Algorithmic Algebraic Number Theory

ENCYCLOPEDIA OF MATHEMATICS AND ITS APPLICATIONS

Algorithmic algebraic number theory M. POHST University of Dusseldorf

H. ZASSENHAUS Professor Emeritus Ohio State University

CAMBRIDGE UNIVERSITY PRESS

Published by the Press Syndicate of the University of Cambridge The Pitt Building, Trumpington Street, Cambridge CB2 IRP 40 West 20th Street, New York, NY 10011-4211, USA 10 Stamford Road, Oakleigh, Melbourne 3166, Australia

© Cambridge University Press 1989 First published 1989 Reprinted 1990, 1993 Printed in Great Britain by Antony Rowe Ltd, Chippenham, Wiltshire British Library cataloguing in publication data Pohst, M. Algorithmic algebraic number theory(Encyclopaedia of mathematics and its applications). I. Algebraic number theory I. Title II. Zassenhaus, H. III. Series 512'.74 Library of Congress cataloguing in publication data Pohst. M. Algorithmic algebraic number theory/M. Pohst and H. Zassenhaus. p. cm. Bibliography: p. Includes index. ISBN 0 521 33060 2 Algebraic number theory. 2. Algorithms. I. Zassenhaus. Hans. II. Title QA247.P581989 512'.74-dcl9 88-2960 CIP ISBN 0 521 330602 hardback

TM

CONTENTS

Preface List of symbols used in the text

1 Basics of constructive algebraic number theory 1.1 Introduction 1.2 The main task of constructive algebra 1.3 On the construction of overmodules and overrings 1.4 The ring of an equation 1.5 The Gaussian integer ring Z[i] 1.6 Factorial monoids and divisor cascades 2

2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 2.9 2.10 2.11 2.12

The group of an equation Splitting rings The fixed subring of the permutation automorphisms Symmetric polynomials Indecomposable splitting rings Finite fields The main theorem of Galois theory Minimal splitting fields The Lagrange resolvent The group of an equation How to determine the group of a separable equation over a field The cyclotomic equation Normal bases

3 Methods from the geometry of numbers

3.1 3.2 3.3 3.4

Introduction Free modules over principal entire rings Lattices and basis reduction Minkowski's convex body theorem

vii XI

1 I

4 7 13 IS

23 29

29 37 48 63 69

87 91 97 108 135 157 163 177

177 177 186 212

Contents

4 Embedding of commutative orders into the maximal order 4.1 Introduction 4.2 The algebraic background 4.3 Valuation theory 4.4 Eisenstein polynomials 4.5 Dedekind rings and orders 4.6 Embedding algorithm 5 Units in algebraic number fields

5.1 5.2 5.3 5.4 5.5 5.6 5.7 5.8

219

219 222 230 255 264 313 327

Introduction The Dirichlet theorem On solving norm equations I Computation of roots of unity Computation of independent units Regulator bounds and index estimates Computation of fundamental units Remarks on computerization

327 329 336 343 350 359 367 372

6 The class group of algebraic number fields

377

6.1 6.2 6.3 6.4 6.5

Introduction The ring OF of algebraic integers as a Dedekind ring Ideal calculus On solving norm equations II Computation of the class group

377 381 396 408 413

Appendix: Numerical tables

427 455 456 459

Algorithms References Index

PREFACE

This book is a first step in a new direction: to modify existing theory from a constructive point of view and to stimulate the readers to make their own computational experiments. We are thoroughly convinced that their observations will help to build a new basis from which to venture into new theory on algebraic numbers. History shows that in the long run, number theory always followed the cyclic movement from theory to construction to experiment to conjecture to theory. Consequently, this book is addressed to all lovers of number theory. On the one hand, it gives a comprehensive introduction to (constructive) algebraic number theory and is therefore especially suited as a textbook for a course on that subject. On the other hand, many parts go far beyond an introduction and make the user familiar with recent research in the field. For experimental number theoreticians we developed new methods and obtained new results (e.g., in the tables at the end of the book) of great importance for them. Both computer scientists interested in higher arithmetic and in the basic makeup of digital computers, and amateurs and teachers liking algebraic number theory will find the book of value. Many parts of the book have been tested in courses independently by both authors. However, the outcome is not presented in the form of lectures, but, rather, in the form of developed methods and problems to be solved. Algorithms occur frequently throughout the presentation. Though we do not give a thorough definition of an algorithm (but just a rough explanation in 1.1), the underlying idea is that a definite output is obtained from prescribed input data by certain arithmetical rules in a finite number of computational steps. Clearly, an upper bound for the number of those computational steps depending on the input data should be desirable in each case. However, the bounds obtainable for many well-known, frequently used algorithms are completely unrealistic. Hence, we usually do without a complexity analysis.

viii

Preface

(The derivation of rough estimates is a good exercise for the reader interested in that topic, however.) This approach is justified by the fact that the algorithms under consideration yield good to excellent results for number fields of small degree and not too large discriminants. In those cases O-estimates are not very helpful in general. Rather, our intention is to make the readers conscious of weak performances of (parts of) algorithms and to strengthen their ability to improve them. From our experiences those weak links in the chain of operations can be detected often only by numerical computation. Hence, we highly recommend the interaction of developing algorithms, observing their performance in practical application, followed by improving them. Moreover, new algorithms are used to replace older proofs of theorems by means of using their output to show the existence of certain mathematical objects, such as the shortest vector in a lattice, or of a polynomial in the elementary symmetric functions representing an arbitrary symmetric function (principal theorem on symmetric functions). Any such algorithm respectively, its performance for specified data - yields new observations, giving rise to new conjectures and thus to an improvement of the theory. That is one of the major goals of this book since many of the available numerical invariants of algebraic number fields were already obtained without the use of modern electronic computers. So there is still very little known about algebraic number fields other than abelian extensions of the rational number field. The contents of the book are divided into six chapters. The first chapter serves as a kind of an introduction. Some basic material (e.g. the Euclidean algorithm, quadratic extensions, Gaussian integers) is to stimulate the readers and to make them curious for more systematic theory. The second chapter gives a self-contained account of Galois theory and elementary prerequisites (e.g. a good knowledge of finite field theory). The reader is introduced to E. Galois' idea of studying the algebraic relations between the roots of a given algebraic equation and thus to recognition of the algebraic background generated by the solutions. Eventually, a method of determining the Galois group of an equation is developed. The third chapter contains an independent introduction to those parts of the geometry of numbers which will be used in later chapters. Most of Minkowski's classical theorems are presented, as well as some recent reduction methods. The fourth chapter discusses the problem of embedding an equation order into its maximal order, thereby establishing the arithmetical background of a given equation. An algorithm for the computation of an integral basis of an algebraic number field is included. A local account (using valuation theory and the theory of algebraically ordered fields) of the Hilbert-Dedekind-Krull ideal theory is part of the exposition.

Preface

i)(

The last two chapters deal with the main difference between arithmetics of the rational numbers and of the higher algebraic number fields. Chapter 5 gives a logarithm free proof of Dirichlet's famous unit theorem. It is followed t{y developing several methods (some new ones) for the computation of the roots of unity and of a full system of fundamental units of an order. In chapter 6 the maximal order of an algebraic number field is studied as a Dedekind ring. We then present efficient methods for the computation of the class number and the class group of an algebraic number field. Primarily they are based on a normal presentation of an ideal by two elements and a fast method for solving norm equations, both of them developed only recently. As an Appendix we present several tables with numerical data concerning the calculation of Galois groups, integral bases, unit groups and class groups. Chapters 1-4 are essentially self-contained, using only formal results but no conceptual theory of other chapters. The last two chapters rely on the knowledge of parts of chapters 3 and 4; chapter 6 also on parts of chapter 5. Throughout this book, we only assume that the readers have a proper basic knowledge of algebra. Should they not be familiar with some topic supposed to be known they will certainly find it in the book on algebra by S. Lang to which we refer quite frequently in the early chapters. We have also provided a bibliography for each chapter at the end of the book. We hope to succeed in encouraging some of our readers to engage in enlightened experimentation with numbers and obtain deeper insights into their structure. M. Pohst H. Zassenhaus 1987

ACKNOWLEDGEMENTS

We are much indebted to many students and colleagues for valuable suggestions, criticisms and incentives to do better. In particular we wish to acknowledge the help of D. Shanks, 10hn McKay and 1. Buchmann. We wish to acknowledge the generous support of the production of the manuscript and the research which went into it which we received from the Department of the Ohio State University, the Mathematical Institute of the University of Dusseldorf, the National Science and Engineering Council of Canada and the Centre de Recherches Mathematiques, Universite de Montreal. Our thanks go out to the continued support and interest by the editors of Cambridge University Press, M. Gilchrist and D. Tranah, as well as to the production staff of the Encyclopedia of Mathematics and its Applications. We would also like to acknowledge the help in proof reading we received from U. Schroter, M. Slawik, 1. von Schmettow and essentially by U. Halbritter, and we thank the many secretaries who typed parts of the manuscript. We were constantly encouraged in completing the work by the support and understanding of our wives Christel and Lieselotte.

SYMBOLS USED IN THE TEXT

Symbols used throughout the book are listed in connection with the mathematical terms with which they are associated in the text. Arithmetic bij is Kronecker's symbol; it is one for i = j, zero otherwise; sign (x) is one for x> 0, minus one for x < 0, for x = 0, Ix I = sign (x)x; Lx J denotes the largest integer less than or equal to x; x 1 denotes the smallest integer greater than or equal to x; {x} denotes the integer closest to x, for x + !El': it is either x + t or x - t; alb means that there is an element e satisfying b = ae; alb means that there is no element c satisfying b = ae; pk II b means that pk Iband pk + , I b; gcd denotes the greatest common divisor; Icm denotes the least common multiple; glb denotes the greatest lower bound; a == b mod e means that el(a - b); a = Q(a, b)b + R(a, b) denotes division with remainder in a Euclidean ring; gcd (a, b) = X(a, b)a + Y(a, b)b denotes a presentation of the ged in a Euclidean ring; Re (a), 1m (a) real, respectively imaginary part of aEIC; max {a" ... ,ad denotes aEIR satisfying aE{a" ... , ak } and a ~ aj (1 ~ j ~ k).

°

r

Functions and mappings

r, cp, J1.

denote the Gamma function, Euler cp-function, Mobius J1.-function, res pecti vel y; id = 1 identity mapping, 1 also the identity permutation; ker denotes the kernel of a homomorphic mapping; Dr derivation with respect to the variable t;

xii

Symbols used in the text

N, Tr norm, respectively trace; ind index in finite fields. Groups

6. symmetric group on n letters; 21. subgroup of 6. consisting of all even permutations; m4 the Klein Four Group; HoI the holomorph of a group; )q denotes the semidirect product of two groups; I denotes the wreath product; D 2 • dihedral group on n letters; ord (x) order of the group element x. Matrices I. denotes the n x n unit matrix; with aii = a j (1 ~ i ~ n) and diag (a l , ••• , a.) denotes the n x n matrix (aij). a jj = 0 for i of: j; det (M) determinant of the matrix M; H(M) Hermite normal form of the matrix M; GL(r. £'), SL(r. £') general linear grouP. special linear group of degree r.

"I.i".

Orders !l(A/R) discriminant ideal of the R-order A; !lo(A/R) reduced discriminant ideal; AR(A) arithmetic radical; (fj(A/R) elementary ideals (iE£'''~; 91(A/R) exponent ideal; (A:RA) index ideal; (A:RO) order ideal; Tor (AIR) set of all x of A for which there exists a non-zero divisor AER such that AX = O.

Polynomials d(f) discriminant of the polynomial f; deg (f) degree of f; I (f) denotes the coefficient of the term of f of highest degree; Res (f, g) resultant of the polynomials f. g; p~/o principal polynomial of ~ over Q; M ~/o minimal polynomial of ~ over Q.

Symbols used in the text

xiii

Rings and fields C(R) center of the ring R; O(R) quotient ring of R; J(R) Jacobson radical; NR(R) nilradical; PID principal ideal domain; [A/B] = {xERlxBS A} for subsets A,B of the ring R; ~ R R-isomorphic; inner direct sum (see 1. (3.8)); EEl direct sum; ® R tensor product over R; F = F\{O} for fields F.

+ X

Algebraic number fields F OF

= Cl(l', F) ring of algebraic integers of F;

dF discriminant of F (respectively of OF); fJ{j) jth conjugate of fJ E F; U(R) unit group of the order R of F, U F:= U(OF); TU(R) torsion subgroup (elements of finite order) of U(R); Reg(U(R)) regulator of U(R), Regl' = Reg(U F); I R semigroup of R-fractional ideals of the order R of F; H R group of principal R-fractional ideals; hR class number of R, hF := ho F ; Cl F class group of F; fJ ¢> (1./ fJ E U(R); RA := {fJEoFlfJA S A} for subsets A of OF'

(1. '"

Special sets of numbers N, IP, l' natural numbers, prime numbers, rational integers, respectively; IR, IC rational numbers, real numbers, complex numbers, respectively; IF q finite field of q = pn elements (pE IP, nE N); fF p = l'/pl' = l'/p; l'",m all XEl' subject to x ~ m (analogously l'"m, l'<m, l'>m); [a, b] interval of real numbers x satisfying a ~ x ~ b.

iQ,

Other lSI = #S denotes the number of elements of the set S; II IIdenotes the norm of a vector; S) denotes the generation of a subgroup, subring, etc. by the elements of the set S; lim = lim;

<

' ...... 1

o

t-+ 1

t> 1

marks the end of a proof.

xiv

Symbols used in the text

We refer to a formula or theorem of the same chapter by its number (m.n), where m denotes the number of the corresponding section and n the number within that section. Formulae of different chapters are referred to by also listing the number of that chapter, for example 2 (11.12).

1

Basics of constructive algebraic number theory

1.1. Introduction Algebraic numbers are defined as complex numbers x satisfying an algebraic equation of the form aox· + alx·- I + ... + a. = 0 (nEN;aiE£: (0 ~ i ~ n), ao i= 0).

(l.l)

We are not satisfied merely with the existence of algebraic numbers such as, for instance, the natural numbers 1,2,3, ... (N),

± I, ± 2, ... (£:), numbers 0, ± I, ± 1, ± 2, ± t, ± ~, ± 3, ... (10),

rational integers 0,

rational surds r lt• (rEIO, nE N, n ~ 2);

we also inspect the means of constructing them. For this purpose we employ

algorithms. We shall not endeavour to give a definition of algorithms in terms of mathematical logics. Our algorithms consist of a stated input, a stated output and a finite number of well-defined steps. The input and output will usually be rational integers and quantities (such as fractions, algebraic integers, integral matrices) derived from rational integers by stated rules. The steps are numbered from I to n (nEN). They consist of statements which use the known data (from the input, or already calculated) to obtain new data by unique mathematical rules. The steps are usually carried out one after the other. But there can also be a jump from step i to step k (k i= i + I) depending on the value of some data. The mathematical rules for the computation of new data and for the decision, whether a jump occurs, are fixed throughout the whole algorithm. During the execution of the algorithm a certain step i (1 ~ i ~ n) may be carried out several times, say N(i) times, depending on the input data. However, all numbers N(i) (1 ~ i ~ n) must be finite.

2

Basics

The rational integers occming in the algorithm usually signify what they stand for. Sometimes they denote algebraic numbers, sometimes they signify a decision of questions such as: is this real algebraic number,. positive, zero, or negative? sign (r) = {

I if r > 0 (i.e. r is positive) 0 if r = 0 - I if r < 0 (i.e. r is negative).

(1.2)

As an introductory but very instructive example for an algorithm, we present Euclid's algorithm for rational integers. For a better understanding of algorithms it is useful to present the underlying ideas in advance. The theory of Euclid's algorithm in 1L is easily explained. For two natural numbers a, b with a ~ b there exists a third natural number e subject to be~a,

b(e+ l»a.

(1.3)

Hence, there exists a non-negative integer d such that

a = be + d and

0 ~ d < b.

(1.4)

The process (1.4) is called division with remainder or, simply, long division. The numbers e, d are uniquely determined by a, b. The same procedure for a, bEll instead of a, bE N is a little more complicated. One possibility of generalizing (1.3), (1.4) for arbitrary integers a, b, b"# 0, is to stipulate

a=be+d with

O~d
sign (c)

= sign (a) sign (b)

for e,dElL.

(1.5)

For a number theorist, however, the following generalization is more 'natural' and more useful:

a = be + d and

0

~ Idl ~ I~I

(e,dElL).

(1.6)

It makes the remainder as small as possible in absolute value. On the other hand, IBM chose still another solution for its 360 computer series. Their way of long division for a, b yields e, dEll subject to

a=be+d,

O~ldl
sign (b) = sign (d).

(1.7)

Let us finally remark that there are other computers, such as the CDC Cyber 70 series, without any hardware instruction for integer division. We just pointed out that long division for rational integers is not unique. However, all possibilities have the following properties in common: for given a, bEll, b "# 0, they determine a quotient e = Q(a, b) and a remainder d = R(a, b) satisfying

a= Q(a,b)b + R(a, b)

and

O~IR(a,b)I
(1.8)

If we repeat long division in case R(a, b) "# 0 with b, R(a, b) in place of a, b we obtain a remainder R(b, R(a, b» which is smaller in absolute value than

Introduction

3

R(a, b). Going on we get a sequence of remainders becoming smaller and smaller in absolute value. Hence, this process must come to a halt after finitely many steps, the last remainder being zero. For example, let a l = a, a 2 = b f:. 0, then there are integers kEN, a j E71. (1 ~ j ~ k + 2), q j E71. (2 ~ j ~ k + 1), subject to

(1.9) and (1.10) It is clear that we can specify the aj (2 ~ j ~ k + 1) analogous to (1.5) or (1.6) or (1.7). For each case, however, we obtain

(1.11)

».

i.e.lak+11 is the greatest common divisor of a l and a 2 (gcd(a l ,a 2 Namely, each divisor e of a l and a 2 divides a3 because of(1.9). Inductively we conclude ela k + I. On the other hand, ak+ 1 is a divisor of ak because of(1.9) and ak+2 = 0. Applying (1.9) repeatedly it follows that ak+1 also divides ak-l,ak-2, ... ,a2' a l · Both results together prove Iak+ II = gcd (a I ' a 2)· Sometimes it does not suffice to compute the greatest common divisor c of two integers a, b but one also needs to determine integers x = x(a, b), Y = y(a, b) for its presentation

c = xa

+ yb

(1.12)

by a and b. (Such a presentation exists since 7l. is a principal ideal ring.) This task can be easily incorporated into (1.9), (1.10). At the beginning we have a l = x1a l + y 1a 2, a 2 = X2al + y 2a 2 for XI = Y2 = 1, x 2 = YI = 0. We show that there exists a presentation a j = xja l + y ja 2 at each level i. Namely, after the computation of aj + 2 from a j + l , a j according to (1.9) we obtain a j +2 = aj-qj+ la i + I =(Xi - qi+ IXi+ da l +(Yi-qi+ IYi+ l)a 2

for 1 ~ j ~ k - 1.

Therefore the Xi' Yi satisfy the recurrence relations Xi+2=Xi-qi+IXi+l,

Yi+2=Yi-qi+IYi+1

(l~i~k-l).

(1.13)

With these explanations it is easy to write down the following algorithm. We note that gcd (0,0) = by definition.

°

Euclid's algorithm with presentation of the ged

(1.14)

Input. a, bEll.. Output. c, X = x(a, b), Y = y(a, b)E71., c ~ satisfying gcd(a, b) = c = xa + yb. Step 1. (Initialization). For b = set X +- sign (a), c +- xa, y+-O and terminate. Else set m +- a, n +- b, +- 1, ji +- 0, X +- 0, Y +- 1.

°

°

x

Basics

4

Step 2. (Long division). Compute Q(m. n), R(m, n) according to (1.8). Step 3. (Done?). For R(m,n)=O set c~sign(n)'n, x~sign(n)'x, y~sign(n)'y and terminate. Else set ~ ~ x - Q(m, n)x, Y~ ji - Q(m, n)y and then m~n, n~R(m,n), x~x, ji~ y, x~~, y~ and go to 2.

y

For a detailed discussion of Euclid's algorithm we refer to Knuth [IJ We note that the greatest common divisor of two rational integers a, b is unique by definition if it exists. As already stated algorithm (1.14) comes to halt since each decreasing sequence of non-negative integers becomes constant after finitely many terms. Thus the algorithm actually proves the existence oj the gcd. This observation is one of the guiding principles of our exposition.

Exercises 1. Show by using (1.14): a = bc and gcd(a, b) = 1 ~alc for any a, b, CElL. 2. Show that any rational number r can be presented in precisely one way in the 'reduced form' r = a/b(aelL, belL>o, gcd(a. b) = I). Write an algorithm which transforms r = ii/b(ii. bElL, b ¥- 0) into its reduced form. 3. Let nelL and ajelL (1 ~ i ~ n + I). Show that the greatest common divisor of a l •. · . • an + I satisfies the recursive law (1.15) where gcd(O, ... , 0) = 0 by definition. Use (1.14) to write an algorithm which computes gcd (a l ,···. an + I)' 4. Let neN and ajelL (1 ~ i ~ n + 1). Prove the existence of a relation n+1

gcd(al •... ,an + d =

L xja

;~

j

(xjElL.I ~ i ~ n + I).

(1.16)

1

Use (1.14) to write an algorithm (I ~ i ~ n + 1) satisfying (1.16).

for

determining

Xj

= xj(a l ,···. an + d

1.2. The main task of constructive algebra Diophantine analysis begins with the problem of solving (1.1) by a rational integer. Constructively speaking: find an algorithm deciding, whether (l.l) has a rational integral solution and if the answer is 'yes' to exhibit a solution XEZ. For the calculation of x we now interpret the left-hand side of (l.l) as the 'value' of the polynomial J(t) = aotn + a1t"-1

+ ... + anEZ[t]

(2.1)

for a fixed ring element (in that case x). Then (l.l) is shortly written as

J(x)

=0

(2.2)

and x is called a zero oJJ(t) in that case. For aEZ we computeJ(a) in n steps

The main task of constructive algebra

5

by Horner's method. At step j we assume that we have already calculated Sj = L{~Oaitj-i, and for j < n we proceed to Sj+ 1 via Sj+ 1 = Sj'a + a j + I' Horner's algorithm

(2.3)

Input. Coefficients ao, . .. , an of an nth degree f(t) = L?~Oaitn-i (n ~ l) and a number a. Output. S = f(a). Step 1. (Initialization). Set S +- ao, j +- O. Step 2. (Computation of Sj). Set j +- j + 1, S +- S'a + a j. Step 3. (Done?). In case j = n terminate, else go to 2.

polynomial

We note that the algorfthm remains valid, if a, ao, a l , ••• , an are elements of a commutative ring. In casef(t)EZ[t] Horner's algorithm is very useful in determining all zeros of f(t) in Z. As we saw it suffices to compute f(a) for those aEZ dividing an, i.e. we must check f( ± a) for a Ian> a > O. A fast computation of f( ± a) uses the even and odd part of f(t):

f(t)

= f.(t) +fo(t)

defined by

fe(t)

n

L

=

ai tn - i,

(2.4)

i=O n~

;=Omod2

We recommend it as an excercise to write an algorithm analogous to (2.3) for the computation of f( ± a) using f.(a) and fo(a). Knowing Horner's method an algorithm for the computation of a solution x of (l.l) (if it exists) is immediate. Algorithm Diophant

(2.5)

Input. Coefficients ao, ... ,an off(t) = LI=Oaitn-iEZ[t]. Output. 0 if f(t} has no zero in Z, or aeZ for which f(a) = O. Step 1. (Initialization). For an = 0 set a+-O and terminate. Else set a +-1. Step 2. (Zero found?). Compute Q(a .. a), R(a n, a). For R(a n, a) =/: 0 go to 3. Else calculate f( ± a), f( ± Q(a n, a» by (2.3) and (2.4). If f(x) = 0 for xe { ± a, ± Q(a n, a)} set a +- x and terminate. Step 3. (Increase a). Set a +- a + 1. For a 2 ~ Ian I go to 2, else print 0 and terminate. (Obviously (2.5) is useful only if lanl is small.) In case (l.l) has no rational integral solution the question is, whether one can find a solution in a larger number system. The number system Z formed by the rational integers uses two basic operations: addition and multiplication which are connected by certain basic rules of operation (associativity,

Basics

6

commutativity, distributivity, invertibility of addition), which, taken together, establish the axioms of a commutative ring. We observe that the commutative ring ~ is unital, i.e. it contains a neutral element n with respect to multiplication:

nx = x = xn for all

XE~

is satisfied for n = 1 =I O.

Not every ring is unital, for example the even integers form the ring 2~ which is contained in ~ as a subring (the operations in 2~ are obtained by restricting the operations of ~ to 2~), but 2~ has no neutral element of multiplication. Since number theory is just swarming with such non-unital rings (viz. the proper ideals of orders) we shall retain the distinction made between commutative unital rings and commutative rings contrary to the usage in S. Lang's algebra book. However, every ring R (not necessarily commutative) can be embedded into the unital ring R ~ ~ formed by the couples x ~ A (xER, AE~) with the following rules of operation: x~ A = y~lt=-x

= y, A = It; = y=-x = y, A = 0; X~A = It=-x = 0, A= p; (X~A) + (y~lt) = (x + Y)~(A + It); X~A

(x ~ A)(y ~ p) = (xy + AY + Itx) ~ Ait

(2.6) for all x,YER,A,pE~.

The permanence principle as established by Peacock and his British contemporaries implies that any number system should satisfy the axioms of a commutative ring. In general terms the task of constructive algebra assumes the following form. Let a commutative ring R be given in such a way that for any two of its elements a, b (i) there is a c1earcut answer whether a is equal to b (a = b) or whether a, b are distinct (a =I b); (ii) there are elements a + b, a - b, ab of R explicitly known (viz. sum, difference, product of a, b) such that the axioms of a commutative ring are satisfied. Then we say that the commutative ring R is given constructively. For example, the rational integer ring ~ as introduced in customary high-school mathematics is constructively given. Now let us consider an algebraic equation (1.1) with coefficients ao, a 1 , .. . , an in a commutative ring R. Can it be solved in a commutative overring 1\ of R, i.e. in a commutative ring 1\ containing R such that the operations of 1\ restrict to the given operations on the elements of R?

Overmodules and overrings

7

Moreover, can we give A constructively in terms of R and exhibit a solution x of (1.1) in A? For example, the linear diophantine equation (1.1) for n = I has a solution in 7L only if ao divides a 1 . However, there is always a unique solution in terms of the rational number (2.7)

As a matter of fact, the history of mathematics shows that the desire to solve (1.1) in case n = I has led to the creation of the rational number system II) as quotient ring of 7L: Q = O(7L). (In the sequel we denote the quotient ring of a commutative ring R - relative to the semigroup formed by the non-zero divisors of R - by O(R).) Again the fractional calculus as taught by welltrained math teachers presents a constructive solution of the task.

Exercises I. Develop an algorithm to determine all solutions of (1.1) in 1-. 2. Examine whether the embedding (2.6) of R into REB 1- is constructive.

1.3. On the construction of overmodules and overrings The computation of overrings A of a given ring R involves the discussion of the additive structure of A relative to the multiplicative action of R as well as the multiplicative structure of A.

1. Modules Speaking purely in terms of addition the operation + on A satisfies the module axioms (commutativity, associativity and invertibility of addition) which are the additive version of the axioms of a commutative (abelian) group. We refer to the basic definitions and concepts of module theory as contained in chapter 3 of S. Lang, Algebra, pp. 74-93. Of course the admission of non-unital rings R leads to a slightly more general concept of (left) R-modules M:

M is an additive abelian group together with a left multiplication of Rand M resulting in a mapping (R, M) --> M: (a, x) 1-+ ax satisfying a(x + y) = ax + ay, (a + b)x = ax + bx, (ab)x = a(bx) for all a, bER, x, YEM.

(3.1)

As an example of the more general definition let us mention the null-modules for which every product is defined to be zero. If R is unital and if Ix

=x

for all xEM,

(3.2)

Basics

8

then M is said to be a (left) unital R-module. The last, more special concept is the only one considered by S. Lang. We stipulate that in case R is unital the (left) R-modules considered are unital, too, if not otherwise stated. This convention leaves open the possibility of considering also R-modules over non-unitlll rings in which case there will be no restrictions. Regarding direct sums, the direct sum of a family {MJiel of R-modules (I an index set) can be defined categorically as on p. 79 of S. Lang. From the constructive viewpoint it is more satisfactory to define the direct sum

(3.3)

M=IlMi iel

of the R-module family {MiLel as the set of 'vectors' (xi)/el with 'components' Xi in Mi such that Xi = 0 for almost all i, and the rules of vector calculus (3.4a)

(Xi)iel + (Yi)iel = (Xi + Yi)iel

(3.4b)

are used to define the two basic operations. If the given index set happens to be finite, say, I consists of 1,2, ... , n (neN), then we also write

M = M 1 EB M 2 EB ... EB M no

(3.5)

On the other hand, if one discovers that a given R-module M contains two R-submodules M I' M 2 such that

M = M 1 + M 2'

Min M 2 =

(0)

(3.6)

then there is the R-module isomorphism

oc: M 1 EBM 2 --+M: ml EBm 2 1-+m l +m2'

(3.7)

but of course it is imprecise and confusing to identify M with M 1 EB M 2' Therefore we introduce a new symbol -i- to describe the discovered relation (3.6) briefly as

For example, the module M = 7L/27L EB 7L/27L is a 7L-module of four elements with operation table

n b c d

n b c

d for the elements

n b c d

d c b n

b n d c

c d n b

n=OEBO (neutral element). b=IEBO c=OEBI d=IEBI

Using addition we have a module with n as zero element, using multiplication as operation we have the Klein Four Group with n as unit element. Adopting module language the only submodule of M other than M and {n} and

9

Ovcrmodules and overrings

the two direct summands M I = {n, b}, M 2 = {n, c} is the submodule M 3 ={n,d}. It is easy to see that M=M 1 +M 3, MlnM3={n} so that M = M I -i- M 3' However, M I EB M 3 is a construct which is isomorphic to M but it should not be confused with M. 2. Rings over commutative rings For the rest of this section R always denotes a commutative ring. An R-ring is defined as a ring A which is also an R-module such that scalar multiplication and ring multiplication commute:

2(ab) = (2a)b = a(2b)

for all 2ER, a, bEA.

(3.9)

Examples are the commutative overrings of R, where (3.9) is trivially satisfied. For constructive purposes the R-rings A with a basis (over R) are of importance. They are defined as unital R-rings which - considered as R-modules - have an R-basis B. In other words, the module theoretic structure underlying the ring A is a free R-module. 1BI is called the rank of the free R-module A. The ring structure of A is derived from the basis multiplication table:

bb'=

L Yb,b'.b"b"(b,b'EB'Yb,b',b"ER),

(3.l0a)

b"€8

Yb,b' ,b" = 0 for all but a finite number of b" EB, if b, b' EB are fixed.

(1 lOb)

The associativity of ring multiplication implies the associativity relations

L Ya,b,dYd,c,e = d€8 L Ya,d,eYb,c,d

d€8

(3.l0c)

(a, b, c, eEB).

Conversely, if a set of elements Yb,b',b,,(b, b', b" EB) of R is known for some subset B of A satisfying (3. lOb) and (3.1 Oc), then it can be interpreted as the set of multiplication constants of the R-ring RB formed by the formal linear combinations

L 2(b)b,

(3.l0d)

b€8

where 2:B -+ R is a restricted mapping of B into R (Le. 2(b) = 0 for all but a finite number of bEB) subject to the rules of operations of a free R-module and the multiplication rule

L j1(b')b') = b"e8 L ( b,b'€8 L 2(b)j1(b')Yb,b',b,,)b L 2(b)b)( b'€8 ( b€8

ll

,

(3.l0e)

which is implied by (llOa) and linearity. Thus a very powerful tool for the construction of R-rings is obtained. However, it must be used with care, since the number of associativity relations to be satisfied is equal to the cube of the number of basis elements so that

Basics

10

it becomes impractical to verify them by direct means already for quite small R -dimensions. It is clear that the commutativity of an R-ring with an R-basis is implied by the commutativity of the multiplication of basis elements, i.e. by the commutativity rules Yb'.b".b

=

Yb".b'.b

(3. 1Of)

for the multiplication constants, We shall very frequently consider unital commutative rings I\. containing a given unital commutative ring R such that lR = 1", In such cases we simply speak of a unital overring I\. of R (but see exercise 7 for an example where lR ¥- IA)' 3. Polynomial rings For example, we interpret the polynomial ring R[t] in one variable t over a unital commutative ring R as the R-ring with basis

to = I, t 1 = t, t 2 , ••• , and basis multiplication law t i t k = t i +k (i, kE ll."o),

which corresponds to the multiplication constants Yi.k.m = 0i+k.m

(i, k, mEll."o).

(Here ox.y is the well-known Kronecker symbol which is 1 for x = y and otherwise 0.) Elementary properties of polynomials are explained in S. Lang, chapter V.3. We denote the images of elements of R under the canonical injection I:

R -. R[t]: a 1-+ at O

as the constant polynomials. For a polynomial AER[t] we denote its degree by deg(A) and - in case A¥-O - its leading coefficient by I(A), i.e. I(A) is the coefficient of tdeg(A.), hence I(A) ¥- O. In case of I(A) = 1 the polynomial A is called monic. 4. Long division of polynomials Though the quotient of two polynomials A, BER[t] may not exist in R[t], not even if both A and B are distinct from zero, there is a division with remainder in R[t]. It assumes its simplest form in case B ¥- 0 and I(B) = 1. In that case the following equation holds:

A = Q(A, B)B + R(A, B)

(3.l1a)

in R[t] with Q(A, B) a polynomial of degree deg(A) - deg(B) in case deg(A) ~ deg (B), otherwise Q(A, B) = 0, and with R(A, B) a polynomial of degree less

Overmodules and overrings

11

than deg (B). (This includes the case R(A, B) = 0 since then deg(R(A, B» = - 00 by definition.) R(A, B) being zero is tantamount to the divisibility of A by B: BIA¢>R(A, B) = o.

(3.11 b)

This division with remainder is essentially taught in high-school algebra (see exercise 2). If B "# 0 but B is not monic, then (3.11a) need not be valid since the leading coefficient of B does not necessarily divide the leading coefficient of A or of intermediary remainders. In that case we have a modified division with remainder, called pseudo-division for short: L(A, B)A

where

= Q(A, B)B + R(A, B),

)= {I

L(A, B

for deg(A) < deg(B) I(B)deg(A) -deg(B) + 1 otherwise

(3.12a)

(3.12b)

and deg(R(A, B» < deg(B)

(or R(A, B) = 0).

(3.12c)

Moreover, the quotient Q(A, B) satisfies the following conditions: if deg(L(A, B)A) ~ deg(B), then deg(Q(A, B» = deg(L(A, B)A) - deg(B), but if deg(L(A, B)A) < deg(B), then Q(A, B) = O. For a detailed discussion of pseudodivision we refer to Knuth's book [I]. We just note that the reason for adopting the (deg(A) - deg(B) + l)th power of I(B) lies in the number of degree reductions by 1 which can be necessary to obtain deg (R(A, B» < deg (B). We observe that pseudo-division assumes the previous form (3.11 a) in case B is monic (see exercise 2). Long division or division with remainder of polynomials is used similarly as long division of rational integers in order to bring about a pseudoEuclidean division algorithm which similarly as in section 1 leads to an equation F(A, B) = X(A, B)A

+ Y(A, B)B,

(3.13)

where F(A, B) is a well-determined polynomial which always divides the product of A and some other leading coefficients as well as the product of B and some other leading coefficients, but F(A, B) does not necessarily divide A or B themselves. Only in case R is a field, we can be sure that F(A, B) is a common divisor of A, B and then (3.13) tells us that F(A, B) is even a greatest common divisor. 5. Specializations Let R be a unital commutative ring. The R-homomorphisms
12

Basics

since for any ring homomorphism,

:R[t]-+A subject to (t)=x,(r)=r for all rER,

(3. 14a)

we have

(3. 14b) See Horner's algorithm (2.3) for the evaluation of a polynomial I at x. It provides the 'value' I(x) of IER[t] at x. If I specializes to 0 at x, but I itself is not zero, then x is said to be a root or zero of I in A. The equation

I(x) = 0

(3.15a)

R(f, t - x)(x) = 0 (to be computed in A[t])

(3.15b)

is tantamount to the statement

for any x of A, which implies

I(x) = R(f, t - x)(x).

(3.l5c)

Taking for granted a knowledge of elementary properties of ideals and kernels (as expounded in S. Lang, Algebra, for example), the kernel of the specialization A[t] -+A:tI-+x is the principal ideal of A[t] generated by t - x. It consists of 0 and of all polynomials with root x. Its factor ring is represented by A. The factorring of R [t] modulo the principal ideal I R[t] generated by a non-constant monic polynomial I has an R-basis formed by the deg(f) residue classes

IIf, tlf, ... , (tl f)deg(f)- 1,

(3.16)

where we denote by All the residue class of R[t] modulo the principal ideal IR[t] which is represented by AER[t]. The polynomials of degree less than deg(f) may be taken as a representative system for R[t]IIR[t] in case of I being monic and non-constant. We will use this construction in later sections frequently.

Exercises 1. Write an algorithm for the mUltiplication of two polynomials of l[t]. 2. Write an algorithm for the pseudo-division of polynomials over a unital commutative ring R. Specialize it to the case where the divisor polynomial is monic. 3. Using exercise 2, transfer algorithm (1.14) to the case of polynomial rings with pseudo-division, i.e. develop an algorithm for determining F(A, B), X(A, B), Y(A, B) of (3.13) for any two polynomials A, B of- 0 of R[t], R a unital commutative ring. Test the algorithm for A(t) = 2t 4 + 5t 3 + 6t 2 + 8t + 10, B(t) = 4t 2 + 6t + 3 and

R = l, l/2l, l/8l, l/12l.

The ring of an equation

13

4. Prove that polynomial rings are functorial in the following sense: Let R, A be unital commutative rings and 4>:R -> A a ring homomorphism. Then 4> extends uniquely to a homomorphism 4J: R[I] -> A[I] such that 4JIR = 4>, 4J(I) = /. Moreover, for any non-constant polynomial f(t)E R [I] there is a unique homomorphism 4>/R[t]/fR[t] ->A[t]/4JU)A[t] satisfying 4>f(t/f) = t/4J(f). 5. Let A be a unital overring of R with R-basis B. Let M be a A-module with A-basis B'. Prove that BB':= {bb'lbEB,b'EB'} is an R-basis of M considered as an R-module. (This is the so-called degree Iheorem.) 6. Let R be a unital commutative ring. (a) Let R[t;] be the polynomial ring in ti over Rand R[I;] [Ij] the polynomial ring in Ij over R[I;] (i,j= 1,2, ... ,11, i#j;IIEN). Show that there is precisely one (standard) isomorphism of R[t;] [Ij] on R[l j ] [I;] fixing R c1ementwise and mapping ti on Ii' Ij on Ij . (Write R[t i , tj] or R[tj , t;].) (b) Similarly for R[I;][lj,l k ] and R[li,tj][l k ]. Write R[li,lj,l k ]. (c) Interpret the meaning of R[I.,lz, ... ,l n ] = R [I •• ,I.z, ... ,I.n ] where n is any permutation of 1,2, ... , II. (This is the polynomial ringin II variables t. , I z, . .. , tn over R.) 7. Let R be a unital commutative ring. Construct a unital commutative overring A of R such that 1/\# 1R. Show that it contains a divisor of zero.

1.4. The ring of an equation We now consider equation (1.1) over a unital commutative ring R (instead of £'). It implies the equation (4. t a) upon multiplication by a~ - 1. In case ao is not a zero divisor, any solution y of the equation

(4.1 b) in R with coefficients (4.1 c) leads to the solution (4.1 d) in .Q(R). Equation (4.1 b) is of the same type as (1.1) but with leading coefficient 1, it is said to be a monic equation. In case of R = £' any rational solution is of the form

(4.2a)

Basics

14

which leads to the equation

an+blan-Ib+··.+bnbn=o,

(4.2b)

implying bla" and hence because of (4.2a) bla, i.e. b = 1 and YEZ. It suffices to look for the integral solutions Y of (4.1 b) which - as we know - are among the finitely many divisors of bn. They yield all rational solutions of (1.1) in the form (4.ld). Thus we are led to narrow down the discussion of algebraic equations (1.1) to the monic case. Hence, in the sequel we assume

ao = 1.

(4.3)

In section 3 we saw that any solution of (1.1) in any commutative overring A of R is a root of the corresponding monic polynomial (4.4)

A commutative overring A of R in which f has a root may be called a solution ring of (1.1). An example for a solution ring is the ring of residue classes of R[t] modulo the principal ideal f R[t] defined at the end of the previous section. The ring R[t]/ f R[t] has the following three properties: (a) It is a unital overring of R. (b) It is generated by R and the root x = t/ f of f. (Indeed, the elements I, x, ... ,x"-1 form an R-basis of R[t]/fR[t].) (c) For any solution ring A of (1.1) and any root y of f in A there is a ring homomorphism cfJ: R[t]IfR[t] ~A:

Xf-+

y.

A ring with these three properties may be said to be the ring of the equation (1.1) (in the sense of category theory) from which all other solution rings are derived by means of homomorphisms. Obviously, it is uniquely determined up to R-isomorphisms. Exercise 4 of section 3 shows the functorial property of the construction. In particular, we always view the construction of the equation ring R[t]/ f R[t] on the algebraic background provided by the equation ring O(R)[t]/ fO(R)[t] of f over the quotient ring O(R) of R. We see that the natural embedding of R in O(R) is extended to an embedding of R[t] into O(R)[t] which is compatible with residue class formation modulof so that the residue class x represented by t provides a basis over R, O(R), respectively, consisting of the first deg (f) powers of x: 1, x, .. . , xdeg(f)- I.

Exercises 1. Let R be a unital commutative ring and f(t) = aot" + a1t n- 1 + ...

+ anER[t]

The Gaussian integer ring .l'[i]

15

be non-constant. Show that the natural homomorphism R --+ R[I]/f R[t] :AI-d/f is a monomorphism, if and only if the coefficients of f satisfy the following condition: If aoz = 0 for zER, then also aiz = 0 (I ~ i ~ n). Give an example of a ring R and a polynomial fER [I] where these conditions are not satisfied.

1.5. The Gaussian integer ring d:'[i] l. Introduction

C.F. Gauss defined the integers bearing his name as the complex numbers of the form a+bi

(a,bEZ).

(5.la)

It is easily seen that they form a unital commutative entire ring by using the most elementary properties of complex numbers. The additive structure is also easily analyzed, the Gaussian integers form a free Z-module of rank 2 with basis elements I, i. Hence, the multiplicative structure can be obtained from the multiplication table

~. : I : -:

(5.1 b)

However, if we don't want to use our knowledge of complex numbers, we can use the results of the preceding section. We have already learnt the 'principle behind the thing'; The Gaussian integer ring is the equation ring over Z of

x 2 + 1 = 0,

(5.2a)

with basis elements

1:= 1/(t 2 + I),

i:= 1/(t 2

+ \)

(5.2b)

of Z[t]/(t 2 + I)Z[t]. This information should suffice to derive the elementary properties of the Gaussian integer ring intrinsically. (As a matter of fact C.F. Gauss found the sign determination of certain Gaussian sums which are contained in a ring of complex numbers - similarly constructed as the Gaussian integers - to be a problem with which he could not deal intrinsically but only by means of complex analysis.) It will appear that the study of the algebraic background and the arithmetic of the Gaussian integer ring provides an instructive model for the study of equation rings, in particular of those corresponding to monic quadratic equations x 2 +a 1x+a2=0 over Z (or over unital commutative rings of characteristic #2).

(5.3)

Basics

16

2. Algebraic background of the Gaussian integers We embed the Gaussian integer ring into the ring R:= I!) [t]/(t 2 + 1)I!)[t] with basis 1, i over I!) and multiplication table (5.1 b). We observe that the factorization (5.4)

holds, which implies that - i is another solution of (5.2a). It is clear that also I, - i form a basis of Rover I!). In other words, the mapping

a: R -+ R:

II

+ bif--. a - bi (a, bEl!))

(5.5)

is bijective and preserves both addition and multiplication, it is an automorphism of the ring R. It is obvious that a is just the restriction of complex conjugation to I!) + I!)i. But from the constructive viewpoint it is important to verify this directly. Because of a 2 = id R (the identity mapping of R) and a =F id R the automorphism a is of order 2, it is involutory. It is clear that the elements of R which are invariant under a (fixed by a) are the elements of I!). This implies that any algebraic expression using only arguments of the form ~, a(~) (~ER) in a symmetric way with rational coefficients must be rational. For example, for ~ = a + biER

= ~ + a(~) = 2a ('trace of 0, N(~) = ~'a(~) = a 2 + b2 ('norm of 0

Tr(~)

(5.6a) (5.6b)

are both rational. (They correspond to twice the real part and the square of the absolute value of ~ viewed as a complex number.) Trace and norm have the following properties which are easily verified. The trace is linear:

Tr(~ + '1) = TrW + Tr(IJ) for all ~, IJ ER ,} Tr(a~) = aTr(~) for all ~ER, aEI!).

(5.7a)

The norm is multiplicative: N(~IJ) = N(~)N(IJ) for all ~, IJER; (5.7b) and homogeneous: N(a) = a2 and N(a~) = a2N(~) for all ~ER, aEI!). (5.7c) Actually, the equation ring R is a field. That follows from the fact that (t2 + 1)I!)[t] is a maximal ideal in I!)[t] because of the irreducibility of t 2 + 1. But we can also obtain this result intrinsically by noting that for ~ER, ~ =F 0, we obtain (5.8)

In the sequel we write I!)(i) instead of R indicating that it is the quotient ring of the subring generated by I!) and i. Similarly, we write .£'[i] for the Gaussian integers.£' + lLi. Hence, I!)(i) = Q(.£'[i]).

17

The Gaussian integer ring 1'[i]

Because of(5.6a), (5.6b) any element eEQ(i) satisfies the quadratic equation e2

-

Tr(e)e + N(e) = 0

(5.9a)

over Q, the corresponding monic polynomial P~/Q(t) = t 2

-

Tr(e)t

+ NmEQ[t]

(5.9b)

is said to be the characteristic polynomial of e over Q. Over Q(i) it factors into linear factors ('splits') as follows: (5.9c)

If eEQ(i) is the root of any monic polynomial f(t)EQ[t], then the application of the automorphism a to the equation fm = 0 implies f(a(m = O. Because of f = (t - e)Q(f, t - e) we obtain Q(f, t - e)(a(m = 0 in case of e '" aW. Hence, in that case f is divisible by P~/O' In other words, for eEQ(i)\Q the polynomial P~/Q is the monic polynomial of lowest degree over Q which has e as a root. It is therefore said to be the minimal polynomial of e over Q and the equation (5.9a) is called the minimal equation of e over Q. We denote the minimal polynomial by M~/Q: (5.10)

If, however, e is rational, then its minimal polynomial is M~/o(t) = t - e, and we have P~/Q = Mf,o, In that case the minimal equation is simply = O. We conclude this discussion by showing that the identity and a are the only automorphisms of Q(i).

e- e

Proposition The automorphism group of Q(i) consists of idQ(i) and a.

(5.11 )

Proof Any automorphism f3 of Q(i) must satisfy f3(I) = I, hence f3(n) = n for all nE N. Furthermore we conclude f3( - n) = - n and finally f3(p/q) = p/q for all p, qE~, q '" O. Applying f3 to the equation i 2 = - 1 we obtain f3(i)2 = - 1 and therefore f3(i) = ± i. Thus either f3 = idQ(il or f3 = a. D We note that proposition (5.11) does not merely follow from the 2dimensionality of Q(i) over Q, as exercise 1 shows. 3. Algebraic background of the 8th roots of unity The algebraic background of the Gaussian integers shows a group theoretic feature which is revealed in even greater detail in the equation ring of the polynomial t 4 + 1E~[t]. It has four basis elements 1:= 1/(t 4 + 1),

(8 = t/(t 4 + 1),

i:=t 2/(t 4 +1),

over ~ with multiplication table

i(8=t 3 /(t 4 +1) (5.12a)

18

Basics

i(8

(8

(S i i(s

(S i i(s

i i(s -I -(S

(S i i(S -I

i(S - 1 -(s -i

(5.12b)

(g

We observe that (~= - 1, = I, hence (s is a primitive 8th root of unity. The quotient ring ,Q(£'[(s]) = O((s) has the same four basis elements. It is easily seen that the O-linear mappings

id R : (~M(~, (1: (~M(~j,

p: (~M(~j, T: ('M(~j,

}

(0 ~j ~ 7)

(5.13a)

form automorphisms with the multiplication behavior of Klein's Four Group: (5.13b)

id R

id R

P

P

P id R

(J

(J

T

T

T

(1

(1

T

T

id R

(1 P

P

id R

The only elements of R = O((s) which are fixed by all four automorphisms are the rational numbers. The only elements of R which are fixed by (1 are the O-linear combinations of I, i. They form the subfield O(i) isomorphic to the quotient ring of the Gaussian integers. As a matter of fact we may look at O((s) as a O(i)-ring with basis I, (s and multiplication table

1 (s

1 (s

Thus we can form the relative norm of

(5.14a)

(s ~

= x

+ (sY (x, YEO(i)):

NO(C8)/O(i)(~):= ~(1(~) = x 2 - iy2EO(i).

(5.14b)

The relative norm is multiplicative and homogeneous of degree 2: NO(C8)/O(i)(~rO = NO(C8)/O(i)(~)· N O(C8)/o(i)(11),

(5.14c)

NO((8)/O(i)(a~) = a2No(C8)fO(i~)

(5.14d)

for all ~, l1EO((s), aEO(i).

The relative norm vanishes only trivially. Namely, NO((8)/O(i)(~) = 0 implies ~ = 0 or (X/y)2 = i. In the latter case we obtain x/y = a + ibEO(i) and (a 2 - b2 ) + i2ab = i. But then a = ± b (a, bEO!) yielding ± 2a 2 = 1 which is impossible over 0. As above we conclude that every non-zero element ofO((s) has the inverse

C

1

=(NO(C8)/O(i)(m-l(1(~).

(5.15)

19

The Gaussian integer ring &,[i]

Therefore 0((8) is a field which we knew already from t 4 + I being irreducible in O[tl Next we consider the automorphism group of O((s). Any automorphism w of O((s) fixes 0. Application of w to i 2 + 1 = 0 yields w(i) = ± i and to (~- i = 0 yields w((s) = (~ (jE{1, 3, 5, 7}). Hence, id R , p, a" are the only automorphisms of R = O((s). We determine the fixed field for each automorphism. For ~=ao+at(s+a2i+a3i(s (ajEO,O~j~3) the condition p(~) = ~ is equivalent to at = a3' a 2 = o. Therefore ~ must be of the form ~ = ao + at (i + lKs. We observe that ((i + lKs)2 = - 2 and so we may write (i + lKs = (- 2)1-. Hence, the fixed field of p is 0(( - 2)1-). Similarly, we see that the fixed field of, is 0(21-) (see exercise 2). These considerations lead to the Hasse diagram for the subfields of O((s) which is in I-I-correspondence with the diagram of subgroups of the KleinFour Group:

In both diagrams the connection of two items means inclusion. In the field diagram the larger field is marked higher; for the groups it is obviously the opposite. The connection of both diagrams is explained by the principle of Galois correspondence: to each subgroup in the subgroup diagram there corresponds that field of the Hasse diagram which is fixed under this subgroup; and to every subfield F of the Hasse diagram there corresponds that subgroup of Aut (O((s» which is the relative automorphism group of O((s) over F. Can there be subfields F of 0((8) which are not contained in the Hasse diagram above? By exercise 5 of section 3 the field O((s) would have two basis elements over F, e.g. 1, (s. Hence, there would be a monic irreducible polynomial f(t) = t 2 + at + bEF[t] satisfying f((s) = o. This implies gcd(f(t), t 4 + l) = f(t) in F[t] and thereforef(t) = (t - (s)(t (jE{3, 5, 7}). But then F is already one of the subfields O(i), 0(21-), 0(( - 2)1-) of the Hasse diagram. The constructive realization of the Galois correspondence is obtained by means of a normal basis of O((s) over 0, i.e. of a basis consisting of the images ('conjugates') of one element of O((s) under Aut (O((s». The conjugates of (s itself are (s = idR((s), (~ = i(s = p((s), = - (s = a((s), (~ = - i(s = ,((s)· Obviously they do not form a O-basis. But the conjugates of

m

n

Basics

20

, = 1 + (s +

= 1 + i + (s are (id:= (= 1 + (s + n, (,,:= a(O = 1 + i - (s,

(~

(S.17a)

and they form a normal Q-basis. Suppose now, a subgroup S of G = Aut (Q((s)) is given and we want to find out which elements of Q((s) are fixed by S; is necessarily of the form

e

e

~

=

L A.(g)e

g

(S.17b)

(),(g)EQ),

gEG

e

and we wish to solve w(~) = for every WES. But for a normal basis we have w((g) = 'Wg for all gEG and we obtain

wW = L A.(g)~Wg·

(S.l7c)

gEG

e

To satisfy wW = the mapping A. must be constant on each S-right coset of G. This remark gave C.F. Gauss the idea to form the sums LWESe W9j over the right cosets (S.17d) of G modulo S represented by gl, ... ,g,. They are called the Gauss periods belonging to the normal basis (g (gEG) and the subgroup S of G. The Gauss periods form a standard basis for the fixed field of S over the field Q. In our case we obtain 2 + 2i, 2 - 2i for Q(i), 2 + ( - 2)!, 2 - ( - 2)1 for Q(( - 2)1) 2 + 2t , 2 - 2t for Q(2t), 1+ i + (s, 1 - i +

n, I + i + (~, I -

i + (~

} (S.17e) for Q((s) (see exercise 3).

4. Arithmetic of the Gaussian integers The concept of divisibility in Z[i] will be familiar to the reader. For~, l1EZ[i], ~ =1= 0, we say (S.18) To verify the simple rules of divisibility is left as exercise 4. More important is the equivalence relation on Z[i]\{O}:

e is equivalent to 11 ('e '" l1'):=-ell1

A

111e.

(S.19)

We note that in entire rings R we also say e is associate to 11 if e/l1 and 11/~ are in R. It is clear that for ~ '" 11 the quotient ~111 is a unit of R. We shall denote the unit group of R by U(R).

Proposition

U(Z[i]) =

{± 1, ± i} = {imlm =

(S.20) 0, 1,2, 3}.

The Gaussian integer ring Z[i]

21

Proof

If (is in U(R), then it has a multiplicative inverse, say f But then 1= N(I) = N((,) = N(()N(,) and N(() = I because of(5.7c). On the other hand, (= a ib (a, bEZ) and N(() = I is equivalent to a 2 + b 2 = I with a = ± I, b = 0 and a = 0, b = ± I as only solutions. That ± I, ± i are in U(Z[i]) is obvious.

+

o Is there some kind of long division in Z[i]? We shall prove that the Gaussian integers are a Euclidean ring R, i.e. a unital commutative entire ring with a height function E:R\{O} -+ N such that for a, bER, b # 0, there always exist c, dER subject to a = bc + d and either d = 0 or E(d) < E(b). It is clear that this assumption suffices to establish a Euclidean algorithm in R which determines gcd (a, b) in at most E(b) steps. An appropriate function E for Z[i] is the norm function.

Proposition

(5.21)

Z[i] is a Euclidean ring using the norm as height function.

Proof Let a, fJEZ[i], fJ # O. We must determine y, <5EZ[i], viz. y = Q(a, fJ), <5 such that a = yfJ

(This also covers the case <5

+ <5, N(<5) < N(fJ).

= O!) (5.2Ia) is

= R(a, fJ), (5.2Ia)

obviously equivalent to (5.21b)

+ is (r,sEQ), y = c + id (C,dEZ) and (5.2Ib) becomes (5.21c) a = yfJ + <5, (r - C)2 + (s - d)2 < 1. But this is always solvable via c = {r}, d = {s}( {r}, {s} denoting the closest

But alfJ = r

integers to r, s). Since (5.2Ia)-(5.2Ic) are equivalent the proposition is 0 proved. It is easy to see that a Euclidean ring R is a principal ideal ring (two generators of an ideal can be substituted by their gcd and because of the height function this can happen only a finite number of times, otherwise, the ideal would be R = I R itself). Principal ideal rings are factorial or unique factorization rings (see chapter 2, section 4 in S. Lang's book). Hence, every element of Z[i] is uniquely presentable as the product of a unit and finitely many prime elements of Z[i]. For the prime elements of Z[i] see exercise 6 and - in a more general context chapter 6 section 2. 5. The maximal order property of Z[i] Any eEQ(i) is presentable as

22

Basics

~

ex

= 7i (ex, PEl' [i], P# 0, gcd (ex, f1) = I).

(S.22)

This presentation is unique up to equivalence. Analogously as in the beginning of section 4 it is shown that any root of a monic polynomial of l'[t] in I/)(i) is already in l'[i] (see exercise S). In particular the elements of l'[i] are characterized among the elements of I/)(i) by the property that they occur as roots of monic polynomials of l'[t] in I/)(i). Such numbers are called algebraic integers.

Proposition

(S.23)

l'[i] consists exactly of the algebraic integers of I/) (i) = O(l'[i]). The Gaussian integers form a unital subring R of I/)(i) with the two properties O(R)

= I/)(i),

(S.24a)

R is a finitely generated l'-module.

(S.24b)

Such rings are called orders. We shall characterize the orders of I/)(i). Obviously the distinct subrings

l'[ki]:= l'

-i- kl'i

(kE N)

(S.2S)

satisfy (S.24a), (S.24b). We want to show that they are the only orders of I/)(i). Any order R of l'[i] must contain l' and some element ex = a + biEl'[i] with b # O. Let exoER such that its imaginary part is as small as possible in absolute value, say ex o = ao + boi, bo > 0 wlog. Then R also contains the element boi. For arbitrary exER, ex = a + bi, also ex - a - {b/b o} boi is in R implying that b is a rational integral multiple of bo because of the minimality of bo in R. Hence, R = l'[b oiJ. In general the additive group R + of R is a finitely generated abelian group with 0 as its only element of finite order (torsion element). By the basis theorem for abelian groups there is a finite l'-basis of R, say b l , ..• , b.. It also serves as I/)-basis of O(R), hence n = 2 in our case. There must hold equations

bvb j

= L" mlJ)b j (mlJ)El', 1 ~ i, I' ~ n).

(S.26)

j= 1

In our case, bv satisfies the Hamilton--Cayley equation (b; + alb v + a2 )b j = 0 (i = 1,2) with coefficients a 1 = - m\VI - m~v1, a 2 = m\VI m~v1 - m\V1m~1 in 1'. Therefore b; + a I bv + a 2 = 0 and bv is an algebraic integer of I/)(i) (I' = 1,2). Hence, R is contained in 1'(;] and therefore has the form (S.2S). We note that the Gaussian integer ring is maximal among the orders of I/) (i). It is therefore called the maximal orde,. of I/)(i).

Factorial monoids and divisor cascades

23

Exercises I. Let F be a field of characteristic zero. The Study numbers are the algcbra with basis elements I, I: and multiplication table

:t:t I

l I

F-

I:

e

F-

0

over F. Show that it is unital, commutative and associative and exhibits the infinitely many automorphisms of the Study numbers over the field of reference F. 2. Show that the fixed field of the automorphism r of 0((8) is 0(2 t ) where 2t =(i -1)(8' 3. Compute the Gauss periods (5.17e). 4. Verify the following simple properties of divisibility in 1:[i]: (i) (ii) (iii) (iv) (v)

~I~, ~1'1

and '11(=>m,

~1'1=>~I'1(,

~1'1 and 1:1(=>~I:I'1" ~1'1 and ~1(=>~I('1+()(~,"'1,F-E1:[i]).

5. Prove proposition (5.23). Which properties of 1:[i] are essential for the proof? 6. (a) Let n be a prime element of1:[i). Show that there exists a rational prime number P which is divisible by n. Any prime number PEP is divisible by at most two prime elements of 1:[i). (b) Let PEP be an odd prime number. Show by group theoretical arguments that - I is a square in 1:/p1: if and only if P == I mod 4. (c) For prime numbers PEP show that the following decomposition law holds:

P- {

n2

for P = 2

n nn'

for p == 3 mod 4, for p == I mod 4

where n is a prime element of 1:[i] depending on p and n' = a(n). (d) Determine the decomposition ofthe first ten prime numbers into prime elements of l[i).

1.6. Factorial monoids and divisor cascades The rational integer ring, the Gaussian integer ring, and polynomial rings in one variable over a field are examples of principal entire rings. We observe that the property of unique factorization into irreducible elements of a principal entire ring R essentially depends on the monoid M = R x formed by the non-zero elements of R under multiplication. Clearly, the notions of units, equivalence of two elements (notation: a'" b, see (5.19)), irreducible elements, divisibility (a Ib), and unique factorization into

24

Basics

irreducible elements can be transfered to arbitrary commutative monoids M; exercises I and 2 show that the usual properties of divisibility hold there, too. A commutative monoid M is said to be factorial if every non-zero element of M has a unique factorization into irreducible elements. Two elements a, b of a factorial monoid M are called associate if alb and bla (i.e. a'" b). (We note that we have to assume that the set of irreducible elements of M does not contain associate elements, otherwise all factorizations into irreducible elements are unique up to equivalence only.) Using the same arguments as S. Lang in his book, chapter II, section 4, we conclude that a (commutative) monoid M is factorial if and only if

every properly ascending chain aiM c a2M c ···(aiEM, iEN) isfinite, (6.1a) and

for every irreducible element pEM which divides ab (a,bEM) either pia or plb. (6.1b) In the sequel let M be a factorial monoid. Arithmetic in M can be done via the unique presentation of non-zero elements aEM in the form

n Pi r

a= u

(UE V (M), rEll. ~ 0, PiE M irreducible (l ~ i ~ r».

(6.2)

i= I

(See also exercises 1,2.) However, it is usually difficult to obtain such a factorization, even in the case M = N. We shall therefore develop a kind of substitute for (6.2). Let S be a finite subset of M. A (finite!) subset B(S) of M is called a basis of S if any aES has a unique presentation

a=u

nb

mb

(mbEll."o,UEU(M».

(6.3)

bEB(S)

For example, all irreducible elements of M dividing at least one aES form a basis B(S). But in general we can obtain a basis which consists of less elements and is easier to determine than by factorizing all aES into irreducible elements. As an example let M = Nand S = {14 700, 5040}, then B(S) = {l2, 35} will do as we shall see below. The instrument for computing 'nice' bases are divisor cascades, by which we derive from S a set c5(S) which is closed under division and gcd-formation.

Definition (6.4) Let S be a non-empty finite subset of a factorial monoid M and O¢S. Then a divisor cascade c5(S) of S is a smallest subset of M with the properties: (i) S ~ c5(S), 1Ec5(S); (ii) If a, bEc5(S), then c5(S) also contains an element c, c '" gcd(a, b).

(iii) If a, bEc5(S) and alb, then c5(S) contains an element c '" b/a.

Factorial monoids and divisor cascades

25

It is clear that a basis B(S) of S is obtained from those elements of b(S) which are not in U(M) and are not divisible by any other YEb(S), Y ~ b, yE U(M). Any xEb(S) then has a presentation (6.3).

Example (6.5) Let M = Nand S = {l4 700, 5040}. In accordance with (6.4) we compute gcd(14700, 5040) = 420, 14700/420 = 35, 5040/420 = 12, 14700/12 = 1225, 5040/35 = 144 yielding b(S) = {l4 700, 5040, 420, 35, 12, 1225, 144, l}. The following diagram needs no further explanation: 14700

5040

/~/~ 420 144 ~/~/ 35 12

1225

~I/

Indeed, we have B(S) = {12, 35} = B(b(S)). Hence, a basis for a finite subset of M can be computed just by forming quotients and gcds but without any factorization into irreducible elements. In the sequel we assume that we can calculate gcds. In praxis M would have to be a subset of a Euclidean ring for this purpose. We note that for computing b(S) associate elements of S should be eliminated.

Algorithm for computation of a divisor cascade

(6.6)

Input. Let S={Sl"",Sr} (rEN) a subset of a factorial monoid not containing O. Output: b(S). Step l. (Eliminate associate elements and units.) Set k..-- 1, t k ..-- I, b(S)..-- {t d. For i = I , ... ,r: check whether Sj is associated to one of the elements of b(S); if this is not the case set k..-- k + 1, t k ..-- Sj, b(S)..-- b(S) u {td. If b(S) ~ 2, go to 8. Step 2. (Initialization). Set A..-- {(i,j)12 ~ j <j ~ k}, B..-- A. Step 3. (Choose elements for division). For A = 0 go to 7. Else choose (i,j)EA and set A..--A\{(i,j)}. Step 4. (sjlsj?). For SASj go to 6, else set s..--sdsj. Step 5. (s associated to an element of b(S)?). If S is associated to an element of b(S) go to 3. Else set k..--k+ I, tk..--s, b(S)..--b(S)u{td, A..--Au{(i,k)12~i
26

Basics

Step 6. (sdsj?). For sJSj go to 3. Else set S~Sj/Si and go to 5. Step 7. (Choose elements for gcd). For B i= 0 go to 8. Else choose (i,j)EB and set B~B\{(i,j)}, s~gcd(si,sJ and go to 5. Step 8. (Done). Set J(S) ~ J(S) u S and terminate. We leave it as excercise 3 to the reader to extend (6.6) such that also B(J(S» is in the output. If the monoid M consists of polynomials over a factorial ring R then we have additionally the option to factor out squares. For f(t) = L:?=o aitn-iER[t] the derivation offis defined as n-I

D,(f) = f'(t) =

L ai(n -

i)t n -

I -i.

(6.7)

i=O

The derivation has the usual properties known from calculus. Especially, for

f(t) = g2(t)h(t) in R[t] we obtain f'(t)

= 2g(t)h(t)g'(t) + h'(t)g2(t),

(6.8a)

hence

g Igcd (f ,f')

(6.8b)

in the sense of pseudo-division. On the other hand, if gcd (f,f') is a polynomial of positive degree in R[t], say get), then g21f (see exercise 4). Therefore, we can use the derivation of a polynomial to exhibit square factors. With respect to divisor cascading we can therefore add a fourth condition to (6.4), namely:

for XEM, x¢U(M), and x 2la, aEJ(S), then J(S) contains an element b such that x Ib, x 2 b.

r

(6.9)

Finally, let M be a subset of a perfect field F with X(F) = p > O. (In case X(F) = P > 0 this means FP = F, for X(F) = 0 it implies no restriction.) In that case we can also extract pth roots from polynomials. Namely,

iff is a non-constant polynomial with derivative zero, then f(t) = gW)·

(6.10)

It is clear how to change (6.6) to obtain J(S) including (6.9), (6.10). We just give an illustration.

Example Let M = Z/2Z[t], S = {sd, Sl = + + Then the computation of J(S) goes as follows:

t6

S2

S3

tS

t3

(6.11) 2 2 2 + t ( = t (t + 1)2(t + t + 1».

t4 + t 2 , 2 = t + t (S3(t 2) = S2(t»,

= S'l =

S4 =

t

4

+ t + 1 =SlS2

27

Factorial monoids and divisor cascades

implying

Exercises 1. Let M be a commutative monoid and a, b, c, dEM. Prove: (i) alb and a - c, h - d implies cld. (ii) alb and cld implies aclbd. 2. Let M be a factorial monoid and X a non-empty subset of M. Then XEM is called a common divisor of X, if x divides all elements of X. An element YEM is called a common multiple of X, if every aEX divides y. A greatest common divisor (gcd) of X is a common divisor which is divisible by all other common divisors of X. A least common multiple (fern) of X is a common multiple which divides all other common multiples of X. Prove:

x

(i) If x, are two greatest common divisors of X, then they are associate. (The same for least common multiples.) Hence, gcd (X), lcm (X) (if it exists) are unique up to equivalence. (ii) Let P be a set of non equivalent irreducible elements of M such that XEX has a presentation x =

Ux

n pV(x.

P)

(uxEU(M), v(x, p)EZ;'o).

PEP

Then

gcd(X) -

npmin\v(,.pllxEXI, Icm(X) - npmax\,(x.pllxExl peP

(if it exists).

peP

3. Modify algorithm (6.6) such that the output also contains a basis 8(S) with a minimal number of elements. 4. Let R be a factorial ring andf(t)ER[t]. Prove: If h(t):= gcd(f,f') is non-constant, then (h(t»2If(t) in the sense of pseudo-division. 5. Compute O(S) and 8(S) for (i) S={17640,3366,3534, 1254, 7158} in~, (ii) S = {t 5 + t 4

Zj3Z[t].

+ 5t 3 + 2t 2, t4 + 7t 3 + 15t 2 + 9t, t 4 + 6t 3 + IIt 2 + 6t} in Z[t], Zj2Z[t],

2 The group of an equation

2.1. Splitting rings 1. Introduction E. Galois pronounced the following theorem: Soit une equation donnee, dont a, b, c, ... sont les m racines. II y aura toujours un groupe de permutations des lett res a, b, c, ... qui jouira de la propriete suivante: 1 que toute fonction des racines, invariables par les substitutions de ce groupe, soit rationellement connue; 2° reciproquement, que toute fonction des racines, determinable rationellement, soit invariable par ces substitutions. 0

in his Memoire sur les conditions de resolubilite des equations par radicaux (1-16-1831) [4]. E. Galois studied systematically the algebraic relations between the roots of an algebraic equation

aox" + a 1 x" - 1 + ... + all = 0 } (nE£:>o; aiER,O~i~n, ao#O)

(1.1 )

over unital commutative rings R which most of the time he considered to be subfields of the complex number field for his purpose. Not always, however, since Galois also established finite fields (Galois fields) on the basis of Gauss' earlier work. As was known previously already they are tied together by the factorization II

f(t)

= ao Il (t -

Xi)

(1.2)

i= 1

of the polynomial (1.3)

over a field (domain of rationality = 'determinable rationellement') into

The group or an equation

30

the product of the leading coefficient ao and the linear factors t - XI' t - X2, ••• , t - Xn where the complex numbers XI' x 2 , ••• , XII are the roots of/. We analyze the same problem under the more general assumption that R is any unital commutative ring and nothing else is known in advance. We have seen already many instances where the existence of a factorization like (1.2) does not take place in R. The question arises, whether there are unital overrings 1\ of R in which a factorization off (given by (1.3» like (1.2) is possible. Any overring of this kind may be said to be a splitting ring off (relative to R). It contains as a subring the ring generated by Rand XI' X2,···, Xn which is also a splitting ring and which we call a minimal splitting ring of f over R. We deal here only with the case that f is monic:

ao =1.

(1.4)

for the more general case that ao i' 1.) Now the

(However see exercise equation

f(t)=tn+alt n- I + ... +an =

n (t-Xi) II

(1.5a)

i=1

is tantamount to the n Vieta equations

+X2 + ... +xn= -al>

(TI(XI,X2,···,X n ):=X I

L

(T2(XI>X 2 ,···,X,,):=

x ixj=a 2 ,

tt;;i<j~1I

(1.5b)

where the polynomial expressions (T I, (T 2, ... , (T" are said to be the n basic symmetric functions of the arguments XI' ... ' X".

2. Universal splitting rings Theorem (\.6) There is a universal splitting ring S(f/R) off relative to R which is obtained

by using an R-basis of the n! elements

e e1··· e:," i'

l

(0 ~ ij <j; 1 ~j ~ n)

( 1.6a)

(referred to as standard basis in the sequel) such that f(t)

" (t - e) =n

(1.6b)

j= I

holds in S(f /R) [t]. For every homomorphism cp:R-+R'

(1.6c)

Splitting rings

31

of R into a unital commutative ring R' with 4>(1 R) = 1R' and for every splitting ring A of the monic polynomial 4>f:= til + 4>(a 1W- 1 + '" + 4>(a ll )

II

= n (t-x)

(X 1,X2,· .. ,X"EA)

(1.6d)

j= 1

over R' there is an extension $: S(fI R) -+ A

( 1.6e)

of 4> such that ( 1.6f)

Proof If n = 1 thenf(t) = t + a 1 and R = S(fI R) with ~ 1 = - a 1 is a universal splitting ring off with the desired property. Now let n> 1 and assume the construction works for monic polynomials of degree n - lover unital commutative rings. Let ~II:=

tlf

R[t]lfR[t].

in

Note that the n elements

form an R-basis of R[t]lfR[t]. Set ~1I)j(R[t]1 fREt]»~.

S(f IR) = S(Q(f, t -

(1.7)

By assumption there are (n - I)! basis elements ~jt'".~:~=11

(O~ij<j; 1 ~j~n-I)

of S(fIR) over R[t]lfR[t] such that 11-1

Q(f,t - ~II) =

n (t -

~j)

j= 1

holds in S(fIR). Hence (1.6b) is established. Moreover, the II! elements (1.6a) form an R-basis in accordance with exercise 5 of chapter 1, section 3. Now let 4> and A as in the theorem. It follows that 4> extends to a homomorphism

4>1 :R[t]1 fREt]

-+ A,

4>l1R = 4>, 4>1(~1I) = x ..

as was shown at the end of chapter I, section 4. For the polynomial 4> f there are two factorizations

=(t -

11-1 XII)

n (t -

j=l

Xj)'

32

The group of an equation

But the polynomial t - x. with leading coefficient 1 is not a zero divisor of A[t]. Hence .-1

Q(
n (t -

Xj)'

j= I

By induction hypothesis
:S(Q(f, t -

R[t]»

--+

A,

satisfying IR[lllfR[t]

(~j)

=
= Xj

(I ~j < n).

But because of (1.7) it follows that satisfies the conditions required by the 0 second assertion of theorem (1.6). 3. Permutation automorphisms

If R,fare constructively given then so is S(f /R). As a consequence of theorem (1.6) for every permutation n ofthe indices 1,2, ... , n there is a homomorphism

it:S(f/R) --+ S(f/R),

( 1.8a)

itlR = id R,

(1.8b)

satisfying n(~i)=~"(i)

(i=I,2, ... ,n),

(1.8c)

where we denote by n(i) the effect of n on the index i. Note that it is uniquely determined by (1.8b), (1.8c). For any two permutations n, p we have np(i)

itp(~J np

= n(p(i»,

= it(p(~J) = it(~P(i) = ~"P(i)' = itp,

and, in particular,

1= ids(f1R) for the identity permutation 1. Thus it follows that np

= itp,

so that the it form a group of R-automorphisms of S(f /R). It may be called the group of the permutation automorphisms of the universal splitting ring of f over R. Since I, ~2' ~3""'~. are among the standard basis of S(f/R) and ( 1.9a) it follows from linear independency that the roots ~ I""'~. are distinct unless

al=O,

n=2,

2=0

(1.9b)

Splitting rings

33

in which case ~ I = ~2' In any other case we may view the permutation automorphisms as extensions of the n! root permutations. In other words the mapping of n on it is a (standard) monomorphism

J1.:6. ~ Aut(S(f /R)/R) of the symmetric permutation group 6. of n letters formed by all permutations of 1,2, ... ,n into the group Aut (S(f/R)/R) of all automorphisms of the universal splitting ring of f over R which leave R elementwise fixed. The image group may be denoted as 6.(f/R). There can be other automorphisms of S(f / R) but the permutation automorphisms are of primary interest in Galois theory.

4. Quadratic monic equations For example, for quadratic equations (l.lOa) we have (\.lOb)

and

S(f/R) = R[t]/fR[t] = R[t]/f

(\.IOc)

as the proof of theorem (\.6) has already shown. Indeed, setting

~2 = t/f, ~I

=

}

-al-~2'

(1.10d)

we find that 1, ~2 is the R-basis of both R[t]/f and S(flR) with basic multiplication table:

(1.l0e) ~2

1 ~2

~2

-al~2-a2

and that ~ I, ~ 2 satisfy (\.6) for n = 2. The permutation automorphisms are the identity mapping S(f, R), and the automorphism

1= ids(J/R)

of

a: S(flR) ~ S(f/R): A + J1.~2 f-+ A + J1.~ I = (A - a l J1.) - J1.~2 (A, J1.ER). (1.l0f) Of course CJ. fixes every element of R. Conversely, every element of S(f /R) which is fixed by CJ. belongs to R when the R-ideals

[0/2] = {J1.ER I2J1. = OJ,

[O/al] = {J1.ER IJ1.a l = O}

have zero intersection. The subring of S(f /R) formed by the fixed elements of CJ. is

(1.l0g)

The group of an equation

34

Among the fixed elements of Gn(f /R) we have the trace TrW = e + IX(e) = 2..1 - atll

(1.1 Oh)

and the norm ( I.lOi)

of the element

(I.l OJ) of S(f/R). As we saw already in the case of the Gaussian integers the trace is additive and the norm is mUltiplicative. Trace and norm are related by Tr(e 2) = Tr(e)2 - 2N(e).

(1.1 Ok)

The norm satisfies the additive relation (1.10/)

Trace and norm are important because they provide a natural monic equation, the characteristic equation e2

-

Tr(e)e + NW = 0

(1.1ta)

for every element e of S(f / R) over R. The quadratic polynomial P~!R(t) = t 2

-

Tr(e)t

+ N(e)

(1.1lb)

is the characteristic polynomial of ¢ over R. The characteristic polynomial factorizes in S(f / R) into the linear factors t - e, t - IX(e):

(1.1lc) Let us consider the special case R = 10. By the usual high-school method we obtain the corresponding pure quadratic equatioll y

2

d

( 1.12a)

=~

4

for

y=x+(a l /2)

(1.l2b)

d = d(f) = a~ - 4a 2 ,

(1.l2c)

and where d is called the discriminant of the polynomial f because it discriminates between solvability: d is a rational square (number); and insolvability: d is a rational non-square (number) of (1.1 Oa) in 10. If (1.1 Oa) is solvable, then the solutions are al

XI =

dt

-2+2'

al

X2 =

dt

-2-2'

(1.12d)

where d t is a root of the pure quadratic equation Z2 -

d=

o.

( 1.l2e)

35

Splitting rings

Analyzing the splitting ring S(f IQ) we discover that

f(t) = (t - xd(t - x 2 ),

o = f(~2) = ~~ + al~2 + a 2 = (~2 so that there are the zero divisors the two ideals

~2

- Xl'

~2

-

Sj = (~2 - xJS(fIQ)

(1.l3a) Xd(~2 - X2),

X 2 • As

(1.l3b)

a matter offact there are

(i = 1,2)

(1.13c)

of S(fIQ) which annihilate each other and which are a-conjugate: SlS2 S2 = a(SI)'

= 0,

(1.1 3d)

= a(S2)'

Sl

(1.13e)

Hence,

oc

Sj c S(f/Q),

( 1.13f)

dimOSj = I,

(1.l3g)

Sj = Q(~2 -

xJ

Because of the basis property of I,

~2

(i

= 1,2).

(1.l3h)

we find that

Sl = S2¢>X I = x2¢>d = O.

( 1.13i)

In this case, when the two roots Xl' X2 of the quadratic equation coincide, we call it inseparable. As (1.13i) shows this is precisely the case for d = O. As' a matter of fact over any unital ring of reference R we see that d(f)=ai-4a2=(~1 +~2)2_4~1~2=(~1-~2)2.

(1.l3j)

Hence by theorem (1.6) (1.l3k) in any splitting ring of f over R permitting the factorization (1.2). In general ring theory it can very well happen that d(f) = 0 but that the roots Xl' X2 are distinct in any splitting ring. For example, let R = (Z/2Z)[t]/t 2 (Z/U)[t] with (Z/U)[t]-basis I, B subject to B2 = 0 and let f(t) = t 2 + Bt. From this reason we call the monic quadratic polynomial f(t) = t 2 + alt + a 2 separable if d(f) is not a zero divisor; otherwise we say it is inseparable. Now it follows from theorem (1.6) that the roots XI' X2 of a separable polynomial are distinct in any splitting ring of f. In the case of inseparability one can find a splitting ring with roots XI = X2 in case R is an entire ring. But if R is not an entire ring it can be either way. Continuing the discussion of above for the case of separability of the rationally solvable monic quadratic equation f = 0 we find now that SI"",S2,

( 1.131)

= Sl +S2'

(1.1 3m)

1=e l +e2,

(1.13n)

S(f/R)

The group of an equation

36

with uniquely determined Si-components ei of the unit element I = IS(flO) such that Si = lSi = (e 1 + e2)Si = elSi + e 2S i = eiS i,

(1.130) (l.13p)

ele2 = 0 = e2el' ei = ei I = ei(e 1 + e 2) = er.

( 1.13q)

Direct computation tells us that

eI

= (-

aI

-

2x I) - I (~2

x d,

-

e2 =

(-

aI

-

2x d - I (~I

-

x d,

( 1.13r)

but the important information is contained in (1.13d), (l.13m-p) telling us that S(f /10) may be viewed as a 2-vector space over 10 with componentwise multiplication upon writing ~ES(f /10) as

and representing

~

= 4>l(~)el + 4>2(~)e2

~

by the Q-vector 4>(~)

(4)i(~)EiQ,

= (4)I(~)' 4>2(~))

i = 1,2),

(~ES(f/Q)).

Thus essentially the solvable separable case provides a universal splitting ring that is algebraically 'decomposed' into the direct sum of two isomorphic copies of iQ. We note that there are two factorizations of fin S(f/iQ)

f(t)

= (t -

x1e 1 - X2e2)(t - X2el - x 1e 2) (1.13s)

= (t - xd(t - X2).

Which of the two is the standard one (1.6b)? In case f is inseparable we can even find infinitely many distinct factorizations. What are they? Correspondingly we find infinitely many distinct automorphisms of S(f110) over Q. Finally we turn to the case that d(f) is non-square. In this case there is no factorization

f=gh into non-constant factors g, h ofQ[t] possible, the polynomial f is irreducible over Q. The universal splitting ring S(f /10) contains no divisor of zero. It is a field, called the splitting field of f. In this splitting field, however, there holds the factorization

f(t) = (t -

~ I)(t

-

~2).

Also just as above (1.12d) holds so that we obtain a

dt

a

dt

~I = -i+T' ~2 = -i-T'

( 1.14)

when the square root of the discriminant is defined as one of the two solutions of the pure quadratic equation (1.12e) for z in S(f /10). We observe that in

The fixed subring

37

this case any iQ-homomorphism of S(f1(0) into a splitting ring of f over 10 is a monomorphism. On the other hand, in case f is reducible (= non-irreducible) over 10 then 10 itself is a splitting ring of f, of a iQ-dimension less than the iQ-dimension of S(f/iQ)·

Exercises 1. Let f be an arbitrary non-constant polynomial in t over the unital commutative ring R, say f(t)=aotn+altn-I

+ ... +an

(nEZ>o; ajER, 0 ~ i ~ n; a o ¥- 0).

Then show that the natural homomorphism of R into

(t, t I ' " ' ' tn are n + I polynomial variables) which maps..:t on ..:t/(f - O?=.(t - tJ) for ..:t of R is a monomorphism if and only if the coefficients ao, a l , ... , an satisfy the same condition as in exercise I of chapter I, section 4: If aoz = 0 (zER) then ajz = 0 (0 < i ~ n). 2. Let a monic polynomial f of degree n > 0 over Z and a polynomial P of Z[t I, t 2,···, tn] be given. Write an algorithm in order to represent P(~ I' ~2"'" ~n) as a linear combination of the standard basis of S(fjZ). 3. (a) Compute the universal splitting ring of f(t) = t 3 - 7t - 7 over Z. (b) Show that Z[p] is a splitting ring for f, if p denotes a zero of f (in ~). (Hint: 3p2 - Sp - 14 is another zero.) (c) Determine an epimorphism of S(fjZ) onto Z[p]. (Compare proposition (4.6).) 4. Find all factorizations of the monic quadratic polynomial f(t)

=

t 2 + alt + a 2dl[t]

in S(fjQ).

2.2. The fixed subring of the permutation automorphisms Firstly, we remark that the R-dimension n! grows stronger than exponentially with n since by Stirling's formula

(2.1) so that direct computations in S(flR) become impractical for large values of n. The value of the concept of splitting rings derives from its constructive nature and its use as scaffolding for more efficient constructions.

38

The group of an equation

1. Tschirnhausen transformations Secondly, our discussion of quadratic equations (l.lOa) over 0 amounts to the statement that S(f10) is isomorphic to S(gIO) where g(t)

= t2 -

d(f)

is a pure quadratic polynomial. More generally speaking a Tschirnhausen transformation [6] of (1.1) with ao = 1 is defined as the transition from the generator ~

= tlf

of the equation ring R [t]1f R [t] to another generator I]=h(~)

(2.2a)

hER[t],

(2.2b)

R[t]IfR[t] = R[~J = R[I]J.

(2.2c)

of R[t]lfR[t] with

As will be shown soon the minimal polynomial m of polynomial of degree n over R and thus

R[tJIfR[tJ where the R-isomorphism maps It follows readily that

I]

~RR[tJlmR[tJ

I]

is again a monic

(2.2d)

on tim.

S(fI R) ~ R S(ml R),

(2.2e)

so that, in essence, we deal with the same problem as before, but the use of m rather than f may confer both conceptual and computational advantages. Note that there is a polynomial j of R [tJ such that ~ = j(I]) so that the transition from '1 to ~ also is a Tschirnhausen transformation. Prior to E. Galois' revolutionary treatment of algebraic equation theory, for several centuries the algebraists tried to apply a Tschirnhausen transformation to (1.1) over an extension E of Q obtained by the adjunction of some radicals such that m factors into a product of pure monic polynomials of the form til -

f3

(2.2f)

with f3 in E. This is possible for n = 1,2,3,4. Ruffini and Abel showed that it cannot be done in general if n > 4. A few years later E. Galois revealed the group-theoretic reason for that impossibility and gave a satisfactory criterion as to when it can be done. The simplest Tschirnhausen transformations are obtained by translations: (2.3) If n has an inverse in R then a translation by a,/n is used to produce a

The fixed subring

39

polynomial m = tn + b 2 tn -

2

+ ... ,

with second highest coefficient O. This technique is well known from highschool algebra. Thus our treatment of quadratic equations works over any field in which 1 + 1 i= O. But if R is a field in which

1+1=0 (i.e. a field of characteristic 2) then pure equations are inseparable so that there can be no Tschirnhausen transformation of (J.lOa) into a pure equation in case

However, the dilatation

'1=ai 1 e

(2.4)

leads to the simplified form (Artin-Schreier normal form)

'12

+ '1 + b2 = 0,

(2.Sa)

with (2.Sb) Just like the pure monic polynomial it depends only on one parameter, viz. b 2 • If we apply a translation now, say, (2.5c) then the second coefficient stays I, but the last coefficient is modified by the summand a 2 + a:

,2 + , + b

For example over R

= 71/271

2

+ a 2 + a = o.

(2.Sd)

we have the pure normal form

x 2 =0,

(2.6a)

and the following Artin-Schreier normal forms

x 2 +x + I =0,

(2.6b)

x 2 + X = 0,

(2.6c)

which is irreducible, and

which is reducible. For equations of Sth degree defined over a field R of zero characteristic there is the Bring--}errard normal form [7] XS -

x

+a=

°

(2.7)

which can be obtained upon adjunction of specified radicals of degree < S for any 5th degree equation even if it cannot be solved by radicals. D. Hilbert

The group or an equation

40

analyzed the question how many coefficients at, a 2 , ••• can be transformed into 0 for given degree n [6]. But in general the question which normal forms can be devised for equations of degree n> 6 after 'trivial' adjunctions (any adjunction of degree < n) and a suitable Tschirnhausen transformation and how to construct them, is still unsolved. E. Galois's approach to the task of solving an algebraic equation is radically different, as we shall see. 2. Normal forms of monic quadratic equations over 7L Thirdly, we remark that our treatment of monic quadratic equations yields the following normal forms for R = 7L after suitable translations:

I. Inseparable equations: (2.8a)

I I. Separable equations: (a) x 2 (b)

4= 0

-

d

if d == 0 mod 4,

I-d x + -4-

x2 -

}

(2.8b)

if d == 1 mod 4.

We observe that d = dU) is invariant under translation and that the corresponding factorizations are

f

I. II.

= t2

(a)

f =

(t - ~t)(

(b)

f

(t - (I

=

t

(2.9a)

1

+~;)

+ dt )/2)(t -

(1 - dt )/2).

(2.9b)

J

Reducibility occurs if and only if d is a square integer. It turns out that the discriminant is the perfect invariant in the case of quadratic equations over 7L. 3. Idempotents Fourthly, in discussing quadratic equation rings we discovered the important role played by elements e of a (commutative) ring R satisfying the conditions

(2.10) They are said to be the idempotents of R. The Peirce right-decomposition holds:

= ex + (x - ex),

(2.1Ia)

= ex = (ee)x = e(ex),

(2.11 b)

x

with first component XI

41

The fixed subring

characterized by the property (2.llc) and second component (2.11d)

x 2 = X - ex, characterized by

eX2

(2.1 Ie)

= 0,

since indeed

e(x - ex) = ex - eex = ex - ex = 0. Namely, if with summands

X I ,X 2

satisfying (2.11c), (2.1 Ie), then we have

ex = ex,

+ eX2 = ex, = x,.

Now all the first components form the right-ideal (2.1 H)

RI=eR and the second components form the right-ideal

R2

=

{x - exlxER}

(2.l1g)

so that

R,nR 2 =0,

R,+R 2 =R.

Similarly R is represented as the direct sum of the two left-ideals R'I = Re,

R~ = {x -

xelxER},

(2.11h)

derived from the Peirce left-decomposition x = xe + (x - xe).

(2.11 i)

In case the idempotent e is a central idempotent, i.e. an idempotent commuting with all elements of R we obtain the Peirce decomposition (2.11 a), (2.11 i) where xe = ex and the presentation (2.11j) of R as the direct sum of the two ideals

R, = eR

=

Re,

R2 = {x - xelxER} = {x - exlxER}.

Which conclusions can we draw regarding the structure of R? Because of the directness of (2.llj) it follows that (2.11k) Thus, for every element x of R there is a unique presentation in the form X=Xj +X2

(xjERj,i= 1,2).

(2.1l!)

42

The group of an equation

Writing

x = (Xl' X 2 ),

(2.1 1m)

we have component wise addition: (Xl' X2)

+ (Yl' Y2) = (XI + Yl, X2 + Yz)·

(2.11 n)

Moreover, we have also componentwise multiplication: (Xl' XZ)(YI, Yz)

= (XIYI' XZY2)'

(2.110)

Conversely, if R l , R2 are two rings and we deal with the elements (Xl' X2) of R = R I EB R2 according to the multiplication rule (2.110), then we obtain again a ring R into which R R2 are canonically embedded as ideals yielding " R as their direct sum. This ring is said to be the algebraic sum of the rings R l , R 2 • This type of sum formations of rings is commutative and associative in the same sense as it is in module theory. If R is unital then we have

where of course

IR,IR2 = IR21R, = 0, I~, = I R, (i = I, 2). Two idempotents e l , ez of a ring are said to be orthogonal if ele2

= 0 = e2e l ·

The sum of two orthogonal idempotents is an idempotent:

+ e2)2 = ei + e l e2 + e2el + e~ = e l + ez, implying e + e 2 #- O. (e l

0 #- el = ej(e j

+ e2)

j

Conversely, if for two idem po tents e, e j one has

then e - e l =:e 2

also is an idempotent, the two idempotents e j , e z are orthogonal and their sum is e. An idempotent is said to be primitive, if it is not the sum of two orthogonal idem po tents. Commuting distinct primitive idempotents e j , e2 are orthogonal. This is because of e j e2

= e2ej,

ej

= (e j

- e j e2)

+ e je2,

e2

= (e2 -

e l e2)

+ e l e2'

(2.12a)

If e l e2 #- 0 then the primitivity of e j,e2 requires that e l - e1e2 = 0 = e2 - e1e2, hence el = e2 contrary to assumption. Therefore e1e2 = e2el = O. If el, e2,"" es is a maximal set of commuting pairwise distinct primitive idem po tents then any finite sum of some of them, but without repetition, is

43

The fixed subring

also an idempotent and the 2' - 1 idem po tents e thus obtained are the only ones commuting with each ej (I ~ i ~ s). If the ring R is unital and if 1 is the sum of primitive idempotents of the center C(R) of R (primitive central idempotents)

+ e2 + ... + e"

1 ~ el

then the 2' - 1 non-repetitive sums over the e j are the only central idempotents of the ring R. Otherwise there are infinitely many idempotents; as a matter of fact there is a sequence of central idem po tents e l , e2,'" for which (2.l2b) and hence there are infinitely many (pairwise) orthogonal idempotents, viz.: (2.12c) Thus the behavior of central idempotents under multiplication, complementation and addition of orthogonal idempotents reflects the behaviour of the ideals which they generate under intersection (multiplication), complementation and direct addition in as much as for any two central idempotents e, e' of R we have one of the following five alternatives: e = e'e = e': eR = e'R = eReR, ee' = e of- e': e'R = eR ee' = e' of- e:eR = e'R

+(e' -

+(e -

e)R

(2.13a) eR,

(2.l3b)

e')R::J e'R,

(2.l3c)

ee' of- e,ee' of- e',ee' of- 0: 0 c ee'R

::J

= eRne'R = eRe'R,

+(e - ee')R, ee'R c e'R = ee'R +(e' - ee')R, eR + e'R = (e - ee')R +ee'R +(e' ee'R

c

eR = ee'R

0:

}

(2.lJd)

ee')R,

O,}

ee' = eRne'~ = (e + e')R = eR + e'R.

(2.13e)

Note, if the ideal [0/2]:= {XE R 12x = O} is 0, then e + e' is idempotent if and only if e, e' are orthogonal. More generally speaking, any finite set X of distinct commuting idempotents {el' e2, ... , e,} generates under the operations: join ee' to the set if 0 of- ee', e of- ee', e' of- ee' and if ee' does not yet belong to the set; join e - e' to the set if ee' = e' of- e alld if it did 1I0t yet belollg to it; joill e + e' to the set if ee' = 0 alld if e + e' did 1I0t yet belollg to it;

(2.l4a) (2.l4b) (2.l4c)

another finite set X of at most 7,-1 idempotents containing X as a subset and closed under (2.14a-c) (proof by induction over s). Thus we see the importance of idempotents for structural investigations. Let us give two examples.

44

The group of an equation

4. Idempotents and factorization of polynomials Suppose we find an idempotent e ¥- II f of the equation ring A = R[t]1 f R[t] of a monic non-constant polynomial f over the unital commutative ring R. Which advantage can we get for the factorization of f? By assumption we have the decomposition

lA=el+e 2

(2.15a)

of 1A into the sum of the orthogonal idempotents

el=e,

e2=IA-e.

(2.l5b)

Hence, e l =g.lf,

e z =9zlf (gl,gzER[t],deg(gj) <deg(f), i= 1,2), (2.15c) 1RII)

= 9 I + gz,

(2.l5d)

(2.15e) Conversely, if we succeed in finding any polynomial gl ER[t] satisfying (2.l5e) then e l as defined by (2.l5c) becomes an idempotent and gl is uniquely determined bye .. replacing gl by R(gl.!) if necessary. For example, if there holds a factorization (2.15f)

f=fd2

of f into the product of two monic non-constant polynomials fl' f2' such that we also know a presentation 1 =Xtfl +Xzf2

(2.l5g)

of the unit element as linear combination of fl.J2 over R[t], then

ej=xJdf (i= 1,2)

(2.l5h)

form a pair of orthogonal idem po tents of R[t]1 fREt] which add up to 1.

5. Idempotents and Chinese remainder theorem Another example is taken from elementary number theory. It was dealt with in a similar fashion by C.F. Gauss in the Disquisitiones Arithmeticae [5]. Let N be a natural number > 1. Suppose we discover an idempotent residue class e of R = 7l.IN which is not liN. What does it mean in terms of a factorization of N? As above we have (2.l5a), (2.l5b). Hence e l = glIN,

e2 = g21N, 1 = gl + g2 (gjE71.; i = 1,2), Nlglg2' Nigi (l - g.),

(2.l6a) (2.l6b) (2.l6c)

Njgl;

and conversely. However, now we can form

fl =gcd(N,g.), f2=gcd(N,g2)'

(2.16d)

45

The fixed subring

and find that (2.16e)

NI!d2 91 = XI!I'

92 =

X2!2,

(2.I6f) (2.I6g)

I=xdl+xd2, gcd (fIJ2) = 1,

I
(2.I6h)

(i = 1,2).

Let and implying hence by (2.16e) (2.I6i) Conversely, let N be the product of two mutually prime natural numbers!I' f2 both less than N so that (2.16h), (2.I6i) holds. Then we compute rational integers XI' X2 satisfying (2.16g) and find that

el

= gl/N,

with 9 I as defined by (2.16f) is a non trivial idempotent of 71/N. In this way a I-I-correspondence between the non-trivial idempotents of 71/ N and those divisors of N which are not 1 and coprime to their complement in N arises. Now we find that (2.I6j) But by construction

in other words (2.16k) A more precise expression of (2.I6k) is the Chinese Remainder Theorem for 71: If the natural number N is factorized into the product of two mutually prime natural numbers!IJ2' then for any two rational integers ml , m 2 there is a rational integer X satisfying the congruences

x == mi mod !i (i = 1, 2), and x is uniquely determined modulo N. This is a specialization of the general Chinese Remainder Theorem for unital (commutative) rings:

Let R be a unital ring and a I' ... ,an be ideals such that ai + aj

=R

(I ~ i <j ~ n). Given elements xI, ... ,XnER, there exists xER such that x == Xi mod 0i (I ~ i ~ n).

(A proof is given in S. Lang's book [10].)

(2.17)

46

The group of an equation

The construction given above enables us to present x in the simple form x

= m 2xtil + m 1x2i2

as Gauss points out, who was the first to use idempotents though he did not want to give this concept a name. An important application is the multimodular calculus which enables us to deal with very large integers by considering them modulo sufficiently many mutually prime (relatively small) rational integers. 6. The fixed subring of the permutation automorphisms

Returning to the discussion of the universal splitting ring S(f1R) of a monic polynomial (2.3) over the unital commutative ring R we ask the question: Which elements of S(flR) are invariant under all permutation automorphisms? Certainly the elements of R.

Theorem. The subring

(2.1S)

S(fIR)
(2.1Sa)

of S(fIR) formed by the elements which are invariant under all permutation automorphisms equals (2.1Sb)

where

[0/2] = {KES(fIR)12K = O}( = ([0/2]nR)S(fIR». In particular,

if R

(2.1Sc)

is an entire ring of characteristic 1= 2 then

S(fIR)Gn= R.

(2.1Sd)

Proof Trivially,

S(flR) = S(fIR)G 1 = R in case n = 1. The case n = 2 was discussed already in section 1. Let n > 2 and apply induction over n. Clearly, the right-hand side of (2.1Sb) is contained in the left-hand side. Conversely, let

YES(fIR)G n. By construction S(fIR) = S(Q(f, t - e.)/R[e.]) and 6._ 1 (Q(f, t - e.)/R[e.]) consists precisely of those permutation automorphisms of S(fIR) which leave en invariant. By hypothesis,

S(flR)Gnc R[e n] + [O/2]Gn- l ; using theorem (1.6) we find that

S(flR)
47

The fixed subring

where 6;. _I consists of those permutation automorphisms of S(f / R) which leave ell-I invariant. Hence we obtain for y of S(f, R)G n : II-I Y = Yo + L Aje~, (2.19a) j=O

II-I

y=n(yo)+

L

Aje~-I

(Ao,AI, .. ·,AII_IER,

YoE[0/2]G~-I), (2.l9b)

j=O

where

1[

transposes nand n - 1 and fixes all i < n - 1. We have Q(f,t - ell) = til-I

+ (a l + ell)t"-2 + ... , o= e~=: + (a l + en)e~= i + ... ,

e:=: = hence the basis elemen t e: Therefore,

- (al

=i en

+ en)e:= r+ ... ,

has the coefficien t - An _ I mod [0/2].

An _ I == 0 mod [0/2] and upon comparison of (2.l9a), (2.l9b) we find that

Ai == Omod [0/2]

(0 < i < n - 1).

Hence

Yo

= n(yo) mod [0/2],

o

proving the theorem.

Exercises 1. Given a unital ring R which is the direct sum of two non-zero ideals A, B: R=A+B. Sho.w that the corresponding presentation

IR=e l +e 2 (e I EA,e 2EB) defines uniquely two orthogonal idempotents e l , e2 both belonging to the center C(R) of R such that I A =e l , I B =e 2,

A=etR=Re t , B=e 2R=Re 2· Conversely, if e I' e2'"'' es are mutually orthogonal central idempotents of R for which e t + e 2 + ... + es = 1R' then there holds the decomposition A = = t ejA of A into the direct sum of non zero ideals ejA with ej as unit element. 2. Compute all idempotents of

tr

(i) l[t]fPI[t] for P(t) = t 4 - 3t 2 (ii) IfNI for N = 32,48, 59, 60.

+ 2;

48

The group of an equation

2.3. Symmetric polynomials 1. The theorem on symmetric functions As an application of theorem (2.18) we study the polynomial ring R n := Ro[t l , t 2, ... , tn] in n independent variables th t 2, ... , tn over a unital commutative ring Ro. Let

g(t) = t n - tlt n- I

+ t 2t n- 2 + ... + (-

l)ntnERn[t]

(3.1a)

be the 'generic' monic polynomial of degree n over Ro. Then S(g/Rn) = Rn[~ I ' " ' ' ~n] is a polynomial ring in the variables ~ I, ... , ~n over Ro:

S(g/Rn) = RO[~I"'" ~n]'

(3.1 b)

where n

g(t) =

n (t -

~i)

(3.1c)

i= 1

in S(g/ Rn). The polynomials in ~ I , ... '~n over Ro which are fixed by the n! permutation automorphisms of S(g/Rn) are said to be the symmetric polynomials in ~ I , ... ,en over Ro. According to theorem (2.18) they belong to R n for [0/2] = O. In the sequel we shall show that the restriction [0/2] = 0 is superfluous. One of the symmetric polynomials is

n

d(g):=

(~i - ~k)2 = (- 1)(2)

n (~i -

~k)'

(3.2)

I~i
As a matter of fact setting Ro

n

= 7L

we obtain an identity of the form

(~i-~k)2=Pn(tl, .. ·,tn)'

(3.3a)

where

(3.3b) and

(3.3c) are the basic symmetric functions of ~ I , ... , ~n' This identity remains in force upon application of the standard homomorphism

¢: 7L ...... R o: ml--+ml Ro ' It follows that d(g) defined by (3.2) belongs to Rn for any Ro and has coefficients in the prime ring ¢(7L) of Ro. We observe that each factor ~i - ~k is a non-zero divisor of Ro[~ I ' " ' ' en] (consider the highest ~cterm of P in any equation (~i - ~k)P = 0 and show that it is zero!). Hence, the product d(g) also is a non-zero divisor of Ro [e I, ... , ~n] and - a fortiori - of Rn. Furthermore, for any splitting ring A of any monic polynomial

f(t)

= tn + alt n- I + ... + anERo[t],

(3.4a)

Symmetric polynomials

49

the expression (3.4b) I~i
derived from the factorization n

f(t) =

fl1 (t -

(3.4c)

Xj)

j=

of f over A turns out to be a polynomial expression in a 1 , ... , an over R o. In fact, (3.4d) where Pn is as in (3.3a). We call the expression d(f) the discriminant of the monic polynomialfERo[t]. It belongs to Ro. If it is not a zero divisor, then f is said to be separable, otherwise inseparable. As had already been remarked for,n = 2 the roots occurring in any factorization (3.4c) of a separable monic polynomial are distinct. The converse need not be true unless we restrict our considerations to entire rings. Correspondingly, for two monic polynomials, say f as in (3.4a) and

h(t) = t m + b,t m -

,

+ ... + bm

(mE~>o; bjERo,

1 ~ i ~ m),

(3.5a)

we find that in any common splitting ring off and m

h(t) =

flI (t -

Yj),

(3.Sb)

j=

the expression n

Res (f, h):=

m

fl fl (Yk -

Xj)

= ( - 1)"'n Res (h,f)

(3.Sc)

i= I k= 1

is a polynomial in a l , ... , am b, , ... , bm with rational integral coefficients. It is said to be the resultant off and h. The discriminant of the product fh is given by the formula

d(fh)

= d(f)d(h) Res (f, h)2

(3.5d)

which implies that the product is separable, if and only if each factor is separable and the resultant off, h is a non-zero divisor of Ro. Our discussion of quadratic equations in section 1 showed that for a separable monic quadratic polynomial f over R the elements of Rare the only elements of S(f/ R) which are invariant under the permutation automorphisms. Now the same inductive procedure which was applied in the proof of (2.18) shows

Corollary of theorem (2.18) (3.6) If the polynomial f is separable under the premises of (2.18), then only the elements of R are invariant under all permutation automorphisms.

50

The group of an equation

(Actually we only need to demand that d(f) is 2-regular: if eER, e"# 0, 2e = 0, then d(f)e "# 0.) As an application we have the

Theorem on symmetric functions (3.7) Let R be a unital commutative ring. Then any polynomial in n variables eI"'" en over R which remains unchanged for any permutation of the variables is representable as a polynomial in the basic symmetric functions l~jl <"'
over R. The subtle specialization argument developed' here in order to overcome the possibility that [0/2] "# 0 is shown to be unnecessary by the following algorithm which produces a constructive proof.

Algorithm for the theorem on symmetric functions

(3.8)

Input. A symmetric polynomial P( e1 , ••• ,en) and the basic symmetric functions <TI , ... , 1 go to 2, else set

e

QI(a\i)) +- F I(
Step 4. (Increase k). Set k +- k + 1. For k > n terminate. Else set

Fk(e 1 " " , ek) +- Fk(e I"'" ek) - Qk - 1 (a\k), ... , aik~ d, Qk,ik +- Qk - 1 (
Remarks (3.9) For a better understanding of the algorithm we explain the roles of the polynomials F k, Qk in greater detail. At the beginning we have

51

Symmetric polynomials

Fk(¢ 1"'" ¢d = P(¢ 1,···, ¢k' 0, ... ,0). Then Fk is gradually modified via basic symmetric functions until we finally obtain ik

Fk(¢I'''''¢k)=

L Qk)Oy), ... ,utk~d·(utk»)j

j=O

= Qk (U\k) , ... , utk»). Example (3.10) Let us compute the representation of P(¢I' ¢2' ¢3):= (¢ I - ¢2f(¢ 1- ¢3f(¢2 - ¢3)2 by the symmetric functions u b u 2' U 3' The algorithm produces the polynomials F 3 = P, Q3.0 = and the restricted symmetric functions U~k) for 1 ~j, k ~ 3 in step I. In step 2 we obtain F 2(¢1' ¢2) = (¢ I - ¢2)2(¢1¢2)2, Q2.0 = 0, i2 = and then again F 1= 0, QI.O = 0, i l = 0. Then step 3 yields QI = 0. We proceed to step 4: F 2 and Q2.0 remain unchanged. Then steps 7, 2, 3, 4, 5, 7, 8 and 6 result in Q2 = (uf)f(u~2»)2 - 4(U~2»)3 = F 2(¢ I' ¢2), i.e. we have approximated P correctly for e2' Going on we finally obtain

°

°

el'

P(¢ I, ¢2, e3) = uiu~ - 4u~ + u 3(l8u Iu 2 - 4u~ - 27u 3)' This result expresses the discriminant of a monic third degree polynomial by its coefficients. We conclude these considerations on symmetric polynomials with a correspondence between the basic symmetric polynomials and power sums:

Definition (3.11) Let ¢ I , ... , be as in (3.7), then Sk:= Li= I e~ is called the kth power sum of ¢I'''''¢II (kEl:' "0).

en

(3.12) Theorem Between the basic symmetric functions and the power sums we have the so-called 'Newton's relations'

k-I

L (- l)i uiSk_i + (- I)kkuk =

i=O

L (- l)iUiSk_i = ° i=O

°

°

(3.12a)

(u o:= I, k ~ n).

(3.12b)

(u o:= I,

~ k ~ n),

n

Proof Because of (3.la-c), (3.3a-c) we have

°= L (n

I)juj¢i- j

(1 ~ i ~ n),

j=O

and therefore n

0=

L (-l)jujei- j j=O

(1 ~i~n;m~n).

52

The group of an equation

A summation over i yields

0=

•

n

n

j=O

/= 1

)=0

L (- l)lCT) L ¢r-) = L (- l)lCT S m_ j

j'

hence (3.l2b), respectively (3.12a) in case k = n. The rest of the proof is done by induction over n for fixed k. The initialization n = k was already shown. Now let us assume that (3.12a) is correct for n - 1. We set k-I

F(¢ I'·.·, ¢n):=

L (-

1)/CT/Sk_/ + ( - l) kkCT k·

/=0

This is a symmetric expression in ¢ I, ... , ¢n of degree :::; k < n. Furthermore, k-I

F(¢ I, ... , ¢n-I, 0) =

L (- 1)/CTI·-I)S~·_-/I) + ( -

l)kkCT~n-1)

=0

/=0

because of the induction assumption. Therefore F(¢ 1> ••• ' ¢n) is divisible by ¢n. Because of the symmetry it is also divisible by CT •. Because of deg(F) < n this implies F(¢ I' ... ' ¢.) = 0, and thus the induction from n - 1 to n. 0 Newton's relations allow us to compute the power sums from the basic symmetric functions and vice versa. For example, SI=CT 1 S2=CTi-2CT 2 S 3 = CTI - 3CT 1CT 2 + 3CT 3

and

CT1=SI CT2=!(Si-S2) CT 3 = !S i -!S 1S 2 +

ts 3

(if 2,3 are invertible in R). We remark that it is sometimes useful also to consider power sums for kE~ <0 in the corresponding quotient ring.

2. The principal equation In order to define the principal equation (3.13a) of an element ¢ of the equation ring R[t]/fR[t] of a monic equation f(x) = 0

(3. 13 b)

of degree n over R we proceed as follows. Firstly, we consider the generic monic polynomial (3.la) of degree n over the polynomial ring Rn = Ro[t I' .. ·' tn] with Ro = ~[YI'···' Ynl We form the 'generic element' .-1

Y=

L Y/+l¢~

(3.l4a)

/=0

contained in S(g/Rn) = RO[¢I, ... , ¢n] for g(t)

=

n• (t - ¢J

(3.l4b)

/= 1

Realizing that the powers of the n-cycle C= (1,2, ... , n)E6., say 1, C, ... , cn- 1 form a representative set of 6 n modulo 6 n- l , the stabilizer of n, we see that

53

Symmetric polynomials

the coefficients of (3.15a) are fixed by the permutation automorphisms of S(gjRn). Hence, (3.15b)

PyIR.ERn[t] is a monic polynomial of degree n over Rn satisfying the equation

= o.

PylRjy)

(3.15c)

Now we apply the homomorphism

¢:S(gjRn) -+ S(fjR) mapping AI-diR

(AEl'),

tiH( - I)ia i (I ~ i ~ n),

YiHtXi

(tXiER, 1 ~ i ~ n)

in order to obtain the principal polynomial (3.16a) for (3.16b) so that there holds the principal equation p~/R(e)

= o.

(3.16c)

P'*.I/R

= .r,

(3.17a)

In particular, we obtain

PaiR

= (t - a)n (aER).

(3.17b)

The principal polynomial is of the form P~/R(t) = t" - Tr(e)t"-l

+ '" + (-

l)nNW,

(3.18)

where the trace mapping Tr: R [t]j.r R [t] -+ R is linear and the norm mapping N:R[t]!.fR[t]-+R is multiplicative and homogeneous of degree n: Tr(e +,,) = Tr(e) + Tr(,,), Tr(ae) = aTr(e), Tr(l) = N(e,,) = NWN(,,), N(ae) = anNW, N(l) = 1

n,} (3.19)

for all

e,,,ER[t]!.fR[t],

aER.

The intermediate coefficients of the principal polynomial are also of interest, but have been studied relatively little. We observe that by construction

= n (t - [i(m, n

P~/R(t)

(3.20)

i= 1

so that for a nilpotent element e of R [t]j.r R [t] also [i(e) is nilpotent

The group of an equation

54

(l :::; i :::; n), and hence the coefficients of P~/R are nilpotent elements of R. If R contains no nilpotent element other than 0, then P~/R = tn, en = o. We note that

(3.2Ia) according to the well-known rule for the evaluation ofVandermonde's determinant. Therefore det

«et 1»2 = det «e}- 1» det(et 1» = det (Tr (e~ 2» +k -

(3.21 b)

implies that d(f) is equal to the discriminant of the trace bilinear form n

Q(Yl,···,Yn;zt> ... ,zn)=

n

L L Tr(~~-I~tl)yjZj.

j;

(3.21c)

1 j; 1

It follows that for non-zero divisor discriminants the trace bilinear form is non degenerate. In other words, the equations (3.22a) for all '1ER[t]/fR[t] imply that (3.22b) An important application is made in the case that R has no nilpotent element other than zero, e.g. if R is an entire ring. In such a case the separability of f makes it impossible that R [t]1f R [t] contains nilpotent elements other than zero. This was shown above and follows again from the fact that the nilpotency of e implies the nilpotency of e'1 for '1E R[t]/ f R[t], i.e. Tr (~'1) = 0 and therefore ~ = o. Proposition

(3.23)

If the unital commutative ring R contains no nilpotent elements other than zero, then for any separable monic polynomial fER[t] also the equation ring R[t]1f R[t] contains no nilpotent elements other than zero. We have seen already that each monic divisor of a separable polynomial is separable. Therefore a repeated application of (3.23) yields Proposition

(3.24)

If the unital commutative ring R contains no nilpotent elements other than 0, then also the universal splitting ring S(f /R) contains no nilpotent elements "i' o. We extend the notion of principal equation, norm and trace to arbitrary overrings A of R with a finite R-basis WI' ••. , W n• For any element ~ of A there

55

Symmetric polynomials

holds an equation ~(WI"" ,WII) = (WI"" ,wn)M(~),

with a matrix

M(~) = (mjdER'1X ",

(3.25a)

meaning that

n

~Wk

=L j=

(1 ~ k ~ n).

mjkWj

(3.25b)

I

The mapping (3.25c) is said to be the regular representation of A over R relative to the basis WI'"'' Wn' We verify directly the R-homomorphism properties of M: M(~

+ IJ) = M(~) + M(IJ),

M(A~)

= AM(~),

M(~IJ)

for all The characteristic polynomial of the matrix PM(~)

~,

=

M(~)M(IJ)

IJEA, AER.

(3.25d)

M(~)

= P~ = det(tl n -

(3.26)

M(W

is defined as the principal polynomial of ~ over R. It is independent of the choice of the R-basis WI'''''Wn of A since the transition to another basis changes M to an equivalent representation of the form V-I MV (3.27a) with invertible transition matrix V of degree n over R (see chapter 3 (2.4». Thus P U-I M(~)U = det (tIn - V -I M(~)V)

= det(V-I(tln -

M(WV)

= det(V-I)det(tl n - M(Wdet V

= PM(~)

(3.27b)

for all ~EA.

By the 'generic argument' (that means by using generic elements and generic polynomials and specialization) we show that the principal equation always holds: (3.28) In particular, if A = R[t]/f R[t] for some monic non-constant polynomial ER[t], then the principal polynomial defined as characteristic polynomial of the regular representation coincides with the principal polynomial defined above. (Generically speaking there can be only one monic equation of degree n for ~ over R!) Correspondingly, trace and norm are defined by

f

n

TrAfR(~)

= Tr(e) = Tr(M(m = L j=

N A/R(~)

mjj ,

= N(~) = det (M(m = det ((mij»,

so that the rules (3.19) remain in force.

(3.29a)

I

(3.29b)

56

The group of an equation

3. The resultant Let R = if[a o, ... , a", bo, ... , bm ] be the polynomial ring in n + m + 2 variables over if, let

A(t) = aot" + a1t"-1

+ ... + am

B(t) = bot m+ b1t m - 1 + ...

+ bm

(3.30a)

be the 'generic' polynomials of degree n, m of R[t], let .Q(R) = Q(a o, . .. , a", bo, . .. , bm )

be the quotient field of

R, and

A(t) = ao

(3.30b)

let

n(t - xJ, n

j= 1

n (t - Yk) m

B(t) = bo

(3.30c)

k= I

be the factorizations of if, B in the extension algebra S(B/S(A/.Q(R))) of .Q(R) with n!m! basis elements

n n xfiy? "

m

(O~ftj
(3.30d)

j= 1 j= 1

Then (3.30e)

is a minimal splitting ring of AB over R and the n + m + 2 generators ao, XI'···' x n, bo, YI,· .. , Ym are algebraically independent over if. Therefore A is a polynomial ring in ao, Xl' ... , X'" bo, .Yt, ... , Ym over if with

(3.30f) as quotient field. There are the n!m! permutation automorphisms of .Q(A) over .Q(R) which permute the Xj among themselves as well as the Yj among themselves. They form the group (3.30g)

and the fixed subring of this group if .Q(R). It follows that the expression Res (if,

B):= a~bo

n n (Yj - xJ "

m

(3.31 )

j= 1 j= I

belongs to R and is irreducible in a o, al, ... ,a", bo, bl, ... ,bm because of the transitivity of the action of 6 n x 6 m on the Yj - Xj and the fact that the product of those differences is in R only after multiplication by suitable powers of ao, boo For any unital commutative ring R and for any two polynomials A(t) = aot" + alt"-I + ... + am B(t) = botm + b,t m- , + ... + bmER[t] (3.32a) the specialization R-+R via Izl-+I R ,

ajl-+a j

(O~i~n),

bjl-+b j

(O~j~m)

(3.32b)

leads to a polynomial expression Res (A, B) = Res".m(A, B) in ao, ... , a",

57

Symmetric polynomials

bo , ... , bm with coefficients contained in the subring of R generated by I R (the prime ring of R), which is said to be resultant of A, B. For any overring A of R which is a splitting ring of both A, B in accordance with A(t) = ao

n "

(t - x;),

B(t)

= bo

j= I

n m

(t - Yj)

(3.33a)

j= I

the specialization (3.32b) can be uniquely extended to the specialization

A-+A via Izl->I,,; aol-->ao,xjl-->xj (I ~i~n); bol-->bo,Yjl->Yj (1 ~j~m), (3.33b) such that Res (if, Ii) specializes to

nn n

Res(A, B) = a~bo

In

(3.33c)

(Yj - Xj).

j= I j= I

Hence, the new definition of Res (A, B) coincides with the one formerly given in case A and B are both monic. We note that the definition of Res (A, B) depends somewhat on the 'formal' degrees n, In which may not be the actual degrees in case a o or bo, or both, vanish. However, this dependence is not too serious since the result will be about the same, if for at least one of the two polynomials A, B the formal degree agrees with the actual degree. This is because of the formula Res (if, B) = ( - I )mn a~

n

m

j= I

k= I

n B(xj) = bon if(yd,

(3.34a)

n

(3.34b)

which by specialization turns into n

Res(A,B)=(-I)'"na~

j= I

B(xj)=bo

n m

A(Yj)

J= I

in any splitting ring of A, B over R in which (3.33a) holds. Hence, in case of ao = a l = ... = ak - I = 0 (k ~ n) we have b~ Resn-k.m(A, B) = Resn,m(A, B).

Analogously, for bo = b l

= ,.. = b,_1 = 0 (I ~ m)

(- I)n'a~ Resn,m_,(A, B)

(3.34c)

we have

= Resn,m(A, B).

(3.34d)

Also the order in which A, B are given presents no serious problem since we obtain again by specialization Res (B, A) = ( - I)nm Res (A, B).

(3.34e)

Similarly we have for scalar multiplication: Res(AA, B) = Am Res(A, B),

Res(A, AB) = An Res(A, B)

for all AER.

