Chapter 3

Algebraic numbers and algebraic

number fields

Literature:
S. Lang, Algebra, 2nd ed. Addison-Wesley, 1984. Chaps. III,V,VII,VIII,IX.
P. Stevenhagen, Dictaat Algebra 2, Algebra 3 (Dutch).

We have collected some facts about algebraic numbers and algebraic number
fields that are needed in this course. Many of the results are stated without proof.
For proofs and further background, we refer to Lang’s book mentioned above, Peter
Stevenhagen’s Dutch lecture notes on algebra, and any basic text book on algebraic
number theory. We do not require any pre-knowledge beyond basic ring theory. In
the Appendix (Section 3.4) we have included some general theory on ring extensions
for the interested reader.

3.1 Algebraic numbers and algebraic integers

A number α ∈ C is called algebraic if there is a non-zero polynomial f ∈ Q[X] with
f (α) = 0. Otherwise, α is called transcendental. We define the algebraic closure of
Q by
Q := {α ∈ C : α algebraic}.

Lemma 3.1. (i) Q is a subfield of C, i.e., sums, differences, products and quotients
of algebraic numbers are again algebraic;

35
(ii) Q is algebraically closed, i.e., if g = X n + β1 X n−1 · · · + βn ∈ Q[X] and α ∈ C
is a zero of g, then α ∈ Q.
(iii) If g ∈ Q[X] is a monic polynomial, then g = (X − α1 ) · · · (X − αn ) with
α1 , . . . , αn ∈ Q.

Proof. This follows from some results in the Appendix (Section 3.4). Proposition
3.24 in Section 3.4 with A = Q, B = C implies that Q is a ring. To prove that Q
is a field we have to show that if α is a non-zero algebraic number then also α−1 is
algebraic. Indeed, for such α there are a0 , . . . , ad ∈ Q with such that a0 αd +a1 αd−1 +
· · · + a0 = 0 and a0 ad 6= 0. But then, a0 α−d + · · · + ad = 0. This proves part (i). Part
(ii) follows at once from Proposition 3.24, while (iii) is a consequence of (ii).

Let α ∈ Q. Among all polynomials with rational coefficients having α as a root

there is a unique one of minimal degree that is monic (indeed, take two monic poly-
nomials in Q[X] of minimal degree, say d, having α as a root; then their difference
has degree < d, hence must be 0). This polynomial is called the minimal polynomial
of α, notation fα .

Lemma 3.2. Let α ∈ Q. Then fα is irreducible in Q[X] and fα divides all polyno-
mials in g ∈ Q[X] with g(α) = 0.

Proof. The irreducibility of fα is clear since otherwise α were a zero of a polynomial

in Q[X] of degree strictly smaller than that of fα . Let g ∈ Q[X] have g(α) = 0. By
division with remainder, we have g = qfα + r for certain q, r ∈ Q[X] with r = 0 or
deg r < deg fα . But r(α) = 0, so r 6= 0 is impossible.

Let α ∈ Q. The degree of α, notation deg α, is by definition the degree of fα .

We can factorize fα over Q as

(X − α(1) ) · · · (X − α(d) ).

These α(1) , . . . , α(d) are called the conjugates of α. They are necessarily distinct,
for otherwise, fα and its derivative fα0 would have a root in common, which would
then be a root of the greatest common divisor of fα and fα0 . But this is impossible
because since fα is irreducible, this gcd is 1.
An algebraic number α is called totally real if all α(i) are in R, and totally complex,
if all α(i) are in C \ R. In general, some of the α(i) may be in R and some not in

36
 √ √ √
R. For instance, α = 3 2 has minimal polynomial X 3 − 2, and conjugates 3 2, ζ 3 2,
√
and ζ 2 3 2, where ζ is a primitive cube root of unity.
If α(i) is a non-real conjugate of an algebraic number α, then so is its complex
conjugate α(i) . Hence the non-real conjugates of an algebraic number occur in pairs
of complex conjugates, and so their number is even.
Suppose fα = X d + b1 X d−1 + · · · + bd−1 X + bd ; then b1 , . . . , bd ∈ Q. Let a0 ∈ Z>0
be the least common multiple of the denominators of b1 , . . . , bd . Put Fα := a0 fα .
Then

Fα = a0 X d + a1 X d−1 + · · · + ad , with a0 , . . . , ad ∈ Z, gcd(a0 , . . . , ad ) = 1.

We call Fα the primitive minimal polynomial of α (terminology invented by the

author; not used in general!). We define the height of α by

H(α) := max(|a0 |, . . . , |ad |).

