![Defining properties of the 8 × 8 Franklin squares [6].](https://www.researchgate.net/profile/Maya-Ahmed-2/publication/303943004/figure/fig3/AS:669406736695315@1536610411832/Defining-properties-of-the-8-8-Franklin-squares-6_Q320.jpg)
![The four main bent diagonals [28].](https://www.researchgate.net/profile/Maya-Ahmed-2/publication/303943004/figure/fig4/AS:669406736695316@1536610411915/The-four-main-bent-diagonals-28_Q320.jpg)
Content uploaded by Maya Ahmed
Author content
All content in this area was uploaded by Maya Ahmed on Jun 14, 2016
Content may be subject to copyright.
Abstract Algebra for Polynomial Operations
Maya Mohsin Ahmed
c
⃝Maya Mohsin Ahmed 2009
ALL RIGHTS RESERVED
To my students
As we express our gratitude, we must never forget that the highest
appreciation is not to utter words, but to live by them.
- John F. Kennedy.
3
4
Contents
1 Polynomial Division. 9
1.1 Rings and Fields. . . . . . . . . . . . . . . . . . . . . . 9
1.2 Polynomial division. . . . . . . . . . . . . . . . . . . . 11
1.3 Gr¨obnerbases. ...................... 15
2 Solving Systems of Polynomial Equations. 27
2.1 Ideals and Varieties. . . . . . . . . . . . . . . . . . . . 27
2.2 Elimination Theory. . . . . . . . . . . . . . . . . . . . . 33
2.3 Resultants. ........................ 39
3 Finding Roots of polynomials in Extension Fields. 51
3.1 Modular Arithmetic and Polynomial irreducibility in Q. 51
3.2 Field Extensions. . . . . . . . . . . . . . . . . . . . . . 57
3.3 QuotientRings....................... 64
3.4 Splitting fields of polynomials. . . . . . . . . . . . . . . 69
4 Formulas to find roots of polynomials. 81
4.1 Groups. .......................... 81
4.2 Cyclicgroups........................ 87
4.3 Normal Subgroups and Quotient Groups. . . . . . . . . 91
4.4 Basic properties of finite groups. . . . . . . . . . . . . . 95
4.5 Finite Abelian Groups. . . . . . . . . . . . . . . . . . . 101
4.6 Galoistheory........................ 107
4.7 Proof of Galois’ Criterion for solvability. . . . . . . . . 119
5 Constructing and Enumerating integral roots of systems
of polynomials. 135
5.1 MagicSquares. ...................... 135
5.2 Polyhedral cones. . . . . . . . . . . . . . . . . . . . . . 138
5
5.3 Hilbert bases of Polyhedral cones . . . . . . . . . . . . 141
5.4 ToricIdeals......................... 145
5.5 Hilbert Functions. . . . . . . . . . . . . . . . . . . . . . 149
5.6 Ehrhart Polynomials. . . . . . . . . . . . . . . . . . . . 154
6 Miscellaneous Topics in Applied Algebra. 159
6.1 Counting Orthogonal Latin squares. . . . . . . . . . . . 159
6.2 Chinese Remainder Theorem. . . . . . . . . . . . . . . 163
6.3 Cryptology ........................ 166
6.4 Algebraic codes. . . . . . . . . . . . . . . . . . . . . . . 171
A 189
A.1 The Euclidean Algorithm. . . . . . . . . . . . . . . . . 189
A.2 Polynomial irreducibility. . . . . . . . . . . . . . . . . . 192
A.3 Generating Functions. . . . . . . . . . . . . . . . . . . 194
A.4 Algorithms to compute Hilbert bases. . . . . . . . . . . 197
A.5 Algorithms to compute toric ideals. . . . . . . . . . . . 198
A.6 Algorithms to compute Hilbert Poincar´e series. . . . . . 201
6
Foreword
To forget one’s purpose is the commonest form of stupidity - Nietzsche.
I have been asked, time and again, what the purpose is of learning
Abstract Algebra. I wrote this book to answer this perennial question.
Traditionally, Algebra books begin with definitions and theorems and
applications might appear as examples. Many students are not inclined
to learn without a purpose. The beautiful subject of Algebra closes
doors on them. The responses of many students to Abstract Algebra
remind me of Gordan’s reaction to the proof of the Hilbert’s basis
Theorem - This is not Mathematics. This is Theology.
The focus of this book is applications of Abstract Algebra to poly-
nomial systems. The first five chapters explore basic problems like
polynomial division, solving systems of polynomials, formulas for roots
of polynomials, and counting integral roots of equations. The sixth
chapter uses the concepts developed in the book to explore coding the-
ory and other applications.
This book could serve as a textbook for a beginning Algebra course,
a student takes immediately after a Linear Algebra course. Linear Al-
gebra is not a prerequisite but will provide the basis for the natural
progression to nonlinear Algebra. This book could also be used for
an elective course after an Abstract Algebra course to focus on appli-
cations. This book is suitable for third or fourth year undergraduate
students.
Maya Mohsin Ahmed
7
8
Chapter 1
Polynomial Division.
Judge a man by his questions rather than by his answers – Voltaire.
If someone asks you whether you know how to divide polynomials
your first answer would be sure you do. You learned that in high
school or earlier. But now if the question is rephrased and you are
asked whether you know how to divide polynomials in more than one
variable, then to your surprise, you find you do not know the answer
unless you have taken a couple of courses in Abstract Algebra. In this
chapter we introduce Rings and Fields which are algebraic objects that
allow you to solve such problems.
1.1 Rings and Fields.
Definition 1.1.1. Aring is a nonempty set Requipped with two oper-
ations (usually written as addition and multiplication) that satisfy the
following axioms.
1. Ris closed under addition: if a∈Rand b∈Rthen a+b∈R.
2. Addition is associative: if a, b, c ∈R, then a+ (b+c) = (a+b)+c.
3. Addition is commutative: if a, b ∈R, then a+b=b+a
4. There is an additive identity (or zero element) 0Rin Rsuch that
a+ 0R=a= 0R+afor every a∈R.
5. For each a∈Rthere is an additive inverse (denoted by -a) in
R, that is the equation a+x= 0Rhas a solution in R. For
convenience we write b+ (−a)as b−afor a, b ∈R.
9
6. Ris closed under multiplication: if a∈R, and b∈Rthen a·b∈
R.
7. Multiplication is associative: if a, b, c ∈R, then a·(b·c) = (a·b)·c.
8. Distributive laws of multiplication hold in R: if a, b, c ∈R, then
a·(b+c) = a·b+a·cand
(a+b)·c=a·c+b·c.
Example 1.1.1.
1. The set of integers Z={. . . , −2,−1,0,1,2, . . . }is a ring.
2. The set of rational numbers Qis a ring.
3. The set of complex numbers Cis a ring.
4. Let kbe a ring. The set of all polynomials in nvariables with coef-
ficients in k, denoted by k[x1, x2, . . . , xn], with the usual operation
of addition and multiplication of polynomials, is a ring. Conse-
quently, C[x1, x2, . . . , xn], Q[x1, x2, . . . , xn], and Z[x1, x2, . . . , xn]
are rings.
A ring in which the operation of multiplication is commutative is
called a commutative ring. A ring with identity is a ring Rthat contains
an element 1Rsatisfying the axiom:
a·1R=a= 1R·afor all a∈R.
Definition 1.1.2. An integral domain is a commutative ring Rwith
identity 1R̸= 0Rthat satisfies the condition:
Whenever a, b ∈Rand ab = 0R,then a= 0Ror b= 0R.
Example 1.1.2.
The sets Zand Qare integral domains.
Definition 1.1.3. Afield is a commutative ring with identity in which
every nonzero element has an inverse.
Note that in a field Fdivision is closed, i.e., if a, b ∈F, then
a/b =ab−1∈F.
10
Example 1.1.3.
1. The sets Qand Care fields.
2. The set Zis not a field.
3. The set k[x1, x2, . . . , xn] is not a field.
Many results from elementary algebra are also true for rings.
Example 1.1.4. Let Rbe a ring. If a, b ∈R, then a−(−b) = a+b.
Proof. Since b−b=b+ (−b) = 0R, we get that the inverse of (−b)
−(−b) = b.
Therefore
a−(−b) = a+b.
Similar properties of rings are explored in the exercises.
1.2 Polynomial division.
We first look at polynomial divisions that involve only one variable x.
The monomial of a polynomial with the highest degree is called the
leading monomial and the coefficient of the leading monomial is called
the leading coefficient. The leading term of a polynomial is the product
of the leading coefficient and the leading monomial. The degree of the
leading term is also the degree of the polynomial. The nonzero constant
polynomials have degree zero. The constant polynomial 0 does not have
a degree.
Theorem 1.2.1 (The Division Algorithm).Let f(x)and g(x)be poly-
nomials with real coefficients such that g(x)̸= 0. Then there exists
unique polynomials q(x)and r(x)such that
f(x) = g(x)q(x) + r(x)
and degree r(x)<degree g(x).
The polynomial q(x)is called the quotient and the polynomial r(x)
is called the remainder.
11
The proof of the division algorithm is dealt with in the exercises.
Example 1.2.1. If we divide f=x4+x+ 1 by g=x2−1, we get
r= 2x+ 1 as remainder. Observe that the degree of ris less than the
degree of g.
But the story changes when we work with polynomials involving
more than one variable. For example, determining which is the leading
term of the polynomial x2+xy +y2is not as straightforward as the
one variable case. Consequently, we need to establish an ordering of
terms for multivariable polynomials.
Let Zn
≥0denote the set of n-tuples with nonnegative integer coordi-
nates and let kbe a field. Consider the ring of polynomials k[x1, x2, . . . xn].
Observe that we can reconstruct the monomial xα=xα1
1···xαn
1
from the n-tuple of exponents (α1, . . . , αn)∈Zn
≥0. In other words, there
is a one-to-one correspondence between monomials in k[x1, . . . , xn] and
Zn
≥0. This correspondence allows us to use any ordering >we establish
on the space Zn
≥0as an ordering on monomials, that is,
α > β in Zn
≥0implies xα> xβin k[x1, . . . , xn].
Definition 1.2.1. AMonomial ordering on k[x1, . . . , xn]is any re-
lation >on Zn
≥0, or equivalently, any relation on the set of monomials
xα, α ∈Zn
≥0, satisfying:
1. >is a total (or linear) ordering on Zn
≥0, which means that, for
every pair α, β ∈Zn
≥0exactly one of the three statements
α > β, α =β, β > α
should be true.
2. If α > β ∈Zn
≥0, then α+γ > β +γ, whenever γ∈Zn
≥0.
3. >is a well-ordering in Zn
≥0, that is, every nonempty subset of Zn
≥0
has a smallest element under >.
We now look at some common monomial orderings.
Definition 1.2.2 (Lexicographic (or Lex) ordering). Let α=
(α1, . . . , αn)and β= (β1, . . . , βn)∈Zn
≥0. We say α >lex βif, in the
vector difference α−β∈Zn
≥0, the left-most nonzero entry is positive.
And we write xα>lex xβif α >lex β.
12
Example 1.2.2. 1. Consider the polynomial f=x2+xy +y2. We
have x2>lex xy because (2,0) >lex (1,1): check that in the vector
difference (2,0) −(1,1) = (1,−1), the leftmost entry is positive.
Similarly, x2>lex y2since (2,0) >lex (0,2). Therefore, the lead-
ing term of the polynomial fwith respect to the lexicographic
ordering is x2.
2. The leading term of the polynomial x+y4with respect to the lex
ordering is x.
Different monomial orderings give different leading terms for the
same polynomial and we make the choice of monomial ordering that
serves our purpose best.
Definition 1.2.3 (Graded lex order). Let α, β ∈Zn
≥0and let
|α|=
n
i=1
αi,|β|=
n
i=1
βi.
We say α >glex βif
|α|>|β|or |α|=|β|and α >lex β.
Example 1.2.3. 1. The leading term of the polynomial x2+xy +y2
with respect to graded lex order is still x2. This is because the
degrees of all other terms being the same, the condition x >lex y
determines the leading term.
2. The leading term of the polynomial x+y4is y4with respect to
the graded lex ordering.
We refer the reader to Chapter 2 in [17] for other monomial order-
ings and also for a detailed study of the same. Now that we have a
notion of monomial orderings, can we satisfactorily divide polynomials
with more than one variable? The answer still is no because there is
one more problem we must discuss. We do this with an example.
Example 1.2.4. Let us divide f=x2+xy + 1 with the polynomial
g=xy −xwith respect to the graded lex ordering.
The leading term of fis x2and is not divisible by the leading term
xy of g. In the one variable case this would imply that fis not divisible
13
by g. But in the case of multivariable polynomials fis still divisible
by gbecause the second term of fis divisible by the leading term of
g. So we ignore the leading term of fand perform division as shown
below.
q: 1
xy −xx2+xy + 1
xy −x
x2+x+ 1
The quotient q= 1 and the remainder r=x2+x+ 1 and we write
f=qg +r. So the idea is to continue dividing till none of the terms of
fis divisible by the leading term of g. Observe that
lead term r >glex lead term g.
Recall that this cannot happen in one variable polynomial division.
To conclude, we list the two steps involved in dividing a multivari-
able polynomial fby a multivariable polynomial g:
1. Choose a monomial ordering.
2. Divide until none of the terms of the remainder is divisible by the
leading term of g.
Sometimes we need to divide a polynomial fby a set of polynomials
F={f1, . . . , fn}, that is, write fas
f=
n
i
qifi+rwhere qiare quotients and ris the remainder.
For example, we want to know whether the solutions of a system
of polynomials in F={f1, . . . , fn}are also roots of a polynomial f
(this question is formalized in Section 2.1). To answer this question,
we divide fby the set {f1, . . . , fn}to write f=n
iqifi+r. If the
remainder r= 0, then the solutions of the system Fare roots of f.
In the following example, we demonstrate the dependence of the
remainder on the order of division. The remainder is different when
the order of division is different.
14
Example 1.2.5. Let F={f1, f2}where f1=xy −1 and f2=y2−1,
and let f=xy2−y3+x2−1. We divide the polynomial ffirst by f1
and then by f2with respect to the graded lex ordering:
q1:y
q2:−y
xy −1
y2−1xy2−y3+x2−1
xy2−y
−y3+x2+y−1
−y3+y
x2−1
Therefore,
f=q1f1+q2f2+rwhere r=x2−1, q1=y, q2=−y.
Now we change the order of division and divide fby f2first and
then f1:
q1: 0
q2:x−y
y2−1
xy −1xy2−y3+x2−1
xy2−x
−y3+x2+x−1
−y3+y
x2+x−y−1
This gives us
f=q1f1+q2f2+rwhere r=x2+x−y−1, q1= 0, q2=x−y.
Since the remainder is not unique, we cannot say at this point, whether
r= 0 for some q1and q2. To get a unique remainder for a given
monomial ordering, no matter what the order of division is, we use
Gr¨obner bases which are discussed in the next section.
1.3 Gr¨obner bases.
Subsets of a ring need not be rings. For example, the set of even
integers is a ring whereas the set of odd integers is not (the sum of two
15
odd integers is not odd). A subset of a ring that is also a ring is called
asubring.
Definition 1.3.1. A subring Iof a ring Ris an ideal provided:
Whenever r∈Rand a∈I, then r·a∈Iand a·r∈I.
Ideals bring the generalized notion of being closed under scalar mul-
tiplication we find in vector spaces to rings.
Example 1.3.1.
1. {0R}and Rare ideals for every ring R.
2. The only ideals of a field Rare {0R}and R. See Exercise 5.
3. The set of even integers is an ideal of the ring Z.
We now prove a result that is handy while proving a subset of a
ring is an ideal and help skip the many checks of the definition.
Proposition 1.3.1. A nonempty subset Iof a ring Ris an ideal if
and only if it has the following two properties:
1. if a, b ∈I, then a−b∈I;
2. if r∈Rand a∈I, then r·a∈Iand a·r∈I.
Proof. Every ideal has these two properties by definition. Con-
versely suppose Ihas properties (1) and (2). Since Iis a subset of R,
addition is associative and commutative, multiplication is associative,
and the distributive laws of multiplication hold in Ias well. Therefore,
to prove Iis a subring we only need to prove that Iis closed under
addition and multiplication, 0R∈I, and that the additive inverse of
every element of Iis also in I. Since Iis nonempty there is some
element a∈I. Applying (1), we get a−a= 0R∈I. Now if a∈I,
then again by (1), 0r−a=−a∈I. Now, let a, b ∈I. Since −b∈I,
a−(−b) = a+b∈I. Thus Iis closed under addition. If a, b ∈I, then
a, b ∈Rsince Iis a subset of R. Consequently, Property (2) implies
that a·b∈I. Hence Iis closed under multiplication. Thus, Iis an
ideal.
In many cases, ideals tend to be infinite sets. So it is convenient to
describe ideals in terms of a finite set, whenever possible.
16
Proposition 1.3.2. Let Rbe a ring and let F={f1, . . . , fs}be a
subset of R. Then the set I={s
i=1 ai·fi:ai∈R}is an ideal.
Iis called the ideal generated by the set Fand is denoted I=<
f1, . . . , fs>.
Proof. We use Proposition 1.3.1 to prove Iis an ideal. Let a, b ∈I
such that a=s
i=1 ai·fiand b=s
i=1 bi·fiwhere ai, bi∈Rfor
i= 1 to s. Then a−b=s
i=1(ai−bi)·fi∈Ibecause (ai−bi)∈R
for all isince Ris a ring. Thus Isatisfies property (1) in Proposition
1.3.1. Again, since Ris a ring, for r∈R,r·ai∈Rfor i= 1 to s.
Therefore, r·a=s
i=1(rai)·fi∈Iby definition of I. Similarly we
prove that a·r∈I. Thus Ialso satisfies property (2) of Proposition
1.3.1. Therefore, Iis an ideal.
Example 1.3.2.
1. The zero ideal is generated by a single element: I=<0R>={0R}
for every ring R.
2. An ideal Ican have different sets of generators. Let R=Q[x1, . . . , xn]
be the polynomial ring with rational coefficients. Then the ideal
I=< xy −1, y2−1>=< x −y, y2−1>(see Exercise 8).
Is every ideal of ring Rfinitely generated? Not always, but in the
case of Noetherian rings this is true.
Definition 1.3.2. A ring Ris a Noetherian ring if every ideal Iof
Ris finitely generated, i.e., I=< f1, . . . , fs>such that fi∈Rfor
i= 1 to s.
Theorem 1.3.1 (Hilbert’s Basis Theorem).If Ris a Noetherian ring
then so is the polynomial ring R[x].
The Proof of the Hilbert’s basis Theorem is given in [7, 17] and is
beyond the scope of this book. An ideal that is generated by one ele-
ment is called a principal ideal. A principal ideal domain is an integral
domain in which every ideal is principal.
Example 1.3.3. The field kis finitely generated as an ideal (k=<
1>). The only other ideal of kis <0>. In fact, both the ideals
of kare principal ideals and hence finitely generated. Thus, fields
are Noetherian. Therefore, Theorem 1.3 implies k[x1] is Noetherian
whenever kis a field. Applying the theorem subsequently we derive
k[x1, x2, . . . , xn] is Noetherian whenever kis a field
17
A Gr¨obner basis of an ideal Iis a set of generators of I, and we
now proceed to define it.
Let I⊂k[x1, . . . , xn] be an ideal other than {0}. Let LT(I) denote
the set of leading terms of elements of I, that is,
LT(I) = {cxα: there exists f∈Iwith LT(f) = cxα}.
We denote <LT(I)>to be the ideal generated by the elements of
LT(I).
Definition 1.3.3. Fix a monomial order. A finite subset G={g1, . . . , gt}
of an ideal Iis said to be Gr¨obner basis if
<LT(g1), . . . , LT(gt)>=<LT(I)> .
In other words, a set {g1, . . . , gt}is a Gr¨obner basis of Iif and only
if the leading term of any element of Iis divisible by one of the LT(gi)
because the ideal <LT(I)>is generated by LT(gi).
In order to compute Gr¨obner bases, we define S-polynomials. For a
fixed monomial ordering, let LM(f) denote the leading monomial of a
polynomial fand let LT(f) denote the leading term of f.
Definition 1.3.4. 1. Let the leading monomials of polynomials f
and gbe
LM(f) =
n
i=1
xiαiand LM(g) =
n
i=1
xiβi.
We call xγthe least common multiple (LCM) of LM(f)and
LM(g), if γ= (γ1, . . . , γn)such that γi=max (αi, βi)for each i.
2. The S-polynomial of fand gis the combination
S(f, g) = xγ
LT (f)·f−xγ
LT (g)·g.
Observe that we construct a S-polynomial of the polynomials fand
gby eliminating the lead terms of fand g, and that the S-polynomial
always has a smaller lead term than the lead terms of fand g.
Example 1.3.4. We now return to Example 1.2.5. Consider the
graded lex ordering, then
LM(f1) = xy and LM(f2) = y2.
18
The least common multiple of LM (f1) and LM(f2) is
xγ=xy2.
Therefore
S(f1, f2) = xy2
xy f1−xy2
y2f2=yf1−xf2(1.1)
=y(xy −1) −x(y2−1) = x−y.
In his 1965 Ph.D. thesis, Bruno Buchberger created the theory of
Gr¨obner bases and named these objects after his advisor Wolfgang
Gr¨obner. We now provide his algorithm to compute a Gr¨obner basis
of an ideal.
Algorithm 1.3.1. (Buchberger’s Algorithm.)
•Input: A set of polynomials F={f1, . . . , fs}
•Output: A Gr¨obner basis G={g1, . . . , gt}associated to F.
•Method:
Choose a monomial ordering.
Start with G:= F.
Repeat G′:= G
1. For each pair {p, q}, p ̸=qin G′find S-polynomial S(p, q).
2. Divide S(p, q) by the set of polynomials G′.
3. If S̸= 0 then G:= G∪ {S}
Until G=G′.
Observe that for each pair {p, q}, p ̸=qin the Gr¨obner basis G
the remainder after dividing the S-polynomial S(p, q) by Gis always
zero. Gr¨obner bases for the same set of polynomials differ according
to the monomial order we choose in our algorithm. The proof of the
Buchberger’s Algorithm is found in [17].
Given a monomial ordering can we find a unique Gr¨obner basis?
The answer is yes and this basis also has the smallest number of poly-
nomials and is called reduced.
19
Definition 1.3.5. Areduced Gr¨obner basis for a set of polynomials
Fis a Gr¨obner basis Gof Fsuch that:
1. The leading coefficient is 1for all p∈G.
2. For all p∈G, none of the terms of pis divisible by the leading
term of qfor each q∈G− {p}.
To find the reduced Gr¨obner basis we need to modify Algorithm
1.3.1 a little. We now add one more step before repeating the loop.
Algorithm 1.3.2. (Computing a reduced Gr¨obner basis.)
•Input: A set of polynomials F={f1, . . . , fs}
•Output: The reduced Gr¨obner basis G={g1, . . . , gt}of F.
•Method:
Choose a monomial ordering.
Start with G:= F.
Repeat G′:= G
1. For each pair {p, q}, p ̸=qin G′, find S-polynomial S(p, q).
2. Divide S(p, q) by the set of polynomials G′.
3. If S̸= 0 then G:= G∪ {S}
4. Divide each p∈Gby G− {p}to get p′. If p′̸= 0, replace p
by p′in G. If p′= 0 then G=G− {p}.
Until G=G′.
Example 1.3.5. We return to Example 1.2.5 and compute the reduced
Gr¨obner basis of the ideal generated by Fwith respect to the graded
lex ordering.
Initially the Gr¨obner basis G=F. We go to Step 1 in Algo-
rithm 1.3.2 and compute S(f1, f2). We have from Equation 1.1 that
S(f1, f2) = x−y. Let f3=S(f1, f2). The remainder after dividing f3
by Gis also f3. Since f3̸= 0, in accordance with Step 3, we add f3to
G, that is G={f1, f2, f3}. Now proceed to Step 4. The remainder is
zero when f1is divided by {f2, f3}. Therefore G={f2, f3}. Verify that
more polynomials cannot be eliminated from Gand go back to the be-
ginning of the loop with G={f2, f3}. In Step 1, f4=S(f2, f3) = y3−x
20
whose remainder is zero when we divide it by G. We now can exit
the loop and conclude that the reduced Gr¨obner basis with respect to
Graded lex ordering is
G={x−y, y2−1}.
Gr¨obner bases can be computed using mathematical softwares like
Singular ( http://www.singular.uni-kl.de), CoCoA (http://cocoa.dima.unige.it),
and Macaulay2( http://www.math.uiuc.edu/Macaulay2). Here, we demon-
strate how to compute Gr¨obner bases using Singular.
Example 1.3.6. We use Singular to compute the reduced Gr¨obner
basis Gof the ideal (xy −1, y2−1) with respect to the graded lex
ordering. The command to compute Gr¨obner basis of an ideal Iis
std(I). We get G={x−y, y2−1}. A sample input output session of
Singular to compute a Gr¨obner basis is given below.
> ring r = 0, (x,y), Dp;
> ideal I = xy-1, y^2-1;
> std(I);
_[1]=x-y
_[2]=y2-1
> exit;
Auf Wiedersehen.
Lemma 1.3.1. Let rbe the remainder we get when we divide fby a
Gr¨obner basis Gof the ideal I=< F >. Then, ris also a remainder
when fis divided by F.
Proof. The S-polynomials are at first monomial combinations of
polynomials in F. Later, in the Buchberger’s algorithm, S-polynomials
include polynomials from G. But gi∈Gare either S-polynomials
or remainders when S-polynomials are divided by polynomials in G.
Therefore, from the expression f=gi∈Gaigi+rwe get from dividing
fby G, we are always able to write f=fi∈Fqifi+rsuch that qiare
polynomials. And rremains the same.
Now we have all the tools to perform polynomial divisions by a set.
We demonstrate the process with an example. The Gr¨obner basis used
in the process is not required to be reduced, in general.
Example 1.3.7. Going back to Example 1.2.5, we divide f=xy2−
y3+x2−1 by F.
21
From Example 1.3.5, we know that the Gr¨obner basis with respect
to the glex ordering of the ideal I=< F > is G={x−y, y2−1}.
By Lemma 1.3.1, the remainder we get by dividing fby Gis also a
remainder when fis divided by F.
We now show that the order of division do not matter when fis
divided by G.
When we divide fby x−yfirst and then by y2−1, we get the
remainder r= 0 as described below.
q1 : y2+x+y
q2 : 1
x−y
y2−1xy2−y3+x2−1
xy2−y3
x2−1
x2−xy
xy −1
xy −y2
y2−1
y2−1
0
We now change the order of division, that is, we divide fby g2
first and then g1to demonstrate that the remainder remains the same.
When we divide a polynomial with a set of polynomials, just like in the
case of dividing a polynomial with a single polynomial, the remainder
has to be a polynomial such that none of its terms are divisible by any
polynomial in the set. For example after dividing fby g2and g1once,
we get a remainder y2−1. We need to divide y2−1 again with g2to
get the actual remainder 0. The details are given below. Observe that
the quotients, unlike the remainder, depend on the order of division.
22
q1 : x+y+ 1
q2 : x−y+ 1
y2−1
x−yxy2−y3+x2−1
xy2−x
−y3+x2+x−1
−y3+y
x2+x−y−1
x2−xy
xy +x−y−1
xy −y2
y2+x−y−1
x−y
y2−1
y2−1
0
Consequently, we get
f=xy2−y3+x2−1 = (y2+x+y)f3+f2.(1.2)
We also know from Equation 1.1 that f3=S(f1, f2) = yf1−xf2.
Therefore,
f=q1f1+q2f2+ 0 where
q1=y(y2+x+y) and
q2=−x(y2−x−y) + 1.(1.3)
A zero remainder implies that the solutions of Fare roots of f.
It is easy to check that f, indeed, vanishes at the two solutions of F,
namely, (1,1) and (−1,−1).
We leave it as an exercise to prove that f∈Iif and only if the
remainder we get when fis divided by Gis zero.
In conclusion, the strategy we follow to divide a polynomial fby a
set of polynomials Fto get a unique remainder is as follows:
23
1. Compute Gr¨obner basis G={g1, . . . , gt}of the ideal I=< F >.
2. Divide fby Gto get a unique remainder r. Note that none of
the terms of rare divisible by any polynomial in G.
3. Trace the quotients qi,i= 1 to nfrom the S-polynomials to write
f=q1f1+· ·· +qnfn+r.
In this chapter, we saw that replacing a set of polynomials with
a Gr¨obner basis gave us a unique remainder. We will see some more
applications of Gr¨obner bases in later chapters.
Exercises.
1. Prove that the set of all n×nmatrices with the usual opera-
tions of matrix multiplication and addition over real numbers is
a noncommutative ring with identity.
2. Prove that the set Tof all continuous functions from Rto Ris a
ring with identity where addition and multiplication is defined as
follows. Let f, g ∈T, the
(f+g)(x) = f(x) + g(x) and (fg)(x) = f(x)g(x).
3. Let Rand Sbe rings. Define addition and multiplication on the
Cartesian product R×Sby
(r, s)+(r′, s′) = (r+r′, s +s′)
(r, s)·(r′, s′) = (r·r′, s ·s′).
Prove that R×Sis a ring. Also prove that if Rand Sare
commutative, then so is R×S, and that if Rand Seach have an
identity, then so does R×S.
4. Let Rbe a ring. Prove that for any element a, b, c ∈R
(a) the equation a+x= 0Rhas a unique solution;
(b) a+b=a+cimplies b=c;
(c) a·0R= 0R= 0R·a;
(d) (−a)·(−b) = a·b;
24
(e) −(−a) = a.
5. Prove that the only ideals of a field Rare <0R>and R.
6. Prove that every ideal in Zis principal (Hint: show that I=<
c >, where cis the smallest integer in I).
7. If kis a field, show that k[x] is a principal ideal domain.
8. Prove that the ideals < xy −1, y2−1>and < x −y, y2−1>
are the same. (Hint: Prove that both the ideals have the same
minimal Gr¨obner basis).
9. Let Ibe an ideal, prove that f∈Iif and only if the remainder
we get when fis divided by a Gr¨obner basis of Iis zero.
10. Use the principle of induction to prove the division algorithm
(Theorem 1.2.1).
11. Show that the remainder is zero when the polynomial x2y−xy2−
y2+ 1 is divided by the set {xy −1, y2−1}.
12. Compute the Gr¨obner basis of the ideal < x −z4, y −z5>with
respect to the lex and graded lex orderings.
13. Write a computer program to find the Gr¨obner basis of an ideal
w.r.t the lex ordering.
25
26
Chapter 2
Solving Systems of
Polynomial Equations.
The greatest challenge to any thinker is stating the problem in a way
that will allow a solution – Bertrand Russell.
In this chapter, we look at solutions to systems of polynomial equa-
tions. Systems of polynomials are solved by eliminating variables. In
Linear Algebra, where all the polynomials involved are of degree one,
eliminating variables involved matrix operations. For systems of higher
order polynomials we use Gr¨obner bases to do the same.
2.1 Ideals and Varieties.
Let kbe a field, and let f1, . . . , fsbe polynomials in k[x1, . . . , xn].
In this section, we will consider two fundamental questions about the
system of equations defined by F={f1, . . . , fs}:
1. Feasibility - When does the system defined by Fhave a solution
in kn?
2. Which are the polynomials that vanish on the solution set of F?
Solution sets of finite sets of polynomials are commonly known as
varieties:
Definition 2.1.1. Let kbe a field. and let f1, . . . , fsbe polynomials in
k[x1, . . . , xn]. The set
V(f1, . . . , fs) = {(a1, . . . , an)∈kn:fi(a1, . . . , an) = 0 for all 1≤i≤s}
27
is called the affine variety defined by f1, . . ., fs.
Example 2.1.1.
1. V(x2+y2−1) is the circle of radius 1 centered at the origin in C.
2. V(xy −1, y2−1) = {(1,1),(−1,−1)}in C.
3. Observe that a variety depends on the coefficient field: let f=
x3y−x2y−x3+x2−2xy + 2y+ 2x−2, then
V(f) =
{(√2, y),(−√2, y),(x, 1),(1, y)}in R,
{(x, 1),(1, y)}in Q.
Now we look at solutions of all the polynomials in an ideal I.
Definition 2.1.2. Let I⊂k[x1, . . . , xn]be an ideal. We denote by
V(I)the set
V(I) = {(a1, . . . , an)∈kn:f(a1, . . . , an) = 0 for all f∈I}.
Though Iis usually infinite for infinite fields, computing V(I) is
equivalent to finding the roots of a finite set of polynomials. We prove
this fact next.
Theorem 2.1.1. V(I)is an affine variety. In particular, if I=<
f1, . . . , fs>, then V(I) = V(f1, . . . , fs).
Proof. By Hilbert’s Basis Theorem 1.3.1, I=< f1, . . . , fs>for
some generating set {f1, . . . , fs}. We now show that V(I) = V(f1, . . . , fs).
Let (a1, . . . , an)∈V(I), then since fi∈I,fi(a1, . . . , an) = 0 for all
i= 1 to s. Therefore,
V(I)⊂V(f1, . . . , fs).(2.1)
Now let (a1, . . . , an)∈V(f1, . . . , fs) and let f∈I. Since I=<
f1, . . . , fs>, we can write f=s
i=1 hififor some hi∈k[x1, . . . , xn].
But then
f(a1, . . . , an) =
s
i=1
hi(a1, . . . , an)fi(a1, . . . , an)
=
s
i=1
hi(a1, . . . , an)·0 = 0.
28
Therefore,
V(f1, . . . , fs)⊂V(I).(2.2)
Equations 2.1 and 2.2 prove that V(I) = V(f1, . . . , fs).
Theorem 2.1.1 implies that the solutions of a given set of polynomi-
als Fare the same as the solutions of an ideal Igenerated by F. The
biggest advantage of passing from Fto I=< F >, as we shall see, is
that we can replace Fby a Gr¨obner basis for all practical purposes.
A field kis algebraically closed if every non-constant polynomial
in k[x] has a root in k. For example, Ris not algebraically closed
because x2+ 1 has no roots in R. on the other hand, Cis an alge-
braically closed field because of the fundamental theorem of algebra
(every non-constant polynomial in C[x] has a root in C). The next
theorem answers the feasibility question for algebraically closed fields.
Theorem 2.1.2 (The Weak Nullstellensatz).Let kbe an algebraically
closed field and let I⊂k[x1, . . . , xn]be an ideal such that V(I)is empty,
then I=k[x1, . . . , xn].
The proof of this Theorem is beyond the scope of this book and we
refer the reader to [17] for a proof. The Weak Nullstellensatz implies
that every proper ideal has a solution in an algebraically closed field.
If the field is not algebraically closed, the Weak Nullstellensatz holds
one way, that is, if I=k[x1, . . . , xn], then V(I) is empty. The next
lemma is useful while checking whether I=k[x1, . . . , xn].
Lemma 2.1.1. Let kbe a field, then I=k[x1, . . . , xn]if and only if
1∈I.
Proof. If I=k[x1, . . . , xn] then 1 ∈I. This is because k⊂
k[x1, . . . , xn] and 1 ∈kbecause kis a field.
Conversely, if 1 ∈I, then a·1∈Ifor every a∈k[x1, . . . , xn] by def-
inition of an ideal. Therefore, k[x1, . . . , xn]⊂I. But I⊂k[x1, . . . , xn].
Thus, I=k[x1, . . . , xn].
Consequently, if we want to check whether a given system of polyno-
mials F={f1, . . . , fs}has a solution, we compute the reduced Gr¨obner
basis Gof the ideal I= (f1, . . . , fs). If G={1}we conclude that Fhas
29
no solution. We leave it as an exercise to prove that if I=k[x1, . . . , xn]
then the reduced Gr¨obner basis of Iis {1}(Exercise 3).
In Section 1.2, we talked about how being able to write a polyno-
mial fas f=s
i=1 qifi(that is, remainder is zero when fis divided
by {f1, . . . , fs}) meant that the fvanished on the solution set of the
system of equations fi= 0, i = 1..s. This is because f=s
i=1 qifi
implies that fbelongs to the ideal I=< f1, . . . , fs>. Moreover, by
Theorem 2.1.1, V(I) = V(f1, . . . , fs). Consequently, f∈Ithen fvan-
ishes on V(f1, . . . , fs). Are these the only polynomials that vanish on
V(f1, . . . , fs)? Now, we explore this question.
The next lemma proves that the set of all polynomials that vanish
on a given variety V, denoted by I(V), is an ideal.
Lemma 2.1.2. Let V⊂knbe an affine variety, and let
I(V) = {f∈k[x1, . . . , xn] : f(a1, . . . , an) = 0 for all (a1, . . . , an)∈V},
then I(V) is an ideal of R=k[x1, . . . , xn].
Proof. We use Proposition 1.3.1 to prove I(V) is an ideal. Let
f, g ∈I(V) and let (a1, . . . , an)∈V. Then
f(a1, . . . , an)−g(a1, . . . , an) = 0 −0 = 0.(2.3)
Therefore f−g∈I(V). For every h∈Rand f∈I(V),
h(a1, . . . , an)f(a1, . . . , an) = h(a1, . . . , an)·0 = 0.(2.4)
This implies that hf ∈I(V). Properties 2.3 and 2.4 implies I(V)
is an ideal.
From the discussion above Lemma 2.1.2, we know that I⊂I(V(I)).
Is I(V(I)) = I? The answer in general is no. It is usually a bigger
ideal that contains I. We now compute I(V(I)) for algebraically closed
fields.
Theorem 2.1.3 (Hilbert’s Nullstellensatz).Let kbe an algebraically
closed field, and let f, f1, . . . , fs∈k[x1, . . . , xn]. Then f∈I(V(f1, . . . , fs))
if and only if there exists an integer m≥1such that
fm∈< f1, . . . fs> .
30
Proof. If fm∈< f1, . . . fs>, then fm=s
i=1 Aififor some
Ai∈k[x1, . . . , xn]. Consequently, fvanishes at every common zero
of polynomials f1, . . . , fsbecause fmvanishes at these zeroes. There-
fore f∈I(V(f1, . . . , fs)). Conversely, assume that fvanishes at every
common zero of the polynomials f1, . . . , fs. We must show that there
exists an integer m≥1 and polynomials Ai, . . . , Assuch that
fm=
s
i=1
Aifi.(2.5)
To do this we introduce a new variable yand then consider the ideal
˜
I=< f1, . . . fs,1−fy >∈k[x1, . . . , xn, y].
We claim that V(˜
I) is empty. To see this let (a1, . . . , an, an+1)∈
kn+1. There are only two possibilities. Either
1. (a1, . . . , an) is a common zero of f1, . . . , fsor
2. (a1, . . . , an) is not a common zero of f1, . . . , fs
In the first case, f(a1, . . . , an) = 0 by our assumption that fvan-
ishes at every common zero of f1, . . . , fs. Therefore, the polynomial
1−yf takes the value 1 −an+1f(a1, . . . , an)=1̸= 0. This implies
(a1, . . . , an, an+1)̸∈ V(˜
I).
In the second case, for some t, 1 ≤t≤s,ft(a1, . . . , an)̸= 0.
We treat ftas a function of n+ 1 variables that does not depend on
the last variable to conclude that ft(a1, . . . , an, an+1)̸= 0. Therefore,
(a1, . . . , an, an+1)̸∈ V(˜
I). Since (a1, . . . , an, an+1) was arbitrary, we
conclude that V(˜
I) is empty. This implies, by the Weak Nullstellensatz,
that 1 ∈˜
I. Therefore, for some polynomials pi, q ∈k[x1, . . . , xn, y],
1 =
s
i=1
pi(x1, . . . , xn, y)fi+q(x1, . . . , xn, y)(1 −yf).(2.6)
Now let 1 −yf = 0, that is y= 1/f(x1, . . . , xn). Then Equation 2.6
implies that
1 =
s
i=1
pi(x1, . . . , xn,1/f)fi.
31
Multiply both sides of the equation by fmwhere mis chosen large
enough to clear denominators to get Equation 2.5, thereby proving the
theorem.
The Hilbert’s Nullstellensatz motivates the next definition.
Definition 2.1.3. Let I⊂k[x1, . . . , xn]be an ideal. The radical of I
denoted √Iis the set
{f:fm∈Ifor some integer m≥1}.
Theorem 2.1.4 (The Strong Nullstellensatz).Let kbe an algebraically
closed field. If Iis an ideal in k[x1, . . . , xn], then
I(V(I)) = √I.
Proof. f∈√Iimplies that fm∈Ifor some m. Hence fmvanishes
on V(I), which implies fvanishes on V(I). Consequently, f∈I(V(I)).
Therefore √I⊂I(V(I)) (2.7)
Conversely, suppose that f∈I(V(I)). Then, by definition, fvan-
ishes on V(I). By Hilbert’s Nullstellenatz, there exists an integer m≥1
such that fm∈I. But this implies that f∈√I. Thus, we prove
I(V(I)) ⊂√I(2.8)
Equations 2.7 and 2.8 imply
I(V(I)) = √I.
Exercise 2 shows that √Iis an ideal in k[x1, . . . , xn] containing I.
We do not discuss algorithms to compute radical ideals in this text. It
is a difficult problem nevertheless. We now illustrate how to compute
radical ideals using the Software Singular.
Example 2.1.2.
We compute (J), where J=< xy −1, y2−1>. An input-output
Singular session for doing this is given below. For this computation we
load a Singular library called primdec.lib.
32
> LIB "primdec.lib";
> ring r = 0, (x,y), Dp;
> ideal J = x*y -1, y^2-1;
> radical(J);
_[1]=y2-1
_[2]=xy-1
_[3]=x2-1
> exit;
Auf Wiedersehen.
In the next examples we compare Jand √J.
Example 2.1.3. 1. In Example 2.1.2, we saw that when
J=< xy −1, y2−1>, √J=< x2−1, y2−1, xy −1> .
The reduced Gr¨obner basis of √Jw.r.t the graded lex ordering
is {x−y, y2−1}. And we know from Example 1.3.6 that the
Gr¨obner basis of Jis also {x−y, y2−1}. Therefore, √J=J.
So, in this example, I(V(J)) = J.
2. Let J=< x2, y2>, then the variety V(J) = {(0,0)}. We compute
I(V(J)) = √J=< x, y >. Note that < x, y > is strictly larger
than J, for instance, x̸∈< x2, y2>. Hence, J⊂√J.
2.2 Elimination Theory.
As we know, solving systems of polynomial equations involves elimi-
nating variables. We begin by eliminating all the polynomials involving
variables x1, . . . , xlfrom the ideal I.
Definition 2.2.1. Given I= (f1, . . . , fs)⊂k[x1, . . . , xn], the lth
elimination ideal Ilis the ideal of k[xl+1, . . . , xn]defined by
Il=I∩k[xl+1, . . . , xn].
We check that Ilis an ideal of k[xl+1, . . . , xn] in Exercise 4. Note
that I=I0is the 0 th elimination ideal.
For a fixed integer lsuch that 1 ≤l≤n, we say a monomial
order >on k[x1, . . . , xn] is of l- elimination type provided that any
33
monomial involving one of x1, . . . , xlis greater than all other monomials
in k[xl+1, . . . , xn]. For example, the lex monomial ordering, where x1>
x2··· > xn, is a l- elimination type ordering. In the next theorem we
extract a Gr¨obner basis for the lth elimination ideal Ilfrom a Gr¨obner
basis of I.
Theorem 2.2.1 (The Elimination Theorem).Let I⊂k[x1, . . . , xn]be
an ideal and let Gbe a Gr¨obner basis of Iwith respect to a l- elimination
type monomial ordering. Then, for every 0≤l≤n, the set
Gl=G∩k[xl+1, . . . , xn]
is a Gr¨obner basis of the lth elimination ideal Il.
Proof. Since Gl⊂Ilby construction, to show that Glis a Gr¨obner
basis, it suffices to prove that
<LT(Il)>=<LT(Gl)> .
It is obvious that <LT(Gl)>⊂<LT(Il)>. To prove the other
inclusion <LT(Il)>⊂<LT(Gl)>, we show that if f∈Il, then
LT(f) is divisible by LT(g) for some g∈Gl. Since f∈I, and Gis a
Gr¨obner basis of I, LT(f) is divisible by some g∈G. But f∈Ilmeans
that LT(g) only involves variables xl+1, . . . , xn. Consequently, since the
monomial ordering is of l-elimination type, g∈k[xl+1, . . . , xn].