(3.34f)

The resultant is of course a very formidable expression, in fact, as derived from (3.31), (3.33c) it is a homogeneous polynomial of degree m in the variables

58

The group of an equation

and homogeneous of degree n in the Yl>"" Ym' If we give the 'weight' i to a j and the 'weight' j to b j , then the resultant is homogeneous of degree

XI"'" X/I

n in the weighted variables bI' ... ,b m and homogeneous of degree m in the weighted variables ai' a 2 , ••• , all' It is not advisable to compute the resultant term by term. However, for n ~ m any long division like A = QB + Ro

(Q, RoER[t], Ro of formal degree

m< m)

(3.35a)

leads via Res (A, B) = b~-'il Res (Ro, B)

(3.35b)

(derived from (3.34b), (3.34c), (3.35a)) to an easy transition from Res (A, B) to Res (Ro, B). Thus long division as explained in chapter 1, section 3 leads to a quite easy computation of Res (A, B), if we keep in mind that our formula remains intact for constant polynomials yielding Res (a o, B) = a~ = Reso.m(ao, B), } Res (A, bo) = b~ = Res/l.o(A, bo),

(3.36)

Res (a o, bo) = 1 = Reso.o (ao, bolo Traditionally, the resultant is interpreted as the determinant connected with the homogeneous linear system for the unknowns (0'(1""'(111-1' tfo, tf I, ... , tfll- I with the property that the polynomials

X(t) = (0 + elt + ...

+ e",_ltm-l,

Y(t) = '10 + 'lIt + ...

+ '1/1-lt"- 1

(3. 37a)

provide a solution of the polynomial equation XA

+ YB=O.

(3.37b)

If the resultant is zero, then there is a non-trivial solution to (3.37b) but the reverse is true for entire rings only. More important is the remark that generically speaking the resultant Res (A, n) is not zero (for example, specialize A to til, B to (t - 1)'"). Hence, there is a unique solution of

(3.38a) in terms of polynomials X, YEO(R)[t] of degree m - 1, n - I, respectively, such that the coefficients have Res (A, Ii) as common denominator relative to R. Hence, there is a unique presentation X I (A,

Ii)A + Y I (A, fi)Ii = Res (A, Ii),

(3.38b)

in terms of polynomials X I, Y I ER[t] of degrees m - I, n - I, respectively. As a consequence of the irreducibility of Res (A, Ii) it follows that any presentation X lit + Y2Ii = RI

(X 2, Y 2ER[t], deg(X 2) < m, deg(Y2) < n, RI ER) (3.39a)

59

Symmetric polynomials

is a multiple of (3.38b) so that. X 2 = AX I,

RI

Y2 = AYI ,

=

ARes (A, B) for some AE R.

(3.39b)

Thus, for example, there hold equations (compare chapter 1 (3.13» X(A, B)

= X I(A, B)L(A, B),

Y(A, B)

=

YI(A, B)L(A, B),

1

(3.39c)

F(A, B) = Res (A, B)L(A, B),

which upon specialization assume the form X(A, B) = X I (A, B)L(A, B), Y(A, B) = YI (A, B)L(A, B),

Res (A, B) = X I (A, B)A

} F(A, B) = Res (A, B)L(A, B),

+ YI (A, B)B.

(3.39d) (3.3ge)

Examples show that F(A, B) and Res (A, B) need not concide.

Example (3.40) 5 4 Let A I (t)=B(t)=t -t+l, A 2(t)=A(t)=5t -1. Then 25A 1 (t)= 5t A2(t) + A3(t) for A3(t) = - 20t + 25, and Res(A, B) = Res(A2' Ad = 25- 4 Res (A2' 25A d = 5 -4 Res(A2' A3)' In the next step we obtain (- 20)4 A 2(t) = ( - 40000t 3 - 50000t 2 - 62 500t - 79 125)A3 + A4 for A4

= I 797 125

and therefore

Res(A2' A 3 ) = ( - 20)-4 Res« - 20)4 A 2 ,A 3 )

= (-

20)-4( - 20)4 Res(l797 125, A 3 )

= I 797125 = F(A, B).

On the other hand, Res(A, B) = 2869 and thus

= 625, X I (A, B) = - 320t 4 - 400t 3 YI(A, B) = - 1600t 3 - 2000t 2 - 2500t - 3125. L(A, B)

500t 2 - 625t

+ 256,

If R is a factorial ring and the non-zero polynomials A, BER[t] have no common divisor, then there are polynomials X, YER[t] with deg(X) < deg(B), deg(Y) < deg(A) such that XA+YB=l.

(3.41 )

As the example A(t) = t 2 + I, B(t) = t 2 + 4 with Res (A, B) = 9 shows, any divisor of Res (A, B) has a presentation in the form X A + Y B in that case. See also exercise 4. We conclude our discussion of resultants by presenting an algorithm for their computation.

60

The group of an equation

Algorithm for computing resultants

(3.42)

Input. A, BER[t], deg(A) ~ deg(B) > 0, R a unital commutative entire ring (or R = Ro[a o, ... , all' bo, ... , bm ]). Output. Res (A, B)ER and polynomials X I> Y, ER[t] satisfying (3.3ge), respectively (3.38b). Step 1. (Initialization). Set Res(A,B)<---I, F<---A, G<---B, n<---deg(A), m <--- deg(B); Ai <--- t m - i, Ai<--- 0 (I ~ i ~ m); Bj<---O, B j <--- t"- j (I ~j ~ n). Step 2. (Pseudo-division). Set ho <---1(G) and compute via 1 (3.12) polynomials Q(F,G)(t)='L:':O'qit"-m-i and R(F,G)(t). Set s<--- n - deg(R(F, G», Res(A, B)<--- Res(A, B)(h~-m+ ')-mbt( _1)mn, Ai(t) <--- bo- m+' Ai(t) - 'L'j:~+i qj-iBit), Am<--- bo- m+' Ai(t) - 'L'j:;n+i qj_' Bj(tHI ~ i ~ m). In case R(F, G) is constant go to 4, else to 3. Step 3. (Interchange F, G). Set F <--- G, G <--- R(F, G), n <--- m, m<---deg(R(F,G»; Ci<---B i +s , Ci<---B i +s (I ~i~m); Bi<---Ai' Bi<---Ai (1 ~ i ~ n); Ai <--- C i , Ai <--- C\ (I ~ i ~ m) and go to 2. Step 4. (Termination). For R(F, G) = 0 set Res (A, B) <--- 0, X, <--- Am, Y, <--- Am; otherwise set Res (A, B) <--- Res (A, B)(R(F, G»m, X, <---Am(R(F,G»"'-', Y1 <---Am(R(F,G»m-'. Then terminate. Remarks

(3.43)

(i) The polynomials X" Y, obviously satisfy deg(X ,) ~ m - 1, deg(Yd ~ n - I. The example A(t) = t 2 + I, B(t) = t 2 + 4, however, shows that equality need not hold. Namely, in that case 9 = Res(A, B) = - 3(t 2 + 1) + 3(t2 + 4). (ii) The change of Res (A, B) in step 2 can usually not be carried out in R but only in .Q(R). This can be avoided by storing the mUltipliers bo and their exponents in each step separately and computing Res(A, B) only at the end of the algorithm, since we know that Res(A, B)E R. If zero divisors occur, then it is advisable to carry out the computations of Res(A, B) in Ro[a o, ... , an' bo, .. ·, bm ] and then to determine Res(A, B) at the end via a specialization procedure. Example (3.44) Compute Res(t 3 + I, 2t 2 - 2) in Z[t]. The single steps of the algorithm produce: 1. F(t)=t 3 + I, n=3, G(t)=2t 2 -2, m=2; A, =t, A 2 = I, A, =A 2 =0; B, = t 2 , B 2 = t, B 3 = I, B, = B 2 = B 3 = 0; Res (A, B) = 1. 2. 22(t 3 + 1) = 2t(2t 2 - 2) + 4t + 4, hence Q(F, G) = 2t, R(F, G) = 4t + 4, yielding s = 2, Res(A, B) = (2 2)-22 2 = 2- 2 , A, = 4t, A2 = 4, A, = - 2t 2 , A 2 =-2t.

Symmetric polynomials

61

3. F(t) = 2t 2 - 2, n = 2, G(t) = 4t + 4, m = I; Al = 0, ;C = I, BI = 4t, B2 = 4, -' BI = - 2t 2 , B2 = - 2t. 2. 4 2(2t 2 - 2) = (8t - 8)(4t + 4) + 0, hence Q(F, G) = 8t - 8, R(F, G) = 0, yielding s=2, Res(A,B)=2- 2(4 2)-14 2 =2-Z, A I =-32t+32, 2 AI = 16t - 16t + 16. 4. Res(A, B) = 0, X ,(t) = 32( - t + 1), fl(t) = 16(t 2 - t + 1). 4. Discriminant computation

Let

R = 1'[ao, a" ... , all]

(3.45a)

be the polynomial ring in ao, a" ... ,an; let A(t) = aot"

+ a,t"- I + ... + all

(3.45b)

be the 'generic' polynomial of degree n of R[t]; let Q(R) = iQ(ao, a l , ... , all)

be the quotient field of

(3.45c)

R, and let

a

A(t) = o

II

n (t - xJ

j=

(3.45d)

I

be the factorization of A in S(A/Q(R». We see as before that S(A/Q(R» is an extension of degree n! of Q(R) with the permutation automorphisms of xI"'" XII as automorphism group over Q(R) fixing simultaneously only the elements of Q(R). We also see that 1'[ao, X" ... , xn] is a minimal splitting ring of A over R and that the generators ao, X" ... , XII are algebraically independent such that the quotient field is S(A/Q(R» = Q(1'[ao, Xl"" ,XII]) = iQ(ao, Xl"" ,XII)'

It follows that the expression (3.45e)

belongs to R. For any polynomial A(t) = aot"

+ alt"- I + ... + aIlER[t],

(3.46a)

we obtain, by the specialization

R -+ R via I Rf-d R, a f-+ a (0:>; j :>; n) j

j

(3.46b)

applied to d(A), the discriminant d(A) of A. For any splitting ring A of A over R we have a factorization A(t) = ao

nII (t -

i= 1

Xj)

(XjEA,

I:>; j :>; n),

(3.46c)

62

The group of an equation

such that the specialization

R -+A

via

li!t-+

I",

aot-+a o ,

(l:::::; i:::::; n)

Xit-+Xi

(3.46d)

extends (3.46b), leading to the equation d(A)

n

= a~ I

(Xi -

(3.46e)

X k )2,

~j
which shows that the new definition coincides with the former one in case A is monic. Upon differentiation of (3.45d) we obtain A'(t) = ao

n

L i~

1

n

n (t -

j~

1

x),

(3.47a)

Hi

hence A'(x i ) = ao

n

n

j~

(Xi -

(3.47b)

Xj)

1

Hi

and -n-I Res (A- , A-')- ao

n'1 A-'(-)- ao n" n (- -) n

Xi -

i~

-211-1

1

Xi - Xj

i~

1

j~

1

Hi

Again, by specialization we obtain Res(A, A') = (- li~)a~-ld(A).

(3.48)

Thus discriminants can be computed quite easily as resultants of the polynomial and its derivative. For example, in (3.40) we found for R = 71, A(t) = t 5 - t + 1 that d(A) = 2869. In case AER[t] is monic we set X = tlA in R[t]IAR[t]. Then the left-hand side of (3.48) appears as the norm from R[t]IAR[t] to R yielding N(A'(x»

= (-l)Wd(A),

(3.49)

an often useful relation.

Exercises I. Carry out example (3.10) in detail. 2. Write

p(e I' e2,e3):= 2(e~ + e~ + W-

3(e~e2

+ e~e3 + e1e~ + ele~ + e~e3 + e2e~)

el'

as a polynomial in the basic symmetric functions of e2' e3' 3. Compute Res(A, B) for A(t) = t 3 + 2t 2 + 3t + 5, B(t) = 6t 2 + 8t + 9 over 7L. 4. Let A, BE7L[t]. Give a necessary and sufficient condition for Res (A, B) = gcd (A, B). 5. Specialize algorithm (3.42) to the case B = A'.

Indecomposable splitting rings

6. Compute the discriminant of t 6

+ t 3 + 3 over

63

Z and over Z/3.

7. (a) Compute the discriminant d(t" - a,,). (b) Prove d(t" + at + b) =(n - I)"-I( -a)" + ((c) Compute d(t 4 + a2t3 + a 3t + a 4 )·

d~)nnb"-I.

8. Let A be a commutative unital overring of the ring R with R-basis b l , ... , b". Let 'I' be a A-ring with A-basis C I , ••. 'C m and corresponding regular representation

M 1:'1' --> AnJXm:~ t--> M I(~) = (OCjk(W Also let M 2: A --> R n x n be the regular representation of A with respect to the R -basis b l , ... ,b".

(a) Show that M 3: 'I' --> R mn x mn: ~ t--> M 3m = (M 2(lXjk(~)))

is the regular representation of 'I' with respect to the R-basis formed by the products bjck(1 ~ i ~ n, I ~ k ~ m) in some order. (b) Show that

Tr'l'/RW = TrA/R(Tr'l'/A(~))' N'I'!R(~) = NA/R(N'I'/A(m for all

~

of '1'.

2.4. Indecomposable splitting rings Let us study the algebraic decomposition of universal splitting rings. For simplicity's sake we shall assume that the coefficient ring is indecomposable, e.g. any entire ring will do.

Theorem (4.1) The universal splitting ring S(f jR) of a monic polynomial (1.3) over an indecomposable unital commutative ring R is the algebraic sum of a finite number of indecomposable component ideals s

S(fjR) =

L eiS(fjR)

(4.1 a)

i=1

generated by the primitive idempotents (4.1 b)

of S(fjR). Proof Let e be an idempotent of S(flR) and let el = e, e2' ... ' eJl be the distinct Gn-conjugates (= images) of e. They generate under multiplication, complementation and addition of orthogonal idempotents a finite system of

64

The group of an equation

idempotents which is invariant under the application of 6 n and which is generated by summing up without repetition certain orthogonal idempotents e'l , ... , e~, of the system. By construction also {e'l , ... , e~,} is invariant under the application of 6". We number the e; in such a way that {e'l,e2, ... ,e~,,} is a ~,,-conjugacy class where 11" is a certain index for which I ~ 11" ~ ,i'. Hence, the sum e' = e'l + e2 + ... + e~" is an idempotent of S(fIR) which is invariant under the action of 6". We shall prove (4.2) For this purpose we show that e' E R implying (4,2) because of the assumed indecomposability of R. For n = 2 we obtain f(t) = t 2 + alt + a 2ER[t], e' = A + 11~ 2 (A, I1E R), I1E [0/2] by theorem (2.18), 211 = 0; ~I

e'

= -a l -e2' = A + 11~1 = A + 11( -

al

-

e2)

= A -l1 al -l1e2 = A+ lle2, l1a l = 0, e'2 = A2 + 2AI1~2 + 112~~ = A2 + 0 + 112( - al~2 - a2)

= A2 -112a2

= e' = A+ l1e2,

11 = 0,

e' = AER.

For n> 2 we apply induction as in the proof of theorem (2.18) so that e' ER[en-l] n R [en]' e'=Ao+AI~n-1 + ... +An-Ie~=!

(A;ER,O~i~n-l),

e'=Ao+AI~n+···+An-I~~-I.

(4.3a) (4.3b)

Furthermore,

and upon comparison of (4.3a), (4.3b) the coefficient of en~~= f must vanish: An-I = O. Hence, again by comparison of (4.3a), (4.3b): Al = ... = An- 2 = 0 and e'ER. As stated above, this implies e' = 1R' But 1R cannot be orthogonal to any idempotent, and we conclude 11' = 11", i.e. all the e; are conjugate under 6". Next we want to show that the idempotent e annihilates no element of R other than O. At first, we show this for e'l' Indeed, if e'la = 0 for an element aER, then it follows 0 = n(e'la) = n(e'da for all nE6 n implying o= 2:r~ I e;a = 1Ra = a. But e itself is a sum of some of the e;, say e = 2:7= I e;, where 1 ~ K ~ 11', Hence, any equation ea = 0 (aER) implies that e'l a = (e'l e)a = e'l (ea) = 0 and therefore a = O. Any system of orthogonal idem po tents I , ... , of S(f I R) is linearly independent over R since any R-relation 2:1= I A;e; = 0 (A;E R, 1 ~ i ~ m)

e

em

Indecomposable splitting rings

65

e

implies upon multiplication by j that AA = 0, hence Aj = 0, as we saw above. We conclude from this remark that m ~ n!. Otherwise there would be n! + 1 orthogonal idem po tents e1 , ••. ,ell' + I in S(f / R) which we can represent as R-linear combinations of the standard R-basis B given in theorem (\.6), say ej = LbEB ).jbb (Ajb E R) so that the rectangular matrix L:= (Ajb)(I1!+ I)x II! would be of rank n! + 1 according to the assumed linear independence of the ej • But the rank of L is clearly ~ n!, and therefore there can be at most n! orthogonal idempotents in S(f / R). It follows that there are only finitely many primitive idempotents, say e l , ••• ,es in S(f/R). They are mutually orthogonal implying (4.la). 0 ~orollary

(4.4) Under the premises of(4.1) the primitive idempotents e 1 , ••• ,es of S(f/R) are conjugate under the permutation automorphisms ofS(f / R), and the same applies to the component rings ejS(f / R) (I ~ i ~ s). Proof We saw in the proof of (4.1) that the permutation automorphisms permute the primitive idempotents and that there is only one orbit under the action of

6".

0

~orollary

(4.5) Under the premises of (4.1) there are monomorphisms Ilj:R -.ejS(f/R):aM eja (I ~ i ~ s), and the ith component ring ejS(f / R) is a minimal splitting ring of {iAf) over ejR. (Here iij denotes the canonical extension of Jlj to R[t].)

Proof From the proof of (4.1) we know that any relation eja = 0 for aER implies a = 0 (I ~ i ~ s). Therefore Jlj is injective. The factorization (\.6b) implies upon multiplication with ej that eJ(t) = OJ= 1 (t - ej~), hence ejS(f / R) is a splitting ring of eJ over ejR. Since ejS(f/R) is generated by the n! elements ej~jl'ej~~ ···ej~~"(O ~ i j <j; I ~j ~ n) it is clear that ejS(f/R) is a minimal splitting ring of eJ over ejR.

o Proposition (4.6) Let R, S(flR), e 1 , ••• , es as in (4.1). If A is an indecomposable minimal splitting ring off over R, say with factorization (1.2) for ao = I, then there is the epimorphism f-j:ejS(f/R)-.A satisfying f-j(eja) = a for all aER and ej(ej~k) = Xn(k) (1 ~ k ~ n) for some permutation 1[ = 1[ j E6".

Proof By theorem (\.6) there is an R-epimorphism e: S(f / R) -. A mapping ~k onto Xk (I ~ k ~ n). Under this epimorphism, the equation 1 = L.i= 1 ej becomes

66

The group or an equation

1A = Li = 1 c(e j), where c(e;) c(ej) = c(ejej ) = oije(ej) (1 ,,:; i,j ,,:; s). Because of the indecomposability of I\. there is an index i' such that e(e;) = 1A' and e(e) = 0 (I ":;j,,:; s,j #- i'). But e 1"'" e" are 6 n -conjugate because of (4.4). Hence there is ii = ii j E6. satisfying ii(ej) = ej, for each i (1 ,,:; i ,,:; s), and ej := eiile,S(flR) does the job. 0

Proposition Let R, S(f/R), e1, ... ,es as in (4.1).

(4.7)

(i) The elements of ejR are invariant under the 6 11 stabilizer Gj := {iiEG. Iii(e j) = eJ of ej (t ,,:; i ,,:; s). They are the only invariant elements of ejS(f / R) in case d(f) is 2-regular, i.e. 2d(f)x = 0 implies d(f)x = 0 for all XES(f / R). (ii) The restriction of the 6 11 -stabilizer G j of ej to ejS(f /R) is faithful in case d(f) #- 0 (I ,,:; i ,,:; s).

Proof (i) Let iiEG j • Obviously, ii(aej) = aii(e j) = ae j for all aER. In case d(f) is 2-regular we know already that each element of S(f / R) which is fixed by 6. belongs to R. Now let y = ejy be an element of ejS(f / R) which is fixed by Gj • There holds a coset-decomposition 6. = Ui= 1 gpj with gj depending on ej such that gl = id and {gl(ej), ... ,gs(ej)} = {e l , ... ,e,}. Hence, for each element gE6 n there hold equations ggjGj=YP(g.j)G j, where p:6 n -+6" is a transitive permutation representation of 6 n based on the left-multiplication action on the left-cosets gjG j. Hence, z = :Li= I gj(y) = y + other components is invariant under all gE6. and therefore ZER by (2.18) implying yEejR. (ii) For 0 #- d(f) = TIl ";j
e

o We have studied only the restriction of the permutation automorphisms to the minimal splitting rings ejS(f/R) of eJ over ejR. In general, there are other automorphisms too. It may not even be possible to single out the restriction of the permutation automorphisms from among them, purely by looking at the structure of ejS(f / R). This situation changes, if R is a field.

Theorem (4.8) Let R, S(f, R), ej (t ,,:; i ,,:; s) as in (4.1) and II;. ,-I j as in (4.5). If R is a field and f is separable, then ejS(f, R) is a minimal splitting extension of [ij(f) over flj(R). Its degree is equal to the order of Gj • Every automorphism of ejS(f /R) over ejR is obtained by restricting some element ofG j to ejS(f/R).

Indecomposable splitting rings

67

Proof If R is a field then the R-dimension of each of the s ideals eiS(f IR) is the same number d by (4.4). By (4.la) sd = dimR (S(f IR)) = n!. According to (3.24) there is no nilpotent element '# 0 in S(f IR). If there is a zero divisor ~ '# 0 of eiS(fIR) then it may be chosen in such a way that it generates an R-subalgebra M of eiS(f I R) of minimal R-dimension 11. There is a non-zero element " of eiS(f I R) for which ~" = 0, hence M" = 0, hence every non-zero element of M is a zero divisor of eiS(f I R), and each of them generates an F-subalgebra of the same dimension 11. Hence, eM = M, eM is a field, it has a unit element e, e is an idempotent of eiS(f I R) distinct from ei, contrary to (4.1). It follows that eiS(fI R) is a field. Using (4.5) it follows that eiS(f I R) is a minimal splitting extension of [ii(f) over lli(R). The restriction of Gi to eiS(fI R) is a group of automorphisms of order d because of (6 i:G i) = s. Now we show that there cannot be more than d automdtphisms of eiS(fI R) over e;R by an induction argument. If all roots ei~j belong to eiR then we have e;S(fIR) = eiR, d = I, and we are done. Choose ei~j in such a way that eiR[ei~j] = F is an extension of eiR of degree d 1 > 1. It follows that the minimal polynomial m of eiej over eiR is irreducible of degree d1 . Denoting by Gij the stabilizer of ei~j in Gi and setting

e

(G;:Gij)

Gi

= U

9k G ik'

k=l

it follows that the Gi-orbit of ei~j consists of the (Gi:G i) elements 9kei~j

(I ~k~(Gi:Gij)).

The equation m(eie) = 0 implies the equation m(9keie) = O. Since the polynomial m has at least d 1 distinct roots it follows that

d1?(Gi:Gij),

IGijl?dld!,

hence by induction the degree of eiS(fI R) over F is at least IGijl. On the other hand, it is did! by the degree theorem (exercise 5 in chapter I, section 3). Hence, IGijl

= did!, (Gi:Gij) = d!, Gijle;S(flR) = Aut (eiS(fIR)IF), Gde;S(flR) = Aut (e;S(f I R)leiR).

Thus (4.8) is demonstrated. The last remark shows that for every chain or finite extensions

F = F0

S;

F 1 s; F 2 s; ". s; Fr = E,

o (4.9a)

68

The group of an equation

and (4.9b) of the field F there cannot be more than [F i + 1 :F;] distinct automorphisms of F i + lover Fi (0 ~ i < r) and upon using the degree theorem (exercise 5 in chapter I, section 3) r-1

[E:F] =

0

[F i + 1 :F;]

(4.9c)

i=O

so that the maximal number of automorphisms of E over F is equal to the degree. But every finite extension E of F is obtainable as in (4.9a), (4.9b). Indeed, for E = F this is trivial. Otherwise E contains an element 'II not contained in F and hence F 1 = F('I d has degree> lover F. Continuing this process yields (4.9a), (4.9b). Thus it is shown that any finite extension E of F has at most [E:F] automorphisms over F.

Definition (4.10) Thefinite extensio"..E of F is said to be a normal extension of F if the number of automorphisms of E over F is equal to the degree [E:F]. For example any minimal splitting extension of a separable polynomial over F is a normal extension. Conversely, we show that every normal extension E of F can be presented (in many ways) as minimal splitting extension of a suitable monic polynomial over F. Firstly let us point out that the fixed field of Aut (ElF) is F. Otherwise it would be a subfield Eo properly containing F, hence [Eo:F] > I and by the degree theorem [E:Eo] < [E:F]. But there cannot be more than [E:Eo] distinct automorphisms of E over Eo. Hence Eo = F. Secondly we show that every element x of E satisfies a separable minimal equation over F. Indeed, let the monic non-constant polynomial mx of F[t] be the minimal polynomial of x, i.e.

mAx) = O.

(4.lla)

Applying the elements ex of G = Aut (ElF) to the minimal equation we find that

mAex(x)) = O.

(4.llb)

= O'(t -

(4. tic)

Upon forming the polynomial

f(t)

ex(x)),

aeG

where the accent at the product symbol indicates that only distinct factors occur, we discover that f is invariant under Aut (ElF), which means the coefficients off belong to the fixed field F. But (4.11 a-c) imply that f divides mx. Hence, f = mx , mx is separable, the minimal equation is a separable

69

Finite fields

equation for x. Finally, we point out that E can be finitely generated over F, for example any F-basis will do. Let E = F(x 1 , ..• , x r ), then E is a minimal splitting field of m X ,mX2 '" m Xr ' If some of the factors are equal, omit repetitions, the remaining polynomial will be a separable monic polynomial of F[t] with E as minimal splitting field. Normal extensions form the fundament of algebraic number theory. It is their automorphism group which plays the key role in the discussion of structure. To have this discovered and clearly established forms the immortal contribution of E. Galois to the theory.

Exercises 1. Let E/F be a normal extension with Galois group G. Prove for eEE: Tr(e) =

L a(ej,

N(ej=

n a(ej.

a.G

2. (a) Form the universal splitting ring S(f /71.) for f(t) = (t 2 + l)(t 2 + 4) and show that its primitive idempotents generate components with zero divisors. How many are there? (b) What happens over Q in place of 71.?

2.5. Finite fields Historically speaking C.F. Gauss [5] was the first mathematician to make extensive computations in finite fields other than 7L/p7L = 7L/p. The projected last chapter of the Disquisitiones arithmeticae (chapter 8) was devoted to their thorough study. Gauss introduced them as equation rings of irreducible polynomials over 7L/p. Thus he used new domains of rationality possibly independent of their origins in number theory, but he refused to give the concept a name. E. Galois introduced the finite field concept in his classical memoire: Sur la Theorie des nombres (Bulletin des sciences mathematiques de Ferussac, XIII, §218, June 1830) as follows [4]: Soit une pareille equation ou congruence, Fx = O. et p Ie module. Supposons d'abord, pour plus de simplicite, que la congruence en question n'admette aucun facteur commensurable, c'est-
+ Pxx.

Dans ce cas, la congruence n'admettra donc aucune racine entiere, ni me me aucune racine incommensurable du degre inferieur. II faut donc regarder les racines de cette congruence comme des especes de symboles imaginaires, puis qu'elles ne satisfont pas aux questions des nombres entiers, symboles dont I'emploi dans Ie calcul sera

The group of an equation

70

souvent aussi utile que celui de l'imaginaire ( - I)~ dans I'analyse ordinaire.

From this reason we speak about finite fields also as Galois fields. In the sequel we discuss finite fields from a constructive viewpoint. For a detailed discussion of Galois fields we refer the reader to the book by Lidl and Niederreiter [11].

1. Gauss' routine for primitive roots In order to find a primitive root, i.e. a generator of the multiplicative group IF x of a finite field IF = IF q of q elements we make use of Gauss' algorithm [S]. We enumerate the non-zero elements of IF in some suitable way, say (S.l ) where it is not demanded to have a big list or table ready for use, we merely need to know a method to find another element X k + 1 E IF x in case XI" .. ,Xk already are known as distinct elements of IF x and k < q - 1. We shall call an algorithm which produces all elements of IF' without repetition a potential list of IF x • F or each element Xi we need to determine its order ord (Xi) in IF x. For this purpose we use the Fermat theorem yielding

xy-I = 1

(S.2)

and a prime factorization s

q-l

= n pr'

(lli EN )

(S.3a)

i= 1

of q - 1. Suppose we know already that

xi = 1

(S.3b)

for some divisor s

m=

n Pi'

(ViE£', 0 ~ Vi ~ Ili)

(S.3c)

i=1

of q - 1, then we test in sequence the equations

xi'P' =

1

(S.3d)

for each prime number Pi (1 ~ i ~ s) for which Vi> O. If (S.3d) holds for some index i, we replace m by m!Pi and start all over again. If none of the equations (S.3d) holds, then we know that m

= ord(x i ).

(S.3e)

Next we form m l = ord (x I)' m2 = lcm(ml' ord(x 2 )),··., mk = lcm(mk -I' ord (x k)). We note that ord (xy) = ord (x) ord (y) in case gcd (ord (x), ord (y)) = 1.

(S.4)

71

Finite fields

(5.5)

Proposition There is an index k, k ~ q - l,for which mk = q - 1,

(5.5a)

and a primitive root of IF" can be constructed as a power product of x I

, ...

,xk •

Proof Since we know already that there exists a primitive element of IF", say x, that element is among those of (5.1), hence (5.5a) is established. But of course (5.5a) will usually arise much earlier than the occurence of x. This is because the numbers m l , m2"" form an ascending divisor chain terminating with q - 1. For the second statement of (5.5) we merely have to construct a power product x'y' for any two elements x, y of IF" such that ord (Xiyi) = km (ord (x), ord (y». Let B be a basis of the divisor cascade of S = {ord (x), ord (y)}. Then we obtain ord (x) =

nb"x,

ord (y) =

beB

and therefore km (ord(x), ord (y)) =

i:=

nb"y

beB

Hence, for

nbeBbmaxll""'rl.

n b"x,

j:=

n b"Y,

beB

beB

JIx~J'Y

JI},~Jlx

the elements Xi, yi have orders ord (Xi) =

n b''', ~B

J/~~II,

ord (yi) =

n b"y. ~B ~>Jlx

(Obviously, for iI ord (x) we have ord (Xi) = ord (x)/i.) Therefore the product xiyi has the desired order since ord (Xi), ord (yi) are now coprime. D

Remarks (i) It is clear that the method of the proof also applies to elements of a finite

abelian group. (ii) For an efficient performance of Gauss' algorithm we remark that for each new element Xi we first test whether X7';-1 = t already. In that case Xi is of no help in increasing mi-I and we proceed to x i + I with mi = mi - I . Especially, Xi = 1 and Xi = - 1 (for 2Im i - l ) can be omitted. (iii) It should be pointed out once again that the algorithm of Gauss can also be used to establish the existence of a primitive root. The field property of IF is invoked at the point when we obtained a power product of x I"'" X k of order mk = q - 1, since there cannot be more than q - 1 solutions of the equation x q - I = 1 in IF. On the other hand, if one is not sure whether a finite unital commutative ring R is a field, then Gauss' algorithm forms the basis for many tests. The main difficulty in that case is to establish equations x e = 1 (eE f\I) for any x i= 0 of R. This method is used, for example, to decide whether

72

The group of an equation

a given large number x is a prime number. It turns out to be easier to search for a primitive element than for a zero divisor. (iv) For IF = 7L/2 the unit element is the primitive root. For IF = 7L/p (p > 2) Gauss used the sequence Xl = - I, X 2 = 2, X3 = 3, X4 = 5, .... Experience shows that this procedure yields a primitive root in about log p steps, though with the present knowledge of analytic number theory no comparable estimate is demonstrable. (v) If IF p" is given as IF p[t]/ IIF pEt], where I is a monic irreducible polynomial of degree n> 1 of IF pEt], then one may arrange

Xi=
1/5=(2/5)°,

2/5 = (2/W,

-1/5=(2/5)2,

-2/5=(2/5)-1.

The corresponding index table is

2 ind (x)

0

-2

-I 2

- I

with the integers 1,2, - I, - 2 representing the elements x of IF; in the first row. Regarding multiplication and exponentiation indices behave like logarithms according to the rules ind (xy) == ind (x)

+ ind (y)

ind (xm) == mind (x)

mod (q - I), mod (q - 1),

I.e.

ind (xy)

= R(ind (x) + ind (y), q - I),

ind (xm) = R(m ind (x), q - 1)

(x, YEIF:, mE7L).

Indices can be used in place of the elements of IFq upon tagging the zero element by some additional symbol, say 00: ind (0) = 00. Then both rows of the index table become in case of q = 5:

x ind (x)

II

0

2 I

-I

-2

0

2

-I

00

73

Finite fields

In any case ind: IF q --+ { oo} U {XE7L 1- q < 2x ~ q} is a bijection. For the purpose of doing additions as well we use a second table of 'additive indices' connecting the values ind (x) and ind (l + x) for xElF q • Again, for q = S we obtain ind(x)_ ind(l

J

00_ _ 0 _ _ _2_ _-_1

+XfTO

By the use of x ind (x

+ y) = =

+ y = x(l + (ylx))

R ( ind (x) R(ind (x)

1

-I

2'

00

we get

+ ind ( 1 + ~ ). q -

1)

+ ind (I + ind - 1 (R(ind (y) -

ind (x), q - 1))), q - I).

(S.6) 2. The construction of finite fields Let p be a rational prime number and nE N. The Galois field IF p" is usually defined as a minimal splitting field of t P" - t over 7Llp. But that construction is too time consuming. Of course it suffices to know an irreducible monic polynomial I of degree n of 7Llp[t] = IF pEt] since IF p" ~ IF p[t]1 IIF pEt].

(S.7a)

In greater generality we deal with the construction of (S.7b)

where q = pn and IE IF q[t] is monic and irreducible. As in many constructive problems there are two ways competing for consideration, one more aleatoric (from alea = dice; one believes that dice throwing produces the numbers 1-6 randomly), the other one more deterministic. The aleatoric method is based on the observation that the number Am,q of monic irreducible polynomials of degree m over IF q is roughly 11m of the total number qm of monic polynomials of degree m, as we shall show below. In other words, if one chooses randomly a monic polynomial

I(t) = t m+ a1t m- 1 + ...

+ amElFq[t],

(S.8)

the probability that I is irreducible is about 11m. One believes that picking out m elements a1, ... ,amElFq independently can be done randomly so that an irreducible f can be produced 'completely by chance'. The fundamental problems arising from the construction of random sequences are very well discussed in the paper by Niederreiter [12].

74

The group of an equation

In order to produce a formula for the number Am.q of monic irreducible polynomials of degree mover IFq we need some preparations in the form of propositions and theorems.

Proposition (5.9) Let R be a unital commutative ring and r, sEI~J. Then we have: (t S -1)I(tr -1) in R[tJ¢>slr in N. (For R = Z the specialization t~ mEZ"'2 yields: (m S

-

1)I(mr

-

I)~slr.)

Proof Let r = Q(r, s)s + R(r, s) such that 0 ~ R (r, s) < s. Then we obtain tr _

I=

+ tR(r.s) I) + tR(r.s) -

tQ(r.s)stR(r.s) _ tR(r.s)

= tR(r.s)((ts)Q(r.s) _

I I,

and because of (ts)Q(r.s) -

I = (t S - I)

Q(r,s)- 1

L

(tS)i,

i=O

the equivalence

R(r, s) = O~(tS - 1)I(tr

-

I)

o

holds.

(5.10) Theorem Let IFq = IFp" and mEN. Then t qrn - tElFq[t] is the product ofall monic irreducible polynomials gEiFq[t] for which deg(g)lm.

Proof The proof is carried out in three steps. (i) Let gElFq[t] be monic irreducible with deg(g)lm. We shall show g(t)l(t qm - t). The case g(t) = t is trivial. We therefore assume that g(t) #: t and x#:O is a zero of g. Then IF:= lFix) is a field extension of IFq of degree deg(g) and 9 is the minimal polynomial of x. Since IF x is cyclic we must have xqd •• (91-1 = I and therefore g(t)l(t Qd •• (91- 1 I). Then (5.9) implies (qdeK(g) - 1)1 qd qm 1 (qm _ I) and also g(t)l(t •• (9)-1 - 1)I(t - - I). (ii) Let g(t)ElFq[t] be monic, irreducible and dividing tqrn - t. We show: deg(g)lm. Again the case g(t) = t is trivial. We assume that g(t) #: t and that x#:O is a zero of g(t). Let Y be a primitive root of IF:= IFix), i.e. ord (y) = qdCK(9) _ I in IF x • There is a presentation

Y=

dCK(9)

L

i= 1

Yi Xi - 1

(YiElFq, I ~ i ~ deg(g)),

Finite fields

75

from which we obtain

yqm_ - y pnm_ - (

deg(g) ~

L.

Yi X

i-I

)pnm

_

de~g) pnnt

Yi

-

X

(i-l)pnm_

-

i= 1

i= 1

deg(g) '"

L.

j=

Yi X

;-1_

-

y.

1

Hence, qm - I is an exponent of Y which is divisible by ord (y). Again with (5.9) we conclude (qdeg(g) - l)l(qm - l)=>deg(g)lm. (iii) Let g(t)ElFq[t] be monic, irreducible and dividing t qm -t. We show (g(t))2 J(tqm - t). Otherwise we had gcd (tqm - t, (tqm =p 1. But because of (t qm - t)' = qmt qm - 1 = - I in IF q[t], obviously the gcd is 1. 0

tn

Corollary A monic polynomial f ElFq[t] is irreducible, for all j (1 ~ j ~ deg (f)/2).

if and only if gcd (f(t), tqi -

(5.11) t) = 1

Corollary (5.11) can be used to test polynomials fElFq[t] for irreducibility. For larger values of q = p. and deg(f), however, we need improved methods for the computation of the corresponding gcd's. We first compute R(tP,f(t)) =:
(5.12a)

and then successively (5.12b) up to a bound k determined by the inequalities 2k

~ n d~gf < 2k+ 1 .

(5.12c)

Using the 2-adic representation k

.i =

L b i2i

(biE{O, l},O~i~k),

(5.12d)

i=O

with bj = I exactly for the indices i, < i2 < ... < ii' we obtain the congruence t Pi ==

A.. '1",

(A.. ( ... (A. (t))))modf, '1'/ '1'1/ 2

(5.12e)

permitting us to determine (5.12f) in a modest number of steps. Finally, we get R(tPJ - t, f) = R(t Pi , f) - t and

gcd (t Pi - t, f)

= gcd (R(t Pi -

t, f), f).

(5.12g) (5.12h)

The group of an equation

76

The formula for the numbers Am.q will come out as a consequence of (5.10). However, for the proof we need a well-known function from elementary number theory which will be useful also in later sections.

Definition (5.13) Let the function 11 be defined on N as follows: for x = 1 set Il(x) = 1. If x contains a square factor set Il(x) = O. Finally, if x is a product of r distinct primes set Il(x) = (- 1)'; 11 is called the Mobius Il-function. Its useful properties are contained in Proposition

(5.14) I for n = I

= { Oelse

(a) For nEN we have Ldlllll(d)

.

(b) Let f, g: N -+ R (R a unital commutative ring), then (VnEN:f(n) = L,/llIg(d))=-(VnEN:g(n) = Ldlllll(d)f(n/d)). (This is well-kllowlI as the Mobius inversion formula.)

Proof (a) The case II = 1 is obvious. For II> 1 ::::; i::::; r) the prime factorization of II. summand different from zero for which (l ::::; i::::; r). There are exactly (D divisors the others O. Therefore we have l>(d)= din

(b)

t

(_I)k(r)=

k

k= 0

t

1, liEN, let n = p7\, ... 'p~r (miEN, Only those divisors of II yield a the exponent of Pi is either I or 0 of II for which k exponents are 1,

(r)lr-k(_I)k=(I_I)k=O.

k

k=0

"="~ ll(d)fG) = ~Il(d) ~g(e) = ~ Il(d) ~ g(e) = L g(e) L Il(d) = g(lI) by (a). cll~

"'n

"<="L g(d) = L L Il(e)f(~) = L e

din f\d

din

Il(e)f(e)

eel=n

= L f(e) L Il(e) = f(lI)

by

(a).

D

el~

Finally, we compute the A m •q •

Theorem (5.15) Let Am.q denote the number of monic irreducible polynomials ofdegree m oflFq[t]. Then we have: (a) qm

= L dA d •q , dim

77

Finite fields

(c) Am,q ~ I, (d) Am,q'" qm 1m for m -HX) ,

Proof (a) This is a consequence of (5.10) by considering the degrees of the involved polynomials, (b) Let f(m):= qm, g(m):= mAm,q for all mEN, From (a) we obtain f(m) = Ldlmg(d) and the Mobius inversion formula yields

g(m) = mAm,q =

L j1.(d)f dim

(j)

=

L j1.(d)qm/d dim

which proves (b), (c) According to (b) we get

Am,q~~(qm- L qm/d)~~(qm_ mt m

= ~ (qm _ m

m

I
1

qd)

d-O

qm - 1) q-I

I

1

m

m

~_(qm_(qm_I))=_>O.

o

Then Am,qE;E yields (c). (d) Obvious.

Examples

(5.16)

(a) If m is a prime number, then Am,q (b) For q = 2 we find 1 2

m Am~

corresp. f(t)

2 1 t, t + 1 t 2 + t + 1

= (1Im)(qm 3

2 t3 + t + 1 t3 + t2 + 1

q), 4 3

5 6

6 9

t4 + t + 1 t4 + t 3 + 1 t 4 + t 3 + t 2 + t + 1.

The determination of the irreducible polynomials of degree 5, 6 is left as exercise 4,

Deterministic methods of constructing IF qm seek to construct specific monic irreducible polynomials of degree mover IFq • Let m=

•

npi'

j= 1

(sE;E>o; Pl'''''P, VjEZ>O, I";;

distinct prime numbers; i,,;; s),

(5.17)

The group of an equation

78

m:= gcd (m, q -

1).

(5.18)

Then the first step is the construction of an extension E over IF q of degree m. It is based on the knowledge of a primitive root w of IFq. (5.19)

Proposition.

Let w be a primitive root of IFq' Then E:= IF q[t]/(t m- w) IFq[t] is an extension of IFq of degree m. Proof We note that IFq contains a primitive mth root of unity, say (m' Hence, any extension of IFq containing one root of tm- w does contain all roots of that polynomial. We conclude that every irreducible factor of tm- w in IFq[t] has the same degree, say k. Let g(t)EIF q[t] be such an irreducible factor. Its constant term is of the form w k/",(;, for a suitable integer v. On the other hand it must be in IF q and therefore be representable in the form w lt (;, for an appropriate exponent 11. Hence, w = W/,m/k and because of klml(q - 1) we obtain m= k. 0 In the second step an extension E of degree p of the finite field IF of characteristic p is constructed. For this purpose we study the Weierstrass mapping for rings R of characteristic p, denoted by p because of the surprising connection between elliptic function fields of characteristic 0 and of characteristic p which was discovered in this century. It is defined by p

p

= p : R -> R: x f-+ x P - x,

(5.20a)

and is an R + -endomorphism because of

p(x + y) = (x + y)P - (x + y) = x P- x + yP - Y = p(x) + P (y) (5.20b) for all x, yE R. If R is unital, the prime ring of R ( = {m· 1R ImE;E}) belongs to the kernel of p . If R is also an entire ring, then the elements of the prime ring are the only elements of R which lie in ker (p). Hence, in case of R being a finite field IF of q = p. elements we find that p (IF) is a submodule of index p in IF+:

(5.20c) At least one of the n elements w, w 2 , ••• , w· (w a primitive root of IF) is not in p(IF). For eEIF with e¢p(lF) the extension

E:= IF [t]/W - t - e)

(5.20d)

is of degree p over IF. To prove this we make use of the theorem of ArtinSchreier:

Finite lields

79

Theorem (5.21) Let F be a field of prime characteristic p and let E be a normal extension of F of degree p. Then there exists an element '1EE such that

E = F('1)

(5.21a)

e:= '1 P- '1 EF,

(5.21b)

erl p (F).

(5.21c)

Conversely, given eEF, the polynomial f(t) = t P- t - eEIF[t] either splits over F or is irreducible. In the latter case a root '1 of f generates a cyclic extension E = 1"('1) over I" of degree p. Proof The proof is done in several steps. (i) We show that TrE/F({J) = Tr ({J) = 0 for {JEE, if and only if there is an element rxEE such that {J = rx - (1(rx), where (1 generates the cyclic group Aut (E/ F) of order p. (This ~ a special case of the additive version of Hilbert's Theorem 90.) For each {J of the form {J = rx - (1(rx) the trace vanishes:

Tr({J)

=

P

P

i= 1

i=1

L (1i({J) = L «(1I(rx) -

(1i+ 1(rx)) = (1(rx) - (1P+ 1(rx) = o.

Conversely, we assume Tr ({J) = 0 for some {J E E. Since the trace bilinear form is non degenerate «3.21a-c), (3.22a, b)), there exists YEE with Tr (y) #- O. Define rx by

to obtain Tr(y)(rx - O"(rx» = {JTr(y). (ii) We show the existence of '1EE subject to (5.21a-c). Since Tr( - 1) = 0 because of characteristic p, there exists '1E E such that (1('1) - '1 = 1 by (i). This implies (1i('1) = '1 + i (1 ~ i ~ p), i.e. '1 has p distinct conjugates. Therefore, we obtain [F('1):F] ;::: p, hence E = 1"('1). Furthermore,

(1('1 P- '1) = (1('1)P - (1('1) = ('1 + l)P - ('1 + 1) = '1 P- '1, i.e. the element e:= '1 P - '1 is fixed under (1 (and therefore under Aut (ElF» and must be in F. Finally, to prove (S.2Ic) we note that in case of eep(F), say = p('), we would have that '1 and, would differ only by an element of ker(p) c I" which is of course impossible. (iii) Let f(t) = t P- t - eEF[t] and '1 be a root of f. Then also '1 + i

e

80

The group of an equation

(l ~ i ~ p) is a root of f. Hence, the roots of I are all distinct and if one of them belongs to F they all do. For the rest of the proof we assume that I has no root in F. We show that I is irreducible in that case. For any gEF[t], gil, deg(g) ~ I we consider the coefficient of g of the power tdeg(g)-I. It is a sum of terms - (1'/ + i) for precisely deg (g) different integers i (I ~ i ~ p), hence it is of the form - deg (g)I'/ + k for some integer k (I ~ k ~ p) and does not belong to F, proving t~e irreducibility of I. All roots of I lie in E:= F(I'/), and they are all distinct. Therefore ElF is a normal extension of degree p. Its (cyclic) Galois group is generated by the automorphism a: 1'/1-+ 1'/ + 1.

o

In the third and last step we construct an extension E of IF = IF q of degree

p, where p i= p is a prime number not dividing

q - I (especially

p is not 2).

Let d be the order of q mod p so that pnd

== I mod p,

pni

¥= I mod p for I ~ j < d.

(5.22a)

Then there is an exponent v ~ I such that pnd

== I mod pV,

pnd

¥= I mod pV+ I.

(5.22b)

Using induction and the methods of the first two steps we construct an extension E 1 of IF of degree d over IF. It contains a primitive pVth root of unity, say (I' By construction (5.22c)

is an extension of degree p of E 1• We know from elementary number theory the existence of an integer j of order ¢(p'') modulo p"+ 1 (¢ is Euler's function, see section 12 and chapter 5 (4.5». Now it follows from cyclotomic theory (section 12) that the polynomial

Ip.• (t):= is irreducible of degree

bl (t - :~: (i'i+<)

(5.22d)

p over IF. (See also exercise 8.)

3. Factorization of polynomials

Finally we investigate the task of factorizing a polynomial I of IF q[t] into a product of (monic) irreducible factors. Without loss of generality we can assume that I is monic. Using divisor cascading (which includes formal differentiation and pth root formation here) we find a factorization

81

Finite fields

deg(f)

f =

n fi.

j;

(5.23)

1

with separable mutually prime factorsflJ2, ... Jdeg(f) (many of them being 1). There remains the task to factorize a given separable monic non-constant polynomial f. If f(O) = 0 then we find a factorization f(t) = g(t)t with gEiF q[t], g(O) o. There remains the task of factorizing a separable monic non-constant polynomial f of IF q[t] with f(O) O. Following St. Schwarz ([13], [14], [15]) we make use of the formula (established in (5.10»

*

*

(5.24)

*

where 9 1' ... ' gbq.d are the irreducible monic polynomials t of degree dividing d (dEN). For m = 1,2, ... we determine a factorization deg(f)

f=

nh

(5.25)

j

j=

1

into the product of mutually prime monic polynomials hi> hj being the product of all irreducible monic polynomials of degree ; dividing f. The hj are computed in the following algorithm.

(5.26)

Equal-degree factorization off

*

Input. f Elf q[t] monic, separable, non-constant with f(O) O. Output. hjElFq[t] (l ~; ~ deg(f» such that hj is the product of all irreducible monic polynomials of degree; over IFq dividingf. Step 1. (Initialization). Set hj <- 1(1 ~ ; ~ deg (f», h <-f, ; <- 1. Step 2. (Divisors of degree i). Set hj <- gcd (h, t q;- 1 - 1), h <- hlh j. For h = 1 terminate, else go to 3. Step 3. (Increase i). Set; <-; + 1. For 2; ~ deg (h) go to 2, else set hdeg(h) <- h and terminate. It remains the task to factorize f in case off being the product of distinct monic irreducible polynomials all of degree d and different from t. For d = dcg(f) the polynomialfis obviously irreducible and we are done. Hence, we assume deg (f) > d. If q is odd and d = 1, then we suggest a probabilistic method based on the observation that the squares of elements of IF; form the cyclic subgroup (1F;)2 of order (q - 1)/2. They are the solutions of the equation x(q - 1 )/2 -

I =0

(5.27)

82

The group of an equation

in IF q. Hence, the expectation to find an element of IF; to be a square is !. We note that gcd (f, t(q- 1)/2 - 1) is 1, if every root of/is a non-square; it is/, if every root of/is a square. Otherwise it yields a proper non-constant divisor of /. Therefore the probability of not finding such a divisor of/is only

2((q - 1)/2) deg(f)

(5.28)

If we do not obtain a proper factor of / this way, then we try the same procedure for/(t + a), obtained from/by Tschirnhausen translations, where aEIF; is randomly chosen. From a prospective factorization /(t

+ a) = g(t)h(t) (g, hElFq[t] monic non-constant)

(5.29a)

we find the corresponding proper factorization of /(t) via /(t)

= g(t - a)h(t - a).

(5.29b)

This method is bound to break up/, if enough elements a are tried out. The expectation of no break in k tests is at most

(5.30) If q is odd and d > 1, then we construct IFqd as above so that / will become a product of linear factors over IFqd. Thereafter we apply the same method as above. Once we obtain a factorization / = gh of / into monic non-constant polynomials g, hover IFqd' we apply the Frobenius automorphism

(5.31) (to the coefficients) on both sides. Certainly n(f) = /. For n(g) = g also g is in IF [t] and we have succeeded in breaking up / over IFq. Then we can apply q • . the same procedure repeatedly. For n(g) i= g we obtain d factOrIzations / = ni(g)ni(h) (l ~ i ~ d). A basis of the divisor cascade of {g, n(g), ... , nd- I(g), h, n(h), ... , nd-I(h)} is a system B of monic non-constant polynomials of IFqd[t] the product of which is /:

/=TIb.

(5.32)

beB

Moreover, B is invariant under n. Again, if n(b) = b for some bEB, then that bElFq[t] is a proper divisor of /. If n(b) i= band B does not only consist of
83

Finite fields

I < did;

,i(b) = b;

b, n(b)"." i

I(b) are distinct,

(S.33a)

J

g=

fl

(S,33b)

ni(b)ElFq[t],

;==1

and g is a proper divisor off over IF q' There remains the case I < did, nJ(b) = b,

(S.34a)

and B consists of the d distinct polynomials b, n(b), ... , nJ·I(b) with = TI:i~ I ni(b). In this case b is not irreducible over IFqd. We apply the method described above to get a partial factorization b = b'b" with monic non-constant polynomials b', b" over IFqd. Again, upon forming a basis BI of the divisor cascade of {b', n(b'), ... , nd(b'), b", n(b"), ... , nd(b")} we reduce the task as above to the case that BI = {bl' n(bd, ... ,nd,-I(b l )}, where

f

(S.34b)

Continuing in this way we arrive at a break off after finitely many steps. If for2111d and form q is even , say q = 2" , then we set d 1 = {d2d else

g:= ga = gcd (f, (t

+ a)(qa, -1)/3 -

I)

(S.3S)

for randomly chosen elements a = aI' a 2 , •• , of IFl" beginning with a l = O. Trying sufficiently many elements a we obtain a proper factor of f in 1Ft/' by means of a non-constant polynomial ga of degree deg (ga) < deg (f). The probability that k attempts fail is only

~(

!(qdl _ degf

l_I»))k I») + (1(qddegf

(~~;;)----

(S.36)

(See D. Cantor-H. Zassenhaus [2].) Once a break is achieved we apply the Frobenius automorphism n:lFl' -+lFl,:Xf-+xq,

(S.37)

as above until a break off over IF q results. In case of q and deg (f) being small it is easier to factorize f with the Berlekamp method, once f is squarefree. In that case f has a factorization r

(S.38)

f=flfi> i= I

with monic non-constant irreducible distinct polynomialsfiElFq[t], 1 ~ i ~ r. This factorization is closely related to those polynomials gEIF q[t] which satisfy

g(t)q == g(t) mod f{t)

and

deg (g) < deg (f).

(S.39)

84

The group of an equation

Namely, if (5.39) holds, then f divides

g(t)q - g(t) =

fl (g(t) -

x),

xelF q

and for every fi of (5.38) there exists a unique element x = XiElFq such that fil(g(t)-x;). On the other hand, let XI ,oo.,x,ElFq, then by (2.17) there is a unique polynomial gElFq[t], deg(g) < deg (f) such that g(/) == Xi modfi(t) (1 ~ i ~ r), and we obtain successively

g( t)q - Xi == g(t)q - x1 == (g(t) - x;)q == 0 modfi(t), hence

g(t)q - g(t) == 0 mod fi(t)

(1

~

i

~ r),

and thus (5.39). We note that there are q' possibilities of choosing X 1, ... , x,ElFq and therefore q' possibilities for g. Hence, the polynomials of IFq[t] satisfying (5.39) form an IFq-vector space of dimension r. In order to apply the methods of linear algebra we transform (5.39) into a system of linear equations. Let us assume m

f(t) =

m-l

L ar- i

(a o = 1), g(t):=

i;O

L gi,

X = tl f·

i;O

Then we can reduce powers xk(k ~ m), and we determine a matrix Q = (qi)EIF;rxm such that m-I (5.40a) x kq = qk.v Xv (0 ~ k ~ m - 1).

L

v=o

Then the condition g(x)q

= g(x) yields

m-I

L

i;O

gi xi = g(x) = g(x)q = g(xq) m-I

= i;O L gi

m-I

L

.;0

qi.v X' (5.40b)

' Se tt 109 gI

. = ( go,gl,oo.,gm-I ) E IFIq x m we 0 bt am g'(Q -1m)

= o.

(5.40c)

Therefore all possible q' solutions 9 can be obtained from solving (5.40c). This especially implies that

m - rank (Q) = r.

(5.40d)

By V'I"'" v~ we denote a basis of the solution space of (5.40c), and by gi(t) the polynomial corresponding to v: (1 ~ i ~ r). Because the first row of Q is (10 .. ·0) we assume V'I = (1 0 .. ·0) also. The rank r of Q is easily calculated.

85

Finite fields

In case r = 1 we know that f is irreducible. For r ~ 2 there is a proper irreducible divisor fi offwhich divides g2(t) - u for suitable uElFq. Hence, on computing gcd (g2(t) - u, f(t))

for uEIF q,

(5.40e)

we obtain a factorization offinto proper factors which need not be irreducible, however. If we do not obtain r factors f from (5.40e), then we repeat this process for g3 instead of g2 and replace f by the factors already found. We show that this indeed leads to a factorization off into its irreducible factors. For distinct irreducible divisorsf;.!j (l ~ i <j ~ r) off there exists a polynomial gElFq[t] satisfying (5.39) such that g(t) = ximod[;(t), g(t) = xjmodfj(t) and Xi' XjEIF q, Xi #- Xj' Since 9 I , ... , gr form a basis of all polynomials 9 satisfying (5.39) there must be at least one gk among them (I < k ~ r) which is congruent to distinct elements Xi' Xj of IFq modulo fi' h Hence gcd(f(t), gk(t) - Xi), gcd (f(t), gk(t) - X) yield proper factors hki , hkj off such that

fd hki , fJ hkj , fjl hkj , fir hki ·

(5.40f)

These ideas are the basis of the following algorithm for factorizing square-free polynomials of IF q[t]. (5.4l)

Berlekamp's algorithm

Input. fElFq[t] monic, square-free, non-constant of degree deg(f) = m. Output. Monic irreducible polynomials fiE IF q[t] (l ~ i ~ r) such that r

f= Ofi' i= I

Step l. (Initialization). Compute Q = (qi)O,;"j';III_IEIF;'XIII according to (5.40a). Step 2. (Solution space of (5.40c)). Compute basis V'I = (l 0 .. · 0), v~, .. , v~ of the solution space of(5.40c). In case of r = 1 setfl <--fand terminate. Else set gi(t) <-- I;~-Ol vii for v: = (V iO , ... , Vim _ .) (I ~ i ~ r). Step 3. (Set number of determined factors). Set v<--I, p<--2, ql <--f. Step 4. (Factorization). For i = 1, ... , v compute gcd (qi' gp(t) - u) for all UE IF q' This yields a factorization of qj into rj proper factors qj, I"'" qj,r, over IF q' Step 5. (Done?). For :Li'= I rj = ,. set {fl>'" ,fr} <-- {ql,l"" ,ql,r,,··· ,qv,I"" ,q,.,j and terminate. Else set V<--:Lr=lr i, {q., ... ,qil}<--{ql,l, ... ,ql,r" ... ,q,',I, ... ,qv,r,}, v<--v, p <-- p + 1 and go to 4. For an estimate of the number of computational steps and a non-trivial example we refer to Knuth's book [8].

86

The group of an equation

Exercises 1. Let p be a rational prime number. Develop an algorithm for computing (i) X-I modulo p for given XEZ, pix; (ii) a primitive root of Z/pZ; (iii) an index table containing ind (x) and ind (I

+ x)

for all XEZ/pZ.

2. Let f dAt] be irreducible, monic and of degree m> 1. Develop an algorithm for computing (i) a primitive root of IF p[t]/flF pEt]; (ii) an index table for IF p[t]/flF it].

3. Compute all monic irreducible polynomials of degree 5,6 over IF 2' 4. Factorize t 4 + 1EIC[t] over Z[i], Z[2 t ], Z[( - 2)t] and derive that t 4 + 1 factors in two quadratic polynomials over Z/pZ, p any prime number. (Hence, it is in general not possible to obtain a factorization over Z from factorizations over Z/pZ without additional considerations.) 5. Factorize into irreducible polynomials (i) t 8 + t 7 + t + lover IF 2' (ii) til + tlO + t 7 + t 6 + t 5 + t4 + t 3 + t + lover 1F 2, (iii) t 8 + t 6 - 3t 4 - 3t 3 + 8t 2 + 2t - 5 over 1F 5 •

6. An irreducible polynomial f Elf q[t] is called primitive, if a root IF q(lX) x •

IX

of f(t) generates

o(i) Prove that t 4 + t + I, e4 + t 3 + IEIF 2 [t] are primItive polynomials over 1F2 while t 4 + t 3 + t 2 + t + 1 is not primitive. (ii) Determine all primitive monic polynomials of degree 5 over 1F2 and of degree 3 over 1F 3 . (iii) Give a sufficient condition for a monic irreducible polynomial of IFq[t] to be primitive. 7. Let IF = 1F 3 • Construct an extension of degree m = 5 over IF. (Hint: E:= 1F(1 + (3)t), [32 + 1 = 0, is an extension of degree 4 over IF, and [3(2 + fJ + (I + f3)t) an element of order 5 in 8. (Application of idem po tents) Let F=lF q and liEN. For any set 'B of polynomials

ex .)

of F[t I, ... , en] we define the solution set (f(IlJ/F):= {xEF"1 P(x I'"'' xn) = O'v' PE'll}. Perform the following tasks: (a) For any subset S of F" all PEF[t I'"'' tn] satisfying P(x i , ... , xn) = 0 for all XES form an ideal/(S/F) of F[t I"'" tn] such that the factorring of F[t I"'" tn] modulo /(S/F) is isomorphic to the algebraic sum of lSI fields isomorphic to F and that (f(l(S/F)/F) = S. (b) /(S/F):;:> /(S'/F)=S <:; S'. (c) /(Fn/F) is generated by the /I polynomials t1- tj (l :::; i:::; /I). (d) For any PEF[t I ' " ' ' tn] there is precisely one polynomial PEF[t I ' " ' ' tn] of degree

The main theorem of Galois theory

less than q in each variable ti (I ~; ~ II) such that P ==

87

Pmod J(F"/F).

Construct

P. (e) P, QEF[I I ' " ' ' I,,] have the same value for each argument (x I ' " ' ' X,,)E if and only if P=Q. (f) P=P, P+Q=P+Q, PQ =PQ for all P, QEF[tl, ... ,t n ]. (g) For each set \~ of polynomials of F[I I ' " ., I,,] there is precisely one standard polynomial a(\.l,l) = a(\.l.l/F) characterized as a polynomial of F[I I " ' " In] with the

properties: a(\.l,l)2 = a(\~), (£(\.l,l/ F) = (£( {a(\~)}/ F). (h) If \.l,l5; F[t I " ' " I,,] is finite then a(\.l,l) can be constructed in accordance with the formula a(~) = 1 (i)

n Po'll( 1 -

pq -

1 ).

l-a(\~v\.l,l'/F)=(1:""ai\.l.l/F))(I-a(\.l,l'/F)),

(£(\.l,l/F):;:> (£(\.l,l'/F)=a(\.l,l)a(\.l,l') = a(\.l,l),

(£(\.l.l/F) = 0=a(IB/F) = I, (£(\.l.\jF) = Fn=a(\.l.l/F) = O.

2.6. The main theorem of Galois theory We assume familiarity with the basic concepts and results on tensor products as expounded in S. Lang, Algebra, chapter 16, pp. 408-27. Though the results of this section are taught in most algebra courses (see the book by Bastida [1], for example) we give here a different -and as we believe very interestingproof based on the ideas developed in the first four sections of this chapter. Following the precedent set by E. Artin we formulate the Main Theorem of Galois Theory as follows:

Theorem (6.1 ) Let G be a finite subgroup of the automorphism group of a field E and let F:= EG = {xEEIVlTEG:lT(X) = x}

(6.2a)

be the fixed subfield of E under the action of G. Then E is a normal extension of F and G is the full automorphism group of E over F: G = Aut (E/F).

(6.2b)

Proof The extension E of F is algebraic because every element x of E is root of the separable polynomial f(t)

= TI' (t - IT(x)), aeG

where the accent at the product sign indicates that only distinct G-conjugates of x are admitted among the linear factors. Indeed for every element r of G we have

rf(t) =

D' r(t aEG

IT(x)) = D'(t - !IT(x)) = f(t), aeG

88

The group of an equation

so that f(t) is a monic non-constant polynomial of F[t]. In fact f is the minimal polynomial of x over F. Firstly, let E be a finite extension of F of degree [E:F]. Hence E can be generated from F by the adjunction of finitely many distinct elements XI' X 2 , ... , Xs of E (e.g. an F-basis of E will do). Since the application of G to the element Xj produces a finite number of conjugates which generate again E over F we can assume without loss of generality that the set {x I' X 2 , • .. , x,} is invariant under the application of G. As above it follows that

n (t - xl)EF[t]. s

g(t):=

j=

(6.3)

I

Hence E is a minimal splitting field of the separable monic non-constant polynomial 9 over F. There are the F-isomorphisms

¢: E-+E®FE:at->a® I,

t/!: E-+E®FE:at-> I ®a, of E into the commutative F-algebra A

= E®FE

of dimension [E:F]2 over F. We observe that A is a unital overring of dimension [E:F] ofthe subfield ¢(E). A is generated over ¢(E) by the elements

I ® Xj

(1 ~ i ~ s),

subject to the equations ¢(g)(1 ®Xj)

= 0,

in consequence of (6.3). Hence the minimal polynomial mj of I ® Xj over ¢(E) is a divisor of the separable monic polynomial ¢(g) of ¢(E)[t]. Since ¢(g) is factorized into the product of the distinct linear factors t - ¢(xJ (I ~j ~ s), also mj = ml®x; can be factorized into a product of distinct linear factors over ¢(E). Hence, ¢(E) [t]/m j is the algebraic sum of subfields of the form ¢(E)e where e is a primitive idempotent. Moreover, there is the ¢(E)-isomorphism

with

t/! j(t/m j) = I ® Xj' Hence ¢(E)[I ®Xj] is the algebraic sum of subfields of the form ¢(E)t/!j(e) where t/!j(e) is an idempotent of A. It follows that also A itself is the algebraic sum of subfields of the form ¢(E)e j : A=

L" ¢(E)ej j=

I

(6.4)

The main theorem of Galois theory

89

where e l , e 2 , ••• ,e. are the primitive idem po tents of A. Hence, dimFA = [E:F]n = [E:F]2,

n = [E:F].

(6.5)

There is the monomorphism X:G -. Aut (AIE®FF),

defined by x(u)(a®b)=a®u(b)

(uEG;a,bEE)

of G into the automorphism group of A over ¢(E). Since the fixed subfield of G:= X(G) operating on I/I(E) is I/I(F) = F ® F it follows that the fixed subring of G acting on A is the field ¢(E) = E®FF.

Moreover, the primitive idempotents of A are permuted under the action of G. For any G-orbit the sum over the elements of the G-orbit belongs to the fixed subring of G. Hence it is an idempotent of the field ¢(E). Hence it is (6.6) Thus G permutes the e/s transitively (compare the proof of (4.1)) and nl(G: 1).

On the other hand we have seen already that (G: 1)::;; [E:F]

= n,

and that equality happens only if E is normal over F and (6.2b) holds. Hence, we obtain (G:l)=n

(6.7)

and (6.2b). Now we drop the condition that [E:F] is finite. Let us choose for every element u # idE of G an element y" of E for which y" # u(y,,), and we form the G-conjugates of the y,,'s. Thus we obtain a finite set {XI' ... ,x.} of elements of E which is invariant under the action of G such that for every element u # idE of G there is at least one Xi such that U(Xi) # Xi. Now let EI be the subfield of E obtained by the adjunction of Xl' .•• ' X. to F. It is invariant under the action of G with F as fixed subfield. Hence as above EI is a normal extension of F with

GIE, = Aut (Et/F), [EI :F]

= (G: 1).

For any element X of E we form the finite set X obtained by joining {x I' ... ' x.} with the G-conjugates of X and the extension E2 of F obtained by the adjunction of X to E I. It is G-invariant with F as fixed subfield and

90

The group of an equation

it contains E l' Again as above we find that

[ E 2 : F]

= (G: 1),

o Corollary

(6.8) For any normal extension E of the field F there holds the Galois correspondence

between the subgroups of the full automorphism group G = Aut (E/ F),

and the intermediate fields of F and E: subfield

if S is a subgroup of G then the fixed

ES = {xEEIVUES:U(X) = x}

(6.8a)

of E relative to S is an intermediate field of F and E such that

If X is an intermediate field of F and E then it is the fixed subfield of E relative to Aut (E/X) and E is normal over X. Corollary

(6.9)

In the situation of corollary (6.8) the intermediate field X of F and E is a normal extension of F, if and only if Aut (E/ X) is a normal subgroup of G. Proof Any uEG = Aut (E/F) maps X onto another intermediate field u(X) and E is also normal over u(X). Clearly, Aut (E/u(X)) = uAut(E/X)u- 1 since we have uru- 1 (u(W = ur(¢) = u(¢) for all rEAut(E/X), ¢EX, and vice versa. We show that all F-isomorphisms of X are obtained as restrictions of F-isomorphisms of E to X. Hence, X is normal over F, if and only if every F-isomorphism of X is an automorphism, and we just saw that the latter is tantamount to Aut (E/ X) being a normal subgroup of G. Two automorphisms u, r of G have the same restriction of X, if and only if u- Lr belongs to Aut (E/ X). Thus the number of distinct restrictions of G to X equals

(G:Aut(E/X)) = [E:F]/[E:X] = [X:F]. On the other hand, every F-isomorphism of X can be extended to an F-isomorphism of the normal extension E of X. Thus there are precisely [X:F] distinct F-isomorphisms of X. 0

Minimal splitting fields

91

2.7. Minimal splitting fields Reference is made to chapter 10, section 7 of S. Lang [10]. However, since mainly derivations of fields are treated by S. Lang, let us state some simple properties of derivations of rings without proof. A mapping D:R-tR of a ring into itself satisfying the following laws of differential calculus D(u

+ v) =

D(u) + D(v),

D(uv) = uD(v)

+ D(u)v

(u, VE R)

(7.1)

is said to be a derivation of the ring R. For example, there is the derivation D, of the polynomial ring R[t] in t over the unital commutative ring R defined in chapter 1 (6.10). It generates the full derivation ring of R[t] over R: (7.2)

DerRR[t] = R[t]D,. There is the monomorphism

/1: Oer (R)

-t

Oer (R [t]),

(7.3)

defined by

/1(D)Cto a/) = D(a o) (nEl:'~o, aO,a

1 , •••

,anER,DEOer(R)),

(7.4)

and the direct decomposition Oer(R[t]) = fl(Oer(R))

-+ R[t]D,.

(7.5)

The set Oer(R) of the derivations of R is closed under addition and under Lie multiplication: if D 1, D 2 EOer(R) then also Dl + D 2 , [D 1,D 2 J = D1D2 - D2Dl are in Oer(R). Thus Oer(R) is a Lie ring. It is invariant under multiplication by central elements of R: C(R) Oer (R) S; Oer (R).

(7.6)

For any subset X of R the derivations of R annihilating X form a subring Oerx(R) of Oer(R). It coincides with Oer(x)(R) where (X) is the subring of R generated by X. Any ring epimorphism IJ:R-tA

(7.7a)

induces the homomorphism (7.7b) via

'10 D(IJ(x)) = IJ(D(x))

(DE Oerker(~)(R), XER).

92

The group of an equation

For any derivation D and central idempotent e of R we obtain

D(e) = D(e 2 ) = D(e)e + eD(e) = 2eD(e) = e(2D(e)), eD(e) = e 2 (2D(e)) = e(2D(e)) = D(e), D(e) = 2eD(e) = 2D(e), D(e) = 0, D(ex) = D(e)x + eD(x)

}

= eD(x),

(7.8)

D(eR) ~ eR.

(7.9)

Hence (7.10) for the algebraic sum of s unital rings R 1 ,R 2 , ••. ,R s ' Derivations are used to great advantage to clarify and to extend the concept of separability. Proposition (7.11) Let R be a unital commutative ring. Let f be a monic non-constant polynomial of R[t] of degree n. Then f is separable precisely if DerR(R[t]/! R[t]) = O.

Proof Indeed, for any unital commutative overring A with R-derivation D and element x we have D(g(x)) = D,(g)(x)D(x)

(gER[t])

(7.12)

as a consequence of the basic rules of differential calculus. Thus f(x) = 0 implies (7.13) D,(f)(x)D(x) = O.

If f is separable then the discriminant d(f) is a regular element of R (see (3.4d)). Hence if R[t]/! R[t] = R[x]

(x

= t/ f),

(7.14)

then d(f) is a regular element of R[x] because of the existence of an R-basis. Moreover, we have seen already that

D,(f)(x) Id(f). Hence D,(f)(x) is a regular element of R[x] and (7.13) implies that D(x) = O. Conversely, if D,(f)(x) is a regular element of R[x], then it is also a regular element of S(f/R) because of the existence of_a basis of S(f/R) over R[x]. Thus also d(f), being the product of certain 6,,-conjugates of D,(f)(x), is a regular element of S(f / R). On the other hand, if D'(f)(x) is a zero divisor of R[x] then there is a non-zero element y of R[x] for which D,(f)(x)y = 0 and this yields the R-derivation D of R[x] making D(x) = y which is not zero. 0

93

Minimal splitting fields

Let us remark also that for any separable monic non-constant polynomial

f over a field R and for any unital overring R[x] of R for whichf(x) = 0 any derivation D of R can be extended to a derivation 15 of R[x]. Indeed, using (7.3) we set

15(g(x)) = p(D)(g)(x) + D,(g)(x)15(x)

(gE R[t]),

(7.15)

where

15(x) = - D,(f)(x) - 1 J1(D) (f)(x).

(7.16)

The element x of the unital commutative overring A of the ring R is said to be separable over R if Der R (R[x])

= O.

A separable element always is algebraic because for any non-algebraic element x of A over R, the ring R[x] generated by x and R is isomorphic to the polynomial ring in one variable so that Dx is a non-zero derivation over R. If R is a field if follows that there is the R-isomorphism
t/mxM x.

As was shown above, an element of A is separable over R precisely if it is algebraic with separable minimal polynomial over R.

Definition We say that the unital commutative overring A is separable over R element A is separable over R.

(7.17)

if every

While we use the separability concept only for field extensions here, its ring theoretical implication will be explored in section 9.

Proposition An extension A of the field R is separable over R generated by separable elements of A.

if and

only

if it

(7.18) can be

Proof We must show that any element z of the subfield R[x,y] generated by two separable elements x, y of an extension A of R is separable. Since x is separable over R and hence mx is separable it follows that x is separable over R[z]. Hence, any R-derivation D of R[z] can be extended to an R-derivation i5 of R[z,x]. Similarly y is separable over R[z,x] and i5 can be extended to an R-derivation 15 of R[z,x,y] = R[x,y]. But because of the separability of x we have

15IR[x) = 0, and because of the separability of y over R[x] it follows that

D = 0, z is separable over R.

15 =

O. Hence

0

94

The group of an equation

(7.19)

Theorem

Let A be a unital commutative overring of the field R. Then the separable elements of A over Rform a separable overring Sep (A/ R) of R. I t is the maximal separable overring of R in A. Proof Note that a polynomialf(t) of R[t] which is separable over an extension of R, also is separable over R, and conversely. Namely, the discriminant offis up to sign just Res (f, DI(f)) (see (3.48)) which is computed in R[t]. Any divisor of a separable polynomial is separable and also the least common multiple of finitely many separable polynomials is separable. If e is an idempotent of A then for any separable element x of A the projection ex of x on eA is separable over eR. Hence ex is separable over R. This is because either ex = 0 or mex/eR(O) -# 0, mex /eR = eg, 9 separable in R[t], g(O) -# 0, mex /R = tg is separable. If e, e' are two orthogonal idempotents of A then the sum of a separable element x of eA and a separable element y of e' A is separable. Indeed, f = I cm (mx/R' my / R) is separable and f(x + y) =0. For any two separable elements x, y of A the subring R[x, y] is of finite dimension over R. Let e t , e2"'" e. be the primitive idempotents of R[x, y]. Since e t is the only idempotent of X:= etR[x, y] it follows that etR[x] = e1R[e1x] is a finite extension of e1R; etY is separable over e1R[x]; etR[x, y] is a finite extension of e1R[x], the extension e1R[x,y] of elR is separable. Similarly ejR[x, y] is a separable extension of ejR. Hence R [x, y] is separable over R. Therefore Sep(A/R) is a separable overring of R. 0 (7.20)

Corollary

If in theorem (7.19) the field R is a separable extension of the field Ro then we have Sep(A/R) = Sep(A/Ro). Corollary OerR(Sep(A/R)) = O.

(7.21)

Corollary

(7.22)

If A is of finite dimension over R then there are finitely many primitive idempotents e t ,e2, ... ,e. of A such that

er = ej -# 0

(1 ~ i ~ s),

ejek = ekej = 0 (1 1=

L• e j=

1

j,

~i

< k ~ s),

Minimal splitting fields

95

and s

A=

L e;A,

;= I s

Sep(AIR) =

L e;Sep(AIR), ;= I

and each of the algebraic components e;Sep(AIR) ofSep(AfR) is a separable extension of the field e;R. Corollary If E is a separable extension of R then we have Sep(E®RA)

(7.23)

= E®RSep(AIR)

in terms of the standard embedding. Corollary For any two unital overrings AI' A2 of R we have

Definition The extension A of the field R is said to be purely inseparable over R and if Sep (AI R) = R.

(7.24)

(7.25) if A is algebraic

Trivially R itself is purely inseparable over R. For any algebraic extension A of R we find that A is purely inseparable over Sep (AI R).

Theorem (7.26) Let R be afield. If there exists a lion-trivial purely inseparable (field) extension A of R, then R is an imperfect field of characteristic p#-O (i.e. R is not perfect, compare chapter I, section 6) and for every non-zero element x of A there is a power pI' (/1 > 0) such that ord (xl R X) =.pl' (i.e. x p" E R, x p" - I ~ R). Conversely, if R is of prime characteristic p > 0 and A is a non-trivial extension of R with the property that ord(xIRX) is a power of p for every non-zero element x of A then A is a non-trivial purely inseparable extension ofR.

Proof Let A be a purely inseparable extension of R then every element x of A not in R has inseparable minimal polynomial mx over R. Since mx is irreducible it follows that gcd (D,(m x), mx) = I in case D,(mx) #- O. Thus from the inseparability of mx we conclude that

96

The group of an equation

hence the characteristic of R is a prime number p > 0 and A

L ajtP(A-j)

mAt) = t PA +

j=

1

(AEZ> 0, ajE R, 1 ,,; i ,,; A).

Hence,

But since every element of A which does not belong to R is inseparable over R it follows by repeated substitution of x P for x that

mx(t) = tp"

+ a"

and

pI' = ord (xl R X).

Since there is at least one element x of A not belonging to R it can be assumed without loss of generality that

mx=tP-a,

aER\

ord(xIRX)=p,

x¢R\

hence

R is imperfect. Conversely, if X(R) = p > 0 and A is a non-trivial extension of R with the property that ord (xiR X) = pI'

(It

= It(X)EZ>o, 0", xEA),

then we have

a = x p" ER x , for all x of A

X •

mx = t p" - a,

D,(mx) = 0

Hence, Sep (AIR) = R, A is purely inseparable over R.

Corollary

0 (7.27)

The degree of a finite purely inseparable extension of an imperfect field is a power of the characteristic. Corollary

(7.28)

In any extension A of a field R of characteristic p > 0 the elements of A x with p-power order modulo R x and 0 form a purely inseparable extension RP -", n A of R, the maximal purely inseparable extension of R in A.

Exercises I. Let AjR be a field extension of the field R of characteristic p. Show that

R:= Sep (Aj R)(R P - '" n A) is the maximal algebraic extension of R in A and that there holds the R-module isomorphism

97

The Lagrange resolvent

2. Prove: If a minimal splitting field A of the monic non-constant polynomial f over the field F is not a normal extension, then 1. X(F) = p > O. 2. F is imperfect. 3. f is divisible by an inseparable irreducible polynomial over F. 4. A is normal over FP - 00 n A = AAUI(A/F).

5. Sep(A/F) is separable over F such that Aut (i\j F) Sep (i\j F) = Aut(Sep (i\j F)/ F)

~

Aut (i\j F).

Conversely, if A is a finite extension of the field F with the property that the fixed subfield of Aut (i\j F) is a proper extension of F then A is a minimal splitting field of some monic non-constant polynomial f over F, and f has property 3.

2.8. The Lagrange resolvent E. Artin's interpretation of Galois theory as study of the action of a finite group G (viz. the automorphism group of E over F) on a normal extension E of a field F, was anticipated in the cyclic case by about 200 years by J. Lagrange. He considered 'operators' x=

L A(h)h :f: 0

(..1.: G -+ F),

(8.1)

hEG

which is to say he used elements of the group algebra FG of Gover F with the property that FGx~

(8.2)

Fx

For such operators we have gx

= I/I(g)x

(gEG)

(8.3)

when the mapping I/I:G-+F

has the properties of a proper representation of degree lover F: I/I(g) :f: 0,

I/I(gh)

= I/I(g)I/I(h)

(g, hEG).

It follows that the I/I-image elements form the finite subgroup I/I(G) of we saw in section 5 any such group is cyclic: I/I(G)

= <0,

(8.4)

r. As (8.5)

where' is an element of F of finite order n. The cyclic group I/I(G) is isomorphic to the factor group G/ker(I/I). We observe that the characteristic X

98

The group of an equation

X(F) of F either is 0 or it is a prime number which does not divide n:

x(F)fn.

(8.6)

Namely, for X(F) > 0 any equation ¢XlfI

=

I

(¢EFX)

implies ¢ = I because of 0 = ¢P - I = (¢ - I)P. The construction of the operator x of (8.1) follows from the equations gx

= 9 L A(Jt)Jt = hEe;

L A(h)gh = L A(g hEG

I

h)1t

hEG

= I/I(g) L A(/Z)h = L I/I(g)A(h)h hce;

hEG

(by (8.3)), i.e. A(g -lit) = I/I(g)A(It) x = A(I)

(g, ItEG),

L I/I(It)-IIt.

Hence x is uniquely determined by 1/1 up to a scalar factor. Conversely, let I/I:G -+ F

X

(8.7)

be a homomorphism of G into the multiplicative group of F, also called a multiplicative cltaracter of Gover F. Then (8.5) holds with ( being an element of F x of finite non-zero order n and the element (8.8) of FG has the property

= I/I(g)x. For every element ¢ of the normal extension E of F and every gEG we have

= (gx)(¢) = (I/I(g)x)(¢) = I/I(g)(x(¢)), I/I(g)" = I, g(x(¢)") = g(x(¢))" = (I/I(g)x(¢))" = I/I(g)"x(¢)" = x(¢)". g(x(¢))

By the main theorem of Galois theory, respectively by (6.8), we obtain x(¢)" = aEF,

i.e. x(¢) is an nth radical relative to F. Conversely, ifan element", of E satisfies the condition

"," = aEF,

The Lagrange resolvent

99

then it is of the form '1=X(e)

e

for some of E and some element x of FG satisfying (8.1), (8.2). That is trivial for I] = O. Let I] ,eO. There is a normal F-basis (see I (5.17) and section 12)

B = {g(W)lgEG} for some element w of E, so that I]

= L: J1(h)h(w)

(J1: G --t F),

hf:G

g(I]) = t/t(g)t/ (defining tIt),

F x 3 1]" = g(I]") = g(I])", t/t(g)" = I,

t/t(g)E(O,

t/t(g,g2)I] = g,g2(I]) = gd(t/t(g2)I]) = t/t(g2)g,I] = t/t(g2)t/t(gdl], t/t(g,g2) = t/t(gdt/t(g2), g(I])

= L: J1(h)gh(w)

= t/t(g)I] =

L: t/t(g)J1(h)h(w),

J1(g-'h) = t/t(g)J1(h), J1(g -') = t/t(g)J1(1), I]=x(J1(l)w)

respectively J1( I) = J1(g)/t/t(g - '), for

x=L:t/t(g-l)g. gEG

We summarize our account of Lagrange's work by

(8.9) Theorem The application of the Lagrange operators to the elements of a normal extension E of afield F produces precisely all radical elements of E relative to F, provided F contains the pertinent roots of unity. The question arises how the radical elements of an extension relative to the field of reference F are related to each other and how they are related to the automorphism group of E over F in case E is normal over F. Theorem (8.10) (a) For any separable extension E of the field F and for every natural number

n the elements

I]

of e with the property 1]"

form a subgroup

SE.F."

= aEF

X

(8.11 )

of EX containing F X as a subgroup. The exponent eE•F ."

100

The group of an equation

of the factor group SEIF .• := SE.F .•/F x, i.e. the smallest natural number e such that lJeEFx for all IJESE.F .•, is a divisor of n which is not divisible by the characteristic of F. Trivially we have (8.12)

SE.F.. =SE.F.e· (b) The intermediary field


Proof (a) follows from the identity ('11'12)" = lJ'iIJ'i

for elements'll, '12 of E and from the remark that 1J 1(F) E F

(IJE E)

for

X(F) = p > 0

implies that F(IJ) is purely inseparable over F, hence

F(IJ) ~ F

(8,13)

(compare (7.25) and (7.26». (8.12) is trivial. (b) An element '1 of E of prime order m modulo F X satisfies the separable equation

IJm - a = 0,

(8.14)

with some non-zero element a of F x. Hence the minimal splitting field of m~/F is a normal extension E2 of F containing at least one element'l' i:-IJ satisfying 'l'm - a = 0, and'l' = ''1, where, is a primitive mth root of unity of E 2. Now E2 also is a normal extension of the subfield EI = F(O. For any F-automorphism a i:- id E2 of E2 we have a(lJ)m = a(lJm) = a(a) = a, a(a(IJ)IJ-I)m = I, a(lJ) = ,klJ (0 ~ k < m), hence E 1 ('1) already contains all E2/E I-conjugates of '1, hence

E2 = EI ('1),

am(lJ) = '1,

am = id E2 ,

a is of order m (because of mEiP», hence the polynomial t m - a is irreducible over E I' A fortiori, it is irreducible over F. If t m - a is reducible over F, then ijEE I. We observe that EI is a minimal splitting field of the separable polynomial t m - I, hence E I is normal over F. The automorphism group of E lover F is Abelian because for any two automorphisms ai' a 2 of EI over F we have ~j(,m)

= aj(om = 1, aj(') = 'Vi (VjE£:, i = 1,2), a 1a 2(') = a 1W2) = WI)"2 = a 2a l (O.

(8.15)

The Lagrange resolvent

101

The subfield F(q) of the abelian extension F(O is normal. It contains at least one element 1]' =1= q satisfying lJ,m - a = 0, hence (I]'q -I)m = 1, '1' = ('q for some vE.l', mlv, hence (EF@, F(q) = F(O. The group of the equation (8.14) is a regular permutation group of its roots (those are easy to understand terms of applied Galois theory explained in section 9), hence 1 < [F(q):F] 1m, [F(q):F] = m,

because m is a prime number. But on the other hand F(q) = Fm, [F«(): F] < m because ( satisfies the equation (m -

1

+ (m - 2 + ... + 1 = 0

(8.16)

of degree m - 1. Since this is a contradiction we conclude that the polynomial t m - a is irreducible so that 1, q, ... , qm- 1 form an F-basis of F(I]). Set q = '1. For any radical element 1]' of F(IJ) of prime order m' modulo F we show as above that F(IJ') is an intermediate extension of F of degree m'. Because of the degree theorem it follows that m = m', F(I]) = F(I]'), X

m-\

'1':=

L

. 1. i lJ i

(jE.l'>0,j<m;..1. j ,· .. ,..1. m_ 1 EF,..1. j =l=O),

i=j

m-I

IJ":=IJ'I]-j=

L ..1.;lJi-

j

is a radical element of F(IJ) satisfying lJ"m EF x •

i:;;;j

We observe that Tr(lJ) = 0 where Tr denotes the trace from F(IJ) to F because '1 satisfies the irreducible equation (8.14) over F. Similarly, it follows that every radical element of F(IJ) which does not belong to F has zero trace. For example, Tr(I]i) = 0

(0 < i < m).

Hence m-I

Tr(IJ")=

L

..1. i

Tr(lJ i -

j )

i=j

so that '1" EFx,

'1' E F I]j. X

In other words the group formed by the non-zero radical elements of F(IJ) coincides with the set theoretical union

i=O

Now let S be a subgroup of SE.F.n containing F as subgroup of finite index. We must show that any representative set X of S modulo F forms an F-basis X

102

The group of an equation

of F(S). That was done already in case (s:r) is a prime number. It is trivial if S = r. Apply induction over (S: F"). Let (s:r) be a composite number. There is an element 'I of S of prime order m modulo F". It generates an intermediate field F(t/) of F(S) which has the F -basis 1, 'I, ... , '1 m - I. It was shown above that m-I

SnF('I)"

=

U F" 'Ii.

i=O

Hence by an isomorphism theorem of group theory any representative set of S modulo S n F('I)" also is a representative set of SF('I)" modulo F('I)" so that it forms an F('I)-basis of F(S) by induction assumption. Hence any representative set of S modulo F" forms an F-basis of F(S) in accordance with the degree theorem. If SE,F,n is infinite we apply the above analysis to any finite subgroup S of SE,F,n which contains F" as a subgroup of finite index. 0 (8.17) Theorem Let E be a normal extension of F with automorphism group G = Aut (E/F) and let e = eE,F,n be the exponent of SE,F,n/F " = SEIF,n' (a) E contains a primitive eth root of unity, and cf>E/F,1I = F(SE,F,II) is normal

over F. (b) If F contains a primitive eth root of unity, thell

(8.18)

alld Aut (cf>EIF,n/F) ~ G/GeDG,

(8,19)

where Ge:= {gelgEG} alld DG = [G, G] denotes the commutator subgroup ofG. Proof (a) If E is normal over F then we conclude from the separable equation '1 m - a = 0

(aEr),

satisfied by any element 'I of SE,F,n of order m modulo F", min, that the conjugates of 'I under the group G = Aut (E/F) are of the form '1(' with {' being an mth root of unity. Since unit roots of E always satisfy separable equations over F it follows that cf>E/F,n is a normal extension of F and that E contains a primitive eth root of unity C. (b) Moreover, if Cbelongs to F then the F-automorphisms (J of cf>E/F,n are uniquely determined by their action on the generators of SE,F,n and we have

The Lagrange resolvent

\03

<

I/!(lJ)EHom (SElF, .. , (»,

I/!(lJ)(CX)

=1

if CXE F',

where I/! is a monomorphism of Aut(
(»

is of the form

X: S -. < () vialJil-+ (e/.;)X; (XiE£:, 1 ~ j ~ r),

and the character X is obtained as

n xi;, r

X=

i= 1

where the exponents Xi are uniquely determined modulo IIi' It follows that

n r

Hom(S,
<Xi)'

i= 1

n

where denotes the direct product of the cyclic groups < Xi) and the order of the group < Xi) is equal to IIi' Thus there is the isomorphism of S on Hom(S,
104

The group or an equation

Corollary (8.20) Given a field F containing a primitive nth root of unity. Then the finite abelian extension E of F with the property that the exponent e ofG = Aut (E/ F) divides n are obtained as follows: Choose finitely many elements a l ,a2, ... ,a, of F X with the property that

~

n., (ai' (FX)")/(F')".

i~

1

Then E = F(a:/ II , ••• ,

a:/

II )

is an abelian extensioll of F with Aut (E/F)

~

A.

(Note that the ambiguity of the root symbols al'" does not matter here because of the presence of a primitive nth root of unity in the field of reference.) The extensions dealt with by Corollary (8.20) are also called Kummer

extensions. The Lagrange method of gathering the nth roots of elements of a base field which contains a primitive nth root of unity in normal extensions entirely bypasses the construction of abelian extensions with degree a power of the characteristic. In such cases there is an additive counterpart to Lagrange's construction. It was discovered by Artin and Schreier in 1923. We had already observed in section 5 that for any commutative ring R of prime characteristic p the mapping P=flp: R~R:

Xf-+XP-X

is an R + -endomorphism of R. Its kernel is a subring of R. In case R is unital then the kernel of p contains the prime ring of R and if R is entire then ker (p) coincides with the prime ring.

Theorem Let E be an extensioll of the field F of characteristic p and let fli I(F):= p-I(F) = {xEEI p(x)EF}.

(8.21 ) (8.22)

(a) p - 1 (F) generates a separable extension F( p - 1 (F» of F. (b) Every element of F( fl- I(F» which does not belong to F generates a

cyclic extensioll of degree p of F. (c) Conversely, every cyclic extension of degree p over F contained in E is generated by an element of p - 1 (F).

The Lagrange resolvent

105

(d) If F( P - I(F» is of finite degree over F, then it is a normal extension of

F and its group is an abelian ( elementary abelian) group of exponent p. Pl'Oof (a) and (b). Let ~EE\F with ~(~)EF. Then ~ satisfies an Artin-Schreier equation ~P

-

~

-

(8.23)

a =0

for some a of F which does not belong to ~(F). The polynomial

f(t) = t P - t - aEF[t]

(8.24)

has the distinct roots (compare (5.21» ~,~+

I, ... ,~+p-I

(8.25)

in E. Hence the extension F(~) of F is normal of degree p over F, its automorphism group over F is generated by the F-automorphism F(~)-+F(~): ~H~

a:

+I

(8.26)

of prime order p. (c) and (d). If El is a normal extension of F of degree p over F and contained in E then there is an F -automorphism w of order p which generates Aut (EtfF). The equation wP = 1

where implies On the other hand

w# I,

w-I #0,

hence there is an index j' E N such that I~j'
(w-I)j'#O, (W-I)j'+I=O.

It follows that

(w -I)(w -IY'(E 1 ) = {O},

{O} c (w - l)i'(Ed S E 1 ,

(w -IY'(EI) = F,

hence there is an element

for which (w-I)(~)=I,

and the conjugates of

~

w(~)=~+I,

wi(~)=~+i,

are ~,~

+ 1, ~ + 2, ... , ~ + p - 1,

106

The group of an equation

p(e)=e(e+ 1)···(e+p-I)=aEF,

e e-a = 0, p -

artp(F),

EI

= F(e)·

The elements 1/ of EdF satisfying fJ(1/)EF may be called Artin-Schreier generators of EI (over F). Since all their conjugates are of the form 1/ + i (iElFp), they clearly satisfy (w -t)(1/)ElF p' In order to determine them we note that w(e)

= e+ I, + I)i,

w(e i) = (e

(w -t)(e i) = (e + I)i - ei = itl (~)ej = ie i- I + ... , j=O

(w -l)P-I(e

p-

l ) = (p - I)(p - 2) .. ·1

)

= - 1 (see also exercise 2),

/=p-I,

(8.27) Also ker(w - 1) = F, hence the only elements + F, hence

e' of EI for which (w -

(8.28) l)(f)EF, are the elements of

Fe

(8.29) For the completion of (d) we may use either a 'basis argument' or an 'abstract argument'. Since this alternative frequently occurs in the application of group theory to number theory let us do both this time. Basis argument: Let el, ... ,e j be a basis of p-I(F) modulo F. Then the automorphisms IX of Aut(F( p-I(F))/F) are characterized by their effect on el, ... ,ej : a(ei)=ei+4>(a)(eJ (4)(IX)(OEIF p ), where all vectors xEIF~ occur in the form x = (4)(a)(e d, ... , 4>(a)(e j ))', since otherwise there is some non-zero linear combination of I " " , j over IF p which is annihilated by all IX in contradiction to the main theorem of Galois theory. Therefore, the automorphism group of F(p -I(F)) over F is isomorphic to IF~ which is an elementary Abelian additive group of order pj. Abstract argument: For each automorphism a of F( p-I(F)) over F we have the homomorphism

e

e

4>(a): F(",-I(F))/F--+lF p : e/F4a(e)-e,

such that 4> is a homomorphism ofthe multiplicative group Aut (F(p -I(F))/F) into the additive group Hom (F( p -I(F))/ F, IF pl. The kernel of this mapping

107

The Lagrange resolvent

is 1. The image of Aut(F(~ -1(F))jF) is isomorphic to the factor group of fJ - I(F) over those eleJ1.1ents of fJ - I(F) which are fixed by all automorphisms of F( fJ - I(F)) over F (see exercise 7). By the main theorem of Galois theory those fixed elements form F. Hence ¢ defines an automorphism between Aut (F(~ - 1(F))j F) and the character group of the elementary abelian additive group F(~-l(F))jF. 0

Exercises I. Let IF q be a finite field of characteristic p with primitive root p of IF:. Let I' be a prime number dividing q - I. Then show for each natural number m that the polynomial

is irreducible. 2. Let Fq be a finite field of characteristic p. Prove Wilson's theorem for (p- I)! = - I. 3. Let F be a field of prime characteristic p, let aEF,

IF

q:

afj~(F),

E = F[I]I(tP - I - a) =

F[~]

(~=

tl(t P - I -a)),

then show that ~p - I fj ~(E). 4. Let IFq be as in exercise 2. Construct recursively irreducible monic polynomials of degree p, p2, p3 , ... using exercise 3. 5. Let IFq be a finite field and let m, n be two coprime natural numbers. Show that IFqm

®F q IF qn ~ IF qmn.

6. Let f, g be two monic non-constant polynomials over the unital commutative ring R. Denote by f x g the principal polynomial of II f®RIlg in R[t]1 f®RR[t]lg. (a) Suppose m

f

=

n

n (t -

Xi)'

nn

(I - XiYk)'

g=

;=1

n (t - Yk)'

k=1

then show m

f

x g=

n

i= 1 k= 1

(b) If R is a finite field and f, g are irreducible polynomials of mutually prime degrees m, II then show f x g is an irreducible polynomial of degree mil. 7. Prove Tm(
I(F))/F)

in the context ofthe abstract argument at

the end of the proof of (8.21). More generally, let G be a finite Abelian group with character group X(G) isomorphic to G. Show that every subgroup S of X(G) satisfies S ~ x(GIG s ) for Gs := {gEGIVSES; s(g) = I}.

108

The group of an equation

2.9.

The group of an equation 1. Introduction

Definition The group of the monic equation

(9.1)

x" + a I x" - I + ... + a" = 0

(9.2)

related to the monic polynomial f(t) = t" + a1t"-1 + ... + a"

(9.3)

of positive degree n over the indecomposable unital commutative ring R is defined as the G,,-stabilizer (9.4)

of a primitive idempotent ei of the universal splitting ring S(f/ R) off over R. We have seen in section 4 already that there are only finitely many primitive idempotents of S(f /R), say e l , e 2 , ••• , es , that they are G"-conjugates and that there holds the decomposition ·s

S(f/R)

=

L eiS(f/R) i;

(9.5)

I

of S(f/R) into the algebraic sum of algebraically indecomposable R-rings eiS(flR) (I ~ i ~ s). Hence the index of Stab(ei/G,,) in 6" is s and the s stabilizers Stab (ei/G") (1 ~ i ~ s) are G"-conjugates. It was shown that the projection mapping (9.6)

amounts to an R-epimorphism of S(f/R) on the ith component of (9.5) restricting to an isomorphism of R on eiR. The universal splitting ring S(f / R) is characterized as unital commutative overring of R with n! basis elements that is generated by n roots X I 'X 2 ' ... ,X" of f such that there holds the factorization

f(t)

n

= "

(t - x k )

k;1

(9.7)

in S(f/R)[t]. Application of P(ei) yields the factorization

eJ(t) = " (t - eix k )

n

(9.8)

eJ(t) = t" + eialt,,-I + ... + eia"

(9.9)

k;1

of the monic polynomial

\09

The group of an equation

of ejR[t] so that ejS(f/R) is a minimal splitting ring of eJ over ejR which is invariant under the stabilizer subgroup Stab (eJ6,,). If f is separable then the roots ejX I" .. , ejX" are distinct. This is because the discriminant (9.10)

is a non-zero divisor of R, hence d(eJ) = ( - 1)(2)

n (ejxj -

ejXk)

i'/'k

is a non-zero divisor of ejR which implies that ejx j "# ejxk

for j"# k.

Hence in this case the restriction of Stab (eJ6,,) to ejS(fI R) is faithful. Moreover, the elements of R are the only elements fixed by 6" which implies that the elements of ejR are the only fixed elements of ejS(f / R) under the restriction of SUI R) to ejSUI R). Indeed, if 'v'1fE 6,,: 1f/x) = x

for some x of ejS(fI R), and if 1fj(e) =

for some

Tr j

ej

(I ~j ~ s),

of 6", then we have

6" =

" U 1fjStab(ej/~,,), j~

I

and s

Y=L1fj(x) j~

I

is an element SUIR) with ejS(fIR)-component 1f,{x) that is invariant under 6". As stated above ,l'ER, hence ejY = xEejR. Thus the group of a separable equation is presented as a permutation group of the /I roots ejxk (l ~ k ~ /I) of the separable polynomial eJ of ejR [t]. In case R is a field then ejS(f / R) is a minimal splitting field of eJ over the field e j R and the group of the equation is the full automorphism group of the minimal splitting field over the field of reference according to the main theorem of Galois theory. Let us deal for example with the group of a monic cubic equation f(x)=O,

where f(t) = t 3

Up to of ej :

+ G l t 2 + G 2 t + G 3 ER[t].

6 n -conjugacy there are the following four possibilities for the stabilizer

110

The group of an equation

I. Even subgroups of 6 no.

group

3

order

1

comment S(f/R)

decomposes into the algebraic sum of six rings isomorphic to

S(f/R)

decomposes into the algebraic sum of two isomorphic algebraically indecomposable rings

R

2

~13

3

II. Odd subgroup of 6 no.

group

3

comment

order .. _ - -

3

4

<(12) > 6

3

2

6

decomposes into the algebraic sum of three isomorphic algebraically indecomposable rings S(f/R) is algebraically indecomposable

S(f/R)

We see that for n = 3 it is always true that subgroups of 6 3 of the same order also are 6 3 -conjugate. Let us assume now that R is a field and that the polynomialfis separable, i.e. d(f) is a non-zero divisor of R and that we have an algebraically indecomposable minimal splitting ring X off over R so that there is given a generation where 3

f(t)

= n (t - yJ i= 1

Then we can find out which of the four possibilities listed above applies to upon trying to collect the linear factors t - Yi into subproducts with coefficients in R. Using suitable numbering of Yl' Y2, Y3 we obtain three possibilities (the numbers in column I referring to no. of tables above):

f

f splits over R, f(t) f has a root in R, but does 3 Yl ER,f(t) = (t - yd ---~ t - Yl not split over R, 2,4 fis irreducible in R[t] fhas no root in R. Yt> Y2, Y3 E R

The group of an equation

III

Quite the same result is obtained upon analysing the equation ring off over R in regard to the three possibilities listed above. In general there holds the Proposition (9.11) Let f be a monic separable polynomial of degree n > 0 over the field R and let the group G of the equation f(x) = 0 be a permutation group with s orbits, say

{l,2, ... ,nd, {nl + 1 , ... ,nl + n 2}, ... ,{n-ns + 1, ... ,n} (sEZ>O,niEZ>O

(I::;;i::;;s);

itlni=n).

then there holds a factorization s

f= nfi i~

I

off into the product of s distinct monic irreducible polynomials fi of degree ni over R (I ::;; i ::;; s). Proof Assuming e l ,e2, ... ,es to be the primitive idempotents of S(f/R) and setting G = Stab(el/6,,) we find that eIS(f/R) = (R, elx l , ... , elx,,) and that the coefficients of the polynomials IIi

et!i(t):=

L: j~

I

(t-elx mi + j ),

i-I

mi =

L nj

j~

(I::;; i::;; s),

I

stay fixed under the group G. Because of the separability off each polynomial fi is in R[t]. Because R is a field it follows that fi is irreducible over R. Indeed, if there is a factorization

fi = filfi2 offi into the product of two non-constant monic polynomialsfil'!i2 of R[t] then the equation fi(X mi + I) = 0 implies that one of the two equations fij(xmi + d = 0 holds (j = 1 or 2), say fil (xmi + I) = O. Application of G to this equation yields the equations fil (x mi + j )

=0

(l::;;j::;; nJ

But a polynomial of degree less than ni cannot have ni distinct roots. Hence fi is irreducible over R. 0 We see from the list given above that cases 2, 4 cannot be distinguished

The group of an equation

112

merely by factoring f over R. But we can distinguish those two cases by means of the following odd-even criterion. (9.12)

Proposition

The group of the monic separable equation f(x) = 0 of degree n> lover a unital commutative ring R with [0/2] = 0 is even if and only if the discriminant off is a square element of R. Proof The different expression of f b(f):=

f1 (Xi -

Xk)

i
in S(fI R), i.e. the product of all ordered root differences, has the property that b(f)2

= d(f).

Moreover, it is invariant under all even permutations, whereas it changes its sign for all odd permutations: n(b(f)) = sign (n)b(f).

Hence, if G is even then 0,," b(f)ER because of the separability off, but if G is odd then 0,," b(f)¢R because of the absence of non-zero elements equalling their negative. 0 Examples for each of the four cases of monic cubic equations over 71 are given by (1)

f(t)=t 3 - t f(t) = (3 - 7t - 7 (3) f(t) = t((2 + I) f(t) = t(t 2 - 2) (4) f(t) = (3 - ( + 1 f(t) = (3 + t + 1 f(t) = t 3 + 3t 2 - ( (2)

-

d(f) = 4, d(f) = 49, d(f) = - 4, d(f) = 32, d(f) = - 23, d(f) = - 31, 1 d(f) = 148.

2. A categorical characterization of the group of an equation

Lemma

(9.13)

Let R be an algebraically indecomposable unital commutative ring, and let f be a monic polynomial of degree n > 0 of R[t]. Let e" ... , es be the primitive idempotents of S(fI R). (a) For any epimorphism

e: S(fIR) -+ I\. of S(fI R) on the algebraically indecomposable unital ring I\. there is precisely one index i such that (9.t3a)

The group or an equation

113

but ·s

L ejS(f /R) s

ker (e).

(9.13b)

j~'

j.,.i

(b) Furthermore e(R) is algebraically indecomposable, e(S(f/ R» = e( ejS(fIR» is a minimal splitting ring of ef over e(R). (c) The automorphisms of e(S(f/R» over e(R) which merely permute the images ex., eX2, ... ,exnform a finite subgroup X of Aut (e(S(f/R»/e(R». The elements ii of 6" for which eXn(j) = eXj (1 ~j ~ n) form a subgroup Y of Stab (eJ6 n) such that there is the epimorphism

t: Y ..... X satisfying t(ii)(x) = e(ii(x»

(XES(f/R».

Proof (a) Since e 1, e2 , ••• , es are orthogonal idempotents it follows that e(e/ = e(ej),

e(e)e(e k ) = e(eje k ) = 0 (j #- k).

Because of the algebraic indecomposability of /\ there cannot be two orthogonal idempotents in /\. Hence there is an index i (1 ~ i ~ s) such that e(ej) = 0 (I ~j ~ s, j #- i) and (9.13b). But then

e(ej) =

e( t J~

ej) = e(lS(flR» = Ii\" 1

(b) The image ring e(R) is algebraically indecomposable because it is a subring of the algebraically indecomposable ring e(S(f/R» and therefore it cannot contain two orthogonal idempotents. Since S(f / R) =
>

ef(t) =

n• (t - e(x)

j~

(9.13c)

1

so that e(S(f/R» is a minimal splitting ring of ef over e(R). (c) If llE6. and eXn(j) = eX j (t ~j ~ n) so that there is an automorphism ii of e(S(f/R» satisfying iie(x) = e(ii(x» (xES(f/R» then of course the elements of e(R) stay fixed, so that it belongs to X. Moreover iie j = ej for some indexj satisfying 1 ~j ~ s. Hence

1'(S(flR)) = ii(t.(S(flR))) = ii(ee j) = eii(eJ = e(e), hence j = i, iiEStab (eJ6.), Y s Stab (eJ6.). Clearly, tY = X. Corollary

The equation

o (9.14)

114

The group of an equation

holds if and only Stab (eJ6 11 ).

if the

ideal ker(e)neiS(f/R)

01 eiS(f/R)

is invariant under

3. Polynomials with multiple factors, lifting of idempotents Let us deal with the group of an inseparable monic equation (9.2) over a field R. One reason for inseparability can be the occurrence of multiple factors. Suppose there is the factorization

n Ii, m

I=

1 < m ~ n,fm # 1

(9.15)

i= 1

of I into the power product of monic mutually prime 11./2,. ··,fm of R[t] none of which contains a mUltiple factor. Let I(t) = U7= dt - Xi) be the standard factorization of I in

polynomials

the universal splitting ring S(f/R). In this case the R-algebra eiS(flR) is not a field because it contains the non-zero nilpotent element eiYk where

n Ij(x k) m

Yk =

(1 ~ k ~ n).

j= 1

Indeed, since I is the minimal polynomial of X k over R it follows that

yr-

1

#0.

On the other hand,

yr = I(x k) n Ij(xk)m m

j

= 0, (eiYk)m = eiy;;' = O.

j= 1

For each index k' there is a component eiyk! - 1 # O. Since 6" permutes the e/s transitively it follows that there is an index k for which

0# (e iYk)m-1 = eiY;;'- 1, (eiYkt = o. On the other hand, lemma (9.13) shows for any minimal splitting field A of lover R the existence of an epimorphism

e:ejS(f/R)->A. What is its kernel? Certainly ker(e) contains all the nilpotent elements of ejS(f /R). Any non-nilpotent element x of ejS(fI R) is not contained in ker (e) because its minimal polynomial over the field ejR is of the form tllg(t) with J.l ~ 0 and with monic non-constant polynomial g of ejR[t] satisfying g(O) # O. If J.l > 0 then there holds an equation

A(t)tll + B(t)g(t) = ej

(A(t), B(t)EejR[t]),

implying the existence of the orthogonal idempotents A(X)XIl,

B(x)g(x),

The group of an equation

115

adding up to e j , contradicting the primitivity of ej • Hence the kernel of e consists exactly of all nilpotent elements of ejS(j / R). (9.16)

Definition

An ideal of a ring consisting entirely of nilpotent elements is said to be a nilideal. We recommend to the reader to show the following as an exercise: The intersection of any set of nilideals is a nil ideal. If A is a nilideal of the ring X and B/ A is a nil ideal of the factoring X/A then B is a nilideal of X. The sum of two nilideals is a nil ideal. The ideal generated by any set of nilideals is a nilideal. The ideal generated by all nilideals of the ring X is the largest nilideal of X, said to be the nilradical NR(X) of X. For any nilideal A of X we have NR (X/A)

= NR(X)/ A.

Theorem

(9.17)

For any field R and every monic non-constant polynomial f(t) of R[t] the R-factor algebra ejS(j/ R)/NR (ejS(j / R))

of the indecomposable component ejS(j / R) of the universal splitting ring S(j/ R) over its nilradical is a minimal splitting field off over R. Its automorphism group over R is a factor group of the group of the equation (9.1). (See also exercise I.) If a ring I\. is algebraically indecomposable then the same is true for the factor ring of I\. over any nilideal A. The reason is that any idempotent e of /\.fA can be 'lifted' to an idempotent e of I\. such that e = e/A. Moreover, if there are two orthogonal idempotents el> ez of /\.fA then they can be simultaneously lifted to a pair of orthogonal idempotents e1, ez of I\. such that ej = ej/ A (j = 1,2). More generally, we have Lemma

(9.18)

Let I\. be a ring with a nilideal A and let e1, ez , ... be a countable set of orthogonal idempotents of 1\./A then there are orthogonal idempotents e l ' ez, ... of I\. such that Proof Let e lO ;6 0 be an element of el. By assumption the element

no = do - e lO of A is nilpotent, say

The group of an equation

116

for some natural number r. We note that no is a polynomial in e lO and therefore commutes with e lO . We form ell

= 3eio - 2eio

+ no) 3elO + 3n o -

+ no)

= 3(elO

2e lO(e 10

=

2e~0 - 2elOno

= e lO

+ no -

2elOno

== elOmod A, implying nl

= ei I

-

ell

+ 2e lO ll O3n6 + 4n~.

= eio = -

= (elO + 110 4e~01l0

2elOnO)2 - (elO

+ n~ -

+ 110 -

2e10110)

4elon~ + 4eion6 - e lo -11 0 + 2elol10

We set

e l •j + 1 =3ei j -2eIj

(j= 1,2,3, ... ),

recursively, and obtain

If 2i ~ r then

eiJ = elj, el.j+ I

= elj'

Thus we find an idempotent e l in el by an algorithm requiring at most nog 2 r 1 steps. Suppose we have already constructed orthogonal idempotents e l , e2, ... , ek of A satisfying ejEej

and suppose there is ek+

I'

(1:::; i:::; k),

We pick any element ek+ 1.0 of ek+ I and form

where

It follows that ek+ 1.1 Eek+ I, ef+ 1.1

ejek+ 1.1 -

ek+ 1.1

= ek+ 1.1 ej = 0 (l:::; i:::; k),

= Ilk + lEA,

<

where nk + I is nilpotent. Now we form as above an idempotent ek + I of ek + 1.1 > belonging to ek+ I' It follows that ejek+ I = ek+ I ej = 0

(1:::; i :::; k).

117

The group of an equation

Thus we construct a countable chain of orthogonal idempotents el, e2,'" such that ejEej for i= 1,2,.... 0 Thus the lifting of idempotents is seen as an effective algorithm which will be used in many connections.

4. Purely inseparable equations Another reason for inseparability occurs over base rings R with the property that for some prime number p every element of R has p-power characteristic: We say R has characteristic pV (vEN) if pVR=O,

pv-1R#O.

°

We say R has characteristic pro if pVR # for all vEN. Let A be a unital commutative overring of the ring R with p-power characteristic.

Definition (9.19) The element x of A is said to be purely inseparable over R if it satisfies an equation x P"

-

a=

°

>-0

(aER,j1E£'.~)

over R. h~~~

~~

All purely inseparable elements of A over R form a unital subring R P- n A of A containing R. 00

Proof If x is in R then we have

°=

x po - x

=x

- x

so that x is purely inseparable over R. For any two purely inseparable elements x, y over R we have equations x p" -a=O,

yP' -b=O,

pll'a=O,

pV'b=O

(a,bER;j1,v,j1',V'E£'."'o).

The identity

is used for sufficiently large exponents A. to produce only terms

. A . ( pA) i XlyP - I (0 ~ i ~ pA) on the right which are already in R. This is always true if i is divisible by pmaX(Il,V). If i is not divisible by pmax(I',v)

118

The group of an equation

then we use the fact that p), divides {

~),) (see exercise 5). Assuming already

that A> max(Jl, v) we know that either require even

Xi

or yP'-; has a factor in R. Now we

A> max (Jl, v) + max (Jl', v') and conclude that

(Pi),)X i/ ' ; = O. Hence x

+ y is purely inseparable over R. The same is true for xy because of

Thus proposition (9.20) is demonstrated.

D

Corollary

(9.21)

(W- nA)P- nA = RP- nA. oo

OO

oo

The overring A is purely inseparable over R if every element of A is purely inseparable over R. Proposition

(9.22) If R is algebraically indecomposable thim also any purely inseparable overring A of R is algebraically indecomposable.

Proof This is because any idempotent e of A satisfies an equation

eP" -a=O with a in R so that

e=e P" =aER.

o

If R is a field then R is a field of prime characteristic p. Definition

(9.23)

The equation (9.2) is said to be purely inseparable over the ring R if the universal splitting ring S(f I R) is purely inseparable over R. From Proposition (9.22) it follows that the group of a purely inseparable equation of degree n over an algebraically indecomposable unital com-' mutative ring R of characteristic p. (VEZ>o or v = (0) is 6 •. For example, any polynomial of the form

f(t)

= TI W s

i= 1

",

ai)

The group of an equation

119

leads to a purely inseparable equation (9.2) over R. If R is a field of prime characteristic p then this is the only possibility. A field R of characteristic p was defined to be perfect if every element of R is a pth power. For such fields R itself is the only purely inseparable extension of R. In general we form the purely inseparable extension RP- oo of R consisting of all symbols -, aP (aER, AEl';'o), with operational rules given by - A

-11

A

Jl

aP = bP ~aP = bP aP· ' + bP-· = (aP" + bP't-' -., aP-'bP-· = (aP"bP'Y-'-·, with identification rule for the new symbols

,

-,

aP = b~bP = a and pth root operations given by -1

(a P t

-1

-A-I

= aP

(a,bER; A,Il El';'o)

as the smallest perfect extension of R which is embedded (up to isomorphy) as subfield into any perfect extension of R. For any finite extension E of R we have the maximal purely inseparable subfield

EnRP- oo

= {xEElxP'ER}

where pV is the greatest p-power dividing [E:R]. We also form the subfield p":= {XP'yIXEE,YER}

as the smallest subfield X of E with the property that E is purely inseparable over X and X contains R. We observe that E is separable over En W and that p' is separable over R, moreover EnRP- oo nEP' = R, 00

5. Transition to overrings We generalize a remark of C. Jordan to

(9.24) Upon transitionfrom any algebraically indecomposable unital commutative ring R to an algebraically indecomposable unital commutative overring A the group of the equation (9.1) changes to a subgroup. Proposition

Proof The decomposition (9.5) of the universal splitting ring S(f /R) of f over R into the algebraic sum of indecomposable subrings gives rise to the decom-

The group of an equation

120

position s

S(f/A) = S(flR)®R A = ffiejS(flA) j=

(9.25)

1

of the universal splitting ring S(f / A) of f over A into the algebraic sum of subrings ejS(f /A) that are conjugate under the permutation automorphism group

6 •. A = 6 •. R ®R 1A' and that can be refined into the algebraic sum of algebraically indecomposable subrings:

ejS(f/ A) =

m

ffi eijS(f/ A), j= I

where the eij are the primitive idempotents of S(f / A). It follows that 6 •. A restricts faithfully to 6".R on S(f / A):

6".A IS(flR) = 6".R' Hence e I ' ... ,es form an 6".A -orbit. The equations ejje j = ejj, eijek = 0 (\

~j ~

m, i"# k)

imply that the 6".A -stabilizer of ejj fixes ej so that Stab (eu/6 •. A)ls(fIR) s Stab (eJ6".R)'

o

6. The principal equation of the universal splitting ring In order to apply the criterion (9.24) we first study the principal equation

of an arbitrary element e of the universal splitting ring S(f /R) of the monic polynomial (9.3) over R. The polynomial P~/R of R[t] is defined as the characteristic polynomial of the regular representation

.!

eb j =

L (XjkWb k k=1

(I ~ i ~ n!),

where b l , •.. , b,,! is an R-basis of S(f/R), for example we may take the standard basis defined in section 1.

Proposition

(9.26) P~/R(t) =

fl nEGn'

(t - n(m

(eES(f/R)).

121

The group of an equation

Proof By the 'generic argument'! Let d' [ X\ , ... , x"' y" Iv = (v \ , ... , 1',,), 0 ,,;;

A=

I' j

< i, 1 ,,;; i ,,;; II] (y,,:=

y~ I

...

y;;")

be a polynomial ring in n + n! variables over d'. Form

n

J(t)= " (t-xJ=t"+a\t n -\ + ... +an (ajEd'[x\, ... ,x,,],l ";;i";;n). j= \

Let R=d'[a\, ... ,ii",y,,1

O";;vj
be the subring of A which is again a polynomial ring in ii\, ... ,a",y. (0,,;; I'j < i, 1 ,,;; i ,,;; n) over d' so that

A = S(l/R). Let

~= O~vi
be the 'generic' element of A. By the specialization argument it follows that the monic polynomial P{/R(t) is irreducible of degree n! over R. On the other hand, the monic polynomial l(t) =

n

(t - n(~))

1teG n,

has all its coefficients fixed under each permutation automorphism. Since every non-zero element of R is of zero characteristic it follows that I belongs to R[tJ. Since fW = 0 and f is monic of degree n! it follows that

f(t)

= P~/R(t).

(9.27)

There is the homomorphism rf:

A--->S(.f/R): {

x.--->X.}

at:~;

(1";;i";;n)

so that (9.27) yields (9.26).

7. Discriminant ideal and trace radical Definition

(9.28)

Let a unital commutative ring R and a unital overring S of R with trace bilinear form Tr: S x S ---> R be given. If S has a finite R-basis X which is ordered then 0IXI(S):= det((Tr(xY))x,YEx) is called the discriminant of S over R as we already know. The discriminant generates all R-submodule of .o(R) which is said to be the discriminant ideal of S over R. We saw already in section 4 that the discriminant of the monic non-constant polynomial f generates the discriminant ideal of the equation ring R[t]lf.