Examples. 1. Let α = a/b with a, b ∈ Z, b > 0, gcd(a, b) = 1. Then α has

primitive minimal polynomial bX − a, hence H(α) = max(|a|, b).
√
2. Let α = 51 (1 + 2 3). Then
√ √
fα = (X − 51 (1 + 2 3))(X − 51 (1 − 2 3)) = X 2 − 52 X − 25
11
,
Fα = 25X 2 − 10X − 11, H(α) = 25.

Exercise 3.1. Let α ∈ Q be non-zero and of degree d.

(i) Prove that H(α−1 ) = H(α).
(ii) Prove that (H(α) + 1)−1 6 |α| 6 H(α) + 1.

Definition. A number α ∈ C is called an algebraic integer if there is a monic

polynomial f ∈ Z[X] such that f (α) = 0. Elements of Z are sometimes called
rational integers. A number α ∈ C is called an algebraic unit if both α, α−1 are
algebraic integers.
We define
∗
Z := {α ∈ C : α algebraic integer}, Z := {α ∈ C : α algebraic unit}.

Lemma 3.3. (i) Z is a ring, i.e., sums, differences and products of algebraic in-
∗
tegers are again algebraic integers. Further, Z is the multiplicative group of units

37
(invertible elements) of Z.
(ii) Z is integrally closed, i.e., if g = X n + β1 X n−1 · · · + βn ∈ Z[X] and α ∈ C is a
zero of g, then α ∈ Z.

Proof. Apply Proposition 3.24 in Section 3.4 with A = Z, B = C.

Lemma 3.4. Let α ∈ Q.

(i) α ∈ Z ⇐⇒ fα ∈ Z[X].
∗
(ii) α ∈ Z ⇐⇒ fα ∈ Z[X] and fα (0) = ±1.

Proof. (i) ⇐ is clear. To prove ⇒, take a monic polynomial g ∈ Z[X] with g(α) = 0.
The polynomial fα divides g in Q[X]. By factorizing g in Z[X], we get g = h1 h2
where h1 , h2 ∈ Z[X] and where h1 is a constant multiple of fα . But the leading
coefficient of h1 divides that of g, hence is ±1, and so fα = ±h1 ∈ Z[X].
(ii) ⇐ is again clear. To prove ⇒, we already know that both fα ∈ Z[X] and
fα−1 ∈ Z[X]. Further, fα−1 (0) = fα (0)−1 ∈ Z, hence fα (0) = ±1.

Lemma 3.5. Z ∩ Q = Z.

Proof. Let α ∈ Z ∩ Q. Then fα = X − α ∈ Z[X], hence α ∈ Z.

An important observation in many Diophantine approximation proofs is that if

a is a non-zero rational integer (i.e., in Z) then |a| > 1. This cannot be extended
√
to algebraic integers. For instance, α := 21 (1 − 5) is a non-zero algebraic integer
(being a root of X 2 − X − 1) but |α| < 1. However, we have the following.

Lemma 3.6. Let α be a non-zero algebraic integer. Then α has a conjugate α(i)
with |α(i) | > 1.

Exercise 3.2. Prove this.

Lemma 3.7. Let α be an algebraic number, and let F = a0 X d + a1 X d−1 + · · · + ad ∈

Z[X] be a polynomial with F (α) = 0. Then a0 α is an algebraic integer.

Proof. We clearly have

0 = ad−1 d
0 F (α) = (a0 α) + a1 (a0 α)
d−1
+ · · · + ad−1
0 ad ,

hence a0 α is a zero of a monic polynomial from Z[X].

38
Definition. Given a non-zero algebraic number α, we define the denominator of
α to be the smallest positive a ∈ Z such that aα is an algebraic integer, notation
den(α).

Exercise 3.3. (i) Let G = b0 X m + b1 X m−1 + · · · + bm where b0 , . . . , bm are algebraic

integers with b0 6= 0. Let α ∈ C with G(α) = 0. Prove that G/(X − α) is a
polynomial whose coefficients are algebraic integers.
Hint. Induction on m. In the induction step, use that b0 α is an algebraic integer,
after having showed this. Use Lemma 3.3.
(ii) We can express the primitive minimal polynomial of an algebraic number α as
Fα = a0 di=1 (X − α(i) ), where α(1) , . . . , α(d) are the conjugates of α. Prove that
Q

for each subset {i1 , . . . , ik } of {1, . . . , d}, the number a0 α(i1 ) · · · α(ik ) is an algebraic
integer.

