pr’1 = pr’1 (pr ’ r ’ 1). ™

7.1.8 Remarks

In (4.2.5), we related the norm of an ideal I to the ¬eld discriminant d and the discriminant

D(z) of a basis z for I. It is important to notice that the same argument works if I is

replaced by any free Z-module J of rank n. Thus if B is the ring of algebraic integers,

then

D(z) = |B/J|2 d.

r

Applying this result with z = {1, ζ, . . . , ζ •(p } and J = Z[ζ], we ¬nd that

)’1

D = |B/Z[ζ]|2 d.

Thus if we can show that the powers of ζ form an integral basis, so that Z[ζ] = B, then

in view of (7.1.7), we are able to calculate the ¬eld discriminant up to sign. Also, by the

exercises in Section 4.2, the only rami¬ed prime is p.

Let π = 1 ’ ζ as in (7.1.3), and recall the isomorphism Z/(p) ’ B/(π) of (7.1.5).

4 CHAPTER 7. CYCLOTOMIC EXTENSIONS

7.1.9 Lemma

For every positive integer m, we have Z[ζ] + pm B = B.

Proof. We ¬rst prove the identity with p replaced by π. If b ∈ B, then b + (π) = t + (π) for

some integer t, hence b’t ∈ (π). Thus Z[ζ]+πB = B, and consequently πZ[ζ]+π 2 B = πB.

Now iterate: If b ∈ B, then b = b1 + b2 , b1 ∈ Z[ζ], b2 ∈ πB. Then b2 = b3 + b4 , b3 ∈

πZ[ζ] ⊆ Z[ζ], b4 ∈ π 2 B. Observe that b = (b1 + b3 ) + b4 , so Z[ζ] + π 2 B = B. Continue

r

in this fashion to obtain the desired result. Now by (7.1.3), π •(p ) is p times a unit, so if

m = •(pr ), we can replace π m B by pB, so that Z[ζ] + pB = B. But we can iterate this

equation exactly as above, and the result follows. ™

7.1.10 Theorem

r

The set {1, ζ, . . . , ζ •(p )’1 } is an integral basis for the ring of algebraic integers of Q(ζpr ).

Proof. By (7.1.7) and (7.1.8), |B/Z[ζ]| is a power of p, so pm (B/Z[ζ]) = 0 for su¬ciently

large m. Therefore pm B ⊆ Z[ζ], hence by (7.1.9), Z[ζ] = B. ™

Problems For Section 7.1

This problem set will indicate how to ¬nd the sign of the discriminant of the basis

1, ±, . . . , ±n’1 of L = Q(±), where the minimal polynomial f of ± has degree n.

1. Let c1 , . . . , cr1 be the real conjugates of ±, that is, the real roots of f , and let

cr1 +1 , cr1 +1 , . . . , cr1 +r2 , cr1 +r2 be the complex (=non-real) conjugates. Show that the

sign of the discriminant is the sign of

r2

(cr1 +i ’ cr1 +i )2 .

i=1

2. Show that the sign of the discriminant is (’1)r2 , where 2r2 is the number of complex

embeddings.

3. Apply the results to ± = ζ, where ζ is a primitive (pr )th root of unity. (Note that a

nontrivial cyclotomic extension has no real embeddings.)

7.2 An Integral Basis of a Cyclotomic Field

In the previous section, we found that the powers of ζ form an integral basis when ζ is a

power of a prime. We will extend the result to all cyclotomic extensions.

7.2.1 Notation and Remarks

Let K and L be number ¬elds of respective degrees m and n over Q, and let KL be

ai bi with ai ∈ K

the composite of K and L. Then KL consists of all ¬nite sums

and bi ∈ L. This is because the composite can be formed by adjoining basis elements of

K/Q and L/Q one at a time, thus allowing an induction argument. Let R, S, T be the

algebraic integers of K, L, KL respectively. De¬ne RS as the set of all ¬nite sums ai bi

with ai ∈ R, bi ∈ S. Then RS ⊆ T , but equality does not hold in general. For example,

7.2. AN INTEGRAL BASIS OF A CYCLOTOMIC FIELD 5

√ √

look at K = Q( m1 ) and L = Q( m2 ), where m1 ≡ 3 mod 4, m2 ≡ 3 mod 4, hence

m1 m2 ≡ 1 mod 4.

7.2.2 Lemma

Assume that [KL : Q] = mn. Let σ be an embedding of K in C and „ an embedding of

L in C. Then there is an embedding of KL in C that restricts to σ on K and to „ on L.

Proof. The embedding σ has [KL : K] = n distinct extensions to embeddings of KL in

C, and if two of them agree on L, then they agree on KL (because they coincide with

σ on K). This contradicts the fact that the extensions are distinct. Thus we have n

embeddings of KL in C with distinct restrictions to L. But there are only n embeddings

of L in C, so one of them must be „ , and the result follows. ™