122

The group of an equation

Hence f is separable over R if and only if the discriminant ideal contains no zero divisor. (9.29) Theorem Let R be a unital commutative ring. Let A be a unital commutative overring of R with finite R-basis b l , ... , bm. Let E be a A-ring with finite basis cl>"" cn over A. By the degree theorem the mn elements w(i-l)n+k:= bh (1 ~ i ~ m, 1 ~ k ~ n) form an R-basis of E. Let d(A/R) = det(TrA/R(bjbj», d(E/A) = det(TrE/A(chC k», d(E/R) = det(TrE/R(w"W v » be the discriminants of A/R, E/A, E/R relative to the bases b" ... ,bm; cI"",cn;wI"",wmn respectively. Then there holds the discriminant composition formula

d(E/R)

= d(A/R)nNA/R(d(E/A».

(9.29a)

Proof The regular representation of A over R relative to the R-basis b ... , bm is " defined as the matrix representation M: A -+ Rill XI": x f-+((Xjk(X» subject to xb j = Lk= 1 (Xjk(x)b k (I ~ i ~ m). The trace of E over R of the product of w(i-l)n+h and w(j-l)n+k is equal to

TrE/R(bjChbjcd = Tr A/R(TrE/A(bjbjchck» = Tr A/R(bjbjTrE/A(chCk»' Setting we have

TrE/R(W(i_')n+kW(i_')n+k) = Tr A/R(biYkkbi)

= Tr AiRCtl (Xij(Yki;)bjb) = jtl (Xjj(Ykk)Tr A/R(bjbJ m

=

L (Xji'YkdPji'

j= I

Suitable row and column interchanging of (M(Ykk»l<:;k.h" yields

d(E/R) = det ((M(Ykk»(B x In» = det (M('Ykk» det (B x In)

(9.29b)

with hence det(B x In) = (det(B»n = d(A/R)n.

(9.29c)

By the 'multilinear argument' we prove that det (M(Ykk»

= det (M(det (YkiJ»

(9.29d)

and because of det (Ykk) = d(E/ A), det(M(x» = N A/R(X) (xEA), we derive (9.29a) from (9.29b, c, d).

123

The group of an equation

The multilinear argument is used in order to prove the identity det (M(¢ik)) = det(M (det(¢id))

(¢ikEA, 1 ~ i, k ~ m, mEN).

(9.2ge)

Both, left- and right-hand side of (9.2ge) define functions fi:A,"x'"-+R (i = 1,2) subject to the three conditions (9.29f-h): (9.29f) in case the three matrices X, X I, X 2 have aU rows but thejth one in common and the jth row of X is the sum of the jth rows of Xl' X 2; (9.29g) in case the two matrices X, Y have aU rows but the jth one in common and the jth row of X is A times the jth row of Y with AEA; (9.29h) By the usual rules of determinantal calculus we show that fi(X) is the sum of the kvalues over the matrices arising from X after replacing in each row aU but one entry by zero. Clearly, those summands which contain a zero column turn out to be zero. There remain m! terms giving rise to the Laplace development formula

fi(X) =

L NA/R(sign(n)¢I,,(I)'''¢n,,(n))

(X = (¢ik)EA'"X '"), (9.29i)

hence (9.2ge).

o

Proposition (9.30) Let R be a unital commutative ring and A an R-ring with finite R-basis bl ,··· ,bn• (a) AL:={XEAIVYEA:TrA/R(xy)=O} is an ideal of A-the so-called

trace radica/- which contains NR(t\). (b) If R is a field and N R(A) is zero, then A is the algebraic sum of finitely many field extensions Ai (I ~ i ~ s, sEN) of subfields IJ\;R being iso-

morphic to R:

Proof (a) If Tr(xiY) = 0 for XiEA (i = 1,2) and all YEA then we have Tr«xi + x 2 )Y) = 0, Tr«Axl)Y) = Tr(xI(AY)) = 0 for all AER, YEA, hence A.L is an ideal. For any nilpotent element x of A it follows from the 'generic argument' that the principal equation ofthe regular representation of A over R specialized to x is t n implying xn = 0, TrA/R(x) = 0 and therefore NR (A) £ A.L. (b) Since the rank of A over R is finite there are only finitely many primitive idempotents, say e l , ••• , e., of A Therefore we have A = L:f= I Ai with Ai = eiA

124

The group of an equation

(l ~ i ~ s) and Ao = {x - exlxEA, e = e l + ... + es }. We note that Ao contains no idempotent. Hence, the minimal polynomial of every element yEAo over R is of the form my(t) = l"f(t), where J1.E N andf(t)ER[t] is monic and coprime to til. But in case f(t) "# 1 there would hold an equation a(t)t ll + b(t)f(t) = 1 (a(t), b(l)E R[t]) yielding the idempotent a(y)yll in Ao contrary to our construction. Hence, we have f(t) = 1 and Ao is a nilideal, i.e. Ao = 0 according to our assumption. It remains to show that each Ai (1 ~ i ~ s) is a field. For any element x "# 0 of Ai the minimal polynomial mx of x over eiR is a monic irreducible polynomial of eiR[l] satisfying mx(O)"# 0, hence we obtain _X-I =a;ILr=laj_Ixll-j for mAt)=tll+alt ll - 1 + ... + a", ao := 1, i.e. x is invertible in Ai and Aj is a field (1 ~ i ~ s). 0

Proposition

(9.31)

Let R be a unital commutative ring satisfying R = .Q(R), i.e. every xER\ U(R) is a zero divisor. Let A be an overring of R with finite R-basis b l , ... , bn . (a) Ai = O~d(A/ R)E U(R). (b) Let R be the algebraic sum offinitely many fields and A be commutative. Then A is separable over R, if and only if d(Aj R) is a unit of R.

Proof (a) The determinant d(A/R) is a zero divisor of R, precisely if there is a non-zero vector ~ = (e I, ... , es ER'IX I satisfying ~t X = 0 for X = (TrA/R(bjbk))1 "i,k",,' Hence, in that case there is an element x = Li'= I ejbj of A \ {O} such that Tr hjR(xb k ) = 0 (1 ~ k ~ n) and therefore Tr h/R(XY) = 0 for all YEA. However, if d(A/R) is a unit of R, the matrix X is invertible in R nxn and any equation gtx =0 (gER"XI) has the unique solution ~=O. (b) We first prove this in case A is a field (which of course implies that R is a field, too). Any element x of A satisfies a minimal equation mAx) = 0 over the subfield R of A, where mAt) is a monic irreducible polynomial, R[x] ~ R[t]/m x, the elements l,x, ... ,x ll - 1 with J1.=deg(mx) form an R-basis of R[x] with discriminant d(m x) = d(R[x]/ R). Supposing A can be obtained from R by a chain of separable adjunctions, then it follows from theorem (9.29) that d(A/ R) "# O. On the other hand, if A cannot be generated in this way, then the characteristic of A is a prime number p and there is an element x of A for which x¢R, x P = IXER, hence mAt) = t P - IX, d(mx) = 0, and therefore d(A/R) = 0 by theorem (9.29). Before we turn to the general case let us investigate the behavior of the discriminant of a finite R-basis b l , •.. , bn of the R-ring A in case that R is a unital commutative ring and that the R-basis is the disjoint union of two non-empty subsets, say b l .... , brn and brn + I"'" bn (mE N subject to 1 ~ m < n),

The group of an equation

A = Al

125

'm

+A2

for

Al =

L Rb j,

'n

A2

j= I

=

L

Rb j.

j=m+ I

In this case the regular representation P of A with respect to the given R-basis decomposes into

n-m

m

xb j =

L (Xljhbh, h=1

xb m+ i =

L

(X2ik bm+k

(l ~ i ~ m, I ~ j ~ n - m)

k=1

so that TrA/R(x) = Tr(p I(x))

+ Tr(P2(x)),

TrA/R(bjb k) = TrA/R(bkb;) = 0 (1 ~ i ~ m < k ~ n),

Tr A/R(bjbk) = Tr A,/R(bjbd TrA/R(bm + jbm+k)

(i, k = 1,2, ... , m),

= TrA2/R(bm+jbm+k)

hence d((AI

(i, k

= 1,2, ... , n - m),

+A 2)/R) = d(AI/R)d(A2/R).

Now suppose both d(AI/R) and d(A2/R) are non-zero divisors of R then the same is true for d((AI A 2 )/R). Let us also study the behavior of an algebraic sum A = A I EB A2 EB ... EB As of finitely many separable finite extensions Aj of a field 1A,R isomorphic to the field R. The separability of Aj over 1A,R means that the minimal polynomial mx,(t) of any element Xj of Aj over 1A,R is a monic sf:parable irreducible polynomial. The minimal polynomial mx(t) of x = XI EBx2 EB ... EBxs is the least common multiple of the polynomials mx.(t) of R[t] which is the product of the distinct ones among them and therefore a separable polynomial. Hence, R[x] ~ R[t]/mx(t) and the only R-derivation of R[x] is O. Thus it follows that A is separable over R. In this way we establish (9.31) (b) in the event that R is a field and J\. is an algebraic sum of finitely many finite extensions of R. Now let R be a field and A a commutative R-ring with finite R-basis such that A 1. = O. Then A is a unital overring of R because of A = :tr= I Rb j and by the previous results we see at once that A is separable over R. Conversely, let R be a field and let A be a separable commutative R-ring with finite R-basis b l , ... , b•. Then for any nilpotent element x of A we find that R[x] has the R-basis l,x, ... ,X,,-I, where JlEN and x" =0, X,,-I #0. If Jl is greater than one then there is the non-zero derivation D:R[x]-+R[x], D(f(x)) = Dr(f)(x)x (f(t)ER[t]) of R[x] over R contrary to assumption. Hence we must have Jl = I, there is no non-zero nilpotent element in A. Therefore we can apply (9.31) (a). By assumption each Aj is separable over 1A,R. It was shown above that d(A;/IA,R) # 0 (I ~ i ~ s) implying d(A/R) # O.

+

The group or an equation

126

If R is the algebraic sum of finitely many fields R j (I ~ i ~ s) then we set Aj = IR;A (I ~i~s) with algebraic decomposition A=:ti=tAj of A into ideals Aj which have the basis l R;b t , ... , lR;b n over R j • Applying the previous results we prove (9.31) (b) in the most general case. The subsequent two corollaries are now immediate.

Corollary Let R, A, E as in (9.29). Then E is separable over R over A and A is separable over R. Corollary

0

(9.32)

if and only if E is separable (9.33)

The universal splitting ring S(f /R) of a separable monic polynomial f over R is separable over R. Proposition

(9.34)

The discriminant ideal of the universal splitting ring S(f/ R) of a monic polynomial of degree n> lover R is generated by d(f)"!/2. Proof In the 'generic case' we have R = Z[al, ... ,an], where at, ... ,iin are polynomial variables, and J(t) = tn + att n- t + ... + an = n?= t (t - xJ, S(f/R)=Z[xt, ... ,xnl The discriminant d(J)=(-I)n(n-I)/2H"k(xj-x k ) is an irreducible polynomial in ai' ... , an. This is because any non-unit divisor of d(J) in R also is a divisor of d(J) in the polynomial ring S(J/R) in the variables XI' ... ' x~ over R. Hence it must have some divisor Xj - xk (i i' k). Because of 6 n -invariance it is either d(J) or it is the different expression t::;;,i
up to a factor ± 1. But 0(J) does not belong to R because for n > 1 the group G n contains odd permutations 1t and for each of those

Because of proposition (9.31) the discriminant ideal of S(J/R) over R is generated by some non-zero element d' of R. If there is an irreducible polynomial P i' ± d(J) dividing d' then it follows upon specialization that the discriminant ideal of S(l/PR)/(R/PR) is 0, but the discriminant of l/PR is the non-zero divisor d(J)/PR, a contradiction. Hence d' is a power of d(J) up to ± 1. Comparing degrees in the x/s in the formula

± d' = det(Tr(x~1 ···x: + (0 ~ I1j < i, 0 ~ Vj < i, 1 ~ i ~ n) yields d' = ± d(J)"!/2. Now we obtain proposition (9.34) upon specialization. +vI

n

Vn )

o

127

The group of an equation

8. The van der Waerden criterion Proposition (9.35) Let R be a unital commutative ring, let f be a monic non-constant polynomial of R[t] with discriminant d(f) not contained in the prime ideal p of R. Then the group of the equation

flp(x) = 0 over Q(Rlp) is 6 11 -conjugate to a subgroup of the group of the equation (9.1) over Q(R). Proof Let e" e2"'" es be the primitive idempotents of S(f IQ(R». We observe that for any element x of S(fI R) we find that

ej(Trslf/C\RII/CIRI(ejx»

=

L

ejn(ejx)

neG"

s

Trs(f/c(R))/O(R)(ejx)EQ(R)n

L ejR = R.

j= I

On the other hand let X be some R-basis of S(fIR) (e.g. the standard R-basis). Then we have equations ej =

L IXjyy

(lXjyEQ(R»,

yeX

Trs(f/O(R))/C(R)(ejx) =

L IXjy Tr (yx)

(XE X).

yeX

Since according to proposition (9.34) det (Tr(yx» = d(f)"!/2, it follows that d(f)"!/2IXjyE R,

(9.36)

d(f)"!/2 ejES(flQ(R».

(9.37)

The unital commutative overring R* of R that is generated by R and by all components IXjy (YEX) is a subring of Q(R) with the property that e" ... , es are the primitive idempotents of S(f IR*). Hence the group of the equation (9.1) over R* is the same as it is over Q(R). We shaH prove that the subset p*:= {xER*13/JEZ >o:d(f)" XEp} of R* is a prime ideal of R* intersecting R in p. Indeed, the ideal property of p* is trivial, since by (9.36) for every element y of R* there is a power d(f)" (vd'>O) such that d(f)vYER.

Clearly p ~ p*. If XEP* (') R, then there is a positive number /J for which

The group of an equation

128

d(f)" XEp. Since by assumption d(f)¢p it follows that XEP from the prime ideal property of p. Hence p*nR = p.

(9.38)

If YER*, zER*,

y¢p*, YZEP*,

then there is a natural number v for which

d(f)"YER, d(f)VZE R,

d(f)vYZEP,

d(f)"yd(f)"ZEp. By assumption

d(f)"y¢p, hence

d(f)VZEp because of the prime ideal property of p, hence ZEP*. It follows that p* is a prime ideal of R*. We form

N = (d(f)/p)-l in .Q(R/p). Now the elements

et

= N"!/2 I

(d(f)"!/21J.;y/p)y

YEX

of S(f /.Q(R/p)) are orthogonal central idempotents conjugate under G". They are also contained in S((f/p*)/(R*/p*)). Hence the group of the equation

flp.Q(R/p)(x)

=

0

is contained in an G,,-conjugate of the group of the equation

f/p*(x)

= 0,

(9.39)

and the group of the equation (9.39) is contained in an Gil-conjugate of the group of the equation (9.1) over R*. 0 The van der Waerden criterion is chiefly applied in case the residue class ring R/p is finite. In that case it is a finite field.

Proposition (9.40) The group of a monic separable equation (9.1) of degree n > 0 over a finite field R of q elements is a cyclic subgroup of G" generated by a permutation of type s·

n=

L n; ;= 1

when n 1 , n2 , ... , ns· are the degrees of the irreducible factors off over R.

129

The group of an equation

Proof Let e 1 , ... , es be the primitive idempotents of S(f /R). Because of the separability of f it follows that e 1S(f / R) is a finite extension of e 1 R and that the group of the equation (9.1) is isomorphic to the automorphism group of e1S(f/R) over elR which is cyclic. In fact, it is generated by the Frobenius automorphism raising every element of e 1 S(f/ R) to its qth power. Hence there is an element 1£ of 6" such that it(ed = e 1, (9.41 a) Let s'

f= nfj 1

(9.41 b)

j=

be the factorization of f into a product of distinct monic irreducible polynomials of R[t]. Since in e1S(f/R) there holds the factorization

n (t - e1xk) /I

etf(t) =

(9.41 c)

k=l

it follows after suitable renumbering of e1x1, ... ,e1x/I that /I,

etfl(t) =

n (t -

e1x k),

k=l

etf2(t) =

n k=/I' "I

+n2

(t - elxd,

+1

n /I

et!s,(t)=

(t-elxk),

k=n-Jls '+ I

iiie 1 Xk

= e 1 xl = e 1 Xk + i

(0 ~ j < nj, k = C~j n + 1} g)

hence it permutes the root projections as a product of cycles of length nl, n2"'" ns ,·

The permutation automorphism ii permutes

Xl"",X/I

since we have

o 9. Application of the van der Waerden criterion. A theorem of Cebotarev The van der Waerden criterion is a powerful tool for determining the group of a monic separable equation (9.1) over R = 71. In order to apply the test we choose prime numbers p and factorize f modulo p into a product of irreducible factors in accordance with the methods of section 5. If multiple factors occur then pld(f) and we cannot apply the

The group of an equation

130

r

criterion. Otherwise p d(f) and we obtain a congruence factorization s'

f ==

n fi

i~

mod plf[t],

1

where fl"" ,fs' are monic polynomials over If that are distinct and irreducible mod plf[t]. In each case we find that the group ofthe equation (9.1) interpreted as subgroup of 6" contains a permutation with cycle decomposition of type n = degfl

+ degf2 + ... + degfs"

This knowledge is cumulative in the sense that the number of possibilities for the group of the equation decreases as one finds new patterns of cycle decompositions. The great number theorist and mathematician N. Cebotarev showed in 1927 that the knowledge we gain by repeated congruence factorizations of f also is cumulative in a deeper way [3]: Denoting by A(n" ... , ns " x) the number of times that the congruence factorization modulo a prime number p :::; x yields the partition

(n(x) the total number of prime numbers :::; x) then A(n l , ... , ns" x)/n(x) determines a frequency that converges for x -+ 00 to the frequency of permutations of the cycle decomposition type (9.42) in the group of the equation (9.1). A proof of this theorem which is capable of even sharper formulation shall not be attempted here. Error estimates exist, but are not yet sharp enough to compare with actual number theoretic testing.

(9.43)

Example We consider a cubic equation f(x) = 0

for f(t) = t 3 + a l t 2 + a 2 l + a 3

over If with d(f) # O. We have four possibilities for the group of the equation which were listed already at the end of the first subsection. The group specific frequency distribution is as follows:

no.

group G

order

III 3

2 3

C2 = <(12»

I 3 2

4

63

6

1

frequency x cycle decomposition type

IxI txl+jx3 !xl+tx2 ixl+tx2+tx3

131

The group of an equation

Here we denote the partition

" aJ (a;El';'O) n= L ;= 1

briefly as

n" i

a;

;=2 a,> 0

with the exception of the partition

n=I+I+···+1 which is indicated as 1; also we write the frequency in front so that t x 2 means that half of the group consists of 2-cyc\es. For example for f(t) = t 3 - t - 1 we obtain the factorization:

p

congruence factorization mod p

partition type

2 3 5 7 11

irreducible irreducible (t - 2)(t 2 + 2t - 2) (t + 2)(t 2 - 2t + 3) (t + 5)(t 2 - 5t + 2) irreducible (t - 5)(t 2 + 5t + 7) (t - 6)(t 2 + 6t - 3) (t - 3)(t - 10)2 irreducible irreducible (t - 1O)(t 2 + 13t - 17) irreducible (t - 1O)(t 2 + lOt + 13) irreducible (t + 16)(t 2 - 16t - 10) (t - 4)(t - 13)(t + 17)

3 3 2 2 2 3 2 2 - (23 = - d(f)) 3 3 2 3 2 3 2

13 17 19 23 29 31 37 41 43 47 53 59

If we know d(f) (i.e. that d(f) is a non-square) then already the first test shows G = 6 3 , Not knowing d(f) we see already after three steps that G = 6 3 , The frequency up to 59 is distributed 7:8: 1 in favor of 3,2, I,excluding d(f) = - 23. For n = 4, 5 the simple criteria mentioned above suffice to guess the unknown group G after a few trials, in accordance with the following table:

132

The group of an equation

I. d(f} square, f has no linear factor

degree

II

4

5

(9.44)

cycle isomorphic comments to orderlGI distribution ------------------.------------------------2+ 2 I x I + I X 22 2 «12)(34» C2 3-impr. I x I + 3 X 22 4 C2 X C2 1B4 I x I + 3 X 22 + 8 x 3 '2(4 2-trans. 12 I x I +4x5 prim. <(12345» 5 C5 prim. I x 1+4 x 5 + 5 X 22 <(12345), (25)(34) > 10 DIO I x 1+ 15 X 22 + 20 x 3 3-tr. '2(5 PSL(2,5) 60 + 24 x 5 group G

(9.45)

II. d(f} non-square,fhas no linear factor

degree 4

II

group G

order IGI

«1234» <(1234), (24)

>

5

«12), (345)

>

<(12345), (2354»

65

comments 22 + 2 x 4

3-impr. 2+2 impr. 2+2 4-trans.

4

I x I+ I

8

I x I + 2 x 2 + 3 X 22 +2x4 I x I + 3 X 22 + 6 x 2 +8x3+6x4 Ixl+lx2+2x3 2+3 + 2 x 2.3 I x 1+5 X 22 2-trans. +lOx4x5 I x I + 15 X 22 + 20 x 3 5-trans. + 24 x 5 + 10 x 2 + 20 x 2.3 + 30 x 4

24

64

cycle distribution

6 20 120

X

isomorphic to C4

Ds

C6 Hol(C 5 )

PGL(2,5)

Here the partitions are denoted in the same way as in (9.43). But the symbol m x Oi> 1 ia , now indicates that the permutation group G contains precisely aj>O

m permutations of cycle decomposition type employing ai cycles of length i. The frequency is mil G I. The comment 'k-trans.' = k-transitive means the group G is k-fold transitive, but not (k + I)-transitive. In this case the order is divisible by n(n - I)···(n - k + I). The comment 'prim.' = primitive indicates that the permutation group G is primitive, but not 2-transitive. The comment 'impr.' = imprimitive indicates that the permutation group G is transitive, but imprimitive. In this case the permuted letters 1,2, ... , n can be grouped into blocks which are permuted as a whole by the elements of G.

133

The group of an equation

Each grouping corresponds to a partition of n given below the symbol impr. If the number of groupings is k> I then we write 'k-impr'. If the permutation group is intransitive then the distribution of the permuted letters into orbits corresponds to a partition of n which is given in the usual way: n = L.ia;,i (aiEZ~o, I ~ i ~ n). For the computation of cycle distributions we refer to [8].

Exercises 1. The group G is said to be the semidirect product of two subgroups A, B: G= A

XI

B= B

IX

A,

if A is a normal subgroup of G (denoted by A <J G) and B is a representative subgroup of G modulo A: AB=BA=G, AnB= 1.

(a) Show that there is the homomorphism /J:B-.Aut(A)

of B into the automorphism group Aut (A) of A such that p(b)(a) = b -lab

and that the elements of G are uniquely presented in the form g=ab

(9.46a)

(aeA,beB)

with multiplication rule gg' = ap(b -l)(a')bb'

(a,a'eA; b, b'eB).

(9.46b)

(b) Show the converse of (a): if Pis a homomorphism ofthe group B into the group Aut (A) then the element (9.46a) with multiplication rule (9.46b) and equality rule: ab = a'b'-a = a',

b = b'

(a,a'eA;b,b'eB)

form a group G of the form (a). (c) Show that the semidirect product A XI B is direct if and only if PCB) = 1. (d) If B = Aut (A) then HoI (A):= A >4 B is said to be the holomorph of A. Show that HoI (Cn) is isomorphic to the permutation group formed by the permutations (

Z

az+b

)

(ae U(lL/n), belLfn)

of the elements of lL/n. 2. The wreath product G l H of a subgroup G of 6 n and the group H is the group (OIH x 02H x ". x 8n H)

)
G,

obtained as the semidirect product of the direct product of n isomorphic copies

134

The group of an equation

of H (OJ isomorphisms of H on OjH (I :E:; i:E:; n)) and G with transformation action defined by n(Ojh)n- I = On(j)h (nEG, hEH, I :E:; i:E:; n). (a) Show that IGWI = IH I/'IG I· (b) Let f = gIn, g a monic non-constant polynomial of R[t], H the group of the equation g(x) = 0, then the group of the equation f(x) = 0 is 6 m lH. (c) Let R be a field of prime characteristic p, let f = y(l), y a monic separable polynomial of R[t], H the group of the equation g(x) = 0 over R, then the group of the equation f(x) = 0 over R is Sp.ZlI.

3. Let R be a unital commutative ring,! a monic non-constant polynomial of R[t]. (a) The idempotent e of S(f / R) is said to be Sn-orthogonal if the Sn-orbit of e consists of orthogonal idempotents. For example any idempotent of R is Snorthogonal with itself being the only member of its Sn-orbit. Prove: If e, e' are two Sn-orthogonal idempotents of S(f/R) with ee' of- 0 then ee' also is a Snorthogonal idempotent of S(f / R). (b) The idempotent e of S(f/ R) is said to be Sn-extreme if for any idempotent e' of S(f/R) satisfying ee' = e' we have Stab (e/S n) = Stab(e'/Sn). Show that every idempotent of S(f jR) is the sum of finitely many Sn-extreme idempotents. (c) There are finitely many orthogonal idempotents £ I' £2'"'' Er of R such that (I) E I +E 2 +···+Er =1. (2) There is an Sn-extreme idempotent ej of S(f/R) satisfying ejEj = ej (I :E:; i:E:; r). (3) For any Sn-extreme idempotent e'l of S(f/R) satisfying e'IEj = the subgroup Stab(e;/Sn) is SII-conjugate to Stab(e/S n). If eje; of- 0 then Stab (e/S n) = Stab (e;/Sn)' (4) The Sn-extreme idempotent e j can be chosen in such a way that Ej is the sum over the Sn-orbit of e j • Show that the Sn-orbit of e j is uniquely determined by E j • (d) Generalize the theorems on groups of an equation of section 9 to arbitrary unital commutative rings.

e;

4. (a) Let M j be two R-modules and B/M/i9 RM r ->R be R-bilinear forms on M j (j = 1,2). Then there is the R -bilinear form

B=B I XB2:MI®RM2-+R: (u l ®u 2) x (VI ® v2)1-> BI (u l ® v.) B 2(U2 ® V2)

(Uj, VjEM;, i = 1,2)

of M = M I ® RM 2' Show that the ideals Vj.B/R(M) generated by the determinants det(B(u j ® vd) (u j , VkEM;j, k = I, ... , i) satisfy j

OJ.B/R(M) =

L O}.B./R(M I)Oj- }.B,/R(M 2)

(OO.BJ/R(M j )

= R).

j=O

(b) Let R be an algebraically indecomposable unital commutative ring. Letfbe a monic non-constant polynomial of R[tJ Let e l , ez, ... ,e, be the primitive idempotents of S(flR). Then show we have

135

A separable equation over a field

o,,!/s,R(ejS(fIR)) = O"'/s,R(e 1S(fIR) On!/"R(eIS(f IR))' = d(f)"'!2 R,

(I ~ i ~ s),

5. (a) Show the validity of the van der Waerden criterion for all ideals of R with the property that d(f)/p is a non-zero divisor of Rip. (b) Let A be a unital commutative ring with nilradical NR(A) such that the factoring A/NR(A) is finite of p-power characteristic (p a prime number). Then show every automorphism of A/NR(A) raising every element x of A/NR(A) to XP"(IXEd'''o fixed) can be lifted to an automorphism of A.

6. Let F be a field,f a monic non-constant polynomial in t over F. Show that every idempotent of S(fI R) is generated from the idempotents of R[x I] upon application of 6", multiplication of non orthogonal idempotents and complementation of idempotents e of relative to idempotents e' bye' - e in case ee' = e = e'e of. e'.

2.10. How to determine the group of a separable equation over a field 1. Root finder The direct approach to the determination of the group of the equation

f(x)

= 0,

(IO.1a)

with

I(t) = t" + a1t"-1 + ... + a"EF[t], d(f) # 0

n > 0,

(to.lb) (to.lc)

over the field F proceeds by constructing a primitive idempotent e of the universal splitting ring S(fIF) and forming the G,,-stabilizer of e.1t is obvious that any method which must deal with an overring of F with n! basis elements is bound to be slow. Still, we use it to obtain

Proposition

( 10.2)

Given the constructive field F of zero characteristic and given a construction for a primitive idempotent e of the universal splitting ring S(fI F) of the separable equation (I 0.1 a-c) then we obtain a collStruction of the roots off in F. (b) Conversely, let F be a constructive field of known characteristic with the follOWing root finder: For any monic polynomial g of F[t] it can be decided in finitely many computational steps whether g has a root in F. If the decision is 'yes' then a root of g in F can be constructed. Then we obtain a construction of a primitive idempotent of S(fI F) for any monic polynomial f over F. (a)

136

The group of an equation

Proof (a) Suppose we have constructed e then the e-projection of S(J I F) is the finite extension eS(J I F) of eF generated by the roots ex 1 , ... , ex. of ef where Xl' ... , x. are the standard generators of S(J I F) over F so that

ef(t) =

n• (t - eXj) j=

1

in eS(JIF). The permutation group G = {nE6"ln(e) = e} is the group of the equation (lO.la) over F.lfit has no orbit of length 1 thenfhas no root in F. Now let rid, {i 2}, ... , {ir } (rEZ>O; 1 ~ i1 < i2 < ... < ir ~ n) be the orbits of length 1 of G then precisely the elements eXj" eXj2"'" ex j• are the roots of ef(t) in eF. Thus we know already that there must hold equations of the form eXj} = rxje (1 ~ j ~ r) where rx 1, rx2"'" ar are the roots of f in F. Only we don't know yet which particular elements of F they are. The principal polynomial of eXj j over eF is obtained in the form no

P

(t) = tn' l'Xi}

(mEZ>O;

+ I 1 b.tn!-i ;::::

I

O<m~n!,

bjEeF

(l ~i~m),

bm#O).

We know already that it factorizes into

Pex;,(t) = t"!-"'gj(t), where m is the degree of eS(JI F) over eF because eS(JI F) annihilates the complementary component (l - e}S(JIF). We find gj upon division of Pex;) by tn!-m. Since the characteristic of F is zero we obtain t - aj as that basis element of the divisor cascade of gj, D,(gj) which divides gj. We find the negative - a j of the root rxj of f as the constant term of t - rx j . (b) Conversely, let us assume that F is a constructive field of known characteristic with root finder. Let f be any monic non-constant polynomial in t over F. Then we construct a primitive idempotent of S(J IF) as follows: Initially set e = IF' Determine the group of permutations G = {nE6"ln(e) = e}. If G = I then e is primitive. If G # I then form a representative list L(G, 6.} of the 6.-conjugacy classes of proper subgroups of G. If e is not primitive then there must be an idempotent e' of S(J IF) that is stabilized precisely by one of the members of L(G, 6.} such that e'e = e'. We test the members H of L(G, 6,,) in the order given by the list. Form the F-subalgebra eS(JIR)H = {xEeS(JIF}IVnEH:n(x) = x}. It contains Fe.

A separable equation over a field

137

If eS(f/R)1I = Fe then there is no idempotent e' precisely stabilized by H such that e' e = e. Now assume that we find an element x of eS(f / F)II which is not contained in Fe. Then the principal polynomial of x is of the form

PAt) = t"!-"'g(t), where

m = dimFeS(f/F) = deg(g), and 9 is a monic polynomial of F[t] that is not of the form (t - a)m. We test whether 9 has a root in F. If the answer is 'no' then there is no idempotent e' of S(f / F) which is stabilized by H such that e' e = e. In this case we proceed to test another member of L(G, 6.) as candidate for H. If there is no other member of L(G, 6,,) to test then we conclude that e is primitive and G is the group of the equation. But if the answer to the test of 9 is 'yes' then construct a root a of 9 in F so that

g(t) =

g(a) = 0, (t - a)I'gl(t) (J1E~>o, gl(t)EF[t]),

gl(a)¥O, A(t)(t - a)" + B(t)gl (t) = 1 (A(t), B(t)EF[t]), e' = B(x)gl(x) = e'e' = e'e ¥ O. Now replace e bye' and go on as above. After a finite number of tests we find e itself to be primitive, and G will be the group of the equation f(x) = o.

o 2. Root finder and polynomial factorization over fields Proposition

(10.3)

Let F be a constructive field with root finder. Then there is an algorithm to factorize any given non-constant monic polynomial fin t over F into a product of irreducible monic factors fl"'" fs over F. Proof Apply induction over the degree n of f. If n = 1 then f is irreducible. Let n> 1. The proof of proposition (10.2) resulted in the construction of a primitive idempotent e of S (f / F). Applying G. to e we find all primitive idempotents of S(f / F) as the distinct G.-conjugates of e. Let X/>"',X n be the standard root generators of S(flF) where n is the degree off. The subalgebra F[x I] is isomorphic to the equation ring F[t]/f with XI as standard generator. For any non-empty sum over finitely many primitive idempotents of S(f/F) we test whether it belongs to F[x l ]. In this way we find all idempotents of F[x l ]; in particular the primitive idempotents

138

The group of an equation

of F[x l ] are characterized as those sums over distinct primitive idempotents of S(f/F) for which no proper non-empty subsum belongs to F[xil Say

ej=gj(xd (gjEF[t],deggjO) are the primitive idempotents of F[x I]' then

hj=f/gcd(f,gi)

(l~i~lT)

are mutually prime monic polynomials in t over F for which

f =

n" hi>

i= I

and we know that there exist equations

hi = Ii'

(ViEl'>o, I ~ i ~ IT)

withfi an irreducible monic polynomial in t over F. If IT > 1 then we obtain the full factorization of f over F by application of the induction assumption to hi (I ~i~lT). Now let IT= l. If D,hl i= 0 then we find that

fl =hl/gcd(hl,D,(hl))' Now let D,(hd = O. Hence the characteristic of F is a prime number p which divides n. It is determined by prime factorization of n and testing the equation qlF = 0 for each prime divisor q of n. Applying the root finder to the coefficients of hi we test the equation hi = jP

(jEF[t]).

If there is a solution then we obtain fl by application of the induction hypothesis to j. Otherwise we have plv l ,

= j I (tP), hl(t) = kl(tP), kl(t) = jl(ty', fl (t)

where jl is a monic irreducible polynomial in t over F. Applying the induction hypothesis to k I we construct it- Thus fl (t) = j I (t P) also is constructed. 0 3. Separable extensions of a constructive field with root finder

Proposition (10.4) If F is a constructive field with a root finder, then for every monic irreducible separable polynomial f in t over F also the finite extension E = F[t]1 f is a constructive field with a root finder.

139

A separable equation over a field

Proof It is clear that E is a constructive extension of F. If deg(f) = I then E = F has a root finder. Apply induction over deg (f). Let deg (f) > 1. Now let 9 be a monic non-constant polynomial in t over E. We want to decide whether 9 has a root in E, and if it has one we want to construct it. This is trivial if 9 is linear. Apply induction over deg(g). Assume that deg (g) > 1. The norm of 9 from E to F is a monic polynomial h of degree deg(f) deg(g) in t over F and 9 divides h in E[t]. Let h=TIi=lh; be a factorization of h into a product of irreducible monic polynomials in t over F. If d = gcd (h;, g) is a monic proper non-constant divisor of 9 then we test d and g/d according to the induction hypothesis. If one of them has a root in E then also y has one and we can construct it. If neither d nor g/d have a root in E then also 9 has no root in E. In either case we are done. It remains to discuss the case that for each h; either gcd (h;, g) = I or 9 divides hi' Hence, after suitable numbering, hi = h2 = ... = hj' hi =I h; (I < i::;; s), yl hi' I < deg(hl)' If y has a root IX in E then (t - 1X)lg, N E/F(t - 1X)lh, deg(Nli/f'(t -IX)) = deg(f), deg(hl)::;; deg(f) and hi must be separable. Assume that h I is separable of degree::;; deg (f). Now if deg (h I) < deg (f) then we have a root finder for the finite extension E I = F[t]/h; in accordance with the first induction hypothesis. Now E I is isomorphic over F to a proper subficld of E. Hence we can find a proper monic irreducible divisor fl of fin EI[t] such that E2=EI[t]IfI=EI[~]'

~=t/ft,

fl(~)=O,

fW = 0, deg(hddeg(fd = deg(f). Suppose this test is confirmed. Then E2 must be isomorphic to E and by the second induction hypothesis we decide whether the polynomial 9 in t over E2 has a root in E 2; and if it has one then we construct it. It remains to discuss the case that deg(hd = deg(f). We know that fh l is separable. We construct a primitive idempotent e of S(hl/F). Let Xl>'" ,X m be the standard root generators of S(fhdF) over F (m = deg(f) + deg(hd). If 9 has a root in E then there must be roots Xj, Xj such that f(exj) = 0 and Fisomorphisms

¢:F-+eF[ex;], ¢(A)=Ae (AEF), ¢(t/f) = ex;, g(ex j ) = 0, eX j = ¢(IX) for some IX of E. Hence g(lX) = O. Otherwise the decision is negative.

0

4. Primitivity test Definition (10.5) The extension E of the field F is said to be primitive if there is no field between

140

The group of an equation

E and F, i.e. for for every intermediate extension 'I' of F in E either 'I' = E or = F; F is the trivial primitive extension of F. If E is a non-trivial primitive extension of F then the extension E of F is generated over F by any element of E that does not belong to F:

'I'

e

(lO.Sa)

Definition (10.6) We say that the element of the extension E of the field F is a primitive element of E over F if (lO.Sa) applies.

e

Not every extension E with a primitive element over F also is a primitive extension of F. For example for F = Q, E = Q[t]/(t 4 + 1) we have E = F(e) (e = t/(t 4 + 1)), but there are 3 intermediate subfie1ds. Or, if E = F(~) is the rational function field in one variable over F then F(~2) is a proper intermediate extension i= F so that E is imprimitive. It follows that a primitive extension E of F must be finite. If it is not separable then F is of prime characteristic p and E = F(~), ~PEF, ~¢F.

e

Proposition (10.7) Let F be a constructive field with a root finder and let f be a monic separable irreducible polynomial of F[t]. Then the extension

E = F[t]1f = of F is primitive

F(~),

~

= tlf

if and only if the factorization s

f(t) =

f1 f;(t)

(/1 (t) = t - ~)

i= 1

of f into the product of distinct monic irreducible polynomials of E[t] has the property that the coefficients of any divisor of f d(t) = fl (t)fi2(t)··· fdt),

(1O.7a)

subject to the conditions

,

1 = il < i2 < ... < i, ~ s,

1 ~ r < s,

L ijldeg(/)

(1O.7b)

j= 1

generate E over F. Proof If there is a proper intermediate extension 'I' such that

Fc'l'cE then we have E = 'I'(~) so that the minimal polynomial d of ~ over 'I' is of the form (lO.7a) subject to (1O.7b), and conversely. 0 We remark that the primitivity of the separable extension E = F[t]/ f is

A separable equation over a field

141

equivalent to the statement that the group G of the equation f(x) = 0 over F considered as permutation group of the roots of the irreducible separable polynomial f is transitive and that there is no proper subgroup of G properly containing the G-stabilizer of anyone of the deg (f) roots of f. This remark made already by E. Galois became the motive for defining the concept of primitive permutation groups as outlined above. In case of feasible polynomial factorization algorithms we have seen how to reduce the solution of a separable equation to a sequence of separable irreducible equations each with primitive group. The properties of primitive permutation groups of finitely many letters have been researched extensively, but we are still far away from a full classification. Only for solvable primitive permutation groups a classification along the lines of C. Jordan's Traite des Substitutions and B. Huppert's thesis is feasible. For the convenience of the reader we present a table of the primitive permutation groups of six and seven letters: (10.8)

no.

number of permuted letters

notation of group

order

comments

360 60 2520 168 21 7

4-trans. 2-trans. 5-trans. 2-trans.

720 120 5040 42 14

6-trans. 3-trans. 7-trans. 2-trans.

-----

Even permutation groups 1 2 3 4 5 6

6 6 7 7 7 7

2(6

PSL(2,5)

21 7 PSL(3,2) Hol(G 7 )n2l 7 C7

~ 2(5

Odd permutation groups 7 8

9 10 II

6 6 7 7 7

66 PGL(2,5)

67 Hol(C 7 ) D14

~

65

Note: Hoi (G), the holomorph of the group G, is the semidirect product of G (as normal subgroup) with its automorphism group.

5. Permutation representations Before we go on with the analysis of the group verification task let us survey briefly the basic concepts on permutation representations in this subsection. Reference is made to H. Zassenhaus [18] and H. Wielandt [17].

142

The group of an equation

Definition (10.9) For any non-empty set S the bijections of S form the symmetric permutation group 6 s. We use as composition law ofn, n'E6 s the left-right application nn'(s) = n(n'(s)) (SES). A homomorphism (1O.9a)

of a group G into 6 s is said to be a permutation represeatation ofG over S (or of degree lSI given by the cardinality oj S). Thus there are just the conditions

to be met by

r. Two

r(gh) = r(g)r(h) (g, hEG),

(1O.9b)

r(lG) = ids

(1O.9c)

permutation representations, say (l0.9a) and (10.9d)

r':G-46 s ' are said to be equivalent:

(10.ge) if there is a I-I-correspondence (1O.9f) such that (l0.9g)

In other words equivalence of permutation representations amounts to a mere 'change of tag' of the permuted objects. It is reflexive, symmetric and transitive. The sum oJtwo permutation representations, say (1O.9a) and (10.9d), is defined as the permutation representation r

+ r':G -4 6 S0S':

(r

+ r')(g) = ng) + r'(g),

(10.1 Oa)

where the sums of two permutations nE6 s,

n'E6 s '

(10. lOb)

is defined as the permutation

(n + n')(a) =

{:~~~)

ifaES ifaES'

(1O.lOc)

of the disjoint union S 0 S' of the two sets S, S'. This addition of permutation representation satisfies the substitutional law: (l0.10d) It is also commutative and associative:

r + r' '" r' + r,

(r + r')

+ r" '" r + (r' + r").

(IO.lOe)

143

A separable equation over a field

Moreover, it satisfies the cancellation law

r + d ~ r' + d => r

~

r',

(1O.1Of)

so that the equivalence classes of permutation representations of G form a half-module. Each permutation representation (1O.9a) establishes the equivalence relation x~y G

(l 0.1 Og)

(X,YES)

on S that is defined by (1O.10h) i.e. 3gEG: g(x)

= y.

Note that for simplicity's sake we have used g(x) instead of r(g)(x) with operational rules: gg'(x)

We show that

~

= g(g'(x»

(g,g'EG; XES).

is indeed an equivalence relation.

G

Reflexivity:

X =

1GX => x G' x,

Symmetry: x G' y=>3gEG:y Transitivity: x G' y, y

= g(X)¢>3gEG:X = g-1(y)=> YG' x,

GZ => 3g, g' EG:y = g(x) =>3g, g' EG:Z

and

z = g'(y)

= g'(g(x» = (g'g)(x)=>x ~ Z. G

The equivalence classes of ~ on S are said to be the orbits of G acting on S via r or, simply, the G-orbits. G They provide a partition of S. If there is just one orbit then r is said to be transitive otherwise r is said to be intransitive. Each intransitive permutation representation (lO.9a) with finitely many orbits, say S l' S2'"'' S" is equivalent to the sum of the' transitive representations

r j: G -+ 6 s,: rj(g)(x) = g(x) (gEG; XES, 1 ~ i ~ r), r ~ r 1 + r 2 + ... + rr.

(lO.10i) (10.1 OJ)

Any transitive permutation representation is indecomposable in the sense that it is not equivalent to the sum of two permutation representations. The equivalence classes of permutation representations with a finite number of orbits form a half-module with the equivalence classes of transitive permutation representations as basis. For a given permutation representation (1O.9a) and an element x of S the elements 9 of G fixing x according to g(x)

=x

(10. 11 a)

144

The group or an equation

form the G-stabilizer of x, a subgroup of G variously denoted as

Gx = Stab (x/G) = {gEGlg(x) = x}.

(to.llb)

The G-stabilizers of G-equivalent elements, say x and y = g(x) (g some element of G) are G-conjugate:

Gy = gGxg- l . An example of a transitive permutation representation of a group G is provided by the left-action of G on the set (G/U)R of the right-cosets xU (XEG) of G modulo a given subgroup U: (to.llc) The G-stabilizer of the right-coset U is U. The G-stabilizer of the right coset

gU is the G-conjugate subgroup gUg- 1 (gEG). If (10.9a) is transitive then there is the I-I correspondence n: S 4(G/G x )R: yf--t {gEGlg(x) = y} for any fixed element x of S establishing equivalence with

r

~

r G,G,

r G,G x :

(XEG).

In other words, we obtain a full set of representations of the indecomposable equivalence classes of permutation representations of G by forming a representative set of the G-conjugacy classes of subgroups U of G and forming the associated transitive permutations r G,U' If U = I then we speak of the regular permutation representation r G.I which was derived earlier directly from the multiplication table of G. It is faithful, i.e. its kernel is I G so that G is isomorphic to the image r G,I (G). If U = G then we speak of the trivial permutation representation which maps every element of G on the identity permutation of a set formed by only one object. Its kernel is G and it is faithful only if G = I. The permutation representation (t O.9a) is said to be pl'imitive if it is transitive and if for every subset X of S consisting of more than one, but less than all elements of S there is an element 9 of G for which

o c g(X)nX c

X.

If it is not primitive then it is said to be imprimitive. In that case either r is intransitive or r is transitive and there is a partition of S into blocks of imprimitivity consisting of more than one but less than all elements of S such that the application of any element of G merely permutes the blocks. Such a partition is said to be a system of imprimitivity of r. The transitive permutation representation r G,U is primitive precisely if either U = G or U is a maximal subgroup of G. It is imprimitive precisely if there is a subgroup V of G intermediate to U and G: UC VcG.

A separable equation over a field

145

In this case the right-cosets of G modulo U belonging to the same right-coset of G modulo V form subsets of (G/U)R establishing a system of imprimitivity of r G,V' In fact, every system of imprimitivity of r G,V is obtained in this way,

6. Indicator method Let us develop another method of determining the group of an equation which is more efficient than the direct approach, The group of an equation is uniquely determined as an abstract group, But if the group of an equation is viewed as a permutation group of the n root generators of the universal splitting ring then it is only unique up to conjugacy under 6" so that it is more correct to speak of 'a group of the equation', Keeping this remark in mind let f be a monic separable polynomial of degree n > 0 over iQ, The application of the van der Waerden criterion yields a list of cycle decomposition patterns which must occur in any group G of the equation (10,1 a), Then we can establish a finite list L of non 6"-conjugate subgroups of 6" such that G is 6,,-conjugate to precisely one of the members of L. Among the members of L there is surely 6", But if d(f) is a square number then 6" ceases to be a candidate, actually 21" becomes the top candidate which must contain every other member of L. Assume now we have found already that G is contained, up to 6"-conjugacy in the member H of L. Without loss of generality we may assume that G£H,

Let L(H) be the subset of L formed by all those members of L which are 6"-conjugate to a maximal subgroup of H, but not 6"-conjugate to a nonmaximal subgroup of H, If L(H) is empty then we have G = H. Now let L(H) not be empty and replace every member of L(H) by an 6"-conjugate contained in H so as to yield a new list I.:(H) with the following properties: (a) Every member of I.;(H) is a maximal subgroup of H. (b) No member of L'(H) is conjugate to a non-maximal subgroup of H. (c) Every maximal subgroup of His 6"-conjugate to precisely one member of I.;(H).

If G c H then G is 6"-conjugate to a subgroup of some member J of I.;(H). Without loss of generality we may assume that G £ JEL'(H).

(lO.l2a)

Now we must test whether (lO.12a) applies or whether G=H.

(l 0.1 2b)

If (1O.12a) applies then we must be able to tell which member J of I.;(H) contains G and proceed with the same method replacing H by J until we

146

The group of an equation

reach the stage where (lO.12b) holds. This will always happen after a finite number of applications of the verification test. In order to carry out the test we need a generator system of the invariants of the permutation group H relative to a given subgroup J of H. Let

f(t) = t n + alt n- I

+ ... + an

(lO.13a)

be the 'generic' monic polynomial of degree n in t over the ring R

= ;E[a"

... ,anJ

of polynomials in the n variables a l , ... , an over ;E. Then the universal splitting ring of f over R is· the polynomial ring

A = S(f/R) = ;E[x" ... ,xnJ in the standard root generators of S(f /R) over R as polynomial variables over ;E. It gives rise to the factorization

n (t - xJ n

f(t) =

i~

(lO.l3b)

I

There holds the decomposition (1O.13c) over A into the direct sum of the modules Mi formed by the homogeneous polynomials of degree i in x 1>"" Xn over ;E. Thus Mi has the ;E-basis formed by the monomials (1O.13d) The group 6" of the permutation automorphisms of £

= Q(x I'"

.,

x,,) = O(A)

= S(f /Q(a l , .. ·, a,,)) has the fixed subfield

F=Q(a" ... ,a,,) with F-basis

n n

(lO.l3e)

"j

Xj

j~1

of £. The subgroup H formed by the permutation automorphisms if with n in H has the fixed subfield £H. Hence F = £Gn c £H c £ = £1.

According to the theorem on symmetric functions the monomials

a'l' .. ·a~"

(lljE;E~O, I ";;j";; n; .f J

~

1

Iljj =

i)

(I0.13f)

A separable equation over a field

147

in a l , ... , a" form a 1:-basis of Mi over R. A 1:-basis of A is obtained by mUltiplication of (10.13e) and (10.13f). What happens upon transition from 6", I, to H, J? The answer is given by

Theorem

(10.14)

(a) For any subgroup J of 6" the ring S(f/R)J of the fixed elements of A under the permutation automorphisms n of J splits into its homogeneous components

(10.ISa)

for MiJ

= S(f/R)J nM i.

(b) For any subgroup H of 6" containing J we construct afinite J-H-indicator set X J,II of homogeneous polynomials in Xl"'" X" over 1: with the following properties:

I.

(lO.ISb)

II. There is a natural number vJ,II such that for any element P of S(f / R)J there is a denominator vE.l>o with the properties that each prime divisor ofv divides VJ,II and that vP belongs to the ring generated by X J,II and S(f/R)II.

Proof (a) For any non-zero element y of S(f/R)J there is a unique representation of the form m

y=

2: Yi

(mE1:>o;YiEMi,O~i~m;y",#O).

(10.16)

i=O

For any element n of J we have m

y = ii(y) =

2: ii(Yi),

ii(yJEM i (0 ~ i ~ m).

i=Q

Due to the uniqueness of (1O.ISa)

ii(Yi) = Yi

(nEJ),

YiES(f/R)J

(0 ~ i ~ m).

(b) Any element Y of S(f/R)J is of the form Y --

'\'

~

A1'lll2"",'" Xl"1 xl"2'" xl' ..

O~::dlj<j l~j~1I

We apply the endomorphism

of the module A in order to produce the submodule of S(f I R)J n Mi generated

148

The group of an equation

by all elements

L

iy =

A/W'./,,)(X/!I ···X~,,)

O~I'j<j I~j~n

( A/II/I. E R,

It contains all elements

iy =

Illy

(YES(f/R)J nM;).

Hence for any element P of S(f/R)J there is a denominator VEu.:>o with the properties that each prime divisor of v divides III and that vP belongs to the ring generated by R and by the finite set formed by the elements

i(X~I···X::")

(O~/J.j<j, I ~j~n).

(1O.17a)

In the interest of economy we select a minimal subset X J.H.; of the set (1O.17a) subject to the degree conditions 11

L

(1O.17b)

/J.j= i,

j= •

and the condition that the module generated by

XUI.i

and by the module

;

L (S(.f / R)II n M j)(S(f/ R)J n M; _j) j= •

is offinite index in S(flR)J nM; for i= 1,2, ... ,

f U- 1)=(n)=n(n-I)/2. 2

j=.

We determine vJ H as the product of all prime numbers dividing IH lor anyone of the (2) indice~. We order XJ,II = U~Y.XJ'H.; so that members of higher 0 degree are later than members of lower degree. As an application of theorem (10.14) to the verification task we have (10.18)

Proposition Let F be a field. Let

f(t)=tn+a.t n-.

+ ... +a n

be a monic separable polynomial in t over F. Let e be an idempotent ofS(f / R) and Stab (e/e n ) = H,

where H is a subgroup of6 n and distinct en-conjugates of e are orthogonal. Let 1 be a member of the list L(H) of certain maximal subgroups of H. Let x.,x2, ... ,xn be the standard root generators ofS(.f/F) so that

n (t - x;) n

f(t)

=

;= •

149

A separable equation over a field

in S(f/F). Let <jJ be the homomorphism of A in S(f/F) that maps Xi on Xi' We assume that the characteristic of F does not divide vJ,II' Then there is a group of the equation f = 0 contained in 1 precisely if there is an element YE<jJ(X J.II ), such that eYEFe,

(10.19)

but the principal polynomial of ey of eS(f/F) over Fe has a root in Fe. Proof Let us observe that under the assumption of proposition (10.18)

S(f/F)J

= {xES(f/F)1 'VnEl:if.(x) = x} = F<jJ(I\)J.

Indeed, using once again the module endomorphism

J=Lif. TfeJ

of A we derive the direct decomposition

iliA = JA +(Ill I - J)I\, corresponding to the presentation

S(f/F) = <jJ(A)F = IlIS(f/F)

= <jJ(lllA)F = JS(f/F) -+- (ilil - J)S(f/F),

where

JS(f/F) = S(f/F)J = {xES(f/F)llx = x}, (llII-J)S(f/F)= {xES(f/F)1 Jx=O}, JS(f/F)n(llll - J)S(f/F) = {O}, so that

<jJ(AJ)F = JS(f/F) = S(f/F)J,

(10.20a)

e<jJ(AJ)F = eS(f /F)J = (eS(f /F»J.

(1O.20b)

If 1 contains a group of the equation S(f/F) for which

e'e = e',

f = 0 then

there is an idempotent e' of

Stab (e'/6 11 ) = l,

and hence the S.-conjugates of e' are orthogonal. If e<jJ(X J.H) ~ Fe, then

eS(f/F)J =

<eS(f/F)

II,

,/I» ~ Fe,

e<jJ(X J

contradicting the fact that e' is contained in (eS(f/F»J. Hence there is an element y of <jJ(X J,II) so that ey does not belong to eF. But

e'y = e'eYE(e'S(f(FW = Fe', hence the principal polynomial of ey of eS(f /F) over Fe has a root in Fe. Conversely, let

150

The group of an equation

such that

ey¢Fe, but the principal polynomial of ey of eS(f / F) over Fe has a root le with l in F. Since f is separable it follows that S(f / F) contains no nilpotent element over F. Hence there is an idempotent e' of eS(f/F) such that e'y = le', but the principal equation of (e - e')y of (ee')S(f / F) over (e - e')F has not the root A(e - e'). Since ey¢Fe, it follows that ey"# Ae, e"# e'. Since eYE(eS(f/F)V it follows that

e'E(eS(f/F)V,

Stab (e'/6.) = J,

a group of the equationf = 0 is contained in J. We present an indicator table of the primitive permutation groups of 6 alld 7 letters.

(10.21 )

no.

number of permuted notation of groups H letters

J

indicator set X 1.11

================================·--. __

-c~_~~~._.~_

~16

3

6 6 7

4

7

PSL(3,2)

I

2

a I , ... , a6 , d(f)

PSL(2,5)

J(X I X2 X3)

~{7

a I ' ... , a7 , d(f) 7

L XjXj+ IXj+3

j=

5 6

7 7

7 8

6 6

9 10

7 7

PSL(3,2) Hol(C7)n~{7

66 PGL(2,5)

I

J(X I X2) J(x I x 2), J(x I X4) J(X 7X3)' J(X 7X6) a l , •.. ,a 6 J(X I X2X3X4), J(X IX2X3 X5)

a l ,··· ,a 7 i(X I X2X3), J(X I X2X4), J(x I X 2X 5),

11

7

J(X I X2 X6) J(x7xd/2, J(X 7X2)/2

151

A separable equation over a field

Note that the denominators always are one. Here we view PSL(3, 2) as the automorphism group of the seven Steiner triples (i, j + I, j + 3) (l ~ j ~ 7) in seven letters j = 1,2, ... ,7 (identifying 1 and 8, 2 and 9, 3 and 10). It is a doubly transitive permutation group of 1,2, ... ,7 containing the 7-Sylow subgroup C 7 =«1234567)) and its normalizer Hol(C7)n1217 = (C 7,(241)(365). Let us remark here that the work involved in testing the condition (10.19) can be shortened considerably upon choosing the basis X J.1l subject to the additional condition

fix J •Il =o. of IHI] - fi

(10.22)

It is realized upon application in place of ] in the proof of theorem (l 0.14). With this new choice of X J.H it follows that (10.19) is satisfied precisely if the root of the principal polynomial of ey of e(f / F) over Fe is contained in Fe, but not zero. 7. Root estimates over C In order to simplify the group verification task over the complex number field C we apply some simple estimates of the roots of a monic polynomial f(t) = til

with coefficients I,

+ alt"- I + ... + all =

n (t II

~i)

(1O.23a)

i= I

al,... ,an and roots eI " " , ~II in C. From the Vieta formulae (IO.23b)

we derive the estimates

lad

C

~ "J,
i

(l

~ ~ n), j

(l0.23c) max J~J~n

I~jl ~ ~(f):= max l(ai/(~))l/il ~ la~/nl = 1(.0 ~i)1/1I1 ~ I~,~"

1-1

min

leil,

I~j~"

(10.23d) where the non-negative number ~(.f) defined by (1O.23d) is a kind of average root magnitude. It vanishes if and only if all roots are zero. It is easily computable in terms of the coefficients of f. In order to find an upper estimate of the maximal root magnitude of the equation

e? + aIe;' - I + ... + an = we derive from it the estimate

0,

152

The group of an equation =

(¢(f) + I~d),' -I~d",

2I/"I~d ~

max I~d ~ ¢(f)/(2 1/11

-

¢(f) + I~d,

I),

(I0.23e)

where 21/11 is the real positive solution of ~" = 2. In case a" i= 0 we obtain by application of (1 0.23c) to the polynomial

" n( i~

( -

):-1)_

<, 1

-

t

1

II

+ a"-1 a" _ 1 ( ,,-1 + ... + a"-I ,

the estimate min I(d I~,~n

~ (2 1/" -

l)/max I~,:c;;"

l(a"_i/(~)a,,)I/"I.

(10.23f)

It assumes the elegant form min I(d ~ (2 1/"

-

1)1¢(f)

(I0.23g)

in case la,,1 = 1. Though the estimates are sharp for certain polynomials like (t + IX)", t" + t((t + IX)" - t"), in general better estimates can be found with little effort. As a matter of fact most pocket calculators have built-in algorithms for obtaining approximate solutions of f(x) = o. We remark that

¢(f(t)) = ¢((t ± ¢(f))"),

(1O.23h)

in view of the definition of ¢(f). There holds the majorization estimate: ¢(t"+aIt"-I+···+a,,)~¢(t"+bI("-I+ ... +b,,)

if

lad~lbil

(l:(i~n).

(lO.23i) Let us note that two polynomials

f(t)=t"+ I" a/,-i,

m

g(t) = t m +

i= 1

I

bit m - i ,

i= 1

which are majorized by polynomialsf*, g* with only non-negative coefficients the productfg is majorized by f*g*. From this remark it follows that

¢(fg) ~ max (¢(f), ¢(g)).

(10.23j)

Upon skilful use of g and use of (l0.23j) we can usually improve the estimate (1O.23e). 8. Group verification over Q Suppose we have a monic separable polynomial

f(t) = t" + a l (,,-1 + ... + a" with coefficients in Z of which it is known already that a group of the equation f(x) = 0 is contained in the subgroup H of 6". Let J be a member of the list L(H) referred to earlier. We would like to know whether a group of the equation f(x) = 0 is already contained in 1.

A separable equation over a field

153

For this purpose we like to employ finite field methods. In other words we form a minimal splitting extension IF> of the polynomialf /p over IF p where f / p is the monic polynomial in t over IFp that is obtained upon replacement of the coefficients off by their residue class modulo p. In order to avoid repeated roots we assume that

(1O.24a)

pld(f), hence there holds a factorization

n (t /I

f(t) =

~i)

(1O.24b)

i= 1

of fin n distinct linear factors of IF p',[t]. The automorphism group of IF p" over IF p is generated by the Frobenius automorphism of IFp" which raises each element of IFp" to its pth power. This automorphism generates the permutation p of G n defined by setting ~f

= ~P(i)'

(l0.24c)

In order that there is any chance at all that J contains a group of the equation f(x) = 0 there must be an Gn-conjugate of p contained in J, as follows from the proof of the van der Waerden criterion. We assume without loss of generality that

(10.24d)

pEJ.

Now let S(f /e) be the universal splitting ring off over the complex number field C. It is generated by the standard root generators XI" .. , Xn so that n

f(t)

= n (t - xJ

(1O.24e)

i= 1

It contains as subrings S(f/O), S(f/Rd, S(f/7L), where

R1 =

<7L, d(f) - >. 1

By assumption there is an idempotent e of SU/R 1 ) such that Stab (e/G/I)

= ii,

(10.24f)

and that the distinct Gn-conjugates of e are orthogonal. There is an epimorphism

r:S(f/R1)-+lF p "

satisfying

r(xi)=ei

(I~i~n).

(10.24g)

In fact there is a factorization

= n (t /I

f(t)

'7i)

(1O.24h)

i=1

of fin Crt] such that 0('71, ... ,'7/1) is a minimal splitting field of f over 0

154

The group of an equation

and there is the epimorphism

~Yll

e:S(f/R 1) -+ RI , ... , YIn],} e(x;) = Yli (1 ~ I ~ n), e(e) = 1,

(10.24i)

and the epimorphism

t/J: R1 [YI 1 , ... , '1,,]. -+ IF p"' } t/J('1i) = ei (1 ~ I ~ n),

(1O.24j)

so that r

= t/Joe.

(10.24k)

Now we make the further assumption that (10.241)

P!VJ,H'

Then there is the epimorphism cJ>:A -+ S(f /lL) such that e(RI ['11, ... ,'1n])J = <eR 1 ,ecJ>(X J,II)'

Each member y of XJ,H is of the form

y = J(X~IX~2 .. ·x~"), hence the roots of the principal polynomial ofcJ>(y) of S(f/C) over Care of the form "nl"

nll2

L., ""(1)·,,,(2)

... nil"

neJ

',,,(n)'

and the same is true up to the factor e for the roots of the principal polynomial of ecJ>(y) of eS(f/C) over ec' It follows that the absolute value is bounded by

IJI ( max l'1kl)I7= "". l~k~n

On the other hand, we have cJ>(Y)E IF p because of the assumption (1O.24d). We represent the elements of IF p by the least remainder R(a,p) of the rational integer a mod p. Suppose now that ecJ>y is a rational integer. Then we have the rough estimate

IrcJ>(y)1 ~ 111 (


1

)(2) =:M

1

(lO.25a)

which can be greatly improved upon by taking into account the special choice of y from X J,II and more precise knowledge of the magnitude of the roots of! in C, If J contains the group of the equation! = 0 then one of the ii-conjugates of y must be a rational integer. On the other hand, if J does not contain the group of the equation or any ii-conjugate of it then it follows from the fact that cJ> is an H-module isomorphism that no ii-conjugate of cJ>(y) is a

A separable equation over a field

155

rational integer. Setting (II:J)

U nJ

H=

j~

1

it follows that for any rational integer b the elements e1t j<1>(y) - b (I ~ i ~ (H: J» are the algebraic conjugates of e<1>(y) - b and that their product is a rational integer which is non-zero in case J does not contain the group of the equation nor any H-conjugate of it. Similar to (1O.25a) we also have the estimate (1O.25b) Hence, if (1O.25c) then we have le1t j<1>(y) -

I}J

(II:J)

bl ~ 2M 1,

I

(e1t j<1>(y) - b) ~ (2M 1

r:

J ).

Suppose now that r<1>(y) == b mod p,

then we find that r

(:ft)

Ibl ~ M 1>

b = R(b,p),

(e1tj<1>(y) - b) ) == 0 mod

p, pi

:ft)

(e1tj<1>(y) -

(1O.2Sd)

b).

Hence, if J does not contain the group of the equation nor any H-conjugate of it and if (1O.25c), (1O.25d) hold then we have the inequality

p ~ (2M

lr:

(1O.25e)

J ).

As an example let us study W. Trinks' equation [14]

x 7 -7x + 3 = O. The monic polynomial 7

fI (t -

f(t) = t 7 - 7t + 3 =

i~

1'/j)

1

is irreducible over IF 2 since f is not divisible by the irreducible polynomials t, t + 1, (2 + ( + 1, (3 + t + I, t 3 + t 2 + 1 of 1F 2 [t] of degree ~ 3. Hence f is irreducible over IF 2' The discriminant of the trinomial f is

d(f) = 6 6 '7 7 _773 6 = 38 '7 8 = (3 4 '74)2, hence the group off is even and contains a 7-cycle. The derivative

D,(f) = 7t 6

-

7

has two real zeros viz. 1 and - I. Sincef(l) = - 3,/( - 1) = 9,/( + 00) = + 00, f( - 00) = - 00 it follows that f has precisely three real roots by Sturm's rule, hence f splits over the real number field into the product of three linear factors say t - 1'/1> t - 1'/3' t - 117, and 2 quadratic factors, say (t - 1'/2)(t - 1'/4)'

The group of an equation

156

(t - '1s)(t - '16) with '12' '1s complex non-real and '14 complex conjugate to '12, '16 complex conjugate to '1s· The group of f over IR is generated by the double transposition (24) (56). Hence the group G of f over (]) contains a double transposition. Consulting the table of primitive groups of 7 letters we discover that either G = m: 7 or G = PSL(3, 2). And in the latter case G is generated by the double transposition (24) (56) and the 7-cycie p = (1234 567). In order to test the latter possibility we set

J=PSL(3,2),

H="l17'

X J ,II={Y}'

y=J(X I X2 X4 )·

We must test whether one of the six complex numbers 7

C=

L: '1,,(i)'1,,(i+ 1)'1,,(i+3) 1=1

('18 = '11' '19 = '12, '110 = '13; n permutes 1,3,7)

is a rational integer. In our case we don't have to seek for larger prime numbers. We simply take good approximations· of the complex numbers '11'" ., '17 and test whether one of the six Cs approximates a rational integer a well enough such that the product of the 15 H-conjugates:

is < 1 so that C- a = 0 is obtained. We use the estimate

lew + al ~ lal + 7bcd. where b, c, d are the maximum, the next highest and the second highest among the 1'1d. In our case we find that indeed

n I(C(j) - a)1 < 1, IS

j= I

so that PSL(3,2) is the group of Trinks' equation.

Exercises 1. (a) Find approximate values for 11 1 , ••• ,117 and determine natural numbers b, c, d serving as upper estimates for the maximum, the next highest and the second highest among the Illil of Trinks' equation. (b) Compute the six to the required amount of accuracy and determine which of them is a rational integer. (c) Choose a prime number suitable to test the group of Trinks' equation and determine the possible outcomes ofLl= Illilli+ l'1i+ 3 modulo p depending on the 6 possible arrangements of 111112114' assuming already that (\ 234 567)EG = G I6S ' Verify in this way that G is the group of Trinks' equation. (d) Which method (a) + (b) or (c) is raster?

"S

The cyclotomic equation

157

2.11. The cyclotomic equation Any finite group G defines the group ring RG over a given unital commutative ring R with the elements of G as R-basis and the multiplication table of G as basic multiplication rule. The trace of the regular representation (relative to the basis G = {g 1 , ... , gIGI}' see (3.25c) and (12.2))

(1Ll ) is given by

(11.2) so that the discriminant is

d(RG/R) = det (Tr (gjgk)) (11.3)

=IGI IGI . In particular for finite cyclic groups G = = CIGI ,

(11.4a)

RG ~ R[t]/(t IGI - 1), R

(11.4b)

d(RG/R) = d(t IGI - I) = IGIIGI ,

(11.4c)

we find that

hence the cyclotomic polynomial t lGI -

is separable over R if and only if The cyclotomic equation

1

(11.5)

IGI is not a zero divisor of R.

x" - 1 = 0

(nE£:>O)

(11.6)

has been the subject of inquiry since the earliest beginnings of algebra, but has still not revealed all its secrets. Its group over the rational integer ring is abelian. Its importance is demonstrated by L. Kronecker's theorem that any finite abelian extension of the rational number field can be embedded into a suitable cyclotomic extension.

(11. 7) If the natural number n is not divisible by the characteristic of the field F then the group of the separable equation (11.6) is abelian.

Proposition

Proof Let S((t" - I)/F) be the universal splitting ring of the monic separable polynomial t" - 1 and let Xl"'" x" be the standard root generators of S((t" - I)/F) so that

t" - 1 =

n" (t -

j;1

Xj)'

The group of an equation

158

Then for any primitive idempotent e we obtain the n distinct projections ~ i ~ n) such that

eX i (I

II

t"- e =

Il (t -

ex i)

i= \

and the elements of

G = Stab (e/6 n ) permute the root projections eX i (1 ~ i ~ n) generating the minimal splitting field E = eS«tn - l)/F) of t n - e over eF. We observe that ex \ , ... , eX II are the only roots of til - e in E. Since the equations

(eXi)" = (exj)"

=e

imply upon multiplication that

(exiexj)n = ee = e, it follows that the roots of til - e in E form a group X of order n. Since any finite subgroup of the multiplicative group of a field is cyclic it follows that we have after suitable numbering of x \ , ... , Xn

eX i = (ex\)i

(1 ~ i ~ n),

so that there holds the multiplicative to additive isomorphism

r: X -+Z/n: exit--+i + nZ (I

~

i ~ n).

Each permutation automorphism nEG restricts on X to an automorphism of X. Since X generates E over eF it follows that G restricts on X faithfully to a subgroup of Aut (X)

~

Aut (Z/n)

~

U(Z/n).

The units of Z/n form an Abelian group of order qJ(n) where

qJ: Z>o-+Z>o: nf--->#{iEZ>oll

~i~n,gcd(i,n)=

I}

is the Euler qJ-function, G is isomorphic to the subgroup represented by the integers i" defined by

o Theorem (11.8) The group of the cyclotomic equation (11.6) over the rational number field is isomorphic to U(Z/n). Proof Using the same terms as in the proof of proposition (11.7), but for F = 0, we note that the universal splitting ring S«tn - 1)/R\) with R\ = contains the same idempotents as S«t" - 1)/0) and that we have an

159

The cyclotomic equation

epimorphism

E: S((t" - I)/Rd--->S((t" - 1)/(l'/p)), mapping the standard root generators x \ , ... , x" of S( (t" - 1)/R tl on the standard root generators y\ , ... , Yn of S( (t" - 1)/(l'/p)) for any prime number p not dividing n. It maps the primitive idempotent e of S((tn - I)/Rd on some idempotent E(e) of S((t" - 1)/(l'/p)) such that eX i = (ex\)i, c(exJ

= c(e)Yi = (c(e)yd i (l ~ i ~ n),

Stab (E(e)/6,,) = Stab (e/6,,) =

G,

where G is the group of the equation (1.6) over Q. There is a primitive idempotent e' of S((t" - 1)/(l'/p)) for which e'E(e) = e', and the projections e'Yi = e'eYi = e'e/\

= e'yi\ (l

~; ~ n)

are distinct, generating a minimal splitting field IFp. of the equation xn - e' = 0 over e'lF p' The group of the equation x" - e = 0 is generated by a permutation automorphism n which leaves e' fixed and raises every element e'Yi to its pth power: n(e'Yi) = (e'Yi)P = e'Ypi

(I ~;~n,Yj=)lk forj==kmodn).

Hence G contains the permutation automorphisms np mapping Xi on Xpi (p any prime number not dividing n) subject to Xj

= Xk

for j

== k mod

n.

Using prime factorization of any natural number m that is prime to n it follows that G contains the permutation mapping Xi on Xmi (l ~ i ~ n). Hence G ~ U(l'/II). 0 It follows from theorem (11.8) that the minimal splitting field En of t" - 1 over Q is an Abelian extension of degree cp(n) over Q with automorphism group isomorphic to U(l'/II). It is generated by the n roots (II' (; , ... , (~ of ttl - 1 where (" is a primitive nth root of unity. Anyone of the cp(n) powers (~ (l ~ i ~ II, gcd(i, n)

= I)

is also a primitive 11th root of unity. They form a conjugacy class under the automorphism group Aut (E,,/Q). Since the complex numbers (", (/~ , ... , (~ = 1 form the vertices of a regular II-gon with the origin as center in the complex plane we speak of En as the 11th cyclotomic jield and of the polynomial n(t)

=

n

(t - (~)

1 ~i:S;n gcd (i,n); 1

as the 11th cyclotomic polynomial. Its coefficients are fixed by the automorphisms of En over Q, hence they are rational. On the other hand, the

160

The group of an equation

monic polynomial cPn(t) divides t n - 1, hence the coefficients of cPn(t) are rational integers. According to theorem (11.8) the polynomial cPlI(t) is irreducible of degree cp(n). We have En = E 2n if n is odd, since in that case the roots of cP2n(t) differ at most by sign from the roots of cPn(t), But there are no other equalities between cyclotomic fields. Indeed, if En = Em where n, m are two natural numbers satisfying n < m then En contains the products of the nth roots of unity and the mth roots of unity which are simply the lcm(n, m)-th roots of unity so that En = E)cm(n.m)'

cp(n) = cp(m) = cp(lcm(n, m)),

m = 2n, n == 1 mod 2.

There hold the factorizations n

tn-

fl (t -

1=

,~)

i; 1

= fl cPd(t).

(ll.9a)

dill

Using the Moebius inversion formula (5.14b) we find that

cPn(t)

= fl (t d -

l)"(n/d).

(l1.9b)

dill

In order to find the discriminant of the nth cyclotomic polynomial we make use of the following lemma. (11.10)

Lemma Let n > 1 be a natural number. Let

be the equation ring of the nth cyclotomic polynomial. Then the following elements are units of A: 1 - ,~ 1_

,~n/p.

1_

,~n/p.

(l ~ i < n, njgcd (i, n) is not a prime power),

(11.11a)

(VEZ>O, p a prime number, p'ln, 1 < i < p', pJi, 1 <j
Those units are said to be the cyclotomic units. Proof For any prime number p and any natural number v we have t P" - 1 p' ~ ) p' ---=t +t t - 1

_2

+ .. ·+t+l

(ll.llb)

The cyclotomic equation

161

Substituting I for t we obtain

n ¢p,(I), \'

p" =

i= 1

hence (by induction on v)

n

p=¢p,(I)=

(I-()

(i= 1,2, ... ).

(It.llc)

I(OI~p'

Suppose

n pt, S

n=

(SEZ>o, V;EZ>o, I ~ i ~ s)

i= 1

is a factorization of n into the power product of the distinct prime numbers PI'. ··,ps· Then we have t" - I

-- =

t-I

t" -

=

t

n

+ t" - 2 + ... + t + I ¢At),

I
and on the other hand

by (11.llc). Hence l¢d(1)1 = I if d is a natural number which is not a prime power, but divides II. On the other hand, ¢At) =

n

(t - ({."Id),

l~j
gcdlj,dl ~ I

¢AI)

=

n

(l - ({."Id),

I~j
gcd{J,d) ~ I

hence (11.11 a) is a unit (set d = II/gcd (i, II), j = i/gcd (i, n)). In order to show the unit nature of (11.11 b) we show that numerator and denominator divide one another (as elements of A). But in our case (~'P - 'and (~'P-" are powers of each other, so that the quotients in question can be evaluated as geometrical series. 0

Proposition (I 1.12) The discriminants of the cye/otomic polYllomials ¢,,(t) are given by (11.l2a-c): d(¢d = d(¢2) = I,

(l1.l2a)

d(¢pk)

= (-

l)q>(pk)/2 pq>(pk)(k - I/(p-

d(¢,,)

= (-

l)
(n

1))

(pE P, kE N, pk > 2),

p -q>(")/(p - II) 1Iq>(n)

(nE N, n > 2).

(l1.l2b) (l1.l2c)

pi"

Proof (11.l2a) is trivial. To show (11.l2b) we note that d(¢pk) is a rational integer,

162

The group of an equation

Hence it suffices to compute its absolute value and its sign. Let ( be a primitive pkth root of unity.

Pk- p-l pk-l p-l IIt }J l1 }J

1

1

Id(
1

1

«(ip+}_("P+V)

(i,})'f(Il,V)

Pk-I-2 n p-In pk-I-I n (I -

=I

X

(Il-i)p)

12

)= 1 Il=i+ 1

i=O

p-l Ipkrt Yl pkrfl n 1=0

J= 1

1l=1

v=1 v'fJ

v> jfor;::;::",

=

Xpk-I -

_

([

x

I]

I

)(P_I)Pk-1 p'l'(pk)(p - 2)/(p _ I)

x=1

= p'l'(pk)(k -I/(p- I))

, (see (IUtc)). For the computation of the sign of d(
n

= (- 1)('I'(n)2)

«( - (')

1<01=I
in case n = pk we proceed as follows. The factor C- " is real if and only if C" =

( - C' = C+ C

I

- 1. In

that case n is even,

= - (C' - C)

so that the partial product (C - C')(C' - C) is negative. The number of such partial products is qJ(n)/2, the sign of the product of the partial products is ( - 1)'I'(n)/2, In all other cases C- C' is complex but not real, so that it is distinct from C I --<0- 1 and (C - O(C 1_ «(')-1) is positive real. It follows that sign (d( 2. Hence, (11.12b) is proven. Finally, (11.l2c) is a consequence of (I 1.12b) and (9.29).

Exercises 1. Derive (11.9b) from (l1.9a). 2. Let d, nEN subject to din. Prove: tPd(t) =

n

(t - c~n/d).

l~i
gcd(i,d)= I

3. Carry out the necessary computations for proving (11.l2) in detail.

o

Normal bases

163

2.12. Normal bases 1. Introduction It was stated in chapter I, section 5 already that the Galois correspondence

between the intermediary fields of a normal extension E of the field F and the subgroups of the group G = Aut (E/F)

(12.1 )

is constructively set in evidence by means of a normal basis, i.e. an F-basis B of E consisting of the G-conjugates of a single element x of E. The existence of such a basis and its construction is the topic of this section.

2. Analysis of the problem The action of G on the members of a normal basis B is the regular permutation action: g(i(x»

=

gi(x)

(g, iEG).

(12.2a)

We have seen already before that the action of an automorphism of E over F is a linear transformation of E over F. With respect to the F-basis i(x)

(iEG)

we associate the matrix P(g) = (bi.gd

(i, kEG)

(12.2b)

with the action of G on a normal basis. We observe that we obtain the same action for left-multiplication of 9 on the basis formed by the elements of G of the group algebra FG of Gover F, thus P is the left-regular matrix representation of G with respect to the basis G of FG, or the Cayley matrix representation of Gover F. We have taken here the elements of G as row and column indices. If one prefers natural numbers for indices then we must number the elements of G as (12.2c) and set ggi = gn(g)(i)

(I2.2d)

where n(g) is a permutation of 1,2, ... , n derived from the multiplication table. In this case the Cayley matrix representation is derived from the Cayley permutation representation upon transition from a permutation n of (1,2, ... , n) to the corresponding permutation matrix (bi.n(k)' On the other hand, if we start with an arbitrary F -basis (12.3a)

The group of an equation

164

of E then the action of G on B' is defined by means of linear equations of the form

g(b;) =

•

L Y;k(g)b~ k=1

(l ~ i ~ n)

(Y;k(g)EF; i, k = 1,2, ... , n; gEG), (12.3b)

where the matrices

( 12.3c) of degree n over F provide a regular matrix representation r':G -+ F"x",

(12.3d)

i.e. a certain homomorphism r' of G into the n x n matrices with entries in F. The task is to choose a suitable new basis

(12.4a) subject to

•

bi =

L eikb~, k=1

b; =

L '1ik bk k=1

•

(12.4b) (I ~ i ~ n),

( 12.4c)

and with

x = (eid,

Y = ('1idEF"x",

XY= YX =1., g(bJ =

•

L Yik(g)bk> k=1

(12.4d) (l2.4e) (12.4f)

such that the new representation r: G-+F"x,,: gf->Xr'(g)X- I

(12.4g)

arises and the action of G on b l , b2 , ••• , b. becomes a mere permutation of the basis elements in accordance with the regular permutation representation. In order to carry out our task let us discuss matrix representations of groups and rings in greater generality and apply the concepts and statements obtained to our task. 3. Matrix representations

Definition Given a unital ring R and an R-ring A, then any homomorphism

(12.5)

(12.6a)

of A into the ring of all matrices Rf x f ofdegree f over R with the customary rules ofmatrix calculus is said to be a matrix representation of A ofdegree f over R. It

165

Normal bases

is said to be faithful

if the

kernel of the representation

ker il = {xEAlil(x) = O} is zero.

(12.6b)

This is because (12.6c) is the necessary and sufficient condition for il of (12.6a) to be a monomorphism. Two matrix representations of A over R, say (12.6a) and

il': A~Rj'xf are said to be equivalent over Riff

(j'E~>o)

(I2.6d)

= f' and if there is an element

X E U (Rfxf), for which il'(x) = X-I il(x)X

(xEA)

(I2.6e)

or, briefly, (I2.6f) The unit group U (R I x I) of R I xl is said to be the genera/linear group of degree

f

over R:

U (R I XI) = GL(j, R). From the multiplicative property of determinants it follows that the matrix equation

XY=I f

(X,YERfxf)

(12.6)

implies the determinantal relation det X . det Y

= I,

so that the determinant of X is a unit of R, hence

YX=I f ,

Y=X- 1 ,

XEU(RIX f ).

(12.6h)

Conversely, if the determinant of a matrix X of degree f over R is a unit of R then (12.6g) is solvable in Rfxf by a matrix Y of degree f over R, X is in U(RfXf), (I2.6h) holds with Y uniquely determined. For this reason the clements of GL(j, R) are said to be the unimodular matrices of degree f over R. They are said to be proper if their determinant is I. The proper unimodular matrices form a normal subgroup SL(j, R) of GL(j, R) with representative subgroup R(j, R) formed by the special diagonal matrices

di.g(" 1" .. , I)

~

(: 1 " , ] (<
In other words GL(j, R) is a semidirect product of the normal subgroup

166

The group of an equation

SL(f, R) and the representative subgroup R(f, R): GL(f, R) = SL(f, R) >l3IR(f, R).

(12.6i)

The normal subgroup

SL(f, R) = {X ERfxfldet (X) = I} of GL(f, R) is said to be the special linear group of degree f over R. The equivalence between two matrix representations A, A' is denoted by

A", A'. This relation is reflexive, symmetric and transitive so that the matrix representations of A over R are partitioned into equivalence classes.

Definition (12.7) The A-module M is said to be a representation module for the matrix representations (12.5) if it is an R-module with an R-basis u l ' u2 , .•• , Uf such that f

xU k =

L1 ~ik(X)Ui

(xEA; 1 ~ k ~f),

(l2.8a)

i=

where ~ik(X)ER

(i,k= 1,2, ... ,f)

(12.8b)

and ( 12.8c)

For example, the f -column module Rf x 1 turns into a representation module of (12.6) if we define Rf x I as a A-module via xu = A(x)u (xEA, uERf x I). (12.8d) The corresponding R-basis is formed by the f unit columns (12.8e)

which will again be used in chapter 3, section 2. The equivalence of two matrix representations A, A' with representation modules M, M', respectively, amounts to the same as the existence of an operator-isomorphism

q>:M-+M'

(12.8f)

of M on M', i.e. a module-isomorphism satisfying the additional conditions

q>(AU) = Aq>(U),

q>(xu) = xq>(u) (AER, xEA, uEM).

(l2.8g)

We observe that a representation module M of A over R is an R-A-module, i.e. a unital R-module as well as a A-module with the additional rule

(AX)U

= A(XU) (AER, xEA, uEM).

(12.8h)

The converse need not happen. However, if R is a field, A is a unital R-module, M is a finite dimensional

Normal bases

167

R-module, and M is an R-M-module then there is a finite R-basis of M and M is a matrix representation module of A over R. In that case we speak of M as representation space of A over R. From the constructive viewpoint the existence of an R-basis of M is a very powerful aid. In modern research, under the leadership of O. Taussky, this aspect of representation theory has prevailed in most applications.

Definition A homomorphism

(12.9) (12.10a)

of a semigroup G into the multiplicative semigroup of the ring of f x f matrices over a unital commutative ring R is said to be a matrix representation of degree f over R. Thus the mapping (12.1 Oa) is characterized as matrix representation by the condition

f(xy) = f(x)f(y)

(x, YEG).

(12.10b)

The new representation concept turns out to be an extension of the previous one upon introduction of semigroup rings extending the group ring concept of section 11.

Definition (12.11 ) The semigroup ring of a semigroup G over a unital commutative ring R is defined as the R-ring RG with G as R-basis and the multiplication table of G as basic multiplication rule. Any matrix representation (12.10a) of G gives rise to the matrix representation ~: RG -+ Rf x f:

I YEG

..1.(g)g f-+

I

..1.(g)[(g)

(12.12a)

YEG

of RG over R by linear expansion of r. (Here ..1.:G-+R denotes a mapping with ..1.(g) = 0 for all but a finite number of gEG.) Conversely, every matrix representation (12.12b)

yields a matrix representation (12.1 Oa) of G via restriction (12.12c)

such that (12.12a) holds. From this reason matrix representations of semigroups and semigroup rings will be used interchangeably. However, it may happen that f is faithful and ~ is not. For example, if G is the cyclic group C 4 = (g) of order 4 and

The group of an equation

168

R is a ring with characteristic not 2, then the group representation

C4~R2x2: gkf->(~

[:

~y (0~k~3)

is faithful, but the corresponding matrix representation of RG is not faithful because of d(g

+ g3) = 0 and

9 + g3 # O.

Equivalence of matrix representations amounts to the same concept: [~['¢>3XEGL(f,R):

[' = X-I[X

¢>3X EGL(f, R): d' = X -I dX ¢>d

~

d'. (12.13)

Definition The sum of two matrix representations d j : A~R!;xf;

(i

= 1,2)

(l2.l4a)

o/the R-ring A a/finite degree over R is defined by block diagonal composition

d l EEl d 2 : A ~ R(f, + h} x(f, + h): X1---+ (

dl~X) d2~X)).

(12.l4b)

The representation conditions for d I EEl d 2 are consequences of the following rules for block diagonal matrix composition AlEElA2=(0 Al h x9,

0!,4X92) (AjERf;Xg;,fj,YjEZ>o; i= 1,2),

(12.14c)

2

Al EElA2 + BI EElB2 = (AI + B 1 )EEl(A 2 + B2), } A(AI EElA 2 ) = AAI EElAA2 (A j, BjER!;xg;,fj,gjEZ>o, AER; i = 1,2), (A 1 EEl A 2)(B I EEl B 2 )

(12.14d)

= A I B I EEl A 2B2 (A j, BjE Rf; xf;,fjEZ > 0; i = 1,2). (l2.14e)

If M j is a matrix representation module for the matrix representation (12.14a) of A over R, then MlEElM2 is a matrix representation module for d l EEl d 2. This remark sets in evidence that the addition of matrix representations satisfies the substitutional law, the commutative law, and the associative law up to equivalence: dj~d;

(i=

1,2)=>dlEEld2~d'IEEld~,

d 1 EEl l'l2

~

l'l2 EEl l'll'

l'll EEl (l'l2 EEl l'l3) = (d 1 EEl d 2) EEl l'l3'

(12.15a) (12.ISb) (l2.l5c)

For any unital R-ring A we distinguish proper, improper, and null matrix representations d depending on whether d(l,,) = I"

d(l")#I,,

l'l(l,,)=O,.

169

Normal bases

In the latter case we will have ~(x) = ~(xl ,,) = ~(x)~(l ,,) = Of. If R is a field then any improper matrix representation ~ which is not null is equivalent to the sum of a proper and a null representation. This is because of the Peirce decomposition of any representation space M of ~:

M = 1M

+{x -

lxlxEM}.

4. Permutation representations and matrix representations The permutation representations ~:G

--. 6 n

(12.16a)

of a group G by permutations of n letters give rise to matrix representations ~ of degree n over any given unital commutative ring R upon representing 6 n faithfully by permutation matrices of degree n (l2.l6b) defining the action of the permutation n on the standard basis of R n x I by means of permuting the indices j of the basis vectors ej (l ~ j ~ n). We note that r ~ is proper. The sum of two permutation representations corresponds to the sum of the permutation matrix representations. If the two permutation representations ~I' ~2 of G of degree n are equivalent, then the corresponding permutation matrix representations r~I' r~2 are also equivalent. The converse need not happen (see exercise 1). For any matrix representation (l2.6a) of the R-ring A of finite degree f over the unital commutative ring R and for any unital overring R' of R we obtain the matrix representation 1R' ® R~ of R' ® RA of degree f over R':

lR'

®R~(JI x j® Yj) = JI Xj~(y;)

(SEZ>o; xjER', YjEA; 1

~ i ~ s). (12.l7a)

If M is a matrix representation module of A, then R' ® R M is a matrix representation module of 1R'®RA. On the other hand, if (12.l7b) is a matrix representation of R' ® RA of degree f over R', then, of course, its restriction to 1R' ® RA defines the R-homomorphism (12.l7c) of A into R'!x!, and any such R-homomorphism ~ determines uniquely a matrix representation (l2.l7d) of R' ® R A of degree f over R' in accordance with (12.l7a). By abuse of language we frequently speak of ~ as a matrix representation of A of degree

170

The group of an equation

lover R', even though it may be impossible to make II equivalent to a matrix representation of degree lover R (see exercise 2). The equivalence of two matrix representations llj:A-+Rfxf (i= 1,2)

(12.1Sa)

of the R-ring A of degree lover A is tantamount to the existence of a unimodular matrix X of Rf x f satisfying the equation

ll2(X) = X - IIII (x)X

(xEA),

which is equivalent to (l2.1Sb) Dropping the unimodularity condition we realize that (12.1Sb) amounts to a system of linear homogeneous equations for the entries of the matrix X. For any two matrix representations llj:A-+R!;X fi (i= 1,2) (12.1Sc) of A of degree Ij over R the rectangular matrices X ERft x h satisfying (12.ISb) form an R-module C(lll,ll2) of Rftxh which is said to be the connecting R-module of lll' ll2' The two matrix representations (l2.IBc) are equivalent precisely if 11=12 and the connecting R-module C(lll, ll2) contains a unimodular matrix. The connecting R-module C(ll, ll) of the matrix representation (12.5) is an R-ring which is said to be the centralizer of ll. It contains If as unit element. For any two matrix representations (12.1Bc) we have C(lll, lll)C(lll, ll2) = C(lll, ll2) = C(lll, ll2)C(ll2, ll2),

(12.lSd)

and we note that

C(X II lllX I' X 21 ll2X 2) = X IIC(lll' ll2)X 2 (XjEGL(fj, R); i = 1,2). (12.IBe)

If R is a field then we have C(lR'®RllI' lR'®Rll2) = R'C(lll, ll2) ~ R'®RC(llh ll2)

(12.1Sf)

for any extension R' of R. In that case C(lll' ll2) has an R-basis X h " " X k (k = k(C([\I, [\2))) of at most Id2 elements. Let us now suppose II = 12' Then we form the polynomial

P(tl' t2'"'' t k ) = det(tl tjX j)ER[t l, ... , td·

(l 2.1 Sg)

If it is zero, then the two representations

(12.1Sh) are not equivalent for any extension R' of R because of (12.1Sf). On the other

Normal bases

171

hand, for P#O the representations (12.18h) can be equivalent in some extension of R, for example in R(t I ' t 2 , . .• , tk)' As a matter of fact we have Theorem (Deuring-Noether). If lR' ® RAI AI ~ 1'\2'

~

(12.19) lR' ® RA2 for some extension R' of R, then

A proof will be given later on for arbitrary fields R and extensions R'. In the case of R being an infinite field (12.19) is a consequence of Lemma

(12.20)

For any non-zero polynomial P(t I " " , tk) in k variables t I"'" tk over an infinite field R there is a non-zero specialization. Proof By induction on k. For k = I we choose I + deg(P) distinct elements ~o, ~ I' •.• , ~deg(p) of R. Then clearly P(~;) # 0 for some index i (0 ::.;; i ::.;; deg (P)) since P has at most deg(P) zeros. For k> 1 we thus obtain a specialization tk~ AkER such that P(t l , •.. , t k- I , Ak) is not zero. Then we apply the induction 0 hypothesis. If R is finite and we take theorem (12.19) for granted, then we know that (12.18g) is not zero and that there is at least one non-zero specialization in R, hence we can simply operate by trial and error to actually find a nonsingular matrix transforming 1'\ I into A2 over R. 5. Construction of normal bases Given a normal extension E with automorphism group G over the field of reference F we have seen already in section 6 that the tensor product ring A = E®FE of an extension E of F isomorphic to E over F acts as representation space for the regular representation of G inasmuch as the primitive idem po tents of A form an E-basis of A with regular permutation action r of the group G= lE®FG # G. On the other hand, of course E itself is a representation space of G of degree n = IG lover F for some matrix representation A: G -. F n x n. Also A can be interpreted as a matrix representation of Gover E with A as representation space. The two are known to be equivalent over if. Hence they are equivalent over F. It follows that there is a normal basis B = {g(X)lgEG} of E over F which can be found upon suitable specialization of the generic solution of a system of linear homogeneous equations. For every subgroup S of G we obtain the left coset decomposition (G:S)

G=

U Sgi, i= I

(12.21a)

172

The group of an equation

corresponding to the fix elements

0iS:=

L Sgi(X)

seS

(1 ~ i ~ (G:S)),

(12.21b)

of S which are said to be the Gauss periods of B with respect to S. All fix elements of S form an intermediate field ES with (12.21b) as F-basis: (G:S)

E S = {YEEI'v'gES:g(y) = y}

=

L FO iS '

(l2.21c)

i= I

Indeed, the O/s are linearly independent over F since they are non-overlapping F-linear combinations of B. Their number equals

(G:S) = dimf' ES •

(12.2Id)

Each of the Gauss periods generates ES over F since there holds a right coset decomposition (G:S)

G=

U giS.

(12.21e)

i= I

The G-conjugates

gjOiS

(I

~j ~

(G:S))

(l2.2lf)

are F-Iinearly independent because they are non-overlapping F-linear combinations of B, hence they are distinct. Thus the Gauss periods turn out to be primitive elements of E S over F. They are G-conjugates if and only if S is a normal subgroup of G. This occurs for example for the normal basis of the pth cyclotomic extension

Ep:= iQ((p), of 10, which is generated by x

(:-1

= (p

+ ... + (p + 1 = 0

(l2.22a)

and consists of

(p,(;, ... ,(:-I.

(12.22b)

This was the normal basis which Gauss studied in the Disquisitiones Arithmeticae. We observe that as a rule the S-conjugates of x form a normal basis of E over ES • In case of the prime factorization P - 1 = PIP2· ... ·Ps (PI' P2'"'' p. prime numbers) we construct Ep via the sequence of cyclic extensions 10 = '1'0 C '1'1 c .. · c '1'., = Ep, with 'l'i = 'l'i-I(Oi) of prime degree Pi over 'l'i-I' Here OJ = LgeG,g(x) with G = Go = (go) and go((p) = (:' (J a primitive root modulo p, Gj := (g\f-I)/(P,· ... ·PJ) (l ~j ~ s), G = Go::l G I ::l ... ::l Gs = 1. A sequence of quadratic extensions suffices to construct Ep, if and only if P is a prime number of the form p = 1 + 2'. Such prime numbers are called Fermat prime numbers. If the exponent s is divisible by an odd prime number

173

Normal bases

q, then (I + 2s/Q)I(1 + 2 hence a Fermat prime number must be of the form p = 1 + 22'. For t = 0, 1,2,3,4 we indeed obtain the Fermat prime numbers 3, 5, 17, 257, 65 537 which are the only ones known so far. We note, for example, that 64tl(1 + 2 2'). C. F. Gauss answered the question which cyclotomic construction tasks can be solved by ruler and compass by the statement that the nth primitive unit root can be constructed as a point of the Gaussian plane with 0 as origin and 1 t= 0 as second reference point if and only if n is a product of a power of 2 and a number of distinct Fermat primes. He anticipated Galois theory in a special setting by about 30 years. S

),

6. The theorem of the primitive element We have seen already that every finite separable extension E of a field of reference F can be generated by a primitive element. However, in order to find a primitive element generating E over F we must embed E into a minimal splitting field 'I' of E over F, we must construct a normal basis of 'I' over F, and we must form a period with respect to Aut ('1'/ E). A more direct way is given by the folIowing theorem.

Theorem (12.23) (J. Sonn and H. Zassenhaus). Let E be an extension ofthe field F withfinite basis B. Then E contains a primitive element over F if and only if at least one of tlte 21BI - 1 non-empty sums over distinct basis elements generates EaveI' F.

Proof If the characteristic of F is a prime number p and if there are two elements x, y of E for which xP,yPE'I':= Sep(F, E):= {zEElz separable over ['I'(x, y):'I'] = p2,

F},}

(12.24)

then it is impossible to find any single generator ~ of E over 1/1. Otherwise there is a natural number Jl for which ~"E'I',

hence ~p

~"-I¢'I',

,..- I

p-

I

cannot be contained both in 'I'(x), 'I'(y). Assume ~p ¢'I'(x), hence 'I'(x,~)~'I'(x)®'I''I'(~), x¢'I'(~), 'I'(~)cE, a contradiction. On the other hand, if there are no two elements x, y of E satisfying (12.24) and if 'I' c E, then there is a maximal natural number Jl such that Er 1 st'l', EP" s '1', hence there is an element ~ of E for which ~PE'I',

~p-l¢'I',

"-I

E o ='I'cE 1 ='I'W

[Ej:E j-

1]

=

p (I

)c"'CE,,_lCE,,=E,,_I(e),

~ i ~ Jl).

Let t/ be an element of E not contained in E,.. There is a natural number

174

The group of an equation v

V ~ jI.

v-I

;'1'. Hence there is a natural number A ~ v for which I}p A - t =:(;E", (PEE w By assumption (P;Eo = '1'. Hence, (PEE j , (P;Ej_ 1 for some number i ~ jI., and we have (p d 'E'I', (P;;EI' a contradiction. It follows that E" = E = 'I'(~). 0 Because of E = (P - n E) ® F 'I' it follows that there is an element I} of for which I}P E'I', I}P

00

P

-00

nE for which F(I})

=P

J,I-I

JI.

-00

nE, I}P EF, I}P

;F. We embed E into a

minimal splitting field M of E over F. The fixed subfield of Aut (M / F) is

P - n E. Any element ( of E which is not a primitive element of E over F 00

either is contained in the subfield Sep (F(I}r '), E) = F(I}r ') ® F 'I' of degree p" - 1 ['I': F] over F or in one of the [E: '1'] - 1 subfields (12.25a) where [E:'I']

Aut(M/F)=

U gjAut(M/E)

j=

(gl

= I).

1

We note that 'I' '= E j C E so that [Ej:F] ~ HE:F]

(1 < i ~ [E:'I'])

(12.25b)

according to the degree theorem. If E is separable over F, then we again embed E into a minimal splitting field M of E over F. The fixed subfield of Aut (M/F) is F. Any element ( of E which is not a primitive element of E over F is contained in one of the [E:F] - 1 subfields E j := {xEElx = gj(x)}

(I < i ~ [E:F])

where [E:F]

Aut (M/F) =

U gjAut(M/E)

j=

(gl = I).

1

We note that [Ej:F] ~ HE:F]

(I < i ~ [E:F])

(l2.25c)

according to the degree theorem. To conclude the proof we need the following combinatorial lemma.

Lemma (12.26) Let E be a linear space over the field F with a basis B. Any set {B I> B 2, ... , B,} of finitely many disjoint finite subsets B j ,= B (I ~ i ~ s) generates the shypercube formed by the 2' sums L.beBe(b)b subject to the conditions

e(b) = 0 for b;BI VB2V .. ·vB" e(b)E{O, I} for bEBI v B2 v .. · vB" e(b) = e(b') for b,b'EB j (1 ~i~s).

It spans an F-linear subspace X with the s basis elements LbEB,b (l

~j~

s)

Normal bases

175

such that the s-hypercube is characterized as the set of all sums over distinct elements of B contained in X. This is the s-hypercube situation. If the characteristic of F is 2 then we also allow all invertible linear transformations of B over !F2' Then any F-linear subspace X of E offinite F-dimension s contains at most 2' sums over distinct elements of B. Equality is attained only in the s-hypercube situation. Proof of (12.26) Let X be an F-linear subspace of E of finite dimension s over F and with the property that there is a set S of 2' sums over distinct elements of B contained in X, but the s-hypercube situation does not hold. Let B' be the subset of B formed by the elements of B occurring in one of the 2' sums. Assume that the number of elements of B' is as small as possible. We want to produce a contradiction. Without loss of generality we assume that B, B' are finite. We obtain an equivalence relation on B by defining b to be equivalent to b' if and only if either both b, b' or neither occur in anyone of the 2' sums of S. Upon transition from B to the set B' formed by the sums over each equivalence class we find another counterexample. Due to the minimal property of B it follows that each equivalence class consists of a single element of B. If an element b of B belongs to X then upon transition from B to B\ {b}, E to Y:= tb'EB\!b} Fb', X to X nY, and S to the subset of the sums in which b does not occur we find another counterexample with a lesser number of basis elements contrary to the minimal property of B. Hence no element of B belongs to X. Let bEB, Y:=I.b'EB\!b}Fb', dimF(YnX)=s-l. If Sn(Xn Y) consists of 2'- 1 or more elements, then it follows from the minimal property of B that we are in the (s - I)-hypercube situation, hence B\{b} s:: X nY, X = E, a contradiction. It follows that S n(X n Y) consists of less than 2,-1 elements, each of the form Lb'EB\!blcx(b')b' (CX(b')E{O, l}) and S\(Sn(X n Y) consists of more than 2,-1 elements of the form b + Lb'EB\{b}P(b')b' (P(b')E{O, I}) where never cx(b') = P(b') for all b'EB\{b}. Hence, dimF(Fb + X) = s + 1, Fb + X contains S as well as the 2' new sums b + Lb'EB\{b} cx(b')b', Lb'EB\{b}P(b')b'. Because of the maximal property of s we are now in the (s + I)-hypercube situation. This means that B s:: Fb + X, E = Fb + X, dim F E = s + 1. Hence S contains all sums b+b' (b'EB\{b}) yielding X = I.b'EB\{b}F(b + b'). If F is of characteristic 2, then X itself is in the s-hypercube situation after suitable invertible linear transformations of B over !F 2 , a contradiction. Hence the characteristic of F is not 2. For s = 1 we are in the s-hypercube situation. Let finally s > 1. Replacing b by another element b" of B we find that also X = I.b'EB\!b,,}F(b" + b'), which is impossible. 0 We apply lemma (12.26) to conclude the proof of (12.23). If E is separable of dimension n over F, then we have to avoid at most 1 + (n - 1)2"/2 < 2"

176

The group of an equation

sums of distinct members of B as a consequence of (12.26). If E is not separable of dimension tip" (j1EZ>o) over F, then we have to avoid at most 1+ (n - 1)2 np"/2 + 2np"-1 < 2np" sums of distinct members of B. In either case this can be done. In fact, the chances are the better the larger n, p,

j1

are.

o Exercises I. Let R be a unital commutative ring with 2E U(R). Show that the sum of the three non-equivalent permutation representations of degree 2 of Klein's Four Group is equivalent via matrix representation to the sum of the regular permutation representation and two permutation representations of degree I. 2. Show that the cyclic group of order 4 has no faithful representation of degree lover Q though there is one over Q( - l)t. 3. For any two unital commutative overrings R t , R2 of the unital ring R and for any semigroup G we have (R t ®RR 2 )G = R I G®RR 2 G. 4. Let A be known to be an algebraic sum of finitely many separable finite extensions of the field F with F-basis b l , ... , b•. Show that at least one of the 2· sums x = L7~ I ejb j (e j = 1 or 0) is a primitive element of A over F so that 1, x, ... , x·- I form another,F-basis of A. Estimate the likelihood of hitting a primitive element by 'random' choice. 5. Does (12.23) hold generally for unital commutative F-algebras A of finite dimension over F?

3 Methods from the geometry of numbers

3.1. Introduction The geometry of numbers was introduced by H. Minkowski who 'got the methods which provided arithmetical theorems by spacious perception'. This was about 1900 and since then the geometry of numbers has become an independent discipline of mathematics. We, of course, are mainly interested in those results which can be applied to problems of computational number theory. They will be outlined in the following three sections. In section 2 we consider modules over principal entire rings with regard to a subsequent specialization to lattices in Euclidean n-space. Especially, in connection with the study of the bases of a module and the bases of its submodules we derive the Hermite and Smith normal form of matrices. In section 3 our considerations are confined to lattices. The search for special lattice bases consisting of vectors of small length leads to the concept of reduction. We present several reduction methods such as Minkowski-reduction, a total-ordering-reduction and a new reduction algorithm of Lenstra, Lenstra and Lovasz [10] and also some applications. Closely connected with reduction theory are the successive minima of a lattice, also studied in section 3. Finally, section 4 contains Minkowski's famous Convex Body Theorem and some of its consequences for algebraic number theory.

3.2. Free modules over principal entire rings In the sequel we consider free unital modules M over principal entire rings

R which are finitely generated, i.e. M = EB/,= I b;R for suitable elements nEN, bl, ... ,bnEM. Those elements bl, ... ,bn are then called (R-)basis of M,n the (R-)rank of M.

Methods from the geometry of numbers

178

Lemma

(2.t)

rr bl,· .. ,bll and sat;~ry;ng

(b

"

are bases of M, then there is a matrix UEGL(n,R) (c l , ... , clI)U.

C"""C II

... , bll) =

Proof According to assumption there are U, VER" subject to (bl, ... ,bll )= (c I"'" ell) U, (c I" .• , cll ) = (b I" .. , bll) V and the uniqueness of the presentation of elements by a basis yields U V = III' III the n x n unit matrix. 0 In order to discuss the connections between the bases of a module and its submodules we need a few tools from matrix theory which are implicitly presented in most algebra courses but which may not be familiar to the reader. However, from a constructive point of view these tools are of considerable value. We recall that matrix multiplication from the right (left) yields an operation on the columns (rows) of the matrix. Especially we are interested in multiplications by so-called elementary matrices of Rnxn. For an easy description we introduce the following matrix types (I ~ i, j ~ n). X

"

Eij contains exactly one entry I in column j and row i, otherwise zeros; hence n

In

=LE

(2.2a)

jj ;

I

j=

II

Sij:=

L

Ekk + Eij + E jj

(i

i= j);

(2.2b)

k=1

k,/,j.j

(2.2c) II

diag(a" ... ,a,.):=

L

ajE jj

(ajER, I ~j~lI);

(2.2d)

i= 1

(2.2e) Multiplication of a matrix AER" X " from the right (left) by Sij interchanges the columns (rows) i and j. Multiplication of a matrix A from the right (left) by Tjj(a) adds a-times column i (row j) to column j (row i). Moreover, the inverse matrices of Sjj, Tij(a), D j are easily seen to be

(2.3) We use these matrices to transform any matrix A ER'" x II into a suitable normal form. To do this we need two preparatory lemmata.

Lemma (2.4) Let a I " " , an be elements of the principal entire ring R. Then R" X" contains a matrix A = (aij) subject to alj = a j (l ~ j ~ n) and det(A) = gcd(a ... , an). " Proof By induction on

11.

The case n = I is trivial. We therefore assume the existence

179

Free modules over principal entire rings

I)xllll) satisfying a 1j = aj (1 ~) ~ n - 1) and d,,-l:= det (A) = gcd(a1, ... ,an- 1). For d,,:=gcd(d,,_I,a n) there exist u,vER subject to dn = udn - I + va". We set

of A = (aij)ER 11I

°

aij = aij (1 ~ i,) ~ n - 1), a ln = an> ajn = an" = Un> anj = - (a)dn_l)v (1~) ~ n - 1). Then det (A)

=

(2 ~ i ~ n - 1),

d" is obtained upon expansion according to the last column.

o Example Let R = 7L and a l = 30, a2 = 42, a 3 = 70, a4 = 105. By calculating d l = 30,

d 2 =6=3'30+(-2) 42, d3 =2=12'6+(-I) 70,

d4 = I = 53-2 + ( - 1) 105 we get 30 42 ( 2 3 A= 5 7

70

105)

12

0'

15

35

21

° ° 53

We note that the actual computation of A requires the calculation of a presentation of d = gcd (a, b) by a and b and is therefore practicable in Euclidean rings only.

Lemma

(2.5) a" be elements of the principal entire ring Rand dn:= gcd (a l , ... , an).

Let a I"'" Then there exists UEGL(n,R) satisfying (al, ... ,an) U =(dn,O, ... ,O). Proof

Let A = (aij)E R nx n as in (2.4). The matrix A = (aij) given by ii jj:= aij (2 ~ i ~ n) and ii l /= al)d n (I~) ~ n) is clearly in GL(n, R) and satisfies (dn,O, ... ,O) A=(I,Q, ... ,O) A=(al, ... ,an),hence U:=A- 1 doesthejoh. 0 The last lemma yields a first normal form for matrices over a principal entire ring R.

Theorem (2.6) Let R be a principal entire ring and 9l a full system of representatives of RjU(R). For every matrix A = (aij)ER xn there exists a matrix U EGL(n, R) such that H(A) = (h jj):= A U is a lower triangular matrix the entries of which satisfy hjjE 9l (l ~ i ~ min (m, n» and in case hjj # the entries hij with) < i are uniquely determined modulo hjj • H(A) is called Hermite normal form of A, respective/y, (Hermite-)column-reduced. If H(A') is column-reduced. then A itself is said to be (Hermite-)row-reduced. III

°

Methods from the geometry of numbers

180

Proof By induction on n. For n = 1 let dE~H be associated to all' i.e. there exists eE U(R) subject to d = all e. In that case U = (e)EGL(l, R) satisfies AU = H(A). Now let n > 1 and the theorem be true for matrices over R with less than n columns. For d:= gcd (all"'" alII) let dE91 be associate to d. According to (2.5) there is a matrix U E GL(n, R) such that the matrix A = (aij):= AU e for e = d/d has entries all = d, alj = 0 (j> I). In case m = 1 we are done. For m> 1 we apply the induction hypothesis to the matrix B=(bij)ER(m,)x(II-') with entries bij = aj+ I,j+ I' There is V = (Vjj)EGL(n - 1, R) such that H(B) = BV. We choose V = (vij)EGL(n, R) via VII = 1, Vlj = 0 = Vii' vij = vij (i > 1, j > 1), and obtain H(A) = AUeV. 0 Especially, for R = Z we choose 91 = Z;;,O and hijE{O, 1, ... ,h ii - I} for hii =I O. As we already mentioned the Euclidean algorithm allows the practical computation of H(A) in that case.

Algorithm for the computation of Hermite normal form

(2.7)

Input. AEZ mxlI Output. HEr'XII, UEGL(n,Z) such that AU=H and

H is in Hermite normal form. Step I. (Initialization). Set H ..... A, U ..... I,,, r ..... min (m, n), i ..... 1. Step 2. (Determination of smalles~ element in row i). Let Sj:= {hijJj? i, hij of. O}. For Sj = 0 go to 6; else compute kE {i, ... , n} minimal with Ihjkl = min {lhijllhijESJ In case k = i go to 4, else to 3. Step 3. (Change of columns i and k). Set U ..... US jk , H ..... HS jk . Step 4. (Reduction of elements hij modulo hii for j > i). Set H ..... HTij(-{hij/h ii }), U ..... UTjj(-{hij/h ii }) for j=i+ 1, ... ,n. If hij = 0 (j = i + 1, ... ,n) go to 5, else to 2. Step 5. (Reduction of elements hij modulo h ii for j < i). For hjj < 0 set H ..... HDj, U ..... UD j. Then set H ..... HTij(-Lhjj/hiiJ), U ..... UTij( - LhulhiiJ) for j = 1, ... , i-I. Step 6. (Increase i). For i = r terminate,· else set i ..... i + 1. For i = r go to 5, else to 2.

If we also need U - I, we can compute it analogously to U. We start from U - 1 = In in step 1 and each time when we multiply U by an elementary matrix from the right we multiply U the left.

1

by the inverse of that matrix from

Example

We compute the Hermite normal form of M =

(1~ 2~ ~~) 31

36 40

index step

elementary matrices for

elementary matrices for H,V

(,; 31

V-I

V

H

'0)

7 20 25 36 40

V-I

13

13

~'

4

T1.2( - 2), T1,3( - 3)

(,; 31

3

S1.2

(-,~

-26

1 -10 -26

-2~)

- 53

-2

G

I

0

-n

'"3 T u (2), T!,3(3)

2

U

I

0

f)

0

Q.

c:

<> or.

.,c ~

-g 3' (')

3 15 31

-2~ )

- 53

00'

I

(-! -f)

SI,2

~

(! :) 2 0

0 0

'"~

~.

...

:;' OQ

4

3

2

T I ,2( - 3) T1,3( - I)

(-,~ -26

0 45 109

S2,3

(-,~ -26

0 -10

-27

-,~) -27

0)

45 109

n

7 -3 0

(-!

-I -I

-I) -I I

-D

'" TI ,z(3) TI ,3(1)

S2,3

n I:) 7 2 0

(~ 'I) 7 0 2

00

4

2

T2 ,3(4)

(-1~ ° 0) (-2° -1 3) -26

3

2

S2,3

-10

5

-TI

1

1 -1

-7

4

-I~ ° -100) (-26

(-2 3-1)

(-101 ° °0)

(-2 3 5)

5

- 27

T2 ,3( - 4)

1

°

-7 4

S2,3

-I 1

H

7 10) -8 -11

c!

2

3

7

10)3

2 -8

-11

00 N

s:

"os:Co

4

2

T2 ,3(2)

5

- 26

5

5

2

3

T2 ,1(2)

D3, T3,1(1)

- 25

(- 24°1 °5 - 25°0)

(°1 °5 °0) 1

25

1 -7

'"

T 2 ,3( - 2)

- 15

049

t- 4 13

8

(-!

18

- 8

-11

o

3

s:-

"d:o" 3

~ '<

...

3 5) - 7 - 15 4

4

T2 ,1(-2)

9

(- 12 -73 -5) 15 - 1

10) 25

7

::;"

- 9

U

4

-8

D3, T 3 ,1( -1)

3 (3

1

7

4

10)5

7

-11

10) 5 1

£, ::I t:

3

0-

"Ol

183

Free modules over principal entire rings

Hence, we obtain the Hermite normal form of M as H=

-S) (~I ~ 2S~) (I~31 2~36 40~~) (-- ~I -4~ -9

IS =MV.

=

Remark From the Hermite normal form H of a square matrix M the absolute value of its determinant is easily computed as the product of the diagonal elements of H. The sign of the determinant is (- I)h, where h denotes the number of multiplications by matrices Sij' D j in the course of the computation of H. This follows at once from the properties of the determinant, since obviously det Tij = I, det Sij = - 1, det D j = - 1. In the example we have h = 4, hence det M = 12S. Even though Algorithm (2.9) seems to be quite easy a few comments should be made. While the method works well if m, n and the absolute values of the entries of M are small, the growth of the numbers in the course of the computations can be tremendous. Several authors developed strategies to avoid this etTect (see, for example, [4]). Upper bounds for the size of the intermediate entries which are polynomial in the input data were obtained for a special elimination scheme by [S]. However, these bounds are huge and by no means realistic so that their computational value is rather limited. If working with higher dimensions or with larger initial entries of M it will therefore always be necessary to have a multiple precision arithmetic package available. If there is none supplied by the local computer center one can easily write one in FORTRAN following Knuth's book [7] but using only half of each computer word for storing information. In this way arithmetic with the supplied hardware instructions is still possible but - of course - slow. Because of the slowness and the extensive use of storage one should not compute the unimodular transformation matrix V in the course of calculating H(M) when multiple precision arithmetic is used. In later applications (see chapter S (4.10)) we at most need V-I and that can be easily calculated once we know H(M). Namely, from M = H(M)V - I we obtain the following system of linear equations i

mik

=

L hjijk

(I:::; i,k:::; n)

j=1

for the entries ujk of V -1 which can be solved recursively. For i = 1 we obtain ulk = mlkhi/ (1 ~ k :::; n). Once we already know U'k (1 :::; I :::; i, 1 :::; k :::; n) we easily calculate

ui+ l.k =

(mi + l.k -

.f hi

)=1

+

I,jU j.k)hi-/1.i + 1 (1:::; k

~ n).

Methods from the geometry of numbers

184

We note that for regular matrices MER" X " only intermediate entries can grow large since the (non-negative) entries of H(M) are obviously bounded by Idet(M)I. Hence, in that case H(M) can be calculated 'modulo N' (N = Idet (M)I or N the largest elementary divisor of M) by computing H(M: diag(N, ... , N)) and deleting the last n columns containing zeros. This is of importance in chapter 6. So far we only applied column operations to the given matrix MEZ"'xII. If we also admit row operations it is quite obvious that we can transform M into a diagonal matrix: Theorem

(2.8)

Let R be a principal entire ring and AER'" XII of rank r. There exist U EGL(n, R) and VEGL(m,R) such that S(A) = (Sj):= VAU is in Smith normal form (elementary divisor normal form), i.e. sij = 0 for i i= j and i = j > r as well as sllls22I·· ·Is". The diagonal elements of S(A) are uniquely determined modulo U(R) (elementary divisors). Proof By induction on n. For n= I we obtain S(A)=(Sl1'O, ... ,O)' with Sl1 = gcd (a l1 , a 21 , ... , ami) upon application of (2.5) to A'. The case n> 1, m = 1 was already treated in (2.5). Now let nand m both be greater than one. Similarly to the proof of (2.6) we apply (2.5) to the first row of A to obtain A(I) = (aij(l)) with a1j(I) = 0 for j> 1. Application of (2.5) to A(I)' yields A(1)=(a jp») with a i1 (I)=O for i> 1. Clearly, a l1 =gcd(al1,aI2, ... ,aln), a l1 (1) = gcd (a l1 , a21"'" ami)' If alP) = 0 for j > 1 we can apply our induction hypothesis. Otherwise we repeat that procedure to obtain A (2), A(3I, ... which must finally provide a1j(v) = 0 for j > I and some vEN since the number of prime elements dividing a 11 (v) strictly decreases if v increases in case there is an element alP) (j> 1) which is not divisible by all(v). Therefore we obtain EGL(n, R), VEGL(m, R) such that (a j ) = A:= VA 0 is a diagonal matrix. Next we obtain the divisibility condition. Let us assume that there are indices 1 :::; i <j:::; min (m, n) such that ad ajj. (This includes the case aii = 0 i= a jj , however we stipulate 010.) Let c = gcd (a ii , aj) and u, VER

o

subject to c = Ua jj + Vajj' Then we compute

Vj,j= Tj{ -ciljj )SijTjj(U)EGL(m,Z),

a

A= Vj.jAUj,j for Uj,j= Tjj(v)Tij ( _

a:~ )D j.