3.2 Algebraic number fields

We first recall a few generalities from field theory. We call K ⊃ k a field extension,
or K an extension of k, if k is a subfield of K, that is, k is a field with the addition
and multiplication coming from K. Note that in this case, K is a k-vector space,
since it is closed under addition and under scalar multiplication with elements from
k (but of course K has much more structure).
Definition. A field extension K ⊃ k is called finite (or K is a finite extension of
k) if K is finite dimensional as a k-vector space. In this case, the degree of K ⊃ k,
notation [K : k], is defined to be the dimension of K as a k-vector space.
Examples. 1. C = {a + bi : a, b ∈ R}. So C ⊃ R is finite, and [C : R] = 2.
√ √
2. Q( 2) = {a + b 2 : a, b ∈ Q}. Verify that this is a field, in particular that it is
√ √
closed under division. Clearly, Q( 2) ⊃ Q is finite, and [Q( 2) : Q] = 2.
Definition. A(n algebraic) number field is a finite extension of Q.

Lemma 3.8. Let L ⊃ K ⊃ k be a tower of field extensions (i.e., K is a subfield of

L, and k of K). Then L ⊃ k is finite if and only if L ⊃ K and K ⊃ k are finite,
and in this case, [L : k] = [L : K] · [K : k].

Proof. First assume that L ⊃ k is finite. Then certainly K ⊃ k is finite since K is a

39
k-linear subspace of L. Further, a k-basis of L also generates L as a k-vector space.
Hence L ⊃ K is finite as well. Conversely, suppose that K ⊃ k is finite and let
{α1 , . . . , αr } a k-basis of K, and suppose that L ⊃ K is finite and let {β1 , . . . , βs }
be a K-basis of L. Then {αi βj : i = 1, . . . , r, j = 1, . . . , s} is a k-basis of L. This
proves our lemma.

Let K ⊃ k be a field extension, and α1 , . . . , αr ∈ K. Then k(α1 , . . . , αr ) denotes

the smallest subfield of K containing both k and α1 , . . . , αr . Thus, k(α1 , . . . , αr )
consists of all entities f (α1 , . . . , αr )/g(α1 , . . . , αr ), where f, g ∈ k[X1 , . . . , Xr ], and
g(α1 , . . . , αr ) 6= 0. An extension of the type k(α) ⊃ k is called primitive.
Let K ⊃ k be an extension and α ∈ K. We say that α is algebraic over k if there
is a non-zero polynomial g ∈ k[X] with g(α) = 0. The necessarily unique, monic
polynomial of minimal degree with this property is called the minimal polynomial of
α over k, notation fα,k . The degree of α over k is the degree of fα,k . The polynomial
fα,k is necessarily irreducible in k[X].

Lemma 3.9. Suppose α has degree d over k. Then k(α) is a finite extension of k
with basis {1, α, . . . , αd−1 } over k. Hence [k(α) : k] = d.

Proof. {1, α, . . . , αd−1 } is certainly linearly independent over k since any non-trivial
k-linear combination of these elements would yield a polynomial expression in α of
degree < d which is necessarily non-zero. Let V := {g(α) : g ∈ k[X]}. This is
clearly a k-vector space. Using division with remainder, we can write g ∈ k[X] as
qfα,k + r with q, r ∈ k[X] and r = 0 or deg r < d. Now g(α) = r(α) is a k-linear
combination of 1, α, . . . , αd−1 , so these elements form a k-basis of V . To show that
V is a field, it remains to show that it is closed under multiplicative inversion. Let
g(α) ∈ V where g ∈ k[X] is non-zero and of degree < d. Since fα,k is irreducible in
k[X] it is coprime with g, implying that there are a, b ∈ k[X] with ag + bfα,k = 1.
Hence a(α)g(α) = 1. This shows that V = k(α).

We now specialize to algebraic number fields. Note that by Lemmas 3.8 and
3.9, if α1 , . . . , αr are algebraic numbers then Q(α1 , . . . , αr ) is an algebraic number
field. Conversely, any algebraic number field K can be expressed in this form, for
instance by taking a Q-basis of K. The following result, which we state without
proof, asserts that a number field can always be generated by a single element.

40
Theorem 3.10 (Theorem of the primitive element). Let K be an algebraic number
field of degree d. Then there is θ ∈ K such that K = Q(θ).

A consequence is that K is a Q-vector space with basis {1, θ, . . . , θd−1 }.