In section 2.1, we saw that the solutions of a set of polynomials
Fare the same as the solutions of an ideal Igenerated by F. The
advantage of passing from a set to an ideal is that we can replace F
by any set of generators of I, to get the solution set of F. In the
next example, we demonstrate how to solve a system of polynomial
equations using l-elimination ideals.
Example 2.2.1. In this example, we solve the system of equations
x2+y+z= 1,
x+y2+z= 1,
x+y+z2= 1,
x2+y2+z2= 1.
Let
F={x2+y+z−1, x +y2+z−1, x +y+z2−1, x2+y2+z2−1},
34
and let Ibe the ideal generated by F, that is,
I=< x2+y+z−1, x +y2+z−1, x +y+z2−1, x2+y2+z2−1> .
The reduced Gr¨obner basis Gof Iwith respect to the lex ordering
x > y > z is
G={z2−z, 2yz +z4+z2−2z, y2−y−z2+z, x +y+z2−1}.
By Theorem 2.2.1 the Gr¨obner basis of elimination ideals I1and I2
are
G1=G∩k[y, z] = (z2−z, 2yz +z4+z2−2z, y2−y−z2+z),
and
G2=G∩k[z] = (z2−z),
respectively.
The Gr¨obner basis of I2involves only the variable z. By Exercise
7, k[z] is a principal ideal domain. Therefore I2is generated by one
element.
We now perform a backward substitution to solve the given system
of equations defined by G2. Solving z2−z= 0, we get z= 0 or z= 1.
Next we solve the equations defined by the polynomials in the set
G2−G1, that is,
2yz +z4+z2−2z= 0
y2−y−z2+z= 0.
When z= 0, the above equations imply y= 0 or y= 1, on the other
hand, when z= 1, we get y= 0.
Finally, we solve the system of equations defined by G−G1, namely,
x+y+z2−1 = 0.(2.9)
Consequently, when we substitute y= 0, z = 0 in Equation 2.9, we
get x= 1; when we substitute y= 1, z = 0 in Equation 2.9, we get
x= 0; and when we substitute y= 0, z = 1 in Equation 2.9, we get
x= 0.
Observe that the process leads us to the solutions of G. Recall that
V(G) = V(I) = V(F). Therefore, the solution set of the given system
of equations is {(1,0,0),(0,1,0),(0,0,1)}.
35
Can we always extend a partial solution to the complete one? Not
always, but the next theorem tells us when such an extension is possible
for the field of complex numbers.
Theorem 2.2.2 (The Extension Theorem).Let I=< f1, . . . , fs>⊂
C[x1, . . . , xn]and let I1be the first elimination ideal of I. For each
1≤i≤s, write fiin the form
fi=gi(x2, . . . , xn)xNi
1+terms in which x1has degree < Ni,
where Ni≥0and gi∈C[x2, . . . , xn]is nonzero. Suppose that
we have a partial solution (a2, . . . , an)∈V(I1). If (a2, . . . , an)̸∈
V(g1, . . . , gs), then there exists a1∈Csuch that (a1, . . . , an)∈V(I).
We will prove this theorem in Section 2.3. We illustrate this theorem
with an example.
Example 2.2.2.
In the case of the ideal
I=f1=x2+y+z−1,
f2=x+y2+z−1,
f3=x+y+z2−1,
f4=x2+y2+z2−1,
the coefficients giof the highest powers of xin all the polynomials fi
are 1. By the Weak Nullstellensatz Theorem, V(g1, g2, g3, g4) = V(1)
is empty. Consequently, by Theorem 2.2.2, all the partial solutions can
be extended to a complete solution.
We look at another example where such an extension is not possible.
Example 2.2.3. Consider the ideal
I=< f1=xy −1, f2=xz −1>⊂k[x, y, z].
The reduced Gr¨obner basis Gof Iwith respect to the graded lex or-
dering is G={y−z, xz −1}. Thus G1={y−z}. A partial solution is
y=z= 0. But, observe that coefficients of xof the polynomials f1, f2
simultaneously vanish at y=z= 0, that is, (0,0) ∈V(y, z). Therefore,
by the extension theorem this partial solution cannot be extended to
a complete solution of the system of equations F={f1= 0, f2= 0}.
On the other hand, every partial solution (c, c) such that c̸= 0 can be
extended to a complete solution (1/c, c, c) of F.
36
Apart from solving systems of equations, elimination ideals are also
used to find implicit equations of a surface from its parametrization.
We present, without proof, a theorem that describes the method to do
this. The proof of this theorem is given in [17] and requires concepts
not discussed in this book.
Theorem 2.2.3 (Implicitization).1. Let kbe an infinite field. Let
f1, . . . , fn∈k[t1, . . . , tm]and let
x1=f1(t1, . . . , tm)
.
.
.
xn=fn(t1, . . . , tm)
be a polynomial parametrization. Let Ibe the ideal
I=< x1−f1, . . . , xn−fn>⊂k[t1, . . . , tm, x1, . . . , xn]
and let Im=I∩k[x1, . . . , xn]be the mth elimination ideal. Then
V(Im)is the smallest variety in kncontaining the parametriza-
tion.
2. Let
x1=f1(t1, . . . , tm)
g1(t1, . . . , tm)
.
.
.
xn=fn(t1, . . . , tm)
gn(t1, . . . , tm)
be a rational parametrization, where f1, . . . , fn, g1, . . . , gnare in
k[t1, . . . , tm]. Let Ibe the ideal
< g1x1−f1,˙,gnxn−fn,1−g1g2··· gnY >⊂k[Y, t1, . . . , tm, x1, . . . , xn]
and let Im+1 =I∩k[x1, . . . , xn]be the (m+ 1) elimination ideal.
Then, V(Im+1)is the smallest variety containing this parametriza-
tion.
Example 2.2.4. In this example, we show that the surface defined by
the following parametric equations
37
x=1−t2
1 + t2,
y=2t
1 + t2.(2.10)
lie on the circle
x2+y2= 1.
Let
I=<(1 + t2)x−(1 −t2),(1 + t2)y−2t, 1−(1 + t2)2Y > .
Then, the Gr¨obner basis Gof Iw.r.t the Lex ordering t > Y > x >
yis
G={x2+y2−1,4Y−2x+y2−2, ty +x−1, tx +t−y}
The Gr¨obner basis of I2is {x2+y2−1}which is also the equation
of the circle. Therefore, Theorem 2.2.3 implies V(x2+y2−1) is the
smallest variety containing the Parametrization 2.10. Observe that the
above Parametrization do not describe the whole circle because the
point (−1,0) on the circle is not covered by this parametrization.
Example 2.2.5. In this example, we show that the surface defined by
the following polynomial parametrization
x=t1t2,
y=t1t2
2,
z=t2
1.(2.11)
lie on surface x4−y2z.
The Gr¨obner basis Gof the ideal I=< x −t1t2, y −t1t2
2, z −t2
1>
with respect to the lex ordering t1> t2> x > y is
G={x4−y2z, t2yz−x3, t2x−y, t2
2z−x2, t1y−t2
2z, t1x−t2z, t1t2−x, t12−z}.
This implies I2=< x4−y2z >. Therefore, by Theorem 2.2.3, the
smallest variety containing the Parametrization 2.11 is x4−y2z.
38
2.3 Resultants.
In this section, we introduce resultants which are used to determine
whether two polynomials have a common factor without having to fac-
torize the polynomials involved. We also use resultants to prove the
Extension Theorem from Section 2.2.
We begin with a lemma that discusses a key property of two poly-
nomials that have a common factor.
Lemma 2.3.1. Let f, g ∈k[x1, . . . , xn]be of degrees l > 0and m > 0,
respectively, in x1. Then fand ghave a common factor with positive
degree in x1if and only if there are polynomials A, B ∈k[x1, x2, . . . , xn]
such that
1. Aand Bare not both zero.
2. Ahas degree at most m−1and Bhas degree at most l−1in x1.
3. Af + Bg = 0.
Proof. First assume fand ghave a common factor h∈k[x1, . . . , xn]
with positive degree in x1. Then f=hf1and g=hg1, where f1, g1∈
k[x1, . . . , xn]. Note that f1has degree at most l−1 in x1and g1has
degree at most m−1 in x1. Then
g1·f+ (−f1)·g=g1·hf1−f1·hg1= 0.
Thus A=g1and B=−f1have the required properties.
Conversely, suppose that Aand Bhave the above three properties.
By Property 1, we may assume B̸= 0. Let
k(x2, . . . , xn) = {f
g;f, g ∈k[x2, . . . , xn], g ̸= 0}.
Check that k(x2, . . . , xn) is a field. If fand ghave no common
factor of positive degree in x1, in k(x2, . . . , xn)[x1], then we use the
Euclidean Algorithm (see Section A.1) to find polynomials A′, B′∈
k(x2, . . . , xn)[x1] such that A′f+B′g= 1 . Now multiply by Band
use Bg =−Af to get
B= (A′f+B′g)B=A′Bf +B′Bg =A′Bf −B′Af = (A′B−B′A)f.
39
Since Bis nonzero and the degree of fis l, this equation shows that
Bhas degree at least lin x1, which contradicts Property 2. Hence there
must be a common factor of fand gin k(x2, . . . , xn)[x1]. By Exercise
7, fand ghave a common factor in k[x1, . . . , xn] of positive degree in
x1, if and only if, they have a common factor in k(x2, . . . , xn)[x1] of
positive degree in x1. This proves the theorem.
To show that Aand Bin Lemma 2.3.1 actually exist, we write f
and gas polynomials in x1with coefficients ai, bi∈k[x2, . . . , xn]:
f=a0x1l+···+al, a0̸= 0,
g=b0x1m+· ·· +bm, b0̸= 0.(2.12)
Our goal is to find coefficients ci, di∈k[x2, . . . , xn] such that
A=c0x1m−1+· ·· +cm−1,
B=d0x1l−1+···+dl−1,(2.13)
and
Af +Bg = 0.(2.14)
Consequently, comparing coefficients of x1in Equation 2.14, we get
the following system of equations
aoc0+b0d0= 0 (coefficient of x1l+m−1)
a1c0+a0c1+b1d0+b0d1= 0 (coefficient of xl+m−2
1)
.
.
.
alcm−1+bmdl−1= 0 (coefficient of x0
1) (2.15)
Since there are l+mlinear equations and l+munknowns, there
is a nonzero solution if and only if the coefficient matrix has a zero
determinant. This leads to the following definition.
Definition 2.3.1. Given polynomials f, g ∈k[x1, . . . , xn]of positive
degree in x1, write them in the form 2.12. Then the Sylvester matrix
of fand gwith respect to x1denoted Syl(f, g, x1)is the coefficient
40
matrix of the system of equations given in 2.15. Thus, Syl(f, g, x1)is
the following (l+m)×(l+m)matrix:
Syl(f, g, x1) =
a0b0
a1a0b1b0
a1...b1...
.
.
....a0
.
.
....b0
.
.
.a1
.
.
.b1
albm
al
.
.
.bm
.
.
.
......
albm
,
where the first mcolumns contain the coefficients of f, such that the
first i−1entries of the ith column are zeroes, 1≤i≤m; the last l
columns contain the coefficients of g, such that the first j−1entries
of the m+jth column are zeroes, 1≤j≤l; and the empty spaces are
filled by zeros.
The resultant of fand gwith respect to x1denoted Res(f, g, x1)
is the determinant of the Sylvester matrix. Thus,
Res(f, g, x1) = det(Syl(f, g, x1)).
The resultant is defined in such a way that its vanishing detects
the presence of common factors. We prove this fact in the following
theorem.
Theorem 2.3.1. Let f, g ∈k[x1, . . . , xn]have positive degree in x1,
then Res(f, g, x1) = 0 if and only if fand ghave a common factor in
k[x1, . . . , xn]which has positive degree in x1.
Proof. The resultant is zero means that the determinant of the
coefficient matrix of Equations 2.15 is zero. This happen if and only if
there exists a nonzero solution to the system of equations 2.15. This
is equivalent to existence of polynomials Aand Bsuch that Aand B
are not both zero, degree of Ais less than degree of fand the degree
of Bis less than the degree of g, in x1, and Af +Bg = 0. By Lemma
2.3.1, this happens if and only if fand ghave a common factor in
k[x1, . . . , xn] which has positive degree in x1.
41
Example 2.3.1. Consider the polynomials
f=x2y+x2−3xy2−3xy and g=x3y+x3−4y2−3y+ 1.
To compute Res(f, g, x), write fand gas
f= (y+ 1)x2+ (−3y2−3y)x,
g= (y+ 1)x3+ (−4y2−3y+ 1).
Res(f, g, x) = det
y+ 1 0 0 y+ 1 0
−3y2−3y y + 1 0 0 y+ 1
0−3y2−3y y + 1 0 0
0 0 −3y2−3y−4y2−3y+ 1 0
0 0 0 0 −4y2−3y+ 1
=−108y9−513y8−929y7−738y6−149y5+ 112y4+ 37y3
−14y2−3y+ 1 ̸= 0.
Res(f, g, x)̸= 0 implies that fand ghave no common factor with
positive degree in x, by Theorem 2.3.1.
To compute Res(f, g, y), write fand gas
f= (−3x)y2+ (x2−3x)y+x2,
g=−4y2+ (x3−3)y+ (x3+ 1).
Res(f, g, y) = det
−3x0−4 0
x2−3x−3x x3−3−4
x2x2−3x x3+ 1 x3−3
0x20x3+ 1
= 0.
Res(f, g, y) = 0 implies that fand ghave a common factor with
positive degree in y, by Theorem 2.3.1. To verify this, we factorize f
and gto get f=x(y+ 1)(−3y+x) and g= (y+ 1)(−4y+1+x3). We
see that (y+ 1) is indeed a common factor of fand gwith a positive
degree in y.
Resultants can be computed using the Software Singular. A sample
input-output session is provided below.
42
> ring r = 0, (x,y), dp;
> poly f = x^2*y-3*x*y^2+x^2-3*x*y;
> poly g = x^3*y+x^3-4*y^2-3*y+1;
> resultant(f,g,x);
-108y9-513y8-929y7-738y6-149y5+112y4+37y3-14y2-3y+1
> resultant(f,g,y);
0
>quit;
Auf Wiedersehen.
In the case of polynomials fand gwith only one variable x, the
resultant Res(f, g, x) is usually denoted as Res(f , g).
Example 2.3.2. Let
f=x2+xand g=x2+ 4x+ 4.
Res(f, g) = det
1010
1141
0144
0004
= 4 ̸= 0.
Therefore the polynomials fand gare relatively prime.
Lemma 2.3.2. Let f, g ∈k[x1, . . . , xn]be of positive degree in x1with
coefficients ai, bi∈k[x2, . . . , xn], then Res(f, g, x1)∈k[x2, . . . , xn].
Proof. Since Res(f, g, x1) is a determinant involving only aiand bi,
it follows that Res(f, g, x1)∈k[x2, . . . , xn].
Lemma 2.3.3. Let f, g ∈k[x1, . . . , xn]of positive degree in x1with
coefficients ai, bi∈k[x2, . . . , xn]. Then
Af +Bg =Res(f , g, x1),
where Aand Bare polynomials in x1whose coefficients are integer
polynomials in aiand bi.
Proof. The lemma is true when Res(f, g, x1) = 0, because we can
choose A=B= 0. Assume that Res(f, g, x1)̸= 0. Write fand gin
the form of Equations 2.12. Let
A′=c0x1m−1+· ·· +cm−1,
B′=d0x1l−1+· ·· +dl−1,(2.16)
43
where the coefficients ci, di∈k[x2, . . . , xn], such that
A′f+B′g= 1.
Comparing coefficients we get
aoc0+b0d0= 0 (coefficient of x1l+m−1)
a1c0+a0c1+b1d0+b0d1= 0 (coefficient of xl+m−2
1)
.
.
.
alcm−1+bmdl−1= 1 (coefficient of x0
1) (2.17)
These equations are the same as 2.15 except for the 1 on the right
hand side of the last equation. Thus, the coefficient matrix is the
Sylvester matrix of fand g. Therefore, Res(f, g, x1)̸= 0 guarantees
that the System 2.17 has a unique solution. We use Cramer’s rule to
find this unique solution. Recall that the Cramer’s rule states that the
i-th unknown is a ratio of two determinants, where the denominator
is the determinant of the coefficient matrix and the numerator is the
determinant of the matrix where the i-th column of the coefficient
matrix has been replaced by the right hand side vector of the system.
For example, the first unknown c0is given by
c0=1
Res(f, g, x1)det
0b0
0a0b1b0
a1...b1...
.
.
....a0
.
.
....b0
.
.
.a1
.
.
.b1
0albm
.
.
.....
.
.....
.
.
1albm
.
Since a determinant is an integer polynomial in its entries, it follows
that
c0=an integer polynomial in ai, bi
Res(f, g, x1).
Similarly, we conclude that the denominator for ckand dkfor ev-
ery kis always Res(f, g, x1) and the numerator is always an integer
polynomial in aiand bi.
44
Since A′=c0x1m−1+··· +cm−1, we can pull out the common
denominator Res(f, g, x1) and write
A′=1
Res(f, g, x1)A,
where A∈k[x1, . . . , xn], and the coefficients of Aare integer poly-
nomials in ai, bi. Similarly, we can write
B′=1
Res(f, g, x1)B,
where B∈k[x1, . . . , xn], and the coefficients of Bare integer polyno-
mials in ai, bi.
Since A′f+B′g= 1, we can multiply through by Res(f, g, x1) to
obtain
Af +Bg = Res(f, g, x1).
Theorem 2.3.2. Let f, g ∈k[x1, . . . , xn]have positive degree in x1,
then Res(f, g, x1)is in the first elimination ideal < f, g > ∩k[x2, . . . , xn].
Proof. By Lemma 2.3.3,
Af +Bg =Res(f , g, x1),
where A, B ∈k[x1, . . . , xn]. Hence Res(f, g, x1)∈< f , g >. Apply-
ing Lemma 2.3.2, we get Res(f, g, x1)∈k[x2, . . . , xn]. Consequently,
Res(f, g, x1)∈< f, g > ∩k[x2, . . . , xn].
Over the complex numbers, two polynomials in C[x] have a common
factor if and only if fand ghave a common root by Theorems A.2.2
and A.2.8. Thus, we get the following corollary.
Corollary 2.3.3. If f, g ∈C[x], then Res(f, g, x) = 0 if and only if f
and ghave a common root in C.
To prove the Extension Theorem, we first need to prove it for the
case of two polynomials, and then extend the result to the general case.
We begin by proving the following theorem which is used in the proof
of the Extension Theorem for two polynomials.
45
Theorem 2.3.4. Given f, g ∈C[x1, . . . , xn], write fand gin the form
of Equations 2.12, so that ai, bi∈C[x2, . . . , xn]. If Res(f, g, x1)van-
ishes at (c2, . . . cn)∈Cn−1, then either a0or b0vanishes at (c2, . . . , cn),
or there is a c1∈Csuch that fand gvanish at (c1, c2, . . . cn)∈Cn.
Proof. Let c= (c2, . . . , cn) and let f(x1,c) = f(x1, c2, . . . , cn). It
suffices to show that f(x1,c) and g(x1,c) have a common root when
a0(c) and b0(c) are both nonzero. To prove this, write
f(x1,c) = ao(c)xl
1+· ·· +al(c), ao(c)̸= 0,
g(x1,c) = bo(c)xm
1+· ·· +bm(c), bo(c)̸= 0.
By hypothesis h= Res(f, g, x1) vanishes at c. Therefore
0 = h(c) = Res(f(x1,c), g(x1,c), x1).
Then Corollary 2.3.3 implies that f(x1,c) and g(x1,c) have a com-
mon root.
Theorem 2.3.5. [The Extension Theorem for two polynomials.] Let
I=< f , g >⊂C[x1, . . . , xn]and let I1be the first elimination ideal
of I. Write fand gin the form of Equations 2.12, so that ai, bi∈
C[x2, . . . , xn]. Suppose we have a partial solution c= (c2, . . . , cn)∈
V(I1), and if (c2, . . . , cn)̸∈ V(a0, b0), then there exists c1∈Csuch that
(c1, . . . , cn)∈V(I).
Proof. By Theorem 2.3.2, we know that Res(f, g, x1)∈I1, so that
the resultant vanishes at the partial solution c. If neither a0nor b0
vanishes at c, then the required c1exists by Theorem 2.3.4.
Now suppose a0(c)̸= 0 but b0(c) = 0. Since xN
1f∈< f, g +xN
1f >
and g=g+xN
1f−xN
1f, we conclude that g∈< f, g+xN
1f >. Therefore
< f, g >⊂< f, g +xN
1f >. Clearly < f, g +xN
1f >⊂< f, g >. Hence
< f, g >=< f, g +xN
1f > . (2.18)
We choose Nlarge enough so that x1Nfhas larger degree in x1than g.
The leading coefficient of g+x1Nfis a0, which is nonzero at c. This
allows us to use Theorem 2.3.4 to conclude that there is a c1∈Csuch
that (c1,c)∈V(f, g +xN
1f), and hence (c1,c)∈V(f, g) by 2.18.
Let f1, . . . , fs∈C[x1, . . . , xn], then the resultant for f1, . . . , fs,
s≥3 is defined by introducing new variables u2, . . . , usand encoding
46
f2, . . . , fsin to a single polynomial u2f2+···+usfs∈C[u2, . . . , us, x1, . . . , xn].
By Theorem 2.3.2, Res(f1, u2f2+···usfs, x1) lies in C[u2, . . . , us, x2, . . . , xn].
Therefore, to get polynomials in x2, . . . , xn, we expand the resultant in
terms of powers of u2, . . . , us, that is, we write
Res(f1, u2f2+···usfs, x1) =
α
hα(x2, . . . , xn)uα,
where uα=u2α2···usαs. The polynomials hαare called the gen-
eralized resultants of f1, . . . , fs. The generalized resultants are not of
much practical use, but we use it to prove the Extension Theorem.
Finally, we have the necessary tools to prove the Extension Theo-
rem, that is, a partial solution acan be extended if the leading terms
of f1, . . . , fsdo not simultaneously vanish at a.
Proof of the Extension Theorem 2.2.2. Let a= (a2, . . . , an). We
seek a common root a1of f1(x1,a), f2(x1,a), . . . , fs(x1,a). The case
s= 2 was proved in Theorem 2.3.5, which also covers the case s= 1
since V(f1) = V(f1, f1). It remains to prove the theorem when s≥3.
Since a̸∈ V(g1, . . . , gs), we may assume that g1(a)̸= 0. Let hα∈
C[x2, . . . , xn] be the generalized resultants of f1, . . . , fs, that is,
Res(f1, u2f2+· ·· +usfs, x1) =
α
hαuα.(2.19)
By Lemma 2.3.3,
Af1+B(u2f2+· ·· +usfs) = Res(f1, u2f2+·· · +usfs, x1),(2.20)
for some polynomials A, B ∈C[u2, . . . , us, x1, . . . , xn].
Write A=αAαuαand B=βBβuβ, where Aα, Bβ∈C[x1, . . . , xn].
Set e2= (1,0, . . . , 0), . . . , es= (0, . . . , 0,1), so that u2f2+·· · +usfs=
47
i≥2ueifi. Then Equation 2.19 can be written as
αhαuα= (αAαuα)f1+βBβuβi≥2ueifi
=α(Aαf1)uα+i≥2,β Bβfiuβ+e1
=α(Aαf1)uα+α
i≥2
β+ei=α
Bβfi
uα
=α
Aαf1+i≥2
β+ei=α
Bβfi
uα.
If we equate the coefficients of uα, we obtain
hα=Aαf1+
i≥2
β+ei=α
Bβfi,
which proves that hα∈I, and hence in I1, for all α. Since a∈V(I1),
it follows that hα(a) = 0 for all α. Therefore, by 2.19, the resultant
h= Res(f1, u2f2+···+usfs, x1) vanishes at a, that is,
h(a, u2, . . . , un) = 0.
Suppose we can assume about f2that
g2(a)̸= 0 and f2has degree in x1greater than f3, . . . , fs.(2.21)
Then, since
Res(f1(x1,a), u2f2(x1,a) + · ·· +usfs(x1,a)) = 0,
the polynomials f1(x1,a), and u2f2(x1,a) + · ·· +usfs(x1,a) have
a common factor d∈C[x1] of positive degree in x1by Theorem 2.3.4.
Check that since ddivides u2f2(x1,a) + ··· +usfs(x1,a), ddivides
fi(x1,a) for i= 2 to s. Consequently, dis a common factor for all
48
the polynomials f1, . . . , fs. Let a1be a root of d(a1exists because we
are working with complex numbers), then a1is a common root of all
fi(x1,a). This proves the Extension Theorem when we can assume the
condition 2.21 to be true.
Finally, if 2.21 is not true for f2, . . . , fs, then we have to use a
different basis for Iso that the condition 2.21 is true. Replace f2by
f2+xN
1f1, where Nis such that xN
1f1has a higher degree in x1than
f2, f3, . . . , fsso that the leading coefficient of f2+xN
1f1is g1. Check
that
I=< f1, f2+xN
1f1, f3, . . . , fs> .
Then, the previous argument gives us a1as a common root of f1(x1,a)
and f2(x1,a) + xN
1f1(x1,a), f3(x1,a),··· , fs(x1,a). Consequently, a1
is a common root of f1(x1,a), f2(x1,a), f3(x1,a),··· , fs(x1,a). This
completes the proof of the Extension Theorem.
Exercises.
1. Let Vand Wbe affine varieties. Prove that V⊂Wif and only
if I(W)⊂I(V).
2. If Iis an ideal in k[x1, . . . , xn], prove that √Iis an ideal in
k[x1, . . . , xn] containing I. Further prove that
√I=√I.
3. Prove that if I=k[x1, . . . , xn] then the reduced Gr¨obner basis of
Iis {1}.
4. Let Ibe an ideal of k[x1, . .. , xn].Prove that Il=I∩k[xl+1, . . . , xn]
is an ideal of k[xl+1, . . . , xn].
5. Solve the following system of equations.
x2+y+z= 1,
x+y2+z= 1,
x+y+z2= 1.
6. Find the implicit equations of the following parametrizations.
49
(a) The tangent surface to the twisted cubic.
x=t+u,
y=t2+ 2tu,
z=t3+ 3t2u.
(b) The Enneper surface.
x= 3u+ 3uv2−u3,
y= 3v+ 3u2v−v3,
z= 3u2−3v2.
(c) The Folium of Descartes.
x=3t
1+t3,
y=3t2
1+t3.
7. Suppose f, g ∈k[x1, . . . , xn] have positive degree in x1. Then
prove that fand ghave a common factor in k[x1, . . . , xn] of pos-
itive degree in x1if and only if they have a common factor of
positive degree in x1in k(x2, . . . , xn)[x1].
8. Find the resultant of the following polynomials. Do they have a
common factor?
(a) f=x3+ 11x2+ 36x+ 28 and g=x3−17x2−25x+ 1001.
(b) f=x3+ 13x2+ 48x+ 38 and g=x3−21x2+ 71x+ 429.
9. Find Res(f, g, x), Res(f, g, y), and Res(f, g, z), when
(a)
f=x2+xy +xz −x−y−z,
g=x2z2−y2z2+xz3−yz3+x2y−y3+xyz −y2z.
(b)
f=xy +y2+xz + 2yz +z2−2x−2y−2z,
g=xz2−yz2+xy −y2.
50
Chapter 3
Finding Roots of polynomials
in Extension Fields.
In the book of life, the answers aren’t in the back - Charles M. Schulz.
The fundamental theorem of algebra says that every polynomial
with real coefficients has a root in the field of complex numbers C. In
this chapter, we prove that for any polynomial with coefficients in an
arbitrary field, there is always an extension field which contains all the
roots of this polynomial.
3.1 Modular Arithmetic and Polynomial irreducibil-
ity in Q.
If Ais a set, then any subset of A×Ais called a relation of A. The
operation of division defines a relation among integers defined as below.
Definition 3.1.1. Let a, b, n be integers with n > 0. Then ais con-
gruent to bmodulo n[written a≡b(mod n)], provided that ndivides
a−b.
Example 3.1.1. 17 ≡2 (mod 5) because 5 divides 17 −2 = 15.
Similarly, we check that 4 ≡28 (mod 6) and 3 ≡ −9 (mod 4).
Definition 3.1.2. Let aand nbe integers with n > 0. The congru-
ence class of amodulo n(denoted [a]) is the set of all those integers
that are congruent to amodulo n, that is,
[a] = {b|b∈Zand b≡a(mod n)}.
51
We denote ndivides aas n|a. Note that if n|a, then there is an
integer ksuch that a=kn. Therefore a≡bimplies a=b+kn for
some k∈Z. In other words,
[a] = {a+kn|k∈Z}.
Example 3.1.2. 1. When n= 5,
[17] = {17+5k|k∈Z}={. . . , −13,−8,−3,2,7,12,17,22,27,32, . . . }.
2. When n= 7,
[17] = {17 + 7k|k∈Z}={. . . , −11,−4,3,10,17,24,31,38, . . . }.
We now look at several properties of the congruence modulo nre-
lation of integers.
Theorem 3.1.1. Let nbe a positive integer. For all a, b, c ∈Z,
1. a≡a(mod n) (≡is reflexive);
2. if a≡b(mod n), then b≡a(mod n) (≡is symmetric);
3. if a≡b(mod n) and b≡a(mod n), then a≡c(mod n) (≡is
transitive).
Proof.
1. Since a−a= 0 and n|0, we have a≡a(mod n).
2. a≡b(mod n) implies n|(a−b) by definition. But that means
n|(b−a). Hence b≡a(mod n).
3. if a≡b(mod n) and b≡a(mod n) then there are integers kand
tsuch that a−b=nk and b−c=nt. Therefore
(a−b)+(b−c) = nk +nt
(a−c) = n(k+t).
Thus n|a−cand therefore a≡c(mod n).
Theorem 3.1.2. a≡c(mod n) if and only if [a] = [c].
52
Proof. Assume a≡c(mod n). To show that [a] = [c], we first show
[a]⊂[c]. Let b∈[a] then by definition b≡a(mod n). Since we assume
a≡c(mod n), we have b≡c(mod n) by transitivity. Thus b∈[c]
and we prove that [a]⊂[c]. Observe that the assumption a≡c(mod
n) implies c≡a(mod n) by symmetry. Therefore, to prove [c]⊂[a],
we just reverse the role of aand cin the above argument.
Conversely, assume [a] = [c]. Since a≡a(mod n) by reflexivity we
have a∈[a] = [c]. Therefore a∈[c] and hence a≡c(mod n).
Example 3.1.3. Since, 17 ≡2 (mod 5) we get [17] = [2].
Corollary 3.1.3. Two congruence classes modulo nare either disjoint
or identical.
Proof. If [a] and [c] are disjoint there is nothing to prove. Assume
that [a]∩[c] is nonempty. Let b∈[a]∩[c], then b≡a(mod n) and
b≡c(mod n). By symmetry we first get a≡b(mod n) and then by
transitivity a≡c(mod n). Finally, Theorem 3.1.2 implies [a] = [c].
Corollary 3.1.4. There are exactly ndistinct congruence classes mod-
ulo n, namely, [0],[1],··· ,[n−1].
Proof. We first prove that no two of 0,1,2, . . . , n −1 are congruent
modulo n. Let sand tbe integers such that 0 ≤s<t<n. Then
0< t −s < n and therefore, ndoes not divide t−s, that is t̸≡ s
(mod n). Since no two of 0,1,2, . . . , n −1 are congruent modulo n
we have that [0],[1],··· ,[n−1] are all distinct. Next we show that
a∈Zis one of these nclasses. By division algorithm, a=qn +rsuch
that 0 ≤r < n. Therefore a≡r(mod n) or in other words a∈[r].
Therefore, ais in one of the classes [0],[1],··· ,[n−1].
Definition 3.1.3. The set of all congruence classes modulo nis de-
noted Zn.
Example 3.1.4. Z5={[0],[1],[2],[3],[4]}where
[0] = {. . . , −15,−10,−5,0,5,10,15, . . . },[1] = {. . . , −14,−9,−4,1,6,11,16, . . . },
[2] = {. . . , −13,−8,−3,2,7,12,17, . . . },[3] = {. . . , −12,−7,−2,3,8,13,18, . . . },
[4] = {. . . , −11,−5,−1,4,9,14,19, . . . }.
53
Definition 3.1.4. Addition and multiplication in Znare defined by
[a] + [b] = [a+b]and [a]·[b] = [a·b].
Example 3.1.5. In Z5we have [3]+[4] = [7] = [2] = {. . . , −8,−3,2,7,12, . . . , }
and [3] ·[2] = [6] = [1] = {. . . , −9,−4,1,6,11, . . . }.
Theorem 3.1.5. The set Znwith the addition and multiplication of
classes is a commutative ring with identity.
Proof. It is easily verified that [0] is the additive identity, [1] is the
multiplicative identity in Znand that the additive inverse of a class
[a] is [−a]. All other properties are derived from the fact that Zis a
commutative ring.
Thus, sets transform to number-like objects on which we can per-
form arithmetic operations. Therefore, from now on, throughout the
book, brackets are dropped in the notation of congruence classes when-
ever the context is clear. For example, [a]·[b] is written as a·b.
Theorem 3.1.6. Zpis a field whenever pis a prime.
Proof. By Theorem 3.1.5, we know that Zpis a commutative ring
with identity. To show that Zpis a field we need to prove that if a∈Zp
such that a̸= 0, then ahas a multiplicative inverse x. Now, a̸= 0
implies a̸≡ 0 (mod p), that is, ais not divisible by p. Therefore,
the greatest common divisor (gcd) of aand pis 1. We use Euclid’s
algorithm to write ax +py = 1 (see Section A.1). This implies p
divides ax −1. In other words, ax ≡1 (mod n). Therefore xis the
inverse of ain Zp. And the proof is now complete.
Given f∈Q[x], we can clear denominators and get cf ∈Z[x] for
some nonzero integer c, such that cf(x) has the same degree as f(x).
This allows us to reduce factorization problems in Q[x] to factorization
problems in Z[x].
Theorem 3.1.7. Let f(x)∈Z[x], then f(x)factors as a product of
polynomials of degrees mand nin Q[x]if and only if f(x)factors as
a product of polynomials of degrees mand nin Z[x].
Proof. Clearly, if f(x) factorizes in Z[x], then f(x) factors in Q[x].
Conversely, suppose f(x) = g(x)h(x) in Q[x]. Let aand bbe inte-
gers such that ag(x) and bh(x) have integer coefficients. Therefore,
abf(x)=(ag(x))(bh(x)) ∈Z[x]. Now let pbe a prime that divides
54
ab, that is let ab =pt. Then by Exercise 4, pdivides every coefficient
of ag(x) or pdivides every coefficient of bh(x). Let us say pdivides
every coefficient of ag(x). Then ag(x) = pk(x) such that k(x)∈Z[x].
Thus, we get ptf(x) = (pk(x))(bh(x)). Canceling pfrom both sides we
have tf(x) = k(x)bh(x). Now we repeat the argument with any prime
divisor of t. Continuing thus, we cancel every prime factor of ab till
the left side of the equation is ±f(x) and the right side is the product
of two polynomials in Z[x], one with the same degree as g(x) and the
other with the same degree as h(x).
Example 3.1.6. Let
f= (1/2)x2−(5/4)x+ (1/2).
Then
4f= 2x2−5x+ 2 = (2x−1)(x−2) ∈Z[x].
Hence
f=1
4(2x−1)(x−2) ∈Q[x].
A polynomial f(x)∈k[x], where kis a ring, is said to be an associate
of g(x)∈k[x] if f(x) = cg(x) for some nonzero c∈k.
Definition 3.1.5. Let kbe a field. A non-constant polynomial p(x)∈
k[x]is said to be irreducible if its only divisors are its associates and
nonzero constant polynomials. A non-constant polynomial that is not
irreducible is said to be reducible.
Example 3.1.7. The polynomial x2+ 1 is irreducible in R(apply
Corollary A.2.4) but is reducible in C.
We use the fields Zpto determine irreducibility of polynomials in
Q. Let f(x) = anxn+an−1xn−1+· ·· +a1x+a0∈Z[x], then f(x)
denotes the polynomial [an]xn+ [an−1]xn−1+··· + [a1]x+ [a0]∈Zp[x].
Theorem 3.1.8. Let f(x) = anxn+an−1xn−1+·· · +a1x+a0be
a polynomial with integer coefficients, and let pbe a positive prime
that does not divide an. If f(x)is irreducible in Zp[x], then f(x)is
irreducible in Q[x].
Proof. Suppose, on the contrary, that f(x) is irreducible in Zp[x]
and that f(x) is reducible in Q[x]. By Theorem 3.1.7, f(x) factors in
55
Z[x]. Let f(x) = h(x)g(x) such that h(x) and g(x) are non-constant
polynomials in Z[x]. Since pdoes not divide an, it cannot divide the
leading coefficients of h(x) or g(x) (their product is an). Therefore, de-
gree of g(x) is the same as degree of g(x) and degree of h(x) is the same
as degree of h(x). In particular, g(x) and h(x) are not constant polyno-
mial in Zp[x]. By Exercise 6, we have f(x) = g(x)h(x) in Z[x] implies
that f(x) = g(x)h(x) in Zp[x]. This contradicts the irreducibility of
f(x) in Zp[x]. Therefore f(x) is irreducible in Q[x].
The advantage of using this theorem for proving irreducibility is that
for each nonnegative integer nthere are only finitely many polynomials
of degree nin Zp[x]. In fact, there are pn+1 −pnpolynomials of degree n
in Zp[x] (see Exercise 7). So we determine whether a given polynomial
is irreducible by checking the finite number of possible factors.
Example 3.1.8. To show that f(x) = x5+ 8x4+ 3x2+ 4x+ 7 is
irreducible in Q[x], we reduce f(x) mod 2 and we get f(x) = x5+x2+1
in Z2[x]. f(x) has no roots in Z2[x] because f(0) ̸= 0 and f(1) ̸= 0 (see
Theorem A.2.1). Therefore f(x) has no linear factors (see Theorem
A.2.2). The only quadratic polynomials in Z2[x] are x2, x2+x, x2+
1, x2+x+ 1. We use long division to show none of these polynomials
divide f(x). f(x) cannot have factors of degree 3 or 4 because then the
other factor has to be either linear or quadratic which is not possible.
Therefore f(x) is irreducible in Z2[x]. This implies f(x) is irreducible
in Q[x].
If a polynomial f(x) is reducible mod p, then it does not imply that
f(x) is reducible in Q[x]. Consequently, application of Theorem 3.1.8
can be time consuming because we need to find the right pto prove
irreducibility.
Example 3.1.9. To prove that f(x) = 7x3+ 6x2+ 4x+ 6 is irre-
ducible in Q[x], we use p= 5. Check that f(x) is reducible in Z2[x]
and Z3[x]. Now f(x) = 2x3+x2+ 4x+ 1 has no roots in Z5[x] be-
cause f(0), f (1), f(2), f (3), f(4) do not evaluate to zero. Thus, f(x) is
irreducible in Z5[x] (by Corollary A.2.4) and hence in Q[x].
The number of irreducible polynomials of a given degree nin Zp[x]
is also known.
56
Proposition 3.1.1. The number of irreducible polynomials of degree
nin Zp[x]is
1
n
d/n
µ(d)pn/d
where
µ(d) =
1for d= 1
0if dhas a square factor
(−1)rif dhas rdistinct prime factors.
The proof of Proposition 3.1.1 is available in [19].
Example 3.1.10. In Z2[x], there is exactly 1 irreducible polynomial
of degree 2 because
1
2
d/2
µ(d)p2/d =1
2µ(1)22+µ(2)21=1
2(4 −2) = 1.
Note that x2+x+ 1 is irreducible because it has no roots by Corollary
A.2.4. Thus x2+x+ 1 is the only irreducible polynomial of degree 2
in Z2.
In Section A.2 we list other irreducibility tests for polynomials. In
the next section we use irreducible polynomials to construct extension
fields.
3.2 Field Extensions.
Let kbe a field. Given a polynomial fin k[x] our goal is to find
a field containing kin which fhas a root. To do this we need to
study congruence relations in the polynomial ring k[x]. Congruency is
a recurring theme in this chapter that allows us to construct new fields.
Definition 3.2.1. Let kbe a field and f(x), g(x), p(x)∈k[x], and let
p(x)be a nonzero polynomial. Then f(x)is congruent to g(x)modulo
p(x), written as
f(x)≡g(x)(mod p(x)),
provided that p(x)divides f(x)−g(x).
57
Example 3.2.1. It is easy to verify that x2≡ −1 (mod x2+ 1),
x3+ 2x+ 1 ≡x+ 1 (mod x2+ 1), and x4−1≡0 (mod x2+ 1).
We state some properties of this congruence modulo relation with-
out proof. The proofs of Theorems 3.2.1, 3.2.2, 3.2.3, 3.2.6, 3.2.7, and
Corollary 3.2.4 are similar to proofs in the previous section, and are
assigned as exercises.
Theorem 3.2.1. Let kbe a field and let p(x)be a nonzero polynomial
in k[x]. Then the relation of congruence modulo p(x)is
1. reflexive: f(x)≡f(x)(mod p(x));
2. symmetric: if f(x)≡g(x)(mod p(x)), then g(x)≡f(x)(mod p(x));
3. transitive: if f(x)≡g(x)(mod p(x)) and g(x)≡h(x)(mod p(x)),
then f(x)≡h(x)(mod p(x)).
Theorem 3.2.2. Let kbe a field and p(x)a nonzero polynomial in
k[x]. If f(x)≡g(x)(mod p(x)) and h(x)≡k(x)(mod p(x)), then
1. f(x) + h(x) = g(x) + k(x)(mod p(x)),
2. f(x)h(x) = g(x)k(x)(mod p(x)).
Example 3.2.2. Since x2≡ −1 (mod x2+ 1) and x3+ 2x+ 1 ≡x+ 1
(mod x2+ 1) we get
(x2)+(x3+ 2x+ 2) ≡ −1 + (x+ 1) = x(mod x2+ 1)
and
(x2)(x3+ 2x+ 2) ≡(−1)(x+ 1) = −x−1(mod x2+ 1).
Definition 3.2.2. Let kbe a field and f(x), p(x)∈k[x]such that p(x)
is a nonzero polynomial. The congruence class of f(x)modulo p(x)is
denoted [f(x)] and consists of all polynomials in k[x]that are congruent
to f(x)modulo p(x), that is
[f(x)] = {g(x); g(x)∈k[x]and g(x)≡f(x)(mod p(x))}.
In other words
[f(x)] = {f(x) + q(x)p(x); q(x)∈k[x]}.
58
Example 3.2.3. The congruence class of x+ 1 modulo x2+ 1 is the
set
[x+ 1] = {(x+ 1) + q(x)(x2+ 1); q(x)∈k[x]}.
Note that the set [x+ 1] contains all the polynomials that has the
remainder x+ 1 when divided by x2+ 1.
Theorem 3.2.3. f(x)≡g(x)(mod p(x)) if and only if [f(x)] = [g(x)].
Corollary 3.2.4. Two congruence classes modulo p(x)are either dis-
joint or identical.
Corollary 3.2.5. Let kbe a field and let p(x)be a nonzero polynomial
of degree nin k[x]. Consider the set Ssuch that
S={r(x) : r(x)∈k[x]and degree of r(x)is less than n}.
Then, if f(x)∈k[x],[f(x)] = [r(x)] for some r(x)∈S. Moreover the
congruence classes of different polynomials in Sare distinct.
Proof. Two different polynomials in Scannot be congruent mod-
ulo p(x) because their difference has degree less than nand hence
is not divisible by p(x). Therefore different polynomials in Smust
be in different congruence classes by Theorem 3.2.3. Now given a
polynomial f(x)∈k[x] we can use the division algorithm to write
f(x) = q(x)p(x) + r(x) where r(x) has degree less than n. Note that
f(x)≡r(x)(mod p(x)). Therefore, f(x)∈k[x] implies [f(x)] = [r(x)]
for some r(x)∈S.
The set of all congruence classes modulo p(x) is denoted by k[x]/(p(x)).
Example 3.2.4. Consider R[x]/(x2+ 1). The possible remainders on
division by x2+ 1 are polynomials of the form a+bx where a, b ∈R.
R[x]/(x2+ 1) = {[a+bx] : a, b ∈R}={[0],[x],[2x+ 5],[1/5x+ 3], . . . }.
Consequently, R[x]/(x2+ 1) is an infinite set.
Example 3.2.5. The possible remainders on division by the polyno-
mial x2+x+1 ∈Z2[x] are polynomials of the form ax+bwith a, b ∈Z2.