The new entries aij then satisfy jj = c, ajj = (ajdc)ajj, all other entries remain unchanged. A repeated application yields sl1lsd .. ·lsrr, Sjj=O for j>r as required. It remains to prove that the Smith normal form S is uniquely determined by the matrix A. For this purpose let d j = dj(A) denote the greatest common divisor of all minors of A of order i. Obviously, dj_,ldj (2:::; i:::; r) because of Laplace's theorem. For UEGL(n,Z) we obtain dj(A)ldj(AU), since the columns of A U are linear combinations of the columns of A and

185

Free modules over principal entire rings

therefore each minor of AU is a sum of minors of A. This yields dj(A) ::( dj(A U) ::( dj(A U U - I) = di(A). Similarly we see dj(A) = dj( V A) for VEGL(m,~). Hence, di(S)=dlA)=n~=ISjj (1::( i::(r), if S=S(A) is the Smith normal form of A. Therefore also the elementary divisors Sjj = dJd i - 1 (1 ::( i ::( 1', do := 1) are uniquely determined by A. D

Example We continue the example from above. Without the transformations for U, U - I (see exercise 2) we obtain

(Io 0 0) I

(I

5 0 -'---. 0 0 1 25 0.2)

------>

I

------>

0 5 0

:)~(~ 2!J

25

0

0 0

0 1 25

~)~(~ o

0 0

0 1 0

25 ~ 0 125 0

(5,3)

0)

0

0 5 0

0 1 25

12~J

(I ° o0) . 1 0

125

The numbers in brackets refer to the number of the step and the index i of Algorithm (2.7), respectively; t means transition to the transposed matrix. The elementary divisors of Mare 1, 1, 125. We apply the preceding results to obtain several useful relations between the bases of a module and its submodules. Lemma

(2.9)

Let N £: M be free modules over a principal entire ring R of rank n, m, respectively. (i) For each basis a I' ... , am of M there exists a basis b I' ... , bll of N such

that (b l , ... ,bll) = (a l , ... ,am)A, where A = (aij)ER IIIXII is an upper triangular matrix and the entries ajj (j > i) are uniquely determined modulo ajj' Incase n = m the matrix A is regular, i.e. det (A) -# O. (ii) For each basis bl>'''' bn of N there exists a basis a l , ... , am of M such that (b I' ... , bn) = (a I' ... , am)A, where A = (aij)E Rill x II is an upper triangular matrix and the entries aij (i <j) are uniquely determined modulo ajj' (iii) There are bases a I' ... , am of M and b I" .. , bll of N such that bi = eja j (1 ::( i ::( m) and ejIej + 1 (0 ::( i ::( n, eo = 1). The elements ejE R are unique/ y determined by M, N. Proof (i) Let c l , ... , Cn be an arbitrary basis of N. There exists BE Rill XII satisfying (c1, ... ,Cn)=(al, ... ,am)B. Let UEGL(n,R) subject to BU=H(B). We set

186

Methods from the geometry of numbers

(bl,···,bn)=(al,···,an)BU

n

Si.n+l-i·

t ~i~n/2

Since 1 ® b i (l ~ i ~ n) as well as 1 ® ai (l ~ i ~ n) are linearly independent in ,Q(R) ® RM we obtain det (A) # for m = n.

°

(ii) Let cl' ... 'c", be an arbitrary basis of M and AERmxlI subject to (b l ,···, bn) = (c l ,.··, cm)A. Let V EGL(m, R) such that Hr(A):= V A is Hermiterow-reduced. Then (c I, ... , cm) V - I does the job. (iii) This is an immediate consequence of (2.8). 0 Lemma (2.10) Let M be a free module with basis b I ' ... ,bn over the principal entire ring R. Let i be a fixed index (1 ~ i ~ n) and Ci := I:.j= I yjbjEM. Then bl> ... , bi - I , Ci can be extended to an R-basis of M if and only if gcd(Yi' ... ,y) = l.

Proof gcd(yi,···,y n) = 1 ~3UEGL(n+ l-i,R): (yi, ... ,yn)U=(l,O, ... ,O) (2.5)

YI Ii-I: : : Yi-I

°

basis of M.

°

o

Exercises 1. Write an algorithm to compute the Smith normal form S(A) of a matrix AEZmxn. 2. Compute U, VEGL(3,Z) such that

V(I~ 2~ 4~)~~l U (~~ ~l. =

31

36

0 0 12;)

3. Develop a strategy for step 5 of Algorithm (2.7) which keeps the occurring entries as small as possible.

3.3. Lattices and basis reduction To introduce geometric tools we consider Z-modules in the n-dimensional Euclidean space IRn. Their elements are written as column vectors x = (x I' ... , x n )', and e I' ... ,en denote the canonical basis, i.e. the coordinates eij

Lattices and basis reduction

187

of e i satisfy e ij = Jij (1 ~ i,j ~ n). The familiar scalar product ~"

x

~II-+~;>O: (X,Y)I-+X'Y

(3.1)

provides the norm (length) of a vector XE~" via

II x 11:= (X'X)t.

(3.2)

The connection to arithmetics is then obtained by considering vectors with integral coordinates (relative to some basis).

Definition

(3.3) Afree ~-module A c ~"ofrank k:= dim R ~ C'i!JzA is called a lattice of dimension (rank) k. For a ~-basis a 1 , ... , a k of A the discriminant d(A) of A is defined by d(A) = Idet(a;'aj)I";.i,,kl t .

ffi;

We remark that Ao = {O} (the only O-dimensionallattice) and A k := 1 ~ej (1 ~ k ~ n) (with d(Ak) = 1) are trivial examples of lattices of ~". The discriminant of a lattice is also the (k-dimensional) volume of the fundamental

parallelotope

n(A):= {XE~"IX = it! xiai,O ~ Xi < 1, 1 ~ i ~ k}.

(3.4)

It is independent of the choice of basis because of (2.1).

Definition

(3.5)

A subset N of a lattice A is called a sublattice if N itself is a lattice of The (module-) index (A:N) is said to be the index of the lattice N in A. Lemma

~n.

(3.6)

If N is a sublattice of the lattice A of the same rank k, then (A:N) = d(N)/d(A). Proof By definition d(N)/d(A) is the absolute value of the determinant of the transition matrix A from a basis of A to a basis of N. If we choose bases as in (2.9) (i) we obtain d(N)/d(A) = n~; 1 ajj' On the other hand {L~; !miadmiE~, 0 ~ mj < a ij , 1 ~ i ~ k} is a full set of representatives of the 0 residue classes of A/N. Before we start to discuss how to choose special bases for a lattice which are of computational interest we shortly consider lattices from a different point of view. Namely, for each lattice A = EB~; 1 ~aj we have the corresponding scalar product matrix

(3.7)

188

Methods from the geometry of numbers

yielding the positive definite quadratic form (3.8) On the other hand, each positive definite matrix AElRkxk can be viewed as the scalar product matrix of the basis vectors a I " " , a k of some lattice A in IRn (n ~ k). Then we can carry out computations in that lattice without knowing the basis vectors explicitly as will be outlined below. For example, we could view A as the scalar product matrix of e l , ••. , ek in IRk thus dealing with a different scalar product than the standard one. But instead of considering different scalar products we prefer the viewpoint of considering different lattices. By Cholesky's method (compare (3.12)) we can decompose A into a product A = R'R

(RElRk xk an upper triangular matrix)

(3.9)

and then attach that k-dimensional lattice of IRk to A whose vectors are the columns of R. Probably the most important property of a lattice is its discreteness. This means that any bounded set of IR n contains at most finitely many lattice points, or - differently - that there is a positive constant fJ > 0 such that each pair of different lattice points x, y satisfies II x - y II ~ fJ. We present a constructive proof in form of an algorithm which allows us to compute all a of bounded norm ofa given lattice A. Namely, let A = EB~= (:la j c Wand A, Q be given as in (3.7), (3.8), also let C be a positive constant. We then need to determine all a E A subject to II a 112 ~ C and via the presentation a = L~ = (xja j this is tantamount to (3.10)

The set E:= {xElRkIQ(x) ~ C} is an ellipsoid, hence the solutions of (3. 10) are just the lattice points of an ellipsoid. We supplement Q to a sum of full squares: (3.11 )

Algorithm for quadratic supplement

Input. A = (aij)E IRk x k positive definite. Output. (qjj)ElRk x k an upper triangular matrix satisfying x'Ax = L~= lqjj(Xj + L~=j+ (qjjXJ2.

Step 1. (Initialization). Set qjj f - aij (1 ~ i ~j ~ k). Step 2. (Supplementing). For i = 1,2, ... , k - 1 set qjj f - qjj' qjj f - (qu!qiJ (i + 1 ~j ~ k) and then for each i and Jl = i + 1, ... , k: qp.v f - qp.v - qp.jqjv (Jl ~ v ~ k).

Step 3. (Update). Set qijf-O (1

~j

< i ~ k) and terminate.

189

Lattices and basis reduction

We note that this algorithm is similar to a Cholesky decomposition R' R of A. The entries rij of R can be easily obtained from the qij via

rii = (qiJ t ,

rij = riiqij

(I ~ i <j ~ k),

(3.12)

and vice versa, of course. The mode of operation of (3.11) and its notion 'quadratic supplement' is best explained by an example. Example

Let A

~

(3.13)

l: i} 2 1

Q(x) =

(qij) =

(:

1 2

* !

i)

2x/ + 2X1X2 + 2X1X3 +2x/ + 2X 2X3 + 2X32

!

1

2(xl + !X2 + !X3f + tx/ + X2 X3

2 3

(: * t) ! 2

+tx/

!

I

2(xl + !X 2 + tX3f

2 1

(1 i)

+ t(X 2 + t X3)2

2 2

1

+1 X32

From the output of (3.11) it is now clear how we will solve (3.10). Since x' Ax has been transformed into a sum of full squares, we obtain for each item

(i = k, k - 1, ... ,1).

Hence, for each

XkEZ

(3. 14a)

subject to

IXkl ~ (Tk/qkk)t

= (C/qkd t ,

(3.14b)

we determine all possibilities for x k _ I' And for fixed Xi + 1>' •• , XkE Z satisfying L~=i+ 1 qllll(x il + L'=I1+ 1 qlljXj)2 ~ Ti+1 we obtain all possibilities for Xi from

-(TJqiJt-Ui~Xi~(TJqiJt-Ui

(U i:=

± %Xj;k-l~i~l).

j=i+ 1

(3.14c) From this the following algorithm is immediate.

190

Methods from the geometry of numbers

Algorithm/or solving Q(x)

~

C

(3.15)

Input. The matrix (qij) from the output of (3.11) and C > O. Output. All xE7f.k, x #0, satisfying (3.10) and additionally each corresponding value Q(x). Step 1. (Initialization). Set i +- k, Ii +- C, Vi+- O. Step 2. (Bounds for Xi)' Set Z +-(TJqjj)!, VB(Xi)+-lZ - Vd, Xi +- r - Z - Vi 1 - 1. Step 3. (Increase xJ Set Xi +- Xi + 1; for Xi ~ V B(Xi) go to 5. Step 4. (Increase i). Set i +- i + 1 and go to 3. Step 5. (Decrease i). For i ='1 go to 6; else set i +- i-I, Vi +- L~=i+ 1 qijXj, Ti+-Ti + 1 -qi+l,i+l(X i + 1 + V i +d 2 and go to 2. Step 6. (Solution). For x = 0 terminate; else print x, - x and Q(x) = C - Tl + qll(X I + V 1)2, then go back to 3. Remarks

(3.16)

(i) Clearly, the algorithm produces at most finitely many solution vectors x. (ii) The non-vanishing coordinate of highest index of x is always negative. This can be stipulated because of Q(x) = Q( - x). (iii) The necessary computations usually employ floating point numbers (Step 2). Hence, in larger dimensions one must take care of round-off errors. An error analysis of algorithms (3.11), (3.15) is contained in [13]. (iv) Algorithm (3.15) can still be improved. If R'R is the Cholesky decomposition of A and r i denotes the ith column of (R - 1)' we obtain for the coordinates Xi of any solution x of (3.10) by the CauchySchwarz inequality:

Therefore we shall reduce the norms of rl"" ,rk by the LLLalgorithm discussed at the end of this section. This means to determine V, V-I E GL(k,71.) such that (r" ... ,rk ) Vi is reduced. Then A has to be replaced by (RV-I)'(RU) and the obtained solutions must be multiplied by V-I (see exercise 2). It is also recommendable to order the coordinates such that the bounds for Ix;! in terms of Ilr;!12 do increase. For details and a complexity analysis of the algorithms see [4]. We note, that (3.15) is appropriate for solving a few other tasks as well. Computation of'a vector of minimal length in a lattice. For that purpose we set C +- mini ";,,kajj (length of shortest basis vector) ar,d each time a shorter vector x is found C and all T j are decreased appropriately.

(3.17a)

191

Lattices and basis reduction

°< C

~ x'Ax ~ C. In that case the bounds for XI have to be changed suitably in (3.15). Unfortunately this has barely any effect on the running time.

Computation of all xE"l.k satisfying

Computation of all aEA subject to II y - a II ~ C for some fixed YEIR®zA.

(3.17b)

(3.17c)

This means to determine short lattice vectors in the residue class y + A. From the presentation y = = I Yiai (YiE IR, 1 ~ i ~ k) we obtain the inequalities (3.14a-c) for r,i:= Yi - Xi (1 ~ i ~ k) instead of Xi' This requires minor changes of(3.15), the algorithm will then especially terminate if i becomes larger than k in Step 4.

n

Numerous computed examples ([4], [13]) suggest that (3.15) is indeed very efficient. For larger dimensions k (say k> 10) it should be applied only in connection with LLL-reduction, however (compare (3.16)(iv)). In the sequel we consider the construction of special bases of lattices A. For the applications and for geometrical reasons (form of the fundamental parallelotope) we are interested in bases consisting of vectors of small norm. Ordering the vectors of IR" according to the size of their norm defines a partial ordering on IR":

a llall < Ilbll

(3.18a)

(a,bEIR").

This induces a partial ordering on the set 6,\ of all bases of a k-dimensional lattice A via

(b l ···bk )«a l ···ak ):3jE{1, ... ,k} 'v'iE{1, ... ,j-l}: Ilbdl= lIadl Abj
Definition (3.18c) A minimal element of 6,\ with respect to < is called a Minkowski reduced basis of A. Such a reduced basis is by no means unique. For example, for every 1tE6" (the symmetric group of n elements) en(I)"'" en (") is a reduced basis of "l.n in the sense of (3.18c). Moreover, the automorphism group of A need not even operate transitively on the set of Minkowski reduced bases. This is best illustrated by the hexagonal lattice in 3-dimensional space 1R3. Let

A="l.x+"l.y+"l.z for

x'=(l,O,O),

y'=(t, 3~2 ,0),

z'=(t,

3t ,~).

Then II x II = IIY II = II z II = 1 and x'y = x'z = y'z = t. The basis x, y, z of A is Minkowski reduced. Namely, we can easily compute all UEA with lIull ~ 1. For u = + r,y + (z we obtain (also compare (3.13))

ex

II u 112 = e2 + r,2 + (2 + er, +

e( + r,(

= (~+ h + t0 2 +i('1 + t()2 +i(2,

192

Methods from the geometry of numbers

from which all non-zero vectors u oflength ~ 1 are easily calculated by (3.15). There are 12 of them, all of length 1: ± x, ± y, ± z, ± (x - y), ± (x - z), ± (y - z). Hence, all bases of A consisting only of vectors of length 1 are Minkowski reduced. But whereas the scalar products of the basis vectors of (x, y, z) are all t, we obtain for the reduced basis (x, y - z, z) that x'(y - z) = 0, x'z = - (y - z)'z = t. Therefore both bases cannot be isomorphic. Uniqueness of reduction can be obtained by ordering vectors of equal norm lexicographically. For most applications this is not necessary. However, the theory becomes much easier if we stipulate a total ordering. Then (3.lSa)-(3.1Sc) have to be replaced by

a < r b:¢>lIa II < IIbll v (liall = IIbliA 3jE{I, ... ,n} Vi = 1, ... ,j - 1:aj = bj A aj > bj ) (a, bEIR"). (3. 19a) (The somewhat strange condition aj > bj implies that - e j is greater than e j (1 ~ i ~ n), i.e. the canonical basis of 7L" is totally reduced which we would naturally expect.)

(b l , ... , bk) < r(a l , ... , a k ):¢>3jE{I, ... , k} Vi = 1, ... ,j - 1: bj = aj A bj < raj. (3.l9b) A minimal element of 6

A

with respect to < r is called a totally

(3.19c)

reduced basis of A. Hence, totally reduced bases are uniquely determined and are of course Minkowski reduced. (We note that in the hexagonal lattice above the basis x, y, z is totally reduced.) However, their computation can be rather time consuming. Therefore in many cases we shall use LLL-reduction as a substitute. LLL-reduced bases can be easily calculated but don't have such nice properties as totally reduced bases. (Their basis vectors need not even be ordered with respect to the norm.) The concept of LLL-reduction is discussed at the end of this section. In the sequel we develop an algorithm for the computation of a totally reduced basis of a lattice A. It will be calculated inductively. Let b l , ••• , bk be the initial basis of A. We define r-dimensional sublattices via A,:= 7Lb l + ... + 7Lb, (1 ~ r ~ k). A totally reduced basis of Al is either b l or - b l . Hence, we can assume that we know a basis bl, ... ,bk of A such that b l , ... , b, is a totally reduced basis of A, for some r (1 ~ r < k). Then we need a criterion, whether b l , ... , b, + I also form a totally reduced basis for A, + I. If the above is not the case, there must be a vector cEA,+ I with the properties (3.20a)

193

Lattices and basis reduction

c is linearly independent of b l , ... , b"

(3.20b)

c can be supplemented to a basis of Ar+ I which is smaller than the basis b l , ... , br + I'

(3.20c)

Hence, lemma (2.10) suggests we consider the set

There are two possibilities: VXESr + 1 VjE{I, ... ,r+l}:gcd(~j""'~r+d=l=x=bjvbj
(3.22a)

In this case b l , ... , br + I is a totally reduced basis for Ar+ I according to lemma (2.10). The other possibility is 3XESr + 1 3jE{I, ... ,r+ I}: gcd(~j'''''~r+I)= 1 /\ X
(3.22b)

In this case (~j'"'' ~r+ I) can be made the first column of a matrix U EGL(r + 2 - j, "l.), and ~I Ij_1

(bl,,·br + l )

l ej-I

0

.... ······1···· .... ··········· I

o

U

is a basis of Ar + I which is smaller with respect to < T' Because of (3.16)(i) possibility (3.22b) can occur only a finite number of times. The problem will be solved if we show that we must consider only a finite subset of vectors of Sr+ I' Let Vr := !Rbi + ". + !Rbr ~ !R ®zA r and bp the orthogonal projection of br + I into V" b:+ I the corresponding orthogonal complement: (3.23) To obtain a presentation of b p , b:+ I we compute the orthogonal basis br, .. ·, bt of Vr belonging to b l , ... , bk by the usual Gram-Schmidt orthogonalization procedure: i-I bt:= bi

-

L J-lijbj

j= I

b·'b'!' for J-lij:= b;'b'!' J

(I ~j < i ~ k),

(3.24)

J

which provides (3.25) We note that this also yields a presentation of bp in terms of b l , ... , br (see exercise I). Since we are only interested in those vectors x of Sr+ 1 with x < Tbr + 1

194

Methods from the geometry of numbers

the equation IIXII 2 =II:t:

~jbr =IIJI ~jbi+~r+lbpI12 +~;+llIbi+tlI2

yields the following restriction for

(3.26)

~r+ I:

I ~ II br+ I II -' B "r+1 "'lIbi+III-' r+I'

o < I ):

(3.27)

(Since br + I is linearly independent from b l , ... , br we must have bi+ I # 0.) Thus we need consider only finitely many possibilities for ~r+ I' For a fixed value of ~r+1 each xEAr + 1 subject to IIxlI~lIbr+11I satisfies IIxpll2~ IIbr+11I2-~;+llIbi+11I2=:B(~r+I)' But this means we have to determine vectors of small length in the residue class of ~r+ I bp + Ar, a problem which is also solved by (3.15) as was discussed in (3.17c). Before we start to describe a general reduction algorithm we note the following. The crucial point will be possibility (3.22b). If it occurs we may end up with a reduced basis b l , ... , bj with j much smaller than r before. Thus the process of building up a reduced basis can become rather lengthy. Of course, we would prefer to be quite sure that (3.22b) will not occur. Hence, we apply a weaker type of reduction (see (3.40)) to the basis vectors first. The algorithm below concerns total reduction of a lattice basis, the corresponding one for Minkowski reduction is derived from it by replacing < T by <. (3.28)

General reduction algorithm

Input. A basis b l , ••• , bk of a lattice A of a rank k ~ 2 which has been LLL-reduced (see (3.40)) and the basis vectors have been totally ordered. Output. A totally reduced basis b l , ••• , bk of A. Step 1. (Initialization). Set r ~ 1, Ar ~ .£'b l , bT ~ b I' Step 2. (Orthogonal decomposition). Compute Jlr+ I,j ~(b~+ I bj/ll bj 112) (1 ~ j ~ r) (compare (3.24)) and Pr+ I,j of b:+ 1= br + 1- :LJ= IPr+ I,jbj = br+l-bp (see exercise 1), as well as Br+l~lllbr+III/llbi+IIIJ, ~r+1 ~ 1. Step 3. (Computation of short vectors in ~r + I b p + AJ Set B(~r+ d ~ II br + 1112 - ~;+ I II bi+ 1112 and compute by (3.15) (subject to the changes outlined in (3.17c) the set

9Jl:= {XEAr + .£'br + Ilx = rf i= I

II x -

~r + I bi+

For 9Jl

=0

1

112

~ibi> X - ~r+ I bi+ I E~r+ I b

~ B( ~r + d }.

go to 5.

p

+ Ar,

Lattices and basis reduction

195

Step 4. (Reduction criterion). For j = I, ... , r + I let XjE9J1 be minimal with respect to <1" satisfying gcd(~j, ... ,~,+d= I and xj <1"bj; if 9J1 contains no Xj satisfying these conditions set Xj <- O. For each j (I ~ j ~ r + I) with Xj '" 0 transform (if possible) b 1 , ... , b,+ 1 into a new basis b 1 , ... , bj - 1 , Xj' bj + 1"", b,+ 1 by an application of (2.10). Then set bj <- Xj' bj<- bj(j < i ~ r + \) and update the bt (j ~ i ~ r + \) and the coordinates of Xv (v > j). If no transformation is carried out go to 5. Otherwise let jo be the smallest index for which a transformation occurred. For jo ~ r set r <- jo, A, <- .lb 1 + ... + .lb, and go to 2. StepS. (Increase ~'+l)' Set ~'+l <-~'+l + 1. For ~'+l ~B'+l go to 3. Step 6. (Increase r). Set r<-r+ \, A,+-A'_l +.lb,. For r
Definition (3.29) Let A be a k-dimensionallattice in IR". For i = \,2, ... , k let MjEIR>o be minimal with the property that there exist linearly independent vectors Y1 " " , Yj in A satisfying II Yj 112 ~ M j (I ~ j ~ i). M l ' ... , M k are called successive minima of A (with respect to the function II II). The following chain of inequalities is a trivial consequence of the definition: (3.30) Since we use a different notation, the reader will already surmise that Y1"'" Yk will not be a reduced basis for A, generally speaking. Fortunately, we can be more precise and describe the relationship between reduced basis vectors bj and successive minima vectors Yj in greater detail (\ ~ i ~ k). The following example was already known to Minkowski:

Example

(3.31)

Let bj=ej (i= \, ... ,4), b 5 =!Lf=lej in 1R 5, A = Lf= l.lbj. It is easily seen that b 1 , •.• , b 5 is a totally reduced basis for A. (We recommend this as an exereise). On the other hand M 1 = ... = M 5 = 1 with Yj = bj (i = I, ... ,4), Y5 = 2b 5 - b4 - b 3 - b 2 - b 1 · Hence, successive minima vectors will not necessarily yield a reduced basis

196

Methods from the geometry of numbers

in dimensions greater than or equal to five. What about smaller dimensions? Here we have

Theorem (3.32) Let A be a k-dimensionallattice oflR" and M j = II Yj 112 (i = 1, ... , k) the successive minima of A. Then YI, Y2, Y3 can be supplemented to a (reduced) basis of A and there is always a reduced basis bl,oo.,bk of A such that M j = IIbj ll 2 for i = 1,2,00', min(k, 4). We see from (3.31) that this result is best possible. On the other hand there are lattices with M j = II bj 112 (i = 1,00', k; k > 4), and the proof of (3.32) gives some idea, under which additional premises we can extend the last statement of the theorem to indices i > 4. Proof We already noticed that the first vector b l of a reduced basis satisfies M I = II btll 2. Hence, for a reduced basis b l , 00.' bk of A we can assume M j = IIbdl 2 for i= 1,00.,r, r~ I. Each xEA has a presentation x=D=lxjbj (XjEZ, 1 ~ i ~ k) and II x 112 is a positive definite quadratic form IIxI1 2 =Q(x l ,00.,xd=

L

bijxjx j

(bij:=b/bj )

in the variables x I, . 00 , X k • As in (3.11) we compute %ER (i = 1,00', k;j ~ i) such that

with

(3.33a)

and we define k

Qj(Xj,oo.,x k ):=

L Qj(Xj,oo.,x

k ).

(3.33b)

j=i

All these quadratic forms are positive definite again. From our assumptions we know that b/i = Mj ~ qjj > 0 (1 ~ i ~ r), (3.33c) and we shall test if Mr+ I = II br + I V For Mr+ I = II X 112 we must have IXr+ II + ... + IXkl > 0, hence we will consider m:= gcd (xr+ 1"'" Xk)' In case m = 1 the vector x can be taken as new basis vector br + I because of (2.10). So, let us assume m > 1. From (3.33a), (3.33b) we obtain (3.33d)

197

Lattices and basis reduction

Therefore we can determine v = L~; I VjbjEA in the following way: x·

vj :=---'- (r+ 1 ~i~k), m

IV+

± qijVjl~-!-

j

(3.33e)

(i=r,r-I, ... ,I).

(3.33f)

j;j+ I

Since b " ... , br , v are linearly independent we must have (3.33g) Now (3.33d) and (3.33g) yield (3.33h) Applying (3.33g) and (3.33h) we obtain Mr+1

~

t q4ii(1 +_2_1_) m -I

j;1

m2r

~(m2_1)4max{qiill ~i~r}

m2 r ~(m2 -1)4 Mr (3.33i) For r = 1,2 this yields a contradiction to (3.30), and we get the first statement of the theorem. In case r = 3 we still get a contradiction except for m = 2 and M 1= ... = M4 = qll = q22 = q33' But then ql2 = ql3 = q23 = and we have M 4 = II V 112 for v = (0,0,0, X4/m, . .. , xk/m), hence v is a candidate for b 4 • 0 In case the first successive minima are known and if they are not equal, (3.33) can usually be improved, i.e. (3.33i) yields a contradiction also for r ~ 4. The importance of the successive minima hinges on the estimates stated in the following theorem.

°

Theorem (3.34) Let A be an n-dimensional lattice with successive minima M 1, ... , M n' There exists a constant Jln EIR > 0 depending only on n such that (3.34a) and even (3.34b)

198

Methods from the geometry of numbers

Proof (a) We consider balls B(x, r):= {y E!J;~n III x - YII ~ r} for XE !R n. It is obvious that the intersection of balls centered at different lattice points contains only boundary points for r = Mt/2. We define parallelotopes (I ~ i, < ... Xj~ -I for jE{i" ... ,id}.

There are 2n disjoint parallelotopes, each containing 0 on its boundary. The idea of the proof is to partition B(O, Mt/2) into 2n subsets which can be transformed into the fundamental parallelotope n = n(0) by translations such that the images are disjoint except for boundary points. Hence, the volume of B(O, Mt/2) is less than the mesh of A yielding (3.34a). Namely, for B(i I, ... , i k):= n(il' ... , ik)n B(O, Mt/2) the translated set

B(i I' ... , id:= B( iI' ... , ik ) + ej + ... + ei. is of equal volume and is contained in n n B(e h + ... + e j., Mt/2). Therefore I

we obtain V(B(O, Mt/2) ~ V(n)

which yields

nnl 2 r

(~ +

1) -

I (Mt/2)n ~ d(A).

Setting I1n:= (4In)nnnI2 + 1)2 we get (3.34a). (b) To obtain (3.34b) let Y1' ... , Yn be independent lattice points with M j =lIy;l1 2 (I~i~n). For xE!Rn we have X=¢IYI+.·.+¢nYn (¢jE !R, I ~i~n) and IIxII2 is a positive definite quadratic form in ¢I' ... '¢n. Applying quadratic supplement we obtain II x 112 = ZI 2 + ... + Zn 2 with Zj = Zj(¢j, ... , ¢n). Then we introduce a new norm using weights by II x 11/:= (11M I)ZI 2 + ... + (1/Mn)z/. For each xEA, x;l: 0, fhere is a maximal index k (I ~ k ~ n) such that ¢k;l:O, ¢k+I=···=¢n=O, and we get IlxlI/~(l/Mk)(z,2+···+z/)= (II M d II X 112 ~ 1 because of the definition of M k. Hence, for A (with II IIn)M In ~ I and d(A); = (M I· ... · Mn)-I d(A)2 (because of the weighted scalar product) and an application of (3.34a) gives (3.34b). 0 The constants I1n obtained in the proof are not very good. The best possible values ('Hermite's constants') are known only for n ~ 8, they are denoted by Yftn.

n

2345678 4/3 2 4 8 64/3 64 256·

(3.35a)

Lattices and basis reduction

199

The best upper bounds known for n > 8 were given by Blichfeldt [2]: y:~

n +-2)2 . (;-2)n r ( 1+2

(3.35b)

Usually (3.34) is applied when we know a few successive minima and look for a lower bound of some invariant occurring in the determinant of the lattice. Therefore it is important that our general reduction algorithm (3.28) also can be used to compute M 1, ... , M k'

Algorithm for the computation of successive minima (3.36) The following changes in (3.28) are necessary. Add to step 1: Set Yj - bi (i = 1, ... , k). Replace step 3 by: 'Set B(~r+ I)-II br + dl 2 - ~;+ 1 II b:+ dl 2 and compute YE~r+ 1 bp + t\r of shortest length and set x = Li!: mjbj - Y + ~r+ I b:+ I' For II x II ~ II Yr+ I II go to step 5.' Step 4 is to be replaced by: 'Let jE {I, ... , r + I} be minimal with the property IIxll < II Yj II and set a-gcd (~j""'~r+d. Transform bl, ... ,br + 1 into a basis I '-1 b l ,···, bj _ l , -bj, ... , -br + I of t\r + £:br + I such that -bj = a(x - Lf= I mjbJ Set r-j, Yj-X, bj-hj (j~i~r+ I), present Yj, ... ,Yn in terms of the new basis and go to 2.' The output consists of the successive minima M j:= II Yj 112 (1 ~ i ~ k). In (3.34a), (3.34b) we gave upper bounds for the successive minima of a lattice (with respect to the norm). It is clear that we cannot derive lower bounds for M I alone, depending only on d(t\). However, for MI· ... · Mn it is not difficult to determine such a lower bound.

Theorem

(3.37) Let t\ be an n-dimensional lattice of IRn with successive minima M I, .•. , M no Then MI· ... · Mn ~ d(t\)2. Proof There exist linearly independent lattice vectors Y1"", Yn for which M j = II Yj 112. Those span a sublattice A I := £:YI + ... + £:Yn of t\ of index mEN. Hence, n

d(t\)2 ~ Idet(YI, ... ,YnW ~

flllydl 2 j=

I

by Hadamard's inequality. 0 As already mentioned the computation of a totally or Minkowski reduced basis of a lattice can be very time consuming. Hence, in many cases one is satisfied with constructing bases of lattices which are reduced in a much weaker sense. Those bases either have sufficiently good properties themselves (see example (3.42» or they are used as initial bases of algorithms (3.15), (3.28). Besides the well-known notion of pair-reduction (see exercise 3) the most important reduction procedure now in use is LLL-reduction which was

Methods from the geometry of numbers

200

introduced in 1982 by Lenstra, Lenstra & Lovasz in a paper on the factorization of polynomials with rational integral coefficients [10].

Definition (3.38) A basis b I , ... , bk of a lattice t\ is called LLL-reduced if the vectors bT,· .. , bt of the corresponding orthogonal basis (see (3.24)) satisfy

Iflij I ~ -1 (1 ~ j < i ~ k), II b1 + fli.i _ I b1- I 112 ~ i II b1- I 112.

(3.38a) (3.38b)

We note, that the constant i in (3.38b) can be replaced by any constant ex belonging to the open interval (-i, 1). The estimates of (3.39), (3.41) must then be changed appropriately. The larger the constant ex is the better are the properties of a LLL-reduced basis but the larger is also the amount of computational steps for its calculation. Inequality (3.38b) means that the ellipsoid x' Ax ~ C derived from the basis vectors as in (3.10) is roughly shaped like a ball. We state without proof several useful properties of LLL-reduced bases. The proof is analogous to that given in [10] for n-dimensional lattices (see also exercise 4).

Lemma

(3.39) Let b l , ... , bk be a LLL-reduced basis of a lattice t\ c JR" with corresponding orthogonal basis bT, ... , bt and constants flij of (3.24). Then the following estimates hold: (i) (ii) (iii) (iv) (v)

IIbjIl2~2i-lllbn2(1~j~i~k);

d(t\) ~ TI~ = I II bi II ~ 2k(k - 1)/4d(A); II bIll ~ 2(k-I)/4d(A)I/k; II b l 1l 2 ~ 2k - 1 11 X 112 for all XEt\, x # 0; II bj 112 ~ 2k - I max { II XI 11 2, ... , II x11I2} (l ~ j ~ t), where tE N, 1 ~ t ~ k,

and x I' ... ,X, are linearly independent vectors of t\. Before we present an algorithm which transforms a given basis of a lattice into a LLL-reduced one we shortly explain the underlying ideas. At the start the constants Jlij and the orthogonal basis vectors b1 are calculated by (3.24). Then a LLL-reduced basis is constructed inductively. The induction is on the number of reduced basis vectors. The initial value of the induction parameter is m = 2, in case of m > k the procedure terminates. There are three major steps: (A) Reduce flm.m _ I to Iflm.m - II ~ -1 by subtracting a suitable multiple of bm - I from bm • (All b1 remain unchanged!)

201

Lattices and basis reduction

(B) If (3.38b) holds for i = m proceed to (C), else interchange bm - I and bm • In case m > 2 also replace m by m - l. Then go on with (A). (C) Reduce (similar to (A» J1mj to lJ1m jl ~ t for j = m - 2, m - 3, ... , l. Then increase m by l. For m > k terminate, else go on with (A).

Remark In the algorithm the vectors bt are not used explicitly but only the squares of their norms B j := br'bt. (3.40)

LLL-reduction algorithm

Input. Basis vectors b l , ••• , bk of a k-dimensional lattice A. Output. A basis b l , ••• , bk of A which is LLL-reduced. Step 1. (Initialization). For i = 1, ... , k set: J1 jj t- b:b*)Bj

(1 ~ j ~ i-I),

j-I btt-bj -

L J1 jjbj,

Bjt-bt'b*j.

j= I

Then set m t- 2. Step 2. (Set I). Set / t- m - 1. Step 3. (Change J1ml in case lJ1mll > t)· r t- {J1m,}, J1mj t- J1mj - rJ1/j

If lJ1mll >

t, set

bm t- bm - rb" J1ml t- J1ml - r.

(1 ~ j ~ /- 1),

For / = m - 1 go to 4, else to 5. Step 4. «3.38b) violated on level m?) For Bm < (l- J1;',m-I)B m- 1 go to 6. Step 5. (Decrease I). Set / t-/- l. For / > 0 go to 3. If m = k, terminate; else set mt-m + 1 and go to 2. Step 6. (Interchange bm _ I' bm )· Set J1 t- J1m,m - I' B t- Bm + J12 Bm -I' J1m,m-1 t-J1Bm_I/B,Bmt-Bm_IBm/B,Bm_1 t-B; then set

( bm-I)t-(b m ), bm

bm -

I

(J1m~l,j)t-(J1mj J1m}

J1m-I,}

)

( J1j.,m-l) t- (1 J1m,m-1 )(0 _ 1 )(J1i.,m-l) J1lm

0

1

1

J1

J1lm

(1

~j~m-2),

(m

+ 1 ~ i ~ k).

For m > 2 decrease m by 1. Then go to 2. The transformation formulae of steps 3,6 are easily derived from the ideas in (A), (B), (C) (see also [10]). It remains to show that the algorithm terminates. For this purpose let

202

Methods from the geometry of numbers

be the principal minors of d(A)2 ( = Dk ) and k-I

D:=

nD

j•

j= I

Because of (3.3), (3.24) we also have /

D/=

n IIbjl12

(1 ~i~k).

j= I

Each time algorithm (3.40) passes step 6 the value D m _ 1 is diminished by a factor ~ whereas all other D/ remain unchanged. Hence, also D decreases by a factor l But - as exercise 5 shows - there are positive lower bounds S/ for the D/, i.e.

D/ ~ S/ > 0 (1

~i~

k)

independently of the chosen basis b l , •.. , bk of A. Therefore algorithm (3.40) can pass step 6 at most L-Iog(-b-n,.:} S)/logiJ times, the algorithm terminates after a finite number of steps. In case the lattice A under consideration is of rank n and integral (i.e. contained in IE") one can show [to]: Lemma (3.41) Let A = llEb/, b/ElEn, II b;ll2 ~ B (1 ~ i ~ n; B ~ 2). Then the number of arithmetical operations of algorithm (3.40) is bounded by 0 (n4 B), all occurring numbers (integers!) have at most 0 (n log B) binary digits.

EBi=

Before we present some important applications of algorithm (3.40) we illustrate its disadvantages by two examples. Especially, the first example shows that the unsatisfying estimate (3.39) (iv) cannot be improved by much. (3.42)

Examples (i) Let B = (Pij)ElRnxn be given by

.. '= P

{ (3

~2 /2)/ - I

for j = i for j < i.

, 1 ~ i ~ n.

I)"

t(3!/2)/-1

for j> i

Let Ak := EB~= llEb/ for fixed k (1 ~ k ~ n), where b l , ... , bn denote the columns of B. Then b l , ... , bk is a LLL-reduced basis of Ak and min { II x IIlxEAk, X #= O} = (3 1 / 2/2)k - 2 in case of k ~ 2 ([1], see also exercise 6). (ii) In this example the basis vectors of the lattice under consideration are again given by the columns of the matrices shown below. A basis (corresponding to the first matrix) is LLL-reduced, then Minkowski-reduced and finally LLL-reduction is applied again. The listed squares of the norms of the basis vectors show that LLL-reduction can even spoil a short basis. This example was found in [14].

Initial basis: 9 6 0

9

0

7 2

10

5 1 9 8 4

8

9

o o

2 5 7 5 3

1 0 8 4 2 9 6 6 9 8 2 7 8 5 016 5 3 7

o 5 8 2 9

2 2 7

364 4 7 7 9 1 1 6 6 238 8 0 1 8 6 4 7 671 7 7 0 8 573 5 2 6 3

o 10

8

7

o

8 3 1 9

5 2

o

4 0 0 4 3

3 2 5 9 2

6 0

4 9

5 8 5

1 0 9 4

4

5 2 5 7 2

9 2 1

341 389 845 9 2 3 081 103 8 9 9 6 3 0 4 7 3 3 2 7 8

10 9 4 2 7 4 1

7 3 2

3 3 3

5 0 3 1 9

3 7 8 5 6

0 5

971

571

543

3

3

6

7 1

1 5 1 3 7 1 6 4 2 9 4 4 6 8 7 4 9 3

7 7 4

7 0 2

7

6

7

7

8

8

2

4

8

8

3 3 4

0 1 3

7

8

9

o

0 2

8 0 8 6 8 4 165 6 9 1

3 5 7

2 7 3

4

6

1

5

6

6

6

2

6

5 7 3

6 8 7

3 3

4 8

8

4

9

o

9 5

3

4

9

0

9 7

0 2

o 5

8 5

2 6

5 3 9

3

8

2

8

o

2

919 4 0 4 8 5 3 6 0 8 9 2 306 4 5 2

677

804

10

8

7 7

7

o

7 3 4 7 4 895 6 9 5 860 122 o 4 7

8

6

8

2 2 5 3 6

2 6

10

8

7 3 5 9 9

9

8 7 6 5

o 5 5 2 7

o

8 1

t""

~ §. '"

'"= c.. cr

'"~. ;;

c.. c: !:l.

o·

=

o 6 7 9

Squares of norms of columns:

854

473 553

410 455

548

710

494

560 512

645

597

642

613

498

734

~ ....,

LLL-reduced basis:

33332 -4 -1 0 -4 0 4 0 4 -1 -2 -2 0 -4 1 1 -2 3 -2 -3 3 4 - 3 2 1 1 3 1 -4 -4 0 2 4 2 2 0 -3 1 0 -4 -2 -2 0 -1 1 4 3 -3 -1 -1 o 4 2 -2 5 4 -4 -4 4 -3 1 -2 3 -6 -1 -2 4 -1 -4 -1 -3 -3 -2 2 -1 3 0 0 -3 -1 0 -1 -1 1 2 2 -2 1 3 -2 -4 0

-1 -1 -6 -2 5 0 -1 3 -3 -2 4 5 0 0 -1 1 -3 -1 0

6511 -2 -4 6 -6 2 -5 -4 0 2 -1 -3 -4 4 -1 -1 - 4 - 2 1 - 5 -2 1 -2 -2 -3 3 0 1 0 -1 -1 -3 -1 -2 -1 -2 -1 -2 3 4 3 -1 3 -2 -1 0 -1 3 4 -1 2 2 1 0 4 -5 -3 -6 3 0 -5 3 2 -3 -6 -2 -1 -1 -2 -1 -2 2 0 -1

0 -2 5 -2 - 2 0 -3 0 -4 2 -1 2 -3 2 2 -2 -7 5

113232221 2 -5 0 -4 -1 -5 2 3 -3 -3 -2 -1 2 -1 3 -3 -1 -1 3 2 3 3 -3 0-3 -2 -2 2 -3 4 -3 3 2 - 4 0 0 - 2 -5 - 6 4 3 1 -1 -1 -1 2 0 0 -1 -5 -2 7 1 5 -4 -2 0 7 -2 6 0 0 -5 3 -2 -1 2 3 4 -2 -3 -2 0 1 -1 2 -2 0 1 -3 5 5 6 -2 -2 0 -2 -4 0 -1 6 0 2 2 -2 6 2 6 1 -3 2-5 -1 -4 -2 1 -2 2 -3 2 4 3 -2 6 3 4 2 -4 -2 -1 -1 -7 3 -2 1 2-7 3 3 -2 4 2 7 -2 -3 -3 6 3 4 -1 -5 3 -2 -5 -1 -2 5 -1 6 0 0 -2 7-1 -4 0 1 0 -1 5 4 -5 -5

Squares of norms of columns:

116

130 123

144 133

151 144

167 153

184

168 167

174

193 189

194 194

204 201

206

~

:: <>

:ro Q..

'"

3' 3

:r '"

~

o 3

~ .... '<

S, ::l

c:

3

<:T

<>

C;l

M inkowski reduced basis:

333 -1 -4 -1 o 4 -1 -1 -2 0 o -2 3 1 1 4 -2 3 1 -1 2 4 1 2 -3 -2 -2 0 -4 1 3 -2 0 4 o 4 -4 1 -3 1 -2 -1 -2 -1 -3 -1 3 7 -1 0 -1 1 2 -1 3

1 2 5 1 5 1 -2 -4

3 0 -2 -4 -2 -3 -4 2 0 1 -1 -2 -3 -3 2 3 -4 -1 -2 -1 4 -3 -3 -2 0 0 -1 -3 2 0 -2

3 -4 4 1 -3 2 -4 2 -4 1 -1 -2 1 3 -1 -2 0 -1 -2 -4

242 -4 2 0 -3 -5 0 3 3 1 0 3 3 5 3 0 2 0 -1 2 -2 -1 0 4 2 -4 -1 1 0 5 2 -2 4 5 4 -6 -2 2 -4 -2 1 2 0 -3 -3 -2 -1 -3 0 4 3 0

1 2 -2 3 -1 5 -3

-5 1 0 0 -1 2 -2 -3 5 -4 2

1 -1 -1 -6 -2 5 0 -1 3 -3 -2 4 5 0 0 -1 1 -3 -1 0

3 0 0 2 -3 0 0 -3 -5 -2 -4 4 -2 3 -2 -3 3 2 6 -1 2 5 2 3 3 2 1 -3 -3 1 -2 -4 4 2 2 2

144

149

2

3 2 -4 0 3 4 1 -2 -4 -1 1 2 0 1 -2

6 -2 2 2 4 -4 -2 -3 0 -1 1 4

-1 2 4 1 3 -5 2 1 -1 6 -2

3 -1 0 0 -1 -3 -7 1 3 -1 -1 0 4 0 -2 4 -1 -4 3 3

434 -1 -2 4 0 2 -1 0-1 4 3 2-2 2 4 4 0 -1 0 0-5 1 -4 4-1 1 -5 3 1 2 1 -3 5 3 -3 5-1 -3 4 -3 -3 2 -5 -3 -2 -2 -1 2-3 -4 -2 0 3 6 -3 4-2 -3 0 -2 -1 0 -2 3 -3 -1 -1 2 -1 4-5 2 -3 0-3

r

~

~.

.,::s

0-

.,cr

'" ;n" ~

0-

'$?0""

::s

Squares of norms of columns:

103

123 116

130 125

139 133

144 140

144

149

156

153

151 150

152

156

157

~

v.

LLL-reduced basis obtained from M inkowski reduced basis: 3331332155 -1 -4 -1 2 0 -4 0 2 -4 2 o 4 -1 5 -2 4 0 -2 -5 2 -1 -2 0 1 -4 1 1 3 -1 -2 o -2 3 5 -2 -3 3 -1 -1 -3 1 1 4 1 -3 2 1 5 -2 3 -2 3 1 -2 -4 -4 0 -3 1 1 -1 2 4 -4 2 2 0 3 3 2 -3 1 0 -4 -2 -1 0 -2 -2 0 1 -1 4 -5 -2 -1 -4 1 3 -2 -3 -1 -1 1 -1 -5 -2 0 4 -3 2 -2 5 0 3 -1 o 4 -4 3 -4 1 4 0 -2 0 1 -3 1 -1 -2 3 -6 -1 3 -4 -2 -1 -2 -1 4 -1 -4 2 2 3 -1 -3 -3 -3 -2 2 -2 -5 2 -1 3 -2 0 0 -3 -3 0 -4 7 -1 0 0 -1 -1 5 -3 0 -1 1 2 -3 2 -2 1 -4 -1 4 -1 3 0 -2 -4 0 2 2 2 Squares of norms of columns: 103 123 130 116 125 133

153

144 144

~

0\

4 1 -2 -5 2 0 -2 1 4 -2 -1 -4 2 5 5 3 0

153221145 2 -3 -4 -3 0 2 -3 -2 -3 2 -1 -1 8 -2 -1 -1 -2 -2 6 -1 -3 -2 0 1-4 -1 3 -1 -3 -1 -5 4 4 1 -5 -2 2 -4 -2 2 -1 2 3 0 3 5 -2 1 -6 2 4-1 -1 -5 2 -4 0 -2 1 2 3 -1 0 3 -4 3 6 -5 0 4 -4 1 1 -1 -1 -4 0 3 1 -1 0 -2 -3 -1 -3 -4 0 1 2 0 1 -5 2 -1 -6 0 1 3 -1 1 3 -6 3 -7 2 -1 0 0 -6 -3 -1 -6 3 2 -3 6 3 -5 0 3 0 0 -1 2 4 4 2 2 -1 -3 -1 1 -2 2 3 2 -1 -4 -2 -3 -5 -3 5 0 1 0 -6 5-9 2 -4 2 3 -3 -1 -4 -1 2 -8 -2 3 3 -2 -1 -1 0 4

158 157

176

169 165

171

191 184

204 199

211

s:: '":;. o c..

'"

::;>

o

3

~ ~

o 3

~

'<

9., :l C

3

[

Lattices and basis reduction

207

In many applications LLL-reduction is used to show the polynomial time behavior of suitable algorithms. Actually, that reduction method was presented for the first time to show that polynomials of Q [t] can be factored into irreducible ones in a number of arithmetical operations which is polynomial in the input data. Since we shall need such factorization procedures later on (see chapter 5, section 4) we shall now discuss them in some detail. It is convenient to restrict factorization in Q [t] to polynomials of the form m

g(t)=

L gitiE~[t],

gcd(go,gl, ... ,gm)= 1.

(3.43)

i~O

(The transition from an arbitrary polynomial of Q [t] to a corresponding one of the form (3.43) is possible by Gauss's Lemma, see [8], for example.) Then common factorization methods proceed in four steps:

(I) Compute a (small) prime number p which does not divide the discriminant d(g) of g(t). (II) Factorize g(t) modulo p~ [t]. (III) Lift that factorization to a factorization of g(t) modulo pk ~ [t] for a sufficiently large exponent kEN. (IV) Search for products of lifted factors which are potential factors of g(t) in ~[t]. Step I is elementary, the computation of d(g) was discussed in chapter 2, section 3. Step II is carried out by Berlekamp's method presented in chapter 2, section 5. Step III is done by Hensel's method which will be explained in detail in chapter 4, section 5, subsection 10. The exponent k is to be chosen in a way such that pk is larger than twice the absolute value of the coefficients of any factor of g(t) in ~[t]. Upper bounds for those coefficients are easily derived from the root estimates in chapter 2, section 10, subsection 7. (For other bounds which are frequently used see [11].) It remains to consider step IV. That step can cause a problem since there are infinitely many positive integers m such that there are polynomials g(t) of ~ [t] of degree m which have at least ml2 factors modulo pk ~ [t] for each prime number p and all kEN [12]. (For example, this phenomenon occurs for g(t) = t 4 + 1, see exercise 5 of chapter 2, section 5.) Hence, a simple search through all possible factors of g(t) modulo pk~[t] to exhibit a factor of g(t) in ~[t] can yield a number of candidates which is exponential in deg(g). This is where LLL-reduction comes in. After carrying out steps I, II, III we assume that we know a prime number p, a sufficiently large exponent k and (at most deg(g» polynomials h(t)E~[t] with the properties:

h(t) is monic with coefficients bounded by pk in absolute

208

Methods from the geometry of numbers

value; in ~/p~[t] the image h(t) of h(t) is irreducible, h(t)lg(t), h(t)2!g(t); h(t) divides g(t) in

~/pk ~ [tJ.

We develop a method to find out, whether g(t) has an irreducible divisor ho(t) in ~[t] such that h(t)lho(t). We set 1:= deg(h), 10:= deg(ho), m:= deg(g). For each lEN, I ~ I ~ m we choose kEN (of step III) sufficiently large such that (3.44)

Here the norm II g II of a polynomial g(t)E~ [t] is defined as the square root of the sum of the squares of its coefficients. (In this way bounds for the coefficients of ho(t) in terms of II g II are obtained.) Especially, we know from our assumptions: II h 112 ~ 1 + Ipk. Then we consider the set of polynomials L:= {U(t)E~ [t] Ideg (u) ~ 10, h(t)1 u(t)} together with the injective mapping cp: L-+~'o+l:

L'0 uitif-+(UO'U1, ... ,u,0)'. i=O

Obviously, cp(L) is an integral lattice with basis cp( {pk tilO ~ i ~ I} u {h(t)tiIO ~ j ~ 10 -l}), and discriminant d(cp(L)) = pkl. Upon calculating a LLL-reduced basis b l , ... , b,o+ I of cp(L) one obtains the following two lemmata which we only cite from [10]: (3.45)

Lemma

(i) In ~[t] g(t) has a divisor ho(t) with deg(ho) ~ 10 and h(t)lho(t) only if

if and (3.45a)

(ii) If (3.45a) is satisfied and tE{ 1, ... • 10 + I} is maximal subject to lib, II < (pk'/lIglI'o)I'm. then ho(t) = gcd (cp - I (bd•...• cp - I (b,)) Lemma

with deg (h o) = 10 + 1 - t.

(3.45b) (3.46)

The method described above determines an irreducible factor of a given polynomial g(t)E~[t] in the form (3.43) in O(deg(g)(deg(g)S + deg(g)4Iog "g II + deg(g)3Iog p)) arithmetical operations. The occurring integers have at most O(deg(g)3 + deg(g)2Iog "g" + m log p) binary digits.

209

Lattices and basis reduction

Remark

(3.47)

In case iJ(t) has only a few irreducible factors in 1'lp1' [t], then a direct search in step IV is preferable, of course. In chapter 5, section 4 we shall extend this method to the factoring of polynomials over number fields. It is used there for the calculation of the torsion subgroup of the unit group of an order. Another application is a method to decide whether two algebraic number fields F = iI)(a), E = iI)({J) of the same degree are isomorphic. To solve this problem if suffices to test whether the minimal polynomial mp(t)EiI)[t] of {J has a zero in F (see exercise 5 of chapter 5, section 4). Another application of LLL-reduction is in connection with enlarging sublattices. The problem which we want to solve is the following: Let Al £; A be two integral k-dimensional lattices, b l , 00., bk+ I EA subject to AI = 11'bj. We want to exhibit a basis of the lattice A = L~: 111'bj £; A. Clearly, b l , 00', bk + I are linearly dependent, hence algorithm (3.40) needs to be modified.

t:;

MLLL-reduction algorithm

(3.48)

~n, b I' ... , bk being linearly independent. Output. Integers m l , ••• , mk + I subject to L~: f mjbj = 0, D: f 1m;! > 0, and vectors b l , 00., bk satisfying f 1'bj = L~= 11'bj. Step 1. (Initialization). For i=I,2,oo.,k+1 set: bjf-bj,~jjf-b:bj/Bj --- ] . "" --- I. - I), b*j f- bi - "j-I b*'b*j. Th en set m f- 2, (I "" L,j = I ~ij b*j' B if-,

Input. Vectors b I, ... , bk + I of a k-dimensional lattice A c

n:

Hf-!k+1 and denote the columns of H by hl,oo.,hk+I'

Step 2. (Set I). Set 1f- m - I. Step 3. (Change ~m' in case l~m,1 > H For l~m,1 >

t

set r f- {~m'}' bmf- bm- rb" hmf- hm- rh" ~m' f- ~m' - r, ~mj f- ~mj - r~1j (1~j~/-l). In case bm=O set bjf-bj + 1 (m~i~k), (m I' ... , mk + I)' f- hm and terminate. For bm"# 0 check whether I < m - 1. In that case go to 5. Step 4. ((3.38b) violated on level m?). For Bm < (i - ~~.m-.) Bm- I go to 6. Step 5. (Decrease I). Set I f-/- 1. For I> 0 go to 3. Else set m f- m + 1 and go to 2. Step 6. (Bm=~=O?). Set ~f-~m.m-I' Bf-Bm+~2Bm_I' For B=O go to 7. Else set ~m.m-I f-~Bm_IIB, Bmf-BmBm_IIB,

~,... m-I)~(l ~m.m-I)(O _l)(~,... m-l) ~ ( ~I.m 0 1 1 ~ ~,.m

(m + 1 ~ i ~ k

+ 1).

210

Methods from the geometry of numbers

hm-I)<-(hm ), (~m-I)<-(~m ), ( hm -I hm-I bm bm ( Jlm~l.j)<-(Jlm.j .) (1 ~j~m-2).

Jlm.} Jlm - I.} For m > 2 decrease m by 1. Then go to 2.

We need to add some explanations about the changes made in (3.40). In step 1 we observe that Bk + I = O. Thus steps 6,7 become most important. The possibility of B #- 0 can occur only a finite number of times (for m = k + I, in the beginning) since in that case Bm - I is multiplied by a factor l Hence, Bm - I = 0 after some computational steps which means that then the vectors 61 " •• , 6m _ I are already linearly dependent. In this way we finally obtain a linear dependency of only two vectors yielding 6m = 0 in step 3. At that stage the coefficients m l , ... , mk + I are the entries of the mth column of H, the vectors 61 , ... ,6m - l , 6m + I , ... ,6k + 1 form a basis of L~: P:b j , and those vectors are obtained from b l, ... , bk+ I by (bl· .. bk + l ) H'=(bl,,·bm-Ibm+I,,·bk+d where the accent at H means that the mth column is removed from H. We illustrate the performance of algorithm (3.48) by a simple example. It was chosen so that all computations can be done by hand.

Example

(3.49)

Let

2

k = 2.

_ :).

Applying (3.48) m is immediately increased to m = 3. Then we get B #- 0 in step 6, 62 and 63 are interchanged. Next 61 is subtracted from 62 ,6 1 and 62 are interchanged. Again 61 is subtracted from 62 ,6 2 is added to 63 , Now B = 0, 62 and 63 are interchanged and we have a linear dependency of bl and 62 , In step 3 the vector 62 becomes O. We list the result:

2 I -I

~).

-I

We note that (3.48) can be used to advantage for solving systems of linear equations over the integers (see also exercise 10). Concluding this section we remark that it is very easy to compute generators bl, ... ,bk of L~:IZbj once we know a relation L~:lmjbj=O (mjEZ,gcd(m\> ... ,mk+I)= I). Then we only need to apply division with remainder to the mj as the following algorithm demonstrates.

Lattices and basis reduction

211

(3.50)

Algorithm for enlarging suhlattices

Input. Vectors b l , ••. , bk + I of a k-dimensionallattice A such that b l , · · · , b k are IR-linearly independent. Integers m 1 ' " ' ' mk + I El'. subject to O=L~~lmjbj and gcd(ml, ... ,mk+d= I. Output. Vectors C I' ... , c k of A satisfying L~ = I l'.c j = L~ ~ l l'.b j • Step 1. (Initialization). Set Cj <- b; (I ~ i ~ k + I). Step 2. (Determine non-zero mj of minimal absolute value). Set p<-min{lmdll ~i~k+ l,mj#O} and choose jE{I, ... ,k+ I} maximal with Imjl = p. Step 3. (Division with remainder). For plm; (l ~ i ~ k + I) go to 4. Else set mij <- {mdm), mj <- mj - mijmj, c j <- cj + mijcj for all i (I ~ i ~ k + I) with plmj. Then return to 2. Step 4. (Done). For i = j + 1, ... , k + 1 set c j _ I <- C; and terminate. We illustrate (3.50) by a simple example.

Example Let b l , b 2 , b 3, b4 EIR3 subject to 3b l immediately reduced to

-

4b 2 + 2b 3 + 2b4

= O. This equation is

yielding

Exercises 1. Let bl, ... ,bkEIR" be linearly independent and bt,Jlij (\ ~j
n

(i) Show that two linearly independent vectors a, bEilR" are transformed into pairwise reduced vectors upon repeated application of

and in case II b II > II a II interchanging a and b. (ii) Interpret the reduction step in (i) geometrically. (iii) Show that two pairwise reduced vectors are also LLL-reduced and reduced in the sense of Minkowski.

212

Methods from the geometry of numbers

4. Prove Lemma (3.39). 5. Let A = ~ Ilbj be a k-dimensional lattice of (1 ~ i ~ k). Prove:

EB:'

M iI := min

{II x 11 2/xEA j:= EBlbj , x'" J~I

[R"

and Dj := det(b~b.) I ~/" ,,~,

o} ~ (~)(j-

1)/2Dl/ j.

(Hint: For a reduced basis CI"",Cj of Aj (Mil = IIc, 1I 2) decompose the corresponding quadratic form Q;(x) = L~.v~ IY~vx~xv (Y~v:= c~c.) into YII(X , +(YI2/YI.)X 2 +···+(YI;/YI.)XY+g(x 2 , ... ,x;l and apply induction.) Show that the result also yields Y; ~ (1)j(; - 1)12. 6. Prove the statements in example (3.42) (i). (Hint: Consider bk - bk - I .) 7. Prove: y~ = t 8. Modify (3.15) such that the output consists of all vectors YEA of given square length II Y112 = T. 9. Use (3.15) to show that lattices are discrete, i.e. for each lattice A there is a positive constant (j such that all x, yE A, x '" y, satisfy II x - y I ~ (j. 10. Generalize algorithm (3.48) in the following sense. The input consists of vectors b " ... , bu of a k-dimensional lattice A c [R". The output is to consist of vectors b " ... , bg which are linearly independent and satisfy Li' ~ lIb; = tr ~ lIb;. Use the result to develop an algorithm for solving systems of linear Diophantine equations.

3.4. Minkowski's convex body theorem Making use of the connection between quadratic forms and lattices we can interpret theorem (3.34) in another way. If we fix a basis b l , ... , bn of the lattice A, then 1/ x 1/ 2 (xEA) becomes a positive definite quadratic form Q(x) with coefficients b/bj (I ~ i,j ~ n) and determinant d(A)2. Hence, the set E:= {xElRnIQ(x}~ r2} (r > 0) is an ellipsoid which contains non-zero lattice points if and only if r2 ~ M I' Because of (3.34) r2 ~ Ynd(A)2/n suffices. For more general point sets it is much more difficult to determine whether they contain non-zero lattice points. A very useful result in this context is Minkowski's famous Convex Body Theorem.

Definition (4.1) A set C c:; IR n is called convex, if fa,. every x, YEC, AE[O,I] the vector Ax + (l - A)y (i.e. the line segment between x and y) belongs to C. Examples Let A

= (ajJE IR" XI', and

CI

, ... ,

s:= {xElRnll

Cn positive constants. Then

f aijXjl <

}=1

is convex.

(~)

Cj

(I

~ i ~ n)}

(4.la)

213

Minkowski's convex body theorem

Namely,for x, YES, AE[O, I] we obtain

I.f ajpxj + j=1

(1 - A)Yj)/

~ AI.t aUXjl + (1 j-I

A)/.t auy j / j-I

< AC j + (1 - A)Cj = Cj

(I

~

i ~ n).

( ~)

Let Q be a positive definite quadratic form and C > O. Then

(4.1 b)

S:= {xEIR"IQ(X)I/2 < C} (~

)

is convex. For the proof we assume that Q(x) = x' Ax for A ER" X ". Then

Q(.1.x + (1 - A)Y) 1/2 = (A2Q(x) + (1 - A)2Q(y) + 2,1.(1 - A)x'Ay) 1/2 ~ (A 2Q(X) + (1 - A)2Q(y) + 2,1.( 1 - A)(Q(x)Q(y»I/2)1/2 (by the Cauchy-Schwarz inequality)

= AQ(x)I/2 + (1 -

A)Q(y)I/2
The intersection of convex sets is convex. For a convex set C its closure points C are convex.

E and

the set of its interior

(4.1 c) (4.1 d)

We note that convex subsets C of IR" are Jordan-measurable (for a proof see [9]). The corresponding volume is denoted by V(C).

Theorem (Minkowski's Convex Body Theorem)

(4.2) Let C £; IRn be a convex, O-symmetric (i.e. XEC implies - XEC) set and A an n-dimensional lattice. In case V(C) > 2"d(A) or V(C) = 2nd(A) and C compact the set C contains a lattice point xEA, x t= O. Proof For A£; IR", YEIR", aEIR we write aA:= {axlxEA}, y + A:= {y + XIXEA} for abbreviation. Let us assume V(C) > 2" d(A) at first. Using the fundamental parallelotope n of the lattice A (which was defined in (3.4» we obtain

!C = U(!C n(x + n», XEA

Methods from the geometry of numbers

214

hence, XEA

=

L V« - x + tC)nn). XEA

This implies that there exist x, YEA, X#- y, satisfying - x + tc n - y + tc #- 0. As a consequence there are c I, C2EC subject to -x+tc i = -y+tC2' hence, O#-x-y=tc i +t(-C 2 )EC. If V(C) = 2n d(1\) and C is compact then we use a sequence en \, 0 (nEN, e/l > 0) in order to obtain non-zero lattice points x" in (I + C/I)C. Since the sequence (Xn)/IEN is bounded, it contains a convergent subsequence which will be constant for n large enough because of the discreteness of A (see (3.15) and exercise 9 of chapter 3). Hence, 0 #- x" = xEAn(l + cn)C for large n, i.e. XEC because C is compact. 0

Corollary (4.3) Under the same premises for C, A as in (4.2) and additionally V(C) > m2/1d(A) or V(C) = m2/1d(A) and C compact (mEN), there exist mdistinct pairs of non-zero lattice points in C. The proof is recommended as an easy exercise.

Remark Considering C:= {x E 1Rl" II Xi I < I} for A = 7L" shows at once that (4.2) cannot be improved in general. We give a few applications of Minkowski's Convex Body Theorem which will turn out to be useful for later sections.

Theorem (4.4) Let A be an n-dimensional lattice in IRln, A = (aij)EIRl/l Xl' a matrix, and C j (1 ~j ~ n) positive constants such that C I'" C n ~ Idet A Id(l\). Then A contains a non-zero lattice point u = 'L7= I Uiei with

I.f.

)=1

aljUjl

~C

I,

I.f.

)=1

aijUjl < Ci (2

~ i ~ n).

Proof We consider the set S c IRl n given by

s:={xEIRl"IIJlaljXjl~CI'

IJlaijXjl
(2~i~n)}.

S is convex (by (4.la)) and O-symmetric. The matrix A describes a linear transformation of 1Rl":

A: 1Rl" -+ 1Rl": x 1-+ Ax =: X.

215

Minkowski's convex body theorem

Hence, V(S)

=

f f \~x dx

=

S

A(S)

uX

\ dX

= (det A)-I

f

dX.

A(S)

Therefore V(S) = 00, if A is singular, and in that case S contains non-zero lattice points of A according to (4.2). For regular A the set A(S) has volume 2"C I · ... ·Cn • If C I · ... ·CII > Idet Ald(A) = d(A(A)), the theorem follows again from (4.2). Finally, for C I· ... · C n = d(A(A)) we obtain non-zero lattice points X,EA(A) for each e > 0 which satisfy IX" I ~ C I + e, IX,;I < C j (2 ~ i ~ n). Because of (3.15) there are only finitely many X, at all, if we bound e by 1 from above, and for e ...... 0 one of these X, must already satisfy IX "I ~ C I'

o In most applications, however, the pointset S under consideration is by no means convex. In that case it can be helpful to apply Minkowski's Convex Body Theorem to a convex subset C of S. For example, in algebraic number fields the non-zero integers are of absolute norm greater than or equal to one. For the Minkowski-mapping of those integers into IRn (see chapter 6 (3.6)) the set S, s

S:=

{

n-I

}

xElRn}J Ixd }ll (x; + xt+ d < 1 \

(4.5)

i -sodd

for suitable sE7!"o, n - S = 2t, cannot contain images of integers different from O. Since S is not convex in general we consider the subset C instead: C:=

{XElRn/

JI IXil + i:~ I(x; + x;+ d 2

l/2

< n}.

(4.6)

j-sodd

(C!:; S is an immediate consequence of the inequality between geometric and arithmetic means.) Then C cannot contain images of non-zero integers either, and as C is convex (by (4.1a), (4.1 b)), Theorem (4.2) yields V(C) ~ 2nd(A), where A denotes the lattice of the image of the algebraic integers. This yields an important estimate for d(A) in terms of V(C).

Computation of V(C). Let

Obviously,

V(Cs,r(A)) = AnV(Cs,t(l )).

(4.7a)

216

Methods from the geometry of numbers

For s > 0 we have

=

V(CS.I(l))

fl

V(Cs-1.1(l-lxi))dx

=2V(Cs- 1.,(l))

L

(I_X)"-Idx

2

= -n V(C s - 1 .,(1))

(4.7b)

= 2.

(4.7c)

and V(C1.o(l))

For t > 0 we obtain V(CO.I(l))

=

If

2

V(CO.I-1(l- 2(x 2 + y2)1/2)) dx dy.

2

x +y <;1/4

Introducing polar coordinates x = r cos cp, y = r sin cp we compute V(CO.I(l))

= 2n

It

V(CO.I-1(l - 2r))rdr

=2nV(Co.I _ 1(l))

Substituting i' = t V(C

0.1

(I))

-

tt

(1-2r)2(1-I)rdr.

r yields

= 2nV(C 0.1 _ 1 (1))(221-3_1_21-21 2t _ I

22(1-1)~2-21) 2t

~2t(2tl_l) V(Co.I-1(1))

(4.7d)

and V(CO.1(1))

= n/4.

(4.7e)

Combining (4.7a-e) we finally obtain

V(CSI(,{))=,{nV(Csl(l))=,{n~'~I"'" nn. .

=,{n2s(n~s)!(~)'-1 (2It)! = ,{n 2s (~)' n., 2 .

2

n-s+

I V(COI(l)) .

2i (4.8)

We will make use of the results obtained so far in all later chapters. There they will be applied to the integers of algebraic number fields F, more precisely to homomorphic images of the ring of integers which are lattices. Theorems (3.34), (4.2), (3.37) are used to derive bounds for discriminants, regulators and the coefficients of a suitable generating polynomial of F.

Minkowski's convex body theorem

217

Exercises I. Let C be a convex subset of IR". Prove:

m

LI j=

1

m

j

=

1 =>

L IjXjEC. i= 1

2. Let C be a convex subset of IR". Then show either C is contained in a hyperplane or C contains interior points. 3. Prove Corollary (4.3). 4. Let A be an n-dimensional lattice and x 1> ••• , x" + 1 EA. Use (4.4) to prove that there exist u1, ... ,Un+-lEZ satisfying Lj~:lujl>O and Lj~:UjXj=O. (Hint: For Xj = (xi!' ... ' xd' set Xjn+ 1 = 0 and consider the system of linear inequalities ILi~ l xijujl:( Mt/(2n), where M 1 denotes the first successive minimum of A.)

4

Embedding of commutative orders into the maximal order

4.1. Introduction Solving algebraic equations x" + a1x n - 1 + ...

+ an = 0

(ajEiQ), 1 ~ i ~ n)

(1.1 a)

over the rational number field iQ) establishes algebraic numbers. Following the ideas of E. Galois, number theory began to occupy itself with the algebraic relations between several algebraic numbers. It was shown in chapters 1 and 2 how to build up systems of algebraic numbers by associating the iQ)-algebra A I = iQ) [t]/ f(t)iQ) [t]

(1.1 b) with (1.1 a). Here

f(t)=tn+a1t n- 1 + ... +anEiQ)[t]

(1.1 c)

is the monic polynomial associated with (l.la) and (XI

= t + f(t)iQ)[t]

is an element of A I solving (l.1a) and generating the algebra A lover iQ). Applying the construction repeatedly as needed one is able to carry out the program of E. Galois constructively in terms of commutative and associative algebras with a finite basis over iQ). Of course the structures which are built in this way are not always fields but only rings, but we have learned also how to solve the basic problems (like finding the group of an equation, or factorising a polynomial) with rings rather than with finite field extensions. What does that mean for arithmetics? The basic question of multiplicative algebraic number theory is the following: Given a system I: of algebraic numbers, describe the multiplicative semigroup of the number ring Z[I:] generated by I: and Z in general terms. Are there prime elements, how do the units behave, is it possible to factorize any

220

Maximal order

non-zero divisor into a product of prime factors, is there uniqueness up to the order and equivalence? We have seen already that d'[i] is a unique factorization domain. Its multiplicative structure is quite similar to that of d'. The ring d'[1/2] has the same prime elements 3, 5, 7, II, ... as d', apart from 2 which turns into a unit so that the multiplicative number theory of d'[1/2] becomes a copy of the multiplicative number theory of d' with the exception of one prime element turning into a unit. Note that d'[1/2] has no d'-basis. Similarly, joining an element of the form A/v (A, vER\ {O}) to a factorial ring R the prime elements of R [A/v] also are prime elements of R, but there are a finite number of additional prime elements of R that are non-equivalent among each other in R, but turn into units in R[A/v], We caIl the transition from R to R [A/v] (and its iterations) a localization. It has the effect of possibly diminishing the prime structure of R, and focussing on the multiplicative behavior of the remainder. In general there will be no basis. In terms of the equation ring d'[a f] derived from (1.1 a-c) its multiplicative structure will be enriched upon transition to d'[va f] for any non-zero rational integer v> I. The monic polynomial corresponding to vaf is g(t) = t" + val tn-I + ... + vna n. Those transitions are particularly important for which the coefficients of g(t) are in d'. Suppose a j = bJN j, bjEd', NjEd'> 0, gcd(b j, N j) = I then the necessary and sufficient condition for vajEd' is N Iv where N is the least common multiple of the numbers (Nj)j denoting the largest divisor of N j such that the ith power divides N j (I ~ i ~ n). The d'-equation ring d'[2i] is not a factorial ring because 4 = 2·2 = - 2i·2i and 2, 2i are two non-equivalent primes. But the reason for this behavior is obvious: d'[2i] is properly contained in the equation ring d'[i] where 2 and 2i are equivalent. The defect is remedied by transition to a larger number ring where both of them have a d'-basis with the same number of basis elements. It is left to the reader as an exercise to show that the equation ring d'[( - 5)t] cannot be enlarged into a larger subring of its algebraic background 0«( - W) which still has a d'-basis. But yet there hold the two factorizations 6 = 2·3 = (l + (- W)(I - (- W) with non-equivalent prime elements 2, 3, 1 + (- 5)t, 1 - ( - 5)t. This is because there are no elements of norm 2, 3, in the ring, so that the numbers of norm 4, 9, 6 cannot split any further. This type of non-uniqueness of prime factorization was first dealt with by E. Kummer after French mathematicians had pointed out that in dealing with elements of the equation order R = d'[(p] = d'[t]/(t P - 1 + t P - 2 + ... + l) (p-cydotomic numbers, p a prime number) he could not always assume that a gcd exists in such a way that two products with factors mutually prime to one another are themselves prime to each other. Correspondingly Kummer remedied the defect of his earlier treatment by introducing other algebraic integers for which he stipulated that they are equivalent to gcd's even though

Introduction

221

those are not contained in R. These gcd's are the ideal numbers of R. They form a semigroup with unique factorization. Its prime elements are the ideal prime elements of R. Clearly Kummer's treatment introduces outside elements in order to clarify an internal structural question. Also the construction of the ideal numbers is not unique though the emerging ideal arithmetic of R itself will be unique. For example in the case of 1'[( - 5)1] anyone of the algebraic numbers 21, (- 2)1, ( - 3)1, 6~, ( - 6)t, etc. can be used as an ideal number. In any case one will have 2 ~ 0 10 2 , 3 ~ 0 3 0 4 , I + (- 5)1 ~ 0 1 0 3 , I - (- 5)1 ~ 0 2 0 4 , where 0 1 , O 2 , 0 3 ,0 4 are ideal prime elements. R. Dedekind invented the ideal concept for the same purpose. For example all numbers of 1'[( - 5)1] having the ideal prime divisor 0 1 form a subset of 1'[( - 5)1] which is closed under addition and under multiplication by arbitrary elements of 1'[ ( - 5)t]. In this case it is the set of linear combinations of 2, I + (- 5)1 over 1'[( - 5)1], or as we say with Dedekind, it is the ideal generated by 2 and I + (- 5)1. Dedekind showed that the ideals of 1'[( - 5)1] (more generally of the maximal order of an algebraic number field) behave under multiplication the same way as the rational integers up to equivalence: they form an abelian semigroup with unique prime factorization (up to the order). A number ring with those properties is said to be a Dedekind domain over 1'. Dedekind showed that every algebraic number field (Il(a) contains precisely one Dedekind domain over l' generating (Il(a) in the field-theoretic sense, the maximal order. It so happens that its elements are the algebraic integers. But a true characterization of algebraic integers is arrived at only by localization using the language and the concepts of valuation theory created by Hensel, Kuershak and Ostrowski. Upon localization the true meaning of Eisenstein's ingenious construction of irreducible polynomials became clear: actually he constructed local maximal orders. In another context, viz. the theory of algebraic curves, the algebraic background is a finite extension E of the rational function field F(x) in one variable x over a finite field F. By a suitable choice of the independent variable it is possible to make E a separable extension of F(x) such that E = F(x, y) where y satisfies the irreducible equation y"+aly"-I + ... +a,,=O, with coefficients al, ... ,an in the polynomial ring R = F[x] In x over F. The equation ring Af/R = R[t]/f(t)R[t]=F[x,y] of the monic polynomial n f(t) = t + alt"- I + ... + a" will not be a factorial ring, not even a Dedekind domain. But again there is precisely one subring A of E such that R is contained in A, any two elements of R are equivalent in Aif and only if they are equivalent in R and every ideal i= 0 of A is the product of prime ideals of i\. It consists of all elements that are integral with respect to R i.e. they are zeros of

222

Maximal order

monic polynomials of R [t] in E. In order to find A, quite the same methods are used as in algebraic number theory. Actually the algorithm used in section 6 will do the work for embedding AfiR into A. This example shows that the methods used in algebraic number theory can be usefully generalized. In the example given the residue class rings modulo prime ideals always turn out to be finite. The algorithm developed in section 6 will make essential use of this property which characterizes the so-called global fields. In this chapter we do not follow the historic order of development but we begin in section 2 with the study of the algebraic background which includes quotient ring formation and localization. This is followed in section 3 and section 4 by an intensive study of valuation theory, actually extending beyond the immediate needs of algebraic number theory, responding also to the more complex needs of algebraic geometry (KrulI-Zariski valuations). Only in section 5 are Dedekind domains dealt with, but by local methods so that we are prepared to introduce an efficient algorithm for computing the maximal order of any separable equation ring over Z in its quotient ring in section 6.

4.2. The algebraic background 1. Quotient rings In this section we study the quotient ring. As we remarked already in chapter I the quotient ring O(R) of a commutative ring R containing zero divisors is defined as the unital commutative overring formed by the formal quotients x/v oC any element x of R by any non-zero divisor v of R subject to the rules

x

x'

v

v'

x

x'

- = -¢:>v'x = vx' v'x + vx'

-+-=------:v v' vv'

x x' v v' lO(R)

(2.1 a)

xx' vv" v v

=-,

x , , -=x¢:>vx =X

(2.1 b) (2.1 c)

V

(x, x' E R; v, v' two non-zero divisors of R), such that O(O(R)) = O(R),

O(R 1 Et> R 2 ) = .Q(R 1) Et> .Q(R 2 ),

(2.2)

(2.3)

The algebraic background

N R(O(R)) = O(R) N R(R), O(R)/N R(,Q(R» ~ ,Q(R/N R(R».

223

(2.4) (2.5)

If R is subring of the unital commutative ring I\. containing lA then the canonical monomorphism

I:

R ~ ,0(1\.): aM Textends uniquely to the mono-

morphism t':,Q(R, I\.)~,Q(I\.):~I--+~ of the subring ,Q(R, 1\.) of ,Q(R) formed by

v

those formal quotients

v

~ where aER and VER is a non-zero divisor of 1\.. v

In constructive algebraic number theory we must solve one algebraic equation or a system of finitely many equations in a constructively given commutative ring. The smallest ring available is the ring generated by the coefficients of the equations to be solved. In any case our constructions employ only finitely many algebraic quantities. Moreover, it is usually not easy and often not even necessary to test the irreducibility of the given equations. That is the reason why we pay much attention to finitely generated commutative rings in this presentation.

Lemma

(2.6)

Let I\. be a unital commutative ring with zero nilradical which isfinitely generated over the subring R, an entire ring containing I A such that every non-zero element of R is a non-zero divisor of 1\.. Then we have ,Q(R, 1\.) = O(R), and ,0(1\.) is the algebraic sum offinitely many fields, each of which is isomorphic to a finitely generated extension of ,Q(R). Each component has non-zero intersection with I\.. Proof By assumption I\. =
, . ..

,x.),

where sEl.>o, XI = lA = IR. If s = I then I\. = R, 0(1\.) = O(R). Apply induction over s. If s > 1 then by induction hypothesis applied to the subring

<

I\.' = R; x I

, ... ,

x. - I

)

of I\. we find that r

,0(1\.') =

r

EB ejl\.' ;2 ,Q(R) = EB ej,Q(R), j=

I

j=

I

where e I, ... , er are the finitely many primitive idempotents of ,0(1\.'), such that ejl\.' is a field generated by the projections ejxj (I ~ j < s) over the subfield ej,Q(R) (l ~ i < r).

224

Maximal order

There is the canonical monomorphism

0' :.Q(N, A) -+ .Q(N),

= Xj (1 ~ i < s), O'(A.) = A. (A.E R),

(}'(x j )

and by assumption .Q(R) ~ O'.Q(N, A). Moreover, .Q(A) contains no nilpotent element and there is an element Yj of A for which

oif- yjEej.Q(N). For any polynomial f(t) of N[t] satisfying

f(xs) = 0, we have t

O'f(t) =

L eJ(t). j=

I

All polynomials eJ generate an ideal of ej.Q(N)[t] which is either 0 or it is generated by a polynomial mj(t) of (.Q(N, A)nej.Q(N»[t]. If there is a monic polynomial d of (.Q(N, A)nej.Q(N»[t] properly dividing mj such that mj divides d 2 then we find

m'(t) = mj(Yj- It),

d'(t) = d(Yj- I t)Eej.Q(N) [t]

so that

hence

a contradiction. Hence mj is a square free polynomial of ej.Q(N) [t]. Hence

ej.Q(N) [t]/mj =

E8 Eij = ej.Q(N) [Xs;] ,

j= I

where n,

ej =

L ejj ,

j= I

o if- ejj = e&EEij = eij.Q(N) [eijxsJ, and Eij is a finite extension of ejj.Q(N) (1 ~ j ~ nJ If all polynomials eJ(t) are 0 for some index i then we set nj = 1 and form the rational function field Eil in one variable Xsj over ej.Q(N).

The algebraic background

225

Thus we obtain the algebraic sum T

IIi

E= EB EBEij i= 1 j= I of finitely many fields and a monomorphism (} of A into E which maps t'

X

IIi

on EB EB eij(}(x) i= 1 j= 1

for x of N,

such that E = n(OA).

Moreover, in each case we find a non-zero element Yij of A belonging to Eij'

o Lemma (2.7) The quotient ring of a finitely generated commutative ring A contains only finitely many idempotents. Proof Without loss of generality we assume that A is unital and that A contains no nilpotent elements i= O. By assumption there is an epimorphism 1'/ of the polynomial ring Z[tl,"" t s ] on A for some natural number s. Let m be the least common multiple of the characteristics of I'/(t i), i.e. the orders of the additive groups generated by the I'/(ti)S (l ~ i ~ s). If it is 0 then let m' = 2, if m > 0 then let m' be the product of the distinct prime numbers dividing m. In any case, n(Ajm'A) contains the same number of idem po tents as n(A). Without loss of generality we assume that A is unital with non-zero nil radical and of characteristic a

m'= nPi' i= I where

lJEZ>o

and Pl, ... ,Pa are distinct prime numbers. Hence, a

A = EB(m'!Pi)A, i=1 a

n(A) = EB n«m'!Pi)A), i= I

and (m' !Pi)A i is a finitely generated unital commutative ring of prime characteristic Pi whose quotient ring contains only finitely many idempotents according to lemma (2.6). 0

226

Maximal order

Concerning non-constructive extensions of the quotient ring concept see exercises 1-4 at the end of this section. 2. Localization

The construction (2.1 a) of a ring using a given commutative ring Rand certain elements of R as denominators can be applied to any ring R containing a subsemigroup S of the (multiplicative) semigroup of the center of R. It yields a unital ring R/S, said to be the S-localization of R. Its unit element is (2.8a) and the mapping R cp: R -+-:

S

vx

XI-+--

v

(xER, YES),

(2.8b)

suggested by (2.1 b) is unique. The image ring cp(R) is a subring of R/S such that the elements of cp(S) are non-zero divisors of R/S forming a subsemigroup of the center of R/S. This mapping is injective (monomorphic) if and only if the elements of S are non-zero divisors of R. In that case we consider cp as the canonical embedding of R in R/S, and interpret R/S as an overring of R. For example

R

cp(R)

cp(R) cp(S)

S

cp(S)

cp(S)

(2.8c)

is an overring of cp(S). It is because of (2.8c) that we confine our consideration to localization by means of semigroups of central non-zero divisors. Any ideal a of R generates the ideal

R S

a

R S

(2.9a)

-=0-=-0

S

of R/S such that a+b

0

ob S

0

b

-S-=S+S'

onb

(2.9b)

b

SS' 0

b

--=-n-

S

S S

The algebraic background

227

(a, b any two ideals of R). Conversely, for any ideal 21 of R/S we find that the intersection with R is an ideal of R generating 21 over S:

~(nR

= 21

S

'

(2.9c)

the intersection of 21 with R is the largest ideal of R generating 21 over S. In other words, localization sifts out certain ideals 21 n R of R, the S-ideals in one-to-one correspondence with the ideals of R/S such that the ideal structure in regard to addition, mUltiplication and intersection is preserved. For example for any prime ideal p of any commutative ring R the elements of R not belonging to p form a multiplicative semigroup R\p. It defines a unital overring R/(R\p) by localization precisely if R contains no non-zero divisors and in that case R/(R\p) is an entire ring. This particular localization is said to be the p-localization of R though, of course, the denominators used are precisely those elements of R which do not belong to p. In fact p generates the maximal ideal p/(R\p) of R/(R\p) and this is the only maximal ideal of R/(R\p). This is because the units of R/(R\p) are precisely the elements of R/(R\p) which do not belong to p/(R\p):

I

U(R~P) R~P R~P . =

Definition A ring with only one maximal ideal is said to be a local ring.

(2.9d)

(2.10)

A local domain is characterized as an entire ring with precisely one maximal ideal. It is a ring providing its own localization with respect to its maximal ideal. For example the 2-localization of 7L, i.e. the localization of 7L with respect to the prime ideal 27L is obtained as the ring

7L\~7L of all rational numbers with

odd denominators. The 2-ideals of 7L are the ideals generated by powers of 2 and O. Similarly, for any prime number p of 7L the p-Iocalization of 7L emphasizes the powers of p and 0 among the ideals of 7L. Thus p-Iocalization appears as a tool for detailed aspects ofthe arithmetical structure of 7L. Upon gathering the aspects obtained by many p-Iocalizations we obtain a richer global view of it. For any ideal a of a commutative ring R the elements x of R for which the residue class x/a modulo a represented by x is a non-zero divisor of R/a form a subsemigroup S. of R. The a-localization of R is defined as the ring R/S•. If R is an entire ring then R/S. is a subring of O(R) containing R as a subring. For any non-zero ideal of 7L, say the ideal m7L generated by the natural

Maximal order

228

number m, the m-Iocalization 711S," consists of the rational numbers with denominator prime to m. We have 71IS 1 = 71. For m > 1 there are only finitely many maximal ideals of 71IS,", viz. the principal ideals piS,. where p runs through the prime numbers dividing m.

Definition

(2.11)

A ring with only a finite number of maximal ideals is said to be semilocal. The semi local localizations of 71 and of generalizations of 71 (Dedekind orders) become important in the detailed study of finitely many distinct prime ideals and their interaction. The localization concept extends to modules over rings. Suppose R is a unital commutative ring and M is an R-module, in other words M is a module with a binary multiplication of the elements A of R (scalars) by elements x of M defining the homomorphism

8: R -4 End(M), 8(A)(x)

= AX

(AER, xEM)

of R into the endomorphism ring End(M) with 8(lR) = 1M .

For any subsemigroup S of R the S-Iocalization MIS is the RIS-module formed by the formal quotients X

I

(xEM, AES) with the operational rules

x'

- = -¢>A'x = AX' A A' ' X X ..1.'x + AX' I+ A' = ,1...1.'

(2.12)

JJ. X JJ.X (x,x , EM; JJ.E R ; A, 1 _._=-

VA

VA

l' A,

VE S)

as is easily verified by the reader, who also realizes that the mapping M

¢: M - 4 - : S

vx

C"-"-

(xEM, YES)

(2.13a)

V

provides an additive homomorphism satisfying ¢(AX) =
(AE R, XE M),

(2.13b)

where

VXEM:AX

= O=x = O.

(2. 13 c)

The algebraic background

229

The kernel of 4> is the S-torsion submodule Tor (MjS)

= {xEMI3AES:,h = O},

an R-submodule of M such that 4> lifts to an injective mapping of MjTor(MjS) into (MjTor(MjS))jS so that MjTor(MjS) is S-torsion free. If Mis S-torsion free then the S-R-submodules of M are defined as those R-submodules which are obtained by intersecting an RjS-submodule of MjS with M. They are the largest R-submodules of M among those generating the same RjS-submodule of MjS. They are in I-I-correspondence with the RjS-submodules of MjS such that addition and intersection of modules is preserved. Note also that for any ideal a of R and any R-submodule m of M we have

am

am

S

SS

Exercises I. Let R be a unital commutative ring. An ideal a of R is said to be large (,non-zero divisor ideal') if 0 is the only annihilator of a. For example, R itself is large. Show:

(a) (b) (c) (d) (e)

Any ideal of R containing a large ideal is large. The sum of two large ideals is large. The product of two large ideals is large. The intersection of two large ideals is large. Any ideal of R containing a non-zero divisor of R is large.

2. (Lambek) A partial endomorphism of a unital commutative ring R is defined as a mapping qJ: a --> R of a large ideal a of R into R satisfying qJ(a + b) = qJ(a) + qJ(b), qJ(Aa) = AqJ(a) (a, bEa, AER). For example, the fraction i is associated with the partial endomorphism qJ: 31--> I: 3xI-+ 2x. Two partial endomorph isms qJj:a j --> R (i = 1,2) of R are said to be equivalent, if their restrictions to the intersection of the large ideals a" a 2 coincide: qJ,l a."a2 = qJ21 •• "a2' For example, the partial endomorphisms of 7L associated with the fractions t ~ coincide on 6In9I = lSI. Both are equivalent to 1. Show: (a) The equivalence of partial endomorphisms is reflexive, symmetric, and transitive. (b) If qJ:a-->R, r/!:b-->R are two partial endomorphisms of R, then also the sum qJ+r/!:anb-->R:xl-+qJ(x)+r/!(x) and the product qJr/!:ab-->R:xl-+qJ(r/!(x)) are partial endomorph isms. (c) Both addition and multiplication of partial endomorphisms satisfy the substitutional law so that the equivalence of partial endomorphisms qJj(i = 1,2), r/!j(j = 1,2) implies the equivalence of qJ, + r/!, and qJ2 + r/! 2 as well as of qJ, r/! 1 and qJ2r/!2' (d) The equivalence classes ofthe partial endomorph isms of the unital commutative

230

Maximal order

ring R define a unital commutative ring O(R), the Lambek-U shida quotient ring. (e) There is the canonical monomorphism !: Q(R) --> O(R) subject to !(x/v): vR --> R: VYI-+ xy (xER, v a non-zero divisor of R) of the standard quotient ring Q(R) into the Lambek-Ushida quotient ring. (f) For entire rings R we have Q(R) = O(R). (g) There are unital commutative rings R satisfying Q(R) c O(R). (h) O(O(R» = O(R).

3. Let R be a unital commutative ring and M an R-module. (a) There is the R-module homomorphism '1: M-->Q(R)®RM: ul-+l®u such that Q(R)®RM is a Q(R)-module according to the rule x(y®u) = xy®u (x, YEQ(R), uEM) and Q(R)®RM = Q(R)'1(M). (b) For entire rings R there holds ker'1 = Tor (M/R), where Tor (M/R):= Tor (M/S R) and SR denotes the non-zero divisors of R. (c) If we define Tor (M/R) as ker'1 then Tor ((M/Tor (M/R)/R) = O. 4. (a) Under the assumption of 3. show that there is the R-module homomorphism ij: M -->O(R)®RM: Ul-+ 1 ®u such that O(R)®RM is a Q(R)-module according to the rule x(y®u)=xy®u (x,YEO(R), uEM). (b) ker ij = ker '1.

4.3. Valuation theory I. Pseudo-valuations The mapping of a complex number on its absolute value is a mapping q> of C, the complex number field, into the real number field IR for which q>(a)

~

q>(a) = O¢>a q>(a

(3.1 a) (ll b)

0,

= 0,

± b) ~ q>(a) + q>(b), = q>(a)q>(b),

(3.1 c) (lid) (lie)

q>(ab)

q>(±I)=1

for all complex numbers a, b. The real number field IR provides an example of an algebraically ordered ring which is defined as a ring with a total ordering relation such that

P> 0 => ex + p > 0, ex > 0 /\ P> 0 => exp > 0,

(3.2a)

ex > 0 /\

if (X "# 0, and if not ex>

(X

> 0 then -

(3.2b) (X

> 0,

P¢>ex - p > 0 for all elements ex, p of <1>.

(l2c) (l2d)

231

Valuation theory

Definition (3.3) The mapping cP of any unital ring R into the algebraically ordered unital ring $ satisfying (3.1 aH3.lc), (3.1e) for a, b of R and the generalization cp{ab) ~ cp(a)cp(b) (a, bE R)

(3.3a)

is said to be a pseudo-valuation of R in $. The pseudo-valuation is said to be multiplicative or just a valuation if (3.1d) is satisfied for a, b of R. For example, the rational number field 0 is algebraically ordered according to the rule a a' -b > -~abb'2 > a'b'b 2 (a , a' "b b' ElL ,0r ~ bb') . b'

(3.4)

For any prime number p we have the p-adic valuation

pVa CPp:O ~ O"o:bl-+ p-v

(vElL; a, bElL, pfab).

o 1-+0 Similarly we have for any composite natural number n the non-multiplicative n-adic valuation:

CPn: O~O"o, cpn(n;a)=n-

V

(vElL;a,bEZ, nfa,gcd(b,n) = 1),

CPn(O) = O. It is a pseudo-valuation but no valuation. The pseudo-valuations satisfy the rule

cp(a + b) ~ max (cp(a), cp(b»,

= CPn (3.5)

which implies the triangle inequality (3.1 c). Pseudo-valuations cP satisfying (3.5) are said to be non-archimedean. On the other hand the ordinary absolute value valuation (3.6)

does not satisfy the stronger condition (3.5). It is said to be archimedean. 2. Algebraically ordered rings and semirings Let us now study the pseudo-valuations for the purpose of embedding orders into maximal orders. Firstly we observe that only the non-negative elements $,,0 of $ occur as values of the valuation function cp.

Maximal order

232

They form an algebraically ordered semiring as is implied by the following definitions.

Definition (3.7) A semiring is defined as a set with two associative binary operations, addition and multiplication, linked by the two distributive laws

a(b + c) = ab + ac, (b + c)a = ba + ca. For example, the natural numbers form a semiring.

Definition (3.8) A total order relation on a semiring S is said to be an algebraic ordering if it satisfies the rules (3.8a)

and rx

> fl

I",

> 0 ~rxy + flO > fly + rxO for all rx, fl, y, 0 of S.

(3.8b)

The reader will find it an easy exercise to deduce (3.8a), (3.8b) from (3.2a-d). On the other hand we note that addition in a semi ring need not be commutative. Let us show that algebraically ordered semirings have commutative addition. Certainly both cancellation laws of addition are satisfied:

y + a = y + fl~a = fl, a + y = fl + y~a = fl·

(3.9a) (3.9b)

This is because of (3.8a) and the trichotomy of total ordering which means that for any two elements a, fl of a totally ordered set one and only one of the 3 relations: rx > fl, fl > rx, rx = fl takes place. But in a semi ring S satisfying both cancellation laws of addition the elements of S2 commute under addition since (rx

+ fl)(y + b) = (rx + fl)y + (rx + fl)b = rxy + fly + rxb + flb = a(y + 0) + fl(y + b) = ay + aO + fly + flO

implies upon cancellation of rxy on the left, flO on the right that

fly + rxO = rxO + fly· If an algebraically ordered semiring S contains a neutral element n of addition (zero element) at all then n is characterized by the equation n + n = n. Indeed, if n+n=n then we have n+n+rx=n+rx, rx+n+n=a+n by uniqueness and n + a = a, rx + n = rx by the cancellation laws of addition. Conversely anyone of the equations n + a = a, rx + n = rx implies the equation

n + n = n. For an algebraically ordered semiring S we also have the cancellation

233

Valuation theory

laws of multiplication

all = ay = fJ

y

(3.9c)

= ya=fJ = y

(3.9d)

=

and

fJa

for three elements a, fJ, y of S for which a + a #- a. Indeed, if IY. + a > a, fJ> y then (a + a)fJ + ay > a{3 + (a + a)y by (3.Sb), hence a{3 + afJ + ay > afJ + ay + ay and upon cancellation of a{3 on the left, ay on the right afJ> ay. Similarly we conclude that a{3 < ay from a > a + a, (3 > y. There is just one semiring with one element only, the null ring. In an algebraically ordered semiring S which is not a null ring the addition is commutative because there is an element a of S for which a + a #- a. For any two elements fJ, y of S we derive from the commutativity afJ + 'Y.y = ay + afJ for the addition of the products afJ, lY.y upon cancellation by a on the left the commutative rule fJ + y = y + fJ· A semiring S with commutative law of addition and the cancellation laws of addition also is said to be a half-ring. This is because it is embedded into the ring = S - S formed by the formal difference elements a - fJ(a, fJES) subject to the operational rules:

a - {3 = y - (j=a + (j = fJ + y, (a - fJ) + (y - (j) = (a + y) - (fJ + (j), (a - fJ)(y - (j) = (ay + (3(j) - (a(j + fJy), a - {3 = y-¢>a = {3 + y (a, (3, y, (jES).

(3.10a) (3. lOb)

(3.IOc) (3.IOd)

The ring properties of and the embedding of S in may be verified by the reader without difficulty. Note that (a - fJ) + {3 = a as it should be in a ring. The algebraic ordering of an algebraically ordered semi ring S extends to a total ordering of S-S upon defining

a - {3 > y - (j-¢>a

+ (j > fJ + y (a, fJ, y,

(jES)

(3.lla)

and verifying that

a - {3 > y - (j and a - fJ = a' - Il', implies that a' - {3' > y' - S,

y - (j = y' - (j'

(3.11 b)

and that (3.l1c) (0(,0(', {3, {3', y, y', (j, (j', e, y/ES).

It is left to the reader to verify that the total ordering of S-S provided by (3.lla) satisfies the rules (3.2a-d) for an algebraic ordering of S-S extending the algebraic ordering of S. Indeed this is the only way to do so because for an algebraic ordering of S-S any time we have 0( - fJ > y - (j (0(, {3, y, (jES) we gather upon addition of {3 + (j on both sides that a + (j > y + {3 = fJ + y.

234

Maximal order

Note that in any algebraically ordered ring <1>, the positive elements, i.e. the elements> 0, form an algebraically ordered semi ring <1»0 = {xElx > O}, which generates = <1»0 - <1»0 as described above. Also note that the squares of non-zero elements and their sums are positive. If the square sums of the non-zero elements of a ring form a half-ring S with the property that is the disjoint union of S, 0, - S then S is the positivity half-ring of a totally ordering relation of that is uniquely determined by itself. For example Z>O consists of the sums of 1 = 12 so that there is only one algebraic ordering of the rational integer ring. Similarly IR> 0 consists of the squares of non-zero real numbers so that there is only one algebraic ordering of the real number field IR. The null ring is embedded into the algebraically ordered ring Z. Any other algebraically ordered ring R is embedded into the unital algebraically ordered ring R EB Z formed by the formal sums x EB A(xER, AEZ) with operational rules

= yEBIl¢>VIXER: (x - Y)IX = IX(X (xEB2) + (yEBI1) = (x + y)EB(2 + 11), (x EB A)(y EB 11) = (xy + AY + Ilx) EB All XEBA

y)

= (11- 2)1X,

(3.12a) (3.l2b) (3.12c)

x EB 2> 0¢>3IXER: IX> 01\ XIX> - AIX

(x, YER; A, IlEZ) (3.l2d)

as may be verified by the reader. Thus it comes that in valuation theory the values are taken from a unital algebraically ordered ring though not all elements of occur as values. We remark that values itself multiplicatively by the absolute valuation

IIXI

={ ~ -IX

if IX> 0 if IX=O (IXE IX

(3.13)

in as much as lal~O,

lal = O¢>a = 0, la + hi ~ lal + Ihl, labl = lal'lbl, I ± 11 = 1 (a, bE is defined by if IX> 0 0 if IX = 0 - 1 if 0> IX. I

sign (IX) = {

(3.l4a)

It is multiplicative: sign(lXfJ) = sign (IX) sign (P)

(IX,PE
(3. 14b)

235

Valuation theory

3. General remarks on pseudo-valuations The restnctIon (3.1 b) on pseudo-valuations is merely for the sake of convenience in as much as for a generalized pseudo-valuation, i.e. a mapping q> of R into $ satisfying merely (3.1 a), (3.lc), (3.ld), (3.le), all elements of R with q>value zero form an ideal J(q>,O) of R such that the mapping

if>: R/ J (q>, 0) -. $:a/J( q>, defines a pseudo-valuation if> on R/ J (q>, 0).

0) 1-+ q>(a)

The strength of valuation theory rests in the fact that it provides an evaluation of complex algebraic structures like those provided by the algebraic structure of a ring R by means of a totally ordered structure like the algebraically ordered unital ring $. Therefore we say that two pseudo-valuations of R, say q> in $, q>' in $', are equivalent if q>(a) > q>(b)=-q>'(a) > q>'(b)

(a, bER).

This equivalence relation between pseudo-valuations is reflexive, symmetric, and transitive. For example the n-adic pseudo-valuation q>n of 0 (nEil> I) is equivalent to anyone of the pseudo-valuations q>:0 -. ~:Xl-+ q>,,(x)fl

with positive exponent p. The strength of our particular choice of q>p (p a prime number) and of q>oo rests in the product formula

n q>p(x) = 1

(0 =f. XEO),

(3.15)

p

where the product on the left extends over all prime numbers p as well as over 00. Moreover, for each x only a finite number of factors is not 1. The product is taken only over those factors. The product formula is an elegant equivalent to the fundamental theorem of number theory. It suggests to look at q>oo, i.e. the absolute value valuation of 0, as of the infinite prime Poo of 0. As this example shows, valuation theory provides for a proper analysis of the complexities of an algebraic structure by considering many valuations. The non-archimedean valuations of a division ring ( = skew field) which are also called Krull valuations have their values only in a multiplicative group and in O. The restriction of an algebraic ordering of a unital ring $ to a subgroup G of the unit group of $ establishes an algebraic ordering of G. It is a total ordering of G subject to the rules 0:>1, P>I~o:p>l, 0:> 1~~o:CI > 1,

(3.16a) (3.16b)

Maximal order

236

IXEG,

IX:j> I,

IX:f.: I =IX- 1 > I,

IX>P~IXp-I>1

(IX,P,~EG).

(116c) (116d)

Conversely, if a group G contains a subset G> 1 satisfying (3.16a-c) then by means of (3.16d) a total ordering of G is established that is extended to an algebraic ordering of the group ring ~G by defining

L A(g)g > 0~(3goEG:A(go) > 0/\ (VgEG:g > go=A(g) = 0».

(3.16e)

geG

It follows that the total ordering of G determined by means of (3.16d) is an algebraic ordering of G. This brief excursion shows that even in case the non-zero values belong to an algebraically ordered group it is still acceptable to speak of a valuation into an algebraically ordered unital ring.

For any non-archimedean pseudo-valuation cp:R -+<1>

(3. t 7a)

of the unital ring R we have the modules /(cp,p)

= {xERlcp(x) ~ p}.

(3.17b)

of R defined for each p of <1>"0. They are said to be the valuation modules corresponding to cp and they have the properties /(cp,p)£;J(cp,p')

ifO~p~p',

/(cp, p)/(cp, p') £; /(cp, pp') (p, p' E<1>"o), J(cp, 0)

= 0,

(3.l7c) (3.17d) (3.l7e)

U

J(cp,p)=R,

(1 t 70

pe~O

(117g) The valuation module J(cp, I) is a ring said to be the valuation ring of cpo Conversely, if J(p) are submodules of R defined for each element p of <1>,,0 and subject to the conditions (117c-f) with /(p) in place of /(cp, p) then there is the non-archimedean pseudo-valuation (117a) defined by (3.l7g) so that J(p) = J(cp, p) (pE<1>"o). From now on we simply speak of , valuations' in place of ' non-arc hi medean pseudo-valuations'.

4. Extending valuations I A central problem of valuation theory is the task of extending a given valuation (3.17a) of R to a valuation of a given unital overring A. If 1R can be extended to an R-basis B of A such that cxb j = bjlX bjbj

= L

bkeB

(IXER, bjEB),

Yjjkbk

(YjjkEC(R»,

(3.18a) (3.18b)

Valuation theory

237

ljj(bjb j ) ~ ljj(bj)ljj(b j ) (b i , bjEB),

(3.ISc)

then we have the inequalities

ljj(bibj ) ~ max {CP(Yijk)ljj(bdlbkEB}

(3.ISd)

(b i , bjEB),

for every valuation (3.ISe)

ljj:A-+

of A extending cp. Suppose now, we can solve the inequalities max {CP(Yijk)Kb.lbkEB} ~ Kb,K bj (b i , bjEB)

(3.ISf)

by positive constants K b,E (biE B) subject to K 1 = I,

(3.ISg)

then we define an extension ljj of cP to A by setting ljj(

L ~kbk):=maX{cp(~k)Kb.lbkEB}

(3.ISh)

b.eB

(~kER, ~k

= 0 for all but a finite number of bd. If B is finite, then (lISf, g) are always solvable, viz.: K1=1,

Kb.=max{cp(Yijk)lbj,bjEB}

(l:l=bkEB).

(3.ISi)

The extensions ljj obtained in this way satisfy the rule (3.ISj) which characterizes the normalized bases of A over R. Of course, in general, it can happen that A has no normalized R-basis. The advantage offered by a normalized R-basis B of A is the possibility of defining the product valuation ljj'®Rljj:A' ®RA -+<1>

(3.19a)

of the tensor product R-ring A' ® RA for two unital R-rings A, A' with valuations ljj, ljj' extending cP, respectively. It has the properties ljj'®Rljj(X'®X)~ljj'(X')ljj(X)

ljj' ® Rljj(y' ® y) = cp(y')cp(y)

(X'EA', xEA),

(3.19b)

(y, y' E R),

(3.19c)

ljj' ® Rljj is maximal among the generalized valuations of

(3.19d)

A'®RA satisfying (3.19b,c).

Indeed, every element z of A' ® R A is uniquely presented in the form z=

L x~ ® b

k

(X~EA', x~ = 0 for all but a finite number of bk ).

(3.1ge)

b.eB

Then (119b-d) are satisfied by setting ljj' ® Rljj(z) = max {ljj'(X~)ljj(bk)1 bk E B}.

(3.19f)

Maximal order

238

We observe that for any system S of generalized valuations cp: X unital ring X in also the maximized mapping

~

of a

(3.19g) is a generalized valuation of X in provided that the maximum exists for all XEX. For example, the possibility of defining i[>' ® Ri[> in general depends on the conditions (i) IA,®p=O=>p=O for all pER, (ii) the existence of some generalized valuation satisfying (3. 19c), (iii) the existence of the maximization demanded by (3.19d). Before we continue to discuss the extension problem a few simple remarks on valuations cp of R are in order. cp( - a) = cp(a)

(3.20a)

(aER),

For any two elements a, b of R we know that cp(a

± b) ~ max (cp(a), cp(b)).

However, if cp(a) i= cp(b) then we know more precisely cp(a

± b) = max (cp(a), cp(b)).

(3.20b)

Indeed, for cp(a) < cp(b) we obtain cp(a

± b) ~ cp(b) = cp«b ± a) =+= a) ~ max (cp(b ± a), cp( =+= a)) = cp(a ± b),

Furthermore, if ab

= IR then we have 1 = cp(1 R) = cp(ab) ~ cp(a)cp(b).

If cp(a)cp(b) = I then we have for every element x of R cp(x)

= cp(x ab) ~

cp(xa)cp(b) ~ cp(x)cp(a)cp(b)

= cp(x),

hence cp(xa)

= cp(x)cp(a).

(3.20c)

cp(bx)

= cp(b)cp(x).

(3.20d)

Similarly, The unit a of R is said to be a cp-unit if cp(a)cp(a - 1) = cp(a - 1)cp(a) = I.

For cp-units a we have

= cp(a)-l, cp(ax) = cp(a)cp(x),

cp(a- 1 )

cp(xa)

= cp(x)cp(a)

(XE R).

The cp-units form a subgroup of the unit group of R. Similarly, we see that the elements a, b of R satisfying (3.20c, d) for all x of R form unital semigroups (of right cp-multipliers, left-cp-multipliers).

Valuation theory

239

The pseudo-valuation qJ is multiplicative if and only if every element of R is a right-qJ-multiplier (Ieft-qJ-multiplier). This implies the condition that

J(qJ, p)J(qJ, a) = J(qJ, pa)

(3.20e)

for any two p, a of n qJ(R), though the converse need not hold. If R is a division ring then the valuation qJ of R is multiplicative (a Krull valuation) if and only if

qJ(R\ {O}) £ U(
J(qJ,I). Lemma (3.21) A subring Ro of a division ring R is a valuation ring of a Krull valuation (Krull valuation ring) of R precisely if l R ER o, if Ro is invariant under transformation by non-zero elements of R (~Ro~ - I £ Ro V~ER, ~ "# 0), and if Ro contains the inverse of any element of R that does not belong to Ro. Proof ring J(qJ, \) clearly has those 3 properties. b of R are said to be Ro-equivalent if either both are zero or both are non-zero with ab - I, ba - I in Ro. This equivalence is reflexive because for a"# we have aa- I = IRERo. It is obviously symmetric and it is transitive because for any three non-zero elements a, b, c of R with ab- I, ba- I, be-I, cb- I in Ro we have ac- I =ab-l·bc-IER o, ca- I = cb-l·ba-1ER o· "=>"

Any

valuation

"<=" Two elements a,

°

Ro-equivalence also is multiplicative because for any four non-zero elements a,b,c,d of R with ab- I, ba- I, cd-I, dc- I in Ro we have

(ac)( bd) - I

=

acr I b -

I

= a(cd-l)a-I'ab-IER o, (bd)(ac)-I = bdc-Ia- I = b(dc-I)b-I'ba- I ERo· It follows that the non-zero Ro-equivalence classes form a group G. The group G is totally ordered by defining the Ro-equivalence class of a to be greater than the Ro-equivalence class of b if ab - I is in Ro. Indeed, if a "#0, b"#O, ab-IER o, a'"#O, b'"#O, aa'-I, a'a- I, bb'-I, b'b-IER o then we have a'b,-I =a'a-I'ab-I'bb'-IER o, so that the order definition depends only on Ro-equivalence classes, not merely on the individual elements.

240

Maximal order

For any two non-zero elements a,b of R we have either ab-1eR o, or ab-1¢Ro, ba- 1 =(ab-1)-leR o by assumption. Thus, for any two elements ex, p of G one and only one of the 3 relations P> ex, ex = p, ex > p takes place. And if p > ex, y> p then we have for the representatives a, b, e of ex, p, y in R that ab-1ER o, ba-1¢Ro, be-leR o, eb-1¢Ro, hence ae- 1 =ab-1'be-leR o'

If ea - 1 is in R o then also

eb - 1 = ea - 1 • ab - 1 is in Ro, a contradiction. Hence ea- 1¢R o' It follows that y > ex. G is totally ordered. Let us show that G also is algebraically ordered. If ex> p then we have for the representatives a, b of ex, p in R the relations ba-1eRo,ab-1¢Ro,sothatexp-l> I.Conversely,ifexp-1 > l,thenba-1eR o, ex> p. If ex> 1 and if a, x are representatives of the Ro-equivalence classes ex, ~ in R then we have a-IeRo, xa-1x- 1 =(xax-I)-leR o, ~exCI > 1. If ex > I, P> 1 then we have for the representatives a, b of ex, p in R that

a¢Ro,

a-IeRo,

b¢Ro,

b-1eR o

hence b-1a-1eR o' If abeRo then a=ab'b-1eR o, a contradiction. Hence ab¢Ro, exp > 1. We extend the algebraic ordering ofG to an algebraic ordering of $ = ZG, the group ring of G. If follows that there is the multiplicative valuation

qJ: R -4$, defined by

qJ(O) = 0,

qJ(a) = ex

(0 =I- aeR, ex the Ro-equivalence class of a),

and that R o = I(qJ, I). We remember that any algebraically ordered group can be embedded into an algebraically ordered ring so that qJ also can be interpreted as a pseudo-valuation in the former sense. 0 Let us remark that any valuation qJ of a ring R in $ for which

qJ(C(R» ~ C(U($»u to} is extended uniquely to a valuation by setting

(3.22a)

iP of the central quotient ring .Q(R) of R

iP(;) = qJ(x)qJ(V)-1

(3.22b)

for the formal quotient of the element x of R and the non-zero divisor v of R belonging to C(R). The reader verifies quickly that (3.22b) indeed is unique either way and that the rules for a valuation· iP of .Q(R) extending qJ are satisfied.

241

Valuation theory

Similarly it is shown t,hat any algebraic ordering of a ring $ is extended uniquely to an algebraic ordering of the central quotient ring .0($) upon defining

x

X'

V

v'

->-~

vv

I

,

,

2X >V'V X

for any two formal quotients x/v, x'/v' of elements x, x' of $ by non-zero elements v, v' of C($). We observe that $ is an entire ring in case $ is unital commutative and that .0($) is a field. If $ is an algebraically ordered field then the non-zero elements of $ form a commutative algebraically ordered group. Furthermore, we remark that the valuation ring l(cp,l) of a field R with a multiplicative valuation

cp: R--.$ is a local entire ring. Its single maximal ideal m is the union of the valuation modules I(cp,p) with pE$"on$
=

U

(3.23)

I(cp,p).

pE"On< 1

Lemma (Chevalley) (3.24) For any field A., any subring R of A. containing lA and any prime ideal p of R there is a Krull valuation ring of A. with maximal ideal intersecting R in p.

Proof Without loss of generality we may assume already that R is a local entire ring. Indeed, any Krull valuation ring of A. with maximal ideal intersecting R/(R\p) in p/(R\p) has the property that its maximal ideal intersects R in p. According to Zorn's Lemma there is a largest overring I of R among the overrings I' of R in A. with the property that pI' does not contain 1. Hence, the ideal pI of the unital ring I is contained in a maximal ideal ~ of I. Because of ~

I

1¢ ~ = In 1\ ~ 2 In p 1\ ~ it follows from the maximal property of I that I = ~~. Hence, I is a local ring I with ~ as its single maximal ideal. We want to show that I is a Krull valuation ring of A.. If that is not true then there is an element x of A. such that neither x nor X-I is contained in I. Hence, the overring I[x] of I is larger than I yielding 1E~/[x], 1=

-

m

L ajx i j=O

(mEZ>o; ajE~, 0 ~ i ~ m).

(3.25)

Maximal order

242

Among the elements x' EA with x', x' - I ¢I there is one, say x, for which the value of m in (3.25) is minimal. It follows that am #- 0, 1 + ao == 1 mod ~ and therefore m

(I+ao)-IEI,I+ Lbixi=O (bi:=ai(l+ao)-IE~,l~i~m), i~

I

m

(x-I)m + L bi(x-I)m-i = 0, i~

I[X-I] =

I

m-l

L lX-i.

i~O

By assumption we have x-I¢I, hence ~/[x-i]31,

m-I

IE L ~/X-i, i~O

m-I

1 = L CiX- i

(CiE~,O ~ i

< m).

i~O

Now the minimal property of m yields the contradiction (X-I)-I = xEI. Hence, I is a Krull valuation ring of A with maximal ideal ~ intersecting the given subring R in p. 0

Corollary

(3.26)

For any unital commutative ring A andfor any subring R31 A with prime ideal p there is a generalized valuation ring of A with maximal ideal intersecting R in p. Proof By Zorn's Lemma there is a largest ideal a among all ideals of A intersecting R in the ideal contained in p. If a is not a prime ideal then there exist two ideals al> O2 of A for which a c ai' a c a2, a l a2 s; a, hence (a l n R)(a 2n R) s; anRs;p. Since p is a prime ideal either alnRs;p or a2nRs;p, a contradiction to the maximality of a. Therefore Ria is a unital subring of the entire ring Ala and pia is a prime ideal of Ria. An application of Lemma (3.24) to .Q(A/a), Ria, pia yields a Krull valuation of .Q(Aja) with values < I on pia but with value I on Rla\p/a. Upon restriction of that Krull valuation to Ala we find a valuation with pia equalling the union of all proper valuation ideals of Ria. Hence, there is a generalized valuation of A with R in its valuation ring and with p as the intersection of R and the union of the proper valuation ideals of A. 0

5. Divisible groups Suppose we want to extend a valuation cp of the field R to a valuation ip of the extension A of R which is generated by a solution of the pure equation xn = aER. This is possible only if there is a solution of the equation = cp(a) in $.

"n

Valuation theory

243

Definition (3.27) A group G is said to be divisible if the equation 'In = lX is solvable by 'lEG for any given lXEG, nEI~J. For example, the multiplicative group of IR (respectively IC) is divisible. The positive real numbers IR> 0 form a uniquely divisible commutative group. The same is true for the additive group of a as well as of any field of zero characteristic. (3.28) Lemma Any commutative group G without elements #- 1 of finite order (torsion free abelian group) has a unique torsion-free divisible commutative overgroup G1/ N formed by all symbols ar (aEG, rEO) subject to the operational rules

The proof is left as an easy exercise to the reader. Any algebraically ordered commutative group G is torsion-free. The algebraic ordering of G is uniquely extendable to an algebraic ordering of G1/ N by defining

aP/q >

bP'/q':~apq'

> bP'q (a, bEG; p,p'EZ; q, q'EN).

(3.29)

It will be shown in the next subsection that for any algebraically ordered field $ there is an algebraically ordered extension with divisible positivity group. At any rate, any valuation

O)I/N) of R in terms of an algebraically ordered field such that the non-zero values of
<

Theorem (Chevalley) (3.30) Any Krull valuation
244

Maximal order

ordered field with divisible multiplicative group can be extended to a Krull valuation of A in <1>. Proof Among the extensions A" of R in A with a multiplicative valuation cp" in extending cp there is a maximal one, say N with mUltiplicative valuation cp': N -+<1> such that CP'IR = cp, by Zorn's Lemma. If there is an element x of A such that N[x] is a polynomial ring in x over N then cp' can be extended to the multiplicative valuation m

cp*: A,[x] -+ <1>:

L aixi i=O

1-+

max cp'(a i), O~i~m

and cp* extends uniquely to a multiplicative valuation of the subfield N(x) = .Q(N[x]) of A, contradicting the maximal property of N. So, if there is xEA \N, then x satisfies an equationf(x) = 0, wheref(t)EA'[t] is irreducible of degree n > 1. By Lemma (3.24) there is a Krull valuation ring I of N(x) with maximal ideal I.l3 intersecting N in the maximal ideal p=

U

I(cp',p)

of/(cp', 1).

PE"';'O"",< I

Hence, the I-equivalence classes of N(x) form a totally ordered group G with the property that the subgroup G' of those equivalence classes represented by the elements of N\{O} is isomorphic to the algebraically ordered group cp'(N\{O}). Here the isomorphism 0 preserves the ordering. Replacing each element of G' by its B-image in cp'(N\{O}) we obtain a new totally ordered group G isomorphic to the totally ordered group of the I-equivalence classes of N(x) so that each non-zero element Y is valued by an element cp(y) of G and cplA'\{o} = cp'IA,\{o}' We set cp(O) = O. We want to show that the index of cp'(N\{O}) in G is finite. Indeed, for any finite number of cosets of G modulo cp'(N\{O}) we have representatives, say (XI' (X2" '" (xs and elements YI' Y2"'" YsEN(x), satisfying CP(Yi) = (Xi (1 ~ i ~s). If a linear relation, 'LI= I a/y/ = 0 (a/EN; 1 ~ i ~ s), holds, then the non-zero terms aiYi lead to distinct cosets cp(aiy/) modulo cp'(N\{O}). Hence, the non-zero values cp(a/y/) are all distinct. If there is one at all, then we have CP(I:I= la/y/) = max • .;;.;scp(aiy/) #0. But this is a contradiction to 0= cp(O) = cp('L:= I a/y/). It follows that 0 = a l = a2 = ... = as so that Yt, .. ·, Ys are linearly independent over N, hence s ~ [N(x): N] = n. Therefore the index (G: cp'(N\{O})) is finite. Because of the divisibility property of the abelian group <1»0 it follows that the identity mapping of cp'(N\{O}) can be uniquely extended to an order preserving isomorphism t/I of G on an overgroup G of cp'(N\{O}) in <1»0. Hence, we have the Krull valuation with
Valuation theory

245

It follows that A = A' so that qJ' is an extension of lfJ to a Krull valuation

0

~A

From now on we only discuss non-archimedean valuations. (3.31 )

Corollary Any generalized valuation lfJ: R-+~

(3.31a)

of the subring R 31/\ of the unital commutative ring A with values in the algebraically ordered field ~ with divisible group ~> 0 can be extended to a generalized valuation of A in ~ provided that the necessary condition

(3.31b)

l(lfJ,O)AnR = l(lfJ, 0)

is satisfied. Proof As in the proof of (3.26) we form a prime ideal a of A which intersects R in the prime ideal l(lfJ, 0). This is possible under the premise of (3.31 b). We observe that l(lfJ, 0) is contained in the prime ideal P",:= Upe4>;>o'''I><.J(lfJ,p) of R. Hence, R/a is a subring of the entire ring A/a which contains both l~a and the prime ideal PIP/a. Moreover, the valuation lfJ': R/a -+~: x/a 1-+ lfJ(x) can be uniquely extended to a Krull valuation lfJ" of the subfield O(R/a) of O(A/a). According to theorem (3.30) lfJ" can be extended to a Krull valuation ip of O(A/a) in ~. Hence, q;: A -+~: x 1-+ ip(x/a) is a generalized valuation of A 0 extending lfJ·

7. Integral closure Definition (3.32) Let A be a unital commutative overring of the ring R. The intersection of all generalized multiplicative valuation rings of A containing R is said to be the integral closure of R in A; it is an overring ofR in A which we denote by CI(R, A). The definition implies that CI(R, A) is its own integral closure in A: CI(CI(R, A), A) = CI(R, A).