√ √ √ √
Example. Q( 2, 3) = Q( 2 + 3).
√ √ √ √
To verify this, observe first that 3 6∈ Q( 2). Hence K := Q( 2, 3) has degree
√ √ √ √ √
[K : Q( 2)]·[Q( 2) : Q] = 4. For a Q-basis of K one may take {1, 2, 3, 6}. On
√ √
the other hand, L := Q( 2 + 3) is a subfield of K, and it has the four Q-linearly
√ √ √ √ √ √ √ √ √
independent elements 1, 2+ 3, ( 2+ 3)2 = 5+2 6, ( 2+ 3)3 = 11 2+9 3.
Hence L = K.
An embedding of a number field K in C is an injective field homomorphism of K
into C. An embedding of K in C necessarily leaves the elements of Q unchanged.
This has the following consequences.
First, let σ be an embedding of K in C, α1 , . . . , αr ∈ K, and

β = f (α1 , . . . , αr )/g(α1 , . . . , αr ) with f, g ∈ Q[X1 , . . . , Xr ].

Then σ(β) = f (σ(α1 ), . . . , σ(αr ))/g(σ(α1 ), . . . , σ(αr )). So if K = Q(α1 , . . . , αr ),

then σ is uniquely determined by its images on α1 , . . . , αr .
Second, if f ∈ Q[X], and α ∈ K is a zero of f , then also σ(α) is a zero of f . For
f (σ(α)) = σ(f (α)) = 0.

Proposition 3.11. Let K be an algebraic number field of degree d. Then there are
precisely d distinct embeddings of K in C.

These d embeddings can be described explicitly as follows. Suppose that K =

Q(θ). Let fθ be the minimal polynomial of θ (over Q) and suppose fθ has degree d.
Then
fθ = (X − θ(1) ) · · · (X − θ(d) ) with θ(1) , . . . , θ(d) ∈ C.
As mentioned above, the embeddings of K in C map θ to the zeros of fθ , and
each embedding is uniquely determined by its image of θ. Hence the d embeddings
σ1 , . . . , σd of K in C can be given by σi (θ) = θ(i) .
An embedding σ of K in C is called real if σ(K) ⊂ R, and complex if σ(K) 6⊂
R. If σ is a complex embedding of K, then so is its composition with complex
conjugation, σ : x 7→ σ(x). Thus the complex embeddings of K occur in conjugate

41
pairs σ, σ. Suppose that K has precisely r1 real embeddings, and r2 pairs of conjugate
complex embeddings. Then r1 + 2r2 = d. It will often be convenient to order the
embeddings σ1 , . . . , σd in such a way that
- σ1 , . . . , σr1 are the real embeddings;
- {σr1 +1 , σr1 +r2 +1 = σr1 +1 }, . . . , {σr1 +r2 , σr1 +2r2 = σr1 +r2 } are the pairs of conjugate
complex embeddings.
√ √
Example. Let K = Q( 4 2). The minimal polynomial of 4 2 is X 4 − 2, and the
√
zeros of X 4 − 2 are ik 4 2 (k = 0, 1, 2, 3), where i2 = −1. Thus,
( 3 )
X √ 4 j
K= xj ( 2) : xj ∈ Q ,
j=0

the four embeddings of K in C are given by

3 3
X √ X √
xj ( 2)j 7→ xj (ik 2)j
4 4
(k = 0, 1, 2, 3),
j=0 j=0

and σ0 , σ2 are real, σ1 , σ3 are complex, and σ3 = σ1 . So r1 = 2, r2 = 1.

Let K be an algebraic number field, and L a finite extension of K. Further, let
σ, τ be embeddings of respectively K and L in C. Then τ of L is called a continuation
of σ if τ |K = σ, i.e., σ(x) = τ (x) for x ∈ K. Obviously, each embedding of L in C
is a continuation of some embedding of K in C.

Proposition 3.12. Each embedding of K in C can be continued in precisely [L : K]

ways to an embedding of L in C.
√ √
Example. Let K = Q( 4 2), L = Q( 12 2). Then L ⊃ K and [L : K] = 3. The
√ √
four embeddings of K in C are given by σk ( 4 2) = ik 4 2 (k = 0, 1, 2, 3). The twelve
√ √
l 12 3
embeddings of L in C are given by τl ( 12 2) = ζ12 2 (l = 0, 1, . . . , 11), where ζ12 = i.
The continuations of σk to L are τl with 3l ≡ k (mod 4), 0 6 l 6 11.

Corollary 3.13. Let K be an algebraic number field of degree d, and let σ1 , . . . , σd

be the embeddings of K in C. Further, let α ∈ K. Then each of the conjugates of α
occurs precisely [K : Q(α)] times in the sequence σ1 (α), . . . , σd (α).