There are only four possible remainders (see Exercise 14). Therefore
Z2[x]/(x2+x+ 1) = {[0],[1],[x],[x+ 1]}.
59
Definition 3.2.3. Let kbe a field and let p(x)be a non-constant poly-
nomial in k[x]. Addition and multiplication in k[x]/(p(x)) are defined
by
[f(x)] + [g(x)] = [f(x) + g(x)],
[f(x)][g(x)] = [f(x)g(x)].
Example 3.2.6. In R[x]/(x2+ 1)
[x+1]+[x−1] = [2x].
[x+ 1][x−1] = [x2−1] = [−2].
Theorem 3.2.6. Let kbe a field and let p(x)be a non-constant poly-
nomial in k[x]. Then the set k[x]/(p(x)) of congruence classes modulo
p(x)is a commutative ring with identity.
Theorem 3.2.7. Let kbe a field and let p(x)be an irreducible polyno-
mial in k[x]. Then k[x]/(p(x)) is a field.
Example 3.2.7. The polynomial p(x) = x2+ 1 is irreducible in R[x]
because it has no roots in R(see Theorem A.2.7). Therefore, by The-
orem 3.2.7, R[x]/(x2+ 1) is a field.
If Fand Kare fields such that F⊆K, we say that Kis an
extension field of F. Next, we prove that if kis a field and p(x) is an
irreducible polynomial in k[x], then k[x]/(p(x)) is an extension field of
kthat contains a root of p(x). To do this we introduce the concept of
isomorphisms.
Definition 3.2.4. Let fbe a function from a set Xto a set Y. Then
1. fis surjective (or onto) if for every y∈Ythere is a x∈Xsuch
that f(x) = y.
2. fis injective (or one-to-one) if x̸=x′implies f(x)̸=f(x′).
3. fis a bijection if it is both injective and surjective.
Definition 3.2.5. Let Rand Sbe rings. A function f:R→Sis
called a homomorphism if it satisfies the condition
f(a+b) = f(a) + f(b)and f(ab) = f(a)f(b)for all a, b ∈R.
60
Definition 3.2.6. Let Rand Sbe rings. A function f:R→Sis
called an isomorphism if fis a bijective homomorphism. The ring
Ris said to be isomorphic to S(in symbols R∼
=s) if there is an
isomorphism from Rto S.
What is the purpose of isomorphisms? Two isomorphic sets are
considered essentially same for all practical purposes.
Example 3.2.8. 1. Z6is not isomorphic to Z12 because the orders
of the two rings are different.
2. Consider the field Kof 2 ×2 matrices of the form
a b
−b a
We prove that Kis isomorphic to the field Cof complex numbers.
Define a function f:K→Cby the rule
fa b
−b a =a+bi.
To prove that fis injective suppose that
fa b
−b a =fr s
−s r .
Then a+bi =r+si in C. By the rules of equality in Cwe must
have a=rand b=s. Therefore
a b
−b a =r s
−s r .
Consequently, fis injective. The function is surjective because
any complex number a+bi is the image under fof the matrix
a b
−b a
in K. Finally
61
f a b
−b a +c d
−d c =fa+c b +d
−b−d a +c
= (a+c)+(b+d)i
= (a+bi)+(c+di)
=fa b
−b a +fc d
−d c
and
f a b
−b a c d
−d c =fac −bd ad +bc
−ad −bc ac −bd
= (ac −bd)+(ad +bc)i
= (a+bi)(c+di)
=fa b
−b a fc d
−d c .
Therefore, fis an isomorphism.
3. An element ain a ring Rwith identity is called a unit if there
exists u∈Rsuch that au = 1R=ua. In the ring Z8has four
units 1,3,5,7. The ring Z4×Z2has only two units, namely (1,1,)
and (3,1). Therefore Z8is not isomorphic to Z4×Z2.
In the next theorem we show that the field k[x]/(p(x)) contains an
isomorphic copy of the field k. Though we do not prove that k[x]/(p(x))
contains the field kitself it is mathematically correct to conclude that
k[x]/(p(x)) is an extension field of k. As we explore this field of math-
ematics further we realize that most theorems here are proved up to
isomorphisms.
Theorem 3.2.8. Let kbe a field and let p(x)be an irreducible polyno-
mial in k[x]. Then k[x]/(p(x)) is an extension field of kthat contains
a root of p(x).
Proof. By Theorem 3.2.7, k[x]/(p(x)) is a field. Let k∗be the subset
of k[x]/(p(x)) consisting of the congruence classes of all the constant
62
polynomials, that is k∗={[c]; c∈k}. Define a map ϕ:k→k∗by
ϕ(c) = [c]. Clearly ϕis surjective by definition. Since
ϕ(a+b) = [a+b] = [a] + [b] = ϕ(a) + ϕ(b) and
ϕ(ab) = [ab] = [a][b] = ϕ(a)ϕ(b)
ϕis a homomorphism. To see that ϕis injective suppose ϕ(a) = ϕ(b).
Then [a]=[b] which implies p(x) divides a−b. But the degree of
p(x)≥1 and degree of a−bis zero. Therefore, a−b= 0. Thus a=b
and ϕis injective. Therefore ϕis an isomorphism. Hence k[x]/(p(x))
is an extension field of k.
Let p(x) = anxn+·· · +a1x+a0. Recall, that k[x]/(p(x)) denotes
all the remainders possible when divided by p(x). Therefore, p(x)∈[0]
and if a∈kthen a∈[a] in k[x]/(p(x)). Now
p([x]) = an[x]n+···+a1[x] + a0
= [an][x]n+· ·· + [a1][x]+[a0]
= [anxn+· ·· +a1x+a0]
= [p(x)]
= [0k]
Therefore, [x] is a root of p(x) in k[x]/(p(x)).
Example 3.2.9. By Theorem 3.2.8 we get that R[x]/(x2+ 1) is a field
that contains a root [x] (denoted usually by i) of x2+ 1.
Next we show that R[x]/(x2+1) is the same as the field of complex
numbers C.
Theorem 3.2.9. The field R[x]/(x2+ 1) is isomorphic to the field of
complex numbers C.
We know from Example 3.2.4 that R[x]/(x2+ 1) = {[a+bx] : a, b ∈
R}. Let f:R[x]/(x2+ 1) →Csuch that f([a+bx]) = a+bi. We
show that fis an isomorphism. Suppose f([a+bx]) = f([c+dx]), then
a+bi =c+di. Consequently, a=cand b=d. Therefore fis injective.
If a+bi ∈C, then f([a+bx]) = a+bi. Therefore fis surjective. Next
63
we show that fis a homomorphism.
f([a+bx]) + f([c+dx]) = (a+bi)+(c+di) = (a+c) + (b+d)i
=f([(a+c)+(b+d)x])
=f([a+bx] + [c+dx]).
f([a+bx])f([c+dx]) = (a+bi)(c+di)
= (ac −bd)+(bc +ad)i
=f([(ac +bdx2)+(bc +ad)x]) since [x2] = [−1]
=f([a+bx][c+dx]).
Thus R[x]/(x2+ 1) ∼
=C.
3.3 Quotient Rings.
Definition 3.3.1. Let Ibe an ideal in a ring Rand let a, b ∈R. Then
ais congruent to bmodulo I[written a≡b(mod I)], provided a−b∈I.
Congruence in Zand polynomial rings are specific examples of con-
gruence modulo an ideal.
Example 3.3.1.
1. a≡b(mod n) is the same as a≡b(mod I), where I=<n>is
the principal ideal generated by nin Z. Note that a−b∈< n >
if and only if ndivides a−b.
2. Similarly, x3+ 2x+ 1 ≡x+ 1 (mod x2+ 1) is the same as
x3+ 2x+ 1 ≡x+ 1 (mod I) where I=< x2+ 1 >is the principal
ideal generated by x2+ 1 in the polynomial ring Q[x].
Theorem 3.3.1. Let Ibe an ideal in a ring R. Then the relation of
congruence modulo Iis
1. reflexive: a≡a(mod I) for every a∈R;
2. symmetric: if a≡b(mod I), then b≡a(mod I);
3. transitive: if a≡b(mod I) and b≡c(mod I), then a≡c(mod
I).
64
Theorem 3.3.2. Let Ibe an ideal in a ring R. If a≡b(mod I) and
c≡d(mod I), then
1. a+c≡b+d(mod I);
2. ac ≡bd (mod I).
Let Ibe an ideal in a ring Rand if a∈R, then the congruence
class of amodulo Iis the set of all elements of Rthat are congruent
to amodulo I, that is, the set
{b∈R:b≡a(mod I)}
={b∈G:b−a∈I}
={b∈G:b=a+i, for some i∈I}
={i+a:i∈I}.
As a consequence the congruence class of amodulo Iis denoted
a+Iand is called a coset of Iin R. The set of all cosets of Iis
denoted by R/I.
Theorem 3.3.3. Let Ibe an ideal in a ring Rand let a, c ∈R. Then
a≡c(mod I) if and only if a+I=c+I.
Corollary 3.3.4. Let Ibe an ideal in a ring R. Then two cosets of I
are either disjoint or identical.
Theorem 3.3.5. Let Ibe an ideal in a ring R. If a+I=b+Iand
c+I=d+Iin R/I, then
(a+c) + I= (b+d) + Iand ac +I=bd +I.
Theorem 3.3.6. Let Ibe an ideal in a ring R, then R/I is a ring with
addition and multiplication of cosets as defined above.
Proofs of Theorems 3.3.1, 3.3.2, 3.3.3, 3.3.5, 3.3.6, and Corollary
3.3.4 are similar to the proofs we provided for Zin Section 3.1 and are
assigned as exercises.
The ring R/I is called a quotient ring.
65
Example 3.3.2. 1. If R=Z8and I=<2>, then
R/I ={0 + I, 1 + I}.
2. If R=Z2[x] and I=< x2+x+ 1 >, then
R/I ={0 + I, 1 + I, x +I, (x+ 1) + I}.
A quotient ring preserves many properties of the original ring R.
Theorem 3.3.7. Let Ibe an ideal in a ring R. Then
1. If Ris commutative, then R/I is a commutative ring.
2. If Rhas an identity, then so does the ring R/I.
Proof.
1. If Ris commutative and a, c ∈R, then ac =ca. Consequently, in
R/I we have (a+I)(c+I) = ac +I=ca +I= (c+I)(a+I).
Hence R/I is commutative.
2. The identity in R/I is the coset 1R+Ibecause (a+I)(1R+I) =
a1R+I=a+Iand similarly (1R+I)(a+I) = a+I.
Let f:R→Sbe a homomorphism of rings, then the kernel of fis
the set K={r∈R|f(r) = 0S}.
Theorem 3.3.8. Let f:R→Sbe a homomorphism of rings, then
the kernel Kis an ideal in R.
Proof. If a, b ∈K, then f(a−b) = f(a)−f(b)=0S−0S= 0S.
Therefore a−b∈K. If r∈Rand a∈K, then f(ra) = f(r)f(a) =
f(r)0S= 0Sand f(ar) = f(a)f(r) = 0Sf(r) = 0S. Therefore ra ∈K
and ar ∈K. Thus, by Proposition 1.3.1, Kis an ideal of R.
Theorem 3.3.9. Let f:R→Sbe a homomorphism of rings with
kernel K. Then K= (0R)if and only if fis injective.
Proof. Suppose K= (0R) and f(a) = f(b). Then since fis a
homomorphism, f(a−b) = f(a)−f(b) = 0S. Hence a−bis in the
kernel K. Consequently, a−b= 0Rwhich implies a=b. Therefore
fis injective. Conversely, let fbe injective and let f(c) = 0S. Since
f(0R)=0S(see Exercise 10), we get f(c) = f(0R). Therefore c= 0R
by injectivity. Hence the kernel consists of the single element 0R.
66
Theorem 3.3.10. Let Ibe an ideal in a ring R. Then the map π:
R→R/I given by π(r) = r+Iis a surjective homomorphism with
kernel I.
Proof. The map πis surjective because given any coset r+I∈R/I,
π(r) = r+I.πis a homomorphism because
π(r+s) = (r+s) + I= (r+I)+(s+I) = π(r) + π(s) and
π(rs) = rs +I= (r+I)(s+I) = π(r)π(s).
Now π(r) = 0R+Iif and only if r+I= 0R+Iwhich occurs if only if
r≡0R(mod I), that is, if and only if r∈I. Therefore Iis the kernel
of π.
We now prove the First Isomorphism Theorem which is a very useful
tool to prove isomorphism of rings.
Theorem 3.3.11. (First Isomorphism Theorem) Let f:R→Sbe a
surjective homomorphism of rings with kernel K. Then the quotient
ring R/K is isomorphic to S.
Proof. Consider the map ϕ:R/K →Ssuch that ϕ(r+K) = f(r).
If r+K=t+Kthen r−t∈Kby Theorem 3.3.3. Therefore f(r−t) =
0S. Since fis a homomorphism, f(r−t) = f(r)−f(t)=0S, which
implies f(r) = f(t). Hence ϕis a well defined function independent of
how the coset is written. Since fis surjective, for s∈Sthere is some
r∈Rsuch that f(r) = s. Thus ϕis surjective because s=f(r) =
ϕ(r+K). If ϕ(r+K) = ϕ(c+K) then f(r) = f(c) which implies
0S=f(r)−f(c) = f(r−c). Hence r−c∈K, which implies that
r+K=c+K(again by Theorem 3.3.3). Therefore ϕis injective.
Finally ϕis a homomorphism because
ϕ[(c+K) + (d+K)] = ϕ[(c+d) + K] = f(c+d) = f(c) + f(d)
=ϕ(c+K) + ϕ(d+K)
and
ϕ[(c+K)(d+K)] = ϕ(cd +K) = f(cd) = f(c)f(d)
=ϕ(c+K)ϕ(d+K).
Therefore, ϕ:R/K →Sis an isomorphism.
67
Example 3.3.3. We use the First Isomorphism to show that Z[x]/ <
x >∼
=Z. Let f:Z[x]→Zbe such that each polynomial p(x) is
mapped to its constant term cp. If c∈Zthen f(x+c) = c. Therefore
fis surjective. Verify that the constant term of p(x) + q(x) is cp+
cqand the constant term of p(x)q(x) is cpcq. Therefore f(p+q) =
f(p) + f(q) and f(pq) = f(p)f(q). Hence fis a homomorphism. The
polynomials with a zero constant term are precisely those that have x
as a factor. Therefore kernel of fis the ideal < x >. Applying the
First Isomorphism we derive that Z[x]/ < x >∼
=Z.
Like before we use quotient rings to construct new fields.
Definition 3.3.2. An ideal Min a ring Ris said to be maximal if
M̸=Rand whenever Jis an ideal such that M⊆J⊆R, then M=J
or J=R.
Example 3.3.4. We prove that (3) is a maximal ideal in Z. Suppose
Jis an ideal such that (3) ⊆J⊆Z. If J̸= (3) then there exists a∈J
such that 3 does not divide a, that is 3 and aare relatively prime.
Therefore the greatest common divisor of aand 3 is 1. Hence by the
Euclidean Algorithm (see Section A.1) there are u, v ∈Zsuch that
3u+av = 1. Since 3, a ∈J, it follows that 1 ∈J. Therefore J=Z
proving that Jis maximal.
Theorem 3.3.12. Let Mbe an ideal in a commutative ring Rwith
identity. Then Mis a maximal ideal if and only if the quotient ring
R/M is a field.
Proof. Suppose R/M is a field and M⊆J⊆Rfor some ideal J.
If M̸=J, then there exists a∈Jwith a̸∈ M. By Theorem 3.3.3,
a+M= 0R+M, if and only if, a∈M. Hence a+M̸= 0R+M. Since
R/M is a field, a+Mhas inverse b+Msuch that (a+M)(b+M) =
ab +M= 1R+M. This implies ab ≡1R(mod M) which means that
ab −1R=mfor some m∈M. Since a, b ∈Jit follows that 1R∈J.
Consequently, J=R. Therefore Mis a maximal ideal.
Conversely, suppose that Mis a maximal ideal. R/M is a commu-
tative ring with identity by Theorems 3.3.6 and 3.3.7. Consequently,
R/M is a field if every nonzero element of R/M has a multiplicative
inverse. If a+Mis a nonzero element in R/M, then by Theorem
3.3.3, a̸∈ M. The set J={m+ra :r∈Rand m∈M}is an ideal
in Rthat contains Mby Exercise 12. Furthermore, a= 0R+ 1Rais
68
in Jso that M̸=J. By maximality we must have J=R. Hence
1R∈Jwhich implies that 1R=m+ca for some m∈Mand c∈R.
Note that ca −1R=m∈Mwhich implies ca ≡1R(mod M). Hence
ca +M= 1R+M. Consequently the coset c+Mis the inverse of
a+Min R/M:
(c+M)(a+M) = ca +M= 1R+M.
Therefore R/M is a field.
Example 3.3.5. Now we can prove that (3) is a maximal ideal in Zby
a different method than the one used in Example 3.3.4. By Theorem
3.1.6, Z/(3) = Z3is a field. Hence, Theorem 3.3.12 proves that (3) is
a maximal ideal in Z.
3.4 Splitting fields of polynomials.
In this section, given a polynomial p∈F[x] such that Fis a field, we
show that an extension field K⊇Fexists such that psplits completely
as linear factors. We also classify all the finite fields up to isomorphism.
Let Rbe a ring with identity. Then Ris said to have characteristic
nif nis the smallest positive integer such that n1R= 0R.
Example 3.4.1. The ring Z5has characteristic 5.
Theorem 3.4.1. Let Rbe a ring with identity.
1. The set P={k1R|k∈Z}is a subring of R.
2. If Rhas characteristic 0then P∼
=Z.
3. If Rhas characteristic n > 0then P∼
=Zn.
Proof. Define f:Z→Rby f(k) = k1R. Then fis a homomor-
phism because
f(k+t) = (k+t)1R=k1R+t1R=f(k) + f(t);
and
f(kt) = (kt)1R= (k1R)(t1R) = f(k)f(t).
The image of fis the set Ptherefore Pis a ring (see Exercise 13).
Consequently fcan be considered as a surjective homomorphism from
69
Zto P. Then by the First Isomorphism Theorem we get P∼
=Z/kerf .
If Rhas characteristic 0 then the only integer ksuch that k1R= 0 is
k= 0. So that the kernel of fis the ideal <0>in Zand
P∼
=Z/ < 0>∼
=Z.
If Rhas characteristic n > 0 then we prove that Kernel of fis the
principal ideal < n >. Suppose that k1R= 0R. Divide kby nto write
k=nq +rwhere 0 ≤r < n. Then
r1R=r1R+ 0R
=r1R+n1R,since n1R= 0R
=r1R+nq1R
= (r+nq)1R
=k1R
= 0R.
Since r < n and nis the smallest positive integer such that n1R= 0R
(by definition of the characteristic) we must have r= 0. Therefore
k=nq implying that k∈< n >. Therefore Ker f=< n >. Therefore
P∼
=Z/ < n >=Zn.
If a field Fhas characteristic zero then Theorem 3.4.1 implies that
Fhas a copy of Zand therefore is infinite.
Corollary 3.4.2. Every finite field Fhas characteristic pfor some
prime p.
Proof. Suppose the characteristic of Fis nand nis not a prime
number. Then n=kt where kand tare positive integers such that
k < n and t < n. Then
0F= (kt)1R= (k1R)(t1R).
This implies either (k1R) = 0 or (t1R) = 0 (see Exercise 19) con-
tradicting the fact that nis the smallest integer such that n1R= 0R.
Therefore, the characteristic of Fis a prime number.
Let Kbe an extension field of F. Let w, u1, . . . , unbe elements of
K. If w∈Kcan be written in the form w=a1u1+a2u2+· ·· +anun
with each ai∈F, we say that wis a linear combination of u1, . . . , un.
If every element of Kis a linear combination of u1, . . . , un, we say that
the set (u1, . . . , un)spans Kover F.
70
Example 3.4.2. The set {1, i}spans Cover R.
A subset {u1, . . . , un}of Kis said to be linearly independent over
Fprovided that whenever
c1u1+c2u2+· ·· +cnun= 0F
with each ci∈F, then ci= 0Ffor every i. A set that is not linearly
independent is said to be linearly dependent. A set {u1, . . . , um}is
linearly dependent over Fif there exists elements b1, . . . , bmin Fnot
all zero such that b1u1+·· · +bmum= 0F.
Example 3.4.3. 1. The set {1 + i, 2i, 2 + 8i}is linearly dependent
over Rsince
2(1 + i) + 3(2i)−(2 + 8i) = 0.
2. The set {1, i}is linearly independent over R.
A subset {u1, . . . , un}of Kis said to be a basis of Kover Fif it
spans Kand is linearly independent over F.
Example 3.4.4. The set {1, i}is a basis of Cover R.
If Khas a finite basis over Fthen Kis said to be finite dimensional
over F. The dimension of Kover Fis the number of elements in any
basis of Kand is denoted [K:F]. In the exercises you will show that
if S={u1, . . . , un}spans Kover Fthen some subset of Sis a basis of
Kover F. The order of a field is the number of elements in the field.
We now look at the order of a field.
Theorem 3.4.3. A finite field Fhas order pn, where pis the charac-
teristic of Fand n= [F:Zp].
Proof. By Theorem 3.4.1, since Fhas characteristic p,Zp⊂F.
Hence, there is certainly a finite set of elements that spans Fover
Zp(the set Fitself for example). Consequently Fhas a finite basis
(u1, . . . , un) over Zp(see Exercise 20). Every element of Fcan be
uniquely written in the form
c1u1+c2u2+· ·· +cnun(3.1)
with each ci∈Zp. Since there are ppossibilities for each cithere are
precisely pndistinct linear combinations of the form 3.1. So the order
of Fis pn.
71
If u1, u2, . . . , unare elements of an extension field Kof F, then we
denote F(u1, u2. . . , un) to be smallest subfield of Kthat contains Fand
all the ui.F(u1, u2. . . , un) is said to be a finitely generated extension
of Fgenerated by u1, . . . , un. An extension field F(u) generated by
one element is called a simple extension.
An element uof an extension field Kover Fis algebraic over Fif
it is the root of a nonzero polynomial in F[x].
Definition 3.4.1. The minimal polynomial of an element u∈Kover
Fis an irreducible monic polynomial p(x)such that p(u) = 0F. More-
over if uis a root of g(x)∈F[x], then p(x)divides g(x).
Example 3.4.5. The minimal polynomial of i∈Cis x2+ 1 over R.
In the exercises you will show that a minimal polynomial of an
algebraic element over a field Falways exist and is unique.
Theorem 3.4.4. Let Kbe an extension field of Fand u∈Kan
algebraic element over Fwith minimal polynomial p(x)of degree n.
Then {1F, u, u2, . . . , un−1}is a basis of F(u)over Fand therefore
[F(u) : F] = n.
Proof. Let ϕ:F[x]→F(u) be such that ϕ(f(x)) = f(u). Every
constant polynomial cis mapped to itself by ϕand ϕ(x) = u. So Image
of ϕ(Imϕ) is a field that contains both Fand u. But since F(u) is
the smallest field that contains both Fand u,F(u)⊆Imϕ. But by
the definition of ϕand since F(u) is a field we have that Imϕ⊆F(u).
Therefore Imϕ=F(u). Therefore every nonzero element in F(u) is of
the form f(u) for some f(x)∈F[x]. Dividing f(x) by p(x) we write
f(x) = q(x)p(x) + r(x) such that degree of r(x) is less than n. Conse-
quently f(u) = q(u)p(u) + r(u) = q(u)0F+r(u) = r(u). Hence f(u)
has degree less than n. Therefore the set {1F, u, u2, . . . , un−1}spans
F(u) over F. To show that this set is linearly independent suppose
that c0+c1u+···+cn−1un−1= 0Fwith each ci∈F. Then uis a root
of this polynomial and therefore p(x) divides this polynomial which has
degree less than n. This is possible only when c0+c1u+···+cn−1un−1
is the zero polynomial, that is, each ci= 0F. Thus, {1F, u, u2, . . . , un−1
is a basis of F(u).
In the Exercises you will prove that F(u)∼
=F[x]/(p(x)) by showing
that ϕin Theorem 3.4.4 is an isomorphism. As a consequence if uand
vare roots of the same minimal polynomial then F(u)∼
=F(v).
72
Let E, F be fields and let σ:F→Ebe an isomorphism. Then
it can be easily verified that the map that sends a polynomial p(x) =
c0+c1x+···+cnxnin F[x] to σ(p(x) = σ(c0) + σ(c1)x+· ··+σ(cn)xn
is an isomorphism. That is σextends F∼
=Eto F[x]∼
=E[x]. If p(x) is
irreducible, then σ(p(x) is also irreducible (see Exercise 32). The next
step is to show that σextends to an isomorphism between extension
fields.
Theorem 3.4.5. Let σ:F→Ebe an isomorphism of fields. Let ube
an algebraic element in some extension field of Fwith minimal poly-
nomial p(x)∈F[x]. Let σ(p(x)) be the irreducible polynomial obtained
by applying σto the coefficients of p(x)and let vbe a root of σ(p(x)).
Then σextends to an isomorphism of fields F(u)and E(v).
Proof. By Exercise 25, F[x]/(p(x)) ∼
=F(u) and E[x]/(σ(p(x))) ∼
=
E(v). Since σis an isomorphism, the maximal ideal (p(x)) gets mapped
to the maximal ideal σ(p(x)). Therefore the Kernel of the composition
of the surjective functions
F[x]→E[x]→E[x]/(σ(p(x))) →E(v).
is (p(x)). By the First Isomorphism Theorem F[x]/p(x)∼
=E(v).
Thus F(u)∼
=E(v).
If f(x) factors in K[x] as
f(x) = c(x−u1)(x−u2). . . (x−un)
then we say that f(x)splits over the field K. In other words, K
contains all the roots of f(x).
Definition 3.4.2. If Fis a field and f(x)∈F[x], then an extension
field Kof Fis said to be a splitting field of f(x)over Fprovided
that
1. f(x)splits over K, say f(x) = c(x−u1)(x−u2)···(x−un)and
2. K=F(u1, u2, . . . , un).
Example 3.4.6. 1. The polynomials f(x) = 2x4+x3−21x2−14x+
12 factorizes as (x+ 3)(x−1
2)(2x2−4x−8) over Q. The roots of
the factor 2x2−4x−8 are 1 ±√5 (apply quadratic formula). So
the splitting field of f(x) over Qis Q(√5).
73
2. The splitting field of f(x) = x2+ 1 over Ris R(i) = C(see
Exercise 18), where i=√−1. But the splitting field of f(x) over
Qis Q(i) which is a much smaller field than C.
By Theorem A.2.7 f(x) is irreducible in R[x] if and only if f(x) is a
first degree polynomial or a second degree polynomial such that its
discriminant is negative. Consequently the splitting field of f(x)
is either Ror R(i) = C. This gives us the Fundamental Theorem
of Algebra, that is, every polynomial with real coefficients has a
root in C.
Next we prove that splitting fields always exist.
Theorem 3.4.6. Let Fbe a field and let f(x)be a non-constant poly-
nomial of degree nin F[x]. Then there exits a splitting field Kof f(x)
over Fsuch that [K:F]≤n!.
Proof. The proof is by induction on the degree of f(x). If f(x) has
degree 1 then Fis the splitting field of f(x) and [F:F] = 1 <1!. Sup-
pose the theorem is true for all polynomials of degree less than nand
that f(x) has degree n. Every polynomial is a product of irreducible
factors therefore f(x) has an irreducible factor in F[x]. Multiplying
this factor by the inverse of its leading coefficient we get a monic ir-
reducible factor p(x) of f(x). By Theorem 3.2.8 there is an extension
field that contains a root uof p(x) and hence of f(x). Moreover p(x)
is necessarily the minimal polynomial of u. Consequently by Theorem
3.4.4 [F(u) : F] = deg p(x)≤deg f(x) = n. Now f(x) factorizes
as f(x) = (x−u)g(x) for some g(x)∈F(u)[x]. Since g(x) has de-
gree n−1, the induction hypothesis gives us a splitting field Kof
g(x) over F(u) such that [K:F(u)] ≤(n−1)!. In K[x], g(x) = c(x−
u1)···(x−un−1) and hence f(x) = c(x−u)(x−u1)···(x−un−1). Since
K=F(u)(u1, . . . , un−1) = F(u, u1, . . . , un−1), Kis a splitting field of
f(x) over Fsuch that [K:F] = [K:F(u)][F(u) : F]≤n(n−1)! = n!.
This completes the inductive step and hence the proof of the Theo-
rem.
Two splitting fields of a polynomial are isomorphic. The standard
way to prove this fact is by proving a stronger result that an isomor-
phism σbetween fields Fand Eextends to an isomorphism of splitting
fields. Then by setting F=Eand σto be the identity map we get
that any two splitting fields of a polynomial are isomorphic.
74
Theorem 3.4.7. Let σ:F→Ebe an isomorphism of fields, f(x)a
non-constant polynomial in F[x]and σf (x)the corresponding polyno-
mial in E[x]. If Kis a splitting field of f(x)over Fand Lis a splitting
field of σf (x)over E, then σextends to an isomorphism K∼
=L.
Proof. The proof is by induction on the degree of f(x). If deg
f(x) = 1, then K=F.σ(f(x)) also has degree 1 and therefore
E=L. Thus σprovides the isomorphism of the splitting fields too.
Now suppose the Theorem is true for polynomials of degree n−1 and
f(x) has degree n. As in Theorem 3.4.6, f(x) has a monic irreducible
factor p(x). Let ube a root of p(x) and vbe a root of σ(p(x)). Then
by Theorem 3.4.5 F(u)∼
=E(v). Now f(x) = (x−u)g(x) and degree of
g(x) = n−1. Therefore by the induction hypothesis the isomorphism
F(u)∼
=E(v) can be extended to an isomorphism K∼
=Lwhere K
is the splitting field of g(x) over F(u) and Lis the splitting field of
σ(g(x)) over E(v). Consequently Kand Lare also splitting fields of
f(x) and σ(f(x)) and this proves the Theorem.
A polynomial f(x) is said to be separable if it has no repeated roots
in any splitting field. The derivative of
f(x) = c0+c1x+c2x2+···+cnxn∈F[x]
is
f′(x) = c1+ 2C2x+ 3C3x2+···ncnxn−1∈F[x].
When F=Rthis is the usual derivative of calculus.
Lemma 3.4.1. Let Fbe a field and f(x)∈F[x]. If f(x)and f′(x)
are relatively prime in F[x]then f(x)is separable.
Proof. Let Kbe a splitting field of f(x) and suppose on the contrary
f(x) is not separable. Then f(x) must have a repeated root uin K.
Hence f(x) = (x−u)2g(x) for some g(x)∈K[x] and by Exercise 26
f′(x) = (x−u)2g′(x) + 2(x−u)g(x).
Therefore f′(u) = 0Fand uis a root of f′(x). Consequently, the
minimal polynomial of udivides both f(x) and f′(x). Therefore f(x)
and f′(x) are not relatively prime which is a contradiction. Hence f(x)
is separable.
Theorem 3.4.8. Let Fbe a field of characteristic zero. Then every
irreducible polynomial in F[x]is separable.
75
Proof. An irreducible polynomial p(x)∈F[x] is nonconstant and
hence
p(x) = cxn+ (lower degree terms), withc̸= 0Fand n≥1.
Then
p′(x) = (nc)xn−1+ (lower degree terms), withnc ̸= 0F.
Therefore p′(x) is a nonzero polynomial of lower degree than p(x).
Since p(x) is irreducible, p(x) and p′(x) are relatively prime. Hence
p(x) is separable by Lemma 3.4.1.
The Theorem is false if Fdoes not have characteristic 0.
Example 3.4.7. Consider the polynomial f(x) = x2−yin Z2(y)where
yis an indeterminate. Then f(x)is irreducible because it has no roots
in Z2(y). Since f′(x) = 0,f(x)is not separable by Lemma 3.4.1.
Corollary 3.4.9. Let Fbe a field. Then an irreducible polynomial
f(x)∈F[x]is separable if f′(x)̸= 0.
Proof. The proof is similar to the proof of Theorem 3.4.8.
Theorem 3.4.10. Let Kbe an extension field of Zpand na positive
integer. Then Khas order pnif and only if Kis a splitting field of
xpn−xover Zp.
Proof. Assume Kis a splitting field of xpn−x∈Zp[x]. Since
f′(x) = pnxpn−1−1 = −1, f(x) is separable by Lemma 3.4.1. Moreover,
the set Econsisting of the pndistinct roots of f(x) is a subfield of K
by Exercise 27. Since Kis a splitting field, Kis the smallest field
containing the set Eof roots. Hence, K=E, which implies Khas
order pn.
Conversely, suppose Khas order pn. Theorem 4.5.8 implies that
every nonzero element cof Ksatisfies cpn−1= 1K. Therefore cis a root
of xpn−x. 0Kis also a root of xpn−x. Hence, the pnelements of K
are all the possible roots of xpn−x. Therefore Kis the splitting field
of xpn−x.
Corollary 3.4.11. For each positive prime pand positive integer n,
there exists a field of order pn.
76
Proof. A splitting field of xpn−xover Zpexists by Theorem 3.4.6
It has order pnby Theorem 3.4.10.
Example 3.4.8. Let p= 2, n = 2 in Corollary 3.4.11. Since
x4−x=x(x+ 1)(x2+x+ 1) ∈Z2,
the splitting field of x4−xis Z2/(x2+x+ 1) = {[0],[1],[x],[x+ 1]}.
Corollary 3.4.12. Two finite fields of the same order are isomorphic.
Proof. If Kand Lare fields of order pn, then both are splitting fields
of xpn−xover Zp, by Theorem 3.4.10. Hence they are isomorphic by
Theorem 3.4.7.
Finite fields have many applications in many areas including combi-
natorics, cryptography, projective geometry, and experimental design.
We use finite fields to count mutually orthogonal Latin squares and to
generate algebraic codes in Chapter 6.
Exercises.
1. A relation T⊂A×Aon a set Ais called an equivalence relation
provided that Tis reflexive ((a, a)∈T, for every a∈A), sym-
metric (if (a, b)∈T, then (b, a)∈T), and transitive (if (a, b)∈T
and (b, c)∈T, then (a, c)∈T). Let ∼be an equivalence relation
on a set A. Then the equivalence class of a∈A, denoted [a], is
the set
[a] = {b|b∈Aand b∼a}.
Prove that if a, b ∈Athen a∼bif and only if [a] = [b] and
that any two equivalence classes are either disjoint or identical.
Note that the congruence modulo relations in this chapter are
equivalence relations.
2. Show that
39 mod 181 = 39,181 mod 39 = 25,39 mod 39 = 0,
−17 mod 55 = 38,0 mod 39 = 0,25 mod 5 = 0,
−13 mod 5 = 2,1 mod 39 = 1,39 mod 13 = 0.
77
3. Prove the Freshman’s dream: Let pbe a prime and Ra commuta-
tive ring with identity of characteristic p. Then for every a, b ∈R
and every positive integer n,
(a+b)pn=apn+bpn.
4. Let f(x), g(x), h(x)∈Z[x] with f(x) = g(x)h(x). If pis a prime
that divides every coefficient of f(x), then either pdivides every
coefficient of g(x) or pdivides every coefficient of h(x).
5. Prove that f(x) is an associate of g(x) if and only if g(x) is an
associate of f(x).
6. Verify that f(x) = g(x)h(x) in Z[x] implies that f(x) = g(x)h(x)
in Zp[x].
7. Prove that there are pn+1 −pnpolynomials of degree nin Zp[x].
8. Determine whether the two rings are isomorphic.
(a) Qand R.
(b) R×Rand C.
(c) Z4×Z4and Z16.
(d) Z6and Z2×Z3.
9. Let f:C→Cbe the complex conjugation map given by f(a+
bi) = a−bi. Show that fis an isomorphism.
10. Let f:R→Sbe a homomorphism of rings. Prove that f(0R) =
0S. Also prove that f(−a) = −f(a) for every a∈R.
11. Prove that f, g :R→Rgiven by f(x) = x+ 1 and g(x) = 2xare
not isomorphisms.
12. Let Rbe a commutative ring with identity and let Mbe an ideal
of R. Prove that the set J={m+ra|r∈Rand m∈M}is an
ideal in Rthat contains M.
13. If Rand Sare rings and f:R→Sis a homomorphism, prove
that f(R) = {f(a)∈S|a∈R}is a subring of S.
14. Let p(x)∈Zn[x] be a polynomial of degree k. Prove that there
are nkdistinct congruence classes in Zn[x]/(p(x)).
78
15. Let I={0,3}in Z6. Verify that Iis an ideal and show that
Z6/I ∼
=Z3.
16. Let Ibe an ideal in a noncommutative ring Rsuch that ab−ba ∈I
for all a, b ∈R. Prove that R/I is commutative.
17. Use the First Isomorphism Theorem to show that Z20/ < 5>∼
=
Z5.
18. Prove that the field R(i) is C, where i=√−1.
19. Let Fbe a field and let a, b ∈F. If ab = 0Fprove that either
a= 0 or b= 0.
20. Prove that if S={u1, . . . , un}spans Kover Fthen some subset
of Sis a basis of Kover F.
21. Let Kbe an extension field of F. Prove that any two finite bases
of Kover Fhave the same number of elements.
22. Let F, K , and Lbe fields such that F⊆K⊆L. If [K:F]
and [L:K] are finite, then prove that Lis a finite dimensional
extension of Fand [L:F] = [L:K][K:F].
23. Let Kand Lbe finite dimensional extension field of Fand let
f:K→Lbe an isomorphism such that f(c) = cfor every c∈F.
Prove that [K:F] = [L:F].
24. Prove that a minimal polynomial of an algebraic element over a
field Falways exist and is unique.
25. In Theorem 3.4.4 show that ϕis an isomorphism between F(u)
and F[x]/(p(x)).
26. Let kbe a field and let f, g ∈k[x]. Prove that the following rules
hold for derivatives: (f+g)′(x) = f′(x) + g′(x) and (fg)′(x) =
f(x)g′(x) + g(x)f′(x)
27. Let Kbe a splitting field of xpn−x∈Zp[x]. Prove that the set
Econsisting of all the pndistinct roots of the polynomial xpn−x
is a subfield of K.
28. Prove that if Kis a finite dimensional extension field of F, then
Kis an algebraic extension of F.
79
29. Prove that if Kis a finitely generated separable extension field of
F, then K=F(u) for some u∈K.
30. Prove that if K=F(u1, . . . , un) is a finitely generated extension
field of Fand each uiis algebraic over F, then Kis a finite
dimensional algebraic extension of F.
31. Let f(x) be an irreducible polynomial in Zp[x] such that degree
of f(x) divides n. Show that the polynomial f(x) is a factor of
xpn−xin Zp[x].
32. Let σ:F→Ebe an isomorphism of fields, and let σ(p(x)) denote
the polynomial obtained by applying σto the coefficients of p(x).
Show that σ(p(x)) is irreducible.
80
Chapter 4
Formulas to find roots of
polynomials.
There is something to complete in this demonstration. I do not have
the time - Evariste Galois.
Most of us know how to solve a polynomial of degree 2 using the
quadratic formula. It is natural to ask whether there are such formulas
for polynomials of degrees greater than 2. In this chapter, we provide
formulas for finding roots of polynomials of degrees 3 and 4, and prove
that no formulas can exist for polynomials of degrees greater than 4.
4.1 Groups.
In this section, we introduce groups which are algebraic structures sim-
ilar to rings but with only a single operation. We use groups later in
the chapter to analyze roots of polynomial equations.
Definition 4.1.1. A group is a nonempty set Gequipped with an op-
eration ∗that satisfies the following properties.
1. Closure: If a∈Gand b∈G, then a∗b∈G.
2. Associativity: a∗(b∗c) = (a∗b)∗c, for all a, b, c ∈G.
3. There is an element e∈G(called the identity element) such that
a∗e=a=e∗afor every a∈G.
81
4. For each a∈G, there is an element a−1∈G(called the inverse
of a) such that a∗a−1=e=a−1∗a.
A group Gis said to abelian if its operation ∗is commutative, that
is,
a∗b=b∗afor all a, b ∈G.
Generally, for groups the multiplicative notation is used. Whenever
the operation is addition we switch to suitable notation. For example
we replace −aas inverse of ainstead of a−1and so on.
Example 4.1.1. 1. We prove that the set G={1,−1, i, −i} ∈ Cis
a group under multiplication by checking the four axioms in the
definition of a group. From the operation table for Ggiven below
we verify that 1 is the multiplicative identity, every element has
an inverse and that closure and associativity holds in G. Thus G
is a group. We also check that Gis commutative from the same
table.
·1 -1 i -i
1 1 -1 i -1
-1 -1 1 -i i
i i -i -1 1
-i -i i 1 -1
Table 4.1: The operation table of G.
2. It is easy to verify that every ring is an abelian group under
addition. Also check that the nonzero elements of a field form an
abelian group under multiplication.
3. Let G1, G2, . . . , Gnbe groups. We define a coordinate-wise oper-
ation on the Cartesian product G1×G2× · ·· × Gn:
(a1, a2, . . . , an)(b1, b2, . . . , bn) = (a1b1, a2b2, . . . , anbn).
Check that G1×G2× ·· · × Gnis a group under this operation.
4. From Example 3, we know that in the ring Z8, the set of units
U8={1,3,5,7}.U8is a group under multiplication (see operation
table in Example 4.1.2).
82
Just like in the case of rings, isomorphisms play a critical role and
isomorphic groups are considered to be essentially the same.
Definition 4.1.2. Let Gand Hbe groups. A function f:G→H
is a homomorphism if f(a∗b) = f(a)∗f(b)for all a, b ∈G. The
group Gis said to be isomorphic to the group Hif there is a bijective
homomorphism from Gto H.
Example 4.1.2. We show that the multiplicative group U8={1,3,5,7}
of units in Z8is isomorphic to the additive group Z2×Z2. Let the func-
tion f:U8→Z2×Z2be such that
f(1) = (0,0), f (3) = (1,0), f(5) = (0,1), f (7) = (1,1).
fis bijective by its definition. We determine that fis a ho-
momorphism from the operation tables of the two groups, that is,
f(ab) = f(a)f(b) for a, b ∈U8. Thus U8∼
=Z2×Z2.
U8Z2×Z2
◦1 3 5 7
1 1 3 5 7
3 3 1 7 5
5 5 7 1 3
7 7 5 3 1
+ (0,0) (1,0) (0,1) (1,1)
(0,0) (0,0) (1,0) (0,1) (1,1)
(1,0) (1,0) (0,0) (1,1) (0,1)
(0,1) (0,1) (1,1) (0,0) (1,0)
(1,1) (1,1) (0,1) (1,0) (0,0)
Next, we look at groups of permutations.
Definition 4.1.3. A permutation of the set Gof nelements is an
ordered arrangement of the nelements.
Let Sndenote the set of all permutations of the set {1,2, . . . , n}.
Example 4.1.3. The set S3of permutations of the set S={1,2,3}is
S3={123,231,312,213,321,132}.
We now describe a recursive algorithm to generate all the permu-
tations of {1,2, . . . , n}.
Algorithm 4.1.1 (Generating permutations).1. Write down each
permutation of {1,2, . . . , n −1},ntimes.
83
2. Interlace nwith these permutations from left to right to get Sn.
Example 4.1.4. We derive the permutations of the set {1,2}from the
permutation of the set {1}using Algorithm 4.1.1.
12
21
Again, applying Algorithm 4.1.1, we get that the permutations of
the set {1,2,3}are
1 2 3
132
31 2
2 1 3
231
32 1
Observe that a permutation is a bijective function ffrom the set G
to itself. We now introduce the cycle notation of permutations which
we use henceforth. Let a1, a2, . . . , ak,k≥1 be distinct elements of the
set {1,2, . . . , n}. Then (a1, a2, . . . , ak) denotes the permutation in Sn
that maps a1to a2,a2to a3,...,akto a1and maps every other element
of {1,2, . . . , n}to itself. (a1, a2, . . . , ak) is called a cycle of length kor
ak-cycle.
Example 4.1.5. In the cycle notation the identity permutation 123 ∈
S3can be written either as (1),(2),or (3), but the usual convention is
to denote the identity by (1) or e. The permutation 213 = (12), and
so on. Thus, in the cycle notation,
S3={(1),(123),(132),(12),(13),(23)}.
The product of permutations is the composition of permutations as
functions.
Example 4.1.6. In S4the product (243)(1243) is (1423) and (123)(12) =
(13).
Two cycles are said to be disjoint if they have no elements in com-
mon. We leave it as an exercise to show that every permutation in Sn
is a product of disjoint cycles.