(3.33a)

A)sCI(R 2 ,A) forR , sR 2 sA, " Cl(R,A , ) sCI(R,A 2 ) for R S AI S A 2 ,

(3.33b)

Moreover, we note that CI(R

CI(R/~, A/~);;2 CI(R, A)/~

CI(R, $R 2 ,A I $A 2 )

for any proper ideal

= CI(R "

(3.33c) ~

A , )$CI(R 2 ,A 2 )

for unital overrings Aj of Rj (i = 1,2).

of A,

(3.33d) (3.33e)

246

Maximal order

(3.34) Definition The unital commutative ring R is said to be integrally closed, if it coincides with its integral closure relative to its quotient ring: R = CI(R, O(R».

We observe that CI(R,O(R)) is always integrally closed.

Definition (3.35) Let A be a unital overring of the ring R. An element x of A is said to be integral over R, if x satisfies a monic algebraic equation over R:

xn +

n

L ajx"-j = 0

j= 1

(nEZ>o; ajER, I ~ i ~ n).

(3.35a)

For example, the Gaussian integers are integral over Z. In fact, they are the only elements of iQ(i) which are integral over Z. The elements of an extension E of iQ which are integral over Z are also called the algebraic integers of E. We denote them by 0E'

Lemma Every integral element of A over R belongs to CI(R, A).

(3.36)

Proof Let xEA and (3.35a) be satisfied. Then for any generalized multiplicative valuation cp: A -+ of A containing R in its valuation ring we have cp(x") = cp(x)" = cp( -

.f. ajx"-j) ~ max cp(ajx"-j) 1=

1

l~'~"

= max cp(aJcp(x)"-j ~ max cp(x)"-j hence cp(x) ~ I, i.e. xEI(cp, I).

o

Lemma (3.37) If A is an entire ring, then every element ofCI(R,A) is integral over R.

Proof Let x be an element of CI(R, A). By assumption x belongs to the valuation ring of every generalized multiplicative valuation of A for which R is contained in its valuation ring. Any Krull valuation of O(A) containing R in its valuation ring restricts on A to a valuation containing R in its valuation ring. If x = 0, then x is integral over R. If there exists an equality 1=-2:r=lajx-j (mEZ>o; ajER, l~i~m; am:FO), then we obtain xm + 2:r= lajXm-i = 0 and x is integral over R, too. Finally, we assume that 2:~ 1Rx - i is a proper ideal of the overring R [x - 1] of R in O(A). It is

Valuation theory

247

contained in a maximal ideal m ::lX-I. By theorem (3.24) there is a Krull valuation cp of .Q(A) with maximal ideal of its valuation ring intersecting R[x - I] in m. Since the valuation ring of cp contains R[x - I] (and therefore R) it follows that cp(x - I) < 1. On the other hand our construction yields cp(x- I ) = cp(xr I ~ 1, a contradiction. D Exercise 9 shows that not every element of the integral closure of R in the unital overring A needs to be integral over R. However, if the ring R is finitely generated that property can be shown using (2.6) and the preceding theory. Thus we can characterize the elements of A which are integral over R as those elements of A which belong to the integral closure in A of some finitely generated subring of R containing 1A' Thereby, of course, we establish the ring property of the elements of A which are integral over R. The following constructive confirmation is sufficient for our purposes.

Kronecker's criterion An element x of A is integral ovel' R, elements WI'" . ,w" of A such that

(3.38)

if and only if there are finitely many

(i) there hold equations xW k

" ~ikWj =L I

(1 ~ k ~ n; ~jkER),

(3.39a)

j=

(ii) for given YEA the equations (3.39b)

imply that y = o. Proof If XEA is an integral element over R, there holds an equation (3.35a). Then the elements Wj:= x j - I (1 ~ i ~ n) of A satisfy (3.39a, b). Conversely, if x satisfies Kronecker's conditions (3.39a, b), then there holds the matrix equation (xI,,-(~jk))m=O for m=(wl, ... ,Wn)'EA"xl. This yields det(xln - (~jk))Wk = 0 (1 ~ k ~ n), hence det(xI. - (~jk)) = 0 because of (3.39b). Therefore x is a zero of the characteristic polynomial of the matrix (~ik) and because of (3.35) an integral element of A over

R.

D

If (Xi (i = 1,2) are elements of A satisfying monic equations of degree nj over R, then the application of (3.39) to the nln z elements W., .• 2:= (Xl'(X~2 (0 ~ Vj < nj; i = 1,2) yields equations of degree n l n z for (XI ± (Xz, (XI (Xz. Moreover, the integral elements of A over R are closed in the sense that every element x of A satisfying a monic equation x· + blx n - I + .. , + bn = 0

248

Maximal order

with coefficients biEA(1 bi; + ai,bi;-!

~

i ~ n) satisfying monic equations

+ ... + a = 0 j

'"I

(aikER, 1 ~ k ~ m i; m/EZ>o, 1 ~ i ~ n)

over R satisfies itself a monic equation of degree nm\· ... ·m. over R according to an application of Kronecker's criterion to the elements xVa! v, .... 'a:" (0 ~ v < n; 0 ~ Vi < mj, 1 ~ i ~ n). 8. Exponential valuations and rank

(3.40)

Definition. A mapping '1: R --+ M u { oo}

(3.40a)

of a unital ring R into an algebraically ordered additive group M is called an exponential valuation if it satisfies '1(x) =

oo~x =

(3.40b)

0,

+ Y) ~ min ('1(x), '1(Y)), '1(xy) ~ '1(x) + '1(y), '1( ± I) = 0 (x, YER). '1(x

(3.40c) (3.40d) (3.40e)

We observe that the valuation ring of '1 is 1('1,0)= {xERI'1(x)~O} with corresponding maximal ideal 1('1, > 0) = p~ = {xERI'1(x) > O}. For example, let Ro be a unital commutative ring, then the mapping '1: Ro[t]--+Zu{ - oo}: f(t)f-+ -deg(f) is an exponential valuation, the socalled degree valuation. Since an algebraically ordered additive group is just an algebraically ordered group with addition as binary operation, exponential valuations are special non-archimedean valuations. All that we require for interpreting a non-archimedean valuation in an algebraically ordered unital ring as exponential valuation is the condition that the non-zero values generate a subgroup of the unit group of <1>. For example, Krull valuations of fields may be interpreted as exponential valuations. They are additive in the sense that we have '1(xy)

= '1(x) + '1(y)

(x, yE R).

(3.40f)

Definition (3.41) An element aEM~o is said to be infinitely larger than the element bEM~o: a»b (respectively b « a), if a > nb for any nEI~J.

For example, a> 0 implies a» O. Elements a, bEM ~o are said to be comparable, if neither a» b nor b» a holds, i.e. there exist m, nE I'\\J such that ma ~ b, nb ~ a. Especially, a is comparable to zero, if and only if a = O. The relation » is transitive but

Valuation theory

249

neither reflexive nor symmetric. However, comparability yields an equivalence relation on M ;'0. ff a and a', band b' are comparable and if a» b, then also a' » b'. If a, bE M > 0 satisfy a> b, then either a, b are comparable or we have a» b. Hence, the relation » induces a total ordering relation of the comparability classes. The number of comparability classes not containing 0 is said to be the order rank p(M) of the algebraic ordering of M.

Definition (3.42) A rank one algebraically ordered additive group is called archimedean ordered.

In the foundations of analysis it is shown that archimedean ordered additive groups are modules and that there is a largest one among them, say M, with the property that for every archimedean ordered module M there is an order preserving monomorphism of Minto M which is unique up to order preserving automorphisms of M. The order preserving automorphisms of M form an algebraically ordered abelian group IR> 0 in accordance with a> l¢>V'xEM>o:a(x) > x. The inversion automorphism - 1 generates together with 1R>0 an algebraically ordered subfield 1R=IR>ou{O}ulRo, of the endomorphism ring of M. The field IR is called the real number field. For any element ¢EM>o there is the order preserving isomorphism of IR on M which maps p on p(¢) (pEIR). For any algebraically ordered additive group M and any element a of M > 0 the elements of M > 0 which are infinitely larger than a form an additive half-module H(a) = {flEM >olfl» a} such that G(a):= H(a)u {O} u - H(a) is a normal additive subgroup of M. Also the comparability class of a and G(a) generate an additive subgroup G/(a) of M which is normal in M such that the additive factor group G/(a)/G(a) is archimedean ordered in accordance with x/G(a) > y/G(a)¢>x > y (x, YEG'(a». Similarly, M/G(a) is algebraically ordered. For any exponential valuation (3.40a) the elements x of R with I](x)EH(a)u { oo} form an ideal I**(R, a) of the ring I*(R, a):= {xERII](x) > - H(a)} such that I] induces the exponential valuation I](R, a): I*(R, a)/I**(R, a) ~ M /G(a).

Definition (3.43) An exponential valuation 1]: D ~ M u { oo} corresponding to a Krull valuation of the division ring D such that I](D\ {O}) = M is called a Krull exponential yaluation of D. The comparability classes of M;'o form a totally ordered set

N1"° with 0 as

250

Maximal order

smallest element. The initial segments of M;' 0 corresponding to those subsets X of M;' 0 which have the properties

(3.44a)

OEX, if aEX,

bEM;'o,

b>a,

then bEX,

if aEX, bEM;'o, b comparable to a, then bEX,

(3.44b) (3.44c)

are in one-to-one correspondence with the prime ideals P of the valuation ring 1(",0):= {xEDI,,(x);;;. O}, inasmuch as P is of the form Px:= {xEDII](X)EX} for some X. Conversely, I](p) is an initial segment of M;,o. In the converse direction we have

Lemma

(3.45)

Let R be an entire ring with quotient field F and let X be a non-empty set of prime ideals of R which is well ordered by set theoretic inclusion. Then there is a Krull exponential valuation 1]: F -+ M u { 00 } such that R ~ 1(1],0), and for each PEX the intersection oj all prime ideals of 1(1],0) containing P is a prime ideal p of 1(1], 0) satisfying p n R = p. Proof The union of all members of X is a prime ideal nt of R. Without loss of generality we may assume mEX. There is the one-to-one correspondence between the elements PEX and the prime ideals p*:= _P- of the ntR\nt localization R*:= ~ such that the p*s form a set X* of prime ideals of R*

R\m

which is well ordered by set theoretic inclusion and contains nt*. Since all PEX satisfy P* n R = P we can assume without loss of generality that m is a maximal ideal of R. Among the local subrings R of F with the property that for each PEX the intersection of all prime ideals of R containing P is a prime ideal p of R intersecting R in P there is a maximal one R' by Zorn's lemma. Without loss of generality we can assume R = R'. For each PEX there is an additive exponential valuation tIp: F -+ M u { oo} such that R ~ I("p, 0), 1(I]p' > O)nR = P according to Chevalley's lemma. If there is a first element PEX w~th Pq• => p, then R:= R + Pq• has the property described above yielding R => R contrary to our assumption. Hence, we must have 0 Pq• = P for all PEX, and therefore R is a Krull valuation ring.

Corollary

(3.46)

(a) Under the assumption of lemma (3.45) let X = {p, p} such that pcp, then for each Krull exponential valuation ,,:F -+ M u { oo} for which 1(1],0);2 R, 1(", > O)nR = P we derive the Krull exponential valuation

Valuation theory

251

ij:F-+Mu{oo} such that I('1,0):JI(ij,0)2R, I(ij,>O)nR=p. If the rank of '1 is finite then the rank of ij is smaller. (b) If every non-zero prime ideal of the entire ring R is maximal, then every non-trivial Krull valuation of O(R) containing R in its valuation ring is of rank one, and vice versa. Among the rank one valuations we distinguish the discrete valuations. They are characterized as Krull valuations with infinite cyclic value group:

qJ: F -+ $:

af4

~3(a)

(0 < ~o < I),

(3.47a)

or, in terms of an exponential valuation,

'1: F -+ 7L u { 00 }, '1 surjective.

(3.47b)

For example, the p-adic valuations of the rational number field Q are discrete valuations. Conversely, we have

Lemma (3.48) Every non-trivial Krull valuation of Q is equivalent to a p-adic valuation for some prime number p. Proof Let qJ: Q -+ $ be a non-trivial Krull valuation. Then we have 7L ~ I( qJ, 1) and since qJ is non-trivial on Q, also qJ Iz is non-trivial. Hence, Pip n 7L is a prime ideal of 7L, i.e. there is a prime number p subject to Pip n 7L = p7L with the consequences 0< qJ(p) = ~o < I; qJ(m) = 1 for plm (mE7L), qJ(pVmn-l) = ~o (y,m,nE7L,plm,pln). Clearly, qJ is equivalent to qJp. 0 The fundamental theorem of number theory implies the (strong) independence of the p-adic valuations (p running through all prime numbers) in the following sense:

Definition (3.49) A system S of non-archimedean valuations qJ: R -+ $ of the unital ring R in the algebraically ordered ring $ is said to be independent, if for every finite subset {qJI, ... ,qJrn} of S and any m elements I:jEqJj(R\{O}) (I ";;i";;m) there is an element x ofR satisfying qJj(x) = I:j(l ,,;; i ,,;; m). Iffor any finite subset {qJ I"'" qJrn} of Sand I:jEqJj(R\{O})n$
Maximal order

252

XERS';I which additionally satisfies

for all q>ES\{q>I, ... ,q>m}.

q>(x)=O

(3.50)

We note that F is the quotient field of Rs.; I and that the members of S are in one-to-one correspondence with the equivalence classes of prime elements n of Rs.; I such that n corresponds to the discrete Krull valuation q>,,:F~:n'mn-ll-+e~

(rEZ;m,nERs,;"n/mn;e"E,O<e,,< 1). (3.51)

We also note that there are only finitely many members of S with value < 1 for any given non-zero element of F. For example, the polynomial ring Ro = F o[X] in the polynomial variables belonging to a given non-empty set X of symbols over the field F 0 is a unique factorization ring. Let n be a representative set of the equivalence classes of irreducible polynomials in X over Fo. For each member n of n we have the discrete Krull valuation q>,,: F --.1R:n'mn-11-+ q-,de s (,,)

(rEZ; m, nERo, n/mn)

01-+0 of the quotient field F = O(Ro) = F o(X), where q is some fixed real number greater than one. The system of all such q>" constitutes a strongly independent set S of discrete Krull valuations of F such that R = Rs,;,. We observe that there is also the degree valuation q>oo:F -+ 1R:!g-1I-+qdeS (f)-de S (9)

(f,gERo,/g # 0),

01-+0

(3.52)

again a discrete Krull valuation of F. The uniqueness of prime factorization in R finds its equivalent expression in the product formula

n

q>,,(x) = 1 (xEFX).

(3.53)

"enu{oo}

I t follows that the system S u {q> <x>} is not strongly independent. Indeed, n'l'esu{'I'",,}J(q>, 1) = F o. If X contains more than one element, then there are also non-discrete Krull valuations of F containing R in their valuation ring. In fact, there are such Krull valuations of rank greater than one. But if X consists only of one element, say t, then every non-trivial Krull valuation q> of F with R contained in its valuation ring is equivalent to precisely one member of S. Indeed, the elements of R with value less than one form a non-zero prime ideal p. Since R is a principal ideal ring it follows that p = Rn for some nEn, hence q>(n'mn- 1) = q>(n)' (rEZ; m, nER, n/mn) so that q> is equivalent to q>". Moreover, every Krull valuation q> of F satisfying J(q>, 1);;2 F 0,

J(q>, 1) ~ R

(3.54)

Valuation theory

253

is equivalent to CPoo- This is because (3.54) implies that cp(t) > 1, hence cp(t- 1 ) < 1 and FO[t-l]!; /(cp, I). The rational integers ~ and the polynomial ring in one variable over a field form the prime examples of entire rings R with the following valuation theoretic properties:

R is integrally closed;

(3.55a)

every non-trivial Krull valuation of F:= .Q(R)

(3.55b)

containing R in its valuation ring is discrete; any system of irifinitely many Krull valuation prime

(3.55c)

ideals over R intersects in zero. Kummer and Dedekind discovered in the nineteenth century that the integral closure of ~ in any finite extension of Q again has the properties (3.55a-c). Today entire rings with the properties (3.55a-c) are called Dedekind rings. We are going to study their properties, in particular with regard to subrings defined by a monic equation in section 5.

9. Order rank, rational rank, and degree of transcendency For any Krull exponent valuation '1:F-+Mu{w}

(3.56a)

of a field F on the join of an algebraically ordered module M and the symbol 00 we have three invariants, the order rank p(M) of M as defined in subsection 8, the rational rank r(MIQ) which will be discussed below, and the degree of transcendency d(F) of F over the prime field F 0' where the transcendency concept is assumed to be familiar to the reader. The three invariants satisfy p(M) ~ r(MIQ) ~ d(F)

(3.56b)

in case the restriction of '1 to F 0 is trivial. Otherwise F 0 is the rational number field, and 'lIFo is equivalent to a p-adic valuation (p a prime number), and we have the relation p(M) ~ r(MIQ)

< d(F).

(3.56c)

Let us observe that an algebraically ordered module M is torsion-free: na = O=a = 0 v n = O. Hence, M is embedded into its Z-quotient module M I[Z\ {O}] formed by the formal quotients uln (uEM, nE~>O) with operational rules: VaEMVnE~:

u

u'

n

n

- = ,<=>n'u = nu',

u n

u' n'

n'u + nu' nn'

-+-=----c-

254

Maximal order

and

M I[&:'\ {O}] is an algebraically ordered a-module according to the operational rules: p u

pu

q n

qn'

U

U'

n

n'

- > -¢>n'u > nu'

The order rank of M/[&:,\{O}] is the same as that of M: p(M) = p(M I[&:'\ {O} ]). The dimension of the a-linear space M/[&:'\{O}] is defined as the rational rank of M: r(Mla) = dimo(M/[&:'\{O}]) =:r(M/[&:,\{O} ]). The analysis carried out in subsection 8 yields the inequality p(M) ~ r(Mla). By construction M contains a a-basis B of M/[&:'\ {O}]. For each bEB there is an element ~(b)EF satisfying q(~(b» = b. If q IFo is trivial, then the values q(~(bl )'" ~(b2)'·2 ..... ·~(b.)vs) =

s

I

vjb j

i= 1

are all distinct so that the non-trivial linear combinations of the monomials in ~(B) over the prime field F 0 of F have q-values in M which means that they are not zero. Therefore we get d(F) ~ r(M\ a). If q IFo is not trivial, then the same argument applies to B\ {b o }, where bo = q(p) and (3.56c) is obtained. Let us observe that for any purely transcendental extension F = F o(x 1, ... , Xd) we find that M is free abelian. Any module M with finite &:'-basis uI, ... ,un(nE&:'>O) has the rank n algebraical ordering based on lexicographic ordering: n

LI AjUj > O¢>Ai >0

fori=minUll ~j~n,Aj#O}.

j=

Also all rank n algebraical orderings of M are lexicographic with respect to a suitable &:'-basis. Algebraic number theory utilizes rational rank I valuations. Algebraic function theory in n variables utilizes rational valuations of rank ~ 11.

Exercises I. Deduce (3.8a. b) from (3.2a-d). 2. Prove lemma (3.28). 3. For every natural number /I> 1 and for every non-negative rational integer x there holds a unique presentation

Eisenstein polynomials

255

00

I

x=

(a;(x, II)EZ, 0 ~ aj(x, II) < II,

aj(x, /1)11;

j=O

0= a;(x, II) for II; > x).

Develop an algorithm for that 'II-adic presentation' of x. 4. (Ostrowski)

°

(a) If rp:Z -+ IR> is a valuation satisfying rp(lI) ~ I for some integer II> I, then show we have rp(x) ~ (II - 1)(1 + lognx), rp(xi) ~ (II - 1)(1 + j logn x) (jEZ>O) for every natural number x. (b) If rp is multiplicative, then show we have rp(x) ~ (II - 1)IIi(l + j logn X)11i (jEZ>O), rp(x) ~ I for every natural number x, hence rp is non-archimedean.

5. (Ostrowski) Show that every non-trivial Krull valuation of the rational number field Q is equivalent to a p-adic valuation for some prime number p. 6. (Holder) Show that the mapping rp:C -+ lR;.o:zl-> Izl" = exp (odog Izll is a multiplicative archimedean valuation of the complex number field C for every fixed positive real exponent IX ~ I. All of those valuations are equivalent. 7. (Ostrowski) Let rp:Q -+ 1R;'0 be a multiplicative valuation satisfying rp(2) > I. Show that (a) rp(lI) > I for IIEZ> I. (b) rp(x) ~ (11- l)rp(lI)I +IOKnX, rp(x i ) ~ (II - \)rp(II)1 +iloKnX, rp(x) ~ (II _1)1/irp(II)lliIOgnX (jEZ>O), rp(x) ~ rp(II)IOKn\ rp(X)I/logx = rp(II)I/logn for any two integers x, IIEZ> I. (c) rp(x) = Ixl" for all xEQ, where rp(2) = 2",0 < IX ~ I.

8. (Banach) Let rp:F -+ lR;'o be a multiplicative valuation of the field F and let flJ:L-+ 1R;'0 be a mapping of the F-Iinear space L into the non-negative real numbers subject to the condition on a rp-norm: flJ(u

+ v) ~ flJ(u) + flJ(v),

flJ(AU) = rp(A)flJ(U)

(u,

VE L,

AE F).

Then show that the F-linear transformations T:L-+ L of L subject to the flJboundedness condition flJ(Tu) ~ MflJ(u) (uEL) for some positive real number M form a unital F-algebra B(L/flJ). Also show that the Banach algebra B(L/flJ) of L over flJ has the valuation '1': B(L/rp) -+ IR;' 0: TH glb {flJ(Tu)/flJ(u) I0 oF UE L},

such that 'I'(AT) = rp(A)'I'(T)(TE B(L/flJ), AE F). 9. The sequences of rational integers form a unital commutative integrally closed ring for the operational rules: (an) = (bn)¢>a n = bn (liEN), (an)

+ (b n) =

(an

+ bn),

(an)(b n) = (anb n)·

Its prime ring is formed by the constant sequences and is isomorphic to Z. But show that the integral sequences that are algebraic integers over the prime ring form the proper subring of those sequences which have only finitely many distinct entries.

Maximal order

256

4.4. Eisenstein polynomials Given a unital commutative ring R with a non archimedean pseudo- valuation f{J:R -4<1> in an algebraically ordered field with divisible positivity group <1» a monic polynomial

(4.1) 0

and

(4.2a)

with factorization

f(t)

" (t =n

~i)

(4.2b)

i= 1

into linear factors over R, let us study the connection between the values of the coefficients and the values of the roots off. For simplicity's sake we assume that the roots are ordered by nonincreasing magnitude: (4.3)

The Vieta formulae

(4.4) I

~jl

< ...
imply that (4.5)

Setting (4.6)

it follows that

(4.7) J~i:S;;;tI

If f{J is multiplicative then an estimate of the equation ~~ = - a 1 ~~ - 1 -

f{J(~ d ... -

from above is derived from

a",

in accordance with the estimate f{J(~ 1

r = f{J(~~) ~ max f{J(ai~~ -i) ~ f{J(aj)f{J(~ d" -

j

l.:s;;i~tI

and (4.8) A generalization of (4.8) is obtained by counting the number s of distinct values f{J(~J and setting f{J(~ d =

... = f{J(~VI) >

f{J(~VI + d =

... = f{J(~v,) > ... >

f{J(~V'_l + ,)

= ... = f{J(~"), (4.9a)

257

Eisenstein polynomials

where

1~

VI

<

V2

< ... <

Vs - I

<

Vs =

(4.9b)

n,

in accordance with (4.3), (4.4), viz. qJ(a v.) = qJ(e d .. · qJ(ev.)

(I ~ j ~ s),

(4.9c)

hence (4.9d) with (4.ge) In other words, qJ(a"i_,»O,

qJ(ev.)

= (qJ(aV)qJ(a Vi ,)-I)",i-"i-')-'

On the other hand, (4.4) implies for

< V<

Vj _ 1

(1 ~j~s).

(4.9f)

that

Vj

(4.9g) or qJ(aJ ~ qJ(a'i_

/1-(,- Vi-,)/("i-'i- ')]qJ(a,Y"-'i- ,)/("i-'i- ,).

(4.9h)

Note that (4.9a) yields (qJ(av)qJ(a'j-J) - Ilvi -"i- ,) -, > (qJ(a'i + .)qJ(a v) -

I

t +, - Vi) -, l

(I ~ j < s). (4.9i)

In other words, for multiplicative valuations qJ the qJ-values of the roots of a monic polynomial are uniquely determined by the qJ-values of the coefficients in the non-archimedean case. For an important application of (4.9h, i) we introduce an exponent valuation Yf:R-+Hu{oo} (H an algebraically ordered divisible module) which corresponds to qJ

translating the formulae to Yf(a v) ~

(

1-

_ v·,-

VVj

Vj

_

I)

Yf(a'j-J)

+

( _ ,v-v·

Vj

1

Yf(a,) - Yf(a'i_,)

----'-----'~

<

Vj

_

I

) Yf(a ) v

(l ~ i ~ s), (4.9j)

1

Yf(a'i+,) - Yf(a,)

.

(4.9k)

Following Newton, we associate the n + 1 points Pf,j:= (i, Yf(aJ)

of the affine plane over H u {oo} with the statement that the points

(0 ~ i ~ n)

f.

(4.91)

Then we can interpret (4.9j, k) as

Pf,vo' P f,v,,"" P f,v,

are the vertices of the lower convex hull of the pointset {(i, x)IYf(a j ) ~ x, 0 ~ i ~ n}.

The chain of connecting straight segments Pf,voP f.v, , ... , P/",_, Pf,v, forms

258

Maximal order

the Newton polygon. For example, let R = Q, ({J = ((J2,f(t) = t 3 - 2t 2 - t + 2. Then we have Pf.O=(O,O),

Pf.I=(I,l),

Pf .2 =(2,0),

Pf .3 =(3,l)

with Newton polygon

J 11

*

1

=*

M~I 2

0

..

3

corresponding to

s = 2,

Vo

({J(~d= ({J(~2)

'1(~ I)

= 0,

= I,

= '1(~2) = 0,

VI

= 2,

((J(~3)

'1(~3)

V2

= 3,

= t,

= 1. (4.10)

Definition

The monic polynomial (4.2a) is said to be an Eisenstein polynomial over the field F with Krull valuation (4.10a)

if (1) 0 ~ ({J(a n) < 1, (2) 0 ~ ({J(aj) ~ ({J(an)(1 ~ i < n), (3) for any prime divisors q ofn the equation ({J(a n) =

e cannot be solved by q

a ({J-value. Historically speaking Eisenstein introduced the polynomials named after him as monic polynomials (4.2a) over 7L subject to the conditions

pla j (l ~ i ~ n),

p2ra n

for some prime number p. They are the Eisenstein polynomials over 7L with valuation ({J = ({Jp and ({J(a n) = lip. For example, the pth cyclotomic polynomial (t) P

tP - I t- I

= - - = t p- I + t p - 2 + ... + I

259

Eisenstein polynomials

is turned into an Eisenstein polynomial (t '

+ 1)P - 1 = t,p-I + (P)t'P-2 + (P)t'P-3 + ... + ( 1

t'

2

p

)

p- 1

by the Tschirnhausen transformation tt.....( + I.

This is because all binomial coefficients (f)(l ~ i ~ p) are divisible by p. It is left as an exercise for the reader to prove that the same transformation also turns the pVth cyclotomic polynomial p,(t)

t P'

=

1

-

,_I

,--I

= p(t P

)

1 into an Eisenstein polynomial for v > 1. Note that according to definition (4.10) also polynomials like t

P

-

t3

-

250t

+ 25

are qJs-Eisenstein, not merely the polynomials like t3

-

250t

+5

with last coefficient not divisible by 52. The importance of the Eisenstein polynomials is primarily derived from their assured irreducibility which is shown below, though we will learn to know their significance from another point of view in section 6.

Lemma Every Eisenstein polynomial. is irreducible.

(4.11)

Proof Let f(t)EF[t] of the form (4.2a) be an Eisenstein polynomial relative to the Krull valuation (4.lOa) of F, and let E be a finite extension of F generated by a root ~ off over F. According to the Chevalley theorem (3.30) there is an extension

f1J:E -+<1> of qJ to a Krull valuation f1J of E. According to (4.9g, i) we have s = 1, VI = n, f1J(~) = qJ(an)l/n. We will show that 1, ~ , ... , ~n - I are linearly independent over F implying [E:F] = n and therefore the irreducibility off. In any non-trivial linear combination

of 1, ~ , ... , ~n - lover F there are at least two non-zero summands on the right-hand side. For any two non-zero terms, say

Al,

Ak~k

(0 :::; i

< k < n; Aj, Ak E F, AjAk ¥- 0),

260

Maximal order

it is impossible that

. Hence' = 0 if and only if A.I = ... = A. n = 0, and the elements 1,~, ... , ~n- I are linearly 0 independent over F. An application of the Eisenstein lemma (4.11) yields another proof of the irreducibility of the pVth cyclotomic polynomials over Z(v ~ 0). We observe that the index of the value group of cp in the value group of

(4.12)

The Krull valuation of the finite extension E of the field F is said to be totally ramified over its restriction to F: cp:F -+ <1>, if the index of the value group of cp in the value group of

(4.13)

Let E be an Eisenstein extension of F. Then the minimal polynomial f of every non-zero element ~ of E with the property that the order of
f has order n modulo cp(F\{O}) according to (4.9i).

0

Finally we observe that Eisenstein polynomials f determine the integral closure of the entire ring R

= I(cp, 1)

Eisenstein polynomials

261

in the Eisenstein extension F[t]/ f(t)F[t] = E = F(¢)

(¢

= t/ f(t)F[t]),

(4.14)

as follows: 11-1

CI(R, E) =

L

I(cp, <.Q(¢)-i)¢i = I(<.Q, 1).

(4.15)

i=O

Indeed, every element of E is of the form (4.16a) with coefficients Ai in F. As we saw already in the proof of lemma (4.11), we have (4.16b) O~i<'1

hence the second equation in (4.15). Since f is an Eisenstein polynomial it follows from (4.9i) that for every Krull valuation cp*:E -.<1> E extending cp we have cp*(¢) = <.Q(¢) and, as cp*(x) = max o.;, <"CP(Ai)cp*(¢)i = <.Q(x) (xEE), hence cp* = cpo Hence,

of

CI(R, E)

= I(<.Q, I)

before,

(see lemma (3.34».

0

For any non-archimedean valuation (4.1) of the unital commutative ring R and for every polynomial (4.2a) with factorization (4.2b) over R it is possible, of course, to determine the natural numbers s, VI' V 2 , •.. , Vs in accordance with (4.9g, h) and to determine the non-negative elements Pi.1

=(cp(av)cp(av;_)-I)(V;-V;-,,-'

(I ~j~s)

(4.17)

of in analogy to (4.9a-d). But now we have merely the inequalities,

n (")>- n i

j= 1

(

Cp"j:?,

h \1,,-\1"-1 ) i-Vh k= I Pf,k Pf,h+l

(4.18)

implied by (4.5). However, let all =f. 0

(4.19a)

be the last non-zero coefficient off so that (4.19b) so that (4.19c)

262

Maximal order

Assuming that (4.19d) and also that aIJ is a qJ-multiplier such that (4.1ge)

11>0, then we have the formula

(4.19f) showing that the roots ~ I, ... , ~IJ are qJ-multipliers, the first 11 of which are non-zero. Thus we have the equations

which are required for the proof of (4.9f, h, i). In case R = 7L, = IR, qJ = qJm (the m-adic pseudo-valuation for some natural number m> 1) we have the following alternative: (I) aIJ is not a qJm-unit. This is tantamount to 1 < gcd(aIJ' m)

< m,

(4.20)

hence the proper factorization m = gcd(a IJ , m)(m/gcd(a IJ , m» is implied. (II) aIJ is a qJm-unit. In this case (4.9f, h, i) hold.

It is not required to test whether the other coefficients a l , ••• , aIJ _ I are
m = Il P;' (SE7L>o; I~

Vj E7L>o,

1 ~ i ~ s)

1

be a factorization of m into the power product of distinct prime numbers PI' ... ' P., then we have the equation

l~i:O;;;;s

for all qJm-units x of O. (Note that

qJ;::O -+ IR is a Krull valuation of 0.) For any finite extension E of 0 there are only finitely many distinct extensions

qJ:E-+1R

Eisenstein polynomials

263

of the cP;: to Krull valuations of E (see section 5). We denote by lPm(Y) the maximum of the lP(y) for y of E so that

lPm:E -+ IR is a non-archimedean pseudo-valuation of E which coincides with CPm precisely on those rational numbers x which are cpm-units. The monic polynomial (4.2) over 7L may be said to be pseudo-Eisenstein if (1) all coefficients ai' a 2 , ••• , an are cpn-multipliers, (2) 0 < cpm(a n) < I,

(3) 0 ~ cpm(ai) ~ cpm(an)(l ~ i < n), (4) there is no prime number q dividing n such that

cpm(a n)-I/QE7L>o. In this case it follows again by the arguments of the proof of lemma (4.11) applied to lPm that f is irreducible. Let us observe that the test of(4) is relatively easy since one must tryout only those prime divisors q of n which are less than or equal to logm/log2. In general we have the following:

Definition Let F be afield with a finite number of Krull valuations, say in and let

(4.21)

1/11' 1/12, ... ,1/1..

cP:= max I/Ii be the intermediate pseudo-valuation of F derived by maximum formation from (4.2a) over F is said to be pseudo-

1/1 I"", I/Is· Then the monic polynomial Eisenstein, if

(1) all coefficients a I , •.. ,an are cp-multipliers, (2) 0 < cp(a n) < I, (3) 0 ~ cp(a i) ~ cp(a n) (1 ~ i < n), (4) there is no prime divisor q of n such that

n I/Ii(F\{O}). s

cp(an)I/QE

i= I

Again it is shown by the arguments given in the proof of the Eisenstein lemma (4.11) that f is irreducible over F.

Exercises I. Let R be a Krull valuation ring of its quotient field F with maximal ideal p and perfect residue class field Rip. Then show that the finite extension E of F is

264

Maximal order

Eisenstein relative to R if and only if the minimal polynomial of every element of CI(R, E) is congruent to a power of a linear factor modulo pEt).

4.5. Dedekind rings and orders 1. Fractional ideals It is useful to introduce" fractional ideals over a ring.

Definition (5.1) For any commutative unital ring R the R-modules v-Ia of5J(R) derivedfrom the ideals a of R upon multiplication by the inverse of a non-zero divisor v of R are said to be the R-fractional ideals of 5J(R) with denominator v. Clearly, the ideals of R are fractional ideals with denominator l. The fractional R-ideals form an abelian semigroup with R as unit element and 0 as null element. The intersection and the sum of two R-fractional ideals are again R-fractional ideals. If a is an R-fractional ideal containing a non-zero divisor of R and if b is any R-fractional ideal then also the quotient module

[b/a]

= {xE5J(R)lxa £

b}

is an R-fractional ideal. A fractional R-ideal a is said to be invertible with respect to R if there is an R-fractional ideal b satisfying

ab = ba = R. From the elements of group theory we know that b is uniquely determined if it exists at all. It is customary to denote b as a - I and to speak of a - I as the inverse of a or as the inverse R-fractional ideal of a so that we have the defining equation

They imply that

[R/a]

= a-I,

[a/a] = R. They also imply that a -

I

is invertible with respect to R and that a=(a-I)-I.

Moreover, if a, b are both invertible with respect to R, then also ab is invertible with respect to R, and we have (ab)-I =b-Ia- I . In particular, the principal R-fractional ideal

~R

generated by an element

~

265

Dedekind rings and orders

of .Q(R) is invertible with respect to R, if an only if in that case we have

~

is a unit of .Q(R) and

(~R)-I=~-IR.

Hence, the fractional R-ideals that are invertible with respect to R form an abelian group. 2. Dedekind rings Naturally, the question arises when every non-zero R-fractional ideal is invertible with respect to R. Suppose that is the case. Then every non-zero element of .Q(R) is invertible so that .Q(R) is a field, R is entire. Moreover, every non-zero prime ideal p of R is maximal. Namely, otherwise p is properly contained in a maximal ideal m of R so that pemeR, pm - I e mm - I = R,

and

p=(pm-I)m, hence p is not a prime ideal. More generally, if p, m are any two fractional ideals satisfying p~m#O,

then we have

pm-I

~mm-I ~

R,

p = (pm-I)m, so that p is a multiple of m by an ideal of R, i.e.

mlp· Conversely, if m Ip then p ~ m because of a - I :2 R for non-zero ideals a of R. We have used a special case of

Lemma (5.2) If the R-invertible ideal m of R contains an ideal p of R then p is a multiple of m in accordance with p=(pm-I)m.

Conversely, inm.

if the ideal p is a multiple of any ideal m of R then p is contained

Thus set theoretic containment is equivalent to divisibility in the opposite direction for our rings. Also the ring R is Noetherian. Indeed, every non-zero ideal a of R is

266

Maximal order

invertible so that aa- I = R,

implying an equation n

L ajbj = I, j=1 with elements a j of a, bj of a - I, hence we have

IE(.t,= ajR)a-

1

I

~aa-I =R,

Ctl )aajR

I

= R,

n

L ajR =a, i==1

so that a is finitely generated. Finally we show that R is integrally closed. Indeed, if the element n(R) satisfies the monic equation ~"

with coefficients a l

, ... ,

+ a I ~"- I + ... +

(I"

~

of

= 0,

an in R, then the fractional non-zero ideal n-I

a=

L ~jR

j=O

satisfies the Kronecker condition ~a~

a,

implying that hence ~ER. A special example of the rings we are studying here are the principal ideal domains (PID), i.e. the entire rings with the property that every ideal is principal, e.g. the rational integer ring 71. For such rings an ideal is a prime ideal, if and only if it is generated by a prime element. The statement that every non-zero element of a PID is factorizable into a product of finitely many prime elements, where the factors are uniquely determined up to order and equivalence, is equivalent to the statement that every non-zero ideal of the ring is the product of prime ideals which is unique up to the order of the factors. In this form we generalize the statement as follows: Lemma

(5.3)

If the non-zero R-fractional ideals of the entire ring R form a group G, then

Dedekind rings and orders

267

every element 9 of G is a power product of prime ideals s

9=

11 pt,

(S.3a)

I

i~

with distinct non-zero prime ideals PI' P2'''''Ps of R and non-zero integral multiplicities VI'''''Vs' For any non-zero prime ideal P¢{PI""'Ps} the multiplicity ofp is said to be zero. The multiplicity of each non-zero prime ideal with respect to the given ideal 9 is unique, it is independent ofthe particular prime factorization (S.3a). Proof If there is a non-zero 9 of R for which no factorization (S.3a) exists with non-negative multiplicities then we choose 9 to be maximal among the counter examples. Since R itself has the empty factorization (s = 0) with all multiplicities equal to zero it follows that 0 c 9 c R, and therefore 9 is contained in a maximal ideal PI of R. hence 9

= Pig. where

9c

9~ R

so that

s

11 pf',

9=

i~

I

where PI'P2' .... Ps are distinct non-zero prime ideals of R and the multiplicities Vi are non-negative integers such that

Vi > 0

for 2 ~ i ~ s.

Hence, s

11 pt

P=PIg=

i~

I

for ifi

=t

ift < i ~s. Vi>

0 (I

~

i

~

s).

Thus it is shown that every non-zero ideal of R is a prime ideal product with non-negative multiplicities. Any non-zero R-fractional ideal is of the form

g-I g = (gR)-lg, with 9 a non-zero ideal of Rand g a non-zero element of R. Hence also gR is a prime ideal product with non-negative multiplicities, say I

gR =

11 pi',

i~

I

J-li ~ 0

(I ~ i ~ t),

J-li > 0

(s < i ~ t),

Maximal order

268

where also Ps+ 1,···, P, are distinct non-zero prime ideals of R, and

n Pi-I", n pr'-I", I

(gR)-1 =

i= I I

g-1 9 =

i= 1

where we set

Vi ~ 0

for s < i ~ t.

In order to prove uniqueness we discuss the equation

n pf'= n Pi"', s

s

i= I

i= I

(5.4)

where PI,P2' ... 'Ps are distinct non-zero prime ideals and J1.i' Vi are rational integers. Upon moving the factors with negative exponents to the other side, r~spectively, we must show that there is no equation (5.4) with distinct non-zero prime ideals PI> ... ' Ps (s > 0) and with rational integers J1.i, Vi subject to the condition that either

J1.i>O,

Vi=O

J1.i=O,

or

Vi>O

(I~i~s).

Indeed, if J1.1 > 0 then the left-hand side is contained in PI' hence the right-hand side also is contained in PI. It follows that at least one of the prime ideal factors with positive multiplicity on the right-hand side is contained in and distinct from PI' say

Pi C PI

for some index i

(I < i ~ s).

But that is impossible, since every prime ideal is maximal. Thus (5.2) is demonstrated. 0 The multiplicity vp(e) of the non-zero prime ideal P of R in the non-zero element of O(R) defines the p-adic Krull exponential valuation

e

vp:O(R) --+ 71. U {oo}.

It is defined for

(5.5)

eof R as follows: vp(O) =

00,

and for O:f. eER we set vp(e) to be the unique rational integer satisfying

For

we set

Vp(e):= Vp(I1) - vlr).

The p-adic Krull exponential valuation is discrete with

~ as its valuation R\p

Dedekind rings and orders

269

ring. Hence there is precisely one Krull valuation ring of .Q(R) containing R such that its maximal ideal intersects R in p according to (3.46). Since R is integrally closed, it follows that R is the intersection of the Krull valuation rings of .Q(R) in which it is contained. From lemma (5.2) it follows that any non-zero element of R is contained only in finitely many maximal ideals of distinct Krull valuation rings of .Q(R) containing R. In other words R is a Dedekind ring. The previous observations are extended by the next theorem.

Theorem Let R be an entire ring. Then the following conditions are equivalent.

(5.6)

(I) R is a Dedeking ring. (II) The fractional R-ideals "# 0 form a group under multiplication. (III) R is Noetherian, integrally closed and each non-zero prime ideal of R is maximal. (IV) Every ideal of R is a product of prime ideals.

Proof We have shown already that (II) =;. (III),

(II) =;. (I V),

(II) =;. (I).

We are going to show that (a) (III) -+ (II), (b) (1)-+(111),

(c) (IV) =;.(11).

(a) Let R be an entire ring satisfying (III). In order to show the group property of the non-zero R fractional ideals it suffices to show that every non-zero ideal of R is invertible with respect to R. Let us assume that there are non-zero ideals of R which are not invertible with respect to R. Then among those there is a maximal one, say p. Because of R - I = R it follows that p is a proper ideal. If p is contained in a maximal ideal m and m is invertible with respect to R then we have seen in (5.2) that p is a multiple of m and hence it is a prime ideal only if p = m. It remains to prove that every maximal non-zero ideal p of R is invertible with respect to R. There is a non-zero element n of p. We want to show the existence of a prime ideal product "# 0 contained in the ideal nR, say OCPIP2,,·p s snR.

(5.7)

If that is wrong then among the ideals of R not containing a non-zero prime

270

Maximal order

ideal product there is a largest one, say o. The ideal 0 is proper and not a prime ideal. Hence, there are two elements aI' a 2 of R for which

so that

According to our assumption there are non-zero prime ideal products contained in 0i' say OCPilPi2···Pi/l,SOj

(i= 1,2),

implying the relation

nn 2

Oc

"i

PijSOI02 S0 .

i= I j= I

Thus (5.7) holds for suitable non-zero prime ideals PI'···' Ps. We stipulate that s is as small as possible, hence s

U= 1,2, ... ,s).

nPi$nR ;=1 i~j

Since we have nEp it follows that s

n PiS nR sp,

i= I

so that at least one of the prime ideals Pi is contained in p, say PI

sp.

Because of the maximal property of every non-zero prime ideal of R it follows that PI

=p.

Moreover, s

Il Pi $nR,

i=2 s

n- I

n

i=2

Pi

$ R,

but s

n- I

n Pi S R,

i= I

so that s

n- I

n Pi S [Rip], i=2

Dedekind rings and orders

271

hence R c [R/p]'

Because of the maximal property of p and p = pR £ p[R/p] £ R we have either p

= p[R/p],

or R = p[R/p].

In the first case it follows from the Kronecker criterion that [R/p] belongs to the integral closure of R in O(R) contradicting the integral c10sedness of R. Hence, we find that

demonstrating (II). (b) Now let R be a Dedekind ring. We want to establish (III). By definition R is integrally closed. If p is a non-zero prime ideal of R, then there is a Krull valuation ring R of O(R) containing R such that the maximal ideal of R intersects R in p. Since the corresponding Krull valuation is discrete, it follows that p cannot properly contain another prime ideal '# 0 of R according to (3.46). Thus it is seen that every non-zero prime ideal of R is maximal. Finally we show that any non-zero ideal a of R is a finitely generated R-module. There is an element a '# 0 of a, and there are only finitely many Krull valuation rings of O(R), say R l ' R 2 , ••. , Rs such that R £ R j , aR j c Rj(l ~ i ~ s). The integral closure property of R yields R=R 1 nR 2 n···nR s·

By assumption there are discrete Krull exponential valuations fJj:O(R) -+ 7L U

{oo},

with R j as valuation rings such that the intersections

are s maximal ideals,

s

fl m?;(<<) £ j=

aR £ a.

1

show that the ideal a = aR of the localization a finitely generated R-module. In other words, we can assume without loss of generality that R contains only a finite number of distinct maximal ideals, R is a semilocal ring, hence

It suffices

to

R = R/(ni= 1 R\m;) is

R

= Rl n··· nRs.

Maximal order

272

Moreover, .Q(R), R I , ... , Rs are the only Krull valuation rings of .Q(R) containing R. We observe that the set Y(a) of all s-tuples (tfl(Y)' tf2(y), ... ,tfs(Y» for non-zero Y of a is bounded from below by (tf I(IX), tf2(IX), ... , tfs(IX» in the partial ordering of lLl xs provided by (x I , X2 , .•• , x s) ::; (y I> Y2 , •.• , Ys) ~ Xi::; Yi

(I::; i ::; s).

Applying the subsequent lemma (5.8) to the set Y(a) of the s-tuples (tf I(X), ... , tfs(x» (0 # xEa) it follows that there are finitely many elements of a, say XI' ... ' x,,, with the property that for any non-zero element x of a there is an index iE{\, ... ,a} for which tfiXi)::;'1j(X) (I ::;j::;s), hence tfiXXi-');~O (I ::;j::;s), hence XXi-IERlnR2n···nRs=R. This of course implies a = Rx, + ... + Rx". (c) To conclude (II) from (IV) it suffices to show that every non-zero ideal of R is invertible. Since every ideal is a product of prime ideals we only need to prove the invertibility of non-zero prime ideals P of R. We do this in two steps. Firstly we show (p + Ra)2 = P + Ra 2 for all aER\p. There are (not necessarily unique) presentations of P + Ra, P + Ra 2 as products of prime ideals:

n pf', m

p+Ra=

P + Ra 2

" =n I)?

(/1;, vjEN).

j=1

i= I

Clearly, pcp + Ra S Pi' pcp + Ra 2 S \)j for I ::; i::; m, I ::;j::; n. Transition to the (entire!) residue class ring R:= Rip yields Rii = n~= I pfl, Rii 2 = I i)jJ. Because of a¢p the elements ii, ii 2 are different from 0 and therefore the ideals Pi' l)j invertible with respect to R via

nj=

Pi-I = ii-'pf,-I

n m

p~,

I)j-I

" i);' (I::; i::; m, I ::;j::; n). = ii- 2 ij?-I n ,=1

p=1 poFi

, to}

But then the equation

n m

i= I

n /I

-21" Pi -

-'.j

I)j

j= I

yields m = nand - after reordering the i)j' if necessary - Pi = i)i' 2/1i = Vi (I ::; i ::; n) as we saw in the proof of lemma (5.3). Because of pc Pi' pc \)j(1 ::; i::; m, 1 ::;j::; n) we then obtain Pi = \)i(l ::; i::; m). In the second step we show that every non-zero prime ideal p of R is maximal and invertible with respect to R. There is bEP, b # 0, and there exist prime ideals PI' ... ' Pr of R such that Pl· ... · Pr = Rb S p. Without loss of generality we can assume PIS p. As above, PI is invertible with respect to R and therefore maximal as we will see below. Hence, PI = p, and also P is invertible with respect to R.

Dedekind rings and orders

273

It remains to show that PI + Ra = R for all aER\PI. For any elements PEPI and aER\PI' we have according to the first step: PEPI + Ra 2 = (PI + Ra)Z = pi + api + Ra z c pi + Ra. Hence, there are elements qEPi, and rER such that p = q + ra. But this implies p - q = ra and therefore rEp I' PI £ pi + P Ia, and the invertibility of P I yields

R = PIP II £ (pi

+ PI a)p II

£

PI

+ Ra £

R.

o

For the proof of (b) we made use of the following lemma. Lemma

(5.8)

Let 71· be partially ordered according to

Then any non-empty subset Y of 71" which is bounded from below has only finitely many minima. Proof By induction on n. The case n = I is trivial. For n > I we use the projections

n l :71"-..71:x =(x i , •.. ,X,,)'f->X I ,

n z :71"-..71"-l:x = (XI' .. . ,x,,),f->(x z , ... ,x,,), = :x. Let Y be a non-empty subset of 71" which is bounded from below. According to the induction hypothesis Oz(Y) has only finitely many minima, say XI> ... 'xs. In n;I(Xj)(1 Y we choose Xj with minimal first coordinate (l ~ i ~ s). Let m be the maximum of the first coordinates of XI , ... , xS. Clearly, nl(y) contains only finitely many integers X satisfying X ~ m, say ~ 1'···' ~k. Thus we are led to consider the subsets Yj := rYE YI n 1(y) = ~j} of Y (I ~ i ~ k). Again, n z( Yj ) has at most finitely many minima, say Yi, , ... , Yj" with (unique) preimages Yi,' ... ' Yj in Yj • Now all minima of Yare contained in the 0 finite set {yj,ll ~ v d'sj, 1 ~ i ~ k}. Historically speaking, the theory of Dedekind rings originated from the remark made by certain astute French mathematicians that in the ring of cyclotomic integers 71['.]«(.. a primitive nth root of unity) there does not always exist a greatest common divisor of two non-zero elements IX, fl, as Dirichlet pointed out to E.E. Kummer who had made the assumption implicitly. Thus E.E. Kummer was inspired to introduce 'ideal' numbers (i.e. algebraic integers outside the field playing the role of the greatest common divisor of IX, fl. R. Dedekind introduced the ideal generated by IX, fl as a substitute for the greatest common divisor which does not always exist in algebraic number fields, i.e. finite extensions of O. Dedekind showed that the ideals of the algebraic integer ring CI(71, E) form a semigroup with unique factorization into prime ideal products for any algebraic number field E.

0(,.»

274

Maximal order

He also observed that the non-zero fractional ideals of Cl(£" E) form a group and that this property implies both (III) and (IV). He already suggested to take (III) as defining property for a more axiomatic treatment. This program was carried out in a famous 1926 paper by E. Noether [2]. The valuation theoretic treatment leading to (I) goes back to the work of W. Krull. It is seen from our treatment that (I), (III) run parallel inasmuch as (a) integral closure, (b) the Noetherian property, (c) the maximality of prime ideals, have equivalent valuation theoretic and ordinary ring theoretic definitions. The characterizations (I), (III) both can be used to show that the integral closure of a Dedekind ring in a finite extension of the quotient field is again a Dedekind ring. Actually (I) will be used here since it does not require to distinguish the case of a separable and a non-separable extension. The characterization (IV) given by Matusita appears to be the most natural one but it is not as useful as the other three.

Theorem (5.9) The integral closure A of a Dedekind ring R in a finite extension E of the quotient field F = .Q(R) is a Dedekind ring. Proof The classical argument (of E. Noether) demonstrates (III) for A. This must be done separately for separable and for inseparable extensions. Since the latter do not occur in algebraic number theory we shall give the classical demonstration only in the case that E is a separable finite extension of F. This demonstration is then followed by a demonstration of (I) for A without separability condition on E. However, we shall combine the latter demonstration with the proof of a weak independence which is of intrinsic value. (i) Classical argument By definition A is integrally closed. In order to show the maximality of the non-zero prime ideals of A we must show that every Krull exponential valuation

'1:E-4Mu{oo} (M an algebraically ordered module) of E satisfying '1(A) ~ 0 is discrete. But the restriction of '1 to F is a Krull exponential valuation of F satisfying

'1(R) ~ O. Since R is a Dedekind ring it follows that '1IF is discrete. We have seen in the proof of (3.30) that any subset X of E with the

275

Dedekind rings and orders

property that 1f(X) is a representative set of 1f(E\{O}) modulo 1f(F\{O}) is linearly independent over F. Hence, the index of (1f(E\ {O}): 1f(F\ {O})), which is also called the ramification index of 1fIF in E, is finite. Since the module 1f(F\{O}) is cyclic of order 1 or 00 and since the module 1f(E\{O}) is torsion-free and offinite index over 1f(F\ {O} ) it follows that 1f(E\ {O} ) is cyclic of order 1 or 00. Hence, 1f is discrete. Finally, it must be shown that A is Noetherian. For this purpose we need the assumption of separability which implies, firstly, the existence of a primitive element ~ of E so that 1, ~, ... , ~n-I is an F-basis of E and, secondly, the non-vanishing of the discriminant d(f) of the irreducible polynomial

f(t) = t n + a1t n -

1+

... + an,

with coefficients in R of which ~ is a root. This in turn implies that A is contained in the R-module with basis

so that 11-1

L

R[t]/f ~

n-l

R~j ~

CI(R, E) = A ~

j=O

L

d(f) - I R~j.

j=O

(See also (5.17).) Hence, the Noetherian property of R implies the Noetherian property of the R-module A. A fortiori, A is a Noetherian ring. (ii) Valuation theoretic demonstration Making no separability assumption on E we will demonstrate (5.6) (I) for A. It has already been shown above that A is integrally closed and that every Krull valuation of E with A in its valuation ring is discrete. It remains to prove that for every non-zero element ~ of A there are only finitely many Krull valuation rings of E containing A such that ~ is contained in the corresponding maximal ideals. We know that ~ satisfies an irreducible monic equation ~m

with coefficients a l If we show that

, .•. ,

+ a 1 ~m - 1 + ... + am = 0,

am in the integrally closed ring R such that am -:f. O.

am = ~( -

~m - 1 -

a 1 ~m -

2 -

... -

am _ I)

belongs to only finitely many maximal ideals of Krull valuation rings of E containing A, then the same is true for the element ~ dividing am in A. Without loss of generality we can therefore assume that ~ belongs to R. We know already that there are only finitely many Krull valuation rings of F, say R I> R 2 , ••• , Rs with the property that the maximal ideal ntj of R j contains ~(l :::;: i:::;: s). Thus it suffices to show that every Krull valuation ring

276

Maximal order

R of F is contained only in finitely many Krull valuation rings of E intersecting F in R. More sharply. there are at most as many distinct extension rings AI' A2 •••. of R to Krull valuation rings of E intersecting F in R as the degree n of E over F. Suppose we have the Krull exponential valuation

rf;:F->Mu{oo} of F with R as valuation ring and with divisible algebraically ordered value module M and the distinct extensions

'I'j:E -> Mu {oo}. with Krull valuation rings Aj (i= 1.2•... ,s) such that 'I'jIF= rf;. We establish the weak independence of '1'1' ... ' 'I's by the subsequent lemma (5.10). where we show the existence of elements £jEAj (I ~ i ~ s) satisfying

0< 'I'j(ej - I),

0 < 'I'j(ek)Erf;(F) (I

~

i. k ~ s, i #- k).

We now go on to prove that those £, , ... , £s are linearly independent over F implying s ~ n thus concluding the proof of the theorem. Namely, let AI, ... ,A.,.EF\{O}(I~CT~S) be given subject to rf;(Ad~ rf;(A 2 ) ~ .•• ~ rf;(Aa). We show that a

c;:=

L Ajen(i)

(nEes)

satisfies 'I' n(<7)(c;) = rf;(A.,.) #-

00.

j= ,

hence there is no non-trivial representation of 0 as a linear combination of e, , ... , Cs over F. The last equation is obtained by the following easy computations: 'I' n(a)(c;)

= 'I' n(a{ Aaen(.,.) +

:t:

\f' n(a)(AaSn(a») = rf;(Aa) + 'I' n(a) (sn(.,.») 'I' n(a)

(:t:

Ajen(j»)

Ajen(j»).

= rf;(Aa) + 'I' n(a)(I + (en(a) -

I)) = rf;(A.,.),

~ ,.;;:i~_, (rf;(Aj) + 'I' n(a)(en(j»)) > ,.;;:i~_, rf;(Aj) ~ rf;(A.,.).

0

Lemma (5.10) Under the premises of(5.9) let rf; be any Krull exponential valuation of F and '1', , ... , 'I's finitely many distinct Krull exponential valuations of E such that their valuation rings Ai (I ~ i ~ s) intersect F in the valuation ring R of rf;. Then there exist elements £jEAj (I ~ i ~ s) satisfying 0< 'I'j(ej - I), 0 < 'I'j(ek)E'I'(F\{O}) Proof The case s

=

1 is trivial. choose

£,

= 1.

(I ~ i, k ~ s; i #- k).

Dedekind rings and orders

277

For s = 2 we choose an element 0 =I aE E such that 'P I(a) =I 'P 2(a). For KI:=('PI(E\{O}):'P(F\{O}» the element fJ=a K1 satisfies 'PI(fJ)E'P(F\{O}) and 'PI(fJ)=KI'Pt(a)=lKI'P2(a)='P2(fJ). Hence, there exists O=laEF with 'PI(fJ) = t/J(a), and we obtain 'PI(')I) = 0 =I 'P 2(')I)fory = a-IfJ. In case of'P 2(')I) < 0 we replace ')I by ')I - I. In this way we always find an element 0 =I ')IE E with 'P I (')I) = 0 < 'P 2(1')· Then the element D:=1'K2, K2:=('P 2(E\{0}):'P(F\{0}», satisfies 'PI(D) = 0< 'P 2(D)Et/J(F\ {O}), hence 'P 2(15) = t/J(b) for a suitable bEF\ {O}. Finally, we set el = (I + bO - 2) - I. We claim that el has the properties stated in the lemma. This follows by some easy calculations: 'P 2(bO - 2) = - 'P 2(15) < 0,

hence t/J(F\ {0})3'P 2(15) = 'P 2(ed > 0;

'PI(el-I)= 'PI (D-::b) = t/J(b)-'P I (D 2 +b)=t/J(b»O. Analogously we find an element e2 for which 0 < 'P 2(e2 - I), 0< 'P I (e2)E'P(F\{0}) hold. We note that 'Pi(ei - I) > 0 implies 'Pi(ei) = 0, hence eiEAi (i = 1,2). For s> 2 we apply induction on s. Hence, we assume that there is an element II of Al such that O<'P I (lt-l), O<'PMI)Et/J(F\{O})(l 0 we set el = e and obtain 0 < 'Pi(ei)Et/J(F\ {O} ) for i = s. If 'P.(e) :( 0, then we choose bEF\{O} such that 0< t/J(b) = min {I 'Pi(e) I 11 :( i :( s, 'Pi(e) =I O}. In case of 'Ps(e) O. Finally,

because of'Pl(e)=O, t/J(n) >0, 'PI(e 2 -1»0. In case of 'Ps(e) = 0 we additionally employ the existence of 1JEAI such that 'Pt(/f-I»O, O<'Ps(/f), 'Pi(/f)Et/J(F\{O}) (l 0 for 1 < i :(s. Finally,

278

Maximal order

because of lJ' I(b) = I{I(b) > 0, lJ'1 (I]) = 0 and

lJ' 1(1: - 1]2) = lJ'1((1: - 1) + (1 - 1]2» > O. Similarly, we obtain elements 1: 2"", I: s satisfying the conditions of the 0 lemma.

3. Orders The solution of a monic irreducible equation (5.11 ) over the rational integer ring is formally achieved by forming the equation ring (5.12a) for the polynomial (5.12b) of Z[t]. But important arithmetic invariants like the field discriminant, the fundamental units and the ideal class group need to be known in terms of the integral closure CI(Z, A) of Z in the algebraic number field A = Q[tJIf = O(A J ).

The question arises how to find CI(Z, A) when

f

is given.

Definition (5.13) Given a Dedekind ring R, the overring A of R is said to be an R-order if (a) A is unital; (b) A is a finitely generated R-module, in other words there are finitely

many elements a 1 ,a 2 , ... ,as of A such that A = Ra 1 + Ra 2 + ... + Ra s ; (c) the R-module A is torsion-free: If Aa = 0, 0"# A.ER, aEA, then a = 0 which means that the central quotient ring A = O(A) of A is an (associative) algebra over F = O(R); (d) A contains no nilpotent ideal "# O.

In this book we consider only commutative orders. An example of a commutative order is the order of a monic separable equation (5.11) with coefficients in the Dedekind ring R. It is the equation order (5.12). Definition The R-order A is said to be a maximal R-order R-orders of O(A).

if it

(5.14) is maximal among the

Dedekind rings and orders

279

(5.15) Lemma Any commutative maximal R-order is the integral closure of R in its central quotient ring.

Proof Let A be any commutative R-order. By Kronecker's criterion applied to A any element of A belongs to the integral closure of R in n(A). D On the other hand, it is possible that a commutative R-order is not contained in a maximal order of its central quotient ring. The reader is asked to realize this occurrence by going through exercises 1-3. If the quotient field of a Dedekind ring R is perfect, then every finite extension E of nCR) can be generated by the adjunction of an element x of E satisfying a monic separable equation (5.11) over R, so that the discriminant of the polynomialfis not zero. We have seen before that 1, x, ... ,X"-1 is an R-basis of the equation order Af and that the trace bilinear form

Tr(ab)

L" L" !XATr(xi-1+k-I),

=

i ; I k; I

L" !XiXi - I,

a=

" PkXk-1 b= L

(!Xi'PkER;i,k= 1,2, ... ,n) (5.16)

k;1

i; I

has the determinant det (Tr (Xi +k- 2» = d(f) # 0, so that we find for any element ~=

L" ~iXi-1

(~iER,I~i~n)

i; I

of CI(R, E) that Tr(~Xk-l)

= L"

~i Tr(x i +k-2)ER.

i; I

By Cramer's rule we have ~id(f)ER,

hence

CI(R, E) S d(f)-I A f

.

(5.17)

Since R is a Noetherian ring and since by (5.17) the integral closure CI(R, E) is contained in the finitely generated R-module

L" Rd(f)- lXi-I, i; I

it follows that CI(R, E) itself is finitely generated so that in this case CI(R, E) is itself an R-order. The absence of nilpotent ideals # 0 from CI(R, E) follows from the absence

280

Maximal order

of such ideals from ,Q(A I) which in turn follows from their absence from AI' The same argument holds also in case f is separable, but reducible. One must use the result that ,Q(A I) is the algebraic sum of finite extensions of F (see exercises 4~ 11, for example). In order to prove the next theorem we need a preparatory lemma. Lemma

(5.18)

Let R be a unital commutative ring which is integrally closed in ,Q(R). Let A be a unital commutative ,Q(R)-ring with matrix representation !l of degree n > 0 over ,Q(R). Theil for every element x of Cl(R, A) the characteristic polYllomial of !lex) is monic of degree novel' R. Proof For any generalized multiplicative valuation q>:A -+<1> the elements of A of q>-value 0 form a maximal ideal 9Jl such that the replacement of elements of ,Q(R) by the residue classes of ,Q(R)/9Jl carries !l to a matrix representation X of it = A/9Jl of degree n over ,Q(R) = ,Q(R)/9Jl satisfying X(x)ECl(R, X(it)) (R = R/9Jl, x = x/9Jl). The matrix representation X restricts on the subalgebra generated by x over ,Q(R) to a matrix representation li of degree n over OCR) with the property that for each irreducible component r the characteristic polynomial of r(.x) is a power of the minimal polynomial of rex). The latter is a monic irreducible polynomial over R. This is because A(x) belongs to Cl(R, X(it)) and because R is integrally closed in the quotient field ,Q(R) = ,Q(R), according to our assumption on R. Hence, the characteristic polynomial of X(x) is a monic polynomial of degree n over R. It follows by assumption that the characteristic polynomial of !lex) is monic of degree n over R. 0 Theorem

(5.19)

The integral closure of a Dedekind ring R ill a separable commutative ,Q(R)-algebra A of fillite dimension novel' ,Q(R) is all R-order. Proof We know that there is a primitive element ~ of A such that the powers 1,~, ... ,~n - 1 form a ,Q(R)-basis of A. The n + 1 coefficients of the (monic) minimal polynomial of ~ have a common denominator D # 0 in R. Then D~ is also a primitive element of A with monic minimal polynomial of degree n over R. Without loss of generality we can assume that A = ,Q(R) [t]ff(t),Q(R)[t] is the algebraic background of the equation order AI = R[t]/f(t)R[t] of the monic separable polynomial f of degree n > 0 over R. The regular trace of an element x of A is defined as the negative second

Dedekind rings and orders

281

highest coefficient of the characteristic polynomial of the regular representation of x, a matrix representation of degree II over ,Q(R). Hence, Tr (x) belongs to R for every x of el(R, A) according to lemma (5.18). It follows that the regular trace bilinear form B:A x A--.,Q(R):(al,a2)I-+Tr(a 1a2) restricts on el(R, A) to a symmetric bilinear form with values in R. Thus it follows that Af ~ el(R, A) ~ A}, where the B-dual

A; is defined by A} = {YEA ITr(yA f ) ~ R}.

Because of d(f) = det«Tr(~i+k-2»I.;,.h") #- 0 it follows that the system of linear equations (5.20a) for the unknowns Yjl"'" Yjll (I ~j ~ /I) has a unique solution so that there are elements 11

bj =

L Yjk~k-l k=l

(YjkE,Q(R), 1 ~j ~ II)

(5.20b)

of A, satisfying Tr(~i-lb)=i5ij

Those elements form an R-basis of any element x of A} we have

(l ~i,j~n).

A},

(5.20c)

a so-called dual basis. Indeed, for

Tr(~i-lx) = Tr( ~i-l Ctl TrW-1X)b k))

(I

~ i ~ n)

(5.20d)

so that the difference 11

x'=x-

L Tr(~k-lx)bk

k=l

has the property

which implies x'=O

as we had already observed in chapter 2. It follows that every element x of A} is uniquely presented as the R-linear combination x=

L" TrW-1x)b k

k=

(5.20e)

1

of b1, ... ,b" and that (5.20f)

282

Maximal order

For the more general theory of duality and orthogonal complementation see exercises 12-14. Since R is a Noetherian ring it follows that every R-submodule of the finitely generated R-module A} is finitely generated over R (see exercises 15, 16). In particular CI(R, A) is finitely generated over R. Since A is separable over .o(R) it follows that A is isomorphic to the algebraic sum of finitely many fields so that A contains no nilpotent element 0 besides zero. Hence, Cl(R, A) is an R-order. 4. Finitely generated modules over Dedekind rings In the remainder of this section we prepare an algorithm for embedding the equation order AJ of the monic separable polynomial f(t) of degree n > 0 over R into its maximal order Cl(R, A) = Cl(R, .o(R) [t]/f(t).o(R)[t]). The algorithm itself is developed in section 6. We begin with the task of characterizing a finitely presented module over a Dedekind ring by means of a full system of invariants. Let R be a unital commutative ring. Then for any module M with finitely many generators VI' ... ,V" over R there is the standard R-epimorphism 1/: RlxlI-+M of the n-roW module over Ron M which sends the unit row ej on the generator vj(1 ~j ~ n). The kernel of that epimorphism is formed by the n-rows (.,1.1> ••• ,A") for which there holds the linear relation AIV I + ... + A"v" = 0 between the R-generators VI' •.. ' Vn of M. Thus ker (t1) is the relation or (first) syzygy-module of M relative to the generating set VI' •.. ' Vn over R, and the factor module is R-isomorphic to M: RI xlI/ker (1/) ~ M.

Definition (5.21) The elementary ideals (fj = (fj(M/R) of Mover R are defined as the ideals of R generated by the (n - i) x (n - i) minors of the (n - i) x n matrices formed from any n - i rows ofker(tJ). For iEZ;'" we define (fj(M/R):= R. The reader will easily verify that the elementary ideals are independent of the choice of the finite generator set of Mover R (see exercise 17). In case the relation module is finitely generated over R the finitely many generators of it form the rows of a rectangular matrix, the so-called relation matrix of M relative to the finitely many generators of Mover R. Conversely, every s x n-matrix A = (Aid over R is associated with the R-submodule !R(A) of RlxII generated by the s rows of A. That R-submodule is said to be the row module of A over R, the factor module RI "/!R(A) is an R-module with the generators ej/!R(A) (1 ~j ~ n) over R and A as relation matrix. The elementary ideals are easily computable (see exercise 18). The definition can be extended to arbitrary R-modules (see exercise 19) and behaves constructively for algebraic sums (see exercise 20). As the X

Dedekind rings and orders

283

definition shows the elementary ideals form an ascending sequence (fo

~

(fl

~

(f2

~

... .

(5.22)

For any ideal a of R we find that the factor module M/aM is an R/a-module according to the definition

(A/a)(u/aM):= Au/aM

(AER, uEM),

(5.23a)

and that (fj(M/aM)/(R/a))

= (fj(M/R)/a

(iEZ;'O).

(5.23b)

For any commutative overring A of R with

I,.. = l R ,

(5.24a)

it follows that there is the R-monomorphism

l1,..:M --+ A®RM:u t-+ I,.. ® u

(5.24b)

of M into A ®R M such that (fj(A ®RM) = A ®R(f;((M/ker(l1,..))/R)

(iEPO).

(5.24c)

In particular, we have

(5.24d) If R is an entire ring then we have (f;(.Q(R)®RM) = (fj«(.Q(R) ®R MjTor (M/R))/.Q(R)) =

for i < r(M/R) {o<-'(R) h . , -"l

ot erwlse

(5.24e) where r(M/R):= dimo(R)(.Q(R)®RM) is the rank of Mover R. Two rectangular matrices AjERSjXII (SjEZ>o, i = 1,2) with the same number of columns are said to be row equivalent, if their row modules over R coincide. The constructive decision on equivalence of Al and A2 hinges on the assumption that there is an algorithm known to decide whether a given element A of R belongs to the ideal of R generated by finitely many given elements AI>A 2 , .•• ,Ap and, in case the decision is affirmative, to exhibit a presentation of the form A=eIAI +···+epAp with el, ... ,ep in R (see exercise 22). A theoretical concept for the solution of that task is to develop suitable normal forms for matrices over R. In case of R being a Euclidean ring this was done already in chapter 3, section 2. In the sequel we generalize the definition of an elementary divisor normal form to arbitrary unital commutative rings R.

(5.25) Definition Let R be a unital commutative ring. The R-module M = EBf= I R/n j , where Itl' ... ' Its (SEZ > 0) are ideals of R subject to ~ Itl ~ 1t2 ~ ... ~ Its c R, is said

°

Maximal order

284

to be in elementary divisor form presentation, and the ideals to be the elementary divisor ideals of M.

HI' ... , Hs

are said

We observe that under the premise of (5.25)

n s

Cfo(M/R) =

n s

Hi'

Cfi M/R)=

i= I

Hi

(O<j<s),

Cfs+iM/R)=R (jE"l.~O).

i=j+ I

It can be shown in general that ttl' H 2 , ... , tts are uniquely determined by M. Because of the uniqueness of the elementary ideals certainly tt I" .. , Hs are uniquely determined if the non-zero elementary ideals are invertible with respect to R. A particular elementary divisor form presentation is associated with the relation matrix

9i=diag(e " e 2 , ••• ,es) (eiER, ejlej+1 (I

~i<s),esER\U(R».

(5.26)

In that case the elementary divisor ideals are the principal ideals Hi = en + l-iR (I ~ i ~ s) generated by the elementary divisors ei , and vice versa. For constructive purposes we restrict the rings R under consideration.

Definition (5.27) The unital commutative ring R is said to be a Priifer ring, if every ideal of R which is generated by two elements is a principal ideal. For example, every principal ideal ring and every Krull valuation ring is a Priifer ring (see also exercise 23). We note that in a Priifer ring every finitely generated ideal is principal. For Priifer rings the row normal form of a rectangular matrix can be simplified (see exercises 24, 25) provided we can assume that there is an algorithm to exhibit a generator A=eIA I +e2A2 (e"e2ER) of the ideal RAI + RA2 for arbitrary AI ,A 2 of R. In general this is possible only for Euclidean rings, however. Also there must be an algorithm for deciding whether the element A of R divides the element 11 of R and in case the decision is positive producing an element of R satisfying ),e = 11· Any finitely presented R-module over a Priifer ring can be carried into the form (5.26) (see exercises 25, 26). Using exercises 28, 22 we obtain

e

Theorem (5.28) Every finitely generated torsion module over a Dedekind ring R has an elementary divisor form presentation. For the rational integer ring

"l.

as base ring every finitely generated torsion

Dedekind rings and orders

module M has a set of generators

VI' ••. ,Vs

285

with defining relators (S.29a)

where the numbers (S.29b) are the elementary divisors of M. As we saw in chapter 3 they are uniquely determined by (S.29a, b) and by

ej+llej

(l ::;;i<s)

(S.29c)

so that

M ~

s

s

j= I

j= I

(J) ?L/e;1L, IMI = Il ej , IMI?L =
(S.29d)

(This is in principle the basis theorem for finite abelian groups.) We see that the order of any finite module M generates the ideal
(S.30) The order ideal (M:RO) of the module M over the unital commutative ring R is defined as
Correspondingly we define

(S.31) The exponent idealn(M/R) of a module M over the unital commutative ring R is defined as the ideal of R consisting of all elements A of R which annihilate M: AM=O. Definition

In' analogy to Fermat's theorem we have Lemma

(S.32)


L AihC(ik = c5hk det(A) i= I

(h,k= 1,2, ... ,n)

286

Maximal order

of determinantal calculus which imply that II

det (A)'1(e~) =

n

,.

L AjhC(jh'1(e~) = L Ajh L C(jk'1(eD = 0

j=

1

j=

1

k= 1

for h= 1,2, ... ,n so that det(A)M=O,
o

For the generalization of lemma (5.32) to arbitrary R-modules see exercise

28. We observe that n(M/R) = n 1 (M/R)

(5.33)

in case that the R-module M can be presented in elementary divisor form. Moreover, n(M 1 EBM 2) = n(M dnn(M2).

(5.34)

For finite groups G there holds the index formula (G: T) = (G:S)(S: T) for any two subgroups S, T of G satisfying S;2 T. Correspondingly we have (5.35)

Lemma

For any unital commutative ring R andfor any R-module M with R-submodules M l' M 2 subject to M 1 ;2 M 2 we have (M:RM 2) = (M:RM l)(M 1 :R M 2),

(S.3Sa)

where the index ideals are defined via the order ideal by

provided that the occurringfactormodules can befinitely presented so that there are not more defining syzygies than there are generators. Proof Without loss of generality, we can assume that M 2 = 0 and that M 1 can be finitely generated over R. Hence M can be finitely generated. It follows from our assumption (which remains unchanged under elementary transformations) that M = L7= 1 RVj for some nEN so that M 1 = Ll= 1 RWj with n

wk =

L C(jkVj

(A

= (ajk)E R'IX ")

(S.36a)

i= 1

such that the syzygies 0 = L7= 1 C(jkVj/M 1 (l of M/M lover R. We have to show that

~

k ~ n) are the defining syzygies (5.36b)

Since A is a relation matrix of M/M lover R it follows that
Dedekind rings and orders

287

of those matrices B = (!1ik)E R'/X II for which there hold the syzygies (5.36c) of M I relative to the generators (5.36c) we obtain the syzygies n

W..

Upon substitution of (5.36a) in

n

L: L:

i~

WI"'"

I

j~

I

rxij!1jk Vj = 0

(1 ~ k ~ n)

(5.36d)

of M corresponding to the matrix AB of determinant det (A) det (B). By assumption the syzygies L?~ I rxij!1jkVj = 0 of M derived from the syzygies Li~ I !1ik W i = 0 of M lover R form a system of defining syzygies. Thus (5.36b) is shown. 0 For any semilocal Dedekind ring R the assumption of lemma (5.35) is satisfied whenever M/ M I is finitely generated over R. It follows that (5.36b) holds in all cases in which M/M I can be finitely generated over R. By the localization argument (see exercise 21) this remains true for all Dedekind rings. We remark that for any unital ring R and any ideal a of R we have

(fo((R/a)/ R) = a.

(5.37)

This is because R/a is an R-module with one generator l/a and defining relation rx1/a = 0 (rxEa). It follows that any equation of the form (5.38) for two ideals a, a' of R satisfying a 2 a' implies that a divides a'. If R is entire then (5.38) is universally true if and only if R is a Dedekind ring as we have seen before.

Theorem Let R be a Dedekind ring.

(5.39)

(a) The finitely generated R-module M is R-isomorphic to a non-zero

R-fractional ideal precisely if (fo(M/R) = 0, (fl (M/R) = R. (b) Two R-fractional ideals ai' a2 are R-isomorphic R-modules precisely if they are equivalent in the sense that there is a unit A of O(R) satisfying Aa l

= a2'

(c) The equivalence classes of the non-zero R-fractional ideals form an abelian group CI R , the class group of R. (d) (E. Landau) Every non-zero R-fractional ideal can be generated by two

elements. (e) (E. Steinitz) Every R-module M splits over every R-submodule M' with

torsion-free finitely generated factormodule. (f) (E. Steinitz) For every finitely generated torsionjree R-module M the

Maximal order

288

R-rank r = r(M / R) = dimc(R) O(R) ®R M is connected with the elementary ideals by the relations (fj(M/R)

= {O

R

i(0 ~ ~ < r. ifr~1

(5.39a)

(g) For every set of r independent elements VI' V2, ... ,Vr of the finitely generated torsion1ree R-module M of R-rank r the equivalence class m(M/R) of the index ideal (M:RLI= I RVj) = (fo((M/LI= I Rvj)/R) is independent of the choice of VI , ... , vr.lt is the Steinitz class of Mover R. (h) Two finitely generated R-modules M I, M 2 are R-isomorphic precisely if (fj(M dR) = (fj(M 2/R) (iEZ;'O), (5.39b) 9l(M dR) = 9l(M 2/R), (5.39c) where the Steinitz class of a torsion module is defined as the equivalence class of the principal R1ractional ideals and the Steinitz class of a non-torsion finitely generated R-module M is defined as

9l(M/R) = 9l((M/TorR (M»/R).

(5.39d)

Proof (a) If M is a non-zero R-fractional ideal of the entire ring R then we have tt(M/R) = 0, hence (fo(M/R) = in case M is finitely generated over R. Moreover, (f1(M/R) is not zero because of OeM ~ O(R)®RM. Now let R be a Dedekind ring. We want to show that (f1(M/R) = R. Since there is a non-zero element n of R satisfying nM ~ Rand M ~ RnM it suffices to deal with the case that M ~ R. Upon p-localization for any non-zero prime ideal p of R the ideal M is always carried into the non-zero principal ideal

°

~ of ~ so that (fl (~/~) = R\ (f1(M/R), hence (fl (M/R) = R. R\p R\p R\p R\p R P Conversely, if (fo(M/R) = 0, (f1(M/R) = R for the finitely generated R-module M then it follows from (5.32) that M is torsion-free, hence M ~ O(R)® RM, M is O(R)-isomorphic to a non-zero fractional ideal of R. (b) Clearly, for any R-fractional ideal of the unital commutative ring R multiplication of by a unit e of o(R) constitutes an R-isomorphism of the with the R-module eo defined by the R-fractional ideal eo. R-module Conversely, let IJ:OI -+02 be an R-isomorphism of the R-fractional ideals or 01 contains an 1 2 and let R be entire. Then either 10 1 = 01 = 02 = element x"# and we have 0 1 "# 0,0 2 "# and IJ(x) = ex, where e = IJ(x)x- 1 is an element of .Q(R). Moreover, for any element y of 01 there are elements x', y' of R satisfying x' "# 0, v'/x' = v/x, y'x = x'y, IJ(Y'x) = y'IJ(x) = IJ(x'y) = x'IJ(Y), IJ(Y)/'7(x) = y'/x', IJ(Y) = ex(y'/x') = ey. Because of 02 "# it follows that e "# 0. There are non-zero elements n, eI ' e2 of R satisfying no I ~ R, e = e l e2 I, hence ne 20 2 = ne2eol = el(nad ~ R so that 02 is an R-fractional ideal.

°

° ,°

°

°

°

°

°

°

289

Dedekind rings and orders

(c) It is clear that the equivalence of R-fractional ideals is reflexive, symmetric, and transitive for any unital commutative ring R. Moreover, the equivalence is multiplicative in the sense that a; ~ Ra;- 3 A;E U(.Q(R)): a; = A;a; (i = 1,2) implies a/l a/2 = AI A2a l a 2 with AIA2 in U(.Q(R)) so that a/l a2~Rala2. It follows that the equivalence classes of R-fractional ideals with zero exponent ideal form a unital commutative semigroup <£(91), the so-called class semigroup. Its unit element is the equivalence class formed by the principal ideals RIl generated by a unit Il of .Q(R). The class semigroup is a group if and only if the R-fractional ideals with zero exponent ideal form a group. In case R is entire that means that R is a Dedekind ring. (d) It suffices to deal with the case that 0 c a ~ R. There is a non-zero element a of a, so that 0 c Ra ~ a. By Ra-localization we obtain the semilocal ring R=RI(R\PluP2u .. ·ups), where PI,P2, ... 'Ps are the finitely many distinct prime ideals containing a. It is a principal ideal ring and contains the ideal aR such that aR = bc- I R with 0 i= bER, 0 i= cER, cR + aR = R,

aR n R = a = aR + bR. (e) If the R-rank of MIM' is I then we know already from (a) that MIM' ~ Ra, where a is a non-zero ideal of R. Also we always have M=R®RM, a®Ra-I~RR, hence M=a®R(a-I®RM), M'= a®R(a- 1®RM/), a-I ®RM/a-I ®RM' = a-I ®RM/M' ~Ra-I ®Ra ~RR. Thus there is an element u of a - I ® R M satisfying Ru/a- I ®RM' ~Ra-I ®RM/a-1 ®RM', so that a-I ®RM = Ru a-I ®RM', M = a ® RRu M'. If the R-rank of MIM' is greater than one then there is a maximal one among the R-submodules M of M containing M' for which NI splits over M' and MINI is non-zero torsion-free. It follows that MIM is of rank one and thus M splits over M, M splits over M'. Note in particular that

+

+

(5.40) for some R-torsion free submodule Mo of M in case M is an R-module with finitely generated factormodule over TorR (M). (f) It follows from (e) that

(5.41) where r is the R-rank of M and a l , ... ,a, are non-zero ideals of R. Hence, (fo(a;) = 0, (f1(1l;) = R (I ~ i ~ r) and (f) follows from exercise 20. We add the remark that in case r> I it is always possible to find a decomposition

M = RVI

+RV2 +... +RV,_I +M,

(5.42)

of M into the direct sum of r - I cyclic R-submodules Rv; i= 0 (I ~ i < r) and one R-submodule M, which is R-isomorphic to a non-zero ideal of R. For this purpose it suffices to study the case that M = a I EB 112 is the algebraic

290

Maximal order

°

sum of two non-zero ideals 1,02 of R and to find an element v of M such that Rv =I 0 and MIRv is torsion free. But there is a non-zero element VI of 1 and a non-zero element v~ of VI 0,1 02, hence by (d) there is an element V2 of 02 for which 02 = Rv~ + RV2' Setting v = VI EEl V2 we attain our purpose. (g), (h) follow from (5.28). 0

°

5. Extension of the index ideal concept In case M I, M 2 are two R-submodules of the finitely generated R-module M over the Dedekind ring R and that the module M 2/ M 11'1 M 2 is R-torsion we extend the definition of the index ideal as follows: (5.43a) Thus the index ideal is defined as an R-fractional ideal also in many cases for which M 2 is not contained in M I' In case of M 2 ~ M I the new definition coincides with the earlier one. We observe that for any R-submodule M' of MII'IM2 for which M 2 /M' is R-torsion we have (M I :R M 2) = (M I :RM')(M2:RM')-I.

(5.43b)

This is because of (M I :RM') = (MI :R M I I'IM 2)(M I I'IM 2:R M'), (M 2 :RM') = (M2:RMI I'IM 2)(M I I'IM 2:R M'), 0 C (M I I'IM 2:R M') ~ R. It follows that

(M I:RM 2 )(M 2 : RM 3 ) = (M I:RM 3 )

(5.43c)

in case M I, M 2, M 3 are three R-submodules of M for which the R-factormodules M 1/M 11'1 M 3, M 2/ M 11'1 M 2 and M 3/M 21'1 M 3 are R-torsion. Indeed, in that case we have the R-isomorphism M 21'1 M 3/M 11'1 M 21'1 M 3 ~ (MII'IM2)+(M21'1M3)/MII'IM2' The right-hand side is contained in M2/MI I'IM2 so that it is R-torsion. Hence both M3/M21'1M3 and M21'1M3/ M 11'1 M 21'1 M 3 are R-torsion. Hence M 3/M 11'1 M 21'1 M 3 is R-torsion. A fortiori, M 3/ M 11'1 M 3 is R-torsion. Therefore all three index ideals of (5.43c) are defined. Moreover, M 2/ M 11'1 M 21'1 M 3 is also R-torsion so that upon using the rule (5.43b) with M' = M 11'1 M 21'1 M 3 we obtain

(M I:RM 2)(M 2 : RM 3 ) = (M I :RM')(M 3 :RMr 1= (M I:RM 3 ). From (5.43c) we gather the rule

(MI :RM 2 )(M 2:RM I) = R

(5.43d)

in case both M d M I 1'1 M 2 and M 21M 11'1 M 2 are R -torsion. 6. Norms of ideals

Definition (5.44) Let R be a Dedekind ring and let A be a commutative R-order of R-rank n.

Dedekind rings and orders

291

Then the norm of any A-fractional ideal a is defined as the index ideal of A over a: NA/R(a):= (A:Ra). We observe that the norm of a A-fractional ideal a over R is an R-fractional ideal which is not zero precisely if a is of maximal R-rank n. If a is principal, say a = rxA, then we have NA/R(rxA) = NO(A)/Q(R)(rx)R. Hence we have the multiplicativity (5.45) of the norm ideal for A-fractional ideals a, b in case a is principal. More generally speaking (5.45) holds in case the A-fractional ideal a is invertible relative to A (see exercises 29-33). The same is also trivially true if a is of R-rank less than n since in that case both NA/R(ab) and NA/R(a) vanish. On the other hand (5.45) does not hold for all A-fractional ideals b in case a is a A-fractional ideal of R-rank n which is not invertible relative to R and A can be properly embedded into an R-maximal order of .Q(A). This is because by a theorem of Dade, Taussky and Zassenhaus (see exercise 34) the A-fractional ideal an-I is invertible relative to its order Al = [an-I/an-I], an R-overorder of A in .Q(A) that contains A properly. Namely, in that case we have N A/R(a 2(n-I)

= (A: Ra 2(n-l) = (A:RAI)(A I :R a2 (n-I) = (A:RAdNA'/R((an-I)2) = (A:RAdNA,/R(an-lf.

On the other hand, (5.45) would imply that NA/R(a 2(n-I) = NA/R(an-Ian-I) = (NA/R(a n- I»2 = (A:Ra n- I)2 = ((A:RAI)(A I :Ra n- I»2 = (A:RAI)2(NA'/R(a n- I»2, hence, (A: RA I)=(A: RA I)2,

(A:RA1)=R,

A=AI'

a contradiction.

7. The arithmetic radical of an order The Jacobson radical of a Dedekind ring R with infinitely many prime ideals is zero. It follows that the Jacobson radical of any order A over such a Dedekind ring is zero, too. On the other hand the Jacobson radical of a semilocal Dedekind ring is not zero. It follows that the Jacobson radical of a Dedekind ring is not localizable. For orders over Dedekind rings we also have to consider the effect of inseparability which will prevent localizability of the Jacobson radical even over some orders over local Dedekind rings. We assume from now on that for the orders A considered the regular trace bilinear form of .Q(A) over .Q(R) is non-degenerate.

292

Maximal order

Definition (S.46) The discriminant ideal T:J(A/R) of A is defined as the index ideal of Al over R: T:J(AjR):= (A 1 :RA).

(S.46a)

The arithmetic radical AR(A) of A is defined as the intersection of the maximal ideals of A containing the discriminant ideal. The reduced discriminant ideal T:Jo(AjR) of A is defined as the exponent ideal of the R{actormodule Al/A: T:Jo(A/R):= n«Al/A)/R).

(S.46b)

We shall see in (S.49) that the new definition of discriminant ideals generalizes the one given in chapter 2. All three concepts: discriminant ideal, arithmetic radical and reduced discriminant ideal are invariant under localization. For any subsemigroup S of R\{O} we have

T:J(~/~) = T:J(AjR) SS

S'

AR(~/~) = AR(AjR) SS

S'

T:J

(~/~) = T:Jo(A/R)

o S

S

s' (S.47)

as the reader will easily verify. We generalize (S.46a). For any R-submodule M of .Q(A) the discriminant ideal of Mover R is defined as

T:J(M/R):= (Ml:RM).

(S.48a)

It follows invariance under localization

T:J(M/~) = S

S

T:J(M/R) S'

(S.48b)

as well as the index discriminant rule (S.48c) for any two R-submodules M \' M 2 of .Q(A) of maximal R-rank. It is implied by the dual-index rule (S.48d) in accordance with

T:J(M2/R) = (Mi:RM2) = (Mi:RMi)(Mi:RM d(M \:RM 2). The dual-index rule itself is a consequence of the involutory rule

(Ml)l

= M,

(S.48e)

and the index multiplicativity (M \ :RM 3) = (M \ :RM 2)(M 2:RM 3)'

(S.48f)

both of which were demonstrated before. As a consequence of (S.48f) we must show (S.48d) merely for the case that M 2 is a maximal R-submodule of M I' But in that case it follows from (S.48e) that Mi is a maximal R-submodule

293

Dedekind rings and orders

of M~. Moreover the exponent ideal of MdM2 is a maximal ideal p of R. Because of pM I £ M 2 it follows that pM~ £ Mf, hence n((Mi/Mf)/R)=p. Now the maximality of M2 in M I , Mf in Mi implies M dM2 '::::!.RR/p '::::!. RMi/Mf, hence (M I:RM 2) = (Mi:RMf). Lemma

(5.49)

The discriminant ideal 'n(M/R) of any R-submodule M of .Q(A) over R equals the Rjractional ideal generated by the determinants (5.50)

where Tr denotes the regular trace of .Q(A) over .Q(R), n = dimC(R).Q(A), and uI, ... ,un,vl, ... ,vn are any 2n elements of M. Proof Using localization it suffices to prove the lemma only for local Dedekind rings. But for such Dedekind rings there is an R-basis b l , •.• ,b" of M so that the ideal generated by the determinants given in (5.50) equals the principal R-fractional ideal det ((Tr (bjbk»1 ';i.h;,,)R. Moreover, there is the R-basis C I , ... 'C n of M.1 that is dual to b\l'" ,bn in accordance with the equations Tr(bjCk) = b jk (i, k = I, ... ,n). Hence, we have equations n

bk =

L UjkCj

with

UjkE.Q(R)

(I ~ i, k ~ n)

i= 1

so that

Tr(bjbk) = Tr(bjjtl UjkCj) = jtl Ujk Tr(bjc)=Ujk>

det ((Tr (bjbk»)=det ((u jk»,

'n(M/R) = det ((Tr(bjbk»)R = det ((ujk»R = (M.1 :RM).

0

The arithmetic radical AR(A) of the order A over R contains per definition the ideal 'n(A/R)A such that the factorring is the Jacobson radical of the factorring of A over 'n(A/ R)A: AR (A)/'n(A/ R)A = J(A/'n(Aj R)A).

(5.51)

In case A is commutative, or even if it is only known that the factorring of A over AR(A) is commutative it follows that the factorring A/AR(A) is the algebraic sum of finitely many fields each of which is a finite extension of a field R/p where p is one of the prime ideal divisors of 'n(AjR). If R is local and if the maximal ideal p of R is known, then AR (A) can be computed from the formula AR (A) = {xEA!'v'YEA:Tr(xY)Ep}

(5.52)

provided that the characteristic of R/p is either zero or greater than n. This follows from the remark that the regular representation of A over R leads

294

Maximal order

to a representation of A/AR (A) of degree n over R/p for which none of its multiplicities is divisible by the characteristic of R/p. The arithmetic radical of a commutative order A is an indicator of the maximality or non-maximality of A according to (5.53) Lemma The commutative order A over the Dedekind ring R with discriminant ideal !l(AjR) #0 is maximal if and only if [AR (A)/AR (A)] = A.

Proof We note that for any order A over R the discriminant ideal!l(AjR) is defined as the ideal of R generated by all expressions (5.50). But !l(A/R) is zero unless the regular trace bilinear form of .Q(A) over .Q(R) is non degenerate and in the latter case we have !l(AjR) # O. Now let A be commutative. Then A is embedded into the maximal R-order A I = CI(R, .Q(A)) of .Q(A) so that A ~ 1\':= [AR(A)/AR(A)]

~

(5.54a)

AI' We assume that (5.54b)

and want to show that

Acl\'.

(5.54c)

Since all concepts used are localizable we can assume without loss of generality that R has precisely one non-zero maximal ideal, say p. It follows that AR (A) = J(A) and that the exponent ideal of the R-module AI/1(A) is a p-power: n((A I/1(A))/R) = PA, AEZ>o, 0 C pAAI ~ J(A), hence, J(AjpAAI) = J(A)/pAA I, the factoring of J(A) over pA A I is nilpotent, hence there is a natural number fJ. satisfying J(A)/J~p),I\I' J(I\)/JI\I ~P),Af =P),I\I ~J(A). For J(A)I\I ~ J(A) we have Al ~ 1\', I\' = AI, A c 1\'. For J(A)AI i J(A) there is an index P.'EZ>I satisfying J(A)/J'AI ~J(A), J(A)/J'-IA I iJ(A), so that there is an element x of J(A)/J'-IAI for which x~J(A), x/pAAI is nilpotent, x~A, xJ(A) ~ J(A)'" A I ~ J(A), XEI\', I\' => A. 0 Of course the lemma also yields a method of embedding the commutative order A into its maximal order (5.54a): Either [AR(A)/AR(A)] = A and A itself is the maximal order Al or I\' = [AR (A)/AR (A)] => A, in which case we continue with I\' in place of A. However, in general the computation of AR (A) is too time and storage consuming. Even if AR (A) is already at hand, the computation of [AR(A)/AR(A)] consumes more time and storage than the method presented in the next section as experience has shown. On the other hand, in the special case A = A/lemma (5.53) yields a very useful criterion which was already known to R. Dedekind.

Dedekind rings and orders

295

Criterion (Dedekind) (5.55) Let R be a local Dedekind ring with p = nR as its only non-zero maximal ideal and let f be a monic separable polynomial of R[t] with n = deg (f) > O. Let

n

f == " gl mod (pR[t])

(5.55a)

;= 1

be the congruence factorization into a power product of monic polynomials YI' ... ,y" over R that are mutually prime and separable mod (pR[t]). Then we

have

n g;(~)AJ' II

J(A J) = pA J +

(5.55b)

;= 1

where II

~=

tlf(t)R[t],

AJ =

L

R~; -

(5.55c)

I,

;= 1

and f(t) -

n" y;(t); = nh(t)

(h(t)ER[t]).

(5.55d)

;= 1

The equation order AJ is maximal precisely if h(t) is prime to pR[t].

ni'= 2 g;(t) modulo

Proof Because of (5.55a) it follows that the element 11 = ni'= 1 g;(e) satisfies the congruence 1/" == 0 mod (pA J ) so that l1EJ(A). Hence the right-hand side of(5.55b) is contained in the left-hand side so that we have y(e) == OmodJ(A J ) for y = ni'= 1Y;· Since AfIVR ['] = AJ/pA J it follows that the minimal polynomial qf e modulo pA J equals fmod(pR[t]). On the other hand, it divides mod (pR[t]) any polynomial j(t)E R[t] satisfying j(e) == 0 mod pA J. Because of the nilpotency of J(A J) modulo pA J it follows that some power of the minimal polynomial of e mod J(A J) [t] will be contained in pR[t]. Hence, that minimal polynomial equals y mod pR[t]. Thus (5.55b) is established. Any element x of [J(AJ)/J(A J)] satisfies the condition xpA ~ J(A J), therefore it is congruent to an element of the form y = n- Ig(WI(e) withjl(t)ER[t], degUd<deg(f)-deg(y), modulo the R-module A J . But it also satisfies the condition yy(e)=n- l g 2(WI(e)EJ(A J ). Hence, jl ==j2ni=3gl-2modp[t], where j2 is a polynomial of R[t] of degree less than Li = 2deg(g;) so that y is congruent to an element z of the form z = n - Ij2(~)g 1(~)g2(~) ni= 3g;(e); - 1 modulo the R-submodule A J of [J(AJ)/J(A J )]. Now we obtain the condition

n y;(e); II

zy(~) = n- 1j2(e)YI(e)

i;;l

= j2(e)YI(e)h(e)EJ(A J)

which can always be satisfied in a non-trivial way unless II is prime to g;

296

Maximal order

o

modulo pEt] for all i = 2,3, ... ,no The Dedekind criterion turns out to be extremely useful, since experience has shown (see [3], [4], for example) that most local equation orders are maximal and the application of the criterion weeds out all those happenings with little computational effort (see also example (6.8». For the remaining cases it was first discovered by R. Land experimentally that the reduced discriminant can be used in many situations in place of the discriminant with much less computations involved. For example, the arithmetic radical of the R-order A can also be defined as the intersection of all maximal ideals of A containing T:!o(AjR)A. This is because the exponent ideal of finitely generated modules over a commutative ring R is contained in the same maximal ideals of R as the order ideal, due to the existence of the elementary divisor normal form of finitely generated modules over Krull valuation rings. The computation of the reduced discriminant usually requires a greater effort than the computation of the discriminant ideal itself. However, in the important case of equation orders we have (5.56) Let R be a Dedekind ring and f(t)ER[t] be monic, separable of degree n> 1.

Lemma

Then the Euclidean algorithm in O(R)[t] yields an equation Xf + YD,(f)

= I,

(5.57a)

with polynomials

x = X(f, D,(f))EO(R) [t],

Y

= Y(f, D,(f)EO(R)[t],

(5.57b)

uniquely determined by the degree conditions deg(X) < deg(D,(f»,

deg(Y) < n = deg(f).

(5.S7c)

Then the R-fractional ideal generated by the coefficients of X, Y is the inverse of the reduced discriminant ideal. Proof Because of the localizability of the concepts used it suffices to deal with the case that R has just one non-zero maximal ideal, say p = 1[R. Since both polynomials f, D,(f) have coefficients in R it follows that the coefficients of X, Y generate an ideal of the form p-A with A.E~;'o, thus we have an equation (S.57d) where X I, Y1 are polynomials of R[t] with coefficients that are not all divisible by 1[. The equation (S.S7d) implies that YI(~)D,(f)(~)

= 1[A

(~= tl.f(t)R[t]EAf)'

(S.S7e)

Dedekind rings and orders

297

We have already seen earlier that D,(f)(e)A~ £ A J , hence nAA~ £ A J ,

nAE'J.)o(AJ/R). Conversely, if nA'E(fo(AJ/R) (A'EZ"o, X~A), then we have n A' A~£AJ' But we also saw that D,(f)(e)-IEA}, hence nA'D,(f)(e)-tEA J , so that there holds an equation Y2(e)D,(f)(e) = n A', where Y2(t)E R[t] is of degree less than n. Hence, there also holds an equation X 2(t)f(t) + Y2(t)D,(f)(t) = n A' with X 2(t)ER[t] of degree less than deg(D,(f». Since (5.57a, b) are unique under the degree condition (5.57c) it follows that X 2 = X I> Y2 = YI, ..1= X. 0 As a consequence of lemma (5.56) we obtain the reduced discriminant of a separable monic polynomial f by the usual Euclidean division algorithm applied to f, D,(f) over .Q(R) and a simple computation with the coefficients of X(f, D,(F», Y(f, D,(f)) whereas the discriminant computation of f needs pseudo-division, hence a much more careful inspection of each division step.

8. Structural stability

Lemma (5.58) The embedding of an order A over a Dedekind ring R into an R-overorder Al of the same R-rank is stable in the following sense: Let a be an ideal of R contained in the square of the exponent ideal n = n«AdA)/R) #- 0 of AdA over R. Let A be an R-order and let a:A ~ A be an R-isomorphism of the Rmodule A on the R-module A satisfying the congruence condition a(xy) == a(x)a(y)mod(aA) (x, YEA). Then there is a unique extension r:A~A of a to a .Q(R)-isomorphism of the .Q(R)-module A = .Q(R)®RA on the .Q(R)-module A = .Q(R) ® R A such that the restriction of r to A I yields an R-overorder Al = r(AI) of A in its central quotient ring A. Proof Since A is a torsion-free R-module the unique extendability of a to r is obvious. Let A, = r(A d. Because of nA, £ A it follows that nAt

£A.

Let xt,Yt be any two elements of AI' By definition there are elements XI>YI of At satisfying r(xt)=xl> r(Yt)=YI' Now nAI £A implies for any two elements A, J.I. of n:

x:= Axl EA,

y:= J.l.y, EA,

a(x) = r(x) = AXI EA, a(y) = r(y) = J.l.YI EA

and by assumption

aA3a(x)a(y) - a(xy) = r(x)r(y) - r(xy) = r(Ax dr(J.l.yd - r«Axd(J.l.YI» = AJ.I.(r(x t)r(YI) - r(x,YI» = AJ.I.(x,h -ill, where x,y, = z, EA" r(z,) = i, Er(Ad = A,. Hence,

aA;2n 2(x,y,

-id,

n-2aA~xIYl -ii'

298

Maximal order

By assumption we have u £; n 2 i:- 0, hence n- 2 u£;R,

A2n- 2 uA,

Xdil-i1EA,

o

The application of lemma (5.58) is as follows. Let Af be the equation order of the monic separable polynomial f(t) of positive degree n over the Dedekind ring R and let l(t)ER[t] be another monic separable polynomial satisfying

do(f)/do(J)E U(R),

(5.59a)

1=fmod(do(f)2R).

(5.59b)

We note that the reduced discriminant ideal do(f)R is contained in the exponent ideal of the factormodule of the integral closure Cl(R, Af) in the central quotient ring O(Af) = O(R) [t]/f(t)O(R) [t] = Af over A f . We remark that Cl(R,A f ) consists of certain linear combinations L?=l ..ti~i-lEO(R)[~] for ~ = t/f(t)R[t]. According to the lemma applied in both directions (from A = Af to A= Al and from Ato A) it follows that the maximal order Cl(R, AI) of A,consists of the very same linear combinations :L/= 1 ..tli - 1 EO(R)[~] for ~ = t/l(t)R[t] as are used to compute Cl(R, A f)' In other words: the task of embedding Af into its maximal order is equivalent to the task of embedding Al into its maximal order. Regarding the condition (5.59a) on the reduced discriminants off, it is a consequence of (5.59b) in case R is semilocal so that J(R)3d o(f). In fact, we have the stronger statement:

1

Proposition

(5.60)

Let f(t) be a monic separable polynomial of positive degree n over the semilocal Dedekind ring R such that do(f) is contained in the Jacobson radical J(R) of R. Then any monic polynomiall(t)ER[t] satisfying the congruence condition

1 =f

mod (do(f)J(R))

(S.60a)

is separable over R such that (5.59a) holds.

Proof We observe that

do(f)R

= (R[t]f(t) + R[t]D,(f)(t»n R.

(5.61)

This is because by definition do(f) is uniquely presentable as a linear combination

do(f) = Xf + Y D,(f),

(S.62a)

with polynomials X, Y ER[t], such that

deg(X) < deg(D,(f),

deg(Y) < n,

(5.62b)

and the greatest common divisor of the coefficients of X, Y is one. Hence the element do(f) of R is contained in the ideal of R[t] generated by f, D,(f).

Dedekind rings and orders

299

On the other hand, any presentation a = X t! + Y 1D,(f) (X l' Y 1E R[t]) of an element aE R gives rise to a division with remainder Y1 = Q(Y1,f)1 + R(Y1,J) (Q(Y 1, f), R(Y1,J)ER[t], deg(R(Y1,J)) < n) and to the equation

a = X d + Y2D,(f),

X2

= Q(Y1,J)D,(f) + Xl,

Y2 = R(Y1,J)

(5.63a)

with deg(Y2 ) < n, hence deg (X 2) < deg (D,(f)).

(5.63b)

Because of the uniqueness of the presentation 1 = do(f) - 1 XI + do(f) - 1 Y D,(f)

(5.64a)

derived from (5.62a) in O(R)[t] and in view of the degree conditions deg (do(f) - 1 X) < deg (D,(f)),

deg (do(f) - 1 Y) < n

(5.64b)

derived from (5.62b) it follows from (5.63a, b) that X 2 = AX, Y2 = AY with A in O(R). In fact A is the greatest common divisor of the coefficients of X 2, Y2 over R. Since by construction both X 2, Y2 are in R[t] it follows that A is in R, do(f) divides a, (5.61) is established. Because of the invariance of the concepts used in proposition (5.60) under localization it suffices to prove it only for the case that R is a local Dedekind ring with just one non-zero maximal ideal p. According to (5.60a) there holds an equation

1=

J+ do(f)g,

(5.65)

where the polynomial g(t) is in pEt] with deg (g) < n. Hence

D,(f) = D,(]} + do(f)D,(g),

(5.66)

and upon substitution of (5.65), (5.66) in (5.62a) we obtain the equation

X]

+ YD,(]) = do(f)(1 - Xg - YD,(g)).

(5.67)

If ] is inseparable, then the greatest common divisor of ], D,(]) is a non-constant monic polynomial of R[t] dividing do(f) modulo (do(f)p[t]), obviously a contradiction. Hence, J must be separable, say do(])R = pAR for some AE1:;'o, (5.68) for some polynomials X, YER[t] with gcd(X, Y)= 1. For ,1.=0 we obtain do(])ldo(f). For A> 0 we derive from (5.67) upon multiplication by 1+ r,t::1 (Xg + YD,(g))i and substitution of (5.68) an equation of the form X J + Y1D,(]) = do(f) (X " Y, ER[t]) which shows in view of (5.61) (for lin place of f) that do(])ldo(f). Similarly we show that do(f)ldo(J). (Note that (5.59b) also holds with I and] reversed.) Hence (5.59a) is proved. D

Maximal order

300

9. Reducible polynomials

If the monic separable polynomial I(t) over the Dedekind ring R permits a factorization I =Id2 into the product of two monic non-constant polynomials II J2 E.o(R) [t], then both factors already belong to R[t]. This is because for the universal splitting ring A = S(fI/S(f2/.o(R))) the generating root symbols Xhi (1 ~ i ~ deg (fh) =: nh, h = 1,2) entering the defining factorizations Ih(t) = ni'~ I (t - x h;) (h = 1,2) satisfy the monic equation I(X"i) = 0 over R so that they belong to the integral closure Cl(R, A) and hence the coefficients of Ih belong to the intersection of Cl(R, A) with .o(R) which is R because of the integral closure property of Dedekind rings. Due to the separability of I it follows that both 11,J2 are separable and mutually prime in .o(R)[t] so that we have the algebraic decomposition A f = .o(R) [t]/I(t) .o(R)[t] = Afl Et) Ah with A flo = .o(R) [t]/Ih(t) .o(R)[t] (h = 1,2). As was shown before we obtain the idempotents eh = l AI " (h = 1,2) serving to define AJr. = ehA f by means of the Euclidean division algorithm applied to 11,J2 over .o(R) leading to an equation adl + ad2 = 1 with a"E.o(R)[t] and to eh=a3-h(~)/3-"(~) for ~=t/.r(t).o(R)[t] (h= 1,2). It follows that CI(R, A f) = CI(Re I' A f,) Et) CI( Re2, A fJ Let us suppose that we have solved the embedding problem of the R-order Af " into the maximal order Af .. := Cl(R, Af ,,) already, say by means of establishing an R-basis of the form Whl , ... ,whn" such that k

Whi =

L

j~

I

Ihij~t I ({3hijE.o(R), 1 ~ j ~ k, 1 ~ i ~ nh, h = 1,2),

(5.69)

with ~h = t/lh(t).o(R) [t]. Then we set ~h = eh~ (h = 1,2) and use the n l + n2 = n = deg (f) elements W hi (I ~ i ~ nh , h = 1,2) as R-basis of Af = Cl(R, Af)' Of course, the new ~-basis does not have the canonical form of an R-basis WI' ... ,W" of Af for which we demand that i

Wi =

L {3ij~j-1 j~

({3ijE.o(R), 1 ~j ~ k, 1 ~ i ~ n).

(5.70)

I

But, provided that R is a principal ideal ring, it is always possible by means of presenting ~h = a3-h(~)/3-hW~ in the normal form ~h=

L" IY.hj~j-1 j~

(lY.hjE.o(R),I~j~n,h=I,2)

(5.71)

I

and substitution of (5.71) into (5.69) to present the basis w; = w li (1 ~ i ~ nl)' +i = W2i (I ~ i ~ n2) in the normal form w; = L'J~ I {3;P-I. By means of Hermite row reduction of the quadratic matrix ({3;) we obtain a reduced matrix ({3ij) with all entries above the diagonal being zero. This leads to a canonical R-basis (5.70) of Af . This construction will be tautly adopted in step 4 of section 6. W~,

301

Dedekind rings and orders

10. The Hensel lemma The structural stability lemma (5.58) of course applies to any situation in which the monic separable polynomial f(t) of positive degree n over the semilocal ring R is modified modulo a suitable ideal a of R contained in J(R) to a monic polynomial say l==fmod a[t]. Whenever a is contained in do(f)2R we are entitled to use a canonical R-basis Wi (1 ~ i ~ n) of CI(R, A J) of the form

1.

i

WI =

L {3ij~j-1

(Ai = O(R) [t]/l(t)O(R) [t], ~ = t!l(t)O(R) [t],

j= I

{3ijEO(R), 1 ~j ~ i, 1 ~ i ~ n)

in order to produce the canonical R-basis Wi (1 I

WI =

L {3iP-1

(1 ~ i ~ n, Af

~

(5.72)

i ~ n) ofCI(R, A f) of the form

= O(R) [t]/f(t)O(R) [t], ~ = tl.f(t)O(R) [t]).

j= I

(5.73) The main application is made in case a congruence factorization

f == flOf20 mod bEt]

(5.74)

of fis known modulo an ideal b of R contained in J(R) such that f10'/20 are two non-constant monic polynomials for which an equation

alOflO + a20 f20

= 1 + aOO (aiO ER[t],O ~ i ~ 2,a oo Eb[t])

(5.75)

is given which expresses in a constructive manner the idea that flO' f20 are mutually prime modulo b[t]. It is evident from the description that an immediate application of the structural stability lemma and of the results of subsection 7 on reducible polynomials is out of the question since the ideal b may not be contained in do(f)2 R. It becomes therefore necessary first to raise the congruence modulo b to a suitable power of b contained in do(f)2 R. That this can always be done is the assertion of Hensel's lemma

(5.76)

Let R be a unital commutative ring, b an ideal of R, andf, flO' f20ER[t] monic non-constant subject to (5.74), (5.75). Then for every kEf\! there holds a congruence factorization (5.76a) (flk,f2kER[t] monic non-constant) satisfying the coherence condition fik == flO mod bEt]

(i

= 1,2)

(5.76b)

and an equation

+ a2kf2k = 1 + aok (aikE R[t], deg (aik) < deg (f3 _i.k), i = 1,2, ao kEb 2k [t]). alkflk

(5.76c)

Maximal order

302

Prool We show how to obtain the result for k = I. The rest is done by inliuction on k. We try to obtain Iii in the form Iii = liO + diO

(diOEb[t], deg (diO) < deg (fiO)'

i = 1,2)

(S.77)

which already meets the coherence condition (S.76b) for k = 1. The congruence condition (S.76a) for k = 1 then becomes do:= 1-/10/20 == I 10 d20 +120dlO mod b 2[t], which is essentially met by setting dio:= a3-i,odo (i = 1,2) because of (S.74), (S.7S). However, the degree condition requires that we replace d10 by its remainder upon division by liO: diO := R(d10, liO)' We note that both quotient Q(d10,fiO) and remainder diO are in bEt] (i = 1,2). Thus we get

d I:= I - II ti21 =1- (flO +d IOH/20 +d 20 ) = do - l IO d 20 - 120d 10 - d IOd20 = do - llOd!o - 120d! 0 - d IO d zo +llOlzo(Q(d! 0 JIO)+ Q(d!OJ20»' where we already know that the first term on the right-hand side is in bl[t]. On the other hand, the left-hand side is of degree less than deg (f) = deg (fl d + deg (fll)' A lortiori, the left-hand side is of degree less than deg(/ll) + deg(/12) modulo bl[t]. Hence the same is true for the righthand side. But IlOilO is monic of degree deg(f) modulo bl[t] yielding Q(d!o, 110) + Q(d!o, 110)Ebl[t]. Hence (S.76a) is satisfied for k = 1. Analogously we try to solve (S.76c) for k = 1 by setting

ail = aiO + biO

(biOER[t], i = 1,2).

(S.78)

This leads to the condition

+ blOH/lO + d lO ) + (alO + b20 )(110 + dlO ) = (a oo + blo/lO + blOl10 + alOd lO + alod10 ) + (blOdlO + blOdlO)Eb2 [t]

aol := (alO

1

which is solved by setting

biO =

-

aiO(aOO + alOd lO + alod10)Eb[t]

(i = 1,2).

(S.79)

Of course, the solution ail (0 ~ i ~ 2) of (S.76c) obtained in this way will in general not yet satisfy the degree condition. Hence we replace ail by R(ail ,f3-i,d = :a;1 (i = 1,2). Upon substitution into (S.76c) for k = 1 we obtain

(Q(a ll ,f2d+Q(a21,fll»/lllll

+ (a'll/ll

+a~till-I)Ebl[t],

hence Q(all,fl d + Q(all,fl dEbl[t], also implying a'i till + a~ till - IEb 2[t]. Therefore we meet the degree condition by substituting ail ~ a;\, aO I ~a/ll/ll +a~dl\-I (i= 1,2). 0

Dedekind rings and orders

303

II. Localization Throughout subsections 1-10 of this section we have used the localization argument which is based on the observation that for transition from a Dedekind ring R as base ring to the Dedekind ring R/S for any subsemigroup S of R\ {O} the concept of orders, arithmetic radicals, discriminant ideals, reduced discriminant ideals etc. remains invariant. A slightly different form of localization is introduced by means of

Definition (5.80) Let R be a Dedekind ring, A an R-order, and a a non-zero ideal of R. The Roverorder AI of A is said to be an a-overorder if a).A I S; A for some ..lEN. It follows that an a-overorder of A has the same R-rank as A. Both the order and the exponent ideal of the R-module AI/A contain some power of a. The intersection of the members of any system of a-overorders is an a-overorder. If the subring generated by two a-overorders of A is itself an R-order (as is the case if A is commutative) then it is an a-overorder of A. If the non-zero ideal b of R is contained in every prime ideal of R containing a then every a-overorder of A also is a b-overorder. For '!l(A/R) # 0 every R-overorder of A of the same R-rank is a '!l(A/R)-overorder and also a '!lo(AlR)-overorder. The connection with localization is established by

Lemma (5.81) Let R be a Dedekind ring, a a non-zero ideal of R, S. the subsemigroup of all elements XER satisfying xR + a = R (i.e. x/a is a unit of R/a). Let A be an Rorder. Thenfor every a /S.-overorder AI of AlS. of the same rank there is the aoverorder Al 1\ A = A I := {xEA I 13AEZ>o:a).x S; A} such that AI

Al

= S' •

(5.82)

Conversely, for every a-overorder AI of A wefind the a/S.-overorder AI/S. of AlS. such that AI/S. 1\ A = AI' Proof The order property of Al 1\ A follows from the remark that the exponent ideal of the R/S.-module AI 1\ AlS. contains a power of a/S., say (a/S.)IlAI £; AlS. for some IlEZ> o. Hence for any x of i\ I 1\ A we have a).x S; A for some AEZ> 0 and

(al'/S.)x s; AlS. implying al'x £; A. It follows that a"AI £; A. For x,y of AI we have a"x £; A, ally £; A, hence a"(x + y) £; A, a21l xy = (a"x)(a"y) £; A, a"xy s; A. Therefore Al is an a-overorder of A. By Landau's theorem (5.39d) there is an element a # 0 of a" satisfying aa - Il + a" = R. For any element x of Al we have a"x £; A/S., hence aXEA/S •. Hence there is PES. satisfying !XPXE A. By Landau's theorem there is an element y of !Xa - Il for which

304

Maximal order

yaa-I' + aR = aa-I', hence, YES., al'yflx ~ A, yflES., yflxEA I , xEAI/S. so that the first part of (5.81) is established. Conversely, let Al be an a-overorder of A. Then Al = AI/S. is an a/Saoverorder of A/S •. There is IlEN satisfying al'AI ~ A, (al'/Sa)AI ~ A/Sa' If for some element x of Al and for some AE£:>o we have a"x ~ A then we obtain al'x~A and also x=y/a with YEA I , aES•. Hence, aXEA I , al'x~A~AI' Rx = (aR + al')x = aRx + al'x ~ AI,xEA. 0

Definition

(5.83) Let R be a Dedekind ring, a a non-zero ideal ofR. Then the R-overorder Al of the R-order A is said to be a-maximal, if Al is an a-overorder of A and if any 0overorder of A containing Al coincides with AI' It follows from lemma (5.81) that the a-overorder Al of the R-order A is a-maximal precisely if AdS. is an a/S.-maximal order. If the discriminant ideal 'D(A/R) of the R-order A is not zero then the R-overorder Al is maximal precisely if it is a 'D(AjR)-maximal R-overorder of A. If in that case a is any non-zero ideal of R then any a-overorder Al of A also is an (0 + 'D(AjR»-overorder of A. Among the a-overorders of A contained in the R-overorder AI of A precisely one is maximal, viz. AI/Sa 1\ A. Let II be a natural number. For any collection of Il non-zero ideals a I' ... , 01' of R the overorders A dS.j /\ A(l ~ i ~ Il) generate the R-overorder AdS........ If Al is a maximal R-overorder of A then Al contains a maximal R-overorder A2 of A of the same R-rank as the R-rank of A. Furthermore, if 0 1 ,,,,, 01' are comaximal ideals of R with the property that some power of a I ... 01' is contained in (A 2 : RA) then we have

(5.84) where there holds the direct R-module decomposition

(5.85) This relation is the strongest expression of the localization argument in terms of the concept of a-overorders. It is used within the embedding algorithm of section 6 as follows. Let a monic separable non-constant polynomial f(t) be given over the Dedekind ring R. For the purpose of embedding the equation order AJ into its maximal order AJ = CI(R, .Q(R) [t]/ f(t).Q(R)[t]) one determines certain nonzero elements 0 1 , ••• of R such that the principal ideals OJ = OjR (1 ~ j ~ Il) of Rare comaximal and that (A/RAJ) contains a power of 0 1 .. ·aJ" The

,°1'

Dedekind rings and orders

305

algorithm provides a canonical R-basis I

wij =

L {Jljk~k k;1

I

({JljkEO(R), I ~ k ~ i, I ~ i ~ n, ~ = t/ f(t)O(R) [t])

(5.86)

of the armaximal R-overorder Af/S •. 1\ Af of Af (I ~ j ~ II). The final task is J • then to provide a canonical R-basis WI = I {Jlk~k- I ({JlkEO(R), I ~ k ~ i, I ~ i ~ n) of Af' But according to (5.85) the lin elements wij of (5.86) provide a system of generators of Af over R. Since ~i-I is contained in Af as well as in Af/S. J 1\ Af for j = I, ... , II, it follows that {Ju # 0, {Jijl # 0, {Jii 1 E R, {Ji;/ E R, moreover {JijiR contains some power of a l and {JII I is equivalent to OJ; I {Jlj/ . Hence, it suffices to find a linear combination

:n;

(5.87) with coefficients Aij in R and to set WI = Lj; I Ai)Wij (1 ~ i ~ n) in order to obtain a canonical R-basis of Af' For the purpose of solving (5.87) we form the I{J.-l of R and observe that elements Y,j = n~; h 'f'j .h.