Proof. Suppose Q(α) has degree m. Let fα = m (i)

Q
i=1 (X − α ). Then the m embed-
dings τ1 , . . . , τm of Q(α) in C are determined by τi (α) = α(i) for i = 1, . . . , m. Since

42
each τi has precisely d/m continuations to K and each embedding of K in C is a
continuation of some τi , each of the numbers α(i) occurs precisely d/m = [K : Q(α)]
times among σ1 (α), . . . , σm (α).

Corollary 3.14. Let α1 , . . . , αr ∈ Q and F ∈ Q[X1 , . . . , Xr ]. For i = 1, . . . , r, let

(j)
αi (j = 1, . . . , ri ) be the conjugates of αi . Then all conjugates of F (α1 , . . . , αr ) are
contained in the set
(j )
F (α1 1 , . . . , αr(jr ) ) (j1 = 1, . . . , d1 ; . . . ; jr = 1, . . . , dr ).

Proof. Let K := Q(α1 , . . . , αr ) and β := F (α1 , . . . , αr ). Every conjugate of β is of

the shape σ(β), where σ is an embedding of K in C. On the other hand, σ(β) =
F (σ(α1 ), . . . , σ(αr )) and σ(αi ) is a conjugate of αi , for i = 1, . . . , r.

Let K be an algebraic number field of degree d and σ1 , . . . , σd the embeddings

of K in C. The characteristic polynomial of α ∈ K is defined by
d
Y
χα,K := (X − σi (α)).
i=1

In case that K = Q(α), we have χα,K = fα is the minimal polynomial of α. In case

that Q(α) is strictly smaller than α we have the following.

Lemma 3.15. Let α ∈ K and let fα be the minimal polynomial of α. Then χα,K =
[K:Q(α)]
fα . Hence χα,K ∈ Q[X].

Proof. Let m := [Q(α) : Q]. Then fα = (X −α(1) ) · · · (X −α(m) ) where α(1) , . . . , α(m)
are the conjugates of α. Apply Corollary 3.13.

Definition. Let K be an algebraic number field. The ring of integers of K is given

by
OK := {α ∈ K : α is integral over Z} = K ∩ Z.
That is, OK is the integral closure of Z in K. The group of units (invertible elements)
∗
of OK is denoted by OK . We observe that if α ∈ OK and σ is an embedding of K
in C, then σ(α) is an algebraic integer. For α is a zero of a monic f ∈ Z[X] hence
so is σ(α).

Lemma 3.16. Let α ∈ K. Then α ∈ OK ⇐⇒ χα,K ∈ Z[X].

43
Proof. ⇐= χα,K is a monic polynomial having α as a root.
=⇒ Lemma 3.4 implies fα ∈ Z[X], and then Lemma 3.15 implies χα,K ∈ Z[X].

Definition. Let K be an algebraic number field of degree d and σ1 , . . . , σd the

embeddings of K in C. Then the trace and norm of α ∈ K over Q are given by
respectively
d
X d
Y
T rK/Q (α) = σi (α), NK/Q (α) = σi (α).
i=1 i=1

These numbers are coefficients of χα,K . So by Lemma 3.15 these numbers belong
to Q; moreover, if α ∈ OK then by Lemma 3.16 they belong to Z. Notice that for
α, β ∈ K we have

T rK/Q (α + β) = T rK/Q (α) + T rK/Q (β), NK/Q (αβ) = NK/Q (α)NK/Q (β).

∗
Lemma 3.17. Let α ∈ OK . Then α ∈ OK ⇐⇒ NK/Q (α) = ±1.

Proof. =⇒ Both α, α−1 are in OK , hence NK/Q (α) ∈ Z, NK/Q (α−1 ) ∈ Z. But
NK/Q (α)NK/Q (α−1 ) = 1, hence NK/Q (α) = ±1.
⇐= Without loss of generality, σ1 (α) = α. Then α−1 = ±σ2 (α) · · · σd (α) is an
algebraic integer, hence belongs to OK .

Exercise 3.4. Let K be a quadratic number field, that is an algebraic number field
of degree 2. √ √
(i) Prove that K = Q( d) = {a + b d : a, b ∈ Q}, where d ∈ Z \ {0, 1} and d is
not divisible by the square of an integer 6= 1. Also determine the two embeddings of
K in C. √
(ii) Let α = a + b d with a, b ∈ Q. Prove the following:
if d ≡ 2 (mod 4) or d ≡ 3 (mod 4) then α ∈ OK if and only if a, b ∈ Z;
if d ≡ 1 (mod 4) then α ∈ OK if and only if 2a, 2b ∈ Z and 2a ≡ 2b (mod 2).
Hint. Determine the minimal polynomial fα of α and use that its coefficients are
in Z.