84
Example 4.1.7. In S8the permutation 51724638 is the same as (1542)(37).
Lemma 4.1.1. Every permutation in Snis a product of transpositions.
Proof. Every permutation is a product of cycles by Exercise 6. Any
cycle (a1a2···ak) is a product of transpositions:
(a1a2···ak) = (a1ak)(a1ak−1)· ··(a1a3)(a1a2).
There are n!=1·2· · ·· · nelements in Snand Snis a nonabelian
group with the operation of product of permutations (see Exercise 2).
Check that the set of all permutations of a set Gwith nelements is
isomorphic to Sn. Shortly, we prove that every group is isomorphic to
a group of permutations.
Definition 4.1.4. A subset Kof a group Gis a subgroup of Gif Kis
itself a group under the operation in G.
Example 4.1.8. 1. Since every ring Ris a group under addition,
every subring is a subgroup of R. In particular, every ideal Ris
a subgroup of R.
2. The six subgroups of the group S3are
{e},{e, (12)},{e, (13)},{e, (23)},{e, (123),(132)},and S3.
3. A permutation is said to be even if it can be written as a product
of even number of transpositions. Otherwise it is called an odd
permutation. The set of all even permutations of Sn, denoted by
An, is a subgroup.
The next result helps us skip a couple of steps while checking
whether a subset of a group is a subgroup.
Theorem 4.1.1. A nonempty subset Hof a group Gis a subgroup of
Gprovided that
1. if a, b ∈H, then ab ∈Hand
2. if a∈Hthen a−1∈H.
85
Proof. By definition H⊂Gis a subgroup of Gif His a group.
Now Properties 1 and 2 are the closure and inverse axioms for a group.
Associativity holds in Hbecause His a subset of G. So we only have
to prove that the identity e∈H. Since His nonempty, there exists
an element c∈H. Now c−1∈Hby Property 2 and cc−1=e∈Hby
Property 1. Therefore His a group and hence a subgroup of G.
Note that to prove that a finite subset is a subgroup you need to
only check for closure (see Exercise 31).
Theorem 4.1.2. Let Gand Hbe groups and let f:G→Hbe a
homomorphism. Then Im fis a subgroup of H. If fis injective then
G∼
=Im f.
Proof. The identity eHis in Im fbecause
f(eG)f(eG) = f(eGeG) = f(eG) = eHf(eG).(4.1)
Since His a group, f(eG)−1exists. Multiplying Equation 4.1 by
f(eG)−1on both sides, we get f(eG) = eH. Therefore Im fis nonempty.
Since fis a homomorphism, f(a)f(b) = f(ab). Hence Im fis closed.
Now
f(a−1)f(a) = f(a−1a) = f(eG) = eH.
Similarly, we prove that f(a)f(a−1) = eH. Therefore, f(a−1) = f(a)−1.
Thus the inverse of f(a) is also in Im f. Therefore Im fis a subgroup
of Hby Theorem 4.1.1. Now fis a surjective function from Gto Im
f. Consequently, if fis also an injective homomorphism, then fis an
isomorphism.
The number of elements in a group is called the order of the group.
We denote the order of a group Gas |G|. An element ain a group is
said to have finite order if ak=efor some positive integer k. The order
of an element ais the smallest positive integer nsuch that an=e. The
order of ais denoted by |a|. The element ais said to have infinite order
if ak̸=efor every positive integer k.
Example 4.1.9. 1. |Sn|=n!.
2. In the group G={±1,±i}under multiplication of complex num-
bers, |G|= 4. The order of iis 4 because i2=−1, i3=−i, i4= 1.
Similarly −ihas order 4. Whereas −1 has order 2. Finally, 1,
which is the multiplicative identity, has order 1.
86
3. In the additive group Z5, 3 has order 5 because:
3 + 3 = 1,3 + 3 + 3 = 4,3 + 3 + 3 + 3 = 2,3 + 3 + 3 + 3 + 3 = 0.
But in the additive group of integers Z, 3 has infinite order.
Now we are ready to show that every group is isomorphic to a
permutation group.
Theorem 4.1.3 (Cayley’s Theorem).Every group is isomorphic to a
group of permutations. Moreover, every finite group Gof order nis
isomorphic to a subgroup of the symmetric group Sn.
Proof. Let A(G) be the set of all permutations of the set G. By
Exercise 12, A(G) is a group with composition as the group operation.
A(G) is also the set of all bijective functions from Gto G. Let a∈G
and let the map ϕa:G→Gbe such that ϕa(x) = ax. Then ϕa∈A(G)
by Exercise 26. Now define f:G→A(G) by f(a) = ϕa. Now
f(ab)(x) = ϕab(x) = ab(x). On the other hand f(a)◦f(b) = (ϕa◦
ϕb)(x) = ϕa(ϕb(x)) = ϕa(bx) = abx. Therefore f(ab) = f(a)◦f(b).
Thus fis a homomorphism. Consequently, Im fis a subgroup of A(G)
by Theorem 4.1.2. Suppose f(a) = f(b), then ϕa(x) = ϕb(x) for all
x∈G. Consequently, a=ae =ϕa(e) = ϕb(e) = be =b. Hence fis
injective. Therefore G∼
=Im fby Theorem 4.1.2.
If Ghas nelements, then A(G) is isomorphic to Snby Exercise 2.
But since Gis isomorphic to a subgroup of A(G) it follows that Gis
isomorphic to a subgroup of Sn.
Thus, in effect, permutation groups are the only groups up to iso-
morphism. This representation of a group is sometimes useful because
permutations are concrete objects and calculations are straightforward.
But usually other isomorphic representations of a group lead to a bet-
ter understanding about the basic underlying structure of the group as
we shall see in following sections.
4.2 Cyclic groups.
In this section we study groups that are generated by a single element.
The next theorem deals with the properties of the order of an element
in a group. These properties are useful in determining the inherent
structure of the group.
87
Theorem 4.2.1. Let Gbe a group and let a∈G.
1. If ahas infinite order, then the elements ak, with k∈Z, are all
distinct.
2. If ahas finite order nthen ak=eif and only if ndivides k.
Moreover, ai=ajif and only if i≡j(mod n).
3. If ahas order nand n=td with d > 0, then athas order d.
Proof.
1. Suppose ai=ajwith i>j. The multiplying both sides by a−j
shows that ai−j=e. Since i−j > 0 we get ahas finite order
which is a contradiction. Therefore the elements ak, with k∈Z,
are all distinct.
2. If ndivides k, say k=nt, then ak=ant = (an)t=et=e.
Conversely suppose that ak=e. Then divide kby nto get
k=nq +rsuch that 0 ≤r≤n. Consequently
e=ak=anq+r= (an)qar=eqar=ear=ar.
By the definition of order, nis the smallest positive integer with
an=e. Therefore r= 0 implying k=nq. Hence ndivides k.
Like before, ai=ajif and only if ai−j=e. And ai−j=eif and
only if ndivides i−j, that is, if and only if i≡j(mod n).
3. Now (at)d=atd =an=e. Consequently to show that dis the
order of atwe need to show that dis the smallest integer such
that (at)d=e. Let kbe any positive integer such that (at)k=e,
then atk =e, Since nis the order of a, by Part 2, ndivides
tk. Therefore tk =nr = (td)rfor some integer r. This implies
k=dr. Since kand dare positive integers and ddivides kwe get
d≤k. Thus, we conclude that athas order d.
Theorem 4.2.2. Let Gbe a group and let a∈G. Let <a>denote
the set of all powers of a, that is
< a >={an|n∈Z}={. . . , a−2, a−1, a0, a1, a2, . . . }.
Then, < a > is a subgroup of G.
88
Proof. The product of any two elements of < a > is in < a >
because aiaj=ai+j. The inverse of akis a−k, and a−kis also in < a >.
Therefore < a > is a subgroup by Theorem 4.1.1.
The group < a > is called the cyclic subgroup generated by a. If the
subgroup < a > is the entire group G, we say that Gis a cyclic group.
Observe that cyclic groups are necessarily abelian.
Example 4.2.1. 1. In S3, the cyclic subgroup <(123) >is
<(123) >={e, (123),(132)}.
2. In the additive group Z8, the cyclic subgroup <2>={2,4,6,0}.
The cyclic subgroup <1>is the entire group Z8and therefore
Z8is a cyclic group. Generalizing, Zn=<1>is cyclic.
3. The group Z=<1>and therefore is a cyclic group.
4. We prove that the group Zm×Znis cyclic if and only if gcd(m, n) =
1. Observe that the order of Zm×Znis mn. Let gcd(m, n) =
d > 1. Then m=dr and n=ds for some integers rand s. Thus
drs < d2rs =mn. If (a, b)∈Zm×Zn, then
drs(a, b) = (drsa, drsb) = (msa, nrb) = (0,0).
Thus the order of (a, b) is a divisor of drs and hence is strictly less
than mn. Thus Zm×Znis not cyclic when Let gcd(m, n)̸= 1.
When the gcd(m, n) = 1,
Zm×Zn=<(1,1) > .
Theorem 4.2.3. Let Gbe a group and let a∈G.
1. If ahas infinite order, then < a > is an infinite subgroup consist-
ing of the distinct elements akwith k∈Z.
2. If ahas finite order n, then < a > is a subgroup of order nand
< a >={e=a0, a1, . . . , an−1}.
Proof.
1. This follows from Part 1 of Theorem 4.2.1.
89
2. Part 2 of Theorem 4.2.1 says that ai=ajif and only if i≡j
(mod n). Every integer is in the congruency class of one of the
integers in {0,1, . . . , n −1}(see Section 3.1). Since no two in-
tegers 0,1, . . . , n −1 are congruent modulo n,ai̸=ajif i, j ∈
{0,1, . . . , n −1}. Therefore < a >={a0, a1, . . . , an−1}. Conse-
quently, < a > is a subgroup of order n.
The next theorem shows that cyclic groups have a nice classification
up to isomorphism.
Theorem 4.2.4. Every infinite cyclic group is isomorphic to Z. Every
finite cyclic group of order nis isomorphic to Zn.
Proof. Let G=< a > be an infinite cyclic group. Define f:Z→G
by f(i) = ai. The map fis surjective by definition of a cyclic group. f
is injective by Part 1 of Theorem 4.2.3. fis a homomorphism because
f(i+j) = ai+j=aiaj=f(i)f(j). Thus fis an isomorphism.
Now suppose G=< a > and ahas finite order n. Then G=
{a0, a1, . . . , an−1}by Part 2 of Theorem 4.2.3. Let f:Zn→Gbe
such that f(i) = ai.fis injective by definition and fis a surjective
homomorphism just like above. Therefore, fis an isomorphism from
Znto G.
Subgroups can be generated by more than one element. Let Gbe
a group and a1, . . . , an∈G. Consider the set
< a1, a2, . . . , an>={
n
i=1
airi:ri∈Z, ri≥0}.
We leave it as an exercise to verify that < a1, a2, . . . , an>is a
subgroup of G.
Example 4.2.2. 1. The subgroup <(12),(123) >is the entire group
S3because
(123)2= (132),(123)3=e, (123)(12) = (13),(123)2(12) = (23).
2. The 6 transpositions of S4can be generated by the three trans-
positions (12),(13), and (14) as shown below.
(13)−1(12)(13) = (13)(12)(13) = (23)
(14)−1(12)(14) = (14)(12)(14) = (24)
(14)−1(13)(14) = (14)(13)(14) = (34)
90
Since every permutation is a product of transpositions (Lemma
4.1.1), we get <(12),(13),(14) >=S4.
4.3 Normal Subgroups and Quotient Groups.
In this section, we prove the First Isomorphism Theorem for groups.
We begin with congruence relations in a group.
Definition 4.3.1. Let Kbe a subgroup of a group Gand let a, b ∈G.
Then ais congruent to bmodulo K[written a≡b(mod K)] provided
that ab−1∈K.
Example 4.3.1. 1. In Z8, 3 ≡1 (mod 2) because 3−1 = 2 ∈<2>.
2. In S3, (12) ≡(13) (mod <(123) >) because (12)(13)−1= (12)(13) =
(132) ∈<(123) >.
Theorem 4.3.1. Let Kbe a subgroup of a group G. Then the relation
of congruence modulo Kis
•reflexive: a≡a(mod K) for all a∈G;
•symmetric: if a≡b(mod K), then b≡a(mod K);
•transitive: if a≡b(mod K) and b≡c(mod K), then a≡c(mod
K).
If Kis a subgroup of Gand if a∈G, then the congruence class
of amodulo Kis the set of all elements of Gthat are congruent to a
modulo K, that is, the set
{b∈G:b≡a(mod K)}={b∈G:ba−1∈K}
={b∈G:b=ka, for some k∈K}
={ka :k∈K}.
As a consequence the congruence class of amodulo Kis denoted
Ka and is called a right coset of Kin G. The set of all congruence
classes modulo Kis denoted G/K. A left coset of Kis denoted by aK
and is defined as aK ={ak :k∈K}. If Gis abelian, then Ka =aK.
Example 4.3.2. 1. In S3
<(123) >(12) = {e(12),(123)(12),(132)(12)}={(12),(13),(23)}.
Check that the only right cosets of the subgroup <(123) >are
<(123) > e and <(123) >(12).
91
2. In Z8,
<2>+1 = {0 + 1,2+1,4+1,6+1}={1,3,5,7}.
Similarly, <2>+2 = {0,2,4,6}. Check that the only right
cosets of the subgroup <2>are <2>+0 and <2>+1.
Theorem 4.3.2. Let Kbe a subgroup of a group Gand let a, c ∈G.
Then a≡c(mod K) if and only if Ka =Kc.
Corollary 4.3.3. Let Kbe a subgroup of a group G. Then two right
cosets of Kare either disjoint or identical.
Proofs of Theorems 4.3.1, 4.3.2, and Corollary 4.3.3 are similar to
the proofs provided for congruence classes in Zin Section 3.1 and we
do not discuss it further.
Theorem 4.3.4. Let Kbe a subgroup of a group G.
1. Gis union of the right cosets of K.
2. If Kis finite, any two right cosets of Khave the same number of
elements.
Proof.
1. Let a∈G, then a∈Ka. Therefore, every element of Gis in one
of the cosets of K. Moreover, every coset of Kcontains elements
of G. Hence G=∪a∈GKa.
2. Define f:K→Ka by f(x) = xa. Let y∈Ka, then y=xa for
some x∈K. Therefore, f(x) = y. Consequently, fis surjective.
If f(x) = f(y), then xa =ya and therefore x=y. Thus, fis
injective. Consequently fis a bijection. Therefore |K|=|Ka|
for every right coset Ka of K.
Recall from Section 3.3 that the set of cosets of an ideal is a ring.
But the set of cosets of a subgroup need not be a group. Let Nbe a
subgroup of a group G. The set of right cosets G/N is called a quotient
group if G/N is a group. We prove, shortly, that G/N is a group if and
only if Nis a normal subgroup.
Definition 4.3.2. A subgroup Nof a group Gis said to be normal if
Na =aN for every a∈G.
92
Example 4.3.3. 1. Let N=<(123) >be the cyclic group gener-
ated by (123) in S3. Then the only two right cosets of Nin S3are
Ne and N(12). Therefore Nis a normal subgroup of S3because
Ne ={e, (123),(132)}=eN
N(12) = {(12),(13),(23)}= (12)N.
2. Every subgroup of an abelian group is normal.
3. < e > is a normal subgroup for every group.
4. Let H=Anbe the subgroup of even permutations of Sn. Then,
Ha =H=aH if ais an even cycle. By Exercise 11, |An|=1
2|Sn|.
Therefore, by Theorem 4.3.4, Hhas exactly two right cosets. Let
abe an odd cycle. Then the two right cosets of Hare He and
Ha. Similarly, the two left cosets are eH and aH. Consequently,
Ha =aH for all a∈Sn. Thus Anis a normal subgroup of Sn.
Lemma 4.3.1. If Nis a normal subgroup of Gthen for each a∈G,
a−1Na =N.
Proof. We first show that a−1Na ⊆N. Let x∈a−1N a, then
x=a−1na for some n∈N. Since Nis normal Na =aN for every
a∈G. Therefore na =an′for some n′∈N. Consequently,
x=a−1na =a−1an′=n′∈N.
Therefore a−1Na ⊆N.
Next we need to show N⊆a−1Na. Let n∈N. Since Nis normal,
na−1=a−1n′for some n′∈N. Therefore
n=na−1a=a−1n′a.
Hence n∈a−1Na. This implies N⊆a−1Na. Thus, a−1Na =N.
Theorem 4.3.5. Let Nbe a normal subgroup of G. If a≡b(mod N),
and c≡d(mod N), then ac ≡bd (mod N).
Proof. Since a≡b(mod N), ab−1∈N. Therefore ab−1=n1for
some n1∈N. Similarly cd−1=n2for some n2∈N. By Exercise 1,
(bd)−1=d−1b−1. Consequently, ac(bd)−1=acd−1b−1=an2b−1. The
element an2is in aN. Since Nis normal aN =N a. Therefore an2=
n3afor some n3∈N. Thus ac(bd)−1=an2b−1n3ab−1=n3n1∈N.
Consequently ac ≡bd (mod N).
93
Theorem 4.3.6. Let Nbe a normal subgroup of a group G. If N a =
Nb and Nc =Nd in G/N, then Nac =Nbd.
Proof. By Theorem 4.3.2, Na =Nb implies a≡b(mod N) and
Nc =Nd implies c≡d(mod N). Consequently, ac ≡bd (mod
N) by Theorem 4.3.5. Hence, applying Theorem 4.3.2 again, we get
Nac =Nbd.
Theorem 4.3.7. If Nis a normal subgroup of G, then G/N is a group
under the operation defined by (Na)(N c) = N ac. If Gis an abelian
group then so is G/N.
Proof. The operation in G/N is well defined by Theorem 4.3.6.
Since NaNe =Nae =Nea =N eN a, the coset N=N e is the iden-
tity element in G/N. The inverse of Na is N a−1because N aN a−1=
Naa−1=Ne =Na−1a=Na−1N a. Associativity in G/N follows
from associativity in G: (Na)(NbNc) = NaN bc =N abc =N(ab)c=
(NaNb)Nc. Therefore G/N is a group. If Gis abelian, then commu-
tativity follows in G/N from the commutativity in G:NaN b =N ab =
Nba =NbNa.
Example 4.3.4. Examples of Quotient groups:
1.
Z8/ < 2>={<2>+0, < 2>+e}.
2.
S3/ < 123 >={<(123) > e, < (123) >(12)}.
The next theorem shows that there is a surjection between sub-
groups of a group Gand the subgroups of its quotient group G/N .
Theorem 4.3.8. Let Nbe a normal subgroup of a group G. If Tis any
subgroup of G/N, then there is a subgroup Hof Gsuch that N⊂H
and T=H/N.
Proof. Let H={a∈G|Na ∈T}, then His a subgroup of Gby
Exercise 17. Let a∈N, then Na =Ne ∈T, so that a∈H. Therefore
N⊆H. Now the quotient group H/N consists of all cosets Na such
that a∈H. Therefore T=H/N by the definition of H.
Definition 4.3.3. Let f:G→Hbe a homomorphism of groups.
Then the kernel of fis the set {a∈G|f(a) = eH}.
94
Theorem 4.3.9. Let f:G→Hbe a homomorphism of groups with
kernel K. Then Kis a normal subgroup of G.
Proof. If c, d ∈K, then f(c) = eHand f(d) = eHby definition of
the kernel. Hence f(cd) = f(c)f(d) = eHeH=eH. Therefore cd ∈K
and Kis closed. If c∈Kthen f(c−1) = f(c)−1=eH−1=eH.
Therefore c−1∈K. It follows that Kis a subgroup by Theorem
4.1.1. To show Kis a normal subgroup of G, we must prove that
for each a∈G, a−1Ka =K. Let a∈Gand c∈K. Then f(a−1ca) =
f(a−1)f(c)f(a) = f(a−1)eHf(a) = f(a)−1f(a) = eH. Thus a−1ca ∈K.
Consequently, Kis normal.
Theorem 4.3.10. If Nis a normal subgroup of a group G, then the
map π:G→G/N given by π(a) = Na is a surjective homomorphism
with Kernel N.
Proof. Translate the proof of Theorem 3.3.10 to this case.
Theorem 4.3.11. [First Isomorphism Theorem] Let f:G→Hbe a
surjective homomorphism of groups with kernel K. Then the quotient
group G/K is isomorphic to H.
Proof. Define ϕ:G/K →Hby ϕ(Ka) = f(a) and Show that
ϕis an isomorphism. The proof is similar to the proof of the First
Isomorphism Theorem for rings (see Theorem 3.3.11).
Example 4.3.5. Let R∗denote the multiplicative group of nonzero
real numbers and let R∗∗ denote the multiplicative group of positive
real numbers. Let f:R∗→R∗∗ be such that f(x) = x2. Then the
kernel of fis <1,−1>. Let y∈R∗∗, then f(√y) = y. Therefore
fis surjective. Hence by the First Isomorphism Theorem we get that
R∗/ < −1,1>∼
=R∗∗.
4.4 Basic properties of finite groups.
In this section we relate the order of a finite group to the orders of its
subgroups and elements.
If His a subgroup of a group Gthen the number of distinct right
cosets of Hin Gis called the index of Hin Gand is denoted by [G:H].
If Gis a finite group then [G:H] is finite. If Gis infinite then [G:H]
can be either finite or infinite.
95
Example 4.4.1. 1. Under addition, the group Zis a normal sub-
group of the abelian group Q. If 0 <c<a<1, then a−cis
not an integer. Therefore Z+aand Z+care distinct elements of
Q/Zby Theorem 4.3.2. Since there are infinitely many rational
numbers between 0 and 1, the index [Q:Z] is infinite. But the
order of Z+m
nis nbecause n(Z+m
n) = Z+m=Z=e. Thus
every element of Q/Zhas finite order.
2. Consider the subgroup N=<(123) >of S3. The index [S3:
N] = 2 by Exercise 4.3.3.
Theorem 4.4.1 (Lagrange’s Theorem).If His a subgroup of a finite
group G, then the order of Hdivides the order of G; in particular
|G|= [G:H]|H|.
Proof. Let [G:H] = n. Let H a1, . . . , Hanbe the ndistinct cosets
of H. By Theorem 4.3.4, G=Ha1∪Ha2∪ · ·· ∪ Han. Therefore
|G|=|Ha1|+|Ha2|+···+|Han|. Again, by Theorem 4.3.4, |Hai|=|H|
for every i. Therefore |G|=n|H|= [G:H]|H|.
Corollary 4.4.2. Let Gbe a finite group.
1. If a∈G, then the order of adivides the order of G.
2. If |G|=k, then ak=efor every a∈G.
3. If Nis a normal subgroup of G, then |G/N |=|G|/|N|.
Proof.
1. If a∈Ghas order nthen the cyclic subgroup < a > of Ghas
order nby Theorem 4.2.3. Consequently, by Lagrange’s Theorem,
ndivides |G|.
2. If ahas order n, then by Part 1, ndivides k. Therefore k=nt
for some t∈Z. Then ak=ant = (an)t=et=e.
3. |G/N|is the number of distinct right cosets of Nin G. Hence
|G/N|= [G:N].
By Lagrange’s Theorem |G|= [G:N]|N|. Therefore |G/N|=
|G|/|N|.
96
We use Lagrange’s theorem to show that every group of prime order
is cyclic.
Theorem 4.4.3. Let pbe a positive prime integer. Every group of
order pis cyclic and isomorphic to Zp.
Proof. If Gis a group of order pand ais any nonidentity element
of G, then the cyclic subgroup < a > is a group of order greater than
1. Since the order of the group < a > must divide pby Theorem 4.4.1,
and pis prime, order of < a >=p. Thus < a >=G. Since Gis a
cyclic group of order p,G∼
=Zpby Theorem 4.2.4.
If a prime pdivides |G|for a group G, then does Ghave an element
of order p? Cauchy’s Theorem says that there is always such an ele-
ment. We prove Cauchy’s Theorem in two steps, first for finite abelian
groups, and then for all finite groups.
Theorem 4.4.4 (Cauchy’s Theorem for Abelian Groups.).If Gis a
finite abelian group and if pis a prime that divides the order of G.
Then Ghas an element of order p
Proof. The proof is by induction on the order of G. The the-
orem is true for |G|= 2 because in this case the nonidentity ele-
ment must have order 2. Assume the theorem is true for all abelian
groups of order less than nand suppose that |G|=n. Let abe any
nonidentity element of G, then |a|is divisible by some prime q, say
|a|=qt, then |at|=q. Therefore if q=pthe theorem is proved.
Let q̸=pand let Nbe the cyclic subgroup < at>.Nis normal
because Gis abelian. Consequently, since Nhas order q, by Corollary
4.4.2 the quotient group G/N has order |G|/|N|=n/q < n. Conse-
quently by the induction hypothesis the theorem is true for G/N. Now
|G|=|N||G/N|=q|G/N|by Theorem 4.4.1. Since pdivides |G|, and
q̸=p,pdivides |G/N|. Therefore G/N contains an element of order
p, say Nc. Since Ncp= (Nc)p=Ne,cp∈N. Because Nhas order q,
(cp)q=cpq =e. Therefore the order of cdivides pq. Now order of c̸= 1
because otherwise N c would have order 1 instead of pin G/N. The or-
der of cis not qbecause then (N c)q=Ncq=Ne in G/N which means
pwhich is the order of Nc divides q. This is not possible since qia
prime and p̸=q. Therefore the order of cis either por pq: in the later
case cqhas order p. Therefore the theorem is true for abelian groups
of order nand hence by induction for all finite abelian groups.
97
To prove Cauchy’s theorem for all finite groups, we need to develop
some additional concepts. Let Gbe a group and a, b ∈G. We say ais
conjugate to bif there exists x∈Gsuch that b=x−1ax.
Example 4.4.2. (12) is conjugate to (23) in S3because
(132)−1(12)(132) = (123)(12)(132) = (23).
Let Gbe a group, The conjugacy class of an element a∈Gconsists
of all the elements in Gthat are conjugate to a. We leave it as an
exercise to show that Gis a union of its distinct conjugacy classes.
Example 4.4.3. 1. For any x∈S3,x−1(12)xis either (12),(13), or
(23):
e−1(12)e=e(12)e= (12),
(12)−1(12)(12) = (12)(12)(12) = (12),
(23)−1(12)(23) = (23)(12)(23) = (13),
(13)−1(12)(13) = (13)(12)(13) = (23),
(132)−1(12)(132) = (123)(12)(132) = (23),
(123)−1(12)(123) = (132)(12)(123) = (13).
Therefore the conjugacy class of (12) in S3is {(12),(13),(23)}.
Verify that there are three distinct conjugacy classes in S3:
{e},{(123),(132)},and {(12),(13),(23)}.
Observe that
S3={e} ∪ {(123),(132)} ∪ {(12),(13),(23)}.
2. Verify that the distinct conjugacy classes of S4are
{e}
{(1234),(1243),(1324),(1342),(1423),(1432)}
{(12)(34),(13)(24),(14)(23)}
{(12),(13),(14),(23),(24),(34)}
{(123),(132),(124),(142),(134),(143),(234),(243)}
The centralizer of an element ain a group Gis denoted by C(a)
and consists of all elements in Gthat commute with a, that is,
C(a) = {g∈G|ga =ag}.
98
Example 4.4.4.
C((123)) = {(1),(123),(132)}in S3.
C(a) is a subgroup of G(see Exercise 33).
Theorem 4.4.5. Let Gbe a group and a∈G. The number of elements
in the conjugacy class of ais [G:C(a)], and divides |G|.
Proof. We first show that xand yproduce the same conjugate of a
if and only if xand yare in the same coset of c(a):
x−1ax =y−1ay ⇔a=xy−1ayx−1
⇔a= (yx−1)−1a(yx−1)
⇔(yx−1)a=a(yx−1)
⇔yx−1∈C(a)
⇔C(a)y=C(a)x.
Therefore the number of distinct conjugates of ais the same as the
number of distinct cosets of C(a), namely [G:C(a)], which divides |G|
by the Lagrange’s Theorem 4.4.1.
Let Gbe a group and let C1, C2, . . . , Crbe the distinct conjugacy
classes of G. Then
|G|=|C1∪C2∪ · ·· ∪ Ct|=|C1|+|C2|+·· · +|Ct|.(4.2)
Let aibe an element in Cithen by Theorem 4.4.5
|G|= [G:C(a1)|+ [G:C(a2)] + · ·· + [G:C(at)].(4.3)
The equation (in either version 4.2 or 4.3) is called the class equation
of the group G.
Example 4.4.5. The class equation for the group S3is
|S3|=|{e}| +|{(123),(132)}| +|{(12),(13),(23)}|.
The center of a group Gis the set Z(G) consisting of those elements
of Gthat commute with every element of G, that is,
Z(G) = {c∈G|cx =xc for every x∈G}.
Verify that Z(G) is a subgroup of G.
99
Example 4.4.6. 1. If Gis an abelian group then the center of G,
Z(G) = G.
2. Check that Z(S3) =< e >.
3. Consider the Dihedral subgroup of S4
D4=ρ= (1234), ρ2= (13)(24), ρ3= (1432), ρ4=e,
τ= (12)(34), τ ρ = (24), τ ρ2= (14)(23), τρ3= (13) .
Every element of D4is of the form τmρnwhere mand nare
integers such that m, n ≥0. Therefore to show that ρ2commutes
with every element of D4, it suffices to show that it commutes with
ρand τ. Now ρρ2=ρ3=ρ2ρ. Since the inverse of ρ2is itself,
(ρ2)−1τρ2=ρ2τρ2= (13)(24)(12)(34)(13)(24) = (12)(34) = τ,
that is τρ2=ρ2τ. Consequently, ρ2∈Z(D4). Verify that no
other nonidentity element of D4is in Z(D4). Therefore Z(D4) =
{e, ρ2}.
Note that Z(G) is the union of one-element conjugacy classes and
the class equation can be written as
|G|=|Z(G)|+|C1|+|C2|+· ·· +|Cr|,(4.4)
where C1, . . . , Crare the distinct conjugacy classes of Gthat contain
more than one element. Moreover, |Ci|divides |G|, for i= 1 to r.
Theorem 4.4.6. If Nis a subgroup of Z(G), then Nis a normal
subgroup of G.
Proof. Let a∈Gand n∈N, then na =an because n∈Z(G).
Thus Na = aN for all a∈Gwhich implies Nis normal.
Theorem 4.4.7 (First Sylow Theorem).Let Gbe a finite group. If p
is a prime and pkdivides |G|, then Ghas a subgroup of order pk.
Proof. The proof is by induction on the order of G. If |G|= 1, then
p0is the only prime power that divides |G|, and Gitself is a subgroup
of order p0. Suppose that |G|>1 and assume inductively that the
theorem is true for all groups of order less than |G|. Combining the
forms of the class Equation 4.3 and 4.4, we get
|G|=|Z(G)|+ [G:C(a1)] + [G:C(a2)] + · ·· + [G:C(ar)],
100
where [G:C(ai)] >1 for each i. Moreover, |Z(G)| ≥ 1 because
e∈Z(G) and |C(ai)|<|G|otherwise [G:C(ai)] = 1.
Suppose pdoes not divide [G:C(aj)] for some j. Then since pk
divides |G|,pkmust divide |C(aj)|because, by Lagrange’s Theorem,
|G|=|C(aj)|[G:C(aj)]. Since the subgroup C(aj) has order less than
|G|, the induction hypothesis implies that C(aj), and hence G, has a
subgroup of order pk.
On the other hand, if pdivides [G:C(ai)] for every ithen since
pdivides |G|,pmust divide |Z(G)|because |Z(G)|=|G| − r
i=1[G:
C(ai)]. Since Z(G) is abelian, Z(G) contains an element cof order p
by Theorem 4.4.4. Let Nbe the cyclic group generated by Cthen N
is normal in Gby Theorem 4.4.6. Consequently |G/N |=|G|/p is less
than |G|and divisible by pk−1. By the induction hypothesis G/N has
a subgroup Tof order pk−1. By Theorem 4.3.8, there is a subgroup H
of Gsuch that N⊆Hand T=H/N. Now by Lagrange’s Theorem
|H|=|N||H/N|=|N||T|=ppk−1=pk. So Ghas a subgroup of order
pkin this case too.
Corollary 4.4.8 (Cauchy’s Theorem).If Gis a finite group whose
order is divisible by a prime p, then Gcontains an element of order p.
Proof. Since pdivides |G|, Theorem 4.4.7 implies that |G|has a
subgroup Kof order p. Since Kis cyclic by Theorem 4.4.3, Khas a
generator which is an element of order pin G.
4.5 Finite Abelian Groups.
A major goal of group theory is to classify all finite groups up to iso-
morphism. We do not cover the group classification problem in great
detail in this book. The interested reader may refer to [19], [20], and
the references therein for a detailed study. However, in this section, we
classify all finite abelian groups up to isomorphism.
If Gis an abelian group and if pis a prime, then G(p) denotes the
set of elements in Gwhose order is some power of p:
G(p) = {a∈G:|a|=pnfor some n≥0}.
Lemma 4.5.1. G(p)is a subgroup of G.
Proof.
101
Let a, b ∈G(p) and let the order of aand bbe pnand pmrespectively.
Let n>mand let n=m+rwhere r≥0, then pn=pmpr. Now
(ab)pn=apnbpn=eG(bpm)pr= (eG)pr=eG. Thus the order of ab
divides pnby Theorem 4.2.1. Therefore the order is some power of
pand hence ab ∈G(p). Hence G(p) is closed. If a∈G(p), then
a−1∈G(p), because apn=eGimplies (a−1)pn=eG. Therefore G(p) is
a subgroup of Gby Theorem 4.1.1.
Theorem 4.5.1. Let Gbe an abelian group and let a∈Gbe an element
of finite order. Then a=a1a2·· ·akwith ai∈G(pi)where p1,··· , pk
are distinct primes that divide the order of a.
Proof. The proof is by induction on the number of distinct primes
that divide the order of a. If |a|is divisible only by the single prime
p1, then the order of ais a power of p1and hence a∈G(p1). So the
theorem is true for k= 1. Assume inductively that the theorem is
true for all elements whose order is divisible by at most k−1 distinct
primes and that |a|is divisible by the distinct primes p1, . . . pk. Then
|a|=pr1
1···prk
kwith each ri>0. Let m=pr1
2···prk
kand n=pr1
1so
that |a|=mn. Since the gcd (m, n) = 1, by Theorem A.1.1 there are
integers u, v such that 1 = mu +nv. Consequently
a=a1=a(mu+nv)=amuanv.
Since (amu)pr1
1= (amn)u=eu
G=eG, order of amu divides pr1
1. There-
fore amu ∈G(p1). Similarly, (anv)m=eG. Therefore the order of anv
divides m. But mhas only k−1 distinct prime divisors. Therefore by
the induction hypothesis anv =a2···akwith ai∈G(pi). Let a1=amu .
Then a=a1···akwith ai∈G(pi).
Theorem 4.5.2. If N1, . . . , Nkare normal subgroups of a group Gsuch
that every element of Gcan be written uniquely in the form a1a2. . . ak
with ai∈Ni, then G∼
=N1×N2× · ·· × Nk.
Proof. Let f:N1×N2×···×Nk→Gbe such that f(a1, a2, . . . , ak) =
a1a2···ak. Then fis an isomorphism between N1×N2×···×Nkand
G(see Exercise 20).
Theorem 4.5.3. If Mand Nare normal subgroups of a group Gsuch
that G=MN and M∩N=< eG>, then G∼
=M×N.
102
Proof. By hypothesis every element of Gis of the form mn with m∈
Mand n∈N. Now suppose that an element had two representations,
say m1n1=m2n2, with m1, m2∈Mand n1, n2∈N. Then multiplying
on the left by m−1
2and on the right by n−1
1, that is, m−1
2m1n1n−1
1=
m−1
2m2n2n−1
1shows that m−1
2m1=n2n−1
1. But m−1
2m1∈Mand
n2n−1
1∈Nand M∩N=< eG>. Hence m−1
2m1=eG=n2n−1
1. This
implies m1=m2and n1=n2. Therefore every element of Gcan be
written uniquely in the form mn such that m∈Mand n∈N. Hence,
by Theorem 4.5.2, G∼
=M×N.
Theorem 4.5.4. If Gis a finite abelian group, then
G∼
=G(p1)×G(p2)× · ·· × G(pt),
where p1, . . . , ptare the distinct primes that divide the order of the
group.
Proof. If a∈G, then |a|divides |G|, by Corollary 4.4.2. By The-
orem 4.5.1, a=a1a2··· atwith ai∈G(pi) (aj= 1 if a prime pj
does not divide |a|). To prove this expression is unique, suppose that
a1···at=b1· ··bt, with ai, bi∈G(pi). Since Gis abelian
a1b−1
1=b2a−1
2b3a−1
3···bta−1
t.
For each i,bia−1
i∈G(pi) and hence has order pri
iwith ri≥0. If
m=pr2
2···prt
t, then (bia−1
i)m=eGfor i≥2 so that
(a1b−1
1)m= (b2a−1
2)m(b3a−1
3)m···(bta−1
t)m=eG.
Consequently the order of a1b−1
1must divide m. Since a1b−1
1∈
G(p1), this is possible only if the order of a1b−1
1is 1, that is a1b1−1 = eG.
Therefore a1=b1. Similar arguments for i= 2, . . . , t show that ai=bi
for every i. Therefore every element can be uniquely written in the
form a=a1a2···atwith ai∈G(pi). Consequently, by Theorem 4.5.2,
G∼
=G(p1)×G(p2)× · ·· × G(pt).
An element aof a p-group Gis called an element of maximal order
if |g| ≤ |a|for every g∈G. In other words, if |a|=pn, and g∈G, then
|g|=pjwith j≤n. Since pn=pn−jpj,gpn= (gpj)pn−j
=efor every
g∈G. Elements of maximal order always exist in a finite p-group.
Lemma 4.5.2. Let Gbe a finite abelian p-group and let abe an element
of maximal order in G. Then there is a subgroup Kof Gsuch that
G∼
=< a > ×K.
103
Proof. Consider those subgroups Hof Gsuch that <a>∩H=<
eG>. There is at least one such subgroup H=< eG>and since G
is finite there is a largest subgroup Kwith this property. To show
that G∼
=< a > ×K, we need only show that G=< a > K by
Theorem 4.5.3. Suppose this is not the case, then there exists b∈G
such that b̸=eGand b̸∈< a > K. Let qbe the smallest integer
such that bpq∈< a > K. Such a qexists because Gis a p-group and
bpj=eG=eGeG∈< a > K for some j > 0. Then
c=bpq−1̸∈< a > K (4.5)
and cp=bpq∈< a > K. Let
cp=atkwhere t∈Zand k∈K. (4.6)
If ahas order pnthen xpn=eGfor all x∈Gbecause ahas maximal
order. Consequently by Equation 4.6
eG=cpn= (cp)pn−1= (atk)pn−1= (at)pn−1kpn−1.
Therefore (at)pn−1=k−pn−1∈<a>∩K=< eG>and thus
(a)tpn−1=eG. Consequently pn(order of a) divides tpn−1and it follows
that pdivides t. Let t=mp for some mthen cp=ampk. Therefore
k=cpa−pm = (ca−m)p. Let
d=ca−m,(4.7)
then dp∈Kbut d̸∈ K(otherwise c∈< a > K, which is a
contradiction to Equation 4.5). Verify that H={xdz|x∈K, z ∈Z}
is a subgroup of Gwith K⊆H. Since d=eGd∈Hand d̸∈ K,H
is larger than K. But Kis the largest group such that < a > ∩K=<
eG>, therefore < a > ∩H̸=< eG>. Let w̸=eG∈< a > ∩H, then
w=as=k1drsuch that k1∈Kand r, s ∈Z.(4.8)
Now pdoes not divide r, for if r=py the eG̸=w=as=k1dpy ∈<
a > ∩Kwhich is a contradiction. Consequently gcd (p, r) = 1 and by
Theorem A.1.1 there are integers u, v such that pu +rv = 1. Hence
c=c1=cpu+rv = (cp)u(cr)v
= (atk)u((dam)r)vby Equations 4.6 and 4.7
= (atk)u(dramr)v
= (atk)u((ask−1
1)amr)vby Equation 4.8
=a(tu+vs+mr)kuk−v
1∈< a > K.
104
This contradicts Equation 4.5. Therefore G=< a > K and hence
G=< a > ×Kby Theorem 4.5.3.
Theorem 4.5.5 (The fundamental theorem of finite abelian groups).
Every finite abelian group Gis a product of cyclic groups each of prime
power order.
Proof. By Theorem 4.5.4, Gis the product of its subgroups G(p),
one for each prime pthat divides |G|. Each G(p) is a p-group. So to
complete the proof it suffices to show that every finite abelian p-group
His a product of cyclic groups each of prime power order. We prove
this by induction on the order of H. The assertion is true when |H|= 2
by Theorem 4.2.3. Assume inductively that it is true for all groups
whose order is less than |H|and let abe an element of maximal order
pnin H. Then H∼
=<a>×Kby Lemma 4.5.2. By induction Kis a
direct sum of cyclic groups, each of prime power order. Consequently,
the same is true of < a > ×K. Hence, His a product of cyclic groups
each of prime power order.
Lemma 4.5.3. If (m, k) = 1, then Zm×Zk∼
=Zmk.
Proof. The order of (1,1) in Zm×Zkis the smallest positive integer
tsuch that 0 = t(1,1) = (t, t). Thus t≡0 (mod m) and t≡0
(mod k) so that m|tand k|t. But gcd (m, k) = 1 implies that mk|t.
Therefore mk ≤t. Since mk(1,1) = (mk, mk) = (0,0), we must have
mk =t=|(1,1)|. Therefore, Zm×Zkwhich is a group of order mk,
is a cyclic group generated (1,1). Consequently, by Theorem 4.2.4,
Zm×Zkis isomorphic to Zmk.
Theorem 4.5.6. Let n=pn1
1pn2
2···pnt
tbe such that p1, . . . ptare dis-
tinct primes, then Zn∼
=Zp1n1× · ·· × Zptnt.
Proof. The theorem is true for groups of order 2. Assume induc-
tively that it is true for groups of order less than n. Apply Lemma 4.5.3,
with m=pn1
1and k=pn2
2···pnt
tto get Zn∼
=Zpn1
1×Zk. Consequently,
the induction hypothesis shows that Zk=Zp2n2× ·· · × Zptnt.
Combining Theorems 4.5.5 and 4.5.6 yields a different way of writing
a finite abelian group as a product of cyclic groups.
Example 4.5.1. Consider the group
Z2×Z2×Z4×Z8×Z3×Z3×Z5×Z25 ×Z125.
105
Arrange the prime power orders of the cyclic factors by size, with one
row for each prime:
222223
3 3
5 5253
Now rearrange the cyclic factors of Gusing the columns of this
array and apply Theorem 4.5.6.
Z2×(Z2×Z5)×(Z4× ×Z3×Z25)×(Z8×Z3×Z125 ).
That is
G∼
=Z2×Z10 ×Z300 ×Z3000
Observe that the order of each factor divides the order of the next one.
Generalizing Example 4.5.1 we get
Theorem 4.5.7. Every finite abelian group is the product of cyclic
groups of orders m1, m2, . . . , mt, where
m1|m2, m2|m3, . . . , mt−1|mt.
We now look at finite abelian groups related to fields.
Theorem 4.5.8. Let Fbe a field and Ga finite subgroup of the mul-
tiplicative group F∗of nonzero elements. Then Gis cyclic.
Proof. Since Gis a finite abelian group, Theorem 4.5.7 implies
that G=Zm1× ··· × Zmtwhere each midivides mt. Consequently
every element gof Gmust satisfy gmt= 1Fand hence is a root of the
polynomial xmt−1F. Since Ghas order m1m2··· mtand xmt−1Fhas
at most mtroots (see Corollary A.2.3) we must have t= 1. Therefore
G∼
=Zmt.
Theorem 4.5.9. Let Kbe a finite field and Fa subfield. Then Kis
a simple extension of F.
Proof. By Theorem 4.5.8, the multiplicative group of nonzero el-
ements of Kis cyclic. If uis the generator of this group, then the
subfield F(u) contains 0Fand all powers of uand hence contains every
element of K. Therefore K=F(u).
106
Theorem 4.5.10. Let pbe a positive prime. For each positive integer
n, there exists an irreducible polynomial of degree nin Zp[x].