L" YijR = R.

(5.88)

j; I

Assuming the existence of a Euclidean division algorithm in R we use it to obtain elements A.ij of R satisfying the equation (5.89) corresponding to (5.88). The equation (5.89) is tantamount with (5.87). In the next section we shall refer to the construction just described as amalgamation ofcanonical R-bases of the armaximal overorders (1 ~ j ~ II) to a canonical R-basis of A f .

Exercises I. Let F0 be a field. The formal power series ring in one variable t over F is defined as h . 0 t e rmg Fo[[t]] of all formal sums I:~Oajtj, where (adiEZ;'o) is any sequence of elements of F0, with operational rules co

co

i=O

i=O

I a/ = I b/-a co

I

i=O

ajt j +

j

= bIViEZ;'O,

co

co

i=O

;=0

I b/= I

(a j + by,

306

Maximal order

(a) Show that Fo[[t]] is an entire ring. (b) Which sequence of elements of F 0 corresponds to the unit element, which to the zero element, which to the negative of an arbitrary element of Fo[[t]]? (c) Show that the mapping I:Fo[t]->Fo[[t]]:L/=OaitiI->L/'=,oa/ subject to a i = 0 for i> II is a monomorphism. It is said to be the canonical monomorphism of Fo[t] into Fo[[tJ]. (d) Show that the unit group of Fo[[t]] is formed by all power series L/'=,oa/ with non-zero constant term ao. (e) The quotient field Fo((t)) of Fo[[t]] consists of all formal Laurellt series L= L/'=, -ooa/ (aiEFo,iEJ'.); there is an index t/(L) for each Laurent series different from 0 = L/'=, _ 00 Ot i such that t/(L)EJ'. and ai = 0 for i < t/(L). The operational rules for the Laurent series are obtained from those for the power series by substituting - 00 for 0 below the summation symbol. Show that the mapping i: Fo[[t]] -> Fo((t)):L/'=,oa/ I-> L/'=, _ ooaiti subject to a i = 0 for i < 0 is a canonical monomorphism of F o[[tJ] into F 0((1)). (f) Show that Fo[[t]] is a discrete Krull valuation ring of F o«t)) for the exponent valuation t/: F o((t)) -> J'. v {oo} of part (e).

2. Let R be a Krull valuation ring of the field F. Let E be a finite extension of .Q(R). (a) Show that the maximal ideal p of R generates a proper ideal of CI(R, E), and there is a finite basis b l ,b 2 , ••• ,bn • ofCI(R,E) modulo pCI(R,E). (b) Show that for any such basis the elements b l , b 2 , .•• , bn, are linearly independent over F. (c) Show that if R is discrete and if CI(R, E) is finitely generated over R, then the number II' equals the degree of E over F. 3. Let F 0 = IF p be the prime field of prime characteristic p > O. Let F be the subfield of IFp((t)) generated by t and by x = L/'=,ot pj '. Let R = IFp((t))(\F. (a) Show that x is algebraically independent of t and that R is a Dedekind ring with F as quotient field. (b) Let E be the subfield of IF p( (t)) generated by t and by y = L/'=, ot i'. Show that E is a purely inseparable extension of degree p over F such that E = F(y), yP = x. (c) Show that p:= tR is the maximal ideal of the local ring R. (d) Show that CI(R. E) = pCI(R, E) + Rp. (e) Show that CI(R. E) is not finitely generated over R. 4. Two ideals a l ,a2 of the unital ring A are said to be comaximal if they satisfy a l + a 2 = A. Show that (a) Any two distinct maximal ideals of A are comaximal. (b) Two ideals al' a 2 of A are comaximal, if and only if there are elements ajEaj (i = 1,2) satisfying a l + a2 = I. (c) Any two comaximal ideals ai' a 2 of A satisfy a l a 2 = a l (\ a 2 = a 2a l ,

A/(a l (\ a2 ) ~ A/a l ® A/a 2·

307

Dcdekind rings and orders

(d) If the finitely many ideals a I"

.. ,

as of A are pairwise comaximal then we have s

a l a 2 .. ·as = a l na 2n .. ·nas ,

A/(a l na 2 n .. ·nas ) ~ EBA/aj. i= J

5. The intersection J(A) of a ring A with its maximal ideals is called the Jacobson radical of A. Show that every ring epimorphism of A onto another ring i\' maps J(A) on J(i\'). 6. If the Jacobson radical of the unital ring A is already the intersection of finitely many maximal ideals al, ... ,as of A then show that a l ,a2, ... ,as are the only maximal ideals of A. In that case we have AfJ(A) ~ EB:= I A/aj, and the 2S distinct ideals ajl naj2 n .. · nal, (0 ~ r ~ s, I ~ i l < i2 < ... < i, ~ s) of A are the only ideals containing J(A). 7. For any two rings AI' A2 we have J(A I Efl A2) = J(AdEflJ(A2)' 8. A commutative ring is said to be simple if it is not nilpotent and if it contains no ideal other than itself and zero. Show that a commutative ring is simple if and only if it is a field. 9. A commutative ring is said to be semisimple ifit contains no nilpotent ideal different from zero and if the intersection of finitely many maximal ideals is zero. Show that (a) A commutative ring R =I: 0 is semisimple if and only if it is isomorphic to the algebraic sum of finitely many fields. (b) A commutative F-algebra over the field F is semisimple if and only if it is the algebraic sum of finitely many extensions of F. (c) A unital commutative F-algebra of finite F-dimension is semisimple if and only if its Jacobson radical is zero. 10. (E. Noether) Let ri:-O be a non-nilpotent minimal right-ideal of the ring A. Show that (a) r2 = r. (b) The left-annihilators of r in r, i.e. the elements p of r satisfying pr = 0, form a right-ideal of A which is contained in r. (c) The only left-annihilator of r in r is O. (d) For any non-zero element p of r we have pr = r. (e) For any non-zero element p of r there is an element e of r satisfying pe = p. (f) For the elements p, e of (e) we find that p is a left-annihilator of e 2 - e. (g) For the element e of (e) we find that (e 2 - e)A c r. (h) r = eA = er3e 2 = e i:- O. (i) What is the corresponding ('dual') statement for left-ideals?

II. Let F be a field. Show that (a) Every F-algebra H of finite F-dimension which is not nilpotent contains an idempotent. (Hint: use exercise 10.) (b) If the F-algebra H of finite F-dimension over F is a nilring then it is nilpotent. (Hint: use exercise 10.)

Maximal order

308

(c) The maximal nil radical NR(H) of an F-algebra H of finite F-dimension is nilpotent; it contains the Jacobson radical. Moreover, there are only finitely many maximal ideals of H containing NR(H), say 1 , ... ,0" and we have J(II/NR(H» = NR(H/NR(H» = 0,

°

H/NR(H) ~ 11/01 ® ... ® H/o" J(H/o;)=NR(H/o;)=O (1 ~i~s). (d) If H is a unital F-algebra of finite F-dimension then J(H) = NR(H) is the maximal nilpotent ideal of H. (e) If II is a commutative F-algebra of finite F-dimension then HjNR(H) is isomorphic to an algebraic sum of finitely many fields. 12. Let R be a unital commutative ring and A, M two R-modules. The most general R-bilinear form is defined as an R-linear mapping B: A ® R A -+ M. The orthogonal right B-complement of any subset X of A is defined as the set Xl of all elements y of A satisfying B(x ® y) = 0 for all x of X (notation: B(X ® y) = 0). The orthogonal left B-complement of X is defined as the set 1 X of all elements z of A satisfying B(z ® x) = 0 for all z of A (notation: B(z ® X) = 0). Show that (a)

x\ 1 X are R-submodules of A.

(b) Xl

= (RX)l,

1X

= l(RX).

(c) 1(X1);2 X,(l X)l;2 X. (d) (l(Xl»l = xl, 1«1 X)l) = 1 X. (e) Xs y~Xl;2 y1, lX ;2ly.

(f) (X u y)l = (RX + Ry)l, l(X U Y) = l(RX + R Y). (g) (X ( I y)l ;2 Xl + yl, l(X ( I Y);2 Xl + yl. (h) l(Xl ( I yl)

= 1(X1) + l(yl), (1 X (11 y)l = (1 X)l + (1 y)l.

(i) B is said to be non-degenerate if A 1 = 1 A = O. B is said to be symmetric if B(a ® b) = B(b ® a) for all a, b of A. B is said to be antisymmetric (skew symmetric) if B(a ® b) = - B(b ® a) for all a, b of A. Prove: if B is symmetric or antisymmetric then we have Xl = 1 X for any subset X of A, and B induces a non-degenerate bilinear form 8 on A/Al upon setting

8(a/Al®b/A1) = B(a®b) (a,bEA). (j) If b l , b 2 , • •• , b. is an R-generator set of A then B is symmetric if and only if the matrix (B(b i ® bk». ",;,k",. is symmetric. B is antisymmetric if and only if that matrix is antisymmetric. (k) If b., . .. ,b. is a finite R-basis of A and M = R then B is non-degenerate if and only if det (B(b; ® bk )) is a non-zero divisor of R. (I) If M I is an R-submodule of M then B induces the R-bilinear from

B: A ®RA -+M/M l:a®bJ-+B(a®b)/M I' (m) If A is a .Q(R)-module then B is a .Q(R)-bilinear form. (n) Let A be a .Q(R)-module with finite .Q(R)-basis b l , ... , b•. Then the .Q(R)bilinear form B is non-degenerate if and only if det (B(b i ® bk )) is a unit of .Q(R). (0) Let A be a .Q(R)-module with finite .Q(R)-basis bl, .. "b. such that det (B(b; ® bk )) is a unit of .Q(R). Then there is the uniquely determined dual

Dedekind rings and orders

309

.Q(R)-basis b~, ... ,b; of A satisfyingB(bi®bt) = c5 ik (1 ~ i,k ~ n), and we have A.L = L~= I Rbt for A = L~= I Rb k. Note that .L(A.L) = A.

13. The same notations as in 12 are used. Let A be an R-ring. (a) Let d: A -> .Q(R)Jx d be an R-homomorphism of A into the ring of matrices of degree dover .Q(R). Show that the d-trace Tr,1: A -> .Q(R):XH Tr (d(x)) is an R-linear form giving rise to the symmetric R-bilinear form B,1:A ®RA -+ .Q(R):x® yH Tr,1(xy) satisfying the admissibility condition

B,1(x®yz) = B,1(xy®z) (x, y, zEA). (b) Let B: A ® R A -+ .Q(R) be an admissible symmetric R-bilinear form on A. Then show that for any R-submodule A of A we find that [A\A]A.L £ A\ .LA[A/A] ~ .LA.

14. Let R be a unital commutative ring. The R-module M is said to be cyclic if it can be generated by one clement over R. Show that M is cyclic over R if and only if it is an R-epimorphic image of R. 15. Let R be a unital commutative ring. The R-module M is said to be Noetherian if every R-submodule of M can be finitely generated over R. Show that (a) Every R-submodule and every R-factormodule of a Noetherian R-module is Noetherian. (b) If both the R-submodule m of the R-module M and the R-factormodule Mlm are Noetherian then M is Noetherian, too. (c) (Lasker- McCaulay) If R is Noetherian then every finitely generated R-module is Noetherian. (d) Show the converse of (c).

16. (Hilbert) Let R be a unital commutative ring. An ascending sequence Mo ~ M I ~ M 2 ~ ••• of R-submodules of the R-module M is said to be afiltration of M if M = U~OMi' The corresponding grading of M is defined as the algebraic sum EB~oM; with M~ = M o, M; = M;/M i - I (iEN). (a) Show that for any R-submodule m of M there is the filtration mnMo £mnM I £ mnM2 ~ ... and thegradingEB~om;withmo = mnMo, m; = mn M;/mnMi_1 ~ M;(iEN) induced by the given filtration and grading of M. (b) Show that there are the grading epimorphisms t7o:Mo-+M~:UHU,

t7i: Mi-+ M;:uHuIM i _ 1 (iEN). (c) Show that two submodules X, Y of M satisfying X ~ Y coincide if and only if the given grading of M induces the same grading of X and of Y. (d) For every R-submodule m of M show there is the filtration M o/m £ M dm £ ... of Mlm induced by the given filtration of M. Describe the corresponding grading. (e) The polynomial ring R[t] in one variable t has the filtration M 0 ~ M 1 £ "', where M j denotes the R-module formed by all polynomials of degree ~ i. Show that the filtration splits inasmuch as M = R[t] = EB~oM; for M; = Rt j so that t7i(n=obktk) = b/. (f) For any ideal a of R[t] show we have t7j(anM;l = a/, where aj is an ideal of R

310

Maximal order

such that there is the filtration 00 ~ 0 I ~ 02 ~ (g) If R is Noetherian then R[t] is Noetherian.

...

of the ideal

U;x:, °OJ of R.

17. (a) Show that the transition from one finite generator set VI""'V" of the Rmodule M to another one can be done by a finite number of elementary changes: (i) Increase the generator set to VI>" ., V"' V" + I' where V" + I = Al VI + ... + A"v" is presented as a linear combination of VI' ...• V" with coefficients ..1.1 •...• ..1." of R. (ii) Decrease the generator set to V I> ...• V" _ I' if v" = Al V I + ... + ..1." - IV" - I is presented as a linear combination of Vi •... ' V" _ I with coefficients )'1 •...• ..1."-1 of R. (iii) Permute the generator set in anyone of the n! ways. (b) Suppose there is a relation matrix AER'x". Produce a relation matrix for anyone of the generator sets obtained by an elementary change. (c) Show that the elementary ideals of M remain unchanged for any elementary change. (d) For any epimorphism e of the finitely generated R-module M on the R-module M' show that it follows that M' is finitely generated over R and that 'fj(M'/R);? 'fj(M/R) (iEl'''o). 18. (a) If the ring R is Noetherian and r, is an R-epimorphism of RI X" on the R-module M then show that ker (r,) is finitely generated, say ker (r,) = Lf= I Rr:, r: = (Ail" .. , Aj "). so that the matrix A = (Ajk)E Rsx " is a relation matrix of M relative to the R-generators Vj = r,(rl) (I <:;; i <:;; II). (b) If there is a relation matrix A = (Ajk)ER sx " of M relative to the R-generators VI"'" V" then show that the elementary ideal 'fiM/R) is the ideal of R which is generated by the finitely many determinants det (..1.hij.)I';j.k.;,,-y subject to l<:;;h l g ~ min (S.II). Moreover, we have o for 0 <:;; g < min (s, n) 'f (M/R) = { . 9 R otherwise

19. (a) If M is a finitely generated R-module then 'fj(M/R) is the intersection of all 'fj«M/m)/R) for the R-submodules m of M. (b) For any R-module M define 'fj(M/R) as the intersection of all 'f;(M/m)/R) with many R-submodule of M with finitely generated factormodule M/m over R. (c) Show that 'fj(M'/R);? 'fj(M/R) (iEl' "0) for any R-epimorphic image M' of M. 20. Show that 'fj«M I EEl M 2)/R) = L~=O 'fiM I/R)'fj- iM 2/R) for any two R-modules MI>M2 and iEl'''o. 21. Show that 'fo(R/o) = o. 'fj(R/o) = R (iEN) for any ideal 0 of R.

22. (a) For the R-module Rsx " there is the filtration 0 = X o(R SX ") c X I(R SX ") c ... c X"(R SX ") = R sx " of R sx ". where Xj(R SX ") consists of all matrices (Ajk)ER SX " satisfying Ajk = 0 for 1 <:;; i <:;; s, 1 <:;; k <:;; n - j (0 <j < n). This filtration splits

311

Dedekind rings and orders

inasmuch as XiRSXII)=Xj_I(R'XII)+ YiR'XII), where

YJ{R'XII)

is the

R-module formed by the matrices (Aik)E R' xII satisfying Aik = 0 for I ~ i ~ s, I ~ k ~ n - j or n - j + I < k ~ n (0 < j < n). (b) Let £/Xj(R,xn)-> Yj(R'xn):(Aik) ...... (Dn_j+l.kAjk) so that ker(£j)=Xj_.(R,X n) (0 <j ,,;; n). For any matrix I\. = (Aik)E R' xII there is the filtration 0 = X 0(1\) ~ X 1(1\.) C;; ••• c;; X n(l\.) = \R(I\.). Show that the ideal Qj(l\.) of R which is generated by the coefficients of the (n - j + l)th column of Xj(l\.) is the same for any matrix I\' that is row equivalent to 1\.. (c) Let k I' k 2 , ••• , k, be the natural numbers satisfying 0 < k I < k2 < ... < k, ~ n, Qn-k,(I\.) #0 (I,,;; i,,;; r), Qj(l\.) =0 if n - j is distinct from kl, ... ,k,. Develop an algorithm which carries the matrix I\.ER sxlI into its row equivalent row normal form 1\'1 I\.~

I\' =

subject to I\.;ER'jXII, SiEl>i, I\.~

I\.~+

I

,+1

I\.~+I

=OER,,,,XII,

L

Si=S.

i= 1

(d) Let both rectangular matrices I\.ER'x ", I\' ER" x II be in normal form. Develop an algorithm to decide an equivalence of 1\., I\' and to exhibit the equivalence in case the decision is affirmative. Show that every semilocal Dedekind ring is a Priifer ring. If R is a Priifer ring then show that any rectangular matrix I\. = (Aik)E R' xII is row equivalent to one in Hermite normalform which is defined as a row normal form in terms of 22. Satisfying s' = sand Si = I (I ~ i ~ r). (a) The units of R'x, form a multiplicative group GL(s,R) said to be the general linear group of degree s over R (or the unimodular group of degree s over R). Show that it contains the special linear group SL(s, R) of degree s over R formed by all matrices of GL(s, R) of determinant I as normal subgroup such that the diagonal matrices diag(£, I, ... , I) (EEU(R)) form a representative group isomorphic to the unit group of R:GL(s, R) = SL(s, R) ~ U(R). (b) The centre of GL(s, R) is formed by all scalar matrices d, with EEU(R) so that C(GL(s, R)) ~ U(R). Show that it intersects SL(s, R) in its centre: C(GL(s, R))nSL(s, R) = C(SL(s, R)) ~ {EEU(R)le' =

I}.

(c) For any rectangular matrix I\. of R,xn and for any element P of GL(s, R) show that the matrix PI\. is row equivalent to 1\.. (d) If R is a Priifer domain (i.e. an entire Priifer ring) then show that for any two

312

Maximal order

elements AI> A2 of R and for any generator A of AIR

( ~I

"1)

..

"1)

+ A2R

there is a matrix

of SL(2, R) satisfYing (AI' A2) (~I '7 (A, 0). ~2 "2 ~2 "2 (e) If R is a Priifer domain then show that two rectangular matrices A, I\.' E R' x II are row equivalent ifand only if there is a unimodular matrix P of degree s over R satisfying PA = I\.'. 26. (a) Show that any semilocal Dedekind ring R is a principal ideal ring. (Hint: Let a be a non-zero ideal of R and let PI'"'' Ps be the finitely many non-zero maximal ideals of R. Then there are elements aj of a Dj = ..it jPj not belonging to apj. Show that a = (LI= I aj)R.) (b) For any semilocal Dedekind ring R there is a Euclidean division algorithm. 27. (a) Let R be a unital commutative ring, ,,: R I x II --> M an epimorphism on the R-module M with relation matrix 9l, ,,: RI XII--> RI X":u' I-> u'K (KEGL(II, R) a non-singular R-linear transformation), then there is also the R-epimorphism ",,: R I x II --> M with relation matrix 9lK - I. (b) Suppose the relation matrix ~HERsXII of the finitely presented R-module M contains the 11th unit row e~, then we have M = R,,(e'l) + R,,(e~) + ... + R,,(e~_.J with relation matrix 9l' derived from 9l by removing the 11th column. 28. Let M be a module over the unital commutative ring R. Then show that the intersection of all R-submodules M' of M with finitely generated R-factormodule is an R-submodule M o of M satisfying n«M/M o)/R);2(fj«M/M o)/R)= (fj(M/R) (iEl"o). 29. (a) For any non-zero polynomial P in II variables tl, ... ,t n over the infinite field F show there is a specialization tjl-> 'fj (l ~ i ~ II) in F such that P('f I" .. , 'f n) '" O. (b) Show that the polynomials in n variables t I' ... ,tn over the finite field IFq that vanish for all specializations tjl-> 'fjElF q (l ~ i ~ II) form an ideal of IFlt I"'" tnJ. It is generated by the monic polynomials t1- tj (l ~ i ~ II). (c) Construct for any non-zero polynomial P of IF q[t I"'" tnJ a finite extension E and n elements 'f 1" .. , 'fn of E such that P('f I'" . , 'f n) '" O. 30. (a) Let A be an order over the Dedekind ring R and let E be a finite separable extension of O(R). Then show that A = CI(R, E)®RA. is an order over the Dedekind ring R = Cl(R, E). (b) If a is a A-fractional ideal then show that a = R® Ra is a A-fractional ideal. (c) Show that (A:Ra)= R®R(A.:Ra). (d) If under the assumption of (b) A. is commutative and if the A.-fractional ideal a is invertible relative to A then show that A is commutative and a is invertible relative to A such that a- I = R® Ra - I. 31. If R is a Dedekind ring and A is an R-order then show that for any semigroup S of non-zero divisors of R the S-Iocalization A/S is an R-order. Moreover, show that we have (a/S:R1Sb/S) = (a:Rb)/S for the A-fractional ideals a, b.

313

Embedding algorithm

32. If R is a Dedekind ring and A is a commutative R-order then show that any Afractional ideal 0 of maximal R-rank is principal, if and only if 0 contains an element IX satisfying (A:RO) = (A:RIXA). In that case we have 0 = IXA. 33. Let A be a commutative order over the local Dedekind ring R and let 0 be a A-fractional ideal which is invertible with respect to A. (a) Show that there is a finite extension E of O(R) such that CI(R,E)®Ro is a principal CI(R, E) ® RA-fractional ideal. (b) Show that (5.45) holds for all A-fractional ideals b in case the A-fractional ideal 0 is invertible. 34. (E.C. Dade, O. Taussky, H. Zassenhaus) (a) Let M be a submodule of a unital ring A containing I A' Show that M j = M j + I (iEN) implies that M j is the subring of A generated by M. (b) Let R be a Dedekind ring and A an R-module with n basis elements. Let 0 be a non-zero ideal of R. Then show that for any R-submodule M of A containing oA there is an R-basis b l , ... , bn of A and there are elements el, ... ,en of R such that Oco+e I Ro;:;o+e 2 Ro;:; .. ·o;:;o.+e.Ro;:;R and M = LI= I (0 + ejR)b j. (c) Let R be a Dedekind ring and A a unital R-ring with n basis elements over R. Let M be an R-submodule of A containing I A' Show that M"- I is the subring of A generated by M. (Hint: Use induction over the natural number A in case M ;? pA A for some prime ideal p of. 0 of R, then apply a localization argument.) (d) Let R be a local Dedekind ring. Then show that every commutative maximal R-order is a principal ideal ring. (e) Let R be a local Dedekind ring and AI a commutative maximal R-order with n basis elements over R. Let A be an R-suborder of AI of the maximal R-rank n so that A = O(A) = O(AI)is asemisimple commutativeO(R)-algebra of dimension n. Let 0 be a A-fractional ideal of maximal R-rank n. Show that III contains a unit IX of A such that 2IA I = exA I and that A' = (ex - IIlI)"- I is an R-overorder of A. Hence, 0·-1 is invertible with respect to its order. (f) Let R be a Dedekind ring and A be a commutative R-order of R-rank n. Then show that for any A-fractional ideal 21 of maximal R-rank n the power ideal 21· - I is invertible relative to [2In - 1/21" - I].

4.6. Embedding algorithm In this section we describe an algorithm for embedding the equation order

AI = R[t]lf(t)R[t]

=

n

L: RX

i- 1

(x

= tlf(t)R[t])

(6.1 a)

(nEN)

(6.1 b)

i= 1

of the monic separable polynomial

f(t)

= t n + a1t"- 1 + .. , + an

314

Maximal order

with coefficients at, ... , an belonging to the Oedekind ring R into the maximal order Cl(R, A) of the algebraic background n

A

= Af=O(R)[t]/!(t)O(R)[t] = L

a(R)x j -

t.

(6.1 c)

i= 1

We are especially interested in the two cases R=~

R = IFq[e]

~~

(q

= pV,PEP, vEN,e an independent variable over IFq)

(6.2b)

in which R is a PIO. The output will be obtained as an integral ( = minimal) basis (6.3a) of Cl(R, A) over R, where ajkER,

0=1 NjER,

gcd(ai\,aj2 ,···,a jj)

1

(6.3b)

(I~i~n).

(6.3c)

=

and - as we already know ajj=lO,

N t =l=a\1,Nj_ t IN j

If it is desired we also attain uniqueness by making the additional demands ajj>O(l~i~n),

O~aij
Nj>O(I~i~n)

(6.4a)

in case (6.2a), whereas we demand in case (6.2b) that ajj, N j are monic (l ~ i ~ n),

deg(aj) < deg(ajj)

(1 ~j < i ~ n).

(6.4b)

A rational integer x is said to be reduced modulo the natural number ~ > I in case -~ < 2x ~~. For any rational integer x there is precisely one reduced rational integer R(x,~) modulo ~ which is congruent to x modulo ~. It is found by means of division with remainder of x by ~ (compare chapter 1 (1.6)). Analogously the polynomial x of IFq[t] is said to be reduced modulo the monic non-constant polynomial ~ of IFlt] in case the degree of x is less than the degree of~. For any polynomial x oflFlt] there is precisely one polynomial which is reduced modulo ~ and congruent to x modulo ~, viz. R(x, ~). It is found by means of division with remainder of x by ~. In the sequel we shall use certain elements ~t' ... , ~Il of R which are mutually prime divisors of the discriminant d(f) of the polynomial! such that ~j is not in U(R) and ~fi divides d(f) for some natural number /(;, but the quotient d(f)/~fi is prime to ~j: (6.5)

In general we only know about some of ~;'s whether they are prime elements or at least square free elements of R. In any event certain computations

Embedding algorithm

315

modulo t5 j R[t] will have to be made in order to perform the embedding algorithm. If t5 j is not known to be a prime element of R then the task of dividing an element rx of R modulo t5 j by fJER, fJ ¥= 0 mod t5 j , can be carried out uniquely if and only if the Euclidean division algorithm of R for fJ,t5 j yields 1 = gcd (fJ, t5 j ) = X(fJ, t5 j)fJ + Y(fJ,t5 j)t5 j in which case rxl fJ == X(fJ, t5Jrx mod t5 j • Otherwise we find gcd (fJ, t5 j ) to be a proper divisor of t5 j which is not a unit of R. In that case we obtain by divisor cascading of fJ, t5 j a factorization

n t5j"i <1

15;=

(aEZ>I,t5'I,···,t5~mutuallyprimeelementsofR\U(R),

j= I

and we replace

t5 jt-t5'l,t5/1+jt-t5j+1 Kjt- KjK'I'

K/I+ j t -

so that (6.5) still holds but

J.1.

(1 ~j
KjK J+I

(1 ~j < a),

J1. t- J1.

+ a-I

has increased. (6.6)

Examples

(i) J1.= 1, rx = 2, fJ = 6,15 1 = 15, R = Z. We compute gcd (fJ, 15 1 ) = 3,15 1 = 3'5, a = 2, and set 15 1 t- 3, 15 2 t- 5, J1. t - 2. (ii) J1.=I, rx=2, fJ=7, 15 1 =15, R=Z.1t follows that gcd(7,15)=I= -2,7 + 1'15, rxlfJ == -2,2 == -4 mod 15. (iii) J1. = 1, rx = 2, fJ = t 2 + t, 15 1 = t 3 + 2t, R = f5[t]. We obtain gcd (t 2 + t, t 3 + 2t) = t, and set 15 1 t - t, 15 2 t- t 2 + 2, J1. t- 2. (iv) J1.= l,rx=2, fJ=t2 +t+ 1,15 1 = t 3 + 2t, R = f 5[t]. We get gcd (t2 + t + 1, t 3 + 2t) = 1 = (- t 2 - 2t + 1)(t 2 + t + 1) + (t - 2)(t 3 + 2t), rxlfJ == (_t 2 -2t + 1)2 == -2t 2 + t + 2mod(t 3 + 2t). For the application in the subsequent algorithm we always assume that the division algorithms yield positive results as otherwise we obtain proper non-unit divisors of some t5 j which lead to an increase of J1. as explained above. In that case we have to start anew with that increased value of J1.. In the sequel we describe the embedding algorithm step by step. Most of the underlying theory was already developed in the preceding section.

Input The input consists of the degree n and the coefficients a l , ••• , an of the polynomial f(t) of (6.1 b). (Of course, we make the implicit assumption that we can do arithmetic in R, i.e. that R is given constructively.)

Output An integral basis

WI'" ., Wn

of Cl(R, Af) subject to (6.3a-c).

Maximal order

316

Initialization Set ajk +-c5jk , Nj+-I (I

~

k ~ i, 1 ~ i ~ n).

Step 1 (Square test) Compute d(f). If d(f) is square-free, terminate. Else go to step 2.

Remarks In case R = 7L it may happen that Id if) I is so large that the lion's share of the computation time is consumed by testing the existence of a square divisor c5 2 > 1 of d(f). This is because no method to test for a square factor greater than one is known which is polynomial time in terms of log Id(f)I. For that reason the following compromise is suggested: For a suitable natural number M > 1 the first M prime numbers PI = 2, P2 = 3, ... , PM are added to the input data such that we have at least n ~ PM' Then we determine the prime factorization d(f) = Pl'p'? .. · p't/Po with vjE7L;'o (I ~ i ~ M) and PoEN not divisible by any pj (I ~ i ~ M). We set

In case of c5~ = c5'1 = 1 the test is affirmative, i.e. d(f) is square free, and we terminate. If c5~ = I, c5'1 > 1 then no decision is made and we proceed to Step 2 with entries J1. = I, c5 1 = c5'1 > I, KI = l. For c5~ > 1 the test is negative. We assume that there are J1.'EN and indices 1 ~jl <j2 < ... <jll' ~ M such that Vi; > 1 for 1 ~ i ~ J1.' and 0 ~ Vk ~ 1 in case of k¢{jd 1 ~ i ~ J1.'}. We set c5 j+- Ph' Kj+- Vi; (l ~ i ~ J1.') and J1.+- J1.' for Po = ± 1 but J1.+- J1.' + I, c5 1l +-IPol for IPol > l. Then we proceed to step 2. In case R = IFq[t] we apply the four operations DI , gcd, division without rest (if applicable), pth root extraction in case of DI(x) = 0 (which amounts to extended divisor cascading, see 1 (6.9), (6.12), (6.13» repeatedly to d(f) in order to obtain a factorization d(f) = TI;'; 1gi (gl'''' ,gnElFq[t] monic and mutually prime). In case g2 = g3 = ... = gn = 1 we know that d(f) is square free, the R-order Af is maximal, and we terminate. Otherwise let J1. be the number of non-constant factors, say g)" gh" .. , gj. among the polynomials g2, .. ·,gnsothat 1 <jl <j2 < ... <jll ~ n, vjk =jdl ~ k ~J1.),gi = 1 for 1 ~i~n and i¢ Ukll ~ k ~ J1.}. In this case we set c5j +- gj" Kj +- vj , (I ~ i ~ J1.) and proceed to step 2. Step 2. (Dedekind test).

Set i +- I. If it is known that c5 j is square-free then we form the congruence factorization f(t) = TIj; Ig{jmod(c5 j R[t]) with monic polynomials gjj of R[t] that are reduced modulo c5 j, and both separable and mutually prime modulo (c5 j R[t]). It is obtained via extended divisor cascading off(t), DI(F(t» modulo (c5 j R[t]) (compare chapter 1 (6.9), (6.12) and for char(R/c5 jR)EIJl> also (6.13».

Embedding algorithm

317

Then we compute a modulo b j reduced polynomial hj(t) of R[tJ satisfying deg(h;)
AJ is bj-maximal if and only if gcd(hj, n']=2(J{j) modulo (bjR[tJ) is one. (6.7) Hence, we proceed as follows: If Af is not bj-maximal we set i +- i + 1 in case i < J1 and repeat the Dedekind test, for i = J1 the test is over. The same provisions obtain in case it should not yet be known whether bj is square-free. If Af is bj-maximal we set bj+-bj + I (i ~j < J1), J1+- J1- l. For i> J1 the Dedekind test is over, for i ~ J1 we continue testing. At the end of step 2 we either obtain J1 = 0 indicating that Af is maximal in which case we terminate, or we have J1 > 0 in which case Af is not b;-maximal or b j not known to be square free (l ~ i ~ J1).

Examples (6.8) 2 2 4 2 6 (a) R = 1',f(t)=t +3t +3t +t+3, d(f) = -7 41 43. We have J1=2, b l =7, b 2=41 and compute gll(t)=t 2-2t-2, gIAt)=t 2+t-3, gIP)= 1 (3~j~6), h l(t)=t 4 +t 2-t,A f is bl-maximal, g21(t)=t 3 +21t 2 +lOt+8, g23(t)=t-7, gdt) = g2j(t) = I for 4 ~j ~ 6, h 2(t) = 7t 4 + 20t 3 - 20t 2 + 14t - 14, Af is b 2-maximal, hence Af = CI(R, A f ). (b) R = 1',f(t) = t 3 - t 2 - 2t - 8, d(f) = -22503, We obtain J1 = I, b l = 2, gll(t)=t+ I, gdt)=t, gI3(t)= I, hl(t)= -t 2-t, Af is not maximal. (c) Integral bases of quadratic number fields. A quadratic extension of the rational number field iQ is usually given in the form F = iQ(mt) (mE 1'\ {O, 1} square-free), the minimal polynomial of the generator mt being f(t) = t 2 - m. For the construction of a 1'-basis of 0F:= CI(1', F) we apply the Dedekind test. We compute d(f) = 4m and since m was assumed to be square-free we obtain J1 = I, b l = 2. We distinguish several cases: (i) 21m (implying ml2 == 1 mod 2). We find gll(t) = I, gdt) = t, hl(t) = I, 0F=1'l +1'mt. (ii) m == 3 mod 4. We get gll(t) = I, gdt) = t + I, hl(t) = t, hence again OF = 1'1 + 1'mt. (iii) m==lmod4. In that case gll(t) = 1, g12(t)=t+l, h l(t)=t+l, the Dedekind test is negative, hence 1'1 + 1'm t C OF' As a consequence we must have N2 = 2 in (5.3) and therefore WI = I, W2 = (1 + mt)/2 according to (6.4) (since mt/2 is not in Cl(1',

F».

We note that in case (iii) we can replace the generating polynomial f(t) for F by l(t) = t 2 - t - (m - l}/4E1'[tJ. Its discriminant is d(]) = m, hence OF = l' + 1'p for a zero p = (1 ± mt)2 of f(t) by the Dedekind test. Thus we have shown:

Maximal order

318

Proposition (6.9) Let F = Q(mt) be a quadratic number field. Then an integral basis for . . { mtt for m:1= I mOd4} . OF = CI(d',F) IS gIVen by WI = I, W 2 = (I + m )/2 for m == I mod 4 (If we denote the discriminant of OF by dF , then we can set W 2 = (d F + dt)/2 in each case.) (d) Integral bases of cye/otomic fields. As in chapter 2, section II, let 4J.(t) be the nth cyclotomic polynomial whose roots are precisely the primitive nth roots of unity (~ (I ~v~n, gcd(v,n)= I, (n=e 2ni /n). We want to find a d'-basis of OF" = CI(d', Fn) for Fn = Q((n) in case n> 2, i.e. Fn => Q. If n is a power product of the distinct prime numbers PI' ... ' PI" say n = I pi' (miEN), then also the discriminant d(4Jn) of the polynomial 4J. is a power product of PI' ... 'PI' according to 2 (11.12). Hence, we apply the Dedekind test for all 0i = Pi (I ~ i ~ J-l). Unfortunately this requires a deeper knowledge of the properties of cyclotomic polynomials so that we state the following proposition without proof. (But see exercise 5 for the case J-l = I.)

nr=

Proposition The maximal order

(6.10) OF"

of Fn

= Q(e 2ni /n) has the d'-basis

(~-I (I ~j ~ qJ(n),

(n = e2ni /n , nEN).

Remark Even though the order AI was not always maximal in example (6.8) (c) in each case we could find a polynomiall satisfying AI = Ai such that Ai was maximal. However, this is not possible in general. For example, exercise 4 yields that for each monic cubic polynomial g(t)Ed'[t] satisfying Ag = A I for f(t) = t 3 - t 2 - 2t - 8 (compare (6.8) (b» we find that Ag is not 2-maximal. (2 is a so-called common inessential discriminant divisor.)

Step 3 (Reduced discriminant) In subsection 7 of section 5 a subroutine for the computation of the reduced discriminant do(g) of any monic separable polynomial g(t) over the Dedekind ring R was developed. It forms step 3 of the embedding algorithm and is used for the computation of the reduced discriminant of the polynomial

f(t). Before we present the three final steps of the algorithm we need an

Introduction to the core steps of the algorithm At this point we are given a non-unit 0 of the Dedekind ring R for which it is known that (6.11) It is our task (compare (5.85» to construct a canonical R-basis

WU' ... 'Wn6

Embedding algorithm

of the maximal (j-overorder

319

Af of Af such that

i

Wib

=

L PiU~k-1

k;1

(PiuEO(R), 1 ~ k ~ i, 1 ~ i ~ n).

It suffices to construct any R-basis w'U

, ... ,

(6.l2a)

W~d satisfying

n

W;b

= k;1 L P;u~k-I

(P;kbEO(R), 1 ~ k ~ n, 1 ~ i ~ n).

(6.l2b)

The coefficients Pikd of a canonical R-basis (6.l2a) are then obtained by Hermite row reduction of the n x n-matrix (P;u). Any element ( of O(R)A f is uniquely presented in the form (=

•

L Ai(C)~i- 1

i;1

(Ai(()EO(R), 1 ~ i ~ n).

(6.l3a)

F or a better understanding of the situation we interpret ( as an n-vector with of ( is components A1((), ... ,A.(0 over O(R). The minimal polynomial obtained e.g. by straightforward computations using linear algebra, namely by looking for the smallest natural number Ii, for which the n-vector corresponding to (", is a O(R)-linear combination of the n-vectors corresponding to 1,(, ... ,(/1. - - ' , say

m,

('" = -

f Yi((W,-i

(Yi(()EO(R), 1 ~ i

~ Ii,),

(6. 13 b)

i; 1

so that

(6. 13c) (For an alternative see Collins' method given in exercise 1.) We use the procedure indicated as a further subroutine of the embedding algorithm. The element ( belongs to the maximal order CI(R, O(R)A f ) precisely if belongs to R[t], i.e.

m,

(6.13d) The element (of C1(R,O(R)A f ) belongs to the (j-maximal overorder Af of Af precisely if (6.l3e) For any monic non-constant polynomial m(t) over R we compute, just as in step 2, a congurence factorization !(m.d)

m

= n g~::Jmod((jR[t])

(6.l4a)

i; 1

of m into the power product of monic non-constant polynomials gimb(t) over R of which it is known that

gimit)R[t]

+ gjmit)R[t] = R[t]

(1 ~ i <j ~ s(m, (j)).

(6.l4b)

We also stipulate that the coefficients of the gimd are reduced modulo (j. Then

320

Maximal order

calculation of s(m, (j), iY. im6 , gim6 (1 ~ i ~ s(m, (j)) is assumed to be done by another subroutine of the embedding algorithm. Definition The element ( oj AI is said to be (j-split polynomial mc'

(6.15)

if we have s(mc, (j) > 1Jor its minimal

If ( is a-split then we apply a Hensel lift (see (5.76» to the congruence factorization (6.l4a) of m = mc in order to produce the congruence factorization s(C,A) mc= g~~:tmod(L\R[t]) (6.l6a)

n

i= 1

(L\ = (j2\S«(,L\) = s(m,(j),iY.iCd = iY.im6,giCd = gim6mod(aR[t])) and a presentation s(C,A) L aiCA«)OiCA«() = 1 mod (L\R[t]) (aiCA(t)E R[t], deg (a iCA) < deg (gim6), i= 1

(6.l6b) which evolves from (6. 14b). In this way we compute the set ofs«(, L\) orthogonal L\-idempotents eiCA:= aiCA«)OiCA«() (1 ~ j ~ s«(, L\»,

(6. 16c)

characterized by the congruences: eiCdejCd = 0 mod (L\R[(]),

01= elcd = eiCd mod (L\R[(]) (1 ~ i ~ s«(, L\)),

s(C,A)

L

(6.16d)

eiCA = I mod (L\R[(]).

i= 1

The R-order Aj = AIR[(] has the property that L\A j ~ AI' hence Aj contains the suborder A1* = L\A j + Lr~'t) eiCAAI with the property that J/ L\A1* is the minimal polynomial of e/L\Aj* over R/L\ and that Aj* /L\A j* = EB:~,t) eiCdAJ/L\Aj* so thatJ = n:~'t)Ji mod (L\R[t]), whereJi(t) is a monic non-constant polynomial of R[t] for whichJdL\R[t] is the minimal polynomial of eiCAe/L\Aj* over R/L\ and = tlf(t)R[t] as before. For the computation of theJi it suffices to form the R-orders Aj,* generated by and eiCA and to compute the minimal polynomial of eiCAe modulo L\. Using the remarks made at the end of subsection 8 of section 5 we realize that the task of embedding AI into its (j-maximal overorder is reduced to the task of embedding Aftfr-i.({.d) into its a-maximal overorder. That task is reduced to the tasks of embedding the R-equation orders AI, into their a-maximal overorder (1 ~ i ~ s«(, L\». It follows that any J-split leads to a reduction ofthe

e

e

Embedding algorithm

321

embedding task for Ito similar embedding tasks for finitely many polynomials of degree lower than the degree off.

Example For f(t) = t 3 K

(6.17) t 2 - 2t - 8, d(f) = - 22503 we compute 0 = 2, do(f) = 2,503, = 2, ~ = 22 = 4, It (t) = t 2 - 2t, f2(t) = t + I. -

It suffices therefore to make the assumption throughout the core algorithm

that every element Cof AJ that is brought to the test turns out not to be o-split.

Definition The element

(6.18)

Cof AJ is said

to be o-uniform

if s(C,~) = I, m{(O)R + oR = R.

The o-uniform elements of AJ are special units of AJ as follows from the equation m{m = O. An element C of AJ which is neither o-split nor o-uniform is characterized by the congruence m{(t) = tl', mod dR[t]

(6.19)

or else we find a factorization of O. In order to deal with such elements we introduce the o-adic exponential valuation '1:.Q(R)-+~u{ 00},'1(0) = I, '1(0) = O,'1(Oixy -l) = i(iE~, x,YER, olx, yR + oR = R). As was stated before, it suffices to assume that yJOo - ~(¥,({) R + oR = R whenever Yi(O is not zero and is brought to the test (I ~ i ~ /J{). Hence the non-zero coefficients of m{ are '1-multipliers. According to assumption we have Yi(C)EOR (I ~ i ~ /J(J It was pointed out for the special case R = ~ at the end of section 4 that the o-adic exponential valuation '1 is the minimum of certain additive exponential valuations '11' '12'" . ,'1c of .Q(R) in ~ U { oo} corresponding to the c prime ideals of R containing O. Suppose that E is minimal splitting field of m{ over .Q(R) then there are finitely many extensions of '11'"'' '1c to additive exponential valuations of E, which define an exponential valuation 1/:E -+ iQ u {oo} upon taking their minimum. This exponential valuation restricts to '1 on .Q(R). Since the constant term of m{ is an '1-multiplier it follows that the roots C1"", CI', of m{ in E are 1/-multipliers. Let 1/(C 1) ~ 1/(C2) ~ ... ~ 1/(CI.,) > 0 and let A.2 be the denominator of the positive rational number 1/(CI',)=A.t!A. 2 (A.1>A.2E~>o, gcd(A. 1 ,A. 2)= 1) then it follows that 1/«(f20-AI) ~ 1/(CA2{j-AI) = 0 so that for the element ~ C*:= CA20-AIEAJ the corresponding minimal polynomial m{. has the roots C;20 -),', though perhaps with a multiplicity which is not as large. For elements' of .Q(R)AJ satisfying

a

(6.20a) it is safe to define 1/(0 as the rational number occurring in (6.20a). Using the 1/-Newton polygon method of section 3 the statement (6.20a) is equivalent

Maximal order

322

to the inequalities

i '7(Y11(m ~ - '7(Yi«(» J1~

(1 ~ i < J1~)

(6.20b)

which can be easily tested. If the test is positive then we have (6.20c) Definition (6.21) The element' of Af is called a c5-element if it satisfies (6.20b) and if r;«() "# 0,

r;(0-1 E~>o. Starting from an arbitrary non-zero element ( of Af we produce a c5-element of R[(] as follows. Test whether ( is c5-split. If that is not the case form (* = glmb«()"# O. Test whether '7(Y11('((*» ~ (i/J1~.) '7(Yi«(*» (1 ~ i ~ J1~.). If that is the case form '7«(*) = A.dA.2 (A."A.2E~>0,gcd(A.I,A.2) = 1), k,A., + k2A.2 = 1 (k" k2E~), n(O:= «(*)k'c5 k" hence 0 < r;(n«(» = 1/,.1,2' In particu!ar, the use of c5-elements permits to give a new criterion for the c5-maximality of A f · Criterion (6.22) The equation order Af is c5-maximal precisely ifn(e) can beformed and satisfies

n@ = gl~b(e) (gl~b(t):= glm~~(t)), J1~'7( n(~»

= 1.

(6.22a) (6.22b)

Proof We use localization. It suffices to assume that R is local with c5R as maximal ideal. Then Af is maximal precisely if the elements ~/e*k (0 ~ i < deg(g,~~), o ~ k < '7(n(W- I) form an R-basis of Af as follows upon projecting Af on 0 the simple components of .Q(R)Af . Hence, (6.22a, b). The criterion (6.22) yields a useful test for c5-maximality: Criterion (6.23) Let (6.22a) be satisfied (in which case we call e normalized) and assume that _I

n(e)lJ{n{m

IJ{n(W-I-1

==

L

c/(e)n(e)i mod (AA f)

i=O

(Ci(t)E R[t], deg (Ci) < deg(gi~b)' 0 ~ i < '7(n(W - I). Then Af is c5-maximal precisely if co(e)/c5 is a c5-unit.

After the preceding introductory remarks we proceed to expound the last three computational steps yielding the embedding of Af into a c5-maximal overorder. They constitute the

Embedding algorithm

323

Core algorithm Step 4

(Normalization of ~). If gl~~(~) = n(~) is already satisfied then proceed to step 5, else set f +- ~ + n(~). It follows that gl~'~ = gl~~ and that is not !5-split. This is because by in any minimal splitting assumption f has n distinct roots l extension E of f over O(R) and either iiK- ej)=O or i/(e;- e) ~ i/(gl~~(n(e))) > i/(n(W (I ~ i <j ~ n). Hence, the algebraic conjugates of gl~.iO have the same value in any exponential valuation extending '1 to E. Clearly, f belongs to Af and we have deg(m~.) = n. Because of the separability of gl~~ we find that (D,(gl~~»(n(W is a unit of Af and hence gl~~(O = gl~'~(O, '1(gl~·iO) = '1(n(m, Am (. ~ Af , Af = Af + Am;,' The transition from Am (. to Af is routine. Substituting ~' for ~, m~. for f we can therefore assume that n(~) = gl~~W so that (6.22a) holds. Then we proceed to

e'

e ,e2, ... ,e.

Step 5 (Initial term of !5 -lnW~{R{~n- ').

In case (6.22b) holds we terminate since AI is c5-maximal. Else we form co=c5-lnW~{R{~»-1 so that i/(Co) =0, coEA f . For cOEAf we proceed to step 6. Else we form expressions f:= + P I(CO) (p l(t)ER[t], deg(P d < deg(glcoc5» beginning with P1(t) = t, p\(co) = Co, = ~ + Co such that

e

e'

deg(gl~'~)

>

deg(gl~~)'

(6.24)

This must be achievable in a finite number of trials and errors since the residue class fields under consideration are finite and there holds the theorem of the primitive element in the strong form that a finite field IF generated by two elements Co is already generated by one element ofthe form + P(co), where P is some polynomial with coefficients in the ground field. Now suppose that (6.24) is satisfied. If deg(m~.) is less than n we form expressions

t,

~"=~'

t

+ c5P2(~)

beginning with P2(t) = t, we will have

(P 2 (t)ER[t]

c5-reduced with deg(P 2 ) < n)

(6.25)

e" = e' + !5e. After a finite number of trials and errors deg (m~oo) = n.

(6.26)

e

We fi~d that ~me" ~ AI' AI = AI + Ame'" We replace by f'. The transition from Ameoo to Af is routine. We go back to step 4. We note that the degree of g\~6 increases each time we carry out step 5. That can happen only a finite number of times. Step.6 (development of n(~)~(·(W-I). At this point we have

nW = gl~6(e),

Co = !5-l n(e)'EA f

,

ii(co) =

0,

v = '1(n(m- 1 < p.~.

(6.27)

Maximal order

324

It follows that there holds a congruence development Co == Lr:J Cj(~)ll(~)j mod (ll(~YA f) with (j-reduced polynomials cj(t) of R[t] satisfying

deg(cj) < deg(gl~6)

(0::::;; i < v),

Co

# 0,

(6.28)

which is easily obtained by calculations in R/(jR[t] modulo ll(~YR/(jR[t]. Since 1l( ~Y is contained in (jA f it follows that there holds the congruence development Co == Lr:J Cj(~)ll(~)j mod «(jA f ). We extend it as follows. Assuming that there already holds a congruence development v- I

Co

==

L

Cj(~)ll(~)jmod((jiAf)

(jEN)

(6.29)

j=O

with polynomials cj(t) of R[t] satisfying (6.28), the expression p = (j - i(co - Lr: J Cj(~)ll(~)j) is not zero since the minimal polynomial of ~ over R is f, and we have ij(p) ~ 0, hence p = P'll(~)A.p"-1

+ p"R = R). (6.30) deg(m~.) = n, gl~6 = gl~'6' p.~ = p.~"

(p'EAf,AEZ,p"ER,(jR

For ij(p') > 0 we form ~' = ~ + p' so that 1l(~') = gln(O, '1(1l(~'» = '1(p') < ij(ll(e)), Now we replace ~ by ~' and go back to ste~ 5. (W<: observe that Am{. ~ Af , Af = Af + Am{. so that the transition from A~. to Af is routine.) For ij(p') = 0, p' E Af we proceed as in step 5 with p' in place of Co. There holds a congruence presentation p' == Lr:J c;(~)ll(~)j mod(ll(~YAf) with (j-reduced polynomials c~(t), .. " c~_ I (t) of R[t] of degree less than p.~. It implies the congruence presentation v-I

p'

==

L

c;(~)ll(~)j mod «(jAf)'

(6.31 )

j=O

Upon substitution of (6.31) in (6.30), (6.29), (6.28) we obtain a new congruence presentation for Co of the same form as (6.29), but with j increased by one. If necessary this procedure is applied repeatedly. We note that j = K is impossible because of (jKA f ~ Af so that in case j = K we would obtain a congruence llRY == Lr:J (jCj(~)ll(~)j mod «jAf) which is not possible since f also is the minimal polynomial of ~ mod «(jA f)' Hence, the algorithm collapses at some stage j < K yielding the (j-maximal overorder of A f , We remark that the algorithm works even if the prime ideals dividing (j do not all divide the same prime number. Supposing we allow factorization of rational integers into prime numbers then we reduce the core algorithm to the case that all prime ideals containing (j also contain the same prime number p. In that case one can bring to bear the special structure of finite fields. This is always possible in the analogous situation for algebraic function fields of characteristic p [5]. In the case that the polynomial f is irreducible over R we deduce from the core algorithm

Embedding algorithm

325

Theorem (Hensel. Krasner) (6.32) Let R be a local Dedekind ring. Then for any separable finite extension E of F = O(R) there is a separable finite extension E 1 of degree n l over F with the following properties: (I) J(R) splits completely in E 1 so that CI(R, E I) = (Ii!'! R i, where R1, ... ,RII1 are n l local Dedekind rings intersecting F in R.

(II) E1®FE=EBi=IEli' where the Eli are finite extensions of EI (1 ~i~s,sEN). (III) The field Eli of (II) contains an intermediary field 'l'i over E 1 such that J(R) is un ramified in '1';, moreover the degree of the prime ideal J(Cl(R j, 'l'i)) ofCl(R j, '1';) over J(Rj) equals the degree of'l'i over E 1. (IV) Thefinite extension Eli of (II) is an Eisenstein extension of'l'i relative to the Dedekind ring Cl(R j, 'l'i) (l ~j ~ n l , 1 ~ i ~ s).

Exercises I. (Collins) Let R be a Dedekind ring, f(t), g(t)eR[t] and f(t) monic and separable with n = deg (f) > O. Then show that the resultant of the polynomials f(t), y - g(t) relative to R[y] provides a monic polynomial m(y) over R such that m(g(~)) = 0 for ~ = tlf(t)R[t]eAf and m(t) = m9(~)(t). 2. (Collins) Let PI' P2' ... ' PkEr I be mutually prime (kEN). Let f(x, y), h(x, y) be two non-zero polynomials of I[x,y]. Let m be the degree of f in x over I[y], n the degree of h in x over I[y]. Let R; be the m,n-resultant of f,h modulo l/p;l[y], and let R be the PIP2 ... Pk-reduced polynomial in y congruent to R; modulo p;l[y] (1 ~ ; ~ k). Assuming that the coefficients of f also are reduced modulo PI'" Pk show that R = Resy(f, h). (For an improved version see [1].) 3. Apply the Dedekind test to the polynomials t 3 - 2t 2 - 9t + 2, t4 + 5t 2+ I, t 3 - 3t + 6 of I[t]. 4. Let F = Q({J) for a zero Pof f(t) = t 3 - t 2 - 2t - 8 of I[t]. Prove that OF = CI(I, F) has no I-basis of the form I, p, p2. (Hint: A I-basis of OF is I, {J, ({J + {J2)/2. Then any presentation p = a o + alP + a2({J + ( 2)/2 (ao, ai' a2el) yields a2 == 1 mod 2, hence p21j1 + Ip + Ip2.) 5. Prove (6.10) in the case where n is the power of a prime number.

5 U nits in algebraic number fields

5.1. Introduction In this chapter we consider unital ring extensions of 7L which have a finite 7L-basis. These structures were already analyzed in some detail in chapter 4. As rings of an equation they were introduced in chapter 1, section 4 in the form 7L[t]j f7L[t] for non-constant monic polynomials of 7L[t]. In the sequel we shall always assume f to be irreducible, since the general case can be derived from this case without difficulties by the methods of the preceding chapter (but see also [13]). Hence, if pEe denotes a zero off(t), then F = O(p) is an algebraic number field of degree n = deg(f) over Q. The integral closure of 7L in F is denoted by OF. We shall consider the invertible elements of OF and of those unital subrings R of finite index in OF (see also section 2), shortly called orders of F. The importance of the units of such rings R is best demonstrated by a simple example. If we try to find all solutions of a2

-

5b 2 = 11

(1.1)

in 7L, then we see at once one solution: a = 4, b = 1. (With every solution a, b also ± a, ± b is one, hence we can assume a, bE N). It is clear that the solvability of (1.1) is closely connected to the ring R = 7L [st] because of

a2 Thus two solutions a, b and

-

5b 2

= N(a + b5 t ).

(1.2)

a, b at once yield 1= N(

a

+ bS t )

a+ b5 t

'

(1.3)

and also e = (a + b5 t )j(a + bS t ), e - 1 are in 7L[5 t ] as will be shown in chapter 6. Hence for a unit e = e 1 + e2St and (a, b) a solution of (1.1) also (1.4)

328

Units in algebraic number fields

is a solution. The structure of the unit group of l'[5 t ] then shows that all solutions of (1.1) are of the form (1.4) for (a, b) = (4, 1), E a power of 9 + 4(5)1. The option that one can compute all units of R is therefore a premise for solving nonlinear Diophantine equations. We give another instructive example for units in quadratic number fields. Clearly, each unit has norm ± 1 and lemma (2.2) shows that also each algebraic integer of norm ± 1 is a unit. For F = O(d t ), dEl' square-free, this leads to the norm equation

x 2 - dy2

= ±1

(for d == 2,3 mod 4),

x 2 - dyl

= ±4

(for d == 1 mod 4), (1.5)

the so-called Pelf's equation. An obvious approach for solving (1.5) would be to check for .y = 1,2,3, ... , whether ± 1 + dyl (respectively ± 4 + dy2) is a square. The solution for which y is smallest is called the fundamental unit of F. For small d (say d < 50) this seems to work quite well. But let us compare the fundamental units of 0(93 t ), 0(94 t ), 0(95 t ): They are 29 E1

E2 E3

=

+ 3(93)t 2

= 2143295 + 221 064(94)t, = 39 + 4(95)t,

respectively. Hence, our first idea for solving (1.5) was certainly not good enough even for quite small values of d. For example, the first coefficient of the fundamental unit of 0(9199 t ) has already 88 digits. If we try to solve x 2 - 39y2 = - 1 and write a simple computer program for the approach made above most computers will indeed provide a solution, even though that equation can have no integral solution since it is already insolvable in l'/4l'. The reason is that most computers give no warning when integer overflow occurs. Assuming a wordsize of 32 bits the result for 39y2 - 1 will already become false in case of y = 7421. This little exercise is quite instructive in a course on constructive number theory. In the following sections we develop the theory of units of number fields (section 2), respectively orders R in such fields, and also the tools for a constructive approach. A first step in that direction is done in section 3. There we present a new method for solving norm equations which will be frequently applied later on. In section 4 we determine methods for the computation of the units of finite order, i.e. the roots of unity of R. Then we discuss how to produce arbitrarily many integers of R of bounded (small) absolute norm, from which we derive units by forming quotients whenever possible. From there it is easy to construct subgroups of finite index in the whole unit group U(R) of R. But for the final step, the enlarging of such a subgroup of finite index to U(R)

The Dirichlet theorem

329

we need an upper bound for that index. Such bounds are derived in section 6. In section 7 we carry out the enlarging in detail. Finally, section 8 contains ,some remarks on the computerization of those methods, especially on necessary subroutines and error estimates. We note that the methods for computing units which we present in this chapter were developed for arbitrary algebraic number fields. So far, no other methods of similar efficiency for the calculation of fundamental units have been published. However, for special number fields there are several efficient methods. We only mention the work of Shanks and H.W. Lenstra for quadratic fields, of Buchmann, Godwin, Gras, Williams for cubic fields, S. Miiki for special sex tic fields and of Bernstein, Stender for parametrized fields. Some of their papers are listed in the additional references for this chapter.

5.2. The Dirichlet Theorem In the sequel we assume F = lO(p) for a zero pEe of the monic irreducible polynomial !(t)eZ[t] of degree n ~ 2. In C[t] the polynomial! splits into = Dj; I (t - p(j» (p(1) = p), where the zeros p(I), ... , pIS) are assumed to be real (0:::;; s :::;; n), the remaining 2t = n - s zeros pIS + I), ••• ,pIn) to be complex

f(t)

and non-real. They are ordered such that plk) = p(k+I) (s + 1 :::;; k:::;; s + t). The mapping p~ p(j) provides a IO-isomorphism of F into the complex numbers. The image of F (an element fJ of F) is called the jth conjugate of F (fJ) and denoted by F{j) (fJ{j). In particular, F is called totally real for s = n, totally complex for s = O. In case n = 2 we speak of real quadratic (s = 2) and complex quadratic (s = 0) fields. We want to compute the units of Z-orders R contained in F (and therefore in OF = CI(Z, The discriminant of such an order is denoted by d(R), the discriminant of OF by dF (discriminant of F). WI"'" Wm denotes a Z-basis of R,m the Z-rank of R. We show that O(R) = IOw l + ... + IOwm' Let Oi=fJeR and fl/(t)=tn+L:/;lbitn-ieZ[t] be the characteristic polynomial of fJ. Because of fl/(fJ) = 0 we obtain

F».

(-1)n+IN(fJ)=-b n =fJ(fJn-l+b l fJ"-2+ ... +b n_dEfJR,

(2.1)

hence a/fJ = (aN(fJ)/fl)/N(fl)e(l/N(fJ»R for every aeR. The degree [O(R):IO] is therefore the number of IO-independent elements among WI"'" Wm, for m < n we have O(R) c F. Hence, in the sequel (and also in chapter 6) we assume m = n, O(R) = F. The group of units of R(unit group) is denoted by U(R). (2.2)

Lemma

An element eeR is a unit,

iff N(e) = ± 1.

Units in algebraic number fields

330

Proof In case N(e) = ± 1 (2.1) yields lEt:R, hence f:EU(R). For f:EU(R) we apply the norm function to f:(I/t:) = 1. This yields N(f:) I1 in 7L. 0 We recall from chapter 1, section 6 that two elements a, Pof R are called associate, a'" p, if there is a unit eE U(R) with a = pe. Lemma (2.3) R contains only a finite number of non-associate elements of bounded norm.

Proof It suffices to prove that R contains only finitely many non associate elements Y

with IN(y)1 =C(CE7L",2). For arbitrary aER we havea==atW t + ... + a.w. mod cR (0 :s;; ai < c; 1 :s;; i :s;; n), and R contains cn congruence classes modulo c. We prove that there are at most cn non-associate elements y of R satisfying

IN(Y)I = c. For this purpose let a,pER, a == pmodcR and IN(a)1 = IN(P)I =c. Then there exists YER with a - P = cy which yields alP = 1 ± (N(P)/P)YER. Analogously, PlaER, and therefore a and P must be associate. 0 Lemma (2.4) There are only finitely many elements a in R for which all of their conjugates are bounded: la(i)l:S;; C (I :S;;j:S;; n), for some constant CEIR>O.

Proof For the coefficients of the characteristic «(t) = L~=Oaitn-iE7L[t] (a o = I), we have

lad =

I . L.

a(iIl .... 'a(hIl

polynomial

<1>«

of a,

:s;; (~)Ci (l:s;; i:S;; n).

I~h <"'<J;~n

Hence, there are only finitely many possibilities for <1>«. Lemma Let (E R. Then ( is a root of unity,

o (2.5)

iff ,,1i)1 = 1 (l :S;;j:S;; n).

Proof Each root of unity naturally satisfies ,,1i)1 = 1 (I:S;;j:S;; n). Now let (eR with "Ii) I = 1 (l :S;;j:S;; n). According to (2.4) there can be only finitely many different elements among (k (kEN). If, for example, (k = (' (k < I), we obtain ('-k = 1, which shows that ( is a root of unity. 0 ~mma

~~

The roots of unity of R from a finite cyclic group which we denote by TU(R) (torsion subgroup of U(R)). Proof Let TU(R) be the set of all roots of unity of R. Clearly, TU(R) is a subgroup of U(R). Each (E TU(R) is of finite order ord(~) = min {meN I(m = I}. (This

331

The Dirichlet theorem

is a consequence of the proof of (2.5).) The group is finite because of (2.4). The proof of T U(R) - and similarly of any finite multiplicative subgroup of a (commutative) field - being cyclic was given in chapter 2, section 5. 0

Example (2.7) (a) For complex quadratic fields we have U(F) = TU(F). Let d < 0 be the discriminant of a complex quadratic field F. Then 1, (d + d t )/2 is an integral basis of F. Each unit eEO F must satisfy N(e) = ± 1 because of (2.2). For e = e l + e2(d + d t )/2 we obtain ± 1 = (2e , + e 2d)2/4 - d(e~/4). (Because of d < 0 the norm of each element of F is non-negative.) For e2 = 0 the only solutions are e = ± 1. For e2 #- 0 we obtain (because of d ~ - 3) and

e2 =

± I,

in case d = -4 e l = e2, 2e 2 in case d = - 3.

Hence, the unit group of a complex quadratic field consists of ± 1 except for iQl( -1)t, iQl( - 3)t where it consists of the 4th, 6th roots of unity respectively. (b) For real quadratic fields there are units which are not roots of unity. For example, in R = &:,[2t] the element e = 1 + 2t has N(e) = -1, hence it belongs to U(R) but obviously it is not in TU(R) because of (2.5). Later on we shall see that TU(R) = U(R), if and only if F = iQl or F is a complex quadratic field (compare (2.16». To determine the structure of U(R) completely, we need (2.8)

Definition

Units el , ... ,ekEU(R) (kEN) are called independent, if an equation e~I. ... 'ek'k = 1 (mjE&:', 1 ~ i ~ k) yields m l = m2 = ... = mk = O. Otherwise they are called dependent. If el, ... ,ekEU(R) are independent units, obviously none of them can be a root of unity. On the other hand, e = 1 + 21 is an independent unit, and so is every power of e in &:,[2t]. To exhibit a maximal set of independent units we make use of Minkowski's Convex Body Theorem. For fixed kE{I,2, ... ,s + t} we choose (2.9a)

subject to n

(I~i~s+t,i#-k),

cj.k<1

cS+I+j,k=cs+j,k. (I~j~t),

DCj,k=ld(R)lt. j= I

(Here d(R) denotes the discriminant of R.) Since n

A:= EB&:'(w\,), ... ,w!S), Rew!s+l), Imw!s+'), ... ,Rewls +,), Imwls+,»' j=1

Units in algebraic number fields

332

is an n-dimensional lattice in /R" of discriminant 2- l ld(R)II/2,R contains an element IXk = IXk(1) #- 0 satisfying (I~j~s),

} (2.9b)

(s

+ 1 ~j ~ s + t),

by chapter 3 (4.4). This, of course, implies

IIXV)I ~ Cj.k (1 ~j ~ n). Thus we obtain a sequence (lXk(l))/EN of non-zero elements of R by choosing Ci.k(l + I)E/R>o subject to Ci.k(l + I) < IlXk(I)(i)1 (I ~ i ~ s + t, i. #- k), } CS + 1 + j.k(l + I) = CS + j.k(l + I) (l ~J ~ t),

(2.9c)

n Ci.k(l + 1) = Id(R)I! II

i= I

for I = 1,2, .... The elements IXk(l) then satisfy

1 > IlXk(l)(j)1 > IlXk(l + I)(j) I (IE N; 1 ~j ~ s + t, j #- k).

(2.10)

All elements of this sequence have a norm whose absolute value is bounded by Id(R)I!. According to (2.3) there must be indices 1< Tfor which IXk(l) and IXk(T) are associate: 6klXk(l) = IXk(T) for some 6kEU(R). The unit 6k satisfies the inequalities

16k(i)1 < I, 16k(k)l> 1 (1 because of (2.10) and IN(6k )1 Lemma Let r = s + t - I and are independent.

~i ~

s + t, i #- k)

(2.11 )

= 1. (2.12)

6k

ER (l ~ k ~ r) be units satisfying (2.11). Then

6 1 ,,,,, 6r

Proof

Let us assume that 6 I" .. , 6r are dependent. Then there exist miEZ (I satisfying Imll + ... + Imrl > 0 and

n

~

i

~

r)

r

1=

(2.12a)

6 i m ,.

i= I

Let [:= {iE{l, ... , r} Imi ~ O} and j:= {l, ... , r} \I. We order thefactors of the right-hand side of (2.12a) correspondingly: (2.12b) which remains valid by transition to conjugates. In case j

=0

we obtain

The Dirichlet theorem

333

TI 16!s+')l m, < 1

(2.12c)

the contradiction

1=

iel

because of (2.11) and LiElmi = LI= 11m;! > O. A similar argument excludes the possibility 1=0. In case I", 0, J '" 0 (2.11) yields 1<

TI 16/ )1 for each iEJ and ]:= J u {jls + t <j < n, j j

tEJ}.

(2.12d)

jEi

Since LiEJlmil and LiElmi are both positive, we obtain 1<

TI TI 16iU)II",,1 = TI TI 16iU)lm, < 1 iEJ jEi

jEi

(1.l2e)

iEi

because of (2.12d), (2.12b), (2.11) respectively. Hence, we get a contradiction in each case, the units 6 1 , ... ,6, must be independent. 0

Lemma (2.13) Let 61 , ... ,6, as in (2.12). Then for every 6EU(R) the units 6, 61 , ... ,6, are dependent. Proof Let aER. For abbreviation we set w(a):=

TI• max {l, Ia(j) !}.

(2.13a)

j= 1

It is obvious that (2.l3b)

lawl :::;; w(a) (l:::;;j:::;; n), n

w(a)-I =

TI min {I, la(j)I} for aEU(R) because of IN(a)1 =

1.

(2.13c)

j= 1

According to (2.4) there are only finitely many elements fJER satisfying w(fJ):::;; w(a). We claim that we can multiply each 6E U(R) with suitable powers (l :::;; i :::;; r) to obtain

6r'

(2.13d) subject to

16\i)I-1 :::;; 1'1(i)I:::;; 16i(i)1

(l:::;; i:::;; r).

(2.13e)

Namely, let us assume that the unit '1 of (2.13d) violates (2.13e), i.e. there is SE{l, -l} such that for some iE{l , ... ,r}. Then

satisfies the inequalities

334

Units in algebraic number fields

for j = I, ... , r + I, j 'I: i; therefore we obtain for () = I:

n n

W(~)-I=

n n

min{l,I~(j)I}>

j=1

min{I,I~(j)I}=w(~)-I,

j=1

and, for () = - I: w@ =

n max {t, 1~(j)1} < n max {t, 1~(j)1} = w(~). n

n

j=1

j=1

Hence, in each case we obtain a unit ~ such that w(~) < w(~). Since there are only finitely many possibilities for ~, as noted in the beginning of the proof, a unit '1 of the form (2.13d) with w(~) = min {W(66~" ... ·6,m r )1 miE~, 1 ~ i ~ r}

must satisfy (2.13e) According to (2.13e) and IN(~)I = 1 an conjugates of ~ are bounded, and because of (2.4) ~ belongs to a finite set of units (2.13f) More precisely, for each that

6E U(R)

there are rational integers m I"'" m, such

(Note: TU(R) cU.) Since U is finite, for each 6EU(R) there are exponents I> m > 0 such that 6' and 6m yield the same element of U. say ~u, i.e. there are m, lEN, ml, ... ,m" 11, ... ,l,E~ such that

Hence, (2.13g) and the units 6, 6 1 , ...• 6, are dependent. From the preceding lemmata we easily derive:

o

Theorem (Dirichlet) (2.14) Let R be a subring of the integral closure of ~ in an algebraic number field F of degree n. Let the ~-rank of R be n, and let F have s + 2t conjugates ordered in the usual way. Let r = s + t - 1. Then the unit group U(R) of R is the direct product of its torsion subgroup, generated by a root of unity (. and r infinite cyclic groups, generated by so-called fundamental units E 1 ' " ' ' E,: U(R)=(O x (E 1 ) x .. · x (E,). Proof The torsion subgroup TU(R) of R was already determined in (2.6). From

The Dirichlet theorem

335

the proof of (2.13) we know that each eE VCR) is of a form e = l1,e l m, ... . 'e rmr

(l1,EU (compare (2.13f),} mj E7L, ejEV(R) subject to (2.11), 1 ~ i ~ r),

(2.15a)

and that each unit is dependent from e I' ... , er' In particular, there are minimal exponents n,EN such that 117' is a power product of e l , ••• er (I ~ I ~ v). Let M:= lcm(n l , ... , nJ.

(2.15b)

Then for each eEV(R) the Mth power eM belongs to the subgroup (f. I ,.··, er) of VCR), i.e. this subgroup is of index at most M in VCR) by chapter 3 (2.9), (2.15c) The rest of the proof is an easy consequence of the principal theorem on finitely generated abelian groups. However, for the reader who is not familiar with this theorem we also prove the remaining part. As a system of generators of VCR) modulo TV(R) we shall obtain Mth roots of suitable power products e';'I. ... · e~r. For this purpose we consider sets of units 9R j defined by

9R j:={eEV(R)le ME(e j, ... ,er )}

(I~i~r).

(2.15d)

In the presentation (2.15c) of eM for eE9R j we have m I = ... = mj _ I = 0 and the occurring mj form a 7L-ideal f;1L,. We choose E j E9R j for which the exponent of ej in (2.15c) is fj (I ~ i ~ r). Hence, given eE VCR) we successively get rational integers a I' ... , ar by eM = e l m, ... . 'f. rmr = E I Ma, e2 ti'2, ••• 'f./ir (2.15e) Therefore (eEia'· ... ·Er-ar)M = I, i.e. eEial. ... ·Er-ar belongs to TV(R), and we have shown that a suitable (ETV(R) and EI, ... ,Er generate VCR). It remains to prove that E I , ... , Er are independent. Let us assume (2.15f) This implies ElmI M ...

"Ermr M = 1,

and we can substitute el , ... , f. r and obtain f.1 hi .... ·e/r = I for suitable hj E7L (I ~ i ~ r), hence hi = ... = hr = O. But, hi = mJI which yields m1 = O. Successively we obtain m 2 = ... = mr = O. This and exercise 1 complete the proof.

o Remark

The preceding lemmata and the Dirichlet theorem are valid also for /' = O. Especially (2.14) yields VCR) = TV(R) iff s + t = I, i.e. s = I, t = 0 (F = 0) or s = 0, t = 1 (F = d)t), dEN, d squarefree).

0« -

336

Units in algebraic number fields

Unfortunately, the deduction of the Dirichlet theorem given in this section is not constructive. Of course, looking through the proofs carefully we could derive a method for determining (, E I"'" Er in a finite number of steps. But this number is too large for practical computations. Therefore we shall develop better ways for the computation of TU(R) and a system of fundamental units in the next sections. We note that a system of fundamental units E I, ... , Er is not at all unique for U(R). For example, we can multiply each E j by arbitrary powers of (. Also, for E I , ••. ,Er being fundamental units, the units til , ... ,tIr satisfying r

n.·=

'fl'

f1 j= I

E.mi) J'

(2.17)

subject to M

= (mij)EGL(r, 1')

are a system of fundamental units.

Exercises

<

I. Let E I , ... , Er be independent units such that U(R) = TU(R) x E I> X .•. x and TU(R) = <0. Prove that for every EEU(R) the presentation E = (ma Ej'····· E:'r (m/E£', 0 ~ i ~ r) is unique. 2. Determine a fundamental unit f. > 1 in £,[7t], £'[37t] using (2.12)-(2.14). 3. Let p be an odd prime number and R = £'[(] for (= e 2 • i / p • Prove: (i) (ii) (iii) (iv)

<Er >

For eE U(R) elt is also in U(R). For eE U(R) the quotient elt satisfies elt = (k for some kE N, 1 ~ k ~ p. Each EE U(R) is the product of an element ofU(R)nlR and an element of TU(R). U(R) = U(£'[( + (-I]) x <0.

5.3. On solving norm equations I In this section we develop a new method for solving norm equations which will be frequently employed in unit group and class group computations. As usual, F denotes an algebraic number field of degree n = s + 2t over Q and OF its ring of algebraic integers. For Q-linearly independent elements a l , ... , anEOF let A = Za l + ... + Zan (3.la) be a free Z-module of OF and RA the corresponding ring of coefficients RA

= {aEoFlaA S; A}.

(3.1 b)

This concept includes two special cases, namely A = RA an order of OF' A an ideal of OF with RA = OF'

(3.lc) (3.ld)

On solving norm equations I

337

For given kEN we consider the task of solving the equation (3.2)

IN(x)1 = k,

by elements XEA. If RA contains infinitely many units and (3.2) is solvable, then there are infinitely many solutions since for XEA subject to IN(x)I = k also IN(xe)1 = k holds for all BEU(R A ) (the unit group of R A ) because of (2.2). Therefore we require additional restrictions for possible solutions x of(3.2) which make the set of solutions finite and also allow an efficient computation of all solutions. From the applications made in later sections it will become clear that those restrictions are connected with the problem in a natural way. From (2.4) we already know that the conditions (3.3) for the conjugates of XEA guarantee that there are at most finitely many XEA satisfying both (3.2) and (3.3). The standard method of determining all solutions of (3.2), (3.3) is the following. We calculate a dual basis (3.4a) for A subject to (3.4b) This is usually done by floating point arithmetic up to a prescribed accuracy (compare section 8). Then the coefficients Xi (I ~ i ~ n) of X=X1IXI + ... +X.IX"EA satisfy Xi

(3.5a)

= Tr(xlXt),

respectively, Ixd ~

L• Ix(j)lllXf(j)l·

(3.5b)

j= I

If the conjugates of x are bounded by (3.3), then (3.5b) yields numerical bounds for Xi: IXil ~

•

L

SjllXf(j)1 =: Ti

(1 ~ i ~ n).

(3.5c)

j=1

The bounds Ti strongly depend on the size of the absolute values of the conjugates of the elements of the dual basis. Hence, we recommend that we operate with a basis IX I , ... ,IX. of A which is reduced with respect to the length :L,'j= I 11X{j)12. Given the box Q:={xEIR·llxd~Ti},

(3.6a)

we just enumerate Q n~· and test for each of its

MQ =

n• (2 LTd + 1)

i= I

(3.6b)

338

Units in algebraic number fields

elements x whether x:= Li'~ I XjIXj satisfies (3.2). Actually it suffices to choose x lexicographically positive and to omit x = O. Hence, there remain

!(M Q - 1)

(3.6c)

possibilities for x for which the norms of the corresponding elements xEA must be computed. Though norm computations can be done by O(n2) arithmetical operations (see section 8) this method cannot be recommended if M Q is large since very few lattice points of 7L n n Q lie on the norm surface IlII Ct/jIX!j))1 = k

(XE~n).

(3.6d)

The following example will illustrate this.

Example (3.7) Let F = Q(14-1), A = RA = OF' IXI = 1, IX2 = 14-1, IXT =!, IX! = 14-1/28. We want to compute all solutions of IN(x)l=k, X=X I +x 2 14-1(xI,x 2 E7L), kE{67, 69}, subject to Sj = 44.81 for k=67, Sj=45.47 for k=69 (i= 1,2). (The bounds Sj are derived from the fundamental unit e = 15 + 4(14)-1, compare chapter 6 (5.2).) Then Qn7L 2 contains 1023, respectively 1137, lexicographically positive vectors x. Among them (9, ± 1)' yield the only solutions in case of k = 67, for k = 69 there is no solution at all. Hence, in the sequel we do not consider all lattice points of Q but cover that part of the surface described by (3.6d) which is contained in Q by suitable ellipsoids centered at the origin. Solutions of (3.2), (3.3) then correspond to certain lattice points of those ellipsoids which can be easily calculated by the methods used in chapter 3. It has been proved in [1] by a worst case analysis that this new method requires only the square-root of the number of the arithmetical operations which the old standard method uses on the average provided that the box Q is large. We had the idea of this new approach when we read the paper [2] by K. Mahler in which he develops algebraic number theory from a new concept. He considers functions on the normalized valuations of F with values in Q> 0, so-called ceilings. This will be discussed in some detail in chapter 6, section 5. However, the result in which we are interested can be formulated and proved without the use of ceilings. The main result is contained in the following theorem. Theorem (3.8) Let (3.2), (3.3) be solvable and YE~>o. Let A, L j , UjE~ (1 ::;;.j::;;. n) be defined by

h: ~> I

t

1 log t

--+~: t 1-+-- - - - ,

t- 1

(3.8a)

On solving norm equations I

g: IR> 1 -> IR: t ~(I - h(t))th(l) + h(t)th(l)- t, AEIR>

Lj:=

y)2/11 is the unique zero of g(t) - ( 1 + k = 0,

1

l -2(

339

(3.8b) (3.8c)

10gk)J ,

log A log Sj - -n-

(I

Then (3.2) has a solution x

=

Li'= 1 Xiai

~j ~

n; R j , Sj as in (3.3)).

(3.8d)

subject to (3.3) and

II

L A lx(j)1 2 ~ n(k + y)2/1I, rj

(3.8e)

j=1

where r

=

(r 1'"

., '",.)'

ElL" satisfies

II

L r = 0,

(3.8f)

j

j= 1

Lj~rj~Uj

(3.8g)

(I~j~n),

rs+l+j-rs+jE{O, I} (I ~j~t) and

#{jll ~j~t,

rS+I+j-rs+j=

I}E{O, I}.

(3.8h)

Proof We start to show (3.8c). For all tEIR> 1 we have 0 < h(t) < 1 since the left-hand side is equivalent to 0 < t log t - (t - I) and the right-hand side to 0 < t - 1 log t. But the last two inequalities are valid for t > 1 by the mean value theorem. Namely, there holds an equality for t = I, and the derivatives of both right-hand sides are positive for t> I. The function f: (0, I) x IR> 1 -> IR: (y, z) ~ (I - y)zY + yzY - 1 is strictly increasing in z for fixed y, and for fixed z it has precisely one maximum assumed for yz:= h(z) = z/(z - I) - I/log z. This is immediate from the corresponding partial derivatives of f. Therefore the function 9 of (3.8b) is strictly increasing in t and because of lim". Jg(t) = 1 we obtain a unique solution ).EIR> 1 of g(t) = (I + y/k)2/n. Let a = alai + ... + a.a.EA be a solution of (3.2), (3.3) which exists according to our premise. We set (3.9a) which implies (3.9b) Hence, we can write Yj in the form (3.9c)

340

Units in algebraic number fields

o ~ t:k < 1 (s <j

(I ~ k < n), }

(3.9d)

< s + t),

and therefore ,,-1

11-1

r"=-

L

rj ,

j= 1

E"

=-

L

Ej

(3.ge)

j=l

because of (3.9b). Let us assume that E"=-m+v

(mE£:~o,O~v
(3.9f)

We show how to change the rj> t:i successively until they accomplish (3.9c) as well as (3.8f, h). In the case of m = 0 we are done. Therefore let us assume m > 0, and let jE{i,2, ... ,n-i} be the smallest index for which Ej=max{E;l1 ~i Ej. In that case we replace v by v - I, m by m - I. (ii) Ej ~ v. In that case we replace Ej by t:j - I, rj by rj - I, m by m - 1 (i.e. E" by t:" + I), r" by r" + I. For s <j < s + t and m > 0 we also replace t:j +f by Ej+f-I, rj+f by rj+f-I, m by m-I, r" by r,,+ I. We note that those replacements have no effect on (3.9c), (3.80. We repeatedly apply this procedure as long as m is positive. Thus we obtain the result

m = 0 and all t:j (l ~j ~ n) are in the closed interval [a - I,a] for a:= max {Ejll ~j ~ n}, 0 ~ a < I.

(3.9g)

Obviously (3.80 is still satisfied as well as rj = r j +f for s + 1 ~ j ~ s + t with at most two exceptions. Namely, in case (ii) r j +f - rj = 1 may occur for one indexj (s <j < s + t) and we don't know about the difference r" - rS+f' Because of(3.9c) we have r j + f - rj = Ej +f - Ej and r" - r S+f = t:" - ES+f and (3.9g) yields that those differences are 0,1 or - I. In the case of r j +f - rj = 0 or of r"-rS+f=O (3.8h) is already satisfied. So let us assume rj+f-rj = Ir" - rs+fl = I. This implies Ej +f = a = t:j + 1 and either E" = a = ES+f + I or E" = a-I = ES+f - I. Hence, we replace t:j +f by t:j+f - I, r j +f by rj+f - 1 and either ES+f by ES+f + I, r S+f by rS + f + 1 or e" by E" + 1, r" by r" + I. This yields r k = rHf (s < k ~ s + t). By these considerations we get (3.8h) in each case. Since (J. satisfies (3.3) we conclude by (3.9a, c) that 2(log R j -log kin) ~ ( - rj + ej ) log A = 10gYj ~ 2(log Sj -log kin) (1 ~j ~ n), hence (3.8g) because of - 1 < ej < 1. It remains to show (3.8e). Using the same notation as before we obtain

On solving norm equations I

for any solution

L" j= 1

IX

341

of (3.2), (3.3):

Ln Atj II ~e/II L «(l-(a-e)),a+(a-ej)Aa- l ) j=1 I =k 2/11 L «I-a)AQ+aAa- l )

Arj ICX(j) I2 = k 2/n

j= 1

j=1

~

k 2 / llg(A)

=

n(k

lI

+ yf/n.

Here, we made use of(3.9a, c), then of the convexity of the exponential function in the interval [a - I,a], applied (3.9d) and then the inequality l(a,A) ~ 1(11(.1.), A) together with (3.8c) shown at the beginning of the proof. D

Remal'ks (i) The parameter )' seems to be somewhat artificial. However it helps to reduce the number of arithmetical operations drastically. The appropriate choice of)' is discussed at the end of this section. (ii) If we actually want to solve norm equations (3.2) subject to (3.3) by using (3.8), we begin by calculating ..t, for example with Newton's method. Then we need to generate all rEZ" subject to (3.8f-h). For each r we then compute all XEA (X=L:'=IXjcxj, XjEZ, I ~i~n) satisfying (3.8e) by chapter 3 (3.15). Since I'j+, = I'j (s <j ~ s + t) is in general not fulfilled because of (3.8h), we must still prove that the left-hand side of (3.8e) is indeed a positive definite quadratic form in XI"'" XII' This is the subject of the next lemma. (iii) If IXE A solves (3.2), (3.3), then (3.9a, c, d) also yield

~

nk2/11 (

.nI Atj )1/11

=

nk2/n.

(3.IOa)

)=1

This can be used in applications to speed up the inner loop of the algorithm (3.15) in chapter 3. (iv) Every solution XEA of (3.8e) is of bounded norm:

(3.l0b) because of (3.9d).

342

Units in algebraic number fields

Lemma (3.11) Let ..1.EIR> 1 and rEd'" subject to (3.8f-h). Then (3.8e) describes a positive definite quadratic form, namely,

I ~j~s s + I ~j s+t+ I

~

s+t

~j ~

(I ~ i ~ n).

n

Proof We easily calculate:

I"

n . 1. j~l i~1 xjcc!i) 12 rj

= LS j=1

. 1.rj

(nL xjcc!i) )2 +. L

s+21

j=1

J=s+1

. 1.rj ( (

.Ln xjRecc!i) )2 + (".~

.=1

xjImcc!i)

)2)

.-1

o Finally, we discuss the appropriate choice of y for applications of (3.8). Naturally (3.l0b) suggests to choose y small. But this results in small values of . 1. and therefore in a large number of quadratic forms to be considered because of (3.8c, d, g). Hence, we rather choose y such that the total number of solutions x of (3.8e) for all r subject to (3.8f-h) becomes small. The number of quadratic forms to be considered is roughly proportional to (log ..1.)I-S-1 because of (3.8d, f, g, h). For each' quadratic form the number of solutions x of (3.8e) is proportional to k + }'. Hence, we compute (3.12a) where g(..1.) was defined in (3.8b). With the argument A* of a minimal solution of (3.12a) we calculate y*:=(y*(Iog..1.*),+I-1 -I)k

(3.l2b)

according to (3.8c). For small values n = s + 2t we present a list of values y*/k:

Computation of roots of unity

343

n,s y*/k

2,0

2,1

3,3 1.9

4,0 0.7

4,2 1.9

5,1

0.7

3,1 0.7

4,4

0.0

4.1

1.8

n,s ·y*/k

5,3 4.0

5,5 7.9

6,0 1.8

6,2 3.9

6,4 7.6

6,6 14.6

7,1 3.8

n,s y*/k

7,5 14.0

7,7

8,0

26.3

3.8

8,2 7.3

8,4 13.6

8,6 25.2

(3.12c)

7,3 7.4 8,8 46.7

These values strongly agree with those for which the computation time in the examples of [I] was minimal. In some examples the choice of "1* instead of "I = 1 reduced the computation time even by a factor of 10- 2 • However, we note that decreasing "1* need not effect the number A(y*) of quadratic forms (3.8e), i.e. of vectors rEZ" subject to (3.8f-h). Hence, we can save additional computation time by choosing

y:= min {YEZ ;.°1 A(y) = A(}'*)}.

(3.12d)

Those numbers A(y) are easily calculated from (3.8a-d, g-h).

Exercises I. Develop an algorithm which generates all rE£:" subject to (3.8f-h) for given input data Li , Vi (1 ~j ~ n). 2. Solve (3.7) by using (3.8).

5.4. Computation of roots of unity From (2.6) we already know that the torsion subgroup TU(R) of the unit group of the order R is a finite cyclic group. We denote its order by g. Obviously, g must be even since TU(R) contains the subgroup I> of order 2. Indeed, ± 1 are the only roots of unity of R in most cases.

<-

Lemma (4.1) If the number S of real conjugates of F = .Q(R) is positive, then ± 1 are the only torsion units of R. The proof is obvious and left as an exercise to the reader. For the case of s = 0 we present two different methods for determining TU(R).

Method I. By (2.5) 'ER is a root of unity, precisely if all conjugates of, are of absolute value one. In that case we clearly have IN(')I = 1, a result we already knew from (2.2). Hence, it suffices to compute all

'E

IN(OI = 1, "WI = 1 (1

R subject to ~j ~ n).

(4.2)

344

Units in algebraic number fields

This can be easily done by the methods of the preceding section. Using the same notation we obtain for A = RA = R that k = 1 in (3.2) and R j = Sj = 1 (I ";;j";; n) in (3.3). Hence, for small n we can avoid the refined approach of (3.8) and just compute Ti (1 ,,;; i ,,;; n) according to (3.5c) and enumerate Qn ifn for the corresponding box as described in (3.5), (3.6). Of course, for larger n we shaH apply (3.8). Either way we obtain a finite set 9Jl of elements of R which contains all (E TU(R). We note that (E9Jl is in TU(R), precisely if it satisfies (4.2) which can be easily checked. Method II The second method is based on the fact that TU(R) is cyclic of order g. Therefore it suffices to exhibit a generating element ( of TU(R), a so-called primitive gth root of unity. Then we obtain TU(R) = <0, a better result than by the first method which only provides all group elements and therefore the order of TU(R). If ( is a primitive gth root of unity, then the same holds for (i (1 ,,;; i ,,;; g, gcd (i, g) = I) since (i has order g, too. Therefore the number of primitive gth roots of unity is given by the value g(t) =

n(t

d - 1)It(gld)Eif[t]

(4.3)

dig

of degree 1(t) = t - 1. We give a list ofcJ>m(t) for even m, m,,;; 24 and m = 30 which can be easily computed from (4.3).

m 2

t2 - 1 --=t+ 1 t- 1

4

t4 - 1 _ _ =t 2 t2 _ I

+I

6 8

10

(t I O-I)(t-1) 4 3 2 (t5_1)(t 2 _1)=t - t +t -t+l

Computation of roots of unity

345

12

14

16

(16 _ I -8--1 =(8 ( -

18

((18_1)((3_1) _ 6 3 (t9 _ 1)((6 _ I) - t - t + I

20

(t2°_1)((2_1) 8 6 (tiO _ l)(t 4 _ I) = t - t

22

(t22 I)(t I) = (til - l)(t 2 - I)

24

((24 - l)(t 4 - 1) 8 4 (t12 _1)(t8 _ I) = t - t

30

(t 30 - l)(t 5 - l)(t 3 - 1)((2 - 1) _ 8 7 5 4 3 (t15 _ 1)((10 _ l)(t6 _ I)(t _ 1) - t + t - ( - t - ( + (+ 1

+I

t lO -

+t

4

2

- (

t9 + t8

-

+I

t7

+ t 6 - t 5 + t4

-

t3

+ t2 - t + I

+1

To determine TU(R) it therefore suffices to compute m with tp(m) maximal such that $m(t) has a root, in R. This means' generates a subfield of F, hence we need to determine those mEN, m even, for which tp(m)ln. Since tp is multiplicative (see exercise 5) this is very easy, of course.

List of even mEN satisfying tp(m)lnfor given nE{2,4,6,8, 1O}. The corresponding polynomials $m(t) where listed in (4.4).

n

2

4

6

8

10

m

2,4,6

2,4,6, 8,10,12

2,4,6, 14,18

2,4,6, 8,10,12, 16,20,24,30

2,4,6,22

(4.5)

For n odd we have m = 2, since tp(pk) is even in case pk> 2. Now, the determination of TU(R) is no longer a problem, whence we know how to decide whether $m(t) splits in R[t] for the finitely many possible values of m for which tp(m)ln. This can, for example, be done by p-adic methods (see [12]). We present a different approach which is in general very

346

Units in algebraic number fields

efficient and gives a complete factorization of a polynomial of Z[t] in F[t], F a finite extension field of 10. We note that F[t] is still Euclidean whereas R[t] is usually not even a unique factorization domain. Of course, we must test afterwards whether the obtained factors in F[t] are already contained in R[t]. The idea of this method goes back to van der Waerden. It was subsequently improved by B. Trager [10]. We present it in a version refined for our purposes. To factor a polynomial get) of F[t] we make use of the fact that it is easy to compute greatest common divisors in F[t]. We use this to make g(t) square-free (by computing g(t)/gcd(g(t), g'(t))) and then to compute its irreducible factors by computation of gcds of get) with suitable polynomials of iQ[t]. Also a transition from polynomials of F[t] to ones of iQ[t] via the norm is needed. In iQ[t] it is no problem to factor polynomials applying Berlekamp's method which is implemented in many higher-level program packages like SAC-2 or MACSYMA (compare chapter 3 (3.43) IT.).

Definition (4.6) Let g(t)EF[t] and gU)(t)EFU)[t] (1 ~j ~ n) be the corresponding polynomials over the conjugate fields obtained by applying conjugation to the coefficients of get) only. Then the norm of get) is defined by N(g(t)) = nj= ,g(j)(t). We note that N(g(t))EiQ[t] and that

Lemma (4.8) Let g(t)EF[t] be irreducible. Then N(g(t)) is the power of an irreducible polynomial oj iQ[t].

Proof Let c(t) be the irreducibe factor of N(g(t)) in iQ[t] for which g(t)J c(t) in F[t]. This implies g(j)(t)Jc(t) in F(j)[t] (1 ~j ~ n) and therefore N(g(t))Jc(t)" in iQ[t].

o (4.9) Lemma Let g(t)EF[t] and N(g(t)) both be square-free. Let q 1 (t), ... , qk(t) be the irreducible Jactors of N(g(t)) in iQ[t]. Then n~=, gcd(g(t), qj(t)) is a factorization of get) into irreducible factors in F[t].

Proof Let g, (t), ... , g,(t) be the irreducible factors of get) in F[t]. Since N(g(t)) is square-free we have N(gj(t)) = qj(t) (l ~ i ~ I and suitable j = j(i), 1 ~j ~ k) according to (4.8). An assumption N(gj(t)) = N(gj(t)) for I ~ i <j ~ I yields a

Computation of roots of unity

347

contradiction because of N(gi(t)) N(git)) = N(gi(t)gj(t))IN(g(t)) and N(g(t)) is square-free. Hence, we obtain qi(t) = N(gi(t)) (1 ~ i ~ I) by reordering the factors of N(g(t)), if necessary. Finally, (4.7) yields k = I and we are done because of gcd(git)), N(gi(t)) = 1 for i =1= j. D We have already noted that it is no problem to make g(t)EF[t] square-free. But even then, N(g(t)) is in general not square-free, take for example g(t)EO[t]. Therefore we substitute t by t - krx in get), rxER a generating element for F, k a suitable rational integer.

Lemma (4.10) Let g(t)EF[t] be square-free and F = O(rx). Then there exists kE"Z such that N(g(t - krx)) is square-free. Proof Let PF) (l ~j ~ II, 1 ~ i ~ m = deg(g(t))) be the zeros of gU)(t). Then the zeros of gU)(t - ka(j)) are fJIi) + krxU). Hence, N(g(t - krx)) has multiple roots if for some indices (i I,j I)' (i 2,j2),j 1 =1= j2: m{1l + krx(j,) = Pi2 (h) + krx(h), or

P.

(h) -

p.

Ull

k ='2aU Il _ a(h) " .

(4.11)

Obviously, there are only finitely many possibilities for k such that N(g(t - krx)) is not square-free. D In practice a few trials k = ± I, ± 2, ... suffice to obtain a polynomial get - krx) with square-free norm. Then we can factor this norm in O[t] and obtain the irreducible factors of get - krx) by calculating polynomial gcds in F[t]. This splits get - ka) into irreducible factors in F[t], and, finally, by the reverse substitution t t--t t + ka we obtain the desired factorization of get). So we are done except for two things. One is the computation of the norm of a polynomial. It can be obtained by calculating Res (M.(x), gAt)) with respect to x, where M.(x) denotes the minimal polynomial of a and gx(t) is obtained from get) by substituting x for a (see exercise 2). There is a modular version for the computation of resultants by Collins (see [I] of chapter 4) which is very fast. However, we suggest a different method. For the computation of U(R) it turns out to be of advantage to compute all conjugates of rx up to machine precision (compare also section 5 of this chapter). Then the norm of g(t)ER[t] is calculated by floating point operations, and since we know N(g(t))E"Z[t] the result is obtained by choosing the nearest integers for the coefficients. (For error estimates see section 8.) This is very easy and has the additional advantage that we need only one substitution t t--t t - krx. Namely, from the proof of (4.10) we know that it suffices to choose k different from all possible quotients (4.11), where the numerator is the difference of roots of conjugates of get) and the denominator is the difference of conjugates of a. A lower bound for the absolute value of

348

Units in algebraic number fields

the denominator is easily obtained once we have computed all conjugates of a. An upper bound for the absolute value of the numerator is also easily derived from the coefficients of the polynomials g(j)(t) (1 ~j ~ n) (compare exercise 4). Hence, for g(j)(t) = "L7'= 0 gj(j)t m - j we compute

2max{lgjUlIgo(j)1 + III ~ i ~ m, I ~j ~ n} min {Ia(i) - a(j)111 ~ i <j ~ n}

T'.-

(4.12)

Then every kEN greater than T does the job. The second remark is that we only obtain a factorization of m(t) over F, the factors need not be in R[t]. That we must check in each case separately. Before we give an algorithm for the computation of TU(R) a simple example is given to illustrate the method. Example (4.13) Let F = 10(( - 3)t). Here we already know TU(R) in case R is the maximal order of F from (2.7). (4.5) yields #TU(R)E{2,4,6}. We already computed 6(t) = t 2 - t + 1 in (4.4). Hence, let g(t) = 6(t), 1'1.= ( - 3)i. From (4.11) we conclude k = 1 and compute

g(t - a) = t 2

2at + 1'1. 2

-

=t2 N(g(t - a)) = (t 2

=

-

t4 -

= (t 2

- t +a + I + 2a)t + (ex - 2), (I + 2a)t + (a - 2))(t 2 2t 3 + 9t 2 - 8t + 7 t + I )(t 2 - ( + 7),

(l

-

(I

+ 21i)t + (Ii -

gcd (g(t - a), t 2

-

1+ (- 3)t t + 1) = t - --2--'

gcd (g(t - a), (2

-

(

2))

1+ 3(-3)i

+ 7) = t - ---2---'

Therefore 6(t) splits in F, but - for example - not in £'[( # TU(OF) = 6,#TU(£'[( -3)i]) = 2.

W].

Hence,

Remarks (4.14) In case R is the maximal order of F, a splitting of m(t) over F is also one over OF' since the roots of m(t) are algebraic integers. In any case it suffices to produce one linear factor of m(t) in R[t] as the primitive roots of unity are powers of each other. After the preceding considerations the following algorithm for the determination of TU(R) is immediate. (4.15)

Algorithm for the computation of TU( R)

Input. The rank n of RI£', a generating equation f(t)

=0

with root aER

349

Computation of roots of unity

such that .Q(R) = iQ(IX), and a module basis WI"'" W of Rover 71.. n splits into n = s + 2t, the number of real, respectively complex, II

conjugates of IX. Output. mE Nand ",(t) such that TU(R) is generated by the primitive mth roots of unity ( with m{O = O. Step 1. (R not totally complex). For s > 0 set m <- 2, 2(t) <- t + I and terminate, else go to 2. Step 2. (Determine possible m). Compute a complete list l! of candidates for m (see exercise 6). Step 3. (Computation of TU(R)). Determine mEl! maximal such that m(t) has a linear factor in R[t] and terminate. (4.16)

Remarks

(i) For s > 0 we must necessarily have m = 2, since any primitive mth root of unity is not in IR in case m> 2. (ii) The successive powers of a primitive mth root of unity ( form an integral basis for the ring of integers in iQ((). That was shown in chapter 4 (5.10). Hence, in many cases the discriminant composition formula, chapter 2 (9.29a), can be used to remove some elements m of l! from the list of candidates in addition to step 2. (iii) The tools for step 3 were developed in (4.6)-(4.14).

Exercises I. Prove lemma (4.1). 2. Let F = O(ex) be an algebraic number field of degree n, and let M .(t)EO[t] be the minimal polynomial of ex. Then there are three different methods for the computation of the norm of

'" Y= Lyjex",-j

(m";;n-I,{/iEO,O";;i";;m).

;=0

Set y(I):= I,7'=ogjt m - j and let Mg be the right regular representation of Y with respect to the basis I, ex, ... , exn - I of F. Using N(g) = nj= I g(j) as definition prove N(y) = det Mg = Res (M.(t), {J(t)). Convince yourself that this result remains valid if y = y(y) is a polynomial of F[y]. 3. Compute TU(R) with both methods of this section for R = J::[p], P a zero of fIt) = t 4 + 4t 3 + 5t 2 + 2t + I. (For example, p = (- 2 + 3! + (-I)t)/2 is a zero off.) 4. Let fIt) = t n + a1t n- 1 + ... + anEC[t]. The companion matrix M f = (mij)EC" X " of f is defined via mij =

I [ - an + I

o

for j= i-I - j

for j = n otherwise

n)}

(2,,;; i,,;; (I,,;; i";; n)

.

350

Units in algebraic n.umber fields

Prove: (a) det(t1 n - M f) = f(t). (b) The eigenvalues of M f are precisely the zeros of f(t). (c) Any zero x off(t) satisfies the estimate Ixl ~ max {Iail + I - !5 in l1 ~ i ~ n}. 5. Prove: (a) cp(pk) = pk - pk-I for kEN, p a prime number. (b) cp(apk) = cp(a)cp(pk) for a, kEN, p a prime number with pIa. (Hint: The natural numbers x subject to I ~ x ~ pka which are prime to a and divisible by pare in I-I-correspondence to the natural numbers y subject to 1 ~ y ~ pk - I a which are prime to a.) (c) cp(ab) = cp(a)cp(b) for a, bE N subject to gcd (a, b) = I. Hence, cp is said to be multiplicative. 6. Use the result of exercise 5 to develop an algorithm which determines for given XEN all mEN subject to m even and cp(m)lx. 7. Develop an algorithm to decide whether two algebraic number fields F I , F2 are isomorphic. (Hint: Try to factorize a generating polynomial for F2 over Fd

5.5. Computation of independent units In this section we describe procedures for computing a maximal set of = s + t - 1 independent units in R. We derive them from lattice points in suitable convex regions of IRn. This process is similar to the one which we used to prove the existence of r independent units in section 2. But Minkowski's Convex Body Theorem (and - as a consequence - chapter 3, theorem (4.6)) just guarantees the existence of non-trivial Jattice points and does not yield an efficient method of computation. For the latter we must choose the convex point sets in an appropriate way. We suggest consideration of special parallelotopes or ellipsoids centered at the origin. This also guarantees that the lattice points found in this way correspond to elements of R of bounded norm. Performing division on these elements in R whenever possible we get elements of small absolute norm very rapidly and thus necessarily associate elements among them. These provide units which then need to be tested for independency. In the sequel we fix a Z-basis WI'"'' Wn of R. Then there is the bijective mapping r

(5.1) It can be extended to an injective mapping of F into IR n, if necessary. We discuss the cases of parallelotopes and of ellipsoids as suitable point sets separately.

351

Computation of independent units

Method I: parallelotopes. The basic parallelotope

Il:= {x =(x

l , ..

·,xnYEIR"I-1 ~ Xi ~ 1, 1 ~ i ~ n}

(5.2)

obviously contains non-trivial lattice points of lL n and also satisfies the premises of Minkowski's Convex Body Theorem. For each xElL" n n we have

B is the upper bound for the absolute norms of all elements of R which will be constructed. Usually q> - I (n n lL") will not provide a maximal set of

independent units. (But compare example (5.11) and exercise 3 of section 6.) Therefore we also consider suitable transforms of n. The transformations 'I' have to be chosen in a way such that the image 'I'(n) still satisfies the premises of Minkowski's Convex Body Theorem, that 'I'(n)n lL" can easily be computed, and that the absolute norms of elements of q> - I ('I'(n) n lL") stay bounded. To satisfy the first two conditions we choose 'I' to be linear of determinant ± 1. To fulfill the third we take 'I' as the regular representation matrix M ro of an element wER\lL multiplied by a suitable constant. Namely, for WER its right regular representation M ",ElL'lX" is defined by (WI'"'' w")w

= (WI'"'' w")M w (compare chapter 2 (3.25a».

(5.4)

As a trivial consequence we obtain (see exercise 2 of section 4)

(5.5)

N(w)=detM w'

The linear transformation 'I' = 'I' w is then given by IN(w)l- II" M w with respect to the basis WI>'''' w .. Obviously, 'I'w satisfies the first property required, i.e. '1'", is linear of det 'I' w = ± 1, hence 'I' w(n) is an O-symmetric parallelotope of volume 2". Also the absolute norms of elements <XEq> - 1('1'w(n) n lLn) are bounded by B because of

n(w):= 'I'w(n) = {IN(w)I-I/" MroXEIR"I- 1 ~ Xi ~ 1, 1 ~ i ~ n},

(5.6)

and

n (IN(wWl/nl(wV), ... ,w~j)Mwx)1 n

j= 1

=IN(wWl

n"

Iw(j)(wY), .. ·,w~)xl

j= I n

=nlx'(wy>, ... ,w~),I~B

for-l~xi~l,

l~i~n.

j= I

It remains to show how we can easily determine 'I' w(II)nlLn. By chapter 3

352

Units in algebraic number fields

(2.7) we compute unimodular matrices U""U;;,I such that M~Uw=:N,. is in Hermite normal form. We recall that Nco is a lower triangular matrix, hence the product of its diagonal elements nii (I ~ i ~ n) is - up to sign - N(w). Elementary integral calculations yield a lower triangular matrix B,.EZ'/xII such that (5.7) M~U ",B", = diag(IN(w)I, ... , IN(w)l). Namely, if we denote the entries of N "" B", by nij, bjj, respectively, (5.7) is equivalent to

L: k= "

JijIN(w)l=

L: njkbkj k=j j

njkb kj =

I

(I ~i,j~n).

(5.8)

Let us assume that we have already computed bij subject to (0;: =jo+ I nkk)lbjoj for fixed ioEZ""o and 1 ~j ~ n. Then (5.8) yields in case i = io + I ~ n: for j = i:b jj = IN(w)l/njjEZ\{O}, for j < i:

for j > i: b jj

= 0; .

hence, we can compute bij subject to bij(O;:=j+ I nkk)-I EZ for i = io + I, 1 ~j ~ n. Thus B",EZ" X " is obtained successively. Let C =(cl"'" e,,)' be a lattice point ofO(w). Then there is x =(Xl>'" ,X")'EIR" subject to -I ~Xi~ 1 (I ~i~n) such that c=IN(w)I-I/IIMwx, and also d = U~c is in Z". Multiplication by B!. yields B~d = IN(w)IC"-I)f"X, hence each cEO(w)nZ" is obtained upon multiplication by (U.;;I)' from a solution dEZ" of II

-IN(w)IC"-I)/"~

L djbjj~IN(w)IC"-l)/"

(i= I, ... ,n).

(5.9)

j=j

Since the ith inequality of (5.9) contains only the coordinates d j , ••• , d", all integral solutions of (5.9) can easily be computed by determining all integers dj solving the ith inequality for each (n - i) - tuple (d j + 1"'" d") already obtained (i = n, n - I, ... , I). Each solution d of (5.9) then is multiplied by (U;;,I)' to obtain all lattice points c ofO(w)nZ": c = (U';; I )'d.

(5.10)

Before we discuss the processing of the integers cp -1(O(w)n Z") we should consider the preceding computations more thoroughly. Let us remember that we started fixing an integral basis WI>""W" of R. The choice of WI, .•• ,W" is of strong influence on the amount of necessary computations, since the size of B of (5.3) is directly affected by it. Let us demonstrate this by a simple but impressive example.

Example (5.11) t t Let R = Z[6 ]. For WI = 1, W 2 = 6 we easily compute B= 6 (see also exercise 5).

Computation of independent units

353

But if we choose WI = 1, W 2 = 2 + 6 t , we obtain B = 5. The corresponding parallelotope contains the lattice point (3, 1)'. We fix W 2 and take cp - 1 «3, 1)') = 3 + 6 t as new basis element W l ' This not only yields B = 3, a much better bound, but also the new basic parallelotope contains cp(e) = CP(WI + w 2) = cp(5 + 2(6)t) as a lattice point, e being the fundamental unit of R. Of course, we would like to choose WI'"'' WII to make B as small as possible. Unfortunately there is no solution for that task as far as we know. Even for the easiest case of a real quadratic number field that problem is about as difficult as solving Pell's equation directly which just means determining the fundamental unit (see exercise 5). From that result we conclude that it will be rather hopeless to look for an optimal ~-basis of R such that B of (5.3) is minimal. On the other hand it suggests to search for basis elements Wi (1 ~ i ~ n) of small norm. Since such a basis is also difficult to determine we instead take a reduced ~-basis of R with respect to the length

(5.12) Because of the inequality between arithmetic and geometric means we obtain (5.13) from which we conclude that elements rt.ER of small length also have small norm. We note that a ~-basis of R which is only pairwise or LLL-reduced (see chapter 3) in general suffices for our purposes. Such a basis can be computed very quickly starting from an arbitrary ~-basis of R. The use of such bases was of great advantage in [6]. Not only was the amount of computation time drastically reduced but also the coefficients of the obtained fundamental units became much smaller, sometimes by several powers of ten. Even for some totally real sextic fields we obtained all five fundamental units from the basis parallelotope II when we used a reduced basis (compare table 6.1 of the appendix). Another comment must be made about the choice of the transforming element WER. It is clear that WE~ would yield Mw=diag(w, ... ,w) and therefore ll(w) = ll. But within R\~ the choice of W is completely free. We would like to choose W such that ll(w) contains many new lattice points. Unfortunately we don't know how to determine w for that purpose. From our experience in computing units we suggest the choice of an element w of small absolute norm and then a few consecutive powers of that element for transforming II and then to switch to another w. Jhis method has several advantages. Elements w of small absolute norm are stored anyway and are therefore always at hand. If w is of small absolute norm, usually the entries of M ware small, too, and the entries of the first few powers of M w still fit

354

Units in algebraic number fields

into one computer word. Also the use of powers M~d = Mrok diminishes the calculations necessary for computing U wk, BWk (see [5]). We note that the choice of transforming elements w should still be investigated in greater detail. See also exercise 6. A final remark concerns the computation of n(w)n ~ •. The method discussed in (5.5)-(5.10) is indeed very simple. All computations (except for 1N(w)l<· - 1)/.) are done in the rational integers and are easily programmable. However, solving (5.9) recursively is not always optimal. In many cases the matrix M~U wand therefore Bro are sparse matrices. Namely, quite often we find for N w: njj = 1 (1 :::;:; i < n), n.n = 1N(w)1 and therefore the entries of N w ofT the diagonal are zero except for the last row. It is easy to see that the same holds for the matrix Bro. Hence, in this case (5.9) becomes

-IN(w)I<·-I)/.:::;:; ddN(w)1 + d.b.!:::;:; IN(w)I(·-I)/. -I N(w)I<· -1)/· :::;:; dn :::;:; IN(w)I<·-I)/..

(1:::;:; i <

n),}

5.14 (

)

In case IN(w)1 is large the recursive solution of (5.14) requires a lot of computation time since only very few ofthe d. in the interval [O,IN(w)I(·-I)/.] can be extended to a vector d satisfying all inequalities. We set k:= 1N(w)I<·-I)/. and note that we can assume d. ~ 0 since we need consider only one solution vector of each pair ± d.

Straightforward algorithm for solving (5.14)

(5.15)

Input. k, b. j (1 :::;:; i :::;:; n). Output. All solutions dE~· of (5.14) with d. ~ O. Step 1. (Initialization). Set d.+-O, L+- - k/IN(w)l, U +- - L, E+-b •• _I/IN(w)l. Step 2. (Does solution d. _ I exist?). In case LU J ~ L go to 4. Step 3. (Increase d.). Set d. +- d. + 1. For d. > k terminate, else set L +- L - E, U +- U - E and go to 2. Step 4. ((dIlA,_I) extendable?). For i= I, ... ,n-l, compute L j+-( -k-d.b.j)/IN(w)l, Uj+-(k -d.bnj)/IN(w)1 and for LUd
r

Remark Algorithm (5.15) requires about 3LkJ arithmetic operations (in steps 3,4) if (5.14) has few solutions and k is much larger than n.

However, for large k we can do better. To solve (5.14) efficiently in that case we transform the problem , suitably. The crucial part is of course calculating the solutions of one pair of inequalities, for example the possibilities for (d._I,d.) corresponding to steps 1-3 of algorithm (5.15). We therefore fix

355

Computation of independent units

the index i (1 ~ i ~ n - 1) in the sequel. We note that bnj ~ 0 because of the matrix N w being in Hermite normal form. Our assumption d" ~ 0 also yields dj ~ O. Setting ko:= II N(w)l(n - 1)/" j, y:= ko - dn we obtain the equivalent inequalities (lbn;!-I)ko~IN(w)ldj+lb,,;!y~(lbn;!+

I)ko,

O~y~ko.

(5.16)

Without loss of generality we can assume Ibn;! > 0 since the case of Beo being a diagonal matrix is trivial and occurs rarely. (But see exercise \.) Because of dj ~ 0 we can drop the condition y ~ ko in case Ib,,;! > ko' Finally, for Ibn;! ~ 2ko all solutions of (5.16) are given explicitly in the following lemma.

Lemma (5,\7) Let (5.16) be given with Ibn;! ~ 2k o. For each djEZ"o with dj ~ (Ibn;! + I)ko/I N(w)1 there are solutions y subject to (5.\6) and all solutions of (5.16) are obtained in this way. The proof is straightforward and left as an exercise to the reader. It remains to solve a pair of inequalities of type j ~ ax

+ by ~ k

(5.18)

for given a,b,j,kEZ"O subject to a>b>k-j~O in X,YEZ"o. Obviously, x, y are bounded from above by Lk/aj, Lk/b j, respectively. We can divide a by b to obtain analogous inequalities with smaller coefficients:

We do this until one of the coefficients becomes less than or equal to k - j. Then the solutions of the last pair of inequalities are computed as in (5.17). The following two lemmata show that this process is correct, i.e. the solutions of the different inequalities are in I-I-correspondence. The underlying idea for this is to consider the range for possible solutions x.