44
3.3 Galois theory
Let K be an algebraic number field with K ⊂ C. The field K is called normal if
K = Q(α1 , . . . , αr ) where α1 , . . . , αr are such that (X − α1 ) · · · (X − αr ) ∈ Q[X].
Let K ⊂ C be a normal algebraic number field and α1 , . . . , αr as above. Let σ
be an embedding of K in C. In general, if f ∈ Q[X] and α is a zero of f in K, then
f (σ(α)) = 0. As a consequence, σ permutes α1 , . . . , αr . Since K consists of rational
functions in α1 , . . . , αr with coefficients in Q, this implies that σ is an isomorphism
mapping K to itself, i.e., an automorphism of K.
The automorphisms of K form a group under composition, the Galois group of
K, notation Gal(K/Q). We state without proof some properties of the Galois group.

Proposition 3.18. Let K be a normal algebraic number field, and Gal(K/Q) its
Galois group.
(i) Gal(K/Q) is a group of order [K : Q]. We have

{x ∈ K : σ(x) = x ∀σ ∈ Gal(K/Q)} = Q.

(ii) There is a bijection between the subgroups of Gal(K/Q) and the subfields of K,
given by

H 6 Gal(K/Q) −→ K H := {x ∈ K : σ(x) = x ∀ σ ∈ H}
Gal(K/L) := {σ ∈ Gal(K/Q) : σ|L = id} ←− L

and the order of H is equal to [K : K H ].

(iii) Let f ∈ Q[X] be an irreducible polynomial having at least one root in K. Then
all roots of f lie in K, for any two roots α, β of f there is σ ∈ Gal(K/Q) such that
σ(α) = β, and each σ ∈ Gal(K/Q) permutes the roots of f .

Remarks. 1. The bijection in (ii) reverses inclusions: if H1 is a subgroup of H2 ,

then K H2 is a subfield of K H1 .
2. Every algebraic number field K can be extended to a normal number field. Let
K = Q(θ). Then for the minimal polynomial fθ of θ we have fθ = (X −θ(1) ) · · · (X −
θ(d) ). Clearly, N := Q(θ(1) , . . . , θ(d) ) is normal, and N contains K.
√ √ √ √ √ √
Example. Let K = Q( 2, 3). Then K = Q( 2, − 2, 3, − 3) is generated by
the four roots of (X 2 − 2)(X 2 − 3) hence it is normal. We have seen before that

45
 √ √ √
[K : Q] = 4, and that K has basis {1, 2, 3, 6} over Q. Hence G := Gal(K/Q)
√ √
has order 4. Any σ ∈ Gal(K/Q) maps 2 to a root of X 2 − 2, hence to ± 2.
√ √ √
Likewise, σ maps 3 to ± 3. Thus, G = {σab : a, b = 1, −1}, where σab ( 2) =
√ √ √
a 2, σab ( 3) = b 3. It is easy to check that G is the Klein four group, with σ11
the identity. The table below gives the subgroups of G and corresponding subfields
of K.

H K H = {x ∈ K : σ(x) = x ∀σ ∈ H}
√ √
{id} Q( 2, 3)
√
{id, σ1,−1 } Q( 2)
√
{id, σ−1,1 } Q( 3)
√
{id, σ−1,−1 } Q( 6)
G Q

As an example, we compute the subfield K H corresponding to the subgroup H =

√ √ √
{id, σ−1,−1 } of G. Recall that {1, 2, 3, 6} is a basis of K. Thus, every element
√ √ √
of K can be expressed uniquely as x0 + x1 2 + x2 3 + x3 6 with xi ∈ Q. Now
√ √ √ √ √ √
σ−1,−1 maps β = x0 + x1 2 + x2 3 + x3 6 to x0 − x1 2 − x2 3 + x3 6, and thus
√
σ11 (β) = β if and only if x1 = x2 = 0. This shows that K H = Q( 6).
√
Exercise 3.5. Let 3 2 be the real cube root of 2, and ζ a primitive cube root of unity.
√
(i) Prove that the field K := Q( 3 2, ζ) is normal and that [K : Q] = 6.
(ii) Determine the subfields of K.