Proof. There is an extension field Kof Zpof order pnby Corollary
3.4.11. By Theorem 4.5.9, K=Zp(u) for some u∈K. By Theorem
3.4.4, the minimal polynomial of uin Zp[x] is irreducible of degree
[K:Zp]. Finally, Theorem 3.4.3 shows that [K:Zp] = n.
4.6 Galois theory.
Asimple radical extension of a field Fis the extension field we obtain
by adjoining the nth root of an element a∈F.
Definition 4.6.1. An element uwhich is algebraic over Fcan be solved
for in terms of radicals if uis an element of a field Kwhich can be
obtained by a succession of simple radical extensions, that is,
F=K0⊂K1⊂ ··· ⊂ Ki⊂Ki+1 ⊂ ·· · ⊂ Ks=K(4.9)
where Ki+1 =Ki(ni
√ai)for some ai∈Ki,i= 0,1, . . . , s −1. Here
ni
√aidenotes a root of the polynomial xni−ai. Such a field Kis called
a root extension of F.
Definition 4.6.2. A polynomial f(x)can be solved by radicals if all
its roots can be solved for in terms of radicals.
In other words f(x) is solvable by radicals if each of its roots is
obtained by successive field operations (addition, subtraction, multi-
plication, and division) and root extractions. Consequently, if f(x) is
solvable by radicals, then there are formulas to find roots of f(x). We
prove every polynomial of degree less than or equal to four is solvable
by radicals. We also prove this is not true for polynomials of degrees 5
or higher using theory developed by Evariste Galois and hence called
Galois theory.
Let Kbe an extension field of F. An F-automorphism of Kis an
isomorphism σ:K→Kthat fixes Felement wise (that is, σ(c) = c
for c∈F). The set of all F-automorphisms of Kis denoted by GalFK.
Theorem 4.6.1. If Kis an extension field of F, then GalFKis a group
under the operation of composition of functions. GalFKis called the
Galois group of Kover F.
107
Proof. If σ, τ ∈GalFKthen σ◦τis an isomorphism from Kto K, by
Exercise 43. For each c∈F, (σ◦τ)(c) = σ(τ(c)) = σ(c) = c. Therefore
σ◦τ∈GalFK. Hence GalFKis closed. Composition of functions is
associative and the identity function is the identity element of GalFK.
If σ∈GalFK, then σ−1is an isomorphism from Kto K, by Exercise
44. Moreover, σ−1(c) = cfor every c∈F. Therefore σ−1∈GalFK.
Thus GalFKis a group.
Example 4.6.1. The complex conjugation map σ:C→Cgiven by
σ(a+bi) = a−bi is an automorphism of Cby Exercise 9 in Section
3.4. For every real number a,σ(a) = a. Consequently σ∈GalRC.
Theorem 4.6.2. Let Kbe an extension field of Fand f(x)∈F[x]. If
u∈Kis a root of f(x)and σ∈GalFK, then σ(u)is a root of f(x).
Proof. If f(x) = c0+c1x+···+cnxn, then c0+c1u+···+cnun= 0F.
Since σis a homomorphism and σ(ci) = cifor each ci∈F,
0F=σ(0F) = σ(c0+c1u+· ·· +cnun)
=σ(c0) + σ(c1)σ(u) + · ·· +σ(cn)σ(un)
=c0+c1σ(u) + · ·· +cnσ(u)n=f(σ(u)).
Therefore σ(u) is a root of f(x).
Theorem 4.6.3. Let Kbe a splitting field of some polynomial over F
and let u, v ∈K. Then there exists σ∈GalFKsuch that σ(u) = vif
and only if uand vhave the same minimal polynomial in F[x].
Proof. If uand vhave the same minimal polynomial over F, then
by Theorem 3.4.5 there is an isomorphism σ:F(u)→F(v) such that
σ(u) = vand σfixes Felement wise. Since Kis a splitting field of some
polynomial over F, it is a splitting field of the same polynomial over
both F(u) and F(v). Therefore σextends to an F-automorphism of K
by Theorem 3.4.7. That is σ∈GalFKand σ(u) = v. The converse is
an immediate consequence of Theorem 4.6.2.
Example 4.6.2. By Example 4.6.1, we have GalRChas at least two
elements, the identity map e, and the complex conjugation map σ. We
prove that these are the only elements of GalRC. Let τ∈GalRC. Since
iis a root of x2+ 1, τ(i) = ±iby Theorem 4.6.2. If τ(i) = i, then
τ(a+bi) = τ(a) + τ(b)τ(i) = a+bi.
108
Therefore τ=e. On the other hand, if τ(i) = −i, then
τ(a+bi) = τ(a) + τ(b)τ(i) = a+b(−i) = a−bi.
Consequently, τ=σ. Thus GalRC={e, σ}is a group of order 2 and
hence is isomorphic to Z2by Theorem 4.4.3.
Theorem 4.6.4. Let K=F(u1, . . . , un)be an algebraic extension field
of F. If σ, τ ∈GalFKand σ(ui) = τ(ui)for each i= 1,2, . . . , n, then
σ=τ. In other words, an automorphism in GalFKis completely
determined by its action on u1, . . . , un.
Proof. Let β=τ−1◦σ, then β∈GalFK. The theorem is proved if
we show that βis the identity map ebecause β=e=τ−1◦σimplies
τ=σ. Since σ(ui) = τ(ui) for every i,
β(ui) = (τ−1◦σ)(ui) = τ−1(σ(ui)) = τ−1(τ(ui)) = e(ui) = ui.
Let v∈F(u1). By Theorem 3.4.4 there exist ci∈Fsuch that v=
c0+c1u1+··· +cm−1um−1
1, where mis the degree of the minimal
polynomial of u1over F. Since βis a homomorphism that fixes u1and
every element of F,
β(v) = β(c0+c1u1+· ·· +cm−1um−1
1)
=β(c0) + β(c1)β(u1) + · ·· +β(cm−1)β(u1)m−1
=c0+c1u1+· ·· +cm−1um−1
1=v.
Thus β(v) = vfor every v∈F(u1). Repeating this argument by
replacing Fwith F(u1) and u1with u2, we show that β(v) = vfor
every v∈F(u1, u2). After a finite number of such repetitions we prove
that β(v) = vfor every v∈F(u1, . . . , un). Therefore βis the identity
function.
Corollary 4.6.5. If Kis the splitting field of a separable polynomial
f(x)of degree nin F[x], then GalFKis isomorphic to a subgroup of
Sn.
Proof. By separability f(x) has ndistinct roots in K, say u1, . . . un.
Consider snto be the group of permutations of the set R={u1, . . . un}.
If σ∈GalFK, then σ(u1), . . . , σ(u2) are roots of f(x) by Theorem
4.6.2. Moreover, since σis injective, σ(ui) are all distinct, and hence is
109
a permutation of the set R. In other words, the restriction of σto the
set (denoted σ|R) is a permutation of R. Define a map θ:GalFK→Sn
by θ(σ) = σ|R. It is easily verified that σis a homomorphism of
groups. Since Kis the splitting field of F,K=F(u1, . . . un). If σ|R=
τ|R, then σ(ui) = τ(ui) for every i, hence σ=τby Theorem 4.6.4.
Therefore, θis an injective homomorphism. Consequently GalFKis
isomorphic to Im θwhich is a subgroup of Sn.
Lemma 4.6.1. If f(x)∈F(x)and Kis a splitting field of f, then the
order of GalFK= [K:F].
Proof. This result follows from the Fundamental Theorem of Galois
theory (Theorem 4.7.6) which is proved in Section 4.7.
Definition 4.6.3. If f(x)∈F(x), then the Galois group of the poly-
nomial f(x)is GalFK, where Kis the splitting field of f(x)over F.
If f(x) is irreducible, then given any two roots of f(x) there is an
automorphism in the Galois group Gof f(x) that maps the first root
to the second by Theorem 4.6.3. Such a group is said to be transitive
on roots of f(x), that is you can get from any given root to another
by applying some element of G. The fact that the Galois group of a
polynomial f(x) must be transitive on the roots of irreducible factors
of f(x) often helps in determining the structure of the Galois group.
Example 4.6.3. Let f(x) = (x2−3)(x2−5). The splitting field of
f(x) is Q(√3,√5). The roots of the minimal polynomial x2−3 are
θ1=√3 and θ2=−√3. Consequently, any automorphism σ∈Gtakes
√3 to either √3 or −√3 by Theorem 4.6.2. Similarly, σtakes √5 to
either θ3=√5 or θ4=−√5, the roots of x2−5. Since σis completely
determined by its action on √3 and √5 by Theorem 4.6.4, there are at
most four choices for σ:
√3e
−→ √3
√5−→ √5
√3(12)
−→ −√3
√5−→ √5
√3(34)
−→ √3
√5−→ −√5
√3(12)(34)
−→ −√3
√5−→ −√5
Consequently G={e, (12),(34),(12)(34)} ⊂ S4. Check that G∼
=
Z2×Z2.
Example 4.6.4. Let f(x) = (x3−2). The roots of f(x) are 3
√2, ω 3
√2,
and ω23
√2, where ωis a root of the equation x3−1. The minimal
110
polynomial of ωis x2+x+ 1. Consequently, the splitting field of f(x),
Q(3
√2, ω), has degree 6. Let σand τbe automorphisms defined by
3
√2σ
−→ ω3
√2
ω−→ ω
3
√2τ
−→ 3
√2
ω−→ ω2=−ω−1
The elements of Q(3
√2, ω) are linear combinations of the basis
{1,3
√2,(3
√2)2, ω, ω 3
√2, ω(3
√2)2}.
Like before, the action of σand τon Q(3
√2, ω) can be determined
completely by their action on the basis elements.
For example:
σ(ω3
√2) = σ(ω)σ(3
√2) = ω(ω3
√2)) = (−ω−1) 3
√2.
Verify that
σ3=τ2=e, and στ =τ σ2.
Hence the Galois group of f(x) is S3by Exercise 10.
Definition 4.6.4. A group Gis said to be solvable if it has a chain
of subgroups
G=G0⊇G1⊇G2⊇ ··· ⊇ Gn−1⊇Gn=< e > (4.10)
such that each Giis a normal subgroup of the preceding group Gi−1
and the quotient group Gi−1/Giis abelian.
Example 4.6.5. In this example, we prove that S3is a solvable group.
Consider the chain
S3⊃<(123) >⊃(e).
The subgroup <e>is normal in <(123) >, and <(123) >is
normal in S3(see Example 4.3.3). The group <(123) > /e has order
3 by Corollary 4.4.2. Since 3 is a prime number, <(123) > /e is
isomorphic to Z3by Theorem 4.4.3, and hence is abelian. Similarly,
the group S3/ < (123) >has order 2, and is therefore isomorphic to
Z2. Thus S3/ < (123) >is abelian. Hence S3is a solvable group.
Theorem 4.6.6. Let Nbe a normal subgroup of a group G. Then
G/N is abelian if and only if aba−1b−1∈Nfor all a, b ∈G.
111
Proof
G/N is abelian if and only if
Nab =NaNb =NbN a =N ba for all a, b ∈G.
Now, Nab =Nba implies ab(ba)−1∈N. Since ab(ba)−1=aba−1b−1,
the result follows.
Theorem 4.6.7. For n≥5the group Snis not solvable.
Proof Suppose on the contrary that Snis solvable and that
Sn=G0⊇G1⊇G2⊇ ··· ⊇ Gn−1⊇Gt=<(1) >
is a chain of subgroups such that each Giis a normal subgroup of
Gi−1and the quotient group Gi−1/Giis abelian.
Let (rst) be any 3-cycle in Snand let u, v be any elements of the
set {1,2, . . . , n}other than r, s, and t.u,vexist because n≥5. Since
Sn/G1is abelian, Theorem 4.6.6 (with a= (tus), b= (srv)) shows
that G1must contain (tus)(srv)(tus)−1(srv)−1. Since(tus)−1=tsu
and (srv)−1=svr, we get
(tus)(srv)(tus)−1(srv)−1= (tus)(srv)(tsu)(svr) = (rst).
Therefore G1contains all the 3-cycles of Sn. We can repeat this argu-
ment to conclude that Gicontains all the 3-cycles for i= 0, . . . , t. This
means the identity subgroup Gtcontains all the 3-cycles which leads
to a contradiction. Therefore Snis not solvable.
Theorem 4.6.8. 1. Homomorphic images and quotient groups of
solvable groups are solvable.
2. Subgroups of a solvable group are solvable.
Proof.
1. Let Gbe a solvable group. Then Ghas a chain of subgroups
G=G0⊇G1⊇G2⊇ ··· ⊇ Gn−1⊇Gn=< e > (4.11)
such that each Giis a normal subgroup of the preceding group
Gi−1and the quotient group Gi−1/Giis abelian. Let f:G→H
112
be a homomorphism of groups and let Hi=f(Gi). Consider the
chain of subgroups
H=H0⊇H1⊇H2⊇ ··· ⊇ Hn−1⊇Hn=< e > . (4.12)
Verify that Hiis a normal subgroup of Hi−1for each i. To see that
Hi−1/Hiis abelian, let a, b ∈Hi−1. Then there exist c, d ∈Gi−1
such that f(c) = aand f(d) = b. Since Gi−1/Giis abelian,
cdc−1d−1∈Giby Theorem 4.6.6. Therefore
aba−1b−1=f(c)f(d)f(c−1)f(d−1) = f(cdc−1d−1)∈f(Gi) = Hi.
Consequently, Hi−1/Hiis abelian by Theorem 4.6.6. Thus His
solvable. A Quotient group of Gis homomorphic to Gby Theorem
4.3.10, and hence is solvable.
2. Let Hbe a subgroup of a solvable group Gand let
G=G0⊇G1⊇G2⊇ ··· ⊇ Gn−1⊇Gn=< e > (4.13)
be a solvable series for G. Consider the groups Hi=H∩Giand
the chain
H=H0⊇H1⊇H2⊇ ··· ⊇ Hn−1⊇Hn=< e > . (4.14)
Verify that Hiis a normal subgroup of Hi−1for each i. To show
that Hi−1/Hiis abelian, consider the map f:Hi−1/Hi→Gi−1/Gi
given by f(Hix) = Gix. Suppose Hix=Hiy, then xy−1∈Hi.
Since Hi=H∩Gi,xy−1∈Gi. Consequently, Gix=Giy
which implies f(Hix) = f(Hiy). Thus fis well defined. Sup-
pose f(Hix) = f(Hiy), then Gix=Giywhich implies xy−1∈Gi.
Since Hix, Hiy∈Hi−1/Hi,x, y ∈Hi−1⊆H. Consequently,
since His a subgroup, xy−1∈H. Thus xy−1∈H∩Gi=Hi.
Therefore Hix=Hiy. Hence fis an injective map. Verify that
fis a homomorphism. Finally, since Gi−1/Giis abelian, and
Hi−1=H∩Gi−1, we get Hi−1/Hiis abelian. Thus His solvable.
Therefore subgroups of a solvable group are solvable.
Finally, we state Galois’ criterion for solvability of a polynomial by
radicals. We prove this theorem in Section 4.7.
113
Theorem 4.6.9. (Galois’ criterion) Let Fbe a field of characteristic
zero and f(x)∈F[x]. Then f(x) = 0 is solvable by radicals if and only
if the Galois group of f(x)is solvable.
Example 4.6.6. Consider the equation f(x) = x6−4x3+ 4. Since
f(x) = x6−4x3+ 4 = (x3−2)2, the roots of f(x) are θ1=3
√2,
θ2=3
√2ω, and θ3=3
√2ω2, where ω= (−1 + √3i)/2 is a complex root
of 1 (ω3= 1). Clearly, f(x) is solvable by radicals. We will now verify
that the Galois group Gis solvable by showing that Gis S3which is
solvable (see Example 4.6.5).
Check that Q(3
√2, ω) is the splitting field of f(x). By Theorem
4.6.3 there is an automorphism σ∈Gsuch that σ(θ1) = θ2. A root of
f(x) is mapped to another root by Gby Theorem 4.6.2. Therefore σ
takes θ3to itself or to θ1. Therefore σcan be either the permutation
(12) or (123) in S3. Thus Gcontains the permutations (12) and (123).
Therefore Gis S3by Exercise 8.
Example 4.6.7. By Example 4.6.3, we know that the Galois group G
of the polynomial f(x)=(x2−3)(x2−5) is isomorphic to Z2×Z2.
Hence Gis abelian. Consequently, the chain e⊂Gshows that Gis a
solvable group.
Example 4.6.8. In this example, we prove that f(x) = 2x5−10x−5
is not solvable by radicals. Eisenstein’s criterion (Theorem A.2.6) with
p= 5 implies that the polynomial f(x) is irreducible. The splitting
field of f(x) has degree divisible by 5 by Theorem 3.4.4. Consequently
the order of the Galois group Gof fis divisible by 5 by Lemma 4.6.1.
Therefore Ghas an element of order 5 by Corollary 4.4.8. The only
elements of order 5 in S5are the 5-cycles. Therefore Gcontains a
5-cycle.
The roots of the derivative f′(x) = 10x4−10 are ±1,±i. If f(x)
had 4 real roots, then by the mean value theorem, f′(x) must have 3
real roots. Consequently, since f′(x) has only two real roots, f(x) has
at most 3 real roots. f(x) has real roots in the intervals (−2,0),(0,1),
and (1,2) because f(−2) <0, f (0) >0, f(1) <0, and f(2) >0, that
is, f(x) has exactly three real roots. Let τ∈Gdenote the automor-
phism of complex conjugation. Then τfixes the three real roots and
interchanges the two complex roots of f(x). Thus τis a transposition.
Exercise 8 shows that the only subgroup of S5that contains both a
5-cycle and a transposition is S5itself. Therefore G∼
=S5. Since S5is
114
not a solvable group by Theorem 4.6.7, Galois’ criterion implies that
f(x) is not solvable by radicals.
Definition 4.6.5. Let r1, r2, . . . rnbe the roots of a polynomial f(x).
Then the discriminant of fis i<j (ri−rj)2.
Observe that the discriminant vanishes if and only if there is a
repeated root.
Consider a general polynomial f(x) = anxn+an−1xn−1+an−2xn−2+
. . . +a1x+a0. We leave it as an exercise to show that the discriminant
D(f) of f(x) is
D(f) = (−1)1
2n(n−1) 1
an
R(f, f ′, x),
where R(f, f ′, x) is the resultant of f(x) and its derivative f′(x).
Example 4.6.9. The discriminant of the polynomial f(x) = x5−x−1
is 100050000
010005000
001000500
000100050
−1 0 0 0 −1 0 0 0 5
−1−1 0 0 0 −1 0 0 0
0−1−1 0 0 0 −1 0 0
0 0 −1−1 0 0 0 −1 0
000−10000−1
= 2869.
Let f(x)∈Q[x]. In determining the Galois group of f(x), we
may assume f(x)∈Z[x] and f(x) is separable. Therefore the the
discriminant Dof f(x) is not zero. For a prime p, consider the reduction
f(x)≡f(x) (mod p). If pdivides Dthen f(x) has discriminant D= 0
in Zp. Therefore f(x) is not separable. If pdoes not divide D, then f(x)
is a separable polynomial and can factored in to distinct irreducibles.
Theorem 4.6.10. Let f(x)∈Z[x]be separable polynomial, and let p
be a prime. Consider the reduction f(x)≡f(x)(mod p). If f(x)is
separable, that is, pdoes not divide the discriminant of f(x), then the
Galois group of f(x)over Zpis a permutation group isomorphic to a
subgroup of the Galois group of f(x)over Q.
115
Corollary 4.6.11. Let f(x)∈Z[x]be separable polynomial, and let p
be a prime. Consider the reduction f(x)≡f(x)(mod p). If f(x)is
separable, that is, pdoes not divide the discriminant of f(x), then the
Galois group of f(x)over Qcontains an element with cycle decompo-
sition (n1, n2, . . . nk)where n1, . . . , nkare the degrees of the irreducible
factors of f(x).
The proofs of Theorem 4.6.10 and Corollary 4.6.11 are a conse-
quence of Corollary 4.6.5 and some elementary number theory. The
interested reader may refer to [25] for proofs.
Example 4.6.10. By Example 4.6.3, the discriminant of f(x) = x5−
x−1 is 2869 = 19 ×151. To apply Corollary 4.6.11, we reduce f(x)
mod p, where pis a prime and p̸∈ {19,151}. Since x5−x−1≡
(x2+x+ 1)(x3+x2+ 1) (mod 2), by Corollary 4.6.11, the Galois group
of f(x) over Q,G, has a (2,3) cycle. Cubing this element we see that
Ghas a transposition. The polynomial f(x) has no roots mod 3 and
therefore has no linear factors. Consequently, if f(x) is a reducible
polynomial, then it has an irreducible quadratic factor. There are 3
irreducible polynomials of degree 2 in Z3[x], namely, x2+ 1, x2+x+ 2,
and x2+ 2x+ 2, none of which divide f(x). Thus f(x) is an irreducible
polynomial in Z3[x]. Hence there is a 5-cycle in G. Since S5is generated
by a 5-cycle and any transposition (see Exercise 9), G=S5which is
not solvable. Therefore f(x) is not solvable by radicals.
Proposition 4.6.1. There exist infinitely many polynomials f(x)∈
Z[x]with Snas the Galois group.
Proof. By Theorem 4.5.10, for each positive integer n, there exists
an irreducible polynomial of degree nin Zp[x]. Consequently, let f1(x)
be an irreducible polynomial of degree nin Z2[x]. Let f2(x)∈Z3[x] be
a polynomial of degree n, such that, f2(x) is a product of an irreducible
polynomial of degree 2, say g(x), and irreducible polynomials of odd
degree. For example, if nis odd then f2(x) can be the product of
g(x), x, and an irreducible polynomial of degree n−3. If nis even,
f2(x) can be a product of g(x) and an irreducible polynomial of degree
n−2. Similarly, let f3∈Z5[x] be the product of xwith an irreducible
polynomial of degree n−1. Finally, let f(x)∈Z[x] be any polynomial
with f(x)≡f1(x)(mod 2)
≡f2(x)(mod 3)
≡f3(x)(mod 5).
116
By the Chinese Remainder Theorem, such an f(x) exists (see Exercise
2 in Section 6.4).
We now apply Corollary 4.6.11. The reduction of f(x) mod 2 shows
that f(x) is irreducible in Z[x], hence the Galois group is transitive on
the nroots of f(x). Raising the element given by the factorization of
f(x) mod 3 to a suitable odd power shows that the Galois group con-
tains a transposition. The factorization of f(x) mod 5 shows that the
Galois group contains an n−1 cycle. By Exercise 9 the only transitive
subgroup of Snthat contains an n−1 cycle and a transposition is Sn.
Therefore, it follows that the Galois group is Sn.
By Theorem 4.6.7, Snis not solvable for n≥5. Consequently,
Proposition 4.6.1 shows that there can be no general formulas for poly-
nomials with degrees greater than 4. We now demonstrate that Galois
groups of polynomials with coefficients in fields with characteristic zero,
and degrees less than 5, are always solvable. We also provide formulas
to find their roots.
Let kbe a field with characteristic zero. Let f(x)∈k[x] and let G
be its Galois group.
1. Let f(x) be linear of the form
f(x) = x−a.
Then x=ais the only root of f(x) and Gis trivial.
2. Let f(x) be a quadratic polynomial of the form
f(x) = x2+bx +c.
If the discriminant of f(x), namely √b2−4c, is a perfect square
(f(x) is reducible), then Gis trivial. If f(x) is irreducible, then G
is Z2. The quadratic formula is given by
x=−b±√b2−4c
2.
3. Let f(x) be a polynomial of degree 3.
(a) Let f(x) be reducible. If f(x) splits in to three linear factors,
then Gis trivial. If f(x) splits in to a linear factor and a
quadratic factor, then Gis Z2.
117
(b) Let f(x) be irreducible, then Gis either A3or S3.
Let f(x) be of the form
f(x) = x3+ax2+bx +c. (4.15)
Let
p=1
3(3b−a2), q =1
27(2a3−9ab + 27c),and D=−4p3−27q2.
(4.16)
Then the roots of the Equation 4.15 are
x1=A+B−a
3,
x2=t2A+tB −a
3,
x3=tA +t2B−a
3.(4.17)
where
A=3
−27
2q+3
2√−3D, B =3
−27
2q−3
2√−3D, and t=−1
2+1
2√−3.
(4.18)
Example 4.6.11. (a) For the equation x3−x2+ 3x+ 5 = 0,
p= 2.66, q= 5.92, D=−1023.99, A= 1.46, and B=−5.46
(see Equations 4.16 and 4.18). Finally, Equations 4.17 imply
that the roots are x1=−1, x2= 1 −2i, and x3= 1 + 2i.
(b) Similarly, p=−9.33, q= 5.92, D= 2303.99, A= 4 + 3.46i,
and B= 4 −3.46ifor the equation x3+ 5x2−x−5 = 0 and
its roots are x1= 1, x2=−1, and x3=−5.
4. Let f(x) be a polynomial of degree 4 of the form
f(x) = x4+ax3+bx2+cx +d. (4.19)
The resolvent cubic equation,g(y) of Equation 4.19 is
y3−2py2+ (p2−4r)y+q2(4.20)
118
where
p=−3a2+ 8b
8, q =a3−4ab + 8c
8,
r=−3a4+ 16a2b−64ac + 256d
256 .
(a) Let g(y) be reducible. If g(y) splits in to three linear factors,
then G=< e, (12)(34),(13)(24),(14)(23) >. If g(y) splits in
to a linear factor and a quadratic factor, then Gis either D4
or the cyclic group {e, (1234),(13)(24),(1432)}.
(b) If g(y) is irreducible, then Gis either A4or S4.
To solve the quartic equation 4.19, we first compute the roots y1,
y2, and y3, of the resolvent cubic equation 4.20. Then the roots
of the Equation 4.19 are
x1=√−y1+√−y2+√−y3
2,
x2=√−y1−√−y2−√−y3
2,
x3=−√−y1+√−y2−√−y3
2,
x4=−√−y1−√−y2+√−y3
2.(4.21)
Example 4.6.12. To solve the quartic equation x4−4x3+8.25x2−
8.5x+ 3.25 = 0, we first solve the cubic equation x3−4.5x2+
5.0625x= 0. We use the cubic formula to find the roots y1= 0,
y2= 2.25, and y3= 2.25. Consequently, by Equations 4.21,
the roots of the quartic equation are x1= 1, x2= 1, x3=
1−1.5i, and x4= 1 + 1.5i.
We refer the reader to [19] or [25] for details of these computations.
4.7 Proof of Galois’ Criterion for solvability.
In this section we present a proof of Galois’ Criterion for solvability of
polynomials by radicals.
119
Definition 4.7.1. An algebraic extension field Kof Fis normal pro-
vided that whenever an irreducible polynomial in f(x)has one root in
K, then it splits over K, that is, f(x)has all its roots in K.
The next theorem proves that a splitting field of a polynomial is
always a normal extension.
Theorem 4.7.1. The field Kis a splitting field over the field Fof some
polynomial in F[x]if and only if Kis a finite dimensional, normal
extension of F.
Proof. If Kis the splitting field of f(x)∈F[x], then K=F(u1, . . . , un)
where uiare roots of f(x). Consequently, [K:F] is finite by Exer-
cise 30 in Chapter 3. Let p(x) be an irreducible polynomial in F[x]
with a root v∈K. Let Lbe the splitting field of p(x) over K. To
prove that p(x) splits over K, we need to show that every root of p(x)
in Lis actually in K. Let w̸=v∈Lbe any root of p(x). Then
there is a σ∈GalFKsuch that σ(v) = wby Theorem 4.6.3, that
is , F(v)∼
=F(w). Consequently, since Kis a splitting field of the
polynomial f(x) over F(v) and K(w) is a splitting field of f(x) over
F(w), σextends to an isomorphism between Kand K(w) by Theorem
3.4.7, such that, vis mapped to wand the elements of Fremain fixed.
Therefore [K:F]=[K(w) : F] by Exercise 23 in Chapter 3. By The-
orem 3.4.4, [K(w) : K] is finite. Consequently, since [K:F] is finite,
Exercise 22 in Chapter 3 implies
[K:F] = [K(w) : F] = [K(w) : K][K:F].
Canceling [K:F] from both sides we get [K(w) : K] = 1, that is,
K(w) = K. Thus every root of p(x) is in Kwhich means that Kis
normal over F.
Conversely, assume Kis finite dimensional, normal extension of
Fwith basis {u1, . . . , un}. Then K=F(u1, . . . , un). Each uiis al-
gebraic over Fby Exercise 28 in Chapter 3. Let the minimal poly-
nomial of uibe pi(x). Since each pi(x) splits over Kby normality,
f(x) = p1(x)···pn(x) also splits over K. Therefore Kis the splitting
field of f(x).
An element uin an extension field Kof Fis said to be separable
over Fif uis a root of a separable polynomial in F[x]. The extension
field Kis said to be a separable extension if every element of Kis
separable over F.
120
Theorem 4.7.2. Let Fbe a field of characteristic zero, then every
algebraic extension field Kof Fis a separable extension.
Proof. By Theorem 3.4.8, the minimal polynomial of each u∈K
is separable. Hence uis separable. Consequently, Kis a separable
extension.
Definition 4.7.2. A field Kis said to be Galois over Fif Kis a finite
dimensional, normal, separable extension field of F.
Let Kbe an extension field of F. A field Esuch that F⊆E⊆K
is called an intermediate field of the extension. Since Kis also an
extension of Ethe Galois group GalEKconsists of all automorphisms
of Kthat fix Eelement wise. Since F⊆E, every automorphism in
GalEKautomatically fixes each element of F. Therefore, GalEKis a
subset (and hence subgroup) of GalFK.
Theorem 4.7.3. Let Kbe an extension field of F. If His a subgroup
of GalFK, let
EH={k∈K|σ(k) = kfor every σ∈H}
Then EHis an intermediate field of the extension. The field EHis
called the fixed field of the subgroup H.
Proof. If c, d ∈EHand σ∈H, then
σ(c+d) = σ(c) + σ(d) = c+dand σ(cd) = σ(c)σ(d) = cd.
Therefore EHis closed under addition and multiplication. Since σ(0F) =
0Fand σ(1F) = 1Ffor every automorphism, 0Fand 1Fare in EH. For
any nonzero c∈EHand any σ∈H,
σ(−c) = −σ(c) = −cand σ(c−1) = σ(c)−1=c−1.
Consequently, EHcontains the inverses of all the nonzero elements.
Hence EHis a subfield of K. Since His a subgroup of GalFK,σ(c) = c
for every c∈Fand σ∈H. Therefore F⊆EH.
Lemma 4.7.1. Let Kbe a finite dimensional extension field of F. If
His a subgroup of the Galois group GalFKand EHis the fixed field
of H, then Kis a simple, normal, separable extension of EH.
121
Proof. Each u∈Kis algebraic over Fby Exercise 28 in Chapter 3
and hence algebraic over E. Every automorphism in Hmust map uto
some root of the minimal polynomial of u. Let u1, . . . utbe the distinct
images of uunder automorphisms in Hand let f(x)=(x−u1)(x−
u2)···(x−ut). Since uiare distinct, f(x) is a separable polynomial.
Since every automorphism σ∈Hpermutes u1, . . . , ut,
σf (x) = (x−σ(u1))(x−σ(u2)) ·· ·(x−σ(ut)) = f(x).
Consequently, every automorphism fixes the coefficients of f(x), hence
the coefficients are in EH. Since uis a root of f(x), uis separable over
EH. Hence Kis a separable extension of EH. Since f(x) splits in K[x],
Kis normal over EHby Theorem 4.7.1. Since Kis finitely generated
over F,Kis finitely generated over EH. Hence K=EH(u) for some
u∈Kby Exercise 29 in Chapter 3. Therefore Kis simple.
Theorem 4.7.4. Let Kbe a finite-dimensional extension field of F.
If His a subgroup of the Galois group GalFKand Eis a fixed field
of H, then H=GalEKand |H|= [K:E]. Therefore the Galois
correspondence is surjective.
Proof. Lemma 4.7.1 shows that K=E(u) for some u∈K. If the
minimal polynomial p(x) of uover Ehas degree n, then [K:E] = n
by Theorem 3.4.4. The Galois group GalEKis completely determined
by its action on uby Theorem 4.6.4 and uis always mapped to another
root of p(x) by an automorphism in GalEKby Theorem 4.6.2. This
implies that the number of distinct automorphisms in GalEKis at
most n, that is, |GalEK| ≤ n. Now H⊆GalEKby definition of fixed
field E. Therefore
|H| ≤ |GalEK| ≤ n= [K:E].
Let f(x) be as in Lemma 4.7.1. Then Hcontains at least tauto-
morphisms (the number of distinct images of uunder H). Since uis a
root of f(x), p(x) divides f(x). Hence
|H| ≥ t= deg f(x)≥deg p(x) = n= [K:E].
Combining the inequalities, we get
|H| ≤ |GalEK| ≤ [K:E]≤ |H|.
Therefore |H|=|GalEK|= [K:E], and hence H=GalEK.
122
Theorem 4.7.5. Let Kbe a Galois extension of Fand Ean interme-
diate field. Then Eis a fixed field of the subgroup GalEK. Therefore
the Galois correspondence is injective for Galois extensions.
Proof. The fixed field E0of GalEKcontains Eby definition. To
show that E0⊆Ewe prove the contra positive: If u̸∈ Ethen u̸∈ E0.
Kis a Galois extension of the intermediate field by Exercises 34 and
35. Kis an algebraic extension of Eby Exercise 28 in Chapter 3.
Consequently uis algebraic over Ewith minimal polynomial p(x)∈
E[x] of degree ≥2 (if degree p(x) = 1, then u∈E). The roots of
p(x) are distinct by separability and all of then are in Kby normality.
Let vbe a root of p(x) different from u. Then there exists σ∈GalEk
such that σ(u) = vby Theorem 4.6.3. Therefore u∈E0and hence
E0=E.
Lemma 4.7.2. Let Kbe a finite dimensional normal extension field
of Fand Ean intermediate field which is normal over F. Then there
is a surjective homomorphism of groups θ:GalFK→GalFEwhose
kernel is GalEK.
Proof. Let σ∈GalFKand u∈E. Then uis algebraic over F
with minimal polynomial p(x). Since Eis a normal extension of F,
p(x) splits in E[x], that is, all the roots of p(x) are in E. Since σ(u)
is a root of p(x) by Theorem 4.6.2, σ(u)∈E. Therefore σ(E)⊆Efor
every σ∈GalFK. Thus the restriction of σto Eis an F-isomorphism
from Eto σ(E). Hence [E:F] = [σ(E) : F] by Exercise 23 in Chapter
3. Since F⊆σ(E)⊆E, [E:F]=[E:σ(E)][σ(E) : F] by Exercise
22 in Chapter 3. Thus [E:σ(E)] = 1. Therefore E=σ(E) and σ
restricted to Eis an automorphism in GalFE. Denote σrestricted to
Eby σ|E. Let θ:GalFK→GalFEbe such that θ(σ) = σ|E. Check
that θis a homomorphism of groups with kernel GalEK. To show
that θis surjective, note that Kis a splitting field of a polynomial
f(x) by Theorem 4.7.1. Kis also the splitting field of f(x) over E.
Consequently every τ∈GalFEcan be extended to an F-automorphism
σ∈GalFKby Theorem 3.4.7. This means that σ|E=τ, that is ,
θ(σ) = τ. Therefore θis surjective.
Theorem 4.7.6. [Fundamental Theorem of Galois Theory] If Kis a
Galois extension field of F, then
1. There is a bijection between the set Sof all intermediate fields of
the extension and the set Tof all subgroups of the Galois group
123
GalFK, given by assigning each intermediate field Eto the sub-
group Gal(K/E). Furthermore,
[K:E] = |GalEK|and [E:F] = [GalFK:GalEK].
2. An intermediate field Eis a normal extension of Fif and only if
the corresponding group GalEKis a normal subgroup of GalFK,
and in this case Gal(E/F ) = GalFK/GalEK.
Proof. There is a bijection between the set Sof all intermediate
fields of the extension and the set Tof all subgroups of the Galois group
GalFK, given by assigning each intermediate field Eto the subgroup
GalEKby Theorems 4.7.4 and 4.7.5. By Theorem 4.7.4, [K:E] =
|GalEK|. In particular if F=E, then [K:F] = |GalFK|. By
Exercise 22 in Chapter 3, [K:F]=[K:E][E:F]. Consequently, by
applying Lagrange’s Theorem 4.4.1, we get
[K:E][E:F] = [K:F] = |GalFK|=|GalEK|[GalFK:GalEK].
Dividing the equation by [K:E] = GalEKshows that
[E:F] = [GalFK:GalEK].
To prove part 2, assume that GalEKis a normal subgroup of
GalFK. Let p(x) be an irreducible in F[x] with a root uin E. To
show that Eis a normal extension field we must show that p(x) splits
in E[x]. Since Kis normal over F,p(x) splits in K[x]. So we need
only show that each root vof p(x) is in E. There is an automorphism
σ∈GalFKsuch that σ(u) = vby Theorem 4.6.3. If τ∈GalEK, then
since GalEKis normal, τ◦σ=σ◦τ1for some τ1∈GalEK. Since
u∈E,τ(v) = τ(σ(u)) = σ(τ1(u)) = σ(u) = v. Hence vis fixed by
every element τ∈GalEKand therefore is in E(see Theorem 4.7.5).
Thus Eis a normal extension of F.
Conversely, assume that Eis a normal extension of F. Then E
is finite dimensional over Fby part 1. By Lemma 4.7.2, there is a
surjective homomorphism of groups θ:GalFK→GalFEwith kernel
GalEK. Then GalEKis a normal subgroup of GalFKby Theorem
4.3.9, and GalFK/GalEK∼
=GalFEby the First Isomorphism Theo-
rem 4.3.11.
124
Example 4.7.1. Let f(x) = (x2−3)(x2−5). The splitting field of
f(x) is Q(√3,√5). By Example 4.6.3 we know that
Gal(Q(√3,√5)/Q) = {e, σ, τ, στ},
such that
√3e
−→ √3
√5−→ √5
√3σ
−→ −√3
√5−→ √5
√3τ
−→ √3
√5−→ −√5
√3στ
−→ −√3
√5−→ −√5
By the Fundamental Theorem, corresponding to each subgroup of
Gal(Q(√3,√5)/Q), there is a fixed subfield of Q(√3,√5).
For example, the subfield corresponding to the subgroup {e, σ}is
the set of elements fixed by the map
σ:a+b√3 + c√5 + d√5→a−b√3 + c√5−d√5
which is the set of elements a+c√5, that is, the field Q(√5). Similarly,
we can determine the fixed fields for other subgroups of Gal(Q(√3,√5)/Q):
Subgroup Fixed Field
{e}Q(√3,√5)
{e, σ}Q(√5)
{e, τ }Q(√3)
{e, στ }Q(√15)
{e, σ, τ, στ}Q
See Figure 4.1.
Definition 4.7.3. The extension K/F is said to be cyclic if it is Galois
with a cyclic Galois group.
Definition 4.7.4. Let K1and K2be two subfields of a field K. Then
the composite field of K1and K2, denoted K1K2is the smallest subfield
of Kcontaining both K1and K2.
Note that K1K2is the intersection of all the subfields of Kcontain-
ing both K1and K2.
Proposition 4.7.1. Let K1and K2be Galois extensions of a field F,
then the composite K1K2is Galois over F.
125
{e, σ, τ, στ }Q
Q(√5)Q(√3) Q(√15)
Q(√3,√5)
{e}
{e, τ } {e, στ} {e, σ }
Figure 4.1: The Galois correspondence of subgroups and subfields.
Proof. If K1is the splitting field of the separable polynomial f1(x)
and K2is the splitting field of the separable polynomial f2(x) then the
composite is the splitting field for the square free part of the polynomial
f1(x)f2(x), hence is Galois over F.
Proposition 4.7.2. Let Fbe a field of characteristic not dividing n
such that Fcontains all the n-th roots of unity. Then the extension
F(n
√a), for a∈F, is cyclic over Fof degree dividing n.
Proof. The extension K=F(n
√a) is Galois over Fif Fcontains
the n-th roots of unity since it is the splitting field for xn−a. For any
σ∈GalFK,σ(n
√a) is another root of xn−a. Hence σ(n
√a) = ωσn
√a
where ωσis some n-th root of unity. Let Gndenote the group of n-th
roots of unity. Since Fcontains Gn, every n-th root of unity is fixed
by GalFK. Hence for τ, σ ∈GalFK,
στ (n
√a) = σ(ωτn
√a) = ωτσ(n
√a) = ωτωσn
√a=ωσωτn
√a
which shows that ωστ =ωσωτ. Therefore the map f:GalFK→Gn
such that f(σ) = ωσis a homomorphism. The kernel of fis precisely
the identity and hence fis injective. Consequently, since Gnis cyclic
GalFKis cyclic. Since the image of fis a subgroup, |GalFK|divides
n. Consequently, by Theorem 4.7.6, Khas degree dividing n.
126
Definition 4.7.5. Let Fbe a field of characteristic not dividing n
such that Fcontains all the n-th roots of unity. Let Kbe any cyclic
extension of degree nover F. Let σbe the generator of the cyclic group
GalFK. For u∈Kand any n-th root of unity ω, define the Lagrange
resolvent (u, ω)∈Kby
(u, ω) = u+ωσ(u) + ω2σ2(u) + ···+ωn−1σn−1(u).
Proposition 4.7.3. Let Fbe a field of characteristic not dividing n
such that Fcontains all the n-th roots of unity. Let Kbe a cyclic
extension of F, then Kis of the form F(n
√a)for some a∈F.
Proof. Let σbe the generator of the cyclic group GalFKand let
u∈Kand ωbe a n-th root of unity. Since ω∈F, if we apply σto
the Lagrange resolvent (u, ω) we get
σ((u, ω)) = σ(u) + ωσ2(u) + ω2σ3(u) + ·· · +ωn−1σn(u).
Since σn= 1 in GalFKand ωn= 1 in Gn(the group of n-th roots
of unity), we get
σ((u, ω)) = σ(u) + ωσ2(u) + ω2σ3(u) + ·· · +ωn−1σn(u)
=ω−1(ωσ(u) + ω2σ2(u) + ·· · +ωn−1σn−1(u) + wnσn(u))
=ω−1(ωσ(u) + ω2σ2(u) + ·· · +ωn−1σn−1(u) + u)
=ω−1(u, ω).(4.22)
Therefore
σ(u, ω)n= (ω−1)n(u, ω)n= (u, ω)n.
Since (u, ω)nis fixed by GalFK, (u, ω)n∈Ffor any u∈K. By
the linear independence of the automorphisms 1, σ, σ2, . . . , σn−1, there
is an element u∈Kwith (u, σ)̸= 0. Iterating Equation 4.22 we get
σi((u, ω)) = (ω−i)(u, ω) and we see that σidoes not fix (u, ω) for any
i < n. Hence (u, ω) cannot lie in any proper subfield of K, so K=
F((u, ω)). Since (u, ω)n=a∈Fwe have F(n
√a) = F((u, ω)) = K.
The Galois closure Kof a field Fis the minimal Galois extension
of Fin the sense that if Lis a Galois extension of Fthen K⊆L.
Theorem 4.7.7. If uis contained in a root extension Kas in Equation
4.9, then uis contained in a root extension which is Galois over Fand
where each intermediate extension is cyclic.
127
Proof. Let Lbe the Galois closure of Kover F. For any σ∈GalFL,
we derive the chain of subfields from Equation 4.9
F=σK0⊂σK1⊂ ··· ⊂ σKi⊂σKi+1 ⊂ ··· ⊂ σKs=σK.
Since σ(ni
√ai) is a root of xni−σ(ai), it follows that σKi+1 =
σKi(σ(ni
√ai)), that is, σKi+1 is a simple radical extension of σKi.
Therefore σ(K) is solvable by radicals. Hence Lwhich is the com-
posite of all the fields σ(K) such that σ∈GalFLis also solvable by
radicals (see Exercises 36 and 37). Therefore uis contained in a Galois
root extension Land there are subfields Liof L
F=L0⊂L1⊂ ··· ⊂ Li⊂Li+1 ⊂ ·· · ⊂ Lr=L(4.23)
such that Li+1 is a simple radical extension of Li.
We now adjoin the ni-th roots of unity to Fto obtain a field F′. This
extension is derived as a chain of subfields such that each individual
extension is cyclic (adjoin one root at a time).
Form the composite of F′with the root extension 4.23
F⊆F′=F′L0⊂F′L1⊂ ··· ⊂ F′Li⊂F′Li+1 ⊂ ·· · ⊂ F′Lr=F′L.