Lemma (5.\9) Letj,k,a,b,s,tEZ"o, a>b, r:=a-La/bJb, s~t~Lk/aJ, r>k-j~O. Then the solutions (x, y)' E(Z "0)2 of j ~ ax + by ~ k subject to s ~ x ~ t and the -rt)/bl ~ u ~ Uk -rs)/bj solutions (u, V)'E(Z"~2 ofj ~ bu + rv~ k subject to are in I-I-correspondence.

ru

Proof It is easily seen that each solution (x, y) with s ~ x ~ t yields a solution (u, v) with 0 ~ S':= rt)/bl ~ u ~ Uk - rs)/bj =:t upon setting u = y + La/bjx, v = x. If, on the other hand, (U,V)'E(Z,,0)2 satisfies j ~ bu + rv ~ k and

ru -

356

Units in algebraic number fields

s ~ u ~ t, we set x = v, y = u -

La/bJv and get

o Therefore we can apply Euclid's algorithm to the pair (a, b) of (5.18) as long as the remainder is larger than the difference k - j. What happens when it finally becomes smaller? ~mma

(~~

°

Let a> b > 0, k ~ j ~ 0, t ~ s ~ be integers subject to l(j - at)!bJ ~ 0, b > k - j, and r:= a -la/bJb ~ k - j. Then for each UE~ satisfying rt)/bl ~ u ~ Uk - rs)/bJ there is a VE~;'o subject to j ~ bu + rv ~ k, s ~ v ~ t, and each such pair (u, v) yields a solution x = v, y = u -la/bJv ~ of j ~ ax + by ~ k satisfying s ~ x ~ t.

ru -

°

Proof

ru -

Because of k - bL(k - rs)/b] ~ rs, j - b rt)/b1 ~ rt, we obtain for every u in the interval [r U- rt)/b 1, L(k - rs)/b J]: k ~ bu + rs, bu + rt ~ j, and because of r ~ k - j for each such u there exists (at least one) v, s ~ v ~ t, satisfying j ~ bu + rv ~ k. The rest of the proof is by similar arguments as in (5.19).

o Before we now develop an algorithm solving (5.18) we need to be a little more explicit about the necessary computations. At each step i we assume to have an inequality j ~ ajXj + bjYj ~ k together with bounds Sj, t j, Sj ~ Xj ~ tj ~ Lk/ad. According to (5.19) we compute qj:= La;/b;J, rj:= aj - qjb j,

aj+ 1 =bj, bj + 1 =rj, ( Xj+I)=(qj Yj+

I

1

°1)(Xj), Yj

Finally, if b. ~ k - j for the first time we must compute XI' YI for all solutions

357

Computation of independent units

Xm

Vj:= (1' ~) Vk - 2 • ••• 'V I = U nG:). For

YII' This is done efficiently in the following way. We set

(I ~i~n-I) for abbreviation and define U k := Vk (2 ~ k ~ n). Obviously, Un is unimodular and satisfies (;~)

Un = (~~

I

~!) we have

Algorithm solving j ~ ax + by ~ k for x, YElL"o

(5.21)

Input: Integers a, b, j, k satisfying k ~ j ~ 0, a> b > O. Output: All pairs (x, y)'E(lL"of satisfying j ~ ax + by ~ k, respectively, 'No solution' if none exists. Step I: (Initialization). Set i +-- I, aj +-- a, bj +-- b, Sj +-- 0, tj +-- Lk/a J, U j +-- (~ ?). Step 2: (bj > k - j?). In case bj ~ k - j go to 4. Step 3: (Long division of a, b). Set qj +-- Laib;J, rj +-- aj - qjb j. Set i +-- i + I, aj+--b j _ l , bj+--rj_ 1 Uj+--(qiil ~)Uj_I' Sj+--rU-bjtj_I)/ajl, t j+-- Uk - bjsj_I)/a;j. In case Sj> tj terminate with 'No solution', otherwise go to 2. Step 4: (Print solutions). For each uElL, Sj ~ U ~ tj compute all vElL such that Sj_1 ~ v ~ t j_ 1 andj ~ aju + bjV ~ k. For each such pair (~) print solution G) = Uj-I(~). Remarks (5.22) (i) In step 4 solutions always exist according to (5.17) and (5.20). (ii) This algorithm is an improvement of the one given in [5]. It requires only one-third of the arithmetic operations of the latter to proceed from level i to i + 1. (iii) To exclude the superfluous solution (0, k o) of (5.16) it is advisable to consider the case So = 0 in step 1 separately and then to proceed with So = 1. Method II: ellipsoids Again we apply (3.8) in the case A = RA = R, k = I. However, there is the problem that we do not know realistic bounds (3.3) for the conjugates of the elements of bounded norm which we are looking for. Hence, we omit (3.8d) and modify (3.8g) to:

Irjl ~ m

Irjol = m, (5.23) positive integer. The initial value is m = 1 of course. If all

(1 ~j ~ n)

and there is an indexjo such that

where m denotes a lattice points of all ellipsoids (3.8e) have been determined for a fixed value of m, then we increase m by 1 and proceed until a maximal set of independent units has been determined. We remark that the condition hoi = m guarantees that no ellipsoid is considered twice. From (3. lOb) we know that the norms ofthe elements found

358

Units in algebraic number fields

as lattice points are bounded by 1 + y in absolute value. The appropriate choice of y was discussed at the end of section 3. On the other hand, we can also choose y in such a way that the obtained ellipsoids always contain non-zero lattice points. By Minkowski's Convex Body Theorem we find by an easy calculation that a choice of (nI2)!

y

{ ~ -1 + (~)'" Idll (l~\ nn 2" _n_

2

) I

.

for n even for n odd

(5.24)

is sufficient for that purpose (see exercise 4). Of course, this can not be recommended if the absolute value of the discriminant of R is large. Method II has the advantage that it proceeds in a systematic way. Hence, it is guaranteed to provide a maximal set of independent units. Moreover, the procedure of increasing m makes it likely that not only independent but fundamental units are detected. After we showed how to produce sufficiently many elements of R of bounded norm we need to consider the processing of such elements once they have been computed. Let xER be the last element obtained from the parallelotope under consideration. We assume that the elements determined earlier are stored in some array X which contains nx elements of R of bounded norm at the moment. The corresponding norms - respectively their absolute values - are stored in an array X N • Moreover, we need auxiliary arrays i, iN of fix elements each. The initial values are nx = fix = 0, of course. Algorithmfor comparing x with stored elements of small absolute norm (5.25) Input. xER of absolute norm N x> 1, arrays X, X Noflength nx as described above. Output. X, X N, nx and/or units B 1 , ... , Bp. Step 1. (Initialization). Set fix +- 0, k +- 0, p +- 0. Step 2. (X completely searched?). Set k +- k + 1. For k > nx go to 6. Step 3. (Next element of X). Set a+- X(k), N« +- X N(k). For N« > N x go to 5. Step 4. (Compare X(k), x for XN(k) ~ N x ). For m:= N)NAlL go to 2. For p:= x/a¢R go to 2. For m = 1 set p+- p + 1, Bp+- Pand go to 7. For m > 1 set x +- p, N x+- m, k +- and go to 2. Step 5. (Compare X(k), x for X N(k) > N x). For m:= N IN All go to 2. For p:=a/x¢R go to 2. For i=k, ... ,n x -1 set X(l)+-X(l+ 1), X N(l) +- X N(l + 1), nx +- nx - 1. Then set fix +- fix + 1, i(fi x ) +- p, i N(fix) +- m, and go to 4. Step 6. (Insert x into X). Set nx+-nx+ 1, X(nx)+-x, XN(nx)+-N x .

°

Regulator bounds and index estimates

359

Step 7. (Decrease X) For fix =0 terminate. Else set x <- X(tl x ), N x <- X N(fi X )' fix<-fix-l, k<-O and go to 2. The processing of the units obtained from (5.25) will be discussed in section 7 of this chapter. At this stage it is enough to know that we can produce as many units as we may need by this method. Of course, all units of the output belonging to TU(R) will be eliminated. Extensive computations have shown that it is not recommendable to process all x found via the parallelotopes to (5.25) but only those among them whose absolute norm is less than 10000. (The bound B of (5.3) can of course be much larger.) More advanced techniques also involving the ideal factorization of the involved algebraic integers are generally too complicated for unit computations. They are recommended of course, if also the class number of F is to be determined. These refined methods will be discussed in chapter 6.

1.

2.

Exercises Compute n(w)n£:" in R = £:[a] for w = a6 and a a zero of t 3 -7t -7 = O. Let a be a zero of t 3 - t - 1 = 0 and R = £:[a]. Compute n(w)n £:" for w = (a + 2)5

with algorithms (5.15) and (5.21) and compare the number of arithmetic operations of both methods. (It cannot be recommended to do this exercise without a pocket calculator - preferably a programmable one.) 3. Compute an independent unit in R = £:[14t] with the methods of this section. 4. Prove that a choice of y according to (5.24) guarantees that each ellipsoid (J.8e) contains a non-zero lattice point. 5. Let R = £: + £:mt, mE£:,,2 square-free. To choose a basis WI = a + bmt, W 2 =e+dm t for R which minimizes B of (5.3) means to solve min {max {I(xI(a + bmt) + x 2(e

+ dmt))(xI(a - bmt) + x 2(e - dmt)) II

-I ~Xj~ I, i= 1,2}la,b,e,dE£:, ad-be= ±I}. Show that this requires us to solve min {max {I( - a + e)2 - m( -b + d)21, I(a

+ ef - m(b + d)21, K I, K 2}1

a,b,e,dE£:, ad - be =

± I}

K j := {I- m/(N(wj))I I

in case.l(ae - mbd)/N(wj)l ~ I, otherWise

for

i = \,2.

6. Show that for any BE U(R) there is an element WER such that "'(el) = epee), i.e. epee) is in the transformed parallelotope. Hence, in principle each unit can be obtained as a lattice point in a suitable transform of the basic parallelotope.

5.6. Regulator bounds and index estimates In order to obtain an upper bound for the index of the computed subgroup U.(R) in the whole unit group U(R) we interpret this index as a ,"l-module

Units in algebraic number fields

360

index. Namely, by taking logarithms the multiplicative structure of U(R) becomes an additive one. This obvious procedure is used in most textbooks already in the course of the proof of Dirichlet's Theorem. We consider two mappings of U(R) into logarithmic space: L 1: U(R)~lRs+t: el-+(CIIOgle(1ll, ... ,Cs+tIOgle(s+t)I)',} L 2: U(R)~lRr : el-+(c l logle(l)l, ... ,cr logle(rl l)t,

wherec.={' J 2

forl""j""s

else

(6.1 )

•

The following properties of L j (i = 1,2) are obvious: (a) L j(el1) = Lj(E) + L j(l1) for all e, I1E U(R), (b) Ker(Lj(U(R))) = TU(R),

(6.2)

r

(c) cs+tlogle(s+tll = -

L cjlogle(jll

j= 1

for the coordinates of

L1(E) (eEU(R».

The next result is not quite so obvious but it will turn out to be of great use later on. Lemma (6.3) Let U.(R):= TU(R) x <e l >x ... X <Er >be a subgroup offinite index in U(R). Then Lj(ej) (1 ~j ~ r) are IR-linearly independent (i = 1,2). LI(el)t, ... , L1(e r)' and (cl, ... ,cs+t)' form a basis oflR s+t. Proof Let E1, ... ,Er be a system of fundamental units of U(R). There is MEN and al'vE71. (1 ~ Ii, v ~ r) such that IE~I = In~= 1e~'I. Obviously, the matrix A:= (1/ M)(a".)1 ""P.'' ' , is invertible. On the other hand U(R) contains (independent) units 11 I' ... , I1r for which II1~Vll < 1, 111::'ll> 1 (1 ~ v ~ s + t, 1 ~ Ii ~ r,li"# v). Analogously there is a matrix BEGL(r,71.) transforming E1, ... ,Er into 111, ... ,l1r up to roots of unity. Therefore we obtain (

L2(:I1I)') = BA Lil1r)'

(L2~Edt)

=:c

L 2(e r)'

with a regular matrix BA. Hence, it suffices to show that L 2(11 1), ... , L 2(l1r) are IR-linearly independent which is equivalent to det (C) "# O. Let us assume that the columns of C are linearly dependent. Then there exist t 1"'" trEIR subject to tk:= max {t;l 1 ~ i ~ r} > 0 and LJ= 1ticjlogll1!ill). ""i"", = O. Considering the kth coordinate we get the contradiction r

0=

r

L tjcj logll1Vll = j=1 L t j c logll1Vl l + tkck logl'1kkl l j=1 j

Hk

Regulator bounds and index estimates

~

tkCk log 1'1~k)1

+

'361

r

L tkCj log I'1~j)1 = t k( -cs+,log I'1~S+I)1) > O. j= I

Uk

Therefore L 2 ('1 d, ... , L 2 ('1r) are IR-linearly independent implying that L 2 (e 1 ), ... , L 2 (e r ) and also L1(ed, ... , LI (e r ) are IR-linearly independent. To prove the second statement of the lemma it suffices to show that the vector (c I' ... , CS + IYis IR-linearly independent from LI (e 1), ... , Ll (e r ). If it were not, there would bea presentation (c I, .. "CS+1t = Ll= I tjLI(ej)(tjEIR, 1 ~ i ~ r, max {Itj 111 ~ i ~ r} > 0). But then addition of the coordinates yields the contradiction s+t

s+2t=

s+t

r

L Cj= j=lj=1 L L tjcjlogleF)1 j=1

o Corollary 1 (6.4) Let U,(R) be a subgroup of U(R) of finite index. Then Lj(U,(R» is a free ~ -module of rank r (i = 1, 2). Corollary 2 Let U,(R) be a subgroup of U(R) of finite index. Then (U(R): U,(R» = d(L 2(U,(R»)/d(L 2(U(R»).

(6.5)

Proof (6.4) is obvious. For the proof of (6.5) we note that (L 2 (U(R»:L 2 (U,(R))) = (U(R): U.(R» follows from the homomorphism theorems of group theory. 0 Then chapter 3 (3.6) is applied. Definition (6.6) Let U,(R):= TU(R) x <e l >x ... x <er >be a subgroup of U(R) offinite index. Then the mesh d(L 2(U,(R») is called the regulator Reg (Ut(R» of Ut(R). In case R = CI(~, .Q(R» the regulator of U(R) is also called the regulator of the field F = .Q(R). We denote it by Reg F , or in short by R F •

At the present state of our computations of U(R) we assume that we already calculated independent units e l , ... , er generating a subgroup Ut(R) of finite index up to roots of unity. Now we can calculate Reg(U,(R» from Reg (U.(R» = abs(det(cjlogleF)I)I';i,j.;r) and obtain an upper bound for the index

(U(R)' U (R» = Reg (U.(R» " Reg(U(R»

U nits in algebraic number fields

362

once we know a lower bound for Reg(U(R)). To derive such a lower bound is the goal of the rest of this section. We apply the tools of chapter 3, namely, following Remak [7] we consider n

L (logleUll)2 j~

(eEU(R)).

(6.7)

I

Representing e by fundamental units this becomes a positive definite quadratic form. The determinant of this quadratic form is essentially Reg (U(R)). Thus we get a lower bound for the regulator of U(R) by chapter 3 (3.34), as soon as we have derived a lower bound for (6.7). Let us fix a system of fundamental units E I , ... , E, of U(R). Each eE U(R) then has a (unique) representation by E I, ... , E, and some element of TU(R). Hence, for le(j)1 (1 ~j ~ n) we obtain

,

L xjlogIE/j)1

10gle(j)I=

Using the constants cj (1 n

s+t

j=1

j~1

(XjE~, 1 ~i~,., 1 ~j~n).

(6.8)

I

j=

~j~s+t)

of(6.1) we convert (6.7):

L (logle(j)1)2 = L cilogle(j)1)2 ,

=

L j.j~

(cs-+\cjcj+bijc)logle(i)llogle(j)1 I

,

-. L

"'V~ I

q"vx"xv'

This shows that (6.7) is indeed a quadratic form. It is positive definite since (6.7) is always non-negative and becomes zero only in case all conjugates of e are of absolute value 1. But then e is in TU(R) because of (2.5), hence (6.7) vanishes only in case of XI = ... = x, = O. The next step will be the computation of the determinant of the quadratic form. It is easily seen that the matrix equation (q"v)1 .;".\..;, =

(Ck

log IE~k) 1)1 .;".k.;,(dj.j)1 ';;j.;,(c,log IE~)I)I .;,.• .;,

is satisfied for 1: -1 d jj = cs-+,I + uijcj

(1

..

)

~ l,j ~,. .

The evaluation of the corresponding determinants yields det (qj) = Reg (U(R))22 -'n because ofLI=1 Cj=n-c s +" ni~~ Cj-I =2-' and exercise 1.

(6.9)

363

Regulator bounds and index estimates

In view of chapter 3 (3.34) it remains to give a lower bound for (6.7) in case BEU(R)\TU(R). This will be done by analytic methods. We set (6.1 0) and then minimize II

I. xJ

j~

(6.11a)

1

subject to suitable side conditions coming from the properties of B of U(R). Obviously, we can require (6.11 b) because of IN(B)I = 1. But then a criterion which excludes the solution = 0 is most important. The image of R under the mapping

XI = ... = XII

t/I: R -t 1R": Wf-+(w(1), ... ,w(S),

} 21 Rew(s+ 1), 21 Imw(s+1), ... ,21 Rew(s+/), 21 1m

W(S+/»)'

(6.12) is a lattice t/I(R) of mesh Id(R)I. For the lattice vectors t/I(w) the usual Euclidean norm in 1R" is (6.13)

It is no problem to compute the successive minima of t/I(R) with respect to II II by chapter 3 (3.36). Usually it suffices to calculate only M I ' M 2, M 3 which coincide with 1It/I(wdIl 2, II t/I(w 2 ) 11 2, 11t/I(w3)11 2 for a reduced basis t/I(w l ), ••• , t/I(w ll ) of t/I(R) (compare chapter 3 (3.32)). And a reduced basis for R was already used in the preceding section. It is easily seen that MI

=n

for t/I(1).

(6.14)

Namely, every wER, w #- 0, satisfies IN(w)1 ~ 1, hence T 2(w) ~ n by the inequality between arithmetic and geometric means. The same argument yields

II t/I(w) II = n1¢>wETU(R).

(6.15)

This implies that a basis of R consisting of roots of unity WI' •.• , WII satisfies I t/I(w j ) 112 = M j = n (1 ~ i ~ n). And this happens in all cyclotomic fields. On the other hand, for TU(R) = {± I} we get M 2 > n and for n = s we even have M 2 ~ (3j2)n [8] (note that T 2 (w) = Tr (W 2)EZ in this case).

Remark (6.16) For BE U(R)\ TU(R) we always have II t/I(B) 112 ~ M 2. However, in case (1 + 51)j2E U(R), for example, M 2 ~ 3(nj2) independently of the discriminant of R. Therefore, in case of .Q(R) having proper subfields, higher

364

Units in algebraic number fields

successive minima usually must be taken into consideration to obtain a good lower bound for (6.7).

Theorem Let M*:= min {T2(w)lwEU(R)\TU(R)} eE U(R)\ TU(R) satisfies

= Tz(w*).

Then

(6.17) M* > nand

Proof We set x/= log le(j) I (I ~j ~ n) and minimize. II

f(x):=

L1 xJ

j=

subject to 2,'1= 1 Xj = 0 and 2,'1= 1 e2xj ~ M*. A vector XEIR which satisfies both side conditions is called a feasible solution. Obviously, there are feasible solutions x, for example those corresponding to units eER\ TU(R). Now (6.15) implies M* > n. Hence, each feasible x must have positive and negative coordinates. Let YEIR" be feasible. Then each xEIR" withf(x) ~f(Y) necessarily satisfies - f(y)t ~ Xj ~f(y)t (I ~j ~ n). Hence, the existence of a global minimum is guaranteed. If the minimum is attained, let us say for the vector Z, the second side condition must be active, i.e. 2,'J= 1 e 2zJ = M*. Otherwise we could decrease the maximal coordinate of Z by a very small constant b and increase the minimal coordinate of z by b to obtain a new feasible solution Z6 with f(Z6)
2xj + A + 2/le 2Xj = 0 (l ~j ~ n),

L"

e2xJ

= M*.

j= 1

For fixed /l the function g(x):= X + /le 2x with derivative g'(x) = 1 + 2/le 2x is strictly increasing for /l > O. But then g(x) = - AI2 cannot have different solutions for X < 0 and x> 0, a contradiction to our conclusion from above. Hence, /l must be negative and we get exactly two solutions u > 0, v < of g(x) = - A12. This means that we must minimize su 2 + (n - S)V2 for u > 0, v < 0 and sE{I, .. . ,n -I} subject to su+(n-s)v=O and se 2"+(n-s)e 2v =M*. Since e and e- 1 yield the same valuef(x) we can assume s ~ n12. We substitute v=sul(s-n) and u=«n-s)/2)logy (YEIR>l) and obtain the equivalent problem: Minimize tns(n - s) (log y)2 subject to G(s, y):= sy" - M* yS + n - s = 0

°

for

(s,Y)E[nI2,n-l] x(l,oo).

Because

of

Gy(s'Y)=>(Syll-~SM*Ys)

the function G(s, y) has exactly one minimum for fixed s. Hence, G(s, 1) = n - M* < yields exactly one solution y:= h(s) of G(s, y) = for fixed

°

°

Regulator bounds and index estimates

s. We shall prove that F(s):= s(n - s) (Iogy)2 increasing in s. Namely,

= s(n -

365

s) (Iogh(S))2 is strictly

F'(s) = (log h(s))2(n - 2s) + s(n - s)2 10g h(s) h'(s) h(s)

= log h(S)((n _ 2s) log h(s) + 2s(n -

h(s)

s) (_ Gis, y))) Gy(s, y)

I (( n- 2s)1 ogy- 2(n - s)(y"- I -IOgYM*YS) . =ogy ny" - M*yS Because of y > I, G(s, y) = 0 and the denominator in the last term being positive we obtain the following chain of equivalent inequalities F'(s) > 0,

(n - 2s) log y(ny" - M*yS) > 2(n - s)(y" - I -logyM*y'), logy(n(n - 2s)y" + nM*yS) > 2(n - s)(y" - I), log y,,/2 > (y"- 1)/(y" + I). Setting z = y" we need to prove t log z > (z - 1)/(z + I) for z > I. But this last inequality follows from 1/(2t) > 2/(1 + t)2 (t> I) by integrating both sides from 1 to z. Thus we have shown that (n/4)s(n - s) (log h(S))2 is strongly increasing (even for 1 ~ s ~ n - 1 (!)). Because of our assumption s ~ n/2 the minimum is attained for s = n/2. But then G(s, y) = 0 implies 2 y" _ -- M* y,,/2 + 1 = 0, n i.e. M* (M*2 )1/2 y"/2 =--+ - 2 - - 1 , n n

o

and the theorem is proved.

Remarks

(6.18)

(i) M* can be easily calculated by chapter 3 (3.15). (ii) In case n is odd the estimate of (6.17) can be slightly improved by computing y> I from G((n+ 1)/2,y)=0 and then (n/4)F((n+ 1)/2) as a lower bound for Ii=1 (Iogle(jlI)2. (iii) It seems somewhat puzzling that we can stipulate s = n/2 even though F(s) is strictly increasing in [I, n - I]. The reason for this is that e and e- 1 yield the same value Ii = 1 (log Ie(jl If but I tjJ(e) II and II tjJ(e - I) II can differ substantially. Corollary The regulator Reg(U(R)) of R satisfies the inequality

Reg (U(R))

~

(MoYr-r2'n-I)I/2.

(6.19)

Units in algebraic number fields

366

Proof By (6.7), (6.9), chapter 3 (3.34), (6.17).

o (6.20)

Examples

(i) Let R = £'[p], p a zero of t 3 + (2 - 2t - I = O. The conjugates of p are p = p(I) = 1.247,p(2) = -0.445, p(3) = -1.802 and the discriminant of R is dR = 49. A reduced basis is WI = I, W2 = p, W3 = p2 - 2 yielding the successive minima M I = 3, M 2 = M 3 = 5. These data yield a lower regulator bound Reg (U(R)) ~ 0.45 which is very close to the real value Reg(U(R)) = 0.53. (ii) Let R = £'[p], p a zero of t 4 - 2t 2 - I = O. A reduced basis of R is WI = I, W2 = p, W3 = p3 - 2p, W4 = p2 - I providing M 1= 4, M 2 = M 3 = 4(2)t, M 4 = 8. Hence, we obtain 0.48 as a lower regulator bound whereas Reg(U(R)) = 1.35. If O(R) contains proper subfields then the estimate (6.19) for Reg (U(R)) may be too weak. In that case we need to take into consideration higher successive minima of (6.7). Let M1EIR>o be minimal such that there are independent units el, ... ,e; in U(R) satisfying lIej112::;;M1 (I ::;;j::;;i) for some natural number i. As in (6.17) we set Mo;:=(n/4)(log((MNn)+((M12/n2)-1)1/2))2 and obtain

(6.21)

Theorem

The proof hinges essentially on chapter 3 (3.34) and is left as an easy exercise to the reader. Though (6.21) yields the best lower bound for Reg(U(R)) which we know so far we also present some other explicit bounds at the end of this section. From the results of [3], [4] we excerpt Reg(U(R))

~

((

3(1og(ld(R)l/n"))2 (n - I)n(n + I) - 6t

)r -2'

ny~

)1/2

(6.22)

in case O(R) is primitive over iQ and Id(R)1 > n°. Moreover, for t = 0 and n::;; II the constant n" in (6.22) can be replaced by 41"/21. If R contains proper subrings, the units of those subrings must be taken into consideration (compare Satz XII of [3]). The results in [3], [4] were stated only for maximal orders R but the methods also apply to non-maximal orders. Lower regulator bounds can also be obtained by means of Analytic Number Theory. The best known result is due to Zimmert [14]. Satz 3 of

Computation of fundamental units

367

his paper states for arbitrary l' > 0 and a maximal order R of a field F of degree n = s + 2t: Re g (U(R)):>-(I+1')(1+2 1' )r(I+ )'+'r(~+ )'2- S - ' -,/2 # TU(R) 7 2 l' 2 l' n

(I

r' -2+ 1') +ty r' ( xexp ( (-1-1') ( (s+t)r

2 1)).

1+21') +:Y+l+1'

(6.23)

This estimate yields good results for n ~ 6 and small discriminants. Optimal values for l' are in the interval (0, I). Unfortunately Zimmert's result does not depend on specific data of the field F, e.g. its discriminant. We close this section by presenting also an upper estimate for the regulator of a field F of degree n = s + 2t and discriminant dF • Using an idea of Landau Siegel [9] proved by analytic methods

< 2 -S4(2n)-,(be log IdFI)n-lldFI-l:

Reg F for b = (I

(6.24)

n-l

#TU(F)

+ log nl2 + (tin) log 2) - I. Exercises

I. Let IX, (J I' ... ,firE fR and

n~ ~

I

Pi # o.

2. Let R be totally real. Then for all

Prove

eE U(R)\ TU(R)

L (log le(})lf ~ 11 n

j~1

(

we have

1+ 5 log-t

2

)2 .

(This result is obtained in [4] in a completely different way.) 3. Let p be a zero of t4 + t 3 - 3t 2 - t + 1 = o. Show that p, p + 1, p - 1 are a system offundamental units in l'[p]. (On the other hand, the iQ-rank of "'(1), "'(p), "'(p + I), "'(p - 1) is only two.) 4. Compute a lower regulator bound for R = l'[PJ, p a zero of t 4 + 2t 2 + 2 = 0, and compare it to Reg(U(R)). 5. Show II "'(ek ) II :S.:; 1I!/J(eH')1I for eEU(R) and kEl'''o.

6. Prove (6.21) and apply it to example (6.20) (ii) for i = 2.

5.7. Computation of fundamental units From the two previous sections we assume that we can determine as many units EE U(R) as will be needed and that we know a lower regulator bound for Reg(U(R)). The computation of fundamental units will then be carried out in three steps. In step I we produce r independent units 'It, ... , fir of R.

368

Units in algebraic number lields

In step II we use additional units for a potential enlarging of the subgroup V~:= TV(R) x ('II) x ... x ('1r) of V(R). Finally, in step III we determine V(R) from V,,. Because of step II the last step will usually be a verification of V(R) = V~. In extensive calculations of fundamental units the groups V" and V(R) turned out to be different after step II only in about 3% of all cases.

Step I: construction of r independent units

°

assume that we know already ~ m < ,. independent units '1j(1 ~ i ~ m; mEZ"o), hence also b j := L 2 ('1j) and the corresponding orthogonal vectors bt (compare (6.1), chapter 3 (3.24». Each time a new unit 'IE V(R)\ TV(R) is found by (5.25) we set bm + 1= L 2 ('1) and compute b!+ I' In case ofb!+ 1= 0 we increase m by 1. In this way we proceed until m = ,. is obtained. Then we

We

easily calculate r

Reg(V~(R»=

n IIbtll

j=

I

for V~(R)= (TV(R),IJI,""'1,).

We note that it can be difficult to check whether the (floating point) vector b!+ I is zero. Because of n~= III bt II ;:;, Reg(V(R» (for which we know a positive lower bound) the II bt II cannot be too small in general. If we must assume a linear dependence, however, we either search for another unit IJ or we proceed as in step II.

Step II: enla,.ging of Vq(R) After the computation of a subgroup V,,(R) = (TV(R), '11, ... ,llr) of V(R) of finite index we try to enlarge this subgroup by additional units '1r+ I in case the quotient of Reg(V~(R» and of a lower bound for Reg(V(R» obtained by the methods of section 6 is still ~ 2. Applying chapter 3 (3.48) to L 2 (lJj) (\ ~ i ~,. + \) we get integers m l , ... , mr+ I subject to L~;!": Imd > 0, L~;!": "jL 2 (1J;) = 0 and units iii"'" iir such that V,lR) = (TV(R), iii"'" iir)3lJj (\ ~ i ~ r + \). If V q is not enlarged for - let us say - five more units we assume V q (R) = V(R) and proceed to step III.

Step III: computation of a system of fundamental units As an easy consequence of the fundamental theorem on finitely generated abelian groups we obtain:

Theorem (7.\) Let '1 I"'" IJk (0 ~ k < ,.) be part of a system of fundamental units of R. Then IJk + I E V(R) also belongs to that system, if and only if the equation '1k+ I = ('IT'" ... '1J':"w m

((E TV(R); mj, mEZ, \ ~ i ~ k; WE R)

(7.2)

is unsolvable for Im I ;:;, 2. A proof is easily derived from the elementary divisor theorem and chapter

369

Computation of fundamental units

3 (2.9) (see exercise 1). We note that for k = 0 the theorem gives a criterion, whether '11 is a fundamental unit. The theorem will be suited for constructive purposes only if we can test the solvability of (7.2) in finitely many steps. If (7.2) is solvable, then W is clearly a unit. Therefore we can assume m > 0 without loss of generality. Next we can choose the mj to be non-positive and greater than - m by replacing the solution W by W

n '1/ m;/ml n '1/ mdm1 . k

k

j= I mi>O

mj
j= I

Thus the solvability of (7.2) is closely related to the solvability of

Iw(jl"'I=lj~ ('1jil)-m;'1PLI

(1

~j~n)

(mEN, m ~ 2; mjE7L.<>.o,-m<mj; I ~i~k).

(7.3)

Namely, if(7.3) is not solvable for WER then (7.2) is insolvable, too. A solution of (7.3) does not necessarily imply that (7.2) is solvable, however w m might differ from the power product of the units on the right by a root of unity not contained in TU(R). Of course, this can be easily checked. As a consequence the solvability of (7.2) can be checked in finitely many steps since m can be bounded by (7.4)

m~q,

q the quotient of the regulator of the computed unit group U ~ and the lower

bound of Reg(U(R» derived in section 6. We present three different methods for testing the solvability of(7.3) under the restriction (7.4) for k = 0,1, ... , r - 1. Their application either proves that the computed unit group U ~ already coincides with U(R) or it produces larger subgroups U~ of U(R), until the whole unit group is obtained. It is clear that the tests need to be done only for prime numbers p ~ 4. Namely, a solution of (7.2) provides also a solution for each divisor mof m. Method 1. In case q, r are small we recommend a straightforward attack on the problem. Any potential solution WER of (7.2) has a presentation (7.5)

where WI"'" Wn denote a 7L.-basis of R. As in section 3 we compute the corresponding dual basis WI *, ... , W.* defined by Tr(wjw/)

= bij

(1

~

i, j

~

n).

(7.6)

Then (7.2) yields n

e/ = Tr(ww/*) =

L (C'1Vl- m,..... '1~l-m.'1~~ dl/mwj*(j)

(1 ~ i ~ n). (7.7)

j= I

Here the right-hand side is to be calculated numerically for all possibilities

370

Units in algebraic number fields

°-

(ETU(R), ~ mj < m (l ~ i ~ k), m a prime number below q. If the (floating point) calculation yields ejE~ (I ~ i ~ n), then the corresponding w is a solution of (7.2) which again can be checked by integral computations. Since we have to compute mth roots this procedure can usually be recommended only for totally real fields and m #- 2. For totally real fields and m = 2, the insolvability of (7.2) can in general be decided upon considering the signs of IljUJ. Since mjE{O, I} in that case we can easily check whether the products []~= ,Illi)"" can be all negative or all positive (1 ~j ~ n). Method 2. In more complicated cases we suggest applying the following method. Instead of computing the coefficients ej of a possible solution w for all possibilities of m, mj, ( (l ~ i ~ k, (E TU(R» we give worst case upper bounds for the conjugates of w. Obviously,

R/=

min

Ii min(l, leP)I("'-I)lm») ~ Iw(j) I

(leVt ,I '1m

2~m~tJ

~

max 2~m~ll

i::;;:.l

(leVLll/mIi max(1,le P)I(m-1) /m») 1=1

=:Sj (1 ~j ~ n), (7.8) and we can apply (3.8). The units obtained still need to be tested whether they indeed satisfy (7.3) and finally (7.2). But this again is easy. We take logarithms on both sides of (7.3) and obtain the following system of linear equations k

mL 2 (w)

+

L1 mjL 2 (IlJ = L 2 ('Ik+ d

(7.9)

j=

in the unknowns m, m 1, ... , mk. If (7.9) is unsolvable over ~ for all obtained units w, then (7.2) is unsolvable also and we can increase k, repeating this process until we have obtained r independent units. If (7.9) has a solution (m, m" ... ,mSE~k+ 1 with Iml ~ 2, then we need to check whether

Ilk+ 1

CG

'Ij-m)w-mETU(R).

(7.10)

If this is the case, we replace 'I k + l ' Uq' Reg (U q) by

'Ik+ 1 ...... w,

Uq...... TU(R) x <'11)

X .••

x <'I,),

Reg(U q ) ...... ~eg(Uq)/lml. (7.11)

If Reg( U q) does not increase any more we replace k by k + 1. This procedure has the additional advantage that we need not carry it out for each prime number p ~ q separately but only for the worst bounds (7.8) obtained for m = q. Once we have checked that our units '11' ... ' 'Ik are not powers themselves, i.e. 'Ij #- (w m (WE U(R), (E TU(R), 1 ~ m ~ q), we can even handle the tests for all k (1 ~ k < r) simultaneously by noting that the worst bounds (7.8) result for k = r - 1. This is of course due to the fact that

371

Computation of fundamental units

the method of section 3 for solving (7.8) is so efficient that larger bounds Rj,Sil <j < n) barely increase the computation time. In spite of that fact it is of course always recommendable to start with units '11' ... ' 'Ir whose conjugates are close to I in absolute value. This can usually be obtained by applying reduction to L 2(1/t), ... ,L 2(llr). M etlzod 3. Though we believe that the method just described is best suited for testing the solvability of (7.2) (mainly because of the fast procedure of section 3) we conclude this section presenting a p-adic method which is first of all of theoretical interest but also seems to be very promising from the computational viewpoint. However, to our knowledge it has not been tested numerically so far. Let PI> ... ' Ps be all odd rational prime numbers below q. (The case of 2 dividing (V(R): V,,) can be easily treated with one of the first two methods.) Then V(R) is generated by V" and those units f. of R for which some power I;h of the form Iz = ni~ I P;'" < q (l'jEl';;'o, I < i < s) belongs to V,,. Again we discuss the solvability of (7.2) starting with k = 0, i.e. we try to solve 1:( = w'" ((ETV(R), wER,m

~

2)

(7.12a)

for I: = 'II. For the coefficients e j of the presentation (7.9a) of W we obtain the bounds (7.10) with k = O. Then we determine a rational prime number

p>max{2max{Tdl
(7.12b)

such that the order lip of the prime residue class group (RlpRr is not divisible by PI' ... ' Ps. Hence, there exist positive rational integers qi (I < i < s) such that Piqi == I mod hp • If WE R solves (7.12a) for m = Pi (I < i < s), then (I:(jq, = wp,q,

== w mod pR.

(7.12c)

Because of (7.12b) we just need to compute the congruence solutions w of (7.12c) with the coefficients e,. satisfying - pI2 < e,. < pI2 (I < I' < n) for I < i < s and then check, whether one of them satisfies (7. I 2a). This has to be done for each Pi (I < i < s) and each possibility for (ETV(R). If we obtain a solution of (7.12a) in this way, then f. = I] I is replaced by w thus enlarging V~.

From now on we assume that (7.12a) has no solution. Then .Q(R)(I] :IPJ) :::> .Q(R) and the polynomial t Pi - I] I ER[t] is irreducible (I <j < s). By Tschebotareff [II] there exists a prime ideal Pi~d(R) such that (Pi - I ] I remains irreducible in Rlplt] and therefore pjl(N(p) - I). (Namely, for

pjJ(N(pj) - 1) there is qjEN subject to Pjqj == 1 mod(N(pj) - 1) and ~:= I]ii satisfies ~Pi = I]':Jqj == 1]1 mod Pj in contradiction to the irreducibility of (Pi -I]I in Rlpj[t].) Since (Rlp)X is cyclic with pjl#(RlpY and '11 is not a p}h power in (Rlp)X the order of 1]1 is divisible by Pj. Hence, for every unit I]i (I < i < r) there is precisely one rational integer Vi (0 < Vi < Pj) such that 1J~'lJi is congruent to a p}h power modulo Pj. Since this was derived for

372

Units in algebraic number fields

arbitrary j (1 ~j ~ s) we can now apply the Chinese remainder theorem to obtain units ~2"'" ~r (~i = '1I;'1i' 2 ~ i ~ r) such that <'11> x ... x = <'11> x <~2> x ... X <~r> and every element of <~2> x ... X <~r> is a pjth power modulo Pj (I ~j ~ r). Therefore every WE U(R) satisfying WPiE U q is the product of some root of unity, some power of 'll and a p}h power (PiE <~2 X ... X <~r> =: U~2). Repeating this process we finally end up with a unit group U~) with one generator. But we already considered the task of computing pjth roots of a single unit. Hence, we obtain a system of independent units inductively such that it already contains all p}h powers of units of U(R) (\ ~j ~ r), hence a system of fundamental units.

<'1r>

>

Exercises I. Use the fundamental theorem on finitely generated abelian groups and chapter 3 (2.9) to prove theorem (7.1). 2. Let R = I [ex] and ex a root of t J + t 2 - 2t - I. Compute a system of fundamental units of R starting from f. J = 2ex 2 + Sex + 2, f.2 = 2ex 2 + 3ex + 1E U(R). 3. Let F = Q(ex), CI. a root of t4 + t J - 3t 2 - t + 1. Compute a system of fundamental units for OF'

5.8. Remarks on computerization. For computing a system of fundamental units of R we need the characteristic properties of R as input data. In general we assume the knowledge of an irreducible polynomial

f(t)

= t" + a l t"-I + ... + a"E~[t],

(8.1)

represented by a l , ... , a"E~, such that F = O(R) = iQ(p) for a zero p of f. For the computations in R - especially the many norm computations of(5.23) - it is advantageous to compute the roots

(8.2) of f up to machine precision by the IMSL - subroutine ZPOLR, available at most computer centers nowadays. We order the zeros in the usual way such that

(8.3) and

P(S+I+i)

= p(S+i)

(1./'./ """ "'" t) ,

n =s + 2t .

A basis of R usually belongs to the input data, in case of R = OF it can be computed by the methods of chapter 4 within the program. In any case we

Remarks on computerization

373

assume

+ ... + ZWI/

R = ZW I

(S.4a)

for I /I Wi - --" L. mijP j - I , m j= I

(S.4b)

i.e. the knowledge of

(S.4c) The importance of having the basis reduced was already pointed out in section 5. The implementation of the methods of sections 3-7 for the computation of U(R) should be no problem. We therefore consider only a few necessary subroutines and make some remarks on potential difficulties. Addition of numbers of R is done componentwise. For multiplication, however, we need the multiplication constants Yijk of /I

wiwj =

L YijkWk'

(S.5)

k=1

To obtain them we first calculate the coefficients Pi + j.k of /I

pi+j=pipj=

L

{Ji+j,kpk-I

(S.6)

k=1

via reducing powers pm (m Pi+j.k

and for i

+j

~

~

II) by means of f(p) = O. Namely,

= bi+j,k-I

(0:::; i

Pm+ l,k = Pm,k-l fJm+ 1,1 = II, II

(S.7a)

II we compute successively {In,k= -a n+ 1 - k

for m =

+ j:::; 11- 1),

+ I, ... , 211 -

(1 :::;k:::;II),

+ Pmman+ 1-k

(2:::; k:::; II),}

f3 mm Q n,

(S.7b) (S.7c)

3. Then

/I

=

m- 2

~

/1,"=

=m- 2

m. m.J\' pll-Ip"-l

"

I

/I

k= 1

II!

I (

In

m i/lm j"p/I+ .. -2,k ) pk-l

11,"= 1

and we denote the coefficient of pk - 1 by A.ijk' From (W 1, ... , Wn) = (1, p",., pn-I )M'(l/m) we obtain (l,p, .. " pn-I) = (WI"'" wn)(M')-l m and therefore

Units in algebraic number fields

374

Mainly for the norm calculations it is useful also to know the wF) (I ~ i, j ~ n) as floating point numbers. But this can be easily done by (8.3) and (8.4b). Having stored the values of w/ j ) a norm computation of rxER via N(rx) = nj= 1 rx(j) then requires 0(n2) multiplications instead of 0(n 3 ), if we use the regular representation matrix M. of rx and compute its determinant by pure integral calculations. We note that we do not need to use complex numbers but rather work with the real numbers w/j) for I ~j ~ s D(i,j):= { RewY) for s+ I ~j~s+t (I 1m w/ J ) for s + t + I ~j ~ II.

~

i ~ n).

(8.9)

= L;'= 1rxjWj (rxjEl') becomes

Then the absolute norm of rx

(8.10) The result will be correct if the round-off errors are less than 0.5. An error estimate will be given below. The processing of the algebraic integers of (5.23) requires to compute rxlf3 for rx, f3E R, f3 i= 0, whenever the quotient belongs to R. This can be done by solving the following system of linear equations in the unknowns XI"'" XII: rx1W 1 + ...

+ rxllw" = (f3lwl + ... + f3"w = L" f3 Xj W Wj j

lI

)(x 1w 1 +

... + x"wll )

j

j.j= 1 "

=

L

k= 1

n

(Jh

L

(8.11)

f3jYijk Xj'

j.j= 1

At first we calculate a solution by floating point arithmetic. Such a solution always exists because of rxlf3EQ(R). If we assume that the coordinates of the solution vector are integers, we can check our result using integer arithmetic by just calculating the right hand side of (8.11) again. Another possibility requiring only integral arithmetic is to apply chapter 3 (3.48). For many computations - see sections 3,4,7 - a dual basis is useful. A dual basis wf, . .. , w~ of R is obtained upon solving the matrix equation (

Wi

(j))

(*(i))

I~I,J~II Wj

- I

I~I.)~II-

'"

(8.12)

Concerning the occurrence of round-off errors we just discuss the norm computation since it is most important. We assume that the zeros of J are calculated up to machine precision and therefore affected with an error e (which is less than 10- 14 for a CDC Cyber 76, for example). Then the error

375

Remarks on computerization

for the D(i, j) of (8.9) is roughly estimated by II

e

L (k -

1)lp(j)l k -

(I ~j ~ II).

2

(8.13a)

k=2

For x = ~IWl

+ ... + ~lIwIIER

the error in computing

" 1(1 L " (k - 1)lp(j)l k J j := e L i=2

2

x(j)

is at most

(I ~j ~ II).

(8.13b)

k=2

The absolute value of the norm of x (assumed to be derived from some transformation of the fundamental parallelotope) is bounded by B of (5.3). Hence, the total error in computing N(x) is roughly bounded by II

J.

J:= B j=L1 /)1' I x J

(8.13c)

It is clear that the coefficients of x must be bounded to obtain J < 0.5. On the other hand, we cannot expect to compute a unit whose coefficients are huge by single precision arithmetic. We note that the choice of a reduced basis of R usually helps to keep the coefficients of the fundamental units small.

6

The class group of algebraic number fields

6.1. Introduction The fundamental differences between the arithmetic in Q and that in finite algebraic extensions F of Q are described by the unit group VI' and the class group elF of F. While we saw in the last chapter that algebraic number fields usually contain units other than ± I (the only units of .l) we now discuss the deviation of the ring of integers OF of F from being a factorial ring. Again this is extremely important for solving non-linear Diophantine equations. As we already mentioned in chapter 4, section 5 Kummer believed that he had established a proof of Fermat's last theorem that (1.1)

is insolvable for any tnE.l ;'3, until Dirichlet pointed out to him that his proof was based on the (wrong) premise that OF is factorial for all cyclotomic fields. Kummer's struggle to save his 'proof' accelerated the beneficial development of algebraic number theory in the second half of the past century. We will demonstrate the importance of the question whether OF is factorial or not by a much simpler example. Let us consider the equation 2y 3 = x 2

+ 5 (x, YE.l).

(1.2)

It can also be written as

2y 3=(X+(-5)1)(X_(-5)1),

(1.3)

i.e. we obtain an equation in .l[( - 5)1]. Let us assume that OF = .l[( - 5)t] is a factorial ring of F = 5)1). Which consequences does this have for solving (1.3)? Let (t,1lEO F and - denote the usual complex conjugation. Obviously, 1l1(t¢>itla, and for YE.l this means 1lly¢>itly. Now assume that 1l is an irreducible element of OF and that 1l kly, 1l k+ 11 y for some kEN implying 1l 3k l(ta for a solution y, (t = x + ( - 5)1 of (1.3). If 1l = it then k must be even and we can set ji~ Y1l- k, a.~(t1l-3kI2 yielding another solution of (1.3) for which y is not

Q« -

378

The class group of algebraic number fields

divisible by n any more. For n -# ji there are integers II, I'El;'o such that nllla, jivla and J1. + v = 3k for a solution of (1.3). Hence we can replace y by yn-kji-k and a by an-Ilji-v, obtaining another solution of (1.3) for which

y is not divisible by n anymore. Hence, if(1.3) is solvable at all the assumption of OF being factorial yields the solvability of 2 = a 2 + 5b 2 which is clearly impossible. Thus either (1.3) is not solvable or l[( - 5)1] cannot be factorial. But (1.3) obviously has the solution y = 3, x = ± 7 and we shall see later that this is indeed the only solution (compare exercise 2 of section 2). Thus 0" is certainly not a factorial ring. As a kind of a substitute for the decomposition of each element into a unique power product of irreducible elements times a unit we find that in 0" every non-zero ideal is a unique power product of prime ideals. This is the concept of Dedekind rings which we developed in chapter 4, section 5. As a special case the ring of integers Of' of an algebraic number field F is considered as a Dedekind ring in section 2. The essential facts are among others that OF is factorial if and only if every ideal of OF is principal (see (1.13». If not every ideal of OF is principal then the equivalence relation on the set of all non-zero ideals of OF defined by 0-

b:ao

= {Jb

( 1.4)

for suitable a, {JEOf' \ {O} and 0, b non-zero ideals of OF yields hF > 1 equivalence classes. The number of equivalence classes is called the class /lumber of F. The number hF measures the deviation of OF from being factorial (see also (1.13», Moreover, the equivalence classes with respect to - form a finite abelian multiplicative group CIF' where the multiplication is defined on the representatives. The computation of this group (respectively its order) - via suitable representatives of the ideal classes - is the main goal of this chapter. As in the computation of the unit group Minkowski's number geometric ideas form the basis. Namely, they imply that those representatives can be chosen from a finite set of ideals 0 of OF characterized by the fact that the index (OF:O) is less than a certain bound depending only on the field degree 11 = S + 2t and the discriminant dF of F - the so-called Minkowski bound. Moreover, that finite set can be effectively constructed from the prime ideals occurring in the (unique) prime ideal factorization of POF where P runs through all rational prime numbers below the Minkowski bound. This theory is treated as part of the ideal theory of Of' in section 2. The three remaining sections deal with the task of turning that effective procedure of determining Clf' into an efficient one. Section 3 contains the fundamentals about ideal arithmetic in Of" As if-modules of finite index in OF the non-zero ideals of OF also have a l-basis, a useful fact for most computational problems concerning ideals. However, non-zero ideals 0 of OF can also be presented in the form 0 = aO F + aO F (aEN,aEo F ). This is

Introduction

379

obviously of advantage for storing ideals (only n + 1 instead of n2 respectively n(n + 1)/2 (compare chapter 3 (2.10)) - rational integers are needed for each ideal). Beyond that we develop some canonical representation of ideals by two elements which allows ideal multiplication via their generators: nb = aboF + (X/Jo F for n = aO F + (X0F'

b = bOF + {J0F'

(1.5)

Since we are dealing with the multiplicative structure of the non-zero ideals of Of' this is clearly a big advantage. It is also a great help in factoring POF' p a rational prime number, into prime ideals of OF' Section 4 discusses the task how to decide whether two given ideals are equivalent in the sense of (1.4). The well-known methods for this are indeed effective but not very efficient. We make instead use of an idea of K. Mahler which enables us to transfer the problem of determining whether kE I\J is a product of n linear forms (tantamount to the norm of a certain ideal element) to the computation of certain values of a finite number of positive definite quadratic forms via chapter 3 (3.10). (Parts of that concept were already considered in chapter 5, section 3.) A complexity analysis shows that the number of arithmetical operations needed by our new method is only about the square root of the number of operations required by the old one. Finally, in section 5 we develop an algorithm for the computation of CIF using the results of the earlier sections. The remaining difficulty is to build up CIF as a direct product of cyclic subgroups. Beginning with a finite number of generators our information is in general not complete, i.e. there can and often will exist equivalence relations between the generating ideals which are not implied by the ones we know. Testing for those relations becomes much easier by the methods of section 4 but still consumes a lot of computation time. Hence, those tests should be kept to a minimum. How to do this is the essential content of section 5. Once the class group has been established those tests become quite easy as is shown at the end of that section. From the theory of Dedekind rings developed in chapter 4, section 5 we shortly recall the following important results. Dedekind rings R were characterized in chapter 4 (5.6) as entire rings

IVhich are N oelherian and illtegrally closed and in IVhich every non-zero prime ideal is maximal;

(1.6)

ill IVhich the nOll-zero R-fracliollal ideals form a group, the so-called ideal group I R of R;

(1.7)

ill IVhich every ideal is a (unique) product of prime ideals.

(1.8)

In this chapter we denote the subgroup of I R consisting of all principal

380

The class group of algebraic number fields

ideals by HR' In case the ideal class group CI R := I R/ H R is finite its order is said to be the class number hR of R. In case of R = OF (see (2.1) we also write CIF, hf · instead of CI R , hR in general. The following useful properties of nonzero ideals a, b of a Dedekind ring R are easy consequences of (\.8). a ~ b if and only if R contains an ideal e sati.ifying a = be (\.9) (compare chapter 4 (5.2». In that case we also write b Ia, respectively b Ia a is the principal ideal aR.

gcd(a, b) = a + b.

(1.10)

n is the greatest common divisor of two principal ideals. The generating element of one of them can be chosen arbitrarily from a\{O} (compare chapter 4 (5.39)d).

(1.11)

There exist an element w of R and an ideal e of R such that b + e = Rand ne = Rw.

(1.12)

Pro(~r (~r

(1.12) Let PI'"'' P, be all prime ideals of R which divide either a or b. Then a has a presentation a = ni = I pr' (aiE~ ;'0, 1 ~ i ~ 1'), and we set

,

0i:=

n pjJ+

1

(I ~ i ~ 1').

j=l

iti

(In case I' = 1 obviously 0 1 = R.) Clearly, R = 0 1 + ... + 0, = gcd(OI'''''O,). Hence, there exist elements biEO i (I ~ i ~ r) satisfying 1 = b l + ... + b,. Also there exist elements {JiEpf'\pr'+ I (I ~ i ~ r), because of (\.8) for example. We set w:= 'Li = I{Jibi and obtain pf' II Rw because of pf' + II Rb j (I ~ j ~ r, j -:f. i) and PiX Rbi' Hence n~= I pi:klRw and Rw = ae for some ideal e of R which is not divisible by any of the Pi (I ~ i ~ r). Since b is a power product of PI'"'' P, by assumption we obtain b + e = R according to (1.10). 0 The following theorem shows that CI R and hR describe how much the structure of the Dedekind ring R deviates from a factorial ring.

Theorem The class number hR of a Dedekind ring R is one

(1.13)

if and only if R is factorial.

Proof In case hR = I, every ideal of R is principal and R is therefore a unique factorization ring. On the other hand, if R is a factorial Dedekind ring it suffices to show that every prime ideal of R is principal. Let p be a non-zero prime ideal of

The ring

381

(it·

R. Because of (\.8) there exists an element [J of p\p 2 , i.e. Rf/ ~ p, R[J $: p2. The ideal R[J has a unique presentation as a product of prime ideals, say Rf/ = Pi'" (Pi distinct prime id~als, lIIiEN, I ~ i ~ II). Reordering the Pi' if necessary, we obtain p, ~ p and therefore p, = p because of (\.6). Since R[l is not contained in p2 we must have In, = \. In the factorial ring R the element [J has a presentation as a product of irreducible elements, say [J = f. 7l~J (71j distinct irreducible elements of R, kjE N, I ~ j ~ S, SE N, cEU(R)). But then R71i(1 ~ i ~ s) isa prime ideal of R and from nj~ ,(R71i = RfJ = pn~ = 2 pi"' we obtain p = R71 j for a suitable index j (I ~.i ~ s) by (\.8).

ni'=,

nj=,

J

o 6.2. The ring

0,..

of algebraic integers as a Dedekind ring

In this section we consider the maximal order of an algebraic number field and discuss the most important consequences which follow from the fact of it being a Dedekind ring. In the sequel F always denotes an algebraic number field of degree II and OF the integral closure of 11. in F. A subring of OF which is also a free 11.-module of rank II (order of F) is denoted by R. From (\.6) it is clear that R can be a Dedekind ring only in case R = OF' Again from chapter 4 we recall (chapter 4 (5.9)): The maximal order Dedekind ring.

OF

of an algebraic lIumber field F is a

(2.1 )

We note that every (fractional) ideal of an order R of F is a free 11.-module of rank II. Hence, every order R is Noetherian and each non-zero prime ideal of R is a maximal ideal. But in case R C OF the ring R is not integrally closed and therefore J R not a group (see also exercise 4). For any non-zero R-ideal a the number of residue classes of Ria equals the absolute value of the determinant of a transition matrix from a 11.-basis of R to a 11.-basis of a (compare chapter 3 (2.9)) and is therefore finite. This plays an important role in proving that -- in case R = OF - the group J R/ H R is finite. The following definition is a special case of chapter 4 (5.44). Definition

(2.2)

Let R be all order of the algebraic lIumber field F and a a nOll-zero ideal of R. Then N(a):= #Rla is called the norm of the ideal o. As in chapter 4 the ideal norm is a natural generalization of the norm of an element. Proposition For {JE R\ {O} we have N(RfJ) = I N({J)I.

(2.3)

382

The class group

or algebraic number fields

Proof Let M pE7LII x" be the regular representation of {l with respect to a iE-basis WI"'" W" of R: (WI"'" w,,){l = (WI"'" w,,)M p. Then chapter 3 (2.9) and chapter 5 (5.5) yield #(R/RfJ) = Idet Mpl = IN(fJ)I·

o

In the most important case R = OF the ideal norm is shown to be a multiplicative function by the next two lemmata. (Compare also exercises 29-33 of chapter 4, section 5.) (2.4) Lemma Let R = OF' a a non-zero ideal of R and a, {l be arbitrary elements of R. The congruence ax == {l mod a is solvable in R if and only if P== 0 mod gcd (a, aR). If it is solvable, then it has modulo a exactly N(gcd(a, aR)) different solutions. Any solution x is uniquely determined modulo a(gcd(a,aR))-I.

Proof Let b:= gcd(a,aR) and c = ab-I. If the congruence is solvable, there is an liEa such that ax - Ii = P and b divides Rax, Rli and therefore R{l, i.e. {lEb. On the other hand, if P is in b = a + aR, then there are liEO, xER such that ax + Ii = {l, i.e. ax == (l mod a. Now let x, y be both solutions of the congruence. This implies a(x - Y)E 0= cb, hence Ra R(x - y) = cbn for some ideal n of R. Comparing the prime ideal factorizations on both sides we obtain R(x - y) £ c because of b = gcd(a, Ra). Therefore any solution x of the congruence is uniquely determined modulo C. (For YEC obviously a(x + y) == ax mod a because of aYEbc = a.) In the case of solvability of the congruence the number of modulo a incongruent solutions is equal to the number of residue classes of c/a. So, it remains to construct a bijection between c/a and R/b. For this purpose choose WE R satisfying gcd (Rw, bc) = c by (1.12). Then we map c/a = {¢w

+ al¢ER} onto Rib = {¢ + bl¢ER}

via ¢W

+ a f-4 ¢ + b.

Clearly, WEC and therefore ¢WEC for every ¢ER. On the other hand, let yEC, then ¢w == y mod a is solvable in R because of Rw + a = C. Therefore the map ¢w + a f-4 ¢ + b is independent from the representative ¢w. Namely, for ¢w + a = ~w + a we obtain (¢ - ~)wEa, hence ¢ - ~Eb because of Rw + a = C. The map is clearly bijective, hence #c/a = N(b). 0 Lemma Let a, b be non-zero ideals of R =

(2.5) OF'

Then N(ab) = N(o)N(b).

The ring

o~·

383

Proof According to (1.12) we choose WER satisfying ab + Rw = a. For r:= N(a), s:= N(b) let I " " , e,ER and 111"'" lisE R be a full set of representatives for Ria, R/b, respectively. We set 'ij:= + Wl1j (1,,;; i,,;; r, I ,,;;j";; s) and show that they form a full set of representatives for Rlab. In case of ' i j == 'kl mod ab (1 ,,;; i, k ,,;; r, I ,,;; j, I ,,;; s) we obtain successively

e

ei

ei == e mod a,

hence i

k

= k,

Wl1j == Wil, mod ab,

I1j == 111 mod b (because of (2.4)), i.e. j

= I.

ei

On the other hand, let IXE R. Then IX == mod a for some i (I ,,;; i ,,;; r), == I1W mod ab is solvable, and therefore 11 uniquely determined modulo b according to (2.4). Hence, 11 = I1j for a suitable index j (I ,,;; j ,,;; s) and IX == + wlJj mod abo 0 The last lemma enables us to prove the finiteness of I RI H R in case R = OF' In addition to OF being a Dedekind ring, we need the finiteness of 0F/a for non-zero ideals a of OF for the proof. We apply Minkowski's Convex Body Theorem chapter 3 (4.2), to the set C of chapter 3 (4.6). Namely, the Minkowski IX -

ei ei

mapping

maps OF onto an n-dimensional lattice with d(lp(OF)) = 2 -, IdFI I /2. If we restrict lp to a non-zero ideal a of 0F' we obviously obtain d(lp(a)) = 2-'N(a)ld FI I / 2 for the sublattice lp(a) by chapter 3 (3.6). Then the set S of chapter 3 (4.5) (and therefore of course C of chapter 3 (4.6)) does not contain a vector XEIR", x :I 0, such that lp - I(X) is a non-zero element of 0F' a, respectively. But the set Cs.,(A) (see chapter 3 (4.8)) for A" = (2"- S n!(2/n),d(A)) contains a non-zero XEE" because of its compactness and V(Cs,,(A)) = 2"d(A) by chapter 3 (4.2). This x satisfies IN(lp -1(x))1

=

n

n

S

j=

11-

Ix(iJl

1

(X(i)2

+ x(i+t)')

i=s+ I

I

i-.",odd

,,;;

(8)'

n' ~ ( ~.1.)/1 = n~

d(A).

Thus we have proved the following lemma. (2.7) Lemma Let a be a non-zero ideal of Of· Then a contains a non-zero element x sati.~ryillg

(4)'

n! I N(x)I";;n/l

n

N(a)ldFI 1/2 .

384

The class group of algebraic number fields

Corollary Every ideal class C of I d H f' contains an ideal

(2.8) 0

of Of' satisfying

N(o):< n! (~)'Id F 11/2 ='M "" nil 1! • F M F is called Minkowski's constant of F.

Proof Let C be any ideal class of I F/ H F and c an integral ideal of C - I. We choose XEC subject to (2.7). By (1.9) there is an integral ideal 0 (necessarily in C) satisfying xO F = oc. Hence, we obtain

N( )=!N(x)1 :
o

We note that there are better bounds than (2.8) which were obtained by analytic methods (see [14] of chapter 5). Those should be used for class group computations in number fields of degree /l ~ 4.

Corollary The class /lumber hF of F is .finite.

(2.9)

Proof Because of (2.8), OF being a Dedekind ring, and the multiplicativity of the ideal norm it suffices to show that there are at most finitely many prime ideals in OF whose norms are less than M F' Let p be a non-zero prime ideal of OF' Since odp is an additive group of order N(p) and 1!fP, we get N(p)(1 + p) = p, hence N(p) is a natural number contained in p. Obviously, N(p) ~ 2 and p occurs in the prime ideal factorjzation of N(P)OF' Therefore p divides POF for some rational prime number p and p is uniquely determined by p (see exercise 5). But this implies N(p)lp" by (2.5), hence N(p) = pI for some fEN, 1 ~ f ~ n. Again, by (2.5) there can be only finitely many prime ideals p containing POF' Since there are only finitely many prime numbers p with p ~ M F this concludes the proof. 0 For later applications we note part of the results of the last proof separately:

Lemma (2.10) Every non-zero ideal 0 of OF satisfies N(O)EO. If 0 is a prime ideal, then OF/O is a field with pI elements, where fEN, 1 ~f ~ n, and p is the unique prime number contained ill 0. We note that there are algebraic number fields for which the class number is arbitrarily large. For example, if d runs through the squarefree natural numbers the class numbers hF of the fields F = Q( - d)! satisfy limd~oo(loghF/logdt)= 1 [6]. On the other hand it is an open question, if infinitely many algebraic number fields have class number one. For real quadratic fields C.F. Gauss conjecturea that hF = 1 for infinitely many F, and

The ring

Of'

385

extensive computer calculations seem to support this conjecture. If the Minkowski constant of(2.8) is less than 2, the corresponding algebraic number field F necessarily has class number hI' = I. The following examples illustrate this.

Examples

(2.11 )

(i) Let F = Q(d!), d == 2, 3 mod 4, dE"l. square-free. Then hI' = 1, if (2!/22)(4/n)'(4Idl)l/2 < 2. For t = 0 this is fulfilled by d = 2,3, for t = I in case of d = - I, - 2. (ii) F = Q(e 2ni /S ) is totally complex of degree n = 4 = 2t. Because of chapter 2 (11.12) and chapter 4 (6.10) the discriminant is dF = 53. Hence, M I' = 15(5)1/(2n2) < 2 and hI' = I.

In order to determine hI' and IF/HI' lemma (2.8) suggests to consider the factorization of all rational prime numbers p ~ M I' into prime ideals of F. And we are about to develop the tools for this task. We start with a slightly more general situation. Namely, we consider a relative finite algebraic extension G of an algebraic number field F. The rings of algebraic integers of F, G are denoted by R, S respectively. The degree [G:F] is denoted by II, as usual. If p is a prime ideal of R, then Sp:= {L;'~ 1 SiPilsiES, PiE~l, mEN} is obviously an ideal of S. Because of (2.1) S is a Dedekind ring and there exists a prime ideal factorization Sp = \.l3';' ..... \.l3~. of Sp into a power product of prime ideals of S. Hence, we need to determine the prime ideals l.l3i' the exponents Ci and the natural number r.

Lemma

(2.12)

Let p, I.l3 be 1I01l-zero prime ideals of R, S respectively. Theil the followiny cOllditiolls are equivalellt (i) I.l3ISp, (ii) I.l3 ;2Sp, (iii) 1.l3;2 p, (iv) I.J3nR = p, (v) I.J3nF=p.

Proof The equivalence of (i) and (ii) is just (1.9). (ii)=>(iii) is obvious since 1ES and therefore Sp;2 p. (iii) => (iv): I t is clear that \.l3 n R ;2 p. On the other hand, I.l3 n R is an ideal properly contained in R. Hence, I.l3 n R = P because of the maximality of p.

386

The class group of algebraic number fields

(iv)=>(v): ~nF = (~nS)nF = ~n(SnF) = ~nR = p. (v) =>(ii): Clearly ~ 2 P and therefore ~ = S~ 2 Sp.

Definition If one of the conditions (2.12) (i)-(v) is satisfied, we say

o (2.13)

~

lies over p, or plies

under ~. The following corollary is obvious.

Corollary (2.14) Let p be a non-zero pl'ime ideal of Rand Sp = ~~, ... :~;. the prime ideal factorization of Sp in S. Then ~1"'" ~r are exactly the prime ideals of S lying over p. Definition (2.15) Let p be a non-zero prime ideal of R and ~ a prime ideal ofS such that ~eISp, ~e+ IISp. Then the exponent e = e(~lp) is called the ramification index of~ over p. The prime ideal p is called ramified in G, if there is a prime ideal ~ of S lying over p with e(~lp) > 1, otherwise unramified. For the determination of the number I' of prime ideals of S lying over a non-zero prime ideal p of R we shall need a further invariant which compares the residue class fields Rip and S/~. Since Rip is a priori not necessarily contained in S/~ we construct a natural embedding.

Lemma (2.16) Let p be a non-zero prime ideal of R and ~ a prime ideal of S lying over p. Then K: Rip -. S/~: r + pM I' + ~ is a ring-monomorphism which embeds Rip in S/~. In the sequel we can therefore identify Rip and K(Rlp)· Proof

o

Apply (2.12).

Definition (2.17) Let p be a non-zero prime ideal of R and ~ a prime ideal of S lying over p. Then f= f(~lp):= [S/~:Rlp] is called the degree of inertia of ~ over p. This definition clearly implies

Theorem Let ~, p be as in (2.17). Then N(~)

(2.18)

= #S/~ = N(p)f(·IlIPI.

The ring

387

Of'

This enables us to prove a first major result on the prime ideal factorization in S. Theorem Let p be a Iloll-zero prime ideal of R alld Sp prime ideal factorizatioll ill S. Theil

(2.19)

= 1.13~1 ' ... '1.13:'

the correspollding

r

II

=

L e;/j = L

j~'

e(l.13lp)f(l.13lp).

(2.20)

'Il2p

Proof Because of N(Sp) = N(p)e,/1 + ... +e,J, it suffices to show N(Sp) = N(p)". If hF is the class number of F, then phf' = AR for some AER. Hence, N(pS)"f' = N«pS)"f') = N(p"f'S) = N(AS)

= 1NG/O(A) 1 = INF/O(NG/F(A))I (by exercise 8 of chapter 2, section 3)

= 1NF/O(A") 1= 1NF/O(A) 1" = N(p"f')" = N(pi1f'"

which concludes the proof. 0 Having established (2.20) we need a method for constructing all prime ideals 1.13 lying over p. Before we attack this problem we shortly discuss the influence of automorphisms on ideal factorizations. Lemma Let 1.13, p as in (2.17) alld O'EAut(G/F). Then

(i) (ii) (iii) (iv)

(2.21)

0'(1.13) is a prime ideal of S, 0'(1.13);2 p, f(1.131 p) = f( 0'(1.13) 1p), e(1.131 p) = e(O'(I.13) 1pl.

Proof (i) and (ii) are obvious. For (iii) we note that 0' implies a vector space isomorphism

a: S/1.13 O'(S)/O'(I.13) = S/O'(I.13), -4

where S/I.13, S/O'(I.13) are considered as R/p vector spaces. Finally, to show (iv) we apply 0' to the factorization Sp = 1.13~t. ... '1.13:' to obtain Sp = O'(Sp) = O'(I.13,)e l . . . . ·O'(l.13r)e,. 0 In particular, for a Galois extension G/F we get

388

The class group of algebraic number fields

(2.22)

Theorem

Let G/F be a Galois extension and p a non-zero prime ideal of F. Then the Galois group H = Gal (G/F) operates trallsitively 011 the prime ideals l.l3i (I ~ i ~ 1') which lie over p. Proof We assume that there are indices I ~i<j~r such that {a(l.l3i)!aEH}n {a(l.l3 j )!aEH} = 0. By the Chinese remainder theorem, chapter 2 (2.17), we construct SES subject to s =: I mod a(l.l3i) for all aEH, s=:Omoda(l.l3 j ) for all aEH. For this element s we obtain NG/F(s)

=

n a-

l

(s)El.l3 j nR=p,

(JEll

and on the other hand NG/F(S)

= fI

a-l(s)¢~i;2 p,

ClEIl

clearly a contradiction. Hence, the assumption was false.

o

As an easy con seq uence of (2.21) and (2.22) we obtain

(2.23) Let G, F, p as in (2.22). Then the prime ideal factorization of p in S is of the form Sp = (~I· .. . ·~r)e, the ramification indices e = e(~!p), respectively the degrees of inertiaf = f(~! p) coincide for all ~ lying over p implying n = efr. Corollary

The determination of the prime ideals ~ of S lying over the non-zero prime ideal p of R is always a little complicated. The main reason for this is that we usually know G only as G = F(p) for some PES and in general there is not even a basis of S over R. Hence, we have direct access only to the ideal theory of R[p] and not of S = Cl(R, F). The transition from R[p] to S is then possible via the so-called conductor:

(2.24)

Definition

Let 0 be any order of G. Then in S.

tv:= {x EO! xS £; o} is called the conductor of 0

It is easily seen that tv is an ideal of 0 as well as of S. Also we note tv;2 mS for m:= (S:o). Before we state the general result we need two preparatory lemmata. (2.25)

Lemma

Let

0

be an order of S of conductor

tv.

Then

The ring

389

Of'

Ds:= {o ~ Sio a nOll-zero ideal of S such that 0 + 3' = S} alld Do:= {o ~ 010 a Iloll-zero ideal 40 such that 0 + 3' = o} are lIIultiplicative lIlolloids lVith callcel/atioll lalV. Proof All 0, bEDs satisfy

+ 3')(b + m= ob + 3'(0 + b + m ob + 3'S = ob + 3',

S = SS = (0 =

hence Ds is a monoid with unit clement S. Analogously we show that D. is a monoid. In Ds common factors can be divided out because of Ds ~ Is. The proof 0 of this property for Do is contained in the proof of the next lemma. Lemma Let 0 be

(2.26) all

order (!f G (!f cOllductor

3' alld Do, Ds as

ill

(2.25).

D. -> Ds: 0 M So is {lIl isomorphism with ill verse 1(-1: Ds-> Do: OM OliO. (ii) For oEDs lVe have S/o ~ 0/0 II o. (iii) Every ideal 0 (!f Do has ill 0 a unique presentation liS a product
1(:

We note that (2.26) (iii) proves the statement of (2.25) about the cancellation law for Do' Pro(if (i) For oED. we obtain S ~ K(O) + 3' = So

+ 3' =

So

+ S3' =

S(o

+ m=

So = S,

hence II.' is a homomorphism of D. into Ds. (The homomorphy of I( is obvious.) For the injectivity of K it suffices to prove 0 = So II 0 (OE Do) since then So = Sb implies 0 = b. We conclude as follows: o ~ SOIlO

= SOIl(O + m = 0 + So II 3' = 0 + So3'

(S 0 and 3' are comaximal)

= 0 + 03' =0. To prove the surjectivity of I( we choose an arbitrary oED s. Then S = 0 + 3' implies O:=OIlOEDo.1t therefore remains to show S(OIlO) = 0: 0= 00 =0(0110

+m

= 0(0110) + 3'0

The class group of algebraic number fields

390 =

o(ono) + mono)

=

(because of trO S(ono)

= trno = trn(ono) = mono»

= So. (ii) We consider the residue class mapping q>: 0 ...... S/o: n-+r + o. Because of the homomorphism theorem for rings we need to show: (a) Ker q> = 0 n 0, (b) q> is surjective. Part (a) is obvious. For (b) let r be any element of S. Because of S = 0 + !j there exist rEO and f E!j such that r = r + f· Since f is in 0 we obtain q>(f) = r + o. (iii) Let oED. and K(O) = So = oED s . Then 0 has a unique presentation of prime ideals of S:

o=

'1.'~I.

.... '1.'~'.

Since the '1.'i (1 ~ i ~ r) contain 0 they must also belong to Ds. Therefore we obtain a factorization in 0: 0 = K - 1 ('1.' ttl. .... K - 1 ('1.'r)e,. Because of (ii) all o/('1.'i n 0) are fields, hence K - 1('1.'i) = '1.'i n 0 maximal ideals of o. The presentation of i'i as product of maximal ideals is unique, since S is a Dedekind ring and K an isomorphism. 0 In the following principal theorem we obtain the prime ideals '1.' of S which lie over a non-zero prime ideal p of R from the factors of the minimal polynomial of p (G = F(p» modulo p. Theorem

(2.27)

(Decomposition of prime ideals). Let G, F be algebraic number fields with maximal orders S, R respectively. Let G = F(p), PES, andf(t)ER[t] the minimal polynomial of p. Finally, let !j denote the conductor of R[p] in S. Then the decomposition of prime ideals p of R satisfying Sp + tr = S into prime ideals of S is the following: Let ](t) = 11 (tt'· ... Ir(t)e, be the decomposition off(t) into distinct monic irreducible polynomials over Rlp[t], and let fi(t)E R[t] be distinct monic irreducible polynomials which are mapped onto J:(t) under the residue class mapping R[t] -+ Rlp[t] (1 ~ i ~ r). Then Sp has a unique presentation Sp = '1.'~' ..... '1.'~' as a power product of prime ideals in S, where

'1.'i = pS + fi(p )S, e('1.'d p) = e;, f('1.'i!p) = deg(f;) (l

~i~

r).

Proof The underlying idea is to study the prime ideals of R[p] which lie over a given non-zero prime ideal p of R subject to Sp + tr = S. The transition from R[p] to S is then via (2.26). For abbreviation we denote the images under the residue class mapping R -+ Rip, respectively, R[t] -+ R[t]/pR[t], by -, i.e.

The ring

391

OF

Li~oajtjf-+ Li~oiijti. We start by showing

(2.28a) R[p ]/pR[p] ~ R[t]/J(t)R[t]. This result is obtained by applying the ring homomorphism theorem to the mapping <1>: R[p] -4 R[t]/ J(t)R[t]: h(p) f-+ h(t) +J(t)R[t], where h is an arbitrary polynomial of R[t]. We have to show that <1> is a well-defined homomorphism, that ker <1> = pR[p] and that <1> is surjective. The latter is, of course, obvious as well as the fact that <1> is a homomorphism. To show that <1> is well defined we take hi, h2ER[t] such that hl(p) = h2(P). This implies in R[t]: hl(t) - h2(t) = q(t)f(t) + r(t) with deg(r) < deg(f) sincef was monic. The specialization tf-+ p yields r(p) = 0 and therefore r = 0 because of the irreducibility off. Applying - to the equation above we obtain in R[t]: hl(t) - h2(t) = q(t)J(t), hence <1> (hl(p)) = <1> (hAp)). To determine ker<1> let h(p)ER[p] such that <1>(h(p)) = O. This implies h(t) = ij(t)J(t) for some polynomial ij(t)E R[t], hence h(t) = q(t)f(t) + r(t) with r(t)EpR[t] in R[t]. The specialization t f-+ P then yields h(p) = r(p)EpR[p]. On the other hand, for h(p)EpR[p] we have h(t)EpR[t] and therefore h(t) = OER[t]. Because of (2.28a) it suffices to determine the prime ideals of R[t]/ J(t)R[t]. But R[t] is a principal ideal ring and the only irreducible elements of R[t] dividing J(t) are !I (t), .. . ,J,(t). Hence, /;(t)R[t] are the only prime ideals of R[t] lying over J(t)R[t] implying that /;(t)/ J(t)R(t) generate exactly the non-zero prime ideals of R[t]/ J(t)R[t] (\ ~ i ~ r). Let us denote the isomorphism of(2.28a) by <1>. Then obviously <1> - I (/;(t)/ J(t)R[t]) generate all non-zero prime ideals of R[p]/pR[p]; they are of the form fj(p)R[p ]/pR[p]' Hence, we obtain that all prime ideals of R[p] which contain p R[p] are fj(p)R[p] + pR[p] (I ~ i ~ r). Now our premise Sp + Ij = Sand (2.26) imply that all prime ideals of S lying over Sp are given by (2.28b) It remains to show

f(ll3;1 p) = deg (j~), e(Il3;1p) = ej (\

~; ~

(2.28c)

r).

(2.28d)

The proof of (2.28c) is as follows: N(p)f('llM

= IR/pl(s/'ll;R/p) = IS/ll3il = IR[p]/ll3jnR[p]1 (by (2.26)) =

I(R[p ]/pR[p ])/((ll3i n R[p] )/pR[p ])1

= I(R[t]/!(t)R[t])/(/;(t)R[t]/J(t)R[t])1 = 1R[t]//;(t)R[t] 1 = IR/pldegU;).

(by (2.28a))

The class group of algebraic number fields

392

For the proof of (2.28d) we show ei ~ e('l3ilp) at first. Namely, we have r

r

n 'l3f' = n (pS + fi(P)St' ~ pS + fl(p)e

i~

I

i~

<:;

t ...

·"i~(pt'S

I

pS

+ pR[p]S ~ pS =

r

Il 'l3ii 'l"IP) i~

I

because of f(t) - fl (t)e t •••• ·f..(t)e'EpR[t] and therefore fl(p)e t •••• 'fr(p)e'EpR[p]. On the other hand, (2.20) yields r

n=

r

L e('l3ilp)f('l3ilp) = L e('l3dp)deg(fJ

i~

I

i~

I

r

~

L eidegU;) = i~

deg(f) = n.

I

Since all constants involved are positive this implies ei = e('l3dp) for all i (I ~ i ~r). 0 Before we give some applications of this theorem let us consider how we can check for a given non-zero prime ideal p of R whether Sp + 0: = S is satisfied. A direct attack of this problem is not very promising because of the definition of 0:. However, in most cases the following lemma does the job.

Lemma Let R, S, p,

(2.29)

0:

be as ill (2.27). Then sufficient conditions for Sp

+ ~ = S are:

(a) p+RIIl=Rform=(S:R[p]),or (b) p does not divide d(f)R, d(f) the discriminant of f(t).

Proof Since the prime ideal p is also maximal (Rip is finite) it suffices to show that m = (S:R[p]) and d(f) are in 0:. Namely, this at once implies S = SR = Sp + Sk ~ Sp + S~ ~ S for kE {m, d(f)}. But III is in ty per definition. For d( f) we conclude as follows. As previously shown S <:; _1_ R[p] and this

.

d(f)

yields d(f)S <:; R[p] and therefore d(f)EO:, too. 0 As a consequence of this lemma all but a finite number of prime ideals satisfy the conditions of (2.27). From (2.27) we derive

Corollary (2.30) Let F, G, R, S, f, p as ill (2.27). lfp does not divide d(f), then p is unramified in G. Proof Because of (2.27), (2.29) it suffices to show that f(t)E R(t) remains separable in Rlp[t]. Let K be the splitting ring of f and q a prime ideal of K lying over p. We denote the residue class mapping of K[t] into Klq[t] by <1>.

The ring

393

0"

Then for J(t) = 0:'= I (t - ~i) in K[t] we obtain <1>(/) = 0:'= I (t - <1>(~i)) in K/q[t]. If there were indices i, j (l ~ i < j ~ /I) such that <1>(~i) = <1>(~), this would imply q I(~i - () and therefore q Id(/) in K. But then also d(f)Eq n F = p contrary to the premise pld(f). Hence, the <1>(0 (l ~ i ~ /I) must be pairwise 0 distinct and J therefore remains separable in R/p [t].

Example

(2.31) As a consequence of (2.28) we obtain the factorization of rational numbers p into prime ideals in quadratic fields G = Q(mt), mElL square-free. For the application of (2.27) we note that F = Q, R = lL, J(t) = t 2 - m, and

lL[mt] for S=

{

/II

== 2,3 mod 4, therefore

~

= S,

lL ['- +ml] 2for m == , mod 4, therefore

~=

2S.

We discuss several cases for p. (a) Let p divide m. Then Sp + ~ = S is satisfied. The polynomial J(t) = t 2 - m splits in lL/plL[t] into t 2 yielding pS = (mtS + psf. (b) Let m be odd and p = 2. For m == 3 mod 4 we obtain thatf(t) = t 2 - m splits in lL/plL[t] into (t + 1)2 yielding 2S = ((mt + l)S + 2S)2. However, for m == 1 mod 4 we cannot directly apply (2.27). Therefore we choose a different polynomiall(t) = t 2 - t - (m - 1)/4 for generating Gover Q. Then we obtain S = lL[p] for the root p = (l + /II t )/2 of 1 again. Now l(t) splits in lL/2lL[t] into t(t - I) for m == 1 mod 8 and remains irreducible for m == 5 mod 8, yielding 2S = {(

I +mt

2- S + 2S

t )(I-m ) --2- S + 2S

2S

for m == 1 mod8 for m == 5mod8

by (2.27). (c) Let p be odd and plm. Again (2.27) can be applied. J(t) = t 2 - m splits in lL/plL[t] into (t - n)(t + n) for m == n 2 mod p and remains irreducible if m is not a square modulo p. Hence, (2.27) yields

((n + mt)S + pS)(( - n + mt)S + pS) { pS = pS

for m == n 2 mod p for m¢(lL/plL)2 .

Using the Legendre symbol, the results (a)-(c) together yield the decomposition behavior of rational prime numbers p in quadratic number fields as follows:

Proposition (2.32) Let G = Q(m l ), 0 i= m a square-free rational integer, and dG the discriminant oJG.

The class group of algebraic number fields

394

With respect to S = CI(.£', G) the prime number p is said to be {. 1<=;>dG E(.£'lp.£')2 decomposed } { ramified G <=;>( d ) = O<=;>pld G un decomposed p - I <=;>dG¢(.£'lp.£')2. At the end of this section we consider the powers of rational prime numbers dividing the discriminant of an algebraic number field in dependence of the decomposition behavior of that prime number.

Lemma (2.33) Let G, F be algebraic number fields with maximal orders S, R respectively. Let [G:F] = nand p a non-zero prime ideal of R which decomposes in S into Sp = ~~" ... .~:r. Furthermore let {Jik (1 :::; k :::; f(~Jp), 1 :::; i :::; r) be a basis of SN\ over Rip and CtijE(~t l\~{)n(n~= l.v*i~:') (l:::;j:::; eJ Then the elements Ctij{Jik (1 :::; j :::; ei, I :::; k :::; fi = f(~d p); I :::; i :::; r) form a basis of SipS over Rip. Proof First we show (SipS: Rip) = n. Namely, if hF denotes the class number of F, then p"f = ).R for suitable AER and this implies N(pS)"f· = N(AS) = NF/O(NGIF(A»I

= INF10(A) I" = N(p)"f

ll

= INF/O(A") I

•

For an ideal p of R let Cl>ps: S --. SipS denote the corresponding residue class mapping. A subset M of S is called modulo p independent, if {Cl>ps(m)lmEM} is linearly independent over Rip. For i = 1, ... , r we choose subsets Mi = {{Ji\, ... ,{JifJ of S such that Cl>'ll,(Mi)1 = f(~d p) = fi' Then we choose YijE~t 1 \ ~{ (1 :::; j:::; e;) and determine DivES subject to

0;..= 0iv

-Yijmod~~,

=0 mod ~ii

(1 :::;v:::;r, v#i)

by the Chinese remainder theorem, chapter 2 (2.17) (1 :::; i :::; r). Then the Ctij=Oij+Yij are in (~tl\~{)n(n~=l.Vfi~~') (1 :::;j:::;e i ; 1 :::;i:::;r) and it remains to show that the Ctij{Jik (1 :::; j :::; ei, 1 :::; k :::; fi; I :::; i :::; r) are linearly independent elements of SipS over Rip. Any relation

of course implies ej

I~

I 1 kI 1 YijkCtij{Jik = 0 mod ~ii

j=

=

(1:::; i :::; r).

The ring

395

Of"

We fix the index i and carry out induction over j. f;

j = I: k

f;

L= YilklXilfJ ik == 0 mod \.l3i implies L I

YildJik == 0 mod \.l3i

k= 1

because of the choice of the a li' hence Yilk == 0 mod p because of the choice of the {Jik (I ~ k ~ fJ j~1

j - I ~ j:

~

~

L L YiKklXiK/Jik + L YijklXij/Jik == 0 mod \.l3{ with the double

K=lk=1

k=1

f,

sum being congruent 0 modulo p. Then

L YijklXij{Jik == 0 mod \.l3f

k= I f;

and

L YijdJik == 0 mod 'l3i' Yijk == 0 mod p (I ~ k ~ fi) as above.

k= I

We apply (2.33) in the case F

= 0.

o

Lemma (2.34) Let G be an algebraic number field of degree nand S = CI(.£', G). Let p be a rational prime number and a I' ... ,IX" elements of S such that the canonical images IXI, ... ,IX" of al, ... ,a" in SipS form a basis of SipS over .£'/p.£'. Then the index of the .£'-order 0 generated by IX I , ... , a" in S is not divisible by p. Proof We assume pl(S:o). Then there is {JES\O such that p{JEO and p{J = O. Hence, p{J = 'L7 = I milX i , not all mi == 0 mod p, yielding a non-trivial presentation of 0 by 1X 1 , ••. , IX" of SipS, certainly a contradiction. 0 An easy application of chapter 3 (2.9) yields

Corollary (2.35) 7he discriminants d(S), d(o) of the .£'-modules S,o of(2.34) satisfy d(o) = a 2 d(S) (aEN, pIa).

Lemma Let YI"'" y" be the elements lXijPik of (2.33) i/l the case F pkl(det(yjj))I';;',},;;,,f for k = L:r= I (e i - l)fi = n - 'Lr= .Ii'

(2.36) = 0, P = p.£'. Theil

Proof Let Yv be of the form lXij{Jik with j ;;::: 2. Then Yv is contained in every prime ideal \.l3" of G (I ~ p. ~ r). Let L be the normal extension of G/O and q be a prime ideal of L lying over p.£'. Then q n S is a prime ideal of S containing p and therefore Yv' Hence, Yv lies in all prime ideals q of L which contain p.£'. If is the extension of a O-isomorphism ¢ of G to L, then (Yv)Eq for a fixed prime ideal q of L lying over p.£' (namely, -I(Yv)E-I(q) which itself

The class group of algebraic number fields

396

is a prime ideal of L lying over pZ and therefore containing y..). Thus we obtain /I

Tr(yvY/,) =

L hv)h/.)EqnZ =

pZ.

i= 1

Therefore all rows v of the determinant det (Tr (YvY/.)I';; ,. /.,;;,,), which do not correspond to indices (ii, ik) of aJJ;y are divisible by p. 0 (2.37)

Corollary p" -~i= Ihld(S). As another corollary we again obtain (2.30).

Exercises 1. Let p be a non-zero prime ideal in OF' Prove that the least natural number contained in p is a prime number. What about the reversion? If n is a non-zero ideal of OF for which the least natural number contained in n is a prime number, is n necessarily a prime ideal? 2. Using(2.31) and the product formula of the norm show that hF = 2 for F = Q( - 5)!. Then prove that 2y 3 = x 2 + 5 has only the solutions x = ± 7, y = 3 over 71. 3. Let f(t) = L7=oQ j tn -;E7L[t] be monic and irreducible. Let p be a rational prime number such that prl an , pr+ Ifa n,pr la; (l ~; ~ 11- I) for some rEN. Let p be a zero of f and F = Q(p).

(a) Prove that for R = CI(7L, F) the ideal prR is the 11th power of an integral ideal. (b) Determine mEN maximal such that pm divides the discriminant df • of F. (Note: For r = 1 the polynomial f is an Eisenstein polynomial and therefore necessarily irreducible.) 4. Let R = 7L[2;] = 7L + 2;7L, i 2 = - I. Give straightforward proofs of (a) (b) (c) (d)

R is not integrally closed; IRis not a group; R is Noetherian, every non-zero prime ideal of R is maximal.

5. Let R be a Dedekind ring containing 71. Prove: (a) For any non-zero prime ideal p of R there is exactly one prime number p subject to p;2 Rp. (b) For U(R)n7L = {± 1} the ring R contains infinitely many prime ideals.

6.3. Ideal calculus To determine the ideal class group CI F := lo/H of. of an algebraic number field F it suffices to know a representing element of each ideal class. The appropriate choice is an integral ideal a of norm N(a) ~ M f', where M F is the Minkowski constant for F. Each such ideal a has a presentation

Ideal calculus

397

nr=

a= I pfi (pj distinct prime ideals, ejEN, 1 ~ i ~ r, rEN). Because of the multiplicativity of the ideal norm each Pi also satisfies N(Pi)~MF

(I

~i~r).

Each prime ideal Pi divides exactly one rational prime number P = P(Pi) and N(Pi) is a power of p. Hence, it suffices to consider all rational prime numbers (3.1)

such that PI = 2, P2 = 3, P3 = 5, ... , and Ps ~ M F < Ps+ t. For each Pi (I ~ i ~ s) we need the prime ideal factorization of PiOF in F: PiOF =

tI pfF

(riE N; eijE N; 1 ~j

~ ri; 1 ~ i ~ s),

(3.2)

j= I

to obtain a full set of representing elements for CI F among those ideals (3.3) satisfying (3.4)

This process will become efficient after some additional considerations with which we shall deal in section 5. One of the greatest difficulties in this context is to develop a method for testing whether two ideals are equivalent. This will be done in section 4. In this section we shall mainly be concerned with the task of developing methods permitting efficient operation with (integral) ideals. I t is clear that the abstract definition of an ideal is not useful for constructive purposes. However, we already know that the ideals a of OF can be presented in two ways:

via a 'l-basis a = 'la l + ... + 'lan,

(3.5a)

by two generating elements, one of which is arbitrary in a and usually chosen from anN (for example, N(a) will do).

(3.5b)

This was shown in the two preceding sections. Clearly, the second presentation is less storage consuming. For [F:Qi] = n the presentation of an integer of OF via a fixed integral basis W t , ••• , Wn requires n rational integers. Therefore a presentation of an integral ideal a according to (3.5b) only takes n + 1 rational integers compared to n2 (respectively n(n + 1)/2 as shown below) using (3.5a). This clearly favors (3.5b). However, fundamental problems - for example, the computation of the norm of the ideal a - can hardly be solved with this method of presentation. So we are bound to use both possibilities of representing a by rational integers. In the

398

or algebraic number fields

The class group

sequel we shall consider in detail for which problems either one of those presentations should be used. We remark that the presentation of a fractional ideal a just requires the storage of an additional positive integer b such that ba is integral. First we shall discuss ideal presentations of the form (3.Sa) in case the integral ideal a is given in the form a = aO F + ao F. We easily derive a l'-basis of a as follows. Let Ma, Ma be the regular representation matrices of a,a, respectively. The composite matrix M.:=(M a :M a )El'n x 2n is reduced into its Hermite normal form H(M.) for which the last n columns are all O. By HM. we denote the n x n matrix consisting of the first n columns of H(M .). We claim that (WI'"'' wn)H M. is a l'-basis of a, hence a can be represented by n(n + 1)/2 rational integers. To prove this we note that aWl,,,,, aw", aWl"", aw" is a system of generating elements of a over 1'. But the transformation to the 2n elements consisting of the inner products of (WI"'" w,,) with the columns of H(M.) was by a unimodular (hence invertible) matrix. Similarly we obtain a l'-basis for any ideal a given by a finite number of generators a l , ... , akEo F (kEN). Therefore we can consider integral ideals a presented by a l'-basis of the form a j = " hjjwj

L

(1 ~ i ~ n; HM. = (h jj)).

(3.6a)

j=j

Because of chapter 3 (2.9) we obtain for the norm of a n

N(a) = (oF:a) = det(HM.) =

fl h

jj •

(3.6b)

j= I

An element fJ = L'J= I bjwj of XI, ... ,XnEl' satisfying

OF

is contained in a, if and only if there are

Hence, (3.6c) where the terms on the right-hand side are computed recursively. Another useful application of that presentation is the determination of the smallest natural number x contained in a. If we choose the integral basis WI""'Wn in such a way that W,,= 1, then we have b l =b 2 = ... =b,,_1 =0 in the presentation x = biwi + ... + b"w" and (3.6c) implies that Xl = X2 = ... =X,,_I = 0 and x = b" = h""x". Hence, min anN = h"" for this choice of an integral basis

WI"'"

w" of OF'

(3.7)

399

Ideal calculus

We proceed to a 2-element presentation (3.5b) of an ideal o. Again we consider the problem to decide whether P= 'Lj= I bjWjEO F is contained in a. For a = aO F + O:0F (aEN,o: = aiw i + ... + a"wIIEo F) we have pEa, if and only if there exist elements = 'LJ= I XjWj' 11 = 'L'J= I YjWj of OF satisfying

e

P=

a¢

+ 0:11.

(3.8a)

We transform (3.8a) into a system of linear equations by setting WjWj

" = L

mjjkw k (mjjkEZ),

(3.8b)

k=1

bk/=

L" mjjka j

j=

(1 ~k,j~lI; B:=(bkj »·

I

(3.8c)

Then (3.8a) is equivalent to (3.9)

Therefore (3.8a) is solvable precisely if the system of linear congruences b== Bymoda

(3.l0a)

has a solution YEZ". For a=

n" p~i

(U,kjEN, pj distinct prime numbers, 1 ~ i ~ u),

(3.10b)

j= I

the solvability of (3. lOa) is tantamount to the one of b ==

By(i)

mod p~i

(1 ~ i ~ u).

(3.10c)

But the solutions of (3.l0c) (if there are any) are easily calculated for each i (1 ~ i ~ u) by a Gaussian type algorithm. If we indeed obtain a solution y(i) for each i, then we compute ml , ... , muEZ subject to

" m;(apj-k i ), 1= L j=

(3.lOd)

I

and thus, finally, a solution y of (3.l0a) via y = " mj(apj-k')y(i).

L

j=

(3.l0e)

I

This method has the advantage that all numbers occurring during the calculations have an absolute value bounded by a. It is especially favorable for our considerations, since the natural numbers a which have to be discussed in connection with class group computations usually contain very few prime divisors (compare section 5).

The class group of algebraic number fields

400

As already mentioned in the introduction we are first of all interested in special 2-e1ement presentations of ideals which allow to multiply the ideals in terms of their generators. Indeed, it turns out that we can present a, b by (a, a), (b, {J), respectively, such that ab is presented by (ab, af3). Let PI'" ., Pm be all prime ideals of OF dividing a, a, b, f3 such that we have presentations aO F = Ilr= 1 p{,(a), and so on. Then ab = (ab, afJ) holds if we require min (vj(a) + vj(b), vj(a) + vj(fJ), vj(a) + vj(b), vj(a) + vM1))

= min (vj(a) + vj(b), vj(a) + vMJ»

(l ~ i ~ m).

(3.11)

In the sequel we denote by P the set of all prime numbers and by P a (possibly empty) subset of P. Furthermore, let PF := {pEfFlp a prime ideal, P divides POF for some pEP}

(3.12)

be a set of prime ideals of OF' each prime ideal of PF lying over some prime number p of P. If P is finite, then there is a natural number a (a = I for P = 0) such that a is exactly divisible by the prime numbers pEP. In that case we also write P(a)

instead of P.

(3.13) (3.14)

Definition

Let P ~ P and aEfF' A couple (a, a)EN x r is called a P-normal presentation of a, if the following four conditions are satisfied: (i) a = aO F + ao F , (ii) a = IlpEPFP·p(Q) (vp(a)EZ), (iii) aO F = IlpEPf.p·p(a) (vp(a)EZ;>o), (iv) NOPE PF occurs in the prime ideal presentation of aa - 1.

This definition seems to be somewhat artificial, but the connection to (3.11) will be immediate via the following criterion. Also we note that a P-normal presentation in the sense of (3.14) need not even exist. Its existence will be proved only under additional restrictions on P (see theorem (3.21)). For example, a P-normal presentation in case of P = 0 implies a = OF' a = I and a arbitrary in OF' This also follows from Lemma (3.15) Let P ~ P and a E f F' Then (a, alE N x F x is a P-normal presentation of a, if and only if the following three conditions are satisfied: (i) a = IlpEPf. p"p(O) (vp(a)EZ), (ii) aO F = IlpEP F p"p(a) (Via)E£';>o, via) ~ vp(a» (iii) ao F = Il PEP p"p(O)Il qE(P\P)f' q"q(') (v q(a)EZ;>o) • F

401

Ideal calculus

Proof F x satisfy (i)-(iii) of the lemma. Clearly, aD F + ao p = a, and (i)-(iii) of (3.14) are fulfilled. Furthermore, aa - 1 = rIqE(I'\PI .. 'l,·,(a l, hence

"<=" Let (a, a)E N x

also (iv) of (3.14) is satisfied. "~"

According to (3.14) we at once obtain (i), (ii) of the lemma. We note that (iv) of (3.14) implies

n

aa - I =

-I

q"q(a"

I (vq(aa-I)E£').

qE(P\PI..

Because of

a = ao p + ao p = ao p + aa - 1 a = =

n PEP..

pmin(".(tll,,'.(a))

n

n

p"p(tl i

pEP..

+

n qE(I'\PI"

- I

q"q(a"

I

n

p"p(a l

PEP"

qmin(O"'q(aa - '))

qE(P\PI"

and (ii) of(3.15) already being established we must necessarily have vq(aa -I) ~ 0

0 for all qEW\P)p. We note that this criterion is not suitable for practical computations since it requires full knowledge of the prime ideal factorization of a, ao p , ao p , However, it is a very useful tool for developing ideal arithmetics in the sequel. Proposition (3.16) Let Pc;;;, IP' and a, bE I p. If (a, a), (b, {J) are P-normal presentations of a,b, respectively, then (ab, a{1) is a P-normal presentation of abo The proof is straightforward using (3.11) and (3.15) (see exercise I). A special case of multiplication is forming powers of an ideal.

Corollary (3.17) Under the premises of(3.16) the couple (alii, am) is a P-normal presentation of am (mEN). We note, however, that for any presentation a = ao p + rxo p we obtain the powers alii in the form am = amop + amo p (see exercise 2). We proceed to compute the inverse of a normally presented integral ideal.

Proposition (3.18) Let P ~ I? and aEI F be integral with P-normal presentation (a, rx). Then each

402

The class group of algebraic number fields

bE N n aOF is the product of two natural numbers c, d such that

n

cO F=

p"p(c),

and (1, da -

I)

n

dO F=

PEPf

q",(el),

qE(P\P)f'

is a P-normal presentation of a -

I,

Proof For bEN nao F we set

c:=

n

pVp(bl,

d:=

n

pVp(b)

pEP\P

PEP

and the first statement of the proposition is immediate. For a = npEPfP'P(O) obviously a -I = npEPfP -1'p(O) with - vp(a)E.£'",,0 since a was integral. Therefore

1EO F with 10 f · = OPEPFP o satisfying (ii) of (3.15). Finally, da - 10 F =

n

P - "p(O)

PEPF

n

q"

I'.(.H I'.rel )

qE(P\P),

and the exponents - via) + Vq(d) are non-negative because of dEao F. Hence, the conditions of (3.15) are satisfied, and (1, dex - I) is a P-normal presentation of a-I. 0 If the natural number a in a P-normal presentation (a, a) of an integral ideal a has specific properties, it yields the decomposition of a into a product of two ideals.

Proposition (3.19) Let a E J F be an integral ideal with P(a)-normal presentation (a, a). Any factorization a = bc (b, CE N, gcd (b, c) = I) then implies a factorization of a via a = be for b = bO F+ aOF' e = cO F + ao F, and (b, a) is a P(b)-normal presentation of b, (c, a) a P(c)-normal presentation of c. Proof The case b = 1 (or c = 1) is trivial. For b> 1, c> 1 we split the set P(a) into P(a) = P(b)u P(c) and obtain

bO F=

n pEP(h),

p,'.(h),

cO F=

n

p",.(e).

PEI'(c)f

Clearly, (b, a) and (c, a) are normal presentations of b, e, respectively, since a was integral. Also be = b n e ;2 (bc, ex) and on the other hand, obviously, be = (bc, ba, ca, ( 2 ) ~ (bc, a). 0 The normal presentations also allow us to compute quotients of suitable integral ideals very easily. This will be used later on. Let a, be non-zero integral ideals of F with P(a)-normal presentations (a, a), (a, a), respectively. Let min (&oFn N) = cd such that C = OpEP(a)PVp(C), d = OpE"\P(a)pVp(d).

a

Ideal calculus

403

According to (3.18) we have (3.20a)

(1, d& - I) is a P(a)-normal presentation of a-I, hence by (3.16) (a, IXd&- I) is a P(a)-normal presentation of

ao. - I,

and, of course,

(3.20b) (3.20c)

Before we consider the application of normal presentations to the task of factoring an ideal into prime ideals we certainly must prove the existence of such presentations under suitable conditions.

(3.21 )

Theorem Let a, bEN, IXEO F, IX i: 0, and a P(ab)-normal presentation.

= aOF + b-1IXOF

an ideal of F. Then a has a

Proof

Let aO F =

n

p,.(a),

n

bO F =

pEP(ab)F

p,.(b),

IXOF =

pEP(ab)F

n

p,.(a)

pEP(ab)F

n

q'q(a).

qE(P\P(ab))F

Firstly, we show the existence of a !(ab)-normal presentation of the integral ideal ba

= abo F + ao F =

n

pmin(,.(a) + ,.(b).,·.(a)).

pEP(ab)F

For each pEP(ab)F choose PpEP min(,.(a)+ ,.(b). ,.(a)) \

p min(v.(a) +v.(b), vp(a)) + I.

Then by the Chinese remainder theorem, chapter 2 (2.17), we obtain PEOF satisfying P == Pp mod pmin('p(a)+ v.(b)"p(a))+ I for all pEP(ab)F' hence POF =

n

pmin(I'p(a)+'p(b)"p(a))

pEP(ab)F

n

q'q(/l),

qE(P\p(ab))F

(Vq(P>EZ~o, viP> = 0 for all but a finite number of q). Therefore (ab,p) is a P(ab)-normal presentation of ba. In the second part of the proof we show that P(ab)-normal presentations (ab, P> of aboF + POF and (a, b- ' P> of aOF + b - I POF (a, bEN, PEO F, Pi: 0) are

in I-I-correspondence. Using (3.15) we obtain the following chain of equivalences: b - 1 a:= aO F + b - 1 POF has P(ab)-normal presentation (a, b -I p)

¢>vp(P> - vp(b) = vp(b-'a):>( vp(a) ¢>vp(P} = vp(a):>( vp(a)

+ vp(b)

VpEP(ab)F

VpEP(ab)F

¢>a = aboF + POF has P(ab)-normal presentation (ab, Pl.

0

We note that the underlying set P of prime numbers - P(ab) in (3.21) - has

404

The class group of algebraic number fields

to be finite for the application of the Chinese remainder theorem. Hence, P-normal presentations in the generality of definition (3.14) need not always exist. Unfortunately the proof of (3.21) is not suitable for constructive purposes, either, since it makes use of prime ideal factorizations which are difficult to obtain in general. In the sequel we therefore develop other methods of determining normal presentations of ideals. A first step into this direction is the following criterion. (3.22) Lemma Let aE N, rxEO F, II. =1= 0, and a = aO F + rxo F. Then (a, 11.) is a P(a)-normal presentation of a, if and only if

gc

d(

min(rxoFIIN»)_ - 1. gcd(mm(rxoFII N), a)

a,.

(3.23)

Proof

We note that condition (3.23) means that for every prime number p which divides a and for which pk divides min (rxOF II N) also pk divides a, i.e. the exponent of p has to be larger for a than for min (rxOFII N). Using (1.11) we obtain for m:= min (rxo FII N): mO F

=

n

n

p"p(m)

pEP(a)f'

q"q(m),

(3.24)

qE(P\P(a))F

with vp(m)

~

vp(rx),

vq(m) ~ vq(rx) ~ O.

Hence, if (3.23) is satisfied, we have 0= min (vp(a), vp(m) - min (vp(m), vp(a»)

for all pEP(a)

and therefore vp(m):S;; vp(a) because of vp(a) > 0 for all pEP(a)F' This yields vp(rx):s;; vp(a) for all pEP(a)F' and (a, 11.) is a P(a)-normal presentation of a. On the other hand, let (a, 11.) be a P(a)-normal presentation of a and let us again assume (3.24). For qE(p\P(a»F clearly via) = 0, hence min (vq(a), vq(m) - min (vq(m), vq(a») = O. To establish (3.23) it therefore remains to show that min (vp(m), vp(a» = vp(m) for all pEP(a)F' For this purpose we factorize minto m = bd such that

bOF --

n

p"p(m) ,

dO F

np

pEP(a)F

q"q(m), I

qE(P\p(a))F

and gcd(b, d) = 1. Then we obtain ado F =

n

=

pEP(a)F

"p(a)

n

q "q(m) £; 11.0 F

qE{P\P(a))F

because of vp(a) ~ vp(rx), vq(m) ~ Vq(rx). But m = min (rxo F II N) implies mlad (otherwise ad = Q(ad,m)m + R(ad,m) and R(ad,m) would be a smaller natural

Ideal calculus

405

number than m in OW F). This of course yields bla and therefore vp(m)::::; vp(a) for all pEP(a)F· 0 This criterion is very useful for a normalization procedure. Because of the second part of the proof of (3.21) it suffices to develop such a procedure for integral ideals a = aO F + (X0F (aE N, (xEO F, (X i= 0). We remark that the trivial cases a = 0 or (X = 0 have obvious normalizations: a = aOf" has the P(a)-normal presentation (a, a); a

= (x0f"

has the P(I N((X) I)-normal presentation

(3.25a)

(I N((X)I, (X).

(3.25b)

In the general case we know that a has a P(a)-normal presentation, i.e. only the generator (X must be changed appropriately. We already noted that the straightforward method of the proof of (3.21) is not to be recommended. Instead we use a probabilistic approach which turned out to be highly successful in actual calculations. To obtain an appropriate element (x' from (X such that (a, (X') is a P(a)-normal presentation of a = aOf" + (X0F it suffices to consider elements (3.26a)

e e

Hence, we just search for potential candidates among those elements of Of" whose coordinates in the given integral basis are small, i.e. we choose bounds SjEN (I::::; i::::; n) such that the coefficients of in (3.26b) satisfy

Ixd ::::; Sj

(I::::; i ::::; n).

(3.26c)

This yields the following 'heuristic' algorithm.

Algorithm for the computation of a normal presentation of an ideal

(3.27)

Input. An integral basis WI' .•• ' Wn of OF' (xEO F, aEN, bounds Sj (1 ~ i ::::; n). Output. Either a P(a)-normal presentation (a, (X') of a = ao f · + (x0f" or 'No normal presentation found'. Step 1. (Initialization). Set Vj~ - Sj - 1 (I ~ i ~ n). Step 2. (Change of v-coordinates). Set i ~ n. Step 3. (Increase vJ Set vj . - Vj + I. For vj > Sj go to 5. Step 4. (Construct (X'). Set (X' ~ (X + aI:7= I VjWj and check, whether (3.23) holds for (a, (X'). If this is the case, print solution (a, (X') and terminate. Else go to 2. Step 5. (Decrease i). For i = 1 print 'No normal presentation found' and terminate. Else set Vj ~ - Sj - I, i ~ i - I and go to 3. Remarks

The algorithm should be carried out only if (a, (X) is not yet a P(a)-normal

406

The class group of algebraic number fields

presentation. In case of (l/a)exEo F we obviously have the solution ex' = a (see (3.25a)) and should therefore not use the algorithm. The bounds Si should be less than a of course. Making use of the second part of the proof of (3.21) the algorithm can also be used to compute a normal presentation of a fractional ideal. Generally the computation of 2-element respectively 2-element-normal presentations of ideals in connection with class group computations is much easier. Namely, for those prime numbers p not dividing the index (OF:Z[P]) theorem (2.27) yields a 2-element presentation for those prime ideals p containing PDF in the form p = PDF + exo F, ex = g(p), where g(t)EZ[t] is a monic polynomial dividing the minimal polynomial of pin pZ[t]. Clearly, (p, g(p)) is a P(p)-normal presentation of p, if the ramification index e = ep of p is greater than one. For e = 1 it is still a P(p)-normal presentation in case of g(p)¢p2. The latter can be easily tested. Finally, for e = 1 and g(p)Ep2 a P(p)-normal presentation of p is given by (p, g(p) ± p). Prime numbers p subject to pl(OF:Z[P]) are somewhat more difficult to deal with. Similarly to (2.27) we obtain a factorization of PDF into ideals ai (1 ~ i ~ k) of the form ai

= PDF + fi(p)OF

(flt)EZ[t] monic and non-constant).

(3.28)

Then we need to test whether those ideals a i are prime ideals. Since the non-zero prime ideals of OF are maximal the following proposition is immediate.

Proposition For any non-zero proper ideal a of OF we have

(3.29)

(i) a is a prime ideal, if and only if a + xO F = OF for all XEO F\ a. (ii) All y, ZEO F subject to y - ZEa satisfy YOF + a = ZOF + a. (iii) YOF + a = - YOF + a for all YEO F. Because of (3.29) (ii) it suffices to check all x of a complete residue system of 0F/a in (i), whether XO F+ a = OF' and (iii) further restricts the number of elements x to be tested. A complete residue system of 0F/a is given by the elements of (compare (3.6a))

h..

-~<

2

h .. .~~ y, '" 2 '

(3.30)

This follows from the construction of H M n and chapter 3 (2.9). Because of (3.29) (iii) we can restrict possible candidates to the set R + of those elements

407

Ideal calculus

of R for which the non-vanishing coefficient of lowest index i is positive. If YOF

+ 0 = OF for all

(3.31a)

YER +,

respectively (3.31 b) then

0

is a prime ideal according to (3.29). Otherwise we obtain an element

YER+ such that

(3.32) If 0 is represented by two elements a, a, however, we still need to construct a 2-element presentation for O. As a first generator for 0 we choose ii:= P since PDF c 0 yields P = min 0 n N = min 0 n N. A second generator fi subject to a = iioF + fio F can be chosen from finitely many appropriate elements of OF (see exercise 4). Extensive calculations showed that a suitable element fi is very likely contained in the set {P=jtlkjfidPt:O,

j

= min {ilk

j

kj E{-I,O,I},

l:::;i:::;n;

kj =1

for

(3.33)

t: O} },

where fi1, ... ,fin is a Z-basis of a being calculated from the representation matrices of a, a, y. If 0 is a prime ideal lying over PDF' we obtain from its two generators ii, fi a P(p)-normal presentation as before for those prime ideals q lying over qOF for qf(0F:Z[P]). Using (3.20) it is then easy to determine the exact power m of 0 dividing PDF and to reduce the task of factoring PDF into prime ideals to the factorization of po -m. Finally, we must discuss how to multiply ideals 0 = aOF + ao F, b = bO F + PDF in P(a)-, P(b)-normal presentations, respectively, where P(a) t: P(b). Then (3.16) can be applied only after we have computed P(ab)-normal presentations for both ideals. The latter is done inductively by calculating P(aq)-normal presentations for P(a)-normally presented ideals 0= aOF + aO F and q a prime number not dividing a. For the following construction we additionally require vp(a) ~ 1 for all pEP(a)F' In the beginning, when a is a prime number, this is obviously satisfied. If no prime ideal qEIP'F subject to qlqOF divides aOF, i.e. qlN(a), then (aq,Q:) is already a P(aq)-normal presentation of o. This is because q does not divide o. In case of q IN(a) we order the set P(q)F = {q 1"'" qk, qk + 1"", qm} of prime ideals lying over qOF such that aEqj (1 :::; i :::; k), a¢qj (k + 1 :::;j:::; m). Using the P(q)-normal presentations qj = qOF + PjOF (1 :::; i :::; m) we compute (3.34)

408

The class group of algebraic number fields

and obtain (aq, a) as P(aq)-normal presentation of a. Namely, for pEP(a)F the exponents vp(a) and vp(O() are equal and the exponents vp(a) satisfy vp(a) ~ max {vp(O(), I} according to our assumption, hence aEp Vp(Q\ pVp(Q)+ 1. For 1 ~ i ~ k we have a¢qj because of PH!· ... · Pma2¢qj and, finally, for k + 1 ~j:::; m the relations O(¢qj, Pk+ !· ... ·Pma2Eqj yield &¢qj' However, during class group computations it will usually be faster to test a few elements kEf 1, 2, ... , q -l}, whether qIN(O( + ka 2 ), since in that case (a,O( + ka 2 ) as well as (aq,O( + ka 2 ) are P(aq)-normal presentations of a.

Exercises 1. Prove proposition (3.16). 2. Let a = aO F + exo F (aEN, exEO F) be an integral ideal. Show that a" = a"oF + ex"OF' 3. Compute the prime ideal decomposition of POF for those prime numbers dividing d(f) for f(t) = t 3 - m and mE {3, 5, 6, 7} by the method of this section. 4. Let a = aO F + exo F + POF be an integral ideal. Using the results of the next section determine a finite set of elements of OF which is guaranteed to contain an element Y satisfying a = aO F + YOF'

6.4. On solving norm equations II As already noted at the beginning of the preceding section one of the main subtasks for the construction of the class group of an algebraic number field F is to decide whether two given ideals are equivalent. This is tantamount to the decision, whether a given ideal a of F is a principal ideal. It is clear that it suffices to solve this taks for integral ideals since the presentations (3.Sa), (3.Sb) for fractional ideals contain bEN such that ba C OF' Therefore a always denotes a non-zero integral ideal of F in the sequel. The following criterion is quite obvious: Lemma A non-zero ideal a of OF is a principal ideal, 0( such that IN(O()I = N(a).

(4.1)

if and only if a contains an element

Proof Let o(Ea. Then O(0F £;; a and there exists a non-zero integral ideal b of OF such that ab = O(0F by (1.9). Hence, N(a) = N(o(OF) is equivalent to N(b) = 1. But the latter holds precisely for b = OF because of N(b) = (OF: b). 0 For a given non-zero integral ideal a its norm is easily calculated as det (H M.) from the presentation (3.5a) of a. Therefore the task of deciding whether a is principal is essentially the task of deciding whether an element o(Ea C OF with IN(O() I = N(a) exists. This task is in principle solved by the following theorem.

409

On solving norm equations II

Theorem (4.2) For given aE N there are only finitely many non-associate elements a of OF such that IN(a)1 = a; those can be effectively computed. Proof The existence was already shown in chapter 5 (2.3). For computation let L: OF\{O} --> IR s +I: ef--.(cllogle(l)I"",cs+,logle(S+I)I)', where c- = J

{I2

1

for :!!;.j:!!;. S otherwise '

i.e. Llu f . = LI of chapter 5 (6.\). It was shown in chapter 5, section 6 that for independent units fJ I ' " . , fJr (r = s + t - 1) of OF the vectors c:= (c I" .. , Cs+ ,)', L(fJI)" ... ,L(fJS form a basis of IR s + I • Hence, for eEO F, e #0, there are x1"",Xs+IEIR such that r

L(e) =

L xiL(fJi) +

(4.3a)

XS+IC.

i= 1

Adding up the coordinates of the vectors on both sides of (4.3a) we obtain 10giNWI =

JI cjlogleUlI = JI JI xicjlogllllj)1 + S+I

S+I (

s+t

r

=

r

L Xi L Cj log IfJi(j) I + X i=1 j=1

)

xs+lc j

8+1 S+I

L

j=1

Cj (4.3b)

We set (4.3c) such that IA;I:!!;. t (I:!!;. i:!!;. r) and then :;:'= S',l i'., -ml, • .,-mr S, ... 'Ir ,

(4.3d)

~ being associate to e, yielding

10gl~(j)1 =

t Ai log IfJi(j) I + logl nNWI

i= 1

(1:!!;.j:!!;. s + t)

(4.3e)

for conjugates of ~ because of (4.3b). Therefore the ~(j) satisfy

1~(j)l:!!;. expO

JI

1I0glfJF)11

+ 10gl:WI) =:S(j),

1~(j)1 ~ exp ( - ~ itl IloglfJi(j)11 + 10gl:WI) =:R(j)

(1:!!;.j:!!;. n).

(4.3f) (4.3g)

Hence, a complete set of non-associate solutions aEo F subject to IN(a)1 = a can be easily computed by chapter 5 (3.8), with k = a. D

410

The class group of algebraic number fields

Remarks Using the ideas of (4.2) the amount of computations for solving IN(a)1 = a strongly depends on the bounds R(j), S(j) of (4.3f, g) (1 ~ j ~ n). Hence, the absolute values of the conjugates of '71'" ., '7, should be close to I which can often be achieved by applying reduction to L('7I), ... ,L('7,). If we search for an element 0( of an ideal a solving IN(O()I = a we just need to replace the basis co I, ... , COn of OF by a ;l-basis ai' ... , an of n, i.e. we replace R=OF by R=n. The advantage of solving norm equations by chapter 5 (3.8) rather than by the old standard method described in chapter 5 (3.5-6) is very well demonstrated by the following example from [I]. Example (4.4) 4 3 Let F be generated by a root p of the polynomial f(t) = t - 32t + 154t 2 + 1632t - 44. In OF we want to solve IN(O()I = k for kE{2,25, 100,257,295,512}. In tl seconds of computation time a program using chapter 5 (3.8) could show that no solution exists, whereas the old enumeration strategy would have needed t2 seconds:

k

t2

2

100

257

512

0.362

0.851

1.545

2.541

7600

385000

963000

20000000

The new ellipsoid method found a solution for k = 25,295 in about 0.08 seconds in each case, but the box enumeration strategy did not succeed in determining one in a reasonable amount of time (28 seconds). All CPU-times refer to a CDC Cyber 76. As already mentioned in chapter 5, section 3, we shall use the rest of this section to show how the new idea for solving norm equations originated from K. Mahler's paper [3]. For his concept of ceilings we need to introduce normalized valuations on the algebraic number field F. Clearly, voo.j(x):= Ix(j)1

(I ~j ~ n) with voo .j = Voo,j+t (s + I ~j ~ s + t) (4.5)

are archimedean valuations of F. Non-archimedean valuations of Fare obtained via the prime ideals. Let p be a non-zero prime ideal of F, and for each xEF x XO F

=

n

p"p(,)

(vp(x)E;l)

(4.6)

PEP f ,

be the prime ideal factorization of XO F• Then we define v = vp for all pEiFD F via (4.7)

On solving norm equations II

411

It is easily seen that the vp are non-archimedian valuations of F. We leave this 3S exercise 2. They are normalized valuations with respect to PEiP'F' The normalization effect is expressed in the product formula:

nE91 vp(x) n voo.j(x) n

1=

(xEF X),

(4.8)

j = 1

vp

where we denoted by 91 the set of all valuations vp of (4.7) for PEiP'F' The proof of (4.8) is straightforward:

npE91 vp(x) n VOO,j(x) = pEPn N(p)-v'<X)IN(x)1 n

v

j= 1

n N(p)-"l<) n N(p)'p(x) F

=

(because of IN(x)1 = N(XOF)) =1. Having established the product formula for normalized valuations it is now easy to introduce ceilings in a similar way as K. Mahler did in his 1964 paper 'Inequalities for ideal bases in algebraic number fields' [3]. It is convenient to set m:=91u{voo)1 ~j~n}.

Definition A ceiling is a function A: m-IR> 0 with the properties

(4.9)

(i) A(V p) = N(p)-Irp (hpE:l), (ii) A(V p ) = 1 for almost all VpE91, (iii) nVE~A(V) = 1. The connection between ideals and ceilings can be easily described. For an arbitrary ceiling A we set

n n

Q;.:=

A(Voo,j),

j= 1

R;.:=

n

A(Vp)'

(4.l0a)

vpE9l

Then the foIlowing properties are immediate:

Q;.,R;.EIR>o,

Q;.R;. = 1.

(4.l0b)

If we define the ideal a;. via (4.lOc)

(hpE:l, compare (4.9) (i)), then a;. is clearly in f F and satisfies N(a;.) =

n N(p/lp) = ~ = Q;.. R;.

(4.l0d)

PEP F

On the other hand, for every ideal aEfF we have a = npEPFphp

(hpE:l)

412

The class group of algebraic number fields

and obtain a (in general infinitely many) ceiling(s) A as in (4.9), since we have the freedom of choosing the values A(V) for vEID\91 arbitrarily with (4.9) (iii) as only side condition. (But compare (4.12).) Similar to principal ideals we can define principal ceilings: Definition A ceiling A is called a principal ceiling, A(V)h = v(x) for all vElD.

if there exist xEF'

(4.11) and hEN such that

Lemma (4.12) Let F be an imaginary quadratic number field. Then every ceiling of F is principal. Proof Since F has exactly one archimedean valuation v'" the value A(V",) of any ceiling A is completely determined by A(V p ) for all PEP F because of (4.9) (iii). Let hF be the class number of F. Then for all PEP F we have p"F = XpOF for and obtain a suitable xpEFx. Hence, we set x:=

nPEPFx:·

A(Vp )"F = N(pr hFhp = v~(x)

Especially, A(V",)2hF = IxI2 by (4.9) (iii).

for all vp E91. 0

Corollary (4.13) Let F be an algebraic number field properly containing iQ and F not an imaginary quadratic field. Then there exist non-principal ceilings for F.

Ceilings have the advantage that they allow us to transform the task of deciding whether an integral ideal 0 is principal - i.e. a decision, whether the equation (4.14)

is solvable for eEO - into a decision, whether a suitable positive definite quadratic form has minimum n = [F:iQ]. Namely, let A be a ceiling of the algebraic number field F under consideration which corresponds to the ideal a in the sense of (4.lOc). For a (fixed) basis lX" ••• , lXn of a we set (4.15)

Clearly, <1>). is a positive definite quadratic form which of course depends on the parameters A(V",) (l ~j ~ n). The inequality between arithmetic and geometric means yields

Computation of the class group

413

(4.17) Theorem Let a be an integral ideal of the algebraic number field F of degree n. Then a is principal, if and only if there is a ceiling A of F such that min {).(X)IXEzn, xtoO}=n.