3.4 Appendix: Ring extensions

A ring A is always supposed to have a (necessarily unique) unit element 1 such that
x · 1 = 1 · x = x for all x ∈ A. An element a ∈ A is called a unit of A if there is
b ∈ A with ba = ab = 1; this necessarily unique element b is denoted by a−1 . The
units of A form a multiplicative group, the unit group of A, which we denote by A∗ .
In particular, the unit group of a field K is K ∗ = K \ {0}.
An integral domain is a commutative ring without divisors of 0, i.e., it does not
contain non-zero elements a, b such that ab = 0. The quotient field of an integral
domain A is denoted by QA . The field QA consists of all fractions a/b with a, b ∈ A,
b 6= 0, where two fractions a/b, c/d are identified if ad = bc.

46
 Given two rings A, B, when writing A ⊂ B or B ⊃ A we always mean that A is a
subring of B, i.e., A is a ring with the addition, multiplication and unit element of B.
We call A ⊂ B or B ⊃ A a ring extension. It is possible to set up a theory for ring
extensions similar to that for field extensions. We restrict ourselves to extensions of
commutative rings.
A role similar to that of vector spaces in the theory of field extensions is played
by modules in the theory of ring extensions. In general, if A is a commutative ring,
then an A-module is a set M , endowed with an addition + : M × M → M and
scalar multiplication · : A × M → M , which satisfy precisely the same axioms as
the addition and scalar multiplication of a vector space, except that the scalars are
taken from a ring instead of a field. A Z-module is simply an abelian group.
Let A be a commutative ring, and M an A-module. We call M 0 an A-submodule
of M if it is closed under the addition and scalar multiplication of M . That is, M 0 is
an A-submodule of M if and only if for all α, β ∈ M 0 , r, s ∈ A we have rα+sβ ∈ M 0 .
We say that M is finitely generated over A, if there is a finite set of elements
α1 , . . . , αr ∈ M such that M = { ri=1 xi αi : xi ∈ A}. We call {α1 , . . . , αr } an
P

A-basis for M if α1 , . . . , αr generate M as an A-module, and if they are A-linearly

independent, i.e., there is no (x1 , . . . , xr ) ∈ Ar \ {0} with ri=1 xi αi = 0.
P

One notable difference between vector spaces and modules is that finitely gen-
erated vector spaces always have a basis, whereas finitely generated modules over a
ring need not have a basis. An A-module which does have a basis is called free.
Example. View the residue class ring Z/nZ (with n a positive integer) as a Z-
module. Write the residue class a mod n as a. As a Z-module, Z/nZ is generated
by 1. But for each a ∈ Z/nZ we have n · a = 0, Hence each element of Z/nZ is
linearly dependent over Z, and so Z/nZ does not have a Z-basis.

Now let A ⊂ B be an extension of commutative rings. We denote the unit

element of A by 1. Clearly, B may be viewed as an A-module. We call A ⊂ B
or B ⊃ A a finite ring extension and say that B is finite over A, if B is finitely
generated as an A-module.
Given α1 , . . . , αr ∈ B, we denote by A[α1 , . . . , αr ] the smallest subring of B

47
containing A and α1 , . . . , αr . Thus,

A[α1 , . . . , αr ] = {f (α1 , . . . , αr ) : f ∈ A[X1 , . . . , Xr ]}.

An element α ∈ B is said to be integral over A if there is a monic polynomial

f ∈ A[X] with f (α) = 0.
Before proceeding, we recall a version of the division with remainder algorithm
for rings.

Lemma 3.19. Let A be a commutative ring, and f, g ∈ A[X] polynomials such that
the leading coefficient of f is in A∗ . Then there are polynomials q, r ∈ A[X] such
that g = qf + r, deg q 6 deg g − deg f and deg r < deg f . The polynomials q, r are
uniquely determined by f, g.

Proof. Induction on the degree of g. First assume that deg g < deg f . If g = qf + r
for some q, r ∈ A[X] with q 6= 0 and deg r < deg f , then since the leading coefficient
of f is in A∗ , we have deg qf > deg f , while on the other hand deg qf = deg(g −r) <
deg f , which is impossible. Hence q = 0, r = g.
Suppose that deg g = m and deg f = n with m > n. let a, b be the leading
coefficients of f, g, respectively. So a ∈ A∗ . Then apply the induction hypothesis to
g − ba−1 X m−n f , which is in A[X] and has degree smaller than m.

Lemma 3.20. Let A ⊂ B be an extension of commutative rings, and α ∈ B. Then

the following are equivalent:
(i) α is integral over A;
(ii) A[α] is finite over A;
(iii) there is a non-zero, finitely generated A-submodule M of B such that 1 ∈ M
and αM ⊆ M , where αM = {αx : x ∈ M }.