Since F′and Lare Galois over F, the composite F′Lis Galois
over Fby Theorem 4.7.1. F′Li+1 is a simple radical extension of F′Li
and since F′Licontains the roots of unity F′Li+1 is also cyclic by
Proposition 4.7.2. Therefore F′Lis a root extension of Fwhere each
intermediate extension is cyclic.
Proposition 4.7.4. Suppose K/F is a Galois extension and F′/F is
any extension. Then K F ′/F ′is a Galois extension, with Galois group
Gal(K F ′/F ′)∼
=Gal(K/K ∩F′)
isomorphic to a subgroup of Gal(K/F ).
Proof. If K/F is Galois, then Kis the splitting field of some sep-
arable polynomial f(x)∈F[x]. Then K F ′/F ′is the splitting field
of f(x) viewed as a polynomial in F′(x), hence this extension is Ga-
lois. Consider the map ϕ:Gal(K F ′/F ′)→Gal(K/F ) such that
ϕ(σ)→σ|K. Check that this map defined by restricting an automor-
phism σto the subfield Kis a well defined homomorphism. Since an
element in Gal(KF ′/F ′) acts as the identity on F′), the elements in the
128
kernel of ϕare trivial on both Kand F′) and hence on their composite.
So Ker ϕ={σ∈Gal(K F ′/F ′)|σ|K= 1}, contains only the identity
automorphism. Hence ϕis injective.
Let Hdenote the image of ϕin Gal(K/F ) and let KHdenote the
corresponding fixed subfield of Kcontaining F. Since every element
in Hfixes F′,K∩F′⊆KH. Since, any σ∈Gal(K F ′/F ′) fixes
F′and acts on KH⊆Kvia its restriction σ|K∈H, fixes KHby
definition. Therefore, the KHF′is fixed by Gal(K F ′/F ′). By the
Fundamental Theorem, KHF′=F′. Consequently, KH⊆F′, which
gives the reverse inclusion KH⊆K∩F′. Hence KH =K∩F′. By
Fundamental Theorem, H=Gal(K F ′/F ′).
Theorem 4.7.8. Let Gbe a finite solvable group. Then Ghas a chain
of subgroups
G=G0⊇G1⊇G2⊇ ··· ⊇ Gn−1⊇Gn=< e > (4.24)
such that each Giis a normal subgroup of the preceding group Gi−1and
the quotient group Gi−1/Giis cyclic.
Proof. Proof is by induction on the order of G. The theorem is
true when |G|= 1. Let |G|>1. Assume the theorem holds for all
solvable groups of order less than |G|. Let Nbe a normal subgroup
of Gsuch that N̸=<e>. Such a subgroup exists because Gis a
solvable group of order greater than 1. Theorem 4.6.8 implies G/N is a
solvable group. By Lagrange’s Theorem 4.4.1, |G/N|<|G|. Hence the
induction hypothesis applies on G/N and there is a chain of subgroups
Tiof G/N such that
G/N =T0⊇T1⊇T2⊇ ··· ⊇ Tr−1⊇Tr=N(4.25)
such that Tiis a normal subgroup of the preceding group Ti−1and the
quotient group Ti−1/Tiis cyclic. By Theorem 4.3.8, for each Ti, there
is a subgroup Giof Gsuch that N⊂Giand Ti=Gi/N . Thus we get
a chain of subgroups Giof G
G=G0⊇G1⊇G2⊇ ··· ⊇ Gr−1⊇Gr=N. (4.26)
Appending the subgroup < e > to the end gives us a chain of
subgroups
G=G0⊇G1⊇G2⊇ ··· ⊇ Gr−1⊇N⊇< e > (4.27)
129
such that each Giis a normal subgroup of the preceding group Gi−1.
By Exercise 19, the quotient group Gi−1/Giis isomorphic to Ti−1/Ti,
and hence is cyclic. Therefore by induction the theorem holds for all
solvable groups.
Finally, we can prove Galois’ criterion for solvability of polynomials,
that is, for a polynomial f(x)∈F[x], where Fis a field of characteristic
zero, f(x) is solvable by radicals if and only if the Galois group Gof
f(x) is solvable.
Proof of Theorem 4.6.9. Suppose first that f(x) can be solved by
radicals. Then each root of f(x) is contained in an extension as in
Theorem 4.7.7. The composite Lof such extensions is also Galois
by Proposition 4.7.1. Let Gibe the subgroups corresponding to the
subfields Ki,i= 0,1, . . . , s −1. Since Gal(Ki+1/Ki) = Gi/Gi+1 for
each iit follows that the Galois Group G=Gal(L/F ) is a solvable
group. The field Lcontains the splitting field of f(x) so the Galois
group of f(x) is a quotient group of a solvable group Gand hence is
solvable by Theorem 4.6.8.
Suppose now that the Galois group Gof f(x) is a solvable group
and let Kbe the splitting field of f(x). Taking the fixed fields of the
subgroups in the Chain 4.24 for Ggives a chain
F=K0⊂K1⊂ ··· ⊂ Ki⊂Ki+1 ⊂ ·· · ⊂ Ks=K
where Ki+1/Kifor each iis a cyclic extension of degree ni. Let
F′be an extension field over F, that contains all the roots of unity of
order ni,i= 0, . . . , s −1. Form the composite fields K′
i=F′Ki. We
obtain a sequence of extensions
F⊆F′=F′K0⊆F′K1⊆ ··· ⊆ F′Ki⊆F′Ki+1 ⊆ ··· ⊆ F′Ks=F′K.
The extension F′Ki+1/F ′Kiis cyclic of degree dividing ni,i= 0, . . . , s−
1 by Proposition 4.7.4.
Since we now have appropriate roots of unity in the base fields, each
of these cyclic extensions is a simple radical extension by Proposition
4.7.3. Each of these roots of f(x) is therefore contained in the root
extension F′Kso that f(x) can be solved by radicals.
Exercises.
1. Let Gbe a group and let a, b ∈G. Prove that (ab)−1=b−1a−1.
130
2. Prove that Snis a nonabelian group with the operation of product
of permutations, and that the order of Snis n!. Also Prove that
the set of all permutations of a set Gwith nelements is isomorphic
to Sn.
3. Find the inverse of (1324) ∈S4.
4. Find the inverse of (15342) ∈S5.
5. Find the order of (12)(345) in S5.
6. Find the order of (123)(456) in S6.
item Prove that every permutation in Snis the product of disjoint
cycles.
7. Prove that (12) and (1234) generate S4.
8. Prove that the only subgroup Gof Snthat contains both a n-
cycle and a transposition is Snitself. (Hint: Relabel to show that
(12 ···n) is in G. Then show that Gcontains all the transposi-
tions. Finally use Lemma 4.1.1).
9. Prove that the only transitive subgroup of Snthat contains both
an−1-cycle and a transposition is Snitself.
10. Let Dn⊆Snbe defined by
Dn=< r, s|rn=s2=e, rs =sr−1> .
(a) Show that D3=S3.
(b) Compute the orders of D4and D5.
11. Show that the order of the group of even permutations, An, is
n!/2.
12. Show that the set A(G) of all bijective functions from Gto Gis
a group with composition as the group operation.
13. Prove that the set of units U8in Z8is a group under multiplica-
tion.
14. Show that the group U15 is generated by the elements 7 and 11.
15. Show that the group U18 is cyclic.
131
16. Show that the additive group Z2×Z3is cyclic.
17. Let Nbe a normal subgroup of a group Gand let Tbe a subgroup
of G/N. Prove that H={a∈G|N a ∈T}is a subgroup of G.
18. Prove that a subgroup with index 2 is a normal subgroup.
19. Let Kand Nbe normal subgroups of a group Gwith N⊆K⊆G.
Then K/N is a normal subgroup of G/N, and the quotient group
(G/N)/(K/N) is isomorphic to G/K.
20. Let N1, . . . , Nkbe normal subgroups of a group Gsuch that ev-
ery element of Gcan be written uniquely in the form a1a2. . . ak
with ai∈Ni. Let f:N1×N2× ··· × Nk→Gbe such that
f(a1, a2, . . . , ak) = a1a2···ak. Then prove that fis an isomor-
phism between N1×N2× ·· · × Nkand G.
21. Prove that N={1,17}is a normal subgroup of U32.
22. Prove that U32/N is isomorphic to U16.
23. Consider S4, the group of permutations of the set {1,2,3,4}.
Show that K={e, (12)(34),(13)(24),(14)(23)}is a normal sub-
group of S4.
24. Write the operation table for S4/K.
25. Let Gbe a group such that all its subgroups are normal. If
a, b ∈G, Show that there is an integer ksuch that ab =bak.
26. Let Gbe a group. For a∈Glet the map ϕa:G→Gbe such
that ϕa(x) = ax. Then prove that ϕais a bijection from Gto G.
27. Prove that every abelian group of order pq is isomorphic to Zpq,
where pand qare distinct primes.
28. Prove that every group of order 4 is isomorphic to either Z4or
Z2×Z2.
29. Prove that every group of order 6 is isomorphic to either S3or
Z6.
30. Explain why the two groups are not isomorphic:
132
(a) Z6and S3
(b) Zand R
(c) Z4×Z2and D4
(d) Z4×Z2and Z2×Z2×Z2
31. Let Hbe a nonempty finite subset of a group G. If His closed
under the operation in Gprove that His a subgroup of G.
32. Let Gbe a group.
(a) Show that the conjugacy relation on Gis reflexive, symmet-
ric, and transitive.
(b) Two conjugacy classes are either disjoint or identical.
(c) The group Gis a union of its distinct conjugacy classes.
33. If Gis a group and a∈G, prove that the centralizer of ais a
subgroup of G.
34. Let Kbe a splitting field of f(x) over F. If Eis a field such that
F⊆E⊆K, show that Kis a splitting field of f(x) over E.
35. If Kis separable over Fand Eis a field such that F⊆E⊆K,
show that Kis separable over E.
36. Prove that the composite of two root extensions is also a root
extension.
37. Prove that the Galois closure Lof a field Kis the composite of
all the fields σ(K) where σ∈GalFL.
38. Use the cubic formula to find the roots of the following equations.
(a) x3−3x2+ 28x−26
(b) x3−7.75x2+ 18.375x−13.5
39. Use the quartic formula to find the roots of the following equa-
tions.
(a) x4−3x3+ 11x2−27x+ 18
(b) x4−8x3+ 22.75x2−27x+ 11.25
133
40. Prove that the subgroup < e, (12)(34),(13)(24),(14)(23) ⊂S4is
isomorphic to Z2×Z2(Hint: every element has order 2).
41. Prove that the group S4is solvable. (Hint: use the chain of
subgroups < e >⊂< e, (12)(34),(13)(24),(14)(23) >⊂A4⊂S4).
42. Prove that the Galois group of a polynomial f(x)∈F[x] is a
subgroup of Anif and only if the discriminant D∈Fis a square
of an element of F.
43. If σ, τ ∈GalFK, then prove that σ◦τis an isomorphism from K
to K.
44. If σ∈GalFK, then prove that σ−1is an isomorphism from Kto
K.
45. Determine the Galois group Gof the polynomial f(x) = (x2−
2)(x2−3). Draw the Galois correspondence of the subgroups of
Gand the subfields of the splitting field of f(x).
46. Draw the Galois correspondence of the subgroups of the Galois
group of f(x) = x3−2 and the subfields of Q(3
√2, ω), where ωis
a root of x3−1.
134
Chapter 5
Constructing and
Enumerating integral roots
of systems of polynomials.
Either write something worth reading or do something worth writing.
Benjamin Franklin
Solving linear systems of equations is dealt with in Linear Algebra.
Abstract Algebra techniques come in to play when we restrict our so-
lutions to be integral, that is, every coordinate of a solution vector is
an integer. Finding only integral solutions of a linear system is a much
more complex problem than finding all its solutions. In this chapter, we
describe how to construct and enumerate integral roots of systems of
linear equations as lattice points inside polyhedral cones. We illustrate
this method by constructing and enumerating magic squares.
5.1 Magic Squares.
Amagic square is a square matrix whose entries are nonnegative inte-
gers, such that the sum of the numbers in every row, in every column,
and in each diagonal is the same number called the magic sum. See Fig-
ure 5.1 for examples of some ancient magic squares. We refer the reader
to [4] or [6] to read more about the history of magic squares. Con-
structing and enumerating magic squares and other variations of magic
squares are classical problems of interest. The well-known squares in
135
4 9 2
3 5 7
8 1 6
A
7 12 1 14
2 13 8 11
16 3 10 5
9 6 15 4
B C
16 3 2 13
5 10 11 8
9 6 7 12
4 15 14 1
Figure 5.1: (A) Loh-Shu (China, 2858-2738 B.C.), (B) Jaina (India, 12 th
century), and (C) the D¨urer (Germany, 1514) Magic squares.
Figure 5.2 were constructed by Benjamin Franklin. In a letter to Peter
Collinson he describes the properties of the 8 ×8 square F1 as follows:
1. The entries of every row and column add to a common sum called
the magic sum.
2. In every half-row and half-column the entries add to half the
magic sum.
3. The entries of the main bent diagonals (see Figure 5.4) and all
the bent diagonals parallel to it (see Figure 5.5) add to the magic
sum.
4. The four corner entries together with the four middle entries add
to the magic sum.
Henceforth, when we say row sum, column sum, bent diagonal sum,
and so forth, we mean that we are adding the entries in the correspond-
ing configurations. Franklin mentions that the square F1 has five other
curious properties but fails to list them. He also says, in the same let-
ter, that the 16×16 square F3 has all the properties of the 8×8 square,
but that in addition, every 4 ×4 subsquare adds to the common magic
sum. More is true about this square F3. Observe that every 2 ×2
subsquare in F3 adds to one-fourth the magic sum. The 8 ×8 squares
have magic sum 260 while the 16×16 square has magic sum 2056. For
a detailed study of these three “Franklin” squares, see [2], [6], and [28].
We define 8 ×8Franklin squares to be squares with nonnegative
integer entries that have the properties (1) - (4) listed by Benjamin
Franklin and the additional property that every 2×2 subsquare adds to
one-half the magic sum (see Figure 5.3). The 8×8 squares constructed
136
F1
64 2 51 13 60 6 55 9
16 50 3 61 12 54 7 57
F2
58 39 26 7 250 231 218 199 186 167 154 135 122 103 90 71
198 219 230 251 6 27 38 59 70 91 102 123 134 155 166 187
60 37 28 5 252 229 220 197 188 165 156 133 124 101 92 69
201 216 233 248 9 24 41 56 73 88 105 120 137 152 169 184
55 42 23 10 247 234 215 202 183 170 151 138 119 106 87 74
203 214 235 246 11 22 43 54 75 86 107 118 139 150 171 182
53 44 21 12 245 236 213 204 181 172 149 140 117 108 85 76
205 212 237 244 13 20 45 52 77 84 109 116 141 148 173 180
51 46 19 14 243 238 211 206 179 174 147 142 115 110 83 78
207 210 239 242 15 18 47 50 79 82 111 114 143 146 175 178
49 48 17 16 241 240 209 208 177 176 145 144 113 112 81 80
196 221 228 253 4 29 36 61 68 93 100 125 132 157 164 189
62 35 30 3 254 227 222 195 190 163 158 131 126 99 94 67
194 223 226 255 2 31 34 63 66 95 98 127 130 159 162 191
64 33 32 1 256 225 224 193 192 161 160 129 128 97 96 65
F3
53 60 5 12 21 28 37 44
200 217 232 249 8 25 40 57 72 89 104 121 136 153 168 185
52 61 4 13 20 29 36 45
14 3 62 51 46 35 30 19
11 6 59 54 43 38 27 22
55 58 7 10 23 26 39 42
9 8 57 56 41 40 25 24
16 1 64 49 48 33 32 17
50 63 2 15 18 31 34 47
32 34 19 45 28 38 23 41
17 47 30 36 21 43 26 40
1 63 14 52 5 59 10 56
33 31 46 20 37 27 42 24
48 18 35 29 44 22 39 25
49 15 62 4 53 11 58 8
Figure 5.2: Squares constructed by Benjamin Franklin.
by Franklin have this extra property (this might be one of the unstated
curious properties to which Franklin was alluding in his letter). It is
worth noticing that the fourth property listed by Benjamin Franklin
becomes redundant with the assumption of this additional property.
Similarly, we define 16 ×16 Franklin squares to be 16 ×16 squares
that have nonnegative integer entries with the property that all rows,
columns, and bent diagonals add to the magic sum, the half-rows and
half-columns add to one-half the magic sum, and the 2 ×2 subsquares
add to one-fourth the magic sum. The 2×2 subsquare property implies
that every 4 ×4 subsquare adds to the common magic sum.
The property of the 2 ×2 subsquares adding to a common sum and
the property of bent diagonals adding to the magic sum are “continuous
properties.” By this we mean that, if we imagine the square as the
surface of a torus (i.e., if we glue opposite sides of the square together),
then the bent diagonals and the 2 ×2 subsquares can be translated
without effect on the corresponding sums (see Figure 5.5).
137
= Magic sum
= Magic sum= Magic sum
= Magic sum = Magic sum
= half the Magic sum
= Magic sum= half the Magic sum = half the Magic sum
= Magic sum
Figure 5.3: Defining properties of the 8 ×8 Franklin squares [6].
When the entries of a n×nmagic square (or Franklin square) are
1,2,3, . . . , n2, it is called a natural square. Observe that the squares
in Figures 5.1 and 5.2 are natural squares. Nevertheless, in this chap-
ter, our study is not restricted to natural squares. In the following
sections, we develop algebraic methods to construct and enumerate all
such squares.
5.2 Polyhedral cones.
A set Pof vectors in Rnis called a polyhedron if P={y:Ay ≤b}for
some matrix Aand vector b. A bounded polyhedron is called a polytope.
A nonempty set Cof points in Rnis a cone if au +bv belongs to C
whenever uand vare elements of Cand aand bare nonnegative real
numbers. A cone is pointed if the origin is its only vertex (or minimal
face; see [32]). A cone Cis polyhedral if C={y:Ay ≤0}for some
matrix A, i.e, if Cis the intersection of finitely many half-spaces. If,
138
Figure 5.4: The four main bent diagonals [28].
52 61 4 13 20 29 36 45 52 61 4
14 3 62 51 46 35 30 19 14 3 62
53 60 5 12 21 28 37 44 53 60 5
11 6 59 54 43 38 27 22 11 6 59
9 8 57 56 41 40 25 24 9 8 57
50 63 2 15 18 31 34 47 50 63 2
16 1 64 49 48 33 32 17 16 1 64
52 61 4 13 20 29 36 45 52 61 4
14 3 62 51 46 35 30 19 14 3 62
11 6 59 54 43 38 27 22 11 6 59
55 58 7 10 23 26 39 42 55 58 7
52 61 4 13 20 29 36 45 52 61 4
14 3 62 51 46 35 30 19 14 3 62
16 1 64 49 48 33 32 17 16 1 64
36 45
30 19
37 44
27 22
39 42
25 24
34 47
32 17
50 63 2 15 18 31 34 47 50 63 2
55 58 7 10 23 26 39 42 55 58 7
4536
53 60 5 12 21 28 37 44 53 60 5
50 63 2 15 18 31 34 47 50 63 2
9 8 57 56 41 40 25 24 9 8 57
16 1 64 49 48 33 32 17 16 1 64
Figure 5.5: Continuous properties of Franklin squares.
in addition, the entries of the matrix Aare rational numbers, then C
is called a rational polyhedral cone. A point yin the cone Cis called
an integral point if all its coordinates are integers.
For the purposes of constructing and enumerating magic squares, we
regard n×nmagic squares as either n×nmatrices or vectors in Rn2and
apply the normal algebraic operations to them. We also consider the
entries of an n×nmagic square as variables yij (1 ≤i, j ≤n). If we set
the first row sum equal to all other mandatory sums, then magic squares
become nonnegative integral solutions to a system of linear equations
Ay = 0, where Ais an (2n+ 1) ×n2matrix each of whose entries is
0, 1, or -1. It is easy to verify that the sum of two magic squares is a
magic square and that nonnegative integer multiples of magic squares
are magic squares. Therefore, the set of magic squares is the set of all
integral points inside a polyhedral cone CMn={y:Ay = 0, y ≥0}in
139
Rn2, where Ais the coefficient matrix of the defining linear system of
equations. Observe that CMnis a pointed cone.
Like in the case of magic squares, we consider the entries of an n×n
Franklin square as variables yij (1 ≤i, j ≤n) and set the first row sum
equal to all other mandatory sums. Thus, Franklin squares become
nonnegative integral solutions to a system of linear equations Ay = 0,
where Ais an (n2+ 8n−1) ×n2matrix each of whose entries is 0, 1,
or -1. The cone of Franklin squares is also pointed.
Example 5.2.1. 1. The equations defining 3 ×3 magic squares are:
y11 +y12 +y13 =y21 +y22 +y23
y11 +y12 +y13 =y31 +y32 +y33
y11 +y12 +y13 =y11 +y21 +y31
y11 +y12 +y13 =y12 +y22 +y32
y11 +y12 +y13 =y13 +y23 +y33
y11 +y12 +y13 =y11 +y22 +y33
y11 +y12 +y13 =y13 +y22 +y31
Therefore, 3 ×3 magic squares are nonnegative integer solutions
to the system of equations Ay = 0 where:
A=
111−1−1−1000
1 1 1 0 0 0 −1−1−1
011−100−1 0 0
1 0 1 0 −1 0 0 −1 0
1 1 0 0 0 −100−1
0 1 1 0 −1 0 0 0 −1
1 1 0 0 −1 0 −1 0 0
and y=
y11
y12
y13
y21
y22
y23
y31
y32
y33
2. In the case of 4 ×4 magic squares, there are three linear relations
equating the first row sum to all other row sums and four more
equating the first row sum to column sums. Similarly, equating
the two diagonal sums to the first row sum generates two more
linear equations. Thus, there are a total of 9 linear equations that
define the cone of 4 ×4 magic squares. The coefficient matrix A
140
has rank 8 and therefore the cone CM4of 4 ×4 magic squares has
dimension 16 −8 = 8.
3. In the case of the 8 ×8 Franklin squares, there are seven linear
relations equating the first row sum to all other row sums and
eight more equating the first row sum to column sums. Similarly,
equating the eight half-row sums and the eight half-column sums
to the first row sum generates sixteen linear equations. Equating
the four sets of parallel bent diagonal sums to the first row sum
produces another thirty-two equations. We obtain a further sixty-
four equations by setting all the 2×2 subsquare sums equal to the
first row sum. Thus, there are a total of 127 linear equations that
define the cone of 8 ×8 Franklin squares. The coefficient matrix
Ahas rank 54 and therefore the cone of 8 ×8 Franklin squares
has dimension 10.
5.3 Hilbert bases of Polyhedral cones
In 1979, Giles and Pulleyblank introduced the notion of a Hilbert basis
of a cone [21]. For a given cone C, its set SC=C∩Znof integral
points is called the semigroup of the cone C.
Definition 5.3.1. A Hilbert basis for a cone Cis a finite set of points
HB(C)in its semigroup SCsuch that each element of SCis a linear
combination of elements from HB(C)with nonnegative integer coeffi-
cients.
Example 5.3.1. The integral points inside and on the boundary of
the parallelepiped in R2with vertices (0,0),(3,2),(1,3) and (4,5) in
Figure 5.6 form a Hilbert basis of the cone generated by the vectors
(1,3) and (3,2).
The minimal Hilbert basis of a cone is defined to be the smallest
finite set Sof integral points with the property that any integral point
can be expressed as a linear combination with nonnegative integer coef-
ficients of the elements of S. An integral point of a cone Cis irreducible
if it is not a linear combination with integer coefficients of other inte-
gral points. The cone generated by a set Xof vectors is the smallest
cone containing Xand is denoted by cone X; so
cone X={λ1x1+.... +λkxk|k≥0; x1, . . . , xk∈X;λ1, . . . , λk≥0}.
141
(4,5)
(3,2)
(1,3)
(0,0)
Figure 5.6: A Hilbert Basis of a two dimensional cone.
Theorem 5.3.1. Each rational polyhedral cone Cis generated by a
Hilbert basis. If Cis pointed, then there is a unique minimal integral
Hilbert basis generating C(minimal relative to taking subsets).
Proof. Let Cbe a rational polyhedral cone, generated by b1, b2, ..., bk.
Without loss of generality b1, b2, ..., bkare integral vectors. Let a1, a2, ..., at
be all the integral vectors in the polytope P:
P={λ1b1+.... +λkbk|0≤λi≤1 (i= 1, .., k)}
Then a1, a2, ..., atgenerate Cas b1, b2, ..., bkoccur among a1, a2, ..., at
and as Pis contained in C. We will now show that a1, a2, ..., atalso
form a Hilbert basis. Let bbe an integral vector in C. Then there are
µ1, µ2, ..., µk≥0 such that
b=µ1b1+µ2b2+· ·· +µkbk.(5.1)
Let ⌊µi⌋denote the floor of µi, then
b=⌊µ1⌋b1+⌊µ2⌋b2+···+⌊µk⌋bk+(µ1−⌊µ1⌋)b1+(µ2−⌊µ2⌋)b2+·· ·+(µk−⌊µk⌋)bk.
Now the vector
b− ⌊µ1⌋b1− · ·· − ⌊µk⌋bk= (µ1− ⌊µ1⌋)b1+·· · + (µk− ⌊µk⌋)bk(5.2)
occurs among a1, a2, ..., atas the left side of the Equation 5.2 is
clearly integral and the right side belong to P. Since also b1, b2, ..., bk
occur among a1, a2, ..., at, it follows that 5.1 decomposes bas a non-
negative integral combination of a1, a2, ..., at. So a1, a2, ..., atform a
Hilbert basis.
142
Next suppose Cis pointed. Consider Hthe set of all irreducible
integral vectors. Then it is clear that any Hilbert basis must contain
H. So His finite because it is contained in P. To see that Hitself
is a Hilbert basis generating C, let bbe a vector such that bx > 0 if
x∈C\{0}(bexists because Cis pointed). Suppose not every integral
vector in Cis a nonnegative integral combination of vectors in H. Let
cbe such a vector, with bc as small as possible (this exists, as cmust
be in the set P). As cis not in H,c=c1+c2for certain nonzero
integral vectors c1and c2in C. Then bc1< bc and bc2< bc. Therefore
c1and c2are nonnegative integral combinations of vectors in H, and
therefore cis also.
The minimal Hilbert basis of a pointed cone is unique and hence-
forth, when we say the Hilbert basis, we mean the minimal Hilbert
basis. All the elements of the minimal Hilbert basis are irreducible.
Since magic squares are integral points inside a cone, Theorem 5.3.1
implies that every magic square is a nonnegative integer linear combi-
nation of irreducible magic squares.
We use the software 4ti2 to compute Hilbert bases (see [26]; software
implementation 4ti2 is available from http://www.4ti2.de). Algorithms
to compute Hilbert bases are discussed in Appendix A.
Example 5.3.2. 1. The minimal Hilbert basis of the 3 ×3 magic
squares is given in Figure 5.7. A Hilbert basis construction of the
Loh-shu magic square is given in Figure 5.8.
2. The minimal Hilbert basis of the polyhedral cone of 4 ×4 magic
squares is given in Figure 5.9. Two different Hilbert basis con-
structions of the Jaina magic square is given in Figures 5.10 and
5.11. Thus, Hilbert basis constructions are not unique.
1 0 2
2 1 0
0 2 1
2 0 1
0 1 2
1 2 0
0 2 1
2 1 0
1 0 2
1 2 0
0 1 2
2 0 1
1 1 1
1 1 1
1 1 1
Figure 5.7: The minimal Hilbert Basis of 3 ×3 Magic squares.
Example 5.3.3. Let Sndenote the group of n×npermutation matrices
acting on n×nmatrices. Let (ri, rj) denote the operation of exchanging
143
+3 + =
1 2 0
0 1 2
2 0 1
0 2 1
2 1 0
1 0 2
1 1 1
1 1 1
1 1 1
4 9 2
3 5 7
8 1 6
Figure 5.8: A Hilbert basis construction of the Loh-Shu magic square.
0 0 1 0
0 1 0 0
0 0 0 1
1 0 0 0
0 0 1 0
1 0 0 0
0 1 0 0
0 0 0 1
1 0 0 0
1 0 0 00 0 1 0
0 0 1 0
0 1 0 0 0 1 0 0
0 0 0 1
0 0 0 1 0 1 0 0
0 1 0 0
0 1 0 0
0 1 0 0
0 0 0 1
0 0 0 1
0 0 0 1
0 0 0 1
1 0 0 0
1 0 0 0
1 0 0 0 1 0 0 0
0 0 1 0
0 0 1 0 0 0 1 0
0 0 1 0
1 0 1 0
0 0 0 2
0 1 1 0
1 1 0 0
0 0 2 0
0 1 0 1
1 1 0 0
1 0 0 1
0 0 1 1
0 1 0 1
1 0 1 0
1 1 0 0
1 1 0 0
0 1 1 0
0 0 0 2
1 0 1 0
1 0 0 1
1 1 0 0
0 1 0 1
0 0 2 0
0 1 0 1
1 1 0 0
0 0 1 1
1 0 1 0
1 0 0 1
0 0 1 1
0 2 0 0
1 0 1 0
0 2 0 0
1 0 1 0
0 0 1 1
1 0 0 1
1 1 0 0
1 0 1 0
0 1 0 1
0 0 1 1
0 1 0 1
0 1 1 0
0 0 1 1
2 0 0 0
1 0 1 0
0 0 1 1
1 1 0 0
0 1 0 1
0 0 1 1
0 1 1 0
2 0 0 0
0 1 0 1
h1
h13
h2 h3 h4 h5
h6 h7 h8 h9 h10
h11 h12 h14 h15
h16 h17 h18 h19 h20
Figure 5.9: The minimal Hilbert Basis of 4 ×4 Magic squares.
rows iand jof a square matrix, and let (ci, cj) denote the analogous
operation on columns. Let Gbe the subgroup of S8generated by
{(c1, c3),(c5, c7),(c2, c4),(c6, c8),(r1, r3),(r5, r7),(r2, r4),(r6, r8)}.
The Hilbert basis of the polyhedral cone of 8 ×8 Franklin squares
is generated by the action of the group Gon the three squares T1, T2,
and T3 in Figure 5.12 and their counterclockwise rotations through
90 degree angles. Not all squares generated by these operations are
distinct. Let Rdenote the operation of rotating a square 90 degrees in
the counterclockwise direction. Observe that R2·T1 is the same as T1
and R3·T1 coincides with R·T1. Similarly, R2·T2 is just T2, and R3·T2
144
1 0 0 0
0 0 1 0
0 0 0 1
0 1 0 0
0 1 0 0
0 0 0 1
0 0 1 0
1 0 0 0
1 0 0 0
0 0 0 1
0 1 0 0
0 0 1 0
0 0 0 1
0 1 0 0
1 0 0 0
0 0 1 0
0 1 0 0
0 0 1 0
1 0 0 0
0 0 0 1
7 12 1 14
2 13 8 11
16 3 10 5
9 6 15 4
=
+4 +2 +8
+3 +12 +4
0 0 1 0
0 1 0 0
0 0 0 1
1 0 0 0
0 0 0 1
1 0 0 0
0 0 1 0
0 1 0 0
h1 h3 h4 h5
h6 h7 h8 Jaina magic square
Figure 5.10: A Hilbert basis construction of the Jaina magic square.
1 0 0 0
0 0 1 0
0 0 0 1
0 1 0 0
0 1 0 0
0 0 0 1
0 0 1 0
1 0 0 0
1 0 0 0
0 0 0 1
0 1 0 0
0 0 1 0
0 0 0 1
0 1 0 0
1 0 0 0
0 0 1 0
0 1 0 0
0 0 1 0
1 0 0 0
0 0 0 1
7 12 1 14
2 13 8 11
16 3 10 5
9 6 15 4
=
1 1 0 0
0 1 1 0
0 0 0 2
1 0 1 0
1 0 0 1
0 0 1 1
1 0 1 0
0 2 0 0
1 1 0 0
1 0 1 0
0 1 0 1
0 0 1 1
0 0 1 1
0 1 1 0
2 0 0 0
0 1 0 1
+2 + +2 +8
++ +11 +
h3h15 h17 h5
h6 h7 h8 Jaina magic squareh20
h14
Figure 5.11: Another Hilbert basis construction of the Jaina magic square.
is the same as R·T2. Also T1 and R·T1 are invariant under the action
of the group G. Therefore the Hilbert basis of the polyhedral cone of
8×8 Franklin squares consists of the ninety-eight Franklin squares: T1
and R·T1; the thirty-two squares generated by the action of Gon T2
and R·T2; the sixty-four squares generated by the action of Gon T3
and its three rotations R·T3, R2·T3, and R3·T3.
Two different Hilbert basis constructions of the Franklin squares F2
are provided in Figures 5.13 and 5.14.
5.4 Toric Ideals.
In this section, we demonstrate with the example of magic squares how
to avoid repetitions while enumerating integer solutions of equations.
We map integral points to monomials and then apply algebraic methods
145
T1 T2 T3
0 1 0 1 0 1 0 1
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
0 1 0 1 0 1 0 1
0 1 0 1 0 1 0 1
0 1 0 1 0 1 0 1
1 1 0 1 1 1 0 1
1 1 0 1 1 1 0 1
1 1 0 1 1 1 0 1
1 1 0 1 1 1 0 1
0 1 1 1 0 1 1 1
1 0 2 0 1 0 2 0
0 1 1 1 0 1 1 1
1 0 2 0 1 0 2 0
0 1 0 1 0 1 0 1
1 0 1 0 1 0 1 0
0 1 0 1 0 1 0 1
1 0 1 0 1 0 1 0
0 1 0 1 0 1 0 1
1 0 1 0 1 0 1 0
0 1 0 1 0 1 0 1
1 0 1 0 1 0 1 0
Figure 5.12: Generators of the Hilbert basis of 8 ×8 Franklin squares.
to eliminate duplicate solutions.
Let A={a1, a2, ..., ar}be a subset of Zn,ai= (ai1, ai2, . . . , ain), and
ϕbe the unique ring homomorphism between the rings k[x1, x2, . . . , xr]
and k[t±1
1, t±1
2, . . . , t±1
n] such that ϕ(xi) = tai, the monomial defined by
tai=
j=1,...,n
taij
j.
The kernel of ϕis an ideal of k[x1, x2, . . . , xr] called the toric ideal
of Aand is denoted by IA.
We now demonstrate how to use toric ideals while enumerating
magic squares. Different combinations of the elements of a Hilbert
basis sometimes produce the same magic square. Figures 5.10 and 5.11
exhibit two different Hilbert basis constructions of the Jaina magic
square. This is due to algebraic dependencies among the elements
of the Hilbert basis. Repetitions have to be avoided when counting
squares. We solve this problem by using toric ideals of the Hilbert
bases.
Let HB(CMn) = {h1, h2, . . . hr}be a Hilbert basis for the cone of
n×nmagic squares. Denote the entries of the square hpby yp
ij, and let k
be any field. Let ϕbe the ring homomorphism between the polynomial
rings k[x1, x2, . . . , xr] and k[t11, t12 , . . . , t1n, t21, t22, . . . t2n, . . . , tn1, tn2, . . . , tnn]
such that ϕ(xp) = thp, the monomial defined by
thp=
i,j=1,...,n
typ
ij
ij .
Since the entries of hiare all nonnegative, we are dealing with only
polynomial rings in this case. Observe that, in general, the definition
146
0 1 1 0 1 1 0 0
1 0 0 1 0 0 1 1
0 1 1 0 1 1 0 0
0 1 1 0 1 1 0 0
0 1 1 0 1 1 0 0
1 0 0 1 0 0 1 1
1 0 0 1 0 0 1 1
1 0 0 1 0 0 1 1
0 1 0 1 0 1 0 1
0 1 0 1 0 1 0 1
1 0 1 0 1 0 1 0
1 1 0 0 0 0 1 1
0 0 1 1 1 1 0 0
1 1 0 0 0 0 1 1
1 1 0 0 0 0 1 1
1 1 0 0 0 0 1 1
0 0 1 1 1 1 0 0
0 0 1 1 1 1 0 0
0 0 1 1 1 1 0 0
1 0 1 0 1 0 1 0
0 1 0 1 0 1 0 1
1 0 1 0 1 0 1 0
0 1 0 1 0 1 0 1
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
0 1 0 1 0 1 0 1
0 1 0 1 0 1 0 1
0 1 0 1 0 1 0 1
0 1 0 1 0 1 0 1
5+ 16 +4
+
+2
+3 +2
+32
0 1 1 0 0 1 1 0
1 0 0 1 1 0 0 1
0 1 1 0 0 1 1 0
0 1 1 0 0 1 1 0
0 1 1 0 0 1 1 0
1 0 0 1 1 0 0 1
1 0 0 1 1 0 0 1
1 0 0 1 1 0 0 1
0 1 1 0 0 0 1 1
1 0 0 1 1 1 0 0
0 1 1 0 0 0 1 1
0 1 1 0 0 0 1 1
0 1 1 0 0 0 1 1
1 0 0 1 1 1 0 0
1 0 0 1 1 1 0 0
1 0 0 1 1 1 0 0
0 0 1 1 0 0 1 1
1 1 0 0 1 1 0 0
0 0 1 1 0 0 1 1
0 0 1 1 0 0 1 1
0 0 1 1 0 0 1 1
1 1 0 0 1 1 0 0
1 1 0 0 1 1 0 0
1 1 0 0 1 1 0 0
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
0 1 0 1 0 1 0 1
0 1 0 1 0 1 0 1
0 1 0 1 0 1 0 1
0 1 0 1 0 1 0 1
=
17 47 30 36 21 43 26 40
32 34 19 45 28 38 23 41
33 31 46 20 37 27 42 24
48 18 35 29 44 22 39 25
49 15 62 4 53 11 58 8
64 2 51 13 60 6 55 9
1 63 14 52 5 59 10 56
16 50 3 61 12 54 7 57
h1 h2 h3
h4 h5 h6
h7 h8 F2
Figure 5.13: Constructing Benjamin Franklin’s 8 ×8 square F2.
of the toric ideal is not restricted to polynomial rings alone. See [1],
[9], or [39] for a detailed study of toric ideals.
Monomials in k[x1, x2, . . . , xr] correspond to magic squares under
this map, and multiplication of monomials corresponds to addition of
magic squares. For example, the monomial x5
1x200
3corresponds to the
magic square 5h1+ 200h3. Different combinations of Hilbert basis ele-
ments that give rise to the same magic square can then be represented
as polynomial equations. Thus, from the two different Hilbert basis
constructions of the Jaina magic square represented in Figures 5.10
and 5.11, we learn that
h1 + 4 ·h3+2·h4+8·h5 + 3 ·h6 + 12 ·h7+4·h8 =
h3 + 8 ·h5 + h6 + 11 ·h7 + h8 + h14 + 2 ·h15 + 2 ·h17 + h20
In k[x1, x2, . . . , xr], this algebraic dependency of Hilbert basis elements
translates to
x1x4
3x2
4x8
5x3
6x12
7x4
8−x3x8
5x6x11
7x8x14x2
15x2
17x20 = 0.
Consider the set of all polynomials in k[x1, x2, . . . , xr] that are mapped
to the zero polynomial under ϕ. This set, which corresponds to all the
147
0 1 1 1 1 1 0 1
2 0 1 0 1 0 2 0
0 1 1 1 1 1 0 1
0 1 1 1 1 1 0 1
1 1 0 1 0 1 1 1
2 0 1 0 1 0 2 0
0 1 1 1 1 1 0 1
1 1 0 1 0 1 1 1
1 0 2 0 2 0 1 0
1 1 0 1 0 1 1 1
0 1 1 1 1 1 0 1
0 1 1 1 1 1 0 1
1 1 0 1 0 1 1 1
1 1 0 1 0 1 1 1
1 1 0 1 0 1 1 1
1 0 2 0 2 0 1 0
1 0 2 0 2 0 1 0
1 1 0 1 0 1 1 1
0 1 1 1 1 1 0 1
0 1 1 1 1 1 0 1
1 1 0 1 0 1 1 1
1 1 0 1 0 1 1 1
1 1 0 1 0 1 1 1
1 0 2 0 2 0 1 0
0 1 1 0 1 1 0 0
1 0 1 0 1 0 1 0
0 1 1 0 1 1 0 0
0 1 1 0 1 1 0 0
0 1 1 0 1 1 0 0
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
2+ + +
0 1 0 1 0 1 0 1
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
0 1 0 1 0 1 0 1
0 1 0 1 0 1 0 1
0 1 0 1 0 1 0 1
1 1 1 0 1 1 1 0
1 0 1 1 1 0 1 1
0 2 0 1 0 2 0 1
1 0 1 1 1 0 1 1
1 1 1 0 1 1 1 0
0 1 1 1 0 1 1 1
2 0 1 0 2 0 1 0
0 1 1 1 0 1 1 1
0 1 1 1 0 1 1 1
2 0 1 0 2 0 1 0
0 1 1 1 0 1 1 1
1 1 0 1 1 1 0 1
0 1 1 0 0 1 1 0
1 0 0 1 1 0 0 1
0 1 1 0 0 1 1 0
1 0 0 1 1 0 0 1
0 1 1 0 0 1 1 0
1 0 0 1 1 0 0 1
0 1 1 0 0 1 1 0
1 0 0 1 1 0 0 1
0 1 1 0 0 0 1 1
0 1 1 0 0 0 1 1
0 1 1 0 0 0 1 1
1 0 0 1 1 1 0 0
0 1 1 0 0 0 1 1
1 0 0 1 1 1 0 0
1 0 0 1 1 1 0 0
1 0 0 1 1 1 0 0
+ 32 + 12
0 1 0 1 0 1 0 1
0 1 0 1 0 1 0 1
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
1 0 1 0 1 0 1 0
0 1 0 1 0 1 0 1
0 1 0 1 0 1 0 1
=
17 47 30 36 21 43 26 40
32 34 19 45 28 38 23 41
33 31 46 20 37 27 42 24
48 18 35 29 44 22 39 25
49 15 62 4 53 11 58 8
64 2 51 13 60 6 55 9
1 63 14 52 5 59 10 56
16 50 3 61 12 54 7 57
+ 4 + 4
+
+ 3
1 0 1 1 1 0 1 1
0 2 0 1 0 2 0 1
1 0 1 1 1 0 1 1
1 1 0 1 1 1 0 1
h11h9 h10 h12
h13 h14 h4 h3
h15 h2 F2
Figure 5.14: Another construction of Benjamin Franklin’s 8 ×8 square F2.
algebraic dependencies of Hilbert basis elements is IHB(CMn), the toric
ideal of HB(CMn). Consequently, the monomials in the quotient ring
RCMn=k[x1, x2,··· , xr]/IHB(CMn)are in one-to-one correspondence
with magic squares.
Example 5.4.1. For example, in the case of 3 ×3 magic squares,
there are 5 Hilbert basis elements (see Figure 5.7) and hence there are
148
5 variables x1, x2, x3, x4, x5which gets mapped by ϕas follows:
x17→
102
210
021
7→ t11t13
2t21
2t22t32
2t33
x27→
201
012
120
7→ t11
2t13t22 t23
2t31t32
2
x37→
021
210
102
7→ t12
2t13t21
2t22t31 t33
2
x47→
120
012
201
7→ t11t12
2t22t23
2t31
2t33
x57→
111
111
111
7→ t11t12 t13t21t22 t23t31t32 t33
We use the Software CoCoA [16] to compute the toric ideal
IHB (CM3)= (x1x4−x2
5, x2x3−x1x4).
Algorithms to compute toric ideals are provided in Appendix A.
Thus, the monomials in the ring
RCM3=Q[x1, x2, x3, x4, x5]
(x1x4−x2
5, x2x3−x1x4)
are in one-to-one correspondence with the 3 ×3 magic squares.
5.5 Hilbert Functions.
Definition 5.5.1. A module over a ring R(or R-module) is a set M
and a mapping µ:R×M→Msuch that, if we write af for µ(a, f ),
where a∈Rand f∈M, the following axioms are satisfied.
1. Mis an abelian group under addition.
2. For all a∈Rand all f, g ∈M,a(f+g) = af +ag.
149
3. For all a, b ∈Rand all f∈M,(a+b)f) = af +bf.
4. For all a, b ∈Rand all f∈M,(ab)f) = a(bf).
5. If 1is the multiplicative identity in R,1f=ffor all f∈M.
Example 5.5.1. 1. An ideal Iof Ris an R-module. Consequently,
Ritself is an R-module.