(4.18)

Proof We note that equality in (4.16) is tantamount to A(Voo,j) = vw)a) for a = ao F , a = I:7= I xja j (1 ~j ~ n).

D The remaining difficulty in using (4.17) constructively is of course, that <1>). depends on s + t positive real parameters A(Voo,j) (1 ~j ~ s + t). Hence, we use a discretization method developed in [2J to obtain the result of S (3.8). A complexity analysis of this method shows that the number of arithmetic operations used by the new method is at most the square root of the number of operations of the old one provided that the box to be covered is large enough.

Exercises I. Show that the vp of (4.7) are non-archimedean valuations. 2. With respect to the use of chapter 3 (3.10-12) for solving chapter 5 (3.8e) develop an appropriate order for the vectors rEZ" of 5 (3.8f-h). (Compare exercise I of chapter 5 section 3.) 3. Write a program for solving norm equations.

6.5. Computation of the class group In the two preceding sections we developed the appropriate means to attack the problem of computing the ideal class group elF = IF/HF of an algebraic number field F = iQ(p). By computing we understand the determination of

structure constants n l , ••• , nu EZ;.2(UEZ;'o) such that n;lnj+ I (1 ~ i < u) and elF is isomorphic to the direct product ofu cyclic groups enj of order nj (l ~j ~ u), and of ideals a 1 , •.. , au of IF such that Then (S.la, b) yield

n (ajH

e = (ajH F)·

(S.1a)

(S.1 b)

nj

u

elF =

j=

F ),

1

(I'; j "

uJ

(S.2)

414

The class group of algebraic number fields

By (2.8) we know that the a j can be chosen integrally with norm below the Minkowski bound:

(5.3) As was discussed already at the beginning of section 3 we generate a list PF of all rational prime numbers P subject to the restriction P :::; M F' By (2.27) - or in case of P dividing (OF:Z[P]) by the methods of section 3 - we compute the prime ideal factorization of PDF for each pEPF. This produces a second list P F of all non-zero prime ideals P of OF dividing some pEPF • Obviously, we can eliminate those P from P F of which we know that they are principal ideals or that N(p) > M F • But for practical reasons it is recommended to remove only those p from P F for which all prime ideals q dividing the same rational prime number P have N(q) > M F • Hence, we assume that we have a list P F = {PI""'PV} (VEZ;><) of prime ideals such that (i) all non-zero prime ideals P of F with N(p):::; MF are contained in P F in case P #- PDF (pEP F), (ii) whenever PEP F is divisible by a non-principal prime ideal p with N(p):::; M F, then all prime ideals dividing PDF are contained in P F. It remains to determine the ideals a j and their orders nj of (5.1) from P F (1 :::; i :::; u) in an efficient way. A straightforward attack of this problem - i.e. choosing PI from P F computing its order ord(p,H F ) in ClF, doing the same for P2 and then constructing the subgroup
P F #- 0· Firstly, we construct a class-group-matrix C = (Cij)EZ VXV which sums up our information about equivalence relations among the ideals of P F. The row index i refers to the ith prime ideal pj in IfDF and the column index j to an element PjEF x (usually an integer) for which the prime ideal decomposition of P jOF is a power product of PI' ... , Pv the exponents just being the entries Cij (1 :::; i :::; v): v

PjOF

=

n pi'j

j=

(cijEZ).

(5.4)

I

Of course we shall choose Pi = Plj(l ~j ~ k) where Plj denotes the jth prime number of P F for which all prime ideal divisors are contained in P F. Clearly,

k < v.

(5.5)

Hence there arises the subtask of computing further elements PH I"'" PvEFx

Computation of the class group

415

subject to (5.4). That will be considered separately following algorithm (5.18). Here we just note that we know how to construct elements of small absolute norm of OF (and similarly of some Pi(l ::::;; i ::::;; from chapter 5, section 5. Usually they are still at hand from the computation of independent units of F and just need to be tested whether their norm is a power product of the Pij(l ::::;;j::::;; k). Having determined PI"'" Pv and the corresponding exponents cij (1 ::::;; i,j::::;; v) we apply column reduction to C and compute its Hermite normal form H(C). Let us denote the entries of H(C) by cij' The operations carried out correspond to the construction of elements PI' P2"" of F X which are power products of the Pi (1 ::::;;j::::;; v) with exponents in lL. Clearly, is divisible at most by prime ideals Pi with i ~ j. In case C is regular we know that P divides pjOF with cjj > O. If C is not regular then H(C) contains v - w zero columns for w = rank (C). Then we will produce new elements of r of the type (5.4) and insert the corresponding exponents into the columns w + 1, ... , v of H(C). Then we replace C by H(C) and start again computing the Hermite normal form of the new matrix. Thus we finally end up with a class-group-matrix C = (cij) which is regular and in Hermite normal form, i.e. a regular lower triangular matrix. Then det(C) = I Cii is already an upper bound for hF and C contains essential information about CI F. These remarks are summarized and extended by the following theorem.

v»

Pi

/ii

PI"" ,Pv-w

nr=

Theorem

(5.6)

Let I K denote the set oj all ideals oj F which are power products oj prime ideals oj iP'F = {PI"'" Pv}. Let HK be the set of all principal ideals contained in I K· Let A be the sublattice oJ !Lv consisting oj all cElL v such that I p/;EH K • Finally, let the class-group-matrix C Jor iP' F be regular. Then we have

nr=

(i) CI F ':!!.IK/HK' (ii) IK/HK ':!!. lLv/A, (iii) hFlldet(c)I. ProoJ (i) We consider the map

(1: IF/HF--+IK/HK: aHF ...... aH K, where aE/K is chosen such that aHF = aH F • This is possible since IK contains representatives of all ideal classes of F as is guaranteed by the Minkowski bound. We must show that (1 is a group isomorphism. We start to prove that (1 is well defined. Let a, bE/F with aHF = bH F and a, bEl K such that (1(aH F) = aH K , (1(bH F) = bHK • This implies

416

The class group of algebraic number fields

aHF=aHF=bHF=bH F and ab-1EH F. But then ab-1EHFnIK=H K and

aH K = bH K follows. Now, a is clearly a surjective group homomorphism and it remains to show that it is also injective. Let a, bEIF with a(aHF) = aHK = bH K = a(bH F). We conclude that ab-1EH K ~ HF implying aHf' = aHF = bH F = bH F. (ii) We consider the map v

r: I K -+7lv /A:

fl

P/il-+(C1,,,,,cv)'+A.

i= 1

Obviously, r is a group epimorphism with kernel H K' Hence, the isomorphism theorem for groups yields IK/HK ~ 7Lv/A. (iii) The columns C 1 , ... , Cv of the class-group-matrix C generate a sublattice A of A of equal rank. Hence, A is of finite index in A and we obtain hF = (7Lv: A) = (7Lv:A)!(A :A) because of (i) and (ii). But (7Lv:A) is just the absolute value of the determinant of the transition matrix of the standard basis of 7L v to the basis of A consisting of the columns of C (chapter 3 (2.9)). We note that (7Lv:A) = det(C) if C is in Hermite normal form. D Remark (5.7) For Idet(C)1 = 1 we get hF = 1 even without having to know any units of F.

In the sequel we therefore assume C = (cij) in Hermite normal form and det(C) > 1. In this case the information contained in C will in general not be complete. Any column j (1 ";;'j";;' v) of C with eJ) = 1 is superfluous for further considerations since Cjy = 0 (1 ,,;;, v <j) and the ideal class of Pj is representable by the prime ideals Pit (J-l > j) because of PjH F = (U:=j+ 1 Pit -c.i)H F • By deleting all such columns and the corresponding rows from C we obtain a matrix RC = (bij) of much smaller dimension, say w. Again RC is in Hermite normal form and det(RC)=det(C). Let Pit, ... , Pi w be the prime ideals corresponding to the rows I, ... , w of RC and {Ji. (1 ,,;;, v,,;;, w) be the elements of F corresponding to the columns of RC. For simplicity's sake we again denote them by PI"'" Pw, {J I,,,,, {Jw in the sequel. (This corresponds to a permutation of the rows and columns of C.) Before we continue to discuss the processing of RC a simple example will illustrate our reductions. X

Example (5.8) Let F = 4Jl(p) for p2 - 243p - 1 = O. We compute dF = 59053, n = s = 2,

M F = 121.5, and obtain 36 prime ideals in PF from the prime numbers 109, 103,83, 79, 73, 67, 61, 59, 53,47,43, 37, 29, 23, 19, 11, 7, 3. For C in Hermite normal form we obtain

417

Computation of the class group

PI

0

133

* ...

*

5

0

0

0

0

*

I

I I

*

... ...

0 0 5

and thus for RC

PI P2 PI

!sOl '

P2~

where P1170 F, P2130F' Hence, hFE{1,5,25}. Next we convince ourselves that IN(~)I = 3 is not solvable in OF' Therefore the smallest power of P2 belonging to HI' is 5, p~ = ((245 + 59053 t )/2)oF' But then pi (and thus PI itself) cannot be a principal ideal and we conclude hF = 25, Clf' =

(5.9) Remark It may give a little surprise that the prime ideals dividing larger prime numbers correspond to smaller indices. This is due to the following heuristic argument. Since the norms of the Pj (I ~j ~ v) are of small absolute value it is unlikely that for prime ideals pj with N(pj) big all entries cij (I ~j ~ v) of the ith row of the class-group-matrix have a common divisor greater than one. Hence, in the Hermite normal form H(C) of C the diagonal elements in the upper left hand corner will usually be I which makes it a little easier to construct RC from H(C). Also during the computation of H(C) from C the elements of the rows of higher index tend to grow. So we will usually find the biggest diagonal entries of H(C) in the lower right-hand corner. But those entries will then correspond to prime ideals of smaller norm, therefore such tests as will be needed for the solvability of norm equations will be less time consuming. So far we have only applied column operations to the c1ass-group-matrix. From now on we also use row operations. Then the columns of the truncated cIass-group-matrix RC do not correspond to prime ideals PI"'" Pw any longer but to possibly fractional ideals 1 " " , Ow for which we keep stored the exponents of their presentations by the Pi

°

n pt;j w

OJ:=

(mijE~;

I ~ i ~ w).

(5.10)

j: I

Our goal is to transform RC into a diagonal matrix diag(nl , ... , n.) (u ~ w) such that the ideal OJ corresponding to row i is of order nj in ClF and

The class group of algebraic number fields

418

or <

CIF = ~ I aiH F). The information contained in RC will in general not be sufficient for this purpose, i.e. the Smith normal form of RC can look quite different from diag(n l , ... , nul. Thus we need to construct CIF from RC under possibly existing hidden additional side conditions. Instead of trying to exhibit all of those - which is obviously not very efficient - we use as additional information that we can decide whether a given ideal is principal or not. We note that PI , ... ,Pw should be given in P(p)-normal presentation from now on. The matrix diag(n l , ... , nJ will be constructed from RC starting in the last row. Our essential information about a w:= Pw is (5.1la) In the usual way (compare chapter 2 (5.2, 3)) we compute

ord(pwHF) = :sw

(5.11 b)

by the methods of section 4. Clearly Sw is a natural number dividing bwW" In case of I < Sw < b ww we reduce the elements bWj (j < w) of the last row of RC modulo Sw and obtain

(5.llc) Then we set (5.lld) For Sw = I we delete line w from RC, replace w by w - I and carry out (5.llb-d) anew. In this way we either get w = 0 in which case we terminate with hF= I, CI F = I, w~ I, whence we proceed. The remaining transformations of RC are done by an inductive procedure. We assume in the sequel that the lower triangular matrix RC=(bij)E(Z"Ot XW and the integral ideals al, ... ,a w corresponding to its rows satisfy after p steps (l ~ p < w): a i = Pi

(I ~ i ~ w - p)

(5.12a) p-I


ord (ajH F) = bjj

=

TI
jH F ),

(5.12b)

(w - p + 1 ~j ~ w),

(5.l2c)

j~O

tlsw- p+ 21·· ·Isw, bi) = 0 (w - p + 1 ~j ~ w, i > j). sw-p+

w-

(5.12d) (5.12e)

The computation of Sw in (5.11) is therefore tantamount to the step p = 1. In the sequel we assume I ~ P < w. In each succeeding step we then need to determine the minimal exponent m such that P:_pEGp:= 01:J
Computation of the class group

419

Hence, we search for a minimal mEN such that

n aj_jE H

p-I m Pw-p

h·

F

(S.13)

j=O

for suitable hjEl. subject to 0 ~ hj < of m are immediate:

Sw- j'

0 ~j < p. The following properties

mlb w _ p.w - P ' PW-P' P:- p, p:~-rw-prlHF' if there is an index j, 0 ~j < p, such that bw- j.w-p > 0,

n

p-I

Pbw-p.w-P w-p

abw-~.w-PEHF W-) •

(S.14a) (S.14b)

(S.14c)

j=O

As we already saw in example (S.8) the occurrence of an entry bw- j.w-P > 0 for an index j with 0 ~j < p can be of advantage. Indeed, for bw-p,w-p = mk according to (S.14a) we obtain from (S.13), (S.14c) the conditions (S.1Sa)

If the entries bw- j,w-p do not vanish for all j (0 ~j < p), those conditions usually diminish the number of possibilities for m drastically. For example, if bw-p,w-p is a prime number and there is an index j (0 ~j < p) such that bw-p,w-plsw-j, bw-j,w_p¢Omodbw_p,w-p then m is different from 1 implying m = bw-p,w-p, hv = bw-v,w-p (0 ~ v < p), as in example (S,8). For all solutions of the system of congruences (S.1Sa) we need to test (S.13) with the methods of the preceding section. Since we usually expect m = bw-p,w-p we choose the order of the candidates for m to be tested again as in chapter 2 (S.2, 3). After those tests we know a solution of (S.13) and replace column w - p of RC via (S.1Sb)

Then we apply the elementary divisor theorem to the free l.-modules M = l.P+ 1 = EBr:ll.ej and its submodule T = EBr:ll.tj given by tl =(bw-p,w-p" .. ,bw,w-p)', tj=sw_p+j_1ej (2~i~p+ 1). This means to transform the matrix A satisfying (S.l6a) into its Smith normal form by unimodular row and column operations. Hence, we compute unimodular matrices U, VEl.(p+l)x(p+l) (as well as U- 1 ) subject to UAV=diag(dl, ... ,dp+ l ) (dp+l> djEN, dMi+l> 1 ~i~p)

as shown in chapter 3. The entries

iii)

(S.l6b)

(1 ~ i,j ~ P + 1) of U- 1 are then used

420

The class group of algebraic number fields

to replace Pw-p' aw-p+1,···,aw by b1, ... ,b p + 1 via

na

p/ll.i

bi·'-

p

w-p

ll ]+ I.i

w-p+j"

(5.l6c)

j= 1

Following that we must update the matrix RC. We begin by setting (5.l7a) The new (partial) columns cj := (b w - p •j , " " bw•j )' (1 ~ i ~ w - p) are obtained from the old ones upon multiplication by U: Cj+-UC j

(1 ~i<w-p).

(5.l7b)

Afterwards the new elements bw- j.j still need to be reduced modulo Sw- j so that they again satisfy

o~ bw- j .j < Sw-j

(l ~ i < w - p, 0 ~j ~ p).

(5.17c)

The new column w - p is to contain zeros below its diagonal entry: bj.w-p+-O

(w - P < i

~ w).

(5.l7d)

For sw-p = 1 we then eliminate row w - p and column w - p from RC: bij+- bj+ l.j

for i = w - p, w - p + 1, .. , w - 1, (5.l7e)

(l ~j < w - p), b jj +- bj+ l.j+ 1

and w+-w-l,

p+-p-l.

(5.17f)

Now we have again the possibilities of bw - p •w - P being equal to or greater than one. For bw- p.w- P = 1 we carry out (5.l7e, f) anew. For bw-p,w-p > 1 we increase p by one and proceed to the next step unless w - p becomes zero in which case we terminate. If the criterion of termination w - p = 0 is obtained, the last matrix RC yields the structure of the class group of F. To get (5.la, b) we just need to replace u by wand nj by Sj (l ~ i ~ u). The class number of F is given by w

hF=

n

j=

(5.18)

Sj.

1

As stated in connection with (5.5) we still must discuss the subtask of constructing elements f3 j EF X (k + 1 ~j ~ v) subject to (5.4) which are needed to get a regular c1ass-group-matrix C. Clearly, f3 j satisfies (5.4) if and only if

Er

IN(f3j)1

=

n qmq

(mqEif),

(5.19)

q€p~

where P~ denotes the subset of P F consisting of those prime numbers p of PF the prime ideal divisors of which are in IP>F' In an initial step we consider the elements of small (absolute) norm constructed for the determination of a system of independent (or fundamental)

Computation of the class group

421

units of F. Then we compute H(C) of the class-group-matrix e by factoring the elements considered initially. Either H(C) is already regular, or we are in need of special elements PEF x divisible by certain prime ideals p of IPF which can be read off from H( C). Then we apply the process of constructing integers of F of small absolute norm of chapter 5, section 5, but with a basis n I, ... , nn ofp instead of WI"'" Wn of OF' Thus all obtained elements are at least divisible by p and we choose those which pass the norm test (5.19). The determination of a factorization (5.4) is then obtained by the methods of (4.S-1 0), respectively

(3.20c). (5.20)

Remark

Since we cannot assume that the information about elF contained in e is complete even if H(C) becomes regular it is recommended to construct a few more elements PjEF X subject to (5.4) and to check whether adding the corresponding cij of (5.4) as additional columns to e decreases det(H(C)). If this is not the case for about five consecutive P/s we would expect that the information obtained on elF is 'nearly complete' and go on to compute Re, etc. Since the development of the means for computing elF and hF took place throughout several sections (sections 1-5) of this chapter we now present a summarization of all necessary steps. The whole procedure is split into four major subtasks.

I. Input and preparations The following data are INPUT:

N - degree of the field F under consideration; F(1)(1 ~ I ~ N) - the coefficients of a generating polynomial f(t) = t N +

N

L F(1)t

N- 1

for F, i.e. F = iQI(p)

1=1

for a zero p of f. From those all other pieces of F which are needed can be either computed by subroutines or by different programs and then also be added to the input. We especially need:

ZEC N - zeros of f(t), i.e. f(Z(1))

=0

(1 ~ I ~ N);

S, TElL~o - the number of real respectively complex conjugates of F,

N=S+2T; MDEN, M ElL NxN

-

coefficients of an integral basis WI"'" 1

N

L

i.e,wI=M(1,J)pJ-I MDJ=I (compare chapter 5 (S.4b)); in general

WI>""

WN

WN

(l~I~N)

of F,

.

should be reduced;

422

The class group of algebraic number fields

dF

-

the discriminant of F;

nEc NxN - n(l,J) contains the Jth conjugate of WI (\ ~ I,J ~ N); rE"lNxNxN _ r contains the multiplication constants for N

WIWJ

=

I r(l,J, K)WK K;I

(compare chapter 5 (8.5));

EE7LR xN_ coefficients of a maximal set {e l , ... , eR} of independent (or even fundamental) units of F, i.e. N

el =

I

E(l, J)WJ

(\ ~ I ~ R; R = S + T - I);

J;I

usually we assume that the vectors Lie l ) (\ ~ I ~ R) are reduced so that the conjugates of 8 1 will be of absolute value close to 1 (see chapter 5 (6.\) and the remark after chapter 6 (4.3)). We note that Z, n can be chosen in ~N, ~N xN, respectively, if we sepffrate the real and imaginary parts of complex conjugates of p (compare chapter 5 (8.9)). To calculate the coefficients of an element of OF given as a sum of powers of p in the integral basis we also need M - I. We further stipulate the existence of subroutines for computing norms of elements and a dual basis with respect to a basis of an order or of an ideal of Of"

//. Ideal factorization The Minkowski bound MF is computed from dF,N, T ((2.8)). Then we construct a list PF of all prime numbers p ~ M F (P F can also be obtained as part of a list of sufficiently many prime numbers contained among the input data). From PF we obtain a list P F of prime ideals p as described at the beginning of this section. We list those p in their representation by two generators together with their norm, their ramification index e p and their degree of inertia fp. (Though the first generator for p will usually be the prime number p divisible by p and N(p) is therefore determined by p and f p ' the storing offp is usually easier than to compute it anew when it will be needed in the program.) We also establish a subroutine which computes a 7L-basis for an integral ideal given by two generators. This itself needs a subroutine for the computation of the Hermite normal form of a matrix. Finally, we use a subroutine for factoring polynomials in 7L/p7L[t].

I II. Computation of the class-group-matrix C The class group matrix C is computed as described in the current section. Besides the entries corresponding to prime numbers p of PF we need subroutines for: (i) determining elements of small norm in OF or some integral ideal given by its 7L-basis; (ii) checking whether some integer {3 of OF whose norm is divisible by N(a)

423

Computation of the class group

is contained in that integral ideal a (here a is some power pk of a prime ideal p, and pk is obtained from p = POF + lW F as pk = pkOF + n;koF , see exercise 2 of section 3 and of this section). I V. Computation of CIF This was discussed in detail in this section. From C in Hermite normal form we compute RC and obtain hFldet(RC). Especially we need subroutines for the computation of the Smith normal form of a matrix and for solving norm equations (compare chapter 3, section 2 and chapter 6, section 4).

Let us finally remark that not all required subroutines are mentioned in detail. For example we need a subroutine for computing the Hermite normal form of a matrix, preferably also one using modular arithmetic. Also we did not go into detail about the construction of two generators of those ideals dividing (OF:~[P]) since this was already done in section 3. Of course the principal ideal test of section 4 is needed as most important subroutine. Once we know generators a l , ... , au of CIF subject to (S.la, b) the usually difficult problem of deciding whether two given ideals a, bEIF are equivalent can easily be solved. This will be discussed in the remainder of this section. Let a be a non-zero ideal of OF with ~-basis 1X1, ••• ,lX n. Then each eEa has a representation n

e=

L XjlXj j=

(XjE~)

(S.21)

1

and

(S.22) is a positive definite quadraticform of determinant N(a)2Id FI· Let such that

e= Lt= XjlXj

Q.(i) = min {Q.(X)IXE~n, x:;i: o}.

1

(S.23)

By chapter 3 (3.34a), (3.3Sa, b) we get Q.(i)" ~ y:N(a)2Id F I

(S.24)

and the inequality between arithmetic and geometric means yields

(S.2S) implying

(S.26) for

(S.27)

424

The class group of algebraic number fields

Hence, every integral ideal 0 of IF contains an element a such that IN(a)/N(o)J is bounded by ME' a constant only depending on F but not on o. Analogously as in the beginning of this section we determine a list IP E of non-zero prime ideals VI"'" VE of OF satisfying IN(Vj)J ~ ME (1 ~ i ~ E) and then a list of presentations

VjH F =

(.Il

O/U)HF (kijE'l.;>O,0

)=1

~ kij < lIj' 1 ~j ~ u, 1 ~ i ~ E)

(5.28)

together with non-zero elements n j , ii j of OF such that (5.29) For the OJ (I ~j ~ u) we assume (5.2). Then we can easily solve the following two problems for integral ideals a, bE IF:

Procedure for determining whether 0 is principal (5.30) Compute ~EO subject to (5.23) by chapter 3 (3.15). Compute the prime ideal factorization (5.31) Then

0

is principal if and only if E

L v kij=Omodll j

(I ~j~u)

j

(5.32)

j= I

because of (5.28). In case 0 is principal there hold equations If= 1 vjkij = /ljllj with nonnegative rational integers /lj (1 ~j ~ u). Hence we obtain (

n n";

E)

n ii "; n E

10 - I -

."

j=1

-

1/

j

j=1

j=1

0

j

ku,,; --

n n- "; n a E

1/

j

j=1

j=1

o

I' J jF

by (5.29), (5.31), (5.32) and (5.2). But the latter implies o= ~

E

II

j= 1

j= I

n (nj/ii j),,; n

aj-I'Jo F

(5.33)

and establishes a generating element for o.

Procedure for deciding equivalence of two ideals 0, b. We compute aEo F, c a non-zero ideal of OF such that ob- I =a-Ic

(5.34) (5.35)

by the methods of section 3. Then the equivalence of a and b is tantamount to c being a principal ideal. This is then tested by (5.30). If the outcome of the test is positive we also obtain {lEaF subject to c = {l0F by (5.33). But then obviously

aa = pb.

(5.36)

Computation of the class group

425

We note that (5.30), (5.34) can also be applied to fractional ideals n, b since there are integers a, bEO F such that an, bb are integral. This was already pointed out at the beginning of section 3. FinalIy, it is of some interest by how much the constants M F and M Ii differ since that is a measure for the amount of computations which are necessary to establish (5.28). Since the f" can be given explicitly only for n ~ 8 we present a list for M d M F for those n.

List of ME/MF for n ~ 8 n

S

2

2 0 3

3 4

5

6

7

8

4 2 0 5 3 1 6 4 2 0 7 5 3 1 8 6 4 2 0

(5.37)

ME/MF 0 I 0 \ 0 1 2 0 1 2 0 2 3 0 2 3 0 1 2 3

4

1.15 0.9\ 1.22 0.96 1.33 1.05 0.82 1.32 1.03 0.81 1.39 1.09 0.85 0.67 1.44 1.13 0.89 0.70 1.63 1.28 1.00 0.79 0.62

The list (5.37) seems to suggest that the bounds M F and M Ii don't differ by much for small field degrees and smalI absolute values of the discriminants. Thus the folIowing result is somewhat surprising. Proposition ME/MF ...... Ofor n ...... oo.

(5.38)

426

The class group of algebraic number lields

Proof Instead of Hermite's constants (3.3Sb), and obtain

y~

we use the upper bounds of chapter 3

ME/MF ~ (nn(~ yyl2

rO

+ 2 )2- '(nl)-I.

(S.39a)

Then the application of Stirling's formula yields for n ~ SO: log (ME/M F) ~!(nlogn + slog2 - slogn) +

(~+ 2)

(~+~) 10g(~ + 2) + tlog(2n) -

t log2

- t log (2n) - (n + !) log n + n

~

= ( log

(~ + 2 ) -

+ ! log

(~ + 2 ) -

log

n) + ~ + ~ (log 2 - log

n) - t log 2

! log n - 2

n+4 1) +2(log2-logn)-tlog2+t s log =2n( log~+

0+ r 2

n

2

8) -2

n2 ~O.l92n-0.22Ss-0.7t+!log ( 8+3n+6+~

n < - 0.033n - 0.2St + log 2 - 2.

(S.39b)

We note that 10g(ME/MF) is less than -1.38, -28.78 for n = 100, 1000, ~~~

0

Thus for large n the list of prime ideals needed to establish ideal equivalence is much shorter than the one actually needed for the computation of the class group.

Exercises

n,=

1. Let a be a fractional ideal with prime ideal decomposition a = I pj} (mJeZ) and assume N(pJ) = pI} (1 ~j ~ k). Determine meN (as small as possible) such that ma is an integral ideal. 2. Let a = Zcx l + ... + Zcx n be a non-zero prime ideal of OF and WI' ... ' Wn an integral basis such that CX i = r.J= I ail»} (1 ~ i ~ n). Develop an algorithm which determines for peFx the exact power of a dividing POF. 3. Compute hF and CI F for F = Q(mt), me{ - 21, - 14,79, 223}. 4. Compute hF and CI F for F = Q(m~, me{3,5,6, 7}.

APPENDIX: NUMERICAL TABLES

1 Permutation groups 1.1 Primitive groups of degree n:::; 12 1.2 Transitive groups of degree n :::; 7 as Galois groups 1.3 Diagrams of transitive permutation groups (4:::; n :::; 7) 2 Fundamental units and class numbers 2.1 Real quadratic fields F = O(m t ), m < 300 Explanation of tables 3.1-7.1 3.1 Real cubic fields with dF < 1000 3.2 Complex cubic fields with IdFI < 300 4.1 Totally real quartic fields with dF < 5000 4.2 Quartic fields with s = 2 and IdFI < 1300 4.3 Totally complex quartic fields with dF < 600 5.1 Totally real quintic fields with dF < 102000 5.2 Quintic fields with s = 3 and IdFI < 10000 5.3 Quintic fields with s = 1 and dF < 4000 6.1 Totally real sex tic fields with dF < 1 229000 6.2 Sex tic field with s = 4 and minimum discriminant 6.3 Sextic field with s = 2 and minimum discriminant 6.4 Totally complex sex tic fields with IdFI < 23100 7.1 Totally real seventh degree field with minimal dF 8 Integral bases Permutation groups 1.1 Table o/the primitive groups 0/ degree n:::; 12 Column 1 contains the degree n and its number k with respect to the degree in the form o.k, i.e. 7.4 means the fourth primitive group of degree 7. Column 2 contains the order of the group, column 3 gives the notation or a description as used in chapter 2, section 9. In column 4 we list the transitivity t of the group followed by a letter p, if the group is t-fold primitive. Whenever the group is doubly primitive so that the subgroup fixing the last integer on which the group acts is a primitive group

Appendix: Numerical tables

428

of degree n - I, this subgroup G._I occurs in column 5 by its degree and number. A .. +" sign in the last column means that the group consists of even permutations. (Reference: Charles C. Sims, Computational methods in the study of permutation groups, in Computational Problems in Abstract Algebra (pp. 169-83), J. Leech (editor), Pergamon Press, Oxford and New York, 1970.)

degree no. 2.1 3.1 3.2 4.1 4.2 5.1 5.2 5.3 5.4 5.5 6.1 6.2 6.3 6.4 7.1 7.2 7.3 7.4 7.5 7.6 7.7 8.1 8.2 8.3 8.4 8.5 8.6 8.7 9.1 9.2 9.3 9.4 9.5 9.6 9.7 9.8 9.9 9.10 9.11 10.1 10.2 10.3 10.4 10.5 10.6 10.7 10.8 10.9 11.1

order 2 3 6 12 24 5 10 20 60 120 60

120 360 720 7 14 21 42 168 2520 5040 56 168 168 336 1344 20160 40320 36 72 72 72 144 216 432 504 1512 !'9! 9! 60

120 360 720 720 720 1440 !'IO! IO! 11

notation or description 62 91 3 63 \114 64

G._I 2 3 2p 4

2.1 3.1 3.2

Hol(C s) 91 s 6s PSL(2,5) PGL(2,5)

91 6 66 C, 0 14 Hoi (C,)n9I, Ho.l(C,) PSL(3,2)

91, 6, {z --+az + blO # aelF a, belF a} {z --+az 2" + bla, belFa,a # O,k = 0, 1,2} PSL(2,7) PGL(2,7)

Hol(C 2 x C2 x C 2) \II a 6a

{z--+az + blaelF~,beIF9} {z--+az 3" + blaelF~,beIF9,k =0,1} {z--+az + bla,belF 9 ,a # O}

(9.1, {z --+ pz 31PeIF 9\IF~} >

+ bla,belF 9 ,a #O,k =O,I}

Hol(C 3 x C3)n\l19 Hol(C 3 x C3 ) PGL(2,8)

Hoi (9.8) 91 9 69 91 s 6s PSL(2,9)

66 PGL(2,9) (PSL(2, 9), {z --+ pz3lPelF~, zeIF9u {oo} }> Hoi (PSL(2, 9»

91 10 6 10 CII

+ + +

Cs 0 10

{z--+az 3"

+

2 3p 5 2p 3 4p 6

+ 4.1 4.2 5.2 5.3 5.4 5.5

+ + + +

2 2 5p 7 2p 2p 2p 3 3 6p 8 2 2 2 2 2 3p 3p 7p 9

+ 6.3 6.4 7.1 7.3 7.3 7.4 7.5 7.6 7.7

+ + + + + + +

+ 8.1 8.2 8.6 8.7

+ + + + +

2p 2p 3 3 3 8p 10

9.1 + 9.2 + 9.3 9.4 + 9.5 9.10 + 9.11

+ (Contd.)

Appendix: Numerical tables

degree no.

order

11.2 11.3 11.4 11.5 11.6 11.7 11.8 12.1 12.2 12.3 12.4 12.5 12.6

22 55 110 660 7920 t·ll! II! 660 1320 7920 95040 t·12! 12!

429

notation or description

Gn - I

+

D22

Hol(CII)n~11

+

Hol(C II )

2

PSL(2,11)

2p

MIl

4

~II

6

9p

II

11

PSL(2,11) PGL(2,11)

2p

Mil Mil

3p

3 5

~12

lOp

6 12

12

10.1 10.6 10.8 10.9 11.3 11.4 11.5 11.6 11.7 11.8

+ + + + + + +

1.2 Table of transitille permutation groups of degree n ~ 7 as Galois groups As in Table 1.1 we list in columns 1-3 the degree, the order and the notation of the groups, respectively. Column 4 contains the corresponding indicator function which is used to determine for a given monic irreducible polynomial of Z[t] of that degree, whether its Galois group is contained in the group of that row (compare chapter 2, section 10). An example of a suitable polynomial !(t)eZ[t] whose Galois group is exactly the one of column 3 is given in column 5. Finally, column 6 contains the discriminant of that polynomial. For the computation of the Galois group of a given monic irreducible nth degree polynomial!(t)eZ[t] (3 ~ n ~ 7) using Table 1.2 we refer to chapter 2, section 10. For the choice of the appropriate indicator function Table 1.3 is useful. (References: L. Soicher & J. McKay, Computing Galois groups over the rationals, J. Number Theory, 20 (1985),273-81. R.P. Stauduhar, The determination of Galois groups, Math. Camp., 27 (1973), 981-96,) 1.3 Diagrams of transitille permutation groups of degree 4 ~ n ~ 7

0." .. 4

0." .. S

0." .. 1

e'I\~~'

0." .. 6

DIN c.

!lJ4 Hol(C,1

C, C,

DIl C,

degree 3 4

5

6

order 3 6 4 4 8 12 24 5 10 20 60 120 6 6 12 12 18 24

notation

indicator function

polynomial of discriminant

21 3 63 C4 !ll4

d(f) XIX~ + X2X~ +

D8

X I X3

21 4 64 Cs

d(f)

+

xs)(xs -

X 6 )(X 6 -

x 6 )(X S -

X6 -XI -

X6)

X6 -

X2)

t 6 _ 4t 2 -1 26229 2 t 6 _ 3t S + 6t4 - 7t 3 + 2t 2 + t - 4 229 3

x3xi

+

x 4xI

x3xi

+

X4X;

X 2X 4

XIX~ + X2X~ +

+

xsxi

DIO

Hol(C s) 21s 6s C6 63

(X I X 2

DI2

X I X4

21 4 G I8 64f'«(12).(34»

(XI -

+

X2X3

2l~ x C2 64f'C4

+

X3X4

+

X 4 X S + XSXI -

XIX3 -

X2XS -

XSX2 -

d(f) XIX~ + X I X4

(XI

+

+ ' X 2X6 + + X 2X S + X2X;

X 2 )(X2 x 2 -

X (x I -

24 24

+ (X4 -

X 4 -xs -

t 3 + t 2 - 2t-1 t 3 +2 t4 + t 3 + t 2 + t + I t4 + 1 t4 _ 2 t4 + 8t + 12 t4+t+ I t S + t4 _ 4t 3 - 3t 2 + 3t + I t S - 5t + 12 t S +2 t S +20t + 16 t S -t+ 1 t 6 + t S + t4 + t 3 + t 2 + t + 1 t 6 + 108 t6 + 2 t 6 -3t 2 -1 t 6 + 3t3 + 3 t 6 _ 3t 2 + I

(XI

+

X2 -

+ X4X~ +

X3X;

+ X6X~

X3X 6 X 3 )(X3 -

X3 - X4 )(X3 X 2 )(X3 X3 -

xsxI

X3 X S

XI)

+

x 4 )(xs -

X 4 )(X3

+

X4 -

x 4)

x 6) Xs -

x 6 )(X S

+

XI -

X 2X 4 -

x 4 xtl 2

72 _223 3 53 28 -211 2 12 34 229 114 2 12 56 24 5s 2 16 56 19-151 _7s

_2 16 3 21 _2113 6 2638 -3 11 _2 638

6

36 36 48 60

G~6 G~6 G. 8 PSU.2,5)

72 120

Gn PGU.2,5)

(x t x

360 720 7

~6

d(f)

14 21 42

Dt•

X2)(X 2 - X3)(X 3 t x 2 + X3X. + XSX6

(x t x

168 2520 5040

xs)(xs - x 6)(X6 - x.)

+ X.X SX6 2 + X3 XS + x.X 6)(X t X3 + x.xs + X2X6)(X 3X. + x (xtX S + x 2x. + X3X6)(X t X. + X2X 3 + XSx 6)

X t X 2X 3 x

7

xt)(x. -

tx 6

+ x 2XS)

66 C7 x tx

2 + X2X3 + x 3x. + x.xs

+ xSX6 + X6X7 + X7Xt

Hol(C7)("\~7 Hol(C 7)

PSL(3,2) ~7

67

+ X t X 2X 6 + x t x 3 x. + X t X 3 X 7 + x t XSx 6 + Xt XSX7 + X2X3XS + X2X3X7 + X2X.XS + X2X6X7 + X3X.X6 + X3XSX6 + X4 XSX7 + X.X 6X7 X t X 2X. + X t X 3X 7 + x t X Sx 6 + X2X3XS + X2X6X7 + X3X.X6 + X.XSX7 X t X 2X.

d(f)

t 6 +2t 3 -2 t 6 + 6t· + 2t 3 + 9t 2 + 6t - 4 t 6 +2t 2 +2 t 6 + lOtS + 55t· + 14Ot 3 + 175t 2 + 170t + 25 t 6 + 2t· + 2t 3 + t 2 + 2t + 2 t 6 + lOtS + 55t· + 14Ot 3 + 175t 2 - 3019t + 25 t 6 + 24t-20 t 6 + t+ 1 t 7 + t 6 - 12t S -7t· + 28t 3 +14t 2 -9t+ 1 t 7 + 7t 3 + 7t 2 + 7t - 1 t 7 -14t S + 56t 3 - 56t + 22 t7 + 2

2 8 39 2 t 03 6 5· _2 tt 5 272 2 36 58

t 7 -7t 3 + 14t 2 -7t + 1 t 7 +7t·+14t+3 t 7 + t+ 1

7 8 17 2 36 78 - 11·239· 331

-2 8 733 5 2°19 3 5 2 °19 3 151 3 2 t6 36 56 -101·431 17 229 6 _3 6 79 26 7 tO _2 6 7 7

432

Appendix: Numerical tables Fundamental units and class numbers

2.1 Fundamental units e > 1 and class numbers h of real quadratic number fields F= Q(m t ), m <300 Column I contains the discriminant d F of F which is III in case III == I mod4, 4m otherwise. Column 2 gives the coefficients a, b, cEN of the fundamental unit e = (a of F, c being listed only for c

+ bmt)/c > 1

> I.

Column 3 contains the class number h of F and column 4 the structure of the class group CI F , if h is greater than one and CI F not cyclic.

fundamental unit e + bmt)/c c listed only if c i' I

discriminant df · dF =m or d F =4m

a, b, c of e = (a

4·2 4·3 5 4·6 4·7 4·\0 4·11 13 4'14 4·15 17 4-19 21 4·22 4·23 4·26 29 4'30 4·31 33 4·34 4·35 37 4·38 4'39 41 4·42 4·43 4·46 4·47 4·51 53 4·55 57 4·58 4·59 61 4·62 65 4·66

I 2 I 5 8 3 10 3 15 4 4 170 5 197 24 5 5 II 1520 23 35 6 6 37 25 32 13 3482 24335 48 50 7 89 151 99 530 39 63 8 65

class number II I I I 2 3 I 3 I 4 I I 39 I 42 5 1 1 2 273 4 6 I I 6 4 5 2 531 3588 7 7 I 12 20 13 69 5 8 I 8

2

2

2

2

2

type of class group if not cyclic

I I I I I 2 I I 1 2 I I 1 I 1 2 I 2 I I 2 2 1 1 2 I 2 I 1 1 2 I

2

2

I 2 1 1 I 2 2

(Contd.)

Appendix: Numerical tables

discriminant d,. df - = III or df =4111 4-67 69 4-70 4-71 73 4-74 77 4-78 4-79 4-82 4-83 85 4-86 4-87 89 4-91 93 4-94 4-95 97 101 4-102 4-103 105 4-106 4-107 109 4-110 4-111 113 4-114 4-115 4-118 4-119 4-122 4-123 4-127 129 4-130 4-131 133 4-134 137 4-138 4-139 141 4-142 4-143 145 4-146 149 4-151 4-154 4-155 157

fundamental unit a, b, c of E = (a

E

+ bllll)/c

class number II

c listed only if c of. I 48842 25 251 3480 1068 43 9 53 80 9 82 9 10405 28 500 1574 29 2143295 39 5604

433

10

5967 3 30 413 125 5 1 6 9 1 9 1 1122 3 53 165 3 221064 4 569 1

101 227528 41 4005 962 261 21 295 776 1025 1126 306917 120 11 122 4730624 16855 57 10610 173 145925 1744 47 77 563 250 95 143 12 12 145 61 1728148040 21295 249 213

22419 4 389 93 25 2 28 73 96 105 28254 11 1 11 419775 1484 5 927 15 12606 149 4 6578829 8 12 1 1 12 5 140634693 1716 20 17

2

2

2

2

10

2

2

2

2

1 1 2 1 1 2 1 2 3 4 1 2 1 2 1 2 1 1 2 1 1 2 1 2 2 1 1 2 2 1 2 2 1 2 2 2 1 1 4 1 1 1 1 2 1 1 3 2 4 2 1 1 2 2 1

type of class group if not cyclic

C2

X

C2

(Contd.)

434

discriminant dF dF=m or

dF=4m 4·158 4·159 161 4·163 165 4·166 4·167 4·170 173 4·174 177 4·178 4·179 181 4·182 4·183 185 4·186 4·187 4·190 4'191 193 4'194 4·195 197 4'199 201 4·202 4·203 205 4·206 209 4·210 4·211 213 4·214 4·215 217 4·218 4·219 221 4·222 4·223 4·226 4·227 229 4·230 4·231 233 4·235 237 4·238 4·239 241 4·246

Appendix: Numerical tables

fundamental unit e a, b, c of e = (a + bmt)jc c listed only if c '# I 7743 1324 II 775 64080026 13 1700902565 168 13 13 1451 62423 1601 4190210 1305 27 487 68 7501 1682 52021 8994000 1764132 195 14 14 16266196520 515095 3141 57 43 59535 46551 29 278354373650 73 695359189925 44 3844063 251 74 15 149 224 15 226 15 91 76 23156 46 77 11663 6195120 71011068 88805

616 105 928 5019135 I 132015642 13 I I 110 4692 120 313191 97 2 36 5 550 123 3774 650783 126985 14 I I 1153080099 36332 221 4 3 4148 3220 2 19162705353 5 47533775646 3 260952 17 5 I 10 15 I 15 I 6 5 1517 3 5 756 400729 4574225 5662

class number h

2

2

2

2

2

2

2

2

I 2 I I 2 I I 4 I 2 I 2 I I 2 2 2 2 2 2 I I 2 4 I I I 2 2 2 I I 4 I I I 2 I 2 4 2 2 3 8 I 3 2 4 I 6 I 2 I I 2

type of class group if not cyclic

C2

X

C2

C2

X

C2

C2

X

C2

C2

X

C2

•

(Contd.)

435

Appendix: Numerical tables

discriminant dF dF=m or dF=4m 4·247 249 4·251 253 4·254 4·255 257 4·258 4·259 4·262 4·263 265 4·266 4·267 269 4·271 273 4·274 277 4·278 281 4·282 4·283 285 4·286 4·287 4·290 4·291 293 4·295 4·298 4·299

fundamental unit E a, b, c of e = (a + bmi)/c c listed only if c oF I 85292 8553815 3674890 1861 255 16 16 257 847225 104980517 139128 6072 685 2402 82 115974983600 727 1407 2613 2501 1063532 2351 138274082 17 561835 288 17 290 17 2024999 409557 415

5427 542076 231957 117 16 1 1 16 52644 6485718 8579 373 42 147 5 7044978537 44 85 157 150 63445 140 8219541 I 33222 17 1 17 I 117900 23725 24

class number h

2

2

2

2

2 I I I 3 4 3 2 2 1 I 2 2 2 1 1 2 4 1 1 1 2 1 2 2 2 4 4 1 2 2 2

type of class group if not cyclic

C2

X

C2

C2

X

C2

3.1-7.1. Tables of fundamental units and class numbers of algebraic number fields F of small absolute discriminant and degree n = s + 2t, 3 ~ n ~ 7 Column 1 contains the discriminant of F. Column 2 contains the coefficients a(l), ... , a(n) of a generating polynomial f(t) = t n + Li':J a(n - i)t!, i.e. F = O(p) for a zero pEe of f(t). Column 3 contains a pairwise reduced d::-basis WI'.'" Wn of OF = CI(d::, F). The Wi are given as O-linear combinations of I, p, ... , pn-I. Column 4 contains the coefficients of the r = s + t - 1 fundamental units of F with respect to their presentation by Wi' ... ' Wn> i.e. one row of entries e(l), ... , e(n) represents the fundamental unit e = e(l)w I + ... + e(n)wn' Column 5 contains the regulator of F rounded to two decimal places. The class numbers of all those fields are one except for the complex cubic field of discriminant - 283 which has hF = 2. Therefore the class number hF is not listed separately. For fourth degree fields the Galois groups are also listed in an additional column.

436

Appendix: Numerical tables

3.1 Table of fundamental units of totally real cubic fields with d F < /000 coelT. of gen. polyn. discriminant dF

two fund. units

a(i).i=I ..... 3

in!. basis

e(i).i= 1, ... ,3

49

1.-2.-1

81

0.-3.1

I,p. _2+p2 I.p, _ 2 + p + p2 I,p. - 2 + 2p + p2 I.p, _ 3 + p + p2 I,p. -3 + p2 I,p, _I + 3p + p2 I.p, -3 + p2 I,p, _ 3 + p + p2

0.53 0.1.0 1.1.0 0,1,0 0.85 -1.1.0 0,1.0 1.66 4.2.1 0,1.0 1.37 -1,1.0 2.36 0.1.0 2.1,0 1.97 0,1,0 -1,1,0 -2,1,1 3.91 -26,11,21 0.1,0 2.57 0,-1,1 0,1,0 1.95 1.1,0 0,1,0 3.76 2,-2,1 0,1,0 3.85 10,3,4 2.84 0.1,0 -2,1,0 -8,2.5 5.40 -3,1,0 1,0,2 6.09 1,1.-1 -1,1,0 5.40 9,2,-4 0,1,0 2.71 -1,1,0 0,1,0 5.31 8,-4,3 1,0,-1 5.69 17, - 3,-9 0,1,0 3.53 3,1,0 0,1,0 4.10 -1,1,1 2,-1,0 5.99 9,2,-4 0,1,0 6.80 21,14,6 35,-8,9 8.32 -7,2,2 14,4,3 8.91 10,2,- 5 11,6,4 12.18 5345.1244, - 3162 0,1,0 3.72 3,1,0 1,0,-1 5.55 -9,2,4

148

3,-1.-1

169

1,-4.1

229

0,-4.1

257

3.-2,-1

316

1,-4,-2

321

1,-4,-1

361

-2,- 5,-1

I,p, - 3 - 2p + p2

404

1,-5,1

I.p,

469

4,-2,-1

473

0,- 5,1

564

-2,-4,2

568

1,-6.2

621

3. - 3,-2

697

3,-4,-1

733

-2.-6,-1

756

0,-6,2

761

1,-6,1

785

-2,- 5,1

788

1,-7,3

837

0,-6,1

892

- 2, -7. - 2

940

3,-4,-2

961

-2,-9,2

985

1,-6.-1

993

1,-6,-3

_ 3 + p + p2 I.p, - I +4p+p2 I,p. -3 + p2 I,p, - 3 - 2p + p2 I,p, -4 + 2p + p2 I,p, - 2 + 3p + p2 I,p, - 3 + 3p + p2 I.p, -4 - 2p + p2 I,p. -4+ p2 I,p, -4 + p + p2 I,p. - 3 - 2p + p2 I,p, -4 + 2p + p2 I,p, -4 +p2 I,p, -4 - 3p + p2 I,p, - 3 + 3p + p2 I,p, t(- 6 - p + p2) I,p, -4 +p+p2 I,p, -4 +p2

RF

437

Appendix: Numerical tables

3.2 Table of fundamental units of complex cubic fields with Id,,1 < 300

discriminant d•.

coefT. of gen. pol yn. a(i).i= 1•...• 3

-23

0.-1.1

- 31

0.1.1

-44

1.-1.1

-59

0.2.1

-76

3.1.1

-83

1.1.2

-87

-2.-1.-1

-104

3.2.2

-107

1.3.2

-108

0.0.2

-116

1.0.2

-135

3.0.1

-139

4.6.1

-140

0.2.2

-152

4.3.2

-172

-2.0.-2

-175

1.2.3

-199

4.1.1

-200

1.2.-2

-204

1.1.3

-211

3.1.2

-212

1.4.2

-216

0.3.2

-231

1.0.-3

-239

3.2.3

-243

3.3,4

-244

-5,4. -2

I fund. unit

in!. basis

e(i).i= 1•...• 3

R •.

I.p. -I + p2 I.p. p2 I.p. -I +p +p2 I.p. 1 +p2 I.p. -I + 2p + p2 I.p. p+p2 I.p. -1- 2p + p2 I.p. 2p+ p2 I.p. I +p2 I.p. p2 I.p. p+ p2 I.p. - 2 + 2p + p2 I.p. 1+ 2p + p2 I.p. I +p2 I.p. - 2 + 2p + p2 I.p. -2p + p2 I.p. p2 I.p. -I + 3p + p2 I.p. p2 I.p. p2 I.p. _I + 2p + p2 I.p. 2 + p + p2 I.p. p2 I.p. p2 I.p. 2p+p2 I.p. 2p+ p2 I.p. 1-4p + p2

0.1.0

0.28

0.1.0

0.38

0.1.0

0.61

0.1.0

0.79

0.1.0

1.02

1.1.0

1.04

0.1.0

0.93

1.-1.1

1.58

1.1.0

1.26

1.-1.1

1.35

1.-2.1

1.72

0.1.0

1.13

0.1.0

1.66

1.1.0

1.47

1.1.1

2.13

1.0.-1

1.88

1.1.0

1.29

0.1.0

1.34

-1.1.1

2.60

-1.1.1

2.35

3.1.0

2.24

7. - 2,4

2.71

1.1.-1

3.02

2.2.1

1.75

1.1.1

2.10

1.0.-1

2.52

5.-2.2

3.30

(Contd.)

438

Appendix: Numerical tables

3.2 (Contd.), coefT. of gen. polyn.

I fund. unit

discriminant dp

a(i).i=I •...• 3

in!. basis

e(i).i=I •...• 3

R f·

- 247

0.1.3

1.1.0

1.54

-255

1.0.3

2.1.0

1.99

-268

-2.-2.-2

3.-1.0

2.52

-283

0,4.1

0.1.0

1.40

- 300

4.2.2

I.p. p2 I.p. p +p2 I.p. - 2 -2p +p2 I.p. 2+p2 I.p. -1 + 3p + p2

6.2.1

3.15

4.1 Table of fundamental units of totally real quartic fields with dF < 5000 coefT. of gen. polyn. i= 1•...• 4

in!. basis

three fund. units eli). i= 1•...• 4

725

1.-3.-1.1

1125

I. -4. -4.1

1600

-4.0.8. -I

1957

O. -4.1.1

2000

-4.1.6.1

2048

-4.2,4 - I

2225

5,4. - 5.-1

2304

O. -4.0.1

2525

6.8. - 3.-1

2624

2. - 3. - 2.1

2777

2. - 3. - 5.1

I.p. _I +p+p2. _ I - 2p + p2 + p3 I.p. -2 +p2 _I - 3p + p3 I.p. i( - I - 2p + p2). to - p - 3p2 + p3) I.p. _ 2 + p2. 1- 3p + p3 I.p. _I - 2p + p2. 2 _ 3p2 + p3 I.p. -1-2p+p2. 2- 3p2 + p3 I.p. - 2 + 2p + p2. i( - I + 2p + 4p2 + p3) I.p. _ 2 + p2. _ 3p + p3 I.p. 3p + p2. _ I + 2p + 4p2 + p3 I.p. _I + 2p + p2. _ I - 2p + 2p2 + p3 I.p. _ 2 + p + p2. _ I - 3p + p2 + pJ

0.1.0.0 -1.1.0.0 1.1.0.0 0.1.0.0 1.1.0.0 -1.0.1.0 0.1.0.0 0.1.0. -I 1.0. -1.0 0.1.0.0 1.-1.0.0 0.0.1. -I 0.1.0.0 1.1.0.0 1.0. -1.0 0.1.0.0 0.1.0.-1 1.0. -1.0 0.1.0.0 4.2.1.1 9.4.2.2 0.1.0.0 0.0.1.1 1.1.-1.-1 0.1.0.0 1.1. -1.0 1.0. -1.0 0.1.0.0 I. -1.0.0 1.1.0.0 0.1.0.0 2.-1.-1.2 1.0.0. -I

discriminant df ·

ali).

Rf·

Galois group

0.83

DB

1.17

C4

1.54

!!.l4

1.92

64

1.85

C4

2.44

C4

2.06

DB

2.66

!!.l4

2.09

Ds

2.19

DB

3.04

64

(Conti.)

439

Appendix: Numerical tables

4.1 (Contd.) coefT. of gen. polyn. discriminant df"

ali),

3600

-4, - 3,14,1

3981

4205 4225 4352 4400 4525 4752 4913

i= 1, ... ,4

into basis

I,p, t( - 2 - 2p + p2), t(5 - 3p - 3p2 + p3) I,p, I, -4, -2,1 _2+p+p2, _ I _ 3p + p2 + p3 I,p, I, - 5,1,1 - 2 + 2p + p2, 1_ 5p + p2 + p3 - 4, - 3,14, - 4 I,p, 1( - 4 - p + p2), *(4 - 4p - 3p2 + p3) 0, -8,8,1 I,p, _ 4 + p + p2, - 2 - 5p + 2p2 + p3 -8,17, -4,-1 I,p, I -4p + p2, - 2 + 9p - 6p2 + p3 5,2, -10,1 I,p, - 3 + 2p + p2, !( _ 5 + P + 4p2 + p3) 2,-3,-4,1 I,p, _ 2+p + p2, _ I - 3p + p2 + p3 I, -6,-1,1 I,p, _ 3 + P + p2, W-6p+p3)

three fund. units eli), i= 1, ... ,4 0,1,0,0 1,0, -1,0 2,0,0,1 0,1,0,0 1,1,0,0 1,1, -1,0 0,1,0,0 1,-1,0,0 1,-1,1,0 1,1,-1,-1 2, -1,0,3 3, -1,0,3 0,1,0,0 1,0,0,-1 1,0, -1,0 0,1,0,0 1,-1,1,0 1,0,-1,0 0,1,0,0 1,-1,0,0 0,0,0,1 0,1,0,0 1,1,0,0 0, -1,1,0 0,1,0,0 0,0,1,1 5,3,3,2

Rf"

Galois group

2.62

'U 4

3.19

64

2.82

Ds

3.19

'U 4

4.18

Ds

3.29

Ds

3.06

Ds

3.71

Ds

3.46

C4

4.2 Table of fundamental units of quartic fields with two complex conjugates and IdFI < 300 discriminant d•.

coelT. of gen. polyn. a(i), i= 1, ... ,4

- 275

1,0,-2,-1

-283

0,-2,1,1

-331

0,- 2,3,- I

-400

0,-1,0,-1

-448

2,1,2,1

-475

1,-2,2,-1

int. basis I,p, p2, p3 I,p, p2, p3 I,p, p2, p3 I,p, p2, p3 I,p, p2, p3 I,p, p2, p3

two fund. units e(i), i= 1, ... ,4

RF

Galois group

0,1,0,0 1,1,0,0

0.37

Ds

1,1,0,0 1,-1,0,0

0.38

64

0,1,0,0 1,-1,0,0

0.43

64

0,1,0,0 I, -1,0,0

0.51

Ds

0,1,0,0 1,1,0,0

0.56

Ds

0,1,0,0 1,-1,0,0

0.58

Ds (Contd.)

440

Appendix: Numerical tables

4.2 (Contd.) discriminant df ·

-491

two fund. units e(i),

coelT. of gen. polyn. a(i), i= 1, ... ,4

1,-1,-3,-1

- 507

1,-1,1,1

- 563

1,-1,1,-1

-643

1,0,2,1

-688

0,0,2,-1

-731

0,-2,1,-1

-751

1,-1,2,-1

-775

1,0,3,-1

-848

0,-1,2,1

-976

0,- 3,2,-1

-1024

0, -2,0,-1

-1099

0,-4,3,-1

in!. basis

i= 1, ... ,4

R f•

Galois group

I,p,

0,1,0,0 1,1,0,0

0.63

64

0,1,0,0 1,1,0,0

0.65

Os

0,1,0,0 1,-1,0,0

0.70

64

0,1,0,0 1,1,0,0

0.72

64

0,1,0,0 1,0,1,1

1.00

64

0,1,0,0 1,-1,0,0

0.87

64

0,1,0,0 2,1,0,0

1.07

64

0,1,0,0 1,1,0,1

0.87

Ds

0,1,0,0 1,1,0,0

0.99

64

0,1,0,0 1,-1,0,0

0.99

64

0,1,0,0 1,1,1,1

1.35

Ds

0,1,0,0 1,-1,0,0

1.01

64

0,1,0,0 1,1,-1,0

1.29

64

I,p, _ I

0,1,0,0 1,1,1,1

1.53

Ds

_ I,p, p2,

0,1,0,0 3,2,1,1

1.57

64

0,1,0,0 1,-1,1,2

1.58

64

p2, p' I,p, p2, p' I,p, p2, p' I,p, p2, p' I,p, p+ p2, 1+ p' I,p, p2, p' I,p, p2, p' I,p, p +p2, W + 2p2 + p') I,p, p2, p' I,p, p2, p' I,p, _I + p2, _ 2p + p3 I,p,

p2, p3 -1107

2,0,1,-1

I,p,

2p+ p2 1+ 2p2 + p3 -1156

1,-2,1,1

-1192

1,2,-1,-1

-1255

0,-1,3,-1

+ P + p2, 2p + p2 + p3

_ I I,p,

+ 2p + p2 + p'

+ p+ p2, 1_ P + p' _I

441

Appendix: Numerical tables

4.3 Table offundamental units of totally complex quartic fields with dF < 600 discriminant df"

coefT. of gen. polyn. a(i), i= 1, ... ,4

117

0,2,3,1

125

1,1,1,1'"'

one fund. unit e(i), i= 1, ... ,4

RF

Galois group

I,p, 1+ p2, 2 + 2p + pJ

0,1,-1,1

0.54

Ds

I,p,

1,1,0,0

0.96

C.

1,-1,0,0

1.32

C.

0,1,0,0

0.86

Ds

0,1,0,0

0.96

'8.

0,1,0,0

0.34

6.

0,1,0,1

1.76

'8.

0,1,0,0

0.44

6.

0,1,0,0

0.73

Ds

0,1,0,0

1.06

Ds

1.46

Ds

0.63

Ds

0.96

'8.

0,1,0,0

1.66

Ds

0,1,0,0

1.57

'8.

0,1,-1,0

1.53

C.

1,0,-1,0

1.96

Ds

0,1,0,0

2.11

Ds

int. basis

p2,

pJ 144

0,-1,0,1

189

2,0,-1,1

225

1,2,-1,1

229

0,0,1,1

256

0,2,4,2

257

0,1,1,1

272

0,1,2,1

320

2,0,-2,1

333

5,7,3,3

392

2,6,-2,1

400

0,3,0,1

432

-4,3,2,1

441

0,5,0,1

512

0,2,0,2

513

4,9,16,13

549

6,10,3,1

I,p, p2,

pJ I,p, p2,

pJ I,p, 1+ p + p2, + 2p + 2p2 + pJ) I,p, p2,

W pJ

I,p, p2,

W +p2 +pJ) I,p, p2,

pJ I,p p2,

pJ I,p, p2,

pJ I,p, 1,0,-1,0 2p + p2, I + 2p + 3p2 + pJ I,p, 0,0,1,1 1(3+2p+p2), ~(_ 3 + 5p + p2 + pJ) I,p 0,1,0,0 p2,

pJ I,p, _ 2p + p2, 2p _ 3p2 + pJ I,p, 1(3+p+p2), HI +4p+pJ) I,p, 1 + p2, p+ pJ I,p, HI +p+p2), 1(5 + 4p + 2p2 + pJ) I,p, _ I + 2p + p2, 3p + 4p2 + pJ

(Contd.)

442

Appendix: Numerical tables

4.3 (Contd.) one fund. unit e(i),

coefT. of gen. polyn. a(i),

discriminantd..

i=I,,,.,4

576

0, - 2,0,4

int. basis

i= 1,,,.,4

Rf ·

Galois group

I,p,

1,1,1,0

2.29

~4

0,1,1,1

7.76

~14

0,1,0,0,

0.92

64

tp2,

!pl 576

0,2,0,4

592

0,2,2,1

I,p, !p2,

!pl I,p, p2,

pl

5.1 Table of fundamental units of totally real quintic fields with dF < 102000 coefT. of gen. polyn.

four fund. units e(i), i = I,. ",5

discriminant dF

a(i),i= 1,,,.,5

int. basis

14641

I, - 4, - 3,3,1

24217

0, - 5, - 1,3,1

36497

I, - 5, - 3,2,1

38569

I, - 5, - 1,4, - 1

65657

I, - 5, - 2,5, - I

70601

I, - 5, - 2,3,1

81509

2, - 4, - 6,4,1

81589

2, - 4, - 8,0,1

89417

2, - 4, - 7,2,1

0,1,0,0,0 _ 2 + p2, 1,-1,0,0,0 _ 3p + pl, 1,1,0,0,0 I - 2p _ 3p2 + pl + p4 1,0,-1,0,0 0,1,0,0,0 I,p, _ 2 + p2, 1,-1,0,0,0 1,1,0,0,0 -1-4p +pl, 2 _ 5p2 + p4 1,-1,1,0,0 0,1,0,0,0 I,p, _ 2 + p2, 1,1,0,0,0 _ 2 - 4p + p2 + pl, 1,2,1, - 4, - 2 3,4,2, - 5, - 3 I + 2p - 5p2 + p4 0,1,0,0,0 I,p, 1,-1,0,0,0 _2+p+p2, _ 3p + p2 + pl, 1,1,0,0,0 3 - 2p - 5p2 + pl + p4 1,0,1,0,0 0,1,0,0,0 I,p, 1,-1,0,0,0 -2 + p+ p2, _ I - 3p + p2 + pl, 1,1,-1,0,0 2 - 2p _ 4p2 + pl + p4 1,0,1,0,0 0,1,0,0,0 I,p, _2+p+p2, 1,-1,0,0,0 _ I - 4p + p2 + pl, 1,1,0,0,0 2 - 2p - 5p2 + pl + p4 0,-1,1,0,1 0,1,0,0,0 I,p, 6,3,0, - 2, - 3 -2 +p +p2, _I - 3p + p2 + pl, 2,1,-1,-1,-1 I - 5p - 3p2 + 2pl + p4 1,0, - 1,0,0 0,1,0,0,0 I,p, 1,2, - 2,0,3 -2 + p2, -4p + pl, 3,1,-2,1,3 _ 4p _ 4p2 + pl + p4 2,0,-1,0,1 0,1,0,0,0 I,p, _ 2 + p + p2, 1,1,-1,0,0 2,1,0,0,0 I -4p + pl, I - 3p _ 4p2 + pl + p4 1,0,1,0,0 I,p,

Rf ·

1.64

2.40

3.55

3.16

5.50

4.61

7.63

7.61

6.74

(Contd.)

443

Appendix: Numerical tables

5.1 (Contd.)

discriminant df" -~.-

...- .

codT. of gen. polyn. a(i). i = 1....• 5

----~-.----~.-~

101833

....

four fund. units in!. basis

-----

2. - 5. - 5.1.1

e(i). i = 1•...• 5

RF

0.1.0.0.0 1.1.0.0.0 130. - 228.110. -27.13 1.1.0. -1.0

6.33

--------

I.p. _ 2 + P + p2. - 3 - 4p + 2p2 + pl.

5.2 Table of fundamental units of quintic fields with two complex conjugates and

IdFI < 10000 coefT. of gen. polyn. discriminant d F

a(i). i=

-4511

O. - 2.- 1.0.1

-4903

1.- 3.- 1.2.-1

-5519

0.-3.-1.1.1

- 5783

0.- 2.3,4.1

-7031

0.-1.-1.-1.1

-7367

0.- 4.- 1.2.1

-7463

O. - 4. - 1.4.1

-8519

1.0.1.-1.-1

-8647

O. - 3. - 2.2.1

-9439

O. - 3. - 2,4.1

1..... 5

three fund. units in!. basis

e(i). i = 1..... 5

RF

I.p. _I +p2. _ 2p + pl. _ P _ 2p2 + p4 I.p. -I +p+ p2. 1- 2p + p3, 2 - p - 3p2 + pl + p4 I.p. -I + p2. -2p + p3. 1- p - 3p2 + p4 I.p. -I + p2. I-p +pl. 3 + 3p - 2p2 + p4 I.p. _I + p2. _ P + p3. _1_p_ p 2 + p4 I.p. _ 2 + p2. _ 3p + p3. 2 _ P _4p2 + p4 I.p. - 2 + pl. -1-2p +pl. 2 - P - 3p2 + p4 I.p. -I + p2. p2 + pl. -I + p + pl + p4 I.p _1_p+p2. -1-2p+p3. 1- P _ 3p2 + p4 I.p. -I +p2. _1_p+p3. 2- p-2p2 + p4

0.1.0.0.0 1.-1.0.0.0 1.1.0.0.0

0.63

0.1.0.0.0 0.0.1.0.0 1.1.0.0.0

0.67

0.1.0.0.0 1.-1.0.0.0 1.1.0.0.0

0.73

0.1.0.0.0 1.1.0.0.0 0.1.1.-1.2

0.76

0.1.0.0.0 1.-1.0.0.0 1.1.0.0.0

0.89

0.1.0.0.0 1.-1.0.0.0 1.1.0.0.0

0.90

0.1.0.0.0 1.-1.1.0.0 1.1.0.0.0

0.93

0.1.0.0.0 1.-1.0.0.0 1.1.0.0.0

1.00

0.1.0.0.0 1.-1.0.0.0 1.1.0.0.0

1.03

0.1.0.0.0 1.-1.0.0.0 1.0.-1.0.0

1.21

444

Appendix: Numerical tables

5.2 (Contd.)

discriminant d F

coefT. of gen. polyn. a(;),;= 1, ... ,5

in!. basis

e(i), i= 1, ... ,5

three fund. units

-9759

1,-3,-2,1,-1

I,p,

0,1,0,0,0 1,1,0,0,0 1,0,2,1,1

_ 2 + p2,

- 2p

+ p3,

I - 2p - 3p2

+ pl + p'

1.24

5.3 Table of fundamental units of quintic fields with four complex conjugates and dF < 4000 discriminant dF

coefT. of gen. polyn. ali), i= 1, ... ,5

1609

0, - 3,0,2,1

1649

0, - 3, - 1,3,1

1777

0, - 2, - 1,2,1

2209

0, - 1,2, - 2,1

2297

0,1,1,1,1

2617

0, - 2,3, - 2,1

2665

0,1,0,-2,1

2869

0,-2,0,1,1

3017

0,-1,0,0,1

3089

0,-1,0,2,1

in!. basis

two fund. units e(i),;= I , ... ,5

0,0,0,1,0 I,p, _I +p2, 0,0,1,1,0 _ 2p + pl, P _ 2p2 + p' 1,1,0,0,0 I,p, _I +p2, 1,-1,0,0,0 - I - p +pl, 1- 2p2 + p' 1,0,-1,0,1 I,p, _I +p2, 1,1,0,0,0 - I - p +pl, 1- P _ p2 + p' 0,1,0,0,0 I,p, _I + p+ p2, 1,-1,0,0,0 l_p+p2 +p\ _ 2 + 2p _ p2 + p' 0,1,0,0,0 I,p, p2, 1,1,0,0,0 1+ p + pl, p+p' 0,1,0,0,0 I,p, _I +p+p2, 1,0,-1,0,0 I - 2p + p2 + pl, _ I + 2p - 3p2 + p' 0,1,0,0,0 I,p, p2, 1,-1,0,0,0 1+ p + p2 + pl, _ I + P + 2p2 + pl + p' I,p, 1,1,0,0,0 _I +p2, 1,-1,0,0,0 _ p + pl, 1_ 2p2 + p' 0,1,0,0,0 I,p, _I +p2, 1,-1,0,0,0 _p+pl, _ p2 + p' 0,1,0,0,0 I,p, p2, 1,1,0,0,0 _p2 + pl, _ p2 + p'

R f·

0.27

0.27

0.29

0.35

0.36

0.39

0.40

0.43

0.44

0.49

6.1 Table offundamental units of totally real sexticfields with dF < 1229000 discriminant dF

coetT. of gen. polyn. a(i), i = 1 , ... ,6

in!. basis

five fund. units e(i), i = 1, ... ,6

300 125

1,-7,-2,7,2,-1

371293

1, - 5, -4,6,3,-1

l,p, -2+p+ p2, _ 1 - 5p + p2 + p3, 2 - p - 6p2 + p3 + p4, _ 4 + 3p + 6p2 _ 7p3 + pS l,p, _2+p2, _ 3p + p3, 2-4p2 +p\ 1 + 3p - 3p2 _ 4p3 + p4 + pS l,p, _ 3 + p2, 3 - 5p _ p2 + p3, 3 - 2p - 6p2 + p4, _ 3 + 7p - p2 _ 7 p3 + pS l,p, _ 2 + p2, _ 3p + p3, 2 + 3p _ 4p2 _ p3 + p4, 2 + 5p _ p2 _ 5p 3 + pS l,p, _2+p2, _2_3p+p2+p3, 2 + p - 4p2 + p4, 3 + 5p - 4p2 _ 5p3 + p4 + pS l,p, _3_p+p2, 2 - 2p - 2p2 + p3, 2+ 7p-2p2 _3 p3 +p4, 6p + 8p2 _ 3p3 _ 3p4 + pS

0,1,0,0,0,0 1, - 1,0,0,0,0 1,1,0,0,0,0 0,1,1,1,0,0 1,0, - 1, - 1,0,0 0,1,0,0,0,0 1, - 1,0,0,0,0 1,1,0,0,0,0 1, - 1,1,0,0,0 1,0,-1,0,0,0 0,1,0,0,0,0 1, - 1,0,0,0,0 1,0,0,1,0,0 2,1,0,0,0,0 1,1,0, - 1,0,0 0,1,0,0,0,0 1,1,0,0,0,0 0,0,1,0,0,0 1, - 1,1,0,0,0 1,0, - 1,0,0,0 0,1,0,0,0,0 - 1,1,0,0,0,0 1,1,0,0,0,0 1, - 1,1,0,0,0 0,1,1,0,0,0 0,1,0,0,0,0 1,1,0,0,0,0 1,0, - 1,1,0,0 1,0, - 1,0,0,0 1,0,1,0,0,0

434581

453789

0, - 8,0,12, - 7,1

1,- 6,- 6,- 8,8,1

485125

2, - 4, - 8,2,5,1

592661

- 5,2,18, - 11, - 19,1

RF

3.28

3.78 ~

4.19

"""""::>

Q. ~.

Z c: 3

(l

4.40

1)'

eo. ;:;

0-

~

4.53

5.23

(Contd.)

.j:>. .j:>.

V>

""" 0"""

6.1 (Contd.) discriminant dF

coeff. of gen. polyn. a(i), i = 1 , ... ,6

int. basis

five fund. units e(i), i = 1, ... ,6

703493

1, - 7, - 2,14, - 5, - 1

722000

1,- 6,-7,4,5,1

l,p, _2+p+p2, -3p + p2 + p3, 2 - 4p - 3p2 + 2p3 + p4, _ J + 5p - 5p2 _ 4p3 + 2p4 + p5 l,p, _ 2 + p2, -1-4p + p3, 2 - p - 5p2 + p4, 3 + 6p - 2p2 _ 6p3 + p5 J,p, _2+p+p2, _ 1 _ 3p + p2 + p3, _ 3p - 2p2 + 2p3 + p4, 2 +4p - 6p2 _4p3 + 2p4 + p5 l,p, _3+p+p2, _ J - 6p + p2 + p3, 3 + 4p - 8p2 + p4, #11- 36p - 39p2 + 2p3 + 7p4 + p5) l,p, _2+p2, 1_4p_p2+p3, 3 + p - 5p2 - p3 + p4, _ 2 + 7 p + 3p2 _ 6 p 3 _ p4 + p5 l,p, -2+p +p2, - 2 - 2p + 2p2 + p3 _ 5p _ p2 + 3p3 + p4, _ 1 + 5p - 3p2 _ 4p3 + 2p4 + p5

0,1,0,0,0,0 1, - 1,0,0,0,0 0,1, - 1,0,0,0 1,0, - 1,0,0,0 0,0,1,0,0,0 0,1,0,0,0,0 1, - 1,0,0,0,0 1,1,0,0,0,0 1,1,0, - 1,0,0 0,1,1,0,0,0 0,1,0,0,0,0 1, - 1,0,0,0,0 1,1,0,0,0,0 0,1,0, - 1,0,0 0,0,1,0,0,0 0,1,0,0,0,0 1, - 1,0,0,0,0 23, - 23,7,28,17, - 50 -16,13, - 5, - 9, - 6,19 1,1,0,0,0, -1 0,1,0,0,0,0 1, - 1,0,0,0,0 1,1,0,0,0,0 1,1, - 1,0,0,0 1,1,1,0,0,0 0,1,0,0,0,0 1, - 1,0,0,0,0 1,1,0,0,0,0 0,1, - 1,0,0,0 1,0, - 1,0,0,0

810448

820125

3,- 2, - 9,0,5,1

0, -9,4,9,- 3,-1

905177

1, -7, -9,7,9,-1

966125

3,- 3,-10,3,8,-1

RF

5.71

6.41

»-

'0 '0

6.89

'"c.. = ~.

Z c: 3 ~

6.28

n' ~

;; a"

if 6.91

7.43

980125

0, - 9,9,4, - 3, - 1

1075648

6,8, - 8, - 13,6,1

1081856

1134389

1202933

0,-6,2,7,-2,-1

I, - 6, - 7,5,6,1

I, - 6, - 2,6,0,-1

l,p, -3 +p+p2, - 2 - 5p + 2p2 + p3, 1 + 3p _7p2 + p3 + p4, - 1 - 3p + 10p2 _ 8p3 + p5 l,p, -1 +2p+p2, -2+ 3p2 + p3, - 1 - 4p + 2p2 + 4p3 + p4, 1 - 5p - 5p2 + 5p3 + 5p4 + p5 l,p, _2+p2, _ 1 _ 3p + p2 + p3, 2 - 2p _ 4p2 + p3 + p4, 5p _ 2p2 _ 5p 3 + p4 + p5 l,p, _2+p2, _1_4p+p2+ p3, 4 + 3p - 5p2 - p3 + p4, 3 + 7 p - 2p2 _ 6p3 + p5 l,p, _2+p+p2, _1_4p+p2+p3, 2 - p - 5p2 + p3 + p4, 6p _ 2p2 _ 6p 3 + p" + p5

0,1,0,0,0,0 I, - 1,0,0,0,0 4,3,1,1,2,1 0,0,0,1,0,0 8,17,10, - 36,22,30 0,1,0,0,0,0 I, -1,0,0,0,0 1,1,-1,0,0,0 0,1,-1,0,0,0 1,0, - 1,0,0,0 0,1,0,0,0,0 I, - 1,0,0,0,0 1,1,0,0,0,0 I, - 1,1,0,0,0 1,0, - 1,0,0,0 0,1,0,0,0,0 I, - 1,0,0,0,0 1,1,0,0,0,0 1,1,1,0,0,0 I, - 1,1,0,0,0 0,1,0,0,0,0 I, - 1,0,0,0,0 1,1,0,0,0,0 1,0,1,0,0,0 0,1,1,0,0,0

7.12

7.70

>-

"0 "0

'"c..

::I

7.76

..;;.

Z c: 3 ~

('i.

2:-

7.82

0;; (J

if 8.74

t .....

448

Appendix: Numerical tables

6.1 Fundamental units of the sextic field with two complex conjugates and minimum discriminant coefT. or gen. polyn. a(i). i= 1•...• 6

-92779

1.-2.-3.-1.2.1

rour rund. units in!. basis

e(i). i= 1•...• 6

I.p. _I +p2. _ 2p + pl. _ 2p2 + p4. 2 + P _ p2 _ 3pl + p'

0.1.0.0.0.0 I. - 1.0.0,0,0 1.1.0.0.0,0 0,1, - 1,0.0,0

1.26

6.3 Fundamental units of the sextic field with four complex conjugates and minimum discriminant coefT. or gen. polyn.

28037

three rund. units

a(i), i= 1, ... ,6

int. basis

e(i), i= 1, ...• 6

Rf

2,0, - 3,0,2. - I

I.p. p+ p2. _ I + P + 2p2 + pl. _ P + p2 + 2pl + p4. I - 2p - 2p2 + 2pl + 3p4 + p'

1.0. -1.0.0.0 I. - 1,0,0,0,0 1.1.0.0,0.0

0.48

6.4 Fundamental units of totally complex sexticfields with Idfl < 13100 two rund. units

coefT. or gen. polyn.

Rf

discriminant df

a(i). i= 1, ... ,6

int. basis

e(i). i= 1•... ,6

-9747

0.1,1,-2.-1,1

0,0.0.0,0.1 1,1.-1.1.2.3

0.60

-10051

1.2.2,2,2.1

0,1.0.0,0.0 1.1,0.0,0,0

0.21

-10571

2.2.1.2,2.1

0.0,- 1.0.1,0 0.0,-1.0,1,1

0.21

-10816

2.0. - 2. - 1,0.1 1,-1,0,0,-1,1

0, I,0,0,0.0 1,1,0,0,0,0 0,1,0,0,0,0 I, - 1,0,0,0,0

0.43

-11691

I,p. p2. P + pl. _ I + p + 2p2 + p4. _ I _ 2p + p2 + pl +p' I.p, p2. p + p" p2 + p4. pl + p5 I.p, p2, p2 + pl, I + p2 + pl + p4, 1+ 2f + p4 + p' I,p.p. pl.p4,p' I,p, p+p2, p2 + pl, pl + p4, _ I + p2 + p4 + p'

0.69

(Contd.)

449

Appendix: Numerical tables

6.4 (Contd.) cocO'. of gcn. polyn. discriminant tiF

a(i). i= 1•...• 6

-12167

3.5.5.5.3.1

-14283

1.1.2.1.0.1

-14731

1.0.-1.-1.0.1

-16551

2.2.3.3.1.1

-16807

1.1.1.1.1.1

-18515

0.2.1.2.0.1

-19683

0.0.1.0.0.1

- 20627

1.1.2.2.1.1

-21168

I. - 2. -1,4. - 3.1

int. basis

I.p. 1+ P + p2. p+p2+p3. I + P + 2p2 + 2p3 +p4. 2p + 2p2 + 3p3 +2p4+p5 I.p. p2. 1+ p3, p+p\ p + p2 + p3 + p4 + p5 I.p. p2. p3. p3 + p4. _I _ P + p3 + p4 +p5 I.p. p+p2. 1+ p2 + p3. 2 + 2p + 2p2 + 2p3 +p4. _I + p + p2 + p4 +p5 I.p. p2. p3. p4. p5 I.p. 1+ p2. P +p3. 1+ p + p2 + p4. P + p2 + 2p3 + p5 I.p. p2. p3. p4. p5 I.p. p2. 1+ p3. p+p4. P + p2 + p4 + p5 I.p. -I +p +p2. -I + 2p2 + p3. 2 - 2p + 2p3 + p4. - 2 + 4p _ p2 _ 2p 3 + p4 + p5

two fund. units e(i). i= 1•...• 6

RF

0.1.0.-1.0.1 0.0.0.0.0.1

0.24

0.1.0.0.0.0 1.1.0.0.0.0

0.80

0.1.0.0.0.0 1.1.0.0.0.0

0.28

0.1.0.0.0.0 1.1.0.0.0.0

0.93

1.1.0.0.0.0 1.-1.1.0.0.0.

2.10

0.1.0.0.0.0 0.0.1.0.0.0

0.33

1.1.0.0.0.0 1.0.1.0.0.0

3.40

0.1.0.0.0.0 1.0.1.0.0.0

0.39

0.1.0.0.0.0 I. - 1.0.0.0.0

1.12

(Contd.)

450

Appendix: Numerical tables

6.4 (Contd.)

discriminant d,

coelT. of gen. polyn. a(i), i = 1, ... ,6

-21296

1,2,3,2,1,1

two fund. units in!. basis

e(i), i = 1, ... ,6

R,

I,p,

-1,-1,0,1,1,1 0,1,0,0,0,0

0.31

0,1,0,0,0,0 1,1,0,0,0,0

0.31

0,1,0,0,0,0 1,1,0,0,0,0

0.15

I,p, I +p2,

0,1,0,0,0,0 0,0,1,0,0,0

1.26

If'

I, - 1,1,0,0,0 1,1,0,0,0,0

0.39

0,1,0,0,0,0 1,0,1,0,0,0

1.19

p2, l+p+p3, p + p2 + p4, p2 + p3 + p5, - 22291

1,0,1,1,0,1

I,p,

p2, I +p3, 1+ p + p3 + p4, p+ p2 + p4 + p5 -22592

0, -1,0,2,2,1

I,p,

p2, _p2+p3, 1+ p- p3 + p4, 2+ 2p _ p3 + p5 -22101

1,4,4,5,3,1

2p + p3, 2 + p + 3p2 + p4, 1+ 2p + p2 + 3p3 + p5 -22141

1,0,2,1,-1,1

p, 1+ p2 + p3, -I +p+p4, - I +p+p2+ p4 +p5 -23031

0,1,1,1,2,1

I,p,

e

2,

p3, p+p4, 1+ p2 + p5

7.1 Fundamental units ofthe totally real seventh degreefield with minimum discriminant coelT. of gen. polyn. a(i),i= 1, ... ,1

20134393

in!. basis

I, - 6, - 5,8,5, - 2,-1

six fund. units e(i), i= 1, ... ,1 - 2, - 4,4,5, - I, - 1,0 - 2,1,8,- 4,- 6,1,1 -3,2,15,-4,-12,1,2 0, I,0,0,0,0,0 - 2,0,1,0,0,0,0 2,2, - 8, - 1,6,0, - I

R, 14.45

8 Integral bases We present two examples for the computation of the maximal order of an equation order by the embedding algorithm of chapter 4, section 6. 1. For Itt) = til + 10It i0 + 4151t 9 + 81851t B + 916826t 7 + 4621826t 6 - 5948614t 5 - 1131 11614t4 - I 2236299t 3 + 1119536201t 2 -1660153125t - 332150625

451

Appendix: Integral bases we obtain the reduced discriminant

d,(f) = 81025653391191575101440000 = 212 x 3 12 X 54 X 29 4 x 82231 and the discriminant

d(f) = 2 130

X

3 12

X

5 12

X

29 18

X

82231 6

The algorithm produces: p=2

idempolellls

-1421478951492431/256~IO +86970691 5501 33/32C +959425090967179f128~8 -140484061 157699/32C - 654028913747701/128~6 - 139900389254233/32~5 - 3264518827489/4~4 - 234oo5131717649/32~J - 650184017173519f256~2 + 33744914112585/4~ - 333711335100551/128

1421478951492431/256~1 0

- 86970691550133/32~9 - 959425090967179/128~8 + 140484061 157699/32C + 654028913747701/128~6 + 139900389254233/32~5 + 3264518827489f4~4 + 234oo5131717649/32~J + 650184017173519/256e - 33744914112585/4~ + 333711335100679/128

lire faclorization 17 + 8511627172651 6 + 143296653482851 5 + 23221573318851 4 + 1082290121011I J + 31967940825951 2 + 21006435379991 + 15204983818911. 14 + 167410233272521 J + 29829686280061 2 + 84805826600201 + 809919201793.

furllrer idempolellls 390730948745463/128~6 - 1974053779852231/64~5 - 746745761669899f128~4 -191811737241957/32~J - 1004454580604047/128~2 - 179581618641623/64~

- 433530700975229/128. - 390730948745463/128~6 + 197405377985231/64~5 + 746745761669899/128~4 + 191811737241957/32~J + 1004454580604047/128~2 + 179581618641623/64~ + 433530700975357/128.

a furllrer faclorizalion 16 + 51964051707341' + 141488314476671 4 + 161092285670281 J + 85079323537511 2 + 11870227502526/ + 10540983492437 1+ 13246943590947.

lire 2-minimai basis WII

WlO

= 1/2048~IO + 1/1024~9 + 1/2048~B + 1/256C + 1/1024~6 - 11/256~J - 99/2048~2 + 25/1024~ + 53/2048 = 1/512~9

+ 1/512~B -

3/256~' - 3/256~4 + 1/64~J

W9

= 1/256~B - 3/128~4 + 1/32~2 - 3/256

+ 1/128~6 +

= 1/128C

= 1/64~6 + 1/64~4 - 5/64~2 + 3/64

W6

= 1/32~' 1/16~4

+ 1/64~2 -

+ 1/32~4 + 1/16~J + + 1/8~2 - 3/16

1/16~2 - 3/32~ - 3/32

w4=1~~J+I~~2_1~~-I~ Wj

= 1/4~2 - 1/4

W2

= 1/2~ + 1/2

WI =

3/512~ - 3/512

1/128~' + 1/128~4 - 5/128~J - 5/128~2 + 3/128~ + 3/128

WB

W7

w, =

+ 7/512~5 + 21/1024~4

1.

p=3 faclors mod 3 16 +1' + 21 3 + 12 + 21 + 1 13 + 12 + I + 2 I.

452

Appendix: Numerical tables

factorizatioll mod 3 24 t 6 + 120783431803t' + 8973604878t 4 + 61904146670t 3 + 31825819645t 2 + 183824600885t + 30301271638 t 3 + 156274299151t 2 + 97643734609t + 173505680846 t 2 + 5371805628t + 22263657813, 3-millimal basis WI I

= 1/729~IO

+ 101/729~9 - 223/729~8 - 358/729C - 34/729~6 - 34/729~' - 34/729~4 - 34/729~3 - 34/nn 2 - 34/n9~

WIO

= ~9

W9 =

~8

W8=C W7

= ~6

W6

=~'

W,

= ~4

W4=~3 W3=e W2

= ~

w l =1

p=5 factors mod 5 t+4 t+I factorizatioll mod 58 t4 + 187926t 3 + 272826t 2 + 260801t + 308101 + 336550t 4 + 176650t 3 + 80725t 2 + 165425t + 246226 t 2 + 256875t + 161875,

I'

idempotellls - 52091/5~4 - 884924/5~J - 871611/5e + 16121/5~ + 278999/5 52091/5~4 + 884924/5~3 + 871611/5~2 - 16121/5~ - 278994/5,

factorizatioll t 4 + 309039t J + 157846/ 2 + 157544t + 347441 t + 27511, idempolelllS - 4543197/25~ - 49587 4543197/25~ + 49588,

factorizatioll 1+725 1+256150,

5-millimal basis WII

WIO

= 1/25~IO + 1/25~9 + 1/25~8 + 1/25C + 1/25~6 + 1/25~' + 1/25~4 + 1/25~3 + 1/25~2 + 1/25~ = 1/5~9

w9 = ~8 W8=C W 7 = ~6

+ 1/5C + 1/5~' + 1/5e + 1/5~

Appendix: Integral bases

(1)6

453

= ~s

Ws =

~4

(1)4

= ~3

(1)3

=~'

W, =~ W, =

I.

p=19

jactors mod 29 /4 + 27/ 3 + 9/' / +28 / + 12,

+ 10/ + 24

jac/oriza/ioll mod 29 8 /4 + 50605465738/ 3 + 52694279576/' + 495928586992/ + 216188927047 /3 + 179037728472/ 2 + 480036204243/ + 194325614858 /4

+ 270603218852/ 3 + 311400732346/ 2 + 383680458976/ + 294504268343,

idempo/elllS 170950383710294/84W - 124930383118041/841~ -170950383710294/841~2

+ 116845930821609/841

+ 124930383118041/841~ - 116845930820768/841,

jac/oriza/ioll /2

+ 235370557884/ + 112494502447

/ + 443913583549, idempo/ellls 3441901651958/29~

- 5081864234391/29, -

3441901651958/29~

+ 5081864234420/29,

jac/oriza/ioll

/ + 300710030106

/ + 434906940739 29-millil1lal has is

w,' =

1/24389~' 0 + 2/24389~9 + 9/24389~8 + 279/24389C + 325/24389~6 - 11199/24389~s - 11647/24389~4 + 9277/24389~3 + 1911/24389~2 + 1329/24389~ 9713/24389

+

w,o = 1/841~9 + 10/841 C - 11/841 ~6 - 153/841~ - 129/841 0)9

+ 90/841 ~s -

1/29~4

+ 379/841 ~3 - 158/841 ~2

- 9/841C + 4/841~6 + 330/841~s - 357/841~4 -- 383/841~3 + 259/841~2 + 5/841~ + 150/841

= 1/841~8

W8 =

1/29C + 10/29~s

tv7 = 1/29~6 W6

=~'

tv,

= ~4

w4

=C

+ 1O/29~4 - 11/29~3 - 3/29~2 + 11/29~ + 11/29 + 9/29~s + 4/29~4 - 12/29~3 - 3/29~2 - 1/29~ + 2/29

tv3 = ~2

tv, = ~

w, = I

llllegral hasis

(~ =

/If )

W,' = 1/910314547200~'0 -

85607/455157273600C + 1352801/910314547200~8 - 921683/1 137893 I 8400C - 84877487/455157273600~6 + 507753959/227578636800~' + 7760693413/455157273600~4 - 741690983/113789318400~J - 19749911299/910314547200~' + 40692408193/455157273600~ - 4064571/49948672

454

Appendix: Numerical tables

ill I0 = 1/2152960~9 + 1/430592~8 - 1/33640C + 7/26912~6 - 223/37120~' + 2533/215296~4 - 8863/269120~3 + 3963/53824~2 + 115901/2152960~ - 43283/430592 ill9 = 1/215296~s + 5/53824C + 1/53824~6 + 155/53824~' + 387/107648~4 - 1437/53824~3 + 5089/53824e 2 + 10173/53824~ - 56719/215296 Ws = 1/3712C + 1/3712e 6 - 39/3712e' - 15/3712e 4 - 197/3712e' + 139/3712~2 + 619/3712~ - 509/3712 ill7 = 1/1856~6 - 5/464~'

+ 1/32~4 +

+ 33/1856~4 + 13/232~3 + 171/1856~2 -109/464~ +

W6

= 1/32~'

W,

= 1/16~4 + 1/8e - 3/16

147/1856

1/16e + 1/16e - 3/32~ - 3/32

w4=1~~3+1~~2_1~~-I~ W3

= 1/4e - 1/4

W2

= 1/2~

+ 1/2

wl=1 The index of the equation order in its maximal order is 2'6 x 36 X 53 X 29 9,

2, For fIt) = d,(f) = = d(f) =

t" - 3080t + 3024 we obtain the reduced discriminant 9147600 24 x 33 X 52 X 7 X 112 and the discriminant 2216 X 3 162 X 5'6 X 7'4 X 11'6,

The algorithm produces:

p=2 idempotents 11/4C 4 + 111/2C 3 + 3~'2 + 14~'1 - 20e'o - 8~49 + 48~48 - 32~47 _ 64~46 + 128e4' - 235/4~36 - 69~35 + 73e 4 - 48C 3 + 8~32 - 96e'1 + 32C o + 64e 2S + 53/2~IS - 101~17 + 84~16 _ 8~I' - 88~14 + 48~13 _11/4~'4

_

111/2~53

_

3~'2

_

14~'1

+

+ 235/4e 6 + 69~35 -73C4 + 48e 33 -84~16+8~I'+88eI4-48~\3+

factorization mod

20~'o

+

8~32

8~49

_

48~4S

+ 96e 31 -

+ 32~47 + 64~46 + 128~4' 32Co - 64e 28 - 53/2~18 + 101e 17

I

28

148t 34 + 64t H + 160t 32 + 128t 31 + 128t 30 + 661 18 + 1881 17 + 16t l6 + 961 1' + 321 14 + 1921 13 + 4 t l9 + 1961 18 + 124t l7 + 961 16 + 481 1' + 641 14 + 641 13 + 1901 + 52,

t 36

+ 60t 35 +

idempotents 97/2~18 _17~17

-97/2~18

+

+ 4~16 -104~I' -

17~17 _4~16

+

104~I'

120~14

-

+ 120~14+

16~\3

16~13

+

+

128~12

128~12

factorizalion

liS + 158t l7 + 8t l6 + 48t l ' t + 38

+ 161 14 + 2241 13 +

Inlegral basis W"

= 1/8~'4

W'4 =

W'3

1/4~53

= 1/4~'2

ill37 = 1/4C 6 ill36 = 1/2~35 ill 3, = 1/~~34

190

+ I,

Appendix: Algorithms

CO IS CO l7

455

=e e

17

l6

=

CO 2 =

e

COl =

I

The index of the equation order in its maximal order is 2S7 Both examples were computed by R. Boffgen of Saarbriicken, who implemented an earlier version of the embedding algorithm on a Siemens 7560 computer. The CUP times were 73 and 1192 seconds. The first polynomial has Galois group M II the second ~ISS' The polynomials were found by B.H. Matzat of Karlsruhe. (References: R. Boffgen, Der Algorithmus von Ford/Zassenhaus zur Berechnung von Ganzheitsbasen in Polynomalgebren, Ann. Vniv. Saraviensis, Ser. Math., 1,3 (1987), 60--129; B. H. Matzat, Konstruktion von Zahl-und Funktionenkorpern mit vorgegebener Galoisgruppe, J. Reine AngelY. M~th. 399 (1984), 179-220).

Algorithms Berlekamp's Comparing elements of small absolute norm with stored ones Computation of class group normal presentation of an ideal resultants successive minima torsion subgroup TV(R) of the unit group VCR) vectors of bounded norm in a lattice all x, yeZ subject to - k ~ ax + by ~ k,lyl ~ k all x, yeZ~O salisfyingj ~ ax + by ~ k Diophant Divisor cascading Equal degree factorization in IF q[t] Embedding an equation order into its maximal order Enlarging sublattices Euclid's (in Z) with presentation of the greatest common divisor Gauss' determining a primitive root General reduction Hermite normal form Horner's LLL-reduction MLLL-reduction Quadratic supplement Symmetric functions

page

85 358 421 405 60

199 348 190 354 357 5 25 81 313 211 3

70 194 180 5

201 209 188 50

REFERENCES

Chapter 1 D.E. Knuth, The Art of Computer Programming, vol. 2, 2nd edn, AddisonWesley, 1981. 2 S. Lang, Algebra, Addison-Wesley, 1971.

Chapter 2 I JR. Bastida, Field extensions and Galois theory. Eneycl. of Math. 22, AddisonWesley, 1984. 2 D. Cantor & H. Zassenhaus, A new algorithm for factoring polynomials over finite fields, Math. Comp., 36 (1981), 58792. 3 N. TschebotarefT, Die Bestimmung der Dichtigkeit einer Menge von Primzahlen, welche zu einer gegebenen Substitutionsklasse gehoren, Math. Ann., 95 (1926), 191228. 4 E. Galois, Oeuvres, v-x and 1-61, Paris, 1897. 5 C.F. Gauss, Werke, vol. 1 (Disquisitiones Arithmeticae), vol. 2 (Seetio Oetava), Gouingen, 1876. 6 D. Hilbert, Gesammelte Abhandlungen, Band 2, 393-400, Springer Verlag, Berlin, 1933. 7 F. Klein, Vorlesungen iiber das Ikosaeder, Teubner Verlag, Leipzig, 1884. 8 D.E. Knuth, The Art of Computer Pro· gramming, vol. 2, sec. edn, Addison- Wesley 1981. 9 R. Land, Computation of P61ya polynomials of primitive permutation groups, Math. Comp., 36 (1981),267-78. 10 S. Lang, Algebra, Addison-Wesley, 1971.

II R. Lidl & H. Niederreiter. Finite Fields. Eneyc/. of Math. 20. Addison-Wesley. 1983. 12 H. Niederreiter. Quasi-Monte Carlo methods and pseudo-random numbers. Bull. of tile AMS, 84 (1978), 957-1041. 13 St. Schwarz, Contribution ala n:ductibilite des polynomes dans la theorie des congruences, Ceska Spolecniet Nauk Prague. Trida Mathematicka Prirodovedecka Vestnik (1939). 1-7. 14 St. Schwarz, Sur Ie nombre des racines et des facteurs irreductibles d'une congruence don nee, Casopis Pro Pestovani Matematiky A Fysiky, Prague V. 69 (1940). 128-45. 15 St. Schwarz, On the reducibility of polynomials over a finite field. Quart. J. Math. Oxford Ser. (2), 7 (1956). 110-24. 16 W. Trinks, Ein Beispiel eines Zahlkorpers mit der Galoisgruppe PSL(3, F 2) iiber C, Manuscript, Univ. Karlsruhe, WestGermany, 1968. 17 H. Wielandt. Finite Permllfation Groups, Academic Press, New York. London. 1964. 18 H. Zassenhaus, The Theory of Groups. sec. edn, Chelsea. 1958.

Chapter 3. I A. Bachem & R. Kannan, Lattices and the Basis Reduction Algorithm, Report 84, 6, Mathematisches Institut, Universitiit zu Koln,1984. 2 H.F. Blichfeldt. A new principle in the geometry of numbers. with some applications. Transa~tions Amer. Math. Soc .• 15 (1914).227-35.

References 3 J.W.S. Cassels, An IlIIroduction ro rhe Geomerry of Numbers, 2nd edn, Springer Verlag, Berlin, Heidelberg, New York, 1971. 4 U. Fincke & M. Pohst, Improved methods for calculating vectors of short length in a lallice, including a complexity analysis, Math. Comp., 44 (1985), 463-71. 5 O. Havas & L. Sterling, Integer matrices and abelian groups; p. 431-56 in Symbolic and Algebraic Compurarion. Lecrure Nores in Compurer Science. 72, Springer Verlag, Berlin, Heidelberg, New York, 1979. 6 R. Kannan & A. Bachem, Polynomial algorithms for computing the Smith and Hermite normal forms of an integer matrix, Siam J. Comput., 8 (1979), 499-507. 7 D.E. Knuth, The Art of Computer Programming. vol. 2, sec. edn, AddisonWesley, 1981. 8 S. Lang, Algebra, Addison-Wesley, 1971. 9 CO. Lekkerkerker, Geometry of Numbers, Wolters-Noordhoff Publishing, Oroningen, and North-Holland Publishing Company, Amsterdam, 1969. 10 A.K. Lenstra, H.W. Lenstra, Jr., & L. Lovasz, Factoring polynomials with rational coefficients, Math. Ann., 261 (1982), 515-34. II M. Mignolle, An inequality about factors. of polynomials, Math. Comp., 28 (1974), 1153-7. 12 D.R. Musser, Multivariate polynomial factorization, JACM, 22, no. 2 (1975), 291308. 13 M. Pohst, On computing isomorphisms of equation orders, Math. Compo 48 (1987), 309-14. 14 J. Renus, Gitterreduktionsverfahren mit Anwendungen auf lineare diophalllische Gleichungssysteme, Diplomarbeit, Universitiit Diisseldorf, 1986.

Chapter 4 I O.E. Collins, The calculation of multivariate polynomial resultants, JACM, 18 (1971),515-32. 2 E. Noether, Abstrakter Aufbau der Idealtheorie in algebraischen Zahl - und Funktionenkiirpern, Math. Ann., 96 (1927), 26-61. 3 M. Pohst, On the computation of number fields of small discriminants including the minimum discriminants of sixth degree fields, J. Number Theory, 14 (1982),99-117.

457

4 M. Pohst, P. Weiler & H. Zassenhaus, On effective computation offundamental units II, Math. Comp., 38 (1982),293-329. 5 H. Zassenhaus, On an embedding algorithm of an equation order into its maximal order for algebraic function fields. To appear in Monatshefte fiir Mathemarik.

ChapterS I U. Fincke, Ein Ellipsoidverfahren zur Liisung von Normgleichungen in algebraischen Zahlkiirpern, Thesis, Dusseldorf 1984. 2 K. Mahler, Inequalities for ideal bases in algebraic number fields, J. Austral. Marh. Soc., 4 (1964), 425-47. 3 M. Pohst, Regulatorabschiitzungen fUr total reelle algebraische Zahlkiirper, J. Number Theory, 9 (1977), 459-92. 4 M. Pohst, Eine Regulatorabschiitzung, Abh. Math. Sem. Univ. Hamburg, 47 (1978), 221-31. 5 M. Pohst & H. Zassenhaus, On effective computation of fundamental units I, Marh. Comp., 38 (1982), 275-91. 6 M. Pohst, P. Weiler & H. Zassenhaus, On effective computation offundamental units II, Marh. Comp., 38 (1982), 293-329. 7. R. Remak, Uber die Abschiitzung des absoluten Betrages des Regulators eines algebraischen Zahlkiirpers nach unten, J. Reine Angew. Marh., 167 (1932),360-78. 8 CL. Siegel, The trace of totally positive and real algebraic integers, Annals of Math., 46 (1945),302-12. 9 CL. Siegel, Abschiitzung von Einheiten, Nachr. Akad. Wiss. Gottingen Marh. Phys. KI. (1969), 71-86. 10 B.M. Trager, Algebraic Factoring and Rational Function Integration, Proc. of the 1976 ACM Symposium on Symbolic and Algebraic Compurarion rSYMSAC 76') pp.219-26. II N. Tschebotareff, Die Bestimmung der Dichtigkeit einer Menge von Primzahlen, we1che zu einer gegebenen Substitutionsklasse gehiiren, Marh. Ann., 9S (1926), 191228. 12 H. Zassenhaus, On Hensel Factorization I, J. Number Theory, I (1969), 291-311. 13 H. Zassenhaus, On the units of orders, J. Algebra, 20 (1972), 368-95. 14 R. Zimmert, Ideale kleiner Norm in Idealklassen und eine Regulatorabschiitzung, Invenr. Math., 62 (1981), 367-80.

458

References

Additional references 15 1. Buchmann, On the computation of units and class numbers by a generalization of Lagrange's algorithm, J. Numher Theor'y, 26 (1987), 8-30. 16 J. Buchmann, Generalized continued fractions and number theoretic computations, Bericht Nr. 269 der math.-stat. Sektion in der Forschllll{jsf/esellsc!wjt Joanneum, Graz, 1986. 17 B.N. Delone & D.K. Fadev, The theory of irrationalities of the third degree, Amer. Math. Soc. TrallSl. of Math. Monographs 10, 1964. 18 V. Ennola & R. Turunen, On totally real cubic fields, Math. Comp., 44 (1985), 495519. 19 E.L. Ince, Cycles of reduced ideals in quadratic fields, reissued by Cambridge University Press, London 1968. 20 H.W. Lenstra Jr., On the calculation of class numbers and regulators of quadratic fields, Lond. Math. Soc. Lect. Note Ser. 56 (1982), 123-50. 21 D. Shanks, The infrastructure of real quadratic fields and its applications, Proc.1972 Numh. Th. COIlf., Boulder (1972),217-24. 22 R.P. Steiner, On the units in algebraic number fields, Proc. 6th Manitoha CO'lf., Num. Math. (1976), 415-35.

23 H.C. Williams, Continued fractions and number theoretic computations, Rocky Mountain J. Math., 15 (1985), 621-55. 24 H.G. Zimmer, Computational problems, methods and results in algebraic number theory, Springer Lect. Notes ill Math. 262 (1972).

Chapter 6 I U. Fincke, Ein Ellipsoidverfahren zur Losung von Normgleichungen in algebraischen Zahlkorpern, Thesis, Diisseldorf 1984. 2 U. Fincke & M. Pohst, A procedure for determining algebraic integers of given norm, Proc. Eurosam 83, Sprillger Lecture Notes ill Computer Science 162 (1983), 194-202. 3 K. Mahler, Inequalities for ideal bases in algebraic number fields, J. Austral. Math. Soc., 4 (1964), 425-47. 4 D.A. Marcus, Number Fields, Universitext, Springer Verlag, New York, Heidelberg, Berlin, 1977. 5 M. Pohst & H. Zassenhaus, Ober die Berechnung von Klassenzahlen und Klassengruppen algebraischer Zahlkorper, J. Reine Angew. Math., 361 (1985), 50-72. 6 c.L. Siegel, Ober die Klassenzahl quadratischer Zahlkorper, Acta Arithmetica, 1 (1935), 83-6.

INDEX

Abel, N.H., 38 absolute valuation, 234 active (side condition), 364 aleatoric (construction of finite fields), 73 algebraic equation, I integers, 22, 246 number field, 327 numbers, I ordering, 232 of a group, 235 sum, 42 algebraically decomposed, 36 ordered group, 235 ring, 230 semiring, 232 algorithm, I amalgamation (of R-bases), 305 a-maximal, 304 antisymmetric see skew symmetric a-overorder, 303 archimedian ordered, 249 valuation, 231 arithmetic radical, 292 Artin, E., 87, 97 Artin-Schreier, 104 generators, 106 normal form, 39 theorem of, 79 associate, 20, 24, 330 automorphism, 16 Banach, St., 255 basic parallelotope, 351 symmetric functions, 30, 48, 50

basis, 9 normalized, 237 of a free module, 177 of a subset of a factorial monoid, 24 theorem for finite abelian groups, 285 Bastida, 1. R., 87 Berlekamp's method, 83-5 Bernstein, L., 329 bilinear form, 308 Blichfeldt, H.F., 199 blocks of imprimitivity, 144 Boifgen, R., 455 Bring-Jerrard normal form, 39 Buchmann, J., 329 Cantor, D., 83 Cayley matrix representation, 163 tebotarev see TschebotarefT ceiling, 411 principal, 412 central idempotent, 41 centralizer, 170 characteristic, 225 equation, 34 polynomial, 17, 34, 55 Chevalley's lemma, 241 theorem, 243 Chinese remainder theorem, 45 Cholesky, 188 decomposition, 189 class group, 287 matrix, 414 computation procedure, 421-3 number, 378, 380, 384 semigroup, 289 Collins, G.E., 319, 325, 347 comaximal, 306

460 common divisor, 27 inessential discriminant divisor, 318 multiple, 27 commutative ring, 6 constructively given, 6 companion matrix, 349 comparable, 248 complex quadratic field, 329 conductor, 388 conjugate, 19, 329 connecting R-module, 170 constant polynomial, 10 convex, 212 body theorem of Minkowski, 213 core algorithm, 323, 324 cyclic module, 309 cyclotomic . equation, 157 field, 159 polynomial, 159 units, 160 Dade, E.C., 291, 313 decomposed, 36 Dedekind, R., 221, 253, 273 criterion, 295 domain see ring ring, 221, 253, 265-278 test, 316, 317 decomposition of prime ideals, 390 in quadratic fields, 393, 394 degree of an algebraic number field, 327 of a polynomial, 10 of inertia, 386 theorem, 13 valuation, 248 .5-element, 322 .5-split, 320 .5-uniform, 321 dependent (units), 331 derivation (of a ring), 26,91-3 deterministic methods (for constructing finite fields), 77-80 Deuring, M., 171 dimension (of a lattice), 187 Diophantine analysis, 4 direct sum (of modules), 8 Dirichlet, P.G.L., 273, 377 (Unit) Theorem, 334 discrete valuation, 251 discriminant composition formula, 122 ideal, 121, 292 of an algebraic number field, 329 of a lattice, 187 of a module, 122 of a polynomial, 34,49,61, 62

Index of cyclotomic polynomials, 161 divisible group, 243 divisibility, 20, 23 division ring, 235 with remainder of integers, 2 of polynomials, 10, II divisor cascade, 24 domain of rationality, 29 dual basis, 281, 337 -index rule, 292 Eisenstein, G., 221, 258 extension, 260 polynomial, 258 element = .5-element, 322 elementary changes, 310 divisor, 184 form presentation, 284 ideal,284 normal form, 184 ideals, 282 matrices, 178 equal degree factorization, 81 equivalence, 20, 23 of matrix representations, 165 of permutation representations, 142 equivalent pseudo valuations, 235 Euclidean algorithm, 3, 4 ring, 21 Euler
Index fundamental parallelotope, 187 unit, 328, 334 Galois, E., 29, 38, 40, 69, 219 correspondence, 19, 90 fields, 70 Gauss, CF., 15,20,29,44,46,69,70,71, 172, 173, 384 integer ring, 15-22 period, 20, 172 general linear group, 165, 311 reduction algorithm, 194, 195 generalized pseudo valuation, 235 generator system of invariants, 146 generic argument, 55 element, 52 polynomial, 48, 56 Godwin, H.J., 329 grading, 309 Gras, M.N., 329 greatest common divisor, 3, 27 group general linear, 165, 311 special linear, 166, 311 unimodular, 311 group of an equation, 108 of permutation automorphisms, 32 of the cyclotomic equation, 157, 158 of units, 329 half module, 143 ring, 233 Hamilton-Cayley equation, 22 Hasse diagram, 19 height function, 21 Hensel, K., 221, 325 lemma, 301 Hermite constants, 198 normal form, 179, 311 (column, row) reduction, 179 Hilbert, D., 39, 309 theorem, 79, 90 Holder, 0., 255 holomorph of a group, 133 Huppert, 8., 141 hypercube, 174 ideal class group, 380 elementary, 282 equivalence procedure, 424 fractional, 264, 265 group, 379

461

large, 229 normal presentation of, 400 numbers, 221 presentation, 397 prime elements, 221 idempotents, 40 central,41 orthogonal, 42 primitive, 42 central,43 identity mapping, 16 imprimitive permutation representation, 144 inclusion of normally presented ideals, 403 indecomposable representation, 143 splitting rings, 63-9 independence of valuations, 251 independent units, 331 index, 72 discriminant rule, 292 ideal, 286, 290 multiplicativity, 292 of a lattice, 187 table, 72 infinitely larger, 248 inseparable equation, 35 polynomial, 35, 49 integral basis, 314 of quadratic fields, 317, 318 of cyclotomic fields, 318 integral closure, 245-8 element, 246 integrally closed, 246 intransitive representation, 143 invariant, 16 inverse of a normally presented ideal, 401, 402 invertible R-fractional ideal, 264 involutory mapping, 16 rule, 292 Jacobson radical, 307 Jordan, C, 119, 141 Klein Four Group 'B 4 , 8, 18 Knuth, D.E., 4, 85, 183 Krasner, M., 325 Kronecker criterion, 247 symbol,lO theorem, 157 Krull, W., 274 exponential valuation, 249 p-adic, 268 valuation, 235, 239 ring, 239

462 Kuershak, 221 Kummer, E.E., 220, 253, 273, 377 ex tension, 104 Lagrange, J.L., 97, 104 operator, 97-9 Lambek, 1., 229 Lambek-Ushida quotient ring, 230 Land, R., 296, Landau, E., 287, 367 Lang, S., 6, 7, 8, 10,24,45,87,91 large ideal, 229 Lasker, E., 309 lattice, 187 leading coefficient, 10 least common multiple, 27 left module, 7 regular matrix representation, 163 unital module, 8 Lenstra, H.W.Jr., 329 Lenstra, Lenstra and Lovasz, 177, 200 reduction = LLL reduction, 200-202 Lidl, R., 70, lifting of idem po tents, 115-17 list of cyclotomic polynomials, 344, 345 LLL reduction see Lenstra, Lenstra and Lovasz reduction local domain, 227 ring, 227 localization, 220, 226-9, 303-5 logarithmic space, 360 long division see division with remainder lying (over, under) of ideals, 386 Mahler, K., 338, 379, 410, 411 Miiki, S., 329 main theorem of Galois theory, 87 matrix representation, 164-9, faithful, 165 improper, 168 null,I68 proper, 168 regular, 164 sum of, 168 Matusita, 274 Matzat, B.H., 455 maximal a-, 304 order, 22, 278 purely inseparable extension, 96 subfield, 119 R-order, 278 separable overring, 94 McCauley, 309 McKay, 1. see Soicher, L. minimal basis see integral basis

Index

equation, 17 polynomial, 17 splitting ring, 30 Minkowski, H., 177, 378 bound = constant 384 convex body theorem, 213 mapping, 383 reduction, 191 MLLL reduction 209 Mobius inversion formula, 76 II-function, 76 modified division with remainder see pseudo-division module connecting R-, 170 cyclic, 309 discriminant of, 122 free R-, 9 half, 143 left, 7 left unital, 8 Noetherian, 309 null,7 rank of, 9 relation, 282 representation, 166 row, 282 syzygy, 282 modulo p independent, 394 monic,lO equation, 13 multi modular calculus, 46 multiplicative character of a group, 98 valuation, 231 multiplier = 1fI- multiplier, 239 Newton, I., 257 polygon, 258 relations, 51 Niederreiter, H., 70, 73 nil ideal, 115 nilradical, 115 Noether, E., 171,274,307 Noetherian, 309 non-archimedean pseudo valuation, 231 non-degenerate, 308 norm, 16, 34, 53, 55 of a polynomial, 346 of an ideal, 291, 381 normal basis, 19, 163 extension, 68 presentation of ideals, 400 normal form elementary divisor, 184 of Hermite, 179, 311 of monic quadratic equations over Z, 40 of Smith, 184

Index

normalized basis, 237 element, 322 valuations, 411 null module, 7 number of monic irreducible III-th degree polynomials in 11'.[1], 76, 77 orbit, 143 order, 22, 278 of an algebraic number field, 327 ideal, 285 rank,249 orthogonal (left, right) B-complement, 308 idempotents, 42 Ostrowski, A., 221, 255 overorder see o-overorder overring see R-ring p-adic valuation, 231 p-adic Krull exponential valuation, 268 pairwise reduced, 211 parallelotope basic, 351 fundamental, 187 partial endomorphism, 229 Peacock,6 Peirce decomposition, 40, 41 Pell's equation, 328 perfect, 26, 119 permanence principle, 6 permutation automorphism, 32 matrix, 169 representation, 142 rp-multiplier see multiplier Ill-unit see unit PID see principal ideal domain polynomial characteristic, 17, 34, 55 constant, 10 cyclotomic, 159 degree of a, 10 discriminant of a, 34, 49, 61, 62 Eisenstein, 258 generic, 48, 56 inseparable, 35, 49 minimal,I7 primitive, 86 principal, 55 pseudo Eisenstein, 263 separable, 49 potential list, 70 power sum, 51 p-power characteristic, 117 presentation of gcd, 3 of ideals, 397 prime

element, 21 ring, 48, 57, 78 primitive central idempotent, 43 element, 140, 173-6 extension, 139 idempotent, 42 permutation groups, 141 permutation representation, 144 polynomial, 86 root, 70 root of unity, 344 principal ceiling, 412 equation, 52 ideal domain = PID, 266 ideal procedure, 424 ideal ring, 21 polynomial, 55 product formula for valuations, 235, 411 of normally presented ideals, 401 valuation, 237 proper unimodular matrix, 165 Priifer ring, 284 pseudo division, II Eisenstein polynomial, 263 valuations, 231 purely inseparable element, 117 equation, 118 extension, 95 pure quadratic equation, 34 quadratic supplement, 188 quotient, 2 ring, 7, 222-5 radical element, 98 ramification index of ideals, 386 of valuations, 275 ramified, 386 rank of a lattice, 187 of a module, 9 rational, 254 real quadratic field, 329 reduced discriminant ideal, 292 computation, 296 integer, polynomial, 314 reduction, 191-202 of Lenstra, Lenstra and Lovasz = LLL, 200-202 modified = MLLL, 209 of Minkowski, 191 pairwise, 211 total, 192-5

463

464 of Hermite see Hermite (column, row) reduction regular matrix representation, 164 permutation representation, 144 representation, 55 trace, 280 regulator, 361 relation matrix, 282 module, 282 relative norm, 18 remainder, 2 Remak, R., 362 representation module, 166 space, 167 resultant, 49, 57-61 R-fractional ideal see fractional ideal ring algebraically ordered, 230 commutative, 6 constructively given, 6 Dedekind, 221, 253, 265-78 division, 235 Euclidean, 21 factorial, 21 half,233 Krull valuation, 239 Lambek-Ushida quotient, 230 local,227 of an equation, 13, 14 of Gaussian integers, 15-22 prime, 48, 57, 78 principal ideal, 21 Priifer, 284 quotient, 7, 222-5 R-,9 semilocal, 228 semisimple, 307 simple, 307 splitting, 30 unital,6 universal splitting, 30 valuation, 236 root, 10 estimates, 151, 152 finder, 135 R-order see order row equivalence, 283 module, 282 Ruffini, P., 38 Schreier see Artin-Schreier Schwarz, St., 81 semidirect product, 133 semigroup ring, 167 semilocal ring, 228 semiring, 232

Index semisimple, 307 separability, 92 separable, 35, 49, 93-5 Shanks, D., 329 s-hypercube, 174 Siegel, c.L., 367 simple, 307 Sims, Ch. C., 428 skew symmetric, 308 Smith normal form, 184 Soicher, L. and McKay, 1., 429 solution ring, 14 Sonn, J., 173 specialization, II special linear group, 166, 311 split = c5-split, 320 splitting field,36 ring, 30 sta bilizer, 144 standard basis, 30 generators, 136 Stauduhar, R.P., 429 Steinitz, 287 class, 288 Stender, H.J., 329 Stirling's formula, 37 strong independence of valuations, 251 structural stability, 297-9 Study numbers, 23 sublattice, 187 successive minima, 195 sum of matrix representations, 168 of permutation representations, 142 symmetric, 308 functions, theorem on, 50 polynomials, 48 system of imprimitivity, 144 syzygy module, 282 Taussky, 0., 167,291, 313 torsion element, 22 free, 228 subgroup (of unit group), 330 submodule, 229 total reduction, 192 totally complex algebraic number field, 329 ramified valuation, 260 real algebraic number field, 329 trace, 16, 34, 53, 55 bilinear form, 54 radical, 123 regular, 280 Trager, B., 346 transitive permutation representation, 143 Trinks, W.,

Index equation, 155, 156 trivial permutation representation, 144 TschebotarefT, N. 130,371 density theorem, 130 Tschirnhausen transformation, 38 uniform = (i-uniform, 321 unimodular group, 311 matrices, 165 un!que factorization ring see factorial ring umt group, 329 matrix 1", 178 CPO, 238 unital,6 overring, 10 universal splitting ring, 30 unramified, 386 valuation, 231 absolute, 234 archimedean, 231 degree, 248 discrete, 251 exponential, 248 generalized pseudo-, 235 Krull, 235, 239 exponential, 249 p-adic, 268

module, 236 multiplicative, 231 non archimedean pseudo, 231 normalized,411 p-adic, 231 product, 237 pseudo, 231 ring, 236 Krull,239 totally ramified, 260 valuations independence of, 251 product formula for, 235,411 ramification index of, 275 strong independence of, 251 weak independence of, 276 Vandermonde's determinant, 54 van der Waerden, B.L., 346 criterion, 127-9 Vieta equations, 30 weak independence (of valuations), 276 Weierstrass mapping, 78 Wielandt, H., 141 Williams, H.C., 329 Wilson's theorem, 107 Zassenhaus, H., 83,141,173,291,313 zero, 4, 12 Zimmer!, R., 366

465