Proof. (i)=⇒(ii). Let f ∈ A[X] be a monic polynomial with f (α) = 0. Let β ∈ A[α].
Then β = g(α) with g ∈ A[X]. Since f is monic, using division with remainder
we find q, r ∈ A[X] with g = qf + r, and deg r < deg f = n. We may write
r = c0 + c1 X + · · · + cn−1 X n−1 with ci ∈ A. Thus,
n−1
X
β = g(α) = q(α)f (α) + r(α) = r(α) = ci α i .
i=0

48
It follows that A[α] is generated as an A-module by 1, α, . . . , αn−1 .
(ii)=⇒(iii). Trivial.
(iii)=⇒(i). let {ω1 , . . . , ωr } be a set of A-module generators for M . Since 1 ∈ M
we may assume that ω1 = 1. Further, since αωi ∈ M we have

αωi = ci1 ω1 + · · · + cir ωr with cij ∈ A for i, j = 1, . . . , r.

This can be rewritten as

   
ω1 0
(αI − C)  ...  =  ..  ,
  
. 
ωr 0

where I is the r × r unit matrix and C = (cij )i,j=1,...,r is the r × r-matrix with cij
on the i-th row and j-th column. We multiply both sides of this identity on the left
with the matrix consisting of the minors of αI − C, i.e., with D = (Mij )i,j=1,...,r ,
where Mij = (−1)i+j times the determinant of the matrix, obtained by removing
the j-th row and i-th column from αI − C. Then since

D · (αI − C) = det(αI − C) · I,

we obtain det(αI − C)ωi = 0 for i = 1, . . . , r, so det(αI − C) = 0. That is, α is a

zero of det(XI − C), which is a monic polynomial from A[X].

Corollary 3.21. Let A ⊂ B be a finite extension of commutative rings. Then every

α ∈ B is integral over A.

Proof. Apply Lemma 3.20, (iii)=⇒(i) with M = B.

Lemma 3.22. Let A, B, C be commutative rings such that B is finite over A and
C is finite over B. Then C is finite over A.

Proof. Suppose that B is generated as an A-module by α1 , . . . , αm , and C is gener-

ated as a B-module by β1 , . . . , βn . A straightforward computation shows that C is
generated an as A-module by αi βj (i = 1, . . . , m, j = 1, . . . , n).

Lemma 3.23. Let A, B be commutative rings. Then B is finite over A if and only
if B = A[α1 , . . . , αr ] for certain α1 , . . . , αr that are integral over A.

49
Proof. Suppose that B is finite over A, say B is generated as an A-module by
α1 , . . . , αr . By Corollary 3.21, α1 , . . . , αr are integral over A, and clearly, B =
A[α1 , . . . , αr ].
Conversely, suppose that B = A[α1 , . . . , αr ] where α1 , . . . , αr are integral over
A. Let B0 := A and Bi := A[α1 , . . . , αi ] for i = 1, . . . , r. Thus, Bi = Bi−1 [αi ] for
i = 1, . . . , r. By Lemma 3.20, (i)=⇒(ii), Bi is finite over Bi−1 for i = 1, . . . , r, and
then by Lemma 3.22, B = Br is finite over A.

Proposition 3.24. Let A ⊂ B be an extension of commutative rings.

(i) Let α, β ∈ B be integral over A. Then α ± β and αβ are integral over A.
(ii) Let β1 , . . . , βn ∈ B be integral over A, and let α ∈ B be a zero of X n + β1 X n−1 +
· · · + βn . Then α is integral over A.

Proof. (i). By Lemma 3.23, the ring A[α, β] is finite over A, and then by Corollary
3.21, all elements of A[α, β] are integral over A.
(ii). Let C = A[β1 , . . . , βn ]. By Lemma 3.23, C is finite over A. The number α
is integral over C, so by Lemma 3.20, C[α] is finite over C. Again by Lemma 3.23,
C[α] is finite over A, and then by Corollary 3.21, α is integral over A.

Definition. Let A ⊂ B be an extension of commutative rings. By Proposition 3.24

(i), the set
C = {α ∈ B : α is integral over A}
is a subring of B, called the integral closure of A in B. Note that by Proposition
3.24,(ii) every element of B that is integral over C already belongs to C.
We say that A is integrally closed in B if C = A, i.e., every element of B that is
integral over A already belongs to A.
Let A be an integral domain. The integral closure of A is defined as its integral
closure in its quotient field. If this integral closure is equal to A itself, we call A
integrally closed.
Examples. 1. Z is integrally closed.
√ √
2. Let A = Z[2 2]. The quotient field of A is Q( 2), and its integral closure is
√
Z[ 2].

50