2. If Ris a field kthen a R-module is a kvector space.
3. The set of all m×1 column vectors in Rmis a R-module with
component wise addition and scalar multiplication, that is, let
a1, a2, . . . , am, b1, b2, . . . , bm, c ∈R, then
a1
a2
.
.
.
am
+
b1
b2
.
.
.
bm
=
a1+b1
a2+b2
.
.
.
am+bm
, c
a1
a2
.
.
.
am
=
ca1
ca2
.
.
.
cam
.
Let M, N be R-modules. A mapping f:M→Nis an R-module
homomorphism if
f(x+y) = f(x) + f(y)
f(ax) = af(x)
for all a∈Rand all x, y ∈M.
Asubmodule M′of Mis a subgroup of Mwhich is closed under
multiplication by elements of R. The abelian group M/M′inherits a
R-module structure from Mdefined by a(x+M′) = ax +M′. The
R-module M/M′is called a quotient module of M.
Example 5.5.2. If f:M→Nis a R-module homomorphism, the
kernel of fis a submodule of M; the image of f(denoted by Im(f)) is
a submodule of N; the cokernel of f,N/Im(f), is a quotient module
of N.
Agraded ring is a ring Rtogether with a family (Rn)n≥0of sub-
groups of the additive subgroup of Rsuch that R=∞
n=0 Rnand
RmRn⊆Rm+nfor all m, n ≥0. If Ris a graded ring, a graded R-
module is an R-module Mtogether with a family (Mn)n≥0of subgroups
150
of Msuch that M=∞
n=0 Mnand RmMn⊆Mm+nfor all m, n ≥0.
Let xi∈Mbe such that every element of a R-module Mcan be writ-
ten as a finite linear combination of xiwith coefficients in R, then the
xiare said to be a set of generators of M. A R-module is said to be
finitely generated if it has a finite set of generators.
Let RCMn(s) be the set of all homogeneous polynomials of degree s
in the ring RCMn. Then RCMn(s) is a k-vector space, and RCMn(0) = k.
The dimension dimk(RCMn(s)) of RCMn(s) is precisely the number of
monomials of degree sin RCMn. Since R=k[x1, x2, ..., xr] is a graded
Noetherian ring, and RCMnis a finitely generated graded R-module,
RCMncan be decomposed into a direct sum of its graded components
RCMn=RCMn(s). The function H(RCMn, s) = dimk(RCMn(s)) is
the Hilbert function of RCMnand the Hilbert-Poincar´e series of RCMn
is the formal power series
HRCMn(t) = ∞
s=0
H(RCMn, s)ts.
In other words, the Hilbert-Poincare series is the generating function
of the Hilbert function. See Appendix A for a discussion on generating
functions.
If the variables xiof a polynomial ring k[x1, x2, . . . , xr] are as-
signed nonnegative weights wi, then the weighted degree of a monomial
xα1
1···xαr
ris r
i=1 αi·wi. If we take the weight of the variable xito
be the magic sum of the corresponding Hilbert basis element hi, then
dimk(RCMn(s)) is exactly the number of magic squares of magic sum s.
Lemma 5.5.1. Let Mn(s)denote the number of n×nmagic squares
with magic sum s. Let the weight of a variable xiin the ring R=
k[x1, x2, ..., xr]be the magic sum of the corresponding element of the
Hilbert basis hi. With this grading of degrees on the monomials of R,
the number of distinct magic squares of magic sum s,Mn(s), is given
by the value of the Hilbert function H(RCMn, s).
Example 5.5.3. For example, in the case of 3 ×3 magic squares, be-
cause all the elements of the Hilbert basis have sum 3, all the variables
are assigned degree 3, and
M3(s) = H(RCM3, s).
151
A sequence of R-modules and R-homomorphisms
··· −→ Mi−1
fi
−→ Mi
fi+1
−→ Mi+1 −→ ·· ·
is said to be exact at Miif Im(fi) = Ker(fi+1).
Example 5.5.4. 1. The sequence 0 →M′f
→Mis exact if and only
if fis injective.
2. The sequence Mg
→M′′ →0 is exact if and only if gis surjective.
3. The sequence 0 →M′f
→Mg
→M′′ →0 is exact if and only if
fis injective, gis surjective, and ginduces an isomorphism of
Coker(f) = M/f (M′) onto M′′. A sequence of this type is called
ashort exact sequence.
Let Cbe a class of R-modules and let Hbe a function on Cwith
values in Z. The function His called additive if for each short exact
sequence
0−→ M′f
−→ Mg
−→ M′′ −→ 0
in which all the terms belong to C, we have
H(M′)−H(M) + H(M′′) = 0.
Proposition 5.5.1 (proposition 2.11, [7]).Let 0→M0→M1→
··· → Mn→0be an exact sequence of R-modules in which all the
modules Miand the kernels of all the homomorphisms belong to C.
Then for any additive function Hon Cwe have
n
i=0
(−1)iH(Mi) = 0.
Proof. The proof follows because every exact sequence can be split
into short exact sequences: if Ni= Im(fi) = Ker(fi+1), we have short
exact sequences 0 →Ni→Mi→Ni+1 →0 for each i.
Theorem 5.5.1 (Hilbert-Serre Theorem).Let kbe a field, R:= k[x1, x2, ..., xr],
and let x1, x2, ..., xrbe homogeneous of degrees di>0. Let Mbe a
finitely generated R-module. Let Hbe an additive function, then the
152
Hilbert Poincar´e series of M(with respect to H), HM(t)is a rational
function of the form:
HM(t) = p(t)
Πr
i=1(1 −tdi),
where p(t)∈Z[t].
Proof.
Since R:= k[x1, x2, ..., xr] is a graded Noetherian ring, we can write
R=∞
n=0 Rnsuch that RmRn⊆Rm+nfor all m, n ≥0. Let M=
Mn, where Mnare the graded components of M, then Mnis finitely
generated as a R0-module. The proof of the theorem is by induction
on r, the number of generators of Rover R0. Start with r= 0; this
means that Rn= 0 for all n > 0, so that R=R0, and Mis a finitely-
generated R0module, hence Mn= 0 for all large n. Thus HM(t) is a
polynomial in this case. Now suppose r > 0 and the theorem true for
r−1. For any R-module homomorphism ϕof Minto N, we have an
an exact sequence,
0→ker(ϕ)→Mϕ
→N→coker(ϕ)→0,
where ker(ϕ)→Mis the inclusion map and N→coker(ϕ) = N/im(ϕ)
is the natural homomorphism onto the quotient module. Multiplication
by xris an R-module homomorphism of Mninto Mn+dr, hence it gives
an exact sequence, say
0→Kn→Mn
xr
→Mn+dr→Ln+dr→0.(5.3)
Let K=nKn,L=nLn. These are both finitely generated R-
modules and both are annihilated by xr, hence they are R0[x1, . . . , xr−1]-
modules. Applying Hto 5.3 we have
H(Kn)−H(Mn) + H(Mn+dr)−H(Ln+dr) = 0;
multiplying by tn+drand summing with respect to nwe get
(1 −tdr)H(M, t) = H(L, t)−tdrH(K, t) + g(t),
where g(t) is a polynomial. Applying the inductive hypothesis the
result now follows.
153
By invoking the Hilbert-Serre theorem, we conclude that the Hilbert-
Poincar´e series for magic squares is a rational function of the form
HRCMn(t) = p(t)/Πr
i=1(1 −tdegxi), where p(t) belongs to Z[t]. We use
the Software CoCoA [16] to compute Hilbert-Poincar´e series. Algo-
rithms to compute this series are discussed in Appendix A. We also
refer the reader to [1], [7], [10], or [33] for information about the Hilbert-
Poincar´e series.
Example 5.5.5. 1. In the case of 4 ×4 magic squares, the Hilbert-
Poincar´e series is given by
∞
s=0 M4(s)ts=t8+4t7+18t6+36t5+50t4+36t3+18t2+4t+1
(1−t)4(1−t2)4=
1 + 8t+ 48t2+ 200t3+ 675t4+ 1904t5+ 4736t6+ 10608t7+ 21925t8+. . .
Observe that the number of magic squares of magic sum is 0,1,2,3,4, . . .
is 1,8,48,200,675, . . . respectively.
2. Let F8(s) denote the number of 8×8 Franklin squares with magic
sum s, then the Hilbert-Poincar´e series is given by
∞
s=0 F8(s)ts=
{(t36 −t34 + 28 t32 + 33 t30 + 233 t28 + 390 t26 + 947 t24 + 1327 t22 + 1991 t20
+1878 t18 + 1991 t16 + 1327 t14 + 947 t12 + 390 t10 + 233 t8+ 33 t6+ 28 t4
−t2+ 1)}/{(t2−1)7(t6−1)3(t2+ 1)6}
= 1 + 34 t4+ 64 t6+ 483 t8+ 1152 t10 + 4228 t12 + 9792 t14 + 25957 t16 +···
5.6 Ehrhart Polynomials.
A polytope Pis called rational if each vertex of Phas rational coordi-
nates. The dilation of a polytope Pby an integer sis defined to be the
polytope sP={sα :α∈ P} (see Figure 5.15 for an example).
Let i(P, s) denote the number of integer points inside the polytope
sP. If α∈Qm, let den αbe the least positive integer qsuch that
qα ∈Zm.
154
(1,2) (2,2)
(2,1)(1,1)
(2,2) (4,2)
(2,4) (4,4)
Figure 5.15: Dilation of a polytope.
Theorem 5.6.1. Let Pbe a rational convex polytope of dimension
din Rmwith vertex set V. Set F(P, t) = 1 + n≥1i(P, s)ts. Then
F(P, t)is a rational function, which can be written with denominator
α∈V(1 −tden α).
The proof of Theorem 5.6.1 involves Combinatorics and is not in the
scope of this book. We refer the reader to [33] for a proof. To extract
explicit formulas from the generating function we need to define the
concept of quasi-polynomials.
Definition 5.6.1. A function f:N7→ Cis a quasi-polynomial if there
exists an integer N > 0and polynomials f0, f1, ..., fdsuch that
f(n) = fi(n)if n ≡i(modN).
The integer Nis called a quasi-period of f.
For example, the formula for the number of 4 ×4 magic squares of
magic sum sis a quasi-polynomial with quasi-period 2. We now state
some properties of quasi-polynomials.
Proposition 5.6.1. The following conditions on a function f:N7→ C
and integer N > 0are equivalent:
1. fis a quasi-polynomial of quasi-period N.
2. n≥0f(n)xn=P(x)
Q(x),
where P(x)and Q(x)∈C[x], every zero αof Q(x)satisfies αN=
1(provided P(x)/Q(x)has been reduced to lowest terms) and deg
P < deg Q.
155
3. For all n≥0,
f(n) = k
i=1Pi(n)γn
i
where each Piis a polynomial function of nand each γisatisfies
γN
i= 1.The degree of Pi(n)is one less than the multiplicity of the
root γ−1
iin Q(x)provided P(x)/Q(x)has been reduced to lowest
terms.
A proof of Theorem 5.6.1 is given in [33] and is not discussed here be-
cause of its combinatorial nature. Theorem 5.6.1 together with Propo-
sition 5.6.1 imply that i(P, s) is a quasi-polynomial and is generally
called the Ehrhart quasi-polynomial of P. A polytope is called an in-
tegral polytope when all its vertices have integral coordinates. i(P, s) is
a polynomial if Pis an integral polytope (see [33]).
Verify that F(P, t) is the same as HRCMn(t) in Section 5.5. Recall
that the coefficient of tsis the number of magic squares of magic sum
s. This information along with Proposition 5.6.1 enable us to recover
the Hilbert functions M4(s) and F8(s) from their respective Hilbert-
Poincar´e series by interpolation.
Example 5.6.1. 1.
M4(s) =
1
480 s7+7
240 s6+89
480 s5+11
16 s4+779
480 s3+593
240 s2+1051
480 s+13
16 ,
when sis odd,
1
480 s7+7
240 s6+89
480 s5+11
16 s4+49
30 s3+38
15 s2+71
30 s+ 1,
when sis even.
156
2.
F8(s) =
23
627056640 s9+23
17418240 s8+167
6531840 s7+5
15552 s6+2419
933120 s5+1013
77760 s4+701
22680 s3
−359
10206 s2−177967
816480 s+241
17496
if s ≡2 (mod 12) and s̸= 2,
23
627056640 s9+23
17418240 s8+167
6531840 s7+5
15552 s6+581
186624 s5+1823
77760 s4+6127
45360 s3
+10741
20412 s2+113443
102060 s+3211
2187
if s≡4 (mod 12),
23
627056640 s9+23
17418240 s8+167
6531840 s7+5
15552 s6+2419
933120 s5+1013
77760 s4+701
22680 s3
−5
378 s2−3967
10080 s−13
8
if s≡6 (mod 12),
23
627056640 s9+23
17418240 s8+167
6531840 s7+5
15552 s6+581
186624 s5+1823
77760 s4+6127
45360 s3
+11189
20412 s2+167203
102060 s+5771
2187
if s≡8 (mod 12),
23
627056640 s9+23
17418240 s8+167
6531840 s7+5
15552 s6+2419
933120 s5+1013
77760 s4+701
22680 s3
−583
10206 s2−608047
816480 s−20239
17496
if s≡10 (mod 12),
23
627056640 s9+23
17418240 s8+167
6531840 s7+5
15552 s6+581
186624 s5+1823
77760 s4+6127
45360 s3
+431
756 s2+1843
1260 s+ 1
if s≡0 (mod 12),
0
otherwise.
Summary.
To conclude the method to construct and enumerate nonnegative inte-
ger solutions of a linear system of equations Ax =bis as follows:
1. If bis the 0-vector, then
(a) Compute the Hilbert basis H={h1, . . . , hr}of the cone
Ax = 0. The Hilbert basis enables us to construct solutions.
(b) Associate variable yito a Hilbert basis element hi, and com-
pute the toric ideal Iof the Hilbert basis.
157
(c) Compute the Hilbert Poincare series of the ring k[y1, . . . , yr]/I
to enumerate the integer solutions.
(d) Interpolate using the coefficients of the series to get formulas
for the number of nonnegative solutions.
2. If bis not the 0-vector, then introduce a new variable sand solve
the system Ax −bs = 0 using the steps in 1. Set s= 1 in the
solutions of Ax −bs = 0 to get the solutions of Ax =b.
Exercises.
1. Prove Pick’s Theorem: Let Abe the area of a simply closed lat-
tice polygon. Let Bdenote the number of lattice points on the
Polygon edges and Ithe number of points in the interior of the
polygon, then A=I+ 1/2B−1.
2. A labeling of a graph Gis an assignment of a nonnegative integer
to each edge of G. A magic labeling of magic sum rof Gis a
labeling such that for each vertex vof Gthe sum of the labels of
all edges incident to vis the magic sum r(loops are counted as
incident only once). Graphs with a magic labeling are also called
magic graphs. Let Gbe the complete graph on 3 vertices.
(a) Use the methods in this chapter to construct and enumerate
magic labelings of a graph G.
(b) Prove that the perfect matchings of Gare the minimal Hilbert
basis elements of the cone of magic labelings of Gof magic
sum 1. Count the number of perfect matchings of G.
3. Show that the number of 3 ×3 magic squares
M3(s) =
2
9s2+2
3s+ 1 if 3 divides s,
0 otherwise.
158
Chapter 6
Miscellaneous Topics in
Applied Algebra.
If I saw further than other men, it was because I stood on the shoulders
of giants - Isaac Newton.
In this chapter, we look at some miscellaneous applications of the
concepts developed in this book. In the following sections, we count
and generate orthogonal Latin squares, prove the Chinese Remainder
Theorem, encrypt and decrypt messages, and generate error correcting
codes.
6.1 Counting Orthogonal Latin squares.
In 1781 Euler proposed the problem of seating 36 officers of six different
ranks from six different regiments in an array such that each row and
each column contains one officer of each rank and one officer from each
regiment. In this section, we relate this problem to Latin squares.
Definition 6.1.1. A Latin square of order nis an n×narray in which
each one of nsymbols occurs once in each row and once in each column.
We denote the nsymbols as 0,1, . . . , n −1.
Theorem 6.1.1. For each n≥2the n×narray defined by
L(i, j) = i+jmod n
is a Latin square.
159
Proof. Suppose the symbols in positions (i, j ) and (i, j′) are the
same. Then
i+j=L(i, j) = L(i, j ′) = i+j′.
Since Zmcontains an element −i, we add −ito both sides of the above
equation to get j=j′. Hence each symbol occurs at most once in row
i. Consequently, since there are nsymbols and ncolumns, each symbol
occurs exactly once. A similar argument holds for columns. Thus Lis
a Latin square.
Example 6.1.1. By Theorem 6.1.1
L=
012345
123450
234501
345012
450123
501234
is a Latin square of order 6.
Theorem 6.1.1 shows that there is always at least one Latin square
of any given order.
A pair of Latin squares L1and L2of the same order are orthogonal
if for each pair of symbols (k, k′), there is just one position (i, j) for
which
L1(i, j) = kand L2(i, j ) = k′.
Thus, Euler’s problem of seating 36 officers is equivalent to finding
two orthogonal Latin squares L1and L2of order 6, such that L1is
the Latin square with the ranks as symbols, and the symbols of L2are
the regiments. Consequently, when the two squares are superimposed,
the cell (i, j) contains an officer of rank iand from regiment j, thereby
solving the arrangement problem. Euler correctly conjectured there
was no solution to this problem and Gaston Tarry proved this in 1901.
We will show that pairs of orthogonal squares with orders that are
powers of a prime number always exist. Before that we provide an
upper limit to the number of orthogonal squares possible for any order.
Theorem 6.1.2. There cannot exist a set of more than q−1mutually
orthogonal Latin squares of order q.
160
Proof. Suppose there exists a set of mmutually orthogonal Latin
squares of order q. By renaming the symbols we can transform each
square to the standard form such that the initial row is occupied by
the symbols 0,1, . . . , q −1 in order. Thus in each square, the cell (0, j)
contains the symbol j, where 0 ≤j≤q−1. The standardized squares
are mutually orthogonal. Since the cell (0,0) contains the symbol 0,
the symbol in the cell (1,0) must be different from 0 for each of the m
standardized squares. When two different squares are superimposed,
the pair of symbols (j, j) occurs in the cell (0, j). Hence the symbols
in the cell (1,0) of these two squares must be different. Thus the cells
(1,0) of the mstandardized orthogonal Latin squares are occupied by
different nonzero symbols. Since there are only q−1 nonzero symbols,
m≤q−1.
By Corollary 3.4.11, we know that for each positive prime pand
positive integer r, the splitting field of xpr−xis a field of order q=pr.
Denote this field by Fqand its elements by αi.
Theorem 6.1.3. Let q=prsuch that pis a prime number. Take a
q×qsquare Lt, and in the cell (i, j )of this square, put the integer u
given by
αu=αtαi+αj,(6.1)
where αtis a nonzero element of Fq.Ltdefines a Latin square.
Furthermore, when t̸=t′, the Latin squares Ltand Lt′are orthogonal.
There are q−1mutually orthogonal Latin squares of order q.
Proof. To prove that Ltis Latin square, we need to show that the
symbols 0,1, . . . , n −1 occur in each row and column exactly once. In
the row ithe symbol uoccurs in the column jgiven by
αj=αu−αtαi.
In the column jthe symbol uoccurs in the row igiven by
αi=αu−αj
αt
.
Thus Ltis a Latin square. Consequently, we get q−1 Latin squares
from Formula 6.1 corresponding to the nonzero values of αt. Let Lt
and Lt′,t̸=t′, be two of these Latin squares. When superimposed the
161
symbol uof the first square occurs together with the symbol u′of the
second square in the cell (i, j) if and only if
αu=αtαi+αj,
αu′=αt′αi+αj.
Solving these two equations we get
αi=αu−αu′
αt−αt′
, αj=αtαu′−αt′αu
αt−αt′
.
Thus Ltand Lt′are mutually orthogonal Latin squares.
Since there cannot exist a set of more than q−1 mutually orthogonal
Latin squares of order qby Theorem 6.1.2, we have exactly q−1 Latin
squares when qis a power of a prime number.
Example 6.1.2. By Exercise 3.4.8, the four elements of the field F4
are
α0= 0, α1= 1, α2=x, α3=x2=x+ 1.
The three mutually orthogonal Latin squares L1, L2, L3are:
[L1] [L2] [L3]
αu=α1αi+αjαu=α2αi+αjαu=α3αi+αj
0123
1032
2301
3210
,
0 1 2 3
2 3 0 1
3 2 1 0
1 0 3 2
,
0123
3210
1032
2301
.
Corollary 6.1.4. Let pbe a prime number. Let tbe a non-zero element
of Zp. Then the rule
Lt(i, j) = ti +jsuch that i, j ∈Zp
defines a Latin square. Furthermore, when t̸=t′, the Latin squares
Ltand Lt′are orthogonal. There are p−1mutually orthogonal Latin
squares of order p.
Proof. When q=p,Fp=Zp, therefore αu=ti +jin Theorem
6.1.3.
162
Example 6.1.3. When p= 3 the two mutually orthogonal squares are
L1=
012
120
201
, L2=
0 1 2
2 0 1
1 2 0
.
Is it possible to construct orthogonal pairs of Latin squares when q
is not a prime power? We already said that there are no such pairs for
order 6. Bose, Parker, and Shrikande succeeded in constructing a pair
of orthogonal Latin squares for n= 10. Whether there are more such
pairs for order 10 and higher is an open problem in combinatorics. See
[12] for an in-depth study of Latin squares.
6.2 Chinese Remainder Theorem.
The Chinese Remainder Theorem is a famous result in number theory
that was known to Chinese mathematicians in the first century A.D.
The Chinese Remainder Theorem, supposedly, helped bandits divide
their gold coins in ancient China. Let us consider an example.
A band of 17 bandits steal a certain quantity of gold coins. When
they try to evenly distribute the coins amongst themselves, they end
up with 3 left over. A fight breaks out over the remaining coins and
one pirate is killed. The 16 bandits left alive attempt to once again
divide the coins up between themselves. However, this time, there are
10 coins left over. Being the greedy bandits they are, another fight
ensues, and another pirate is killed. Figuring that the third time is a
charm, the 15 remaining bandits try once again to evenly distribute the
coins. This time, they are successful. What is the minimum amount
of coins they could have stolen?
To solve this problem, denote the number of gold coins by x. Then
a solution to the bandit’s problem is a solution of the system of con-
gruence equations
x≡3( mod 17)
x≡10( mod 16)
x≡0( mod 15) (6.2)
We solve such systems of congruence equations using the Chinese
Remainder Theorem.
163
Theorem 6.2.1 (Chinese Remainder Theorem).Let m1, m2, . . . , mrbe
pairwise relatively prime positive integers and let m=m1m2m3···mr.
Let a1, . . . , arbe integers. Consider the system of congruence equations
x≡a1(mod m1)
x≡a2(mod m2)
.
.
.
x≡ar(mod mr).
Let Mk=m/mkand let Mkdenote the inverse of Mkmodulo mk, then
x=a1M1M1+a2M2M2+···+arMrMr
is a unique solution modulo m.
Proof. If j̸=k, then mkdivides Mj. Therefore,
ajMjMj≡0 mod mk,when j̸=k.
Consequently,
x≡akMkMk≡ak·1 = akmod mk.
Hence xis a solution of the system of congruence equations. If zis
any other solution of the system, then for each i= 1,2, . . . , r,
z≡ai( mod mi) and x≡ai( mod mi).
By transitivity z≡x(mod mi). Thus midivides z−xfor each iand
hence m1m2···mrdivides z−x. Hence z≡x(mod m1m2···mr).
Conversely, if z≡x(mod m1m2···mr), then m1m2·· ·mrdivides
z−x. Consequently, since m1, m2,··· , mrare relatively prime num-
bers, midivides z−xfor each i. Hence z≡x(mod mi) for each i.
Consequently, x≡ai(mod mi) implies z≡ai(mod mi), for each i, by
transitivity. Therefore zis a solution of the given system.
Example 6.2.1. We return to the bandits problem.
x≡3(mod 17)
x≡10(mod 16)
x≡0(mod 15) (6.3)
164
Here,
a1= 3, a2= 10, a3= 0, m1= 17, m2= 16, m3= 15, m = 4080,
and
M1= 16 ×15 = 240, M2= 17 ×15 = 255, M3= 17 ×16 = 272.
We need to find the inverse of M1mod m1. Now M1= 240 ≡2
mod 17. Since the gcd(2,17) = 1, we use the Euclid’s algorithm to
write
17 −8×2 = 1.
Reducing this equation modulo 17, we see that the inverse of 2 mod 17
is −8≡9 mod 17. This implies that the inverse of 240 mod 17 is 9,
that is, M1= 9. Similarly, we show that M2= 15 and M3= 8.
By the Chinese Remainder Theorem, we get
x=a1M1M1+a2M2M2+a3M3M3
= 3 ×240 ×9 + 10 ×255 ×15 ×+0 ×272 ×8
= 44730 ≡3930 mod m.
So the minimum number of gold coins stolen by the bandits is 3930.
We illustrate an alternate method of multiplying numbers using the
Chinese remainder Theorem. Every computer has a limit on the size of
integers called the word size. Computer arithmetic with integers larger
than the word size requires time consuming multiprecision techniques.
In such scenarios, the alternate method of addition and multiplication
using the Chinese Remainder Theorem is quite efficient.
Suppose we want to find the product of the numbers t1, t2, . . . , tn.
Let m1, . . . , mrbe pairwise relatively prime positive integers. We
choose m1, . . . , mrsuch that the product of these numbers is larger
than the result we want to derive so that the solution is unique and
the method is well defined. The method proceeds as follows.
1. Represent each integer tkas an element of Zm1×Zm2×·· ·×Zmr
by reducing tkmodulo mifor each i.
2. Represent the product as an element of Zm1×Zm2× ·· · × Zmr
thereby making the product the solution to a system of congru-
ence equations.
165
3. Use the Chinese Remainder Theorem to solve the system.
We illustrate this procedure with an example.
Example 6.2.2. In this example, we multiply the numbers 219 and
172 using Chinese Remainder Theorem. We begin by choosing sev-
eral numbers that are pairwise relatively prime, and are such that the
product of all these numbers are larger than the product of 219 and
172. For this example, we chose 4,7,11,15,13. Next we reduce the two
numbers and their product modulus each prime:
219 ≡3 mod 4
219 ≡2 mod 7
219 ≡10 mod 11
219 ≡11 mod 13
219 ≡9 mod 15
172 ≡0 mod 4
172 ≡4 mod 7
172 ≡7 mod 11
172 ≡3 mod 13
172 ≡7 mod 15
219 ×172 ≡0 mod 4
219 ×172 ≡8≡1 mod 7
219 ×172 ≡70 ≡4 mod 11
219 ×172 ≡33 ≡7 mod 13
219 ×172 ≡63 ≡3 mod 15
In other words, the integer 219 = (3,2,10,11,9) and 172 = (0,4,7,3,7)
in Z4×Z7×Z11 ×Z13 ×Z15. Moreover, 219 ×172 is a solution of the
system
x≡0 mod 4
x≡1 mod 7
x≡4 mod 11
x≡7 mod 13
x≡3 mod 15 (6.4)
We use the Chinese Remainder Theorem to solve this system of
congruences and get x= 37668 as the solution. We know that 219 ×
172 <4×7×11 ×13 = 60060. Also no two numbers between 0
and 60060 can be congruent modulo 60060. Therefore, we must have
219 ×172 = 37668.
The procedure to add large numbers using Chinese Remainder The-
orem is very similar to multiplication and is explored in the exercises.
6.3 Cryptology
Codes have been used since ancient times by friends, merchants, and
armies to transmit secret messages. For example, in Julius Caesar’s
166
coding system, each letter is shifted three letters forward in the alpha-
bet and the last three letters are send to the first three letters.
Message: A B C D E F G H I J K L M N O P
Code: D E F G H I J K L M N O P Q R S
Message: Q R S T U V W X Y Z
Code: T U V W X Y Z A B C
The steps to implement Caesar’s code are as follows.
1. Replace each alphabet by an integer from 0 to 25:
A B C D E F G H I J K L M N O
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14
P Q R S T U V W X Y Z
15 16 17 18 19 20 21 22 23 24 25
2. The Caesar’s encryption is a function ffrom the set of numbers
representing the alphabets of the message to the set of integers
{0,1,2, . . . , 25}, such that, f(p) = p+ 3 mod 26.
Example 6.3.1. In Caesar’s code, the message YOU ARE IN XANADU
is coded as follows.
Y O U A R E I N X A N A D U
p: 24 14 20 0 17 4 8 13 23 0 13 0 3 20
(p+ 3) mod 26 : 1 17 23 3 20 7 11 17 0 3 16 3 6 23
B R X D U H Y R A D Q D G W
Thus, the message YOU ARE IN XANADU becomes BRX DUH YR
ADQDGW.
To decrypt the message, we use the inverse function f−1(y) = y−3
mod 26.
167
Example 6.3.2. Decrypt the message Z HO F RP H.
Code: Z H O F R P H
p: 25 7 14 5 17 15 7
(p−3) mod 26 : 22 4 11 2 14 12 4
Message: W E L C O M E
In the generalized Caesar’s code, ais an integer which is relatively
prime to 26, and the message is encrypted using the function f(p) =
ap +bmod 26, where bis any integer. The choice of aensures that f
has an inverse.
Example 6.3.3. When f(p) = 7p+3 mod 26, the message WELCOME
is coded as
Message: W E L C O M E
p:22 4 11 2 14 12 4
7p+ 3 mod 26 : 1 5 2 17 23 9 5
Code: B F C R X J F
Caesar’s code is easy to break, and is not useful when high security
is desired. In recent times, the coding system developed by R. Rivest,
A. Shamir, and L. Adleman, called the RSA system, is popularly used.
Its security depends on the difficulty of factoring large integers. We
describe this coding system now.
Algorithm 6.3.1 (The RSA Algorithm).
1. Let Mbe the message to be encrypted. Choose two large primes
pand q. Let n=pq and t= (p−1)(q−1). Choose a lock
Lsuch that gcd(L, t) = 1. We also require gcd(M, p) = 1 and
gcd(M, q) = 1 for the algorithm to work. But, since pand qare
very large, this follows automatically.
2. Encrypt the message Mto get the code Cas follows:
C=MLmod n.
3. Determine the key Kwhich is the inverse of Lmod t.
4. Decrypt Cto get Mas follows:
M=CKmod n.
168
Example 6.3.4. Encode HOWDY using the RSA method with p= 3,
q= 11, and L= 3.
Like before we associate integers from the set {0,1, . . . , 25}to the
alphabets of the message:
message: H O W D Y
M: 7 14 22 3 24
Here n=pq = 3times11 = 33. Note that gcd(L, (p−1)(q−1)) = 1.
Hence Lis a valid lock. Compute MLmod n:
73≡13 mod 33
143≡5 mod 33
223≡22 mod 33
33≡27 mod 33
243≡30 mod 33
Consequently, the encrypted code Cis
C: 13 05 22 27 30.
Example 6.3.5. The following message was encoded using the RSA
method with p= 3, q= 11, and L= 3.
18 5 5 27 3 5 1
We now decode the message. Here t= (p−1)(q−1) = 20. The key
Kis the inverse of Lmod t. Since gcd(3,20) = 1, we use the Euclid’s
algorithm to write 1 = 7 ×3−20. Consequently, the inverse of 3 mod
20 is 7, that is, K= 7. Compute CKmod n:
187≡6 mod 33
57≡14 mod 33
277≡3 mod 33
37≡9 mod 33
17≡1 mod 33
C: 18 5 5 27 3 5 1
M: 6 14 14 3 9 14 1
G O O D J O B
Thus the message was GOOD JOB.
169
We could use more than 1 letter blocks to make encryption more
secure. This is explored in the next example.
Example 6.3.6. Encrypt the message STOP using RSA with p= 43,
q= 59, and lock L= 13. Use two letter blocks.
Note that gcd(L, (p−1)(q−1)) = 1, so that Lis a valid lock. Here
n= 43 ×59 = 2537. Hence
C=M13 mod 2537.
The integer representation of STOP is 18,19,14,15. Since we are
using two letter blocks, STOP is represented as 1819,1415. Conse-
quently, STOP is encrypted as 2081 2182, since
181913 mod 2537 = 2081,141513 mod 2537 = 2182.
To prove the RSA Algorithm, we have to look at a theorem known
as Fermat’s Little Theorem.
Theorem 6.3.1 (Fermat’s Little Theorem).If pis a prime and ais
an integer not divisible by p, then
ap−1≡1mod p.
Furthermore, for every integer a,
ap≡amod p.
Proof. If pis a prime and ais an integer not divisible by p, then p
does not divide ka for any ksuch that 0 < k < p. Therefore, each of the
numbers 1,2a, ···,(p−1)amust be congruent to one of 1,2,3, . . . , p−1.
If ra ≡sa mod p, then since gcd(a, p)=1, we get that r≡smod p.
This is not possible because no two of the numbers 1,2, . . . p −1 are
congruent modulo p. Therefore, in some order, a, 2a, . . . , (p−1)aare
congruent to 1,2,3, . . . , p −1, that is,
a·2a·3a···(p−1)a≡1·2· ··(p−1) mod p.
Hence
ap−1·1·2···(p−1) ≡1·2· ··(p−1) mod p.
Since pdoes not divide 1 ·2··· (p−1), we get ap−1≡1 mod p. To
prove that for every integer a,ap≡amod p, first consider the case
170
when pdivides a. Then, pdivides ap−a. Hence ap≡amod p.
Now if pdoes not divide a, then by Fermat’s little Theorem ap−1≡
1 mod p. Multiply the congruence equation on both sides by ato get
ap≡amod p.
Finally, we prove the RSA algorithm.
Proof of the RSA algorithm:
Since gcd(L, (p−1)(q−1)) = 1, the inverse Kof Lmod (p−1)(q−1)
exists and
LK ≡1 mod (p−1)(q−1).
Therefore for some integer t,LK = 1 + t(p−1)(q−1).Now
CK= (ML)K=MLK =M1+t(p−1)(q−1) mod n.
Assume gcd(M, p) = 1 and gcd(M , q) = 1, then by Fermat’s Little
Theorem: Mp−1≡1 mod p,
Mq−1≡1 mod q
Ck≡M1+t(p−1)(q−1) =M·(Mp−1)t(q−1) ≡M·1≡Mmod p.
Ck≡M1+t(p−1)(q−1) =M·(Mq−1)t(p−1) ≡M·1≡Mmod q.
Since gcd(p, q) = 1, we get CK≡Mmod pq by the Chinese remainder
Theorem.
6.4 Algebraic codes.
When a message is transmitted over a long distance there may be some
interference, and the message may not be received exactly as it is sent.
In such cases, we need to be able to detect and, if possible, correct
errors. In this section, we discuss these issues for messages represented
in the binary alphabet {0,1}.
Let B(n) denote the Cartesian product Z2×Z2×Z2× · ·· × Z2of
ncopies of Z2. Verify that with coordinate-wise addition B(n) is an
additive group of order 2n. In this section, the elements of B(n) will be
written as strings of 0’s and 1’s of length n. When B(n) is listed such
that the successor of an n-tuple differs from it in only one position,
then B(n) is called a Gray code of order n. The following algorithm
generates a Gray code of order n.
171
Algorithm 6.4.1 (Gray Code Algorithm).1. The Gray code of or-
der 1 is 0
1
2. Suppose n > 1and the Gray code of order n−1is already con-
structed. To construct the Gray code of order n, we first list the
(n−1)-tuples of 0s and 1s in the order of the Gray code of order
n−1, and attach a 0at the beginning of each (n−1)-tuple. We
then list the (n−1)-tuples in the order which is reverse of that
given by the Gray code of n−1, and attach a 1at the beginning.
Example 6.4.1. Gray code of order 2 is
00
01
11
10
and the Gray code of order 3 is
000
001
011
010
110
111
101
100
We refer the reader to [13] for the connection of Gray codes to unit
cubes and other details.
A code C∈B(n) is linear if whenever aand bare in C, then
a+b∈C. Equivalently, a (n, k)binary linear code Cis a subgroup
of B(n) of order 2k. The elements of Care called codewords. Only
codewords are transmitted, but any element of B(n) can be a received
word.
Example 6.4.2. C={0000,1111}is a (4,1) code since Cis a sub-
group of order 21of the group B(4) = Z2×Z2×Z2×Z2.
172
Definition 6.4.1. The Hamming weight of an element uof B(n)is
the number of nonzero coordinates in u, and it is denoted W t(u).
Example 6.4.3. For the codeword u= 010110, W t(u) = 3, and for
the codeword v= 110110, W t(v) = 4.
Definition 6.4.2. Let u, v ∈B(n). The Hamming distance between
uand v, denoted d(u, v), is the number of coordinates in which uand
vdiffer.
Example 6.4.4. For the codewords u= 010110 and v= 110110, the
Hamming distance d(u, v) = 1.
Lemma 6.4.1. If u, v, w ∈B(n), then d(u, v) = W t(u−v), and
d(u, v)≤d(u, w) + d(w, v).
Proof. A coordinate of u−vis nonzero if and only if uand vdiffer in
that coordinate. So the number of nonzero coordinates in u−v, namely
W t(u−v), is the same as the number of coordinates in which uand
vdiffer. Therefore d(u, v) = W t(u−v). We prove d(u, v)≤d(u, w) +
d(w, v) by proving W t(u−v)≤W t(u−w) + W t(w−v). For this
purpose, suppose that the i-th coordinate of u−v,ui−vi, is nonzero,
and the i-th coordinate of u−w,ui−wi, is zero. Consequently, since
ui=wi,wi−vi, the i-th component of w−vis ui−vi, which is nonzero
by our assumption. Thus (ui−wi)+(wi−vi) is nonzero whenever ui−vi
is nonzero. Therefore W t(u−v)≤W t(u−w) + W t(w−v).
If a codeword uis transmitted and the word wis received, then the
number of errors in the transmission is the Hamming distance d(u, w).
Assuming there are only few transmission errors, a received word is
decoded as the codeword that is nearest to it in Hamming distance
and this process is called nearest-neighbor decoding. A linear code is
said to correct t-errors if every codeword that is transmitted with tor
fewer errors is correctly decoded by nearest-neighbor decoding.
Theorem 6.4.1. A linear code corrects terrors if and only if the Ham-
ming distance between any two codewords is at least 2t+ 1.
Proof. Assume that the distance between any two codewords is at
least 2t+ 1. If the codeword uis transmitted with tor fewer errors
and received as w, then d(u, w)≤t. If vis any other codeword, then
d(u, v)≥2t+ 1 by hypothesis. Therefore by Lemma 6.4.1
2t+ 1 ≤d(u, v)≤d(u, w) + d(w, v)≤t+d(w, v).
173
Subtracting tfrom both sides of 2t+ 1 ≤t+d(w, v), we get d(w, v)≥
t+ 1. Since d(u, w)≤t,uis the closest codeword to w, so the nearest-
neighbor decoding correctly decodes was u. Hence the code corrects
t-errors. The proof of the converse is Exercise 9.
A linear code is said to detect t-errors if it detects that a received
word with at least one and not more than terrors is not a codeword.
Theorem 6.4.2. A linear code detects terrors if and only if the Ham-
ming distance between any two codewords is at least t+ 1.
Proof. Assume that the distance between any two codewords is at
least t+ 1. If the codeword uis transmitted with at least one, but not
more than terrors, and received as w, then
0< d(u, w)≤t, and hence d(u, w)< t + 1.
So wcannot be a codeword. Therefore the code detects terrors. The
proof of the converse is Exercise 10.
Corollary 6.4.3. A linear code detects 2terrors and corrects terrors
if and only if the Hamming weight of every nonzero codeword is at least
2t+ 1.
Proof. Let wbe a nonzero codeword. Since W t(w) = W t(w−0) =
d(w, 0), the minimum hamming distance between any two codewords
is the minimum Hamming weight of all the nonzero codewords. The
proof then follows by Theorems 6.4.1 and 6.4.2.
Ak×nstandard generator matrix is a k×nmatrix Gwith entries
in Z2of the form
100··· 0 0 a11 ··· a1n−k
010··· 0 0 a21 ··· a2n−k
.
.
..
.
..
.
..
.
..
.
..
.
..
.
.
000··· 1 0 a(k−1)1 ··· a(k−1)n−k
000··· 0 1 ak1· ·· akn−k
= [Ik|A]
where Ikis the k×kidentity matrix and Ais a k×(n−k) matrix.
Example 6.4.5. The 3 ×6 matrix
G=
100011
010101
001110
is a generator matrix.
174
Theorem 6.4.4. If Gis a k×nstandard generator matrix, then
{uG|u∈B(k)}is a (n, k)code.
Proof. Define a function f:B(k)→B(n) by f(u) = uG. Since
f(u+v) = (u+v)G=uG +vG =f(u) + f(v),
fis a homomorphism of groups. Verify that the first k-coordinates
of uand uG are the same. Therefore fis injective. Consequently
Im fis isomorphic to B(k) and hence has order 2k. Therefore Im
f={uG|u∈B(k)}is a (n, k) code.
Example 6.4.6. Suppose we want to code the message “Hello World”,
then we choose B(3) because this group is sufficient to represent all the
letters in our message.
Symbols Message words
Blank space
H
E
L
0
W
R
D
000
001
011
010
110
111
101
100
We use the matrix Gin Example 6.4.5 to generate a (6,3) code.
For example, Let u= 011, then
uG =011
100011
010101
001110
=0 1 1 0 1 1 .
175
Operating with Gon all the message words in B(3), we get
Message words Codewords
000
001
011
010
110
111
101
100
000000
001110
011011
010101
110110
111000
101101
100011
Since all the code words have Hamming weight at least 3, this code
can correct single errors. The message “Hello World” will be coded as
001110 H
011011 E
010101 L
010101 L
110110 0
000000
111000 W
110110 O
101101 R
010101 L
100011 D
For (n, k) codes with large k, brute force method of searching for
the nearest neighbor is impractical. So we develop more systematic
decoding techniques. We now look at a decoding technique based on
the cosets of the code C. We form a coset decoding table. Its rows
are the cosets of C, with Citself as the first row. A coset leader of a
coset is an element of the smallest weight in the coset. Each row of
the decoding table is of the form e+C, where eis the coset leader.
The coset leader is always listed first in the row. The decoding rule is:
decode a received word was the codeword at the top of the column in
which wappears.
Example 6.4.7. Consider the (6,3) code from Example 6.4.6:
C={000000,001110,011011,010101,110110,111000,101101,100011}.
176
Then the coset decoding table of Cis
000000 001110 011011 010101 110110 111000 101101 100011
100000 101110 111011 110101 010110 011000 001101 000011
010000 011110 001011 000101 100110 101000 111101 110011
001000 000110 010011 011101 111110 110000 100101 101011
000100 001010 011111 010001 110010 111100 101001 100111
000010 001100 011001 010111 110100 111010 101111 100001
000001 001111 011010 010100 110111 111001 101100 100010
101010 100100 110001 111111 011100 010010 000111 001001
The received words 011110 (third row) is decoded as 001110, the
word 101000 (again third row) is decoded as 111000, whereas the word
111111 (eighth row) is decoded as 010101 using the decoding rule.
We prove in the next theorem that a coset decoding is the nearest
neighbor decoding.
Theorem 6.4.5. Let Cbe an (n, k)code. The decoding for Cusing
its coset decoding table is nearest neighbor decoding.
Proof. If w∈B(n), then w=e+v, where eis a coset leader and v
is a codeword at the top of the column containing w. Coset decoding
decodes was v. Therefore, we must show that vis nearest to w. If
u∈Cis any other codeword, then w−uis an element of w+C. But
w+C=e+C, because e=w−v∈w+C. By construction, the coset
leader ehas the smallest weight in its coset, so W t(w−u)≥W t(e).
Therefore, by Lemma 6.4.1
d(w, u) = W t(w−u)≥W t(e) = W t(w−v) = d(w, v).
Thus vis the nearest codeword to w.
Again when nis large, the coset decoding tables are difficult to
construct. So we discuss other methods. For an (n, k) code with k×n
standard generator matrix G= [Ik|A], the parity-check matrix of the
code is the n×(n−k) matrix H=A
In−k.
Example 6.4.8. For the standard generator matrix Gin Example
177
6.4.5, the parity matrix
H=
011
101
110
100
010
001
Theorem 6.4.6. Let Cbe an (n, k)code with standard generator ma-
trix Gand parity-check matrix H. Then an element win B(n)is a
codeword if and only if wH = 0.
Proof. Define a function f:B(n)→B(n−k) by f(w) = wH.
Verify that fis a homomorphism. Let Kbe the kernel of f. Note that
w∈Kif and only if wH = 0. We can prove the theorem if we show
that K=C. By the definition of the generator matrix, every element
of Cis of the form uG for some u∈B(k). But (uG)H=u(GH)=0
because GH is the zero matrix by Exercise 11. Therefore C⊆K. Since
Cis a group of order 2k, it suffices to show that order of Kis also 2k
to conclude that C=K.fis surjective because if v=v1v2·· ·vn−k∈
B(n−k), then v=f(u), where u= 000 · ··0v1v2vn−k∈B(n). Applying
the First Isomorphism Theorem we get B(n−k)∼
=B(n)/K. By
Lagrange’s Theorem 4.4.1
2n=|B(n)|=|K||B(n) : K|=|K||B(n)/K|
=|K||B(n−k)|=|K|2n−k.
Dividing the first and last terms of this equation by 2n−kwe get |K|=
2k.
Corollary 6.4.7. Let Cbe a linear code with parity-check matrix H
and let u, v ∈B(n). Then uand vare in the same coset of Cif and
only if uH =vH.
Proof. By Theorem 6.4.6 u−v∈Cif and only if (u−v)H= 0 if
and only if uH =vH.
If w∈B(n), then wH is called the syndrome of w. We now describe
a procedure for decoding called syndrome decoding.
Algorithm 6.4.2 (Syndrome Decoding).1. If wis a received word,
compute the syndrome wH of w.
178
2. Find the coset leader ewith the same syndrome (that is eH =
wH).
3. Decode was w−e.
Example 6.4.9. The Syndrome table for a (6,3) code is given below.
Syndrome 000 011 101 110 100 010 001 111
Coset Leader 000000 100000 010000 001000 000100 000010 000001 101010
For the received word w= 010111, the syndrome wH = 010 corre-
sponds to coset e= 000010. Therefore wis decoded as the codeword
w−e= 010101. So instead of the entire coset table, we need only the
coset leaders in the syndrome decoding technique.
For correcting only single errors the parity check matrix decoding,
which we describe next, is the best method because there is no need to
compute cosets or find coset leaders.
Algorithm 6.4.3 (Parity check matrix decoding).1. If wis the re-
ceived word, compute its syndrome wH.
2. If wH = 0, decode was w.
3. If wH ̸= 0, and wH is the ith row of H, then decode was w−ei,
where eiis a vector such that the i-th entry of eiis 1and all other
entries of eiare zero.
4. If wH ̸= 0 and wH is not a row of H, do not decode and request
a re-transmission.
Example 6.4.10. Consider the (6,3) code with the Parity matrix H
in Example 6.4.8. The syndrome of the received word w= 011111 is
wH =0 1 1 1 1 1
011
101
110
100
010
001
= 100,
which is the fourth row of H. Therefore the wis decoded as w−
(000100) = 011011.
179
For the received word v= 101010, the syndrome of vis
vH =101010
011
101
110
100
010
001
= 111.
Since vH is not a row of H,vis not decoded and a re-transmission
is requested.
The next theorem proves that the Parity check matrix decoding
corrects single error.
Theorem 6.4.8. Let Cbe a linear code with parity-check matrix H.
If every row of His nonzero and no two are the same, then the parity
check decoding corrects all single errors.
Proof. By Corollary 6.4.3, to prove that the code corrects one error,
we need to show that the minimum weight of the codewords wmin ≥3.
Suppose Ccontains a codeword uwith wt(u) = 1. Then uhas just one
bit equal to 1, suppose it is in the position i. Since uH is the i-th row of
H, the condition uH = 0 implies the i-th row of Hconsists entirely of
zeroes. This contradicts our assumption. Hence Ccontains no words
of weight 1. Suppose Ccontains a codeword vwith W t(v) = 2, then v
has a 1 in the positions iand jonly. Let hi, hjdenote the i-th and j-th
row of H. Then vH =hi+hj. The condition vH = 0 implies hi=hj
which contradicts the hypothesis. Hence Ccontains no words of weight
less than or equal to 2. When a codeword uis transmitted with exactly
one error in coordinate iand received as w, then w−u=ei. Hence
ei=w−u∈w+C, so eimust be the coset leader for w. Therefore w
is correctly decoded as w−ei=u.
Let a word aof length nbe denoted by a0a1,··· an−1. A code Cis
said to be cyclic if it is a linear code and if
a0a1. . . an−1implies an−1a0a1. . . an−2∈C.
Cyclic codes are popular because it is possible to implement these codes
using simple devices known as shift registers. Moreover, cyclic codes
can be constructed and investigated by means of rings and polynomials.
180
The word ˆa=an−1a0a1. . . an−2is the first cyclic shift of the word
a. If Cis a cyclic code then the words obtained by performing any
number of cyclic shifts on aare also in C.
The key to the algebraic treatment of cyclic codes is the correspon-
dence between the words and polynomials which is given in the next
theorem.
Theorem 6.4.9. The function f:Z2[x]/(xn−1) →B(n)given by
f(a0+a1x+··· +an−1xn−1) = a0a1·· ·an−1is an isomorphism as
additive groups.
The proof of Theorem 6.4.9 is left as an exercise.
In this correspondence, the first cyclic shift f(1)(x) of a polynomial
f(x) = a0+a1x+· ·· +an−1xn−1is
f(1)(x) = an−1+a0x+···+an−2xn−1
=x(ao+a1x+· ·· +an−1xn−1)−an−1(xn−1)
=xf(x)−an−1(xn−1).
Thus f(1)(x)≡xf(x) mod (xn−1). Let R(n) denote the ring
Z2[x]/ < (xn−1) >, then this fact leads to the following theorem.
Theorem 6.4.10. A code Cin B(n)is cyclic if and only if it corre-
sponds to an ideal ICin R(n).
Proof. Since ICcorresponds to a linear code, if a(x), b(x)∈IC, then
a(x) + b(x)∈IC. Since xia(x) represent successive cyclic shifts of a(x),
xia(x)∈IC. Any polynomial p(x)∈R(n) is the sum of the number of
powers of xi. Since ICis linear, p(x)a(x)∈IC. Hence ICis an ideal by
Proposition 1.3.1.
Conversely, if ICis an ideal, then by definition, if a(x), b(x)∈IC,
then a(x) + b(x)∈IC. Hence ICrepresents a linear code. Moreover,
since ICis an ideal, xa(x)∈IC, which implies Cis a cyclic code.
Observe that if f(x)∈R(n), then deg f(x)< n, by definition.
Example 6.4.11. Let f(x) = 1 + x+x2∈Z2[x]/ < (x3−1) >,
then a cyclic code corresponding to the ideal < f (x)>is generated as
181
described below.
p(x)p(x)f(x) mod(x3−1) Word
0 0 000
1 1 + x+x2111
x1 + x+x2111
1 + x0 000
x21 + x+x2111
x2+ 1 0 000
x2+x0 000
x2+x+ 1 1 + x+x2111
The ideal <1 + x+x2>has only two elements {0,1 + x+x2}in
R(3) = Z2[x]/ < (x3−1) >, and the corresponding code
C={000,111}.
Theorem 6.4.11. Let Cbe a cyclic code and let ICbe its corresponding
ideal in R(n). Then there is a polynomial f(x)∈R(n)such that IC=<
f(x)>.
Proof. If Cis the trivial code, then ICcontains only the zero polyno-
mial, hence IC=<0>. If not, then ICcontains a non-zero polynomial
f(x) of least degree. Suppose g(x) is any element of IC, then by the
Division Algorithm, we have
g(x) = q(x)f(x) + r(x)
where either degree of r(x) is less than degree of f(x) or r(x) = 0.
Because both f(x) and g(x) are in IC, and since ICis an ideal, it
follows that
q(x)f(x)−g(x) = r(x)∈IC.
Consequently, r(x) = 0, since f(x) is a polynomial of least degree in
IC. Recall that the zero polynomial has no degree. Thus
IC=< f(x)> .
In general, a cyclic code Cgenerated by < f(x)>will have many
generators, but only one of them will have the least degree (Exercise
14). We shall refer to the unique polynomial as the canonical generator
of C.
182
Theorem 6.4.12. The canonical generator f(x)of a cyclic code Cin
B(n)is a divisor of xn−1in Z2[x].
Proof. Using the division algorithm for Z2[x], we get
xn−1 = f(x)h(x) + r(x),
such that either r(x) = 0 or the degree of r(x) is less than f(x).
Consequently, since xn−1 = 0, r(x) = f(x)h(x) in Z2[x]/ < (xn−1) >.
Thus r(x)∈< f(x)>which contradicts the fact that f(x) has the least
degree in Cunless r(x) = 0. Therefore xn−1 = f(x)h(x) in Z2[x],
that is f(x) divides xn−1.
Example 6.4.12. The generator 1 + x+x2of the code Cin Example
6.4.11 is a canonical generator because
x3−1 = (1 + x)(1 + x+x2).
Theorem 6.4.13. Let Cbe a cyclic code and let IC=< f(x)>, where
f(x)is a canonical generator of C. Let xn−1 = f(x)h(x), where
h=h0+h1x+···hkxk, and let
HT=
hkhk−1hk−2··· h00 0 ·· · 0
0hkhk−1··· h1h00·· · 0
0 0 hk·· · h2h1h0··· 0
.
.
..
.
..
.
..
.
..
.
..
.
.
0 0 0 ··· hkhk−1hk−2··· h0
Then His a parity check matrix for C.
Proof. Let p(x) = fx)g(x) be any element of IC, where
g(x) = g0+g1x+···+gn−1xn−1.
Multiplying both sides by f(x) we get
p(x) = g0f(x) + g1xf(x) + ·· · +gn−1xn−1f(x).
Let pbe the word in Ccorresponding to p(x). Then
p=g0f+g1f(1) +· ·· +gn−1f(n−1),(6.5)
where f(i)denotes the i-th cyclic shift of the word corresponding to f.
183
If His a parity check matrix, then pH = 0 for every p∈C. Conse-
quently, by Equation 6.5, it is sufficient to prove that f(i)H= 0 for 0 ≤
i≤n−1. Equating the coefficients of the equation xn−1 = f(x)h(x),
we get
f0h1+f1h0= 0 (coefficient of x)
f0h2+f1h1+f2h0= 0 (coefficient of x2)
.
.
.
fn−k−1hk+fn−khk−1= 0 (coefficient of xn−1)
Also since the coefficients of 1 and xnare both 1, we get
f0h0+fn−khk= 0.
Since the degree of h(x) is kand degree of f(x) is n−k, the coefficients
hk+1, . . . , hn−1and fn−k+1,··· , fn−1are all zero. Hence the above n
equations can be written as
hkfn−k+j+hk−1fn−k+j+1 +· ·· +h0fn+j= 0,
where j= 0,1, . . . , n −1. For suitable values of j, these are precisely
the expressions which occur in the evaluation of f(i)H. Hence f(i)H=
0.
Thus to describe the cyclic codes of length nwe must find the factors
of xn−1 in Z2[x].
Example 6.4.13. Consider cyclic codes of length 7. Recall that x8−x
is the product of all irreducible polynomials of degrees that divide 3
(see Exercise 31, Chapter 3). Therefore
x7−1 = (1 + x)(1 + x+x3)(1 + x2+x3).
The equation shows that there are just eight divisors of x7−1 in Z2[x]:
they are the trivial divisors 1 and x7−1 together with
1 + x, 1 + x+x3,1 + x2+x3,
(1 + x)(1 + x+x3),(1 + x)(1 + x2+x3),(1 + x+x3)(1 + x2+x3).
Each of these divisors generate a cyclic code and these are the only
cyclic codes of length 7.
184
If C=< f(x) = (1 + x+x3)>, then h(x) = (1 + x)(1 + x2+x3) =
1 + x+x2+x4. Hence
HT=
1110100
0111010
0011101
.
Let w= 1101000 be the codeword corresponding to f(x) = 1 + x+
x3, then
wH =1101000
100
110
111
011
101
010
001
=0000000.
Theorem 6.4.14. A cyclic code of length nand designed distance 2t+1
corrects terrors.
The proof of this theorem is not in the scope of this book. The
reader may refer to [31] for more about cyclic codes.
Exercises.
1. List all the mutually orthogonal Latin squares of orders 5,7,8,
and 9.
2. Let f1(x), f2(x), . . . fk(x)∈Z[x] be polynomials of the same de-
gree d. Let n1, n2, . . . , nkbe integers which are relatively prime
in pairs (i.e (ni, nj) = 1 for all i̸=j). Prove that there exists a
polynomial f(x)∈Z[x] of degree such that
f(x)≡f1(x)( mod n1)
f(x)≡f2(x)( mod n2)
.
.
.
f(x)≡fk(x)( mod nk)
3. Solve the system of congruence equations given below.
185
(a)
x≡2(mod 3)
x≡3(mod 5)
x≡2(mod 7)
(b)
x≡3(mod 4)
x≡6(mod 7)
x≡6(mod 11)
x≡1(mod 13)
4. Use the Chinese Remainder Theorem to add the numbers 219 and
172.
5. Bill Gates decided to donate some computers to M University. He
decided to divide the computers equally among the 5 important
departments. But there were 2 computers left. Then, he decided
to divide it equally among 6 departments. Again, there were 2
computers left. Next, he divided it equally among 7 departments.
Lo and behold, again, there were two computers left. Finally, he
decided to divide the computers among all the 11 departments.
And Vow! No computers were left. Find the number of computers
Bill Gates is planning to donate.
6. Decode the message
47 15 20 49 23 1
which was encoded using the RSA algorithm with the prime num-
bers p= 5, q= 13, and the lock L= 11.
7. Decode the message
349 447 202 349 107 591 536
which was encoded using the RSA algorithm with the prime num-
bers p= 23, q= 31, and the lock L= 233.
8. Decode the message
61 60 112 22 25 80 123
which was encoded using the RSA algorithm with the prime num-
bers p= 7, q= 23, and the lock L= 61.
186
9. Prove that if a code corrects terrors, then the Hamming distance
between any two codewords is at least 2t+ 1 (Hint: If u, v are
codewords and d(u, v)≤2t, construct a word wthat differs from
uin exactly tcoordinates and from vin tor fewer coordinates).
10. Prove that if a code detects terrors, then the Hamming distance
between any two codewords is at least t+ 1.
11. If G= [Ik|A] is the standard generator matrix for a linear code
and H=A
In−kis its parity check matrix, then prove that GH
is the zero matrix.
12. Prove that the ideal <1 + x2>has four elements in Z2/(x3−1).
13. Prove that the function f:Z2[x]/(xn−1) →B(n) given by
f(a0+a1x+···+an−1xn−1) = a0a1···an−1is an isomorphism as
additive groups.
14. Show that the canonical generator of a cyclic code is unique.
15. What is the number of cyclic codes of length 15?
16. Describe the cyclic code of length 15 generated by the polynomial
1 + x+x2.
17. What is the number of cyclic codes of length 31?
187
188
Appendix A
I examined my own heart and discovered that I would not care to be
happy on condition of being an imbecile - Voltaire.
A.1 The Euclidean Algorithm.
Definition A.1.1. Let aand bbe integers, not both 0. The greatest
common divisor (gcd) of aand bis the largest integer dthat divides
both aand b. In other words, dis the gcd of aand bprovided that
1. ddivides aand ddivides b
2. if cdivides aand cdivides b, then c≤d.
The greatest common divisor of aand bis denoted by (a, b).
Theorem A.1.1. Let aand bbe integers, not both 0and let dbe the
greatest common divisor. Then there exist integers uand vsuch that
d=au +bv.
Proof. Let S={am +bn ∈Z:m, n ∈Z}.Sis nonempty
because a2+b2=aa +bb ∈S. Moreover, since both aand bare
not simultaneously zero, a2+b2>0. Therefore, Scontains positive
integers. Let dbe the smallest positive integer in S, then dis of the
form d=au +bv for some integers uand v. We will prove that dis the
gcd of aand b. Divide aby dto write a=dq +r, such that q, r ∈Z
and 0 ≤r < d. Consequently,
r=a−dq =a−(au +bv)q=a(1 −uq) + b(−vq).
Thus ris an integer combination of aand b, therefore r∈S. Con-
sequently, the condition 0 ≤r < d, and the fact that dis the smallest
189
positive integer in Simplies r= 0. Thus, ddivides a. A similar argu-
ment proves that ddivides b. Hence dis a common divisor of aand b.
Let cbe any other common divisor of aand b. Then a=cr and b=cs
for some integers rand s. Therefore
d=au +bv = (cr)u+ (cs)v=c(ru +sv).
Therefore cdivides d. Hence c≤ |d|. Since dis positive |d|=d. Hence
c≤d. Therefore dis the gcd of aand b.
Lemma A.1.1. If a, b, q, r ∈Zand a=bq +r, then (a, b) = (b, r).
Proof. If cis a common divisor of aand b, then a=cs and b=ct
for some s, t ∈Z. Consequently,
r=a−bq =cs −(ct)q=c(s−tq).
Hence cdivides r, which implies that cis also a common divisor of b
and r. Conversely, if eis a common divisor of band r, then b=ex and
r=ey for some x, y ∈Z. Then
a=bq +r= (ex)q+ey =e(xq +y).
Thus edivides a, so that eis a common divisor of aand b. Thus
the set Sof common divisors of aand bis the same as the set Tof
common divisors of band r. Hence the largest element in S, namely
(a, b), is the same as the largest element in T, namely (b, r).
Theorem A.1.2. [The Euclidean Algorithm] Let aand bbe positive
integers with a≥b. If bdivides a, then (a, b) = b. If bdoes not divide
a, then apply the division algorithm repeatedly as follows:
a=bq0+r0,0< r0< b
b=r0q1+r1,0≤r1< r0
r0=r1q2+r2,0≤r2< r1
r1=r2q3+r3,0≤r3< r2
r2=r3q4+r4,0≤r4< r3
.
.
.
The process ends when a remainder 0is obtained. This must occur
after a finite number of steps because the sequence ristrictly decreases.
That is, for some integer t
rt−2=rt−1qt+rt,0< rt< rt−1
rt−1=rtqt+1 + 0
190
The last nonzero remainder rtis the greatest common divisor of aand
b.
Proof. If bdivides a, then a=bq + 0, so that (a, b) = (b, 0) = b
by Lemma A.1.1. If ais not divisible by b, then apply Lemma A.1.1
repeatedly to each division to get
(a, b) = (b, r0) = (r0, r1) = ···= (rt−1, rt) = (rt,0) = rt.
Example A.1.1. In this example, we compute (312,272) using Eu-
clid’s Algorithm.
312 = 272 ×1 + 40 (A.1)
272 = 40 ×6 + 32 (A.2)
40 = 32 ×1 + 8 (A.3)
32 = 8 ×4+0
Thus (312,272) = 8. We use back substitution to write 8 as an
integer combination of 312 and 272 as follows.
8 = 40 −32 ×1 (by Equation A.3)
= 40 −32
= 40 −(272 −40 ×6) (by Equation A.2)
= 7 ×40 −272
= 7(312 −272) −272 (by Equation A.1)
= 7 ×312 −8×272
Thus, we write 8 = 7 ×312 −8×272.
The Euclidean algorithm carries over to k[x], where kis a field.
Definition A.1.2. Let kbe a field and f(x), g(x)∈k[x], not both zero.
The greatest common divisor (gcd) of f(x)and g(x)is the monic
polynomial d(x)of highest degree that divides both f(x)and g(x).
Example A.1.2. Consider the polynomials
f=x4−15x3+ 73x2−129x+ 70,
g= 2x3−9x2+ 13x−6.
191
Apply the Euclidean Algorithm:
f=g1
2x−21
4+77
4x2−231
4x+77
2
g=77
4x2−231
4x+77
28
77 x−12
77 + 0
Hence, the last non zero remainder is 77
4x2−231
4x+77
2. Since the
gcd of fand gis a monic polynomial, we multiply this remainder by
(4/77) to get:
(f, g) = 4
77 77
4x2−231
4x+77
2=x2−3x+ 2.
A.2 Polynomial irreducibility.
In this section, we list a few results (without proof) that help us deter-
mine irreducibility of a polynomial. The interested reader can refer to
[24] for proofs of the results presented in this section.
Theorem A.2.1 (The Remainder Theorem).Let kbe a field, f(x)∈
k[x], and a∈k. The remainder when f(x)is divided by the polynomial
x−ais f(a).
Example A.2.1. Consider the polynomial f(x) = x3−8x2+x+ 42.
The remainder, when f(x) is divided by (x+2), is 0, but the remainder,
when f(x) is divided by x−2, is 20. Verify that f(−2) = 0 and
f(2) = 20.
Theorem A.2.2 (The Factor Theorem).Let kbe a field, f(x)∈k[x],
and a∈k. Then ais a root of the polynomial f(x)if and only if x−a
is a factor of f(x)∈k[x].
Example A.2.2. x+ 2 is a factor of the polynomial f(x) = x3−8x2+
x+ 42. Hence −2 is a root of f(x).
Corollary A.2.3. Let kbe a field and f(x)a nonzero polynomial of
degree nin k[x]. Then f(x)has at most nroots in k.
Corollary A.2.4. Let kbe a field and f(x)∈k[x], with deg f(x)≥2.
1. If f(x)is irreducible in k[x], then f(x)has no roots in k.
192
2. If f(x)has degree 2or 3and has no roots in kthen f(x)is
irreducible in k[x].
Example A.2.3. To show that x3+x+ 1 is irreducible in Z5[x], you
need only verify that none of 0,1,2,3,4∈Z5is a root.
Theorem A.2.5 (Rational Root Test).Let f(x) = anxn+an−1xn−1+
···+a1x+a0be a polynomial with integer coefficients. If r̸= 0 and the
rational number r/s (in lowest terms) is a root of f(x), then rdivides
a0and sdivides an.
Example A.2.4. Consider the polynomial f(x)=4x4−12x3+x2−
4x+ 3. By Theorem A.2.5, r/s is a root of f(x) if and only rdivides
3 and sdivides 4. Therefore r=±1,±3 and s=±1,±2,±4. So the
possible roots of f(x) are
1,−1,3,−3,1
2,−1
2,3
2,−3
2,1
4,−1
4,3
4,−3
4.
We substitute each of these values in f(x), and we find that only
f(1/2) = 0 and f(3) = 0. So these are the only roots of f(x) in this
list. By the Factor Theorem A.2.2, (x−3) and (x−1/2) are factors of
f(x). Verify with long division that
f(x) = 2(x−1
2)(x−3)(2x2+x+ 1).
Theorem A.2.6 (Eisenstein’s Criterion).Let f(x) = anxn+an−1xn−1+
···+a1x+a0be a nonconstant polynomial with integer coefficients. If
there is a prime psuch that pdivides each of a0, a1, . . . , an−1but pdoes
not divide anand p2does not divide a0, then f(x)is irreducible in Q[x].
Example A.2.5. 1. The polynomial x7+ 6x5−15x4+ 3x2−9x+ 12
is irreducible in Q[x] by Eisenstein’s criterion with p= 3.
2. The polynomial xn+ 5 is irreducible in Q[x] for each n≥1 by
Eisenstein’s criterion with p= 5. Thus there are irreducible poly-
nomials of every degree in Q[x].
Finally, we discuss irreducible polynomials in R[x] and C[x].
Theorem A.2.7. A polynomial f(x)is irreducible in R[x], if and only
if, f(x)is a first-degree polynomial or
f(x) = ax2+bx +cwith b2−4ac < 0.
193
Theorem A.2.8. A polynomial is irreducible in C[x], if and only if,
it has degree 1.
A.3 Generating Functions.
Let h0, h1, . . . , hn, . . . be an infinite sequence of numbers. Its generating
function is defined to be the infinite series
g(x) = h0+h1x+h2x2+· ·· +hnxn+···
Example A.3.1. 1. The generating function of the infinite sequence
1,1,1, . . . , 1, . . .
is
g(x) = 1 + x+x2+···+xn+···
g(x) is a geometric series and hence
g(x) = 1
1−x,for |x|<1.
2. Similarly, the generating function of 1,−1,1,−1, . . . , (−1)n, . . . is
1
1 + x= 1 −x+x2−x3+· · · + (−1)nxn+. . .
3. The generating function of 1,1
1! ,1
2! , . . . 1
n!, . . . is
ex= 1 + 1
1!x+1
2!x2+·· · +1
n!xn+. . .
Proposition A.3.1. There are n+r−1
rr-combinations from a set with
nelements when repetition of elements is allowed.
Proof. Each rcombination of a set with nelements can be rep-
resented by a list of n−1 bars and rstars. The number of ways of
choosing rpositions to place rstars from the n+r−1 possible positions
is n+r−1
r=n+r−1
n−1.
194
Example A.3.2. How many ways are there to select five bills from a
cash box containing $1 bills, $2 bills, $5 bills, $10 bills, $20 bills, $50
bills, and $ 100 bills?
Imagine a cash box with 7 compartments. Selecting five bills corre-
$1$100 $50 $20 $10 $5 $2
sponds to placing 5 stars and 6 dividers between them. For example,
we choose one 50 dollar bill and 4 one dollar bills as shown below. Thus
** ***
the number of ways of selecting five bills is the same as the number
of selecting five positions to place five stars among the 11 possible po-
sitions. Thus there are 11
5ways to choose five bills from a cash box
with seven types of bills.
Example A.3.3. How many solutions does the equation
x1+x2+x3= 11
have, where x1, x2and x3are nonnegative integers?
A solution corresponds to choosing 11 items of 3 types with x1items
of the first type, x2items of the second type, and x3items of the third
type. Hence the answer is
11 + 3 −1
11 =13
11=13
2= 78.
Example A.3.4. Example: How many solutions does the equation
x1+x2+x3= 11
have, where x1≥1, x2≥2, and x3≥3?
Like before, a solution corresponds to choosing 11 items of the 3
types, but now x1≥1, x2≥2, and x3≥3. So choose 1 item of the
195
first type, 2 items of the second type, and 3 items of the third type.
Then the remaining 5 items can be chosen in
5+3−1
5=7
5=7
2= 21.
Consider the sequence h0, h1, h2. . . , hn, . . . where hnequals the
number of nonnegative integral solutions of
x1+x2+· ·· +xk=n.
Then by the above argument of sticks and stars, we have
hn=n+k−1
n,(n≥0).
Proposition A.3.2. The generating function of hnis
g(x) = ∞
n=0n+k−1
nxn.
Proof. We will first show that
1
(1 −x)k=∞
n=0n+k−1
nxn.
Observe that
1
(1−x)k=1
1−x×1
1−x× · ·· × 1
1−x(kfactors)
= (1 + x+x2+··· )(1 + x+x2+···)·· ·
···(1 + x+x2+· ··)
=∞
x1=0 xx1∞
x2=0 xx2···∞
xk=0 xxk.
Now xx1xx2···xxk=xnprovided x1+x2+··· +xk=n.
Thus the coefficient of xnequals the number of nonnegative integral
solutions of this equation, that is n+k−1
n. Consequently,
g(x) = 1
(1 −x)k=∞
n=0n+k−1
nxn.
196
Example A.3.5. Determine the number of ways of making ncents
with pennies, nickels, dimes, quarters, and half-dollar pieces.
Answer: The number hnequals the number of nonnegative integral
solutions of the equation
x1+ 5x2+ 10x3+ 25x4+ 50x5=n.
We create one factor for each type of coin, where the exponents are
the allowable numbers in the n-combinations for that type of coin.The
generating function is
g(x) = (1 + x+x2+· ··)(1 + x5+x10 +· ··)(1 + x10 +x20 +. . . )×
(1 + x25 +x50 +. . . )(1 + x50 +x100 +...)
=1
1−x
1
1−x5
1
1−x10
1
1−x25
1
1−x50
We can use Maple to expand this generating function using the
following command.
series((1/(1-x))*(1/(1-x^5))*(1/(1-x^10))*(1/(1-x^25))*(1/(1-x^50)),x=0,50);
A.4 Algorithms to compute Hilbert bases.
We describe an algorithm to compute the Hilbert basis of a cone CA=
{x:Ax= 0,x≥0}.
Let A be an m×nmatrix. We introduce 2n+mvariables t1, t2, ..tm,
x1, .., xn,y1, y2, .., ynand fix any elimination monomial order such that
{t1, t2, ..tm}>{x1, .., xn}>{y1, y2, .., yn}.
Let IAdenote the kernel of the map
C[x1, . . . , xn, y1, . . . , yn]→C[t1, . . . , tm, t−1
1, . . . , t−1
m, y1, . . . , yn],
xj→yj
m
i=1
taij
i
and yj→yjfor each j= 1, . . . , n.
We can compute a Hilbert basis of CAas follows.
197
Algorithm A.4.1. 1. Compute the reduced Gr¨obner basis Gfor the
ideal IAwith respect to the monomial ordering given above.
2. The Hilbert basis of CAconsists of all vectors βsuch that xβ−yβ
appears in G.
Example A.4.1. Let
A=1−1
−2 2
To handle computations with negative exponents we introduce a
new variable tand consider the lexicographic ordering
t > t1> t2> x1> x2> y1> y2.
Then the given map acts as follows
x1→y1t1
1t−2
2
x2→y2t−1
1t2
2
Set tt1t2−1 = 0 and the Kernel of the map is given by IA=
(x1−y1t3
1t2, x2−y2t3
2t, t1t2t−1).
We compute the Gr¨obner basis of IAwith respect to the above
ordering and get:
IA= (x1x2−y1y2, t1y1−t2
2x1, t1x2−t2
2y2, t3
2ty2−x2, t3
2tx1−y1, t1t2t−1)
Therefore, the Hilbert basis is {(1,1)}.
See [18] and [39] for more details about this algorithm. See [26] for
more effective algorithms to compute the Hilbert basis.
A.5 Algorithms to compute toric ideals.
Computing toric ideals is the biggest challenge we face in applying the
methods we developed in Chapter 5. Many algorithms to compute toric
ideals exist and we present a few of them here.
Let A={a1, a2, ..., an}be a subset of Zd. The additive group gen-
erated by Ais a lattice, that is, the group is generated by linearly
198
independent vectors. The set of linearly independent vectors that gen-
erate the lattice is called a basis of the lattice. See [32] for more details
about lattices.
Consider the map
π:k[x]7→ k[t±1] (A.4)
xi7→ tai(A.5)
Recall that the kernel of πis the toric ideal of Adenoted by
IA. The most basic method to compute IAwould be the elimina-
tion method. Though this method is computationally expensive and
not recommended, it serves as a starting point. Note that every vector
u∈Zncan be written uniquely as u=u+−u−where u+and u−are
non-negative and have disjoint support.
Example A.5.1. For the given vector u= (−1,−1,1), u+= (0,0,1)
and u−= (1,1,0). Thus, ucan be written as u= (0,0,1) −(1,1,0).
We describe an algorithm to compute toric ideals given in [39].
Algorithm A.5.1.
1. Introduce n+d+ 1 variables t0, t1, .., td, x1, x2, ..., xn.
2. Consider any elimination order with {ti;i= 0, . . . , d}>{xj;j=
1, . . . , n}. Compute the reduced Gr¨obner basis Gfor the ideal
(t0t1t2...td−1, x1ta1−−ta1+, ...., xntan−−tan+).
3. G∩k[x] is the reduced Gr¨obner basis for IAwith respect to the
chosen elimination order.
If the lattice points aihave only non-negative coordinates, the vari-
able t0is unnecessary and we can use the ideal (xi−tai:i= 1, . . . , n)
in the second step of the Algorithm A.5.1.
To reduce the number of variables involved in the Gr¨obner basis
computations, it is better to use an algorithm that operates entirely
in k[x1, . . . , xn]. We now present such an algorithm for homogeneous
ideals. Observe that all the toric ideals we face in our computations in
Chapter 5 are homogeneous.
199
The saturation of an ideal Jdenoted by (J:f∞) is defined to be
(J:f∞) = {g∈k[x] : frg∈Jfor some r∈N}.
Let ker(A)∈Zndenote the integer kernel of the d×nmatrix with
column vectors ai. With any subset Cof the lattice ker(A) we associate
a ideal of IA:
JC:= (Xu+−Xu−:u∈ C).
We now describe another algorithm to compute the toric ideal IA
from [39].
Algorithm A.5.2.
1. Find any lattice basis Lfor ker(A).
2. Let JL:= (Xu+−Xu−:u∈L).
3. Compute a Gr¨obner basis of (JL: (x1x2···xn)∞) which is also a
Gr¨obner basis of the toric ideal IA.
Example A.5.2. Let A={(1,1),(2,2),(3,3)}. Consider the matrix
whose columns are the vectors of A
1 2 3
1 2 3 .
Then kerA={[−2,1,0],[−3,0,1]}. We use the software Maple
to compute a lattice basis of kerA:{[−1,−1,1],[−2,1,0]}. Therefore
JL= (x3−x1x2, x2−x2
1) and
(JL: (x1x2x3)∞) = (x3−x1x2, x2−x2
1, x2
2−x1x3)
which is also IA(see Algorithm A.5.2). Note that many available com-
puter algebra packages including CoCoA [16] can compute saturation
of ideals.
From the computational point of view, computing (JL: (x1x2··· xn)∞)
is the most demanding step. The algorithms implemented in CoCoA
try to make this step efficient [9]. For example, one way to compute
(JL: (x1x2···xn)∞), would be to eliminate tfrom the ideal H:=
JL+ (tx1x2···xn−1) but this destroys the homogeneity of the ideal.
200
It is well-known that computing with homogeneous ideals have many
advantages. Therefore, it is better to introduce a variable uwhose de-
gree is the sum of the degrees of the variables xi, i = 1, . . . , n. We then
compute the Gr¨obner basis of the ideal H:= JL+ (x1x2·· ·xn−u).
Then a Gr¨obner basis for (JL: (x1x2·· ·xn)∞) is obtained by simply
substituting u=x1x2···xnin the Gr¨obner basis of H.
Another trick to improve the efficiency of the computation of satu-
ration ideals is to use the fact
(JL: (x1x2···xn)∞) = ((. . . ((JL:x∞
1) : x∞
2). . . ) : x∞
n).
Therefore we can compute the saturations sequentially one variable
at a time. See [10] for other tricks. We refer the reader to [39] for
details and proofs of the concepts needed to develop these algorithms
and other algorithms.
A.6 Algorithms to compute Hilbert Poincar´e se-
ries.
In this section, we will describe a pivot-based algorithm to compute the
Hilbert Poincar´e series. Variations of this algorithm is implemented in
CoCoA [16].
Let kbe a field and R:= k[x1, x2, ..., xr] be a graded Noetherian
ring. let x1, x2, ..., xrbe homogeneous of degrees k1, k2, .., kr(all >0).
Let Mbe a finitely generated R-module. Let Hbe an additive function
on the class of R-modules with values in Z. Then by the Hilbert-Serre
theorem, we have
HM(t) = p(t)
Πr
i=1(1 −tdegxi).
where p(t)∈Z[t].
Let Ibe an ideal of R, we will denote
HR/I (t) = < I >
Πr
i=1(1 −tdegxi).
Observe that we only need to calculate the numerator < I > since the
denominator is already known.
201
Let ybe a monomial of degree (d1, ..., dr) called the pivot. The
degree of the pivot is d=r
i=1 di. The ideal quotient (J:f) of an
ideal J⊂k[x1, . . . , xr] and f∈k[x1, . . . , xr] is
(J:f) = {g∈k[x] : fg ∈J}.
It is proved in [10] that
HR/I (t) = HR/(I,y )(t) + td(HR/(I:y))(t),
which implies
< I >=< I , y > +td< I :y > . (A.6)
When Iis a homogeneous ideal,
HR/I (t) = HR/in(I)(t),
where in(I) denotes the ideal of initial terms of I(see Chapter 1).
The pivot yis usually chosen to be a monomial that divides a gen-
erator of Iso that the total degrees of (I, y) and (I:y) are lower than
the total degree of I. The computation proceeds inductively.
Example A.6.1. Let R=k[x1, x2, . . . , xn] be the polynomial ring.
Let R=d∈NRdwhere each Rdis minimally generated as a k-vector
by all the n+d−1
dmonomials of degree d. Therefore,
HR/(0)(t) = HR(t) = ∞
d=0
dimRdtd=∞
d=0 n+d−1
dtd= 1/(1 −t)n.
Therefore we get <0>= 1. We will use this information to compute
HR/(I)(t), where I= (x1, x2, . . . , xn).
Let J= (x2, . . . , xn). Then, (J:x1) = J. Therefore by Equation
A.6, we get
<(J, x1)>= (1 −tdegx1)< J > .
That is,
< x1, x2, . . . , xn>= (1 −tdegx1)< x2, . . . , xn> .
Now, choosing the pivot x2, x3, . . . , xnsubsequently we get
< x1, x2, . . . , xn>=
i=1,...,n
(1 −tdegxi)<0> .
202
Now since <0>= 1, we get < x1, x2, . . . , xn>=i=1,...,n(1 −
tdegxi).
Therefore HR/(x1,x2,...,xn)(t) = 1.
See [10] for more information about computing the Hilbert Poincare
series.
203
204
Bibliography
[1] Ahmed, M., De Loera, J., and Hemmecke, R., Polyhedral cones of
magic cubes and squares, New Directions in Computational Ge-
ometry, The Goodman-Pollack Festschrift volume, Aronov et al.,
eds., Springer-Verlag, (2003), 25–41.
[2] Ahmed, M., How many squares are there, Mr. Franklin?:
Constructing and Enumerating Franklin Squares, Amer. Math.
Monthly, Vol. 111, 2004, 394–410.
[3] , Magic graphs and the faces of the Birkhoff polytope, An-
nals of Combinatorics, Volume 12, Number 3, October 2008, 241-
269
[4] , Algebraic combinatorics of magic squares, Ph.D. disserta-
tion, Univ. of California UC Davis (2004).
[5] Anand, H., Dumir, V.C., and Gupta, H., A combinatorial distri-
bution problem, Duke Math. J. 33, (1966), 757-769.
[6] Andrews, W. S., Magic Squares and Cubes, 2nd. ed., Dover, New
York, 1960.
[7] Atiyah, M.F., and Macdonald, I.G., Introduction to Commutative
Algebra, Addison-Wesley, Reading, MA, 1969.
[8] Beck, M., Cohen, M., Cuomo, J., and Gribelyuk, P., The number
of magic squares, cubes and hypercubes, Amer. Math. Monthly,
110, no.8, (2003), 707-717.
[9] Bigatti, A.M., La Scala, R., and Robbiano, L., Computing toric
ideals, J. Symbolic Computation, 27, (1999), 351-365.
205
[10] Bigatti, A.M, Computation of Hilbert-Poincar´e Series, J. Pure
Appl. Algebra, 119/3, (1997), 237–253.
[11] Biggs, N.L., Discrete Mathematics, Revised edition, Oxford Uni-
versity Press Inc., New York, 1985.
[12] Bose, R.C., Manvel, B., Introduction to Combinatorial Theory,
John Wiley and Sons, Inc., USA, 1984.
[13] Brualdi, A.R., Introductory Combinatorics, 4th ed., Pearson Pren-
tice Hall, Upper Saddle River, N.J., 2004.
[14] Brualdi, A. R. and Gibson, P., Convex polyhedra of doubly stochas-
tic matrices: I, II, III, Journal of combinatorial Theory, A22,
(1977), 467-477.
[15] Carlitz, L., Enumeration of symmetric arrays, Duke Math. J., 33,
(1966), 771-782.
[16] Capani, A., Niesi, G., and Robbiano, L., CoCoA, A System for Do-
ing Computations in Commutative Algebra, available via anony-
mous ftp from cocoa.dima.unige.it (2000).
[17] Cox, D., Little, J., and O’Shea, D., Ideals, varieties, and Algo-
rithms, Springer Verlag, Undergraduate Text, 2nd Edition, 1997.
[18] , Using Algebraic Geometry, Springer-Verlag, New York,
1998.
[19] Dummit, D. S. and Foote, R. M., Abstract Algebra, Prentice Hall,
New Jersey, 1991.
[20] Fraleigh, J.B., A First Course in Abstract Algebra, second edition,
Addison-Wesley Publishing Company, Inc., World student series
edition, 1976.
[21] Giles, F.R. and Pulleyblank, W.R., Total dual integrality and in-
teger polyhedra, Linear Algebra Appl., 25, (1979), 191-196.
[22] Gupta, H., Enumeration of symmetric matrices, Duke Math. J.,
35, (1968), 653-659.
206
[23] Halleck, E.Q., Magic squares subclasses as linear Diophantine sys-
tems, Ph.D. dissertation, Univ. of California San Diego, (2000),
187 pages.
[24] Hungerford, T. W., Abstract Algebra, An Introduction, Saunders
College Publishing, New York, 1990.
[25] Lang, S., Algebra, third edition, Addison Wesley Longman, Inc,
1993.
[26] Hemmecke, R., On the computation of Hilbert bases of cones,
in Proceedings of First International Congress of Mathemati-
cal Software, A. M. Cohen, X.S. Gao, and N. Takayama, eds.,
Beijing, (2002); software implementation 4ti2 is available from
http://www.4ti2.de.
[27] MacMahon, P.A., Combinatorial Analysis, Chelsea, 1960.
[28] Pasles, P. C., The lost squares of Dr. Franklin: Ben Franklin’s
missing squares and the secret of the magic circle, Amer. Math.
Monthly, 108, (2001), 489-511.
[29] , Franklin’s other 8-square, J. Recreational Math., 31,
(2003), 161-166.
[30] L. D. Patel, The secret of Franklin’s 8×8magic square,
J.Recreational Math., 23, (1991), 175-182.
[31] Pretzel, O., Error-Correcting Codes and Finite Fields, Oxford Uni-
versity Press Inc., New York, 1992.
[32] Schrijver, A., Theory of Linear and Integer Programming, Wiley-
Interscience, 1986.
[33] Stanley, R.P., Enumerative Combinatorics, Volume I, Cambridge,
1997.
[34] , Combinatorics and commutative algebra, Progress in
Mathematics, 41, Birkha¨user Boston, MA, 1983.
[35] ) , Linear Homogeneous Diophantine Equations and Magic
Labelings Of Graphs, Duke Mathematical Journal, Vol. 40,
September 1973, 607-632.
207
[36] , Magic Labelings of Graphs, Symmetric Magic Squares,
Systems of Parameters and Cohen-Macaulay Rings, Duke Mathe-
matical Journal, Vol. 43, No.3, September 1976, 511-531.
[37] Stewart, B. M., Magic graphs, Canad. J. Math., vol. 18, (1966),
1031-1059.
[38] , Supermagic complete graphs, Canad. J. Math., vol. 19,
(1967), 427-438.
[39] Sturmfels, B., Gr¨obner Bases and Convex Polytopes, University
Lecture Series, no. 8, American Mathematical Society, Providence,
1996.
[40] Wallis, D., Magic Graphs, Birkh¨auser Boston, 2001.
208
Index
Abelian group, 82
Buchberger’s Algorithm, 19
Characteristic of a ring, 69
Codewords, 172
Cone, 138
Coset of an ideal, 65
Cyclic code, 180
Cyclic group, 89
Ehrhart quasi-polynomial, 156
Elimination ideal, 33
Field, 10
Franklin square, 136
Galois group, 110
Generating function, 194
Gray code, 171
Group, 81
Gr´
’obner basis, 18
Hamming weight, 173
Hilbert basis, 141
Hilbert-Poincare series, 151
Homomorphism of groups, 83
Homomorphism of rings, 60
Ideal, 16
Ideal quotient, 202
Index of a subgroup, 95
Integral domain, 10
Isomorphism of groups, 83
Isomorphism of rings, 61
Latin squares, 159
Lattice, 198
Leading term, 11
Magic square, 135
Maximal ideal, 68
Minimal polynomial, 72
Module, 149
Noetherian rings, 17
Normal subgroup, 92
Orthogonal Latin squares, 160
Pointed Cone, 138
Polyhedron, 138
Polytope, 138
Principal ideal domain, 17
Quasi-polynomial, 155
Quotient Ring, 65
Radical of an ideal, 32
Rational polytope, 154
Reduced Gr´
’obner basis, 20
Resultant, 41
209
Ring, 9
S-polynomial, 18
Saturation of an ideal, 200
Separable polynomial, 75
Solvable group, 111
Splitting field, 73
Standard generator matrix, 174
Subgroup, 85
Subring, 16
Sylvester matrix, 40
Toric ideal, 146
Variety, 27
210
